bisecting cause commit starting from 0fda7600c2e174fe27e9cf02e78e345226e441fa
building syzkaller on 749688d22abef3f3cb9a0480e15c19a3f2ed8e13
testing commit 0fda7600c2e174fe27e9cf02e78e345226e441fa with gcc (GCC) 8.1.0
kernel signature: 39dfe1f9cdf78755832968bac89bce9f7cb501a684bd4b1b8e09b0b817963105
all runs: crashed: general protection fault in erspan_netlink_parms
testing release v5.5
testing commit d5226fa6dbae0569ee43ecfc08bdcd6770fc4755 with gcc (GCC) 8.1.0
kernel signature: 38d8f32640303e546e2d1e1b3f9526ee157c403fe6c8598a34731aa97d7a6d89
all runs: OK
# git bisect start 0fda7600c2e174fe27e9cf02e78e345226e441fa d5226fa6dbae0569ee43ecfc08bdcd6770fc4755
Bisecting: 7575 revisions left to test after this (roughly 13 steps)
[4cadc60d6bcfee9c626d4b55e9dc1475d21ad3bb] Merge tag 'for-v5.6' of git://git.kernel.org/pub/scm/linux/kernel/git/sre/linux-power-supply
testing commit 4cadc60d6bcfee9c626d4b55e9dc1475d21ad3bb with gcc (GCC) 8.1.0
kernel signature: caeef6f54f27829d5908f4ea9f6400d7202ee7d47c74a8cffdbab82cebf7aba0
all runs: OK
# git bisect good 4cadc60d6bcfee9c626d4b55e9dc1475d21ad3bb
Bisecting: 3791 revisions left to test after this (roughly 12 steps)
[d60ddd244215da7c695cba858427094d8e366aa7] Merge tag 'for-linus' of git://git.armlinux.org.uk/~rmk/linux-arm
testing commit d60ddd244215da7c695cba858427094d8e366aa7 with gcc (GCC) 8.1.0
kernel signature: 3793b2aaeaa05066902d74ca193ca677085ded8628bb25946f1b705959dfd41d
all runs: OK
# git bisect good d60ddd244215da7c695cba858427094d8e366aa7
Bisecting: 1880 revisions left to test after this (roughly 11 steps)
[5939224ccdcc9244ab82cdbdc9d21eb019f7db6a] Merge tag 'armsoc-defconfig' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc
testing commit 5939224ccdcc9244ab82cdbdc9d21eb019f7db6a with gcc (GCC) 8.1.0
kernel signature: 73903b32b0a062ac88fc5035d3c3090ccae92342a64871ad3f8883ac8f1abc0d
all runs: OK
# git bisect good 5939224ccdcc9244ab82cdbdc9d21eb019f7db6a
Bisecting: 940 revisions left to test after this (roughly 10 steps)
[d07c849cd2b97d6809430dfb7e738ad31088037a] net: ll_temac: Add more error handling of dma_map_single() calls
testing commit d07c849cd2b97d6809430dfb7e738ad31088037a with gcc (GCC) 8.1.0
kernel signature: 51733c7312d6191ceaed62aa68f5d0b55d498de79a58afeef32117a6267cc4d3
run #0: OK
run #1: OK
run #2: OK
run #3: OK
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: boot failed: can't ssh into the instance
# git bisect good d07c849cd2b97d6809430dfb7e738ad31088037a
Bisecting: 469 revisions left to test after this (roughly 9 steps)
[b0b8a945ea29166706611820e609bce23e278f6b] Merge tag 'devprop-5.6-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm
testing commit b0b8a945ea29166706611820e609bce23e278f6b with gcc (GCC) 8.1.0
kernel signature: b8901ea6e4787ab7907f6c456e417ebc9c05b563d9e04bb1b03732b945f56592
all runs: OK
# git bisect good b0b8a945ea29166706611820e609bce23e278f6b
Bisecting: 234 revisions left to test after this (roughly 8 steps)
