bisecting fixing commit since bb263a2a2d4380a56edab6dce5a2c064769676fb
building syzkaller on 34bf9440bd06034f86b5d9ac8afbf078129cbdae
testing commit bb263a2a2d4380a56edab6dce5a2c064769676fb with gcc (GCC) 8.1.0
kernel signature: 730ce1d930a9c5e221768cf7deeef6c35e8f85d694bebb783f0591f2ba03294f
all runs: crashed: unregister_netdevice: waiting for DEV to become free
testing current HEAD 7f2c5eb458b8855655a19c44cd0043f7f83c595f
testing commit 7f2c5eb458b8855655a19c44cd0043f7f83c595f with gcc (GCC) 8.1.0
kernel signature: 7788e16dddaaa31c130a94598f260047f841691067306935ce34e113d6ced390
all runs: OK
# git bisect start 7f2c5eb458b8855655a19c44cd0043f7f83c595f bb263a2a2d4380a56edab6dce5a2c064769676fb
Bisecting: 3103 revisions left to test after this (roughly 12 steps)
[8e08c6af8694ef89bc6be0458ec59941649c7284] net: dsa: LAN9303: select REGMAP when LAN9303 enable
testing commit 8e08c6af8694ef89bc6be0458ec59941649c7284 with gcc (GCC) 8.1.0
kernel signature: 7fa0568d4056c0d520b85db042499a2a0863beb7d6d4710538140e77865cf3ff
all runs: OK
# git bisect bad 8e08c6af8694ef89bc6be0458ec59941649c7284
Bisecting: 1551 revisions left to test after this (roughly 11 steps)
[d56e7aa4116720bc4de761110f1bc9da6e5394c9] arm64: capabilities: Move errata work around check on boot CPU
testing commit d56e7aa4116720bc4de761110f1bc9da6e5394c9 with gcc (GCC) 8.1.0
kernel signature: d7a5a58d47dc40a13cefe7d963abca391d3411c4fbb9b70302dd0b66ff457743
all runs: OK
# git bisect bad d56e7aa4116720bc4de761110f1bc9da6e5394c9
Bisecting: 775 revisions left to test after this (roughly 10 steps)
[9de28f8872f76f754c48f023c2b34db455a4d27b] ALSA: hda - Fix a memory leak bug
testing commit 9de28f8872f76f754c48f023c2b34db455a4d27b with gcc (GCC) 8.1.0
kernel signature: 5c4ec7d261ecfccb79f8404a28e08663565a3c8a4e9c7f4ddafa6a47b9da68a1
all runs: OK
# git bisect bad 9de28f8872f76f754c48f023c2b34db455a4d27b
Bisecting: 387 revisions left to test after this (roughly 9 steps)
[a904a690ea0317fcd88c5b9dfef40ef0f98d9530] floppy: fix div-by-zero in setup_format_params
testing commit a904a690ea0317fcd88c5b9dfef40ef0f98d9530 with gcc (GCC) 8.1.0
kernel signature: 29fe5538a74f1f05cabd4a8c51fa84398e7a7bc377a53caf95b5b613c9a2fefb
all runs: OK
# git bisect bad a904a690ea0317fcd88c5b9dfef40ef0f98d9530
Bisecting: 193 revisions left to test after this (roughly 8 steps)
[8b90c9801c063f6d500bd20ba9a60b127b888e2d] KVM: x86: degrade WARN to pr_warn_ratelimited
testing commit 8b90c9801c063f6d500bd20ba9a60b127b888e2d with gcc (GCC) 8.1.0
kernel signature: 266ff09e2e0ad3216ef98e29ee003c6ba0cc8a6473edc7c622bf5e22cd0b136c
all runs: crashed: unregister_netdevice: waiting for DEV to become free
# git bisect good 8b90c9801c063f6d500bd20ba9a60b127b888e2d
Bisecting: 96 revisions left to test after this (roughly 7 steps)
[193a754afbe979a43893c88373a625ed384123ab] ath6kl: add some bounds checking
testing commit 193a754afbe979a43893c88373a625ed384123ab with gcc (GCC) 8.1.0
