ci starts bisection 2023-11-03 20:56:59.71922768 +0000 UTC m=+59.895439339 bisecting cause commit starting from 4652b8e4f3ffa48c706ec334f048c217a7d9750d building syzkaller on c4ac074caa7ae68aef44c619a09b02832cc91f35 ensuring issue is reproducible on original commit 4652b8e4f3ffa48c706ec334f048c217a7d9750d testing commit 4652b8e4f3ffa48c706ec334f048c217a7d9750d gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: c88471cd31d9e26395b9c778fc782ced7baff50d23629048bb64bb79da6e1afd all runs: crashed: general protection fault in ptp_ioctl representative crash: general protection fault in ptp_ioctl, types: [UNKNOWN] check whether we can drop unnecessary instrumentation disabling configs for [UBSAN BUG KASAN LOCKDEP ATOMIC_SLEEP HANG LEAK], they are not needed testing commit 4652b8e4f3ffa48c706ec334f048c217a7d9750d gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 139858185e133d0bca9db7bd20f24a10eca2e2bbe1846628bf47731dab73209c all runs: crashed: BUG: unable to handle kernel paging request in ptp_ioctl representative crash: BUG: unable to handle kernel paging request in ptp_ioctl, types: [UNKNOWN] the bug reproduces without the instrumentation disabling configs for [LEAK UBSAN BUG KASAN LOCKDEP ATOMIC_SLEEP HANG], they are not needed kconfig minimization: base=3938 full=7647 leaves diff=1994 split chunks (needed=false): <1994> split chunk #0 of len 1994 into 5 parts testing without sub-chunk 1/5 disabling configs for [ATOMIC_SLEEP HANG LEAK UBSAN BUG KASAN LOCKDEP], they are not needed testing commit 4652b8e4f3ffa48c706ec334f048c217a7d9750d gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: f5e30b5e5941ebae9dc0f4e116fadc7a520c04aa3dddb6f79f13721c1cda3d5c all runs: crashed: BUG: unable to handle kernel paging request in ptp_ioctl representative crash: BUG: unable to handle kernel paging request in ptp_ioctl, types: [UNKNOWN] the chunk can be dropped testing without sub-chunk 2/5 disabling configs for [LOCKDEP ATOMIC_SLEEP HANG LEAK UBSAN BUG KASAN], they are not needed testing commit 4652b8e4f3ffa48c706ec334f048c217a7d9750d gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 60d27a8cf1f5a386aa760e7cb11041ea8cc3a9eadd3572bb880956ecc1c67615 all runs: crashed: BUG: unable to handle kernel paging request in ptp_ioctl representative crash: BUG: unable to handle kernel paging request in ptp_ioctl, types: [UNKNOWN] the chunk can be dropped testing without sub-chunk 3/5 disabling configs for [HANG LEAK UBSAN BUG KASAN LOCKDEP ATOMIC_SLEEP], they are not needed testing commit 4652b8e4f3ffa48c706ec334f048c217a7d9750d gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 8b4af13e625367a0f6ae798bed2ba312b26eeb08b82f782edb1cf8a0176b92fc all runs: crashed: BUG: unable to handle kernel paging request in ptp_ioctl representative crash: BUG: unable to handle kernel paging request in ptp_ioctl, types: [UNKNOWN] the chunk can be dropped testing without sub-chunk 4/5 disabling configs for [LOCKDEP ATOMIC_SLEEP HANG LEAK UBSAN BUG KASAN], they are not needed testing commit 4652b8e4f3ffa48c706ec334f048c217a7d9750d gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 3364a9d2a1dbf02f5b13209d877d521542b53c9ab5134f980520d2ed07a2a872 all runs: crashed: BUG: unable to handle kernel paging request in ptp_ioctl representative crash: BUG: unable to handle kernel paging request in ptp_ioctl, types: [UNKNOWN] the chunk can be dropped testing without