ci2 starts bisection 2023-08-09 18:05:17.140484465 +0000 UTC m=+141.991051939 bisecting fixing commit since 471e639e59d128f4bf58000a118b2ceca3893f98 building syzkaller on f3921d4d63f97d1f1fb49a69ea85744bb7ef184b ensuring issue is reproducible on original commit 471e639e59d128f4bf58000a118b2ceca3893f98 testing commit 471e639e59d128f4bf58000a118b2ceca3893f98 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: a06f2610ed76764b012f3f84248cbb08e5df1cca98677d4c318fb1268828fb63 all runs: crashed: WARNING in nilfs_btree_assign representative crash: WARNING in nilfs_btree_assign, types: [WARNING] check whether we can drop unnecessary instrumentation disabling configs for [KASAN LOCKDEP ATOMIC_SLEEP HANG LEAK UBSAN], they are not needed testing commit 471e639e59d128f4bf58000a118b2ceca3893f98 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 8b3145702bfc8727540450e6b6ed09d985fce91e2259decd9a5cf66903420245 all runs: OK false negative chance: 0.000 kconfig minimization: base=3703 full=7270 leaves diff=1988 split chunks (needed=false): <1988> split chunk #0 of len 1988 into 5 parts testing without sub-chunk 1/5 testing commit 471e639e59d128f4bf58000a118b2ceca3893f98 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 3138a745baf566677ddcdb19eec1f2fe6c7309a6858cae6ecb9bc49c05491170 all runs: crashed: WARNING in nilfs_btree_assign representative crash: WARNING in nilfs_btree_assign, types: [WARNING] the chunk can be dropped testing without sub-chunk 2/5 testing commit 471e639e59d128f4bf58000a118b2ceca3893f98 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 1036cf053439416b6aaf17fbcf59a331b35dd8c5fbaa72d3c1cc14ab02e88e72 all runs: crashed: WARNING in nilfs_btree_assign representative crash: WARNING in nilfs_btree_assign, types: [WARNING] the chunk can be dropped testing without sub-chunk 3/5 testing commit 471e639e59d128f4bf58000a118b2ceca3893f98 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: f9f71ec040500abc897f2c391f8d793d9231b505d8e4617eb0c088b157a02ff5 all runs: OK false negative chance: 0.000 testing without sub-chunk 4/5 testing commit 471e639e59d128f4bf58000a118b2ceca3893f98 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 44f9b575ed23c2f32a52133d2aa8f4524ec7973c3f73b0c4c2d0ba175e3b6d30 run #0: crashed: WARNING in nilfs_btree_assign run #1: crashed: WARNING in nilfs_btree_assign run #2: crashed: WARNING in nilfs_btree_assign run #3: crashed: WARNING in nilfs_btree_assign run #4: crashed: WARNING in nilfs_btree_assign run #5: crashed: WARNING in nilfs_btree_assign run #6: OK run #7: OK run #8: OK run #9: OK representative crash: WARNING in nilfs_btree_assign, types: [WARNING] the chunk can be