ci starts bisection 2023-03-31 01:15:27.778546645 +0000 UTC m=+132668.224894630 bisecting cause commit starting from a6d9e3034536ba4b68ac34490c02267e6eec9c05 building syzkaller on f325deb023e4e2fb9197004be1b3da738680429c ensuring issue is reproducible on original commit a6d9e3034536ba4b68ac34490c02267e6eec9c05 testing commit a6d9e3034536ba4b68ac34490c02267e6eec9c05 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 48fac660e5d514172b2af3627d397cc12637a3355fd590c879da84d83e73734f all runs: crashed: general protection fault in drm_crtc_next_vblank_start testing release v6.2 testing commit c9c3395d5e3dcc6daee66c6908354d47bf98cb0c gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 19be1dbd8c3f78cb257572341a6602042227c3d5d0bb2ef2cdec76e79c68f9f0 all runs: OK # git bisect start a6d9e3034536ba4b68ac34490c02267e6eec9c05 c9c3395d5e3dcc6daee66c6908354d47bf98cb0c Bisecting: 11426 revisions left to test after this (roughly 14 steps) [61fc1ee8be26bc192d691932b0a67eabee45d12f] riscv: Bump COMMAND_LINE_SIZE value to 1024 testing commit 61fc1ee8be26bc192d691932b0a67eabee45d12f gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 089fd3da2efb1c0242756109aa244c4661106743d103e9131363505a3f94e788 all runs: OK # git bisect good 61fc1ee8be26bc192d691932b0a67eabee45d12f Bisecting: 5712 revisions left to test after this (roughly 13 steps) [f970fdc22ba050517641e262b6f009fbbbb034b5] Merge branch 'ericvh/for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/ericvh/v9fs.git testing commit f970fdc22ba050517641e262b6f009fbbbb034b5 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 26b63864e9e5584c8d0a95e9e6498d3c5b05bdf6a3e7f79c90a60b2290ff261b all runs: OK # git bisect good f970fdc22ba050517641e262b6f009fbbbb034b5 Bisecting: 2881 revisions left to test after this (roughly 12 steps) [f7a1d3c80e6b7f0cea5844924de09f0b6de31581] Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound.git testing commit f7a1d3c80e6b7f0cea5844924de09f0b6de31581 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: c169dfe944c906b7cfd05fc21bb00a93622ecc5b34832538ac1b5eb40c9b414d all runs: crashed: general protection fault in drm_crtc_next_vblank_start # git bisect bad f7a1d3c80e6b7f0cea5844924de09f0b6de31581 Bisecting: 1389 revisions left to test after this (roughly 11 steps) [1bed20d5c4674544bbe904a3f9488433d08d1d47] Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git testing commit 1bed20d5c4674544bbe904a3f9488433d08d1d47 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 failed to run ["make" "-j" "64" "ARCH=x86_64" "bzImage"]: exit status 2 # git bisect skip 1bed20d5c4674544bbe904a3f9488433d08d1d47 Bisecting: 1389 revisions left to test after this (roughly 11 steps) [3079bfdbda6cc776b4fba4556258966753a6d840] dt-bindings: net: Drop unneeded quotes testing commit 3079bfdbda6cc776b4fba4556258966753a6d840 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: ae5330f44ae60eadfe158dc143701927413cc47a42eb66590c069d524cc8a2a0 all runs: OK # git bisect good 3079bfdbda6cc776b4fba4556258966753a6d840 Bisecting: 1156 revisions left to test after this (roughly 10 steps) [48e78e21ebe6e4ed82aa6ad9cdce4fc634884247] Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/cryptodev-2.6.git testing commit 48e78e21ebe6e4ed82aa6ad9cdce4fc634884247 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: d82f893e09d122a8fb2e77db9b3ee7733bebb8afe5128068bb70bb4c5aff4800 all runs: OK # git bisect good 48e78e21ebe6e4ed82aa6ad9cdce4fc634884247 Bisecting: 597 revisions left to test after this (roughly 9 steps) [c6265f5c2f502e442c4f339f121bedbc990c12e7] Merge tag 'drm-misc-next-2023-03-16' of git://anongit.freedesktop.org/drm/drm-misc into drm-next testing commit c6265f5c2f502e442c4f339f121bedbc990c12e7 