ci starts bisection 2024-06-07 12:55:48.713653532 +0000 UTC m=+147606.475354740
bisecting cause commit starting from 234cb065ad82915ff8d06ce01e01c3e640b674d2
building syzkaller on e1e2c66edd2e6bbef9c942acf1f59719c482c0d9
fetch other tags and check if the commit is present
ensuring issue is reproducible on original commit 234cb065ad82915ff8d06ce01e01c3e640b674d2

testing commit 234cb065ad82915ff8d06ce01e01c3e640b674d2 gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 4f7aa73b709f588c99e4fa43599a27905a687a1898e52613ac7d08a5c2f1e38f
all runs: crashed: KASAN: slab-out-of-bounds Read in cfg80211_wext_freq
representative crash: KASAN: slab-out-of-bounds Read in cfg80211_wext_freq, types: [KASAN]
check whether we can drop unnecessary instrumentation
disabling configs for [HANG LEAK UBSAN BUG LOCKDEP ATOMIC_SLEEP], they are not needed
testing commit 234cb065ad82915ff8d06ce01e01c3e640b674d2 gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 40859cf406a0fe08641f66559456b49058a21a718259cf4d1af2ee66eaa635f4
all runs: crashed: KASAN: slab-out-of-bounds Read in cfg80211_wext_freq
representative crash: KASAN: slab-out-of-bounds Read in cfg80211_wext_freq, types: [KASAN]
the bug reproduces without the instrumentation
disabling configs for [ATOMIC_SLEEP HANG LEAK UBSAN BUG LOCKDEP], they are not needed
kconfig minimization: base=3976 full=8051 leaves diff=2029
split chunks (needed=false): <2029>
split chunk #0 of len 2029 into 5 parts
testing without sub-chunk 1/5
disabling configs for [HANG LEAK UBSAN BUG LOCKDEP ATOMIC_SLEEP], they are not needed
testing commit 234cb065ad82915ff8d06ce01e01c3e640b674d2 gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 53ecbb4f9f40e6f83d31511de69b352fd4d02a724bba5b9258954bcd46216d11
all runs: crashed: KASAN: slab-out-of-bounds Read in cfg80211_wext_freq
representative crash: KASAN: slab-out-of-bounds Read in cfg80211_wext_freq, types: [KASAN]
the chunk can be dropped
testing without sub-chunk 2/5
disabling configs for [LEAK UBSAN BUG LOCKDEP ATOMIC_SLEEP HANG], they are not needed
testing commit 234cb065ad82915ff8d06ce01e01c3e640b674d2 gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: d28b4fce2e848c9ebb48265a1572ea6df87f9e5149aeb59a8b027fc69d65776f
all runs: crashed: KASAN: slab-out-of-bounds Read in cfg80211_wext_freq
representative crash: KASAN: slab-out-of-bounds Read in cfg80211_wext_freq, types: [KASAN]
the chunk can be dropped
testing without sub-chunk 3/5
disabling configs for [HANG LEAK UBSAN BUG LOCKDEP ATOMIC_SLEEP], they are not needed
testing commit 234cb065ad82915ff8d06ce01e01c3e640b674d2 gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 3090d3b0280a3cfedb86350209a6416f4e68b52991263d785971534967f1b54b
all runs: OK
false negative chance: 0.000
testing without sub-chunk 4/5
disabling configs for [HANG LEAK UBSAN BUG LOCKDEP ATOMIC_SLEEP], they are not needed
testing commit 234cb065ad82915ff8d06ce01e01c3e640b674d2 gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: daf91bb7b007b95f1f786280aa12899b83af7300e191e3a80973524a1e3ad239
all runs: crashed: KASAN: slab-out-of-bounds Read in cfg80211_wext_freq
representative crash: KASAN: slab-out-of-bounds Read in cfg80211_wext_freq, types: [KASAN]
the chunk can be dropped
testing without sub-chunk 5/5
disabling configs for [LOCKDEP ATOMIC_SLEEP HANG LEAK UBSAN BUG], they are not needed
testing commit 234cb065ad82915ff8d06ce01e01c3e640b674d2 gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: d43ad60bb15f9da11b8512376ae2bf5b20bf06e70d88d1f001d4dd597ccd4309
run #0: crashed: lost connection to test machine
run #1: crashed: lost connection to test machine
run #2: OK
run #3: OK
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
representative crash: lost connection to test machine, types: [UNKNOWN]
minimized to 811 configs; suspects: [ARCH_ENABLE_MEMORY_HOTREMOVE ATM AX25 BCMA BLK_DEV_ZONED BPF_SYSCALL BRIDGE BRIDGE_NETFILTER CAN CARDBUS CFG80211 CFG80211_WEXT CHECKPOINT_RESTORE CMA COMMON_CLK CONTIG_ALLOC CPU_MITIGATIONS DVB_CORE EXTCON FB FB_CORE GPIOLIB HAMRADIO HAVE_ZSMALLOC HID_ZEROPLUS HSR I2C_MUX IIO INFINIBAND INFINIBAND_ADDR_TRANS INFINIBAND_USER_ACCESS INPUT_JOYSTICK INPUT_MOUSE IOMMUFD IP6_NF_RAW IPV6_MULTIPLE_TABLES IP_NF_RAW IP_SET IP_VS IP_VS_FO IP_VS_FTP IP_VS_IPV6 IP_VS_LBLC IP_VS_LBLCR IP_VS_LC IP_VS_MH IP_VS_NFCT IP_VS_NQ IP_VS_OVF IP_VS_PE_SIP IP_VS_PROTO_AH IP_VS_PROTO_AH_ESP IP_VS_PROTO_ESP IP_VS_PROTO_SCTP IP_VS_PROTO_TCP IP_VS_PROTO_UDP IP_VS_RR IP_VS_SED IP_VS_SH IP_VS_TWOS IP_VS_WLC IP_VS_WRR IRQ_BYPASS_MANAGER IRQ_POLL IRQ_REMAP IR_IGORPLUGUSB IR_IGUANA IR_IMON IR_MCEUSB IR_REDRAT3 IR_STREAMZAP IR_TTUSBIR ISDN ISDN_CAPI_MIDDLEWARE