ci starts bisection 2023-08-13 08:32:25.742452992 +0000 UTC m=+150924.381974299 bisecting fixing commit since 995b406c7e972fab181a4bb57f3b95e59b8e5bf3 building syzkaller on bfc478367b83b3fda580f54964aa9f3651beeb3d ensuring issue is reproducible on original commit 995b406c7e972fab181a4bb57f3b95e59b8e5bf3 testing commit 995b406c7e972fab181a4bb57f3b95e59b8e5bf3 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 7c1dd15c3c2eeacbe2bfdce51a6409a9766c248a78fbcb431147a65a27383a25 run #0: crashed: KASAN: out-of-bounds Read in sys_finit_module run #1: crashed: KASAN: vmalloc-out-of-bounds Read in sys_finit_module run #2: crashed: KASAN: vmalloc-out-of-bounds Read in sys_finit_module run #3: crashed: KASAN: vmalloc-out-of-bounds Read in sys_finit_module run #4: crashed: KASAN: vmalloc-out-of-bounds Read in sys_finit_module run #5: crashed: KASAN: vmalloc-out-of-bounds Read in sys_finit_module run #6: crashed: general protection fault in sys_finit_module run #7: crashed: general protection fault in sys_finit_module run #8: crashed: general protection fault in sys_finit_module run #9: crashed: KASAN: vmalloc-out-of-bounds Read in sys_finit_module run #10: crashed: general protection fault in sys_finit_module run #11: crashed: KASAN: stack-out-of-bounds Read in sys_finit_module run #12: crashed: general protection fault in sys_finit_module run #13: crashed: general protection fault in sys_finit_module run #14: crashed: general protection fault in sys_finit_module run #15: crashed: KASAN: vmalloc-out-of-bounds Read in sys_finit_module run #16: crashed: KASAN: stack-out-of-bounds Read in sys_finit_module run #17: crashed: general protection fault in sys_finit_module run #18: crashed: general protection fault in sys_finit_module run #19: crashed: general protection fault in sys_finit_module representative crash: KASAN: out-of-bounds Read in sys_finit_module, types: [KASAN UNKNOWN] check whether we can drop unnecessary instrumentation disabling configs for [ATOMIC_SLEEP HANG LEAK UBSAN BUG LOCKDEP], they are not needed testing commit 995b406c7e972fab181a4bb57f3b95e59b8e5bf3 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 1e4cff8ac346c4cc9370e3f7f0214d30a8cb85cab14bde434fc648369d975503 run #0: crashed: general protection fault in sys_finit_module run #1: crashed: KASAN: slab-out-of-bounds Read in sys_finit_module run #2: crashed: KASAN: slab-out-of-bounds Read in sys_finit_module run #3: crashed: KASAN: vmalloc-out-of-bounds Read in sys_finit_module run #4: crashed: BUG: unable to handle kernel paging request in sys_finit_module run #5: crashed: BUG: unable to handle kernel paging request in sys_finit_module run #6: crashed: KASAN: slab-out-of-bounds Read in sys_finit_module run #7: crashed: KASAN: vmalloc-out-of-bounds Read in sys_finit_module run #8: crashed: general protection fault in sys_finit_module run #9: crashed: BUG: unable to handle kernel paging request in sys_finit_module representative crash: general protection fault in sys_finit_module, types: [UNKNOWN KASAN] the bug reproduces without the instrumentation disabling configs for [LEAK UBSAN BUG LOCKDEP ATOMIC_SLEEP HANG], they are not needed kconfig minimization: base=3876 full=7634 leaves diff=1997 split chunks (needed=false): <1997> split chunk #0 of len 1997 into 5 parts testing without sub-chunk 1/5 disabling configs for [ATOMIC_SLEEP HANG LEAK UBSAN BUG LOCKDEP], they are not needed testing commit 995b406c7e972fab181a4bb57f3b95e59b8e5bf3 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 56dfffe06acbc839d71185a89da600d6cd2518088d805a1e341ee3ecbbae16ad run #0: crashed: KASAN: slab-out-of-bounds Read in sys_finit_module run #1: crashed: KASAN: vmalloc-out-of-bounds Read in