ci starts bisection 2024-05-28 16:24:03.225113882 +0000 UTC m=+7842.941101065 bisecting cause commit starting from 6dc544b66971c7f9909ff038b62149105272d26a building syzkaller on f550015e921148a45f14a8ea6ac8fe1ade4907af ensuring issue is reproducible on original commit 6dc544b66971c7f9909ff038b62149105272d26a testing commit 6dc544b66971c7f9909ff038b62149105272d26a gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: fa840291ba4c0b49d29c1156081e4a42c138fed435e1f332a94926c93f7766b2 run #0: crashed: UBSAN: shift-out-of-bounds in do_shrink_slab run #1: crashed: UBSAN: shift-out-of-bounds in do_shrink_slab run #2: crashed: UBSAN: shift-out-of-bounds in do_shrink_slab run #3: crashed: UBSAN: shift-out-of-bounds in try_to_shrink_lruvec run #4: crashed: UBSAN: shift-out-of-bounds in try_to_shrink_lruvec run #5: crashed: UBSAN: shift-out-of-bounds in do_shrink_slab run #6: crashed: UBSAN: shift-out-of-bounds in try_to_shrink_lruvec run #7: crashed: UBSAN: shift-out-of-bounds in do_shrink_slab run #8: crashed: UBSAN: shift-out-of-bounds in do_shrink_slab run #9: crashed: UBSAN: shift-out-of-bounds in try_to_shrink_lruvec run #10: crashed: UBSAN: shift-out-of-bounds in try_to_shrink_lruvec run #11: crashed: UBSAN: shift-out-of-bounds in do_shrink_slab run #12: crashed: UBSAN: shift-out-of-bounds in try_to_shrink_lruvec run #13: crashed: UBSAN: shift-out-of-bounds in try_to_shrink_lruvec run #14: crashed: UBSAN: shift-out-of-bounds in do_shrink_slab run #15: crashed: UBSAN: shift-out-of-bounds in try_to_shrink_lruvec run #16: crashed: UBSAN: shift-out-of-bounds in try_to_shrink_lruvec run #17: crashed: UBSAN: shift-out-of-bounds in try_to_shrink_lruvec run #18: crashed: UBSAN: shift-out-of-bounds in try_to_shrink_lruvec run #19: crashed: UBSAN: shift-out-of-bounds in try_to_shrink_lruvec representative crash: UBSAN: shift-out-of-bounds in do_shrink_slab, types: [UBSAN] check whether we can drop unnecessary instrumentation disabling configs for [BUG KASAN LOCKDEP ATOMIC_SLEEP HANG LEAK], they are not needed testing commit 6dc544b66971c7f9909ff038b62149105272d26a gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 1b04be64eac3638cecc924be479ca6a710d192c2501fa5f3b83620c1a4ce103a run #0: crashed: UBSAN: shift-out-of-bounds in try_to_shrink_lruvec run #1: crashed: UBSAN: shift-out-of-bounds in try_to_shrink_lruvec run #2: crashed: UBSAN: shift-out-of-bounds in try_to_shrink_lruvec run #3: crashed: UBSAN: shift-out-of-bounds in try_to_shrink_lruvec run #4: crashed: UBSAN: shift-out-of-bounds in try_to_shrink_lruvec run #5: crashed: UBSAN: shift-out-of-bounds in try_to_shrink_lruvec run #6: crashed: UBSAN: shift-out-of-bounds in try_to_shrink_lruvec run #7: crashed: UBSAN: shift-out-of-bounds in try_to_shrink_lruvec run #8: crashed: UBSAN: shift-out-of-bounds in do_shrink_slab run #9: crashed: UBSAN: shift-out-of-bounds in try_to_shrink_lruvec representative crash: UBSAN: shift-out-of-bounds in try_to_shrink_lruvec, types: [UBSAN] the bug reproduces without the instrumentation disabling configs for [KASAN LOCKDEP ATOMIC_SLEEP HANG LEAK BUG], they are not needed kconfig minimization: base=3976 full=8047 leaves diff=2030 split chunks (needed=false): <2030> split chunk #0 of len 2030 into 5 parts testing without sub-chunk 1/5 disabling configs for [LEAK BUG KASAN LOCKDEP ATOMIC_SLEEP HANG], they are not needed testing commit 6dc544b66971c7f9909ff038b62149105272d26a gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 96abadc47484799dc8478c1abbad62b354135a6605e5890acdcd9e0b4fba505a run #0: crashed: UBSAN: shift-out-of-bounds in do_shrink_slab run #1: crashed: UBSAN: shift-out-of-bounds in try_to_shrink_lruvec run #2: crashed: UBSAN: shift-out-of-bounds in do_shrink_slab run #3: crashed: UBSAN: shift-out-of-bounds in try_to_shrink_lruvec run #4: crashed: UBSAN: shift-out-of-bounds in do_shrink_slab run #5: crashed: UBSAN: shift-out-of-bounds in try_to_shrink_lruvec run #6: crashed: UBSAN: shift-out-of-bounds in try_to_shrink_lruvec run #7: crashed: UBSAN: shift-out-of-bounds in try_to_shrink_lruvec run #8: crashed: UBSAN: shift-out-of-bounds in do_shrink_slab run #9: crashed: UBSAN: shift-out-of-bounds in try_to_shrink_lruvec representative crash: UBSAN: shift-out-of-bounds in do_shrink_slab, types: [UBSAN] the chunk can be dropped testing without sub-chunk 2/5 disabling configs for [BUG KASAN LOCKDEP ATOMIC_SLEEP HANG LEAK], they are not needed testing commit 6dc544b66971c7f9909ff038b62149105272d26a gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 56ec9222aaad9e2d49384c733c53cc44c323a3df5f5cf8543629e5c67c3256b5 all runs: OK false negative chance: 0.000 testing without sub-chunk 3/5 disabling configs for [KASAN LOCKDEP ATOMIC_SLEEP HANG LEAK BUG], they are not needed testing commit 6dc544b66971c7f9909ff038b62149105272d26a gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: eb582571d95931e77efd470f919cd005096261cff7e8f1622c05d04fe38f9dfa all runs: crashed: UBSAN: shift-out-of-bounds in shrink_node representative crash: UBSAN: shift-out-of-bounds in shrink_node, types: [UBSAN] the chunk can be dropped testing without sub-chunk 4/5 disabling configs for [BUG KASAN LOCKDEP ATOMIC_SLEEP HANG LEAK], they are not needed testing commit 6dc544b66971c7f9909ff038b62149105272d26a gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: e094ddace15a1da671f895bd84dcfaa7782958377ad70474345dfad8a2217911 run #0: crashed: UBSAN: shift-out-of-bounds in shrink_node run #1: crashed: UBSAN: shift-out-of-bounds in shrink_node run #2: crashed: UBSAN: shift-out-of-bounds in shrink_node run #3: crashed: UBSAN: shift-out-of-bounds in corrupted run #4: crashed: UBSAN: shift-out-of-bounds in shrink_node run #5: crashed: UBSAN: shift-out-of-bounds in shrink_node run #6: crashed: UBSAN: shift-out-of-bounds in shrink_node run #7: crashed: UBSAN: shift-out-of-bounds in corrupted run #8: crashed: UBSAN: shift-out-of-bounds in shrink_node run #9: crashed: UBSAN: shift-out-of-bounds in shrink_node representative crash: UBSAN: shift-out-of-bounds in shrink_node, types: [UBSAN] the chunk can be dropped testing without sub-chunk 5/5 disabling configs for [BUG KASAN LOCKDEP ATOMIC_SLEEP HANG LEAK], they are not needed testing commit 6dc544b66971c7f9909ff038b62149105272d26a gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 90097c79124ecc19a4f10f5a2ac52d96c45db37848b14a441ae3ffe73374c3f5 all runs: crashed: UBSAN: shift-out-of-bounds in shrink_node representative crash: UBSAN: shift-out-of-bounds in shrink_node, types: [UBSAN] the chunk can be dropped minimized to 406 configs; suspects: [6LOWPAN ARCH_ENABLE_MEMORY_HOTREMOVE ASUS_WMI BLK_DEV_ZONED CMA COMMON_CLK DAX DLM DM_UEVENT DM_VERITY DM_VERITY_FEC DM_WRITECACHE DM_ZONED DRAGONRISE_FF DRM DRM_BOCHS DRM_BRIDGE DRM_BUDDY DRM_CIRRUS_QEMU DRM_DEBUG_MM DRM_DISPLAY_DP_AUX_BUS DRM_DISPLAY_DP_HELPER DRM_DISPLAY_HDCP_HELPER DRM_DISPLAY_HDMI_HELPER DRM_DISPLAY_HELPER DRM_FBDEV_EMULATION DRM_GEM_SHMEM_HELPER DRM_I915 DRM_I915_CAPTURE_ERROR DRM_I915_COMPRESS_ERROR DRM_I915_USERPTR DRM_KMS_HELPER DRM_MIPI_DSI DRM_PANEL DRM_PANEL_BRIDGE DRM_PANEL_EDP DRM_PANEL_ORIENTATION_QUIRKS DRM_SIMPLEDRM DRM_TTM DRM_TTM_HELPER DRM_UDL DRM_VGEM DRM_VIRTIO_GPU DRM_VIRTIO_GPU_KMS