ci starts bisection 2024-03-09 22:09:58.595995905 +0000 UTC m=+44914.893185031 bisecting cause commit starting from d7e14e534493328cc5f67baaff2b0c23d32b0a57 building syzkaller on 6ee49f2e61b06b3d64c676dd2232a5ac362902a6 ensuring issue is reproducible on original commit d7e14e534493328cc5f67baaff2b0c23d32b0a57 testing commit d7e14e534493328cc5f67baaff2b0c23d32b0a57 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 602baba811bd30d9460e434601e32d7bdb44d5b9628b00c3812d35988780b0ac all runs: crashed: kernel BUG in __nla_validate_parse representative crash: kernel BUG in __nla_validate_parse, types: [BUG] check whether we can drop unnecessary instrumentation disabling configs for [HANG LEAK UBSAN KASAN LOCKDEP ATOMIC_SLEEP], they are not needed testing commit d7e14e534493328cc5f67baaff2b0c23d32b0a57 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 9fd227e5a7fd330efc6e1e1bf7d7a5ed1b56827275ad01c8832468488e6f0c1b all runs: OK false negative chance: 0.000 kconfig minimization: base=3937 full=7969 leaves diff=2021 split chunks (needed=false): <2021> split chunk #0 of len 2021 into 5 parts testing without sub-chunk 1/5 testing commit d7e14e534493328cc5f67baaff2b0c23d32b0a57 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: c236d0eff7b59585574640e101ef953637bcf4c54065f6065eb1d189aa226d01 all runs: crashed: kernel BUG in __nla_validate_parse representative crash: kernel BUG in __nla_validate_parse, types: [BUG] the chunk can be dropped testing without sub-chunk 2/5 testing commit d7e14e534493328cc5f67baaff2b0c23d32b0a57 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: b3c878f101a73afaa68be9ef558bfce8b26cc7ca654aa57b35d3dca94e9ecd31 all runs: crashed: kernel BUG in __nla_validate_parse representative crash: kernel BUG in __nla_validate_parse, types: [BUG] the chunk can be dropped testing without sub-chunk 3/5 testing commit d7e14e534493328cc5f67baaff2b0c23d32b0a57 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: d1d56244f2ccaa85122d6745f28f3fac5c692b4c0926134c9ec0255bb87746fb all runs: crashed: kernel BUG in __nla_validate_parse representative crash: kernel BUG in __nla_validate_parse, types: [BUG] the chunk can be dropped testing without sub-chunk 4/5 testing commit d7e14e534493328cc5f67baaff2b0c23d32b0a57 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 70a003f0d68ab76b92018eb94f850d0d8e61babe66536f948bc83775593338cf all runs: crashed: kernel BUG in __nla_validate_parse representative crash: kernel BUG in __nla_validate_parse, types: [BUG] the chunk can be dropped testing without sub-chunk 5/5 testing commit d7e14e534493328cc5f67baaff2b0c23d32b0a57 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 958000d0728c01c3f810f7550b34bd1b81c8baf3cfc8c9820ef73b3641ec5111 all runs: crashed: kernel BUG in __nla_validate_parse representative crash: kernel BUG in __nla_validate_parse, types: [BUG] the chunk can be dropped picked [v6.7 v6.6 v6.5 v6.3 v6.1 v5.19 v5.17 v5.15 v5.12 v5.9 v5.6 v5.3 v5.0 v4.19] out of 30 release tags testing release v6.7 testing commit 0dd3ee31125508cd67f7e7172247f05b7fd1753a gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 1a925ecccdcdf29b81672ae54afacf8e995b02e007cf64d7bd19d4ef334f9c25 all runs: OK false negative chance: 0.000 # git bisect start d7e14e534493328cc5f67baaff2b0c23d32b0a57 0dd3ee31125508cd67f7e7172247f05b7fd1753a Bisecting: 8808 revisions left to test after this (roughly 13 steps) [7912a6391f3ee7eb9f9a69227a209d502679bc0c] Merge tag 'sound-6.8-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound testing commit 7912a6391f3ee7eb9f9a69227a209d502679bc0c gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 