ci2 starts bisection 2024-05-02 15:52:07.413696165 +0000 UTC m=+144297.188956190 bisecting fixing commit since 6741e066ec7633450d3186946035c1f80c4226b8 building syzkaller on af24b0505c748561efb50f1d03c824d6642f6c0b ensuring issue is reproducible on original commit 6741e066ec7633450d3186946035c1f80c4226b8 testing commit 6741e066ec7633450d3186946035c1f80c4226b8 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: bb4380c912b80243700589143f0df4982c25a70a6f8c4499bc90d641beb69470 all runs: crashed: kernel BUG in evict representative crash: kernel BUG in evict, types: [BUG] check whether we can drop unnecessary instrumentation disabling configs for [LOCKDEP ATOMIC_SLEEP HANG LEAK UBSAN KASAN], they are not needed testing commit 6741e066ec7633450d3186946035c1f80c4226b8 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: a153ac78b59617d3dcb37bdb4f8f341710a71cfafcda8e66c8b675e331378a3e all runs: crashed: kernel BUG in evict representative crash: kernel BUG in evict, types: [BUG] the bug reproduces without the instrumentation disabling configs for [LOCKDEP ATOMIC_SLEEP HANG LEAK UBSAN KASAN], they are not needed kconfig minimization: base=3820 full=7455 leaves diff=1990 split chunks (needed=false): <1990> split chunk #0 of len 1990 into 5 parts testing without sub-chunk 1/5 disabling configs for [HANG LEAK UBSAN KASAN LOCKDEP ATOMIC_SLEEP], they are not needed testing commit 6741e066ec7633450d3186946035c1f80c4226b8 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 6e9b6c99db73712ede6ef4449c6018fe09d8701a586852e6f0368675fe2b0b39 all runs: crashed: kernel BUG in evict representative crash: kernel BUG in evict, types: [BUG] the chunk can be dropped testing without sub-chunk 2/5 disabling configs for [KASAN LOCKDEP ATOMIC_SLEEP HANG LEAK UBSAN], they are not needed testing commit 6741e066ec7633450d3186946035c1f80c4226b8 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: ddf87033bd1627086ed148a787cc6ea4d8285e9ff79a186af0eeb1e0c63cb880 all runs: crashed: kernel BUG in evict representative crash: kernel BUG in evict, types: [BUG] the chunk can be dropped testing without sub-chunk 3/5 disabling configs for [LEAK UBSAN KASAN LOCKDEP ATOMIC_SLEEP HANG], they are not needed testing commit 6741e066ec7633450d3186946035c1f80c4226b8 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 440b92f1d28e237755fdbe5ef8665fd66a04cdb63bb359ca3a68a4f6b6e4cf6f all runs: crashed: kernel BUG in evict representative crash: kernel BUG in evict, types: [BUG] the chunk can be dropped testing without sub-chunk 4/5 disabling configs for [HANG LEAK UBSAN KASAN LOCKDEP ATOMIC_SLEEP], they are not needed testing commit 6741e066ec7633450d3186946035c1f80c4226b8 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: c605ed5019ddaef9e8368daff48151d71d8405f8b2723afc8d4fc3b15bdb3b8b all runs: OK false negative chance: 0.000 testing without sub-chunk 5/5 disabling configs for [HANG LEAK UBSAN KASAN LOCKDEP ATOMIC_SLEEP], they are not needed testing commit 6741e066ec7633450d3186946035c1f80c4226b8 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 4f251fed2091d730c265bee0bddab2c5c6a83bc472a92f018946bced4865e45e