bisecting fixing commit since a99163e9e708d5d773b7de6da952fcddc341f977 building syzkaller on c26fb06b75e80ff45e13dc5cc575c8490c44411d testing commit a99163e9e708d5d773b7de6da952fcddc341f977 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: 6811cb4d0e13c2cffa7912d12a18c04e168d2cf08ca986316e9ff02cc2778e99 all runs: crashed: general protection fault in xfrm_user_rcv_msg_compat testing current HEAD 27151f177827d478508e756c7657273261aaf8a9 testing commit 27151f177827d478508e756c7657273261aaf8a9 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: b9d76446b36577ac3d7bf9d123456a95ff0d598c42c028c1acb6ab25ecb9ddab all runs: OK # git bisect start 27151f177827d478508e756c7657273261aaf8a9 a99163e9e708d5d773b7de6da952fcddc341f977 Bisecting: 24194 revisions left to test after this (roughly 15 steps) [61c0cb8ae7943b4fad5d62213c1748f1a07fe594] Merge tag 'drm-misc-next-fixes-2021-06-18' of git://anongit.freedesktop.org/drm/drm-misc into drm-next testing commit 61c0cb8ae7943b4fad5d62213c1748f1a07fe594 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: c9d31d9436fc8c3ae19a58483bb484e715f9c96f4b54729d203b6e6f1f2bd7b7 all runs: crashed: general protection fault in xfrm_user_rcv_msg_compat # git bisect good 61c0cb8ae7943b4fad5d62213c1748f1a07fe594 Bisecting: 12055 revisions left to test after this (roughly 14 steps) [071e5aceebebf1d33b5c29ccfd2688ed39c60007] Merge tag 'arm-drivers-5.14' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc testing commit 071e5aceebebf1d33b5c29ccfd2688ed39c60007 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: 1e853efeafb3ded1ad6a125c7d6ba4ad882042e4dcbdce1239f8059d7521648b all runs: boot failed: kernel panic: VFS: Unable to mount root fs on unknown-block(NUM,NUM) # git bisect skip 071e5aceebebf1d33b5c29ccfd2688ed39c60007 Bisecting: 12055 revisions left to test after this (roughly 14 steps) [86aab09a4870bb8346c9579864588c3d7f555299] dccp: add do-while-0 stubs for dccp_pr_debug macros testing commit 86aab09a4870bb8346c9579864588c3d7f555299 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: 7336ee63c6a0696e3f249ce9e17e70ec293a70fd90e68db2b383f9c6da83b9dc all runs: OK # git bisect bad 86aab09a4870bb8346c9579864588c3d7f555299 Bisecting: 6810 revisions left to test after this (roughly 13 steps) [019b3fd94ba73d3ac615f0537440b81f129821f6] Merge tag 'powerpc-5.14-1' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux testing commit 019b3fd94ba73d3ac615f0537440b81f129821f6 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: c1c8c82c78d888a65efd99868d9aa8ca743bf742572ad5f8feddfbdc6d742581 all runs: crashed: general protection fault in xfrm_user_rcv_msg_compat # git bisect good 019b3fd94ba73d3ac615f0537440b81f129821f6 Bisecting: 3447 revisions left to test after this (roughly 12 steps) [c932ed0adb09a7fa6d6649ee04dd78c83ab07ada] Merge tag 'tty-5.14-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty testing commit c932ed0adb09a7fa6d6649ee04dd78c83ab07ada compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: 8215dfda609619da937332360a519292c317718ea59a256086aeb0f0bd52ce2f all runs: boot failed: kernel panic: VFS: Unable to mount root fs on unknown-block(NUM,NUM) # git bisect skip c932ed0adb09a7fa6d6649ee04dd78c83ab07ada Bisecting: 3447 revisions left to test after this (roughly 12 steps) [7749510c459c10c431d746a4749e7c9cf2899156] ARM: dts: ux500: Fix LED probing testing commit 7749510c459c10c431d746a4749e7c9cf2899156 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: 7eb296ea29c9345356162d2b6f8c5b050ea2d5f91923e756841815db79a3880a all runs: crashed: general protection fault in xfrm_user_rcv_msg_compat # git bisect good 7749510c459c10c431d746a4749e7c9cf2899156 Bisecting: 3441 revisions left to test after this (roughly 12 steps) [c503c193db7d7ccc0c58b1ef694eaef331318149] Merge branch 'cpufreq/cppc-fie' into cpufreq/arm/linux-next testing commit c503c193db7d7ccc0c58b1ef694eaef331318149 