ci starts bisection 2025-06-11 09:42:05.20465938 +0000 UTC m=+76131.950519654 bisecting cause commit starting from b27cc623e01be9de1580eaa913508b237a7a9673 building syzkaller on 5d7e17caf7d0971d22446d8a81bcf1cd8c18a0dc fetch other tags and check if the commit is present ensuring issue is reproducible on original commit b27cc623e01be9de1580eaa913508b237a7a9673 testing commit b27cc623e01be9de1580eaa913508b237a7a9673 gcc compiler: Debian clang version 20.1.6 (++20250514063057+1e4d39e07757-1~exp1~20250514183223.118), Debian LLD 20.1.6 kernel signature: fbfc0e78baeb5f13fff07a872d837aece19a46555f5e4746cdd55243a8186b48 all runs: crashed: KASAN: slab-out-of-bounds Read in bch2_sb_members_v1_to_text representative crash: KASAN: slab-out-of-bounds Read in bch2_sb_members_v1_to_text, types: [KASAN] check whether we can drop unnecessary instrumentation disabling configs for [LEAK UBSAN BUG LOCKDEP ATOMIC_SLEEP HANG], they are not needed testing commit b27cc623e01be9de1580eaa913508b237a7a9673 gcc compiler: Debian clang version 20.1.6 (++20250514063057+1e4d39e07757-1~exp1~20250514183223.118), Debian LLD 20.1.6 kernel signature: d1dceba46800a0d9d35440fa90955c21a74af09f572207f0743b9b130e081609 all runs: crashed: KASAN: slab-out-of-bounds Read in bch2_sb_members_v1_to_text representative crash: KASAN: slab-out-of-bounds Read in bch2_sb_members_v1_to_text, types: [KASAN] the bug reproduces without the instrumentation disabling configs for [ATOMIC_SLEEP HANG LEAK UBSAN BUG LOCKDEP], they are not needed kconfig minimization: base=4091 full=8369 leaves diff=2131 split chunks (needed=false): <2131> split chunk #0 of len 2131 into 5 parts testing without sub-chunk 1/5 disabling configs for [HANG LEAK UBSAN BUG LOCKDEP ATOMIC_SLEEP], they are not needed testing commit b27cc623e01be9de1580eaa913508b237a7a9673 gcc compiler: Debian clang version 20.1.6 (++20250514063057+1e4d39e07757-1~exp1~20250514183223.118), Debian LLD 20.1.6 kernel signature: db4a8920a855ec2526ad11f4f1869449741bdab063ec1d23a77cc0ced3d61655 all runs: OK false negative chance: 0.000 testing without sub-chunk 2/5 disabling configs for [UBSAN BUG LOCKDEP ATOMIC_SLEEP HANG LEAK], they are not needed testing commit b27cc623e01be9de1580eaa913508b237a7a9673 gcc compiler: Debian clang version 20.1.6 (++20250514063057+1e4d39e07757-1~exp1~20250514183223.118), Debian LLD 20.1.6 kernel signature: 9f72f676d3cdb5e422a7911ec47eb84849880f71c9a11795fa4afced60993c5c all runs: crashed: KASAN: slab-out-of-bounds Read in bch2_sb_members_v1_to_text representative crash: KASAN: slab-out-of-bounds Read in bch2_sb_members_v1_to_text, types: [KASAN] the chunk can be dropped testing without sub-chunk 3/5 disabling configs for [LEAK UBSAN BUG LOCKDEP ATOMIC_SLEEP HANG], they are not needed testing commit b27cc623e01be9de1580eaa913508b237a7a9673 gcc compiler: Debian clang version 20.1.6 (++20250514063057+1e4d39e07757-1~exp1~20250514183223.118), Debian LLD 20.1.6 kernel signature: 02499885b323e30026ae2d0b6112c88ab8fe4777f5c10f5f792763cee7fb4693 all runs: crashed: KASAN: slab-out-of-bounds Read in bch2_sb_members_v1_to_text representative crash: KASAN: slab-out-of-bounds Read in bch2_sb_members_v1_to_text, types: [KASAN] the chunk can be dropped testing without sub-chunk 4/5 disabling configs for [HANG LEAK UBSAN BUG LOCKDEP ATOMIC_SLEEP], they are not needed testing commit b27cc623e01be9de1580eaa913508b237a7a9673 gcc compiler: Debian clang version 20.1.6 (++20250514063057+1e4d39e07757-1~exp1~20250514183223.118), Debian LLD 20.1.6 kernel signature: 30788f16b3356956f09d27240c358f47ff2ecf2fa348a3e454067e1c3f8e0203 all runs: crashed: KASAN: slab-out-of-bounds Read in bch2_sb_members_v1_to_text representative crash: KASAN: slab-out-of-bounds Read in bch2_sb_members_v1_to_text, types: [KASAN] the chunk can be dropped testing without sub-chunk 5/5 disabling configs for [LEAK UBSAN BUG LOCKDEP ATOMIC_SLEEP HANG], they are not needed testing commit b27cc623e01be9de1580eaa913508b237a7a9673 gcc compiler: Debian clang version 20.1.6 (++20250514063057+1e4d39e07757-1~exp1~20250514183223.118), Debian