bisecting cause commit starting from da6570438d9bc1fff85f8ce7bcd02fe968289ef9 building syzkaller on b8ceabfc3242f91c14c759a4ba77471d3be08869 testing commit da6570438d9bc1fff85f8ce7bcd02fe968289ef9 with gcc (GCC) 8.1.0 all runs: crashed: general protection fault in xsk_poll testing release v5.2 testing commit 0ecfebd2b52404ae0c54a878c872bb93363ada36 with gcc (GCC) 8.1.0 run #0: OK run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: boot failed: WARNING: workqueue cpumask: online intersect > possible intersect run #9: OK # git bisect start da6570438d9bc1fff85f8ce7bcd02fe968289ef9 v5.2 Bisecting: 11240 revisions left to test after this (roughly 14 steps) [fa121bb3fed6313b1f0af23952301e06cf6d32ed] Merge tag 'mips_5.3' of git://git.kernel.org/pub/scm/linux/kernel/git/mips/linux testing commit fa121bb3fed6313b1f0af23952301e06cf6d32ed with gcc (GCC) 8.1.0 all runs: OK # git bisect good fa121bb3fed6313b1f0af23952301e06cf6d32ed Bisecting: 5714 revisions left to test after this (roughly 13 steps) [7f90874125a5776630d6954712c0d35ea418bcab] Merge remote-tracking branch 'jc_docs/docs-next' testing commit 7f90874125a5776630d6954712c0d35ea418bcab with gcc (GCC) 8.1.0 all runs: OK # git bisect good 7f90874125a5776630d6954712c0d35ea418bcab Bisecting: 2815 revisions left to test after this (roughly 12 steps) [fc6e327bf9efd68be3a226b3e716ccfab358d677] Merge remote-tracking branch 'amdgpu/drm-next' testing commit fc6e327bf9efd68be3a226b3e716ccfab358d677 with gcc (GCC) 8.1.0 all runs: crashed: general protection fault in xsk_poll # git bisect bad fc6e327bf9efd68be3a226b3e716ccfab358d677 Bisecting: 1413 revisions left to test after this (roughly 11 steps) [d52640e055dc88b12cb3470928ce28acf1e198e4] Merge remote-tracking branch 'crypto/master' testing commit d52640e055dc88b12cb3470928ce28acf1e198e4 with gcc (GCC) 8.1.0 all runs: crashed: general protection fault in xsk_poll # git bisect bad d52640e055dc88b12cb3470928ce28acf1e198e4 Bisecting: 741 revisions left to test after this (roughly 10 steps) [f77508308fa76d0efc60ebf3c906f467feb062cb] Merge branch 'bridge-mdb' testing commit f77508308fa76d0efc60ebf3c906f467feb062cb with gcc (GCC) 8.1.0 all runs: OK # git bisect good f77508308fa76d0efc60ebf3c906f467feb062cb Bisecting: 345 revisions left to test after this (roughly 9 steps) [268dcf532ac3279ad194a504e12db4b57abdc8e0] Merge remote-tracking branch 'rdma/for-next' testing commit 268dcf532ac3279ad194a504e12db4b57abdc8e0 with gcc (GCC) 8.1.0 all runs: OK # git bisect good 268dcf532ac3279ad194a504e12db4b57abdc8e0 Bisecting: 177 revisions left to test after this (roughly 8 steps) [035b1f626eaf4d63071a937cf6797e07830c5982] Merge remote-tracking branch 'gfs2/for-next' testing commit 035b1f626eaf4d63071a937cf6797e07830c5982 with gcc (GCC) 8.1.0 all runs: crashed: general protection fault in xsk_poll # git bisect bad 035b1f626eaf4d63071a937cf6797e07830c5982 Bisecting: 86 revisions left to test after this (roughly 6 steps) [50526c1feee6a553d1fc44f3d360af01ba3e4eec] Merge remote-tracking branch 'bpf-next/master' testing commit 50526c1feee6a553d1fc44f3d360af01ba3e4eec with gcc (GCC) 8.1.0 all runs: crashed: general protection fault in xsk_poll # git bisect bad 50526c1feee6a553d1fc44f3d360af01ba3e4eec Bisecting: 40 revisions left to test after this (roughly 5 steps) [5be4480d4656020c17dbac2831d62615af4f1631] dt-bindings: net: mediatek: Add support for MediaTek MT7628/88 SoC testing commit 5be4480d4656020c17dbac2831d62615af4f1631 with gcc (GCC) 8.1.0 all runs: OK # git bisect good 5be4480d4656020c17dbac2831d62615af4f1631 Bisecting: 20 revisions left to test after this (roughly 4 steps) [a4500432c2587cb2ae7554537886a4516ff2e7aa] libbpf: add support for need_wakeup flag in AF_XDP part testing commit a4500432c2587cb2ae7554537886a4516ff2e7aa with gcc (GCC) 8.1.0 all runs: crashed: general protection fault in