bisecting cause commit starting from 5076190daded2197f62fe92cf69674488be44175 building syzkaller on 2c31c529a9a44be5d99e769204b7a4b84b93eec1 testing commit 5076190daded2197f62fe92cf69674488be44175 with gcc (GCC) 8.1.0 kernel signature: 8bda80871d150858f97fdbc069ab3add29c87bf8b5f1816b6e67dc91d51e29ab all runs: crashed: general protection fault in sctp_ulpevent_nofity_peer_addr_change testing release v5.5 testing commit d5226fa6dbae0569ee43ecfc08bdcd6770fc4755 with gcc (GCC) 8.1.0 kernel signature: d606856d7059a8484c004c1b4cffb44f2eae5db156940a5aed581bdb8245cd55 all runs: crashed: general protection fault in sctp_ulpevent_nofity_peer_addr_change testing release v5.4 testing commit 219d54332a09e8d8741c1e1982f5eae56099de85 with gcc (GCC) 8.1.0 kernel signature: 36b3f2ec87705be9c03587a06e1a883bf10d95d69918a9b159d5196b67fd0214 run #0: crashed: kernel BUG at net/sctp/sm_sideeffect.c:LINE! run #1: crashed: kernel BUG at net/sctp/sm_sideeffect.c:LINE! run #2: crashed: kernel BUG at net/sctp/sm_sideeffect.c:LINE! run #3: crashed: kernel BUG at net/sctp/sm_sideeffect.c:LINE! run #4: crashed: kernel BUG at net/sctp/sm_sideeffect.c:LINE! run #5: crashed: kernel BUG at net/sctp/sm_sideeffect.c:LINE! run #6: crashed: kernel BUG at net/sctp/sm_sideeffect.c:LINE! run #7: crashed: KASAN: use-after-free Read in sctp_do_8_2_transport_strike run #8: crashed: KASAN: use-after-free Read in sctp_do_8_2_transport_strike run #9: crashed: KASAN: use-after-free Read in sctp_do_8_2_transport_strike testing release v5.3 testing commit 4d856f72c10ecb060868ed10ff1b1453943fc6c8 with gcc (GCC) 8.1.0 kernel signature: 2bc406171ef6cad345598bcf5628aabf72933c09b258fa147474d06f1544d361 run #0: crashed: KASAN: use-after-free Read in sctp_do_8_2_transport_strike run #1: crashed: KASAN: use-after-free Read in sctp_do_8_2_transport_strike run #2: crashed: KASAN: use-after-free Read in sctp_do_8_2_transport_strike run #3: crashed: kernel BUG at net/sctp/sm_sideeffect.c:LINE! run #4: crashed: KASAN: use-after-free Read in sctp_do_8_2_transport_strike run #5: crashed: KASAN: use-after-free Read in sctp_do_8_2_transport_strike run #6: crashed: KASAN: use-after-free Read in sctp_do_8_2_transport_strike run #7: crashed: KASAN: use-after-free Read in sctp_do_8_2_transport_strike run #8: crashed: KASAN: use-after-free Read in sctp_do_8_2_transport_strike run #9: crashed: KASAN: use-after-free Read in sctp_do_8_2_transport_strike testing release v5.2 testing commit 0ecfebd2b52404ae0c54a878c872bb93363ada36 with gcc (GCC) 8.1.0 kernel signature: 70ed4d7694b2ed943aea7403753d83e76e8db530188c804e2dcd29b2895edaa3 run #0: crashed: kernel BUG at net/sctp/sm_sideeffect.c:LINE! run #1: crashed: kernel BUG at net/sctp/sm_sideeffect.c:LINE! run #2: crashed: kernel BUG at net/sctp/sm_sideeffect.c:LINE! run #3: crashed: KASAN: use-after-free Read in sctp_do_8_2_transport_strike run #4: crashed: KASAN: use-after-free Read in sctp_do_8_2_transport_strike run #5: crashed: KASAN: use-after-free Read in sctp_do_8_2_transport_strike run #6: crashed: KASAN: use-after-free