bisecting cause commit starting from d012a7190fc1fd72ed48911e77ca97ba4521bccd building syzkaller on 67b599d167ab42fff545ec53e23f2711c184877b testing commit d012a7190fc1fd72ed48911e77ca97ba4521bccd with gcc (GCC) 8.1.0 kernel signature: 0abb10c35924a916ac77fc7db0c8ce11db702f41ee6fc1bf5dc840c8528205cb all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in security_inode_getattr testing release v5.8 testing commit bcf876870b95592b52519ed4aafcf9d95999bc9c with gcc (GCC) 8.1.0 kernel signature: 087ab9fdd9a60df3b7aea860014683bcee66ab66b155244e16b259e0da1b42ee all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in security_inode_getattr testing release v5.7 testing commit 3d77e6a8804abcc0504c904bd6e5cdf3a5cf8162 with gcc (GCC) 8.1.0 kernel signature: 4a1fc1423c4e63af744ccb375bb331f61b33eea13607f350e22c63ba156acea8 run #0: crashed: general protection fault in security_inode_getattr run #1: crashed: general protection fault in security_inode_getattr run #2: crashed: general protection fault in security_inode_getattr run #3: crashed: general protection fault in security_inode_getattr run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK testing release v5.6 testing commit 7111951b8d4973bda27ff663f2cf18b663d15b48 with gcc (GCC) 8.1.0 kernel signature: 967eb3f446746d3d6a8480f29eaf71f066981491b442e0c7ac6069f6c0504083 run #0: crashed: general protection fault in security_inode_getattr run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK testing release v5.5 testing commit d5226fa6dbae0569ee43ecfc08bdcd6770fc4755 with gcc (GCC) 8.1.0 kernel signature: 8fe356900b3e57aa97c4ba3a47a630247dc8f5bc866c06a7bfb21dbed6c6d31c all runs: OK # git bisect start 7111951b8d4973bda27ff663f2cf18b663d15b48 d5226fa6dbae0569ee43ecfc08bdcd6770fc4755 Bisecting: 6113 revisions left to test after this (roughly 13 steps) [9f68e3655aae6d49d6ba05dd263f99f33c2567af] Merge tag 'drm-next-2020-01-30' of git://anongit.freedesktop.org/drm/drm testing commit 9f68e3655aae6d49d6ba05dd263f99f33c2567af with gcc (GCC) 8.1.0 kernel signature: e8c33e23f7e06abca5d6daf9f1ba595c89223321a72dbc50e7512b2b157b0d43 run #0: crashed: general protection fault in security_inode_getattr run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect bad 9f68e3655aae6d49d6ba05dd263f99f33c2567af Bisecting: 3686 revisions left to test after this (roughly 12 steps) [fb95aae6e67c4e319a24b3eea32032d4246a5335] Merge tag 'sound-5.6-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound testing commit fb95aae6e67c4e319a24b3eea32032d4246a5335 with gcc (GCC) 8.1.0 kernel signature: 3e7198774e24cacd801d994e0388ceb8e36730b7532b6321bc0684f36b420194 run #0: crashed: general protection fault in security_inode_getattr run #1: crashed: general protection fault in security_inode_getattr run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect bad fb95aae6e67c4e319a24b3eea32032d4246a5335 Bisecting: 2267 revisions left to test after this (roughly 11 steps) [f76e4c167ea2212e23c15ee7e601a865e822c291] net: phy: add default ARCH_BCM_IPROC for MDIO_BCM_IPROC testing commit f76e4c167ea2212e23c15ee7e601a865e822c291 with gcc (GCC) 8.1.0 kernel signature: e1a568a6aaa810218f5abd9d508de93080a2896ebd9aafbd0270831fc220c166 run #0: crashed: general protection fault in security_inode_getattr run #1: crashed: general protection fault in security_inode_getattr run #2: crashed: general protection fault in security_inode_getattr