ci starts bisection 2023-12-06 14:26:51.826286969 +0000 UTC m=+3087.441476856
bisecting cause commit starting from 577a4ee0b96fb043c9cf4a533c550ff587e526cf
building syzkaller on f819d6f7cb99737851dcaaa51f11190138fd48d5
ensuring issue is reproducible on original commit 577a4ee0b96fb043c9cf4a533c550ff587e526cf

testing commit 577a4ee0b96fb043c9cf4a533c550ff587e526cf gcc
compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: b6673b6007d7736af4dd4656a5b3448d6c4453d17ee2514cde9050c968f73da6
all runs: crashed: WARNING in __mark_chain_precision
representative crash: WARNING in __mark_chain_precision, types: [WARNING]
check whether we can drop unnecessary instrumentation
disabling configs for [KASAN LOCKDEP ATOMIC_SLEEP HANG LEAK UBSAN], they are not needed
testing commit 577a4ee0b96fb043c9cf4a533c550ff587e526cf gcc
compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: ccf0609c282b03ef11f4e766603562fae7761a9e188a0fc035a07bee7a770a1d
all runs: crashed: WARNING in __mark_chain_precision
representative crash: WARNING in __mark_chain_precision, types: [WARNING]
the bug reproduces without the instrumentation
disabling configs for [LOCKDEP ATOMIC_SLEEP HANG LEAK UBSAN KASAN], they are not needed
kconfig minimization: base=3923 full=7672 leaves diff=2008
split chunks (needed=false): <2008>
split chunk #0 of len 2008 into 5 parts
testing without sub-chunk 1/5
disabling configs for [UBSAN KASAN LOCKDEP ATOMIC_SLEEP HANG LEAK], they are not needed
testing commit 577a4ee0b96fb043c9cf4a533c550ff587e526cf gcc
compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 8f3b473f9b9ad7cdbd233cbf6afdcb2249048ff4878576c947518cdbe2be777c
all runs: crashed: WARNING in __mark_chain_precision
representative crash: WARNING in __mark_chain_precision, types: [WARNING]
the chunk can be dropped
testing without sub-chunk 2/5
disabling configs for [LEAK UBSAN KASAN LOCKDEP ATOMIC_SLEEP HANG], they are not needed
testing commit 577a4ee0b96fb043c9cf4a533c550ff587e526cf gcc
compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: e083b8f0578d463a74ab11e9f741c85ecc06af725e298e4eeda60eff438ff563
all runs: crashed: WARNING in __mark_chain_precision
representative crash: WARNING in __mark_chain_precision, types: [WARNING]
the chunk can be dropped
testing without sub-chunk 3/5
disabling configs for [UBSAN KASAN LOCKDEP ATOMIC_SLEEP HANG LEAK], they are not needed
testing commit 577a4ee0b96fb043c9cf4a533c550ff587e526cf gcc
compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: f1ff3e03602195180792e05d7fdb59a742bc759f7c95ec7754ce01a4699f0ead
all runs: crashed: WARNING in __mark_chain_precision
representative crash: WARNING in __mark_chain_precision, types: [WARNING]
the chunk can be dropped
testing without sub-chunk 4/5
disabling configs for [HANG LEAK UBSAN KASAN LOCKDEP ATOMIC_SLEEP], they are not needed
testing commit 577a4ee0b96fb043c9cf4a533c550ff587e526cf gcc
compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 6f23ee0b402fb642950f886b693bd02fbaa97d927dd31607c603693b310d6e8e
