bisecting cause commit starting from c3d8f220d01220a5b253e422be407d068dc65511 building syzkaller on cef5ae6814696260ff58c538a1b6044af90c5979 testing commit c3d8f220d01220a5b253e422be407d068dc65511 with gcc (GCC) 8.1.0 kernel signature: 15db9cec400cda07beb66fc2940729b4c91cb3b43e0386fc08a7728fbe11cf2a all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in nexthop_is_blackhole testing release v5.8 testing commit bcf876870b95592b52519ed4aafcf9d95999bc9c with gcc (GCC) 8.1.0 kernel signature: 33f1abdbaf186362cdcc99073f51fa25388a14cef839c18e960710d42a6e308d all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in nexthop_is_blackhole testing release v5.7 testing commit 3d77e6a8804abcc0504c904bd6e5cdf3a5cf8162 with gcc (GCC) 8.1.0 kernel signature: 5f309fd4388e7b9fb0a1e2a31cef61019712a0a4fc3a7f40f663e11a2876d72e all runs: crashed: general protection fault in nexthop_is_blackhole testing release v5.6 testing commit 7111951b8d4973bda27ff663f2cf18b663d15b48 with gcc (GCC) 8.1.0 kernel signature: 2350a149b83ef55bf98bc13af245d2465f23671d260c0e1392539b7081b801d7 all runs: crashed: KASAN: use-after-free Read in __ip6_del_rt testing release v5.5 testing commit d5226fa6dbae0569ee43ecfc08bdcd6770fc4755 with gcc (GCC) 8.1.0 kernel signature: 8ba4323793724b926a6d782ab88b42c9f98d5d61a82a05ea33f3ddb356a9250a all runs: crashed: KASAN: use-after-free Read in __ip6_del_rt testing release v5.4 testing commit 219d54332a09e8d8741c1e1982f5eae56099de85 with gcc (GCC) 8.1.0 kernel signature: 625e7606f4e0a9a0e0dc150ba586ff6834ecc659a145c962586080d8ab33f7a1 all runs: crashed: KASAN: use-after-free Read in __ip6_del_rt testing release v5.3 testing commit 4d856f72c10ecb060868ed10ff1b1453943fc6c8 with gcc (GCC) 8.1.0 kernel signature: 2527f8dfe2237c450d2046ed24dae6ce3b92875a110a2059196e017d29e4c072 all runs: crashed: KASAN: use-after-free Read in __ip6_del_rt testing release v5.2 testing commit 0ecfebd2b52404ae0c54a878c872bb93363ada36 with gcc (GCC) 8.1.0 kernel signature: d6b8558dc12a74d4cad742005bc78965503ee93cfc36ca98d1df15e6b612844d all runs: OK # git bisect start 4d856f72c10ecb060868ed10ff1b1453943fc6c8 0ecfebd2b52404ae0c54a878c872bb93363ada36 Bisecting: 7848 revisions left to test after this (roughly 13 steps) [43c95d3694cc448fdf50bd53b7ff3a5bb4655883] Merge tag 'pinctrl-v5.3-1' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl testing commit 43c95d3694cc448fdf50bd53b7ff3a5bb4655883 with gcc (GCC) 8.1.0 kernel signature: 5fa6774976f70534da14fdef9b354beb38a83b937cc49fb7cdfd37422334a1eb all runs: crashed: KASAN: use-after-free Read in __ip6_del_rt # git bisect bad 43c95d3694cc448fdf50bd53b7ff3a5bb4655883 Bisecting: 4619 revisions left to test after this (roughly 12 steps) [8f6ccf6159aed1f04c6d179f61f6fb2691261e84] Merge tag 'clone3-v5.3' of git://git.kernel.org/pub/scm/linux/kernel/git/brauner/linux testing commit 8f6ccf6159aed1f04c6d179f61f6fb2691261e84 with gcc (GCC) 8.1.0 kernel signature: 336316b1fc7a168e78a8c7f40a1052aad7c9cbcd5d585880a129c4b5eb5bd4dc all runs: OK # git bisect good 