bisecting cause commit starting from 18d0eae30e6a4f8644d589243d7ac1d70d29203d building syzkaller on a8292de95851bd79cba2006dd032e28142f06c25 testing commit 18d0eae30e6a4f8644d589243d7ac1d70d29203d with gcc (GCC) 8.1.0 all runs: crashed: INFO: task hung in do_exit testing release v4.19 testing commit 84df9525b0c27f3ebc2ebb1864fa62a97fdedb7d with gcc (GCC) 8.1.0 all runs: crashed: INFO: task hung in do_exit testing release v4.18 testing commit 94710cac0ef4ee177a63b5227664b38c95bbf703 with gcc (GCC) 8.1.0 all runs: crashed: INFO: task hung in do_exit testing release v4.17 testing commit 29dcea88779c856c7dc92040a0c01233263101d4 with gcc (GCC) 8.1.0 all runs: crashed: INFO: task hung in do_exit testing release v4.16 testing commit 0adb32858b0bddf4ada5f364a84ed60b196dbcda with gcc (GCC) 8.1.0 all runs: crashed: INFO: task hung in do_exit testing release v4.15 testing commit d8a5b80568a9cb66810e75b182018e9edb68e8ff with gcc (GCC) 8.1.0 all runs: crashed: INFO: task hung in khugepaged testing release v4.14 testing commit bebc6082da0a9f5d47a1ea2edc099bf671058bd4 with gcc (GCC) 8.1.0 all runs: crashed: INFO: task hung in khugepaged testing release v4.13 testing commit 569dbb88e80deb68974ef6fdd6a13edb9d686261 with gcc (GCC) 8.1.0 all runs: crashed: INFO: task hung in khugepaged testing release v4.12 testing commit 6f7da290413ba713f0cdd9ff1a2a9bb129ef4f6c with gcc (GCC) 8.1.0 all runs: crashed: INFO: task hung in khugepaged testing release v4.11 testing commit a351e9b9fc24e982ec2f0e76379a49826036da12 with gcc (GCC) 7.3.0 all runs: crashed: INFO: task hung in khugepaged testing release v4.10 testing commit c470abd4fde40ea6a0846a2beab642a578c0b8cd with gcc (GCC) 5.5.0 all runs: crashed: INFO: task hung in khugepaged testing release v4.9 testing commit 69973b830859bc6529a7a0468ba0d80ee5117826 with gcc (GCC) 5.5.0 all runs: crashed: INFO: task hung in khugepaged testing release v4.8 testing commit c8d2bc9bc39ebea8437fd974fdbc21847bb897a3 with gcc (GCC) 5.5.0 all runs: crashed: INFO: task hung in khugepaged testing release v4.7 testing commit 523d939ef98fd712632d93a5a2b588e477a7565e with gcc (GCC) 5.5.0 run #0: crashed: INFO: task hung in corrupted run #1: crashed: INFO: task hung in khugepaged run #2: crashed: INFO: task hung in khugepaged run #3: crashed: INFO: task hung in khugepaged run #4: crashed: INFO: task hung in khugepaged run #5: crashed: INFO: task hung in khugepaged run #6: crashed: INFO: task hung in khugepaged run #7: crashed: INFO: task hung in khugepaged run #8: crashed: INFO: task hung in khugepaged run #9: crashed: INFO: task hung in khugepaged testing release v4.6 testing commit 2dcd0af568b0cf583645c8a317dd12e344b1c72a with gcc (GCC) 5.5.0 all runs: crashed: INFO: task hung in khugepaged testing release v4.5 testing commit b562e44f507e863c6792946e4e1b1449fbbac85d with gcc (GCC) 5.5.0 all runs: OK # git bisect start 2dcd0af568b0cf583645c8a317dd12e344b1c72a