bisecting cause commit starting from 3e536cff34244959c81575733c9ca60633f74e1b building syzkaller on 5f5f6d14e80b8bd6b42db961118e902387716bcb testing commit 3e536cff34244959c81575733c9ca60633f74e1b with gcc (GCC) 8.1.0 run #0: crashed: WARNING: suspicious RCU usage run #1: crashed: BUG: unable to handle kernel paging request in corrupted run #2: crashed: BUG: unable to handle kernel paging request in corrupted run #3: crashed: BUG: unable to handle kernel paging request in __enqueue_entity run #4: crashed: WARNING: suspicious RCU usage run #5: crashed: WARNING: suspicious RCU usage in corrupted run #6: crashed: WARNING: suspicious RCU usage in corrupted run #7: crashed: general protection fault in cpuacct_account_field run #8: crashed: no output from test machine run #9: OK testing release v4.19 testing commit 84df9525b0c27f3ebc2ebb1864fa62a97fdedb7d with gcc (GCC) 8.1.0 all runs: OK # git bisect start 3e536cff34244959c81575733c9ca60633f74e1b v4.19 Bisecting: 6843 revisions left to test after this (roughly 13 steps) [26873acacbdbb4e4b444f5dd28dcc4853f0e8ba2] Merge tag 'driver-core-4.20-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core testing commit 26873acacbdbb4e4b444f5dd28dcc4853f0e8ba2 with gcc (GCC) 8.1.0 all runs: OK # git bisect good 26873acacbdbb4e4b444f5dd28dcc4853f0e8ba2 Bisecting: 3293 revisions left to test after this (roughly 12 steps) [738b04fba18d35cd352b7b15afefb8a7b798648e] Merge tag 'staging-4.20-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging testing commit 738b04fba18d35cd352b7b15afefb8a7b798648e with gcc (GCC) 8.1.0 all runs: OK # git bisect good 738b04fba18d35cd352b7b15afefb8a7b798648e Bisecting: 1646 revisions left to test after this (roughly 11 steps) [e8625dce71b4c23eb81bc9b023c7628807df89e8] memblock: replace alloc_bootmem_low_pages with memblock_alloc_low testing commit e8625dce71b4c23eb81bc9b023c7628807df89e8 with gcc (GCC) 8.1.0 all runs: OK # git bisect good e8625dce71b4c23eb81bc9b023c7628807df89e8 Bisecting: 824 revisions left to test after this (roughly 10 steps) [fcc37f76a995cc08546b88b83f9bb5da11307a0b] Merge tag 'pwm/for-4.20-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/thierry.reding/linux-pwm testing commit fcc37f76a995cc08546b88b83f9bb5da11307a0b with gcc (GCC) 8.1.0 all runs: OK # git bisect good fcc37f76a995cc08546b88b83f9bb5da11307a0b Bisecting: 411 revisions left to test after this (roughly 9 steps) [52358cb5a310990ea5069f986bdab3620e01181f] Merge branch 's390-qeth-next' testing commit 52358cb5a310990ea5069f986bdab3620e01181f with gcc (GCC) 8.1.0 run #0: basic kernel testing failed: failed to copy test binary to VM: failed to run ["scp" "-P" "61197" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "-i" "/usr/local/google/home/dvyukov/syzkaller/ci-bisect2/jobs/linux/workdir/image/key" "/tmp/syz-executor713008402" "root@localhost:/syz-executor713008402"]: exit status 1 ssh: connect to host localhost port 61197: Connection refused lost connection run #1: crashed: general protection fault in cpuacct_charge run #2: crashed: WARNING: suspicious RCU usage in corrupted run #3: crashed: general protection fault in cpuacct_charge run #4: crashed: BUG: unable to handle kernel paging request in ipt_do_table run #5: crashed: KASAN: stack-out-of-bounds Read in cpuacct_charge run #6: crashed: WARNING: suspicious RCU usage run #7: crashed: no output from test machine run #8: crashed: no output from test machine run #9: basic kernel testing failed: failed to copy test binary to VM: failed to run ["scp" "-P" "22728" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "-i" "/usr/local/google/home/dvyukov/syzkaller/ci-bisect2/jobs/linux/workdir/image/key" "/tmp/syz-executor435774793" "root@localhost:/syz-executor435774793"]: exit status 1 ssh: connect to host localhost port 22728: Connection timed out lost connection # git bisect bad 