ci2 starts bisection 2024-08-01 10:50:42.559587068 +0000 UTC m=+47049.471916693
bisecting fixing commit since 3ad342cf5b2cadf6408597d0cf086c31ab7ef383
building syzkaller on de870ca5ea0b42afdf670fa407254dc617342cc3
ensuring issue is reproducible on original commit 3ad342cf5b2cadf6408597d0cf086c31ab7ef383

testing commit 3ad342cf5b2cadf6408597d0cf086c31ab7ef383 gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: f8996037c221177a7f38def00c4a09cfe87a940c54b1cc3d00281f338dba6f62
all runs: crashed: kernel BUG in ext4_mb_load_buddy_gfp
representative crash: kernel BUG in ext4_mb_load_buddy_gfp, types: [BUG]
check whether we can drop unnecessary instrumentation
disabling configs for [UBSAN KASAN LOCKDEP ATOMIC_SLEEP HANG LEAK], they are not needed
testing commit 3ad342cf5b2cadf6408597d0cf086c31ab7ef383 gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 04aae1bf62031a99cee58130d042ee900ae409316fa97377a70484d34fcbd2c7
all runs: crashed: kernel BUG in ext4_mb_load_buddy_gfp
representative crash: kernel BUG in ext4_mb_load_buddy_gfp, types: [BUG]
the bug reproduces without the instrumentation
disabling configs for [HANG LEAK UBSAN KASAN LOCKDEP ATOMIC_SLEEP], they are not needed
kconfig minimization: base=4789 full=6024 leaves diff=237
split chunks (needed=false): <237>
split chunk #0 of len 237 into 5 parts
testing without sub-chunk 1/5
disabling configs for [UBSAN KASAN LOCKDEP ATOMIC_SLEEP HANG LEAK], they are not needed
testing commit 3ad342cf5b2cadf6408597d0cf086c31ab7ef383 gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: a2025daf11fc345b64ee93b449d1b49daf478c96a2c8a257867e160d83f2382e
all runs: crashed: kernel BUG in ext4_mb_load_buddy_gfp
representative crash: kernel BUG in ext4_mb_load_buddy_gfp, types: [BUG]
the chunk can be dropped
testing without sub-chunk 2/5
disabling configs for [UBSAN KASAN LOCKDEP ATOMIC_SLEEP HANG LEAK], they are not needed
testing commit 3ad342cf5b2cadf6408597d0cf086c31ab7ef383 gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 02e33ed29ce2c62ab4b3702fd057ccf268a53367ce68ac328c2c79a16af394b8
all runs: crashed: kernel BUG in ext4_mb_load_buddy_gfp
representative crash: kernel BUG in ext4_mb_load_buddy_gfp, types: [BUG]
the chunk can be dropped
testing without sub-chunk 3/5
disabling configs for [UBSAN KASAN LOCKDEP ATOMIC_SLEEP HANG LEAK], they are not needed
testing commit 3ad342cf5b2cadf6408597d0cf086c31ab7ef383 gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: d31d8edee5a3c6cecc56a4f2a1313b1dc4b07db445b84e11ae00970e9537d73f
all runs: crashed: kernel BUG in ext4_mb_load_buddy_gfp
representative crash: kernel BUG in ext4_mb_load_buddy_gfp, types: [BUG]
the chunk can be dropped
testing without sub-chunk 4/5
disabling configs for [ATOMIC_SLEEP HANG LEAK UBSAN KASAN LOCKDEP], they are not needed
testing commit 3ad342cf5b2cadf6408597d0cf086c31ab7ef383 gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 5b3a2a76cb591cf9eb17f606859bf0d050843882a67e070d924b51f8316b443f
all runs: crashed: kernel BUG in ext4_mb_load_buddy_gfp
representative crash: kernel BUG in ext4_mb_load_buddy_gfp, types: [BUG]
