bisecting cause commit starting from 304e024216a802a7dc8ba75d36de82fa136bbf3e
building syzkaller on a34e2c332411388ed2b3f6f1a3acdc062feceb79
testing commit 304e024216a802a7dc8ba75d36de82fa136bbf3e with gcc (GCC) 8.1.0
kernel signature: 451d01bd1e773ade09c0d84c75e377f2b5836f71b25a0812f1fecea423648f67
all runs: crashed: general protection fault in macsec_upd_offload
testing release v5.6
testing commit 7111951b8d4973bda27ff663f2cf18b663d15b48 with gcc (GCC) 8.1.0
kernel signature: 79031a9e34bb71f84bf54d67bc52569646f87178edfde8dc6466fb05732458d7
all runs: OK
# git bisect start 304e024216a802a7dc8ba75d36de82fa136bbf3e 7111951b8d4973bda27ff663f2cf18b663d15b48
Bisecting: 2816 revisions left to test after this (roughly 12 steps)
[15c981d16d70e8a5be297fa4af07a64ab7e080ed] Merge tag 'for-5.7-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux
testing commit 15c981d16d70e8a5be297fa4af07a64ab7e080ed with gcc (GCC) 8.1.0
kernel signature: 468a01d710d267379629e503ec96b68d4e7d927bd64c011a0a7037436c9fc395
all runs: OK
# git bisect good 15c981d16d70e8a5be297fa4af07a64ab7e080ed
Bisecting: 1408 revisions left to test after this (roughly 11 steps)
[4094445229760d0d31a4190dfe88fe815c9fc34e] netfilter: nf_tables: add elements with stateful expressions
testing commit 4094445229760d0d31a4190dfe88fe815c9fc34e with gcc (GCC) 8.1.0
kernel signature: 4087fe0170a57f67ba75fb90e77514208e86c965db964a62b9806f8d308cebd4
all runs: OK
# git bisect good 4094445229760d0d31a4190dfe88fe815c9fc34e
Bisecting: 701 revisions left to test after this (roughly 10 steps)
[aba6d497c8214b81d298f8d5d752a3cd97e8056b] Merge tag 'mlx5-updates-2020-03-29' of git://git.kernel.org/pub/scm/linux/kernel/git/saeed/linux
testing commit aba6d497c8214b81d298f8d5d752a3cd97e8056b with gcc (GCC) 8.1.0
kernel signature: 351b9cfddeeb9dcd858b317cf879abe47a49578447c8bfb142958bfc5dd54f3e
all runs: crashed: general protection fault in macsec_upd_offload
# git bisect bad aba6d497c8214b81d298f8d5d752a3cd97e8056b
Bisecting: 382 revisions left to test after this (roughly 9 steps)
[9970de8b013a81908eb78aa6409c0e0495d3eb30] Merge branch 'PTP_CLK-pin-configuration-for-SJA1105-DSA-driver'
testing commit 9970de8b013a81908eb78aa6409c0e0495d3eb30 with gcc (GCC) 8.1.0
kernel signature: 06c758599b46b848d4a421af47a501cbcc42501f4d767d88bcdaa010ceb79e72
all runs: OK
# git bisect good 9970de8b013a81908eb78aa6409c0e0495d3eb30
Bisecting: 191 revisions left to test after this (roughly 8 steps)
[e8937681797c9af491c8a1e362a9db4f4aa1f471] devlink: prepare to support region operations
testing commit e8937681797c9af491c8a1e362a9db4f4aa1f471 with gcc (GCC) 8.1.0
kernel signature: dbce5a58cad05f5e75b7118dd4dd43621ef996aad22003b00d2f5cc1045a7c8c
all runs: OK
# git bisect good e8937681797c9af491c8a1e362a9db4f4aa1f471
Bisecting: 120 revisions left to test after this (roughly 7 steps)
[0b992b898c9e52e274af1c4b6c3de21632199b4d] Merge branch 's390-qeth-next'
testing commit 0b992b898c9e52e274af1c4b6c3de21632199b4d with gcc (GCC) 8.1.0
kernel signature: 5770f7bc0b2779de636fe7a2dc432859292e3530104afa0ce92c3a416a38d881
