bisecting cause commit starting from 9791581c049c10929e97098374dd1716a81fefcc building syzkaller on d4f4eca56fbea6f58a4d5adfd19cb5e0dc32fe46 testing commit 9791581c049c10929e97098374dd1716a81fefcc with gcc (GCC) 8.1.0 kernel signature: 307e2ba09808cba460d90da88a66596c2b13c41306e816ba28928fabbfbc5b32 run #0: crashed: UBSAN: array-index-out-of-bounds in decode_data run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK reproducer seems to be flaky testing release v5.10 testing commit 2c85ebc57b3e1817b6ce1a6b703928e113a90442 with gcc (GCC) 8.1.0 kernel signature: a6dcebde7ec3618aa6b1fe94dc202f1265d8ed6df359cfa261b0e83cf088f6fb run #0: crashed: UBSAN: array-index-out-of-bounds in decode_data run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK testing release v5.9 testing commit bbf5c979011a099af5dc76498918ed7df445635b with gcc (GCC) 8.1.0 kernel signature: ef97f4b1c9aadc15d5d08194614df265ffa6b70460375c3b183f83c91cae6b82 run #0: crashed: UBSAN: array-index-out-of-bounds in decode_data run #1: crashed: UBSAN: array-index-out-of-bounds in decode_data run #2: crashed: UBSAN: array-index-out-of-bounds in decode_data run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK testing release v5.8 testing commit bcf876870b95592b52519ed4aafcf9d95999bc9c with gcc (GCC) 8.1.0 kernel signature: a74e1692b6504a79aa8abf61db7944106c8cda6b6a7d32fde10813c5858dae31 run #0: crashed: UBSAN: array-index-out-of-bounds in decode_data run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: boot failed: can't ssh into the instance testing release v5.7 testing commit 3d77e6a8804abcc0504c904bd6e5cdf3a5cf8162 with gcc (GCC) 8.1.0 kernel signature: b57688bead98a8f853deec5f97bfa4fb6d06b2736a38550270b5672ec0be529d run #0: crashed: UBSAN: array-index-out-of-bounds in decode_data run #1: crashed: UBSAN: array-index-out-of-bounds in decode_data run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK testing release v5.6 testing commit 7111951b8d4973bda27ff663f2cf18b663d15b48 with gcc (GCC) 8.1.0 kernel signature: 1b9d4a661798b9f83b487babd8e0ba4e13a5c9f9348cb9c1377b10fc75bcdc86 run #0: crashed: UBSAN: undefined-behaviour in decode_data run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK testing release v5.5 testing commit d5226fa6dbae0569ee43ecfc08bdcd6770fc4755 with gcc (GCC) 8.1.0 kernel signature: 5adf689ae41737c6bed64ac8d1fdd13aeb83722128b75d4709a3f276374b1370 run #0: crashed: UBSAN: undefined-behaviour in decode_data run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK testing release v5.4 testing commit 219d54332a09e8d8741c1e1982f5eae56099de85 with gcc (GCC) 8.1.0 kernel signature: 73b121f4610ee7d1848d991916775ff7d4801776586c6428cafcd2edb7883fa1 run #0: crashed: UBSAN: undefined-behaviour in decode_data run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK testing release v5.3 testing commit 4d856f72c10ecb060868ed10ff1b1453943fc6c8 with gcc (GCC) 8.1.0 kernel signature: f5759490c651061be6671183290f74a7604d153f1d01df37de8acf447f339ae4 run #0: crashed: UBSAN: undefined-behaviour in decode_data run #1: crashed: UBSAN: undefined-behaviour in decode_data run #2: crashed: UBSAN: undefined-behaviour in decode_data run #3: crashed: UBSAN: undefined-behaviour in decode_data run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK testing release v5.2 testing commit 0ecfebd2b52404ae0c54a878c872bb93363ada36 with gcc (GCC) 8.1.0 kernel signature: c63fb71eac254130e1ac2070ea2459e720ba7dee5b8f930d57fb40edc116c961 all runs: OK # git bisect start 4d856f72c10ecb060868ed10ff1b1453943fc6c8 0ecfebd2b52404ae0c54a878c872bb93363ada36 Bisecting: 7848 revisions left to test after this (roughly 13 steps) [43c95d3694cc448fdf50bd53b7ff3a5bb4655883] Merge tag 'pinctrl-v5.3-1' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl testing commit 43c95d3694cc448fdf50bd53b7ff3a5bb4655883 with gcc (GCC) 8.1.0 kernel signature: e508cd0241c1cbf4d0b94fa268daca1bb999ba4becfe45346e2d4f93a254a228 all runs: OK # git bisect good 43c95d3694cc448fdf50bd53b7ff3a5bb4655883 Bisecting: 3922 revisions left to test after this (roughly 12 steps) [0e2a5b5bd9a6aaec85df347dd71432a1d2d10763] Merge branch 'parisc-5.3-2' of git://git.kernel.org/pub/scm/linux/kernel/git/deller/parisc-linux testing commit 0e2a5b5bd9a6aaec85df347dd71432a1d2d10763 with gcc (GCC) 8.1.0 kernel signature: 922f43ffa4d6321377cd6e53ece74109b1a308498571e079cd02e0709198d623 all runs: OK # git bisect good 0e2a5b5bd9a6aaec85df347dd71432a1d2d10763 Bisecting: 1961 revisions left to test after this (roughly 11 steps) [12a6d2940b5f02b4b9f71ce098e3bb02bc24a9ea] perf record: Fix module size on s390 testing commit 12a6d2940b5f02b4b9f71ce098e3bb02bc24a9ea with gcc (GCC) 8.1.0 kernel signature: 73c379eaea99bdc51310661b6d3832d5a83d34af485827c3f68959cc621d6783 all runs: OK # git bisect good 12a6d2940b5f02b4b9f71ce098e3bb02bc24a9ea Bisecting: 984 revisions left to test after this (roughly 10 steps) [85d8d3b172eb37b23dcdbe9fa7a85e343642bfea] Merge tag 'hyperv-fixes-signed' of git://git.kernel.org/pub/scm/linux/kernel/git/hyperv/linux testing commit 85d8d3b172eb37b23dcdbe9fa7a85e343642bfea with gcc (GCC) 8.1.0 kernel signature: 5dda79b63d0edae3922eb29110c6a629215583663441a4c92c5a6493413a4413 all runs: OK # git bisect good 85d8d3b172eb37b23dcdbe9fa7a85e343642bfea Bisecting: 496 revisions left to test after this (roughly 9 steps) [6525771f58cbc6ab97b5cff9069865cde8283346] Merge tag 'arc-5.3-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/vgupta/arc testing commit 6525771f58cbc6ab97b5cff9069865cde8283346 with gcc (GCC) 8.1.0 kernel signature: 6217ec32e88466624cec0d49418ef6748abe9c22e77ff122d7697dee8c0d94ae all runs: OK # git bisect good 6525771f58cbc6ab97b5cff9069865cde8283346 Bisecting: 251 revisions left to test after this (roughly 8 steps) [345464fb760d1b772e891538b498e111c588b692] Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net testing commit 345464fb760d1b772e891538b498e111c588b692 with gcc (GCC) 8.1.0 kernel signature: a4927b8b9b506a981c8473a74d3a23616c052333c5186dc393237152be241ed1 all runs: OK # git bisect good 345464fb760d1b772e891538b498e111c588b692 Bisecting: 126 revisions left to test after this (roughly 7 steps) [840ce8f8073edb3ff3d2c2c7a6ef211f4176961c] Merge tag 'pinctrl-v5.3-3' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl testing commit 840ce8f8073edb3ff3d2c2c7a6ef211f4176961c with gcc (GCC) 8.1.0 kernel signature: 33c25f3563a30ef1f462a2a6033730198e87b86f9a2eca35612e4540bf13663d all runs: OK # git bisect good 840ce8f8073edb3ff3d2c2c7a6ef211f4176961c Bisecting: 63 revisions left to test after this (roughly 6 steps) [c3dc1fa72249e4472b90ecef4dbafe25f0f07889] net: hns3: fix spelling mistake "undeflow" -> "underflow" testing commit c3dc1fa72249e4472b90ecef4dbafe25f0f07889 with gcc (GCC) 8.1.0 kernel signature: 686be0afda10bff791512f8ce454f8fccb3706392d586cc0bee00395d46b31ca all runs: OK # git bisect good c3dc1fa72249e4472b90ecef4dbafe25f0f07889 Bisecting: 30 revisions left to