bisecting fixing commit since 4fccc2503536a564a4ba31a1d50439854201659f
building syzkaller on 2c36e7a75f8689b3da20e1a81a2ee5391f3af6e5
testing commit 4fccc2503536a564a4ba31a1d50439854201659f with gcc (GCC) 8.1.0
kernel signature: 1416ed317e00a30f68cb5dbf6d0b1960a0488a637c09bf4ed695a4233ad22ffc
all runs: crashed: general protection fault in macvlan_hard_header
testing current HEAD 7edd66cf61670d2d0c31f89cb3a247016e489a8a
testing commit 7edd66cf61670d2d0c31f89cb3a247016e489a8a with gcc (GCC) 8.1.0
kernel signature: 89dc69d08b51f6220b63efbadecc2e068b770c0e9c4209fd6f4c6610a034326f
all runs: crashed: general protection fault in macvlan_hard_header
revisions tested: 2, total time: 25m32.837829803s (build: 18m22.663527013s, test: 6m19.09841848s)
the crash still happens on HEAD
commit msg: Linux 4.19.118
crash: general protection fault in macvlan_hard_header
team0: Device macvtap0 is up. Set it down before adding it as a team port
team0: Device macvtap0 is up. Set it down before adding it as a team port
kasan: CONFIG_KASAN_INLINE enabled
netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'.
kasan: GPF could be caused by NULL-ptr deref or user memory access
general protection fault: 0000 [#1] PREEMPT SMP KASAN
CPU: 0 PID: 3693 Comm: systemd-udevd Not tainted 4.19.118-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:dev_hard_header include/linux/netdevice.h:2890 [inline]
RIP: 0010:macvlan_hard_header+0x7e/0x190 drivers/net/macvlan.c:589
Code: c1 ee 03 80 3c 06 00 0f 85 82 00 00 00 4c 8b a3 20 02 00 00 4d 85 e4 74 3a 48 b8 00 00 00 00 00 fc ff df 4c 89 e6 48 c1 ee 03 <80> 3c 06 00 0f 85 b3 00 00 00 49 8b 04 24 48 85 c0 74 16 48 89 de
IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
RSP: 0018:ffff8880aea077c0 EFLAGS: 00010207
RAX: dffffc0000000000 RBX: ffffffff895af3e0 RCX: ffff8880917205f8
RDX: 00000000000086dd RSI: 0007200700000006 RDI: ffffffff895af600
RBP: ffff8880aea07800 R08: ffff88809956cf10 R09: 0000000000000038
R10: 1ffff11010bf3b2e R11: 0000000000000000 R12: 0039003800000037
R13: ffff88809061ec00 R14: ffff88809061ec00 R15: ffff888091720480
FS:  00007f364f45b8c0(0000) GS:ffff8880aea00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000b70004 CR3: 0000000091aeb000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <IRQ>
 dev_hard_header include/linux/netdevice.h:2893 [inline]
 neigh_resolve_output+0x46c/0x810 net/core/neighbour.c:1369
IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
 neigh_output include/net/neighbour.h:501 [inline]
 ip6_finish_output2+0x90e/0x2310 net/ipv6/ip6_output.c:120
 ip6_finish_output+0x3c4/0xa90 net/ipv6/ip6_output.c:154
 NF_HOOK_COND include/linux/netfilter.h:278 [inline]
 ip6_output+0x1bf/0x660 net/ipv6/ip6_output.c:171
IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
 dst_output include/net/dst.h:447 [inline]
 NF_HOOK include/linux/netfilter.h:289 [inline]
 ndisc_send_skb+0xcc8/0x12d0 net/ipv6/ndisc.c:491
 ndisc_send_rs+0x116/0x5e0 net/ipv6/ndisc.c:685
 addrconf_rs_timer+0x25c/0x5e0 net/ipv6/addrconf.c:3834
netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'.
