ci starts bisection 2023-06-27 17:59:43.502964541 +0000 UTC m=+91483.873481582 bisecting cause commit starting from 8a9922e7be6d042fa00f894c376473b17a162b66 building syzkaller on 4cd5bb25a2752a9a5b25597d1da34656681f07a6 ensuring issue is reproducible on original commit 8a9922e7be6d042fa00f894c376473b17a162b66 testing commit 8a9922e7be6d042fa00f894c376473b17a162b66 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 75b0eca60dadc42923541388af7aa08f14ba38e83a8d8c98bfa3b7a8df8aa1dc all runs: crashed: WARNING in fib6_add testing release v6.3 testing commit 457391b0380335d5e9a5babdec90ac53928b23b4 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 8e7c99b4446a36bc29331689ace9546db5aba36c2f5fbb20a7c4f2f87c7af313 all runs: crashed: WARNING in fib6_add testing release v6.2 testing commit c9c3395d5e3dcc6daee66c6908354d47bf98cb0c gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 failed building c9c3395d5e3dcc6daee66c6908354d47bf98cb0c: failed to run ["make" "-j" "64" "ARCH=x86_64" "bzImage"]: exit status 2 testing release v6.1 testing commit 830b3c68c1fb1e9176028d02ef86f3cf76aa2476 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: cd4265d046af574e622c5254ad4eb8dd268b17712e03dbde91cd02129851a970 all runs: crashed: WARNING in fib6_add testing release v6.0 testing commit 4fe89d07dcc2804c8b562f6c7896a45643d34b2f gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 674f79638c7fe5888dc4877e65a7a5596550e23f4fc720fc7dbc1dc1fa4eb28e all runs: crashed: WARNING in fib6_add testing release v5.19 testing commit 3d7cb6b04c3f3115719235cc6866b10326de34cd gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 4e31e93f56bd1a8a4f483bd57e46b9c366f455cad735ed146687fdf163f9185a all runs: crashed: WARNING in fib6_add testing release v5.18 testing commit 4b0986a3613c92f4ec1bdc7f60ec66fea135991f gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 40b26224826de8022f3517dc0adc9ec91acd787f625c41d6ff8306a35dc31bed all runs: crashed: WARNING in fib6_add testing release v5.17 testing commit f443e374ae131c168a065ea1748feac6b2e76613 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 18ed3119625fab3258cc03279fdbc7e06b6266f2a916d2663b1fb51507714ac3 all runs: crashed: WARNING in fib6_add testing release v5.16 testing commit df0cc57e057f18e44dac8e6c18aba47ab53202f9 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: a16727199088f95563a6c6906af3cfa1ef6b48e07c5c172c2e60aa6b0f0009d1 all runs: crashed: WARNING in fib6_add testing release v5.15 testing commit 8bb7eca972ad531c9b149c0a51ab43a417385813 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 4b5b2bb8cb35930a17321e0cc0122964524a767523622264b259692d21d372e9 all runs: crashed: WARNING in fib6_add testing release v5.14 testing commit 7d2a07b769330c34b4deabeed939325c77a7ec2f gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: cb8c951d10f6f7917dcfc40e383662d81f65b8ae1a2eac70870fb9a90fc7be65 all runs: crashed: WARNING in fib6_add testing release v5.13 testing commit 62fb9874f5da54fdb243003b386128037319b219 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: eaf8181af93ecf5711b5403261cdf80d9af79632d52961979e41db1622aa3c09 all runs: crashed: WARNING in fib6_add testing release v5.12 testing commit 9f4ad9e425a1d3b6a34617b8ea226d56a119a717 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 8142abaff46fca138d7c4fefb16231f9a5395010a0303c6b82d573401c108112 all runs: crashed: WARNING in fib6_add testing release v5.11 testing commit f40ddce88593482919761f74910f42f4b84c004b gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 3a6b4bd5f86e730ec6780ec9e57dd6e23a5ccc67f8c6a5660db6ab57a79cb089 all runs: OK too many neither good nor bad results, skipping this commit # git bisect start 9f4ad9e425a1d3b6a34617b8ea226d56a119a717 f40ddce88593482919761f74910f42f4b84c004b Bisecting: 6798 revisions left to test after this (roughly 13 steps) [d99676af540c2dc829999928fb81c58c80a1dce4] Merge tag 'drm-next-2021-02-19' of git://anongit.freedesktop.org/drm/drm testing commit d99676af540c2dc829999928fb81c58c80a1dce4 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 