bisecting fixing commit since 98db2bf27b9ed2d5ed0b6c9c8a4bfcb127a19796 building syzkaller on 5d7b90f1af2e3bf33992b75e7fcf0bab6bf49bd6 testing commit 98db2bf27b9ed2d5ed0b6c9c8a4bfcb127a19796 with gcc (GCC) 8.1.0 kernel signature: 6670f88d1ef861dddda9160a1328c5e282284675f610eae47671793b85371e5e run #0: crashed: WARNING in xfrm_policy_insert run #1: crashed: WARNING in xfrm_policy_insert run #2: crashed: WARNING in xfrm_policy_insert run #3: crashed: WARNING in xfrm_policy_insert run #4: crashed: WARNING in xfrm_policy_insert run #5: crashed: WARNING in xfrm_policy_insert run #6: crashed: WARNING in xfrm_policy_insert run #7: crashed: WARNING in xfrm_policy_insert run #8: crashed: WARNING in xfrm_policy_insert run #9: OK testing current HEAD b850307b279cbd12ab8c654d1a3dfe55319cc475 testing commit b850307b279cbd12ab8c654d1a3dfe55319cc475 with gcc (GCC) 8.1.0 kernel signature: 1439da634064557ab6b3f93239a9b810d491d240866f17f05a770d7fd5259da7 all runs: OK # git bisect start b850307b279cbd12ab8c654d1a3dfe55319cc475 98db2bf27b9ed2d5ed0b6c9c8a4bfcb127a19796 Bisecting: 658 revisions left to test after this (roughly 9 steps) [7a737ff66d257cd626811c1a9ccf8896d3e86b60] i2c: st: fix missing struct parameter description testing commit 7a737ff66d257cd626811c1a9ccf8896d3e86b60 with gcc (GCC) 8.1.0 kernel signature: 3b88322b2fa7f91d3ee958670052ad2ccd339c65dd455be39f50ebf8196db6bf run #0: crashed: WARNING in xfrm_policy_insert run #1: crashed: WARNING in xfrm_policy_insert run #2: crashed: WARNING in xfrm_policy_insert run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect good 7a737ff66d257cd626811c1a9ccf8896d3e86b60 Bisecting: 329 revisions left to test after this (roughly 8 steps) [440e152362d19bb5ffe7ef5677de1107ee9c0989] vfio/type1: Fix VA->PA translation for PFNMAP VMAs in vaddr_get_pfn() testing commit 440e152362d19bb5ffe7ef5677de1107ee9c0989 with gcc (GCC) 8.1.0 kernel signature: 969df77bea0845e97112b51c7233223aec04619d068ff69aece75654ab303033 run #0: crashed: WARNING in xfrm_policy_insert run #1: crashed: WARNING in xfrm_policy_insert run #2: crashed: WARNING in xfrm_policy_insert run #3: crashed: WARNING in xfrm_policy_insert run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect good 440e152362d19bb5ffe7ef5677de1107ee9c0989 Bisecting: 164 revisions left to test after this (roughly 7 steps) [8f24eaf37e69a96fadc9735d74d7c1f163ecec72] scsi: ibmvscsi: Fix WARN_ON during event pool release testing commit 8f24eaf37e69a96fadc9735d74d7c1f163ecec72 with gcc (GCC) 8.1.0 kernel signature: ffc38cc38bd5683f31a957c5f32390c12d2b1615d64b1d3f1958a1f61b91921a run #0: crashed: WARNING in xfrm_policy_insert run #1: crashed: WARNING in xfrm_policy_insert run #2: crashed: WARNING in xfrm_policy_insert run #3: crashed: WARNING in xfrm_policy_insert run #4: crashed: WARNING in xfrm_policy_insert run #5: crashed: WARNING in xfrm_policy_insert run #6: OK run #7: OK run #8: OK run #9: OK # git bisect good 8f24eaf37e69a96fadc9735d74d7c1f163ecec72 Bisecting: 82 revisions left to test after this (roughly 6 steps) [f0e47703123ed02d5186740232f4495e7a67216c] ALSA: hwdep: fix a left shifting 1 by 31 UB bug testing commit f0e47703123ed02d5186740232f4495e7a67216c with gcc (GCC) 8.1.0 kernel signature: 5d866aa8950fc618e466a1f07599cff4d134470e6ef915b0be4a21fef249882f run #0: crashed: WARNING in xfrm_policy_insert run #1: crashed: WARNING in xfrm_policy_insert run #2: crashed: WARNING in xfrm_policy_insert run #3: crashed: WARNING in xfrm_policy_insert run #4: crashed: WARNING in xfrm_policy_insert run #5: crashed: WARNING in xfrm_policy_insert run #6: OK run #7: OK run #8: OK run #9: OK # git bisect good f0e47703123ed02d5186740232f4495e7a67216c Bisecting: 41 revisions left to test after this (roughly 5 steps) [fe3f7e15ace0866a879cd79f8c8fb908c09a7fb7] s390/ftrace: save traced function caller testing commit fe3f7e15ace0866a879cd79f8c8fb908c09a7fb7 with gcc (GCC) 8.1.0 kernel signature: ced04d372deb7291da9bba3eab468c2f1d46400ee139659fb867ceebd5be02ce all runs: OK # git bisect bad fe3f7e15ace0866a879cd79f8c8fb908c09a7fb7 Bisecting: 20 revisions left to test after this (roughly 4 steps) [c6745328de7267de919b990f2e75d8ccfa787bf1] netfilter: nft_reject_bridge: enable reject with bridge vlan testing commit c6745328de7267de919b990f2e75d8ccfa787bf1 with gcc (GCC) 8.1.0 kernel signature: 8d6fa03c7674443c91e67d105debf3c0720c78a5bf1fa8a5b8297eaea17d55fc all runs: OK # git bisect bad c6745328de7267de919b990f2e75d8ccfa787bf1 Bisecting: 9 revisions left to test after this (roughly 3 steps) [e2f105e84edaf7bd32945e93de83352c75779dc1] mac80211: mesh: fix discovery timer re-arming issue / crash testing commit e2f105e84edaf7bd32945e93de83352c75779dc1 with gcc (GCC) 8.1.0 kernel signature: 5f33a23c7fb2529c35d784f28f3530da62d9707dacd12f495d07b12a260845c4 run #0: crashed: WARNING in xfrm_policy_insert run #1: crashed: WARNING in xfrm_policy_insert run #2: crashed: WARNING in xfrm_policy_insert run #3: crashed: WARNING in xfrm_policy_insert run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect good e2f105e84edaf7bd32945e93de83352c75779dc1 Bisecting: 4 revisions left to test after this (roughly 2 steps) [1cd914b02b5ae999b04f44871f39dde4bffde96e] xfrm: fix a warning in xfrm_policy_insert_list testing commit 1cd914b02b5ae999b04f44871f39dde4bffde96e with gcc (GCC) 8.1.0 kernel signature: f6fd1b696728c70bf0ad48ed903ca1b97e163398c795d3a9a67539ba58bb5f5b all runs: OK # git bisect bad 1cd914b02b5ae999b04f44871f39dde4bffde96e Bisecting: 2 revisions left to test after this (roughly 1 step) [30820bb615f22d80e025ecec1f6fca63d4660947] copy_xstate_to_kernel(): don't leave parts of destination uninitialized testing commit 30820bb615f22d80e025ecec1f6fca63d4660947 with gcc (GCC) 8.1.0 kernel signature: ebe2bc8c23500ab8a02ec86d194606404c4e0d445390a64c12033560e4f3dffc run #0: crashed: WARNING in xfrm_policy_insert run #1: crashed: WARNING in xfrm_policy_insert run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect good 30820bb615f22d80e025ecec1f6fca63d4660947 Bisecting: 0 revisions left to test after this (roughly 1 step) [af0fabbf821368f1cbc08b8b8d4ff866c6092f1b] xfrm: call xfrm_output_gso when inner_protocol is set in