bisecting cause commit starting from ca7e1fd1026c5af6a533b4b5447e1d2f153e28f2 building syzkaller on bd2a74a31f07d383be203bcd77dfbecbc1205dd3 testing commit ca7e1fd1026c5af6a533b4b5447e1d2f153e28f2 with gcc (GCC) 8.1.0 kernel signature: 2aeee1b42a07b1238b5d7825e233a7614c2276040bfd6b7205d11cae7196c49b all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in cipso_v4_sock_setattr testing release v5.5 testing commit d5226fa6dbae0569ee43ecfc08bdcd6770fc4755 with gcc (GCC) 8.1.0 kernel signature: 4ef2be71cea4d9611bcd44765fd6750ede5bd111fe7299b3ebfbe5afd2a33b71 all runs: OK # git bisect start ca7e1fd1026c5af6a533b4b5447e1d2f153e28f2 d5226fa6dbae0569ee43ecfc08bdcd6770fc4755 Bisecting: 6365 revisions left to test after this (roughly 13 steps) [4cadc60d6bcfee9c626d4b55e9dc1475d21ad3bb] Merge tag 'for-v5.6' of git://git.kernel.org/pub/scm/linux/kernel/git/sre/linux-power-supply testing commit 4cadc60d6bcfee9c626d4b55e9dc1475d21ad3bb with gcc (GCC) 8.1.0 kernel signature: a170dd70d64c605953a9b619f09228aebce95a463de1b7bbc3e051da2772cc80 all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in cipso_v4_sock_setattr # git bisect bad 4cadc60d6bcfee9c626d4b55e9dc1475d21ad3bb Bisecting: 2314 revisions left to test after this (roughly 12 steps) [bd2463ac7d7ec51d432f23bf0e893fb371a908cd] Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next testing commit bd2463ac7d7ec51d432f23bf0e893fb371a908cd with gcc (GCC) 8.1.0 kernel signature: 328aff4cbc307249a9bc3cd9407e610a2a3f874558c6793b497d9060c05fe8c5 all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in cipso_v4_sock_setattr # git bisect bad bd2463ac7d7ec51d432f23bf0e893fb371a908cd Bisecting: 1616 revisions left to test after this (roughly 11 steps) [6bc82d9b7e6371673992ed5e3897cf7fb8cc4f41] qed: rt init valid initialization changed testing commit 6bc82d9b7e6371673992ed5e3897cf7fb8cc4f41 with gcc (GCC) 8.1.0 kernel signature: c59daa23cdf0d171e01a0ef8568389a59fec5e7e06d62ae41b2b9585d83b4214 all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in cipso_v4_sock_setattr # git bisect bad 6bc82d9b7e6371673992ed5e3897cf7fb8cc4f41 Bisecting: 808 revisions left to test after this (roughly 10 steps) [b9ae51273655a72a12fba730843fd72fb132735a] hsr: fix dummy hsr_debugfs_rename() declaration testing commit b9ae51273655a72a12fba730843fd72fb132735a with gcc (GCC) 8.1.0 kernel signature: d7f13635cb062efecc69268be3e342c0fff7560e0e2074150545b594988fb19b all runs: OK # git bisect good b9ae51273655a72a12fba730843fd72fb132735a Bisecting: 435 revisions left to test after this (roughly 9 steps) [7c453526dc50460c63ff28df7673570dd057c5d0] net/mlx5e: Enable all available stats for uplink reps testing commit 7c453526dc50460c63ff28df7673570dd057c5d0 with gcc (GCC) 8.1.0 kernel signature: 89fd512154d5cc003adef8b5959dd45990e4118c484be95d0782a176ff60189e all runs: OK # git bisect good 7c453526dc50460c63ff28df7673570dd057c5d0 Bisecting: 218 revisions left to test after this (roughly 8 steps) [5a44c71ccda60a50073c5d7fe3f694cdfa3ab0c2] drivers: net: xgene: Fix the order of the arguments of 'alloc_etherdev_mqs()' testing commit 5a44c71ccda60a50073c5d7fe3f694cdfa3ab0c2 with gcc (GCC) 8.1.0 kernel signature: 08138dfcc2bf4d969f231fa4acdd1f75e85d096143665ac33b18e4cb282200c7 all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in cipso_v4_sock_setattr # git bisect bad 5a44c71ccda60a50073c5d7fe3f694cdfa3ab0c2 Bisecting: 108 revisions left to test after this (roughly 7 steps) [cf4eeee5ff56180b525bfb6a204071216ca4000a] pie: rearrange macros in order of length testing commit cf4eeee5ff56180b525bfb6a204071216ca4000a with gcc (GCC) 8.1.0 kernel signature: a0a7da0b685a33800551420608a411ebd39349c261e46000542398e6bd0cbfcb all runs: OK # git bisect good