bisecting cause commit starting from 3cea11cd5e3b00d91caf0b4730194039b45c5891 building syzkaller on 8bc4594f832068a30c0eff44d468311780057d1f testing commit 3cea11cd5e3b00d91caf0b4730194039b45c5891 with gcc (GCC) 8.1.0 kernel signature: 87d3349e5de3f811d21b1fcae75e7db39811d4db3f6fddd0a2a74064c2452e1b run #0: crashed: BUG: unable to handle kernel NULL pointer dereference in nf_hook_slow run #1: crashed: BUG: unable to handle kernel paging request in add_grec run #2: crashed: BUG: unable to handle kernel NULL pointer dereference in nf_hook_slow run #3: crashed: kernel BUG at net/ipv4/fib_semantics.c:LINE! run #4: crashed: BUG: unable to handle kernel NULL pointer dereference in rcu_core run #5: crashed: BUG: unable to handle kernel NULL pointer dereference in find_match run #6: crashed: BUG: unable to handle kernel paging request in fib_create_info run #7: crashed: BUG: unable to handle kernel NULL pointer dereference in batadv_bla_del_backbone_claims run #8: crashed: BUG: unable to handle kernel NULL pointer dereference in ip6_sublist_rcv_finish run #9: crashed: INFO: trying to register non-static key in netlink_release testing release v5.9 testing commit bbf5c979011a099af5dc76498918ed7df445635b with gcc (GCC) 8.1.0 kernel signature: 934f0a134532bbbd345c7e8b605e59600f755e76ac937b8aa8fb348b839f419b all runs: OK # git bisect start 3cea11cd5e3b00d91caf0b4730194039b45c5891 bbf5c979011a099af5dc76498918ed7df445635b Bisecting: 7577 revisions left to test after this (roughly 13 steps) [5a32c3413d3340f90c82c84b375ad4b335a59f28] Merge tag 'dma-mapping-5.10' of git://git.infradead.org/users/hch/dma-mapping testing commit 5a32c3413d3340f90c82c84b375ad4b335a59f28 with gcc (GCC) 8.1.0 kernel signature: 736060cb764d05cb49cf8a065ce04237714b3b13800cb566f89177e0799f93ee all runs: OK # git bisect good 5a32c3413d3340f90c82c84b375ad4b335a59f28 Bisecting: 3805 revisions left to test after this (roughly 12 steps) [c8b5e2600a2cfa1cdfbecf151afd67aee227381d] io_uring: use type appropriate io_kiocb handler for double poll testing commit c8b5e2600a2cfa1cdfbecf151afd67aee227381d with gcc (GCC) 8.1.0 kernel signature: 2ed6cd916cedbb48ed5df271217232c4121dd82fca82a795d003594674a141e6 run #0: crashed: BUG: unable to handle kernel paging request in add_grec run #1: crashed: kernel BUG at net/ipv4/fib_semantics.c:LINE! run #2: crashed: BUG: unable to handle kernel NULL pointer dereference in rt6_mtu_change_route run #3: crashed: kernel BUG at net/ipv4/fib_semantics.c:LINE! run #4: crashed: kernel BUG at net/ipv4/fib_semantics.c:LINE! run #5: crashed: BUG: unable to handle kernel paging request in fib_create_info run #6: crashed: BUG: unable to handle kernel NULL pointer dereference in rcu_core run #7: crashed: WARNING in __queue_delayed_work run #8: crashed: INFO: trying to register non-static key in netlink_release run #9: crashed: BUG: unable to handle kernel NULL pointer dereference in rcu_core # git bisect bad c8b5e2600a2cfa1cdfbecf151afd67aee227381d Bisecting: 1885 revisions left to test after this (roughly 11 steps) [67ea4065db916aba763103c08f965f10c6b230cb] igc: Clean up nvm_info structure testing commit 67ea4065db916aba763103c08f965f10c6b230cb with gcc (GCC) 8.1.0 kernel signature: be7f6d2e50fb4dc2ee51d21bb7a3cf6f6fc1f4cb4ed88a51f4172634f834efc0 all runs: OK # git bisect good 67ea4065db916aba763103c08f965f10c6b230cb Bisecting: 952 revisions left to test after this (roughly 10 steps) [105faa8742437c28815b2a3eb8314ebc5fd9288c] Merge git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next testing commit 105faa8742437c28815b2a3eb8314ebc5fd9288c with gcc (GCC) 8.1.0 kernel signature: a20e75da5ef55819cceccb6ecb31ff6a350d0b257064f8f8968052a6e6a037fc run #0: crashed: BUG: unable to handle kernel paging request in add_grec run #1: crashed: BUG: unable to handle kernel NULL pointer dereference in nf_hook_slow run #2: crashed: BUG: