ci2 starts bisection 2024-01-02 18:32:17.923621019 +0000 UTC m=+960141.247506580 bisecting fixing commit since 76ba310227d2490018c271f1ecabb6c0a3212eb0 building syzkaller on a4ae4f428721da42ac15f07d6f3b54584dedee27 ensuring issue is reproducible on original commit 76ba310227d2490018c271f1ecabb6c0a3212eb0 testing commit 76ba310227d2490018c271f1ecabb6c0a3212eb0 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: ae98b4d044de3819ca1e17fe896038e512b93ff0892bdde01664995b459b5a9d all runs: crashed: WARNING in __kernel_write_iter representative crash: WARNING in __kernel_write_iter, types: [WARNING] check whether we can drop unnecessary instrumentation disabling configs for [HANG LEAK UBSAN KASAN LOCKDEP ATOMIC_SLEEP], they are not needed testing commit 76ba310227d2490018c271f1ecabb6c0a3212eb0 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: fd224c5c1681733dc5f43500fd4c5bad59aba4f8b60336a02271d70eded02c91 all runs: crashed: WARNING in __kernel_write_iter representative crash: WARNING in __kernel_write_iter, types: [WARNING] the bug reproduces without the instrumentation disabling configs for [HANG LEAK UBSAN KASAN LOCKDEP ATOMIC_SLEEP], they are not needed kconfig minimization: base=3820 full=7523 leaves diff=1994 split chunks (needed=false): <1994> split chunk #0 of len 1994 into 5 parts testing without sub-chunk 1/5 disabling configs for [ATOMIC_SLEEP HANG LEAK UBSAN KASAN LOCKDEP], they are not needed testing commit 76ba310227d2490018c271f1ecabb6c0a3212eb0 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: a8648a090df6fd806e31b538b864d505c473f29ef80f5ac55bd8f9c15c9860b8 all runs: OK false negative chance: 0.000 testing without sub-chunk 2/5 disabling configs for [UBSAN KASAN LOCKDEP ATOMIC_SLEEP HANG LEAK], they are not needed testing commit 76ba310227d2490018c271f1ecabb6c0a3212eb0 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 9d00233c53bbb6f27648fe71483fe154e99a9abd37fea8a92636b20c63bc58af all runs: crashed: WARNING in __kernel_write_iter representative crash: WARNING in __kernel_write_iter, types: [WARNING] the chunk can be dropped testing without sub-chunk 3/5 disabling configs for [ATOMIC_SLEEP HANG LEAK UBSAN KASAN LOCKDEP], they are not needed testing commit 76ba310227d2490018c271f1ecabb6c0a3212eb0 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 55fc78499657c9c93035556ea3d76764b2aa78440a69fbdbfd5aa81ebe3302a2 all runs: crashed: WARNING in __kernel_write_iter representative crash: WARNING in __kernel_write_iter, types: [WARNING] the chunk can be dropped testing without sub-chunk 4/5 disabling configs for [HANG LEAK UBSAN KASAN LOCKDEP ATOMIC_SLEEP], they are not needed testing commit 