bisecting cause commit starting from 89695196f0ba78a17453f9616355f2ca6b293402 building syzkaller on 89bc860804252dbacb8c2bea60b9204859f4afd7 testing commit 89695196f0ba78a17453f9616355f2ca6b293402 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: a9c0599a66491a8db07c425a448b1861be7b926901b2fdf6f22f4f9e5292345d run #0: crashed: general protection fault in llc_build_and_send_xid_pkt run #1: crashed: general protection fault in llc_ui_sendmsg run #2: crashed: general protection fault in llc_build_and_send_xid_pkt run #3: crashed: general protection fault in llc_build_and_send_xid_pkt run #4: crashed: general protection fault in llc_build_and_send_xid_pkt run #5: crashed: general protection fault in llc_ui_sendmsg run #6: crashed: general protection fault in llc_build_and_send_xid_pkt run #7: crashed: general protection fault in llc_build_and_send_xid_pkt run #8: crashed: general protection fault in llc_build_and_send_xid_pkt run #9: crashed: general protection fault in llc_ui_sendmsg run #10: crashed: general protection fault in llc_build_and_send_xid_pkt run #11: crashed: general protection fault in llc_ui_sendmsg run #12: crashed: general protection fault in llc_build_and_send_xid_pkt run #13: crashed: general protection fault in llc_build_and_send_xid_pkt run #14: crashed: general protection fault in llc_ui_sendmsg run #15: crashed: general protection fault in llc_ui_sendmsg run #16: crashed: general protection fault in llc_ui_sendmsg run #17: crashed: general protection fault in llc_build_and_send_xid_pkt run #18: crashed: general protection fault in llc_ui_sendmsg run #19: crashed: general protection fault in llc_build_and_send_xid_pkt testing release v5.16 testing commit df0cc57e057f18e44dac8e6c18aba47ab53202f9 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 1fd9ab6ec52dc5d6eec160897ae3403fe7938723519a9996a423afd6588ef1fc all runs: OK # git bisect start 89695196f0ba78a17453f9616355f2ca6b293402 df0cc57e057f18e44dac8e6c18aba47ab53202f9 Bisecting: 8529 revisions left to test after this (roughly 13 steps) [e1a7aa25ff45636a6c1930bf2430c8b802e93d9c] Merge tag 'scsi-misc' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi testing commit e1a7aa25ff45636a6c1930bf2430c8b802e93d9c compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 99d9bf3331f0214b688f12d4b11bc6dacebab0bceb35d47ab41f6ef9884bff2b all runs: OK # git bisect good e1a7aa25ff45636a6c1930bf2430c8b802e93d9c Bisecting: 4265 revisions left to test after this (roughly 12 steps) [cc0def5b4ed61a262b88c67e6f8ed1a70c52c568] Merge tag 'optee-fixes-for-v5.17' of git://git.linaro.org/people/jens.wiklander/linux-tee into arm/fixes testing commit cc0def5b4ed61a262b88c67e6f8ed1a70c52c568 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: e5a81cd65c8f795ef7e2b04028b3150cdc02bc368958d0c732851524990aa723 all runs: OK # git bisect good cc0def5b4ed61a262b88c67e6f8ed1a70c52c568 Bisecting: 2133 revisions left to test after this (roughly 11 steps) [ee6373ddf3a974c4239f56931f5944fd289146e7] net/funeth: probing and netdev ops testing commit ee6373ddf3a974c4239f56931f5944fd289146e7 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: e132856090c5929af31abe9536a9c00f76af38d35ae77e96cf9d673465eb94fe all runs: OK # git bisect good ee6373ddf3a974c4239f56931f5944fd289146e7 Bisecting: 1021 revisions left to test after this (roughly 10 steps) [1e8a3f0d2a1ef544611a7ea4a7c1512c732e0e43] Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net testing commit 1e8a3f0d2a1ef544611a7ea4a7c1512c732e0e43 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: e2c78277b6638f2bb84cd0b333a7b243a13b11315e4c00dc3d35f502cf98b8fd