ci starts bisection 2025-04-02 12:57:05.971724727 +0000 UTC m=+33737.896222558 bisecting cause commit starting from acc4d5ff0b61eb1715c498b6536c38c1feb7f3c1 building syzkaller on c799dfdd5648677612604d10e2c13075eda21582 ensuring issue is reproducible on original commit acc4d5ff0b61eb1715c498b6536c38c1feb7f3c1 testing commit acc4d5ff0b61eb1715c498b6536c38c1feb7f3c1 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 33c07aa34f2a6bb32f741d3934940489f1715644c95335355187dc623a53aeeb all runs: crashed: KASAN: slab-use-after-free Read in software_node_notify_remove representative crash: KASAN: slab-use-after-free Read in software_node_notify_remove, types: [KASAN] check whether we can drop unnecessary instrumentation disabling configs for [UBSAN BUG LOCKDEP ATOMIC_SLEEP HANG LEAK], they are not needed testing commit acc4d5ff0b61eb1715c498b6536c38c1feb7f3c1 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 2f2d536525bfe72dd6efcaddf0c0ab4d91bed2e494baee4df76f4caf6c3103a1 all runs: crashed: KASAN: slab-use-after-free Read in software_node_notify_remove representative crash: KASAN: slab-use-after-free Read in software_node_notify_remove, types: [KASAN] the bug reproduces without the instrumentation disabling configs for [LEAK UBSAN BUG LOCKDEP ATOMIC_SLEEP HANG], they are not needed kconfig minimization: base=4079 full=8321 leaves diff=2127 split chunks (needed=false): <2127> split chunk #0 of len 2127 into 5 parts testing without sub-chunk 1/5 disabling configs for [UBSAN BUG LOCKDEP ATOMIC_SLEEP HANG LEAK], they are not needed testing commit acc4d5ff0b61eb1715c498b6536c38c1feb7f3c1 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 35ab39f986d1a6d6dfede216901c4c1198b8a3eba2239b0ea91aa4c72b55c0e2 run #0: infra problem: failed to get create instance operation operation-1743609703973-631cdc5084396-beec3316-396201bd: googleapi: Error 503: Visibility check was unavailable. Please retry the request and contact support if the problem persists, backendError run #1: crashed: KASAN: slab-use-after-free Read in software_node_notify_remove run #2: crashed: KASAN: slab-use-after-free Read in software_node_notify_remove run #3: crashed: KASAN: slab-use-after-free Read in software_node_notify_remove run #4: crashed: KASAN: slab-use-after-free Read in software_node_notify_remove run #5: crashed: KASAN: slab-use-after-free Read in software_node_notify_remove run #6: crashed: KASAN: slab-use-after-free Read in software_node_notify_remove run #7: crashed: KASAN: slab-use-after-free Read in software_node_notify_remove run #8: crashed: KASAN: slab-use-after-free Read in software_node_notify_remove run #9: crashed: KASAN: slab-use-after-free Read in software_node_notify_remove representative crash: KASAN: slab-use-after-free Read in software_node_notify_remove, types: [KASAN] the chunk can be dropped testing without sub-chunk 2/5 disabling configs for [BUG LOCKDEP ATOMIC_SLEEP HANG LEAK UBSAN], they are not needed testing commit acc4d5ff0b61eb1715c498b6536c38c1feb7f3c1 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 failed building acc4d5ff0b61eb1715c498b6536c38c1feb7f3c1: drivers/gpu/drm/bridge/aux-bridge.c:116: undefined reference to `devm_drm_of_get_bridge' testing without sub-chunk 3/5 disabling configs for [UBSAN BUG LOCKDEP ATOMIC_SLEEP HANG LEAK], they are not needed testing commit acc4d5ff0b61eb1715c498b6536c38c1feb7f3c1 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: bf186f6bccb1b67fee9aa18016a1021c449182ee3023c9ca7695c9ad9b440e2f all runs: crashed: KASAN: slab-use-after-free Read in software_node_notify_remove representative crash: KASAN: slab-use-after-free Read in software_node_notify_remove, types: [KASAN] the chunk can be dropped testing without sub-chunk 