bisecting cause commit starting from 92ed301919932f777713b9172e525674157e983d building syzkaller on 512651955aad51ef5f916aa2d84732e84d1c5e48 testing commit 92ed301919932f777713b9172e525674157e983d with gcc (GCC) 8.1.0 kernel signature: 40e1282a190c77a828ba164dccca94010dc82824d994d6d4817971a874491c4e all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in vsock_poll testing release v5.7 testing commit 3d77e6a8804abcc0504c904bd6e5cdf3a5cf8162 with gcc (GCC) 8.1.0 kernel signature: b97e5719799ef227068f4f8c198a8cfc10b324e812d03dff3093d0f5764ce8dd all runs: crashed: general protection fault in vsock_poll testing release v5.6 testing commit 7111951b8d4973bda27ff663f2cf18b663d15b48 with gcc (GCC) 8.1.0 kernel signature: e456ca4dea7e76674ea42ef496194f31f7c6d187ab1471558ca186ba5e092c91 all runs: crashed: general protection fault in vsock_poll testing release v5.5 testing commit d5226fa6dbae0569ee43ecfc08bdcd6770fc4755 with gcc (GCC) 8.1.0 kernel signature: d72933c05806669a6f3e9fd3cbbca6f99c5099a7f39fe754421e3125f290ed08 all runs: OK # git bisect start 7111951b8d4973bda27ff663f2cf18b663d15b48 d5226fa6dbae0569ee43ecfc08bdcd6770fc4755 Bisecting: 6113 revisions left to test after this (roughly 13 steps) [9f68e3655aae6d49d6ba05dd263f99f33c2567af] Merge tag 'drm-next-2020-01-30' of git://anongit.freedesktop.org/drm/drm testing commit 9f68e3655aae6d49d6ba05dd263f99f33c2567af with gcc (GCC) 8.1.0 kernel signature: 6c92e4a7262a6055a713655158faa4f605b3103da2f22454c2aae4428fc0e25b run #0: crashed: general protection fault in vsock_poll run #1: crashed: general protection fault in vsock_poll run #2: crashed: general protection fault in vsock_poll run #3: crashed: general protection fault in vsock_poll run #4: crashed: general protection fault in vsock_poll run #5: crashed: general protection fault in vsock_poll run #6: crashed: general protection fault in vsock_poll run #7: crashed: general protection fault in vsock_poll run #8: crashed: general protection fault in vsock_poll run #9: boot failed: can't ssh into the instance # git bisect bad 9f68e3655aae6d49d6ba05dd263f99f33c2567af Bisecting: 3686 revisions left to test after this (roughly 12 steps) [fb95aae6e67c4e319a24b3eea32032d4246a5335] Merge tag 'sound-5.6-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound testing commit fb95aae6e67c4e319a24b3eea32032d4246a5335 with gcc (GCC) 8.1.0 kernel signature: b8ce11ca27d79c45f244075c29a0ecb25548df7e8e28139d76ddac4311572f23 all runs: crashed: general protection fault in vsock_poll # git bisect bad fb95aae6e67c4e319a24b3eea32032d4246a5335 Bisecting: 2267 revisions left to test after this (roughly 11 steps) [f76e4c167ea2212e23c15ee7e601a865e822c291] net: phy: add default ARCH_BCM_IPROC for MDIO_BCM_IPROC testing commit f76e4c167ea2212e23c15ee7e601a865e822c291 with gcc (GCC) 8.1.0 kernel signature: 8a1437a42f56d26977ebf53c4cdd4685149ed3a2a20edaee4ee9102357a36bcc all runs: crashed: general protection fault in vsock_poll # git bisect bad f76e4c167ea2212e23c15ee7e601a865e822c291 Bisecting: 810 revisions left to test after this (roughly 10 steps) [f41aa387a7896c193b384c5fb531cd2cb9e00128] Merge branch 'selftest-makefile-cleanup' testing commit f41aa387a7896c193b384c5fb531cd2cb9e00128 with gcc (GCC) 8.1.0 kernel signature: 810cfb446996b2dcb09ea412c66f5b29af3961f7b4294043575c60554839b279 all runs: crashed: general protection fault in vsock_poll # git bisect bad f41aa387a7896c193b384c5fb531cd2cb9e00128 Bisecting: 404 revisions