bisecting cause commit starting from 4874fb9484be4cee78d8b3b0f0209cd16e5ae35d building syzkaller on bff65f44b47bd73f56c3d6a5c3899de5f5775136 testing commit 4874fb9484be4cee78d8b3b0f0209cd16e5ae35d compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: f24a47cef64e1c3bfca8f3ecaa17efccd5ec09b1844e3967a9aacacaceb8374a run #0: basic kernel testing failed: BUG: program execution failed: executor NUM: exit status NUM run #1: crashed: WARNING in bpf_skb_load_helper_32 run #2: crashed: WARNING in bpf_skb_load_helper_32 run #3: crashed: WARNING in bpf_skb_load_helper_32 run #4: crashed: WARNING in bpf_skb_load_helper_32 run #5: crashed: WARNING in bpf_skb_load_helper_32 run #6: crashed: WARNING in bpf_skb_load_helper_32 run #7: crashed: WARNING in bpf_skb_load_helper_32 run #8: crashed: WARNING in bpf_skb_load_helper_32 run #9: crashed: WARNING in bpf_skb_load_helper_32 run #10: crashed: WARNING in bpf_skb_load_helper_32 run #11: crashed: WARNING in bpf_skb_load_helper_32 run #12: crashed: WARNING in bpf_skb_load_helper_32 run #13: crashed: WARNING in bpf_skb_load_helper_32 run #14: crashed: WARNING in bpf_skb_load_helper_32 run #15: crashed: WARNING in bpf_skb_load_helper_32 run #16: crashed: WARNING in bpf_skb_load_helper_32 run #17: crashed: WARNING in bpf_skb_load_helper_32 run #18: crashed: WARNING in bpf_skb_load_helper_32 run #19: crashed: WARNING in bpf_skb_load_helper_32 testing release v5.18 testing commit 4b0986a3613c92f4ec1bdc7f60ec66fea135991f compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 032913cef38497e10477931b86f713238e05c31a4ccdb115fa930516a9959ae6 all runs: OK # git bisect start 4874fb9484be4cee78d8b3b0f0209cd16e5ae35d 4b0986a3613c92f4ec1bdc7f60ec66fea135991f Bisecting: 8029 revisions left to test after this (roughly 13 steps) [c011dd537ffe47462051930413fed07dbdc80313] Merge tag 'arm-soc-5.19' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc testing commit c011dd537ffe47462051930413fed07dbdc80313 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 3f9d4043702bdad9c32a60c39149ae73ac2e6698eadfe201e6d7abd4e6669dfd run #0: basic kernel testing failed: BUG: program execution failed: executor NUM: failed to write control pipe: write |NUM: broken pipe run #1: basic kernel testing failed: BUG: program execution failed: executor NUM: failed to write control pipe: write |NUM: broken pipe run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect good c011dd537ffe47462051930413fed07dbdc80313 Bisecting: 4019 revisions left to test after this (roughly 12 steps) [55fe92179058406fe00bff2167c94443a7b2e07a] Merge tag 'i3c/for-5.19' of git://git.kernel.org/pub/scm/linux/kernel/git/i3c/linux testing commit 55fe92179058406fe00bff2167c94443a7b2e07a compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: fe615f587575657bfc9db985db39b9fdb7deff1664253fbad10a295264c90d09 all runs: OK # git bisect good 55fe92179058406fe00bff2167c94443a7b2e07a Bisecting: 2009 revisions left to test after this (roughly 11 steps) [bc1e02c3e500e2eec5afd2fd3efc3b7f9637c35c] Merge tag 'sched-urgent-2022-06-05' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip testing commit bc1e02c3e500e2eec5afd2fd3efc3b7f9637c35c compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 7ee57d51227b5071a7815de62737ccdd836c63b46666b0235d4684c3e8f3fd8f run #0: OK run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: boot failed: INFO: task hung in add_early_randomness run #8: boot failed: INFO: task hung in add_early_randomness run #9: boot failed: INFO: task hung in add_early_randomness # git bisect good bc1e02c3e500e2eec5afd2fd3efc3b7f9637c35c Bisecting: 1013 revisions left to test after this (roughly 