bisecting cause commit starting from a58741ef1e4a3b2721ea7102f21d5e9f88f7d090 building syzkaller on 0a96a13cb96316b8374bb7d8dd0793bcaff166a0 testing commit a58741ef1e4a3b2721ea7102f21d5e9f88f7d090 with gcc (GCC) 8.1.0 kernel signature: e39a97f6a674b44f0a43fd82524fb7c0be5a6f08c80f9d810a16fac04da458fb all runs: crashed: general protection fault in do_tcp_getsockopt testing release v5.5 testing commit d5226fa6dbae0569ee43ecfc08bdcd6770fc4755 with gcc (GCC) 8.1.0 kernel signature: fc07fa525a865a7e3ae8d36f00897843cfd39bd496ef258c809df4c9f170204c all runs: OK # git bisect start a58741ef1e4a3b2721ea7102f21d5e9f88f7d090 d5226fa6dbae0569ee43ecfc08bdcd6770fc4755 Bisecting: 7000 revisions left to test after this (roughly 13 steps) [9f68e3655aae6d49d6ba05dd263f99f33c2567af] Merge tag 'drm-next-2020-01-30' of git://anongit.freedesktop.org/drm/drm testing commit 9f68e3655aae6d49d6ba05dd263f99f33c2567af with gcc (GCC) 8.1.0 kernel signature: a20bc984d338005cf8906fea1a3e05f993dab0137082c3f3d63b5426b693dfa9 all runs: OK # git bisect good 9f68e3655aae6d49d6ba05dd263f99f33c2567af Bisecting: 3569 revisions left to test after this (roughly 12 steps) [1afa9c3b7c9bdcb562e2afe9f58cc99d0b071cdc] Merge tag 'armsoc-dt' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc testing commit 1afa9c3b7c9bdcb562e2afe9f58cc99d0b071cdc with gcc (GCC) 8.1.0 kernel signature: 0b17cd3134fa6f2c4e3c7911be664ca226da5bc400d269b07d457a7131f1c187 all runs: OK # git bisect good 1afa9c3b7c9bdcb562e2afe9f58cc99d0b071cdc Bisecting: 1781 revisions left to test after this (roughly 11 steps) [61a09258f2e5b48ad0605131cae9a33ce4d01a9d] Merge tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma testing commit 61a09258f2e5b48ad0605131cae9a33ce4d01a9d with gcc (GCC) 8.1.0 kernel signature: 317cbf90afde3e9976fc9f5063e78284fadbff85bdf03c7da848802220d1eab9 all runs: OK # git bisect good 61a09258f2e5b48ad0605131cae9a33ce4d01a9d Bisecting: 837 revisions left to test after this (roughly 10 steps) [a368e860adb14f7496033051c1712dfd214f6cb1] Merge tag 'wireless-drivers-next-2020-03-05' of git://git.kernel.org/pub/scm/linux/kernel/git/kvalo/wireless-drivers-next testing commit a368e860adb14f7496033051c1712dfd214f6cb1 with gcc (GCC) 8.1.0 kernel signature: c44292ac1d9a1531592091c0434f615590e9dacf1f49eb6df9e752629ff823a6 all runs: crashed: general protection fault in do_tcp_getsockopt # git bisect bad a368e860adb14f7496033051c1712dfd214f6cb1 Bisecting: 471 revisions left to test after this (roughly 9 steps) [165b94ffcf8ef8165654df70f9f1c534797217cb] Merge tag 'mlx5-updates-2020-02-25' of git://git.kernel.org/pub/scm/linux/kernel/git/saeed/linux testing commit 165b94ffcf8ef8165654df70f9f1c534797217cb with gcc (GCC) 8.1.0 kernel signature: 5710a1a18dad98bb1e4ec31214e4cc95602098a493abb5db71c3dc9cfe6a0d5a run #0: crashed: general protection fault in do_tcp_getsockopt run #1: crashed: general protection fault in do_tcp_getsockopt run #2: crashed: general protection fault in do_tcp_getsockopt run #3: crashed: general protection fault in do_tcp_getsockopt run #4: crashed: general protection fault in do_tcp_getsockopt run #5: crashed: general protection fault in do_tcp_getsockopt run #6: crashed: general protection fault in do_tcp_getsockopt run #7: crashed: general protection fault in do_tcp_getsockopt run #8: crashed: general protection fault in do_tcp_getsockopt run #9: boot failed: can't ssh into the instance # git bisect bad 165b94ffcf8ef8165654df70f9f1c534797217cb Bisecting: 233 revisions left to test after this (roughly 8 steps) [a5ebfe12a7e6266a2738196e9e7fa5f56aa49038] Merge branch '1GbE' of git://git.kernel.org/pub/scm/linux/kernel/git/jkirsher/next-queue testing commit a5ebfe12a7e6266a2738196e9e7fa5f56aa49038 with gcc (GCC) 8.1.0 kernel signature: 52b327d4abd7cadd73e5f53e67842d6cc07b5a0706b4e6751e8f8cf6bce7787a run #0: crashed: general protection fault in do_tcp_getsockopt run #1: crashed: general protection fault in do_tcp_getsockopt run #2: crashed: general protection fault in do_tcp_getsockopt run #3: crashed: general protection fault in do_tcp_getsockopt run #4: crashed: general protection fault in do_tcp_getsockopt run #5: crashed: general protection fault in do_tcp_getsockopt run #6: crashed: general protection fault in do_tcp_getsockopt run #7: crashed: general protection fault in do_tcp_getsockopt run #8: crashed: general protection fault in do_tcp_getsockopt run #9: boot failed: can't ssh into the instance # git bisect bad a5ebfe12a7e6266a2738196e9e7fa5f56aa49038 Bisecting: 118 revisions left to test after this (roughly 7 steps) [23a1a0b391a7b8fed848d907885156321b4afbf8] mlxsw: spectrum_switchdev: Propagate extack to bridge creation function testing commit 23a1a0b391a7b8fed848d907885156321b4afbf8 with gcc (GCC) 8.1.0 kernel signature: 5660b3db5e0a665ed3235fd87133473527804551c6d20b8b87a5ee2cd0f7ae8d all runs: crashed: general protection fault in do_tcp_getsockopt # git bisect bad 23a1a0b391a7b8fed848d907885156321b4afbf8 Bisecting: 59 revisions left to test after this (roughly 6 steps) [8cdfa25625cad99fdfbcefa4c32f9240361764ef] net: phylink: remove pause mode ethtool setting for fixed links testing commit 8cdfa25625cad99fdfbcefa4c32f9240361764ef with gcc (GCC) 8.1.0 kernel signature: fe30ce99c86834c8e02ae74c27a8a1ea5baaec5ce51427d70c95299de3650776 all runs: crashed: general protection fault in do_tcp_getsockopt # git bisect bad 8cdfa25625cad99fdfbcefa4c32f9240361764ef Bisecting: 29 revisions left to test after this (roughly 5 steps) [f93d6b21a93ceb02140eafd84e4fd77f5d00180a] ieee80211: fix 'the' doubling in comments testing commit f93d6b21a93ceb02140eafd84e4fd77f5d00180a with gcc (GCC) 8.1.0 kernel signature: 6b1d457234c1cff8304d916b652a5a14bbf09e89f6dcc8623c656f4b228ab77c all runs: OK # git bisect good f93d6b21a93ceb02140eafd84e4fd77f5d00180a Bisecting: 14 revisions left to test after this (roughly 4 steps) [c8856c051454909e5059df4e81c77b9c366c5515] tcp-zerocopy: Return inq along with tcp receive zerocopy. testing commit c8856c051454909e5059df4e81c77b9c366c5515 with gcc (GCC) 8.1.0 kernel signature: 4ecdbc34b20a419b64ad346cbd9c276268844249146f3745eae33d37b00f6acd all runs: crashed: general protection fault in do_tcp_getsockopt # git bisect bad