ci2 starts bisection 2025-01-31 23:03:32.344086842 +0000 UTC m=+24671.229565154 bisecting fixing commit since 6f0de8f8a16565068c241273f4410783ed8f6c8c building syzkaller on 7cbfbb3ab457b0a8ecf525a27a65a2078c5dcaa8 ensuring issue is reproducible on original commit 6f0de8f8a16565068c241273f4410783ed8f6c8c testing commit 6f0de8f8a16565068c241273f4410783ed8f6c8c gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 430d6e0a9ebb5a51f9cc9e2d8137a907982f06e4e2c677b5cd931c0790ddf453 all runs: crashed: kernel BUG in vlan_get_protocol_dgram representative crash: kernel BUG in vlan_get_protocol_dgram, types: [BUG] check whether we can drop unnecessary instrumentation disabling configs for [KASAN LOCKDEP ATOMIC_SLEEP HANG LEAK UBSAN], they are not needed testing commit 6f0de8f8a16565068c241273f4410783ed8f6c8c gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 833bf6d81f8cc02f0798eb33d123691693cb11aa33d579d99fc5c60eb6c4b6e2 run #0: crashed: kernel BUG in vlan_get_protocol_dgram run #1: crashed: kernel BUG in vlan_get_protocol_dgram run #2: crashed: kernel BUG in vlan_get_protocol_dgram run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK representative crash: kernel BUG in vlan_get_protocol_dgram, types: [BUG] kconfig minimization: base=4920 full=6215 leaves diff=255 split chunks (needed=false): <255> split chunk #0 of len 255 into 5 parts testing without sub-chunk 1/5 testing commit 6f0de8f8a16565068c241273f4410783ed8f6c8c gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: e42055df5587112a22af89912dbd1f1639da85cf32bed6444aec86e9e7f8cc10 all runs: crashed: kernel BUG in vlan_get_protocol_dgram representative crash: kernel BUG in vlan_get_protocol_dgram, types: [BUG] the chunk can be dropped testing without sub-chunk 2/5 testing commit 6f0de8f8a16565068c241273f4410783ed8f6c8c gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: b5f4b6401aca9440f156964dfa84570af5b692d0ae62ded60412eba022a6c149 all runs: crashed: kernel BUG in vlan_get_protocol_dgram representative crash: kernel BUG in vlan_get_protocol_dgram, types: [BUG] the chunk can be dropped testing without sub-chunk 3/5 testing commit 6f0de8f8a16565068c241273f4410783ed8f6c8c gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: bfbe05a9b6b33d3757478ea9ffae6347f30c214a0c3abb19f98ee1b34cef0e62 run #0: crashed: kernel BUG in vlan_get_protocol_dgram run #1: crashed: kernel BUG in vlan_get_protocol_dgram run #2: crashed: kernel BUG in vlan_get_protocol_dgram run #3: crashed: kernel BUG in vlan_get_protocol_dgram run #4: crashed: kernel BUG in vlan_get_protocol_dgram run #5: crashed: kernel BUG in vlan_get_protocol_dgram run #6: crashed: kernel BUG in vlan_get_protocol_dgram run #7: crashed: kernel BUG in vlan_get_protocol_dgram run #8: crashed: kernel BUG in vlan_get_protocol_dgram run #9: crashed: kernel BUG in vlan_get_protocol_dgram run #10: crashed: kernel BUG in vlan_get_protocol_dgram run #11: crashed: kernel BUG in vlan_get_protocol_dgram run #12: crashed: kernel BUG in vlan_get_protocol_dgram run #13: crashed: kernel BUG in vlan_get_protocol_dgram run #14: crashed: kernel BUG in vlan_get_protocol_dgram run #15: crashed: kernel BUG in vlan_get_protocol_dgram run #16: crashed: kernel BUG in vlan_get_protocol_dgram run #17: crashed: kernel BUG in vlan_get_protocol_dgram run #18: crashed: kernel BUG in vlan_get_protocol_dgram run #19: OK representative crash: kernel BUG in vlan_get_protocol_dgram, types: [BUG] the chunk can