bisecting cause commit starting from 4bffc669d6248d655aeb985a0e51bfaaf21c8b40 building syzkaller on ac912200b65d80413762b8d61eb6399ef9eccfd9 testing commit 4bffc669d6248d655aeb985a0e51bfaaf21c8b40 with gcc (GCC) 8.1.0 run #0: crashed: WARNING: suspicious RCU usage in corrupted run #1: crashed: kernel BUG at mm/slab.c:LINE! run #2: crashed: BUG: unable to handle kernel NULL pointer dereference in corrupted run #3: crashed: BUG: unable to handle kernel NULL pointer dereference in corrupted run #4: crashed: PANIC: double fault in corrupted run #5: crashed: general protection fault in cpuacct_charge run #6: crashed: kernel panic: stack-protector: run #7: crashed: KASAN: stack-out-of-bounds Write in kallsyms_lookup run #8: crashed: general protection fault in cpuacct_account_field run #9: crashed: kernel BUG at mm/slab.c:LINE! testing release v4.19 testing commit 84df9525b0c27f3ebc2ebb1864fa62a97fdedb7d with gcc (GCC) 8.1.0 all runs: OK # git bisect start 4bffc669d6248d655aeb985a0e51bfaaf21c8b40 v4.19 Bisecting: 7157 revisions left to test after this (roughly 13 steps) [033078a9afe504ac9e615d10c4b35d634450b637] Merge tag '4.20-smb3-fixes' of git://git.samba.org/sfrench/cifs-2.6 testing commit 033078a9afe504ac9e615d10c4b35d634450b637 with gcc (GCC) 8.1.0 all runs: OK # git bisect good 033078a9afe504ac9e615d10c4b35d634450b637 Bisecting: 3727 revisions left to test after this (roughly 12 steps) [c38239b4be1ac7e4bcf5bbd971353bae51525b8f] Merge branch 'parisc-4.20-2' of git://git.kernel.org/pub/scm/linux/kernel/git/deller/parisc-linux testing commit c38239b4be1ac7e4bcf5bbd971353bae51525b8f with gcc (GCC) 8.1.0 all runs: OK # git bisect good c38239b4be1ac7e4bcf5bbd971353bae51525b8f Bisecting: 1861 revisions left to test after this (roughly 11 steps) [a422757e8c323ae12163fa74bc21c41606a233df] Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf testing commit a422757e8c323ae12163fa74bc21c41606a233df with gcc (GCC) 8.1.0 all runs: OK # git bisect good a422757e8c323ae12163fa74bc21c41606a233df Bisecting: 923 revisions left to test after this (roughly 10 steps) [c67a98c00ea3c1fad14833f440fcd770232d24e7] Merge branch 'akpm' (patches from Andrew) testing commit c67a98c00ea3c1fad14833f440fcd770232d24e7 with gcc (GCC) 8.1.0 all runs: OK # git bisect good c67a98c00ea3c1fad14833f440fcd770232d24e7 Bisecting: 498 revisions left to test after this (roughly 9 steps) [bae4e109837b419b93fbddcb414c86673b1c90a5] mlxsw: spectrum: Expose discard counters via ethtool testing commit bae4e109837b419b93fbddcb414c86673b1c90a5 with gcc (GCC) 8.1.0 run #0: crashed: general protection fault in cpuacct_charge run #1: crashed: general protection fault in cpuacct_charge run #2: crashed: general protection fault in cpuacct_charge run #3: crashed: kernel panic: stack is corrupted in trace_hardirqs_off_caller run #4: crashed: WARNING: suspicious RCU usage run #5: crashed: KASAN: stack-out-of-bounds Read in __enqueue_entity run #6: crashed: general protection fault in cpuacct_charge run #7: crashed: no output from test machine run #8: crashed: general protection fault in cpuacct_charge run #9: crashed: no output from test machine # git bisect bad bae4e109837b419b93fbddcb414c86673b1c90a5 Bisecting: 212 revisions left to test after this (roughly 8 steps) [fa28a2b244a90158319dcc3bc2e21970f32160e0] Merge branch 'phylib-simplifications' testing commit fa28a2b244a90158319dcc3bc2e21970f32160e0 with gcc (GCC) 8.1.0 run #0: crashed: WARNING: suspicious RCU usage in corrupted run #1: crashed: WARNING: suspicious RCU usage in corrupted run #2: crashed: KASAN: stack-out-of-bounds Read in __run_timers run #3: basic kernel testing failed: failed to copy test binary to VM: failed to run ["scp" "-P" "17927" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "-i" "/usr/local/google/home/dvyukov/syzkaller/ci-bisect2/jobs/linux/workdir/image/key" "/tmp/syz-executor306786478" "root@localhost:/syz-executor306786478"]: exit status 1 ssh: connect to host localhost port 17927: Connection