kernel signature: 4778c31f4a2933856cf98b0abed3db6d88b7145848b4f8e13f04dbfa73ac7941
all runs: crashed: unregister_netdevice: waiting for DEV to become free
# git bisect good 193a754afbe979a43893c88373a625ed384123ab
Bisecting: 48 revisions left to test after this (roughly 6 steps)
[ca3445c2afc2898ffca97436306924d6fafefb53] ipoib: correcly show a VF hardware address
testing commit ca3445c2afc2898ffca97436306924d6fafefb53 with gcc (GCC) 8.1.0
kernel signature: 583f07442ef2bd8a30ea0904949dc9d6ff44afead745679667af9c6a85bba119
all runs: crashed: unregister_netdevice: waiting for DEV to become free
# git bisect good ca3445c2afc2898ffca97436306924d6fafefb53
Bisecting: 24 revisions left to test after this (roughly 5 steps)
[a5a0c29fa41bc1c67c8f5d3c612d697b52ad1362] rslib: Fix decoding of shortened codes
testing commit a5a0c29fa41bc1c67c8f5d3c612d697b52ad1362 with gcc (GCC) 8.1.0
kernel signature: 645a8c721678e866ff0a67ddf4b6d65531919cdbaadafc3dcf1351ff9e572478
all runs: OK
# git bisect bad a5a0c29fa41bc1c67c8f5d3c612d697b52ad1362
Bisecting: 11 revisions left to test after this (roughly 4 steps)
[a315ea1ceca7413cadc7857c74ff75ee3a756b5d] media: vimc: cap: check v4l2_fill_pixfmt return value
testing commit a315ea1ceca7413cadc7857c74ff75ee3a756b5d with gcc (GCC) 8.1.0
kernel signature: 8436baeb4182b3ea5b37fce6c2065957fc098fa2009a7a339ed0503cff8241b3
all runs: crashed: unregister_netdevice: waiting for DEV to become free
# git bisect good a315ea1ceca7413cadc7857c74ff75ee3a756b5d
Bisecting: 5 revisions left to test after this (roughly 3 steps)
[0f7f0b057417a1ff130ee218a1fcdd3356beeef9] ipvs: fix tinfo memory leak in start_sync_thread
testing commit 0f7f0b057417a1ff130ee218a1fcdd3356beeef9 with gcc (GCC) 8.1.0
kernel signature: f60edfc983d3dfdec9cff7108bad6c850e3c80aebdef27b8a2c575ec188dd09a
all runs: OK
# git bisect bad 0f7f0b057417a1ff130ee218a1fcdd3356beeef9
Bisecting: 2 revisions left to test after this (roughly 2 steps)
[97613ee0ab8a3e3a89cca2a06e3a7f715e3ad8b7] mt7601u: do not schedule rx_tasklet when the device has been disconnected
testing commit 97613ee0ab8a3e3a89cca2a06e3a7f715e3ad8b7 with gcc (GCC) 8.1.0
kernel signature: 4df229d4283bba885db409fe4a344f8ee4ffa3feb0bf55e324e3a95fa23c2c2e
all runs: crashed: unregister_netdevice: waiting for DEV to become free
# git bisect good 97613ee0ab8a3e3a89cca2a06e3a7f715e3ad8b7
Bisecting: 0 revisions left to test after this (roughly 1 step)
[defb213a7bcebe8eb595064e12103c2d0f93e408] mt7601u: fix possible memory leak when the device is disconnected
testing commit defb213a7bcebe8eb595064e12103c2d0f93e408 with gcc (GCC) 8.1.0
kernel signature: 68dba8d7fe368693195b833170df63bb2a7aeffa9c0736bba8aca5aa4205247e
all runs: crashed: unregister_netdevice: waiting for DEV to become free
# git bisect good defb213a7bcebe8eb595064e12103c2d0f93e408
0f7f0b057417a1ff130ee218a1fcdd3356beeef9 is the first bad commit
commit 0f7f0b057417a1ff130ee218a1fcdd3356beeef9
Author: Julian Anastasov <ja@ssi.bg>
Date:   Tue Jun 18 23:07:36 2019 +0300

