ci starts bisection 2022-08-18 21:02:49.921750743 +0000 UTC m=+2317.183998454 bisecting cause commit starting from 5b6a4bf680d61b1dd26629840f848d0df8983c62 building syzkaller on d58e263faeabeb9fe94e1fc40dad3d6e88586605 testing commit 5b6a4bf680d61b1dd26629840f848d0df8983c62 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: e98723bf9c667ca6dba39bd18431123015d506b06b559a0e6587592d670002eb run #0: crashed: KASAN: use-after-free Read in udl_get_urb_timeout run #1: crashed: KASAN: use-after-free Read in udl_get_urb_timeout run #2: crashed: KASAN: use-after-free Read in udl_get_urb_timeout run #3: crashed: KASAN: use-after-free Read in udl_get_urb_timeout run #4: crashed: KASAN: use-after-free Read in udl_get_urb_timeout run #5: crashed: KASAN: use-after-free Read in udl_get_urb_timeout run #6: crashed: KASAN: use-after-free Read in udl_get_urb_timeout run #7: crashed: KFENCE: use-after-free in udl_get_urb_timeout run #8: crashed: KASAN: use-after-free Read in udl_get_urb_timeout run #9: crashed: KASAN: use-after-free Read in udl_get_urb_timeout run #10: crashed: KASAN: use-after-free Read in udl_get_urb_timeout run #11: crashed: KASAN: use-after-free Read in udl_get_urb_timeout run #12: crashed: KASAN: use-after-free Read in udl_get_urb_timeout run #13: crashed: KASAN: use-after-free Read in udl_get_urb_timeout run #14: crashed: KFENCE: use-after-free in udl_get_urb_timeout run #15: crashed: KASAN: use-after-free Read in udl_get_urb_timeout run #16: crashed: KASAN: use-after-free Read in udl_get_urb_timeout run #17: crashed: KASAN: use-after-free Read in udl_get_urb_timeout run #18: crashed: KASAN: use-after-free Read in udl_get_urb_timeout run #19: crashed: KASAN: use-after-free Read in udl_get_urb_timeout testing release v5.19 testing commit 3d7cb6b04c3f3115719235cc6866b10326de34cd compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 0be651bb860f7464c01a213883993276fef5950389fa7cb8ef590c3c055ba9e3 all runs: OK # git bisect start 5b6a4bf680d61b1dd26629840f848d0df8983c62 3d7cb6b04c3f3115719235cc6866b10326de34cd Bisecting: 8243 revisions left to test after this (roughly 13 steps) [78acd4ca433425e6dd4032cfc2156c60e34931f2] usb: cdns3: Don't use priv_dev uninitialized in cdns3_gadget_ep_enable() testing commit 78acd4ca433425e6dd4032cfc2156c60e34931f2 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: f48d77a88420feccc1cd3540a0f7a344373dad99a3c5eab1490caf00ff558abf all runs: basic kernel testing failed: WARNING: ODEBUG bug in mgmt_index_removed # git bisect skip 78acd4ca433425e6dd4032cfc2156c60e34931f2 Bisecting: 8243 revisions left to test after this (roughly 13 steps) [61afafe8b938bc74841cf4b1a73dd08b9d287c5a] remoteproc: imx_rproc: Fix refcount leak in imx_rproc_addr_init testing commit 61afafe8b938bc74841cf4b1a73dd08b9d287c5a compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: ed0ddfabb66731987edd98149129ee5399da409c4e7cbd26b98cb3839c0939c4 all runs: OK # git bisect good 61afafe8b938bc74841cf4b1a73dd08b9d287c5a Bisecting: 8240 revisions left to test after this (roughly 13 steps) [aad53f17f0ad7485872d66fbcb53cc0c60e811f2] bpftool: Add support for KIND_RESTRICT to gen min_core_btf command testing commit aad53f17f0ad7485872d66fbcb53cc0c60e811f2 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 992c2246aa5319edf0ff8a4da209ad350e61ae8008dc3f026d05855d9e6f540d all runs: OK # git bisect good aad53f17f0ad7485872d66fbcb53cc0c60e811f2 Bisecting: 8015 revisions left to test after this (roughly 13 steps) [f0a892f599c46af673e47418c47c15e69a7b67f4] drm/amd/amdgpu: fix build failure due to implicit declaration testing commit f0a892f599c46af673e47418c47c15e69a7b67f4 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: bf9478ffa7f494be5a4af2929dc90625187e2da2be0c37a85d2439d5a444d518 all runs: basic kernel testing failed: WARNING: ODEBUG bug in mgmt_index_removed # git bisect skip f0a892f599c46af673e47418c47c15e69a7b67f4 Bisecting: 8015 revisions left to test after this (roughly 13 steps) [871f13fe12d285e97febd673161da82ce46a84b4] media: