bisecting cause commit starting from 04740c53cac4bf93b5233a0d774d7f39620378e1
building syzkaller on 1434eec0b84075b7246560cfa89f20cdb3d8077f
testing commit 04740c53cac4bf93b5233a0d774d7f39620378e1
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 0f52b2120dd655f10af31a0300cd1f6856d6e004d822abd672e3ec5efa6ef10d
all runs: crashed: WARNING in bpf_skb_load_helper_16_no_cache
testing release v5.18
testing commit 4b0986a3613c92f4ec1bdc7f60ec66fea135991f
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: ccf743de58fd903829a6819aab70e10110ac6059d3560e4bc9bef3c3e41c5650
all runs: OK
# git bisect start 04740c53cac4bf93b5233a0d774d7f39620378e1 4b0986a3613c92f4ec1bdc7f60ec66fea135991f
Bisecting: 7918 revisions left to test after this (roughly 13 steps)
[c011dd537ffe47462051930413fed07dbdc80313] Merge tag 'arm-soc-5.19' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc

testing commit c011dd537ffe47462051930413fed07dbdc80313
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 5cd8459a01a048275b1b0f249a1c75268e79fd10661aeb697ae2f34c6111dc6f
all runs: OK
# git bisect good c011dd537ffe47462051930413fed07dbdc80313
Bisecting: 3964 revisions left to test after this (roughly 12 steps)
[176882156ae6d63a81fe7f01ea6fe65ab6b52105] Merge tag 'vfio-v5.19-rc1' of https://github.com/awilliam/linux-vfio

testing commit 176882156ae6d63a81fe7f01ea6fe65ab6b52105
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 5a44412f26b5e6ca889706424ef0973da7e61adffde14709bfa04345708d6bac
all runs: OK
# git bisect good 176882156ae6d63a81fe7f01ea6fe65ab6b52105
Bisecting: 1981 revisions left to test after this (roughly 11 steps)
[952923ddc01120190dcf671e7b354364ce1d1362] Merge tag 'pull-18-rc1-work.namei' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs

testing commit 952923ddc01120190dcf671e7b354364ce1d1362
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 6c593a274420089624259c2c3b67651090a65a07ea2d7baa9127c5e29fb1a38d
run #0: OK
run #1: OK
run #2: OK
run #3: boot failed: INFO: task hung in add_early_randomness
run #4: boot failed: INFO: task hung in add_early_randomness
run #5: boot failed: INFO: task hung in add_early_randomness
run #6: boot failed: INFO: task hung in add_early_randomness
run #7: boot failed: INFO: task hung in add_early_randomness
run #8: boot failed: INFO: task hung in add_early_randomness
run #9: boot failed: INFO: task hung in add_early_randomness
# git bisect skip 952923ddc01120190dcf671e7b354364ce1d1362
Bisecting: 1981 revisions left to test after this (roughly 11 steps)
[4dbabc4d9e8cc6d8267a9883d6694c8925235e1a] watchdog: mediatek: mt8186: add wdt support

testing commit 4dbabc4d9e8cc6d8267a9883d6694c8925235e1a
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 01badb1ec9cbd21cefa65539eded2a4a1a0618f8b20e893f89130072c3d14772
all runs: OK
# git bisect good 4dbabc4d9e8cc6d8267a9883d6694c8925235e1a
Bisecting: 1981 revisions left to test after this (roughly 11 steps)
[cb78d1b5efffe4cf97e16766329dd7358aed3deb] afs: Fix dynamic root getattr

testing commit cb78d1b5efffe4cf97e16766329dd7358aed3deb
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 3ba08c00ed81c5617af888b78ead43568b66722bbd7ff7be296fa76447ae560a
run #0: basic kernel testing failed: BUG: program execution failed: executor NUM: failed to write control pipe: write |NUM: broken pipe
run #1: basic kernel testing failed: BUG: program execution failed: executor NUM: failed to write control pipe: write |NUM: broken pipe
run #2: OK
run #3: OK
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
# git bisect good cb78d1b5efffe4cf97e16766329dd7358aed3deb
Bisecting: 591 revisions left to test after this (roughly 9 steps)
[982a2b5ffdbb48a7a7d97918ce16f408526f706e] sfc: fix repeated words in comments

