ci2 starts bisection 2022-08-02 20:04:54.375612812 +0000 UTC m=+3383.193189025 bisecting fixing commit since 414e6c8e941caae43f7b25f8014c2b5e2100679d building syzkaller on e22c3da3b05600c6c0f62142160839b4b7f82a62 testing commit 414e6c8e941caae43f7b25f8014c2b5e2100679d compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 4e9b3e6706bc56511b541c106fa6e8953a8c7f5ebb70b6ef81d0dc0faae2bfb7 run #0: crashed: KASAN: use-after-free Read in dst_dev_put run #1: crashed: general protection fault in dst_dev_put run #2: crashed: BUG: corrupted list in insert_work run #3: crashed: general protection fault in process_one_work run #4: crashed: general protection fault in dst_dev_put run #5: crashed: general protection fault in process_one_work run #6: crashed: BUG: corrupted list in insert_work run #7: crashed: BUG: corrupted list in insert_work run #8: crashed: BUG: corrupted list in insert_work run #9: crashed: BUG: corrupted list in insert_work run #10: crashed: general protection fault in dst_dev_put run #11: crashed: general protection fault in process_one_work run #12: crashed: general protection fault in process_one_work run #13: crashed: general protection fault in process_one_work run #14: crashed: BUG: corrupted list in insert_work run #15: crashed: BUG: corrupted list in insert_work run #16: crashed: general protection fault in process_one_work run #17: crashed: general protection fault in process_one_work run #18: crashed: BUG: corrupted list in insert_work run #19: crashed: BUG: corrupted list in insert_work testing current HEAD 3f05c6dd1307884bfae727da2a198f745d50d031 testing commit 3f05c6dd1307884bfae727da2a198f745d50d031 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: f939df3aa399972ddbd54f8d0874b2dd76f3abfb892fc38c5938a674b8a6f3f1 all runs: OK # git bisect start 3f05c6dd1307884bfae727da2a198f745d50d031 414e6c8e941caae43f7b25f8014c2b5e2100679d Bisecting: 1469 revisions left to test after this (roughly 11 steps) [fdca775081527364621857957655207d83035376] arm: use fallback for random_get_entropy() instead of zero testing commit fdca775081527364621857957655207d83035376 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 11420748a2e809d4de25eb1c4c58ef0478746f3daeccad046e825a032651c91b run #0: crashed: BUG: corrupted list in insert_work run #1: crashed: general protection fault in process_one_work run #2: crashed: general protection fault in dst_dev_put run #3: crashed: BUG: corrupted list in insert_work run #4: crashed: BUG: corrupted list in insert_work run #5: crashed: general protection fault in process_one_work run #6: crashed: BUG: corrupted list in insert_work run #7: crashed: general protection fault in process_one_work run #8: crashed: general protection fault in process_one_work run #9: crashed: BUG: corrupted list in insert_work # git bisect good fdca775081527364621857957655207d83035376 Bisecting: 734 revisions left to test after this (roughly 10 steps) [f93d8fe3dce89fbeaaa9770982b1514c32022ee9] ASoC: cs42l56: Correct typo in minimum level for SX volume controls testing commit f93d8fe3dce89fbeaaa9770982b1514c32022ee9 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 3d2d5eb1a799db7224955989ccb16b0b64f280e5e3da47b97c02049fd7ae9987 all runs: OK # git bisect bad f93d8fe3dce89fbeaaa9770982b1514c32022ee9 Bisecting: 367 revisions left to test after this (roughly 9 steps) [82c6c8a66c2e6041255cc1a65ae390182d587bb0] powerpc/fadump: fix PT_LOAD segment for boot memory area testing commit 