ci starts bisection 2023-09-20 03:15:55.574079439 +0000 UTC m=+576699.593203458 bisecting cause commit starting from 2cf0f715623872823a72e451243bbf555d10d032 building syzkaller on 0b6a67ac4b0dc26f43030c5edd01c9175f13b784 ensuring issue is reproducible on original commit 2cf0f715623872823a72e451243bbf555d10d032 testing commit 2cf0f715623872823a72e451243bbf555d10d032 gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 7aabdddcb97db2b9e745c565239f5506cdf7ff099920e11b43648a6070e32072 all runs: crashed: WARNING in inet_csk_get_port representative crash: WARNING in inet_csk_get_port, types: [WARNING] check whether we can drop unnecessary instrumentation disabling configs for [ATOMIC_SLEEP HANG LEAK UBSAN KASAN LOCKDEP], they are not needed testing commit 2cf0f715623872823a72e451243bbf555d10d032 gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 573e6c77e77e34b3a8ac09bc5ff0875304276e10f7d8f7dad3a9e07ecce68a27 all runs: crashed: WARNING in inet_csk_get_port representative crash: WARNING in inet_csk_get_port, types: [WARNING] the bug reproduces without the instrumentation disabling configs for [LEAK UBSAN KASAN LOCKDEP ATOMIC_SLEEP HANG], they are not needed kconfig minimization: base=3883 full=7693 leaves diff=2018 split chunks (needed=false): <2018> split chunk #0 of len 2018 into 5 parts testing without sub-chunk 1/5 disabling configs for [LEAK UBSAN KASAN LOCKDEP ATOMIC_SLEEP HANG], they are not needed testing commit 2cf0f715623872823a72e451243bbf555d10d032 gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 70454bf6bf8bdebea7f95b05dc3bd1229ac26101fa0434f5c4aecddc3ae837e8 all runs: crashed: WARNING in inet_csk_get_port representative crash: WARNING in inet_csk_get_port, types: [WARNING] the chunk can be dropped testing without sub-chunk 2/5 disabling configs for [HANG LEAK UBSAN KASAN LOCKDEP ATOMIC_SLEEP], they are not needed testing commit 2cf0f715623872823a72e451243bbf555d10d032 gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 975f3aeb958768184bf0882d20128a0b7a000aabd10a7f3245637ba3c88b7d43 all runs: crashed: WARNING in inet_csk_get_port representative crash: WARNING in inet_csk_get_port, types: [WARNING] the chunk can be dropped testing without sub-chunk 3/5 disabling configs for [LOCKDEP ATOMIC_SLEEP HANG LEAK UBSAN KASAN], they are not needed testing commit 2cf0f715623872823a72e451243bbf555d10d032 gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: a2b57fff0a6a5c66ab0db12f6c40dfd2f7ef05277b7955c2fcd7484cab897b0a all runs: crashed: WARNING in inet_csk_get_port representative crash: WARNING in inet_csk_get_port, types: [WARNING] the chunk can be dropped testing without sub-chunk 4/5 disabling configs for [HANG LEAK UBSAN KASAN LOCKDEP ATOMIC_SLEEP], they are not needed testing commit 2cf0f715623872823a72e451243bbf555d10d032 gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 32f32544a41b503a92f57ae148527850ad5d622c138f97fb74868e628f7ffc8b all runs: crashed: WARNING in inet_csk_get_port representative crash: WARNING in inet_csk_get_port, types: [WARNING] the chunk can be dropped testing without sub-chunk 5/5 disabling configs for [LOCKDEP ATOMIC_SLEEP HANG LEAK UBSAN KASAN], they are not needed testing commit 2cf0f715623872823a72e451243bbf555d10d032 gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 28d37cb92abd88829cceb7c45692c5c7a0fff8a9d46fd90d7b6a0574f3da2e6e all runs: crashed: WARNING in inet_csk_get_port representative crash: WARNING in inet_csk_get_port, types: [WARNING] the chunk can be dropped disabling configs for [HANG LEAK UBSAN KASAN LOCKDEP ATOMIC_SLEEP], they are not needed picked [v6.5 v6.4 v6.3 v6.1 v5.19 v5.17 v5.15 v5.13 v5.10 v5.7 v5.4 v5.1 v4.19] out of 28 release tags testing