bisecting fixing commit since b98aebd298246df37b472c52a2ee1023256d02e3 building syzkaller on 04ca72cd45348daab9d896bbec8ea4c2d13455ac testing commit b98aebd298246df37b472c52a2ee1023256d02e3 with gcc (GCC) 8.1.0 kernel signature: b2b0b5bc27239eaf22084faef7350266d6685c19784b31aac2f2a55ef1f8b0a1 all runs: crashed: general protection fault in ip6_dst_destroy testing current HEAD c6db52a88798e5a0dfef80041ad4d33cc8cf04eb testing commit c6db52a88798e5a0dfef80041ad4d33cc8cf04eb with gcc (GCC) 8.1.0 kernel signature: 18dd547569c4fbda49bba00a84960cca6a6f2aab0514b242f19970a53e605651 all runs: crashed: general protection fault in ip6_dst_destroy revisions tested: 2, total time: 23m44.694544409s (build: 16m54.321432402s, test: 5m52.382688045s) the crash still happens on HEAD commit msg: Linux 4.14.183 crash: general protection fault in ip6_dst_destroy IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready kasan: CONFIG_KASAN_INLINE enabled kasan: GPF could be caused by NULL-ptr deref or user memory access general protection fault: 0000 [#1] PREEMPT SMP KASAN Modules linked in: CPU: 0 PID: 6278 Comm: syz-executor.4 Not tainted 4.14.183-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 task: ffff88809bd86600 task.stack: ffff888094398000 RIP: 0010:__lock_acquire+0x1d5/0x4500 kernel/locking/lockdep.c:3369 RSP: 0018:ffff8880aee07b30 EFLAGS: 00010006 RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 0000000000000000 RDX: 0000000000000003 RSI: 0000000000000000 RDI: ffffffff87916900 RBP: ffff8880aee07cf8 R08: 0000000000000001 R09: 0000000000000000 R10: 0000000000000001 R11: ffff88809bd86600 R12: 0000000000000018 R13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000000 FS: 000000000257b940(0000) GS:ffff8880aee00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f0d93e4e740 CR3: 0000000090b28000 CR4: 00000000001406f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: lock_acquire+0x173/0x400 kernel/locking/lockdep.c:3998 __raw_spin_lock_bh include/linux/spinlock_api_smp.h:135 [inline] _raw_spin_lock_bh+0x31/0x40 kernel/locking/spinlock.c:176 spin_lock_bh include/linux/spinlock.h:322 [inline] rt6_uncached_list_del net/ipv6/route.c:144 [inline] ip6_dst_destroy+0x100/0x380 net/ipv6/route.c:402 dst_destroy+0xb2/0x2d0 net/core/dst.c:129 dst_destroy_rcu+0xd/0x10 net/core/dst.c:151 __rcu_reclaim kernel/rcu/rcu.h:195 [inline] rcu_do_batch kernel/rcu/tree.c:2699 [inline] invoke_rcu_callbacks kernel/rcu/tree.c:2962 [inline] __rcu_process_callbacks kernel/rcu/tree.c:2929 [inline] rcu_process_callbacks+0x7e0/0x11e0 kernel/rcu/tree.c:2946 __do_softirq+0x246/0x9b0 kernel/softirq.c:288 invoke_softirq kernel/softirq.c:368 [inline] irq_exit+0x15f/0x1a0 kernel/softirq.c:409 exiting_irq arch/x86/include/asm/apic.h:648 [inline] smp_apic_timer_interrupt+0x149/0x5d0 arch/x86/kernel/apic/apic.c:1102 apic_timer_interrupt+0x9a/0xa0 arch/x86/entry/entry_64.S:793 RIP: 0010:memcmp+0xb3/0x160 lib/string.c:861 RSP: 0018:ffff88809439f010 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff10 RAX: 000000000000005e RBX: ffff88809439f0f0 RCX: 0000000000000000 RDX: ffff88809439f150 RSI: ffff888096eea0e0 RDI: 0000000000000000 RBP: ffff88809439f038 R08: ffff88809439f0b8 R09: 000000008134beb4 R10: 0000000000000002 R11: 00000000a3e3e21a R12: dffffc0000000000 R13: 0000000000000098 R14: ffff888096eea090 R15: 00000000000594c0 find_stack lib/stackdepot.c:180 [inline] depot_save_stack+0x122/0x43a lib/stackdepot.c:229 save_stack+0xa9/0xd0 mm/kasan/kasan.c:453 set_track mm/kasan/kasan.c:459 [inline] kasan_kmalloc+0xc7/0xe0 mm/kasan/kasan.c:551 kasan_slab_alloc+0x12/0x20 mm/kasan/kasan.c:489 slab_post_alloc_hook mm/slab.h:442 [inline] slab_alloc mm/slab.c:3390 [inline] kmem_cache_alloc_trace+0x13b/0x7a0 mm/slab.c:3616 kmalloc include/linux/slab.h:488 [inline] kzalloc include/linux/slab.h:661 [inline] hsr_add_port+0x1b0/0x580 net/hsr/hsr_slave.c:151 hsr_dev_finalize+0x543/0x7d5 net/hsr/hsr_device.c:488 hsr_newlink+0x21e/0x3a0 net/hsr/hsr_netlink.c:78 rtnl_newlink+0xbdd/0x1390 net/core/rtnetlink.c:2728 rtnetlink_rcv_msg+0x34f/0x9d0 net/core/rtnetlink.c:4315 netlink_rcv_skb+0x133/0x370 net/netlink/af_netlink.c:2433 rtnetlink_rcv+0x10/0x20 net/core/rtnetlink.c:4327 netlink_unicast_kernel net/netlink/af_netlink.c:1287 [inline] netlink_unicast+0x40d/0x5f0 net/netlink/af_netlink.c:1313 netlink_sendmsg+0x730/0xbd0 net/netlink/af_netlink.c:1878 sock_sendmsg_nosec net/socket.c:646 [inline] sock_sendmsg+0xb5/0xf0 net/socket.c:656 SYSC_sendto+0x1e3/0x2c0 net/socket.c:1763 SyS_sendto+0x9/0x10 net/socket.c:1731 do_syscall_64+0x1c7/0x5b0 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x46/0xbb RIP: 0033:0x413c33 RSP: 002b:00007ffd2b1c4cb8 EFLAGS: 00000246 ORIG_RAX: 000000000000002c RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000413c33 RDX: 0000000000000048 RSI: 0000000000a71df0 RDI: 0000000000000003 RBP: 000000000000000a R08: 00007ffd2b1c4cc0 R09: 000000000000000c R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 R13: 00000000004bf172 R14: 00007ffd2b1c4df0 R15: 0000000000000006 Code: 00 00 00 00 8b 84 24 98 00 00 00 48 8d 65 d8 5b 41 5c 41 5d 41 5e 41 5f 5d c3 48 b8 00 00 00 00 00 fc ff df 4c 89 e2 48 c1 ea 03 <80> 3c 02 00 0f 85 f2 30 00 00 49 81 3c 24 60 52 7b 88 0f 84 30 RIP: __lock_acquire+0x1d5/0x4500 kernel/locking/lockdep.c:3369 RSP: ffff8880aee07b30 ---[ end trace 01ae43c75d970825 ]---