bisecting cause commit starting from b646acd5eb48ec49ef90404336d7e8ee502ecd05 building syzkaller on 14052202e8d8d0bb407512b6861e9085f9171241 testing commit b646acd5eb48ec49ef90404336d7e8ee502ecd05 with gcc (GCC) 10.2.1 20210217 kernel signature: 09583cb1ae31cef3a016322ed90eef6c53905e524d997e6f0fbd6f8d082e7065 all runs: crashed: UBSAN: shift-out-of-bounds in netlink_recvmsg testing release v5.10 testing commit 2c85ebc57b3e1817b6ce1a6b703928e113a90442 with gcc (GCC) 10.2.1 20210217 kernel signature: ad0020076c568fd04e3712999367961eadbdf96cf6f928f88e3fec927cee834c all runs: OK # git bisect start b646acd5eb48ec49ef90404336d7e8ee502ecd05 2c85ebc57b3e1817b6ce1a6b703928e113a90442 Bisecting: 8671 revisions left to test after this (roughly 13 steps) [005b2a9dc819a1265a8c765595f8f6d88d6173d9] Merge tag 'tif-task_work.arch-2020-12-14' of git://git.kernel.dk/linux-block testing commit 005b2a9dc819a1265a8c765595f8f6d88d6173d9 with gcc (GCC) 10.2.1 20210217 kernel signature: dcde3cf0af992b52fa9a5a77cae45152618de4bea64cb249e6da4fbd339396c7 all runs: OK # git bisect good 005b2a9dc819a1265a8c765595f8f6d88d6173d9 Bisecting: 4342 revisions left to test after this (roughly 12 steps) [64145482d3339d71f58857591d021588040543f4] Merge tag 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mst/vhost testing commit 64145482d3339d71f58857591d021588040543f4 with gcc (GCC) 10.2.1 20210217 kernel signature: a57fb85f80cc6b909786857b6c24462c53807c47625c8b271aebf54338285c60 all runs: OK # git bisect good 64145482d3339d71f58857591d021588040543f4 Bisecting: 2170 revisions left to test after this (roughly 11 steps) [8e91dd934be6131143df5db05fb06635581addf9] Merge tag 'drm-fixes-2021-02-05-1' of git://anongit.freedesktop.org/drm/drm testing commit 8e91dd934be6131143df5db05fb06635581addf9 with gcc (GCC) 10.2.1 20210217 kernel signature: 55bcd2d404beecb655af454cc7a7a589cd9d157433a2f84997022269f4634001 all runs: OK # git bisect good 8e91dd934be6131143df5db05fb06635581addf9 Bisecting: 1085 revisions left to test after this (roughly 10 steps) [29863d41bb6e1d969c62fdb15b0961806942960e] net: implement threaded-able napi poll loop support testing commit 29863d41bb6e1d969c62fdb15b0961806942960e with gcc (GCC) 10.2.1 20210217 kernel signature: fb3db71e2fa0f39a909b5ee47b8602057664b782550b0a99b9ced740be8de2b7 all runs: OK # git bisect good 29863d41bb6e1d969c62fdb15b0961806942960e Bisecting: 594 revisions left to test after this (roughly 9 steps) [295f830e53f4838344c97e12ce69637e2128ca8d] rxrpc: Fix dependency on IPv6 in udp tunnel config testing commit 295f830e53f4838344c97e12ce69637e2128ca8d with gcc (GCC) 10.2.1 20210217 kernel signature: 17ad661c8efd4c996bff5faeb3d833da67316b1332aff69474932e99fcb68719 all runs: crashed: UBSAN: shift-out-of-bounds in netlink_recvmsg # git bisect bad 295f830e53f4838344c97e12ce69637e2128ca8d Bisecting: 256 revisions left to test after this (roughly 8 steps) [291009f656e8eaebbdfd3a8d99f6b190a9ce9deb] Merge tag 'pm-5.11-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm testing commit 291009f656e8eaebbdfd3a8d99f6b190a9ce9deb with gcc (GCC) 10.2.1 20210217 kernel signature: 8067dc934822f3d2dd62a338b00916cf1dbe1119682b37cad62b9d32b996a072 all runs: OK # git bisect good 291009f656e8eaebbdfd3a8d99f6b190a9ce9deb Bisecting: 128 revisions left to