bisecting cause commit starting from e3ec1e8ca02b7e6c935bba3f9b6da86c2e57d2eb building syzkaller on e1c29030da37d46475ab5babe68abc4afe085799 testing commit e3ec1e8ca02b7e6c935bba3f9b6da86c2e57d2eb with gcc (GCC) 8.1.0 kernel signature: 1c2a9b9559b5c72021bb6e2c7b40987043b0ddb39f5c6565035890bca574b414 all runs: crashed: WARNING in __cfg80211_connect_result testing release v5.8 testing commit bcf876870b95592b52519ed4aafcf9d95999bc9c with gcc (GCC) 8.1.0 kernel signature: 782e792d9f2a8c07580d8c25a4b2514bc7c9e941fed4b2514bee2ab050cf0c09 all runs: crashed: WARNING in __cfg80211_connect_result testing release v5.7 testing commit 3d77e6a8804abcc0504c904bd6e5cdf3a5cf8162 with gcc (GCC) 8.1.0 kernel signature: 3a5b90453941bc6fa10b745a264f6ec1c959b4c2586034c5725d3e6969ebbe37 all runs: crashed: WARNING in __cfg80211_connect_result testing release v5.6 testing commit 7111951b8d4973bda27ff663f2cf18b663d15b48 with gcc (GCC) 8.1.0 kernel signature: 3bf7f8d680c443bab3b4341b23f5db0f9401d32690b8cef5a7f9868a8346f0ac all runs: crashed: WARNING in __cfg80211_connect_result testing release v5.5 testing commit d5226fa6dbae0569ee43ecfc08bdcd6770fc4755 with gcc (GCC) 8.1.0 kernel signature: fb69f27390489f3d670a1d98a4a7e001ab28c9b2f6190ee7a0a2aeb7d36ee305 all runs: OK # git bisect start 7111951b8d4973bda27ff663f2cf18b663d15b48 d5226fa6dbae0569ee43ecfc08bdcd6770fc4755 Bisecting: 6113 revisions left to test after this (roughly 13 steps) [9f68e3655aae6d49d6ba05dd263f99f33c2567af] Merge tag 'drm-next-2020-01-30' of git://anongit.freedesktop.org/drm/drm testing commit 9f68e3655aae6d49d6ba05dd263f99f33c2567af with gcc (GCC) 8.1.0 kernel signature: 46495afb33b982e8b37dd08f4dbc7a3acd59f4779356433b8fa9f22d8bd55da8 all runs: crashed: WARNING in __cfg80211_connect_result # git bisect bad 9f68e3655aae6d49d6ba05dd263f99f33c2567af Bisecting: 3686 revisions left to test after this (roughly 12 steps) [fb95aae6e67c4e319a24b3eea32032d4246a5335] Merge tag 'sound-5.6-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound testing commit fb95aae6e67c4e319a24b3eea32032d4246a5335 with gcc (GCC) 8.1.0 kernel signature: 207ab1a9a93ba28f8cdcb0718dfdf15dc3eedd3dea7f621bfc74a079bccc58d5 all runs: crashed: WARNING in __cfg80211_connect_result # git bisect bad fb95aae6e67c4e319a24b3eea32032d4246a5335 Bisecting: 2267 revisions left to test after this (roughly 11 steps) [f76e4c167ea2212e23c15ee7e601a865e822c291] net: phy: add default ARCH_BCM_IPROC for MDIO_BCM_IPROC testing commit f76e4c167ea2212e23c15ee7e601a865e822c291 with gcc (GCC) 8.1.0 kernel signature: 049808f32c1eaaca08aec2bfbdfee016863e6c128e371d6c2ae4cbd7c874dfa7 all runs: crashed: WARNING in __cfg80211_connect_result # git bisect bad f76e4c167ea2212e23c15ee7e601a865e822c291 Bisecting: 810 revisions left to test after this (roughly 10 steps) [f41aa387a7896c193b384c5fb531cd2cb9e00128] Merge branch 'selftest-makefile-cleanup' testing commit f41aa387a7896c193b384c5fb531cd2cb9e00128 with gcc (GCC) 8.1.0 kernel signature: 0bed58c36f3effe1c3ffd3adb5142639ca898d514b0b14fc7170aed150e4eef8 all runs: crashed: WARNING in __cfg80211_connect_result # git bisect bad f41aa387a7896c193b384c5fb531cd2cb9e00128 Bisecting: 404 revisions left to test after this (roughly 9 steps) [9f6cff995e98258b6b81cc864532f633e5b3a081] Merge branch 'Simplify-IPv6-route-offload-API' testing commit 9f6cff995e98258b6b81cc864532f633e5b3a081 with gcc (GCC) 8.1.0 kernel signature: 458a63077771957e3903f52b8f32f242debda45db7c0b035408c2865804c1138 all runs: crashed: WARNING in __cfg80211_connect_result # git bisect bad 9f6cff995e98258b6b81cc864532f633e5b3a081 Bisecting: 202 revisions left to test after this (roughly 8 steps) [206f54b66cbf6f71e9e86f50f60ffdf7f565c3b7] net: bcmgenet: Utilize bcmgenet_set_features() during resume/open