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 9ee228fe31e6260390ef53b605bca20cb9c25a4a88088f238db3de544b571c6f all runs: OK # git bisect good c6265f5c2f502e442c4f339f121bedbc990c12e7 Bisecting: 287 revisions left to test after this (roughly 8 steps) [c8c89c8e41328731c4a4d4b0d0e272b7df5c6ed0] Merge branch 'for-linux-next' of git://anongit.freedesktop.org/drm/drm-misc testing commit c8c89c8e41328731c4a4d4b0d0e272b7df5c6ed0 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 37ba8dda0e2543fa741e309b3039387db4e921e031b932e0cfe8e7c5493d6e7b all runs: crashed: general protection fault in drm_crtc_next_vblank_start # git bisect bad c8c89c8e41328731c4a4d4b0d0e272b7df5c6ed0 Bisecting: 130 revisions left to test after this (roughly 7 steps) [9578a10d4a2b4bcbbebefb4156c16c82ee725b3a] Merge tag 'drm-misc-next-2023-03-23' of git://anongit.freedesktop.org/drm/drm-misc into drm-next testing commit 9578a10d4a2b4bcbbebefb4156c16c82ee725b3a gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 0204c51adcaf5b6172449ca3243c715105a83fbcf09b3b1046ceaaa3699ee9bb all runs: OK # git bisect good 9578a10d4a2b4bcbbebefb4156c16c82ee725b3a Bisecting: 64 revisions left to test after this (roughly 6 steps) [7ed34927254ae9eac0f6b0ad7e7c2bceb96fcdfc] Merge tag 'drm-intel-next-2023-03-23' of git://anongit.freedesktop.org/drm/drm-intel into drm-next testing commit 7ed34927254ae9eac0f6b0ad7e7c2bceb96fcdfc gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 326b57aaf821532310f4a7f3b3cc9c9263f2e60e736b49eed1b2ace3462922db all runs: OK # git bisect good 7ed34927254ae9eac0f6b0ad7e7c2bceb96fcdfc Bisecting: 29 revisions left to test after this (roughly 5 steps) [929ae7c2e3adbbb2c2bddcd16854a6b11b56e95a] Merge tag 'dma-fence-deadline' of https://gitlab.freedesktop.org/drm/msm into drm-next testing commit 929ae7c2e3adbbb2c2bddcd16854a6b11b56e95a gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: aff30006969847e5c82955db0a4b8850cc590f75339633b4d1eb5ab131aa8ee1 all runs: crashed: general protection fault in drm_crtc_next_vblank_start # git bisect bad 929ae7c2e3adbbb2c2bddcd16854a6b11b56e95a Bisecting: 17 revisions left to test after this (roughly 4 steps) [184f37e578b90a9addabc437804376a94dca79c9] drm: exynos: dsi: Add input_bus_flags testing commit 184f37e578b90a9addabc437804376a94dca79c9 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: b2d8ed62d9fa8c6c57a8987399ddbfb854b5a2a79f2fc62ffa1be14ff1f4a215 all runs: OK # git bisect good 184f37e578b90a9addabc437804376a94dca79c9 Bisecting: 8 revisions left to test after this (roughly 3 steps) [2fcc1fa5f906872f4d3da3fef08fa062fa70a645] Merge tag 'exynos-drm-next-for-v6.4' of git://git.kernel.org/pub/scm/linux/kernel/git/daeinki/drm-exynos into drm-next testing commit 2fcc1fa5f906872f4d3da3fef08fa062fa70a645 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: ca5206c47c10b97b1d7a06c022ec46c3363c111a726427b9de9df4dd8a9595a7 all runs: OK # git bisect good 2fcc1fa5f906872f4d3da3fef08fa062fa70a645 Bisecting: 3 revisions left to test after this (roughly 2 steps) [d71c11cc79d259c059f4ad377c0f930263f77c53] dma-buf/sync_file: Surface sync-file uABI testing commit d71c11cc79d259c059f4ad377c0f930263f77c53 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 9989a4365cba33851c15dcf897d7c25645ef6b7b8d928a7de935d3fc08696066 all runs: OK # git bisect good d71c11cc79d259c059f4ad377c0f930263f77c53 Bisecting: 1 revision left to test after this (roughly 1 step) [b2c077d001b612b1f34f7e528b2dc6072bd6794e] drm/vblank: Add helper to get next vblank time testing commit b2c077d001b612b1f34f7e528b2dc6072bd6794e gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: c2018d5068ce26c4d6ac5344fd39414bb5e0ec8e0a7887419c02d3b101eeed6c