bisecting fixing commit since 63f04777162181798399a2c4e5436d0d0c16291b building syzkaller on 06c33b3af0ff4072fb002879f83077c9d162a224 testing commit 63f04777162181798399a2c4e5436d0d0c16291b with gcc (GCC) 8.1.0 all runs: crashed: BUG: MAX_LOCK_DEPTH too low! testing current HEAD 1e78030e5e5b2d8b0cad7136caf9cfab986a6bff testing commit 1e78030e5e5b2d8b0cad7136caf9cfab986a6bff with gcc (GCC) 8.1.0 all runs: OK # git bisect start 1e78030e5e5b2d8b0cad7136caf9cfab986a6bff 63f04777162181798399a2c4e5436d0d0c16291b Bisecting: 44109 revisions left to test after this (roughly 16 steps) [8834f5600cf3c8db365e18a3d5cac2c2780c81e5] Linux 5.0-rc5 testing commit 8834f5600cf3c8db365e18a3d5cac2c2780c81e5 with gcc (GCC) 8.1.0 all runs: OK # git bisect bad 8834f5600cf3c8db365e18a3d5cac2c2780c81e5 Bisecting: 22037 revisions left to test after this (roughly 15 steps) [62606c224d72a98c35d21a849f95cccf95b0a252] Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 testing commit 62606c224d72a98c35d21a849f95cccf95b0a252 with gcc (GCC) 8.1.0 all runs: OK # git bisect bad 62606c224d72a98c35d21a849f95cccf95b0a252 Bisecting: 11032 revisions left to test after this (roughly 14 steps) [2475c515d4031c494ff452508a8bf8c281ec6e56] Merge tag 'staging-4.19-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging testing commit 2475c515d4031c494ff452508a8bf8c281ec6e56 with gcc (GCC) 8.1.0 all runs: OK # git bisect bad 2475c515d4031c494ff452508a8bf8c281ec6e56 Bisecting: 4730 revisions left to test after this (roughly 13 steps) [9a76aba02a37718242d7cdc294f0a3901928aa57] Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next testing commit 9a76aba02a37718242d7cdc294f0a3901928aa57 with gcc (GCC) 8.1.0 run #0: OK run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: boot failed: KASAN: use-after-free Read in dd_has_work # git bisect bad 9a76aba02a37718242d7cdc294f0a3901928aa57 Bisecting: 3153 revisions left to test after this (roughly 12 steps) [3d46eee5a5f2f22ca04e2139e8c9a16b81d16073] bnxt_en: avoid string overflow for record->system_name testing commit 3d46eee5a5f2f22ca04e2139e8c9a16b81d16073 with gcc (GCC) 8.1.0 all runs: OK # git bisect bad 3d46eee5a5f2f22ca04e2139e8c9a16b81d16073 Bisecting: 1576 revisions left to test after this (roughly 11 steps) [27782f403fbfe531442b80f59e7e42ccbe00eb9c] x25: remove blank lines at EOF testing commit 27782f403fbfe531442b80f59e7e42ccbe00eb9c with gcc (GCC) 8.1.0 all runs: OK # git bisect bad 27782f403fbfe531442b80f59e7e42ccbe00eb9c Bisecting: 788 revisions left to test after this (roughly 10 steps) [c0b78038a8477bf0e3368988a3ff63f668cd27db] Merge tag 'batadv-next-for-davem-20180717' of git://git.open-mesh.org/linux-merge testing commit c0b78038a8477bf0e3368988a3ff63f668cd27db with gcc (GCC) 8.1.0 run #0: crashed: KASAN: use-after-free Read in ipv6_get_ifaddr run #1: crashed: BUG: unable to handle kernel paging request in corrupted run #2: crashed: unexpected kernel reboot run #3: crashed: KASAN: stack-out-of-bounds Read in check_preempt_wakeup run #4: crashed: unexpected kernel reboot run #5: crashed: KASAN: stack-out-of-bounds Write in rb_insert_color run #6: crashed: KASAN: stack-out-of-bounds in debug_object_active_state run #7: crashed: general protection fault in rb_erase run #8: crashed: BUG: Bad page mSeaBIOS (version 1.8.2-ADDR_ADDR-google) run #9: crashed: no output from test machine # git bisect good c0b78038a8477bf0e3368988a3ff63f668cd27db Bisecting: 392 revisions left to test after this (roughly 9 steps) [28c20cc73b9cc4288c86c2a3fc62af4087de4b19] Merge tag 'drm-fixes-2018-07-20' of git://anongit.freedesktop.org/drm/drm testing commit 28c20cc73b9cc4288c86c2a3fc62af4087de4b19 with gcc (GCC) 8.1.0 all runs: OK # git bisect bad 28c20cc73b9cc4288c86c2a3fc62af4087de4b19 Bisecting: 197 revisions left to test after this (roughly 8 steps) [9ba8376ce1e2cbf4ce44f7e4bee1d0648e10d594] ptp: fix missing break in switch testing commit 9ba8376ce1e2cbf4ce44f7e4bee1d0648e10d594 with gcc (GCC) 8.1.0 all runs: OK # git bisect bad 9ba8376ce1e2cbf4ce44f7e4bee1d0648e10d594 Bisecting: 98 revisions left to test after this (roughly 