dropped testing without sub-chunk 5/5 testing commit 471e639e59d128f4bf58000a118b2ceca3893f98 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: b7ca3fea393f40b90441dd3df241788ce76b7c02394f43317d6bdc3854fae940 run #0: crashed: WARNING in nilfs_btree_assign run #1: crashed: WARNING in nilfs_btree_assign run #2: crashed: WARNING in nilfs_btree_assign run #3: crashed: WARNING in nilfs_btree_assign run #4: crashed: WARNING in nilfs_btree_assign run #5: crashed: WARNING in nilfs_btree_assign run #6: crashed: WARNING in nilfs_btree_assign run #7: crashed: WARNING in nilfs_btree_assign run #8: crashed: WARNING in nilfs_btree_assign run #9: OK representative crash: WARNING in nilfs_btree_assign, types: [WARNING] the chunk can be dropped minimized to 398 configs; suspects: [ATM AX25 BRIDGE BRIDGE_NETFILTER CAN CFG80211 CHECKPOINT_RESTORE DVB_CORE FB FSCACHE HAMRADIO HSR INFINIBAND INFINIBAND_ADDR_TRANS INFINIBAND_USER_ACCESS INPUT_JOYSTICK INPUT_MOUSE IP6_NF_RAW IPV6_MULTIPLE_TABLES IP_NF_RAW IP_SET IP_VS ISDN ISDN_CAPI_MIDDLEWARE JFFS2_CMODE_PRIORITY JFFS2_COMPRESSION_OPTIONS JFFS2_FS JFFS2_FS_POSIX_ACL JFFS2_FS_SECURITY JFFS2_FS_WRITEBUFFER JFFS2_FS_XATTR JFFS2_LZO JFFS2_RTIME JFFS2_RUBIN JFFS2_SUMMARY JFFS2_ZLIB JFS_DEBUG JFS_FS JFS_POSIX_ACL JFS_SECURITY JOYSTICK_IFORCE JOYSTICK_IFORCE_USB JOYSTICK_XPAD JOYSTICK_XPAD_FF JOYSTICK_XPAD_LEDS KARMA_PARTITION KCOV KCOV_ENABLE_COMPARISONS KCOV_INSTRUMENT_ALL KEYS_REQUEST_CACHE KEY_DH_OPERATIONS KEY_NOTIFICATIONS KSM KVM KVM_AMD KVM_ASYNC_PF KVM_COMPAT KVM_GENERIC_DIRTYLOG_READ_PROTECT KVM_INTEL KVM_MMIO KVM_VFIO KVM_XEN KVM_XFER_TO_GUEST_WORK L2TP L2TP_ETH L2TP_IP L2TP_V3 LAPB LAPBETHER LDM_PARTITION LEDS_TRIGGER_AUDIO LEGACY_PTYS LIBNVDIMM LINEAR_RANGES LLC LLC2 LOGIG940_FF LOGIRUMBLEPAD2_FF LOGO LOGO_LINUX_MONO LOGO_LINUX_VGA16 LPC_ICH LWTUNNEL LWTUNNEL_BPF LZ4HC_COMPRESS LZ4_COMPRESS MAC80211 MAC80211_DEBUGFS MAC80211_HAS_RC MAC80211_HWSIM MAC80211_MESH MAC80211_RC_DEFAULT_MINSTREL MAC80211_RC_MINSTREL MACSEC MACVLAN MACVTAP MAC_PARTITION MAPPING_DIRTY_HELPERS MD_LINEAR MD_MULTIPATH MD_RAID0 MD_RAID1 MD_RAID10 MD_RAID456 MEDIA_ANALOG_TV_SUPPORT MEDIA_ATTACH MEDIA_CONTROLLER MEDIA_CONTROLLER_DVB MEDIA_CONTROLLER_REQUEST_API MEDIA_DIGITAL_TV_SUPPORT MEDIA_RADIO_SUPPORT MEDIA_SDR_SUPPORT MEDIA_SUPPORT MEDIA_SUPPORT_FILTER MEDIA_TUNER MEDIA_TUNER_MSI001 MEDIA_TUNER_XC2028 MEDIA_TUNER_XC5000 MEMORY_BALLOON MEMORY_HOTPLUG MEMORY_HOTPLUG_DEFAULT_ONLINE MEMORY_ISOLATION MEMREGION MEMSTICK MEMSTICK_REALTEK_USB MEM_SOFT_DIRTY MFD_CORE MFD_SYSCON MHI_BUS MHI_WWAN_CTRL MHP_MEMMAP_ON_MEMORY MICROCHIP_PHY MINIX_FS MINIX_SUBPARTITION MISC_RTSX MISC_RTSX_USB MISDN MISDN_DSP MISDN_HFCUSB