bisecting cause commit starting from a9c9a6f741cdaa2fa9ba24a790db8d07295761e3 building syzkaller on f62a58290e2f1200a2b21f2707a9ff0394a2a724 testing commit a9c9a6f741cdaa2fa9ba24a790db8d07295761e3 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: b09044881bc018e89969e71baeab2135d4b50a88a316fa52505ef93bfab21244 all runs: crashed: WARNING: kmalloc bug in hash_netport_create testing release v5.14 testing commit 7d2a07b769330c34b4deabeed939325c77a7ec2f compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: 42ab57fc9434604be7336d8d442f9783c66c96a21b1e995b8854978c9dcd9fa5 all runs: OK # git bisect start a9c9a6f741cdaa2fa9ba24a790db8d07295761e3 7d2a07b769330c34b4deabeed939325c77a7ec2f Bisecting: 4220 revisions left to test after this (roughly 12 steps) [ebf435d3b51b22340ef047aad0c2936ec4833ab2] Merge tag 'staging-5.15-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging testing commit ebf435d3b51b22340ef047aad0c2936ec4833ab2 arch/x86/kernel/setup.c:916:6: error: implicit declaration of function 'acpi_mps_check' [-Werror=implicit-function-declaration] arch/x86/kernel/setup.c:1110:2: error: implicit declaration of function 'acpi_table_upgrade' [-Werror=implicit-function-declaration] arch/x86/kernel/setup.c:1112:2: error: implicit declaration of function 'acpi_boot_table_init' [-Werror=implicit-function-declaration] arch/x86/kernel/setup.c:1120:2: error: implicit declaration of function 'early_acpi_boot_init'; did you mean 'early_cpu_init'? [-Werror=implicit-function-declaration] arch/x86/kernel/setup.c:1162:2: error: implicit declaration of function 'acpi_boot_init' [-Werror=implicit-function-declaration] # git bisect skip ebf435d3b51b22340ef047aad0c2936ec4833ab2 Bisecting: 4220 revisions left to test after this (roughly 12 steps) [afb08b7e220ef7278ffceb4f9e201c2a904e18a9] net: ipa: move IPA flags field testing commit afb08b7e220ef7278ffceb4f9e201c2a904e18a9 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: fb7b63ffccea52a919295efe09137bbda1dd02b3a50e026ae9da6ce2a45aa51c all runs: OK # git bisect good afb08b7e220ef7278ffceb4f9e201c2a904e18a9 Bisecting: 3980 revisions left to test after this (roughly 12 steps) [07281a257a6868b900da5de1eda808c9e20253f1] Merge tag 'usb-5.15-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb testing commit 07281a257a6868b900da5de1eda808c9e20253f1 arch/x86/kernel/setup.c:916:6: error: implicit declaration of function 'acpi_mps_check' [-Werror=implicit-function-declaration] arch/x86/kernel/setup.c:1110:2: error: implicit declaration of function 'acpi_table_upgrade' [-Werror=implicit-function-declaration] arch/x86/kernel/setup.c:1112:2: error: implicit declaration of function 'acpi_boot_table_init' [-Werror=implicit-function-declaration] arch/x86/kernel/setup.c:1120:2: error: implicit declaration of function 'early_acpi_boot_init'; did you mean 'early_cpu_init'? [-Werror=implicit-function-declaration] arch/x86/kernel/setup.c:1162:2: error: implicit declaration of function 'acpi_boot_init' [-Werror=implicit-function-declaration] # git bisect skip 07281a257a6868b900da5de1eda808c9e20253f1 Bisecting: 3980 revisions left to test after this (roughly 12 steps) [8d7e5908c0bcf8a0abc437385e58e49abab11a93] mailbox: qcom-ipcc: Enable loading QCOM_IPCC as a module testing commit 8d7e5908c0bcf8a0abc437385e58e49abab11a93 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: d2840f49ee4cc95635d1162c6cf180ed069d23e92a6b657e2532275d98dc5cf8 all runs: OK # git bisect good 8d7e5908c0bcf8a0abc437385e58e49abab11a93 Bisecting: 3978 revisions left to test after this (roughly 12 steps) [e6e7471706dc42cbe0e01278540c0730138d43e5] bvec: add a bvec_kmap_local helper testing commit e6e7471706dc42cbe0e01278540c0730138d43e5 