bisecting cause commit starting from e2cf67f6689a218b4d8e606e90a12491a9cfa366 building syzkaller on 41f049cc401ca2a85838b25ceea9e6b3c5966811 testing commit e2cf67f6689a218b4d8e606e90a12491a9cfa366 with gcc (GCC) 8.1.0 kernel signature: 9e9a57a9613ed3e2d400419c88d2331a98100d7829f9a5f5cecb93bffabb69b8 all runs: crashed: KASAN: stack-out-of-bounds Write in mpol_to_str testing release v5.5 testing commit d5226fa6dbae0569ee43ecfc08bdcd6770fc4755 with gcc (GCC) 8.1.0 kernel signature: 7eaa5fa7e3a31301638cd94452a1ccf9e76673c21edd6d30c2453891b64d9cac all runs: crashed: KASAN: stack-out-of-bounds Write in mpol_to_str testing release v5.4 testing commit 219d54332a09e8d8741c1e1982f5eae56099de85 with gcc (GCC) 8.1.0 kernel signature: 5c1dfbe6c00c68c2749748c262dfd8c3bb403e65b3c6e9542b17263af9e9d8c6 all runs: crashed: KASAN: stack-out-of-bounds Write in mpol_to_str testing release v5.3 testing commit 4d856f72c10ecb060868ed10ff1b1453943fc6c8 with gcc (GCC) 8.1.0 kernel signature: b9b13fa035aaaff194aac954f28b8225e7a4f3a37461b1427788e85ec8eeb38f all runs: crashed: KASAN: stack-out-of-bounds Write in mpol_to_str testing release v5.2 testing commit 0ecfebd2b52404ae0c54a878c872bb93363ada36 with gcc (GCC) 8.1.0 kernel signature: 0da5a57037e6bab74892673ab39433b1bfb2f54fc0c139561fce18b000c27d4c all runs: OK # git bisect start 4d856f72c10ecb060868ed10ff1b1453943fc6c8 0ecfebd2b52404ae0c54a878c872bb93363ada36 Bisecting: 7848 revisions left to test after this (roughly 13 steps) [43c95d3694cc448fdf50bd53b7ff3a5bb4655883] Merge tag 'pinctrl-v5.3-1' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl testing commit 43c95d3694cc448fdf50bd53b7ff3a5bb4655883 with gcc (GCC) 8.1.0 kernel signature: 933ce1c8425d29855e7fd1208152443b59713012da608e24313b767bc1a4eb4d all runs: crashed: KASAN: stack-out-of-bounds Write in mpol_to_str # git bisect bad 43c95d3694cc448fdf50bd53b7ff3a5bb4655883 Bisecting: 4619 revisions left to test after this (roughly 12 steps) [8f6ccf6159aed1f04c6d179f61f6fb2691261e84] Merge tag 'clone3-v5.3' of git://git.kernel.org/pub/scm/linux/kernel/git/brauner/linux testing commit 8f6ccf6159aed1f04c6d179f61f6fb2691261e84 with gcc (GCC) 8.1.0 kernel signature: 8d159d09105ae1c9413c972d1424621aa6993fb8ea50f2ac5bd9c8902f17fd8b all runs: OK # git bisect good 8f6ccf6159aed1f04c6d179f61f6fb2691261e84 Bisecting: 2306 revisions left to test after this (roughly 11 steps) [753c8d9b7d81206bb5d011b28abe829d364b028e] Merge branch 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip testing commit 753c8d9b7d81206bb5d011b28abe829d364b028e with gcc (GCC) 8.1.0 kernel signature: 0c2731a9a6196804c85223da571187e2559c183a95a1921b77f7bfd3bdf75fc2 all runs: OK # git bisect good 753c8d9b7d81206bb5d011b28abe829d364b028e Bisecting: 1152 revisions left to test after this (roughly 10 steps) [d72619706abc4aa7e540ea882dae883cee7cc3b3] Merge tag 'tty-5.3-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty testing commit d72619706abc4aa7e540ea882dae883cee7cc3b3 with gcc (GCC) 8.1.0 kernel signature: 1903fccea6530211d95cf5cdf7cf428f920435ac23fa6c96a2ae7f2cfb1af4d0 run #0: OK run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: crashed: general protection fault in send_hsr_supervision_frame # git bisect bad d72619706abc4aa7e540ea882dae883cee7cc3b3 Bisecting: 576 revisions left to test after this (roughly 9 steps) [af89bcef55ff6d488d5f64d0068042b1a1092d33] staging: erofs: fix LZ4 limited bounced page mis-reuse testing commit af89bcef55ff6d488d5f64d0068042b1a1092d33 with gcc (GCC) 8.1.0 kernel signature: 2e04e76160eaca194fa60b17dda7c5a0cc868c23aa09968c46f853c27f6c31af all runs: OK # git bisect good af89bcef55ff6d488d5f64d0068042b1a1092d33 