MISDN_L1OIP MKISS MLX4_CORE MLX4_INFINIBAND MMC MMC_REALTEK_USB MMC_USHC MMC_VUB300 MMU_NOTIFIER MODULE_SRCVERSION_ALL MODVERSIONS MOST MOUSE_APPLETOUCH MOUSE_BCM5974 MOUSE_PS2 MOUSE_PS2_ALPS MOUSE_PS2_BYD MOUSE_PS2_CYPRESS MOUSE_PS2_FOCALTECH MOUSE_PS2_LIFEBOOK MOUSE_PS2_LOGIPS2PP MOUSE_PS2_SMBUS MOUSE_PS2_SYNAPTICS MOUSE_PS2_SYNAPTICS_SMBUS MOUSE_PS2_TRACKPOINT MOUSE_SYNAPTICS_USB MPLS MPLS_IPTUNNEL MPLS_ROUTING MPTCP MPTCP_IPV6 MRP MTD MTD_BLKDEVS MTD_BLOCK MTD_BLOCK2MTD MTD_CFI_I1 MTD_CFI_I2 MTD_MAP_BANK_WIDTH_1 MTD_MAP_BANK_WIDTH_2 MTD_MAP_BANK_WIDTH_4 MTD_MTDRAM MTD_PHRAM MTD_SLRAM MUSB_PIO_ONLY ND_BLK ND_BTT ND_CLAIM ND_PFN NETDEVSIM NETFILTER_ADVANCED NETFILTER_FAMILY_ARP NETFILTER_FAMILY_BRIDGE NETFILTER_NETLINK_ACCT NETFILTER_NETLINK_GLUE_CT NETFILTER_NETLINK_OSF NETFILTER_NETLINK_QUEUE NETFILTER_SYNPROXY NETFILTER_XT_CONNMARK NETFILTER_XT_MATCH_BPF NETFILTER_XT_MATCH_CGROUP NETFILTER_XT_MATCH_CLUSTER NETFILTER_XT_MATCH_COMMENT NETFILTER_XT_MATCH_CONNBYTES NETFILTER_XT_MATCH_CONNLABEL NETFILTER_XT_MATCH_CONNLIMIT NETFILTER_XT_MATCH_CONNMARK NETFILTER_XT_MATCH_CPU NETFILTER_XT_MATCH_DCCP NETFILTER_XT_MATCH_DEVGROUP NETFILTER_XT_MATCH_DSCP NETFILTER_XT_MATCH_ECN NETFILTER_XT_MATCH_ESP NETFILTER_XT_MATCH_HASHLIMIT NETFILTER_XT_MATCH_HELPER NETFILTER_XT_MATCH_HL NETFILTER_XT_MATCH_IPCOMP NETFILTER_XT_MATCH_IPRANGE NETFILTER_XT_MATCH_IPVS NETFILTER_XT_MATCH_L2TP NETFILTER_XT_MATCH_LENGTH NETFILTER_XT_MATCH_LIMIT NETFILTER_XT_MATCH_MAC NETFILTER_XT_MATCH_MARK NETFILTER_XT_MATCH_MULTIPORT NETFILTER_XT_MATCH_NFACCT NETFILTER_XT_MATCH_OSF NETFILTER_XT_MATCH_OWNER NETFILTER_XT_MATCH_PHYSDEV NETFILTER_XT_MATCH_PKTTYPE NETFILTER_XT_MATCH_QUOTA NETFILTER_XT_MATCH_RATEEST NETFILTER_XT_MATCH_REALM NETFILTER_XT_MATCH_RECENT NETFILTER_XT_MATCH_SCTP NETFILTER_XT_MATCH_SOCKET NETFILTER_XT_MATCH_STATISTIC NETFILTER_XT_MATCH_STRING NETFILTER_XT_MATCH_TCPMSS NETFILTER_XT_MATCH_TIME NETFILTER_XT_MATCH_U32 NETFILTER_XT_SET NETFILTER_XT_TARGET_AUDIT NETFILTER_XT_TARGET_CHECKSUM NETFILTER_XT_TARGET_CLASSIFY NETFILTER_XT_TARGET_CONNMARK NETFILTER_XT_TARGET_CT NETFILTER_XT_TARGET_DSCP NETFILTER_XT_TARGET_HL NETFILTER_XT_TARGET_HMARK NETFILTER_XT_TARGET_IDLETIMER NETFILTER_XT_TARGET_LED NETFILTER_XT_TARGET_MARK NETFILTER_XT_TARGET_NETMAP NETFILTER_XT_TARGET_NFQUEUE NETFILTER_XT_TARGET_NOTRACK NETFILTER_XT_TARGET_RATEEST NETFILTER_XT_TARGET_REDIRECT NETFILTER_XT_TARGET_TCPOPTSTRIP NETFILTER_XT_TARGET_TEE NETFILTER_XT_TARGET_TPROXY NETFILTER_XT_TARGET_TRACE NETFS_SUPPORT NETLABEL NETLINK_DIAG NETROM NET_9P_RDMA NET_ACT_BPF NET_ACT_CONNMARK NET_ACT_CSUM NET_ACT_CT NET_ACT_CTINFO NET_ACT_GATE NET_ACT_IFE NET_ACT_IPT NET_ACT_MPLS