bisecting cause commit starting from 1574cf83c7a069f5f29295170ed8a568ccebcb7b
building syzkaller on 76630fc9477809305ab0fc257f92826e7671cb7e
testing commit 1574cf83c7a069f5f29295170ed8a568ccebcb7b with gcc (GCC) 8.1.0
all runs: crashed: KASAN: use-after-free Read in j1939_session_get_by_addr
testing release v5.3
testing commit 4d856f72c10ecb060868ed10ff1b1453943fc6c8 with gcc (GCC) 8.1.0
run #0: OK
run #1: OK
run #2: OK
run #3: OK
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: crashed: WARNING: ODEBUG bug in netdev_freemem
testing release v5.2
testing commit 0ecfebd2b52404ae0c54a878c872bb93363ada36 with gcc (GCC) 8.1.0
all runs: OK
# git bisect start v5.3 v5.2
Bisecting: 7848 revisions left to test after this (roughly 13 steps)
[43c95d3694cc448fdf50bd53b7ff3a5bb4655883] Merge tag 'pinctrl-v5.3-1' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl
testing commit 43c95d3694cc448fdf50bd53b7ff3a5bb4655883 with gcc (GCC) 8.1.0
run #0: OK
run #1: OK
run #2: OK
run #3: OK
run #4: crashed: general protection fault in send_hsr_supervision_frame
run #5: crashed: general protection fault in send_hsr_supervision_frame
run #6: crashed: general protection fault in send_hsr_supervision_frame
run #7: crashed: general protection fault in send_hsr_supervision_frame
run #8: crashed: general protection fault in send_hsr_supervision_frame
run #9: OK
# git bisect bad 43c95d3694cc448fdf50bd53b7ff3a5bb4655883
Bisecting: 4619 revisions left to test after this (roughly 12 steps)
[8f6ccf6159aed1f04c6d179f61f6fb2691261e84] Merge tag 'clone3-v5.3' of git://git.kernel.org/pub/scm/linux/kernel/git/brauner/linux
testing commit 8f6ccf6159aed1f04c6d179f61f6fb2691261e84 with gcc (GCC) 8.1.0
all runs: OK
# git bisect good 8f6ccf6159aed1f04c6d179f61f6fb2691261e84
Bisecting: 2306 revisions left to test after this (roughly 11 steps)
[753c8d9b7d81206bb5d011b28abe829d364b028e] Merge branch 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
testing commit 753c8d9b7d81206bb5d011b28abe829d364b028e with gcc (GCC) 8.1.0
run #0: OK
run #1: OK
run #2: OK
run #3: OK
run #4: OK
run #5: crashed: general protection fault in send_hsr_supervision_frame
run #6: crashed: general protection fault in send_hsr_supervision_frame
run #7: crashed: general protection fault in send_hsr_supervision_frame
run #8: OK
run #9: crashed: general protection fault in send_hsr_supervision_frame
# git bisect bad 753c8d9b7d81206bb5d011b28abe829d364b028e
Bisecting: 1156 revisions left to test after this (roughly 10 steps)
[2f9b0d93a9d3ec64558537ab5d7cff820886afa4] net: ethernet: ti: cpsw: Fix suspend/resume break
testing commit 2f9b0d93a9d3ec64558537ab5d7cff820886afa4 with gcc (GCC) 8.1.0
all runs: OK
# git bisect good 2f9b0d93a9d3ec64558537ab5d7cff820886afa4
Bisecting: 578 revisions left to test after this (roughly 9 steps)
[354d0fab649d47045517cf7cae03d653a4dcb3b8] net: hns3: add default value for tc_size and tc_offset
testing commit 354d0fab649d47045517cf7cae03d653a4dcb3b8 with gcc (GCC) 8.1.0
all runs: OK
# git bisect good 354d0fab649d47045517cf7cae03d653a4dcb3b8
Bisecting: 289 revisions left to test after this (roughly 8 steps)
