ci2 starts bisection 2023-04-15 13:49:07.455592747 +0000 UTC m=+90455.680493706
bisecting fixing commit since 2ddbd0f967b34872290e0f98fae32b91b4de7b87
building syzkaller on 18b586030b9a7e7f4c7208f44be8994740608841
ensuring issue is reproducible on original commit 2ddbd0f967b34872290e0f98fae32b91b4de7b87

testing commit 2ddbd0f967b34872290e0f98fae32b91b4de7b87 gcc
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 41bdbce8882fd76f964ae9699d71836433e2a2e909c29cfca89d2cfac5d8c0d9
run #0: boot failed: create image operation failed: &{Code:QUOTA_EXCEEDED ErrorDetails:[0xc0005eb680] Location: Message:Quota 'T2A_CPUS' exceeded.  Limit: 64.0 in region us-central1. ForceSendFields:[] NullFields:[]}.
run #1: boot failed: create image operation failed: &{Code:QUOTA_EXCEEDED ErrorDetails:[0xc0005eb720] Location: Message:Quota 'T2A_CPUS' exceeded.  Limit: 64.0 in region us-central1. ForceSendFields:[] NullFields:[]}.
run #2: boot failed: create image operation failed: &{Code:QUOTA_EXCEEDED ErrorDetails:[0xc0005eb860] Location: Message:Quota 'T2A_CPUS' exceeded.  Limit: 64.0 in region us-central1. ForceSendFields:[] NullFields:[]}.
run #3: boot failed: create image operation failed: &{Code:QUOTA_EXCEEDED ErrorDetails:[0xc000c2db30] Location: Message:Quota 'T2A_CPUS' exceeded.  Limit: 64.0 in region us-central1. ForceSendFields:[] NullFields:[]}.
run #4: boot failed: create image operation failed: &{Code:QUOTA_EXCEEDED ErrorDetails:[0xc000c2dcc0] Location: Message:Quota 'T2A_CPUS' exceeded.  Limit: 64.0 in region us-central1. ForceSendFields:[] NullFields:[]}.
run #5: boot failed: create image operation failed: &{Code:QUOTA_EXCEEDED ErrorDetails:[0xc0005eb950] Location: Message:Quota 'T2A_CPUS' exceeded.  Limit: 64.0 in region us-central1. ForceSendFields:[] NullFields:[]}.
run #6: boot failed: create image operation failed: &{Code:QUOTA_EXCEEDED ErrorDetails:[0xc000a38f50] Location: Message:Quota 'T2A_CPUS' exceeded.  Limit: 64.0 in region us-central1. ForceSendFields:[] NullFields:[]}.
run #7: boot failed: create image operation failed: &{Code:QUOTA_EXCEEDED ErrorDetails:[0xc00297e0a0] Location: Message:Quota 'T2A_CPUS' exceeded.  Limit: 64.0 in region us-central1. ForceSendFields:[] NullFields:[]}.
run #8: boot failed: create image operation failed: &{Code:QUOTA_EXCEEDED ErrorDetails:[0xc000a387d0] Location: Message:Quota 'T2A_CPUS' exceeded.  Limit: 64.0 in region us-central1. ForceSendFields:[] NullFields:[]}.
run #9: boot failed: create image operation failed: &{Code:QUOTA_EXCEEDED ErrorDetails:[0xc0008254f0] Location: Message:Quota 'T2A_CPUS' exceeded.  Limit: 64.0 in region us-central1. ForceSendFields:[] NullFields:[]}.
run #10: boot failed: create image operation failed: &{Code:QUOTA_EXCEEDED ErrorDetails:[0xc00297e460] Location: Message:Quota 'T2A_CPUS' exceeded.  Limit: 64.0 in region us-central1. ForceSendFields:[] NullFields:[]}.
run #11: boot failed: create image operation failed: &{Code:QUOTA_EXCEEDED ErrorDetails:[0xc0000c6af0] Location: Message:Quota 'T2A_CPUS' exceeded.  Limit: 64.0 in region us-central1. ForceSendFields:[] NullFields:[]}.
run #12: boot failed: create image operation failed: &{Code:QUOTA_EXCEEDED ErrorDetails:[0xc000825590] Location: Message:Quota 'T2A_CPUS' exceeded.  Limit: 64.0 in region us-central1. ForceSendFields:[] NullFields:[]}.
run #13: boot failed: create image operation failed: &{Code:QUOTA_EXCEEDED ErrorDetails:[0xc000825680] Location: Message:Quota 'T2A_CPUS' exceeded.  Limit: 64.0 in region us-central1. ForceSendFields:[] NullFields:[]}.
run #14: boot failed: create image operation failed: &{Code:QUOTA_EXCEEDED ErrorDetails:[0xc000825950] Location: Message:Quota 'T2A_CPUS' exceeded.  Limit: 64.0 in region us-central1. ForceSendFields:[] NullFields:[]}.
run #15: crashed: WARNING: refcount bug in qrtr_node_lookup
run #16: crashed: WARNING: refcount bug in qrtr_node_lookup
run #17: crashed: WARNING: refcount bug in qrtr_node_lookup
run #18: crashed: WARNING: refcount bug in qrtr_node_lookup
run #19: crashed: WARNING: refcount bug in qrtr_node_lookup
testing current HEAD 4fdad925aa1a320c2f32bf956ed29100c7fdc464
testing commit 4fdad925aa1a320c2f32bf956ed29100c7fdc464 gcc
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 2796ea2d9f5555ae0c044b9b83f86a05485ba827746db1dc19e3a5becf41d345
run #0: boot failed: create image operation failed: &{Code:QUOTA_EXCEEDED ErrorDetails:[0xc000578d70] Location: Message:Quota 'T2A_CPUS' exceeded.  Limit: 64.0 in region us-central1. ForceSendFields:[] NullFields:[]}.
run #1: boot failed: create image operation failed: &{Code:QUOTA_EXCEEDED ErrorDetails:[0xc000578e60] Location: Message:Quota 'T2A_CPUS' exceeded.  Limit: 64.0 in region us-central1. ForceSendFields:[] NullFields:[]}.
run #2: OK
run #3: OK
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
# git bisect start 4fdad925aa1a320c2f32bf956ed29100c7fdc464 2ddbd0f967b34872290e0f98fae32b91b4de7b87
Bisecting: 293 revisions left to test after this (roughly 8 steps)
[90874b76e5f82eaa3309714d72ff2cd8bb8d1b02] octeontx2-vf: Add missing free for alloc_percpu

