ci2 starts bisection 2023-02-02 20:19:54.884903974 +0000 UTC m=+24059.003583380
bisecting fixing commit since c73b4619ad86a2a29fc998e950e98bcdfa2f6d8f
building syzkaller on ab32d50881df9f96f2af301aadca62ad00b7e099
ensuring issue is reproducible on original commit c73b4619ad86a2a29fc998e950e98bcdfa2f6d8f
testing commit c73b4619ad86a2a29fc998e950e98bcdfa2f6d8f gcc
compiler: Debian clang version 13.0.1-6~deb11u1, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 9c26f0fb5857937e6aaee998937459ccb8d07116c62b69be8e8e11be62517326
all runs: crashed: KASAN: stack-out-of-bounds Read in xfrm_state_find
testing current HEAD 7e0097918ff89c162089316bbffe24b104fb9808
testing commit 7e0097918ff89c162089316bbffe24b104fb9808 gcc
compiler: Debian clang version 13.0.1-6~deb11u1, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 957ee52810039236b96a75e375cd91d0aa840b04234bbb7d73d47fa6fe5ac976
all runs: crashed: KASAN: stack-out-of-bounds Read in xfrm_state_find
revisions tested: 2, total time: 18m53.782479676s (build: 10m30.88376846s, test: 5m37.373142642s)
the crash still happens on HEAD
commit msg: Revert "scsi: ufs: core: Fix devfreq deadlocks"
crash: KASAN: stack-out-of-bounds Read in xfrm_state_find
==================================================================
BUG: KASAN: stack-out-of-bounds in jhash2 include/linux/jhash.h:138 [inline]
BUG: KASAN: stack-out-of-bounds in __xfrm6_addr_hash net/xfrm/xfrm_hash.h:16 [inline]
BUG: KASAN: stack-out-of-bounds in __xfrm6_daddr_saddr_hash net/xfrm/xfrm_hash.h:29 [inline]
BUG: KASAN: stack-out-of-bounds in __xfrm_dst_hash net/xfrm/xfrm_hash.h:95 [inline]
BUG: KASAN: stack-out-of-bounds in xfrm_dst_hash net/xfrm/xfrm_state.c:63 [inline]
BUG: KASAN: stack-out-of-bounds in xfrm_state_find+0x28b1/0x2e20 net/xfrm/xfrm_state.c:1092
Read of size 4 at addr ffffc90000007a78 by task kauditd/30
CPU: 0 PID: 30 Comm: kauditd Not tainted 5.15.91-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023
Call Trace:
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x105/0x148 lib/dump_stack.c:106
print_address_description+0x87/0x3d0 mm/kasan/report.c:248
__kasan_report mm/kasan/report.c:427 [inline]
kasan_report+0x1a6/0x1f0 mm/kasan/report.c:444
__asan_report_load4_noabort+0x14/0x20 mm/kasan/report_generic.c:308
jhash2 include/linux/jhash.h:138 [inline]
__xfrm6_addr_hash net/xfrm/xfrm_hash.h:16 [inline]
__xfrm6_daddr_saddr_hash net/xfrm/xfrm_hash.h:29 [inline]
__xfrm_dst_hash net/xfrm/xfrm_hash.h:95 [inline]
xfrm_dst_hash net/xfrm/xfrm_state.c:63 [inline]
xfrm_state_find+0x28b1/0x2e20 net/xfrm/xfrm_state.c:1092
xfrm_tmpl_resolve_one net/xfrm/xfrm_policy.c:2393 [inline]
xfrm_tmpl_resolve net/xfrm/xfrm_policy.c:2438 [inline]
xfrm_resolve_and_create_bundle+0x5b1/0x28b0 net/xfrm/xfrm_policy.c:2731
xfrm_bundle_lookup net/xfrm/xfrm_policy.c:2966 [inline]
xfrm_lookup_with_ifid+0xba7/0x1cb0 net/xfrm/xfrm_policy.c:3097
xfrm_lookup net/xfrm/xfrm_policy.c:3194 [inline]
xfrm_lookup_route+0x1d/0x120 net/xfrm/xfrm_policy.c:3205
ip_route_output_flow+0x1bb/0x2e0 net/ipv4/route.c:2889
