bisecting cause commit starting from ebc551f2b8f905eca0e25c476c1e5c098cd92103 building syzkaller on 2881fc25a8b874becd6b5c31668ebaeb7c6e9646 testing commit ebc551f2b8f905eca0e25c476c1e5c098cd92103 with gcc (GCC) 8.1.0 all runs: crashed: general protection fault in ebitmap_destroy testing release v5.0 testing commit 1c163f4c7b3f621efff9b28a47abb36f7378d783 with gcc (GCC) 8.1.0 all runs: OK # git bisect start ebc551f2b8f905eca0e25c476c1e5c098cd92103 v5.0 Bisecting: 5548 revisions left to test after this (roughly 13 steps) [da2577fe63f865cd9dc785a42c29c0071f567a35] Merge tag 'sound-5.1-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound testing commit da2577fe63f865cd9dc785a42c29c0071f567a35 with gcc (GCC) 8.1.0 all runs: OK # git bisect good da2577fe63f865cd9dc785a42c29c0071f567a35 Bisecting: 2775 revisions left to test after this (roughly 12 steps) [b7af27bf9471f5d54d71dc2e4228d6bc065bdb57] Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/livepatching/livepatching testing commit b7af27bf9471f5d54d71dc2e4228d6bc065bdb57 with gcc (GCC) 8.1.0 all runs: OK # git bisect good b7af27bf9471f5d54d71dc2e4228d6bc065bdb57 Bisecting: 1242 revisions left to test after this (roughly 11 steps) [a50243b1ddcdd766d0d17fbfeeb1a22e62fdc461] Merge tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma testing commit a50243b1ddcdd766d0d17fbfeeb1a22e62fdc461 with gcc (GCC) 8.1.0 all runs: OK # git bisect good a50243b1ddcdd766d0d17fbfeeb1a22e62fdc461 Bisecting: 604 revisions left to test after this (roughly 9 steps) [ffd602eb4693bbb49b301fa059b109bbdebf9524] Merge tag 'kbuild-v5.1' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild testing commit ffd602eb4693bbb49b301fa059b109bbdebf9524 with gcc (GCC) 8.1.0 all runs: OK # git bisect good ffd602eb4693bbb49b301fa059b109bbdebf9524 Bisecting: 305 revisions left to test after this (roughly 8 steps) [004cc08675b761fd82288bab1b5ba5e1ca746eca] Merge branch 'x86-tsx-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip testing commit 004cc08675b761fd82288bab1b5ba5e1ca746eca with gcc (GCC) 8.1.0 all runs: OK # git bisect good 004cc08675b761fd82288bab1b5ba5e1ca746eca Bisecting: 164 revisions left to test after this (roughly 7 steps) [f88c5942cfaf7d55e46d395136cccaca65b2e3bf] Merge tag 'ovl-update-5.1' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/vfs testing commit f88c5942cfaf7d55e46d395136cccaca65b2e3bf with gcc (GCC) 8.1.0 all runs: crashed: general protection fault in ebitmap_destroy # git bisect bad f88c5942cfaf7d55e46d395136cccaca65b2e3bf Bisecting: 70 revisions left to test after this (roughly 6 steps) [dbc2fba3fc46084f502aec53183995a632998dcd] Merge branch 'work.iov_iter' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs testing commit dbc2fba3fc46084f502aec53183995a632998dcd with gcc (GCC) 8.1.0 all runs: crashed: general protection fault in ebitmap_destroy # git bisect bad dbc2fba3fc46084f502aec53183995a632998dcd Bisecting: 34 revisions left to test after this (roughly 5 steps) [ba20ba2e3743bac786dff777954c11930256075e] generic radix trees testing commit ba20ba2e3743bac786dff777954c11930256075e with gcc (GCC) 8.1.0 all runs: crashed: general protection fault in ebitmap_destroy # git bisect bad