ci starts bisection 2023-08-06 08:05:12.510953218 +0000 UTC m=+136121.329148774 bisecting fixing commit since 61556703b610a104de324e4f061dc6cf7b218b46 building syzkaller on 42b90a7c596c2b7d8f8d034dff7d8c635631de5a ensuring issue is reproducible on original commit 61556703b610a104de324e4f061dc6cf7b218b46 testing commit 61556703b610a104de324e4f061dc6cf7b218b46 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 2e2cc0bd7dda7c8932e92ee0b2821cb921ad6d7bf7a247f4494a56739b42bec8 run #0: crashed: KASAN: use-after-free Read in ieee80211_ibss_build_presp run #1: crashed: KASAN: use-after-free Read in ieee80211_ibss_build_presp run #2: crashed: KASAN: use-after-free Read in ieee80211_ibss_build_presp run #3: crashed: KASAN: use-after-free Read in ieee80211_ibss_build_presp run #4: crashed: KASAN: use-after-free Read in ieee80211_ibss_build_presp run #5: crashed: KASAN: use-after-free Read in ieee80211_ibss_build_presp run #6: crashed: KASAN: invalid-free in ieee80211_ibss_leave run #7: crashed: KASAN: invalid-free in ieee80211_ibss_leave run #8: crashed: KASAN: use-after-free Read in ieee80211_ibss_build_presp run #9: crashed: KASAN: use-after-free Read in ieee80211_ibss_build_presp run #10: crashed: KASAN: use-after-free Read in ieee80211_ibss_build_presp run #11: crashed: KASAN: use-after-free Read in ieee80211_ibss_build_presp run #12: crashed: KASAN: use-after-free Read in ieee80211_ibss_build_presp run #13: crashed: KASAN: use-after-free Read in ieee80211_ibss_build_presp run #14: crashed: KASAN: use-after-free Read in ieee80211_ibss_build_presp run #15: crashed: KASAN: use-after-free Read in ieee80211_ibss_build_presp run #16: crashed: KASAN: invalid-free in ieee80211_ibss_leave run #17: crashed: KASAN: invalid-free in ieee80211_ibss_leave run #18: crashed: KASAN: use-after-free Read in ieee80211_ibss_build_presp run #19: crashed: KASAN: use-after-free Read in ieee80211_ibss_build_presp run #20: crashed: KASAN: invalid-free in ieee80211_ibss_leave run #21: crashed: KASAN: invalid-free in ieee80211_ibss_leave run #22: crashed: KASAN: use-after-free Read in ieee80211_ibss_build_presp run #23: crashed: KASAN: use-after-free Read in ieee80211_ibss_build_presp run #24: crashed: KASAN: use-after-free Read in ieee80211_ibss_build_presp run #25: crashed: KASAN: use-after-free Read in ieee80211_ibss_build_presp run #26: crashed: KASAN: invalid-free in ieee80211_ibss_leave run #27: crashed: KASAN: invalid-free in ieee80211_ibss_leave run #28: crashed: KASAN: use-after-free Read in ieee80211_ibss_build_presp run #29: crashed: KASAN: use-after-free Read in ieee80211_ibss_build_presp run #30: crashed: KASAN: invalid-free in ieee80211_ibss_leave run #31: crashed: KASAN: invalid-free in ieee80211_ibss_leave run #32: crashed: KASAN: use-after-free Read in ieee80211_ibss_build_presp run #33: crashed: KASAN: use-after-free Read in ieee80211_ibss_build_presp run #34: crashed: KASAN: invalid-free in ieee80211_ibss_leave run #35: crashed: KASAN: invalid-free in ieee80211_ibss_leave run #36: crashed: KASAN: use-after-free Read in ieee80211_ibss_build_presp run #37: crashed: KASAN: use-after-free Read in ieee80211_ibss_build_presp run #38: crashed: KASAN: use-after-free Read in ieee80211_ibss_build_presp run #39: crashed: KASAN: use-after-free Read in ieee80211_ibss_build_presp representative crash: KASAN: use-after-free Read in ieee80211_ibss_build_presp, types: [KASAN] check whether we can drop unnecessary instrumentation disabling configs for [LOCKDEP ATOMIC_SLEEP HANG LEAK UBSAN BUG], they are not needed testing commit 61556703b610a104de324e4f061dc6cf7b218b46 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 475295d7e69584bda1fb981a15c32365fbfe2632273fdc0c209299ad7a38bc29 all runs: crashed: KASAN: use-after-free Read in ieee80211_ibss_build_presp representative crash: KASAN: use-after-free Read in ieee80211_ibss_build_presp, types: [KASAN] the bug reproduces without the instrumentation disabling configs for [LEAK UBSAN BUG LOCKDEP ATOMIC_SLEEP