76ba310227d2490018c271f1ecabb6c0a3212eb0 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 99e17356d8ea86b7055172e7811f61644955182d6a770c2afb0590e633af2775 all runs: crashed: WARNING in __kernel_write_iter representative crash: WARNING in __kernel_write_iter, types: [WARNING] the chunk can be dropped testing without sub-chunk 5/5 disabling configs for [KASAN LOCKDEP ATOMIC_SLEEP HANG LEAK UBSAN], they are not needed testing commit 76ba310227d2490018c271f1ecabb6c0a3212eb0 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: a4bf11a296ff8c78ec4138b87d8d48fe2ce0a2e7b7623b08f25bfa25b85e1cd0 all runs: crashed: WARNING in __kernel_write_iter representative crash: WARNING in __kernel_write_iter, types: [WARNING] the chunk can be dropped minimized to 399 configs; suspects: [6LOWPAN 6LOWPAN_GHC_EXT_HDR_DEST 6LOWPAN_GHC_EXT_HDR_FRAG 6LOWPAN_GHC_EXT_HDR_HOP 6LOWPAN_GHC_EXT_HDR_ROUTE 6LOWPAN_GHC_ICMPV6 6LOWPAN_GHC_UDP 6LOWPAN_NHC 6LOWPAN_NHC_DEST 6LOWPAN_NHC_FRAGMENT 6LOWPAN_NHC_HOP 6LOWPAN_NHC_IPV6 6LOWPAN_NHC_MOBILITY 6LOWPAN_NHC_ROUTING 6LOWPAN_NHC_UDP 6PACK 842_COMPRESS 842_DECOMPRESS 9P_FSCACHE 9P_FS_POSIX_ACL 9P_FS_SECURITY ACORN_PARTITION ACORN_PARTITION_ADFS ACORN_PARTITION_CUMANA ACORN_PARTITION_EESOX ACORN_PARTITION_ICS ACORN_PARTITION_POWERTEC ACORN_PARTITION_RISCIX ACPI_NFIT ACPI_PLATFORM_PROFILE ADFS_FS AFFS_FS AFS_FS AFS_FSCACHE AF_KCM AF_RXRPC AF_RXRPC_IPV6 AIX_PARTITION AMIGA_PARTITION ANDROID_BINDERFS ANDROID_BINDER_IPC ANON_VMA_NAME APERTURE_HELPERS AR5523 ARCH_ENABLE_MEMORY_HOTREMOVE ARCH_ENABLE_THP_MIGRATION ASM_MODVERSIONS ASYNC_CORE ASYNC_MEMCPY ASYNC_PQ ASYNC_RAID6_RECOV ASYNC_TX_DMA ASYNC_XOR ATARI_PARTITION ATA_GENERIC ATA_OVER_ETH ATH10K ATH10K_CE ATH10K_PCI ATH10K_USB ATH11K ATH6KL ATH6KL_USB ATH9K ATH9K_AHB ATH9K_BTCOEX_SUPPORT ATH9K_CHANNEL_CONTEXT ATH9K_COMMON ATH9K_COMMON_DEBUG ATH9K_DEBUGFS ATH9K_DYNACK ATH9K_HTC ATH9K_HTC_DEBUGFS ATH9K_HW ATH9K_PCI ATH9K_PCOEM ATH9K_RFKILL ATH_COMMON ATM ATM_BR2684 ATM_CLIP ATM_DRIVERS ATM_LANE ATM_MPOA ATM_TCP AUXILIARY_BUS AX25 AX25_DAMA_SLAVE AX88796B_PHY BAREUDP BATMAN_ADV BATMAN_ADV_BATMAN_V BATMAN_ADV_BLA BATMAN_ADV_DAT BATMAN_ADV_MCAST BATMAN_ADV_NC BCACHE BCMA BCMA_HOST_PCI_POSSIBLE BEFS_FS BFQ_CGROUP_DEBUG BFQ_GROUP_IOSCHED BFS_FS BIG_KEYS BLK_CGROUP_RWSTAT BLK_DEBUG_FS_ZONED BLK_DEV_BSGLIB BLK_DEV_FD BLK_DEV_INTEGRITY BLK_DEV_INTEGRITY_T10 BLK_DEV_NBD BLK_DEV_NULL_BLK BLK_DEV_NULL_BLK_FAULT_INJECTION BLK_DEV_NVME BLK_DEV_PMEM BLK_DEV_RAM BLK_DEV_RNBD BLK_DEV_RNBD_CLIENT BLK_DEV_THROTTLING BLK_DEV_ZONED BLK_ICQ BLK_INLINE_ENCRYPTION BLK_INLINE_ENCRYPTION_FALLBACK BLK_MQ_RDMA BLK_WBT BLK_WBT_MQ BONDING BOOT_VESA_SUPPORT BPF_EVENTS BPF_JIT BPF_JIT_ALWAYS_ON BPF_JIT_DEFAULT_ON