bisecting cause commit starting from c578ddb39e565139897124e74e5a43e56538cb33 building syzkaller on 2e44d63e401ead7d7928c95a30d243b2de1a243b testing commit c578ddb39e565139897124e74e5a43e56538cb33 with gcc (GCC) 8.1.0 kernel signature: a683963f70d90fe053f6d76c96b86ac0f4873e0e7b3ade8f4c83bb38fd53e336 all runs: crashed: general protection fault in fq_codel_enqueue testing release v5.6 testing commit 7111951b8d4973bda27ff663f2cf18b663d15b48 with gcc (GCC) 8.1.0 kernel signature: 8f5eba7c0b3979ee24bd5bc79c19fbe99178d6215011fbdb2db5c47f9d81ad17 all runs: crashed: general protection fault in fq_codel_enqueue testing release v5.5 testing commit d5226fa6dbae0569ee43ecfc08bdcd6770fc4755 with gcc (GCC) 8.1.0 kernel signature: 250c47d9cbc797ce88fcd8a0eff89b33fcf28902c0b6f376d1db1a35ee8fdffc all runs: crashed: general protection fault in fq_codel_enqueue testing release v5.4 testing commit 219d54332a09e8d8741c1e1982f5eae56099de85 with gcc (GCC) 8.1.0 kernel signature: 19aac5166a6989a87005c92da72c3eb4443f94163e5264d7a4c280f01596a0cb all runs: crashed: general protection fault in fq_codel_enqueue testing release v5.3 testing commit 4d856f72c10ecb060868ed10ff1b1453943fc6c8 with gcc (GCC) 8.1.0 kernel signature: 85884c322780b3b8fb21afc98bc71bfb0a175ea762460c5c6ed95f328b6977ac all runs: crashed: general protection fault in fq_codel_enqueue testing release v5.2 testing commit 0ecfebd2b52404ae0c54a878c872bb93363ada36 with gcc (GCC) 8.1.0 kernel signature: ea62aa18b42d25c28d852d093c4b6d56037d9f7232ffaa279da69ac5abdc7be9 all runs: crashed: general protection fault in fq_codel_enqueue testing release v5.1 testing commit e93c9c99a629c61837d5a7fc2120cd2b6c70dbdd with gcc (GCC) 8.1.0 kernel signature: 8507d80a8ea28809a2f0e01fd561ebf32b6af5e3a073d7ac72fa86504f4b3836 all runs: crashed: general protection fault in fq_codel_enqueue testing release v5.0 testing commit 1c163f4c7b3f621efff9b28a47abb36f7378d783 with gcc (GCC) 8.1.0 kernel signature: c046d80cb8d9d86eacdace072b7cf4096fe3bf1259b74faf9fe47630ec0d8363 run #0: crashed: general protection fault in fq_codel_enqueue run #1: crashed: general protection fault in fq_codel_enqueue run #2: crashed: general protection fault in fq_codel_enqueue run #3: crashed: general protection fault in fq_codel_enqueue run #4: crashed: general protection fault in fq_codel_enqueue run #5: crashed: general protection fault in corrupted run #6: crashed: general protection fault in corrupted run #7: crashed: general protection fault in corrupted run #8: crashed: general protection fault in fq_codel_enqueue run #9: crashed: general protection fault in fq_codel_enqueue testing release v4.20 testing commit 8fe28cb58bcb235034b64cbbb7550a8a43fd88be with gcc (GCC) 8.1.0 kernel signature: 4b61576c90d63e437c3418fdc123aa8b857a26f42792dfb5ce67e32803fa2c70 run #0: crashed: general protection fault in fq_codel_enqueue run #1: crashed: general protection fault in fq_codel_enqueue run #2: crashed: general protection fault in corrupted run #3: crashed: general protection fault in fq_codel_enqueue run #4: crashed: general protection fault in fq_codel_enqueue run #5: crashed: general protection fault in fq_codel_enqueue run #6: crashed: general protection fault in fq_codel_enqueue run #7: crashed: general protection fault in fq_codel_enqueue run #8: crashed: general protection fault in fq_codel_enqueue run #9: crashed: general protection fault in fq_codel_enqueue testing release v4.19 testing commit 84df9525b0c27f3ebc2ebb1864fa62a97fdedb7d with gcc (GCC) 8.1.0 kernel signature: bb574f75d6336290504ccfe020d89df37db9f659ab286961ea4da12473b5eba3 all runs: crashed: general protection fault in fq_codel_enqueue