ci starts bisection 2023-01-17 13:44:24.603784645 +0000 UTC m=+17590.536628564
bisecting cause commit starting from 0c68c8e5ec68262b6aee7cdbc32d95f4f1599fc8
building syzkaller on aedf5331532b3e25e24f8275ddf53f6905199201
ensuring issue is reproducible on original commit 0c68c8e5ec68262b6aee7cdbc32d95f4f1599fc8

testing commit 0c68c8e5ec68262b6aee7cdbc32d95f4f1599fc8 gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 71591aa9d5cc3f275ce0491f2d6b58b37b301e59929f673c94b3b5befbb4ae7b
all runs: crashed: kernel BUG in ip_frag_next
testing release v6.1
testing commit 830b3c68c1fb1e9176028d02ef86f3cf76aa2476 gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: bed371f1c4cf28db6a4b09258ff9675503d4e817d13cfda0092df5f6a50e58da
all runs: OK
# git bisect start 0c68c8e5ec68262b6aee7cdbc32d95f4f1599fc8 830b3c68c1fb1e9176028d02ef86f3cf76aa2476
Bisecting: 8079 revisions left to test after this (roughly 13 steps)
[1ca06f1c1acecbe02124f14a37cce347b8c1a90c] Merge tag 'xtensa-20221213' of https://github.com/jcmvbkbc/linux-xtensa

testing commit 1ca06f1c1acecbe02124f14a37cce347b8c1a90c gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: e8ee8d99337fdcfa823854581209959a9b0023a29a5789f78b2ed1d211b73d29
all runs: OK
# git bisect good 1ca06f1c1acecbe02124f14a37cce347b8c1a90c
Bisecting: 3979 revisions left to test after this (roughly 12 steps)
[8fa590bf344816c925810331eea8387627bbeb40] Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm

testing commit 8fa590bf344816c925810331eea8387627bbeb40 gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: e90b4fdfbcfa4f5716a0474a3e79d2d338c464bfe5d5c3b0a10e5531a93c454c
all runs: OK
# git bisect good 8fa590bf344816c925810331eea8387627bbeb40
Bisecting: 2003 revisions left to test after this (roughly 11 steps)
[b8fd76f41820951d8a6e2521c25f54afadf338bd] Merge tag 'iommu-updates-v6.2' of git://git.kernel.org/pub/scm/linux/kernel/git/joro/iommu

testing commit b8fd76f41820951d8a6e2521c25f54afadf338bd gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: d43b71128f236766182f3880a9e912c3493fe5e32221f1e3f9033a958eaa5501
all runs: OK
# git bisect good b8fd76f41820951d8a6e2521c25f54afadf338bd
Bisecting: 987 revisions left to test after this (roughly 10 steps)
[55c7d6a91d42ad98cbfb10da077ce8bb7084dc0e] Merge tag 'drm-next-2022-12-23' of git://anongit.freedesktop.org/drm/drm

testing commit 55c7d6a91d42ad98cbfb10da077ce8bb7084dc0e gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 8b7edbd208b8fa1be09610c4d6aaec0ceeab0749abf177ac891ac042298e5b49
all runs: OK
# git bisect good 55c7d6a91d42ad98cbfb10da077ce8bb7084dc0e
Bisecting: 493 revisions left to test after this (roughly 9 steps)
[731d69a6bd13b7c0cdbd3607edfa681269d54828] devlink: restart dump based on devlink instance ids (simple)

testing commit 731d69a6bd13b7c0cdbd3607edfa681269d54828 gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 75dd04bdb545ed51a0b2f91b8fa8e91afc703fd71aff73f8c6b7c69c1fb1f06a
all runs: OK
# git bisect good 731d69a6bd13b7c0cdbd3607edfa681269d54828
Bisecting: 278 revisions left to test after this (roughly 8 steps)
[5be413a6e2a16e08c8f0f1b59794a7203b5eca2c] Merge tag 's390-6.2-2' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux

testing commit 5be413a6e2a16e08c8f0f1b59794a7203b5eca2c gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 08ea635540db61e633f342c2a00ccafe660a8abdfc9f1d35c0d3ec002faef322
all runs: OK
# git bisect good 5be413a6e2a16e08c8f0f1b59794a7203b5eca2c
Bisecting: 174 revisions left to test after this (roughly 7 steps)
[55b98837e37da723c8b73ec0b48fe68c682b57d7] Merge branch 'vsock-update-tools-and-error-handling'

testing commit 55b98837e37da723c8b73ec0b48fe68c682b57d7 gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: a8e6ab08aa6c9769e62345478de6dd62e583e90101c355465523c5e4e71f778a
all runs: OK
# git bisect good 55b98837e37da723c8b73ec0b48fe68c682b57d7
Bisecting: 87 revisions left to test after this (roughly 7 steps)
[2955762b372b791a8f4cd862cf0b5fef9c456449] net: ptp: add helper for one-step P2P clocks

