ci starts bisection 2024-07-26 23:00:07.260706544 +0000 UTC m=+110.254771631 bisecting fixing commit since 71ed6c2663481926a9dba9ea3145f9a582ff7b2f building syzkaller on a12e99e74dfc7cbe54720d8383cec46aaf024a28 rewritten commit 6f130e4d4a5f7174f98300376f3994817ad7e21c reidentified by title 'bpf: Fix order of args in call to bpf_map_kvcalloc' ensuring issue is reproducible on original commit 6f130e4d4a5f7174f98300376f3994817ad7e21c testing commit 6f130e4d4a5f7174f98300376f3994817ad7e21c gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 1dc884d19afa2cb81527936c0342ba86e5ef4dc6c58c6c978e82c03ba7614be3 run #0: crashed: KASAN: invalid-free in hci_req_sync_complete run #1: crashed: possible deadlock in sock_hash_update_common run #2: crashed: possible deadlock in sock_hash_update_common run #3: crashed: possible deadlock in sock_hash_update_common run #4: crashed: possible deadlock in sock_hash_update_common run #5: crashed: possible deadlock in sock_hash_update_common run #6: crashed: possible deadlock in sock_hash_update_common run #7: crashed: possible deadlock in sock_hash_update_common run #8: crashed: possible deadlock in sock_hash_update_common run #9: crashed: possible deadlock in sock_hash_update_common run #10: crashed: possible deadlock in sock_hash_update_common run #11: crashed: possible deadlock in sock_hash_update_common run #12: crashed: possible deadlock in sock_hash_update_common run #13: crashed: possible deadlock in sock_hash_update_common run #14: crashed: possible deadlock in sock_hash_update_common run #15: crashed: possible deadlock in sock_hash_update_common run #16: crashed: possible deadlock in sock_hash_update_common run #17: crashed: possible deadlock in sock_hash_update_common run #18: crashed: possible deadlock in sock_hash_update_common run #19: crashed: possible deadlock in sock_hash_update_common representative crash: possible deadlock in sock_hash_update_common, types: [LOCKDEP] check whether we can drop unnecessary instrumentation disabling configs for [KASAN ATOMIC_SLEEP HANG LEAK UBSAN BUG], they are not needed testing commit 6f130e4d4a5f7174f98300376f3994817ad7e21c gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 4a3c5b30299af8c8a7f45c521c35d520d26d3a691d276e554c368693c273d4b6 all runs: crashed: possible deadlock in sock_hash_update_common representative crash: possible deadlock in sock_hash_update_common, types: [LOCKDEP] the bug reproduces without the instrumentation disabling configs for [HANG LEAK UBSAN BUG KASAN ATOMIC_SLEEP], they are not needed kconfig minimization: base=4001 full=8011 leaves diff=2008 split chunks (needed=false): <2008> split chunk #0 of len 2008 into 5 parts testing without sub-chunk 1/5 disabling configs for [HANG LEAK UBSAN BUG KASAN ATOMIC_SLEEP], they are not needed testing commit 6f130e4d4a5f7174f98300376f3994817ad7e21c gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 5266c8d9b01f4bd71e7de5b6171c30f8e3d07636592f0d0c2d614bbfbdcbc584 all runs: OK false negative chance: 0.000 testing without sub-chunk 2/5 disabling configs for [ATOMIC_SLEEP