bisecting cause commit starting from 787a3b4322763284a594a5dd3680508c0bfb20b0
building syzkaller on b1ff06b2c2ed8cf870d347145ae77c54628cda8f
testing commit 787a3b4322763284a594a5dd3680508c0bfb20b0 with gcc (GCC) 8.1.0
all runs: crashed: general protection fault in rxrpc_connect_call
testing release v4.20
testing commit 8fe28cb58bcb235034b64cbbb7550a8a43fd88be with gcc (GCC) 8.1.0
all runs: crashed: general protection fault in rxrpc_connect_call
testing release v4.19
testing commit 84df9525b0c27f3ebc2ebb1864fa62a97fdedb7d with gcc (GCC) 8.1.0
all runs: OK
# git bisect start v4.20 v4.19
Bisecting: 7499 revisions left to test after this (roughly 13 steps)
[ec9c166434595382be3babf266febf876327774d] Merge tag 'mips_fixes_4.20_1' of git://git.kernel.org/pub/scm/linux/kernel/git/mips/linux
testing commit ec9c166434595382be3babf266febf876327774d with gcc (GCC) 8.1.0
all runs: crashed: general protection fault in rxrpc_connect_call
# git bisect bad ec9c166434595382be3babf266febf876327774d
Bisecting: 3252 revisions left to test after this (roughly 12 steps)
[50b825d7e87f4cff7070df6eb26390152bb29537] Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next
testing commit 50b825d7e87f4cff7070df6eb26390152bb29537 with gcc (GCC) 8.1.0
all runs: crashed: general protection fault in rxrpc_connect_call
# git bisect bad 50b825d7e87f4cff7070df6eb26390152bb29537
Bisecting: 2120 revisions left to test after this (roughly 11 steps)
[99e9acd85ccbdc8f5785f9e961d4956e96bd6aa5] Merge tag 'mlx5-updates-2018-10-17' of git://git.kernel.org/pub/scm/linux/kernel/git/saeed/linux
testing commit 99e9acd85ccbdc8f5785f9e961d4956e96bd6aa5 with gcc (GCC) 8.1.0
all runs: crashed: general protection fault in rxrpc_connect_call
# git bisect bad 99e9acd85ccbdc8f5785f9e961d4956e96bd6aa5
Bisecting: 989 revisions left to test after this (roughly 10 steps)
[d793fb46822ff7408a1767313ef6b12e811baa55] Merge tag 'wireless-drivers-next-for-davem-2018-10-02' of git://git.kernel.org/pub/scm/linux/kernel/git/kvalo/wireless-drivers-next
testing commit d793fb46822ff7408a1767313ef6b12e811baa55 with gcc (GCC) 8.1.0
all runs: OK
# git bisect good d793fb46822ff7408a1767313ef6b12e811baa55
Bisecting: 461 revisions left to test after this (roughly 9 steps)
[071a234ad744ab9a1e9c948874d5f646a2964734] Merge git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next
testing commit 071a234ad744ab9a1e9c948874d5f646a2964734 with gcc (GCC) 8.1.0
all runs: crashed: general protection fault in rxrpc_connect_call
# git bisect bad 071a234ad744ab9a1e9c948874d5f646a2964734
Bisecting: 275 revisions left to test after this (roughly 8 steps)
[5580d810560da33804053ae3bca13110c9a8d5e8] Merge tag 'mt76-for-kvalo-2018-10-05' of https://github.com/nbd168/wireless
testing commit 5580d810560da33804053ae3bca13110c9a8d5e8 with gcc (GCC) 8.1.0
all runs: OK
# git bisect good 5580d810560da33804053ae3bca13110c9a8d5e8
Bisecting: 137 revisions left to test after this (roughly 7 steps)
