ci2 starts bisection 2023-09-30 10:50:17.914880372 +0000 UTC m=+73228.708129459 bisecting fixing commit since 83c56fbab45dea6eb88e5e61fbfa390dfd2e0db7 building syzkaller on ce731e62924b02242d6a300be86d744a167292ab ensuring issue is reproducible on original commit 83c56fbab45dea6eb88e5e61fbfa390dfd2e0db7 testing commit 83c56fbab45dea6eb88e5e61fbfa390dfd2e0db7 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: c1bef01003c43d9e13b4e2148116e1039fa7828fb643b72d88bf0ea1695d5c7b run #0: crashed: BUG: soft lockup in tc_modify_qdisc run #1: crashed: BUG: soft lockup in tc_modify_qdisc run #2: crashed: BUG: soft lockup in tc_modify_qdisc run #3: crashed: BUG: soft lockup in tc_modify_qdisc run #4: crashed: BUG: soft lockup in tc_modify_qdisc run #5: crashed: BUG: soft lockup in tc_modify_qdisc run #6: crashed: BUG: soft lockup in tc_modify_qdisc run #7: crashed: BUG: soft lockup in tc_modify_qdisc run #8: crashed: BUG: soft lockup in tc_modify_qdisc run #9: crashed: BUG: soft lockup in tc_modify_qdisc run #10: crashed: BUG: soft lockup in tc_modify_qdisc run #11: crashed: BUG: soft lockup in tc_modify_qdisc run #12: crashed: BUG: soft lockup in tc_modify_qdisc run #13: crashed: BUG: soft lockup in corrupted run #14: crashed: BUG: soft lockup in tc_modify_qdisc run #15: crashed: BUG: soft lockup in tc_modify_qdisc run #16: crashed: BUG: soft lockup in tc_modify_qdisc run #17: crashed: no output from test machine run #18: crashed: BUG: soft lockup in tc_modify_qdisc run #19: crashed: BUG: soft lockup in tc_modify_qdisc representative crash: BUG: soft lockup in tc_modify_qdisc, types: [HANG] check whether we can drop unnecessary instrumentation disabling configs for [KASAN LOCKDEP ATOMIC_SLEEP LEAK UBSAN BUG], they are not needed testing commit 83c56fbab45dea6eb88e5e61fbfa390dfd2e0db7 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: bb615e7573d91b5ab74f6e11d74aea5de393f4aed29df4c5f7f1466a50e68cc0 run #0: crashed: BUG: workqueue lockup run #1: crashed: BUG: soft lockup in tc_modify_qdisc run #2: crashed: BUG: soft lockup in tc_modify_qdisc run #3: crashed: BUG: soft lockup in tc_modify_qdisc run #4: crashed: BUG: soft lockup in tc_modify_qdisc run #5: crashed: BUG: soft lockup in tc_modify_qdisc run #6: crashed: BUG: soft lockup in tc_modify_qdisc run #7: crashed: BUG: soft lockup in tc_modify_qdisc run #8: crashed: no output from test machine run #9: crashed: no output from test machine representative crash: BUG: soft lockup in tc_modify_qdisc, types: [HANG UNKNOWN] the bug reproduces without the instrumentation disabling configs for [LEAK UBSAN BUG KASAN LOCKDEP ATOMIC_SLEEP], they are not needed kconfig minimization: base=4920 full=6161 leaves diff=240 split chunks (needed=false): <240> split chunk #0 of len 240 into 5 parts testing without sub-chunk 1/5 disabling configs for [LEAK UBSAN BUG KASAN LOCKDEP ATOMIC_SLEEP], they are not needed testing commit 83c56fbab45dea6eb88e5e61fbfa390dfd2e0db7 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: c1098a4bd83d519df32b7ed872da06086d90fbc46be8eff019d62eedba2f7cc0 run #0: basic kernel testing failed: failed to copy binary to VM: failed to run ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "-v" "/tmp/syz-executor2741068460" "root@10.128.1.85:./syz-executor2741068460"]: exit status 255 Executing: program /usr/bin/ssh host 10.128.1.85, user root, command sftp OpenSSH_9.2p1 Debian-2, OpenSSL 3.0.9 30 May 2023 debug1: Reading configuration data /dev/null debug1: Connecting to 10.128.1.85 [10.128.1.85] port 22. debug1: connect to address 10.128.1.85 port 22: Connection timed out ssh: connect to