bisecting fixing commit since 768292d053619b2725b846ed2bf556bf40f43de2 building syzkaller on 794a1ad73ab695b3d3ef099446fa60bc060dd74e testing commit 768292d053619b2725b846ed2bf556bf40f43de2 with gcc (GCC) 8.1.0 kernel signature: 19e0dffa16c3585da0213570c0309307ee96f7bd run #0: crashed: general protection fault in rds_recv_rcvbuf_delta run #1: crashed: general protection fault in rds_recv_rcvbuf_delta run #2: crashed: general protection fault in rds_recv_rcvbuf_delta run #3: crashed: general protection fault in rds_recv_rcvbuf_delta run #4: crashed: general protection fault in rds_recv_rcvbuf_delta run #5: crashed: general protection fault in rds_recv_rcvbuf_delta run #6: crashed: general protection fault in rds_recv_rcvbuf_delta run #7: crashed: general protection fault in rds_recv_rcvbuf_delta run #8: OK run #9: crashed: general protection fault in rds_recv_rcvbuf_delta testing current HEAD 174651bdf802a2139065e8e31ce950e2f3fc4a94 testing commit 174651bdf802a2139065e8e31ce950e2f3fc4a94 with gcc (GCC) 8.1.0 kernel signature: 72f6033779c673edc6046698eaa1c730675ec178 all runs: OK # git bisect start 174651bdf802a2139065e8e31ce950e2f3fc4a94 768292d053619b2725b846ed2bf556bf40f43de2 Bisecting: 2013 revisions left to test after this (roughly 11 steps) [b841a9f58d9c778d8c2c5f636dc06a53b9a47fa1] media: technisat-usb2: break out of loop at end of buffer testing commit b841a9f58d9c778d8c2c5f636dc06a53b9a47fa1 with gcc (GCC) 8.1.0 kernel signature: 7bf4c0927db2ffa74d789b9a89b72c8b873c49a0 run #0: crashed: general protection fault in rds_recv_rcvbuf_delta run #1: crashed: general protection fault in rds_recv_rcvbuf_delta run #2: crashed: general protection fault in rds_recv_rcvbuf_delta run #3: crashed: general protection fault in rds_recv_rcvbuf_delta run #4: crashed: general protection fault in rds_recv_rcvbuf_delta run #5: crashed: general protection fault in rds_recv_rcvbuf_delta run #6: OK run #7: OK run #8: OK run #9: OK # git bisect good b841a9f58d9c778d8c2c5f636dc06a53b9a47fa1 Bisecting: 1006 revisions left to test after this (roughly 10 steps) [1372527e6876d36786f9f56b9e71ce97bf0dd5d8] scsi: qla2xxx: stop timer in shutdown path testing commit 1372527e6876d36786f9f56b9e71ce97bf0dd5d8 with gcc (GCC) 8.1.0 kernel signature: 0070b7987f6b573c84c171ba6bcdb1a6d103a9ef all runs: OK # git bisect bad 1372527e6876d36786f9f56b9e71ce97bf0dd5d8 Bisecting: 503 revisions left to test after this (roughly 9 steps) [dcabc48fe0ac5b8e582167bc2b5fa48e2bce64c8] USB: usb-skeleton: fix runtime PM after driver unbind testing commit dcabc48fe0ac5b8e582167bc2b5fa48e2bce64c8 with gcc (GCC) 8.1.0 kernel signature: 957a3e528710acc7d56c19ffc6836c598e7a7829 all runs: OK # git bisect bad dcabc48fe0ac5b8e582167bc2b5fa48e2bce64c8 Bisecting: 251 revisions left to test after this (roughly 8 steps) [2e96c93325950db4ca9d8eb73cf93b20e5500938] smb3: allow disabling requesting leases testing commit 2e96c93325950db4ca9d8eb73cf93b20e5500938 with gcc (GCC) 8.1.0 kernel signature: e1b84d84890181fe4dcd3140d0f233303066bb75 all runs: OK # git bisect bad 2e96c93325950db4ca9d8eb73cf93b20e5500938 Bisecting: 125 revisions left to test after this (roughly 7 steps) [4410b85179504a08a9c0953b6615c458870e9273] EDAC, pnd2: Fix ioremap() size in dnv_rd_reg() testing commit 4410b85179504a08a9c0953b6615c458870e9273 with gcc (GCC) 8.1.0 kernel signature: 8bf472c0ebaeb2e69f84245c4948ee5ac2443592 all runs: OK # git bisect bad 4410b85179504a08a9c0953b6615c458870e9273 Bisecting: 62 revisions