Bisecting: 301 revisions left to test after this (roughly 8 steps) [4832a4dada1a2baefac76b70e4f3a78e71a7c35c] Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/hid/hid testing commit 4832a4dada1a2baefac76b70e4f3a78e71a7c35c with gcc (GCC) 8.1.0 kernel signature: 5b626384267065be97a0ff4662c6162af2292b9196c4f280defbea7331ec8f8f all runs: OK # git bisect good 4832a4dada1a2baefac76b70e4f3a78e71a7c35c Bisecting: 150 revisions left to test after this (roughly 7 steps) [921a465ba7bcdf09b94533d5fc426581931ce377] habanalabs: pass device pointer to asic-specific function testing commit 921a465ba7bcdf09b94533d5fc426581931ce377 with gcc (GCC) 8.1.0 kernel signature: 2556c7b47c118d7874778007c804a58aade00f82f915ec2474f4bbd797764b87 all runs: OK # git bisect good 921a465ba7bcdf09b94533d5fc426581931ce377 Bisecting: 150 revisions left to test after this (roughly 7 steps) [60e8523e2ea18dc0c0cea69d6c1d69a065019062] ocxl: Allow contexts to be attached with a NULL mm testing commit 60e8523e2ea18dc0c0cea69d6c1d69a065019062 with gcc (GCC) 8.1.0 kernel signature: 2b02141debffa4c4f90dd0a95208be1e61f004c1cc00f3269fca439339fa425c all runs: OK # git bisect good 60e8523e2ea18dc0c0cea69d6c1d69a065019062 Bisecting: 69 revisions left to test after this (roughly 6 steps) [e786741ff1b52769b044b7f4407f39cd13ee5d2d] Merge tag 'staging-5.3-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging testing commit e786741ff1b52769b044b7f4407f39cd13ee5d2d with gcc (GCC) 8.1.0 kernel signature: 8c5a4fea63d52aa90a01cd361e38e22872d4664a010b08ffb6a96620cbf8fb09 all runs: OK # git bisect good e786741ff1b52769b044b7f4407f39cd13ee5d2d Bisecting: 34 revisions left to test after this (roughly 5 steps) [f5a9e5f7dd8c5ff0c32e6f86d56955aab64d6057] serial: imx: Use dev_info() instead of pr_info() testing commit f5a9e5f7dd8c5ff0c32e6f86d56955aab64d6057 with gcc (GCC) 8.1.0 kernel signature: e7767676baa215de307fec677d775627e33a7cd326849b01e7149c6735609d61 all runs: OK # git bisect good f5a9e5f7dd8c5ff0c32e6f86d56955aab64d6057 Bisecting: 17 revisions left to test after this (roughly 4 steps) [13b18d35909707571af9539f7731389fbf0feb31] tty: serial_core: Set port active bit in uart_port_activate testing commit 13b18d35909707571af9539f7731389fbf0feb31 with gcc (GCC) 8.1.0 kernel signature: b3c4171353cc2ae2d4a0c1decb71d72819b51aa013c87f2e40510d5cde798ead all runs: OK # git bisect good 13b18d35909707571af9539f7731389fbf0feb31 Bisecting: 8 revisions left to test after this (roughly 3 steps) [84872dc448fe0ae11fe8412f4966e9c431a45b8f] serial: stm32: add RX and TX FIFO flush testing commit 84872dc448fe0ae11fe8412f4966e9c431a45b8f with gcc (GCC) 8.1.0 kernel signature: 24d5d2d5a81dd793a2092c1c46450b0449dcd78ff985f33b7e606056a1f75624 all runs: OK # git bisect good 84872dc448fe0ae11fe8412f4966e9c431a45b8f Bisecting: 4 revisions left to test after this (roughly 2 steps) [775b7ffd7d6d5db320d99b0a485c51e04dfcf9f1] serial: sh-sci: Terminate TX DMA during buffer flushing testing commit 775b7ffd7d6d5db320d99b0a485c51e04dfcf9f1 with gcc (GCC) 8.1.0 kernel signature: 8d950067ecba5054b891b6848ac62d3f7e4c2eb86fe26934a54337fac4d00a0b all runs: OK # git bisect good 775b7ffd7d6d5db320d99b0a485c51e04dfcf9f1 Bisecting: 2 revisions left to test after this (roughly 1 step) [ddf89e7503deb931403add648b67545ec196c3fe] serial: imx: set_termios(): clarify RTS/CTS bits calculation testing commit ddf89e7503deb931403add648b67545ec196c3fe with gcc (GCC) 8.1.0 kernel signature: ff666331ba7e6b016a0511357128cc4d6b64fbe1b6685c8f1cd70fdacfdcd0f4 all runs: OK # git bisect good ddf89e7503deb931403add648b67545ec196c3fe Bisecting: 0 revisions left to test after this (roughly 1 