all runs: crashed: WARNING in __mark_chain_precision
representative crash: WARNING in __mark_chain_precision, types: [WARNING]
the chunk can be dropped
testing without sub-chunk 5/5
disabling configs for [ATOMIC_SLEEP HANG LEAK UBSAN KASAN LOCKDEP], they are not needed
testing commit 577a4ee0b96fb043c9cf4a533c550ff587e526cf gcc
compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 22533dbb6a109ac4d11f60d23afda1525b6e800a9159a79aca3beeacbebb03b1
all runs: OK
false negative chance: 0.000
minimized to 400 configs; suspects: [ARCH_ENABLE_MEMORY_HOTREMOVE ATM BCMA BLK_DEV_ZONED BPF_SYSCALL CARDBUS CFG80211 CFG80211_WEXT CMA COMMON_CLK CONTIG_ALLOC CRYPTO_842 CRYPTO_LZ4 CRYPTO_LZ4HC CRYPTO_LZO CRYPTO_ZSTD DVB_CORE EXTCON FB GPIOLIB HID_ZEROPLUS I2C_MUX IIO IOMMUFD IRQ_REMAP KVM KVM_INTEL LIBNVDIMM MEDIA_ANALOG_TV_SUPPORT MEDIA_CAMERA_SUPPORT MEDIA_CEC_SUPPORT MEDIA_CONTROLLER MEDIA_DIGITAL_TV_SUPPORT MEDIA_RADIO_SUPPORT MEDIA_SDR_SUPPORT MEDIA_SUPPORT MEDIA_TEST_SUPPORT MEDIA_USB_SUPPORT MEMORY_HOTPLUG MEMORY_HOTREMOVE MFD_VIPERBOARD PARPORT PCCARD PCMCIA PHONET RADIO_ADAPTERS RADIO_SI470X RADIO_SI4713 RC_CORE RFKILL SND SOUND SPI SSB TAP TARGET_CORE TUN USB_AMD5536UDC USB_ATM USB_CONFIGFS USB_CONFIGFS_F_FS USB_CONFIGFS_F_HID USB_CONFIGFS_F_LB_SS USB_CONFIGFS_F_MIDI USB_CONFIGFS_F_PRINTER USB_CONFIGFS_F_TCM USB_CONFIGFS_F_UAC1 USB_CONFIGFS_F_UAC1_LEGACY USB_CONFIGFS_F_UAC2 USB_CONFIGFS_F_UVC USB_CONFIGFS_MASS_STORAGE USB_CONFIGFS_NCM USB_CONFIGFS_OBEX USB_CONFIGFS_PHONET USB_CONFIGFS_RNDIS USB_CONFIGFS_SERIAL USB_CXACRU USB_CYPRESS_CY7C63 USB_CYTHERM USB_DSBR USB_DUMMY_HCD USB_DWC2 USB_DWC2_HOST USB_DWC2_PCI USB_DWC3 USB_DWC3_GADGET USB_DWC3_OF_SIMPLE USB_DWC3_PCI USB_DWC3_ULPI USB_DYNAMIC_MINORS USB_EG20T USB_EHCI_HCD_PLATFORM USB_EHCI_ROOT_HUB_TT USB_EHSET_TEST_FIXTURE USB_EMI26 USB_EMI62 USB_EPSON2888 USB_EZUSB_FX2 USB_FEW_INIT_RETRIES USB_F_ACM USB_F_ECM USB_F_EEM USB_F_FS USB_F_HID USB_F_MASS_STORAGE USB_F_MIDI USB_F_NCM USB_F_OBEX USB_F_PHONET USB_F_PRINTER USB_F_RNDIS USB_F_SERIAL USB_F_SS_LB USB_F_SUBSET USB_F_TCM USB_F_UAC1 USB_F_UAC1_LEGACY USB_F_UAC2 USB_F_UVC USB_GADGET USB_GADGETFS USB_GADGET_DEBUG_FILES USB_GADGET_DEBUG_FS USB_GL860 USB_GOKU USB_GPIO_VBUS USB_GR_UDC USB_GSPCA USB_GSPCA_BENQ USB_GSPCA_CONEX USB_GSPCA_CPIA1 USB_GSPCA_DTCS033 USB_GSPCA_ETOMS USB_GSPCA_FINEPIX USB_GSPCA_JEILINJ USB_GSPCA_JL2005BCD USB_GSPCA_KINECT USB_GSPCA_KONICA USB_GSPCA_MARS USB_GSPCA_MR97310A USB_GSPCA_NW80X USB_GSPCA_OV519 USB_GSPCA_OV534 USB_GSPCA_OV534_9 USB_GSPCA_PAC207 USB_GSPCA_PAC7302 USB_GSPCA_PAC7311 USB_GSPCA_SE401 USB_GSPCA_SN9C2028 USB_GSPCA_SN9C20X USB_GSPCA_SONIXB USB_GSPCA_SONIXJ USB_GSPCA_SPCA1528 USB_GSPCA_SPCA500 USB_GSPCA_SPCA501 USB_GSPCA_SPCA505 USB_GSPCA_SPCA506 USB_GSPCA_SPCA508 USB_GSPCA_SPCA561 USB_GSPCA_SQ905 USB_GSPCA_SQ905C USB_GSPCA_SQ930X USB_GSPCA_STK014 USB_GSPCA_STK1135 USB_GSPCA_STV0680 USB_GSPCA_SUNPLUS USB_GSPCA_T613 