ci2 starts bisection 2023-12-29 03:55:21.112613874 +0000 UTC m=+561924.436499445 bisecting fixing commit since df6e6fc38f4f8630d1bf6008fa4d5c3f312d2462 building syzkaller on 7ec6c0443c90a3b37b815249619172c60d3ef557 ensuring issue is reproducible on original commit df6e6fc38f4f8630d1bf6008fa4d5c3f312d2462 testing commit df6e6fc38f4f8630d1bf6008fa4d5c3f312d2462 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: e7c9b9fae968a1074dca8ea9dd13627b54aa77d89c38503e9a31e5907eefd2bd all runs: crashed: BUG: soft lockup in tc_modify_qdisc representative crash: BUG: soft lockup in tc_modify_qdisc, types: [HANG] check whether we can drop unnecessary instrumentation disabling configs for [BUG KASAN LOCKDEP ATOMIC_SLEEP LEAK UBSAN], they are not needed testing commit df6e6fc38f4f8630d1bf6008fa4d5c3f312d2462 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 53cc204390f3006196bd0c7ed5a5696d8159aedd78075b38803a6944a9ad1830 all runs: crashed: BUG: soft lockup in tc_modify_qdisc representative crash: BUG: soft lockup in tc_modify_qdisc, types: [HANG] the bug reproduces without the instrumentation disabling configs for [ATOMIC_SLEEP LEAK UBSAN BUG KASAN LOCKDEP], they are not needed kconfig minimization: base=5179 full=6485 leaves diff=250 split chunks (needed=false): <250> split chunk #0 of len 250 into 5 parts testing without sub-chunk 1/5 disabling configs for [LEAK UBSAN BUG KASAN LOCKDEP ATOMIC_SLEEP], they are not needed testing commit df6e6fc38f4f8630d1bf6008fa4d5c3f312d2462 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: d7135b9c0f71ab2d56453dc9f0e466d5481b852ba665def71112a71230d1cfb1 run #0: crashed: BUG: soft lockup in tc_modify_qdisc run #1: crashed: BUG: soft lockup in tc_modify_qdisc run #2: crashed: BUG: soft lockup in tc_modify_qdisc run #3: crashed: BUG: soft lockup in tc_modify_qdisc run #4: crashed: BUG: soft lockup in tc_modify_qdisc run #5: crashed: BUG: soft lockup in tc_modify_qdisc run #6: crashed: BUG: soft lockup in tc_modify_qdisc run #7: crashed: BUG: soft lockup in tc_modify_qdisc run #8: crashed: BUG: soft lockup in tc_modify_qdisc run #9: crashed: no output from test machine representative crash: BUG: soft lockup in tc_modify_qdisc, types: [HANG] the chunk can be dropped testing without sub-chunk 2/5 disabling configs for [LEAK UBSAN BUG KASAN LOCKDEP ATOMIC_SLEEP], they are not needed testing commit df6e6fc38f4f8630d1bf6008fa4d5c3f312d2462 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 262c98535a52f1bd6cb9bc387e736018215c7028ce56a9088a2d464d8cdea45d run #0: basic kernel testing failed: failed to copy binary to VM: failed to run ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "-v" "/tmp/syz-executor2751547881" "root@10.128.10.55:./syz-executor2751547881"]: exit status 255 Executing: program /usr/bin/ssh host 10.128.10.55, user root, command sftp OpenSSH_9.2p1 Debian-2, OpenSSL 3.0.9 30 May 2023 debug1: Reading configuration data /dev/null debug1: Connecting to 10.128.10.55 [10.128.10.55] port 22. debug1: fd 3 clearing O_NONBLOCK debug1: Connection established. debug1: identity file /root/.ssh/id_rsa type -1 debug1: identity file /root/.ssh/id_rsa-cert type -1 debug1: identity file /root/.ssh/id_ecdsa type -1 debug1: identity file /root/.ssh/id_ecdsa-cert type -1 debug1: identity file /root/.ssh/id_ecdsa_sk type -1 debug1: identity file /root/.ssh/id_ecdsa_sk-cert type -1 debug1: identity file /root/.ssh/id_ed25519 type -1 debug1: identity file /root/.ssh/id_ed25519-cert type -1 debug1: identity file /root/.ssh/id_ed25519_sk type -1 debug1: identity file /root/.ssh/id_ed25519_sk-cert type -1 debug1: identity file /root/.ssh/id_xmss type -1 debug1: identity file /root/.ssh/id_xmss-cert type -1 debug1: identity file /root/.ssh/id_dsa