bisecting cause commit starting from d76886972823ce456c0c61cd2284e85668e2131e building syzkaller on 0d63f89cabcbc3e57201973370a309b646cc43c9 testing commit d76886972823ce456c0c61cd2284e85668e2131e with gcc (GCC) 8.1.0 kernel signature: cb0c10199908a3ccb6365629739225fe1bb0f521 all runs: crashed: KASAN: global-out-of-bounds Read in precalculate_color testing release v5.4 testing commit 219d54332a09e8d8741c1e1982f5eae56099de85 with gcc (GCC) 8.1.0 kernel signature: a9525a9f878dcaa584ce5f5db353f67fa50637db all runs: crashed: no output from test machine testing release v5.3 testing commit 4d856f72c10ecb060868ed10ff1b1453943fc6c8 with gcc (GCC) 8.1.0 kernel signature: 20dfc32c062eeb998216963330731b4ff080a417 all runs: crashed: no output from test machine testing release v5.2 testing commit 0ecfebd2b52404ae0c54a878c872bb93363ada36 with gcc (GCC) 8.1.0 kernel signature: 2552ed27576f0fdeece04aad6dbcb8c50a359d84 all runs: crashed: no output from test machine testing release v5.1 testing commit e93c9c99a629c61837d5a7fc2120cd2b6c70dbdd with gcc (GCC) 8.1.0 kernel signature: a9927a89433ebf99fa62dd63de92316723e847d5 all runs: crashed: no output from test machine testing release v5.0 testing commit 1c163f4c7b3f621efff9b28a47abb36f7378d783 with gcc (GCC) 8.1.0 kernel signature: a51e67d25395b3b81d0c14c82e40cfa82da10d9f all runs: crashed: no output from test machine testing release v4.20 testing commit 8fe28cb58bcb235034b64cbbb7550a8a43fd88be with gcc (GCC) 8.1.0 kernel signature: 8e4109a998cd7df71158fb8f7b76feea1e06892c all runs: crashed: no output from test machine testing release v4.19 testing commit 84df9525b0c27f3ebc2ebb1864fa62a97fdedb7d with gcc (GCC) 8.1.0 kernel signature: d074323bdb7051f3d80ce941f3553c4e2819153c all runs: crashed: no output from test machine testing release v4.18 testing commit 94710cac0ef4ee177a63b5227664b38c95bbf703 with gcc (GCC) 8.1.0 kernel signature: effa1d9db86aa82f21d5fe2301f1803121c52110 all runs: crashed: no output from test machine testing release v4.17 testing commit 29dcea88779c856c7dc92040a0c01233263101d4 with gcc (GCC) 8.1.0 kernel signature: 4b8662a645ceafe75e0a1e0e87440ac42861687b all runs: crashed: no output from test machine testing release v4.16 testing commit 0adb32858b0bddf4ada5f364a84ed60b196dbcda with gcc (GCC) 8.1.0 kernel signature: 9026fd114f4204dbc6b2498110c1dfa63b9fde32 all runs: crashed: no output from test machine testing release v4.15 testing commit d8a5b80568a9cb66810e75b182018e9edb68e8ff with gcc (GCC) 8.1.0 kernel signature: de913b7b327a0f16a95e15f8c7cd1b18fad76172 all runs: OK # git bisect start 0adb32858b0bddf4ada5f364a84ed60b196dbcda d8a5b80568a9cb66810e75b182018e9edb68e8ff Bisecting: 7566 revisions left to test after this (roughly 13 steps) [c14376de3a1befa70d9811ca2872d47367b48767] printk: Wake klogd when passing console_lock owner testing commit c14376de3a1befa70d9811ca2872d47367b48767 with gcc (GCC) 8.1.0 kernel signature: 58c36155bb14d7cf995bf7878a7c9c9d1b4f051e all runs: crashed: no output from test machine # git bisect bad c14376de3a1befa70d9811ca2872d47367b48767 Bisecting: 3620 revisions left to test after this (roughly 12 steps) [a103950e0dd2058df5e8a8d4a915707bdcf205f0] Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 testing commit a103950e0dd2058df5e8a8d4a915707bdcf205f0 with gcc (GCC) 8.1.0 kernel signature: c942d65c5ab633685f8d0ab438f2bac0a595e4e8 all runs: crashed: no output from test machine # git bisect bad a103950e0dd2058df5e8a8d4a915707bdcf205f0 Bisecting: 1793 revisions left to test after this (roughly 11 