LLD 20.1.6 kernel signature: 18378c70b4ca9f41d74a73230fdbe3a16572c6beb25a934880ca3dd42860d894 all runs: crashed: KASAN: slab-out-of-bounds Read in bch2_sb_members_v1_to_text representative crash: KASAN: slab-out-of-bounds Read in bch2_sb_members_v1_to_text, types: [KASAN] the chunk can be dropped minimized to 427 configs; suspects: [6LOWPAN 6LOWPAN_GHC_EXT_HDR_DEST 6LOWPAN_GHC_EXT_HDR_FRAG 6LOWPAN_GHC_EXT_HDR_HOP 6LOWPAN_GHC_EXT_HDR_ROUTE 6LOWPAN_GHC_ICMPV6 6LOWPAN_GHC_UDP 6LOWPAN_NHC 6LOWPAN_NHC_DEST 6LOWPAN_NHC_FRAGMENT 6LOWPAN_NHC_HOP 6LOWPAN_NHC_IPV6 6LOWPAN_NHC_MOBILITY 6LOWPAN_NHC_ROUTING 6LOWPAN_NHC_UDP 6PACK 842_COMPRESS 842_DECOMPRESS 9P_FSCACHE 9P_FS_POSIX_ACL 9P_FS_SECURITY ACORN_PARTITION ACORN_PARTITION_ADFS ACORN_PARTITION_CUMANA ACORN_PARTITION_EESOX ACORN_PARTITION_ICS ACORN_PARTITION_POWERTEC ACORN_PARTITION_RISCIX ACPI_MRRM ACPI_NFIT ACPI_NHLT ACPI_PLATFORM_PROFILE ADFS_FS AFFS_FS AFS_FS AFS_FSCACHE AF_KCM AF_RXRPC AF_RXRPC_IPV6 AIX_PARTITION AMD_SFH_HID AMIGA_PARTITION ANDROID_BINDERFS ANDROID_BINDER_IPC ANON_VMA_NAME APERTURE_HELPERS APPLE_MFI_FASTCHARGE AR5523 ARCH_ENABLE_MEMORY_HOTREMOVE ARCH_ENABLE_THP_MIGRATION ARCH_HAS_USER_SHADOW_STACK ARCH_SUPPORTS_HUGE_PFNMAP ARCH_SUPPORTS_PMD_PFNMAP ARCH_SUPPORTS_PUD_PFNMAP ARCH_WANT_PMD_MKWRITE ASM_MODVERSIONS ASUS_TF103C_DOCK ASYNC_CORE ASYNC_MEMCPY ASYNC_PQ ASYNC_RAID6_RECOV ASYNC_TX_DMA ASYNC_XOR ATARI_PARTITION ATA_GENERIC ATA_OVER_ETH ATH10K ATH10K_CE ATH10K_LEDS ATH10K_PCI ATH10K_USB ATH11K ATH6KL ATH6KL_USB ATH9K ATH9K_AHB ATH9K_BTCOEX_SUPPORT ATH9K_CHANNEL_CONTEXT ATH9K_COMMON ATH9K_COMMON_DEBUG ATH9K_COMMON_SPECTRAL ATH9K_DEBUGFS ATH9K_DYNACK ATH9K_HTC ATH9K_HTC_DEBUGFS ATH9K_HW ATH9K_PCI ATH9K_PCOEM ATH9K_RFKILL ATH_COMMON ATM ATM_BR2684 ATM_CLIP ATM_DRIVERS ATM_LANE ATM_MPOA ATM_TCP AUXILIARY_BUS AX25 AX25_DAMA_SLAVE AX88796B_PHY BAREUDP BATMAN_ADV BATMAN_ADV_BATMAN_V BATMAN_ADV_BLA BATMAN_ADV_DAT BATMAN_ADV_MCAST BATMAN_ADV_NC BCACHE BCACHEFS_DEBUG BCACHEFS_ERASURE_CODING BCACHEFS_FS BCACHEFS_POSIX_ACL BCACHEFS_QUOTA BCACHEFS_SIX_OPTIMISTIC_SPIN BCMA BCMA_HOST_PCI_POSSIBLE BEFS_FS BFQ_CGROUP_DEBUG BFQ_GROUP_IOSCHED BFS_FS BIG_KEYS BLK_CGROUP_PUNT_BIO BLK_CGROUP_RWSTAT BLK_DEV_BSGLIB BLK_DEV_INTEGRITY BLK_DEV_NBD BLK_DEV_NULL_BLK BLK_DEV_NULL_BLK_FAULT_INJECTION BLK_DEV_NVME BLK_DEV_PMEM BLK_DEV_RAM BLK_DEV_RNBD BLK_DEV_RNBD_CLIENT BLK_DEV_THROTTLING BLK_DEV_ZONED BLK_ICQ BLK_INLINE_ENCRYPTION BLK_INLINE_ENCRYPTION_FALLBACK BLK_WBT BLK_WBT_MQ BONDING BOOT_VESA_SUPPORT BPF_EVENTS BPF_JIT BPF_JIT_ALWAYS_ON BPF_JIT_DEFAULT_ON BPF_LSM BPF_PRELOAD BPF_PRELOAD_UMD BPF_STREAM_PARSER BPF_SYSCALL BPQETHER BRIDGE BRIDGE_CFM BRIDGE_EBT_802_3 BRIDGE_EBT_AMONG BRIDGE_EBT_ARP BRIDGE_EBT_ARPREPLY BRIDGE_EBT_BROUTE BRIDGE_EBT_DNAT BRIDGE_EBT_IP BRIDGE_EBT_IP6 BRIDGE_EBT_LIMIT BRIDGE_EBT_LOG BRIDGE_EBT_MARK BRIDGE_EBT_MARK_T BRIDGE_EBT_NFLOG BRIDGE_EBT_PKTTYPE BRIDGE_EBT_REDIRECT BRIDGE_EBT_SNAT BRIDGE_EBT_STP BRIDGE_EBT_T_FILTER BRIDGE_EBT_T_NAT BRIDGE_EBT_VLAN BRIDGE_IGMP_SNOOPING BRIDGE_MRP BRIDGE_NF_EBTABLES BRIDGE_NF_EBTABLES_LEGACY BRIDGE_VLAN_FILTERING BSD_DISKLABEL BSD_PROCESS_ACCT_V3 BT BTRFS_ASSERT BTRFS_FS BTRFS_FS_POSIX_ACL BTRFS_FS_REF_VERIFY BTT BT_6LOWPAN BT_ATH3K BT_BCM BT_BNEP BT_BNEP_MC_FILTER BT_BNEP_PROTO_FILTER BT_BREDR BT_HCIBCM203X BT_HCIBFUSB BT_HCIBPA10X BT_HCIBTUSB BT_HCIBTUSB_AUTOSUSPEND BT_HCIBTUSB_BCM BT_HCIBTUSB_MTK BT_HCIBTUSB_POLL_SYNC BT_HCIBTUSB_RTL BT_HCIUART BT_HCIUART_3WIRE BT_HCIUART_AG6XX BT_HCIUART_BCSP BT_HCIUART_H4 BT_HCIUART_LL BT_HCIUART_MRVL BT_HCIUART_QCA BT_HCIUART_SERDEV BT_HCIVHCI BT_INTEL BT_LE BT_LEDS BT_LE_L2CAP_ECRED BT_MRVL BT_MRVL_SDIO BT_MSFTEXT BT_MTK BT_MTKSDIO BT_MTKUART BT_QCA BT_RFCOMM BT_RFCOMM_TTY BT_RTL CACHEFILES CAIF CAIF_DEBUG CAIF_DRIVERS CAIF_NETDEV CAIF_TTY CAIF_USB CAIF_VIRTIO CAN CAN_8DEV_USB CAN_BCM CAN_CALC_BITTIMING CAN_DEV CAN_EMS_USB CAN_ESD_USB CAN_ETAS_ES58X CAN_F81604 CAN_GS_USB CAN_GW CAN_IFI_CANFD CAN_ISOTP CAN_J1939 CAN_KVASER_USB CAN_MCBA_USB CAN_NETLINK CAN_PEAK_USB CAN_RAW CAN_RX_OFFLOAD CAN_SLCAN CAN_UCAN CAN_VCAN CAN_VXCAN CARL9170 CARL9170_HWRNG