sys_finit_module run #2: crashed: KASAN: vmalloc-out-of-bounds Read in sys_finit_module run #3: crashed: BUG: unable to handle kernel paging request in sys_finit_module run #4: crashed: KASAN: vmalloc-out-of-bounds Read in sys_finit_module run #5: crashed: BUG: unable to handle kernel paging request in sys_finit_module run #6: crashed: BUG: unable to handle kernel paging request in sys_finit_module run #7: crashed: KASAN: vmalloc-out-of-bounds Read in sys_finit_module run #8: crashed: general protection fault in sys_finit_module run #9: crashed: BUG: unable to handle kernel paging request in sys_finit_module representative crash: KASAN: slab-out-of-bounds Read in sys_finit_module, types: [KASAN UNKNOWN] the chunk can be dropped testing without sub-chunk 2/5 disabling configs for [ATOMIC_SLEEP HANG LEAK UBSAN BUG LOCKDEP], they are not needed testing commit 995b406c7e972fab181a4bb57f3b95e59b8e5bf3 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 14a533a13d3d9eab2873eb86c0e8a500df29f5fb69ffcb777672252a3cf017cf run #0: crashed: KASAN: vmalloc-out-of-bounds Read in sys_finit_module run #1: crashed: BUG: unable to handle kernel paging request in sys_finit_module run #2: crashed: KASAN: vmalloc-out-of-bounds Read in sys_finit_module run #3: crashed: KASAN: vmalloc-out-of-bounds Read in sys_finit_module run #4: crashed: KASAN: stack-out-of-bounds Read in sys_finit_module run #5: crashed: general protection fault in sys_finit_module run #6: crashed: general protection fault in sys_wait4 run #7: crashed: KASAN: vmalloc-out-of-bounds Read in sys_finit_module run #8: crashed: KASAN: vmalloc-out-of-bounds Read in sys_finit_module run #9: crashed: KASAN: vmalloc-out-of-bounds Read in sys_finit_module representative crash: KASAN: vmalloc-out-of-bounds Read in sys_finit_module, types: [KASAN UNKNOWN] the chunk can be dropped testing without sub-chunk 3/5 disabling configs for [ATOMIC_SLEEP HANG LEAK UBSAN BUG LOCKDEP], they are not needed testing commit 995b406c7e972fab181a4bb57f3b95e59b8e5bf3 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 82bcc9414ea6d663e5ba0e5f56efa0236ccfb4c49a374ec8d4d64827c1845c42 all runs: OK false negative chance: 0.000 testing without sub-chunk 4/5 disabling configs for [LEAK UBSAN BUG LOCKDEP ATOMIC_SLEEP HANG], they are not needed testing commit 995b406c7e972fab181a4bb57f3b95e59b8e5bf3 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 81fe9977a2173b6bb61ebae60c482e84a803c6a6ecbd326b7e25bcf939629b5a run #0: crashed: KASAN: vmalloc-out-of-bounds Read in sys_finit_module run #1: crashed: KASAN: vmalloc-out-of-bounds Read in sys_finit_module run #2: crashed: KASAN: vmalloc-out-of-bounds Read in sys_finit_module run #3: crashed: KASAN: vmalloc-out-of-bounds Read in sys_finit_module run #4: crashed: general protection fault in sys_wait4 run #5: crashed: KASAN: vmalloc-out-of-bounds Read in sys_finit_module run #6: crashed: BUG: unable to handle kernel paging request in sys_finit_module run #7: crashed: KASAN: vmalloc-out-of-bounds Read in sys_finit_module run #8: crashed: KASAN: vmalloc-out-of-bounds Read in sys_finit_module run #9: crashed: BUG: workqueue lockup representative crash: KASAN: vmalloc-out-of-bounds Read in sys_finit_module, types: [KASAN UNKNOWN] the chunk can be dropped testing without sub-chunk 5/5 disabling configs for [LEAK UBSAN BUG LOCKDEP ATOMIC_SLEEP HANG], they are not needed testing commit 995b406c7e972fab181a4bb57f3b95e59b8e5bf3 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 6ae1095e60c05f5f25c9912d0ae37f3c72cb09c8139fb4340804cfbcdcf7c1d7 run #0: crashed: KASAN: vmalloc-out-of-bounds Read in sys_finit_module run #1: crashed: BUG: unable to handle kernel paging request in