xsk_poll # git bisect bad a4500432c2587cb2ae7554537886a4516ff2e7aa Bisecting: 9 revisions left to test after this (roughly 3 steps) [ed4a3983cd3eb93aaf80de8d8a36efed808acff2] tools: bpftool: fix argument for p_err() in BTF do_dump() testing commit ed4a3983cd3eb93aaf80de8d8a36efed808acff2 with gcc (GCC) 8.1.0 all runs: OK # git bisect good ed4a3983cd3eb93aaf80de8d8a36efed808acff2 Bisecting: 4 revisions left to test after this (roughly 2 steps) [e03250061b54041d3502696db421c44a4a8039f4] btf: fix return value check in btf_vmlinux_init() testing commit e03250061b54041d3502696db421c44a4a8039f4 with gcc (GCC) 8.1.0 all runs: OK # git bisect good e03250061b54041d3502696db421c44a4a8039f4 Bisecting: 2 revisions left to test after this (roughly 1 step) [77cd0d7b3f257fd0e3096b4fdcff1a7d38e99e10] xsk: add support for need_wakeup flag in AF_XDP rings testing commit 77cd0d7b3f257fd0e3096b4fdcff1a7d38e99e10 with gcc (GCC) 8.1.0 all runs: crashed: general protection fault in xsk_poll # git bisect bad 77cd0d7b3f257fd0e3096b4fdcff1a7d38e99e10 Bisecting: 0 revisions left to test after this (roughly 0 steps) [9116e5e2b1fff71dce501d971e86a3695acc3dba] xsk: replace ndo_xsk_async_xmit with ndo_xsk_wakeup testing commit 9116e5e2b1fff71dce501d971e86a3695acc3dba with gcc (GCC) 8.1.0 all runs: OK # git bisect good 9116e5e2b1fff71dce501d971e86a3695acc3dba 77cd0d7b3f257fd0e3096b4fdcff1a7d38e99e10 is the first bad commit commit 77cd0d7b3f257fd0e3096b4fdcff1a7d38e99e10 Author: Magnus Karlsson Date: Wed Aug 14 09:27:17 2019 +0200 xsk: add support for need_wakeup flag in AF_XDP rings This commit adds support for a new flag called need_wakeup in the AF_XDP Tx and fill rings. When this flag is set, it means that the application has to explicitly wake up the kernel Rx (for the bit in the fill ring) or kernel Tx (for bit in the Tx ring) processing by issuing a syscall. Poll() can wake up both depending on the flags submitted and sendto() will wake up tx processing only. The main reason for introducing this new flag is to be able to efficiently support the case when application and driver is executing on the same core. Previously, the driver was just busy-spinning on the fill ring if it ran out of buffers in the HW and there were none on the fill ring. This approach works when the application is running on another core as it can replenish the fill ring while the driver is busy-spinning. Though, this is a lousy approach if both of them are running on the same core as the probability of the fill ring getting more entries when the driver is busy-spinning is zero. With this new feature the driver now sets the need_wakeup flag and returns to the application. The application can then replenish the fill queue and then explicitly wake up the Rx processing in the kernel using the syscall poll(). For Tx, the flag is only set to one if the driver has no outstanding Tx completion interrupts. If it has some, the flag is zero as it will be woken up by a completion interrupt anyway. As a nice side effect, this new flag also improves the performance of the case where application and driver are running on two different cores as it reduces the number of syscalls to the kernel. The kernel tells user space if it needs to be woken up by a syscall, and this eliminates many of the syscalls. This flag needs some simple driver support. If the driver does not support this, the Rx flag is always zero and the Tx flag is always one. This makes any application relying on this feature default to the old behaviour of not requiring any syscalls in the Rx path and always having to call sendto() in the Tx path. For backwards compatibility reasons, this feature has to be explicitly turned on using a new bind flag (XDP_USE_NEED_WAKEUP). I recommend that you always turn it on as it so far always have had a positive performance impact. The name and