ci2 starts bisection 2024-09-21 15:15:44.045578671 +0000 UTC m=+161534.980646721 bisecting fixing commit since 117ac406ba904da738fb79a3b2c96d4a385292c1 building syzkaller on dbc93b085f18cf00b6c0e077c902b5f83ecbe76c ensuring issue is reproducible on original commit 117ac406ba904da738fb79a3b2c96d4a385292c1 testing commit 117ac406ba904da738fb79a3b2c96d4a385292c1 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 543d37cf25214e59af9b416c59d5ed1272d9a24c5e0586250e0b80d0fb3746d3 run #0: basic kernel testing failed: INFO: rcu detected stall in corrupted run #1: basic kernel testing failed: INFO: rcu detected stall in corrupted run #2: basic kernel testing failed: INFO: rcu detected stall in corrupted run #3: basic kernel testing failed: INFO: rcu detected stall in corrupted run #4: crashed: UBSAN: shift-out-of-bounds in dbDiscardAG run #5: crashed: UBSAN: shift-out-of-bounds in dbDiscardAG run #6: crashed: UBSAN: shift-out-of-bounds in dbDiscardAG run #7: crashed: UBSAN: shift-out-of-bounds in dbDiscardAG run #8: crashed: UBSAN: shift-out-of-bounds in dbDiscardAG run #9: crashed: UBSAN: shift-out-of-bounds in dbDiscardAG run #10: crashed: UBSAN: shift-out-of-bounds in dbDiscardAG run #11: crashed: UBSAN: shift-out-of-bounds in dbDiscardAG run #12: crashed: UBSAN: shift-out-of-bounds in dbDiscardAG run #13: crashed: UBSAN: shift-out-of-bounds in dbDiscardAG run #14: crashed: UBSAN: shift-out-of-bounds in dbDiscardAG run #15: crashed: UBSAN: shift-out-of-bounds in dbDiscardAG run #16: crashed: UBSAN: shift-out-of-bounds in dbDiscardAG run #17: crashed: UBSAN: shift-out-of-bounds in dbDiscardAG run #18: crashed: INFO: rcu detected stall in corrupted run #19: crashed: INFO: rcu detected stall in corrupted representative crash: UBSAN: shift-out-of-bounds in dbDiscardAG, types: [UBSAN] check whether we can drop unnecessary instrumentation disabling configs for [BUG KASAN LOCKDEP ATOMIC_SLEEP HANG LEAK], they are not needed testing commit 117ac406ba904da738fb79a3b2c96d4a385292c1 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 10233dcb6647838fe80ffff58fbd4f08a86d40f59b00964e58627139eec7efe0 run #0: crashed: UBSAN: shift-out-of-bounds in dbDiscardAG run #1: crashed: UBSAN: shift-out-of-bounds in dbDiscardAG run #2: crashed: UBSAN: shift-out-of-bounds in dbDiscardAG run #3: crashed: UBSAN: shift-out-of-bounds in dbDiscardAG run #4: crashed: UBSAN: shift-out-of-bounds in dbDiscardAG run #5: crashed: UBSAN: shift-out-of-bounds in dbDiscardAG run #6: crashed: UBSAN: shift-out-of-bounds in dbDiscardAG run #7: crashed: UBSAN: shift-out-of-bounds in dbDiscardAG run #8: basic kernel testing failed: no output from test machine run #9: basic kernel testing failed: no output from