bisecting cause commit starting from 00aff6836241ae5654895dcea10e6d4fc5878ca6 building syzkaller on dc438b91deb00a8ad5634a9c55903e0b1a537c61 testing commit 00aff6836241ae5654895dcea10e6d4fc5878ca6 with gcc (GCC) 8.1.0 run #0: crashed: KASAN: use-after-free Read in j1939_session_get_by_addr run #1: crashed: KASAN: use-after-free Read in j1939_session_get_by_addr run #2: crashed: KASAN: use-after-free Read in j1939_session_get_by_addr run #3: crashed: KASAN: use-after-free Read in j1939_session_get_by_addr run #4: crashed: KASAN: use-after-free Read in j1939_session_get_by_addr run #5: crashed: general protection fault in j1939_sk_sendmsg run #6: crashed: KASAN: use-after-free Read in j1939_session_get_by_addr run #7: crashed: KASAN: use-after-free Read in j1939_session_get_by_addr run #8: crashed: general protection fault in j1939_sk_sendmsg run #9: crashed: general protection fault in j1939_sk_sendmsg testing release v5.3 testing commit 4d856f72c10ecb060868ed10ff1b1453943fc6c8 with gcc (GCC) 8.1.0 all runs: OK # git bisect start 00aff6836241ae5654895dcea10e6d4fc5878ca6 4d856f72c10ecb060868ed10ff1b1453943fc6c8 Bisecting: 7647 revisions left to test after this (roughly 13 steps) [ff175d0b0eab99f512b9afdb571f0ed18b63f533] netfilter: nf_tables_offload: fix always true policy is unset check testing commit ff175d0b0eab99f512b9afdb571f0ed18b63f533 with gcc (GCC) 8.1.0 run #0: crashed: KASAN: use-after-free Read in j1939_session_get_by_addr run #1: crashed: KASAN: use-after-free Read in j1939_session_get_by_addr run #2: crashed: KASAN: use-after-free Read in j1939_session_get_by_addr run #3: crashed: general protection fault in j1939_sk_sendmsg run #4: crashed: general protection fault in j1939_sk_sendmsg run #5: crashed: general protection fault in j1939_sk_sendmsg run #6: crashed: general protection fault in j1939_sk_sendmsg run #7: crashed: KASAN: use-after-free Read in j1939_session_get_by_addr run #8: crashed: general protection fault in j1939_sk_sendmsg run #9: crashed: general protection fault in j1939_sk_sendmsg # git bisect bad ff175d0b0eab99f512b9afdb571f0ed18b63f533 Bisecting: 3815 revisions left to test after this (roughly 12 steps) [d2aaa49e281959828370667edbc1cdcc7fc4026a] Merge tag 'acpi-5.4-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm testing commit d2aaa49e281959828370667edbc1cdcc7fc4026a with gcc (GCC) 8.1.0 all runs: OK # git bisect good d2aaa49e281959828370667edbc1cdcc7fc4026a Bisecting: 1907 revisions left to test after this (roughly 11 steps) [eaa4950c22643511b01a2025e9b5417fc29e04cb] i40e: remove I40E_AQC_ADD_CLOUD_FILTER_OIP testing commit eaa4950c22643511b01a2025e9b5417fc29e04cb with gcc (GCC) 8.1.0 run #0: crashed: KASAN: use-after-free Read in j1939_session_get_by_addr run #1: crashed: KASAN: use-after-free Read in j1939_session_get_by_addr run #2: crashed: KASAN: use-after-free Read in j1939_session_get_by_addr run #3: crashed: KASAN: use-after-free Read in j1939_session_get_by_addr run #4: crashed: KASAN: use-after-free Read in j1939_session_get_by_addr run #5: crashed: KASAN: use-after-free Read in j1939_session_get_by_addr run #6: crashed: KASAN: use-after-free Read in j1939_session_get_by_addr run #7: crashed: general protection fault in j1939_sk_sendmsg run #8: crashed: KASAN: use-after-free Read in j1939_session_get_by_addr_locked run #9: crashed: general protection