ci2 starts bisection 2023-12-10 18:50:01.008363991 +0000 UTC m=+242158.114285331 bisecting fixing commit since 4bbdb725a36b0d235f3b832bd0c1e885f0442d9f building syzkaller on 56230772cba106f46117f03491f01c3cf511ae26 ensuring issue is reproducible on original commit 4bbdb725a36b0d235f3b832bd0c1e885f0442d9f testing commit 4bbdb725a36b0d235f3b832bd0c1e885f0442d9f gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: f246ca7011fcb43c38420d4ae2f08268cc995c78667b2dec19ce1e912339f765 all runs: crashed: KASAN: slab-use-after-free Read in ptp_read representative crash: KASAN: slab-use-after-free Read in ptp_read, types: [KASAN] check whether we can drop unnecessary instrumentation disabling configs for [UBSAN BUG LOCKDEP ATOMIC_SLEEP HANG LEAK], they are not needed testing commit 4bbdb725a36b0d235f3b832bd0c1e885f0442d9f gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: a7816b4136408b3db9646e6ac5c62d413cfa7ad3bd33eba3f4c6acf7323dfc44 all runs: crashed: KASAN: slab-use-after-free Read in ptp_read representative crash: KASAN: slab-use-after-free Read in ptp_read, types: [KASAN] the bug reproduces without the instrumentation disabling configs for [LOCKDEP ATOMIC_SLEEP HANG LEAK UBSAN BUG], they are not needed kconfig minimization: base=3915 full=7656 leaves diff=2011 split chunks (needed=false): <2011> split chunk #0 of len 2011 into 5 parts testing without sub-chunk 1/5 disabling configs for [LEAK UBSAN BUG LOCKDEP ATOMIC_SLEEP HANG], they are not needed testing commit 4bbdb725a36b0d235f3b832bd0c1e885f0442d9f gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 5bd67dc7bdff1496f8dbf5346ede744caf73ab0c8158d6cf1a8a40a730cd1524 all runs: crashed: KASAN: slab-use-after-free Read in ptp_read representative crash: KASAN: slab-use-after-free Read in ptp_read, types: [KASAN] the chunk can be dropped testing without sub-chunk 2/5 disabling configs for [BUG LOCKDEP ATOMIC_SLEEP HANG LEAK UBSAN], they are not needed testing commit 4bbdb725a36b0d235f3b832bd0c1e885f0442d9f gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: d687c8f7f44503239401d4ed6a280afe82507e840f5c799237a85a9e333debca all runs: crashed: KASAN: slab-use-after-free Read in ptp_read representative crash: KASAN: slab-use-after-free Read in ptp_read, types: [KASAN] the chunk can be dropped testing without sub-chunk 3/5 disabling configs for [LOCKDEP ATOMIC_SLEEP HANG LEAK UBSAN BUG], they are not needed testing commit 4bbdb725a36b0d235f3b832bd0c1e885f0442d9f gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 5c072f833b29806b8157ec5e83c520f365804bc46495364435998409001e6c9f all runs: crashed: KASAN: slab-use-after-free Read in ptp_read representative crash: KASAN: slab-use-after-free Read in ptp_read, types: [KASAN] the chunk can be dropped testing without sub-chunk 4/5 disabling configs for [LEAK UBSAN BUG LOCKDEP ATOMIC_SLEEP HANG], they are not needed testing commit 4bbdb725a36b0d235f3b832bd0c1e885f0442d9f gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: e430dfb0e74cba6b466dc0979aff3776b5c14afb82017d66bffded63b0298307 all runs: crashed: KASAN: slab-use-after-free Read in ptp_read representative crash: KASAN: slab-use-after-free Read in ptp_read, types: [KASAN] the chunk can be dropped testing without sub-chunk 5/5 disabling configs for [LEAK UBSAN BUG LOCKDEP ATOMIC_SLEEP HANG], they are not needed testing commit 4bbdb725a36b0d235f3b832bd0c1e885f0442d9f gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: c9b2e9e73595d170173c04e396d9c599cbd1853b64eb07d0de5039c44910d9ee all runs: crashed: KASAN: slab-use-after-free Read in ptp_read representative crash: KASAN: slab-use-after-free Read in ptp_read, types: [KASAN] the chunk can be dropped disabling configs for [LEAK UBSAN BUG LOCKDEP ATOMIC_SLEEP HANG], they are not needed testing current HEAD c527f5606aa545233a4d2c6d5c636ed82b8633ef testing commit c527f5606aa545233a4d2c6d5c636ed82b8633ef gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 1d0df0cb2719c90dc183a837a98f0038d080089391ebadf3801264fa9d008081 all runs: OK false negative chance: 0.000 # git bisect start c527f5606aa545233a4d2c6d5c636ed82b8633ef 