ci starts bisection 2023-01-24 18:46:05.93574369 +0000 UTC m=+171279.881805751 bisecting fixing commit since b229b6ca5abbd63ff40c1396095b1b36b18139c3 building syzkaller on 08977f5d5e344fa0ac0b80af0b72fc3f1468d6a5 ensuring issue is reproducible on original commit b229b6ca5abbd63ff40c1396095b1b36b18139c3 testing commit b229b6ca5abbd63ff40c1396095b1b36b18139c3 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: ecb6b7e6b90125b60c968e70fecf0f18dcdf07e5d1df9a7c06364d4e70fa23c1 run #0: crashed: KASAN: use-after-free Read in mas_next_nentry run #1: crashed: KASAN: use-after-free Read in mas_next_nentry run #2: crashed: KASAN: use-after-free Read in mas_next_nentry run #3: crashed: KASAN: use-after-free Read in mas_next_nentry run #4: crashed: KASAN: use-after-free Read in mas_next_nentry run #5: crashed: KASAN: use-after-free Read in mas_next_nentry run #6: crashed: KASAN: use-after-free Read in mas_next_nentry run #7: crashed: KASAN: use-after-free Read in mas_next_nentry run #8: crashed: KASAN: use-after-free Read in mas_next_nentry run #9: crashed: KASAN: use-after-free Read in mas_next_nentry run #10: crashed: KASAN: use-after-free Read in mas_next_nentry run #11: crashed: KASAN: use-after-free Read in mas_next_nentry run #12: crashed: KASAN: use-after-free Read in mas_next_nentry run #13: crashed: KASAN: use-after-free Read in mas_next_nentry run #14: crashed: KASAN: use-after-free Read in mas_next_nentry run #15: crashed: KASAN: use-after-free Read in mas_next_nentry run #16: crashed: KASAN: use-after-free Read in mas_next_nentry run #17: crashed: KASAN: use-after-free Read in mas_next_nentry run #18: crashed: KASAN: use-after-free Read in mas_next_nentry run #19: crashed: SYZFATAL: executor failed NUM times: executor NUM: exit status NUM testing current HEAD 948ef7bb70c4acaf74d87420ea3a1190862d4548 testing commit 948ef7bb70c4acaf74d87420ea3a1190862d4548 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: e91df2d4eb264d30fa1f84758f4414e346e213c33f9afe8b4dbe090704b9dc26 all runs: OK # git bisect start 948ef7bb70c4acaf74d87420ea3a1190862d4548 b229b6ca5abbd63ff40c1396095b1b36b18139c3 Bisecting: 9107 revisions left to test after this (roughly 13 steps) [86a0b4255e84563739d137ad374af6c7215bb3ff] Merge tag 'input-for-v6.2-rc0' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input testing commit 86a0b4255e84563739d137ad374af6c7215bb3ff gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 3f242db39bcc66a2b0c66da207f67b83f8e1c3c9cc7c68231c0043927a67a22b all runs: OK # git bisect bad 86a0b4255e84563739d137ad374af6c7215bb3ff Bisecting: 4539 revisions left to test after this (roughly 12 steps) [40deb5e41ac783d49371940581db2ae108a754d1] Merge tag 'x86_fpu_for_6.2' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip testing commit 40deb5e41ac783d49371940581db2ae108a754d1 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 3e97af274963238fd9b0fb031fd1704cf0afd4a04220e936716556b5e3e45c44 all runs: OK # git bisect bad 40deb5e41ac783d49371940581db2ae108a754d1 Bisecting: 2289 revisions left to test after this (roughly 11 steps) [830b3c68c1fb1e9176028d02ef86f3cf76aa2476] Linux 6.1 testing commit 830b3c68c1fb1e9176028d02ef86f3cf76aa2476 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 586fb012ac400da96a3f77398e4e97504427f2237b549fe76d72edca05097c1c all runs: OK # git bisect bad 830b3c68c1fb1e9176028d02ef86f3cf76aa2476 Bisecting: 1119 revisions left to