ci2 starts bisection 2024-01-18 00:40:26.716071035 +0000 UTC m=+8308.092302020
bisecting fixing commit since 05ef4ccb57746f921003b9340fc2f0532c177f41
building syzkaller on 3222d10cbe77bbedb5a7c455e5bcb6b7081a63b7
ensuring issue is reproducible on original commit 05ef4ccb57746f921003b9340fc2f0532c177f41

testing commit 05ef4ccb57746f921003b9340fc2f0532c177f41 gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: a1719c8b91e50e265abba43a1844fb2bac4413e0772296c6abaea04220fe32cc
all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in dev_queue_xmit_nit
representative crash: BUG: unable to handle kernel NULL pointer dereference in dev_queue_xmit_nit, types: [UNKNOWN]
check whether we can drop unnecessary instrumentation
disabling configs for [HANG LEAK UBSAN BUG KASAN LOCKDEP ATOMIC_SLEEP], they are not needed
testing commit 05ef4ccb57746f921003b9340fc2f0532c177f41 gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 57d67b5a21c36877a1e7bd27940dfeb777eebbf6b1e417e6b771cd0d2bdc9114
all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in dev_queue_xmit_nit
representative crash: BUG: unable to handle kernel NULL pointer dereference in dev_queue_xmit_nit, types: [UNKNOWN]
the bug reproduces without the instrumentation
disabling configs for [HANG LEAK UBSAN BUG KASAN LOCKDEP ATOMIC_SLEEP], they are not needed
kconfig minimization: base=4920 full=6161 leaves diff=241
split chunks (needed=false): <241>
split chunk #0 of len 241 into 5 parts
testing without sub-chunk 1/5
disabling configs for [HANG LEAK UBSAN BUG KASAN LOCKDEP ATOMIC_SLEEP], they are not needed
testing commit 05ef4ccb57746f921003b9340fc2f0532c177f41 gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: d1c442e1f7946348f51e02f4d5367a628356f2d86ea4c21e9745fa69a4bfd3d0
all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in dev_queue_xmit_nit
representative crash: BUG: unable to handle kernel NULL pointer dereference in dev_queue_xmit_nit, types: [UNKNOWN]
the chunk can be dropped
testing without sub-chunk 2/5
disabling configs for [UBSAN BUG KASAN LOCKDEP ATOMIC_SLEEP HANG LEAK], they are not needed
testing commit 05ef4ccb57746f921003b9340fc2f0532c177f41 gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: deb2aa855ae2086ceeb9060d006a4221d321fc2256c192f8df7498b1f6fcad57
all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in dev_queue_xmit_nit
representative crash: BUG: unable to handle kernel NULL pointer dereference in dev_queue_xmit_nit, types: [UNKNOWN]
the chunk can be dropped
testing without sub-chunk 3/5
disabling configs for [ATOMIC_SLEEP HANG LEAK UBSAN BUG KASAN LOCKDEP], they are not needed
testing commit 05ef4ccb57746f921003b9340fc2f0532c177f41 gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 0d1813a34bdad3c185e0ad387e6ba70ebb82551bbb8650b7270e8efc16c073b7
all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in dev_queue_xmit_nit
representative crash: BUG: unable to handle kernel NULL pointer dereference in dev_queue_xmit_nit, types: [UNKNOWN]
the chunk can be dropped
testing without sub-chunk 4/5
disabling configs for [ATOMIC_SLEEP HANG LEAK UBSAN BUG KASAN LOCKDEP], they are not needed