BPF_LSM BPF_PRELOAD BPF_PRELOAD_UMD BPF_STREAM_PARSER BPF_SYSCALL BPQETHER BRIDGE BRIDGE_CFM BRIDGE_EBT_802_3 BRIDGE_EBT_AMONG BRIDGE_EBT_ARP BRIDGE_EBT_ARPREPLY BRIDGE_EBT_BROUTE BRIDGE_EBT_DNAT BRIDGE_EBT_IP BRIDGE_EBT_IP6 BRIDGE_EBT_LIMIT BRIDGE_EBT_LOG BRIDGE_EBT_MARK BRIDGE_EBT_MARK_T BRIDGE_EBT_NFLOG BRIDGE_EBT_PKTTYPE BRIDGE_EBT_REDIRECT BRIDGE_EBT_SNAT BRIDGE_EBT_STP BRIDGE_EBT_T_FILTER BRIDGE_EBT_T_NAT BRIDGE_EBT_VLAN BRIDGE_IGMP_SNOOPING BRIDGE_MRP BRIDGE_NF_EBTABLES BRIDGE_VLAN_FILTERING BSD_DISKLABEL BSD_PROCESS_ACCT_V3 BT BTRFS_ASSERT BTRFS_FS BTRFS_FS_POSIX_ACL BTRFS_FS_REF_VERIFY BTT BT_6LOWPAN BT_ATH3K BT_BCM BT_BNEP BT_BNEP_MC_FILTER BT_BNEP_PROTO_FILTER BT_BREDR BT_CMTP BT_HCIBCM203X BT_HCIBFUSB BT_HCIBPA10X BT_HCIBTUSB BT_HCIBTUSB_BCM BT_HCIBTUSB_MTK BT_HCIBTUSB_RTL BT_HCIUART BT_HCIUART_3WIRE BT_HCIUART_AG6XX BT_HCIUART_BCSP BT_HCIUART_H4 BT_HCIUART_LL BT_HCIUART_MRVL BT_HCIUART_QCA BT_HCIUART_SERDEV BT_HCIVHCI BT_HIDP BT_HS BT_INTEL BT_LE BT_LEDS BT_MSFTEXT BT_MTK BT_QCA BT_RFCOMM BT_RFCOMM_TTY BT_RTL CACHEFILES CAIF CAIF_DEBUG CAIF_DRIVERS CAIF_NETDEV CAIF_TTY CAIF_USB CAIF_VIRTIO CAN CAN_8DEV_USB CAN_BCM CAN_CALC_BITTIMING CAN_DEV CAN_EMS_USB CAN_GS_USB CAN_GW CAN_IFI_CANFD CAN_ISOTP CAN_J1939 CAN_KVASER_USB CAN_MCBA_USB CAN_NETLINK CAN_PEAK_USB CAN_RAW CAN_SLCAN CAN_VCAN CAN_VXCAN CAPI_TRACE CARL9170 CARL9170_HWRNG CARL9170_LEDS CARL9170_WPC CC_HAS_ZERO_CALL_USED_REGS CEC_CORE CEPH_FS CEPH_FSCACHE CEPH_FS_POSIX_ACL CEPH_LIB CEPH_LIB_USE_DNS_RESOLVER CFG80211 CFG80211_CRDA_SUPPORT CFG80211_DEBUGFS CFG80211_DEFAULT_PS CFG80211_REQUIRE_SIGNED_REGDB CFG80211_USE_KERNEL_REGDB_KEYS CFG80211_WEXT CFS_BANDWIDTH CGROUP_BPF CHARGER_BQ24190 CHARGER_ISP1704 CHR_DEV_ST CIFS CIFS_ALLOW_INSECURE_LEGACY CIFS_DEBUG CIFS_DFS_UPCALL CIFS_FSCACHE CIFS_POSIX CIFS_SMB_DIRECT CIFS_SWN_UPCALL CIFS_UPCALL CIFS_XATTR CLS_U32_MARK CLS_U32_PERF CMA CMA_SIZE_SEL_MBYTES CMDLINE_PARTITION COMEDI COMEDI_DT9812 COMEDI_NI_USB6501 COMEDI_USBDUX COMEDI_USBDUXFAST COMEDI_USBDUXSIGMA COMEDI_USB_DRIVERS COMEDI_VMK80XX COMPAT_NETLINK_MESSAGES COUNTER CRAMFS CRAMFS_BLOCKDEV CRAMFS_MTD CRC4 CRC64 CRC64_ROCKSOFT CRC7 CRC8 CRC_ITU_T CRC_T10DIF CRYPTO_ADIANTUM CRYPTO_AEGIS128 CRYPTO_AEGIS128_AESNI_SSE2 CRYPTO_AES_NI_INTEL CRYPTO_AES_TI CRYPTO_ANSI_CPRNG CRYPTO_ANUBIS CRYPTO_ARC4 CRYPTO_ARCH_HAVE_LIB_BLAKE2S CRYPTO_ARCH_HAVE_LIB_CHACHA CRYPTO_ARCH_HAVE_LIB_CURVE25519 CRYPTO_ARCH_HAVE_LIB_POLY1305 CRYPTO_ARIA CRYPTO_ARIA_AESNI_AVX_X86_64 CRYPTO_BLAKE2B CRYPTO_BLAKE2S_X86 CRYPTO_BLOWFISH CRYPTO_BLOWFISH_COMMON CRYPTO_BLOWFISH_X86_64 CRYPTO_CAMELLIA CRYPTO_CAMELLIA_AESNI_AVX2_X86_64 CRYPTO_CAMELLIA_AESNI_AVX_X86_64 CRYPTO_CAMELLIA_X86_64 CRYPTO_CAST5 