USB_GSPCA_TOPRO USB_GSPCA_TOUPTEK USB_GSPCA_TV8532 USB_GSPCA_VC032X USB_GSPCA_VICAM USB_GSPCA_XIRLINK_CIT USB_GSPCA_ZC3XX USB_HACKRF USB_HCD_BCMA USB_HCD_SSB USB_HSIC_USB3503 USB_HSIC_USB4604 USB_HSO USB_HUB_USB251XB USB_IDMOUSE USB_IOWARRIOR USB_IPHETH USB_ISIGHTFW USB_ISP116X_HCD USB_ISP1301 USB_ISP1760 USB_ISP1760_DUAL_ROLE USB_ISP1760_HCD USB_ISP1761_UDC USB_KAWETH USB_KC2190 USB_KEENE USB_LAN78XX USB_LCD USB_LD USB_LEDS_TRIGGER_USBPORT USB_LED_TRIG USB_LEGOTOWER USB_LIBCOMPOSITE USB_LINK_LAYER_TEST USB_M5602 USB_MA901 USB_MAX3421_HCD USB_MDC800 USB_MICROTEK USB_MR800 USB_MSI2500 USB_MUSB_DUAL_ROLE USB_MUSB_HDRC USB_MV_U3D USB_MV_UDC USB_NET2272 USB_NET2272_DMA USB_NET2280 USB_NET_AX88179_178A USB_NET_AX8817X USB_NET_CDCETHER USB_NET_CDC_EEM USB_NET_CDC_MBIM USB_NET_CDC_NCM USB_NET_CDC_SUBSET USB_NET_CDC_SUBSET_ENABLE USB_NET_CH9200 USB_NET_CX82310_ETH USB_NET_DM9601 USB_NET_GL620A USB_NET_HUAWEI_CDC_NCM USB_NET_INT51X1 USB_NET_KALMIA USB_NET_MCS7830 USB_NET_NET1080 USB_NET_PLUSB USB_NET_QMI_WWAN USB_NET_RNDIS_HOST USB_NET_SMSC75XX USB_NET_SMSC95XX USB_NET_SR9700 USB_NET_SR9800 USB_NET_ZAURUS USB_OHCI_HCD_PLATFORM USB_OTG USB_OTG_FSM USB_OXU210HP_HCD USB_PEGASUS USB_PULSE8_CEC USB_PWC USB_PWC_INPUT_EVDEV USB_PXA27X USB_R8A66597 USB_R8A66597_HCD USB_RAINSHADOW_CEC USB_RAREMONO USB_RAW_GADGET USB_RTL8150 USB_RTL8152 USB_RTL8153_ECM USB_S2255 USB_SERIAL USB_SERIAL_AIRCABLE USB_SERIAL_ARK3116 USB_SERIAL_BELKIN USB_SERIAL_CH341 USB_SERIAL_CONSOLE USB_SERIAL_CP210X USB_SERIAL_CYBERJACK USB_SERIAL_CYPRESS_M8 USB_SERIAL_DEBUG USB_SERIAL_DIGI_ACCELEPORT USB_SERIAL_EDGEPORT USB_SERIAL_EDGEPORT_TI USB_SERIAL_EMPEG USB_SERIAL_F81232 USB_SERIAL_F8153X USB_SERIAL_FTDI_SIO USB_SERIAL_GARMIN USB_SERIAL_GENERIC USB_SERIAL_IPAQ USB_SERIAL_IPW USB_SERIAL_IR USB_SERIAL_IUU USB_SERIAL_KEYSPAN USB_SERIAL_KEYSPAN_PDA USB_SERIAL_KLSI USB_SERIAL_KOBIL_SCT USB_SERIAL_MCT_U232 USB_SERIAL_METRO USB_SERIAL_MOS7715_PARPORT USB_SERIAL_MOS7720 USB_SERIAL_MOS7840 USB_SERIAL_MXUPORT USB_SERIAL_NAVMAN USB_SERIAL_OMNINET USB_SERIAL_OPTICON USB_SERIAL_OPTION USB_SERIAL_OTI6858 USB_SERIAL_PL2303 USB_SERIAL_QCAUX USB_SERIAL_QT2 USB_SERIAL_QUALCOMM USB_SERIAL_SAFE USB_SERIAL_SIERRAWIRELESS USB_SERIAL_SIMPLE USB_SERIAL_SPCP8X5 USB_SERIAL_SSU100 USB_SERIAL_SYMBOL USB_SERIAL_TI USB_SERIAL_UPD78F0730 USB_SERIAL_VISOR USB_SERIAL_WHITEHEAT USB_SERIAL_WISHBONE USB_SERIAL_WWAN USB_SERIAL_XR USB_SERIAL_XSENS_MT USB_SEVSEG USB_SI470X USB_SI4713 USB_SIERRA_NET USB_SISUSBVGA USB_SL811_CS USB_SL811_HCD USB_SL811_HCD_ISO USB_SNP_CORE USB_SPEEDTOUCH USB_STORAGE_ALAUDA USB_STORAGE_CYPRESS_ATACB USB_STORAGE_DATAFAB USB_STORAGE_ENE_UB6250 USB_STORAGE_FREECOM USB_STORAGE_ISD200 USB_STORAGE_JUMPSHOT USB_STORAGE_KARMA USB_STORAGE_ONETOUCH USB_STORAGE_SDDR09 USB_STORAGE_SDDR55 USB_STORAGE_USBAT USB_STV06XX USB_TEST USB_TMC USB_TRANCEVIBRATOR USB_UAS USB_UEAGLEATM USB_ULPI_BUS USB_USBNET USB_USS720 USB_U_AUDIO USB_U_ETHER USB_U_SERIAL USB_VIDEO_CLASS USB_VIDEO_CLASS_INPUT_EVDEV