bisecting cause commit starting from 3b47fd5ca9ead91156bcdf6435279ad0b14a650c building syzkaller on 040fda588472da50749a3f605e183ad5c02104f4 testing commit 3b47fd5ca9ead91156bcdf6435279ad0b14a650c with gcc (GCC) 8.1.0 all runs: crashed: general protection fault in cbs_destroy testing release v5.2 testing commit 0ecfebd2b52404ae0c54a878c872bb93363ada36 with gcc (GCC) 8.1.0 all runs: crashed: general protection fault in cbs_destroy testing release v5.1 testing commit e93c9c99a629c61837d5a7fc2120cd2b6c70dbdd with gcc (GCC) 8.1.0 all runs: OK # git bisect start v5.2 v5.1 Bisecting: 6966 revisions left to test after this (roughly 13 steps) [a2d635decbfa9c1e4ae15cb05b68b2559f7f827c] Merge tag 'drm-next-2019-05-09' of git://anongit.freedesktop.org/drm/drm testing commit a2d635decbfa9c1e4ae15cb05b68b2559f7f827c with gcc (GCC) 8.1.0 all runs: crashed: general protection fault in cbs_destroy # git bisect bad a2d635decbfa9c1e4ae15cb05b68b2559f7f827c Bisecting: 4612 revisions left to test after this (roughly 12 steps) [82efe439599439a5e1e225ce5740e6cfb777a7dd] Merge tag 'devicetree-for-5.2' of git://git.kernel.org/pub/scm/linux/kernel/git/robh/linux testing commit 82efe439599439a5e1e225ce5740e6cfb777a7dd with gcc (GCC) 8.1.0 all runs: OK # git bisect good 82efe439599439a5e1e225ce5740e6cfb777a7dd Bisecting: 2416 revisions left to test after this (roughly 11 steps) [b3a5e648f5917ea508ecab9a629028b186d38eae] Merge tag 'tty-5.2-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty testing commit b3a5e648f5917ea508ecab9a629028b186d38eae with gcc (GCC) 8.1.0 all runs: crashed: general protection fault in cbs_destroy # git bisect bad b3a5e648f5917ea508ecab9a629028b186d38eae Bisecting: 1097 revisions left to test after this (roughly 10 steps) [0e33d334df1310d0697f2595833f723e5380359c] Merge branch 'libbpf-fixes' testing commit 0e33d334df1310d0697f2595833f723e5380359c with gcc (GCC) 8.1.0 all runs: crashed: general protection fault in cbs_destroy # git bisect bad 0e33d334df1310d0697f2595833f723e5380359c Bisecting: 548 revisions left to test after this (roughly 9 steps) [4339ef396ab65a61f7f22f36d7ba94b6e9e0939b] net: hns3: add error handler for initializing command queue testing commit 4339ef396ab65a61f7f22f36d7ba94b6e9e0939b with gcc (GCC) 8.1.0 all runs: OK # git bisect good 4339ef396ab65a61f7f22f36d7ba94b6e9e0939b Bisecting: 273 revisions left to test after this (roughly 8 steps) [cea29a70727e7885b3fdf0d266a57818652a89c1] Merge branch 'ipv6-Use-fib6_result-for-fib_lookups' testing commit cea29a70727e7885b3fdf0d266a57818652a89c1 with gcc (GCC) 8.1.0 all runs: crashed: general protection fault in cbs_destroy # git bisect bad cea29a70727e7885b3fdf0d266a57818652a89c1 Bisecting: 137 revisions left to test after this (roughly 7 steps) [38f58c972334833e0e0804a32e8cee8d8d475cb7] netdevsim: move sdev specific bpf debugfs files to sdev dir testing commit 38f58c972334833e0e0804a32e8cee8d8d475cb7 with gcc (GCC) 8.1.0 all runs: crashed: general protection fault in cbs_destroy # git bisect bad 38f58c972334833e0e0804a32e8cee8d8d475cb7 Bisecting: 69 revisions left to test after this (roughly 6 steps) [947e8b595b82d3551750641445d0a97b8f29b536] bpf: explicitly prohibit ctx_{in, out} in non-skb BPF_PROG_TEST_RUN testing commit 947e8b595b82d3551750641445d0a97b8f29b536 with gcc (GCC) 8.1.0 all runs: OK # git bisect good 947e8b595b82d3551750641445d0a97b8f29b536 Bisecting: 34 revisions left to test after this (roughly 5 steps) [1ba9a8951794751ea3bcbcc5df700d42d525a130] ipv6: Only call rt6_check_neigh for nexthop with gateway testing commit 1ba9a8951794751ea3bcbcc5df700d42d525a130 