left to test after this (roughly 6 steps) [3de749d6d7cee11bbbe00090f4a285b759a406ab] net/rds: An rds_sock is added too early to the hash table testing commit 3de749d6d7cee11bbbe00090f4a285b759a406ab with gcc (GCC) 8.1.0 kernel signature: 66579d10473afa9dce1fdcd974e64bfdaabe46ae all runs: OK # git bisect bad 3de749d6d7cee11bbbe00090f4a285b759a406ab Bisecting: 30 revisions left to test after this (roughly 5 steps) [50c9ccffe0412375ea7dc6b40127d2e85c416183] ALSA: hda - Add laptop imic fixup for ASUS M9V laptop testing commit 50c9ccffe0412375ea7dc6b40127d2e85c416183 with gcc (GCC) 8.1.0 kernel signature: 2c5e1f4e26ad6ea173fb8e48da163156a8665bc6 run #0: crashed: general protection fault in rds_recv_rcvbuf_delta run #1: crashed: general protection fault in rds_recv_rcvbuf_delta run #2: crashed: general protection fault in rds_recv_rcvbuf_delta run #3: crashed: general protection fault in rds_recv_rcvbuf_delta run #4: crashed: general protection fault in rds_recv_rcvbuf_delta run #5: crashed: general protection fault in rds_recv_rcvbuf_delta run #6: crashed: general protection fault in rds_recv_rcvbuf_delta run #7: crashed: general protection fault in rds_recv_rcvbuf_delta run #8: crashed: general protection fault in rds_recv_rcvbuf_delta run #9: OK # git bisect good 50c9ccffe0412375ea7dc6b40127d2e85c416183 Bisecting: 15 revisions left to test after this (roughly 4 steps) [75448f40b9f6c0fd6d6afdf9101fbb2697fb5608] initramfs: don't free a non-existent initrd testing commit 75448f40b9f6c0fd6d6afdf9101fbb2697fb5608 with gcc (GCC) 8.1.0 kernel signature: 6532a8bd301d74021536cff505ff28d4e0ddb0e0 run #0: crashed: general protection fault in rds_recv_rcvbuf_delta run #1: crashed: general protection fault in rds_recv_rcvbuf_delta run #2: crashed: general protection fault in rds_recv_rcvbuf_delta run #3: crashed: general protection fault in rds_recv_rcvbuf_delta run #4: crashed: general protection fault in rds_recv_rcvbuf_delta run #5: crashed: general protection fault in rds_recv_rcvbuf_delta run #6: crashed: general protection fault in rds_recv_rcvbuf_delta run #7: crashed: general protection fault in rds_recv_rcvbuf_delta run #8: crashed: general protection fault in rds_recv_rcvbuf_delta run #9: OK # git bisect good 75448f40b9f6c0fd6d6afdf9101fbb2697fb5608 Bisecting: 7 revisions left to test after this (roughly 3 steps) [8ffd7ba9ffb1e332c092a7523dc76de9d0958bd1] net: don't warn in inet diag when IPV6 is disabled testing commit 8ffd7ba9ffb1e332c092a7523dc76de9d0958bd1 with gcc (GCC) 8.1.0 kernel signature: cd50c0330791a87f46d22ffc8d7c1fd1d84cbc6e run #0: crashed: general protection fault in rds_recv_rcvbuf_delta run #1: crashed: general protection fault in rds_recv_rcvbuf_delta run #2: crashed: general protection fault in rds_recv_rcvbuf_delta run #3: crashed: general protection fault in rds_recv_rcvbuf_delta run #4: crashed: general protection fault in rds_recv_rcvbuf_delta run #5: crashed: general protection fault in rds_recv_rcvbuf_delta run #6: OK run #7: OK run #8: OK run #9: OK # git bisect good 8ffd7ba9ffb1e332c092a7523dc76de9d0958bd1 Bisecting: 3 revisions left to test after this (roughly 2 steps) [649836fe946c7b765748eb6dcf534b0db35ed62a] xfs: don't crash on null attr fork xfs_bmapi_read testing commit 649836fe946c7b765748eb6dcf534b0db35ed62a with gcc (GCC) 8.1.0 kernel signature: d62b17f450d34ca3006162b474ece56044462b68 run #0: crashed: general protection fault in rds_recv_rcvbuf_delta run #1: crashed: general protection