bisecting cause commit starting from 459c5fb44379335c966d98c7fdc4e8ebe2d2b93f building syzkaller on 8fd428a197f1ff27bdb6d3d359745e2756133d01 testing commit 459c5fb44379335c966d98c7fdc4e8ebe2d2b93f with gcc (GCC) 8.1.0 all runs: crashed: KASAN: stack-out-of-bounds Read in skb_pull testing release v5.2 testing commit 0ecfebd2b52404ae0c54a878c872bb93363ada36 with gcc (GCC) 8.1.0 all runs: OK # git bisect start 459c5fb44379335c966d98c7fdc4e8ebe2d2b93f v5.2 Bisecting: 7565 revisions left to test after this (roughly 13 steps) [5f26f1143678d0fed8115afdcc0de99ee7cc9675] Merge tag 'asm-generic-5.3' of git://git.kernel.org/pub/scm/linux/kernel/git/arnd/asm-generic testing commit 5f26f1143678d0fed8115afdcc0de99ee7cc9675 with gcc (GCC) 8.1.0 run #0: crashed: general protection fault in send_hsr_supervision_frame run #1: crashed: general protection fault in send_hsr_supervision_frame run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect bad 5f26f1143678d0fed8115afdcc0de99ee7cc9675 Bisecting: 4239 revisions left to test after this (roughly 12 steps) [8f6ccf6159aed1f04c6d179f61f6fb2691261e84] Merge tag 'clone3-v5.3' of git://git.kernel.org/pub/scm/linux/kernel/git/brauner/linux testing commit 8f6ccf6159aed1f04c6d179f61f6fb2691261e84 with gcc (GCC) 8.1.0 all runs: OK # git bisect good 8f6ccf6159aed1f04c6d179f61f6fb2691261e84 Bisecting: 2150 revisions left to test after this (roughly 11 steps) [6413139dfc641aaaa30580b59696a5f7ea274194] skbuff: increase verbosity when dumping skb data testing commit 6413139dfc641aaaa30580b59696a5f7ea274194 with gcc (GCC) 8.1.0 all runs: OK # git bisect good 6413139dfc641aaaa30580b59696a5f7ea274194 Bisecting: 842 revisions left to test after this (roughly 10 steps) [e786741ff1b52769b044b7f4407f39cd13ee5d2d] Merge tag 'staging-5.3-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging testing commit e786741ff1b52769b044b7f4407f39cd13ee5d2d with gcc (GCC) 8.1.0 run #0: crashed: general protection fault in send_hsr_supervision_frame run #1: crashed: general protection fault in send_hsr_supervision_frame run #2: crashed: general protection fault in send_hsr_supervision_frame run #3: crashed: general protection fault in send_hsr_supervision_frame run #4: crashed: general protection fault in send_hsr_supervision_frame run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect bad e786741ff1b52769b044b7f4407f39cd13ee5d2d Bisecting: 613 revisions left to test after this (roughly 9 steps) [97ff4ca46d3279134cec49752de8c5a62dc68460] Merge tag 'char-misc-5.3-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc testing commit 97ff4ca46d3279134cec49752de8c5a62dc68460 with gcc (GCC) 8.1.0 run #0: crashed: general protection fault in send_hsr_supervision_frame run #1: crashed: general protection fault in send_hsr_supervision_frame run #2: crashed: general protection fault in send_hsr_supervision_frame run #3: crashed: general protection fault in send_hsr_supervision_frame run #4: crashed: general protection fault in send_hsr_supervision_frame run #5: crashed: general protection fault in send_hsr_supervision_frame run #6: OK run #7: OK run #8: OK run #9: OK # git bisect bad 97ff4ca46d3279134cec49752de8c5a62dc68460 Bisecting: 429 revisions left to test after this (roughly 9 