testing commit 05ef4ccb57746f921003b9340fc2f0532c177f41 gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: db4a9c7848b5dbfff243374508ba4f89ec7fe230255394a9dc52aba63616fb12
all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in dev_queue_xmit_nit
representative crash: BUG: unable to handle kernel NULL pointer dereference in dev_queue_xmit_nit, types: [UNKNOWN]
the chunk can be dropped
testing without sub-chunk 5/5
disabling configs for [LOCKDEP ATOMIC_SLEEP HANG LEAK UBSAN BUG KASAN], they are not needed
testing commit 05ef4ccb57746f921003b9340fc2f0532c177f41 gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40
failed building 05ef4ccb57746f921003b9340fc2f0532c177f41: net/socket.c:1189: undefined reference to `wext_handle_ioctl'
net/socket.c:3383: undefined reference to `compat_wext_handle_ioctl'
net/core/net-procfs.c:343: undefined reference to `wext_proc_exit'
net/core/net-procfs.c:327: undefined reference to `wext_proc_init'
minimized to 45 configs; suspects: [HID_ZEROPLUS USB_NET_MCS7830 USB_NET_NET1080 USB_NET_PLUSB USB_NET_RNDIS_HOST USB_NET_SMSC75XX USB_NET_SMSC95XX USB_NET_SR9700 USB_NET_SR9800 USB_NET_ZAURUS USB_OHCI_HCD USB_OHCI_HCD_PCI USB_OHCI_HCD_PLATFORM USB_OTG USB_OTG_FSM USB_PRINTER USB_SERIAL USB_SERIAL_FTDI_SIO USB_SERIAL_GENERIC USB_SERIAL_PL2303 USB_STORAGE_ALAUDA USB_STORAGE_CYPRESS_ATACB USB_STORAGE_DATAFAB USB_STORAGE_FREECOM USB_STORAGE_ISD200 USB_STORAGE_JUMPSHOT USB_STORAGE_KARMA USB_STORAGE_ONETOUCH USB_STORAGE_SDDR09 USB_STORAGE_SDDR55 USB_STORAGE_USBAT USB_TRANCEVIBRATOR USB_U_AUDIO USB_U_ETHER USB_U_SERIAL USB_WDM WLAN WLAN_VENDOR_ATH WLAN_VENDOR_ATMEL WLAN_VENDOR_BROADCOM WLAN_VENDOR_INTERSIL WLAN_VENDOR_MARVELL WLAN_VENDOR_MEDIATEK WLAN_VENDOR_MICROCHIP WLAN_VENDOR_RALINK WLAN_VENDOR_REALTEK WLAN_VENDOR_RSI WLAN_VENDOR_ZYDAS X86_X32 ZEROPLUS_FF]
disabling configs for [HANG LEAK UBSAN BUG KASAN LOCKDEP ATOMIC_SLEEP], they are not needed
testing current HEAD 1c3a1f32bcbdc0591d0eab67b745f1f4d3ecef6b
testing commit 1c3a1f32bcbdc0591d0eab67b745f1f4d3ecef6b gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: c7958d3309f20a6a12e686a7ce49c49ec1eccc4f65a259b1547489133ee7870d
all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in dev_queue_xmit_nit
representative crash: BUG: unable to handle kernel NULL pointer dereference in dev_queue_xmit_nit, types: [UNKNOWN]
crash still not fixed/happens on the oldest tested release
revisions tested: 7, total time: 1h2m52.674944351s (build: 20m26.174231916s, test: 38m47.156631769s)
crash still not fixed or there were kernel test errors
commit msg: Revert "ipv6: remove max_size check inline with ipv4"
crash: BUG: unable to handle kernel NULL pointer dereference in dev_queue_xmit_nit
BUG: kernel NULL pointer dereference, address: 0000000000000000
#PF: supervisor instruction fetch in kernel mode
#PF: error_code(0x0010) - not-present page
PGD 1091cc067 P4D 1091cc067 PUD 1091c7067 PMD 0 
Oops: 0010 [#1] PREEMPT SMP
CPU: 1 PID: 366 Comm: syz-executor.0 Not tainted 5.15.147-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023
RIP: 0010:0x0
Code: Unable to access opcode bytes at RIP 0xffffffffffffffd6.
