ci2 starts bisection 2024-10-15 10:37:33.037720777 +0000 UTC m=+5349.937379415 bisecting fixing commit since 5d96939590c0122be2138255c921e57e3f78b7bd building syzkaller on 610f2a54d02f8cf4f2454c03bf679b602e6e59b6 ensuring issue is reproducible on original commit 5d96939590c0122be2138255c921e57e3f78b7bd testing commit 5d96939590c0122be2138255c921e57e3f78b7bd gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 6c4c1340c0ced3e686889520b50297703df3755c39a8fe87da008e84203bc2d2 run #0: crashed: BUG: soft lockup in bpf_map_free_deferred run #1: crashed: BUG: soft lockup in unix_release run #2: crashed: BUG: soft lockup in srcu_invoke_callbacks run #3: crashed: BUG: soft lockup in ipv6_rcv run #4: crashed: BUG: soft lockup in sock_read_iter run #5: crashed: BUG: soft lockup in unix_release run #6: crashed: BUG: soft lockup in srcu_invoke_callbacks run #7: crashed: BUG: soft lockup in kauditd_thread run #8: crashed: BUG: soft lockup in rcu_core_si run #9: crashed: BUG: soft lockup in unix_release run #10: crashed: BUG: soft lockup in mld_ifc_work run #11: crashed: BUG: soft lockup in sk_psock_destroy run #12: crashed: BUG: soft lockup in ipv6_rcv run #13: crashed: BUG: soft lockup in sock_read_iter run #14: crashed: BUG: soft lockup in kernfs_fop_read_iter run #15: crashed: BUG: soft lockup in sock_read_iter run #16: crashed: BUG: soft lockup in sys_openat run #17: crashed: BUG: soft lockup in rcu_core_si run #18: crashed: BUG: soft lockup in kfree_link run #19: crashed: BUG: soft lockup in kernfs_fop_read_iter representative crash: BUG: soft lockup in bpf_map_free_deferred, types: [HANG] check whether we can drop unnecessary instrumentation disabling configs for [UBSAN BUG KASAN LOCKDEP ATOMIC_SLEEP LEAK], they are not needed testing commit 5d96939590c0122be2138255c921e57e3f78b7bd gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: f01fa8a176da09e30b8ccedd417a551f30521ee472af9c604ec9618e0d2b3ada run #0: crashed: BUG: soft lockup in bpf_map_free_deferred run #1: crashed: BUG: soft lockup in bpf_map_free_deferred run #2: crashed: BUG: soft lockup in unix_release run #3: crashed: BUG: soft lockup in rcu_core_si run #4: crashed: BUG: soft lockup in sk_psock_destroy run #5: crashed: BUG: soft lockup in bpf_prog_free_deferred run #6: crashed: BUG: soft lockup in unix_release run #7: crashed: BUG: soft lockup in bpf_map_free_deferred run #8: crashed: BUG: soft lockup in rcu_core_si run #9: crashed: BUG: soft lockup in mld_ifc_work representative crash: BUG: soft lockup in bpf_map_free_deferred, types: [HANG] the bug reproduces without the instrumentation disabling configs for [UBSAN BUG KASAN LOCKDEP ATOMIC_SLEEP LEAK], they are not needed kconfig minimization: base=4920 full=6158 leaves diff=242 split chunks (needed=false): <242> split chunk #0 of len 242 into 5 parts testing without sub-chunk 1/5 disabling configs for [KASAN LOCKDEP ATOMIC_SLEEP LEAK UBSAN BUG], they are not needed testing commit 5d96939590c0122be2138255c921e57e3f78b7bd gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: dcc012fe676ed788ac796f13a676cb432dba20b6b7cc28fd46000574c8ae900d run #0: crashed: BUG: soft lockup in unix_release run #1: crashed: BUG: soft lockup in rcu_core_si run #2: crashed: BUG: soft lockup in unix_release run #3: crashed: BUG: soft lockup in bpf_prog_free_deferred run #4: crashed: BUG: soft lockup in unix_release run #5: crashed: BUG: soft lockup in unix_release run #6: crashed: BUG: soft lockup in bpf_map_free_deferred run #7: crashed: BUG: soft lockup in rcu_core_si run #8: crashed: BUG: soft lockup in addrconf_dad_work run #9: crashed: BUG: soft lockup in kfree_link representative crash: BUG: soft lockup in unix_release, types: [HANG] the chunk can be dropped testing without sub-chunk 2/5 disabling configs for [LEAK UBSAN BUG KASAN LOCKDEP ATOMIC_SLEEP], they are not needed testing commit 5d96939590c0122be2138255c921e57e3f78b7bd gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 95f1fb6a6420525fa8be8fd4b6ac22b3941553dde85e62b6de9505dc54605cfb run #0: crashed: BUG: soft lockup in ipv6_rcv run #1: crashed: BUG: soft lockup in sys_openat run #2: crashed: BUG: soft lockup in sock_read_iter run #3: crashed: BUG: soft lockup in unix_release run #4: crashed: BUG: soft lockup in ipv6_rcv run #5: crashed: BUG: soft lockup in unix_release run #6: crashed: BUG: soft lockup in rcu_core_si run #7: crashed: BUG: soft lockup in srcu_invoke_callbacks run #8: crashed: BUG: soft lockup in unix_release run #9: crashed: no output from test machine representative crash: BUG: soft lockup in ipv6_rcv, types: [HANG] the chunk can be dropped testing without sub-chunk 3/5 disabling configs for [LEAK UBSAN BUG KASAN LOCKDEP ATOMIC_SLEEP], they are not needed testing commit 5d96939590c0122be2138255c921e57e3f78b7bd gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 3b53af76717e009429f6161ef4258f3b5e52aab585abb15abae8a718dd84850e run #0: crashed: BUG: soft lockup in unix_release run #1: crashed: BUG: soft lockup in srcu_invoke_callbacks run #2: crashed: BUG: soft lockup in unix_release run #3: crashed: BUG: soft lockup in unix_release run #4: crashed: BUG: soft lockup in bpf_map_free_deferred run #5: crashed: BUG: soft lockup in bpf_map_free_deferred run #6: crashed: BUG: soft lockup in bpf_map_free_deferred run #7: crashed: BUG: soft lockup in rcu_core_si run #8: crashed: BUG: soft lockup in unix_release run #9: crashed: BUG: soft lockup in kauditd_thread representative crash: BUG: soft lockup in unix_release, types: [HANG] the chunk can be dropped testing without sub-chunk 4/5 disabling configs for [UBSAN BUG KASAN LOCKDEP ATOMIC_SLEEP LEAK], they are not needed testing commit 5d96939590c0122be2138255c921e57e3f78b7bd gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 3e7325d19e5ccf8265b1cb130f1c00723a0d308328ac7ec399ef4458546f340b run #0: crashed: BUG: soft lockup in rcu_core_si run #1: crashed: BUG: soft lockup in unix_release run #2: crashed: BUG: soft lockup in unix_release run #3: crashed: BUG: soft lockup in unix_release run #4: crashed: BUG: soft lockup in net_rx_action run #5: crashed: BUG: soft lockup in unix_release run #6: crashed: BUG: soft lockup in unix_release run #7: crashed: BUG: soft lockup in sys_syslog run #8: crashed: BUG: soft lockup in unix_release run #9: crashed: no output from test machine representative crash: BUG: soft lockup in rcu_core_si, types: [HANG] the chunk can be dropped testing without sub-chunk 5/5 disabling configs for [ATOMIC_SLEEP LEAK UBSAN BUG KASAN LOCKDEP], they are not needed testing commit 5d96939590c0122be2138255c921e57e3f78b7bd gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 failed building 5d96939590c0122be2138255c921e57e3f78b7bd: net/socket.c:1191: undefined reference to `wext_handle_ioctl' net/socket.c:3385: undefined reference to `compat_wext_handle_ioctl' net/core/net-procfs.c:343: undefined reference to `wext_proc_exit' net/core/net-procfs.c:327: undefined reference to `wext_proc_init' minimized to 46 configs; suspects: [HID_ZEROPLUS USB_NET_GL620A USB_NET_MCS7830 USB_NET_NET1080 USB_NET_PLUSB USB_NET_RNDIS_HOST USB_NET_SMSC75XX USB_NET_SMSC95XX USB_NET_SR9700 USB_NET_SR9800 USB_NET_ZAURUS USB_OHCI_HCD USB_OHCI_HCD_PCI