bisecting fixing commit since f5d582777bcb1c7ff19a5a2343f66ea01de401c6 building syzkaller on 4093e33b1338f274ae0062f555de9d6af8640d61 testing commit f5d582777bcb1c7ff19a5a2343f66ea01de401c6 with gcc (GCC) 8.1.0 kernel signature: b7f0cc1bc4473dc79c84a104eee6d66d09f504c2d2b0a159c29aecc831702c5a all runs: crashed: INFO: task hung in ctrl_getfamily testing current HEAD 856deb866d16e29bd65952e0289066f6078af773 testing commit 856deb866d16e29bd65952e0289066f6078af773 with gcc (GCC) 8.1.0 kernel signature: ef7044abddad1db30d0c224f68bc2e05d03dd45ce26baf6d982c8977fa4d658c all runs: OK # git bisect start 856deb866d16e29bd65952e0289066f6078af773 f5d582777bcb1c7ff19a5a2343f66ea01de401c6 Bisecting: 76016 revisions left to test after this (roughly 16 steps) [e0580b50d9d4b61d6c56085acdc2bb01c040aca9] Merge tag 'linux-can-next-for-5.5-20191111' of git://git.kernel.org/pub/scm/linux/kernel/git/mkl/linux-can-next testing commit e0580b50d9d4b61d6c56085acdc2bb01c040aca9 with gcc (GCC) 8.1.0 kernel signature: 3e84225bf25a3391a5d5ffb86f838994c98ae492581be9d0acfd59d861f55573 run #0: crashed: INFO: task hung in ctrl_getfamily run #1: crashed: INFO: task hung in ctrl_getfamily run #2: crashed: INFO: task hung in ctrl_getfamily run #3: crashed: INFO: task hung in ctrl_getfamily run #4: crashed: INFO: task hung in ctrl_getfamily run #5: crashed: INFO: task hung in genl_rcv_msg run #6: crashed: INFO: task hung in ctrl_getfamily run #7: crashed: INFO: task hung in ctrl_getfamily run #8: crashed: INFO: task hung in ctrl_getfamily run #9: crashed: INFO: task hung in ctrl_getfamily # git bisect good e0580b50d9d4b61d6c56085acdc2bb01c040aca9 Bisecting: 37956 revisions left to test after this (roughly 15 steps) [86f26a77cb0cf532a92be18d2c065f5158e1a545] Merge tag 'pci-v5.7-changes' of git://git.kernel.org/pub/scm/linux/kernel/git/helgaas/pci testing commit 86f26a77cb0cf532a92be18d2c065f5158e1a545 with gcc (GCC) 8.1.0 kernel signature: 51bae98ea711f29613139f5eff33b15ab900bf595fcd0610c959359dd0533575 run #0: crashed: INFO: task hung in ctrl_getfamily run #1: crashed: INFO: task hung in ctrl_getfamily run #2: crashed: INFO: task hung in ctrl_getfamily run #3: crashed: INFO: task hung in ctrl_getfamily run #4: crashed: INFO: task hung in ctrl_getfamily run #5: crashed: INFO: task hung in ctrl_getfamily run #6: crashed: INFO: task hung in ctrl_getfamily run #7: crashed: INFO: task hung in ctrl_getfamily run #8: crashed: INFO: task hung in ctrl_getfamily run #9: crashed: INFO: task hung in genl_rcv_msg # git bisect good 86f26a77cb0cf532a92be18d2c065f5158e1a545 Bisecting: 19040 revisions left to test after this (roughly 14 steps) [37c54f9bd48663f7657a9178fe08c47e4f5b537b] kernel: set USER_DS in kthread_use_mm testing commit 37c54f9bd48663f7657a9178fe08c47e4f5b537b with gcc (GCC) 8.1.0 kernel signature: d9c3af482f61c40cf1e765864832365631a1b6444fce8e9ed2e207b3b10cdbfb all runs: basic kernel testing failed: BUG: using smp_processor_id() in preemptible code in ext4_mb_new_blocks # git bisect skip 37c54f9bd48663f7657a9178fe08c47e4f5b537b Bisecting: 19040 revisions left to test after this (roughly 14 steps) [a0b224b90bb60b3fbd2cae750227c995c9e61055] ALSA: echoaudio: Address bugs in the interrupt handling testing commit a0b224b90bb60b3fbd2cae750227c995c9e61055 with gcc (GCC) 8.1.0 kernel signature: 3024fc9f2650bada06387aa6ef9af6ca78f2e415672feac32b2167fa9111d003 all runs: basic kernel testing failed: BUG: using smp_processor_id() in preemptible code in ext4_mb_new_blocks # git bisect skip a0b224b90bb60b3fbd2cae750227c995c9e61055 Bisecting: 19040 revisions left to test after this (roughly 14 steps) [ad5a57dfe434b02ab28852703d7ad5510998ccef] firmware: smccc: Drop smccc_version enum and use ARM_SMCCC_VERSION_1_x instead testing commit ad5a57dfe434b02ab28852703d7ad5510998ccef with gcc (GCC) 8.1.0 kernel signature: 6bae1e3c024bf41cf8bd09b72ac03eb29c5ef6967b8a7d644548c7bfb6fcdd5e run #0: crashed: INFO: task hung in ctrl_getfamily run #1: crashed: INFO: task hung in ctrl_getfamily run #2: crashed: INFO: task hung in ctrl_getfamily run #3: crashed: INFO: task hung in ctrl_getfamily run #4: crashed: INFO: task hung in ctrl_getfamily run #5: crashed: INFO: task hung in ctrl_getfamily run #6: crashed: INFO: task hung in genl_rcv_msg run #7: crashed: INFO: task hung in ctrl_getfamily run #8: crashed: INFO: task hung in ctrl_getfamily run #9: crashed: INFO: task hung in ctrl_getfamily # git bisect good ad5a57dfe434b02ab28852703d7ad5510998ccef Bisecting: 17053 revisions left to test after this (roughly 14 steps) [aac840eca8fec02d594560647130d4e4447e10d9] macintosh/adb-iop: Access current_req and adb_iop_state when inside lock testing commit aac840eca8fec02d594560647130d4e4447e10d9 with gcc (GCC) 8.1.0 kernel signature: 07dbb9a0e8a59377c507c196280c18fa15ec01c9fcf905d9dbb2c94ea34e6bd1 all runs: crashed: INFO: task hung in ctrl_getfamily # git bisect good aac840eca8fec02d594560647130d4e4447e10d9 Bisecting: 8943 revisions left to test after this (roughly 13 steps) [8186749621ed6b8fc42644c399e8c755a2b6f630] Merge tag 'drm-next-2020-08-06' of git://anongit.freedesktop.org/drm/drm testing commit 8186749621ed6b8fc42644c399e8c755a2b6f630 with gcc (GCC) 8.1.0 kernel signature: db1e28080d70b5aa7fe856242593535ea0864e921f206748b5ad3ae0461c059e run #0: crashed: INFO: task hung in genl_rcv_msg run #1: crashed: INFO: task hung in ctrl_getfamily run #2: crashed: INFO: task hung in ctrl_getfamily run #3: crashed: INFO: task hung in ctrl_getfamily run #4: crashed: INFO: task hung in ctrl_getfamily run #5: crashed: INFO: task hung in ctrl_getfamily run #6: crashed: INFO: task hung in genl_rcv_msg run #7: crashed: INFO: task hung in ctrl_getfamily run #8: crashed: INFO: task hung in ctrl_getfamily run #9: crashed: INFO: task hung in ctrl_getfamily # git bisect good 8186749621ed6b8fc42644c399e8c755a2b6f630 Bisecting: 4464 revisions left to test after this (roughly 12 steps) [25d8d4eecace9de5a6a2193e4df1917afbdd3052] Merge tag 'powerpc-5.9-1' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux testing commit 25d8d4eecace9de5a6a2193e4df1917afbdd3052 with gcc (GCC) 8.1.0 kernel signature: 9112ccddd33f22d734e1f93f349a08fc55f34fbcd19bf20a9ab6710d898e17d8 all runs: crashed: INFO: task hung in ctrl_getfamily # git bisect good 25d8d4eecace9de5a6a2193e4df1917afbdd3052 Bisecting: 2215 revisions left to test after this (roughly 