86f395c270922aab27b65fbd3327492d96c38666bbbcf77ec2ce50dab77dbaaa run #0: crashed: WARNING in fib6_add run #1: crashed: WARNING in fib6_add run #2: crashed: WARNING in fib6_add run #3: crashed: WARNING in fib6_add run #4: crashed: WARNING in fib6_add run #5: crashed: WARNING in fib6_add run #6: boot failed: WARNING in kvm_wait run #7: boot failed: WARNING in kvm_wait run #8: boot failed: WARNING in kvm_wait run #9: boot failed: WARNING in kvm_wait # git bisect bad d99676af540c2dc829999928fb81c58c80a1dce4 Bisecting: 3717 revisions left to test after this (roughly 12 steps) [f9d58de23152f2c16f326d7e014cfa2933b00304] Merge tag 'affs-for-5.12-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux testing commit f9d58de23152f2c16f326d7e014cfa2933b00304 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 0ac97ea863701f2145f4e9fa660f8e2173b23d67dbd21273a7a0e51f8801b427 all runs: crashed: WARNING in fib6_add # git bisect bad f9d58de23152f2c16f326d7e014cfa2933b00304 Bisecting: 1819 revisions left to test after this (roughly 11 steps) [b8af417e4d93caeefb89bbfbd56ec95dedd8dab5] Merge git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next testing commit b8af417e4d93caeefb89bbfbd56ec95dedd8dab5 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: decd00865759e181b33def588f3de1125e2a6b45434d36c473d6c8dcea8d89cf all runs: crashed: WARNING in fib6_add # git bisect bad b8af417e4d93caeefb89bbfbd56ec95dedd8dab5 Bisecting: 911 revisions left to test after this (roughly 10 steps) [4d469ec8ec05e1fa4792415de1a95b28871ff2fa] Merge branch '1GbE' of git://git.kernel.org/pub/scm/linux/kernel/git/tnguy/next-queue testing commit 4d469ec8ec05e1fa4792415de1a95b28871ff2fa gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 25eea6422b36ff125abe345802fe3c7d0f947699ea8c8165f35b7c81dd3c44f4 all runs: crashed: WARNING in fib6_add # git bisect bad 4d469ec8ec05e1fa4792415de1a95b28871ff2fa Bisecting: 458 revisions left to test after this (roughly 9 steps) [05fcc25662a3bbfc5daa9247132b2d8535053883] cxgb4: remove bogus CHELSIO_VPD_UNIQUE_ID constant testing commit 05fcc25662a3bbfc5daa9247132b2d8535053883 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 745a78b2b7c1ea842c91e828378905ebad2409bede6867ce52af05811954be19 all runs: OK too many neither good nor bad results, skipping this commit # git bisect good 05fcc25662a3bbfc5daa9247132b2d8535053883 Bisecting: 229 revisions left to test after this (roughly 8 steps) [a6fbbaa64c3b0e744e7e421a13658a7441f5a9f3] nexthop: Strongly-type context of rtm_dump_nexthop() testing commit a6fbbaa64c3b0e744e7e421a13658a7441f5a9f3 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: e359fcf0a1267ae700251c7c8255dbc51507432562a46d3b1ae716700370a82b all runs: OK too many neither good nor bad results, skipping this commit # git bisect good a6fbbaa64c3b0e744e7e421a13658a7441f5a9f3 Bisecting: 114 revisions left to test after this (roughly 7 steps) [6208fd822a2c656461d2f2dc29a309d379ab5850] selftests: mptcp: add testcases for newly added addresses testing commit 6208fd822a2c656461d2f2dc29a309d379ab5850 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 60877c623855de556c6c6b87b8f4c51a3b72edb4aafeeb6fb3ba39fdc8f28bcc all runs: crashed: WARNING in fib6_add # git bisect bad 6208fd822a2c656461d2f2dc29a309d379ab5850 Bisecting: 57 revisions left to test after this (roughly 6 steps) [4e146def5855bea30ab14d2a27c13be90b7cd2d1] Merge branch 'net-bridge-drop-hosts-limit-sysfs-and-add-a-comment' testing commit 4e146def5855bea30ab14d2a27c13be90b7cd2d1 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 8fef86a2f449c6d21cbb14efa0dd24cd6c251d0620c8416ef1265360e8bd964f all runs: OK too many neither good nor bad results, skipping this commit # git bisect good 4e146def5855bea30ab14d2a27c13be90b7cd2d1 Bisecting: 28 revisions left to test after this (roughly 5 steps) [1999ad32d4ff00581007543adffc465694b2e77b] net: usb: rtl8150: use new tasklet API testing commit 1999ad32d4ff00581007543adffc465694b2e77b gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 