b562e44f507e863c6792946e4e1b1449fbbac85d Bisecting: 8131 revisions left to test after this (roughly 13 steps) [6b5f04b6cf8ebab9a65d9c0026c650bb2538fd0f] Merge branch 'for-4.6' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/cgroup testing commit 6b5f04b6cf8ebab9a65d9c0026c650bb2538fd0f with gcc (GCC) 5.5.0 all runs: OK # git bisect good 6b5f04b6cf8ebab9a65d9c0026c650bb2538fd0f Bisecting: 3735 revisions left to test after this (roughly 12 steps) [266c73b77706f2d05b4a3e70a5bb702ed35431d6] Merge branch 'drm-next' of git://people.freedesktop.org/~airlied/linux testing commit 266c73b77706f2d05b4a3e70a5bb702ed35431d6 with gcc (GCC) 5.5.0 /syzkaller/jobs/linux/kernel/net/openvswitch/conntrack.c:540: undefined reference to `nf_nat_icmp_reply_translation' # git bisect skip 266c73b77706f2d05b4a3e70a5bb702ed35431d6 Bisecting: 3735 revisions left to test after this (roughly 12 steps) [4cd05a74cc604ef1cc6ac37a25629e185bcd2cc5] drm/amd/powerplay: notify amdgpu whether dpm is enabled or not. testing commit 4cd05a74cc604ef1cc6ac37a25629e185bcd2cc5 with gcc (GCC) 5.5.0 mm/kasan/kasan.c:501:3: error: too few arguments to function ‘set_track’ # git bisect skip 4cd05a74cc604ef1cc6ac37a25629e185bcd2cc5 Bisecting: 3735 revisions left to test after this (roughly 12 steps) [51c0e87e9a48d081d7ccb40d7454a0fa2935a424] powerpc/eeh: Cache normal BARs, not windows or IOV BARs testing commit 51c0e87e9a48d081d7ccb40d7454a0fa2935a424 with gcc (GCC) 5.5.0 all runs: basic kernel testing failed: BUG: spinlock lockup suspected in nf_conntrack_lock # git bisect skip 51c0e87e9a48d081d7ccb40d7454a0fa2935a424 Bisecting: 3735 revisions left to test after this (roughly 12 steps) [2aac7ddf9a410e3418c9cc69618f304550466793] clk: qcom: ipq4019: add some fixed clocks for ddrppl and fepll testing commit 2aac7ddf9a410e3418c9cc69618f304550466793 with gcc (GCC) 5.5.0 mm/kasan/kasan.c:501:3: error: too few arguments to function ‘set_track’ # git bisect skip 2aac7ddf9a410e3418c9cc69618f304550466793 Bisecting: 3735 revisions left to test after this (roughly 12 steps) [fe31419501ba133a967da7b7da0d32945ef21840] IB/rdmavt: Fix copyright date testing commit fe31419501ba133a967da7b7da0d32945ef21840 with gcc (GCC) 5.5.0 all runs: OK # git bisect good fe31419501ba133a967da7b7da0d32945ef21840 Bisecting: 3636 revisions left to test after this (roughly 12 steps) [b26803ebfba8d81e2e8fb392c1248df2ebd1ba83] clk: sunxi: improve divider_clk error handling and reporting testing commit b26803ebfba8d81e2e8fb392c1248df2ebd1ba83 with gcc (GCC) 5.5.0 all runs: OK # git bisect good b26803ebfba8d81e2e8fb392c1248df2ebd1ba83 Bisecting: 3613 revisions left to test after this (roughly 12 steps) [b977025153a6f43ec5070d2f7a26f2ecb22c0319] ARM: dts: zynq: Enable USB and USB PHY for ZYBO testing commit b977025153a6f43ec5070d2f7a26f2ecb22c0319 with gcc (GCC) 5.5.0 all runs: OK # git bisect good