atomisp: Fix typo in comments testing commit 871f13fe12d285e97febd673161da82ce46a84b4 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 5daf36899d8fb02caf8d387ef7235eb304aa59e854aa8181d63ab0572db79c1d all runs: OK # git bisect good 871f13fe12d285e97febd673161da82ce46a84b4 Bisecting: 8015 revisions left to test after this (roughly 13 steps) [9b538b0e3a95e5b7a52e9eaf3ae51686608bf333] dt-bindings: mmc: sdhci-msm: add MSM8998 testing commit 9b538b0e3a95e5b7a52e9eaf3ae51686608bf333 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: e5204839a70a2ad048c03ea2bb858a686bc9ce40782f253ceaaf90bfd60540ce all runs: OK # git bisect good 9b538b0e3a95e5b7a52e9eaf3ae51686608bf333 Bisecting: 7964 revisions left to test after this (roughly 13 steps) [1721b412fc3391646e9cba35e74987516f6d0fce] loongarch: drop definition of PTE_ORDER testing commit 1721b412fc3391646e9cba35e74987516f6d0fce compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 0f208625651bc35206f89231c90efc3545eefbbee0a184bc26f417361945a274 run #0: basic kernel testing failed: BUG: program execution failed: executor NUM: exit status NUM run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect good 1721b412fc3391646e9cba35e74987516f6d0fce Bisecting: 7757 revisions left to test after this (roughly 13 steps) [c1c76700a0d6e6090ccfe1209527f14c21b6681b] Merge tag 'spdx-6.0-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/spdx testing commit c1c76700a0d6e6090ccfe1209527f14c21b6681b compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 101bc647680ba60b40b07e4298311c7dd6a9277a77c847472f7fd127dc06488b all runs: basic kernel testing failed: WARNING: ODEBUG bug in mgmt_index_removed # git bisect skip c1c76700a0d6e6090ccfe1209527f14c21b6681b Bisecting: 7757 revisions left to test after this (roughly 13 steps) [b48ddbbb99986de85878a34c23ecebac22a59b79] perf vendor events: Remove bad jaketown uncore events testing commit b48ddbbb99986de85878a34c23ecebac22a59b79 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: df999304b2b9e47e93ec7e13f8c11f625d8f0794641b0d5053708c71400af615 all runs: basic kernel testing failed: WARNING: ODEBUG bug in mgmt_index_removed # git bisect skip b48ddbbb99986de85878a34c23ecebac22a59b79 Bisecting: 7757 revisions left to test after this (roughly 13 steps) [6b206a5a8c2912c3c2174c5afc2f6e798d6ad212] scsi: target: Add callout to configure UNMAP settings testing commit 6b206a5a8c2912c3c2174c5afc2f6e798d6ad212 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: b6d0ae453a2db59ae34cc2454392fe03682c6eb8b30bbcb25abad23573c7acd2 run #0: OK run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: boot failed: INFO: task hung in add_early_randomness run #7: boot failed: INFO: task hung in add_early_randomness run #8: boot failed: INFO: task hung in add_early_randomness run #9: boot failed: INFO: task hung in add_early_randomness # git bisect good 6b206a5a8c2912c3c2174c5afc2f6e798d6ad212 Bisecting: 7668 revisions left to test after this (roughly 13 steps) [723c188d5cd42a07344f997b0b7e1d83b4173c8d] Merge tag 'staging-6.0-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging testing commit 723c188d5cd42a07344f997b0b7e1d83b4173c8d compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: c7d2d4c45a548ef77db26289ac425383d7a6404301aed194f42ec292fc8acdc7 all runs: basic kernel testing failed: WARNING: ODEBUG bug in mgmt_index_removed # git bisect skip 723c188d5cd42a07344f997b0b7e1d83b4173c8d Bisecting: 7668 revisions left to test after this (roughly 13 steps) [68427dacc5266f85cb96277e91cadb8988ec0474] dt-bindings: sharp,lq101r1sx01: Add compatible for LQ101R1SX03 testing commit 68427dacc5266f85cb96277e91cadb8988ec0474 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 6a816b1c97261c59b2693a40c56ecc68dd221ab53e000373556fce95c2b67e90 all runs: OK # git bisect good 68427dacc5266f85cb96277e91cadb8988ec0474 Bisecting: 7638 revisions left to test after this (roughly 13 steps) [134941683b89d05b5e5c28c817c95049ba409d01] netfilter: ip6t_LOG: Fix a typo in a