CARL9170_LEDS CARL9170_WPC CEC_CORE CEPH_FS CEPH_FSCACHE CEPH_FS_POSIX_ACL CEPH_LIB CEPH_LIB_USE_DNS_RESOLVER CFG80211 CFG80211_CRDA_SUPPORT CFG80211_DEBUGFS CFG80211_DEFAULT_PS CFG80211_REQUIRE_SIGNED_REGDB CFG80211_USE_KERNEL_REGDB_KEYS CFG80211_WEXT CFS_BANDWIDTH CGROUP_BPF CHARGER_ISP1704 CHR_DEV_ST CIFS CIFS_ALLOW_INSECURE_LEGACY CIFS_DEBUG CIFS_DFS_UPCALL CIFS_FSCACHE CIFS_POSIX CIFS_SMB_DIRECT CIFS_SWN_UPCALL CIFS_UPCALL CIFS_XATTR CLOSURES CLS_U32_MARK CLS_U32_PERF CMA CMA_SIZE_SEL_MAX CMDLINE_PARTITION COMEDI COMEDI_DT9812 COMEDI_NI_USB6501 COMEDI_USBDUX COMEDI_USBDUXFAST COMEDI_USBDUXSIGMA COMEDI_USB_DRIVERS COMEDI_VMK80XX COMPAT_NETLINK_MESSAGES COUNTER CRAMFS CRAMFS_BLOCKDEV CRAMFS_MTD CRC64 CRC64_ARCH CRC8 CRC_CCITT CRC_ITU_T CRC_T10DIF CRC_T10DIF_ARCH CRYPTO_842 CRYPTO_ADIANTUM CRYPTO_AEGIS128 CRYPTO_AEGIS128_AESNI_SSE2 CRYPTO_AES_NI_INTEL CRYPTO_AES_TI CRYPTO_ANSI_CPRNG CRYPTO_ANUBIS CRYPTO_ARC4 CRYPTO_ARCH_HAVE_LIB_BLAKE2S CRYPTO_ARCH_HAVE_LIB_CHACHA CRYPTO_ARCH_HAVE_LIB_CURVE25519 CRYPTO_ARCH_HAVE_LIB_POLY1305 CRYPTO_ARCH_HAVE_LIB_SHA256 CRYPTO_ARCH_HAVE_LIB_SHA256_SIMD CRYPTO_ARIA CRYPTO_ARIA_AESNI_AVX_X86_64 CRYPTO_BLAKE2B CRYPTO_BLAKE2S_X86 CRYPTO_BLOWFISH CRYPTO_BLOWFISH_COMMON CRYPTO_BLOWFISH_X86_64 CRYPTO_CAMELLIA CRYPTO_CAMELLIA_AESNI_AVX2_X86_64 CRYPTO_CAMELLIA_AESNI_AVX_X86_64 CRYPTO_CAMELLIA_X86_64 CRYPTO_CAST5 CRYPTO_CAST5_AVX_X86_64 CRYPTO_CAST6 CRYPTO_CAST6_AVX_X86_64 CRYPTO_CAST_COMMON CRYPTO_CHACHA20 CRYPTO_CHACHA20POLY1305 CRYPTO_CHACHA20_X86_64 CRYPTO_CRC32C CRYPTO_CRYPTD CRYPTO_CTS CRYPTO_CURVE25519 CRYPTO_CURVE25519_X86 CRYPTO_DEFLATE CRYPTO_DES CRYPTO_DES3_EDE_X86_64 CRYPTO_DEV_CCP CRYPTO_DEV_CCP_DD CRYPTO_DEV_PADLOCK CRYPTO_DEV_PADLOCK_AES CRYPTO_DEV_PADLOCK_SHA CRYPTO_DEV_QAT CRYPTO_DEV_QAT_C3XXX CRYPTO_DEV_QAT_C3XXXVF CRYPTO_DEV_QAT_C62X CRYPTO_DEV_QAT_C62XVF CRYPTO_DEV_QAT_DH895xCC CRYPTO_DEV_QAT_DH895xCCVF CRYPTO_DEV_VIRTIO CRYPTO_DH CRYPTO_DRBG_CTR CRYPTO_DRBG_HASH CRYPTO_ECDH CRYPTO_ECRDSA CRYPTO_ENGINE CRYPTO_ESSIV CRYPTO_FCRYPT CRYPTO_GHASH_CLMUL_NI_INTEL CRYPTO_HCTR2 CRYPTO_HKDF CRYPTO_KDF800108_CTR CRYPTO_KHAZAD CRYPTO_KPP CRYPTO_KRB5 CRYPTO_KRB5ENC CRYPTO_LIB_ARC4 CRYPTO_LIB_CHACHA CRYPTO_LIB_CHACHA20POLY1305 CRYPTO_LIB_CHACHA_GENERIC CRYPTO_LIB_CURVE25519 CRYPTO_LIB_CURVE25519_GENERIC CRYPTO_LIB_CURVE25519_INTERNAL CRYPTO_LIB_DES CRYPTO_LIB_POLY1305 CRYPTO_LIB_POLY1305_GENERIC CRYPTO_LIB_SHA256_GENERIC CRYPTO_LIB_SM3 CRYPTO_LRW CRYPTO_LZ4 CRYPTO_LZ4HC CRYPTO_MICHAEL_MIC CRYPTO_NHPOLY1305 CRYPTO_NHPOLY1305_AVX2 CRYPTO_NHPOLY1305_SSE2 CRYPTO_PCBC CRYPTO_PCRYPT CRYPTO_POLY1305_X86_64 CRYPTO_POLYVAL CRYPTO_POLYVAL_CLMUL_NI CRYPTO_RMD160 CRYPTO_SEED CRYPTO_SERPENT CRYPTO_SERPENT_AVX2_X86_64 CRYPTO_SERPENT_AVX_X86_64 CRYPTO_SERPENT_SSE2_X86_64 CRYPTO_SHA1_SSSE3 CRYPTO_SHA256_X86_64 CRYPTO_SHA512_SSSE3 CRYPTO_SM3_AVX_X86_64 CRYPTO_SM4 CRYPTO_SM4_AESNI_AVX2_X86_64 CRYPTO_SM4_AESNI_AVX_X86_64 CRYPTO_SM4_GENERIC CRYPTO_STREEBOG CRYPTO_TEA CRYPTO_TWOFISH CRYPTO_TWOFISH_AVX_X86_64 CRYPTO_TWOFISH_COMMON CRYPTO_TWOFISH_X86_64 CRYPTO_TWOFISH_X86_64_3WAY CRYPTO_USER CRYPTO_USER_API CRYPTO_USER_API_AEAD CRYPTO_USER_API_ENABLE_OBSOLETE CRYPTO_USER_API_HASH CRYPTO_USER_API_RNG CRYPTO_USER_API_SKCIPHER CRYPTO_WP512 CRYPTO_XCBC CRYPTO_XCTR CRYPTO_XTS CRYPTO_XXHASH CRYPTO_ZSTD CUSE CYPRESS_FIRMWARE DAMON DAMON_PADDR DAMON_RECLAIM DAMON_VADDR DAX DCA DCB DEBUG_VFS DEFAULT_CODEL DEVICE_MIGRATION DEVICE_PRIVATE DEV_COREDUMP DEV_DAX DLN2_ADC DMABUF_HEAPS DMABUF_HEAPS_CMA DMABUF_HEAPS_SYSTEM DMABUF_MOVE_NOTIFY DMA_CMA DMA_ENGINE_RAID DM_AUDIT DM_BIO_PRISON DM_BUFIO DM_CACHE DM_CACHE_SMQ DM_CLONE DM_CRYPT DM_FLAKEY DM_INTEGRITY DM_MULTIPATH DM_MULTIPATH_QL DM_MULTIPATH_ST DM_PERSISTENT_DATA DM_RAID DM_SNAPSHOT DM_THIN_PROVISIONING DM_UEVENT DM_VERITY DM_VERITY_FEC DM_WRITECACHE DM_ZONED DRAGONRISE_FF DRM DRM_AUX_BRIDGE DRM_BOCHS DRM_BRIDGE DRM_BUDDY DRM_CIRRUS_QEMU DRM_CLIENT DRM_CLIENT_DEFAULT_FBDEV DRM_CLIENT_LIB DRM_CLIENT_SELECTION DRM_CLIENT_SETUP DRM_DEBUG_MM DRM_DISPLAY_DP_AUX_BUS DRM_DISPLAY_DP_HELPER DRM_DISPLAY_HELPER DRM_FBDEV_EMULATION ENCRYPTED_KEYS