bisecting cause commit starting from ae6088216ce4b99b3a4aaaccd2eb2dd40d473d42 building syzkaller on 6738e0b30b938a389bceee9f445a27db50399e95 testing commit ae6088216ce4b99b3a4aaaccd2eb2dd40d473d42 with gcc (GCC) 8.1.0 kernel signature: 6c797e74c46db28ba391438a31dfdc4102deb3e8 all runs: crashed: general protection fault in hash_ipportnet4_uadt testing release v5.4 testing commit 219d54332a09e8d8741c1e1982f5eae56099de85 with gcc (GCC) 8.1.0 kernel signature: a4a50faae3ff13f83294dbfaf85367a6e991200b all runs: crashed: general protection fault in hash_ipportnet4_uadt testing release v5.3 testing commit 4d856f72c10ecb060868ed10ff1b1453943fc6c8 with gcc (GCC) 8.1.0 kernel signature: 39cef1413ea6554213d525812469c30ce43d6a1f all runs: crashed: general protection fault in hash_ipportnet4_uadt testing release v5.2 testing commit 0ecfebd2b52404ae0c54a878c872bb93363ada36 with gcc (GCC) 8.1.0 kernel signature: 0f1f6d92268c8b59ed0946ed40f342bb057c4bab all runs: crashed: general protection fault in hash_ipportnet4_uadt testing release v5.1 testing commit e93c9c99a629c61837d5a7fc2120cd2b6c70dbdd with gcc (GCC) 8.1.0 kernel signature: 6c7d8e682e6816793e1a23e81474e2282e1cc80a all runs: crashed: general protection fault in hash_ipportnet4_uadt testing release v5.0 testing commit 1c163f4c7b3f621efff9b28a47abb36f7378d783 with gcc (GCC) 8.1.0 kernel signature: 8be3edf4ec9d1c03512a8ec61c2a4c9a2c635213 run #0: crashed: general protection fault in hash_ipportnet4_uadt run #1: crashed: general protection fault in hash_ipportnet4_uadt run #2: crashed: general protection fault in hash_ipportnet4_uadt run #3: crashed: general protection fault in hash_ipportnet4_uadt run #4: crashed: general protection fault in hash_ipportnet4_uadt run #5: crashed: general protection fault in hash_ipportnet4_uadt run #6: crashed: general protection fault in hash_ipportnet4_uadt run #7: crashed: general protection fault in hash_ipportnet4_uadt run #8: crashed: general protection fault in corrupted run #9: crashed: general protection fault in hash_ipportnet4_uadt testing release v4.20 testing commit 8fe28cb58bcb235034b64cbbb7550a8a43fd88be with gcc (GCC) 8.1.0 kernel signature: a359c81941fb7c648b40d42532ab8b604ddcb9ff all runs: OK # git bisect start 1c163f4c7b3f621efff9b28a47abb36f7378d783 8fe28cb58bcb235034b64cbbb7550a8a43fd88be Bisecting: 7011 revisions left to test after this (roughly 13 steps) [af7ddd8a627c62a835524b3f5b471edbbbcce025] Merge tag 'dma-mapping-4.21' of git://git.infradead.org/users/hch/dma-mapping testing commit af7ddd8a627c62a835524b3f5b471edbbbcce025 with gcc (GCC) 8.1.0 kernel signature: e6e817fa47902d78e2a7da3b6638c1c5f912a10b run #0: crashed: general protection fault in hash_ipportnet4_uadt run #1: crashed: general protection fault in hash_ipportnet4_uadt run #2: crashed: general protection fault in hash_ipportnet4_uadt run #3: crashed: general protection fault in hash_ipportnet4_uadt run #4: crashed: general protection fault in hash_ipportnet4_uadt run #5: crashed: general protection fault in corrupted run #6: crashed: general protection fault in hash_ipportnet4_uadt run #7: crashed: general protection fault in hash_ipportnet4_uadt run #8: crashed: general protection fault in hash_ipportnet4_uadt run #9: crashed: general protection fault in hash_ipportnet4_uadt # git bisect bad af7ddd8a627c62a835524b3f5b471edbbbcce025 Bisecting: 3448 revisions left to test after this (roughly 12 steps) [792bf4d871dea8b69be2aaabdd320d7c6ed15985] Merge branch 'core-rcu-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip testing commit 