release v6.5 testing commit 2dde18cd1d8fac735875f2e4987f11817cc0bc2c gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 7a6d14bb4aa8900dbddecf53b6eba57fd43da6bc0eb163a5df277f94166b1e24 all runs: OK false negative chance: 0.000 # git bisect start 2cf0f715623872823a72e451243bbf555d10d032 2dde18cd1d8fac735875f2e4987f11817cc0bc2c Bisecting: 7072 revisions left to test after this (roughly 13 steps) [461f35f014466c4e26dca6be0f431f57297df3f2] Merge tag 'drm-next-2023-08-30' of git://anongit.freedesktop.org/drm/drm testing commit 461f35f014466c4e26dca6be0f431f57297df3f2 gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 3e9bce4ce8a68fea43ce07466f4d2e021357988310f7d7e9754a381d42978b4f all runs: OK false negative chance: 0.000 # git bisect good 461f35f014466c4e26dca6be0f431f57297df3f2 Bisecting: 3536 revisions left to test after this (roughly 12 steps) [28a4f91f5f251689c69155bc6a0b1afc9916c874] Merge tag 'driver-core-6.6-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core testing commit 28a4f91f5f251689c69155bc6a0b1afc9916c874 gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 1407cca4c9185134a77d7bdcd96eebade0d97e0b36aeb6156f0e04d1a2a23983 all runs: OK false negative chance: 0.000 # git bisect good 28a4f91f5f251689c69155bc6a0b1afc9916c874 Bisecting: 1768 revisions left to test after this (roughly 11 steps) [081690e941188acfad41b8dbde2112029a2aa206] powercap: intel_rapl: Fix invalid setting of Power Limit 4 testing commit 081690e941188acfad41b8dbde2112029a2aa206 gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: ccd8cdc634b8e0582d9c8bcf2fcf5da125174289d0db84f28a450c7de99198b5 all runs: OK false negative chance: 0.000 # git bisect good 081690e941188acfad41b8dbde2112029a2aa206 Bisecting: 885 revisions left to test after this (roughly 10 steps) [8d844b351824d622fa28bb0cd7a8fecf9aae05ed] Merge tag 'pwm/for-6.6-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/thierry.reding/linux-pwm testing commit 8d844b351824d622fa28bb0cd7a8fecf9aae05ed gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 6a13268b37c0e4eb1b9fd5827e13a96e9a58906dc47fc967d0353c7d6390d48d all runs: OK false negative chance: 0.000 # git bisect good 8d844b351824d622fa28bb0cd7a8fecf9aae05ed Bisecting: 518 revisions left to test after this (roughly 9 steps) [fd3a5940e66d059d375bdb9e2d7d06c56f630d7e] Merge tag '6.6-rc-smb3-client-fixes-part2' of git://git.samba.org/sfrench/cifs-2.6 testing commit fd3a5940e66d059d375bdb9e2d7d06c56f630d7e gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 9ac1fd76f202668c1ef22f76ad2773971fecf63f9f6dc0616af1f255c4454015 all runs: OK false negative chance: 0.000 # git bisect good fd3a5940e66d059d375bdb9e2d7d06c56f630d7e Bisecting: 259 revisions left to test after this (roughly 8 steps) [1216d49178b18dc215c642d63c924db7816f59f7] Merge tag 'amd-drm-fixes-6.6-2023-09-13' of https://gitlab.freedesktop.org/agd5f/linux into drm-fixes testing commit 1216d49178b18dc215c642d63c924db7816f59f7 gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 15189c93e365ebea7f8b4a30dcf848147a69be5dbb01f3cd3f1e9534ca7d6940 all runs: OK false negative chance: 0.000 # git bisect good 1216d49178b18dc215c642d63c924db7816f59f7 Bisecting: 126 revisions left to test after this (roughly 7 steps) [9608c7b729e29c177525006711966ae0fd399b11] Merge tag 'drm-fixes-2023-09-15' of git://anongit.freedesktop.org/drm/drm testing commit 9608c7b729e29c177525006711966ae0fd399b11 gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 69dfd0616f035f70a5dc5ce7f853ffa6d33ab6c2c9391d33b9980e3fd77052d4 all runs: crashed: WARNING in inet_csk_get_port representative crash: WARNING in inet_csk_get_port, types: [WARNING] # git bisect bad 9608c7b729e29c177525006711966ae0fd399b11 