FSCACHE FUSE_FS GPIOLIB HAMRADIO HID_DRAGONRISE IIO INFINIBAND INFINIBAND_ADDR_TRANS INFINIBAND_RTRS_CLIENT IOSCHED_BFQ LIBNVDIMM MAC80211 MAC80211_DEBUGFS MAC80211_LEDS MEDIA_SUPPORT MEMORY_HOTPLUG MEMORY_HOTREMOVE MFD_DLN2 MMC MTD NET_CLS_U32 NET_SCH_DEFAULT PARTITION_ADVANCED RFKILL SERIAL_DEV_BUS TLS TLS_DEVICE TRANSPARENT_HUGEPAGE TRUSTED_KEYS USB_GADGET USB_PHY VLAN_8021Q WANT_COMPAT_NETLINK_MESSAGES WEXT_CORE WIRELESS WLAN WLAN_VENDOR_ATH ZONE_DEVICE] disabling configs for [UBSAN BUG LOCKDEP ATOMIC_SLEEP HANG LEAK], they are not needed picked [v6.15 v6.14 v6.13 v6.11 v6.9 v6.7 v6.5 v6.3 v6.0 v5.17 v5.14 v5.11 v5.8 v5.5 v5.2 v4.20 v4.19] out of 38 release tags testing release v6.15 testing commit 0ff41df1cb268fc69e703a08a57ee14ae967d0ca gcc compiler: Debian clang version 20.1.6 (++20250514063057+1e4d39e07757-1~exp1~20250514183223.118), Debian LLD 20.1.6 kernel signature: 51f9ab857d97914112df1a93e2959ff1013b93f4dfe8759171a8545f84e561d1 all runs: OK false negative chance: 0.000 # git bisect start b27cc623e01be9de1580eaa913508b237a7a9673 0ff41df1cb268fc69e703a08a57ee14ae967d0ca Bisecting: 7428 revisions left to test after this (roughly 13 steps) [1b98f357dadd6ea613a435fbaef1a5dd7b35fd21] Merge tag 'net-next-6.16' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next testing commit 1b98f357dadd6ea613a435fbaef1a5dd7b35fd21 gcc compiler: Debian clang version 20.1.6 (++20250514063057+1e4d39e07757-1~exp1~20250514183223.118), Debian LLD 20.1.6 kernel signature: 1d6629b1e0b9e994b8efc56dd8c839403db6f38d67468bbb2bb8fb40266a87f9 all runs: OK false negative chance: 0.000 # git bisect good 1b98f357dadd6ea613a435fbaef1a5dd7b35fd21 Bisecting: 3719 revisions left to test after this (roughly 12 steps) [1486a0d1733a4b5d003d99b695916c9859add36a] Merge branch 'for-6.17' into for-next testing commit 1486a0d1733a4b5d003d99b695916c9859add36a gcc compiler: Debian clang version 20.1.6 (++20250514063057+1e4d39e07757-1~exp1~20250514183223.118), Debian LLD 20.1.6 kernel signature: 31392aaf2ad99c0532ebf941b2b39a2eef8f38eff58ebf6eb61c74873459f105 all runs: OK false negative chance: 0.000 # git bisect good 1486a0d1733a4b5d003d99b695916c9859add36a Bisecting: 1849 revisions left to test after this (roughly 11 steps) [c26f4fbd58375bd6ef74f95eb73d61762ad97c59] Merge tag 'char-misc-6.16-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc testing commit c26f4fbd58375bd6ef74f95eb73d61762ad97c59 gcc compiler: Debian clang version 20.1.6 (++20250514063057+1e4d39e07757-1~exp1~20250514183223.118), Debian LLD 20.1.6 kernel signature: a6b4d32aa0e61b5eaeb65571857927634a6315958d2c9ac956141e963ad046fc run #0: infra problem: &{Code:ZONE_RESOURCE_POOL_EXHAUSTED_WITH_DETAILS ErrorDetails:[0xc00873a280 0xc00873a410 0xc00873a4b0] Location: Message:The zone 'projects/syzkaller/zones/us-central1-c' does not have enough resources available to fulfill the request. '(resource type:compute)'. ForceSendFields:[] NullFields:[]} run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK false negative chance: 0.000 # git bisect good c26f4fbd58375bd6ef74f95eb73d61762ad97c59 Bisecting: 921 revisions left to test after this (roughly 10 steps) [2118f6daccbaac3ccbfedb25bf4ac1a467ee1203] Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/mmind/linux-rockchip.git testing commit 2118f6daccbaac3ccbfedb25bf4ac1a467ee1203 gcc compiler: Debian clang version 20.1.6 (++20250514063057+1e4d39e07757-1~exp1~20250514183223.118), Debian LLD 20.1.6 kernel signature: 0628738e4964070e63216a79cf0ca627915413ee0535c77fe07896992bf0ea79 all runs: OK false negative chance: 0.000 # git bisect good 2118f6daccbaac3ccbfedb25bf4ac1a467ee1203 Bisecting: 467 revisions left to test after this (roughly 9 steps) [cdaad016491d7631ae08ead5515e25277b3355a4] Merge branch 'for-linux-next' of https://gitlab.freedesktop.org/drm/i915/kernel testing commit cdaad016491d7631ae08ead5515e25277b3355a4 gcc compiler: Debian clang version 20.1.6 (++20250514063057+1e4d39e07757-1~exp1~20250514183223.118), Debian LLD 20.1.6 kernel signature: ccb80457808395aceeb57a716bd7ed8d17188e22b6bab5bf24816cfdbbb6084a