ci2 starts bisection 2024-11-11 09:27:29.274718832 +0000 UTC m=+95.076278741 bisecting fixing commit since 79436849ef1d9468c94af4c5b45478217aa9030d building syzkaller on 6f4edef43e90da260aa93c16da223a2a5569c978 ensuring issue is reproducible on original commit 79436849ef1d9468c94af4c5b45478217aa9030d testing commit 79436849ef1d9468c94af4c5b45478217aa9030d gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: d0d6659f0a40e3db6bea891f4ba2a48cbdaf7672b9a377ac0e82628e4fd97b8f all runs: crashed: UBSAN: shift-out-of-bounds in parse_audio_unit representative crash: UBSAN: shift-out-of-bounds in parse_audio_unit, types: [UBSAN] check whether we can drop unnecessary instrumentation disabling configs for [LEAK BUG KASAN LOCKDEP ATOMIC_SLEEP HANG], they are not needed testing commit 79436849ef1d9468c94af4c5b45478217aa9030d gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 6fb219f65ce7db2e789845732d349a70061490a2ef6ec51cc3f7f7ad8983eb6d all runs: crashed: UBSAN: shift-out-of-bounds in parse_audio_unit representative crash: UBSAN: shift-out-of-bounds in parse_audio_unit, types: [UBSAN] the bug reproduces without the instrumentation disabling configs for [LEAK BUG KASAN LOCKDEP ATOMIC_SLEEP HANG], they are not needed kconfig minimization: base=5179 full=6542 leaves diff=262 split chunks (needed=false): <262> split chunk #0 of len 262 into 5 parts testing without sub-chunk 1/5 disabling configs for [LOCKDEP ATOMIC_SLEEP HANG LEAK BUG KASAN], they are not needed testing commit 79436849ef1d9468c94af4c5b45478217aa9030d gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 0d4f1e0c92e4407d438f0ab4a8a74bcbcb5673b5e0c2fc5f18572afbc8edf688 all runs: crashed: UBSAN: shift-out-of-bounds in parse_audio_unit representative crash: UBSAN: shift-out-of-bounds in parse_audio_unit, types: [UBSAN] the chunk can be dropped testing without sub-chunk 2/5 disabling configs for [BUG KASAN LOCKDEP ATOMIC_SLEEP HANG LEAK], they are not needed testing commit 79436849ef1d9468c94af4c5b45478217aa9030d gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: ea95e428d5ab71f6125a08207e621fe6d8b184d2be1006608d6b0baa033eeebb all runs: crashed: UBSAN: shift-out-of-bounds in parse_audio_unit representative crash: UBSAN: shift-out-of-bounds in parse_audio_unit, types: [UBSAN] the chunk can be dropped testing without sub-chunk 3/5 disabling configs for [HANG LEAK BUG KASAN LOCKDEP ATOMIC_SLEEP], they are not needed testing commit 79436849ef1d9468c94af4c5b45478217aa9030d gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: fd7d0057ac17979f001191daec6182b748b7e32819c9d509eff7690bf2b3cbae all runs: OK false negative chance: 0.000 testing without sub-chunk 4/5 disabling configs for [BUG KASAN LOCKDEP ATOMIC_SLEEP HANG LEAK], they are not needed testing commit 79436849ef1d9468c94af4c5b45478217aa9030d gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 97f11ca361895d3f1e96b7657427bb9b041cd31dc3ba848a0f7fd1d60b2aa857 all runs: crashed: UBSAN: shift-out-of-bounds in parse_audio_unit representative crash: UBSAN: shift-out-of-bounds in parse_audio_unit, types: [UBSAN] the chunk can be