4/5 disabling configs for [BUG LOCKDEP ATOMIC_SLEEP HANG LEAK UBSAN], they are not needed testing commit acc4d5ff0b61eb1715c498b6536c38c1feb7f3c1 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: b35558cebb67b2108d6f9b129df880d29e7ff9565bcbc10740d6b5e4c4874760 all runs: crashed: KASAN: slab-use-after-free Read in software_node_notify_remove representative crash: KASAN: slab-use-after-free Read in software_node_notify_remove, types: [KASAN] the chunk can be dropped testing without sub-chunk 5/5 disabling configs for [HANG LEAK UBSAN BUG LOCKDEP ATOMIC_SLEEP], they are not needed testing commit acc4d5ff0b61eb1715c498b6536c38c1feb7f3c1 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: d319590f1d4b1bb2a64209dfb8c09391141951f9d6d6532177651448528c970e all runs: crashed: KASAN: slab-use-after-free Read in software_node_notify_remove representative crash: KASAN: slab-use-after-free Read in software_node_notify_remove, types: [KASAN] the chunk can be dropped minimized to 426 configs; suspects: [6LOWPAN ARCH_ENABLE_MEMORY_HOTREMOVE ASUS_WMI CHARGER_BQ24190 CMA COMMON_CLK DAX DLM DRM DRM_BRIDGE DRM_DISPLAY_HDMI_HELPER DRM_DISPLAY_HELPER DRM_GEM_SHMEM_HELPER DRM_GM12U320 DRM_GUD DRM_I915 DRM_I915_CAPTURE_ERROR DRM_I915_COMPRESS_ERROR DRM_I915_USERPTR DRM_KMS_HELPER DRM_MIPI_DSI DRM_PANEL DRM_PANEL_BRIDGE DRM_PANEL_EDP DRM_PANEL_ORIENTATION_QUIRKS DRM_SIMPLEDRM DRM_TTM DRM_TTM_HELPER DRM_UDL DRM_VGEM DRM_VIRTIO_GPU DRM_VIRTIO_GPU_KMS DRM_VKMS DRM_VMWGFX DUMMY DVB_AF9013 DVB_AF9033 DVB_AS102 DVB_AS102_FE DVB_B2C2_FLEXCOP DVB_B2C2_FLEXCOP_USB DVB_CORE DVB_DIB3000MB DVB_DIB3000MC DVB_EC100 DVB_GP8PSK_FE DVB_RTL2830 DVB_RTL2832 DVB_RTL2832_SDR DVB_TEST_DRIVERS DVB_TTUSB_BUDGET DVB_TTUSB_DEC DVB_USB DVB_USB_A800 DVB_USB_AF9005 DVB_USB_AF9005_REMOTE DVB_USB_AF9015 DVB_USB_AF9035 DVB_USB_ANYSEE DVB_USB_AU6610 DVB_USB_AZ6007 DVB_USB_AZ6027 DVB_USB_CE6230 DVB_USB_CINERGY_T2 DVB_USB_CXUSB DVB_USB_CXUSB_ANALOG DVB_USB_DIB0700 DVB_USB_DIB3000MC DVB_USB_DIBUSB_MB DVB_USB_DIBUSB_MC DVB_USB_DIGITV DVB_USB_DTT200U DVB_USB_DTV5100 DVB_USB_DVBSKY DVB_USB_DW2102 DVB_USB_EC168 DVB_USB_GL861 DVB_USB_GP8PSK DVB_USB_LME2510 DVB_USB_M920X DVB_USB_MXL111SF DVB_USB_NOVA_T_USB2 DVB_USB_OPERA1 DVB_USB_PCTV452E DVB_USB_RTL28XXU DVB_USB_TECHNISAT_USB2 DVB_USB_TTUSB2 DVB_USB_UMT_010 DVB_USB_V2 DVB_USB_VP702X DVB_USB_VP7045 DVB_USB_ZD1301 DVB_VIDTV DVB_ZL10353 ECRYPT_FS ECRYPT_FS_MESSAGING EDAC EFS_FS ENCRYPTED_KEYS EQUALIZER EROFS_FS EROFS_FS_POSIX_ACL EROFS_FS_SECURITY EROFS_FS_XATTR EROFS_FS_ZIP EVM EVM_ADD_XATTRS EVM_ATTR_FSUUID EXFAT_FS EXPORTFS_BLOCK_OPS EXT3_FS EXT3_FS_POSIX_ACL EXT3_FS_SECURITY EXTCON EXTCON_INTEL_CHT_WC EXTCON_PTN5150 EXTCON_USBC_TUSB320 F2FS_CHECK_FS F2FS_FAULT_INJECTION F2FS_FS F2FS_FS_COMPRESSION F2FS_FS_LZ4 F2FS_FS_LZ4HC F2FS_FS_LZO F2FS_FS_LZORLE F2FS_FS_POSIX_ACL F2FS_FS_SECURITY F2FS_FS_XATTR F2FS_FS_ZSTD F2FS_STAT_FS FANOTIFY FANOTIFY_ACCESS_PERMISSIONS FB FB_CFB_COPYAREA FB_CFB_FILLRECT FB_CFB_IMAGEBLIT FB_CORE FB_DEFERRED_IO FB_DEVICE FB_IOMEM_FOPS FB_IOMEM_HELPERS FB_NOTIFY FB_SYSMEM_FOPS FB_SYSMEM_HELPERS FB_SYSMEM_HELPERS_DEFERRED FB_SYS_COPYAREA FB_SYS_FILLRECT FB_SYS_IMAGEBLIT FB_TILEBLITTING FB_VESA FB_VGA16 FB_VIRTUAL FDDI FIREWIRE FIREWIRE_NET FIREWIRE_OHCI FIREWIRE_SBP2 FONT_8x16 FONT_8x8 FONT_SUPPORT FRAMEBUFFER_CONSOLE FRAMEBUFFER_CONSOLE_DETECT_PRIMARY FRAMEBUFFER_CONSOLE_ROTATION FS_DAX FS_DAX_PMD FS_ENCRYPTION FS_ENCRYPTION_ALGS FS_STACK FS_VERITY FS_VERITY_BUILTIN_SIGNATURES FTL FUSE_DAX FUSE_FS FW_LOADER_COMPRESS FW_LOADER_PAGED_BUF FW_LOADER_SYSFS FW_LOADER_USER_HELPER FW_LOADER_USER_HELPER_FALLBACK GACT_PROB GARP GENDWARFKSYMS GENERIC_PHY GET_FREE_REGION GFS2_FS GFS2_FS_LOCKING_DLM GNSS GNSS_USB GOOGLE_COREBOOT_TABLE GOOGLE_FIRMWARE