testing commit 982a2b5ffdbb48a7a7d97918ce16f408526f706e
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: d3868b732276e9f69b9f799bab2e3a35bb540e927370d7be2dcc20af2170b39e
run #0: basic kernel testing failed: BUG: program execution failed: executor NUM: failed to write control pipe: write |NUM: broken pipe
run #1: crashed: WARNING in bpf_skb_load_helper_16_no_cache
run #2: crashed: WARNING in bpf_skb_load_helper_16_no_cache
run #3: crashed: WARNING in bpf_skb_load_helper_16_no_cache
run #4: crashed: WARNING in bpf_skb_load_helper_16_no_cache
run #5: crashed: WARNING in bpf_skb_load_helper_16_no_cache
run #6: crashed: WARNING in bpf_skb_load_helper_16_no_cache
run #7: crashed: WARNING in bpf_skb_load_helper_16_no_cache
run #8: crashed: WARNING in bpf_skb_load_helper_16_no_cache
run #9: crashed: WARNING in bpf_skb_load_helper_16_no_cache
# git bisect bad 982a2b5ffdbb48a7a7d97918ce16f408526f706e
Bisecting: 295 revisions left to test after this (roughly 8 steps)
[382f99c442b36b4bb76b2fbeabde99b54583085f] nfp: add support for .get_pauseparam()

testing commit 382f99c442b36b4bb76b2fbeabde99b54583085f
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 86781f07d58973b10e5aae1d7f7527e6be7886f886c1c0ebc9c91087ba81bddf
run #0: basic kernel testing failed: BUG: program execution failed: executor NUM: failed to write control pipe: write |NUM: broken pipe
run #1: OK
run #2: OK
run #3: OK
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
# git bisect good 382f99c442b36b4bb76b2fbeabde99b54583085f
Bisecting: 116 revisions left to test after this (roughly 7 steps)
[93817be8b62c7fa1f1bdc3e8c037a73a60026be9] Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net

testing commit 93817be8b62c7fa1f1bdc3e8c037a73a60026be9
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: f70b25f588a968c8463af2fef5fc75f980d26588017c474b629598770bacb580
all runs: crashed: WARNING in bpf_skb_load_helper_16_no_cache
# git bisect bad 93817be8b62c7fa1f1bdc3e8c037a73a60026be9
Bisecting: 86 revisions left to test after this (roughly 7 steps)
[399bd66e219e331976fe6fa6ab81a023c0c97870] Merge tag 'net-5.19-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net

testing commit 399bd66e219e331976fe6fa6ab81a023c0c97870
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: c24fe278e811a3f3064f54a74453389d7e8b0510821d269d60cf69720985b8d9
all runs: OK
# git bisect good 399bd66e219e331976fe6fa6ab81a023c0c97870
Bisecting: 43 revisions left to test after this (roughly 6 steps)
[930e579083d72ad57acd667e368e3c65332da65d] net: dsa: microchip: ksz9477: use ksz_read_phy16 & ksz_write_phy16

testing commit 930e579083d72ad57acd667e368e3c65332da65d
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: f5b52e7383335e7091f1f9c8f117145be00daa3781e74a8372cfc1f304152d68
all runs: crashed: WARNING in bpf_skb_load_helper_16_no_cache
# git bisect bad 930e579083d72ad57acd667e368e3c65332da65d
Bisecting: 21 revisions left to test after this (roughly 5 steps)
[6f9d70466c89377451033fa2cf55c8cb3ece7cd2] Merge branch 'raw-rcu-fixes'

testing commit 6f9d70466c89377451033fa2cf55c8cb3ece7cd2
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 9c535cf19b26de0e8d15fc27303fe2c83ced9b97868744ccb56980a358acfca0
all runs: OK
# git bisect good 6f9d70466c89377451033fa2cf55c8cb3ece7cd2
Bisecting: 10 revisions left to test after this (roughly 4 steps)
[27f0b6ce06d7a919f05c3a21e47249278f2b33c0] mlxsw: reg: Add Router Egress Interface to VID Register

testing commit 27f0b6ce06d7a919f05c3a21e47249278f2b33c0
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 9d9ece5b0aab4fef8f2d4ad27c906c1711c8a3f0ea8a0aff49cbc004ede05b4a
all runs: OK
# git bisect good 27f0b6ce06d7a919f05c3a21e47249278f2b33c0
Bisecting: 4 revisions left to test after this (roughly 3 steps)
[af185d8c76333daa877678e0166a7b45e63bf3c4] raw: complete rcu conversion