testing commit 2955762b372b791a8f4cd862cf0b5fef9c456449 gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 86c7552e4c8bae485867b29d65f05c23e0051fd59b8483c089e9f92a75897605
all runs: OK
# git bisect good 2955762b372b791a8f4cd862cf0b5fef9c456449
Bisecting: 43 revisions left to test after this (roughly 6 steps)
[97717e8dbda1dede65c4df12891332502df632f3] virtio-net: transmit the multi-buffer xdp

testing commit 97717e8dbda1dede65c4df12891332502df632f3 gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 433ecee023b4dc4d11ed43cf5eacb71abce859a4497ace1c5081031514b2a79c
all runs: OK
# git bisect good 97717e8dbda1dede65c4df12891332502df632f3
Bisecting: 21 revisions left to test after this (roughly 5 steps)
[afdc0aab49721807106d4c9003c27f443b650ecc] dt-bindings: net: dsa: sf2: fix brcm,use-bcm-hdr documentation

testing commit afdc0aab49721807106d4c9003c27f443b650ecc gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 6599fbe72050f7109df774ea5ea268ba89610b5a84c095798a07b8035e832d35
all runs: OK
# git bisect good afdc0aab49721807106d4c9003c27f443b650ecc
Bisecting: 10 revisions left to test after this (roughly 4 steps)
[501543b4fff0ff70bde28a829eb8835081ccef2f] devlink: remove some unnecessary code

testing commit 501543b4fff0ff70bde28a829eb8835081ccef2f gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: daff788b521ea6d9616fa3fed655ff0cd18bfc2dab9aebf9b0614284fd39b591
all runs: OK
# git bisect good 501543b4fff0ff70bde28a829eb8835081ccef2f
Bisecting: 5 revisions left to test after this (roughly 3 steps)
[a9724b9c477f63b834bc303b2fc0b1abdd3815de] net: ethernet: mtk_eth_soc: introduce mtk_hw_warm_reset support

testing commit a9724b9c477f63b834bc303b2fc0b1abdd3815de gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 74fde066427bd27069d8e4bbf96a435f1048026e765792aa3d4cb1a24b35cf1d
all runs: crashed: kernel BUG in ip_frag_next
# git bisect bad a9724b9c477f63b834bc303b2fc0b1abdd3815de
Bisecting: 2 revisions left to test after this (roughly 1 step)
[eedade12f4cb7284555c4c0314485e9575c70ab7] net: kfree_skb_list use kmem_cache_free_bulk

testing commit eedade12f4cb7284555c4c0314485e9575c70ab7 gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 12900ab964f9c75147594db0fcc5199561f4d856b7b346513c46a18de5198594
all runs: crashed: kernel BUG in ip_frag_next
# git bisect bad eedade12f4cb7284555c4c0314485e9575c70ab7
Bisecting: 0 revisions left to test after this (roughly 0 steps)
[a4650da2a2d6150a8ff1ea36fde9f6a26cf5fda3] net: fix call location in kfree_skb_list_reason

testing commit a4650da2a2d6150a8ff1ea36fde9f6a26cf5fda3 gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 1a061ce4dd2f45cb8905dcd61c2be40160eca996a9a9b2f34c078c0feafa8af6
all runs: OK
# git bisect good a4650da2a2d6150a8ff1ea36fde9f6a26cf5fda3
eedade12f4cb7284555c4c0314485e9575c70ab7 is the first bad commit
commit eedade12f4cb7284555c4c0314485e9575c70ab7
Author: Jesper Dangaard Brouer <brouer@redhat.com>
Date:   Fri Jan 13 14:52:04 2023 +0100

    net: kfree_skb_list use kmem_cache_free_bulk
    
    The kfree_skb_list function walks SKB (via skb->next) and frees them
    individually to the SLUB/SLAB allocator (kmem_cache). It is more
    efficient to bulk free them via the kmem_cache_free_bulk API.
    
    This patches create a stack local array with SKBs to bulk free while
    walking the list. Bulk array size is limited to 16 SKBs to trade off
    stack usage and efficiency. The SLUB kmem_cache "skbuff_head_cache"
    uses objsize 256 bytes usually in an order-1 page 8192 bytes that is
    32 objects per slab (can vary on archs and due to SLUB sharing). Thus,
    for SLUB the optimal bulk free case is 32 objects belonging to same
    slab, but runtime this isn't likely to occur.
    
    The expected gain from using kmem_cache bulk alloc and free API
    have been assessed via a microbencmark kernel module[1].
    
    The module 'slab_bulk_test01' results at bulk 16 element:
     kmem-in-loop Per elem: 109 cycles(tsc) 30.532 ns (step:16)
     kmem-bulk    Per elem: 64 cycles(tsc) 17.905 ns (step:16)
    
    More detailed description of benchmarks avail in [2].
    
    [1] https://github.com/netoptimizer/prototype-kernel/tree/master/kernel/mm
    [2] https://github.com/xdp-project/xdp-project/blob/master/areas/mem/kfree_skb_list01.org
    
    V2: rename function to kfree_skb_add_bulk.
    
