bisecting cause commit starting from 89695196f0ba78a17453f9616355f2ca6b293402
building syzkaller on 89bc860804252dbacb8c2bea60b9204859f4afd7
testing commit 89695196f0ba78a17453f9616355f2ca6b293402
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: ce0591ab37f2da0418b6109c9b6fc655e561a936418507900c303735e0c673ec
run #0: crashed: general protection fault in llc_ui_sendmsg
run #1: OK
run #2: OK
run #3: OK
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
run #10: OK
run #11: OK
run #12: OK
run #13: OK
run #14: OK
run #15: OK
run #16: OK
run #17: OK
run #18: OK
run #19: boot failed: can't ssh into the instance
reproducer seems to be flaky
testing release v5.16
testing commit df0cc57e057f18e44dac8e6c18aba47ab53202f9
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 1fd9ab6ec52dc5d6eec160897ae3403fe7938723519a9996a423afd6588ef1fc
all runs: OK
# git bisect start 89695196f0ba78a17453f9616355f2ca6b293402 df0cc57e057f18e44dac8e6c18aba47ab53202f9
Bisecting: 8529 revisions left to test after this (roughly 13 steps)
[e1a7aa25ff45636a6c1930bf2430c8b802e93d9c] Merge tag 'scsi-misc' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi

testing commit e1a7aa25ff45636a6c1930bf2430c8b802e93d9c
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 99d9bf3331f0214b688f12d4b11bc6dacebab0bceb35d47ab41f6ef9884bff2b
run #0: basic kernel testing failed: BUG: program execution failed: executor NUM: failed to write control pipe: write |NUM: broken pipe
run #1: OK
run #2: OK
run #3: OK
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
run #10: OK
run #11: OK
run #12: OK
run #13: OK
run #14: OK
run #15: OK
run #16: OK
run #17: OK
run #18: OK
run #19: OK
# git bisect good e1a7aa25ff45636a6c1930bf2430c8b802e93d9c
Bisecting: 4265 revisions left to test after this (roughly 12 steps)
[cc0def5b4ed61a262b88c67e6f8ed1a70c52c568] Merge tag 'optee-fixes-for-v5.17' of git://git.linaro.org/people/jens.wiklander/linux-tee into arm/fixes

testing commit cc0def5b4ed61a262b88c67e6f8ed1a70c52c568
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 5c81d9f0d87b3bd0c51c5a6ddf2550a6c5e11ea516ebad6ed207d14b368b2722
all runs: OK
# git bisect good cc0def5b4ed61a262b88c67e6f8ed1a70c52c568
Bisecting: 2133 revisions left to test after this (roughly 11 steps)
[ee6373ddf3a974c4239f56931f5944fd289146e7] net/funeth: probing and netdev ops

testing commit ee6373ddf3a974c4239f56931f5944fd289146e7
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: a49fd85d8f477875db3fa959ace127b97c715c76a0757d54f441e450cf269274
all runs: OK
# git bisect good ee6373ddf3a974c4239f56931f5944fd289146e7
Bisecting: 1021 revisions left to test after this (roughly 10 steps)
[1e8a3f0d2a1ef544611a7ea4a7c1512c732e0e43] Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net

testing commit 1e8a3f0d2a1ef544611a7ea4a7c1512c732e0e43
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 1d855d1b4f80a8850d060a91345530791f9a80fd1b1d184303aa5d2c8814e4d0
all runs: OK
# git bisect good 1e8a3f0d2a1ef544611a7ea4a7c1512c732e0e43
Bisecting: 517 revisions left to test after this (roughly 9 steps)
[770c9a3a01af178a90368a78c75eb91707c7233c] net/mlx5: Remove unused fill page array API function

testing commit 770c9a3a01af178a90368a78c75eb91707c7233c
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: bcea1101663c47a6ed3911f9bdc4e6852e681929adf49e93620938e548f5229c
all runs: basic kernel testing failed: WARNING in __napi_schedule
# git bisect skip 770c9a3a01af178a90368a78c75eb91707c7233c
Bisecting: 517 revisions left to test after this (roughly 9 steps)
[fc6d01ff9ef03b66d4a3a23b46fc3c3d8cf92009] ax25: Fix NULL pointer dereferences in ax25 timers