JFFS2_CMODE_PRIORITY JFFS2_COMPRESSION_OPTIONS JFFS2_FS JFFS2_FS_POSIX_ACL JFFS2_FS_SECURITY JFFS2_FS_WRITEBUFFER JFFS2_FS_XATTR JFFS2_LZO JFFS2_RTIME JFFS2_RUBIN JFFS2_SUMMARY JFFS2_ZLIB JFS_DEBUG JFS_FS JFS_POSIX_ACL JFS_SECURITY JOYSTICK_IFORCE JOYSTICK_IFORCE_USB JOYSTICK_XPAD JOYSTICK_XPAD_FF JOYSTICK_XPAD_LEDS KARMA_PARTITION KCOV KCOV_ENABLE_COMPARISONS KCOV_INSTRUMENT_ALL KEYS_REQUEST_CACHE KEY_DH_OPERATIONS KEY_NOTIFICATIONS KSM KVM KVM_AMD KVM_ASYNC_PF KVM_COMMON KVM_COMPAT KVM_GENERIC_DIRTYLOG_READ_PROTECT KVM_GENERIC_HARDWARE_ENABLING KVM_GENERIC_MEMORY_ATTRIBUTES KVM_GENERIC_MMU_NOTIFIER KVM_GENERIC_PRIVATE_MEM KVM_HYPERV KVM_INTEL KVM_MMIO KVM_PRIVATE_MEM KVM_PROVE_MMU KVM_SW_PROTECTED_VM KVM_VFIO KVM_XEN KVM_XFER_TO_GUEST_WORK L2TP L2TP_ETH L2TP_IP L2TP_V3 LAPB LAPBETHER LDM_PARTITION LEGACY_PTYS LIBCRC32C LIBNVDIMM LINEAR_RANGES LLC LLC2 LOGIG940_FF LOGIRUMBLEPAD2_FF LOGO LOGO_LINUX_MONO LOGO_LINUX_VGA16 LPC_ICH LRU_GEN LRU_GEN_ENABLED LRU_GEN_WALKS_MMU LWTUNNEL LWTUNNEL_BPF LZ4HC_COMPRESS LZ4_COMPRESS MAC80211 MAC80211_HAS_RC MAC80211_HWSIM MAC80211_MESH MAC80211_RC_DEFAULT_MINSTREL MAC80211_RC_MINSTREL MACSEC MACVLAN MACVTAP MAC_PARTITION MAPPING_DIRTY_HELPERS MD_RAID0 MD_RAID1 MD_RAID10 MD_RAID456 MEDIA_ANALOG_TV_SUPPORT MEDIA_ATTACH MEDIA_CAMERA_SUPPORT MEDIA_CEC_SUPPORT MEDIA_CONTROLLER MEDIA_CONTROLLER_DVB MEDIA_DIGITAL_TV_SUPPORT MEDIA_RADIO_SUPPORT MEDIA_SDR_SUPPORT MEDIA_SUPPORT MEDIA_SUPPORT_FILTER MEDIA_TEST_SUPPORT MEDIA_TUNER MEDIA_TUNER_MSI001 MEDIA_USB_SUPPORT MEMORY_BALLOON MEMORY_HOTPLUG MEMORY_HOTPLUG_DEFAULT_ONLINE MEMORY_HOTREMOVE MEMORY_ISOLATION MEMREGION MEMSTICK MEMSTICK_REALTEK_USB MEM_SOFT_DIRTY MFD_CORE MFD_SYSCON MFD_VIPERBOARD MHI_BUS MHI_WWAN_CTRL MHP_MEMMAP_ON_MEMORY MICROCHIP_PHY MINIX_FS MINIX_SUBPARTITION MISC_RTSX MISC_RTSX_USB MISDN MISDN_DSP MISDN_HFCUSB MISDN_L1OIP MITIGATION_SPECTRE_BHI MKISS MLX4_CORE MLX4_INFINIBAND MMC MMC_REALTEK_USB MMC_USHC MMC_VUB300 MMU_NOTIFIER MODULE_SRCVERSION_ALL MODVERSIONS MOST MOUSE_APPLETOUCH MOUSE_BCM5974 MOUSE_PS2 MOUSE_PS2_ALPS MOUSE_PS2_BYD MOUSE_PS2_CYPRESS MOUSE_PS2_FOCALTECH MOUSE_PS2_LIFEBOOK MOUSE_PS2_LOGIPS2PP MOUSE_PS2_SMBUS MOUSE_PS2_SYNAPTICS MOUSE_PS2_SYNAPTICS_SMBUS MOUSE_PS2_TRACKPOINT MOUSE_SYNAPTICS_USB MPLS MPLS_IPTUNNEL MPLS_ROUTING MPTCP MPTCP_IPV6 MRP MTD MTD_BLKDEVS MTD_BLOCK MTD_BLOCK2MTD MTD_CFI_I1 MTD_CFI_I2 MTD_MAP_BANK_WIDTH_1 MTD_MAP_BANK_WIDTH_2 MTD_MAP_BANK_WIDTH_4 MTD_MTDRAM MTD_PHRAM MTD_SLRAM MUSB_PIO_ONLY ND_BTT ND_CLAIM ND_PFN NETDEVSIM NETFILTER_ADVANCED NETFILTER_BPF_LINK NETFILTER_FAMILY_ARP NETFILTER_FAMILY_BRIDGE NETFILTER_NETLINK_ACCT NETFILTER_NETLINK_GLUE_CT NETFILTER_NETLINK_OSF NETFILTER_NETLINK_QUEUE NETFILTER_SYNPROXY NETFILTER_XTABLES_COMPAT NETFILTER_XT_CONNMARK NETFILTER_XT_MATCH_BPF NETFILTER_XT_MATCH_CGROUP NETFILTER_XT_MATCH_CLUSTER NETFILTER_XT_MATCH_COMMENT NETFILTER_XT_MATCH_CONNBYTES NETFILTER_XT_MATCH_CONNLABEL NETFILTER_XT_MATCH_CONNLIMIT NETFILTER_XT_MATCH_CONNMARK NETFILTER_XT_MATCH_CPU NETFILTER_XT_MATCH_DCCP NETFILTER_XT_MATCH_DEVGROUP NETFILTER_XT_MATCH_DSCP NETFILTER_XT_MATCH_ECN NETFILTER_XT_MATCH_ESP NETFILTER_XT_MATCH_HASHLIMIT NETFILTER_XT_MATCH_HELPER NETFILTER_XT_MATCH_HL NETFILTER_XT_MATCH_IPCOMP NETFILTER_XT_MATCH_IPRANGE NETFILTER_XT_MATCH_IPVS NETFILTER_XT_MATCH_L2TP NETFILTER_XT_MATCH_LENGTH NETFILTER_XT_MATCH_LIMIT NETFILTER_XT_MATCH_MAC NETFILTER_XT_MATCH_MARK NETFILTER_XT_MATCH_MULTIPORT NETFILTER_XT_MATCH_NFACCT NETFILTER_XT_MATCH_OSF NETFILTER_XT_MATCH_OWNER NETFILTER_XT_MATCH_PHYSDEV NETFILTER_XT_MATCH_PKTTYPE NETFILTER_XT_MATCH_QUOTA NETFILTER_XT_MATCH_RATEEST NETFILTER_XT_MATCH_REALM NETFILTER_XT_MATCH_RECENT NETFILTER_XT_MATCH_SCTP NETFILTER_XT_MATCH_SOCKET NETFILTER_XT_MATCH_STATISTIC NETFILTER_XT_MATCH_STRING NETFILTER_XT_MATCH_TCPMSS NETFILTER_XT_MATCH_TIME NETFILTER_XT_MATCH_U32 NETFILTER_XT_SET NETFILTER_XT_TARGET_AUDIT NETFILTER_XT_TARGET_CHECKSUM NETFILTER_XT_TARGET_CLASSIFY NETFILTER_XT_TARGET_CONNMARK NETFILTER_XT_TARGET_CT NETFILTER_XT_TARGET_DSCP NETFILTER_XT_TARGET_HL NETFILTER_XT_TARGET_HMARK NETFILTER_XT_TARGET_IDLETIMER NETFILTER_XT_TARGET_LED NETFILTER_XT_TARGET_MARK NETFILTER_XT_TARGET_NETMAP NETFILTER_XT_TARGET_NFQUEUE NETFILTER_XT_TARGET_NOTRACK NETFILTER_XT_TARGET_RATEEST NETFILTER_XT_TARGET_REDIRECT NETFILTER_XT_TARGET_TCPOPTSTRIP NETFILTER_XT_TARGET_TEE NETFILTER_XT_TARGET_TPROXY NETFILTER_XT_TARGET_TRACE NETLABEL NETLINK_DIAG NETROM NET_9P_RDMA NET_ACT_BPF NET_ACT_CONNMARK NET_ACT_CSUM NET_ACT_CT NET_ACT_CTINFO NET_ACT_GATE NET_ACT_IFE NET_ACT_MPLS NET_ACT_NAT NET_ACT_PEDIT NET_ACT_POLICE NET_ACT_SAMPLE NET_ACT_SIMP NET_ACT_SKBEDIT NET_ACT_SKBMOD NET_ACT_TUNNEL_KEY