[b245d32c995868879f361d252f32bb8a2ca33deb] net: sched: cls_u32: keep track of knodes count in tc_u_common
testing commit b245d32c995868879f361d252f32bb8a2ca33deb with gcc (GCC) 8.1.0
all runs: crashed: general protection fault in rxrpc_connect_call
# git bisect bad b245d32c995868879f361d252f32bb8a2ca33deb
Bisecting: 68 revisions left to test after this (roughly 6 steps)
[cc5f0eb2164f9aa11fe631f8d905192e0233e262] net: Move free of fib_metrics to helper
testing commit cc5f0eb2164f9aa11fe631f8d905192e0233e262 with gcc (GCC) 8.1.0
all runs: crashed: general protection fault in rxrpc_connect_call
# git bisect bad cc5f0eb2164f9aa11fe631f8d905192e0233e262
Bisecting: 33 revisions left to test after this (roughly 5 steps)
[6a5e6b118092dfddc545d95911d66d6562f05281] Merge branch 'ieee802154-for-davem-2018-10-04' of git://git.kernel.org/pub/scm/linux/kernel/git/sschmidt/wpan-next
testing commit 6a5e6b118092dfddc545d95911d66d6562f05281 with gcc (GCC) 8.1.0
all runs: OK
# git bisect good 6a5e6b118092dfddc545d95911d66d6562f05281
Bisecting: 15 revisions left to test after this (roughly 4 steps)
[9e50727f0e710e25e9fd740c9f43f51b37757773] Merge tag 'mlx5-updates-2018-10-03' of git://git.kernel.org/pub/scm/linux/kernel/git/saeed/linux
testing commit 9e50727f0e710e25e9fd740c9f43f51b37757773 with gcc (GCC) 8.1.0
all runs: crashed: general protection fault in rxrpc_connect_call
# git bisect bad 9e50727f0e710e25e9fd740c9f43f51b37757773
Bisecting: 8 revisions left to test after this (roughly 3 steps)
[e908bcf4f1a271e7c264dcbffc5881ced8bfacee] rxrpc: Allow the reply time to be obtained on a client call
testing commit e908bcf4f1a271e7c264dcbffc5881ced8bfacee with gcc (GCC) 8.1.0
all runs: crashed: general protection fault in rxrpc_connect_call
# git bisect bad e908bcf4f1a271e7c264dcbffc5881ced8bfacee
Bisecting: 4 revisions left to test after this (roughly 2 steps)
[4c19bbdc7f7c76da14a7192072c47c3b9b582e80] afs: Always build address lists using the helper functions
testing commit 4c19bbdc7f7c76da14a7192072c47c3b9b582e80 with gcc (GCC) 8.1.0
all runs: OK
# git bisect good 4c19bbdc7f7c76da14a7192072c47c3b9b582e80
Bisecting: 2 revisions left to test after this (roughly 1 step)
[46894a13599a977ac35411b536fb3e0b2feefa95] rxrpc: Use IPv4 addresses throught the IPv6
testing commit 46894a13599a977ac35411b536fb3e0b2feefa95 with gcc (GCC) 8.1.0
all runs: crashed: general protection fault in rxrpc_connect_call
# git bisect bad 46894a13599a977ac35411b536fb3e0b2feefa95
Bisecting: 0 revisions left to test after this (roughly 0 steps)
[66be646bd9a7d50961afbf48c1d0df148e37d416] afs: Sort address lists so that they are in logical ascending order
testing commit 66be646bd9a7d50961afbf48c1d0df148e37d416 with gcc (GCC) 8.1.0
all runs: OK
# git bisect good 66be646bd9a7d50961afbf48c1d0df148e37d416
46894a13599a977ac35411b536fb3e0b2feefa95 is the first bad commit
commit 46894a13599a977ac35411b536fb3e0b2feefa95
Author: David Howells <dhowells@redhat.com>
Date:   Thu Oct 4 09:32:28 2018 +0100