HANG LEAK UBSAN BUG KASAN], they are not needed testing commit 6f130e4d4a5f7174f98300376f3994817ad7e21c gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: ed902c67a2017ad39b9e7c97d9c24f0b09470c461cdff84c9a1cd0009f2a428d all runs: crashed: possible deadlock in sock_hash_update_common representative crash: possible deadlock in sock_hash_update_common, types: [LOCKDEP] the chunk can be dropped testing without sub-chunk 3/5 disabling configs for [KASAN ATOMIC_SLEEP HANG LEAK UBSAN BUG], they are not needed testing commit 6f130e4d4a5f7174f98300376f3994817ad7e21c gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 3ca31bea42439c76b1a036df64d0f8c05ba5373cd41a4c5bc597e7de68c0db9a all runs: crashed: possible deadlock in sock_hash_update_common representative crash: possible deadlock in sock_hash_update_common, types: [LOCKDEP] the chunk can be dropped testing without sub-chunk 4/5 disabling configs for [HANG LEAK UBSAN BUG KASAN ATOMIC_SLEEP], they are not needed testing commit 6f130e4d4a5f7174f98300376f3994817ad7e21c gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 1ef0f1bedbd91d5eae77d1de20271b5685cf114b49a5935a42ef3d8e440f60b2 all runs: crashed: possible deadlock in sock_hash_update_common representative crash: possible deadlock in sock_hash_update_common, types: [LOCKDEP] the chunk can be dropped testing without sub-chunk 5/5 disabling configs for [UBSAN BUG KASAN ATOMIC_SLEEP HANG LEAK], they are not needed testing commit 6f130e4d4a5f7174f98300376f3994817ad7e21c gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 7107bb92a30cf46a09a56169010d4bf320fa4cf4e851288f2258f0df61aa671e all runs: crashed: possible deadlock in sock_hash_update_common representative crash: possible deadlock in sock_hash_update_common, types: [LOCKDEP] the chunk can be dropped minimized to 402 configs; suspects: [6LOWPAN 6LOWPAN_GHC_EXT_HDR_DEST 6LOWPAN_GHC_EXT_HDR_FRAG 6LOWPAN_GHC_EXT_HDR_HOP 6LOWPAN_GHC_EXT_HDR_ROUTE 6LOWPAN_GHC_ICMPV6 6LOWPAN_GHC_UDP 6LOWPAN_NHC 6LOWPAN_NHC_DEST 6LOWPAN_NHC_FRAGMENT 6LOWPAN_NHC_HOP 6LOWPAN_NHC_IPV6 6LOWPAN_NHC_MOBILITY 6LOWPAN_NHC_ROUTING 6LOWPAN_NHC_UDP 6PACK 842_COMPRESS 842_DECOMPRESS 9P_FSCACHE 9P_FS_POSIX_ACL 9P_FS_SECURITY ACORN_PARTITION ACORN_PARTITION_ADFS ACORN_PARTITION_CUMANA ACORN_PARTITION_EESOX ACORN_PARTITION_ICS ACORN_PARTITION_POWERTEC ACORN_PARTITION_RISCIX ACPI_NFIT ACPI_PLATFORM_PROFILE ADDRESS_MASKING ADFS_FS AFFS_FS AFS_FS AFS_FSCACHE AF_KCM AF_RXRPC AF_RXRPC_IPV6 AIX_PARTITION AMIGA_PARTITION ANDROID_BINDERFS ANDROID_BINDER_IPC ANON_VMA_NAME APERTURE_HELPERS AR5523 ARCH_ENABLE_MEMORY_HOTREMOVE ARCH_ENABLE_THP_MIGRATION ARCH_WANT_PMD_MKWRITE ASM_MODVERSIONS ASYNC_CORE ASYNC_MEMCPY ASYNC_PQ ASYNC_RAID6_RECOV ASYNC_TX_DMA ASYNC_XOR ATARI_PARTITION ATA_GENERIC ATA_OVER_ETH ATH10K ATH10K_CE ATH10K_PCI ATH10K_USB ATH11K ATH6KL ATH6KL_USB ATH9K ATH9K_AHB ATH9K_BTCOEX_SUPPORT ATH9K_CHANNEL_CONTEXT ATH9K_COMMON ATH9K_COMMON_DEBUG ATH9K_DEBUGFS ATH9K_DYNACK ATH9K_HTC ATH9K_HTC_DEBUGFS ATH9K_HW ATH9K_PCI ATH9K_PCOEM ATH9K_RFKILL ATH_COMMON ATM ATM_BR2684 ATM_CLIP ATM_DRIVERS