11 steps) [4586039427fab2b8c4edd49c73002e13e04315cf] Merge tag 'linux-watchdog-5.9-rc1' of git://www.linux-watchdog.org/linux-watchdog testing commit 4586039427fab2b8c4edd49c73002e13e04315cf with gcc (GCC) 8.1.0 kernel signature: 05b31d0f2df15b80e2d90be36739f654d8b604445d851524f7ddf03f600b9f1a all runs: boot failed: WARNING in mem_cgroup_css_alloc # git bisect skip 4586039427fab2b8c4edd49c73002e13e04315cf Bisecting: 2215 revisions left to test after this (roughly 11 steps) [798b7347e4f29553db4b996393caf12f5b233daf] jffs2: fix UAF problem testing commit 798b7347e4f29553db4b996393caf12f5b233daf with gcc (GCC) 8.1.0 kernel signature: 39eee418141664a32ed8f134fc07bf6bc41c5b207a10d3bc2eff112b7f590618 all runs: crashed: INFO: task hung in ctrl_getfamily # git bisect good 798b7347e4f29553db4b996393caf12f5b233daf Bisecting: 2215 revisions left to test after this (roughly 11 steps) [17899eaf88d689529b866371344c8f269ba79b5f] powerpc/perf: Fix soft lockups due to missed interrupt accounting testing commit 17899eaf88d689529b866371344c8f269ba79b5f with gcc (GCC) 8.1.0 kernel signature: 17f1062830f5669e19ece3cd78d2a021a785748766faaa700eb4887d7e2a00d8 run #0: crashed: INFO: task hung in genl_rcv_msg run #1: crashed: INFO: task hung in ctrl_getfamily run #2: crashed: INFO: task hung in ctrl_getfamily run #3: crashed: INFO: task hung in ctrl_getfamily run #4: crashed: INFO: task hung in ctrl_getfamily run #5: crashed: INFO: task hung in genl_rcv_msg run #6: crashed: INFO: task hung in genl_rcv_msg run #7: crashed: INFO: task hung in ctrl_getfamily run #8: crashed: INFO: task hung in genl_rcv_msg run #9: crashed: INFO: task hung in ctrl_getfamily # git bisect good 17899eaf88d689529b866371344c8f269ba79b5f Bisecting: 707 revisions left to test after this (roughly 10 steps) [d2283cdc18d3378587f9d05be4fd1818059a757a] Merge tag 'irq-urgent-2020-08-30' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip testing commit d2283cdc18d3378587f9d05be4fd1818059a757a with gcc (GCC) 8.1.0 kernel signature: b14cad213c3c81626511392526f39302092518da7865e631d4ee191a0bf5fedf all runs: OK # git bisect bad d2283cdc18d3378587f9d05be4fd1818059a757a Bisecting: 379 revisions left to test after this (roughly 9 steps) [f320ac6e131669345c7f4abefbb228b570eb9199] Merge branch 'work.epoll' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs testing commit f320ac6e131669345c7f4abefbb228b570eb9199 with gcc (GCC) 8.1.0 kernel signature: 2f1b347bf2e556bbd0aa5e6e8e612c0858fa1a1ec904dee99839894c427e00e2 all runs: OK # git bisect bad f320ac6e131669345c7f4abefbb228b570eb9199 Bisecting: 155 revisions left to test after this (roughly 7 steps) [7f04f3ed621fd345ca1b01ec6e98c9b85d95851f] Merge tag 'sound-5.9-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound testing commit 7f04f3ed621fd345ca1b01ec6e98c9b85d95851f with gcc (GCC) 8.1.0 kernel signature: 68c99322b25e164b770f733b61f8b0878801aeea2d5b2546f87964abf9a07d3c all runs: OK # git bisect bad 7f04f3ed621fd345ca1b01ec6e98c9b85d95851f Bisecting: 88 revisions left to test after this (roughly 7 steps) [9899b587588fb6ced0597e188e049f1ab92c7003] Merge tag 'fixes-2020-08-18' of git://git.kernel.org/pub/scm/linux/kernel/git/rppt/memblock