bisecting cause commit starting from 051143e1602d90ea71887d92363edd539d411de5 building syzkaller on 9682898d6f14dd27f95c419d059fd867bb91b22b testing commit 051143e1602d90ea71887d92363edd539d411de5 with gcc (GCC) 8.1.0 kernel signature: 9a9de168f26026a1088fa05f55863350dc08eb9b742d2ea271671699f6bdfe48 all runs: crashed: general protection fault in selinux_socket_recvmsg testing release v5.6 testing commit 7111951b8d4973bda27ff663f2cf18b663d15b48 with gcc (GCC) 8.1.0 kernel signature: 0ea783388d8c9aafbe2436cfd2576e1947cefdc140c1affb3cbc2c319461e5e2 all runs: OK # git bisect start 051143e1602d90ea71887d92363edd539d411de5 7111951b8d4973bda27ff663f2cf18b663d15b48 Bisecting: 7236 revisions left to test after this (roughly 13 steps) [f365ab31efacb70bed1e821f7435626e0b2528a6] Merge tag 'drm-next-2020-04-01' of git://anongit.freedesktop.org/drm/drm testing commit f365ab31efacb70bed1e821f7435626e0b2528a6 with gcc (GCC) 8.1.0 kernel signature: 60901bfcb82dcae215d64fe34ba3d7ac75dcdf7d48e669f1a0a68db0e68d8304 all runs: OK # git bisect good f365ab31efacb70bed1e821f7435626e0b2528a6 Bisecting: 3542 revisions left to test after this (roughly 12 steps) [347619565197ae0e62a755efc4a80904d66fc0a1] Merge tag 'clk-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/clk/linux testing commit 347619565197ae0e62a755efc4a80904d66fc0a1 with gcc (GCC) 8.1.0 kernel signature: ed34fceddd1c2efcbfc76fada40b9f74409bd3e9680bb3a6f6b2e13dad5e89eb all runs: OK # git bisect good 347619565197ae0e62a755efc4a80904d66fc0a1 Bisecting: 1717 revisions left to test after this (roughly 11 steps) [c8372665b4b96d6a818b2693dd49236d5f9c8bc2] Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net testing commit c8372665b4b96d6a818b2693dd49236d5f9c8bc2 with gcc (GCC) 8.1.0 kernel signature: fa7df78f467a3ce3717d3e9b2c9b253736fc82e9a02cc1d39e4ca4f483199f1c all runs: OK # git bisect good c8372665b4b96d6a818b2693dd49236d5f9c8bc2 Bisecting: 853 revisions left to test after this (roughly 10 steps) [ed6889db63d24600e523ac28fbece33201906611] Merge tag 'dmaengine-fix-5.7-rc4' of git://git.infradead.org/users/vkoul/slave-dma testing commit ed6889db63d24600e523ac28fbece33201906611 with gcc (GCC) 8.1.0 kernel signature: 08a8935a7125b04af9b63d527ec70096033e6424393ac1f5bcdd49ee40e9180d all runs: OK # git bisect good ed6889db63d24600e523ac28fbece33201906611 Bisecting: 429 revisions left to test after this (roughly 9 steps) [8c1684bb81f173543599f1848c29a2a3b1ee5907] Merge tag 'for-linus-2020-05-13' of git://git.kernel.org/pub/scm/linux/kernel/git/brauner/linux testing commit 8c1684bb81f173543599f1848c29a2a3b1ee5907 with gcc (GCC) 8.1.0 kernel signature: 1b3fce312477ec74edd0b053819625af2a8b1a7d7f1e12a18987b97f1f6c4048 all runs: crashed: general protection fault in selinux_socket_recvmsg # git bisect bad 8c1684bb81f173543599f1848c29a2a3b1ee5907 Bisecting: 216 revisions left to test after this (roughly 8 steps) [14f69140ff9c92a0928547ceefb153a842e8492c] mm: limit boost_watermark on small zones testing commit 14f69140ff9c92a0928547ceefb153a842e8492c with gcc (GCC) 8.1.0 kernel signature: b473ba01571303bcfb07652b86e49d150365687ddbfc93161070ce3797ba8f59 all runs: crashed: general protection fault in