    Reviewed-by: Saeed Mahameed <saeed@kernel.org>
    Signed-off-by: Jesper Dangaard Brouer <brouer@redhat.com>
    Signed-off-by: Paolo Abeni <pabeni@redhat.com>

 net/core/skbuff.c | 40 +++++++++++++++++++++++++++++++++++++++-
 1 file changed, 39 insertions(+), 1 deletion(-)

culprit signature: 12900ab964f9c75147594db0fcc5199561f4d856b7b346513c46a18de5198594
parent  signature: 1a061ce4dd2f45cb8905dcd61c2be40160eca996a9a9b2f34c078c0feafa8af6
revisions tested: 16, total time: 4h38m3.928096156s (build: 2h29m36.165931439s, test: 2h6m8.287047632s)
first bad commit: eedade12f4cb7284555c4c0314485e9575c70ab7 net: kfree_skb_list use kmem_cache_free_bulk
recipients (to): ["brouer@redhat.com" "pabeni@redhat.com" "saeed@kernel.org"]
recipients (cc): []
crash: kernel BUG in ip_frag_next
raw_sendmsg: syz-executor.0 forgot to set AF_INET. Fix it!
------------[ cut here ]------------
kernel BUG at net/ipv4/ip_output.c:724!
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
CPU: 1 PID: 5600 Comm: syz-executor.0 Not tainted 6.2.0-rc3-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023
RIP: 0010:ip_frag_next+0x999/0xa80 net/ipv4/ip_output.c:724
Code: 06 fb ff ff 4c 89 14 24 e8 74 e7 20 fa 4c 8b 14 24 e9 c7 fd ff ff 48 8b 7c 24 08 e8 61 e7 20 fa 4c 8b 54 24 10 e9 b3 f9 ff ff <0f> 0b 48 8b 3c 24 4c 89 54 24 10 e8 87 e7 20 fa 4c 8b 54 24 10 e9
RSP: 0018:ffffc90004d777d8 EFLAGS: 00010282
RAX: 00000000fffffff2 RBX: ffffc90004d77940 RCX: 00000000000005dc
RDX: ffff888079fbc024 RSI: 0000000000000ba4 RDI: ffff88801ea9ebb0
RBP: ffffc90004d77944 R08: 0000000000000ba4 R09: ffff888079fbc023
R10: ffffc90004d77958 R11: ffff888079fbc010 R12: ffff88801ea9e000
R13: ffffc90004d77950 R14: 00000000000005c8 R15: ffff88801fe10c80
FS:  00007f4bca94f700(0000) GS:ffff8880b9b00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000020010000 CR3: 0000000021106000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 ip_do_fragment+0x731/0x18f0 net/ipv4/ip_output.c:902
 dst_output include/net/dst.h:444 [inline]
 ip_local_out net/ipv4/ip_output.c:126 [inline]
 ip_send_skb net/ipv4/ip_output.c:1586 [inline]
 ip_push_pending_frames+0xe7/0x210 net/ipv4/ip_output.c:1606
 raw_sendmsg+0xef4/0x2670 net/ipv4/raw.c:645
 sock_sendmsg_nosec net/socket.c:722 [inline]
 sock_sendmsg+0xc0/0x150 net/socket.c:745
 __sys_sendto+0x1bf/0x290 net/socket.c:2142
 __do_sys_sendto net/socket.c:2154 [inline]
 __se_sys_sendto net/socket.c:2150 [inline]
 __x64_sys_sendto+0xdc/0x1b0 net/socket.c:2150
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7f4bc9c8c0c9
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f4bca94f168 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
RAX: ffffffffffffffda RBX: 00007f4bc9dabf80 RCX: 00007f4bc9c8c0c9
RDX: 000000000000fcf2 RSI: 0000000020000380 RDI: 0000000000000003
RBP: 00007f4bc9ce7ae9 R08: 0000000020001380 R09: 000000000000006e
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffd23bd300f R14: 00007f4bca94f300 R15: 0000000000022000
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:ip_frag_next+0x999/0xa80 net/ipv4/ip_output.c:724
Code: 06 fb ff ff 4c 89 14 24 e8 74 e7 20 fa 4c 8b 14 24 e9 c7 fd ff ff 48 8b 7c 24 08 e8 61 e7 20 fa 4c 8b 54 24 10 e9 b3 f9 ff ff <0f> 0b 48 8b 3c 24 4c 89 54 24 10 e8 87 e7 20 fa 4c 8b 54 24 10 e9
RSP: 0018:ffffc90004d777d8 EFLAGS: 00010282
RAX: 00000000fffffff2 RBX: ffffc90004d77940 RCX: 00000000000005dc
RDX: ffff888079fbc024 RSI: 0000000000000ba4 RDI: ffff88801ea9ebb0
RBP: ffffc90004d77944 R08: 0000000000000ba4 R09: ffff888079fbc023
R10: ffffc90004d77958 R11: ffff888079fbc010 R12: ffff88801ea9e000
R13: ffffc90004d77950 R14: 00000000000005c8 R15: ffff88801fe10c80
FS:  00007f4bca94f700(0000) GS:ffff8880b9b00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000020010000 CR3: 0000000021106000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400