[52c0609258658ff35b85c654c568a50abd602ac6] bnxt_en: rename some xdp functions
testing commit 52c0609258658ff35b85c654c568a50abd602ac6 with gcc (GCC) 8.1.0
all runs: OK
# git bisect good 52c0609258658ff35b85c654c568a50abd602ac6
Bisecting: 169 revisions left to test after this (roughly 7 steps)
[e858faf556d4e14c750ba1e8852783c6f9520a0e] tcp: Reset bytes_acked and bytes_received when disconnecting
testing commit e858faf556d4e14c750ba1e8852783c6f9520a0e with gcc (GCC) 8.1.0
all runs: OK
# git bisect good e858faf556d4e14c750ba1e8852783c6f9520a0e
Bisecting: 84 revisions left to test after this (roughly 6 steps)
[427545b3046326cd7b4dbbd7869f08737df2ad2b] nfp: tls: count TSO segments separately for the TLS offload
testing commit 427545b3046326cd7b4dbbd7869f08737df2ad2b with gcc (GCC) 8.1.0
all runs: OK
# git bisect good 427545b3046326cd7b4dbbd7869f08737df2ad2b
Bisecting: 42 revisions left to test after this (roughly 5 steps)
[bf96244074d9d0dc1b9ab0c9a6d95ae7b6ad628d] net: hisilicon: dt-bindings: Add an field of port-handle
testing commit bf96244074d9d0dc1b9ab0c9a6d95ae7b6ad628d with gcc (GCC) 8.1.0
run #0: OK
run #1: OK
run #2: OK
run #3: OK
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: crashed: general protection fault in send_hsr_supervision_frame
# git bisect bad bf96244074d9d0dc1b9ab0c9a6d95ae7b6ad628d
Bisecting: 20 revisions left to test after this (roughly 4 steps)
[06a80a7d09cc3fbecbd44e225e825a37fb806836] net: stmmac: Fix descriptors address being in > 32 bits address space
testing commit 06a80a7d09cc3fbecbd44e225e825a37fb806836 with gcc (GCC) 8.1.0
all runs: OK
# git bisect good 06a80a7d09cc3fbecbd44e225e825a37fb806836
Bisecting: 10 revisions left to test after this (roughly 3 steps)
[a7d50a0dd81b09dc13fa9e4b55765e8684bc8226] tc-testing: Allow tdc plugins to see test case data
testing commit a7d50a0dd81b09dc13fa9e4b55765e8684bc8226 with gcc (GCC) 8.1.0
run #0: OK
run #1: OK
run #2: OK
run #3: OK
run #4: OK
run #5: crashed: general protection fault in send_hsr_supervision_frame
run #6: crashed: general protection fault in send_hsr_supervision_frame
run #7: crashed: general protection fault in send_hsr_supervision_frame
run #8: crashed: general protection fault in send_hsr_supervision_frame
run #9: crashed: general protection fault in send_hsr_supervision_frame
# git bisect bad a7d50a0dd81b09dc13fa9e4b55765e8684bc8226
Bisecting: 4 revisions left to test after this (roughly 2 steps)
[4aabed699c400810981d3dda170f05fa4d782905] net: mvmdio: allow up to four clocks to be specified for orion-mdio
testing commit 4aabed699c400810981d3dda170f05fa4d782905 with gcc (GCC) 8.1.0
run #0: OK
run #1: OK
run #2: OK
run #3: OK
run #4: OK
run #5: OK
run #6: crashed: general protection fault in send_hsr_supervision_frame
run #7: crashed: general protection fault in send_hsr_supervision_frame
run #8: OK
run #9: crashed: general protection fault in send_hsr_supervision_frame
# git bisect bad 4aabed699c400810981d3dda170f05fa4d782905
Bisecting: 2 revisions left to test after this (roughly 1 step)
[de90573e30948459a37e32f432e65529573ff757] Merge branch 'net-stmmac-Some-improvements-and-a-fix'
testing commit de90573e30948459a37e32f432e65529573ff757 with gcc (GCC) 8.1.0
