bisecting cause commit starting from aea0a897af9e44c258e8ab9296fad417f1bc063a building syzkaller on ecc7c8709106080bdf3dd84baffe353c00163fb0 testing commit aea0a897af9e44c258e8ab9296fad417f1bc063a with gcc (GCC) 8.1.0 run #0: crashed: general protection fault in cpuacct_charge run #1: crashed: WARNING: suspicious RCU usage run #2: crashed: WARNING: suspicious RCU usage in corrupted run #3: crashed: general protection fault in mm_update_next_owner run #4: crashed: invalid opcode in corrupted run #5: crashed: KASAN: stack-out-of-bounds Read in __enqueue_entity run #6: crashed: kernel BUG at mm/slab.c:LINE! run #7: basic kernel testing failed: failed to copy test binary to VM: failed to run ["scp" "-P" "32330" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "-i" "/usr/local/google/home/dvyukov/syzkaller/ci-bisect3/jobs/linux/workdir/image/key" "/tmp/syz-executor231414601" "root@localhost:/syz-executor231414601"]: exit status 1 ssh: connect to host localhost port 32330: Connection refused lost connection run #8: crashed: no output from test machine run #9: OK testing release v4.19 testing commit 84df9525b0c27f3ebc2ebb1864fa62a97fdedb7d with gcc (GCC) 8.1.0 all runs: OK # git bisect start aea0a897af9e44c258e8ab9296fad417f1bc063a v4.19 Bisecting: 7068 revisions left to test after this (roughly 13 steps) [22146c3ce98962436e401f7b7016a6f664c9ffb5] hugetlbfs: dirty pages as they are added to pagecache testing commit 22146c3ce98962436e401f7b7016a6f664c9ffb5 with gcc (GCC) 8.1.0 all runs: OK # git bisect good 22146c3ce98962436e401f7b7016a6f664c9ffb5 Bisecting: 3538 revisions left to test after this (roughly 12 steps) [134bf98c5596605af90f104716ef912e8f7eb56b] Merge tag 'media/v4.20-1' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media testing commit 134bf98c5596605af90f104716ef912e8f7eb56b with gcc (GCC) 8.1.0 all runs: OK # git bisect good 134bf98c5596605af90f104716ef912e8f7eb56b Bisecting: 1755 revisions left to test after this (roughly 11 steps) [eb7046e9bf466cebfcfbcdf640e41d9e3a80086c] Merge tag 'platform-drivers-x86-v4.20-1' of git://git.infradead.org/linux-platform-drivers-x86 testing commit eb7046e9bf466cebfcfbcdf640e41d9e3a80086c with gcc (GCC) 8.1.0 all runs: OK # git bisect good eb7046e9bf466cebfcfbcdf640e41d9e3a80086c Bisecting: 859 revisions left to test after this (roughly 10 steps) [7a3765ed66d187071bbf56a8212f5d2bc2d2e2cc] Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net testing commit 7a3765ed66d187071bbf56a8212f5d2bc2d2e2cc with gcc (GCC) 8.1.0 all runs: OK # git bisect good 7a3765ed66d187071bbf56a8212f5d2bc2d2e2cc Bisecting: 433 revisions left to test after this (roughly 9 steps) [bae4e109837b419b93fbddcb414c86673b1c90a5] mlxsw: spectrum: Expose discard counters via ethtool testing commit bae4e109837b419b93fbddcb414c86673b1c90a5 with gcc (GCC) 8.1.0 run #0: crashed: general protection fault in cpuacct_charge run #1: crashed: general protection fault in cpuacct_account_field run #2: crashed: general protection fault in cpuacct_charge run #3: crashed: kernel BUG at mm/slab.c:LINE! run #4: crashed: KASAN: stack-out-of-bounds Read in corrupted run #5: crashed: WARNING: suspicious RCU usage in corrupted run #6: crashed: WARNING: suspicious RCU usage in corrupted run #7: crashed: general protection fault in cpuacct_charge run #8: crashed: WARNING: suspicious RCU usage run #9: crashed: general protection fault in cpuacct_charge # git bisect bad bae4e109837b419b93fbddcb414c86673b1c90a5 Bisecting: 212 revisions left to test after this (roughly 8 steps) [aa2af2eb447c9a21c8c9e8d2336672bb620cf900] net: phy: add macros for PHYID matching testing commit aa2af2eb447c9a21c8c9e8d2336672bb620cf900 with gcc (GCC) 8.1.0 run #0: crashed: general protection fault in cpuacct_charge