ci2 starts bisection 2025-02-12 17:53:40.244177121 +0000 UTC m=+27267.730390969 bisecting fixing commit since b4bd207b0380c89a7134705d0cddb3541912562b building syzkaller on d3ccff6372e07c6aabd02b5da419aa6492b5f0ad ensuring issue is reproducible on original commit b4bd207b0380c89a7134705d0cddb3541912562b testing commit b4bd207b0380c89a7134705d0cddb3541912562b gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 899cd091b3335f38ba87ed65c10d5361773010da3fb2a1a7716238177ef36349 all runs: crashed: UBSAN: shift-out-of-bounds in parse_audio_unit representative crash: UBSAN: shift-out-of-bounds in parse_audio_unit, types: [UBSAN] check whether we can drop unnecessary instrumentation disabling configs for [BUG KASAN LOCKDEP ATOMIC_SLEEP HANG LEAK], they are not needed testing commit b4bd207b0380c89a7134705d0cddb3541912562b gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: e8d606465b0538531372cde468fbcaca5612d996e11dbd783351b89bd159338b all runs: crashed: UBSAN: shift-out-of-bounds in parse_audio_unit representative crash: UBSAN: shift-out-of-bounds in parse_audio_unit, types: [UBSAN] the bug reproduces without the instrumentation disabling configs for [HANG LEAK BUG KASAN LOCKDEP ATOMIC_SLEEP], they are not needed kconfig minimization: base=4920 full=6215 leaves diff=253 split chunks (needed=false): <253> split chunk #0 of len 253 into 5 parts testing without sub-chunk 1/5 disabling configs for [KASAN LOCKDEP ATOMIC_SLEEP HANG LEAK BUG], they are not needed testing commit b4bd207b0380c89a7134705d0cddb3541912562b gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: a127dc6fc215e75f5853a3db1e3ecd745654bbcc864054316fb1c6f53311bc93 all runs: crashed: UBSAN: shift-out-of-bounds in parse_audio_unit representative crash: UBSAN: shift-out-of-bounds in parse_audio_unit, types: [UBSAN] the chunk can be dropped testing without sub-chunk 2/5 disabling configs for [BUG KASAN LOCKDEP ATOMIC_SLEEP HANG LEAK], they are not needed testing commit b4bd207b0380c89a7134705d0cddb3541912562b gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 0f135fefbf1e05ac3663878e953237b753fc5b5536b879c4c4a05c35a6aa9e78 all runs: crashed: UBSAN: shift-out-of-bounds in parse_audio_unit representative crash: UBSAN: shift-out-of-bounds in parse_audio_unit, types: [UBSAN] the chunk can be dropped testing without sub-chunk 3/5 disabling configs for [KASAN LOCKDEP ATOMIC_SLEEP HANG LEAK BUG], they are not needed testing commit b4bd207b0380c89a7134705d0cddb3541912562b gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: ad92a9e1610ae19a330d87c3232e7033b0193cf76ab11bc97c4b1bd1612f1318 all runs: OK false negative chance: 0.000 testing without sub-chunk 4/5 disabling configs for [ATOMIC_SLEEP HANG LEAK BUG KASAN LOCKDEP], they are not needed testing commit b4bd207b0380c89a7134705d0cddb3541912562b gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 169b17be03feb1b42fd2dc0650dc5c598b2f0cd1d67fc6f342ff5f8fb156fd22 all runs: crashed: UBSAN: shift-out-of-bounds in parse_audio_unit representative crash: UBSAN: shift-out-of-bounds in parse_audio_unit, types: [UBSAN] the chunk can be dropped testing without sub-chunk 5/5 disabling configs for [BUG KASAN LOCKDEP ATOMIC_SLEEP HANG LEAK], they are not needed testing commit b4bd207b0380c89a7134705d0cddb3541912562b gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 failed building b4bd207b0380c89a7134705d0cddb3541912562b: net/socket.c:1191: undefined reference to `wext_handle_ioctl' net/socket.c:3390: undefined reference to `compat_wext_handle_ioctl' net/core/net-procfs.c:343: undefined reference to `wext_proc_exit' net/core/net-procfs.c:327: undefined reference to `wext_proc_init' minimized to 100 configs; suspects: [HID_PANTHERLORD HID_SMARTJOYPLUS HID_THRUSTMASTER HID_ZEROPLUS INPUT_TABLET MEDIA_RADIO_SUPPORT NOP_USB_XCEIV PANTHERLORD_FF PROC_MEM_ALWAYS_FORCE RADIO_ADAPTERS REGMAP_SPI RESET_CONTROLLER RFKILL RFKILL_LEDS RMI4_2D_SENSOR RMI4_CORE RMI4_F03 RMI4_F03_SERIO RMI4_F11 RMI4_F12 RMI4_F30 SMARTJOYPLUS_FF SMSC_PHY SND SND_COMPRESS_OFFLOAD SND_CTL_FAST_LOOKUP SND_DMAENGINE_PCM SND_DMA_SGBUF SND_DYNAMIC_MINORS SND_HRTIMER SND_HWDEP SND_INTEL_DSP_CONFIG SND_INTEL_SOUNDWIRE_ACPI SND_PCI SND_PCM SND_PCM_TIMER SND_PROC_FS SND_RAWMIDI SND_SOC SND_SOC_ACPI SND_SOC_ACPI_INTEL_MATCH SND_SOC_COMPRESS SND_SOC_GENERIC_DMAENGINE_PCM SND_SOC_I2C_AND_SPI SND_SOC_INTEL_MACH SND_SOC_INTEL_SST_TOPLEVEL SND_SOC_TOPOLOGY SND_SPI SND_SST_ATOM_HIFI2_PLATFORM SND_SST_ATOM_HIFI2_PLATFORM_ACPI SND_TIMER SND_USB SND_USB_AUDIO SND_USB_AUDIO_USE_MEDIA_CONTROLLER SND_X86 SOUND TABLET_USB_ACECAD TABLET_USB_AIPTEK TABLET_USB_HANWANG TABLET_USB_KBTAB THRUSTMASTER_FF TYPEC_DP_ALTMODE TYPEC_FUSB302 USB_ARMLINUX USB_BELKIN USB_NET_CDC_SUBSET USB_NET_CDC_SUBSET_ENABLE USB_NET_DM9601 USB_NET_GL620A USB_NET_MCS7830 USB_NET_NET1080 USB_NET_PLUSB USB_NET_RNDIS_HOST USB_NET_SMSC75XX USB_NET_SMSC95XX USB_NET_SR9700 USB_NET_SR9800 USB_NET_ZAURUS USB_OHCI_HCD USB_OHCI_HCD_PCI USB_OHCI_HCD_PLATFORM USB_OTG USB_OTG_FSM USB_PRINTER USB_SERIAL USB_SERIAL_FTDI_SIO USB_SERIAL_GENERIC USB_SERIAL_PL2303 USB_STORAGE_ALAUDA USB_STORAGE_CYPRESS_ATACB USB_STORAGE_DATAFAB USB_STORAGE_FREECOM USB_STORAGE_ISD200 USB_STORAGE_JUMPSHOT USB_STORAGE_KARMA USB_STORAGE_ONETOUCH USB_STORAGE_SDDR09 USB_STORAGE_SDDR55 USB_STORAGE_USBAT USB_TRANCEVIBRATOR USB_U_AUDIO USB_U_ETHER USB_U_SERIAL USB_WDM USB_XHCI_PCI_RENESAS WLAN WLAN_VENDOR_ATH WLAN_VENDOR_ATMEL WLAN_VENDOR_BROADCOM WLAN_VENDOR_INTERSIL WLAN_VENDOR_MARVELL WLAN_VENDOR_MEDIATEK WLAN_VENDOR_MICROCHIP WLAN_VENDOR_RALINK WLAN_VENDOR_REALTEK WLAN_VENDOR_RSI WLAN_VENDOR_ZYDAS X86_X32 ZEROPLUS_FF] disabling configs for [BUG KASAN LOCKDEP ATOMIC_SLEEP HANG LEAK], they are not needed testing current HEAD 058abb720bd1570acf1c8721b1efa0c1850b5032 testing commit 058abb720bd1570acf1c8721b1efa0c1850b5032 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 070b42a5c1d7a4b558e8963794573f54b63e3f3fe5e4f2e77abdfdebdde8753d all runs: OK false negative chance: 0.000 # git bisect start 058abb720bd1570acf1c8721b1efa0c1850b5032 b4bd207b0380c89a7134705d0cddb3541912562b Bisecting: 501 revisions left to test after this (roughly 9 steps) [53b03a43a881b0ab2ec0f980c4462b43ea92e264] drm/amdgpu: skip amdgpu_device_cache_pci_state under sriov determine whether the revision contains the guilty commit checking the merge base 0a51d2d4527b43c5e467ffa6897deefeaf499358 no existing result, test the revision testing commit 0a51d2d4527b43c5e467ffa6897deefeaf499358 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 7f828944121916843eb6b0211a9e75be72d90bc078b6015e55167db5fe9315e6 all runs: crashed: UBSAN: shift-out-of-bounds in parse_audio_unit representative crash: UBSAN: shift-out-of-bounds in parse_audio_unit, types: [UBSAN] testing commit 53b03a43a881b0ab2ec0f980c4462b43ea92e264 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 8e6d05148bc0ba463e25e0a6ac4518e8d097883bccf9ecf22c45df3088488c9b all runs: crashed: UBSAN: shift-out-of-bounds in parse_audio_unit representative crash: UBSAN: shift-out-of-bounds in parse_audio_unit, types: [UBSAN] # git bisect good 53b03a43a881b0ab2ec0f980c4462b43ea92e264 Bisecting: 250 revisions left to test after this (roughly 