bisecting cause commit starting from d5d359b0ac3ffc319ca93c46a4cfd87093759ad6
building syzkaller on 2e95ab335759ed7e1c246c2057c84d813a2c29e1
testing commit d5d359b0ac3ffc319ca93c46a4cfd87093759ad6 with gcc (GCC) 8.1.0
kernel signature: d22aad3af08b65601ce69d1550684fa147b62adf3a8c52d95b39004f21c2e932
all runs: crashed: general protection fault in ip_set_comment_free
testing release v5.4
testing commit 219d54332a09e8d8741c1e1982f5eae56099de85 with gcc (GCC) 8.1.0
kernel signature: fb5cdaaed86cd3d66f039e1a8f588f9d4a662edbe3eead239d2b1b3096466c23
all runs: crashed: general protection fault in ip_set_comment_free
testing release v5.3
testing commit 4d856f72c10ecb060868ed10ff1b1453943fc6c8 with gcc (GCC) 8.1.0
kernel signature: 8ce14a92dc56db592e187850d49a06a62f402fc7c3210c0a36d7d9f964cd8a2d
all runs: crashed: general protection fault in ip_set_comment_free
testing release v5.2
testing commit 0ecfebd2b52404ae0c54a878c872bb93363ada36 with gcc (GCC) 8.1.0
kernel signature: 64e79f31ec4eccd78e93ac422cdc15cebf489ace315a61f9b2143fd88d72801c
all runs: crashed: general protection fault in ip_set_comment_free
testing release v5.1
testing commit e93c9c99a629c61837d5a7fc2120cd2b6c70dbdd with gcc (GCC) 8.1.0
kernel signature: c19fa75a17a15afa05ecf02c2c198560f2880734b05cb878a5b4a3de3c5cca3d
all runs: crashed: general protection fault in ip_set_comment_free
testing release v5.0
testing commit 1c163f4c7b3f621efff9b28a47abb36f7378d783 with gcc (GCC) 8.1.0
kernel signature: 44837c9540a31a8a743ac4691b736455fd802144f5d130d5a2cc8a16ba902dfc
all runs: crashed: general protection fault in ip_set_comment_free
testing release v4.20
testing commit 8fe28cb58bcb235034b64cbbb7550a8a43fd88be with gcc (GCC) 8.1.0
kernel signature: ec9dc2d9f6a2920fa62dd4822deb24535380e00e768e6f32fd67bbaa97f68772
all runs: OK
# git bisect start 1c163f4c7b3f621efff9b28a47abb36f7378d783 8fe28cb58bcb235034b64cbbb7550a8a43fd88be
Bisecting: 7011 revisions left to test after this (roughly 13 steps)
[af7ddd8a627c62a835524b3f5b471edbbbcce025] Merge tag 'dma-mapping-4.21' of git://git.infradead.org/users/hch/dma-mapping
testing commit af7ddd8a627c62a835524b3f5b471edbbbcce025 with gcc (GCC) 8.1.0
kernel signature: 83f50e583684e462fce9101d7cc2cd715429b98319e3e2033ff137a890e3a93c
all runs: crashed: general protection fault in ip_set_comment_free
# git bisect bad af7ddd8a627c62a835524b3f5b471edbbbcce025
Bisecting: 3448 revisions left to test after this (roughly 12 steps)
[792bf4d871dea8b69be2aaabdd320d7c6ed15985] Merge branch 'core-rcu-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
testing commit 792bf4d871dea8b69be2aaabdd320d7c6ed15985 with gcc (GCC) 8.1.0
kernel signature: e6d088ccb7997de4b5a5a996557718d76df01a93d11386c57535c22cc55e2e04
all runs: OK
# git bisect good 792bf4d871dea8b69be2aaabdd320d7c6ed15985
Bisecting: 1729 revisions left to test after this (roughly 11 steps)
[aa9d6e0f33aea8a1879e7e53fe0e436943f9ce0c] linux/netlink.h: drop unnecessary extern prefix
testing commit aa9d6e0f33aea8a1879e7e53fe0e436943f9ce0c with gcc (GCC) 8.1.0
kernel signature: 8c00dcea9049c6d48fabdd5313bfa2bfffb469a7a42df6195b5935965b60c3d0
all runs: OK
# git bisect good aa9d6e0f33aea8a1879e7e53fe0e436943f9ce0c
Bisecting: 835 revisions left to test after this (roughly 10 steps)
[e0c38a4d1f196a4b17d2eba36afff8f656a4f1de] Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next
testing commit e0c38a4d1f196a4b17d2eba36afff8f656a4f1de with gcc (GCC) 8.1.0