DRM_VKMS DRM_VMWGFX DRM_VRAM_HELPER DUMMY DVB_AF9013 DVB_AF9033 DVB_AS102 DVB_AS102_FE DVB_B2C2_FLEXCOP DVB_B2C2_FLEXCOP_USB DVB_CORE DVB_DIB3000MB DVB_DIB3000MC DVB_EC100 DVB_GP8PSK_FE DVB_RTL2830 DVB_RTL2832 DVB_RTL2832_SDR DVB_TEST_DRIVERS DVB_TTUSB_BUDGET DVB_TTUSB_DEC DVB_USB DVB_USB_A800 DVB_USB_AF9005 DVB_USB_AF9005_REMOTE DVB_USB_AF9015 DVB_USB_AF9035 DVB_USB_ANYSEE DVB_USB_AU6610 DVB_USB_AZ6007 DVB_USB_AZ6027 DVB_USB_CE6230 DVB_USB_CINERGY_T2 DVB_USB_CXUSB DVB_USB_DIB0700 DVB_USB_DIB3000MC DVB_USB_DIBUSB_MB DVB_USB_DIBUSB_MC DVB_USB_DIGITV DVB_USB_DTT200U DVB_USB_DTV5100 DVB_USB_DVBSKY DVB_USB_DW2102 DVB_USB_EC168 DVB_USB_GL861 DVB_USB_GP8PSK DVB_USB_LME2510 DVB_USB_M920X DVB_USB_MXL111SF DVB_USB_NOVA_T_USB2 DVB_USB_OPERA1 DVB_USB_PCTV452E DVB_USB_RTL28XXU DVB_USB_TECHNISAT_USB2 DVB_USB_TTUSB2 DVB_USB_UMT_010 DVB_USB_V2 DVB_USB_VP702X DVB_USB_VP7045 DVB_USB_ZD1301 DVB_VIDTV DVB_ZL10353 ECRYPT_FS ECRYPT_FS_MESSAGING EDAC EEPROM_93CX6 EFS_FS ENCRYPTED_KEYS EQUALIZER EROFS_FS EROFS_FS_POSIX_ACL EROFS_FS_SECURITY EROFS_FS_XATTR EROFS_FS_ZIP EVM EVM_ADD_XATTRS EVM_ATTR_FSUUID EXECMEM EXFAT_FS EXPORTFS_BLOCK_OPS EXT3_FS EXT3_FS_POSIX_ACL EXT3_FS_SECURITY EXTCON EXTCON_INTEL_CHT_WC F2FS_CHECK_FS F2FS_FAULT_INJECTION F2FS_FS F2FS_FS_COMPRESSION F2FS_FS_LZ4 F2FS_FS_LZ4HC F2FS_FS_LZO F2FS_FS_LZORLE F2FS_FS_POSIX_ACL F2FS_FS_SECURITY F2FS_FS_XATTR F2FS_FS_ZSTD F2FS_STAT_FS FANOTIFY FANOTIFY_ACCESS_PERMISSIONS FB FB_CFB_COPYAREA FB_CFB_FILLRECT FB_CFB_IMAGEBLIT FB_CORE FB_DEFERRED_IO FB_IOMEM_FOPS FB_IOMEM_HELPERS FB_NOTIFY FB_SYSMEM_FOPS FB_SYSMEM_HELPERS FB_SYSMEM_HELPERS_DEFERRED FB_SYS_COPYAREA FB_SYS_FILLRECT FB_SYS_IMAGEBLIT FB_TILEBLITTING FB_VESA FB_VGA16 FB_VIRTUAL FDDI FIREWIRE FIREWIRE_NET FIREWIRE_OHCI FIREWIRE_SBP2 FONT_8x16 FONT_8x8 FONT_SUPPORT FRAMEBUFFER_CONSOLE FRAMEBUFFER_CONSOLE_DETECT_PRIMARY FRAMEBUFFER_CONSOLE_ROTATION FS_DAX FS_DAX_PMD FS_ENCRYPTION FS_ENCRYPTION_ALGS FS_STACK FS_VERITY FS_VERITY_BUILTIN_SIGNATURES FTL FUSE_DAX FUSE_FS FW_LOADER_COMPRESS FW_LOADER_PAGED_BUF FW_LOADER_SYSFS FW_LOADER_USER_HELPER FW_LOADER_USER_HELPER_FALLBACK GACT_PROB GARP GENERIC_IRQ_STAT_SNAPSHOT GENERIC_PHY GENERIC_VDSO_OVERFLOW_PROTECT GET_FREE_REGION GFS2_FS GFS2_FS_LOCKING_DLM GOOGLE_COREBOOT_TABLE GOOGLE_FIRMWARE GOOGLE_MEMCONSOLE GOOGLE_MEMCONSOLE_COREBOOT GOOGLE_VPD GPIOLIB GPIOLIB_IRQCHIP GPIO_ACPI GPIO_DLN2 GPIO_VIPERBOARD GREENASIA_FF GREYBUS GREYBUS_BRIDGED_PHY GREYBUS_ES2 GREYBUS_HID GREYBUS_USB GTP GUEST_PERF_EVENTS GVE HAVE_ARCH_NODE_DEV_GROUP HAVE_ARCH_USERFAULTFD_MINOR HAVE_ARCH_USERFAULTFD_WP HAVE_BOOTMEM_INFO_NODE HAVE_CLK_PREPARE HAVE_GUP_FAST HAVE_KVM_CPU_RELAX_INTERCEPT HAVE_KVM_DIRTY_RING HAVE_KVM_DIRTY_RING_ACQ_REL HAVE_KVM_DIRTY_RING_TSO HAVE_KVM_IRQCHIP HAVE_KVM_IRQ_BYPASS HAVE_KVM_IRQ_ROUTING HAVE_KVM_MSI HAVE_KVM_NO_POLL HAVE_KVM_PFNCACHE HAVE_KVM_PM_NOTIFIER HAVE_KVM_READONLY_MEM HAVE_SCHED_AVG_IRQ HDLC HDLC_CISCO HDLC_FR HDLC_PPP HDLC_RAW HDLC_RAW_ETH HDLC_X25 HDMI HFSPLUS_FS HFS_FS HID_ACCUTOUCH HID_ACRUX HID_ACRUX_FF HID_ALPS HID_APPLEIR HID_ASUS HID_AUREAL HID_BATTERY_STRENGTH HID_BETOP_FF HID_CMEDIA HID_CORSAIR HID_CP2112 HID_DRAGONRISE HID_ELECOM HID_ELO HID_EMS_FF HID_GEMBIRD HID_GFRM HID_GREENASIA HID_GT683R HID_HOLTEK HID_ICADE HID_KEYTOUCH HID_KYE HID_LCPOWER HID_LED HID_LENOVO HID_LOGITECH_DJ HID_LOGITECH_HIDPP HID_MAGICMOUSE HID_MAYFLASH HID_MULTITOUCH HID_NTI HID_ORTEK HID_PENMOUNT HID_PICOLCD HID_PICOLCD_BACKLIGHT HID_PICOLCD_CIR HID_PICOLCD_FB HID_PICOLCD_LCD HID_PICOLCD_LEDS HID_PLANTRONICS HID_PRIMAX HID_PRODIKEYS HID_RETRODE HID_RMI HID_ROCCAT HID_SAITEK HID_SENSOR_ACCEL_3D HID_SENSOR_ALS