10 steps) [c24eb8d6a5b2da4cbef6a053f58ea9818c6dd659] Merge tag 'usb-5.19-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb testing commit c24eb8d6a5b2da4cbef6a053f58ea9818c6dd659 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 1329afbf572300760e35ed10ec10508ca7ddb0f8db7025ed5cdd01df7a67153d all runs: OK # git bisect good c24eb8d6a5b2da4cbef6a053f58ea9818c6dd659 Bisecting: 506 revisions left to test after this (roughly 9 steps) [15137daef7b0d7981ce81b28a64abfe3df2455fb] nfp: add support for 'ethtool -t DEVNAME' command testing commit 15137daef7b0d7981ce81b28a64abfe3df2455fb compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: d9e3ff11d30d9cc5b50c725076c64a292132efa8f0f05373c819336f985147ec all runs: crashed: WARNING in bpf_skb_load_helper_32 # git bisect bad 15137daef7b0d7981ce81b28a64abfe3df2455fb Bisecting: 291 revisions left to test after this (roughly 8 steps) [4875d94c69d5a4836c4225b51429d277c297aae8] tipc: cleanup unused function testing commit 4875d94c69d5a4836c4225b51429d277c297aae8 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: e8a30e25e99be9b9a59654c3bd1675ac855b72f246e8d0bf61f3b14ff7ac025c run #0: basic kernel testing failed: BUG: program execution failed: executor NUM: failed to write control pipe: write |NUM: broken pipe run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect good 4875d94c69d5a4836c4225b51429d277c297aae8 Bisecting: 145 revisions left to test after this (roughly 7 steps) [048fcbb71a0e4d8a30b7bd0a497cd032b25d1186] mlxsw: spectrum_fid: Implement missing operations for rFID and dummy FID testing commit 048fcbb71a0e4d8a30b7bd0a497cd032b25d1186 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: ab6993ce339a827ff4fbb4916bbbc9616b5501c89106716df5e7ae2575b576fb all runs: crashed: WARNING in bpf_skb_load_helper_32 # git bisect bad 048fcbb71a0e4d8a30b7bd0a497cd032b25d1186 Bisecting: 72 revisions left to test after this (roughly 6 steps) [784d5dc0efc28bd0a52ccfedb707eba71d8bc8af] selftests/bpf: Add selftests for raw syncookie helpers in TC mode testing commit 784d5dc0efc28bd0a52ccfedb707eba71d8bc8af compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: ebb91da58abc8eb396e1192c596a4c916428b075f88e886a17396a8cf147648e run #0: basic kernel testing failed: BUG: program execution failed: executor NUM: failed to write control pipe: write |NUM: broken pipe run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect good 784d5dc0efc28bd0a52ccfedb707eba71d8bc8af Bisecting: 36 revisions left to test after this (roughly 5 steps) [485c281cadf784b4b4182f0854858cfd2fe87d34] mlxsw: reg: Add VID related fields to SFD register testing commit 485c281cadf784b4b4182f0854858cfd2fe87d34 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: d1036fae6d547fae054bb1a0a633e0d4457b87f81c71ceb68b95c10866f5bbbf all runs: OK # git bisect good 485c281cadf784b4b4182f0854858cfd2fe87d34 Bisecting: 18 revisions left to test after this (roughly 4 steps) [7012033ce10e0968e6cb82709aa0ed7f2080b61e] net: dsa: microchip: update the ksz_phylink_get_caps testing commit 7012033ce10e0968e6cb82709aa0ed7f2080b61e compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 29637c4b31dfbceb2db6cdf6be167beb2a740e59e7255dc05137923e6550f677 run #0: basic kernel testing failed: BUG: program execution failed: executor NUM: failed to write control pipe: write |NUM: broken pipe run #1: crashed: WARNING in bpf_skb_load_helper_32 run #2: crashed: WARNING in bpf_skb_load_helper_32 run #3: crashed: WARNING in bpf_skb_load_helper_32 run #4: crashed: WARNING in bpf_skb_load_helper_32 run #5: crashed: WARNING in bpf_skb_load_helper_32 run #6: crashed: WARNING in bpf_skb_load_helper_32 