test machine representative crash: UBSAN: shift-out-of-bounds in dbDiscardAG, types: [UBSAN] the bug reproduces without the instrumentation disabling configs for [HANG LEAK BUG KASAN LOCKDEP ATOMIC_SLEEP], they are not needed kconfig minimization: base=3824 full=7495 leaves diff=2067 split chunks (needed=false): <2067> split chunk #0 of len 2067 into 5 parts testing without sub-chunk 1/5 disabling configs for [HANG LEAK BUG KASAN LOCKDEP ATOMIC_SLEEP], they are not needed testing commit 117ac406ba904da738fb79a3b2c96d4a385292c1 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: e8a16306da71d024870ecda80d9a35e2de96f0fef557fea77853334ded3b0198 run #0: crashed: UBSAN: shift-out-of-bounds in dbDiscardAG run #1: crashed: UBSAN: shift-out-of-bounds in dbDiscardAG run #2: crashed: UBSAN: shift-out-of-bounds in dbDiscardAG run #3: crashed: UBSAN: shift-out-of-bounds in dbDiscardAG run #4: crashed: UBSAN: shift-out-of-bounds in dbDiscardAG run #5: crashed: UBSAN: shift-out-of-bounds in dbDiscardAG run #6: crashed: UBSAN: shift-out-of-bounds in dbDiscardAG run #7: crashed: UBSAN: shift-out-of-bounds in dbDiscardAG run #8: crashed: UBSAN: shift-out-of-bounds in dbDiscardAG run #9: crashed: no output from test machine representative crash: UBSAN: shift-out-of-bounds in dbDiscardAG, types: [UBSAN] the chunk can be dropped testing without sub-chunk 2/5 disabling configs for [LEAK BUG KASAN LOCKDEP ATOMIC_SLEEP HANG], they are not needed testing commit 117ac406ba904da738fb79a3b2c96d4a385292c1 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 90b2266322d0e608ab30d01d130a841b80f6cf88b731d49fb43e1571e0b40997 all runs: crashed: UBSAN: shift-out-of-bounds in dbDiscardAG representative crash: UBSAN: shift-out-of-bounds in dbDiscardAG, types: [UBSAN] the chunk can be dropped testing without sub-chunk 3/5 disabling configs for [HANG LEAK BUG KASAN LOCKDEP ATOMIC_SLEEP], they are not needed testing commit 117ac406ba904da738fb79a3b2c96d4a385292c1 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 50e0eccfff52f5f5cbae45ce683f365199f374f5af35d23e6ee52843e6fff127 all runs: OK false negative chance: 0.000 testing without sub-chunk 4/5 disabling configs for [HANG LEAK BUG KASAN LOCKDEP ATOMIC_SLEEP], they are not needed testing commit 117ac406ba904da738fb79a3b2c96d4a385292c1 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 7b7893ef6efdcce0ff1648b011f75e562b9677eb9908caea283d4d924e144746 all runs: crashed: UBSAN: shift-out-of-bounds in dbDiscardAG representative crash: UBSAN: shift-out-of-bounds in dbDiscardAG, types: [UBSAN] the chunk can be dropped testing without sub-chunk 5/5 disabling configs for [BUG KASAN LOCKDEP ATOMIC_SLEEP HANG LEAK], they are not needed testing commit 