bisecting fixing commit since cf52ad5ff16c38a62a6536b5e7612b56794f5a5e building syzkaller on 0c5d9412d774262384cbdbe9d672b077364ed776 testing commit cf52ad5ff16c38a62a6536b5e7612b56794f5a5e compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 2477ed22fcc189b4045fd1e0ff7bfe882de7215dba32cb5e946c3081fc1cd214 run #0: crashed: WARNING: ODEBUG bug in batadv_nc_mesh_free run #1: crashed: WARNING: ODEBUG bug in batadv_nc_mesh_free run #2: crashed: WARNING: ODEBUG bug in batadv_v_ogm_free run #3: crashed: WARNING: ODEBUG bug in batadv_v_ogm_free run #4: crashed: WARNING: ODEBUG bug in batadv_v_ogm_free run #5: crashed: WARNING: ODEBUG bug in batadv_v_ogm_free run #6: crashed: WARNING: ODEBUG bug in batadv_nc_mesh_free run #7: crashed: WARNING: ODEBUG bug in batadv_nc_mesh_free run #8: crashed: WARNING: ODEBUG bug in batadv_v_ogm_free run #9: crashed: WARNING: ODEBUG bug in batadv_v_ogm_free run #10: crashed: WARNING: ODEBUG bug in batadv_v_ogm_free run #11: crashed: WARNING: ODEBUG bug in batadv_v_ogm_free run #12: crashed: WARNING: ODEBUG bug in batadv_v_ogm_free run #13: crashed: WARNING: ODEBUG bug in batadv_v_ogm_free run #14: crashed: WARNING: ODEBUG bug in batadv_v_ogm_free run #15: crashed: WARNING: ODEBUG bug in batadv_v_ogm_free run #16: crashed: WARNING: ODEBUG bug in batadv_v_ogm_free run #17: crashed: WARNING: ODEBUG bug in batadv_v_ogm_free run #18: crashed: WARNING: ODEBUG bug in batadv_v_ogm_free run #19: crashed: WARNING: ODEBUG bug in batadv_nc_mesh_free testing current HEAD 5d9f4cf36721aba199975a9be7863a3ff5cd4b59 testing commit 5d9f4cf36721aba199975a9be7863a3ff5cd4b59 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 12dc7c954f42372c5e709e6fc3676ca4f7a3c4dc1f44c8cb971d6c2e069f6d44 all runs: OK # git bisect start 5d9f4cf36721aba199975a9be7863a3ff5cd4b59 cf52ad5ff16c38a62a6536b5e7612b56794f5a5e Bisecting: 7053 revisions left to test after this (roughly 13 steps) [6ab1d4839a486727fdd412bd8bab27417388d381] Merge tag 'platform-drivers-x86-v5.16-1' of git://git.kernel.org/pub/scm/linux/kernel/git/pdx86/platform-drivers-x86 testing commit 6ab1d4839a486727fdd412bd8bab27417388d381 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 6acb8e56b4125f70aedf809fdff682e6a36a8303600276d3a2dd284b7d92f565 all runs: OK # git bisect bad 6ab1d4839a486727fdd412bd8bab27417388d381 Bisecting: 4294 revisions left to test after this (roughly 12 steps) [84882cf72cd774cf16fd338bdbf00f69ac9f9194] Revert "net: avoid double accounting for pure zerocopy skbs" testing commit 84882cf72cd774cf16fd338bdbf00f69ac9f9194 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 08e46e47d52cdf2c61f1d8facc12a992a3c4704cbe6ff7828a6e1970734d086b all runs: OK # git bisect bad 84882cf72cd774cf16fd338bdbf00f69ac9f9194 Bisecting: 1453 revisions left to test after this (roughly 11 steps) [c46b38dc8743535e686b911d253a844f0bd50ead] netfilter: nft_payload: support for inner header matching / mangling testing commit c46b38dc8743535e686b911d253a844f0bd50ead compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 3fbd2ac118d70ac0137f085ebfeb807251fe1fc293e47d3f6f5dcffab5300603 run #0: crashed: WARNING: ODEBUG bug in batadv_v_ogm_free run #1: crashed: WARNING: ODEBUG bug in batadv_v_ogm_free run #2: crashed: WARNING: ODEBUG bug in batadv_v_ogm_free run #3: crashed: WARNING: ODEBUG bug in batadv_v_ogm_free run #4: crashed: WARNING: ODEBUG bug in batadv_v_ogm_free run #5: crashed: WARNING: ODEBUG bug in batadv_v_ogm_free run #6: crashed: WARNING: ODEBUG bug in