RSP: 0000:ffffc9000041bc08 EFLAGS: 00010246
RAX: ffff888113c8a680 RBX: ffff88810ce49048 RCX: ffff88810ce49000
RDX: ffff8881013d9f00 RSI: ffff88810ce49000 RDI: ffff8881017c3a00
RBP: ffffc9000041bc48 R08: 0000000000000100 R09: ffff8881017c3a00
R10: fdd97c119a510165 R11: 736f6d6570736575 R12: ffff88810ce49080
R13: ffff8881033fb8f0 R14: ffff8881013d9f00 R15: ffff8881017c3a00
FS:  0000555555a2a480(0000) GS:ffff888237d00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffffffffffffd6 CR3: 00000001091b5000 CR4: 00000000003506a0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 dev_queue_xmit_nit+0x25d/0x290 net/core/dev.c:2349
 xmit_one net/core/dev.c:3619 [inline]
 dev_hard_start_xmit+0x61/0x220 net/core/dev.c:3640
 __dev_queue_xmit+0x76f/0xb40 net/core/dev.c:4255
 dev_queue_xmit+0xb/0x10 net/core/dev.c:4288
 tipc_l2_send_msg+0xb3/0xd0 net/tipc/bearer.c:514
 tipc_bearer_xmit_skb+0x8f/0xd0 net/tipc/bearer.c:560
 tipc_disc_timeout+0x1a2/0x230 net/tipc/discover.c:338
 call_timer_fn+0x24/0xf0 kernel/time/timer.c:1427
 expire_timers kernel/time/timer.c:1472 [inline]
 __run_timers.part.0+0x16a/0x220 kernel/time/timer.c:1743
 __run_timers kernel/time/timer.c:1721 [inline]
 run_timer_softirq+0x30/0x70 kernel/time/timer.c:1756
 __do_softirq+0xff/0x2fc kernel/softirq.c:565
 invoke_softirq kernel/softirq.c:425 [inline]
 __irq_exit_rcu kernel/softirq.c:648 [inline]
 irq_exit_rcu+0x84/0xd0 kernel/softirq.c:660
 sysvec_apic_timer_interrupt+0x5b/0xd0 arch/x86/kernel/apic/apic.c:1096
 asm_sysvec_apic_timer_interrupt+0x1b/0x20 arch/x86/include/asm/idtentry.h:638
RIP: 0033:0x7fdc7c2142c0
Code: e9 d8 00 00 00 66 66 2e 0f 1f 84 00 00 00 00 00 66 66 2e 0f 1f 84 00 00 00 00 00 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 <c5> f9 6e c6 48 89 f8 48 83 fa 20 0f 82 cf 00 00 00 c4 e2 7d 78 c0
RSP: 002b:00007ffc8fbf1518 EFLAGS: 00000246
RAX: 0000555555a2b7e0 RBX: 00007fdc7bdb26c0 RCX: 0000555555a2b7d0
RDX: 0000000000000118 RSI: 0000000000000000 RDI: 0000555555a2b7e0
RBP: 000000000000000f R08: 00000000ffffffff R09: 0000000000000000
R10: 0000000000021000 R11: 0000000000000010 R12: 00007ffc8fbf17e0
R13: ffffffffffffffc0 R14: 0000000000001000 R15: 0000000000000000
 </TASK>
Modules linked in:
CR2: 0000000000000000
---[ end trace b1fc9af32a825710 ]---
RIP: 0010:0x0
Code: Unable to access opcode bytes at RIP 0xffffffffffffffd6.
RSP: 0000:ffffc9000041bc08 EFLAGS: 00010246
RAX: ffff888113c8a680 RBX: ffff88810ce49048 RCX: ffff88810ce49000
RDX: ffff8881013d9f00 RSI: ffff88810ce49000 RDI: ffff8881017c3a00
RBP: ffffc9000041bc48 R08: 0000000000000100 R09: ffff8881017c3a00
R10: fdd97c119a510165 R11: 736f6d6570736575 R12: ffff88810ce49080
R13: ffff8881033fb8f0 R14: ffff8881013d9f00 R15: ffff8881017c3a00
FS:  0000555555a2a480(0000) GS:ffff888237d00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffffffffffffd6 CR3: 00000001091b5000 CR4: 00000000003506a0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400