HANG], they are not needed kconfig minimization: base=3876 full=7021 leaves diff=2004 split chunks (needed=false): <2004> split chunk #0 of len 2004 into 5 parts testing without sub-chunk 1/5 disabling configs for [UBSAN BUG LOCKDEP ATOMIC_SLEEP HANG LEAK], they are not needed testing commit 61556703b610a104de324e4f061dc6cf7b218b46 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 41c186e8a46a1e52c810aaa71ba68e88cf517c6849dfa3c7a8052361047ff870 run #0: crashed: KASAN: use-after-free Read in ieee80211_ibss_build_presp run #1: crashed: KASAN: use-after-free Read in ieee80211_ibss_build_presp run #2: crashed: KASAN: use-after-free Read in ieee80211_ibss_build_presp run #3: crashed: KASAN: use-after-free Read in ieee80211_ibss_build_presp run #4: crashed: KASAN: use-after-free Read in ieee80211_ibss_build_presp run #5: crashed: KASAN: use-after-free Read in ieee80211_ibss_build_presp run #6: crashed: KASAN: use-after-free Read in ieee80211_ibss_build_presp run #7: crashed: KASAN: use-after-free Read in ieee80211_ibss_build_presp run #8: crashed: KASAN: use-after-free Read in ieee80211_ibss_build_presp run #9: crashed: KASAN: use-after-free Read in ieee80211_ibss_build_presp run #10: crashed: KASAN: use-after-free Read in ieee80211_ibss_build_presp run #11: crashed: KASAN: use-after-free Read in ieee80211_ibss_build_presp run #12: crashed: KASAN: use-after-free Read in ieee80211_ibss_build_presp run #13: crashed: KASAN: use-after-free Read in ieee80211_ibss_build_presp run #14: crashed: KASAN: use-after-free Read in ieee80211_ibss_build_presp run #15: crashed: KASAN: use-after-free Read in ieee80211_ibss_build_presp run #16: crashed: KASAN: use-after-free Read in ieee80211_ibss_build_presp run #17: crashed: KASAN: use-after-free Read in ieee80211_ibss_build_presp run #18: crashed: KASAN: invalid-free in ieee80211_ibss_leave run #19: crashed: KASAN: invalid-free in ieee80211_ibss_leave representative crash: KASAN: use-after-free Read in ieee80211_ibss_build_presp, types: [KASAN] the chunk can be dropped testing without sub-chunk 2/5 disabling configs for [LOCKDEP ATOMIC_SLEEP HANG LEAK UBSAN BUG], they are not needed testing commit 61556703b610a104de324e4f061dc6cf7b218b46 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: a803ab96e0aecf0bafc9b5b65d57baebdfb12a6a3d867b81622a4e26eb83675d all runs: crashed: KASAN: use-after-free Read in ieee80211_ibss_build_presp representative crash: KASAN: use-after-free Read in ieee80211_ibss_build_presp, types: [KASAN] the chunk can be dropped testing without sub-chunk 3/5 disabling configs for [LOCKDEP ATOMIC_SLEEP HANG LEAK UBSAN BUG], they are not needed testing commit 61556703b610a104de324e4f061dc6cf7b218b46 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 1d9d9e2d69a7fb0c8afdfc9e3b776d54333cc7c3d05e76284b4b67bcec033ba0 all runs: OK false negative chance: 0.000 testing without sub-chunk 4/5 disabling configs for [LOCKDEP ATOMIC_SLEEP HANG LEAK UBSAN BUG], they are not needed testing commit 61556703b610a104de324e4f061dc6cf7b218b46 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 45fa3cd2229619960c91e1b6eb53db08e45987ad0aa5f7d828a6d8970099145a run #0: crashed: KASAN: use-after-free Read in ieee80211_ibss_build_presp run #1: crashed: KASAN: use-after-free Read in ieee80211_ibss_build_presp run #2: crashed: KASAN: use-after-free Read in ieee80211_ibss_build_presp run #3: crashed: KASAN: use-after-free Read in ieee80211_ibss_build_presp run #4: crashed: KASAN: use-after-free Read in ieee80211_ibss_build_presp run #5: crashed: KASAN: use-after-free Read in ieee80211_ibss_build_presp run #6: crashed: KASAN: use-after-free Read in ieee80211_ibss_build_presp run #7: crashed: KASAN: use-after-free Read in ieee80211_ibss_build_presp run #8: crashed: KASAN: use-after-free Read in ieee80211_ibss_build_presp run #9: crashed: KASAN: use-after-free Read in ieee80211_ibss_build_presp run #10: crashed: KASAN: use-after-free Read in ieee80211_ibss_build_presp run #11: crashed: KASAN: use-after-free