sys_finit_module run #2: crashed: KASAN: vmalloc-out-of-bounds Read in sys_finit_module run #3: crashed: general protection fault in sys_finit_module run #4: crashed: KASAN: vmalloc-out-of-bounds Read in sys_finit_module run #5: crashed: KASAN: vmalloc-out-of-bounds Read in sys_finit_module run #6: crashed: KASAN: vmalloc-out-of-bounds Read in sys_finit_module run #7: crashed: KASAN: vmalloc-out-of-bounds Read in sys_finit_module run #8: crashed: KASAN: vmalloc-out-of-bounds Read in sys_finit_module run #9: crashed: KASAN: stack-out-of-bounds Read in sys_finit_module representative crash: KASAN: vmalloc-out-of-bounds Read in sys_finit_module, types: [KASAN] the chunk can be dropped minimized to 400 configs; suspects: [AX25 BRIDGE BRIDGE_NETFILTER CAN CFG80211 CHECKPOINT_RESTORE DVB_CORE FB FSCACHE HAMRADIO HSR INFINIBAND INFINIBAND_ADDR_TRANS INFINIBAND_USER_ACCESS INPUT_JOYSTICK INPUT_MOUSE IP6_NF_RAW IPV6_MULTIPLE_TABLES IP_NF_RAW IP_SET IP_VS IP_VS_NQ IP_VS_OVF IP_VS_PE_SIP IP_VS_PROTO_AH IP_VS_PROTO_AH_ESP IP_VS_PROTO_ESP IP_VS_PROTO_SCTP IP_VS_PROTO_UDP IP_VS_RR IP_VS_SED IP_VS_SH IP_VS_TWOS IP_VS_WLC IP_VS_WRR IRQ_BYPASS_MANAGER IRQ_POLL IR_IGORPLUGUSB IR_IGUANA IR_IMON IR_MCEUSB IR_REDRAT3 IR_STREAMZAP IR_TTUSBIR ISDN ISDN_CAPI_MIDDLEWARE JFFS2_CMODE_PRIORITY JFFS2_COMPRESSION_OPTIONS JFFS2_FS JFFS2_FS_POSIX_ACL JFFS2_FS_SECURITY JFFS2_FS_WRITEBUFFER JFFS2_FS_XATTR JFFS2_LZO JFFS2_RTIME JFFS2_RUBIN JFFS2_SUMMARY JFFS2_ZLIB JFS_DEBUG JFS_FS JFS_POSIX_ACL JFS_SECURITY JOYSTICK_IFORCE JOYSTICK_IFORCE_USB JOYSTICK_XPAD JOYSTICK_XPAD_FF JOYSTICK_XPAD_LEDS KARMA_PARTITION KCOV KCOV_ENABLE_COMPARISONS KCOV_INSTRUMENT_ALL KEYS_REQUEST_CACHE KEY_DH_OPERATIONS KEY_NOTIFICATIONS KSM KVM KVM_AMD KVM_ASYNC_PF KVM_COMPAT KVM_GENERIC_DIRTYLOG_READ_PROTECT KVM_GENERIC_HARDWARE_ENABLING KVM_MMIO KVM_VFIO KVM_XEN KVM_XFER_TO_GUEST_WORK L2TP L2TP_ETH L2TP_IP L2TP_V3 LAPB LAPBETHER LDM_PARTITION LEDS_TRIGGER_AUDIO LEGACY_PTYS LIBCRC32C LIBNVDIMM LINEAR_RANGES LLC LLC2 LOGIG940_FF LOGIRUMBLEPAD2_FF LOGO LOGO_LINUX_MONO LOGO_LINUX_VGA16 LPC_ICH LWTUNNEL LWTUNNEL_BPF LZ4HC_COMPRESS LZ4_COMPRESS MAC80211 MAC80211_DEBUGFS MAC80211_HAS_RC MAC80211_HWSIM MAC80211_MESH MAC80211_RC_DEFAULT_MINSTREL MAC80211_RC_MINSTREL MACSEC MACVLAN MACVTAP MAC_PARTITION MAPPING_DIRTY_HELPERS MD_LINEAR MD_MULTIPATH MD_RAID0 MD_RAID1 MD_RAID10 MD_RAID456 MEDIA_ANALOG_TV_SUPPORT MEDIA_ATTACH MEDIA_CONTROLLER MEDIA_CONTROLLER_DVB MEDIA_CONTROLLER_REQUEST_API MEDIA_DIGITAL_TV_SUPPORT MEDIA_RADIO_SUPPORT MEDIA_SDR_SUPPORT MEDIA_SUPPORT MEDIA_SUPPORT_FILTER MEDIA_TUNER MEDIA_TUNER_MSI001 MEMORY_BALLOON MEMORY_HOTPLUG MEMORY_HOTPLUG_DEFAULT_ONLINE MEMORY_ISOLATION MEMREGION MEMSTICK MEMSTICK_REALTEK_USB MEM_SOFT_DIRTY MFD_CORE MFD_SYSCON MHI_BUS MHI_WWAN_CTRL MHP_MEMMAP_ON_MEMORY MICROCHIP_PHY MINIX_FS MINIX_SUBPARTITION MISC_RTSX MISC_RTSX_USB MISDN MISDN_DSP MISDN_HFCUSB MISDN_L1OIP MKISS MLX4_CORE MLX4_INFINIBAND MMC MMC_REALTEK_USB MMC_USHC MMC_VUB300 MMU_NOTIFIER MODULE_SRCVERSION_ALL MODVERSIONS MOST MOUSE_APPLETOUCH MOUSE_BCM5974 MOUSE_PS2 MOUSE_PS2_ALPS MOUSE_PS2_BYD MOUSE_PS2_CYPRESS MOUSE_PS2_FOCALTECH MOUSE_PS2_LIFEBOOK MOUSE_PS2_LOGIPS2PP MOUSE_PS2_SMBUS MOUSE_PS2_SYNAPTICS MOUSE_PS2_SYNAPTICS_SMBUS MOUSE_PS2_TRACKPOINT MOUSE_SYNAPTICS_USB MPLS MPLS_IPTUNNEL MPLS_ROUTING MPTCP MPTCP_IPV6 MRP MTD MTD_BLKDEVS MTD_BLOCK MTD_BLOCK2MTD MTD_CFI_I1 MTD_CFI_I2 MTD_MAP_BANK_WIDTH_1 MTD_MAP_BANK_WIDTH_2 MTD_MAP_BANK_WIDTH_4 MTD_MTDRAM MTD_PHRAM MTD_SLRAM MUSB_PIO_ONLY ND_BTT ND_CLAIM ND_PFN NETDEVSIM NETFILTER_ADVANCED NETFILTER_BPF_LINK NETFILTER_FAMILY_ARP NETFILTER_FAMILY_BRIDGE NETFILTER_NETLINK_ACCT NETFILTER_NETLINK_GLUE_CT NETFILTER_NETLINK_OSF NETFILTER_NETLINK_QUEUE