ci starts bisection 2023-01-20 12:37:05.644214687 +0000 UTC m=+76377.249611300 bisecting cause commit starting from e4cf7c25bae5c3b5089a3c23a897f450149caef2 building syzkaller on ab32d50881df9f96f2af301aadca62ad00b7e099 ensuring issue is reproducible on original commit e4cf7c25bae5c3b5089a3c23a897f450149caef2 testing commit e4cf7c25bae5c3b5089a3c23a897f450149caef2 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: d1a6e713f2bd28169ecb83652631a6bc6d6b746c11c1cbec5924755bd6cb12c8 all runs: crashed: WARNING in get_vaddr_frames testing release v6.1 testing commit 830b3c68c1fb1e9176028d02ef86f3cf76aa2476 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 5efcc016dcd7c46048d10069400f83f47cce44279d8c82347f945f5e5edae1c6 all runs: crashed: WARNING in get_vaddr_frames testing release v6.0 testing commit 4fe89d07dcc2804c8b562f6c7896a45643d34b2f gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: f1ec32941bcba3478adab7fac8ec8a1271958ef96283907cf887832fcf64d2f4 all runs: OK # git bisect start 830b3c68c1fb1e9176028d02ef86f3cf76aa2476 4fe89d07dcc2804c8b562f6c7896a45643d34b2f Bisecting: 7514 revisions left to test after this (roughly 13 steps) [33e591dee915832c618cf68bb1058c8e7d296128] Merge tag 'phy-for-6.1' of git://git.kernel.org/pub/scm/linux/kernel/git/phy/linux-phy testing commit 33e591dee915832c618cf68bb1058c8e7d296128 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 17aca7a31cf9955e3a2a0e41f234d3ae01afeae3e0627a3e33a7ba86742528ee all runs: OK # git bisect good 33e591dee915832c618cf68bb1058c8e7d296128 Bisecting: 3770 revisions left to test after this (roughly 12 steps) [de492c83cae0af72de370b9404aacda93dafcad5] prandom: remove unused functions testing commit de492c83cae0af72de370b9404aacda93dafcad5 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: c5f4215939676a25f3710b65ae4920558989a5bb559f6ead35dbc68a5e3ea3ea all runs: boot failed: WARNING in cpumask_next_wrap # git bisect skip de492c83cae0af72de370b9404aacda93dafcad5 Bisecting: 3770 revisions left to test after this (roughly 12 steps) [8e77860c62b6eac8bb5b567efe6b8cd232d5f72f] cifs: drop the lease for cached directories on rmdir or rename testing commit 8e77860c62b6eac8bb5b567efe6b8cd232d5f72f gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 4887da1fcda87745f3a3c9ff23adba439898dab78d788bf1da4633bd0c75322c all runs: boot failed: WARNING in __netif_set_xps_queue # git bisect skip 8e77860c62b6eac8bb5b567efe6b8cd232d5f72f Bisecting: 3770 revisions left to test after this (roughly 12 steps) [fcab9b441d2d0e08f55654a4adf2d51cd4680469] mm: remove EXPERIMENTAL flag for zswap testing commit fcab9b441d2d0e08f55654a4adf2d51cd4680469 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 6fcc3f262ff8762592ddd01cf7f55303256ac28d95155be61c094c8e4d349958 all runs: OK # git bisect good fcab9b441d2d0e08f55654a4adf2d51cd4680469 Bisecting: 3711 revisions left to test after this (roughly 12 steps) [f311d498be8f1aa49d5cfca0b18d6db4f77845b7] Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm testing commit f311d498be8f1aa49d5cfca0b18d6db4f77845b7 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: a1f047a241c5f33ffb249ca6490a412f1700442502a2d44a84937e7f81140c35 all runs: boot failed: WARNING in cpumask_next_wrap # git bisect skip f311d498be8f1aa49d5cfca0b18d6db4f77845b7 Bisecting: 3711 revisions left to test after this (roughly 12 steps) [4d1632151bde847230a0bd2318806380d309655f] leds: pca963: fix misleading indentation testing commit 4d1632151bde847230a0bd2318806380d309655f gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 1f7fff550299a53537d5b09b4be0e431309db63f20c9458c6a67f5bc0584b515 