8f6ccf6159aed1f04c6d179f61f6fb2691261e84 Bisecting: 2306 revisions left to test after this (roughly 11 steps) [753c8d9b7d81206bb5d011b28abe829d364b028e] Merge branch 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip testing commit 753c8d9b7d81206bb5d011b28abe829d364b028e with gcc (GCC) 8.1.0 kernel signature: 66f8485f66663f1915f381b8d3b7d5788d81163d136733f47da7c41648d25a11 run #0: crashed: KASAN: use-after-free Read in __ip6_del_rt run #1: crashed: KASAN: use-after-free Read in __ip6_del_rt run #2: crashed: KASAN: use-after-free Read in __ip6_del_rt run #3: crashed: KASAN: use-after-free Read in __ip6_del_rt run #4: crashed: KASAN: use-after-free Read in __ip6_del_rt run #5: crashed: general protection fault in send_hsr_supervision_frame run #6: crashed: KASAN: use-after-free Read in __ip6_del_rt run #7: crashed: KASAN: use-after-free Read in __ip6_del_rt run #8: crashed: KASAN: use-after-free Read in __ip6_del_rt run #9: crashed: KASAN: use-after-free Read in __ip6_del_rt # git bisect bad 753c8d9b7d81206bb5d011b28abe829d364b028e Bisecting: 1156 revisions left to test after this (roughly 10 steps) [2f9b0d93a9d3ec64558537ab5d7cff820886afa4] net: ethernet: ti: cpsw: Fix suspend/resume break testing commit 2f9b0d93a9d3ec64558537ab5d7cff820886afa4 with gcc (GCC) 8.1.0 kernel signature: cb42bf74254696431914128340fcfe33b712c37033eac135fe54e2f73f63b25a all runs: crashed: KASAN: use-after-free Read in __ip6_del_rt # git bisect bad 2f9b0d93a9d3ec64558537ab5d7cff820886afa4 Bisecting: 577 revisions left to test after this (roughly 9 steps) [d28d66e5a92de81199d21b696df707068361a4e7] net: ethernet: mediatek: fix mtk_eth_soc build errors & warnings testing commit d28d66e5a92de81199d21b696df707068361a4e7 with gcc (GCC) 8.1.0 kernel signature: 463b0ad988fbe935b920a615a8be243ebb2d68f787667f1a88e7baa05b257050 all runs: OK # git bisect good d28d66e5a92de81199d21b696df707068361a4e7 Bisecting: 288 revisions left to test after this (roughly 8 steps) [9126e75e39e14c357cfb2820abf0733bbc3cd8dc] net: ethernet: ti: cpsw_ethtool: simplify slave loops testing commit 9126e75e39e14c357cfb2820abf0733bbc3cd8dc with gcc (GCC) 8.1.0 kernel signature: 39c76a1ca1fef119af49856bd77c97a159323cc3489569ed9994d74208df6bc7 all runs: crashed: KASAN: use-after-free Read in __ip6_del_rt # git bisect bad 9126e75e39e14c357cfb2820abf0733bbc3cd8dc Bisecting: 144 revisions left to test after this (roughly 7 steps) [de47c5d8e11dda678e4354eeb4235e58e92f7cd2] af_key: make use of BUG_ON macro testing commit de47c5d8e11dda678e4354eeb4235e58e92f7cd2 with gcc (GCC) 8.1.0 kernel signature: 32f43ce38254748105b9546affaf865351018752f05057abceabfcf454eb72b3 run #0: crashed: general protection fault in batadv_iv_ogm_queue_add run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect bad de47c5d8e11dda678e4354eeb4235e58e92f7cd2 Bisecting: 71 revisions left to test after this (roughly 6 steps) [867d03bc238f62fcd28f287b9da8af5e483baeab] net: axienet: Add DMA registers to ethtool register dump testing commit 867d03bc238f62fcd28f287b9da8af5e483baeab with gcc (GCC) 