ci2 starts bisection 2025-06-22 12:06:46.386441375 +0000 UTC m=+123122.729807703
bisecting fixing commit since 05ef4ccb57746f921003b9340fc2f0532c177f41
building syzkaller on 3222d10cbe77bbedb5a7c455e5bcb6b7081a63b7
ensuring issue is reproducible on original commit 05ef4ccb57746f921003b9340fc2f0532c177f41

testing commit 05ef4ccb57746f921003b9340fc2f0532c177f41 gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 33acaf57e6ce62591bacce62d3fac10b8e17a11c27f0092602589e1631a318b8
all runs: crashed: UBSAN: shift-out-of-bounds in adjust_reg_min_max_vals
representative crash: UBSAN: shift-out-of-bounds in adjust_reg_min_max_vals, types: [UBSAN]
check whether we can drop unnecessary instrumentation
disabling configs for [LEAK BUG KASAN LOCKDEP ATOMIC_SLEEP HANG], they are not needed
testing commit 05ef4ccb57746f921003b9340fc2f0532c177f41 gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: c4b0868ba37df4ab8f2dbe7e9013ba56c5a32af9bd20c40fbb1c407be3ff3c2a
all runs: crashed: UBSAN: shift-out-of-bounds in adjust_reg_min_max_vals
representative crash: UBSAN: shift-out-of-bounds in adjust_reg_min_max_vals, types: [UBSAN]
the bug reproduces without the instrumentation
disabling configs for [BUG KASAN LOCKDEP ATOMIC_SLEEP HANG LEAK], they are not needed
kconfig minimization: base=4921 full=6161 leaves diff=243
split chunks (needed=false): <243>
split chunk #0 of len 243 into 5 parts
testing without sub-chunk 1/5
disabling configs for [BUG KASAN LOCKDEP ATOMIC_SLEEP HANG LEAK], they are not needed
testing commit 05ef4ccb57746f921003b9340fc2f0532c177f41 gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: cffcd6e8a59efa0b1deebdb135bbd2434060a31b6fe5730d402b9024f9220b81
all runs: crashed: UBSAN: shift-out-of-bounds in adjust_reg_min_max_vals
representative crash: UBSAN: shift-out-of-bounds in adjust_reg_min_max_vals, types: [UBSAN]
the chunk can be dropped
testing without sub-chunk 2/5
disabling configs for [KASAN LOCKDEP ATOMIC_SLEEP HANG LEAK BUG], they are not needed
testing commit 05ef4ccb57746f921003b9340fc2f0532c177f41 gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 7e8ba826708181314d5883cdef390b4a32782b1c6dcb90f61475f8b38c46707e
all runs: crashed: UBSAN: shift-out-of-bounds in adjust_reg_min_max_vals
representative crash: UBSAN: shift-out-of-bounds in adjust_reg_min_max_vals, types: [UBSAN]
the chunk can be dropped
testing without sub-chunk 3/5
disabling configs for [LEAK BUG KASAN LOCKDEP ATOMIC_SLEEP HANG], they are not needed
testing commit 05ef4ccb57746f921003b9340fc2f0532c177f41 gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 2eb8e2f1eef82025032fa8b4b4d507c5dc2ad149c689fc13c9a696fc2ecab05c
all runs: crashed: UBSAN: shift-out-of-bounds in adjust_reg_min_max_vals
representative crash: UBSAN: shift-out-of-bounds in adjust_reg_min_max_vals, types: [UBSAN]
the chunk can be dropped
testing without sub-chunk 4/5
disabling configs for [ATOMIC_SLEEP HANG LEAK BUG KASAN LOCKDEP], they are not needed
testing commit 05ef4ccb57746f921003b9340fc2f0532c177f41 gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 2729a972da49f9ca69f94c1332dbc250f7ae8fb3d6228a53ac5741113ebc6c32