testing release v4.18 testing commit 94710cac0ef4ee177a63b5227664b38c95bbf703 with gcc (GCC) 8.1.0 kernel signature: a326753728e42e5ef8bc493559dd32a5c417240e7cecef118da08403802db925 run #0: OK run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: crashed: general protection fault in batadv_iv_ogm_queue_add testing release v4.17 testing commit 29dcea88779c856c7dc92040a0c01233263101d4 with gcc (GCC) 8.1.0 kernel signature: 519252751130aca55739802d0c1a62916762ffe69710ee6f442e85404686a967 all runs: OK # git bisect start 94710cac0ef4ee177a63b5227664b38c95bbf703 29dcea88779c856c7dc92040a0c01233263101d4 Bisecting: 7032 revisions left to test after this (roughly 13 steps) [3036bc45364f98515a2c446d7fac2c34dcfbeff4] Merge tag 'media/v4.18-2' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media testing commit 3036bc45364f98515a2c446d7fac2c34dcfbeff4 with gcc (GCC) 8.1.0 kernel signature: 7b88ca9ff0aad06cab05b6e69acf0ec449b1d6929ef2452684c6e2f2045bb083 run #0: crashed: KASAN: use-after-free Write in call_usermodehelper_exec_work run #1: OK run #2: OK run #3: OK run #4: OK run #5: crashed: general protection fault in batadv_iv_ogm_queue_add run #6: boot failed: KASAN: use-after-free Write in call_usermodehelper_exec_work run #7: boot failed: KASAN: use-after-free Write in call_usermodehelper_exec_work run #8: boot failed: KASAN: use-after-free Write in call_usermodehelper_exec_work run #9: boot failed: KASAN: use-after-free Write in call_usermodehelper_exec_work # git bisect bad 3036bc45364f98515a2c446d7fac2c34dcfbeff4 Bisecting: 3644 revisions left to test after this (roughly 12 steps) [135c5504a600ff9b06e321694fbcac78a9530cd4] Merge tag 'drm-next-2018-06-06-1' of git://anongit.freedesktop.org/drm/drm testing commit 135c5504a600ff9b06e321694fbcac78a9530cd4 with gcc (GCC) 8.1.0 kernel signature: b00c1d1f9211b511516c8c7f5aaa964b96ff709e7d37818405cde78f951b320f all runs: OK # git bisect good 135c5504a600ff9b06e321694fbcac78a9530cd4 Bisecting: 1830 revisions left to test after this (roughly 11 steps) [f39c6b29ae1d3727d9c65a4ab99d5150b558be5e] Merge tag 'mlx5e-updates-2018-06-01' of git://git.kernel.org/pub/scm/linux/kernel/git/saeed/linux testing commit f39c6b29ae1d3727d9c65a4ab99d5150b558be5e with gcc (GCC) 8.1.0 kernel signature: 4750e768dd515ee72fd5b374b2177eb1040d49c297cf788e52598f56427503b8 run #0: OK run #1: OK run #2: OK run #3: OK run #4: boot failed: KASAN: use-after-free Write in call_usermodehelper_exec_work run #5: boot failed: KASAN: use-after-free Write in call_usermodehelper_exec_work run #6: boot failed: KASAN: use-after-free Write in call_usermodehelper_exec_work run #7: boot failed: KASAN: use-after-free Write in call_usermodehelper_exec_work run #8: boot failed: KASAN: use-after-free Write in call_usermodehelper_exec_work run #9: boot failed: KASAN: use-after-free Write in call_usermodehelper_exec_work # git bisect good f39c6b29ae1d3727d9c65a4ab99d5150b558be5e Bisecting: 773 revisions left to test after this (roughly 10 steps) [1c8c5a9d38f607c0b6fd12c91cbe1a4418762a21] Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next testing commit 1c8c5a9d38f607c0b6fd12c91cbe1a4418762a21 with gcc (GCC) 8.1.0 kernel signature: a7df988871a1293bf8fe30d91c1f1220255cff4005a54e1cbc8f96be0f500f66 run #0: crashed: KASAN: use-after-free Write in call_usermodehelper_exec_work run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: boot failed: KASAN: use-after-free Write in call_usermodehelper_exec_work run #7: boot failed: KASAN: use-after-free Write in call_usermodehelper_exec_work run #8: boot failed: KASAN: use-after-free Write in call_usermodehelper_exec_work run #9: boot