bisecting cause commit starting from ed2393ca091048fa9711f4e8ab17ce52856e6412 building syzkaller on fd37b39ea8db38458059092f5f94b582392e8922 testing commit ed2393ca091048fa9711f4e8ab17ce52856e6412 with gcc (GCC) 8.1.0 run #0: crashed: general protection fault in rxrpc_error_report run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK testing release v5.2 testing commit 0ecfebd2b52404ae0c54a878c872bb93363ada36 with gcc (GCC) 8.1.0 all runs: crashed: general protection fault in rxrpc_connect_call testing release v5.1 testing commit e93c9c99a629c61837d5a7fc2120cd2b6c70dbdd with gcc (GCC) 8.1.0 all runs: crashed: general protection fault in rxrpc_connect_call testing release v5.0 testing commit 1c163f4c7b3f621efff9b28a47abb36f7378d783 with gcc (GCC) 8.1.0 all runs: crashed: general protection fault in rxrpc_connect_call testing release v4.20 testing commit 8fe28cb58bcb235034b64cbbb7550a8a43fd88be with gcc (GCC) 8.1.0 run #0: crashed: general protection fault in rxrpc_connect_call run #1: crashed: general protection fault in rxrpc_connect_call run #2: crashed: general protection fault in rxrpc_connect_call run #3: crashed: general protection fault in rxrpc_connect_call run #4: crashed: general protection fault in rxrpc_connect_call run #5: crashed: general protection fault in rxrpc_connect_call run #6: crashed: general protection fault in corrupted run #7: crashed: general protection fault in rxrpc_connect_call run #8: crashed: general protection fault in rxrpc_connect_call run #9: crashed: general protection fault in rxrpc_connect_call testing release v4.19 testing commit 84df9525b0c27f3ebc2ebb1864fa62a97fdedb7d with gcc (GCC) 8.1.0 all runs: crashed: general protection fault in rxrpc_connect_call testing release v4.18 testing commit 94710cac0ef4ee177a63b5227664b38c95bbf703 with gcc (GCC) 8.1.0 all runs: crashed: general protection fault in rxrpc_connect_call testing release v4.17 testing commit 29dcea88779c856c7dc92040a0c01233263101d4 with gcc (GCC) 8.1.0 all runs: crashed: general protection fault in rxrpc_connect_call testing release v4.16 testing commit 0adb32858b0bddf4ada5f364a84ed60b196dbcda with gcc (GCC) 8.1.0 all runs: crashed: general protection fault in rxrpc_connect_call testing release v4.15 testing commit d8a5b80568a9cb66810e75b182018e9edb68e8ff with gcc (GCC) 8.1.0 all runs: crashed: general protection fault in rxrpc_connect_call testing release v4.14 testing commit bebc6082da0a9f5d47a1ea2edc099bf671058bd4 with gcc (GCC) 8.1.0 all runs: crashed: general protection fault in rxrpc_connect_call testing release v4.13 testing commit 569dbb88e80deb68974ef6fdd6a13edb9d686261 with gcc (GCC) 8.1.0 all runs: crashed: general protection fault in rxrpc_connect_call testing release v4.12 testing commit 6f7da290413ba713f0cdd9ff1a2a9bb129ef4f6c with gcc (GCC) 8.1.0 all runs: OK # git bisect start v4.13 v4.12 Bisecting: 7028 revisions left to test after this (roughly 13 steps) [ac7b75966c9c86426b55fe1c50ae148aa4571075] Merge tag 'pinctrl-v4.13-1' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl testing commit ac7b75966c9c86426b55fe1c50ae148aa4571075 with gcc (GCC) 8.1.0 all runs: crashed: general protection fault in rxrpc_connect_call # git bisect bad ac7b75966c9c86426b55fe1c50ae148aa4571075 Bisecting: 3538 revisions left to test after this (roughly 12 steps) [e24dd9ee5399747b71c1d982a484fc7601795f31] Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security testing commit e24dd9ee5399747b71c1d982a484fc7601795f31 with gcc (GCC) 8.1.0 all runs: OK # git bisect good e24dd9ee5399747b71c1d982a484fc7601795f31 Bisecting: 1787 revisions left to test after this (roughly 11 steps) [9cc9a5cb176ccb4f2cda5ac34da5a659926f125f] datapath: Avoid using stack larger than 1024. testing commit 9cc9a5cb176ccb4f2cda5ac34da5a659926f125f with gcc (GCC) 7.3.0 all runs: crashed: general protection fault in rxrpc_connect_call # git bisect bad 9cc9a5cb176ccb4f2cda5ac34da5a659926f125f Bisecting: 882 revisions left to test after this (roughly 10 