ci starts bisection 2023-03-30 19:49:57.930279894 +0000 UTC m=+113138.376627879 bisecting cause commit starting from a6d9e3034536ba4b68ac34490c02267e6eec9c05 building syzkaller on f325deb023e4e2fb9197004be1b3da738680429c ensuring issue is reproducible on original commit a6d9e3034536ba4b68ac34490c02267e6eec9c05 testing commit a6d9e3034536ba4b68ac34490c02267e6eec9c05 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 1c7aab340dda8eac5803ab66b3485fbbc144d82d742e240cdb4145ba198e99e8 run #0: crashed: KASAN: slab-use-after-free Read in class_register run #1: crashed: KASAN: slab-use-after-free Read in class_register run #2: crashed: WARNING in class_register run #3: crashed: WARNING in class_register run #4: crashed: WARNING in class_register run #5: crashed: KASAN: slab-use-after-free Read in class_register run #6: crashed: KASAN: slab-use-after-free Read in class_register run #7: crashed: WARNING in class_register run #8: crashed: WARNING in class_register run #9: crashed: KASAN: slab-use-after-free Read in class_register run #10: crashed: WARNING in class_register run #11: crashed: KASAN: slab-use-after-free Read in class_register run #12: crashed: WARNING in class_register run #13: crashed: WARNING in class_register run #14: crashed: KASAN: slab-use-after-free Read in class_register run #15: crashed: WARNING in class_register run #16: crashed: KASAN: slab-use-after-free Read in class_register run #17: crashed: KASAN: slab-use-after-free Read in class_register run #18: crashed: KASAN: slab-use-after-free Read in class_register run #19: crashed: WARNING in class_register testing release v6.2 testing commit c9c3395d5e3dcc6daee66c6908354d47bf98cb0c gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: baa1d48b8e4659984afd30f98f1814b787a065eb73ebf611fbd2d2e3905cb636 all runs: OK # git bisect start a6d9e3034536ba4b68ac34490c02267e6eec9c05 c9c3395d5e3dcc6daee66c6908354d47bf98cb0c Bisecting: 11426 revisions left to test after this (roughly 14 steps) [61fc1ee8be26bc192d691932b0a67eabee45d12f] riscv: Bump COMMAND_LINE_SIZE value to 1024 testing commit 61fc1ee8be26bc192d691932b0a67eabee45d12f gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 716370a14d2165964518d93072b39a4bcb9e0732a755e6d2753e6d6beb34234d all runs: OK # git bisect good 61fc1ee8be26bc192d691932b0a67eabee45d12f Bisecting: 5712 revisions left to test after this (roughly 13 steps) [f970fdc22ba050517641e262b6f009fbbbb034b5] Merge branch 'ericvh/for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/ericvh/v9fs.git testing commit f970fdc22ba050517641e262b6f009fbbbb034b5 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 4a32e84d0e16d704588949799f1a7d7dc3899e458cb124e23e599b9112be4250 all runs: OK # git bisect good f970fdc22ba050517641e262b6f009fbbbb034b5 Bisecting: 2881 revisions left to test after this (roughly 12 steps) [f7a1d3c80e6b7f0cea5844924de09f0b6de31581] Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound.git testing commit f7a1d3c80e6b7f0cea5844924de09f0b6de31581 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 963d8bbfa080d2aa4c1f25b03794266ada3701f268087cf34ec9ae906419e185 all runs: OK # git bisect good f7a1d3c80e6b7f0cea5844924de09f0b6de31581 Bisecting: 1463 revisions left to test after this (roughly 11 steps) [2c3fe4c895808fee73ac0640145a1d9585b1ef06] Merge branch 'next' of git://git.kernel.org/pub/scm/virt/kvm/kvm.git testing commit 2c3fe4c895808fee73ac0640145a1d9585b1ef06 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 283fc50ff4950e501fa6375ddd0ed40de32326a2fc772438705a3839c2781dd2 all runs: OK # git bisect good 2c3fe4c895808fee73ac0640145a1d9585b1ef06 Bisecting: 678 revisions left to test after this (roughly 10 steps) [44b2d4b2684939bc1f6a57cabe2d8ce9d74242c6] Merge branch 'staging-next' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging.git