USB_VL600 USB_WDM USB_XHCI_DBGCAP USB_XHCI_PLATFORM USB_XUSBATM USB_YUREX USERFAULTFD USERIO USERMODE_DRIVER USER_RETURN_NOTIFIER UVC_COMMON U_SERIAL_CONSOLE V4L2_MEM2MEM_DEV V4L_TEST_DRIVERS VALIDATE_FS_PARSER VDPA VDPA_SIM VDPA_SIM_BLOCK VDPA_SIM_NET VDPA_USER VETH VFIO VFIO_DEVICE_CDEV VFIO_PCI VFIO_PCI_CORE VFIO_PCI_INTX VFIO_PCI_MMAP VFIO_VIRQFD VGASTATE VHOST VHOST_CROSS_ENDIAN_LEGACY VHOST_IOTLB VHOST_NET VHOST_RING VHOST_TASK VHOST_VDPA VHOST_VSOCK VIDEOBUF2_CORE VIDEOBUF2_DMA_CONTIG VIDEOBUF2_DMA_SG VIDEOBUF2_MEMOPS VIDEOBUF2_V4L2 VIDEOBUF2_VMALLOC VIDEOMODE_HELPERS VIDEO_AU0828 VIDEO_AU0828_RC VIDEO_AU0828_V4L2 VIDEO_CMDLINE VIDEO_CS53L32A VIDEO_CX231XX VIDEO_CX231XX_ALSA VIDEO_CX231XX_DVB VIDEO_CX231XX_RC VIDEO_CX2341X VIDEO_CX25840 VIDEO_DEV VIDEO_EM28XX VIDEO_EM28XX_ALSA VIDEO_EM28XX_DVB VIDEO_EM28XX_RC VIDEO_EM28XX_V4L2 VIDEO_GO7007 VIDEO_GO7007_LOADER VIDEO_GO7007_USB VIDEO_GO7007_USB_S2250_BOARD VIDEO_HDPVR VIDEO_MSP3400 VIDEO_NOMODESET VIDEO_PVRUSB2 VIDEO_PVRUSB2_DVB VIDEO_PVRUSB2_SYSFS VIDEO_SAA711X VIDEO_STK1160 VIDEO_TUNER VIDEO_TVEEPROM VIDEO_USBTV VIDEO_V4L2_I2C VIDEO_V4L2_SUBDEV_API VIDEO_V4L2_TPG VIDEO_VICODEC VIDEO_VIM2M VIDEO_VIMC VIDEO_VIVID VIDEO_VIVID_CEC VIDEO_WM8775 VIPERBOARD_ADC VIRTIO_BALLOON VIRTIO_DMA_SHARED_BUFFER VIRTIO_MEM VIRTIO_MMIO VIRTIO_MMIO_CMDLINE_DEVICES VIRTIO_PMEM VIRTIO_VDPA VIRTIO_VSOCKETS VIRTIO_VSOCKETS_COMMON VIRT_WIFI VLAN_8021Q VLAN_8021Q_GVRP VLAN_8021Q_MVRP VMAP_PFN VMWARE_VMCI VMXNET3 VP_VDPA VSOCKETS VSOCKETS_DIAG VSOCKETS_LOOPBACK VSOCKMON VT_HW_CONSOLE_BINDING VXFS_FS WANT_DEV_COREDUMP WEXT_CORE WEXT_PRIV WEXT_PROC WIREGUARD WIRELESS WIRELESS_EXT WLAN WLAN_VENDOR_ADMTEK WLAN_VENDOR_PURELIFI WLAN_VENDOR_SILABS X86_SGX X86_SGX_KVM X86_USER_SHADOW_STACK X86_X2APIC X86_X32_ABI XARRAY_MULTI XDP_SOCKETS XDP_SOCKETS_DIAG XFRM_ESPINTCP XFRM_INTERFACE XFRM_IPCOMP XFRM_MIGRATE XFRM_OFFLOAD XFRM_STATISTICS XFRM_SUB_POLICY XFRM_USER_COMPAT XFS_FS XFS_POSIX_ACL XFS_QUOTA XFS_RT XOR_BLOCKS YENTA YENTA_ENE_TUNE YENTA_O2 YENTA_RICOH YENTA_TI YENTA_TOSHIBA ZEROPLUS_FF ZLIB_DEFLATE ZONEFS_FS ZPOOL ZRAM ZRAM_DEF_COMP_LZORLE ZSMALLOC ZSTD_COMPRESS ZSWAP ZSWAP_COMPRESSOR_DEFAULT_LZO ZSWAP_DEFAULT_ON ZSWAP_ZPOOL_DEFAULT_ZSMALLOC]
disabling configs for [LOCKDEP ATOMIC_SLEEP HANG LEAK UBSAN KASAN], they are not needed
picked [v6.6 v6.5 v6.4 v6.2 v6.0 v5.18 v5.16 v5.14 v5.11 v5.8 v5.5 v5.2 v4.20 v4.19] out of 29 release tags
testing release v6.6
testing commit ffc253263a1375a65fa6c9f62a893e9767fbebfa gcc
compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 0468a18c14b2bb40c8904bf80af468ecc7212f0d34f4b3e5e589fc8ab76033d7
all runs: OK
false negative chance: 0.000
# git bisect start 577a4ee0b96fb043c9cf4a533c550ff587e526cf ffc253263a1375a65fa6c9f62a893e9767fbebfa
Bisecting: 11196 revisions left to test after this (roughly 14 steps)
[431f1051884e38d2a5751e4731d69b2ff289ee56] Merge tag 'leds-next-6.7' of git://git.kernel.org/pub/scm/linux/kernel/git/lee/leds

