bisecting cause commit starting from f989d546a2d5a9f001f6f8be49d98c10ab9b1897
building syzkaller on 35b8eb3041516c17ae2eb3b09a33b7429ade33d3
testing commit f989d546a2d5a9f001f6f8be49d98c10ab9b1897 with gcc (GCC) 8.1.0
kernel signature: d29130a8d51bbb170f560525cb7635c42a21820c0ad5001c3d949e92e540ad5a
all runs: crashed: general protection fault in erspan_validate
testing release v5.6
testing commit 7111951b8d4973bda27ff663f2cf18b663d15b48 with gcc (GCC) 8.1.0
kernel signature: 357036e4179d3656d0ca8faf439373a7a03af6456a05e62a95f1697322ed2861
all runs: OK
# git bisect start f989d546a2d5a9f001f6f8be49d98c10ab9b1897 7111951b8d4973bda27ff663f2cf18b663d15b48
Bisecting: 6980 revisions left to test after this (roughly 13 steps)
[f365ab31efacb70bed1e821f7435626e0b2528a6] Merge tag 'drm-next-2020-04-01' of git://anongit.freedesktop.org/drm/drm
testing commit f365ab31efacb70bed1e821f7435626e0b2528a6 with gcc (GCC) 8.1.0
kernel signature: c299e75dfeeb1b4a9e229b9bc5937e5e56dd279dd3386d4a8a48290bd75d9073
all runs: OK
# git bisect good f365ab31efacb70bed1e821f7435626e0b2528a6
Bisecting: 3487 revisions left to test after this (roughly 12 steps)
[83eb69f3b80f7cf2ca6357fb9c23adc48632a0e3] Merge branch 'work.exfat' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
testing commit 83eb69f3b80f7cf2ca6357fb9c23adc48632a0e3 with gcc (GCC) 8.1.0
kernel signature: 1be7f43db593e51960ae4385e15e02f896184c38344b35f2741ae1fd8642b65e
all runs: OK
# git bisect good 83eb69f3b80f7cf2ca6357fb9c23adc48632a0e3
Bisecting: 1743 revisions left to test after this (roughly 11 steps)
[ca6151a9788e2cbb1a7b5d320dcf4f16a3b64477] Merge tag 'docs-5.7-2' of git://git.lwn.net/linux
testing commit ca6151a9788e2cbb1a7b5d320dcf4f16a3b64477 with gcc (GCC) 8.1.0
kernel signature: 7eb1d5c8860bbe05be5c6b0c6ca6310f2e5061763f55f0d89cc151243971bfee
all runs: OK
# git bisect good ca6151a9788e2cbb1a7b5d320dcf4f16a3b64477
Bisecting: 872 revisions left to test after this (roughly 10 steps)
[9b3e59e3deccef70afece5e6484a324cbc126bcd] Merge tag 'objtool-urgent-2020-04-25' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
testing commit 9b3e59e3deccef70afece5e6484a324cbc126bcd with gcc (GCC) 8.1.0
kernel signature: b7b1bf715c0670f86bd0b56e011b2cb6dac3d53453bea9d524bebd1b0564c848
all runs: OK
# git bisect good 9b3e59e3deccef70afece5e6484a324cbc126bcd
Bisecting: 436 revisions left to test after this (roughly 9 steps)
[a6b93e6555a6ecd0d08b0383ea4d93d09a168187] docs: networking: convert ltpc.txt to ReST
testing commit a6b93e6555a6ecd0d08b0383ea4d93d09a168187 with gcc (GCC) 8.1.0
kernel signature: 8a60e88c98ae64ec2e6f41bf29ef82b7585aef75a87400c0524ed97b94df458c
all runs: OK
# git bisect good a6b93e6555a6ecd0d08b0383ea4d93d09a168187
Bisecting: 218 revisions left to test after this (roughly 8 steps)
[c1be0bf092bd292ee617622c116f5981a34cce96] net: atlantic: common functions needed for basic A2 init/deinit hw_ops
testing commit c1be0bf092bd292ee617622c116f5981a34cce96 with gcc (GCC) 8.1.0
kernel signature: 79a53034f46f6d0d5376802957a912a62ef51f2ae7c8bd2dd419768464907883
all runs: OK
# git bisect good c1be0bf092bd292ee617622c116f5981a34cce96
Bisecting: 108 revisions left to test after this (roughly 7 steps)
[5889a62b93bd577ace12adace5743e6929bd1dce] Merge branch 'sch_fq-optimizations'
testing commit 5889a62b93bd577ace12adace5743e6929bd1dce with gcc (GCC) 8.1.0