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: 6752041416ae2522ce11b6b224d83da8e24cf5b16671caf4804394acd3e3d79e all runs: crashed: general protection fault in xfrm_user_rcv_msg_compat # git bisect good c503c193db7d7ccc0c58b1ef694eaef331318149 Bisecting: 3427 revisions left to test after this (roughly 12 steps) [f20fdd4362e31a02c24048af2eca735b59dacf78] Merge branch 'topic/pci-rescan-prep-v2' into for-next testing commit f20fdd4362e31a02c24048af2eca735b59dacf78 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: ff36b968d83be909767f068c77774c0ed0f1dbc57bc9796e90b24ac902779e1b all runs: crashed: general protection fault in xfrm_user_rcv_msg_compat # git bisect good f20fdd4362e31a02c24048af2eca735b59dacf78 Bisecting: 3427 revisions left to test after this (roughly 12 steps) [bb2baeb214a71cda47d50dce80414016117ddda0] KVM: SVM: improve the code readability for ASID management testing commit bb2baeb214a71cda47d50dce80414016117ddda0 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: 0cc7ba9c50fe1ff2e27d72bf43892d2b89729d4c2051c3386e9387eebbeeb23d all runs: crashed: general protection fault in xfrm_user_rcv_msg_compat # git bisect good bb2baeb214a71cda47d50dce80414016117ddda0 Bisecting: 370 revisions left to test after this (roughly 9 steps) [25905f602fdb0cfa147017056636768a7aa1ff6f] dmaengine: idxd: Change license on idxd.h to LGPL testing commit 25905f602fdb0cfa147017056636768a7aa1ff6f compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: f6a1ecd5f68588a7c5a00f3d6269956407eb1b9e6faf0e55e4b7e5aa90a36487 all runs: crashed: general protection fault in xfrm_user_rcv_msg_compat # git bisect good 25905f602fdb0cfa147017056636768a7aa1ff6f Bisecting: 156 revisions left to test after this (roughly 8 steps) [c7d102232649226a69dddd58a4942cf13cff4f7c] Merge tag 'net-5.14-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net testing commit c7d102232649226a69dddd58a4942cf13cff4f7c compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: 92182c2c4f7c14404049b41374fcab0be2910467cf212ef9b64ff8aefab5ef9b all runs: crashed: general protection fault in xfrm_user_rcv_msg_compat # git bisect good c7d102232649226a69dddd58a4942cf13cff4f7c Bisecting: 86 revisions left to test after this (roughly 6 steps) [e04480920d1eec9c061841399aa6f35b6f987d8b] Bluetooth: defer cleanup of resources in hci_unregister_dev() testing commit e04480920d1eec9c061841399aa6f35b6f987d8b compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: 18d4c72241fba5d43234b5afc8f06b196fc9a0c7c9c4e6dbc8d7f5199c9ebfc0 all runs: crashed: general protection fault in xfrm_user_rcv_msg_compat # git bisect good e04480920d1eec9c061841399aa6f35b6f987d8b Bisecting: 42 revisions left to test after this (roughly 6 steps) [5a7c1b2a5bb4461967b15f3484a0ff75d3199719] net: wwan: iosm: fix lkp buildbot warning testing commit 5a7c1b2a5bb4461967b15f3484a0ff75d3199719 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: ad0ee69c1d9dfbaed2c4ca705802aad97b4d02c20d96f2b78e5f7856f36f766f all runs: OK # git bisect bad 5a7c1b2a5bb4461967b15f3484a0ff75d3199719 Bisecting: 21 revisions left to test after this (roughly 5 steps) [c87a4c542b5a796f795fec2b7a909c7d3067b11c] net: flow_offload: correct comments mismatch with code testing commit c87a4c542b5a796f795fec2b7a909c7d3067b11c compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: 1fce1b7f79ad8abc50a78ca21d7c8b69046451a1223e0764c78b53fc63924f25 all runs: crashed: general protection fault in xfrm_user_rcv_msg_compat # git bisect good c87a4c542b5a796f795fec2b7a909c7d3067b11c Bisecting: 10 revisions left to test after this (roughly 4 steps) [ff0ee9dfe8a3277b1d2be3bb3e689a1cef01f13e] Merge branch 'pegasus-errors' testing commit ff0ee9dfe8a3277b1d2be3bb3e689a1cef01f13e compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: 2e1caed272f843658cbd55fafa8d3863c76a6b87f690430b2a9fe8a127fa40bf all runs: crashed: general