bisecting cause commit starting from 4f2c17e0f3324b3b82a3e0985245aefd6dcc5495
building syzkaller on 8eda0b957e5b39c0c525e74f51d6b39ab8c5b1ac
testing commit 4f2c17e0f3324b3b82a3e0985245aefd6dcc5495 with gcc (GCC) 8.1.0
kernel signature: 78edf95935cb65aab89c9f8144e22d5e2e170f4d
all runs: crashed: general protection fault in nf_flow_table_offload_setup
testing release v5.4
testing commit 219d54332a09e8d8741c1e1982f5eae56099de85 with gcc (GCC) 8.1.0
kernel signature: bbef161d31e168c6575550e3a1072f75c7ae0e42
all runs: OK
# git bisect start 4f2c17e0f3324b3b82a3e0985245aefd6dcc5495 219d54332a09e8d8741c1e1982f5eae56099de85
Bisecting: 7690 revisions left to test after this (roughly 13 steps)
[a6ed68d6468bd5a3da78a103344ded1435fed57a] Merge tag 'drm-next-2019-11-27' of git://anongit.freedesktop.org/drm/drm
testing commit a6ed68d6468bd5a3da78a103344ded1435fed57a with gcc (GCC) 8.1.0
kernel signature: 7fe73ac8e3c4eb5a82922517642cdad2604e9bd4
all runs: OK
# git bisect good a6ed68d6468bd5a3da78a103344ded1435fed57a
Bisecting: 3608 revisions left to test after this (roughly 12 steps)
[eb275167d18684e07ee43bdc0e09a18326540461] Merge tag 'armsoc-dt' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc
testing commit eb275167d18684e07ee43bdc0e09a18326540461 with gcc (GCC) 8.1.0
kernel signature: a109e7d97ea11e4b29f4b77342b12490879bfaaa
all runs: OK
# git bisect good eb275167d18684e07ee43bdc0e09a18326540461
Bisecting: 1804 revisions left to test after this (roughly 11 steps)
[c79f46a282390e0f5b306007bf7b11a46d529538] Linux 5.5-rc5
testing commit c79f46a282390e0f5b306007bf7b11a46d529538 with gcc (GCC) 8.1.0
kernel signature: 970d5f694feff5e0f64f3a8d14225ee44eb7da6d
all runs: OK
# git bisect good c79f46a282390e0f5b306007bf7b11a46d529538
Bisecting: 946 revisions left to test after this (roughly 10 steps)
[b1daa4d194731ab484fb22742506dd25ad1a5628] Merge branch 'sfc-more-code-refactoring'
testing commit b1daa4d194731ab484fb22742506dd25ad1a5628 with gcc (GCC) 8.1.0
kernel signature: 89408532f93ad2e5128d8bac6da007f0890da7ef
all runs: OK
# git bisect good b1daa4d194731ab484fb22742506dd25ad1a5628
Bisecting: 472 revisions left to test after this (roughly 9 steps)
[8cac89909a30807eb4aba56a0e29f55e3b6df42f] Merge tag 'for-linus-2020-01-18' of git://git.kernel.org/pub/scm/linux/kernel/git/brauner/linux
testing commit 8cac89909a30807eb4aba56a0e29f55e3b6df42f with gcc (GCC) 8.1.0
kernel signature: 6c6b07e88bf1c84e24aa753c1a87b0c9490ecfcc
all runs: OK
# git bisect good 8cac89909a30807eb4aba56a0e29f55e3b6df42f
Bisecting: 236 revisions left to test after this (roughly 8 steps)
[95ae2d1d114989ce07db59dcf357eb78d7357fe1] Merge branch 'for-net-next' of git://git.kernel.org/pub/scm/linux/kernel/git/saeed/linux
testing commit 95ae2d1d114989ce07db59dcf357eb78d7357fe1 with gcc (GCC) 8.1.0
kernel signature: 8e8655d914a3318303f0d25125b8476d317bfb00