9a184cd147d65ebf11bee6432d14216d3cb12757475d3d945ab4321506816fe2 all runs: OK false negative chance: 0.000 # git bisect good 7912a6391f3ee7eb9f9a69227a209d502679bc0c Bisecting: 4400 revisions left to test after this (roughly 12 steps) [8a696a29c6905594e4abf78eaafcb62165ac61f1] Merge tag 'platform-drivers-x86-v6.8-2' of git://git.kernel.org/pub/scm/linux/kernel/git/pdx86/platform-drivers-x86 testing commit 8a696a29c6905594e4abf78eaafcb62165ac61f1 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: a410fa49fbc5d2b8f3f46bd94ac8cf795934a1b1f6e9b1adba33ed64d05cebbf all runs: OK false negative chance: 0.000 # git bisect good 8a696a29c6905594e4abf78eaafcb62165ac61f1 Bisecting: 2305 revisions left to test after this (roughly 11 steps) [df4793505abd5df399bc6d9a4d8fe81761f557cd] Merge tag 'net-6.8-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net testing commit df4793505abd5df399bc6d9a4d8fe81761f557cd gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: fd88d808145f1441eaa4cd0c9e9af39f0b15dc0d6c83ab2915b3501ec16cf6e7 all runs: OK false negative chance: 0.000 # git bisect good df4793505abd5df399bc6d9a4d8fe81761f557cd Bisecting: 1007 revisions left to test after this (roughly 10 steps) [e199c4ba8260ba845d9faf972d0718562cae042a] Merge tag 'wireless-next-2024-02-20' of git://git.kernel.org/pub/scm/linux/kernel/git/wireless/wireless-next testing commit e199c4ba8260ba845d9faf972d0718562cae042a gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: fd20b0c35a558b7b6220db5116b9f49cf93f004eeff5bfa5c721caf7371adb87 all runs: OK false negative chance: 0.000 # git bisect good e199c4ba8260ba845d9faf972d0718562cae042a Bisecting: 503 revisions left to test after this (roughly 9 steps) [b78fcd0a36a7d11cc71e7ee56bb27e71aea8464a] Merge branch 'mptcp-lowat-sockopt' testing commit b78fcd0a36a7d11cc71e7ee56bb27e71aea8464a gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 84ad2a6160076a4e79f8a2cfd8667c14b29b7df421829be215c43f250e40c741 all runs: OK false negative chance: 0.000 # git bisect good b78fcd0a36a7d11cc71e7ee56bb27e71aea8464a Bisecting: 251 revisions left to test after this (roughly 8 steps) [746c19a52ec50b81422fd4772254d55e588d7df6] net: nexthop: Add ability to enable / disable hardware statistics testing commit 746c19a52ec50b81422fd4772254d55e588d7df6 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 0ad0b56018f9e67b9118be8d422faee166cd9b47be2f7492f2f20940698b3cc9 all runs: crashed: kernel BUG in __nla_validate_parse representative crash: kernel BUG in __nla_validate_parse, types: [BUG] # git bisect bad 746c19a52ec50b81422fd4772254d55e588d7df6 Bisecting: 125 revisions left to test after this (roughly 7 steps) [db72b6fc8fa0eae6ad69707dcce7db5e7cd32180] Merge branch '100GbE' of git://git.kernel.org/pub/scm/linux/kernel/git/tnguy/next-queue testing commit db72b6fc8fa0eae6ad69707dcce7db5e7cd32180 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 46e5996fc6bdb44141d729cef3681a9dae7fc625ed4a9ca5d6cf7fb1df3e538f all runs: OK false negative chance: 0.000 # git bisect good db72b6fc8fa0eae6ad69707dcce7db5e7cd32180 Bisecting: 67 revisions left to test after this (roughly 6 steps) [9cb3d523c153e1ca9f8ad3b9cdacc3d614eb66eb] net: usbnet: Remove generic .ndo_get_stats64 testing commit 9cb3d523c153e1ca9f8ad3b9cdacc3d614eb66eb gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: d01faff5f70f11933a300dd1f123b54f74160106ce8d82c7f71ad68ec93cdfd2 all runs: OK false negative chance: 0.000 # git bisect good 9cb3d523c153e1ca9f8ad3b9cdacc3d614eb66eb Bisecting: 33 revisions left to test after this (roughly 5 steps) [c66fb480a3302577f657a5d4f5308312bf1b52f8] selftests: userspace pm: avoid relaunching pm events testing commit