kernel signature: dbe09a019a019be8d9f6f4d8c3bcf207b37739be227cfbcb7b1c6dc862cfaa8d
all runs: crashed: general protection fault in ip_set_comment_free
# git bisect bad e0c38a4d1f196a4b17d2eba36afff8f656a4f1de
Bisecting: 384 revisions left to test after this (roughly 9 steps)
[8d6973327ee84c2f40dd9efd8928d4a1186c96e2] Merge tag 'powerpc-4.21-1' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux
testing commit 8d6973327ee84c2f40dd9efd8928d4a1186c96e2 with gcc (GCC) 8.1.0
kernel signature: 116c0466e9f010c2533424a51097644588cf749a49bde191e270aaf0f7c863b7
all runs: OK
# git bisect good 8d6973327ee84c2f40dd9efd8928d4a1186c96e2
Bisecting: 222 revisions left to test after this (roughly 8 steps)
[e770454fabde2e0f8fb3e5039a2b6df8f128bc9b] Merge branch 'expand-txtimestamp-selftest'
testing commit e770454fabde2e0f8fb3e5039a2b6df8f128bc9b with gcc (GCC) 8.1.0
kernel signature: 097c6d05efaf62e45c97a42ce2fe3317beb0e43b43714f45dc5e7771a32c4665
all runs: OK
# git bisect good e770454fabde2e0f8fb3e5039a2b6df8f128bc9b
Bisecting: 106 revisions left to test after this (roughly 7 steps)
[c3e533692527046fb55020e7fac8c4272644ba45] Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next
testing commit c3e533692527046fb55020e7fac8c4272644ba45 with gcc (GCC) 8.1.0
kernel signature: b0feafc93cff64eeac607a131df53157659e41d67ebfc442aa240c5d17931d1f
all runs: crashed: general protection fault in ip_set_comment_free
# git bisect bad c3e533692527046fb55020e7fac8c4272644ba45
Bisecting: 57 revisions left to test after this (roughly 6 steps)
[9df95e8ec568f98d89fe2c72342714296ac6ce27] bpf: sparc64: Enable sparc64 jit to provide bpf_line_info
testing commit 9df95e8ec568f98d89fe2c72342714296ac6ce27 with gcc (GCC) 8.1.0
kernel signature: 310872700218af4c30a4618bc7dc0bab126abe952f04b15840fd5fb8608a6b20
all runs: OK
# git bisect good 9df95e8ec568f98d89fe2c72342714296ac6ce27
Bisecting: 28 revisions left to test after this (roughly 5 steps)
[06aa151ad1fc74a49b45336672515774a678d78d] netfilter: ipt_CLUSTERIP: check MAC address when duplicate config is set
testing commit 06aa151ad1fc74a49b45336672515774a678d78d with gcc (GCC) 8.1.0
kernel signature: d250caad3feb37287998e79367b9b8bd9ff92f0a750cb8ec35d1049eb477d5e2
all runs: crashed: general protection fault in ip_set_comment_free
# git bisect bad 06aa151ad1fc74a49b45336672515774a678d78d
Bisecting: 14 revisions left to test after this (roughly 4 steps)
[a504b703bb1da526a01593da0e4be2af9d9f5fa8] netfilter: nat: limit port clash resolution attempts
testing commit a504b703bb1da526a01593da0e4be2af9d9f5fa8 with gcc (GCC) 8.1.0
kernel signature: 49e0088f27a8b0ba023dfede627c805767fd3fe746fbad189254d53bd9d227db
all runs: crashed: general protection fault in ip_set_comment_free
# git bisect bad a504b703bb1da526a01593da0e4be2af9d9f5fa8
Bisecting: 6 revisions left to test after this (roughly 3 steps)
[b9660987692230b381b64c1f1e912febe142c390] netfilter: nf_flow_table: simplify nf_flow_offload_gc_step()
testing commit b9660987692230b381b64c1f1e912febe142c390 with gcc (GCC) 8.1.0
kernel signature: d05223a3b054f822015c746bb854bfc1f15112036b46ff2227c02acc0bceed99
all runs: crashed: general protection fault in ip_set_comment_free
# git bisect bad b9660987692230b381b64c1f1e912febe142c390
Bisecting: 3 revisions left to test after this (roughly 2 steps)
[23c42a403a9cfdbad6004a556c927be7dd61a8ee] netfilter: ipset: Introduction of new commands and protocol version 7