run #0: boot failed: general protection fault in netdev_queue_update_kobjects run #1: boot failed: general protection fault in driver_register run #2: boot failed: general protection fault in driver_register run #3: boot failed: kernel BUG in __phys_addr run #4: boot failed: BUG: unable to handle kernel paging request in kernel_execve run #5: boot failed: general protection fault in timerqueue_del run #6: boot failed: general protection fault in getname_kernel run #7: boot failed: general protection fault in driver_register run #8: boot failed: BUG: unable to handle kernel paging request in copy_namespaces run #9: boot failed: WARNING in copy_process # git bisect skip 4d1632151bde847230a0bd2318806380d309655f Bisecting: 3711 revisions left to test after this (roughly 12 steps) [61db3d7b99a367416e489ccf764cc5f9b00d62a1] net/mlx5: Fix FW tracer timestamp calculation testing commit 61db3d7b99a367416e489ccf764cc5f9b00d62a1 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: f45bea98ec20b2ae758a9e4d4097ae218013079d8c2a2d7a1fcf6e5e2868779d all runs: OK # git bisect good 61db3d7b99a367416e489ccf764cc5f9b00d62a1 Bisecting: 493 revisions left to test after this (roughly 9 steps) [e3ebac80b6e9efe47b0ac3bf4b2d800b0b1958ff] Merge tag 's390-6.1-6' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux testing commit e3ebac80b6e9efe47b0ac3bf4b2d800b0b1958ff gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 8b532d58930f8fdf0a1f12d037e9e96a5d391e6c586d6c7be9fce880f16b21c0 all runs: OK # git bisect good e3ebac80b6e9efe47b0ac3bf4b2d800b0b1958ff Bisecting: 246 revisions left to test after this (roughly 8 steps) [8948876335b1752176afdff8e704099a3ea0f6e6] net: dsa: sja1105: Check return value testing commit 8948876335b1752176afdff8e704099a3ea0f6e6 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 18d9e6f21087eb4e916882fabbc23e3f3b9c190865743067fb9b0c8bf4591eea all runs: OK # git bisect good 8948876335b1752176afdff8e704099a3ea0f6e6 Bisecting: 123 revisions left to test after this (roughly 7 steps) [5b3e0cd872b09c3c771e19464db9dfc20972c39f] Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm testing commit 5b3e0cd872b09c3c771e19464db9dfc20972c39f gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: b4b9230a4feae6274557b2715a9a5c66f5ff116e3b5f27a86190a7711889c5ab all runs: crashed: WARNING in get_vaddr_frames # git bisect bad 5b3e0cd872b09c3c771e19464db9dfc20972c39f Bisecting: 63 revisions left to test after this (roughly 6 steps) [66065157420c5b9b3f078f43d313c153e1ff7f83] x86/bugs: Make sure MSR_SPEC_CTRL is updated properly upon resume from S3 testing commit 66065157420c5b9b3f078f43d313c153e1ff7f83 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: a15d78652496be16b41bdbe85b3bad743df140ac726a65fb9e5fb67ec27ec81b all runs: crashed: WARNING in get_vaddr_frames # git bisect bad 66065157420c5b9b3f078f43d313c153e1ff7f83 Bisecting: 35 revisions left to test after this (roughly 5 steps) [6647e76ab623b2b3fb2efe03a86e9c9046c52c33] v4l2: don't fall back to follow_pfn() if pin_user_pages_fast() fails testing commit 6647e76ab623b2b3fb2efe03a86e9c9046c52c33 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 61548cbfadad30bf5b1a98a32ed7bc235440f1031ec547a5398983b2f4fdf063 all runs: crashed: WARNING in get_vaddr_frames # git bisect bad 6647e76ab623b2b3fb2efe03a86e9c9046c52c33 Bisecting: 11 revisions left to test after this (roughly 4 steps) [063c0e773ab33103407a76051821777014b756fe] Merge tag 'clk-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/clk/linux testing commit 063c0e773ab33103407a76051821777014b756fe gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 269fc606824f3b63914e74f46c901645dcd62923b4d7ec758ff36a7c0c7d838a all runs: OK # git bisect good 063c0e773ab33103407a76051821777014b756fe Bisecting: 5 revisions left to test after this (roughly 3 steps) [7dec14537c5906b8bf40fd6fd6d9c3850f8df11d] hwmon: (coretemp) fix pci device refcount leak in nv1a_ram_new() testing commit 7dec14537c5906b8bf40fd6fd6d9c3850f8df11d gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: eeacc7d91948e412483ac6180f4f7b68d7186dd76c922dc7a706054e0a2ab7d6 all runs: OK # git bisect good 7dec14537c5906b8bf40fd6fd6d9c3850f8df11d Bisecting: 1 revision left to test after this (roughly 2 steps) [355479c70a489415ef6e2624e514f8f15a40861b] Merge tag 'efi-fixes-for-v6.1-4' of git://git.kernel.org/pub/scm/linux/kernel/git/efi/efi testing commit 355479c70a489415ef6e2624e514f8f15a40861b gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: a5853670ca583edffa470984ec4d50737227f8f3379af509d2d9a25cabdd6553 all runs: OK # git bisect good 355479c70a489415ef6e2624e514f8f15a40861b Bisecting: 0 revisions left to test after this (roughly 0 steps) [a4412fdd49dc011bcc2c0d81ac4cab7457092650] error-injection: Add prompt for function error injection testing commit a4412fdd49dc011bcc2c0d81ac4cab7457092650 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: d5d988c2125da9a5c6491ba6cab474c22a6cbfad836d489f5ade0922e33ea895 all runs: OK # git bisect good a4412fdd49dc011bcc2c0d81ac4cab7457092650 6647e76ab623b2b3fb2efe03a86e9c9046c52c33 is the first bad commit commit 6647e76ab623b2b3fb2efe03a86e9c9046c52c33 Author: Linus Torvalds Date: Wed Nov 30 16:10:52 2022 -0800 v4l2: don't fall back to follow_pfn() if pin_user_pages_fast() fails The V4L2_MEMORY_USERPTR interface is long deprecated and shouldn't be used (and is discouraged for any modern v4l drivers). And Seth Jenkins points out that the fallback to VM_PFNMAP/VM_IO is fundamentally racy and dangerous. Note that it's not even a case that should trigger, since any normal user pointer logic ends up just using the pin_user_pages_fast() call that does the proper page reference counting. That's not the problem case, only if you try to use special device mappings do you have any issues. Normally I'd just remove this during the merge window, but since Seth pointed out the problem cases, we really want to know as soon as possible if there are actually any users of this odd special case of a legacy interface. Neither Hans nor Mauro seem to think that such mis-uses of the old legacy interface should exist. As Mauro says: "See, V4L2 has actually 4 streaming APIs: - Kernel-allocated mmap (usually referred simply as just mmap); - USERPTR mmap; - read(); - dmabuf; The USERPTR is one of the oldest way to use it, coming from V4L version 1 times, and by far the least used one" And Hans chimed in on the USERPTR interface: "To be honest, I wouldn't mind if it goes away completely, but that's a bit of a pipe dream right now" but while removing this legacy interface entirely may be a pipe dream we can at least try to remove the unlikely (and actively broken) case of using special device mappings for USERPTR accesses. This replaces it with a WARN_ONCE() that we can remove once we've hopefully confirmed that no actual users exist. NOTE! Longer term, this means that a 'struct frame_vector' only ever contains proper page pointers, and all the games we have with converting them to pages can go away (grep for 'frame_vector_to_pages()' and the uses of 'vec->is_pfns'). But this is just the first step, to verify that this code really is all