bisecting fixing commit since a844dc4c544291470aa69edbe2434b040794e269 building syzkaller on d973f52833e0e3cec5406aa9cdf606a463d85c46 testing commit a844dc4c544291470aa69edbe2434b040794e269 with gcc (GCC) 8.1.0 kernel signature: 967af443b19d7464e8f5cda22526fc741bfb540ce461ac0150616de94585bcbb run #0: crashed: KASAN: use-after-free Read in n_tty_receive_buf_common run #1: crashed: KASAN: use-after-free Read in n_tty_receive_buf_common run #2: crashed: KASAN: use-after-free Read in n_tty_receive_buf_common run #3: crashed: KASAN: use-after-free Read in n_tty_receive_buf_common run #4: crashed: KASAN: use-after-free Read in n_tty_receive_buf_common run #5: crashed: KASAN: use-after-free Read in n_tty_receive_buf_common run #6: crashed: KASAN: use-after-free Read in n_tty_receive_buf_common run #7: crashed: KASAN: use-after-free Read in n_tty_receive_buf_common run #8: crashed: INFO: task hung in paste_selection run #9: crashed: INFO: task hung in paste_selection testing current HEAD 01364dad1d4577e27a57729d41053f661bb8a5b9 testing commit 01364dad1d4577e27a57729d41053f661bb8a5b9 with gcc (GCC) 8.1.0 kernel signature: fb65f735b931f23aaa18eac1e06d2bd6b55560e37bca34f9d6533579c9f88d31 all runs: OK # git bisect start 01364dad1d4577e27a57729d41053f661bb8a5b9 a844dc4c544291470aa69edbe2434b040794e269 Bisecting: 995 revisions left to test after this (roughly 10 steps) [0fd24a6a8a063c064a664797d4913d5f365f56a2] drm/nouveau/bios/ramcfg: fix missing parentheses when calculating RON testing commit 0fd24a6a8a063c064a664797d4913d5f365f56a2 with gcc (GCC) 8.1.0 kernel signature: 558daf23e8d8a311d35ec35896955fbf636d827016075f80909cc0e90fd707e0 run #0: crashed: KASAN: use-after-free Read in n_tty_receive_buf_common run #1: crashed: KASAN: use-after-free Read in n_tty_receive_buf_common run #2: crashed: KASAN: use-after-free Read in n_tty_receive_buf_common run #3: crashed: KASAN: use-after-free Read in n_tty_receive_buf_common run #4: crashed: KASAN: use-after-free Read in n_tty_receive_buf_common run #5: crashed: KASAN: use-after-free Read in n_tty_receive_buf_common run #6: crashed: KASAN: use-after-free Read in n_tty_receive_buf_common run #7: crashed: KASAN: use-after-free Read in n_tty_receive_buf_common run #8: crashed: KASAN: use-after-free Read in n_tty_receive_buf_common run #9: crashed: INFO: task hung in paste_selection # git bisect good 0fd24a6a8a063c064a664797d4913d5f365f56a2 Bisecting: 497 revisions left to test after this (roughly 9 steps) [2106d26897f9341ddb7ad74bfc5867808cec927a] clocksource: Prevent double add_timer_on() for watchdog_timer testing commit 2106d26897f9341ddb7ad74bfc5867808cec927a with gcc (GCC) 8.1.0 kernel signature: 98dc10ac6a96a78fdb0f7caa7b2fcf32bc70cf9de612b54502340676c0de0bbb all runs: crashed: KASAN: use-after-free Read in n_tty_receive_buf_common # git bisect good 2106d26897f9341ddb7ad74bfc5867808cec927a Bisecting: 248 revisions left to test after this (roughly 8 steps) [02a67798862f1c848e91859a7f4b291bcfdcf563] KVM: nVMX: Refactor IO bitmap checks into helper function testing commit 02a67798862f1c848e91859a7f4b291bcfdcf563 with gcc (GCC) 8.1.0 kernel signature: 25bfe8b77abce80d7afb871e6adcf52616a93e1f17a7daf6268d299250b9bf1a all runs: crashed: KASAN: use-after-free Read in n_tty_receive_buf_common # git bisect good 02a67798862f1c848e91859a7f4b291bcfdcf563 Bisecting: 124 revisions left to test after this (roughly 7 steps) [7336a80aebc633d75c09d8dad09cd467807c787a] serial: 8250_exar: add support for ACCES cards testing commit 7336a80aebc633d75c09d8dad09cd467807c787a with gcc (GCC) 8.1.0 kernel signature: 718c23d23f2b303e51523e35170fa0f8c640f7e493576a4a15a9ff1422ba3db0 all runs: crashed: KASAN: use-after-free Read in n_tty_receive_buf_common # git bisect good 7336a80aebc633d75c09d8dad09cd467807c787a Bisecting: 62 revisions left to test after this (roughly 6 steps) [b58120a61b256e3c24b957fe36617bdc738efc9c] cgroup: cgroup_procs_next should increase position index testing commit b58120a61b256e3c24b957fe36617bdc738efc9c