dropped testing without sub-chunk 5/5 disabling configs for [LOCKDEP ATOMIC_SLEEP HANG LEAK BUG KASAN], they are not needed testing commit 79436849ef1d9468c94af4c5b45478217aa9030d gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 failed building 79436849ef1d9468c94af4c5b45478217aa9030d: net/socket.c:1245: undefined reference to `wext_handle_ioctl' net/socket.c:3442: undefined reference to `compat_wext_handle_ioctl' net/core/net-procfs.c:329: undefined reference to `wext_proc_init' net/core/net-procfs.c:345: undefined reference to `wext_proc_exit' minimized to 103 configs; suspects: [DRM HAVE_CLK HID_PANTHERLORD HID_SMARTJOYPLUS HID_THRUSTMASTER HID_ZEROPLUS INPUT_TABLET MEDIA_RADIO_SUPPORT PAHOLE_HAS_BTF_TAG PAHOLE_HAS_LANG_EXCLUDE PANTHERLORD_FF PM_CLK RADIO_ADAPTERS REGMAP_SPI RESET_CONTROLLER RFKILL RFKILL_LEDS RMI4_2D_SENSOR RMI4_CORE RMI4_F03 RMI4_F03_SERIO RMI4_F11 RMI4_F12 RMI4_F30 SMARTJOYPLUS_FF SMSC_PHY SND SND_COMPRESS_OFFLOAD SND_CTL_FAST_LOOKUP SND_DMAENGINE_PCM SND_DMA_SGBUF SND_DYNAMIC_MINORS SND_HRTIMER SND_HWDEP SND_INTEL_DSP_CONFIG SND_INTEL_SOUNDWIRE_ACPI SND_PCI SND_PCM SND_PCM_TIMER SND_PROC_FS SND_RAWMIDI SND_SOC SND_SOC_ACPI SND_SOC_ACPI_INTEL_MATCH SND_SOC_COMPRESS SND_SOC_GENERIC_DMAENGINE_PCM SND_SOC_I2C_AND_SPI SND_SOC_INTEL_MACH SND_SOC_INTEL_SST_TOPLEVEL SND_SOC_TOPOLOGY SND_SPI SND_SST_ATOM_HIFI2_PLATFORM SND_SST_ATOM_HIFI2_PLATFORM_ACPI SND_TIMER SND_USB SND_USB_AUDIO SND_USB_AUDIO_USE_MEDIA_CONTROLLER SND_X86 SOUND TABLET_USB_ACECAD TABLET_USB_AIPTEK TABLET_USB_HANWANG TABLET_USB_KBTAB THRUSTMASTER_FF TYPEC_DP_ALTMODE TYPEC_FUSB302 USB_ARMLINUX USB_BELKIN USB_CONFIGFS USB_CONFIGFS_ACM USB_NET_CDC_SUBSET USB_NET_GL620A USB_NET_MCS7830 USB_NET_NET1080 USB_NET_PLUSB USB_NET_RNDIS_HOST USB_NET_SMSC75XX USB_NET_SMSC95XX USB_NET_SR9700 USB_NET_SR9800 USB_NET_ZAURUS USB_OHCI_HCD USB_OHCI_HCD_PCI USB_OHCI_HCD_PLATFORM USB_OTG USB_OTG_FSM USB_PRINTER USB_SERIAL_GENERIC USB_SERIAL_PL2303 USB_STORAGE_ALAUDA USB_STORAGE_CYPRESS_ATACB USB_STORAGE_DATAFAB USB_STORAGE_FREECOM USB_STORAGE_ISD200 USB_STORAGE_JUMPSHOT USB_STORAGE_KARMA USB_STORAGE_ONETOUCH USB_STORAGE_SDDR09 USB_STORAGE_SDDR55 USB_STORAGE_USBAT USB_TRANCEVIBRATOR USB_U_AUDIO USB_U_ETHER USB_U_SERIAL USB_WDM V4L2_ASYNC V4L2_FWNODE VIDEO_CAMERA_SENSOR WLAN WLAN_VENDOR_ATH WLAN_VENDOR_ATMEL WLAN_VENDOR_BROADCOM WLAN_VENDOR_INTERSIL WLAN_VENDOR_MARVELL WLAN_VENDOR_MEDIATEK WLAN_VENDOR_MICROCHIP WLAN_VENDOR_PURELIFI WLAN_VENDOR_RALINK WLAN_VENDOR_REALTEK WLAN_VENDOR_RSI WLAN_VENDOR_SILABS WLAN_VENDOR_ZYDAS X86_X32_ABI ZEROPLUS_FF] disabling configs for [HANG LEAK BUG KASAN LOCKDEP ATOMIC_SLEEP], they are not needed testing current HEAD eef3d33656ce2f2dcde74e2abb19c0d50de198e2 testing commit eef3d33656ce2f2dcde74e2abb19c0d50de198e2 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: d6c30a77013bb75423cc7ec60b036c5f22d961e680d6977281579102bfe5eab9 all runs: OK false negative chance: 0.000 # git bisect start eef3d33656ce2f2dcde74e2abb19c0d50de198e2 79436849ef1d9468c94af4c5b45478217aa9030d Bisecting: 1750 revisions left to test after this (roughly 11 