ci starts bisection 2023-07-19 23:43:43.525435737 +0000 UTC m=+21616.625755741 bisecting fixing commit since fb054096aea0576f0c0a61c598e5e9676443ee86 building syzkaller on d2ee9228555a1697ea8957f68403df8e4c55f42d ensuring issue is reproducible on original commit fb054096aea0576f0c0a61c598e5e9676443ee86 testing commit fb054096aea0576f0c0a61c598e5e9676443ee86 gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: b5cca2d686f14366baf60e481f97b6b82ba7d43a4cdb7fe38bc3f44fd095e8ef all runs: crashed: KASAN: slab-out-of-bounds Read in xlog_pack_data representative crash: KASAN: slab-out-of-bounds Read in xlog_pack_data, types: [KASAN] check whether we can drop unnecessary instrumentation disabling configs for [LOCKDEP ATOMIC_SLEEP HANG LEAK UBSAN BUG], they are not needed testing commit fb054096aea0576f0c0a61c598e5e9676443ee86 gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: a4cb6928789159e978da3138de8fbe7a9be2d9bd2d6d5ce30bf78a118e648718 all runs: crashed: KASAN: slab-out-of-bounds Read in xlog_pack_data representative crash: KASAN: slab-out-of-bounds Read in xlog_pack_data, types: [KASAN] the bug reproduces without the instrumentation disabling configs for [HANG LEAK UBSAN BUG LOCKDEP ATOMIC_SLEEP], they are not needed kconfig minimization: base=3883 full=7594 leaves diff=1999 split chunks (needed=false): <1999> split chunk #0 of len 1999 into 5 parts testing without sub-chunk 1/5 testing commit fb054096aea0576f0c0a61c598e5e9676443ee86 gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: fdf4e812af5eaf9e9cd80031f405b009a7b115d53b468de9599e0d1dc1f97563 all runs: crashed: KASAN: slab-out-of-bounds Read in xlog_pack_data representative crash: KASAN: slab-out-of-bounds Read in xlog_pack_data, types: [KASAN] the chunk can be dropped testing without sub-chunk 2/5 testing commit fb054096aea0576f0c0a61c598e5e9676443ee86 gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 1b569ebb422f6ab9ebf93c9409069220922308b4e33f12b8a99b9ecb1c06bd81 all runs: crashed: KASAN: slab-out-of-bounds Read in xlog_pack_data representative crash: KASAN: slab-out-of-bounds Read in xlog_pack_data, types: [KASAN] the chunk can be dropped testing without sub-chunk 3/5 testing commit fb054096aea0576f0c0a61c598e5e9676443ee86 gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 4da477caa6155c392ab515a70e98588e9f9c363e8e3ca384e40afb79ba2bd3c9 all runs: crashed: KASAN: slab-out-of-bounds Read in xlog_pack_data representative crash: KASAN: slab-out-of-bounds Read in xlog_pack_data, types: [KASAN] the chunk can be dropped testing without sub-chunk 4/5 testing commit fb054096aea0576f0c0a61c598e5e9676443ee86 gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: d23b5cab532960fd7906f68f9490567e9e830f8f45e9a6a0e2c6bf7594d7d6a3 all runs: crashed: KASAN: slab-out-of-bounds Read in xlog_pack_data representative crash: KASAN: slab-out-of-bounds Read in xlog_pack_data, types: [KASAN] the chunk can be dropped testing without sub-chunk 5/5 testing commit