Read in ieee80211_ibss_build_presp run #12: crashed: KASAN: use-after-free Read in ieee80211_ibss_build_presp run #13: crashed: KASAN: use-after-free Read in ieee80211_ibss_build_presp run #14: crashed: KASAN: invalid-free in ieee80211_ibss_leave run #15: crashed: KASAN: invalid-free in ieee80211_ibss_leave run #16: crashed: KASAN: use-after-free Read in ieee80211_ibss_build_presp run #17: crashed: KASAN: use-after-free Read in ieee80211_ibss_build_presp run #18: crashed: KASAN: use-after-free Read in ieee80211_ibss_build_presp run #19: crashed: KASAN: use-after-free Read in ieee80211_ibss_build_presp representative crash: KASAN: use-after-free Read in ieee80211_ibss_build_presp, types: [KASAN] the chunk can be dropped testing without sub-chunk 5/5 disabling configs for [LOCKDEP ATOMIC_SLEEP HANG LEAK UBSAN BUG], they are not needed testing commit 61556703b610a104de324e4f061dc6cf7b218b46 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: e6eae289216e96e6a1f020183f5bbb7c76d8ef9b63d192c8232238e5bc1aef9a all runs: crashed: KASAN: use-after-free Read in ieee80211_ibss_build_presp representative crash: KASAN: use-after-free Read in ieee80211_ibss_build_presp, types: [KASAN] the chunk can be dropped minimized to 401 configs; suspects: [ARCH_SELECT_MEMORY_MODEL ATM AX25 BRIDGE BRIDGE_NETFILTER CAN CFG80211 CHECKPOINT_RESTORE DVB_CORE FB FSCACHE HAMRADIO HAVE_NET_DSA INFINIBAND INFINIBAND_ADDR_TRANS INFINIBAND_USER_ACCESS INPUT_JOYSTICK INPUT_MOUSE IP6_NF_RAW IPV6_MULTIPLE_TABLES IP_NF_RAW IP_SET IP_VS IR_MCEUSB IR_REDRAT3 IR_STREAMZAP IR_TTUSBIR ISDN ISDN_CAPI_MIDDLEWARE ISI JFFS2_CMODE_PRIORITY JFFS2_COMPRESSION_OPTIONS JFFS2_FS JFFS2_FS_POSIX_ACL JFFS2_FS_SECURITY JFFS2_FS_WRITEBUFFER JFFS2_FS_XATTR JFFS2_LZO JFFS2_RTIME JFFS2_RUBIN JFFS2_SUMMARY JFFS2_ZLIB JFS_FS JFS_POSIX_ACL JFS_SECURITY JOYSTICK_IFORCE JOYSTICK_IFORCE_USB JOYSTICK_XPAD JOYSTICK_XPAD_FF JOYSTICK_XPAD_LEDS KARMA_PARTITION KCOV KCOV_ENABLE_COMPARISONS KCOV_INSTRUMENT_ALL KEYS_REQUEST_CACHE KEY_DH_OPERATIONS KEY_NOTIFICATIONS KSM KVM KVM_AMD KVM_ASYNC_PF KVM_COMPAT KVM_GENERIC_DIRTYLOG_READ_PROTECT KVM_INTEL KVM_MMIO KVM_VFIO KVM_XFER_TO_GUEST_WORK L2TP L2TP_ETH L2TP_IP L2TP_V3 LAPB LAPBETHER LDM_PARTITION LEDS_TRIGGER_AUDIO LEGACY_PTYS LEGACY_VSYSCALL_EMULATE LIBNVDIMM LINEAR_RANGES LLC LLC2 LOGIG940_FF LOGIRUMBLEPAD2_FF LOGO LOGO_LINUX_CLUT224 LOGO_LINUX_MONO LOGO_LINUX_VGA16 LPC_ICH LWTUNNEL LWTUNNEL_BPF LZ4HC_COMPRESS LZ4_COMPRESS MAC80211 MAC80211_DEBUGFS MAC80211_HAS_RC MAC80211_HWSIM MAC80211_LEDS MAC80211_MESH MAC80211_RC_DEFAULT_MINSTREL MAC80211_RC_MINSTREL MACSEC MACVLAN MACVTAP MAC_PARTITION MANDATORY_FILE_LOCKING MAPPING_DIRTY_HELPERS MD_LINEAR MD_MULTIPATH MD_RAID0 MD_RAID1 MD_RAID10 MD_RAID456 MEDIA_ANALOG_TV_SUPPORT MEDIA_ATTACH MEDIA_CONTROLLER MEDIA_CONTROLLER_DVB MEDIA_CONTROLLER_REQUEST_API MEDIA_DIGITAL_TV_SUPPORT MEDIA_RADIO_SUPPORT MEDIA_SDR_SUPPORT MEDIA_SUPPORT MEDIA_SUPPORT_FILTER MEDIA_TUNER MEDIA_TUNER_MSI001 MEDIA_TUNER_XC2028 MEDIA_TUNER_XC5000 MEMCG_SWAP MEMORY_BALLOON MEMORY_HOTPLUG MEMORY_HOTPLUG_DEFAULT_ONLINE MEMORY_ISOLATION MEMREGION MEMSTICK MEMSTICK_REALTEK_USB MEM_SOFT_DIRTY MFD_CORE MFD_SYSCON MICROCHIP_PHY MINIX_FS MINIX_SUBPARTITION MISC_RTSX MISC_RTSX_USB MISDN MISDN_DSP MISDN_HFCUSB MISDN_L1OIP MKISS MLX4_CORE MLX4_INFINIBAND MMC MMC_REALTEK_USB MMC_USHC MMC_VUB300 MMU_NOTIFIER MODULE_SRCVERSION_ALL MODVERSIONS MOST MOUSE_APPLETOUCH MOUSE_BCM5974 MOUSE_PS2 MOUSE_PS2_ALPS MOUSE_PS2_BYD MOUSE_PS2_CYPRESS MOUSE_PS2_FOCALTECH MOUSE_PS2_LIFEBOOK MOUSE_PS2_LOGIPS2PP MOUSE_PS2_SMBUS MOUSE_PS2_SYNAPTICS MOUSE_PS2_SYNAPTICS_SMBUS MOUSE_PS2_TRACKPOINT MOUSE_SYNAPTICS_USB MPLS MPLS_IPTUNNEL MPLS_ROUTING MPTCP MPTCP_IPV6 MRP MTD MTD_BLKDEVS MTD_BLOCK MTD_BLOCK2MTD MTD_CFI_I1 MTD_CFI_I2 MTD_MAP_BANK_WIDTH_1 MTD_MAP_BANK_WIDTH_2 MTD_MAP_BANK_WIDTH_4 MTD_MTDRAM MTD_PHRAM MTD_SLRAM MUSB_PIO_ONLY ND_BLK ND_BTT ND_CLAIM ND_PFN NEED_MULTIPLE_NODES NETDEVSIM NETFILTER_ADVANCED NETFILTER_FAMILY_ARP NETFILTER_FAMILY_BRIDGE NETFILTER_NETLINK_ACCT