ci starts bisection 2026-01-14 19:56:51.975247446 +0000 UTC m=+4262201.500733572 bisecting fixing commit since 499551201b5f4fd3c0618a3e95e3d0d15ea18f31 building syzkaller on d7f584ee3c24504bb07d04526a23b7d8df38b8ed ensuring issue is reproducible on original commit 499551201b5f4fd3c0618a3e95e3d0d15ea18f31 testing commit 499551201b5f4fd3c0618a3e95e3d0d15ea18f31 gcc compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8 kernel signature: eac43999aa2bfe9967ae4a44c34fd6fdf38ba235e02632170767d17652041399 all runs: crashed: kernel BUG in ocfs2_set_new_buffer_uptodate representative crash: kernel BUG in ocfs2_set_new_buffer_uptodate, types: [BUG] check whether we can drop unnecessary instrumentation disabling configs for [hang memleak ubsan kasan locking atomic_sleep], they are not needed testing commit 499551201b5f4fd3c0618a3e95e3d0d15ea18f31 gcc compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8 kernel signature: 1b296065031f1b2f2fc9a220ab4fdc60deb5582228ac28cc143a52fcca823419 all runs: crashed: kernel BUG in ocfs2_set_new_buffer_uptodate representative crash: kernel BUG in ocfs2_set_new_buffer_uptodate, types: [BUG] the bug reproduces without the instrumentation disabling configs for [ubsan kasan locking atomic_sleep hang memleak], they are not needed kconfig minimization: base=4116 full=8243 leaves diff=2163 split chunks (needed=false): <2163> split chunk #0 of len 2163 into 5 parts testing without sub-chunk 1/5 disabling configs for [atomic_sleep hang memleak ubsan kasan locking], they are not needed testing commit 499551201b5f4fd3c0618a3e95e3d0d15ea18f31 gcc compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8 kernel signature: 2893bd27d32ca3b6038ea76ec27be2f5aa0924176c10d66220603182cb5f2162 all runs: crashed: kernel BUG in ocfs2_set_new_buffer_uptodate representative crash: kernel BUG in ocfs2_set_new_buffer_uptodate, types: [BUG] the chunk can be dropped testing without sub-chunk 2/5 disabling configs for [hang memleak ubsan kasan locking atomic_sleep], they are not needed testing commit 499551201b5f4fd3c0618a3e95e3d0d15ea18f31 gcc compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8 kernel signature: 8c00b8350591522ab7a7d39508a8cde4015a9e4c607e2be02256ba50a47dbcec all runs: crashed: kernel BUG in ocfs2_set_new_buffer_uptodate representative crash: kernel BUG in ocfs2_set_new_buffer_uptodate, types: [BUG] the chunk can be dropped testing without sub-chunk 3/5 disabling configs for [kasan locking atomic_sleep hang memleak ubsan], they are not needed testing commit 499551201b5f4fd3c0618a3e95e3d0d15ea18f31 gcc compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8 kernel signature: a8034ee31408a34be6a178ddf59ce817b279410f40e5f1b6063a70447f7030e1 all runs: crashed: kernel BUG in ocfs2_set_new_buffer_uptodate representative crash: kernel BUG in ocfs2_set_new_buffer_uptodate, types: [BUG] the chunk can be dropped testing without sub-chunk 4/5 disabling configs for [ubsan kasan locking atomic_sleep hang memleak], they are not needed testing commit 499551201b5f4fd3c0618a3e95e3d0d15ea18f31 gcc compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8 kernel signature: 107e52f8f90c1f9730b39f7f8990b5d63ba88093d0ce011e8330191242a65858 all runs: OK false negative chance: 0.000 testing without sub-chunk 5/5 disabling configs for [kasan locking atomic_sleep hang memleak ubsan], they are not needed testing commit 499551201b5f4fd3c0618a3e95e3d0d15ea18f31 gcc compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8 