NET_ACT_VLAN NET_CLS_BASIC NET_CLS_BPF NET_CLS_FLOW NET_CLS_FLOWER NET_CLS_FW NET_CLS_MATCHALL NET_CLS_ROUTE4 NET_DEVLINK NET_DROP_MONITOR NET_DSA NET_DSA_TAG_BRCM NET_DSA_TAG_BRCM_COMMON NET_DSA_TAG_BRCM_PREPEND NET_DSA_TAG_MTK NET_DSA_TAG_QCA NET_DSA_TAG_RTL4_A NET_EMATCH_CANID NET_EMATCH_CMP NET_EMATCH_IPSET NET_EMATCH_IPT NET_EMATCH_META NET_EMATCH_NBYTE NET_EMATCH_TEXT NET_EMATCH_U32 NET_FC NET_FOU NET_FOU_IP_TUNNELS NET_IFE NET_IFE_SKBMARK NET_IFE_SKBPRIO NET_IFE_SKBTCINDEX NET_IPGRE NET_IPGRE_BROADCAST NET_IPGRE_DEMUX NET_IPIP NET_IPVTI NET_KEY NET_KEY_MIGRATE NET_L3_MASTER_DEV NET_MPLS_GSO NET_NCSI NET_NSH NET_REDIRECT NET_SCH_CAKE NET_SCH_CBS NET_SCH_CHOKE NET_SCH_CODEL NET_SCH_DRR NET_SCH_ETF NET_SCH_ETS NET_SCH_FQ NET_SCH_FQ_CODEL NET_SCH_FQ_PIE NET_SCH_GRED NET_SCH_HFSC NET_SCH_HHF NET_SCH_HTB NET_SCH_INGRESS NET_SCH_MQPRIO NET_SCH_MQPRIO_LIB NET_SCH_MULTIQ NET_SCH_NETEM NET_SCH_PIE NET_SCH_PLUG NET_SCH_PRIO NET_SCH_QFQ NET_SCH_RED NET_SCH_SFB NET_SCH_SFQ NET_SCH_SKBPRIO NET_SCH_TAPRIO NET_SCH_TBF NET_SCH_TEQL NET_SOCK_MSG NET_SWITCHDEV NET_TC_SKB_EXT NET_TEAM NET_TEAM_MODE_ACTIVEBACKUP NET_TEAM_MODE_BROADCAST NET_TEAM_MODE_LOADBALANCE NET_TEAM_MODE_RANDOM NET_TEAM_MODE_ROUNDROBIN NET_UDP_TUNNEL NET_VRF NFC NFC_DIGITAL NFC_FDP NFC_HCI NFC_MRVL NFC_MRVL_USB NFC_NCI NFC_NCI_UART NFC_PN533 NFC_PN533_USB NFC_PORT100 NFC_SHDLC NFC_SIM NFC_VIRTUAL_NCI NFSD NFSD_BLOCKLAYOUT NFSD_FLEXFILELAYOUT NFSD_PNFS NFSD_SCSILAYOUT NFSD_V3_ACL NFSD_V4 NFSD_V4_2_INTER_SSC NFSD_V4_SECURITY_LABEL NFS_FSCACHE NFS_V4_1 NFS_V4_2 NFS_V4_2_READ_PLUS NFS_V4_2_SSC_HELPER NFS_V4_SECURITY_LABEL NFT_BRIDGE_META NFT_BRIDGE_REJECT NFT_COMPAT NFT_CONNLIMIT NFT_CT NFT_DUP_IPV4 NFT_DUP_IPV6 NFT_DUP_NETDEV NFT_FIB NFT_FIB_INET NFT_FIB_IPV4 NFT_FIB_IPV6 NFT_FIB_NETDEV NFT_FLOW_OFFLOAD NFT_HASH NFT_LIMIT NFT_LOG NFT_MASQ NFT_NAT NFT_NUMGEN NFT_OSF NFT_QUEUE NFT_QUOTA NFT_REDIR NFT_REJECT NFT_REJECT_INET NFT_REJECT_IPV4 NFT_REJECT_IPV6 NFT_REJECT_NETDEV NFT_SOCKET NFT_SYNPROXY NFT_TPROXY NFT_TUNNEL NFT_XFRM NF_CONNTRACK_AMANDA NF_CONNTRACK_BRIDGE NF_CONNTRACK_BROADCAST NF_CONNTRACK_EVENTS NF_CONNTRACK_H323 NF_CONNTRACK_LABELS NF_CONNTRACK_MARK NF_CONNTRACK_NETBIOS_NS NF_CONNTRACK_OVS NF_CONNTRACK_PPTP NF_CONNTRACK_SANE NF_CONNTRACK_TFTP NF_CONNTRACK_TIMEOUT NF_CONNTRACK_TIMESTAMP NF_CONNTRACK_ZONES NF_CT_NETLINK_HELPER NF_CT_NETLINK_TIMEOUT NF_CT_PROTO_DCCP NF_CT_PROTO_GRE NF_CT_PROTO_SCTP NF_CT_PROTO_UDPLITE NF_DUP_IPV4 NF_DUP_IPV6 NF_DUP_NETDEV NF_FLOW_TABLE NF_FLOW_TABLE_INET NF_NAT_AMANDA NF_NAT_H323 NF_TABLES NF_TABLES_BRIDGE NF_TABLES_INET NF_TABLES_IPV4 NF_TABLES_IPV6 NF_TABLES_NETDEV PARPORT PARTITION_ADVANCED PCCARD PCMCIA PHONET PSAMPLE RADIO_ADAPTERS RADIO_SI470X RADIO_SI4713 RC_CORE RC_DEVICES RFKILL SND SOUND SPI SSB TAP TARGET_CORE TUN USB_AMD5536UDC USB_ATM USB_CHIPIDEA USB_CHIPIDEA_UDC USB_CONFIGFS USB_CONFIGFS_ACM USB_CONFIGFS_ECM USB_CONFIGFS_ECM_SUBSET USB_CONFIGFS_EEM USB_CONFIGFS_F_FS USB_CONFIGFS_F_HID USB_CONFIGFS_F_LB_SS USB_CONFIGFS_F_MIDI USB_CONFIGFS_F_PRINTER USB_CONFIGFS_F_TCM USB_CONFIGFS_F_UAC1 USB_CONFIGFS_F_UAC1_LEGACY USB_CONFIGFS_F_UAC2 USB_CONFIGFS_F_UVC USB_CONFIGFS_MASS_STORAGE USB_CONFIGFS_NCM USB_CONFIGFS_OBEX USB_CONFIGFS_PHONET USB_CONFIGFS_RNDIS USB_CONFIGFS_SERIAL USB_CXACRU USB_CYPRESS_CY7C63 USB_CYTHERM USB_DSBR USB_DUMMY_HCD USB_DWC2 USB_DWC2_HOST USB_DWC2_PCI USB_DWC3 USB_DWC3_GADGET USB_DWC3_OF_SIMPLE USB_DWC3_PCI USB_DWC3_ULPI USB_DYNAMIC_MINORS USB_EG20T USB_EHCI_HCD_PLATFORM USB_EHCI_ROOT_HUB_TT USB_EHSET_TEST_FIXTURE USB_EMI26 USB_EMI62 USB_EPSON2888 USB_EZUSB_FX2 USB_FEW_INIT_RETRIES USB_F_ACM USB_F_ECM USB_F_EEM USB_F_FS USB_F_HID USB_F_MASS_STORAGE USB_F_MIDI USB_F_NCM USB_F_OBEX USB_F_PHONET USB_F_PRINTER USB_F_RNDIS USB_F_SERIAL USB_F_SS_LB USB_F_SUBSET USB_F_TCM USB_F_UAC1 USB_F_UAC1_LEGACY USB_F_UAC2 USB_F_UVC USB_GADGET USB_GADGETFS USB_GADGET_DEBUG_FILES USB_GADGET_DEBUG_FS USB_GL860 USB_GOKU USB_GPIO_VBUS USB_GR_UDC USB_GSPCA USB_GSPCA_BENQ USB_GSPCA_CONEX USB_GSPCA_CPIA1 USB_GSPCA_DTCS033 USB_GSPCA_ETOMS USB_GSPCA_FINEPIX USB_GSPCA_JEILINJ USB_GSPCA_JL2005BCD USB_GSPCA_KINECT USB_GSPCA_KONICA USB_GSPCA_MARS USB_GSPCA_MR97310A USB_GSPCA_NW80X USB_GSPCA_OV519 USB_GSPCA_OV534 USB_GSPCA_OV534_9 USB_GSPCA_PAC207 USB_GSPCA_PAC7302 USB_GSPCA_PAC7311 USB_GSPCA_SE401 USB_GSPCA_SN9C2028 USB_GSPCA_SN9C20X USB_GSPCA_SONIXB USB_GSPCA_SONIXJ USB_GSPCA_SPCA1528 USB_GSPCA_SPCA500 USB_GSPCA_SPCA501 USB_GSPCA_SPCA505 USB_GSPCA_SPCA506 USB_GSPCA_SPCA508 USB_GSPCA_SPCA561 USB_GSPCA_SQ905 USB_GSPCA_SQ905C USB_GSPCA_SQ930X USB_GSPCA_STK014 USB_GSPCA_STK1135 USB_GSPCA_STV0680 USB_GSPCA_SUNPLUS USB_GSPCA_T613 USB_GSPCA_TOPRO USB_GSPCA_TOUPTEK