GOOGLE_MEMCONSOLE GOOGLE_MEMCONSOLE_COREBOOT GOOGLE_VPD GPIOLIB GPIOLIB_IRQCHIP GPIO_ACPI GPIO_DLN2 GPIO_LJCA GPIO_VIPERBOARD GREENASIA_FF GREYBUS GREYBUS_BRIDGED_PHY GREYBUS_ES2 GREYBUS_HID GREYBUS_USB GTP GUEST_PERF_EVENTS GVE HAVE_ARCH_NODE_DEV_GROUP HAVE_ARCH_USERFAULTFD_MINOR HAVE_ARCH_USERFAULTFD_WP HAVE_BOOTMEM_INFO_NODE HAVE_CLK_PREPARE HAVE_KVM_CPU_RELAX_INTERCEPT HAVE_KVM_DIRTY_RING HAVE_KVM_DIRTY_RING_ACQ_REL HAVE_KVM_DIRTY_RING_TSO HAVE_KVM_IRQCHIP HAVE_KVM_IRQ_BYPASS HAVE_KVM_IRQ_ROUTING HAVE_KVM_MSI HAVE_KVM_NO_POLL HAVE_KVM_PFNCACHE HAVE_KVM_PM_NOTIFIER HAVE_KVM_READONLY_MEM HAVE_SCHED_AVG_IRQ HDLC HDLC_CISCO HDLC_FR HDLC_PPP HDLC_RAW HDLC_RAW_ETH HDLC_X25 HDMI HFSPLUS_FS HFS_FS HID_ACCUTOUCH HID_ACRUX HID_ACRUX_FF HID_ALPS HID_APPLEIR HID_ASUS HID_AUREAL HID_BATTERY_STRENGTH HID_BETOP_FF HID_BIGBEN_FF HID_CMEDIA HID_CORSAIR HID_COUGAR HID_CP2112 HID_CREATIVE_SB0540 HID_ELAN HID_ELECOM HID_ELO HID_EMS_FF HID_EVISION HID_FT260 HID_GEMBIRD HID_GFRM HID_GLORIOUS HID_GOOGLE_STADIA_FF HID_GREENASIA HID_GT683R HID_HOLTEK HID_ICADE HID_JABRA HID_KEYTOUCH HID_KYE HID_LCPOWER HID_LED HID_LENOVO HID_LETSKETCH HID_LOGITECH HID_LOGITECH_DJ HID_LOGITECH_HIDPP HID_MACALLY HID_MAGICMOUSE HID_MALTRON HID_MAYFLASH HID_MCP2200 HID_MCP2221 HID_MEGAWORLD_FF HID_MULTITOUCH HID_NTI HID_ORTEK HID_PENMOUNT HID_PICOLCD HID_PICOLCD_BACKLIGHT HID_PICOLCD_CIR HID_PICOLCD_FB HID_PICOLCD_LCD HID_PICOLCD_LEDS HID_PLANTRONICS HID_PRIMAX HID_PRODIKEYS HID_PXRC HID_RAZER HID_RETRODE HID_RMI HID_ROCCAT HID_SAITEK HID_SEMITEK HID_SENSOR_ACCEL_3D HID_SENSOR_ALS HID_SENSOR_CUSTOM_INTEL_HINGE HID_SENSOR_CUSTOM_SENSOR HID_SENSOR_DEVICE_ROTATION HID_SENSOR_GYRO_3D HID_SENSOR_HUB HID_SENSOR_HUMIDITY HID_SENSOR_IIO_COMMON HID_SENSOR_IIO_TRIGGER HID_SENSOR_INCLINOMETER_3D HID_SENSOR_MAGNETOMETER_3D HID_SENSOR_PRESS HID_SENSOR_PROX HID_SENSOR_TEMP HID_SIGMAMICRO HID_SPEEDLINK HID_STEELSERIES HID_THINGM HID_TIVO HID_TOPRE HID_TWINHAN HID_U2FZERO HID_UCLOGIC HID_UDRAW_PS3 HID_VIEWSONIC HID_VIVALDI HID_VIVALDI_COMMON HID_VRC2 HID_WACOM HID_WALTOP HID_WIIMOTE HID_XIAOMI HID_XINMO HID_ZYDACRON HMM_MIRROR HOLTEK_FF HOTPLUG_PCI_PCIE HPET_MMAP HPET_MMAP_DEFAULT HPFS_FS I2C_ALGOBIT I2C_CHARDEV I2C_CP2615 I2C_DESIGNWARE_CORE I2C_DESIGNWARE_PLATFORM I2C_DIOLAN_U2C I2C_DLN2 I2C_HID_ACPI I2C_HID_CORE I2C_HID_OF I2C_LJCA I2C_MUX I2C_MUX_REG I2C_ROBOTFUZZ_OSIF I2C_SI4713 I2C_SLAVE I2C_SLAVE_EEPROM I2C_TINY_USB I2C_VIPERBOARD IEEE802154 IEEE802154_6LOWPAN IEEE802154_ATUSB IEEE802154_DRIVERS IEEE802154_HWSIM IEEE802154_NL802154_EXPERIMENTAL IEEE802154_SOCKET IFB IIO IIO_BUFFER IIO_KFIFO_BUF IIO_TRIGGER IIO_TRIGGERED_BUFFER IKCONFIG IKCONFIG_PROC IMA IMA_APPRAISE IMA_APPRAISE_MODSIG IMA_DEFAULT_HASH_SHA256 IMA_LSM_RULES IMA_MEASURE_ASYMMETRIC_KEYS IMA_NG_TEMPLATE IMA_QUEUE_EARLY_BOOT_KEYS IMA_READ_POLICY IMA_WRITE_POLICY INET6_ESPINTCP INET6_ESP_OFFLOAD INET6_IPCOMP INET6_TUNNEL INET6_XFRM_TUNNEL INET_AH INET_DCCP_DIAG INET_DIAG INET_DIAG_DESTROY INET_ESP INET_ESPINTCP INET_ESP_OFFLOAD INET_IPCOMP INET_MPTCP_DIAG INET_RAW_DIAG INET_SCTP_DIAG INET_TCP_DIAG INET_UDP_DIAG INET_XFRM_TUNNEL INFINIBAND INFINIBAND_ADDR_TRANS INFINIBAND_ADDR_TRANS_CONFIGFS INFINIBAND_IPOIB INFINIBAND_IPOIB_CM INFINIBAND_IPOIB_DEBUG INFINIBAND_ISER INFINIBAND_ON_DEMAND_PAGING INFINIBAND_RTRS INFINIBAND_SRP INFINIBAND_USER_ACCESS INFINIBAND_USER_MAD INFINIBAND_USER_MEM INPUT_ATI_REMOTE2 INPUT_CM109 INPUT_IMS_PCU INPUT_JOYDEV INPUT_KEYSPAN_REMOTE INPUT_LEDS INPUT_MOUSEDEV INPUT_MOUSEDEV_PSAUX INPUT_POWERMATE INPUT_UINPUT INPUT_YEALINK INTEGRITY INTEGRITY_ASYMMETRIC_KEYS INTEGRITY_AUDIT INTEGRITY_SIGNATURE INTEGRITY_TRUSTED_KEYRING INTEL_CHTWC_INT33FE INTEL_IDMA64 INTEL_IOATDMA INTEL_IOMMU_DEFAULT_ON INTEL_IOMMU_SVM INTEL_ISHTP_ECLITE