bisecting cause commit starting from 1f77990c4b7960a82d599567c586ceb8289f71ed building syzkaller on af796c181d2f26346fd413a8aec4262799a13cd1 testing commit 1f77990c4b7960a82d599567c586ceb8289f71ed compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 7b72e30826fffe02d15f17975884622510725f0cca7a30fa6ab8b92c204bcc06 all runs: crashed: WARNING: suspicious RCU usage in xfrm_set_default testing release v5.14 testing commit 7d2a07b769330c34b4deabeed939325c77a7ec2f compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 8c219514f33cf5f7e995cffb6643e798eb9f0e406da2dbcbb7423680d5a3f503 all runs: OK # git bisect start 1f77990c4b7960a82d599567c586ceb8289f71ed 7d2a07b769330c34b4deabeed939325c77a7ec2f Bisecting: 7508 revisions left to test after this (roughly 13 steps) [32b47072f319bb65e9afad59e78153d83496f1f5] Merge tag 'defconfig-5.15' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc testing commit 32b47072f319bb65e9afad59e78153d83496f1f5 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 027fd2a46adefc4ac05cf1c2a2256bf2cc5e482b45ec6f92618882fbac7a7ae7 run #0: basic kernel testing failed: failed to copy test binary to VM: timedout ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "/syzkaller/jobs/linux/gopath/src/github.com/google/syzkaller/bin/linux_amd64/syz-executor" "root@10.128.0.244:./syz-executor"] Warning: Permanently added '10.128.0.244' (ECDSA) to the list of known hosts. run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect good 32b47072f319bb65e9afad59e78153d83496f1f5 Bisecting: 3756 revisions left to test after this (roughly 12 steps) [03d6f3fe54278f8e5ec670e576b8da8b8727ec26] tools headers UAPI: Sync x86's asm/kvm.h with the kernel sources testing commit 03d6f3fe54278f8e5ec670e576b8da8b8727ec26 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 0df9a115bb668b83113f0d6d96d9d7718251e60713026e6b1de38a93d0336117 all runs: OK # git bisect good 03d6f3fe54278f8e5ec670e576b8da8b8727ec26 Bisecting: 1877 revisions left to test after this (roughly 11 steps) [d4b87cf8e3170fc1fff987e65cda9bfa52fb078a] Merge branch 'linux-next' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm.git testing commit d4b87cf8e3170fc1fff987e65cda9bfa52fb078a compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 96d09840958315eac30dfb2ddc6c8f74a7f7dafbeecf6b53776d0c8207866361 all runs: crashed: WARNING: suspicious RCU usage in xfrm_set_default # git bisect bad d4b87cf8e3170fc1fff987e65cda9bfa52fb078a Bisecting: 941 revisions left to test after this (roughly 10 steps) [aae770eb4e28ac768d94b79bbacd90ddf8ce080e] Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild.git testing commit aae770eb4e28ac768d94b79bbacd90ddf8ce080e compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: ae0b55f5268d87a1e02edcaad6ac7f1ec929471ccac4bccc6e35e18f656b4ae8 all runs: crashed: WARNING: suspicious RCU usage in xfrm_set_default # git bisect bad aae770eb4e28ac768d94b79bbacd90ddf8ce080e Bisecting: 481 revisions left to test after this (roughly 9 steps) [109f7ea9aedce437b4b7737ab60bfea65d9dbdd3] Merge tag 'amd-drm-fixes-5.15-2021-09-16' of https://gitlab.freedesktop.org/agd5f/linux into drm-fixes testing commit 109f7ea9aedce437b4b7737ab60bfea65d9dbdd3 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 65895619433c754ce44db3981353c6048e1ca34ec6e78a215e30aa0aa93be4fc all runs: OK # git bisect good 109f7ea9aedce437b4b7737ab60bfea65d9dbdd3 Bisecting: 248 revisions left to test after this (roughly 8 steps) [e95b4b305c9b65dcf032550534555577352a2152] Merge branch 'arm/fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc.git testing commit e95b4b305c9b65dcf032550534555577352a2152 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 82cbd0f688cd4323863fcc364523251047f2ed4f643fdb9e9ad04c421e93db08 