test after this (roughly 7 steps) [2788d8418af5a88db754cc8e7c16a7455934fc44] net: mvpp2: add FCA periodic timer configurations testing commit 2788d8418af5a88db754cc8e7c16a7455934fc44 with gcc (GCC) 10.2.1 20210217 kernel signature: e7e17c95fad5d9db072372c2f910738bde9ca744f56cb3a76e35c626a16f857b all runs: OK # git bisect good 2788d8418af5a88db754cc8e7c16a7455934fc44 Bisecting: 74 revisions left to test after this (roughly 6 steps) [55c0bd77479b60ea29fd390faf4545cfb3a1d79e] Bluetooth: hci_qca: Fixed issue during suspend testing commit 55c0bd77479b60ea29fd390faf4545cfb3a1d79e with gcc (GCC) 10.2.1 20210217 kernel signature: 668090ec661f2183a528cd331e6e7d2940f820947eda03eee024707d1be96ada all runs: OK # git bisect good 55c0bd77479b60ea29fd390faf4545cfb3a1d79e Bisecting: 37 revisions left to test after this (roughly 5 steps) [86e8b070b25e3cb459d0a4e293327a56f344515e] net: ti: am65-cpsw-nuss: Add switchdev support testing commit 86e8b070b25e3cb459d0a4e293327a56f344515e with gcc (GCC) 10.2.1 20210217 kernel signature: 6bcd18d34c0ee0ccd1a6c962075820159ca4d43694645938832f0e2c9f8854bc all runs: OK # git bisect good 86e8b070b25e3cb459d0a4e293327a56f344515e Bisecting: 18 revisions left to test after this (roughly 4 steps) [76f82fd9b1230332db2b3bc3916d097b92acbf29] net: hns3: split out hclge_cmd_send() testing commit 76f82fd9b1230332db2b3bc3916d097b92acbf29 with gcc (GCC) 10.2.1 20210217 kernel signature: 162295d4afb8b60ba20f974e9a13b1be66197e5ec2b071ba0d7fdbe3b78d6144 all runs: OK # git bisect good 76f82fd9b1230332db2b3bc3916d097b92acbf29 Bisecting: 8 revisions left to test after this (roughly 3 steps) [0a82c37e34fe5179a0e18b7a267bbe088fefdee8] Merge branch 'mptcp-selftests' testing commit 0a82c37e34fe5179a0e18b7a267bbe088fefdee8 with gcc (GCC) 10.2.1 20210217 kernel signature: 162295d4afb8b60ba20f974e9a13b1be66197e5ec2b071ba0d7fdbe3b78d6144 all runs: OK # git bisect good 0a82c37e34fe5179a0e18b7a267bbe088fefdee8 Bisecting: 4 revisions left to test after this (roughly 2 steps) [b263b0d7d60baecda3c840a0703bb6d511f7ae2d] mptcp: move subflow close loop after sk close check testing commit b263b0d7d60baecda3c840a0703bb6d511f7ae2d with gcc (GCC) 10.2.1 20210217 kernel signature: 69e299a4e3a7c242c7b4f650dee40af196b9bc1614818a45ad635d1980493e3a all runs: OK # git bisect good b263b0d7d60baecda3c840a0703bb6d511f7ae2d Bisecting: 2 revisions left to test after this (roughly 1 step) [4d54cc32112d8d8b0667559c9309f1a6f764f70b] mptcp: avoid lock_fast usage in accept path testing commit 4d54cc32112d8d8b0667559c9309f1a6f764f70b with gcc (GCC) 10.2.1 20210217 kernel signature: c851e72c633b7beccb2dadc6a40a4c140bfdcbb7f883574c287285875c1f4fb8 all runs: OK # git bisect good 4d54cc32112d8d8b0667559c9309f1a6f764f70b Bisecting: 0 revisions left to test after this (roughly 1 step) [0a2f6b32cc45e3918321779fe90c28f1ed27d2af] Merge branch 'mptcp-genl-events' testing commit 0a2f6b32cc45e3918321779fe90c28f1ed27d2af with gcc (GCC) 10.2.1 20210217 kernel signature: f16c5a992f12c005a5ebe9cbc8d365913112bb3d225ee1a0a004ddf67f3fb1a2 all runs: crashed: UBSAN: shift-out-of-bounds in netlink_recvmsg # git bisect bad 0a2f6b32cc45e3918321779fe90c28f1ed27d2af Bisecting: 0 revisions left to test after this (roughly 0 steps) [b911c97c7dc771633c68ea9b8f15070f8af3d323] mptcp: add netlink