bisecting fixing commit since 6fd066604123ed4ab71aefe797d35996655c5eb1 building syzkaller on 06c33b3af0ff4072fb002879f83077c9d162a224 testing commit 6fd066604123ed4ab71aefe797d35996655c5eb1 with gcc (GCC) 8.1.0 run #0: crashed: PANIC: double fault in corrupted run #1: crashed: KASAN: stack-out-of-bounds Read in get_mem_cgroup_from_mm run #2: crashed: KASAN: stack-out-of-bounds Read in __handle_mm_fault run #3: crashed: BUG: unable to handle kernel paging request in rcu_process_callbacks run #4: crashed: BUG: unable to handle kernel paging request in corrupted run #5: crashed: KASAN: use-after-scope Read in update_curr run #6: crashed: KASAN: use-after-scope Read in enqueue_entity run #7: crashed: WARNING: kernel stack regs has bad value run #8: crashed: KASAN: stack-out-of-bounds Read in wait_consider_task run #9: crashed: no output from test machine testing current HEAD e03250061b54041d3502696db421c44a4a8039f4 testing commit e03250061b54041d3502696db421c44a4a8039f4 with gcc (GCC) 8.1.0 all runs: OK # git bisect start e03250061b54041d3502696db421c44a4a8039f4 6fd066604123ed4ab71aefe797d35996655c5eb1 Bisecting: 44606 revisions left to test after this (roughly 16 steps) [5abcbc7beecaa023a24dc79dd1534463fff727ed] hwmon: (tc74) Use permission specific SENSOR[_DEVICE]_ATTR variants testing commit 5abcbc7beecaa023a24dc79dd1534463fff727ed with gcc (GCC) 8.1.0 all runs: OK # git bisect bad 5abcbc7beecaa023a24dc79dd1534463fff727ed Bisecting: 22218 revisions left to test after this (roughly 15 steps) [da19a102ce87bf3e0a7fe277a659d1fc35330d6d] Merge tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma testing commit da19a102ce87bf3e0a7fe277a659d1fc35330d6d with gcc (GCC) 8.1.0 all runs: OK # git bisect bad da19a102ce87bf3e0a7fe277a659d1fc35330d6d Bisecting: 11203 revisions left to test after this (roughly 14 steps) [bbd60bffaf780464298cb7a39852f7f1065f1726] Merge tag 'mmc-v4.19' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmc testing commit bbd60bffaf780464298cb7a39852f7f1065f1726 with gcc (GCC) 8.1.0 all runs: OK # git bisect bad bbd60bffaf780464298cb7a39852f7f1065f1726 Bisecting: 5079 revisions left to test after this (roughly 13 steps) [9a76aba02a37718242d7cdc294f0a3901928aa57] Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next testing commit 9a76aba02a37718242d7cdc294f0a3901928aa57 with gcc (GCC) 8.1.0 all runs: OK # git bisect bad 9a76aba02a37718242d7cdc294f0a3901928aa57 Bisecting: 3129 revisions left to test after this (roughly 12 steps) [26a1ccc6c117be8e33e0410fce8c5298b0015b99] bpf: test: fix spelling mistake "REUSEEPORT" -> "REUSEPORT" testing commit 26a1ccc6c117be8e33e0410fce8c5298b0015b99 with gcc (GCC) 8.1.0 all runs: OK # git bisect bad 26a1ccc6c117be8e33e0410fce8c5298b0015b99 Bisecting: 1486 revisions left to test after this (roughly 11 steps) [9367a9c7f956c02a696af111d46e155fb8f2412a] mt76: add mt76x2_tx_common to mt76x2-common module testing commit 9367a9c7f956c02a696af111d46e155fb8f2412a with gcc (GCC) 8.1.0 all runs: OK # git bisect bad 9367a9c7f956c02a696af111d46e155fb8f2412a Bisecting: 793 revisions left to test after this (roughly 10 steps) [48e5aee81f320da8abd1f09c8410f584315f59b0] Merge tag 'vfio-v4.18-rc6' of git://github.com/awilliam/linux-vfio testing commit 48e5aee81f320da8abd1f09c8410f584315f59b0 with gcc (GCC) 8.1.0 all runs: OK # git bisect bad 48e5aee81f320da8abd1f09c8410f584315f59b0 Bisecting: 346 revisions left to test after this (roughly 9 steps) [f353078f028fbfe9acd4b747b4a19c69ef6846cd] Merge branch 'akpm' (patches from Andrew) testing commit f353078f028fbfe9acd4b747b4a19c69ef6846cd with gcc (GCC) 8.1.0 all runs: crashed: BUG: MAX_LOCK_DEPTH too low! # git bisect good f353078f028fbfe9acd4b747b4a19c69ef6846cd Bisecting: 173 revisions left to test after this (roughly 8 steps) [3bc53be9db21040b5d2de4d455f023c8c494aa68] net/nfc: Avoid stalls when nfc_alloc_send_skb() returned NULL. testing commit 3bc53be9db21040b5d2de4d455f023c8c494aa68 