all runs: crashed: kernel BUG in evict representative crash: kernel BUG in evict, types: [BUG] the chunk can be dropped minimized to 398 configs; suspects: [AF_RXRPC ARCH_ENABLE_MEMORY_HOTREMOVE ATM AX25 CFG80211 CMA DAX DLM DVB_CORE ENCRYPTED_KEYS EXTCON GENEVE GPIOLIB HAMRADIO HAVE_CLK HID_SENSOR_HUB HID_SMARTJOYPLUS HID_THRUSTMASTER IIO INFINIBAND INFINIBAND_ADDR_TRANS INFINIBAND_IPOIB INFINIBAND_USER_ACCESS INFINIBAND_VIRT_DMA INPUT_TABLET INPUT_TOUCHSCREEN IP_SCTP L2TP LIBNVDIMM MEDIA_COMMON_OPTIONS MEDIA_DIGITAL_TV_SUPPORT MEDIA_RADIO_SUPPORT MEDIA_SDR_SUPPORT MEDIA_SUPPORT MEDIA_USB_SUPPORT MEMORY_HOTPLUG MEMORY_HOTREMOVE MFD_DLN2 MFD_RETU MMC MTD MTD_UBI NETFILTER_CONNCOUNT NET_IPGRE NET_IPGRE_DEMUX NFS_V4_1 NF_TPROXY_IPV6 NILFS2_FS NLMON NLS_CODEPAGE_1250 NLS_CODEPAGE_1251 NLS_CODEPAGE_737 NLS_CODEPAGE_775 NLS_CODEPAGE_850 NLS_CODEPAGE_852 NLS_CODEPAGE_855 NLS_CODEPAGE_857 NLS_CODEPAGE_860 NLS_CODEPAGE_861 NLS_CODEPAGE_862 NLS_CODEPAGE_863 NLS_CODEPAGE_864 NLS_CODEPAGE_865 NLS_CODEPAGE_866 NLS_CODEPAGE_869 NLS_CODEPAGE_874 NLS_CODEPAGE_932 NLS_CODEPAGE_936 NLS_CODEPAGE_949 NLS_CODEPAGE_950 NLS_ISO8859_13 NLS_ISO8859_14 NLS_ISO8859_15 NLS_ISO8859_2 NLS_ISO8859_3 NLS_ISO8859_4 NLS_ISO8859_5 NLS_ISO8859_6 NLS_ISO8859_7 NLS_ISO8859_8 NLS_ISO8859_9 NLS_KOI8_R NLS_KOI8_U NLS_MAC_CELTIC NLS_MAC_CENTEURO NLS_MAC_CROATIAN NLS_MAC_CYRILLIC NLS_MAC_GAELIC NLS_MAC_GREEK NLS_MAC_ICELAND NLS_MAC_INUIT NLS_MAC_ROMAN NLS_MAC_ROMANIAN NLS_MAC_TURKISH NOP_USB_XCEIV NOZOMI NTFS3_FS NTFS3_FS_POSIX_ACL NTFS3_LZX_XPRESS NTFS_FS NTFS_RW NULL_TTY NUMA_BALANCING NUMA_BALANCING_DEFAULT_ENABLED NUMA_EMU NUMA_KEEP_MEMINFO NVDIMM_DAX NVDIMM_KEYS NVDIMM_PFN NVME_CORE NVME_FABRICS NVME_FC NVME_MULTIPATH NVME_RDMA NVME_TARGET NVME_TARGET_FC NVME_TARGET_FCLOOP NVME_TARGET_LOOP NVME_TARGET_RDMA NVME_TARGET_TCP NVME_TCP N_GSM N_HDLC OCFS2_DEBUG_FS OCFS2_FS OCFS2_FS_O2CB OCFS2_FS_STATS OCFS2_FS_USERSPACE_CLUSTER OF_GPIO OF_PMEM OMFS_FS OPENVSWITCH OPENVSWITCH_GENEVE OPENVSWITCH_GRE OPENVSWITCH_VXLAN ORANGEFS_FS OSF_PARTITION OVERLAY_FS OVERLAY_FS_INDEX OVERLAY_FS_REDIRECT_ALWAYS_FOLLOW OVERLAY_FS_REDIRECT_DIR PACKET_DIAG PADATA PAGE_IDLE_FLAG PAGE_POOL PAGE_REPORTING PAHOLE_HAS_BTF_TAG PAHOLE_HAS_LANG_EXCLUDE PAHOLE_HAS_SPLIT_BTF PARPORT PARPORT_NOT_PC PARTITION_ADVANCED PCCARD PCCARD_NONSTATIC PCIEAER PCI_ENDPOINT PCI_IOV PCMCIA PCMCIA_LOAD_CIS PERCPU_STATS PERSISTENT_KEYRINGS PHONET PHYLINK PHY_CPCAP_USB PHY_QCOM_USB_HS PHY_QCOM_USB_HSIC PHY_SAMSUNG_USB2 PHY_TUSB1210 PKCS7_TEST_KEY PKCS8_PRIVATE_KEY_PARSER PM_CLK PNFS_BLOCK PNFS_FILE_LAYOUT PNFS_FLEXFILE_LAYOUT PPP PPPOATM PPPOE PPPOL2TP PPP_ASYNC PPP_BSDCOMP PPP_DEFLATE PPP_FILTER PPP_MPPE PPP_MULTILINK PPP_SYNC_TTY PPTP PREEMPT PREEMPT_NOTIFIERS PRISM2_USB PROC_CHILDREN PSI PSTORE PSTORE_842_COMPRESS PSTORE_COMPRESS PSTORE_DEFLATE_COMPRESS PSTORE_DEFLATE_COMPRESS_DEFAULT PSTORE_LZ4HC_COMPRESS PSTORE_LZ4_COMPRESS PSTORE_LZO_COMPRESS PSTORE_ZSTD_COMPRESS QCOM_QMI_HELPERS QNX4FS_FS QNX6FS_FS QRTR QRTR_TUN R8712U RADIO_ADAPTERS RADIO_SHARK RADIO_SHARK2 RADIO_TEA575X RAID6_PQ RAID_ATTRS RC_ATI_REMOTE