ci2 starts bisection 2023-06-25 05:06:06.322589793 +0000 UTC m=+375750.551548022 bisecting fixing commit since 9d6bde853685609a631871d7c12be94fdf8d912e building syzkaller on 4bce1a3e705a8b62de8194bdb28f5eef89c8feec ensuring issue is reproducible on original commit 9d6bde853685609a631871d7c12be94fdf8d912e testing commit 9d6bde853685609a631871d7c12be94fdf8d912e gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: e5103f778a1232cba0f5b4fe5daf82f641016dae735b65b1ced95c5ca93c1a77 all runs: crashed: kernel BUG in ext4_get_group_info testing current HEAD f67653019430833d5003f16817d7fa85272a6a76 testing commit f67653019430833d5003f16817d7fa85272a6a76 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 0e4c5d10b856bd6552630d3dd6b81eb5a8ba8c62a7dd33d7c1f481ade38900f6 all runs: OK too many neither good nor bad results, skipping this commit # git bisect start f67653019430833d5003f16817d7fa85272a6a76 9d6bde853685609a631871d7c12be94fdf8d912e Bisecting: 334 revisions left to test after this (roughly 8 steps) [fade445f3921ffdbe5a31ce6f94e3533668fa3e7] tcp: deny tcp_disconnect() when threads are waiting testing commit fade445f3921ffdbe5a31ce6f94e3533668fa3e7 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 1bf60dff03beafd387635bf901d87f0c49792ce379bf7e3af14739d9d6c3d64b all runs: OK too many neither good nor bad results, skipping this commit # git bisect bad fade445f3921ffdbe5a31ce6f94e3533668fa3e7 Bisecting: 166 revisions left to test after this (roughly 7 steps) [fc0e18f95c88435bd8a1ceb540243cd7fbcd9781] usb: typec: altmodes/displayport: fix pin_assignment_show testing commit fc0e18f95c88435bd8a1ceb540243cd7fbcd9781 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 88995ac64e79ebc628f25482b2ed833a368a1456f555a09f10e4169d869391f7 all runs: OK too many neither good nor bad results, skipping this commit # git bisect bad fc0e18f95c88435bd8a1ceb540243cd7fbcd9781 Bisecting: 83 revisions left to test after this (roughly 6 steps) [ee009c2abc4410b40d3b2603b8c27fa24db93f9d] usb: typec: tcpm: fix multiple times discover svids error testing commit ee009c2abc4410b40d3b2603b8c27fa24db93f9d gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: a7c6375ba41874eb5ba95eaa9182da2bde40617c3f66c926c10308d323d6a990 all runs: OK too many neither good nor bad results, skipping this commit # git bisect bad ee009c2abc4410b40d3b2603b8c27fa24db93f9d Bisecting: 41 revisions left to test after this (roughly 5 steps) [f4a573eed6377d356f835a4b00099d5dacee0da0] ACPI: EC: Fix oops when removing custom query handlers testing commit f4a573eed6377d356f835a4b00099d5dacee0da0 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: b6aaad4e464188498f63878a3c981034825e46c640ee9fe98d5c6657d8958838 all runs: OK too many neither good nor bad results, skipping this commit # git bisect bad f4a573eed6377d356f835a4b00099d5dacee0da0 Bisecting: 20 revisions left to test after this (roughly 4 steps) [610fd07c1370e8d0676512c7ddfd75c4f6b7427a] af_unix: Fix a data race of sk->sk_receive_queue->qlen. testing commit 610fd07c1370e8d0676512c7ddfd75c4f6b7427a gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 0e52bbb63b31de788beeabce4a7d22e0612f233040bb7e8aec51b409a3ee1bec all runs: crashed: kernel BUG in ext4_get_group_info # git bisect good 610fd07c1370e8d0676512c7ddfd75c4f6b7427a Bisecting: 10 revisions left to test after this (roughly 3 steps) [718b66c5eb6556004332c5c4ae28b405c88222f8] refscale: Move shutdown from wait_event() to wait_event_idle() testing commit 718b66c5eb6556004332c5c4ae28b405c88222f8 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 074278103ba22eb87489c43539eee174917a12aa008aface75acd16b3cb77cc4 run #0: crashed: WARNING: ODEBUG bug in netdev_run_todo run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK reproducer seems to be flaky # git bisect good 718b66c5eb6556004332c5c4ae28b405c88222f8 Bisecting: 5 revisions left to test after this (roughly 3 steps) [15856ab95617ec720167f55af8428ea1acc0a5a4] regmap: cache: Return