8.1.0 kernel signature: a85f9e78c4aba176a1567334ec10a67215882a58811cae23da337c359e83dda6 all runs: OK # git bisect good 867d03bc238f62fcd28f287b9da8af5e483baeab Bisecting: 35 revisions left to test after this (roughly 5 steps) [238882c8e034f40fbaa14c7ace36f3ed8e8bfad4] net: hns3: log detail error info of ROCEE ECC and AXI errors testing commit 238882c8e034f40fbaa14c7ace36f3ed8e8bfad4 with gcc (GCC) 8.1.0 kernel signature: 797c04ffb57956ae5bfe6df3a2cb9cbc8938864585430c2f617af5c5d35401ea all runs: OK # git bisect good 238882c8e034f40fbaa14c7ace36f3ed8e8bfad4 Bisecting: 17 revisions left to test after this (roughly 4 steps) [e2a7420df2e01370b40e4cf7b85ab9a885c6d755] bonding/main: convert to using slave printk macros testing commit e2a7420df2e01370b40e4cf7b85ab9a885c6d755 with gcc (GCC) 8.1.0 kernel signature: dcfabdfff09065f48cead43f23371c375a3a515a6dff2eae3ed2bc0181c8a6a7 all runs: OK # git bisect good e2a7420df2e01370b40e4cf7b85ab9a885c6d755 Bisecting: 8 revisions left to test after this (roughly 3 steps) [7ba7aeabbaba484347cc98fbe9045769ca0d118d] net: Don't disable interrupts in napi_alloc_frag() testing commit 7ba7aeabbaba484347cc98fbe9045769ca0d118d with gcc (GCC) 8.1.0 kernel signature: 332ebbdd436e762990d3a1399ea6d53ff775b2e1de318a138c7436c065a84d8e all runs: OK # git bisect good 7ba7aeabbaba484347cc98fbe9045769ca0d118d Bisecting: 4 revisions left to test after this (roughly 2 steps) [3a89aae4b49e2df99fff112cdd055f1a67971623] bnx2x: Use napi_alloc_frag() testing commit 3a89aae4b49e2df99fff112cdd055f1a67971623 with gcc (GCC) 8.1.0 kernel signature: e7ee48a15f38176aa180a5467c2c774caf95afaaf8429b93b280a84a69acf451 all runs: OK # git bisect good 3a89aae4b49e2df99fff112cdd055f1a67971623 Bisecting: 2 revisions left to test after this (roughly 1 step) [6dcdd884e2a4bb57b0ed3654ff28974ae17d2a08] net: hwbm: Make the hwbm_pool lock a mutex testing commit 6dcdd884e2a4bb57b0ed3654ff28974ae17d2a08 with gcc (GCC) 8.1.0 kernel signature: 1b2a80e649e1de1077079a4ca9d68e6157f3fd1ddb94fb723f9424c7ae18df54 all runs: OK # git bisect good 6dcdd884e2a4bb57b0ed3654ff28974ae17d2a08 Bisecting: 0 revisions left to test after this (roughly 1 step) [392096736a06bc9d8f2b42fd4bb1a44b245b9fed] ipv6: tcp: fix potential NULL deref in tcp_v6_send_reset() testing commit 392096736a06bc9d8f2b42fd4bb1a44b245b9fed with gcc (GCC) 8.1.0 kernel signature: 2d8a37e4658aa390b9bc8ed0cb77e01886caf648bd7208ac0aba8cb6467e599d all runs: OK # git bisect good 392096736a06bc9d8f2b42fd4bb1a44b245b9fed de47c5d8e11dda678e4354eeb4235e58e92f7cd2 is the first bad commit commit de47c5d8e11dda678e4354eeb4235e58e92f7cd2 Author: Hariprasad Kelam Date: Sat Jun 8 14:30:50 2019 +0530 af_key: make use of BUG_ON macro fix below warnings reported by coccicheck net/key/af_key.c:932:2-5: WARNING: Use BUG_ON instead of if condition followed by BUG. net/key/af_key.c:948:2-5: WARNING: Use BUG_ON instead of if condition followed by BUG. Signed-off-by: Hariprasad Kelam Signed-off-by: David S. Miller net/key/af_key.