RC_CORE RC_DEVICES RDMA_RXE RDMA_SIW RDS RDS_RDMA RDS_TCP READ_ONLY_THP_FOR_FS REALTEK_AUTOPM REED_SOLOMON REED_SOLOMON_DEC8 REGMAP REGMAP_I2C REGMAP_IRQ REGMAP_MMIO REGULATOR REGULATOR_TWL4030 REISERFS_FS REISERFS_FS_POSIX_ACL REISERFS_FS_SECURITY REISERFS_FS_XATTR REISERFS_PROC_INFO RESET_CONTROLLER RFKILL RFKILL_INPUT RFKILL_LEDS RMI4_2D_SENSOR RMI4_CORE RMI4_F03 RMI4_F03_SERIO RMI4_F11 RMI4_F12 RMI4_F30 ROMFS_BACKED_BY_BOTH ROMFS_FS ROMFS_ON_BLOCK ROMFS_ON_MTD ROSE RTC_DRV_HID_SENSOR_TIME RXKAD SCHED_CORE SCSI_FC_ATTRS SCSI_HPSA SCSI_ISCSI_ATTRS SCSI_LOGGING SCSI_NETLINK SCSI_SAS_ATA SCSI_SAS_ATTRS SCSI_SAS_LIBSAS SCSI_SCAN_ASYNC SCSI_SRP_ATTRS SCTP_COOKIE_HMAC_MD5 SCTP_COOKIE_HMAC_SHA1 SCTP_DEFAULT_COOKIE_HMAC_MD5 SECONDARY_TRUSTED_KEYRING SECURITY_INFINIBAND SECURITY_NETWORK_XFRM SERIAL_DEV_BUS SERIAL_DEV_CTRL_TTYPORT SERIAL_MCTRL_GPIO SGI_PARTITION SIGNATURE SIGNED_PE_FILE_VERIFICATION SLHC SLIP SLIP_COMPRESSED SLIP_MODE_SLIP6 SLIP_SMART SMARTJOYPLUS_FF SMBFS SMC SMC_DIAG SMSC_PHY SMS_SIANO_MDTV SMS_SIANO_RC SMS_USB_DRV SND SND_ALOOP SND_BCD2000 SND_CTL_FAST_LOOKUP SND_CTL_LED SND_DEBUG SND_DMA_SGBUF SND_DRIVERS SND_DUMMY SND_DYNAMIC_MINORS SND_HDA SND_HDA_CODEC_ANALOG SND_HDA_CODEC_CA0110 SND_HDA_CODEC_CA0132 SND_HDA_CODEC_CIRRUS SND_HDA_CODEC_CMEDIA SND_HDA_CODEC_CONEXANT SND_HDA_CODEC_HDMI SND_HDA_CODEC_REALTEK SND_HDA_CODEC_SI3054 SND_HDA_CODEC_SIGMATEL SND_HDA_CODEC_VIA SND_HDA_COMPONENT SND_HDA_CORE SND_HDA_GENERIC SND_HDA_GENERIC_LEDS SND_HDA_HWDEP SND_HDA_I915 SND_HDA_INPUT_BEEP SND_HDA_INTEL SND_HDA_PATCH_LOADER SND_HDA_RECONFIG SND_HRTIMER SND_HWDEP SND_INTEL_DSP_CONFIG SND_INTEL_NHLT SND_INTEL_SOUNDWIRE_ACPI SND_JACK SND_JACK_INPUT_DEV SND_MIXER_OSS SND_OSSEMUL SND_PCI SND_PCM SND_PCMCIA SND_PCM_OSS SND_PCM_OSS_PLUGINS SND_PCM_TIMER SND_PCM_XRUN_DEBUG SND_PROC_FS SND_RAWMIDI SND_SEQUENCER SND_SEQUENCER_OSS SND_SEQ_DEVICE SND_SEQ_DUMMY SND_SEQ_HRTIMER_DEFAULT SND_SEQ_MIDI SND_SEQ_MIDI_EVENT SND_SEQ_VIRMIDI SND_SUPPORT_OLD_API SND_TIMER SND_USB SND_USB_6FIRE SND_USB_AUDIO SND_USB_AUDIO_USE_MEDIA_CONTROLLER SND_USB_CAIAQ SND_USB_CAIAQ_INPUT SND_USB_HIFACE SND_USB_LINE6 SND_USB_POD SND_USB_PODHD SND_USB_TONEPORT SND_USB_UA101 SND_USB_US122L SND_USB_USX2Y SND_USB_VARIAX SND_VERBOSE_PROCFS SND_VIRMIDI SND_VIRTIO SND_VMASTER SND_X86 SOCK_VALIDATE_XMIT SOLARIS_X86_PARTITION SONY_FF SOUND SOUND_OSS_CORE SOUND_OSS_CORE_PRECLAIM SPI SPI_DLN2 SPI_DYNAMIC SPI_MASTER SQUASHFS SQUASHFS_4K_DEVBLK_SIZE SQUASHFS_DECOMP_SINGLE SQUASHFS_FILE_DIRECT SQUASHFS_LZ4 SQUASHFS_LZO SQUASHFS_XATTR SQUASHFS_XZ SQUASHFS_ZLIB SQUASHFS_ZSTD SSB SSB_PCIHOST_POSSIBLE SSB_PCMCIAHOST_POSSIBLE SSB_SDIOHOST_POSSIBLE STAGING STAGING_MEDIA STP STREAM_PARSER SUNRPC_BACKCHANNEL SUN_PARTITION SW_SYNC SYSFB SYSV68_PARTITION SYSV_FS TABLET_USB_ACECAD TABLET_USB_AIPTEK TABLET_USB_HANWANG TABLET_USB_KBTAB TABLET_USB_PEGASUS TAHVO_USB TAHVO_USB_HOST_BY_DEFAULT TASKS_TRACE_RCU TCG_CRB TCG_TIS TCG_TIS_CORE TCG_TPM TCP_CONG_BBR TCP_CONG_BIC TCP_CONG_CDG TCP_CONG_DCTCP TCP_CONG_HSTCP TCP_CONG_HTCP TCP_CONG_HYBLA TCP_CONG_ILLINOIS TCP_CONG_LP TCP_CONG_NV TCP_CONG_SCALABLE