left to test after this (roughly 9 steps) [9f6cff995e98258b6b81cc864532f633e5b3a081] Merge branch 'Simplify-IPv6-route-offload-API' testing commit 9f6cff995e98258b6b81cc864532f633e5b3a081 with gcc (GCC) 8.1.0 kernel signature: 02fe5448c92789c5f1b1f39ce83ea3fb21ee8dee36d8b1d51a63c12177691ae2 all runs: crashed: general protection fault in vsock_poll # git bisect bad 9f6cff995e98258b6b81cc864532f633e5b3a081 Bisecting: 202 revisions left to test after this (roughly 8 steps) [206f54b66cbf6f71e9e86f50f60ffdf7f565c3b7] net: bcmgenet: Utilize bcmgenet_set_features() during resume/open testing commit 206f54b66cbf6f71e9e86f50f60ffdf7f565c3b7 with gcc (GCC) 8.1.0 kernel signature: 304f64a65aed56bce29a812d00aa81a26102adf6d4edd666ca497763c6b64028 run #0: crashed: general protection fault in virtio_transport_send_pkt_info run #1: crashed: general protection fault in virtio_transport_send_pkt_info run #2: crashed: general protection fault in virtio_transport_send_pkt_info run #3: crashed: general protection fault in virtio_transport_send_pkt_info run #4: crashed: general protection fault in virtio_transport_send_pkt_info run #5: crashed: general protection fault in virtio_transport_send_pkt_info run #6: crashed: general protection fault in virtio_transport_send_pkt_info run #7: crashed: general protection fault in vsock_poll run #8: crashed: general protection fault in virtio_transport_send_pkt_info run #9: crashed: general protection fault in virtio_transport_send_pkt_info # git bisect bad 206f54b66cbf6f71e9e86f50f60ffdf7f565c3b7 Bisecting: 101 revisions left to test after this (roughly 7 steps) [a8674f753e36f566d6c1d992ab85323d784281d9] ipv4: Notify newly added route if should be offloaded testing commit a8674f753e36f566d6c1d992ab85323d784281d9 with gcc (GCC) 8.1.0 kernel signature: 253125234c3912b20a94e2cf680b8cc633dbc484cefd1b382ab1d09f58ca0c3e all runs: crashed: general protection fault in virtio_transport_send_pkt_info # git bisect bad a8674f753e36f566d6c1d992ab85323d784281d9 Bisecting: 49 revisions left to test after this (roughly 6 steps) [bea0f4a5115aaf6f59c6d2125f52ff149874b6d2] Merge branch 'sfp-slow-to-probe-copper' testing commit bea0f4a5115aaf6f59c6d2125f52ff149874b6d2 with gcc (GCC) 8.1.0 kernel signature: dee719bd55160cdb02e06315bb79f5b545faa7c73a5af7c9bba9691718012775 all runs: OK # git bisect good bea0f4a5115aaf6f59c6d2125f52ff149874b6d2 Bisecting: 24 revisions left to test after this (roughly 5 steps) [1d1997db870f4058676439ef7014390ba9e24eb2] Revert "nfp: abm: fix memory leak in nfp_abm_u32_knode_replace" testing commit 1d1997db870f4058676439ef7014390ba9e24eb2 with gcc (GCC) 8.1.0 kernel signature: 81de65586bc98d60ab9308abd49c26bfe4f5e077a0c50fb99c06df2c431603fc run #0: crashed: general protection fault in virtio_transport_send_pkt_info run #1: crashed: general protection fault in virtio_transport_send_pkt_info run #2: crashed: general protection fault in virtio_transport_send_pkt_info run #3: crashed: general protection fault in virtio_transport_send_pkt_info run #4: crashed: general protection fault in vsock_poll run #5: crashed: general protection fault in virtio_transport_send_pkt_info run #6: crashed: general protection fault in virtio_transport_send_pkt_info run #7: crashed: general protection fault in virtio_transport_send_pkt_info run #8: crashed: general protection fault in virtio_transport_send_pkt_info run #9: crashed: general protection fault in virtio_transport_send_pkt_info # git bisect