testing commit 431f1051884e38d2a5751e4731d69b2ff289ee56 gcc
compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 6cca5c70547b7e713f589c303ec752c4ae8cd91be3d7d45330e5c84040454854
all runs: OK
false negative chance: 0.000
# git bisect good 431f1051884e38d2a5751e4731d69b2ff289ee56
Bisecting: 5601 revisions left to test after this (roughly 13 steps)
[e81fe505202fdc07b1925aa70fca5e2a714eb259] Merge tag 'perf-urgent-2023-11-26' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip

testing commit e81fe505202fdc07b1925aa70fca5e2a714eb259 gcc
compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 60fb5b4005b0f57458c3618b7260c00af343d09cefaab118cb954a782bcf3e1d
all runs: OK
false negative chance: 0.000
# git bisect good e81fe505202fdc07b1925aa70fca5e2a714eb259
Bisecting: 2507 revisions left to test after this (roughly 12 steps)
[6f0d1bfc6079fedb2ce3b24d8b24248c66d8ce04] Merge branch 'main' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next.git

testing commit 6f0d1bfc6079fedb2ce3b24d8b24248c66d8ce04 gcc
compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 012c6e165245024b48e8e70937c81641eae22493025a9a0a2af4c1448f300b3d
all runs: OK
false negative chance: 0.000
# git bisect good 6f0d1bfc6079fedb2ce3b24d8b24248c66d8ce04
Bisecting: 1264 revisions left to test after this (roughly 10 steps)
[a51a7987f9c54c315ca4733c0cb674a05bfff40f] Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regulator.git