USB_GSPCA_TV8532 USB_GSPCA_VC032X USB_GSPCA_VICAM USB_GSPCA_XIRLINK_CIT USB_GSPCA_ZC3XX USB_HACKRF USB_HCD_BCMA USB_HCD_SSB USB_HSIC_USB3503 USB_HSIC_USB4604 USB_HSO USB_HUB_USB251XB USB_IDMOUSE USB_IOWARRIOR USB_IPHETH USB_ISIGHTFW USB_ISP116X_HCD USB_ISP1301 USB_ISP1760 USB_ISP1760_DUAL_ROLE USB_ISP1760_HCD USB_ISP1761_UDC USB_KAWETH USB_KC2190 USB_KEENE USB_LAN78XX USB_LCD USB_LD USB_LEDS_TRIGGER_USBPORT USB_LED_TRIG USB_LEGOTOWER USB_LIBCOMPOSITE USB_LINK_LAYER_TEST USB_M5602 USB_MA901 USB_MAX3421_HCD USB_MDC800 USB_MICROTEK USB_MR800 USB_MSI2500 USB_MUSB_DUAL_ROLE USB_MUSB_HDRC USB_MV_U3D USB_MV_UDC USB_NET2272 USB_NET2272_DMA USB_NET2280 USB_NET_AX88179_178A USB_NET_AX8817X USB_NET_CDCETHER USB_NET_CDC_EEM USB_NET_CDC_MBIM USB_NET_CDC_NCM USB_NET_CDC_SUBSET USB_NET_CDC_SUBSET_ENABLE USB_NET_CH9200 USB_NET_CX82310_ETH USB_NET_DM9601 USB_NET_GL620A USB_NET_HUAWEI_CDC_NCM USB_NET_INT51X1 USB_NET_KALMIA USB_NET_MCS7830 USB_NET_NET1080 USB_NET_PLUSB USB_NET_QMI_WWAN USB_NET_RNDIS_HOST USB_NET_SMSC75XX USB_NET_SMSC95XX USB_NET_SR9700 USB_NET_SR9800 USB_NET_ZAURUS USB_OHCI_HCD_PLATFORM USB_OTG USB_OTG_FSM USB_OXU210HP_HCD USB_PEGASUS USB_PULSE8_CEC USB_PWC USB_PWC_INPUT_EVDEV USB_PXA27X USB_R8A66597 USB_R8A66597_HCD USB_RAINSHADOW_CEC USB_RAREMONO USB_RAW_GADGET USB_RTL8150 USB_RTL8152 USB_RTL8153_ECM USB_S2255 USB_SERIAL USB_SERIAL_AIRCABLE USB_SERIAL_ARK3116 USB_SERIAL_BELKIN USB_SERIAL_CH341 USB_SERIAL_CONSOLE USB_SERIAL_CP210X USB_SERIAL_CYBERJACK USB_SERIAL_CYPRESS_M8 USB_SERIAL_DEBUG USB_SERIAL_DIGI_ACCELEPORT USB_SERIAL_EDGEPORT USB_SERIAL_EDGEPORT_TI USB_SERIAL_EMPEG USB_SERIAL_F81232 USB_SERIAL_F8153X USB_SERIAL_FTDI_SIO USB_SERIAL_GARMIN USB_SERIAL_GENERIC USB_SERIAL_IPAQ USB_SERIAL_IPW USB_SERIAL_IR USB_SERIAL_IUU USB_SERIAL_KEYSPAN USB_SERIAL_KEYSPAN_PDA USB_SERIAL_KLSI USB_SERIAL_KOBIL_SCT USB_SERIAL_MCT_U232 USB_SERIAL_METRO USB_SERIAL_MOS7715_PARPORT USB_SERIAL_MOS7720 USB_SERIAL_MOS7840 USB_SERIAL_MXUPORT USB_SERIAL_NAVMAN USB_SERIAL_OMNINET USB_SERIAL_OPTICON USB_SERIAL_OPTION USB_SERIAL_OTI6858 USB_SERIAL_PL2303 USB_SERIAL_QCAUX USB_SERIAL_QT2 USB_SERIAL_QUALCOMM USB_SERIAL_SAFE USB_SERIAL_SIERRAWIRELESS USB_SERIAL_SIMPLE USB_SERIAL_SPCP8X5 USB_SERIAL_SSU100 USB_SERIAL_SYMBOL USB_SERIAL_TI USB_SERIAL_UPD78F0730 USB_SERIAL_VISOR USB_SERIAL_WHITEHEAT USB_SERIAL_WISHBONE USB_SERIAL_WWAN USB_SERIAL_XR USB_SERIAL_XSENS_MT USB_SEVSEG USB_SI470X USB_SI4713 USB_SIERRA_NET USB_SISUSBVGA USB_SL811_CS USB_SL811_HCD USB_SL811_HCD_ISO USB_SNP_CORE USB_SPEEDTOUCH USB_STORAGE_ALAUDA USB_STORAGE_CYPRESS_ATACB USB_STORAGE_DATAFAB USB_STORAGE_ENE_UB6250 USB_STORAGE_FREECOM USB_STORAGE_ISD200 USB_STORAGE_JUMPSHOT USB_STORAGE_KARMA USB_STORAGE_ONETOUCH USB_STORAGE_SDDR09 USB_STORAGE_SDDR55 USB_STORAGE_USBAT USB_STV06XX USB_TEST USB_TMC USB_TRANCEVIBRATOR USB_UAS USB_UEAGLEATM USB_ULPI_BUS USB_USBNET USB_USS720 USB_U_AUDIO USB_U_ETHER USB_U_SERIAL USB_VIDEO_CLASS USB_VIDEO_CLASS_INPUT_EVDEV USB_VL600 USB_WDM USB_XHCI_DBGCAP USB_XHCI_PLATFORM USB_XUSBATM USB_YUREX USERFAULTFD USERIO USERMODE_DRIVER USER_RETURN_NOTIFIER UVC_COMMON U_SERIAL_CONSOLE V4L2_MEM2MEM_DEV V4L_TEST_DRIVERS VALIDATE_FS_PARSER VDPA VDPA_SIM VDPA_SIM_BLOCK VDPA_SIM_NET VDPA_USER VETH VFIO VFIO_DEVICE_CDEV VFIO_PCI VFIO_PCI_CORE VFIO_PCI_INTX VFIO_PCI_MMAP VFIO_VIRQFD VGASTATE VHOST VHOST_CROSS_ENDIAN_LEGACY VHOST_IOTLB VHOST_NET VHOST_RING VHOST_TASK VHOST_VDPA VHOST_VSOCK VIDEO VIDEOBUF2_CORE VIDEOBUF2_DMA_CONTIG VIDEOBUF2_DMA_SG VIDEOBUF2_MEMOPS VIDEOBUF2_V4L2 VIDEOBUF2_VMALLOC VIDEOMODE_HELPERS VIDEO_AU0828 VIDEO_AU0828_RC VIDEO_AU0828_V4L2 VIDEO_CS53L32A VIDEO_CX231XX VIDEO_CX231XX_ALSA VIDEO_CX231XX_DVB VIDEO_CX231XX_RC VIDEO_CX2341X VIDEO_CX25840 VIDEO_DEV VIDEO_EM28XX VIDEO_EM28XX_ALSA VIDEO_EM28XX_DVB VIDEO_EM28XX_RC VIDEO_EM28XX_V4L2 VIDEO_GO7007 VIDEO_GO7007_LOADER VIDEO_GO7007_USB VIDEO_GO7007_USB_S2250_BOARD VIDEO_HDPVR VIDEO_MSP3400 VIDEO_PVRUSB2 VIDEO_PVRUSB2_DVB VIDEO_PVRUSB2_SYSFS VIDEO_SAA711X VIDEO_STK1160 VIDEO_TUNER VIDEO_TVEEPROM VIDEO_USBTV VIDEO_V4L2_I2C VIDEO_V4L2_SUBDEV_API VIDEO_V4L2_TPG VIDEO_VICODEC VIDEO_VIM2M VIDEO_VIMC VIDEO_VIVID VIDEO_VIVID_CEC VIDEO_WM8775 VIPERBOARD_ADC VIRTIO_BALLOON VIRTIO_DMA_SHARED_BUFFER VIRTIO_MEM VIRTIO_MMIO VIRTIO_MMIO_CMDLINE_DEVICES VIRTIO_PMEM VIRTIO_VDPA VIRTIO_VSOCKETS VIRTIO_VSOCKETS_COMMON VIRT_WIFI VLAN_8021Q VLAN_8021Q_GVRP VLAN_8021Q_MVRP VMAP_PFN VMWARE_VMCI VMXNET3 VP_VDPA VSOCKETS VSOCKETS_DIAG VSOCKETS_LOOPBACK VSOCKMON VT_HW_CONSOLE_BINDING VXFS_FS WAN WANT_DEV_COREDUMP WATCH_QUEUE WEXT_CORE WEXT_PRIV WEXT_PROC WIREGUARD WIRELESS WIRELESS_EXT WLAN WLAN_VENDOR_ADMTEK WLAN_VENDOR_PURELIFI WLAN_VENDOR_SILABS WWAN X25 X86_SGX X86_SGX_KVM X86_USER_SHADOW_STACK X86_X2APIC X86_X32_ABI XDP_SOCKETS XDP_SOCKETS_DIAG XFRM_ESPINTCP XFRM_INTERFACE XFRM_IPCOMP XFRM_MIGRATE XFRM_OFFLOAD XFRM_STATISTICS XFRM_SUB_POLICY XFRM_USER_COMPAT XFS_FS XFS_POSIX_ACL XFS_QUOTA XFS_RT XOR_BLOCKS YENTA YENTA_ENE_TUNE YENTA_O2 YENTA_RICOH YENTA_TI YENTA_TOSHIBA ZEROPLUS_FF ZLIB_DEFLATE ZONEFS_FS ZPOOL ZRAM ZRAM_BACKEND_FORCE_LZO ZRAM_BACKEND_LZO ZRAM_DEF_COMP_LZORLE ZSMALLOC ZSTD_COMPRESS ZSWAP ZSWAP_COMPRESSOR_DEFAULT_LZO ZSWAP_DEFAULT_ON ZSWAP_SHRINKER_DEFAULT_ON ZSWAP_ZPOOL_DEFAULT_ZSMALLOC]