NETFILTER_NETLINK_GLUE_CT NETFILTER_NETLINK_OSF NETFILTER_NETLINK_QUEUE NETFILTER_SYNPROXY NETFILTER_XT_CONNMARK NETFILTER_XT_MATCH_BPF NETFILTER_XT_MATCH_CGROUP NETFILTER_XT_MATCH_CLUSTER NETFILTER_XT_MATCH_COMMENT NETFILTER_XT_MATCH_CONNBYTES NETFILTER_XT_MATCH_CONNLABEL NETFILTER_XT_MATCH_CONNLIMIT NETFILTER_XT_MATCH_CONNMARK NETFILTER_XT_MATCH_CPU NETFILTER_XT_MATCH_DCCP NETFILTER_XT_MATCH_DEVGROUP NETFILTER_XT_MATCH_DSCP NETFILTER_XT_MATCH_ECN NETFILTER_XT_MATCH_ESP NETFILTER_XT_MATCH_HASHLIMIT NETFILTER_XT_MATCH_HELPER NETFILTER_XT_MATCH_HL NETFILTER_XT_MATCH_IPCOMP NETFILTER_XT_MATCH_IPRANGE NETFILTER_XT_MATCH_IPVS NETFILTER_XT_MATCH_L2TP NETFILTER_XT_MATCH_LENGTH NETFILTER_XT_MATCH_LIMIT NETFILTER_XT_MATCH_MAC NETFILTER_XT_MATCH_MARK NETFILTER_XT_MATCH_MULTIPORT NETFILTER_XT_MATCH_NFACCT NETFILTER_XT_MATCH_OSF NETFILTER_XT_MATCH_OWNER NETFILTER_XT_MATCH_PHYSDEV NETFILTER_XT_MATCH_PKTTYPE NETFILTER_XT_MATCH_QUOTA NETFILTER_XT_MATCH_RATEEST NETFILTER_XT_MATCH_REALM NETFILTER_XT_MATCH_RECENT NETFILTER_XT_MATCH_SCTP NETFILTER_XT_MATCH_SOCKET NETFILTER_XT_MATCH_STATISTIC NETFILTER_XT_MATCH_STRING NETFILTER_XT_MATCH_TCPMSS NETFILTER_XT_MATCH_TIME NETFILTER_XT_MATCH_U32 NETFILTER_XT_SET NETFILTER_XT_TARGET_AUDIT NETFILTER_XT_TARGET_CHECKSUM NETFILTER_XT_TARGET_CLASSIFY NETFILTER_XT_TARGET_CONNMARK NETFILTER_XT_TARGET_CT NETFILTER_XT_TARGET_DSCP NETFILTER_XT_TARGET_HL NETFILTER_XT_TARGET_HMARK NETFILTER_XT_TARGET_IDLETIMER NETFILTER_XT_TARGET_LED NETFILTER_XT_TARGET_MARK NETFILTER_XT_TARGET_NETMAP NETFILTER_XT_TARGET_NFQUEUE NETFILTER_XT_TARGET_NOTRACK NETFILTER_XT_TARGET_RATEEST NETFILTER_XT_TARGET_REDIRECT NETFILTER_XT_TARGET_TCPOPTSTRIP NETFILTER_XT_TARGET_TEE NETFILTER_XT_TARGET_TPROXY NETFILTER_XT_TARGET_TRACE NETLINK_DIAG NETROM NET_9P_RDMA NET_ACT_BPF NET_ACT_CONNMARK NET_ACT_CSUM NET_ACT_CT NET_ACT_CTINFO NET_ACT_GATE NET_ACT_IFE NET_ACT_IPT NET_ACT_MIRRED NET_ACT_MPLS NET_ACT_NAT NET_ACT_PEDIT NET_ACT_POLICE NET_ACT_SAMPLE NET_ACT_SIMP NET_ACT_SKBEDIT NET_ACT_SKBMOD NET_ACT_TUNNEL_KEY NET_ACT_VLAN NET_CLS_BASIC NET_CLS_BPF NET_CLS_FLOW NET_CLS_FLOWER NET_CLS_FW NET_CLS_MATCHALL NET_CLS_ROUTE4 NET_CLS_RSVP NET_CLS_RSVP6 NET_CLS_TCINDEX NET_DEVLINK NET_DROP_MONITOR NET_DSA NET_DSA_TAG_BRCM NET_DSA_TAG_BRCM_COMMON NET_DSA_TAG_BRCM_PREPEND NET_DSA_TAG_MTK NET_DSA_TAG_QCA NET_DSA_TAG_RTL4_A NET_EMATCH_CANID NET_EMATCH_CMP NET_EMATCH_IPSET NET_EMATCH_IPT NET_EMATCH_META NET_EMATCH_NBYTE NET_EMATCH_TEXT NET_EMATCH_U32 NET_FC NET_FOU NET_FOU_IP_TUNNELS NET_IFE NET_IFE_SKBMARK NET_IFE_SKBPRIO NET_IFE_SKBTCINDEX NET_IPGRE NET_IPGRE_BROADCAST NET_IPGRE_DEMUX NET_IPIP NET_IPVTI NET_KEY NET_KEY_MIGRATE NET_L3_MASTER_DEV NET_MPLS_GSO NET_NCSI NET_NSH NET_REDIRECT NET_SCH_ATM NET_SCH_CAKE NET_SCH_CBQ NET_SCH_CBS NET_SCH_CHOKE NET_SCH_CODEL NET_SCH_DRR NET_SCH_DSMARK NET_SCH_ETF NET_SCH_ETS NET_SCH_FQ NET_SCH_FQ_CODEL NET_SCH_FQ_PIE NET_SCH_GRED NET_SCH_HFSC NET_SCH_HHF NET_SCH_HTB NET_SCH_INGRESS NET_SCH_MQPRIO NET_SCH_MULTIQ NET_SCH_NETEM NET_SCH_PIE NET_SCH_PLUG NET_SCH_PRIO NET_SCH_QFQ NET_SCH_RED NET_SCH_SFB NET_SCH_SFQ NET_SCH_SKBPRIO NET_SCH_TAPRIO NET_SCH_TBF NET_SCH_TEQL NET_SOCK_MSG NET_SWITCHDEV NET_TC_SKB_EXT NET_TEAM NET_TEAM_MODE_ACTIVEBACKUP NET_TEAM_MODE_BROADCAST NET_TEAM_MODE_LOADBALANCE NET_TEAM_MODE_RANDOM NET_TEAM_MODE_ROUNDROBIN NET_UDP_TUNNEL NET_VRF NFC NFC_DIGITAL NFC_FDP NFC_HCI NFC_MRVL NFC_MRVL_USB NFC_NCI NFC_NCI_UART NFC_PN533 NFC_PN533_USB NFC_PORT100 NFC_SHDLC NFC_SIM NFSD NFSD_BLOCKLAYOUT NFSD_FLEXFILELAYOUT NFSD_PNFS NFSD_SCSILAYOUT NFSD_V2_ACL NFSD_V3 NFSD_V3_ACL NFSD_V4 NFSD_V4_2_INTER_SSC NFSD_V4_SECURITY_LABEL NFS_FSCACHE NFS_V4_1 NFS_V4_2 NFS_V4_2_READ_PLUS NFS_V4_SECURITY_LABEL NFT_BRIDGE_META NFT_BRIDGE_REJECT NFT_COMPAT NFT_CONNLIMIT NFT_COUNTER NFT_CT NFT_DUP_IPV4 NFT_DUP_IPV6 NFT_DUP_NETDEV NFT_FIB NFT_FIB_INET NFT_FIB_IPV4 NFT_FIB_IPV6 NFT_FIB_NETDEV NFT_FLOW_OFFLOAD NFT_FWD_NETDEV NFT_HASH NFT_LIMIT NFT_LOG NFT_MASQ NFT_NAT NFT_NUMGEN NFT_OBJREF NFT_OSF NFT_QUEUE NFT_QUOTA