sub-chunk 5/5 disabling configs for [KASAN LOCKDEP ATOMIC_SLEEP HANG LEAK UBSAN BUG], they are not needed testing commit 4652b8e4f3ffa48c706ec334f048c217a7d9750d gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 705c4b769b574bddabb7153ea047ed64b12664b2806b99d58c510a628c2f3ce3 all runs: crashed: BUG: unable to handle kernel paging request in ptp_ioctl representative crash: BUG: unable to handle kernel paging request in ptp_ioctl, types: [UNKNOWN] the chunk can be dropped disabling configs for [HANG LEAK UBSAN BUG KASAN LOCKDEP ATOMIC_SLEEP], they are not needed picked [v6.6 v6.5 v6.4 v6.2 v6.0 v5.18 v5.16 v5.14 v5.11 v5.8 v5.5 v5.2 v4.20 v4.19] out of 29 release tags testing release v6.6 testing commit ffc253263a1375a65fa6c9f62a893e9767fbebfa gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 95cdd6b0a675a88f258bdc194221b25c798168d40ef082a82376e33284f0812d all runs: OK false negative chance: 0.000 # git bisect start 4652b8e4f3ffa48c706ec334f048c217a7d9750d ffc253263a1375a65fa6c9f62a893e9767fbebfa Bisecting: 4552 revisions left to test after this (roughly 12 steps) [89ed67ef126c4160349c1b96fdb775ea6170ac90] Merge tag 'net-next-6.7' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next testing commit 89ed67ef126c4160349c1b96fdb775ea6170ac90 gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: aaa5539b9138c9d8e85622206916579d7ff4572c8659993783c9281f03bfa344 all runs: crashed: BUG: unable to handle kernel paging request in ptp_ioctl representative crash: BUG: unable to handle kernel paging request in ptp_ioctl, types: [UNKNOWN] # git bisect bad 89ed67ef126c4160349c1b96fdb775ea6170ac90 Bisecting: 3061 revisions left to test after this (roughly 12 steps) [b827ac419721a106ae2fccaa40576b0594edad92] exportfs: Change bcachefs fid_type enum to avoid conflicts testing commit b827ac419721a106ae2fccaa40576b0594edad92 gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: dea1a33b4dbd668d86469087451594b84134b1e5951bc1c1baa36e59a775955e all runs: OK false negative chance: 0.000 # git bisect good b827ac419721a106ae2fccaa40576b0594edad92 Bisecting: 1530 revisions left to test after this (roughly 11 steps) [d1a02ed66fe62aa2edd77bd54e270ebc33bd12ff] tcp: rename tcp_skb_timestamp() testing commit d1a02ed66fe62aa2edd77bd54e270ebc33bd12ff gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 78fe97a3bd8e5068503b2e0ad0dbe785bdf283fdc6f22a3ee9f9401c1e636222 all runs: crashed: BUG: unable to handle kernel paging request in ptp_ioctl representative crash: BUG: unable to handle kernel paging request in ptp_ioctl, types: [UNKNOWN] # git bisect bad d1a02ed66fe62aa2edd77bd54e270ebc33bd12ff Bisecting: 868 revisions left to test after this (roughly 10 steps) [3abbd0699b678fc48e0100704338cff9180fe4bb] net: phy: broadcom: add support for BCM5221 phy testing commit 3abbd0699b678fc48e0100704338cff9180fe4bb gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: b95f111b88cc3887f2ea984387823ddde85f5b4a8f8621c2fe4b9c50bdb1d3fd all runs: OK false negative chance: 0.000 # git bisect good 3abbd0699b678fc48e0100704338cff9180fe4bb Bisecting: 434 revisions left to test after this (roughly 9 steps) [5a423552e0d9bb882f22cb0bf85f520ca2692706] i40e: Add handler for devlink .info_get testing commit 5a423552e0d9bb882f22cb0bf85f520ca2692706 gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: bf12f396dcf608103c61d769fe99549aabd9683aa1b7e35345859d37f0a13638 