all runs: OK # git bisect good e95b4b305c9b65dcf032550534555577352a2152 Bisecting: 126 revisions left to test after this (roughly 7 steps) [e0842df22736df91e3b6f69b1046ddc7f7c3891c] Merge branch 'staging-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging.git testing commit e0842df22736df91e3b6f69b1046ddc7f7c3891c compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 7c33f55285221ed714fe044ae31da594aa127b7f762df26fa7a05712f8ed86fb all runs: crashed: WARNING: suspicious RCU usage in xfrm_set_default # git bisect bad e0842df22736df91e3b6f69b1046ddc7f7c3891c Bisecting: 62 revisions left to test after this (roughly 6 steps) [1c32e7601db02401eb5c1f5ebaaada06581e5a2a] Merge branch 'for-rc' of git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma.git testing commit 1c32e7601db02401eb5c1f5ebaaada06581e5a2a compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: c3ac901f21d9817fed9e3721d6220a32200a67afeed2fc0a10d2ff3eeff0538e all runs: crashed: WARNING: suspicious RCU usage in xfrm_set_default # git bisect bad 1c32e7601db02401eb5c1f5ebaaada06581e5a2a Bisecting: 32 revisions left to test after this (roughly 5 steps) [1b663ecdb74e3debf756bd36b1f2045819fc7660] Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git testing commit 1b663ecdb74e3debf756bd36b1f2045819fc7660 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: c6df8fc8db929ba792c1279ae398915b8e9b2f8cf3c7d0f665c91af3cb5ff7cb all runs: OK # git bisect good 1b663ecdb74e3debf756bd36b1f2045819fc7660 Bisecting: 16 revisions left to test after this (roughly 4 steps) [bc23f724481759d0fac61dfb5ce979af2190bbe0] bpf/tests: Add tail call limit test with external function call testing commit bc23f724481759d0fac61dfb5ce979af2190bbe0 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 1cba55e5ef3c4b88a4b3f3d0804cbb08d8ed52a00019f1adb36fa32a2c8cf2f3 run #0: OK run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: boot failed: KFENCE: use-after-free in kvm_fastop_exception # git bisect good bc23f724481759d0fac61dfb5ce979af2190bbe0 Bisecting: 9 revisions left to test after this (roughly 3 steps) [49768c05b530a945968d25b1b7dc791736e54d24] Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec.git testing commit 49768c05b530a945968d25b1b7dc791736e54d24 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 56d4492fed7e4e43ee6a6292916a802c155ff38e2bef444bb056f866bc84920f all runs: crashed: WARNING: suspicious RCU usage in xfrm_set_default # git bisect bad 49768c05b530a945968d25b1b7dc791736e54d24 Bisecting: 3 revisions left to test after this (roughly 2 steps) [f8d858e607b2a36808ac6d4218f5f5203d7a7d63] xfrm: make user policy API complete testing commit f8d858e607b2a36808ac6d4218f5f5203d7a7d63 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 1c403d2659033f4eaa7460b62ade316e8c59398475b1c00fe471de3a69c6bfa1 all runs: OK # git bisect good f8d858e607b2a36808ac6d4218f5f5203d7a7d63 Bisecting: 1 revision left to test after this (roughly 1 step) [047a749d231e4faccaf5f473cf73dc5732425f81] Merge branch 'xfrm: fix uapi for the default policy' testing commit 047a749d231e4faccaf5f473cf73dc5732425f81 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 943450b94ac70490ebe580ae7b6a13384dc7e4acdc1ef84e5ca93a02cbc1b8a4 all runs: crashed: WARNING: suspicious RCU usage in xfrm_set_default # git bisect bad 047a749d231e4faccaf5f473cf73dc5732425f81 Bisecting: 0 revisions left to test after this (roughly 0 steps) [88d0adb5f13b1c52fbb7d755f6f79db18c2f0c2c] xfrm: notify default policy on update testing commit 88d0adb5f13b1c52fbb7d755f6f79db18c2f0c2c compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 943450b94ac70490ebe580ae7b6a13384dc7e4acdc1ef84e5ca93a02cbc1b8a4 run #0: crashed: WARNING: suspicious RCU usage in xfrm_set_default run #1: crashed: WARNING: suspicious RCU usage in xfrm_set_default run #2: crashed: WARNING: suspicious RCU usage in xfrm_set_default run #3: crashed: WARNING: suspicious RCU usage in xfrm_set_default run #4: crashed: WARNING: suspicious RCU usage in xfrm_set_default run #5: crashed: WARNING: suspicious RCU usage in xfrm_set_default run #6: crashed: WARNING: suspicious RCU usage in xfrm_set_default run #7: crashed: WARNING: suspicious RCU usage in xfrm_set_default run #8: crashed: WARNING: suspicious RCU usage in xfrm_set_default run #9: boot failed: KFENCE: use-after-free in kvm_fastop_exception # git bisect bad 88d0adb5f13b1c52fbb7d755f6f79db18c2f0c2c 88d0adb5f13b1c52fbb7d755f6f79db18c2f0c2c is the first bad commit commit 88d0adb5f13b1c52fbb7d755f6f79db18c2f0c2c Author: Nicolas Dichtel Date: Tue Sep 14 16:46:34 2021 +0200 xfrm: notify default policy on update This configuration knob is very sensible, it should be notified when changing. Fixes: 2d151d39073a ("xfrm: Add possibility to set the default to block if we have no policy") Signed-off-by: Nicolas Dichtel Signed-off-by: Steffen Klassert net/xfrm/xfrm_user.c | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) culprit signature: 943450b94ac70490ebe580ae7b6a13384dc7e4acdc1ef84e5ca93a02cbc1b8a4 parent signature: 1c403d2659033f4eaa7460b62ade316e8c59398475b1c00fe471de3a69c6bfa1 revisions tested: 16, total time: 3h39m37.99952093s (build: 1h44m37.99659407s, test: 1h53m21.920698437s) first bad commit: 88d0adb5f13b1c52fbb7d755f6f79db18c2f0c2c xfrm: notify default policy on update recipients (to): ["davem@davemloft.net" "herbert@gondor.apana.org.au" "kuba@kernel.org" "netdev@vger.kernel.org" "nicolas.dichtel@6wind.com" "steffen.klassert@secunet.com" "steffen.klassert@secunet.com"] recipients (cc): ["linux-kernel@vger.kernel.org"] crash: WARNING: suspicious RCU usage in xfrm_set_default ============================= WARNING: suspicious RCU usage 5.14.0-syzkaller #0 Not tainted ----------------------------- net/xfrm/xfrm_user.c:1157 suspicious rcu_dereference_check() usage! other info that might help us debug this: rcu_scheduler_active = 2, debug_locks = 1 1 lock held by syz-executor.2/10946: #0: ffff88801bfbcb18 ( &net->xfrm.xfrm_cfg_mutex ){+.+.}-{3:3} , at: xfrm_netlink_rcv+0x57/0x80 net/xfrm/xfrm_user.c:2928 stack backtrace: CPU: 0 PID: 10946 Comm: syz-executor.2 Not tainted 5.14.0-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x57/0x7d lib/dump_stack.c:105 xfrm_nlmsg_multicast net/xfrm/xfrm_user.c:1157 [inline] xfrm_notify_userpolicy net/xfrm/xfrm_user.c:1991 [inline] xfrm_set_default+0x621/0x7c0 net/xfrm/xfrm_user.c:2017 xfrm_user_rcv_msg+0x36f/0x920 net/xfrm/xfrm_user.c:2907 netlink_rcv_skb+0x118/0x370 net/netlink/af_netlink.c:2504 xfrm_netlink_rcv+0x66/0x80 net/xfrm/xfrm_user.c:2929 netlink_unicast_kernel net/netlink/af_netlink.c:1314 [inline] netlink_unicast+0x42e/0x700 net/netlink/af_netlink.c:1340 netlink_sendmsg+0x704/0xbf0 net/netlink/af_netlink.c:1929 sock_sendmsg_nosec net/socket.c:704 [inline] sock_sendmsg+0xab/0xe0 net/socket.c:724 ____sys_sendmsg+0x5bf/0x7a0 net/socket.c:2409 ___sys_sendmsg+0xd3/0x150 net/socket.c:2463 __sys_sendmsg+0xb2/0x140 net/socket.c:2492 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7ffb410ff739 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ffb40876188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 00007ffb41203f80 RCX: 00007ffb410ff739 RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000003 RBP: 00007ffb41159cc4 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffb41203f80 R13: 00007ffff463e14f R14: 00007ffb40876300 R15: 0000000000022000 unsupported nlmsg_type 40