kernel signature: e2104cd87aebfcfe96e7a3c486b6a51e0b8ba878ddf726a071a3a88fd559186f all runs: crashed: kernel BUG in ocfs2_set_new_buffer_uptodate representative crash: kernel BUG in ocfs2_set_new_buffer_uptodate, types: [BUG] the chunk can be dropped minimized to 433 configs; suspects: [AF_RXRPC ARCH_ENABLE_MEMORY_HOTREMOVE ARCH_HAS_PTE_DEVMAP ATM AX25 BT BT_BREDR BT_HIDP BXT_WC_PMIC_OPREGION CFG80211 CMA CRYPTO_CTS DAX DLM DRM DVB_CORE ENCRYPTED_KEYS EXTCON GENEVE GPIOLIB HAMRADIO HAVE_CLK HID_NINTENDO HID_NVIDIA_SHIELD HID_PLAYSTATION HID_SENSOR_HUB HID_SMARTJOYPLUS HID_STEAM HID_THRUSTMASTER IIO INFINIBAND INFINIBAND_ADDR_TRANS INFINIBAND_IPOIB INFINIBAND_USER_ACCESS INFINIBAND_VIRT_DMA INPUT_TABLET INPUT_TOUCHSCREEN INTEL_SCU_IPC INTEL_SOC_PMIC_BXTWC IP_SCTP L2TP LEDS_CLASS_MULTICOLOR LIBNVDIMM MAC80211 MCORE2 MEDIA_COMMON_OPTIONS MEDIA_DIGITAL_TV_SUPPORT MEDIA_PLATFORM_SUPPORT MEDIA_RADIO_SUPPORT MEDIA_SDR_SUPPORT MEDIA_SUPPORT MEDIA_USB_SUPPORT MEMORY_HOTPLUG MEMORY_HOTREMOVE MFD_DLN2 MFD_INTEL_PMC_BXT MFD_MT6360 MFD_MT6370 MFD_RETU MMC MTD MTD_UBI NETFILTER_CONNCOUNT NET_IPGRE NET_IPGRE_DEMUX NFS_V4_1 NF_SOCKET_IPV6 NF_TPROXY_IPV4 NF_TPROXY_IPV6 NILFS2_FS NINTENDO_FF NLMON NLS_CODEPAGE_1250 NLS_CODEPAGE_1251 NLS_CODEPAGE_737 NLS_CODEPAGE_775 NLS_CODEPAGE_850 NLS_CODEPAGE_852 NLS_CODEPAGE_855 NLS_CODEPAGE_857 NLS_CODEPAGE_860 NLS_CODEPAGE_861 NLS_CODEPAGE_862 NLS_CODEPAGE_863 NLS_CODEPAGE_864 NLS_CODEPAGE_865 NLS_CODEPAGE_866 NLS_CODEPAGE_869 NLS_CODEPAGE_874 NLS_CODEPAGE_932 NLS_CODEPAGE_936 NLS_CODEPAGE_949 NLS_CODEPAGE_950 NLS_ISO8859_13 NLS_ISO8859_14 NLS_ISO8859_15 NLS_ISO8859_2 NLS_ISO8859_3 NLS_ISO8859_4 NLS_ISO8859_5 NLS_ISO8859_6 NLS_ISO8859_7 NLS_ISO8859_8 NLS_ISO8859_9 NLS_KOI8_R NLS_KOI8_U NLS_MAC_CELTIC NLS_MAC_CENTEURO NLS_MAC_CROATIAN NLS_MAC_CYRILLIC NLS_MAC_GAELIC NLS_MAC_GREEK NLS_MAC_ICELAND NLS_MAC_INUIT NLS_MAC_ROMAN NLS_MAC_ROMANIAN NLS_MAC_TURKISH NLS_UCS2_UTILS NOZOMI NTFS3_FS NTFS3_FS_POSIX_ACL NTFS3_LZX_XPRESS NULL_TTY NUMA_BALANCING NUMA_BALANCING_DEFAULT_ENABLED NUMA_EMU NUMA_KEEP_MEMINFO NVDIMM_DAX NVDIMM_KEYS NVDIMM_PFN NVIDIA_SHIELD_FF NVME_CORE NVME_FABRICS NVME_FC NVME_MULTIPATH NVME_RDMA NVME_TARGET NVME_TARGET_FC NVME_TARGET_FCLOOP NVME_TARGET_LOOP NVME_TARGET_RDMA NVME_TARGET_TCP NVME_TCP N_GSM N_HDLC OCFS2_DEBUG_FS OCFS2_FS OCFS2_FS_O2CB OCFS2_FS_STATS OCFS2_FS_USERSPACE_CLUSTER OF_GPIO OF_PMEM OMFS_FS OPENVSWITCH OPENVSWITCH_GENEVE OPENVSWITCH_GRE OPENVSWITCH_VXLAN ORANGEFS_FS OSF_PARTITION OVERLAY_FS OVERLAY_FS_DEBUG OVERLAY_FS_INDEX OVERLAY_FS_REDIRECT_ALWAYS_FOLLOW OVERLAY_FS_REDIRECT_DIR PACKET_DIAG PAGE_IDLE_FLAG PAGE_REPORTING PAHOLE_HAS_BTF_TAG PAHOLE_HAS_LANG_EXCLUDE PAHOLE_HAS_SPLIT_BTF PARPORT PARPORT_NOT_PC PARTITION_ADVANCED PCCARD PCCARD_NONSTATIC PCIEAER PCI_ENDPOINT PCI_IOV PCMCIA PCMCIA_LOAD_CIS PERCPU_STATS PERSISTENT_KEYRINGS PHONET PHYLINK PHY_CPCAP_USB PHY_QCOM_USB_HS PHY_QCOM_USB_HSIC PHY_SAMSUNG_USB2 PHY_TUSB1210 PKCS7_TEST_KEY PKCS8_PRIVATE_KEY_PARSER PLAYSTATION_FF PLFXLC PMIC_OPREGION PM_CLK PNFS_BLOCK PNFS_FILE_LAYOUT PNFS_FLEXFILE_LAYOUT PPP PPPOATM PPPOE PPPOE_HASH_BITS_1 PPPOL2TP PPP_ASYNC PPP_BSDCOMP PPP_DEFLATE PPP_FILTER PPP_MPPE PPP_MULTILINK PPP_SYNC_TTY PPTP PREEMPT PREEMPT_NOTIFIERS PROC_CHILDREN PROC_PID_CPUSET PSAMPLE PSI PSTORE PSTORE_COMPRESS PTDUMP_CORE QCOM_QMI_HELPERS QNX4FS_FS QNX6FS_FS QRTR QRTR_TUN RADIO_ADAPTERS RADIO_SHARK RADIO_SHARK2 RADIO_TEA575X RAID6_PQ RAID_ATTRS RC_ATI_REMOTE RC_CORE RC_DEVICES