bisecting cause commit starting from 3aa7857fe1d7ac7f600f5b7e1530396fb06822bf building syzkaller on b318694d0fc0781d0bc1e3aebfb916aa36731024 testing commit 3aa7857fe1d7ac7f600f5b7e1530396fb06822bf compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: eb60bb079f5344e0d6bd617d2430c989d900e8021a4b3bbcaff2724c0b9a31e5 all runs: crashed: general protection fault in unix_dgram_connect testing release v5.13 testing commit 62fb9874f5da54fdb243003b386128037319b219 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: 909f5b513362d755e99068620c19525cb2afd91ca8725228219fd46574a48866 all runs: OK # git bisect start 3aa7857fe1d7ac7f600f5b7e1530396fb06822bf 62fb9874f5da54fdb243003b386128037319b219 Bisecting: 8598 revisions left to test after this (roughly 13 steps) [bd31b9efbf549d9630bf2f269a3a56dcb29fcac1] Merge tag 'scsi-misc' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi testing commit bd31b9efbf549d9630bf2f269a3a56dcb29fcac1 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: 56673a77ac99a441e9d153e12b74b50705d838b711d4c61681eae09f8053c62c run #0: boot failed: kernel panic: VFS: Unable to mount root fs on unknown-block(NUM,NUM) run #1: boot failed: kernel panic: VFS: Unable to mount root fs on unknown-block(NUM,NUM) run #2: boot failed: kernel panic: VFS: Unable to mount root fs on unknown-block(NUM,NUM) run #3: boot failed: BUG: sleeping function called from invalid context in stack_depot_save run #4: boot failed: BUG: sleeping function called from invalid context in stack_depot_save run #5: boot failed: kernel panic: VFS: Unable to mount root fs on unknown-block(NUM,NUM) run #6: boot failed: kernel panic: VFS: Unable to mount root fs on unknown-block(NUM,NUM) run #7: boot failed: BUG: sleeping function called from invalid context in stack_depot_save run #8: boot failed: kernel panic: VFS: Unable to mount root fs on unknown-block(NUM,NUM) run #9: boot failed: kernel panic: VFS: Unable to mount root fs on unknown-block(NUM,NUM) # git bisect skip bd31b9efbf549d9630bf2f269a3a56dcb29fcac1 Bisecting: 8598 revisions left to test after this (roughly 13 steps) [45dbd70c35d6a5fec4b7b45cde75b1341ede52a2] media: i2c: ov8865: remove unnecessary NULL check testing commit 45dbd70c35d6a5fec4b7b45cde75b1341ede52a2 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: b94005cc9c90d122045eeaa10dd141ffad05b85c1fcfdd041b8f87f3744724e0 all runs: OK # git bisect good 45dbd70c35d6a5fec4b7b45cde75b1341ede52a2 Bisecting: 8598 revisions left to test after this (roughly 13 steps) [6ecdafaec79d4b3388a5b017245f23a0ff9d852d] scsi: target: cxgbit: Unmap DMA buffer before calling target_execute_cmd() testing commit 6ecdafaec79d4b3388a5b017245f23a0ff9d852d compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: 0a85c9abba0e100ca7b8e1bb2310aa56dfc3d3b4b40d41795bf2dd68565a3e47 all runs: OK # git bisect good 6ecdafaec79d4b3388a5b017245f23a0ff9d852d Bisecting: 8598 revisions left to test after this (roughly 13 steps) [698a405f08e6adff8815d8bb8876c6c1ca339122] staging: rtl8723bs: remove BTC_PRINT macro definitions testing commit 698a405f08e6adff8815d8bb8876c6c1ca339122 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: 520160d85c9885b2d58c0073a62bf78158eef044fe30dbd7ed048739f76188b0 all runs: OK # git bisect good 698a405f08e6adff8815d8bb8876c6c1ca339122 Bisecting: 8451 revisions left to test after this (roughly 13 steps) [49694d14ff68fa4b5f86019dbcfb44a8bd213e58] iomap: remove the length variable in iomap_seek_hole testing commit 49694d14ff68fa4b5f86019dbcfb44a8bd213e58 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: f286e991f6423931d8ac873a4d3605e2473085a3a17b9574b5497e3978901702 run #0: basic kernel testing failed: possible deadlock in fs_reclaim_acquire run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect good 49694d14ff68fa4b5f86019dbcfb44a8bd213e58 Bisecting: 1776 revisions left to test after this (roughly 11 steps) [0b69c54c74bcb60e834013ccaf596caf05156a8e] net: dsa: mt7530: enable assisted learning on CPU port testing commit 0b69c54c74bcb60e834013ccaf596caf05156a8e compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: e25acc006feaaaf62c86c0edcd23f088b24b57b3b0aa9cd12bc66d677dca5563 all runs: crashed: general protection fault in unix_dgram_connect # git bisect bad 0b69c54c74bcb60e834013ccaf596caf05156a8e Bisecting: 887 revisions left to test after this (roughly 10 steps) [5bbe60493a215a3ed333df8e5ba3caedc549a0a3] net: at91_can: fix the comments style issue testing commit 5bbe60493a215a3ed333df8e5ba3caedc549a0a3 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: af227078972e188f8a7e496f056369d3cb7739579bae680b2dd28edea1462d19 all runs: crashed: general protection fault in unix_dgram_connect # git bisect bad 5bbe60493a215a3ed333df8e5ba3caedc549a0a3 Bisecting: 449 revisions left to test after this (roughly 9 steps) [f0eb870a84224c9bfde0dc547927e8df1be4267c] Merge tag 'xfs-5.14-fixes-1' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux testing commit f0eb870a84224c9bfde0dc547927e8df1be4267c compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: d4f005862fab8e0be35904e0049446178383f3d64ec39819cfb29cf6cb00291f all runs: OK # git bisect good f0eb870a84224c9bfde0dc547927e8df1be4267c Bisecting: 224 revisions left to test after this (roughly 8 steps) [876f0bf9d0d5189dca9341c8e8e8686b09db8398] net: socket: simplify dev_ifconf handling testing commit 876f0bf9d0d5189dca9341c8e8e8686b09db8398 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: fea13729e32b01e1b33df2dbab8b164f5c285c7b4fe26da3bc3a909a7447fe70 run #0: crashed: general protection fault in unix_dgram_connect run #1: crashed: general protection fault in unix_dgram_connect run #2: crashed: general protection fault in unix_dgram_connect run #3: crashed: general protection fault in unix_dgram_connect run #4: crashed: general protection fault in unix_dgram_connect run #5: crashed: general protection fault in unix_dgram_connect run #6: crashed: general protection fault in unix_dgram_connect run #7: crashed: general protection fault in unix_dgram_connect run #8: OK run #9: OK # git bisect bad 876f0bf9d0d5189dca9341c8e8e8686b09db8398 Bisecting: 111 revisions left to test after this (roughly 7 steps) [542bb39651d5f98665d637b1683d501fd320212c] Merge branch 'veth-flexible-channel-numbers' testing commit 542bb39651d5f98665d637b1683d501fd320212c compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: 17506efec4208f7622c18332926a4a94c9aecf5c389e7dc29dd6ffad44d0416c run #0: basic kernel testing failed: possible deadlock in fs_reclaim_acquire run #1: crashed: general protection fault in unix_dgram_connect run #2: crashed: general protection fault in unix_dgram_connect run #3: crashed: general protection fault in unix_dgram_connect run #4: crashed: general protection fault in unix_dgram_connect run #5: crashed: general protection fault in unix_dgram_connect run #6: OK run #7: OK run #8: OK run #9: OK # git bisect bad 542bb39651d5f98665d637b1683d501fd320212c Bisecting: 55 revisions left to test after this (roughly 6 steps) [a99f030b2488b67a49f44e94f852f2ed9933d552] net: switchdev: Simplify 'mlxsw_sp_mc_write_mdb_entry()' testing commit a99f030b2488b67a49f44e94f852f2ed9933d552 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: a52ae3060293f2173a79d91484224c137013f0e7f8e19bf00b37e542652377d0 all runs: crashed: general protection fault in unix_dgram_connect # git bisect bad a99f030b2488b67a49f44e94f852f2ed9933d552 Bisecting: 28 revisions left to test after this (roughly 5 