bisecting cause commit starting from 4daa95af7f1c78fa6f8e2a92dc7d52c46443974e building syzkaller on 698773cb4fbe8873ee0a2c37b86caef01e2c6159 testing commit 4daa95af7f1c78fa6f8e2a92dc7d52c46443974e with gcc (GCC) 8.1.0 all runs: crashed: general protection fault in tcp_v6_send_reset testing release v5.1 testing commit e93c9c99a629c61837d5a7fc2120cd2b6c70dbdd with gcc (GCC) 8.1.0 all runs: OK # git bisect start 4daa95af7f1c78fa6f8e2a92dc7d52c46443974e v5.1 Bisecting: 7413 revisions left to test after this (roughly 13 steps) [f4d9a23d3dad0252f375901bf4ff6523a2c97241] sparc64: simplify reduce_memory() function testing commit f4d9a23d3dad0252f375901bf4ff6523a2c97241 with gcc (GCC) 8.1.0 all runs: OK # git bisect good f4d9a23d3dad0252f375901bf4ff6523a2c97241 Bisecting: 3719 revisions left to test after this (roughly 12 steps) [640be2d1ffbc1946f1547eb89b5005ed7542de99] kernel/memremap.c: remove the unused device_private_entry_fault() export testing commit 640be2d1ffbc1946f1547eb89b5005ed7542de99 with gcc (GCC) 8.1.0 all runs: OK # git bisect good 640be2d1ffbc1946f1547eb89b5005ed7542de99 Bisecting: 1878 revisions left to test after this (roughly 11 steps) [8122de54602e30f0a73228ab6459a3654e652b92] dt-bindings: Convert vendor prefixes to json-schema testing commit 8122de54602e30f0a73228ab6459a3654e652b92 with gcc (GCC) 8.1.0 all runs: OK # git bisect good 8122de54602e30f0a73228ab6459a3654e652b92 Bisecting: 938 revisions left to test after this (roughly 10 steps) [c3bc6debb4c7555e7fb1b104ffda416e89570b50] Merge branch 'Fixes-for-DSA-tagging-using-802-1Q' testing commit c3bc6debb4c7555e7fb1b104ffda416e89570b50 with gcc (GCC) 8.1.0 all runs: OK # git bisect good c3bc6debb4c7555e7fb1b104ffda416e89570b50 Bisecting: 321 revisions left to test after this (roughly 9 steps) [b4b12b0d2f02613101a7a667ef7b7cc8d388e597] Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net testing commit b4b12b0d2f02613101a7a667ef7b7cc8d388e597 with gcc (GCC) 8.1.0 all runs: OK # git bisect good b4b12b0d2f02613101a7a667ef7b7cc8d388e597 Bisecting: 160 revisions left to test after this (roughly 7 steps) [315c28d2b714f2c52c0b22f38dbf9b44f8f0c9e4] net: ena: ethtool: add extra properties retrieval via get_priv_flags testing commit 315c28d2b714f2c52c0b22f38dbf9b44f8f0c9e4 with gcc (GCC) 8.1.0 all runs: OK # git bisect good 315c28d2b714f2c52c0b22f38dbf9b44f8f0c9e4 Bisecting: 80 revisions left to test after this (roughly 6 steps) [fa4dfc4a94da180a5ab7e91a501fed86352abfd4] netdevsim: implement fake flash updating with notifications testing commit fa4dfc4a94da180a5ab7e91a501fed86352abfd4 with gcc (GCC) 8.1.0 all runs: OK # git bisect good fa4dfc4a94da180a5ab7e91a501fed86352abfd4 Bisecting: 40 revisions left to test after this (roughly 5 steps) [25e992a4603cd5284127e2a6fda6b05bd58d12ed] r8169: rename r8169.c to r8169_main.c testing commit 25e992a4603cd5284127e2a6fda6b05bd58d12ed with gcc (GCC) 8.1.0 all runs: OK # git bisect good 25e992a4603cd5284127e2a6fda6b05bd58d12ed Bisecting: 20 revisions left to test after this (roughly 4 steps) [745b32c1a3faddbc5b96aade83c677454401f2e6] i40e: Do not check VF state in i40e_ndo_get_vf_config testing commit 745b32c1a3faddbc5b96aade83c677454401f2e6 with gcc (GCC) 8.1.0 all runs: OK # git bisect good 745b32c1a3faddbc5b96aade83c677454401f2e6 