fault in j1939_sk_sendmsg # git bisect bad eaa4950c22643511b01a2025e9b5417fc29e04cb Bisecting: 953 revisions left to test after this (roughly 10 steps) [21f7981b4bd904871c6bbd67333cf0f69ff7c06a] mac80211: minstrel_ht: fix default max throughput rate indexes testing commit 21f7981b4bd904871c6bbd67333cf0f69ff7c06a with gcc (GCC) 8.1.0 all runs: OK # git bisect good 21f7981b4bd904871c6bbd67333cf0f69ff7c06a Bisecting: 476 revisions left to test after this (roughly 9 steps) [34cdcb165b05acfce9b0b6611306ec24740ea91b] ice: Update fields in ice_vsi_set_num_qs when reconfiguring testing commit 34cdcb165b05acfce9b0b6611306ec24740ea91b with gcc (GCC) 8.1.0 run #0: crashed: KASAN: use-after-free Read in j1939_session_get_by_addr run #1: crashed: KASAN: use-after-free Read in j1939_session_get_by_addr run #2: crashed: KASAN: use-after-free Read in j1939_session_get_by_addr run #3: crashed: KASAN: use-after-free Read in j1939_session_get_by_addr run #4: crashed: KASAN: use-after-free Read in j1939_session_get_by_addr run #5: crashed: general protection fault in j1939_sk_sendmsg run #6: crashed: general protection fault in j1939_sk_sendmsg run #7: crashed: general protection fault in j1939_sk_sendmsg run #8: crashed: general protection fault in j1939_sk_sendmsg run #9: crashed: general protection fault in j1939_sk_sendmsg # git bisect bad 34cdcb165b05acfce9b0b6611306ec24740ea91b Bisecting: 238 revisions left to test after this (roughly 8 steps) [b4e11253b1f3c1a27083f6a0d63ce69826c5d48d] Merge branch 'r8169-add-support-for-RTL8125' testing commit b4e11253b1f3c1a27083f6a0d63ce69826c5d48d with gcc (GCC) 8.1.0 all runs: OK # git bisect good b4e11253b1f3c1a27083f6a0d63ce69826c5d48d Bisecting: 123 revisions left to test after this (roughly 7 steps) [94810bd365cbcce4abc4af497aef4b68db7b4f2a] Merge tag 'mlx5-updates-2019-09-01-v2' of git://git.kernel.org/pub/scm/linux/kernel/git/saeed/linux testing commit 94810bd365cbcce4abc4af497aef4b68db7b4f2a with gcc (GCC) 8.1.0 all runs: OK # git bisect good 94810bd365cbcce4abc4af497aef4b68db7b4f2a Bisecting: 69 revisions left to test after this (roughly 6 steps) [f4d7c8e3da9173ac7b0498abc3aab0d320efe997] vsock/virtio: a better comment on credit update testing commit f4d7c8e3da9173ac7b0498abc3aab0d320efe997 with gcc (GCC) 8.1.0 all runs: OK # git bisect good f4d7c8e3da9173ac7b0498abc3aab0d320efe997 Bisecting: 26 revisions left to test after this (roughly 5 steps) [44c40910b66f786d33ffd2682ef38750eebb567c] Merge tag 'linux-can-next-for-5.4-20190904' of git://git.kernel.org/pub/scm/linux/kernel/git/mkl/linux-can-next testing commit 44c40910b66f786d33ffd2682ef38750eebb567c with gcc (GCC) 8.1.0 run #0: crashed: KASAN: use-after-free Read in j1939_session_get_by_addr run #1: crashed: KASAN: use-after-free Read in j1939_session_get_by_addr run #2: crashed: KASAN: use-after-free Read in j1939_session_get_by_addr run #3: crashed: general protection fault in j1939_sk_sendmsg run #4: crashed: general protection fault in j1939_sk_sendmsg run #5: crashed: general protection fault in j1939_sk_sendmsg run #6: crashed: KASAN: use-after-free Read in j1939_session_get_by_addr run #7: crashed: general protection fault in j1939_sk_sendmsg run #8: OK run #9: OK # git bisect bad 44c40910b66f786d33ffd2682ef38750eebb567c Bisecting: 21 revisions left to test after this (roughly 5 steps) [9d71dd0c70099914fcd063135da3c580865e924c] can: add support of SAE J1939 protocol testing commit 9d71dd0c70099914fcd063135da3c580865e924c with gcc (GCC) 8.1.0 run #0: crashed: KASAN: use-after-free Read in j1939_session_get_by_addr run #1: crashed: KASAN: use-after-free Read in j1939_session_get_by_addr run #2: crashed: KASAN: use-after-free Read in j1939_session_get_by_addr run #3: crashed: general protection fault in j1939_sk_sendmsg run #4: crashed: general protection fault in j1939_sk_sendmsg run #5: crashed: general protection fault in j1939_sk_sendmsg run #6: crashed: general protection fault in j1939_sk_sendmsg run #7: crashed: general protection fault in j1939_sk_sendmsg run #8: OK run #9: OK # git bisect bad 9d71dd0c70099914fcd063135da3c580865e924c Bisecting: 10 revisions left to test after this (roughly 3 steps) [6625a18e9ff6462ff81f740a331899b69ad6033e] can: af_can: give variable holding the CAN receiver and the receiver list a sensible name testing commit 6625a18e9ff6462ff81f740a331899b69ad6033e with gcc (GCC) 8.1.0 all runs: OK # git bisect good 6625a18e9ff6462ff81f740a331899b69ad6033e Bisecting: 5 revisions left to test after this (roughly 3 steps) [bdfb5765e45b86b599caf377a99826409f8403cb] can: af_can: remove NULL-ptr checks from users of can_dev_rcv_lists_find() testing commit bdfb5765e45b86b599caf377a99826409f8403cb with gcc (GCC) 8.1.0 all runs: OK # git bisect good bdfb5765e45b86b599caf377a99826409f8403cb Bisecting: 2 revisions left to test after this (roughly 2 steps) [9868b5d44f3df9dd75247acd23dddff0a42f79be] can: introduce CAN_REQUIRED_SIZE macro testing commit 9868b5d44f3df9dd75247acd23dddff0a42f79be with gcc (GCC) 8.1.0 all runs: OK # git bisect good 9868b5d44f3df9dd75247acd23dddff0a42f79be Bisecting: 0 revisions left to test after this (roughly 1 step) [f5223e9eee651e005c0f6d6d078909087601b7e9] can: extend sockaddr_can to include j1939 members testing commit f5223e9eee651e005c0f6d6d078909087601b7e9 with gcc (GCC) 8.1.0 all runs: OK # git bisect good f5223e9eee651e005c0f6d6d078909087601b7e9 9d71dd0c70099914fcd063135da3c580865e924c is the first bad commit commit 9d71dd0c70099914fcd063135da3c580865e924c Author: The j1939 authors Date: Mon Oct 8 11:48:36 2018 +0200 can: add support of SAE J1939 protocol SAE J1939 is the vehicle bus recommended practice used for communication and diagnostics among vehicle components. Originating in the car and heavy-duty truck industry in the United States, it is now widely used in other parts of the world. J1939, ISO 11783 and NMEA 2000 all share the same high level protocol. SAE J1939 can be considered the replacement for the older SAE J1708 and SAE J1587 specifications. Acked-by: Oliver Hartkopp Signed-off-by: Bastian Stender Signed-off-by: Elenita Hinds Signed-off-by: kbuild test robot Signed-off-by: Kurt Van Dijck Signed-off-by: Maxime Jayat Signed-off-by: Robin van der Gracht Signed-off-by: Oleksij Rempel Signed-off-by: Marc Kleine-Budde :040000 040000 6438450435a8d8353573ce224b3dc9bcc05336fa 7305e82a35c355e46b2660329eb868aa551e2b4c M Documentation :100644 100644 a081c477d1d16934701a8f744f6a44e0d280b3f9 844f416437c427107d7410ab5ab972a202ebe86a M MAINTAINERS :040000 040000 dd56832348e76ffa1949ca007d838d21854a0bfa dfca2d178b96f019a0a7ae1ab81a813b2064f5d3 M include :040000 040000 93492ef857a6d33d4eafc56c27db9f1e31803033 356932da79a67691bcedc6e71faa591f7e5f7392 M net revisions