failed: KASAN: use-after-free Write in call_usermodehelper_exec_work # git bisect bad 1c8c5a9d38f607c0b6fd12c91cbe1a4418762a21 Bisecting: 544 revisions left to test after this (roughly 9 steps) [ca95bf62fcf528a0d8069731d39303ba43fb9af4] Merge tag 'linux-kselftest-4.18-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/shuah/linux-kselftest testing commit ca95bf62fcf528a0d8069731d39303ba43fb9af4 with gcc (GCC) 8.1.0 kernel signature: 91e04fbf494eb1938c78f29c15971577e786353194345f7b2c1b78821b493ffc all runs: OK # git bisect good ca95bf62fcf528a0d8069731d39303ba43fb9af4 Bisecting: 272 revisions left to test after this (roughly 8 steps) [e783bb00ad86d9d1f01d9d3a750713070036358e] ipmr: fix error path when ipmr_new_table fails testing commit e783bb00ad86d9d1f01d9d3a750713070036358e with gcc (GCC) 8.1.0 kernel signature: c6504b4a216064a091e22f88b8722667bd3fc308b662262c367737a5985d394c run #0: OK run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: boot failed: KASAN: use-after-free Write in call_usermodehelper_exec_work run #8: boot failed: KASAN: use-after-free Write in call_usermodehelper_exec_work run #9: boot failed: KASAN: use-after-free Write in call_usermodehelper_exec_work # git bisect good e783bb00ad86d9d1f01d9d3a750713070036358e Bisecting: 134 revisions left to test after this (roughly 7 steps) [8b5c6a3a49d9ebc7dc288870b9c56c4f946035d8] Merge tag 'audit-pr-20180605' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/audit testing commit 8b5c6a3a49d9ebc7dc288870b9c56c4f946035d8 with gcc (GCC) 8.1.0 kernel signature: c7c1283792531c642821e0a0e6845b3a7b8474c2b065518f01ce89fe8fdd94bd all runs: OK # git bisect good 8b5c6a3a49d9ebc7dc288870b9c56c4f946035d8 Bisecting: 67 revisions left to test after this (roughly 6 steps) [763ea096f3cf312608317fb1027d509cfd1efc16] i40e: remove ndo_xdp_flush call i40e_xdp_flush testing commit 763ea096f3cf312608317fb1027d509cfd1efc16 with gcc (GCC) 8.1.0 kernel signature: d5fd6e8384cce065f6893b3866ea878e5f18eb4034c6b7d10b06d7eddfcc5d4b run #0: basic kernel testing failed: KASAN: use-after-free Write in call_usermodehelper_exec_work run #1: basic kernel testing failed: timed out run #2: basic kernel testing failed: timed out run #3: basic kernel testing failed: timed out run #4: OK run #5: OK run #6: OK run #7: boot failed: KASAN: use-after-free Write in call_usermodehelper_exec_work run #8: boot failed: KASAN: use-after-free Write in call_usermodehelper_exec_work run #9: boot failed: KASAN: use-after-free Write in call_usermodehelper_exec_work # git bisect skip 763ea096f3cf312608317fb1027d509cfd1efc16 Bisecting: 67 revisions left to test after this (roughly 6 steps) [3dd8095368475a9538895ce757b63dd311e58fe8] tracing: Add trigger file for trace_markers tracefs/ftrace/print testing commit 3dd8095368475a9538895ce757b63dd311e58fe8 with gcc (GCC) 8.1.0 kernel signature: 7395ec7664e71f020a284e426f091b20a4689ed6773c2ecbbe72c986adec9bcf all runs: OK # git bisect good 3dd8095368475a9538895ce757b63dd311e58fe8 Bisecting: 62 revisions left to test after this (roughly 6 steps) [34ea38ca27991466a8fff849514b4181b42ae2eb] bpf: guard bpf_get_current_cgroup_id() with CONFIG_CGROUPS testing commit 34ea38ca27991466a8fff849514b4181b42ae2eb with gcc (GCC) 8.1.0 kernel signature: 6011ddef633bf94f3c8674c8de4cda7d01e160da10e827de03d68470e8ed5b75 run #0: OK run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: boot failed: KASAN: use-after-free Write in call_usermodehelper_exec_work run #8: boot failed: KASAN: use-after-free Write in call_usermodehelper_exec_work run #9: boot failed: KASAN: use-after-free Write in call_usermodehelper_exec_work # git bisect good 