all runs: crashed: UBSAN: shift-out-of-bounds in adjust_reg_min_max_vals
representative crash: UBSAN: shift-out-of-bounds in adjust_reg_min_max_vals, types: [UBSAN]
the chunk can be dropped
testing without sub-chunk 5/5
disabling configs for [LOCKDEP ATOMIC_SLEEP HANG LEAK BUG KASAN], they are not needed
testing commit 05ef4ccb57746f921003b9340fc2f0532c177f41 gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40
failed building 05ef4ccb57746f921003b9340fc2f0532c177f41: net/socket.c:1189: undefined reference to `wext_handle_ioctl'
net/socket.c:3383: undefined reference to `compat_wext_handle_ioctl'
net/core/net-procfs.c:343: undefined reference to `wext_proc_exit'
net/core/net-procfs.c:327: undefined reference to `wext_proc_init'
minimized to 47 configs; suspects: [HID_ZEROPLUS USB_NET_DM9601 USB_NET_GL620A USB_NET_MCS7830 USB_NET_NET1080 USB_NET_PLUSB USB_NET_RNDIS_HOST USB_NET_SMSC75XX USB_NET_SMSC95XX USB_NET_SR9700 USB_NET_SR9800 USB_NET_ZAURUS USB_OHCI_HCD USB_OHCI_HCD_PCI USB_OHCI_HCD_PLATFORM USB_OTG USB_OTG_FSM USB_PRINTER USB_SERIAL USB_SERIAL_FTDI_SIO USB_SERIAL_GENERIC USB_SERIAL_PL2303 USB_STORAGE_ALAUDA USB_STORAGE_CYPRESS_ATACB USB_STORAGE_DATAFAB USB_STORAGE_FREECOM USB_STORAGE_ISD200 USB_STORAGE_JUMPSHOT USB_STORAGE_KARMA USB_STORAGE_ONETOUCH USB_STORAGE_SDDR09 USB_STORAGE_SDDR55 USB_STORAGE_USBAT USB_TRANCEVIBRATOR USB_U_AUDIO USB_U_ETHER USB_U_SERIAL USB_WDM WLAN WLAN_VENDOR_ATH WLAN_VENDOR_ATMEL WLAN_VENDOR_BROADCOM WLAN_VENDOR_INTERSIL WLAN_VENDOR_MARVELL WLAN_VENDOR_MEDIATEK WLAN_VENDOR_MICROCHIP WLAN_VENDOR_RALINK WLAN_VENDOR_REALTEK WLAN_VENDOR_RSI WLAN_VENDOR_ZYDAS X86_X32 ZEROPLUS_FF]
disabling configs for [HANG LEAK BUG KASAN LOCKDEP ATOMIC_SLEEP], they are not needed
testing current HEAD e678c93d43cc59dbad86bb0ad0ff6a7ed675a154
testing commit e678c93d43cc59dbad86bb0ad0ff6a7ed675a154 gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 027a57dd529faa303bdd24ef188ab9981c04285f2d888b54a6be5dfb087897fe
all runs: crashed: UBSAN: shift-out-of-bounds in adjust_reg_min_max_vals
representative crash: UBSAN: shift-out-of-bounds in adjust_reg_min_max_vals, types: [UBSAN]
crash still not fixed/happens on the oldest tested release
revisions tested: 7, total time: 1h18m57.290828231s (build: 35m53.727587161s, test: 40m23.43338806s)
crash still not fixed or there were kernel test errors
commit msg: Revert "coredump: hand a pidfd to the usermode coredump helper"
crash: UBSAN: shift-out-of-bounds in adjust_reg_min_max_vals
================================================================================
UBSAN: shift-out-of-bounds in kernel/bpf/verifier.c:8028:63
shift exponent 1073741824 is too large for 32-bit type 'int'
CPU: 1 PID: 381 Comm: syz-executor.0 Not tainted 5.15.185-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x38/0x49 lib/dump_stack.c:106
 dump_stack+0x10/0x12 lib/dump_stack.c:113
 ubsan_epilogue+0x9/0x32 lib/ubsan.c:151
 __ubsan_handle_shift_out_of_bounds.cold+0x6a/0x108 lib/ubsan.c:321
 scalar32_min_max_arsh kernel/bpf/verifier.c:8028 [inline]
 adjust_scalar_min_max_vals kernel/bpf/verifier.c:8216 [inline]
