bisecting cause commit starting from f40ddce88593482919761f74910f42f4b84c004b building syzkaller on 98682e5e2aefc9aad61354f4f3ac93be96002a2a testing commit f40ddce88593482919761f74910f42f4b84c004b with gcc (GCC) 10.2.1 20210217 kernel signature: a20fdda6284e1de4805076b3f724e927513bee772a53c4f27dc22d1ef7831f86 run #0: crashed: INFO: task hung in hwrng_register run #1: crashed: INFO: task hung in hwrng_register run #2: crashed: INFO: task hung in drop_current_rng run #3: crashed: INFO: task hung in hwrng_register run #4: crashed: INFO: task hung in hwrng_register run #5: crashed: INFO: task hung in hwrng_register run #6: crashed: INFO: task hung in hwrng_register run #7: crashed: INFO: task hung in drop_current_rng run #8: crashed: INFO: task hung in drop_current_rng run #9: crashed: INFO: task hung in hwrng_register run #10: crashed: INFO: task hung in hwrng_register run #11: crashed: INFO: task hung in hwrng_register run #12: crashed: INFO: task hung in hwrng_register run #13: crashed: INFO: task hung in hwrng_register run #14: crashed: INFO: task hung in hwrng_register run #15: crashed: INFO: task hung in hwrng_register run #16: crashed: INFO: task hung in hwrng_register run #17: crashed: INFO: task hung in drop_current_rng run #18: crashed: INFO: task hung in hwrng_register run #19: crashed: INFO: task hung in drop_current_rng testing release v5.10 testing commit 2c85ebc57b3e1817b6ce1a6b703928e113a90442 with gcc (GCC) 10.2.1 20210217 kernel signature: 5f141e4ae086409e6817ce9d751cdfb7d552f8adb2d1ef3d6d87c18b4d1705fb run #0: crashed: INFO: task hung in drop_current_rng run #1: crashed: INFO: task hung in hwrng_register run #2: crashed: INFO: task hung in hwrng_register run #3: crashed: INFO: task hung in hwrng_register run #4: crashed: INFO: task hung in drop_current_rng run #5: crashed: INFO: task hung in hwrng_register run #6: crashed: INFO: task hung in hwrng_register run #7: crashed: INFO: task hung in hwrng_register run #8: crashed: INFO: task hung in hwrng_register run #9: crashed: INFO: task hung in hwrng_register testing release v5.9 testing commit bbf5c979011a099af5dc76498918ed7df445635b with gcc (GCC) 10.2.1 20210217 kernel signature: e2e25caecac98c53dcc4037f7b7493ea80c7d8d6d1cace370152d06c198de71a run #0: crashed: INFO: task hung in drop_current_rng run #1: crashed: INFO: task hung in hwrng_register run #2: crashed: INFO: task hung in hwrng_register run #3: crashed: INFO: task hung in drop_current_rng run #4: crashed: INFO: task hung in drop_current_rng run #5: crashed: INFO: task hung in hwrng_register run #6: crashed: INFO: task hung in hwrng_register run #7: crashed: INFO: task hung in hwrng_register run #8: crashed: INFO: task hung in hwrng_register run #9: crashed: INFO: task hung in hwrng_register testing release v5.8 testing commit bcf876870b95592b52519ed4aafcf9d95999bc9c with gcc (GCC) 8.4.1 20210217 kernel signature: ebe503c532ccb3d1993aaef10f6bc2c8917bfe36c5635f4b67af9fe784be5408 run #0: crashed: INFO: task hung in hwrng_register run #1: crashed: INFO: task hung in drop_current_rng run #2: crashed: INFO: task hung in drop_current_rng run #3: crashed: INFO: task