all runs: OK false negative chance: 0.000 # git bisect good 5a423552e0d9bb882f22cb0bf85f520ca2692706 Bisecting: 175 revisions left to test after this (roughly 8 steps) [56a7bb12c78ffa1b02e154b1d779ed2a1555fa3c] Merge tag 'wireless-next-2023-10-16' of git://git.kernel.org/pub/scm/linux/kernel/git/wireless/wireless-next testing commit 56a7bb12c78ffa1b02e154b1d779ed2a1555fa3c gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 23b6db5de41706e345bbfb7ee60643fe3b254637bccf068644b7ed03ba268eb3 all runs: crashed: BUG: unable to handle kernel paging request in ptp_ioctl representative crash: BUG: unable to handle kernel paging request in ptp_ioctl, types: [UNKNOWN] # git bisect bad 56a7bb12c78ffa1b02e154b1d779ed2a1555fa3c Bisecting: 118 revisions left to test after this (roughly 7 steps) [a3c2dd96487f1dd734c9443a3472c8dafa689813] Merge tag 'for-netdev' of https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next testing commit a3c2dd96487f1dd734c9443a3472c8dafa689813 gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 7924456d9541b027df4c9e548b65e6e56b65c113bf69d5ae38d4f55cc26a222c all runs: crashed: BUG: unable to handle kernel paging request in ptp_ioctl representative crash: BUG: unable to handle kernel paging request in ptp_ioctl, types: [UNKNOWN] # git bisect bad a3c2dd96487f1dd734c9443a3472c8dafa689813 Bisecting: 69 revisions left to test after this (roughly 6 steps) [84cb9cbd911a3e06c1ff31572706ba0ee3499b19] bpf: Annotate struct bpf_stack_map with __counted_by testing commit 84cb9cbd911a3e06c1ff31572706ba0ee3499b19 gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 09bc24d390b5c394c4ebdaa211994c93fa431fb1880de424177bf27fddf1bed7 all runs: OK false negative chance: 0.000 # git bisect good 84cb9cbd911a3e06c1ff31572706ba0ee3499b19 Bisecting: 34 revisions left to test after this (roughly 5 steps) [c60991f8e187eb73dbea2375c08ccba8f544bd49] cgroup, netclassid: on modifying netclassid in cgroup, only consider the main process. testing commit c60991f8e187eb73dbea2375c08ccba8f544bd49 gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 634f9b0b2b8938804043680541a67a45a5d0c7a30318273f234ec2e1617073a0 all runs: crashed: BUG: unable to handle kernel paging request in ptp_ioctl representative crash: BUG: unable to handle kernel paging request in ptp_ioctl, types: [UNKNOWN] # git bisect bad c60991f8e187eb73dbea2375c08ccba8f544bd49 Bisecting: 17 revisions left to test after this (roughly 4 steps) [101c6032031f4dba72b91e6c766e958a5e429622] net: cxgb3: simplify logic for rspq_check_napi testing commit 101c6032031f4dba72b91e6c766e958a5e429622 gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 2a0937d69f3611d1d331feccd168d0e48cfbc06f509a14eab201e5654da0473f all runs: crashed: BUG: unable to handle kernel paging request in ptp_ioctl representative crash: BUG: unable to handle kernel paging request in ptp_ioctl, types: [UNKNOWN] # git bisect bad 101c6032031f4dba72b91e6c766e958a5e429622 Bisecting: 7 revisions left to test after this (roughly 3 steps) [99620ea03327c5e73407f48a6994578f71951a87] Merge branch 'dpll-phase-offset-phase-adjust' testing commit 99620ea03327c5e73407f48a6994578f71951a87 gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 4c2abf296efa7795cfc83b08cd74540191bcff48f1809f88c315c9988883fa1a all runs: OK false negative chance: 0.000 # git bisect good 99620ea03327c5e73407f48a6994578f71951a87 Bisecting: 3 revisions