testing commit 206f54b66cbf6f71e9e86f50f60ffdf7f565c3b7 with gcc (GCC) 8.1.0 kernel signature: fc1565642829d72bc155fa654dead0eb5f83a4c632166b9291a2c69b3e9472c4 all runs: crashed: WARNING in __cfg80211_connect_result # git bisect bad 206f54b66cbf6f71e9e86f50f60ffdf7f565c3b7 Bisecting: 101 revisions left to test after this (roughly 7 steps) [a8674f753e36f566d6c1d992ab85323d784281d9] ipv4: Notify newly added route if should be offloaded testing commit a8674f753e36f566d6c1d992ab85323d784281d9 with gcc (GCC) 8.1.0 kernel signature: 29b103fcd3d6b16eeb3e442325b59bd7ae49c368fb7266d99442259c67687bf4 all runs: crashed: WARNING in __cfg80211_connect_result # git bisect bad a8674f753e36f566d6c1d992ab85323d784281d9 Bisecting: 49 revisions left to test after this (roughly 6 steps) [bea0f4a5115aaf6f59c6d2125f52ff149874b6d2] Merge branch 'sfp-slow-to-probe-copper' testing commit bea0f4a5115aaf6f59c6d2125f52ff149874b6d2 with gcc (GCC) 8.1.0 kernel signature: 112c18a210d0a4e8cd70920a7c1a8dd76448ca148525e3d79b033a2ba41985ad all runs: crashed: WARNING in __cfg80211_connect_result # git bisect bad bea0f4a5115aaf6f59c6d2125f52ff149874b6d2 Bisecting: 24 revisions left to test after this (roughly 5 steps) [bb9d8454bb0fed028558d1e66b12d50db5e43e06] Merge branch 'tipc-introduce-variable-window-congestion-control' testing commit bb9d8454bb0fed028558d1e66b12d50db5e43e06 with gcc (GCC) 8.1.0 kernel signature: 6275741a5054e0597d246144a9657571e0fe4aee7b64bf882ddb1884097dea99 all runs: crashed: WARNING in __cfg80211_connect_result # git bisect bad bb9d8454bb0fed028558d1e66b12d50db5e43e06 Bisecting: 12 revisions left to test after this (roughly 4 steps) [e70ac628289766bc2c81a0db161368b69da774fd] qed: remove redundant assignments to rc testing commit e70ac628289766bc2c81a0db161368b69da774fd with gcc (GCC) 8.1.0 kernel signature: 243567875fea0e4e884a958fa5c0a17dae80f67dcaf5496fd48165b1f7a46702 all runs: crashed: WARNING in __cfg80211_connect_result # git bisect bad e70ac628289766bc2c81a0db161368b69da774fd Bisecting: 6 revisions left to test after this (roughly 3 steps) [3cd9d35ee5f7a23203443f1a0d3c344f034c0dc7] dt-bindings: net: bluetooth: Minor fix in broadcom-bluetooth testing commit 3cd9d35ee5f7a23203443f1a0d3c344f034c0dc7 with gcc (GCC) 8.1.0 kernel signature: b5f7d1fcabe9a5ffbd5d455096f3bbb8a8e6166bfe50c35508387d5b6eb23ecb all runs: OK # git bisect good 3cd9d35ee5f7a23203443f1a0d3c344f034c0dc7 Bisecting: 3 revisions left to test after this (roughly 2 steps) [7ecacafc240638148567742cca41aa7144b4fe1e] Bluetooth: btusb: Disable runtime suspend on Realtek devices testing commit 7ecacafc240638148567742cca41aa7144b4fe1e with gcc (GCC) 8.1.0 kernel signature: ab003f95ccca6ea95845724e5453a6b651885426dcce22b1bbdd461fc5ed00ae all runs: OK # git bisect good 7ecacafc240638148567742cca41aa7144b4fe1e Bisecting: 1 revision left to test after this (roughly 1 step) [4a63ef710cc3e79ce58b46b122118e415a44b3db] Merge branch 'for-upstream' of git://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next testing commit 4a63ef710cc3e79ce58b46b122118e415a44b3db with gcc (GCC) 8.1.0 kernel signature: c8b01da1862e4f0749bab0290f6aa431d3a0ec59511b6616a94df7a391a2335e all runs: crashed: WARNING in __cfg80211_connect_result # git bisect bad 4a63ef710cc3e79ce58b46b122118e415a44b3db Bisecting: 0 revisions left to test after this (roughly 0 steps) [e7096c131e5161fa3b8e52a650d7719d2857adfd] net: WireGuard secure network tunnel testing commit e7096c131e5161fa3b8e52a650d7719d2857adfd with gcc (GCC) 8.1.0 kernel signature: 339594800f686562b0eb6eef541176c11388c0f8c0e8a5e57fe0af21d26ae839 all runs: crashed: WARNING in __cfg80211_connect_result # git bisect bad e7096c131e5161fa3b8e52a650d7719d2857adfd e7096c131e5161fa3b8e52a650d7719d2857adfd is the first bad