with gcc (GCC) 8.1.0 all runs: crashed: general protection fault in cbs_destroy # git bisect bad 1ba9a8951794751ea3bcbcc5df700d42d525a130 Bisecting: 17 revisions left to test after this (roughly 4 steps) [4c75be07f9385364be3a5033ff3a20faf3f3bce0] net: phy: remove unnecessary callback settings in C45 drivers testing commit 4c75be07f9385364be3a5033ff3a20faf3f3bce0 with gcc (GCC) 8.1.0 run #0: basic kernel testing failed: failed to copy test binary to VM: failed to run ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "-i" "/syzkaller/jobs/linux/workdir/image/key" "/tmp/syz-executor467415143" "root@10.128.10.63:./syz-executor467415143"]: exit status 1 ssh: connect to host 10.128.10.63 port 22: Connection timed out lost connection run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect good 4c75be07f9385364be3a5033ff3a20faf3f3bce0 Bisecting: 8 revisions left to test after this (roughly 3 steps) [7b9eba7ba0c1b24df42b70b62d154b284befbccf] net/sched: taprio: fix picos_per_byte miscalculation testing commit 7b9eba7ba0c1b24df42b70b62d154b284befbccf with gcc (GCC) 8.1.0 all runs: OK # git bisect good 7b9eba7ba0c1b24df42b70b62d154b284befbccf Bisecting: 4 revisions left to test after this (roughly 2 steps) [526bb57a6ad6b0ed6de34b3c5eabf394b248618f] net: fou: remove redundant code in gue_udp_recv testing commit 526bb57a6ad6b0ed6de34b3c5eabf394b248618f with gcc (GCC) 8.1.0 all runs: crashed: general protection fault in cbs_destroy # git bisect bad 526bb57a6ad6b0ed6de34b3c5eabf394b248618f Bisecting: 1 revision left to test after this (roughly 1 step) [b8c7e2c39dd5369d1cfcdab4630725d97f8987ac] Merge branch 'net-sched-taprio-fix-picos_per_byte-miscalculation' testing commit b8c7e2c39dd5369d1cfcdab4630725d97f8987ac with gcc (GCC) 8.1.0 all runs: crashed: general protection fault in cbs_destroy # git bisect bad b8c7e2c39dd5369d1cfcdab4630725d97f8987ac Bisecting: 0 revisions left to test after this (roughly 0 steps) [e0a7683d30e91e30ee6cf96314ae58a0314a095e] net/sched: cbs: fix port_rate miscalculation testing commit e0a7683d30e91e30ee6cf96314ae58a0314a095e with gcc (GCC) 8.1.0 all runs: crashed: general protection fault in cbs_destroy # git bisect bad e0a7683d30e91e30ee6cf96314ae58a0314a095e e0a7683d30e91e30ee6cf96314ae58a0314a095e is the first bad commit commit e0a7683d30e91e30ee6cf96314ae58a0314a095e Author: Leandro Dorileo Date: Mon Apr 8 10:12:18 2019 -0700 net/sched: cbs: fix port_rate miscalculation The Credit Based Shaper heavily depends on link speed to calculate the scheduling credits, we can't properly calculate the credits if the device has failed to report the link speed. In that case we can't dequeue packets assuming a wrong port rate that will result into an inconsistent credit distribution. This patch makes sure we fail to dequeue case: 1) __ethtool_get_link_ksettings() reports error or 2) the ethernet driver failed to set the ksettings' speed value (setting link speed to SPEED_UNKNOWN). Additionally we properly re calculate the port rate whenever the link speed is changed. Fixes: 3d0bd028ffb4a ("net/sched: Add support for HW offloading for CBS") Signed-off-by: Leandro Dorileo Reviewed-by: Vedang Patel Signed-off-by: David S. Miller :040000 040000 edb3a5509a1a4cc46496fef5de9b5560b84d6498 bb74d50df4bd699c8c863caab229457b201634f3 M net revisions tested: 17, total time: 3h14m26.462618067s (build: 1h31m40.32417148s, test: 1h37m52.032576445s) first bad commit: e0a7683d30e91e30ee6cf96314ae58a0314a095e net/sched: cbs: fix port_rate miscalculation cc: ["davem@davemloft.net" "jhs@mojatatu.com" "jiri@resnulli.us" "leandro.maciel.dorileo@intel.com" "linux-kernel@vger.kernel.org" "netdev@vger.kernel.org" "vedang.patel@intel.com" "xiyou.wangcong@gmail.com"] crash: general protection fault in cbs_destroy netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. kasan: CONFIG_KASAN_INLINE enabled kasan: GPF could be caused by NULL-ptr deref or user memory access general protection fault: 0000 [#1] PREEMPT SMP KASAN CPU: 1 PID: 7180 Comm: syz-executor.3 Not tainted 5.1.0-rc4+ #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:__list_del_entry_valid+0x84/0xf3 lib/list_debug.c:51 Code: 0f 84 cc 00 00 00 48 b8 00 02 00 00 00 00 ad de 49 39 c4 0f 84 a5 00 00 00 48 b8 00 00 00 00 00 fc ff df 4c 89 e2 48 c1 ea 03 <80> 3c 02 00 75 5f 49 8b 14 24 48 39 da 0f 85 ba 00 00 00 49 8d 7d RSP: 0018:ffff88809746f468 EFLAGS: 00010246 RAX: dffffc0000000000 RBX: ffff888090b68360 RCX: ffffffff8150f823 RDX: 0000000000000000 RSI: 0000000000000004 RDI: ffff888090b68368 RBP: ffff88809746f480 R08: ffffed1012e8de80 R09: ffffed1012e8de7f R10: ffffed1012e8de7f R11: 0000000000000003 R12: 0000000000000000 R13: 0000000000000000 R14: ffff888090b682c0 R15: ffff88808d8dc280 FS: 00007fd387b46700(0000) GS:ffff8880aeb00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000020000600 CR3: 0000000093169000 CR4: 00000000001406e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: __list_del_entry include/linux/list.h:117 [inline] list_del include/linux/list.h:125 [inline] cbs_destroy+0x7f/0x260 net/sched/sch_cbs.c:436 qdisc_create+0x9cd/0xf50 net/sched/sch_api.c:1288 tc_modify_qdisc+0x3f7/0x1950 net/sched/sch_api.c:1655 rtnetlink_rcv_msg+0x34f/0x8f0 net/core/rtnetlink.c:5195 netlink_rcv_skb+0x13c/0x380 net/netlink/af_netlink.c:2485 rtnetlink_rcv+0x10/0x20 net/core/rtnetlink.c:5213 netlink_unicast_kernel net/netlink/af_netlink.c:1310 [inline] netlink_unicast+0x43f/0x630 net/netlink/af_netlink.c:1336 netlink_sendmsg+0x765/0xc50 net/netlink/af_netlink.c:1925 sock_sendmsg_nosec net/socket.c:651 [inline] sock_sendmsg+0xb5/0xf0 net/socket.c:661 ___sys_sendmsg+0x647/0x950 net/socket.c:2260 __sys_sendmsg+0xd9/0x180 net/socket.c:2298 __do_sys_sendmsg net/socket.c:2307 [inline] __se_sys_sendmsg net/socket.c:2305 [inline] __x64_sys_sendmsg+0x73/0xb0 net/socket.c:2305 do_syscall_64+0xd0/0x4d0 arch/x86/entry/common.c:290 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x459879 Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007fd387b45c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459879 RDX: 0000000000000000 RSI: 0000000020000240 RDI: 0000000000000003 RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd387b466d4 R13: 00000000004c77c2 R14: 00000000004dd018 R15: 00000000ffffffff Modules linked in: ---[ end trace 8c845377ba1c1518 ]--- RIP: 0010:__list_del_entry_valid+0x84/0xf3 lib/list_debug.c:51 Code: 0f 84 cc 00 00 00 48 b8 00 02 00 00 00 00 ad de 49 39 c4 0f 84 a5 00 00 00 48 b8 00 00 00 00 00 fc ff df 4c 89 e2 48 c1 ea 03 <80> 3c 02 00 75 5f 49 8b 14 24 48 39 da 0f 85 ba 00 00 00 49 8d 7d RSP: 0018:ffff88809746f468 EFLAGS: 00010246 RAX: dffffc0000000000 RBX: ffff888090b68360 RCX: ffffffff8150f823 RDX: 0000000000000000 RSI: 0000000000000004 RDI: ffff888090b68368 RBP: ffff88809746f480 R08: ffffed1012e8de80 R09: ffffed1012e8de7f R10: ffffed1012e8de7f R11: 0000000000000003 R12: 0000000000000000 R13: 0000000000000000 R14: ffff888090b682c0 R15: ffff88808d8dc280 FS: 00007fd387b46700(0000) GS:ffff8880aeb00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000020000600 CR3: 0000000093169000 CR4: 00000000001406e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400