selinux_socket_recvmsg # git bisect bad 14f69140ff9c92a0928547ceefb153a842e8492c Bisecting: 103 revisions left to test after this (roughly 7 steps) [29ca3cdfe13b2792b8624e6f769777e8cb387f9c] net: macsec: fix rtnl locking issue testing commit 29ca3cdfe13b2792b8624e6f769777e8cb387f9c with gcc (GCC) 8.1.0 kernel signature: 5c12c644488663a150beedc952cd7b7a7fa7d4d257f2c2be278aa1ef8d9e9734 all runs: crashed: general protection fault in selinux_socket_recvmsg # git bisect bad 29ca3cdfe13b2792b8624e6f769777e8cb387f9c Bisecting: 51 revisions left to test after this (roughly 6 steps) [7979457b1d3a069cd857f5bd69e070e30223dd0c] net: bridge: vlan: Add a schedule point during VLAN processing testing commit 7979457b1d3a069cd857f5bd69e070e30223dd0c with gcc (GCC) 8.1.0 kernel signature: ea63c60ccd1d11a7f73ff62130c2796def69cf9c2cc414035d26638cb4e449ee all runs: crashed: general protection fault in selinux_socket_recvmsg # git bisect bad 7979457b1d3a069cd857f5bd69e070e30223dd0c Bisecting: 24 revisions left to test after this (roughly 5 steps) [37255e7a8f470a7d9678be89c18ba15d6ebf43f7] Merge tag 'batadv-net-for-davem-20200427' of git://git.open-mesh.org/linux-merge testing commit 37255e7a8f470a7d9678be89c18ba15d6ebf43f7 with gcc (GCC) 8.1.0 kernel signature: 6691a1701bb062570f54278219ff5e304044fdb097b831ecd856e391cddf927f all runs: basic kernel testing failed: KASAN: null-ptr-deref Write in x25_disconnect # git bisect skip 37255e7a8f470a7d9678be89c18ba15d6ebf43f7 Bisecting: 24 revisions left to test after this (roughly 5 steps) [8738c85c72b3108c9b9a369a39868ba5f8e10ae0] sch_choke: avoid potential panic in choke_reset() testing commit 8738c85c72b3108c9b9a369a39868ba5f8e10ae0 with gcc (GCC) 8.1.0 kernel signature: c4d9639f2df70d1fdfff050e4ff73381096cf294e7c2f3b4a8dc08cffb2bf92f all runs: basic kernel testing failed: KASAN: null-ptr-deref Write in x25_disconnect # git bisect skip 8738c85c72b3108c9b9a369a39868ba5f8e10ae0 Bisecting: 24 revisions left to test after this (roughly 5 steps) [10e3cc180e64385edc9890c6855acf5ed9ca1339] net/sonic: Fix a resource leak in an error handling path in 'jazz_sonic_probe()' testing commit 10e3cc180e64385edc9890c6855acf5ed9ca1339 with gcc (GCC) 8.1.0 kernel signature: 08e7a4c458fdd42cf46e445870440ed9f6f48c8762afd15a7bd44fb03bb05fe6 all runs: basic kernel testing failed: KASAN: null-ptr-deref Write in x25_disconnect # git bisect skip 10e3cc180e64385edc9890c6855acf5ed9ca1339 Bisecting: 24 revisions left to test after this (roughly 5 steps) [c3e302edca2457bbd0c958c445a7538fbf6a6ac8] net: phy: marvell10g: fix temperature sensor on 2110 testing commit c3e302edca2457bbd0c958c445a7538fbf6a6ac8 with gcc (GCC) 8.1.0 kernel signature: 69d2c3896a14efbdc201de93cda3797067ca47295af7de5f12d11764da7ae2aa all runs: basic kernel testing failed: KASAN: null-ptr-deref Write in x25_disconnect # git bisect skip c3e302edca2457bbd0c958c445a7538fbf6a6ac8 Bisecting: 24 revisions left to test after this (roughly 5 steps) [9812307491231974f8eef1329237ce3d27da7462] net: dsa: mv88e6xxx: remove duplicate assignment of struct members testing commit 9812307491231974f8eef1329237ce3d27da7462 with gcc (GCC) 8.1.0 kernel signature: ffc1744e47b78d1a339ca2e1a23f18f89a71883b3422407537d5a44cb8966827 