testing commit 23c42a403a9cfdbad6004a556c927be7dd61a8ee with gcc (GCC) 8.1.0
kernel signature: d30a9323d0632c2478afadc2c73c6fc87e59f3c3f33b9f76ffd63e65dda297c3
all runs: crashed: general protection fault in ip_set_comment_free
# git bisect bad 23c42a403a9cfdbad6004a556c927be7dd61a8ee
Bisecting: 0 revisions left to test after this (roughly 1 step)
[29edbc3ebdb0faa934114f14bf12fc0b784d4f1b] netfilter: ipset: Make invalid MAC address checks consistent
testing commit 29edbc3ebdb0faa934114f14bf12fc0b784d4f1b with gcc (GCC) 8.1.0
kernel signature: 3fda9ebb9a9eb62ffbdf938239a51e2d91d4ad7a0c09be7a7ac0eab454e61ca6
all runs: OK
# git bisect good 29edbc3ebdb0faa934114f14bf12fc0b784d4f1b
23c42a403a9cfdbad6004a556c927be7dd61a8ee is the first bad commit
commit 23c42a403a9cfdbad6004a556c927be7dd61a8ee
Author: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Date:   Sat Oct 27 15:07:40 2018 +0200

    netfilter: ipset: Introduction of new commands and protocol version 7
    
    Two new commands (IPSET_CMD_GET_BYNAME, IPSET_CMD_GET_BYINDEX) are
    introduced. The new commands makes possible to eliminate the getsockopt
    operation (in iptables set/SET match/target) and thus use only netlink
    communication between userspace and kernel for ipset. With the new
    protocol version, userspace can exactly know which functionality is
    supported by the running kernel.
    
    Both the kernel and userspace is fully backward compatible.
    
    Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>

 include/linux/netfilter/ipset/ip_set.h      |   2 +-
 include/uapi/linux/netfilter/ipset/ip_set.h |  19 ++--
 net/netfilter/ipset/ip_set_core.c           | 164 +++++++++++++++++++++++++---
 3 files changed, 160 insertions(+), 25 deletions(-)
culprit signature: d30a9323d0632c2478afadc2c73c6fc87e59f3c3f33b9f76ffd63e65dda297c3
parent  signature: 3fda9ebb9a9eb62ffbdf938239a51e2d91d4ad7a0c09be7a7ac0eab454e61ca6
revisions tested: 20, total time: 3h58m49.072621534s (build: 1h56m51.357117086s, test: 2h0m2.008597721s)
first bad commit: 23c42a403a9cfdbad6004a556c927be7dd61a8ee netfilter: ipset: Introduction of new commands and protocol version 7
cc: ["coreteam@netfilter.org" "davem@davemloft.net" "fw@strlen.de" "kadlec@blackhole.kfki.hu" "linux-kernel@vger.kernel.org" "netdev@vger.kernel.org" "netfilter-devel@vger.kernel.org" "pablo@netfilter.org"]
crash: general protection fault in ip_set_comment_free
IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
kasan: CONFIG_KASAN_INLINE enabled
IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
kasan: GPF could be caused by NULL-ptr deref or user memory access
general protection fault: 0000 [#1] PREEMPT SMP KASAN
CPU: 0 PID: 6564 Comm: syz-executor.2 Not tainted 4.19.0-rc6-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:strlen+0x1f/0xa0 lib/string.c:482
Code: ff ff ff 0f 1f 84 00 00 00 00 00 48 b8 00 00 00 00 00 fc ff df 55 48 89 fa 48 89 e5 48 c1 ea 03 41 54 49 89 fc 53 48 83 ec 08 <0f> b6 04 02 48 89 fa 83 e2 07 38 d0 7f 04 84 c0 75 4d 41 80 3c 24
IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
RSP: 0018:ffff88008d86ef50 EFLAGS: 00010286
RAX: dffffc0000000000 RBX: ffff88008b5a2518 RCX: dffffc0000000000
RDX: 0000000000000022 RSI: ffff88008b5a2518 RDI: 0000000000000114
RBP: ffff88008d86ef68 R08: ffff88008bd78200 R09: 0000000000000000
R10: ffff88008c1f0172 R11: ffff88008b5a2500 R12: 0000000000000114