unable to handle kernel paging request in tomoyo_check_acl run #3: crashed: BUG: unable to handle kernel paging request in fib_create_info run #4: crashed: BUG: unable to handle kernel paging request in fib_create_info run #5: crashed: kernel BUG at net/ipv4/fib_semantics.c:LINE! run #6: crashed: BUG: unable to handle kernel NULL pointer dereference in call_timer_fn run #7: crashed: BUG: unable to handle kernel paging request in fib_create_info run #8: crashed: BUG: unable to handle kernel NULL pointer dereference in find_match run #9: crashed: BUG: unable to handle kernel NULL pointer dereference in call_timer_fn # git bisect bad 105faa8742437c28815b2a3eb8314ebc5fd9288c Bisecting: 441 revisions left to test after this (roughly 9 steps) [14c914fcb515c424177bb6848cc2858ebfe717a8] Merge tag 'wireless-drivers-next-2020-10-02' of git://git.kernel.org/pub/scm/linux/kernel/git/kvalo/wireless-drivers-next testing commit 14c914fcb515c424177bb6848cc2858ebfe717a8 with gcc (GCC) 8.1.0 kernel signature: 501ee6a81b4b1d472504310c6234e7ab06f5ef9dc2c4f556dd8c98d29813b711 run #0: crashed: BUG: unable to handle kernel NULL pointer dereference in find_match run #1: crashed: BUG: unable to handle kernel paging request in add_grec run #2: crashed: BUG: unable to handle kernel NULL pointer dereference in find_match run #3: crashed: BUG: unable to handle kernel NULL pointer dereference in nf_hook_slow run #4: crashed: WARNING: ODEBUG bug in __do_softirq run #5: crashed: BUG: unable to handle kernel paging request in fib_create_info run #6: crashed: BUG: unable to handle kernel NULL pointer dereference in rt6_mtu_change_route run #7: crashed: BUG: unable to handle kernel paging request in fib_create_info run #8: crashed: BUG: unable to handle kernel NULL pointer dereference in rt6_mtu_change_route run #9: crashed: kernel BUG at net/ipv4/fib_semantics.c:LINE! # git bisect bad 14c914fcb515c424177bb6848cc2858ebfe717a8 Bisecting: 276 revisions left to test after this (roughly 8 steps) [7c89d9d9f90931f170e510e9e4b84d9dafdd616a] Merge branch 'net-ravb-Add-support-for-explicit-internal-clock-delay-c onfiguration' testing commit 7c89d9d9f90931f170e510e9e4b84d9dafdd616a with gcc (GCC) 8.1.0 kernel signature: f458d285e7688271438824eda1338971dcc608f1a47915d9838ba22fc2e89341 all runs: OK # git bisect good 7c89d9d9f90931f170e510e9e4b84d9dafdd616a Bisecting: 151 revisions left to test after this (roughly 7 steps) [4f359b653f7f598c29a1fbcf69fa975bf510061b] net/smscx5xx: change to of_get_mac_address() eth_platform_get_mac_address() testing commit 4f359b653f7f598c29a1fbcf69fa975bf510061b with gcc (GCC) 8.1.0 kernel signature: e5be73076c17829fd1c7ed6f0e83120285414a9997121468bdadc63f6a46b873 run #0: crashed: BUG: unable to handle kernel paging request in fib_create_info run #1: crashed: BUG: Bad page map run #2: crashed: BUG: unable to handle kernel paging request in fib_create_info run #3: crashed: BUG: unable to handle kernel paging request in add_grec run #4: crashed: kernel BUG at net/ipv4/fib_semantics.c:LINE! run #5: crashed: WARNING in __queue_delayed_work run #6: crashed: BUG: unable to handle kernel paging request in netlink_compare run #7: crashed: WARNING in __queue_delayed_work run #8: crashed: BUG: unable to handle kernel NULL pointer dereference in call_timer_fn run #9: crashed: INFO: trying to register non-static key in netlink_release # git bisect bad 4f359b653f7f598c29a1fbcf69fa975bf510061b Bisecting: 61 revisions left to test after this (roughly 6 steps) [3aae4a38068a5a4fe1c7731eedf26a8a5f588732] Merge branch 'selftests/bpf: BTF-based kernel data display' testing commit 3aae4a38068a5a4fe1c7731eedf26a8a5f588732 with gcc (GCC) 8.1.0 kernel signature: dcd7ac760003da8e98d4c91a5d0d974afd800d461c282de9b32ed470aa014217 all runs: OK # git bisect good 3aae4a38068a5a4fe1c7731eedf26a8a5f588732 Bisecting: 30 revisions left to test