testing commit a51a7987f9c54c315ca4733c0cb674a05bfff40f gcc
compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 3600923b89db9d7bb7b754d26b5146190a36882dbb5fc1c23074a321c77e8ae0
all runs: crashed: WARNING in __mark_chain_precision
representative crash: WARNING in __mark_chain_precision, types: [WARNING]
# git bisect bad a51a7987f9c54c315ca4733c0cb674a05bfff40f
Bisecting: 625 revisions left to test after this (roughly 9 steps)
[43d8b435ed1cf7ff63e505b3272ed02059004436] Merge branch 'drm-next' of git://git.freedesktop.org/git/drm/drm.git

testing commit 43d8b435ed1cf7ff63e505b3272ed02059004436 gcc
compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: dbc6d8e08159d6ad7c86c8c685ea81ee8e1ad8d573e955ba0f099a8b23c53349
all runs: crashed: WARNING in __mark_chain_precision
representative crash: WARNING in __mark_chain_precision, types: [WARNING]
# git bisect bad 43d8b435ed1cf7ff63e505b3272ed02059004436
Bisecting: 259 revisions left to test after this (roughly 8 steps)
[221d6546bd16e08a4b18d67698e624459dab1795] Merge tag 'drm-intel-next-2023-11-23' of git://anongit.freedesktop.org/drm/drm-intel into drm-next

testing commit 221d6546bd16e08a4b18d67698e624459dab1795 gcc
compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: c85669af3ca6741c838dd02fa2047dc6b39ce5969ba55d1214124a1fe47bef87
all runs: OK
false negative chance: 0.000
# git bisect good 221d6546bd16e08a4b18d67698e624459dab1795
Bisecting: 112 revisions left to test after this (roughly 7 steps)
[700df02b3269a6b9fca2675bd454a8376517411a] Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/cryptodev-2.6.git

testing commit 700df02b3269a6b9fca2675bd454a8376517411a gcc
compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 3ccc202957bac2da34af41b3b2a41ef36e7c2e7db7e70c6e9551b0ec6f915e54
all runs: crashed: WARNING in __mark_chain_precision
representative crash: WARNING in __mark_chain_precision, types: [WARNING]
# git bisect bad 700df02b3269a6b9fca2675bd454a8376517411a
Bisecting: 90 revisions left to test after this (roughly 6 steps)
[b4eed7f6104b4bcfeabe1af53a8d7755bd218bf2] Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git

testing commit b4eed7f6104b4bcfeabe1af53a8d7755bd218bf2 gcc
compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 068b0513784b5e13fcd5305e75a1288350866dead2cf7ca8a5d0a29c57b34d05
all runs: crashed: WARNING in __mark_chain_precision
representative crash: WARNING in __mark_chain_precision, types: [WARNING]
# git bisect bad b4eed7f6104b4bcfeabe1af53a8d7755bd218bf2
Bisecting: 27 revisions left to test after this (roughly 5 steps)
[1624918be84a8bcc4f592e55635bc4fe4a96460a] selftests/bpf: Add test cases for inner map

testing commit 1624918be84a8bcc4f592e55635bc4fe4a96460a gcc
compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: c9966ee3c8012d0034e5573b7ebdfd2bffe004ce532c42ee6c97e8f326cfc6fd
all runs: OK
false negative chance: 0.000
# git bisect good 1624918be84a8bcc4f592e55635bc4fe4a96460a
Bisecting: 13 revisions left to test after this (roughly 4 steps)
[064e0bea19b356c5d5f48a4549d80a3c03ce898b] selftests/bpf: validate precision logic in partial_stack_load_preserves_zeros

testing commit 064e0bea19b356c5d5f48a4549d80a3c03ce898b gcc
compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: ff5f2b7e6ecdd5fde1b228c2ea30afec66e6ed84d8865b4cfd18ea986117e36a
all runs: crashed: WARNING in __mark_chain_precision
representative crash: WARNING in __mark_chain_precision, types: [WARNING]
# git bisect bad 064e0bea19b356c5d5f48a4549d80a3c03ce898b
Bisecting: 6 revisions left to test after this (roughly 3 steps)
[876301881c436bf38e83a2c0d276a24b642e4aab] selftests/bpf: add stack access precision test

testing commit 876301881c436bf38e83a2c0d276a24b642e4aab gcc
compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: fd655ccec4afff36e862fa2af63f4afc2155ca9fe4c52db9dbdabada1b41dad5
all runs: crashed: WARNING in __mark_chain_precision
representative crash: WARNING in __mark_chain_precision, types: [WARNING]
# git bisect bad 876301881c436bf38e83a2c0d276a24b642e4aab
Bisecting: 3 revisions left to test after this (roughly 2 steps)
[1b4c7e20bfd6cfe0efbc51756d930a9406d41ea7] selftests/bpf: Test bpf_kptr_xchg stashing of bpf_rb_root