all runs: OK # git bisect good b2c077d001b612b1f34f7e528b2dc6072bd6794e Bisecting: 0 revisions left to test after this (roughly 0 steps) [d39e48ca80c0960b039cb38633957f0040f63e1a] drm/atomic-helper: Set fence deadline for vblank testing commit d39e48ca80c0960b039cb38633957f0040f63e1a gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: b1ac003254df57675854e86a90b5f021abe1fa7f1627989afbd7f143690003b7 all runs: crashed: general protection fault in drm_crtc_next_vblank_start # git bisect bad d39e48ca80c0960b039cb38633957f0040f63e1a d39e48ca80c0960b039cb38633957f0040f63e1a is the first bad commit commit d39e48ca80c0960b039cb38633957f0040f63e1a Author: Rob Clark Date: Fri Sep 3 11:47:54 2021 -0700 drm/atomic-helper: Set fence deadline for vblank For an atomic commit updating a single CRTC (ie. a pageflip) calculate the next vblank time, and inform the fence(s) of that deadline. v2: Comment typo fix (danvet) v3: If there are multiple CRTCs, consider the time of the soonest vblank Signed-off-by: Rob Clark Reviewed-by: Daniel Vetter drivers/gpu/drm/drm_atomic_helper.c | 37 +++++++++++++++++++++++++++++++++++++ 1 file changed, 37 insertions(+) culprit signature: b1ac003254df57675854e86a90b5f021abe1fa7f1627989afbd7f143690003b7 parent signature: c2018d5068ce26c4d6ac5344fd39414bb5e0ec8e0a7887419c02d3b101eeed6c revisions tested: 17, total time: 5h21m55.221420083s (build: 3h9m18.74918535s, test: 2h8m5.442925661s) first bad commit: d39e48ca80c0960b039cb38633957f0040f63e1a drm/atomic-helper: Set fence deadline for vblank recipients (to): ["daniel.vetter@ffwll.ch" "robdclark@chromium.org"] recipients (cc): [] crash: general protection fault in drm_crtc_next_vblank_start [drm:udl_init] *ERROR* Unrecognized vendor firmware descriptor [drm:udl_init] *ERROR* Selecting channel failed [drm] Initialized udl 0.0.1 20120220 for 1-1:0.0 on minor 2 [drm] Initialized udl on minor 2 udl 1-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 udl 1-1:0.0: [drm] Cannot find any crtc or sizes general protection fault, probably for non-canonical address 0xdffffc0000000028: 0000 [#1] PREEMPT SMP KASAN KASAN: null-ptr-deref in range [0x0000000000000140-0x0000000000000147] CPU: 1 PID: 2439 Comm: kworker/1:2 Not tainted 6.3.0-rc2-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 Workqueue: usb_hub_wq hub_event RIP: 0010:drm_crtc_next_vblank_start+0xa9/0x260 drivers/gpu/drm/drm_vblank.c:1003 Code: a4 01 00 00 48 69 db 38 02 00 00 48 b8 00 00 00 00 00 fc ff df 49 03 9d 38 03 00 00 4c 8d ab 44 01 00 00 4c 89 ea 48 c1 ea 03 <0f> b6 14 02 4c 89 e8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 24 RSP: 0018:ffffc9000b6bec28 EFLAGS: 00010207 RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffff88801d0e0408 RDX: 0000000000000028 RSI: ffffc9000b6becb0 RDI: ffff8880209a0338 RBP: ffff8880209a10d8 R08: ffff8880209a0dc8 R09: ffff8880209a0dc8 R10: ffff8880209a00a0 R11: 0000000000000012 R12: ffffc9000b6becb0 R13: 0000000000000144 R14: dffffc0000000000 R15: ffff88801d0e0400 FS: 0000000000000000(0000) GS:ffff8880b9b00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f0330cd0378 CR3: 00000000754aa000 CR4: 00000000003506e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: set_fence_deadline drivers/gpu/drm/drm_atomic_helper.c:1531 [inline] drm_atomic_helper_wait_for_fences+0x169/0x630 drivers/gpu/drm/drm_atomic_helper.c:1578 drm_atomic_helper_commit drivers/gpu/drm/drm_atomic_helper.c:2007 [inline] drm_atomic_helper_commit+0x161/0x2a0 drivers/gpu/drm/drm_atomic_helper.c:1979 drm_atomic_commit+0x1ce/0x2b0 drivers/gpu/drm/drm_atomic.c:1443 drm_client_modeset_commit_atomic+0x54a/0x690 drivers/gpu/drm/drm_client_modeset.c:1045 drm_client_modeset_commit_locked+0x12d/0x4c0 