NET_ACT_NAT NET_ACT_PEDIT NET_ACT_POLICE NET_ACT_SAMPLE NET_ACT_SIMP NET_ACT_SKBEDIT NET_ACT_SKBMOD NET_ACT_TUNNEL_KEY NET_ACT_VLAN NET_CLS_BASIC NET_CLS_BPF NET_CLS_CGROUP NET_CLS_FLOW NET_CLS_FLOWER NET_CLS_FW NET_CLS_MATCHALL NET_CLS_ROUTE4 NET_CLS_RSVP NET_CLS_RSVP6 NET_DEVLINK NET_DROP_MONITOR NET_DSA NET_DSA_TAG_BRCM NET_DSA_TAG_BRCM_COMMON NET_DSA_TAG_BRCM_PREPEND NET_DSA_TAG_MTK NET_DSA_TAG_QCA NET_DSA_TAG_RTL4_A NET_EGRESS NET_EMATCH_CANID NET_EMATCH_CMP NET_EMATCH_IPSET NET_EMATCH_IPT NET_EMATCH_META NET_EMATCH_NBYTE NET_EMATCH_TEXT NET_EMATCH_U32 NET_FC NET_FOU NET_FOU_IP_TUNNELS NET_IFE NET_IFE_SKBMARK NET_IFE_SKBPRIO NET_IFE_SKBTCINDEX NET_IPGRE NET_IPGRE_BROADCAST NET_IPGRE_DEMUX NET_IPIP NET_IPVTI NET_KEY NET_KEY_MIGRATE NET_L3_MASTER_DEV NET_MPLS_GSO NET_NCSI NET_NSH NET_REDIRECT NET_SCH_ATM NET_SCH_CAKE NET_SCH_CBQ NET_SCH_CBS NET_SCH_CHOKE NET_SCH_CODEL NET_SCH_DRR NET_SCH_DSMARK NET_SCH_ETF NET_SCH_ETS NET_SCH_FQ NET_SCH_FQ_CODEL NET_SCH_FQ_PIE NET_SCH_GRED NET_SCH_HFSC NET_SCH_HHF NET_SCH_HTB NET_SCH_INGRESS NET_SCH_MQPRIO NET_SCH_MULTIQ NET_SCH_NETEM NET_SCH_PIE NET_SCH_PLUG NET_SCH_PRIO NET_SCH_QFQ NET_SCH_RED NET_SCH_SFB NET_SCH_SFQ NET_SCH_SKBPRIO NET_SCH_TAPRIO NET_SCH_TBF NET_SCH_TEQL NET_SOCK_MSG NET_SWITCHDEV NET_TC_SKB_EXT NET_TEAM NET_TEAM_MODE_ACTIVEBACKUP NET_TEAM_MODE_BROADCAST NET_TEAM_MODE_LOADBALANCE NET_TEAM_MODE_RANDOM NET_TEAM_MODE_ROUNDROBIN NET_UDP_TUNNEL NET_VRF NFC NFC_DIGITAL NFC_FDP NFC_HCI NFC_MRVL NFC_MRVL_USB NFC_NCI NFC_NCI_UART NFC_PN533 NFC_PN533_USB NFC_PORT100 NFC_SHDLC NFC_SIM NFC_VIRTUAL_NCI NFSD NFSD_BLOCKLAYOUT NFSD_FLEXFILELAYOUT NFSD_PNFS NFSD_SCSILAYOUT NFSD_V2_ACL NFSD_V3 NFSD_V3_ACL NFSD_V4 NFSD_V4_2_INTER_SSC NFSD_V4_SECURITY_LABEL NFS_FSCACHE NFS_V4_1 NFS_V4_2 NFS_V4_2_READ_PLUS NFS_V4_2_SSC_HELPER NFS_V4_SECURITY_LABEL NFT_BRIDGE_META NFT_BRIDGE_REJECT NFT_COMPAT NFT_CONNLIMIT NFT_COUNTER NFT_CT NFT_DUP_IPV4 NFT_DUP_IPV6 NFT_DUP_NETDEV NFT_FIB NFT_FIB_INET NFT_FIB_IPV4 NFT_FIB_IPV6 NFT_FIB_NETDEV NFT_FLOW_OFFLOAD NFT_HASH NFT_LIMIT NFT_LOG NFT_MASQ NFT_NAT NFT_NUMGEN NFT_OBJREF NFT_OSF NFT_QUEUE NFT_QUOTA NFT_REDIR NFT_REJECT NFT_REJECT_INET NFT_REJECT_IPV4 NFT_REJECT_IPV6 NFT_REJECT_NETDEV NFT_SOCKET NFT_SYNPROXY NFT_TPROXY NFT_TUNNEL NFT_XFRM NF_CONNTRACK_AMANDA NF_CONNTRACK_BRIDGE NF_CONNTRACK_BROADCAST NF_CONNTRACK_EVENTS NF_CONNTRACK_H323 NF_CONNTRACK_LABELS NF_CONNTRACK_MARK NF_CONNTRACK_NETBIOS_NS NF_CONNTRACK_PPTP NF_CONNTRACK_SANE NF_CONNTRACK_SNMP NF_CONNTRACK_TFTP NF_CONNTRACK_TIMEOUT NF_CONNTRACK_TIMESTAMP NF_CONNTRACK_ZONES NF_CT_NETLINK_HELPER NF_CT_NETLINK_TIMEOUT NF_CT_PROTO_DCCP NF_CT_PROTO_GRE NF_CT_PROTO_SCTP NF_CT_PROTO_UDPLITE