bisecting cause commit starting from caffb99b6929f41a69edbb5aef3a359bf45f3315 building syzkaller on bd28eb9d7873a6a3232f8c5011e3175e2c9e8319 testing commit caffb99b6929f41a69edbb5aef3a359bf45f3315 with gcc (GCC) 8.1.0 kernel signature: fa48120effb74f0aa102d2534644431afdd1cad09632ba7e043876485f4d66c5 all runs: crashed: general protection fault in sock_recvmsg testing release v5.6 testing commit 7111951b8d4973bda27ff663f2cf18b663d15b48 with gcc (GCC) 8.1.0 kernel signature: 4a987b5e1779e1ed535c28bac2343fe6e426d9d519be3cb660732e3842ca0325 all runs: OK # git bisect start caffb99b6929f41a69edbb5aef3a359bf45f3315 7111951b8d4973bda27ff663f2cf18b663d15b48 Bisecting: 7406 revisions left to test after this (roughly 13 steps) [f365ab31efacb70bed1e821f7435626e0b2528a6] Merge tag 'drm-next-2020-04-01' of git://anongit.freedesktop.org/drm/drm testing commit f365ab31efacb70bed1e821f7435626e0b2528a6 with gcc (GCC) 8.1.0 kernel signature: 9c8a4f3ad94a68b62954491823ee7e61ea05cd5095f15c76fbd31189af3f498a all runs: OK # git bisect good f365ab31efacb70bed1e821f7435626e0b2528a6 Bisecting: 3712 revisions left to test after this (roughly 12 steps) [347619565197ae0e62a755efc4a80904d66fc0a1] Merge tag 'clk-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/clk/linux testing commit 347619565197ae0e62a755efc4a80904d66fc0a1 with gcc (GCC) 8.1.0 kernel signature: a04b04b1dab25a0e060c7e30d6b2008b28e52e7edb219d49016bf69fe9e7976c all runs: OK # git bisect good 347619565197ae0e62a755efc4a80904d66fc0a1 Bisecting: 1855 revisions left to test after this (roughly 11 steps) [bf9196d51f7d7222875916c685653981088668b1] Merge tag 'block-5.7-2020-04-17' of git://git.kernel.dk/linux-block testing commit bf9196d51f7d7222875916c685653981088668b1 with gcc (GCC) 8.1.0 kernel signature: ede1387fcbf6b0e464cca1e196948221811541c8fbd7e4c5816d0c575bb581e4 all runs: OK # git bisect good bf9196d51f7d7222875916c685653981088668b1 Bisecting: 927 revisions left to test after this (roughly 10 steps) [d5fef88ccbd3a2d3674e6cc868804a519ef9e5b6] Merge tag 'renesas-fixes-for-v5.7-tag2' of git://git.kernel.org/pub/scm/linux/kernel/git/geert/renesas-devel into arm/fixes testing commit d5fef88ccbd3a2d3674e6cc868804a519ef9e5b6 with gcc (GCC) 8.1.0 kernel signature: 865f154b36f76825966abf56ee595ee4a31537f7a3af742cd585ebf9e8b5fd83 all runs: OK # git bisect good d5fef88ccbd3a2d3674e6cc868804a519ef9e5b6 Bisecting: 465 revisions left to test after this (roughly 9 steps) [01d8a7480304a2f0e196459eb4061e171d9e9922] Merge tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux testing commit 01d8a7480304a2f0e196459eb4061e171d9e9922 with gcc (GCC) 8.1.0 kernel signature: befe5aff92d851bc4e44d877b1b7098a505ec57236c0d7924bd5a270beb79945 all runs: crashed: general protection fault in sock_recvmsg # git bisect bad 01d8a7480304a2f0e196459eb4061e171d9e9922 Bisecting: 237 revisions left to test after this (roughly 8 steps) [af38553c661207f96464e15f3506bf788daee474] Merge branch 'akpm' (patches from Andrew) testing commit af38553c661207f96464e15f3506bf788daee474 with gcc (GCC) 8.1.0 kernel signature: 886b203c3fc2a0a8b3f312d8a48190952e331349b6883a931656eda13d80509c all runs: crashed: general protection fault in sock_recvmsg # git bisect bad af38553c661207f96464e15f3506bf788daee474 Bisecting: 111 revisions left to test after this (roughly 7 steps) [657221598f820ff860972b67583fb91d9ab7caf4] net: dsa: remove duplicate assignment in dsa_slave_add_cls_matchall_mirred testing commit 657221598f820ff860972b67583fb91d9ab7caf4 with gcc (GCC) 8.1.0 kernel signature: 69951c93bfb1232124667c02e6efb4ea37eb3a06493faf0e712d6927ed77a088 all runs: crashed: general protection fault in sock_recvmsg # git bisect bad 657221598f820ff860972b67583fb91d9ab7caf4 Bisecting: 55 revisions left to test after this (roughly 6 steps) [de04604e2314ac2c9fa37e071270f6bc157844a9] Merge branch 'ionic-fw-upgrade-bug-fixes' testing commit de04604e2314ac2c9fa37e071270f6bc157844a9 with gcc (GCC) 8.1.0 kernel signature: 976ca06006840ce0d4177c0a4aae64c433b95dd76dcbc825f874c9e349bdbdea all runs: crashed: general protection fault in sock_recvmsg # git bisect bad de04604e2314ac2c9fa37e071270f6bc157844a9 Bisecting: 27 revisions left to test after this (roughly 5 steps) [8999dc89497ab1c80d0718828e838c7cd5f6bffe] net/x25: Fix null-ptr-deref in x25_disconnect testing commit 8999dc89497ab1c80d0718828e838c7cd5f6bffe with gcc (GCC) 8.1.0 kernel signature: 995e47261e750203d2fe9b7858439d8b554ac67a0d3d5af70b7afd4078a2d738 all runs: OK # git bisect good 8999dc89497ab1c80d0718828e838c7cd5f6bffe Bisecting: 14 revisions left to test after this (roughly 4 steps) [67b38de646894c9a94fe4d6d17719e70cc6028eb] net/mlx5e: Fix q counters on uplink representors testing commit 67b38de646894c9a94fe4d6d17719e70cc6028eb with gcc (GCC) 8.1.0 kernel signature: a62290fb6ff8efe037b08538257efc2b181762654687876fb8a7fe3da98a5e3b all runs: OK # git bisect good 67b38de646894c9a94fe4d6d17719e70cc6028eb Bisecting: 7 revisions left to test after this (roughly 3 steps) [ac2b47fb92c50682d89d7350a491a6a392bac5dd] mptcp: fix uninitialized value access testing commit ac2b47fb92c50682d89d7350a491a6a392bac5dd with gcc (GCC) 8.1.0 kernel signature: 38c6f714adc06dfcbcaaec1606ab130b1e33b370fcfb2322b8b56cd6374d3a73 all runs: crashed: general protection fault in sock_recvmsg # git bisect bad ac2b47fb92c50682d89d7350a491a6a392bac5dd Bisecting: 3 revisions left to test after this (roughly 2 steps) [d6085fe19b8ec53d8ea2d8a10390b7ab6978ac44] mptcp: avoid a WARN on bad input. testing commit d6085fe19b8ec53d8ea2d8a10390b7ab6978ac44 with gcc (GCC) 8.1.0 kernel signature: 2ed9d2091f76f56e7dc4cbbd0da5c4771e921aad51c1809459ad04b17dd393ef all runs: crashed: general protection fault in sock_recvmsg # git bisect bad d6085fe19b8ec53d8ea2d8a10390b7ab6978ac44 