batadv_nc_mesh_free run #7: crashed: WARNING: ODEBUG bug in batadv_v_ogm_free run #8: crashed: WARNING: ODEBUG bug in batadv_nc_mesh_free run #9: crashed: WARNING: ODEBUG bug in batadv_v_ogm_free # git bisect good c46b38dc8743535e686b911d253a844f0bd50ead Bisecting: 726 revisions left to test after this (roughly 10 steps) [5d44f0672319c19a41ff0e0e4f0d64164cf9752b] rtw89: Fix variable dereferenced before check 'sta' testing commit 5d44f0672319c19a41ff0e0e4f0d64164cf9752b compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: d61c884e75db2a17b2737b30add7f64af44addce9d60d5d36e07438b96a4d3c7 all runs: crashed: WARNING in nsim_dev_reload_destroy # git bisect good 5d44f0672319c19a41ff0e0e4f0d64164cf9752b Bisecting: 367 revisions left to test after this (roughly 9 steps) [1b9abade3e75e8ea33302cbba1d7f637399534d2] net: ixgbevf: Remove redundant initialization of variable ret_val testing commit 1b9abade3e75e8ea33302cbba1d7f637399534d2 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 71e5d4e040593d9033b9b9b3a8252e73379c41100565271214f367bbe7d81bbe all runs: OK # git bisect bad 1b9abade3e75e8ea33302cbba1d7f637399534d2 Bisecting: 147 revisions left to test after this (roughly 8 steps) [411a44c24a561e449b592ff631b7ae321f1eb559] Merge tag 'net-5.15-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net testing commit 411a44c24a561e449b592ff631b7ae321f1eb559 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 39e222d34c9e519b0abc50679d8a1ae0e4802e812c41acba3a8a2ec58f61d9a6 all runs: OK # git bisect bad 411a44c24a561e449b592ff631b7ae321f1eb559 Bisecting: 110 revisions left to test after this (roughly 7 steps) [d25f27432f80a800a3592db128254c8140bd71bf] Merge tag 'arm-soc-fixes-5.15-3' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc testing commit d25f27432f80a800a3592db128254c8140bd71bf compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 354baab71e06fb8fd8fced411758be5631b3b4af8999e1a4c8744b550597a9da run #0: crashed: WARNING: ODEBUG bug in batadv_nc_mesh_free run #1: crashed: WARNING: ODEBUG bug in batadv_nc_mesh_free run #2: crashed: WARNING: ODEBUG bug in batadv_v_ogm_free run #3: crashed: WARNING: ODEBUG bug in batadv_v_ogm_free run #4: crashed: WARNING: ODEBUG bug in batadv_nc_mesh_free run #5: crashed: WARNING: ODEBUG bug in batadv_v_ogm_free run #6: crashed: WARNING: ODEBUG bug in batadv_v_ogm_free run #7: crashed: WARNING: ODEBUG bug in batadv_v_ogm_free run #8: crashed: WARNING: ODEBUG bug in batadv_v_ogm_free run #9: crashed: WARNING: ODEBUG bug in batadv_v_ogm_free # git bisect good d25f27432f80a800a3592db128254c8140bd71bf Bisecting: 55 revisions left to test after this (roughly 6 steps) [c7a6e3978ea952efb107ecf511c095c3bbb2945f] net: hns3: expand buffer len for some debugfs command testing commit c7a6e3978ea952efb107ecf511c095c3bbb2945f compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 041ca4afce7470ace158afcbe1b27b657cde42cd74f85b72e5b3aa22c178a0ff run #0: basic kernel testing failed: failed to copy test binary to VM: failed to run ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "/tmp/syz-executor449651669" "root@10.128.10.57:./syz-executor449651669"]: exit status 1 Connection timed out during banner exchange Connection to 10.128.10.57 port 22 timed out lost connection run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect bad c7a6e3978ea952efb107ecf511c095c3bbb2945f Bisecting: 28 revisions left to test after this (roughly 5 steps) [fd1b5beb177a8372cea2a0d014835491e4886f77] ice: check whether