commit commit e7096c131e5161fa3b8e52a650d7719d2857adfd Author: Jason A. Donenfeld Date: Mon Dec 9 00:27:34 2019 +0100 net: WireGuard secure network tunnel WireGuard is a layer 3 secure networking tunnel made specifically for the kernel, that aims to be much simpler and easier to audit than IPsec. Extensive documentation and description of the protocol and considerations, along with formal proofs of the cryptography, are available at: * https://www.wireguard.com/ * https://www.wireguard.com/papers/wireguard.pdf This commit implements WireGuard as a simple network device driver, accessible in the usual RTNL way used by virtual network drivers. It makes use of the udp_tunnel APIs, GRO, GSO, NAPI, and the usual set of networking subsystem APIs. It has a somewhat novel multicore queueing system designed for maximum throughput and minimal latency of encryption operations, but it is implemented modestly using workqueues and NAPI. Configuration is done via generic Netlink, and following a review from the Netlink maintainer a year ago, several high profile userspace tools have already implemented the API. This commit also comes with several different tests, both in-kernel tests and out-of-kernel tests based on network namespaces, taking profit of the fact that sockets used by WireGuard intentionally stay in the namespace the WireGuard interface was originally created, exactly like the semantics of userspace tun devices. See wireguard.com/netns/ for pictures and examples. The source code is fairly short, but rather than combining everything into a single file, WireGuard is developed as cleanly separable files, making auditing and comprehension easier. Things are laid out as follows: * noise.[ch], cookie.[ch], messages.h: These implement the bulk of the cryptographic aspects of the protocol, and are mostly data-only in nature, taking in buffers of bytes and spitting out buffers of bytes. They also handle reference counting for their various shared pieces of data, like keys and key lists. * ratelimiter.[ch]: Used as an integral part of cookie.[ch] for ratelimiting certain types of cryptographic operations in accordance with particular WireGuard semantics. * allowedips.[ch], peerlookup.[ch]: The main lookup structures of WireGuard, the former being trie-like with particular semantics, an integral part of the design of the protocol, and the latter just being nice helper functions around the various hashtables we use. * device.[ch]: Implementation of functions for the netdevice and for rtnl, responsible for maintaining the life of a given interface and wiring it up to the rest of WireGuard. * peer.[ch]: Each interface has a list of peers, with helper functions available here for creation, destruction, and reference counting. * socket.[ch]: Implementation of functions related to udp_socket and the general set of kernel socket APIs, for sending and receiving ciphertext UDP packets, and taking care of WireGuard-specific sticky socket routing semantics for the automatic roaming. * netlink.[ch]: Userspace API entry point for configuring WireGuard peers and devices. The API has been implemented by several userspace tools and network management utility, and the WireGuard project distributes the basic wg(8) tool. * queueing.[ch]: Shared function on the rx and tx path for handling the various queues used in the multicore algorithms. * send.c: Handles encrypting outgoing packets in parallel on multiple cores, before sending them in order on a single core, via workqueues and ring buffers. Also handles sending handshake and cookie messages as part of the protocol, in parallel. * receive.c: Handles decrypting incoming packets in parallel on multiple cores, before passing them off in order to be ingested via the rest of the networking subsystem with GRO via the typical NAPI poll function. Also handles receiving handshake and cookie messages as part of the protocol, in parallel. * timers.