ATM_LANE ATM_MPOA ATM_TCP AUXILIARY_BUS AX25 AX25_DAMA_SLAVE AX88796B_PHY BAREUDP BASE_FULL BATMAN_ADV BATMAN_ADV_BATMAN_V BATMAN_ADV_BLA BATMAN_ADV_DAT BATMAN_ADV_MCAST BATMAN_ADV_NC BCACHE BCACHEFS_DEBUG BCACHEFS_ERASURE_CODING BCACHEFS_FS BCACHEFS_POSIX_ACL BCACHEFS_QUOTA BCACHEFS_SIX_OPTIMISTIC_SPIN BCMA BCMA_HOST_PCI_POSSIBLE BEFS_FS BFQ_CGROUP_DEBUG BFQ_GROUP_IOSCHED BFS_FS BIG_KEYS BLK_CGROUP_PUNT_BIO BLK_CGROUP_RWSTAT BLK_DEBUG_FS_ZONED BLK_DEV_BSGLIB BLK_DEV_INTEGRITY BLK_DEV_INTEGRITY_T10 BLK_DEV_NBD BLK_DEV_NULL_BLK BLK_DEV_NULL_BLK_FAULT_INJECTION BLK_DEV_NVME BLK_DEV_PMEM BLK_DEV_RAM BLK_DEV_RNBD BLK_DEV_RNBD_CLIENT BLK_DEV_THROTTLING BLK_DEV_ZONED BLK_ICQ BLK_INLINE_ENCRYPTION BLK_INLINE_ENCRYPTION_FALLBACK BLK_WBT BLK_WBT_MQ BONDING BOOT_VESA_SUPPORT BPF_EVENTS BPF_JIT BPF_JIT_ALWAYS_ON BPF_JIT_DEFAULT_ON BPF_LSM BPF_PRELOAD BPF_PRELOAD_UMD BPF_STREAM_PARSER BPF_SYSCALL BPQETHER BRIDGE BRIDGE_CFM BRIDGE_EBT_802_3 BRIDGE_EBT_AMONG BRIDGE_EBT_ARP BRIDGE_EBT_ARPREPLY BRIDGE_EBT_BROUTE BRIDGE_EBT_DNAT BRIDGE_EBT_IP BRIDGE_EBT_IP6 BRIDGE_EBT_LIMIT BRIDGE_EBT_LOG BRIDGE_EBT_MARK BRIDGE_EBT_MARK_T BRIDGE_EBT_NFLOG BRIDGE_EBT_PKTTYPE BRIDGE_EBT_REDIRECT BRIDGE_EBT_SNAT BRIDGE_EBT_STP BRIDGE_EBT_T_FILTER BRIDGE_EBT_T_NAT BRIDGE_EBT_VLAN BRIDGE_IGMP_SNOOPING BRIDGE_MRP BRIDGE_NF_EBTABLES BRIDGE_NF_EBTABLES_LEGACY BRIDGE_VLAN_FILTERING BSD_DISKLABEL BSD_PROCESS_ACCT_V3 BT BTRFS_ASSERT BTRFS_FS BTRFS_FS_POSIX_ACL BTRFS_FS_REF_VERIFY BTT BT_6LOWPAN BT_ATH3K BT_BCM BT_BNEP BT_BNEP_MC_FILTER BT_BNEP_PROTO_FILTER BT_BREDR BT_CMTP BT_HCIBCM203X BT_HCIBFUSB BT_HCIBPA10X BT_HCIBTUSB BT_HCIBTUSB_BCM BT_HCIBTUSB_MTK BT_HCIBTUSB_POLL_SYNC BT_HCIBTUSB_RTL BT_HCIUART BT_HCIUART_3WIRE BT_HCIUART_AG6XX BT_HCIUART_BCSP BT_HCIUART_H4 BT_HCIUART_LL BT_HCIUART_MRVL BT_HCIUART_QCA BT_HCIUART_SERDEV BT_HCIVHCI BT_HIDP BT_INTEL BT_LE BT_LEDS BT_LE_L2CAP_ECRED BT_MRVL BT_MRVL_SDIO BT_MSFTEXT BT_MTK BT_QCA BT_RFCOMM BT_RFCOMM_TTY BT_RTL CACHEFILES CAIF CAIF_DEBUG CAIF_DRIVERS CAIF_NETDEV CAIF_TTY CAIF_USB CAIF_VIRTIO CAN CAN_8DEV_USB CAN_BCM CAN_CALC_BITTIMING CAN_DEV CAN_EMS_USB CAN_GS_USB CAN_GW CAN_IFI_CANFD CAN_ISOTP CAN_J1939 CAN_KVASER_USB CAN_MCBA_USB CAN_NETLINK CAN_PEAK_USB CAN_RAW CAN_RX_OFFLOAD CAN_SLCAN CAN_VCAN CAN_VXCAN CAPI_TRACE CARL9170 CARL9170_HWRNG CARL9170_LEDS CARL9170_WPC CEC_CORE CEPH_FS CEPH_FSCACHE CEPH_FS_POSIX_ACL CEPH_LIB CEPH_LIB_USE_DNS_RESOLVER CFG80211 CFG80211_CRDA_SUPPORT CFG80211_DEBUGFS CFG80211_DEFAULT_PS CFG80211_REQUIRE_SIGNED_REGDB CFG80211_USE_KERNEL_REGDB_KEYS CFG80211_WEXT CFS_BANDWIDTH CGROUP_BPF CHARGER_BQ24190 CHARGER_ISP1704 CHR_DEV_ST CIFS CIFS_ALLOW_INSECURE_LEGACY CIFS_DEBUG CIFS_DFS_UPCALL CIFS_FSCACHE CIFS_POSIX CIFS_SMB_DIRECT CIFS_SWN_UPCALL CIFS_UPCALL CIFS_XATTR CLOSURES CLS_U32_MARK CLS_U32_PERF CMA CMA_SIZE_SEL_MBYTES CMDLINE_PARTITION COMEDI COMEDI_DT9812 COMEDI_NI_USB6501 COMEDI_USBDUX COMEDI_USBDUXFAST COMEDI_USBDUXSIGMA COMEDI_USB_DRIVERS COMEDI_VMK80XX COMPAT_NETLINK_MESSAGES COUNTER CRAMFS CRAMFS_BLOCKDEV CRAMFS_MTD CRC4 CRC64 CRC64_ROCKSOFT CRC7 CRC8 CRC_ITU_T CRC_T10DIF