    ipvs: fix tinfo memory leak in start_sync_thread
    
    [ Upstream commit 5db7c8b9f9fc2aeec671ae3ca6375752c162e0e7 ]
    
    syzkaller reports for memory leak in start_sync_thread [1]
    
    As Eric points out, kthread may start and stop before the
    threadfn function is called, so there is no chance the
    data (tinfo in our case) to be released in thread.
    
    Fix this by releasing tinfo in the controlling code instead.
    
    [1]
    BUG: memory leak
    unreferenced object 0xffff8881206bf700 (size 32):
     comm "syz-executor761", pid 7268, jiffies 4294943441 (age 20.470s)
     hex dump (first 32 bytes):
       00 40 7c 09 81 88 ff ff 80 45 b8 21 81 88 ff ff  .@|......E.!....
       00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
     backtrace:
       [<0000000057619e23>] kmemleak_alloc_recursive include/linux/kmemleak.h:55 [inline]
       [<0000000057619e23>] slab_post_alloc_hook mm/slab.h:439 [inline]
       [<0000000057619e23>] slab_alloc mm/slab.c:3326 [inline]
       [<0000000057619e23>] kmem_cache_alloc_trace+0x13d/0x280 mm/slab.c:3553
       [<0000000086ce5479>] kmalloc include/linux/slab.h:547 [inline]
       [<0000000086ce5479>] start_sync_thread+0x5d2/0xe10 net/netfilter/ipvs/ip_vs_sync.c:1862
       [<000000001a9229cc>] do_ip_vs_set_ctl+0x4c5/0x780 net/netfilter/ipvs/ip_vs_ctl.c:2402
       [<00000000ece457c8>] nf_sockopt net/netfilter/nf_sockopt.c:106 [inline]
       [<00000000ece457c8>] nf_setsockopt+0x4c/0x80 net/netfilter/nf_sockopt.c:115
       [<00000000942f62d4>] ip_setsockopt net/ipv4/ip_sockglue.c:1258 [inline]
       [<00000000942f62d4>] ip_setsockopt+0x9b/0xb0 net/ipv4/ip_sockglue.c:1238
       [<00000000a56a8ffd>] udp_setsockopt+0x4e/0x90 net/ipv4/udp.c:2616
       [<00000000fa895401>] sock_common_setsockopt+0x38/0x50 net/core/sock.c:3130
       [<0000000095eef4cf>] __sys_setsockopt+0x98/0x120 net/socket.c:2078
       [<000000009747cf88>] __do_sys_setsockopt net/socket.c:2089 [inline]
       [<000000009747cf88>] __se_sys_setsockopt net/socket.c:2086 [inline]
       [<000000009747cf88>] __x64_sys_setsockopt+0x26/0x30 net/socket.c:2086
       [<00000000ded8ba80>] do_syscall_64+0x76/0x1a0 arch/x86/entry/common.c:301
       [<00000000893b4ac8>] entry_SYSCALL_64_after_hwframe+0x44/0xa9
    
    Reported-by: syzbot+7e2e50c8adfccd2e5041@syzkaller.appspotmail.com
    Suggested-by: Eric Biggers <ebiggers@kernel.org>
    Fixes: 998e7a76804b ("ipvs: Use kthread_run() instead of doing a double-fork via kernel_thread()")
    Signed-off-by: Julian Anastasov <ja@ssi.bg>
    Acked-by: Simon Horman <horms@verge.net.au>
    Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
    Signed-off-by: Sasha Levin <sashal@kernel.org>

 include/net/ip_vs.h             |   6 +-
 net/netfilter/ipvs/ip_vs_ctl.c  |   4 --
 net/netfilter/ipvs/ip_vs_sync.c | 134 +++++++++++++++++++++-------------------
 3 files changed, 76 insertions(+), 68 deletions(-)
culprit signature: f60edfc983d3dfdec9cff7108bad6c850e3c80aebdef27b8a2c575ec188dd09a
parent  signature: 68dba8d7fe368693195b833170df63bb2a7aeffa9c0736bba8aca5aa4205247e
revisions tested: 14, total time: 4h34m32.160967353s (build: 2h3m8.126047976s, test: 2h29m26.437314951s)
first good commit: 0f7f0b057417a1ff130ee218a1fcdd3356beeef9 ipvs: fix tinfo memory leak in start_sync_thread
cc: ["horms@verge.net.au" "ja@ssi.bg" "pablo@netfilter.org" "sashal@kernel.org"]