left to test after this (roughly 2 steps) [c5a445b1e9347b14752b01f1a304bd7a2f260acc] ptp: support event queue reader channel masks testing commit c5a445b1e9347b14752b01f1a304bd7a2f260acc gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: cea458ba5c9d70dfeed3a3e5fc453e628a024f00ff207dfcf281e2f218fe2898 all runs: crashed: BUG: unable to handle kernel paging request in ptp_ioctl representative crash: BUG: unable to handle kernel paging request in ptp_ioctl, types: [UNKNOWN] # git bisect bad c5a445b1e9347b14752b01f1a304bd7a2f260acc Bisecting: 1 revision left to test after this (roughly 1 step) [d26ab5a35ad9920940a9e07665130d501b2ae1a3] ptp: Replace timestamp event queue with linked list testing commit d26ab5a35ad9920940a9e07665130d501b2ae1a3 gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 928de8c6c9800f86137a3a474f7a16519d95294d204d7eb17fe05cc48a0fe170 all runs: OK false negative chance: 0.000 # git bisect good d26ab5a35ad9920940a9e07665130d501b2ae1a3 Bisecting: 0 revisions left to test after this (roughly 0 steps) [8f5de6fb245326704f37d91780b9a10253a8a100] ptp: support multiple timestamp event readers testing commit 8f5de6fb245326704f37d91780b9a10253a8a100 gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: f2c0bdd716372bbfe2e3708b9e8eeda245c95b89efbca89d1b7a15a7b2864ab8 all runs: OK false negative chance: 0.000 # git bisect good 8f5de6fb245326704f37d91780b9a10253a8a100 c5a445b1e9347b14752b01f1a304bd7a2f260acc is the first bad commit commit c5a445b1e9347b14752b01f1a304bd7a2f260acc Author: Xabier Marquiegui Date: Thu Oct 12 00:39:56 2023 +0200 ptp: support event queue reader channel masks On systems with multiple timestamp event channels, some readers might want to receive only a subset of those channels. Add the necessary modifications to support timestamp event channel filtering, including two IOCTL operations: - Clear all channels - Enable one channel The mask modification operations will be applied exclusively on the event queue assigned to the file descriptor used on the IOCTL operation, so the typical procedure to have a reader receiving only a subset of the enabled channels would be: - Open device file - ioctl: clear all channels - ioctl: enable one channel - start reading Calling the enable one channel ioctl more than once will result in multiple enabled channels. Signed-off-by: Xabier Marquiegui Suggested-by: Richard Cochran Suggested-by: Vinicius Costa Gomes Signed-off-by: David S. Miller drivers/ptp/ptp_chardev.c | 26 ++++++++++++++++++++++++++ drivers/ptp/ptp_clock.c | 12 ++++++++++-- drivers/ptp/ptp_private.h | 3 +++ include/uapi/linux/ptp_clock.h | 2 ++ 4 files changed, 41 insertions(+), 2 deletions(-) accumulated error probability: 0.00 culprit signature: cea458ba5c9d70dfeed3a3e5fc453e628a024f00ff207dfcf281e2f218fe2898 parent signature: f2c0bdd716372bbfe2e3708b9e8eeda245c95b89efbca89d1b7a15a7b2864ab8 revisions tested: 22, total time: 4h50m14.943257173s (build: 2h15m56.898520654s, test: 2h19m48.354242921s) first bad commit: c5a445b1e9347b14752b01f1a304bd7a2f260acc ptp: support event queue reader channel masks recipients (to): ["davem@davemloft.net" "netdev@vger.kernel.org" "reibax@gmail.com" "richardcochran@gmail.com"] recipients (cc): ["davem@davemloft.net" "linux-kernel@vger.kernel.org" "rrameshbabu@nvidia.com"] crash: BUG: unable to handle kernel paging request in ptp_ioctl BUG: unable to handle