Bisecting: 64 revisions left to test after this (roughly 6 steps) [847165d7c83ddb32aefab3ad4e7424fad919eb05] Merge tag 'parisc-for-6.6-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/deller/parisc-linux testing commit 847165d7c83ddb32aefab3ad4e7424fad919eb05 gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 3b129ca30dc23ff11c8c59186d7213707e6eb8eb11b81c12829938cb486cbba8 all runs: OK false negative chance: 0.000 # git bisect good 847165d7c83ddb32aefab3ad4e7424fad919eb05 Bisecting: 32 revisions left to test after this (roughly 5 steps) [c48ef9c4aed3632566b57ba66cec6ec78624d4cb] tcp: Fix bind() regression for v4-mapped-v6 non-wildcard address. testing commit c48ef9c4aed3632566b57ba66cec6ec78624d4cb gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: a30a253485460584fd3ab52380173d52b5070840b8170eff66fe7544e73191bb all runs: crashed: WARNING in inet_csk_get_port representative crash: WARNING in inet_csk_get_port, types: [WARNING] # git bisect bad c48ef9c4aed3632566b57ba66cec6ec78624d4cb Bisecting: 15 revisions left to test after this (roughly 4 steps) [02c652f5465011126152bbd93b6a582a1d0c32f1] net: dsa: sja1105: hide all multicast addresses from "bridge fdb show" testing commit 02c652f5465011126152bbd93b6a582a1d0c32f1 gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 1c51d9a4f8d815c6a7094864a2c0783307ee980510be543dc260059a893cd3a1 all runs: OK false negative chance: 0.000 # git bisect good 02c652f5465011126152bbd93b6a582a1d0c32f1 Bisecting: 7 revisions left to test after this (roughly 3 steps) [e10a35abb3da12b812cfb6fc6137926a0c81e39a] net: ethernet: mtk_eth_soc: fix uninitialized variable testing commit e10a35abb3da12b812cfb6fc6137926a0c81e39a gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 46a8c86eb2e68902531fe2f1ef40a9900004fe9348526e1969ff866e86353d68 all runs: OK false negative chance: 0.000 # git bisect good e10a35abb3da12b812cfb6fc6137926a0c81e39a Bisecting: 3 revisions left to test after this (roughly 2 steps) [7a6102aa6df0d5d032b4cbc51935d1d4cda17254] veth: Update XDP feature set when bringing up device testing commit 7a6102aa6df0d5d032b4cbc51935d1d4cda17254 gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 77eb3a80474c15dbd3460323b436f0ee69a110a1a58eb20e21c47b2cc59422b1 all runs: OK false negative chance: 0.000 # git bisect good 7a6102aa6df0d5d032b4cbc51935d1d4cda17254 Bisecting: 1 revision left to test after this (roughly 1 step) [c6d277064b1da7f9015b575a562734de87a7e463] tcp: Factorise sk_family-independent comparison in inet_bind2_bucket_match(_addr_any). testing commit c6d277064b1da7f9015b575a562734de87a7e463 gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: a99cd82f761fe018d24dae558c3e5c3b93c3aecb2e95f4443c2269d2776b8209 all runs: OK false negative chance: 0.000 # git bisect good c6d277064b1da7f9015b575a562734de87a7e463 Bisecting: 0 revisions left to test after this (roughly 0 steps) [aa99e5f87bd54db55dd37cb130bd5eb55933027f] tcp: Fix bind() regression for v4-mapped-v6 wildcard address. testing commit aa99e5f87bd54db55dd37cb130bd5eb55933027f gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 0b0d5c35f92749cf99994e5ab43f4db6263b4227595e88aca281c43c89d27c45 all runs: OK false negative chance: 0.000 # git bisect good aa99e5f87bd54db55dd37cb130bd5eb55933027f c48ef9c4aed3632566b57ba66cec6ec78624d4cb is the first bad commit commit c48ef9c4aed3632566b57ba66cec6ec78624d4cb Author: Kuniyuki Iwashima Date: Mon Sep 11 11:36:57 2023 -0700 tcp: Fix bind() regression for v4-mapped-v6 non-wildcard address. Since bhash2 was introduced, the example below does not work as expected. These two bind() should conflict, but the 2nd bind() now succeeds. from socket import * s1 = socket(AF_INET6, SOCK_STREAM) s1.bind(('::ffff:127.0.0.1', 0)) s2 = socket(AF_INET, SOCK_STREAM) s2.bind(('127.0.0.1', s1.getsockname()[1])) During the 2nd bind() in inet_csk_get_port(), inet_bind2_bucket_find() fails to find the 1st socket's tb2, so inet_bind2_bucket_create() allocates a new tb2 for the 2nd socket. Then, we call inet_csk_bind_conflict() that checks conflicts in the new tb2 by inet_bhash2_conflict(). However, the new tb2 does not include the 1st socket, thus the bind() finally succeeds. In this case, inet_bind2_bucket_match() must check if AF_INET6 tb2 has the conflicting v4-mapped-v6 address so that inet_bind2_bucket_find() returns the 1st socket's tb2. Note that if we bind two sockets to 127.0.0.1 and then ::FFFF:127.0.0.1, the 2nd bind() fails properly for the same reason mentinoed in the previous commit. Fixes: 28044fc1d495 ("net: Add a bhash2 table hashed by port and address") Signed-off-by: Kuniyuki Iwashima Reviewed-by: Eric Dumazet Acked-by: Andrei Vagin Signed-off-by: David S. Miller net/ipv4/inet_hashtables.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) accumulated error probability: 0.00 culprit signature: a30a253485460584fd3ab52380173d52b5070840b8170eff66fe7544e73191bb parent signature: 0b0d5c35f92749cf99994e5ab43f4db6263b4227595e88aca281c43c89d27c45 revisions tested: 22, total time: 8h16m2.613794449s (build: 4h8m2.743121549s, test: 3h47m21.979587166s) first bad commit: c48ef9c4aed3632566b57ba66cec6ec78624d4cb tcp: Fix bind() regression for v4-mapped-v6 non-wildcard address. recipients (to): ["avagin@gmail.com" "davem@davemloft.net" "edumazet@google.com" "kuniyu@amazon.com"] recipients (cc): [] crash: WARNING in inet_csk_get_port ------------[ cut here ]------------ WARNING: CPU: 1 PID: 1440 at net/ipv4/inet_connection_sock.c:587 inet_csk_get_port+0x73c/0xb00 net/ipv4/inet_connection_sock.c:586 Modules linked in: CPU: 1 PID: 1440 Comm: syz-executor.0 Not tainted 6.5.0-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023 RIP: 0010:inet_csk_get_port+0x73c/0xb00 net/ipv4/inet_connection_sock.c:587 Code: 48 85 c0 48 89 c3 0f 84 55 01 00 00 44 89 34 24 41 ba 01 00 00 00 45 31 f6 c6 44 24 14 01 e9 96 fe ff ff 0f 0b e9 cb fe ff ff <0f> 0b e9 d8 fe ff ff 48 8b 55 48 48 89 d7 48 0b 7d 50 74 5e 8b 7d RSP: 0018:ffffc90001847de8 EFLAGS: 00010202 RAX: ffff888107aaf200 RBX: 0000000000000000 RCX: 0000000000000000 RDX: 0000000000000001 RSI: 0000000000000000 RDI: ffff888107699794 RBP: ffff88810b2d0000 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000003 R12: 0000000000004e22 R13: ffffffff838496c0 R14: 0000000000004e22 R15: ffff888103b68000 FS: 00007f4c6e3f46c0(0000) GS:ffff888237d00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000020000380 CR3: 00000001086b0000 CR4: 00000000003506e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: inet_csk_listen_start+0x78/0xf0 net/ipv4/inet_connection_sock.c:1256 __inet_listen_sk+0x56/0x110 net/ipv4/af_inet.c:217 inet_listen+0x43/0x60 net/ipv4/af_inet.c:239 __sys_listen+0x6f/0xb0 net/socket.c:1866 __do_sys_listen net/socket.c:1875 [inline] __se_sys_listen net/socket.c:1873 [inline] __x64_sys_listen+0xf/0x20 net/socket.c:1873 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x38/0x80 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd RIP: 0033:0x7f4c6e871ae9 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f4c6e3f40c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000032 RAX: ffffffffffffffda RBX: 00007f4c6e990f80 RCX: 00007f4c6e871ae9 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 RBP: 00007f4c6e8bd47a R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 0000000000000006 R14: 00007f4c6e990f80 R15: 00007fff081ac1a8