ci starts bisection 2022-12-25 03:59:40.708165455 +0000 UTC m=+195989.031347639
bisecting fixing commit since 200e340f2196d7fd427a5810d06e893b932f145a
building syzkaller on a6201f1167d158d5a0538c3d29bc3b2bebb0a4fd
ensuring issue is reproducible on original commit 200e340f2196d7fd427a5810d06e893b932f145a

testing commit 200e340f2196d7fd427a5810d06e893b932f145a gcc
compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: b7a9fef96416398d2cbf4e5999fae6abb8b7926fbbad67c50af4be8d9b06abe1
all runs: crashed: WARNING in bpf_cgroup_link_release
testing current HEAD 72a85e2b0a1e1e6fb4ee51ae902730212b2de25c
testing commit 72a85e2b0a1e1e6fb4ee51ae902730212b2de25c gcc
compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: ff6da260aa98fa2a05c121c8adcb2e2e4ffe21ba3e97b3f61c62e15978eb66ed
all runs: OK
# git bisect start 72a85e2b0a1e1e6fb4ee51ae902730212b2de25c 200e340f2196d7fd427a5810d06e893b932f145a
Bisecting: 21695 revisions left to test after this (roughly 14 steps)
[29926f1cd3535f565f200430d5b6a794543fe130] fbdev: mb862xx: Fix check of return value from irq_of_parse_and_map()

testing commit 29926f1cd3535f565f200430d5b6a794543fe130 gcc
compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 30b875c124820b5b9079c3b2a27d6027bf922ed4ef1e4c4aec51c6c04fb62d34
run #0: basic kernel testing failed: BUG: program execution failed: executor NUM: failed to write control pipe: write |NUM: broken pipe
run #1: OK
run #2: OK
run #3: OK
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
# git bisect bad 29926f1cd3535f565f200430d5b6a794543fe130
Bisecting: 10809 revisions left to test after this (roughly 13 steps)
[786da5da5671c2d4cf812fe1ccc980bdde30c69e] Merge tag 'ceph-for-5.20-rc1' of https://github.com/ceph/ceph-client

testing commit 786da5da5671c2d4cf812fe1ccc980bdde30c69e gcc
compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 19e0fca305f139789d61c555feccb2444f2372d0402e1de2e18bf511f27b6c7f
all runs: basic kernel testing failed: WARNING in mgmt_index_removed
# git bisect skip 786da5da5671c2d4cf812fe1ccc980bdde30c69e
Bisecting: 10809 revisions left to test after this (roughly 13 steps)
[9efd64972443de860811269f2a98c93b90967e93] media: saa7164: Fix typo 'the the' in comment

testing commit 9efd64972443de860811269f2a98c93b90967e93 gcc
compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 8278cf14c37cc5085aba810861553484ca5205a6c7ed737172b8836f276bc0e6
run #0: boot failed: possible deadlock in vivid_update_format_cap
run #1: boot failed: general protection fault in netdev_queue_update_kobjects
run #2: boot failed: general protection fault in netdev_queue_update_kobjects
run #3: boot failed: general protection fault in netdev_queue_update_kobjects
run #4: boot failed: general protection fault in driver_register
run #5: boot failed: general protection fault in driver_register
run #6: boot failed: general protection fault in netdev_queue_update_kobjects
run #7: boot failed: general protection fault in netdev_queue_update_kobjects
run #8: boot failed: general protection fault in netdev_queue_update_kobjects
run #9: boot failed: BUG: unable to handle kernel paging request in kernel_execve
# git bisect skip 9efd64972443de860811269f2a98c93b90967e93
Bisecting: 10809 revisions left to test after this (roughly 13 steps)
[c167ee1f75ca5947bafe93ab23b007cb243e5f4a] drm/ingenic: Don't request full modeset if property is not modified

testing commit c167ee1f75ca5947bafe93ab23b007cb243e5f4a gcc
compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 2cbf4a4eb05316d823f9d6c7f832603a5ebe563aebf46b5e26ffbeef6ad6160e
all runs: crashed: WARNING in bpf_cgroup_link_release
# git bisect good c167ee1f75ca5947bafe93ab23b007cb243e5f4a
Bisecting: 10590 revisions left to test after this (roughly 13 steps)
[79956b83ed4281c35561c39254558092d96a9ed1] ice: Ignore error message when setting same promiscuous mode