[ch]: Uses the timer wheel to implement protocol particular event timeouts, and gives a set of very simple event-driven entry point functions for callers. * main.c, version.h: Initialization and deinitialization of the module. * selftest/*.h: Runtime unit tests for some of the most security sensitive functions. * tools/testing/selftests/wireguard/netns.sh: Aforementioned testing script using network namespaces. This commit aims to be as self-contained as possible, implementing WireGuard as a standalone module not needing much special handling or coordination from the network subsystem. I expect for future optimizations to the network stack to positively improve WireGuard, and vice-versa, but for the time being, this exists as intentionally standalone. We introduce a menu option for CONFIG_WIREGUARD, as well as providing a verbose debug log and self-tests via CONFIG_WIREGUARD_DEBUG. Signed-off-by: Jason A. Donenfeld Cc: David Miller Cc: Greg KH Cc: Linus Torvalds Cc: Herbert Xu Cc: linux-crypto@vger.kernel.org Cc: linux-kernel@vger.kernel.org Cc: netdev@vger.kernel.org Signed-off-by: David S. Miller MAINTAINERS | 8 + drivers/net/Kconfig | 41 ++ drivers/net/Makefile | 1 + drivers/net/wireguard/Makefile | 18 + drivers/net/wireguard/allowedips.c | 381 ++++++++++++ drivers/net/wireguard/allowedips.h | 59 ++ drivers/net/wireguard/cookie.c | 236 ++++++++ drivers/net/wireguard/cookie.h | 59 ++ drivers/net/wireguard/device.c | 458 +++++++++++++++ drivers/net/wireguard/device.h | 73 +++ drivers/net/wireguard/main.c | 64 +++ drivers/net/wireguard/messages.h | 128 +++++ drivers/net/wireguard/netlink.c | 642 +++++++++++++++++++++ drivers/net/wireguard/netlink.h | 12 + drivers/net/wireguard/noise.c | 828 +++++++++++++++++++++++++++ drivers/net/wireguard/noise.h | 137 +++++ drivers/net/wireguard/peer.c | 240 ++++++++ drivers/net/wireguard/peer.h | 83 +++ drivers/net/wireguard/peerlookup.c | 221 +++++++ drivers/net/wireguard/peerlookup.h | 64 +++ drivers/net/wireguard/queueing.c | 53 ++ drivers/net/wireguard/queueing.h | 197 +++++++ drivers/net/wireguard/ratelimiter.c | 223 ++++++++ drivers/net/wireguard/ratelimiter.h | 19 + drivers/net/wireguard/receive.c | 595 +++++++++++++++++++ drivers/net/wireguard/selftest/allowedips.c | 683 ++++++++++++++++++++++ drivers/net/wireguard/selftest/counter.c | 104 ++++ drivers/net/wireguard/selftest/ratelimiter.c | 226 ++++++++ drivers/net/wireguard/send.c | 413 +++++++++++++ drivers/net/wireguard/socket.c | 437 ++++++++++++++ drivers/net/wireguard/socket.h | 44 ++ drivers/net/wireguard/timers.c | 243 ++++++++ drivers/net/wireguard/timers.h | 31 + drivers/net/wireguard/version.h | 1 + include/uapi/linux/wireguard.h | 196 +++++++ tools/testing/selftests/wireguard/netns.sh | 537 +++++++++++++++++ 36 files changed, 7755 insertions(+) create mode 100644 drivers/net/wireguard/Makefile create mode 100644 drivers/net/wireguard/allowedips.c create mode 100644 drivers/net/wireguard/allowedips.h create mode 100644 drivers/net/wireguard/cookie.c create mode 100644 drivers/net/wireguard/cookie.h create mode 100644 drivers/net/wireguard/device.c create mode 100644 drivers/net/wireguard/device.h create mode 100644 drivers/net/wireguard/main.c create mode 100644 drivers/net/wireguard/messages.h create mode 100644 drivers/net/wireguard/netlink.c create mode 100644 drivers/net/wireguard/netlink.h create mode 100644 drivers/net/wireguard/noise.c create mode 100644 drivers/net/wireguard/noise.h create mode 100644 drivers/net/wireguard/peer.c create mode 100644 drivers/net/wireguard/peer.h create mode 100644 drivers/net/wireguard/peerlookup.c