CRYPTO_ADIANTUM CRYPTO_AEGIS128 CRYPTO_AEGIS128_AESNI_SSE2 CRYPTO_AES_NI_INTEL CRYPTO_AES_TI CRYPTO_ANSI_CPRNG CRYPTO_ANUBIS CRYPTO_ARC4 CRYPTO_ARCH_HAVE_LIB_BLAKE2S CRYPTO_ARCH_HAVE_LIB_CHACHA CRYPTO_ARCH_HAVE_LIB_CURVE25519 CRYPTO_ARCH_HAVE_LIB_POLY1305 CRYPTO_ARIA CRYPTO_ARIA_AESNI_AVX_X86_64 CRYPTO_BLAKE2B CRYPTO_BLAKE2S_X86 CRYPTO_BLOWFISH CRYPTO_BLOWFISH_COMMON CRYPTO_BLOWFISH_X86_64 CRYPTO_CAMELLIA CRYPTO_CAMELLIA_AESNI_AVX2_X86_64 CRYPTO_CAMELLIA_AESNI_AVX_X86_64 CRYPTO_CAMELLIA_X86_64 CRYPTO_CAST5 CRYPTO_CAST5_AVX_X86_64 CRYPTO_CAST6 CRYPTO_CAST6_AVX_X86_64 CRYPTO_CAST_COMMON CRYPTO_CHACHA20 CRYPTO_CHACHA20POLY1305 CRYPTO_CHACHA20_X86_64 CRYPTO_CRC32 CRYPTO_CRC32C_INTEL CRYPTO_CRC32_PCLMUL CRYPTO_CRC64_ROCKSOFT CRYPTO_CRCT10DIF CRYPTO_CRCT10DIF_PCLMUL CRYPTO_CRYPTD CRYPTO_CTS CRYPTO_CURVE25519 CRYPTO_CURVE25519_X86 CRYPTO_DEFLATE CRYPTO_DES CRYPTO_DES3_EDE_X86_64 CRYPTO_DEV_CCP CRYPTO_DEV_CCP_DD CRYPTO_DEV_PADLOCK CRYPTO_DEV_PADLOCK_AES CRYPTO_DEV_PADLOCK_SHA CRYPTO_DEV_QAT CRYPTO_DEV_QAT_C3XXX CRYPTO_DEV_QAT_C3XXXVF CRYPTO_DEV_QAT_C62X CRYPTO_DEV_QAT_C62XVF CRYPTO_DEV_QAT_DH895xCC CRYPTO_DEV_QAT_DH895xCCVF CRYPTO_DEV_VIRTIO CRYPTO_DH CRYPTO_DRBG_CTR CRYPTO_DRBG_HASH CRYPTO_ECC CRYPTO_ECDH CRYPTO_ECRDSA CRYPTO_ENGINE CRYPTO_ESSIV CRYPTO_FCRYPT CRYPTO_GHASH_CLMUL_NI_INTEL CRYPTO_HCTR2 CRYPTO_KDF800108_CTR CRYPTO_KEYWRAP CRYPTO_KHAZAD CRYPTO_KPP CRYPTO_LIB_ARC4 CRYPTO_LIB_CHACHA CRYPTO_LIB_CHACHA20POLY1305 CRYPTO_LIB_CHACHA_GENERIC CRYPTO_LIB_CURVE25519 CRYPTO_LIB_CURVE25519_GENERIC CRYPTO_LIB_DES CRYPTO_LIB_POLY1305 CRYPTO_LIB_POLY1305_GENERIC CRYPTO_LRW CRYPTO_MICHAEL_MIC CRYPTO_NHPOLY1305 CRYPTO_NHPOLY1305_AVX2 CRYPTO_NHPOLY1305_SSE2 CRYPTO_PCBC CRYPTO_PCRYPT CRYPTO_POLY1305 CRYPTO_POLY1305_X86_64 CRYPTO_POLYVAL CRYPTO_POLYVAL_CLMUL_NI CRYPTO_RMD160 CRYPTO_SEED CRYPTO_SERPENT CRYPTO_SERPENT_AVX2_X86_64 CRYPTO_SERPENT_AVX_X86_64 CRYPTO_SERPENT_SSE2_X86_64 CRYPTO_SHA1_SSSE3 CRYPTO_SHA256_SSSE3 CRYPTO_SHA512_SSSE3 CRYPTO_SIMD CRYPTO_SM2 CRYPTO_SM3 CRYPTO_SM3_AVX_X86_64 CRYPTO_SM4 CRYPTO_SM4_AESNI_AVX2_X86_64 CRYPTO_SM4_AESNI_AVX_X86_64 CRYPTO_SM4_GENERIC CRYPTO_STREEBOG CRYPTO_TEA CRYPTO_TWOFISH CRYPTO_TWOFISH_AVX_X86_64 CRYPTO_TWOFISH_COMMON CRYPTO_TWOFISH_X86_64 CRYPTO_TWOFISH_X86_64_3WAY CRYPTO_USER CRYPTO_USER_API CRYPTO_USER_API_AEAD CRYPTO_USER_API_ENABLE_OBSOLETE CRYPTO_USER_API_HASH CRYPTO_USER_API_RNG CRYPTO_USER_API_SKCIPHER CRYPTO_VMAC CRYPTO_WP512 CRYPTO_XCBC CRYPTO_XCTR CRYPTO_XTS CRYPTO_XXHASH CUSE CYPRESS_FIRMWARE DAMON DAMON_PADDR DAMON_RECLAIM DAMON_VADDR DAX DCA DCB DEFAULT_PFIFO_FAST DEVICE_MIGRATION DEVICE_PRIVATE DEV_COREDUMP DEV_DAX DLN2_ADC DMABUF_HEAPS DMABUF_HEAPS_CMA DMABUF_HEAPS_SYSTEM DMABUF_MOVE_NOTIFY DMA_CMA DMA_ENGINE_RAID DM_AUDIT DM_BIO_PRISON DM_BUFIO DM_CACHE DM_CACHE_SMQ DM_CLONE DM_CRYPT DM_FLAKEY DM_INTEGRITY DM_MULTIPATH DM_MULTIPATH_QL DM_MULTIPATH_ST DM_PERSISTENT_DATA DM_RAID DM_SNAPSHOT DM_THIN_PROVISIONING DM_UEVENT DM_VERITY DM_VERITY_FEC DM_WRITECACHE DM_ZONED DRAGONRISE_FF DRM DRM_BOCHS ENCRYPTED_KEYS EXTCON FSCACHE FUSE_FS GPIOLIB HAMRADIO HID_DRAGONRISE IIO