ci starts bisection 2023-01-21 14:13:08.540672819 +0000 UTC m=+168540.146069397 bisecting cause commit starting from f9ff5644bcc04221bae56f922122f2b7f5d24d62 building syzkaller on 05494336991504e3c6137b89eeddd492e17af6b6 ensuring issue is reproducible on original commit f9ff5644bcc04221bae56f922122f2b7f5d24d62 testing commit f9ff5644bcc04221bae56f922122f2b7f5d24d62 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 775067e08cefb9fc429a35111af6e21f6e6241dd906a2aeea5acbf43e2a02e55 all runs: crashed: WARNING: kmalloc bug in btrfs_ioctl_send testing release v6.1 testing commit 830b3c68c1fb1e9176028d02ef86f3cf76aa2476 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 84c6496e1358a713e1e1111ff01b243885eac9feb1b58bc085db9e1866d8ea34 all runs: crashed: WARNING: kmalloc bug in btrfs_ioctl_send testing release v6.0 testing commit 4fe89d07dcc2804c8b562f6c7896a45643d34b2f gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 2d8474ed4277032646ecc3ac55ab185198aaefb0fad1c9a1887b80e04f65d79e all runs: crashed: WARNING: kmalloc bug in btrfs_ioctl_send testing release v5.19 testing commit 3d7cb6b04c3f3115719235cc6866b10326de34cd gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 2627fd5cbe764055a2b98f42ee5db7f42bc3b3b0c2feb27c437b200e1ff9998c all runs: crashed: WARNING: kmalloc bug in btrfs_ioctl_send testing release v5.18 testing commit 4b0986a3613c92f4ec1bdc7f60ec66fea135991f gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: dcad7dd0bfe103abb94c8df2bd0a6a4155725376eaa0b089e789e6f07123a4d7 all runs: crashed: WARNING: kmalloc bug in btrfs_ioctl_send testing release v5.17 testing commit f443e374ae131c168a065ea1748feac6b2e76613 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 2bf8f6800769747bbb72b83942e2e61408ff15c27fea49fc9ded27587a51e559 all runs: crashed: WARNING: kmalloc bug in btrfs_ioctl_send testing release v5.16 testing commit df0cc57e057f18e44dac8e6c18aba47ab53202f9 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 941c6626e8d0189fe7ca36ff05643d78acea807001eb78055fac25245f217182 all runs: crashed: WARNING: kmalloc bug in btrfs_ioctl_send testing release v5.15 testing commit 8bb7eca972ad531c9b149c0a51ab43a417385813 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 80213040ea75f1d9a10781bf1a60a1746953eed62fe1772502c0de9e0896a12d all runs: crashed: WARNING: kmalloc bug in btrfs_ioctl_send testing release v5.14 testing commit 7d2a07b769330c34b4deabeed939325c77a7ec2f gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 8318298dbd5a849fbcce1cedec1fea5366d427b5590cb943fe1923287b8cd161 all runs: OK # git bisect start 8bb7eca972ad531c9b149c0a51ab43a417385813 7d2a07b769330c34b4deabeed939325c77a7ec2f Bisecting: 6693 revisions left to test after this (roughly 13 steps) [477f70cd2a67904e04c2c2b9bd0fa2e95222f2f6] Merge tag 'drm-next-2021-08-31-1' of git://anongit.freedesktop.org/drm/drm testing commit 477f70cd2a67904e04c2c2b9bd0fa2e95222f2f6 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: d5fb3938ccd8485b534cab8d245f4b3bd7203a57ab3350b88309df2d0d9aeeb6 run #0: basic kernel testing failed: failed to copy syz-execprog to VM: failed to run ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "/syzkaller/jobs/linux/gopath/src/github.com/google/syzkaller/bin/linux_amd64/syz-execprog" "root@10.128.15.225:./syz-execprog"]: exit status 1 ssh: connect to host 10.128.15.225 port 22: Connection timed out lost connection run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect good 477f70cd2a67904e04c2c2b9bd0fa2e95222f2f6 Bisecting: 3317 revisions left to test after this (roughly 12 steps) [626bf91a292e2035af5b9d9cce35c5c138dfe06d] Merge tag 'net-5.15-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net testing commit 626bf91a292e2035af5b9d9cce35c5c138dfe06d gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 9b30df949ee7f9038113d18f3a6e2db623210f8e360c508beed60a093faee4d1 all runs: crashed: WARNING: kmalloc bug in btrfs_ioctl_send # git bisect bad 626bf91a292e2035af5b9d9cce35c5c138dfe06d Bisecting: 1702 revisions left to test after this (roughly 11 steps) [23852bec534a1633dc08f4df88b8493ae99953a9] Merge tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma testing commit 23852bec534a1633dc08f4df88b8493ae99953a9 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 04149cbdf46d250aba4eb0513bc06221c8f8cffe04dda2ebb6613fe50ec042ae all