INTEL_ISH_FIRMWARE_DOWNLOADER INTEL_ISH_HID INTEL_SOC_PMIC_CHTWC INTERVAL_TREE_SPAN_ITER IOMMUFD IOMMUFD_DRIVER IOMMUFD_DRIVER_CORE IOMMUFD_TEST IO_URING_ZCRX IP6_NF_MATCH_AH IP6_NF_MATCH_EUI64 IP6_NF_MATCH_FRAG IP6_NF_MATCH_HL IP6_NF_MATCH_MH IP6_NF_MATCH_OPTS IP6_NF_MATCH_RPFILTER IP6_NF_MATCH_RT IP6_NF_MATCH_SRH IP6_NF_NAT IP6_NF_RAW IP6_NF_SECURITY IP6_NF_TARGET_HL IP6_NF_TARGET_MASQUERADE IP6_NF_TARGET_NPT IP6_NF_TARGET_SYNPROXY IPV6_FOU IPV6_FOU_TUNNEL IPV6_GRE IPV6_ILA IPV6_MIP6 IPV6_MROUTE IPV6_MROUTE_MULTIPLE_TABLES IPV6_MULTIPLE_TABLES IPV6_OPTIMISTIC_DAD IPV6_PIMSM_V2 IPV6_ROUTER_PREF IPV6_ROUTE_INFO IPV6_RPL_LWTUNNEL IPV6_SEG6_BPF IPV6_SEG6_HMAC IPV6_SEG6_LWTUNNEL IPV6_SIT_6RD IPV6_SUBTREES IPV6_TUNNEL IPV6_VTI IPVLAN IPVLAN_L3S IPVTAP IP_DCCP IP_DCCP_CCID3 IP_DCCP_TFRC_LIB IP_FIB_TRIE_STATS IP_MROUTE_MULTIPLE_TABLES IP_NF_ARPFILTER IP_NF_ARPTABLES IP_NF_ARP_MANGLE IP_NF_MATCH_AH IP_NF_MATCH_ECN IP_NF_MATCH_RPFILTER IP_NF_MATCH_TTL IP_NF_RAW IP_NF_SECURITY IP_NF_TARGET_ECN IP_NF_TARGET_NETMAP IP_NF_TARGET_REDIRECT IP_NF_TARGET_SYNPROXY IP_NF_TARGET_TTL IP_ROUTE_CLASSID IP_SCTP IP_SET IP_SET_BITMAP_IP IP_SET_BITMAP_IPMAC IP_SET_BITMAP_PORT IP_SET_HASH_IP IP_SET_HASH_IPMAC IP_SET_HASH_IPMARK IP_SET_HASH_IPPORT IP_SET_HASH_IPPORTIP IP_SET_HASH_IPPORTNET IP_SET_HASH_MAC IP_SET_HASH_NET IP_SET_HASH_NETIFACE IP_SET_HASH_NETNET IP_SET_HASH_NETPORT IP_SET_HASH_NETPORTNET IP_SET_LIST_SET IRQ_TIME_ACCOUNTING LAPB LCD_CLASS_DEVICE LEDS_CLASS_MULTICOLOR MAC802154 MEDIA_DIGITAL_TV_SUPPORT MEDIA_RADIO_SUPPORT MEDIA_SDR_SUPPORT MEDIA_SUPPORT MEDIA_TEST_SUPPORT MEDIA_USB_SUPPORT MEMORY_HOTPLUG MEMORY_HOTREMOVE MFD_DLN2 MFD_VIPERBOARD MODVERSIONS MPTCP MTD NETFILTER_ADVANCED NET_ACT_GACT NET_ACT_MIRRED NET_IPGRE_DEMUX NFT_COMPAT NFT_COMPAT_ARP NFT_FWD_NETDEV NF_TABLES NF_TABLES_ARP NF_TABLES_NETDEV PAGE_POOL RADIO_ADAPTERS RADIO_SI4713 RAS RC_CORE REGULATOR RFKILL SND SOUND STAGING TRANSPARENT_HUGEPAGE TYPEC TYPEC_MUX_PI3USB30532 USB_LJCA USB_ROLES_INTEL_XHCI USB_ROLE_SWITCH VIDEO_DEV VIRTIO_FS WAN ZONE_DEVICE] disabling configs for [LOCKDEP ATOMIC_SLEEP HANG LEAK UBSAN BUG], they are not needed picked [v6.14 v6.13 v6.12 v6.10 v6.8 v6.6 v6.4 v6.2 v5.19 v5.16 v5.13 v5.10 v5.7 v5.4 v5.1 v4.19] out of 37 release tags testing release v6.14 testing commit 38fec10eb60d687e30c8c6b5420d86e8149f7557 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 0095b8b53552f06dd1254841e5ee61620c364474ef8f4bda709ca68c2005f923 all runs: OK false negative chance: 0.000 # git bisect start acc4d5ff0b61eb1715c498b6536c38c1feb7f3c1 38fec10eb60d687e30c8c6b5420d86e8149f7557 Bisecting: 6002 revisions left to test after this (roughly 13 steps) [2f24482304ebd32c5aa374f31465b9941a860b92] Merge tag 'soc-dt-6.15' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc testing commit 2f24482304ebd32c5aa374f31465b9941a860b92 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 5f324f65740409dee9ae99ccebdec4546361fb6b3092a47ffeff4a67c5961eaa all runs: OK false negative chance: 0.000 # git bisect good 2f24482304ebd32c5aa374f31465b9941a860b92 Bisecting: 3103 revisions left to test after this (roughly 12 steps) [0c86b42439b6c11d758b3392a21117934fef00c1] Merge tag 'drm-next-2025-03-28' of https://gitlab.freedesktop.org/drm/kernel testing commit 0c86b42439b6c11d758b3392a21117934fef00c1 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 72843e9cfffa3e24634ea5e1121cdcd2981a24e1276e67d4e128efefad1198b4 all runs: OK false negative chance: 0.000 # git bisect good 0c86b42439b6c11d758b3392a21117934fef00c1 Bisecting: 1562 revisions left to test after this (roughly 11 steps) [c1f4534b213d7be41b5d8b815a42d201a8f2978f] scripts: generate_rust_analyzer: fix pin-init name in kernel deps testing commit