Read in sctp_do_8_2_transport_strike run #7: crashed: KASAN: use-after-free Read in sctp_do_8_2_transport_strike run #8: crashed: KASAN: use-after-free Read in sctp_do_8_2_transport_strike run #9: crashed: KASAN: use-after-free Read in sctp_do_8_2_transport_strike testing release v5.1 testing commit e93c9c99a629c61837d5a7fc2120cd2b6c70dbdd with gcc (GCC) 8.1.0 kernel signature: 3d043d58877e520cfca2bc2886685cc4692f6e59c57693426c547c8e3d775baa run #0: crashed: kernel BUG at net/sctp/sm_sideeffect.c:LINE! run #1: crashed: kernel BUG at net/sctp/sm_sideeffect.c:LINE! run #2: crashed: KASAN: use-after-free Read in sctp_do_8_2_transport_strike run #3: crashed: KASAN: use-after-free Read in sctp_do_8_2_transport_strike run #4: crashed: kernel BUG at net/sctp/sm_sideeffect.c:LINE! run #5: crashed: kernel BUG at net/sctp/sm_sideeffect.c:LINE! run #6: crashed: kernel BUG at net/sctp/sm_sideeffect.c:LINE! run #7: crashed: KASAN: use-after-free Read in sctp_do_8_2_transport_strike run #8: crashed: KASAN: use-after-free Read in sctp_do_8_2_transport_strike run #9: crashed: KASAN: use-after-free Read in sctp_do_8_2_transport_strike testing release v5.0 testing commit 1c163f4c7b3f621efff9b28a47abb36f7378d783 with gcc (GCC) 8.1.0 kernel signature: 0c706f20c83a171fb89e58a11b0a94b00fedb210fc75bbb8e7243cbdee9ac04e run #0: crashed: kernel BUG at net/sctp/sm_sideeffect.c:LINE! run #1: crashed: kernel BUG at net/sctp/sm_sideeffect.c:LINE! run #2: crashed: kernel BUG at net/sctp/sm_sideeffect.c:LINE! run #3: crashed: kernel BUG at net/sctp/sm_sideeffect.c:LINE! run #4: crashed: kernel BUG at net/sctp/sm_sideeffect.c:LINE! run #5: crashed: kernel BUG at net/sctp/sm_sideeffect.c:LINE! run #6: crashed: kernel BUG at net/sctp/sm_sideeffect.c:LINE! run #7: crashed: kernel BUG at net/sctp/sm_sideeffect.c:LINE! run #8: crashed: BUG: unable to handle kernel paging request in call_timer_fn run #9: OK testing release v4.20 testing commit 8fe28cb58bcb235034b64cbbb7550a8a43fd88be with gcc (GCC) 8.1.0 kernel signature: cd0feb8955c91e777973cccd7930b7fdb00e19ffcec87b309ba4000616f4a86c all runs: OK # git bisect start 1c163f4c7b3f621efff9b28a47abb36f7378d783 8fe28cb58bcb235034b64cbbb7550a8a43fd88be Bisecting: 7011 revisions left to test after this (roughly 13 steps) [af7ddd8a627c62a835524b3f5b471edbbbcce025] Merge tag 'dma-mapping-4.21' of git://git.infradead.org/users/hch/dma-mapping testing commit af7ddd8a627c62a835524b3f5b471edbbbcce025 with gcc (GCC) 8.1.0 kernel signature: c8927497ccecd75f7552d798c0fa2c483d698828d0a0e0e800961a4161ea78d3 all runs: OK # git bisect good af7ddd8a627c62a835524b3f5b471edbbbcce025 Bisecting: 3532 revisions left to test after this (roughly 12 steps) [c9bef4a651769927445900564781a9c99fdf6258] Merge tag 'pinctrl-v4.21-1' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl testing commit c9bef4a651769927445900564781a9c99fdf6258 with gcc (GCC) 8.1.0 kernel signature: e2f21e9a4a9e99ffe4042232a2ff0605d496638cc724801c908baae4ae824d3a all runs: OK # git bisect good c9bef4a651769927445900564781a9c99fdf6258 