comment testing commit 134941683b89d05b5e5c28c817c95049ba409d01 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: f4277ee9bd2ce524ec182c54d8e174e677dd07b684ae6eb592d1d435b5d976f3 all runs: OK # git bisect good 134941683b89d05b5e5c28c817c95049ba409d01 Bisecting: 5255 revisions left to test after this (roughly 12 steps) [f20c95b46b8fa3ad34b3ea2e134337f88591468b] Merge tag 'tpmdd-next-v5.20' of git://git.kernel.org/pub/scm/linux/kernel/git/jarkko/linux-tpmdd testing commit f20c95b46b8fa3ad34b3ea2e134337f88591468b compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: a275f37bdab13adc24f9fd38db72464fc13e0e752848f7005660d7b616a2e8b5 all runs: basic kernel testing failed: WARNING: ODEBUG bug in mgmt_index_removed # git bisect skip f20c95b46b8fa3ad34b3ea2e134337f88591468b Bisecting: 5255 revisions left to test after this (roughly 12 steps) [86034d6ba5f588407518d47a781f4dc114d40b24] Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/pdx86/platform-drivers-x86.git testing commit 86034d6ba5f588407518d47a781f4dc114d40b24 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 484c68c58319614f1b2c66370eb2b8aaa1b28eb9542aba0c5965d002285ff699 run #0: crashed: KASAN: use-after-free Read in udl_get_urb_timeout run #1: crashed: KASAN: use-after-free Read in udl_get_urb_timeout run #2: crashed: KFENCE: use-after-free in udl_get_urb_timeout run #3: crashed: KASAN: use-after-free Read in udl_get_urb_timeout run #4: crashed: KASAN: use-after-free Read in udl_get_urb_timeout run #5: crashed: KASAN: use-after-free Read in udl_get_urb_timeout run #6: crashed: KASAN: use-after-free Read in udl_get_urb_timeout run #7: crashed: KFENCE: use-after-free in udl_get_urb_timeout run #8: crashed: KASAN: use-after-free Read in udl_get_urb_timeout run #9: crashed: KASAN: use-after-free Read in udl_get_urb_timeout # git bisect bad 86034d6ba5f588407518d47a781f4dc114d40b24 Bisecting: 4749 revisions left to test after this (roughly 12 steps) [48a577dc1b09c1d35f2b8b37e7fa9a7169d50f5d] Merge tag 'perf-tools-for-v6.0-2022-08-04' of git://git.kernel.org/pub/scm/linux/kernel/git/acme/linux testing commit 48a577dc1b09c1d35f2b8b37e7fa9a7169d50f5d compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: feed5116ffe51e1a083b121550db493b775a07fa660e19d2bc49a5c36324bd6e all runs: basic kernel testing failed: WARNING: ODEBUG bug in mgmt_index_removed # git bisect skip 48a577dc1b09c1d35f2b8b37e7fa9a7169d50f5d Bisecting: 4749 revisions left to test after this (roughly 12 steps) [d9c6a706f37c32480ab287aafcc781192996d584] spi: dt-bindings: lpspi: add i.MX93 compatible testing commit d9c6a706f37c32480ab287aafcc781192996d584 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 6a878ed23078a820b189e68fdb7dce328f924a4c05344ac42b73de6a619aea70 run #0: boot failed: can't ssh into the instance run #1: boot failed: WARNING in copy_process run #2: boot failed: WARNING in copy_process run #3: boot failed: general protection fault in rcu_core run #4: boot failed: general protection fault in netdev_queue_update_kobjects run #5: boot failed: general protection fault in netdev_register_kobject run #6: boot failed: general protection fault in rcu_core run #7: boot failed: general protection fault in netdev_queue_update_kobjects run #8: boot failed: general protection fault in driver_register run #9: boot failed: BUG: unable to handle kernel paging request in kernfs_link_sibling # git bisect skip d9c6a706f37c32480ab287aafcc781192996d584 Bisecting: 4749 revisions left to test after this (roughly 12 steps) [5495d1636b93ad9e5471f74a94487964c99f8b08] Merge tag 'intel-pinctrl-v5.20-1' of gitolite.kernel.org:pub/scm/linux/kernel/git/pinctrl/intel into devel testing commit 5495d1636b93ad9e5471f74a94487964c99f8b08 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 1d48af82eb72ba50ac31a5e64e4b9ab10e8bc905ebcf3a78971ca25f80d3dcd3 run #0: OK run #1: OK run #2: OK run #3: OK run #4: OK run #5: boot failed: INFO: task hung in add_early_randomness run #6: boot failed: INFO: task hung in add_early_randomness