USB_OHCI_HCD_PLATFORM USB_OTG USB_OTG_FSM USB_PRINTER USB_SERIAL USB_SERIAL_FTDI_SIO USB_SERIAL_GENERIC USB_SERIAL_PL2303 USB_STORAGE_ALAUDA USB_STORAGE_CYPRESS_ATACB USB_STORAGE_DATAFAB USB_STORAGE_FREECOM USB_STORAGE_ISD200 USB_STORAGE_JUMPSHOT USB_STORAGE_KARMA USB_STORAGE_ONETOUCH USB_STORAGE_SDDR09 USB_STORAGE_SDDR55 USB_STORAGE_USBAT USB_TRANCEVIBRATOR USB_U_AUDIO USB_U_ETHER USB_U_SERIAL USB_WDM WLAN WLAN_VENDOR_ATH WLAN_VENDOR_ATMEL WLAN_VENDOR_BROADCOM WLAN_VENDOR_INTERSIL WLAN_VENDOR_MARVELL WLAN_VENDOR_MEDIATEK WLAN_VENDOR_MICROCHIP WLAN_VENDOR_RALINK WLAN_VENDOR_REALTEK WLAN_VENDOR_RSI WLAN_VENDOR_ZYDAS X86_X32 ZEROPLUS_FF] disabling configs for [BUG KASAN LOCKDEP ATOMIC_SLEEP LEAK UBSAN], they are not needed testing current HEAD 5e4635681cf1a50f26f88af7a946375ec6908d58 testing commit 5e4635681cf1a50f26f88af7a946375ec6908d58 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 021592a093905a5df2a4113fa84162fc7e330e01d2eaeef9dab3b02bfba9172b all runs: OK false negative chance: 0.000 # git bisect start 5e4635681cf1a50f26f88af7a946375ec6908d58 5d96939590c0122be2138255c921e57e3f78b7bd Bisecting: 2011 revisions left to test after this (roughly 11 steps) [08d1c49bfa589a3950ae195040f5bdd585950354] clk: qcom: mmcc-msm8998: fix venus clock issue determine whether the revision contains the guilty commit checking the merge base 458ce51d0356ee60c93f9f807d9827cf2a41643d no existing result, test the revision testing commit 458ce51d0356ee60c93f9f807d9827cf2a41643d gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: d3041e0b4f119b6476c549391532a7868e526c04bd4fd9926975e802e39fefb4 run #0: crashed: BUG: soft lockup in bpf_map_free_deferred run #1: crashed: BUG: soft lockup in kauditd_thread run #2: crashed: BUG: soft lockup in unix_release run #3: crashed: BUG: soft lockup in arp_rcv run #4: crashed: BUG: soft lockup in rcu_core_si run #5: crashed: BUG: soft lockup in unix_release run #6: crashed: BUG: soft lockup in bpf_prog_free_deferred run #7: crashed: BUG: soft lockup in ipv6_rcv run #8: crashed: BUG: soft lockup in unix_release run #9: crashed: BUG: soft lockup in ipv6_rcv representative crash: BUG: soft lockup in bpf_map_free_deferred, types: [HANG] testing commit 08d1c49bfa589a3950ae195040f5bdd585950354 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 349c2dbda512ffb59543f4798684262970371506597dd4ff2c28f3b698a4eb2f run #0: crashed: BUG: soft lockup in addrconf_dad_work run #1: crashed: BUG: soft lockup in bpf_map_free_deferred run #2: crashed: BUG: soft lockup in ipv6_rcv run #3: crashed: BUG: soft lockup in mld_ifc_work run #4: crashed: BUG: soft lockup in ipv6_rcv run #5: crashed: BUG: soft lockup in unix_release run #6: crashed: BUG: soft lockup in unix_release run #7: crashed: BUG: soft lockup in kauditd_thread run #8: crashed: BUG: soft lockup in handle_softirqs run #9: crashed: BUG: soft lockup in unix_release representative crash: BUG: soft lockup in addrconf_dad_work, types: [HANG] # git bisect good 08d1c49bfa589a3950ae195040f5bdd585950354 Bisecting: 1005 revisions left to test after this (roughly 10 steps) [451952f2ff06946b7e8317e7ed32545cc7f1370e] task_work: s/task_work_cancel()/task_work_cancel_func()/ determine whether the revision contains the guilty commit revision 458ce51d0356ee60c93f9f807d9827cf2a41643d crashed and is reachable testing commit 451952f2ff06946b7e8317e7ed32545cc7f1370e gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 1cd5165955111be1007db8869a336f3f55dfb189e8ec454bbb0624c1f0b2ec5f all runs: OK false negative chance: 0.000 # git bisect bad 451952f2ff06946b7e8317e7ed32545cc7f1370e Bisecting: 502 