TCP_CONG_VEGAS TCP_CONG_VENO TCP_CONG_WESTWOOD TCP_CONG_YEAH TEXTSEARCH TEXTSEARCH_BM TEXTSEARCH_FSM TEXTSEARCH_KMP THERMAL_NETLINK THP_SWAP THRUSTMASTER_FF TIPC TIPC_CRYPTO TIPC_DIAG TIPC_MEDIA_IB TIPC_MEDIA_UDP TLS TLS_TOE TOUCHSCREEN_SUR40 TOUCHSCREEN_USB_3M TOUCHSCREEN_USB_COMPOSITE TOUCHSCREEN_USB_DMC_TSC10 TOUCHSCREEN_USB_E2I TOUCHSCREEN_USB_EASYTOUCH TOUCHSCREEN_USB_EGALAX TOUCHSCREEN_USB_ELO TOUCHSCREEN_USB_ETT_TC45USB TOUCHSCREEN_USB_ETURBO TOUCHSCREEN_USB_GENERAL_TOUCH TOUCHSCREEN_USB_GOTOP TOUCHSCREEN_USB_GUNZE TOUCHSCREEN_USB_IDEALTEK TOUCHSCREEN_USB_IRTOUCH TOUCHSCREEN_USB_ITM TOUCHSCREEN_USB_JASTEC TOUCHSCREEN_USB_NEXIO TOUCHSCREEN_USB_PANJIT TOUCHSCREEN_USB_ZYTRONIC TRANSPARENT_HUGEPAGE TRANSPARENT_HUGEPAGE_MADVISE TTPCI_EEPROM TTY_PRINTK TUN_VNET_CROSS_LE TWL4030_CORE TYPEC TYPEC_FUSB302 TYPEC_TCPCI TYPEC_TCPM TYPEC_TPS6598X TYPEC_UCSI UBIFS_ATIME_SUPPORT UBIFS_FS UBIFS_FS_ADVANCED_COMPR UBIFS_FS_LZO UBIFS_FS_SECURITY UBIFS_FS_XATTR UBIFS_FS_ZLIB UBIFS_FS_ZSTD UCSI_ACPI UDF_FS UDMABUF UFS_FS UFS_FS_WRITE UHID ULTRIX_PARTITION UNICODE UNIXWARE_DISKLABEL UNIX_DIAG USB4 USB4_NET USBIP_CORE USBIP_HOST USBIP_VHCI_HCD USBIP_VUDC USBPCWATCHDOG USB_ACM USB_ADUTUX USB_AIRSPY USB_ALI_M5632 USB_AN2720 USB_APPLEDISPLAY USB_ARMLINUX USB_BDC_UDC USB_BELKIN USB_C67X00_HCD USB_CATC USB_CDC_PHONET USB_CHAOSKEY USB_CHIPIDEA USB_CHIPIDEA_HOST USB_CHIPIDEA_PCI USB_CHIPIDEA_UDC USB_CONFIGFS USB_CONFIGFS_ACM USB_CONFIGFS_ECM USB_CONFIGFS_ECM_SUBSET USB_CONFIGFS_EEM USB_CONFIGFS_F_FS USB_CONFIGFS_F_HID USB_CONFIGFS_F_LB_SS USB_DWC2 USB_GADGET USB_MUSB_HDRC USB_NET_CDC_SUBSET USB_ROLE_SWITCH USB_STORAGE_REALTEK USB_ULPI_BUS USB_USBNET VIDEO_DEV VXLAN WIRELESS WLAN ZONE_DEVICE] disabling configs for [KASAN LOCKDEP ATOMIC_SLEEP HANG LEAK UBSAN], they are not needed determining the merge base between 6741e066ec7633450d3186946035c1f80c4226b8 and 0106679839f7c69632b3b9833c3268c316c0a9fc 830b3c68c1fb1e9176028d02ef86f3cf76aa2476/Linux 6.1 is a merge base, check if it has the bug testing commit 830b3c68c1fb1e9176028d02ef86f3cf76aa2476 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 45f01b2f4d6280db8dc54f51371e368af86a7831ac26f6d92734d279d87a5465 all runs: crashed: kernel BUG in evict representative crash: kernel BUG in evict, types: [BUG] testing current HEAD 0106679839f7c69632b3b9833c3268c316c0a9fc testing commit 0106679839f7c69632b3b9833c3268c316c0a9fc gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: a71701f75d42344f89423bd1241430e0c299884aecdd0d91c658669e270ae596 all runs: OK false negative chance: 0.000 # git bisect start 0106679839f7c69632b3b9833c3268c316c0a9fc 830b3c68c1fb1e9176028d02ef86f3cf76aa2476 Bisecting: 63912 revisions left to test after this (roughly 16 steps) [afb0c19242a0c9a19fc2013dd1389b553acc0ede] Merge branch 'mptcp-remove-msk-subflow' determine whether the revision contains the guilty commit revision 830b3c68c1fb1e9176028d02ef86f3cf76aa2476 crashed and is reachable testing commit afb0c19242a0c9a19fc2013dd1389b553acc0ede gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 95d2cad126c636cecd9e5ff1561a6e7e4cf626e5559e1fcc91ea25c50ad7200e