run #7: boot failed: INFO: task hung in add_early_randomness run #8: boot failed: INFO: task hung in add_early_randomness run #9: boot failed: INFO: task hung in add_early_randomness # git bisect good 5495d1636b93ad9e5471f74a94487964c99f8b08 Bisecting: 4695 revisions left to test after this (roughly 12 steps) [9776e3861e0e30330f6c8ca9c30348f336d24b1c] ia64: fix sparse warnings with cmpxchg() & xchg() testing commit 9776e3861e0e30330f6c8ca9c30348f336d24b1c compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: bf96f39e72c4d31dfafc2c75111b3f03a72b02fac4aae979a30b0a3a92872cee all runs: OK # git bisect good 9776e3861e0e30330f6c8ca9c30348f336d24b1c Bisecting: 4688 revisions left to test after this (roughly 12 steps) [4de395f2c632c31c575f72d49d4f4389c99dab68] Merge drm/drm-next into drm-misc-next testing commit 4de395f2c632c31c575f72d49d4f4389c99dab68 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 402efcd58308f7e8fe54b3f4f2c458419faedbefdd126ab6b0ce7ffe99c59b64 all runs: OK # git bisect good 4de395f2c632c31c575f72d49d4f4389c99dab68 Bisecting: 4628 revisions left to test after this (roughly 12 steps) [7ce2aa6d7fe121e243e1c8a8093911fecdf1c88e] Merge tag 'drm-next-2022-08-12-1' of git://anongit.freedesktop.org/drm/drm testing commit 7ce2aa6d7fe121e243e1c8a8093911fecdf1c88e compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: af55dfa1e90268c4dfca52849df926657d9e14cdbc68cb9f99ffc7638ab323e1 all runs: OK # git bisect good 7ce2aa6d7fe121e243e1c8a8093911fecdf1c88e Bisecting: 972 revisions left to test after this (roughly 10 steps) [a08ad2ebe199c33536d86c6d1a071d137e76ecaa] Merge branch 'master' of git://git.kernel.org/pub/scm/fs/fscrypt/fscrypt.git testing commit a08ad2ebe199c33536d86c6d1a071d137e76ecaa compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: a6236e6d79951cff335650cb0672fb3a5294f7f360057919f41dede09c8b29e8 all runs: OK # git bisect good a08ad2ebe199c33536d86c6d1a071d137e76ecaa Bisecting: 412 revisions left to test after this (roughly 9 steps) [8283279ad91ad1a4e722bd69642ebba552e87775] Merge branch 'for-linux-next' of git://anongit.freedesktop.org/drm/drm-misc testing commit 8283279ad91ad1a4e722bd69642ebba552e87775 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 563295ba84ada91ccc7e3a69bf7e4ca95edadf0656234ab1030c26e2cd528d75 run #0: crashed: KASAN: use-after-free Read in udl_get_urb_timeout run #1: crashed: KASAN: use-after-free Read in udl_get_urb_timeout run #2: crashed: KASAN: use-after-free Read in udl_get_urb_timeout run #3: crashed: KASAN: use-after-free Read in udl_get_urb_timeout run #4: crashed: KASAN: use-after-free Read in udl_get_urb_timeout run #5: crashed: KFENCE: use-after-free in udl_get_urb_timeout run #6: crashed: KASAN: use-after-free Read in udl_get_urb_timeout run #7: crashed: KASAN: use-after-free Read in udl_get_urb_timeout run #8: crashed: KASAN: use-after-free Read in udl_get_urb_timeout run #9: crashed: KASAN: use-after-free Read in udl_get_urb_timeout # git bisect bad 8283279ad91ad1a4e722bd69642ebba552e87775 Bisecting: 277 revisions left to test after this (roughly 8 steps) [7bfd788a37b2f2ba6b5beae4d31fd870d3013e26] Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next.git testing commit 7bfd788a37b2f2ba6b5beae4d31fd870d3013e26 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: bc03ddd99e92216eda5ad8f48e5868b39c2a6399333a8f7a5fdfc5608e354fd7 all runs: OK # git bisect good 7bfd788a37b2f2ba6b5beae4d31fd870d3013e26 Bisecting: 138 revisions left to test after this (roughly 7 steps) [ac991b874b098ecde2c5eb81da48d52b6b22851b] drm/vc4: Add explicit declaration of 'drmm_of_get_bridge' testing commit ac991b874b098ecde2c5eb81da48d52b6b22851b compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: cf9aa997bfd5fd4f766fca60dcfc339f4eaf172fa02fb1efcdf24bffc7849650 run #0: basic kernel testing failed: BUG: program execution failed: executor NUM: failed to write control pipe: write |NUM: broken pipe run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect good ac991b874b098ecde2c5eb81da48d52b6b22851b Bisecting: 68 revisions left to test after this (roughly 6 steps) [6a3aaa2bc03ea7ecb93741d2f55aa9064e95d528] drm/panfrost: Add specific register offset macros for JS and MMU AS testing commit 6a3aaa2bc03ea7ecb93741d2f55aa9064e95d528 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: be7cedf2f95b0c47e1e80a48250ae9b03f34ad38bfb4ecf885082f76050daa16 all runs: OK # git bisect good 6a3aaa2bc03ea7ecb93741d2f55aa9064e95d528 Bisecting: 29 revisions left to test after this (roughly 5 steps) [7ba276c628c766264031fb3cc39604bd3956782f] Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/wireless/wireless-next.git testing commit 7ba276c628c766264031fb3cc39604bd3956782f compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: b05734fae1fe3ef6d2af0c1cfa7a2da954f21af9c05bf83f3a518312eedbf8de all runs: OK # git bisect good 7ba276c628c766264031fb3cc39604bd3956782f Bisecting: 14 revisions left to test after this (roughly 4 steps) [504a51d70f86e3b989ca8834691bbac4033b6f48] drm/format-helper: Rename parameter vmap to src testing commit 504a51d70f86e3b989ca8834691bbac4033b6f48 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 9f47d111d456e5051bc9c55d575d453555623b92323e1b677b5f7c8e2df0a0fb all runs: OK # git bisect good 504a51d70f86e3b989ca8834691bbac4033b6f48 Bisecting: 6 revisions left to test after this (roughly 3 steps) [8759464d7b6309e23df95f12064a120422d6f780] drm/bridge: tc358767: disable main link PHYs on main link disable testing commit 8759464d7b6309e23df95f12064a120422d6f780 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: a16a02af8926d93ae101ff68cad2ac561e835ec647f8dd80092d929bdaf72cf4 all runs: crashed: KASAN: use-after-free Read in udl_get_urb_timeout # git bisect bad 8759464d7b6309e23df95f12064a120422d6f780 Bisecting: 3 revisions left to test after this (roughly 2 steps) [7350b2a3fbc6956b2b2234f6d27d030c70b451bb] drm/udl: Replace BUG_ON() with WARN_ON() testing commit 7350b2a3fbc6956b2b2234f6d27d030c70b451bb compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 16ad8315ea92bbfbf0e91b148ad2e8b03cb2db4e94ebc4eb1428bd55ac3666db run #0: crashed: KFENCE: use-after-free in udl_get_urb_timeout run #1: crashed: KASAN: use-after-free Read in udl_get_urb_timeout run #2: crashed: KASAN: use-after-free Read in udl_get_urb_timeout run #3: crashed: KASAN: use-after-free Read in udl_get_urb_timeout run #4: crashed: KASAN: use-after-free Read in udl_get_urb_timeout run #5: crashed: KASAN: use-after-free Read in udl_get_urb_timeout run #6: crashed: KASAN: use-after-free Read in udl_get_urb_timeout run #7: crashed: KASAN: use-after-free Read in udl_get_urb_timeout run #8: crashed: KASAN: use-after-free Read in udl_get_urb_timeout run #9: crashed: KASAN: use-after-free Read in udl_get_urb_timeout # git bisect bad 7350b2a3fbc6956b2b2234f6d27d030c70b451bb Bisecting: 1 revision left to test after this (roughly 1 step) [0f7dc324b2e9e55db9323302f944fd952dbed967] drm/udl: Sync pending URBs at suspend / disconnect testing commit 0f7dc324b2e9e55db9323302f944fd952dbed967 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 59f05133780723f4c8c298c30a92461b72759a566ea11979d84ff0586f2af17e all runs: OK # git bisect good 0f7dc324b2e9e55db9323302f944fd952dbed967 Bisecting: 0 revisions left to test after this (roughly 0 steps) [e25d5954264d1871ab2792c7ca2298b811462500] drm/udl: Kill pending URBs at suspend and disconnect testing commit e25d5954264d1871ab2792c7ca2298b811462500 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 42ba4a6acf91bcbbfbb3525f862f4c0e5be22c08c44cdcb0c2623486126c7685 run #0: basic kernel testing failed: BUG: program execution failed: executor NUM: exit status NUM run #1: crashed: KASAN: use-after-free Read in udl_get_urb_timeout run #2: crashed: KASAN: use-after-free Read in udl_get_urb_timeout run #3: crashed: KASAN: use-after-free Read in udl_get_urb_timeout run #4: crashed: KFENCE: use-after-free in udl_get_urb_timeout run #5: crashed: KASAN: use-after-free Read in udl_get_urb_timeout run #6: crashed: KASAN: use-after-free Read in udl_get_urb_timeout run #7: crashed: KASAN: use-after-free Read in udl_get_urb_timeout run #8: crashed: KASAN: use-after-free Read in udl_get_urb_timeout run #9: crashed: KASAN: use-after-free Read in udl_get_urb_timeout # git bisect bad e25d5954264d1871ab2792c7ca2298b811462500 e25d5954264d1871ab2792c7ca2298b811462500 is the first bad commit commit e25d5954264d1871ab2792c7ca2298b811462500 Author: Takashi Iwai Date: Thu Aug 4 09:58:25 2022 +0200 drm/udl: Kill pending URBs at suspend and disconnect At both suspend and disconnect, we should rather cancel the pending URBs immediately. For the suspend case, the display will be turned off, so it makes no sense to process the rendering. And for the disconnect case, the device may be no longer accessible, hence we shouldn't do any submission. Tested-by: Thomas Zimmermann Signed-off-by: Takashi Iwai Signed-off-by: Thomas Zimmermann Reviewed-by: Thomas Zimmermann Link: https://patchwork.freedesktop.org/patch/msgid/20220804075826.27036-4-tiwai@suse.de drivers/gpu/drm/udl/udl_drv.h | 2 ++ drivers/gpu/drm/udl/udl_main.c | 25 ++++++++++++++++++++++--- drivers/gpu/drm/udl/udl_modeset.c | 2 ++ 3 files changed, 26 insertions(+), 3 deletions(-) culprit signature: 42ba4a6acf91bcbbfbb3525f862f4c0e5be22c08c44cdcb0c2623486126c7685 parent signature: 59f05133780723f4c8c298c30a92461b72759a566ea11979d84ff0586f2af17e revisions tested: 34, total time: 7h40m51.369310868s (build: 3h51m27.942153411s, test: 3h45m46.983899762s) first bad commit: e25d5954264d1871ab2792c7ca2298b811462500 drm/udl: Kill pending URBs at suspend and disconnect recipients (to): ["airlied@linux.ie" "airlied@redhat.com" "daniel@ffwll.ch" "dri-devel@lists.freedesktop.org" "tiwai@suse.de" "tzimmermann@suse.de"] recipients (cc): ["linux-kernel@vger.kernel.org" "sean@poorly.run" "tzimmermann@suse.de"] crash: KASAN: use-after-free Read in udl_get_urb_timeout [drm:udl_init.cold] *ERROR* Unrecognized vendor firmware descriptor [drm:udl_init] *ERROR* Selecting channel failed [drm] Initialized udl 0.0.1 20120220 for 1-1:0.0 on minor 2 [drm] Initialized udl on minor 2 [drm:udl_get_edid_block] *ERROR* Read EDID byte 0 failed err ffffffb9 udl 1-1:0.0: [drm] Cannot find any crtc or sizes usb 1-1: USB disconnect, device number 2 ================================================================== BUG: KASAN: use-after-free in __list_add_valid+0x81/0xa0 lib/list_debug.c:23 Read of size 8 at addr ffff88801b05aac8 by task kworker/1:1/26 CPU: 1 PID: 26 Comm: kworker/1:1 Not tainted 5.19.0-rc6-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 Workqueue: usb_hub_wq hub_event Call Trace: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x57/0x7d lib/dump_stack.c:106 print_address_description.constprop.0.cold+0xeb/0x495 mm/kasan/report.c:313 print_report mm/kasan/report.c:429 [inline] kasan_report.cold+0xf4/0x1c6 mm/kasan/report.c:491 __list_add_valid+0x81/0xa0 lib/list_debug.c:23 __list_add include/linux/list.h:69 [inline] list_add include/linux/list.h:88 [inline] list_move include/linux/list.h:218 [inline] udl_get_urb_timeout+0x1ef/0x4f0 drivers/gpu/drm/udl/udl_main.c:250 udl_free_urb_list+0x136/0x220 drivers/gpu/drm/udl/udl_main.c:156 udl_drop_usb+0xbd/0x150 drivers/gpu/drm/udl/udl_main.c:357 udl_usb_disconnect+0x3a/0x50 drivers/gpu/drm/udl/udl_drv.c:114 usb_unbind_interface+0x183/0x7e0 drivers/usb/core/driver.c:458 __device_release_driver drivers/base/dd.c:1222 [inline] device_release_driver_internal+0x3bc/0x600 drivers/base/dd.c:1248 bus_remove_device+0x295/0x550 drivers/base/bus.c:529 device_del+0x48d/0xb80 drivers/base/core.c:3615 usb_disable_device+0x29c/0x660 drivers/usb/core/message.c:1419 usb_disconnect.cold+0x20a/0x61d drivers/usb/core/hub.c:2228 hub_port_connect drivers/usb/core/hub.c:5207 [inline] hub_port_connect_change drivers/usb/core/hub.c:5507 [inline] port_event drivers/usb/core/hub.c:5663 [inline] hub_event+0xb46/0x39d0 drivers/usb/core/hub.c:5745 process_one_work+0x865/0x13d0 kernel/workqueue.c:2289 