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: 9e77e5be7c50f8f039583aaec16363124285c740fa15b3188e9edaabcb755268 all runs: OK # git bisect good e6e7471706dc42cbe0e01278540c0730138d43e5 Bisecting: 3978 revisions left to test after this (roughly 12 steps) [8c945d32e60427cbc0859cf7045bbe6196bb03d8] btrfs: compression: drop kmap/kunmap from lzo testing commit 8c945d32e60427cbc0859cf7045bbe6196bb03d8 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: c617c004b804c93a85d22a05c7db36a98e50ad491e87fe0471b8c1cc82d56daa all runs: OK # git bisect good 8c945d32e60427cbc0859cf7045bbe6196bb03d8 Bisecting: 3978 revisions left to test after this (roughly 12 steps) [5b16a790f18d234187f31eab0a222bd53cb12b9e] phy: cadence-torrent: Reorder few functions to remove function declarations testing commit 5b16a790f18d234187f31eab0a222bd53cb12b9e compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: 646ee580377e59456ed0a62f3b17d816461eb0b094bb9a609a7b0e41d353d14b run #0: basic kernel testing failed: BUG: sleeping function called from invalid context in stack_depot_save run #1: basic kernel testing failed: possible deadlock in fs_reclaim_acquire run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect good 5b16a790f18d234187f31eab0a222bd53cb12b9e Bisecting: 3978 revisions left to test after this (roughly 12 steps) [eb5a4422e448a8200ddaafef0cc16db3f45ec1f8] leds: max77693: Move driver to flash subdirectory testing commit eb5a4422e448a8200ddaafef0cc16db3f45ec1f8 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: 646ee580377e59456ed0a62f3b17d816461eb0b094bb9a609a7b0e41d353d14b run #0: basic kernel testing failed: possible deadlock in fs_reclaim_acquire run #1: basic kernel testing failed: possible deadlock in fs_reclaim_acquire run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect good eb5a4422e448a8200ddaafef0cc16db3f45ec1f8 Bisecting: 3978 revisions left to test after this (roughly 12 steps) [d40dfb860ad72a32b9c2aeae739a2725f8ce011a] ASoC: sh: rz-ssi: Fix dereference of noderef expression warning testing commit d40dfb860ad72a32b9c2aeae739a2725f8ce011a compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: 646ee580377e59456ed0a62f3b17d816461eb0b094bb9a609a7b0e41d353d14b all runs: OK # git bisect good d40dfb860ad72a32b9c2aeae739a2725f8ce011a Bisecting: 3958 revisions left to test after this (roughly 12 steps) [7c314bdfb64e4bb8d2f829376ed56ce663483752] Merge tag 'tty-5.15-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty testing commit 7c314bdfb64e4bb8d2f829376ed56ce663483752 arch/x86/kernel/setup.c:916:6: error: implicit declaration of function 'acpi_mps_check' [-Werror=implicit-function-declaration] arch/x86/kernel/setup.c:1110:2: error: implicit declaration of function 'acpi_table_upgrade' [-Werror=implicit-function-declaration] arch/x86/kernel/setup.c:1112:2: error: implicit declaration of function 'acpi_boot_table_init' [-Werror=implicit-function-declaration] arch/x86/kernel/setup.c:1120:2: error: implicit declaration of function 'early_acpi_boot_init'; did you mean 'early_cpu_init'? [-Werror=implicit-function-declaration] arch/x86/kernel/setup.c:1162:2: error: implicit declaration of function 'acpi_boot_init' [-Werror=implicit-function-declaration] # git bisect skip 7c314bdfb64e4bb8d2f829376ed56ce663483752 Bisecting: 3958 revisions left to test after this (roughly 12 steps) [884a76881fc5f5c9c04de1b640bed2c340929842] fscache: Procfile to display cookies testing commit 884a76881fc5f5c9c04de1b640bed2c340929842 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: f132f300561a5de08c9f16df42fb68c9b7291778624c10b7f5f2fa2e1edd5731 run #0: basic kernel testing failed: BUG: sleeping function called from invalid context in stack_depot_save