117ac406ba904da738fb79a3b2c96d4a385292c1 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: d5cb851740d74fa8cbf0b3d80967ff5bba0a137b97ff54522660d3bbeabfd6d4 all runs: crashed: UBSAN: shift-out-of-bounds in dbDiscardAG representative crash: UBSAN: shift-out-of-bounds in dbDiscardAG, types: [UBSAN] the chunk can be dropped minimized to 414 configs; suspects: [AX25 BRIDGE BRIDGE_NETFILTER CAN CFG80211 CHECKPOINT_RESTORE DVB_CORE FB FSCACHE HAMRADIO HID_NINTENDO HSR INFINIBAND INFINIBAND_ADDR_TRANS INFINIBAND_USER_ACCESS INPUT_JOYSTICK INPUT_MOUSE IP6_NF_RAW IPV6_MULTIPLE_TABLES IP_NF_RAW IP_SET IP_VS IP_VS_NQ IP_VS_OVF IP_VS_PE_SIP IP_VS_PROTO_AH IP_VS_PROTO_AH_ESP IP_VS_PROTO_ESP IP_VS_PROTO_SCTP IP_VS_PROTO_UDP IP_VS_RR IP_VS_SED IP_VS_SH IP_VS_TWOS IP_VS_WLC IP_VS_WRR IRQ_BYPASS_MANAGER IRQ_POLL IR_IGORPLUGUSB IR_IGUANA IR_IMON IR_IMON_RAW IR_MCEUSB IR_REDRAT3 IR_STREAMZAP IR_TOY IR_TTUSBIR ISDN ISDN_CAPI_MIDDLEWARE JFFS2_CMODE_PRIORITY JFFS2_COMPRESSION_OPTIONS JFFS2_FS JFFS2_FS_POSIX_ACL JFFS2_FS_SECURITY JFFS2_FS_WRITEBUFFER JFFS2_FS_XATTR JFFS2_LZO JFFS2_RTIME JFFS2_RUBIN JFFS2_SUMMARY JFFS2_ZLIB JFS_DEBUG JFS_FS JFS_POSIX_ACL JFS_SECURITY JOYSTICK_IFORCE JOYSTICK_IFORCE_USB JOYSTICK_PXRC JOYSTICK_XPAD JOYSTICK_XPAD_FF JOYSTICK_XPAD_LEDS KARMA_PARTITION KCOV KCOV_ENABLE_COMPARISONS KCOV_INSTRUMENT_ALL KEYS_REQUEST_CACHE KEY_DH_OPERATIONS KEY_NOTIFICATIONS KSM KVM KVM_AMD KVM_ASYNC_PF KVM_COMPAT KVM_GENERIC_DIRTYLOG_READ_PROTECT KVM_MMIO KVM_VFIO KVM_XEN KVM_XFER_TO_GUEST_WORK L2TP L2TP_ETH L2TP_IP L2TP_V3 LAPB LAPBETHER LDM_PARTITION LEDS_TRIGGER_AUDIO LEGACY_PTYS LIBCRC32C LIBNVDIMM LINEAR_RANGES LLC LLC2 LOGIG940_FF LOGIRUMBLEPAD2_FF LOGO LOGO_LINUX_MONO LOGO_LINUX_VGA16 LPC_ICH LWTUNNEL LWTUNNEL_BPF LZ4HC_COMPRESS LZ4_COMPRESS MAC80211 MAC80211_DEBUGFS MAC80211_HAS_RC MAC80211_HWSIM MAC80211_MESH MAC80211_RC_DEFAULT_MINSTREL MAC80211_RC_MINSTREL MACSEC MACVLAN MACVTAP MAC_PARTITION MAPPING_DIRTY_HELPERS MDIO_MVUSB MD_LINEAR MD_MULTIPATH MD_RAID0 MD_RAID1 MD_RAID10 MD_RAID456 MEDIA_ANALOG_TV_SUPPORT MEDIA_ATTACH MEDIA_CONTROLLER MEDIA_CONTROLLER_DVB MEDIA_CONTROLLER_REQUEST_API MEDIA_DIGITAL_TV_SUPPORT MEDIA_RADIO_SUPPORT MEDIA_SDR_SUPPORT MEDIA_SUPPORT MEDIA_SUPPORT_FILTER MEDIA_TUNER MEDIA_TUNER_MSI001 MEMORY_BALLOON MEMORY_HOTPLUG MEMORY_HOTPLUG_DEFAULT_ONLINE MEMORY_ISOLATION MEMREGION MEMSTICK MEMSTICK_REALTEK_USB MEM_SOFT_DIRTY MFD_CORE MFD_SYSCON MHI_BUS MHI_WWAN_CTRL MHP_MEMMAP_ON_MEMORY MICROCHIP_PHY MINIX_FS MINIX_SUBPARTITION MISC_RTSX MISC_RTSX_USB MISDN MISDN_DSP MISDN_HFCUSB MISDN_L1OIP MKISS MLX4_CORE MLX4_INFINIBAND MMC MMC_REALTEK_USB MMC_USHC MMC_VUB300 MMU_NOTIFIER MODULE_SRCVERSION_ALL MODVERSIONS MOST MOST_USB_HDM MOUSE_APPLETOUCH MOUSE_BCM5974 