7 steps) [0026129c8629265bfe5079c1e017fa8543796d9f] rhashtable: add restart routine in rhashtable_free_and_destroy() testing commit 0026129c8629265bfe5079c1e017fa8543796d9f with gcc (GCC) 8.1.0 all runs: crashed: BUG: MAX_LOCK_DEPTH too low! # git bisect good 0026129c8629265bfe5079c1e017fa8543796d9f Bisecting: 49 revisions left to test after this (roughly 6 steps) [8e05fd839ddf15dca8500f6f581766d4982c135e] Merge branch 'multicast-init-as-INCLUDE-when-join-SSM-INCLUDE-group' testing commit 8e05fd839ddf15dca8500f6f581766d4982c135e with gcc (GCC) 8.1.0 all runs: OK # git bisect bad 8e05fd839ddf15dca8500f6f581766d4982c135e Bisecting: 24 revisions left to test after this (roughly 5 steps) [8b7008620b8452728cadead460a36f64ed78c460] net: Don't copy pfmemalloc flag in __copy_skb_header() testing commit 8b7008620b8452728cadead460a36f64ed78c460 with gcc (GCC) 8.1.0 all runs: crashed: BUG: MAX_LOCK_DEPTH too low! # git bisect good 8b7008620b8452728cadead460a36f64ed78c460 Bisecting: 12 revisions left to test after this (roughly 4 steps) [5e3e6e834eacfe8f1071540df7831cbb3e8ca0d3] Merge branch 'bpf-af-xdp-consistent-err-reporting' testing commit 5e3e6e834eacfe8f1071540df7831cbb3e8ca0d3 with gcc (GCC) 8.1.0 all runs: crashed: BUG: MAX_LOCK_DEPTH too low! # git bisect good 5e3e6e834eacfe8f1071540df7831cbb3e8ca0d3 Bisecting: 6 revisions left to test after this (roughly 3 steps) [c3086637b0d7dbee0925697f8dbee2bcf9637b9f] net: ethtool: fix spelling mistake: "tubale" -> "tunable" testing commit c3086637b0d7dbee0925697f8dbee2bcf9637b9f with gcc (GCC) 8.1.0 all runs: OK # git bisect bad c3086637b0d7dbee0925697f8dbee2bcf9637b9f Bisecting: 2 revisions left to test after this (roughly 2 steps) [8f19f12bdcc612bf39d0dbae6d0509a4939aaac3] selftests: in udpgso_bench do not test udp zerocopy testing commit 8f19f12bdcc612bf39d0dbae6d0509a4939aaac3 with gcc (GCC) 8.1.0 all runs: OK # git bisect bad 8f19f12bdcc612bf39d0dbae6d0509a4939aaac3 Bisecting: 0 revisions left to test after this (roughly 1 step) [993675a3100b16a4c80dfd70cbcde8ea7127b31d] packet: reset network header if packet shorter than ll reserved space testing commit 993675a3100b16a4c80dfd70cbcde8ea7127b31d with gcc (GCC) 8.1.0 all runs: OK # git bisect bad 993675a3100b16a4c80dfd70cbcde8ea7127b31d Bisecting: 0 revisions left to test after this (roughly 0 steps) [bab2c80e5a6c855657482eac9e97f5f3eedb509a] nsh: set mac len based on inner packet testing commit bab2c80e5a6c855657482eac9e97f5f3eedb509a with gcc (GCC) 8.1.0 all runs: OK # git bisect bad bab2c80e5a6c855657482eac9e97f5f3eedb509a bab2c80e5a6c855657482eac9e97f5f3eedb509a is the first bad commit commit bab2c80e5a6c855657482eac9e97f5f3eedb509a Author: Willem de Bruijn Date: Wed Jul 11 12:00:44 2018 -0400 nsh: set mac len based on inner packet When pulling the NSH header in nsh_gso_segment, set the mac length based on the encapsulated packet type. skb_reset_mac_len computes an offset to the network header, which here still points to the outer packet: > skb_reset_network_header(skb); > [...] > __skb_pull(skb, nsh_len); > skb_reset_mac_header(skb); // now mac hdr starts nsh_len == 8B after net hdr > skb_reset_mac_len(skb); // mac len = net hdr - mac hdr == (u16) -8 == 65528 > [..] > skb_mac_gso_segment(skb, ..) Link: http://lkml.kernel.org/r/CAF=yD-KeAcTSOn4AxirAxL8m7QAS8GBBe1w09eziYwvPbbUeYA@mail.gmail.com Reported-by: syzbot+7b9ed9872dab8c32305d@syzkaller.appspotmail.com Fixes: c411ed854584 ("nsh: add GSO support") Signed-off-by: Willem de Bruijn Acked-by: Jiri Benc Signed-off-by: David S. Miller :040000 040000 42786cf0a5b8a23681edd2f0ca64f8f1c6e19a47 554e9263406c7a9caf668bd25c350976a816caec M net revisions tested: 19, total time: 4h40m5.772140146s (build: 1h38m17.471013803s, test: 2h55m22.278485593s) first good commit: bab2c80e5a6c855657482eac9e97f5f3eedb509a nsh: set mac len based on inner packet cc: ["allison@lohutok.net" "davem@davemloft.net" "gregkh@linuxfoundation.org" "info@metux.net" "jbenc@redhat.com" "kstewart@linuxfoundation.org" "linux-kernel@vger.kernel.org" "netdev@vger.kernel.org" "tglx@linutronix.de" "willemb@google.com"]