bisecting fixing commit since e2aed161fc26f9e03ffceec742d85800df22b772 building syzkaller on 49ca1f59e37fcf63dc38a6bd2b60fcc47a0a708e testing commit e2aed161fc26f9e03ffceec742d85800df22b772 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 0b36a84f100cc69fa80e6a2387dd7d388d25d62488db0b7747155bbffec5ec38 all runs: crashed: KASAN: invalid-free in bitmap_free testing current HEAD a1bb21475ef824497ddc8a714f6a0636fafab17f testing commit a1bb21475ef824497ddc8a714f6a0636fafab17f compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 2369bc0d6d8411d605575c60a62c028b6527bd67bb3275b18fc3cc0bb672d5e9 all runs: OK # git bisect start a1bb21475ef824497ddc8a714f6a0636fafab17f e2aed161fc26f9e03ffceec742d85800df22b772 Bisecting: 198 revisions left to test after this (roughly 8 steps) [c058c544e73acabc527bf72ec1ccbb2a2581c291] selftests: net: Correct ping6 expected rc from 2 to 1 testing commit c058c544e73acabc527bf72ec1ccbb2a2581c291 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: dca33b54f1eadd240d5a8b1ec072c80e275dda88c21ca52d187a43403229f78d all runs: crashed: KASAN: invalid-free in bitmap_free # git bisect good c058c544e73acabc527bf72ec1ccbb2a2581c291 Bisecting: 99 revisions left to test after this (roughly 7 steps) [fa2e149260bf90bbbe83dbc1ed9c9113d13d3afd] hwmon: (lm90) Fix usage of CONFIG2 register in detect function testing commit fa2e149260bf90bbbe83dbc1ed9c9113d13d3afd compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 978c892c41d9196620350608a2dafaabc37a79ceb36021ff4ece9cf84b553068 all runs: OK # git bisect bad fa2e149260bf90bbbe83dbc1ed9c9113d13d3afd Bisecting: 49 revisions left to test after this (roughly 6 steps) [a9f2c6af5a601a2e2bf40e5561bedc87a44d9649] timekeeping: Really make sure wall_to_monotonic isn't positive testing commit a9f2c6af5a601a2e2bf40e5561bedc87a44d9649 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 1c9352dec51fda0046bb92d19d55ad5e432c5afb34b750d592d89756fe5041e5 all runs: OK # git bisect bad a9f2c6af5a601a2e2bf40e5561bedc87a44d9649 Bisecting: 24 revisions left to test after this (roughly 5 steps) [1a34fb9e2bf3029f7c0882069d67ff69cbd645d8] netdevsim: Zero-initialize memory for new map's value in function nsim_bpf_map_alloc testing commit 1a34fb9e2bf3029f7c0882069d67ff69cbd645d8 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 1f4d71fc6eba6e979f95a3e7265c5096bc24fec0a71cd544ff76935a20f6e0e0 all runs: crashed: KASAN: invalid-free in bitmap_free # git bisect good 1a34fb9e2bf3029f7c0882069d67ff69cbd645d8 Bisecting: 12 revisions left to test after this (roughly 4 steps) [fd623e16b2ff83ce8579f1ce11ad5f2debeabfbb] tty: n_hdlc: make n_hdlc_tty_wakeup() asynchronous testing commit fd623e16b2ff83ce8579f1ce11ad5f2debeabfbb compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: b27af834433c27c358b75fcfc5feb8afef64ee9431366e0147de3306a3eecb3a all runs: OK # git bisect bad fd623e16b2ff83ce8579f1ce11ad5f2debeabfbb Bisecting: 5 revisions left to test after this (roughly 3 steps) [6f46c59e60b64620d5d386c8ee2eaa11ebe3b595] sit: do not call ipip6_dev_free() from sit_init_net() testing commit 6f46c59e60b64620d5d386c8ee2eaa11ebe3b595 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: e9e37887e2f850514fcbde1a718f8b1d0df49208a8074d8d9b9483ce1e0c4083 all runs: OK # git bisect bad 6f46c59e60b64620d5d386c8ee2eaa11ebe3b595 Bisecting: 2 revisions left to test after this (roughly 2 steps) [337bb7bf7c31e7a4a883054775db169e20e3723b] net: Fix double 0x prefix print in SKB dump testing commit 337bb7bf7c31e7a4a883054775db169e20e3723b compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: eabf7fdeb6b40ed6135f375e5fee47758c98e923ba1da21887b4e6e1c947e497 all runs: OK # git bisect bad 337bb7bf7c31e7a4a883054775db169e20e3723b Bisecting: 0 revisions left to test after this (roughly 1 step) [734a3f3106053ee41cecae2a995b3d4d0c246764] sfc_ef100: potential dereference of null pointer testing commit 734a3f3106053ee41cecae2a995b3d4d0c246764 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: f48037ccb900fc439e08ad61ff23bbd69de579e9af30edc88e5afb562254ee9f all runs: OK # git bisect bad 734a3f3106053ee41cecae2a995b3d4d0c246764 Bisecting: 0 revisions left to test after this (roughly 0 steps) [7da349f07e457cad135df0920a3f670e423fb5e9] net/packet: rx_owner_map depends on pg_vec testing commit 7da349f07e457cad135df0920a3f670e423fb5e9 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 440ec53ce38b6ab7f5a464dcd5bed2fede5ab1e67d4ec3f019e9abf3861f2eb6 all runs: OK # git bisect bad 7da349f07e457cad135df0920a3f670e423fb5e9 7da349f07e457cad135df0920a3f670e423fb5e9 is the first bad commit commit 7da349f07e457cad135df0920a3f670e423fb5e9 Author: Willem de Bruijn Date: Wed Dec 15 09:39:37 2021 -0500 net/packet: rx_owner_map depends on pg_vec [ Upstream commit ec6af094ea28f0f2dda1a6a33b14cd57e36a9755 ] Packet sockets may switch ring versions. Avoid misinterpreting state between versions, whose fields share a union. rx_owner_map is only allocated with a packet ring (pg_vec) and both are swapped together. If pg_vec is NULL, meaning no packet ring was allocated, then neither was rx_owner_map. And the field may be old state from a tpacket_v3. Fixes: 61fad6816fc1 ("net/packet: tpacket_rcv: avoid a producer race condition") Reported-by: Syzbot Signed-off-by: Willem de Bruijn Reviewed-by: Eric Dumazet Link: https://lore.kernel.org/r/20211215143937.106178-1-willemdebruijn.kernel@gmail.com Signed-off-by: Jakub Kicinski Signed-off-by: Sasha Levin net/packet/af_packet.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) culprit signature: 440ec53ce38b6ab7f5a464dcd5bed2fede5ab1e67d4ec3f019e9abf3861f2eb6 parent signature: 1f4d71fc6eba6e979f95a3e7265c5096bc24fec0a71cd544ff76935a20f6e0e0 revisions tested: 11, total time: 1h54m10.906838705s (build: 1h4m24.275068529s, test: 48m16.032118499s) first good commit: 7da349f07e457cad135df0920a3f670e423fb5e9 net/packet: rx_owner_map depends on pg_vec recipients (to): ["edumazet@google.com" "kuba@kernel.org" "sashal@kernel.org" "willemb@google.com"] recipients (cc): []