ci starts bisection 2023-05-04 12:18:30.746487079 +0000 UTC m=+95.629090629
bisecting fixing commit since fa182ea26ff09cbadb28bbcd6196209b3555eb1d
building syzkaller on 67cb024cd1a3c95e311263a5c95e957f9abfd8ca
ensuring issue is reproducible on original commit fa182ea26ff09cbadb28bbcd6196209b3555eb1d

testing commit fa182ea26ff09cbadb28bbcd6196209b3555eb1d gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: cabda233e3e8ff6bb208f6884d6aa887fddedfa30505ae5f8992490fbd737b1d
all runs: crashed: WARNING in j1939_session_deactivate_activate_next
testing current HEAD b9850ec0027ca7639141706101bce09b8e3224e6
testing commit b9850ec0027ca7639141706101bce09b8e3224e6 gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 664b3bcc024daceb7d31271ee8ba10e8dee6b1f0b2f05a914bc29f42ce3dc181
all runs: OK
# git bisect start b9850ec0027ca7639141706101bce09b8e3224e6 fa182ea26ff09cbadb28bbcd6196209b3555eb1d
Bisecting: 26404 revisions left to test after this (roughly 15 steps)
[1c429c10192c930fd358b0c9a777c222a352d945] Merge branch 'selftests-fix'

testing commit 1c429c10192c930fd358b0c9a777c222a352d945 gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: f7df94fedbb795f98cf9df2ea08f7815e9884060d9cef61528f04df54aed1ef8
run #0: basic kernel testing failed: BUG: program execution failed: executor NUM: failed to write control pipe: write |NUM: broken pipe
run #1: crashed: WARNING in j1939_session_deactivate_activate_next
run #2: crashed: WARNING in j1939_session_deactivate_activate_next
run #3: crashed: WARNING in j1939_session_deactivate_activate_next
run #4: crashed: WARNING in j1939_session_deactivate_activate_next
run #5: crashed: WARNING in j1939_session_deactivate_activate_next
run #6: crashed: WARNING in j1939_session_deactivate_activate_next
run #7: crashed: WARNING in j1939_session_deactivate_activate_next
run #8: crashed: WARNING in j1939_session_deactivate_activate_next
run #9: crashed: WARNING in j1939_session_deactivate_activate_next
# git bisect good 1c429c10192c930fd358b0c9a777c222a352d945
Bisecting: 13171 revisions left to test after this (roughly 14 steps)
[8cbd92339db08b19b93d1637e5799ff2a8dddfd2] Merge tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma

testing commit 8cbd92339db08b19b93d1637e5799ff2a8dddfd2 gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 89978ddca9800e4c905d2c30760ad6c4875d36993f607374e9b5a2df2fece412
all runs: OK
# git bisect bad 8cbd92339db08b19b93d1637e5799ff2a8dddfd2
Bisecting: 7259 revisions left to test after this (roughly 13 steps)
[36289a03bcd3aabdf66de75cb6d1b4ee15726438] Merge tag 'v6.3-p1' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6

testing commit 36289a03bcd3aabdf66de75cb6d1b4ee15726438 gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 27bd3d3e1725e7cf2e4aa1ada9143ddcbb94e2d0d55e72de7ddbfceab12d68d8
all runs: OK
# git bisect bad 36289a03bcd3aabdf66de75cb6d1b4ee15726438
Bisecting: 2970 revisions left to test after this (roughly 12 steps)
[274978f173276c5720a3cd8d0b6047d2c0d3a684] Merge tag 'fixes_for_v6.3-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs

testing commit 274978f173276c5720a3cd8d0b6047d2c0d3a684 gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: e1aafc5d5b105ecd6fe8cb70d8936e1d8e875c055e3b7782264b4f958c2d634b
all runs: OK
# git bisect bad 274978f173276c5720a3cd8d0b6047d2c0d3a684
Bisecting: 1541 revisions left to test after this (roughly 11 steps)
[4a0c7a6831a0aa56db78a80f5a3e1ad5412d0fa8] Merge tag 'perf-tools-fixes-for-v6.2-3-2023-01-19' of git://git.kernel.org/pub/scm/linux/kernel/git/acme/linux