disabling configs for [UBSAN BUG LOCKDEP ATOMIC_SLEEP HANG LEAK], they are not needed
picked [v6.9 v6.8 v6.7 v6.5 v6.3 v6.1 v5.19 v5.17 v5.14 v5.11 v5.8 v5.5 v5.2 v4.20 v4.19] out of 32 release tags
testing release v6.9
testing commit a38297e3fb012ddfa7ce0321a7e5a8daeb1872b6 gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: f5ee28e76501c706532cf8b0cd193f46160e3d24836ace7b65625f5d29f60fd6
all runs: crashed: KASAN: slab-out-of-bounds Read in cfg80211_wext_freq
representative crash: KASAN: slab-out-of-bounds Read in cfg80211_wext_freq, types: [KASAN]
testing release v6.8
testing commit e8f897f4afef0031fe618a8e94127a0934896aba gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 2cd00276c0eb752e870ddc841593f2a4a8988c86abd4b8e58eb1c6e399c6c477
run #0: crashed: KFENCE: out-of-bounds in cfg80211_wext_freq
run #1: crashed: KASAN: slab-out-of-bounds Read in cfg80211_wext_freq
run #2: crashed: KASAN: slab-out-of-bounds Read in cfg80211_wext_freq
run #3: crashed: KASAN: slab-out-of-bounds Read in cfg80211_wext_freq
run #4: crashed: KASAN: slab-out-of-bounds Read in cfg80211_wext_freq
run #5: crashed: KASAN: slab-out-of-bounds Read in cfg80211_wext_freq
run #6: crashed: KASAN: slab-out-of-bounds Read in cfg80211_wext_freq
run #7: crashed: KASAN: slab-out-of-bounds Read in cfg80211_wext_freq
run #8: crashed: KASAN: slab-out-of-bounds Read in cfg80211_wext_freq
run #9: crashed: KASAN: slab-out-of-bounds Read in cfg80211_wext_freq
run #10: crashed: KASAN: slab-out-of-bounds Read in cfg80211_wext_freq
run #11: crashed: KASAN: slab-out-of-bounds Read in cfg80211_wext_freq
run #12: crashed: KASAN: slab-out-of-bounds Read in cfg80211_wext_freq
run #13: crashed: KASAN: slab-out-of-bounds Read in cfg80211_wext_freq
run #14: crashed: KASAN: slab-out-of-bounds Read in cfg80211_wext_freq
run #15: crashed: KASAN: slab-out-of-bounds Read in cfg80211_wext_freq
run #16: crashed: KASAN: slab-out-of-bounds Read in cfg80211_wext_freq
run #17: crashed: KASAN: slab-out-of-bounds Read in cfg80211_wext_freq
run #18: crashed: KASAN: slab-out-of-bounds Read in cfg80211_wext_freq
run #19: crashed: KASAN: slab-out-of-bounds Read in cfg80211_wext_freq
representative crash: KASAN: slab-out-of-bounds Read in cfg80211_wext_freq, types: [KASAN]
testing release v6.7
testing commit 0dd3ee31125508cd67f7e7172247f05b7fd1753a gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 85570ba0d74891732ebe4b368a47fa5cb072d24a3e2353d01180196cf79f16f9
all runs: crashed: KASAN: slab-out-of-bounds Read in cfg80211_wext_freq
representative crash: KASAN: slab-out-of-bounds Read in cfg80211_wext_freq, types: [KASAN]
testing release v6.5
testing commit 2dde18cd1d8fac735875f2e4987f11817cc0bc2c gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: ebc0f72bfbb353dce213ff7e0334e028f6e99f5e5dcfc8db433242a84f15314a
run #0: crashed: KASAN: slab-out-of-bounds Read in cfg80211_wext_freq
run #1: crashed: KASAN: slab-out-of-bounds Read in cfg80211_wext_freq
run #2: crashed: KASAN: slab-out-of-bounds Read in cfg80211_wext_freq
run #3: crashed: KASAN: slab-out-of-bounds Read in cfg80211_wext_freq
run #4: crashed: KASAN: slab-out-of-bounds Read in cfg80211_wext_freq
run #5: crashed: KFENCE: out-of-bounds in cfg80211_wext_freq
run #6: crashed: KASAN: slab-out-of-bounds Read in cfg80211_wext_freq
run #7: crashed: KASAN: slab-out-of-bounds Read in cfg80211_wext_freq
run #8: crashed: KASAN: slab-out-of-bounds Read in cfg80211_wext_freq
run #9: crashed: KASAN: slab-out-of-bounds Read in cfg80211_wext_freq
run #10: crashed: lost connection to test machine
run #11: crashed: KASAN: slab-out-of-bounds Read in cfg80211_wext_freq
run #12: crashed: KASAN: slab-out-of-bounds Read in cfg80211_wext_freq
run #13: crashed: KASAN: slab-out-of-bounds Read in cfg80211_wext_freq
run #14: crashed: KASAN: slab-out-of-bounds Read in cfg80211_wext_freq
run #15: crashed: KASAN: slab-out-of-bounds Read in cfg80211_wext_freq
run #16: crashed: KASAN: slab-out-of-bounds Read in cfg80211_wext_freq
run #17: crashed: KASAN: slab-out-of-bounds Read in cfg80211_wext_freq