52358cb5a310990ea5069f986bdab3620e01181f Bisecting: 193 revisions left to test after this (roughly 8 steps) [42bd06e93d108a3ee5b8b4eaa350ec81853cb217] Merge tag 'tags/upstream-4.20-rc1' of git://git.infradead.org/linux-ubifs testing commit 42bd06e93d108a3ee5b8b4eaa350ec81853cb217 with gcc (GCC) 8.1.0 all runs: OK # git bisect good 42bd06e93d108a3ee5b8b4eaa350ec81853cb217 Bisecting: 96 revisions left to test after this (roughly 7 steps) [a558c982a8ab43ec4262e7fd5e8d462e5fdabe45] nfp: flower: don't try to nack device unregister events testing commit a558c982a8ab43ec4262e7fd5e8d462e5fdabe45 with gcc (GCC) 8.1.0 all runs: OK # git bisect good a558c982a8ab43ec4262e7fd5e8d462e5fdabe45 Bisecting: 52 revisions left to test after this (roughly 6 steps) [be08989c4d900d5388be1a7d002cd7c2942d69cd] Merge branch 'nfp-add-and-use-tunnel-netdev-helpers' testing commit be08989c4d900d5388be1a7d002cd7c2942d69cd with gcc (GCC) 8.1.0 all runs: OK # git bisect good be08989c4d900d5388be1a7d002cd7c2942d69cd Bisecting: 25 revisions left to test after this (roughly 5 steps) [3ed3857011cf249e9e1e36abc77afd2e97de5994] Merge branch 'net-sched-prepare-for-more-Qdisc-offloads' testing commit 3ed3857011cf249e9e1e36abc77afd2e97de5994 with gcc (GCC) 8.1.0 all runs: OK # git bisect good 3ed3857011cf249e9e1e36abc77afd2e97de5994 Bisecting: 12 revisions left to test after this (roughly 4 steps) [e7cc082455cb49ea937a3ec4ab3d001b0b5f137b] udp: Support for error handlers of tunnels with arbitrary destination port testing commit e7cc082455cb49ea937a3ec4ab3d001b0b5f137b with gcc (GCC) 8.1.0 all runs: OK # git bisect good e7cc082455cb49ea937a3ec4ab3d001b0b5f137b Bisecting: 6 revisions left to test after this (roughly 3 steps) [5a541f6d00c6d8aace789dfaa468443bd0edf564] s390/qeth: handle af_iucv skbs in qeth_l3_fill_header() testing commit 5a541f6d00c6d8aace789dfaa468443bd0edf564 with gcc (GCC) 8.1.0 run #0: crashed: BUG: unable to handle kernel paging request in corrupted run #1: crashed: BUG: unable to handle kernel paging request in __run_timers run #2: crashed: BUG: unable to handle kernel paging request in __udp4_lib_err run #3: crashed: WARNING: locking bug in corrupted run #4: crashed: general protection fault in cpuacct_charge run #5: crashed: general protection fault in cpuacct_account_field run #6: basic kernel testing failed: failed to copy test binary to VM: failed to run ["scp" "-P" "33348" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "-i" "/usr/local/google/home/dvyukov/syzkaller/ci-bisect2/jobs/linux/workdir/image/key" "/tmp/syz-executor196731436" "root@localhost:/syz-executor196731436"]: exit status 1 ssh: connect to host localhost port 33348: Connection refused lost connection run #7: crashed: WARNING: suspicious RCU usage run #8: crashed: WARNING: suspicious RCU usage run #9: crashed: BUG: unable to handle kernel paging request in select_task_rq_fair # git bisect bad 5a541f6d00c6d8aace789dfaa468443bd0edf564 Bisecting: 2 revisions left to test after this (roughly 2 steps) [20da4ef91cb9335d7dcef6f1546dc31c455081f2] Merge branch 'ICMP-error-handling-for-UDP-tunnels' testing commit 20da4ef91cb9335d7dcef6f1546dc31c455081f2 with gcc (GCC) 8.1.0 run #0: crashed: kernel BUG at include/linux/syscalls.h:LINE! run #1: crashed: general protection fault in account_entity_enqueue run #2: crashed: WARNING: suspicious RCU usage in corrupted run #3: crashed: WARNING: suspicious RCU usage run #4: crashed: KASAN: stack-out-of-bounds Read in do_general_protection run #5: crashed: BUG: unable to handle kernel paging request in corrupted run #6: crashed: BUG: unable to handle kernel paging request in select_task_rq_fair run #7: crashed: WARNING: suspicious RCU usage in corrupted run #8: crashed: no output from test machine run #9: OK # git bisect bad 20da4ef91cb9335d7dcef6f1546dc31c455081f2 Bisecting: 0 revisions left to test after this (roughly 1 