host 10.128.1.85 port 22: Connection timed out scp: Connection closed run #1: crashed: BUG: soft lockup in tc_modify_qdisc run #2: crashed: BUG: soft lockup in tc_modify_qdisc run #3: crashed: BUG: soft lockup in tc_modify_qdisc run #4: crashed: BUG: soft lockup in tc_modify_qdisc run #5: crashed: BUG: soft lockup in tc_modify_qdisc run #6: crashed: BUG: soft lockup in tc_modify_qdisc run #7: crashed: BUG: soft lockup in tc_modify_qdisc run #8: crashed: BUG: soft lockup in tc_modify_qdisc run #9: crashed: no output from test machine representative crash: BUG: soft lockup in tc_modify_qdisc, types: [HANG] the chunk can be dropped testing without sub-chunk 2/5 disabling configs for [LOCKDEP ATOMIC_SLEEP LEAK UBSAN BUG KASAN], they are not needed testing commit 83c56fbab45dea6eb88e5e61fbfa390dfd2e0db7 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: b9e59db2d743fbaeb91c29dadbfabf047feaab7b77fa8e12899b9fddf982ef26 run #0: crashed: BUG: workqueue lockup run #1: crashed: BUG: soft lockup in tc_modify_qdisc run #2: crashed: BUG: soft lockup in tc_modify_qdisc run #3: crashed: BUG: soft lockup in tc_modify_qdisc run #4: crashed: BUG: soft lockup in tc_modify_qdisc run #5: crashed: BUG: soft lockup in tc_modify_qdisc run #6: crashed: BUG: soft lockup in tc_modify_qdisc run #7: crashed: BUG: soft lockup in tc_modify_qdisc run #8: crashed: BUG: soft lockup in tc_modify_qdisc run #9: crashed: no output from test machine representative crash: BUG: soft lockup in tc_modify_qdisc, types: [HANG] the chunk can be dropped testing without sub-chunk 3/5 disabling configs for [BUG KASAN LOCKDEP ATOMIC_SLEEP LEAK UBSAN], they are not needed testing commit 83c56fbab45dea6eb88e5e61fbfa390dfd2e0db7 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: a5d9e5b71e97f508470a6b832005c92bda340e108a6b3fc1c3dc5613f7362e95 run #0: crashed: BUG: soft lockup in corrupted run #1: crashed: BUG: soft lockup in tc_modify_qdisc run #2: crashed: BUG: workqueue lockup run #3: crashed: BUG: soft lockup in tc_modify_qdisc run #4: crashed: BUG: soft lockup in tc_modify_qdisc run #5: crashed: BUG: soft lockup in tc_modify_qdisc run #6: crashed: BUG: soft lockup in tc_modify_qdisc run #7: crashed: no output from test machine run #8: crashed: no output from test machine run #9: crashed: no output from test machine representative crash: BUG: soft lockup in corrupted, types: [HANG UNKNOWN] the chunk can be dropped testing without sub-chunk 4/5 disabling configs for [ATOMIC_SLEEP LEAK UBSAN BUG KASAN LOCKDEP], they are not needed testing commit 83c56fbab45dea6eb88e5e61fbfa390dfd2e0db7 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 040d3051e2bc40067c8cc748dd10d1558d012e5536c525b0a3433764ac5b1f28 run #0: crashed: BUG: soft lockup in tc_modify_qdisc run #1: crashed: BUG: soft lockup in tc_modify_qdisc run #2: crashed: BUG: soft lockup in tc_modify_qdisc run #3: crashed: BUG: soft lockup in tc_modify_qdisc run #4: crashed: BUG: soft lockup in corrupted run #5: crashed: BUG: soft lockup in tc_modify_qdisc run #6: crashed: BUG: soft lockup in tc_modify_qdisc run #7: crashed: no output from test machine run #8: crashed: BUG: soft lockup in tc_modify_qdisc run #9: crashed: no output from test machine representative crash: BUG: soft lockup in tc_modify_qdisc, types: [HANG] the chunk can be dropped testing without sub-chunk 5/5 disabling configs for [KASAN LOCKDEP ATOMIC_SLEEP LEAK UBSAN BUG], they are not needed testing commit 83c56fbab45dea6eb88e5e61fbfa390dfd2e0db7 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 failed building 83c56fbab45dea6eb88e5e61fbfa390dfd2e0db7: net/socket.c:1172: undefined reference to `wext_handle_ioctl' net/socket.c:3366: undefined reference to `compat_wext_handle_ioctl' net/core/net-procfs.c:343: undefined reference to `wext_proc_exit' net/core/net-procfs.c:327: undefined reference to `wext_proc_init' minimized to 48 configs; suspects: [HID_ZEROPLUS USB_NET_CDC_SUBSET USB_NET_CDC_SUBSET_ENABLE USB_NET_DM9601 USB_NET_GL620A USB_NET_MCS7830 USB_NET_NET1080 USB_NET_PLUSB USB_NET_RNDIS_HOST USB_NET_SMSC75XX USB_NET_SMSC95XX USB_NET_SR9700 USB_NET_SR9800 USB_NET_ZAURUS USB_OHCI_HCD USB_OHCI_HCD_PCI USB_OHCI_HCD_PLATFORM USB_OTG USB_OTG_FSM USB_PRINTER USB_SERIAL USB_SERIAL_FTDI_SIO USB_SERIAL_GENERIC USB_SERIAL_PL2303 USB_STORAGE_ALAUDA USB_STORAGE_CYPRESS_ATACB USB_STORAGE_DATAFAB USB_STORAGE_FREECOM USB_STORAGE_ISD200 USB_STORAGE_JUMPSHOT USB_STORAGE_KARMA USB_STORAGE_ONETOUCH USB_STORAGE_SDDR09 USB_STORAGE_SDDR55 USB_STORAGE_USBAT USB_TRANCEVIBRATOR USB_U_AUDIO USB_U_ETHER USB_U_SERIAL USB_WDM WLAN WLAN_VENDOR_ATH WLAN_VENDOR_ATMEL WLAN_VENDOR_BROADCOM WLAN_VENDOR_INTERSIL WLAN_VENDOR_MARVELL WLAN_VENDOR_MEDIATEK WLAN_VENDOR_MICROCHIP WLAN_VENDOR_RALINK WLAN_VENDOR_REALTEK WLAN_VENDOR_RSI WLAN_VENDOR_ZYDAS X86_X32 ZEROPLUS_FF] disabling configs for [BUG KASAN LOCKDEP ATOMIC_SLEEP LEAK UBSAN], they are not needed testing current HEAD ea586874d2f9e501ef84b7e55036fc8965397d5d testing commit ea586874d2f9e501ef84b7e55036fc8965397d5d gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: f3813d4f5f06eb5523bf2abaaf64f7f499be093f0809e43eeb92ee56e67e8acc all runs: OK false negative chance: 0.000 # git bisect start ea586874d2f9e501ef84b7e55036fc8965397d5d 83c56fbab45dea6eb88e5e61fbfa390dfd2e0db7 Bisecting: 326 revisions left to test after this (roughly 8 steps) [a09c258cfa77d3ba0a7acc555c73eb6b005c4bd8] net: core: remove unnecessary frame_sz check in bpf_xdp_adjust_tail() determine whether the revision contains the guilty commit checking the merge base 09996673e3139a6d86fc3d95c852b3a020e2fe5f no existing result, test the revision testing commit 09996673e3139a6d86fc3d95c852b3a020e2fe5f gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: a054fd9f1a8bb366492dd1dab70cbdc6f90a06a66de8c0fb766305e310d0c1f3 all runs: crashed: BUG: soft lockup in tc_modify_qdisc representative crash: BUG: soft lockup in tc_modify_qdisc, types: [HANG] testing commit a09c258cfa77d3ba0a7acc555c73eb6b005c4bd8 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: c18543f2be3c91b320e8874163a3dbfe5dd2a03b14054f3c2755ac8b8d16e5d5 all runs: crashed: BUG: soft lockup in tc_modify_qdisc representative crash: BUG: soft lockup in tc_modify_qdisc, types: [HANG] # git bisect good a09c258cfa77d3ba0a7acc555c73eb6b005c4bd8 Bisecting: 163 revisions left to test after this (roughly 7 steps) [6b64974e02ea82d0bae917f1fa79495a1a59b5bf] exfat: check if filename entries exceeds max filename length determine whether the revision contains the guilty commit revision 09996673e3139a6d86fc3d95c852b3a020e2fe5f crashed and is reachable testing commit 6b64974e02ea82d0bae917f1fa79495a1a59b5bf gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 64b0df7ab0f5a88031cd5763c9428c82cc2ad4007d214ef4b07320192d5bb187 all runs: OK false negative chance: 0.000 # git bisect bad 6b64974e02ea82d0bae917f1fa79495a1a59b5bf Bisecting: 81 revisions left to test after this (roughly 6 steps) [3a00ec562f8cb4c926583f1a18386c830ce3381f] fs: ntfs3: Fix possible null-pointer dereferences in mi_read() determine whether the revision contains the guilty commit revision 09996673e3139a6d86fc3d95c852b3a020e2fe5f crashed and is reachable testing commit 3a00ec562f8cb4c926583f1a18386c830ce3381f gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 740bc3bef5a0a7c5b494951710de4f4753a9d09784bbf77affc436710fe3bab2 all runs: OK false negative chance: 0.000 # git bisect bad 3a00ec562f8cb4c926583f1a18386c830ce3381f Bisecting: 40 revisions left to test after this (roughly 5 steps) [85db1cd1744e1f1fa8d80040aa4727dd88a0e0f4] scsi: qedi: Fix firmware halt over suspend and resume determine whether the revision contains the guilty commit revision 09996673e3139a6d86fc3d95c852b3a020e2fe5f crashed and is reachable testing commit 85db1cd1744e1f1fa8d80040aa4727dd88a0e0f4 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 92f1d0435605b80f1e9a3eeade7e619490815a414fc27d79a211738d8ac2fa31 run #0: crashed: BUG: soft lockup in tc_modify_qdisc run #1: crashed: BUG: soft lockup in tc_modify_qdisc run #2: crashed: BUG: soft lockup in tc_modify_qdisc run #3: crashed: BUG: soft lockup in tc_modify_qdisc run #4: crashed: BUG: soft lockup in tc_modify_qdisc run #5: crashed: BUG: soft lockup in tc_modify_qdisc run #6: crashed: BUG: soft lockup in tc_modify_qdisc run #7: crashed: BUG: soft lockup in tc_modify_qdisc run #8: crashed: no output from test machine run #9: crashed: BUG: soft lockup in tc_modify_qdisc representative crash: BUG: soft lockup in tc_modify_qdisc, types: [HANG] # git bisect good 85db1cd1744e1f1fa8d80040aa4727dd88a0e0f4 Bisecting: 20 revisions left to test after this (roughly 4 steps) [ff10cd3e9b3a324578eb554a8e9fb1cf6a0b9442] dma-remap: use kvmalloc_array/kvfree for larger dma memory remap determine whether the revision contains the guilty commit revision 09996673e3139a6d86fc3d95c852b3a020e2fe5f crashed and is reachable testing commit ff10cd3e9b3a324578eb554a8e9fb1cf6a0b9442 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 6310d92ab03c70176601d76164175f3ad8945b944a2f0bf73009885f83d72326 all runs: OK false negative chance: 0.000 # git bisect bad ff10cd3e9b3a324578eb554a8e9fb1cf6a0b9442 Bisecting: 9 revisions left to test after this (roughly 3 steps) [396a1921406a7e7eb7be653a2d9e5808285df545] selftests: forwarding: tc_actions: Use ncat instead of nc determine whether the revision contains the guilty commit revision 85db1cd1744e1f1fa8d80040aa4727dd88a0e0f4 crashed and is reachable testing commit 396a1921406a7e7eb7be653a2d9e5808285df545 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 5cf6f23b37cc2fd375cf05588755d4bb1b2acc6fb75313bde4c13d7bb7aca60d all runs: OK false negative chance: 0.000 # git bisect bad 396a1921406a7e7eb7be653a2d9e5808285df545 Bisecting: 4 revisions left to test after this (roughly 2 steps) [b4d36e6c5dc417f3f394b5e576dec2760b3999ae] timers/nohz: Switch to ONESHOT_STOPPED in the low-res handler when the tick is stopped determine whether the revision contains the guilty commit revision a09c258cfa77d3ba0a7acc555c73eb6b005c4bd8 crashed and is reachable testing commit b4d36e6c5dc417f3f394b5e576dec2760b3999ae gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 268f91bb2b50b0392c35c7169c1a96eedf4baa7be1e3b9592fe640a67676994b all runs: OK false negative chance: 0.000 # git bisect bad b4d36e6c5dc417f3f394b5e576dec2760b3999ae Bisecting: 2 revisions left to test after this (roughly 1 step) [5d094d4e7b99c75da9ece3a9a955eb3728f3988c] alpha: remove __init annotation from exported page_is_ram() determine whether the revision contains the guilty commit revision a09c258cfa77d3ba0a7acc555c73eb6b005c4bd8 crashed and is reachable testing commit 5d094d4e7b99c75da9ece3a9a955eb3728f3988c gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 8851289d0b1fc90ca34ebfbe76ba62346acdc0540131a3e5d7f39ea74078c272 run #0: crashed: BUG: soft