82c6c8a66c2e6041255cc1a65ae390182d587bb0 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: e2875dafd92f9a3e122b70988e3c11922657b0e445f0479f2bac5d64c092adc3 all runs: OK # git bisect bad 82c6c8a66c2e6041255cc1a65ae390182d587bb0 Bisecting: 183 revisions left to test after this (roughly 8 steps) [c400439adc36e2ae4cd293657e27a3304ca22c25] ARM: dts: s5pv210: align DMA channels with dtschema testing commit c400439adc36e2ae4cd293657e27a3304ca22c25 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 41f94607fd736635aeaa6f4a9ffbb7e0995f40993fc70c3dee447baabe478861 all runs: OK # git bisect bad c400439adc36e2ae4cd293657e27a3304ca22c25 Bisecting: 91 revisions left to test after this (roughly 7 steps) [223368eaf60cfedbe8b51895be5d82d0f4ea5b67] ALSA: hda/realtek: Enable 4-speaker output for Dell XPS 15 9520 laptop testing commit 223368eaf60cfedbe8b51895be5d82d0f4ea5b67 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 1903959be36d32467cbfe656c9cef31d7542a0891bdfc4eb89e770f7dc7289cb all runs: OK # git bisect bad 223368eaf60cfedbe8b51895be5d82d0f4ea5b67 Bisecting: 45 revisions left to test after this (roughly 6 steps) [6029f86740c92c182ff29b34b3c40bb5462050a1] assoc_array: Fix BUG_ON during garbage collect testing commit 6029f86740c92c182ff29b34b3c40bb5462050a1 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 3a831203eb292c697dce823cc17a2ba3669f67a1bd45db35ac792d62fad3199d all runs: OK # git bisect bad 6029f86740c92c182ff29b34b3c40bb5462050a1 Bisecting: 22 revisions left to test after this (roughly 5 steps) [1fdd7eef2100790d372f58ffee2fed3b38214e6e] random: remove extern from functions in header testing commit 1fdd7eef2100790d372f58ffee2fed3b38214e6e compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 360e436511016644668b84692083dfae3134087cb60b82dae41273e85dc5d223 run #0: crashed: general protection fault in dst_dev_put run #1: crashed: KASAN: slab-out-of-bounds Read in ip6_pol_route run #2: crashed: general protection fault in dst_dev_put run #3: crashed: general protection fault in process_one_work run #4: crashed: general protection fault in dst_dev_put run #5: crashed: KASAN: use-after-free Read in ip6_pol_route run #6: crashed: general protection fault in dst_dev_put run #7: crashed: BUG: corrupted list in insert_work run #8: crashed: BUG: corrupted list in insert_work run #9: crashed: general protection fault in process_one_work # git bisect good 1fdd7eef2100790d372f58ffee2fed3b38214e6e Bisecting: 11 revisions left to test after this (roughly 4 steps) [56c31ac1d8aadb706ea977c097c714762b3fcfdd] Linux 5.10.119 testing commit 56c31ac1d8aadb706ea977c097c714762b3fcfdd compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 5c50230ce70462aff1b87e5e12c9a8807aa7f105b9b3589d3dae85b3b5c26997 run #0: crashed: BUG: corrupted list in insert_work run #1: crashed: general protection fault in dst_dev_put run #2: crashed: BUG: corrupted list in insert_work run #3: crashed: general protection fault in ip6_pol_route run #4: crashed: BUG: corrupted list in insert_work run #5: crashed: BUG: corrupted list in insert_work run #6: crashed: BUG: corrupted list in insert_work run #7: crashed: BUG: corrupted list in process_one_work run #8: crashed: general protection fault in process_one_work run #9: crashed: general protection fault in process_one_work # git bisect good 56c31ac1d8aadb706ea977c097c714762b3fcfdd Bisecting: 5 revisions left to test after this (roughly 3 steps) [f0749aecb20b2d8fbc600a4467f29c6572e4f434] i2c: ismt: Provide a DMA buffer