c1f4534b213d7be41b5d8b815a42d201a8f2978f gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 7fa1ae750c658d67ea6cb129e4349c6b18347a9faf99e5c39f956e11f385dccf all runs: OK false negative chance: 0.000 # git bisect good c1f4534b213d7be41b5d8b815a42d201a8f2978f Bisecting: 752 revisions left to test after this (roughly 10 steps) [eb0ece16027f8223d5dc9aaf90124f70577bd22a] Merge tag 'mm-stable-2025-03-30-16-52' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm testing commit eb0ece16027f8223d5dc9aaf90124f70577bd22a gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: ac634d50a4f4990b4b518d34576e450a3f3d82e7bf96f1125e96be2fd3f4d821 all runs: OK false negative chance: 0.000 # git bisect good eb0ece16027f8223d5dc9aaf90124f70577bd22a Bisecting: 317 revisions left to test after this (roughly 9 steps) [25601e85441dd91cf7973b002f27af4c5b8691ea] Merge tag 'char-misc-6.15-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc testing commit 25601e85441dd91cf7973b002f27af4c5b8691ea gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 274dc7f13d39dbe763ea1c0ea967b94566ed27083d94c08ca2ca95b3b02d16c8 all runs: OK false negative chance: 0.000 # git bisect good 25601e85441dd91cf7973b002f27af4c5b8691ea Bisecting: 157 revisions left to test after this (roughly 7 steps) [28a1b05678f4e88de90b0987b06e13c454ad9bd6] Merge tag 'i2c-for-6.15-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux testing commit 28a1b05678f4e88de90b0987b06e13c454ad9bd6 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: e9b35a6f8a7c2815445184b21f122fb195c9865c67cb7cc38a5df237f9796d43 all runs: OK false negative chance: 0.000 # git bisect good 28a1b05678f4e88de90b0987b06e13c454ad9bd6 Bisecting: 102 revisions left to test after this (roughly 6 steps) [792b8307ecd237ba719736c5310430cff3dd2296] Merge tag 'edac_urgent_for_v6.15_rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/ras/ras testing commit 792b8307ecd237ba719736c5310430cff3dd2296 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 1e274d02c6e120d3df0528e12b379408a7bb4ab77c0666adc4b80813c40e7459 all runs: OK false negative chance: 0.000 # git bisect good 792b8307ecd237ba719736c5310430cff3dd2296 Bisecting: 52 revisions left to test after this (roughly 6 steps) [48552153cf49e252071f28e45d770b3741040e4e] Merge tag 'for-linus-iommufd' of git://git.kernel.org/pub/scm/linux/kernel/git/jgg/iommufd testing commit 48552153cf49e252071f28e45d770b3741040e4e gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 27fa467d4ded9e64ea9aa913eb40ebafa6042212e6e2a3370c339dfac816ea22 all runs: crashed: KASAN: slab-use-after-free Read in software_node_notify_remove representative crash: KASAN: slab-use-after-free Read in software_node_notify_remove, types: [KASAN] # git bisect bad 48552153cf49e252071f28e45d770b3741040e4e Bisecting: 24 revisions left to test after this (roughly 5 steps) [bc06f7f66de404ae6323963361fe4e2f5f71a1e5] iommufd/device: Only add reserved_iova in non-pasid path testing commit bc06f7f66de404ae6323963361fe4e2f5f71a1e5 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: aedcad971f92baf0761e89982a04dc87397e69f7d2b588cfda8863e889667848 all runs: OK false negative chance: 0.000 # git bisect good bc06f7f66de404ae6323963361fe4e2f5f71a1e5 Bisecting: 12 revisions left to test after this (roughly 4 steps) [068e14025158986842f783147f9e41a59fbc97cd] iommufd/selftest: Add a helper to get test device testing commit 068e14025158986842f783147f9e41a59fbc97cd gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: c584f309bf7903cddade1eb2e6ed5fc4f850459fbe3205ed202d1db2665190be all runs: crashed: KASAN: slab-use-after-free Read in software_node_notify_remove representative crash: KASAN: slab-use-after-free Read in software_node_notify_remove, types: [KASAN] # git bisect bad 068e14025158986842f783147f9e41a59fbc97cd Bisecting: 5 revisions left to test after this (roughly 3 steps) [ff3f014ebb1e2fbafd407243e57fbad314472cc1] iommufd: Enforce PASID-compatible domain in PASID path testing commit ff3f014ebb1e2fbafd407243e57fbad314472cc1 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: bc87e483b3fb6b5f839b7b684f5eef4259b17f08318484f485f1561fcf25e48d all runs: OK false negative chance: 0.000 # git bisect good ff3f014ebb1e2fbafd407243e57fbad314472cc1 Bisecting: 2 revisions left to test after this (roughly 2 steps) [ce15c13e7a1423cf418f825d33ab1747b151cfd6] iommu/vt-d: Add IOMMU_HWPT_ALLOC_PASID support testing commit ce15c13e7a1423cf418f825d33ab1747b151cfd6 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 1584fa64f5d26353d02dcdb1b74bf05a3737e14944913cabdac32dc0e5e6fd76 all runs: OK false negative chance: 0.000 # git bisect good ce15c13e7a1423cf418f825d33ab1747b151cfd6 Bisecting: 0 revisions left to test after this (roughly 1 step) [9eb59204d5197b4add63968c8c5b7633631f9a5a] iommufd/selftest: Add set_dev_pasid in mock iommu testing commit 9eb59204d5197b4add63968c8c5b7633631f9a5a gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: ae4c9cfa15c5ee51666dfaded188ec0f1071763355ac41eae5e98f62b9afb628 all runs: crashed: KASAN: slab-use-after-free Read in software_node_notify_remove representative crash: KASAN: slab-use-after-free Read in software_node_notify_remove, types: [KASAN] # git bisect bad 9eb59204d5197b4add63968c8c5b7633631f9a5a Bisecting: 0 revisions left to test after this (roughly 0 steps) [dbc5f37b4f8ad833132f77c1f67e68bb11ca9b9e] iommufd: Allow allocating PASID-compatible domain testing commit dbc5f37b4f8ad833132f77c1f67e68bb11ca9b9e gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: d714ef866d1161b4bfdf64886286e843e8a768c6ffcd0891557b0dfd45a74534 all runs: OK false negative chance: 0.000 # git bisect good dbc5f37b4f8ad833132f77c1f67e68bb11ca9b9e 9eb59204d5197b4add63968c8c5b7633631f9a5a is the first bad commit commit 9eb59204d5197b4add63968c8c5b7633631f9a5a Author: Yi Liu Date: Fri Mar 21 10:19:37 2025 -0700 iommufd/selftest: Add set_dev_pasid in mock iommu The callback is needed to make pasid_attach/detach path complete for mock device. A nop is enough for set_dev_pasid. A MOCK_FLAGS_DEVICE_PASID is added to indicate a pasid-capable mock device for the pasid test cases. Other test cases will still create a non-pasid mock device. While the mock iommu always pretends to be pasid-capable. Link: https://patch.msgid.link/r/20250321171940.7213-16-yi.l.liu@intel.com Reviewed-by: Kevin Tian Reviewed-by: Nicolin Chen Signed-off-by: Yi Liu Tested-by: Nicolin Chen Signed-off-by: Jason Gunthorpe drivers/iommu/iommufd/iommufd_test.h | 4 ++++ drivers/iommu/iommufd/selftest.c | 37 +++++++++++++++++++++++++++++++----- 2 files changed, 36 insertions(+), 5 deletions(-) accumulated error probability: 0.00 culprit signature: ae4c9cfa15c5ee51666dfaded188ec0f1071763355ac41eae5e98f62b9afb628 parent signature: d714ef866d1161b4bfdf64886286e843e8a768c6ffcd0891557b0dfd45a74534 revisions tested: 21, total time: 10h45m45.366793407s (build: 6h2m13.412740773s, test: 2h56m23.697803426s) first bad commit: 9eb59204d5197b4add63968c8c5b7633631f9a5a iommufd/selftest: Add set_dev_pasid in mock iommu recipients (to): ["jgg@nvidia.com" "kevin.tian@intel.com" "nicolinc@nvidia.com" "yi.l.liu@intel.com"] recipients (cc): [] crash: KASAN: slab-use-after-free Read in software_node_notify_remove R13: 0000000000000000 R14: 00007f7ff4fa5fa0 R15: 00007ffe807e1a68 iommufd_mock iommufd_mock0: Adding to iommu group 0 ================================================================== BUG: KASAN: slab-use-after-free in software_node_notify_remove+0x16a/0x170 