NF_DUP_IPV4 NF_DUP_IPV6 NF_DUP_NETDEV NF_FLOW_TABLE NF_FLOW_TABLE_INET NF_FLOW_TABLE_IPV4 NF_FLOW_TABLE_IPV6 NF_NAT_AMANDA NF_NAT_H323 NF_NAT_PPTP NF_NAT_REDIRECT NF_NAT_SNMP_BASIC NF_NAT_TFTP NF_SOCKET_IPV4 NF_SOCKET_IPV6 NF_TABLES NF_TABLES_ARP NF_TABLES_BRIDGE NF_TABLES_INET NF_TABLES_IPV4 NF_TABLES_IPV6 NF_TABLES_NETDEV NF_TPROXY_IPV4 NF_TPROXY_IPV6 NILFS2_FS NLMON NLS_CODEPAGE_1250 NLS_CODEPAGE_1251 NLS_CODEPAGE_737 PARTITION_ADVANCED PSAMPLE RFKILL SPI USB_GADGET USB_MUSB_HDRC VIDEO_DEV VIDEO_V4L2 WAN WATCH_QUEUE WIRELESS WLAN WWAN X25 X86_X32] testing current HEAD c275eaaaa34260e6c907bc5e7ee07c096bc45064 testing commit c275eaaaa34260e6c907bc5e7ee07c096bc45064 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: af8c8f6a758875581676d8830aa42b2204d62690d94d9451f7c4526f7a3fe9e5 all runs: OK false negative chance: 0.000 # git bisect start c275eaaaa34260e6c907bc5e7ee07c096bc45064 471e639e59d128f4bf58000a118b2ceca3893f98 Bisecting: 515 revisions left to test after this (roughly 9 steps) [de846dec7aee13db614eae9c27b59383bdc98d9a] media: atomisp: gmin_platform: fix out_len in gmin_get_config_dsm_var() testing commit de846dec7aee13db614eae9c27b59383bdc98d9a gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: b566aba474ff2aa29dd039006a5e4bf654792e3f406ff2c59e4a4331b36f55af all runs: OK false negative chance: 0.000 # git bisect bad de846dec7aee13db614eae9c27b59383bdc98d9a Bisecting: 257 revisions left to test after this (roughly 8 steps) [38a9d7dac3ad25323145b4aaea3b5f434f50011d] pstore/ram: Add check for kstrdup testing commit 38a9d7dac3ad25323145b4aaea3b5f434f50011d gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 854d7548ba4b71bcd02ee6d2ecaa60729d159b4e0e1376a4752aef44d1da8cca all runs: OK false negative chance: 0.000 # git bisect bad 38a9d7dac3ad25323145b4aaea3b5f434f50011d Bisecting: 128 revisions left to test after this (roughly 7 steps) [5e0d33cc7813f59b352626d8b1ed922fb2bcc581] Revert "PCI: hv: Fix a timing issue which causes kdump to fail occasionally" testing commit 5e0d33cc7813f59b352626d8b1ed922fb2bcc581 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: a31b6e2b05e5c5afa1506a84fcdd235caf1821d2e82ecf562e61dba6608e67e7 all runs: OK false negative chance: 0.000 # git bisect bad 5e0d33cc7813f59b352626d8b1ed922fb2bcc581 Bisecting: 63 revisions left to test after this (roughly 6 steps) [44ebe988cb38e720b91826f4d7c31692061ca04a] netfilter: nf_tables: incorrect error path handling with NFT_MSG_NEWRULE testing commit 44ebe988cb38e720b91826f4d7c31692061ca04a gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 3d5e4d333771d6b3a35e2a9a626291f127c444ce5a56d6831fcfcf37bdc4dfd2 run #0: crashed: WARNING in