bisecting fixing commit since 1bab61d3e8cd96f2badf515dcb06e4e1029bc017
building syzkaller on 4afdfa205b55633e7eb9db03a9d099d7aa324801
testing commit 1bab61d3e8cd96f2badf515dcb06e4e1029bc017 with gcc (GCC) 8.1.0
kernel signature: 77742cf26e88f47e5bff424a736733f99d581f742d46d0236bf8b47a5bdc1470
all runs: crashed: general protection fault in fq_codel_enqueue
testing current HEAD 3fc898571b974f9a05e4e5c1fe17b18548207091
testing commit 3fc898571b974f9a05e4e5c1fe17b18548207091 with gcc (GCC) 8.1.0
kernel signature: 2c4a2196ae71a1f6c77a77703a20ed8d5ae4c76a5f387258b25b226c5bb68893
all runs: OK
# git bisect start 3fc898571b974f9a05e4e5c1fe17b18548207091 1bab61d3e8cd96f2badf515dcb06e4e1029bc017
Bisecting: 114 revisions left to test after this (roughly 7 steps)
[8b14d3efedb20c12e0fe9e3c43bb06f95e173c1e] riscv: stacktrace: Fix undefined reference to `walk_stackframe'
testing commit 8b14d3efedb20c12e0fe9e3c43bb06f95e173c1e with gcc (GCC) 8.1.0
kernel signature: 037c14624aefdab4c006166ab936f2f8a93e1e96c0cfa7bd20ab3cee3baef2d8
all runs: crashed: general protection fault in fq_codel_enqueue
# git bisect good 8b14d3efedb20c12e0fe9e3c43bb06f95e173c1e
Bisecting: 57 revisions left to test after this (roughly 6 steps)
[8a37da1359ffbf7ae5600b552bfd7fd57057cb68] bonding: Fix reference count leak in bond_sysfs_slave_add.
testing commit 8a37da1359ffbf7ae5600b552bfd7fd57057cb68 with gcc (GCC) 8.1.0
kernel signature: 9c635fdf3c28bed5598e00e796d90473dc92dda9f22c21e42799bccaecd7ba1e
all runs: crashed: general protection fault in fq_codel_enqueue
# git bisect good 8a37da1359ffbf7ae5600b552bfd7fd57057cb68
Bisecting: 28 revisions left to test after this (roughly 5 steps)
[876119e5ff899365b35f7a6949665d9eaaa10fbc] net/ethernet/freescale: rework quiesce/activate for ucc_geth
testing commit 876119e5ff899365b35f7a6949665d9eaaa10fbc with gcc (GCC) 8.1.0
kernel signature: d3a4499bf4ccff5ab7bdacc29f0ae24a9318c53e947252290719c1cdd8c8ffd3
all runs: crashed: general protection fault in fq_codel_enqueue
# git bisect good 876119e5ff899365b35f7a6949665d9eaaa10fbc
Bisecting: 14 revisions left to test after this (roughly 4 steps)
[3fd6c6a93b2e95db9c6b2294fc6207cf801739ad] iio: vcnl4000: Fix i2c swapped word reading.
testing commit 3fd6c6a93b2e95db9c6b2294fc6207cf801739ad with gcc (GCC) 8.1.0
kernel signature: c391b780342b5f48c97005b1c8ad21f00faa9aba90a54bd50354d147a2dacf0e
all runs: OK
# git bisect bad 3fd6c6a93b2e95db9c6b2294fc6207cf801739ad
Bisecting: 6 revisions left to test after this (roughly 3 steps)
[ed9ab2c2aa46031d7b121a1eee99412769a8649f] net: usb: qmi_wwan: add Telit LE910C1-EUX composition
testing commit ed9ab2c2aa46031d7b121a1eee99412769a8649f with gcc (GCC) 8.1.0
kernel signature: 249330f3a0597abe6371d308ccc034b0cf0c36a6dc47be28dccb939302dd7610
all runs: crashed: general protection fault in fq_codel_enqueue
# git bisect good ed9ab2c2aa46031d7b121a1eee99412769a8649f
Bisecting: 3 revisions left to test after this (roughly 2 steps)
[8920e8ae16a89bebd4d98ec6c7b306b1e3e06722] net: check untrusted gso_size at kernel entry
testing commit 8920e8ae16a89bebd4d98ec6c7b306b1e3e06722 with gcc (GCC) 8.1.0
kernel signature: 8871b2db6582804707e80c13e73c3e87a7ad8125998ee2547b17b3eee5598d5e
all runs: OK
# git bisect bad 8920e8ae16a89bebd4d98ec6c7b306b1e3e06722
Bisecting: 0 revisions left to test after this (roughly 1 step)
[630be67afc0be3478bb049db64c14a52f507fe80] vsock: fix timeout in vsock_accept()
testing commit 630be67afc0be3478bb049db64c14a52f507fe80 with gcc (GCC) 8.1.0
kernel signature: 3284876227059317b8e6e2e7d14cfe3f7bb133219c69fac378b54228caaae50c
all runs: crashed: general protection fault in fq_codel_enqueue
# git bisect good 630be67afc0be3478bb049db64c14a52f507fe80
8920e8ae16a89bebd4d98ec6c7b306b1e3e06722 is the first bad commit
commit 8920e8ae16a89bebd4d98ec6c7b306b1e3e06722
Author: Willem de Bruijn <willemb@google.com>
Date:   Mon May 25 15:07:40 2020 -0400

    net: check untrusted gso_size at kernel entry
    
    [ Upstream commit 6dd912f82680761d8fb6b1bb274a69d4c7010988 ]
    
    Syzkaller again found a path to a kernel crash through bad gso input:
    a packet with gso size exceeding len.
    
    These packets are dropped in tcp_gso_segment and udp[46]_ufo_fragment.
    But they may affect gso size calculations earlier in the path.
    
    Now that we have thlen as of commit 9274124f023b ("net: stricter
    validation of untrusted gso packets"), check gso_size at entry too.
    
    Fixes: bfd5f4a3d605 ("packet: Add GSO/csum offload support.")
    Reported-by: syzbot <syzkaller@googlegroups.com>
    Signed-off-by: Willem de Bruijn <willemb@google.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

 include/linux/virtio_net.h | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)
culprit signature: 8871b2db6582804707e80c13e73c3e87a7ad8125998ee2547b17b3eee5598d5e
parent  signature: 3284876227059317b8e6e2e7d14cfe3f7bb133219c69fac378b54228caaae50c
revisions tested: 9, total time: 2h5m33.640893612s (build: 1h16m14.789683785s, test: 48m27.527181015s)
first good commit: 8920e8ae16a89bebd4d98ec6c7b306b1e3e06722 net: check untrusted gso_size at kernel entry
cc: ["davem@davemloft.net" "gregkh@linuxfoundation.org" "willemb@google.com"]