bisecting cause commit starting from 63623fd44972d1ed2bfb6e0fb631dfcf547fd1e7
building syzkaller on c88c7b75a4e022b758f4b0f1bf3db8ebb2fb25e6
testing commit 63623fd44972d1ed2bfb6e0fb631dfcf547fd1e7 with gcc (GCC) 8.1.0
kernel signature: 45ebe3f35895fc97b1b19941e5c9cef454617d927fe608e684734f8f33e8b526
all runs: crashed: BUG: corrupted list in _cma_attach_to_dev
testing release v5.5
testing commit d5226fa6dbae0569ee43ecfc08bdcd6770fc4755 with gcc (GCC) 8.1.0
kernel signature: d5f3987901d95b302e356d459bf0779c54c6b64f979c7575d730bcba8118751c
run #0: crashed: BUG: corrupted list in _cma_attach_to_dev
run #1: crashed: BUG: corrupted list in _cma_attach_to_dev
run #2: crashed: BUG: corrupted list in _cma_attach_to_dev
run #3: crashed: BUG: corrupted list in _cma_attach_to_dev
run #4: crashed: BUG: corrupted list in _cma_attach_to_dev
run #5: crashed: BUG: corrupted list in _cma_attach_to_dev
run #6: crashed: BUG: corrupted list in _cma_attach_to_dev
run #7: crashed: BUG: corrupted list in cma_release_dev
run #8: crashed: BUG: corrupted list in cma_release_dev
run #9: crashed: BUG: corrupted list in cma_cancel_operation
testing release v5.4
testing commit 219d54332a09e8d8741c1e1982f5eae56099de85 with gcc (GCC) 8.1.0
kernel signature: 4e419d7f62799dd51ec45724d4f3f471a6b4ec7f941e27e2bd3b48e4112a511f
run #0: crashed: BUG: corrupted list in _cma_attach_to_dev
run #1: crashed: BUG: corrupted list in _cma_attach_to_dev
run #2: crashed: BUG: corrupted list in cma_release_dev
run #3: crashed: BUG: corrupted list in _cma_attach_to_dev
run #4: crashed: BUG: corrupted list in _cma_attach_to_dev
run #5: crashed: BUG: corrupted list in _cma_attach_to_dev
run #6: crashed: BUG: corrupted list in _cma_attach_to_dev
run #7: crashed: BUG: corrupted list in cma_cancel_operation
run #8: crashed: BUG: corrupted list in _cma_attach_to_dev
run #9: crashed: BUG: corrupted list in cma_cancel_operation
testing release v5.3
testing commit 4d856f72c10ecb060868ed10ff1b1453943fc6c8 with gcc (GCC) 8.1.0
kernel signature: 0fe0bff96f4c102c4e6621f2ea605d44393d503958f862bce222b126b26f874d
all runs: OK
# git bisect start 219d54332a09e8d8741c1e1982f5eae56099de85 4d856f72c10ecb060868ed10ff1b1453943fc6c8
Bisecting: 7882 revisions left to test after this (roughly 13 steps)
[a9f8b38a071b468276a243ea3ea5a0636e848cf2] Merge tag 'for-linus-5.4-1' of git://github.com/cminyard/linux-ipmi
testing commit a9f8b38a071b468276a243ea3ea5a0636e848cf2 with gcc (GCC) 8.1.0
kernel signature: e05e2680db1a5db69aafe21f0a3ee64c32b0d4f0a115ef1fca385e6c290b37a6
run #0: crashed: KASAN: null-ptr-deref Read in batadv_tvlv_container_ogm_append
run #1: OK
run #2: OK
run #3: OK
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
# git bisect bad a9f8b38a071b468276a243ea3ea5a0636e848cf2
Bisecting: 3920 revisions left to test after this (roughly 12 steps)
[fe38bd6862074c0a2b9be7f31f043aaa70b2af5f] Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm
testing commit fe38bd6862074c0a2b9be7f31f043aaa70b2af5f with gcc (GCC) 8.1.0
kernel signature: c89bd1054fcd63c64e5735b0c1816155a50241bd1a85acfdadfa97093142b8ed
all runs: OK
# git bisect good fe38bd6862074c0a2b9be7f31f043aaa70b2af5f
Bisecting: 1962 revisions left to test after this (roughly 11 steps)
[069841ef8293697e951c34f9a45601b77fb541d7] Merge branch '40GbE' of git://git.kernel.org/pub/scm/linux/kernel/git/jkirsher/next-queue