event support testing commit b911c97c7dc771633c68ea9b8f15070f8af3d323 with gcc (GCC) 10.2.1 20210217 kernel signature: f16c5a992f12c005a5ebe9cbc8d365913112bb3d225ee1a0a004ddf67f3fb1a2 all runs: crashed: UBSAN: shift-out-of-bounds in netlink_recvmsg # git bisect bad b911c97c7dc771633c68ea9b8f15070f8af3d323 b911c97c7dc771633c68ea9b8f15070f8af3d323 is the first bad commit commit b911c97c7dc771633c68ea9b8f15070f8af3d323 Author: Florian Westphal Date: Fri Feb 12 16:00:01 2021 -0800 mptcp: add netlink event support Allow userspace (mptcpd) to subscribe to mptcp genl multicast events. This implementation reuses the same event API as the mptcp kernel fork to ease integration of existing tools, e.g. mptcpd. Supported events include: 1. start and close of an mptcp connection 2. start and close of subflows (joins) 3. announce and withdrawals of addresses 4. subflow priority (backup/non-backup) change. Reviewed-by: Matthieu Baerts Signed-off-by: Florian Westphal Signed-off-by: Mat Martineau Signed-off-by: David S. Miller include/uapi/linux/mptcp.h | 74 +++++++++++++ net/mptcp/pm.c | 20 +++- net/mptcp/pm_netlink.c | 261 ++++++++++++++++++++++++++++++++++++++++++++- net/mptcp/protocol.c | 10 +- net/mptcp/protocol.h | 6 ++ 5 files changed, 364 insertions(+), 7 deletions(-) culprit signature: f16c5a992f12c005a5ebe9cbc8d365913112bb3d225ee1a0a004ddf67f3fb1a2 parent signature: c851e72c633b7beccb2dadc6a40a4c140bfdcbb7f883574c287285875c1f4fb8 revisions tested: 17, total time: 4h31m43.801577262s (build: 1h55m13.544861196s, test: 2h30m40.746962715s) first bad commit: b911c97c7dc771633c68ea9b8f15070f8af3d323 mptcp: add netlink event support recipients (to): ["davem@davemloft.net" "fw@strlen.de" "mathew.j.martineau@linux.intel.com" "matthieu.baerts@tessares.net"] recipients (cc): [] crash: UBSAN: shift-out-of-bounds in netlink_recvmsg ================================================================================ UBSAN: shift-out-of-bounds in net/netlink/af_netlink.c:160:19 shift exponent 32 is too large for 32-bit type 'int' CPU: 0 PID: 10151 Comm: syz-executor.2 Not tainted 5.11.0-rc7-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:79 [inline] dump_stack+0x9a/0xcc lib/dump_stack.c:120 ubsan_epilogue+0x5/0x40 lib/ubsan.c:148 __ubsan_handle_shift_out_of_bounds.cold+0x61/0xe9 lib/ubsan.c:395 netlink_group_mask net/netlink/af_netlink.c:160 [inline] netlink_group_mask net/netlink/af_netlink.c:158 [inline] netlink_recvmsg.cold+0x1c/0x2a net/netlink/af_netlink.c:1992 sock_recvmsg_nosec net/socket.c:886 [inline] sock_recvmsg net/socket.c:904 [inline] sock_recvmsg net/socket.c:900 [inline] ____sys_recvmsg+0x25e/0x620 net/socket.c:2568 ___sys_recvmsg+0xe2/0x1a0 net/socket.c:2610 __sys_recvmsg+0xaf/0x140 net/socket.c:2646 do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x44/0xa9 RIP: 0033:0x465d99 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f2db856b188 EFLAGS: 00000246 ORIG_RAX: 000000000000002f RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465d99 RDX: 0000000000000002 RSI: 0000000020000440 RDI: 0000000000000003 RBP: 00000000004bcf27 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 R13: 00007fffae2160bf R14: 00007f2db856b300 R15: 0000000000022000 ================================================================================