c66fb480a3302577f657a5d4f5308312bf1b52f8 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 80a7fb452acf85107f950053e440eab6d7935bd451416260205ffb3a8e307405 all runs: OK false negative chance: 0.000 # git bisect good c66fb480a3302577f657a5d4f5308312bf1b52f8 Bisecting: 16 revisions left to test after this (roughly 4 steps) [df51b84564159cdd91a67ee0f9e30b42b3a73cef] ipv6: move tcp_ipv6_hash_secret and udp_ipv6_hash_secret to net_hotdata testing commit df51b84564159cdd91a67ee0f9e30b42b3a73cef gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: bf7d4abd87f2b017044828ce89b99abdd442a3a48d5bad0d6bd2e36441e0ef4f all runs: OK false negative chance: 0.000 # git bisect good df51b84564159cdd91a67ee0f9e30b42b3a73cef Bisecting: 8 revisions left to test after this (roughly 3 steps) [9b78bbef5138bee1b6fc08e2b6a2e27f2e382048] net: chelsio: remove unused function calc_tx_descs testing commit 9b78bbef5138bee1b6fc08e2b6a2e27f2e382048 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 551eb18550065bc2ea6aa7711f3a0f6eb663eb46fdb297efbd1d6f8a8e729899 all runs: OK false negative chance: 0.000 # git bisect good 9b78bbef5138bee1b6fc08e2b6a2e27f2e382048 Bisecting: 4 revisions left to test after this (roughly 2 steps) [2118f9390d83cf942de8b34faf3d35b54f9f4eee] net: nexthop: Adjust netlink policy parsing for a new attribute testing commit 2118f9390d83cf942de8b34faf3d35b54f9f4eee gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 9d152553ae50e68ea7d63832acfa0b349f2d79b37091aa8ded71302fdf31078b all runs: crashed: kernel BUG in __nla_validate_parse representative crash: kernel BUG in __nla_validate_parse, types: [BUG] # git bisect bad 2118f9390d83cf942de8b34faf3d35b54f9f4eee Bisecting: 1 revision left to test after this (roughly 1 step) [caabd859c41b50a571cfdf7747de9f245c5d531b] tcp: Add skb addr and sock addr to arguments of tracepoint tcp_probe. testing commit caabd859c41b50a571cfdf7747de9f245c5d531b gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 003efda98688e7661d62b175908f599ba20a0c282fed39504d2b81806f9b13af all runs: OK false negative chance: 0.000 # git bisect good caabd859c41b50a571cfdf7747de9f245c5d531b Bisecting: 0 revisions left to test after this (roughly 0 steps) [3b43f19d065d2e6669209f991bbf1522b351d0c4] octeontx2-pf: Add TC flower offload support for TCP flags testing commit 3b43f19d065d2e6669209f991bbf1522b351d0c4 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 2dff5b11663cdf94992d4dcd4ae2e159af33fd7fff837d1ce718c7aecb5c4e3a all runs: OK false negative chance: 0.000 # git bisect good 3b43f19d065d2e6669209f991bbf1522b351d0c4 2118f9390d83cf942de8b34faf3d35b54f9f4eee is the first bad commit commit 2118f9390d83cf942de8b34faf3d35b54f9f4eee Author: Petr Machata Date: Wed Mar 6 13:49:15 2024 +0100 net: nexthop: Adjust netlink policy parsing for a new attribute A following patch will introduce a new attribute, op-specific flags to adjust the behavior of an operation. Different operations will recognize different flags. - To make the differentiation possible, stop sharing the policies for get and del operations. - To allow querying for presence of the attribute, have all the attribute arrays sized to NHA_MAX, regardless of what is permitted by policy, and pass the corresponding value to nlmsg_parse() as well. Signed-off-by: Petr Machata Reviewed-by: David Ahern Reviewed-by: Ido Schimmel Signed-off-by: David S. Miller net/ipv4/nexthop.c | 58 ++++++++++++++++++++++++++---------------------------- 1 file changed, 28 insertions(+), 30 deletions(-) accumulated error probability: 0.00 culprit signature: 9d152553ae50e68ea7d63832acfa0b349f2d79b37091aa8ded71302fdf31078b parent signature: 2dff5b11663cdf94992d4dcd4ae2e159af33fd7fff837d1ce718c7aecb5c4e3a