bisecting cause commit starting from 1fc596a56b334f4d593a2b49e5ff55af6aaa0816 building syzkaller on be531bb42381b245eed805e49fd889d1c2118c76 testing commit 1fc596a56b334f4d593a2b49e5ff55af6aaa0816 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 0617557cd0036b56cee34204bcae72d11fd2544c3cb22272d7c9d0f9d6b01dbf all runs: crashed: general protection fault in fq_codel_enqueue testing release v5.14 testing commit 7d2a07b769330c34b4deabeed939325c77a7ec2f compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 299648a482fed26dd2696bc4fcb2c36c6acae408a78761d7dbb2b7d0f2934d2d all runs: crashed: general protection fault in fq_codel_enqueue testing release v5.13 testing commit 62fb9874f5da54fdb243003b386128037319b219 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 96bcfdbdb7d5aa0e285bf0d5a5447ea3dcc444036f6a0d7a382d6ee30279806b run #0: basic kernel testing failed: BUG: sleeping function called from invalid context in lock_sock_nested run #1: crashed: general protection fault in fq_codel_enqueue run #2: crashed: general protection fault in fq_codel_enqueue run #3: crashed: general protection fault in fq_codel_enqueue run #4: crashed: general protection fault in fq_codel_enqueue run #5: crashed: general protection fault in fq_codel_enqueue run #6: crashed: general protection fault in fq_codel_enqueue run #7: crashed: general protection fault in fq_codel_enqueue run #8: crashed: general protection fault in fq_codel_enqueue run #9: crashed: general protection fault in fq_codel_enqueue testing release v5.12 testing commit 9f4ad9e425a1d3b6a34617b8ea226d56a119a717 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: f44cb0de14232a7fa207649a7848180bc531d930788c499b9c065265806bd425 all runs: crashed: general protection fault in fq_codel_enqueue testing release v5.11 testing commit f40ddce88593482919761f74910f42f4b84c004b compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 9360051f8891ef28aefc1cf3710a24c24200da9390b33fdd7198068a9abff8ec all runs: crashed: general protection fault in fq_codel_enqueue testing release v5.10 testing commit 2c85ebc57b3e1817b6ce1a6b703928e113a90442 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 4a86e11cd8306b97f369a96905e6095d0829f30d290144a50a3ff69a03e5e376 all runs: crashed: general protection fault in fq_codel_enqueue testing release v5.9 testing commit bbf5c979011a099af5dc76498918ed7df445635b compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 7c5750a2b3ed8e9a5700125579a4264031f449cfcbf9fa73160e3ce843063d77 all runs: crashed: general protection fault in fq_codel_enqueue testing release v5.8 testing commit bcf876870b95592b52519ed4aafcf9d95999bc9c compiler: gcc (GCC) 8.4.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 6d90a926236a49c5b57b2a72704e2748ad3c91cf39387d2c062752935ec4d8b9 all runs: crashed: general protection fault in fq_codel_enqueue testing release v5.7 testing commit 3d77e6a8804abcc0504c904bd6e5cdf3a5cf8162 compiler: gcc version 8.4.1 20210217 (GCC), GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: b7c64d635b7de64223dcdef93b8053fe2f53bce21313586d70f4f7b23096615b all runs: crashed: general protection fault in fq_codel_enqueue testing release v5.6 testing commit 7111951b8d4973bda27ff663f2cf18b663d15b48 compiler: gcc version 8.4.1 20210217 (GCC) kernel signature: d9dde18560933632c7fc66d1d7a4e7efc516eaed82be61910311576fac6bd505 all runs: crashed: general protection fault in fq_codel_enqueue testing release v5.5 testing commit d5226fa6dbae0569ee43ecfc08bdcd6770fc4755 compiler: gcc version 8.4.1 20210217 (GCC) kernel signature: 50e570f268d8b799305c24b838bfd12e42adc5e88670ba7f9842b6ffa345c091 all runs: crashed: general protection fault in fq_codel_enqueue testing