fault in rds_recv_rcvbuf_delta run #2: crashed: general protection fault in rds_recv_rcvbuf_delta run #3: crashed: general protection fault in rds_recv_rcvbuf_delta run #4: crashed: general protection fault in rds_recv_rcvbuf_delta run #5: crashed: general protection fault in rds_recv_rcvbuf_delta run #6: crashed: general protection fault in rds_recv_rcvbuf_delta run #7: crashed: general protection fault in rds_recv_rcvbuf_delta run #8: crashed: general protection fault in rds_recv_rcvbuf_delta run #9: OK # git bisect good 649836fe946c7b765748eb6dcf534b0db35ed62a Bisecting: 1 revision left to test after this (roughly 1 step) [90b0761c1b81a78b0d6cdb85a5a83e98d7e8494c] Bluetooth: btrtl: Additional Realtek 8822CE Bluetooth devices testing commit 90b0761c1b81a78b0d6cdb85a5a83e98d7e8494c with gcc (GCC) 8.1.0 kernel signature: 99f599243e2a9b18f08c8859d24b36785758401b run #0: crashed: general protection fault in rds_recv_rcvbuf_delta run #1: crashed: general protection fault in rds_recv_rcvbuf_delta run #2: crashed: general protection fault in rds_recv_rcvbuf_delta run #3: crashed: general protection fault in rds_recv_rcvbuf_delta run #4: crashed: general protection fault in rds_recv_rcvbuf_delta run #5: crashed: general protection fault in rds_recv_rcvbuf_delta run #6: crashed: general protection fault in rds_recv_rcvbuf_delta run #7: crashed: general protection fault in rds_recv_rcvbuf_delta run #8: OK run #9: crashed: general protection fault in rds_recv_rcvbuf_delta # git bisect good 90b0761c1b81a78b0d6cdb85a5a83e98d7e8494c Bisecting: 0 revisions left to test after this (roughly 0 steps) [07f7ec87b5f6e1c9d954e967e971efa696ecb018] net_sched: check cops->tcf_block in tc_bind_tclass() testing commit 07f7ec87b5f6e1c9d954e967e971efa696ecb018 with gcc (GCC) 8.1.0 kernel signature: af3a330427836ee33e3e1544e901b1ae241d5af5 all runs: crashed: general protection fault in rds_recv_rcvbuf_delta # git bisect good 07f7ec87b5f6e1c9d954e967e971efa696ecb018 3de749d6d7cee11bbbe00090f4a285b759a406ab is the first bad commit commit 3de749d6d7cee11bbbe00090f4a285b759a406ab Author: Ka-Cheong Poon Date: Wed Sep 11 02:58:05 2019 -0700 net/rds: An rds_sock is added too early to the hash table [ Upstream commit c5c1a030a7dbf8dd4e1fa4405ae9a89dc1d2a8db ] In rds_bind(), an rds_sock is added to the RDS bind hash table before rs_transport is set. This means that the socket can be found by the receive code path when rs_transport is NULL. And the receive code path de-references rs_transport for congestion update check. This can cause a panic. An rds_sock should not be added to the bind hash table before all the needed fields are set. Reported-by: syzbot+4b4f8163c2e246df3c4c@syzkaller.appspotmail.com Signed-off-by: Ka-Cheong Poon Signed-off-by: David S. Miller Signed-off-by: Sasha Levin net/rds/bind.c | 40 ++++++++++++++++++---------------------- 1 file changed, 18 insertions(+), 22 deletions(-) kernel signature: 66579d10473afa9dce1fdcd974e64bfdaabe46ae previous signature: af3a330427836ee33e3e1544e901b1ae241d5af5 revisions tested: 14, total time: 4h32m52.002657835s (build: 1h54m52.929762646s, test: 2h33m40.174385518s) first good commit: 3de749d6d7cee11bbbe00090f4a285b759a406ab net/rds: An rds_sock is added too early to the hash table cc: ["davem@davemloft.net" "ka-cheong.poon@oracle.com" "linux-kernel@vger.kernel.org" "linux-rdma@vger.kernel.org" "netdev@vger.kernel.org" "rds-devel@oss.oracle.com" "santosh.shilimkar@oracle.com" "sashal@kernel.org"]