xfrm_output testing commit af0fabbf821368f1cbc08b8b8d4ff866c6092f1b with gcc (GCC) 8.1.0 kernel signature: d6f8f16b6040712880d87941abaecac54a2cb250e4c96c5a6fa532379a21f2d0 run #0: crashed: WARNING in xfrm_policy_insert run #1: crashed: WARNING in xfrm_policy_insert run #2: crashed: WARNING in xfrm_policy_insert run #3: crashed: WARNING in xfrm_policy_insert run #4: crashed: WARNING in xfrm_policy_insert run #5: crashed: WARNING in xfrm_policy_insert run #6: OK run #7: OK run #8: OK run #9: OK # git bisect good af0fabbf821368f1cbc08b8b8d4ff866c6092f1b 1cd914b02b5ae999b04f44871f39dde4bffde96e is the first bad commit commit 1cd914b02b5ae999b04f44871f39dde4bffde96e Author: Xin Long Date: Mon May 25 13:53:37 2020 +0800 xfrm: fix a warning in xfrm_policy_insert_list commit ed17b8d377eaf6b4a01d46942b4c647378a79bdd upstream. This waring can be triggered simply by: # ip xfrm policy update src 192.168.1.1/24 dst 192.168.1.2/24 dir in \ priority 1 mark 0 mask 0x10 #[1] # ip xfrm policy update src 192.168.1.1/24 dst 192.168.1.2/24 dir in \ priority 2 mark 0 mask 0x1 #[2] # ip xfrm policy update src 192.168.1.1/24 dst 192.168.1.2/24 dir in \ priority 2 mark 0 mask 0x10 #[3] Then dmesg shows: [ ] WARNING: CPU: 1 PID: 7265 at net/xfrm/xfrm_policy.c:1548 [ ] RIP: 0010:xfrm_policy_insert_list+0x2f2/0x1030 [ ] Call Trace: [ ] xfrm_policy_inexact_insert+0x85/0xe50 [ ] xfrm_policy_insert+0x4ba/0x680 [ ] xfrm_add_policy+0x246/0x4d0 [ ] xfrm_user_rcv_msg+0x331/0x5c0 [ ] netlink_rcv_skb+0x121/0x350 [ ] xfrm_netlink_rcv+0x66/0x80 [ ] netlink_unicast+0x439/0x630 [ ] netlink_sendmsg+0x714/0xbf0 [ ] sock_sendmsg+0xe2/0x110 The issue was introduced by Commit 7cb8a93968e3 ("xfrm: Allow inserting policies with matching mark and different priorities"). After that, the policies [1] and [2] would be able to be added with different priorities. However, policy [3] will actually match both [1] and [2]. Policy [1] was matched due to the 1st 'return true' in xfrm_policy_mark_match(), and policy [2] was matched due to the 2nd 'return true' in there. It caused WARN_ON() in xfrm_policy_insert_list(). This patch is to fix it by only (the same value and priority) as the same policy in xfrm_policy_mark_match(). Thanks to Yuehaibing, we could make this fix better. v1->v2: - check policy->mark.v == pol->mark.v only without mask. Fixes: 7cb8a93968e3 ("xfrm: Allow inserting policies with matching mark and different priorities") Reported-by: Xiumei Mu Signed-off-by: Xin Long Signed-off-by: Steffen Klassert Signed-off-by: Greg Kroah-Hartman net/xfrm/xfrm_policy.c | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) culprit signature: f6fd1b696728c70bf0ad48ed903ca1b97e163398c795d3a9a67539ba58bb5f5b parent signature: d6f8f16b6040712880d87941abaecac54a2cb250e4c96c5a6fa532379a21f2d0 revisions tested: 12, total time: 3h42m40.014925527s (build: 1h43m59.663192191s, test: 1h57m38.358705648s) first good commit: 1cd914b02b5ae999b04f44871f39dde4bffde96e xfrm: fix a warning in xfrm_policy_insert_list cc: ["gregkh@linuxfoundation.org" "lucien.xin@gmail.com" "steffen.klassert@secunet.com"]