NETFILTER_SYNPROXY NETFILTER_XTABLES_COMPAT NETFILTER_XT_CONNMARK NETFILTER_XT_MATCH_BPF NETFILTER_XT_MATCH_CGROUP NETFILTER_XT_MATCH_CLUSTER NETFILTER_XT_MATCH_COMMENT NETFILTER_XT_MATCH_CONNBYTES NETFILTER_XT_MATCH_CONNLABEL NETFILTER_XT_MATCH_CONNLIMIT NETFILTER_XT_MATCH_CONNMARK NETFILTER_XT_MATCH_CPU NETFILTER_XT_MATCH_DCCP NETFILTER_XT_MATCH_DEVGROUP NETFILTER_XT_MATCH_DSCP NETFILTER_XT_MATCH_ECN NETFILTER_XT_MATCH_ESP NETFILTER_XT_MATCH_HASHLIMIT NETFILTER_XT_MATCH_HELPER NETFILTER_XT_MATCH_HL NETFILTER_XT_MATCH_IPCOMP NETFILTER_XT_MATCH_IPRANGE NETFILTER_XT_MATCH_IPVS NETFILTER_XT_MATCH_L2TP NETFILTER_XT_MATCH_LENGTH NETFILTER_XT_MATCH_LIMIT NETFILTER_XT_MATCH_MAC NETFILTER_XT_MATCH_MARK NETFILTER_XT_MATCH_MULTIPORT NETFILTER_XT_MATCH_NFACCT NETFILTER_XT_MATCH_OSF NETFILTER_XT_MATCH_OWNER NETFILTER_XT_MATCH_PHYSDEV NETFILTER_XT_MATCH_PKTTYPE NETFILTER_XT_MATCH_QUOTA NETFILTER_XT_MATCH_RATEEST NETFILTER_XT_MATCH_REALM NETFILTER_XT_MATCH_RECENT NETFILTER_XT_MATCH_SCTP NETFILTER_XT_MATCH_SOCKET NETFILTER_XT_MATCH_STATISTIC NETFILTER_XT_MATCH_STRING NETFILTER_XT_MATCH_TCPMSS NETFILTER_XT_MATCH_TIME NETFILTER_XT_MATCH_U32 NETFILTER_XT_SET NETFILTER_XT_TARGET_AUDIT NETFILTER_XT_TARGET_CHECKSUM NETFILTER_XT_TARGET_CLASSIFY NETFILTER_XT_TARGET_CONNMARK NETFILTER_XT_TARGET_CT NETFILTER_XT_TARGET_DSCP NETFILTER_XT_TARGET_HL NETFILTER_XT_TARGET_HMARK NETFILTER_XT_TARGET_IDLETIMER NETFILTER_XT_TARGET_LED NETFILTER_XT_TARGET_MARK NETFILTER_XT_TARGET_NETMAP NETFILTER_XT_TARGET_NFQUEUE NETFILTER_XT_TARGET_NOTRACK NETFILTER_XT_TARGET_RATEEST NETFILTER_XT_TARGET_REDIRECT NETFILTER_XT_TARGET_TCPOPTSTRIP NETFILTER_XT_TARGET_TEE NETFILTER_XT_TARGET_TPROXY NETFILTER_XT_TARGET_TRACE NETLINK_DIAG NETROM NET_9P_RDMA NET_ACT_BPF NET_ACT_CONNMARK NET_ACT_CSUM NET_ACT_CT NET_ACT_CTINFO NET_ACT_GATE NET_ACT_IFE NET_ACT_IPT NET_ACT_MPLS NET_ACT_NAT NET_ACT_PEDIT NET_ACT_POLICE NET_ACT_SAMPLE NET_ACT_SIMP NET_ACT_SKBEDIT NET_ACT_SKBMOD NET_ACT_TUNNEL_KEY NET_ACT_VLAN NET_CLS_BASIC NET_CLS_BPF NET_CLS_FLOW NET_CLS_FLOWER NET_CLS_FW NET_CLS_MATCHALL NET_CLS_ROUTE4 NET_DEVLINK NET_DROP_MONITOR NET_DSA NET_DSA_TAG_BRCM NET_DSA_TAG_BRCM_COMMON NET_DSA_TAG_BRCM_PREPEND NET_DSA_TAG_MTK NET_DSA_TAG_QCA NET_DSA_TAG_RTL4_A NET_EMATCH_CANID NET_EMATCH_CMP NET_EMATCH_IPSET NET_EMATCH_IPT NET_EMATCH_META NET_EMATCH_NBYTE NET_EMATCH_TEXT NET_EMATCH_U32 NET_FC NET_FOU NET_FOU_IP_TUNNELS NET_IFE NET_IFE_SKBMARK NET_IFE_SKBPRIO NET_IFE_SKBTCINDEX NET_IPGRE NET_IPGRE_BROADCAST NET_IPGRE_DEMUX NET_IPIP NET_IPVTI NET_KEY NET_KEY_MIGRATE NET_L3_MASTER_DEV NET_MPLS_GSO NET_NCSI NET_NSH NET_REDIRECT NET_SCH_CAKE NET_SCH_CBS NET_SCH_CHOKE NET_SCH_CODEL NET_SCH_DRR NET_SCH_ETF NET_SCH_ETS NET_SCH_FQ NET_SCH_FQ_CODEL NET_SCH_FQ_PIE NET_SCH_GRED NET_SCH_HFSC NET_SCH_HHF NET_SCH_HTB NET_SCH_INGRESS NET_SCH_MQPRIO NET_SCH_MQPRIO_LIB NET_SCH_MULTIQ NET_SCH_NETEM NET_SCH_PIE NET_SCH_PLUG NET_SCH_PRIO NET_SCH_QFQ NET_SCH_RED NET_SCH_SFB NET_SCH_SFQ NET_SCH_SKBPRIO NET_SCH_TAPRIO NET_SCH_TBF NET_SCH_TEQL NET_SOCK_MSG NET_SWITCHDEV NET_TC_SKB_EXT NET_TEAM NET_TEAM_MODE_ACTIVEBACKUP NET_TEAM_MODE_BROADCAST NET_TEAM_MODE_LOADBALANCE NET_TEAM_MODE_RANDOM NET_TEAM_MODE_ROUNDROBIN NET_UDP_TUNNEL NET_VRF NFC NFC_DIGITAL NFC_FDP NFC_HCI NFC_MRVL NFC_MRVL_USB NFC_NCI NFC_NCI_UART NFC_PN533 NFC_PN533_USB NFC_PORT100 NFC_SHDLC NFC_SIM NFC_VIRTUAL_NCI NFSD NFSD_BLOCKLAYOUT NFSD_FLEXFILELAYOUT NFSD_PNFS NFSD_SCSILAYOUT NFSD_V3_ACL NFSD_V4 NFSD_V4_2_INTER_SSC NFSD_V4_SECURITY_LABEL NFS_FSCACHE NFS_V4_1 NFS_V4_2 NFS_V4_2_READ_PLUS NFS_V4_2_SSC_HELPER NFS_V4_SECURITY_LABEL NFT_BRIDGE_META NFT_BRIDGE_REJECT NFT_COMPAT NFT_CONNLIMIT NFT_CT NFT_DUP_IPV4 NFT_DUP_IPV6 NFT_DUP_NETDEV NFT_FIB NFT_FIB_INET NFT_FIB_IPV4 