NFT_REDIR NFT_REJECT NFT_REJECT_INET NFT_REJECT_IPV4 NFT_REJECT_IPV6 NFT_REJECT_NETDEV NFT_SOCKET NFT_SYNPROXY NFT_TPROXY NFT_TUNNEL NFT_XFRM NF_CONNTRACK_AMANDA NF_CONNTRACK_BRIDGE NF_CONNTRACK_BROADCAST NF_CONNTRACK_EVENTS NF_CONNTRACK_H323 NF_CONNTRACK_LABELS NF_CONNTRACK_MARK NF_CONNTRACK_NETBIOS_NS NF_CONNTRACK_PPTP NF_CONNTRACK_PROCFS NF_CONNTRACK_SANE NF_CONNTRACK_SNMP NF_CONNTRACK_TFTP NF_CONNTRACK_TIMEOUT NF_CONNTRACK_TIMESTAMP NF_CONNTRACK_ZONES NF_CT_NETLINK_HELPER NF_CT_NETLINK_TIMEOUT NF_CT_PROTO_DCCP NF_CT_PROTO_GRE NF_CT_PROTO_SCTP NF_CT_PROTO_UDPLITE NF_DUP_IPV4 NF_DUP_IPV6 NF_DUP_NETDEV NF_FLOW_TABLE NF_FLOW_TABLE_INET NF_FLOW_TABLE_IPV4 NF_FLOW_TABLE_IPV6 NF_LOG_BRIDGE NF_LOG_COMMON NF_LOG_NETDEV NF_NAT_AMANDA NF_NAT_H323 NF_NAT_PPTP NF_NAT_REDIRECT NF_NAT_SNMP_BASIC NF_NAT_TFTP NF_SOCKET_IPV4 NF_SOCKET_IPV6 NF_TABLES NF_TABLES_ARP NF_TABLES_BRIDGE NF_TABLES_INET NF_TABLES_IPV4 NF_TABLES_IPV6 NF_TABLES_NETDEV NF_TPROXY_IPV4 NF_TPROXY_IPV6 PARTITION_ADVANCED RC_CORE RC_DEVICES RFKILL SELECT_MEMORY_MODEL SPARSEMEM_MANUAL SPI USB_GADGET USB_MUSB_HDRC VIDEO_DEV VIDEO_V4L2 WAN WATCH_QUEUE WIRELESS WLAN X25 X86_X32] disabling configs for [HANG LEAK UBSAN BUG LOCKDEP ATOMIC_SLEEP], they are not needed testing current HEAD f0ab9f34e59e0c01a1c31142e0b336245367fd86 testing commit f0ab9f34e59e0c01a1c31142e0b336245367fd86 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 87ef22fada0bc4b5264c6cb8e3ca77c8e6c924a697f8013cc4c554071826a8c9 all runs: OK false negative chance: 0.000 # git bisect start f0ab9f34e59e0c01a1c31142e0b336245367fd86 61556703b610a104de324e4f061dc6cf7b218b46 Bisecting: 108717 revisions left to test after this (roughly 17 steps) [cb7f2d05da8ff973444d7e44b9c48e7c90d63915] Merge branch 'ocelot-selftests' testing commit cb7f2d05da8ff973444d7e44b9c48e7c90d63915 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 671fb7c8737c7650ee99dd75147987999a1a556656d044af22f6d7aa0f35dd3e all runs: OK false negative chance: 0.000 # git bisect bad cb7f2d05da8ff973444d7e44b9c48e7c90d63915 Bisecting: 54161 revisions left to test after this (roughly 16 steps) [477f70cd2a67904e04c2c2b9bd0fa2e95222f2f6] Merge tag 'drm-next-2021-08-31-1' of git://anongit.freedesktop.org/drm/drm testing commit 477f70cd2a67904e04c2c2b9bd0fa2e95222f2f6 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: b6a762f214785b76a13ab06a2d548b5aa46167f2c3652c5fca5fec1b2edc86fb all runs: OK false negative chance: 0.000 # git bisect bad 477f70cd2a67904e04c2c2b9bd0fa2e95222f2f6 Bisecting: 27181 revisions left to test after this (roughly 15 steps) [d42f323a7df0b298c07313db00b44b78555ca8e6] Merge branch 'akpm' (patches from Andrew) testing commit d42f323a7df0b298c07313db00b44b78555ca8e6 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: d8aba392ceb03e94250be0c83b82f3b4045968374e62a28d9b2e8f3bd754ca93 all runs: OK false negative chance: 0.000 # git bisect bad d42f323a7df0b298c07313db00b44b78555ca8e6 Bisecting: 13577 revisions left to test after this (roughly 14 steps) [c7f57fd6b7f0a889b0f847611c9075c37dd31810] Merge v5.12-rc4 into staging-next testing commit c7f57fd6b7f0a889b0f847611c9075c37dd31810 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 034306d49e844da46d1f278160ec0224158656952a2c9e74cb9269be3dd728e7 all runs: crashed: KASAN: use-after-free Read in ieee80211_ibss_build_presp representative crash: KASAN: use-after-free Read in ieee80211_ibss_build_presp, types: [KASAN] # git bisect good c7f57fd6b7f0a889b0f847611c9075c37dd31810 Bisecting: 6115 revisions left to test after this (roughly 13 steps) [68a32ba14177d4a21c4a9a941cf1d7aea86d436f] Merge tag 'drm-next-2021-04-28' of git://anongit.freedesktop.org/drm/drm testing commit 68a32ba14177d4a21c4a9a941cf1d7aea86d436f gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 31db22d21d86e3c8d5efdf3cdf97a19cbdc5ce864c49d64dc6ad9fe1e13791c4 all runs: OK false negative chance: 0.000 # git bisect bad 68a32ba14177d4a21c4a9a941cf1d7aea86d436f Bisecting: 3678 revisions left to test after this (roughly 12 