testing commit 79956b83ed4281c35561c39254558092d96a9ed1 gcc
compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 6123c3f2c01ec98cc91bed9bde70debce9a4315838b972911ea01c05a0b2ce9b
all runs: OK
# git bisect bad 79956b83ed4281c35561c39254558092d96a9ed1
Bisecting: 5545 revisions left to test after this (roughly 12 steps)
[f0a892f599c46af673e47418c47c15e69a7b67f4] drm/amd/amdgpu: fix build failure due to implicit declaration

testing commit f0a892f599c46af673e47418c47c15e69a7b67f4 gcc
compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: a632585f049c77cc1692648fd0dd255fe04c092db17ea7a93b8e43ecabd8d949
all runs: basic kernel testing failed: WARNING in mgmt_index_removed
# git bisect skip f0a892f599c46af673e47418c47c15e69a7b67f4
Bisecting: 5545 revisions left to test after this (roughly 12 steps)
[d5770daef62d2e4d33015089bab392ef867fd35a] ASoC: SOF: compress: Dynamically allocate pcm params struct

testing commit d5770daef62d2e4d33015089bab392ef867fd35a gcc
compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: e71ece56ab4423858b1377baa6b79495b2f360651963563530eddbbe47bda773
run #0: crashed: WARNING in bpf_cgroup_link_release
run #1: crashed: WARNING in bpf_cgroup_link_release
run #2: crashed: WARNING in bpf_cgroup_link_release
run #3: crashed: WARNING in bpf_cgroup_link_release
run #4: crashed: WARNING in bpf_cgroup_link_release
run #5: crashed: WARNING in bpf_cgroup_link_release
run #6: crashed: WARNING in bpf_cgroup_link_release
run #7: boot failed: INFO: task hung in hwrng_register
run #8: boot failed: INFO: task hung in hwrng_register
run #9: boot failed: INFO: task hung in hwrng_register
# git bisect good d5770daef62d2e4d33015089bab392ef867fd35a
Bisecting: 4940 revisions left to test after this (roughly 12 steps)
[723c188d5cd42a07344f997b0b7e1d83b4173c8d] Merge tag 'staging-6.0-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging

testing commit 723c188d5cd42a07344f997b0b7e1d83b4173c8d gcc
compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 904e0a9caab2c1b2dce23646dff04dbdba0b3ed5f0da8f2ee58cec8ac6f06368
run #0: basic kernel testing failed: BUG: program execution failed: executor NUM: failed to write control pipe: write |NUM: broken pipe
run #1: basic kernel testing failed: WARNING in mgmt_index_removed
run #2: basic kernel testing failed: WARNING in mgmt_index_removed
run #3: basic kernel testing failed: WARNING in mgmt_index_removed
run #4: basic kernel testing failed: WARNING in mgmt_index_removed
run #5: basic kernel testing failed: WARNING in mgmt_index_removed
run #6: basic kernel testing failed: WARNING in mgmt_index_removed
run #7: basic kernel testing failed: WARNING in mgmt_index_removed
run #8: basic kernel testing failed: WARNING in mgmt_index_removed
run #9: basic kernel testing failed: WARNING in mgmt_index_removed
# git bisect skip 723c188d5cd42a07344f997b0b7e1d83b4173c8d
Bisecting: 4940 revisions left to test after this (roughly 12 steps)
[df5d4b616ee76abc97e5bd348e22659c2b095b1c] powerpc/cell/axon_msi: Fix refcount leak in setup_msi_msg_address

testing commit df5d4b616ee76abc97e5bd348e22659c2b095b1c gcc
compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 4792b44e6e80d9cf96ab489ad2dc4a4a17cdec1f7a4f81105f2446ac5b1965f0
all runs: crashed: WARNING in bpf_cgroup_link_release
# git bisect good df5d4b616ee76abc97e5bd348e22659c2b095b1c
Bisecting: 4945 revisions left to test after this (roughly 12 steps)
[78acd4ca433425e6dd4032cfc2156c60e34931f2] usb: cdns3: Don't use priv_dev uninitialized in cdns3_gadget_ep_enable()

testing commit 78acd4ca433425e6dd4032cfc2156c60e34931f2 gcc
compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 153ae711aac84afa25dac814ce832e7451b0b875eab4a68d731f665e0a3ed331
all runs: basic kernel testing failed: WARNING in mgmt_index_removed
# git bisect skip 78acd4ca433425e6dd4032cfc2156c60e34931f2
Bisecting: 4945 revisions left to test after this (roughly 12 steps)
[f56866c486fa8e092d9cc52d45f65b8f07a2f96a] net: phylink: add QSGMII support to phylink_mii_c22_pcs_encode_advertisement()

