bisecting cause commit starting from 14240d4c5b25d087529691ccf4d7ea256f26cfdf building syzkaller on ba24ffcde7219e5374bb0b093368a58009c85d1d testing commit 14240d4c5b25d087529691ccf4d7ea256f26cfdf with gcc (GCC) 8.1.0 kernel signature: fd174baf6b0ef249ae887a2cc1c161a5569486d8b211c355bd04b4d306ca3072 all runs: crashed: UBSAN: shift-out-of-bounds in xprt_calc_majortimeo testing release v5.9 testing commit bbf5c979011a099af5dc76498918ed7df445635b with gcc (GCC) 8.1.0 kernel signature: 48a44b356059ba46606be11d05f4af2fd4977ae6064a111f191a24ab366037c1 all runs: crashed: UBSAN: shift-out-of-bounds in xprt_calc_majortimeo testing release v5.8 testing commit bcf876870b95592b52519ed4aafcf9d95999bc9c with gcc (GCC) 8.1.0 kernel signature: 22aa95b7e7e6aea83bcbde6ee96bb510036c390ecb1edc1d673d8134021fdfef run #0: crashed: UBSAN: shift-out-of-bounds in xprt_calc_majortimeo run #1: crashed: UBSAN: shift-out-of-bounds in xprt_calc_majortimeo run #2: crashed: UBSAN: shift-out-of-bounds in xprt_calc_majortimeo run #3: crashed: UBSAN: shift-out-of-bounds in xprt_calc_majortimeo run #4: crashed: UBSAN: shift-out-of-bounds in xprt_calc_majortimeo run #5: crashed: UBSAN: shift-out-of-bounds in xprt_calc_majortimeo run #6: crashed: UBSAN: shift-out-of-bounds in xprt_calc_majortimeo run #7: crashed: UBSAN: shift-out-of-bounds in xprt_calc_majortimeo run #8: crashed: UBSAN: shift-out-of-bounds in xprt_calc_majortimeo run #9: boot failed: can't ssh into the instance testing release v5.7 testing commit 3d77e6a8804abcc0504c904bd6e5cdf3a5cf8162 with gcc (GCC) 8.1.0 kernel signature: f5d9faac2087b090050e744a65f37f315c08f987da9cd1b89f915d62396835a7 all runs: crashed: UBSAN: shift-out-of-bounds in xprt_calc_majortimeo testing release v5.6 testing commit 7111951b8d4973bda27ff663f2cf18b663d15b48 with gcc (GCC) 8.1.0 kernel signature: c44a15efe9f4dddfd3265e3ee72039e8fedc8e1a971752bf1b7899bdd24b69bf all runs: crashed: UBSAN: undefined-behaviour in xprt_calc_majortimeo testing release v5.5 testing commit d5226fa6dbae0569ee43ecfc08bdcd6770fc4755 with gcc (GCC) 8.1.0 kernel signature: 0965e741efe2c9a43f96ed4ce7756181094148b594e50125c1ef55585450eb5a all runs: crashed: UBSAN: undefined-behaviour in xprt_calc_majortimeo testing release v5.4 testing commit 219d54332a09e8d8741c1e1982f5eae56099de85 with gcc (GCC) 8.1.0 kernel signature: dc0e86cd1e84b0f0c4d2d664ac1a48c712bc8a201fcae8c2993a60e9b2ae998d all runs: crashed: UBSAN: undefined-behaviour in xprt_calc_majortimeo testing release v5.3 testing commit 4d856f72c10ecb060868ed10ff1b1453943fc6c8 with gcc (GCC) 8.1.0 kernel signature: b037b1dd21cfbbefec3369d9afc20b2628ba8eb7e83fdf09374888aacb7ba29f all runs: crashed: UBSAN: undefined-behaviour in xprt_calc_majortimeo testing release v5.2 testing commit 0ecfebd2b52404ae0c54a878c872bb93363ada36 with gcc (GCC) 8.1.0 kernel signature: 93349bcc046589cc66751b3d8ad6ba9fb4ca2c06a1b85b534c498825df415deb all runs: OK # git bisect start 4d856f72c10ecb060868ed10ff1b1453943fc6c8 0ecfebd2b52404ae0c54a878c872bb93363ada36 Bisecting: 7848 revisions left to test after this (roughly 13 steps) [43c95d3694cc448fdf50bd53b7ff3a5bb4655883] Merge tag 'pinctrl-v5.3-1' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl testing commit 43c95d3694cc448fdf50bd53b7ff3a5bb4655883 with gcc (GCC) 8.1.0 kernel signature: 4b747527b370f278b80d519a08704a1fc4ac66ba20bd6b27f495df0b418aff47 all runs: OK # git bisect good 43c95d3694cc448fdf50bd53b7ff3a5bb4655883 