R13: ffff88008c1f0100 R14: dffffc0000000000 R15: ffff88008d86f120
FS:  00007f2c5fe59700(0000) GS:ffff8800aea00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fffb6a10e10 CR3: 00000000a97e3000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 strlen include/linux/string.h:267 [inline]
 ip_set_comment_free+0x5b/0xc0 include/linux/netfilter/ipset/ip_set_comment.h:70
IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
 ip_set_ext_destroy include/linux/netfilter/ipset/ip_set.h:276 [inline]
 hash_net4_add+0x163d/0x27e7 net/netfilter/ipset/ip_set_hash_gen.h:770
 hash_net4_uadt+0x4bc/0x7a0 net/netfilter/ipset/ip_set_hash_net.c:199
 call_ad+0x178/0x530 net/netfilter/ipset/ip_set_core.c:1515
IPv6: ADDRCONF(NETDEV_UP): macvlan1: link is not ready
 ip_set_uadd+0x403/0xae0 net/netfilter/ipset/ip_set_core.c:1596
IPv6: ADDRCONF(NETDEV_UP): veth0_macvtap: link is not ready
 nfnetlink_rcv_msg+0x942/0xc10 net/netfilter/nfnetlink.c:228
IPv6: ADDRCONF(NETDEV_UP): veth1_macvtap: link is not ready
device veth0_macvtap entered promiscuous mode
 netlink_rcv_skb+0x142/0x390 net/netlink/af_netlink.c:2476
 nfnetlink_rcv+0x163/0x3b0 net/netfilter/nfnetlink.c:560
IPv6: ADDRCONF(NETDEV_UP): macvtap0: link is not ready
 netlink_unicast_kernel net/netlink/af_netlink.c:1310 [inline]
 netlink_unicast+0x443/0x650 net/netlink/af_netlink.c:1336
 netlink_sendmsg+0x765/0xc40 net/netlink/af_netlink.c:1917
device veth1_macvtap entered promiscuous mode
 sock_sendmsg_nosec net/socket.c:621 [inline]
 sock_sendmsg+0xb5/0xf0 net/socket.c:631
 ___sys_sendmsg+0x647/0x950 net/socket.c:2116
IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready
 __sys_sendmsg+0xd9/0x180 net/socket.c:2154
IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0
 __do_sys_sendmsg net/socket.c:2163 [inline]
 __se_sys_sendmsg net/socket.c:2161 [inline]
 __x64_sys_sendmsg+0x73/0xb0 net/socket.c:2161
 do_syscall_64+0xd0/0x4d0 arch/x86/entry/common.c:290
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
RIP: 0033:0x45b349
Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007f2c5fe58c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00007f2c5fe596d4 RCX: 000000000045b349
RDX: 0000000000000000 RSI: 0000000020000d00 RDI: 0000000000000004
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0
RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
R13: 00000000000008dd R14: 00000000004ca2f8 R15: 000000000075bf2c
Modules linked in:
---[ end trace 692101b029dac11e ]---
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
RIP: 0010:strlen+0x1f/0xa0 lib/string.c:482
IPv6: ADDRCONF(NETDEV_UP): batadv_slave_0: link is not ready
Code: ff ff ff 0f 1f 84 00 00 00 00 00 48 b8 00 00 00 00 00 fc ff df 55 48 89 fa 48 89 e5 48 c1 ea 03 41 54 49 89 fc 53 48 83 ec 08 <0f> b6 04 02 48 89 fa 83 e2 07 38 d0 7f 04 84 c0 75 4d 41 80 3c 24
RSP: 0018:ffff88008d86ef50 EFLAGS: 00010286
batman_adv: batadv0: Interface activated: batadv_slave_0
RAX: dffffc0000000000 RBX: ffff88008b5a2518 RCX: dffffc0000000000
RDX: 0000000000000022 RSI: ffff88008b5a2518 RDI: 0000000000000114
RBP: ffff88008d86ef68 R08: ffff88008bd78200 R09: 0000000000000000
R10: ffff88008c1f0172 R11: ffff88008b5a2500 R12: 0000000000000114
R13: ffff88008c1f0100 R14: dffffc0000000000 R15: ffff88008d86f120
FS:  00007f2c5fe59700(0000) GS:ffff8800aea00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fffb6a10e10 CR3: 00000000a97e3000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400