testing commit 069841ef8293697e951c34f9a45601b77fb541d7 with gcc (GCC) 8.1.0
kernel signature: 3070ac20b5443400270919837462db9229b11d409bfc69b6bd4662fbba3dcbb0
all runs: crashed: BUG: MAX_STACK_TRACE_ENTRIES too low!
# git bisect bad 069841ef8293697e951c34f9a45601b77fb541d7
Bisecting: 978 revisions left to test after this (roughly 10 steps)
[f33bf6b00f20c9d26c42dfdaf8b83c2b0c1e6f71] net: stmmac: dwmac-meson: use devm_platform_ioremap_resource() to simplify code
testing commit f33bf6b00f20c9d26c42dfdaf8b83c2b0c1e6f71 with gcc (GCC) 8.1.0
kernel signature: dae042c7c1773d25edb6a49894f35e658b7a12453fae37726679af6bcf305587
all runs: crashed: BUG: MAX_STACK_TRACE_ENTRIES too low!
# git bisect bad f33bf6b00f20c9d26c42dfdaf8b83c2b0c1e6f71
Bisecting: 489 revisions left to test after this (roughly 9 steps)
[16e9b481e988b1f7e6df2243bb510e1c9b581272] nfp: no need to check return value of debugfs_create functions
testing commit 16e9b481e988b1f7e6df2243bb510e1c9b581272 with gcc (GCC) 8.1.0
kernel signature: 378f1b83c1849909788e0913a54d04d84fcb4c513aeb874debbb030bf3cfca92
all runs: OK
# git bisect good 16e9b481e988b1f7e6df2243bb510e1c9b581272
Bisecting: 244 revisions left to test after this (roughly 8 steps)
[a4d2113e46c1d2ded1bfed9a19fe17b5ab2d584c] ipvlan: set hw_enc_features like macvlan
testing commit a4d2113e46c1d2ded1bfed9a19fe17b5ab2d584c with gcc (GCC) 8.1.0
kernel signature: 00a35931e60936b82f01857b054cd34e0fabca588c70f8406a2e76c97763492a
all runs: crashed: BUG: MAX_STACK_TRACE_ENTRIES too low!
# git bisect bad a4d2113e46c1d2ded1bfed9a19fe17b5ab2d584c
Bisecting: 122 revisions left to test after this (roughly 7 steps)
[043b8413e8c0c0ffbf8be268eb73716e05a96064] net: devlink: remove redundant rtnl lock assert
testing commit 043b8413e8c0c0ffbf8be268eb73716e05a96064 with gcc (GCC) 8.1.0
kernel signature: c068e8cea570fd4e02819d850e322257a1e0824f990a166c98cafecebdb5a8b3
all runs: OK
# git bisect good 043b8413e8c0c0ffbf8be268eb73716e05a96064
Bisecting: 68 revisions left to test after this (roughly 6 steps)
[8d73f8f23e6b869b726cb01dd4747f56dc88660a] page_pool: fix logic in __page_pool_get_cached
testing commit 8d73f8f23e6b869b726cb01dd4747f56dc88660a with gcc (GCC) 8.1.0
kernel signature: 42b0c2892caf1df4b614a83b710af7a9910f8ed8f32a872b19c909826341113d
all runs: crashed: BUG: MAX_STACK_TRACE_ENTRIES too low!
# git bisect bad 8d73f8f23e6b869b726cb01dd4747f56dc88660a
Bisecting: 25 revisions left to test after this (roughly 5 steps)
[c162610c7db2e9611a7b3ec806f9c97fcfec0b0b] Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next
testing commit c162610c7db2e9611a7b3ec806f9c97fcfec0b0b with gcc (GCC) 8.1.0
kernel signature: dc89d143c0c93cb7f3004ce18e3cd0ac08b27751e7dc48691e7f7a784230070e
all runs: crashed: BUG: MAX_STACK_TRACE_ENTRIES too low!
# git bisect bad c162610c7db2e9611a7b3ec806f9c97fcfec0b0b
Bisecting: 13 revisions left to test after this (roughly 4 steps)
[2a475c409fe81a76fb26a6b023509d648237bbe6] kbuild: remove all netfilter headers from header-test blacklist.
testing commit 2a475c409fe81a76fb26a6b023509d648237bbe6 with gcc (GCC) 8.1.0
kernel signature: 8bd7f01509ea7677eea99d6f7c49ef067f09276063b8a8a1cf9faaf1cbe3f4f9
all runs: boot failed: general protection fault in dma_direct_max_mapping_size