RC_XBOX_DVD RDMA_RXE RDMA_SIW RDS RDS_RDMA RDS_TCP READ_ONLY_THP_FOR_FS REALTEK_AUTOPM REED_SOLOMON REED_SOLOMON_DEC8 REGMAP REGMAP_I2C REGMAP_IRQ REGMAP_MMIO REGMAP_SPI REGULATOR REGULATOR_FIXED_VOLTAGE REGULATOR_TWL4030 RESET_CONTROLLER RFKILL RFKILL_INPUT RFKILL_LEDS RMI4_2D_SENSOR RMI4_CORE RMI4_F03 RMI4_F03_SERIO RMI4_F11 RMI4_F12 RMI4_F30 RMI4_F3A ROMFS_BACKED_BY_BOTH ROMFS_FS ROMFS_ON_BLOCK ROMFS_ON_MTD ROSE RPCSEC_GSS_KRB5_ENCTYPES_AES_SHA1 RTC_DRV_HID_SENSOR_TIME RXKAD SCHED_CORE SCREEN_INFO SCSI_FC_ATTRS SCSI_HPSA SCSI_ISCSI_ATTRS SCSI_LOGGING SCSI_NETLINK SCSI_SAS_ATA SCSI_SAS_ATTRS SCSI_SAS_LIBSAS SCSI_SCAN_ASYNC SCSI_SRP_ATTRS SCTP_COOKIE_HMAC_MD5 SCTP_COOKIE_HMAC_SHA1 SCTP_DEFAULT_COOKIE_HMAC_MD5 SECONDARY_TRUSTED_KEYRING SECURITY_INFINIBAND SECURITY_NETWORK_XFRM SENSORS_AQUACOMPUTER_D5NEXT SENSORS_CORSAIR_CPRO SENSORS_CORSAIR_PSU SENSORS_GIGABYTE_WATERFORCE SENSORS_NZXT_KRAKEN2 SENSORS_NZXT_SMART2 SENSORS_POWERZ SERIAL_DEV_BUS SERIAL_DEV_CTRL_TTYPORT SERIAL_MCTRL_GPIO SGI_PARTITION SIGNATURE SIGNED_PE_FILE_VERIFICATION SKB_DECRYPTED SLHC SLIP SLIP_COMPRESSED SLIP_MODE_SLIP6 SLIP_SMART SMARTJOYPLUS_FF SMBFS SMB_SERVER SMC SMC_DIAG SMSC_PHY SMS_SDIO_DRV SMS_SIANO_DEBUGFS SMS_SIANO_MDTV SMS_SIANO_RC SMS_USB_DRV SND SND_ALOOP SND_BCD2000 SND_CTL_FAST_LOOKUP SND_CTL_LED SND_DEBUG SND_DMA_SGBUF SND_DRIVERS SND_DUMMY SND_DYNAMIC_MINORS SND_HDA SND_HDA_CODEC_ANALOG SND_HDA_CODEC_CA0110 SND_HDA_CODEC_CA0132 SND_HDA_CODEC_CIRRUS SND_HDA_CODEC_CMEDIA SND_HDA_CODEC_CONEXANT SND_HDA_CODEC_HDMI SND_HDA_CODEC_REALTEK SND_HDA_CODEC_SI3054 SND_HDA_CODEC_SIGMATEL SND_HDA_CODEC_VIA SND_HDA_COMPONENT SND_HDA_CORE SND_HDA_GENERIC SND_HDA_GENERIC_LEDS SND_HDA_HWDEP SND_HDA_I915 SND_HDA_INPUT_BEEP SND_HDA_INTEL SND_HDA_PATCH_LOADER SND_HDA_RECONFIG SND_HDA_SCODEC_COMPONENT SND_HRTIMER SND_HWDEP SND_INTEL_DSP_CONFIG SND_INTEL_NHLT SND_INTEL_SOUNDWIRE_ACPI SND_JACK SND_JACK_INPUT_DEV SND_MIXER_OSS SND_OSSEMUL SND_PCI SND_PCM SND_PCMCIA SND_PCM_OSS SND_PCM_OSS_PLUGINS SND_PCM_TIMER SND_PCM_XRUN_DEBUG SND_PROC_FS SND_RAWMIDI SND_SEQUENCER SND_SEQUENCER_OSS SND_SEQ_DEVICE SND_SEQ_DUMMY SND_SEQ_HRTIMER_DEFAULT SND_SEQ_MIDI SND_SEQ_MIDI_EVENT SND_SEQ_UMP_CLIENT SND_SEQ_VIRMIDI SND_SOC SND_SOC_I2C_AND_SPI SND_SOC_SDCA_OPTIONAL SND_SUPPORT_OLD_API SND_TIMER SND_UMP SND_UMP_LEGACY_RAWMIDI SND_USB SND_USB_6FIRE SND_USB_AUDIO SND_USB_AUDIO_MIDI_V2 SND_USB_AUDIO_USE_MEDIA_CONTROLLER SND_USB_CAIAQ SND_USB_CAIAQ_INPUT SND_USB_HIFACE SND_USB_LINE6 SND_USB_POD SND_USB_PODHD SND_USB_TONEPORT SND_USB_UA101 SND_USB_US122L SND_USB_USX2Y SND_USB_VARIAX SND_VERBOSE_PROCFS SND_VIRMIDI SND_VIRTIO SND_VMASTER SND_X86 SOCK_VALIDATE_XMIT SOLARIS_X86_PARTITION SONY_FF SOUND SOUNDWIRE SOUND_OSS_CORE SOUND_OSS_CORE_PRECLAIM SPI SPI_DLN2 SPI_DYNAMIC SPI_LJCA SPI_MASTER SQUASHFS SQUASHFS_4K_DEVBLK_SIZE SQUASHFS_COMPILE_DECOMP_MULTI SQUASHFS_DECOMP_MULTI SQUASHFS_FILE_DIRECT SQUASHFS_LZ4 SQUASHFS_LZO SQUASHFS_XATTR SQUASHFS_XZ SQUASHFS_ZLIB SQUASHFS_ZSTD SSB SSB_PCIHOST_POSSIBLE SSB_PCMCIAHOST_POSSIBLE SSB_SDIOHOST_POSSIBLE STEAM_FF STP STREAM_PARSER SUNRPC_BACKCHANNEL SUN_PARTITION SW_SYNC SYSFB SYSFS_SYSCALL SYSV68_PARTITION SYSV_FS TABLET_USB_ACECAD TABLET_USB_AIPTEK TABLET_USB_HANWANG TABLET_USB_KBTAB TABLET_USB_PEGASUS TAHVO_USB TAHVO_USB_HOST_BY_DEFAULT TCG_CRB TCG_TIS TCG_TIS_CORE TCG_TPM TCP_CONG_BBR TCP_CONG_BIC TCP_CONG_CDG TCP_CONG_DCTCP TCP_CONG_HSTCP TCP_CONG_HTCP TCP_CONG_HYBLA TCP_CONG_ILLINOIS TCP_CONG_LP TCP_CONG_NV TCP_CONG_SCALABLE