run #0: OK
run #1: OK
run #2: OK
run #3: OK
run #4: OK
run #5: OK
run #6: OK
run #7: crashed: general protection fault in send_hsr_supervision_frame
run #8: crashed: general protection fault in send_hsr_supervision_frame
run #9: OK
# git bisect bad de90573e30948459a37e32f432e65529573ff757
Bisecting: 0 revisions left to test after this (roughly 0 steps)
[2af6106ae949651d529c8c3f0734c3a7babd0d4b] net: stmmac: Introducing support for Page Pool
testing commit 2af6106ae949651d529c8c3f0734c3a7babd0d4b with gcc (GCC) 8.1.0
run #0: OK
run #1: OK
run #2: OK
run #3: OK
run #4: crashed: general protection fault in send_hsr_supervision_frame
run #5: crashed: general protection fault in send_hsr_supervision_frame
run #6: OK
run #7: crashed: general protection fault in send_hsr_supervision_frame
run #8: crashed: general protection fault in send_hsr_supervision_frame
run #9: OK
# git bisect bad 2af6106ae949651d529c8c3f0734c3a7babd0d4b
2af6106ae949651d529c8c3f0734c3a7babd0d4b is the first bad commit
commit 2af6106ae949651d529c8c3f0734c3a7babd0d4b
Author: Jose Abreu <Jose.Abreu@synopsys.com>
Date:   Tue Jul 9 10:03:00 2019 +0200

    net: stmmac: Introducing support for Page Pool
    
    Mapping and unmapping DMA region is an high bottleneck in stmmac driver,
    specially in the RX path.
    
    This commit introduces support for Page Pool API and uses it in all RX
    queues. With this change, we get more stable troughput and some increase
    of banwidth with iperf:
            - MAC1000 - 950 Mbps
            - XGMAC: 9.22 Gbps
    
    Changes from v3:
            - Use page_pool_destroy() (Ilias)
    Changes from v2:
            - Uncoditionally call page_pool_free() (Jesper)
    Changes from v1:
            - Use page_pool_get_dma_addr() (Jesper)
            - Add a comment (Jesper)
            - Add page_pool_free() call (Jesper)
            - Reintroduce sync_single_for_device (Arnd / Ilias)
    
    Signed-off-by: Jose Abreu <joabreu@synopsys.com>
    Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
    Signed-off-by: David S. Miller <davem@davemloft.net>

:040000 040000 c87c8a2a4095d99eaa464b2678f8e5b94a158c1f fb52f8df088855f85e57d94378c9e0926d2fe852 M	drivers
revisions tested: 17, total time: 4h36m55.83290502s (build: 1h37m5.138386302s, test: 2h54m46.291347266s)
first bad commit: 2af6106ae949651d529c8c3f0734c3a7babd0d4b net: stmmac: Introducing support for Page Pool
cc: ["davem@davemloft.net" "ilias.apalodimas@linaro.org" "joabreu@synopsys.com" "jose.abreu@synopsys.com"]
crash: general protection fault in send_hsr_supervision_frame
kasan: CONFIG_KASAN_INLINE enabled
kasan: GPF could be caused by NULL-ptr deref or user memory access
general protection fault: 0000 [#1] PREEMPT SMP KASAN
CPU: 1 PID: 0 Comm: swapper/1 Not tainted 5.2.0-rc6+ #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:send_hsr_supervision_frame+0x30/0xf60 net/hsr/hsr_device.c:255
Code: 89 e5 41 57 41 56 41 55 49 89 fd 41 54 41 89 d4 48 89 c2 53 48 c1 ea 03 48 83 ec 50 48 89 45 d0 48 b8 00 00 00 00 00 fc ff df <80> 3c 02 00 89 75 c8 0f 85 83 0c 00 00 48 b8 00 00 00 00 00 fc ff
RSP: 0018:ffff8880aeb09c68 EFLAGS: 00010282