release v5.4 testing commit 219d54332a09e8d8741c1e1982f5eae56099de85 compiler: gcc version 8.4.1 20210217 (GCC) kernel signature: 556d5b3a4535d93ac21d3623cd214400e302289f55cce6179d1d5098eafc60fe all runs: crashed: general protection fault in fq_codel_enqueue testing release v5.3 testing commit 4d856f72c10ecb060868ed10ff1b1453943fc6c8 compiler: gcc version 8.4.1 20210217 (GCC) kernel signature: 0e198607f313fe5ca06d36cb74a272cc292e94424cea80b6aca9cde46d8b08f1 all runs: crashed: general protection fault in fq_codel_enqueue testing release v5.2 testing commit 0ecfebd2b52404ae0c54a878c872bb93363ada36 compiler: gcc version 8.4.1 20210217 (GCC) kernel signature: 8d50eee5f9b0515511e23c248e3f8f0d7f9db60a2b1bda1c686ef474cd24aaf5 all runs: crashed: general protection fault in fq_codel_enqueue testing release v5.1 testing commit e93c9c99a629c61837d5a7fc2120cd2b6c70dbdd compiler: gcc version 8.4.1 20210217 (GCC) kernel signature: 8788bcd7cbbd1711fdce1ae7bf9da5b9fc8afb24f18f987f36ef5269b2a84af0 all runs: crashed: general protection fault in fq_codel_enqueue testing release v5.0 testing commit 1c163f4c7b3f621efff9b28a47abb36f7378d783 compiler: gcc version 8.4.1 20210217 (GCC) kernel signature: 388409af4219d2e80e73da41a697a3f78de5bdc53bb57f7ce8ebc46fa81ecc93 run #0: crashed: general protection fault in fq_codel_enqueue run #1: crashed: general protection fault in fq_codel_enqueue run #2: crashed: general protection fault in fq_codel_enqueue run #3: crashed: general protection fault in fq_codel_enqueue run #4: crashed: general protection fault in fq_codel_enqueue run #5: crashed: general protection fault in corrupted run #6: crashed: general protection fault in fq_codel_enqueue run #7: crashed: general protection fault in fq_codel_enqueue run #8: crashed: general protection fault in fq_codel_enqueue run #9: crashed: general protection fault in fq_codel_enqueue testing release v4.20 testing commit 8fe28cb58bcb235034b64cbbb7550a8a43fd88be compiler: gcc version 8.4.1 20210217 (GCC) kernel signature: 6dcb96bc5dbe6d4d4eda2a6bbb17971f9cc78c71d5e358e140c79819f2a1bd70 run #0: crashed: general protection fault in fq_codel_enqueue run #1: crashed: general protection fault in fq_codel_enqueue run #2: crashed: general protection fault in fq_codel_enqueue run #3: crashed: general protection fault in corrupted run #4: crashed: general protection fault in fq_codel_enqueue run #5: crashed: general protection fault in fq_codel_enqueue run #6: crashed: general protection fault in fq_codel_enqueue run #7: crashed: general protection fault in fq_codel_enqueue run #8: crashed: general protection fault in fq_codel_enqueue run #9: crashed: general protection fault in fq_codel_enqueue testing release v4.19 testing commit 84df9525b0c27f3ebc2ebb1864fa62a97fdedb7d compiler: gcc version 8.4.1 20210217 (GCC) kernel signature: cdc85d39a488e571d3caa0683c054f1b477f8cb1979c7f973eb9decca692b548 all runs: crashed: general protection fault in fq_codel_enqueue testing release v4.18 testing commit 94710cac0ef4ee177a63b5227664b38c95bbf703 compiler: gcc version 8.4.1 20210217 (GCC) kernel signature: 357497751c362d7f891873d873f9ca93cbb6d50b2a13df50b616cfd900ef0655 all runs: crashed: general protection fault in fq_codel_enqueue testing release v4.17 testing commit 29dcea88779c856c7dc92040a0c01233263101d4 compiler: gcc (GCC) 8.4.1 20210217 ./security/selinux/include/classmap.h:247:2: error: #error New address family defined, please update secclass_map. testing release v4.16 testing commit 0adb32858b0bddf4ada5f364a84ed60b196dbcda compiler: gcc (GCC) 8.4.1 20210217 ./security/selinux/include/classmap.h:247:2: error: #error New address family defined, please update