be dropped testing without sub-chunk 4/5 testing commit 6f0de8f8a16565068c241273f4410783ed8f6c8c gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: cb6707db6216a57e8f9c5e461b52be29031cea50c4de84c4ff417a5390e59837 run #0: crashed: kernel BUG in vlan_get_protocol_dgram run #1: crashed: kernel BUG in vlan_get_protocol_dgram run #2: crashed: kernel BUG in vlan_get_protocol_dgram run #3: crashed: kernel BUG in vlan_get_protocol_dgram run #4: crashed: kernel BUG in vlan_get_protocol_dgram run #5: crashed: kernel BUG in vlan_get_protocol_dgram run #6: crashed: kernel BUG in vlan_get_protocol_dgram run #7: crashed: kernel BUG in vlan_get_protocol_dgram run #8: crashed: kernel BUG in vlan_get_protocol_dgram run #9: crashed: kernel BUG in vlan_get_protocol_dgram run #10: crashed: kernel BUG in vlan_get_protocol_dgram run #11: basic kernel testing failed: failed to copy binary to VM: timedout after 1m0s ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "IdentitiesOnly=yes" "-o" "BatchMode=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "-v" "/tmp/syz-executor4094805508" "root@10.128.10.3:./syz-executor4094805508"] Executing: program /usr/bin/ssh host 10.128.10.3, user root, command sftp OpenSSH_9.2p1 Debian-2+deb12u3, OpenSSL 3.0.15 3 Sep 2024 debug1: Reading configuration data /dev/null debug1: Connecting to 10.128.10.3 [10.128.10.3] port 22. debug1: fd 3 clearing O_NONBLOCK debug1: Connection established. debug1: identity file /root/.ssh/id_rsa type -1 debug1: identity file /root/.ssh/id_rsa-cert type -1 debug1: identity file /root/.ssh/id_ecdsa type -1 debug1: identity file /root/.ssh/id_ecdsa-cert type -1 debug1: identity file /root/.ssh/id_ecdsa_sk type -1 debug1: identity file /root/.ssh/id_ecdsa_sk-cert type -1 debug1: identity file /root/.ssh/id_ed25519 type -1 debug1: identity file /root/.ssh/id_ed25519-cert type -1 debug1: identity file /root/.ssh/id_ed25519_sk type -1 debug1: identity file /root/.ssh/id_ed25519_sk-cert type -1 debug1: identity file /root/.ssh/id_xmss type -1 debug1: identity file /root/.ssh/id_xmss-cert type -1 debug1: identity file /root/.ssh/id_dsa type -1 debug1: identity file /root/.ssh/id_dsa-cert type -1 debug1: Local version string SSH-2.0-OpenSSH_9.2p1 Debian-2+deb12u3 debug1: Remote protocol version 2.0, remote software version OpenSSH_9.1 debug1: compat_banner: match: OpenSSH_9.1 pat OpenSSH* compat 0x04000000 debug1: Authenticating to 10.128.10.3:22 as 'root' debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory debug1: SSH2_MSG_KEXINIT sent run #12: crashed: kernel BUG in vlan_get_protocol_dgram run #13: crashed: kernel BUG in vlan_get_protocol_dgram run #14: crashed: kernel BUG in vlan_get_protocol_dgram run #15: crashed: kernel BUG in vlan_get_protocol_dgram run #16: crashed: kernel BUG in vlan_get_protocol_dgram run #17: crashed: kernel BUG in vlan_get_protocol_dgram run #18: crashed: kernel BUG in vlan_get_protocol_dgram run #19: crashed: kernel BUG in vlan_get_protocol_dgram representative crash: kernel BUG in vlan_get_protocol_dgram, types: [BUG] the chunk can be dropped testing without sub-chunk 5/5 testing commit 6f0de8f8a16565068c241273f4410783ed8f6c8c gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 failed building 6f0de8f8a16565068c241273f4410783ed8f6c8c: net/socket.c:1191: undefined reference to `wext_handle_ioctl' net/socket.c:3390: undefined reference to `compat_wext_handle_ioctl' net/core/net-procfs.c:343: undefined