testing commit 90874b76e5f82eaa3309714d72ff2cd8bb8d1b02 gcc
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: b3110168a28301b92b2cd8701517cc0bea079c734b505a081fd6462c2ee3ddfe
run #0: boot failed: create image operation failed: &{Code:QUOTA_EXCEEDED ErrorDetails:[0xc00298cd70] Location: Message:Quota 'T2A_CPUS' exceeded.  Limit: 64.0 in region us-central1. ForceSendFields:[] NullFields:[]}.
run #1: boot failed: create image operation failed: &{Code:QUOTA_EXCEEDED ErrorDetails:[0xc00298ce10] Location: Message:Quota 'T2A_CPUS' exceeded.  Limit: 64.0 in region us-central1. ForceSendFields:[] NullFields:[]}.
run #2: crashed: WARNING: refcount bug in qrtr_node_lookup
run #3: crashed: WARNING: refcount bug in qrtr_node_lookup
run #4: crashed: WARNING: refcount bug in qrtr_node_lookup
run #5: crashed: WARNING: refcount bug in qrtr_node_lookup
run #6: crashed: WARNING: refcount bug in qrtr_node_lookup
run #7: crashed: WARNING: refcount bug in qrtr_node_lookup
run #8: crashed: WARNING: refcount bug in qrtr_node_lookup
run #9: crashed: WARNING: refcount bug in qrtr_node_lookup
# git bisect good 90874b76e5f82eaa3309714d72ff2cd8bb8d1b02
Bisecting: 146 revisions left to test after this (roughly 7 steps)
[61e2e6d444cdc53a308a323d17b32a0a2919d7d4] net: stmmac: don't reject VLANs when IFF_PROMISC is set

testing commit 61e2e6d444cdc53a308a323d17b32a0a2919d7d4 gcc
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 17174f0bf33e5dcbedb5d68229c58bc566a38cdc5b791c3f6ee070d06300cc05
run #0: crashed: WARNING: refcount bug in qrtr_node_lookup
run #1: crashed: WARNING: refcount bug in qrtr_node_lookup
run #2: crashed: WARNING: refcount bug in qrtr_node_lookup
run #3: crashed: WARNING: refcount bug in qrtr_node_lookup
run #4: crashed: WARNING: refcount bug in qrtr_node_lookup
run #5: crashed: WARNING: refcount bug in qrtr_node_lookup
run #6: crashed: WARNING: refcount bug in qrtr_node_lookup
run #7: crashed: WARNING: refcount bug in qrtr_node_lookup
run #8: crashed: WARNING: refcount bug in qrtr_node_lookup
run #9: OK
# git bisect good 61e2e6d444cdc53a308a323d17b32a0a2919d7d4
Bisecting: 73 revisions left to test after this (roughly 6 steps)
[b50cd6789dbb732555f869d1ba396de3f96eec3c] gpio: GPIO_REGMAP: select REGMAP instead of depending on it