792bf4d871dea8b69be2aaabdd320d7c6ed15985 with gcc (GCC) 8.1.0 kernel signature: 4ec17fe4edeae568efa4831e90dbb0c456a07163 all runs: OK # git bisect good 792bf4d871dea8b69be2aaabdd320d7c6ed15985 Bisecting: 1729 revisions left to test after this (roughly 11 steps) [aa9d6e0f33aea8a1879e7e53fe0e436943f9ce0c] linux/netlink.h: drop unnecessary extern prefix testing commit aa9d6e0f33aea8a1879e7e53fe0e436943f9ce0c with gcc (GCC) 8.1.0 kernel signature: b900f49e54c415ef2169579746b508f8a7f4ebd4 all runs: OK # git bisect good aa9d6e0f33aea8a1879e7e53fe0e436943f9ce0c Bisecting: 835 revisions left to test after this (roughly 10 steps) [e0c38a4d1f196a4b17d2eba36afff8f656a4f1de] Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next testing commit e0c38a4d1f196a4b17d2eba36afff8f656a4f1de with gcc (GCC) 8.1.0 kernel signature: 41bcee7ca9aaba538b53ed4103d91d8226548663 run #0: crashed: general protection fault in hash_ipportnet4_uadt run #1: crashed: general protection fault in corrupted run #2: crashed: general protection fault in hash_ipportnet4_uadt run #3: crashed: general protection fault in hash_ipportnet4_uadt run #4: crashed: general protection fault in hash_ipportnet4_uadt run #5: crashed: general protection fault in hash_ipportnet4_uadt run #6: crashed: general protection fault in hash_ipportnet4_uadt run #7: crashed: general protection fault in corrupted run #8: crashed: general protection fault in hash_ipportnet4_uadt run #9: crashed: general protection fault in hash_ipportnet4_uadt # git bisect bad e0c38a4d1f196a4b17d2eba36afff8f656a4f1de Bisecting: 384 revisions left to test after this (roughly 9 steps) [8d6973327ee84c2f40dd9efd8928d4a1186c96e2] Merge tag 'powerpc-4.21-1' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux testing commit 8d6973327ee84c2f40dd9efd8928d4a1186c96e2 with gcc (GCC) 8.1.0 kernel signature: 5283fb6ef6c0ba55705410c7431bf501811a9f3a all runs: OK # git bisect good 8d6973327ee84c2f40dd9efd8928d4a1186c96e2 Bisecting: 222 revisions left to test after this (roughly 8 steps) [e770454fabde2e0f8fb3e5039a2b6df8f128bc9b] Merge branch 'expand-txtimestamp-selftest' testing commit e770454fabde2e0f8fb3e5039a2b6df8f128bc9b with gcc (GCC) 8.1.0 kernel signature: 7a8e67a01ab9c2af013c22cb650b6c83ef8a6700 all runs: OK # git bisect good e770454fabde2e0f8fb3e5039a2b6df8f128bc9b Bisecting: 106 revisions left to test after this (roughly 7 steps) [c3e533692527046fb55020e7fac8c4272644ba45] Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next testing commit c3e533692527046fb55020e7fac8c4272644ba45 with gcc (GCC) 8.1.0 kernel signature: 462809a1ddf58758f1975ac745c14418e9336b17 all runs: crashed: general protection fault in hash_ipportnet4_uadt # git bisect bad c3e533692527046fb55020e7fac8c4272644ba45 Bisecting: 57 revisions left to test after this (roughly 6 steps) [9df95e8ec568f98d89fe2c72342714296ac6ce27] bpf: sparc64: Enable sparc64 jit to provide bpf_line_info testing commit 9df95e8ec568f98d89fe2c72342714296ac6ce27 with gcc (GCC) 8.1.0 kernel signature: 4d254c5b753b7d61c3d298d583f8ec947b4986e9 all runs: OK # git bisect good 9df95e8ec568f98d89fe2c72342714296ac6ce27 Bisecting: 28 revisions left to test after this (roughly 5 steps) [06aa151ad1fc74a49b45336672515774a678d78d] netfilter: ipt_CLUSTERIP: check MAC address when duplicate config is set testing commit 06aa151ad1fc74a49b45336672515774a678d78d with gcc (GCC) 8.1.0 kernel signature: 9267022a66b20fdf07c719bbfd01e9dccf38bc67 all runs: crashed: general protection fault in hash_ipportnet4_uadt # git bisect bad 06aa151ad1fc74a49b45336672515774a678d78d Bisecting: 14 