MOUSE_PS2 MOUSE_PS2_ALPS MOUSE_PS2_BYD MOUSE_PS2_CYPRESS MOUSE_PS2_FOCALTECH MOUSE_PS2_LIFEBOOK MOUSE_PS2_LOGIPS2PP MOUSE_PS2_SMBUS MOUSE_PS2_SYNAPTICS MOUSE_PS2_SYNAPTICS_SMBUS MOUSE_PS2_TRACKPOINT MOUSE_SYNAPTICS_USB MPLS MPLS_IPTUNNEL MPLS_ROUTING MPTCP MPTCP_IPV6 MRP MTD MTD_BLKDEVS MTD_BLOCK MTD_BLOCK2MTD MTD_CFI_I1 MTD_CFI_I2 MTD_MAP_BANK_WIDTH_1 MTD_MAP_BANK_WIDTH_2 MTD_MAP_BANK_WIDTH_4 MTD_MTDRAM MTD_PHRAM MTD_SLRAM MUSB_PIO_ONLY ND_BTT ND_CLAIM ND_PFN NETDEVSIM NETFILTER_ADVANCED NETFILTER_FAMILY_ARP NETFILTER_FAMILY_BRIDGE NETFILTER_NETLINK_ACCT NETFILTER_NETLINK_GLUE_CT NETFILTER_NETLINK_OSF NETFILTER_NETLINK_QUEUE NETFILTER_SYNPROXY NETFILTER_XT_CONNMARK NETFILTER_XT_MATCH_BPF NETFILTER_XT_MATCH_CGROUP NETFILTER_XT_MATCH_CLUSTER NETFILTER_XT_MATCH_COMMENT NETFILTER_XT_MATCH_CONNBYTES NETFILTER_XT_MATCH_CONNLABEL NETFILTER_XT_MATCH_CONNLIMIT NETFILTER_XT_MATCH_CONNMARK NETFILTER_XT_MATCH_CPU NETFILTER_XT_MATCH_DCCP NETFILTER_XT_MATCH_DEVGROUP NETFILTER_XT_MATCH_DSCP NETFILTER_XT_MATCH_ECN NETFILTER_XT_MATCH_ESP NETFILTER_XT_MATCH_HASHLIMIT NETFILTER_XT_MATCH_HELPER NETFILTER_XT_MATCH_HL NETFILTER_XT_MATCH_IPCOMP NETFILTER_XT_MATCH_IPRANGE NETFILTER_XT_MATCH_IPVS NETFILTER_XT_MATCH_L2TP NETFILTER_XT_MATCH_LENGTH NETFILTER_XT_MATCH_LIMIT NETFILTER_XT_MATCH_MAC NETFILTER_XT_MATCH_MARK NETFILTER_XT_MATCH_MULTIPORT NETFILTER_XT_MATCH_NFACCT NETFILTER_XT_MATCH_OSF NETFILTER_XT_MATCH_OWNER NETFILTER_XT_MATCH_PHYSDEV NETFILTER_XT_MATCH_PKTTYPE NETFILTER_XT_MATCH_QUOTA NETFILTER_XT_MATCH_RATEEST NETFILTER_XT_MATCH_REALM NETFILTER_XT_MATCH_RECENT NETFILTER_XT_MATCH_SCTP NETFILTER_XT_MATCH_SOCKET NETFILTER_XT_MATCH_STATISTIC NETFILTER_XT_MATCH_STRING NETFILTER_XT_MATCH_TCPMSS NETFILTER_XT_MATCH_TIME NETFILTER_XT_MATCH_U32 NETFILTER_XT_SET NETFILTER_XT_TARGET_AUDIT NETFILTER_XT_TARGET_CHECKSUM NETFILTER_XT_TARGET_CLASSIFY NETFILTER_XT_TARGET_CONNMARK NETFILTER_XT_TARGET_CT NETFILTER_XT_TARGET_DSCP NETFILTER_XT_TARGET_HL NETFILTER_XT_TARGET_HMARK NETFILTER_XT_TARGET_IDLETIMER NETFILTER_XT_TARGET_LED NETFILTER_XT_TARGET_MARK NETFILTER_XT_TARGET_NETMAP NETFILTER_XT_TARGET_NFQUEUE NETFILTER_XT_TARGET_NOTRACK NETFILTER_XT_TARGET_RATEEST NETFILTER_XT_TARGET_REDIRECT NETFILTER_XT_TARGET_TCPOPTSTRIP NETFILTER_XT_TARGET_TEE NETFILTER_XT_TARGET_TPROXY NETFILTER_XT_TARGET_TRACE NETLABEL NETLINK_DIAG NETROM NET_9P_RDMA NET_ACT_BPF NET_ACT_CONNMARK NET_ACT_CSUM NET_ACT_CT NET_ACT_CTINFO NET_ACT_GATE NET_ACT_IFE NET_ACT_IPT NET_ACT_MPLS NET_ACT_NAT NET_ACT_PEDIT NET_ACT_POLICE NET_ACT_SAMPLE NET_ACT_SIMP NET_ACT_SKBEDIT NET_ACT_SKBMOD NET_ACT_TUNNEL_KEY NET_ACT_VLAN NET_CLS_BASIC NET_CLS_BPF NET_CLS_FLOW NET_CLS_FLOWER NET_CLS_FW NET_CLS_MATCHALL NET_CLS_ROUTE4 NET_DEVLINK