8 steps) [143378075904e78b3b2a810099bcc3b3d82d762f] RDMA/rtrs: Ensure 'ib_sge list' is accessible determine whether the revision contains the guilty commit revision 0a51d2d4527b43c5e467ffa6897deefeaf499358 crashed and is reachable testing commit 143378075904e78b3b2a810099bcc3b3d82d762f gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 35c458d28b8785113b1705dfc31979db65a073b9b0451687e957a6777f42796d all runs: OK false negative chance: 0.000 # git bisect bad 143378075904e78b3b2a810099bcc3b3d82d762f Bisecting: 125 revisions left to test after this (roughly 7 steps) [676cec3ad096045b969c5fdbe9461f446283cf9c] MIPS: Loongson64: DTS: Fix msi node for ls7a determine whether the revision contains the guilty commit revision 53b03a43a881b0ab2ec0f980c4462b43ea92e264 crashed and is reachable testing commit 676cec3ad096045b969c5fdbe9461f446283cf9c gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: eab73354520ffda505e9688aa12c52aa954e85a28e4ef219cfd21c84ffbe60e0 all runs: OK false negative chance: 0.000 # git bisect bad 676cec3ad096045b969c5fdbe9461f446283cf9c Bisecting: 62 revisions left to test after this (roughly 6 steps) [2e29116c45960d17a6864c75f7471f2c16fbdfc2] Bluetooth: hci_core: Fix calling mgmt_device_connected determine whether the revision contains the guilty commit revision 0a51d2d4527b43c5e467ffa6897deefeaf499358 crashed and is reachable testing commit 2e29116c45960d17a6864c75f7471f2c16fbdfc2 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: f50f14aec40a02b7b63460b385c8cf53629aaca673ce6b74c16e36b7f4ce754c all runs: crashed: UBSAN: shift-out-of-bounds in parse_audio_unit representative crash: UBSAN: shift-out-of-bounds in parse_audio_unit, types: [UBSAN] # git bisect good 2e29116c45960d17a6864c75f7471f2c16fbdfc2 Bisecting: 31 revisions left to test after this (roughly 5 steps) [78079fda4829020c76b1e607ea40423c54ac49ec] ACPI: resource: Fix memory resource type union access determine whether the revision contains the guilty commit revision 0a51d2d4527b43c5e467ffa6897deefeaf499358 crashed and is reachable testing commit 78079fda4829020c76b1e607ea40423c54ac49ec gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 02ba06a9a01795990de510c76c39c55ba3cc2ea4f9713fbda6215c51e51394c8 all runs: crashed: UBSAN: shift-out-of-bounds in parse_audio_unit representative crash: UBSAN: shift-out-of-bounds in parse_audio_unit, types: [UBSAN] # git bisect good 78079fda4829020c76b1e607ea40423c54ac49ec Bisecting: 15 revisions left to test after this (roughly 4 steps) [8abab99114f1713914d833344e74a0944291a5fb] x86/static-call: provide a way to do very early static-call updates determine whether the revision contains the guilty commit revision 78079fda4829020c76b1e607ea40423c54ac49ec crashed and is reachable testing commit 8abab99114f1713914d833344e74a0944291a5fb gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 656286cf28da5db0057f1f6b282d9293a902a5daac1f633a6129dd5540640e06 all runs: crashed: UBSAN: shift-out-of-bounds in parse_audio_unit representative crash: UBSAN: shift-out-of-bounds in parse_audio_unit, types: [UBSAN] # git bisect good 8abab99114f1713914d833344e74a0944291a5fb Bisecting: 7 revisions left to test after this (roughly 3 steps) [33db36b3c53d0fda2699ea39ba72bee4de8336e8] net: sched: fix ordering of qlen adjustment determine whether the revision contains the guilty commit revision 53b03a43a881b0ab2ec0f980c4462b43ea92e264 crashed and is reachable testing commit 33db36b3c53d0fda2699ea39ba72bee4de8336e8 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 4fe28be5c51062702c42684b10b71ad90923a5cbc0d58b02fe79d2e06d28a36b