steps) [37f00ab4a003f371f81e0eae76cf372f06dec780] Merge tag 'arm-drivers-5.13' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc testing commit 37f00ab4a003f371f81e0eae76cf372f06dec780 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 8ad95756f177e9d845f8a64e381e4635e685e82a6a09db588949107b3c7d79f8 all runs: OK false negative chance: 0.000 # git bisect bad 37f00ab4a003f371f81e0eae76cf372f06dec780 Bisecting: 1884 revisions left to test after this (roughly 11 steps) [90035c28f17d59be660b9992757d09853ab203ec] Merge tag 'platform-drivers-x86-v5.13-1' of git://git.kernel.org/pub/scm/linux/kernel/git/pdx86/platform-drivers-x86 testing commit 90035c28f17d59be660b9992757d09853ab203ec gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 24667fd41b7e4244c76db782f4f11f40311393d883110e41ae28a0a16885cefa all runs: OK false negative chance: 0.000 # git bisect bad 90035c28f17d59be660b9992757d09853ab203ec Bisecting: 948 revisions left to test after this (roughly 10 steps) [f33b0e196ed7aa3dc285b26db7768c1db1eb3a41] ethtool: fix kdoc attr name testing commit f33b0e196ed7aa3dc285b26db7768c1db1eb3a41 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: a44536beedc592a247c75e592dea3c844f429257175285f2a3a880420faf946f all runs: OK false negative chance: 0.000 # git bisect bad f33b0e196ed7aa3dc285b26db7768c1db1eb3a41 Bisecting: 467 revisions left to test after this (roughly 9 steps) [a80314c327a937ff1213288adf0d11414c40a898] Merge tag 'drm-fixes-2021-04-02' of git://anongit.freedesktop.org/drm/drm testing commit a80314c327a937ff1213288adf0d11414c40a898 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 70ded0b39a6f8b4ec6ff4e7295c0ee296fc015b3a5610c335d22f0cb179b37a2 all runs: OK false negative chance: 0.000 # git bisect bad a80314c327a937ff1213288adf0d11414c40a898 Bisecting: 240 revisions left to test after this (roughly 8 steps) [2ba9bea2d3682361f0f22f68a400bcee4248c205] Merge tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma testing commit 2ba9bea2d3682361f0f22f68a400bcee4248c205 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: e9ff6b53efc0386b05ce87a8d4e709f2c360c96e65ea1ed62c9009381ef40a79 all runs: OK false negative chance: 0.000 # git bisect bad 2ba9bea2d3682361f0f22f68a400bcee4248c205 Bisecting: 117 revisions left to test after this (roughly 7 steps) [e65eaded4cc4de6bf153def9dde6b25392d9a236] Merge git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf testing commit e65eaded4cc4de6bf153def9dde6b25392d9a236 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: e760f0135537a132880c2c2cc6098a241d83e4c0f91fe4f2f7aaf6f633078a03 all runs: OK false negative chance: 0.000 # git bisect bad e65eaded4cc4de6bf153def9dde6b25392d9a236 Bisecting: 60 revisions left to test after this (roughly 6 steps) [a673321aa74fc5604643d6a4653684c0bc9fa617] selftests: mptcp: Restore packet capture option in join tests testing commit a673321aa74fc5604643d6a4653684c0bc9fa617 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 72cbd9d2bfc238b65735a805564bee5c143320d9a14a6587f0f6353e3eeed472 all runs: crashed: KASAN: use-after-free Read in ieee80211_ibss_build_presp representative crash: KASAN: use-after-free Read in ieee80211_ibss_build_presp, types: [KASAN] # git bisect good a673321aa74fc5604643d6a4653684c0bc9fa617 Bisecting: 29 revisions left to test after this (roughly 5 steps) [ce225298a0cde9e64494292bf34422553a22b68c] Merge tag 'linux-can-fixes-for-5.12-20210316' of git://git.kernel.org/pub/scm/linux/kernel/git/mkl/linux-can testing commit ce225298a0cde9e64494292bf34422553a22b68c gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: f28bd1d45672c7f0eb88aad761a847a2643219bb46e75c93148c650c1166e867 run #0: crashed: KASAN: use-after-free Read in ieee80211_ibss_build_presp run #1: crashed: KASAN: use-after-free Read in ieee80211_ibss_build_presp run #2: crashed: KASAN: use-after-free Read in ieee80211_ibss_build_presp run #3: crashed: KASAN: use-after-free Read in ieee80211_ibss_build_presp run #4: crashed: KASAN: use-after-free Read in