the chunk can be dropped
testing without sub-chunk 5/5
disabling configs for [HANG LEAK UBSAN KASAN LOCKDEP ATOMIC_SLEEP], they are not needed
testing commit 3ad342cf5b2cadf6408597d0cf086c31ab7ef383 gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40
failed building 3ad342cf5b2cadf6408597d0cf086c31ab7ef383: net/socket.c:1109: undefined reference to `wext_handle_ioctl'
net/socket.c:3378: undefined reference to `compat_wext_handle_ioctl'
net/core/net-procfs.c:346: undefined reference to `wext_proc_exit'
net/core/net-procfs.c:330: undefined reference to `wext_proc_init'
minimized to 45 configs; suspects: [HID_ZEROPLUS USB_NET_MCS7830 USB_NET_NET1080 USB_NET_PLUSB USB_NET_RNDIS_HOST USB_NET_SMSC75XX USB_NET_SMSC95XX USB_NET_SR9700 USB_NET_SR9800 USB_NET_ZAURUS USB_OHCI_HCD USB_OHCI_HCD_PCI USB_OHCI_HCD_PLATFORM USB_OTG USB_OTG_FSM USB_PRINTER USB_SERIAL USB_SERIAL_FTDI_SIO USB_SERIAL_GENERIC USB_SERIAL_PL2303 USB_STORAGE_ALAUDA USB_STORAGE_CYPRESS_ATACB USB_STORAGE_DATAFAB USB_STORAGE_FREECOM USB_STORAGE_ISD200 USB_STORAGE_JUMPSHOT USB_STORAGE_KARMA USB_STORAGE_ONETOUCH USB_STORAGE_SDDR09 USB_STORAGE_SDDR55 USB_STORAGE_USBAT USB_TRANCEVIBRATOR USB_U_AUDIO USB_U_ETHER USB_U_SERIAL USB_WDM WLAN WLAN_VENDOR_ATH WLAN_VENDOR_ATMEL WLAN_VENDOR_BROADCOM WLAN_VENDOR_INTERSIL WLAN_VENDOR_MARVELL WLAN_VENDOR_MEDIATEK WLAN_VENDOR_MICROCHIP WLAN_VENDOR_RALINK WLAN_VENDOR_REALTEK WLAN_VENDOR_RSI WLAN_VENDOR_ZYDAS X86_X32 ZEROPLUS_FF]
disabling configs for [LOCKDEP ATOMIC_SLEEP HANG LEAK UBSAN KASAN], they are not needed
testing current HEAD fd58936f3c1fc207ff2edb2f4fcae4f781e21d01
testing commit fd58936f3c1fc207ff2edb2f4fcae4f781e21d01 gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: fab6f8af720e4ba690e25ad5bb5c0b65a89c2199976c7abaff22bb6e45afb5c0
run #0: crashed: general protection fault in sidtab_sid2str_get
run #1: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_mb_new_blocks
run #2: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_mb_new_blocks
run #3: OK
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
representative crash: general protection fault in sidtab_sid2str_get, types: [UNKNOWN]
crash still not fixed/happens on the oldest tested release
reproducer is flaky (1.00 repro chance estimate)
revisions tested: 7, total time: 1h1m47.304741618s (build: 12m6.500145215s, test: 42m18.351535765s)
crash still not fixed or there were kernel test errors
commit msg: Merge 5.10.222 into android13-5.10-lts
crash: general protection fault in sidtab_sid2str_get
general protection fault, probably for non-canonical address 0x544e828d39d763c3: 0000 [#1] PREEMPT SMP
CPU: 0 PID: 562 Comm: loop0 Not tainted 5.10.222-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
RIP: 0010:freelist_ptr mm/slub.c:255 [inline]
RIP: 0010:freelist_dereference mm/slub.c:266 [inline]
RIP: 0010:get_freepointer mm/slub.c:273 [inline]
RIP: 0010:get_freepointer_safe mm/slub.c:287 [inline]
RIP: 0010:slab_alloc_node mm/slub.c:2915 [inline]
RIP: 0010:slab_alloc mm/slub.c:2955 [inline]
RIP: 0010:__kmalloc_track_caller+0x103/0x4f0 mm/slub.c:4536