CRYPTO_CAST5_AVX_X86_64 CRYPTO_CAST6 CRYPTO_CAST6_AVX_X86_64 CRYPTO_CAST_COMMON CRYPTO_CFB CRYPTO_CHACHA20 CRYPTO_CHACHA20POLY1305 CRYPTO_CHACHA20_X86_64 CRYPTO_CRC32 CRYPTO_CRC32C_INTEL CRYPTO_CRC32_PCLMUL CRYPTO_CRC64_ROCKSOFT CRYPTO_CRCT10DIF CRYPTO_CRCT10DIF_PCLMUL CRYPTO_CRYPTD CRYPTO_CTS CRYPTO_CURVE25519 CRYPTO_CURVE25519_X86 CRYPTO_DEFLATE CRYPTO_DES CRYPTO_DES3_EDE_X86_64 CRYPTO_DEV_CCP CRYPTO_DEV_CCP_DD CRYPTO_DEV_PADLOCK CRYPTO_DEV_PADLOCK_AES CRYPTO_DEV_PADLOCK_SHA CRYPTO_DEV_QAT CRYPTO_DEV_QAT_C3XXX CRYPTO_DEV_QAT_C3XXXVF CRYPTO_DEV_QAT_C62X CRYPTO_DEV_QAT_C62XVF CRYPTO_DEV_QAT_DH895xCC CRYPTO_DEV_QAT_DH895xCCVF CRYPTO_DEV_VIRTIO CRYPTO_DH CRYPTO_DRBG_CTR CRYPTO_DRBG_HASH CRYPTO_ECB CRYPTO_ECC CRYPTO_ECDH CRYPTO_ECRDSA CRYPTO_ENGINE CRYPTO_ESSIV CRYPTO_FCRYPT CRYPTO_GHASH_CLMUL_NI_INTEL CRYPTO_HCTR2 CRYPTO_KDF800108_CTR CRYPTO_KEYWRAP CRYPTO_KHAZAD CRYPTO_KPP CRYPTO_LIB_ARC4 CRYPTO_LIB_CHACHA CRYPTO_LIB_CHACHA20POLY1305 CRYPTO_LIB_CHACHA_GENERIC CRYPTO_LIB_CURVE25519 CRYPTO_LIB_CURVE25519_GENERIC CRYPTO_LIB_DES CRYPTO_LIB_POLY1305 CRYPTO_LIB_POLY1305_GENERIC CRYPTO_LRW CRYPTO_MICHAEL_MIC CRYPTO_NHPOLY1305 CRYPTO_NHPOLY1305_AVX2 CRYPTO_NHPOLY1305_SSE2 CRYPTO_OFB CRYPTO_PCBC CRYPTO_PCRYPT CRYPTO_POLY1305 CRYPTO_POLY1305_X86_64 CRYPTO_POLYVAL CRYPTO_POLYVAL_CLMUL_NI CRYPTO_RMD160 CRYPTO_SEED CRYPTO_SERPENT CRYPTO_SERPENT_AVX2_X86_64 CRYPTO_SERPENT_AVX_X86_64 CRYPTO_SERPENT_SSE2_X86_64 CRYPTO_SHA1_SSSE3 CRYPTO_SHA256_SSSE3 CRYPTO_SHA3 CRYPTO_SHA512_SSSE3 CRYPTO_SIMD CRYPTO_SM2 CRYPTO_SM3 CRYPTO_SM3_AVX_X86_64 CRYPTO_SM4 CRYPTO_SM4_AESNI_AVX2_X86_64 CRYPTO_SM4_AESNI_AVX_X86_64 CRYPTO_SM4_GENERIC CRYPTO_STREEBOG CRYPTO_TEA CRYPTO_TWOFISH CRYPTO_TWOFISH_AVX_X86_64 CRYPTO_TWOFISH_COMMON CRYPTO_TWOFISH_X86_64 CRYPTO_TWOFISH_X86_64_3WAY CRYPTO_USER CRYPTO_USER_API CRYPTO_USER_API_AEAD CRYPTO_USER_API_ENABLE_OBSOLETE CRYPTO_USER_API_HASH CRYPTO_USER_API_RNG CRYPTO_USER_API_SKCIPHER CRYPTO_VMAC CRYPTO_WP512 CRYPTO_XCBC CRYPTO_XCTR CRYPTO_XTS CRYPTO_XXHASH CUSE CYPRESS_FIRMWARE DAMON DAMON_DBGFS DAMON_PADDR DAMON_RECLAIM DAMON_VADDR DAX DCA DCB DEFAULT_PFIFO_FAST DEVICE_MIGRATION DEVICE_PRIVATE DEV_COREDUMP DEV_DAX DIMLIB DLN2_ADC DMABUF_HEAPS DMABUF_HEAPS_CMA DMABUF_HEAPS_SYSTEM DMABUF_MOVE_NOTIFY DMA_CMA DMA_ENGINE_RAID DM_AUDIT DM_BIO_PRISON DM_BUFIO DM_CACHE DM_CACHE_SMQ DM_CLONE DM_CRYPT DM_FLAKEY DM_INTEGRITY DM_MULTIPATH DM_MULTIPATH_QL DM_MULTIPATH_ST DM_PERSISTENT_DATA DM_RAID DM_SNAPSHOT DM_THIN_PROVISIONING DM_UEVENT DM_VERITY DM_VERITY_FEC DM_WRITECACHE DM_ZONED DRAGONRISE_FF DRM DRM_BOCHS DRM_BUDDY DRM_CIRRUS_QEMU DRM_DEBUG_MM ENCRYPTED_KEYS EXTCON FSCACHE FUSE_FS GPIOLIB HAMRADIO HID_DRAGONRISE IIO INFINIBAND