HID_SENSOR_CUSTOM_SENSOR HID_SENSOR_DEVICE_ROTATION HID_SENSOR_GYRO_3D HID_SENSOR_HUB HID_SENSOR_HUMIDITY HID_SENSOR_IIO_COMMON HID_SENSOR_IIO_TRIGGER HID_SENSOR_INCLINOMETER_3D HID_SENSOR_MAGNETOMETER_3D HID_SENSOR_PRESS HID_SENSOR_PROX HID_SENSOR_TEMP HID_SPEEDLINK HID_STEELSERIES HID_THINGM HID_TIVO HID_TWINHAN HID_UCLOGIC HID_UDRAW_PS3 HID_WACOM HID_WALTOP HID_WIIMOTE HID_XINMO HID_ZYDACRON HMM_MIRROR HOLTEK_FF HOTPLUG_PCI_PCIE HPET_MMAP HPET_MMAP_DEFAULT HPFS_FS I2C_ALGOBIT I2C_CHARDEV I2C_DESIGNWARE_CORE I2C_DESIGNWARE_PLATFORM I2C_DIOLAN_U2C I2C_DLN2 I2C_MUX I2C_MUX_REG I2C_ROBOTFUZZ_OSIF I2C_SI4713 I2C_SLAVE I2C_SLAVE_EEPROM I2C_TINY_USB I2C_VIPERBOARD IEEE802154 IEEE802154_6LOWPAN IEEE802154_ATUSB IEEE802154_DRIVERS IEEE802154_HWSIM IEEE802154_NL802154_EXPERIMENTAL IEEE802154_SOCKET IFB IIO IIO_BUFFER IIO_KFIFO_BUF IIO_TRIGGER IIO_TRIGGERED_BUFFER IKCONFIG IKCONFIG_PROC IMA IMA_APPRAISE IMA_APPRAISE_MODSIG IMA_DEFAULT_HASH_SHA256 IMA_LSM_RULES IMA_MEASURE_ASYMMETRIC_KEYS IMA_NG_TEMPLATE IMA_QUEUE_EARLY_BOOT_KEYS IMA_READ_POLICY IMA_WRITE_POLICY INET6_ESPINTCP INET6_ESP_OFFLOAD INET6_IPCOMP INET6_TUNNEL INET6_XFRM_TUNNEL INET_AH INET_DCCP_DIAG INET_DIAG INET_DIAG_DESTROY INET_ESP INET_ESPINTCP INET_ESP_OFFLOAD INET_IPCOMP INET_MPTCP_DIAG INET_RAW_DIAG INET_SCTP_DIAG INET_TCP_DIAG INET_UDP_DIAG INET_XFRM_TUNNEL INFINIBAND INFINIBAND_ADDR_TRANS INFINIBAND_ADDR_TRANS_CONFIGFS INFINIBAND_IPOIB INFINIBAND_IPOIB_CM INFINIBAND_IPOIB_DEBUG INFINIBAND_ISER INFINIBAND_ON_DEMAND_PAGING INFINIBAND_RTRS INFINIBAND_SRP INFINIBAND_USER_ACCESS INFINIBAND_USER_MAD INFINIBAND_USER_MEM INPUT_ATI_REMOTE2 INPUT_CM109 INPUT_IMS_PCU INPUT_JOYDEV INPUT_KEYSPAN_REMOTE INPUT_LEDS INPUT_MOUSEDEV INPUT_MOUSEDEV_PSAUX INPUT_POWERMATE INPUT_UINPUT INPUT_YEALINK INTEGRITY INTEGRITY_ASYMMETRIC_KEYS INTEGRITY_AUDIT INTEGRITY_SIGNATURE INTEGRITY_TRUSTED_KEYRING INTEL_IDMA64 INTEL_IOATDMA INTEL_IOMMU_DEFAULT_ON INTEL_IOMMU_SVM INTEL_ISH_HID INTEL_SOC_PMIC_CHTWC INTERVAL_TREE INTERVAL_TREE_SPAN_ITER IOMMUFD IOMMUFD_DRIVER IOMMUFD_TEST IOMMU_IOPF IOMMU_MM_DATA IOMMU_SVA IP6_NF_MATCH_AH IP6_NF_MATCH_EUI64 IP6_NF_MATCH_FRAG IP6_NF_MATCH_HL IP6_NF_MATCH_MH IP6_NF_MATCH_OPTS IP6_NF_MATCH_RPFILTER IP6_NF_MATCH_RT IP6_NF_MATCH_SRH IP6_NF_NAT IP6_NF_RAW IP6_NF_SECURITY IP6_NF_TARGET_HL IP6_NF_TARGET_MASQUERADE IP6_NF_TARGET_NPT IP6_NF_TARGET_SYNPROXY IPV6_FOU IPV6_FOU_TUNNEL IPV6_GRE IPV6_ILA IPV6_MIP6 IPV6_MROUTE IPV6_MROUTE_MULTIPLE_TABLES IPV6_MULTIPLE_TABLES IPV6_OPTIMISTIC_DAD IPV6_PIMSM_V2 IPV6_ROUTER_PREF IPV6_ROUTE_INFO IPV6_RPL_LWTUNNEL IPV6_SEG6_BPF IPV6_SEG6_HMAC IPV6_SEG6_LWTUNNEL IPV6_SIT_6RD IPV6_SUBTREES IPV6_TUNNEL IPV6_VTI IPVLAN IPVLAN_L3S IPVTAP IP_DCCP IP_DCCP_CCID3 IP_DCCP_TFRC_LIB IP_FIB_TRIE_STATS IP_MROUTE_MULTIPLE_TABLES IP_NF_ARPFILTER IP_NF_ARPTABLES IP_NF_ARP_MANGLE IP_NF_MATCH_AH IP_NF_MATCH_ECN IP_NF_MATCH_RPFILTER IP_NF_MATCH_TTL IP_NF_RAW IP_NF_SECURITY IP_NF_TARGET_ECN IP_NF_TARGET_NETMAP IP_NF_TARGET_REDIRECT IP_NF_TARGET_SYNPROXY IP_NF_TARGET_TTL IP_ROUTE_CLASSID IP_SCTP IP_SET IP_SET_BITMAP_IP IP_SET_BITMAP_IPMAC IP_SET_BITMAP_PORT IP_SET_HASH_IP IP_SET_HASH_IPMAC IP_SET_HASH_IPMARK IP_SET_HASH_IPPORT IP_SET_HASH_IPPORTIP IP_SET_HASH_IPPORTNET IP_SET_HASH_MAC IP_SET_HASH_NET IP_SET_HASH_NETIFACE IP_SET_HASH_NETNET IP_SET_HASH_NETPORT IP_SET_HASH_NETPORTNET IP_SET_LIST_SET IP_VS IP_VS_DH IRQ_TIME_ACCOUNTING LAPB LCD_CLASS_DEVICE MAC802154 MEDIA_DIGITAL_TV_SUPPORT MEDIA_RADIO_SUPPORT MEDIA_SDR_SUPPORT MEDIA_SUPPORT MEDIA_TEST_SUPPORT MEDIA_USB_SUPPORT MEMORY_HOTPLUG MEMORY_HOTREMOVE MFD_DLN2 MFD_VIPERBOARD MPTCP MTD NETFILTER_ADVANCED