Bisecting: 3922 revisions left to test after this (roughly 12 steps) [0e2a5b5bd9a6aaec85df347dd71432a1d2d10763] Merge branch 'parisc-5.3-2' of git://git.kernel.org/pub/scm/linux/kernel/git/deller/parisc-linux testing commit 0e2a5b5bd9a6aaec85df347dd71432a1d2d10763 with gcc (GCC) 8.1.0 kernel signature: 06dcfd250fb274a9fe2fb07378c6eb8a4e95f2d219b45ef696d8b7c7d9a2cb11 all runs: OK # git bisect good 0e2a5b5bd9a6aaec85df347dd71432a1d2d10763 Bisecting: 1961 revisions left to test after this (roughly 11 steps) [12a6d2940b5f02b4b9f71ce098e3bb02bc24a9ea] perf record: Fix module size on s390 testing commit 12a6d2940b5f02b4b9f71ce098e3bb02bc24a9ea with gcc (GCC) 8.1.0 kernel signature: c4a5150bcf96ab1856acb6f19de3303af1db0fe4daaec11fc4c37746faa28403 all runs: OK # git bisect good 12a6d2940b5f02b4b9f71ce098e3bb02bc24a9ea Bisecting: 984 revisions left to test after this (roughly 10 steps) [85d8d3b172eb37b23dcdbe9fa7a85e343642bfea] Merge tag 'hyperv-fixes-signed' of git://git.kernel.org/pub/scm/linux/kernel/git/hyperv/linux testing commit 85d8d3b172eb37b23dcdbe9fa7a85e343642bfea with gcc (GCC) 8.1.0 kernel signature: a6aaaa64abec79bd8cddb84ef667b4c604e7f718b70c2b19fcd42d00f5b29a58 all runs: OK # git bisect good 85d8d3b172eb37b23dcdbe9fa7a85e343642bfea Bisecting: 496 revisions left to test after this (roughly 9 steps) [6525771f58cbc6ab97b5cff9069865cde8283346] Merge tag 'arc-5.3-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/vgupta/arc testing commit 6525771f58cbc6ab97b5cff9069865cde8283346 with gcc (GCC) 8.1.0 kernel signature: 9a462afe28ae01e0cddc669c0d79ba61e80d3dbeb517e7d823252aadfad2fef2 all runs: OK # git bisect good 6525771f58cbc6ab97b5cff9069865cde8283346 Bisecting: 251 revisions left to test after this (roughly 8 steps) [345464fb760d1b772e891538b498e111c588b692] Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net testing commit 345464fb760d1b772e891538b498e111c588b692 with gcc (GCC) 8.1.0 kernel signature: e54ea1d71c5d55336ccad843207187169acce277788afbdc38229b71e384ba35 all runs: OK # git bisect good 345464fb760d1b772e891538b498e111c588b692 Bisecting: 126 revisions left to test after this (roughly 7 steps) [840ce8f8073edb3ff3d2c2c7a6ef211f4176961c] Merge tag 'pinctrl-v5.3-3' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl testing commit 840ce8f8073edb3ff3d2c2c7a6ef211f4176961c with gcc (GCC) 8.1.0 kernel signature: 5176e552b56fc412de9aa6c7155bf64a72b4806cac3eaf5889f6a125f58500a0 all runs: OK # git bisect good 840ce8f8073edb3ff3d2c2c7a6ef211f4176961c Bisecting: 63 revisions left to test after this (roughly 6 steps) [c3dc1fa72249e4472b90ecef4dbafe25f0f07889] net: hns3: fix spelling mistake "undeflow" -> "underflow" testing commit c3dc1fa72249e4472b90ecef4dbafe25f0f07889 with gcc (GCC) 8.1.0 kernel signature: acca8820b52287eb6ab136b96f7357935c3b111e8ffa59d181bcfd8d7f63d811 all runs: OK # git bisect good c3dc1fa72249e4472b90ecef4dbafe25f0f07889 Bisecting: 30 revisions left to test after this (roughly 5 steps) [1c4c5e2528af0c803fb1171632074f4070229a75] Merge tag 'mmc-v5.3-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmc testing commit 1c4c5e2528af0c803fb1171632074f4070229a75 with gcc (GCC) 8.1.0 kernel signature: 4720b3b1f30d6bd7c72df9bb807bf558b7f8b0b391cd7ed2325197277a38f14c all runs: OK # git bisect good 1c4c5e2528af0c803fb1171632074f4070229a75 Bisecting: 14 revisions left to test after this (roughly 4 steps) [ae3b06ed55b1554e9a91bf959c6b0b5e212e7f4d] Merge branch 