ci2 starts bisection 2024-08-24 16:01:02.395064831 +0000 UTC m=+103191.285205120 bisecting fixing commit since 3ca4271578e1cc2bcf4fceb08d794c56b9fd58b8 building syzkaller on 7925100d31df9119974be319d00386194316fad9 ensuring issue is reproducible on original commit 3ca4271578e1cc2bcf4fceb08d794c56b9fd58b8 testing commit 3ca4271578e1cc2bcf4fceb08d794c56b9fd58b8 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: ccd39bfc9b0b84b1f372b508c72aae6d2460309bd795bd6c7f436f0cf63e7702 run #0: crashed: BUG: unable to handle kernel paging request in hash run #1: crashed: BUG: unable to handle kernel paging request in hash run #2: crashed: BUG: unable to handle kernel paging request in hash run #3: crashed: KASAN: stack-out-of-bounds Read in hash run #4: crashed: BUG: unable to handle kernel paging request in hash run #5: crashed: BUG: unable to handle kernel paging request in hash run #6: crashed: KASAN: stack-out-of-bounds Read in hash run #7: crashed: BUG: unable to handle kernel paging request in hash run #8: crashed: BUG: unable to handle kernel paging request in hash run #9: crashed: BUG: unable to handle kernel paging request in hash run #10: crashed: KASAN: stack-out-of-bounds Read in hash run #11: crashed: KASAN: stack-out-of-bounds Read in hash run #12: crashed: KASAN: stack-out-of-bounds Read in hash run #13: crashed: BUG: unable to handle kernel paging request in hash run #14: crashed: KASAN: stack-out-of-bounds Read in hash run #15: crashed: KASAN: stack-out-of-bounds Read in hash run #16: crashed: KASAN: stack-out-of-bounds Read in hash run #17: crashed: KASAN: stack-out-of-bounds Read in hash run #18: crashed: KASAN: stack-out-of-bounds Read in hash run #19: crashed: KASAN: stack-out-of-bounds Read in hash representative crash: KASAN: stack-out-of-bounds Read in hash, types: [KASAN UNKNOWN] check whether we can drop unnecessary instrumentation disabling configs for [ATOMIC_SLEEP HANG LEAK UBSAN BUG LOCKDEP], they are not needed testing commit 3ca4271578e1cc2bcf4fceb08d794c56b9fd58b8 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 86adff74cf88f57771568308a2d8a58c9ce2ee1ca7ebb729631ce355bf9d6052 run #0: crashed: KASAN: stack-out-of-bounds Read in hash run #1: crashed: KASAN: stack-out-of-bounds Read in hash run #2: crashed: KASAN: stack-out-of-bounds Read in hash run #3: crashed: KASAN: stack-out-of-bounds Read in hash run #4: crashed: KASAN: stack-out-of-bounds Read in hash run #5: crashed: KASAN: stack-out-of-bounds Read in hash run #6: crashed: BUG: unable to handle kernel paging request in hash run #7: crashed: KASAN: stack-out-of-bounds Read in hash run #8: crashed: KASAN: stack-out-of-bounds Read in hash run #9: crashed: KASAN: stack-out-of-bounds Read in hash representative crash: KASAN: stack-out-of-bounds Read in hash, types: [KASAN] the bug reproduces without the instrumentation disabling configs for [LEAK UBSAN BUG LOCKDEP ATOMIC_SLEEP HANG], they are not needed kconfig minimization: base=5179 full=6491 leaves diff=256 split chunks (needed=false): <256> split chunk #0 of len 256 into 5 parts testing without sub-chunk 1/5 disabling configs for [HANG LEAK UBSAN BUG LOCKDEP ATOMIC_SLEEP], they are not needed testing commit 3ca4271578e1cc2bcf4fceb08d794c56b9fd58b8 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: bd9b4c67f2395df0497ab0b6df47eedfef94c29639c05e34f0e5c78ddc58cb42 run #0: crashed: BUG: unable to handle