ci2 starts bisection 2024-01-21 19:42:47.434439135 +0000 UTC m=+189868.969875764
bisecting fixing commit since 61cfd264993d07540f60a5c53d77a14c818e54a9
building syzkaller on 5b429f39ae82dfd954322d3f42c830cf560f51d2
ensuring issue is reproducible on original commit 61cfd264993d07540f60a5c53d77a14c818e54a9

testing commit 61cfd264993d07540f60a5c53d77a14c818e54a9 gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: be6d2165b1f08bc7419f8f8c27c1b5c265c867077de52144f43d4198245ca32d
run #0: crashed: general protection fault in vma_interval_tree_insert_after
run #1: crashed: BUG: unable to handle kernel paging request in vma_interval_tree_insert_after
run #2: crashed: KASAN: invalid-free in anon_vma_name_free
run #3: crashed: general protection fault in vma_interval_tree_insert_after
run #4: crashed: KASAN: invalid-free in anon_vma_name_free
run #5: crashed: KASAN: use-after-free Write in vm_area_free_no_check
run #6: crashed: KASAN: invalid-free in anon_vma_name_free
run #7: crashed: BUG: unable to handle kernel paging request in vma_interval_tree_insert_after
run #8: crashed: general protection fault in vma_interval_tree_insert_after
run #9: crashed: KASAN: invalid-free in anon_vma_name_free
run #10: crashed: KASAN: invalid-free in anon_vma_name_free
run #11: crashed: BUG: unable to handle kernel paging request in vma_interval_tree_insert_after
run #12: crashed: BUG: unable to handle kernel paging request in vma_interval_tree_insert_after
run #13: crashed: general protection fault in vma_interval_tree_insert_after
run #14: crashed: BUG: unable to handle kernel paging request in vma_interval_tree_insert_after
run #15: crashed: KASAN: null-ptr-deref Write in vm_area_free_no_check
run #16: crashed: KASAN: invalid-free in anon_vma_name_free
run #17: crashed: KASAN: invalid-free in anon_vma_name_free
run #18: crashed: KASAN: invalid-free in anon_vma_name_free
run #19: crashed: KASAN: invalid-free in anon_vma_name_free
representative crash: KASAN: invalid-free in anon_vma_name_free, types: [KASAN UNKNOWN]
check whether we can drop unnecessary instrumentation
disabling configs for [HANG LEAK UBSAN BUG LOCKDEP ATOMIC_SLEEP], they are not needed
testing commit 61cfd264993d07540f60a5c53d77a14c818e54a9 gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 670b00fa4be144f01e276946dea136ae29319f5c8b4ee7124dbec2759ed5961d
run #0: crashed: general protection fault in vma_interval_tree_insert_after
run #1: crashed: BUG: unable to handle kernel paging request in vma_interval_tree_insert_after
run #2: crashed: BUG: unable to handle kernel paging request in vma_interval_tree_insert_after
run #3: crashed: KASAN: invalid-free in anon_vma_name_free
run #4: crashed: KASAN: invalid-free in anon_vma_name_free
run #5: crashed: general protection fault in vma_interval_tree_insert_after
run #6: crashed: KASAN: invalid-free in anon_vma_name_free
run #7: crashed: general protection fault in vma_interval_tree_insert_after
run #8: crashed: general protection fault in vma_interval_tree_insert_after
run #9: crashed: KASAN: invalid-free in anon_vma_name_free
representative crash: general protection fault in vma_interval_tree_insert_after, types: [UNKNOWN KASAN]
the bug reproduces without the instrumentation
disabling configs for [HANG LEAK UBSAN BUG LOCKDEP ATOMIC_SLEEP], they are not needed
kconfig minimization: base=4920 full=6161 leaves diff=241
split chunks (needed=false): <241>
split chunk #0 of len 241 into 5 parts
testing without sub-chunk 1/5
disabling configs for [BUG LOCKDEP ATOMIC_SLEEP HANG LEAK UBSAN], they are not needed
testing commit 61cfd264993d07540f60a5c53d77a14c818e54a9 gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 2341355fdd30240b5092c50b4950c67fca52344c4ed38d1b3e35be5fd9e19fae