testing commit f56866c486fa8e092d9cc52d45f65b8f07a2f96a gcc
compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 2921e9d55cc802d28cc08dfabfd774fdbf43a52173d4fb4f954076b4df1569ad
all runs: OK
# git bisect bad f56866c486fa8e092d9cc52d45f65b8f07a2f96a
Bisecting: 227 revisions left to test after this (roughly 8 steps)
[4875d94c69d5a4836c4225b51429d277c297aae8] tipc: cleanup unused function

testing commit 4875d94c69d5a4836c4225b51429d277c297aae8 gcc
compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 9e823395ca59f5876617bbd7646e07770f2f25264509351ed59ba50111c26ddf
all runs: crashed: WARNING in bpf_cgroup_link_release
# git bisect good 4875d94c69d5a4836c4225b51429d277c297aae8
Bisecting: 113 revisions left to test after this (roughly 7 steps)
[1b1c198c306c4a0c2bbfc095efd158f1bc368a8a] mlxsw: Add support for egress FID classification after decapsulation

testing commit 1b1c198c306c4a0c2bbfc095efd158f1bc368a8a gcc
compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: ebd4579b1606209abce27caafbb4ddfc3a8a21779a3fd9f59bbf4ee81e028f3c
run #0: basic kernel testing failed: BUG: program execution failed: executor NUM: failed to write control pipe: write |NUM: broken pipe
run #1: OK
run #2: OK
run #3: OK
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
# git bisect bad 1b1c198c306c4a0c2bbfc095efd158f1bc368a8a
Bisecting: 56 revisions left to test after this (roughly 6 steps)
[93270357daa949e4bed375b40d0a100ce04f3399] bpftool: Do not check return value from libbpf_set_strict_mode()

testing commit 93270357daa949e4bed375b40d0a100ce04f3399 gcc
compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 737b916af5b4be882ae6a80f22675a72e09b30bd3ed09f48ec66fa74f7de4ac4
run #0: basic kernel testing failed: BUG: program execution failed: executor NUM: exit status NUM
run #1: OK
run #2: OK
run #3: OK
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
# git bisect bad 93270357daa949e4bed375b40d0a100ce04f3399
Bisecting: 28 revisions left to test after this (roughly 5 steps)
[02f4afebf8a54ba16f99f4f6ca10df3efeac6229] selftests/bpf: Add drv mode testing for xdping

testing commit 02f4afebf8a54ba16f99f4f6ca10df3efeac6229 gcc
compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 8c9adf294f76361ed9b98255c480f7c036fafece0c0a5e949c5ca85589c29424
all runs: OK
# git bisect bad 02f4afebf8a54ba16f99f4f6ca10df3efeac6229
Bisecting: 13 revisions left to test after this (roughly 4 steps)
[ba5d1b5802d4a732cb563e81ff30b7f514257a99] libbpf: Introduce libbpf_bpf_link_type_str

testing commit ba5d1b5802d4a732cb563e81ff30b7f514257a99 gcc
compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 993d784c179fb2b6284791a4a93ca9a9b4ad1f60df6f867a03a87531fe5fd0d7
all runs: crashed: WARNING in bpf_cgroup_link_release
# git bisect good ba5d1b5802d4a732cb563e81ff30b7f514257a99
Bisecting: 6 revisions left to test after this (roughly 3 steps)
[610cd93b44ce1e7323878ef5f7b23dc10c7d45b7] libbpf: Fix determine_ptr_size() guessing

testing commit 610cd93b44ce1e7323878ef5f7b23dc10c7d45b7 gcc
compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 331db4aced77a6f8de1d8e041e8db944ff81043dba5134a909fa558995d09136
run #0: basic kernel testing failed: BUG: program execution failed: executor NUM: exit status NUM
run #1: OK
run #2: OK
run #3: OK
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
# git bisect bad 610cd93b44ce1e7323878ef5f7b23dc10c7d45b7
Bisecting: 2 revisions left to test after this (roughly 2 steps)
[eb7b36ce47f830a01ad9405e673b563cc3638d5d] selftests/bpf: Fix test_run logic in fexit_stress.c