4bbdb725a36b0d235f3b832bd0c1e885f0442d9f Bisecting: 986 revisions left to test after this (roughly 10 steps) [a29ee6aea7030786a63fde0d6d83a8f477b060fb] perf build: Ensure sysreg-defs Makefile respects output dir determine whether the revision contains the guilty commit revision 4bbdb725a36b0d235f3b832bd0c1e885f0442d9f crashed and is reachable testing commit a29ee6aea7030786a63fde0d6d83a8f477b060fb gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 727eca8b48c1e308a0146475f82755d6c4b90d9b1fa323b6cd0d93e1c222710a all runs: OK false negative chance: 0.000 # git bisect bad a29ee6aea7030786a63fde0d6d83a8f477b060fb Bisecting: 466 revisions left to test after this (roughly 9 steps) [c0d12d769299e1e08338988c7745009e0db2a4a0] Merge tag 'drm-next-2023-11-10' of git://anongit.freedesktop.org/drm/drm determine whether the revision contains the guilty commit revision 4bbdb725a36b0d235f3b832bd0c1e885f0442d9f crashed and is reachable testing commit c0d12d769299e1e08338988c7745009e0db2a4a0 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: add482e64e7fb6793d5e5f3a9917f14f8f11532529d38b7dd93ea188ff35c5dd all runs: OK false negative chance: 0.000 # git bisect bad c0d12d769299e1e08338988c7745009e0db2a4a0 Bisecting: 261 revisions left to test after this (roughly 8 steps) [89cdf9d556016a54ff6ddd62324aa5ec790c05cc] Merge tag 'net-6.7-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net determine whether the revision contains the guilty commit revision 4bbdb725a36b0d235f3b832bd0c1e885f0442d9f crashed and is reachable testing commit 89cdf9d556016a54ff6ddd62324aa5ec790c05cc gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 2bed2fc5c95f209763b0612d4beeb267fa6e8a25d4020a3490367e2ef106497b all runs: OK false negative chance: 0.000 # git bisect bad 89cdf9d556016a54ff6ddd62324aa5ec790c05cc Bisecting: 100 revisions left to test after this (roughly 7 steps) [a12deb44f9734dc25970c266249b272e44d3d1b5] Merge tag 'input-for-v6.7-rc0' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input determine whether the revision contains the guilty commit revision 4bbdb725a36b0d235f3b832bd0c1e885f0442d9f crashed and is reachable testing commit a12deb44f9734dc25970c266249b272e44d3d1b5 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: c4ccc9d3c071760c46a114f5f4b174d896ec5dda5516e1d0390e5b84c801bf88 all runs: crashed: KASAN: slab-use-after-free Read in ptp_read representative crash: KASAN: slab-use-after-free Read in ptp_read, types: [KASAN] # git bisect good a12deb44f9734dc25970c266249b272e44d3d1b5 Bisecting: 49 revisions left to test after this (roughly 6 steps) [97b94329126823d58550f4699d91e2536d4b6e91] Merge branch 'vsock-fixes' determine whether the revision contains the guilty commit checking the merge base ff269e2cd5adce4ae14f883fc9c8803bc43ee1e9 no existing result, test the revision testing commit ff269e2cd5adce4ae14f883fc9c8803bc43ee1e9 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 75ca9abb3610f82116a733dc217aedf2834f9026770d7083fd417eaaa457fd3d all runs: crashed: KASAN: slab-use-after-free Read in ptp_read representative crash: KASAN: slab-use-after-free Read in ptp_read, types: [KASAN] testing commit 97b94329126823d58550f4699d91e2536d4b6e91 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 58d8191d90f1485c68a5a880d9ee9f37f32bd47dcad740adee206c28f1f899a1 all runs: crashed: KASAN: slab-use-after-free Read in ptp_read representative crash: KASAN: slab-use-after-free Read in ptp_read, types: [KASAN] # git bisect good 97b94329126823d58550f4699d91e2536d4b6e91 Bisecting: 22 revisions left to test after this (roughly 5 steps) [942b8b38de3fd38de1476b2abca562e729caa03d] Merge tag 'for-netdev' of https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf determine whether the revision contains the guilty commit revision ff269e2cd5adce4ae14f883fc9c8803bc43ee1e9 crashed and is reachable testing commit 942b8b38de3fd38de1476b2abca562e729caa03d gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 320ab2dfafd514fd30ea8c48bb1987cd0b8a60134d343ac3c347bb0e3f9efeef all runs: crashed: KASAN: slab-use-after-free Read in ptp_read