test after this (roughly 10 steps) [af7a056891899fd3942afec79fb219f58271e319] Merge tag 'mips-fixes_6.1_1' of git://git.kernel.org/pub/scm/linux/kernel/git/mips/linux testing commit af7a056891899fd3942afec79fb219f58271e319 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 6fd576ac44cc8b32564a7bc1256c56731d4a5713afeab61e6250b4633cef584b all runs: OK # git bisect bad af7a056891899fd3942afec79fb219f58271e319 Bisecting: 560 revisions left to test after this (roughly 9 steps) [6d81ea3765dfa6c8a20822613c81edad1c4a16a0] bnxt_en: Fix possible crash in bnxt_hwrm_set_coal() testing commit 6d81ea3765dfa6c8a20822613c81edad1c4a16a0 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 0bd6f4481b6bde80896d271eaececfbe95f6cea21eddc6f02bf27352ead0442d all runs: crashed: KASAN: use-after-free Read in mas_next_nentry # git bisect good 6d81ea3765dfa6c8a20822613c81edad1c4a16a0 Bisecting: 287 revisions left to test after this (roughly 8 steps) [1767a722a708f1fa3b9af39eb091d79101f8c086] Merge tag 'for-6.1-rc4-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux testing commit 1767a722a708f1fa3b9af39eb091d79101f8c086 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: c0545a4769aa594977c8ad1ad0c80655aa819e9c2025337d06c9d4c3c0c9a8d3 all runs: OK # git bisect bad 1767a722a708f1fa3b9af39eb091d79101f8c086 Bisecting: 131 revisions left to test after this (roughly 7 steps) [64c3dd0b98f586a5b7c8f5f4759ebb41cfd03861] Merge tag 'xfs-6.1-fixes-4' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux testing commit 64c3dd0b98f586a5b7c8f5f4759ebb41cfd03861 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: cf6b710d68bc4c11cc0b17e06b3f3dc7347d509e230481b8c929c8bc31c3adf7 all runs: crashed: KASAN: use-after-free Read in mas_next_nentry # git bisect good 64c3dd0b98f586a5b7c8f5f4759ebb41cfd03861 Bisecting: 68 revisions left to test after this (roughly 6 steps) [f6f5204727b9b1f3c6e9c90b5b09f40c6e0102f5] Merge tag 'x86_urgent_for_v6.1_rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip testing commit f6f5204727b9b1f3c6e9c90b5b09f40c6e0102f5 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: b6bd104dbdf8caa37848659ba5fad90648d62d5e805151853be47bd7b94080d0 all runs: crashed: KASAN: use-after-free Read in mas_next_nentry # git bisect good f6f5204727b9b1f3c6e9c90b5b09f40c6e0102f5 Bisecting: 34 revisions left to test after this (roughly 5 steps) [a1de832bd3243577de365222d8bc92708005ebf3] Merge tag 'platform-drivers-x86-v6.1-3' of git://git.kernel.org/pub/scm/linux/kernel/git/pdx86/platform-drivers-x86 testing commit a1de832bd3243577de365222d8bc92708005ebf3 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 1bffbee3f75d4d787cf13a150b34d66d03064d662a5479de6e084f32b18e73d7 all runs: crashed: KASAN: use-after-free Read in mas_next_nentry # git bisect good a1de832bd3243577de365222d8bc92708005ebf3 Bisecting: 18 revisions left to test after this (roughly 4 steps) [179228654ddefcbd99060a113ad02079dcdf22f1] Merge tag 'hwlock-v6.1' of git://git.kernel.org/pub/scm/linux/kernel/git/remoteproc/linux testing commit 179228654ddefcbd99060a113ad02079dcdf22f1 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: e4aecd3e272c477fcbe9aa67ad2b8243c96bf40d10245ab53e011f58432201fa all runs: OK # git bisect bad 179228654ddefcbd99060a113ad02079dcdf22f1 Bisecting: 5 revisions left to test after this (roughly 3 steps) [f67dd6ce0723ad013395f20a3f79d8a437d3f455] Merge tag 