all runs: OK # git bisect good 1e8a3f0d2a1ef544611a7ea4a7c1512c732e0e43 Bisecting: 517 revisions left to test after this (roughly 9 steps) [770c9a3a01af178a90368a78c75eb91707c7233c] net/mlx5: Remove unused fill page array API function testing commit 770c9a3a01af178a90368a78c75eb91707c7233c compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 29a35edcdb091e2f181d46d3b659e25917aa22b9b36cdb1a6b01ece5300e91ac all runs: basic kernel testing failed: WARNING in __napi_schedule # git bisect skip 770c9a3a01af178a90368a78c75eb91707c7233c Bisecting: 517 revisions left to test after this (roughly 9 steps) [fc6d01ff9ef03b66d4a3a23b46fc3c3d8cf92009] ax25: Fix NULL pointer dereferences in ax25 timers testing commit fc6d01ff9ef03b66d4a3a23b46fc3c3d8cf92009 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 0bfd459e0e594a2f14b0adda892fb7a02bed5906983278a288ab2cbaf836b9b8 all runs: OK # git bisect good fc6d01ff9ef03b66d4a3a23b46fc3c3d8cf92009 Bisecting: 455 revisions left to test after this (roughly 9 steps) [49045b9c810cd9b4ac5f8f235ad8ef17553a00fa] Merge branch 'mediatek-next' testing commit 49045b9c810cd9b4ac5f8f235ad8ef17553a00fa compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 57b1a7ffc097aa6086854b22ae1770d5c147e9f444b57c5ed18f0773025f06ac all runs: basic kernel testing failed: WARNING in __napi_schedule # git bisect skip 49045b9c810cd9b4ac5f8f235ad8ef17553a00fa Bisecting: 455 revisions left to test after this (roughly 9 steps) [9f01cfbf2922432668c2fd4dfc0413342aaff48b] net: sparx5: Use Switchdev fdb events for managing fdb entries testing commit 9f01cfbf2922432668c2fd4dfc0413342aaff48b compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 25658dcb2e7ad2888b2e5b4e37f3b9d769f91a440ebe04a6838bf4087952c7cf all runs: basic kernel testing failed: WARNING in __napi_schedule # git bisect skip 9f01cfbf2922432668c2fd4dfc0413342aaff48b Bisecting: 455 revisions left to test after this (roughly 9 steps) [aa80511a93dbab1fb362ab414acc665a319c6522] Merge branch 'net-mscc-miim-add-integrated-phy-reset-support' testing commit aa80511a93dbab1fb362ab414acc665a319c6522 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: d3601a8592a7309e4c276978ac2a7c66cc1cddbba9acb72413b2a09c4ca49259 all runs: OK # git bisect good aa80511a93dbab1fb362ab414acc665a319c6522 Bisecting: 89 revisions left to test after this (roughly 7 steps) [515a49173b80a4aabcbad9a4fa2a247042378ea1] ARM: rethook: Add rethook arm implementation testing commit 515a49173b80a4aabcbad9a4fa2a247042378ea1 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 82a47a8d2bc496e744c1d287243baa40726ea282bd00088f494ccf184db9889a all runs: OK # git bisect good 515a49173b80a4aabcbad9a4fa2a247042378ea1 Bisecting: 44 revisions left to test after this (roughly 6 steps) [e1cc1f39981b06ba22a0c92e800e9fd8ba59d2d3] selftests/bpf: Test skipping stacktrace testing commit e1cc1f39981b06ba22a0c92e800e9fd8ba59d2d3 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 2b72f6b5c9b514703420bda7a8c748ce6edf3fa9986b4e21ab96b91171a94132 all runs: boot failed: KASAN: null-ptr-deref Write in register_btf_kfunc_id_set # git bisect skip e1cc1f39981b06ba22a0c92e800e9fd8ba59d2d3 Bisecting: 44 revisions left to test after this (roughly 6 steps) [a911ad18a56aeecf87a098ad1cdc4de91d7f60de] net: bridge: mst: Restrict info size queries to bridge ports testing commit a911ad18a56aeecf87a098ad1cdc4de91d7f60de compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: d661fe5b0602a83e10f2e3c96432575b3619fe347c513d871371f296cd03fb79 all runs: OK # git bisect good a911ad18a56aeecf87a098ad1cdc4de91d7f60de Bisecting: 6 revisions left to test after this (roughly 3 steps) [6a7d8cff4a3301087dd139293e9bddcf63827282] tipc: fix the timer expires after interval 100ms testing commit 6a7d8cff4a3301087dd139293e9bddcf63827282 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: cd3c4241ce5d2f37e473015ee740a10493afa09c16a14d84ff90422f486f483f all runs: OK # git bisect good 6a7d8cff4a3301087dd139293e9bddcf63827282 Bisecting: 3 revisions left to test after this (roughly 2 steps) [764f4eb6846f5475f1244767d24d25dd86528a4a] llc: fix netdevice reference leaks in llc_ui_bind() testing commit 764f4eb6846f5475f1244767d24d25dd86528a4a compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: af4488b2a269db648f4e164824977212b80330759a6e12b7dbf0a5977e601aee run #0: crashed: general protection fault in llc_ui_sendmsg run #1: crashed: general protection fault in llc_build_and_send_xid_pkt run #2: crashed: general protection fault in llc_build_and_send_xid_pkt run #3: crashed: general protection fault in llc_ui_sendmsg run #4: crashed: general protection fault in llc_ui_sendmsg run #5: crashed: general protection fault in llc_build_and_send_xid_pkt run #6: crashed: general protection fault in llc_build_and_send_xid_pkt run #7: crashed: general protection fault in llc_build_and_send_xid_pkt run #8: crashed: general protection fault in llc_ui_sendmsg run #9: crashed: general protection fault in llc_ui_sendmsg # git bisect bad 764f4eb6846f5475f1244767d24d25dd86528a4a Bisecting: 1 revision left to test after this (roughly 1 step) [054d5575cd6ed2792611a7cbb8c88663cc873780] net/sched: fix incorrect vlan_push_eth dest field testing commit 054d5575cd6ed2792611a7cbb8c88663cc873780 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: f640db4be297baa778d004246eec911513a266311aae5585df1789645a92ec74 all runs: OK # git bisect good 054d5575cd6ed2792611a7cbb8c88663cc873780 Bisecting: 0 revisions left to test after this (roughly 0 steps) [2844e2434385819f674d1fb4130c308c50ba681e] drivers: ethernet: cpsw: fix panic when interrupt coaleceing is set via ethtool testing commit 2844e2434385819f674d1fb4130c308c50ba681e compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: de7579bca7a4e13c152834f14f786fb33fb73c3aebd2a27552f277f33a188497 all runs: OK # git bisect good 2844e2434385819f674d1fb4130c308c50ba681e 764f4eb6846f5475f1244767d24d25dd86528a4a is the first bad commit commit 764f4eb6846f5475f1244767d24d25dd86528a4a Author: Eric Dumazet Date: Tue Mar 22 17:41:47 2022 -0700 llc: fix netdevice reference leaks in llc_ui_bind() Whenever llc_ui_bind() and/or llc_ui_autobind() took a reference on a netdevice but subsequently fail, they must properly release their reference or risk the infamous message from unregister_netdevice() at device dismantle. unregister_netdevice: waiting for eth0 to become free. Usage count = 3 Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Signed-off-by: Eric Dumazet Reported-by: 赵子轩 Reported-by: Stoyan Manolov Link: https://lore.kernel.org/r/20220323004147.1990845-1-eric.dumazet@gmail.com Signed-off-by: Jakub Kicinski net/llc/af_llc.c | 8 ++++++++ 1 file changed, 8 insertions(+) culprit signature: af4488b2a269db648f4e164824977212b80330759a6e12b7dbf0a5977e601aee parent signature: de7579bca7a4e13c152834f14f786fb33fb73c3aebd2a27552f277f33a188497 revisions tested: 18, total time: 3h18m56.904775608s (build: 1h51m13.405278468s, test: 1h26m5.183683093s) first bad commit: 764f4eb6846f5475f1244767d24d25dd86528a4a llc: fix netdevice reference leaks in llc_ui_bind() recipients (to): ["davem@davemloft.net" "edumazet@google.com" "kuba@kernel.org" "kuba@kernel.org" "linux-kernel@vger.kernel.org"] recipients (cc): ["netdev@vger.kernel.org" "paskripkin@gmail.com" "yajun.deng@linux.dev"] crash: general protection fault in llc_ui_sendmsg general protection fault, probably for non-canonical address 0xdffffc000000001b: 0000 [#1] PREEMPT SMP KASAN KASAN: null-ptr-deref in range [0x00000000000000d8-0x00000000000000df] CPU: 1 PID: 4054 Comm: syz-executor734 Not tainted 5.17.0-rc8-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:llc_ui_sendmsg+0x1ad/0xf20 net/llc/af_llc.c:947 Code: 03 80 3c 02 00 0f 85 6f 0b 00 00 4c 8b b5 38 05 00 00 48 ba 00 00 00 00 00 fc ff df 49 8d be de 00 00 00 48 89 f9 48 c1 e9 03 <0f> b6 0c 11 48 89 fa 83 e2 07 83 c2 01 38 ca 7c 08 84 c9 0f 85 16 RSP: 0018:ffffc900048a78d8 EFLAGS: 00010207 RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 000000000000001b RDX: dffffc0000000000 RSI: 0000000000000008 RDI: 00000000000000de RBP: ffff88801e5b2000 R08: 0000000000000000 R09: ffff88801e5b2538 R10: ffffed1003cb640c R11: 0000000000000000 R12: ffff88801e5b2508 R13: ffff888073702a00 R14: 0000000000000000 R15: ffffc900048a7d70 FS: 00007f316e25d700(0000) GS:ffff8880b9f00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000000002000f038 CR3: 0000000079d8d000 CR4: 00000000003506e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: sock_sendmsg_nosec net/socket.c:705 [inline] sock_sendmsg+0xab/0xe0 net/socket.c:725 ____sys_sendmsg+0x392/0x7a0 net/socket.c:2413 ___sys_sendmsg+0xd3/0x150 net/socket.c:2467 __sys_sendmmsg+0x141/0x310 net/socket.c:2553 __do_sys_sendmmsg net/socket.c:2582 [inline] __se_sys_sendmmsg net/socket.c:2579 [inline] __x64_sys_sendmmsg+0x94/0x100 net/socket.c:2579 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7f316e2cc8c9 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f316e25d318 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 RAX: ffffffffffffffda RBX: 00007f316e3543f8 RCX: 00007f316e2cc8c9 RDX: 03fffffffffffeed RSI: 0000000020001380 RDI: 0000000000000003 RBP: 00007f316e3543f0 R08: 00007f316e25d700 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00007f316e3543fc R13: 00007fff5826f71f R14: 00007f316e25d400 R15: 0000000000022000 Modules linked in: ---[ end trace 0000000000000000 ]--- RIP: 0010:llc_ui_sendmsg+0x1ad/0xf20 net/llc/af_llc.c:947 Code: 03 80 3c 02 00 0f 85 6f 0b 00 00 4c 8b b5 38 05 00 00 48 ba 00 00 00 00 00 fc ff df 49 8d be de 00 00 00 48 89 f9 48 c1 e9 03 <0f> b6 0c 11 48 89 fa 83 e2 07 83 c2 01 38 ca 7c 08 84 c9 0f 85 16 RSP: 0018:ffffc900048a78d8 EFLAGS: 00010207 RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 000000000000001b RDX: dffffc0000000000 RSI: 0000000000000008 RDI: 00000000000000de RBP: ffff88801e5b2000 R08: 0000000000000000 R09: ffff88801e5b2538 R10: ffffed1003cb640c R11: 0000000000000000 R12: ffff88801e5b2508 R13: ffff888073702a00 R14: 0000000000000000 R15: ffffc900048a7d70 FS: 00007f316e25d700(0000) GS:ffff8880b9f00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000000002000f038 CR3: 0000000079d8d000 CR4: 00000000003506e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 ---------------- Code disassembly (best guess): 0: 03 80 3c 02 00 0f add 0xf00023c(%rax),%eax 6: 85 6f 0b test %ebp,0xb(%rdi) 9: 00 00 add %al,(%rax) b: 4c 8b b5 38 05 00 00 mov 0x538(%rbp),%r14 12: 48 ba 00 00 00 00 00 movabs $0xdffffc0000000000,%rdx 19: fc ff df 1c: 49 8d be de 00 00 00 lea 0xde(%r14),%rdi 23: 48 89 f9 mov %rdi,%rcx 26: 48 c1 e9 03 shr $0x3,%rcx * 2a: 0f b6 0c 11 movzbl (%rcx,%rdx,1),%ecx <-- trapping instruction 2e: 48 89 fa mov %rdi,%rdx 31: 83 e2 07 and $0x7,%edx 34: 83 c2 01 add $0x1,%edx 37: 38 ca cmp %cl,%dl 39: 7c 08 jl 0x43 3b: 84 c9 test %cl,%cl 3d: 0f .byte 0xf 3e: 85 16 test %edx,(%rsi)