[c67b35d970ed3391069c21f3071a26f687399ab2] drm/i915: Actually emit the await_start
testing commit c67b35d970ed3391069c21f3071a26f687399ab2 with gcc (GCC) 8.1.0
kernel signature: d439f2255e01263154dc69558110c957cc9e8735cb486b6ef845ea3ec62286bf
all runs: OK
# git bisect good c67b35d970ed3391069c21f3071a26f687399ab2
Bisecting: 117 revisions left to test after this (roughly 7 steps)
[5eb01ddfcfb25e6ebc404a41deae946bde776731] net: hns3: fix "tc qdisc del" failed issue
testing commit 5eb01ddfcfb25e6ebc404a41deae946bde776731 with gcc (GCC) 8.1.0
kernel signature: 4e9d028c1e98cee3eb91455d6048bd846734f5d27410071633a621bca3f20e6d
all runs: OK
# git bisect good 5eb01ddfcfb25e6ebc404a41deae946bde776731
Bisecting: 61 revisions left to test after this (roughly 6 steps)
[807f030b44ccbb26a346df6f6438628315d9ad98] Merge branch 'fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
testing commit 807f030b44ccbb26a346df6f6438628315d9ad98 with gcc (GCC) 8.1.0
kernel signature: fefb05c63a40b6d716a0716e200a7c92b31c23874a78a65e27324118626c0216
all runs: OK
# git bisect good 807f030b44ccbb26a346df6f6438628315d9ad98
Bisecting: 34 revisions left to test after this (roughly 5 steps)
[0d81a3f29c0afb18ba2b1275dcccf21e0dd4da38] Merge tag 'drm-fixes-2020-03-13' of git://anongit.freedesktop.org/drm/drm
testing commit 0d81a3f29c0afb18ba2b1275dcccf21e0dd4da38 with gcc (GCC) 8.1.0
kernel signature: f63e3a7ab2ae80ba11885c868e3e3364c0056b6a9af2767c7dce522b89b13783
all runs: OK
# git bisect good 0d81a3f29c0afb18ba2b1275dcccf21e0dd4da38
Bisecting: 19 revisions left to test after this (roughly 4 steps)
[242a6df688dcad7c55105280a79aaff83addf7ce] Merge git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf
testing commit 242a6df688dcad7c55105280a79aaff83addf7ce with gcc (GCC) 8.1.0
kernel signature: 056ab166283020fb5f7b4784269ecbff6a673d71962e5db53c67a5d26b9f00f5
all runs: OK
# git bisect good 242a6df688dcad7c55105280a79aaff83addf7ce
Bisecting: 9 revisions left to test after this (roughly 3 steps)
[c80b18cbb04b7b101af9bd14550f13d9866c646a] rtlwifi: rtl8188ee: Fix regression due to commit d1d1a96bdb44
testing commit c80b18cbb04b7b101af9bd14550f13d9866c646a with gcc (GCC) 8.1.0
kernel signature: 7ae56e71cb5ea8a7a4b6aca0e4c594f66c41498d7e1b0aa602338dba67c5141c
all runs: OK
# git bisect good c80b18cbb04b7b101af9bd14550f13d9866c646a
Bisecting: 4 revisions left to test after this (roughly 2 steps)
[13d0f7b814d9b4c67e60d8c2820c86ea181e7d99] net/bpfilter: fix dprintf usage for /dev/kmsg
testing commit 13d0f7b814d9b4c67e60d8c2820c86ea181e7d99 with gcc (GCC) 8.1.0
kernel signature: 48b29ffacd64916300183c63e9511c67b8c60d78f87c44caaad893f4d3a41f1c
all runs: OK
# git bisect good 13d0f7b814d9b4c67e60d8c2820c86ea181e7d99
Bisecting: 2 revisions left to test after this (roughly 1 step)
[46ea929b2b3f66e6a9bc91adbb9ca2157065f9b2] cxgb4: fix delete filter entry fail in unload path
testing commit 46ea929b2b3f66e6a9bc91adbb9ca2157065f9b2 with gcc (GCC) 8.1.0