steps) [628ddc6ff18c5220d1bb82e8bbbf792ab32755b7] wifi: ath11k: fix wrong handling of CCMP256 and GCMP ciphers determine whether the revision contains the guilty commit checking the merge base 909ba1f1b4146de529469910c1bd0b1248964536 no existing result, test the revision testing commit 909ba1f1b4146de529469910c1bd0b1248964536 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 672cc0c8b80d001839c5242a0dd103c16e1fd2f2399d4946c8b02d49bed3be6e all runs: crashed: UBSAN: shift-out-of-bounds in parse_audio_unit representative crash: UBSAN: shift-out-of-bounds in parse_audio_unit, types: [UBSAN] testing commit 628ddc6ff18c5220d1bb82e8bbbf792ab32755b7 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 8af8b8387c1bb9947fd288348d6bc0f5185311b0c70091f72a474e0657d960f9 all runs: crashed: UBSAN: shift-out-of-bounds in parse_audio_unit representative crash: UBSAN: shift-out-of-bounds in parse_audio_unit, types: [UBSAN] # git bisect good 628ddc6ff18c5220d1bb82e8bbbf792ab32755b7 Bisecting: 875 revisions left to test after this (roughly 10 steps) [3b50da4a11cd52f6f5ad8089db27ff70db48c161] net: xilinx: axienet: Fix dangling multicast addresses determine whether the revision contains the guilty commit revision 909ba1f1b4146de529469910c1bd0b1248964536 crashed and is reachable testing commit 3b50da4a11cd52f6f5ad8089db27ff70db48c161 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 1d14a469a3b8a5d6f40fbc6f28d684ef96ffb44b6060a6a74ca86953c1263bef all runs: OK false negative chance: 0.000 # git bisect bad 3b50da4a11cd52f6f5ad8089db27ff70db48c161 Bisecting: 437 revisions left to test after this (roughly 9 steps) [02d5f1ba1f3af2ef33d742308def948154024977] net: linkwatch: use system_unbound_wq determine whether the revision contains the guilty commit revision 909ba1f1b4146de529469910c1bd0b1248964536 crashed and is reachable testing commit 02d5f1ba1f3af2ef33d742308def948154024977 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: c66695d7abe53bd511202323d495eb7d69636b59d0607883cd98ecb1a18cf543 all runs: crashed: UBSAN: shift-out-of-bounds in parse_audio_unit representative crash: UBSAN: shift-out-of-bounds in parse_audio_unit, types: [UBSAN] # git bisect good 02d5f1ba1f3af2ef33d742308def948154024977 Bisecting: 218 revisions left to test after this (roughly 8 steps) [40c88c429a598006f91ad7a2b89856cd50b3a008] bpf: drop unnecessary user-triggerable WARN_ONCE in verifierl log determine whether the revision contains the guilty commit revision 909ba1f1b4146de529469910c1bd0b1248964536 crashed and is reachable testing commit 40c88c429a598006f91ad7a2b89856cd50b3a008 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 85577535af3e634caef2de506abd6e83cce066b7d4ed4021269c718e31cc3d2c all runs: crashed: UBSAN: shift-out-of-bounds in parse_audio_unit representative crash: UBSAN: shift-out-of-bounds in parse_audio_unit, types: [UBSAN] # git bisect good 40c88c429a598006f91ad7a2b89856cd50b3a008 Bisecting: 109 revisions left to test after this (roughly 7 steps) [83d0dcbb3d2063d85b95e026da90bc09fd1419ea] rust: fix the default format for CONFIG_{RUSTC,BINDGEN}_VERSION_TEXT