testing commit eb7b36ce47f830a01ad9405e673b563cc3638d5d gcc
compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: c6fe9149d9bb673d802d823940840baef3b90cc6ca4d47c675c4c1e30bdfc1b8
all runs: crashed: WARNING in bpf_cgroup_link_release
# git bisect good eb7b36ce47f830a01ad9405e673b563cc3638d5d
Bisecting: 0 revisions left to test after this (roughly 1 step)
[4c46091ee985ae84c60c5e95055d779fcd291d87] bpf: Fix KASAN use-after-free Read in compute_effective_progs

testing commit 4c46091ee985ae84c60c5e95055d779fcd291d87 gcc
compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 5881e8b4c7c05ea7e82b438745f8e605a2cc2cd0525a8e42496d063547b87e97
all runs: OK
# git bisect bad 4c46091ee985ae84c60c5e95055d779fcd291d87
Bisecting: 0 revisions left to test after this (roughly 0 steps)
[de4b4b94fad90f876ab12e87999109e31a1871b4] bpftool: Check for NULL ptr of btf in codegen_asserts

testing commit de4b4b94fad90f876ab12e87999109e31a1871b4 gcc
compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 1d852ed33d772d43ebcf8384f063b1741431fee760d8d376f5b4152ffa615aa1
all runs: crashed: WARNING in bpf_cgroup_link_release
# git bisect good de4b4b94fad90f876ab12e87999109e31a1871b4
4c46091ee985ae84c60c5e95055d779fcd291d87 is the first bad commit
commit 4c46091ee985ae84c60c5e95055d779fcd291d87
Author: Tadeusz Struk <tadeusz.struk@linaro.org>
Date:   Tue May 17 11:04:20 2022 -0700

    bpf: Fix KASAN use-after-free Read in compute_effective_progs
    
    Syzbot found a Use After Free bug in compute_effective_progs().
    The reproducer creates a number of BPF links, and causes a fault
    injected alloc to fail, while calling bpf_link_detach on them.
    Link detach triggers the link to be freed by bpf_link_free(),
    which calls __cgroup_bpf_detach() and update_effective_progs().
    If the memory allocation in this function fails, the function restores
    the pointer to the bpf_cgroup_link on the cgroup list, but the memory
    gets freed just after it returns. After this, every subsequent call to
    update_effective_progs() causes this already deallocated pointer to be
    dereferenced in prog_list_length(), and triggers KASAN UAF error.
    
    To fix this issue don't preserve the pointer to the prog or link in the
    list, but remove it and replace it with a dummy prog without shrinking
    the table. The subsequent call to __cgroup_bpf_detach() or
    __cgroup_bpf_detach() will correct it.
    
    Fixes: af6eea57437a ("bpf: Implement bpf_link-based cgroup BPF program attachment")
    Reported-by: <syzbot+f264bffdfbd5614f3bb2@syzkaller.appspotmail.com>
    Signed-off-by: Tadeusz Struk <tadeusz.struk@linaro.org>
    Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
    Cc: <stable@vger.kernel.org>
    Link: https://syzkaller.appspot.com/bug?id=8ebf179a95c2a2670f7cf1ba62429ec044369db4
    Link: https://lore.kernel.org/bpf/20220517180420.87954-1-tadeusz.struk@linaro.org

 kernel/bpf/cgroup.c | 70 +++++++++++++++++++++++++++++++++++++++++++++--------
 1 file changed, 60 insertions(+), 10 deletions(-)

culprit signature: 5881e8b4c7c05ea7e82b438745f8e605a2cc2cd0525a8e42496d063547b87e97
parent  signature: 1d852ed33d772d43ebcf8384f063b1741431fee760d8d376f5b4152ffa615aa1
revisions tested: 22, total time: 5h29m57.385777248s (build: 2h53m29.469781238s, test: 2h31m50.264488686s)
first good commit: 4c46091ee985ae84c60c5e95055d779fcd291d87 bpf: Fix KASAN use-after-free Read in compute_effective_progs
recipients (to): ["andrii@kernel.org" "bpf@vger.kernel.org" "martin.lau@linux.dev" "tadeusz.struk@linaro.org"]
recipients (cc): ["andrii@kernel.org" "ast@kernel.org" "daniel@iogearbox.net" "haoluo@google.com" "john.fastabend@gmail.com" "jolsa@kernel.org" "kpsingh@kernel.org" "linux-kernel@vger.kernel.org" "sdf@google.com" "song@kernel.org" "yhs@fb.com"]