run #18: crashed: KASAN: slab-out-of-bounds Read in cfg80211_wext_freq
run #19: crashed: KASAN: slab-out-of-bounds Read in cfg80211_wext_freq
representative crash: KASAN: slab-out-of-bounds Read in cfg80211_wext_freq, types: [KASAN]
testing release v6.3
testing commit 457391b0380335d5e9a5babdec90ac53928b23b4 gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: a8402ee0296b3b79741f88bbd4671ac4c10e5d4046105db040ec5695128ef824
all runs: crashed: KASAN: slab-out-of-bounds Read in cfg80211_wext_freq
representative crash: KASAN: slab-out-of-bounds Read in cfg80211_wext_freq, types: [KASAN]
testing release v6.1
testing commit 830b3c68c1fb1e9176028d02ef86f3cf76aa2476 gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 0f7bb0bc2aa6c0144a011653b6fe5fa686515fd6a5d1b8a9378ad153e34d8ac4
run #0: crashed: KASAN: slab-out-of-bounds Read in cfg80211_wext_freq
run #1: crashed: KASAN: slab-out-of-bounds Read in cfg80211_wext_freq
run #2: crashed: lost connection to test machine
run #3: crashed: lost connection to test machine
run #4: crashed: KASAN: slab-out-of-bounds Read in cfg80211_wext_freq
run #5: crashed: KASAN: slab-out-of-bounds Read in cfg80211_wext_freq
run #6: crashed: KASAN: slab-out-of-bounds Read in cfg80211_wext_freq
run #7: crashed: KASAN: slab-out-of-bounds Read in cfg80211_wext_freq
run #8: crashed: KASAN: slab-out-of-bounds Read in cfg80211_wext_freq
run #9: crashed: KASAN: slab-out-of-bounds Read in cfg80211_wext_freq
run #10: crashed: KASAN: slab-out-of-bounds Read in cfg80211_wext_freq
run #11: crashed: KASAN: slab-out-of-bounds Read in cfg80211_wext_freq
run #12: crashed: BUG: workqueue lockup
run #13: crashed: BUG: workqueue lockup
run #14: crashed: BUG: workqueue lockup
run #15: crashed: BUG: workqueue lockup
run #16: crashed: no output from test machine
run #17: crashed: no output from test machine
run #18: crashed: no output from test machine
run #19: crashed: no output from test machine
representative crash: KASAN: slab-out-of-bounds Read in cfg80211_wext_freq, types: [KASAN UNKNOWN]
testing release v5.19
testing commit 3d7cb6b04c3f3115719235cc6866b10326de34cd gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 9d2ca1d6bd320400c3c36c05698629d729a18481312852f7eb4aa9b86314068b
all runs: crashed: KASAN: slab-out-of-bounds Read in cfg80211_wext_freq
representative crash: KASAN: slab-out-of-bounds Read in cfg80211_wext_freq, types: [KASAN]
testing release v5.17
testing commit f443e374ae131c168a065ea1748feac6b2e76613 gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: fc49b5526b4975a3ae7f99149e98f0d9d29e08348ec6e818270c55a697a27cca
all runs: crashed: KASAN: slab-out-of-bounds Read in cfg80211_wext_freq
representative crash: KASAN: slab-out-of-bounds Read in cfg80211_wext_freq, types: [KASAN]
testing release v5.14
testing commit 7d2a07b769330c34b4deabeed939325c77a7ec2f gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: d49eb400149c63ecb2f9ddd9e27cb37ed491493d703e3b3107aec188639d2d8e
all runs: crashed: KASAN: slab-out-of-bounds Read in cfg80211_wext_freq
representative crash: KASAN: slab-out-of-bounds Read in cfg80211_wext_freq, types: [KASAN]
testing release v5.11
testing commit f40ddce88593482919761f74910f42f4b84c004b gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 16adf241dcadffd5609aa1ed9de60bc3af6903652190534f0bdeab79f08fc0d2
all runs: crashed: KASAN: slab-out-of-bounds Read in cfg80211_wext_freq
representative crash: KASAN: slab-out-of-bounds Read in cfg80211_wext_freq, types: [KASAN]
testing release v5.8
testing commit bcf876870b95592b52519ed4aafcf9d95999bc9c gcc
compiler: gcc (GCC) 8.4.1 20210217, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: f434a7b97d5a4a24dff06c5d31a018b4af286ca4a50cbd63c22cf6c36de3c5d1
all runs: crashed: KASAN: slab-out-of-bounds Read in cfg80211_wext_freq
representative crash: KASAN: slab-out-of-bounds Read in cfg80211_wext_freq, types: [KASAN]
testing release v5.5
testing commit d5226fa6dbae0569ee43ecfc08bdcd6770fc4755 gcc
compiler: gcc version 8.4.1 20210217 (GCC)
kernel signature: 211e1916f1fa754989a15f3c3332a0ffc726798a8555855e487ab9f7869c5b3e
all runs: crashed: KASAN: slab-out-of-bounds Read in cfg80211_wext_freq
representative crash: KASAN: slab-out-of-bounds Read in cfg80211_wext_freq, types: [KASAN]
testing release v5.2
testing commit 0ecfebd2b52404ae0c54a878c872bb93363ada36 gcc
compiler: gcc version 8.4.1 20210217 (GCC)
kernel signature: 1034542c2b8133f517b6304554c05a3df79d60222ec62f98eba3cd0d7d57e33b
all runs: crashed: KASAN: slab-out-of-bounds Read in cfg80211_wext_freq
representative crash: KASAN: slab-out-of-bounds Read in cfg80211_wext_freq, types: [KASAN]
testing release v4.20
