bisecting cause commit starting from 2de9780f75076c1a1f122cbd39df0fa545284724
building syzkaller on 0a96a13cb96316b8374bb7d8dd0793bcaff166a0
testing commit 2de9780f75076c1a1f122cbd39df0fa545284724 with gcc (GCC) 8.1.0
kernel signature: d4f0dc6bcbf3602e5624383dc74bb7edd44f3120d22e358ceae39b789394436a
all runs: crashed: general protection fault in ethnl_parse_header
testing release v5.5
testing commit d5226fa6dbae0569ee43ecfc08bdcd6770fc4755 with gcc (GCC) 8.1.0
kernel signature: 79e7f9768adaf183d4442457ed89c6b2f4dc3274b78a74c10d3ff8ca54cfe1ac
all runs: OK
# git bisect start 2de9780f75076c1a1f122cbd39df0fa545284724 d5226fa6dbae0569ee43ecfc08bdcd6770fc4755
Bisecting: 5585 revisions left to test after this (roughly 13 steps)
[9f68e3655aae6d49d6ba05dd263f99f33c2567af] Merge tag 'drm-next-2020-01-30' of git://anongit.freedesktop.org/drm/drm
testing commit 9f68e3655aae6d49d6ba05dd263f99f33c2567af with gcc (GCC) 8.1.0
kernel signature: 80a87b916bf613887dc0cd6ea8effec26f2eb21b4c4becfe5cae7ac48319dbc8
all runs: OK
# git bisect good 9f68e3655aae6d49d6ba05dd263f99f33c2567af
Bisecting: 2831 revisions left to test after this (roughly 12 steps)
[469030d454bd1620c7b2651d9ec8cdcbaa74deb9] Merge tag 'armsoc-soc' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc
testing commit 469030d454bd1620c7b2651d9ec8cdcbaa74deb9 with gcc (GCC) 8.1.0
kernel signature: 738e59de76a4b566816632c6e3b89d9705c7e2dd8d8b9c7d5f0d6a48a7bda272
all runs: OK
# git bisect good 469030d454bd1620c7b2651d9ec8cdcbaa74deb9
Bisecting: 1415 revisions left to test after this (roughly 11 steps)
[8743db4a9acfd51f805ac0c87bcaae92c42d1061] bnxt_en: Issue PCIe FLR in kdump kernel to cleanup pending DMAs.
testing commit 8743db4a9acfd51f805ac0c87bcaae92c42d1061 with gcc (GCC) 8.1.0
kernel signature: e45ccd59c972ea5680e2e1934dce3a83c7a3b1a7761656398b32453364e3c1ca
all runs: OK
# git bisect good 8743db4a9acfd51f805ac0c87bcaae92c42d1061
Bisecting: 707 revisions left to test after this (roughly 10 steps)
[249bc9744e165abe74ae326f43e9d70bad54c3b7] net: phy: avoid clearing PHY interrupts twice in irq handler
testing commit 249bc9744e165abe74ae326f43e9d70bad54c3b7 with gcc (GCC) 8.1.0
kernel signature: d937bc94cf43eb32b781d0ea20677b8740be6de3a5e340f131e24b31a9d67254
all runs: OK
# git bisect good 249bc9744e165abe74ae326f43e9d70bad54c3b7
Bisecting: 359 revisions left to test after this (roughly 9 steps)
[61a09258f2e5b48ad0605131cae9a33ce4d01a9d] Merge tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma
testing commit 61a09258f2e5b48ad0605131cae9a33ce4d01a9d with gcc (GCC) 8.1.0
kernel signature: ec0227bdbc8c12eb775a1ec33f6c767333216efe65ca06cde914a83f3571f089
all runs: OK
# git bisect good 61a09258f2e5b48ad0605131cae9a33ce4d01a9d
Bisecting: 213 revisions left to test after this (roughly 8 steps)
[807f030b44ccbb26a346df6f6438628315d9ad98] Merge branch 'fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
testing commit 807f030b44ccbb26a346df6f6438628315d9ad98 with gcc (GCC) 8.1.0
kernel signature: 36337f8d2a08afdff2821289b839af8d9a8082ac582d864706b039e7a3a8038f
all runs: OK
# git bisect good 807f030b44ccbb26a346df6f6438628315d9ad98
Bisecting: 106 revisions left to test after this (roughly 7 steps)
[012fc74517b25177dfede2ed45cd108258564e4a] net: dsa: mv88e6xxx: Add missing mask of ATU occupancy register
testing commit 012fc74517b25177dfede2ed45cd108258564e4a with gcc (GCC) 8.1.0
