ci starts bisection 2023-05-03 13:13:18.065884515 +0000 UTC m=+2733.470398695
bisecting fixing commit since 98555239e4c3aab1810d84073166eef6d54eeb3d
building syzkaller on 86777b7fb4a452ebbd7430a2c4add0486734922b
ensuring issue is reproducible on original commit 98555239e4c3aab1810d84073166eef6d54eeb3d
testing commit 98555239e4c3aab1810d84073166eef6d54eeb3d gcc
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: aad626e17fd5d008a4a6378c8b7165dc7db9502dde4c0b4b5d0711d24f3d683e
all runs: crashed: general protection fault in skb_queue_tail
testing current HEAD 348551ddaf311c76b01cdcbaf61b6fef06a49144
testing commit 348551ddaf311c76b01cdcbaf61b6fef06a49144 gcc
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 6556b3f26e4e41f9e67defdf64ddd3597bf65a69dc8366e814cc1f0a96746fa9
all runs: crashed: INFO: trying to register non-static key in skb_queue_tail
revisions tested: 2, total time: 23m9.207793948s (build: 15m26.577867601s, test: 7m2.491769646s)
the crash still happens on HEAD
commit msg: Merge tag 'pinctrl-v6.4-1' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl
crash: INFO: trying to register non-static key in skb_queue_tail
INFO: trying to register non-static key.
The code is fine but needs lockdep annotation, or maybe
you didn't initialize this object before use?
turning off the locking correctness validator.
CPU: 1 PID: 4395 Comm: udevd Not tainted 6.3.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023
Call Trace:
dump_stack_lvl+0x167/0x220
assign_lock_key+0x222/0x230
register_lock_class+0x28e/0x990
__lock_acquire+0xd3/0x2000
lock_acquire+0x1e3/0x520
_raw_spin_lock_irqsave+0xd5/0x120
skb_queue_tail+0x30/0x120
hif_usb_regout_cb+0x101/0x130
__usb_hcd_giveback_urb+0x222/0x360
dummy_timer+0xa30/0x2de0
call_timer_fn+0x12f/0x3a0
__run_timers+0x59f/0x6e0
run_timer_softirq+0x4a/0xb0
__do_softirq+0x2ab/0x908
__irq_exit_rcu+0x159/0x240
irq_exit_rcu+0x9/0x20
sysvec_apic_timer_interrupt+0x95/0xb0
asm_sysvec_apic_timer_interrupt+0x1a/0x20
RIP: 0010:__d_lookup+0xc5/0x530
Code: 96 89 be 07 03 00 00 48 c7 c2 a0 db 96 89 e8 52 68 89 ff 4c 89 f5 48 c1 ed 03 42 80 7c 3d 00 00 74 08 4c 89 f7 e8 9b ab ed ff <49> 8b 1e e8 83 2b 75 07 85 c0 74 31 4c 89 f7 be 08 00 00 00 e8 42
RSP: 0018:ffffc90002c6f928 EFLAGS: 00000246
RAX: 0000000000000001 RBX: 000000000000000c RCX: ffff88807e3ad940
RDX: dffffc0000000000 RSI: ffffffff89d99ea0 RDI: ffffffff89d99e60
RBP: 1ffff92000078399 R08: dffffc0000000000 R09: fffffbfff1d1f819
R10: 0000000000000000 R11: dffffc0000000001 R12: ffff888019eacbc0
R13: 0000000038399ce1 R14: ffffc900003c1cc8 R15: dffffc0000000000
lookup_fast+0x64/0x400
link_path_walk+0x540/0xcc0
path_lookupat+0xb3/0x360
filename_lookup+0x246/0x560
user_path_at_empty+0x37/0x140
do_readlinkat+0x107/0x310
__x64_sys_readlink+0x7a/0x90
do_syscall_64+0x41/0xc0
entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7f0d91917d47
Code: 73 01 c3 48 8b 0d e1 90 0d 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 59 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d b1 90 0d 00 f7 d8 64 89 01 48
RSP: 002b:00007ffd89c36238 EFLAGS: 00000246 ORIG_RAX: 0000000000000059
RAX: ffffffffffffffda RBX: 00007ffd89c36248 RCX: 00007f0d91917d47
RDX: 0000000000000400 RSI: 00007ffd89c36248 RDI: 00007ffd89c36728
RBP: 0000000000000400 R08: 000055d564a6f324 R09: 0000000000000000
R10: 0000000000000812 R11: 0000000000000246 R12: 00007ffd89c36728
R13: 00007ffd89c36698 R14: 000055d564a4f910 R15: 0000000000000000
general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN
KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]
CPU: 1 PID: 4395 Comm: udevd Not tainted 6.3.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023
RIP: 0010:skb_queue_tail+0xb6/0x120
Code: 6e 52 fa 4d 89 2f 49 bf 00 00 00 00 00 fc ff df 42 80 7c 3d 00 00 74 08 4c 89 f7 e8 d4 6e 52 fa 49 89 1e 4c 89 e8 48 c1 e8 03 <42> 80 3c 38 00 74 08 4c 89 ef e8 bb 6e 52 fa 49 89 5d 00 49 83 c4