with gcc (GCC) 8.1.0 all runs: OK # git bisect bad 3bc53be9db21040b5d2de4d455f023c8c494aa68 Bisecting: 86 revisions left to test after this (roughly 7 steps) [b9626f45abccd044f8048269c67720f0719f2d4e] samples/bpf: Fix tc and ip paths in xdp2skb_meta.sh testing commit b9626f45abccd044f8048269c67720f0719f2d4e with gcc (GCC) 8.1.0 all runs: crashed: BUG: MAX_LOCK_DEPTH too low! # git bisect good b9626f45abccd044f8048269c67720f0719f2d4e Bisecting: 43 revisions left to test after this (roughly 6 steps) [e78bfb0751d4e312699106ba7efbed2bab1a53ca] skbuff: Unconditionally copy pfmemalloc in __skb_clone() testing commit e78bfb0751d4e312699106ba7efbed2bab1a53ca with gcc (GCC) 8.1.0 all runs: OK # git bisect bad e78bfb0751d4e312699106ba7efbed2bab1a53ca Bisecting: 21 revisions left to test after this (roughly 5 steps) [b203cc7a4fc94b373f6b0d4418e5e30f15645bf9] networking: e100.rst: Get rid of Sphinx warnings testing commit b203cc7a4fc94b373f6b0d4418e5e30f15645bf9 with gcc (GCC) 8.1.0 all runs: crashed: BUG: MAX_LOCK_DEPTH too low! # git bisect good b203cc7a4fc94b373f6b0d4418e5e30f15645bf9 Bisecting: 10 revisions left to test after this (roughly 4 steps) [83fe6b8709f65bc505b10235bd82ece12c4c5099] sch_fq_codel: zero q->flows_cnt when fq_codel_init fails testing commit 83fe6b8709f65bc505b10235bd82ece12c4c5099 with gcc (GCC) 8.1.0 all runs: crashed: BUG: MAX_LOCK_DEPTH too low! # git bisect good 83fe6b8709f65bc505b10235bd82ece12c4c5099 Bisecting: 4 revisions left to test after this (roughly 3 steps) [1ff9c66b08e1ae2522b361db183b7a858d65d3c7] Merge branch 'sfc-filter-locking-fixes' testing commit 1ff9c66b08e1ae2522b361db183b7a858d65d3c7 with gcc (GCC) 8.1.0 all runs: crashed: BUG: MAX_LOCK_DEPTH too low! # git bisect good 1ff9c66b08e1ae2522b361db183b7a858d65d3c7 Bisecting: 2 revisions left to test after this (roughly 1 step) [bab2c80e5a6c855657482eac9e97f5f3eedb509a] nsh: set mac len based on inner packet testing commit bab2c80e5a6c855657482eac9e97f5f3eedb509a with gcc (GCC) 8.1.0 all runs: OK # git bisect bad bab2c80e5a6c855657482eac9e97f5f3eedb509a Bisecting: 0 revisions left to test after this (roughly 0 steps) [8b7008620b8452728cadead460a36f64ed78c460] net: Don't copy pfmemalloc flag in __copy_skb_header() testing commit 8b7008620b8452728cadead460a36f64ed78c460 with gcc (GCC) 8.1.0 all runs: crashed: BUG: MAX_LOCK_DEPTH too low! # git bisect good 8b7008620b8452728cadead460a36f64ed78c460 bab2c80e5a6c855657482eac9e97f5f3eedb509a is the first bad commit commit bab2c80e5a6c855657482eac9e97f5f3eedb509a Author: Willem de Bruijn Date: Wed Jul 11 12:00:44 2018 -0400 nsh: set mac len based on inner packet When pulling the NSH header in nsh_gso_segment, set the mac length based on the encapsulated packet type. skb_reset_mac_len computes an offset to the network header, which here still points to the outer packet: > skb_reset_network_header(skb); > [...] > __skb_pull(skb, nsh_len); > skb_reset_mac_header(skb); // now mac hdr starts nsh_len == 8B after net hdr > skb_reset_mac_len(skb); // mac len = net hdr - mac hdr == (u16) -8 == 65528 > [..] > skb_mac_gso_segment(skb, ..) Link: http://lkml.kernel.org/r/CAF=yD-KeAcTSOn4AxirAxL8m7QAS8GBBe1w09eziYwvPbbUeYA@mail.gmail.com Reported-by: syzbot+7b9ed9872dab8c32305d@syzkaller.appspotmail.com Fixes: c411ed854584 ("nsh: add GSO support") Signed-off-by: Willem de Bruijn Acked-by: Jiri Benc Signed-off-by: David S. Miller :040000 040000 42786cf0a5b8a23681edd2f0ca64f8f1c6e19a47 554e9263406c7a9caf668bd25c350976a816caec M net revisions tested: 18, total time: 4h15m54.960452792s (build: 1h35m13.251159047s, test: 2h33m37.818294127s) first good commit: bab2c80e5a6c855657482eac9e97f5f3eedb509a nsh: set mac len based on inner packet cc: ["allison@lohutok.net" "davem@davemloft.net" "gregkh@linuxfoundation.org" "info@metux.net" "jbenc@redhat.com" "kstewart@linuxfoundation.org" "linux-kernel@vger.kernel.org" "netdev@vger.kernel.org" "tglx@linutronix.de" "willemb@google.com"]