INFINIBAND_ADDR_TRANS INFINIBAND_RTRS_CLIENT IOSCHED_BFQ ISDN ISDN_CAPI LIBNVDIMM MAC80211 MAC80211_LEDS MEDIA_SUPPORT MEMORY_HOTPLUG MEMORY_HOTREMOVE MFD_DLN2 MTD NET_CLS_U32 NET_SCH_DEFAULT PARTITION_ADVANCED RFKILL SERIAL_DEV_BUS TLS TLS_DEVICE TRANSPARENT_HUGEPAGE TRUSTED_KEYS USB_GADGET USB_PHY VLAN_8021Q WANT_COMPAT_NETLINK_MESSAGES WEXT_CORE WIRELESS WIRELESS_EXT WLAN WLAN_VENDOR_ATH X86_X32_ABI ZONE_DEVICE] disabling configs for [ATOMIC_SLEEP HANG LEAK UBSAN KASAN LOCKDEP], they are not needed testing current HEAD a507f147e6f06e86b7649b46bc1d3caa34b196d6 testing commit a507f147e6f06e86b7649b46bc1d3caa34b196d6 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 98d6f38dfed3892cd905fcbf53757b316bd9cf34e53f363017abc8263f0993fe all runs: OK false negative chance: 0.000 # git bisect start a507f147e6f06e86b7649b46bc1d3caa34b196d6 76ba310227d2490018c271f1ecabb6c0a3212eb0 Bisecting: 2935 revisions left to test after this (roughly 12 steps) [0ef736fec61422794c4a991d46c4ec212b01d8d1] ARM: dts: BCM53573: Fix Tenda AC9 switch CPU port determine whether the revision contains the guilty commit revision 76ba310227d2490018c271f1ecabb6c0a3212eb0 crashed and is reachable testing commit 0ef736fec61422794c4a991d46c4ec212b01d8d1 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 1c02b6c8445fa1b262d448d41729fde2479d06296ce710c3353b6a531040edd6 all runs: crashed: WARNING in __kernel_write_iter representative crash: WARNING in __kernel_write_iter, types: [WARNING] # git bisect good 0ef736fec61422794c4a991d46c4ec212b01d8d1 Bisecting: 1467 revisions left to test after this (roughly 11 steps) [ee73f937c5e9be8d7f778e9fbf383d3cee2292ea] r8152: Increase USB control msg timeout to 5000ms as per spec determine whether the revision contains the guilty commit revision 76ba310227d2490018c271f1ecabb6c0a3212eb0 crashed and is reachable testing commit ee73f937c5e9be8d7f778e9fbf383d3cee2292ea gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: b501c70bcac9fc66d047e08d36e6ed89d78f7fc495d1a8cda850858804b6c755 all runs: crashed: WARNING in __kernel_write_iter representative crash: WARNING in __kernel_write_iter, types: [WARNING] # git bisect good ee73f937c5e9be8d7f778e9fbf383d3cee2292ea Bisecting: 733 revisions left to test after this (roughly 10 steps) [f7ab9dee220041a3c053c022b0c13b3e905de96e] tracing: Have the user copy of synthetic event address use correct context determine whether the revision contains the guilty commit revision 76ba310227d2490018c271f1ecabb6c0a3212eb0 crashed and is reachable testing commit f7ab9dee220041a3c053c022b0c13b3e905de96e gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: e07d24fed2dce4bf46201b6e05cd60f3909c92501ec693258fe25baecc81e48b