testing commit fc6d01ff9ef03b66d4a3a23b46fc3c3d8cf92009
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 2dc5652914919b7b34008844c23d825f21b9294f26b8e6289e9302f12cda5ed6
run #0: basic kernel testing failed: BUG: program execution failed: executor NUM: exit status NUM
run #1: OK
run #2: OK
run #3: OK
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
run #10: OK
run #11: OK
run #12: OK
run #13: OK
run #14: OK
run #15: OK
run #16: OK
run #17: OK
run #18: OK
run #19: OK
# git bisect good fc6d01ff9ef03b66d4a3a23b46fc3c3d8cf92009
Bisecting: 455 revisions left to test after this (roughly 9 steps)
[49045b9c810cd9b4ac5f8f235ad8ef17553a00fa] Merge branch 'mediatek-next'

testing commit 49045b9c810cd9b4ac5f8f235ad8ef17553a00fa
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 378204becf72517800e0f71f10595d3ee0c449352dd9ab97b65cf550c2e48a95
all runs: basic kernel testing failed: WARNING in __napi_schedule
# git bisect skip 49045b9c810cd9b4ac5f8f235ad8ef17553a00fa
Bisecting: 455 revisions left to test after this (roughly 9 steps)
[9f01cfbf2922432668c2fd4dfc0413342aaff48b] net: sparx5: Use Switchdev fdb events for managing fdb entries

testing commit 9f01cfbf2922432668c2fd4dfc0413342aaff48b
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 903922558a9b9e68455c8f2ccfc3bc5f9c99ca8207775794d238213f6272a0c6
all runs: basic kernel testing failed: WARNING in __napi_schedule
# git bisect skip 9f01cfbf2922432668c2fd4dfc0413342aaff48b
Bisecting: 455 revisions left to test after this (roughly 9 steps)
[aa80511a93dbab1fb362ab414acc665a319c6522] Merge branch 'net-mscc-miim-add-integrated-phy-reset-support'

testing commit aa80511a93dbab1fb362ab414acc665a319c6522
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 27997ebe985502b03e8444d9c3389d8cd4f834a783f0009883118eab1686353b
run #0: basic kernel testing failed: BUG: program execution failed: executor NUM: failed to write control pipe: write |NUM: broken pipe
run #1: OK
run #2: OK
run #3: OK
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
run #10: OK
run #11: OK
run #12: OK
run #13: OK
run #14: OK
run #15: OK
run #16: OK
run #17: OK
run #18: OK
run #19: OK
# git bisect good aa80511a93dbab1fb362ab414acc665a319c6522
Bisecting: 89 revisions left to test after this (roughly 7 steps)
[515a49173b80a4aabcbad9a4fa2a247042378ea1] ARM: rethook: Add rethook arm implementation

testing commit 515a49173b80a4aabcbad9a4fa2a247042378ea1
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 6bcab69e80561e1d4a096eb36c68f82050b1c47c42e9563f0acfa40b69131136
all runs: OK
# git bisect good 515a49173b80a4aabcbad9a4fa2a247042378ea1
Bisecting: 44 revisions left to test after this (roughly 6 steps)
[e1cc1f39981b06ba22a0c92e800e9fd8ba59d2d3] selftests/bpf: Test skipping stacktrace

testing commit e1cc1f39981b06ba22a0c92e800e9fd8ba59d2d3
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 1be67d16d72d35363e692038d715109e9c3b097dee3195c5ba1ee17059f61000
all runs: boot failed: KASAN: null-ptr-deref Write in register_btf_kfunc_id_set
# git bisect skip e1cc1f39981b06ba22a0c92e800e9fd8ba59d2d3
Bisecting: 44 revisions left to test after this (roughly 6 steps)
[a911ad18a56aeecf87a098ad1cdc4de91d7f60de] net: bridge: mst: Restrict info size queries to bridge ports

testing commit a911ad18a56aeecf87a098ad1cdc4de91d7f60de
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 97cb06ffff36d8de1d6970cffc765f365bdaac6b827598eb58a01dde8043441b
all runs: OK
# git bisect good a911ad18a56aeecf87a098ad1cdc4de91d7f60de
Bisecting: 6 revisions left to test after this (roughly 3 steps)
[6a7d8cff4a3301087dd139293e9bddcf63827282] tipc: fix the timer expires after interval 100ms