determine whether the revision contains the guilty commit revision 909ba1f1b4146de529469910c1bd0b1248964536 crashed and is reachable testing commit 83d0dcbb3d2063d85b95e026da90bc09fd1419ea gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: e81b0cd0f7742951aaadc77faae3be24cb7ed1bac8ff832eb28973c953f7751d all runs: OK false negative chance: 0.000 # git bisect bad 83d0dcbb3d2063d85b95e026da90bc09fd1419ea Bisecting: 54 revisions left to test after this (roughly 6 steps) [a051d405c3dfb8926642667f5aa053757dda5404] mlxbf_gige: disable RX filters until RX path initialized determine whether the revision contains the guilty commit revision 909ba1f1b4146de529469910c1bd0b1248964536 crashed and is reachable testing commit a051d405c3dfb8926642667f5aa053757dda5404 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 514edaab4714e889063478d96f8352a836107c2ae0a3bc61faf8e86ea2cd87db all runs: OK false negative chance: 0.000 # git bisect bad a051d405c3dfb8926642667f5aa053757dda5404 Bisecting: 26 revisions left to test after this (roughly 5 steps) [79720743421753ff72bfa0d79976c534645b81c1] wifi: mac80211: fix receiving A-MSDU frames on mesh interfaces determine whether the revision contains the guilty commit revision 02d5f1ba1f3af2ef33d742308def948154024977 crashed and is reachable testing commit 79720743421753ff72bfa0d79976c534645b81c1 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 0e6ba6c2b235f84d259bbbb4f757ba2805135e67e784e8874e3f98c64b0c8862 all runs: crashed: UBSAN: shift-out-of-bounds in parse_audio_unit representative crash: UBSAN: shift-out-of-bounds in parse_audio_unit, types: [UBSAN] # git bisect good 79720743421753ff72bfa0d79976c534645b81c1 Bisecting: 13 revisions left to test after this (roughly 4 steps) [53023ab11836ac56fd75f7a71ec1356e50920fa9] jfs: fix null ptr deref in dtInsertEntry determine whether the revision contains the guilty commit revision 40c88c429a598006f91ad7a2b89856cd50b3a008 crashed and is reachable testing commit 53023ab11836ac56fd75f7a71ec1356e50920fa9 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 7256447896a3a82d15768fdd51165dc8b6674bcd414d038f55c205811d00a601 all runs: crashed: UBSAN: shift-out-of-bounds in parse_audio_unit representative crash: UBSAN: shift-out-of-bounds in parse_audio_unit, types: [UBSAN] # git bisect good 53023ab11836ac56fd75f7a71ec1356e50920fa9 Bisecting: 6 revisions left to test after this (roughly 3 steps) [9367bad8dbdb1fdd3f96979d73ca07a6ead2c018] net/mlx5e: Correctly report errors for ethtool rx flows determine whether the revision contains the guilty commit revision 40c88c429a598006f91ad7a2b89856cd50b3a008 crashed and is reachable testing commit 9367bad8dbdb1fdd3f96979d73ca07a6ead2c018 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 2b1a743796527daefcf4011efccfd8b452a414bc2f3abed99fd9681a8850ed84 all runs: OK false negative chance: 0.000 # git bisect bad 9367bad8dbdb1fdd3f96979d73ca07a6ead2c018 Bisecting: 3 revisions left to test after this (roughly 2 steps) [cf8715aecc5bc0ae7ad0fcc0cd9887d3bf0f81a6] ALSA: usb: Fix UBSAN warning in parse_audio_unit() determine whether the