kernel paging request in hash run #1: crashed: KASAN: stack-out-of-bounds Read in hash run #2: crashed: BUG: unable to handle kernel paging request in hash run #3: crashed: KASAN: stack-out-of-bounds Read in hash run #4: crashed: KASAN: stack-out-of-bounds Read in hash run #5: crashed: BUG: unable to handle kernel paging request in hash run #6: crashed: BUG: unable to handle kernel paging request in hash run #7: crashed: KASAN: stack-out-of-bounds Read in hash run #8: crashed: KASAN: stack-out-of-bounds Read in hash run #9: crashed: KASAN: stack-out-of-bounds Read in hash representative crash: KASAN: stack-out-of-bounds Read in hash, types: [KASAN UNKNOWN] the chunk can be dropped testing without sub-chunk 2/5 disabling configs for [LOCKDEP ATOMIC_SLEEP HANG LEAK UBSAN BUG], they are not needed testing commit 3ca4271578e1cc2bcf4fceb08d794c56b9fd58b8 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 4e76df6ec3fed770b7f535d084a09bd089dd711c5516083f7553bb0495055da0 run #0: crashed: KASAN: stack-out-of-bounds Read in hash run #1: crashed: BUG: unable to handle kernel paging request in hash run #2: crashed: KASAN: stack-out-of-bounds Read in hash run #3: crashed: BUG: unable to handle kernel paging request in hash run #4: crashed: BUG: unable to handle kernel paging request in hash run #5: crashed: KASAN: stack-out-of-bounds Read in hash run #6: crashed: BUG: unable to handle kernel paging request in hash run #7: crashed: BUG: unable to handle kernel paging request in hash run #8: crashed: KASAN: stack-out-of-bounds Read in hash run #9: crashed: KASAN: stack-out-of-bounds Read in hash representative crash: KASAN: stack-out-of-bounds Read in hash, types: [KASAN UNKNOWN] the chunk can be dropped testing without sub-chunk 3/5 disabling configs for [HANG LEAK UBSAN BUG LOCKDEP ATOMIC_SLEEP], they are not needed testing commit 3ca4271578e1cc2bcf4fceb08d794c56b9fd58b8 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 8cddcfedcb892362d353e71534fcaf4cdc2ba8cfde16d2cb780433ed0ee41961 run #0: crashed: KASAN: stack-out-of-bounds Read in hash run #1: crashed: BUG: unable to handle kernel paging request in hash run #2: crashed: KASAN: stack-out-of-bounds Read in hash run #3: crashed: KASAN: stack-out-of-bounds Read in hash run #4: crashed: KASAN: stack-out-of-bounds Read in hash run #5: crashed: KASAN: stack-out-of-bounds Read in hash run #6: crashed: BUG: unable to handle kernel paging request in hash run #7: crashed: KASAN: stack-out-of-bounds Read in hash run #8: crashed: KASAN: stack-out-of-bounds Read in hash run #9: crashed: KASAN: stack-out-of-bounds Read in hash representative crash: KASAN: stack-out-of-bounds Read in hash, types: [KASAN] the chunk can be dropped testing without sub-chunk 4/5 disabling configs for [HANG LEAK UBSAN BUG LOCKDEP ATOMIC_SLEEP], they are not needed testing commit 3ca4271578e1cc2bcf4fceb08d794c56b9fd58b8 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 0963f6c3024bf0ae362bdb2ef6bfb304244cbf536becfec07b3fc80b18b99c71 run #0: crashed: BUG: unable to handle kernel paging request in hash run #1: crashed: BUG: unable to handle kernel paging request in hash run #2: crashed: BUG: unable to handle kernel paging request in hash run #3: crashed: KASAN: stack-out-of-bounds Read in hash run #4: crashed: KASAN: stack-out-of-bounds Read in hash run #5: crashed: KASAN: stack-out-of-bounds Read in hash run #6: crashed: BUG: unable to handle kernel paging request in hash run #7: crashed: KASAN: stack-out-of-bounds Read in hash run #8: crashed: KASAN: stack-out-of-bounds Read in hash run #9: crashed: BUG: unable to handle kernel paging request in hash representative crash: BUG: unable to handle kernel paging request in hash, types: [UNKNOWN KASAN] the chunk can be dropped testing without sub-chunk 5/5 disabling configs for [HANG LEAK UBSAN BUG LOCKDEP ATOMIC_SLEEP], they are not needed testing commit 3ca4271578e1cc2bcf4fceb08d794c56b9fd58b8 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 failed building 3ca4271578e1cc2bcf4fceb08d794c56b9fd58b8: net/socket.c:1245: undefined reference to `wext_handle_ioctl' net/socket.c:3442: undefined reference to `compat_wext_handle_ioctl' net/core/net-procfs.c:329: undefined reference to `wext_proc_init' net/core/net-procfs.c:345: undefined reference to `wext_proc_exit' minimized to 48 configs; suspects: [HID_ZEROPLUS USB_NET_NET1080 USB_NET_PLUSB USB_NET_RNDIS_HOST USB_NET_SMSC75XX USB_NET_SMSC95XX USB_NET_SR9700 USB_NET_SR9800 USB_NET_ZAURUS USB_OHCI_HCD USB_OHCI_HCD_PCI USB_OHCI_HCD_PLATFORM USB_OTG USB_OTG_FSM USB_PRINTER USB_SERIAL_GENERIC USB_SERIAL_PL2303 USB_STORAGE_ALAUDA USB_STORAGE_CYPRESS_ATACB USB_STORAGE_DATAFAB USB_STORAGE_FREECOM USB_STORAGE_ISD200 USB_STORAGE_JUMPSHOT USB_STORAGE_KARMA USB_STORAGE_ONETOUCH USB_STORAGE_SDDR09 USB_STORAGE_SDDR55 USB_STORAGE_USBAT USB_TRANCEVIBRATOR USB_U_AUDIO USB_U_ETHER USB_U_SERIAL USB_WDM V4L2_ASYNC V4L2_FWNODE VIDEO_CAMERA_SENSOR WLAN WLAN_VENDOR_ATH WLAN_VENDOR_ATMEL WLAN_VENDOR_BROADCOM WLAN_VENDOR_INTERSIL WLAN_VENDOR_MARVELL WLAN_VENDOR_MEDIATEK WLAN_VENDOR_MICROCHIP WLAN_VENDOR_PURELIFI WLAN_VENDOR_RALINK WLAN_VENDOR_REALTEK WLAN_VENDOR_RSI WLAN_VENDOR_SILABS WLAN_VENDOR_ZYDAS X86_X32_ABI ZEROPLUS_FF] disabling configs for [ATOMIC_SLEEP HANG LEAK UBSAN BUG LOCKDEP], they are not needed testing current HEAD 514bdc80b9d2cda5201730045cad6e65c4153f67 testing commit 514bdc80b9d2cda5201730045cad6e65c4153f67 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: e87f93314c696752a3b286a953dc55b205c8c2397d04a05c3ed4a7ee99d94758 all runs: OK false negative chance: 0.000 # git bisect start 514bdc80b9d2cda5201730045cad6e65c4153f67 3ca4271578e1cc2bcf4fceb08d794c56b9fd58b8 Bisecting: 1402 revisions left to test after this (roughly 11 steps) [d346b3e5b25c95d504478507eb867cd3818775ab] drm/amd/display: Fix a potential buffer overflow in 'dp_dsc_clock_en_read()' determine whether the revision contains the guilty commit checking the merge base 883d1a9562083922c6d293e9adad8cca4626adf3 no existing result, test the revision testing commit 883d1a9562083922c6d293e9adad8cca4626adf3 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 0b55b9fcda507134f6bfabfaeff8dd659799dad50dec73171b7649ab410ddf43 run #0: crashed: KASAN: stack-out-of-bounds Read in hash run #1: crashed: KASAN: stack-out-of-bounds Read in hash run #2: crashed: KASAN: stack-out-of-bounds Read in hash run #3: crashed: KASAN: stack-out-of-bounds Read in hash run #4: crashed: BUG: unable to handle kernel paging request in hash run #5: crashed: KASAN: stack-out-of-bounds Read in hash run #6: crashed: BUG: unable to handle kernel paging request in hash run #7: crashed: KASAN: stack-out-of-bounds Read in hash run #8: crashed: BUG: unable to handle kernel paging request in hash run #9: crashed: KASAN: stack-out-of-bounds