bisecting fixing commit since 6c677750f22db3bb466a95f08b91a1cca8323146
building syzkaller on 88bc17df053022a7c2a3753b299b06a9eff19c1a
testing commit 6c677750f22db3bb466a95f08b91a1cca8323146 with gcc (GCC) 8.1.0
kernel signature: 2843362e3fed2368b83e60c619e3ca6cccd644c2048ab58bdf1f448843b6295d
all runs: crashed: WARNING in xfrm_policy_insert
testing current HEAD a57066b1a01977a646145f4ce8dfb4538b08368a
testing commit a57066b1a01977a646145f4ce8dfb4538b08368a with gcc (GCC) 8.1.0
kernel signature: 240162ce3c2606768661a4e3adc4254627103a13d489f5fd3281042bd8714718
all runs: OK
# git bisect start a57066b1a01977a646145f4ce8dfb4538b08368a 6c677750f22db3bb466a95f08b91a1cca8323146
Bisecting: 99659 revisions left to test after this (roughly 17 steps)
[55472bae5331f33582d9f0e8919fed8bebcda0da] Merge tag 'linux-watchdog-5.2-rc1' of git://www.linux-watchdog.org/linux-watchdog
testing commit 55472bae5331f33582d9f0e8919fed8bebcda0da with gcc (GCC) 8.1.0
kernel signature: aa995ebe2dadf6371a3a0a448fc92a091bd5ad8056de0dcd1e6fd13664b589cf
all runs: crashed: WARNING in xfrm_policy_insert_list
# git bisect good 55472bae5331f33582d9f0e8919fed8bebcda0da
Bisecting: 49829 revisions left to test after this (roughly 16 steps)
[50caca9d7f633bb2aad7f979c40db01a4811abcd] Merge tag 'xfs-5.5-merge-17' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux
testing commit 50caca9d7f633bb2aad7f979c40db01a4811abcd with gcc (GCC) 8.1.0
kernel signature: 05d264760e6249f90dbbf2c74d89e9a57b20d4cc59be0c61193ce0c447c47eb0
all runs: crashed: WARNING in xfrm_policy_insert_list
# git bisect good 50caca9d7f633bb2aad7f979c40db01a4811abcd
Bisecting: 24968 revisions left to test after this (roughly 15 steps)
[e964f1e04a1ce562f0d748b29326244d3cb35ba4] Merge tag 'dmaengine-5.7-rc1' of git://git.infradead.org/users/vkoul/slave-dma
testing commit e964f1e04a1ce562f0d748b29326244d3cb35ba4 with gcc (GCC) 8.1.0
kernel signature: 077bed8850e17c82b1ac1432084857961cc47bc7f153a18ac0057200eac5c71c
all runs: crashed: WARNING in xfrm_policy_insert_list
# git bisect good e964f1e04a1ce562f0d748b29326244d3cb35ba4
Bisecting: 11762 revisions left to test after this (roughly 14 steps)
[cb8e59cc87201af93dfbb6c3dccc8fcad72a09c2] Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next
testing commit cb8e59cc87201af93dfbb6c3dccc8fcad72a09c2 with gcc (GCC) 8.1.0
kernel signature: 064c6ea93f89b627f53027f9dddebda79f2617eb87cf8bdec94795451cf74449
all runs: OK
# git bisect bad cb8e59cc87201af93dfbb6c3dccc8fcad72a09c2
Bisecting: 6628 revisions left to test after this (roughly 13 steps)
[4fba37586e4e73f9f9a855e610e151ef7da2b481] kasan: move kasan_report() into report.c
testing commit 4fba37586e4e73f9f9a855e610e151ef7da2b481 with gcc (GCC) 8.1.0
kernel signature: 33a13182b99735bfeee26b5afa30bbd86fed58f789da037ff1731d12851563a4
all runs: OK
# git bisect bad 4fba37586e4e73f9f9a855e610e151ef7da2b481
Bisecting: 3287 revisions left to test after this (roughly 12 steps)
[fcc95f06403c956e3f50ca4a82db12b66a3078e0] Merge tag 'ceph-for-5.7-rc1' of git://github.com/ceph/ceph-client
testing commit fcc95f06403c956e3f50ca4a82db12b66a3078e0 with gcc (GCC) 8.1.0
kernel signature: 419672e075ecd7d3117d4377d4736e669aee2ca6fa7ef66062d10af21bf2a091
all runs: crashed: WARNING in xfrm_policy_insert_list
# git bisect good fcc95f06403c956e3f50ca4a82db12b66a3078e0
Bisecting: 1603 revisions left to test after this (roughly 11 steps)
[a811c1fa0a02c062555b54651065899437bacdbe] Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net
testing commit a811c1fa0a02c062555b54651065899437bacdbe with gcc (GCC) 8.1.0
kernel signature: 3d6b73ce9abf6bec19d7c94927155d04fac23535ada7b7d4225ff4f29ca8adab
all runs: crashed: WARNING in xfrm_policy_insert_list
# git bisect good a811c1fa0a02c062555b54651065899437bacdbe
Bisecting: 771 revisions left to test after this (roughly 10 steps)
[caffb99b6929f41a69edbb5aef3a359bf45f3315] Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net
testing commit caffb99b6929f41a69edbb5aef3a359bf45f3315 with gcc (GCC) 8.1.0
kernel signature: feff211b2b9fa0c307b0243d65be876930f7d2c26f5e33a8b58ed766eb458cdb
all runs: crashed: WARNING in xfrm_policy_insert_list
# git bisect good caffb99b6929f41a69edbb5aef3a359bf45f3315
Bisecting: 359 revisions left to test after this (roughly 9 steps)
