bisecting cause commit starting from c741e49150dbb0c0aebe234389f4aa8b47958fa8 building syzkaller on 4d4ce9bc2a12073dcc8b917f9fc2a4ecba26c4c5 testing commit c741e49150dbb0c0aebe234389f4aa8b47958fa8 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 5b81d053ae2cb8e8b4811aa7a0bc98613492bf35c0b42d2eae340c465cea23d0 all runs: crashed: KASAN: use-after-free Write in io_queue_worker_create testing release v5.15 testing commit 8bb7eca972ad531c9b149c0a51ab43a417385813 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 23b867ff5df3d6cb6b498368a18ae79abf8004bbd96dea98ad38033811273ce5 run #0: crashed: INFO: task hung in io_wq_put_and_exit run #1: crashed: INFO: task hung in io_wq_put_and_exit run #2: crashed: INFO: task hung in io_wq_put_and_exit run #3: crashed: INFO: task hung in io_wq_put_and_exit run #4: crashed: INFO: task hung in io_wq_put_and_exit run #5: crashed: INFO: task hung in io_wq_put_and_exit run #6: crashed: INFO: task hung in io_wq_put_and_exit run #7: OK run #8: OK run #9: OK testing release v5.14 testing commit 7d2a07b769330c34b4deabeed939325c77a7ec2f compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: b2164682a4188d600e8629b33fdd665dc2a6573b9b8685e4bb26430826cfdcc6 all runs: OK # git bisect start 8bb7eca972ad531c9b149c0a51ab43a417385813 7d2a07b769330c34b4deabeed939325c77a7ec2f Bisecting: 6693 revisions left to test after this (roughly 13 steps) [477f70cd2a67904e04c2c2b9bd0fa2e95222f2f6] Merge tag 'drm-next-2021-08-31-1' of git://anongit.freedesktop.org/drm/drm testing commit 477f70cd2a67904e04c2c2b9bd0fa2e95222f2f6 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 726371af33dd2b72aa0c135a823a708ec7fffbf952f3f03487259e400859d097 run #0: crashed: KASAN: use-after-free Read in __d_alloc run #1: crashed: KASAN: use-after-free Read in __d_alloc run #2: crashed: KASAN: use-after-free Read in __d_alloc run #3: crashed: KASAN: use-after-free Read in __d_alloc run #4: crashed: KASAN: use-after-free Read in __d_alloc run #5: crashed: KASAN: use-after-free Read in __d_alloc run #6: crashed: KASAN: use-after-free Read in __d_alloc run #7: crashed: KASAN: use-after-free Read in __d_alloc run #8: OK run #9: OK # git bisect bad 477f70cd2a67904e04c2c2b9bd0fa2e95222f2f6 Bisecting: 3024 revisions left to test after this (roughly 12 steps) [9e9fb7655ed585da8f468e29221f0ba194a5f613] Merge tag 'net-next-5.15' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next testing commit 9e9fb7655ed585da8f468e29221f0ba194a5f613 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 arch/x86/kernel/setup.c:916:6: error: implicit declaration of function 'acpi_mps_check' [-Werror=implicit-function-declaration] arch/x86/kernel/setup.c:1110:2: error: implicit declaration of function 'acpi_table_upgrade' [-Werror=implicit-function-declaration] arch/x86/kernel/setup.c:1112:2: error: implicit declaration of function 'acpi_boot_table_init' [-Werror=implicit-function-declaration] arch/x86/kernel/setup.c:1120:2: error: implicit declaration of function 'early_acpi_boot_init'; did you mean 'early_cpu_init'? [-Werror=implicit-function-declaration] arch/x86/kernel/setup.c:1162:2: error: implicit declaration of function 'acpi_boot_init' [-Werror=implicit-function-declaration] # git bisect skip 9e9fb7655ed585da8f468e29221f0ba194a5f613 Bisecting: 3024 revisions left to test after this (roughly 12 steps) [7a47c52142c18a9239c5afea2c9656c68d3f22e7] s390/ccwgroup: Drop if with an always false condition testing