6a590fa2badaf7ff4e30d4af44a888419fa3dce2e7bed92a8640244392ec94b8 all runs: OK too many neither good nor bad results, skipping this commit # git bisect good 1999ad32d4ff00581007543adffc465694b2e77b Bisecting: 14 revisions left to test after this (roughly 4 steps) [085547891de548491d8b9af22c8fbc9487c79055] net: ipv4: Pass fib_rt_info as const to fib_dump_info() testing commit 085547891de548491d8b9af22c8fbc9487c79055 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 9767665bfa13fb60314ad1b9012ba0c3ac8b2c92ba444b2ef39333acfca20d3e all runs: crashed: WARNING in fib6_add # git bisect bad 085547891de548491d8b9af22c8fbc9487c79055 Bisecting: 6 revisions left to test after this (roughly 3 steps) [bd1ea1e46448992a4a3dfb6e6e2c410ca069a41c] net: ipa: kill gsi_channel_freeze() and gsi_channel_thaw() testing commit bd1ea1e46448992a4a3dfb6e6e2c410ca069a41c gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 578520d2206917df41bb6883d0ac863665180ef876112ab0ad4eb94ab95149af all runs: OK too many neither good nor bad results, skipping this commit # git bisect good bd1ea1e46448992a4a3dfb6e6e2c410ca069a41c Bisecting: 3 revisions left to test after this (roughly 2 steps) [e63169208b25f1aaf3b6dc47a1df986d260efc3f] net: ipa: expand last transaction check testing commit e63169208b25f1aaf3b6dc47a1df986d260efc3f gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 578520d2206917df41bb6883d0ac863665180ef876112ab0ad4eb94ab95149af all runs: OK too many neither good nor bad results, skipping this commit # git bisect good e63169208b25f1aaf3b6dc47a1df986d260efc3f Bisecting: 1 revision left to test after this (roughly 1 step) [9e635a21cae0650a8d1ba200888bd09a51ac4847] netdevsim: fib: Convert the current occupancy to an atomic variable testing commit 9e635a21cae0650a8d1ba200888bd09a51ac4847 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 8c5dd7b14be33b45b321f791a3a6c94026ca3641ddfc748e3fc4c331c5006c49 all runs: OK too many neither good nor bad results, skipping this commit # git bisect good 9e635a21cae0650a8d1ba200888bd09a51ac4847 Bisecting: 0 revisions left to test after this (roughly 0 steps) [0ae3eb7b4611207e140e9772398b9f88b72d6839] netdevsim: fib: Perform the route programming in a non-atomic context testing commit 0ae3eb7b4611207e140e9772398b9f88b72d6839 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 9767665bfa13fb60314ad1b9012ba0c3ac8b2c92ba444b2ef39333acfca20d3e all runs: crashed: WARNING in fib6_add # git bisect bad 0ae3eb7b4611207e140e9772398b9f88b72d6839 0ae3eb7b4611207e140e9772398b9f88b72d6839 is the first bad commit commit 0ae3eb7b4611207e140e9772398b9f88b72d6839 Author: Amit Cohen Date: Mon Feb 1 21:47:49 2021 +0200 netdevsim: fib: Perform the route programming in a non-atomic context Currently, netdevsim implements dummy FIB offload and marks notified routes with RTM_F_TRAP flag. netdevsim does not defer route notifications to a work queue because it does not need to program any hardware. Given that netdevsim's purpose is to both give an example implementation and allow developers to test their code, align netdevsim to a "real" hardware device driver like mlxsw and have it also perform the route "programming" in a non-atomic context. It will be used to test route flags notifications which will be added in the next patches. The following changes are needed when route handling is performed in WQ: - Handle the accounting in the main context, to be able to return an error for adding route when all the routes are used. For FIB_EVENT_ENTRY_REPLACE increase the counter before scheduling the delayed work, and in case that this event replaces an existing route, decrease the counter as part of the delayed work. - For IPv6, cannot use fen6_info->rt->fib6_siblings list because it might be changed during handling the delayed work. Save an array with the nexthops as part of fib6_event struct, and take a reference for each nexthop to prevent them from being freed while event is queued. - Change GFP_ATOMIC allocations to GFP_KERNEL. - Use single work item that is handling a list of ordered routes. Handling