kernel signature: 7c8be17fb1e33210dfda6726ef5335cadaf6d037f6112ff3dedaeb0c150de1bc
all runs: OK
# git bisect good 5889a62b93bd577ace12adace5743e6929bd1dce
Bisecting: 54 revisions left to test after this (roughly 6 steps)
[627642f07b3093f501495d226c7a0b9d56a0c870] Merge branch 'net-smc-add-failover-processing'
testing commit 627642f07b3093f501495d226c7a0b9d56a0c870 with gcc (GCC) 8.1.0
kernel signature: f37b7e6c49bfd442eb40ed5bc1a355f585348b42332b82ac701698f94cd48aef
all runs: OK
# git bisect good 627642f07b3093f501495d226c7a0b9d56a0c870
Bisecting: 27 revisions left to test after this (roughly 5 steps)
[09f6c44aaae0f1bdb8b983d7762676d5018c53bc] net: allwinner: Fix use correct return type for ndo_start_xmit()
testing commit 09f6c44aaae0f1bdb8b983d7762676d5018c53bc with gcc (GCC) 8.1.0
kernel signature: 8d3e2a6262b819efba03a8763e6361328f219092a2cc355fd613d7ed91846f5f
all runs: OK
# git bisect good 09f6c44aaae0f1bdb8b983d7762676d5018c53bc
Bisecting: 13 revisions left to test after this (roughly 4 steps)
[12dcceb39aabcc199461f2fdc3ff81be0cd7003e] net: mv643xx_eth: Remove unused inline function sum16_as_be
testing commit 12dcceb39aabcc199461f2fdc3ff81be0cd7003e with gcc (GCC) 8.1.0
kernel signature: c63a6b4e04dddff42fec212d8505ba9b4400599f7525024149667f437a26cf2c
all runs: OK
# git bisect good 12dcceb39aabcc199461f2fdc3ff81be0cd7003e
Bisecting: 6 revisions left to test after this (roughly 3 steps)
[fe121e078da1fd8a061ab22f26c5911f8ebf46cb] sch_choke: Remove classid from choke_skb_cb.
testing commit fe121e078da1fd8a061ab22f26c5911f8ebf46cb with gcc (GCC) 8.1.0
kernel signature: 2e2a4dd2d6f7e6ec6ea6e01a2aaa579d8f832f3e1a43220562253b5e4a00a489
all runs: OK
# git bisect good fe121e078da1fd8a061ab22f26c5911f8ebf46cb
Bisecting: 3 revisions left to test after this (roughly 2 steps)
[0a99be434d145079d0509473b19e840629d851c2] net/smc: log important pnetid and state change events
testing commit 0a99be434d145079d0509473b19e840629d851c2 with gcc (GCC) 8.1.0
kernel signature: 1bb525024be820effc4fd555572d9cd6485274d4dcc478a417dcbf90f8d21007
all runs: OK
# git bisect good 0a99be434d145079d0509473b19e840629d851c2
Bisecting: 1 revision left to test after this (roughly 1 step)
[9ea833022b5c887a242c0e3567f540c91f8611e6] Merge branch 'smc-log-state-changes-and-cleanup'
testing commit 9ea833022b5c887a242c0e3567f540c91f8611e6 with gcc (GCC) 8.1.0
kernel signature: fdce56120379bdee59318721e3bbf0c15b18ecbce918a5116b6cf196fec1b944
all runs: OK
# git bisect good 9ea833022b5c887a242c0e3567f540c91f8611e6
Bisecting: 0 revisions left to test after this (roughly 0 steps)
[730f135104f3afe320d0df4c53c28d6ad9d17d6b] cxgb4/cxgb4vf: Remove superfluous void * cast in debugfs_create_file() call
testing commit 730f135104f3afe320d0df4c53c28d6ad9d17d6b with gcc (GCC) 8.1.0
kernel signature: 66aef8d5f14c6f97b808fe48f1c44811610c85bf7ef81090a686e3e32bc47600
all runs: OK
# git bisect good 730f135104f3afe320d0df4c53c28d6ad9d17d6b
f989d546a2d5a9f001f6f8be49d98c10ab9b1897 is the first bad commit
commit f989d546a2d5a9f001f6f8be49d98c10ab9b1897
Author: William Tu <u9012063@gmail.com>
Date:   Tue May 5 09:05:06 2020 -0700

    erspan: Add type I version 0 support.
    
    The Type I ERSPAN frame format is based on the barebones
    IP + GRE(4-byte) encapsulation on top of the raw mirrored frame.
    Both type I and II use 0x88BE as protocol type. Unlike type II
    and III, no sequence number or key is required.