run #0: infra problem: &{Code:ZONE_RESOURCE_POOL_EXHAUSTED_WITH_DETAILS ErrorDetails:[0xc0087e2370 0xc0087e2460 0xc0087e2500] Location: Message:The zone 'projects/syzkaller/zones/us-central1-c' does not have enough resources available to fulfill the request. '(resource type:compute)'. ForceSendFields:[] NullFields:[]} run #1: crashed: KASAN: slab-out-of-bounds Read in bch2_sb_members_v1_to_text run #2: crashed: KASAN: slab-out-of-bounds Read in bch2_sb_members_v1_to_text run #3: crashed: KASAN: slab-out-of-bounds Read in bch2_sb_members_v1_to_text run #4: crashed: KASAN: slab-out-of-bounds Read in bch2_sb_members_v1_to_text run #5: crashed: KASAN: slab-out-of-bounds Read in bch2_sb_members_v1_to_text run #6: crashed: KASAN: slab-out-of-bounds Read in bch2_sb_members_v1_to_text run #7: crashed: KASAN: slab-out-of-bounds Read in bch2_sb_members_v1_to_text run #8: crashed: KASAN: slab-out-of-bounds Read in bch2_sb_members_v1_to_text run #9: crashed: KASAN: slab-out-of-bounds Read in bch2_sb_members_v1_to_text representative crash: KASAN: slab-out-of-bounds Read in bch2_sb_members_v1_to_text, types: [KASAN] # git bisect bad cdaad016491d7631ae08ead5515e25277b3355a4 Bisecting: 238 revisions left to test after this (roughly 8 steps) [3fd7ed82d5c1bea43b9517a5a3cb74d8d156ab90] Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/hid/hid.git testing commit 3fd7ed82d5c1bea43b9517a5a3cb74d8d156ab90 gcc compiler: Debian clang version 20.1.6 (++20250514063057+1e4d39e07757-1~exp1~20250514183223.118), Debian LLD 20.1.6 kernel signature: 3c8d8f8917d1ab57b8b471624707da7a3d662f64d085e0bdfbb5105a5630a163 run #0: infra problem: &{Code:ZONE_RESOURCE_POOL_EXHAUSTED_WITH_DETAILS ErrorDetails:[0xc00873aaf0 0xc00873ac80 0xc00873ad70] Location: Message:The zone 'projects/syzkaller/zones/us-central1-c' does not have enough resources available to fulfill the request. '(resource type:compute)'. ForceSendFields:[] NullFields:[]} run #1: infra problem: &{Code:ZONE_RESOURCE_POOL_EXHAUSTED_WITH_DETAILS ErrorDetails:[0xc0087e3540 0xc0087e3630 0xc0087e36d0] Location: Message:The zone 'projects/syzkaller/zones/us-central1-c' does not have enough resources available to fulfill the request. '(resource type:compute)'. ForceSendFields:[] NullFields:[]} run #2: crashed: KASAN: slab-out-of-bounds Read in bch2_sb_members_v1_to_text run #3: crashed: KASAN: slab-out-of-bounds Read in bch2_sb_members_v1_to_text run #4: crashed: KASAN: slab-out-of-bounds Read in bch2_sb_members_v1_to_text run #5: crashed: KASAN: slab-out-of-bounds Read in bch2_sb_members_v1_to_text run #6: crashed: KASAN: slab-out-of-bounds Read in bch2_sb_members_v1_to_text run #7: crashed: KASAN: slab-out-of-bounds Read in bch2_sb_members_v1_to_text run #8: crashed: KASAN: slab-out-of-bounds Read in bch2_sb_members_v1_to_text run #9: crashed: KASAN: slab-out-of-bounds Read in bch2_sb_members_v1_to_text representative crash: KASAN: slab-out-of-bounds Read in bch2_sb_members_v1_to_text, types: [KASAN] # git bisect bad 3fd7ed82d5c1bea43b9517a5a3cb74d8d156ab90 Bisecting: 90 revisions left to test after this (roughly 7 steps) [9948fb66ad37307baa10c95fe2e9f3260c85d4b4] Merge branch 'fs-next' of linux-next testing commit 9948fb66ad37307baa10c95fe2e9f3260c85d4b4 gcc compiler: Debian clang version 20.1.6 (++20250514063057+1e4d39e07757-1~exp1~20250514183223.118), Debian LLD 20.1.6 kernel signature: dbcad3db094fff12a6585f38f21f4c746dbcb845af3ec8a536ed4765026baed5 all runs: crashed: KASAN: slab-out-of-bounds Read in bch2_sb_members_v1_to_text representative crash: KASAN: slab-out-of-bounds Read in bch2_sb_members_v1_to_text, types: [KASAN] # git bisect bad 9948fb66ad37307baa10c95fe2e9f3260c85d4b4 Bisecting: 61 revisions left to test after this (roughly 6 steps) [79afff47c31e2c4c91fe3ed0028cd9e67cbfab20] Merge branch 'xtensa-for-next' of git://github.com/jcmvbkbc/linux-xtensa.git testing commit 79afff47c31e2c4c91fe3ed0028cd9e67cbfab20 gcc compiler: Debian clang version 20.1.6 (++20250514063057+1e4d39e07757-1~exp1~20250514183223.118), Debian LLD 20.1.6 kernel signature: 