step) [56fd865f46b894681dd7e7f83761243add7a71a3] selftests: pmtu: Introduce FoU and GUE PMTU exceptions tests testing commit 56fd865f46b894681dd7e7f83761243add7a71a3 with gcc (GCC) 8.1.0 run #0: crashed: BUG: unable to handle kernel paging request in corrupted run #1: crashed: general protection fault in vsnprintf run #2: crashed: general protection fault in cpuacct_account_field run #3: crashed: WARNING: suspicious RCU usage in corrupted run #4: crashed: kernel panic: stack is corrupted in netif_rx_internal run #5: crashed: BUG: unable to handle kernel paging request in corrupted run #6: crashed: KASAN: stack-out-of-bounds Read in corrupted run #7: crashed: BUG: unable to handle kernel paging request in select_task_rq_fair run #8: crashed: no output from test machine run #9: crashed: no output from test machine # git bisect bad 56fd865f46b894681dd7e7f83761243add7a71a3 Bisecting: 0 revisions left to test after this (roughly 0 steps) [b8a51b38e4d4dec3e379d52c0fe1a66827f7cf1e] fou, fou6: ICMP error handlers for FoU and GUE testing commit b8a51b38e4d4dec3e379d52c0fe1a66827f7cf1e with gcc (GCC) 8.1.0 run #0: crashed: general protection fault in cpuacct_account_field run #1: crashed: BUG: unable to handle kernel paging request in corrupted run #2: crashed: PANIC: double fault in corrupted run #3: crashed: BUG: unable to handle kernel paging request in select_task_rq_fair run #4: crashed: general protection fault in cpuacct_charge run #5: crashed: BUG: unable to handle kernel paging request in corrupted run #6: crashed: WARNING: suspicious RCU usage in corrupted run #7: crashed: general protection fault in cpuacct_account_field run #8: crashed: general protection fault in cpuacct_charge run #9: crashed: BUG: unable to handle kernel paging request in corrupted # git bisect bad b8a51b38e4d4dec3e379d52c0fe1a66827f7cf1e b8a51b38e4d4dec3e379d52c0fe1a66827f7cf1e is the first bad commit commit b8a51b38e4d4dec3e379d52c0fe1a66827f7cf1e Author: Stefano Brivio Date: Thu Nov 8 12:19:23 2018 +0100 fou, fou6: ICMP error handlers for FoU and GUE As the destination port in FoU and GUE receiving sockets doesn't necessarily match the remote destination port, we can't associate errors to the encapsulating tunnels with a socket lookup -- we need to blindly try them instead. This means we don't even know if we are handling errors for FoU or GUE without digging into the packets. Hence, implement a single handler for both, one for IPv4 and one for IPv6, that will check whether the packet that generated the ICMP error used a direct IP encapsulation or if it had a GUE header, and send the error to the matching protocol handler, if any. Signed-off-by: Stefano Brivio Reviewed-by: Sabrina Dubroca Signed-off-by: David S. Miller net/ipv4/fou.c | 68 ++++++++++++++++++++++++++++++++++++++++++++++++ net/ipv4/protocol.c | 1 + net/ipv6/fou6.c | 74 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 143 insertions(+) revisions tested: 16, total time: 3h47m16.740822626s (build: 1h13m29.825071022s, test: 2h30m38.058549566s) first bad commit: b8a51b38e4d4dec3e379d52c0fe1a66827f7cf1e fou, fou6: ICMP error handlers for FoU and GUE cc: ["davem@davemloft.net" "kuznet@ms2.inr.ac.ru" "linux-kernel@vger.kernel.org" "netdev@vger.kernel.org" "sbrivio@redhat.com" "sd@queasysnail.net" "yoshfuji@linux-ipv6.org"] crash: BUG: unable to handle kernel paging request in corrupted team0 (unregistering): Port device team_slave_1 removed team0 (unregistering): Port device team_slave_0 removed bond0 (unregistering): Releasing backup interface bond_slave_1 bond0 (unregistering): Releasing backup interface bond_slave_0 bond0 (unregistering): Released all slaves BUG: unable to handle kernel paging request at ffffffff89f5c198 PGD 8e6d067 P4D 8e6d067 PUD 8e6e063 PMD 6b8ec063 PTE ffff88006b9ee040 ------------[ cut here ]------------ Oops: 0002 [#1] PREEMPT SMP KASAN