testing commit 8fe28cb58bcb235034b64cbbb7550a8a43fd88be gcc
compiler: gcc version 8.4.1 20210217 (GCC)
kernel signature: 69d2b81bf1140a27b59250873d9349f0b6df7b8c8283bd68b326b5844be252e7
all runs: crashed: KASAN: slab-out-of-bounds Read in cfg80211_wext_freq
representative crash: KASAN: slab-out-of-bounds Read in cfg80211_wext_freq, types: [KASAN]
testing release v4.19
testing commit 84df9525b0c27f3ebc2ebb1864fa62a97fdedb7d gcc
compiler: gcc version 8.4.1 20210217 (GCC)
kernel signature: 37339d35e73a4ca87f6092f97e4f3ed57e455c96d3578d57094f901ae38d1a95
run #0: crashed: KASAN: slab-out-of-bounds Read in cfg80211_wext_freq
run #1: crashed: KASAN: slab-out-of-bounds Read in cfg80211_wext_freq
run #2: crashed: KASAN: slab-out-of-bounds Read in cfg80211_wext_freq
run #3: crashed: KASAN: slab-out-of-bounds Read in cfg80211_wext_freq
run #4: crashed: KASAN: slab-out-of-bounds Read in cfg80211_wext_freq
run #5: crashed: KASAN: slab-out-of-bounds Read in cfg80211_wext_freq
run #6: crashed: KASAN: slab-out-of-bounds Read in cfg80211_wext_freq
run #7: crashed: KASAN: slab-out-of-bounds Read in cfg80211_wext_freq
run #8: crashed: KASAN: slab-out-of-bounds Read in cfg80211_wext_freq
run #9: crashed: KASAN: slab-out-of-bounds Read in cfg80211_wext_freq
run #10: crashed: KASAN: slab-out-of-bounds Read in cfg80211_wext_freq
run #11: crashed: KASAN: slab-out-of-bounds Read in cfg80211_wext_freq
run #12: crashed: KASAN: slab-out-of-bounds Read in cfg80211_wext_freq
run #13: crashed: KASAN: slab-out-of-bounds Read in cfg80211_wext_freq
run #14: crashed: KASAN: slab-out-of-bounds Read in cfg80211_wext_freq
run #15: crashed: KASAN: slab-out-of-bounds Read in cfg80211_wext_freq
run #16: crashed: KASAN: slab-out-of-bounds Read in cfg80211_wext_freq
run #17: crashed: KASAN: slab-out-of-bounds Read in cfg80211_wext_freq
run #18: crashed: KASAN: slab-out-of-bounds Read in cfg80211_wext_freq
run #19: boot failed: KASAN: use-after-free Read in dd_has_work
representative crash: KASAN: slab-out-of-bounds Read in cfg80211_wext_freq, types: [KASAN]
crash still not fixed/happens on the oldest tested release
reproducer is flaky (1.00 repro chance estimate)
revisions tested: 22, total time: 5h10m22.774290796s (build: 2h46m46.407912437s, test: 2h11m41.628932337s)
oldest tested release already had the bug or it had kernel test errors
commit msg: Linux 4.19
crash: KASAN: slab-out-of-bounds Read in cfg80211_wext_freq
IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
==================================================================
BUG: KASAN: slab-out-of-bounds in cfg80211_wext_freq+0x102/0x120 net/wireless/wext-compat.c:233
Read of size 2 at addr ffff8801eefdf040 by task syz-executor.3/4887

CPU: 1 PID: 4887 Comm: syz-executor.3 Not tainted 4.19.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x10c/0x17a lib/dump_stack.c:113
 print_address_description.cold.6+0x9/0x244 mm/kasan/report.c:256
 kasan_report_error mm/kasan/report.c:354 [inline]
 kasan_report mm/kasan/report.c:412 [inline]
 kasan_report.cold.7+0x242/0x305 mm/kasan/report.c:396
 __asan_report_load2_noabort+0x14/0x20 mm/kasan/report.c:431
 cfg80211_wext_freq+0x102/0x120 net/wireless/wext-compat.c:233
 cfg80211_wext_siwscan+0x5ef/0xe80 net/wireless/scan.c:1452
 ioctl_standard_iw_point+0x77d/0xbb0 net/wireless/wext-core.c:838
 ioctl_standard_call+0x10c/0x150 net/wireless/wext-core.c:1022
 wireless_process_ioctl.constprop.4+0x183/0x270 net/wireless/wext-core.c:953
 wext_ioctl_dispatch net/wireless/wext-core.c:986 [inline]
 wext_ioctl_dispatch net/wireless/wext-core.c:974 [inline]
 wext_handle_ioctl+0xe9/0x170 net/wireless/wext-core.c:1047
 sock_ioctl+0x28e/0x4f0 net/socket.c:1015
 vfs_ioctl fs/ioctl.c:46 [inline]
 file_ioctl fs/ioctl.c:501 [inline]
 do_vfs_ioctl+0x199/0xfd0 fs/ioctl.c:685
 ksys_ioctl+0x62/0x90 fs/ioctl.c:702
 __do_sys_ioctl fs/ioctl.c:709 [inline]
 __se_sys_ioctl fs/ioctl.c:707 [inline]
 __x64_sys_ioctl+0x6e/0xb0 fs/ioctl.c:707
 do_syscall_64+0xd0/0x340 arch/x86/entry/common.c:290
 entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x7f0eafa2bee9
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f0eaf5ae0c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007f0eafb62f80 RCX: 00007f0eafa2bee9
RDX: 0000000020000000 RSI: 0000000000008b18 RDI: 0000000000000003
RBP: 00007f0eafa896fe R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 000000000000000b R14: 00007f0eafb62f80 R15: 00007ffe7229c858

Allocated by task 4887:
 save_stack mm/kasan/kasan.c:448 [inline]
 set_track mm/kasan/kasan.c:460 [inline]
 kasan_kmalloc.part.1+0x62/0xf0 mm/kasan/kasan.c:553
 kasan_kmalloc+0xaf/0xc0 mm/kasan/kasan.c:538
