bisecting fixing commit since f5d582777bcb1c7ff19a5a2343f66ea01de401c6
building syzkaller on 7795ae03c0d2358a40130693e40e0fcab5232ed2
testing commit f5d582777bcb1c7ff19a5a2343f66ea01de401c6 with gcc (GCC) 8.1.0
run #0: crashed: kernel BUG at arch/x86/mm/physaddr.c:LINE!
run #1: crashed: kernel BUG at arch/x86/mm/physaddr.c:LINE!
run #2: crashed: general protection fault in __ip_append_data
run #3: crashed: INFO: rcu detected stall in wb_workfn
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
testing current HEAD d6d5df1db6e9d7f8f76d2911707f7d5877251b02
testing commit d6d5df1db6e9d7f8f76d2911707f7d5877251b02 with gcc (GCC) 8.1.0
all runs: crashed: BUG: using smp_processor_id() in preemptible [ADDR] code: syz-executor
revisions tested: 2, total time: 26m33.168855206s (build: 11m17.316202552s, test: 13m58.144452804s)
the crash still happens on HEAD
crash: BUG: using smp_processor_id() in preemptible [ADDR] code: syz-executor
8021q: adding VLAN 0 to HW filter on device team0
Started in network mode
Own node identity ac14142, cluster identity 4711
New replicast peer: 0.0.0.0
check_preemption_disabled: 3 callbacks suppressed
BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor0/7418
caller is dst_cache_get+0x33/0xa0 net/core/dst_cache.c:68
CPU: 1 PID: 7418 Comm: syz-executor0 Not tainted 5.4.0-rc5 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x113/0x167 lib/dump_stack.c:113
 check_preemption_disabled lib/smp_processor_id.c:47 [inline]
 debug_smp_processor_id.cold.2+0x84/0x97 lib/smp_processor_id.c:57
 dst_cache_get+0x33/0xa0 net/core/dst_cache.c:68
 tipc_udp_xmit.isra.14+0xb9/0xc60 net/tipc/udp_media.c:164
 tipc_udp_send_msg+0x229/0x3d0 net/tipc/udp_media.c:254
 tipc_bearer_xmit_skb+0x12c/0x290 net/tipc/bearer.c:508
 tipc_enable_bearer+0x7a6/0xab0 net/tipc/bearer.c:328
 __tipc_nl_bearer_enable+0x265/0x390 net/tipc/bearer.c:963
 tipc_nl_bearer_enable+0x1d/0x30 net/tipc/bearer.c:971
 genl_family_rcv_msg+0x5d5/0x1160 net/netlink/genetlink.c:629
 genl_rcv_msg+0xa7/0x140 net/netlink/genetlink.c:654
 netlink_rcv_skb+0x13f/0x380 net/netlink/af_netlink.c:2477
 genl_rcv+0x23/0x40 net/netlink/genetlink.c:665
 netlink_unicast_kernel net/netlink/af_netlink.c:1302 [inline]
 netlink_unicast+0x444/0x640 net/netlink/af_netlink.c:1328
 netlink_sendmsg+0x75d/0xc40 net/netlink/af_netlink.c:1917
 sock_sendmsg_nosec net/socket.c:637 [inline]
 sock_sendmsg+0xe6/0x110 net/socket.c:657
 ___sys_sendmsg+0x658/0x980 net/socket.c:2311
 __sys_sendmsg+0xd9/0x180 net/socket.c:2356
 __do_sys_sendmsg net/socket.c:2365 [inline]
 __se_sys_sendmsg net/socket.c:2363 [inline]
 __x64_sys_sendmsg+0x73/0xb0 net/socket.c:2363
 do_syscall_64+0xd0/0x5e0 arch/x86/entry/common.c:290
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x4577c9
Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007f8a7bdb1c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004577c9
RDX: 0000000000000080 RSI: 0000000020001e40 RDI: 0000000000000003
RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8a7bdb26d4
R13: 00000000004c42db R14: 00000000004d7220 R15: 00000000ffffffff
BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor0/7418
caller is dst_cache_set_ip4+0x97/0x2e0 net/core/dst_cache.c:98
CPU: 0 PID: 7418 Comm: syz-executor0 Not tainted 5.4.0-rc5 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x113/0x167 lib/dump_stack.c:113
 check_preemption_disabled lib/smp_processor_id.c:47 [inline]
 debug_smp_processor_id.cold.2+0x84/0x97 lib/smp_processor_id.c:57
 dst_cache_set_ip4+0x97/0x2e0 net/core/dst_cache.c:98
 tipc_udp_xmit.isra.14+0x7c2/0xc60 net/tipc/udp_media.c:182
 tipc_udp_send_msg+0x229/0x3d0 net/tipc/udp_media.c:254
 tipc_bearer_xmit_skb+0x12c/0x290 net/tipc/bearer.c:508
 tipc_enable_bearer+0x7a6/0xab0 net/tipc/bearer.c:328
 __tipc_nl_bearer_enable+0x265/0x390 net/tipc/bearer.c:963
 tipc_nl_bearer_enable+0x1d/0x30 net/tipc/bearer.c:971
 genl_family_rcv_msg+0x5d5/0x1160 net/netlink/genetlink.c:629
 genl_rcv_msg+0xa7/0x140 net/netlink/genetlink.c:654
 netlink_rcv_skb+0x13f/0x380 net/netlink/af_netlink.c:2477
 genl_rcv+0x23/0x40 net/netlink/genetlink.c:665
 netlink_unicast_kernel net/netlink/af_netlink.c:1302 [inline]
 netlink_unicast+0x444/0x640 net/netlink/af_netlink.c:1328
 netlink_sendmsg+0x75d/0xc40 net/netlink/af_netlink.c:1917
 sock_sendmsg_nosec net/socket.c:637 [inline]
 sock_sendmsg+0xe6/0x110 net/socket.c:657
 ___sys_sendmsg+0x658/0x980 net/socket.c:2311
 __sys_sendmsg+0xd9/0x180 net/socket.c:2356
 __do_sys_sendmsg net/socket.c:2365 [inline]
 __se_sys_sendmsg net/socket.c:2363 [inline]
 __x64_sys_sendmsg+0x73/0xb0 net/socket.c:2363
 do_syscall_64+0xd0/0x5e0 arch/x86/entry/common.c:290
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x4577c9
Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007f8a7bdb1c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004577c9
RDX: 0000000000000080 RSI: 0000000020001e40 RDI: 0000000000000003
RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8a7bdb26d4
R13: 00000000004c42db R14: 00000000004d7220 R15: 00000000ffffffff
Enabled bearer <udp:syz1>, priority 10
Enabling of bearer <udp:syz1> rejected, already enabled
Enabling of bearer <udp:syz1> rejected, already enabled
Enabling of bearer <udp:syz1> rejected, already enabled
Enabling of bearer <udp:syz1> rejected, already enabled
Enabling of bearer <udp:syz1> rejected, already enabled
Enabling of bearer <udp:syz1> rejected, already enabled
Enabling of bearer <udp:syz1> rejected, already enabled
32-bit node address hash set to 201414ac
Enabling of bearer <udp:syz1> rejected, already enabled
Started in network mode
Own node identity ac14142, cluster identity 4711
New replicast peer: 0.0.0.0
BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor1/7487
caller is dst_cache_get+0x33/0xa0 net/core/dst_cache.c:68
CPU: 1 PID: 7487 Comm: syz-executor1 Not tainted 5.4.0-rc5 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x113/0x167 lib/dump_stack.c:113
 check_preemption_disabled lib/smp_processor_id.c:47 [inline]
 debug_smp_processor_id.cold.2+0x84/0x97 lib/smp_processor_id.c:57
 dst_cache_get+0x33/0xa0 net/core/dst_cache.c:68
 tipc_udp_xmit.isra.14+0xb9/0xc60 net/tipc/udp_media.c:164
 tipc_udp_send_msg+0x229/0x3d0 net/tipc/udp_media.c:254