steps) [073cf9e20c333ab29744717a23f9e43ec7512a20] Merge branch 'udp-reduce-cache-pressure' testing commit 073cf9e20c333ab29744717a23f9e43ec7512a20 with gcc (GCC) 7.3.0 all runs: crashed: general protection fault in rxrpc_connect_call # git bisect bad 073cf9e20c333ab29744717a23f9e43ec7512a20 Bisecting: 433 revisions left to test after this (roughly 9 steps) [3284f9e1ab505b41fa604c81e4b3271c6b88cdcb] bnxt_en: Add additional chip ID definitions. testing commit 3284f9e1ab505b41fa604c81e4b3271c6b88cdcb with gcc (GCC) 7.3.0 all runs: crashed: general protection fault in rxrpc_connect_call # git bisect bad 3284f9e1ab505b41fa604c81e4b3271c6b88cdcb Bisecting: 216 revisions left to test after this (roughly 8 steps) [8ae5bcdc5d98a99e59f194101e7acd2e9d055758] net: dsa: add MDB notifier testing commit 8ae5bcdc5d98a99e59f194101e7acd2e9d055758 with gcc (GCC) 7.3.0 all runs: OK # git bisect good 8ae5bcdc5d98a99e59f194101e7acd2e9d055758 Bisecting: 108 revisions left to test after this (roughly 7 steps) [03d1da3c050b9d0f9536ccd0965af91ab8e1df63] net: ethernet: ax88796: support generating a random mac address testing commit 03d1da3c050b9d0f9536ccd0965af91ab8e1df63 with gcc (GCC) 7.3.0 all runs: crashed: general protection fault in rxrpc_connect_call # git bisect bad 03d1da3c050b9d0f9536ccd0965af91ab8e1df63 Bisecting: 48 revisions left to test after this (roughly 6 steps) [52c05fc744215b3969c9b522d2ff5a82fd3d64ed] Merge branch 'for-upstream' of git://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next testing commit 52c05fc744215b3969c9b522d2ff5a82fd3d64ed with gcc (GCC) 7.3.0 all runs: OK # git bisect good 52c05fc744215b3969c9b522d2ff5a82fd3d64ed Bisecting: 24 revisions left to test after this (roughly 5 steps) [71f8a116b5c4b4957c56a2f1a5bd2a7e19d6d400] nfp: add helper for cleaning up vNICs testing commit 71f8a116b5c4b4957c56a2f1a5bd2a7e19d6d400 with gcc (GCC) 7.3.0 all runs: crashed: general protection fault in rxrpc_connect_call # git bisect bad 71f8a116b5c4b4957c56a2f1a5bd2a7e19d6d400 Bisecting: 11 revisions left to test after this (roughly 4 steps) [ff5f58f53cf19eb3a5a26057dc6f44166e1771be] Merge branch 'be2net-next' testing commit ff5f58f53cf19eb3a5a26057dc6f44166e1771be with gcc (GCC) 7.3.0 all runs: crashed: general protection fault in rxrpc_connect_call # git bisect bad ff5f58f53cf19eb3a5a26057dc6f44166e1771be Bisecting: 5 revisions left to test after this (roughly 3 steps) [ca84dfb9ab70849c2b01f30d658a8900cff9889d] net-next: stmmac: rework the speed selection testing commit ca84dfb9ab70849c2b01f30d658a8900cff9889d with gcc (GCC) 7.3.0 all runs: OK # git bisect good ca84dfb9ab70849c2b01f30d658a8900cff9889d Bisecting: 2 revisions left to test after this (roughly 2 steps) [2baec2c3f854d1f79c7bb28386484e144e864a14] rxrpc: Support network namespacing testing commit 2baec2c3f854d1f79c7bb28386484e144e864a14 with gcc (GCC) 7.3.0 all runs: crashed: general protection fault in rxrpc_connect_call # git bisect bad 2baec2c3f854d1f79c7bb28386484e144e864a14 Bisecting: 0 revisions left to test after this (roughly 1 step) [878cd3ba37f77ded9c85e9857e3182a7fe8f5dc3] net/packet: remove unused parameter in prb_curr_blk_in_use(). testing commit 878cd3ba37f77ded9c85e9857e3182a7fe8f5dc3 with gcc (GCC) 7.3.0 all runs: OK # git bisect good 878cd3ba37f77ded9c85e9857e3182a7fe8f5dc3 2baec2c3f854d1f79c7bb28386484e144e864a14 is the first bad commit commit 2baec2c3f854d1f79c7bb28386484e144e864a14 Author: David Howells Date: Wed May 24 17:02:32 2017 +0100 rxrpc: Support network namespacing Support network namespacing in AF_RXRPC with the following changes: (1) All the local endpoint, peer and call lists, locks, counters, etc. are moved into the per-namespace record. (2) All the connection tracking is moved into the per-namespace record with the exception of the client connection ID tree, which is kept global so that connection IDs are kept unique per-machine. (3) Each namespace gets its own epoch. This allows each network namespace to pretend to be a separate client machine. (4) The /proc/net/rxrpc_xxx