testing commit 1b4c7e20bfd6cfe0efbc51756d930a9406d41ea7 gcc
compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 9f33cfd7d9633901c34ec3530f4e127876193275d9b8c4b383b7056f13eae56a
all runs: OK
false negative chance: 0.000
# git bisect good 1b4c7e20bfd6cfe0efbc51756d930a9406d41ea7
Bisecting: 1 revision left to test after this (roughly 1 step)
[5ffb260f754bf838507fe0c23d05254b33e2bf3d] selftests/bpf: Make sure we trigger metadata kfuncs for dst 8080

testing commit 5ffb260f754bf838507fe0c23d05254b33e2bf3d gcc
compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: aaeb9106e61c69fc6cbb3999bb8fff62a2c5d48884b456a37759cdfd4b40a208
all runs: OK
false negative chance: 0.000
# git bisect good 5ffb260f754bf838507fe0c23d05254b33e2bf3d
Bisecting: 0 revisions left to test after this (roughly 0 steps)
[41f6f64e6999a837048b1bd13a2f8742964eca6b] bpf: support non-r10 register spill/fill to/from stack in precision tracking

testing commit 41f6f64e6999a837048b1bd13a2f8742964eca6b gcc
compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: d61cf2c8fa229b0159387eced2e8bceaebbb231a95995da5f1cdfbddbf849904
all runs: crashed: WARNING in __mark_chain_precision
representative crash: WARNING in __mark_chain_precision, types: [WARNING]
# git bisect bad 41f6f64e6999a837048b1bd13a2f8742964eca6b
41f6f64e6999a837048b1bd13a2f8742964eca6b is the first bad commit
commit 41f6f64e6999a837048b1bd13a2f8742964eca6b
Author: Andrii Nakryiko <andrii@kernel.org>
Date:   Tue Dec 5 10:42:39 2023 -0800

    bpf: support non-r10 register spill/fill to/from stack in precision tracking
    
    Use instruction (jump) history to record instructions that performed
    register spill/fill to/from stack, regardless if this was done through
    read-only r10 register, or any other register after copying r10 into it
    *and* potentially adjusting offset.
    
    To make this work reliably, we push extra per-instruction flags into
    instruction history, encoding stack slot index (spi) and stack frame
    number in extra 10 bit flags we take away from prev_idx in instruction
    history. We don't touch idx field for maximum performance, as it's
    checked most frequently during backtracking.
    
    This change removes basically the last remaining practical limitation of
    precision backtracking logic in BPF verifier. It fixes known
    deficiencies, but also opens up new opportunities to reduce number of
    verified states, explored in the subsequent patches.
    
    There are only three differences in selftests' BPF object files
    according to veristat, all in the positive direction (less states).
    
    File                                    Program        Insns (A)  Insns (B)  Insns  (DIFF)  States (A)  States (B)  States (DIFF)
    --------------------------------------  -------------  ---------  ---------  -------------  ----------  ----------  -------------
    test_cls_redirect_dynptr.bpf.linked3.o  cls_redirect        2987       2864  -123 (-4.12%)         240         231    -9 (-3.75%)
    xdp_synproxy_kern.bpf.linked3.o         syncookie_tc       82848      82661  -187 (-0.23%)        5107        5073   -34 (-0.67%)
    xdp_synproxy_kern.bpf.linked3.o         syncookie_xdp      85116      84964  -152 (-0.18%)        5162        5130   -32 (-0.62%)
    
    Note, I avoided renaming jmp_history to more generic insn_hist to
    minimize number of lines changed and potential merge conflicts between
    bpf and bpf-next trees.
    
    Notice also cur_hist_entry pointer reset to NULL at the beginning of
    instruction verification loop. This pointer avoids the problem of
    relying on last jump history entry's insn_idx to determine whether we
    already have entry for current instruction or not. It can happen that we
    added jump history entry because current instruction is_jmp_point(), but
    also we need to add instruction flags for stack access. In this case, we
    don't want to entries, so we need to reuse last added entry, if it is
    present.
    
    Relying on insn_idx comparison has the same ambiguity problem as the one
    that was fixed recently in [0], so we avoid that.
    