 adjust_reg_min_max_vals.cold+0x109/0x150 kernel/bpf/verifier.c:8317
 check_alu_op+0x246/0x780 kernel/bpf/verifier.c:8488
 do_check kernel/bpf/verifier.c:11239 [inline]
 do_check_common+0x1182/0x4410 kernel/bpf/verifier.c:13457
 do_check_main kernel/bpf/verifier.c:13520 [inline]
 bpf_check+0x225c/0x3510 kernel/bpf/verifier.c:14091
 bpf_prog_load+0x483/0x9e0 kernel/bpf/syscall.c:2328
 __sys_bpf+0x706/0x2550 kernel/bpf/syscall.c:4633
 __do_sys_bpf kernel/bpf/syscall.c:4737 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:4735 [inline]
 __x64_sys_bpf+0x17/0x20 kernel/bpf/syscall.c:4735
 x64_sys_call+0x12b/0x990 arch/x86/include/generated/asm/syscalls_64.h:322
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x33/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x66/0xd0
RIP: 0033:0x7f4496f7bba9
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f4496afe0c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007f449709af80 RCX: 00007f4496f7bba9
RDX: 0000000000000048 RSI: 00000000200054c0 RDI: 0000000000000005
RBP: 00007f4496fc747a R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 000000000000000b R14: 00007f449709af80 R15: 00007ffc75927658
 </TASK>
================================================================================
================================================================================
UBSAN: shift-out-of-bounds in kernel/bpf/verifier.c:8029:63
shift exponent 1073741824 is too large for 32-bit type 'int'
CPU: 0 PID: 381 Comm: syz-executor.0 Not tainted 5.15.185-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x38/0x49 lib/dump_stack.c:106
 dump_stack+0x10/0x12 lib/dump_stack.c:113
 ubsan_epilogue+0x9/0x32 lib/ubsan.c:151
 __ubsan_handle_shift_out_of_bounds.cold+0x6a/0x108 lib/ubsan.c:321
 scalar32_min_max_arsh kernel/bpf/verifier.c:8029 [inline]
 adjust_scalar_min_max_vals kernel/bpf/verifier.c:8216 [inline]
 adjust_reg_min_max_vals.cold+0x125/0x150 kernel/bpf/verifier.c:8317
 check_alu_op+0x246/0x780 kernel/bpf/verifier.c:8488
 do_check kernel/bpf/verifier.c:11239 [inline]
 do_check_common+0x1182/0x4410 kernel/bpf/verifier.c:13457
 do_check_main kernel/bpf/verifier.c:13520 [inline]
 bpf_check+0x225c/0x3510 kernel/bpf/verifier.c:14091
 bpf_prog_load+0x483/0x9e0 kernel/bpf/syscall.c:2328
 __sys_bpf+0x706/0x2550 kernel/bpf/syscall.c:4633
 __do_sys_bpf kernel/bpf/syscall.c:4737 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:4735 [inline]
 __x64_sys_bpf+0x17/0x20 kernel/bpf/syscall.c:4735
 x64_sys_call+0x12b/0x990 arch/x86/include/generated/asm/syscalls_64.h:322
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x33/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x66/0xd0
RIP: 0033:0x7f4496f7bba9
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f4496afe0c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007f449709af80 RCX: 00007f4496f7bba9
RDX: 0000000000000048 RSI: 00000000200054c0 RDI: 0000000000000005
RBP: 00007f4496fc747a R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 000000000000000b R14: 00007f449709af80 R15: 00007ffc75927658
 </TASK>
================================================================================