fb054096aea0576f0c0a61c598e5e9676443ee86 gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 617671f77280c8e5deca9ad4827d602ebb67be5a3563199b2a38380551bec6d3 all runs: OK false negative chance: 0.000 minimized to 399 configs; suspects: [ARCH_ENABLE_MEMORY_HOTREMOVE ATM BCMA BLK_DEV_ZONED BPF_SYSCALL CARDBUS CFG80211 CFG80211_WEXT CMA COMMON_CLK CONTIG_ALLOC CRYPTO_842 CRYPTO_LZ4 CRYPTO_LZ4HC CRYPTO_LZO CRYPTO_ZSTD DVB_CORE EXTCON FB GPIOLIB HID_ZEROPLUS I2C_MUX IIO IOMMUFD IRQ_REMAP KVM KVM_INTEL LIBNVDIMM MEDIA_ANALOG_TV_SUPPORT MEDIA_CAMERA_SUPPORT MEDIA_CEC_SUPPORT MEDIA_CONTROLLER MEDIA_DIGITAL_TV_SUPPORT MEDIA_RADIO_SUPPORT MEDIA_SDR_SUPPORT MEDIA_SUPPORT MEDIA_TEST_SUPPORT MEDIA_USB_SUPPORT MEMORY_HOTPLUG MEMORY_HOTREMOVE MFD_VIPERBOARD PARPORT PCCARD PCMCIA PHONET RADIO_ADAPTERS RADIO_SI470X RADIO_SI4713 RC_CORE RFKILL SND SOUND SPI SSB TAP TARGET_CORE TUN USB_AMD5536UDC USB_ATM USB_CONFIGFS USB_CONFIGFS_F_MIDI USB_CONFIGFS_F_PRINTER USB_CONFIGFS_F_TCM USB_CONFIGFS_F_UAC1 USB_CONFIGFS_F_UAC1_LEGACY USB_CONFIGFS_F_UAC2 USB_CONFIGFS_F_UVC USB_CONFIGFS_MASS_STORAGE USB_CONFIGFS_NCM USB_CONFIGFS_OBEX USB_CONFIGFS_PHONET USB_CONFIGFS_RNDIS USB_CONFIGFS_SERIAL USB_CXACRU USB_CYPRESS_CY7C63 USB_CYTHERM USB_DSBR USB_DUMMY_HCD USB_DWC2 USB_DWC2_HOST USB_DWC2_PCI USB_DWC3 USB_DWC3_GADGET USB_DWC3_OF_SIMPLE USB_DWC3_PCI USB_DWC3_ULPI USB_DYNAMIC_MINORS USB_EG20T USB_EHCI_HCD_PLATFORM USB_EHCI_ROOT_HUB_TT USB_EHSET_TEST_FIXTURE USB_EMI26 USB_EMI62 USB_EPSON2888 USB_EZUSB_FX2 USB_FEW_INIT_RETRIES USB_F_ACM USB_F_ECM USB_F_EEM USB_F_FS USB_F_HID USB_F_MASS_STORAGE USB_F_MIDI USB_F_NCM USB_F_OBEX USB_F_PHONET USB_F_PRINTER USB_F_RNDIS USB_F_SERIAL USB_F_SS_LB USB_F_SUBSET USB_F_TCM USB_F_UAC1 USB_F_UAC1_LEGACY USB_F_UAC2 USB_F_UVC USB_GADGET USB_GADGETFS USB_GADGET_DEBUG_FILES USB_GADGET_DEBUG_FS USB_GL860 USB_GOKU USB_GPIO_VBUS USB_GR_UDC USB_GSPCA USB_GSPCA_BENQ USB_GSPCA_CONEX USB_GSPCA_CPIA1 USB_GSPCA_DTCS033 USB_GSPCA_ETOMS USB_GSPCA_FINEPIX USB_GSPCA_JEILINJ USB_GSPCA_JL2005BCD USB_GSPCA_KINECT USB_GSPCA_KONICA USB_GSPCA_MARS USB_GSPCA_MR97310A USB_GSPCA_NW80X USB_GSPCA_OV519 USB_GSPCA_OV534 USB_GSPCA_OV534_9 USB_GSPCA_PAC207 USB_GSPCA_PAC7302 USB_GSPCA_PAC7311 USB_GSPCA_SE401 USB_GSPCA_SN9C2028 USB_GSPCA_SN9C20X USB_GSPCA_SONIXB USB_GSPCA_SONIXJ USB_GSPCA_SPCA1528 USB_GSPCA_SPCA500 USB_GSPCA_SPCA501 USB_GSPCA_SPCA505 USB_GSPCA_SPCA506 USB_GSPCA_SPCA508 USB_GSPCA_SPCA561 USB_GSPCA_SQ905 USB_GSPCA_SQ905C USB_GSPCA_SQ930X USB_GSPCA_STK014 USB_GSPCA_STK1135 USB_GSPCA_STV0680 USB_GSPCA_SUNPLUS USB_GSPCA_T613 USB_GSPCA_TOPRO USB_GSPCA_TOUPTEK USB_GSPCA_TV8532 USB_GSPCA_VC032X USB_GSPCA_VICAM USB_GSPCA_XIRLINK_CIT USB_GSPCA_ZC3XX USB_HACKRF USB_HCD_BCMA USB_HCD_SSB USB_HSIC_USB3503 USB_HSIC_USB4604 USB_HSO USB_HUB_USB251XB USB_IDMOUSE USB_IOWARRIOR USB_IPHETH USB_ISIGHTFW USB_ISP116X_HCD USB_ISP1301 USB_ISP1760 USB_ISP1760_DUAL_ROLE USB_ISP1760_HCD USB_ISP1761_UDC USB_KAWETH USB_KC2190 USB_KEENE USB_LAN78XX USB_LCD USB_LD USB_LEDS_TRIGGER_USBPORT USB_LED_TRIG