Bisecting: 10 revisions left to test after this (roughly 3 steps) [d2facb4b3983425f6776c24dd678a82dbe673773] net: stmmac: modify default value of tx-frames testing commit d2facb4b3983425f6776c24dd678a82dbe673773 with gcc (GCC) 8.1.0 all runs: OK # git bisect good d2facb4b3983425f6776c24dd678a82dbe673773 Bisecting: 5 revisions left to test after this (roughly 3 steps) [8b5e07d7ee95e3c22cb301731f87d95f58639591] inet_connection_sock: remove unused parameter of reqsk_queue_unlink func testing commit 8b5e07d7ee95e3c22cb301731f87d95f58639591 with gcc (GCC) 8.1.0 all runs: OK # git bisect good 8b5e07d7ee95e3c22cb301731f87d95f58639591 Bisecting: 2 revisions left to test after this (roughly 2 steps) [50a8accf10627b343109a9c9d5c361751bf753b0] ipv6: tcp: send consistent flowlabel in TIME_WAIT state testing commit 50a8accf10627b343109a9c9d5c361751bf753b0 with gcc (GCC) 8.1.0 all runs: crashed: general protection fault in tcp_v6_send_reset # git bisect bad 50a8accf10627b343109a9c9d5c361751bf753b0 Bisecting: 0 revisions left to test after this (roughly 1 step) [323a53c41292a0d7efc8748856c623324c8d7c21] ipv6: tcp: enable flowlabel reflection in some RST packets testing commit 323a53c41292a0d7efc8748856c623324c8d7c21 with gcc (GCC) 8.1.0 all runs: crashed: general protection fault in tcp_v6_send_reset # git bisect bad 323a53c41292a0d7efc8748856c623324c8d7c21 Bisecting: 0 revisions left to test after this (roughly 0 steps) [e736bf72af568d0a04f186e1c5dde6789b19c35e] lib: objagg: Use struct_size() in kzalloc() testing commit e736bf72af568d0a04f186e1c5dde6789b19c35e with gcc (GCC) 8.1.0 all runs: OK # git bisect good e736bf72af568d0a04f186e1c5dde6789b19c35e 323a53c41292a0d7efc8748856c623324c8d7c21 is the first bad commit commit 323a53c41292a0d7efc8748856c623324c8d7c21 Author: Eric Dumazet Date: Wed Jun 5 07:55:09 2019 -0700 ipv6: tcp: enable flowlabel reflection in some RST packets When RST packets are sent because no socket could be found, it makes sense to use flowlabel_reflect sysctl to decide if a reflection of the flowlabel is requested. This extends commit 22b6722bfa59 ("ipv6: Add sysctl for per namespace flow label reflection"), for some TCP RST packets. In order to provide full control of this new feature, flowlabel_reflect becomes a bitmask. Signed-off-by: Eric Dumazet Signed-off-by: David S. Miller :040000 040000 75fd2632070add2f8bc3bb2205b4a06d0aea8ab2 b1cbafdf193d349b3349c95ac7837ec8a02f0daf M Documentation :040000 040000 31842dd649829ff3e8a6b682a0affc4456835024 6980537979a4342c72d9e0d5ab57365b1e8e04b1 M net revisions tested: 16, total time: 4h17m2.700314269s (build: 1h30m34.85840792s, test: 2h42m1.494271731s) first bad commit: 323a53c41292a0d7efc8748856c623324c8d7c21 ipv6: tcp: enable flowlabel reflection in some RST packets cc: ["corbet@lwn.net" "davem@davemloft.net" "edumazet@google.com" "kuznet@ms2.inr.ac.ru" "linux-doc@vger.kernel.org" "linux-kernel@vger.kernel.org" "netdev@vger.kernel.org" "yoshfuji@linux-ipv6.org"] crash: general protection fault in tcp_v6_send_reset kasan: CONFIG_KASAN_INLINE enabled kasan: GPF could be caused by NULL-ptr deref or user memory access general protection fault: 0000 [#1] PREEMPT SMP KASAN CPU: 1 PID: 7449 Comm: syz-executor.0 Not tainted 5.2.0-rc2+ #1 