bisecting cause commit starting from 9805a68371ce01eee3d8491ee2d93f1aa4a4da52 building syzkaller on dc438b91deb00a8ad5634a9c55903e0b1a537c61 testing commit 9805a68371ce01eee3d8491ee2d93f1aa4a4da52 with gcc (GCC) 8.1.0 all runs: crashed: WARNING: refcount bug in j1939_netdev_start testing release v5.3 testing commit 4d856f72c10ecb060868ed10ff1b1453943fc6c8 with gcc (GCC) 8.1.0 all runs: OK # git bisect start 9805a68371ce01eee3d8491ee2d93f1aa4a4da52 4d856f72c10ecb060868ed10ff1b1453943fc6c8 Bisecting: 7662 revisions left to test after this (roughly 13 steps) [24ccb0ab95bf14e414cf2ba65af5458bc5a2e865] qede: qede_fp: simplify a bit 'qede_rx_build_skb()' testing commit 24ccb0ab95bf14e414cf2ba65af5458bc5a2e865 with gcc (GCC) 8.1.0 run #0: crashed: WARNING: refcount bug in j1939_netdev_start run #1: crashed: general protection fault in j1939_sk_sendmsg run #2: crashed: WARNING: refcount bug in j1939_netdev_start run #3: crashed: general protection fault in j1939_sk_sendmsg run #4: crashed: WARNING: refcount bug in j1939_netdev_start run #5: crashed: WARNING: refcount bug in j1939_netdev_start run #6: crashed: WARNING: refcount bug in j1939_netdev_start run #7: crashed: general protection fault in j1939_sk_sendmsg run #8: crashed: general protection fault in j1939_sk_sendmsg run #9: crashed: general protection fault in j1939_sk_sendmsg # git bisect bad 24ccb0ab95bf14e414cf2ba65af5458bc5a2e865 Bisecting: 3831 revisions left to test after this (roughly 12 steps) [d2aaa49e281959828370667edbc1cdcc7fc4026a] Merge tag 'acpi-5.4-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm testing commit d2aaa49e281959828370667edbc1cdcc7fc4026a with gcc (GCC) 8.1.0 all runs: OK # git bisect good d2aaa49e281959828370667edbc1cdcc7fc4026a Bisecting: 1915 revisions left to test after this (roughly 11 steps) [1f459bdc20076fd6d103f5920a4704c5f8ba378b] i40e: fix potential RX buffer starvation for AF_XDP testing commit 1f459bdc20076fd6d103f5920a4704c5f8ba378b with gcc (GCC) 8.1.0 run #0: crashed: WARNING: refcount bug in j1939_netdev_start run #1: crashed: general protection fault in j1939_sk_sendmsg run #2: crashed: WARNING: refcount bug in j1939_netdev_start run #3: crashed: general protection fault in j1939_sk_sendmsg run #4: crashed: WARNING: refcount bug in j1939_netdev_start run #5: crashed: general protection fault in j1939_sk_sendmsg run #6: crashed: WARNING: refcount bug in j1939_netdev_start run #7: crashed: WARNING: refcount bug in j1939_netdev_start run #8: crashed: WARNING: refcount bug in j1939_netdev_start run #9: crashed: WARNING: refcount bug in j1939_netdev_start # git bisect bad 1f459bdc20076fd6d103f5920a4704c5f8ba378b Bisecting: 960 revisions left to test after this (roughly 10 steps) [48cb39522a9d4d4680865e40a88f975a1cee6abc] mac80211: minstrel_ht: improve rate probing for devices with static fallback testing commit 48cb39522a9d4d4680865e40a88f975a1cee6abc with gcc (GCC) 8.1.0 all runs: OK # git bisect good 48cb39522a9d4d4680865e40a88f975a1cee6abc Bisecting: 480 revisions left to test after this (roughly 9 steps) [6503b659302893af700d9e9b82d3210d09a3aefb] ice: move code closer together testing commit 6503b659302893af700d9e9b82d3210d09a3aefb with gcc (GCC) 8.1.0 run #0: crashed: WARNING: refcount bug in j1939_netdev_start run #1: crashed: WARNING: refcount bug in j1939_netdev_start run #2: crashed: general protection fault in j1939_sk_sendmsg run #3: crashed: WARNING: refcount bug in j1939_netdev_start run #4: crashed: general protection fault in j1939_sk_sendmsg run #5: crashed: WARNING: refcount bug in j1939_netdev_start run #6: crashed: general protection fault in j1939_sk_sendmsg run #7: crashed: general protection fault in j1939_sk_sendmsg run #8: crashed: general protection fault in j1939_sk_sendmsg run #9: crashed: WARNING: refcount bug in j1939_netdev_start # git bisect bad 6503b659302893af700d9e9b82d3210d09a3aefb Bisecting: 239 revisions left to test after this (roughly 8 steps) [688125a6e7872a8c827d7848ba8fbc41785fb9c6] MIPS: SGI-IP27: remove ioc3 ethernet init testing commit 688125a6e7872a8c827d7848ba8fbc41785fb9c6 with gcc (GCC) 8.1.0 all runs: OK # git bisect good 688125a6e7872a8c827d7848ba8fbc41785fb9c6 Bisecting: 127 revisions left to test after this (roughly 7 steps) [94810bd365cbcce4abc4af497aef4b68db7b4f2a] Merge tag 'mlx5-updates-2019-09-01-v2' of git://git.kernel.org/pub/scm/linux/kernel/git/saeed/linux testing commit 94810bd365cbcce4abc4af497aef4b68db7b4f2a with gcc (GCC) 8.1.0 all runs: OK # git bisect good 94810bd365cbcce4abc4af497aef4b68db7b4f2a Bisecting: 57 revisions left to test after this (roughly 6 steps) [b06b39927249dad12e965d4f9914e58c83d87cf0] Merge tag 'linux-can-next-for-5.4-20190903' of git://git.kernel.org/pub/scm/linux/kernel/git/mkl/linux-can-next testing commit b06b39927249dad12e965d4f9914e58c83d87cf0 with gcc (GCC) 8.1.0 all runs: OK # git bisect good b06b39927249dad12e965d4f9914e58c83d87cf0 Bisecting: 28 revisions left to test after this (roughly 5 steps) [6338488356d2891869c9e143381f3bb71cfa2e30] net: stmmac: xgmac: Add RBU handling in DMA interrupt testing commit 6338488356d2891869c9e143381f3bb71cfa2e30 with gcc (GCC) 8.1.0 run #0: crashed: general protection fault in j1939_sk_sendmsg run #1: crashed: WARNING: refcount bug in j1939_netdev_start run #2: crashed: general protection fault in j1939_sk_sendmsg run #3: crashed: general protection fault in j1939_sk_sendmsg run #4: crashed: general protection fault in j1939_sk_sendmsg run #5: crashed: general protection fault in j1939_sk_sendmsg run #6: crashed: WARNING: refcount bug in j1939_netdev_start run #7: crashed: WARNING: refcount bug in j1939_netdev_start run #8: crashed: general protection fault in j1939_sk_sendmsg run #9: crashed: WARNING: refcount bug in j1939_netdev_start # git bisect bad 6338488356d2891869c9e143381f3bb71cfa2e30 Bisecting: 14 revisions left to test after this (roughly 4 steps) [8df9ffb888c021fa68f9075d545f2ec5eca37200] can: make use of preallocated can_ml_priv for per device struct can_dev_rcv_lists testing commit 8df9ffb888c021fa68f9075d545f2ec5eca37200 with gcc (GCC) 8.1.0 all runs: OK # git bisect good 8df9ffb888c021fa68f9075d545f2ec5eca37200 Bisecting: 7 revisions left to test after this (roughly 3 steps) [9d71dd0c70099914fcd063135da3c580865e924c] can: add support of SAE J1939 protocol testing commit 9d71dd0c70099914fcd063135da3c580865e924c with gcc (GCC) 8.1.0 run #0: crashed: general protection fault in j1939_sk_sendmsg run #1: crashed: WARNING: refcount bug in j1939_netdev_start run #2: crashed: WARNING: refcount bug in j1939_netdev_start run #3: crashed: general protection fault in j1939_sk_sendmsg run #4: crashed: general protection fault in j1939_sk_sendmsg run #5: crashed: WARNING: refcount bug in j1939_netdev_start run #6: crashed: general protection fault in j1939_sk_sendmsg run #7: crashed: general protection fault in j1939_sk_sendmsg run #8: crashed: WARNING: refcount bug in j1939_netdev_start run #9: crashed: WARNING: refcount bug in j1939_netdev_start # git bisect bad 9d71dd0c70099914fcd063135da3c580865e924c Bisecting: 3 revisions left to test after this (roughly 2 steps) [4f746fb4951834ba71d590d430f27dee54f9d9a0] mailmap: update email address testing commit 4f746fb4951834ba71d590d430f27dee54f9d9a0 with gcc (GCC) 8.1.0 all runs: OK # git bisect good 4f746fb4951834ba71d590d430f27dee54f9d9a0 Bisecting: 1 revision left to test after this (roughly 1 step) [2a0c9aaa6247c817e45bfc1aaa5eaeafe7a331d6] can: add socket type for CAN_J1939 testing commit 2a0c9aaa6247c817e45bfc1aaa5eaeafe7a331d6 with gcc (GCC) 8.1.0 all runs: OK # git bisect good 2a0c9aaa6247c817e45bfc1aaa5eaeafe7a331d6 Bisecting: 0 revisions left to test after this (roughly 0 steps) [f5223e9eee651e005c0f6d6d078909087601b7e9] can: extend sockaddr_can to include j1939 members testing commit f5223e9eee651e005c0f6d6d078909087601b7e9 with gcc (GCC) 8.1.0 all runs: OK # git bisect good f5223e9eee651e005c0f6d6d078909087601b7e9 9d71dd0c70099914fcd063135da3c580865e924c is the first bad