USB_LEGOTOWER USB_LIBCOMPOSITE USB_LINK_LAYER_TEST USB_M5602 USB_MA901 USB_MAX3421_HCD USB_MDC800 USB_MICROTEK USB_MR800 USB_MSI2500 USB_MUSB_DUAL_ROLE USB_MUSB_HDRC USB_MV_U3D USB_MV_UDC USB_NET2272 USB_NET2272_DMA USB_NET2280 USB_NET_AX88179_178A USB_NET_AX8817X USB_NET_CDCETHER USB_NET_CDC_EEM USB_NET_CDC_MBIM USB_NET_CDC_NCM USB_NET_CDC_SUBSET USB_NET_CDC_SUBSET_ENABLE USB_NET_CH9200 USB_NET_CX82310_ETH USB_NET_DM9601 USB_NET_GL620A USB_NET_HUAWEI_CDC_NCM USB_NET_INT51X1 USB_NET_KALMIA USB_NET_MCS7830 USB_NET_NET1080 USB_NET_PLUSB USB_NET_QMI_WWAN USB_NET_RNDIS_HOST USB_NET_RNDIS_WLAN USB_NET_SMSC75XX USB_NET_SMSC95XX USB_NET_SR9700 USB_NET_SR9800 USB_NET_ZAURUS USB_OHCI_HCD_PLATFORM USB_OTG USB_OTG_FSM USB_OXU210HP_HCD USB_PEGASUS USB_PULSE8_CEC USB_PWC USB_PWC_INPUT_EVDEV USB_PXA27X USB_R8A66597 USB_R8A66597_HCD USB_RAINSHADOW_CEC USB_RAREMONO USB_RAW_GADGET USB_RTL8150 USB_RTL8152 USB_RTL8153_ECM USB_S2255 USB_SERIAL USB_SERIAL_AIRCABLE USB_SERIAL_ARK3116 USB_SERIAL_BELKIN USB_SERIAL_CH341 USB_SERIAL_CONSOLE USB_SERIAL_CP210X USB_SERIAL_CYBERJACK USB_SERIAL_CYPRESS_M8 USB_SERIAL_DEBUG USB_SERIAL_DIGI_ACCELEPORT USB_SERIAL_EDGEPORT USB_SERIAL_EDGEPORT_TI USB_SERIAL_EMPEG USB_SERIAL_F81232 USB_SERIAL_F8153X USB_SERIAL_FTDI_SIO USB_SERIAL_GARMIN USB_SERIAL_GENERIC USB_SERIAL_IPAQ USB_SERIAL_IPW USB_SERIAL_IR USB_SERIAL_IUU USB_SERIAL_KEYSPAN USB_SERIAL_KEYSPAN_PDA USB_SERIAL_KLSI USB_SERIAL_KOBIL_SCT USB_SERIAL_MCT_U232 USB_SERIAL_METRO USB_SERIAL_MOS7715_PARPORT USB_SERIAL_MOS7720 USB_SERIAL_MOS7840 USB_SERIAL_MXUPORT USB_SERIAL_NAVMAN USB_SERIAL_OMNINET USB_SERIAL_OPTICON USB_SERIAL_OPTION USB_SERIAL_OTI6858 USB_SERIAL_PL2303 USB_SERIAL_QCAUX USB_SERIAL_QT2 USB_SERIAL_QUALCOMM USB_SERIAL_SAFE USB_SERIAL_SIERRAWIRELESS USB_SERIAL_SIMPLE USB_SERIAL_SPCP8X5 USB_SERIAL_SSU100 USB_SERIAL_SYMBOL USB_SERIAL_TI USB_SERIAL_UPD78F0730 USB_SERIAL_VISOR USB_SERIAL_WHITEHEAT USB_SERIAL_WISHBONE USB_SERIAL_WWAN USB_SERIAL_XR USB_SERIAL_XSENS_MT USB_SEVSEG USB_SI470X USB_SI4713 USB_SIERRA_NET USB_SISUSBVGA USB_SL811_CS USB_SL811_HCD USB_SL811_HCD_ISO USB_SNP_CORE USB_SPEEDTOUCH USB_STORAGE_ALAUDA USB_STORAGE_CYPRESS_ATACB USB_STORAGE_DATAFAB USB_STORAGE_ENE_UB6250 USB_STORAGE_FREECOM USB_STORAGE_ISD200 USB_STORAGE_JUMPSHOT USB_STORAGE_KARMA USB_STORAGE_ONETOUCH USB_STORAGE_SDDR09 USB_STORAGE_SDDR55 USB_STORAGE_USBAT USB_STV06XX USB_TEST USB_TMC USB_TRANCEVIBRATOR USB_UAS USB_UEAGLEATM USB_ULPI_BUS USB_USBNET USB_USS720 USB_U_AUDIO USB_U_ETHER USB_U_SERIAL USB_VIDEO_CLASS USB_VIDEO_CLASS_INPUT_EVDEV USB_VL600 USB_WDM USB_XHCI_DBGCAP USB_XHCI_PLATFORM USB_XUSBATM USB_YUREX USERFAULTFD USERIO USERMODE_DRIVER USER_RETURN_NOTIFIER UVC_COMMON U_SERIAL_CONSOLE V4L2_MEM2MEM_DEV V4L_TEST_DRIVERS VALIDATE_FS_PARSER VDPA VDPA_SIM VDPA_SIM_BLOCK VDPA_SIM_NET VDPA_USER VETH VFIO VFIO_PCI VFIO_PCI_CORE VFIO_PCI_INTX VFIO_PCI_MMAP VFIO_VIRQFD VGASTATE VHOST VHOST_CROSS_ENDIAN_LEGACY VHOST_IOTLB VHOST_NET VHOST_RING VHOST_TASK VHOST_VDPA VHOST_VSOCK