create mode 100644 drivers/net/wireguard/peerlookup.h create mode 100644 drivers/net/wireguard/queueing.c create mode 100644 drivers/net/wireguard/queueing.h create mode 100644 drivers/net/wireguard/ratelimiter.c create mode 100644 drivers/net/wireguard/ratelimiter.h create mode 100644 drivers/net/wireguard/receive.c create mode 100644 drivers/net/wireguard/selftest/allowedips.c create mode 100644 drivers/net/wireguard/selftest/counter.c create mode 100644 drivers/net/wireguard/selftest/ratelimiter.c create mode 100644 drivers/net/wireguard/send.c create mode 100644 drivers/net/wireguard/socket.c create mode 100644 drivers/net/wireguard/socket.h create mode 100644 drivers/net/wireguard/timers.c create mode 100644 drivers/net/wireguard/timers.h create mode 100644 drivers/net/wireguard/version.h create mode 100644 include/uapi/linux/wireguard.h create mode 100755 tools/testing/selftests/wireguard/netns.sh parent commit e42617b825f8073569da76dc4510bfa019b1c35a wasn't tested testing commit e42617b825f8073569da76dc4510bfa019b1c35a with gcc (GCC) 8.1.0 kernel signature: afc7d8f297e11ad07d4b39ad250951b41add72b7ef64efc7e630fccf449c5b13 culprit signature: 339594800f686562b0eb6eef541176c11388c0f8c0e8a5e57fe0af21d26ae839 parent signature: afc7d8f297e11ad07d4b39ad250951b41add72b7ef64efc7e630fccf449c5b13 revisions tested: 19, total time: 3h28m47.831027935s (build: 2h3m27.003345342s, test: 1h23m4.873113422s) first bad commit: e7096c131e5161fa3b8e52a650d7719d2857adfd net: WireGuard secure network tunnel recipients (to): ["davem@davemloft.net" "jason@zx2c4.com" "linux-kselftest@vger.kernel.org" "netdev@vger.kernel.org" "shuah@kernel.org"] recipients (cc): ["davem@davemloft.net" "krzk@kernel.org" "kvalo@codeaurora.org" "leon@kernel.org" "linux-kernel@vger.kernel.org"] crash: WARNING in __cfg80211_connect_result ------------[ cut here ]------------ WARNING: CPU: 0 PID: 7 at net/wireless/sme.c:756 wiphy_to_rdev net/wireless/core.h:114 [inline] WARNING: CPU: 0 PID: 7 at net/wireless/sme.c:756 __cfg80211_connect_result+0xc6e/0x10f0 net/wireless/sme.c:697 Kernel panic - not syncing: panic_on_warn set ... CPU: 0 PID: 7 Comm: kworker/u4:0 Not tainted 5.5.0-rc1-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: cfg80211 cfg80211_event_work Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x128/0x182 lib/dump_stack.c:118 panic+0x22a/0x4e3 kernel/panic.c:221 __warn.cold.10+0x25/0x26 kernel/panic.c:582 report_bug+0x1ad/0x270 lib/bug.c:195 fixup_bug arch/x86/kernel/traps.c:174 [inline] do_error_trap+0x123/0x210 arch/x86/kernel/traps.c:267 do_invalid_op+0x31/0x40 arch/x86/kernel/traps.c:286 invalid_op+0x23/0x30 arch/x86/entry/entry_64.S:1027 RIP: 0010:__cfg80211_connect_result+0xc6e/0x10f0 net/wireless/sme.c:756 Code: 00 00 fc ff df 48 89 f9 48 c1 e9 03 80 3c 11 00 0f 85 34 03 00 00 49 8b 74 24 10 48 89 c7 e8 09 c1 f6 ff e9 d3 f8 ff ff 0f 0b <0f> 0b e9 ca f8 ff ff e8 d6 f8 bc fa 85 c0 74 31 80 3d 2d d5 d2 02 RSP: 0018:ffffc90000cdfc20 EFLAGS: 00010246 RAX: 0000000000000000 RBX: ffff8880954fe000 RCX: 1ffff11014c9ad45 RDX: ffff8880954fe1d0 RSI: 0000000000000002 RDI: ffffffff8892d8a8 RBP: ffffc90000cdfcd0 R08: fffffbfff1610997 R09: fffffbfff1610997 R10: fffffbfff1610996 R11: ffffffff8b084cb7 R12: ffff8880a64d6a18 R13: 1ffff9200019bf88 R14: 0000000000000000 R15: ffff8880a64d6a28 cfg80211_process_wdev_events+0x23b/0x520 net/wireless/util.c:870 cfg80211_process_rdev_events+0x50/0xc0 net/wireless/util.c:911 cfg80211_event_work+0x15/0x20 net/wireless/core.c:320 process_one_work+0x8d1/0x15b0 kernel/workqueue.c:2264 worker_thread+0x82/0xb50 kernel/workqueue.c:2410 kthread+0x31d/0x3e0 kernel/kthread.c:255 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:352 Kernel Offset: disabled Rebooting in 86400 seconds..