b977025153a6f43ec5070d2f7a26f2ecb22c0319 Bisecting: 3613 revisions left to test after this (roughly 12 steps) [6bbd9a05a1f9839873a9290b5b7c6fafde8447ba] bpf: grab rcu read lock for bpf_percpu_hash_update testing commit 6bbd9a05a1f9839873a9290b5b7c6fafde8447ba with gcc (GCC) 5.5.0 all runs: basic kernel testing failed: BUG: spinlock lockup suspected in nf_conntrack_lock # git bisect skip 6bbd9a05a1f9839873a9290b5b7c6fafde8447ba Bisecting: 3613 revisions left to test after this (roughly 12 steps) [5db11c21a929cd9d8c0484006efb1014fc723c93] Orangefs: kernel client part 2 testing commit 5db11c21a929cd9d8c0484006efb1014fc723c93 with gcc (GCC) 5.5.0 all runs: OK # git bisect good 5db11c21a929cd9d8c0484006efb1014fc723c93 Bisecting: 3611 revisions left to test after this (roughly 12 steps) [4bb88e5f84326ff6343bc64a33040850f45b44d8] IB/qib: Remove completion queue data structures and functions from qib testing commit 4bb88e5f84326ff6343bc64a33040850f45b44d8 with gcc (GCC) 5.5.0 all runs: OK # git bisect good 4bb88e5f84326ff6343bc64a33040850f45b44d8 Bisecting: 3607 revisions left to test after this (roughly 12 steps) [c2740a87ca989ca42b0c078e021654e247a08311] perf thread: Rename perf_event__preprocess_sample_addr to thread__resolve testing commit c2740a87ca989ca42b0c078e021654e247a08311 with gcc (GCC) 5.5.0 all runs: OK # git bisect good c2740a87ca989ca42b0c078e021654e247a08311 Bisecting: 3597 revisions left to test after this (roughly 12 steps) [65554d07adfc22bb9e14f6df8c609a646f869a74] mac80211: provide interface to driver to set VHT MU-MIMO data testing commit 65554d07adfc22bb9e14f6df8c609a646f869a74 with gcc (GCC) 5.5.0 all runs: OK # git bisect good 65554d07adfc22bb9e14f6df8c609a646f869a74 Bisecting: 3597 revisions left to test after this (roughly 12 steps) [ba5d141b55ff0c02127cabd344585622bbaa5d02] rapidio/tsi721: add check for overlapped IB window mappings testing commit ba5d141b55ff0c02127cabd344585622bbaa5d02 with gcc (GCC) 5.5.0 /syzkaller/jobs/linux/kernel/net/openvswitch/conntrack.c:540: undefined reference to `nf_nat_icmp_reply_translation' # git bisect skip ba5d141b55ff0c02127cabd344585622bbaa5d02 Bisecting: 3597 revisions left to test after this (roughly 12 steps) [21f8a99ce61b2d4b74bd425a5bf7e9efbe162788] PM / OPP: Remove useless check testing commit 21f8a99ce61b2d4b74bd425a5bf7e9efbe162788 with gcc (GCC) 5.5.0 all runs: OK # git bisect good 21f8a99ce61b2d4b74bd425a5bf7e9efbe162788 Bisecting: 225 revisions left to test after this (roughly 8 steps) [3f8f0cf2eddb558e5ccf9b155e758f4b950d8697] Merge tag 'usb-4.6-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb testing commit 3f8f0cf2eddb558e5ccf9b155e758f4b950d8697 with gcc (GCC) 5.5.0 all runs: OK # git bisect good 3f8f0cf2eddb558e5ccf9b155e758f4b950d8697 Bisecting: 112 revisions left to test after this (roughly 7 steps) [1b7cc307a88377b0c948f9cbc36d026b272fe6e3] Merge branch 