steps) [64b08df460cfdfc2b010263043a057cdd33500ed] Merge tag 'hwmon-for-v5.3' of git://git.kernel.org/pub/scm/linux/kernel/git/groeck/linux-staging testing commit 64b08df460cfdfc2b010263043a057cdd33500ed with gcc (GCC) 8.1.0 run #0: crashed: general protection fault in send_hsr_supervision_frame run #1: crashed: general protection fault in send_hsr_supervision_frame run #2: crashed: general protection fault in send_hsr_supervision_frame run #3: crashed: general protection fault in send_hsr_supervision_frame run #4: crashed: general protection fault in send_hsr_supervision_frame run #5: crashed: general protection fault in send_hsr_supervision_frame run #6: OK run #7: OK run #8: OK run #9: OK # git bisect bad 64b08df460cfdfc2b010263043a057cdd33500ed Bisecting: 131 revisions left to test after this (roughly 7 steps) [e55f4b8bf4622103badac8694cdabceec06f9b38] sctp: rename sp strm_interleave to ep intl_enable testing commit e55f4b8bf4622103badac8694cdabceec06f9b38 with gcc (GCC) 8.1.0 run #0: crashed: general protection fault in send_hsr_supervision_frame run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect bad e55f4b8bf4622103badac8694cdabceec06f9b38 Bisecting: 65 revisions left to test after this (roughly 6 steps) [bc389fd101e57b36aacfaec2df8fe479eabb44ea] Merge branch 'macsec-fix-some-bugs-in-the-receive-path' testing commit bc389fd101e57b36aacfaec2df8fe479eabb44ea with gcc (GCC) 8.1.0 run #0: crashed: WARNING: ODEBUG bug in netdev_freemem run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect bad bc389fd101e57b36aacfaec2df8fe479eabb44ea Bisecting: 32 revisions left to test after this (roughly 5 steps) [c20dc142dd7b2884b8570eeab323bcd4a84294fa] bnxt_en: Disable bus master during PCI shutdown and driver unload. testing commit c20dc142dd7b2884b8570eeab323bcd4a84294fa with gcc (GCC) 8.1.0 all runs: OK # git bisect good c20dc142dd7b2884b8570eeab323bcd4a84294fa Bisecting: 15 revisions left to test after this (roughly 4 steps) [eb1f5c02ddf5ef51fcd746f6ff55b93935fc981c] Merge branch 'vsock-virtio-fixes' testing commit eb1f5c02ddf5ef51fcd746f6ff55b93935fc981c with gcc (GCC) 8.1.0 all runs: OK # git bisect good eb1f5c02ddf5ef51fcd746f6ff55b93935fc981c Bisecting: 7 revisions left to test after this (roughly 3 steps) [e57f61858b7cf478ed6fa23ed4b3876b1c9625c4] net: bridge: mcast: fix stale nsrcs pointer in igmp3/mld2 report handling testing commit e57f61858b7cf478ed6fa23ed4b3876b1c9625c4 with gcc (GCC) 8.1.0 all runs: OK # git bisect good e57f61858b7cf478ed6fa23ed4b3876b1c9625c4 Bisecting: 3 revisions left to test after this (roughly 2 steps) [f2f1717592d4790790bdcc73dbbe4958d2d33198] Merge branch 'bridge-stale-ptrs' testing commit f2f1717592d4790790bdcc73dbbe4958d2d33198 with gcc (GCC) 8.1.0 all runs: OK # git bisect good f2f1717592d4790790bdcc73dbbe4958d2d33198 Bisecting: 1 revision left to test after this (roughly 1 step) [095c02da80a41cf6d311c504d8955d6d1c2add10] macsec: fix use-after-free of skb during RX testing commit 095c02da80a41cf6d311c504d8955d6d1c2add10 with gcc (GCC) 8.1.0 all runs: OK # git bisect good 095c02da80a41cf6d311c504d8955d6d1c2add10 Bisecting: 0 revisions left to test after this (roughly 0 steps) [7d8b16b9facb0dd81d1469808dd9a575fa1d525a] macsec: fix checksumming after decryption testing commit 