bisecting cause commit starting from def9d2780727cec3313ed3522d0123158d87224d
building syzkaller on 0342f8c7bc656ea8ee3c45e49edeb4ee9cc12cce
testing commit def9d2780727cec3313ed3522d0123158d87224d with gcc (GCC) 8.1.0
kernel signature: 401d23b97f9e03069e5faf31e7473924f8109c7f
all runs: crashed: KASAN: slab-out-of-bounds Read in bitmap_ipmac_gc
testing release v5.4
testing commit 219d54332a09e8d8741c1e1982f5eae56099de85 with gcc (GCC) 8.1.0
kernel signature: 2a2c7fbadfeb4ac97807799fad823a8d5e99d3a9
all runs: crashed: KASAN: slab-out-of-bounds Read in bitmap_ipmac_gc
testing release v5.3
testing commit 4d856f72c10ecb060868ed10ff1b1453943fc6c8 with gcc (GCC) 8.1.0
kernel signature: 04c11acaa1b736100b05b5cd37b6eb4e00f45ddd
all runs: crashed: KASAN: slab-out-of-bounds Read in bitmap_ipmac_gc
testing release v5.2
testing commit 0ecfebd2b52404ae0c54a878c872bb93363ada36 with gcc (GCC) 8.1.0
kernel signature: 74a62f082b9f8c23b18d664e33248f8d74622c6b
all runs: OK
# git bisect start 4d856f72c10ecb060868ed10ff1b1453943fc6c8 0ecfebd2b52404ae0c54a878c872bb93363ada36
Bisecting: 7848 revisions left to test after this (roughly 13 steps)
[43c95d3694cc448fdf50bd53b7ff3a5bb4655883] Merge tag 'pinctrl-v5.3-1' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl
testing commit 43c95d3694cc448fdf50bd53b7ff3a5bb4655883 with gcc (GCC) 8.1.0
kernel signature: e9ba9257fe176626117b2e62f98783e5e45047fe
all runs: crashed: KASAN: slab-out-of-bounds Read in bitmap_ipmac_gc
# git bisect bad 43c95d3694cc448fdf50bd53b7ff3a5bb4655883
Bisecting: 4619 revisions left to test after this (roughly 12 steps)
[8f6ccf6159aed1f04c6d179f61f6fb2691261e84] Merge tag 'clone3-v5.3' of git://git.kernel.org/pub/scm/linux/kernel/git/brauner/linux
testing commit 8f6ccf6159aed1f04c6d179f61f6fb2691261e84 with gcc (GCC) 8.1.0
kernel signature: 1ab3b016c63820144f6f911849a2e59a5c3f4a79
all runs: OK
# git bisect good 8f6ccf6159aed1f04c6d179f61f6fb2691261e84
Bisecting: 2306 revisions left to test after this (roughly 11 steps)
[753c8d9b7d81206bb5d011b28abe829d364b028e] Merge branch 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
testing commit 753c8d9b7d81206bb5d011b28abe829d364b028e with gcc (GCC) 8.1.0
kernel signature: 13d4f59fbf6cadb8f700883f42d901569ca78ad2
run #0: crashed: general protection fault in send_hsr_supervision_frame
run #1: OK
run #2: OK
run #3: OK
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
# git bisect bad 753c8d9b7d81206bb5d011b28abe829d364b028e
Bisecting: 1156 revisions left to test after this (roughly 10 steps)
[2f9b0d93a9d3ec64558537ab5d7cff820886afa4] net: ethernet: ti: cpsw: Fix suspend/resume break
testing commit 2f9b0d93a9d3ec64558537ab5d7cff820886afa4 with gcc (GCC) 8.1.0
kernel signature: dd6fc3c15eb4361085042a68c728a89e253d4d67
all runs: OK
# git bisect good 2f9b0d93a9d3ec64558537ab5d7cff820886afa4
Bisecting: 578 revisions left to test after this (roughly 9 steps)
[354d0fab649d47045517cf7cae03d653a4dcb3b8] net: hns3: add default value for tc_size and tc_offset
testing commit 354d0fab649d47045517cf7cae03d653a4dcb3b8 with gcc (GCC) 8.1.0
kernel signature: dad5f6705738709648bed13c135cdaa30e426bd7
all runs: OK
# git bisect good 354d0fab649d47045517cf7cae03d653a4dcb3b8
Bisecting: 289 revisions left to test after this (roughly 8 steps)
[52c0609258658ff35b85c654c568a50abd602ac6] bnxt_en: rename some xdp functions
testing commit 52c0609258658ff35b85c654c568a50abd602ac6 with gcc (GCC) 8.1.0
kernel signature: d25591894bac566e71d2cb9309688b8ac4302044
all runs: OK
# git bisect good 52c0609258658ff35b85c654c568a50abd602ac6
Bisecting: 169 revisions left to test after this (roughly 7 steps)
[e858faf556d4e14c750ba1e8852783c6f9520a0e] tcp: Reset bytes_acked and bytes_received when disconnecting
testing commit e858faf556d4e14c750ba1e8852783c6f9520a0e with gcc (GCC) 8.1.0