VIDEOBUF2_CORE VIDEOBUF2_DMA_CONTIG VIDEOBUF2_DMA_SG VIDEOBUF2_MEMOPS VIDEOBUF2_V4L2 VIDEOBUF2_VMALLOC VIDEOMODE_HELPERS VIDEO_AU0828 VIDEO_AU0828_RC VIDEO_AU0828_V4L2 VIDEO_CMDLINE VIDEO_CS53L32A VIDEO_CX231XX VIDEO_CX231XX_ALSA VIDEO_CX231XX_DVB VIDEO_CX231XX_RC VIDEO_CX2341X VIDEO_CX25840 VIDEO_DEV VIDEO_EM28XX VIDEO_EM28XX_ALSA VIDEO_EM28XX_DVB VIDEO_EM28XX_RC VIDEO_EM28XX_V4L2 VIDEO_GO7007 VIDEO_GO7007_LOADER VIDEO_GO7007_USB VIDEO_GO7007_USB_S2250_BOARD VIDEO_HDPVR VIDEO_MSP3400 VIDEO_NOMODESET VIDEO_PVRUSB2 VIDEO_PVRUSB2_DVB VIDEO_PVRUSB2_SYSFS VIDEO_SAA711X VIDEO_STK1160 VIDEO_STK1160_COMMON VIDEO_TUNER VIDEO_TVEEPROM VIDEO_USBTV VIDEO_V4L2_I2C VIDEO_V4L2_SUBDEV_API VIDEO_V4L2_TPG VIDEO_VICODEC VIDEO_VIM2M VIDEO_VIMC VIDEO_VIVID VIDEO_VIVID_CEC VIDEO_WM8775 VIPERBOARD_ADC VIRTIO_BALLOON VIRTIO_DMA_SHARED_BUFFER VIRTIO_MEM VIRTIO_MMIO VIRTIO_MMIO_CMDLINE_DEVICES VIRTIO_PMEM VIRTIO_VDPA VIRTIO_VSOCKETS VIRTIO_VSOCKETS_COMMON VIRT_WIFI VLAN_8021Q VLAN_8021Q_GVRP VLAN_8021Q_MVRP VMAP_PFN VMWARE_VMCI VMXNET3 VP_VDPA VSOCKETS VSOCKETS_DIAG VSOCKETS_LOOPBACK VSOCKMON VT_HW_CONSOLE_BINDING VXFS_FS WANT_DEV_COREDUMP WEXT_CORE WEXT_PRIV WEXT_PROC WIREGUARD WIRELESS WIRELESS_EXT WLAN WLAN_VENDOR_ADMTEK WLAN_VENDOR_PURELIFI WLAN_VENDOR_SILABS X86_FEATURE_NAMES X86_SGX X86_SGX_KVM X86_X2APIC X86_X32_ABI XARRAY_MULTI XDP_SOCKETS XDP_SOCKETS_DIAG XFRM_ESPINTCP XFRM_INTERFACE XFRM_IPCOMP XFRM_MIGRATE XFRM_OFFLOAD XFRM_STATISTICS XFRM_SUB_POLICY XFRM_USER_COMPAT XFS_FS XFS_POSIX_ACL XFS_QUOTA XFS_RT XFS_SUPPORT_V4 XOR_BLOCKS YENTA YENTA_ENE_TUNE YENTA_O2 YENTA_RICOH YENTA_TI YENTA_TOSHIBA ZBUD ZEROPLUS_FF ZLIB_DEFLATE ZONEFS_FS ZPOOL ZRAM ZRAM_DEF_COMP_LZORLE ZSMALLOC ZSTD_COMPRESS ZSWAP ZSWAP_COMPRESSOR_DEFAULT_LZO ZSWAP_ZPOOL_DEFAULT_ZBUD] disabling configs for [LOCKDEP ATOMIC_SLEEP HANG LEAK UBSAN BUG], they are not needed testing current HEAD bfa3037d828050896ae52f6467b6ca2489ae6fb1 testing commit bfa3037d828050896ae52f6467b6ca2489ae6fb1 gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 043b437547d6905851d8a2fcca3c8f9455c27098da99772557b9847fee464209 all runs: OK false negative chance: 0.000 # git bisect start bfa3037d828050896ae52f6467b6ca2489ae6fb1 fb054096aea0576f0c0a61c598e5e9676443ee86 Bisecting: 5780 revisions left to test after this (roughly 13 steps) [1b722407a13b7f8658d2e26917791f32805980a2] Merge tag 'drm-next-2023-06-29' of git://anongit.freedesktop.org/drm/drm testing commit 1b722407a13b7f8658d2e26917791f32805980a2 gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: fdf25b9e309ba6028de2f0313f2549238819ce400afff92f99657b16c3b42a92 all runs: crashed: KASAN: slab-out-of-bounds Read in xlog_pack_data representative crash: KASAN: slab-out-of-bounds Read in xlog_pack_data, types: [KASAN] # git bisect good 1b722407a13b7f8658d2e26917791f32805980a2 Bisecting: 2861 revisions left to test after this (roughly 12 steps) [d25f002575146d67b5ebea541e6db3696c957c25] Merge tag 'cxl-for-6.5' of git://git.kernel.org/pub/scm/linux/kernel/git/cxl/cxl