21194e2bf14cd595ae647c391b9a5f7b5d5454b509fa9d6a965f588daa8eef8d all runs: OK false negative chance: 0.000 # git bisect good 79afff47c31e2c4c91fe3ed0028cd9e67cbfab20 Bisecting: 29 revisions left to test after this (roughly 5 steps) [4d22e676ae238630cd17efcca935136798ce7d79] Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/tyhicks/ecryptfs.git testing commit 4d22e676ae238630cd17efcca935136798ce7d79 gcc compiler: Debian clang version 20.1.6 (++20250514063057+1e4d39e07757-1~exp1~20250514183223.118), Debian LLD 20.1.6 kernel signature: 18305a310b1e8c3f1c7a889c9c9e12f168adeefd7e920bf34fec9cd5a17e1466 all runs: crashed: KASAN: slab-out-of-bounds Read in bch2_sb_members_v1_to_text representative crash: KASAN: slab-out-of-bounds Read in bch2_sb_members_v1_to_text, types: [KASAN] # git bisect bad 4d22e676ae238630cd17efcca935136798ce7d79 Bisecting: 15 revisions left to test after this (roughly 4 steps) [9ff0d4b854343d4df14fb7048113f4d6a13decf3] bcachefs: Fix rcu_pending for PREEMPT_RT testing commit 9ff0d4b854343d4df14fb7048113f4d6a13decf3 gcc compiler: Debian clang version 20.1.6 (++20250514063057+1e4d39e07757-1~exp1~20250514183223.118), Debian LLD 20.1.6 kernel signature: 9908fbdd92544b862e4cc4be515b9427cbb8c955e87425f1f1335651a58b337a all runs: crashed: KASAN: slab-out-of-bounds Read in bch2_sb_members_v1_to_text representative crash: KASAN: slab-out-of-bounds Read in bch2_sb_members_v1_to_text, types: [KASAN] # git bisect bad 9ff0d4b854343d4df14fb7048113f4d6a13decf3 Bisecting: 7 revisions left to test after this (roughly 3 steps) [dcdbdde2414e0c71f05f2184ff33878cc2554da3] bcachefs: Read error message now prints if self healing testing commit dcdbdde2414e0c71f05f2184ff33878cc2554da3 gcc compiler: Debian clang version 20.1.6 (++20250514063057+1e4d39e07757-1~exp1~20250514183223.118), Debian LLD 20.1.6 kernel signature: 8782dc1bc0cfe0c15433c4713d304b3f715465e9abe2d2e51a2f56cf21484f0b all runs: OK false negative chance: 0.000 # git bisect good dcdbdde2414e0c71f05f2184ff33878cc2554da3 Bisecting: 3 revisions left to test after this (roughly 2 steps) [a5d36cc5a52a276c434fe5fb63d34dc486b3638e] bcachefs: Make sure opts.read_only gets propagated back to VFS testing commit a5d36cc5a52a276c434fe5fb63d34dc486b3638e gcc compiler: Debian clang version 20.1.6 (++20250514063057+1e4d39e07757-1~exp1~20250514183223.118), Debian LLD 20.1.6 kernel signature: 342d57e2f5bf91a9c3c6a2cfee804eea97b446c5d20cfaeca4bbc21a2102a378 all runs: OK false negative chance: 0.000 # git bisect good a5d36cc5a52a276c434fe5fb63d34dc486b3638e Bisecting: 1 revision left to test after this (roughly 1 step) [504780cb0c29e826f99530a28bbbce4ec444d431] bcachefs: Don't put rhashtable on stack testing commit 504780cb0c29e826f99530a28bbbce4ec444d431 gcc compiler: Debian clang version 20.1.6 (++20250514063057+1e4d39e07757-1~exp1~20250514183223.118), Debian LLD 20.1.6 kernel signature: ef362a5bbc9d830ca60c82819883cf4f9b4dada6f7f307acf1160fca6bfeb676 all runs: crashed: KASAN: slab-out-of-bounds Read in bch2_sb_members_v1_to_text representative crash: KASAN: slab-out-of-bounds Read in bch2_sb_members_v1_to_text, types: [KASAN] # git bisect bad 504780cb0c29e826f99530a28bbbce4ec444d431 Bisecting: 0 revisions left to test after this (roughly 0 steps) [c5ae261c8095a37174e17eb13c5485cbd1b3bb20] bcachefs: Don't trust sb->nr_devices in members_to_text() testing commit c5ae261c8095a37174e17eb13c5485cbd1b3bb20 gcc compiler: Debian clang version 20.1.6 (++20250514063057+1e4d39e07757-1~exp1~20250514183223.118), Debian LLD 20.1.6 kernel signature: f0c325bcb1431aa3873d3f027c592d1ce185c8e9a37cc64f697aacfbe7b276ab run #0: crashed: KASAN: slab-out-of-bounds Read in bch2_sb_members_v1_to_text run #1: crashed: KASAN: slab-out-of-bounds Read in bch2_sb_members_v1_to_text run #2: crashed: KASAN: slab-out-of-bounds Read in bch2_sb_members_v1_to_text run #3: crashed: KASAN: slab-out-of-bounds Read in bch2_sb_members_v1_to_text run #4: crashed: KASAN: slab-out-of-bounds Read in bch2_sb_members_v1_to_text run #5: crashed: KASAN: slab-out-of-bounds Read in bch2_sb_members_v1_to_text