bisecting cause commit starting from 89695196f0ba78a17453f9616355f2ca6b293402 building syzkaller on 89bc860804252dbacb8c2bea60b9204859f4afd7 testing commit 89695196f0ba78a17453f9616355f2ca6b293402 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 527949f910a825546520b4a48b77c589371149f76d907f7d406e3e983dd8b04f run #0: OK run #1: OK run #2: OK run #3: crashed: general protection fault in llc_build_and_send_test_pkt run #4: OK run #5: OK run #6: crashed: general protection fault in llc_ui_sendmsg run #7: OK run #8: OK run #9: OK run #10: OK run #11: OK run #12: OK run #13: OK run #14: OK run #15: OK run #16: OK run #17: OK run #18: OK run #19: OK reproducer seems to be flaky testing release v5.16 testing commit df0cc57e057f18e44dac8e6c18aba47ab53202f9 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 1fd9ab6ec52dc5d6eec160897ae3403fe7938723519a9996a423afd6588ef1fc all runs: OK # git bisect start 89695196f0ba78a17453f9616355f2ca6b293402 df0cc57e057f18e44dac8e6c18aba47ab53202f9 Bisecting: 8529 revisions left to test after this (roughly 13 steps) [e1a7aa25ff45636a6c1930bf2430c8b802e93d9c] Merge tag 'scsi-misc' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi testing commit e1a7aa25ff45636a6c1930bf2430c8b802e93d9c compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 99d9bf3331f0214b688f12d4b11bc6dacebab0bceb35d47ab41f6ef9884bff2b all runs: OK # git bisect good e1a7aa25ff45636a6c1930bf2430c8b802e93d9c Bisecting: 4265 revisions left to test after this (roughly 12 steps) [cc0def5b4ed61a262b88c67e6f8ed1a70c52c568] Merge tag 'optee-fixes-for-v5.17' of git://git.linaro.org/people/jens.wiklander/linux-tee into arm/fixes testing commit cc0def5b4ed61a262b88c67e6f8ed1a70c52c568 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 7f7a8d2a0338070b4a092cae799774c53db864d1ddeb6c982d67a46f46d8c0ec all runs: OK # git bisect good cc0def5b4ed61a262b88c67e6f8ed1a70c52c568 Bisecting: 2133 revisions left to test after this (roughly 11 steps) [ee6373ddf3a974c4239f56931f5944fd289146e7] net/funeth: probing and netdev ops testing commit ee6373ddf3a974c4239f56931f5944fd289146e7 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: b06775fb64a3592618bfaf7bf7ade7a94469cfee82ab36eb2ba7e184d15c0b2b all runs: OK # git bisect good ee6373ddf3a974c4239f56931f5944fd289146e7 Bisecting: 1021 revisions left to test after this (roughly 10 steps) [1e8a3f0d2a1ef544611a7ea4a7c1512c732e0e43] Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net testing commit 1e8a3f0d2a1ef544611a7ea4a7c1512c732e0e43 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 748d893ffc1a8fb3f7c8986a16c59e65d421d982be35e979c4d77e3ff51a9e97 all runs: OK # git bisect good 1e8a3f0d2a1ef544611a7ea4a7c1512c732e0e43 Bisecting: 517 revisions left to test after this (roughly 9 steps) [770c9a3a01af178a90368a78c75eb91707c7233c] net/mlx5: Remove unused fill page array API function testing commit 770c9a3a01af178a90368a78c75eb91707c7233c compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 6cf0a92c47aefbec45a7c099268f96c47ec701045cb5ac87cfc6a785ca7cd7c2 run #0: basic kernel testing failed: BUG: program execution failed: executor NUM: exit status NUM run #1: basic kernel testing failed: WARNING in __napi_schedule run #2: basic kernel testing failed: WARNING in __napi_schedule run #3: basic kernel testing failed: WARNING in __napi_schedule run #4: basic kernel testing failed: WARNING in __napi_schedule run #5: basic kernel testing failed: WARNING in __napi_schedule run #6: basic kernel testing failed: WARNING in __napi_schedule run #7: basic kernel testing failed: WARNING in __napi_schedule run #8: basic kernel testing failed: WARNING in __napi_schedule run #9: basic kernel testing failed: WARNING in __napi_schedule run #10: basic kernel testing failed: WARNING in __napi_schedule run #11: basic kernel testing failed: WARNING in __napi_schedule run #12: basic kernel testing failed: WARNING in __napi_schedule run #13: basic kernel testing failed: WARNING in __napi_schedule run #14: basic kernel testing failed: WARNING in __napi_schedule run #15: basic kernel testing failed: WARNING in __napi_schedule run #16: basic kernel testing failed: WARNING in __napi_schedule run #17: basic kernel testing failed: WARNING in __napi_schedule run #18: basic kernel testing failed: WARNING in __napi_schedule run #19: basic kernel testing failed: WARNING in __napi_schedule # git bisect skip 770c9a3a01af178a90368a78c75eb91707c7233c Bisecting: 517 revisions left to test after this (roughly 9 steps) [fc6d01ff9ef03b66d4a3a23b46fc3c3d8cf92009] ax25: Fix NULL pointer dereferences in ax25 timers testing commit fc6d01ff9ef03b66d4a3a23b46fc3c3d8cf92009 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: f41db90227f6e5a98858e8d04d17644f5bb702fbf753954abcd7cf6a5d3ab450 run #0: basic kernel testing failed: BUG: program execution failed: executor NUM: exit status NUM run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK run #10: OK run #11: OK run #12: OK run #13: OK run #14: OK run #15: OK run #16: OK run #17: OK run #18: OK run #19: OK # git bisect good fc6d01ff9ef03b66d4a3a23b46fc3c3d8cf92009 Bisecting: 455 revisions left to test after this (roughly 9 steps) [49045b9c810cd9b4ac5f8f235ad8ef17553a00fa] Merge branch 'mediatek-next' testing commit 49045b9c810cd9b4ac5f8f235ad8ef17553a00fa compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: e414e360e203fc1e3ec1852b66715ffecdecebad2de9afa0273c45ab5a78e6d4 all runs: basic kernel testing failed: WARNING in __napi_schedule # git bisect skip 49045b9c810cd9b4ac5f8f235ad8ef17553a00fa Bisecting: 455 revisions left to test after this (roughly 9 steps) [9f01cfbf2922432668c2fd4dfc0413342aaff48b] net: sparx5: Use Switchdev fdb events for managing fdb entries testing commit 9f01cfbf2922432668c2fd4dfc0413342aaff48b compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 1ec33e5ab7186c5e569f5f4beadfc75e60e8b84ef125be4476eb36d7df5fe3c5 all runs: basic kernel testing failed: WARNING in __napi_schedule # git bisect skip 9f01cfbf2922432668c2fd4dfc0413342aaff48b Bisecting: 455 revisions left to test after this (roughly 9 steps) [aa80511a93dbab1fb362ab414acc665a319c6522] Merge branch 'net-mscc-miim-add-integrated-phy-reset-support' testing commit aa80511a93dbab1fb362ab414acc665a319c6522 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: f28a23dfd18f3e56a9b4a253be357eb1cdb309aae9721b1f6a0b09d8c981f629 all runs: OK # git bisect good aa80511a93dbab1fb362ab414acc665a319c6522 Bisecting: 89 revisions left to test after this (roughly 7 steps) [515a49173b80a4aabcbad9a4fa2a247042378ea1] ARM: rethook: Add rethook arm implementation testing commit 515a49173b80a4aabcbad9a4fa2a247042378ea1 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 93188ee78c5f934ad0427db07ef4368503b875856e096b2dc9e6a84c5ac44fdf run #0: basic kernel testing failed: BUG: program execution failed: executor NUM: exit status NUM run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK run #10: OK run #11: OK run #12: OK run #13: OK run #14: OK run #15: OK run #16: OK run #17: OK run #18: OK run #19: OK # git bisect good 515a49173b80a4aabcbad9a4fa2a247042378ea1 Bisecting: 44 revisions left to test after this (roughly 6 steps) [e1cc1f39981b06ba22a0c92e800e9fd8ba59d2d3] selftests/bpf: Test skipping stacktrace testing commit e1cc1f39981b06ba22a0c92e800e9fd8ba59d2d3 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 71c24beafa7c8aec654f038ee5741030986467fd979a934078e75da73c816be1 all runs: boot failed: KASAN: null-ptr-deref Write in register_btf_kfunc_id_set # git bisect skip e1cc1f39981b06ba22a0c92e800e9fd8ba59d2d3 Bisecting: 44 revisions