INFINIBAND INFINIBAND_ADDR_TRANS INFINIBAND_RTRS_CLIENT IOSCHED_BFQ ISDN ISDN_CAPI LIBNVDIMM MAC80211 MAC80211_DEBUGFS MAC80211_LEDS MEDIA_SUPPORT MEMORY_HOTPLUG MEMORY_HOTREMOVE MFD_DLN2 MMC MTD NET_CLS_U32 NET_SCH_DEFAULT PARTITION_ADVANCED RFKILL SERIAL_DEV_BUS TLS TLS_DEVICE TRANSPARENT_HUGEPAGE TRUSTED_KEYS USB_GADGET USB_PHY VLAN_8021Q WANT_COMPAT_NETLINK_MESSAGES WEXT_CORE WIRELESS WIRELESS_EXT WLAN WLAN_VENDOR_ATH X86_X32_ABI ZONE_DEVICE] disabling configs for [HANG LEAK UBSAN BUG KASAN ATOMIC_SLEEP], they are not needed testing current HEAD 7d30b8aa4fc39db4f632621d5b846fa635494dc2 testing commit 7d30b8aa4fc39db4f632621d5b846fa635494dc2 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 1e75a0c30a95838de1842d55506167e5c39e92aca536b46630c97495850b8ce8 run #0: boot failed: can't ssh into the instance run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK false negative chance: 0.000 # git bisect start 7d30b8aa4fc39db4f632621d5b846fa635494dc2 6f130e4d4a5f7174f98300376f3994817ad7e21c Bisecting: 5285 revisions left to test after this (roughly 12 steps) [65e4efa049781519e376e6a9bd8517643fd1e858] Merge branch 'net-drop-rx-socket-tracepoint' determine whether the revision contains the guilty commit revision 6f130e4d4a5f7174f98300376f3994817ad7e21c crashed and is reachable testing commit 65e4efa049781519e376e6a9bd8517643fd1e858 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 45fc3d145256191bf19d29d87aa8f8b917511d1e73d1d488de861668b928f00a all runs: OK false negative chance: 0.000 # git bisect bad 65e4efa049781519e376e6a9bd8517643fd1e858 Bisecting: 2631 revisions left to test after this (roughly 11 steps) [f3033eb79136dd27b17e7a192fac0155ceab5eb8] Merge tag 'leds-next-6.10' of git://git.kernel.org/pub/scm/linux/kernel/git/lee/leds determine whether the revision contains the guilty commit checking the merge base 4b377b4868ef17b040065bd468668c707d2477a5 no existing result, test the revision testing commit 4b377b4868ef17b040065bd468668c707d2477a5 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 8b4d2857f051bd17add2848f7e44d9ed8dbbf9b6cca5e8e0247a1690e4a38073 all runs: crashed: possible deadlock in sock_hash_update_common representative crash: possible deadlock in sock_hash_update_common, types: [LOCKDEP] testing commit f3033eb79136dd27b17e7a192fac0155ceab5eb8 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 9f23b6a99a20e2d70d99f900c70defc3a09ba5d5f2b69858b6f1c068d7a96588 all runs: crashed: possible deadlock in sock_hash_update_common representative crash: possible deadlock in sock_hash_update_common, types: [LOCKDEP] # git bisect good f3033eb79136dd27b17e7a192fac0155ceab5eb8 Bisecting: 1315 revisions left to test after this (roughly 10 steps) [166fcf86cd34e15c7f383eda4642d7a212393008] ax25: Replace kfree() in ax25_dev_free() with ax25_dev_put() determine whether the revision contains the guilty commit revision 4b377b4868ef17b040065bd468668c707d2477a5 crashed and is reachable testing commit 166fcf86cd34e15c7f383eda4642d7a212393008 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 