all runs: crashed: WARNING in __kernel_write_iter representative crash: WARNING in __kernel_write_iter, types: [WARNING] # git bisect good f7ab9dee220041a3c053c022b0c13b3e905de96e Bisecting: 366 revisions left to test after this (roughly 9 steps) [d54470adfcc77029388b2391e93b515045922a7b] octeontx2-af: Fix mcs stats register address determine whether the revision contains the guilty commit revision 76ba310227d2490018c271f1ecabb6c0a3212eb0 crashed and is reachable testing commit d54470adfcc77029388b2391e93b515045922a7b gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 30c3d05afc28bd5076ecbc77c9a535012db1e79d4aa2e70305aa3346a3183f79 all runs: OK false negative chance: 0.000 # git bisect bad d54470adfcc77029388b2391e93b515045922a7b Bisecting: 183 revisions left to test after this (roughly 8 steps) [354d162ba527c6d935b59c53c644722d533607cd] swiotlb-xen: provide the "max_mapping_size" method determine whether the revision contains the guilty commit revision 76ba310227d2490018c271f1ecabb6c0a3212eb0 crashed and is reachable testing commit 354d162ba527c6d935b59c53c644722d533607cd gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 2ef6c681f53f0ed5540f25d8d585af74a00f00bb0ebc16b5cbdf7ba8e55f7c0b all runs: crashed: WARNING in __kernel_write_iter representative crash: WARNING in __kernel_write_iter, types: [WARNING] # git bisect good 354d162ba527c6d935b59c53c644722d533607cd Bisecting: 91 revisions left to test after this (roughly 7 steps) [5d5bcfb1ca8d2670d944f1e2899ba654f5d92eaf] net: stmmac: xgmac: Disable FPE MMC interrupts determine whether the revision contains the guilty commit revision 0ef736fec61422794c4a991d46c4ec212b01d8d1 crashed and is reachable testing commit 5d5bcfb1ca8d2670d944f1e2899ba654f5d92eaf gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 6a9ceb4cfe7ef137a34b27f7ac3b2b6254d952196621bfe0c016223e0bacfab4 all runs: OK false negative chance: 0.000 # git bisect bad 5d5bcfb1ca8d2670d944f1e2899ba654f5d92eaf Bisecting: 45 revisions left to test after this (roughly 6 steps) [c5cf436c8969516c92aaceb87582ff19bd187756] drm/amdgpu: Force order between a read and write to the same address determine whether the revision contains the guilty commit revision 354d162ba527c6d935b59c53c644722d533607cd crashed and is reachable testing commit c5cf436c8969516c92aaceb87582ff19bd187756 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 1b62fc1272b154dc84f7be26fc472383d8f569004e48a01d5007bb29245b2688 all runs: crashed: WARNING in __kernel_write_iter representative crash: WARNING in __kernel_write_iter, types: [WARNING] # git bisect good c5cf436c8969516c92aaceb87582ff19bd187756 Bisecting: 22 revisions left to test