refused lost connection run #4: crashed: general protection fault in cpuacct_charge run #5: crashed: general protection fault in cpuacct_account_field run #6: crashed: general protection fault in cpuacct_charge run #7: crashed: WARNING: suspicious RCU usage in corrupted run #8: crashed: WARNING: suspicious RCU usage in corrupted run #9: crashed: no output from test machine # git bisect bad fa28a2b244a90158319dcc3bc2e21970f32160e0 Bisecting: 105 revisions left to test after this (roughly 7 steps) [0db55093b56618088b9a1d445eb6e43b311bea33] net: bcmgenet: return correct value 'ret' from bcmgenet_power_down testing commit 0db55093b56618088b9a1d445eb6e43b311bea33 with gcc (GCC) 8.1.0 all runs: OK # git bisect good 0db55093b56618088b9a1d445eb6e43b311bea33 Bisecting: 52 revisions left to test after this (roughly 6 steps) [47330f9bdf240f5a582f756cf93354281b36453a] nfp: abm: split qdisc offload code into a separate file testing commit 47330f9bdf240f5a582f756cf93354281b36453a with gcc (GCC) 8.1.0 run #0: crashed: WARNING: suspicious RCU usage in corrupted run #1: crashed: BUG: unable to handle kernel paging request in corrupted run #2: basic kernel testing failed: failed to copy test binary to VM: failed to run ["scp" "-P" "28197" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "-i" "/usr/local/google/home/dvyukov/syzkaller/ci-bisect2/jobs/linux/workdir/image/key" "/tmp/syz-executor477483265" "root@localhost:/syz-executor477483265"]: exit status 1 ssh: connect to host localhost port 28197: Connection refused lost connection run #3: crashed: BUG: unable to handle kernel NULL pointer dereference in corrupted run #4: crashed: BUG: unable to handle kernel paging request in corrupted run #5: crashed: WARNING: suspicious RCU usage in corrupted run #6: basic kernel testing failed: failed to copy test binary to VM: failed to run ["scp" "-P" "10316" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "-i" "/usr/local/google/home/dvyukov/syzkaller/ci-bisect2/jobs/linux/workdir/image/key" "/tmp/syz-executor355988076" "root@localhost:/syz-executor355988076"]: exit status 1 ssh: connect to host localhost port 10316: Connection refused lost connection run #7: crashed: WARNING: suspicious RCU usage run #8: crashed: BUG: unable to handle kernel NULL pointer dereference in corrupted run #9: basic kernel testing failed: failed to copy test binary to VM: failed to run ["scp" "-P" "49097" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "-i" "/usr/local/google/home/dvyukov/syzkaller/ci-bisect2/jobs/linux/workdir/image/key" "/tmp/syz-executor032583387" "root@localhost:/syz-executor032583387"]: exit status 1 ssh: connect to host localhost port 49097: Connection timed out lost connection # git bisect bad 47330f9bdf240f5a582f756cf93354281b36453a Bisecting: 26 revisions left to test after this (roughly 5 steps) [50254256f382c56bde87d970f3d0d02fdb76ec70] sock: Reset dst when changing sk_mark via setsockopt testing commit 50254256f382c56bde87d970f3d0d02fdb76ec70 with gcc (GCC) 8.1.0 run #0: crashed: WARNING: suspicious RCU usage run #1: crashed: KASAN: stack-out-of-bounds Read in cpuacct_charge run #2: crashed: WARNING: suspicious RCU usage in corrupted run #3: crashed: general protection fault in corrupted run #4: crashed: BUG: unable to handle kernel paging request in corrupted run #5: basic kernel testing failed: failed to copy test binary to VM: failed to run ["scp" "-P" "7906" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "-i" "/usr/local/google/home/dvyukov/syzkaller/ci-bisect2/jobs/linux/workdir/image/key" "/tmp/syz-executor795297221" "root@localhost:/syz-executor795297221"]: exit status 1 ssh: connect to host localhost port 7906: Connection refused lost connection run #6: crashed: WARNING: suspicious RCU usage run #7: crashed: BUG: unable to handle kernel paging request in corrupted run #8: crashed: no output from test machine run #9: crashed: WARNING: suspicious RCU usage in corrupted # git bisect bad 50254256f382c56bde87d970f3d0d02fdb76ec70 