NET_DROP_MONITOR NET_DSA NET_DSA_TAG_BRCM NET_DSA_TAG_BRCM_COMMON NET_DSA_TAG_BRCM_PREPEND NET_DSA_TAG_MTK NET_DSA_TAG_QCA NET_DSA_TAG_RTL4_A NET_EMATCH_CANID NET_EMATCH_CMP NET_EMATCH_IPSET NET_EMATCH_IPT NET_EMATCH_META NET_EMATCH_NBYTE NET_EMATCH_TEXT NET_EMATCH_U32 NET_FC NET_FOU NET_FOU_IP_TUNNELS NET_IFE NET_IFE_SKBMARK NET_IFE_SKBPRIO NET_IFE_SKBTCINDEX NET_IPGRE NET_IPGRE_BROADCAST NET_IPGRE_DEMUX NET_IPIP NET_IPVTI NET_KEY NET_KEY_MIGRATE NET_L3_MASTER_DEV NET_MPLS_GSO NET_NCSI NET_NSH NET_REDIRECT NET_SCH_CAKE NET_SCH_CBS NET_SCH_CHOKE NET_SCH_CODEL NET_SCH_DRR NET_SCH_ETF NET_SCH_ETS NET_SCH_FQ NET_SCH_FQ_CODEL NET_SCH_FQ_PIE NET_SCH_GRED NET_SCH_HFSC NET_SCH_HHF NET_SCH_HTB NET_SCH_INGRESS NET_SCH_MQPRIO NET_SCH_MULTIQ NET_SCH_NETEM NET_SCH_PIE NET_SCH_PLUG NET_SCH_PRIO NET_SCH_QFQ NET_SCH_RED NET_SCH_SFB NET_SCH_SFQ NET_SCH_SKBPRIO NET_SCH_TAPRIO NET_SCH_TBF NET_SCH_TEQL NET_SOCK_MSG NET_SWITCHDEV NET_TC_SKB_EXT NET_TEAM NET_TEAM_MODE_ACTIVEBACKUP NET_TEAM_MODE_BROADCAST NET_TEAM_MODE_LOADBALANCE NET_TEAM_MODE_RANDOM NET_TEAM_MODE_ROUNDROBIN NET_UDP_TUNNEL NET_VRF NFC NFC_DIGITAL NFC_FDP NFC_HCI NFC_MRVL NFC_MRVL_USB NFC_NCI NFC_NCI_UART NFC_PN533 NFC_PN533_USB NFC_PORT100 NFC_SHDLC NFC_SIM NFC_VIRTUAL_NCI NFSD NFSD_BLOCKLAYOUT NFSD_FLEXFILELAYOUT NFSD_PNFS NFSD_SCSILAYOUT NFSD_V3_ACL NFSD_V4 NFSD_V4_2_INTER_SSC NFSD_V4_SECURITY_LABEL NFS_FSCACHE NFS_V4_1 NFS_V4_2 NFS_V4_2_READ_PLUS NFS_V4_2_SSC_HELPER NFS_V4_SECURITY_LABEL NFT_BRIDGE_META NFT_BRIDGE_REJECT NFT_COMPAT NFT_CONNLIMIT NFT_CT NFT_DUP_IPV4 NFT_DUP_IPV6 NFT_DUP_NETDEV NFT_FIB NFT_FIB_INET NFT_FIB_IPV4 NFT_FIB_IPV6 NFT_FIB_NETDEV NFT_FLOW_OFFLOAD NFT_HASH NFT_LIMIT NFT_LOG NFT_MASQ NFT_NAT NFT_NUMGEN NFT_OSF NFT_QUEUE NFT_QUOTA NFT_REDIR NFT_REJECT NFT_REJECT_INET NFT_REJECT_IPV4 NFT_REJECT_IPV6 NFT_REJECT_NETDEV NFT_SOCKET NFT_SYNPROXY NFT_TPROXY NFT_TUNNEL NFT_XFRM NF_CONNTRACK_AMANDA NF_CONNTRACK_BRIDGE NF_CONNTRACK_BROADCAST NF_CONNTRACK_EVENTS NF_CONNTRACK_H323 NF_CONNTRACK_LABELS NF_CONNTRACK_MARK NF_CONNTRACK_NETBIOS_NS NF_CONNTRACK_PPTP NF_CONNTRACK_SANE NF_CONNTRACK_SNMP NF_CONNTRACK_TFTP NF_CONNTRACK_TIMEOUT NF_CONNTRACK_TIMESTAMP NF_CONNTRACK_ZONES NF_CT_NETLINK_HELPER NF_CT_NETLINK_TIMEOUT NF_CT_PROTO_DCCP NF_CT_PROTO_GRE NF_CT_PROTO_SCTP NF_CT_PROTO_UDPLITE NF_DUP_IPV4 NF_DUP_IPV6 NF_DUP_NETDEV NF_FLOW_TABLE NF_FLOW_TABLE_INET NF_NAT_AMANDA NF_NAT_H323 NF_NAT_PPTP NF_NAT_REDIRECT NF_NAT_SNMP_BASIC NF_NAT_TFTP NF_SOCKET_IPV4 NF_SOCKET_IPV6 NF_TABLES NF_TABLES_ARP NF_TABLES_BRIDGE NF_TABLES_INET NF_TABLES_IPV4 NF_TABLES_IPV6 NF_TABLES_NETDEV NF_TPROXY_IPV4 NF_TPROXY_IPV6 NILFS2_FS NINTENDO_FF NLMON NLS_CODEPAGE_1250 NLS_CODEPAGE_1251 NLS_CODEPAGE_737 NLS_CODEPAGE_775 NLS_CODEPAGE_850 