testing commit af185d8c76333daa877678e0166a7b45e63bf3c4
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 226ffead59a1900d21e36a04fe9f844d66668c23d69a4d518d63e9222e147196
all runs: crashed: WARNING in bpf_skb_load_helper_16_no_cache
# git bisect bad af185d8c76333daa877678e0166a7b45e63bf3c4
Bisecting: 2 revisions left to test after this (roughly 2 steps)
[b3820922651a678ef50b2247fb80dcd01c82534e] mlxsw: reg: Add support for VLAN RIF as part of RITR register

testing commit b3820922651a678ef50b2247fb80dcd01c82534e
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 5ebdabf3a9e2caf2555beeab544e29c6a86e2a8b9144ac485e05c48ceb1303e7
run #0: basic kernel testing failed: BUG: program execution failed: executor NUM: failed to write control pipe: write |NUM: broken pipe
run #1: OK
run #2: OK
run #3: OK
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
# git bisect good b3820922651a678ef50b2247fb80dcd01c82534e
Bisecting: 1 revision left to test after this (roughly 1 step)
[4336487e30c37a2e82a1fed2370d3134cc5b6505] Merge branch 'mlxsw-unified-bridge-conversion-part-1'

testing commit 4336487e30c37a2e82a1fed2370d3134cc5b6505
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 042c7baf31075d98614a229b258392f8990984e3508982d08a7dc793531add76
run #0: basic kernel testing failed: BUG: program execution failed: executor NUM: failed to write control pipe: write |NUM: broken pipe
run #1: OK
run #2: OK
run #3: OK
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
# git bisect good 4336487e30c37a2e82a1fed2370d3134cc5b6505
Bisecting: 0 revisions left to test after this (roughly 0 steps)
[f9aefd6b2aa38b9787d2705f0f1161dfd23cdb8f] net: warn if mac header was not set

testing commit f9aefd6b2aa38b9787d2705f0f1161dfd23cdb8f
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 66aea8e0e7257cb535dd9680a2a2f2ab01aae648f821d9a558c6deeea72b8aad
all runs: crashed: WARNING in bpf_skb_load_helper_16_no_cache
# git bisect bad f9aefd6b2aa38b9787d2705f0f1161dfd23cdb8f
f9aefd6b2aa38b9787d2705f0f1161dfd23cdb8f is the first bad commit
commit f9aefd6b2aa38b9787d2705f0f1161dfd23cdb8f
Author: Eric Dumazet <edumazet@google.com>
Date:   Mon Jun 20 02:30:17 2022 -0700

    net: warn if mac header was not set
    
    Make sure skb_mac_header(), skb_mac_offset() and skb_mac_header_len() uses
    are not fooled if the mac header has not been set.
    
    These checks are enabled if CONFIG_DEBUG_NET=y
    
    This commit will likely expose existing bugs in linux networking stacks.
    
    Signed-off-by: Eric Dumazet <edumazet@google.com>
    Link: https://lore.kernel.org/r/20220620093017.3366713-1-eric.dumazet@gmail.com
    Signed-off-by: Paolo Abeni <pabeni@redhat.com>