after this (roughly 5 steps) [eef4a011f35d3aa657d4995c53ccb240d9eaea73] bpf, selftests: Add redirect_neigh selftest testing commit eef4a011f35d3aa657d4995c53ccb240d9eaea73 with gcc (GCC) 8.1.0 kernel signature: a9c96fc419b97e1a64f75748212130e5835e1c72f84382c1830339163b885724 all runs: OK # git bisect good eef4a011f35d3aa657d4995c53ccb240d9eaea73 Bisecting: 15 revisions left to test after this (roughly 4 steps) [949ca6b82e43b342dba153a9fd643fb1b5e9f034] netlink: fix policy dump leak testing commit 949ca6b82e43b342dba153a9fd643fb1b5e9f034 with gcc (GCC) 8.1.0 kernel signature: 33648cdbd45498269358fdad9b63d519f111af766a16cd0e29ee1869edfec511 all runs: OK # git bisect good 949ca6b82e43b342dba153a9fd643fb1b5e9f034 Bisecting: 7 revisions left to test after this (roughly 3 steps) [61e7113e48d3ca1ea692b5c6376a4b545b312166] Merge 'xfrm: Add compat layer' testing commit 61e7113e48d3ca1ea692b5c6376a4b545b312166 with gcc (GCC) 8.1.0 kernel signature: 59544b5c64d107705f923860a5ae77d60726d9e7cf333bdb9aa0d2b0ba48395d run #0: crashed: BUG: unable to handle kernel NULL pointer dereference in nf_hook_slow run #1: crashed: WARNING in __queue_delayed_work run #2: crashed: BUG: unable to handle kernel NULL pointer dereference in fib6_walk_continue run #3: crashed: kernel BUG at net/ipv4/fib_semantics.c:LINE! run #4: crashed: BUG: unable to handle kernel NULL pointer dereference in nf_hook_slow run #5: crashed: BUG: unable to handle kernel paging request in add_grec run #6: crashed: BUG: unable to handle kernel paging request in fib_create_info run #7: crashed: BUG: unable to handle kernel paging request in fib_create_info run #8: crashed: BUG: unable to handle kernel paging request in cgroup_pidlist_find run #9: crashed: BUG: unable to handle kernel NULL pointer dereference in call_timer_fn # git bisect bad 61e7113e48d3ca1ea692b5c6376a4b545b312166 Bisecting: 3 revisions left to test after this (roughly 2 steps) [e11eb32de3a7854d6b366dee17dd36c9ab0c39de] netlink/compat: Append NLMSG_DONE/extack to frag_list testing commit e11eb32de3a7854d6b366dee17dd36c9ab0c39de with gcc (GCC) 8.1.0 kernel signature: 956f625834aafec5031c0b110752d553569ee73224e3d509c1d9732d46cc83f3 all runs: OK # git bisect good e11eb32de3a7854d6b366dee17dd36c9ab0c39de Bisecting: 1 revision left to test after this (roughly 1 step) [96392ee5a13b992563cfe07d23ee30d333b89126] xfrm/compat: Translate 32-bit user_policy from sockptr testing commit 96392ee5a13b992563cfe07d23ee30d333b89126 with gcc (GCC) 8.1.0 kernel signature: 59544b5c64d107705f923860a5ae77d60726d9e7cf333bdb9aa0d2b0ba48395d run #0: crashed: BUG: unable to handle kernel NULL pointer dereference in nf_hook_slow run #1: crashed: BUG: unable to handle kernel NULL pointer dereference in rcu_core run #2: crashed: BUG: unable to handle kernel paging request in add_grec run #3: crashed: BUG: unable to handle kernel paging request in add_grec run #4: crashed: BUG: unable to handle kernel paging request in fib_create_info run #5: crashed: BUG: unable to handle kernel NULL pointer dereference in wq_worker_sleeping run #6: crashed: BUG: unable to handle kernel NULL pointer dereference in rcu_core run #7: crashed: WARNING in __queue_delayed_work run #8: crashed: INFO: trying to register non-static key in netlink_release run #9: crashed: general protection fault in netlink_compare # git bisect bad 96392ee5a13b992563cfe07d23ee30d333b89126 Bisecting: 0 revisions left to test after this (roughly 0 steps) [5106f4a8acff480e244300bc5097c0ad7048c3a2] xfrm/compat: Add 32=>64-bit messages translator testing commit 5106f4a8acff480e244300bc5097c0ad7048c3a2 with gcc (GCC) 8.1.0 kernel signature: e4ec0955687310d3699f6415793178edb18d0cdc6866c2bd2ec2f0a51ba49b79 run #0: crashed: BUG: unable to handle kernel paging request in fib_create_info run #1: crashed: BUG: unable to handle kernel NULL pointer dereference in nf_hook_slow