NLS_CODEPAGE_852 NLS_CODEPAGE_855 NLS_CODEPAGE_857 PARTITION_ADVANCED PSAMPLE RC_CORE RC_DEVICES RFKILL SPI USB_GADGET USB_MUSB_HDRC VIDEO_DEV WAN WATCH_QUEUE WIRELESS WLAN WWAN X25 X86_X32_ABI] disabling configs for [KASAN LOCKDEP ATOMIC_SLEEP HANG LEAK BUG], they are not needed testing current HEAD e526b12bf9169887f8cfe5afed2b10e56bdca4c3 testing commit e526b12bf9169887f8cfe5afed2b10e56bdca4c3 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 5e4274754b4393991275c7b0718ea404cb0b796d08698bba6fdbe1d0d578dbf6 all runs: OK false negative chance: 0.000 # git bisect start e526b12bf9169887f8cfe5afed2b10e56bdca4c3 117ac406ba904da738fb79a3b2c96d4a385292c1 Bisecting: 393 revisions left to test after this (roughly 9 steps) [ad638686c57ee9229575a7933b092fbc62c36549] thermal: of: Fix OF node leak in thermal_of_trips_init() error path determine whether the revision contains the guilty commit revision 117ac406ba904da738fb79a3b2c96d4a385292c1 crashed and is reachable testing commit ad638686c57ee9229575a7933b092fbc62c36549 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 4482160aa630ea17b23eb5c990203ab7385eb115879a7e92eae02db63e09eb15 all runs: OK false negative chance: 0.000 # git bisect bad ad638686c57ee9229575a7933b092fbc62c36549 Bisecting: 196 revisions left to test after this (roughly 8 steps) [662e44b6c125db2d21b0fae6f698836398603837] drm/rockchip: vop2: clear afbc en and transform bit for cluster window at linear mode determine whether the revision contains the guilty commit revision 117ac406ba904da738fb79a3b2c96d4a385292c1 crashed and is reachable testing commit 662e44b6c125db2d21b0fae6f698836398603837 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 8bf12103b798ad51f803747a0b19550254223802b08194f291c5da58ed249bbe all runs: OK false negative chance: 0.000 # git bisect bad 662e44b6c125db2d21b0fae6f698836398603837 Bisecting: 98 revisions left to test after this (roughly 7 steps) [f2a3618e0f6742d79f47d090d7474f217c9192ba] erofs: avoid debugging output for (de)compressed data determine whether the revision contains the guilty commit revision 117ac406ba904da738fb79a3b2c96d4a385292c1 crashed and is reachable testing commit f2a3618e0f6742d79f47d090d7474f217c9192ba gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 3db50f466ed37e2cacf97560508a90da2c2ec723da4099f22532e9d247819e95 all runs: crashed: UBSAN: shift-out-of-bounds in dbDiscardAG representative crash: UBSAN: shift-out-of-bounds in dbDiscardAG, types: [UBSAN] # git bisect good f2a3618e0f6742d79f47d090d7474f217c9192ba Bisecting: 49 revisions left to test after this (roughly 6 steps) [fb1adb05ea87b6149e65a31e511756c4f470d0cd] netfilter: nf_tables: Add locking for NFT_MSG_GETOBJ_RESET requests determine