run #0: crashed: general protection fault in nf_flow_table_offload_setup
run #1: crashed: general protection fault in nf_flow_table_offload_setup
run #2: crashed: general protection fault in nf_flow_table_offload_setup
run #3: crashed: general protection fault in nf_flow_table_offload_setup
run #4: crashed: general protection fault in nf_flow_table_offload_setup
run #5: crashed: general protection fault in nf_flow_table_offload_setup
run #6: crashed: general protection fault in nf_flow_table_offload_setup
run #7: crashed: general protection fault in nf_flow_table_offload_setup
run #8: crashed: KASAN: unknown-crash Read in __nla_validate_parse
run #9: crashed: general protection fault in nf_flow_table_offload_setup
# git bisect bad 95ae2d1d114989ce07db59dcf357eb78d7357fe1
Bisecting: 117 revisions left to test after this (roughly 7 steps)
[5c937de78b39e47ce9924fc4b863c5b727edc328] net: macsec: PN wrap callback
testing commit 5c937de78b39e47ce9924fc4b863c5b727edc328 with gcc (GCC) 8.1.0
kernel signature: a7fcb051d9ce1aef0afe25318aec6daf92e2a994
all runs: OK
# git bisect good 5c937de78b39e47ce9924fc4b863c5b727edc328
Bisecting: 58 revisions left to test after this (roughly 6 steps)
[f698fe40829b21088d323c8b0a7c626571528fc6] netfilter: flowtable: refresh flow if hardware offload fails
testing commit f698fe40829b21088d323c8b0a7c626571528fc6 with gcc (GCC) 8.1.0
kernel signature: 6885259d264f2a02c86c38f425957b73ae28e4b9
all runs: OK
# git bisect good f698fe40829b21088d323c8b0a7c626571528fc6
Bisecting: 23 revisions left to test after this (roughly 5 steps)
[7f013edebaa4ea910bc88f324d24f6765435d644] Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next
testing commit 7f013edebaa4ea910bc88f324d24f6765435d644 with gcc (GCC) 8.1.0
kernel signature: 8a80fbf60aadbabde482072a692a2904c6abcd18
all runs: crashed: general protection fault in nf_flow_table_offload_setup
# git bisect bad 7f013edebaa4ea910bc88f324d24f6765435d644
Bisecting: 17 revisions left to test after this (roughly 4 steps)
[2da259c5fe1f528dd9bd4d0430a2732de18c190b] fm10k: use txqueue parameter in fm10k_tx_timeout
testing commit 2da259c5fe1f528dd9bd4d0430a2732de18c190b with gcc (GCC) 8.1.0
kernel signature: c35074ae8aa9f22ce3c63a9d3574db4f9f502b8f
all runs: OK
# git bisect good 2da259c5fe1f528dd9bd4d0430a2732de18c190b
Bisecting: 8 revisions left to test after this (roughly 3 steps)
[71d6ded3ac496f9a6563752917921b7db0f38a34] netfilter: bitwise: add helper for evaluating boolean operations.
testing commit 71d6ded3ac496f9a6563752917921b7db0f38a34 with gcc (GCC) 8.1.0
kernel signature: 9f8c7d30543cd788f7daceb5748c3bc3844e14c3
all runs: crashed: general protection fault in nf_flow_table_offload_setup
# git bisect bad 71d6ded3ac496f9a6563752917921b7db0f38a34
Bisecting: 4 revisions left to test after this (roughly 2 steps)
[fbf19ddf396b3526718a64e24ace316c64d3ed1f] netfilter: nf_tables: white-space fixes.