NET_ACT_GACT NET_ACT_MIRRED NET_IPGRE_DEMUX NFT_COMPAT NFT_COMPAT_ARP NFT_FWD_NETDEV NF_TABLES NF_TABLES_ARP NF_TABLES_NETDEV RADIO_ADAPTERS RADIO_SI4713 RAS RC_CORE RFKILL SND SOUND STAGING TRANSPARENT_HUGEPAGE VIDEO_DEV VIRTIO_FS WAN ZONE_DEVICE] disabling configs for [HANG LEAK BUG KASAN LOCKDEP ATOMIC_SLEEP], they are not needed picked [v6.9 v6.8 v6.7 v6.5 v6.3 v6.1 v5.19 v5.17 v5.14 v5.11 v5.8 v5.5 v5.2 v4.20 v4.19] out of 32 release tags testing release v6.9 testing commit a38297e3fb012ddfa7ce0321a7e5a8daeb1872b6 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: e051729402919d6855073244843167e51e6082003f9c93a01aec42a6601e76cc all runs: OK false negative chance: 0.000 # git bisect start 6dc544b66971c7f9909ff038b62149105272d26a a38297e3fb012ddfa7ce0321a7e5a8daeb1872b6 Bisecting: 7106 revisions left to test after this (roughly 13 steps) [33e02dc69afbd8f1b85a51d74d72f139ba4ca623] Merge tag 'sound-6.10-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound testing commit 33e02dc69afbd8f1b85a51d74d72f139ba4ca623 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 5d1fcb17c7f5c846e7f96c98580d9046e2f9b148ba02ccc3d799551ebd25cc19 all runs: OK false negative chance: 0.000 # git bisect good 33e02dc69afbd8f1b85a51d74d72f139ba4ca623 Bisecting: 3474 revisions left to test after this (roughly 12 steps) [29c73fc794c83505066ee6db893b2a83ac5fac63] Merge tag 'perf-tools-for-v6.10-1-2024-05-21' of git://git.kernel.org/pub/scm/linux/kernel/git/perf/perf-tools testing commit 29c73fc794c83505066ee6db893b2a83ac5fac63 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 41a522543a7a0af5559c8c3b728b277aaec29b51239d5d9775bd3b3e34e79e30 all runs: OK false negative chance: 0.000 # git bisect good 29c73fc794c83505066ee6db893b2a83ac5fac63 Bisecting: 1724 revisions left to test after this (roughly 11 steps) [3e1758208ef41c3694ef1932d4a46f923cffc66c] Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/mediatek/linux.git testing commit 3e1758208ef41c3694ef1932d4a46f923cffc66c gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 9739ecdcfffb52df73de0fbafc3aa3c390dfe28dcdb38ca388c2fcd7f9fd6580 all runs: crashed: UBSAN: shift-out-of-bounds in shrink_node representative crash: UBSAN: shift-out-of-bounds in shrink_node, types: [UBSAN] # git bisect bad 3e1758208ef41c3694ef1932d4a46f923cffc66c Bisecting: 832 revisions left to test after this (roughly 10 steps) [5f16eb0549ab502906fb2a10147dad4b9dc185c4] Merge tag 'char-misc-6.10-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc testing commit 5f16eb0549ab502906fb2a10147dad4b9dc185c4 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: af833954d45d0932ab2bb01594024d479938a1b7071e7626b91ac664d23787b2 all runs: OK false negative chance: 0.000 # git bisect good 5f16eb0549ab502906fb2a10147dad4b9dc185c4 Bisecting: 415 revisions left to test after this (roughly 9 steps) [6c8b1a2dca0b98775f75a59ddf5f62b6c9512b75] Merge tag '6.10-rc-ksmbd-server-fixes' of git://git.samba.org/ksmbd testing commit 6c8b1a2dca0b98775f75a59ddf5f62b6c9512b75 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 54d2079b9721e6051f6c87e7116700e99d175aacf0b57f4b7d17dd33d32be28c all runs: OK false negative chance: 0.000 # git bisect good 6c8b1a2dca0b98775f75a59ddf5f62b6c9512b75 Bisecting: 221 revisions left to test after this (roughly 8 steps) [3ddb35f90f5f8b234e2f2b6ac2fd5b8f0e1f7fb4] Merge branch 'for-linux-next-fixes' of https://gitlab.freedesktop.org/drm/misc/kernel.git testing commit 3ddb35f90f5f8b234e2f2b6ac2fd5b8f0e1f7fb4 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: cb04d58de9f89d7985e3b7945403aa8dedb9e91087b727010ddbbee51deb57c8 