revision contains the guilty commit revision 40c88c429a598006f91ad7a2b89856cd50b3a008 crashed and is reachable testing commit cf8715aecc5bc0ae7ad0fcc0cd9887d3bf0f81a6 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 463b9b7415a89c8166014ce37d6664614e760f0859537a26c8113df878aabaab all runs: OK false negative chance: 0.000 # git bisect bad cf8715aecc5bc0ae7ad0fcc0cd9887d3bf0f81a6 Bisecting: 0 revisions left to test after this (roughly 1 step) [6f1df9615260eb5b73ff5b09f04a272843ccee0f] fs/ntfs3: Do copy_to_user out of run_lock determine whether the revision contains the guilty commit revision 40c88c429a598006f91ad7a2b89856cd50b3a008 crashed and is reachable testing commit 6f1df9615260eb5b73ff5b09f04a272843ccee0f gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: f6b216743cc5c2b49e3cba0fe26d27fbf85cbe5dd24f6c0350893d5baf8850ce run #0: crashed: UBSAN: shift-out-of-bounds in parse_audio_unit run #1: crashed: UBSAN: shift-out-of-bounds in parse_audio_unit run #2: crashed: UBSAN: shift-out-of-bounds in parse_audio_unit run #3: crashed: UBSAN: shift-out-of-bounds in parse_audio_unit run #4: crashed: UBSAN: shift-out-of-bounds in parse_audio_unit run #5: crashed: UBSAN: shift-out-of-bounds in parse_audio_unit run #6: crashed: UBSAN: shift-out-of-bounds in parse_audio_unit run #7: crashed: UBSAN: shift-out-of-bounds in parse_audio_unit run #8: crashed: UBSAN: shift-out-of-bounds in parse_audio_unit run #9: basic kernel testing failed: lost connection to test machine representative crash: UBSAN: shift-out-of-bounds in parse_audio_unit, types: [UBSAN] # git bisect good 6f1df9615260eb5b73ff5b09f04a272843ccee0f cf8715aecc5bc0ae7ad0fcc0cd9887d3bf0f81a6 is the first bad commit commit cf8715aecc5bc0ae7ad0fcc0cd9887d3bf0f81a6 Author: Takashi Iwai Date: Mon Jul 15 14:35:54 2024 +0200 ALSA: usb: Fix UBSAN warning in parse_audio_unit() [ Upstream commit 2f38cf730caedaeacdefb7ff35b0a3c1168117f9 ] A malformed USB descriptor may pass the lengthy mixer description with a lot of channels, and this may overflow the 32bit integer shift size, as caught by syzbot UBSAN test. Although this won't cause any real trouble, it's better to address. This patch introduces a sanity check of the number of channels to bail out the parsing when too many channels are found. Reported-by: syzbot+78d5b129a762182225aa@syzkaller.appspotmail.com Closes: https://lore.kernel.org/0000000000000adac5061d3c7355@google.com Link: https://patch.msgid.link/20240715123619.26612-1-tiwai@suse.de Signed-off-by: Takashi Iwai Signed-off-by: Sasha Levin sound/usb/mixer.c | 7 +++++++ 1 file changed, 7 insertions(+) accumulated error probability: 0.00 culprit signature: 463b9b7415a89c8166014ce37d6664614e760f0859537a26c8113df878aabaab parent signature: f6b216743cc5c2b49e3cba0fe26d27fbf85cbe5dd24f6c0350893d5baf8850ce revisions tested: 19, total time: 7h30m8.48208548s (build: 3h32m16.76305892s, test: 2h32m24.993187007s) first good commit: cf8715aecc5bc0ae7ad0fcc0cd9887d3bf0f81a6 ALSA: usb: Fix UBSAN warning in parse_audio_unit() recipients (to): ["sashal@kernel.org" "tiwai@suse.de"] recipients (cc): []