[a36de5ebac2bea1d30e9ad103b4f841a2c4bb61b] Merge tag 'spi-v5.8' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/spi
testing commit a36de5ebac2bea1d30e9ad103b4f841a2c4bb61b with gcc (GCC) 8.1.0
kernel signature: 0852eda21ef99033d8f535bf617bc47d4a3e2378ff9bd3081dd24da3ccb5d150
all runs: OK
# git bisect bad a36de5ebac2bea1d30e9ad103b4f841a2c4bb61b
Bisecting: 191 revisions left to test after this (roughly 8 steps)
[19835b1ba6b1f2d3fb5aefffa01ebd626513ff4a] Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net
testing commit 19835b1ba6b1f2d3fb5aefffa01ebd626513ff4a with gcc (GCC) 8.1.0
kernel signature: baaba5434a124f2c8292122b5d2f181cf77aa588510ce7339dcea22863c7876c
all runs: OK
# git bisect bad 19835b1ba6b1f2d3fb5aefffa01ebd626513ff4a
Bisecting: 116 revisions left to test after this (roughly 7 steps)
[e2fce151d2b4bd9722b3344ae381c768d249761f] Merge tag 'ceph-for-5.7-rc8' of git://github.com/ceph/ceph-client
testing commit e2fce151d2b4bd9722b3344ae381c768d249761f with gcc (GCC) 8.1.0
kernel signature: c3acbf498b2ef4a038b4f55b7062d6ac7c3d8256b459fb6aab82788f67144db1
all runs: crashed: WARNING in xfrm_policy_insert_list
# git bisect good e2fce151d2b4bd9722b3344ae381c768d249761f
Bisecting: 58 revisions left to test after this (roughly 6 steps)
[942110fdf2f1a298e66cdb3b776c854b157cd820] Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec
testing commit 942110fdf2f1a298e66cdb3b776c854b157cd820 with gcc (GCC) 8.1.0
kernel signature: bb3815d28a49432bdce7d78afc9f4fc6fe17573d6ae37ccd85ae1371167ad954
all runs: OK
# git bisect bad 942110fdf2f1a298e66cdb3b776c854b157cd820
Bisecting: 28 revisions left to test after this (roughly 5 steps)
[a4976a3ef844c510ae9120290b23e9f3f47d6bce] crypto: chelsio/chtls: properly set tp->lsndtime
testing commit a4976a3ef844c510ae9120290b23e9f3f47d6bce with gcc (GCC) 8.1.0
kernel signature: 9868b03114e619932729fcf9ce2488bc2cf52ef3054d2f68c572eba3f48a701a
all runs: crashed: WARNING in xfrm_policy_insert_list
# git bisect good a4976a3ef844c510ae9120290b23e9f3f47d6bce
Bisecting: 14 revisions left to test after this (roughly 4 steps)
[ed17b8d377eaf6b4a01d46942b4c647378a79bdd] xfrm: fix a warning in xfrm_policy_insert_list
testing commit ed17b8d377eaf6b4a01d46942b4c647378a79bdd with gcc (GCC) 8.1.0
kernel signature: 71c16bde581fec199ea3cf8659a08899f28343fa14b4209e23c8f2a586b1ecfa
all runs: OK
# git bisect bad ed17b8d377eaf6b4a01d46942b4c647378a79bdd
Bisecting: 6 revisions left to test after this (roughly 3 steps)
[25a44ae93d1a490f36d88a180f11aa2650bef074] esp6: support ipv6 nexthdrs process for beet gso segment
testing commit 25a44ae93d1a490f36d88a180f11aa2650bef074 with gcc (GCC) 8.1.0
kernel signature: 08a319a6a4946db4c06f30e582529a8a3420e7efd850a7572e1395a45a9302ed
all runs: crashed: WARNING in xfrm_policy_insert_list
# git bisect good 25a44ae93d1a490f36d88a180f11aa2650bef074
Bisecting: 3 revisions left to test after this (roughly 2 steps)
[976eba8ab596bab94b9714cd46d38d5c6a2c660d] ip_vti: receive ipip packet by calling ip_tunnel_rcv
testing commit 976eba8ab596bab94b9714cd46d38d5c6a2c660d with gcc (GCC) 8.1.0
kernel signature: 6ba4b3eb3d497b9849e1b815201cec6b8ef24f756278db40189ab46ea003ef4a
all runs: crashed: WARNING in xfrm_policy_insert_list
# git bisect good 976eba8ab596bab94b9714cd46d38d5c6a2c660d
Bisecting: 1 revision left to test after this (roughly 1 step)
[56b1b7c667fbb9ee395f7506dfef3c04571e024a] esp6: calculate transport_header correctly when sel.family != AF_INET6
testing commit 56b1b7c667fbb9ee395f7506dfef3c04571e024a with gcc (GCC) 8.1.0
kernel signature: fda91fb13569d586e5ddadfae4814f644d03d0eae0fbfb00eb8ee5a28a484771
all runs: crashed: WARNING in xfrm_policy_insert_list
# git bisect good 56b1b7c667fbb9ee395f7506dfef3c04571e024a
Bisecting: 0 revisions left to test after this (roughly 0 steps)
[3ffb93ba326f40b47b17a4e8b3399c0fa2e8cee6] esp4: improve xfrm4_beet_gso_segment() to be more readable
testing commit 3ffb93ba326f40b47b17a4e8b3399c0fa2e8cee6 with gcc (GCC) 8.1.0
kernel signature: ba44a2c4e27575539236861d470e632ce12b8c7644babb895ce7c1bce5ec6eeb
all runs: crashed: WARNING in xfrm_policy_insert_list
# git bisect good 3ffb93ba326f40b47b17a4e8b3399c0fa2e8cee6
ed17b8d377eaf6b4a01d46942b4c647378a79bdd is the first bad commit
commit ed17b8d377eaf6b4a01d46942b4c647378a79bdd
Author: Xin Long <lucien.xin@gmail.com>
Date:   Mon May 25 13:53:37 2020 +0800