testing commit b50cd6789dbb732555f869d1ba396de3f96eec3c gcc
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 26b726bade2c410c67561db8ea9e2ac02fe09861b8dd6107ca912af6b693283e
all runs: crashed: WARNING: refcount bug in qrtr_node_lookup
# git bisect good b50cd6789dbb732555f869d1ba396de3f96eec3c
Bisecting: 36 revisions left to test after this (roughly 5 steps)
[73742a446e086b987e3bc00c7c71c851ae5101a3] iio: adc: ti-ads7950: Set `can_sleep` flag for GPIO chip

testing commit 73742a446e086b987e3bc00c7c71c851ae5101a3 gcc
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: f650043145c54ddfeee037a7794ca5442593f8f864d90993cf0616e9a557a602
run #0: boot failed: create image operation failed: &{Code:QUOTA_EXCEEDED ErrorDetails:[0xc001d1cc30] Location: Message:Quota 'T2A_CPUS' exceeded.  Limit: 64.0 in region us-central1. ForceSendFields:[] NullFields:[]}.
run #1: boot failed: create image operation failed: &{Code:QUOTA_EXCEEDED ErrorDetails:[0xc0037d6be0] Location: Message:Quota 'T2A_CPUS' exceeded.  Limit: 64.0 in region us-central1. ForceSendFields:[] NullFields:[]}.
run #2: OK
run #3: OK
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
# git bisect bad 73742a446e086b987e3bc00c7c71c851ae5101a3
Bisecting: 18 revisions left to test after this (roughly 4 steps)
[0ae8cdf0153cc68b8189bb361e29eff3f16e8a04] gpio: davinci: Add irq chip flag to skip set wake

testing commit 0ae8cdf0153cc68b8189bb361e29eff3f16e8a04 gcc
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: b9eed80592d2c48c42c4c5bf3b5e3826d98f105262df78d7536870643dc8ce0a
run #0: boot failed: create image operation failed: &{Code:QUOTA_EXCEEDED ErrorDetails:[0xc000869590] Location: Message:Quota 'T2A_CPUS' exceeded.  Limit: 64.0 in region us-central1. ForceSendFields:[] NullFields:[]}.
run #1: boot failed: create image operation failed: &{Code:QUOTA_EXCEEDED ErrorDetails:[0xc000869860] Location: Message:Quota 'T2A_CPUS' exceeded.  Limit: 64.0 in region us-central1. ForceSendFields:[] NullFields:[]}.
run #2: OK
run #3: OK
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
# git bisect bad 0ae8cdf0153cc68b8189bb361e29eff3f16e8a04
Bisecting: 8 revisions left to test after this (roughly 3 steps)
[e150a5c9f44c300fe1aa49f0377b1f65b55fde2d] icmp: guard against too small mtu

testing commit e150a5c9f44c300fe1aa49f0377b1f65b55fde2d gcc
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: a9a75617c078d8dd0760950bb00c7eeca76d1139712db0efd901855389034384
run #0: boot failed: create image operation failed: &{Code:QUOTA_EXCEEDED ErrorDetails:[0xc0007af360] Location: Message:Quota 'T2A_CPUS' exceeded.  Limit: 64.0 in region us-central1. ForceSendFields:[] NullFields:[]}.
run #1: boot failed: create image operation failed: &{Code:QUOTA_EXCEEDED ErrorDetails:[0xc0000c7220] Location: Message:Quota 'T2A_CPUS' exceeded.  Limit: 64.0 in region us-central1. ForceSendFields:[] NullFields:[]}.
run #2: OK
run #3: OK
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
# git bisect bad e150a5c9f44c300fe1aa49f0377b1f65b55fde2d
Bisecting: 4 revisions left to test after this (roughly 2 steps)
[32a8dc8d9ebe80eb352cf80d33c6c4a32aa1e18d] KVM: s390: pv: fix external interruption loop not always detected