revisions left to test after this (roughly 4 steps) [a504b703bb1da526a01593da0e4be2af9d9f5fa8] netfilter: nat: limit port clash resolution attempts testing commit a504b703bb1da526a01593da0e4be2af9d9f5fa8 with gcc (GCC) 8.1.0 kernel signature: a979b1398570a65f924d7f226b65b71a6f7a91d4 all runs: crashed: general protection fault in hash_ipportnet4_uadt # git bisect bad a504b703bb1da526a01593da0e4be2af9d9f5fa8 Bisecting: 6 revisions left to test after this (roughly 3 steps) [b9660987692230b381b64c1f1e912febe142c390] netfilter: nf_flow_table: simplify nf_flow_offload_gc_step() testing commit b9660987692230b381b64c1f1e912febe142c390 with gcc (GCC) 8.1.0 kernel signature: aafeddf0352f7e3d827e3af7e766cafd5aea5d80 all runs: crashed: general protection fault in hash_ipportnet4_uadt # git bisect bad b9660987692230b381b64c1f1e912febe142c390 Bisecting: 3 revisions left to test after this (roughly 2 steps) [23c42a403a9cfdbad6004a556c927be7dd61a8ee] netfilter: ipset: Introduction of new commands and protocol version 7 testing commit 23c42a403a9cfdbad6004a556c927be7dd61a8ee with gcc (GCC) 8.1.0 kernel signature: fc6af1b59971fa537e421142ca804ffe8e1aa03f all runs: crashed: general protection fault in hash_ipportnet4_uadt # git bisect bad 23c42a403a9cfdbad6004a556c927be7dd61a8ee Bisecting: 0 revisions left to test after this (roughly 1 step) [29edbc3ebdb0faa934114f14bf12fc0b784d4f1b] netfilter: ipset: Make invalid MAC address checks consistent testing commit 29edbc3ebdb0faa934114f14bf12fc0b784d4f1b with gcc (GCC) 8.1.0 kernel signature: 8664471f50f4dc64039d4750649b2ad7b72f1b8e all runs: OK # git bisect good 29edbc3ebdb0faa934114f14bf12fc0b784d4f1b 23c42a403a9cfdbad6004a556c927be7dd61a8ee is the first bad commit commit 23c42a403a9cfdbad6004a556c927be7dd61a8ee Author: Jozsef Kadlecsik Date: Sat Oct 27 15:07:40 2018 +0200 netfilter: ipset: Introduction of new commands and protocol version 7 Two new commands (IPSET_CMD_GET_BYNAME, IPSET_CMD_GET_BYINDEX) are introduced. The new commands makes possible to eliminate the getsockopt operation (in iptables set/SET match/target) and thus use only netlink communication between userspace and kernel for ipset. With the new protocol version, userspace can exactly know which functionality is supported by the running kernel. Both the kernel and userspace is fully backward compatible. Signed-off-by: Jozsef Kadlecsik include/linux/netfilter/ipset/ip_set.h | 2 +- include/uapi/linux/netfilter/ipset/ip_set.h | 19 ++-- net/netfilter/ipset/ip_set_core.c | 164 +++++++++++++++++++++++++--- 3 files changed, 160 insertions(+), 25 deletions(-) culprit signature: fc6af1b59971fa537e421142ca804ffe8e1aa03f parent signature: 8664471f50f4dc64039d4750649b2ad7b72f1b8e revisions tested: 20, total time: 3h52m38.547982074s (build: 1h53m48.124077243s, test: 1h57m18.564290372s) first bad commit: 23c42a403a9cfdbad6004a556c927be7dd61a8ee netfilter: ipset: Introduction of new commands and protocol version 7 cc: ["coreteam@netfilter.org" "davem@davemloft.net" "fw@strlen.de" "kadlec@blackhole.kfki.hu" "linux-kernel@vger.kernel.org" "netdev@vger.kernel.org" "netfilter-devel@vger.kernel.org" "pablo@netfilter.org"] crash: general protection fault in hash_ipportnet4_uadt IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready IPv6: ADDRCONF(NETDEV_UP): veth1_virt_wifi: link is not ready kasan: CONFIG_KASAN_INLINE enabled kasan: GPF could be caused by NULL-ptr deref or user memory access general protection fault: 0000 [#1] PREEMPT SMP KASAN CPU: 0 PID: 8725 Comm: syz-executor.5 Not tainted 