testing commit 9899b587588fb6ced0597e188e049f1ab92c7003 with gcc (GCC) 8.1.0 kernel signature: cd56ce64098f50376eefdbb6577d3b8e2f51941ea6d09ea9274310b6a3f9539e all runs: OK # git bisect bad 9899b587588fb6ced0597e188e049f1ab92c7003 Bisecting: 43 revisions left to test after this (roughly 6 steps) [0ae18a82686f9b9965a8ce0dd81371871b306ffe] can: j1939: add rxtimer for multipacket broadcast session testing commit 0ae18a82686f9b9965a8ce0dd81371871b306ffe with gcc (GCC) 8.1.0 kernel signature: 225abbb48ba5b197bf63a30051cba1361cbd87c8d88160bddc45484134b983b2 run #0: crashed: INFO: task hung in genl_rcv_msg run #1: crashed: INFO: task hung in ctrl_getfamily run #2: crashed: INFO: task hung in ctrl_getfamily run #3: crashed: INFO: task hung in ctrl_getfamily run #4: crashed: INFO: task hung in ctrl_getfamily run #5: crashed: INFO: task hung in ctrl_getfamily run #6: crashed: INFO: task hung in ctrl_getfamily run #7: crashed: INFO: task hung in genl_rcv_msg run #8: crashed: INFO: task hung in ctrl_getfamily run #9: crashed: INFO: task hung in ctrl_getfamily # git bisect good 0ae18a82686f9b9965a8ce0dd81371871b306ffe Bisecting: 25 revisions left to test after this (roughly 5 steps) [71a50419c7307bef6367e8f3787570f546ae96f8] Merge tag 'linux-can-fixes-for-5.9-20200815' of git://git.kernel.org/pub/scm/linux/kernel/git/mkl/linux-can testing commit 71a50419c7307bef6367e8f3787570f546ae96f8 with gcc (GCC) 8.1.0 kernel signature: abeffa8f16f37c2146798ef8f42fdcd7b7f986a0307c3837dcaa46e9d2ccd00e run #0: crashed: INFO: task hung in ctrl_getfamily run #1: crashed: INFO: task hung in ctrl_getfamily run #2: crashed: INFO: task hung in ctrl_getfamily run #3: crashed: INFO: task hung in ctrl_getfamily run #4: crashed: INFO: task hung in ctrl_getfamily run #5: crashed: INFO: task hung in genl_rcv_msg run #6: crashed: INFO: task hung in genl_rcv_msg run #7: crashed: INFO: task hung in ctrl_getfamily run #8: crashed: INFO: task hung in genl_rcv_msg run #9: crashed: INFO: task hung in ctrl_getfamily # git bisect good 71a50419c7307bef6367e8f3787570f546ae96f8 Bisecting: 12 revisions left to test after this (roughly 4 steps) [b3b2854dcf704c1db05d897072f98e8b79398af1] mptcp: sendmsg: reset iter on error redux testing commit b3b2854dcf704c1db05d897072f98e8b79398af1 with gcc (GCC) 8.1.0 kernel signature: 9daf076e0a17053254bc2c0d29c45a2734432c2fcf9763ae9e89cbd46b7b36f7 all runs: OK # git bisect bad b3b2854dcf704c1db05d897072f98e8b79398af1 Bisecting: 5 revisions left to test after this (roughly 3 steps) [d8bb9abe21071c64d077f9db3b403823a389464f] selftests: netfilter: kill running process only testing commit d8bb9abe21071c64d077f9db3b403823a389464f with gcc (GCC) 8.1.0 kernel signature: 53e46ef5fed09fc2660787a5f888d4c8e64127ccfc543df8f1a1e865687e0587 run #0: crashed: INFO: task hung in ctrl_getfamily run #1: crashed: INFO: task hung in ctrl_getfamily run #2: crashed: INFO: task hung in ctrl_getfamily run #3: crashed: INFO: task hung in ctrl_getfamily run #4: crashed: INFO: task hung in ctrl_getfamily run #5: crashed: INFO: task hung in ctrl_getfamily run #6: crashed: INFO: task hung in genl_rcv_msg run #7: crashed: INFO: task hung in genl_rcv_msg