testing commit 44b2d4b2684939bc1f6a57cabe2d8ce9d74242c6 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 458fdd2e9c1191db8cad230c1e688167f59a0428594d0d568321f6ce47f9bacb run #0: crashed: WARNING in class_register run #1: crashed: KASAN: slab-use-after-free Read in class_register run #2: crashed: WARNING in class_register run #3: crashed: KASAN: slab-use-after-free Read in class_register run #4: crashed: WARNING in class_register run #5: crashed: KASAN: slab-use-after-free Read in class_register run #6: crashed: WARNING in class_register run #7: crashed: WARNING in class_register run #8: crashed: KASAN: slab-use-after-free Read in class_register run #9: crashed: KASAN: slab-use-after-free Read in class_register # git bisect bad 44b2d4b2684939bc1f6a57cabe2d8ce9d74242c6 Bisecting: 350 revisions left to test after this (roughly 9 steps) [965b88a047af59882ae9fffd58489d8e546893dc] Merge branch 'usb-next' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git testing commit 965b88a047af59882ae9fffd58489d8e546893dc gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 0fdaac54d91f47fb9b8a0164ef231ad8dc1e2e14b163005df67ae1f429719f11 run #0: crashed: KASAN: slab-use-after-free Read in class_register run #1: crashed: KASAN: slab-use-after-free Read in class_register run #2: crashed: WARNING in class_register run #3: crashed: KASAN: slab-use-after-free Read in class_register run #4: crashed: KASAN: slab-use-after-free Read in class_register run #5: crashed: WARNING in class_register run #6: crashed: KASAN: slab-use-after-free Read in class_register run #7: crashed: WARNING in class_register run #8: crashed: KASAN: slab-use-after-free Read in class_register run #9: crashed: WARNING in class_register # git bisect bad 965b88a047af59882ae9fffd58489d8e546893dc Bisecting: 190 revisions left to test after this (roughly 8 steps) [9b73b49ac14d01ee2a6b220ea986d9824f732492] Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/pdx86/platform-drivers-x86.git testing commit 9b73b49ac14d01ee2a6b220ea986d9824f732492 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 0d9b82622961e5dd81ace6bf4f8a3a059c5ae3b084af6098c9653f27c5317de3 all runs: OK # git bisect good 9b73b49ac14d01ee2a6b220ea986d9824f732492 Bisecting: 84 revisions left to test after this (roughly 7 steps) [0aca76e0e365e1dd97610da5e5f01321cee91937] Merge branch 'driver-core-next' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core.git testing commit 0aca76e0e365e1dd97610da5e5f01321cee91937 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 262f77c4a9790004c7f8a05c1acb2a35fe0b805d2e3b80ef302b4fadd7671fa0 run #0: crashed: KASAN: slab-use-after-free Read in class_register run #1: crashed: KASAN: slab-use-after-free Read in class_register run #2: crashed: WARNING in class_register run #3: crashed: KASAN: slab-use-after-free Read in class_register run #4: crashed: KASAN: slab-use-after-free Read in class_register run #5: crashed: KASAN: slab-use-after-free Read in class_register run #6: crashed: WARNING in class_register run #7: crashed: KASAN: slab-use-after-free Read in class_register run #8: crashed: WARNING in class_register run #9: crashed: WARNING in class_register # git bisect bad 0aca76e0e365e1dd97610da5e5f01321cee91937 Bisecting: 52 revisions left to test after this (roughly 6 steps) [c9a9f18d3ad8acb9f9d6b52b5e1922a70b48dc35] drm/i915/huc: use const struct bus_type pointers testing commit c9a9f18d3ad8acb9f9d6b52b5e1922a70b48dc35 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 88e4d088bc7302f7822edb39631c76dc8682b946cb951cb15df988d10e46773f all runs: OK # git bisect good c9a9f18d3ad8acb9f9d6b52b5e1922a70b48dc35 Bisecting: 26 revisions left to test after this (roughly 5 steps) [caef677975dadd9d826cdb8de7c26a1e750d46a2] Merge branch 'for-next' of git://github.com/cminyard/linux-ipmi.git