run #0: crashed: general protection fault in vma_interval_tree_insert_after
run #1: crashed: KASAN: invalid-free in anon_vma_name_free
run #2: crashed: general protection fault in vma_interval_tree_insert_after
run #3: crashed: general protection fault in vma_interval_tree_insert_after
run #4: crashed: general protection fault in vma_interval_tree_insert_after
run #5: crashed: general protection fault in vma_interval_tree_insert_after
run #6: crashed: KASAN: invalid-free in anon_vma_name_free
run #7: crashed: KASAN: invalid-free in anon_vma_name_free
run #8: crashed: general protection fault in vma_interval_tree_insert_after
run #9: crashed: KASAN: invalid-free in anon_vma_name_free
representative crash: general protection fault in vma_interval_tree_insert_after, types: [UNKNOWN KASAN]
the chunk can be dropped
testing without sub-chunk 2/5
disabling configs for [BUG LOCKDEP ATOMIC_SLEEP HANG LEAK UBSAN], they are not needed
testing commit 61cfd264993d07540f60a5c53d77a14c818e54a9 gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 411180d7ac088a2ed7a21860fd27555689b86c837c7aa479e10cdd303bfb3823
run #0: crashed: general protection fault in vma_interval_tree_insert_after
run #1: crashed: BUG: unable to handle kernel paging request in vma_interval_tree_insert_after
run #2: crashed: general protection fault in vma_interval_tree_remove
run #3: crashed: BUG: unable to handle kernel paging request in vma_interval_tree_insert_after
run #4: crashed: general protection fault in vma_interval_tree_insert_after
run #5: crashed: KASAN: invalid-free in anon_vma_name_free
run #6: crashed: KASAN: invalid-free in anon_vma_name_free
run #7: crashed: KASAN: invalid-free in anon_vma_name_free
run #8: crashed: KASAN: invalid-free in anon_vma_name_free
run #9: crashed: KASAN: invalid-free in anon_vma_name_free
representative crash: general protection fault in vma_interval_tree_insert_after, types: [UNKNOWN KASAN]
the chunk can be dropped
testing without sub-chunk 3/5
disabling configs for [LOCKDEP ATOMIC_SLEEP HANG LEAK UBSAN BUG], they are not needed
testing commit 61cfd264993d07540f60a5c53d77a14c818e54a9 gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 4d6d8aac8b61024fc2ca56bc3d4978a13a8140f677087507a343d59bd74548dc
run #0: crashed: BUG: unable to handle kernel paging request in vma_interval_tree_insert_after
run #1: crashed: general protection fault in vma_interval_tree_insert_after
run #2: crashed: general protection fault in vma_interval_tree_insert_after
run #3: crashed: BUG: unable to handle kernel paging request in vma_interval_tree_insert_after
run #4: crashed: BUG: unable to handle kernel paging request in vma_interval_tree_insert_after
run #5: crashed: general protection fault in vma_interval_tree_insert_after
run #6: crashed: general protection fault in vma_interval_tree_insert_after
run #7: crashed: general protection fault in vma_interval_tree_insert_after
run #8: crashed: KASAN: invalid-free in anon_vma_name_free
run #9: crashed: KASAN: invalid-free in anon_vma_name_free
representative crash: BUG: unable to handle kernel paging request in vma_interval_tree_insert_after, types: [UNKNOWN]
the chunk can be dropped
testing without sub-chunk 4/5
disabling configs for [HANG LEAK UBSAN BUG LOCKDEP ATOMIC_SLEEP], they are not needed
testing commit 61cfd264993d07540f60a5c53d77a14c818e54a9 gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 16e953219b38d87f2725d6793a4fea75ff69f30159360d3b882be9fe26346643
run #0: crashed: general protection fault in vma_interval_tree_insert_after
run #1: crashed: KASAN: null-ptr-deref Write in vm_area_free_no_check
run #2: crashed: BUG: unable to handle kernel paging request in vma_interval_tree_insert_after
run #3: crashed: general protection fault in vma_interval_tree_insert_after