c8856c051454909e5059df4e81c77b9c366c5515 Bisecting: 7 revisions left to test after this (roughly 3 steps) [1f6e0baa703d31002c312c3e423c108b04325df0] mac80211: allow setting queue_len for drivers not using wake_tx_queue testing commit 1f6e0baa703d31002c312c3e423c108b04325df0 with gcc (GCC) 8.1.0 kernel signature: 787b7984db285204c2cc8a2b86225a3ab2a591ac47469c92e186b43de8844f79 all runs: OK # git bisect good 1f6e0baa703d31002c312c3e423c108b04325df0 Bisecting: 3 revisions left to test after this (roughly 2 steps) [ddb535a6a04edf4b9053956ab3adc4f4eb7f945c] Merge tag 'mac80211-next-for-net-next-2020-02-14' of git://git.kernel.org/pub/scm/linux/kernel/git/jberg/mac80211-next testing commit ddb535a6a04edf4b9053956ab3adc4f4eb7f945c with gcc (GCC) 8.1.0 kernel signature: abcf463ddc2fb1ac8e4af35311b7fec4c6a2ad9fdb0085493131ec7798726837 all runs: OK # git bisect good ddb535a6a04edf4b9053956ab3adc4f4eb7f945c Bisecting: 1 revision left to test after this (roughly 1 step) [9de9f7d1cb143770e3e0faa8e35694922eb3066e] tools: testing: vsock: Test when server is bound but not listening testing commit 9de9f7d1cb143770e3e0faa8e35694922eb3066e with gcc (GCC) 8.1.0 kernel signature: d74e22edd613f143747d14c113b5d9978186f2037f7b5c37276295e8ba33813b all runs: OK # git bisect good 9de9f7d1cb143770e3e0faa8e35694922eb3066e Bisecting: 0 revisions left to test after this (roughly 0 steps) [8c8da5b8eaf80b9958de96cce189abd4bd1aaff1] Merge branch 'Enhance-virtio-vsock-connection-semantics' testing commit 8c8da5b8eaf80b9958de96cce189abd4bd1aaff1 with gcc (GCC) 8.1.0 kernel signature: 706f34513e276a96dbe983615fcddbf4e7b1bfce0c27f78959ad22cd3632ea9d all runs: OK # git bisect good 8c8da5b8eaf80b9958de96cce189abd4bd1aaff1 c8856c051454909e5059df4e81c77b9c366c5515 is the first bad commit commit c8856c051454909e5059df4e81c77b9c366c5515 Author: Arjun Roy Date: Fri Feb 14 15:30:49 2020 -0800 tcp-zerocopy: Return inq along with tcp receive zerocopy. This patchset is intended to reduce the number of extra system calls imposed by TCP receive zerocopy. For ping-pong RPC style workloads, this patchset has demonstrated a system call reduction of about 30% when coupled with userspace changes. For applications using edge-triggered epoll, returning inq along with the result of tcp receive zerocopy could remove the need to call recvmsg()=-EAGAIN after a successful zerocopy. Generally speaking, since normally we would need to perform a recvmsg() call for every successful small RPC read via TCP receive zerocopy, returning inq can reduce the number of system calls performed by approximately half. Signed-off-by: Arjun Roy Signed-off-by: Eric Dumazet Signed-off-by: Soheil Hassas Yeganeh Signed-off-by: David S. Miller include/uapi/linux/tcp.h | 1 + net/ipv4/tcp.c | 15 ++++++++++++++- 2 files changed, 15 insertions(+), 1 deletion(-) culprit signature: 4ecdbc34b20a419b64ad346cbd9c276268844249146f3745eae33d37b00f6acd parent signature: 706f34513e276a96dbe983615fcddbf4e7b1bfce0c27f78959ad22cd3632ea9d revisions tested: 16, total time: 4h10m23.187806304s (build: 1h53m5.913165308s, test: 2h15m23.572238377s) first bad commit: c8856c051454909e5059df4e81c77b9c366c5515 tcp-zerocopy: Return inq along with tcp receive zerocopy. cc: ["arjunroy@google.com" "davem@davemloft.net" "edumazet@google.com" "soheil@google.com"] crash: general protection fault in do_tcp_getsockopt general protection fault, probably for non-canonical address 0xdffffc000000000e: 0000 [#1] PREEMPT SMP KASAN KASAN: null-ptr-deref in range [0x0000000000000070-0x0000000000000077] CPU: 1 PID: 8425 Comm: syz-executor.1 Not tainted 5.6.0-rc1-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:tcp_zerocopy_receive net/ipv4/tcp.c:1788 [inline] RIP: 0010:do_tcp_getsockopt.isra.50+0x1f57/0x2c40 net/ipv4/tcp.c:3677 Code: c0 74 08 3c 03 0f 8e ac 07 00 00 44 8b bd 38 fd ff ff 45 2b 7c 24 28 44 89 bd 90 fd ff ff 49 8d 7c 24 70 48 89 fa 48 c1 ea 03 <0f> b6 14 0a 84 d2 74 09 80 fa 03 0f 8e 23 08 00 00 45 8b 74 24 70 RSP: 0018:ffffc90007667b00 EFLAGS: 00010202 RAX: 0000000000000000 RBX: 0000000000000000 RCX: dffffc0000000000 RDX: 000000000000000e RSI: 0000000000000000 RDI: 0000000000000070 RBP: ffffc90007667df0 R08: ffffed101305cb68 R09: ffffed101305cb68 R10: ffffed101305cb67 R11: ffff8880982e5b3f R12: 0000000000000000 R13: 0000000000000000 R14: ffff88809e400bc0 R15: 0000000000eccf80 FS: 00007fdea8cce700(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000020000080 CR3: 00000000927fb000 CR4: 00000000001406e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: __sys_getsockopt+0x114/0x280 net/socket.c:2175 __do_sys_getsockopt net/socket.c:2190 [inline] __se_sys_getsockopt net/socket.c:2187 [inline] __x64_sys_getsockopt+0xb5/0x150 net/socket.c:2187 do_syscall_64+0xc6/0x5e0 arch/x86/entry/common.c:294 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x45c849 Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007fdea8ccdc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000037 RAX: ffffffffffffffda RBX: 00007fdea8cce6d4 RCX: 000000000045c849 RDX: 0000000000000023 RSI: 0000000000000006 RDI: 0000000000000003 RBP: 000000000076bf00 R08: 00000000200000c0 R09: 0000000000000000 R10: 0000000020000000 R11: 0000000000000246 R12: 00000000ffffffff R13: 00000000000001d6 R14: 00000000004d2e68 R15: 000000000076bf0c Modules linked in: ---[ end trace 6938e4247e6c9f08 ]--- RIP: 0010:tcp_zerocopy_receive net/ipv4/tcp.c:1788 [inline] RIP: 0010:do_tcp_getsockopt.isra.50+0x1f57/0x2c40 net/ipv4/tcp.c:3677 Code: c0 74 08 3c 03 0f 8e ac 07 00 00 44 8b bd 38 fd ff ff 45 2b 7c 24 28 44 89 bd 90 fd ff ff 49 8d 7c 24 70 48 89 fa 48 c1 ea 03 <0f> b6 14 0a 84 d2 74 09 80 fa 03 0f 8e 23 08 00 00 45 8b 74 24 70 RSP: 0018:ffffc90007667b00 EFLAGS: 00010202 RAX: 0000000000000000 RBX: 0000000000000000 RCX: dffffc0000000000 RDX: 000000000000000e RSI: 0000000000000000 RDI: 0000000000000070 RBP: ffffc90007667df0 R08: ffffed101305cb68 R09: ffffed101305cb68 R10: ffffed101305cb67 R11: ffff8880982e5b3f R12: 0000000000000000 R13: 0000000000000000 R14: ffff88809e400bc0 R15: 0000000000eccf80 FS: 00007fdea8cce700(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000020000080 CR3: 00000000927fb000 CR4: 00000000001406e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400