# git bisect skip 2a475c409fe81a76fb26a6b023509d648237bbe6
Bisecting: 13 revisions left to test after this (roughly 4 steps)
[65b27995a4ab8fc51b4adc6b4dcdca20f7a595bb] net: phy: let phy_speed_down/up support speeds >1Gbps
testing commit 65b27995a4ab8fc51b4adc6b4dcdca20f7a595bb with gcc (GCC) 8.1.0
kernel signature: ad3482ec8a60bfd062ec071b430827852ca09f950881b98cea5a72c922e88a1f
all runs: OK
# git bisect good 65b27995a4ab8fc51b4adc6b4dcdca20f7a595bb
Bisecting: 11 revisions left to test after this (roughly 4 steps)
[20a9379d9a03ee0712d225035308973ecc5f6783] netfilter: remove "#ifdef __KERNEL__" guards from some headers.
testing commit 20a9379d9a03ee0712d225035308973ecc5f6783 with gcc (GCC) 8.1.0
kernel signature: 64eff768f52e7c01497494f16d3992fae8c6e9dbda3478481e00c228153676f0
all runs: boot failed: general protection fault in dma_direct_max_mapping_size
# git bisect skip 20a9379d9a03ee0712d225035308973ecc5f6783
Bisecting: 11 revisions left to test after this (roughly 4 steps)
[1b90af292e71b20d03b837d39406acfbdc5d4b2a] ipvs: Improve robustness to the ipvs sysctl
testing commit 1b90af292e71b20d03b837d39406acfbdc5d4b2a with gcc (GCC) 8.1.0
kernel signature: dbc258e557b71164724168c299987f2b3fc1db4ce1849e91acd672cd2dc1f63f
all runs: boot failed: general protection fault in dma_direct_max_mapping_size
# git bisect skip 1b90af292e71b20d03b837d39406acfbdc5d4b2a
Bisecting: 11 revisions left to test after this (roughly 4 steps)
[5785cf15fd74ec3b1a076fd39bc67382a8455fe7] netfilter: nf_tables: add missing prototypes.
testing commit 5785cf15fd74ec3b1a076fd39bc67382a8455fe7 with gcc (GCC) 8.1.0
kernel signature: 2eeee33b45bc72fb2cdacdf581cf0082915b00375be1bda0275ff063a22f0b7b
all runs: boot failed: general protection fault in dma_direct_max_mapping_size
# git bisect skip 5785cf15fd74ec3b1a076fd39bc67382a8455fe7
Bisecting: 11 revisions left to test after this (roughly 4 steps)
[d55d70894c6d4709b9ae61109a9fa7c319586b53] r8152: use alloc_pages for rx buffer
testing commit d55d70894c6d4709b9ae61109a9fa7c319586b53 with gcc (GCC) 8.1.0
kernel signature: ae0dd4258e2fdd36a5687b056f72be02c9b25195458632752ae8de4695e8cffc
all runs: OK
# git bisect good d55d70894c6d4709b9ae61109a9fa7c319586b53
Bisecting: 9 revisions left to test after this (roughly 3 steps)
[0abc8bf4f2842e409926096f0fa009b468cbd855] netfilter: add missing IS_ENABLED(CONFIG_NF_CONNTRACK) checks to some header-files.
testing commit 0abc8bf4f2842e409926096f0fa009b468cbd855 with gcc (GCC) 8.1.0
kernel signature: 6c44b1d53c0c973c312c8beec0ec1f15a092074e9f3b6e70b2cabd8dcc6f97a4
all runs: boot failed: general protection fault in dma_direct_max_mapping_size
# git bisect skip 0abc8bf4f2842e409926096f0fa009b468cbd855
Bisecting: 9 revisions left to test after this (roughly 3 steps)
[78458e3e08cda2aacaec9fde8c295dfc2f88618a] netfilter: add missing IS_ENABLED(CONFIG_NETFILTER) checks to some header-files.
testing commit 78458e3e08cda2aacaec9fde8c295dfc2f88618a with gcc (GCC) 8.1.0
kernel signature: d629f69ce128bdf51f0e053d97bc8bdf944834ec316b64823a360765ab918a42
all runs: boot failed: general protection fault in dma_direct_max_mapping_size
# git bisect skip 78458e3e08cda2aacaec9fde8c295dfc2f88618a
Bisecting: 9 revisions left to test after this (roughly 3 steps)