ieee80211_ibss_build_presp run #5: crashed: KASAN: use-after-free Read in ieee80211_ibss_build_presp run #6: crashed: KASAN: use-after-free Read in ieee80211_ibss_build_presp run #7: crashed: KASAN: use-after-free Read in ieee80211_ibss_build_presp run #8: crashed: KASAN: use-after-free Read in ieee80211_ibss_build_presp run #9: crashed: KASAN: use-after-free Read in ieee80211_ibss_build_presp run #10: crashed: KASAN: use-after-free Read in ieee80211_ibss_build_presp run #11: crashed: KASAN: use-after-free Read in ieee80211_ibss_build_presp run #12: crashed: KASAN: use-after-free Read in ieee80211_ibss_build_presp run #13: crashed: KASAN: use-after-free Read in ieee80211_ibss_build_presp run #14: crashed: KASAN: use-after-free Read in ieee80211_ibss_build_presp run #15: crashed: KASAN: use-after-free Read in ieee80211_ibss_build_presp run #16: crashed: KASAN: invalid-free in ieee80211_ibss_leave run #17: crashed: KASAN: invalid-free in ieee80211_ibss_leave run #18: crashed: KASAN: use-after-free Read in ieee80211_ibss_build_presp run #19: crashed: KASAN: use-after-free Read in ieee80211_ibss_build_presp representative crash: KASAN: use-after-free Read in ieee80211_ibss_build_presp, types: [KASAN] # git bisect good ce225298a0cde9e64494292bf34422553a22b68c Bisecting: 11 revisions left to test after this (roughly 4 steps) [0692c33c9c53577d31e65065132b5c6254f97400] Merge tag 'mac80211-for-net-2021-03-17' of git://git.kernel.org/pub/scm/linux/kernel/git/jberg/mac80211 testing commit 0692c33c9c53577d31e65065132b5c6254f97400 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 2705caab25b1ad0107fb7a3b6ac560fe745881662bcbde10f984135dd52528a0 all runs: OK false negative chance: 0.000 # git bisect bad 0692c33c9c53577d31e65065132b5c6254f97400 Bisecting: 8 revisions left to test after this (roughly 3 steps) [afa536d8405a9ca36e45ba035554afbb8da27b82] net/sched: cls_flower: fix only mask bit check in the validate_ct_state testing commit afa536d8405a9ca36e45ba035554afbb8da27b82 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 13d27b9cad3a1303862d35f5dc60827e8d83fe7f8e9dae4037a0362b53d2aed3 run #0: crashed: KASAN: use-after-free Read in ieee80211_ibss_build_presp run #1: crashed: KASAN: use-after-free Read in ieee80211_ibss_build_presp run #2: crashed: KASAN: use-after-free Read in ieee80211_ibss_build_presp run #3: crashed: KASAN: use-after-free Read in ieee80211_ibss_build_presp run #4: crashed: KASAN: use-after-free Read in ieee80211_ibss_build_presp run #5: crashed: KASAN: use-after-free Read in ieee80211_ibss_build_presp run #6: crashed: KASAN: use-after-free Read in ieee80211_ibss_build_presp run #7: crashed: KASAN: use-after-free Read in ieee80211_ibss_build_presp run #8: crashed: KASAN: use-after-free Read in ieee80211_ibss_build_presp run #9: crashed: KASAN: use-after-free Read in ieee80211_ibss_build_presp run #10: crashed: KASAN: use-after-free Read in ieee80211_ibss_build_presp run #11: crashed: KASAN: use-after-free Read in ieee80211_ibss_build_presp run #12: crashed: KASAN: invalid-free in ieee80211_ibss_leave run #13: crashed: KASAN: invalid-free in ieee80211_ibss_leave run #14: crashed: KASAN: use-after-free Read in ieee80211_ibss_build_presp run #15: crashed: KASAN: use-after-free Read in ieee80211_ibss_build_presp run #16: crashed: KASAN: use-after-free Read in ieee80211_ibss_build_presp run #17: crashed: KASAN: use-after-free Read in ieee80211_ibss_build_presp run #18: crashed: KASAN: use-after-free Read in ieee80211_ibss_build_presp run #19: crashed: KASAN: use-after-free Read in ieee80211_ibss_build_presp representative crash: KASAN: use-after-free Read in ieee80211_ibss_build_presp, types: [KASAN] # git bisect good afa536d8405a9ca36e45ba035554afbb8da27b82 Bisecting: 4 revisions left to test after this (roughly 2 steps) [0f7e90faddeef53a3568f449a0c3992d77510b66] mac80211: Allow HE operation to be longer than expected. testing commit 0f7e90faddeef53a3568f449a0c3992d77510b66 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 