RAX: dffffc0000000000 RBX: ffff88808a6f76c0 RCX: 1ffff1100f442724
RDX: 0000000000000002 RSI: 0000000000000017 RDI: 0000000000000000
RBP: ffff8880aeb09ce0 R08: 0000000000000000 R09: 0000000000000000
R10: ffffed1015d64970 R11: ffff8880a98d4340 R12: 0000000000000000
R13: 0000000000000000 R14: ffff8880aeb09db8 R15: ffff8880aeb24b80
FS:  0000000000000000(0000) GS:ffff8880aeb00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffffffff600400 CR3: 000000008a099000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <IRQ>
 hsr_announce+0xd9/0x2b0 net/hsr/hsr_device.c:339
 call_timer_fn+0x14d/0x510 kernel/time/timer.c:1322
 expire_timers kernel/time/timer.c:1366 [inline]
 __run_timers kernel/time/timer.c:1685 [inline]
 run_timer_softirq+0xc6f/0x1330 kernel/time/timer.c:1698
 __do_softirq+0x260/0x958 kernel/softirq.c:292
 invoke_softirq kernel/softirq.c:373 [inline]
 irq_exit+0x17f/0x1c0 kernel/softirq.c:413
 exiting_irq arch/x86/include/asm/apic.h:536 [inline]
 smp_apic_timer_interrupt+0x13e/0x540 arch/x86/kernel/apic/apic.c:1068
 apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:806
 </IRQ>
RIP: 0010:native_safe_halt+0x12/0x20 arch/x86/include/asm/irqflags.h:61
Code: 11 ff ff ff 4c 89 e7 e8 2c 2a f0 fa eb 97 90 90 90 90 90 90 90 90 90 90 55 48 89 e5 e9 07 00 00 00 0f 00 2d 50 48 5f 00 fb f4 <5d> c3 66 90 66 2e 0f 1f 84 00 00 00 00 00 55 48 89 e5 e9 07 00 00
RSP: 0018:ffff8880a98e7d70 EFLAGS: 00000282 ORIG_RAX: ffffffffffffff13
RAX: dffffc0000000000 RBX: ffff8880a98d4340 RCX: ffffffff8155a99f
RDX: 1ffffffff10643e1 RSI: 0000000000000004 RDI: ffffffff88321f08
RBP: ffff8880a98e7d70 R08: ffffed1015d66c80 R09: ffffed1015d66c7f
R10: ffffed1015d66c7f R11: ffff8880aeb363fb R12: 0000000000000001
R13: ffffffff88321ef8 R14: 0000000000000001 R15: ffffffff88f6ae38
 arch_safe_halt arch/x86/include/asm/paravirt.h:156 [inline]
 default_idle+0x51/0x310 arch/x86/kernel/process.c:580
 arch_cpu_idle+0xa/0x10 arch/x86/kernel/process.c:571
 default_idle_call+0x6d/0x90 kernel/sched/idle.c:94
 cpuidle_idle_call kernel/sched/idle.c:154 [inline]
 do_idle+0x3e4/0x590 kernel/sched/idle.c:263
 cpu_startup_entry+0x18/0x20 kernel/sched/idle.c:354
 start_secondary+0x367/0x4b0 arch/x86/kernel/smpboot.c:265
 secondary_startup_64+0xa4/0xb0 arch/x86/kernel/head_64.S:243
Modules linked in:
---[ end trace 78fc5480ab02929a ]---
RIP: 0010:send_hsr_supervision_frame+0x30/0xf60 net/hsr/hsr_device.c:255
Code: 89 e5 41 57 41 56 41 55 49 89 fd 41 54 41 89 d4 48 89 c2 53 48 c1 ea 03 48 83 ec 50 48 89 45 d0 48 b8 00 00 00 00 00 fc ff df <80> 3c 02 00 89 75 c8 0f 85 83 0c 00 00 48 b8 00 00 00 00 00 fc ff
RSP: 0018:ffff8880aeb09c68 EFLAGS: 00010282
RAX: dffffc0000000000 RBX: ffff88808a6f76c0 RCX: 1ffff1100f442724
RDX: 0000000000000002 RSI: 0000000000000017 RDI: 0000000000000000
RBP: ffff8880aeb09ce0 R08: 0000000000000000 R09: 0000000000000000
R10: ffffed1015d64970 R11: ffff8880a98d4340 R12: 0000000000000000
R13: 0000000000000000 R14: ffff8880aeb09db8 R15: ffff8880aeb24b80
FS:  0000000000000000(0000) GS:ffff8880aeb00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffffffff600400 CR3: 000000008a099000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400