cf4eeee5ff56180b525bfb6a204071216ca4000a Bisecting: 54 revisions left to test after this (roughly 6 steps) [dbacf8ba5860e79d5191b0868bffa9e351d205e4] mlxsw: spectrum: Configure shaper rate and burst size together testing commit dbacf8ba5860e79d5191b0868bffa9e351d205e4 with gcc (GCC) 8.1.0 kernel signature: 148a9b99ee054faf54b76810b1cf77be80aca5750c2b5ac2883323776cf20bc0 all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in cipso_v4_sock_setattr # git bisect bad dbacf8ba5860e79d5191b0868bffa9e351d205e4 Bisecting: 26 revisions left to test after this (roughly 5 steps) [648ef4b88673dadb8463bf0d4b10fbf33d55def8] mptcp: Implement MPTCP receive path testing commit 648ef4b88673dadb8463bf0d4b10fbf33d55def8 with gcc (GCC) 8.1.0 kernel signature: ad19c40e63057c89e4fb7e58648daf63678f87f969ffd6c2e78554e93c7e90db all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in cipso_v4_sock_setattr # git bisect bad 648ef4b88673dadb8463bf0d4b10fbf33d55def8 Bisecting: 13 revisions left to test after this (roughly 4 steps) [ac0e932d0e2988c125be251715d83e95839cdae3] net: bridge: check port state before br_allowed_egress testing commit ac0e932d0e2988c125be251715d83e95839cdae3 with gcc (GCC) 8.1.0 kernel signature: e41c09499e2c7abb71d636b01dba10492e0256c48fd70578970d4de10720c8c1 all runs: OK # git bisect good ac0e932d0e2988c125be251715d83e95839cdae3 Bisecting: 6 revisions left to test after this (roughly 3 steps) [2303f994b3e187091fd08148066688b08f837efc] mptcp: Associate MPTCP context with TCP socket testing commit 2303f994b3e187091fd08148066688b08f837efc with gcc (GCC) 8.1.0 kernel signature: 8b2d87a26916974a90b7737eaf573c956691516eaad38b173560a420173be803 all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in cipso_v4_sock_setattr # git bisect bad 2303f994b3e187091fd08148066688b08f837efc Bisecting: 3 revisions left to test after this (roughly 2 steps) [a580c76d534c7360ba68042b19cb255e8420e987] net: bridge: vlan: add per-vlan state testing commit a580c76d534c7360ba68042b19cb255e8420e987 with gcc (GCC) 8.1.0 kernel signature: 26d732bc5b1ecf3b478a5aa2a8b37522143b3d864298801f48b7f4617ff47506 all runs: OK # git bisect good a580c76d534c7360ba68042b19cb255e8420e987 Bisecting: 1 revision left to test after this (roughly 1 step) [f870fa0b5768842cb4690c1c11f19f28b731ae6d] mptcp: Add MPTCP socket stubs testing commit f870fa0b5768842cb4690c1c11f19f28b731ae6d with gcc (GCC) 8.1.0 kernel signature: b80c00815579f25875083a484ff3b84280ee44729e935b50fdccb5958bee8955 all runs: OK # git bisect good f870fa0b5768842cb4690c1c11f19f28b731ae6d Bisecting: 0 revisions left to test after this (roughly 0 steps) [eda7acddf8080bb2d022a8d4b8b2345eb80c63ec] mptcp: Handle MPTCP TCP options testing commit eda7acddf8080bb2d022a8d4b8b2345eb80c63ec with gcc (GCC) 8.1.0 kernel signature: 4c75a747ef49bcebb34d2274c580482d319a3be1374707f79a6dd05dbd5baf3b all runs: OK # git bisect good eda7acddf8080bb2d022a8d4b8b2345eb80c63ec 2303f994b3e187091fd08148066688b08f837efc is the first bad commit commit 2303f994b3e187091fd08148066688b08f837efc Author: Peter Krystad Date: Tue Jan 21 16:56:17 2020 -0800 mptcp: Associate MPTCP context with TCP socket Use ULP to associate a subflow_context structure with each TCP subflow socket. Creating these sockets requires new bind and connect functions to make sure ULP is set up immediately when the subflow sockets are created. Co-developed-by: Florian Westphal Signed-off-by: Florian Westphal Co-developed-by: Matthieu Baerts Signed-off-by: Matthieu Baerts Co-developed-by: Davide Caratti Signed-off-by: Davide Caratti Co-developed-by: Paolo Abeni Signed-off-by: Paolo Abeni Signed-off-by: Peter Krystad Signed-off-by: Christoph Paasch Signed-off-by: David S. Miller include/linux/tcp.h | 3 ++ net/mptcp/Makefile | 2 +- net/mptcp/protocol.c | 132 ++++++++++++++++++++++++++++++++++++++++++++++++--- net/mptcp/protocol.h | 26 ++++++++++ net/mptcp/subflow.c | 119 ++++++++++++++++++++++++++++++++++++++++++++++ 5 files changed, 275 insertions(+), 7 deletions(-) create mode 100644 net/mptcp/subflow.c culprit signature: 8b2d87a26916974a90b7737eaf573c956691516eaad38b173560a420173be803 parent signature: 4c75a747ef49bcebb34d2274c580482d319a3be1374707f79a6dd05dbd5baf3b revisions tested: 16, total time: 3h37m53.763286531s (build: 1h45m24.851737935s, test: 1h51m22.098039035s) first bad commit: 2303f994b3e187091fd08148066688b08f837efc mptcp: Associate MPTCP context with TCP socket cc: ["cpaasch@apple.com" "davem@davemloft.net" "dcaratti@redhat.com" "fw@strlen.de" "matthieu.baerts@tessares.net" "pabeni@redhat.com" "peter.krystad@linux.intel.com"] crash: BUG: unable to handle kernel NULL pointer dereference in cipso_v4_sock_setattr BUG: kernel NULL pointer dereference, address: 0000000000000000 #PF: supervisor instruction fetch in kernel mode #PF: error_code(0x0010) - not-present page PGD 86408067 P4D 86408067 PUD 86409067 PMD 0 Oops: 0010 [#1] PREEMPT SMP KASAN CPU: 1 PID: 8725 Comm: syz-executor.0 Not tainted 5.5.0-rc6-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:0x0 Code: Bad RIP value. RSP: 0018:ffffc90002bb7b18 EFLAGS: 00010246 RAX: 0000000000000007 RBX: ffff88808f38e040 RCX: 1ffff11012f0edd3 RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff88808f38e040 RBP: ffffc90002bb7b50 R08: 0000000000000002 R09: fffffbfff14ba179 R10: fffffbfff14ba178 R11: ffffffff8a5d0bc7 R12: 0000000000000000 R13: 0000000000000000 R14: ffff88808f38e4d0 R15: ffff888097876e80 FS: 00007f14ed1f5700(0000) GS:ffff8880aeb00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: ffffffffffffffd6 CR3: 0000000099cc1000 CR4: 00000000001406e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: cipso_v4_sock_setattr+0x284/0x3c0 net/ipv4/cipso_ipv4.c:1888 netlbl_sock_setattr+0x18b/0x290 net/netlabel/netlabel_kapi.c:989 smack_netlabel+0x116/0x160 security/smack/smack_lsm.c:2430 smack_inode_setsecurity+0x262/0x320 security/smack/smack_lsm.c:2721 security_inode_setsecurity+0xac/0xf0 security/security.c:1332 __vfs_setxattr_noperm+0x114/0x370 fs/xattr.c:197 vfs_setxattr+0xaa/0xe0 fs/xattr.c:224 setxattr+0x1af/0x280 fs/xattr.c:451 __do_sys_fsetxattr fs/xattr.c:506 [inline] __se_sys_fsetxattr fs/xattr.c:495 [inline] __x64_sys_fsetxattr+0x1ac/0x240 fs/xattr.c:495 do_syscall_64+0xca/0x5f0 arch/x86/entry/common.c:294 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x45c449 Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007f14ed1f4c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000be RAX: ffffffffffffffda RBX: 00007f14ed1f56d4 RCX: 000000000045c449 RDX: 0000000020000200 RSI: 00000000200001c0 RDI: 0000000000000003 RBP: 000000000076bf20 R08: 0000000000000003 R09: 0000000000000000 R10: 0000000000000009 R11: 0000000000000246 R12: 00000000ffffffff R13: 00000000000000da R14: 00000000004c3268 R15: 000000000076bf2c Modules linked in: CR2: 0000000000000000 ---[ end trace 6765d8b5034ad4f0 ]--- RIP: 0010:0x0 Code: Bad RIP value. RSP: 0018:ffffc90002bb7b18 EFLAGS: 00010246 RAX: 0000000000000007 RBX: ffff88808f38e040 RCX: 1ffff11012f0edd3 RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff88808f38e040 RBP: ffffc90002bb7b50 R08: 0000000000000002 R09: fffffbfff14ba179 R10: fffffbfff14ba178 R11: ffffffff8a5d0bc7 R12: 0000000000000000 R13: 0000000000000000 R14: ffff88808f38e4d0 R15: ffff888097876e80 FS: 00007f14ed1f5700(0000) GS:ffff8880aeb00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: ffffffffffffffd6 CR3: 0000000099cc1000 CR4: 00000000001406e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400