8e266c9e7c26c25c22eff4df3d7089ae58e7e6d0471adc1247fdd414c5c1497f all runs: OK false negative chance: 0.000 # git bisect bad 166fcf86cd34e15c7f383eda4642d7a212393008 Bisecting: 594 revisions left to test after this (roughly 9 steps) [5f16eb0549ab502906fb2a10147dad4b9dc185c4] Merge tag 'char-misc-6.10-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc determine whether the revision contains the guilty commit revision 4b377b4868ef17b040065bd468668c707d2477a5 crashed and is reachable testing commit 5f16eb0549ab502906fb2a10147dad4b9dc185c4 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: fff9027d362c1cb03743e276c1ff2c82c275d8a0b346d3ed9dec920d4f3c4d91 all runs: crashed: possible deadlock in sock_hash_update_common representative crash: possible deadlock in sock_hash_update_common, types: [LOCKDEP] # git bisect good 5f16eb0549ab502906fb2a10147dad4b9dc185c4 Bisecting: 300 revisions left to test after this (roughly 8 steps) [dcb9f48667824399e496113f2374d08e6aa59770] Merge tag 'erofs-for-6.10-rc1-2' of git://git.kernel.org/pub/scm/linux/kernel/git/xiang/erofs determine whether the revision contains the guilty commit revision f3033eb79136dd27b17e7a192fac0155ceab5eb8 crashed and is reachable testing commit dcb9f48667824399e496113f2374d08e6aa59770 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 10c72187f153804746f344cf845bdab4a72de9507091addfe34af30c64ae40c4 all runs: crashed: possible deadlock in sock_hash_update_common representative crash: possible deadlock in sock_hash_update_common, types: [LOCKDEP] # git bisect good dcb9f48667824399e496113f2374d08e6aa59770 Bisecting: 146 revisions left to test after this (roughly 7 steps) [56676c4c06f19215fbf8b8813c73d63c986270f8] Merge tag 'for-linus-6.10-1' of https://github.com/cminyard/linux-ipmi determine whether the revision contains the guilty commit revision dcb9f48667824399e496113f2374d08e6aa59770 crashed and is reachable testing commit 56676c4c06f19215fbf8b8813c73d63c986270f8 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 8039a2b92125f2cd7471931d14d57a7ae21ff2ac1e2ac999cb0f24abddff2489 all runs: crashed: possible deadlock in sock_hash_update_common representative crash: possible deadlock in sock_hash_update_common, types: [LOCKDEP] # git bisect good 56676c4c06f19215fbf8b8813c73d63c986270f8 Bisecting: 72 revisions left to test after this (roughly 6 steps) [e889eb17f456176843ad7d8b24152b5989cd5c1e] Merge tag 'nf-24-05-29' of git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf determine whether the revision contains the guilty commit revision 4b377b4868ef17b040065bd468668c707d2477a5 crashed and is reachable testing commit e889eb17f456176843ad7d8b24152b5989cd5c1e gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 536577db56d3152b4761f110a4b830cb13e48f4553096708c7a9b125ea2cb9d2 all runs: OK false negative chance: 0.000 # git bisect bad e889eb17f456176843ad7d8b24152b5989cd5c1e Bisecting: 36 revisions left to test after this (roughly 5 steps) [f4dca95fc0f6350918f2e6727e35b41f7f86fcce] tcp: reduce accepted window in NEW_SYN_RECV state determine whether the revision