all runs: OK false negative chance: 0.000 # git bisect bad afb0c19242a0c9a19fc2013dd1389b553acc0ede Bisecting: 31878 revisions left to test after this (roughly 15 steps) [dc0a7b52007145a85d0c2f3151870b101568b449] Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net determine whether the revision contains the guilty commit revision 830b3c68c1fb1e9176028d02ef86f3cf76aa2476 crashed and is reachable testing commit dc0a7b52007145a85d0c2f3151870b101568b449 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 30edb2a669e4af99b93720844a4f16eb93c41f682cb14f4ad2c9f88f3d1aa594 all runs: crashed: WARNING in mark_buffer_dirty representative crash: WARNING in mark_buffer_dirty, types: [WARNING] # git bisect good dc0a7b52007145a85d0c2f3151870b101568b449 Bisecting: 15937 revisions left to test after this (roughly 14 steps) [697fa9b586ef3032b5e09b33cbfba9035d1466f1] Merge tag 'sound-6.4-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound determine whether the revision contains the guilty commit revision dc0a7b52007145a85d0c2f3151870b101568b449 crashed and is reachable testing commit 697fa9b586ef3032b5e09b33cbfba9035d1466f1 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 44f2347fe007aa6e9ff396e1fa2ca9c674f5b5a565af7c919f33757512d7c461 all runs: OK false negative chance: 0.000 # git bisect bad 697fa9b586ef3032b5e09b33cbfba9035d1466f1 Bisecting: 7468 revisions left to test after this (roughly 13 steps) [6e98b09da931a00bf4e0477d0fa52748bf28fcce] Merge tag 'net-next-6.4' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next determine whether the revision contains the guilty commit revision 830b3c68c1fb1e9176028d02ef86f3cf76aa2476 crashed and is reachable testing commit 6e98b09da931a00bf4e0477d0fa52748bf28fcce gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 64e71bcce52bc9f960ce77bd2d611798fb1401d6b29644e06e3d7fd7e29aa5a8 all runs: crashed: WARNING in mark_buffer_dirty representative crash: WARNING in mark_buffer_dirty, types: [WARNING] # git bisect good 6e98b09da931a00bf4e0477d0fa52748bf28fcce Bisecting: 3691 revisions left to test after this (roughly 12 steps) [e81507acdc19d91df4121f409871f3e4e055f6c2] Merge tag 'clk-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/clk/linux determine whether the revision contains the guilty commit revision dc0a7b52007145a85d0c2f3151870b101568b449 crashed and is reachable testing commit e81507acdc19d91df4121f409871f3e4e055f6c2 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: f87efce16d1e5c9a71e920a4702936e4ebff408bd4248b61f2011215709c1221 all runs: crashed: WARNING in mark_buffer_dirty representative crash: WARNING in mark_buffer_dirty, types: [WARNING] # git bisect good e81507acdc19d91df4121f409871f3e4e055f6c2 Bisecting: 1884 revisions left to test after this (roughly 11 steps) [17784de648be93b4eef0ef8fe28a16ff04feecc7] Merge tag 'core-debugobjects-2023-05-06' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip determine whether the revision contains the guilty commit revision dc0a7b52007145a85d0c2f3151870b101568b449 crashed and is reachable testing commit 17784de648be93b4eef0ef8fe28a16ff04feecc7 