for Interrupt Cause Logging testing commit f0749aecb20b2d8fbc600a4467f29c6572e4f434 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 680815ae61959be7febc1a2954c68aa096acfbe9374282960fb4a05d15b74c6f all runs: OK # git bisect bad f0749aecb20b2d8fbc600a4467f29c6572e4f434 Bisecting: 2 revisions left to test after this (roughly 2 steps) [ac8d5eb26c9edeb139af1e02e1d3743aa2e1fcd7] net: af_key: check encryption module availability consistency testing commit ac8d5eb26c9edeb139af1e02e1d3743aa2e1fcd7 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: a1c49858a7f80cc54fa27f1dddf901f07845505570d515adbd54ea2b4b9884d7 all runs: OK # git bisect bad ac8d5eb26c9edeb139af1e02e1d3743aa2e1fcd7 Bisecting: 0 revisions left to test after this (roughly 1 step) [d007f49ab789bee8ed76021830b49745d5feaf61] percpu_ref_init(): clean ->percpu_count_ref on failure testing commit d007f49ab789bee8ed76021830b49745d5feaf61 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: ee1942880951dd97d7237528584f37508fd218276c8d94f919bd7383726b2edc all runs: OK # git bisect bad d007f49ab789bee8ed76021830b49745d5feaf61 Bisecting: 0 revisions left to test after this (roughly 0 steps) [75e35951d6ec28a3a1802ffd76fabe788aa8bb02] pinctrl: sunxi: fix f1c100s uart2 function testing commit 75e35951d6ec28a3a1802ffd76fabe788aa8bb02 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 9a6c487950d1607bec451f322ad1517db9d93e5b451d56e0fdd1b1d3ccfb3013 run #0: crashed: general protection fault in dst_dev_put run #1: crashed: general protection fault in dst_dev_put run #2: crashed: general protection fault in process_one_work run #3: crashed: BUG: corrupted list in insert_work run #4: crashed: BUG: corrupted list in insert_work run #5: crashed: BUG: corrupted list in insert_work run #6: crashed: BUG: corrupted list in insert_work run #7: crashed: general protection fault in process_one_work run #8: crashed: BUG: corrupted list in insert_work run #9: OK # git bisect good 75e35951d6ec28a3a1802ffd76fabe788aa8bb02 d007f49ab789bee8ed76021830b49745d5feaf61 is the first bad commit commit d007f49ab789bee8ed76021830b49745d5feaf61 Author: Al Viro Date: Wed May 18 02:13:40 2022 -0400 percpu_ref_init(): clean ->percpu_count_ref on failure [ Upstream commit a91714312eb16f9ecd1f7f8b3efe1380075f28d4 ] That way percpu_ref_exit() is safe after failing percpu_ref_init(). At least one user (cgroup_create()) had a double-free that way; there might be other similar bugs. Easier to fix in percpu_ref_init(), rather than playing whack-a-mole in sloppy users... Usual symptoms look like a messed refcounting in one of subsystems that use percpu allocations (might be percpu-refcount, might be something else). Having refcounts for two different objects share memory is Not Nice(tm)... Reported-by: syzbot+5b1e53987f858500ec00@syzkaller.appspotmail.com Signed-off-by: Al Viro Signed-off-by: Sasha Levin lib/percpu-refcount.c | 1 + 1 file changed, 1 insertion(+) culprit signature: ee1942880951dd97d7237528584f37508fd218276c8d94f919bd7383726b2edc parent signature: 9a6c487950d1607bec451f322ad1517db9d93e5b451d56e0fdd1b1d3ccfb3013 revisions tested: 14, total time: 3h18m5.963255485s (build: 1h16m21.381603051s, test: 1h59m59.846825872s) first good commit: d007f49ab789bee8ed76021830b49745d5feaf61 percpu_ref_init(): clean ->percpu_count_ref on failure recipients (to): ["linux-kernel@vger.kernel.org" "sashal@kernel.org" "viro@zeniv.linux.org.uk"] recipients (cc): ["sashal@kernel.org" "viro@zeniv.linux.org.uk"]