testing commit 4a0c7a6831a0aa56db78a80f5a3e1ad5412d0fa8 gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 8016a2db3f1cb65b9cab6c4fe26e5393fe32a686b3ae92870563cc888d140a5f
all runs: crashed: WARNING in j1939_session_deactivate_activate_next
# git bisect good 4a0c7a6831a0aa56db78a80f5a3e1ad5412d0fa8
Bisecting: 770 revisions left to test after this (roughly 10 steps)
[e8797a058466b60fc5a3291b92430c93ba90eaff] ionic: clean interrupt before enabling queue to avoid credit race

testing commit e8797a058466b60fc5a3291b92430c93ba90eaff gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: d19d5993c2b3b79372ac89fc871754cba2f52c2fe8b5f46ab6b30e329d37d044
all runs: OK
# git bisect bad e8797a058466b60fc5a3291b92430c93ba90eaff
Bisecting: 384 revisions left to test after this (roughly 9 steps)
[d732cbf78d616c0b63201eb9e5e4af3fe9b90dc4] Merge tag 'kvmarm-fixes-6.2-2' of git://git.kernel.org/pub/scm/linux/kernel/git/kvmarm/kvmarm into HEAD

testing commit d732cbf78d616c0b63201eb9e5e4af3fe9b90dc4 gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: b0fe54b5580b31fafffb8b40531b44c886b0dc1e32c21590ea31b76e78943860
all runs: crashed: WARNING in j1939_session_deactivate_activate_next
# git bisect good d732cbf78d616c0b63201eb9e5e4af3fe9b90dc4
Bisecting: 190 revisions left to test after this (roughly 8 steps)
[90aaef4e35c4a74b0f1593d06e39eda867ef13d3] Merge tag 'block-6.2-2023-01-27' of git://git.kernel.dk/linux

testing commit 90aaef4e35c4a74b0f1593d06e39eda867ef13d3 gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: c006b653e5c23550ee8a6c87093139c2467efd2427e1dea8e84250f9f8bdcf8e
run #0: basic kernel testing failed: BUG: program execution failed: executor NUM: exit status NUM
run #1: crashed: WARNING in j1939_session_deactivate_activate_next
run #2: crashed: WARNING in j1939_session_deactivate_activate_next
run #3: crashed: WARNING in j1939_session_deactivate_activate_next
run #4: crashed: WARNING in j1939_session_deactivate_activate_next
run #5: crashed: WARNING in j1939_session_deactivate_activate_next
run #6: crashed: WARNING in j1939_session_deactivate_activate_next
run #7: crashed: WARNING in j1939_session_deactivate_activate_next
run #8: crashed: WARNING in j1939_session_deactivate_activate_next
run #9: crashed: WARNING in j1939_session_deactivate_activate_next
# git bisect good 90aaef4e35c4a74b0f1593d06e39eda867ef13d3
Bisecting: 101 revisions left to test after this (roughly 7 steps)
[addfba11b314824e3b4fb70448b339dcb21be5bf] Merge tag 's390-6.2-4' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux

testing commit addfba11b314824e3b4fb70448b339dcb21be5bf gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: f2f9981c8c8620432d602922595981c3f7ed551c3fa2734f514927e616fd8e00
run #0: basic kernel testing failed: BUG: program execution failed: executor NUM: failed to write control pipe: write |NUM: broken pipe
run #1: basic kernel testing failed: BUG: program execution failed: executor NUM: failed to write control pipe: write |NUM: broken pipe
run #2: crashed: WARNING in j1939_session_deactivate_activate_next
run #3: crashed: WARNING in j1939_session_deactivate_activate_next
run #4: crashed: WARNING in j1939_session_deactivate_activate_next
run #5: crashed: WARNING in j1939_session_deactivate_activate_next
run #6: crashed: WARNING in j1939_session_deactivate_activate_next
run #7: crashed: WARNING in j1939_session_deactivate_activate_next
run #8: crashed: WARNING in j1939_session_deactivate_activate_next
run #9: crashed: WARNING in j1939_session_deactivate_activate_next
# git bisect good addfba11b314824e3b4fb70448b339dcb21be5bf
Bisecting: 50 revisions left to test after this (roughly 6 steps)
[cca6e9ff22f79e37da3d73f60c38a84d8ed0c162] Merge branch 'ip-ip6_gre-fix-gre-tunnels-not-generating-ipv6-link-local-addresses'

testing commit cca6e9ff22f79e37da3d73f60c38a84d8ed0c162 gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 22c8a3c83b67e49943757f62efc756e8699e7c82e8ae74f2d0b65c6b6a715d90
all runs: crashed: WARNING in j1939_session_deactivate_activate_next
# git bisect good cca6e9ff22f79e37da3d73f60c38a84d8ed0c162
Bisecting: 24 revisions left to test after this (roughly 5 steps)
[9983a2c986534db004b50d95b7fe64bb9b925dca] Merge branch 'fixes-for-mtk_eth_soc'

testing commit 9983a2c986534db004b50d95b7fe64bb9b925dca gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: cce8c48ace1cb985c270251136ef1b09474548a4a708c95f452cdd2c33f61a66
run #0: basic kernel testing failed: BUG: program execution failed: executor NUM: exit status NUM
run #1: OK
run #2: OK
run #3: OK
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
# git bisect bad 9983a2c986534db004b50d95b7fe64bb9b925dca
Bisecting: 12 revisions left to test after this (roughly 4 steps)
[a35965625649b5b65153d51aed466c4b3008ce2e] mailmap: add John Crispin's entry

testing commit a35965625649b5b65153d51aed466c4b3008ce2e gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 9008fbac127411dc1e5a913ac311970d74987e5a3e5dfc5a9cb4bb07fe604166
all runs: crashed: WARNING in j1939_session_deactivate_activate_next
# git bisect good a35965625649b5b65153d51aed466c4b3008ce2e
Bisecting: 7 revisions left to test after this (roughly 3 steps)
[1613fff7a32e1d9e2ac09db73feba0e71a188445] can: mcp251xfd: mcp251xfd_ring_set_ringparam(): assign missing tx_obj_num_coalesce_irq

testing commit 1613fff7a32e1d9e2ac09db73feba0e71a188445 gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: b99086f8bbe1d4ec39ed41e166ffa8e57b11485a576e13afdcf7965350169fcc
all runs: OK
# git bisect bad 1613fff7a32e1d9e2ac09db73feba0e71a188445
Bisecting: 2 revisions left to test after this (roughly 1 step)
[3793301cbaa4a62d83e21f685307da7671f812ab] can: raw: fix CAN FD frame transmissions over CAN XL devices

testing commit 3793301cbaa4a62d83e21f685307da7671f812ab gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 5d4129ce7a95b255ad70d7a2410b5f5721b8f47f73b4d6a5b0a81c6606eeebb7
all runs: OK
# git bisect bad 3793301cbaa4a62d83e21f685307da7671f812ab
Bisecting: 0 revisions left to test after this (roughly 0 steps)
[d0553680f94c49bbe0e39eb50d033ba563b4212d] can: j1939: fix errant WARN_ON_ONCE in j1939_session_deactivate