PTP is initialized in ice_ptp_release() testing commit fd1b5beb177a8372cea2a0d014835491e4886f77 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 8c0a49896441d4925771faec54a7a872e9ab648a6de31fedfd8256f730c5ee4d run #0: crashed: WARNING: ODEBUG bug in batadv_v_ogm_free run #1: crashed: WARNING: ODEBUG bug in batadv_v_ogm_free run #2: crashed: WARNING: ODEBUG bug in batadv_nc_mesh_free run #3: crashed: WARNING: ODEBUG bug in batadv_v_ogm_free run #4: crashed: WARNING: ODEBUG bug in batadv_v_ogm_free run #5: crashed: WARNING: ODEBUG bug in batadv_v_ogm_free run #6: crashed: WARNING: ODEBUG bug in batadv_nc_mesh_free run #7: crashed: WARNING: ODEBUG bug in batadv_v_ogm_free run #8: crashed: WARNING: ODEBUG bug in batadv_v_ogm_free run #9: crashed: WARNING: ODEBUG bug in batadv_v_ogm_free # git bisect good fd1b5beb177a8372cea2a0d014835491e4886f77 Bisecting: 14 revisions left to test after this (roughly 4 steps) [54713c85f536048e685258f880bf298a74c3620d] bpf: Fix potential race in tail call compatibility check testing commit 54713c85f536048e685258f880bf298a74c3620d compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: a1f46c2150c587c10cfa19fff16c8a9d8e248f948874d813a2bf59273e60c254 run #0: crashed: WARNING: ODEBUG bug in batadv_v_ogm_free run #1: crashed: WARNING: ODEBUG bug in batadv_nc_mesh_free run #2: crashed: WARNING: ODEBUG bug in batadv_nc_mesh_free run #3: crashed: WARNING: ODEBUG bug in batadv_v_ogm_free run #4: crashed: WARNING: ODEBUG bug in batadv_v_ogm_free run #5: crashed: WARNING: ODEBUG bug in batadv_v_ogm_free run #6: crashed: WARNING: ODEBUG bug in batadv_v_ogm_free run #7: crashed: WARNING: ODEBUG bug in batadv_nc_mesh_free run #8: crashed: WARNING: ODEBUG bug in batadv_v_ogm_free run #9: crashed: WARNING: ODEBUG bug in batadv_v_ogm_free # git bisect good 54713c85f536048e685258f880bf298a74c3620d Bisecting: 7 revisions left to test after this (roughly 3 steps) [db6c3c064f5d55fa9969f33eafca3cdbefbb3541] net: lan78xx: fix division by zero in send path testing commit db6c3c064f5d55fa9969f33eafca3cdbefbb3541 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: ec8d58e8fdf3faef2b948f0c81ba71086f59470548eefb2431a12991c9dc5a0c all runs: OK # git bisect bad db6c3c064f5d55fa9969f33eafca3cdbefbb3541 Bisecting: 3 revisions left to test after this (roughly 2 steps) [eacd68b7ceaa82a5d15a286f727000cef898c0b0] Merge branch '100GbE' of git://git.kernel.org/pub/scm/linux/kernel/git/tnguy/net-queue testing commit eacd68b7ceaa82a5d15a286f727000cef898c0b0 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 1533b26d2625da02d913d1b27d049d191e696d9aec932c39b331876bb3e8a0f1 run #0: crashed: WARNING: ODEBUG bug in batadv_v_ogm_free run #1: crashed: WARNING: ODEBUG bug in batadv_v_ogm_free run #2: crashed: WARNING: ODEBUG bug in batadv_nc_mesh_free run #3: crashed: WARNING: ODEBUG bug in batadv_v_ogm_free run #4: crashed: WARNING: ODEBUG bug in batadv_v_ogm_free run #5: crashed: WARNING: ODEBUG bug in batadv_v_ogm_free run #6: crashed: WARNING: ODEBUG bug in batadv_v_ogm_free run #7: crashed: WARNING: ODEBUG bug in batadv_v_ogm_free run #8: crashed: WARNING: ODEBUG bug in batadv_v_ogm_free run #9: crashed: WARNING: ODEBUG bug in batadv_v_ogm_free # git bisect good eacd68b7ceaa82a5d15a286f727000cef898c0b0 Bisecting: 1 revision left to test after this (roughly 1 step) [fa40d9734a57bcbfa79a280189799f76c88f7bb0] tipc: fix size validations for the MSG_CRYPTO type testing commit fa40d9734a57bcbfa79a280189799f76c88f7bb0 