run #2: crashed: BUG: unable to handle kernel paging request in fib_create_info run #3: crashed: kernel BUG at net/ipv4/fib_semantics.c:LINE! run #4: crashed: BUG: unable to handle kernel paging request in add_grec run #5: crashed: BUG: unable to handle kernel paging request in fib_create_info run #6: crashed: BUG: unable to handle kernel paging request in debug_check_no_obj_freed run #7: crashed: INFO: trying to register non-static key in netlink_insert run #8: crashed: INFO: trying to register non-static key in netlink_insert run #9: crashed: INFO: trying to register non-static key in netlink_release # git bisect bad 5106f4a8acff480e244300bc5097c0ad7048c3a2 5106f4a8acff480e244300bc5097c0ad7048c3a2 is the first bad commit commit 5106f4a8acff480e244300bc5097c0ad7048c3a2 Author: Dmitry Safonov Date: Mon Sep 21 15:36:55 2020 +0100 xfrm/compat: Add 32=>64-bit messages translator Provide the user-to-kernel translator under XFRM_USER_COMPAT, that creates for 32-bit xfrm-user message a 64-bit translation. The translation is afterwards reused by xfrm_user code just as if userspace had sent 64-bit message. Signed-off-by: Dmitry Safonov Signed-off-by: Steffen Klassert include/net/xfrm.h | 6 ++ net/xfrm/Kconfig | 3 +- net/xfrm/xfrm_compat.c | 274 +++++++++++++++++++++++++++++++++++++++++++++++++ net/xfrm/xfrm_user.c | 57 ++++++---- 4 files changed, 321 insertions(+), 19 deletions(-) culprit signature: e4ec0955687310d3699f6415793178edb18d0cdc6866c2bd2ec2f0a51ba49b79 parent signature: 956f625834aafec5031c0b110752d553569ee73224e3d509c1d9732d46cc83f3 revisions tested: 16, total time: 2h59m43.529223996s (build: 1h9m32.889268945s, test: 1h48m46.107666621s) first bad commit: 5106f4a8acff480e244300bc5097c0ad7048c3a2 xfrm/compat: Add 32=>64-bit messages translator recipients (to): ["davem@davemloft.net" "dima@arista.com" "herbert@gondor.apana.org.au" "kuba@kernel.org" "netdev@vger.kernel.org" "steffen.klassert@secunet.com" "steffen.klassert@secunet.com"] recipients (cc): ["linux-kernel@vger.kernel.org"] crash: INFO: trying to register non-static key in netlink_release INFO: trying to register non-static key. the code is fine but needs lockdep annotation. turning off the locking correctness validator. CPU: 1 PID: 26710 Comm: syz-executor.3 Not tainted 5.9.0-rc3-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x77/0xa0 lib/dump_stack.c:118 assign_lock_key kernel/locking/lockdep.c:894 [inline] register_lock_class+0x681/0x690 kernel/locking/lockdep.c:1206 __lock_acquire+0x7d/0x2ad0 kernel/locking/lockdep.c:4305 lock_acquire+0xb0/0x3a0 kernel/locking/lockdep.c:5006 rht_lock include/linux/rhashtable.h:331 [inline] __rhashtable_remove_fast_one include/linux/rhashtable.h:1002 [inline] __rhashtable_remove_fast include/linux/rhashtable.h:1083 [inline] rhashtable_remove_fast include/linux/rhashtable.h:1112 [inline] netlink_remove net/netlink/af_netlink.c:599 [inline] netlink_release+0x147/0x9a0 net/netlink/af_netlink.c:741 __sock_release+0x32/0xa0 net/socket.c:596 sock_close+0xf/0x20 net/socket.c:1277 __fput+0xaa/0x250 fs/file_table.c:281 task_work_run+0x68/0xb0 kernel/task_work.c:141 tracehook_notify_resume include/linux/tracehook.h:188 [inline] exit_to_user_mode_loop kernel/entry/common.c:140 [inline] exit_to_user_mode_prepare+0x1b6/0x1c0 kernel/entry/common.c:167 syscall_exit_to_user_mode+0x3c/0x270 kernel/entry/common.c:242 __do_fast_syscall_32+0x63/0x80 arch/x86/entry/common.c:127 do_fast_syscall_32+0x2f/0x70 arch/x86/entry/common.c:149 entry_SYSENTER_compat_after_hwframe+0x4d/0x5c RIP: 0023:0xf7f18549 Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 RSP: 002b:00000000ffde126c EFLAGS: 00000296 ORIG_RAX: 0000000000000006 RAX: 0000000000000000 RBX: 0000000000000003 RCX: 0000000000000000 RDX: 0000000000000004 RSI: 0000000008bab680 RDI: 000000000002acaf RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000