runs: crashed: WARNING: kmalloc bug in btrfs_ioctl_send # git bisect bad 23852bec534a1633dc08f4df88b8493ae99953a9 Bisecting: 839 revisions left to test after this (roughly 10 steps) [9e5f3ffcf1cb34e7c7beb3f79a96f58536730924] Merge tag 'devicetree-for-5.15' of git://git.kernel.org/pub/scm/linux/kernel/git/robh/linux testing commit 9e5f3ffcf1cb34e7c7beb3f79a96f58536730924 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 62da3bb5968041cc7f63c957af6f020970d2a90a41e522fbbdd80f33c8baf20e all runs: OK # git bisect good 9e5f3ffcf1cb34e7c7beb3f79a96f58536730924 Bisecting: 417 revisions left to test after this (roughly 9 steps) [89b6b8cd92c068cd1bdf877ec7fb1392568ef35d] Merge tag 'vfio-v5.15-rc1' of git://github.com/awilliam/linux-vfio testing commit 89b6b8cd92c068cd1bdf877ec7fb1392568ef35d gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: e8a3715a24e24ef791a4523bab1b1fe17f44819b851974a268a2a6197f7626af all runs: crashed: WARNING: kmalloc bug in btrfs_ioctl_send # git bisect bad 89b6b8cd92c068cd1bdf877ec7fb1392568ef35d Bisecting: 210 revisions left to test after this (roughly 8 steps) [412106c203b759fa7fbcc4f855a90ab18e681ccb] Merge tag 'erofs-for-5.15-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/xiang/erofs testing commit 412106c203b759fa7fbcc4f855a90ab18e681ccb gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: a69e21fde88502a45afb064bc3dbffb192cdff9083f9cbbbca2d1a19b4ae4e9f all runs: OK # git bisect good 412106c203b759fa7fbcc4f855a90ab18e681ccb Bisecting: 107 revisions left to test after this (roughly 7 steps) [c815f04ba94940fbc303a6ea9669e7da87f8e77d] Merge tag 'linux-kselftest-kunit-5.15-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/shuah/linux-kselftest testing commit c815f04ba94940fbc303a6ea9669e7da87f8e77d gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 37a3deb252d23c2ae7659be93f5f12ad5fc43eefe42668709a9a9da1f052f9e8 all runs: crashed: WARNING: kmalloc bug in btrfs_ioctl_send # git bisect bad c815f04ba94940fbc303a6ea9669e7da87f8e77d Bisecting: 45 revisions left to test after this (roughly 6 steps) [265113f70f3d63ae8b6eb1ce4303d14dbbd71b2d] Merge tag 'dlm-5.15' of git://git.kernel.org/pub/scm/linux/kernel/git/teigland/linux-dlm testing commit 265113f70f3d63ae8b6eb1ce4303d14dbbd71b2d gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: c664881fac933b3b2e3d70b5d72b598cdf16a77c18eb805d250200e5ab9bd51d all runs: crashed: WARNING: kmalloc bug in btrfs_ioctl_send # git bisect bad 265113f70f3d63ae8b6eb1ce4303d14dbbd71b2d Bisecting: 33 revisions left to test after this (roughly 5 steps) [baaae979b112642a41b71c71c599d875c067d257] ext4: make the updating inode data procedure atomic testing commit baaae979b112642a41b71c71c599d875c067d257 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 88591acbe6cdc27214f80af3d9c67440b4c544d51569cef7668a093bae936c1c all runs: OK # git bisect good baaae979b112642a41b71c71c599d875c067d257 Bisecting: 16 revisions left to test after this (roughly 4 steps) [7661809d493b426e979f39ab512e3adf41fbcc69] mm: don't allow oversized kvmalloc() calls testing commit 7661809d493b426e979f39ab512e3adf41fbcc69 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: b4a7b9599dffa4139ddb3c03955f04edf376ff10ccd90aa9e3ad79fa2741840c all runs: crashed: WARNING: kmalloc bug in btrfs_ioctl_send # git bisect bad 7661809d493b426e979f39ab512e3adf41fbcc69 Bisecting: 8 revisions left to test after this (roughly 3 steps) [ffb24e3c657869b256c3f90792d262fe09f49628] ovl: relax lookup error on mismatch origin ftype testing commit ffb24e3c657869b256c3f90792d262fe09f49628 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 9dac487e4c29ff9e8a9f25377ad8e7f048612c7b9845c81dbfb028d43d66f1d5 all runs: OK # git bisect good ffb24e3c657869b256c3f90792d262fe09f49628 Bisecting: 4 revisions left to test after this (roughly 2 steps) [52d5a0c6bd8a89f460243ed937856354f8f253a3] ovl: fix BUG_ON() in may_delete() when called from ovl_cleanup() testing commit 52d5a0c6bd8a89f460243ed937856354f8f253a3 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 9d3aa828bfdf8620313f3508b18a8b78f65a2dacf60b503d0e6812b726e1dff6 all runs: OK # git bisect good 52d5a0c6bd8a89f460243ed937856354f8f253a3 Bisecting: 2 revisions left to test after this (roughly 1 step) [332f606b32b6291a944c8cf23b91f53a6e676525] ovl: enable RCU'd ->get_acl() testing commit 