inspiration of the flag has been taken from io_uring by Jens Axboe. Details about this feature in io_uring can be found in http://kernel.dk/io_uring.pdf, section 8.3. Signed-off-by: Magnus Karlsson Acked-by: Jonathan Lemon Signed-off-by: Daniel Borkmann :040000 040000 f84341ae23b3a56a61d67480fb002c92ca2cb5a5 98b7fb54071092ee2f38521396c74119f3a07d42 M include :040000 040000 b096c35aed881ef00b9a4a843d5d189140d8b5ac 2a0b78d17027de6da38061385e61b023c7b92536 M net revisions tested: 16, total time: 3h52m0.3321629s (build: 1h36m12.277425705s, test: 2h9m9.842740571s) first bad commit: 77cd0d7b3f257fd0e3096b4fdcff1a7d38e99e10 xsk: add support for need_wakeup flag in AF_XDP rings cc: ["ast@kernel.org" "bjorn.topel@intel.com" "bpf@vger.kernel.org" "daniel@iogearbox.net" "davem@davemloft.net" "hawk@kernel.org" "jakub.kicinski@netronome.com" "john.fastabend@gmail.com" "jonathan.lemon@gmail.com" "linux-kernel@vger.kernel.org" "magnus.karlsson@intel.com" "netdev@vger.kernel.org" "xdp-newbies@vger.kernel.org"] crash: general protection fault in xsk_poll kasan: CONFIG_KASAN_INLINE enabled kasan: GPF could be caused by NULL-ptr deref or user memory access general protection fault: 0000 [#1] PREEMPT SMP KASAN CPU: 0 PID: 7363 Comm: syz-executor.2 Not tainted 5.3.0-rc3+ #1 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:xsk_poll+0x81/0x4d0 net/xdp/xsk.c:386 Code: 80 3c 02 00 0f 85 01 04 00 00 4c 8b a3 88 04 00 00 48 b8 00 00 00 00 00 fc ff df 49 8d bc 24 96 00 00 00 48 89 fa 48 c1 ea 03 <0f> b6 04 02 48 89 fa 83 e2 07 38 d0 7f 08 84 c0 0f 85 4c 03 00 00 RSP: 0018:ffff88807a7bf8b0 EFLAGS: 00010207 RAX: dffffc0000000000 RBX: ffff88807a7c0c80 RCX: ffffffff8532e81d RDX: 0000000000000012 RSI: 0000000000000004 RDI: 0000000000000096 RBP: ffff88807a7bf8e0 R08: ffffed100f4f81d9 R09: ffffed100f4f81d9 R10: ffffed100f4f81d8 R11: ffff88807a7c0ec7 R12: 0000000000000000 R13: 0000000000000304 R14: ffffffff86b2d330 R15: ffff888092fdb5a0 FS: 00007fdf36181700(0000) GS:ffff8880aea00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000001496780 CR3: 00000000885af000 CR4: 00000000001406f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: sock_poll+0x137/0x430 net/socket.c:1256 vfs_poll include/linux/poll.h:90 [inline] do_pollfd fs/select.c:859 [inline] do_poll fs/select.c:907 [inline] do_sys_poll+0x4a7/0xc20 fs/select.c:1001 __do_sys_ppoll fs/select.c:1101 [inline] __se_sys_ppoll fs/select.c:1081 [inline] __x64_sys_ppoll+0x1e1/0x2a0 fs/select.c:1081 do_syscall_64+0xd0/0x540 arch/x86/entry/common.c:296 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x459829 Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007fdf36180c78 EFLAGS: 00000246 ORIG_RAX: 000000000000010f RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000459829 RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000020000280 RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00007fdf361816d4 R13: 00000000004c6706 R14: 00000000004db7d8 R15: 00000000ffffffff Modules linked in: ---[ end trace 059c305e0fe37497 ]--- RIP: 0010:xsk_poll+0x81/0x4d0 net/xdp/xsk.c:386 Code: 80 3c 02 00 0f 85 01 04 00 00 4c 8b a3 88 04 00 00 48 b8 00 00 00 00 00 fc ff df 49 8d bc 24 96 00 00 00 48 89 fa 48 c1 ea 03 <0f> b6 04 02 48 89 fa 83 e2 07 38 d0 7f 08 84 c0 0f 85 4c 03 00 00 RSP: 0018:ffff88807a7bf8b0 EFLAGS: 00010207 RAX: dffffc0000000000 RBX: ffff88807a7c0c80 RCX: ffffffff8532e81d RDX: 0000000000000012 RSI: 0000000000000004 RDI: 0000000000000096 RBP: ffff88807a7bf8e0 R08: ffffed100f4f81d9 R09: ffffed100f4f81d9 R10: ffffed100f4f81d8 R11: ffff88807a7c0ec7 R12: 0000000000000000 R13: 0000000000000304 R14: ffffffff86b2d330 R15: ffff888092fdb5a0 FS: 00007fdf36181700(0000) GS:ffff8880aeb00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007ffd89caae78 CR3: 00000000885af000 CR4: 00000000001406e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400