routes must be processed in the order they were submitted to avoid logical errors that could lead to unexpected failures. Signed-off-by: Amit Cohen Signed-off-by: Ido Schimmel Acked-by: David Ahern Signed-off-by: Jakub Kicinski drivers/net/netdevsim/fib.c | 467 +++++++++++++++++++++++++++++++------------- 1 file changed, 327 insertions(+), 140 deletions(-) culprit signature: 9767665bfa13fb60314ad1b9012ba0c3ac8b2c92ba444b2ef39333acfca20d3e parent signature: 8c5dd7b14be33b45b321f791a3a6c94026ca3641ddfc748e3fc4c331c5006c49 revisions tested: 27, total time: 8h28m14.461797088s (build: 5h2m33.579910508s, test: 3h16m34.84523802s) first bad commit: 0ae3eb7b4611207e140e9772398b9f88b72d6839 netdevsim: fib: Perform the route programming in a non-atomic context recipients (to): ["amcohen@nvidia.com" "dsahern@kernel.org" "idosch@nvidia.com" "kuba@kernel.org"] recipients (cc): [] crash: WARNING in fib6_add Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f041b3cb168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 00007f041c178f80 RCX: 00007f041c059389 RDX: 0000000020000000 RSI: 000000000000890b RDI: 0000000000000005 RBP: 00007f041b3cb1d0 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 R13: 00007fff87bdd55f R14: 00007f041b3cb300 R15: 0000000000022000 ------------[ cut here ]------------ WARNING: CPU: 1 PID: 5945 at net/ipv6/ip6_fib.c:1504 fib6_find_prefix net/ipv6/ip6_fib.c:1750 [inline] WARNING: CPU: 1 PID: 5945 at net/ipv6/ip6_fib.c:1504 fib6_add+0x2959/0x3580 net/ipv6/ip6_fib.c:1500 Modules linked in: CPU: 1 PID: 5945 Comm: syz-executor.0 Not tainted 5.11.0-rc6-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023 RIP: 0010:fib6_add+0x2959/0x3580 net/ipv6/ip6_fib.c:1504 Code: 00 00 00 fc ff df 48 8d bb 90 0a 00 00 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 d1 08 00 00 48 8b 9b 90 0a 00 00 e9 34 f8 ff ff <0f> 0b 48 b8 00 00 00 00 00 fc ff df 48 8b 54 24 30 48 c1 ea 03 80 RSP: 0018:ffffc90001ad78f0 EFLAGS: 00010246 RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff8737191a RDX: 1ffff1100792e604 RSI: ffff88803c973580 RDI: ffff88803c973020 RBP: ffff88803c9735a0 R08: 0000000000000001 R09: ffff888016b4702f R10: ffffed1002d68e05 R11: 6637303030302052 R12: ffff888016b4702c R13: 0000000000000000 R14: ffff888015f58000 R15: 00000000ffffffff FS: 00007f041b3cb700(0000) GS:ffff8880b9f00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f041b3caff8 CR3: 0000000016ec3000 CR4: 00000000003506e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: __ip6_ins_rt net/ipv6/route.c:1317 [inline] ip6_route_add+0x65/0xf0 net/ipv6/route.c:3745 ipv6_route_ioctl+0x3a3/0x520 net/ipv6/route.c:4365 inet6_ioctl+0x1c2/0x220 net/ipv6/af_inet6.c:561 sock_do_ioctl+0xc6/0x210 net/socket.c:1037 sock_ioctl+0x3bf/0x570 net/socket.c:1177 vfs_ioctl fs/ioctl.c:48 [inline] __do_sys_ioctl fs/ioctl.c:753 [inline] __se_sys_ioctl fs/ioctl.c:739 [inline] __x64_sys_ioctl+0x11f/0x190 fs/ioctl.c:739 do_syscall_64+0x2d/0x40 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x44/0xa9 RIP: 0033:0x7f041c059389 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f041b3cb168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 00007f041c178f80 RCX: 00007f041c059389 RDX: 0000000020000000 RSI: 000000000000890b RDI: 0000000000000005 RBP: 00007f041b3cb1d0 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 R13: 00007fff87bdd55f R14: 00007f041b3cb300 R15: 0000000000022000 ---------------- Code disassembly (best guess): 0: 28 00 sub %al,(%rax) 2: 00 00 add %al,(%rax) 4: 75 05 jne 0xb 6: 48 83 c4 28 add $0x28,%rsp a: c3 retq b: e8 f1 19 00 00 callq 0x1a01 10: 90 nop 11: 48 89 f8 mov %rdi,%rax 14: 48 89 f7 mov %rsi,%rdi 17: 48 89 d6 mov %rdx,%rsi 1a: 48 89 ca mov %rcx,%rdx 1d: 4d 89 c2 mov %r8,%r10 20: 4d 89 c8 mov %r9,%r8 23: 4c 8b 4c 24 08 mov 0x8(%rsp),%r9 28: 0f 05 syscall * 2a: 48 3d 01 f0 ff ff cmp $0xfffffffffffff001,%rax <-- trapping instruction 30: 73 01 jae 0x33 32: c3 retq 33: 48 c7 c1 b8 ff ff ff mov $0xffffffffffffffb8,%rcx 3a: f7 d8 neg %eax 3c: 64 89 01 mov %eax,%fs:(%rcx) 3f: 48 rex.W