TCP_CONG_VEGAS TCP_CONG_VENO TCP_CONG_WESTWOOD TCP_CONG_YEAH TEE TEXTSEARCH TEXTSEARCH_BM TEXTSEARCH_FSM TEXTSEARCH_KMP THERMAL_GOV_USER_SPACE THP_SWAP THRUSTMASTER_FF TIPC TIPC_CRYPTO TIPC_DIAG TIPC_MEDIA_IB TIPC_MEDIA_UDP TLS TLS_TOE TMPFS_QUOTA TOOLS_SUPPORT_RELR TOUCHSCREEN_SUR40 TOUCHSCREEN_USB_3M TOUCHSCREEN_USB_COMPOSITE TOUCHSCREEN_USB_DMC_TSC10 TOUCHSCREEN_USB_E2I TOUCHSCREEN_USB_EASYTOUCH TOUCHSCREEN_USB_EGALAX TOUCHSCREEN_USB_ELO TOUCHSCREEN_USB_ETT_TC45USB TOUCHSCREEN_USB_ETURBO TOUCHSCREEN_USB_GENERAL_TOUCH TOUCHSCREEN_USB_GOTOP TOUCHSCREEN_USB_GUNZE TOUCHSCREEN_USB_IDEALTEK TOUCHSCREEN_USB_IRTOUCH TOUCHSCREEN_USB_ITM TOUCHSCREEN_USB_JASTEC TOUCHSCREEN_USB_NEXIO TOUCHSCREEN_USB_PANJIT TOUCHSCREEN_USB_ZYTRONIC TRANSPARENT_HUGEPAGE TRANSPARENT_HUGEPAGE_MADVISE TTPCI_EEPROM TTY_PRINTK TUN_VNET_CROSS_LE TWL4030_CORE TYPEC TYPEC_ANX7411 TYPEC_DP_ALTMODE TYPEC_FUSB302 TYPEC_HD3SS3220 TYPEC_MT6360 TYPEC_MUX_FSA4480 TYPEC_MUX_GPIO_SBU TYPEC_MUX_INTEL_PMC TYPEC_MUX_NB7VPQ904M TYPEC_MUX_PTN36502 TYPEC_MUX_WCD939X_USBSS TYPEC_NVIDIA_ALTMODE TYPEC_RT1711H TYPEC_RT1719 TYPEC_STUSB160X TYPEC_TCPCI TYPEC_TCPCI_MAXIM TYPEC_TCPCI_MT6370 TYPEC_TCPM TYPEC_TPS6598X TYPEC_UCSI TYPEC_WCOVE TYPEC_WUSB3801 UBIFS_ATIME_SUPPORT UBIFS_FS UBIFS_FS_ADVANCED_COMPR UBIFS_FS_LZO UBIFS_FS_SECURITY UBIFS_FS_XATTR UBIFS_FS_ZLIB UBIFS_FS_ZSTD UCSI_ACPI UCSI_CCG UCSI_STM32G0 UDF_FS UDMABUF UFS_FS UFS_FS_WRITE UHID ULTRIX_PARTITION UNICODE UNIXWARE_DISKLABEL UNIX_DIAG USB4 USB4_NET USBIP_CORE USBIP_HOST USBIP_VHCI_HCD USBIP_VUDC USBPCWATCHDOG USB_ACM USB_ADUTUX USB_AIRSPY USB_ALI_M5632 USB_AN2720 USB_APPLEDISPLAY USB_ARMLINUX USB_BDC_UDC USB_BELKIN USB_C67X00_HCD USB_CATC USB_CDC_PHONET USB_DWC2 USB_GADGET USB_LJCA USB_MUSB_HDRC USB_NET_CDC_SUBSET USB_ROLE_SWITCH USB_STORAGE_REALTEK USB_ULPI_BUS USB_USBNET VIDEO_DEV VXLAN WIRELESS WLAN WLAN_VENDOR_PURELIFI ZONE_DEVICE] disabling configs for [kasan locking atomic_sleep hang memleak ubsan], they are not needed testing current HEAD e0d4140e804380ae898da1e4c58c21e6323415a4 testing commit e0d4140e804380ae898da1e4c58c21e6323415a4 gcc compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8 kernel signature: bbe166ac5fe60eaff3bd9d13b156c234751d34f588ec138004f3c0a5e38faeec all runs: OK false negative chance: 0.000 # git bisect start e0d4140e804380ae898da1e4c58c21e6323415a4 499551201b5f4fd3c0618a3e95e3d0d15ea18f31 Bisecting: 44404 revisions left to test after this (roughly 16 steps) [32155c6fd9ec57e10a4d9bb15d52597f94664f7b] Merge tag 'for-netdev' of https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next determine whether the revision contains the guilty commit revision 499551201b5f4fd3c0618a3e95e3d0d15ea18f31 crashed and is reachable testing commit 32155c6fd9ec57e10a4d9bb15d52597f94664f7b gcc compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8 kernel signature: f661af20d18d257dc37536641a93fad5bbc741bcf6511afff081efd96dd0e903 all runs: crashed: kernel BUG in ocfs2_set_new_buffer_uptodate representative crash: kernel BUG in ocfs2_set_new_buffer_uptodate, types: [BUG] # git bisect good 32155c6fd9ec57e10a4d9bb15d52597f94664f7b Bisecting: 22546 revisions left to test after this (roughly 15 steps) [f79e772258df311c2cb21594ca0996318e720d28] Merge tag 'media/v6.18-1' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media determine whether the revision contains the guilty commit revision 499551201b5f4fd3c0618a3e95e3d0d15ea18f31 crashed and is reachable testing commit