 call_timer_fn+0x14c/0x510 kernel/time/timer.c:1326
IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
 expire_timers kernel/time/timer.c:1363 [inline]
 __run_timers kernel/time/timer.c:1684 [inline]
 run_timer_softirq+0xb63/0x1180 kernel/time/timer.c:1697
IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
 __do_softirq+0x260/0x92d kernel/softirq.c:292
 invoke_softirq kernel/softirq.c:372 [inline]
 irq_exit+0x17f/0x1c0 kernel/softirq.c:412
IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
 exiting_irq arch/x86/include/asm/apic.h:544 [inline]
 smp_apic_timer_interrupt+0x13e/0x540 arch/x86/kernel/apic/apic.c:1094
 apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:893
 </IRQ>
RIP: 0010:link_path_walk.part.40+0x2e2/0x1550 fs/namei.c:2105
Code: ff 80 e4 ef 48 c1 ea 03 42 0f b6 14 3a 84 d2 74 09 80 fa 03 0f 8e fa 0b 00 00 41 89 41 38 48 89 d8 48 c1 e8 03 42 0f b6 04 38 <84> c0 74 08 3c 03 0f 8e f0 0a 00 00 f6 03 01 0f 85 14 0a 00 00 49
RSP: 0018:ffff888091a67990 EFLAGS: 00000a02 ORIG_RAX: ffffffffffffff13
RAX: 0000000000000000 RBX: ffff8880980f2160 RCX: 0000000000000005
RDX: 0000000000000000 RSI: 0000000568e4f8aa RDI: 4f9f493aed08a3f6
RBP: ffff888091a67a68 R08: ffff8880711e0ab5 R09: ffff888091a67bf0
R10: 0000000500000000 R11: 61c8864680b583eb R12: d0d0d0d0d0d0d0d0
R13: 0000000000000000 R14: 9093d0949c90939d R15: dffffc0000000000
team0: Device macvtap0 is up. Set it down before adding it as a team port
netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'.
 link_path_walk fs/namei.c:2073 [inline]
 path_lookupat.isra.43+0x1aa/0x850 fs/namei.c:2318
IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
 filename_lookup.part.57+0x160/0x360 fs/namei.c:2349
IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
 filename_lookup fs/namei.c:2342 [inline]
 user_path_at_empty+0x39/0x40 fs/namei.c:2609
 user_path_at include/linux/namei.h:57 [inline]
 vfs_statx+0xbe/0x150 fs/stat.c:185
 vfs_lstat include/linux/fs.h:3134 [inline]
 __do_sys_newlstat+0x85/0xe0 fs/stat.c:350
IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
 __se_sys_newlstat fs/stat.c:344 [inline]
 __x64_sys_newlstat+0x4f/0x70 fs/stat.c:344
 do_syscall_64+0xd0/0x4e0 arch/x86/entry/common.c:293
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x7f364e2ce335
Code: 69 db 2b 00 64 c7 00 16 00 00 00 b8 ff ff ff ff c3 0f 1f 40 00 83 ff 01 48 89 f0 77 30 48 89 c7 48 89 d6 b8 06 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 03 f3 c3 90 48 8b 15 31 db 2b 00 f7 d8 64 89
RSP: 002b:00007ffdd6d61b88 EFLAGS: 00000246 ORIG_RAX: 0000000000000006
RAX: ffffffffffffffda RBX: 00005567674a95a0 RCX: 00007f364e2ce335
team0: Device macvtap0 is up. Set it down before adding it as a team port
RDX: 00007ffdd6d61bc0 RSI: 00007ffdd6d61bc0 RDI: 00005567674a85a0
RBP: 00007ffdd6d61c80 R08: 00007f364e58d248 R09: 0000000000001010
R10: 00007f364e58cb58 R11: 0000000000000246 R12: 00005567674a85a0
R13: 00005567674a85c6 R14: 000055676749b2d1 R15: 000055676749b2d6
Modules linked in:
---[ end trace 8231cb7e1e8f7ef6 ]---
netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'.
RIP: 0010:dev_hard_header include/linux/netdevice.h:2890 [inline]
RIP: 0010:macvlan_hard_header+0x7e/0x190 drivers/net/macvlan.c:589
Code: c1 ee 03 80 3c 06 00 0f 85 82 00 00 00 4c 8b a3 20 02 00 00 4d 85 e4 74 3a 48 b8 00 00 00 00 00 fc ff df 4c 89 e6 48 c1 ee 03 <80> 3c 06 00 0f 85 b3 00 00 00 49 8b 04 24 48 85 c0 74 16 48 89 de
RSP: 0018:ffff8880aea077c0 EFLAGS: 00010207
RAX: dffffc0000000000 RBX: ffffffff895af3e0 RCX: ffff8880917205f8
RDX: 00000000000086dd RSI: 0007200700000006 RDI: ffffffff895af600
RBP: ffff8880aea07800 R08: ffff88809956cf10 R09: 0000000000000038
R10: 1ffff11010bf3b2e R11: 0000000000000000 R12: 0039003800000037
R13: ffff88809061ec00 R14: ffff88809061ec00 R15: ffff888091720480
FS:  00007f364f45b8c0(0000) GS:ffff8880aea00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000b70004 CR3: 0000000091aeb000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400