representative crash: KASAN: slab-use-after-free Read in ptp_read, types: [KASAN] # git bisect good 942b8b38de3fd38de1476b2abca562e729caa03d Bisecting: 11 revisions left to test after this (roughly 4 steps) [f1a3b283f852c613fae004f87bbbacc8cef5a061] net_sched: sch_fq: better validate TCA_FQ_WEIGHTS and TCA_FQ_PRIOMAP determine whether the revision contains the guilty commit revision ff269e2cd5adce4ae14f883fc9c8803bc43ee1e9 crashed and is reachable testing commit f1a3b283f852c613fae004f87bbbacc8cef5a061 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 671db4ad8b76350dfa944419f7770f192e20cbfc14bcaf51b5eac7e3336922b9 all runs: crashed: KASAN: slab-use-after-free Read in ptp_read representative crash: KASAN: slab-use-after-free Read in ptp_read, types: [KASAN] # git bisect good f1a3b283f852c613fae004f87bbbacc8cef5a061 Bisecting: 5 revisions left to test after this (roughly 3 steps) [b714ca2ccf6a90733f6ceb14abb6ce914f8832c3] ptp: ptp_read should not release queue determine whether the revision contains the guilty commit revision 97b94329126823d58550f4699d91e2536d4b6e91 crashed and is reachable testing commit b714ca2ccf6a90733f6ceb14abb6ce914f8832c3 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 68ac144584fc7bd292535ab2d19157b2d3cad99dc2a2c7d3124e488376efa551 all runs: OK false negative chance: 0.000 # git bisect bad b714ca2ccf6a90733f6ceb14abb6ce914f8832c3 Bisecting: 2 revisions left to test after this (roughly 2 steps) [8b3c8c55ccbc02920b0ae6601c66df24f0d833bd] ice: Fix VF-VF filter rules in switchdev mode determine whether the revision contains the guilty commit revision ff269e2cd5adce4ae14f883fc9c8803bc43ee1e9 crashed and is reachable testing commit 8b3c8c55ccbc02920b0ae6601c66df24f0d833bd gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: f8027d25f19bd8edca72c5a73d3ed77aa7f152cfc3ee32fe9725736c5c094335 all runs: crashed: KASAN: slab-use-after-free Read in ptp_read representative crash: KASAN: slab-use-after-free Read in ptp_read, types: [KASAN] # git bisect good 8b3c8c55ccbc02920b0ae6601c66df24f0d833bd Bisecting: 0 revisions left to test after this (roughly 1 step) [9b818a340c0024f8b8f36a5f8e8b4eea3afa9a77] Merge branch '100GbE' of git://git.kernel.org/pub/scm/linux/kernel/git/tnguy/net-queue determine whether the revision contains the guilty commit revision f1a3b283f852c613fae004f87bbbacc8cef5a061 crashed and is reachable testing commit 9b818a340c0024f8b8f36a5f8e8b4eea3afa9a77 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 7ef2a7dd17cc2382b80991efa3f54eb27dc4c4edf1346bf58d8ceef8414c5066 all runs: crashed: KASAN: slab-use-after-free Read in ptp_read representative crash: KASAN: slab-use-after-free Read in ptp_read, types: [KASAN] # git bisect good 9b818a340c0024f8b8f36a5f8e8b4eea3afa9a77 b714ca2ccf6a90733f6ceb14abb6ce914f8832c3 is the first bad commit commit b714ca2ccf6a90733f6ceb14abb6ce914f8832c3 Author: Edward Adam Davis Date: Tue Nov 7 16:00:40 2023 +0800 ptp: ptp_read should not release queue Firstly, queue is not the memory allocated in ptp_read; Secondly, other processes may block at ptp_read and wait for conditions to be met to perform read operations. Acked-by: Richard Cochran Reported-and-tested-by: syzbot+df3f3ef31f60781fa911@syzkaller.appspotmail.com Fixes: 8f5de6fb2453 ("ptp: support multiple timestamp event readers") Signed-off-by: Edward Adam Davis Link: https://lore.kernel.org/r/tencent_18747D76F1675A3C633772960237544AAA09@qq.com Signed-off-by: Jakub Kicinski drivers/ptp/ptp_chardev.c | 2 -- 1 file changed, 2 deletions(-) accumulated error probability: 0.00 culprit signature: 68ac144584fc7bd292535ab2d19157b2d3cad99dc2a2c7d3124e488376efa551 parent signature: 7ef2a7dd17cc2382b80991efa3f54eb27dc4c4edf1346bf58d8ceef8414c5066 revisions tested: 19, total time: 2h47m55.40008132s (build: 1h8m30.780719986s, test: 1h31m37.537421959s) first good commit: b714ca2ccf6a90733f6ceb14abb6ce914f8832c3 ptp: ptp_read should not release queue recipients (to): ["eadavis@qq.com" "kuba@kernel.org" "richardcochran@gmail.com" "syzbot+df3f3ef31f60781fa911@syzkaller.appspotmail.com"] recipients (cc): []