f79e772258df311c2cb21594ca0996318e720d28 gcc compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8 kernel signature: 2792d506437ed1b4e33153bd15dca7451c3f32b4e8435cdfe720f55c15028fed all runs: crashed: kernel BUG in ocfs2_set_new_buffer_uptodate representative crash: kernel BUG in ocfs2_set_new_buffer_uptodate, types: [BUG] # git bisect good f79e772258df311c2cb21594ca0996318e720d28 Bisecting: 12017 revisions left to test after this (roughly 14 steps) [015e7b0b0e8e51f7321ec2aafc1d7fc0a8a5536f] Merge tag 'bpf-next-6.19' of git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next determine whether the revision contains the guilty commit revision 32155c6fd9ec57e10a4d9bb15d52597f94664f7b crashed and is reachable testing commit 015e7b0b0e8e51f7321ec2aafc1d7fc0a8a5536f gcc compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8 kernel signature: 108970465d8a056be746e595970fad5ea7bfb54c055c22539f07922cab444f37 all runs: crashed: kernel BUG in ocfs2_set_new_buffer_uptodate representative crash: kernel BUG in ocfs2_set_new_buffer_uptodate, types: [BUG] # git bisect good 015e7b0b0e8e51f7321ec2aafc1d7fc0a8a5536f Bisecting: 6020 revisions left to test after this (roughly 13 steps) [94bf74830a977a027042f685c7231c5e07cc3372] PCI: rzg3s-host: Initialize MSI status bitmap before use determine whether the revision contains the guilty commit revision 499551201b5f4fd3c0618a3e95e3d0d15ea18f31 crashed and is reachable testing commit 94bf74830a977a027042f685c7231c5e07cc3372 gcc compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8 kernel signature: 4454918eb08d90d2e77c278b11c1c689191143e18486dcd964ed03f101b86902 all runs: crashed: kernel BUG in ocfs2_set_new_buffer_uptodate representative crash: kernel BUG in ocfs2_set_new_buffer_uptodate, types: [BUG] # git bisect good 94bf74830a977a027042f685c7231c5e07cc3372 Bisecting: 3023 revisions left to test after this (roughly 12 steps) [701d7d782d98242a64cdeed90750f88ff733bc39] Merge tag 'spdx-6.19-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/spdx determine whether the revision contains the guilty commit revision 32155c6fd9ec57e10a4d9bb15d52597f94664f7b crashed and is reachable testing commit 701d7d782d98242a64cdeed90750f88ff733bc39 gcc compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8 kernel signature: 71934ca2dbad83e5686faeb209eb03924d54f35fdc3b3a6cebe4058c9a6e9686 all runs: OK false negative chance: 0.000 # git bisect bad 701d7d782d98242a64cdeed90750f88ff733bc39 Bisecting: 1718 revisions left to test after this (roughly 11 steps) [09cab48db950b6fb8c114314a20c0fd5a80cf990] Merge tag 'soc-arm-6.19' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc determine whether the revision contains the guilty commit revision 499551201b5f4fd3c0618a3e95e3d0d15ea18f31 crashed and is reachable testing commit 09cab48db950b6fb8c114314a20c0fd5a80cf990 gcc compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8 kernel signature: 6d40838311b667ae2fe30be2337388e5a0d25913ef66c46d1d1a7f351ea43ef9 all runs: crashed: kernel BUG in ocfs2_set_new_buffer_uptodate representative crash: kernel BUG in ocfs2_set_new_buffer_uptodate, types: [BUG] # git bisect good 09cab48db950b6fb8c114314a20c0fd5a80cf990 Bisecting: 867 revisions left to test after this (roughly 10 steps) [66a1025f7f0bc00404ec6357af68815c70dadae2] Merge tag 'soc-newsoc-6.19' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc determine whether the revision contains the guilty commit revision 499551201b5f4fd3c0618a3e95e3d0d15ea18f31 