4.19.0-rc6-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:hash_ipportnet4_uadt+0x213/0x10f0 net/netfilter/ipset/ip_set_hash_ipportnet.c:177 Code: 48 89 f8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 6b 09 00 00 4c 89 ea 45 8b 76 04 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <0f> b6 14 02 4c 89 e8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 30 IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready RSP: 0018:ffff880079d371d0 EFLAGS: 00010246 RAX: dffffc0000000000 RBX: ffff8800a875c900 RCX: 0000000000000000 RDX: 0000000000000000 RSI: ffff880079d37428 RDI: ffff8800a85805a0 RBP: ffff880079d373a0 R08: 0000000000000000 R09: 0000000000000000 R10: 000000000000000c R11: 0000000000000000 R12: ffff880079d37310 R13: 0000000000000000 R14: 0000000004000000 R15: ffff880079d37428 FS: 00007f2a6d845700(0000) GS:ffff8800aea00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f51a6a75270 CR3: 00000000a8025000 CR4: 00000000001406f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready ip_set_utest+0x3cc/0x690 net/netfilter/ipset/ip_set_core.c:1697 IPv6: ADDRCONF(NETDEV_UP): veth1_vlan: link is not ready nfnetlink_rcv_msg+0x942/0xc10 net/netfilter/nfnetlink.c:228 device veth0_vlan entered promiscuous mode netlink_rcv_skb+0x142/0x390 net/netlink/af_netlink.c:2476 device veth1_vlan entered promiscuous mode IPv6: ADDRCONF(NETDEV_UP): macvlan0: link is not ready nfnetlink_rcv+0x163/0x3b0 net/netfilter/nfnetlink.c:560 netlink_unicast_kernel net/netlink/af_netlink.c:1310 [inline] netlink_unicast+0x443/0x650 net/netlink/af_netlink.c:1336 IPv6: ADDRCONF(NETDEV_UP): macvlan1: link is not ready kobject: 'loop4' (00000000a58a2b4b): kobject_uevent_env netlink_sendmsg+0x765/0xc40 net/netlink/af_netlink.c:1917 kobject: 'loop4' (00000000a58a2b4b): fill_kobj_path: path = '/devices/virtual/block/loop4' sock_sendmsg_nosec net/socket.c:621 [inline] sock_sendmsg+0xb5/0xf0 net/socket.c:631 ___sys_sendmsg+0x647/0x950 net/socket.c:2116 __sys_sendmsg+0xd9/0x180 net/socket.c:2154 __do_sys_sendmsg net/socket.c:2163 [inline] __se_sys_sendmsg net/socket.c:2161 [inline] __x64_sys_sendmsg+0x73/0xb0 net/socket.c:2161 do_syscall_64+0xd0/0x4d0 arch/x86/entry/common.c:290 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x45af49 Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007f2a6d844c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045af49 RDX: 000000000c0000c4 RSI: 0000000020000280 RDI: 0000000000000004 RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00007f2a6d8456d4 R13: 00000000004c9e62 R14: 00000000004e2e98 R15: 00000000ffffffff Modules linked in: ---[ end trace 2da37d15678bfa0e ]--- RIP: 0010:hash_ipportnet4_uadt+0x213/0x10f0 net/netfilter/ipset/ip_set_hash_ipportnet.c:177 Code: 48 89 f8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 6b 09 00 00 4c 89 ea 45 8b 76 04 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <0f> b6 14 02 4c 89 e8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 30 IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready RSP: 0018:ffff880079d371d0 EFLAGS: 00010246 RAX: dffffc0000000000 RBX: ffff8800a875c900 RCX: 0000000000000000 RDX: 0000000000000000 RSI: ffff880079d37428 RDI: ffff8800a85805a0 RBP: ffff880079d373a0 R08: 0000000000000000 R09: 0000000000000000 R10: 000000000000000c R11: 0000000000000000 R12: ffff880079d37310 R13: 0000000000000000 R14: 0000000004000000 R15: ffff880079d37428 FS: 00007f2a6d845700(0000) GS:ffff8800aea00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f51a6a75270 CR3: 00000000a8025000 CR4: 00000000001406f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400