secclass_map. orc_dump.c:106:2: error: 'elf_getshnum' is deprecated [-Werror=deprecated-declarations] orc_dump.c:111:2: error: 'elf_getshstrndx' is deprecated [-Werror=deprecated-declarations] elf.c:135:2: error: 'elf_getshnum' is deprecated [-Werror=deprecated-declarations] elf.c:140:2: error: 'elf_getshstrndx' is deprecated [-Werror=deprecated-declarations] testing release v4.15 testing commit d8a5b80568a9cb66810e75b182018e9edb68e8ff compiler: gcc (GCC) 8.4.1 20210217 orc_dump.c:106:2: error: 'elf_getshnum' is deprecated [-Werror=deprecated-declarations] orc_dump.c:111:2: error: 'elf_getshstrndx' is deprecated [-Werror=deprecated-declarations] pager.c:36:12: error: passing argument 2 to 'restrict'-qualified parameter aliases with argument 4 [-Werror=restrict] elf.c:135:2: error: 'elf_getshnum' is deprecated [-Werror=deprecated-declarations] elf.c:140:2: error: 'elf_getshstrndx' is deprecated [-Werror=deprecated-declarations] ./security/selinux/include/classmap.h:247:2: error: #error New address family defined, please update secclass_map. testing release v4.14 testing commit bebc6082da0a9f5d47a1ea2edc099bf671058bd4 compiler: gcc (GCC) 8.4.1 20210217 orc_dump.c:105:2: error: 'elf_getshnum' is deprecated [-Werror=deprecated-declarations] orc_dump.c:110:2: error: 'elf_getshstrndx' is deprecated [-Werror=deprecated-declarations] elf.c:134:2: error: 'elf_getshnum' is deprecated [-Werror=deprecated-declarations] elf.c:139:2: error: 'elf_getshstrndx' is deprecated [-Werror=deprecated-declarations] pager.c:36:12: error: passing argument 2 to 'restrict'-qualified parameter aliases with argument 4 [-Werror=restrict] ./security/selinux/include/classmap.h:245:2: error: #error New address family defined, please update secclass_map. testing release v4.13 testing commit 569dbb88e80deb68974ef6fdd6a13edb9d686261 compiler: gcc (GCC) 8.4.1 20210217 pager.c:35:12: error: passing argument 2 to 'restrict'-qualified parameter aliases with argument 4 [-Werror=restrict] elf.c:144:2: error: 'elf_getshnum' is deprecated [-Werror=deprecated-declarations] elf.c:149:2: error: 'elf_getshstrndx' is deprecated [-Werror=deprecated-declarations] ./security/selinux/include/classmap.h:242:2: error: #error New address family defined, please update secclass_map. testing release v4.12 testing commit 6f7da290413ba713f0cdd9ff1a2a9bb129ef4f6c compiler: gcc (GCC) 8.4.1 20210217 pager.c:35:12: error: passing argument 2 to 'restrict'-qualified parameter aliases with argument 4 [-Werror=restrict] elf.c:141:2: error: 'elf_getshnum' is deprecated [-Werror=deprecated-declarations] elf.c:146:2: error: 'elf_getshstrndx' is deprecated [-Werror=deprecated-declarations] ./security/selinux/include/classmap.h:238:2: error: #error New address family defined, please update secclass_map. testing release v4.11 testing commit a351e9b9fc24e982ec2f0e76379a49826036da12 compiler: gcc (GCC) 7.5.0 elf.c:141:2: error: 'elf_getshnum' is deprecated [-Werror=deprecated-declarations] elf.c:146:2: error: 'elf_getshstrndx' is deprecated [-Werror=deprecated-declarations] pager.c:35:12: error: passing argument 2 to 'restrict'-qualified parameter aliases with argument 4 [-Werror=restrict] testing release v4.10 testing commit c470abd4fde40ea6a0846a2beab642a578c0b8cd compiler: gcc (GCC) 5.5.0 tools/include/linux/log2.h:19:1: error: ignoring attribute 'noreturn' because it conflicts with attribute 'const' [-Werror=attributes] elf.c:129:2: error: 'elf_getshnum' is deprecated [-Werror=deprecated-declarations] elf.c:134:2: error: 'elf_getshstrndx' is deprecated [-Werror=deprecated-declarations] pager.c:35:12: error: passing argument 2 to 'restrict'-qualified parameter aliases with argument 4 [-Werror=restrict] testing