ci starts bisection 2022-07-20 07:20:01.830988863 +0000 UTC m=+25591.422074985 bisecting cause commit starting from b77ffb30cfc5f58e957571d8541c6a7e3da19221 building syzkaller on 775344bcdc412431da5fa825b1012f0290fc8064 testing commit b77ffb30cfc5f58e957571d8541c6a7e3da19221 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 84f9595eb4831f9e36ed17212028d00515c8886c0a37b00344befc38970367ab all runs: crashed: WARNING in __dev_queue_xmit testing release v5.18 testing commit 4b0986a3613c92f4ec1bdc7f60ec66fea135991f compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 6ec5fa06db689a82d2ab1e694e0157e677a9fa08f4902c6db9b2f4f2cece11d0 all runs: OK # git bisect start b77ffb30cfc5f58e957571d8541c6a7e3da19221 4b0986a3613c92f4ec1bdc7f60ec66fea135991f Bisecting: 8532 revisions left to test after this (roughly 13 steps) [c011dd537ffe47462051930413fed07dbdc80313] Merge tag 'arm-soc-5.19' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc testing commit c011dd537ffe47462051930413fed07dbdc80313 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: af9b173cf336469f1dc8cd3d4097dc9061ad8a330daf03786cc97795704c1530 all runs: OK # git bisect good c011dd537ffe47462051930413fed07dbdc80313 Bisecting: 4262 revisions left to test after this (roughly 12 steps) [88bf18581375aa9b891e390aaf134b30d94232b3] Merge branch 'sleepable uprobe support' testing commit 88bf18581375aa9b891e390aaf134b30d94232b3 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 20cf5a7cf4475efa5ed9124ceb73459a929f27e8ddc9535404328355243be569 run #0: basic kernel testing failed: BUG: program execution failed: executor NUM: failed to write control pipe: write |NUM: broken pipe run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect good 88bf18581375aa9b891e390aaf134b30d94232b3 Bisecting: 2130 revisions left to test after this (roughly 11 steps) [0678afa6055d14799c1dc1eee47c8025eba56cab] Merge tag 'loongarch-fixes-5.19-1' of git://git.kernel.org/pub/scm/linux/kernel/git/chenhuacai/linux-loongson testing commit 0678afa6055d14799c1dc1eee47c8025eba56cab compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 6481fc8c05653e0bd183b502bd35fb15667d6ab536bccd7f70e69f6ebfa63c76 run #0: OK run #1: OK run #2: OK run #3: OK run #4: boot failed: INFO: task hung in add_early_randomness run #5: boot failed: INFO: task hung in add_early_randomness run #6: boot failed: INFO: task hung in add_early_randomness run #7: boot failed: INFO: task hung in add_early_randomness run #8: boot failed: INFO: task hung in add_early_randomness run #9: boot failed: INFO: task hung in add_early_randomness # git bisect good 0678afa6055d14799c1dc1eee47c8025eba56cab Bisecting: 1078 revisions left to test after this (roughly 10 steps) [88084a3df1672e131ddc1b4e39eeacfd39864acf] Linux 5.19-rc5 testing commit 88084a3df1672e131ddc1b4e39eeacfd39864acf compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: ac22f2a2ee85927803d1e646fb2cdae922cd84439f3840b75e88bf9d40b14446 all runs: OK # git bisect good 88084a3df1672e131ddc1b4e39eeacfd39864acf Bisecting: 540 revisions left to test after this (roughly 9 steps) [173e468c717c4f422e3785d6bc95a85c456faece] intel/ice:fix repeated words in comments testing commit 173e468c717c4f422e3785d6bc95a85c456faece compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 53c8faaf655d497a71540c7fa71906ca4f015bdd2d2146ac77ada8ba48467e28 all runs: OK # git bisect good 173e468c717c4f422e3785d6bc95a85c456faece Bisecting: 190 revisions left to test after this (roughly 8 steps) [83ec88d81aa8762d4fb75f95365da6b73a38efe9] Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net testing commit 83ec88d81aa8762d4fb75f95365da6b73a38efe9 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: d9cc7bd602fb2276eaac364d2e3d2d0a13cbcde443a45c7c9eff09547cec6ef5 all runs: OK # git bisect good 83ec88d81aa8762d4fb75f95365da6b73a38efe9 Bisecting: 95 revisions left to test after this (roughly 7 steps) [d6f34f7f77fba25b07b0a4f1e55054637e4027b3] MAINTAINERS: Add entry for AF_XDP selftests files testing commit d6f34f7f77fba25b07b0a4f1e55054637e4027b3 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 03e14a39568cd12b7c3416c164342ebbce9f86e9510718226ac7bcb9157e4178 all runs: OK # git bisect good d6f34f7f77fba25b07b0a4f1e55054637e4027b3 Bisecting: 47 revisions left to test after this (roughly 6 steps) [f1e8a24ed2cab1c907bb47ca5f8dee684896456e] arm64: Add LDR (literal) instruction testing commit f1e8a24ed2cab1c907bb47ca5f8dee684896456e compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: e75daae9949d502b965a31cdf7ebc9458e09d07fdf7af34c79fd886301624e71 all runs: OK # git bisect good f1e8a24ed2cab1c907bb47ca5f8dee684896456e Bisecting: 23 revisions left to test after this (roughly 5 steps) [3a2a58c4479a6acd4421db41e1e1ffd804763a5a] tools: runqslower: Build and use lightweight bootstrap version of bpftool testing commit 3a2a58c4479a6acd4421db41e1e1ffd804763a5a compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: cc1581a6af1b3f05265335e6911aa6d31e392c94fa7287023c79042d4e9e4741 all runs: OK # git bisect good 3a2a58c4479a6acd4421db41e1e1ffd804763a5a Bisecting: 11 revisions left to test after this (roughly 4 steps) [87ac0d600943994444e24382a87aa19acc4cd3d4] bpf: fix potential 32-bit overflow when accessing ARRAY map element testing commit 87ac0d600943994444e24382a87aa19acc4cd3d4 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: f0083f6d928dcac8a032a8f67ea1883de1903619dab87f5b71e40584eb79fa0a all runs: OK # git bisect good 87ac0d600943994444e24382a87aa19acc4cd3d4 Bisecting: 5 revisions left to test after this (roughly 3 steps) [a1ac9fd6c6504aa1838930bbfae6217ab6b95945] libbpf: fallback to tracefs mount point if debugfs is not mounted testing commit a1ac9fd6c6504aa1838930bbfae6217ab6b95945 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 2268c92a0df7752017baa5faead2805487ba7c996392ff57eac8fc3759fe50e2 all runs: crashed: WARNING in __dev_queue_xmit # git bisect bad a1ac9fd6c6504aa1838930bbfae6217ab6b95945 Bisecting: 2 revisions left to test after this (roughly 2 steps) [24316461200502aa5feddaa72dcbb8059503a528] selftests/bpf: validate .bss section bigger than 8MB is possible now testing commit 24316461200502aa5feddaa72dcbb8059503a528 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 1cc5ced6057b268c406dc8173fdccb6515d50e11cf43f519e929d4660898c66a run #0: basic kernel testing failed: BUG: program execution failed: executor NUM: exit status NUM run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect good 24316461200502aa5feddaa72dcbb8059503a528 Bisecting: 0 revisions left to test after this (roughly 1 step) [fd1894224407c484f652ad456e1ce423e89bb3eb] bpf: Don't redirect packets with invalid pkt_len testing commit fd1894224407c484f652ad456e1ce423e89bb3eb compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 74ce19ffa7edf3d1067177c85e32ea036668708dac3727c79d766bbb7240ef10 all runs: crashed: WARNING in __dev_queue_xmit # git bisect bad fd1894224407c484f652ad456e1ce423e89bb3eb Bisecting: 0 revisions left to test after this (roughly 0 steps) [92f619735b7c4269fc6349a7ec13f09ffb558f77] Merge branch 'BPF array map fixes and improvements' testing commit 92f619735b7c4269fc6349a7ec13f09ffb558f77 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 4b1792de07f4e7b3eeecef48415816371564c17d4b09750b1504aceb489502a7 all runs: OK # git bisect good 92f619735b7c4269fc6349a7ec13f09ffb558f77 fd1894224407c484f652ad456e1ce423e89bb3eb