testing commit fbf19ddf396b3526718a64e24ace316c64d3ed1f with gcc (GCC) 8.1.0
kernel signature: 43cb20cfb992bc8a4899c320e4c55f4bb88420f8
all runs: crashed: general protection fault in nf_flow_table_offload_setup
# git bisect bad fbf19ddf396b3526718a64e24ace316c64d3ed1f
Bisecting: 1 revision left to test after this (roughly 1 step)
[ae29045018c83495f8c5033afabbedc09f24d7c2] netfilter: flowtable: add nf_flow_offload_tuple() helper
testing commit ae29045018c83495f8c5033afabbedc09f24d7c2 with gcc (GCC) 8.1.0
kernel signature: 51dc175c70b9cdab07f3c48f9fda67d216d8d16c
all runs: OK
# git bisect good ae29045018c83495f8c5033afabbedc09f24d7c2
Bisecting: 0 revisions left to test after this (roughly 0 steps)
[a7965d58ddab0253ddfae58bd5c7d2de46ef0f76] netfilter: flowtable: add nf_flow_table_offload_cmd()
testing commit a7965d58ddab0253ddfae58bd5c7d2de46ef0f76 with gcc (GCC) 8.1.0
kernel signature: df07a8e29c6c1917410d960891aa46e02924f3e2
all runs: crashed: general protection fault in nf_flow_table_offload_setup
# git bisect bad a7965d58ddab0253ddfae58bd5c7d2de46ef0f76
a7965d58ddab0253ddfae58bd5c7d2de46ef0f76 is the first bad commit
commit a7965d58ddab0253ddfae58bd5c7d2de46ef0f76
Author: Pablo Neira Ayuso <pablo@netfilter.org>
Date:   Mon Jan 13 19:02:22 2020 +0100

    netfilter: flowtable: add nf_flow_table_offload_cmd()
    
    Split nf_flow_table_offload_setup() in two functions to make it more
    maintainable.
    
    Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

 net/netfilter/nf_flow_table_offload.c | 40 ++++++++++++++++++++++++-----------
 1 file changed, 28 insertions(+), 12 deletions(-)
culprit signature: df07a8e29c6c1917410d960891aa46e02924f3e2
parent  signature: 51dc175c70b9cdab07f3c48f9fda67d216d8d16c
revisions tested: 16, total time: 3h52m37.581113209s (build: 1h41m29.990236754s, test: 2h9m46.104947968s)
first bad commit: a7965d58ddab0253ddfae58bd5c7d2de46ef0f76 netfilter: flowtable: add nf_flow_table_offload_cmd()
cc: ["coreteam@netfilter.org" "davem@davemloft.net" "fw@strlen.de" "kadlec@netfilter.org" "linux-kernel@vger.kernel.org" "netdev@vger.kernel.org" "netfilter-devel@vger.kernel.org" "pablo@netfilter.org"]
crash: general protection fault in nf_flow_table_offload_setup
kasan: CONFIG_KASAN_INLINE enabled
kasan: GPF could be caused by NULL-ptr deref or user memory access
general protection fault: 0000 [#1] PREEMPT SMP KASAN
CPU: 0 PID: 8414 Comm: syz-executor.2 Not tainted 5.5.0-rc5-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:__list_splice include/linux/list.h:408 [inline]
RIP: 0010:list_splice include/linux/list.h:424 [inline]
RIP: 0010:nf_flow_table_block_setup net/netfilter/nf_flow_table_offload.c:825 [inline]
RIP: 0010:nf_flow_table_offload_setup+0x3e6/0x600 net/netfilter/nf_flow_table_offload.c:882
Code: 4c 8b bb 60 ff ff ff 48 ba 00 00 00 00 00 fc ff df 4d 8b ae 00 02 00 00 48 8b 9b 68 ff ff ff 49 8d 7f 08 48 89 f9 48 c1 e9 03 <80> 3c 11 00 0f 85 d8 01 00 00 48 89 da 49 89 47 08 48 b8 00 00 00