crashed and is reachable testing commit 66a1025f7f0bc00404ec6357af68815c70dadae2 gcc compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8 kernel signature: 8a94e19f20a6222356f62df4063481596fd05d8b654c6ebc8ea3856f8527f6af all runs: crashed: kernel BUG in ocfs2_set_new_buffer_uptodate representative crash: kernel BUG in ocfs2_set_new_buffer_uptodate, types: [BUG] # git bisect good 66a1025f7f0bc00404ec6357af68815c70dadae2 Bisecting: 433 revisions left to test after this (roughly 9 steps) [c84d574698bad2c02aad506dfe712f83cbe3b771] Merge tag 'modules-6.19-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/modules/linux determine whether the revision contains the guilty commit revision 32155c6fd9ec57e10a4d9bb15d52597f94664f7b crashed and is reachable testing commit c84d574698bad2c02aad506dfe712f83cbe3b771 gcc compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8 kernel signature: 35b81b596899b07c6e67960817918a532dfe0b0baf97b71bfcd9687c9ce3f461 all runs: crashed: kernel BUG in ocfs2_set_new_buffer_uptodate representative crash: kernel BUG in ocfs2_set_new_buffer_uptodate, types: [BUG] # git bisect good c84d574698bad2c02aad506dfe712f83cbe3b771 Bisecting: 200 revisions left to test after this (roughly 8 steps) [b0319c4642638bad4b36974055b1c0894b2c7aa9] Merge tag 'nfsd-6.19' of git://git.kernel.org/pub/scm/linux/kernel/git/cel/linux determine whether the revision contains the guilty commit revision f79e772258df311c2cb21594ca0996318e720d28 crashed and is reachable testing commit b0319c4642638bad4b36974055b1c0894b2c7aa9 gcc compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8 kernel signature: e7738e14c8f44a021d07c7fde51aae7b8c3992761b6db9d2a07ec589cbcd91f3 all runs: crashed: kernel BUG in ocfs2_set_new_buffer_uptodate representative crash: kernel BUG in ocfs2_set_new_buffer_uptodate, types: [BUG] # git bisect good b0319c4642638bad4b36974055b1c0894b2c7aa9 Bisecting: 100 revisions left to test after this (roughly 7 steps) [85de0090bd8256a94812f3be797b55bdbdcf78f5] kho: preserve FDT folio only once during initialization determine whether the revision contains the guilty commit revision f79e772258df311c2cb21594ca0996318e720d28 crashed and is reachable testing commit 85de0090bd8256a94812f3be797b55bdbdcf78f5 gcc compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8 kernel signature: 01f18f9f0792af940e32ed42b0b1acf1a4c5c61b28cf0857429ba0bf76b4a6dd all runs: OK false negative chance: 0.000 # git bisect bad 85de0090bd8256a94812f3be797b55bdbdcf78f5 Bisecting: 49 revisions left to test after this (roughly 6 steps) [6480241f31f543333ed0c7a209962412461f6e41] lib: add mul_u64_add_u64_div_u64() and mul_u64_u64_div_u64_roundup() determine whether the revision contains the guilty commit revision 499551201b5f4fd3c0618a3e95e3d0d15ea18f31 crashed and is reachable testing commit 6480241f31f543333ed0c7a209962412461f6e41 gcc compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8 kernel signature: 7d7230be7b5ceb572ec6702583efa75f1e6bdc2b50a2de02a024f78a92ac851c all runs: OK false negative chance: 0.000 # git bisect bad 6480241f31f543333ed0c7a209962412461f6e41 Bisecting: 24 revisions left to test after this (roughly 5 steps) [390ac56cf0f687de53695648bc6f2259a7eae429] ocfs2: add boundary check to ocfs2_check_dir_entry() determine whether the revision contains the guilty commit revision 499551201b5f4fd3c0618a3e95e3d0d15ea18f31 crashed and is reachable testing commit 390ac56cf0f687de53695648bc6f2259a7eae429 gcc compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8 kernel signature: d10b18ae9281b3367597804eed76effdc52ed482a487dacc8a608647540d2e31 all runs: crashed: kernel BUG in ocfs2_set_new_buffer_uptodate representative crash: kernel BUG in ocfs2_set_new_buffer_uptodate, types: [BUG] # git bisect good 390ac56cf0f687de53695648bc6f2259a7eae429 Bisecting: 12 revisions left to test after this (roughly 4 steps) [d13adc6147f5848d6ad9900fdb1dbf9a280a2f64] panic: sys_info:replace struct sys_info_name with plain array of strings determine whether the revision contains the guilty commit revision 32155c6fd9ec57e10a4d9bb15d52597f94664f7b crashed and is reachable testing commit d13adc6147f5848d6ad9900fdb1dbf9a280a2f64 gcc compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8 kernel signature: 618c7c864bc2bb6629fef26038891d4176c4a4045e9ad0fc64fe50e1b5615949 all runs: crashed: kernel BUG in ocfs2_set_new_buffer_uptodate representative crash: kernel BUG in ocfs2_set_new_buffer_uptodate, types: [BUG] # git bisect good d13adc6147f5848d6ad9900fdb1dbf9a280a2f64 Bisecting: 6 revisions left to test after this (roughly 3 steps) [7f37d88f5cb32fff454f12cd99444686482ca23b] lib/Kconfig.debug: cleanup CONFIG_DEBUG_SECTION_MISMATCH help text determine whether the revision contains the guilty commit revision f79e772258df311c2cb21594ca0996318e720d28 crashed and is reachable testing commit 7f37d88f5cb32fff454f12cd99444686482ca23b gcc compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8 kernel signature: bd08677d363f313cdae08ef053471885ccf0d4b2d7b62e6c99d70110d532f913 all runs: OK false negative chance: 0.000 # git bisect bad 7f37d88f5cb32fff454f12cd99444686482ca23b Bisecting: 2 revisions left to test after this (roughly 2 steps) [9125163273f8033af5d38907b483c1d9f99d781b] panic: sys_info: factor out read and write handlers determine whether the revision contains the guilty commit revision 499551201b5f4fd3c0618a3e95e3d0d15ea18f31 crashed and is reachable testing commit 9125163273f8033af5d38907b483c1d9f99d781b gcc compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8 kernel signature: 5e1afb016f7b9b50c5be95945fe97775935211afc2be568454a3c03c92abca5a all runs: crashed: kernel BUG in ocfs2_set_new_buffer_uptodate representative crash: kernel BUG in ocfs2_set_new_buffer_uptodate, types: [BUG] # git bisect good 9125163273f8033af5d38907b483c1d9f99d781b Bisecting: 0 revisions left to test after this (roughly 1 step) [93ce0ff117b0c468961d7c296a03ad57e1e8da9f] ocfs2: validate cl_bpc in allocator inodes to prevent divide-by-zero determine whether the revision contains the guilty commit revision f79e772258df311c2cb21594ca0996318e720d28 crashed and is reachable testing commit 93ce0ff117b0c468961d7c296a03ad57e1e8da9f gcc compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8 kernel signature: c89261fcc2992c34628b35bad04233c8967939f89ac8634d155a399867828530 all runs: OK false negative chance: 0.000 # git bisect bad 93ce0ff117b0c468961d7c296a03ad57e1e8da9f Bisecting: 0 revisions left to test after this (roughly 0 steps) [e1c70505ee8158c1108340d9cd67182ade93af4a] ocfs2: add extra consistency checks for chain allocator dinodes determine whether the revision contains the guilty commit revision f79e772258df311c2cb21594ca0996318e720d28 crashed and is reachable testing commit e1c70505ee8158c1108340d9cd67182ade93af4a gcc compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8 kernel signature: df73c45b1cd523450269c2abaaa715460851928a0001a8da19f63b243a5fec46 