kernel signature: 9d6bbc3d75e149a989f5f1d2732551c7b46e874b88eb3c4d41c6b9cf271e59bb
all runs: OK
# git bisect good 46ea929b2b3f66e6a9bc91adbb9ca2157065f9b2
Bisecting: 0 revisions left to test after this (roughly 1 step)
[61fad6816fc10fb8793a925d5c1256d1c3db0cd2] net/packet: tpacket_rcv: avoid a producer race condition
testing commit 61fad6816fc10fb8793a925d5c1256d1c3db0cd2 with gcc (GCC) 8.1.0
kernel signature: 6db01503c492718183ac9cb3f1cd85e31581fd41083494f5e4840cbf636fb184
all runs: crashed: general protection fault in erspan_netlink_parms
# git bisect bad 61fad6816fc10fb8793a925d5c1256d1c3db0cd2
Bisecting: 0 revisions left to test after this (roughly 0 steps)
[e1f8f78ffe9854308b9e12a73ebe4e909074fc33] net: ip_gre: Separate ERSPAN newlink / changelink callbacks
testing commit e1f8f78ffe9854308b9e12a73ebe4e909074fc33 with gcc (GCC) 8.1.0
kernel signature: 3218301a24e1b0b4913b5d734c7095621cb31860921c9a0249ac91418919dcbf
all runs: crashed: general protection fault in erspan_netlink_parms
# git bisect bad e1f8f78ffe9854308b9e12a73ebe4e909074fc33
e1f8f78ffe9854308b9e12a73ebe4e909074fc33 is the first bad commit
commit e1f8f78ffe9854308b9e12a73ebe4e909074fc33
Author: Petr Machata <petrm@mellanox.com>
Date:   Fri Mar 13 13:39:36 2020 +0200

    net: ip_gre: Separate ERSPAN newlink / changelink callbacks
    
    ERSPAN shares most of the code path with GRE and gretap code. While that
    helps keep the code compact, it is also error prone. Currently a broken
    userspace can turn a gretap tunnel into a de facto ERSPAN one by passing
    IFLA_GRE_ERSPAN_VER. There has been a similar issue in ip6gretap in the
    past.
    
    To prevent these problems in future, split the newlink and changelink code
    paths. Split the ERSPAN code out of ipgre_netlink_parms() into a new
    function erspan_netlink_parms(). Extract a piece of common logic from
    ipgre_newlink() and ipgre_changelink() into ipgre_newlink_encap_setup().
    Add erspan_newlink() and erspan_changelink().
    
    Fixes: 84e54fe0a5ea ("gre: introduce native tunnel support for ERSPAN")
    Signed-off-by: Petr Machata <petrm@mellanox.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>

 net/ipv4/ip_gre.c | 103 ++++++++++++++++++++++++++++++++++++++++++++----------
 1 file changed, 85 insertions(+), 18 deletions(-)
culprit signature: 3218301a24e1b0b4913b5d734c7095621cb31860921c9a0249ac91418919dcbf
parent  signature: 9d6bbc3d75e149a989f5f1d2732551c7b46e874b88eb3c4d41c6b9cf271e59bb
revisions tested: 17, total time: 4h32m51.269652493s (build: 1h52m40.463884633s, test: 2h38m27.367884533s)
first bad commit: e1f8f78ffe9854308b9e12a73ebe4e909074fc33 net: ip_gre: Separate ERSPAN newlink / changelink callbacks
cc: ["davem@davemloft.net" "kuba@kernel.org" "kuznet@ms2.inr.ac.ru" "linux-kernel@vger.kernel.org" "netdev@vger.kernel.org" "petrm@mellanox.com" "yoshfuji@linux-ipv6.org"]
crash: general protection fault in erspan_netlink_parms
netlink: 4 bytes leftover after parsing attributes in process `syz-executor.5'.