test after this (roughly 5 steps) [1c4c5e2528af0c803fb1171632074f4070229a75] Merge tag 'mmc-v5.3-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmc testing commit 1c4c5e2528af0c803fb1171632074f4070229a75 with gcc (GCC) 8.1.0 kernel signature: 1187feb1d07a4434aababaf0af6c470efc8ac8aa62ee135ce559cd7e11309fc2 all runs: OK # git bisect good 1c4c5e2528af0c803fb1171632074f4070229a75 Bisecting: 14 revisions left to test after this (roughly 4 steps) [ae3b06ed55b1554e9a91bf959c6b0b5e212e7f4d] Merge branch 'sctp_do_bind-leak' testing commit ae3b06ed55b1554e9a91bf959c6b0b5e212e7f4d with gcc (GCC) 8.1.0 kernel signature: 4055544d8f5350f4a813ff05ff37e0301887d93f139ed71fb76a3719d71f462d all runs: OK # git bisect good ae3b06ed55b1554e9a91bf959c6b0b5e212e7f4d Bisecting: 8 revisions left to test after this (roughly 3 steps) [a9c20bb0206ae9384bd470a6832dd8913730add9] Merge tag 'kvm-s390-master-5.3-1' of git://git.kernel.org/pub/scm/linux/kernel/git/kvms390/linux into kvm-master testing commit a9c20bb0206ae9384bd470a6832dd8913730add9 with gcc (GCC) 8.1.0 kernel signature: 3e47e67e8417a67802b6760625b50613405ab219544b69f0bfee0c80d6ba54f0 all runs: OK # git bisect good a9c20bb0206ae9384bd470a6832dd8913730add9 Bisecting: 4 revisions left to test after this (roughly 2 steps) [b03c036e6f96340dd311817c7b964dad183c4141] Merge tag 'riscv/for-v5.3' of git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux testing commit b03c036e6f96340dd311817c7b964dad183c4141 with gcc (GCC) 8.1.0 kernel signature: 73f3f43a2aec5b0419e376d62ad6b58eb240165e13181930675de75ed6de7c56 all runs: OK # git bisect good b03c036e6f96340dd311817c7b964dad183c4141 Bisecting: 2 revisions left to test after this (roughly 1 step) [1f9c632cde0c3d781463a88ce430a8dd4a7c1a0e] Merge tag 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mst/vhost testing commit 1f9c632cde0c3d781463a88ce430a8dd4a7c1a0e with gcc (GCC) 8.1.0 kernel signature: 534f953fb2c3701b845244b3ed89e760c8a915366d2b2a6f4b7135a7e93d7f94 all runs: OK # git bisect good 1f9c632cde0c3d781463a88ce430a8dd4a7c1a0e Bisecting: 0 revisions left to test after this (roughly 1 step) [72dbcf72156641fde4d8ea401e977341bfd35a05] Revert "ext4: make __ext4_get_inode_loc plug" testing commit 72dbcf72156641fde4d8ea401e977341bfd35a05 with gcc (GCC) 8.1.0 kernel signature: 094264221ada94f649354ff0d60801a4ac717b84c069333f457b3a445107eeaa all runs: OK # git bisect good 72dbcf72156641fde4d8ea401e977341bfd35a05 4d856f72c10ecb060868ed10ff1b1453943fc6c8 is the first bad commit commit 4d856f72c10ecb060868ed10ff1b1453943fc6c8 Author: Linus Torvalds Date: Sun Sep 15 14:19:32 2019 -0700 Linux 5.3 Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) culprit signature: f5759490c651061be6671183290f74a7604d153f1d01df37de8acf447f339ae4 parent signature: 094264221ada94f649354ff0d60801a4ac717b84c069333f457b3a445107eeaa Reproducer flagged being flaky revisions tested: 24, total time: 5h39m59.492561367s (build: 2h8m54.186816435s, test: 3h28m19.950576216s) first bad commit: 4d856f72c10ecb060868ed10ff1b1453943fc6c8 Linux 5.3 recipients (to): ["linux-kbuild@vger.kernel.org" "michal.lkml@markovi.net" "torvalds@linux-foundation.org" "yamada.masahiro@socionext.com"] recipients (cc): ["linux-kernel@vger.kernel.org"] crash: UBSAN: undefined-behaviour in decode_data ================================================================================ UBSAN: Undefined behaviour in drivers/net/hamradio/6pack.c:845:16 index 400 is out of range for type 