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:tcp_v6_send_reset+0x195/0xe30 net/ipv6/tcp_ipv6.c:941 Code: 83 e1 01 4d 85 e4 0f 84 4c 02 00 00 48 85 c9 0f 85 f3 02 00 00 48 83 e0 fe 48 ba 00 00 00 00 00 fc ff df 48 89 c1 48 c1 e9 03 <80> 3c 11 00 0f 85 0b 0a 00 00 48 ba 00 00 00 00 00 fc ff df 48 8b RSP: 0018:ffff88807a397b80 EFLAGS: 00010246 RAX: 0000000000000000 RBX: ffff8880a3fc2a10 RCX: 0000000000000000 RDX: dffffc0000000000 RSI: 0000000000000005 RDI: ffff88808d0226d4 RBP: ffff88807a397c30 R08: ffffed100f472f38 R09: ffffed100f472f37 R10: ffff88807a397c40 R11: 0000000000000110 R12: ffff888098bc4c40 R13: ffff8880a3fc2900 R14: ffff88808d022620 R15: 00000000000000e8 FS: 0000555555ffd940(0000) GS:ffff8880aeb00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000020000200 CR3: 0000000099416000 CR4: 00000000001406e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: tcp_v6_do_rcv+0x6b4/0x11c0 net/ipv6/tcp_ipv6.c:1377 sk_backlog_rcv include/net/sock.h:950 [inline] __release_sock+0x10b/0x330 net/core/sock.c:2418 tcp_close+0x541/0xf20 net/ipv4/tcp.c:2420 inet_release+0xb4/0x1b0 net/ipv4/af_inet.c:431 inet6_release+0x46/0x60 net/ipv6/af_inet6.c:474 __sock_release+0xc2/0x290 net/socket.c:607 sock_close+0x10/0x20 net/socket.c:1279 __fput+0x25a/0x770 fs/file_table.c:280 ____fput+0x9/0x10 fs/file_table.c:313 task_work_run+0x108/0x180 kernel/task_work.c:113 tracehook_notify_resume include/linux/tracehook.h:188 [inline] exit_to_usermode_loop+0x1a9/0x200 arch/x86/entry/common.c:168 prepare_exit_to_usermode arch/x86/entry/common.c:199 [inline] syscall_return_slowpath arch/x86/entry/common.c:279 [inline] do_syscall_64+0x447/0x530 arch/x86/entry/common.c:304 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x412f61 Code: 75 14 b8 03 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 1b 00 00 c3 48 83 ec 08 e8 0a fc ff ff 48 89 04 24 b8 03 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fc ff ff 48 89 d0 48 83 c4 08 48 3d 01 RSP: 002b:00007ffcd0740900 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 RAX: 0000000000000000 RBX: 0000000000000004 RCX: 0000000000412f61 RDX: 0000001b2bd20000 RSI: 0000000000000000 RDI: 0000000000000003 RBP: 0000000000000001 R08: ffffffffffffffff R09: ffffffffffffffff R10: 00007ffcd07409e0 R11: 0000000000000293 R12: 0000000000760830 R13: 000000000000db04 R14: 000000000000db31 R15: 000000000075bf2c Modules linked in: ---[ end trace 0573a67949e2e29f ]--- RIP: 0010:tcp_v6_send_reset+0x195/0xe30 net/ipv6/tcp_ipv6.c:941 Code: 83 e1 01 4d 85 e4 0f 84 4c 02 00 00 48 85 c9 0f 85 f3 02 00 00 48 83 e0 fe 48 ba 00 00 00 00 00 fc ff df 48 89 c1 48 c1 e9 03 <80> 3c 11 00 0f 85 0b 0a 00 00 48 ba 00 00 00 00 00 fc ff df 48 8b RSP: 0018:ffff88807a397b80 EFLAGS: 00010246 RAX: 0000000000000000 RBX: ffff8880a3fc2a10 RCX: 0000000000000000 RDX: dffffc0000000000 RSI: 0000000000000005 RDI: ffff88808d0226d4 RBP: ffff88807a397c30 R08: ffffed100f472f38 R09: ffffed100f472f37 R10: ffff88807a397c40 R11: 0000000000000110 R12: ffff888098bc4c40 R13: ffff8880a3fc2900 R14: ffff88808d022620 R15: 00000000000000e8 FS: 0000555555ffd940(0000) GS:ffff8880aeb00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000020000200 CR3: 0000000099416000 CR4: 00000000001406e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400