reference to `wext_proc_exit' net/core/net-procfs.c:327: undefined reference to `wext_proc_init' minimized to 51 configs; suspects: [HID_ZEROPLUS USB_MON USB_NET_CDC_MBIM USB_NET_CDC_SUBSET USB_NET_CDC_SUBSET_ENABLE USB_NET_DM9601 USB_NET_GL620A USB_NET_MCS7830 USB_NET_NET1080 USB_NET_PLUSB USB_NET_RNDIS_HOST USB_NET_SMSC75XX USB_NET_SMSC95XX USB_NET_SR9700 USB_NET_SR9800 USB_NET_ZAURUS USB_OHCI_HCD USB_OHCI_HCD_PCI USB_OHCI_HCD_PLATFORM USB_OTG USB_OTG_FSM USB_PRINTER USB_SERIAL USB_SERIAL_FTDI_SIO USB_SERIAL_GENERIC USB_SERIAL_PL2303 USB_STORAGE_ALAUDA USB_STORAGE_CYPRESS_ATACB USB_STORAGE_DATAFAB USB_STORAGE_FREECOM USB_STORAGE_ISD200 USB_STORAGE_JUMPSHOT USB_STORAGE_KARMA USB_STORAGE_ONETOUCH USB_STORAGE_SDDR09 USB_STORAGE_SDDR55 USB_STORAGE_USBAT USB_TRANCEVIBRATOR USB_U_AUDIO USB_U_ETHER USB_U_SERIAL USB_WDM USB_XHCI_PCI_RENESAS WLAN WLAN_VENDOR_ATH WLAN_VENDOR_ATMEL WLAN_VENDOR_BROADCOM WLAN_VENDOR_INTERSIL WLAN_VENDOR_MARVELL WLAN_VENDOR_MEDIATEK WLAN_VENDOR_MICROCHIP WLAN_VENDOR_RALINK WLAN_VENDOR_REALTEK WLAN_VENDOR_RSI WLAN_VENDOR_ZYDAS X86_X32 ZEROPLUS_FF] testing current HEAD d1a25a6a4b3ba9648f8aa7656fd9b320ef167faf testing commit d1a25a6a4b3ba9648f8aa7656fd9b320ef167faf gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 3f9c046dd39e4554874e54c8cc9057a9586f17f7da96b927c63109501dc501d5 all runs: OK false negative chance: 0.000 # git bisect start d1a25a6a4b3ba9648f8aa7656fd9b320ef167faf 6f0de8f8a16565068c241273f4410783ed8f6c8c Bisecting: 457 revisions left to test after this (roughly 9 steps) [87bf3ea841a5d77beae6bb85af36b2b3848407ee] scsi: ufs: core: sysfs: Prevent div by zero determine whether the revision contains the guilty commit checking the merge base 0a51d2d4527b43c5e467ffa6897deefeaf499358 no existing result, test the revision testing commit 0a51d2d4527b43c5e467ffa6897deefeaf499358 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 657680ed272f9aedd59b7ff8eed1e57e944c3d6977945b46cc60327af004cf68 run #0: crashed: kernel BUG in vlan_get_protocol_dgram run #1: crashed: kernel BUG in vlan_get_protocol_dgram run #2: crashed: kernel BUG in vlan_get_protocol_dgram run #3: crashed: kernel BUG in vlan_get_protocol_dgram run #4: crashed: kernel BUG in vlan_get_protocol_dgram run #5: crashed: kernel BUG in vlan_get_protocol_dgram run #6: crashed: kernel BUG in vlan_get_protocol_dgram run #7: crashed: kernel BUG in vlan_get_protocol_dgram run #8: crashed: kernel BUG in vlan_get_protocol_dgram run #9: crashed: kernel BUG in vlan_get_protocol_dgram run #10: crashed: kernel BUG in vlan_get_protocol_dgram run #11: crashed: kernel BUG in vlan_get_protocol_dgram run #12: crashed: kernel BUG in vlan_get_protocol_dgram run #13: basic kernel testing failed: failed to copy binary to VM: timedout after 1m0s ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "IdentitiesOnly=yes" "-o" "BatchMode=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "-v" "/tmp/syz-executor327053321" "root@10.128.10.53:./syz-executor327053321"] Executing: program /usr/bin/ssh host 10.128.10.53, user root, command sftp OpenSSH_9.2p1 Debian-2+deb12u3, OpenSSL 3.0.15 3 Sep 2024 debug1: Reading configuration data /dev/null debug1: Connecting to 10.128.10.53 [10.128.10.53] port 22. debug1: fd 3 clearing O_NONBLOCK debug1: Connection established. debug1: identity file /root/.ssh/id_rsa type -1 debug1: identity file /root/.ssh/id_rsa-cert type -1 debug1: identity file /root/.ssh/id_ecdsa type -1 debug1: identity file /root/.ssh/id_ecdsa-cert type -1 debug1: identity file /root/.ssh/id_ecdsa_sk type -1 debug1: identity file /root/.ssh/id_ecdsa_sk-cert type -1 debug1: identity file /root/.ssh/id_ed25519 type -1 debug1: identity file /root/.ssh/id_ed25519-cert type -1 debug1: identity file /root/.ssh/id_ed25519_sk type -1 debug1: identity file /root/.ssh/id_ed25519_sk-cert type -1 debug1: identity file /root/.ssh/id_xmss type -1 debug1: identity file /root/.ssh/id_xmss-cert type -1 debug1: identity file /root/.ssh/id_dsa type -1 debug1: identity file /root/.ssh/id_dsa-cert type -1 debug1: Local version string SSH-2.0-OpenSSH_9.2p1 Debian-2+deb12u3 debug1: Remote protocol version 2.0, remote software version OpenSSH_9.1 debug1: compat_banner: match: OpenSSH_9.1 pat OpenSSH* compat 0x04000000 debug1: Authenticating to 10.128.10.53:22 as 'root' debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory debug1: SSH2_MSG_KEXINIT sent run #14: crashed: kernel BUG in vlan_get_protocol_dgram run #15: OK run #16: crashed: kernel BUG in vlan_get_protocol_dgram run #17: OK run #18: OK run #19: crashed: kernel BUG in vlan_get_protocol_dgram representative crash: kernel BUG in vlan_get_protocol_dgram, types: [BUG] testing commit 87bf3ea841a5d77beae6bb85af36b2b3848407ee gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 6cbb0e6cd2fa9975e8a105c7e7caa6611cd42aed64ebde806e88f9fdf6758858 run #0: crashed: kernel BUG in vlan_get_protocol_dgram run #1: crashed: kernel BUG in vlan_get_protocol_dgram run #2: crashed: kernel BUG in vlan_get_protocol_dgram run #3: crashed: kernel BUG in vlan_get_protocol_dgram run #4: crashed: kernel BUG in vlan_get_protocol_dgram run #5: crashed: kernel BUG in vlan_get_protocol_dgram run #6: crashed: kernel BUG in vlan_get_protocol_dgram run #7: crashed: kernel BUG in vlan_get_protocol_dgram run #8: crashed: kernel BUG in vlan_get_protocol_dgram run #9: crashed: kernel BUG in vlan_get_protocol_dgram run #10: crashed: kernel BUG in vlan_get_protocol_dgram run #11: crashed: kernel BUG in vlan_get_protocol_dgram run #12: crashed: kernel BUG in vlan_get_protocol_dgram run #13: crashed: kernel BUG in vlan_get_protocol_dgram run #14: crashed: kernel BUG in vlan_get_protocol_dgram run #15: crashed: kernel BUG in vlan_get_protocol_dgram run #16: crashed: kernel BUG in vlan_get_protocol_dgram run #17: crashed: kernel BUG in vlan_get_protocol_dgram run #18: OK run #19: OK representative crash: kernel BUG in vlan_get_protocol_dgram, types: [BUG] # git bisect good 87bf3ea841a5d77beae6bb85af36b2b3848407ee Bisecting: 228 revisions left to test after this (roughly 8 steps) [3a22224a443b315817e7afec52c120ab2059511f] phy: core: Fix that API devm_phy_put() fails to release the phy determine whether the revision contains the guilty commit revision 0a51d2d4527b43c5e467ffa6897deefeaf499358 crashed and is reachable testing commit 3a22224a443b315817e7afec52c120ab2059511f gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: f4c0676298ee95762bca8c8fc4468a94309f75bc1d158865baade71f4573583b run #0: crashed: kernel BUG in vlan_get_protocol_dgram run #1: crashed: kernel BUG in vlan_get_protocol_dgram run #2: crashed: kernel BUG in vlan_get_protocol_dgram run #3: crashed: kernel BUG in vlan_get_protocol_dgram run #4: crashed: kernel BUG in vlan_get_protocol_dgram run #5: OK run #6: crashed: kernel BUG in vlan_get_protocol_dgram run #7: crashed: kernel BUG in vlan_get_protocol_dgram run #8: crashed: kernel BUG in vlan_get_protocol_dgram run #9: crashed: kernel BUG in vlan_get_protocol_dgram run #10: crashed: kernel BUG in vlan_get_protocol_dgram run #11: crashed: kernel BUG in vlan_get_protocol_dgram run #12: crashed: kernel BUG in vlan_get_protocol_dgram run #13: crashed: kernel BUG in vlan_get_protocol_dgram run #14: crashed: kernel BUG in vlan_get_protocol_dgram run #15: OK run #16: OK run #17: OK run #18: OK run #19: OK representative crash: kernel BUG in vlan_get_protocol_dgram, types: [BUG] # git bisect good 3a22224a443b315817e7afec52c120ab2059511f Bisecting: 114 revisions left to test after this (roughly 7 steps) [2f2c1ce86708cfd1929355f74fc766f502470e7e] netfilter: nf_tables: imbalance in flowtable binding determine whether the revision contains the guilty commit revision 0a51d2d4527b43c5e467ffa6897deefeaf499358 crashed and is reachable testing commit 2f2c1ce86708cfd1929355f74fc766f502470e7e gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 68f1ad05fa15cd4d8fb6e9681711734699eeadbc7a797c14c0418101e675c099 all runs: OK false negative chance: 0.000 # git bisect bad 2f2c1ce86708cfd1929355f74fc766f502470e7e Bisecting: 56 revisions left to test after this (roughly 6 steps) [f0da70367048ca006cc33c156f254281950f595e] net: stmmac: don't create a MDIO bus if unnecessary determine whether the revision contains the guilty commit revision 0a51d2d4527b43c5e467ffa6897deefeaf499358 crashed and is reachable testing commit f0da70367048ca006cc33c156f254281950f595e gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: efbf186e1ccb1e0fc7ec51da7c9e05b4987d3426f0f55909ca00e6f1c86edf0c run #0: crashed: kernel BUG in vlan_get_protocol_dgram run #1: crashed: kernel BUG in vlan_get_protocol_dgram run #2: crashed: kernel BUG in vlan_get_protocol_dgram run #3: crashed: kernel BUG in vlan_get_protocol_dgram run #4: crashed: kernel BUG in vlan_get_protocol_dgram run #5: crashed: kernel BUG in vlan_get_protocol_dgram run #6: crashed: kernel BUG in vlan_get_protocol_dgram run #7: crashed: kernel BUG in vlan_get_protocol_dgram run #8: crashed: kernel BUG in vlan_get_protocol_dgram run #9: crashed: kernel BUG in vlan_get_protocol_dgram run #10: crashed: kernel BUG in vlan_get_protocol_dgram run #11: crashed: kernel BUG in vlan_get_protocol_dgram run #12: crashed: kernel BUG in vlan_get_protocol_dgram run #13: crashed: kernel BUG in vlan_get_protocol_dgram run #14: crashed: kernel BUG in vlan_get_protocol_dgram run #15: crashed: kernel BUG in vlan_get_protocol_dgram run #16: OK run #17: crashed: kernel BUG in vlan_get_protocol_dgram run #18: OK run #19: OK representative crash: kernel BUG in vlan_get_protocol_dgram, types: [BUG] # git bisect good f0da70367048ca006cc33c156f254281950f595e Bisecting: 28 revisions left to test after this (roughly 5 steps) [f4539c3cab4423b99c793adcb25fb472602ee032] ARC: build: Try to guess GCC variant of cross compiler determine whether the revision contains the guilty commit revision 3a22224a443b315817e7afec52c120ab2059511f crashed and is reachable testing commit f4539c3cab4423b99c793adcb25fb472602ee032 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 4e5489a07317b435ca27752631628b9db2f6778f1ef200b20c3e20b02c6714e7 all runs: OK false negative chance: 0.000 # git bisect bad f4539c3cab4423b99c793adcb25fb472602ee032 Bisecting: 13 revisions left to test after this (roughly 4 steps) [de4f8d477c67ec1d7c28f3486c3e47d147d90a01] af_packet: fix vlan_get_protocol_dgram() vs