bisecting fixing commit since f56f3d0e65adb447b8b583c8ed4fbbe544c9bfde
building syzkaller on 598ca6c8b8766304c3b2865e38f5f301c39bd299
testing commit f56f3d0e65adb447b8b583c8ed4fbbe544c9bfde with gcc (GCC) 8.1.0
kernel signature: d623fc5d319d2f79047261f1ba1f438e72c681d695a0bf463796ece0e36f761a
all runs: crashed: general protection fault in skb_unlink
testing current HEAD 98db2bf27b9ed2d5ed0b6c9c8a4bfcb127a19796
testing commit 98db2bf27b9ed2d5ed0b6c9c8a4bfcb127a19796 with gcc (GCC) 8.1.0
kernel signature: 92bcdc9ce30ca3691fcff5c83620d1d64ea40ead9b5f6a7e4f2860b85b91d568
all runs: crashed: general protection fault in skb_unlink
revisions tested: 2, total time: 23m17.487870193s (build: 16m18.300480515s, test: 6m20.562907513s)
the crash still happens on HEAD
commit msg: Linux 4.14.171
crash: general protection fault in skb_unlink
IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
8021q: adding VLAN 0 to HW filter on device batadv0
kasan: CONFIG_KASAN_INLINE enabled
kasan: GPF could be caused by NULL-ptr deref or user memory access
general protection fault: 0000 [#1] PREEMPT SMP KASAN
Modules linked in:
CPU: 0 PID: 7576 Comm: syz-executor.1 Not tainted 4.14.171-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
task: ffff888093cb2040 task.stack: ffff888098dd0000
RIP: 0010:__write_once_size include/linux/compiler.h:210 [inline]
RIP: 0010:__skb_unlink include/linux/skbuff.h:1888 [inline]
RIP: 0010:skb_unlink+0xbb/0x160 net/core/skbuff.c:2942
RSP: 0018:ffff888098dd7870 EFLAGS: 00010002
RAX: 0000000000000286 RBX: ffff8880980ecc00 RCX: 0000000000000001
RDX: dffffc0000000000 RSI: ffff888093cb28e8 RDI: 0000000000000008
RBP: ffff888098dd7898 R08: ffff888093cb2908 R09: 000000000000625d
R10: 0000000000000028 R11: ffff888093cb2040 R12: 0000000000000000
R13: 0000000000000000 R14: ffff8880959d07a0 R15: 0000000000000000
FS:  00007f198b08c700(0000) GS:ffff8880aee00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000004 CR3: 0000000098a76000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 kcm_recvmsg+0x395/0x570 net/kcm/kcmsock.c:1160
 sock_recvmsg_nosec+0x7b/0xd0 net/socket.c:819
 ___sys_recvmsg+0x206/0x4d0 net/socket.c:2221
 __sys_recvmmsg+0x20d/0x600 net/socket.c:2329
 SYSC_recvmmsg net/socket.c:2405 [inline]
 SyS_recvmmsg+0x109/0x120 net/socket.c:2394
 do_syscall_64+0x1c7/0x5b0 arch/x86/entry/common.c:292
 entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x45a639
RSP: 002b:00007f198b08bc78 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000000045a639
RDX: 0400000000000310 RSI: 0000000020003540 RDI: 0000000000000005
RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f198b08c6d4
R13: 00000000004c82f0 R14: 00000000004de6e0 R15: 00000000ffffffff
Code: 00 00 00 49 8d 7d 08 4c 8b 63 08 48 ba 00 00 00 00 00 fc ff df 48 c7 43 08 00 00 00 00 48 89 f9 48 c7 03 00 00 00 00 48 c1 e9 03 <80> 3c 11 00 75 5b 4c 89 e1 4d 89 65 08 48 ba 00 00 00 00 00 fc 
RIP: __write_once_size include/linux/compiler.h:210 [inline] RSP: ffff888098dd7870
RIP: __skb_unlink include/linux/skbuff.h:1888 [inline] RSP: ffff888098dd7870
RIP: skb_unlink+0xbb/0x160 net/core/skbuff.c:2942 RSP: ffff888098dd7870
---[ end trace 16faf1ec2f4f65c9 ]---