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: a9ea52ad88b8e751a70883e807b047f1c87d0f6b0885380cd05f9bf22a9a85f2 all runs: crashed: WARNING in mark_buffer_dirty representative crash: WARNING in mark_buffer_dirty, types: [WARNING] # git bisect good 17784de648be93b4eef0ef8fe28a16ff04feecc7 Bisecting: 957 revisions left to test after this (roughly 10 steps) [4927cb98f0eeaa5dbeac882e8372f4b16dc62624] Merge tag 'powerpc-6.4-2' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux determine whether the revision contains the guilty commit revision 6e98b09da931a00bf4e0477d0fa52748bf28fcce crashed and is reachable testing commit 4927cb98f0eeaa5dbeac882e8372f4b16dc62624 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 72a667352ba8d1dad807970a1b7022adb7447e8c2a335ad840e32cb3f249523c run #0: infra problem: &{Code:ZONE_RESOURCE_POOL_EXHAUSTED_WITH_DETAILS ErrorDetails:[0xc005831e50 0xc005831f40 0xc008a0e1e0] Location: Message:The zone 'projects/syzkaller/zones/us-central1-c' does not have enough resources available to fulfill the request. '(resource type:compute)'. ForceSendFields:[] NullFields:[]} run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK false negative chance: 0.000 # git bisect bad 4927cb98f0eeaa5dbeac882e8372f4b16dc62624 Bisecting: 463 revisions left to test after this (roughly 9 steps) [5306623a9826aa7d63b32c6a3803c798a765474d] virtio_net: Fix error unwinding of XDP initialization determine whether the revision contains the guilty commit revision 830b3c68c1fb1e9176028d02ef86f3cf76aa2476 crashed and is reachable testing commit 5306623a9826aa7d63b32c6a3803c798a765474d gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 803d3856afa315cbe4eb54af03b2e41a09807b3815b5feb784384c30dd3feacf all runs: crashed: WARNING in mark_buffer_dirty representative crash: WARNING in mark_buffer_dirty, types: [WARNING] # git bisect good 5306623a9826aa7d63b32c6a3803c798a765474d Bisecting: 200 revisions left to test after this (roughly 8 steps) [1f594fe7c90746982569bd4f3489e809104a9176] Merge tag 'net-6.4-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net determine whether the revision contains the guilty commit revision 17784de648be93b4eef0ef8fe28a16ff04feecc7 crashed and is reachable testing commit 1f594fe7c90746982569bd4f3489e809104a9176 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 9f7c257b6f31f44f4fa200dc3b9ee1bfbe6b3782bb870e4afa3417304c910451 all runs: crashed: WARNING in mark_buffer_dirty representative crash: WARNING in mark_buffer_dirty, types: [WARNING] # git bisect good 1f594fe7c90746982569bd4f3489e809104a9176 Bisecting: 101 revisions left to test after this (roughly 7 steps) [5565ec4ef4f0d676fc8518556e239ac6945b5186] Merge tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi determine whether the revision contains the guilty commit revision e81507acdc19d91df4121f409871f3e4e055f6c2 crashed and is reachable testing commit 5565ec4ef4f0d676fc8518556e239ac6945b5186 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: adf53e2ad90882b6a0f545b15304ced1b9479972ca18d10d6be899ea80be1900 all runs: OK false negative