bad 1d1997db870f4058676439ef7014390ba9e24eb2 Bisecting: 12 revisions left to test after this (roughly 4 steps) [32d5109a9d864aea3981f0b5ea736eee4e11b42a] netlink: rename nl80211_validate_nested() to nla_validate_nested() testing commit 32d5109a9d864aea3981f0b5ea736eee4e11b42a with gcc (GCC) 8.1.0 kernel signature: f511bd452117269ac805f74ffcda0acd674e0eb6a4865cb275c22e20f54a56d9 run #0: crashed: general protection fault in virtio_transport_send_pkt_info run #1: crashed: general protection fault in vsock_poll run #2: crashed: general protection fault in virtio_transport_send_pkt_info run #3: crashed: general protection fault in virtio_transport_send_pkt_info run #4: crashed: general protection fault in virtio_transport_send_pkt_info run #5: crashed: general protection fault in virtio_transport_send_pkt_info run #6: crashed: general protection fault in virtio_transport_send_pkt_info run #7: crashed: general protection fault in virtio_transport_send_pkt_info run #8: crashed: general protection fault in virtio_transport_send_pkt_info run #9: crashed: general protection fault in virtio_transport_send_pkt_info # git bisect bad 32d5109a9d864aea3981f0b5ea736eee4e11b42a Bisecting: 5 revisions left to test after this (roughly 3 steps) [bf5432b1de1fcfd1d389111c350b88dd238860ba] vsock/virtio: remove loopback handling testing commit bf5432b1de1fcfd1d389111c350b88dd238860ba with gcc (GCC) 8.1.0 kernel signature: 28227eea6031490888fdba5d76cc1d6245ffd53eff124384a07e3249478cdb2f all runs: crashed: general protection fault in virtio_transport_send_pkt_info # git bisect bad bf5432b1de1fcfd1d389111c350b88dd238860ba Bisecting: 2 revisions left to test after this (roughly 2 steps) [0e12190578d081d4fe54d41635ec6e5a6eb0d01a] vsock: add local transport support in the vsock core testing commit 0e12190578d081d4fe54d41635ec6e5a6eb0d01a with gcc (GCC) 8.1.0 kernel signature: 91982346932c080ccf1996e8d9445ea1c4f1d45ea2fd5cefa2a6b8e91870c2b9 all runs: OK # git bisect good 0e12190578d081d4fe54d41635ec6e5a6eb0d01a Bisecting: 0 revisions left to test after this (roughly 1 step) [408624af4c89989117bb2c6517bd50b7708a2fcd] vsock: use local transport when it is loaded testing commit 408624af4c89989117bb2c6517bd50b7708a2fcd with gcc (GCC) 8.1.0 kernel signature: 5f221530c3d72529812a3f2672d740e9e436c31694643c1522bb239dce969ddc all runs: crashed: general protection fault in virtio_transport_send_pkt_info # git bisect bad 408624af4c89989117bb2c6517bd50b7708a2fcd Bisecting: 0 revisions left to test after this (roughly 0 steps) [077263fba10011d7e1d17dc7691ff20c15c56081] vsock: add vsock_loopback transport testing commit 077263fba10011d7e1d17dc7691ff20c15c56081 with gcc (GCC) 8.1.0 kernel signature: 444fffcc75f1e519d2fb92e710de739a766b6adcfbb5f053132b700c7763da51 all runs: OK # git bisect good 077263fba10011d7e1d17dc7691ff20c15c56081 408624af4c89989117bb2c6517bd50b7708a2fcd is the first bad commit commit 408624af4c89989117bb2c6517bd50b7708a2fcd Author: Stefano Garzarella Date: Tue Dec 10 11:43:06 2019 +0100 vsock: use local transport when it is loaded Now that we have a transport that can handle the local communication, we can use it when it is loaded. A socket will use the local transport (loopback) when the remote CID is: - equal to VMADDR_CID_LOCAL - or equal to transport_g2h->get_local_cid(), if transport_g2h is loaded (this allows us to keep the same behavior implemented by virtio and vmci transports) - or equal to VMADDR_CID_HOST, if