[7e59b3fea2a2510b52761c20ccc71d3e9f6b7db8] netfilter: remove unnecessary spaces
testing commit 7e59b3fea2a2510b52761c20ccc71d3e9f6b7db8 with gcc (GCC) 8.1.0
kernel signature: 7d9d61fc9be1470b9bcb316961a1548c9520250d283aa1cd9d0aa8eb72b9cc5a
all runs: boot failed: general protection fault in dma_direct_max_mapping_size
# git bisect skip 7e59b3fea2a2510b52761c20ccc71d3e9f6b7db8
Bisecting: 9 revisions left to test after this (roughly 3 steps)
[47e640af2e492cc28778dd6f894d50313f7fba75] netfilter: add missing IS_ENABLED(CONFIG_NF_TABLES) check to header-file.
testing commit 47e640af2e492cc28778dd6f894d50313f7fba75 with gcc (GCC) 8.1.0
kernel signature: b671d6688e628fe57e1fde4d82e1da9933812076e1a878a43658f4810164f9d4
all runs: boot failed: general protection fault in dma_direct_max_mapping_size
# git bisect skip 47e640af2e492cc28778dd6f894d50313f7fba75
Bisecting: 9 revisions left to test after this (roughly 3 steps)
[105333435b4f3b21ffc325f32fae17719310db64] netfilter: connlabels: prefer static lock initialiser
testing commit 105333435b4f3b21ffc325f32fae17719310db64 with gcc (GCC) 8.1.0
kernel signature: 604f264b6c5ea777ced5fc2e421d96fc5bd02c26091c23ea25a9e636508b022a
all runs: boot failed: general protection fault in dma_direct_max_mapping_size
# git bisect skip 105333435b4f3b21ffc325f32fae17719310db64
Bisecting: 9 revisions left to test after this (roughly 3 steps)
[9211bfbff80a7604273086fec5685efcdc10be2b] netfilter: add missing IS_ENABLED(CONFIG_BRIDGE_NETFILTER) checks to header-file.
testing commit 9211bfbff80a7604273086fec5685efcdc10be2b with gcc (GCC) 8.1.0
kernel signature: 704178a27e472d83262e10af3a06385eecc0faaf9720c7fcbea4627cd57c5487
all runs: boot failed: general protection fault in dma_direct_max_mapping_size
# git bisect skip 9211bfbff80a7604273086fec5685efcdc10be2b
Bisecting: 9 revisions left to test after this (roughly 3 steps)
[b753c5a7f99f390fc100de18647ce0dcacdceafc] Merge branch 'r8152-RX-improve'
testing commit b753c5a7f99f390fc100de18647ce0dcacdceafc with gcc (GCC) 8.1.0
kernel signature: f2156b1ab5c76d4b4bd54ce47250d08cbd3367cd87ace0a7da5a7455a9e9f8ef
run #0: crashed: general protection fault in batadv_iv_ogm_queue_add
run #1: OK
run #2: OK
run #3: OK
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
# git bisect bad b753c5a7f99f390fc100de18647ce0dcacdceafc
Bisecting: 1 revision left to test after this (roughly 1 step)
[47922fcde5365a2d37e8d4056e537fc8a7213c39] r8152: support skb_add_rx_frag
testing commit 47922fcde5365a2d37e8d4056e537fc8a7213c39 with gcc (GCC) 8.1.0
kernel signature: 64457d8ae205fcc80dd2f6ae39469c51f372f087ce098a122d1358eed51de1f2
all runs: OK
# git bisect good 47922fcde5365a2d37e8d4056e537fc8a7213c39
Bisecting: 0 revisions left to test after this (roughly 0 steps)
[e4a5017ac5b3924384a36a0a043cb65bb41dd5be] r8152: change rx_copybreak and rx_pending through ethtool
testing commit e4a5017ac5b3924384a36a0a043cb65bb41dd5be with gcc (GCC) 8.1.0
kernel signature: 43f1471127e24e4c6a8eebb6d86abab0a95a03462aebbcb4a80902ceda8d93ff
all runs: OK
# git bisect good e4a5017ac5b3924384a36a0a043cb65bb41dd5be
b753c5a7f99f390fc100de18647ce0dcacdceafc is the first bad commit
commit b753c5a7f99f390fc100de18647ce0dcacdceafc
Merge: e070ca371f2b e4a5017ac5b3
Author: Jakub Kicinski <jakub.kicinski@netronome.com>
Date:   Tue Aug 13 18:12:45 2019 -0700