332f606b32b6291a944c8cf23b91f53a6e676525 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 4c40ae3319f67130ac639da3fe42485371a2ceffb9529542b08538c3de2d5834 all runs: OK # git bisect good 332f606b32b6291a944c8cf23b91f53a6e676525 Bisecting: 0 revisions left to test after this (roughly 1 step) [111c1aa8cad4a0069dfe98fc093507b5b2cdfda7] Merge tag 'ext4_for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4 testing commit 111c1aa8cad4a0069dfe98fc093507b5b2cdfda7 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 2a70aa838b547a26f51d78428138fa56347746c464a5889408b89c12f5186420 all runs: OK # git bisect good 111c1aa8cad4a0069dfe98fc093507b5b2cdfda7 7661809d493b426e979f39ab512e3adf41fbcc69 is the first bad commit commit 7661809d493b426e979f39ab512e3adf41fbcc69 Author: Linus Torvalds Date: Wed Jul 14 09:45:49 2021 -0700 mm: don't allow oversized kvmalloc() calls 'kvmalloc()' is a convenience function for people who want to do a kmalloc() but fall back on vmalloc() if there aren't enough physically contiguous pages, or if the allocation is larger than what kmalloc() supports. However, let's make sure it doesn't get _too_ easy to do crazy things with it. In particular, don't allow big allocations that could be due to integer overflow or underflow. So make sure the allocation size fits in an 'int', to protect against trivial integer conversion issues. Acked-by: Willy Tarreau Cc: Kees Cook Signed-off-by: Linus Torvalds mm/util.c | 4 ++++ 1 file changed, 4 insertions(+) culprit signature: b4a7b9599dffa4139ddb3c03955f04edf376ff10ccd90aa9e3ad79fa2741840c parent signature: 2a70aa838b547a26f51d78428138fa56347746c464a5889408b89c12f5186420 revisions tested: 23, total time: 4h41m33.106147585s (build: 2h42m32.014572616s, test: 1h54m5.787050652s) first bad commit: 7661809d493b426e979f39ab512e3adf41fbcc69 mm: don't allow oversized kvmalloc() calls recipients (to): ["akpm@linux-foundation.org" "linux-mm@kvack.org" "torvalds@linux-foundation.org" "w@1wt.eu"] recipients (cc): ["linux-kernel@vger.kernel.org"] crash: WARNING: kmalloc bug in btrfs_ioctl_send BTRFS: device fsid 5ac8a51e-da3a-4998-8e66-e1df06b87bc8 devid 1 transid 8 /dev/loop0 scanned by syz-executor.0 (6094) BTRFS info (device loop0): using free space tree BTRFS info (device loop0): has skinny extents BTRFS info (device loop0): enabling ssd optimizations BTRFS info (device loop0): checking UUID tree ------------[ cut here ]------------ WARNING: CPU: 1 PID: 6094 at mm/util.c:597 kvmalloc_node+0x7b/0x90 mm/util.c:600 Modules linked in: CPU: 1 PID: 6094 Comm: syz-executor.0 Not tainted 5.14.0-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023 RIP: 0010:kvmalloc_node+0x7b/0x90 mm/util.c:597 Code: 2b 48 8b 3c 24 8b 54 24 0c 48 81 ff ff ff ff 7f 77 18 4c 8b 44 24 18 48 83 c4 10 89 d1 89 ea 5d be 01 00 00 00 e9 b5 0b 0b 00 <0f> 0b 48 83 c4 10 5d c3 66 66 2e 0f 1f 84 00 00 00 00 00 66 90 55 RSP: 0018:ffffc9000183f908 EFLAGS: 00010212 RAX: 0000000000000000 RBX: ffff888016993700 RCX: 0010000000000000 RDX: 00000000ffffffff RSI: 0000000000000000 RDI: 000caf0ca5eccda0 RBP: 0000000000000dc0 R08: 0000000000012dc0 R09: 00000000ffffffff R10: fffffbfff1542886 R11: 0000000000000001 R12: 00006578652f666c R13: ffff888020988100 R14: ffff888016993708 R15: ffff888020988228 FS: 00007f0613a37700(0000) GS:ffff8880b9d00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fab0406b9ee CR3: 0000000035da5000 CR4: 0000000000350ee0 Call Trace: kvmalloc include/linux/mm.h:806 [inline] kvmalloc_array include/linux/mm.h:824 [inline] kvcalloc include/linux/mm.h:829 [inline] btrfs_ioctl_send+0x727/0x4110 fs/btrfs/send.c:7308 _btrfs_ioctl_send+0x1ee/0x280 fs/btrfs/ioctl.c:4885 btrfs_ioctl+0x2d8/0x6e10 fs/btrfs/ioctl.c:4995 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:874 [inline] __se_sys_ioctl fs/ioctl.c:860 [inline] __x64_sys_ioctl+0x11f/0x190 fs/ioctl.c:860 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0x80 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7f06146c50d9 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f0613a37168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 00007f06147e4f80 RCX: 00007f06146c50d9 RDX: 0000000020000040 RSI: 0000000040489426 RDI: 0000000000000003 RBP: 00007f0614720ae9 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007fff9d2f404f R14: 00007f0613a37300 R15: 0000000000022000