release v4.9 testing commit 69973b830859bc6529a7a0468ba0d80ee5117826 compiler: gcc (GCC) 5.5.0 tools/include/linux/log2.h:19:1: error: ignoring attribute 'noreturn' because it conflicts with attribute 'const' [-Werror=attributes] elf.c:129:2: error: 'elf_getshnum' is deprecated [-Werror=deprecated-declarations] elf.c:134:2: error: 'elf_getshstrndx' is deprecated [-Werror=deprecated-declarations] pager.c:35:12: error: passing argument 2 to 'restrict'-qualified parameter aliases with argument 4 [-Werror=restrict] testing release v4.8 testing commit c8d2bc9bc39ebea8437fd974fdbc21847bb897a3 compiler: gcc (GCC) 5.5.0 tools/include/linux/log2.h:19:1: error: ignoring attribute 'noreturn' because it conflicts with attribute 'const' [-Werror=attributes] elf.c:129:2: error: 'elf_getshnum' is deprecated [-Werror=deprecated-declarations] elf.c:134:2: error: 'elf_getshstrndx' is deprecated [-Werror=deprecated-declarations] pager.c:33:12: error: passing argument 2 to 'restrict'-qualified parameter aliases with argument 4 [-Werror=restrict] testing release v4.7 testing commit 523d939ef98fd712632d93a5a2b588e477a7565e compiler: gcc (GCC) 5.5.0 tools/include/linux/log2.h:19:1: error: ignoring attribute 'noreturn' because it conflicts with attribute 'const' [-Werror=attributes] elf.c:122:2: error: 'elf_getshnum' is deprecated [-Werror=deprecated-declarations] elf.c:127:2: error: 'elf_getshstrndx' is deprecated [-Werror=deprecated-declarations] pager.c:33:12: error: passing argument 2 to 'restrict'-qualified parameter aliases with argument 4 [-Werror=restrict] testing release v4.6 testing commit 2dcd0af568b0cf583645c8a317dd12e344b1c72a compiler: gcc (GCC) 5.5.0 tools/include/linux/log2.h:19:1: error: ignoring attribute 'noreturn' because it conflicts with attribute 'const' [-Werror=attributes] pager.c:33:12: error: passing argument 2 to 'restrict'-qualified parameter aliases with argument 4 [-Werror=restrict] revisions tested: 19, total time: 3h12m11.008212874s (build: 2h4m38.807752453s, test: 1h2m29.318793298s) the crash already happened on the oldest tested release commit msg: Linux 4.18 crash: general protection fault in fq_codel_enqueue IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready kasan: CONFIG_KASAN_INLINE enabled kasan: GPF could be caused by NULL-ptr deref or user memory access general protection fault: 0000 [#1] PREEMPT SMP KASAN CPU: 1 PID: 9482 Comm: syz-executor.0 Not tainted 4.18.0-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:dequeue_head net/sched/sch_fq_codel.c:126 [inline] RIP: 0010:fq_codel_drop net/sched/sch_fq_codel.c:174 [inline] RIP: 0010:fq_codel_enqueue+0x865/0x12e0 net/sched/sch_fq_codel.c:236 Code: 48 89 7c 24 48 eb 0b 44 39 7c 24 58 0f 86 bb 00 00 00 48 8b 7c 24 50 80 3f 00 0f 85 82 06 00 00 4c 8b 20 4c 89 e2 48 c1 ea 03 <80> 3c 0a 00 0f 85 64 05 00 00 49 8b 14 24 49 8d 7c 24 28 48 89 10 RSP: 0018:ffff88008acff500 EFLAGS: 00010246 ieee80211 phy6: Selected rate control algorithm 'minstrel_ht' RAX: ffff88008a860900 RBX: ffff8800a8b68040 RCX: dffffc0000000000 RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffed001150c120 IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready RBP: ffff88008acff5f0 R08: 0000000000000000 R09: 0000000000000000 wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 R10: 0000000000000000 R11: ffff8800a8b68328 R12: 0000000000000000 R13: 1ffff1001159feac R14: ffff88008acff700 R15: 0000000000000000 FS: 00007f05b593d700(0000) GS:ffff8800ba700000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007ffc1ae75c60 CR3: 0000000097475000 CR4: 00000000003406e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: ieee80211 phy7: Selected rate control algorithm 