testing commit 32a8dc8d9ebe80eb352cf80d33c6c4a32aa1e18d gcc
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 26b726bade2c410c67561db8ea9e2ac02fe09861b8dd6107ca912af6b693283e
run #0: boot failed: create image operation failed: &{Code:QUOTA_EXCEEDED ErrorDetails:[0xc0007aeb40] Location: Message:Quota 'T2A_CPUS' exceeded.  Limit: 64.0 in region us-central1. ForceSendFields:[] NullFields:[]}.
run #1: boot failed: create image operation failed: &{Code:QUOTA_EXCEEDED ErrorDetails:[0xc0007aec30] Location: Message:Quota 'T2A_CPUS' exceeded.  Limit: 64.0 in region us-central1. ForceSendFields:[] NullFields:[]}.
run #2: crashed: WARNING: refcount bug in qrtr_node_lookup
run #3: crashed: WARNING: refcount bug in qrtr_node_lookup
run #4: crashed: WARNING: refcount bug in qrtr_node_lookup
run #5: crashed: WARNING: refcount bug in qrtr_node_lookup
run #6: crashed: WARNING: refcount bug in qrtr_node_lookup
run #7: crashed: WARNING: refcount bug in qrtr_node_lookup
run #8: crashed: WARNING: refcount bug in qrtr_node_lookup
run #9: OK
# git bisect good 32a8dc8d9ebe80eb352cf80d33c6c4a32aa1e18d
Bisecting: 2 revisions left to test after this (roughly 1 step)
[3ef52e4bcfd704e36c0a62e0d1b59fd48aba7fdb] net: qrtr: combine nameservice into main module

testing commit 3ef52e4bcfd704e36c0a62e0d1b59fd48aba7fdb gcc
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 9aaac1068b82e5b94b591de0f17df6f91c0b7deb2aee88a816d46ad20576b58c
run #0: boot failed: create image operation failed: &{Code:QUOTA_EXCEEDED ErrorDetails:[0xc0000c70e0] Location: Message:Quota 'T2A_CPUS' exceeded.  Limit: 64.0 in region us-central1. ForceSendFields:[] NullFields:[]}.
run #1: boot failed: create image operation failed: &{Code:QUOTA_EXCEEDED ErrorDetails:[0xc004566f00] Location: Message:Quota 'T2A_CPUS' exceeded.  Limit: 64.0 in region us-central1. ForceSendFields:[] NullFields:[]}.
run #2: crashed: WARNING: refcount bug in qrtr_node_lookup
run #3: crashed: WARNING: refcount bug in qrtr_node_lookup
run #4: crashed: WARNING: refcount bug in qrtr_node_lookup
run #5: crashed: WARNING: refcount bug in qrtr_node_lookup
run #6: crashed: WARNING: refcount bug in qrtr_node_lookup
run #7: crashed: WARNING: refcount bug in qrtr_node_lookup
run #8: crashed: WARNING: refcount bug in qrtr_node_lookup
run #9: crashed: WARNING: refcount bug in qrtr_node_lookup
# git bisect good 3ef52e4bcfd704e36c0a62e0d1b59fd48aba7fdb
Bisecting: 0 revisions left to test after this (roughly 1 step)
[a64160124d5a078be0c380b1e8a0bad2d040d3a1] NFSD: Avoid calling OPDESC() with ops->opnum == OP_ILLEGAL

testing commit a64160124d5a078be0c380b1e8a0bad2d040d3a1 gcc
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: c78ee0e1870b10f4c56a6d33b7f643672d5eaeb1cf02e551a5e4910b0a6fb160
run #0: boot failed: create image operation failed: &{Code:QUOTA_EXCEEDED ErrorDetails:[0xc0009d4c30] Location: Message:Quota 'T2A_CPUS' exceeded.  Limit: 64.0 in region us-central1. ForceSendFields:[] NullFields:[]}.
run #1: boot failed: create image operation failed: &{Code:QUOTA_EXCEEDED ErrorDetails:[0xc0009d4d70] Location: Message:Quota 'T2A_CPUS' exceeded.  Limit: 64.0 in region us-central1. ForceSendFields:[] NullFields:[]}.
run #2: OK
run #3: OK
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
# git bisect bad a64160124d5a078be0c380b1e8a0bad2d040d3a1
Bisecting: 0 revisions left to test after this (roughly 0 steps)
[b9ba5906c42089f8e1d0001b7b50a7940f086cbb] net: qrtr: Fix a refcount bug in qrtr_recvmsg()