'unsigned char [400]' CPU: 0 PID: 1358 Comm: kworker/u4:3 Not tainted 5.3.0-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: events_unbound flush_to_ldisc Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x86/0xca lib/dump_stack.c:113 ubsan_epilogue+0xd/0x3a lib/ubsan.c:158 __ubsan_handle_out_of_bounds+0x70/0x80 lib/ubsan.c:365 decode_data+0x338/0x390 drivers/net/hamradio/6pack.c:845 sixpack_decode drivers/net/hamradio/6pack.c:968 [inline] sixpack_receive_buf+0x778/0x1056 drivers/net/hamradio/6pack.c:458 tty_ldisc_receive_buf+0xff/0x1b0 drivers/tty/tty_buffer.c:465 tty_port_default_receive_buf+0x5f/0x90 drivers/tty/tty_port.c:38 receive_buf drivers/tty/tty_buffer.c:481 [inline] flush_to_ldisc+0x1aa/0x3a0 drivers/tty/tty_buffer.c:533 process_one_work+0x7d4/0x1630 kernel/workqueue.c:2269 worker_thread+0x85/0xb60 kernel/workqueue.c:2415 kthread+0x331/0x3f0 kernel/kthread.c:255 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:352 ================================================================================ ================================================================================ UBSAN: Undefined behaviour in drivers/net/hamradio/6pack.c:847:16 index 401 is out of range for type 'unsigned char [400]' CPU: 0 PID: 1358 Comm: kworker/u4:3 Not tainted 5.3.0-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: events_unbound flush_to_ldisc Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x86/0xca lib/dump_stack.c:113 ubsan_epilogue+0xd/0x3a lib/ubsan.c:158 __ubsan_handle_out_of_bounds+0x70/0x80 lib/ubsan.c:365 decode_data+0x36c/0x390 drivers/net/hamradio/6pack.c:847 sixpack_decode drivers/net/hamradio/6pack.c:968 [inline] sixpack_receive_buf+0x778/0x1056 drivers/net/hamradio/6pack.c:458 tty_ldisc_receive_buf+0xff/0x1b0 drivers/tty/tty_buffer.c:465 tty_port_default_receive_buf+0x5f/0x90 drivers/tty/tty_port.c:38 receive_buf drivers/tty/tty_buffer.c:481 [inline] flush_to_ldisc+0x1aa/0x3a0 drivers/tty/tty_buffer.c:533 process_one_work+0x7d4/0x1630 kernel/workqueue.c:2269 worker_thread+0x85/0xb60 kernel/workqueue.c:2415 kthread+0x331/0x3f0 kernel/kthread.c:255 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:352 ================================================================================ ================================================================================ UBSAN: Undefined behaviour in drivers/net/hamradio/6pack.c:843:16 index 402 is out of range for type 'unsigned char [400]' CPU: 0 PID: 1358 Comm: kworker/u4:3 Not tainted 5.3.0-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: events_unbound flush_to_ldisc Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x86/0xca lib/dump_stack.c:113 ubsan_epilogue+0xd/0x3a lib/ubsan.c:158 __ubsan_handle_out_of_bounds+0x70/0x80 lib/ubsan.c:365 decode_data+0x2f4/0x390 drivers/net/hamradio/6pack.c:843 sixpack_decode drivers/net/hamradio/6pack.c:968 [inline] sixpack_receive_buf+0x778/0x1056 drivers/net/hamradio/6pack.c:458 tty_ldisc_receive_buf+0xff/0x1b0 drivers/tty/tty_buffer.c:465 tty_port_default_receive_buf+0x5f/0x90 drivers/tty/tty_port.c:38 receive_buf drivers/tty/tty_buffer.c:481 [inline] flush_to_ldisc+0x1aa/0x3a0 drivers/tty/tty_buffer.c:533 process_one_work+0x7d4/0x1630 kernel/workqueue.c:2269 worker_thread+0x85/0xb60 kernel/workqueue.c:2415 kthread+0x331/0x3f0 kernel/kthread.c:255 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:352 ================================================================================