34ea38ca27991466a8fff849514b4181b42ae2eb Bisecting: 31 revisions left to test after this (roughly 5 steps) [6444e2a5f1e680278b58ced3568bdff84afe14a5] net: hns3: Fix for VF mailbox receiving unknown message testing commit 6444e2a5f1e680278b58ced3568bdff84afe14a5 with gcc (GCC) 8.1.0 kernel signature: f364cfd8f560b81abc773ed6a574ee3bc460ad280dfe75826567b0ab5ef3f268 run #0: OK run #1: OK run #2: OK run #3: OK run #4: boot failed: KASAN: use-after-free Write in call_usermodehelper_exec_work run #5: boot failed: KASAN: use-after-free Write in call_usermodehelper_exec_work run #6: boot failed: KASAN: use-after-free Write in call_usermodehelper_exec_work run #7: boot failed: KASAN: use-after-free Write in call_usermodehelper_exec_work run #8: boot failed: KASAN: use-after-free Write in call_usermodehelper_exec_work run #9: boot failed: KASAN: use-after-free Write in call_usermodehelper_exec_work # git bisect good 6444e2a5f1e680278b58ced3568bdff84afe14a5 Bisecting: 17 revisions left to test after this (roughly 4 steps) [5eb6eed7e0fe880dc8de8da203cc888716bbf196] Merge tag 'trace-v4.18' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace testing commit 5eb6eed7e0fe880dc8de8da203cc888716bbf196 with gcc (GCC) 8.1.0 kernel signature: 590db0b6a31fa8d5d891c6ed5dcd95eafbb8805797740e6374ea1fcea4d9df13 all runs: OK # git bisect good 5eb6eed7e0fe880dc8de8da203cc888716bbf196 Bisecting: 8 revisions left to test after this (roughly 3 steps) [2509b561f7c6599907c08cb364c86b8c45466e4f] device: Use overflow helpers for devm_kmalloc() testing commit 2509b561f7c6599907c08cb364c86b8c45466e4f with gcc (GCC) 8.1.0 kernel signature: e949e8fe9f2e92fa345827da49a34362c4f3d371aed222b50967a49b2f13c4d3 all runs: OK # git bisect good 2509b561f7c6599907c08cb364c86b8c45466e4f Bisecting: 4 revisions left to test after this (roughly 2 steps) [285767604576148fc1be7fcd112e4a90eb0d6ad2] Merge tag 'overflow-v4.18-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux testing commit 285767604576148fc1be7fcd112e4a90eb0d6ad2 with gcc (GCC) 8.1.0 kernel signature: 184c45fe2b746e7b24c11f4755ee1939d159ccc152231eacaa1b3606851c08fb all runs: OK # git bisect good 285767604576148fc1be7fcd112e4a90eb0d6ad2 Bisecting: 2 revisions left to test after this (roughly 1 step) [96a3c9a4896d752f2ad06c3b7f6b303cd5b93df0] Merge branch 'hns3-next' testing commit 96a3c9a4896d752f2ad06c3b7f6b303cd5b93df0 with gcc (GCC) 8.1.0 kernel signature: 3273e791ae16d42da89a7bce508db983ad3d6332f03bc4dd54fe319bf1581a86 run #0: OK run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: boot failed: KASAN: use-after-free Write in call_usermodehelper_exec_work run #9: boot failed: KASAN: use-after-free Write in call_usermodehelper_exec_work # git bisect good 96a3c9a4896d752f2ad06c3b7f6b303cd5b93df0 Bisecting: 0 revisions left to test after this (roughly 1 step) [7170e6045a6a8b33f4fa5753589dc77b16198e2d] strparser: Add __strp_unpause and use it in ktls. testing commit 7170e6045a6a8b33f4fa5753589dc77b16198e2d with gcc (GCC) 8.1.0 kernel signature: e470a82e97ce3ce3e9d2bc06625939797ed0d75b92f8be0d278cd533b344d889 run #0: OK run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: crashed: general protection fault in batadv_iv_ogm_queue_add run #9: boot failed: KASAN: use-after-free Write in call_usermodehelper_exec_work # git bisect bad 7170e6045a6a8b33f4fa5753589dc77b16198e2d Bisecting: 0 revisions left to test after this (roughly 0 steps) [fb1967a69f756073362b8f19347f863f227320ad] rxrpc: Fix terminal retransmission connection ID to include the channel testing commit fb1967a69f756073362b8f19347f863f227320ad with gcc (GCC) 8.1.0 kernel signature: 