testing commit b9ba5906c42089f8e1d0001b7b50a7940f086cbb gcc
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: e821be7ff47946b401e97971bf7349449fecd8c899c07c62a8159927a5094bf0
run #0: boot failed: create image operation failed: &{Code:QUOTA_EXCEEDED ErrorDetails:[0xc0045678b0] Location: Message:Quota 'T2A_CPUS' exceeded.  Limit: 64.0 in region us-central1. ForceSendFields:[] NullFields:[]}.
run #1: boot failed: create image operation failed: &{Code:QUOTA_EXCEEDED ErrorDetails:[0xc0009d4cd0] Location: Message:Quota 'T2A_CPUS' exceeded.  Limit: 64.0 in region us-central1. ForceSendFields:[] NullFields:[]}.
run #2: OK
run #3: OK
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
# git bisect bad b9ba5906c42089f8e1d0001b7b50a7940f086cbb
b9ba5906c42089f8e1d0001b7b50a7940f086cbb is the first bad commit
commit b9ba5906c42089f8e1d0001b7b50a7940f086cbb
Author: Ziyang Xuan <william.xuanziyang@huawei.com>
Date:   Thu Mar 30 09:25:32 2023 +0800

    net: qrtr: Fix a refcount bug in qrtr_recvmsg()
    
    [ Upstream commit 44d807320000db0d0013372ad39b53e12d52f758 ]
    
    Syzbot reported a bug as following:
    
    refcount_t: addition on 0; use-after-free.
    ...
    RIP: 0010:refcount_warn_saturate+0x17c/0x1f0 lib/refcount.c:25
    ...
    Call Trace:
     <TASK>
     __refcount_add include/linux/refcount.h:199 [inline]
     __refcount_inc include/linux/refcount.h:250 [inline]
     refcount_inc include/linux/refcount.h:267 [inline]
     kref_get include/linux/kref.h:45 [inline]
     qrtr_node_acquire net/qrtr/af_qrtr.c:202 [inline]
     qrtr_node_lookup net/qrtr/af_qrtr.c:398 [inline]
     qrtr_send_resume_tx net/qrtr/af_qrtr.c:1003 [inline]
     qrtr_recvmsg+0x85f/0x990 net/qrtr/af_qrtr.c:1070
     sock_recvmsg_nosec net/socket.c:1017 [inline]
     sock_recvmsg+0xe2/0x160 net/socket.c:1038
     qrtr_ns_worker+0x170/0x1700 net/qrtr/ns.c:688
     process_one_work+0x991/0x15c0 kernel/workqueue.c:2390
     worker_thread+0x669/0x1090 kernel/workqueue.c:2537
    
    It occurs in the concurrent scenario of qrtr_recvmsg() and
    qrtr_endpoint_unregister() as following:
    
            cpu0                                    cpu1
    qrtr_recvmsg                            qrtr_endpoint_unregister
    qrtr_send_resume_tx                     qrtr_node_release
    qrtr_node_lookup                        mutex_lock(&qrtr_node_lock)
    spin_lock_irqsave(&qrtr_nodes_lock, )   refcount_dec_and_test(&node->ref) [node->ref == 0]
    radix_tree_lookup [node != NULL]        __qrtr_node_release
    qrtr_node_acquire                       spin_lock_irqsave(&qrtr_nodes_lock, )
    kref_get(&node->ref) [WARNING]          ...
                                            mutex_unlock(&qrtr_node_lock)
    
    Use qrtr_node_lock to protect qrtr_node_lookup() implementation, this
    is actually improving the protection of node reference.
    
    Fixes: 0a7e0d0ef054 ("net: qrtr: Migrate node lookup tree to spinlock")
    Reported-by: syzbot+a7492efaa5d61b51db23@syzkaller.appspotmail.com
    Link: https://syzkaller.appspot.com/bug?extid=a7492efaa5d61b51db23
    Signed-off-by: Ziyang Xuan <william.xuanziyang@huawei.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>
    Signed-off-by: Sasha Levin <sashal@kernel.org>

 net/qrtr/af_qrtr.c | 2 ++
 1 file changed, 2 insertions(+)

culprit signature: e821be7ff47946b401e97971bf7349449fecd8c899c07c62a8159927a5094bf0
parent  signature: 9aaac1068b82e5b94b591de0f17df6f91c0b7deb2aee88a816d46ad20576b58c
revisions tested: 12, total time: 6h18m58.061059027s (build: 4h3m12.93661893s, test: 2h5m6.191322141s)
first good commit: b9ba5906c42089f8e1d0001b7b50a7940f086cbb net: qrtr: Fix a refcount bug in qrtr_recvmsg()
recipients (to): ["davem@davemloft.net" "sashal@kernel.org" "william.xuanziyang@huawei.com"]
recipients (cc): []