Read in hash representative crash: KASAN: stack-out-of-bounds Read in hash, types: [KASAN UNKNOWN] testing commit d346b3e5b25c95d504478507eb867cd3818775ab gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: bc27a914a35cccb34b2d8ce9084ddf35271b8dee29cfd9c3068600341d469cc2 run #0: crashed: BUG: unable to handle kernel paging request in hash run #1: crashed: KASAN: stack-out-of-bounds Read in hash run #2: crashed: KASAN: stack-out-of-bounds Read in hash run #3: crashed: KASAN: stack-out-of-bounds Read in hash run #4: crashed: BUG: unable to handle kernel paging request in hash run #5: crashed: BUG: unable to handle kernel paging request in hash run #6: crashed: BUG: unable to handle kernel paging request in hash run #7: crashed: KASAN: stack-out-of-bounds Read in hash run #8: crashed: KASAN: stack-out-of-bounds Read in hash run #9: crashed: KASAN: stack-out-of-bounds Read in hash representative crash: KASAN: stack-out-of-bounds Read in hash, types: [KASAN UNKNOWN] # git bisect good d346b3e5b25c95d504478507eb867cd3818775ab Bisecting: 701 revisions left to test after this (roughly 10 steps) [2a523f14a3f53b46ff0e1fafd215b0bc5f6783aa] xsk: validate user input for XDP_{UMEM|COMPLETION}_FILL_RING determine whether the revision contains the guilty commit revision d346b3e5b25c95d504478507eb867cd3818775ab crashed and is reachable testing commit 2a523f14a3f53b46ff0e1fafd215b0bc5f6783aa gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: efcdd92d1447dd810faa31f8ac0b3fea5c918575d2f800f2935e09e9bf2afe6d all runs: OK false negative chance: 0.000 # git bisect bad 2a523f14a3f53b46ff0e1fafd215b0bc5f6783aa Bisecting: 350 revisions left to test after this (roughly 9 steps) [7664ee8bd80309b90d53488b619764f0a057f2b7] usb: gadget: ncm: Fix handling of zero block length packets determine whether the revision contains the guilty commit revision 883d1a9562083922c6d293e9adad8cca4626adf3 crashed and is reachable testing commit 7664ee8bd80309b90d53488b619764f0a057f2b7 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: f1944579d693890046ef4b897466cacba813f10ad4411cb647cffbf83f5b96a7 run #0: crashed: KASAN: stack-out-of-bounds Read in hash run #1: crashed: KASAN: stack-out-of-bounds Read in hash run #2: crashed: BUG: unable to handle kernel paging request in hash run #3: crashed: KASAN: stack-out-of-bounds Read in hash run #4: crashed: KASAN: stack-out-of-bounds Read in hash run #5: crashed: BUG: unable to handle kernel paging request in hash run #6: crashed: BUG: unable to handle kernel paging request in hash run #7: crashed: KASAN: stack-out-of-bounds Read in hash run #8: crashed: KASAN: stack-out-of-bounds Read in hash run #9: crashed: KASAN: stack-out-of-bounds Read in hash representative crash: KASAN: stack-out-of-bounds Read in hash, types: [KASAN UNKNOWN] # git bisect good 7664ee8bd80309b90d53488b619764f0a057f2b7 Bisecting: 175 revisions left to test after this (roughly 8 steps) [8c58d384050b99d0aac8dd4c5a0d1c09f0f33152] udp: do not transition UDP GRO fraglist partial checksums to unnecessary determine whether the revision contains the guilty commit revision 883d1a9562083922c6d293e9adad8cca4626adf3 crashed and is reachable testing commit 8c58d384050b99d0aac8dd4c5a0d1c09f0f33152 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: f6a07434535c572e43f8de7807aa3e3f1b406a7ad9529dcef0443eba1d488f6c all runs: OK false negative chance: 0.000 # git bisect bad 8c58d384050b99d0aac8dd4c5a0d1c09f0f33152 Bisecting: 87 revisions left to test after this (roughly 7 steps) [74cdf12f8dd8d7e9d9b2cf605ed136df7c48a659] usb: dwc2: gadget: Fix exiting from clock gating determine whether the revision contains the guilty commit revision 883d1a9562083922c6d293e9adad8cca4626adf3 crashed and is reachable testing commit 74cdf12f8dd8d7e9d9b2cf605ed136df7c48a659 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: d37252dd80d757d57b15f627c2baf00abcc6ef298992cb62289b0c3baa6de924 run #0: crashed: KASAN: stack-out-of-bounds Read in hash run #1: crashed: KASAN: stack-out-of-bounds Read in hash run #2: crashed: BUG: unable to handle kernel paging request in hash run #3: crashed: KASAN: stack-out-of-bounds Read in hash run #4: crashed: KASAN: stack-out-of-bounds Read in hash run #5: crashed: KASAN: stack-out-of-bounds Read in hash run #6: crashed: BUG: unable to handle kernel paging request in hash run #7: crashed: BUG: unable to handle kernel paging request in hash run #8: crashed: BUG: unable to handle kernel paging request in hash run #9: crashed: KASAN: stack-out-of-bounds Read in hash representative crash: KASAN: stack-out-of-bounds Read in hash, types: [KASAN UNKNOWN] # git bisect good 74cdf12f8dd8d7e9d9b2cf605ed136df7c48a659 Bisecting: 43 revisions left to test after this (roughly 6 steps) [98cdac206b112bec63852e94802791e316acc2c1] bpf: Protect against int overflow for stack access size determine whether the revision contains the guilty commit revision 883d1a9562083922c6d293e9adad8cca4626adf3 crashed and is reachable testing commit 98cdac206b112bec63852e94802791e316acc2c1 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 5165d2df7c7e633ebf33d430314ee5200d4a4f012e86f76815158b12ac579e22 all runs: OK false negative chance: 0.000 # git bisect bad 98cdac206b112bec63852e94802791e316acc2c1 Bisecting: 21 revisions left to test after this (roughly 5 steps) [98cfafaf2f414e03302c09e4989f3c35744db5ce] scsi: libsas: Fix disk not being scanned in after being removed determine whether the revision contains the guilty commit revision 883d1a9562083922c6d293e9adad8cca4626adf3 crashed and is reachable testing commit 98cfafaf2f414e03302c09e4989f3c35744db5ce gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 58ad71aaf288a51380a0c2ceceaadb9f6405df5641ce86325ce2475a5d35fb62 run #0: crashed: BUG: unable to handle kernel paging request in hash run #1: crashed: BUG: unable to handle kernel paging request in hash run #2: crashed: KASAN: stack-out-of-bounds Read in hash run #3: crashed: BUG: unable to handle kernel paging request in hash run #4: crashed: BUG: unable to handle kernel paging request in hash run #5: crashed: BUG: unable to handle kernel paging request in hash run #6: crashed: KASAN: stack-out-of-bounds Read in hash run #7: crashed: BUG: unable to handle kernel paging request in hash run #8: crashed: BUG: unable to handle kernel paging request in hash run #9: crashed: BUG: unable to handle kernel paging request in hash representative crash: BUG: unable to handle kernel paging request in hash, types: [UNKNOWN] # git bisect good 98cfafaf2f414e03302c09e4989f3c35744db5ce Bisecting: 10 revisions left to test after this (roughly 4 steps) [16307e7bc1120e87f243d00b8e403da9cfaa60d6] s390/qeth: handle deferred cc1 determine whether the revision contains the guilty commit revision 98cfafaf2f414e03302c09e4989f3c35744db5ce