chance: 0.000 # git bisect bad 5565ec4ef4f0d676fc8518556e239ac6945b5186 Bisecting: 41 revisions left to test after this (roughly 6 steps) [46be92e58fa8868fc10854de94f270e1d58ec434] Merge tag 'sound-6.4-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound determine whether the revision contains the guilty commit revision e81507acdc19d91df4121f409871f3e4e055f6c2 crashed and is reachable testing commit 46be92e58fa8868fc10854de94f270e1d58ec434 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 5babd4523faf677b155920d68b0a225a8292ebcd4a35d401a216a8345e784b85 all runs: OK false negative chance: 0.000 # git bisect bad 46be92e58fa8868fc10854de94f270e1d58ec434 Bisecting: 29 revisions left to test after this (roughly 5 steps) [9be0b3a0074a61df1c94c37faea35ec8b9ea130b] ASoC: SOF: Intel: hda-mlink: fixes and extensions determine whether the revision contains the guilty commit revision 6e98b09da931a00bf4e0477d0fa52748bf28fcce crashed and is reachable testing commit 9be0b3a0074a61df1c94c37faea35ec8b9ea130b gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: e833f7ed1a097d8fa68919cb1f5164fb18acaf55a91f4d65f81935897d5dd0e0 all runs: crashed: WARNING in mark_buffer_dirty representative crash: WARNING in mark_buffer_dirty, types: [WARNING] # git bisect good 9be0b3a0074a61df1c94c37faea35ec8b9ea130b Bisecting: 14 revisions left to test after this (roughly 4 steps) [f4a8871f9f347b185c44525c9bb1755951f94841] Merge tag 'mm-hotfixes-stable-2023-05-18-15-52' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm determine whether the revision contains the guilty commit revision 1f594fe7c90746982569bd4f3489e809104a9176 crashed and is reachable testing commit f4a8871f9f347b185c44525c9bb1755951f94841 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 37ce6986e897f0a8da10bff9ee2707fdf2c133d11698e9394ef6fa68410933d3 run #0: basic kernel testing failed: lost connection to test machine run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK false negative chance: 0.000 # git bisect bad f4a8871f9f347b185c44525c9bb1755951f94841 Bisecting: 7 revisions left to test after this (roughly 3 steps) [158fb07ba6e77a21f46c3e9c5be44ebd8c4dd2cc] MAINTAINERS: repair pattern in DIALOG SEMICONDUCTOR DRIVERS determine whether the revision contains the guilty commit revision dc0a7b52007145a85d0c2f3151870b101568b449 crashed and is reachable testing commit 158fb07ba6e77a21f46c3e9c5be44ebd8c4dd2cc gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: b201382adffd89c19893508dfd7eafad7412c4afe1e4acb0b4dc6e94642726c3 all runs: OK false negative chance: 0.000 # git bisect bad 158fb07ba6e77a21f46c3e9c5be44ebd8c4dd2cc Bisecting: 3 revisions left to test after this (roughly 2 steps) [d461aac924b937bcb4fd0ca1242b3ef6868ecddd] zsmalloc: move LRU update from zs_map_object() to zs_malloc() determine whether the revision contains the guilty commit revision 17784de648be93b4eef0ef8fe28a16ff04feecc7 crashed and is reachable testing commit d461aac924b937bcb4fd0ca1242b3ef6868ecddd gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 44edc82bd8ca0a11ef5ba0cdc4dd50eb9ed1542fcc586e9781df22581d756fc6 all