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) culprit signature: 32f43ce38254748105b9546affaf865351018752f05057abceabfcf454eb72b3 parent signature: 2d8a37e4658aa390b9bc8ed0cb77e01886caf648bd7208ac0aba8cb6467e599d revisions tested: 22, total time: 5h47m34.296469384s (build: 2h15m36.499583378s, test: 3h29m27.520522587s) first bad commit: de47c5d8e11dda678e4354eeb4235e58e92f7cd2 af_key: make use of BUG_ON macro recipients (to): ["davem@davemloft.net" "davem@davemloft.net" "hariprasad.kelam@gmail.com" "herbert@gondor.apana.org.au" "netdev@vger.kernel.org" "steffen.klassert@secunet.com"] recipients (cc): ["linux-kernel@vger.kernel.org"] crash: general protection fault in batadv_iv_ogm_queue_add kasan: CONFIG_KASAN_INLINE enabled kasan: GPF could be caused by NULL-ptr deref or user memory access general protection fault: 0000 [#1] PREEMPT SMP KASAN CPU: 0 PID: 7 Comm: kworker/u4:0 Not tainted 5.2.0-rc3-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: bat_events batadv_iv_send_outstanding_bat_ogm_packet RIP: 0010:batadv_iv_ogm_queue_add+0x9b/0xe50 net/batman-adv/bat_iv_ogm.c:599 Code: 44 89 8d 64 ff ff ff c7 02 f1 f1 f1 f1 c7 42 04 04 f2 f2 f2 48 89 fa 65 48 8b 0c 25 28 00 00 00 48 89 4d d0 31 c9 48 c1 ea 03 <0f> b6 04 02 48 89 fa 83 e2 07 38 d0 7f 08 84 c0 0f 85 99 0b 00 00 RSP: 0018:ffff8880a9897ac0 EFLAGS: 00010246 RAX: dffffc0000000000 RBX: ffff888094831580 RCX: 0000000000000000 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 RBP: ffff8880a9897bd8 R08: ffff88809772aa00 R09: 0000000000000001 R10: ffffed10129062b7 R11: ffff8880948315bf R12: ffff88809772aa00 R13: 0000000000000400 R14: 0000000000000000 R15: 000000000000003c FS: 0000000000000000(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f6c97cfa008 CR3: 00000000751e5000 CR4: 00000000001406f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: batadv_iv_ogm_schedule+0x79e/0xe80 net/batman-adv/bat_iv_ogm.c:791 batadv_iv_send_outstanding_bat_ogm_packet+0x4a2/0x790 net/batman-adv/bat_iv_ogm.c:1669 process_one_work+0x7b9/0x15e0 kernel/workqueue.c:2269 worker_thread+0x85/0xb60 kernel/workqueue.c:2415 kthread+0x324/0x3e0 kernel/kthread.c:255 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:352 Modules linked in: ---[ end trace 7bf5ccd3dcf10ca6 ]--- RIP: 0010:batadv_iv_ogm_queue_add+0x9b/0xe50 net/batman-adv/bat_iv_ogm.c:599 Code: 44 89 8d 64 ff ff ff c7 02 f1 f1 f1 f1 c7 42 04 04 f2 f2 f2 48 89 fa 65 48 8b 0c 25 28 00 00 00 48 89 4d d0 31 c9 48 c1 ea 03 <0f> b6 04 02 48 89 fa 83 e2 07 38 d0 7f 08 84 c0 0f 85 99 0b 00 00 RSP: 0018:ffff8880a9897ac0 EFLAGS: 00010246 RAX: dffffc0000000000 RBX: ffff888094831580 RCX: 0000000000000000 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 RBP: ffff8880a9897bd8 R08: ffff88809772aa00 R09: 0000000000000001 R10: ffffed10129062b7 R11: ffff8880948315bf R12: ffff88809772aa00 R13: 0000000000000400 R14: 0000000000000000 R15: 000000000000003c FS: 0000000000000000(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f6c97cfa008 CR3: 00000000751e5000 CR4: 00000000001406f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400