118a9415a3d424d1a105a478d6faa690c651263edcbd22ec3bcdabb772c469a7 run #0: OK run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: boot failed: KASAN: use-after-free Write in call_usermodehelper_exec_work # git bisect good fb1967a69f756073362b8f19347f863f227320ad 7170e6045a6a8b33f4fa5753589dc77b16198e2d is the first bad commit commit 7170e6045a6a8b33f4fa5753589dc77b16198e2d Author: Doron Roberts-Kedes Date: Wed Jun 6 09:33:28 2018 -0700 strparser: Add __strp_unpause and use it in ktls. strp_unpause queues strp_work in order to parse any messages that arrived while the strparser was paused. However, the process invoking strp_unpause could eagerly parse a buffered message itself if it held the sock lock. __strp_unpause is an alternative to strp_pause that avoids the scheduling overhead that results when a receiving thread unpauses the strparser and waits for the next message to be delivered by the workqueue thread. This patch more than doubled the IOPS achieved in a benchmark of NBD traffic encrypted using ktls. Signed-off-by: Doron Roberts-Kedes Signed-off-by: David S. Miller include/net/strparser.h | 2 ++ net/strparser/strparser.c | 13 +++++++++++++ net/tls/tls_sw.c | 2 +- 3 files changed, 16 insertions(+), 1 deletion(-) culprit signature: e470a82e97ce3ce3e9d2bc06625939797ed0d75b92f8be0d278cd533b344d889 parent signature: 118a9415a3d424d1a105a478d6faa690c651263edcbd22ec3bcdabb772c469a7 revisions tested: 29, total time: 6h47m23.367368026s (build: 2h49m25.999511258s, test: 3h55m17.576031453s) first bad commit: 7170e6045a6a8b33f4fa5753589dc77b16198e2d strparser: Add __strp_unpause and use it in ktls. cc: ["aviadye@mellanox.com" "davejwatson@fb.com" "davem@davemloft.net" "doronrk@fb.com" "linux-kernel@vger.kernel.org" "netdev@vger.kernel.org"] crash: general protection fault in batadv_iv_ogm_queue_add bridge0: port 1(bridge_slave_0) entered disabled state batman_adv: batadv0: Interface deactivated: batadv_slave_0 batman_adv: batadv0: Removing interface: batadv_slave_0 kasan: CONFIG_KASAN_INLINE enabled kasan: GPF could be caused by NULL-ptr deref or user memory access general protection fault: 0000 [#1] PREEMPT SMP KASAN Modules linked in: CPU: 1 PID: 778 Comm: kworker/u4:0 Not tainted 4.17.0-rc7-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: bat_events batadv_iv_send_outstanding_bat_ogm_packet RIP: 0010:batadv_iv_ogm_queue_add+0x9b/0xe50 net/batman-adv/bat_iv_ogm.c:785 RSP: 0018:ffff8800a0eefaa8 EFLAGS: 00010246 RAX: dffffc0000000000 RBX: ffff88009bf69640 RCX: 0000000000000000 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 RBP: ffff8800a0eefbc0 R08: ffff8800a727dac0 R09: 0000000000000001 R10: ffffed00141ddf8f R11: 0000000000000003 R12: ffff8800a727dac0 R13: dffffc0000000000 R14: ffffed0014e4fb66 R15: 000000000000003c FS: 0000000000000000(0000) GS:ffff8800aed00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f3e09814000 CR3: 00000000a12a8000 CR4: 00000000001406e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: batadv_iv_ogm_schedule+0xb7e/0xf30 net/batman-adv/bat_iv_ogm.c:989 batadv_iv_send_outstanding_bat_ogm_packet+0x4b2/0x7b0 net/batman-adv/bat_iv_ogm.c:1817 process_one_work+0x780/0x1570 kernel/workqueue.c:2145 worker_thread+0xd0/0xc00 kernel/workqueue.c:2279 kthread+0x316/0x3d0 kernel/kthread.c:240 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:412 Code: ff 44 89 8d 64 ff ff ff c7 02 f1 f1 f1 f1 c7 42 04 04 f2 f2 f2 48 89 fa 65 48 8b 0c 25 28 00 00 00 48 89 4d d0 31 c9 48 c1 ea 03 <0f> b6 04 02 48 89 fa 83 e2 07 38 d0 7f 08 84 c0 0f 85 99 0b 00 RIP: batadv_iv_ogm_queue_add+0x9b/0xe50 net/batman-adv/bat_iv_ogm.c:785 RSP: ffff8800a0eefaa8 ---[ end trace e5b3e9643a285bee ]---