files are now called /proc/net/rxrpc/xxx and the contents reflect the namespace. fs/afs/ should be okay with this patch as it explicitly requires the current net namespace to be init_net to permit a mount to proceed at the moment. It will, however, need updating so that cells, IP addresses and DNS records are per-namespace also. Signed-off-by: David Howells Signed-off-by: David S. Miller :040000 040000 dab5affbff2f78bca227b87334cd38f6450fa8ac 25fcdf791a2f65e476679fa9e105508fb774ec60 M net revisions tested: 26, total time: 4h33m55.242981517s (build: 2h7m48.667704891s, test: 2h18m19.179381045s) first bad commit: 2baec2c3f854d1f79c7bb28386484e144e864a14 rxrpc: Support network namespacing cc: ["davem@davemloft.net" "dhowells@redhat.com" "linux-afs@lists.infradead.org" "linux-kernel@vger.kernel.org" "netdev@vger.kernel.org"] crash: general protection fault in rxrpc_connect_call bridge0: port 1(bridge_slave_0) entered forwarding state IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready kasan: CONFIG_KASAN_INLINE enabled IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready kasan: GPF could be caused by NULL-ptr deref or user memory access general protection fault: 0000 [#1] PREEMPT SMP KASAN Modules linked in: CPU: 0 PID: 6841 Comm: syz-executor.2 Not tainted 4.12.0-rc2+ #1 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 8021q: adding VLAN 0 to HW filter on device bond0 IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready 8021q: adding VLAN 0 to HW filter on device team0 task: ffff88011554c300 task.stack: ffff8801185a8000 RIP: 0010:rxrpc_connect_call+0x2ae/0x4b60 net/rxrpc/conn_client.c:654 RSP: 0018:ffff8801185aea00 EFLAGS: 00010206 RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 00000000014000c0 8021q: adding VLAN 0 to HW filter on device batadv0 kobject: 'vlan0' (ffff88010e7d9980): kobject_add_internal: parent: 'mesh', set: '' RDX: 0000000000000003 RSI: ffff8801185af978 RDI: 0000000000000018 8021q: adding VLAN 0 to HW filter on device batadv0 kobject: 'vlan0' (ffff88011926c880): kobject_add_internal: parent: 'mesh', set: '' RBP: ffff8801185af2b8 R08: 1ffff100230b5e0b R09: 0000000000000000 kobject: 'loop1' (ffff8801263f84e0): kobject_uevent_env kobject: 'loop1' (ffff8801263f84e0): fill_kobj_path: path = '/devices/virtual/block/loop1' R10: 0000000000000000 R11: 0000000000000000 R12: ffff8801185af6d0 R13: ffff8801185af978 R14: ffff88010b311940 R15: ffff8801185af290 kobject: 'loop5' (ffff880125d6b7e0): kobject_uevent_env kobject: 'loop5' (ffff880125d6b7e0): fill_kobj_path: path = '/devices/virtual/block/loop5' FS: 00007f4a652b1700(0000) GS:ffff88012c000000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000020000080 CR3: 000000010c355000 CR4: 00000000001406f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: rxrpc_new_client_call+0x94a/0x1df0 net/rxrpc/call_object.c:267 rxrpc_new_client_call_for_sendmsg net/rxrpc/sendmsg.c:476 [inline] rxrpc_do_sendmsg+0xb3e/0x1850 net/rxrpc/sendmsg.c:523 rxrpc_sendmsg+0x3f5/0x5e0 net/rxrpc/af_rxrpc.c:453 sock_sendmsg_nosec net/socket.c:633 [inline] sock_sendmsg+0xb5/0xf0 net/socket.c:643 ___sys_sendmsg+0x306/0x930 net/socket.c:2038 __sys_sendmmsg+0x1aa/0x530 net/socket.c:2128 SYSC_sendmmsg net/socket.c:2159 [inline] SyS_sendmmsg+0xd/0x20 net/socket.c:2154 entry_SYSCALL_64_fastpath+0x23/0xc2 RIP: 0033:0x459879 RSP: 002b:00007f4a652b0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000459879 RDX: 0000000000000001 RSI: 0000000020005c00 RDI: 0000000000000003 RBP: 0000000000000086 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007fff6512468f R14: 00007f4a652b19c0 R15: 000000000075bf2c Code: f3 48 89 f0 48 c1 e8 03 80 3c 10 00 0f 85 c0 45 00 00 48 b8 00 00 00 00 00 fc ff df 49 8b 5d 00 48 8d 7b 18 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 93 45 00 00 48 8b 5b 18 48 8d bb 00 02 00 00 RIP: rxrpc_connect_call+0x2ae/0x4b60 net/rxrpc/conn_client.c:654 RSP: ffff8801185aea00 IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready ---[ end trace 17b055151fd8ad6a ]---