NFT_FIB_IPV6 NFT_FIB_NETDEV NFT_FLOW_OFFLOAD NFT_HASH NFT_LIMIT NFT_LOG NFT_MASQ NFT_NAT NFT_NUMGEN NFT_OSF NFT_QUEUE NFT_QUOTA NFT_REDIR NFT_REJECT NFT_REJECT_INET NFT_REJECT_IPV4 NFT_REJECT_IPV6 NFT_REJECT_NETDEV NFT_SOCKET NFT_SYNPROXY NFT_TPROXY NFT_TUNNEL NFT_XFRM NF_CONNTRACK_AMANDA NF_CONNTRACK_BRIDGE NF_CONNTRACK_BROADCAST NF_CONNTRACK_EVENTS NF_CONNTRACK_H323 NF_CONNTRACK_LABELS NF_CONNTRACK_MARK NF_CONNTRACK_NETBIOS_NS NF_CONNTRACK_OVS NF_CONNTRACK_PPTP NF_CONNTRACK_SANE NF_CONNTRACK_SNMP NF_CONNTRACK_TFTP NF_CONNTRACK_TIMEOUT NF_CONNTRACK_TIMESTAMP NF_CONNTRACK_ZONES NF_CT_NETLINK_HELPER NF_CT_NETLINK_TIMEOUT NF_CT_PROTO_DCCP NF_CT_PROTO_GRE NF_CT_PROTO_SCTP NF_CT_PROTO_UDPLITE NF_DUP_IPV4 NF_DUP_IPV6 NF_DUP_NETDEV NF_FLOW_TABLE NF_FLOW_TABLE_INET NF_NAT_AMANDA NF_NAT_H323 NF_NAT_OVS NF_NAT_PPTP NF_NAT_REDIRECT NF_NAT_SNMP_BASIC NF_NAT_TFTP NF_SOCKET_IPV4 NF_TABLES NF_TABLES_BRIDGE NF_TABLES_INET NF_TABLES_IPV4 NF_TABLES_IPV6 NF_TABLES_NETDEV PARTITION_ADVANCED PSAMPLE RC_CORE RC_DEVICES RFKILL SPI USB_GADGET USB_MUSB_HDRC VIDEO_DEV WAN WATCH_QUEUE WIRELESS WLAN WWAN X25 X86_X32_ABI] disabling configs for [BUG LOCKDEP ATOMIC_SLEEP HANG LEAK UBSAN], they are not needed testing current HEAD a785fd28d31f76d50004712b6e0b409d5a8239d8 testing commit a785fd28d31f76d50004712b6e0b409d5a8239d8 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 8489b563768284f7f6c14ce19305e761e601df0e76a4c928b1cb5cb10fcf6f16 all runs: OK false negative chance: 0.000 # git bisect start a785fd28d31f76d50004712b6e0b409d5a8239d8 995b406c7e972fab181a4bb57f3b95e59b8e5bf3 Bisecting: 2053 revisions left to test after this (roughly 11 steps) [6537ed3904a3b3720e5e238dd5d542448fcf94c2] i2c: mpc: Drop unused variable determine whether the revision contains the guilty commit revision 995b406c7e972fab181a4bb57f3b95e59b8e5bf3 crashed and is reachable testing commit 6537ed3904a3b3720e5e238dd5d542448fcf94c2 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: c659b774aa6293b4b1472bedce46e6afdbe4cab95df513414fd3a09a2c323595 all runs: OK false negative chance: 0.000 # git bisect bad 6537ed3904a3b3720e5e238dd5d542448fcf94c2 Bisecting: 963 revisions left to test after this (roughly 10 steps) [e8069f5a8e3bdb5fdeeff895780529388592ee7a] Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm determine whether the revision contains the guilty commit revision 995b406c7e972fab181a4bb57f3b95e59b8e5bf3 crashed and is reachable testing commit e8069f5a8e3bdb5fdeeff895780529388592ee7a gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: bc3b6a34c8d10846c3270f3e6daa6f8ca327fb408529de2e19b710362fd381a0 run #0: crashed: KASAN: vmalloc-out-of-bounds Read in sys_finit_module run #1: crashed: general protection fault in sys_finit_module run #2: crashed: KASAN: slab-use-after-free Read in sys_finit_module run #3: crashed: KASAN: vmalloc-out-of-bounds Read in sys_finit_module run #4: crashed: KASAN: vmalloc-out-of-bounds Read in sys_finit_module run #5: crashed: KASAN: vmalloc-out-of-bounds Read in sys_finit_module run #6: crashed: KASAN: vmalloc-out-of-bounds Read in sys_finit_module run #7: crashed: KASAN: vmalloc-out-of-bounds Read in sys_finit_module run #8: crashed: KASAN: vmalloc-out-of-bounds Read in sys_finit_module run #9: crashed: BUG: workqueue lockup representative crash: KASAN: vmalloc-out-of-bounds Read in sys_finit_module, types: [KASAN] # git bisect good e8069f5a8e3bdb5fdeeff895780529388592ee7a Bisecting: 377 revisions left to test after this (roughly 9 steps) [15ac468614e5e4fee82e1eb32568f427b0e51adc] Merge tag 'media/v6.5-1' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media determine whether the revision contains the guilty commit revision