run #6: crashed: KASAN: slab-out-of-bounds Read in bch2_sb_members_v1_to_text run #7: infra problem: create instance operation failed: &{Code:INTERNAL_ERROR ErrorDetails:[] Location: Message:Internal error. Please try again or contact Google Support. (Code: '-3487137558158268710') ForceSendFields:[] NullFields:[]}. run #8: infra problem: create instance operation failed: &{Code:INTERNAL_ERROR ErrorDetails:[] Location: Message:Internal error. Please try again or contact Google Support. (Code: '2289668650253677262') ForceSendFields:[] NullFields:[]}. run #9: crashed: KASAN: slab-out-of-bounds Read in bch2_sb_members_v1_to_text representative crash: KASAN: slab-out-of-bounds Read in bch2_sb_members_v1_to_text, types: [KASAN] # git bisect bad c5ae261c8095a37174e17eb13c5485cbd1b3bb20 c5ae261c8095a37174e17eb13c5485cbd1b3bb20 is the first bad commit commit c5ae261c8095a37174e17eb13c5485cbd1b3bb20 Author: Kent Overstreet Date: Sun Jun 8 11:31:23 2025 -0400 bcachefs: Don't trust sb->nr_devices in members_to_text() We have to be able to print superblock sections even if they fail to validate (for debugging), so we have to calculate the number of entries from the field size. Reported-by: syzbot+5138f00559ffb3cb3610@syzkaller.appspotmail.com Signed-off-by: Kent Overstreet fs/bcachefs/sb-members.c | 19 +++++++++++++++---- 1 file changed, 15 insertions(+), 4 deletions(-) accumulated error probability: 0.00 culprit signature: f0c325bcb1431aa3873d3f027c592d1ce185c8e9a37cc64f697aacfbe7b276ab parent signature: 342d57e2f5bf91a9c3c6a2cfee804eea97b446c5d20cfaeca4bbc21a2102a378 revisions tested: 22, total time: 8h41m58.047450744s (build: 5h3m15.259116382s, test: 3h1m0.46927566s) first bad commit: c5ae261c8095a37174e17eb13c5485cbd1b3bb20 bcachefs: Don't trust sb->nr_devices in members_to_text() recipients (to): ["kent.overstreet@linux.dev" "kent.overstreet@linux.dev" "linux-bcachefs@vger.kernel.org"] recipients (cc): ["linux-kernel@vger.kernel.org"] crash: KASAN: slab-out-of-bounds Read in bch2_sb_members_v1_to_text WARNING: The mand mount option has been deprecated and and is ignored by this kernel. Remove the mand option from the mount to silence this warning. ======================================================= ================================================================== BUG: KASAN: slab-out-of-bounds in members_v1_get fs/bcachefs/sb-members.c:81 [inline] BUG: KASAN: slab-out-of-bounds in bch2_sb_members_v1_to_text+0x17e/0x270 fs/bcachefs/sb-members.c:334 Read of size 56 at addr ffff88810fe85fd8 by task syz.2.16/3368 CPU: 1 UID: 0 PID: 3368 Comm: syz.2.16 Not tainted 6.15.0-rc4-syzkaller #0 PREEMPT(undef) Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 Call Trace: dump_stack_lvl+0xf4/0x170 lib/dump_stack.c:120 print_address_description mm/kasan/report.c:408 [inline] print_report+0xb4/0x290 mm/kasan/report.c:521 kasan_report+0x118/0x150 mm/kasan/report.c:634 check_region_inline mm/kasan/generic.c:-1 [inline] kasan_check_range+0x29a/0x2b0 mm/kasan/generic.c:189 __asan_memcpy+0x29/0x70 mm/kasan/shadow.c:105 members_v1_get fs/bcachefs/sb-members.c:81 [inline] bch2_sb_members_v1_to_text+0x17e/0x270 fs/bcachefs/sb-members.c:334 bch2_sb_field_validate+0x17c/0x210 fs/bcachefs/super-io.c:1380 bch2_sb_validate+0xf8d/0x1400 fs/bcachefs/super-io.c:552 __bch2_read_super+0xb38/0xd10 fs/bcachefs/super-io.c:925 bch2_fs_open+0x1e5/0x860 fs/bcachefs/super.c:2383 bch2_fs_get_tree+0x400/0x1270 fs/bcachefs/fs.c:2473 vfs_get_tree+0x84/0x1a0 fs/super.c:1759 do_new_mount+0x1c7/0x850 fs/namespace.c:3884 do_mount fs/namespace.c:4224 [inline] __do_sys_mount fs/namespace.c:4435 [inline] __se_sys_mount+0x218/0x2b0 fs/namespace.c:4412 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0x8f/0x170 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f9fe1f900ca Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f9fe2d9fe68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 RAX: ffffffffffffffda RBX: 00007f9fe2d9fef0 RCX: 00007f9fe1f900ca RDX: 00002000000003c0 RSI: 0000200000000080 RDI: 00007f9fe2d9feb0 RBP: 00002000000003c0 