testing commit 6a7d8cff4a3301087dd139293e9bddcf63827282
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 40bae47ba1b1bb84568b5cb56bd2c8e92a92a88d7e63d985eaa40b2c7666b049
all runs: OK
# git bisect good 6a7d8cff4a3301087dd139293e9bddcf63827282
Bisecting: 3 revisions left to test after this (roughly 2 steps)
[764f4eb6846f5475f1244767d24d25dd86528a4a] llc: fix netdevice reference leaks in llc_ui_bind()

testing commit 764f4eb6846f5475f1244767d24d25dd86528a4a
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 04c5aedee1ce2a8289650c8ba7438b8d813add635d080d87db1d289c048a175f
run #0: crashed: general protection fault in llc_ui_sendmsg
run #1: crashed: general protection fault in llc_build_and_send_ui_pkt
run #2: OK
run #3: OK
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
run #10: OK
run #11: OK
run #12: OK
run #13: OK
run #14: OK
run #15: OK
run #16: OK
run #17: OK
run #18: OK
run #19: OK
# git bisect bad 764f4eb6846f5475f1244767d24d25dd86528a4a
Bisecting: 1 revision left to test after this (roughly 1 step)
[054d5575cd6ed2792611a7cbb8c88663cc873780] net/sched: fix incorrect vlan_push_eth dest field

testing commit 054d5575cd6ed2792611a7cbb8c88663cc873780
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: e06ddac80bd8d24ffb27cacb705ff798c904ce38a06ba7447eebd75583b89d4f
all runs: OK
# git bisect good 054d5575cd6ed2792611a7cbb8c88663cc873780
Bisecting: 0 revisions left to test after this (roughly 0 steps)
[2844e2434385819f674d1fb4130c308c50ba681e] drivers: ethernet: cpsw: fix panic when interrupt coaleceing is set via ethtool

testing commit 2844e2434385819f674d1fb4130c308c50ba681e
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: e552814d64f0a2053171db5ae2288d3b77d66d4f3ba87cd2bd0f797180dd4612
all runs: OK
# git bisect good 2844e2434385819f674d1fb4130c308c50ba681e
764f4eb6846f5475f1244767d24d25dd86528a4a is the first bad commit
commit 764f4eb6846f5475f1244767d24d25dd86528a4a
Author: Eric Dumazet <edumazet@google.com>
Date:   Tue Mar 22 17:41:47 2022 -0700

    llc: fix netdevice reference leaks in llc_ui_bind()
    
    Whenever llc_ui_bind() and/or llc_ui_autobind()
    took a reference on a netdevice but subsequently fail,
    they must properly release their reference
    or risk the infamous message from unregister_netdevice()
    at device dismantle.
    
    unregister_netdevice: waiting for eth0 to become free. Usage count = 3
    
    Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
    Signed-off-by: Eric Dumazet <edumazet@google.com>
    Reported-by: 赵子轩 <beraphin@gmail.com>
    Reported-by: Stoyan Manolov <smanolov@suse.de>
    Link: https://lore.kernel.org/r/20220323004147.1990845-1-eric.dumazet@gmail.com
    Signed-off-by: Jakub Kicinski <kuba@kernel.org>

 net/llc/af_llc.c | 8 ++++++++
 1 file changed, 8 insertions(+)