'bnxt_en-fixes' testing commit 1b7cc307a88377b0c948f9cbc36d026b272fe6e3 with gcc (GCC) 5.5.0 all runs: crashed: INFO: task hung in khugepaged # git bisect bad 1b7cc307a88377b0c948f9cbc36d026b272fe6e3 Bisecting: 56 revisions left to test after this (roughly 6 steps) [0161028b7c8aebef64194d3d73e43bc3b53b5c66] perf/core: Change the default paranoia level to 2 testing commit 0161028b7c8aebef64194d3d73e43bc3b53b5c66 with gcc (GCC) 5.5.0 all runs: crashed: INFO: task hung in khugepaged # git bisect bad 0161028b7c8aebef64194d3d73e43bc3b53b5c66 Bisecting: 27 revisions left to test after this (roughly 5 steps) [c81aa7979432aa10f23656ef6fa113764eab5e5c] Documentation/networking: more accurate LCO explanation testing commit c81aa7979432aa10f23656ef6fa113764eab5e5c with gcc (GCC) 5.5.0 all runs: OK # git bisect good c81aa7979432aa10f23656ef6fa113764eab5e5c Bisecting: 13 revisions left to test after this (roughly 4 steps) [1e92a61c4c7ed85c1bec037c046e92d6dc762f32] Revert "proc/base: make prompt shell start from new line after executing "cat /proc/$pid/wchan"" testing commit 1e92a61c4c7ed85c1bec037c046e92d6dc762f32 with gcc (GCC) 5.5.0 all runs: OK # git bisect good 1e92a61c4c7ed85c1bec037c046e92d6dc762f32 Bisecting: 7 revisions left to test after this (roughly 3 steps) [26acc792c90c6fa1066ba128074b20d2e21790ef] Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net testing commit 26acc792c90c6fa1066ba128074b20d2e21790ef with gcc (GCC) 5.5.0 all runs: OK # git bisect good 26acc792c90c6fa1066ba128074b20d2e21790ef Bisecting: 3 revisions left to test after this (roughly 2 steps) [58446fef579e5214dc6fffd28cc538051efe1f24] crypto: rsa - select crypto mgr dependency testing commit 58446fef579e5214dc6fffd28cc538051efe1f24 with gcc (GCC) 5.5.0 all runs: OK # git bisect good 58446fef579e5214dc6fffd28cc538051efe1f24 Bisecting: 2 revisions left to test after this (roughly 1 step) [44f43e99fe70833058482d183e99fdfd11220996] zsmalloc: fix zs_can_compact() integer overflow testing commit 44f43e99fe70833058482d183e99fdfd11220996 with gcc (GCC) 5.5.0 all runs: OK # git bisect good 44f43e99fe70833058482d183e99fdfd11220996 Bisecting: 0 revisions left to test after this (roughly 1 step) [5c56b563b4486281bff80658194f0d1da6feba67] Merge branch 'akpm' (patches from Andrew) testing commit 5c56b563b4486281bff80658194f0d1da6feba67 with gcc (GCC) 5.5.0 all runs: OK # git bisect good 5c56b563b4486281bff80658194f0d1da6feba67 0161028b7c8aebef64194d3d73e43bc3b53b5c66 is the first bad commit commit 0161028b7c8aebef64194d3d73e43bc3b53b5c66 Author: Andy Lutomirski Date: Mon May 9 15:48:51 2016 -0700 perf/core: Change the default paranoia level to 2 Allowing unprivileged kernel profiling lets any user dump follow kernel control flow and dump kernel registers. This most likely allows trivial kASLR bypassing, and it may allow other mischief as well. (Off the top of my head, the PERF_SAMPLE_REGS_INTR