run #1: crashed: general protection fault in cpuacct_charge run #2: crashed: kernel BUG at mm/slab.c:LINE! run #3: crashed: general protection fault in cpuacct_charge run #4: crashed: WARNING: suspicious RCU usage in corrupted run #5: crashed: general protection fault in cpuacct_charge run #6: crashed: WARNING: suspicious RCU usage in corrupted run #7: crashed: BUG: unable to handle kernel paging request in corrupted run #8: crashed: PANIC: double fault in corrupted run #9: crashed: no output from test machine # git bisect bad aa2af2eb447c9a21c8c9e8d2336672bb620cf900 Bisecting: 106 revisions left to test after this (roughly 7 steps) [0db55093b56618088b9a1d445eb6e43b311bea33] net: bcmgenet: return correct value 'ret' from bcmgenet_power_down testing commit 0db55093b56618088b9a1d445eb6e43b311bea33 with gcc (GCC) 8.1.0 all runs: OK # git bisect good 0db55093b56618088b9a1d445eb6e43b311bea33 Bisecting: 53 revisions left to test after this (roughly 6 steps) [47330f9bdf240f5a582f756cf93354281b36453a] nfp: abm: split qdisc offload code into a separate file testing commit 47330f9bdf240f5a582f756cf93354281b36453a with gcc (GCC) 8.1.0 run #0: crashed: kernel panic: stack is corrupted in __check_object_size run #1: crashed: BUG: bad usercopy in corrupted run #2: crashed: WARNING: locking bug in corrupted run #3: crashed: KASAN: stack-out-of-bounds Read in __run_timers run #4: crashed: WARNING: suspicious RCU usage run #5: crashed: WARNING: suspicious RCU usage run #6: crashed: WARNING: suspicious RCU usage in corrupted run #7: crashed: general protection fault in cpuacct_charge run #8: crashed: no output from test machine run #9: OK # git bisect bad 47330f9bdf240f5a582f756cf93354281b36453a Bisecting: 26 revisions left to test after this (roughly 5 steps) [50254256f382c56bde87d970f3d0d02fdb76ec70] sock: Reset dst when changing sk_mark via setsockopt testing commit 50254256f382c56bde87d970f3d0d02fdb76ec70 with gcc (GCC) 8.1.0 run #0: basic kernel testing failed: failed to copy test binary to VM: failed to run ["scp" "-P" "30515" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "-i" "/usr/local/google/home/dvyukov/syzkaller/ci-bisect3/jobs/linux/workdir/image/key" "/tmp/syz-executor288616828" "root@localhost:/syz-executor288616828"]: exit status 1 ssh: connect to host localhost port 30515: Connection refused lost connection run #1: crashed: WARNING: suspicious RCU usage in corrupted run #2: crashed: PANIC: double fault in __do_page_fault run #3: crashed: general protection fault in cpuacct_account_field run #4: crashed: general protection fault in cpuacct_charge run #5: crashed: kernel panic: stack is corrupted in is_prefetch run #6: crashed: general protection fault in cpuacct_charge run #7: crashed: general protection fault in cpuacct_charge run #8: crashed: kernel BUG at mm/slab.c:LINE! run #9: OK # git bisect bad 50254256f382c56bde87d970f3d0d02fdb76ec70 Bisecting: 12 revisions left to test after this (roughly 4 steps) [b8a51b38e4d4dec3e379d52c0fe1a66827f7cf1e] fou, fou6: ICMP error handlers for FoU and GUE testing commit b8a51b38e4d4dec3e379d52c0fe1a66827f7cf1e with gcc (GCC) 8.1.0 run #0: crashed: WARNING: locking bug in corrupted run #1: crashed: WARNING: suspicious RCU usage run #2: crashed: kernel panic: stack is corrupted in search_extable run #3: basic kernel testing failed: failed to copy test binary to VM: failed to run ["scp" "-P" "4583" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "-i" "/usr/local/google/home/dvyukov/syzkaller/ci-bisect3/jobs/linux/workdir/image/key" "/tmp/syz-executor636569109" "root@localhost:/syz-executor636569109"]: exit status 1 ssh: connect to host localhost port 4583: Connection refused lost connection run #4: crashed: WARNING: suspicious RCU usage in