runs: crashed: WARNING in mark_buffer_dirty representative crash: WARNING in mark_buffer_dirty, types: [WARNING] # git bisect good d461aac924b937bcb4fd0ca1242b3ef6868ecddd Bisecting: 1 revision left to test after this (roughly 1 step) [04fc7816089c5a32c29a04ec94b998e219dfb946] mm: fix zswap writeback race condition determine whether the revision contains the guilty commit revision dc0a7b52007145a85d0c2f3151870b101568b449 crashed and is reachable testing commit 04fc7816089c5a32c29a04ec94b998e219dfb946 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: deea6f1993b13dc4c9df1762af37b43a1dbca88bf5f5e77d0881af71bb9768dd all runs: crashed: WARNING in mark_buffer_dirty representative crash: WARNING in mark_buffer_dirty, types: [WARNING] # git bisect good 04fc7816089c5a32c29a04ec94b998e219dfb946 Bisecting: 0 revisions left to test after this (roughly 0 steps) [9b5a04ac3ad9898c4745cba46ea26de74ba56a8e] nilfs2: fix use-after-free bug of nilfs_root in nilfs_evict_inode() determine whether the revision contains the guilty commit revision d461aac924b937bcb4fd0ca1242b3ef6868ecddd crashed and is reachable testing commit 9b5a04ac3ad9898c4745cba46ea26de74ba56a8e gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: f48d7fc671c580286a3963a5d3def0d8f83472182ab46785f1316af2c52670a9 all runs: OK false negative chance: 0.000 # git bisect bad 9b5a04ac3ad9898c4745cba46ea26de74ba56a8e 9b5a04ac3ad9898c4745cba46ea26de74ba56a8e is the first bad commit commit 9b5a04ac3ad9898c4745cba46ea26de74ba56a8e Author: Ryusuke Konishi Date: Wed May 10 00:29:56 2023 +0900 nilfs2: fix use-after-free bug of nilfs_root in nilfs_evict_inode() During unmount process of nilfs2, nothing holds nilfs_root structure after nilfs2 detaches its writer in nilfs_detach_log_writer(). However, since nilfs_evict_inode() uses nilfs_root for some cleanup operations, it may cause use-after-free read if inodes are left in "garbage_list" and released by nilfs_dispose_list() at the end of nilfs_detach_log_writer(). Fix this issue by modifying nilfs_evict_inode() to only clear inode without additional metadata changes that use nilfs_root if the file system is degraded to read-only or the writer is detached. Link: https://lkml.kernel.org/r/20230509152956.8313-1-konishi.ryusuke@gmail.com Signed-off-by: Ryusuke Konishi Reported-by: syzbot+78d4495558999f55d1da@syzkaller.appspotmail.com Closes: https://lkml.kernel.org/r/00000000000099e5ac05fb1c3b85@google.com Tested-by: Ryusuke Konishi Cc: Signed-off-by: Andrew Morton fs/nilfs2/inode.c | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) accumulated error probability: 0.00 culprit signature: f48d7fc671c580286a3963a5d3def0d8f83472182ab46785f1316af2c52670a9 parent signature: deea6f1993b13dc4c9df1762af37b43a1dbca88bf5f5e77d0881af71bb9768dd revisions tested: 26, total time: 4h44m16.156000568s (build: 2h8m38.823533886s, test: 2h12m37.42996181s) first good commit: 9b5a04ac3ad9898c4745cba46ea26de74ba56a8e nilfs2: fix use-after-free bug of nilfs_root in nilfs_evict_inode() recipients (to): ["akpm@linux-foundation.org" "konishi.ryusuke@gmail.com"] recipients (cc): []