 tipc_bearer_xmit_skb+0x12c/0x290 net/tipc/bearer.c:508
 tipc_enable_bearer+0x7a6/0xab0 net/tipc/bearer.c:328
 __tipc_nl_bearer_enable+0x265/0x390 net/tipc/bearer.c:963
 tipc_nl_bearer_enable+0x1d/0x30 net/tipc/bearer.c:971
 genl_family_rcv_msg+0x5d5/0x1160 net/netlink/genetlink.c:629
 genl_rcv_msg+0xa7/0x140 net/netlink/genetlink.c:654
 netlink_rcv_skb+0x13f/0x380 net/netlink/af_netlink.c:2477
 genl_rcv+0x23/0x40 net/netlink/genetlink.c:665
 netlink_unicast_kernel net/netlink/af_netlink.c:1302 [inline]
 netlink_unicast+0x444/0x640 net/netlink/af_netlink.c:1328
 netlink_sendmsg+0x75d/0xc40 net/netlink/af_netlink.c:1917
 sock_sendmsg_nosec net/socket.c:637 [inline]
 sock_sendmsg+0xe6/0x110 net/socket.c:657
 ___sys_sendmsg+0x658/0x980 net/socket.c:2311
 __sys_sendmsg+0xd9/0x180 net/socket.c:2356
 __do_sys_sendmsg net/socket.c:2365 [inline]
 __se_sys_sendmsg net/socket.c:2363 [inline]
 __x64_sys_sendmsg+0x73/0xb0 net/socket.c:2363
 do_syscall_64+0xd0/0x5e0 arch/x86/entry/common.c:290
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x4577c9
Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007f729d22dc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004577c9
RDX: 0000000000000080 RSI: 0000000020001e40 RDI: 0000000000000003
RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f729d22e6d4
R13: 00000000004c42db R14: 00000000004d7220 R15: 00000000ffffffff
Enabled bearer <udp:syz1>, priority 10
Enabling of bearer <udp:syz1> rejected, already enabled
Enabling of bearer <udp:syz1> rejected, already enabled
Started in network mode
Own node identity ac14142, cluster identity 4711
New replicast peer: 0.0.0.0
BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor4/7500
caller is dst_cache_get+0x33/0xa0 net/core/dst_cache.c:68
CPU: 1 PID: 7500 Comm: syz-executor4 Not tainted 5.4.0-rc5 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x113/0x167 lib/dump_stack.c:113
 check_preemption_disabled lib/smp_processor_id.c:47 [inline]
 debug_smp_processor_id.cold.2+0x84/0x97 lib/smp_processor_id.c:57
 dst_cache_get+0x33/0xa0 net/core/dst_cache.c:68
 tipc_udp_xmit.isra.14+0xb9/0xc60 net/tipc/udp_media.c:164
 tipc_udp_send_msg+0x229/0x3d0 net/tipc/udp_media.c:254
 tipc_bearer_xmit_skb+0x12c/0x290 net/tipc/bearer.c:508
 tipc_enable_bearer+0x7a6/0xab0 net/tipc/bearer.c:328
 __tipc_nl_bearer_enable+0x265/0x390 net/tipc/bearer.c:963
 tipc_nl_bearer_enable+0x1d/0x30 net/tipc/bearer.c:971
 genl_family_rcv_msg+0x5d5/0x1160 net/netlink/genetlink.c:629
 genl_rcv_msg+0xa7/0x140 net/netlink/genetlink.c:654
 netlink_rcv_skb+0x13f/0x380 net/netlink/af_netlink.c:2477
 genl_rcv+0x23/0x40 net/netlink/genetlink.c:665
 netlink_unicast_kernel net/netlink/af_netlink.c:1302 [inline]
 netlink_unicast+0x444/0x640 net/netlink/af_netlink.c:1328
 netlink_sendmsg+0x75d/0xc40 net/netlink/af_netlink.c:1917
 sock_sendmsg_nosec net/socket.c:637 [inline]
 sock_sendmsg+0xe6/0x110 net/socket.c:657
 ___sys_sendmsg+0x658/0x980 net/socket.c:2311
 __sys_sendmsg+0xd9/0x180 net/socket.c:2356
 __do_sys_sendmsg net/socket.c:2365 [inline]
 __se_sys_sendmsg net/socket.c:2363 [inline]
 __x64_sys_sendmsg+0x73/0xb0 net/socket.c:2363
 do_syscall_64+0xd0/0x5e0 arch/x86/entry/common.c:290