with gcc (GCC) 8.1.0 kernel signature: 4e120116df49c9cd1dcc0bee34fd14c37af02de5102dfbfc61d3b2f29946ba1d all runs: OK # git bisect bad b58120a61b256e3c24b957fe36617bdc738efc9c Bisecting: 30 revisions left to test after this (roughly 5 steps) [6c5251993d38c59521b645a29eb2479957ba512f] ipvlan: add cond_resched_rcu() while processing muticast backlog testing commit 6c5251993d38c59521b645a29eb2479957ba512f with gcc (GCC) 8.1.0 kernel signature: b897f1ed0beffa6dd353895b7846b0fd475437d69f10cae7da2ddac5017321c4 run #0: crashed: WARNING: ODEBUG bug in netdev_freemem run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect good 6c5251993d38c59521b645a29eb2479957ba512f Bisecting: 15 revisions left to test after this (roughly 4 steps) [13e91bc63dcac99b9d96a8459e309c27009c1eb3] can: add missing attribute validation for termination testing commit 13e91bc63dcac99b9d96a8459e309c27009c1eb3 with gcc (GCC) 8.1.0 kernel signature: be1722261b83e7338dd4d59266552892f192914bb66cbcd70d1df45f54f05940 all runs: OK # git bisect bad 13e91bc63dcac99b9d96a8459e309c27009c1eb3 Bisecting: 7 revisions left to test after this (roughly 3 steps) [e27f53b37d55635cd8e4eb9bd31d52998ed016d0] sfc: detach from cb_page in efx_copy_channel() testing commit e27f53b37d55635cd8e4eb9bd31d52998ed016d0 with gcc (GCC) 8.1.0 kernel signature: d9144f12d70c96332c2576a53a100ccb69ab0a0643cf0a4e2216bdbf1b3c46de all runs: OK # git bisect bad e27f53b37d55635cd8e4eb9bd31d52998ed016d0 Bisecting: 3 revisions left to test after this (roughly 2 steps) [3f9e0b25fc13589071f93642b6de033e4792ddf0] net: macsec: update SCI upon MAC address change. testing commit 3f9e0b25fc13589071f93642b6de033e4792ddf0 with gcc (GCC) 8.1.0 kernel signature: 5ac946dfc3259f20eaf655639ea99f614c5a14d86e5667bf659ead4210ed8ff4 all runs: OK # git bisect bad 3f9e0b25fc13589071f93642b6de033e4792ddf0 Bisecting: 0 revisions left to test after this (roughly 1 step) [d5f90b1703867035e4b80014d3341a65cf6d8f31] netlink: Use netlink header as base to calculate bad attribute offset testing commit d5f90b1703867035e4b80014d3341a65cf6d8f31 with gcc (GCC) 8.1.0 kernel signature: 4ae1497b5f1dcaa7b17ff13b4a56b571d32047961d13cdd22179dcee1a9b6c45 all runs: OK # git bisect bad d5f90b1703867035e4b80014d3341a65cf6d8f31 Bisecting: 0 revisions left to test after this (roughly 0 steps) [7c315855c6f490d0bb70bc38a85b536011b9bd82] ipvlan: do not use cond_resched_rcu() in ipvlan_process_multicast() testing commit 7c315855c6f490d0bb70bc38a85b536011b9bd82 with gcc (GCC) 8.1.0 kernel signature: 549ec489a3d85821f37e36fc2fe039d80bb080eb485869ae1c42b6318822f31c all runs: OK # git bisect bad 7c315855c6f490d0bb70bc38a85b536011b9bd82 7c315855c6f490d0bb70bc38a85b536011b9bd82 is the first bad commit commit 7c315855c6f490d0bb70bc38a85b536011b9bd82 Author: Eric Dumazet Date: Mon Mar 9 18:22:58 2020 -0700 ipvlan: do not use cond_resched_rcu() in ipvlan_process_multicast() [ Upstream commit afe207d80a61e4d6e7cfa0611a4af46d0ba95628 ] Commit e18b353f102e ("ipvlan: add cond_resched_rcu() while processing muticast backlog") added a cond_resched_rcu() in a loop using rcu protection to iterate over slaves. This is breaking rcu rules, so lets instead use cond_resched() at a point we can reschedule Fixes: e18b353f102e ("ipvlan: add cond_resched_rcu() while processing muticast backlog") Signed-off-by: Eric Dumazet Cc: Mahesh Bandewar Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman drivers/net/ipvlan/ipvlan_core.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) culprit signature: 549ec489a3d85821f37e36fc2fe039d80bb080eb485869ae1c42b6318822f31c parent signature: b897f1ed0beffa6dd353895b7846b0fd475437d69f10cae7da2ddac5017321c4 revisions tested: 13, total time: 3h44m35.323058651s (build: 1h48m21.420108668s, test: 1h54m48.231132385s) first good commit: 7c315855c6f490d0bb70bc38a85b536011b9bd82 ipvlan: do not use cond_resched_rcu() in ipvlan_process_multicast() cc: ["davem@davemloft.net" "edumazet@google.com" "gregkh@linuxfoundation.org"]