drivers/base/swnode.c:1108 Read of size 1 at addr ffff8881721ed908 by task syz.3.18/3559 CPU: 1 UID: 0 PID: 3559 Comm: syz.3.18 Not tainted 6.14.0-rc2-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 Call Trace: __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x108/0x280 lib/dump_stack.c:120 print_address_description mm/kasan/report.c:378 [inline] print_report+0x169/0x550 mm/kasan/report.c:489 kasan_report+0x143/0x180 mm/kasan/report.c:602 software_node_notify_remove+0x16a/0x170 drivers/base/swnode.c:1108 device_platform_notify_remove drivers/base/core.c:2386 [inline] device_del+0x44c/0x730 drivers/base/core.c:3857 device_unregister+0x16/0xa0 drivers/base/core.c:3895 mock_dev_destroy drivers/iommu/iommufd/selftest.c:931 [inline] iommufd_test_mock_domain drivers/iommu/iommufd/selftest.c:993 [inline] iommufd_test+0x236d/0x40a0 drivers/iommu/iommufd/selftest.c:1702 iommufd_fops_ioctl+0x3f8/0x4b0 drivers/iommu/iommufd/main.c:419 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:906 [inline] __se_sys_ioctl+0xab/0x100 fs/ioctl.c:892 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0x8d/0x170 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f7ff4d8d169 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f7ff5b14038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 00007f7ff4fa5fa0 RCX: 00007f7ff4d8d169 RDX: 0000200000000200 RSI: 0000000000003ba0 RDI: 0000000000000003 RBP: 00007f7ff5b14090 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 R13: 0000000000000000 R14: 00007f7ff4fa5fa0 R15: 00007ffe807e1a68 Allocated by task 3559: kasan_save_stack mm/kasan/common.c:47 [inline] kasan_save_track+0x3f/0x80 mm/kasan/common.c:68 poison_kmalloc_redzone mm/kasan/common.c:377 [inline] __kasan_kmalloc+0x9d/0xb0 mm/kasan/common.c:394 kasan_kmalloc include/linux/kasan.h:260 [inline] __kmalloc_cache_noprof+0x238/0x430 mm/slub.c:4325 kmalloc_noprof include/linux/slab.h:901 [inline] kzalloc_noprof include/linux/slab.h:1037 [inline] swnode_register+0x54/0x500 drivers/base/swnode.c:790 fwnode_create_software_node+0x155/0x1a0 drivers/base/swnode.c:949 device_create_managed_software_node+0xd3/0x1b0 drivers/base/swnode.c:1060 mock_dev_create drivers/iommu/iommufd/selftest.c:913 [inline] iommufd_test_mock_domain drivers/iommu/iommufd/selftest.c:960 [inline] iommufd_test+0x1cac/0x40a0 drivers/iommu/iommufd/selftest.c:1702 iommufd_fops_ioctl+0x3f8/0x4b0 drivers/iommu/iommufd/main.c:419 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:906 [inline] __se_sys_ioctl+0xab/0x100 fs/ioctl.c:892 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0x8d/0x170 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f Freed by task 3559: kasan_save_stack mm/kasan/common.c:47 [inline] kasan_save_track+0x3f/0x80 mm/kasan/common.c:68 kasan_save_free_info+0x40/0x50 mm/kasan/generic.c:576 poison_slab_object mm/kasan/common.c:247 [inline] __kasan_slab_free+0x59/0x70 mm/kasan/common.c:264 kasan_slab_free include/linux/kasan.h:233 [inline] slab_free_hook mm/slub.c:2353 [inline] slab_free mm/slub.c:4609 [inline] kfree+0x17c/0x3d0 mm/slub.c:4757 kobject_cleanup lib/kobject.c:689 [inline] kobject_release lib/kobject.c:720 [inline] kref_put include/linux/kref.h:65 [inline] kobject_put+0x186/0x340 lib/kobject.c:737 software_node_notify_remove+0x114/0x170 drivers/base/swnode.c:1106 device_platform_notify_remove drivers/base/core.c:2386 [inline] device_del+0x44c/0x730 drivers/base/core.c:3857 device_unregister+0x16/0xa0 drivers/base/core.c:3895 mock_dev_destroy drivers/iommu/iommufd/selftest.c:931 [inline] iommufd_test_mock_domain drivers/iommu/iommufd/selftest.c:993 [inline] iommufd_test+0x236d/0x40a0 drivers/iommu/iommufd/selftest.c:1702 iommufd_fops_ioctl+0x3f8/0x4b0 