type -1 debug1: identity file /root/.ssh/id_dsa-cert type -1 debug1: Local version string SSH-2.0-OpenSSH_9.2p1 Debian-2 Connection timed out during banner exchange Connection to 10.128.10.55 port 22 timed out scp: Connection closed run #1: crashed: BUG: soft lockup in tc_modify_qdisc run #2: crashed: BUG: soft lockup in tc_modify_qdisc run #3: crashed: BUG: soft lockup in tc_modify_qdisc run #4: crashed: BUG: soft lockup in tc_modify_qdisc run #5: crashed: BUG: soft lockup in tc_modify_qdisc run #6: crashed: BUG: soft lockup in tc_modify_qdisc run #7: crashed: BUG: soft lockup in tc_modify_qdisc run #8: crashed: BUG: soft lockup in tc_modify_qdisc run #9: crashed: BUG: soft lockup in tc_modify_qdisc representative crash: BUG: soft lockup in tc_modify_qdisc, types: [HANG] the chunk can be dropped testing without sub-chunk 3/5 disabling configs for [LEAK UBSAN BUG KASAN LOCKDEP ATOMIC_SLEEP], they are not needed testing commit df6e6fc38f4f8630d1bf6008fa4d5c3f312d2462 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 11b18fabc411d762ff2f08025f0a4576ecb3b19e7cb1d686aee1391d52efcdc6 run #0: crashed: BUG: workqueue lockup run #1: crashed: BUG: soft lockup in tc_modify_qdisc run #2: crashed: BUG: soft lockup in tc_modify_qdisc run #3: crashed: BUG: soft lockup in tc_modify_qdisc run #4: crashed: BUG: soft lockup in tc_modify_qdisc run #5: crashed: BUG: soft lockup in tc_modify_qdisc run #6: crashed: BUG: soft lockup in tc_modify_qdisc run #7: crashed: BUG: soft lockup in tc_modify_qdisc run #8: crashed: BUG: soft lockup in tc_modify_qdisc run #9: crashed: BUG: soft lockup in tc_modify_qdisc representative crash: BUG: soft lockup in tc_modify_qdisc, types: [HANG] the chunk can be dropped testing without sub-chunk 4/5 disabling configs for [LEAK UBSAN BUG KASAN LOCKDEP ATOMIC_SLEEP], they are not needed testing commit df6e6fc38f4f8630d1bf6008fa4d5c3f312d2462 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 49b8b679406994e6c25329386232268414da06fc280385dfe4f978b39f85389c run #0: crashed: BUG: soft lockup in corrupted run #1: crashed: BUG: workqueue lockup run #2: crashed: BUG: soft lockup in tc_modify_qdisc run #3: crashed: BUG: soft lockup in tc_modify_qdisc run #4: crashed: BUG: soft lockup in tc_modify_qdisc run #5: crashed: BUG: soft lockup in tc_modify_qdisc run #6: crashed: BUG: soft lockup in tc_modify_qdisc run #7: crashed: BUG: soft lockup in tc_modify_qdisc run #8: crashed: BUG: soft lockup in tc_modify_qdisc run #9: crashed: BUG: soft lockup in tc_modify_qdisc representative crash: BUG: soft lockup in corrupted, types: [HANG] the chunk can be dropped testing without sub-chunk 5/5 disabling configs for [UBSAN BUG KASAN LOCKDEP ATOMIC_SLEEP LEAK], they are not needed testing commit df6e6fc38f4f8630d1bf6008fa4d5c3f312d2462 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 failed building df6e6fc38f4f8630d1bf6008fa4d5c3f312d2462: net/socket.c:1225: undefined reference to `wext_handle_ioctl' net/socket.c:3420: undefined reference to `compat_wext_handle_ioctl' net/core/net-procfs.c:329: undefined reference to `wext_proc_init' net/core/net-procfs.c:345: undefined reference to `wext_proc_exit' minimized to 50 configs; suspects: [HID_ZEROPLUS USB_NET_CDC_MBIM USB_NET_CDC_SUBSET USB_NET_CDC_SUBSET_ENABLE USB_NET_DM9601 USB_NET_GL620A USB_NET_MCS7830 USB_NET_NET1080 USB_NET_PLUSB USB_NET_RNDIS_HOST USB_NET_SMSC75XX USB_NET_SMSC95XX USB_NET_SR9700 USB_NET_SR9800 USB_NET_ZAURUS USB_OHCI_HCD USB_OHCI_HCD_PCI USB_OHCI_HCD_PLATFORM USB_OTG USB_OTG_FSM USB_PRINTER USB_SERIAL_GENERIC USB_SERIAL_PL2303 USB_STORAGE_ALAUDA USB_STORAGE_CYPRESS_ATACB USB_STORAGE_DATAFAB USB_STORAGE_FREECOM USB_STORAGE_ISD200 USB_STORAGE_JUMPSHOT USB_STORAGE_KARMA USB_STORAGE_ONETOUCH