7d8b16b9facb0dd81d1469808dd9a575fa1d525a with gcc (GCC) 8.1.0 all runs: OK # git bisect good 7d8b16b9facb0dd81d1469808dd9a575fa1d525a bc389fd101e57b36aacfaec2df8fe479eabb44ea is the first bad commit revisions tested: 16, total time: 4h30m51.732264591s (build: 1h33m24.727186497s, test: 2h52m24.660445842s) first bad commit: bc389fd101e57b36aacfaec2df8fe479eabb44ea Merge branch 'macsec-fix-some-bugs-in-the-receive-path' cc: ["davem@davemloft.net"] crash: WARNING: ODEBUG bug in netdev_freemem team0 (unregistering): Port device team_slave_0 removed bond0 (unregistering): Releasing backup interface bond_slave_1 bond0 (unregistering): Releasing backup interface bond_slave_0 bond0 (unregistering): Released all slaves ------------[ cut here ]------------ ODEBUG: free active (active state 0) object type: timer_list hint: delayed_work_timer_fn+0x0/0x90 arch/x86/include/asm/paravirt.h:767 WARNING: CPU: 0 PID: 5103 at lib/debugobjects.c:328 debug_print_object+0x168/0x210 lib/debugobjects.c:325 Kernel panic - not syncing: panic_on_warn set ... CPU: 0 PID: 5103 Comm: kworker/u4:3 Not tainted 5.2.0-rc6+ #1 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: netns cleanup_net Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x113/0x167 lib/dump_stack.c:113 panic+0x212/0x4cb kernel/panic.c:219 __warn.cold.8+0x1b/0x38 kernel/panic.c:576 report_bug+0x1a4/0x200 lib/bug.c:186 fixup_bug arch/x86/kernel/traps.c:179 [inline] do_error_trap+0x11b/0x200 arch/x86/kernel/traps.c:272 do_invalid_op+0x36/0x40 arch/x86/kernel/traps.c:291 invalid_op+0x14/0x20 arch/x86/entry/entry_64.S:986 RIP: 0010:debug_print_object+0x168/0x210 lib/debugobjects.c:325 Code: 41 87 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 92 00 00 00 48 8b 14 dd e0 7c 41 87 4c 89 fe 48 c7 c7 80 72 41 87 e8 6b c6 3c fe <0f> 0b 83 05 1b 73 f6 05 01 48 83 c4 18 5b 41 5c 41 5d 41 5e 41 5f RSP: 0018:ffff8880998ff848 EFLAGS: 00010086 RAX: 0000000000000000 RBX: 0000000000000003 RCX: 0000000000000000 RDX: 0000000000000004 RSI: 0000000000000008 RDI: ffffffff89d63d40 RBP: ffff8880998ff888 R08: ffffed1015d440f1 R09: ffffed1015d440f0 R10: ffffed1015d440f0 R11: ffff8880aea20787 R12: 0000000000000001 R13: ffffffff883a64e0 R14: ffffffff81581c60 R15: ffffffff87417900 __debug_check_no_obj_freed lib/debugobjects.c:785 [inline] debug_check_no_obj_freed+0x264/0x472 lib/debugobjects.c:817 kfree+0xbd/0x220 mm/slab.c:3754 kvfree+0x2c/0x30 mm/util.c:460 netdev_freemem+0x47/0x60 net/core/dev.c:9098 netdev_release+0x6c/0x90 net/core/net-sysfs.c:1635 device_release+0x6a/0x1c0 drivers/base/core.c:1064 kobject_cleanup lib/kobject.c:691 [inline] kobject_release lib/kobject.c:720 [inline] kref_put include/linux/kref.h:65 [inline] kobject_put.cold.8+0x229/0x27c lib/kobject.c:737 netdev_run_todo+0x459/0x6a0 net/core/dev.c:9003 rtnl_unlock+0x9/0x10 net/core/rtnetlink.c:112 default_device_exit_batch+0x2e9/0x3d0 net/core/dev.c:9784 ops_exit_list.isra.5+0xd3/0x120 net/core/net_namespace.c:157 cleanup_net+0x363/0x850 net/core/net_namespace.c:553 process_one_work+0x830/0x16a0 kernel/workqueue.c:2269 worker_thread+0x85/0xb60 kernel/workqueue.c:2415 kthread+0x324/0x3e0 kernel/kthread.c:255 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:352 ======================================================