contains the guilty commit revision 4b377b4868ef17b040065bd468668c707d2477a5 crashed and is reachable testing commit f4dca95fc0f6350918f2e6727e35b41f7f86fcce gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 362d47949bc179dff070834889608ca2abf0e10a9ac57359907a0a39e54943af all runs: OK false negative chance: 0.000 # git bisect bad f4dca95fc0f6350918f2e6727e35b41f7f86fcce Bisecting: 19 revisions left to test after this (roughly 4 steps) [52a2f0608366a629d43dacd3191039c95fef74ba] net: usb: smsc95xx: fix changing LED_SEL bit value updated from EEPROM determine whether the revision contains the guilty commit revision 4b377b4868ef17b040065bd468668c707d2477a5 crashed and is reachable testing commit 52a2f0608366a629d43dacd3191039c95fef74ba gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 0def7bec3e653c7dd793d9e44d085f408e9910e9967350452ca9e185ffcb33fd all runs: crashed: possible deadlock in sock_hash_update_common representative crash: possible deadlock in sock_hash_update_common, types: [LOCKDEP] # git bisect good 52a2f0608366a629d43dacd3191039c95fef74ba Bisecting: 9 revisions left to test after this (roughly 3 steps) [d6fe532b7499e4575f9647879b7a34625817fe7f] netkit: Fix setting mac address in l2 mode determine whether the revision contains the guilty commit revision 4b377b4868ef17b040065bd468668c707d2477a5 crashed and is reachable testing commit d6fe532b7499e4575f9647879b7a34625817fe7f gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 3005b8222a4187d848ed6396b42d046d2726586af34de36a6baad2d17f9323cf all runs: crashed: possible deadlock in sock_hash_update_common representative crash: possible deadlock in sock_hash_update_common, types: [LOCKDEP] # git bisect good d6fe532b7499e4575f9647879b7a34625817fe7f Bisecting: 4 revisions left to test after this (roughly 2 steps) [3b9ce0491a43e9af7f108b2f1bced7cd35931660] Revert "bpf, sockmap: Prevent lock inversion deadlock in map delete elem" determine whether the revision contains the guilty commit revision d6fe532b7499e4575f9647879b7a34625817fe7f crashed and is reachable testing commit 3b9ce0491a43e9af7f108b2f1bced7cd35931660 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 0319e20265d9ef53fb881e065401862cb14d119b06d3e183c12e20b5109e391f all runs: OK false negative chance: 0.000 # git bisect bad 3b9ce0491a43e9af7f108b2f1bced7cd35931660 Bisecting: 2 revisions left to test after this (roughly 1 step) [998ffeb2738e26f134dc8e63b5dcaece22573957] selftests/bpf: Add netkit tests for mac address determine whether the revision contains the guilty commit revision 4b377b4868ef17b040065bd468668c707d2477a5 crashed and is reachable testing commit 998ffeb2738e26f134dc8e63b5dcaece22573957 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 14eea0a666235cdf571226311a4701544ca5497f04787446cc873b82d10d5a1e all runs: crashed: possible deadlock in sock_hash_update_common representative crash: possible deadlock in sock_hash_update_common, types: [LOCKDEP] # git bisect good 998ffeb2738e26f134dc8e63b5dcaece22573957 Bisecting: 0 revisions left to test after this (roughly 1 