run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect good 884a76881fc5f5c9c04de1b640bed2c340929842 Bisecting: 3953 revisions left to test after this (roughly 12 steps) [1e1d9d6f119c55c05e8ea78ed3e49046690abffd] mptcp: handle pending data on closed subflow testing commit 1e1d9d6f119c55c05e8ea78ed3e49046690abffd compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: 568610e34ffeaaf1797f67e7a8c4edc546fdea2b0170db306c6df54fa73ed686 all runs: OK # git bisect good 1e1d9d6f119c55c05e8ea78ed3e49046690abffd Bisecting: 3797 revisions left to test after this (roughly 12 steps) [ea7b4244b3656ca33b19a950f092b5bbc718b40c] x86/setup: Explicitly include acpi.h testing commit ea7b4244b3656ca33b19a950f092b5bbc718b40c compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: 0a4c2d65924637e089e2d480a59a4638b1bffa0a6200673fe1868e73ec1db25f all runs: OK # git bisect good ea7b4244b3656ca33b19a950f092b5bbc718b40c Bisecting: 1884 revisions left to test after this (roughly 11 steps) [57c78a234e809e3a0516491e37ae5ccc6eeb21e8] Merge tag 'arm64-upstream' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux testing commit 57c78a234e809e3a0516491e37ae5ccc6eeb21e8 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: f56c7dd820b26667cba4061bc8b1b97222ac2371d3e32af865253f531774b46b run #0: basic kernel testing failed: KFENCE: use-after-free in kvm_fastop_exception run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect good 57c78a234e809e3a0516491e37ae5ccc6eeb21e8 Bisecting: 941 revisions left to test after this (roughly 10 steps) [75ae663d053bddf7c70a24cccf53c83ae03deff8] iwlwifi: mvm: add rtnl_lock() in iwl_mvm_start_get_nvm() testing commit 75ae663d053bddf7c70a24cccf53c83ae03deff8 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: edcbec805ef6e8da766291ec0bdf372d68ccb3d7f4771f6ad0eb33a017d72cbe all runs: OK # git bisect good 75ae663d053bddf7c70a24cccf53c83ae03deff8 Bisecting: 489 revisions left to test after this (roughly 9 steps) [75d6e7d9ced83e937757e278c3ce1ccd6606a96a] Merge tag 'clk-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/clk/linux testing commit 75d6e7d9ced83e937757e278c3ce1ccd6606a96a compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: 3c28912b3293dca55c70e01de44f13606bdd66fa1689817973c89857e30da4d7 run #0: basic kernel testing failed: KFENCE: use-after-free in kvm_fastop_exception run #1: crashed: WARNING: kmalloc bug in hash_netport_create run #2: crashed: WARNING: kmalloc bug in hash_netport_create run #3: crashed: WARNING: kmalloc bug in hash_netport_create run #4: crashed: WARNING: kmalloc bug in hash_netport_create run #5: crashed: WARNING: kmalloc bug in hash_netport_create run #6: crashed: WARNING: kmalloc bug in hash_netport_create run #7: crashed: WARNING: kmalloc bug in hash_netport_create run #8: crashed: WARNING: kmalloc bug in hash_netport_create run #9: crashed: WARNING: kmalloc bug in hash_netport_create # git bisect bad 75d6e7d9ced83e937757e278c3ce1ccd6606a96a Bisecting: 220 revisions left to test after this (roughly 8 steps) [89b6b8cd92c068cd1bdf877ec7fb1392568ef35d] Merge tag 'vfio-v5.15-rc1' of git://github.com/awilliam/linux-vfio testing commit 89b6b8cd92c068cd1bdf877ec7fb1392568ef35d compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: 21a9e231a73c8a89edc12d0c5dbef40c8dbcf4c96a43c4b7c5905507b7d59fa4 run #0: basic kernel testing failed: KFENCE: use-after-free in kvm_fastop_exception run #1: crashed: WARNING: kmalloc bug in hash_netport_create run #2: crashed: WARNING: kmalloc bug in hash_netport_create run #3: crashed: WARNING: kmalloc bug in hash_netport_create run #4: crashed: WARNING: kmalloc bug in hash_netport_create run #5: crashed: WARNING: kmalloc bug in hash_netport_create run #6: crashed: WARNING: kmalloc bug in hash_netport_create run #7: crashed: WARNING: kmalloc bug in hash_netport_create run #8: crashed: WARNING: kmalloc bug in hash_netport_create run #9: crashed: WARNING: kmalloc bug in hash_netport_create # git bisect bad 89b6b8cd92c068cd1bdf877ec7fb1392568ef35d Bisecting: 116 revisions left to test after this (roughly 7 steps) [4a3bb4200a5958d76cc26ebe4db4257efa56812b] Merge tag 'dma-mapping-5.15' of git://git.infradead.org/users/hch/dma-mapping testing commit 4a3bb4200a5958d76cc26ebe4db4257efa56812b compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: baaec4e714f538f7bdb48ad2ba898485f9b61872dc144e37b54e00af57ff9a37 run #0: basic kernel testing failed: KFENCE: use-after-free in kvm_fastop_exception run #1: crashed: WARNING: kmalloc bug in hash_netport_create run #2: crashed: WARNING: kmalloc bug in hash_netport_create run #3: crashed: WARNING: kmalloc bug in hash_netport_create run #4: crashed: WARNING: kmalloc bug in hash_netport_create run #5: crashed: WARNING: kmalloc bug in hash_netport_create run #6: crashed: WARNING: kmalloc bug in hash_netport_create run #7: crashed: WARNING: kmalloc bug in hash_netport_create run #8: crashed: WARNING: kmalloc bug in hash_netport_create run #9: crashed: WARNING: kmalloc bug in hash_netport_create # git bisect bad 4a3bb4200a5958d76cc26ebe4db4257efa56812b Bisecting: 54 revisions left to test after this (roughly 6 steps) [111c1aa8cad4a0069dfe98fc093507b5b2cdfda7] Merge tag 'ext4_for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4 testing commit 111c1aa8cad4a0069dfe98fc093507b5b2cdfda7 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: e0aa7ed45d85e19051d2cd214cfcee17b9d87427c8ac9a19dfb1a282b8fecba7 all runs: OK # git bisect good 111c1aa8cad4a0069dfe98fc093507b5b2cdfda7 Bisecting: 27 revisions left to test after this (roughly 5 steps) [70d6aa0ecfed253a2b14659a6c77359af6d9b3ee] dma-mapping: allow using the global coherent pool for !ARM testing commit 70d6aa0ecfed253a2b14659a6c77359af6d9b3ee compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: eb3c98bb8b76aa2dd447bebff14384fb07ac4d03486543d1b0212a3996ee127b all runs: OK # git bisect good 70d6aa0ecfed253a2b14659a6c77359af6d9b3ee Bisecting: 13 revisions left to test after this (roughly 4 steps) [aee742c9928ab4f5f4e0b00f41fb2d2cffae179e] fs: dlm: fix return -EINTR on recovery stopped testing commit aee742c9928ab4f5f4e0b00f41fb2d2cffae179e compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: 872b3cc117e8d7b7d9dc9371b25da9f9332d004d33836adb68df36ae253000e4 all runs: OK # git bisect good aee742c9928ab4f5f4e0b00f41fb2d2cffae179e Bisecting: 4 revisions left to test after this (roughly 3 steps) [eceae1e7acaefc0a71e4dd4b8cd49270172b4731] Merge tag 'configfs-5.15' of git://git.infradead.org/users/hch/configfs testing commit eceae1e7acaefc0a71e4dd4b8cd49270172b4731 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: d616cd8dbda80adb4312e6dcd7f4897a61e1778a363837bcafd7253b934aea8d run #0: crashed: KFENCE: use-after-free in kvm_fastop_exception run #1: crashed: WARNING: kmalloc bug in hash_netport_create run #2: crashed: WARNING: kmalloc bug in hash_netport_create run #3: crashed: WARNING: kmalloc bug in hash_netport_create run #4: crashed: WARNING: kmalloc bug in hash_netport_create run #5: crashed: WARNING: kmalloc bug in hash_netport_create run #6: crashed: WARNING: kmalloc bug in hash_netport_create run #7: crashed: WARNING: kmalloc bug in hash_netport_create run #8: crashed: WARNING: kmalloc bug in hash_netport_create run #9: crashed: WARNING: kmalloc bug in hash_netport_create # git bisect bad eceae1e7acaefc0a71e4dd4b8cd49270172b4731 Bisecting: 4 revisions left to test after this (roughly 2 steps) [265113f70f3d63ae8b6eb1ce4303d14dbbd71b2d] Merge