drivers/iommu/iommufd/main.c:419 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:906 [inline] __se_sys_ioctl+0xab/0x100 fs/ioctl.c:892 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0x8d/0x170 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f The buggy address belongs to the object at ffff8881721ed800 which belongs to the cache kmalloc-512 of size 512 The buggy address is located 264 bytes inside of freed 512-byte region [ffff8881721ed800, ffff8881721eda00) The buggy address belongs to the physical page: page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1721ec head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 anon flags: 0x100000000000040(head|node=0|zone=2) page_type: f5(slab) raw: 0100000000000040 ffff888100041c80 ffffea00044ee800 dead000000000003 raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 head: 0100000000000040 ffff888100041c80 ffffea00044ee800 dead000000000003 head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 head: 0100000000000002 ffffea0005c87b01 ffffffffffffffff 0000000000000000 head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000 page dumped because: kasan: bad access detected page_owner tracks the page as allocated page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1763, tgid 1763 (syz-executor), ts 34603668982, free_ts 24024744640 set_page_owner include/linux/page_owner.h:32 [inline] post_alloc_hook+0x108/0x120 mm/page_alloc.c:1551 prep_new_page mm/page_alloc.c:1559 [inline] get_page_from_freelist+0x4725/0x4900 mm/page_alloc.c:3477 __alloc_frozen_pages_noprof+0x256/0x650 mm/page_alloc.c:4739 alloc_pages_mpol+0x224/0x4e0 mm/mempolicy.c:2270 alloc_slab_page mm/slub.c:2423 [inline] allocate_slab+0x8b/0x350 mm/slub.c:2587 new_slab mm/slub.c:2640 [inline] ___slab_alloc+0xa19/0x1160 mm/slub.c:3826 __slab_alloc mm/slub.c:3916 [inline] __slab_alloc_node mm/slub.c:3991 [inline] slab_alloc_node mm/slub.c:4152 [inline] __kmalloc_cache_noprof+0x299/0x430 mm/slub.c:4320 kmalloc_noprof include/linux/slab.h:901 [inline] kzalloc_noprof include/linux/slab.h:1037 [inline] seg6_net_init+0x4e/0x150 net/ipv6/seg6.c:424 ops_init+0x154/0x3f0 net/core/net_namespace.c:138 setup_net+0x306/0x880 net/core/net_namespace.c:362 copy_net_ns+0x27d/0x460 net/core/net_namespace.c:516 create_new_namespaces+0x381/0x660 kernel/nsproxy.c:110 unshare_nsproxy_namespaces+0xd8/0x120 kernel/nsproxy.c:228 ksys_unshare+0x3dd/0x840 kernel/fork.c:3342 __do_sys_unshare kernel/fork.c:3413 [inline] __se_sys_unshare kernel/fork.c:3411 [inline] __x64_sys_unshare+0x33/0x40 kernel/fork.c:3411 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0x8d/0x170 arch/x86/entry/common.c:83 page last free pid 1732 tgid 1732 stack trace: reset_page_owner include/linux/page_owner.h:25 [inline] free_pages_prepare mm/page_alloc.c:1127 [inline] free_frozen_pages+0xc1f/0xea0 mm/page_alloc.c:2660 __folio_put+0x234/0x2c0 mm/swap.c:112 pipe_buf_release include/linux/pipe_fs_i.h:219 [inline] pipe_update_tail fs/pipe.c:224 [inline] pipe_read+0x508/0xce0 fs/pipe.c:344 new_sync_read fs/read_write.c:484 [inline] vfs_read+0x870/0xae0 fs/read_write.c:565 ksys_read+0x149/0x230 fs/read_write.c:708 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0x8d/0x170 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f Memory state around the buggy address: ffff8881721ed800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ffff8881721ed880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb >ffff8881721ed900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ^ ffff8881721ed980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ffff8881721eda00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ==================================================================