commit commit 9d71dd0c70099914fcd063135da3c580865e924c Author: The j1939 authors Date: Mon Oct 8 11:48:36 2018 +0200 can: add support of SAE J1939 protocol SAE J1939 is the vehicle bus recommended practice used for communication and diagnostics among vehicle components. Originating in the car and heavy-duty truck industry in the United States, it is now widely used in other parts of the world. J1939, ISO 11783 and NMEA 2000 all share the same high level protocol. SAE J1939 can be considered the replacement for the older SAE J1708 and SAE J1587 specifications. Acked-by: Oliver Hartkopp Signed-off-by: Bastian Stender Signed-off-by: Elenita Hinds Signed-off-by: kbuild test robot Signed-off-by: Kurt Van Dijck Signed-off-by: Maxime Jayat Signed-off-by: Robin van der Gracht Signed-off-by: Oleksij Rempel Signed-off-by: Marc Kleine-Budde :040000 040000 6438450435a8d8353573ce224b3dc9bcc05336fa 7305e82a35c355e46b2660329eb868aa551e2b4c M Documentation :100644 100644 a081c477d1d16934701a8f744f6a44e0d280b3f9 844f416437c427107d7410ab5ab972a202ebe86a M MAINTAINERS :040000 040000 dd56832348e76ffa1949ca007d838d21854a0bfa dfca2d178b96f019a0a7ae1ab81a813b2064f5d3 M include :040000 040000 93492ef857a6d33d4eafc56c27db9f1e31803033 356932da79a67691bcedc6e71faa591f7e5f7392 M net revisions tested: 16, total time: 4h1m58.715430895s (build: 1h35m52.495825618s, test: 2h21m30.412939294s) first bad commit: 9d71dd0c70099914fcd063135da3c580865e924c can: add support of SAE J1939 protocol cc: ["bst@pengutronix.de" "dev.kurt@vandijck-laurijssen.be" "ecathinds@gmail.com" "linux-can@vger.kernel.org" "lkp@intel.com" "maxime.jayat@mobile-devices.fr" "mkl@pengutronix.de" "o.rempel@pengutronix.de" "robin@protonic.nl" "socketcan@hartkopp.net"] crash: WARNING: refcount bug in j1939_netdev_start ------------[ cut here ]------------ refcount_t: increment on 0; use-after-free. WARNING: CPU: 1 PID: 22387 at lib/refcount.c:156 refcount_inc_checked+0x2b/0x30 lib/refcount.c:156 Kernel panic - not syncing: panic_on_warn set ... CPU: 1 PID: 22387 Comm: syz-executor.5 Not tainted 5.3.0-rc7+ #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x113/0x167 lib/dump_stack.c:113 panic+0x223/0x4dc kernel/panic.c:219 __warn.cold.10+0x1b/0x37 kernel/panic.c:576 report_bug+0x1a4/0x200 lib/bug.c:186 fixup_bug arch/x86/kernel/traps.c:179 [inline] do_error_trap+0x11b/0x200 arch/x86/kernel/traps.c:272 do_invalid_op+0x36/0x40 arch/x86/kernel/traps.c:291 invalid_op+0x23/0x30 arch/x86/entry/entry_64.S:1028 RIP: 0010:refcount_inc_checked+0x2b/0x30 lib/refcount.c:156 Code: 48 89 e5 e8 97 fe ff ff 84 c0 74 02 5d c3 80 3d 29 a1 f3 05 00 75 f5 48 c7 c7 20 a1 42 87 c6 05 19 a1 f3 05 01 e8 97 57 3a fe <0f> 0b 5d c3 90 55 48 89 e5 41 56 41 55 49 89 fd 48 c7 c7 80 a1 42 RSP: 0018:ffff8880904d7ca0 EFLAGS: 00010282 RAX: 0000000000000000 RBX: ffff888091dd0e00 RCX: 0000000000000000 RDX: 0000000000000001 RSI: 0000000000000008 RDI: ffffffff89da9080 RBP: ffff8880904d7ca0 R08: 0000000000000006 R09: fffffbfff1347739 R10: fffffbfff1347738 R11: ffffffff89a3b9c7 R12: ffff888092798200 R13: 0000000000000000 R14: 00000000ffffffed R15: ffff88809f459680 kref_get include/linux/kref.h:45 [inline] j1939_netdev_start+0x49/0x510 net/can/j1939/main.c:247 j1939_sk_bind+0x5b6/0x870 net/can/j1939/socket.c:438 __sys_bind+0x1e1/0x230 net/socket.c:1647 __do_sys_bind net/socket.c:1658 [inline] __se_sys_bind net/socket.c:1656 [inline] __x64_sys_bind+0x6e/0xb0 net/socket.c:1656 do_syscall_64+0xd0/0x540 arch/x86/entry/common.c:296 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x45a219 Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007f70e41acc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000031 RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a219 RDX: 0000000000000018 RSI: 0000000020000240 RDI: 0000000000000005 RBP: 000000000075c118 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00007f70e41ad6d4 R13: 00000000004c057e R14: 00000000004d2c50 R15: 00000000ffffffff Kernel Offset: disabled Rebooting in 86400 seconds..