run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect bad f76e4c167ea2212e23c15ee7e601a865e822c291 Bisecting: 810 revisions left to test after this (roughly 10 steps) [f41aa387a7896c193b384c5fb531cd2cb9e00128] Merge branch 'selftest-makefile-cleanup' testing commit f41aa387a7896c193b384c5fb531cd2cb9e00128 with gcc (GCC) 8.1.0 kernel signature: 1127d14f6d371095473403bc55482c471c5b4172ca55aaa2123edeb71efb9741 all runs: OK # git bisect good f41aa387a7896c193b384c5fb531cd2cb9e00128 Bisecting: 419 revisions left to test after this (roughly 9 steps) [7c453526dc50460c63ff28df7673570dd057c5d0] net/mlx5e: Enable all available stats for uplink reps testing commit 7c453526dc50460c63ff28df7673570dd057c5d0 with gcc (GCC) 8.1.0 kernel signature: 43d82e0029413c61f75a01bd5f470c320f8d5601ea8144310c2534794f1cc71c all runs: OK # git bisect good 7c453526dc50460c63ff28df7673570dd057c5d0 Bisecting: 223 revisions left to test after this (roughly 8 steps) [5a44c71ccda60a50073c5d7fe3f694cdfa3ab0c2] drivers: net: xgene: Fix the order of the arguments of 'alloc_etherdev_mqs()' testing commit 5a44c71ccda60a50073c5d7fe3f694cdfa3ab0c2 with gcc (GCC) 8.1.0 kernel signature: eaa21ddcbe97d11ccea8186b18c6fe430ea5249ad6871f1142432b97e664c0ae run #0: crashed: general protection fault in security_inode_getattr run #1: crashed: general protection fault in security_inode_getattr run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect bad 5a44c71ccda60a50073c5d7fe3f694cdfa3ab0c2 Bisecting: 97 revisions left to test after this (roughly 7 steps) [790e01149a115f77f5aa075e4ea0f81e45961523] Merge branch 'Add-PHY-IDs-for-DP83825-6' testing commit 790e01149a115f77f5aa075e4ea0f81e45961523 with gcc (GCC) 8.1.0 kernel signature: 6bf26ae32a2a14fb3c9d46ed9419178c7a51854f8c0ac9ce71158c72a5a409db run #0: crashed: general protection fault in security_inode_getattr run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect bad 790e01149a115f77f5aa075e4ea0f81e45961523 Bisecting: 48 revisions left to test after this (roughly 6 steps) [81f2b572cf4fd5c4178fe0e2b5bb1ab096385fd8] bpf: Remove set but not used variable 'first_key' testing commit 81f2b572cf4fd5c4178fe0e2b5bb1ab096385fd8 with gcc (GCC) 8.1.0 kernel signature: b36a7a36ecf9dad1e312e2928d973bbe2cf2de1e32c9a8d93d28635d76a5cab8 run #0: crashed: general protection fault in security_inode_getattr run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect bad 81f2b572cf4fd5c4178fe0e2b5bb1ab096385fd8 Bisecting: 24 revisions left to test after this (roughly 5 steps) [83e4b88be1ff9671f2a2fb040a09c45cc3fb40e6] selftests/bpf: Add a test for attaching a bpf fentry/fexit trace to an XDP program testing commit 83e4b88be1ff9671f2a2fb040a09c45cc3fb40e6 with gcc (GCC) 8.1.0 kernel signature: cea37113ba1861f51bca751243731b177ffbbe8a4911f920698c1863f444fe01 all runs: OK # git bisect good 83e4b88be1ff9671f2a2fb040a09c45cc3fb40e6 Bisecting: 12 revisions left to test after this (roughly 4 steps) [188a486619e6c9d7b8531ba6c4215b31304d293f] bpftool: Fix missing BTF output for json during map dump testing commit 188a486619e6c9d7b8531ba6c4215b31304d293f with gcc (GCC) 8.1.0 kernel signature: a11618a6503fbf805c6b16490c1c7d577d3938d23cf852a030d20a788ad595fc all runs: OK # git bisect good 188a486619e6c9d7b8531ba6c4215b31304d293f Bisecting: 6 revisions left to test after this (roughly 3 steps) [858e284f0ec18bff2620d9a6afe764dc683f8ba1] libbpf: Fix unneeded extra initialization in bpf_map_batch_common testing