after this (roughly 5 steps) [0ad7d59e790141fb16f1e4e134bb8c91416e96ab] parisc: Mark altinstructions read-only and 32-bit aligned determine whether the revision contains the guilty commit revision c5cf436c8969516c92aaceb87582ff19bd187756 crashed and is reachable testing commit 0ad7d59e790141fb16f1e4e134bb8c91416e96ab gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: dcd323381d5745d79abe50b965fbaba871d3fc5ff9710ee3e58ff27cb0b127fa all runs: crashed: WARNING in __kernel_write_iter representative crash: WARNING in __kernel_write_iter, types: [WARNING] # git bisect good 0ad7d59e790141fb16f1e4e134bb8c91416e96ab Bisecting: 11 revisions left to test after this (roughly 4 steps) [307a6525c82a5a1bc5364711ece92c2d2487e1ad] wifi: cfg80211: fix CQM for non-range use determine whether the revision contains the guilty commit revision 76ba310227d2490018c271f1ecabb6c0a3212eb0 crashed and is reachable testing commit 307a6525c82a5a1bc5364711ece92c2d2487e1ad gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: dd60b068d3129cb4024faa1a2ab13bf4c5a80dbb36e3f94d0cb79d74cfdb94b6 all runs: OK false negative chance: 0.000 # git bisect bad 307a6525c82a5a1bc5364711ece92c2d2487e1ad Bisecting: 5 revisions left to test after this (roughly 3 steps) [32912ee869317ebd20304fd44c92e3eb9acf6da4] btrfs: make error messages more clear when getting a chunk map determine whether the revision contains the guilty commit revision 0ef736fec61422794c4a991d46c4ec212b01d8d1 crashed and is reachable testing commit 32912ee869317ebd20304fd44c92e3eb9acf6da4 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: e50bfcb732a0738f8df5c328ee7344d12e5b13835aa01f64ae949c190aab69f3 all runs: OK false negative chance: 0.000 # git bisect bad 32912ee869317ebd20304fd44c92e3eb9acf6da4 Bisecting: 2 revisions left to test after this (roughly 1 step) [9fe447c485ede29e60c21bc0ac5255720d06fb11] btrfs: ref-verify: fix memory leaks in btrfs_ref_tree_mod() determine whether the revision contains the guilty commit revision c5cf436c8969516c92aaceb87582ff19bd187756 crashed and is reachable testing commit 9fe447c485ede29e60c21bc0ac5255720d06fb11 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 427e96141f439ad03b52aafc48a52e1e249c72177ae1b3a889631c4c209a72b5 all runs: crashed: WARNING in __kernel_write_iter representative crash: WARNING in __kernel_write_iter, types: [WARNING] # git bisect good 9fe447c485ede29e60c21bc0ac5255720d06fb11 Bisecting: 0 revisions left to test after this (roughly 1 step) [4fc9c61c02c0a59d2f273933c32776d403202c09] btrfs: send: ensure send_fd is writable determine whether the revision contains the guilty commit revision 0ef736fec61422794c4a991d46c4ec212b01d8d1 crashed