kernel signature: 68a05d681391edbc116a6592dbedce03646615750e66766aefb05913b9c1a592
all runs: OK
# git bisect good 012fc74517b25177dfede2ed45cd108258564e4a
Bisecting: 57 revisions left to test after this (roughly 6 steps)
[242a6df688dcad7c55105280a79aaff83addf7ce] Merge git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf
testing commit 242a6df688dcad7c55105280a79aaff83addf7ce with gcc (GCC) 8.1.0
kernel signature: 4e5c3a33b630b1cb7b1497f6f8c8bd24426130ed032211c8d38db1de36145a9f
all runs: OK
# git bisect good 242a6df688dcad7c55105280a79aaff83addf7ce
Bisecting: 28 revisions left to test after this (roughly 5 steps)
[173756b86803655d70af7732079b3aa935e6ab68] hsr: use rcu_read_lock() in hsr_get_node_{list/status}()
testing commit 173756b86803655d70af7732079b3aa935e6ab68 with gcc (GCC) 8.1.0
kernel signature: 9c874f8ccf564fa845ca3d2641555b0a1ccac28732de68fb8d2f5481ba960803
all runs: OK
# git bisect good 173756b86803655d70af7732079b3aa935e6ab68
Bisecting: 14 revisions left to test after this (roughly 4 steps)
[065fd83e1be2e1ba0d446a257fd86a3cc7bddb51] net: mvneta: Fix the case where the last poll did not process all rx
testing commit 065fd83e1be2e1ba0d446a257fd86a3cc7bddb51 with gcc (GCC) 8.1.0
kernel signature: 26acb52f23ff445783a55ca8c53f33d480e44e211284712fbfe6200a7b1f0c5c
all runs: crashed: general protection fault in ethnl_parse_header
# git bisect bad 065fd83e1be2e1ba0d446a257fd86a3cc7bddb51
Bisecting: 6 revisions left to test after this (roughly 3 steps)
[2363d73a2f3e92787f336721c40918ba2eb0c74c] ethtool: reject unrecognized request flags
testing commit 2363d73a2f3e92787f336721c40918ba2eb0c74c with gcc (GCC) 8.1.0
kernel signature: 98c51c764c0dcbf2d6e818601f9b06cadf0256e08c32a9a3411a8e391d4948b7
all runs: crashed: general protection fault in ethnl_parse_header
# git bisect bad 2363d73a2f3e92787f336721c40918ba2eb0c74c
Bisecting: 3 revisions left to test after this (roughly 2 steps)
[4ae649e8879d5a96b0ce104c8eae6563c6f368a1] Merge branch 'hsr-fix-several-bugs-in-generic-netlink-callback'
testing commit 4ae649e8879d5a96b0ce104c8eae6563c6f368a1 with gcc (GCC) 8.1.0
kernel signature: 3c75e186d5c312323c63cfe54626c70d13178284e84713c61d92179e572baee7
all runs: OK
# git bisect good 4ae649e8879d5a96b0ce104c8eae6563c6f368a1
Bisecting: 1 revision left to test after this (roughly 1 step)
[fe2a31d790f81bd14a76de3d3b87f4f1362f60cd] netlink: allow extack cookie also for error messages
testing commit fe2a31d790f81bd14a76de3d3b87f4f1362f60cd with gcc (GCC) 8.1.0
kernel signature: 7fa990746991765bfb913b2c4e88b8a6a65607aeedfdef60ff5a85ba02c8a296
all runs: OK
# git bisect good fe2a31d790f81bd14a76de3d3b87f4f1362f60cd
Bisecting: 0 revisions left to test after this (roughly 0 steps)
[f1388ec4a144f40348321a0915c5535d623e165c] netlink: add nl_set_extack_cookie_u32()
testing commit f1388ec4a144f40348321a0915c5535d623e165c with gcc (GCC) 8.1.0
kernel signature: c0506245f2d961583c2781fd3fed3677e40acedced9d863842d6b46146aaba17
run #0: OK
run #1: OK
run #2: OK
run #3: OK
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: boot failed: can't ssh into the instance
# git bisect good f1388ec4a144f40348321a0915c5535d623e165c
2363d73a2f3e92787f336721c40918ba2eb0c74c is the first bad commit
commit 2363d73a2f3e92787f336721c40918ba2eb0c74c
Author: Michal Kubecek <mkubecek@suse.cz>
Date:   Sun Mar 15 18:17:53 2020 +0100