commit 858e284f0ec18bff2620d9a6afe764dc683f8ba1 with gcc (GCC) 8.1.0 kernel signature: 07fd95da9eb3e8ba83ed56d75e95080a40847bb525ae3c32a0305c559e2f6a93 all runs: OK # git bisect good 858e284f0ec18bff2620d9a6afe764dc683f8ba1 Bisecting: 3 revisions left to test after this (roughly 2 steps) [75ccae62cb8d42a619323a85c577107b8b37d797] xdp: Move devmap bulk queue into struct net_device testing commit 75ccae62cb8d42a619323a85c577107b8b37d797 with gcc (GCC) 8.1.0 kernel signature: 22a6be4b9b728fd29317258b11d5b92ffc39ce7f5fd2efbc8a39312208d90b30 run #0: OK run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: crashed: general protection fault in security_inode_getattr run #8: OK run #9: OK # git bisect bad 75ccae62cb8d42a619323a85c577107b8b37d797 Bisecting: 0 revisions left to test after this (roughly 1 step) [20f21d98cf12b8ecd69e8defc93fae9e3b353b13] libbpf: Revert bpf_helper_defs.h inclusion regression testing commit 20f21d98cf12b8ecd69e8defc93fae9e3b353b13 with gcc (GCC) 8.1.0 kernel signature: aed65dc5dc176f26b57a0e67c9bd99e3d04e93d63594fd6e8b6f9859b18e25ed run #0: crashed: general protection fault in security_inode_getattr run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect bad 20f21d98cf12b8ecd69e8defc93fae9e3b353b13 Bisecting: 0 revisions left to test after this (roughly 0 steps) [35697c12d7ffd31a56d3c9604066a166b75d0169] selftests/bpf: Fix test_progs send_signal flakiness with nmi mode testing commit 35697c12d7ffd31a56d3c9604066a166b75d0169 with gcc (GCC) 8.1.0 kernel signature: a3238963dadc4787f34d800529001666bd1f3d9d6608c9eb70859e19e7ed042f run #0: crashed: general protection fault in security_inode_getattr run #1: crashed: general protection fault in security_inode_getattr run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect bad 35697c12d7ffd31a56d3c9604066a166b75d0169 35697c12d7ffd31a56d3c9604066a166b75d0169 is the first bad commit commit 35697c12d7ffd31a56d3c9604066a166b75d0169 Author: Yonghong Song Date: Thu Jan 16 09:40:04 2020 -0800 selftests/bpf: Fix test_progs send_signal flakiness with nmi mode Alexei observed that test_progs send_signal may fail if run with command line "./test_progs" and the tests will pass if just run "./test_progs -n 40". I observed similar issue with nmi subtest failure and added a delay 100 us in Commit ab8b7f0cb358 ("tools/bpf: Add self tests for bpf_send_signal_thread()") and the problem is gone for me. But the issue still exists in Alexei's testing environment. The current code uses sample_freq = 50 (50 events/second), which may not be enough. But if the sample_freq value is larger than sysctl kernel/perf_event_max_sample_rate, the perf_event_open syscall will fail. This patch changed nmi perf testing to use sample_period = 1, which means trying to sampling every event. This seems fixing the issue. Fixes: ab8b7f0cb358 ("tools/bpf: Add self tests for bpf_send_signal_thread()") Signed-off-by: Yonghong Song Signed-off-by: Alexei Starovoitov Acked-by: Andrii Nakryiko Link: https://lore.kernel.org/bpf/20200116174004.1522812-1-yhs@fb.com tools/testing/selftests/bpf/prog_tests/send_signal.c | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) culprit signature: a3238963dadc4787f34d800529001666bd1f3d9d6608c9eb70859e19e7ed042f parent signature: 07fd95da9eb3e8ba83ed56d75e95080a40847bb525ae3c32a0305c559e2f6a93 revisions tested: 19, total time: 4h54m38.915406417s (build: 1h58m53.733282023s, test: 2h53m54.296929106s) first