ip_route_output_ports include/net/route.h:169 [inline]
igmpv3_newpack+0x3fb/0xf40 net/ipv4/igmp.c:369
add_grhead+0x70/0x300 net/ipv4/igmp.c:440
add_grec+0xffb/0x1280 net/ipv4/igmp.c:574
igmpv3_send_cr net/ipv4/igmp.c:711 [inline]
igmp_ifc_timer_expire+0x79f/0xd90 net/ipv4/igmp.c:810
call_timer_fn+0x2b/0x1c0 kernel/time/timer.c:1427
expire_timers+0x1ea/0x310 kernel/time/timer.c:1472
__run_timers+0x4c5/0x5d0 kernel/time/timer.c:1743
run_timer_softirq+0x4a/0xb0 kernel/time/timer.c:1756
__do_softirq+0x27e/0x5dc kernel/softirq.c:565
invoke_softirq+0xb/0x50 kernel/softirq.c:425
__irq_exit_rcu+0x4f/0xb0 kernel/softirq.c:647
irq_exit_rcu+0x9/0x10 kernel/softirq.c:659
sysvec_apic_timer_interrupt+0x9a/0xc0 arch/x86/kernel/apic/apic.c:1097
asm_sysvec_apic_timer_interrupt+0x1b/0x20 arch/x86/include/asm/idtentry.h:638
RIP: 0010:console_lock_spinning_disable_and_check kernel/printk/printk.c:1840 [inline]
RIP: 0010:console_unlock+0x7ae/0x9c0 kernel/printk/printk.c:2763
Code: e8 57 61 17 03 84 db 74 07 c6 05 cc 69 10 05 00 e8 87 52 00 00 f7 44 24 58 00 02 00 00 4c 8d ac 24 80 01 00 00 74 01 fb 84 db <0f> 94 c0 22 44 24 1b 3c 01 0f 84 b3 fa ff ff 0f b6 c3 85 c0 0f 84
RSP: 0018:ffffc900001ff900 EFLAGS: 00000246
RAX: 0000000080000001 RBX: dffffc0000000000 RCX: 0000000000000002
RDX: 0000000000000001 RSI: 0000000000000004 RDI: 0000000000000001
RBP: ffffc900001ffb10 R08: dffffc0000000000 R09: 0000000000000003
R10: fffff5200003ff11 R11: 1ffff9200003ff10 R12: dffffc0000000000
R13: ffffc900001ffa80 R14: 0000000000000000 R15: 00000000000000e6
vprintk_emit+0xd1/0x260 kernel/printk/printk.c:2288
vprintk_default+0x18/0x20 kernel/printk/printk.c:2299
vprintk+0x49/0x50 kernel/printk/printk_safe.c:50
_printk+0xca/0x10a kernel/printk/printk.c:2309
kauditd_printk_skb kernel/audit.c:538 [inline]
kauditd_hold_skb+0x103/0x150 kernel/audit.c:573
kauditd_send_queue+0x1c5/0x1f0 kernel/audit.c:758
kauditd_thread+0x492/0x6d0 kernel/audit.c:882
kthread+0x39c/0x480 kernel/kthread.c:319
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:298
Memory state around the buggy address:
ffffc90000007900: 00 00 00 00 00 00 f3 f3 f3 f3 f3 f3 00 00 00 00
ffffc90000007980: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>ffffc90000007a00: 00 00 00 00 f1 f1 f1 f1 00 00 00 00 00 00 00 f3
^
ffffc90000007a80: f3 f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00
ffffc90000007b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
==================================================================
----------------
Code disassembly (best guess):
0: e8 57 61 17 03 callq 0x317615c
5: 84 db test %bl,%bl
7: 74 07 je 0x10
9: c6 05 cc 69 10 05 00 movb $0x0,0x51069cc(%rip) # 0x51069dc
10: e8 87 52 00 00 callq 0x529c
15: f7 44 24 58 00 02 00 testl $0x200,0x58(%rsp)
1c: 00
1d: 4c 8d ac 24 80 01 00 lea 0x180(%rsp),%r13
24: 00
25: 74 01 je 0x28
27: fb sti
28: 84 db test %bl,%bl
* 2a: 0f 94 c0 sete %al <-- trapping instruction
2d: 22 44 24 1b and 0x1b(%rsp),%al
31: 3c 01 cmp $0x1,%al
33: 0f 84 b3 fa ff ff je 0xfffffaec
39: 0f b6 c3 movzbl %bl,%eax
3c: 85 c0 test %eax,%eax
3e: 0f .byte 0xf
3f: 84 .byte 0x84