R08: 00007f9fe2d9fef0 R09: 0000000000808040 R10: 0000000000808040 R11: 0000000000000246 R12: 0000200000000080 R13: 00007f9fe2d9feb0 R14: 0000000000005934 R15: 0000200000000400 Allocated by task 3368: kasan_save_stack mm/kasan/common.c:47 [inline] kasan_save_track+0x3e/0x80 mm/kasan/common.c:68 poison_kmalloc_redzone mm/kasan/common.c:377 [inline] __kasan_kmalloc+0x93/0xb0 mm/kasan/common.c:394 kasan_kmalloc include/linux/kasan.h:260 [inline] __do_kmalloc_node mm/slub.c:4341 [inline] __kmalloc_node_track_caller_noprof+0x25f/0x4f0 mm/slub.c:4360 __do_krealloc mm/slub.c:4918 [inline] krealloc_noprof+0x122/0x300 mm/slub.c:4971 bch2_sb_realloc+0x22d/0x4c0 fs/bcachefs/super-io.c:222 read_one_super+0x36c/0x1450 fs/bcachefs/super-io.c:759 __bch2_read_super+0x65f/0xd10 fs/bcachefs/super-io.c:851 bch2_fs_open+0x1e5/0x860 fs/bcachefs/super.c:2383 bch2_fs_get_tree+0x400/0x1270 fs/bcachefs/fs.c:2473 vfs_get_tree+0x84/0x1a0 fs/super.c:1759 do_new_mount+0x1c7/0x850 fs/namespace.c:3884 do_mount fs/namespace.c:4224 [inline] __do_sys_mount fs/namespace.c:4435 [inline] __se_sys_mount+0x218/0x2b0 fs/namespace.c:4412 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0x8f/0x170 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f The buggy address belongs to the object at ffff88810fe84000 which belongs to the cache kmalloc-8k of size 8192 The buggy address is located 8152 bytes inside of allocated 8192-byte region [ffff88810fe84000, ffff88810fe86000) The buggy address belongs to the physical page: page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10fe80 head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 flags: 0x100000000000040(head|node=0|zone=2) page_type: f5(slab) raw: 0100000000000040 ffff888100042280 dead000000000100 dead000000000122 raw: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000 head: 0100000000000040 ffff888100042280 dead000000000100 dead000000000122 head: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000 head: 0100000000000003 ffffea00043fa001 00000000ffffffff 00000000ffffffff head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 page dumped because: kasan: bad access detected page_owner tracks the page as allocated page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 3346652939, free_ts 0 set_page_owner include/linux/page_owner.h:32 [inline] post_alloc_hook+0xec/0x120 mm/page_alloc.c:1718 prep_new_page mm/page_alloc.c:1726 [inline] get_page_from_freelist+0x3c07/0x3d60 mm/page_alloc.c:3688 __alloc_frozen_pages_noprof+0x26b/0x460 mm/page_alloc.c:4970 alloc_pages_mpol+0x150/0x320 mm/mempolicy.c:2301 alloc_slab_page mm/slub.c:2468 [inline] allocate_slab+0x8a/0x350 mm/slub.c:2632 new_slab mm/slub.c:2686 [inline] ___slab_alloc+0x9dc/0x10e0 mm/slub.c:3872 __slab_alloc mm/slub.c:3962 [inline] __slab_alloc_node mm/slub.c:4037 [inline] slab_alloc_node mm/slub.c:4198 [inline] __do_kmalloc_node mm/slub.c:4340 [inline] __kmalloc_noprof+0x2e8/0x500 mm/slub.c:4353 kmalloc_noprof include/linux/slab.h:909 [inline] acpi_ut_initialize_buffer+0x111/0x1d0 drivers/acpi/acpica/utalloc.c:-1 acpi_rs_create_pci_routing_table+0xc1/0x890 drivers/acpi/acpica/rscreate.c:212 acpi_rs_get_prt_method_data+0x8e/0xd0 drivers/acpi/acpica/rsutils.c:456 acpi_pci_irq_find_prt_entry+0x160/0xe40 drivers/acpi/pci_irq.c:214 acpi_pci_irq_lookup+0x37/0x560 drivers/acpi/pci_irq.c:298 acpi_pci_irq_enable+0x167/0x690 drivers/acpi/pci_irq.c:413 do_pci_enable_device+0x1de/0x3e0 drivers/pci/pci.c:2082 pci_enable_device_flags+0x4b5/0x5d0 drivers/pci/pci.c:2173 virtio_pci_probe+0x19e/0x290 drivers/virtio/virtio_pci_common.c:702 page_owner free stack trace missing Memory state around the buggy address: ffff88810fe85f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffff88810fe85f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >ffff88810fe86000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ^ ffff88810fe86080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ffff88810fe86100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ==================================================================