all runs: OK
# git bisect good 0b992b898c9e52e274af1c4b6c3de21632199b4d
Bisecting: 59 revisions left to test after this (roughly 6 steps)
[1a147b74c2fd4058dea0133cb2471724c3b3de09] Merge branch 'DSA-mtu'
testing commit 1a147b74c2fd4058dea0133cb2471724c3b3de09 with gcc (GCC) 8.1.0
kernel signature: 09ed62f7f8e46962d185d1969e5d664e1ace0965de7b7255acd88d748181d7b7
all runs: OK
# git bisect good 1a147b74c2fd4058dea0133cb2471724c3b3de09
Bisecting: 29 revisions left to test after this (roughly 5 steps)
[b08fbf241064bb6bfc21b63a32c9c661e2b2957f] selftests: add test-cases for MPTCP MP_JOIN
testing commit b08fbf241064bb6bfc21b63a32c9c661e2b2957f with gcc (GCC) 8.1.0
kernel signature: 8c25d482504d499abee51776b09ca3a02da55bef8a51dd9c39da91587cc2df4d
all runs: crashed: general protection fault in macsec_upd_offload
# git bisect bad b08fbf241064bb6bfc21b63a32c9c661e2b2957f
Bisecting: 14 revisions left to test after this (roughly 4 steps)
[1b1c7a0ef7f323f37281b134ade17baa94779787] mptcp: Add path manager interface
testing commit 1b1c7a0ef7f323f37281b134ade17baa94779787 with gcc (GCC) 8.1.0
kernel signature: 61381b04e238c7d4b2bdca3173841cc4db93cb553c0f7b8bafc4b73c26439d90
all runs: OK
# git bisect good 1b1c7a0ef7f323f37281b134ade17baa94779787
Bisecting: 7 revisions left to test after this (roughly 3 steps)
[d027236c41fd024d761552d78014432d30d1be0c] mptcp: implement memory accounting for mptcp rtx queue
testing commit d027236c41fd024d761552d78014432d30d1be0c with gcc (GCC) 8.1.0
kernel signature: 446c813068b9067aad3d6a574624716d4b6147793fb9d928404d074e13edd2e6
all runs: OK
# git bisect good d027236c41fd024d761552d78014432d30d1be0c
Bisecting: 3 revisions left to test after this (roughly 2 steps)
[5147dfb5083204d6f5468d6d6d2d04b2cdc0cf2b] mptcp: allow dumping subflow context to userspace
testing commit 5147dfb5083204d6f5468d6d6d2d04b2cdc0cf2b with gcc (GCC) 8.1.0
kernel signature: 0db9cb83c981ad752cbf9c3d8cfd972a5f4824790d690db17f1b66758472b710
all runs: OK
# git bisect good 5147dfb5083204d6f5468d6d6d2d04b2cdc0cf2b
Bisecting: 1 revision left to test after this (roughly 1 step)
[01cacb00b35cb62b139f07d5f84bcf0eeda8eff6] mptcp: add netlink-based PM
testing commit 01cacb00b35cb62b139f07d5f84bcf0eeda8eff6 with gcc (GCC) 8.1.0
kernel signature: 31b652a04b1f18591bcfbbc01a87c6a19971fb958610fa82c7f5d18d0c9be52b
all runs: crashed: general protection fault in macsec_upd_offload
# git bisect bad 01cacb00b35cb62b139f07d5f84bcf0eeda8eff6
Bisecting: 0 revisions left to test after this (roughly 0 steps)
[fc518953bc9c8d7d33c6ab261995f5038f3c87f9] mptcp: add and use MIB counter infrastructure
testing commit fc518953bc9c8d7d33c6ab261995f5038f3c87f9 with gcc (GCC) 8.1.0
kernel signature: f34deabc6698e994bc1447ab9745239bcd07a21930eaba4d1c5894f3087d4627
all runs: OK
# git bisect good fc518953bc9c8d7d33c6ab261995f5038f3c87f9
01cacb00b35cb62b139f07d5f84bcf0eeda8eff6 is the first bad commit
commit 01cacb00b35cb62b139f07d5f84bcf0eeda8eff6
Author: Paolo Abeni <pabeni@redhat.com>
Date:   Fri Mar 27 14:48:51 2020 -0700