output during /dev/urandom reads could be quite interesting.) Signed-off-by: Andy Lutomirski Acked-by: Kees Cook Signed-off-by: Linus Torvalds :040000 040000 bb94069085aa167c8d06a1e72750cffe3a43e9e8 b0134d39a8ff2a375425b97f44e9758f540d6d49 M Documentation :040000 040000 5ab734be45b086a84c5ee98c5f305dc99afb381c 45a7a4d128e3d6f8f3fc8b8225d6ebdc025ce607 M kernel revisions tested: 40, total time: 7h46m24.094310626s (build: 2h20m9.517140521s, test: 5h16m59.651472597s) first bad commit: 0161028b7c8aebef64194d3d73e43bc3b53b5c66 perf/core: Change the default paranoia level to 2 cc: ["acme@kernel.org" "corbet@lwn.net" "keescook@chromium.org" "linux-doc@vger.kernel.org" "linux-kernel@vger.kernel.org" "luto@kernel.org" "mingo@redhat.com" "peterz@infradead.org" "torvalds@linux-foundation.org"] crash: INFO: task hung in khugepaged 8021q: adding VLAN 0 to HW filter on device bond0 IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready INFO: task khugepaged:888 blocked for more than 140 seconds. Not tainted 4.6.0-rc7-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. khugepaged D ffff8801d9477a38 30160 888 2 0x00000000 ffff8801d9477a38 0000000000000086 ffff8801daf20c50 ffff8801daf20c28 ffff8801daf202d8 ffff8800bba44788 ffff880100000000 ffff8801d9b282c0 ffff8800bba44780 ffff8801d9470000 ffffed003b28e001 ffff8801d9470008 Call Trace: [] schedule+0x9a/0x1c0 kernel/sched/core.c:3250 [] rwsem_down_read_failed+0x1ae/0x2c0 kernel/locking/rwsem-xadd.c:250 [] call_rwsem_down_read_failed+0x18/0x30 arch/x86/lib/rwsem.S:92 [] __down_read arch/x86/include/asm/rwsem.h:65 [inline] [] down_read+0x50/0x60 kernel/locking/rwsem.c:24 [] khugepaged_scan_mm_slot mm/huge_memory.c:2675 [inline] [] khugepaged_do_scan mm/huge_memory.c:2794 [inline] [] khugepaged+0x856/0x40f0 mm/huge_memory.c:2829 [] kthread+0x209/0x2d0 kernel/kthread.c:209 [] ret_from_fork+0x22/0x50 arch/x86/entry/entry_64.S:392 INFO: lockdep is turned off. Sending NMI to all CPUs: NMI backtrace for cpu 0 CPU: 0 PID: 881 Comm: khungtaskd Not tainted 4.6.0-rc7-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 task: ffff8801d94e6640 ti: ffff8801d9718000 task.ti: ffff8801d9718000 RIP: 0010:[] [] native_write_msr_safe+0x6/0x40 arch/x86/include/asm/msr.h:124 RSP: 0018:ffff8801d971fc48 EFLAGS: 00000086 RAX: 0000000000000400 RBX: 0000000000000400 RCX: 0000000000000830 RDX: 0000000000000000 RSI: 0000000000000400 RDI: 0000000000000830 RBP: ffff8801d971fc60 R08: 0000000000000400 R09: 0000000000000000 R10: ffffffff8720bfcb R11: fffffbfff0fcc539 R12: fffffbfff0df1a48 R13: ffffffff86f90260 R14: 0000000000080000 R15: dffffc0000000000 FS: 0000000000000000(0000) GS:ffff8801dae00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000000c42044fe80 CR3: 00000001d7021000 CR4: 00000000001406f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Stack: ffffffff81254f20 ffff8801d971fc60 0000000000000007 ffff8801d971fcc8 