error in cache sync operations for REGCACHE_NONE testing commit 15856ab95617ec720167f55af8428ea1acc0a5a4 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: d32200440f9d2f9a562b79f1a3f1224ce402004bf6e1142b0cb57a7b84c970a6 run #0: crashed: BUG: sleeping function called from invalid context in ext4_update_super run #1: crashed: WARNING: ODEBUG bug in netdev_run_todo run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK run #10: OK run #11: OK run #12: OK run #13: OK run #14: OK run #15: OK run #16: OK run #17: OK run #18: OK run #19: OK # git bisect good 15856ab95617ec720167f55af8428ea1acc0a5a4 Bisecting: 2 revisions left to test after this (roughly 2 steps) [dcf632bca424e6ff8c8eb89c96694e7f05cd29b6] media: pci: tw68: Fix null-ptr-deref bug in buf prepare and finish testing commit dcf632bca424e6ff8c8eb89c96694e7f05cd29b6 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: d32200440f9d2f9a562b79f1a3f1224ce402004bf6e1142b0cb57a7b84c970a6 all runs: OK too many neither good nor bad results, skipping this commit # git bisect bad dcf632bca424e6ff8c8eb89c96694e7f05cd29b6 Bisecting: 0 revisions left to test after this (roughly 1 step) [f0a06203f2fe63f04311467200c99c4ee1926578] media: cx23885: Fix a null-ptr-deref bug in buffer_prepare() and buffer_finish() testing commit f0a06203f2fe63f04311467200c99c4ee1926578 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: d32200440f9d2f9a562b79f1a3f1224ce402004bf6e1142b0cb57a7b84c970a6 all runs: OK too many neither good nor bad results, skipping this commit # git bisect bad f0a06203f2fe63f04311467200c99c4ee1926578 Bisecting: 0 revisions left to test after this (roughly 0 steps) [c127337841127fc68ac0ebdd7d8468988c548e96] arm64: dts: qcom: msm8996: Add missing DWC3 quirks testing commit c127337841127fc68ac0ebdd7d8468988c548e96 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: d32200440f9d2f9a562b79f1a3f1224ce402004bf6e1142b0cb57a7b84c970a6 run #0: crashed: BUG: sleeping function called from invalid context in ext4_update_super run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK run #10: OK run #11: OK run #12: OK run #13: OK run #14: OK run #15: OK run #16: OK run #17: OK run #18: OK run #19: OK # git bisect good c127337841127fc68ac0ebdd7d8468988c548e96 f0a06203f2fe63f04311467200c99c4ee1926578 is the first bad commit commit f0a06203f2fe63f04311467200c99c4ee1926578 Author: harperchen Date: Thu Mar 2 13:39:05 2023 +0100 media: cx23885: Fix a null-ptr-deref bug in buffer_prepare() and buffer_finish() [ Upstream commit 47e8b73bc35d7c54642f78e498697692f6358996 ] When the driver calls cx23885_risc_buffer() to prepare the buffer, the function call dma_alloc_coherent may fail, resulting in a empty buffer risc->cpu. Later when we free the buffer or access the buffer, null ptr deref is triggered. This bug is similar to the following one: https://git.linuxtv.org/media_stage.git/commit/?id=2b064d91440b33fba5b452f2d1b31f13ae911d71. We believe the bug can be also dynamically triggered from user side. Similarly, we fix this by checking the return value of cx23885_risc_buffer() and the value of risc->cpu before buffer free. Signed-off-by: harperchen Signed-off-by: Hans Verkuil Signed-off-by: Mauro Carvalho Chehab Signed-off-by: Sasha Levin drivers/media/pci/cx23885/cx23885-core.c | 4 +++- drivers/media/pci/cx23885/cx23885-video.c | 13 +++++++------ 2 files changed, 10 insertions(+), 7 deletions(-) culprit signature: d32200440f9d2f9a562b79f1a3f1224ce402004bf6e1142b0cb57a7b84c970a6 parent signature: d32200440f9d2f9a562b79f1a3f1224ce402004bf6e1142b0cb57a7b84c970a6 Reproducer flagged being flaky revisions tested: 12, total time: 8h43m5.00261046s (build: 6h34m13.507629731s, test: 2h2m55.266359483s) first good commit: f0a06203f2fe63f04311467200c99c4ee1926578 media: cx23885: Fix a null-ptr-deref bug in buffer_prepare() and buffer_finish() recipients (to): ["harperchen1110@gmail.com" "hverkuil-cisco@xs4all.nl" "mchehab@kernel.org" "sashal@kernel.org"] recipients (cc): []