whether the revision contains the guilty commit revision f2a3618e0f6742d79f47d090d7474f217c9192ba crashed and is reachable testing commit fb1adb05ea87b6149e65a31e511756c4f470d0cd gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: c066d09e693baf2a5c3f3faa79edafaee219fec5703d6b726b0d2163bbdb4ea7 all runs: OK false negative chance: 0.000 # git bisect bad fb1adb05ea87b6149e65a31e511756c4f470d0cd Bisecting: 24 revisions left to test after this (roughly 5 steps) [6f1df9615260eb5b73ff5b09f04a272843ccee0f] fs/ntfs3: Do copy_to_user out of run_lock determine whether the revision contains the guilty commit revision 117ac406ba904da738fb79a3b2c96d4a385292c1 crashed and is reachable testing commit 6f1df9615260eb5b73ff5b09f04a272843ccee0f gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 3e3e72fdf772b5429e0ca4068b1c03dfb36eb462e30ab013633d5dabdb3c7400 all runs: OK false negative chance: 0.000 # git bisect bad 6f1df9615260eb5b73ff5b09f04a272843ccee0f Bisecting: 11 revisions left to test after this (roughly 4 steps) [774b664d068d0bc85095c24659b60e027bf42beb] docs/bpf: Document BPF_MAP_TYPE_LPM_TRIE map determine whether the revision contains the guilty commit revision f2a3618e0f6742d79f47d090d7474f217c9192ba crashed and is reachable testing commit 774b664d068d0bc85095c24659b60e027bf42beb gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 332e80b16f37c76ffed9d7abbf00f60cc0ec461ac34c3f554356669fbeffa00f all runs: crashed: UBSAN: shift-out-of-bounds in dbDiscardAG representative crash: UBSAN: shift-out-of-bounds in dbDiscardAG, types: [UBSAN] # git bisect good 774b664d068d0bc85095c24659b60e027bf42beb Bisecting: 5 revisions left to test after this (roughly 3 steps) [0752e7fb549d90c33b4d4186f11cfd25a556d1dd] ext4: do not create EA inode under buffer lock determine whether the revision contains the guilty commit revision 774b664d068d0bc85095c24659b60e027bf42beb crashed and is reachable testing commit 0752e7fb549d90c33b4d4186f11cfd25a556d1dd gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: e9145b1c12b22a8a6c89331bd648608eb25e31538cf01082ed8a9b014763c9ef all runs: crashed: UBSAN: shift-out-of-bounds in dbDiscardAG representative crash: UBSAN: shift-out-of-bounds in dbDiscardAG, types: [UBSAN] # git bisect good 0752e7fb549d90c33b4d4186f11cfd25a556d1dd Bisecting: 2 revisions left to test after this (roughly 2 steps) [5a2e37bc648a2503bf6d687aed27b9f4455d82eb] fou: remove warn in gue_gro_receive on unsupported protocol determine whether the revision contains the guilty commit revision 0752e7fb549d90c33b4d4186f11cfd25a556d1dd crashed and is reachable testing commit 5a2e37bc648a2503bf6d687aed27b9f4455d82eb gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: e9b0b060c159d3e78c5a92c3f0ca38cb652f1bede0bbc717056a9c4327fc4b06 all runs: crashed: UBSAN: shift-out-of-bounds in dbDiscardAG representative crash: UBSAN: shift-out-of-bounds in dbDiscardAG, types: [UBSAN] # git bisect good 5a2e37bc648a2503bf6d687aed27b9f4455d82eb Bisecting: 0 revisions left to test after this (roughly 1 step) [bd04a149e3a29e7f71b7956ed41dba34e42d539e] jfs: Fix shift-out-of-bounds in dbDiscardAG determine whether the revision contains the guilty commit revision 774b664d068d0bc85095c24659b60e027bf42beb crashed and is reachable testing commit bd04a149e3a29e7f71b7956ed41dba34e42d539e gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: abf22bd7e2e61e0325d610af3e90a20cc431ae77a120976466f84a4d4eeeb44a all runs: OK false negative chance: 0.000 # git bisect bad bd04a149e3a29e7f71b7956ed41dba34e42d539e Bisecting: 0 revisions left to test after this (roughly 0 steps) [53023ab11836ac56fd75f7a71ec1356e50920fa9] jfs: fix null ptr deref in dtInsertEntry determine whether the revision contains the guilty commit revision 0752e7fb549d90c33b4d4186f11cfd25a556d1dd crashed and is reachable testing commit 53023ab11836ac56fd75f7a71ec1356e50920fa9 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: a632f6721393cfa2f04455beba3459a0019b7d73a7d8fa0634f1b694e2fa4a1a all runs: crashed: UBSAN: shift-out-of-bounds in dbDiscardAG representative crash: UBSAN: shift-out-of-bounds in dbDiscardAG, types: [UBSAN] # git bisect good 53023ab11836ac56fd75f7a71ec1356e50920fa9 bd04a149e3a29e7f71b7956ed41dba34e42d539e is the first bad commit commit bd04a149e3a29e7f71b7956ed41dba34e42d539e Author: Pei Li Date: Tue Jun 25 09:42:05 2024 -0700 jfs: Fix shift-out-of-bounds in dbDiscardAG [ Upstream commit 7063b80268e2593e58bee8a8d709c2f3ff93e2f2 ] When searching for the next smaller log2 block, BLKSTOL2() returned 0, causing shift exponent -1 to be negative. This patch fixes the issue by exiting the loop directly when negative shift is found. Reported-by: syzbot+61be3359d2ee3467e7e4@syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=61be3359d2ee3467e7e4 Signed-off-by: Pei Li Signed-off-by: Dave Kleikamp Signed-off-by: Sasha Levin fs/jfs/jfs_dmap.c | 2 ++ 1 file changed, 2 insertions(+) accumulated error probability: 0.00 culprit signature: abf22bd7e2e61e0325d610af3e90a20cc431ae77a120976466f84a4d4eeeb44a parent signature: a632f6721393cfa2f04455beba3459a0019b7d73a7d8fa0634f1b694e2fa4a1a revisions tested: 18, total time: 3h16m11.409741469s (build: 1h14m14.587031185s, test: 1h56m31.076637818s) first good commit: bd04a149e3a29e7f71b7956ed41dba34e42d539e jfs: Fix shift-out-of-bounds in dbDiscardAG recipients (to): ["dave.kleikamp@oracle.com" "peili.dev@gmail.com" "sashal@kernel.org"] recipients (cc): []