Bisecting: 1768 revisions left to test after this (roughly 11 steps) [4d5f6e0201bc568c0758ed3f77a06648ec9fd482] Merge tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi testing commit 4d5f6e0201bc568c0758ed3f77a06648ec9fd482 with gcc (GCC) 8.1.0 kernel signature: 3d8b3fd05d7e273bff6ceeb6131ef360eac941f0f43b68eb7720d531b9273a8d run #0: crashed: general protection fault in batadv_iv_ogm_queue_add run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect bad 4d5f6e0201bc568c0758ed3f77a06648ec9fd482 Bisecting: 881 revisions left to test after this (roughly 10 steps) [786ac51a48465da56f333652ec1d8b215bb272fe] kbuild: remove UIMAGE_IN and UIMAGE_OUT testing commit 786ac51a48465da56f333652ec1d8b215bb272fe with gcc (GCC) 8.1.0 kernel signature: a65c4216e9abe0ad664f5e081785862748847743cace4a04aff5f33eea355a6f all runs: OK # git bisect good 786ac51a48465da56f333652ec1d8b215bb272fe Bisecting: 439 revisions left to test after this (roughly 9 steps) [c3405d689974555532c12a4f3a5e72dedc660c0b] Merge tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux testing commit c3405d689974555532c12a4f3a5e72dedc660c0b with gcc (GCC) 8.1.0 kernel signature: 864df99f1940f25b0dc2723a490de721311a0d0097dd26b3332a623eb6a95bb6 run #0: crashed: general protection fault in batadv_iv_ogm_queue_add run #1: crashed: general protection fault in batadv_iv_ogm_queue_add run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect bad c3405d689974555532c12a4f3a5e72dedc660c0b Bisecting: 222 revisions left to test after this (roughly 8 steps) [12133258d7fe309b42a35677549c606b15a0822d] Merge tag 'tag-chrome-platform-for-v4.21' of git://git.kernel.org/pub/scm/linux/kernel/git/bleung/chrome-platform testing commit 12133258d7fe309b42a35677549c606b15a0822d with gcc (GCC) 8.1.0 kernel signature: 0e178844291658f3f2ea13cb508359d7815f99e5f35508c9d262e0f43c09baf7 run #0: crashed: general protection fault in batadv_iv_ogm_queue_add run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect bad 12133258d7fe309b42a35677549c606b15a0822d Bisecting: 109 revisions left to test after this (roughly 7 steps) [7671c14e6aca7a816a29a85eba47d9bccb7d23ae] Merge branch 'i2c/for-5.0' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux testing commit 7671c14e6aca7a816a29a85eba47d9bccb7d23ae with gcc (GCC) 8.1.0 kernel signature: f26dcebd07f442c6f90416593f7317278d27b991a36bfd4972ccffb242b780a0 all runs: OK # git bisect good 7671c14e6aca7a816a29a85eba47d9bccb7d23ae Bisecting: 55 revisions left to test after this (roughly 6 steps) [74136a3d47f51ae72ee8b9ebc1ec2a29bcf30676] Merge branch 'drm-next-4.21' of git://people.freedesktop.org/~agd5f/linux into drm-next testing commit 74136a3d47f51ae72ee8b9ebc1ec2a29bcf30676 with gcc (GCC) 8.1.0 kernel signature: ef80c648ba284169d836fb373010db5478db15958e323e6d126db6c83f9be731 all runs: OK # git bisect good 74136a3d47f51ae72ee8b9ebc1ec2a29bcf30676 Bisecting: 28 revisions left to test after this (roughly 5 steps) [0fe4e2d5cd931ad2ff99d61cfdd5c6dc0c3ec60b] Merge tag 'drm-next-2019-01-05' of git://anongit.freedesktop.org/drm/drm