run #8: crashed: INFO: task hung in ctrl_getfamily run #9: crashed: no output from test machine # git bisect good d8bb9abe21071c64d077f9db3b403823a389464f Bisecting: 2 revisions left to test after this (roughly 2 steps) [47733f9daf4fe4f7e0eb9e273f21ad3a19130487] tipc: fix uninit skb->data in tipc_nl_compat_dumpit() testing commit 47733f9daf4fe4f7e0eb9e273f21ad3a19130487 with gcc (GCC) 8.1.0 kernel signature: ce59bf79940a86251ad56bf665947339beb34f10e0274d254d557ae2459b586d all runs: OK # git bisect bad 47733f9daf4fe4f7e0eb9e273f21ad3a19130487 Bisecting: 1 revision left to test after this (roughly 1 step) [5c04da55c754c44937b3d19c6522f9023fd5c5d5] netfilter: ebtables: reject bogus getopt len value testing commit 5c04da55c754c44937b3d19c6522f9023fd5c5d5 with gcc (GCC) 8.1.0 kernel signature: 70327a192e56af54c13e242cd329d46ff52ea7b61d836942df275f1e0b8e89d9 all runs: crashed: INFO: task hung in ctrl_getfamily # git bisect good 5c04da55c754c44937b3d19c6522f9023fd5c5d5 Bisecting: 0 revisions left to test after this (roughly 0 steps) [8c26544f5ace22ee159113a3300de077f2973519] Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf testing commit 8c26544f5ace22ee159113a3300de077f2973519 with gcc (GCC) 8.1.0 kernel signature: dae9248ee82971b507ed268f74ec7505270892aabcf73386a46a423c2f40a7b2 all runs: crashed: INFO: task hung in ctrl_getfamily # git bisect good 8c26544f5ace22ee159113a3300de077f2973519 47733f9daf4fe4f7e0eb9e273f21ad3a19130487 is the first bad commit commit 47733f9daf4fe4f7e0eb9e273f21ad3a19130487 Author: Cong Wang Date: Sat Aug 15 16:29:15 2020 -0700 tipc: fix uninit skb->data in tipc_nl_compat_dumpit() __tipc_nl_compat_dumpit() has two callers, and it expects them to pass a valid nlmsghdr via arg->data. This header is artificial and crafted just for __tipc_nl_compat_dumpit(). tipc_nl_compat_publ_dump() does so by putting a genlmsghdr as well as some nested attribute, TIPC_NLA_SOCK. But the other caller tipc_nl_compat_dumpit() does not, this leaves arg->data uninitialized on this call path. Fix this by just adding a similar nlmsghdr without any payload in tipc_nl_compat_dumpit(). This bug exists since day 1, but the recent commit 6ea67769ff33 ("net: tipc: prepare attrs in __tipc_nl_compat_dumpit()") makes it easier to appear. Reported-and-tested-by: syzbot+0e7181deafa7e0b79923@syzkaller.appspotmail.com Fixes: d0796d1ef63d ("tipc: convert legacy nl bearer dump to nl compat") Cc: Jon Maloy Cc: Ying Xue Cc: Richard Alpe Signed-off-by: Cong Wang Acked-by: Ying Xue Signed-off-by: David S. Miller net/tipc/netlink_compat.c | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) culprit signature: ce59bf79940a86251ad56bf665947339beb34f10e0274d254d557ae2459b586d parent signature: dae9248ee82971b507ed268f74ec7505270892aabcf73386a46a423c2f40a7b2 revisions tested: 24, total time: 4h54m2.36158077s (build: 1h53m37.205732154s, test: 2h55m59.568135593s) first good commit: 47733f9daf4fe4f7e0eb9e273f21ad3a19130487 tipc: fix uninit skb->data in tipc_nl_compat_dumpit() recipients (to): ["davem@davemloft.net" "syzbot+0e7181deafa7e0b79923@syzkaller.appspotmail.com" "xiyou.wangcong@gmail.com" "ying.xue@windriver.com"] recipients (cc): []