ba20ba2e3743bac786dff777954c11930256075e Bisecting: 17 revisions left to test after this (roughly 4 steps) [c366ea89fa40f244d1210e74485fce110835b71b] memblock: make memblock_find_in_range_node() and choose_memblock_flags() static testing commit c366ea89fa40f244d1210e74485fce110835b71b with gcc (GCC) 8.1.0 all runs: OK # git bisect good c366ea89fa40f244d1210e74485fce110835b71b Bisecting: 8 revisions left to test after this (roughly 3 steps) [c0dbe825a9f11d68725b01b9ed311f7c44ca9166] memblock: memblock_alloc_try_nid: don't panic testing commit c0dbe825a9f11d68725b01b9ed311f7c44ca9166 with gcc (GCC) 8.1.0 all runs: OK # git bisect good c0dbe825a9f11d68725b01b9ed311f7c44ca9166 Bisecting: 4 revisions left to test after this (roughly 2 steps) [a2974133b7e0a31c71fabe86aad42a61db4f01ed] mm: memblock: update comments and kernel-doc testing commit a2974133b7e0a31c71fabe86aad42a61db4f01ed with gcc (GCC) 8.1.0 all runs: OK # git bisect good a2974133b7e0a31c71fabe86aad42a61db4f01ed Bisecting: 2 revisions left to test after this (roughly 1 step) [ee9c5e67557f9663b27946ba1d3813fb1924b1fe] openvswitch: convert to kvmalloc testing commit ee9c5e67557f9663b27946ba1d3813fb1924b1fe with gcc (GCC) 8.1.0 all runs: OK # git bisect good ee9c5e67557f9663b27946ba1d3813fb1924b1fe Bisecting: 0 revisions left to test after this (roughly 1 step) [acdf52d97f824019888422842757013b37441dd1] selinux: convert to kvmalloc testing commit acdf52d97f824019888422842757013b37441dd1 with gcc (GCC) 8.1.0 all runs: crashed: general protection fault in ebitmap_destroy # git bisect bad acdf52d97f824019888422842757013b37441dd1 Bisecting: 0 revisions left to test after this (roughly 0 steps) [b330e6a49dc3e9145de5c986b29bbbb884351e92] md: convert to kvmalloc testing commit b330e6a49dc3e9145de5c986b29bbbb884351e92 with gcc (GCC) 8.1.0 all runs: OK # git bisect good b330e6a49dc3e9145de5c986b29bbbb884351e92 acdf52d97f824019888422842757013b37441dd1 is the first bad commit commit acdf52d97f824019888422842757013b37441dd1 Author: Kent Overstreet Date: Mon Mar 11 23:31:10 2019 -0700 selinux: convert to kvmalloc The flex arrays were being used for constant sized arrays, so there's no benefit to using flex_arrays over something simpler. Link: http://lkml.kernel.org/r/20181217131929.11727-4-kent.overstreet@gmail.com Signed-off-by: Kent Overstreet Cc: Paul Moore Cc: Stephen Smalley Cc: Eric Paris Cc: Alexey Dobriyan Cc: Al Viro Cc: Dave Hansen Cc: Marcelo Ricardo Leitner Cc: Matthew Wilcox Cc: Neil Horman Cc: Pravin B Shelar Cc: Shaohua Li Cc: Vlad Yasevich Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds :040000 040000 44d5bb5248a02a6ee2fcda6d7603fb6774a083fd a08f372ec10ff632dfabac732c197a31c180c62f M security revisions tested: 16, total time: 3h11m58.963025433s (build: 1h12m2.55070971s, test: 1h56m44.061580165s) first bad commit: acdf52d97f824019888422842757013b37441dd1 selinux: convert to kvmalloc cc: ["adobriyan@gmail.com" "akpm@linux-foundation.org" "dave.hansen@intel.com" "eparis@parisplace.org" "kent.overstreet@gmail.com" "marcelo.leitner@gmail.com" "nhorman@tuxdriver.com" "paul@paul-moore.com" "pshelar@ovn.org" "sds@tycho.nsa.gov" "shli@kernel.org" "torvalds@linux-foundation.org" "viro@zeniv.linux.org.uk" "vyasevich@gmail.com" "willy@infradead.org"] crash: general protection fault in ebitmap_destroy kasan: CONFIG_KASAN_INLINE enabled kasan: GPF could be caused by NULL-ptr deref or user memory access general protection fault: 0000 [#1] PREEMPT SMP KASAN CPU: 1 PID: 8385 Comm: syz-executor.5 Not tainted 5.0.0+ #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1 04/01/2014 RIP: 0010:ebitmap_destroy+0x32/0x110 security/selinux/ss/ebitmap.c:334 Code: fe 41 55 41 54 53 e8 3d b2 81 fe 4d 85 f6 0f 84 ad 00 00 00 e8 2f b2 81 fe 4c 89 f2 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <80> 3c 02 00 0f 85 af 00 00 00 49 8b 1e 48 85 db 74 39 49 bd 00 00 RSP: 0018:ffff88806d6df848 EFLAGS: 00010202 RAX: dffffc0000000000 RBX: ffff88807b4eefa8 RCX: ffffffff82f00b90 RDX: 0000000000000002 RSI: ffffffff82eec151 RDI: 0000000000000010 RBP: ffff88806d6df868 R08: ffff88807d86a000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000002 R13: ffffed100f69ddfd R14: 0000000000000010 R15: 0000000000000401 FS: 00007f5ae3797700(0000) GS:ffff88807ea00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000000000071c061 CR3: 0000000025c72000 CR4: 00000000007406e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 PKRU: 55555554 Call Trace: policydb_destroy+0x660/0x850 security/selinux/ss/policydb.c:832 policydb_read+0xead/0x5140 security/selinux/ss/policydb.c:2522 security_load_policy+0x235/0x1150 security/selinux/ss/services.c:2147 sel_write_load+0x24d/0x460 security/selinux/selinuxfs.c:565 __vfs_write+0x8d/0x110 fs/read_write.c:485 vfs_write+0x1fc/0x580 fs/read_write.c:549 ksys_write+0xe6/0x1f0 fs/read_write.c:598 __do_sys_write fs/read_write.c:610 [inline] __se_sys_write fs/read_write.c:607 [inline] __x64_sys_write+0x73/0xb0 fs/read_write.c:607 do_syscall_64+0x103/0x600 arch/x86/entry/common.c:290 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x457799 Code: 8d b5 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 5b b5 fb ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007f5ae3796c88 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 000000000071bf00 RCX: 0000000000457799 RDX: 0000000000000050 RSI: 0000000020000180 RDI: 0000000000000003 RBP: 0000000000000003 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff R13: 00000000006f0cc0 R14: 00000000004ae662 R15: 00007f5ae37976d4 Modules linked in: ---[ end trace cde97cef941fb360 ]--- RIP: 0010:ebitmap_destroy+0x32/0x110 security/selinux/ss/ebitmap.c:334 Code: fe 41 55 41 54 53 e8 3d b2 81 fe 4d 85 f6 0f 84 ad 00 00 00 e8 2f b2 81 fe 4c 89 f2 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <80> 3c 02 00 0f 85 af 00 00 00 49 8b 1e 48 85 db 74 39 49 bd 00 00 RSP: 0018:ffff88806d6df848 EFLAGS: 00010202 RAX: dffffc0000000000 RBX: ffff88807b4eefa8 RCX: ffffffff82f00b90 RDX: 0000000000000002 RSI: ffffffff82eec151 RDI: 0000000000000010 RBP: ffff88806d6df868 R08: ffff88807d86a000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000002 R13: ffffed100f69ddfd R14: 0000000000000010 R15: 0000000000000401 FS: 00007f5ae3797700(0000) GS:ffff88807ea00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000000000071c061 CR3: 0000000025c72000 CR4: 00000000007406e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 PKRU: 55555554