steps) [d8b91dde38f4c43bd0bbbf17a90f735b16aaff2c] Merge branch 'perf-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip testing commit d8b91dde38f4c43bd0bbbf17a90f735b16aaff2c with gcc (GCC) 8.1.0 kernel signature: 812dfa90a5675fe10d3664feac33a339eea18706 all runs: OK # git bisect good d8b91dde38f4c43bd0bbbf17a90f735b16aaff2c Bisecting: 813 revisions left to test after this (roughly 10 steps) [28bc6fb9596fe1e577d09fc17ee6e1bb051c6ba3] Merge tag 'scsi-misc' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi testing commit 28bc6fb9596fe1e577d09fc17ee6e1bb051c6ba3 with gcc (GCC) 8.1.0 kernel signature: 519bad715a5506ed611ba0ea97d5f5a031b42a17 all runs: crashed: no output from test machine # git bisect bad 28bc6fb9596fe1e577d09fc17ee6e1bb051c6ba3 Bisecting: 489 revisions left to test after this (roughly 9 steps) [19e7b5f99474107e8d0b4b3e4652fa19ddb87efc] Merge branch 'work.misc' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs testing commit 19e7b5f99474107e8d0b4b3e4652fa19ddb87efc with gcc (GCC) 8.1.0 kernel signature: 784c17edc66c68c3b2b088f556ee39d837b58687 run #0: crashed: KASAN: slab-out-of-bounds Read in pdu_read run #1: crashed: no output from test machine run #2: crashed: no output from test machine run #3: crashed: no output from test machine run #4: crashed: no output from test machine run #5: crashed: no output from test machine run #6: crashed: no output from test machine run #7: crashed: no output from test machine run #8: crashed: no output from test machine run #9: crashed: no output from test machine # git bisect bad 19e7b5f99474107e8d0b4b3e4652fa19ddb87efc Bisecting: 227 revisions left to test after this (roughly 8 steps) [168fe32a072a4b8dc81a3aebf0e5e588d38e2955] Merge branch 'misc.poll' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs testing commit 168fe32a072a4b8dc81a3aebf0e5e588d38e2955 with gcc (GCC) 8.1.0 kernel signature: dd9c439541c1f9ec6843ba59644cae38ef8ae6a5 run #0: crashed: KASAN: slab-out-of-bounds Read in pdu_read run #1: crashed: no output from test machine run #2: crashed: no output from test machine run #3: crashed: no output from test machine run #4: crashed: no output from test machine run #5: crashed: no output from test machine run #6: crashed: no output from test machine run #7: crashed: no output from test machine run #8: crashed: no output from test machine run #9: crashed: no output from test machine # git bisect bad 168fe32a072a4b8dc81a3aebf0e5e588d38e2955 Bisecting: 117 revisions left to test after this (roughly 7 steps) [0aebc6a440b942df6221a7765f077f02217e0114] Merge tag 'arm64-upstream' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux testing commit 0aebc6a440b942df6221a7765f077f02217e0114 with gcc (GCC) 8.1.0 kernel signature: e5cbb99308a8709ec57c6bce41bc307a5b91f737 all runs: OK # git bisect good 0aebc6a440b942df6221a7765f077f02217e0114 Bisecting: 64 revisions left to test after this (roughly 6 steps) [f8cc87b6c1e333ce7adc9fb2cb698d93b16eabe3] Merge branch 'for-4.16' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/wq testing commit f8cc87b6c1e333ce7adc9fb2cb698d93b16eabe3 with gcc (GCC) 8.1.0 kernel signature: e08f28c0bfd6e47a64ef87369556b86e47f06262 all runs: OK # git bisect good f8cc87b6c1e333ce7adc9fb2cb698d93b16eabe3 Bisecting: 32 revisions left to test after this (roughly 5 steps) [7594bf37ae9ffc434da425120c576909eb33b0bc] 9p: untangle ->poll() mess testing commit 7594bf37ae9ffc434da425120c576909eb33b0bc with gcc (GCC) 8.1.0 kernel signature: f326852cb04fbe0eb1a470f4a83cd9cd11fb6614 run #0: crashed: KASAN: slab-out-of-bounds Read in pdu_read run #1: crashed: no output from test machine run #2: crashed: no output from test machine run #3: crashed: no output from test machine run #4: crashed: no output from test machine run #5: crashed: no output from test machine run #6: crashed: no output from test machine run #7: crashed: no output from test machine run #8: crashed: no output from test machine run #9: crashed: no output from test machine # git bisect bad 7594bf37ae9ffc434da425120c576909eb33b0bc Bisecting: 15 revisions left to test after this (roughly 4 steps) [8153a5ead0898ba5a932282e571dfccd61940bba] ppc: annotate ->poll() instances testing commit 8153a5ead0898ba5a932282e571dfccd61940bba with gcc (GCC) 8.1.0 kernel signature: 9f47ccf18f6d04a59d45f7bb2de5b6f0db68dff2 all runs: OK # git bisect good 8153a5ead0898ba5a932282e571dfccd61940bba Bisecting: 7 revisions left to test after this (roughly 3 steps) [e6c5a7d997db73aaab2fb8337710f109e5d931b1] apparmor: annotate ->poll() instances testing commit e6c5a7d997db73aaab2fb8337710f109e5d931b1 with gcc (GCC) 8.1.0 kernel signature: 9c6102905b0f0bc5479a0a91b0a6c0b3348584ab all runs: OK # git bisect good e6c5a7d997db73aaab2fb8337710f109e5d931b1 Bisecting: 3 revisions left to test after this (roughly 2 steps) [c23e0cb81e4021b9712b1093d54713991fd9b7c2] media: annotate ->poll() instances testing commit c23e0cb81e4021b9712b1093d54713991fd9b7c2 with gcc (GCC) 8.1.0 kernel signature: ada4957421f7bf3b4898732ff5d1f35038701dfa all runs: OK # git bisect good c23e0cb81e4021b9712b1093d54713991fd9b7c2 Bisecting: 1 revision left to test after this (roughly 1 step) [ecf927000ce3265e9871c79d43c10ceed8bd61c9] ring_buffer_poll_wait() return value used as return value of ->poll() testing commit ecf927000ce3265e9871c79d43c10ceed8bd61c9 with gcc (GCC) 8.1.0 kernel signature: 474156118abda539aa4cc6ecf201eac7f55a46d3 all runs: OK # git bisect good ecf927000ce3265e9871c79d43c10ceed8bd61c9 Bisecting: 0 revisions left to test after this (roughly 0 steps) [5dc533c66b131726a1a747eb3c92b20a9ede9219] ->si_band gets POLL... bitmap stored into a user-visible long field testing commit 5dc533c66b131726a1a747eb3c92b20a9ede9219 with gcc (GCC) 8.1.0 kernel signature: 88784747b49f9269165991fed65c0cfed4d01095 all runs: OK # git bisect good 5dc533c66b131726a1a747eb3c92b20a9ede9219 7594bf37ae9ffc434da425120c576909eb33b0bc is the first bad commit commit 7594bf37ae9ffc434da425120c576909eb33b0bc Author: Al Viro Date: Sun Jul 16 22:53:08 2017 -0400 9p: untangle ->poll() mess First of all, NULL ->poll() means "always POLLIN, always POLLOUT", not an error. Furthermore, mixing -EREMOTEIO with POLL... masks and expecting it to do anything good is insane - both are arch-dependent, to start with. Pass a pointer to store the error value separately and make it return POLLERR in such case. And ->poll() calling conventions do *not* include "return -Esomething". Never had. Signed-off-by: Al Viro net/9p/trans_fd.c | 60 +++++++++++++++++++++++++++---------------------------- 1 file changed, 30 insertions(+), 30 deletions(-) culprit signature: f326852cb04fbe0eb1a470f4a83cd9cd11fb6614 parent signature: 88784747b49f9269165991fed65c0cfed4d01095 revisions tested: 26, total time: 5h59m45.959749415s (build: 2h16m2.625992763s, test: 3h41m8.81613171s) first bad commit: 7594bf37ae9ffc434da425120c576909eb33b0bc 9p: untangle ->poll() mess cc: ["davem@davemloft.net" "ericvh@gmail.com" "linux-kernel@vger.kernel.org" "lucho@ionkov.net" "netdev@vger.kernel.org" "rminnich@sandia.gov" "v9fs-developer@lists.sourceforge.net" "viro@zeniv.linux.org.uk"] crash: no output from test machine