 __kmalloc+0x139/0x260 mm/slub.c:3751
 kmalloc include/linux/slab.h:518 [inline]
 kzalloc include/linux/slab.h:707 [inline]
 ioctl_standard_iw_point+0x604/0xbb0 net/wireless/wext-core.c:799
 ioctl_standard_call+0x10c/0x150 net/wireless/wext-core.c:1022
 wireless_process_ioctl.constprop.4+0x183/0x270 net/wireless/wext-core.c:953
 wext_ioctl_dispatch net/wireless/wext-core.c:986 [inline]
 wext_ioctl_dispatch net/wireless/wext-core.c:974 [inline]
 wext_handle_ioctl+0xe9/0x170 net/wireless/wext-core.c:1047
 sock_ioctl+0x28e/0x4f0 net/socket.c:1015
 vfs_ioctl fs/ioctl.c:46 [inline]
 file_ioctl fs/ioctl.c:501 [inline]
 do_vfs_ioctl+0x199/0xfd0 fs/ioctl.c:685
 ksys_ioctl+0x62/0x90 fs/ioctl.c:702
 __do_sys_ioctl fs/ioctl.c:709 [inline]
 __se_sys_ioctl fs/ioctl.c:707 [inline]
 __x64_sys_ioctl+0x6e/0xb0 fs/ioctl.c:707
 do_syscall_64+0xd0/0x340 arch/x86/entry/common.c:290
 entry_SYSCALL_64_after_hwframe+0x44/0xa9

Freed by task 3027:
 save_stack mm/kasan/kasan.c:448 [inline]
 set_track mm/kasan/kasan.c:460 [inline]
 __kasan_slab_free+0x167/0x240 mm/kasan/kasan.c:521
 kasan_slab_free+0xe/0x10 mm/kasan/kasan.c:528
 slab_free_hook mm/slub.c:1371 [inline]
 slab_free_freelist_hook mm/slub.c:1398 [inline]
 slab_free mm/slub.c:2953 [inline]
 kfree+0x10c/0x280 mm/slub.c:3906
 skb_free_head+0x74/0x90 net/core/skbuff.c:550
 skb_release_data+0x456/0x5d0 net/core/skbuff.c:570
 skb_release_all+0x3d/0x50 net/core/skbuff.c:627
 __kfree_skb net/core/skbuff.c:641 [inline]
 consume_skb+0xaf/0x1d0 net/core/skbuff.c:701
 skb_free_datagram+0x12/0xc0 net/core/datagram.c:329
 netlink_recvmsg+0x5e6/0xe70 net/netlink/af_netlink.c:1987
 sock_recvmsg_nosec net/socket.c:794 [inline]
 sock_recvmsg net/socket.c:801 [inline]
 sock_recvmsg+0xb9/0xf0 net/socket.c:797
 ___sys_recvmsg+0x21c/0x530 net/socket.c:2278
 __sys_recvmsg+0xd6/0x180 net/socket.c:2327
 __do_sys_recvmsg net/socket.c:2337 [inline]
 __se_sys_recvmsg net/socket.c:2334 [inline]
 __x64_sys_recvmsg+0x73/0xb0 net/socket.c:2334
 do_syscall_64+0xd0/0x340 arch/x86/entry/common.c:290
 entry_SYSCALL_64_after_hwframe+0x44/0xa9

The buggy address belongs to the object at ffff8801eefdef00
 which belongs to the cache kmalloc-512 of size 512
The buggy address is located 320 bytes inside of
 512-byte region [ffff8801eefdef00, ffff8801eefdf100)
The buggy address belongs to the page:
page:ffffea0007bbf780 count:1 mapcount:0 mapping:ffff8801f6802c00 index:0x0 compound_mapcount: 0
flags: 0x200000000008100(slab|head)
raw: 0200000000008100 0000000000000000 0000000b00000001 ffff8801f6802c00
raw: 0000000000000000 00000000800c000c 00000001ffffffff 0000000000000000
page dumped because: kasan: bad access detected
page allocated via order 1, migratetype Unmovable, gfp_mask 0x152c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC)
 set_page_owner include/linux/page_owner.h:31 [inline]
 post_alloc_hook mm/page_alloc.c:1906 [inline]
 prep_new_page mm/page_alloc.c:1914 [inline]
 get_page_from_freelist+0x2c01/0x4060 mm/page_alloc.c:3345
 __alloc_pages_nodemask+0x390/0x2300 mm/page_alloc.c:4370
 alloc_pages_current+0xfd/0x290 mm/mempolicy.c:2093
 alloc_pages include/linux/gfp.h:509 [inline]
 alloc_slab_page mm/slub.c:1438 [inline]
 allocate_slab mm/slub.c:1583 [inline]
 new_slab+0x458/0x7d0 mm/slub.c:1654
 new_slab_objects mm/slub.c:2417 [inline]
 ___slab_alloc+0x600/0x890 mm/slub.c:2569
 __slab_alloc+0x2f/0x60 mm/slub.c:2609
 slab_alloc_node mm/slub.c:2672 [inline]
 __kmalloc_node_track_caller+0xd7/0x2f0 mm/slub.c:4320
 __kmalloc_reserve.isra.8+0x2c/0xc0 net/core/skbuff.c:137
 __alloc_skb+0xd7/0x580 net/core/skbuff.c:205
 alloc_skb include/linux/skbuff.h:995 [inline]
 alloc_uevent_skb+0x84/0x220 lib/kobject_uevent.c:288
 uevent_net_broadcast_untagged lib/kobject_uevent.c:324 [inline]
 kobject_uevent_net_broadcast lib/kobject_uevent.c:406 [inline]
 kobject_uevent_env+0x7b6/0x1080 lib/kobject_uevent.c:587
 kobject_uevent+0xb/0x10 lib/kobject_uevent.c:636
 driver_bound+0x18b/0x2e0 drivers/base/dd.c:348
 device_bind_driver+0x8d/0xb0 drivers/base/dd.c:426
 mac80211_hwsim_new_radio+0x396/0x3410 drivers/net/wireless/mac80211_hwsim.c:2687
 hwsim_new_radio_nl+0x514/0x8e0 drivers/net/wireless/mac80211_hwsim.c:3374

Memory state around the buggy address:
 ffff8801eefdef00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ffff8801eefdef80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>ffff8801eefdf000: 00 00 00 00 00 00 00 04 fc fc fc fc fc fc fc fc
                                           ^
 ffff8801eefdf080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
 ffff8801eefdf100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
==================================================================