testing commit d25f002575146d67b5ebea541e6db3696c957c25 gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 8b8bf5ce884ae933f1e45eafb05e84e031f1a85999b9348260aad0ce43619e62 all runs: crashed: KASAN: slab-out-of-bounds Read in xlog_pack_data representative crash: KASAN: slab-out-of-bounds Read in xlog_pack_data, types: [KASAN] # git bisect good d25f002575146d67b5ebea541e6db3696c957c25 Bisecting: 1428 revisions left to test after this (roughly 11 steps) [b869e9f49964aace737a5a3fadd958ea94e96288] Merge tag 'clk-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/clk/linux testing commit b869e9f49964aace737a5a3fadd958ea94e96288 gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 2fc434ba4e2d64b72207907d575ec5e274193fed6a2c58d30842b57b012f42fd all runs: crashed: KASAN: slab-out-of-bounds Read in xlog_pack_data representative crash: KASAN: slab-out-of-bounds Read in xlog_pack_data, types: [KASAN] # git bisect good b869e9f49964aace737a5a3fadd958ea94e96288 Bisecting: 714 revisions left to test after this (roughly 10 steps) [6537ed3904a3b3720e5e238dd5d542448fcf94c2] i2c: mpc: Drop unused variable testing commit 6537ed3904a3b3720e5e238dd5d542448fcf94c2 gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 13e2f9420e94cefaf0884de15fecec685ef095e96a8ac97483ce9f054b357669 all runs: OK false negative chance: 0.000 # git bisect bad 6537ed3904a3b3720e5e238dd5d542448fcf94c2 Bisecting: 377 revisions left to test after this (roughly 9 steps) [15ac468614e5e4fee82e1eb32568f427b0e51adc] Merge tag 'media/v6.5-1' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media testing commit 15ac468614e5e4fee82e1eb32568f427b0e51adc gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: c0597f63b3bd8a6ec691fe18f655364b328c6ead746b629119702f1d845f1ab0 all runs: crashed: KASAN: slab-out-of-bounds Read in xlog_pack_data representative crash: KASAN: slab-out-of-bounds Read in xlog_pack_data, types: [KASAN] # git bisect good 15ac468614e5e4fee82e1eb32568f427b0e51adc Bisecting: 222 revisions left to test after this (roughly 8 steps) [73a3fcdaa73200e38e38f7e8a32c9b901c5b95b5] Merge tag 'f2fs-for-6.5-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/jaegeuk/f2fs testing commit 73a3fcdaa73200e38e38f7e8a32c9b901c5b95b5 gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 1ac56547d74fd5c3247c6a0e703fa286b7ef7bcb4266c4e1b5aea567b7de27a3 all runs: OK false negative chance: 0.000 # git bisect bad 73a3fcdaa73200e38e38f7e8a32c9b901c5b95b5 Bisecting: 66 revisions left to test after this (roughly 6 steps) [ace1ba1c9038b30f29c5759bc4726bbed7748f15] Merge tag 'pwm/for-6.5-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/thierry.reding/linux-pwm testing commit ace1ba1c9038b30f29c5759bc4726bbed7748f15 gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 53b4b7e6605631b2227be0a8ee2bbcd4a8c5c910cf5741f16ec74da8d96fbb24 all runs: crashed: KASAN: slab-out-of-bounds Read in xlog_pack_data representative crash: KASAN: slab-out-of-bounds Read in xlog_pack_data, types: [KASAN] # git bisect good ace1ba1c9038b30f29c5759bc4726bbed7748f15 Bisecting: 33 revisions left to test after this (roughly 5 steps) [ac1ee161dec5801d9bbd874ef69cd0ff1e8053b6] f2fs: add f2fs_ioc_get_compress_blocks testing commit ac1ee161dec5801d9bbd874ef69cd0ff1e8053b6 gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 1ea683625de859b8e502adcdd5830691da4cbd30fc8cb5ae7a6c81ccb939c4d2 all runs: crashed: KASAN: slab-out-of-bounds Read in xlog_pack_data representative crash: KASAN: slab-out-of-bounds Read in xlog_pack_data, types: [KASAN] # git bisect good ac1ee161dec5801d9bbd874ef69cd0ff1e8053b6 Bisecting: 16 revisions left to test after this (roughly 4 steps) [5cf32f63b0f4c520460c1a5dd915dc4f09085f29] xfs: fix the calculation for "end" and "length" testing commit 5cf32f63b0f4c520460c1a5dd915dc4f09085f29 gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: fc59338d6f47fc8b5f1c70eb5b2b95090d12c7e12e07f8698b90328bfbf350d7 all runs: OK false negative chance: 0.000 # git bisect bad 5cf32f63b0f4c520460c1a5dd915dc4f09085f29 Bisecting: 8 revisions left to test after this (roughly 3 steps) [edd8276dd70279c29d412d99b99c2c0cac1b2cdd] xfs: AGF length has never been bounds checked testing commit edd8276dd70279c29d412d99b99c2c0cac1b2cdd gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 4744540aedf8b556154a0fa8dd6fae1a19ee10962d76d11a856dd894cb2e9eb8 all runs: OK false negative chance: 0.000 # git bisect bad edd8276dd70279c29d412d99b99c2c0cac1b2cdd Bisecting: 3 revisions left to test after this (roughly 2 steps) [6a2a9d776c4ae24a797e25eed2b9f7f33f756296] xfs: pass alloc flags through to xfs_extent_busy_flush() testing commit 6a2a9d776c4ae24a797e25eed2b9f7f33f756296 gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 6297bd08e9521fdda92e3b7d26c4669275f47a273c702098b4ae69034e0ed6ee all runs: crashed: KASAN: slab-out-of-bounds Read in xlog_pack_data representative crash: KASAN: slab-out-of-bounds Read in xlog_pack_data, types: [KASAN] # git bisect good 6a2a9d776c4ae24a797e25eed2b9f7f33f756296 Bisecting: 1 revision left to test after this (roughly 1 step) [8ebbf262d4684e035af5e7aa2a71cab636673a9b] xfs: don't block in busy flushing when freeing extents testing commit 8ebbf262d4684e035af5e7aa2a71cab636673a9b gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 2e8bf21b176bd2851b0602df3d918178c0a4c0193bf19482d452869be4c0f8b7 all runs: crashed: KASAN: slab-out-of-bounds Read in xlog_pack_data representative crash: KASAN: slab-out-of-bounds Read in xlog_pack_data, types: [KASAN] # git bisect good 8ebbf262d4684e035af5e7aa2a71cab636673a9b Bisecting: 0 revisions left to test after this (roughly 0 steps) [f1e1765aad7de7a8b8102044fc6a44684bc36180] xfs: journal geometry is not properly bounds checked testing commit f1e1765aad7de7a8b8102044fc6a44684bc36180 gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: c0e006ff1cf068d3b56aa4e8e28b11ab89f81f769ac82d5a1d4e9010b498210e all runs: OK false negative chance: 0.000 # git bisect bad