lockup in tc_modify_qdisc run #1: crashed: BUG: workqueue lockup run #2: crashed: BUG: workqueue lockup run #3: crashed: BUG: soft lockup in tc_modify_qdisc run #4: crashed: BUG: soft lockup in tc_modify_qdisc run #5: crashed: BUG: soft lockup in tc_modify_qdisc run #6: crashed: BUG: soft lockup in tc_modify_qdisc run #7: crashed: BUG: soft lockup in tc_modify_qdisc run #8: crashed: BUG: soft lockup in tc_modify_qdisc run #9: crashed: BUG: soft lockup in tc_modify_qdisc representative crash: BUG: soft lockup in tc_modify_qdisc, types: [HANG] # git bisect good 5d094d4e7b99c75da9ece3a9a955eb3728f3988c Bisecting: 0 revisions left to test after this (roughly 1 step) [c3b954a51b6447d060c1b30ec4efb5db34a056f7] tick: Detect and fix jiffies update stall determine whether the revision contains the guilty commit revision a09c258cfa77d3ba0a7acc555c73eb6b005c4bd8 crashed and is reachable testing commit c3b954a51b6447d060c1b30ec4efb5db34a056f7 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 93678a9a96a28bc55569c78089837d9158f18e49cab961c2a0abc61ff4226805 all runs: OK false negative chance: 0.000 # git bisect bad c3b954a51b6447d060c1b30ec4efb5db34a056f7 Bisecting: 0 revisions left to test after this (roughly 0 steps) [af99918f0e39aeb14d2cd08ca79faf9ccb1ec47f] sch_netem: fix issues in netem_change() vs get_dist_table() determine whether the revision contains the guilty commit revision 09996673e3139a6d86fc3d95c852b3a020e2fe5f crashed and is reachable testing commit af99918f0e39aeb14d2cd08ca79faf9ccb1ec47f gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: ab63e09c722dee1a55ce33b218c7700d3a5b38c640ae207631eff235f6f3605e all runs: OK false negative chance: 0.000 # git bisect bad af99918f0e39aeb14d2cd08ca79faf9ccb1ec47f af99918f0e39aeb14d2cd08ca79faf9ccb1ec47f is the first bad commit commit af99918f0e39aeb14d2cd08ca79faf9ccb1ec47f Author: Eric Dumazet Date: Thu Jun 22 18:15:03 2023 +0000 sch_netem: fix issues in netem_change() vs get_dist_table() commit 11b73313c12403f617b47752db0ab3deef201af7 upstream. In blamed commit, I missed that get_dist_table() was allocating memory using GFP_KERNEL, and acquiring qdisc lock to perform the swap of newly allocated table with current one. In this patch, get_dist_table() is allocating memory and copy user data before we acquire the qdisc lock. Then we perform swap operations while being protected by the lock. Note that after this patch netem_change() no longer can do partial changes. If an error is returned, qdisc conf is left unchanged. Fixes: 2174a08db80d ("sch_netem: acquire qdisc lock in netem_change()") Reported-by: syzbot Signed-off-by: Eric Dumazet Cc: Stephen Hemminger Acked-by: Jamal Hadi Salim Reviewed-by: Simon Horman Link: https://lore.kernel.org/r/20230622181503.2327695-1-edumazet@google.com Signed-off-by: Jakub Kicinski Signed-off-by: Fedor Pchelkin Signed-off-by: Greg Kroah-Hartman net/sched/sch_netem.c | 59 ++++++++++++++++++++++----------------------------- 1 file changed, 25 insertions(+), 34 deletions(-) accumulated error probability: 0.00 culprit signature: ab63e09c722dee1a55ce33b218c7700d3a5b38c640ae207631eff235f6f3605e parent signature: 8851289d0b1fc90ca34ebfbe76ba62346acdc0540131a3e5d7f39ea74078c272 revisions tested: 18, total time: 3h50m36.264155599s (build: 33m35.232606047s, test: 3h12m50.107887091s) first good commit: af99918f0e39aeb14d2cd08ca79faf9ccb1ec47f sch_netem: fix issues in netem_change() vs get_dist_table() recipients (to): ["edumazet@google.com" "gregkh@linuxfoundation.org" "jhs@mojatatu.com" "kuba@kernel.org" "pchelkin@ispras.ru" "simon.horman@corigine.com"] recipients (cc): []