    rxrpc: Use IPv4 addresses throught the IPv6
    
    AF_RXRPC opens an IPv6 socket through which to send and receive network
    packets, both IPv6 and IPv4.  It currently turns AF_INET addresses into
    AF_INET-as-AF_INET6 addresses based on an assumption that this was
    necessary; on further inspection of the code, however, it turns out that
    the IPv6 code just farms packets aimed at AF_INET addresses out to the IPv4
    code.
    
    Fix AF_RXRPC to use AF_INET addresses directly when given them.
    
    Fixes: 7b674e390e51 ("rxrpc: Fix IPv6 support")
    Signed-off-by: David Howells <dhowells@redhat.com>

:040000 040000 03ec12e91b434ee23d1557b7f3705c7c179328a2 08845a46a3e8f298f06808416c7a571c8f2e572c M	fs
:040000 040000 ac3ebeb152a3543e1546bf58ae5ff9581790cc4c a8a247dcbee26bf5acad339fea72ea0346f7e9b2 M	net
revisions tested: 17, total time: 3h1m8.472728036s (build: 1h23m1.735067131s, test: 1h33m46.933149031s)
first bad commit: 46894a13599a977ac35411b536fb3e0b2feefa95 rxrpc: Use IPv4 addresses throught the IPv6
cc: ["davem@davemloft.net" "dhowells@redhat.com" "linux-afs@lists.infradead.org" "linux-kernel@vger.kernel.org" "netdev@vger.kernel.org"]
crash: general protection fault in rxrpc_connect_call
8021q: adding VLAN 0 to HW filter on device batadv0
IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
kasan: CONFIG_KASAN_INLINE enabled
kasan: GPF could be caused by NULL-ptr deref or user memory access
IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready
general protection fault: 0000 [#1] PREEMPT SMP KASAN
CPU: 1 PID: 8752 Comm: syz-executor1 Not tainted 4.19.0-rc6+ #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1 04/01/2014
RIP: 0010:rxrpc_connect_call+0x2d8/0x51c0 net/rxrpc/conn_client.c:691
Code: 03 80 3c 18 00 0f 85 fb 45 00 00 48 8b 85 90 f7 ff ff 48 8b 18 48 b8 00 00 00 00 00 fc ff df 48 8d 7b 18 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 c8 45 00 00 48 8b 5b 18 48 8d bb f0 01 00 00 48
RSP: 0018:ffff88006d7566e0 EFLAGS: 00010206
RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 00000000006000c0
RDX: 0000000000000003 RSI: ffffffff87261128 RDI: 0000000000000018
RBP: ffff88006d756fd0 R08: ffff88007822c000 R09: ffffed000fbace89
R10: ffffed000fbace89 R11: ffff88007dd6744b R12: ffff880024568450
R13: ffff880024568460 R14: ffff880076063b48 R15: ffff88006d7574a8
FS:  0000000000000000(0000) GS:ffff88007ea00000(0063) knlGS:00000000f7fd5b40
CS:  0010 DS: 002b ES: 002b CR0: 0000000080050033
CR2: 0000000020000040 CR3: 000000007d306000 CR4: 00000000007406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
PKRU: 55555554
Call Trace:
 rxrpc_new_client_call+0xb29/0x1e10 net/rxrpc/call_object.c:290
 rxrpc_new_client_call_for_sendmsg net/rxrpc/sendmsg.c:595 [inline]
 rxrpc_do_sendmsg+0x144c/0x28b0 net/rxrpc/sendmsg.c:651
 rxrpc_sendmsg+0x2af/0x5d0 net/rxrpc/af_rxrpc.c:593
 sock_sendmsg_nosec net/socket.c:621 [inline]
 sock_sendmsg+0xd5/0x120 net/socket.c:631
 ___sys_sendmsg+0x51d/0x930 net/socket.c:2116
 __sys_sendmmsg+0x3af/0x6d0 net/socket.c:2204
 __compat_sys_sendmmsg net/compat.c:768 [inline]
 __do_compat_sys_sendmmsg net/compat.c:775 [inline]
 __se_compat_sys_sendmmsg net/compat.c:772 [inline]
 __ia32_compat_sys_sendmmsg+0x9f/0x100 net/compat.c:772
 do_syscall_32_irqs_on arch/x86/entry/common.c:326 [inline]
 do_fast_syscall_32+0x34d/0xfb2 arch/x86/entry/common.c:397
 entry_SYSENTER_compat+0x70/0x7f arch/x86/entry/entry_64_compat.S:139
RIP: 0023:0xf7fd9cb9
Code: 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 0c 24 c3 8b 1c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90
RSP: 002b:00000000f7fd50bc EFLAGS: 00000296 ORIG_RAX: 0000000000000159
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020005c00
RDX: 0000000000000001 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
Modules linked in:
---[ end trace 826a66f65200f21a ]---
RIP: 0010:rxrpc_connect_call+0x2d8/0x51c0 net/rxrpc/conn_client.c:691
Code: 03 80 3c 18 00 0f 85 fb 45 00 00 48 8b 85 90 f7 ff ff 48 8b 18 48 b8 00 00 00 00 00 fc ff df 48 8d 7b 18 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 c8 45 00 00 48 8b 5b 18 48 8d bb f0 01 00 00 48
RSP: 0018:ffff88006d7566e0 EFLAGS: 00010206
RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 00000000006000c0
RDX: 0000000000000003 RSI: ffffffff87261128 RDI: 0000000000000018
RBP: ffff88006d756fd0 R08: ffff88007822c000 R09: ffffed000fbace89
R10: ffffed000fbace89 R11: ffff88007dd6744b R12: ffff880024568450
R13: ffff880024568460 R14: ffff880076063b48 R15: ffff88006d7574a8
FS:  0000000000000000(0000) GS:ffff88007ea00000(0063) knlGS:00000000f7fd5b40
CS:  0010 DS: 002b ES: 002b CR0: 0000000080050033
CR2: 0000000000b97000 CR3: 000000007d306000 CR4: 00000000007406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
PKRU: 55555554