nilfs_btree_assign run #1: crashed: WARNING in nilfs_btree_assign run #2: crashed: WARNING in nilfs_btree_assign run #3: crashed: WARNING in nilfs_btree_assign run #4: crashed: WARNING in nilfs_btree_assign run #5: crashed: WARNING in nilfs_btree_assign run #6: crashed: WARNING in nilfs_btree_assign run #7: crashed: WARNING in nilfs_btree_assign run #8: OK run #9: OK representative crash: WARNING in nilfs_btree_assign, types: [WARNING] # git bisect good 44ebe988cb38e720b91826f4d7c31692061ca04a Bisecting: 31 revisions left to test after this (roughly 5 steps) [2077c7dbfe29f07fcdf54e73aad9607a2e0b2b36] net: tipc: resize nlattr array to correct size testing commit 2077c7dbfe29f07fcdf54e73aad9607a2e0b2b36 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: a2ffc7e57210d1f18797d367785103719943d78ce0492905fabba1bf3f2170b0 run #0: crashed: WARNING in nilfs_btree_assign run #1: crashed: WARNING in nilfs_btree_assign run #2: crashed: WARNING in nilfs_btree_assign run #3: crashed: WARNING in nilfs_btree_assign run #4: crashed: WARNING in nilfs_btree_assign run #5: crashed: WARNING in nilfs_btree_assign run #6: crashed: WARNING in nilfs_btree_assign run #7: crashed: WARNING in nilfs_btree_assign run #8: crashed: WARNING in nilfs_btree_assign run #9: OK representative crash: WARNING in nilfs_btree_assign, types: [WARNING] # git bisect good 2077c7dbfe29f07fcdf54e73aad9607a2e0b2b36 Bisecting: 15 revisions left to test after this (roughly 4 steps) [fb7c68bbccad1a92d9078a5b2160d448da542b7a] drm/amd/display: Add minimal pipe split transition state testing commit fb7c68bbccad1a92d9078a5b2160d448da542b7a gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 546025eb6cad9379ba39f2c5dde82ea24311dbe5c7ae5eb444445ef0a73045d0 run #0: crashed: WARNING in nilfs_btree_assign run #1: crashed: WARNING in nilfs_btree_assign run #2: crashed: WARNING in nilfs_btree_assign run #3: crashed: WARNING in nilfs_btree_assign run #4: crashed: WARNING in nilfs_btree_assign run #5: crashed: WARNING in nilfs_btree_assign run #6: crashed: WARNING in nilfs_btree_assign run #7: OK run #8: OK run #9: OK representative crash: WARNING in nilfs_btree_assign, types: [WARNING] # git bisect good fb7c68bbccad1a92d9078a5b2160d448da542b7a Bisecting: 7 revisions left to test after this (roughly 3 steps) [64cb73ea77abfdacae2a111194989b726b9ddb83] selftests: mptcp: join: use 'iptables-legacy' if available testing commit 64cb73ea77abfdacae2a111194989b726b9ddb83 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 6a86c04f163d1f98cf5198708c70973df8d4773e9556a5cd7430b06ff03d4b26 run #0: crashed: WARNING in nilfs_btree_assign run #1: crashed: WARNING in nilfs_btree_assign