all runs: OK false negative chance: 0.000 # git bisect good 3ddb35f90f5f8b234e2f2b6ac2fd5b8f0e1f7fb4 Bisecting: 119 revisions left to test after this (roughly 7 steps) [b610f75d19a34b488021b9a4d2e3bd1cf34fc200] mm: add swappiness= arg to memory.reclaim testing commit b610f75d19a34b488021b9a4d2e3bd1cf34fc200 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: cb2eb981c00c39601e125407ffd02560672ccd5f15d8349b84ddc220e88d9fca all runs: crashed: UBSAN: shift-out-of-bounds in shrink_node representative crash: UBSAN: shift-out-of-bounds in shrink_node, types: [UBSAN] # git bisect bad b610f75d19a34b488021b9a4d2e3bd1cf34fc200 Bisecting: 50 revisions left to test after this (roughly 6 steps) [c5860f7e1087c29a62d5eb600de041b0ba7104e4] mm/gup: introduce memfd_pin_folios() for pinning memfd folios testing commit c5860f7e1087c29a62d5eb600de041b0ba7104e4 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 2113d39fd6ba67da4d1fdcddc85d78d629cb724d13999c8a46cdb8afaa11cd3d all runs: crashed: UBSAN: shift-out-of-bounds in shrink_node representative crash: UBSAN: shift-out-of-bounds in shrink_node, types: [UBSAN] # git bisect bad c5860f7e1087c29a62d5eb600de041b0ba7104e4 Bisecting: 25 revisions left to test after this (roughly 5 steps) [950368237a593033d11ea797c7804b1d811ffe25] mm/swap: get the swap device offset directly testing commit 950368237a593033d11ea797c7804b1d811ffe25 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 1b08906a7fceb8dea276e7e943284d1c77c18117c06d6ddeef802e33e7a64623 all runs: crashed: UBSAN: shift-out-of-bounds in shrink_node representative crash: UBSAN: shift-out-of-bounds in shrink_node, types: [UBSAN] # git bisect bad 950368237a593033d11ea797c7804b1d811ffe25 Bisecting: 12 revisions left to test after this (roughly 4 steps) [351e373427d4cdfedf44b656136672b7f5037293] writeback: add general function domain_dirty_avail to calculate dirty and avail of domain testing commit 351e373427d4cdfedf44b656136672b7f5037293 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: bc3a081843adfc98b309110ede6e03feecb3b090fd43f9b6499942eb63e6e3d8 all runs: crashed: UBSAN: shift-out-of-bounds in shrink_node representative crash: UBSAN: shift-out-of-bounds in shrink_node, types: [UBSAN] # git bisect bad 351e373427d4cdfedf44b656136672b7f5037293 Bisecting: 5 revisions left to test after this (roughly 3 steps) [51640a9ff861c17056d280c79d568d29bed17a7e] mm: mempolicy: use folio_alloc_mpol_noprof() in vma_alloc_folio_noprof() testing commit 51640a9ff861c17056d280c79d568d29bed17a7e gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 6fa92b7ced729eee3b7a790d42aaca6e0aef5f137664806777e7ec1ac8f3b37b all runs: OK false negative chance: 0.000 # git bisect good 51640a9ff861c17056d280c79d568d29bed17a7e Bisecting: 2 revisions left to test after this (roughly 2 steps) [327eaca22fcd4670598947c2e1eca635f2675c29] mm/huge_memory: mark racy access onhuge_anon_orders_always testing commit 327eaca22fcd4670598947c2e1eca635f2675c29 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 7ba3f0a778f78b4f599139dda87d2e42c3ebb9d1d896f5289b5a2937c7402dcc all runs: OK false negative chance: 0.000 # git bisect good 327eaca22fcd4670598947c2e1eca635f2675c29 Bisecting: 0 revisions left to test after this (roughly 1 step) [7e7e575797d64ade6d76db613a9a1d6bc8c576fe] writeback: factor out wb_bg_dirty_limits to remove repeated code testing commit 7e7e575797d64ade6d76db613a9a1d6bc8c576fe gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: fb70a065479518dc59351b0f2e14116e59e0e1b0c5b759cfcf91ff569bea9573 all runs: crashed: UBSAN: shift-out-of-bounds in