Bisecting: 12 revisions left to test after this (roughly 4 steps) [b8a51b38e4d4dec3e379d52c0fe1a66827f7cf1e] fou, fou6: ICMP error handlers for FoU and GUE testing commit b8a51b38e4d4dec3e379d52c0fe1a66827f7cf1e with gcc (GCC) 8.1.0 run #0: crashed: general protection fault in cpuacct_account_field run #1: crashed: general protection fault in cpuacct_charge run #2: crashed: BUG: unable to handle kernel paging request in corrupted run #3: crashed: general protection fault in cpuacct_charge run #4: basic kernel testing failed: failed to copy test binary to VM: failed to run ["scp" "-P" "22622" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "-i" "/usr/local/google/home/dvyukov/syzkaller/ci-bisect2/jobs/linux/workdir/image/key" "/tmp/syz-executor181112895" "root@localhost:/syz-executor181112895"]: exit status 1 ssh: connect to host localhost port 22622: Connection refused lost connection run #5: crashed: WARNING: suspicious RCU usage in corrupted run #6: crashed: kernel panic: stack is corrupted in __check_object_size run #7: crashed: WARNING: locking bug in corrupted run #8: crashed: no output from test machine run #9: crashed: no output from test machine # git bisect bad b8a51b38e4d4dec3e379d52c0fe1a66827f7cf1e Bisecting: 6 revisions left to test after this (roughly 3 steps) [b4d3069783bccf0c965468da7db141d359d796fc] vxlan: Allow configuration of DF behaviour testing commit b4d3069783bccf0c965468da7db141d359d796fc with gcc (GCC) 8.1.0 all runs: OK # git bisect good b4d3069783bccf0c965468da7db141d359d796fc Bisecting: 3 revisions left to test after this (roughly 2 steps) [a025fb5f49ad38cf749753b16fcd031d0d678f2b] geneve: Allow configuration of DF behaviour testing commit a025fb5f49ad38cf749753b16fcd031d0d678f2b with gcc (GCC) 8.1.0 all runs: OK # git bisect good a025fb5f49ad38cf749753b16fcd031d0d678f2b Bisecting: 1 revision left to test after this (roughly 1 step) [32bbd8793f24b0d5beb1cdb33c45c75ad1140e4b] net: Convert protocol error handlers from void to int testing commit 32bbd8793f24b0d5beb1cdb33c45c75ad1140e4b with gcc (GCC) 8.1.0 all runs: OK # git bisect good 32bbd8793f24b0d5beb1cdb33c45c75ad1140e4b Bisecting: 0 revisions left to test after this (roughly 0 steps) [e7cc082455cb49ea937a3ec4ab3d001b0b5f137b] udp: Support for error handlers of tunnels with arbitrary destination port testing commit e7cc082455cb49ea937a3ec4ab3d001b0b5f137b with gcc (GCC) 8.1.0 all runs: OK # git bisect good e7cc082455cb49ea937a3ec4ab3d001b0b5f137b b8a51b38e4d4dec3e379d52c0fe1a66827f7cf1e is the first bad commit commit b8a51b38e4d4dec3e379d52c0fe1a66827f7cf1e Author: Stefano Brivio Date: Thu Nov 8 12:19:23 2018 +0100 fou, fou6: ICMP error handlers for FoU and GUE As the destination port in FoU and GUE receiving sockets doesn't necessarily match the remote destination port, we can't associate errors to the encapsulating tunnels with a socket lookup -- we need to blindly try them instead. This means we don't even know if we are handling errors for FoU or GUE without digging into the packets. Hence, implement a single handler for both, one for IPv4 and one for IPv6, that will check whether the packet that generated the ICMP error used a direct IP encapsulation or if it had a GUE header, and send the error to the matching protocol handler, if any. Signed-off-by: Stefano Brivio Reviewed-by: Sabrina Dubroca Signed-off-by: David S. Miller net/ipv4/fou.c | 68 ++++++++++++++++++++++++++++++++++++++++++++++++ net/ipv4/protocol.c | 1 + net/ipv6/fou6.c | 74 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 143 insertions(+) revisions tested: 16, total time: 3h50m12.603076924s (build: 1h17m20.11261656s, test: 2h29m46.89932171s) first bad commit: b8a51b38e4d4dec3e379d52c0fe1a66827f7cf1e fou, fou6: ICMP error handlers for FoU and GUE cc: ["davem@davemloft.net" "kuznet@ms2.inr.ac.ru" "linux-kernel@vger.kernel.org" "netdev@vger.kernel.org" "sbrivio@redhat.com" "sd@queasysnail.net" "yoshfuji@linux-ipv6.org"] crash: no output from test machine