protection fault in xfrm_user_rcv_msg_compat # git bisect good ff0ee9dfe8a3277b1d2be3bb3e689a1cef01f13e Bisecting: 5 revisions left to test after this (roughly 3 steps) [70bfdf62e93a4d73cfbaf83a3ac708a483ef7a71] selftests/net/ipsec: Add test for xfrm_spdattr_type_t testing commit 70bfdf62e93a4d73cfbaf83a3ac708a483ef7a71 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: c76fee9c7e58a6b594b4e1199eb2314e97c699cd2fc0c5b62356a589ba34b38e all runs: OK # git bisect bad 70bfdf62e93a4d73cfbaf83a3ac708a483ef7a71 Bisecting: 1 revision left to test after this (roughly 1 step) [2580d3f40022642452dd8422bfb8c22e54cf84bb] xfrm: Fix RCU vs hash_resize_mutex lock inversion testing commit 2580d3f40022642452dd8422bfb8c22e54cf84bb compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: b1b7d16cd901d93ac46a672f01c8f8237bffa0dd66e0363f52c2d6be78c14de4 all runs: crashed: general protection fault in xfrm_user_rcv_msg_compat # git bisect good 2580d3f40022642452dd8422bfb8c22e54cf84bb Bisecting: 0 revisions left to test after this (roughly 0 steps) [4e9505064f58d1252805952f8547a5b7dbc5c111] net/xfrm/compat: Copy xfrm_spdattr_type_t atributes testing commit 4e9505064f58d1252805952f8547a5b7dbc5c111 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: c76fee9c7e58a6b594b4e1199eb2314e97c699cd2fc0c5b62356a589ba34b38e all runs: OK # git bisect bad 4e9505064f58d1252805952f8547a5b7dbc5c111 4e9505064f58d1252805952f8547a5b7dbc5c111 is the first bad commit commit 4e9505064f58d1252805952f8547a5b7dbc5c111 Author: Dmitry Safonov Date: Sat Jul 17 16:02:21 2021 +0100 net/xfrm/compat: Copy xfrm_spdattr_type_t atributes The attribute-translator has to take in mind maxtype, that is xfrm_link::nla_max. When it is set, attributes are not of xfrm_attr_type_t. Currently, they can be only XFRMA_SPD_MAX (message XFRM_MSG_NEWSPDINFO), their UABI is the same for 64/32-bit, so just copy them. Thanks to YueHaibing for reporting this: In xfrm_user_rcv_msg_compat() if maxtype is not zero and less than XFRMA_MAX, nlmsg_parse_deprecated() do not initialize attrs array fully. xfrm_xlate32() will access uninit 'attrs[i]' while iterating all attrs array. KASAN: probably user-memory-access in range [0x0000000041b58ab0-0x0000000041b58ab7] CPU: 0 PID: 15799 Comm: syz-executor.2 Tainted: G W 5.14.0-rc1-syzkaller #0 RIP: 0010:nla_type include/net/netlink.h:1130 [inline] RIP: 0010:xfrm_xlate32_attr net/xfrm/xfrm_compat.c:410 [inline] RIP: 0010:xfrm_xlate32 net/xfrm/xfrm_compat.c:532 [inline] RIP: 0010:xfrm_user_rcv_msg_compat+0x5e5/0x1070 net/xfrm/xfrm_compat.c:577 [...] Call Trace: xfrm_user_rcv_msg+0x556/0x8b0 net/xfrm/xfrm_user.c:2774 netlink_rcv_skb+0x153/0x420 net/netlink/af_netlink.c:2504 xfrm_netlink_rcv+0x6b/0x90 net/xfrm/xfrm_user.c:2824 netlink_unicast_kernel net/netlink/af_netlink.c:1314 [inline] netlink_unicast+0x533/0x7d0 net/netlink/af_netlink.c:1340 netlink_sendmsg+0x86d/0xdb0 net/netlink/af_netlink.c:1929 sock_sendmsg_nosec net/socket.c:702 [inline] Fixes: 5106f4a8acff ("xfrm/compat: Add 32=>64-bit messages translator") Cc: Reported-by: YueHaibing Signed-off-by: Dmitry Safonov Signed-off-by: Steffen Klassert net/xfrm/xfrm_compat.c | 49 ++++++++++++++++++++++++++++++++++++++++++++----- 1 file changed, 44 insertions(+), 5 deletions(-) culprit signature: c76fee9c7e58a6b594b4e1199eb2314e97c699cd2fc0c5b62356a589ba34b38e parent signature: b1b7d16cd901d93ac46a672f01c8f8237bffa0dd66e0363f52c2d6be78c14de4 revisions tested: 20, total time: 4h12m34.099462153s (build: 2h21m33.985463544s, test: 1h48m13.893974241s) first good commit: 4e9505064f58d1252805952f8547a5b7dbc5c111 net/xfrm/compat: Copy xfrm_spdattr_type_t atributes recipients (to): ["davem@davemloft.net" "dima@arista.com" "herbert@gondor.apana.org.au" "kuba@kernel.org" "netdev@vger.kernel.org" "steffen.klassert@secunet.com" "steffen.klassert@secunet.com"] recipients (cc): ["linux-kernel@vger.kernel.org"]