'minstrel_ht' wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 __dev_xmit_skb net/core/dev.c:3272 [inline] __dev_queue_xmit+0x10ca/0x2960 net/core/dev.c:3537 IPv6: ADDRCONF(NETDEV_UP): wlan1: link is not ready IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready dev_queue_xmit+0xb/0x10 net/core/dev.c:3602 wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 __bpf_tx_skb net/core/filter.c:1995 [inline] __bpf_redirect_common net/core/filter.c:2033 [inline] __bpf_redirect+0x55f/0xa00 net/core/filter.c:2040 ____bpf_clone_redirect net/core/filter.c:2073 [inline] bpf_clone_redirect+0x29b/0x3f0 net/core/filter.c:2045 ___bpf_prog_run+0x1f96/0x4f60 kernel/bpf/core.c:1112 wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 __bpf_prog_run512+0x9d/0xd0 kernel/bpf/core.c:1366 IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready bpf_test_run_one net/bpf/test_run.c:20 [inline] bpf_test_run+0x8a/0x2d0 net/bpf/test_run.c:36 ieee80211 phy8: Selected rate control algorithm 'minstrel_ht' IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready bpf_prog_test_run_skb+0x537/0xa90 net/bpf/test_run.c:138 wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 bpf_prog_test_run kernel/bpf/syscall.c:1688 [inline] __do_sys_bpf kernel/bpf/syscall.c:2325 [inline] __se_sys_bpf+0x12e7/0x29f0 kernel/bpf/syscall.c:2269 __x64_sys_bpf+0x6e/0xb0 kernel/bpf/syscall.c:2269 do_syscall_64+0xda/0x540 arch/x86/entry/common.c:290 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7f05b61c7a39 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f05b593d188 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 RAX: ffffffffffffffda RBX: 00007f05b62daf60 RCX: 00007f05b61c7a39 RDX: 0000000000000048 RSI: 0000000020000140 RDI: 000000000000000a RBP: 00007f05b6221e8f R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffcd6d778bf R14: 00007f05b593d300 R15: 0000000000022000 Modules linked in: ---[ end trace b88c356f128c4b9b ]--- wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 RIP: 0010:dequeue_head net/sched/sch_fq_codel.c:126 [inline] RIP: 0010:fq_codel_drop net/sched/sch_fq_codel.c:174 [inline] RIP: 0010:fq_codel_enqueue+0x865/0x12e0 net/sched/sch_fq_codel.c:236 Code: 48 ieee80211 phy9: Selected rate control algorithm 'minstrel_ht' 89 IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready 7c IPv6: ADDRCONF(NETDEV_UP): wlan1: link is not ready 24 48 eb 0b 44 39 7c 24 58 0f 86 bb 00 00 00 48 8b 7c 24 50 80 3f 00 0f 85 82 06 00 00 4c 8b 20 4c 89 e2 48 c1 ea 03 <80> 3c 0a 00 0f 85 64 05 00 00 49 8b 14 24 49 8d 7c 24 28 48 89 10 RSP: 0018:ffff88008acff500 EFLAGS: 00010246 RAX: ffff88008a860900 RBX: ffff8800a8b68040 RCX: dffffc0000000000 RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffed001150c120 RBP: ffff88008acff5f0 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: ffff8800a8b68328 R12: 0000000000000000 R13: 1ffff1001159feac R14: ffff88008acff700 R15: 0000000000000000 FS: 00007f05b593d700(0000) GS:ffff8800ba700000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007ffc1ae75c60 CR3: 0000000097475000 CR4: 00000000003406e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 ---------------- Code disassembly (best guess): 0: 48 89 7c 24 48 mov %rdi,0x48(%rsp) 5: eb 0b jmp 0x12 7: 44 39 7c 24 58 cmp %r15d,0x58(%rsp) c: 0f 86 bb 00 00 00 jbe 0xcd 12: 48 8b 7c 24 50 mov 0x50(%rsp),%rdi 17: 80 3f 00 cmpb $0x0,(%rdi) 1a: 0f 85 82 06 00 00 jne 0x6a2 20: 4c 8b 20 mov (%rax),%r12 23: 4c 89 e2 mov %r12,%rdx 26: 48 c1 ea 03 shr $0x3,%rdx * 2a: 80 3c 0a 00 cmpb $0x0,(%rdx,%rcx,1) <-- trapping instruction 2e: 0f 85 64 05 00 00 jne 0x598 34: 49 8b 14 24 mov (%r12),%rdx 38: 49 8d 7c 24 28 lea 0x28(%r12),%rdi 3d: 48 89 10 mov %rdx,(%rax)