MSG_PEEK determine whether the revision contains the guilty commit revision f0da70367048ca006cc33c156f254281950f595e crashed and is reachable testing commit de4f8d477c67ec1d7c28f3486c3e47d147d90a01 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 13c4b663ed4f618299507651fa6d3e57405af6f617fe825a8e3bbfda91ef1f48 all runs: OK false negative chance: 0.000 # git bisect bad de4f8d477c67ec1d7c28f3486c3e47d147d90a01 Bisecting: 6 revisions left to test after this (roughly 3 steps) [d27088892b401ff74b0de237b7deeb9d2f6289da] ALSA: usb-audio: US16x08: Initialize array before use determine whether the revision contains the guilty commit revision 87bf3ea841a5d77beae6bb85af36b2b3848407ee crashed and is reachable testing commit d27088892b401ff74b0de237b7deeb9d2f6289da gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 88c18ac97ee74f1475bcaec9bd3a696714a2279869f56aaf7d5772ee20a839e3 run #0: crashed: kernel BUG in vlan_get_protocol_dgram run #1: crashed: kernel BUG in vlan_get_protocol_dgram run #2: crashed: kernel BUG in vlan_get_protocol_dgram run #3: crashed: kernel BUG in vlan_get_protocol_dgram run #4: crashed: kernel BUG in vlan_get_protocol_dgram run #5: crashed: kernel BUG in vlan_get_protocol_dgram run #6: crashed: kernel BUG in vlan_get_protocol_dgram run #7: crashed: kernel BUG in vlan_get_protocol_dgram run #8: crashed: kernel BUG in vlan_get_protocol_dgram run #9: crashed: kernel BUG in vlan_get_protocol_dgram run #10: crashed: kernel BUG in vlan_get_protocol_dgram run #11: crashed: kernel BUG in vlan_get_protocol_dgram run #12: crashed: kernel BUG in vlan_get_protocol_dgram run #13: crashed: kernel BUG in vlan_get_protocol_dgram run #14: crashed: kernel BUG in vlan_get_protocol_dgram run #15: OK run #16: OK run #17: crashed: kernel BUG in vlan_get_protocol_dgram run #18: OK run #19: OK representative crash: kernel BUG in vlan_get_protocol_dgram, types: [BUG] # git bisect good d27088892b401ff74b0de237b7deeb9d2f6289da Bisecting: 3 revisions left to test after this (roughly 2 steps) [143378075904e78b3b2a810099bcc3b3d82d762f] RDMA/rtrs: Ensure 'ib_sge list' is accessible determine whether the revision contains the guilty commit revision 0a51d2d4527b43c5e467ffa6897deefeaf499358 crashed and is reachable testing commit 143378075904e78b3b2a810099bcc3b3d82d762f gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 2b8dc9cb1efc9cc0d9e02ad5786903ddb2bec64bbf36a97db5f1ac129d379d55 run #0: crashed: kernel BUG in vlan_get_protocol_dgram run #1: crashed: kernel BUG in vlan_get_protocol_dgram run #2: crashed: kernel BUG in vlan_get_protocol_dgram run #3: crashed: kernel BUG in vlan_get_protocol_dgram run #4: crashed: kernel BUG in vlan_get_protocol_dgram run #5: crashed: kernel BUG in vlan_get_protocol_dgram run #6: crashed: kernel BUG in vlan_get_protocol_dgram run #7: crashed: kernel BUG in vlan_get_protocol_dgram run #8: crashed: kernel BUG in vlan_get_protocol_dgram run #9: crashed: kernel BUG in vlan_get_protocol_dgram run #10: crashed: kernel BUG in vlan_get_protocol_dgram run #11: crashed: kernel BUG in vlan_get_protocol_dgram run #12: crashed: kernel BUG in vlan_get_protocol_dgram run #13: crashed: kernel BUG in vlan_get_protocol_dgram run #14: crashed: kernel BUG in vlan_get_protocol_dgram run #15: OK run #16: crashed: kernel BUG in vlan_get_protocol_dgram run #17: OK run #18: OK run #19: OK representative crash: kernel BUG in vlan_get_protocol_dgram, types: [BUG] # git bisect