    ethtool: reject unrecognized request flags
    
    As pointed out by Jakub Kicinski, we ethtool netlink code should respond
    with an error if request head has flags set which are not recognized by
    kernel, either as a mistake or because it expects functionality introduced
    in later kernel versions.
    
    To avoid unnecessary roundtrips, use extack cookie to provide the
    information about supported request flags.
    
    Signed-off-by: Michal Kubecek <mkubecek@suse.cz>
    Signed-off-by: David S. Miller <davem@davemloft.net>

 net/ethtool/netlink.c | 16 ++++++++++++----
 1 file changed, 12 insertions(+), 4 deletions(-)
culprit signature: 98c51c764c0dcbf2d6e818601f9b06cadf0256e08c32a9a3411a8e391d4948b7
parent  signature: c0506245f2d961583c2781fd3fed3677e40acedced9d863842d6b46146aaba17
revisions tested: 16, total time: 4h16m10.770775221s (build: 1h45m22.946836529s, test: 2h29m34.424601446s)
first bad commit: 2363d73a2f3e92787f336721c40918ba2eb0c74c ethtool: reject unrecognized request flags
cc: ["davem@davemloft.net" "kuba@kernel.org" "linux-kernel@vger.kernel.org" "mkubecek@suse.cz" "netdev@vger.kernel.org"]
crash: general protection fault in ethnl_parse_header
general protection fault, probably for non-canonical address 0xdffffc0000000002: 0000 [#1] PREEMPT SMP KASAN
KASAN: null-ptr-deref in range [0x0000000000000010-0x0000000000000017]
CPU: 0 PID: 8591 Comm: syz-executor.4 Not tainted 5.6.0-rc5-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:ethnl_parse_header+0x45f/0x790 include/linux/string.h:381
Code: f9 48 c1 e9 03 80 3c 11 00 0f 85 19 03 00 00 49 89 44 24 08 49 8d 7c 24 10 48 ba 00 00 00 00 00 fc ff df 48 89 f8 48 c1 e8 03 <0f> b6 0c 10 49 8d 44 24 13 48 89 c6 48 c1 ee 03 0f b6 14 16 48 89
RSP: 0018:ffffc90002ae74e8 EFLAGS: 00010202
RAX: 0000000000000002 RBX: 1ffff9200055ce9f RCX: 0000000000000000
RDX: dffffc0000000000 RSI: 0000000000000000 RDI: 0000000000000010
RBP: ffff8880966447c0 R08: 0000000000000003 R09: 0000000000000008
R10: 1ffff9200055ce89 R11: dffffc0000000000 R12: 0000000000000000
R13: 0000000000000006 R14: ffff8880956da080 R15: ffff8880a8e56048
FS:  00007f1d4547d700(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000000004d7ec8 CR3: 00000000a7f7e000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 ethnl_default_parse+0x186/0x2b0 net/ethtool/netlink.c:264
 ethnl_default_start+0x1d3/0x4a0 net/ethtool/netlink.c:492
 __netlink_dump_start+0x4c4/0x820 net/netlink/af_netlink.c:2343
 genl_family_rcv_msg_dumpit net/netlink/genetlink.c:630 [inline]
 genl_family_rcv_msg net/netlink/genetlink.c:715 [inline]
 genl_rcv_msg+0x940/0xf30 net/netlink/genetlink.c:735
 netlink_rcv_skb+0x119/0x340 net/netlink/af_netlink.c:2469
 genl_rcv+0x1f/0x30 net/netlink/genetlink.c:746
 netlink_unicast_kernel net/netlink/af_netlink.c:1303 [inline]
 netlink_unicast+0x434/0x630 net/netlink/af_netlink.c:1329
 netlink_sendmsg+0x714/0xc60 net/netlink/af_netlink.c:1918
 sock_sendmsg_nosec net/socket.c:652 [inline]
 sock_sendmsg+0xac/0xe0 net/socket.c:672
 ____sys_sendmsg+0x54e/0x750 net/socket.c:2343
 ___sys_sendmsg+0xe4/0x160 net/socket.c:2397
 __sys_sendmsg+0xce/0x170 net/socket.c:2430
 do_syscall_64+0xc6/0x620 arch/x86/entry/common.c:294
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x45c849
Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007f1d4547cc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00007f1d4547d6d4 RCX: 000000000045c849
RDX: 0000000000000000 RSI: 0000000020006440 RDI: 0000000000000003
RBP: 000000000076bf00 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
R13: 0000000000000900 R14: 00000000004d55f8 R15: 000000000076bf0c
Modules linked in:
---[ end trace b61168b8a45a7a48 ]---
RIP: 0010:ethnl_parse_header+0x45f/0x790 include/linux/string.h:381
Code: f9 48 c1 e9 03 80 3c 11 00 0f 85 19 03 00 00 49 89 44 24 08 49 8d 7c 24 10 48 ba 00 00 00 00 00 fc ff df 48 89 f8 48 c1 e8 03 <0f> b6 0c 10 49 8d 44 24 13 48 89 c6 48 c1 ee 03 0f b6 14 16 48 89
RSP: 0018:ffffc90002ae74e8 EFLAGS: 00010202
RAX: 0000000000000002 RBX: 1ffff9200055ce9f RCX: 0000000000000000
RDX: dffffc0000000000 RSI: 0000000000000000 RDI: 0000000000000010
RBP: ffff8880966447c0 R08: 0000000000000003 R09: 0000000000000008
R10: 1ffff9200055ce89 R11: dffffc0000000000 R12: 0000000000000000
R13: 0000000000000006 R14: ffff8880956da080 R15: ffff8880a8e56048
FS:  00007f1d4547d700(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f1b1d5c4000 CR3: 00000000a7f7e000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400