run #2: crashed: WARNING in nilfs_btree_assign run #3: crashed: WARNING in nilfs_btree_assign run #4: crashed: WARNING in nilfs_btree_assign run #5: crashed: WARNING in nilfs_btree_assign run #6: crashed: WARNING in nilfs_btree_assign run #7: crashed: WARNING in nilfs_btree_assign run #8: crashed: WARNING in nilfs_btree_assign run #9: OK representative crash: WARNING in nilfs_btree_assign, types: [WARNING] # git bisect good 64cb73ea77abfdacae2a111194989b726b9ddb83 Bisecting: 3 revisions left to test after this (roughly 2 steps) [953dd7e2df8181d5ce4117fca347992d616f0621] KVM: Avoid illegal stage2 mapping on invalid memory slot testing commit 953dd7e2df8181d5ce4117fca347992d616f0621 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: a31b6e2b05e5c5afa1506a84fcdd235caf1821d2e82ecf562e61dba6608e67e7 all runs: OK false negative chance: 0.000 # git bisect bad 953dd7e2df8181d5ce4117fca347992d616f0621 Bisecting: 1 revision left to test after this (roughly 1 step) [b12011cea56bd80d52e2d9a6a320ee6ce89034c8] nilfs2: fix buffer corruption due to concurrent device reads testing commit b12011cea56bd80d52e2d9a6a320ee6ce89034c8 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: b7849e546c624272e6b46655b8423e6cf3ff8dbf1f0a025466b3d50b39c032b1 all runs: OK false negative chance: 0.000 # git bisect bad b12011cea56bd80d52e2d9a6a320ee6ce89034c8 Bisecting: 0 revisions left to test after this (roughly 0 steps) [485f6be2549c5d54e85373ba3cd43215df85b643] selftests: mptcp: join: skip check if MIB counter not supported testing commit 485f6be2549c5d54e85373ba3cd43215df85b643 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 6a86c04f163d1f98cf5198708c70973df8d4773e9556a5cd7430b06ff03d4b26 run #0: crashed: WARNING in nilfs_btree_assign run #1: crashed: WARNING in nilfs_btree_assign run #2: crashed: WARNING in nilfs_btree_assign run #3: crashed: WARNING in nilfs_btree_assign run #4: crashed: WARNING in nilfs_btree_assign run #5: crashed: WARNING in nilfs_btree_assign run #6: crashed: WARNING in nilfs_btree_assign run #7: OK run #8: OK run #9: OK representative crash: WARNING in nilfs_btree_assign, types: [WARNING] # git bisect good 485f6be2549c5d54e85373ba3cd43215df85b643 b12011cea56bd80d52e2d9a6a320ee6ce89034c8 is the first bad commit commit b12011cea56bd80d52e2d9a6a320ee6ce89034c8 Author: Ryusuke Konishi Date: Fri Jun 9 12:57:32 2023 +0900 nilfs2: fix buffer corruption due to concurrent device reads commit 679bd7ebdd315bf457a4740b306ae99f1d0a403d upstream. As a result of analysis of a syzbot report, it turned out that in three cases where nilfs2 allocates block device buffers directly via sb_getblk, concurrent reads to the