good 143378075904e78b3b2a810099bcc3b3d82d762f Bisecting: 1 revision left to test after this (roughly 1 step) [0caa776f28295bd27b6801e5a52457b42626dd35] net: wwan: iosm: Properly check for valid exec stage in ipc_mmio_init() determine whether the revision contains the guilty commit revision 3a22224a443b315817e7afec52c120ab2059511f crashed and is reachable testing commit 0caa776f28295bd27b6801e5a52457b42626dd35 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 412c6103309cde442d2c028664c1eb9beb7b10cfa3b72605eeaca616878a31c7 run #0: crashed: kernel BUG in vlan_get_protocol_dgram run #1: crashed: kernel BUG in vlan_get_protocol_dgram run #2: crashed: kernel BUG in vlan_get_protocol_dgram run #3: crashed: kernel BUG in vlan_get_protocol_dgram run #4: crashed: kernel BUG in vlan_get_protocol_dgram run #5: crashed: kernel BUG in vlan_get_protocol_dgram run #6: crashed: kernel BUG in vlan_get_protocol_dgram run #7: crashed: kernel BUG in vlan_get_protocol_dgram run #8: crashed: kernel BUG in vlan_get_protocol_dgram run #9: crashed: kernel BUG in vlan_get_protocol_dgram run #10: crashed: kernel BUG in vlan_get_protocol_dgram run #11: crashed: kernel BUG in vlan_get_protocol_dgram run #12: crashed: kernel BUG in vlan_get_protocol_dgram run #13: crashed: kernel BUG in vlan_get_protocol_dgram run #14: crashed: kernel BUG in vlan_get_protocol_dgram run #15: crashed: kernel BUG in vlan_get_protocol_dgram run #16: crashed: kernel BUG in vlan_get_protocol_dgram run #17: OK run #18: OK run #19: OK representative crash: kernel BUG in vlan_get_protocol_dgram, types: [BUG] # git bisect good 0caa776f28295bd27b6801e5a52457b42626dd35 Bisecting: 0 revisions left to test after this (roughly 0 steps) [65c67049e9ed481f6b52264b39618b8c6dfb1d3e] af_packet: fix vlan_get_tci() vs MSG_PEEK determine whether the revision contains the guilty commit revision 0caa776f28295bd27b6801e5a52457b42626dd35 crashed and is reachable testing commit 65c67049e9ed481f6b52264b39618b8c6dfb1d3e gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 2cb85f37c52a4930d4185326a35d8f632e74b77093b443e65ed0b1d54190cc62 run #0: crashed: kernel BUG in vlan_get_protocol_dgram run #1: crashed: kernel BUG in vlan_get_protocol_dgram run #2: crashed: kernel BUG in vlan_get_protocol_dgram run #3: crashed: kernel BUG in vlan_get_protocol_dgram run #4: crashed: kernel BUG in vlan_get_protocol_dgram run #5: crashed: kernel BUG in vlan_get_protocol_dgram run #6: crashed: kernel BUG in vlan_get_protocol_dgram run #7: crashed: kernel BUG in vlan_get_protocol_dgram run #8: crashed: kernel BUG in vlan_get_protocol_dgram run #9: crashed: kernel BUG in vlan_get_protocol_dgram run #10: crashed: kernel BUG in vlan_get_protocol_dgram run #11: crashed: kernel BUG in vlan_get_protocol_dgram run #12: crashed: kernel BUG in vlan_get_protocol_dgram run #13: crashed: kernel BUG in vlan_get_protocol_dgram run #14: crashed: kernel BUG in vlan_get_protocol_dgram run #15: crashed: kernel BUG in vlan_get_protocol_dgram run #16: crashed: kernel BUG in vlan_get_protocol_dgram run #17: crashed: kernel BUG in vlan_get_protocol_dgram run #18: crashed: kernel BUG in vlan_get_protocol_dgram run #19: OK representative crash: kernel BUG in vlan_get_protocol_dgram, types: [BUG] # git bisect good 65c67049e9ed481f6b52264b39618b8c6dfb1d3e de4f8d477c67ec1d7c28f3486c3e47d147d90a01 is the first bad commit commit de4f8d477c67ec1d7c28f3486c3e47d147d90a01 Author: Eric Dumazet Date: Mon Dec 30 16:10:04 2024 +0000 af_packet: fix vlan_get_protocol_dgram() vs MSG_PEEK [ Upstream commit f91a5b8089389eb408501af2762f168c3aaa7b79 ] Blamed commit forgot MSG_PEEK case, allowing a crash [1] as found by syzbot. Rework vlan_get_protocol_dgram() to not touch skb at all, so that it can be used from many cpus on the same skb. Add a const qualifier to skb argument. [1] skbuff: skb_under_panic: text:ffffffff8a8ccd05 len:29 put:14 head:ffff88807fc8e400 data:ffff88807fc8e3f4 tail:0x11 end:0x140 dev: ------------[ cut here ]------------ kernel BUG at net/core/skbuff.c:206 ! Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI CPU: 1 UID: 0 PID: 5892 Comm: syz-executor883 Not tainted 6.13.0-rc4-syzkaller-00054-gd6ef8b40d075 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 RIP: 0010:skb_panic net/core/skbuff.c:206 [inline] RIP: 0010:skb_under_panic+0x14b/0x150 net/core/skbuff.c:216 Code: 0b 8d 48 c7 c6 86 d5 25 8e 48 8b 54 24 08 8b 0c 24 44 8b 44 24 04 4d 89 e9 50 41 54 41 57 41 56 e8 5a 69 79 f7 48 83 c4 20 90 <0f> 0b 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 RSP: 0018:ffffc900038d7638 EFLAGS: 00010282 RAX: 0000000000000087 RBX: dffffc0000000000 RCX: 609ffd18ea660600 RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000 RBP: ffff88802483c8d0 R08: ffffffff817f0a8c R09: 1ffff9200071ae60 R10: dffffc0000000000 R11: fffff5200071ae61 R12: 0000000000000140 R13: ffff88807fc8e400 R14: ffff88807fc8e3f4 R15: 0000000000000011 FS: 00007fbac5e006c0(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fbac5e00d58 CR3: 000000001238e000 CR4: 00000000003526f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: skb_push+0xe5/0x100 net/core/skbuff.c:2636 vlan_get_protocol_dgram+0x165/0x290 net/packet/af_packet.c:585 packet_recvmsg+0x948/0x1ef0 net/packet/af_packet.c:3552 sock_recvmsg_nosec net/socket.c:1033 [inline] sock_recvmsg+0x22f/0x280 net/socket.c:1055 ____sys_recvmsg+0x1c6/0x480 net/socket.c:2803 ___sys_recvmsg net/socket.c:2845 [inline] do_recvmmsg+0x426/0xab0 net/socket.c:2940 __sys_recvmmsg net/socket.c:3014 [inline] __do_sys_recvmmsg net/socket.c:3037 [inline] __se_sys_recvmmsg net/socket.c:3030 [inline] __x64_sys_recvmmsg+0x199/0x250 net/socket.c:3030 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f Fixes: 79eecf631c14 ("af_packet: Handle outgoing VLAN packets without hardware offloading") Reported-by: syzbot+74f70bb1cb968bf09e4f@syzkaller.appspotmail.com Closes: https://lore.kernel.org/netdev/6772c485.050a0220.2f3838.04c5.GAE@google.com/T/#u Signed-off-by: Eric Dumazet Cc: Chengen Du Reviewed-by: Willem de Bruijn Link: https://patch.msgid.link/20241230161004.2681892-2-edumazet@google.com Signed-off-by: Jakub Kicinski Signed-off-by: Sasha Levin include/linux/if_vlan.h | 16 +++++++++++++--- net/packet/af_packet.c | 16 ++++------------ 2 files changed, 17 insertions(+), 15 deletions(-) accumulated error probability: 0.00 culprit signature: 13c4b663ed4f618299507651fa6d3e57405af6f617fe825a8e3bbfda91ef1f48 parent signature: 2cb85f37c52a4930d4185326a35d8f632e74b77093b443e65ed0b1d54190cc62 reproducer is flaky (0.81 repro chance estimate) revisions tested: 18, total time: 4h25m38.730122168s (build: 46m11.830341464s, test: 3h34m49.335724655s) first good commit: de4f8d477c67ec1d7c28f3486c3e47d147d90a01 af_packet: fix vlan_get_protocol_dgram() vs MSG_PEEK recipients (to): ["edumazet@google.com" "kuba@kernel.org" "sashal@kernel.org" "willemb@google.com"] recipients (cc): []