crashed and is reachable testing commit 16307e7bc1120e87f243d00b8e403da9cfaa60d6 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 3e4e552e54e846ef1f755e9752b10291855b9afea76f976476d083a8c24e213d run #0: crashed: BUG: unable to handle kernel paging request in hash run #1: crashed: KASAN: stack-out-of-bounds Read in hash run #2: crashed: KASAN: stack-out-of-bounds Read in hash run #3: crashed: BUG: unable to handle kernel paging request in hash run #4: crashed: KASAN: stack-out-of-bounds Read in hash run #5: crashed: KASAN: stack-out-of-bounds Read in hash run #6: crashed: KASAN: stack-out-of-bounds Read in hash run #7: crashed: KASAN: stack-out-of-bounds Read in hash run #8: crashed: BUG: unable to handle kernel paging request in hash run #9: crashed: BUG: unable to handle kernel paging request in hash representative crash: KASAN: stack-out-of-bounds Read in hash, types: [KASAN UNKNOWN] # git bisect good 16307e7bc1120e87f243d00b8e403da9cfaa60d6 Bisecting: 5 revisions left to test after this (roughly 3 steps) [50b69054f455dcdb34bd6b22764c7579b270eef3] net: hns3: fix kernel crash when devlink reload during pf initialization determine whether the revision contains the guilty commit revision 883d1a9562083922c6d293e9adad8cca4626adf3 crashed and is reachable testing commit 50b69054f455dcdb34bd6b22764c7579b270eef3 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: d0e42516856caf9b05eebc2a3cb4aea4eec2219865b88f4016da052e200b9981 run #0: crashed: KASAN: stack-out-of-bounds Read in hash run #1: crashed: BUG: unable to handle kernel paging request in hash run #2: crashed: KASAN: stack-out-of-bounds Read in hash run #3: crashed: BUG: unable to handle kernel paging request in hash run #4: crashed: BUG: unable to handle kernel paging request in hash run #5: crashed: KASAN: stack-out-of-bounds Read in hash run #6: crashed: KASAN: stack-out-of-bounds Read in hash run #7: crashed: BUG: unable to handle kernel paging request in hash run #8: crashed: BUG: unable to handle kernel paging request in hash run #9: crashed: KASAN: stack-out-of-bounds Read in hash representative crash: KASAN: stack-out-of-bounds Read in hash, types: [KASAN UNKNOWN] # git bisect good 50b69054f455dcdb34bd6b22764c7579b270eef3 Bisecting: 2 revisions left to test after this (roughly 2 steps) [f52c8f1210da45d905c9d3b7a3ff4ea02c692fd7] tls: adjust recv return with async crypto and failed copy to userspace determine whether the revision contains the guilty commit revision 74cdf12f8dd8d7e9d9b2cf605ed136df7c48a659 crashed and is reachable testing commit f52c8f1210da45d905c9d3b7a3ff4ea02c692fd7 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: efb5139dc876be7452ddab40f304c2afb791efd386a18ba528fbdaf73b3fa8a0 run #0: crashed: KASAN: stack-out-of-bounds Read in hash run #1: crashed: KASAN: stack-out-of-bounds Read in hash run #2: crashed: BUG: unable to handle kernel paging request in hash run #3: crashed: KASAN: stack-out-of-bounds Read in hash run #4: crashed: KASAN: stack-out-of-bounds Read in hash run #5: crashed: BUG: unable to handle kernel paging request in hash run #6: crashed: KASAN: stack-out-of-bounds Read in hash run #7: crashed: KASAN: stack-out-of-bounds Read in hash run #8: crashed: BUG: unable to handle kernel paging request in hash run #9: crashed: BUG: unable to handle kernel paging request in hash representative crash: KASAN: stack-out-of-bounds