device can corrupt the allocated buffers. Nilfs2 uses sb_getblk for segment summary blocks, that make up a log header, and the super root block, that is the trailer, and when moving and writing the second super block after fs resize. In any of these, since the uptodate flag is not set when storing metadata to be written in the allocated buffers, the stored metadata will be overwritten if a device read of the same block occurs concurrently before the write. This causes metadata corruption and misbehavior in the log write itself, causing warnings in nilfs_btree_assign() as reported. Fix these issues by setting an uptodate flag on the buffer head on the first or before modifying each buffer obtained with sb_getblk, and clearing the flag on failure. When setting the uptodate flag, the lock_buffer/unlock_buffer pair is used to perform necessary exclusive control, and the buffer is filled to ensure that uninitialized bytes are not mixed into the data read from others. As for buffers for segment summary blocks, they are filled incrementally, so if the uptodate flag was unset on their allocation, set the flag and zero fill the buffer once at that point. Also, regarding the superblock move routine, the starting point of the memset call to zerofill the block is incorrectly specified, which can cause a buffer overflow on file systems with block sizes greater than 4KiB. In addition, if the superblock is moved within a large block, it is necessary to assume the possibility that the data in the superblock will be destroyed by zero-filling before copying. So fix these potential issues as well. Link: https://lkml.kernel.org/r/20230609035732.20426-1-konishi.ryusuke@gmail.com Signed-off-by: Ryusuke Konishi Reported-by: syzbot+31837fe952932efc8fb9@syzkaller.appspotmail.com Closes: https://lkml.kernel.org/r/00000000000030000a05e981f475@google.com Tested-by: Ryusuke Konishi Cc: Signed-off-by: Andrew Morton Signed-off-by: Greg Kroah-Hartman fs/nilfs2/segbuf.c | 6 ++++++ fs/nilfs2/segment.c | 7 +++++++ fs/nilfs2/super.c | 23 ++++++++++++++++++++++- 3 files changed, 35 insertions(+), 1 deletion(-) accumulated error probability: 0.00 culprit signature: b7849e546c624272e6b46655b8423e6cf3ff8dbf1f0a025466b3d50b39c032b1 parent signature: 6a86c04f163d1f98cf5198708c70973df8d4773e9556a5cd7430b06ff03d4b26 revisions tested: 18, total time: 10h9m1.984751002s (build: 6h21m7.720999831s, test: 3h19m9.340294953s) first good commit: b12011cea56bd80d52e2d9a6a320ee6ce89034c8 nilfs2: fix buffer corruption due to concurrent device reads recipients (to): ["akpm@linux-foundation.org" "gregkh@linuxfoundation.org" "konishi.ryusuke@gmail.com"] recipients (cc): []