4b64dd3844619e8118ce04fab06da68f5d84f87228f8c256b7da6b2d2c6d6010 all runs: OK false negative chance: 0.000 # git bisect bad 0f7e90faddeef53a3568f449a0c3992d77510b66 Bisecting: 1 revision left to test after this (roughly 1 step) [3bd801b14e0c5d29eeddc7336558beb3344efaa3] mac80211: fix double free in ibss_leave testing commit 3bd801b14e0c5d29eeddc7336558beb3344efaa3 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: e824684f6f4c2981e2f1a996a42d4fd0b16586d062b586a4c4047d0067bc82d0 all runs: OK false negative chance: 0.000 # git bisect bad 3bd801b14e0c5d29eeddc7336558beb3344efaa3 Bisecting: 0 revisions left to test after this (roughly 0 steps) [1944015fe9c1d9fa5e9eb7ffbbb5ef8954d6753b] mac80211: fix rate mask reset testing commit 1944015fe9c1d9fa5e9eb7ffbbb5ef8954d6753b gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: e36b1a22fd1f073468d79c292eae0c12d7bd61e625db3e3a3a73214f03f9f7ed all runs: crashed: KASAN: use-after-free Read in ieee80211_ibss_build_presp representative crash: KASAN: use-after-free Read in ieee80211_ibss_build_presp, types: [KASAN] # git bisect good 1944015fe9c1d9fa5e9eb7ffbbb5ef8954d6753b 3bd801b14e0c5d29eeddc7336558beb3344efaa3 is the first bad commit commit 3bd801b14e0c5d29eeddc7336558beb3344efaa3 Author: Markus Theil Date: Sat Feb 13 14:36:53 2021 +0100 mac80211: fix double free in ibss_leave Clear beacon ie pointer and ie length after free in order to prevent double free. ================================================================== BUG: KASAN: double-free or invalid-free \ in ieee80211_ibss_leave+0x83/0xe0 net/mac80211/ibss.c:1876 CPU: 0 PID: 8472 Comm: syz-executor100 Not tainted 5.11.0-rc6-syzkaller #0 Call Trace: __dump_stack lib/dump_stack.c:79 [inline] dump_stack+0x107/0x163 lib/dump_stack.c:120 print_address_description.constprop.0.cold+0x5b/0x2c6 mm/kasan/report.c:230 kasan_report_invalid_free+0x51/0x80 mm/kasan/report.c:355 ____kasan_slab_free+0xcc/0xe0 mm/kasan/common.c:341 kasan_slab_free include/linux/kasan.h:192 [inline] __cache_free mm/slab.c:3424 [inline] kfree+0xed/0x270 mm/slab.c:3760 ieee80211_ibss_leave+0x83/0xe0 net/mac80211/ibss.c:1876 rdev_leave_ibss net/wireless/rdev-ops.h:545 [inline] __cfg80211_leave_ibss+0x19a/0x4c0 net/wireless/ibss.c:212 __cfg80211_leave+0x327/0x430 net/wireless/core.c:1172 cfg80211_leave net/wireless/core.c:1221 [inline] cfg80211_netdev_notifier_call+0x9e8/0x12c0 net/wireless/core.c:1335 notifier_call_chain+0xb5/0x200 kernel/notifier.c:83 call_netdevice_notifiers_info+0xb5/0x130 net/core/dev.c:2040 call_netdevice_notifiers_extack net/core/dev.c:2052 [inline] call_netdevice_notifiers net/core/dev.c:2066 [inline] __dev_close_many+0xee/0x2e0 net/core/dev.c:1586 __dev_close net/core/dev.c:1624 [inline] __dev_change_flags+0x2cb/0x730 net/core/dev.c:8476 dev_change_flags+0x8a/0x160 net/core/dev.c:8549 dev_ifsioc+0x210/0xa70 net/core/dev_ioctl.c:265 dev_ioctl+0x1b1/0xc40 net/core/dev_ioctl.c:511 sock_do_ioctl+0x148/0x2d0 net/socket.c:1060 sock_ioctl+0x477/0x6a0 net/socket.c:1177 vfs_ioctl fs/ioctl.c:48 [inline] __do_sys_ioctl fs/ioctl.c:753 [inline] __se_sys_ioctl fs/ioctl.c:739 [inline] __x64_sys_ioctl+0x193/0x200 fs/ioctl.c:739 do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x44/0xa9 Reported-by: syzbot+93976391bf299d425f44@syzkaller.appspotmail.com Signed-off-by: Markus Theil Link: https://lore.kernel.org/r/20210213133653.367130-1-markus.theil@tu-ilmenau.de Signed-off-by: Johannes Berg net/mac80211/ibss.c | 2 ++ 1 file changed, 2 insertions(+) accumulated error probability: 0.00 culprit signature: e824684f6f4c2981e2f1a996a42d4fd0b16586d062b586a4c4047d0067bc82d0 parent signature: e36b1a22fd1f073468d79c292eae0c12d7bd61e625db3e3a3a73214f03f9f7ed revisions tested: 26, total time: 6h39m19.702671581s (build: 2h33m28.256846477s, test: 3h54m51.605750813s) first good commit: 3bd801b14e0c5d29eeddc7336558beb3344efaa3 mac80211: fix double free in ibss_leave recipients (to): ["johannes.berg@intel.com" "markus.theil@tu-ilmenau.de"] recipients (cc): []