    xfrm: fix a warning in xfrm_policy_insert_list
    
    This waring can be triggered simply by:
    
      # ip xfrm policy update src 192.168.1.1/24 dst 192.168.1.2/24 dir in \
        priority 1 mark 0 mask 0x10  #[1]
      # ip xfrm policy update src 192.168.1.1/24 dst 192.168.1.2/24 dir in \
        priority 2 mark 0 mask 0x1   #[2]
      # ip xfrm policy update src 192.168.1.1/24 dst 192.168.1.2/24 dir in \
        priority 2 mark 0 mask 0x10  #[3]
    
    Then dmesg shows:
    
      [ ] WARNING: CPU: 1 PID: 7265 at net/xfrm/xfrm_policy.c:1548
      [ ] RIP: 0010:xfrm_policy_insert_list+0x2f2/0x1030
      [ ] Call Trace:
      [ ]  xfrm_policy_inexact_insert+0x85/0xe50
      [ ]  xfrm_policy_insert+0x4ba/0x680
      [ ]  xfrm_add_policy+0x246/0x4d0
      [ ]  xfrm_user_rcv_msg+0x331/0x5c0
      [ ]  netlink_rcv_skb+0x121/0x350
      [ ]  xfrm_netlink_rcv+0x66/0x80
      [ ]  netlink_unicast+0x439/0x630
      [ ]  netlink_sendmsg+0x714/0xbf0
      [ ]  sock_sendmsg+0xe2/0x110
    
    The issue was introduced by Commit 7cb8a93968e3 ("xfrm: Allow inserting
    policies with matching mark and different priorities"). After that, the
    policies [1] and [2] would be able to be added with different priorities.
    
    However, policy [3] will actually match both [1] and [2]. Policy [1]
    was matched due to the 1st 'return true' in xfrm_policy_mark_match(),
    and policy [2] was matched due to the 2nd 'return true' in there. It
    caused WARN_ON() in xfrm_policy_insert_list().
    
    This patch is to fix it by only (the same value and priority) as the
    same policy in xfrm_policy_mark_match().
    
    Thanks to Yuehaibing, we could make this fix better.
    
    v1->v2:
      - check policy->mark.v == pol->mark.v only without mask.
    
    Fixes: 7cb8a93968e3 ("xfrm: Allow inserting policies with matching mark and different priorities")
    Reported-by: Xiumei Mu <xmu@redhat.com>
    Signed-off-by: Xin Long <lucien.xin@gmail.com>
    Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>

 net/xfrm/xfrm_policy.c | 7 +------
 1 file changed, 1 insertion(+), 6 deletions(-)
culprit signature: 71c16bde581fec199ea3cf8659a08899f28343fa14b4209e23c8f2a586b1ecfa
parent  signature: ba44a2c4e27575539236861d470e632ce12b8c7644babb895ce7c1bce5ec6eeb
revisions tested: 20, total time: 4h34m39.245541809s (build: 1h20m53.656959769s, test: 3h9m22.860515197s)
first good commit: ed17b8d377eaf6b4a01d46942b4c647378a79bdd xfrm: fix a warning in xfrm_policy_insert_list
cc: ["davem@davemloft.net" "herbert@gondor.apana.org.au" "kuba@kernel.org" "linux-kernel@vger.kernel.org" "lucien.xin@gmail.com" "netdev@vger.kernel.org" "steffen.klassert@secunet.com"]