tag 'dlm-5.15' of git://git.kernel.org/pub/scm/linux/kernel/git/teigland/linux-dlm testing commit 265113f70f3d63ae8b6eb1ce4303d14dbbd71b2d compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: 2031db77c15d8701ebdf90cbf4bca8c31c64d3815f94b7da648515a768d6b436 all runs: crashed: WARNING: kmalloc bug in hash_netport_create # git bisect bad 265113f70f3d63ae8b6eb1ce4303d14dbbd71b2d Bisecting: 1 revision left to test after this (roughly 1 step) [b0cfcdd9b9672ea90642f33d6c0dd8516553adf2] d_path: make 'prepend()' fill up the buffer exactly on overflow testing commit b0cfcdd9b9672ea90642f33d6c0dd8516553adf2 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: b1646c9c90875b8979ce52d885f659d52152b09787f8305a2062dcdf9b1ff4e0 run #0: crashed: WARNING: kmalloc bug in hash_netport_create run #1: crashed: WARNING: kmalloc bug in hash_netport_create run #2: crashed: WARNING: kmalloc bug in hash_netport_create run #3: crashed: WARNING: kmalloc bug in hash_netport_create run #4: crashed: WARNING: kmalloc bug in hash_netport_create run #5: crashed: WARNING: kmalloc bug in hash_netport_create run #6: crashed: WARNING: kmalloc bug in hash_netport_create run #7: crashed: WARNING: kmalloc bug in hash_netport_create run #8: basic kernel testing failed: failed to copy test binary to VM: timedout ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "/syzkaller/jobs/linux/gopath/src/github.com/google/syzkaller/bin/linux_amd64/syz-executor" "root@10.128.0.89:./syz-executor"] Warning: Permanently added '10.128.0.89' (ECDSA) to the list of known hosts. run #9: basic kernel testing failed: failed to copy test binary to VM: timedout ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "/syzkaller/jobs/linux/gopath/src/github.com/google/syzkaller/bin/linux_amd64/syz-fuzzer" "root@10.128.1.5:./syz-fuzzer"] Warning: Permanently added '10.128.1.5' (ECDSA) to the list of known hosts. # git bisect bad b0cfcdd9b9672ea90642f33d6c0dd8516553adf2 Bisecting: 0 revisions left to test after this (roughly 0 steps) [7661809d493b426e979f39ab512e3adf41fbcc69] mm: don't allow oversized kvmalloc() calls testing commit 7661809d493b426e979f39ab512e3adf41fbcc69 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: 2656fe371266ee140c25bc2f1f40c3db725b6b11c5e41461e212592c4b2e4c77 run #0: crashed: WARNING: kmalloc bug in hash_netport_create run #1: crashed: WARNING: kmalloc bug in hash_netport_create run #2: crashed: WARNING: kmalloc bug in hash_netport_create run #3: crashed: WARNING: kmalloc bug in hash_netport_create run #4: crashed: WARNING: kmalloc bug in hash_netport_create run #5: crashed: WARNING: kmalloc bug in hash_netport_create run #6: crashed: WARNING: kmalloc bug in hash_netport_create run #7: crashed: WARNING: kmalloc bug in hash_netport_create run #8: crashed: WARNING: kmalloc bug in hash_netport_create run #9: basic kernel testing failed: failed to copy test binary to VM: timedout ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "/syzkaller/jobs/linux/gopath/src/github.com/google/syzkaller/bin/linux_amd64/syz-executor" "root@10.128.1.116:./syz-executor"] Warning: Permanently added '10.128.1.116' (ECDSA) to the list of known hosts. # git bisect bad 7661809d493b426e979f39ab512e3adf41fbcc69 7661809d493b426e979f39ab512e3adf41fbcc69 is the first bad commit commit 7661809d493b426e979f39ab512e3adf41fbcc69 Author: Linus Torvalds Date: Wed Jul 14 09:45:49 2021 -0700 mm: don't allow oversized kvmalloc() calls 'kvmalloc()' is a convenience function for people who want to do a kmalloc() but fall back on vmalloc() if there aren't enough physically contiguous pages, or if the allocation is larger than what kmalloc() supports. However, let's make sure it doesn't get _too_ easy to do crazy things with it. In particular, don't allow big allocations that could be due to integer overflow or underflow. So make sure the allocation size fits in an 'int', to protect against trivial integer conversion issues. Acked-by: Willy Tarreau Cc: Kees Cook Signed-off-by: Linus Torvalds mm/util.c | 4 ++++ 1 file changed, 4 insertions(+) culprit signature: 2656fe371266ee140c25bc2f1f40c3db725b6b11c5e41461e212592c4b2e4c77 parent signature: e0aa7ed45d85e19051d2cd214cfcee17b9d87427c8ac9a19dfb1a282b8fecba7 revisions tested: 24, total time: 5h57m12.165386675s (build: 3h3m31.344663454s, test: 2h51m11.15702558s) first bad commit: 7661809d493b426e979f39ab512e3adf41fbcc69 mm: don't allow oversized kvmalloc() calls recipients (to): ["akpm@linux-foundation.org" "linux-mm@kvack.org" "torvalds@linux-foundation.org" "w@1wt.eu"] recipients (cc): ["linux-kernel@vger.kernel.org"] crash: WARNING: kmalloc bug in hash_netport_create ------------[ cut here ]------------ WARNING: CPU: 0 PID: 10956 at mm/util.c:597 kvmalloc_node+0x7b/0x90 mm/util.c:600 Modules linked in: CPU: 0 PID: 10956 Comm: syz-executor.1 Not tainted 5.14.0-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:kvmalloc_node+0x7b/0x90 mm/util.c:597 Code: 2b 48 8b 3c 24 8b 54 24 0c 48 81 ff ff ff ff 7f 77 18 4c 8b 44 24 18 48 83 c4 10 89 d1 89 ea 5d be 01 00 00 00 e9 15 02 0b 00 <0f> 0b 48 83 c4 10 5d c3 66 66 2e 0f 1f 84 00 00 00 00 00 66 90 55 RSP: 0018:ffffc9000c91f0f0 EFLAGS: 00010212 RAX: 0000000000000000 RBX: ffffc9000c91f1f0 RCX: 000000000000001f RDX: 00000000ffffffff RSI: 0000000000412dc0 RDI: 0000000400000018 RBP: 0000000000400dc0 R08: 0000000000000dc0 R09: 0000000000000000 R10: fffffbfff1688a84 R11: 000000000007a089 R12: 000000000000001f R13: ffff888017dff000 R14: 000000000000001f R15: ffff888022349a00 FS: 00007f51a0a48700(0000) GS:ffff8880b9f00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000970004 CR3: 000000004d26c000 CR4: 00000000001506e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: hash_netport_create+0x2fc/0xf30 net/netfilter/ipset/ip_set_hash_gen.h:1524 ip_set_create+0x697/0x11a0 net/netfilter/ipset/ip_set_core.c:1100 nfnetlink_rcv_msg+0x928/0xf80 net/netfilter/nfnetlink.c:296 netlink_rcv_skb+0x118/0x370 net/netlink/af_netlink.c:2504 nfnetlink_rcv+0x143/0x340 net/netfilter/nfnetlink.c:654 netlink_unicast_kernel net/netlink/af_netlink.c:1314 [inline] netlink_unicast+0x42e/0x700 net/netlink/af_netlink.c:1340 netlink_sendmsg+0x704/0xbf0 net/netlink/af_netlink.c:1929 sock_sendmsg_nosec net/socket.c:704 [inline] sock_sendmsg+0xab/0xe0 net/socket.c:724 sock_no_sendpage+0xe7/0x120 net/core/sock.c:2980 kernel_sendpage.part.0+0x11e/0x240 net/socket.c:3504 kernel_sendpage net/socket.c:3501 [inline] sock_sendpage+0xc7/0x1a0 net/socket.c:1003 pipe_to_sendpage+0x245/0x410 fs/splice.c:364 splice_from_pipe_feed fs/splice.c:418 [inline] __splice_from_pipe+0x362/0x810 fs/splice.c:562 splice_from_pipe fs/splice.c:597 [inline] generic_splice_sendpage+0xba/0x120 fs/splice.c:746 do_splice_from fs/splice.c:767 [inline] do_splice+0x9ef/0x1b30 fs/splice.c:1079 __do_splice+0xf4/0x1b0 fs/splice.c:1144 __do_sys_splice fs/splice.c:1350 [inline] __se_sys_splice fs/splice.c:1332 [inline] __x64_sys_splice+0x14a/0x200 fs/splice.c:1332 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x4665f9 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f51a0a48188 EFLAGS: 00000246 ORIG_RAX: 0000000000000113 RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9 RDX: 0000000000000004 RSI: 0000000000000000 RDI: 0000000000000003 RBP: 00000000004bfcc4 R08: 0000000100000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf80 R13: 00007ffe54880d5f R14: 00007f51a0a48300 R15: 0000000000022000