page fault for address: 0000000000001058 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 10529c067 P4D 10529c067 PUD 104ea3067 PMD 0 Oops: 0000 [#1] PREEMPT SMP CPU: 0 PID: 1852 Comm: syz-executor.0 Not tainted 6.6.0-rc5-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/09/2023 RIP: 0010:bitmap_clear include/linux/bitmap.h:478 [inline] RIP: 0010:ptp_ioctl+0x523/0xbd0 drivers/ptp/ptp_chardev.c:462 Code: e7 ff d0 4c 8d 4c 24 60 85 c0 0f 84 4c 03 00 00 48 63 d8 45 31 ed 45 31 ff e9 4c fe ff ff 81 fe 13 3d 00 00 0f 85 e1 00 00 00 <48> 8b 91 58 10 00 00 b9 20 00 00 00 48 89 d7 f3 48 ab 31 db 45 31 RSP: 0018:ffffc90001687d00 EFLAGS: 00010246 RAX: 0000000000000000 RBX: 0000000000003d13 RCX: 0000000000000000 RDX: 0000000000000000 RSI: 0000000000003d13 RDI: ffffc90001687e98 RBP: ffffc90001687ed0 R08: ffff88810a290cd0 R09: ffffc90001687d60 R10: 0000000000000000 R11: ffff888102e6c000 R12: ffffffff837fc9c8 R13: ffffc90001687da8 R14: ffffc90001687de8 R15: ffffc90001687e38 FS: 00007feded47b6c0(0000) GS:ffff888237c00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000001058 CR3: 0000000104eb4000 CR4: 0000000000350ef0 Call Trace: posix_clock_ioctl+0x52/0x80 kernel/time/posix-clock.c:86 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:871 [inline] __se_sys_ioctl fs/ioctl.c:857 [inline] __x64_sys_ioctl+0x8b/0xc0 fs/ioctl.c:857 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x38/0x80 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd RIP: 0033:0x7feded8f8ae9 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007feded47b0c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 00007fededa17f80 RCX: 00007feded8f8ae9 RDX: 0000000000000000 RSI: 0000000000003d13 RDI: 0000000000000003 RBP: 00007feded94447a R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 0000000000000006 R14: 00007fededa17f80 R15: 00007ffe55968448 Modules linked in: CR2: 0000000000001058 ---[ end trace 0000000000000000 ]--- RIP: 0010:bitmap_clear include/linux/bitmap.h:478 [inline] RIP: 0010:ptp_ioctl+0x523/0xbd0 drivers/ptp/ptp_chardev.c:462 Code: e7 ff d0 4c 8d 4c 24 60 85 c0 0f 84 4c 03 00 00 48 63 d8 45 31 ed 45 31 ff e9 4c fe ff ff 81 fe 13 3d 00 00 0f 85 e1 00 00 00 <48> 8b 91 58 10 00 00 b9 20 00 00 00 48 89 d7 f3 48 ab 31 db 45 31 RSP: 0018:ffffc90001687d00 EFLAGS: 00010246 RAX: 0000000000000000 RBX: 0000000000003d13 RCX: 0000000000000000 RDX: 0000000000000000 RSI: 0000000000003d13 RDI: ffffc90001687e98 RBP: ffffc90001687ed0 R08: ffff88810a290cd0 R09: ffffc90001687d60 R10: 0000000000000000 R11: ffff888102e6c000 R12: ffffffff837fc9c8 R13: ffffc90001687da8 R14: ffffc90001687de8 R15: ffffc90001687e38 FS: 00007feded47b6c0(0000) GS:ffff888237c00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000001058 CR3: 0000000104eb4000 CR4: 0000000000350ef0 ---------------- Code disassembly (best guess): 0: e7 ff out %eax,$0xff 2: d0 4c 8d 4c rorb 0x4c(%rbp,%rcx,4) 6: 24 60 and $0x60,%al 8: 85 c0 test %eax,%eax a: 0f 84 4c 03 00 00 je 0x35c 10: 48 63 d8 movslq %eax,%rbx 13: 45 31 ed xor %r13d,%r13d 16: 45 31 ff xor %r15d,%r15d 19: e9 4c fe ff ff jmp 0xfffffe6a 1e: 81 fe 13 3d 00 00 cmp $0x3d13,%esi 24: 0f 85 e1 00 00 00 jne 0x10b * 2a: 48 8b 91 58 10 00 00 mov 0x1058(%rcx),%rdx <-- trapping instruction 31: b9 20 00 00 00 mov $0x20,%ecx 36: 48 89 d7 mov %rdx,%rdi 39: f3 48 ab rep stos %rax,%es:(%rdi) 3c: 31 db xor %ebx,%ebx 3e: 45 rex.RB 3f: 31 .byte 0x31