e8069f5a8e3bdb5fdeeff895780529388592ee7a crashed and is reachable testing commit 15ac468614e5e4fee82e1eb32568f427b0e51adc gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: cdba76d6e6b39814f5313f4f4b30cdda5aae25b3974f665c2d1f0e9d958040d8 all runs: OK false negative chance: 0.000 # git bisect bad 15ac468614e5e4fee82e1eb32568f427b0e51adc Bisecting: 284 revisions left to test after this (roughly 8 steps) [94c76955e86a5a4f16a1d690b66dcc268c156e6a] Merge tag 'gfs2-v6.4-rc5-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/gfs2/linux-gfs2 determine whether the revision contains the guilty commit revision e8069f5a8e3bdb5fdeeff895780529388592ee7a crashed and is reachable testing commit 94c76955e86a5a4f16a1d690b66dcc268c156e6a gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: e443bdbb0b8b3765d47e3bbd66ae88e08388f7649743cccd7efed7dbec76fb9e all runs: OK false negative chance: 0.000 # git bisect bad 94c76955e86a5a4f16a1d690b66dcc268c156e6a Bisecting: 155 revisions left to test after this (roughly 7 steps) [f1962207150c8b602e980616f04b37ea4e64bb9f] module: fix init_module_from_file() error handling determine whether the revision contains the guilty commit revision 995b406c7e972fab181a4bb57f3b95e59b8e5bf3 crashed and is reachable testing commit f1962207150c8b602e980616f04b37ea4e64bb9f gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 2cd65944d15b92d6d191d8fddda871e4f721acd5b07153641d6dbf2265ef790a all runs: OK false negative chance: 0.000 # git bisect bad f1962207150c8b602e980616f04b37ea4e64bb9f Bisecting: 68 revisions left to test after this (roughly 6 steps) [02676ecca76cea4316c8a1e867850d88f6149806] Merge tag 'rproc-v6.5' of git://git.kernel.org/pub/scm/linux/kernel/git/remoteproc/linux determine whether the revision contains the guilty commit revision 995b406c7e972fab181a4bb57f3b95e59b8e5bf3 crashed and is reachable testing commit 02676ecca76cea4316c8a1e867850d88f6149806 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: f0ded3093978b599e026ef12b6dd913a8a5bcddca507d98382ccdf9739cc2271 run #0: crashed: general protection fault in sys_finit_module run #1: crashed: KASAN: vmalloc-out-of-bounds Read in sys_finit_module run #2: crashed: general protection fault in sys_finit_module run #3: crashed: KASAN: vmalloc-out-of-bounds Read in sys_finit_module run #4: crashed: KASAN: vmalloc-out-of-bounds Read in sys_finit_module run #5: crashed: KASAN: vmalloc-out-of-bounds Read in sys_finit_module run #6: crashed: KASAN: vmalloc-out-of-bounds Read in sys_finit_module run #7: crashed: general protection fault in sys_finit_module run #8: crashed: KASAN: vmalloc-out-of-bounds Read in sys_finit_module run #9: crashed: general protection fault in sys_wait4 representative crash: KASAN: vmalloc-out-of-bounds Read in sys_finit_module, types: [KASAN UNKNOWN] # git bisect good 02676ecca76cea4316c8a1e867850d88f6149806 Bisecting: 32 revisions left to test after this (roughly 5 steps) [4f52875366bfbd6ddc19c1045b603d853e0a889c] Merge tag 'io_uring-6.5-2023-07-03' of git://git.kernel.dk/linux determine whether the revision contains the guilty commit revision 995b406c7e972fab181a4bb57f3b95e59b8e5bf3 crashed and is reachable testing commit 4f52875366bfbd6ddc19c1045b603d853e0a889c gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 66af9bcd53234b63cc039e51fcd626cd786848af22922e3169f11e57011196e6 run #0: crashed: KASAN: stack-out-of-bounds Read in sys_finit_module run #1: crashed: KASAN: vmalloc-out-of-bounds Read in sys_finit_module run #2: crashed: KASAN: vmalloc-out-of-bounds Read in sys_finit_module run #3: crashed: KASAN: vmalloc-out-of-bounds Read in sys_finit_module run #4: crashed: KASAN: slab-out-of-bounds Read in sys_finit_module run #5: crashed: KASAN: vmalloc-out-of-bounds Read in sys_finit_module run #6: crashed: KASAN: stack-out-of-bounds Read in sys_finit_module run #7: crashed: KASAN: vmalloc-out-of-bounds Read in sys_finit_module run #8: crashed: KASAN: vmalloc-out-of-bounds Read in sys_finit_module run #9: crashed: KASAN: vmalloc-out-of-bounds Read in sys_finit_module representative crash: KASAN: stack-out-of-bounds Read in sys_finit_module, types: [KASAN] # git bisect good 4f52875366bfbd6ddc19c1045b603d853e0a889c Bisecting: 16 revisions left to test after this (roughly 4 steps) [3a08284ff22080e742814dad1dbabb4b66349642] Merge branch 'for-6.5/block-late' into block-6.5 determine whether the revision contains the guilty commit checking the merge base 89181f544ffa4da682b0145738342f9b78b9e8dc no existing result, test the revision testing commit 89181f544ffa4da682b0145738342f9b78b9e8dc gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 6799b628b99d8f6651f2487394ed49d7a867dce770a709128abac0516101a840 all runs: OK false negative chance: 0.000 the bug was not introduced yet; pretend that kernel crashed # git bisect good 3a08284ff22080e742814dad1dbabb4b66349642 Bisecting: 9 revisions left to test after this (roughly 3 steps) [4e69d4dabd2379af57b0b8fb9b0d62c23f9cd3b8] nvme: disable controller on reset state failure determine whether the revision contains the guilty commit checking the merge base 2293cae703cda162684ae966db6b1b4a11b5e88f no existing result, test the revision testing commit 2293cae703cda162684ae966db6b1b4a11b5e88f gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 26c8c72cbd7a2475f4aa2441cb9a2e331420364d1739087f801f74b82e0933b5 all runs: OK false negative chance: 0.000 the bug was not introduced yet; pretend that kernel crashed # git bisect good 4e69d4dabd2379af57b0b8fb9b0d62c23f9cd3b8 Bisecting: 4 revisions left to test after this (roughly 2 steps) [e836007089ba8fdf24e636ef2b007651fb4582e6] md/raid0: add discard support for the 'original' layout determine whether the revision contains the guilty commit checking the merge base 89181f544ffa4da682b0145738342f9b78b9e8dc the bug was not introduced yet; pretend that kernel crashed # git bisect good e836007089ba8fdf24e636ef2b007651fb4582e6 Bisecting: 2 revisions left to test after this (roughly 1 step) [e50df24979fd02f920aa7baada714a58bc61bfd9] Merge tag 'block-6.5-2023-07-03' of git://git.kernel.dk/linux determine whether the revision contains the guilty commit revision 02676ecca76cea4316c8a1e867850d88f6149806 crashed and is reachable testing commit e50df24979fd02f920aa7baada714a58bc61bfd9 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 2ba45f2c816ec6d863294c58712bc62b7022691cc660b35727c02084af759902 run #0: crashed: KASAN: vmalloc-out-of-bounds Read in sys_finit_module run #1: crashed: KASAN: vmalloc-out-of-bounds Read in sys_finit_module run #2: crashed: KASAN: slab-out-of-bounds Read in sys_finit_module run #3: crashed: KASAN: vmalloc-out-of-bounds Read in sys_finit_module run #4: crashed: general protection fault in sys_finit_module run #5: crashed: general protection fault in sys_finit_module run #6: crashed: KASAN: vmalloc-out-of-bounds Read in sys_finit_module run #7: crashed: KASAN: vmalloc-out-of-bounds Read in sys_finit_module run #8: crashed: KASAN: vmalloc-out-of-bounds Read in sys_finit_module run #9: crashed: BUG: workqueue lockup representative crash: KASAN: vmalloc-out-of-bounds Read in sys_finit_module, types: [KASAN UNKNOWN] # git bisect good e50df24979fd02f920aa7baada714a58bc61bfd9 Bisecting: 0 revisions left to test after this (roughly 1 step) [b5641a5d8b8b14643bfe3d017d64da90a5c55479] mm: don't do validate_mm() unnecessarily and without mmap locking determine whether the revision