Read in hash, types: [KASAN UNKNOWN] # git bisect good f52c8f1210da45d905c9d3b7a3ff4ea02c692fd7 Bisecting: 0 revisions left to test after this (roughly 1 step) [24444af5ddf729376b90db0f135fa19973cb5dab] mlxbf_gige: call request_irq() after NAPI initialized determine whether the revision contains the guilty commit revision d346b3e5b25c95d504478507eb867cd3818775ab crashed and is reachable testing commit 24444af5ddf729376b90db0f135fa19973cb5dab gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 6fe3daaad674c3afc7c257f32dab3b2b4311fc6aec5b8403c60deea0969eac0a run #0: crashed: BUG: unable to handle kernel paging request in hash run #1: crashed: KASAN: stack-out-of-bounds Read in hash run #2: crashed: BUG: unable to handle kernel paging request in hash run #3: crashed: KASAN: stack-out-of-bounds Read in hash run #4: crashed: BUG: unable to handle kernel paging request in hash run #5: crashed: KASAN: stack-out-of-bounds Read in hash run #6: crashed: BUG: unable to handle kernel paging request in hash run #7: crashed: KASAN: stack-out-of-bounds Read in hash run #8: crashed: KASAN: stack-out-of-bounds Read in hash run #9: crashed: KASAN: stack-out-of-bounds Read in hash representative crash: KASAN: stack-out-of-bounds Read in hash, types: [KASAN UNKNOWN] # git bisect good 24444af5ddf729376b90db0f135fa19973cb5dab 98cdac206b112bec63852e94802791e316acc2c1 is the first bad commit commit 98cdac206b112bec63852e94802791e316acc2c1 Author: Andrei Matei Date: Tue Mar 26 22:42:45 2024 -0400 bpf: Protect against int overflow for stack access size [ Upstream commit ecc6a2101840177e57c925c102d2d29f260d37c8 ] This patch re-introduces protection against the size of access to stack memory being negative; the access size can appear negative as a result of overflowing its signed int representation. This should not actually happen, as there are other protections along the way, but we should protect against it anyway. One code path was missing such protections (fixed in the previous patch in the series), causing out-of-bounds array accesses in check_stack_range_initialized(). This patch causes the verification of a program with such a non-sensical access size to fail. This check used to exist in a more indirect way, but was inadvertendly removed in a833a17aeac7. Fixes: a833a17aeac7 ("bpf: Fix verification of indirect var-off stack access") Reported-by: syzbot+33f4297b5f927648741a@syzkaller.appspotmail.com Reported-by: syzbot+aafd0513053a1cbf52ef@syzkaller.appspotmail.com Closes: https://lore.kernel.org/bpf/CAADnVQLORV5PT0iTAhRER+iLBTkByCYNBYyvBSgjN1T31K+gOw@mail.gmail.com/ Acked-by: Andrii Nakryiko Signed-off-by: Andrei Matei Link: https://lore.kernel.org/r/20240327024245.318299-3-andreimatei1@gmail.com Signed-off-by: Alexei Starovoitov Signed-off-by: Sasha Levin kernel/bpf/verifier.c | 5 +++++ 1 file changed, 5 insertions(+) accumulated error probability: 0.00 culprit signature: 5165d2df7c7e633ebf33d430314ee5200d4a4f012e86f76815158b12ac579e22 parent signature: 6fe3daaad674c3afc7c257f32dab3b2b4311fc6aec5b8403c60deea0969eac0a revisions tested: 19, total time: 2h52m45.070916141s (build: 1h21m8.801492538s, test: 1h25m51.705785312s) first good commit: 98cdac206b112bec63852e94802791e316acc2c1 bpf: Protect against int overflow for stack access size recipients (to): ["andreimatei1@gmail.com" "andrii@kernel.org" "ast@kernel.org" "sashal@kernel.org"] recipients (cc): []