      [0] https://patchwork.kernel.org/project/netdevbpf/patch/20231110002638.4168352-3-andrii@kernel.org/
    
    Acked-by: Eduard Zingerman <eddyz87@gmail.com>
    Reported-by: Tao Lyu <tao.lyu@epfl.ch>
    Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
    Link: https://lore.kernel.org/r/20231205184248.1502704-2-andrii@kernel.org
    Signed-off-by: Alexei Starovoitov <ast@kernel.org>

 include/linux/bpf_verifier.h                       |  31 +++-
 kernel/bpf/verifier.c                              | 175 ++++++++++++---------
 .../bpf/progs/verifier_subprog_precision.c         |  23 ++-
 tools/testing/selftests/bpf/verifier/precise.c     |  38 +++--
 4 files changed, 169 insertions(+), 98 deletions(-)

accumulated error probability: 0.00
culprit signature: d61cf2c8fa229b0159387eced2e8bceaebbb231a95995da5f1cdfbddbf849904
parent  signature: aaeb9106e61c69fc6cbb3999bb8fff62a2c5d48884b456a37759cdfd4b40a208
revisions tested: 22, total time: 4h14m26.31847608s (build: 1h35m53.582114389s, test: 2h25m14.465500832s)
first bad commit: 41f6f64e6999a837048b1bd13a2f8742964eca6b bpf: support non-r10 register spill/fill to/from stack in precision tracking
recipients (to): ["andrii@kernel.org" "ast@kernel.org" "eddyz87@gmail.com"]
recipients (cc): []
crash: WARNING in __mark_chain_precision
------------[ cut here ]------------
verifier backtracking bug (stack slot out of bounds)
WARNING: CPU: 1 PID: 2795 at kernel/bpf/verifier.c:4251 __mark_chain_precision+0xb1c/0x1080 kernel/bpf/verifier.c:4251
Modules linked in:
CPU: 1 PID: 2795 Comm: syz-executor.0 Not tainted 6.7.0-rc3-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023
RIP: 0010:__mark_chain_precision+0xb1c/0x1080 kernel/bpf/verifier.c:4251
Code: 48 89 df e8 36 5a ff ff 80 3d cc 5d f1 01 00 0f 85 2c ff ff ff c6 05 bf 5d f1 01 01 90 48 c7 c7 08 b5 bd 82 e8 95 82 ea ff 90 <0f> 0b 90 90 e9 0e ff ff ff 42 8b b4 a3 a4 2d 00 00 4c 8d b3 70 2e
RSP: 0018:ffffc900012cb970 EFLAGS: 00010286
RAX: 0000000000000000 RBX: ffff88810e7d8000 RCX: 0000000000000000
RDX: 0000000000000002 RSI: ffffffff82b96199 RDI: 00000000ffffffff
RBP: ffff88810eb07000 R08: 0000000000000000 R09: ffffffff82ea9be0
R10: ffffc900012cb810 R11: ffffffff82f89c28 R12: 0000000000000000
R13: ffff88810c28ec00 R14: 0000000000000001 R15: 0000000000000000
FS:  00007fad952476c0(0000) GS:ffff888237d00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fad957e5988 CR3: 0000000119635000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 mark_chain_precision kernel/bpf/verifier.c:4299 [inline]
 check_cond_jmp_op+0x2cb/0x15b0 kernel/bpf/verifier.c:14685
 do_check kernel/bpf/verifier.c:17477 [inline]
 do_check_common+0x210a/0x3060 kernel/bpf/verifier.c:19916
 do_check_main kernel/bpf/verifier.c:20007 [inline]
 bpf_check+0x1742/0x2990 kernel/bpf/verifier.c:20644
 bpf_prog_load+0x808/0xc40 kernel/bpf/syscall.c:2742
 __sys_bpf+0x6d8/0x23c0 kernel/bpf/syscall.c:5414
 __do_sys_bpf kernel/bpf/syscall.c:5518 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5516 [inline]
 __x64_sys_bpf+0x19/0x20 kernel/bpf/syscall.c:5516
 do_syscall_x64 arch/x86/entry/common.c:51 [inline]
 do_syscall_64+0x40/0x110 arch/x86/entry/common.c:82
 entry_SYSCALL_64_after_hwframe+0x63/0x6b
RIP: 0033:0x7fad956c4ae9
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fad952470c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007fad957e3f80 RCX: 00007fad956c4ae9
RDX: 0000000000000048 RSI: 00000000200017c0 RDI: 0000000000000005
RBP: 00007fad9571047a R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 000000000000000b R14: 00007fad957e3f80 R15: 00007ffccb5a5f58
 </TASK>