contains the guilty commit revision 02676ecca76cea4316c8a1e867850d88f6149806 crashed and is reachable testing commit b5641a5d8b8b14643bfe3d017d64da90a5c55479 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 7369d9f33581513ddd42a01d2c56b116a668e5825c94c24b596f7169285f6cb5 run #0: crashed: KASAN: vmalloc-out-of-bounds Read in sys_finit_module run #1: crashed: BUG: unable to handle kernel paging request in sys_finit_module run #2: crashed: BUG: unable to handle kernel paging request in sys_finit_module run #3: crashed: BUG: unable to handle kernel paging request in sys_finit_module run #4: crashed: BUG: unable to handle kernel paging request in sys_finit_module run #5: crashed: KASAN: vmalloc-out-of-bounds Read in sys_finit_module run #6: crashed: KASAN: slab-use-after-free Read in sys_finit_module run #7: crashed: KASAN: vmalloc-out-of-bounds Read in sys_finit_module run #8: crashed: BUG: unable to handle kernel paging request in sys_finit_module run #9: crashed: BUG: workqueue lockup representative crash: BUG: unable to handle kernel paging request in sys_finit_module, types: [UNKNOWN KASAN] # git bisect good b5641a5d8b8b14643bfe3d017d64da90a5c55479 f1962207150c8b602e980616f04b37ea4e64bb9f is the first bad commit commit f1962207150c8b602e980616f04b37ea4e64bb9f Author: Linus Torvalds Date: Tue Jul 4 06:37:32 2023 -0700 module: fix init_module_from_file() error handling Vegard Nossum pointed out two different problems with the error handling in init_module_from_file(): (a) the idempotent loading code didn't clean up properly in some error cases, leaving the on-stack 'struct idempotent' element still in the hash table (b) failure to read the module file would nonsensically update the 'invalid_kread_bytes' stat counter with the error value The first error is quite nasty, in that it can then cause subsequent idempotent loads of that same file to access stale stack contents of the previous failure. The case may not happen in any normal situation (explaining all the "Tested-by's on the original change), and requires admin privileges, but syzkaller triggers random bad behavior as a result: BUG: soft lockup in sys_finit_module BUG: unable to handle kernel paging request in init_module_from_file general protection fault in init_module_from_file INFO: task hung in init_module_from_file KASAN: out-of-bounds Read in init_module_from_file KASAN: slab-out-of-bounds Read in init_module_from_file ... The second error is fairly benign and just leads to nonsensical stats (and has been around since the debug stats were added). Vegard also provided a patch for the idempotent loading issue, but I'd rather re-organize the code and make it more legible using another level of helper functions than add the usual "goto out" error handling. Link: https://lore.kernel.org/lkml/20230704100852.23452-1-vegard.nossum@oracle.com/ Fixes: 9b9879fc0327 ("modules: catch concurrent module loads, treat them as idempotent") Reported-by: Vegard Nossum Reported-by: Harshit Mogalapalli Reported-by: syzbot+9c2bdc9d24e4a7abe741@syzkaller.appspotmail.com Signed-off-by: Linus Torvalds kernel/module/main.c | 39 +++++++++++++++++++++++---------------- 1 file changed, 23 insertions(+), 16 deletions(-) accumulated error probability: 0.00 culprit signature: 2cd65944d15b92d6d191d8fddda871e4f721acd5b07153641d6dbf2265ef790a parent signature: 7369d9f33581513ddd42a01d2c56b116a668e5825c94c24b596f7169285f6cb5 revisions tested: 19, total time: 5h4m38.93709211s (build: 2h23m58.503813919s, test: 2h27m53.720077896s) first good commit: f1962207150c8b602e980616f04b37ea4e64bb9f module: fix init_module_from_file() error handling recipients (to): ["torvalds@linux-foundation.org"] recipients (cc): []