commit 7a47c52142c18a9239c5afea2c9656c68d3f22e7 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: b201ffabdcbb4bb507598941b607ce0827312f018389e2b76009d61ae4dbee42 all runs: OK # git bisect good 7a47c52142c18a9239c5afea2c9656c68d3f22e7 Bisecting: 3021 revisions left to test after this (roughly 12 steps) [05e45887382c4c0f9522515759b34991aa17e69d] rtw88: wow: build wow function only if CONFIG_PM is on testing commit 05e45887382c4c0f9522515759b34991aa17e69d compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 372de308e0fcd1b29f110488305fe7591b71e12c3670c5c8641cd649ade849ba all runs: OK # git bisect good 05e45887382c4c0f9522515759b34991aa17e69d Bisecting: 3021 revisions left to test after this (roughly 12 steps) [f462a446384d0c00c6e457f7e8eb2053b095a2f1] mptcp: build ADD_ADDR/echo-ADD_ADDR option according pm.add_signal testing commit f462a446384d0c00c6e457f7e8eb2053b095a2f1 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 612796c90dc33aa9666c8c5bfee15f4ab56c6d751737b34287789df0bde17874 all runs: OK # git bisect good f462a446384d0c00c6e457f7e8eb2053b095a2f1 Bisecting: 2808 revisions left to test after this (roughly 11 steps) [c6c3c5704ba70820f6b632982abde06661b7222a] Merge tag 'driver-core-5.15-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core testing commit c6c3c5704ba70820f6b632982abde06661b7222a compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 arch/x86/kernel/setup.c:916:6: error: implicit declaration of function 'acpi_mps_check' [-Werror=implicit-function-declaration] arch/x86/kernel/setup.c:1110:2: error: implicit declaration of function 'acpi_table_upgrade' [-Werror=implicit-function-declaration] arch/x86/kernel/setup.c:1112:2: error: implicit declaration of function 'acpi_boot_table_init' [-Werror=implicit-function-declaration] arch/x86/kernel/setup.c:1120:2: error: implicit declaration of function 'early_acpi_boot_init'; did you mean 'early_cpu_init'? [-Werror=implicit-function-declaration] arch/x86/kernel/setup.c:1162:2: error: implicit declaration of function 'acpi_boot_init' [-Werror=implicit-function-declaration] # git bisect skip c6c3c5704ba70820f6b632982abde06661b7222a Bisecting: 2808 revisions left to test after this (roughly 11 steps) [97271c7ee1cfb2c3fcc951e4031ffabb7c33f5b1] drm: xlnx: zynqmp_dpsub: Update dependencies for ZynqMP DP testing commit 97271c7ee1cfb2c3fcc951e4031ffabb7c33f5b1 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 0b636e2a72809808527d36ffbee6d9fecd477d92c35c5c78316ba610fab2db0d run #0: crashed: BUG: sleeping function called from invalid context in lock_sock_nested run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK reproducer seems to be flaky # git bisect bad 97271c7ee1cfb2c3fcc951e4031ffabb7c33f5b1 Bisecting: 335 revisions left to test after this (roughly 8 steps) [988dbd25b8ae14de70d2be384f5872d6e22e3434] Merge tag 'du-next-20210728' of git://linuxtv.org/pinchartl/media into drm-next testing commit 988dbd25b8ae14de70d2be384f5872d6e22e3434 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 46773aadc8e534ffa1fc3bddc7325812f2082302909e057623444e1f3e96302d all runs: OK # git bisect good 988dbd25b8ae14de70d2be384f5872d6e22e3434 Bisecting: 167 revisions left to test after this (roughly 7 steps) [708391977be557359f7e765c4474e237238febb2] drm/amdgpu: dynamic initialize ip offset for cyan_skillfish testing commit 708391977be557359f7e765c4474e237238febb2 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 