kernel signature: ee175c337099d9f2e647d00d39fd41d78dae2283
run #0: crashed: general protection fault in send_hsr_supervision_frame
run #1: crashed: general protection fault in send_hsr_supervision_frame
run #2: crashed: general protection fault in send_hsr_supervision_frame
run #3: crashed: general protection fault in send_hsr_supervision_frame
run #4: crashed: general protection fault in send_hsr_supervision_frame
run #5: crashed: general protection fault in send_hsr_supervision_frame
run #6: OK
run #7: OK
run #8: OK
run #9: OK
# git bisect bad e858faf556d4e14c750ba1e8852783c6f9520a0e
Bisecting: 59 revisions left to test after this (roughly 6 steps)
[3d26eb8ad1e9b906433903ce05f775cf038e747f] net: bridge: don't cache ether dest pointer on input
testing commit 3d26eb8ad1e9b906433903ce05f775cf038e747f with gcc (GCC) 8.1.0
kernel signature: 1eea47cf988b4f479646f1d464212eb667a21d56
all runs: OK
# git bisect good 3d26eb8ad1e9b906433903ce05f775cf038e747f
Bisecting: 30 revisions left to test after this (roughly 5 steps)
[9d1bc24b52fb8c5d859f9a47084bf1179470e04c] bonding: validate ip header before check IPPROTO_IGMP
testing commit 9d1bc24b52fb8c5d859f9a47084bf1179470e04c with gcc (GCC) 8.1.0
kernel signature: 016405c89f81dd1b12b6234430367bd9cd4b733c
run #0: crashed: general protection fault in batadv_iv_ogm_queue_add
run #1: OK
run #2: OK
run #3: OK
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
# git bisect bad 9d1bc24b52fb8c5d859f9a47084bf1179470e04c
Bisecting: 14 revisions left to test after this (roughly 4 steps)
[455302d1c9ae9318660aaeb9748a01ff414c9741] xdp: fix hang while unregistering device bound to xdp socket
testing commit 455302d1c9ae9318660aaeb9748a01ff414c9741 with gcc (GCC) 8.1.0
kernel signature: 79b806393c2bca40af1746f58304d870e63da902
all runs: OK
# git bisect good 455302d1c9ae9318660aaeb9748a01ff414c9741
Bisecting: 7 revisions left to test after this (roughly 3 steps)
[78226f6eaac80bf30256a33a4926c194ceefdf36] net: usb: asix: init MAC address buffers
testing commit 78226f6eaac80bf30256a33a4926c194ceefdf36 with gcc (GCC) 8.1.0
kernel signature: 8a90541637f5a1e65d899cbe246219787b29bd53
all runs: OK
# git bisect good 78226f6eaac80bf30256a33a4926c194ceefdf36
Bisecting: 3 revisions left to test after this (roughly 2 steps)
[9fae54186c64db6faec85c194812fb2e5e970f77] r8152: move calling r8153b_rx_agg_chg_indicate()
testing commit 9fae54186c64db6faec85c194812fb2e5e970f77 with gcc (GCC) 8.1.0
kernel signature: 06bc096aaf2427ea87f3c508120a8c2faa3c6913
all runs: OK
# git bisect good 9fae54186c64db6faec85c194812fb2e5e970f77
Bisecting: 1 revision left to test after this (roughly 1 step)
[0d581ba311a27762fe1a14e5db5f65d225b3d844] net: hns: add support for vlan TSO
testing commit 0d581ba311a27762fe1a14e5db5f65d225b3d844 with gcc (GCC) 8.1.0
kernel signature: 83d3db231a42b2199e89f75dadb6d3f7e7cad19f
run #0: crashed: general protection fault in batadv_iv_ogm_queue_add
run #1: OK
run #2: OK
run #3: OK
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
# git bisect bad 0d581ba311a27762fe1a14e5db5f65d225b3d844
Bisecting: 0 revisions left to test after this (roughly 0 steps)
[7af033010214f2c7cff31147d8970484d46cc14c] sctp: count data bundling sack chunk for outctrlchunks
testing commit 7af033010214f2c7cff31147d8970484d46cc14c with gcc (GCC) 8.1.0
kernel signature: 2cd57229b498c7c40d21cb8cfdf93481c8deb9d3
all runs: OK
# git bisect good 7af033010214f2c7cff31147d8970484d46cc14c
0d581ba311a27762fe1a14e5db5f65d225b3d844 is the first bad commit
commit 0d581ba311a27762fe1a14e5db5f65d225b3d844
Author: Yonglong Liu <liuyonglong@huawei.com>
Date:   Wed Jul 3 19:12:30 2019 +0800

    net: hns: add support for vlan TSO
    
    The hip07 chip support vlan TSO, this patch adds NETIF_F_TSO
    and NETIF_F_TSO6 flags to vlan_features to improve the
    performance after adding vlan to the net ports.