all runs: OK # git bisect good 9812307491231974f8eef1329237ce3d27da7462 Bisecting: 10 revisions left to test after this (roughly 4 steps) [8c755953603fdad8bcd7aa7bb7b5abc1ead8d944] Merge branch 'mptcp-fix-incoming-options-parsing' testing commit 8c755953603fdad8bcd7aa7bb7b5abc1ead8d944 with gcc (GCC) 8.1.0 kernel signature: 35936ee0d56cfdcd4053f76b9e6bf185aaeefe3dc61155c761a4adc8ba26d477 all runs: crashed: general protection fault in selinux_socket_recvmsg # git bisect bad 8c755953603fdad8bcd7aa7bb7b5abc1ead8d944 Bisecting: 4 revisions left to test after this (roughly 3 steps) [263e1201a2c324b60b15ecda5de9ebf1e7293e31] mptcp: consolidate synack processing. testing commit 263e1201a2c324b60b15ecda5de9ebf1e7293e31 with gcc (GCC) 8.1.0 kernel signature: 1394022ebaa97dff44fe63c110803093dacddbd0f2a4ba0a6eeb8db1a47b35f0 all runs: crashed: WARNING in warn_bad_map # git bisect bad 263e1201a2c324b60b15ecda5de9ebf1e7293e31 Bisecting: 2 revisions left to test after this (roughly 2 steps) [130c58606171326c81841a49cc913cd354113dd9] wireguard: queueing: cleanup ptr_ring in error path of packet_queue_init testing commit 130c58606171326c81841a49cc913cd354113dd9 with gcc (GCC) 8.1.0 kernel signature: 99a1cd077712d170ab9a724c11641eaf4e1c89836f8d9d84da1a766ff76cca31 all runs: OK # git bisect good 130c58606171326c81841a49cc913cd354113dd9 Bisecting: 0 revisions left to test after this (roughly 1 step) [30724ccbfc8325cade4a2d36cd1f75b06341d9eb] Merge branch 'wireguard-fixes' testing commit 30724ccbfc8325cade4a2d36cd1f75b06341d9eb with gcc (GCC) 8.1.0 kernel signature: 043ee9b3722891d12f8c23acabf428dba72c0b666a5c06d681b62ff2081c3e4e all runs: OK # git bisect good 30724ccbfc8325cade4a2d36cd1f75b06341d9eb 263e1201a2c324b60b15ecda5de9ebf1e7293e31 is the first bad commit commit 263e1201a2c324b60b15ecda5de9ebf1e7293e31 Author: Paolo Abeni Date: Thu Apr 30 15:01:51 2020 +0200 mptcp: consolidate synack processing. Currently the MPTCP code uses 2 hooks to process syn-ack packets, mptcp_rcv_synsent() and the sk_rx_dst_set() callback. We can drop the first, moving the relevant code into the latter, reducing the hooking into the TCP code. This is also needed by the next patch. v1 -> v2: - use local tcp sock ptr instead of casting the sk variable several times - DaveM Signed-off-by: Paolo Abeni Signed-off-by: David S. Miller include/net/mptcp.h | 1 - net/ipv4/tcp_input.c | 3 --- net/mptcp/options.c | 22 ---------------------- net/mptcp/subflow.c | 27 ++++++++++++++++++++++++--- 4 files changed, 24 insertions(+), 29 deletions(-) culprit signature: 1394022ebaa97dff44fe63c110803093dacddbd0f2a4ba0a6eeb8db1a47b35f0 parent signature: 043ee9b3722891d12f8c23acabf428dba72c0b666a5c06d681b62ff2081c3e4e revisions tested: 19, total time: 3h54m24.823478426s (build: 1h53m23.062290351s, test: 1h59m21.993449761s) first bad commit: 263e1201a2c324b60b15ecda5de9ebf1e7293e31 mptcp: consolidate synack processing. cc: ["davem@davemloft.net" "edumazet@google.com" "kuba@kernel.org" "kuznet@ms2.inr.ac.ru" "linux-kernel@vger.kernel.org" "mathew.j.martineau@linux.intel.com" "matthieu.baerts@tessares.net" "mptcp@lists.01.org" "netdev@vger.kernel.org" "pabeni@redhat.com" "yoshfuji@linux-ipv6.org"] crash: WARNING in warn_bad_map ------------[ cut here ]------------ Bad mapping: ssn=2587084 map_seq=1 map_data_len=32740 WARNING: CPU: 1 PID: 8436 at net/mptcp/subflow.c:556 warn_bad_map.isra.6.part.7+0x70/0xa0 net/mptcp/subflow.c:555 Kernel panic - not syncing: panic_on_warn set ... CPU: 1 PID: 8436 Comm: syz-executor.0 Not tainted 5.7.0-rc2-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x128/0x182 lib/dump_stack.c:118 panic+0x22a/0x4e3 kernel/panic.c:221 __warn.cold.10+0x25/0x26 kernel/panic.c:582 report_bug+0x1ad/0x270 lib/bug.c:195 fixup_bug arch/x86/kernel/traps.c:175 [inline] do_error_trap+0x123/0x210 arch/x86/kernel/traps.c:267 do_invalid_op+0x31/0x40 arch/x86/kernel/traps.c:286 invalid_op+0x23/0x30 arch/x86/entry/entry_64.S:1027 RIP: 0010:warn_bad_map.isra.6.part.7+0x70/0xa0 net/mptcp/subflow.c:555 Code: 0e 48 c1 ea 03 0f b6 14 02 48 89 d8 83 e0 07 83 c0 03 38 d0 7c 04 84 d2 75 19 8b 13 89 ee 48 c7 c7 80 d0 4c 88 e8 fc d7 16 fa <0f> 0b 48 83 c4 08 5b 5d c3 48 89 df 89 0c 24 e8 3c da 75 fa 8b 0c RSP: 0018:ffffc9000753f0d0 EFLAGS: 00010282 RAX: 0000000000000000 RBX: ffff888096cbf23c RCX: 0000000000000006 RDX: 1ffffffff11a8cf4 RSI: 0000000000000008 RDI: 0000000000000282 RBP: 00000000002779cc R08: fffffbfff16abd4d R09: fffffbfff16abd4d R10: ffffffff8b55ea67 R11: fffffbfff16abd4c R12: ffff888096cbf200 R13: ffff8880916d6360 R14: ffff888096cbf23c R15: ffff888096cbf244 warn_bad_map net/mptcp/subflow.c:587 [inline] validate_mapping net/mptcp/subflow.c:587 [inline] get_mapping_status net/mptcp/subflow.c:700 [inline] subflow_check_data_avail net/mptcp/subflow.c:738 [inline] mptcp_subflow_data_available+0x10ea/0x1e70 net/mptcp/subflow.c:834 subflow_data_ready+0xdd/0x130 net/mptcp/subflow.c:857 tcp_data_queue+0xcc9/0x3c70 net/ipv4/tcp_input.c:4833 tcp_rcv_established+0x9f1/0x1f40 net/ipv4/tcp_input.c:5727 tcp_v4_do_rcv+0x517/0x790 net/ipv4/tcp_ipv4.c:1621 sk_backlog_rcv include/net/sock.h:996 [inline] __release_sock+0x116/0x350 net/core/sock.c:2459 release_sock+0x4a/0x170 net/core/sock.c:2975 sk_stream_wait_memory+0x4a8/0xc10 net/core/stream.c:145 do_tcp_sendpages+0x6c9/0x1d70 net/ipv4/tcp.c:1068 mptcp_sendmsg_frag+0xf71/0x1ae0 net/mptcp/protocol.c:592 mptcp_sendmsg+0x3f3/0xa10 net/mptcp/protocol.c:763 sock_sendmsg_nosec net/socket.c:652 [inline] sock_sendmsg+0xac/0xe0 net/socket.c:672 sock_write_iter+0x218/0x380 net/socket.c:1004 call_write_iter include/linux/fs.h:1907 [inline] do_iter_readv_writev+0x4f1/0x7c0 fs/read_write.c:694 do_iter_write+0x129/0x540 fs/read_write.c:999 vfs_writev+0x16d/0x2d0 fs/read_write.c:1072 do_writev+0x214/0x280 fs/read_write.c:1115 do_syscall_64+0xc6/0x620 arch/x86/entry/common.c:295 entry_SYSCALL_64_after_hwframe+0x49/0xb3 RIP: 0033:0x45ca29 Code: 0d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007fac9e637c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 RAX: ffffffffffffffda RBX: 000000000050d640 RCX: 000000000045ca29 RDX: 0000000000000001 RSI: 0000000020000200 RDI: 0000000000000003 RBP: 000000000078bfa0 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff R13: 0000000000000d20 R14: 00000000004cb469 R15: 00007fac9e6386d4 Kernel Offset: disabled Rebooting in 86400 seconds..