dead, and do so as quickly as possible. Reported-by: Seth Jenkins Acked-by: Hans Verkuil Acked-by: Mauro Carvalho Chehab Cc: David Hildenbrand Cc: Jan Kara Signed-off-by: Linus Torvalds drivers/media/common/videobuf2/frame_vector.c | 68 +++++---------------------- 1 file changed, 12 insertions(+), 56 deletions(-) culprit signature: 61548cbfadad30bf5b1a98a32ed7bc235440f1031ec547a5398983b2f4fdf063 parent signature: d5d988c2125da9a5c6491ba6cab474c22a6cbfad836d489f5ade0922e33ea895 revisions tested: 19, total time: 5h22m36.597080938s (build: 2h58m49.93986655s, test: 2h20m7.919995919s) first bad commit: 6647e76ab623b2b3fb2efe03a86e9c9046c52c33 v4l2: don't fall back to follow_pfn() if pin_user_pages_fast() fails recipients (to): ["hverkuil@xs4all.nl" "mchehab@kernel.org" "torvalds@linux-foundation.org"] recipients (cc): [] crash: WARNING in get_vaddr_frames ------------[ cut here ]------------ get_vaddr_frames() cannot follow VM_IO mapping WARNING: CPU: 1 PID: 4173 at drivers/media/common/videobuf2/frame_vector.c:59 get_vaddr_frames drivers/media/common/videobuf2/frame_vector.c:59 [inline] WARNING: CPU: 1 PID: 4173 at drivers/media/common/videobuf2/frame_vector.c:59 get_vaddr_frames+0x1ac/0x1c0 drivers/media/common/videobuf2/frame_vector.c:35 Modules linked in: CPU: 1 PID: 4173 Comm: syz-executor.0 Not tainted 6.1.0-rc7-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023 RIP: 0010:get_vaddr_frames drivers/media/common/videobuf2/frame_vector.c:59 [inline] RIP: 0010:get_vaddr_frames+0x1ac/0x1c0 drivers/media/common/videobuf2/frame_vector.c:35 Code: ff 89 44 24 04 e8 94 17 c4 fb 8b 44 24 04 e9 e6 fe ff ff 48 c7 c7 80 75 2f 8a 89 44 24 04 c6 05 51 e8 58 07 01 e8 fa cb dc 02 <0f> 0b 8b 44 24 04 e9 41 ff ff ff 66 0f 1f 84 00 00 00 00 00 48 b8 RSP: 0018:ffffc9000503f898 EFLAGS: 00010286 RAX: 0000000000000000 RBX: ffff888073cdf000 RCX: 0000000000000000 RDX: 0000000000000001 RSI: 0000000000000004 RDI: fffff52000a07f05 RBP: ffff888073cdf004 R08: 0000000000000001 R09: ffff8880b9b2896b R10: ffffed101736512d R11: 0000000000000000 R12: ffff888073cdf000 R13: 0000000000000001 R14: 0000000000096000 R15: 0000000000000000 FS: 00007fd1ee5cf700(0000) GS:ffff8880b9b00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000056436efe2048 CR3: 000000007a710000 CR4: 0000000000350ee0 Call Trace: vb2_create_framevec+0x4c/0x90 drivers/media/common/videobuf2/videobuf2-memops.c:50 vb2_vmalloc_get_userptr+0x116/0x460 drivers/media/common/videobuf2/videobuf2-vmalloc.c:88 __prepare_userptr+0x736/0x17c0 drivers/media/common/videobuf2/videobuf2-core.c:1159 __buf_prepare+0x4b4/0x650 drivers/media/common/videobuf2/videobuf2-core.c:1401 vb2_core_prepare_buf+0xb5/0x210 drivers/media/common/videobuf2/videobuf2-core.c:1540 v4l2_m2m_prepare_buf+0xad/0x170 drivers/media/v4l2-core/v4l2-mem2mem.c:823 __video_do_ioctl+0x97d/0xbe0 drivers/media/v4l2-core/v4l2-ioctl.c:3037 video_usercopy+0x508/0x1360 drivers/media/v4l2-core/v4l2-ioctl.c:3384 v4l2_ioctl+0x18e/0x210 drivers/media/v4l2-core/v4l2-dev.c:364 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:870 [inline] __se_sys_ioctl fs/ioctl.c:856 [inline] __x64_sys_ioctl+0x123/0x190 fs/ioctl.c:856 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd RIP: 0033:0x7fd1ed88c0a9 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007fd1ee5cf168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 00007fd1ed9abf80 RCX: 00007fd1ed88c0a9 RDX: 0000000020000300 RSI: 00000000c058565d RDI: 0000000000000003 RBP: 00007fd1ed8e7ae9 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffe57c9727f R14: 00007fd1ee5cf300 R15: 0000000000022000