process_scheduled_works kernel/workqueue.c:2352 [inline] worker_thread+0x738/0xec0 kernel/workqueue.c:2438 kthread+0x299/0x340 kernel/kthread.c:376 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:302 Allocated by task 26: kasan_save_stack+0x1e/0x40 mm/kasan/common.c:38 kasan_set_track mm/kasan/common.c:45 [inline] set_alloc_info mm/kasan/common.c:436 [inline] ____kasan_kmalloc mm/kasan/common.c:515 [inline] ____kasan_kmalloc mm/kasan/common.c:474 [inline] __kasan_kmalloc+0xa9/0xd0 mm/kasan/common.c:524 kmalloc include/linux/slab.h:600 [inline] kzalloc include/linux/slab.h:733 [inline] udl_alloc_urb_list drivers/gpu/drm/udl/udl_main.c:190 [inline] udl_init+0x6ae/0xb80 drivers/gpu/drm/udl/udl_main.c:330 udl_driver_create drivers/gpu/drm/udl/udl_drv.c:79 [inline] udl_usb_probe+0x31/0xa0 drivers/gpu/drm/udl/udl_drv.c:94 usb_probe_interface+0x274/0x6a0 drivers/usb/core/driver.c:396 call_driver_probe drivers/base/dd.c:555 [inline] really_probe+0x1c1/0xa40 drivers/base/dd.c:634 __driver_probe_device+0x2a6/0x460 drivers/base/dd.c:764 driver_probe_device+0x44/0x110 drivers/base/dd.c:794 __device_attach_driver+0x185/0x250 drivers/base/dd.c:917 bus_for_each_drv+0x11e/0x1a0 drivers/base/bus.c:427 __device_attach+0x19e/0x440 drivers/base/dd.c:989 bus_probe_device+0x19d/0x250 drivers/base/bus.c:487 device_add+0xa14/0x1b80 drivers/base/core.c:3428 usb_set_configuration+0xa66/0x18b0 drivers/usb/core/message.c:2170 usb_generic_driver_probe+0x74/0xa0 drivers/usb/core/generic.c:238 usb_probe_device+0x95/0x240 drivers/usb/core/driver.c:293 call_driver_probe drivers/base/dd.c:555 [inline] really_probe+0x1c1/0xa40 drivers/base/dd.c:634 __driver_probe_device+0x2a6/0x460 drivers/base/dd.c:764 driver_probe_device+0x44/0x110 drivers/base/dd.c:794 __device_attach_driver+0x185/0x250 drivers/base/dd.c:917 bus_for_each_drv+0x11e/0x1a0 drivers/base/bus.c:427 __device_attach+0x19e/0x440 drivers/base/dd.c:989 bus_probe_device+0x19d/0x250 drivers/base/bus.c:487 device_add+0xa14/0x1b80 drivers/base/core.c:3428 usb_new_device.cold+0x5d1/0xeeb drivers/usb/core/hub.c:2566 hub_port_connect drivers/usb/core/hub.c:5363 [inline] hub_port_connect_change drivers/usb/core/hub.c:5507 [inline] port_event drivers/usb/core/hub.c:5663 [inline] hub_event+0x114d/0x39d0 drivers/usb/core/hub.c:5745 process_one_work+0x865/0x13d0 kernel/workqueue.c:2289 worker_thread+0x598/0xec0 kernel/workqueue.c:2436 kthread+0x299/0x340 kernel/kthread.c:376 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:302 Freed by task 26: kasan_save_stack+0x1e/0x40 mm/kasan/common.c:38 kasan_set_track+0x21/0x30 mm/kasan/common.c:45 kasan_set_free_info+0x20/0x30 mm/kasan/generic.c:370 ____kasan_slab_free mm/kasan/common.c:366 [inline] ____kasan_slab_free+0x166/0x1a0 mm/kasan/common.c:328 kasan_slab_free include/linux/kasan.h:200 [inline] slab_free_hook mm/slub.c:1754 [inline] slab_free_freelist_hook+0x8b/0x1c0 mm/slub.c:1780 slab_free mm/slub.c:3536 [inline] kfree+0xd6/0x4d0 mm/slub.c:4584 udl_free_urb_list+0x11f/0x220 drivers/gpu/drm/udl/udl_main.c:164 udl_drop_usb+0xbd/0x150 drivers/gpu/drm/udl/udl_main.c:357 udl_usb_disconnect+0x3a/0x50 drivers/gpu/drm/udl/udl_drv.c:114 usb_unbind_interface+0x183/0x7e0 drivers/usb/core/driver.c:458 __device_release_driver drivers/base/dd.c:1222 [inline] device_release_driver_internal+0x3bc/0x600 drivers/base/dd.c:1248 bus_remove_device+0x295/0x550 drivers/base/bus.c:529 device_del+0x48d/0xb80 drivers/base/core.c:3615 usb_disable_device+0x29c/0x660 drivers/usb/core/message.c:1419 usb_disconnect.cold+0x20a/0x61d drivers/usb/core/hub.c:2228 hub_port_connect drivers/usb/core/hub.c:5207 [inline] hub_port_connect_change drivers/usb/core/hub.c:5507 [inline] port_event drivers/usb/core/hub.c:5663 [inline] hub_event+0xb46/0x39d0 drivers/usb/core/hub.c:5745 process_one_work+0x865/0x13d0 kernel/workqueue.c:2289 process_scheduled_works kernel/workqueue.c:2352 [inline] worker_thread+0x738/0xec0 kernel/workqueue.c:2438 kthread+0x299/0x340 kernel/kthread.c:376 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:302 