hung in hwrng_register run #4: crashed: INFO: task hung in hwrng_register run #5: crashed: INFO: task hung in drop_current_rng run #6: crashed: INFO: task hung in hwrng_register run #7: crashed: INFO: task hung in hwrng_register run #8: crashed: INFO: task hung in drop_current_rng run #9: crashed: INFO: task hung in drop_current_rng testing release v5.7 testing commit 3d77e6a8804abcc0504c904bd6e5cdf3a5cf8162 with gcc (GCC) 8.4.1 20210217 kernel signature: 165c15419a41e1841f9e545c62b09764973faab07fd5dccba1741f2663589c9d run #0: crashed: INFO: task hung in drop_current_rng run #1: crashed: INFO: task hung in hwrng_register run #2: crashed: INFO: task hung in hwrng_register run #3: crashed: INFO: task hung in hwrng_register run #4: crashed: INFO: task hung in hwrng_register run #5: crashed: INFO: task hung in drop_current_rng run #6: crashed: INFO: task hung in hwrng_register run #7: crashed: INFO: task hung in drop_current_rng run #8: crashed: INFO: task hung in hwrng_register run #9: crashed: INFO: task hung in hwrng_register testing release v5.6 testing commit 7111951b8d4973bda27ff663f2cf18b663d15b48 with gcc (GCC) 8.4.1 20210217 kernel signature: 607b4d24bcd728fbbe58a31c361ba4de45c143eca8bdba2156ec671aa076d031 all runs: OK # git bisect start 3d77e6a8804abcc0504c904bd6e5cdf3a5cf8162 7111951b8d4973bda27ff663f2cf18b663d15b48 Bisecting: 7542 revisions left to test after this (roughly 13 steps) [50a5de895dbe5df947b3a695777db5b2c313e065] Merge tag 'for-linus-hmm' of git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma testing commit 50a5de895dbe5df947b3a695777db5b2c313e065 with gcc (GCC) 8.4.1 20210217 kernel signature: f3e7a057981781622bee57ed976c243074fa0c53531b1abdf62714a01e533b14 all runs: boot failed: kernel panic: VFS: Unable to mount root fs on unknown-block(8,1) # git bisect skip 50a5de895dbe5df947b3a695777db5b2c313e065 Bisecting: 7542 revisions left to test after this (roughly 13 steps) [422c032afcf57d5e8109a54912e22ffc53d99068] netfilter: flowtable: Use rw sem as flow block lock testing commit 422c032afcf57d5e8109a54912e22ffc53d99068 with gcc (GCC) 8.4.1 20210217 kernel signature: ab5f64386ed03a5bb2607fa79f6c2f88933c60b51a66c73d9d0f62b79079ed8a all runs: OK # git bisect good 422c032afcf57d5e8109a54912e22ffc53d99068 Bisecting: 6728 revisions left to test after this (roughly 13 steps) [8c1b724ddb218f221612d4c649bc9c7819d8d7a6] Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm testing commit 8c1b724ddb218f221612d4c649bc9c7819d8d7a6 with gcc (GCC) 8.4.1 20210217 kernel signature: bc247fdbf10e4ffbaebc32f5f891c56cc8334031300c9beb7d384b08edd533dd all runs: boot failed: kernel panic: VFS: Unable to mount root fs on unknown-block(8,1) # git bisect skip 8c1b724ddb218f221612d4c649bc9c7819d8d7a6 Bisecting: 6728 revisions left to test after this (roughly 13 steps) [88d7fcfa3b1fe670f0412b95be785aafca63352b] net: inet_csk: Fix so_reuseport bind-address cache in tb->fast* testing commit 88d7fcfa3b1fe670f0412b95be785aafca63352b with gcc (GCC) 8.4.1 20210217 kernel signature: ff86f5a6c3653e1af04a7b4b3645067854e2b62de4f003da56f49b6f7fdbb2ed all runs: crashed: INFO: task hung in corrupted # git bisect bad 88d7fcfa3b1fe670f0412b95be785aafca63352b Bisecting: 6383 revisions left to test after this (roughly 13 steps) [6cad420cc695867b4ca710bac21fde21a4102e4b] Merge branch 'akpm' (patches from Andrew) testing commit 6cad420cc695867b4ca710bac21fde21a4102e4b with gcc (GCC) 8.4.1 20210217 kernel signature: 28155053da3295733911759256d0de085c94fa3c7dbee7d949574ed68fe90d66 all runs: boot failed: kernel panic: VFS: Unable to mount root fs on unknown-block(8,1) # git bisect skip 6cad420cc695867b4ca710bac21fde21a4102e4b Bisecting: 6383 revisions left to test after this (roughly 13 steps) [77a36a3ab4ff17fad23831192e3694a3c5a1750d] HID: Add driver fixing Glorious PC Gaming Race mouse report descriptor testing commit 77a36a3ab4ff17fad23831192e3694a3c5a1750d with gcc (GCC) 8.4.1 20210217 kernel signature: 7c1429a7c4a3f83ddb597d6176006a2fa89f160d524e89f079c7b321e0d75247 run #0: crashed: WARNING: ODEBUG bug in netdev_run_todo run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK reproducer seems to be flaky # git bisect bad 77a36a3ab4ff17fad23831192e3694a3c5a1750d 77a36a3ab4ff17fad23831192e3694a3c5a1750d is the first bad commit commit 77a36a3ab4ff17fad23831192e3694a3c5a1750d Author: Samuel Čavoj Date: Fri Mar 13 03:12:38 2020 +0100 HID: Add driver fixing Glorious PC Gaming Race mouse report descriptor The Glorious Model O mice (and also at least the Model O-, which is driver-wise the same mouse) have a bug in the descriptor of HID Report with ID 2. This report is used for Consumer Control buttons, which can be mapped using the provided Windows only software. Here is an excerpt from the original descriptor: INPUT(2)[INPUT] Field(0) Flags( Constant Variable Absolute ) Field(1) Flags( Constant Variable Absolute ) Field(2) Flags( Constant Variable Absolute ) The issue is the Constant flag specified on all 3 fields, which causes the hid driver to ignore changes in these fields and essentialy causes the buttons to not work at all. The submitted driver patches the descriptor to end up with the following: INPUT(2)[INPUT] Field(0) Flags( Variable Relative ) Field(1) Flags( Variable Relative ) Field(2) Flags( Variable Relative ) The Constant bit is reset and the Relative bit has been set in order to prevent repeat events when holding down the button. Additionally, the device name is changed from the hardware-reported "SINOWEALTH Wired Gaming Mouse" to "Glorious Model O" or "Glorious Model D". Signed-off-by: Samuel Čavoj Signed-off-by: Jiri Kosina drivers/hid/Kconfig | 7 ++++ drivers/hid/Makefile | 1 + drivers/hid/hid-glorious.c | 86 ++++++++++++++++++++++++++++++++++++++++++++++ drivers/hid/hid-ids.h | 4 +++ 4 files changed, 98 insertions(+) create mode 100644 drivers/hid/hid-glorious.c parent commit ac309e7744bee222df6de0122facaf2d9706fa70 wasn't tested testing commit ac309e7744bee222df6de0122facaf2d9706fa70 with gcc (GCC) 8.4.1 20210217 kernel signature: 5ec61f1e548e68e1371bed002be86fa251d4612d15354a6feb988526b6c11b52 culprit signature: 7c1429a7c4a3f83ddb597d6176006a2fa89f160d524e89f079c7b321e0d75247 parent signature: 5ec61f1e548e68e1371bed002be86fa251d4612d15354a6feb988526b6c11b52 