revisions tested: 22, total time: 7h33m41.126054307s (build: 4h29m45.883141278s, test: 2h47m23.409603389s) first bad commit: 2118f9390d83cf942de8b34faf3d35b54f9f4eee net: nexthop: Adjust netlink policy parsing for a new attribute recipients (to): ["davem@davemloft.net" "dsahern@kernel.org" "idosch@nvidia.com" "petrm@nvidia.com"] recipients (cc): [] crash: kernel BUG in __nla_validate_parse ------------[ cut here ]------------ kernel BUG at lib/nlattr.c:411! invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI CPU: 1 PID: 1872 Comm: syz-executor.0 Not tainted 6.8.0-rc7-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024 RIP: 0010:validate_nla lib/nlattr.c:411 [inline] RIP: 0010:__nla_validate_parse+0x2fd4/0x2fe0 lib/nlattr.c:635 Code: e9 2a fb ff ff 48 8b 4c 24 38 80 e1 07 38 c1 0f 8c 33 f8 ff ff 48 8b 7c 24 38 e8 37 43 68 ff e9 24 f8 ff ff e8 9d c5 41 01 90 <0f> 0b 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 RSP: 0018:ffffc90001f1ef40 EFLAGS: 00010202 RAX: 000000000000004e RBX: ffffffff83beb4c0 RCX: 000000000000000e RDX: dffffc0000000000 RSI: 0000000000000008 RDI: ffff888117c62118 RBP: ffffc90001f1f170 R08: 000000000000001f R09: ffffc90001f1f1e0 R10: 000000000000000d R11: ffffffff83beb440 R12: 1ffff11022f8c423 R13: ffff888117c6211a R14: 0000000000000008 R15: ffffc90001f1f280 FS: 00007fa7b2a676c0(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000020000640 CR3: 000000011888e000 CR4: 00000000003506f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: __nla_parse+0x28/0x40 lib/nlattr.c:732 __nlmsg_parse include/net/netlink.h:756 [inline] nlmsg_parse include/net/netlink.h:777 [inline] rtm_del_nexthop+0x22c/0x580 net/ipv4/nexthop.c:3013 rtnetlink_rcv_msg+0x6cf/0xd10 net/core/rtnetlink.c:6595 netlink_rcv_skb+0x203/0x390 net/netlink/af_netlink.c:2556 netlink_unicast_kernel net/netlink/af_netlink.c:1335 [inline] netlink_unicast+0x5f2/0x820 net/netlink/af_netlink.c:1361 netlink_sendmsg+0x747/0xb20 net/netlink/af_netlink.c:1902 sock_sendmsg_nosec net/socket.c:730 [inline] __sock_sendmsg+0x1ec/0x230 net/socket.c:745 ____sys_sendmsg+0x42c/0x6b0 net/socket.c:2584 ___sys_sendmsg net/socket.c:2638 [inline] __sys_sendmsg+0x21d/0x2e0 net/socket.c:2667 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf9/0x210 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x6f/0x77 RIP: 0033:0x7fa7b2ee5da9 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007fa7b2a670c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 00007fa7b3013f80 RCX: 00007fa7b2ee5da9 RDX: 0000000000000000 RSI: 0000000020000640 RDI: 0000000000000003 RBP: 00007fa7b2f3247a R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 0000000000000006 R14: 00007fa7b3013f80 R15: 00007ffdcf45fc38 Modules linked in: ---[ end trace 0000000000000000 ]--- RIP: 0010:validate_nla lib/nlattr.c:411 [inline] RIP: 0010:__nla_validate_parse+0x2fd4/0x2fe0 lib/nlattr.c:635 Code: e9 2a fb ff ff 48 8b 4c 24 38 80 e1 07 38 c1 0f 8c 33 f8 ff ff 48 8b 7c 24 38 e8 37 43 68 ff e9 24 f8 ff ff e8 9d c5 41 01 90 <0f> 0b 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 RSP: 0018:ffffc90001f1ef40 EFLAGS: 00010202 RAX: 000000000000004e RBX: ffffffff83beb4c0 RCX: 000000000000000e RDX: dffffc0000000000 RSI: 0000000000000008 RDI: ffff888117c62118 RBP: ffffc90001f1f170 R08: 000000000000001f R09: ffffc90001f1f1e0 R10: 000000000000000d R11: ffffffff83beb440 R12: 1ffff11022f8c423 R13: ffff888117c6211a R14: 0000000000000008 R15: ffffc90001f1f280 FS: 00007fa7b2a676c0(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000020000640 CR3: 000000011888e000 CR4: 00000000003506f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400