is the first bad commit commit fd1894224407c484f652ad456e1ce423e89bb3eb Author: Zhengchao Shao Date: Fri Jul 15 19:55:59 2022 +0800 bpf: Don't redirect packets with invalid pkt_len Syzbot found an issue [1]: fq_codel_drop() try to drop a flow whitout any skbs, that is, the flow->head is null. The root cause, as the [2] says, is because that bpf_prog_test_run_skb() run a bpf prog which redirects empty skbs. So we should determine whether the length of the packet modified by bpf prog or others like bpf_prog_test is valid before forwarding it directly. LINK: [1] https://syzkaller.appspot.com/bug?id=0b84da80c2917757915afa89f7738a9d16ec96c5 LINK: [2] https://www.spinics.net/lists/netdev/msg777503.html Reported-by: syzbot+7a12909485b94426aceb@syzkaller.appspotmail.com Signed-off-by: Zhengchao Shao Reviewed-by: Stanislav Fomichev Link: https://lore.kernel.org/r/20220715115559.139691-1-shaozhengchao@huawei.com Signed-off-by: Alexei Starovoitov include/linux/skbuff.h | 8 ++++++++ net/bpf/test_run.c | 3 +++ net/core/dev.c | 1 + 3 files changed, 12 insertions(+) culprit signature: 74ce19ffa7edf3d1067177c85e32ea036668708dac3727c79d766bbb7240ef10 parent signature: 4b1792de07f4e7b3eeecef48415816371564c17d4b09750b1504aceb489502a7 revisions tested: 16, total time: 3h57m12.311295611s (build: 1h51m19.713753569s, test: 2h4m7.878251168s) first bad commit: fd1894224407c484f652ad456e1ce423e89bb3eb bpf: Don't redirect packets with invalid pkt_len recipients (to): ["ast@kernel.org" "sdf@google.com" "shaozhengchao@huawei.com"] recipients (cc): [] crash: WARNING in __dev_queue_xmit ------------[ cut here ]------------ skb_assert_len WARNING: CPU: 1 PID: 4091 at include/linux/skbuff.h:2465 skb_assert_len include/linux/skbuff.h:2465 [inline] WARNING: CPU: 1 PID: 4091 at include/linux/skbuff.h:2465 __dev_queue_xmit+0x2733/0x3100 net/core/dev.c:4171 Modules linked in: CPU: 1 PID: 4091 Comm: syz-executor.0 Not tainted 5.19.0-rc5-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 RIP: 0010:skb_assert_len include/linux/skbuff.h:2465 [inline] RIP: 0010:__dev_queue_xmit+0x2733/0x3100 net/core/dev.c:4171 Code: fd ff ff 4c 89 e7 e8 dc c6 fd fa e9 d4 fd ff ff 48 c7 c6 e0 62 05 8a 48 c7 c7 20 3c 05 8a c6 05 f0 a8 23 06 01 e8 73 ea ae 01 <0f> 0b e9 39 f4 ff ff 31 d2 48 89 de 48 c7 c7 80 2c 05 8a c6 05 d0 RSP: 0018:ffffc90002dff740 EFLAGS: 00010282 RAX: 0000000000000000 RBX: ffff888079fef3c0 RCX: 0000000000000000 RDX: 0000000000000001 RSI: ffffffff89646de0 RDI: fffff520005bfeda RBP: ffff888079fef47a R08: 0000000000000001 R09: ffff8880b9d34047 R10: ffffed10173a6808 R11: 0000000000000001 R12: ffff888079fef430 R13: ffff888079fef490 R14: ffff888079fef3d0 R15: ffff888079fef3c0 FS: 00007f964cb19700(0000) GS:ffff8880b9d00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000020000100 CR3: 000000001617b000 CR4: 00000000003506e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: packet_snd net/packet/af_packet.c:3073 [inline] packet_sendmsg+0x1c30/0x4a80 net/packet/af_packet.c:3104 sock_sendmsg_nosec net/socket.c:714 [inline] sock_sendmsg+0xab/0xe0 net/socket.c:734 ____sys_sendmsg+0x5c2/0x7a0 net/socket.c:2485 ___sys_sendmsg+0xd3/0x150 net/socket.c:2539 __sys_sendmsg+0xb9/0x150 net/socket.c:2568 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x46/0xb0 RIP: 0033:0x7f964ba891f9 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f964cb19168 EFLAGS: 00000246 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 00007f964bb9bf60 RCX: 00007f964ba891f9 RDX: 0000000000000000 RSI: 0000000020000100 RDI: 0000000000000003 RBP: 00007f964bae3161 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffd2b67e77f R14: 00007f964cb19300 R15: 0000000000022000