transport_g2h is not loaded Signed-off-by: Stefano Garzarella Signed-off-by: David S. Miller net/vmw_vsock/af_vsock.c | 28 +++++++++++++++++++++++----- 1 file changed, 23 insertions(+), 5 deletions(-) culprit signature: 5f221530c3d72529812a3f2672d740e9e436c31694643c1522bb239dce969ddc parent signature: 444fffcc75f1e519d2fb92e710de739a766b6adcfbb5f053132b700c7763da51 revisions tested: 18, total time: 3h30m45.016612889s (build: 1h55m29.35271756s, test: 1h32m56.298493492s) first bad commit: 408624af4c89989117bb2c6517bd50b7708a2fcd vsock: use local transport when it is loaded cc: ["davem@davemloft.net" "decui@microsoft.com" "jhansen@vmware.com" "kuba@kernel.org" "linux-kernel@vger.kernel.org" "netdev@vger.kernel.org" "sgarzare@redhat.com" "stefanha@redhat.com"] crash: general protection fault in virtio_transport_send_pkt_info kasan: CONFIG_KASAN_INLINE enabled kasan: GPF could be caused by NULL-ptr deref or user memory access general protection fault: 0000 [#1] PREEMPT SMP KASAN CPU: 0 PID: 8321 Comm: kworker/0:4 Not tainted 5.5.0-rc1-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: vsock-loopback vsock_loopback_work RIP: 0010:virtio_transport_send_pkt_info+0x5d/0x4d0 net/vmw_vsock/virtio_transport_common.c:169 Code: 0f 8e 66 03 00 00 48 89 df 44 8b 6d 18 e8 6b ec fe ff 48 ba 00 00 00 00 00 fc ff df 48 8d b8 e8 00 00 00 48 89 f9 48 c1 e9 03 <80> 3c 11 00 0f 85 9c 03 00 00 ff 90 e8 00 00 00 48 8d bb 84 04 00 RSP: 0018:ffffc90004137a38 EFLAGS: 00010206 RAX: 0000000000000000 RBX: ffff888087aff840 RCX: 000000000000001d RDX: dffffc0000000000 RSI: ffffc90004137aa8 RDI: 00000000000000e8 RBP: ffffc90004137aa8 R08: fffffbfff12dee49 R09: fffffbfff12dee49 R10: fffffbfff12dee48 R11: ffffffff896f7247 R12: ffff88809feb9c94 R13: 0000000000000000 R14: ffff88809feb9ca4 R15: ffff88809feb9c80 FS: 0000000000000000(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000b90004 CR3: 000000009e40c000 CR4: 00000000001406f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: virtio_transport_reset+0xcd/0x120 net/vmw_vsock/virtio_transport_common.c:683 virtio_transport_recv_listen net/vmw_vsock/virtio_transport_common.c:1032 [inline] virtio_transport_recv_pkt+0x139d/0x17a0 net/vmw_vsock/virtio_transport_common.c:1128 vsock_loopback_work+0x268/0x3e0 net/vmw_vsock/vsock_loopback.c:125 process_one_work+0x8d1/0x15b0 kernel/workqueue.c:2264 process_scheduled_works kernel/workqueue.c:2326 [inline] worker_thread+0x5aa/0xb50 kernel/workqueue.c:2412 kthread+0x31d/0x3e0 kernel/kthread.c:255 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:352 Modules linked in: ---[ end trace 8a0126522ee1ee03 ]--- RIP: 0010:virtio_transport_send_pkt_info+0x5d/0x4d0 net/vmw_vsock/virtio_transport_common.c:169 Code: 0f 8e 66 03 00 00 48 89 df 44 8b 6d 18 e8 6b ec fe ff 48 ba 00 00 00 00 00 fc ff df 48 8d b8 e8 00 00 00 48 89 f9 48 c1 e9 03 <80> 3c 11 00 0f 85 9c 03 00 00 ff 90 e8 00 00 00 48 8d bb 84 04 00 RSP: 0018:ffffc90004137a38 EFLAGS: 00010206 RAX: 0000000000000000 RBX: ffff888087aff840 RCX: 000000000000001d RDX: dffffc0000000000 RSI: ffffc90004137aa8 RDI: 00000000000000e8 RBP: ffffc90004137aa8 R08: fffffbfff12dee49 R09: fffffbfff12dee49 R10: fffffbfff12dee48 R11: ffffffff896f7247 R12: ffff88809feb9c94 R13: 0000000000000000 R14: ffff88809feb9ca4 R15: ffff88809feb9c80 FS: 0000000000000000(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f04c0bba008 CR3: 0000000097576000 CR4: 00000000001406f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400