general protection fault, probably for non-canonical address 0xdffffc0000000016: 0000 [#1] PREEMPT SMP KASAN
KASAN: null-ptr-deref in range [0x00000000000000b0-0x00000000000000b7]
CPU: 1 PID: 8456 Comm: syz-executor.5 Not tainted 5.6.0-rc5-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:erspan_netlink_parms.isra.18+0x33/0x3f0 net/ipv4/ip_gre.c:1172
Code: f3 48 83 ec 08 e8 4d f5 ff ff 85 c0 0f 85 b7 00 00 00 48 8d bb b0 00 00 00 48 ba 00 00 00 00 00 fc ff df 48 89 f9 48 c1 e9 03 <80> 3c 11 00 0f 85 cc 02 00 00 4c 8b a3 b0 00 00 00 4d 85 e4 0f 84
RSP: 0018:ffffc90002d970c8 EFLAGS: 00010202
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000016
RDX: dffffc0000000000 RSI: 0000000000000000 RDI: 00000000000000b0
RBP: ffff8880a9608000 R08: 0000000000000004 R09: ffffc90002d97150
R10: fffff520005b2e30 R11: 0000000000000003 R12: ffff8880a9608000
R13: 0000000000000000 R14: ffffc90002d97470 R15: ffff8880981df814
FS:  00007f0c01330700(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fc0b387b000 CR3: 0000000092fa3000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 erspan_newlink+0xec/0x110 net/ipv4/ip_gre.c:1341
 __rtnl_newlink+0xbe9/0x1250 net/core/rtnetlink.c:3319
 rtnl_newlink+0x5c/0x80 net/core/rtnetlink.c:3377
 rtnetlink_rcv_msg+0x346/0x8c0 net/core/rtnetlink.c:5436
 netlink_rcv_skb+0x119/0x340 net/netlink/af_netlink.c:2478
 netlink_unicast_kernel net/netlink/af_netlink.c:1303 [inline]
 netlink_unicast+0x434/0x630 net/netlink/af_netlink.c:1329
 netlink_sendmsg+0x714/0xc60 net/netlink/af_netlink.c:1918
 sock_sendmsg_nosec net/socket.c:652 [inline]
 sock_sendmsg+0xac/0xe0 net/socket.c:672
 ____sys_sendmsg+0x54e/0x750 net/socket.c:2343
 ___sys_sendmsg+0xe4/0x160 net/socket.c:2397
 __sys_sendmsg+0xce/0x170 net/socket.c:2430
 do_syscall_64+0xc6/0x620 arch/x86/entry/common.c:294
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x45c849
Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007f0c0132fc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00007f0c013306d4 RCX: 000000000045c849
RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000003
RBP: 000000000076bf00 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
R13: 00000000000009f9 R14: 00000000004ccb17 R15: 000000000076bf0c
Modules linked in:
---[ end trace abccb3aad271dbde ]---
RIP: 0010:erspan_netlink_parms.isra.18+0x33/0x3f0 net/ipv4/ip_gre.c:1172
Code: f3 48 83 ec 08 e8 4d f5 ff ff 85 c0 0f 85 b7 00 00 00 48 8d bb b0 00 00 00 48 ba 00 00 00 00 00 fc ff df 48 89 f9 48 c1 e9 03 <80> 3c 11 00 0f 85 cc 02 00 00 4c 8b a3 b0 00 00 00 4d 85 e4 0f 84
RSP: 0018:ffffc90002d970c8 EFLAGS: 00010202
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000016
RDX: dffffc0000000000 RSI: 0000000000000000 RDI: 00000000000000b0
RBP: ffff8880a9608000 R08: 0000000000000004 R09: ffffc90002d97150
R10: fffff520005b2e30 R11: 0000000000000003 R12: ffff8880a9608000
R13: 0000000000000000 R14: ffffc90002d97470 R15: ffff8880981df814
FS:  00007f0c01330700(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000000093be80 CR3: 0000000092fa3000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400