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 8d29431275eec4dd56ca648523619fdfd0c36c157a28b0b6fce903314f0b3658 run #0: crashed: WARNING: ODEBUG bug in batadv_v_ogm_free run #1: crashed: WARNING: ODEBUG bug in batadv_nc_mesh_free run #2: crashed: WARNING: ODEBUG bug in batadv_v_ogm_free run #3: crashed: WARNING: ODEBUG bug in batadv_v_ogm_free run #4: crashed: WARNING: ODEBUG bug in batadv_v_ogm_free run #5: crashed: WARNING: ODEBUG bug in batadv_v_ogm_free run #6: crashed: WARNING: ODEBUG bug in batadv_v_ogm_free run #7: crashed: WARNING: ODEBUG bug in batadv_nc_mesh_free run #8: crashed: WARNING: ODEBUG bug in batadv_v_ogm_free run #9: crashed: WARNING: ODEBUG bug in batadv_v_ogm_free # git bisect good fa40d9734a57bcbfa79a280189799f76c88f7bb0 Bisecting: 0 revisions left to test after this (roughly 0 steps) [6f68cd634856f8ca93bafd623ba5357e0f648c68] net: batman-adv: fix error handling testing commit 6f68cd634856f8ca93bafd623ba5357e0f648c68 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: e0435f0eb296eb905c034c598458334143d7495e9271f2fc670ed8df17acb384 all runs: OK # git bisect bad 6f68cd634856f8ca93bafd623ba5357e0f648c68 6f68cd634856f8ca93bafd623ba5357e0f648c68 is the first bad commit commit 6f68cd634856f8ca93bafd623ba5357e0f648c68 Author: Pavel Skripkin Date: Sun Oct 24 16:13:56 2021 +0300 net: batman-adv: fix error handling Syzbot reported ODEBUG warning in batadv_nc_mesh_free(). The problem was in wrong error handling in batadv_mesh_init(). Before this patch batadv_mesh_init() was calling batadv_mesh_free() in case of any batadv_*_init() calls failure. This approach may work well, when there is some kind of indicator, which can tell which parts of batadv are initialized; but there isn't any. All written above lead to cleaning up uninitialized fields. Even if we hide ODEBUG warning by initializing bat_priv->nc.work, syzbot was able to hit GPF in batadv_nc_purge_paths(), because hash pointer in still NULL. [1] To fix these bugs we can unwind batadv_*_init() calls one by one. It is good approach for 2 reasons: 1) It fixes bugs on error handling path 2) It improves the performance, since we won't call unneeded batadv_*_free() functions. So, this patch makes all batadv_*_init() clean up all allocated memory before returning with an error to no call correspoing batadv_*_free() and open-codes batadv_mesh_free() with proper order to avoid touching uninitialized fields. Link: https://lore.kernel.org/netdev/000000000000c87fbd05cef6bcb0@google.com/ [1] Reported-and-tested-by: syzbot+28b0702ada0bf7381f58@syzkaller.appspotmail.com Fixes: c6c8fea29769 ("net: Add batman-adv meshing protocol") Signed-off-by: Pavel Skripkin Acked-by: Sven Eckelmann Signed-off-by: David S. Miller net/batman-adv/bridge_loop_avoidance.c | 8 +++-- net/batman-adv/main.c | 56 ++++++++++++++++++++++++---------- net/batman-adv/network-coding.c | 4 ++- net/batman-adv/translation-table.c | 4 ++- 4 files changed, 52 insertions(+), 20 deletions(-) culprit signature: e0435f0eb296eb905c034c598458334143d7495e9271f2fc670ed8df17acb384 parent signature: 8d29431275eec4dd56ca648523619fdfd0c36c157a28b0b6fce903314f0b3658 revisions tested: 16, total time: 3h48m6.581766655s (build: 1h47m23.869982122s, test: 1h58m56.738672932s) first good commit: 6f68cd634856f8ca93bafd623ba5357e0f648c68 net: batman-adv: fix error handling recipients (to): ["davem@davemloft.net" "paskripkin@gmail.com" "sven@narfation.org" "syzbot+28b0702ada0bf7381f58@syzkaller.appspotmail.com"] recipients (cc): []