RSP: 0018:ffffc900001e07d8 EFLAGS: 00010046
RAX: 0000000000000000 RBX: ffff88807a105a00 RCX: dffffc0000000000
RDX: dffffc0000000000 RSI: 0000000000000004 RDI: ffffc900001e06c0
RBP: 1ffff1100e06371b R08: dffffc0000000000 R09: 0000000000000003
R10: ffffffffffffffff R11: dffffc0000000001 R12: ffff88807031b8d0
R13: 0000000000000000 R14: ffff88807031b8d8 R15: dffffc0000000000
FS: 00007f0d91d85c80(0000) GS:ffff8880b9d00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055d564aa1788 CR3: 000000001db8a000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
hif_usb_regout_cb+0x101/0x130
__usb_hcd_giveback_urb+0x222/0x360
dummy_timer+0xa30/0x2de0
call_timer_fn+0x12f/0x3a0
__run_timers+0x59f/0x6e0
run_timer_softirq+0x4a/0xb0
__do_softirq+0x2ab/0x908
__irq_exit_rcu+0x159/0x240
irq_exit_rcu+0x9/0x20
sysvec_apic_timer_interrupt+0x95/0xb0
asm_sysvec_apic_timer_interrupt+0x1a/0x20
RIP: 0010:__d_lookup+0xc5/0x530
Code: 96 89 be 07 03 00 00 48 c7 c2 a0 db 96 89 e8 52 68 89 ff 4c 89 f5 48 c1 ed 03 42 80 7c 3d 00 00 74 08 4c 89 f7 e8 9b ab ed ff <49> 8b 1e e8 83 2b 75 07 85 c0 74 31 4c 89 f7 be 08 00 00 00 e8 42
RSP: 0018:ffffc90002c6f928 EFLAGS: 00000246
RAX: 0000000000000001 RBX: 000000000000000c RCX: ffff88807e3ad940
RDX: dffffc0000000000 RSI: ffffffff89d99ea0 RDI: ffffffff89d99e60
RBP: 1ffff92000078399 R08: dffffc0000000000 R09: fffffbfff1d1f819
R10: 0000000000000000 R11: dffffc0000000001 R12: ffff888019eacbc0
R13: 0000000038399ce1 R14: ffffc900003c1cc8 R15: dffffc0000000000
lookup_fast+0x64/0x400
link_path_walk+0x540/0xcc0
path_lookupat+0xb3/0x360
filename_lookup+0x246/0x560
user_path_at_empty+0x37/0x140
do_readlinkat+0x107/0x310
__x64_sys_readlink+0x7a/0x90
do_syscall_64+0x41/0xc0
entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7f0d91917d47
Code: 73 01 c3 48 8b 0d e1 90 0d 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 59 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d b1 90 0d 00 f7 d8 64 89 01 48
RSP: 002b:00007ffd89c36238 EFLAGS: 00000246 ORIG_RAX: 0000000000000059
RAX: ffffffffffffffda RBX: 00007ffd89c36248 RCX: 00007f0d91917d47
RDX: 0000000000000400 RSI: 00007ffd89c36248 RDI: 00007ffd89c36728
RBP: 0000000000000400 R08: 000055d564a6f324 R09: 0000000000000000
R10: 0000000000000812 R11: 0000000000000246 R12: 00007ffd89c36728
R13: 00007ffd89c36698 R14: 000055d564a4f910 R15: 0000000000000000
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:skb_queue_tail+0xb6/0x120
Code: 6e 52 fa 4d 89 2f 49 bf 00 00 00 00 00 fc ff df 42 80 7c 3d 00 00 74 08 4c 89 f7 e8 d4 6e 52 fa 49 89 1e 4c 89 e8 48 c1 e8 03 <42> 80 3c 38 00 74 08 4c 89 ef e8 bb 6e 52 fa 49 89 5d 00 49 83 c4
RSP: 0018:ffffc900001e07d8 EFLAGS: 00010046
RAX: 0000000000000000 RBX: ffff88807a105a00 RCX: dffffc0000000000
RDX: dffffc0000000000 RSI: 0000000000000004 RDI: ffffc900001e06c0
RBP: 1ffff1100e06371b R08: dffffc0000000000 R09: 0000000000000003
R10: ffffffffffffffff R11: dffffc0000000001 R12: ffff88807031b8d0
R13: 0000000000000000 R14: ffff88807031b8d8 R15: dffffc0000000000
FS: 00007f0d91d85c80(0000) GS:ffff8880b9d00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055d564aa1788 CR3: 000000001db8a000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
----------------
Code disassembly (best guess):
0: 96 xchg %eax,%esi
1: 89 be 07 03 00 00 mov %edi,0x307(%rsi)
7: 48 c7 c2 a0 db 96 89 mov $0xffffffff8996dba0,%rdx
e: e8 52 68 89 ff callq 0xff896865
13: 4c 89 f5 mov %r14,%rbp
16: 48 c1 ed 03 shr $0x3,%rbp
1a: 42 80 7c 3d 00 00 cmpb $0x0,0x0(%rbp,%r15,1)
20: 74 08 je 0x2a
22: 4c 89 f7 mov %r14,%rdi
25: e8 9b ab ed ff callq 0xffedabc5
* 2a: 49 8b 1e mov (%r14),%rbx <-- trapping instruction
2d: e8 83 2b 75 07 callq 0x7752bb5
32: 85 c0 test %eax,%eax
34: 74 31 je 0x67
36: 4c 89 f7 mov %r14,%rdi
39: be 08 00 00 00 mov $0x8,%esi
3e: e8 .byte 0xe8
3f: 42 rex.X