    To creat a type I erspan tunnel device:
      $ ip link add dev erspan11 type erspan \
                local 172.16.1.100 remote 172.16.1.200 \
                erspan_ver 0
    
    Signed-off-by: William Tu <u9012063@gmail.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>

 include/net/erspan.h | 19 +++++++++++++++--
 net/ipv4/ip_gre.c    | 58 ++++++++++++++++++++++++++++++++++++++--------------
 2 files changed, 60 insertions(+), 17 deletions(-)
culprit signature: d29130a8d51bbb170f560525cb7635c42a21820c0ad5001c3d949e92e540ad5a
parent  signature: 66aef8d5f14c6f97b808fe48f1c44811610c85bf7ef81090a686e3e32bc47600
revisions tested: 16, total time: 4h11m35.791743106s (build: 1h34m2.475167675s, test: 2h36m17.625402235s)
first bad commit: f989d546a2d5a9f001f6f8be49d98c10ab9b1897 erspan: Add type I version 0 support.
cc: ["davem@davemloft.net" "kuba@kernel.org" "kuznet@ms2.inr.ac.ru" "linux-kernel@vger.kernel.org" "netdev@vger.kernel.org" "u9012063@gmail.com" "yoshfuji@linux-ipv6.org"]
crash: general protection fault in erspan_validate
general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN
KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]
CPU: 0 PID: 8418 Comm: syz-executor.3 Not tainted 5.7.0-rc2-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:nla_get_u8 include/net/netlink.h:1595 [inline]
RIP: 0010:erspan_validate+0x5d/0x2d0 net/ipv4/ip_gre.c:1090
Code: 48 c1 ea 03 80 3c 02 00 0f 85 68 02 00 00 48 8b ab b0 00 00 00 48 b8 00 00 00 00 00 fc ff df 48 8d 7d 04 48 89 fa 48 c1 ea 03 <0f> b6 04 02 48 89 fa 83 e2 07 38 d0 7f 08 84 c0 0f 85 0e 02 00 00
RSP: 0018:ffffc90009a571b8 EFLAGS: 00010247
RAX: dffffc0000000000 RBX: ffff8880a9776400 RCX: 1ffff110152eec87
RDX: 0000000000000000 RSI: ffff8880a9776400 RDI: 0000000000000004
RBP: 0000000000000000 R08: ffff8880a941783e R09: 0000000000000006
R10: ffff8880a9776400 R11: fffff5200134ae1d R12: dffffc0000000000
R13: 0000000000000000 R14: 0000000000000000 R15: ffffffff89bf84c0
FS:  00007f7a2cd15700(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000020000780 CR3: 00000000a180e000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 __rtnl_newlink+0x3f9/0x1250 net/core/rtnetlink.c:3219
 rtnl_newlink+0x5c/0x80 net/core/rtnetlink.c:3398
 rtnetlink_rcv_msg+0x346/0x8c0 net/core/rtnetlink.c:5461
 netlink_rcv_skb+0x119/0x340 net/netlink/af_netlink.c:2469
 netlink_unicast_kernel net/netlink/af_netlink.c:1303 [inline]
 netlink_unicast+0x434/0x630 net/netlink/af_netlink.c:1329
 netlink_sendmsg+0x714/0xc60 net/netlink/af_netlink.c:1918
 sock_sendmsg_nosec net/socket.c:652 [inline]
 sock_sendmsg+0xac/0xe0 net/socket.c:672
 ____sys_sendmsg+0x554/0x760 net/socket.c:2362
 ___sys_sendmsg+0xe4/0x160 net/socket.c:2416
 __sys_sendmsg+0xce/0x170 net/socket.c:2449
 do_syscall_64+0xc6/0x620 arch/x86/entry/common.c:295
 entry_SYSCALL_64_after_hwframe+0x49/0xb3
RIP: 0033:0x45c829
Code: 0d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007f7a2cd14c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 0000000000500ce0 RCX: 000000000045c829
RDX: 0000000000000000 RSI: 0000000020000780 RDI: 0000000000000003
RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
R13: 0000000000000a04 R14: 00000000004ccbcc R15: 00007f7a2cd156d4
Modules linked in:
---[ end trace 78ad6aac85629822 ]---
RIP: 0010:nla_get_u8 include/net/netlink.h:1595 [inline]
RIP: 0010:erspan_validate+0x5d/0x2d0 net/ipv4/ip_gre.c:1090
Code: 48 c1 ea 03 80 3c 02 00 0f 85 68 02 00 00 48 8b ab b0 00 00 00 48 b8 00 00 00 00 00 fc ff df 48 8d 7d 04 48 89 fa 48 c1 ea 03 <0f> b6 04 02 48 89 fa 83 e2 07 38 d0 7f 08 84 c0 0f 85 0e 02 00 00
RSP: 0018:ffffc90009a571b8 EFLAGS: 00010247
RAX: dffffc0000000000 RBX: ffff8880a9776400 RCX: 1ffff110152eec87
RDX: 0000000000000000 RSI: ffff8880a9776400 RDI: 0000000000000004
RBP: 0000000000000000 R08: ffff8880a941783e R09: 0000000000000006
R10: ffff8880a9776400 R11: fffff5200134ae1d R12: dffffc0000000000
R13: 0000000000000000 R14: 0000000000000000 R15: ffffffff89bf84c0
FS:  00007f7a2cd15700(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000020000780 CR3: 00000000a180e000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400