'slab-for-6.1-rc4-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/vbabka/slab testing commit f67dd6ce0723ad013395f20a3f79d8a437d3f455 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: e0cbba3f20b5cc548009c559a74208f011924911fcead786203c0ab6a44bdd14 all runs: OK # git bisect bad f67dd6ce0723ad013395f20a3f79d8a437d3f455 Bisecting: 4 revisions left to test after this (roughly 2 steps) [f141df371335645ce29a87d9683a3f79fba7fd67] Merge tag 'audit-pr-20221107' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/audit testing commit f141df371335645ce29a87d9683a3f79fba7fd67 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 3b299dd9e8079bdebe08e06b413fbe6d40b08745bfece75c43865d29c7948a6f all runs: OK # git bisect bad f141df371335645ce29a87d9683a3f79fba7fd67 Bisecting: 1 revision left to test after this (roughly 1 step) [f49b2d89fb10ef5fa5fa1993f648ec5daa884bef] Merge tag 'lsm-pr-20221107' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/lsm testing commit f49b2d89fb10ef5fa5fa1993f648ec5daa884bef gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 02177191d730b752b04d7f8ec449a009e84e8e07e5caacccd3e4f617d2da08f9 all runs: OK # git bisect bad f49b2d89fb10ef5fa5fa1993f648ec5daa884bef Bisecting: 1 revision left to test after this (roughly 1 step) [46653972e3ea64f79e7f8ae3aa41a4d3fdb70a13] capabilities: fix undefined behavior in bit shift for CAP_TO_MASK testing commit 46653972e3ea64f79e7f8ae3aa41a4d3fdb70a13 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 473addf5f4c9ad33f50a8a610798ef5e3f8db3d5dfbae35860192fb02563397c all runs: boot failed: WARNING in __netif_set_xps_queue # git bisect skip 46653972e3ea64f79e7f8ae3aa41a4d3fdb70a13 Bisecting: 1 revision left to test after this (roughly 1 step) [59f2f4b8a757412fce372f6d0767bdb55da127a8] fs/userfaultfd: Fix maple tree iterator in userfaultfd_unregister() testing commit 59f2f4b8a757412fce372f6d0767bdb55da127a8 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 4bc0dba762002867895ac4a9094783ef6715ff387cee1e4dba1b7353f37a00f6 all runs: OK # git bisect bad 59f2f4b8a757412fce372f6d0767bdb55da127a8 59f2f4b8a757412fce372f6d0767bdb55da127a8 is the first bad commit commit 59f2f4b8a757412fce372f6d0767bdb55da127a8 Author: Liam Howlett Date: Mon Nov 7 20:11:42 2022 +0000 fs/userfaultfd: Fix maple tree iterator in userfaultfd_unregister() When iterating the VMAs, the maple state needs to be invalidated if the tree is modified by a split or merge to ensure the maple tree node contained in the maple state is still valid. These invalidations were missed, so add them to the paths which alter the tree. Reported-by: syzbot+0d2014e4da2ccced5b41@syzkaller.appspotmail.com Fixes: 69dbe6daf104 (userfaultfd: use maple tree iterator to iterate VMAs) Signed-off-by: Liam R. Howlett Signed-off-by: Linus Torvalds fs/userfaultfd.c | 3 +++ 1 file changed, 3 insertions(+) culprit signature: 4bc0dba762002867895ac4a9094783ef6715ff387cee1e4dba1b7353f37a00f6 parent signature: 1bffbee3f75d4d787cf13a150b34d66d03064d662a5479de6e084f32b18e73d7 revisions tested: 17, total time: 4h4m14.785036935s (build: 1h59m12.17050728s, test: 2h2m29.043334941s) first good commit: 59f2f4b8a757412fce372f6d0767bdb55da127a8 fs/userfaultfd: Fix maple tree iterator in userfaultfd_unregister() recipients (to): ["liam.howlett@oracle.com" "linux-kernel@vger.kernel.org" "torvalds@linux-foundation.org"] recipients (cc): ["linux-fsdevel@vger.kernel.org" "viro@zeniv.linux.org.uk"]