left to test after this (roughly 6 steps) [a911ad18a56aeecf87a098ad1cdc4de91d7f60de] net: bridge: mst: Restrict info size queries to bridge ports testing commit a911ad18a56aeecf87a098ad1cdc4de91d7f60de compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 5a3444b5fe559b92727d63070285f880195ce11d0d646e09b9aeb7f319cf89ab all runs: OK # git bisect good a911ad18a56aeecf87a098ad1cdc4de91d7f60de Bisecting: 6 revisions left to test after this (roughly 3 steps) [6a7d8cff4a3301087dd139293e9bddcf63827282] tipc: fix the timer expires after interval 100ms testing commit 6a7d8cff4a3301087dd139293e9bddcf63827282 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 86bcc7a0290b4faddc39ce838572f066ed40d9109227754f6a39e9554d4b97f8 all runs: OK # git bisect good 6a7d8cff4a3301087dd139293e9bddcf63827282 Bisecting: 3 revisions left to test after this (roughly 2 steps) [764f4eb6846f5475f1244767d24d25dd86528a4a] llc: fix netdevice reference leaks in llc_ui_bind() testing commit 764f4eb6846f5475f1244767d24d25dd86528a4a compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 601bdcb162a064314098944c88a520d3aabee9455c6488be2c4e377360e79715 run #0: basic kernel testing failed: BUG: program execution failed: executor NUM: exit status NUM run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: crashed: general protection fault in llc_build_and_send_test_pkt run #9: OK run #10: OK run #11: crashed: general protection fault in llc_build_and_send_test_pkt run #12: OK run #13: OK run #14: OK run #15: OK run #16: OK run #17: OK run #18: OK run #19: OK # git bisect bad 764f4eb6846f5475f1244767d24d25dd86528a4a Bisecting: 1 revision left to test after this (roughly 1 step) [054d5575cd6ed2792611a7cbb8c88663cc873780] net/sched: fix incorrect vlan_push_eth dest field testing commit 054d5575cd6ed2792611a7cbb8c88663cc873780 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: dde47c61e82907c0ae905b8ac259118fed1ceccb4b623512ee1fb634977ab836 all runs: OK # git bisect good 054d5575cd6ed2792611a7cbb8c88663cc873780 Bisecting: 0 revisions left to test after this (roughly 0 steps) [2844e2434385819f674d1fb4130c308c50ba681e] drivers: ethernet: cpsw: fix panic when interrupt coaleceing is set via ethtool testing commit 2844e2434385819f674d1fb4130c308c50ba681e compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 44f8a7b0fb23f219d2217543a8877c7527ce34580226c7edcf9b4f766c02179f all runs: OK # git bisect good 2844e2434385819f674d1fb4130c308c50ba681e 764f4eb6846f5475f1244767d24d25dd86528a4a is the first bad commit commit 764f4eb6846f5475f1244767d24d25dd86528a4a Author: Eric Dumazet Date: Tue Mar 22 17:41:47 2022 -0700 llc: fix netdevice reference leaks in llc_ui_bind() Whenever llc_ui_bind() and/or llc_ui_autobind() took a reference on a netdevice but subsequently fail, they must properly release their reference or risk the infamous message from unregister_netdevice() at device dismantle. unregister_netdevice: waiting for eth0 to become free. Usage count = 3 Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Signed-off-by: Eric Dumazet Reported-by: 赵子轩 Reported-by: Stoyan Manolov Link: https://lore.kernel.org/r/20220323004147.1990845-1-eric.dumazet@gmail.com Signed-off-by: Jakub Kicinski net/llc/af_llc.c | 8 ++++++++ 1 file changed, 8 insertions(+) culprit signature: 601bdcb162a064314098944c88a520d3aabee9455c6488be2c4e377360e79715 parent signature: 44f8a7b0fb23f219d2217543a8877c7527ce34580226c7edcf9b4f766c02179f Reproducer flagged being flaky revisions tested: 18, total time: 3h30m46.407126978s (build: 1h50m15.426325115s, test: 1h38m40.691341332s) first bad commit: 764f4eb6846f5475f1244767d24d25dd86528a4a llc: fix netdevice reference leaks in llc_ui_bind() recipients (to): ["davem@davemloft.net" "edumazet@google.com" "kuba@kernel.org" "kuba@kernel.org" "linux-kernel@vger.kernel.org"] recipients (cc): ["netdev@vger.kernel.org" "paskripkin@gmail.com" "yajun.deng@linux.dev"] crash: general protection fault in llc_build_and_send_test_pkt general protection fault, probably for non-canonical address 0xdffffc0000000070: 0000 [#1] PREEMPT SMP KASAN KASAN: null-ptr-deref in range [0x0000000000000380-0x0000000000000387] CPU: 0 PID: 11102 Comm: syz-executor357 Not tainted 5.17.0-rc8-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:llc_build_and_send_test_pkt+0xd3/0x200 net/llc/llc_sap.c:238 Code: 48 c1 ea 03 80 3c 02 00 0f 85 3a 01 00 00 48 b8 00 00 00 00 00 fc ff df 48 8b 5d 10 48 8d bb 80 03 00 00 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 0a 01 00 00 48 8b b3 80 03 00 00 48 8d 7d 2e ba RSP: 0018:ffffc9000c0278a8 EFLAGS: 00010202 RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 0000000000000002 RDX: 0000000000000070 RSI: ffff888020e63a00 RDI: 0000000000000380 RBP: ffff888020e63a00 R08: ffff88801bae950c R09: 0000000000000000 R10: 0000000000000001 R11: 0000000000000001 R12: ffff88801baef000 R13: ffff88801bae9510 R14: 0000000000000000 R15: ffffc9000c027d70 FS: 00007effeb15f700(0000) GS:ffff8880b9e00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007effeb9fb9e0 CR3: 000000007e16a000 CR4: 00000000003506f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: llc_ui_sendmsg+0x8d7/0xf20 net/llc/af_llc.c:973 sock_sendmsg_nosec net/socket.c:705 [inline] sock_sendmsg+0xab/0xe0 net/socket.c:725 ____sys_sendmsg+0x392/0x7a0 net/socket.c:2413 ___sys_sendmsg+0xd3/0x150 net/socket.c:2467 __sys_sendmmsg+0x141/0x310 net/socket.c:2553 __do_sys_sendmmsg net/socket.c:2582 [inline] __se_sys_sendmmsg net/socket.c:2579 [inline] __x64_sys_sendmmsg+0x94/0x100 net/socket.c:2579 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7effeb9b4359 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 16 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007effeb15f2e8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 RAX: ffffffffffffffda RBX: 00007effeba3e4c0 RCX: 00007effeb9b4359 RDX: 03fffffffffffeed RSI: 0000000020001380 RDI: 0000000000000004 RBP: 00007effeba3e4cc R08: 0000000000000000 R09: 0000000000000000 R10: 000000001f000000 R11: 0000000000000246 R12: 0000000000000003 R13: 0000000000000004 R14: 00007effeb15f6b8 R15: 00007effeba3e4c8 Modules linked in: ---[ end trace 0000000000000000 ]--- RIP: 0010:llc_build_and_send_test_pkt+0xd3/0x200 net/llc/llc_sap.c:238 Code: 48 c1 ea 03 80 3c 02 00 0f 85 3a 01 00 00 48 b8 00 00 00 00 00 fc ff df 48 8b 5d 10 48 8d bb 80 03 00 00 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 0a 01 00 00 48 8b b3 80 03 00 00 48 8d 7d 2e ba RSP: 0018:ffffc9000c0278a8 EFLAGS: 00010202 RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 0000000000000002 RDX: 0000000000000070 RSI: ffff888020e63a00 RDI: 0000000000000380 RBP: ffff888020e63a00 R08: ffff88801bae950c R09: 0000000000000000 R10: 0000000000000001 R11: 0000000000000001 R12: ffff88801baef000 R13: ffff88801bae9510 R14: 0000000000000000 R15: ffffc9000c027d70 FS: 00007effeb15f700(0000) GS:ffff8880b9f00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000056270ecf5000 CR3: 000000007e16a000 CR4: 00000000003506e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 ---------------- Code disassembly (best guess): 0: 48 c1 ea 03 shr $0x3,%rdx 4: 80 3c 02 00 cmpb $0x0,(%rdx,%rax,1) 8: 0f 85 3a 01 00 00 jne 0x148 e: 48 b8 00 00 00 00 00 movabs $0xdffffc0000000000,%rax 15: fc ff df 18: 48 8b 5d 10 mov 0x10(%rbp),%rbx 1c: 48 8d bb 80 03 00 00 lea 0x380(%rbx),%rdi 23: 48 89 fa mov %rdi,%rdx 26: 48 c1 ea 03 shr $0x3,%rdx * 2a: 80 3c 02 00 cmpb $0x0,(%rdx,%rax,1) <-- trapping instruction 2e: 0f 85 0a 01 00 00 jne 0x13e 34: 48 8b b3 80 03 00 00 mov 0x380(%rbx),%rsi 3b: 48 8d 7d 2e lea 0x2e(%rbp),%rdi 3f: ba .byte 0xba