testing commit 0fe4e2d5cd931ad2ff99d61cfdd5c6dc0c3ec60b with gcc (GCC) 8.1.0 kernel signature: 2fe4cf9f930335abd2bfb74e612d441aa46fbdebe1ba67494ff09b0e273d481d run #0: crashed: general protection fault in batadv_iv_ogm_queue_add run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect bad 0fe4e2d5cd931ad2ff99d61cfdd5c6dc0c3ec60b Bisecting: 13 revisions left to test after this (roughly 4 steps) [e9462fffddad94ee4cb50f6000989133bd15fb96] fbdev: Remove depends on HAS_DMA in case of platform dependency testing commit e9462fffddad94ee4cb50f6000989133bd15fb96 with gcc (GCC) 8.1.0 kernel signature: f536f96334a01a33bed88e004f8549cbd20dd985d4c46588e19a8a50aea9e2c9 run #0: crashed: general protection fault in batadv_iv_ogm_queue_add run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect bad e9462fffddad94ee4cb50f6000989133bd15fb96 Bisecting: 6 revisions left to test after this (roughly 3 steps) [2607391882fca37463187e7f2a9c76dec286947e] video: fbdev: pxafb: Fix "WARNING: invalid free of devm_ allocated data" testing commit 2607391882fca37463187e7f2a9c76dec286947e with gcc (GCC) 8.1.0 kernel signature: 51de8aeb6db336df81e27ae3815b20a4eae0f1695d3b755869d263f5f02031ce all runs: OK # git bisect good 2607391882fca37463187e7f2a9c76dec286947e Bisecting: 3 revisions left to test after this (roughly 2 steps) [e0f5628bf2c163a815bb728fa7899e8dc0a4a82c] fbdev: uvesafb: fix spelling mistake "memoery" -> "memory" testing commit e0f5628bf2c163a815bb728fa7899e8dc0a4a82c with gcc (GCC) 8.1.0 kernel signature: 1bcd2fe3e7587c33e257e4bbff4898637f5b5ae9c971e7369151d74fdf2ad0fb all runs: OK # git bisect good e0f5628bf2c163a815bb728fa7899e8dc0a4a82c Bisecting: 1 revision left to test after this (roughly 1 step) [5c29085a724fb8b84bb492a6e2645e28d9bc3dae] fbdev: fsl-diu: remove redundant null check on cmap testing commit 5c29085a724fb8b84bb492a6e2645e28d9bc3dae with gcc (GCC) 8.1.0 kernel signature: 85b45c41854008f45ed028714383da874c2dc3129ff7038e22f6bdc7902ae78e all runs: OK # git bisect good 5c29085a724fb8b84bb492a6e2645e28d9bc3dae Bisecting: 0 revisions left to test after this (roughly 0 steps) [da2648390ce3d409218b6bbbf2386d8ddeec2265] pxa168fb: trivial typo fix testing commit da2648390ce3d409218b6bbbf2386d8ddeec2265 with gcc (GCC) 8.1.0 kernel signature: 34d5c0559cd12adadedaa932818d62778c3305c2e91123babcd08a8310937b06 run #0: crashed: general protection fault in batadv_iv_ogm_queue_add run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect bad da2648390ce3d409218b6bbbf2386d8ddeec2265 da2648390ce3d409218b6bbbf2386d8ddeec2265 is the first bad commit commit da2648390ce3d409218b6bbbf2386d8ddeec2265 Author: Lubomir Rintel Date: Thu Dec 20 19:13:09 2018 +0100 pxa168fb: trivial typo fix A missing space in an error message. Signed-off-by: Lubomir Rintel Cc: Jiri Kosina Signed-off-by: Bartlomiej Zolnierkiewicz drivers/video/fbdev/pxa168fb.