run #7: crashed: WARNING in bpf_skb_load_helper_32 run #8: crashed: WARNING in bpf_skb_load_helper_32 run #9: crashed: WARNING in bpf_skb_load_helper_32 # git bisect bad 7012033ce10e0968e6cb82709aa0ed7f2080b61e Bisecting: 8 revisions left to test after this (roughly 3 steps) [af185d8c76333daa877678e0166a7b45e63bf3c4] raw: complete rcu conversion testing commit af185d8c76333daa877678e0166a7b45e63bf3c4 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 4596e0bb0d2ceea2cdacf04b0976842fee8665a27af5f153f8234f09a936f536 run #0: basic kernel testing failed: BUG: program execution failed: executor NUM: failed to write control pipe: write |NUM: broken pipe run #1: crashed: WARNING in bpf_skb_load_helper_32 run #2: crashed: WARNING in bpf_skb_load_helper_32 run #3: crashed: WARNING in bpf_skb_load_helper_32 run #4: crashed: WARNING in bpf_skb_load_helper_32 run #5: crashed: WARNING in bpf_skb_load_helper_32 run #6: crashed: WARNING in bpf_skb_load_helper_32 run #7: crashed: WARNING in bpf_skb_load_helper_32 run #8: crashed: WARNING in bpf_skb_load_helper_32 run #9: crashed: WARNING in bpf_skb_load_helper_32 # git bisect bad af185d8c76333daa877678e0166a7b45e63bf3c4 Bisecting: 4 revisions left to test after this (roughly 2 steps) [ad9592c061e319ec9ac2ea44bc5548e06937b376] mlxsw: reg: Add egress FID field to RITR register testing commit ad9592c061e319ec9ac2ea44bc5548e06937b376 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 16a3070c7deb8dd58bdd94e32d111df5f9c5ee625e87b7f45f154995c11d4f6a run #0: basic kernel testing failed: BUG: program execution failed: executor NUM: failed to write control pipe: write |NUM: broken pipe run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect good ad9592c061e319ec9ac2ea44bc5548e06937b376 Bisecting: 2 revisions left to test after this (roughly 1 step) [b3820922651a678ef50b2247fb80dcd01c82534e] mlxsw: reg: Add support for VLAN RIF as part of RITR register testing commit b3820922651a678ef50b2247fb80dcd01c82534e compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: e5bb0ddf419c636d6d593909c81d61790cf5cb8db215a15d21930686acf23557 all runs: OK # git bisect good b3820922651a678ef50b2247fb80dcd01c82534e Bisecting: 0 revisions left to test after this (roughly 1 step) [f9aefd6b2aa38b9787d2705f0f1161dfd23cdb8f] net: warn if mac header was not set testing commit f9aefd6b2aa38b9787d2705f0f1161dfd23cdb8f compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: b91e2cf1e0ef05ce1e4e4d1abaf27ee7dcdc2ba1061508fe3c15c5064e0a156f all runs: crashed: WARNING in bpf_skb_load_helper_32 # git bisect bad f9aefd6b2aa38b9787d2705f0f1161dfd23cdb8f Bisecting: 0 revisions left to test after this (roughly 0 steps) [4336487e30c37a2e82a1fed2370d3134cc5b6505] Merge branch 'mlxsw-unified-bridge-conversion-part-1' testing commit 4336487e30c37a2e82a1fed2370d3134cc5b6505 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 22e57b9c13f0c0719bf13ca14f5ba4757f04bed1bae9fde8ee8c1f5c34f98ac6 all runs: OK # git bisect good 4336487e30c37a2e82a1fed2370d3134cc5b6505 f9aefd6b2aa38b9787d2705f0f1161dfd23cdb8f is the first bad commit commit f9aefd6b2aa38b9787d2705f0f1161dfd23cdb8f Author: Eric Dumazet Date: Mon Jun 20 02:30:17 2022 -0700 net: warn if mac header was not set Make sure skb_mac_header(), skb_mac_offset() and skb_mac_header_len() uses are not fooled if the mac header has not been set. These checks are enabled if CONFIG_DEBUG_NET=y This commit will likely expose existing bugs in linux networking stacks. Signed-off-by: Eric Dumazet Link: https://lore.kernel.org/r/20220620093017.3366713-1-eric.dumazet@gmail.com Signed-off-by: Paolo Abeni include/linux/skbuff.h | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) culprit signature: b91e2cf1e0ef05ce1e4e4d1abaf27ee7dcdc2ba1061508fe3c15c5064e0a156f parent signature: 22e57b9c13f0c0719bf13ca14f5ba4757f04bed1bae9fde8ee8c1f5c34f98ac6 revisions tested: 17, total time: 3h53m12.593134915s (build: 1h55m38.560796951s, test: 1h55m45.348240824s) first bad commit: f9aefd6b2aa38b9787d2705f0f1161dfd23cdb8f net: warn if mac header was not set recipients (to): ["edumazet@google.com" "linux-kernel@vger.kernel.org" "pabeni@redhat.com"] recipients (cc): ["davem@davemloft.net" "dsahern@kernel.org" "edumazet@google.com" "imagedong@tencent.com" "keescook@chromium.org" "kuba@kernel.org"] crash: WARNING in bpf_skb_load_helper_32 ------------[ cut here ]------------ WARNING: CPU: 0 PID: 4102 at include/linux/skbuff.h:2773 skb_mac_header_was_set include/linux/skbuff.h:2768 [inline] WARNING: CPU: 0 PID: 4102 at include/linux/skbuff.h:2773 skb_mac_header include/linux/skbuff.h:2773 [inline] WARNING: CPU: 0 PID: 4102 at include/linux/skbuff.h:2773 bpf_internal_load_pointer_neg_helper+0x1b3/0x1e0 kernel/bpf/core.c:74 Modules linked in: CPU: 0 PID: 4102 Comm: syz-executor.0 Not tainted 5.19.0-rc2-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 RIP: 0010:skb_mac_header include/linux/skbuff.h:2773 [inline] RIP: 0010:bpf_internal_load_pointer_neg_helper+0x1b3/0x1e0 kernel/bpf/core.c:74 Code: 8b 04 24 e9 d8 fe ff ff 89 54 24 14 89 74 24 08 48 89 04 24 e8 be e1 36 00 8b 54 24 14 8b 74 24 08 48 8b 04 24 e9 68 ff ff ff <0f> 0b e9 72 ff ff ff 89 54 24 08 89 34 24 e8 ba e1 36 00 8b 54 24 RSP: 0018:ffffc90002dbf6c0 EFLAGS: 00010246 RAX: ffff88807f537400 RBX: ffff888074eeda00 RCX: 000000000000ffff RDX: 0000000000000004 RSI: ffffffffffeff00c RDI: ffff888074eedaba RBP: dffffc0000000000 R08: 0000000000000000 R09: ffffffff8f96f907 R10: fffffbfff1f2df20 R11: 0000000000000001 R12: 0000000000000000 R13: 0000000000000000 R14: ffff88807f537400 R15: 0000000000000000 FS: 00007f29c1d21700(0000) GS:ffff8880b9c00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000020009d00 CR3: 0000000024413000 CR4: 00000000003506f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: ____bpf_skb_load_helper_32 net/core/filter.c:276 [inline] bpf_skb_load_helper_32+0x126/0x1b0 net/core/filter.c:264 Kernel panic - not syncing: panic_on_warn set ... CPU: 0 PID: 4102 Comm: syz-executor.0 Not tainted 5.19.0-rc2-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 Call Trace: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x57/0x7d lib/dump_stack.c:106 panic+0x227/0x466 kernel/panic.c:274 __warn.cold+0x150/0x1de kernel/panic.c:625 report_bug+0x15a/0x1c0 lib/bug.c:198 handle_bug+0x3c/0x60 arch/x86/kernel/traps.c:316 exc_invalid_op+0x14/0x40 arch/x86/kernel/traps.c:336 asm_exc_invalid_op+0x1b/0x20 arch/x86/include/asm/idtentry.h:568 RIP: 0010:skb_mac_header include/linux/skbuff.h:2773 [inline] RIP: 0010:bpf_internal_load_pointer_neg_helper+0x1b3/0x1e0 kernel/bpf/core.c:74 Code: 8b 04 24 e9 d8 fe ff ff 89 54 24 14 89 74 24 08 48 89 04 24 e8 be e1 36 00 8b 54 24 14 8b 74 24 08 48 8b 04 24 e9 68 ff ff ff <0f> 0b e9 72 ff ff ff 89 54 24 08 89 34 24 e8 ba e1 36 00 8b 54 24 RSP: 0018:ffffc90002dbf6c0 EFLAGS: 00010246 RAX: ffff88807f537400 RBX: ffff888074eeda00 RCX: 000000000000ffff RDX: 0000000000000004 RSI: ffffffffffeff00c RDI: ffff888074eedaba RBP: dffffc0000000000 R08: 0000000000000000 R09: ffffffff8f96f907 R10: fffffbfff1f2df20 R11: 0000000000000001 R12: 0000000000000000 R13: 0000000000000000 R14: ffff88807f537400 R15: 0000000000000000 ____bpf_skb_load_helper_32 net/core/filter.c:276 [inline] bpf_skb_load_helper_32+0x126/0x1b0 net/core/filter.c:264 Kernel Offset: disabled