    Merge branch 'r8152-RX-improve'
    
    Hayes says:
    
    ====================
    v2:
    For patch #2, replace list_for_each_safe with list_for_each_entry_safe.
    Remove unlikely in WARN_ON. Adjust the coding style.
    
    For patch #4, replace list_for_each_safe with list_for_each_entry_safe.
    Remove "else" after "continue".
    
    For patch #5. replace sysfs with ethtool to modify rx_copybreak and
    rx_pending.
    
    v1:
    The different chips use different rx buffer size.
    
    Use skb_add_rx_frag() to reduce memory copy for RX.
    ====================
    
    Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com>

 drivers/net/usb/r8152.c | 374 +++++++++++++++++++++++++++++++++++++++---------
 1 file changed, 304 insertions(+), 70 deletions(-)
revisions tested: 28, total time: 7h35m54.722304225s (build: 2h58m38.816639153s, test: 4h35m42.230963997s)
first bad commit: b753c5a7f99f390fc100de18647ce0dcacdceafc Merge branch 'r8152-RX-improve'
cc: ["jakub.kicinski@netronome.com"]
crash: general protection fault in batadv_iv_ogm_queue_add
kasan: CONFIG_KASAN_INLINE enabled
kasan: GPF could be caused by NULL-ptr deref or user memory access
general protection fault: 0000 [#1] PREEMPT SMP KASAN
CPU: 0 PID: 7 Comm: kworker/u4:0 Not tainted 5.3.0-rc3-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: bat_events batadv_iv_send_outstanding_bat_ogm_packet
RIP: 0010:batadv_iv_ogm_queue_add+0x9b/0xe50 net/batman-adv/bat_iv_ogm.c:599
Code: 44 89 8d 64 ff ff ff c7 02 f1 f1 f1 f1 c7 42 04 04 f2 f2 f2 48 89 fa 65 48 8b 0c 25 28 00 00 00 48 89 4d d0 31 c9 48 c1 ea 03 <0f> b6 04 02 48 89 fa 83 e2 07 38 d0 7f 08 84 c0 0f 85 a2 0b 00 00
RSP: 0018:ffff8880a989fab8 EFLAGS: 00010246
RAX: dffffc0000000000 RBX: ffff888093996300 RCX: 0000000000000000
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
RBP: ffff8880a989fbd0 R08: ffff888093282000 R09: 0000000000000001
R10: ffffed1015313f8f R11: 0000000000000003 R12: 0000000000000007
R13: ffff888093282028 R14: ffff888093282000 R15: 000000000000003c
FS:  0000000000000000(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ffee09d9d2c CR3: 000000008a7ba000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 batadv_iv_ogm_schedule+0xb60/0xe90 net/batman-adv/bat_iv_ogm.c:807
 batadv_iv_send_outstanding_bat_ogm_packet+0x54c/0x77d net/batman-adv/bat_iv_ogm.c:1669
 process_one_work+0x856/0x1630 kernel/workqueue.c:2269
 worker_thread+0x85/0xb60 kernel/workqueue.c:2415
 kthread+0x331/0x3f0 kernel/kthread.c:255
 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:352
Modules linked in:
---[ end trace 2928963a2dbfd62e ]---
RIP: 0010:batadv_iv_ogm_queue_add+0x9b/0xe50 net/batman-adv/bat_iv_ogm.c:599
Code: 44 89 8d 64 ff ff ff c7 02 f1 f1 f1 f1 c7 42 04 04 f2 f2 f2 48 89 fa 65 48 8b 0c 25 28 00 00 00 48 89 4d d0 31 c9 48 c1 ea 03 <0f> b6 04 02 48 89 fa 83 e2 07 38 d0 7f 08 84 c0 0f 85 a2 0b 00 00
RSP: 0018:ffff8880a989fab8 EFLAGS: 00010246
RAX: dffffc0000000000 RBX: ffff888093996300 RCX: 0000000000000000
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
RBP: ffff8880a989fbd0 R08: ffff888093282000 R09: 0000000000000001
R10: ffffed1015313f8f R11: 0000000000000003 R12: 0000000000000007
R13: ffff888093282028 R14: ffff888093282000 R15: 000000000000003c
FS:  0000000000000000(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ffee09d9d2c CR3: 000000008a7ba000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400