RSP: 0018:ffffc90002b37248 EFLAGS: 00010a06
RAX: ffff8880a2901a50 RBX: ffffffff8b4b2cb0 RCX: 16ed77c98ec9eb41
RDX: dffffc0000000000 RSI: ffff8880a4bd4000 RDI: b76bbe4c764f5a08
RBP: ffffc90002b37370 R08: ffff888092d6a180 R09: ffff8880950dc8d0
R10: fffffbfff1360648 R11: ffffffff89b03247 R12: 1ffff92000566e4d
R13: fffffbfff1061c31 R14: ffff8880a2901850 R15: b76bbe4c764f5a00
FS:  00007f6448404700(0000) GS:ffff8880aea00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000020003e00 CR3: 00000000980ba000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 nft_register_flowtable_net_hooks net/netfilter/nf_tables_api.c:6025 [inline]
 nf_tables_newflowtable+0x1168/0x2040 net/netfilter/nf_tables_api.c:6142
 nfnetlink_rcv_batch+0xc75/0x15b0 net/netfilter/nfnetlink.c:433
 nfnetlink_rcv_skb_batch net/netfilter/nfnetlink.c:543 [inline]
 nfnetlink_rcv+0x2eb/0x3b0 net/netfilter/nfnetlink.c:561
 netlink_unicast_kernel net/netlink/af_netlink.c:1302 [inline]
 netlink_unicast+0x474/0x6c0 net/netlink/af_netlink.c:1328
 netlink_sendmsg+0x7ab/0xd50 net/netlink/af_netlink.c:1917
 sock_sendmsg_nosec net/socket.c:652 [inline]
 sock_sendmsg+0xb5/0xf0 net/socket.c:672
 ____sys_sendmsg+0x603/0x950 net/socket.c:2343
 ___sys_sendmsg+0xe4/0x160 net/socket.c:2397
 __sys_sendmsg+0xd9/0x180 net/socket.c:2430
 __do_sys_sendmsg net/socket.c:2439 [inline]
 __se_sys_sendmsg net/socket.c:2437 [inline]
 __x64_sys_sendmsg+0x73/0xb0 net/socket.c:2437
 do_syscall_64+0xca/0x5f0 arch/x86/entry/common.c:294
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x45b349
Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007f6448403c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00007f64484046d4 RCX: 000000000045b349
RDX: 0000000000000000 RSI: 0000000020003e00 RDI: 0000000000000003
RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
R13: 0000000000000917 R14: 00000000004ca810 R15: 000000000075bf2c
Modules linked in:
---[ end trace 47fa65a1baf67420 ]---
RIP: 0010:__list_splice include/linux/list.h:408 [inline]
RIP: 0010:list_splice include/linux/list.h:424 [inline]
RIP: 0010:nf_flow_table_block_setup net/netfilter/nf_flow_table_offload.c:825 [inline]
RIP: 0010:nf_flow_table_offload_setup+0x3e6/0x600 net/netfilter/nf_flow_table_offload.c:882
Code: 4c 8b bb 60 ff ff ff 48 ba 00 00 00 00 00 fc ff df 4d 8b ae 00 02 00 00 48 8b 9b 68 ff ff ff 49 8d 7f 08 48 89 f9 48 c1 e9 03 <80> 3c 11 00 0f 85 d8 01 00 00 48 89 da 49 89 47 08 48 b8 00 00 00
RSP: 0018:ffffc90002b37248 EFLAGS: 00010a06
RAX: ffff8880a2901a50 RBX: ffffffff8b4b2cb0 RCX: 16ed77c98ec9eb41
RDX: dffffc0000000000 RSI: ffff8880a4bd4000 RDI: b76bbe4c764f5a08
RBP: ffffc90002b37370 R08: ffff888092d6a180 R09: ffff8880950dc8d0
R10: fffffbfff1360648 R11: ffffffff89b03247 R12: 1ffff92000566e4d
R13: fffffbfff1061c31 R14: ffff8880a2901850 R15: b76bbe4c764f5a00
FS:  00007f6448404700(0000) GS:ffff8880aea00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000020003e00 CR3: 00000000980ba000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400