revisions left to test after this (roughly 9 steps) [9eb0295f39dc1c02d72e80365982593bec0e658e] net: dsa: microchip: fix initial port flush problem determine whether the revision contains the guilty commit revision 458ce51d0356ee60c93f9f807d9827cf2a41643d crashed and is reachable testing commit 9eb0295f39dc1c02d72e80365982593bec0e658e gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 066574431c5e8af92959ce3162279465d8b189be607e75d3f2d4db12ea57891d all runs: OK false negative chance: 0.000 # git bisect bad 9eb0295f39dc1c02d72e80365982593bec0e658e Bisecting: 251 revisions left to test after this (roughly 8 steps) [582c32e6df40a1b76c0cc11f4c8648e2a3d8c6bb] tcp: count CLOSE-WAIT sockets for TCP_MIB_CURRESTAB determine whether the revision contains the guilty commit revision 08d1c49bfa589a3950ae195040f5bdd585950354 crashed and is reachable testing commit 582c32e6df40a1b76c0cc11f4c8648e2a3d8c6bb gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: e141bf48c0385425502701f8a12e902f5fc92f5b8bfedbc54216b361089dd390 run #0: infra problem: &{Code:ZONE_RESOURCE_POOL_EXHAUSTED_WITH_DETAILS ErrorDetails:[0xc0033a83c0 0xc0033a84b0 0xc0033a8550] Location: Message:The zone 'projects/syzkaller/zones/us-central1-b' does not have enough resources available to fulfill the request. '(resource type:compute)'. ForceSendFields:[] NullFields:[]} run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK false negative chance: 0.000 # git bisect bad 582c32e6df40a1b76c0cc11f4c8648e2a3d8c6bb Bisecting: 125 revisions left to test after this (roughly 7 steps) [6eec23fa6e90d363c3e5e490acdc77b5d906a036] openvswitch: Set the skbuff pkt_type for proper pmtud support. determine whether the revision contains the guilty commit revision 458ce51d0356ee60c93f9f807d9827cf2a41643d crashed and is reachable testing commit 6eec23fa6e90d363c3e5e490acdc77b5d906a036 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 0f1dd2130c891ed22bf4ff41020d80417b5322a4385db367ad310a7031fa86fb run #0: crashed: BUG: soft lockup in handle_softirqs run #1: crashed: BUG: soft lockup in unix_release run #2: crashed: BUG: soft lockup in unix_release run #3: crashed: BUG: soft lockup in mld_ifc_work run #4: crashed: BUG: soft lockup in x64_sys_call run #5: crashed: BUG: soft lockup in ipv6_rcv run #6: crashed: BUG: soft lockup in unix_release run #7: crashed: BUG: soft lockup in unix_release run #8: crashed: BUG: soft lockup in kauditd_thread run #9: crashed: BUG: soft lockup in unix_release representative crash: BUG: soft lockup in handle_softirqs, types: [HANG] # git bisect good 6eec23fa6e90d363c3e5e490acdc77b5d906a036 Bisecting: 62 revisions left to test after this (roughly 6 steps) [2226b145afa5e13cb60dbe77fb20fb0666a1caf3] thermal/drivers/qcom/lmh: Check for SCM availability at probe determine whether the revision contains the guilty commit revision 458ce51d0356ee60c93f9f807d9827cf2a41643d crashed and is reachable testing commit 2226b145afa5e13cb60dbe77fb20fb0666a1caf3 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 6c65ffe3cd145bbe859d20db3d146501041ec74a291f4f02a74c83d482206899 all runs: OK false negative chance: 0.000 # git bisect bad 2226b145afa5e13cb60dbe77fb20fb0666a1caf3 Bisecting: 31 revisions left to test after this (roughly 5 steps) [e5ed2cd0550f8395d027d24d2b796f8a4e5d3a51] spi: stm32: Don't warn about spurious interrupts determine whether the revision contains the guilty commit revision 08d1c49bfa589a3950ae195040f5bdd585950354 crashed and is reachable testing commit e5ed2cd0550f8395d027d24d2b796f8a4e5d3a51 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 