and is reachable testing commit 4fc9c61c02c0a59d2f273933c32776d403202c09 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: d1c87f37d2534ef54d97a816053ccaf2f9c7b5997e9cea3972513737b8896790 all runs: OK false negative chance: 0.000 # git bisect bad 4fc9c61c02c0a59d2f273933c32776d403202c09 Bisecting: 0 revisions left to test after this (roughly 0 steps) [86742a963fe6480b7c47ba382f75ffb6966099ba] btrfs: fix off-by-one when checking chunk map includes logical address determine whether the revision contains the guilty commit revision 354d162ba527c6d935b59c53c644722d533607cd crashed and is reachable testing commit 86742a963fe6480b7c47ba382f75ffb6966099ba gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 596efbe975aeac2f129a109c6262fee9e721e236f97c4748037512343cf1cd4e all runs: crashed: WARNING in __kernel_write_iter representative crash: WARNING in __kernel_write_iter, types: [WARNING] # git bisect good 86742a963fe6480b7c47ba382f75ffb6966099ba 4fc9c61c02c0a59d2f273933c32776d403202c09 is the first bad commit commit 4fc9c61c02c0a59d2f273933c32776d403202c09 Author: Jann Horn Date: Fri Nov 24 17:48:31 2023 +0100 btrfs: send: ensure send_fd is writable commit 0ac1d13a55eb37d398b63e6ff6db4a09a2c9128c upstream. kernel_write() requires the caller to ensure that the file is writable. Let's do that directly after looking up the ->send_fd. We don't need a separate bailout path because the "out" path already does fput() if ->send_filp is non-NULL. This has no security impact for two reasons: - the ioctl requires CAP_SYS_ADMIN - __kernel_write() bails out on read-only files - but only since 5.8, see commit a01ac27be472 ("fs: check FMODE_WRITE in __kernel_write") Reported-and-tested-by: syzbot+12e098239d20385264d3@syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=12e098239d20385264d3 Fixes: 31db9f7c23fb ("Btrfs: introduce BTRFS_IOC_SEND for btrfs send/receive") CC: stable@vger.kernel.org # 4.14+ Signed-off-by: Jann Horn Reviewed-by: David Sterba Signed-off-by: David Sterba Signed-off-by: Greg Kroah-Hartman fs/btrfs/send.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) accumulated error probability: 0.00 culprit signature: d1c87f37d2534ef54d97a816053ccaf2f9c7b5997e9cea3972513737b8896790 parent signature: 596efbe975aeac2f129a109c6262fee9e721e236f97c4748037512343cf1cd4e revisions tested: 21, total time: 3h24m8.634829967s (build: 1h35m21.136171058s, test: 1h41m57.155019214s) first good commit: 4fc9c61c02c0a59d2f273933c32776d403202c09 btrfs: send: ensure send_fd is writable recipients (to): ["dsterba@suse.com" "gregkh@linuxfoundation.org" "jannh@google.com" "syzbot+12e098239d20385264d3@syzkaller.appspotmail.com"] recipients (cc): []