83ad3d28813d0beb03376db03b9b0da14d702e66385d26e0868eaadca55d97c1 run #0: crashed: BUG: sleeping function called from invalid context in lock_sock_nested run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK run #10: OK run #11: OK run #12: OK run #13: OK run #14: OK run #15: OK run #16: OK run #17: OK run #18: OK run #19: OK # git bisect bad 708391977be557359f7e765c4474e237238febb2 Bisecting: 83 revisions left to test after this (roughly 6 steps) [186c8a8585e1d3b4ca50a2ccf4a413d3ba7ff186] drm/amdgpu: initialize umc ras function testing commit 186c8a8585e1d3b4ca50a2ccf4a413d3ba7ff186 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 83ad3d28813d0beb03376db03b9b0da14d702e66385d26e0868eaadca55d97c1 all runs: OK # git bisect good 186c8a8585e1d3b4ca50a2ccf4a413d3ba7ff186 Bisecting: 41 revisions left to test after this (roughly 5 steps) [0f806243125ddd0c5469b54d33d2ae7ca68bf909] drm/amd/display: Fix comparison error in dcn21 DML testing commit 0f806243125ddd0c5469b54d33d2ae7ca68bf909 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 83ad3d28813d0beb03376db03b9b0da14d702e66385d26e0868eaadca55d97c1 run #0: crashed: BUG: sleeping function called from invalid context in lock_sock_nested run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK run #10: OK run #11: OK run #12: OK run #13: OK run #14: OK run #15: OK run #16: OK run #17: OK run #18: OK run #19: OK # git bisect bad 0f806243125ddd0c5469b54d33d2ae7ca68bf909 Bisecting: 20 revisions left to test after this (roughly 4 steps) [c5c21a58ece9c41d06036056cf419139aa1c15a6] drm/amdgpu: update gc golden setting for dimgrey_cavefish testing commit c5c21a58ece9c41d06036056cf419139aa1c15a6 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 83ad3d28813d0beb03376db03b9b0da14d702e66385d26e0868eaadca55d97c1 all runs: OK # git bisect good c5c21a58ece9c41d06036056cf419139aa1c15a6 Bisecting: 10 revisions left to test after this (roughly 3 steps) [97b9c006f153fc129fef60fbd91021c8aaf8697f] drm/amd/display: Prevent Diags from entering S2 testing commit 97b9c006f153fc129fef60fbd91021c8aaf8697f compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 83ad3d28813d0beb03376db03b9b0da14d702e66385d26e0868eaadca55d97c1 all runs: OK # git bisect good 97b9c006f153fc129fef60fbd91021c8aaf8697f Bisecting: 4 revisions left to test after this (roughly 3 steps) [356789e8401c97fb1141e3e3696b3a6f8b01c6db] drm/amd/display: 3.2.143 testing commit 356789e8401c97fb1141e3e3696b3a6f8b01c6db compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 83ad3d28813d0beb03376db03b9b0da14d702e66385d26e0868eaadca55d97c1 run #0: crashed: BUG: sleeping function called from invalid context in lock_sock_nested run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK run #10: OK run #11: OK run #12: OK run #13: OK run #14: OK run #15: OK run #16: OK run #17: OK run #18: OK run #19: OK # git bisect bad 356789e8401c97fb1141e3e3696b3a6f8b01c6db Bisecting: 2 revisions left to test after this (roughly 2 steps) [360d1b65449356f56287e49d1b3d7579e758ca29] drm/amd/display: Extend dmub_cmd_psr_copy_settings_data struct testing commit 360d1b65449356f56287e49d1b3d7579e758ca29 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 83ad3d28813d0beb03376db03b9b0da14d702e66385d26e0868eaadca55d97c1 run #0: crashed: BUG: sleeping function called from invalid context in lock_sock_nested run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK run #10: OK run #11: OK run #12: OK run #13: OK run #14: OK run #15: OK run #16: OK run #17: OK run #18: OK run #19: OK # git bisect bad 360d1b65449356f56287e49d1b3d7579e758ca29 Bisecting: 0 revisions left to test after this (roughly 1 step) [46ddb8965882fcff2d36d84ed12629435f3879c1] drm/amd/display: implement workaround for riommu related hang testing commit 46ddb8965882fcff2d36d84ed12629435f3879c1 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 83ad3d28813d0beb03376db03b9b0da14d702e66385d26e0868eaadca55d97c1 all runs: OK # git bisect good 46ddb8965882fcff2d36d84ed12629435f3879c1 360d1b65449356f56287e49d1b3d7579e758ca29 is the first bad commit commit 360d1b65449356f56287e49d1b3d7579e758ca29 Author: Ian Chen Date: Thu Jun 24 10:48:43 2021 +0800 drm/amd/display: Extend dmub_cmd_psr_copy_settings_data struct Reserve padding bytes for new feature implementation Acked-by: Rodrigo Siqueira Signed-off-by: Ian Chen Signed-off-by: Alex Deucher drivers/gpu/drm/amd/display/dmub/inc/dmub_cmd.h | 4 ++++ 1 file changed, 4 insertions(+) culprit signature: 83ad3d28813d0beb03376db03b9b0da14d702e66385d26e0868eaadca55d97c1 parent signature: 83ad3d28813d0beb03376db03b9b0da14d702e66385d26e0868eaadca55d97c1 Reproducer flagged being flaky revisions tested: 17, total time: 5h3m53.671985146s (build: 1h58m6.982705724s, test: 3h3m50.370636477s) first bad commit: 360d1b65449356f56287e49d1b3d7579e758ca29 drm/amd/display: Extend dmub_cmd_psr_copy_settings_data struct recipients (to): ["alexander.deucher@amd.com" "ian.chen@amd.com" "rodrigo.siqueira@amd.com"] recipients (cc): [] crash: BUG: sleeping function called from invalid context in lock_sock_nested BUG: sleeping function called from invalid context at net/core/sock.c:3064 in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 5705, name: syz-executor.0 1 lock held by syz-executor.0/5705: #0: ffffffff8c1e7240 (hci_sk_list.lock){++++}-{2:2}, at: hci_sock_dev_event+0x377/0x5d0 net/bluetooth/hci_sock.c:763 Preemption disabled at: [<0000000000000000>] 0x0 CPU: 1 PID: 5705 Comm: syz-executor.0 Not tainted 5.13.0-rc7-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:79 [inline] dump_stack+0xa5/0xe6 lib/dump_stack.c:120 ___might_sleep.cold+0x1f1/0x237 kernel/sched/core.c:8337 lock_sock_nested+0x1e/0xf0 net/core/sock.c:3064 lock_sock include/net/sock.h:1610 [inline] hci_sock_dev_event+0x3ed/0x5d0 net/bluetooth/hci_sock.c:765 hci_unregister_dev+0x29b/0xfb0 net/bluetooth/hci_core.c:4013 vhci_release+0x62/0xd0 drivers/bluetooth/hci_vhci.c:340 __fput+0x209/0x870 fs/file_table.c:280 task_work_run+0xc0/0x160 kernel/task_work.c:164 exit_task_work include/linux/task_work.h:32 [inline] do_exit+0xa26/0x2500 kernel/exit.c:826 do_group_exit+0xe7/0x290 kernel/exit.c:923 __do_sys_exit_group kernel/exit.c:934 [inline] __se_sys_exit_group kernel/exit.c:932 [inline] __x64_sys_exit_group+0x35/0x40 kernel/exit.c:932 do_syscall_64+0x3a/0xb0 arch/x86/entry/common.c:47 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7f6020238b49 Code: Unable to access opcode bytes at RIP 0x7f6020238b1f. RSP: 002b:00007fff04be2868 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 RAX: ffffffffffffffda RBX: 00007fff04be3048 RCX: 00007f6020238b49 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000043 RBP: 0000000000000000 R08: 0000000000000025 R09: 00007fff04be3048 R10: 0000000000000200 R11: 0000000000000246 R12: 00007f60202922b8 R13: 0000000000000010 R14: 0000000000000000 R15: 0000000000000000 ======================================================