drivers/gpu/drm/drm_client_modeset.c:1148 drm_client_modeset_commit+0x3b/0x60 drivers/gpu/drm/drm_client_modeset.c:1174 drm_fb_helper_single_fb_probe drivers/gpu/drm/drm_fb_helper.c:1963 [inline] __drm_fb_helper_initial_config_and_unlock+0xec3/0x1450 drivers/gpu/drm/drm_fb_helper.c:2153 drm_fbdev_client_hotplug+0x15e/0x210 drivers/gpu/drm/drm_fbdev_generic.c:384 drm_fbdev_generic_setup+0xf5/0x350 drivers/gpu/drm/drm_fbdev_generic.c:450 udl_usb_probe+0xd9/0x120 drivers/gpu/drm/udl/udl_drv.c:120 usb_probe_interface+0x26c/0x820 drivers/usb/core/driver.c:396 call_driver_probe drivers/base/dd.c:552 [inline] really_probe+0x1c7/0xb20 drivers/base/dd.c:631 __driver_probe_device+0x186/0x460 drivers/base/dd.c:768 driver_probe_device+0x44/0x110 drivers/base/dd.c:798 __device_attach_driver+0x14e/0x270 drivers/base/dd.c:926 bus_for_each_drv+0x102/0x190 drivers/base/bus.c:457 __device_attach+0x19e/0x3d0 drivers/base/dd.c:998 bus_probe_device+0x12b/0x170 drivers/base/bus.c:532 device_add+0xee4/0x1930 drivers/base/core.c:3589 usb_set_configuration+0xabc/0x1a20 drivers/usb/core/message.c:2171 usb_generic_driver_probe+0x88/0xd0 drivers/usb/core/generic.c:238 usb_probe_device+0x98/0x240 drivers/usb/core/driver.c:293 call_driver_probe drivers/base/dd.c:552 [inline] really_probe+0x1c7/0xb20 drivers/base/dd.c:631 __driver_probe_device+0x186/0x460 drivers/base/dd.c:768 driver_probe_device+0x44/0x110 drivers/base/dd.c:798 __device_attach_driver+0x14e/0x270 drivers/base/dd.c:926 bus_for_each_drv+0x102/0x190 drivers/base/bus.c:457 __device_attach+0x19e/0x3d0 drivers/base/dd.c:998 bus_probe_device+0x12b/0x170 drivers/base/bus.c:532 device_add+0xee4/0x1930 drivers/base/core.c:3589 usb_new_device+0xc6e/0x1930 drivers/usb/core/hub.c:2575 hub_port_connect drivers/usb/core/hub.c:5407 [inline] hub_port_connect_change drivers/usb/core/hub.c:5551 [inline] port_event drivers/usb/core/hub.c:5711 [inline] hub_event+0x24cc/0x4240 drivers/usb/core/hub.c:5793 process_one_work+0x865/0x14b0 kernel/workqueue.c:2390 worker_thread+0x59c/0xec0 kernel/workqueue.c:2537 kthread+0x298/0x340 kernel/kthread.c:376 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308 Modules linked in: ---[ end trace 0000000000000000 ]--- RIP: 0010:drm_crtc_next_vblank_start+0xa9/0x260 drivers/gpu/drm/drm_vblank.c:1003 Code: a4 01 00 00 48 69 db 38 02 00 00 48 b8 00 00 00 00 00 fc ff df 49 03 9d 38 03 00 00 4c 8d ab 44 01 00 00 4c 89 ea 48 c1 ea 03 <0f> b6 14 02 4c 89 e8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 24 RSP: 0018:ffffc9000b6bec28 EFLAGS: 00010207 RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffff88801d0e0408 RDX: 0000000000000028 RSI: ffffc9000b6becb0 RDI: ffff8880209a0338 RBP: ffff8880209a10d8 R08: ffff8880209a0dc8 R09: ffff8880209a0dc8 R10: ffff8880209a00a0 R11: 0000000000000012 R12: ffffc9000b6becb0 R13: 0000000000000144 R14: dffffc0000000000 R15: ffff88801d0e0400 FS: 0000000000000000(0000) GS:ffff8880b9b00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f0330cd0378 CR3: 00000000211bc000 CR4: 00000000003506e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 ---------------- Code disassembly (best guess), 2 bytes skipped: 0: 00 00 add %al,(%rax) 2: 48 69 db 38 02 00 00 imul $0x238,%rbx,%rbx 9: 48 b8 00 00 00 00 00 movabs $0xdffffc0000000000,%rax 10: fc ff df 13: 49 03 9d 38 03 00 00 add 0x338(%r13),%rbx 1a: 4c 8d ab 44 01 00 00 lea 0x144(%rbx),%r13 21: 4c 89 ea mov %r13,%rdx 24: 48 c1 ea 03 shr $0x3,%rdx * 28: 0f b6 14 02 movzbl (%rdx,%rax,1),%edx <-- trapping instruction 2c: 4c 89 e8 mov %r13,%rax 2f: 83 e0 07 and $0x7,%eax 32: 83 c0 03 add $0x3,%eax 35: 38 d0 cmp %dl,%al 37: 7c 08 jl 0x41 39: 84 d2 test %dl,%dl 3b: 0f .byte 0xf 3c: 85 .byte 0x85 3d: 24 .byte 0x24