all runs: crashed: UBSAN: shift-out-of-bounds in parse_audio_unit representative crash: UBSAN: shift-out-of-bounds in parse_audio_unit, types: [UBSAN] # git bisect good 33db36b3c53d0fda2699ea39ba72bee4de8336e8 Bisecting: 3 revisions left to test after this (roughly 2 steps) [6eb9609c8bf0166a130f1e4f495ab96b2f562754] usb: cdns3: Add quirk flag to enable suspend residency determine whether the revision contains the guilty commit revision 8abab99114f1713914d833344e74a0944291a5fb crashed and is reachable testing commit 6eb9609c8bf0166a130f1e4f495ab96b2f562754 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: cd7af78167336c89bf93f74c6d15f0c79d3350e165208899f65837b59e601398 all runs: OK false negative chance: 0.000 # git bisect bad 6eb9609c8bf0166a130f1e4f495ab96b2f562754 Bisecting: 1 revision left to test after this (roughly 1 step) [02052d22de9164862ad77f8cfa96bc93d43b65a7] PCI/AER: Disable AER service on suspend determine whether the revision contains the guilty commit revision 2e29116c45960d17a6864c75f7471f2c16fbdfc2 crashed and is reachable testing commit 02052d22de9164862ad77f8cfa96bc93d43b65a7 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: f8dce77d265416f0e0e384a4034ff99eab3983b1fbc7e8f441c10a1ed2d1bd5f all runs: crashed: UBSAN: shift-out-of-bounds in parse_audio_unit representative crash: UBSAN: shift-out-of-bounds in parse_audio_unit, types: [UBSAN] # git bisect good 02052d22de9164862ad77f8cfa96bc93d43b65a7 Bisecting: 0 revisions left to test after this (roughly 0 steps) [a19c6a484417343667b98acb510e3cc5a053089b] ALSA: usb: Fix UBSAN warning in parse_audio_unit() determine whether the revision contains the guilty commit revision 02052d22de9164862ad77f8cfa96bc93d43b65a7 crashed and is reachable testing commit a19c6a484417343667b98acb510e3cc5a053089b gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 138b4b825a07c29426086b10603cd0845896a4406b1377469a93f5bcd78be44d run #0: ignore: lost connection to test machine run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK false negative chance: 0.000 # git bisect bad a19c6a484417343667b98acb510e3cc5a053089b a19c6a484417343667b98acb510e3cc5a053089b is the first bad commit commit a19c6a484417343667b98acb510e3cc5a053089b Author: Takashi Iwai Date: Sun Jul 28 12:08:55 2024 -0400 ALSA: usb: Fix UBSAN warning in parse_audio_unit() [ Upstream commit 2f38cf730caedaeacdefb7ff35b0a3c1168117f9 ] A malformed USB descriptor may pass the lengthy mixer description with a lot of channels, and this may overflow the 32bit integer shift size, as caught by syzbot UBSAN test. Although this won't cause any real trouble, it's better to address. This patch introduces a sanity check of the number of channels to bail out the parsing when too many channels are found. Reported-by: syzbot+78d5b129a762182225aa@syzkaller.appspotmail.com Closes: https://lore.kernel.org/0000000000000adac5061d3c7355@google.com Link: https://patch.msgid.link/20240715123619.26612-1-tiwai@suse.de Signed-off-by: Takashi Iwai Signed-off-by: Sasha Levin sound/usb/mixer.c | 7 +++++++ 1 file changed, 7 insertions(+) accumulated error probability: 0.00 culprit signature: 138b4b825a07c29426086b10603cd0845896a4406b1377469a93f5bcd78be44d parent signature: f8dce77d265416f0e0e384a4034ff99eab3983b1fbc7e8f441c10a1ed2d1bd5f revisions tested: 18, total time: 2h25m36.815653189s (build: 44m59.361324128s, test: 1h36m11.752141174s) first good commit: a19c6a484417343667b98acb510e3cc5a053089b ALSA: usb: Fix UBSAN warning in parse_audio_unit() recipients (to): ["sashal@kernel.org" "tiwai@suse.de"] recipients (cc): []