shrink_node representative crash: UBSAN: shift-out-of-bounds in shrink_node, types: [UBSAN] # git bisect bad 7e7e575797d64ade6d76db613a9a1d6bc8c576fe Bisecting: 0 revisions left to test after this (roughly 0 steps) [6be5e186fd655df4b3ba267054de2eaaadc71340] mm: vmscan: restore incremental cgroup iteration testing commit 6be5e186fd655df4b3ba267054de2eaaadc71340 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 3154a919187da0b42996318fcff2e39469e698440293ba3f12f4b38153143fde run #0: crashed: UBSAN: shift-out-of-bounds in shrink_node run #1: crashed: UBSAN: shift-out-of-bounds in shrink_node run #2: crashed: UBSAN: shift-out-of-bounds in shrink_node run #3: crashed: UBSAN: shift-out-of-bounds in shrink_node run #4: crashed: UBSAN: shift-out-of-bounds in shrink_node run #5: crashed: UBSAN: shift-out-of-bounds in shrink_node run #6: crashed: UBSAN: shift-out-of-bounds in shrink_node run #7: crashed: UBSAN: shift-out-of-bounds in shrink_node run #8: crashed: UBSAN: shift-out-of-bounds in corrupted run #9: crashed: UBSAN: shift-out-of-bounds in shrink_node representative crash: UBSAN: shift-out-of-bounds in shrink_node, types: [UBSAN] # git bisect bad 6be5e186fd655df4b3ba267054de2eaaadc71340 6be5e186fd655df4b3ba267054de2eaaadc71340 is the first bad commit commit 6be5e186fd655df4b3ba267054de2eaaadc71340 Author: Johannes Weiner Date: Tue May 14 16:26:41 2024 -0400 mm: vmscan: restore incremental cgroup iteration Currently, reclaim always walks the entire cgroup tree in order to ensure fairness between groups. While overreclaim is limited in shrink_lruvec(), many of our systems have a sizable number of active groups, and an even bigger number of idle cgroups with cache left behind by previous jobs; the mere act of walking all these cgroups can impose significant latency on direct reclaimers. In the past, we've used a save-and-restore iterator that enabled incremental tree walks over multiple reclaim invocations. This ensured fairness, while keeping the work of individual reclaimers small. However, in edge cases with a lot of reclaim concurrency, individual reclaimers would sometimes not see enough of the cgroup tree to make forward progress and (prematurely) declare OOM. Consequently we switched to comprehensive walks in 1ba6fc9af35b ("mm: vmscan: do not share cgroup iteration between reclaimers"). To address the latency problem without bringing back the premature OOM issue, reinstate the shared iteration, but with a restart condition to do the full walk in the OOM case - similar to what we do for memory.low enforcement and active page protection. In the worst case, we do one more full tree walk before declaring OOM. But the vast majority of direct reclaim scans can then finish much quicker, while fairness across the tree is maintained: - Before this patch, we observed that direct reclaim always takes more than 100us and most direct reclaim time is spent in reclaim cycles lasting between 1ms and 1 second. Almost 40% of direct reclaim time was spent on reclaim cycles exceeding 100ms. - With this patch, almost all page reclaim cycles last less than 10ms, and a good amount of direct page reclaim finishes in under 100us. No page reclaim cycles lasting over 100ms were observed anymore. The shared iterator state is maintaned inside the target cgroup, so fair and incremental walks are performed during both global reclaim and cgroup limit reclaim of complex subtrees. Link: https://lkml.kernel.org/r/20240514202641.2821494-1-hannes@cmpxchg.org Signed-off-by: Johannes Weiner Signed-off-by: Rik van Riel Reported-by: Rik van Riel Reviewed-by: Shakeel Butt