Bisecting: 0 revisions left to test after this (roughly 1 step) [cfde141ea3faa30e362bbdb5c28001bbbdb0b8e0] mptcp: move option parsing into mptcp_incoming_options() testing commit cfde141ea3faa30e362bbdb5c28001bbbdb0b8e0 with gcc (GCC) 8.1.0 kernel signature: 4fde9cac8d001e6a58652b775b55b0edc1558f7505a4c6a34ac05992d5705bac all runs: crashed: general protection fault in sock_recvmsg # git bisect bad cfde141ea3faa30e362bbdb5c28001bbbdb0b8e0 Bisecting: 0 revisions left to test after this (roughly 0 steps) [263e1201a2c324b60b15ecda5de9ebf1e7293e31] mptcp: consolidate synack processing. testing commit 263e1201a2c324b60b15ecda5de9ebf1e7293e31 with gcc (GCC) 8.1.0 kernel signature: c3fb070b5d0e5fcced1126aa93447896aac3fb2790cff75928c4c5a01acd86cd all runs: crashed: WARNING in warn_bad_map # git bisect bad 263e1201a2c324b60b15ecda5de9ebf1e7293e31 263e1201a2c324b60b15ecda5de9ebf1e7293e31 is the first bad commit commit 263e1201a2c324b60b15ecda5de9ebf1e7293e31 Author: Paolo Abeni Date: Thu Apr 30 15:01:51 2020 +0200 mptcp: consolidate synack processing. Currently the MPTCP code uses 2 hooks to process syn-ack packets, mptcp_rcv_synsent() and the sk_rx_dst_set() callback. We can drop the first, moving the relevant code into the latter, reducing the hooking into the TCP code. This is also needed by the next patch. v1 -> v2: - use local tcp sock ptr instead of casting the sk variable several times - DaveM Signed-off-by: Paolo Abeni Signed-off-by: David S. Miller include/net/mptcp.h | 1 - net/ipv4/tcp_input.c | 3 --- net/mptcp/options.c | 22 ---------------------- net/mptcp/subflow.c | 27 ++++++++++++++++++++++++--- 4 files changed, 24 insertions(+), 29 deletions(-) parent commit 30724ccbfc8325cade4a2d36cd1f75b06341d9eb wasn't tested testing commit 30724ccbfc8325cade4a2d36cd1f75b06341d9eb with gcc (GCC) 8.1.0 kernel signature: f0f0b210313d414855a59d91c3f6f47f5d7c9fcdc745569bd3ea8de05c1ba669 culprit signature: c3fb070b5d0e5fcced1126aa93447896aac3fb2790cff75928c4c5a01acd86cd parent signature: f0f0b210313d414855a59d91c3f6f47f5d7c9fcdc745569bd3ea8de05c1ba669 revisions tested: 16, total time: 3h24m33.147448154s (build: 1h42m3.943743028s, test: 1h41m19.687139116s) first bad commit: 263e1201a2c324b60b15ecda5de9ebf1e7293e31 mptcp: consolidate synack processing. cc: ["davem@davemloft.net" "edumazet@google.com" "kuba@kernel.org" "kuznet@ms2.inr.ac.ru" "linux-kernel@vger.kernel.org" "mathew.j.martineau@linux.intel.com" "matthieu.baerts@tessares.net" "mptcp@lists.01.org" "netdev@vger.kernel.org" "pabeni@redhat.com" "yoshfuji@linux-ipv6.org"] crash: WARNING in warn_bad_map ------------[ cut here ]------------ Bad mapping: ssn=2587084 map_seq=1 map_data_len=32740 WARNING: CPU: 1 PID: 8434 at net/mptcp/subflow.c:556 warn_bad_map.isra.6.part.7+0x70/0xa0 net/mptcp/subflow.c:555 Kernel panic - not syncing: panic_on_warn set ... CPU: 1 PID: 8434 