f1e1765aad7de7a8b8102044fc6a44684bc36180 f1e1765aad7de7a8b8102044fc6a44684bc36180 is the first bad commit commit f1e1765aad7de7a8b8102044fc6a44684bc36180 Author: Dave Chinner Date: Wed Jun 28 11:04:33 2023 -0700 xfs: journal geometry is not properly bounds checked If the journal geometry results in a sector or log stripe unit validation problem, it indicates that we cannot set the log up to safely write to the the journal. In these cases, we must abort the mount because the corruption needs external intervention to resolve. Similarly, a journal that is too large cannot be written to safely, either, so we shouldn't allow those geometries to mount, either. If the log is too small, we risk having transaction reservations overruning the available log space and the system hanging waiting for space it can never provide. This is purely a runtime hang issue, not a corruption issue as per the first cases listed above. We abort mounts of the log is too small for V5 filesystems, but we must allow v4 filesystems to mount because, historically, there was no log size validity checking and so some systems may still be out there with undersized logs. The problem is that on V4 filesystems, when we discover a log geometry problem, we skip all the remaining checks and then allow the log to continue mounting. This mean that if one of the log size checks fails, we skip the log stripe unit check. i.e. we allow the mount because a "non-fatal" geometry is violated, and then fail to check the hard fail geometries that should fail the mount. Move all these fatal checks to the superblock verifier, and add a new check for the two log sector size geometry variables having the same values. This will prevent any attempt to mount a log that has invalid or inconsistent geometries long before we attempt to mount the log. However, for the minimum log size checks, we can only do that once we've setup up the log and calculated all the iclog sizes and roundoffs. Hence this needs to remain in the log mount code after the log has been initialised. It is also the only case where we should allow a v4 filesystem to continue running, so leave that handling in place, too. Signed-off-by: Dave Chinner Reviewed-by: Christoph Hellwig Reviewed-by: Darrick J. Wong Signed-off-by: Darrick J. Wong fs/xfs/libxfs/xfs_sb.c | 56 +++++++++++++++++++++++++++++++++++++++++++++++++- fs/xfs/xfs_log.c | 47 ++++++++++++++---------------------------- 2 files changed, 70 insertions(+), 33 deletions(-) accumulated error probability: 0.00 culprit signature: c0e006ff1cf068d3b56aa4e8e28b11ab89f81f769ac82d5a1d4e9010b498210e parent signature: 2e8bf21b176bd2851b0602df3d918178c0a4c0193bf19482d452869be4c0f8b7 revisions tested: 21, total time: 3h29m20.086674565s (build: 1h41m8.708083527s, test: 1h43m36.624697064s) first good commit: f1e1765aad7de7a8b8102044fc6a44684bc36180 xfs: journal geometry is not properly bounds checked recipients (to): ["dchinner@redhat.com" "djwong@kernel.org" "hch@lst.de"] recipients (cc): []