Code: 70 08 48 39 f2 75 e7 48 83 78 10 00 4c 8b 28 0f 84 9c 03 00 00 4d 85 ed 0f 84 93 03 00 00 41 8b 44 24 28 49 8b 3c 24 4c 01 e8 <48> 8b 18 48 89 c1 4c 89 e8 49 33 9c 24 d8 00 00 00 48 0f c9 48 31
RSP: 0018:ffffc90000a77948 EFLAGS: 00010206
RAX: 544e828d39d763c3 RBX: 0000000000000a20 RCX: 000000000004da20
RDX: 0000000000018bc8 RSI: 0000000000018bc8 RDI: 000000000004da20
RBP: ffffc90000a77990 R08: 0000000000000000 R09: ffff88810139c000
R10: ffffffffffffffff R11: ffff88811146e8a9 R12: ffff888100041c00
R13: 544e828d39d763b3 R14: 0000000000000000 R15: ffffc90000a77a8c
FS:  0000000000000000(0000) GS:ffff888237c00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000000201000bf CR3: 000000011205a000 CR4: 00000000003506b0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 kmemdup+0x1c/0x40 mm/util.c:131
 sidtab_sid2str_get+0x4f/0xc0 security/selinux/ss/sidtab.c:615
 sidtab_entry_to_string+0x31/0x90 security/selinux/ss/services.c:1287
 security_sid_to_context_core+0xf5/0x130 security/selinux/ss/services.c:1380
 security_sid_to_context+0xf/0x20 security/selinux/ss/services.c:1402
 avc_audit_post_callback+0x73/0x260 security/selinux/avc.c:731
 common_lsm_audit+0xe7/0x820 security/lsm_audit.c:469
 slow_avc_audit+0x6c/0xa0 security/selinux/avc.c:798
 avc_audit security/selinux/include/avc.h:140 [inline]
 avc_has_perm+0x170/0x1a0 security/selinux/avc.c:1201
 file_has_perm+0x71/0xd0 security/selinux/hooks.c:1731
 selinux_revalidate_file_permission security/selinux/hooks.c:3599 [inline]
 selinux_file_permission+0xbc/0x110 security/selinux/hooks.c:3620
 security_file_permission+0x26/0x150 security/security.c:1435
 rw_verify_area+0x48/0xb0 fs/read_write.c:400
 do_iter_write+0x5a/0x1b0 fs/read_write.c:861
 vfs_iter_write+0x14/0x20 fs/read_write.c:907
 lo_write_bvec+0x64/0x1b0 drivers/block/loop.c:277
 lo_write_simple drivers/block/loop.c:299 [inline]
 do_req_filebacked drivers/block/loop.c:622 [inline]
 loop_handle_cmd drivers/block/loop.c:2065 [inline]
 loop_queue_work+0x1b9/0xac0 drivers/block/loop.c:2083
 kthread_worker_fn+0xa6/0x1b0 kernel/kthread.c:757
 loop_kthread_worker_fn+0x19/0x20 drivers/block/loop.c:927
 kthread+0x14c/0x170 kernel/kthread.c:313
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:298
Modules linked in:
----------------
Code disassembly (best guess):
   0:	70 08                	jo     0xa
   2:	48 39 f2             	cmp    %rsi,%rdx
   5:	75 e7                	jne    0xffffffee
   7:	48 83 78 10 00       	cmpq   $0x0,0x10(%rax)
   c:	4c 8b 28             	mov    (%rax),%r13
   f:	0f 84 9c 03 00 00    	je     0x3b1
  15:	4d 85 ed             	test   %r13,%r13
  18:	0f 84 93 03 00 00    	je     0x3b1
  1e:	41 8b 44 24 28       	mov    0x28(%r12),%eax
  23:	49 8b 3c 24          	mov    (%r12),%rdi
  27:	4c 01 e8             	add    %r13,%rax
* 2a:	48 8b 18             	mov    (%rax),%rbx <-- trapping instruction
  2d:	48 89 c1             	mov    %rax,%rcx
  30:	4c 89 e8             	mov    %r13,%rax
  33:	49 33 9c 24 d8 00 00 	xor    0xd8(%r12),%rbx
  3a:	00
  3b:	48 0f c9             	bswap  %rcx
  3e:	48                   	rex.W
  3f:	31                   	.byte 0x31