tested: 16, total time: 4h24m21.110046773s (build: 1h33m19.781300828s, test: 2h46m39.347065606s) first bad commit: 9d71dd0c70099914fcd063135da3c580865e924c can: add support of SAE J1939 protocol cc: ["bst@pengutronix.de" "dev.kurt@vandijck-laurijssen.be" "ecathinds@gmail.com" "linux-can@vger.kernel.org" "lkp@intel.com" "maxime.jayat@mobile-devices.fr" "mkl@pengutronix.de" "o.rempel@pengutronix.de" "robin@protonic.nl" "socketcan@hartkopp.net"] crash: general protection fault in j1939_sk_sendmsg kasan: CONFIG_KASAN_INLINE enabled kasan: GPF could be caused by NULL-ptr deref or user memory access general protection fault: 0000 [#1] PREEMPT SMP KASAN CPU: 0 PID: 11291 Comm: syz-executor.3 Not tainted 5.3.0-rc7+ #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:j1939_sk_send_loop net/can/j1939/socket.c:983 [inline] RIP: 0010:j1939_sk_sendmsg+0x596/0x1260 net/can/j1939/socket.c:1100 Code: 84 6b 07 00 00 48 8b 8d 50 ff ff ff b8 f9 06 00 00 48 81 f9 f9 06 00 00 48 0f 46 c1 48 89 85 68 ff ff ff 48 8b 85 38 ff ff ff <80> 38 00 0f 85 36 09 00 00 48 8b 85 48 ff ff ff 48 8b 58 48 48 8b RSP: 0018:ffff88808195f9e0 EFLAGS: 00010283 RAX: dffffc0000000009 RBX: 0000000000000000 RCX: 0000000000000009 RDX: 1ffffffff10653d4 RSI: ffff88808195fe88 RDI: ffffffff88329ea0 RBP: ffff88808195faf0 R08: 0000000000000006 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: ffff88809bdc4340 R13: ffff88809bdc4888 R14: 0000000000000000 R15: dffffc0000000000 FS: 00007fd368dfc700(0000) GS:ffff8880aea00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000000000075c000 CR3: 00000000985cf000 CR4: 00000000001406f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: sock_sendmsg_nosec net/socket.c:637 [inline] sock_sendmsg+0xb5/0xf0 net/socket.c:657 ___sys_sendmsg+0x647/0x950 net/socket.c:2311 __sys_sendmsg+0xd9/0x180 net/socket.c:2356 __do_sys_sendmsg net/socket.c:2365 [inline] __se_sys_sendmsg net/socket.c:2363 [inline] __x64_sys_sendmsg+0x73/0xb0 net/socket.c:2363 do_syscall_64+0xd0/0x540 arch/x86/entry/common.c:296 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x45a219 Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007fd368dfbc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a219 RDX: 0000000000000000 RSI: 0000000020000200 RDI: 0000000000000003 RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd368dfc6d4 R13: 00000000004c8692 R14: 00000000004dec20 R15: 00000000ffffffff Modules linked in: ---[ end trace 3fff0a5584e80471 ]--- RIP: 0010:j1939_sk_send_loop net/can/j1939/socket.c:983 [inline] RIP: 0010:j1939_sk_sendmsg+0x596/0x1260 net/can/j1939/socket.c:1100 Code: 84 6b 07 00 00 48 8b 8d 50 ff ff ff b8 f9 06 00 00 48 81 f9 f9 06 00 00 48 0f 46 c1 48 89 85 68 ff ff ff 48 8b 85 38 ff ff ff <80> 38 00 0f 85 36 09 00 00 48 8b 85 48 ff ff ff 48 8b 58 48 48 8b RSP: 0018:ffff88808195f9e0 EFLAGS: 00010283 RAX: dffffc0000000009 RBX: 0000000000000000 RCX: 0000000000000009 RDX: 1ffffffff10653d4 RSI: ffff88808195fe88 RDI: ffffffff88329ea0 RBP: ffff88808195faf0 R08: 0000000000000006 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: ffff88809bdc4340 R13: ffff88809bdc4888 R14: 0000000000000000 R15: dffffc0000000000 FS: 00007fd368dfc700(0000) GS:ffff8880aea00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000000000075c000 CR3: 00000000985cf000 CR4: 00000000001406f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400