The buggy address belongs to the object at ffff88801b05aac0 which belongs to the cache kmalloc-32 of size 32 The buggy address is located 8 bytes inside of 32-byte region [ffff88801b05aac0, ffff88801b05aae0) The buggy address belongs to the physical page: page:ffffea00006c1680 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1b05a flags: 0xfff00000000200(slab|node=0|zone=1|lastcpupid=0x7ff) raw: 00fff00000000200 dead000000000100 dead000000000122 ffff888010841500 raw: 0000000000000000 0000000080400040 00000001ffffffff 0000000000000000 page dumped because: kasan: bad access detected page_owner tracks the page as allocated page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 3606, tgid 3606 (syz-executor.0), ts 39280832201, free_ts 39241858233 prep_new_page mm/page_alloc.c:2456 [inline] get_page_from_freelist+0x19d3/0x3b30 mm/page_alloc.c:4198 __alloc_pages+0x1c7/0x510 mm/page_alloc.c:5426 alloc_slab_page mm/slub.c:1824 [inline] allocate_slab+0x26c/0x3c0 mm/slub.c:1969 new_slab mm/slub.c:2029 [inline] ___slab_alloc+0x9bc/0xe10 mm/slub.c:3031 __slab_alloc.constprop.0+0x4d/0xa0 mm/slub.c:3118 slab_alloc_node mm/slub.c:3209 [inline] slab_alloc mm/slub.c:3251 [inline] __kmalloc+0x318/0x350 mm/slub.c:4442 kmalloc include/linux/slab.h:605 [inline] do_setlink+0x11e1/0x2dd0 net/core/rtnetlink.c:2727 __rtnl_newlink+0x94d/0x14c0 net/core/rtnetlink.c:3546 rtnl_newlink+0x5a/0x90 net/core/rtnetlink.c:3593 rtnetlink_rcv_msg+0x32d/0x9a0 net/core/rtnetlink.c:6089 netlink_rcv_skb+0x118/0x370 net/netlink/af_netlink.c:2501 netlink_unicast_kernel net/netlink/af_netlink.c:1319 [inline] netlink_unicast+0x433/0x710 net/netlink/af_netlink.c:1345 netlink_sendmsg+0x782/0xc30 net/netlink/af_netlink.c:1921 sock_sendmsg_nosec net/socket.c:714 [inline] sock_sendmsg+0xab/0xe0 net/socket.c:734 __sys_sendto+0x1a5/0x270 net/socket.c:2119 __do_sys_sendto net/socket.c:2131 [inline] __se_sys_sendto net/socket.c:2127 [inline] __x64_sys_sendto+0xd8/0x1b0 net/socket.c:2127 page last free stack trace: reset_page_owner include/linux/page_owner.h:24 [inline] free_pages_prepare mm/page_alloc.c:1371 [inline] free_pcp_prepare+0x549/0xd20 mm/page_alloc.c:1421 free_unref_page_prepare mm/page_alloc.c:3343 [inline] free_unref_page+0x19/0x6a0 mm/page_alloc.c:3438 qlink_free mm/kasan/quarantine.c:168 [inline] qlist_free_all+0x6a/0x170 mm/kasan/quarantine.c:187 kasan_quarantine_reduce+0x180/0x200 mm/kasan/quarantine.c:294 __kasan_slab_alloc+0xa2/0xc0 mm/kasan/common.c:446 kasan_slab_alloc include/linux/kasan.h:224 [inline] slab_post_alloc_hook mm/slab.h:750 [inline] slab_alloc_node mm/slub.c:3243 [inline] slab_alloc mm/slub.c:3251 [inline] kmem_cache_alloc_trace+0x26d/0x3f0 mm/slub.c:3282 kmalloc include/linux/slab.h:600 [inline] netdevice_queue_work drivers/infiniband/core/roce_gid_mgmt.c:643 [inline] netdevice_event+0x16a/0x770 drivers/infiniband/core/roce_gid_mgmt.c:802 notifier_call_chain+0x94/0x170 kernel/notifier.c:87 call_netdevice_notifiers_extack net/core/dev.c:1983 [inline] call_netdevice_notifiers net/core/dev.c:1997 [inline] dev_set_mac_address+0x261/0x360 net/core/dev.c:8793 dev_set_mac_address_user+0x28/0x40 net/core/dev.c:8807 do_setlink+0x12af/0x2dd0 net/core/rtnetlink.c:2735 __rtnl_newlink+0x94d/0x14c0 net/core/rtnetlink.c:3546 rtnl_newlink+0x5a/0x90 net/core/rtnetlink.c:3593 rtnetlink_rcv_msg+0x32d/0x9a0 net/core/rtnetlink.c:6089 netlink_rcv_skb+0x118/0x370 net/netlink/af_netlink.c:2501 netlink_unicast_kernel net/netlink/af_netlink.c:1319 [inline] netlink_unicast+0x433/0x710 net/netlink/af_netlink.c:1345 Memory state around the buggy address: ffff88801b05a980: 00 00 00 00 fc fc fc fc 00 00 00 00 fc fc fc fc ffff88801b05aa00: 00 00 00 fc fc fc fc fc 00 00 00 00 fc fc fc fc >ffff88801b05aa80: 00 00 00 00 fc fc fc fc fa fb fb fb fc fc fc fc ^ ffff88801b05ab00: 00 00 00 00 fc fc fc fc fa fb fb fb fc fc fc fc ffff88801b05ab80: 00 00 00 00 fc fc fc fc fa fb fb fb fc fc fc fc ==================================================================