step) [98e948fb60d41447fd8d2d0c3b8637fc6b6dc26d] bpf: Allow delete from sockmap/sockhash only if update is allowed determine whether the revision contains the guilty commit revision 4b377b4868ef17b040065bd468668c707d2477a5 crashed and is reachable testing commit 98e948fb60d41447fd8d2d0c3b8637fc6b6dc26d gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 95874ec0cc013b674d22b99331357105bb5f4414614338d929218f198ed24752 all runs: OK false negative chance: 0.000 # git bisect bad 98e948fb60d41447fd8d2d0c3b8637fc6b6dc26d Bisecting: 0 revisions left to test after this (roughly 0 steps) [95348e463eabc803341c67d562f9e0a5f0a48fe6] selftests/bpf: Add netkit test for pkt_type determine whether the revision contains the guilty commit revision d6fe532b7499e4575f9647879b7a34625817fe7f crashed and is reachable testing commit 95348e463eabc803341c67d562f9e0a5f0a48fe6 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 500db56f6b48147147034908438a4f9413f7c6db7978ac5e9eb0024157283cd4 all runs: crashed: possible deadlock in sock_hash_update_common representative crash: possible deadlock in sock_hash_update_common, types: [LOCKDEP] # git bisect good 95348e463eabc803341c67d562f9e0a5f0a48fe6 98e948fb60d41447fd8d2d0c3b8637fc6b6dc26d is the first bad commit commit 98e948fb60d41447fd8d2d0c3b8637fc6b6dc26d Author: Jakub Sitnicki Date: Mon May 27 13:20:07 2024 +0200 bpf: Allow delete from sockmap/sockhash only if update is allowed We have seen an influx of syzkaller reports where a BPF program attached to a tracepoint triggers a locking rule violation by performing a map_delete on a sockmap/sockhash. We don't intend to support this artificial use scenario. Extend the existing verifier allowed-program-type check for updating sockmap/sockhash to also cover deleting from a map. From now on only BPF programs which were previously allowed to update sockmap/sockhash can delete from these map types. Fixes: ff9105993240 ("bpf, sockmap: Prevent lock inversion deadlock in map delete elem") Reported-by: Tetsuo Handa Reported-by: syzbot+ec941d6e24f633a59172@syzkaller.appspotmail.com Signed-off-by: Jakub Sitnicki Signed-off-by: Daniel Borkmann Tested-by: syzbot+ec941d6e24f633a59172@syzkaller.appspotmail.com Acked-by: John Fastabend Closes: https://syzkaller.appspot.com/bug?extid=ec941d6e24f633a59172 Link: https://lore.kernel.org/bpf/20240527-sockmap-verify-deletes-v1-1-944b372f2101@cloudflare.com kernel/bpf/verifier.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) accumulated error probability: 0.00 culprit signature: 95874ec0cc013b674d22b99331357105bb5f4414614338d929218f198ed24752 parent signature: 500db56f6b48147147034908438a4f9413f7c6db7978ac5e9eb0024157283cd4 revisions tested: 23, total time: 5h23m8.929719741s (build: 2h45m59.855435942s, test: 2h21m14.823009842s) first good commit: 98e948fb60d41447fd8d2d0c3b8637fc6b6dc26d bpf: Allow delete from sockmap/sockhash only if update is allowed recipients (to): ["daniel@iogearbox.net" "jakub@cloudflare.com" "john.fastabend@gmail.com" "syzbot+ec941d6e24f633a59172@syzkaller.appspotmail.com"] recipients (cc): []