run #4: crashed: general protection fault in vma_interval_tree_insert_after
run #5: crashed: general protection fault in vma_interval_tree_insert_after
run #6: crashed: general protection fault in vma_interval_tree_insert_after
run #7: crashed: general protection fault in vma_interval_tree_remove
run #8: crashed: KASAN: invalid-free in anon_vma_name_free
run #9: crashed: KASAN: invalid-free in anon_vma_name_free
representative crash: general protection fault in vma_interval_tree_insert_after, types: [UNKNOWN KASAN]
the chunk can be dropped
testing without sub-chunk 5/5
disabling configs for [BUG LOCKDEP ATOMIC_SLEEP HANG LEAK UBSAN], they are not needed
testing commit 61cfd264993d07540f60a5c53d77a14c818e54a9 gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40
failed building 61cfd264993d07540f60a5c53d77a14c818e54a9: net/socket.c:1189: undefined reference to `wext_handle_ioctl'
net/socket.c:3383: undefined reference to `compat_wext_handle_ioctl'
net/core/net-procfs.c:343: undefined reference to `wext_proc_exit'
net/core/net-procfs.c:327: undefined reference to `wext_proc_init'
minimized to 45 configs; suspects: [HID_ZEROPLUS USB_NET_MCS7830 USB_NET_NET1080 USB_NET_PLUSB USB_NET_RNDIS_HOST USB_NET_SMSC75XX USB_NET_SMSC95XX USB_NET_SR9700 USB_NET_SR9800 USB_NET_ZAURUS USB_OHCI_HCD USB_OHCI_HCD_PCI USB_OHCI_HCD_PLATFORM USB_OTG USB_OTG_FSM USB_PRINTER USB_SERIAL USB_SERIAL_FTDI_SIO USB_SERIAL_GENERIC USB_SERIAL_PL2303 USB_STORAGE_ALAUDA USB_STORAGE_CYPRESS_ATACB USB_STORAGE_DATAFAB USB_STORAGE_FREECOM USB_STORAGE_ISD200 USB_STORAGE_JUMPSHOT USB_STORAGE_KARMA USB_STORAGE_ONETOUCH USB_STORAGE_SDDR09 USB_STORAGE_SDDR55 USB_STORAGE_USBAT USB_TRANCEVIBRATOR USB_U_AUDIO USB_U_ETHER USB_U_SERIAL USB_WDM WLAN WLAN_VENDOR_ATH WLAN_VENDOR_ATMEL WLAN_VENDOR_BROADCOM WLAN_VENDOR_INTERSIL WLAN_VENDOR_MARVELL WLAN_VENDOR_MEDIATEK WLAN_VENDOR_MICROCHIP WLAN_VENDOR_RALINK WLAN_VENDOR_REALTEK WLAN_VENDOR_RSI WLAN_VENDOR_ZYDAS X86_X32 ZEROPLUS_FF]
disabling configs for [LEAK UBSAN BUG LOCKDEP ATOMIC_SLEEP HANG], they are not needed
testing current HEAD 1c3a1f32bcbdc0591d0eab67b745f1f4d3ecef6b
testing commit 1c3a1f32bcbdc0591d0eab67b745f1f4d3ecef6b gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 8c5499e69a409495980dc4eaf11e01d6e66bad47b5d05829cb208d83cb41ce23
run #0: crashed: BUG: unable to handle kernel paging request in vma_interval_tree_insert_after
run #1: crashed: general protection fault in vma_interval_tree_insert_after
run #2: crashed: BUG: unable to handle kernel paging request in vma_interval_tree_insert_after
run #3: crashed: BUG: unable to handle kernel paging request in vma_interval_tree_insert_after
run #4: crashed: KASAN: invalid-free in anon_vma_name_free
run #5: crashed: general protection fault in vma_interval_tree_insert_after
run #6: crashed: general protection fault in vma_interval_tree_insert_after
run #7: crashed: general protection fault in vma_interval_tree_insert_after
run #8: crashed: general protection fault in vma_interval_tree_insert_after
run #9: crashed: KASAN: invalid-free in anon_vma_name_free
representative crash: BUG: unable to handle kernel paging request in vma_interval_tree_insert_after, types: [UNKNOWN]
crash still not fixed/happens on the oldest tested release
revisions tested: 7, total time: 1h36m27.095634566s (build: 21m34.001766476s, test: 1h11m9.203843299s)
crash still not fixed or there were kernel test errors
commit msg: Revert "ipv6: remove max_size check inline with ipv4"
crash: BUG: unable to handle kernel paging request in vma_interval_tree_insert_after
BUG: unable to handle page fault for address: ffffed1800000014
#PF: supervisor read access in kernel mode
#PF: error_code(0x0000) - not-present page
PGD 23fff2067 P4D 23fff2067 PUD 0 
Oops: 0000 [#1] PREEMPT SMP KASAN