culprit signature: 04c5aedee1ce2a8289650c8ba7438b8d813add635d080d87db1d289c048a175f
parent  signature: e552814d64f0a2053171db5ae2288d3b77d66d4f3ba87cd2bd0f797180dd4612
Reproducer flagged being flaky
revisions tested: 18, total time: 3h49m2.785774023s (build: 2h5m29.268438018s, test: 1h41m34.042612454s)
first bad commit: 764f4eb6846f5475f1244767d24d25dd86528a4a llc: fix netdevice reference leaks in llc_ui_bind()
recipients (to): ["davem@davemloft.net" "edumazet@google.com" "kuba@kernel.org" "kuba@kernel.org" "linux-kernel@vger.kernel.org"]
recipients (cc): ["netdev@vger.kernel.org" "paskripkin@gmail.com" "yajun.deng@linux.dev"]
crash: general protection fault in llc_build_and_send_ui_pkt
general protection fault, probably for non-canonical address 0xdffffc0000000070: 0000 [#1] PREEMPT SMP KASAN
KASAN: null-ptr-deref in range [0x0000000000000380-0x0000000000000387]
CPU: 0 PID: 4045 Comm: syz-executor129 Not tainted 5.17.0-rc8-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:llc_build_and_send_ui_pkt+0x1b3/0x270 net/llc/llc_output.c:65
Code: 48 c1 ea 03 80 3c 02 00 0f 85 c9 00 00 00 48 b8 00 00 00 00 00 fc ff df 48 8b 5d 10 48 8d bb 80 03 00 00 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 8f 00 00 00 48 8b b3 80 03 00 00 4c 89 f2 48 89
RSP: 0018:ffffc900046ff898 EFLAGS: 00010202
RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 1ffff1100e8da2e0
RDX: 0000000000000070 RSI: 0000000000000003 RDI: 0000000000000380
RBP: ffff8880746d1640 R08: ffff8880223a250c R09: 0000000000000000
R10: 0000000000000001 R11: 0000000000000001 R12: ffff888078813400
R13: 0000000000000005 R14: ffff8880223a2510 R15: 0000000000000005
FS:  00007f1ed6d95700(0000) GS:ffff8880b9e00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f1ed6e2dbd0 CR3: 0000000019b97000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 llc_ui_sendmsg+0x686/0xf20 net/llc/af_llc.c:967
 sock_sendmsg_nosec net/socket.c:705 [inline]
 sock_sendmsg+0xab/0xe0 net/socket.c:725
 ____sys_sendmsg+0x392/0x7a0 net/socket.c:2413
 ___sys_sendmsg+0xd3/0x150 net/socket.c:2467
 __sys_sendmmsg+0x141/0x310 net/socket.c:2553
 __do_sys_sendmmsg net/socket.c:2582 [inline]
 __se_sys_sendmmsg net/socket.c:2579 [inline]
 __x64_sys_sendmmsg+0x94/0x100 net/socket.c:2579
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x7f1ed6dec349
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 61 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f1ed6d95318 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
RAX: ffffffffffffffda RBX: 00007f1ed6e6d488 RCX: 00007f1ed6dec349
RDX: 03fffffffffffeed RSI: 0000000020001380 RDI: 0000000000000003
RBP: 00007f1ed6e6d480 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f1ed6e6d48c
R13: 00007ffcd045954f R14: 00007f1ed6d95400 R15: 0000000000022000
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:llc_build_and_send_ui_pkt+0x1b3/0x270 net/llc/llc_output.c:65
Code: 48 c1 ea 03 80 3c 02 00 0f 85 c9 00 00 00 48 b8 00 00 00 00 00 fc ff df 48 8b 5d 10 48 8d bb 80 03 00 00 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 8f 00 00 00 48 8b b3 80 03 00 00 4c 89 f2 48 89
RSP: 0018:ffffc900046ff898 EFLAGS: 00010202
RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 1ffff1100e8da2e0
RDX: 0000000000000070 RSI: 0000000000000003 RDI: 0000000000000380
RBP: ffff8880746d1640 R08: ffff8880223a250c R09: 0000000000000000
R10: 0000000000000001 R11: 0000000000000001 R12: ffff888078813400
R13: 0000000000000005 R14: ffff8880223a2510 R15: 0000000000000005
FS:  00007f1ed6d95700(0000) GS:ffff8880b9e00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f1ed6e2dbd0 CR3: 0000000019b97000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
----------------
Code disassembly (best guess):
   0:	48 c1 ea 03          	shr    $0x3,%rdx
   4:	80 3c 02 00          	cmpb   $0x0,(%rdx,%rax,1)
   8:	0f 85 c9 00 00 00    	jne    0xd7
   e:	48 b8 00 00 00 00 00 	movabs $0xdffffc0000000000,%rax
  15:	fc ff df
  18:	48 8b 5d 10          	mov    0x10(%rbp),%rbx
  1c:	48 8d bb 80 03 00 00 	lea    0x380(%rbx),%rdi
  23:	48 89 fa             	mov    %rdi,%rdx
  26:	48 c1 ea 03          	shr    $0x3,%rdx
* 2a:	80 3c 02 00          	cmpb   $0x0,(%rdx,%rax,1) <-- trapping instruction
  2e:	0f 85 8f 00 00 00    	jne    0xc3
  34:	48 8b b3 80 03 00 00 	mov    0x380(%rbx),%rsi
  3b:	4c 89 f2             	mov    %r14,%rdx
  3e:	48                   	rex.W
  3f:	89                   	.byte 0x89