step) [35a4ed0164e992c9c7b82eb1370081a292131904] tty: serial: fsl_lpuart: add imx8qxp support testing commit 35a4ed0164e992c9c7b82eb1370081a292131904 with gcc (GCC) 8.1.0 kernel signature: 86a57cd7a5cec04989c9e9335fdc01c7b49be16d3c53a752283409a0b00ea394 all runs: OK # git bisect good 35a4ed0164e992c9c7b82eb1370081a292131904 d72619706abc4aa7e540ea882dae883cee7cc3b3 is the first bad commit commit d72619706abc4aa7e540ea882dae883cee7cc3b3 Merge: e786741ff1b5 35a4ed0164e9 Author: Linus Torvalds Date: Thu Jul 11 15:38:21 2019 -0700 Merge tag 'tty-5.3-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty Pull tty / serial driver updates from Greg KH: "Here is the "large" TTY and Serial driver update for 5.3-rc1. It's in the negative number of lines overall as we removed an obsolete serial driver that was causing problems for some people who were trying to clean up some apis (the mpsc.c driver, which only worked for some pre-production hardware that no one has anymore.) Other than that, lots of tiny changes, cleaning up small things along with some platform-specific serial driver updates. All of these have been in linux-next for a while now with no reported issues" * tag 'tty-5.3-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty: (68 commits) tty: serial: fsl_lpuart: add imx8qxp support serial: imx: set_termios(): preserve RTS state serial: imx: set_termios(): clarify RTS/CTS bits calculation serial: imx: set_termios(): factor-out 'ucr2' initial value serial: sh-sci: Terminate TX DMA during buffer flushing serial: sh-sci: Fix TX DMA buffer flushing and workqueue races serial: mpsc: Remove obsolete MPSC driver serial: 8250: 8250_core: Fix missing unlock on error in serial8250_register_8250_port() serial: stm32: add RX and TX FIFO flush serial: stm32: add support of RX FIFO threshold serial: stm32: add support of TX FIFO threshold serial: stm32: update PIO transmission serial: stm32: add support of timeout interrupt for RX Revert "serial: 8250: Don't service RX FIFO if interrupts are disabled" tty/serial/8250: use mctrl_gpio helpers serial: mctrl_gpio: Check if GPIO property exisits before requesting it serial: 8250: pericom_do_set_divisor can be static tty: serial_core: Set port active bit in uart_port_activate serial: 8250: Add MSR/MCR TIOCM conversion wrapper functions serial: 8250: factor out serial8250_{set,clear}_THRI() helpers ... Documentation/admin-guide/devices.txt | 4 +- Documentation/devicetree/bindings/serial/8250.txt | 19 + arch/ia64/hp/sim/simserial.c | 2 - drivers/ipack/devices/ipoctal.h | 1 - drivers/tty/serial/8250/8250.h | 90 +- drivers/tty/serial/8250/8250_core.c | 20 + drivers/tty/serial/8250/8250_dma.c | 11 +- drivers/tty/serial/8250/8250_mtk.c | 73 +- drivers/tty/serial/8250/8250_of.c | 14 +- drivers/tty/serial/8250/8250_omap.c | 43 +- drivers/tty/serial/8250/8250_pci.c | 97 +- drivers/tty/serial/8250/8250_pnp.c | 4 +- drivers/tty/serial/8250/8250_port.c | 50 +- drivers/tty/serial/8250/Kconfig | 1 + drivers/tty/serial/Kconfig | 14 - drivers/tty/serial/Makefile | 1 - drivers/tty/serial/amba-pl011.c | 2 +- drivers/tty/serial/cpm_uart/cpm_uart_core.c | 19 +- drivers/tty/serial/digicolor-usart.c | 6 +- drivers/tty/serial/fsl_lpuart.c | 114 +- drivers/tty/serial/imx.c | 82 +- drivers/tty/serial/max310x.c | 157 +- drivers/tty/serial/mpsc.c | 2138 --------------------- drivers/tty/serial/msm_serial.c | 4 + drivers/tty/serial/serial_core.c | 7 +- drivers/tty/serial/serial_mctrl_gpio.c | 14 + drivers/tty/serial/sh-sci.c | 33 +- drivers/tty/serial/stm32-usart.c | 348 +++- drivers/tty/serial/stm32-usart.h | 33 +- drivers/tty/serial/xilinx_uartps.c | 37 +- drivers/tty/tty_io.c | 4 +- include/linux/mv643xx.h | 46 - include/linux/serial_8250.h | 1 + include/uapi/linux/serial_core.h | 2 +- 34 files changed, 887 insertions(+), 2604 deletions(-) delete mode 100644 drivers/tty/serial/mpsc.c revisions tested: 20, total time: 4h52m32.269822391s (build: 2h3m31.053167865s, test: 2h46m45.099118446s) first bad commit: d72619706abc4aa7e540ea882dae883cee7cc3b3 Merge tag 'tty-5.3-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty cc: ["torvalds@linux-foundation.org"] crash: general protection fault in send_hsr_supervision_frame kasan: CONFIG_KASAN_INLINE enabled kasan: GPF could be caused by NULL-ptr deref or user memory access general protection fault: 0000 [#1] PREEMPT SMP KASAN CPU: 0 PID: 8413 Comm: systemd-udevd Not tainted 5.2.0-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:send_hsr_supervision_frame+0x30/0xf60 net/hsr/hsr_device.c:255 Code: 89 e5 41 57 41 56 41 55 49 89 fd 41 54 41 89 d4 48 89 c2 53 48 c1 ea 03 48 83 ec 50 48 89 45 d0 48 b8 00 00 00 00 00 fc ff df <80> 3c 02 00 89 75 c8 0f 85 83 0c 00 00 48 b8 00 00 00 00 00 fc ff RSP: 0000:ffff8880ae809c68 EFLAGS: 00010282 RAX: dffffc0000000000 RBX: ffff888094171580 RCX: 1ffff11015d0137b RDX: 0000000000000002 RSI: 0000000000000017 RDI: 0000000000000000 RBP: ffff8880ae809ce0 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: ffff88808fb42400 R12: 0000000000000000 R13: 0000000000000000 R14: ffff8880ae809db8 R15: ffff8880ae824b80 FS: 00007fc5d88528c0(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000557f41f21634 CR3: 0000000090c2e000 CR4: 00000000001406f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: hsr_announce+0xd9/0x2b0 net/hsr/hsr_device.c:339 call_timer_fn+0x14d/0x510 kernel/time/timer.c:1322 expire_timers kernel/time/timer.c:1366 [inline] __run_timers kernel/time/timer.c:1685 [inline] run_timer_softirq+0xc6f/0x1330 kernel/time/timer.c:1698 __do_softirq+0x262/0x931 kernel/softirq.c:292 invoke_softirq kernel/softirq.c:373 [inline] irq_exit+0x17f/0x1c0 kernel/softirq.c:413 exiting_irq arch/x86/include/asm/apic.h:537 [inline] smp_apic_timer_interrupt+0x174/0x590 arch/x86/kernel/apic/apic.c:1095 apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:828 RIP: 0033:0x7fc5d767f783 Code: 4c 8d 1d 50 79 0c 00 4b 63 0c 83 49 8d 0c 0b ff e1 66 0f 1f 44 00 00 48 89 f8 c3 66 90 66 2e 0f 1f 84 00 00 00 00 00 48 89 f1 <48> 83 e1 3f 48 83 f9 20 0f 86 02 02 00 00 48 83 e6 f0 48 83 e1 0f RSP: 002b:00007ffd7fcf9f88 EFLAGS: 00000202 ORIG_RAX: ffffffffffffff13 RAX: 0000557f41a4af00 RBX: 0000557f41a4af01 RCX: 0000557f41a4ad40 RDX: 000000000000000a RSI: 0000557f41a4ad40 RDI: 0000557f41a4af01 RBP: 0000557f41a4c350 R08: 0000000000000040 R09: 0000557f41a4d1f8 R10: 0000000000000004 R11: 0000557f3fbcd9a0 R12: 00007ffd7fcf9fa8 R13: 00007ffd7fcf9fb0 R14: 0000557f41a4ad40 R15: 0000557f41a47b10 Modules linked in: ---[ end trace 9fe1fd104c3467e0 ]--- RIP: 0010:send_hsr_supervision_frame+0x30/0xf60 net/hsr/hsr_device.c:255 Code: 89 e5 41 57 41 56 41 55 49 89 fd 41 54 41 89 d4 48 89 c2 53 48 c1 ea 03 48 83 ec 50 48 89 45 d0 48 b8 00 00 00 00 00 fc ff df <80> 3c 02 00 89 75 c8 0f 85 83 0c 00 00 48 b8 00 00 00 00 00 fc ff RSP: 0000:ffff8880ae809c68 EFLAGS: 00010282 RAX: dffffc0000000000 RBX: ffff888094171580 RCX: 1ffff11015d0137b RDX: 0000000000000002 RSI: 0000000000000017 RDI: 0000000000000000 RBP: ffff8880ae809ce0 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: ffff88808fb42400 R12: 0000000000000000 R13: 0000000000000000 R14: ffff8880ae809db8 R15: ffff8880ae824b80 FS: 00007fc5d88528c0(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000557f41f21634 CR3: 0000000090c2e000 CR4: 00000000001406f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400