testing commit caef677975dadd9d826cdb8de7c26a1e750d46a2 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 5fb8a9f33a5c8e76c581f789e6d53a5e539a9c9db907425fc9613d2921020cce all runs: OK # git bisect good caef677975dadd9d826cdb8de7c26a1e750d46a2 Bisecting: 13 revisions left to test after this (roughly 4 steps) [8a2b9c84c708cf2a99499d5a685a642af7b68c37] driver core: driver.h: remove extern from function prototypes testing commit 8a2b9c84c708cf2a99499d5a685a642af7b68c37 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: b4f4d54ed8325a4d9998f6d873c72b5db37e01798d0c75274a378c4e19ac67af run #0: crashed: KASAN: slab-use-after-free Read in class_register run #1: crashed: KASAN: slab-use-after-free Read in class_register run #2: crashed: KASAN: slab-use-after-free Read in class_register run #3: crashed: WARNING in class_register run #4: crashed: KASAN: slab-use-after-free Read in class_register run #5: crashed: WARNING in class_register run #6: crashed: WARNING in class_register run #7: crashed: WARNING in class_register run #8: crashed: WARNING in class_register run #9: crashed: WARNING in class_register # git bisect bad 8a2b9c84c708cf2a99499d5a685a642af7b68c37 Bisecting: 6 revisions left to test after this (roughly 3 steps) [9d11b13402d1b80f7f3ca5061d75f15cf8002555] USB: mark all struct bus_type as const testing commit 9d11b13402d1b80f7f3ca5061d75f15cf8002555 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 991a9054bdd78ee678321d83a7aaa7090a834f3a8132dc4e3494a8b7156fbce0 all runs: OK # git bisect good 9d11b13402d1b80f7f3ca5061d75f15cf8002555 Bisecting: 3 revisions left to test after this (roughly 2 steps) [dcfbb67e48a2becfce7990386e985b9c45098ee5] driver core: class: use lock_class_key already present in struct subsys_private testing commit dcfbb67e48a2becfce7990386e985b9c45098ee5 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 6e63b087e06ef9b29a509d072771ba3e26728677ca91f9a0f7b28a589420baa0 run #0: crashed: WARNING in class_register run #1: crashed: WARNING in class_register run #2: crashed: WARNING in class_register run #3: crashed: WARNING in class_register run #4: crashed: KASAN: slab-use-after-free Read in class_register run #5: crashed: KASAN: slab-use-after-free Read in class_register run #6: crashed: WARNING in class_register run #7: crashed: KASAN: slab-use-after-free Read in class_register run #8: crashed: KASAN: slab-use-after-free Read in class_register run #9: crashed: KASAN: slab-use-after-free Read in class_register # git bisect bad dcfbb67e48a2becfce7990386e985b9c45098ee5 Bisecting: 0 revisions left to test after this (roughly 1 step) [5b9ff0ba11042096bfb396e506fa9038e6a61de7] device property: Constify a few fwnode APIs testing commit 5b9ff0ba11042096bfb396e506fa9038e6a61de7 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 35799b864341d2a5e27ce8afe39275453e05d7798ae4665837bb82ded008bb46 all runs: OK # git bisect good 5b9ff0ba11042096bfb396e506fa9038e6a61de7 dcfbb67e48a2becfce7990386e985b9c45098ee5 is the first bad commit commit dcfbb67e48a2becfce7990386e985b9c45098ee5 Author: Greg Kroah-Hartman Date: Fri Mar 24 11:01:31 2023 +0100 driver core: class: use lock_class_key already present in struct subsys_private In commit 37e98d9bedb5 ("driver core: bus: move lock_class_key into dynamic structure"), we moved the lock_class_key into the internal structure shared by busses and classes, but only used it for buses. Move the class code to use this structure as it is already present and being allocated, instead of the statically allocated on-the-stack variable that class_create() was using as part of a macro wrapper around the core function call. Reviewed-by: Rafael J. Wysocki Link: https://lore.kernel.org/r/20230324100132.1633647-1-gregkh@linuxfoundation.org Signed-off-by: Greg Kroah-Hartman drivers/base/class.c | 15 +++++++++------ include/linux/device/class.h | 36 ++---------------------------------- 2 files changed, 11 insertions(+), 40 deletions(-) culprit signature: 6e63b087e06ef9b29a509d072771ba3e26728677ca91f9a0f7b28a589420baa0 parent signature: 35799b864341d2a5e27ce8afe39275453e05d7798ae4665837bb82ded008bb46 revisions tested: 16, total time: 5h19m13.687942147s (build: 2h40m11.155289223s, test: 2h36m4.054502884s) first bad commit: dcfbb67e48a2becfce7990386e985b9c45098ee5 driver core: class: use lock_class_key already present in struct subsys_private recipients (to): ["gregkh@linuxfoundation.org" "rafael@kernel.org"] recipients (cc): [] crash: KASAN: slab-use-after-free Read in class_register usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 85 usb 1-1: New USB device found, idVendor=047f, idProduct=7fff, bcdDevice= 0.00 usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 usb 1-1: config 0 descriptor?? plantronics 0003:047F:7FFF.00BB: No inputs registered, leaving ================================================================== BUG: KASAN: slab-use-after-free in lockdep_register_key+0x396/0x410 kernel/locking/lockdep.c:1231 Read of size 8 at addr ffff88801fb98b60 by task kworker/1:1/26 CPU: 1 PID: 26 Comm: kworker/1:1 Not tainted 6.3.0-rc1-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 Workqueue: usb_hub_wq hub_event Call Trace: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x64/0xb0 lib/dump_stack.c:106 print_address_description.constprop.0+0x2c/0x3c0 mm/kasan/report.c:319 print_report mm/kasan/report.c:430 [inline] kasan_report+0x11c/0x130 mm/kasan/report.c:536 lockdep_register_key+0x396/0x410 kernel/locking/lockdep.c:1231 class_register+0xdc/0x4c0 drivers/base/class.c:172 class_create+0x8f/0xe0 drivers/base/class.c:250 init_usb_class drivers/usb/core/file.c:91 [inline] usb_register_dev+0x403/0x770 drivers/usb/core/file.c:179 hiddev_connect+0x2f1/0x540 drivers/hid/usbhid/hiddev.c:903 hid_connect+0x1f8/0x1640 drivers/hid/hid-core.c:2184 hid_hw_start drivers/hid/hid-core.c:2294 [inline] hid_hw_start+0x78/0x100 drivers/hid/hid-core.c:2285 plantronics_probe+0x240/0x350 drivers/hid/hid-plantronics.c:191 hid_device_probe+0x24d/0x360 drivers/hid/hid-core.c:2615 call_driver_probe drivers/base/dd.c:579 [inline] really_probe+0x1c7/0xb20 drivers/base/dd.c:658 __driver_probe_device+0x186/0x460 drivers/base/dd.c:795 driver_probe_device+0x44/0x110 drivers/base/dd.c:825 __device_attach_driver+0x14e/0x270 drivers/base/dd.c:953 bus_for_each_drv+0x102/0x190 drivers/base/bus.c:457 __device_attach+0x19e/0x3d0 drivers/base/dd.c:1025 bus_probe_device+0x12b/0x170 drivers/base/bus.c:532 device_add+0xee4/0x1930 drivers/base/core.c:3611 hid_add_device+0x308/0x920 drivers/hid/hid-core.c:2767 usbhid_probe+0x952/0xf00 drivers/hid/usbhid/hid-core.c:1429 usb_probe_interface+0x26c/0x820 drivers/usb/core/driver.c:396 call_driver_probe drivers/base/dd.c:579 [inline] really_probe+0x1c7/0xb20 drivers/base/dd.c:658 __driver_probe_device+0x186/0x460 drivers/base/dd.c:795 driver_probe_device+0x44/0x110 drivers/base/dd.c:825 __device_attach_driver+0x14e/0x270 drivers/base/dd.c:953 bus_for_each_drv+0x102/0x190 drivers/base/bus.c:457 __device_attach+0x19e/0x3d0 drivers/base/dd.c:1025 bus_probe_device+0x12b/0x170 drivers/base/bus.c:532 device_add+0xee4/0x1930 drivers/base/core.c:3611 usb_set_configuration+0xabc/0x1a20 drivers/usb/core/message.c:2171 usb_generic_driver_probe+0x88/0xd0 drivers/usb/core/generic.c:238 usb_probe_device+0x98/0x240 drivers/usb/core/driver.c:293 call_driver_probe drivers/base/dd.c:579 [inline] really_probe+0x1c7/0xb20 drivers/base/dd.c:658 __driver_probe_device+0x186/0x460 drivers/base/dd.c:795 driver_probe_device+0x44/0x110 drivers/base/dd.c:825 __device_attach_driver+0x14e/0x270 drivers/base/dd.c:953 bus_for_each_drv+0x102/0x190 drivers/base/bus.c:457