Reproducer flagged being flaky revisions tested: 12, total time: 3h18m47.032651819s (build: 1h35m55.05021295s, test: 1h40m52.003193088s) first bad commit: 77a36a3ab4ff17fad23831192e3694a3c5a1750d HID: Add driver fixing Glorious PC Gaming Race mouse report descriptor recipients (to): ["benjamin.tissoires@redhat.com" "jikos@kernel.org" "jkosina@suse.cz" "linux-input@vger.kernel.org" "sammko@sammserver.com"] recipients (cc): ["linux-kernel@vger.kernel.org"] crash: WARNING: ODEBUG bug in netdev_run_todo bond0 (unregistering): (slave bond_slave_1): Releasing backup interface bond0 (unregistering): (slave bond_slave_0): Releasing backup interface bond0 (unregistering): Released all slaves ------------[ cut here ]------------ ODEBUG: free active (active state 0) object type: timer_list hint: delayed_work_timer_fn+0x0/0x90 kernel/workqueue.c:1592 WARNING: CPU: 0 PID: 440 at lib/debugobjects.c:488 debug_print_object+0x197/0x2b0 lib/debugobjects.c:485 Kernel panic - not syncing: panic_on_warn set ... CPU: 0 PID: 440 Comm: kworker/u4:5 Not tainted 5.6.0-rc6-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: netns cleanup_net Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x96/0xe0 lib/dump_stack.c:118 panic+0x2a1/0x52a kernel/panic.c:221 __warn.cold.10+0x25/0x2f kernel/panic.c:582 report_bug+0x1aa/0x260 lib/bug.c:195 fixup_bug arch/x86/kernel/traps.c:174 [inline] fixup_bug arch/x86/kernel/traps.c:169 [inline] do_error_trap+0x12d/0x1e0 arch/x86/kernel/traps.c:267 do_invalid_op+0x31/0x40 arch/x86/kernel/traps.c:286 invalid_op+0x23/0x30 arch/x86/entry/entry_64.S:1027 RIP: 0010:debug_print_object+0x197/0x2b0 lib/debugobjects.c:485 Code: ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 e3 00 00 00 48 8b 14 dd 40 cc e0 8a 4c 89 ee 48 c7 c7 60 2c b8 88 e8 b5 cc bd fd <0f> 0b 83 05 64 65 ea 08 01 48 83 c4 18 5b 5d 41 5c 41 5d 41 5e c3 RSP: 0018:ffffc900026bf928 EFLAGS: 00010282 RAX: 0000000000000000 RBX: 0000000000000003 RCX: 0000000000000000 RDX: 0000000000000001 RSI: ffffffff89e01fc0 RDI: ffffffff8e5481e0 RBP: 0000000000000001 R08: ffffed10173c6479 R09: ffffed10173c6479 R10: ffffed10173c6478 R11: ffff8880b9e323c7 R12: ffffffff8a303b80 R13: ffffffff88b83260 R14: ffffffff81598a70 R15: ffff8880b4445360 __debug_check_no_obj_freed lib/debugobjects.c:967 [inline] debug_check_no_obj_freed+0x2d1/0x410 lib/debugobjects.c:998 slab_free_hook mm/slub.c:1441 [inline] slab_free_freelist_hook+0xc0/0x140 mm/slub.c:1477 slab_free mm/slub.c:3024 [inline] kfree+0xd6/0x3c0 mm/slub.c:3976 device_release+0x65/0x1c0 drivers/base/core.c:1371 kobject_cleanup lib/kobject.c:693 [inline] kobject_release lib/kobject.c:722 [inline] kref_put include/linux/kref.h:65 [inline] kobject_put+0x191/0x430 lib/kobject.c:739 netdev_run_todo+0x44c/0x6a0 net/core/dev.c:9646 default_device_exit_batch+0x2d8/0x3b0 net/core/dev.c:10443 cleanup_net+0x45a/0x900 net/core/net_namespace.c:589 process_one_work+0x8ff/0x1690 kernel/workqueue.c:2266 worker_thread+0x82/0xb50 kernel/workqueue.c:2412 kthread+0x31d/0x3e0 kernel/kthread.c:255 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:352 Kernel Offset: disabled Rebooting in 86400 seconds..