    mptcp: add netlink-based PM
    
    Expose a new netlink family to userspace to control the PM, setting:
    
     - list of local addresses to be signalled.
     - list of local addresses used to created subflows.
     - maximum number of add_addr option to react
    
    When the msk is fully established, the PM netlink attempts to
    announce the 'signal' list via the ADD_ADDR option. Since we
    currently lack the ADD_ADDR echo (and related event) only the
    first addr is sent.
    
    After exhausting the 'announce' list, the PM tries to create
    subflow for each addr in 'local' list, waiting for each
    connection to be completed before attempting the next one.
    
    Idea is to add an additional PM hook for ADD_ADDR echo, to allow
    the PM netlink announcing multiple addresses, in sequence.
    
    Co-developed-by: Matthieu Baerts <matthieu.baerts@tessares.net>
    Signed-off-by: Matthieu Baerts <matthieu.baerts@tessares.net>
    Signed-off-by: Paolo Abeni <pabeni@redhat.com>
    Signed-off-by: Mat Martineau <mathew.j.martineau@linux.intel.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>

 include/uapi/linux/mptcp.h |  54 +++
 net/mptcp/Makefile         |   3 +-
 net/mptcp/pm.c             |   9 +-
 net/mptcp/pm_netlink.c     | 857 +++++++++++++++++++++++++++++++++++++++++++++
 net/mptcp/protocol.h       |   7 +
 5 files changed, 928 insertions(+), 2 deletions(-)
 create mode 100644 net/mptcp/pm_netlink.c
culprit signature: 31b652a04b1f18591bcfbbc01a87c6a19971fb958610fa82c7f5d18d0c9be52b
parent  signature: f34deabc6698e994bc1447ab9745239bcd07a21930eaba4d1c5894f3087d4627
revisions tested: 15, total time: 3h31m42.817582601s (build: 1h26m4.912477982s, test: 2h4m44.206379588s)
first bad commit: 01cacb00b35cb62b139f07d5f84bcf0eeda8eff6 mptcp: add netlink-based PM
cc: ["davem@davemloft.net" "mathew.j.martineau@linux.intel.com" "matthieu.baerts@tessares.net" "pabeni@redhat.com"]
crash: general protection fault in macsec_upd_offload
netlink: 'syz-executor.2': attribute type 1 has an invalid length.
general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN
KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]
CPU: 0 PID: 8526 Comm: syz-executor.2 Not tainted 5.6.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:nla_get_u8 include/net/netlink.h:1528 [inline]
RIP: 0010:macsec_upd_offload+0x198/0x530 drivers/net/macsec.c:2597
Code: 48 3d 00 f0 ff ff 48 89 c3 0f 87 3e 02 00 00 48 b8 00 00 00 00 00 fc ff df 4c 8b 64 24 38 49 8d 7c 24 04 48 89 fa 48 c1 ea 03 <0f> b6 04 02 48 89 fa 83 e2 07 38 d0 7f 08 84 c0 0f 85 a4 02 00 00
RSP: 0018:ffffc90004577578 EFLAGS: 00010247
RAX: dffffc0000000000 RBX: ffff888087c1c000 RCX: 0000000000000000
RDX: 0000000000000000 RSI: 0000000000000040 RDI: 0000000000000004
RBP: 1ffff920008aeeb1 R08: fffff520008aeeb8 R09: 000000000000000a
R10: 1ffff920008aee9b R11: dffffc0000000000 R12: 0000000000000000
R13: 0000000000000000 R14: ffff888087d08080 R15: ffff888218b64c00
FS:  00007f747131a700(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000000200000c0 CR3: 000000009abc4000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 genl_family_rcv_msg_doit net/netlink/genetlink.c:673 [inline]
 genl_family_rcv_msg net/netlink/genetlink.c:718 [inline]
 genl_rcv_msg+0x5a9/0xf30 net/netlink/genetlink.c:735
 netlink_rcv_skb+0x119/0x340 net/netlink/af_netlink.c:2469
 genl_rcv+0x1f/0x30 net/netlink/genetlink.c:746
 netlink_unicast_kernel net/netlink/af_netlink.c:1303 [inline]
 netlink_unicast+0x434/0x630 net/netlink/af_netlink.c:1329
 netlink_sendmsg+0x714/0xc60 net/netlink/af_netlink.c:1918
 sock_sendmsg_nosec net/socket.c:652 [inline]
 sock_sendmsg+0xac/0xe0 net/socket.c:672
 ____sys_sendmsg+0x54e/0x750 net/socket.c:2345
 ___sys_sendmsg+0xe4/0x160 net/socket.c:2399
 __sys_sendmsg+0xce/0x170 net/socket.c:2432
 do_syscall_64+0xc6/0x620 arch/x86/entry/common.c:294
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x45c849
Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007f7471319c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00007f747131a6d4 RCX: 000000000045c849
RDX: 0000000000000000 RSI: 00000000200000c0 RDI: 0000000000000003
RBP: 000000000076bf00 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
R13: 00000000000009f5 R14: 00000000004ccac9 R15: 000000000076bf0c
Modules linked in:
---[ end trace f235f440bc8aa6f0 ]---
RIP: 0010:nla_get_u8 include/net/netlink.h:1528 [inline]
RIP: 0010:macsec_upd_offload+0x198/0x530 drivers/net/macsec.c:2597
Code: 48 3d 00 f0 ff ff 48 89 c3 0f 87 3e 02 00 00 48 b8 00 00 00 00 00 fc ff df 4c 8b 64 24 38 49 8d 7c 24 04 48 89 fa 48 c1 ea 03 <0f> b6 04 02 48 89 fa 83 e2 07 38 d0 7f 08 84 c0 0f 85 a4 02 00 00
RSP: 0018:ffffc90004577578 EFLAGS: 00010247
RAX: dffffc0000000000 RBX: ffff888087c1c000 RCX: 0000000000000000
RDX: 0000000000000000 RSI: 0000000000000040 RDI: 0000000000000004
RBP: 1ffff920008aeeb1 R08: fffff520008aeeb8 R09: 000000000000000a
R10: 1ffff920008aee9b R11: dffffc0000000000 R12: 0000000000000000
R13: 0000000000000000 R14: ffff888087d08080 R15: ffff888218b64c00
FS:  00007f747131a700(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f1e0ae26000 CR3: 000000009abc4000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400