Reviewed-by: Roman Gushchin Cc: Facebook Kernel Team Cc: Michal Hocko Cc: Rik van Riel Signed-off-by: Andrew Morton mm/vmscan.c | 42 ++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 40 insertions(+), 2 deletions(-) accumulated error probability: 0.00 culprit signature: 3154a919187da0b42996318fcff2e39469e698440293ba3f12f4b38153143fde parent signature: 7ba3f0a778f78b4f599139dda87d2e42c3ebb9d1d896f5289b5a2937c7402dcc revisions tested: 22, total time: 9h29m11.175465523s (build: 5h59m7.631981397s, test: 3h13m13.51186124s) first bad commit: 6be5e186fd655df4b3ba267054de2eaaadc71340 mm: vmscan: restore incremental cgroup iteration recipients (to): ["akpm@linux-foundation.org" "hannes@cmpxchg.org" "riel@surriel.com" "roman.gushchin@linux.dev" "shakeel.butt@linux.dev"] recipients (cc): [] crash: UBSAN: shift-out-of-bounds in shrink_node ------------[ cut here ]------------ UBSAN: shift-out-of-bounds in mm/vmscan.c:2299:11 shift exponent -1 is negative CPU: 0 PID: 3446 Comm: syz-executor Not tainted 6.9.0-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 Call Trace: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x3e/0xe0 lib/dump_stack.c:114 ubsan_epilogue lib/ubsan.c:231 [inline] __ubsan_handle_shift_out_of_bounds+0x248/0x270 lib/ubsan.c:468 prepare_scan_control mm/vmscan.c:2299 [inline] shrink_node+0x907/0x9d0 mm/vmscan.c:5946 shrink_zones mm/vmscan.c:6192 [inline] do_try_to_free_pages+0x1a3/0x5f0 mm/vmscan.c:6254 try_to_free_mem_cgroup_pages+0x187/0x2e0 mm/vmscan.c:6583 try_charge_memcg+0x2bb/0x9f0 mm/memcontrol.c:2944 try_charge mm/memcontrol.c:3092 [inline] charge_memcg+0x39/0x90 mm/memcontrol.c:7497 __mem_cgroup_charge+0x27/0xb0 mm/memcontrol.c:7512 mem_cgroup_charge include/linux/memcontrol.h:691 [inline] shmem_alloc_and_add_folio+0x1c1/0x450 mm/shmem.c:1663 shmem_get_folio_gfp+0x267/0x770 mm/shmem.c:2041 shmem_read_folio_gfp+0x37/0x80 mm/shmem.c:4944 drm_gem_get_pages+0xa5/0x370 drivers/gpu/drm/drm_gem.c:568 drm_gem_shmem_get_pages+0x42/0xc0 drivers/gpu/drm/drm_gem_shmem_helper.c:177 drm_gem_shmem_vmap+0x17a/0x1f0 drivers/gpu/drm/drm_gem_shmem_helper.c:335 drm_gem_vmap drivers/gpu/drm/drm_gem.c:1205 [inline] drm_gem_vmap_unlocked+0x53/0xa0 drivers/gpu/drm/drm_gem.c:1247 drm_gem_fb_vmap+0x3e/0x290 drivers/gpu/drm/drm_gem_framebuffer_helper.c:365 drm_atomic_helper_prepare_planes+0x77/0x210 drivers/gpu/drm/drm_atomic_helper.c:2601 drm_atomic_helper_commit+0x98/0x2c0 drivers/gpu/drm/drm_atomic_helper.c:2029 drm_atomic_commit+0xaa/0xd0 drivers/gpu/drm/drm_atomic.c:1514 drm_atomic_helper_update_plane+0xd9/0x120 drivers/gpu/drm/drm_atomic_helper.c:3190 __setplane_atomic drivers/gpu/drm/drm_plane.c:1066 [inline] drm_mode_cursor_universal drivers/gpu/drm/drm_plane.c:1221 [inline] drm_mode_cursor_common+0x412/0x5e0 drivers/gpu/drm/drm_plane.c:1280 drm_mode_cursor_ioctl+0x47/0x70 drivers/gpu/drm/drm_plane.c:1330 drm_ioctl_kernel+0xcd/0x110 drivers/gpu/drm/drm_ioctl.c:744 drm_ioctl+0x334/0x4b0 drivers/gpu/drm/drm_ioctl.c:841 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:907 [inline] __se_sys_ioctl+0x6e/0xc0 fs/ioctl.c:893 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0x8d/0x170 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7fefbca7cee9 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007fefbd7970c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 00007fefbcbb3f80 RCX: 00007fefbca7cee9 RDX: 0000000020000340 RSI: 00000000c01c64a3 RDI: 0000000000000003 RBP: 00007fefbcac947f R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 0000000000000006 R14: 00007fefbcbb3f80 R15: 00007ffef1d02898 ---[ end trace ]---