ffffffff812550da 0000000000000286 ffffed0000000010 0000000000000286 00000002d971fcb8 0000000000000000 0000000000000000 ffffffff866a7f00 Call Trace: [] __x2apic_send_IPI_mask+0x19a/0x2d0 arch/x86/kernel/apic/x2apic_phys.c:62 [] x2apic_send_IPI_mask+0xe/0x10 arch/x86/kernel/apic/x2apic_cluster.c:87 [] nmi_raise_cpu_backtrace+0x5b/0x70 arch/x86/kernel/apic/hw_nmi.c:33 [] nmi_trigger_all_cpu_backtrace+0x4d6/0x640 lib/nmi_backtrace.c:85 [] arch_trigger_all_cpu_backtrace+0x14/0x20 arch/x86/kernel/apic/hw_nmi.c:38 [] trigger_all_cpu_backtrace include/linux/nmi.h:41 [inline] [] check_hung_task kernel/hung_task.c:125 [inline] [] check_hung_uninterruptible_tasks kernel/hung_task.c:182 [inline] [] watchdog+0x661/0xa00 kernel/hung_task.c:239 [] kthread+0x209/0x2d0 kernel/kthread.c:209 [] ret_from_fork+0x22/0x50 arch/x86/entry/entry_64.S:392 Code: 5b 5d c3 48 c1 e2 20 48 89 d3 31 d2 48 09 c3 48 89 de e8 ee 91 7f 01 48 89 d8 5b 5d c3 0f 1f 84 00 00 00 00 00 89 f0 89 f9 0f 30 <31> c0 0f 1f 44 00 00 c3 41 89 f0 48 89 d6 55 89 c2 48 c1 e6 20 NMI backtrace for cpu 1 CPU: 1 PID: 7587 Comm: syz-executor0 Not tainted 4.6.0-rc7-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 task: ffff8801d1b2a6c0 ti: ffff8800b5a90000 task.ti: ffff8800b5a90000 RIP: 0010:[] [] lock_acquire+0x157/0x480 kernel/locking/lockdep.c:3708 RSP: 0018:ffff8800b5a97aa0 EFLAGS: 00000082 RAX: 0000000000000000 RBX: ffff8801d1b2a6c0 RCX: 0000000000000000 RDX: 0000000000000004 RSI: 0000000000000000 RDI: ffffffff8699c820 RBP: ffff8800b5a97b08 R08: 0000000000000001 R09: 0000000000000286 R10: 0000000000000000 R11: 0000000000000000 R12: dffffc0000000000 R13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000000 FS: 00007f09af321700(0000) GS:ffff8801daf00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f1ba51a8140 CR3: 00000000b5abe000 CR4: 00000000001406e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Stack: ffff8801d1b2a6c0 ffffffff858a26a0 0000000000000269 0000000000000000 ffffed0016f7c232 0000000000000286 0000000000000000 ffff8800b7be1168 ffff8800b7be1108 dffffc0000000000 0000000000000000 ffff8801d1b2a6c0 Call Trace: [] __mutex_lock_common kernel/locking/mutex.c:518 [inline] [] mutex_lock_nested+0xa8/0xb30 kernel/locking/mutex.c:618 [] perf_mmap+0x468/0x14a0 kernel/events/core.c:4871 [] mmap_region+0x75a/0xf10 mm/mmap.c:1510 [] do_mmap+0x83a/0xbc0 mm/mmap.c:1289 [] do_mmap_pgoff include/linux/mm.h:2008 [inline] [] vm_mmap_pgoff+0x138/0x190 mm/util.c:301 [] SYSC_mmap_pgoff mm/mmap.c:1339 [inline] [] SyS_mmap_pgoff+0x312/0x6c0 mm/mmap.c:1297 [] SYSC_mmap arch/x86/kernel/sys_x86_64.c:95 [inline] [] SyS_mmap+0x16/0x20 arch/x86/kernel/sys_x86_64.c:86 [] entry_SYSCALL_64_fastpath+0x23/0xc1 Code: bd 7e 83 f8 3f 0f 87 10 02 00 00 89 c0 48 0f a3 05 07 ca b4 05 19 c0 85 c0 0f 85 ba 01 00 00 4c 8b 4d c0 c7 44 24 18 00 00 00 00 <45> 89 f0 44 89 e9 c7 44 24 10 00 00 00 00 48 8b 45 10 4c 89 3c