Comm: syz-executor.0 Not tainted 5.7.0-rc2-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x128/0x182 lib/dump_stack.c:118 panic+0x22a/0x4e3 kernel/panic.c:221 __warn.cold.10+0x25/0x26 kernel/panic.c:582 report_bug+0x1ad/0x270 lib/bug.c:195 fixup_bug arch/x86/kernel/traps.c:175 [inline] do_error_trap+0x123/0x210 arch/x86/kernel/traps.c:267 do_invalid_op+0x31/0x40 arch/x86/kernel/traps.c:286 invalid_op+0x23/0x30 arch/x86/entry/entry_64.S:1027 RIP: 0010:warn_bad_map.isra.6.part.7+0x70/0xa0 net/mptcp/subflow.c:555 Code: 0e 48 c1 ea 03 0f b6 14 02 48 89 d8 83 e0 07 83 c0 03 38 d0 7c 04 84 d2 75 19 8b 13 89 ee 48 c7 c7 80 d0 4c 88 e8 fc d7 16 fa <0f> 0b 48 83 c4 08 5b 5d c3 48 89 df 89 0c 24 e8 3c da 75 fa 8b 0c RSP: 0018:ffffc90008c1f0d0 EFLAGS: 00010282 RAX: 0000000000000000 RBX: ffff88809f2bdc3c RCX: 0000000000000006 RDX: 1ffffffff11a8cf4 RSI: 0000000000000008 RDI: 0000000000000282 RBP: 00000000002779cc R08: fffffbfff16abd4d R09: fffffbfff16abd4d R10: ffffffff8b55ea67 R11: fffffbfff16abd4c R12: ffff88809f2bdc00 R13: ffff888096fac3e0 R14: ffff88809f2bdc3c R15: ffff88809f2bdc44 warn_bad_map net/mptcp/subflow.c:587 [inline] validate_mapping net/mptcp/subflow.c:587 [inline] get_mapping_status net/mptcp/subflow.c:700 [inline] subflow_check_data_avail net/mptcp/subflow.c:738 [inline] mptcp_subflow_data_available+0x10ea/0x1e70 net/mptcp/subflow.c:834 subflow_data_ready+0xdd/0x130 net/mptcp/subflow.c:857 tcp_data_queue+0xcc9/0x3c70 net/ipv4/tcp_input.c:4833 tcp_rcv_established+0x9f1/0x1f40 net/ipv4/tcp_input.c:5727 tcp_v4_do_rcv+0x517/0x790 net/ipv4/tcp_ipv4.c:1621 sk_backlog_rcv include/net/sock.h:996 [inline] __release_sock+0x116/0x350 net/core/sock.c:2459 release_sock+0x4a/0x170 net/core/sock.c:2975 sk_stream_wait_memory+0x4a8/0xc10 net/core/stream.c:145 do_tcp_sendpages+0x6c9/0x1d70 net/ipv4/tcp.c:1068 mptcp_sendmsg_frag+0xf71/0x1ae0 net/mptcp/protocol.c:592 mptcp_sendmsg+0x3f3/0xa10 net/mptcp/protocol.c:763 sock_sendmsg_nosec net/socket.c:652 [inline] sock_sendmsg+0xac/0xe0 net/socket.c:672 sock_write_iter+0x218/0x380 net/socket.c:1004 call_write_iter include/linux/fs.h:1907 [inline] do_iter_readv_writev+0x4f1/0x7c0 fs/read_write.c:694 do_iter_write+0x129/0x540 fs/read_write.c:999 vfs_writev+0x16d/0x2d0 fs/read_write.c:1072 do_writev+0x214/0x280 fs/read_write.c:1115 do_syscall_64+0xc6/0x620 arch/x86/entry/common.c:295 entry_SYSCALL_64_after_hwframe+0x49/0xb3 RIP: 0033:0x45ca29 Code: 0d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007f9174164c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 RAX: ffffffffffffffda RBX: 000000000050d640 RCX: 000000000045ca29 RDX: 0000000000000001 RSI: 0000000020000200 RDI: 0000000000000003 RBP: 000000000078bfa0 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff R13: 0000000000000d20 R14: 00000000004cb469 R15: 00007f91741656d4 Kernel Offset: disabled Rebooting in 86400 seconds..