9f9c30d59301e414889e7514dc7493a71d5be93163eaaacd41ff660d7472e8a9 all runs: OK false negative chance: 0.000 # git bisect bad e5ed2cd0550f8395d027d24d2b796f8a4e5d3a51 Bisecting: 15 revisions left to test after this (roughly 4 steps) [81f9b2a9a8c52d1c154cfc9bb957fcf556428ea9] nvmet: fix ns enable/disable possible hang determine whether the revision contains the guilty commit revision 08d1c49bfa589a3950ae195040f5bdd585950354 crashed and is reachable testing commit 81f9b2a9a8c52d1c154cfc9bb957fcf556428ea9 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: d3a88c9dcfea778ca3f18ec1604cf0f6040fc545eb6dd779635029b89e22e080 run #0: crashed: BUG: soft lockup in unix_release run #1: crashed: BUG: soft lockup in unix_release run #2: crashed: BUG: soft lockup in bpf_map_free_deferred run #3: crashed: BUG: soft lockup in unix_release run #4: crashed: BUG: soft lockup in handle_softirqs run #5: crashed: BUG: soft lockup in x64_sys_call run #6: crashed: BUG: soft lockup in unix_release run #7: crashed: BUG: soft lockup in handle_softirqs run #8: crashed: BUG: soft lockup in ipv6_rcv run #9: crashed: BUG: soft lockup in unix_release representative crash: BUG: soft lockup in unix_release, types: [HANG] # git bisect good 81f9b2a9a8c52d1c154cfc9bb957fcf556428ea9 Bisecting: 7 revisions left to test after this (roughly 3 steps) [11e8ecc5b86037fec43d07b1c162e233e131b1d9] bpf: Allow delete from sockmap/sockhash only if update is allowed determine whether the revision contains the guilty commit revision 6eec23fa6e90d363c3e5e490acdc77b5d906a036 crashed and is reachable testing commit 11e8ecc5b86037fec43d07b1c162e233e131b1d9 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 99b72f0d61f94464fea8e15508031cb1c444bde87a61c678d4b78a2fc000487d all runs: OK false negative chance: 0.000 # git bisect bad 11e8ecc5b86037fec43d07b1c162e233e131b1d9 Bisecting: 3 revisions left to test after this (roughly 2 steps) [9d75fab2c14a25553a1664586ed122c316bd1878] dma-buf/sw-sync: don't enable IRQ from sync_print_obj() determine whether the revision contains the guilty commit revision 6eec23fa6e90d363c3e5e490acdc77b5d906a036 crashed and is reachable testing commit 9d75fab2c14a25553a1664586ed122c316bd1878 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: f01a5c2e4db1bd6b2a1e3a3061fdd57307976a60a8ad8d54c6fc452530ee8363 run #0: crashed: BUG: soft lockup in linkwatch_event run #1: crashed: BUG: soft lockup in bpf_map_free_deferred run #2: crashed: BUG: soft lockup in bpf_prog_free_deferred run #3: crashed: BUG: soft lockup in kauditd_thread run #4: crashed: BUG: soft lockup in unix_release run #5: crashed: BUG: soft lockup in kernfs_fop_read_iter run #6: crashed: BUG: soft lockup in unix_release run #7: crashed: BUG: soft lockup in mld_ifc_work run #8: crashed: BUG: soft lockup in handle_softirqs run #9: crashed: BUG: soft lockup in handle_softirqs representative crash: BUG: soft lockup in linkwatch_event, types: [HANG] # git bisect good 9d75fab2c14a25553a1664586ed122c316bd1878 Bisecting: 1 revision left to test after this (roughly 1 step) [25571a12fbc8a1283bd8380d461267956fd426f7] enic: Validate length of nl attributes in enic_set_vf_port determine whether the revision contains the guilty commit revision 6eec23fa6e90d363c3e5e490acdc77b5d906a036 crashed and is reachable testing commit 25571a12fbc8a1283bd8380d461267956fd426f7 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: b6f148af70bf9bb2668495285b37b2ec10e2a9c476a8167311471d86ffc6022d run #0: crashed: BUG: soft lockup in handle_softirqs run #1: crashed: BUG: soft lockup in unix_release run #2: crashed: BUG: soft lockup in ipv6_rcv run #3: crashed: BUG: soft lockup in unix_release run #4: crashed: BUG: soft lockup in addrconf_dad_work run #5: crashed: BUG: soft lockup in mld_ifc_work run #6: crashed: BUG: soft lockup in unix_release run #7: crashed: BUG: soft lockup in x64_sys_call run #8: crashed: BUG: soft lockup in unix_release run #9: crashed: BUG: soft lockup in unix_release representative crash: BUG: soft lockup in handle_softirqs, types: [HANG] # git bisect good 25571a12fbc8a1283bd8380d461267956fd426f7 Bisecting: 0 revisions left to test after this (roughly 0 steps) [a1f34dd7b8bbf4422cb09b5642aba3c178d88ef9] net: usb: smsc95xx: fix changing LED_SEL bit value updated from EEPROM determine whether the revision contains the guilty commit revision 9d75fab2c14a25553a1664586ed122c316bd1878 crashed and is reachable testing commit a1f34dd7b8bbf4422cb09b5642aba3c178d88ef9 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 8edad436c3bcaea7f32c2e2b70fc6d64b83f98b616b3de9c956d4b52c39acb71 run #0: crashed: BUG: soft lockup in handle_softirqs run #1: crashed: BUG: soft lockup in sk_psock_destroy run #2: crashed: BUG: soft lockup in unix_release run #3: crashed: BUG: soft lockup in unix_release run #4: crashed: BUG: soft lockup in unix_release run #5: crashed: BUG: soft lockup in unix_release run #6: crashed: BUG: soft lockup in unix_release run #7: crashed: BUG: soft lockup in unix_release run #8: crashed: BUG: soft lockup in ipv6_rcv run #9: crashed: BUG: soft lockup in handle_softirqs representative crash: BUG: soft lockup in handle_softirqs, types: [HANG] # git bisect good a1f34dd7b8bbf4422cb09b5642aba3c178d88ef9 11e8ecc5b86037fec43d07b1c162e233e131b1d9 is the first bad commit commit 11e8ecc5b86037fec43d07b1c162e233e131b1d9 Author: Jakub Sitnicki Date: Mon May 27 13:20:07 2024 +0200 bpf: Allow delete from sockmap/sockhash only if update is allowed [ Upstream commit 98e948fb60d41447fd8d2d0c3b8637fc6b6dc26d ] We have seen an influx of syzkaller reports where a BPF program attached to a tracepoint triggers a locking rule violation by performing a map_delete on a sockmap/sockhash. We don't intend to support this artificial use scenario. Extend the existing verifier allowed-program-type check for updating sockmap/sockhash to also cover deleting from a map. From now on only BPF programs which were previously allowed to update sockmap/sockhash can delete from these map types. Fixes: ff9105993240 ("bpf, sockmap: Prevent lock inversion deadlock in map delete elem") Reported-by: Tetsuo Handa Reported-by: syzbot+ec941d6e24f633a59172@syzkaller.appspotmail.com Signed-off-by: Jakub Sitnicki Signed-off-by: Daniel Borkmann Tested-by: syzbot+ec941d6e24f633a59172@syzkaller.appspotmail.com Acked-by: John Fastabend Closes: https://syzkaller.appspot.com/bug?extid=ec941d6e24f633a59172 Link: https://lore.kernel.org/bpf/20240527-sockmap-verify-deletes-v1-1-944b372f2101@cloudflare.com Signed-off-by: Sasha Levin kernel/bpf/verifier.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) accumulated error probability: 0.00 culprit signature: 99b72f0d61f94464fea8e15508031cb1c444bde87a61c678d4b78a2fc000487d parent signature: 8edad436c3bcaea7f32c2e2b70fc6d64b83f98b616b3de9c956d4b52c39acb71 revisions tested: 20, total time: 5h40m0.898890347s (build: 1h11m37.826537373s, test: 4h23m6.084628255s) first good commit: 11e8ecc5b86037fec43d07b1c162e233e131b1d9 bpf: Allow delete from sockmap/sockhash only if update is allowed recipients (to): ["daniel@iogearbox.net" "jakub@cloudflare.com" "john.fastabend@gmail.com" "sashal@kernel.org" "syzbot+ec941d6e24f633a59172@syzkaller.appspotmail.com"] recipients (cc): []