 include/linux/skbuff.h | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

culprit signature: 66aea8e0e7257cb535dd9680a2a2f2ab01aae648f821d9a558c6deeea72b8aad
parent  signature: 042c7baf31075d98614a229b258392f8990984e3508982d08a7dc793531add76
revisions tested: 18, total time: 4h11m26.883144639s (build: 2h4m38.422860187s, test: 2h4m59.812638106s)
first bad commit: f9aefd6b2aa38b9787d2705f0f1161dfd23cdb8f net: warn if mac header was not set
recipients (to): ["edumazet@google.com" "linux-kernel@vger.kernel.org" "pabeni@redhat.com"]
recipients (cc): ["davem@davemloft.net" "dsahern@kernel.org" "edumazet@google.com" "imagedong@tencent.com" "keescook@chromium.org" "kuba@kernel.org"]
crash: WARNING in bpf_skb_load_helper_16_no_cache
netlink: 'syz-executor.0': attribute type 21 has an invalid length.
netlink: 168 bytes leftover after parsing attributes in process `syz-executor.0'.
------------[ cut here ]------------
WARNING: CPU: 1 PID: 4097 at include/linux/skbuff.h:2773 skb_mac_header_was_set include/linux/skbuff.h:2768 [inline]
WARNING: CPU: 1 PID: 4097 at include/linux/skbuff.h:2773 skb_mac_header include/linux/skbuff.h:2773 [inline]
WARNING: CPU: 1 PID: 4097 at include/linux/skbuff.h:2773 bpf_internal_load_pointer_neg_helper+0x1b3/0x1e0 kernel/bpf/core.c:74
Modules linked in:
CPU: 1 PID: 4097 Comm: syz-executor.0 Not tainted 5.19.0-rc2-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022
RIP: 0010:skb_mac_header include/linux/skbuff.h:2773 [inline]
RIP: 0010:bpf_internal_load_pointer_neg_helper+0x1b3/0x1e0 kernel/bpf/core.c:74
Code: 8b 04 24 e9 d8 fe ff ff 89 54 24 14 89 74 24 08 48 89 04 24 e8 be e1 36 00 8b 54 24 14 8b 74 24 08 48 8b 04 24 e9 68 ff ff ff <0f> 0b e9 72 ff ff ff 89 54 24 08 89 34 24 e8 ba e1 36 00 8b 54 24
RSP: 0018:ffffc90002cff528 EFLAGS: 00010246
RAX: ffff888076697000 RBX: ffff88801abfddc0 RCX: 000000000000ffff
RDX: 0000000000000002 RSI: ffffffffffe10002 RDI: ffff88801abfde7a
RBP: dffffc0000000000 R08: 0000000000000000 R09: ffffffff8f96f907
R10: fffffbfff1f2df20 R11: 0000000000000001 R12: 0000000000000000
R13: fffffffffff00001 R14: ffffc900015e4000 R15: ffffc900015e4002
FS:  00007f8f8ffd0700(0000) GS:ffff8880b9d00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f014af56300 CR3: 000000007e1cb000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 ____bpf_skb_load_helper_16 net/core/filter.c:249 [inline]
 ____bpf_skb_load_helper_16_no_cache net/core/filter.c:260 [inline]
 bpf_skb_load_helper_16_no_cache+0x1ae/0x280 net/core/filter.c:257
 bpf_prog_e4a2190aaec26884+0x41/0x4c
 bpf_dispatcher_nop_func include/linux/bpf.h:885 [inline]
 __bpf_prog_run include/linux/filter.h:594 [inline]
 bpf_prog_run include/linux/filter.h:601 [inline]
 __bpf_prog_run_save_cb include/linux/filter.h:724 [inline]
 bpf_prog_run_save_cb include/linux/filter.h:738 [inline]
 sk_filter_trim_cap+0x202/0x800 net/core/filter.c:151
 sk_filter include/linux/filter.h:864 [inline]
 netlink_unicast+0x157/0x710 net/netlink/af_netlink.c:1347
 nlmsg_unicast include/net/netlink.h:1050 [inline]
 netlink_ack+0x40f/0x950 net/netlink/af_netlink.c:2471
 netlink_rcv_skb+0x264/0x370 net/netlink/af_netlink.c:2507
 netlink_unicast_kernel net/netlink/af_netlink.c:1319 [inline]
 netlink_unicast+0x433/0x710 net/netlink/af_netlink.c:1345
 netlink_sendmsg+0x782/0xc30 net/netlink/af_netlink.c:1921
 sock_sendmsg_nosec net/socket.c:714 [inline]
 sock_sendmsg+0xab/0xe0 net/socket.c:734
 ____sys_sendmsg+0x5c2/0x7a0 net/socket.c:2489
 ___sys_sendmsg+0xd3/0x150 net/socket.c:2543
 __sys_sendmsg+0xb9/0x150 net/socket.c:2572
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x46/0xb0
RIP: 0033:0x7f8f8ee89109
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f8f8ffd0168 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00007f8f8ef9bf60 RCX: 00007f8f8ee89109
RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003
RBP: 00007f8f8eee305d R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fff8f989d9f R14: 00007f8f8ffd0300 R15: 0000000000022000
 </TASK>