'sctp_do_bind-leak' testing commit ae3b06ed55b1554e9a91bf959c6b0b5e212e7f4d with gcc (GCC) 8.1.0 kernel signature: 366456f3b8c39fdbd8245c177d13c9ffdf651f1b763593ba64dd095d25e8b68b all runs: OK # git bisect good ae3b06ed55b1554e9a91bf959c6b0b5e212e7f4d Bisecting: 8 revisions left to test after this (roughly 3 steps) [a9c20bb0206ae9384bd470a6832dd8913730add9] Merge tag 'kvm-s390-master-5.3-1' of git://git.kernel.org/pub/scm/linux/kernel/git/kvms390/linux into kvm-master testing commit a9c20bb0206ae9384bd470a6832dd8913730add9 with gcc (GCC) 8.1.0 kernel signature: 9844f9dd31043678686e94dd0cad0803b33e539359de4b6b2642aa6bee34d3d5 all runs: OK # git bisect good a9c20bb0206ae9384bd470a6832dd8913730add9 Bisecting: 4 revisions left to test after this (roughly 2 steps) [b03c036e6f96340dd311817c7b964dad183c4141] Merge tag 'riscv/for-v5.3' of git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux testing commit b03c036e6f96340dd311817c7b964dad183c4141 with gcc (GCC) 8.1.0 kernel signature: 455a87b0b8032a1936c3a5417c6d6b6a65b2bb723b41b8bd591da6e4608412a0 all runs: OK # git bisect good b03c036e6f96340dd311817c7b964dad183c4141 Bisecting: 2 revisions left to test after this (roughly 1 step) [1f9c632cde0c3d781463a88ce430a8dd4a7c1a0e] Merge tag 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mst/vhost testing commit 1f9c632cde0c3d781463a88ce430a8dd4a7c1a0e with gcc (GCC) 8.1.0 kernel signature: 40ebb0c3b7bdaf4d95fe442214b53b7ed40e0e2fc8c7c67c63807a179506ccf3 all runs: OK # git bisect good 1f9c632cde0c3d781463a88ce430a8dd4a7c1a0e Bisecting: 0 revisions left to test after this (roughly 1 step) [72dbcf72156641fde4d8ea401e977341bfd35a05] Revert "ext4: make __ext4_get_inode_loc plug" testing commit 72dbcf72156641fde4d8ea401e977341bfd35a05 with gcc (GCC) 8.1.0 kernel signature: e2a5876546fd384f4774438d27bf3f3196e69eaa6f7ca06b296a46097fbb9302 run #0: crashed: WARNING: ODEBUG bug in __do_softirq run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK reproducer seems to be flaky # git bisect bad 72dbcf72156641fde4d8ea401e977341bfd35a05 Bisecting: 0 revisions left to test after this (roughly 0 steps) [1609d7604b847a9820e63393d1a3b6cac7286d40] Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm testing commit 1609d7604b847a9820e63393d1a3b6cac7286d40 with gcc (GCC) 8.1.0 kernel signature: 86907ae80d3387bec23c26ff6def7be4732cf505723759bd700d8854076b310e run #0: OK run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: crashed: general protection fault in batadv_iv_ogm_queue_add # git bisect bad 1609d7604b847a9820e63393d1a3b6cac7286d40 1609d7604b847a9820e63393d1a3b6cac7286d40 is the first bad commit commit 1609d7604b847a9820e63393d1a3b6cac7286d40 Merge: 1f9c632cde0c a9c20bb0206a Author: Linus Torvalds Date: Sat Sep 14 16:07:40 2019 -0700 Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm Pull kvm fixes from Paolo Bonzini: "The main change here is a revert of reverts. We recently simplified some code that was thought unnecessary; however, since then KVM has grown quite a few cond_resched()s and for that reason the simplified code is prone to livelocks---one CPUs tries to empty a list of guest page tables while the others keep adding to them. This adds back the generation-based zapping of guest page tables, which was not unnecessary after all. On top of this, there is a fix for a kernel memory leak and a couple of s390 fixlets as well" * tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm: KVM: x86/mmu: Reintroduce fast invalidate/zap for flushing memslot KVM: x86: work around leak of uninitialized stack contents KVM: nVMX: handle page fault in vmread KVM: s390: Do not leak kernel stack data in the KVM_S390_INTERRUPT ioctl KVM: s390: kvm_s390_vm_start_migration: check dirty_bitmap before using it as target for memset() arch/s390/kvm/interrupt.c | 10 ++++ arch/s390/kvm/kvm-s390.c | 4 +- arch/x86/include/asm/kvm_host.h | 2 + arch/x86/kvm/mmu.c | 101 +++++++++++++++++++++++++++++++++++++++- arch/x86/kvm/vmx/nested.c | 4 +- arch/x86/kvm/x86.c | 7 +++ 6 files changed, 124 insertions(+), 4 deletions(-) Reproducer flagged being flaky revisions tested: 24, total time: 5h17m21.131188319s (build: 2h10m43.401099229s, test: 3h3m52.596724063s) first bad commit: 1609d7604b847a9820e63393d1a3b6cac7286d40 Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm recipients (to): ["torvalds@linux-foundation.org"] recipients (cc): [] crash: general protection fault in batadv_iv_ogm_queue_add kasan: CONFIG_KASAN_INLINE enabled kasan: GPF could be caused by NULL-ptr deref or user memory access general protection fault: 0000 [#1] PREEMPT SMP KASAN CPU: 0 PID: 108 Comm: kworker/u4:2 Not tainted 5.3.0-rc8-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: bat_events batadv_iv_send_outstanding_bat_ogm_packet RIP: 0010:batadv_iv_ogm_queue_add+0x9b/0xe50 net/batman-adv/bat_iv_ogm.c:605 Code: 44 89 8d 64 ff ff ff c7 02 f1 f1 f1 f1 c7 42 04 04 f2 f2 f2 48 89 fa 65 48 8b 0c 25 28 00 00 00 48 89 4d d0 31 c9 48 c1 ea 03 <0f> b6 04 02 48 89 fa 83 e2 07 38 d0 7f 08 84 c0 0f 85 99 0b 00 00 RSP: 0018:ffff8880b4d27aa8 EFLAGS: 00010246 RAX: dffffc0000000000 RBX: ffff88808b112c40 RCX: 0000000000000000 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 RBP: ffff8880b4d27bc0 R08: ffff88808aa96500 R09: 0000000000000001 R10: ffffed10169a4f8c R11: 0000000000000003 R12: ffff88808aa96500 R13: dffffc0000000000 R14: ffffed1011552cae R15: 000000000000003c FS: 0000000000000000(0000) GS:ffff8880ba200000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000563ad538b738 CR3: 00000000a80c4000 CR4: 00000000001406f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: batadv_iv_ogm_schedule+0xb47/0xe80 net/batman-adv/bat_iv_ogm.c:813 batadv_iv_send_outstanding_bat_ogm_packet+0x570/0x7d0 net/batman-adv/bat_iv_ogm.c:1675 process_one_work+0x7d2/0x1560 kernel/workqueue.c:2269 worker_thread+0x85/0xb60 kernel/workqueue.c:2415 kthread+0x331/0x3f0 kernel/kthread.c:255 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:352 Modules linked in: ---[ end trace 2ed0113a7bc0332e ]--- RIP: 0010:batadv_iv_ogm_queue_add+0x9b/0xe50 net/batman-adv/bat_iv_ogm.c:605 Code: 44 89 8d 64 ff ff ff c7 02 f1 f1 f1 f1 c7 42 04 04 f2 f2 f2 48 89 fa 65 48 8b 0c 25 28 00 00 00 48 89 4d d0 31 c9 48 c1 ea 03 <0f> b6 04 02 48 89 fa 83 e2 07 38 d0 7f 08 84 c0 0f 85 99 0b 00 00 RSP: 0018:ffff8880b4d27aa8 EFLAGS: 00010246 RAX: dffffc0000000000 RBX: ffff88808b112c40 RCX: 0000000000000000 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 RBP: ffff8880b4d27bc0 R08: ffff88808aa96500 R09: 0000000000000001 R10: ffffed10169a4f8c R11: 0000000000000003 R12: ffff88808aa96500 R13: dffffc0000000000 R14: ffffed1011552cae R15: 000000000000003c FS: 0000000000000000(0000) GS:ffff8880ba200000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000563ad538b738 CR3: 00000000a80c4000 CR4: 00000000001406f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400