USB_STORAGE_SDDR09 USB_STORAGE_SDDR55 USB_STORAGE_USBAT USB_TRANCEVIBRATOR USB_U_AUDIO USB_U_ETHER USB_U_SERIAL USB_WDM WLAN WLAN_VENDOR_ATH WLAN_VENDOR_ATMEL WLAN_VENDOR_BROADCOM WLAN_VENDOR_INTERSIL WLAN_VENDOR_MARVELL WLAN_VENDOR_MEDIATEK WLAN_VENDOR_MICROCHIP WLAN_VENDOR_PURELIFI WLAN_VENDOR_RALINK WLAN_VENDOR_REALTEK WLAN_VENDOR_RSI WLAN_VENDOR_SILABS WLAN_VENDOR_ZYDAS X86_X32_ABI ZEROPLUS_FF] disabling configs for [BUG KASAN LOCKDEP ATOMIC_SLEEP LEAK UBSAN], they are not needed testing current HEAD 401a2769d99066952f3bfb73a8ce6b0269bc04d7 testing commit 401a2769d99066952f3bfb73a8ce6b0269bc04d7 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 43a80e6f041d8ce8e49eb40d858f8987cd5b69b84c10cb2313ecdccd2c2b39ee all runs: OK false negative chance: 0.000 # git bisect start 401a2769d99066952f3bfb73a8ce6b0269bc04d7 df6e6fc38f4f8630d1bf6008fa4d5c3f312d2462 Bisecting: 1105 revisions left to test after this (roughly 10 steps) [59a4f61feccf9c5518c76d6efd1742694040d1d5] RDMA/rxe: Split rxe_run_task() into two subroutines determine whether the revision contains the guilty commit checking the merge base 52a953d0934b17a88f403b4135eb3cdf83d19f91 no existing result, test the revision testing commit 52a953d0934b17a88f403b4135eb3cdf83d19f91 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 616103241ecc9ff7e45c5d874748558e99bc927428a379cc394e1073e20d1b93 all runs: crashed: BUG: soft lockup in tc_modify_qdisc representative crash: BUG: soft lockup in tc_modify_qdisc, types: [HANG] testing commit 59a4f61feccf9c5518c76d6efd1742694040d1d5 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 7cc0de740373921d3111cef073e3cec087fc8955fbb1bc513488761e258a9357 all runs: OK false negative chance: 0.000 # git bisect bad 59a4f61feccf9c5518c76d6efd1742694040d1d5 Bisecting: 552 revisions left to test after this (roughly 9 steps) [7134565a8207fc6fafe188c95bdd5f09744ccfec] mlxsw: reg: Fix SSPR register layout determine whether the revision contains the guilty commit revision 52a953d0934b17a88f403b4135eb3cdf83d19f91 crashed and is reachable testing commit 7134565a8207fc6fafe188c95bdd5f09744ccfec gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 8f2dcbe4108a45b5715b3f0b59782e434687c05e5d84e2afd5b86ec91ab7396d all runs: OK false negative chance: 0.000 # git bisect bad 7134565a8207fc6fafe188c95bdd5f09744ccfec Bisecting: 276 revisions left to test after this (roughly 8 steps) [667ce6a0ff80dddbd56e85d1f6eee7dab6836096] net: hns3: refactor hclge_mac_link_status_wait for interface reuse determine whether the revision contains the guilty commit revision 52a953d0934b17a88f403b4135eb3cdf83d19f91 crashed and is reachable testing commit 667ce6a0ff80dddbd56e85d1f6eee7dab6836096 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 65327559d8354e01e64e1766e49cd7497acc3f43bdcf1e1d06973c6306e3ca6c all runs: crashed: BUG: soft lockup in tc_modify_qdisc representative crash: BUG: soft lockup in tc_modify_qdisc, types: [HANG] # git bisect good 667ce6a0ff80dddbd56e85d1f6eee7dab6836096 Bisecting: 138 revisions left to test after this (roughly 7 steps) [8ad9bc25cbdcec72e7ca43dd8281decb69ea9a70] vdpa: Add queue index attr to vdpa_nl_policy for nlattr length check determine whether the revision contains the guilty commit revision 52a953d0934b17a88f403b4135eb3cdf83d19f91 crashed and is reachable testing commit 8ad9bc25cbdcec72e7ca43dd8281decb69ea9a70 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: ad074918170c1ec1dcc13990c6cbd3c90fc630bbde608a049cb6cf7cac8ac5e2 all runs: OK false negative chance: 0.000 # git bisect bad 8ad9bc25cbdcec72e7ca43dd8281decb69ea9a70 Bisecting: 68 revisions left to test after this (roughly 6 steps) [3dd5c90c48bf1553e4962e2d8101a96ae320cd9c] ASoC: SOF: Intel: fix SoundWire/HDaudio mutual exclusion determine whether the revision contains the guilty commit revision 52a953d0934b17a88f403b4135eb3cdf83d19f91 crashed and is reachable testing commit 3dd5c90c48bf1553e4962e2d8101a96ae320cd9c gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 3d76279283b2abc434996a9b6f2d8bc6355e0b27aabd4d84c4eaaaaf55ccc158 all runs: OK false negative chance: 0.000 # git bisect bad 3dd5c90c48bf1553e4962e2d8101a96ae320cd9c Bisecting: 34 revisions left to test after this (roughly 5 steps) [b191ff1f075c4875f11271cbf0093e6e044a12aa] scsi: core: Fix possible memory leak if device_add() fails determine whether the revision contains the guilty commit revision 52a953d0934b17a88f403b4135eb3cdf83d19f91 crashed and is reachable testing commit b191ff1f075c4875f11271cbf0093e6e044a12aa gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 69d862d2f7cedfda28ec0dc17353039b4f3cb04f4336b692641c0aaf57216fa8 run #0: crashed: BUG: soft lockup in tc_modify_qdisc run #1: crashed: BUG: soft lockup in tc_modify_qdisc run #2: crashed: BUG: soft lockup in tc_modify_qdisc run #3: crashed: BUG: soft lockup in tc_modify_qdisc run #4: crashed: BUG: soft lockup in tc_modify_qdisc run #5: crashed: BUG: soft lockup in tc_modify_qdisc run #6: crashed: BUG: soft lockup in corrupted run #7: crashed: BUG: soft lockup in tc_modify_qdisc run #8: crashed: BUG: soft lockup in tc_modify_qdisc run #9: crashed: BUG: soft lockup in tc_modify_qdisc representative crash: BUG: soft lockup in tc_modify_qdisc, types: [HANG] # git bisect good b191ff1f075c4875f11271cbf0093e6e044a12aa Bisecting: 17 revisions left to test after this (roughly 4 steps) [206381cee964c26547173be36280991bebd9ebcc] net/smc: replace mutex rmbs_lock and sndbufs_lock with rw_semaphore determine whether the revision contains the guilty commit revision 667ce6a0ff80dddbd56e85d1f6eee7dab6836096 crashed and is reachable testing commit 206381cee964c26547173be36280991bebd9ebcc gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 01778953eece8c66e8260ceb372ec741738e9c3275479239bf646f4fc37e3297 all runs: OK false negative chance: 0.000 # git bisect bad 206381cee964c26547173be36280991bebd9ebcc Bisecting: 8 revisions left to test after this (roughly 3 steps) [5525c289dbcf2b1adecc5e727e7d544ade9c7be1] drm/amd/pm/smu7: move variables to where they are used determine whether the revision contains the guilty commit revision 667ce6a0ff80dddbd56e85d1f6eee7dab6836096 crashed and is reachable testing commit 5525c289dbcf2b1adecc5e727e7d544ade9c7be1 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 8f64acfeeb2d103ebb3c18bb30258bb4474b0cc657dcdc5fad54a7b9672b4a94 all runs: OK false negative chance: 0.000 # git bisect bad 5525c289dbcf2b1adecc5e727e7d544ade9c7be1 Bisecting: 3 revisions left to test after this (roughly 2 steps) [afc4ddd9507f2d829b503a41b8de33535e521c55] platform/x86: serial-multi-instantiate: Auto detect IRQ resource for CSC3551 determine whether the revision contains the guilty commit revision 52a953d0934b17a88f403b4135eb3cdf83d19f91 crashed and is reachable testing commit afc4ddd9507f2d829b503a41b8de33535e521c55 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: c163483f41c0b0e44004160caf0a7d65c1ec33cc019f128dce6d28b56c2f25b3 run #0: crashed: BUG: soft lockup in tc_modify_qdisc run #1: crashed: BUG: soft lockup in tc_modify_qdisc run #2: crashed: BUG: soft lockup in tc_modify_qdisc run #3: crashed: BUG: soft lockup in tc_modify_qdisc run #4: crashed: BUG: soft lockup in tc_modify_qdisc run #5: crashed: BUG: soft lockup in tc_modify_qdisc run #6: crashed: BUG: soft lockup in tc_modify_qdisc run #7: crashed: BUG: soft lockup in tc_modify_qdisc run #8: crashed: BUG: soft lockup in tc_modify_qdisc run #9: crashed: no output from test machine representative crash: BUG: soft lockup in tc_modify_qdisc, types: [HANG] # git bisect good afc4ddd9507f2d829b503a41b8de33535e521c55 Bisecting: 1 revision left to test after this (roughly 1 step) [3ae919c317dd6607f9c166ce1e0cb2cf5f02dd2b] alpha: remove __init annotation from exported page_is_ram() determine whether the revision contains the guilty commit revision 52a953d0934b17a88f403b4135eb3cdf83d19f91 crashed and is reachable testing commit 3ae919c317dd6607f9c166ce1e0cb2cf5f02dd2b gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: ff77715d6921c2e0c273e6890e66a554b3607583aa3bd33fc12a8cb37242175e run #0: crashed: BUG: soft lockup in tc_modify_qdisc run #1: crashed: BUG: workqueue lockup run #2: crashed: BUG: soft lockup in tc_modify_qdisc run #3: crashed: BUG: soft lockup in tc_modify_qdisc run #4: crashed: BUG: soft lockup in tc_modify_qdisc run #5: crashed: BUG: soft lockup in tc_modify_qdisc run #6: crashed: BUG: soft lockup in tc_modify_qdisc run #7: crashed: BUG: soft lockup in tc_modify_qdisc run #8: crashed: BUG: soft lockup in tc_modify_qdisc run #9: crashed: BUG: soft lockup in tc_modify_qdisc representative crash: BUG: soft lockup in tc_modify_qdisc, types: [HANG] # git bisect good 3ae919c317dd6607f9c166ce1e0cb2cf5f02dd2b Bisecting: 0 revisions left to test after this (roughly 0 steps) [4346a66ad19876663e46d57c85dac5958f227033] sch_netem: fix issues in netem_change() vs get_dist_table() determine whether the revision contains the guilty commit revision 3ae919c317dd6607f9c166ce1e0cb2cf5f02dd2b crashed and is reachable testing commit 4346a66ad19876663e46d57c85dac5958f227033 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 40f74f567b5ee94cedcfaa5814eafef70a8176c5dd33910a90ef1e2f2e5ca79a all runs: OK false negative chance: 0.000 # git bisect bad 4346a66ad19876663e46d57c85dac5958f227033 4346a66ad19876663e46d57c85dac5958f227033 is the first bad commit commit 4346a66ad19876663e46d57c85dac5958f227033 Author: Eric Dumazet Date: Thu Jun 22 18:15:03 2023 +0000 sch_netem: fix issues in netem_change() vs get_dist_table() commit 11b73313c12403f617b47752db0ab3deef201af7 upstream. In blamed commit, I missed that get_dist_table() was allocating memory using GFP_KERNEL, and acquiring qdisc lock to perform the swap of newly allocated table with current one. In this patch, get_dist_table() is allocating memory and copy user data before we acquire the qdisc lock. Then we perform swap operations while being protected by the lock. Note that after this patch netem_change() no longer can do partial changes. If an error is returned, qdisc conf is left unchanged. Fixes: 2174a08db80d ("sch_netem: acquire qdisc lock in netem_change()") Reported-by: syzbot Signed-off-by: Eric Dumazet Cc: Stephen Hemminger Acked-by: Jamal Hadi Salim Reviewed-by: Simon Horman Link: https://lore.kernel.org/r/20230622181503.2327695-1-edumazet@google.com Signed-off-by: Jakub Kicinski Signed-off-by: Fedor Pchelkin Signed-off-by: Greg Kroah-Hartman net/sched/sch_netem.c | 59 ++++++++++++++++++++++----------------------------- 1 file changed, 25 insertions(+), 34 deletions(-) accumulated error probability: 0.00 culprit signature: 40f74f567b5ee94cedcfaa5814eafef70a8176c5dd33910a90ef1e2f2e5ca79a parent signature: ff77715d6921c2e0c273e6890e66a554b3607583aa3bd33fc12a8cb37242175e revisions tested: 19, total time: 4h26m58.210116477s (build: 1h4m32.261138099s, test: 3h2m8.407261479s) first good commit: 4346a66ad19876663e46d57c85dac5958f227033 sch_netem: fix issues in netem_change() vs get_dist_table() recipients (to): ["edumazet@google.com" "gregkh@linuxfoundation.org" "jhs@mojatatu.com" "kuba@kernel.org" "pchelkin@ispras.ru" "simon.horman@corigine.com"] recipients (cc): []