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x4577c9
Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007f06f5fd3c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004577c9
RDX: 0000000000000080 RSI: 0000000020001e40 RDI: 0000000000000004
RBP: 000000000072bfa0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f06f5fd46d4
R13: 00000000004c42db R14: 00000000004d7220 R15: 00000000ffffffff
BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor4/7500
caller is dst_cache_set_ip4+0x97/0x2e0 net/core/dst_cache.c:98
CPU: 1 PID: 7500 Comm: syz-executor4 Not tainted 5.4.0-rc5 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x113/0x167 lib/dump_stack.c:113
 check_preemption_disabled lib/smp_processor_id.c:47 [inline]
 debug_smp_processor_id.cold.2+0x84/0x97 lib/smp_processor_id.c:57
 dst_cache_set_ip4+0x97/0x2e0 net/core/dst_cache.c:98
 tipc_udp_xmit.isra.14+0x7c2/0xc60 net/tipc/udp_media.c:182
 tipc_udp_send_msg+0x229/0x3d0 net/tipc/udp_media.c:254
 tipc_bearer_xmit_skb+0x12c/0x290 net/tipc/bearer.c:508
 tipc_enable_bearer+0x7a6/0xab0 net/tipc/bearer.c:328
 __tipc_nl_bearer_enable+0x265/0x390 net/tipc/bearer.c:963
 tipc_nl_bearer_enable+0x1d/0x30 net/tipc/bearer.c:971
 genl_family_rcv_msg+0x5d5/0x1160 net/netlink/genetlink.c:629
 genl_rcv_msg+0xa7/0x140 net/netlink/genetlink.c:654
 netlink_rcv_skb+0x13f/0x380 net/netlink/af_netlink.c:2477
 genl_rcv+0x23/0x40 net/netlink/genetlink.c:665
 netlink_unicast_kernel net/netlink/af_netlink.c:1302 [inline]
 netlink_unicast+0x444/0x640 net/netlink/af_netlink.c:1328
 netlink_sendmsg+0x75d/0xc40 net/netlink/af_netlink.c:1917
 sock_sendmsg_nosec net/socket.c:637 [inline]
 sock_sendmsg+0xe6/0x110 net/socket.c:657
 ___sys_sendmsg+0x658/0x980 net/socket.c:2311
 __sys_sendmsg+0xd9/0x180 net/socket.c:2356
 __do_sys_sendmsg net/socket.c:2365 [inline]
 __se_sys_sendmsg net/socket.c:2363 [inline]
 __x64_sys_sendmsg+0x73/0xb0 net/socket.c:2363
 do_syscall_64+0xd0/0x5e0 arch/x86/entry/common.c:290
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x4577c9
Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007f06f5fd3c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004577c9
RDX: 0000000000000080 RSI: 0000000020001e40 RDI: 0000000000000004
RBP: 000000000072bfa0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f06f5fd46d4
R13: 00000000004c42db R14: 00000000004d7220 R15: 00000000ffffffff
------------[ cut here ]------------
Enabled bearer <udp:syz1>, priority 10
WARNING: CPU: 1 PID: 16 at include/net/dst.h:228 atomic_fetch_add_unless include/linux/atomic-fallback.h:1089 [inline]
WARNING: CPU: 1 PID: 16 at include/net/dst.h:228 atomic_add_unless include/linux/atomic-fallback.h:1111 [inline]
WARNING: CPU: 1 PID: 16 at include/net/dst.h:228 atomic_inc_not_zero include/linux/atomic-fallback.h:1127 [inline]
WARNING: CPU: 1 PID: 16 at include/net/dst.h:228 dst_hold include/net/dst.h:228 [inline]
WARNING: CPU: 1 PID: 16 at include/net/dst.h:228 dst_cache_per_cpu_get.isra.3+0x208/0x410 net/core/dst_cache.c:48