testing commit d0553680f94c49bbe0e39eb50d033ba563b4212d gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 5d5da8c5d19f639eded31eb7728fbc3d9d677bc43fa8a34ef8151ffcbf494039
all runs: OK
# git bisect bad d0553680f94c49bbe0e39eb50d033ba563b4212d
d0553680f94c49bbe0e39eb50d033ba563b4212d is the first bad commit
commit d0553680f94c49bbe0e39eb50d033ba563b4212d
Author: Ziyang Xuan <william.xuanziyang@huawei.com>
Date:   Mon Sep 6 17:42:00 2021 +0800

    can: j1939: fix errant WARN_ON_ONCE in j1939_session_deactivate
    
    The conclusion "j1939_session_deactivate() should be called with a
    session ref-count of at least 2" is incorrect. In some concurrent
    scenarios, j1939_session_deactivate can be called with the session
    ref-count less than 2. But there is not any problem because it
    will check the session active state before session putting in
    j1939_session_deactivate_locked().
    
    Here is the concurrent scenario of the problem reported by syzbot
    and my reproduction log.
    
            cpu0                            cpu1
                                    j1939_xtp_rx_eoma
    j1939_xtp_rx_abort_one
                                    j1939_session_get_by_addr [kref == 2]
    j1939_session_get_by_addr [kref == 3]
    j1939_session_deactivate [kref == 2]
    j1939_session_put [kref == 1]
                                    j1939_session_completed
                                    j1939_session_deactivate
                                    WARN_ON_ONCE(kref < 2)
    
    =====================================================
    WARNING: CPU: 1 PID: 21 at net/can/j1939/transport.c:1088 j1939_session_deactivate+0x5f/0x70
    CPU: 1 PID: 21 Comm: ksoftirqd/1 Not tainted 5.14.0-rc7+ #32
    Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1 04/01/2014
    RIP: 0010:j1939_session_deactivate+0x5f/0x70
    Call Trace:
     j1939_session_deactivate_activate_next+0x11/0x28
     j1939_xtp_rx_eoma+0x12a/0x180
     j1939_tp_recv+0x4a2/0x510
     j1939_can_recv+0x226/0x380
     can_rcv_filter+0xf8/0x220
     can_receive+0x102/0x220
     ? process_backlog+0xf0/0x2c0
     can_rcv+0x53/0xf0
     __netif_receive_skb_one_core+0x67/0x90
     ? process_backlog+0x97/0x2c0
     __netif_receive_skb+0x22/0x80
    
    Fixes: 0c71437dd50d ("can: j1939: j1939_session_deactivate(): clarify lifetime of session object")
    Reported-by: syzbot+9981a614060dcee6eeca@syzkaller.appspotmail.com
    Signed-off-by: Ziyang Xuan <william.xuanziyang@huawei.com>
    Acked-by: Oleksij Rempel <o.rempel@pengutronix.de>
    Link: https://lore.kernel.org/all/20210906094200.95868-1-william.xuanziyang@huawei.com
    Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>

 net/can/j1939/transport.c | 4 ----
 1 file changed, 4 deletions(-)

parent commit 917d5e04d4dd2bbbf36fc6976ba442e284ccc42d wasn't tested
testing commit 917d5e04d4dd2bbbf36fc6976ba442e284ccc42d gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 99a31d8c3a42630115397b9ddc80091d852b5816d9c2b394458c34a32bbe4344
culprit signature: 5d5da8c5d19f639eded31eb7728fbc3d9d677bc43fa8a34ef8151ffcbf494039
parent  signature: 99a31d8c3a42630115397b9ddc80091d852b5816d9c2b394458c34a32bbe4344
revisions tested: 17, total time: 4h27m26.865894357s (build: 2h10m23.926615561s, test: 2h14m39.133579005s)
first good commit: d0553680f94c49bbe0e39eb50d033ba563b4212d can: j1939: fix errant WARN_ON_ONCE in j1939_session_deactivate
recipients (to): ["mkl@pengutronix.de" "o.rempel@pengutronix.de" "william.xuanziyang@huawei.com"]
recipients (cc): []