CPU: 0 PID: 399 Comm: syz-executor.0 Not tainted 5.15.147-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023
RIP: 0010:__rb_insert lib/rbtree.c:115 [inline]
RIP: 0010:__rb_insert_augmented+0x73/0x9a0 lib/rbtree.c:459
Code: 89 e1 48 c1 e9 03 42 80 3c 31 00 0f 85 83 05 00 00 4d 8b 2c 24 41 f6 c5 01 0f 85 88 01 00 00 4d 8d 45 08 4c 89 c1 48 c1 e9 03 <42> 80 3c 31 00 0f 85 7c 05 00 00 4d 8b 7d 08 4d 39 e7 0f 84 74 01
RSP: 0018:ffffc90000827aa0 EFLAGS: 00010a06
RAX: ffff888108fce0c8 RBX: ffff88810af5c4f8 RCX: 1ffff11800000014
RDX: ffffffff8188adb0 RSI: 1ffff1102067df58 RDI: ffff88810af5c508
RBP: ffffc90000827ae8 R08: ffff88c0000000a0 R09: ffff888108fce0e7
R10: ffffed10211f9c1c R11: 0000000000000000 R12: ffff888121a5bbe8
R13: ffff88c000000098 R14: dffffc0000000000 R15: ffff8881218f4d10
FS:  00007fe9741056c0(0000) GS:ffff8881f7400000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffed1800000014 CR3: 000000010aeae000 CR4: 00000000003506b0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 rb_insert_augmented include/linux/rbtree_augmented.h:50 [inline]
 vma_interval_tree_insert_after+0x22e/0x350 mm/interval_tree.c:57
 dup_mmap kernel/fork.c:631 [inline]
 dup_mm kernel/fork.c:1521 [inline]
 copy_mm kernel/fork.c:1573 [inline]
 copy_process+0x5ec8/0x73e0 kernel/fork.c:2264
 kernel_clone+0xc1/0x950 kernel/fork.c:2662
 __do_sys_clone+0xc9/0x100 kernel/fork.c:2788
 __se_sys_clone kernel/fork.c:2772 [inline]
 __x64_sys_clone+0xb9/0x140 kernel/fork.c:2772
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x61/0xcb
RIP: 0033:0x7fe974582ae9
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fe974105078 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
RAX: ffffffffffffffda RBX: 00007fe9746a1f80 RCX: 00007fe974582ae9
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 00007fe974105120 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
R13: 000000000000000b R14: 00007fe9746a1f80 R15: 00007ffe77bf0368
 </TASK>
Modules linked in:
CR2: ffffed1800000014
---[ end trace 3a8a483880695ca4 ]---
RIP: 0010:__rb_insert lib/rbtree.c:115 [inline]
RIP: 0010:__rb_insert_augmented+0x73/0x9a0 lib/rbtree.c:459
Code: 89 e1 48 c1 e9 03 42 80 3c 31 00 0f 85 83 05 00 00 4d 8b 2c 24 41 f6 c5 01 0f 85 88 01 00 00 4d 8d 45 08 4c 89 c1 48 c1 e9 03 <42> 80 3c 31 00 0f 85 7c 05 00 00 4d 8b 7d 08 4d 39 e7 0f 84 74 01
RSP: 0018:ffffc90000827aa0 EFLAGS: 00010a06
RAX: ffff888108fce0c8 RBX: ffff88810af5c4f8 RCX: 1ffff11800000014
RDX: ffffffff8188adb0 RSI: 1ffff1102067df58 RDI: ffff88810af5c508
RBP: ffffc90000827ae8 R08: ffff88c0000000a0 R09: ffff888108fce0e7
R10: ffffed10211f9c1c R11: 0000000000000000 R12: ffff888121a5bbe8
R13: ffff88c000000098 R14: dffffc0000000000 R15: ffff8881218f4d10
FS:  00007fe9741056c0(0000) GS:ffff8881f7400000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffed1800000014 CR3: 000000010aeae000 CR4: 00000000003506b0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
----------------
Code disassembly (best guess):
   0:	89 e1                	mov    %esp,%ecx
   2:	48 c1 e9 03          	shr    $0x3,%rcx
   6:	42 80 3c 31 00       	cmpb   $0x0,(%rcx,%r14,1)
   b:	0f 85 83 05 00 00    	jne    0x594
  11:	4d 8b 2c 24          	mov    (%r12),%r13
  15:	41 f6 c5 01          	test   $0x1,%r13b
  19:	0f 85 88 01 00 00    	jne    0x1a7
  1f:	4d 8d 45 08          	lea    0x8(%r13),%r8
  23:	4c 89 c1             	mov    %r8,%rcx
  26:	48 c1 e9 03          	shr    $0x3,%rcx
* 2a:	42 80 3c 31 00       	cmpb   $0x0,(%rcx,%r14,1) <-- trapping instruction
  2f:	0f 85 7c 05 00 00    	jne    0x5b1
  35:	4d 8b 7d 08          	mov    0x8(%r13),%r15
  39:	4d 39 e7             	cmp    %r12,%r15
  3c:	0f                   	.byte 0xf
  3d:	84                   	.byte 0x84
  3e:	74 01                	je     0x41