corrupted run #5: crashed: WARNING: suspicious RCU usage in corrupted run #6: basic kernel testing failed: failed to copy test binary to VM: failed to run ["scp" "-P" "9238" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "-i" "/usr/local/google/home/dvyukov/syzkaller/ci-bisect3/jobs/linux/workdir/image/key" "/tmp/syz-executor806804592" "root@localhost:/syz-executor806804592"]: exit status 1 ssh: connect to host localhost port 9238: Connection refused lost connection run #7: crashed: no output from test machine run #8: OK run #9: basic kernel testing failed: failed to copy test binary to VM: failed to run ["scp" "-P" "45506" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "-i" "/usr/local/google/home/dvyukov/syzkaller/ci-bisect3/jobs/linux/workdir/image/key" "/tmp/syz-executor951170338" "root@localhost:/syz-executor951170338"]: exit status 1 ssh: connect to host localhost port 45506: Connection timed out lost connection # git bisect bad b8a51b38e4d4dec3e379d52c0fe1a66827f7cf1e Bisecting: 6 revisions left to test after this (roughly 3 steps) [b4d3069783bccf0c965468da7db141d359d796fc] vxlan: Allow configuration of DF behaviour testing commit b4d3069783bccf0c965468da7db141d359d796fc with gcc (GCC) 8.1.0 all runs: OK # git bisect good b4d3069783bccf0c965468da7db141d359d796fc Bisecting: 3 revisions left to test after this (roughly 2 steps) [a025fb5f49ad38cf749753b16fcd031d0d678f2b] geneve: Allow configuration of DF behaviour testing commit a025fb5f49ad38cf749753b16fcd031d0d678f2b with gcc (GCC) 8.1.0 all runs: OK # git bisect good a025fb5f49ad38cf749753b16fcd031d0d678f2b Bisecting: 1 revision left to test after this (roughly 1 step) [32bbd8793f24b0d5beb1cdb33c45c75ad1140e4b] net: Convert protocol error handlers from void to int testing commit 32bbd8793f24b0d5beb1cdb33c45c75ad1140e4b with gcc (GCC) 8.1.0 all runs: OK # git bisect good 32bbd8793f24b0d5beb1cdb33c45c75ad1140e4b Bisecting: 0 revisions left to test after this (roughly 0 steps) [e7cc082455cb49ea937a3ec4ab3d001b0b5f137b] udp: Support for error handlers of tunnels with arbitrary destination port testing commit e7cc082455cb49ea937a3ec4ab3d001b0b5f137b with gcc (GCC) 8.1.0 all runs: OK # git bisect good e7cc082455cb49ea937a3ec4ab3d001b0b5f137b b8a51b38e4d4dec3e379d52c0fe1a66827f7cf1e is the first bad commit commit b8a51b38e4d4dec3e379d52c0fe1a66827f7cf1e Author: Stefano Brivio Date: Thu Nov 8 12:19:23 2018 +0100 fou, fou6: ICMP error handlers for FoU and GUE As the destination port in FoU and GUE receiving sockets doesn't necessarily match the remote destination port, we can't associate errors to the encapsulating tunnels with a socket lookup -- we need to blindly try them instead. This means we don't even know if we are handling errors for FoU or GUE without digging into the packets. Hence, implement a single handler for both, one for IPv4 and one for IPv6, that will check whether the packet that generated the ICMP error used a direct IP encapsulation or if it had a GUE header, and send the error to the matching protocol handler, if any. Signed-off-by: Stefano Brivio Reviewed-by: Sabrina Dubroca Signed-off-by: David S. Miller net/ipv4/fou.c | 68 ++++++++++++++++++++++++++++++++++++++++++++++++ net/ipv4/protocol.c | 1 + net/ipv6/fou6.c | 74 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 143 insertions(+) revisions tested: 16, total time: 3h49m34.580647149s (build: 1h12m55.631200207s, test: 2h32m49.907168199s) first bad commit: b8a51b38e4d4dec3e379d52c0fe1a66827f7cf1e fou, fou6: ICMP error handlers for FoU and GUE cc: ["davem@davemloft.net" "kuznet@ms2.inr.ac.ru" "linux-kernel@vger.kernel.org" "netdev@vger.kernel.org" "sbrivio@redhat.com" "sd@queasysnail.net" "yoshfuji@linux-ipv6.org"] crash: no output from test machine