steps) [61f71e746c72f07097b759809c36e814387bc24f] selftests/bpf: Add a test with bpf_timer in inner map. testing commit 61f71e746c72f07097b759809c36e814387bc24f compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: 23292540931eb0d62f3c9bd6d4f80c02fe0108fa553d45f9d9f24b5c4375baf6 all runs: OK # git bisect good 61f71e746c72f07097b759809c36e814387bc24f Bisecting: 14 revisions left to test after this (roughly 4 steps) [83301b5367a98c17ec0d76c7bc0ccdc3c7e7ad6d] af_unix: Set TCP_ESTABLISHED for datagram sockets too testing commit 83301b5367a98c17ec0d76c7bc0ccdc3c7e7ad6d compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: c5df7d574d33b5fb58877d13048eef2147bedf3e07728f9c29534a33ac35264b run #0: crashed: general protection fault in unix_dgram_connect run #1: crashed: general protection fault in unix_dgram_connect run #2: crashed: general protection fault in unix_dgram_connect run #3: crashed: general protection fault in unix_dgram_connect run #4: crashed: general protection fault in unix_dgram_connect run #5: crashed: general protection fault in unix_dgram_connect run #6: crashed: general protection fault in unix_dgram_connect run #7: crashed: general protection fault in unix_dgram_connect run #8: crashed: general protection fault in unix_dgram_connect run #9: OK # git bisect bad 83301b5367a98c17ec0d76c7bc0ccdc3c7e7ad6d Bisecting: 6 revisions left to test after this (roughly 3 steps) [ac0ed488297a9850b0c285646b7854228368ba6b] libbpf: Add bpf_program__attach_kprobe_opts function testing commit ac0ed488297a9850b0c285646b7854228368ba6b compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: f895e1368c9255654d656521bdae2c3fe7fd89640952b35e3fb32d53e66bc2b5 run #0: basic kernel testing failed: possible deadlock in fs_reclaim_acquire run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect good ac0ed488297a9850b0c285646b7854228368ba6b Bisecting: 3 revisions left to test after this (roughly 2 steps) [1554a080e76554fa71004bba5b93c4695932a4d7] Merge branch 'Add bpf_get_func_ip helper' testing commit 1554a080e76554fa71004bba5b93c4695932a4d7 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: c502d19d4eb2e063fc53f2a7d8c4a643db5de6030474a7b4482cfffc48aadfc1 all runs: OK # git bisect good 1554a080e76554fa71004bba5b93c4695932a4d7 Bisecting: 1 revision left to test after this (roughly 1 step) [0c48eefae712c2fd91480346a07a1a9cd0f9470b] sock_map: Lift socket state restriction for datagram sockets testing commit 0c48eefae712c2fd91480346a07a1a9cd0f9470b compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: 3e9c192be189fad3683ef4d308f5975cc5998c992883719a69f7c02e172bd849 all runs: OK # git bisect good 0c48eefae712c2fd91480346a07a1a9cd0f9470b Bisecting: 0 revisions left to test after this (roughly 0 steps) [29df44fa52b70c330d8f2a3871e028a3522b8494] af_unix: Implement ->read_sock() for sockmap testing commit 29df44fa52b70c330d8f2a3871e028a3522b8494 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: c66165dd744fcacea736da392cd7a60afe8720d40e214dc59d453e67653872c3 run #0: basic kernel testing failed: possible deadlock in fs_reclaim_acquire run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect good 29df44fa52b70c330d8f2a3871e028a3522b8494 83301b5367a98c17ec0d76c7bc0ccdc3c7e7ad6d is the first bad commit commit 83301b5367a98c17ec0d76c7bc0ccdc3c7e7ad6d Author: Cong Wang Date: Sun Jul 4 12:02:45 2021 -0700 af_unix: Set TCP_ESTABLISHED for datagram sockets too Currently only unix stream socket sets TCP_ESTABLISHED, datagram socket can set this too when they connect to its peer socket. At least __ip4_datagram_connect() does the same. This will be used to determine whether an AF_UNIX datagram socket can be redirected to in sockmap. Signed-off-by: Cong Wang Signed-off-by: Alexei Starovoitov Link: https://lore.kernel.org/bpf/20210704190252.11866-5-xiyou.wangcong@gmail.com net/unix/af_unix.c | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) culprit signature: c5df7d574d33b5fb58877d13048eef2147bedf3e07728f9c29534a33ac35264b parent signature: c66165dd744fcacea736da392cd7a60afe8720d40e214dc59d453e67653872c3 revisions tested: 19, total time: 5h19m39.814410331s (build: 2h9m44.869464557s, test: 3h7m47.740874475s) first bad commit: 83301b5367a98c17ec0d76c7bc0ccdc3c7e7ad6d af_unix: Set TCP_ESTABLISHED for datagram sockets too recipients (to): ["ast@kernel.org" "cong.wang@bytedance.com" "davem@davemloft.net" "kuba@kernel.org" "netdev@vger.kernel.org"] recipients (cc): ["andrii@kernel.org" "ast@kernel.org" "bpf@vger.kernel.org" "christian.brauner@ubuntu.com" "daniel@iogearbox.net" "edumazet@google.com" "jamorris@linux.microsoft.com" "john.fastabend@gmail.com" "kafai@fb.com" "kpsingh@kernel.org" "linux-kernel@vger.kernel.org" "orcohen2006@gmail.com" "songliubraving@fb.com" "yhs@fb.com"] crash: general protection fault in unix_dgram_connect general protection fault, probably for non-canonical address 0xdffffc0000000002: 0000 [#1] PREEMPT SMP KASAN KASAN: null-ptr-deref in range [0x0000000000000010-0x0000000000000017] CPU: 1 PID: 27602 Comm: syz-executor.2 Not tainted 5.13.0-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:unix_dgram_connect+0x414/0xb30 net/unix/af_unix.c:1208 Code: 02 00 0f 85 5b 05 00 00 45 31 ed 48 83 bb f0 05 00 00 00 74 62 49 8d 7f 12 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <0f> b6 04 02 48 89 fa 83 e2 07 38 d0 7f 08 84 c0 0f 85 19 05 00 00 RSP: 0018:ffffc9000532fd10 EFLAGS: 00010202 RAX: dffffc0000000000 RBX: ffff88801f66b640 RCX: ffffffff8719d8d9 RDX: 0000000000000002 RSI: 0000000000000004 RDI: 0000000000000012 RBP: ffff88801f66b640 R08: 0000000000000001 R09: ffff88801f66b6c3 R10: ffffed1003ecd6d8 R11: 0000000000078087 R12: ffff88801f66bc30 R13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000000 FS: 00007f3a7ed5f700(0000) GS:ffff8880b9f00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000001805708 CR3: 000000001a647000 CR4: 00000000001506e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: __sys_connect+0xf5/0x120 net/socket.c:1889 __do_sys_connect net/socket.c:1899 [inline] __se_sys_connect net/socket.c:1896 [inline] __x64_sys_connect+0x6a/0xb0 net/socket.c:1896 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x4665f9 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f3a7ed5f188 EFLAGS: 00000246 ORIG_RAX: 000000000000002a RAX: ffffffffffffffda RBX: 000000000056c038 RCX: 00000000004665f9 RDX: 000000000000006e RSI: 0000000020000180 RDI: 0000000000000003 RBP: 00000000004bfcc4 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056c038 R13: 00007ffc5e5c81bf R14: 00007f3a7ed5f300 R15: 0000000000022000 Modules linked in: ---[ end trace 7d78f6f49e407e3c ]--- RIP: 0010:unix_dgram_connect+0x414/0xb30 net/unix/af_unix.c:1208 Code: 02 00 0f 85 5b 05 00 00 45 31 ed 48 83 bb f0 05 00 00 00 74 62 49 8d 7f 12 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <0f> b6 04 02 48 89 fa 83 e2 07 38 d0 7f 08 84 c0 0f 85 19 05 00 00 RSP: 0018:ffffc9000532fd10 EFLAGS: 00010202 ---------------- Code disassembly (best guess): 0: 02 00 add (%rax),%al 2: 0f 85 5b 05 00 00 jne 0x563 8: 45 31 ed xor %r13d,%r13d b: 48 83 bb f0 05 00 00 cmpq $0x0,0x5f0(%rbx) 12: 00 13: 74 62 je 0x77 15: 49 8d 7f 12 lea 0x12(%r15),%rdi 19: 48 b8 00 00 00 00 00 movabs $0xdffffc0000000000,%rax 20: fc ff df 23: 48 89 fa mov %rdi,%rdx 26: 48 c1 ea 03 shr $0x3,%rdx * 2a: 0f b6 04 02 movzbl (%rdx,%rax,1),%eax <-- trapping instruction 2e: 48 89 fa mov %rdi,%rdx 31: 83 e2 07 and $0x7,%edx 34: 38 d0 cmp %dl,%al 36: 7f 08 jg 0x40 38: 84 c0 test %al,%al 3a: 0f 85 19 05 00 00 jne 0x559