all runs: crashed: kernel BUG in ocfs2_set_new_buffer_uptodate representative crash: kernel BUG in ocfs2_set_new_buffer_uptodate, types: [BUG] # git bisect good e1c70505ee8158c1108340d9cd67182ade93af4a 93ce0ff117b0c468961d7c296a03ad57e1e8da9f is the first bad commit commit 93ce0ff117b0c468961d7c296a03ad57e1e8da9f Author: Deepanshu Kartikey Date: Thu Oct 30 18:30:03 2025 +0300 ocfs2: validate cl_bpc in allocator inodes to prevent divide-by-zero The chain allocator field cl_bpc (blocks per cluster) is read from disk and used in division operations without validation. A corrupted filesystem image with cl_bpc=0 causes a divide-by-zero crash in the kernel: divide error: 0000 [#1] PREEMPT SMP KASAN RIP: 0010:ocfs2_bg_discontig_add_extent fs/ocfs2/suballoc.c:335 [inline] RIP: 0010:ocfs2_block_group_fill+0x5bd/0xa70 fs/ocfs2/suballoc.c:386 Call Trace: ocfs2_block_group_alloc+0x7e9/0x1330 fs/ocfs2/suballoc.c:703 ocfs2_reserve_suballoc_bits+0x20a6/0x4640 fs/ocfs2/suballoc.c:834 ocfs2_reserve_new_inode+0x4f4/0xcc0 fs/ocfs2/suballoc.c:1074 ocfs2_mknod+0x83c/0x2050 fs/ocfs2/namei.c:306 This patch adds validation in ocfs2_validate_inode_block() to ensure cl_bpc matches the expected value calculated from the superblock's cluster size and block size for chain allocator inodes (identified by OCFS2_CHAIN_FL). Moving the validation to inode validation time (rather than allocation time) has several benefits: - Validates once when the inode is read, rather than on every allocation - Protects all code paths that use cl_bpc (allocation, resize, etc.) - Follows the existing pattern of inode validation in OCFS2 - Centralizes validation logic The validation catches both: - Zero values that cause divide-by-zero crashes - Non-zero but incorrect values indicating filesystem corruption or mismatched filesystem geometry With this fix, mounting a corrupted filesystem produces: OCFS2: ERROR (device loop0): ocfs2_validate_inode_block: Inode 74 has corrupted cl_bpc: ondisk=0 expected=16 instead of a kernel crash. [dmantipov@yandex.ru: combine into the series and tweak the message to fit the commonly used style] Link: https://lkml.kernel.org/r/20251030153003.1934585-2-dmantipov@yandex.ru Link: https://lore.kernel.org/ocfs2-devel/20251026132625.12348-1-kartikey406@gmail.com/T/#u [v1] Link: https://lore.kernel.org/all/20251027124131.10002-1-kartikey406@gmail.com/T/ [v2] Signed-off-by: Deepanshu Kartikey Signed-off-by: Dmitry Antipov Reported-by: syzbot+fd8af97c7227fe605d95@syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=fd8af97c7227fe605d95 Tested-by: syzbot+fd8af97c7227fe605d95@syzkaller.appspotmail.com Suggested-by: Joseph Qi Reviewed-by: Joseph Qi Cc: Heming Zhao Cc: Joel Becker Cc: Jun Piao Cc: Junxiao Bi Cc: Mark Fasheh Signed-off-by: Andrew Morton fs/ocfs2/inode.c | 10 ++++++++++ 1 file changed, 10 insertions(+) accumulated error probability: 0.00 culprit signature: c89261fcc2992c34628b35bad04233c8967939f89ac8634d155a399867828530 parent signature: df73c45b1cd523450269c2abaaa715460851928a0001a8da19f63b243a5fec46 revisions tested: 25, total time: 7h48m38.008692545s (build: 5h7m14.773195576s, test: 2h2m56.57092391s) first good commit: 93ce0ff117b0c468961d7c296a03ad57e1e8da9f ocfs2: validate cl_bpc in allocator inodes to prevent divide-by-zero recipients (to): ["akpm@linux-foundation.org" "dmantipov@yandex.ru" "joseph.qi@linux.alibaba.com" "kartikey406@gmail.com" "syzbot+fd8af97c7227fe605d95@syzkaller.appspotmail.com"] recipients (cc): []