bad commit: 35697c12d7ffd31a56d3c9604066a166b75d0169 selftests/bpf: Fix test_progs send_signal flakiness with nmi mode recipients (to): ["andriin@fb.com" "ast@kernel.org" "yhs@fb.com"] recipients (cc): [] crash: general protection fault in security_inode_getattr kasan: GPF could be caused by NULL-ptr deref or user memory access general protection fault: 0000 [#1] PREEMPT SMP KASAN CPU: 1 PID: 16057 Comm: syz-executor.1 Not tainted 5.5.0-rc4-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:security_inode_getattr+0x40/0x100 security/security.c:1220 Code: 55 48 c1 ea 03 53 80 3c 02 00 0f 85 c7 00 00 00 48 b8 00 00 00 00 00 fc ff df 49 8b 5c 24 08 48 8d 7b 58 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 99 00 00 00 48 b8 00 00 00 00 00 fc ff df 48 8b RSP: 0018:ffffc90002427550 EFLAGS: 00010202 RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 0000000000000000 RDX: 000000000000000b RSI: ffffc900024277c0 RDI: 0000000000000058 RBP: ffffc900024277c0 R08: fffffbfff1320141 R09: fffffbfff1320141 R10: fffffbfff1320140 R11: ffffffff89900a07 R12: ffffc900024277b0 R13: 0000000000000000 R14: dffffc0000000000 R15: ffffc900024277b0 FS: 00007fd240b55700(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00000000016a8660 CR3: 000000008e1e5000 CR4: 00000000001406e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: vfs_getattr+0x17/0x40 fs/stat.c:115 ovl_copy_up_one+0x140/0x1290 fs/overlayfs/copy_up.c:800 ovl_copy_up_flags+0xf0/0x150 fs/overlayfs/copy_up.c:881 ovl_maybe_copy_up+0xba/0xf0 fs/overlayfs/copy_up.c:913 ovl_open+0x95/0x240 fs/overlayfs/file.c:121 do_dentry_open+0x3e5/0x1010 fs/open.c:797 do_last fs/namei.c:3420 [inline] path_openat+0xaa0/0x3810 fs/namei.c:3537 do_filp_open+0x177/0x250 fs/namei.c:3567 file_open_name+0x131/0x190 fs/open.c:1044 acct_on+0x78/0x6b0 kernel/acct.c:207 __do_sys_acct kernel/acct.c:286 [inline] __se_sys_acct kernel/acct.c:273 [inline] __x64_sys_acct+0x7a/0x170 kernel/acct.c:273 do_syscall_64+0xc6/0x5e0 arch/x86/entry/common.c:294 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x45d579 Code: 5d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 2b b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007fd240b54c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a3 RAX: ffffffffffffffda RBX: 0000000000000700 RCX: 000000000045d579 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000040 RBP: 000000000118cf70 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000118cf4c R13: 00007fff7bf3bd4f R14: 00007fd240b559c0 R15: 000000000118cf4c Modules linked in: ---[ end trace ffa03ca858b9cd9e ]--- RIP: 0010:security_inode_getattr+0x40/0x100 security/security.c:1220 Code: 55 48 c1 ea 03 53 80 3c 02 00 0f 85 c7 00 00 00 48 b8 00 00 00 00 00 fc ff df 49 8b 5c 24 08 48 8d 7b 58 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 99 00 00 00 48 b8 00 00 00 00 00 fc ff df 48 8b RSP: 0018:ffffc90002427550 EFLAGS: 00010202 RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 0000000000000000 RDX: 000000000000000b RSI: ffffc900024277c0 RDI: 0000000000000058 RBP: ffffc900024277c0 R08: fffffbfff1320141 R09: fffffbfff1320141 R10: fffffbfff1320140 R11: ffffffff89900a07 R12: ffffc900024277b0 R13: 0000000000000000 R14: dffffc0000000000 R15: ffffc900024277b0 FS: 00007fd240b55700(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fd240b12db8 CR3: 000000008e1e5000 CR4: 00000000001406e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400