    
    Signed-off-by: Yonglong Liu <liuyonglong@huawei.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>

 drivers/net/ethernet/hisilicon/hns/hns_enet.c | 1 +
 1 file changed, 1 insertion(+)
culprit signature: 83d3db231a42b2199e89f75dadb6d3f7e7cad19f
parent  signature: 2cd57229b498c7c40d21cb8cfdf93481c8deb9d3
revisions tested: 18, total time: 4h51m46.072536854s (build: 1h59m9.510322922s, test: 2h50m49.556607099s)
first bad commit: 0d581ba311a27762fe1a14e5db5f65d225b3d844 net: hns: add support for vlan TSO
cc: ["davem@davemloft.net" "linux-kernel@vger.kernel.org" "lipeng321@huawei.com" "liuyonglong@huawei.com" "netdev@vger.kernel.org" "salil.mehta@huawei.com" "shuliubin@huawei.com" "tglx@linutronix.de" "yisen.zhuang@huawei.com"]
crash: general protection fault in batadv_iv_ogm_queue_add
kasan: CONFIG_KASAN_INLINE enabled
kasan: GPF could be caused by NULL-ptr deref or user memory access
general protection fault: 0000 [#1] PREEMPT SMP KASAN
CPU: 1 PID: 29675 Comm: kworker/u4:0 Not tainted 5.2.0-rc6-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: bat_events batadv_iv_send_outstanding_bat_ogm_packet
RIP: 0010:batadv_iv_ogm_queue_add+0x9b/0xe50 net/batman-adv/bat_iv_ogm.c:599
Code: 44 89 8d 64 ff ff ff c7 02 f1 f1 f1 f1 c7 42 04 04 f2 f2 f2 48 89 fa 65 48 8b 0c 25 28 00 00 00 48 89 4d d0 31 c9 48 c1 ea 03 <0f> b6 04 02 48 89 fa 83 e2 07 38 d0 7f 08 84 c0 0f 85 a2 0b 00 00
RSP: 0018:ffff8880a367fab8 EFLAGS: 00010246
RAX: dffffc0000000000 RBX: ffff8880928ade80 RCX: 0000000000000000
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
RBP: ffff8880a367fbd0 R08: ffff888077028780 R09: 0000000000000001
R10: ffffed10146cff8f R11: 0000000000000003 R12: 0000000000000007
R13: ffff8880770287a8 R14: ffff888077028780 R15: 000000000000003c
FS:  0000000000000000(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ffe3fc5ec4c CR3: 0000000096a91000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 batadv_iv_ogm_schedule+0xb60/0xe90 net/batman-adv/bat_iv_ogm.c:807
 batadv_iv_send_outstanding_bat_ogm_packet+0x4a2/0x790 net/batman-adv/bat_iv_ogm.c:1669
 process_one_work+0x830/0x16a0 kernel/workqueue.c:2269
 worker_thread+0x85/0xb60 kernel/workqueue.c:2415
 kthread+0x324/0x3e0 kernel/kthread.c:255
 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:352
Modules linked in:
---[ end trace 5aff19d3db54c117 ]---
RIP: 0010:batadv_iv_ogm_queue_add+0x9b/0xe50 net/batman-adv/bat_iv_ogm.c:599
Code: 44 89 8d 64 ff ff ff c7 02 f1 f1 f1 f1 c7 42 04 04 f2 f2 f2 48 89 fa 65 48 8b 0c 25 28 00 00 00 48 89 4d d0 31 c9 48 c1 ea 03 <0f> b6 04 02 48 89 fa 83 e2 07 38 d0 7f 08 84 c0 0f 85 a2 0b 00 00
RSP: 0018:ffff8880a367fab8 EFLAGS: 00010246
RAX: dffffc0000000000 RBX: ffff8880928ade80 RCX: 0000000000000000
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
RBP: ffff8880a367fbd0 R08: ffff888077028780 R09: 0000000000000001
R10: ffffed10146cff8f R11: 0000000000000003 R12: 0000000000000007
R13: ffff8880770287a8 R14: ffff888077028780 R15: 000000000000003c
FS:  0000000000000000(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffffffff600400 CR3: 0000000096a91000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400