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) culprit signature: 34d5c0559cd12adadedaa932818d62778c3305c2e91123babcd08a8310937b06 parent signature: 85b45c41854008f45ed028714383da874c2dc3129ff7038e22f6bdc7902ae78e revisions tested: 22, total time: 6h26m46.22689616s (build: 2h22m58.550423296s, test: 4h1m41.958185223s) first bad commit: da2648390ce3d409218b6bbbf2386d8ddeec2265 pxa168fb: trivial typo fix cc: ["b.zolnierkie@samsung.com" "dri-devel@lists.freedesktop.org" "linux-fbdev@vger.kernel.org" "linux-kernel@vger.kernel.org" "lkundrak@v3.sk"] crash: general protection fault in batadv_iv_ogm_queue_add batman_adv: batadv0: Removing interface: batadv_slave_0 batman_adv: batadv0: Interface deactivated: batadv_slave_1 batman_adv: batadv0: Removing interface: batadv_slave_1 kasan: CONFIG_KASAN_INLINE enabled kasan: GPF could be caused by NULL-ptr deref or user memory access general protection fault: 0000 [#1] PREEMPT SMP KASAN CPU: 0 PID: 731 Comm: kworker/u4:7 Not tainted 4.20.0-rc7-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: bat_events batadv_iv_send_outstanding_bat_ogm_packet RIP: 0010:batadv_iv_ogm_queue_add+0x9b/0xf30 net/batman-adv/bat_iv_ogm.c:612 Code: 44 89 8d 64 ff ff ff c7 02 f1 f1 f1 f1 c7 42 04 04 f2 f2 f2 48 89 fa 65 48 8b 0c 25 28 00 00 00 48 89 4d d0 31 c9 48 c1 ea 03 <0f> b6 04 02 48 89 fa 83 e2 07 38 d0 7f 08 84 c0 0f 85 3f 0c 00 00 RSP: 0018:ffff8880a803fab0 EFLAGS: 00010246 RAX: dffffc0000000000 RBX: ffff88809640d880 RCX: 0000000000000000 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 RBP: ffff8880a803fbd0 R08: ffff888094dda5c0 R09: 0000000000000001 R10: ffffed1015007f8f R11: 0000000000000003 R12: 0000000000000007 R13: ffff888094dda5e8 R14: ffff888094dda5c0 R15: 000000000000003c FS: 0000000000000000(0000) GS:ffff8880aea00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: ffffffffff600400 CR3: 000000009fc51000 CR4: 00000000001406f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: batadv_iv_ogm_schedule+0xb60/0xe90 net/batman-adv/bat_iv_ogm.c:820 batadv_iv_send_outstanding_bat_ogm_packet+0x4a2/0x7a0 net/batman-adv/bat_iv_ogm.c:1682 process_one_work+0x830/0x1670 kernel/workqueue.c:2153 worker_thread+0x85/0xb60 kernel/workqueue.c:2296 kthread+0x324/0x3e0 kernel/kthread.c:246 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:352 Modules linked in: ---[ end trace e0f61f8b7f93bb5e ]--- RIP: 0010:batadv_iv_ogm_queue_add+0x9b/0xf30 net/batman-adv/bat_iv_ogm.c:612 Code: 44 89 8d 64 ff ff ff c7 02 f1 f1 f1 f1 c7 42 04 04 f2 f2 f2 48 89 fa 65 48 8b 0c 25 28 00 00 00 48 89 4d d0 31 c9 48 c1 ea 03 <0f> b6 04 02 48 89 fa 83 e2 07 38 d0 7f 08 84 c0 0f 85 3f 0c 00 00 RSP: 0018:ffff8880a803fab0 EFLAGS: 00010246 RAX: dffffc0000000000 RBX: ffff88809640d880 RCX: 0000000000000000 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 RBP: ffff8880a803fbd0 R08: ffff888094dda5c0 R09: 0000000000000001 R10: ffffed1015007f8f R11: 0000000000000003 R12: 0000000000000007 R13: ffff888094dda5e8 R14: ffff888094dda5c0 R15: 000000000000003c FS: 0000000000000000(0000) GS:ffff8880aea00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: ffffffffff600400 CR3: 000000009fc51000 CR4: 00000000001406f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400