ci2 starts bisection 2023-05-09 04:25:59.819398315 +0000 UTC m=+33709.162758282
bisecting cause commit starting from 19c0ed55a470d1cd766484abab04871b648560fb
building syzkaller on c7a5e2a09a3a40010fbf66b9cceeda1a5ca9f3cf
ensuring issue is reproducible on original commit 19c0ed55a470d1cd766484abab04871b648560fb

testing commit 19c0ed55a470d1cd766484abab04871b648560fb gcc
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: ca93db3c7401d09f26a137a46242038ec5ce202860c064a1ddb030834fb8d20a
all runs: crashed: kernel BUG in cdc_ncm_fill_tx_frame
testing release v5.15.106
testing commit d86dfc4d95cd218246b10ca7adf22c8626547599 gcc
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 8ecc04bcb5af840215851b95179ce65171c5334c6aa871e68cb3ec580e1bb7ad
all runs: OK
# git bisect start 19c0ed55a470d1cd766484abab04871b648560fb d86dfc4d95cd218246b10ca7adf22c8626547599
Bisecting: 2927 revisions left to test after this (roughly 12 steps)
[2dfec93ac31e61745690a053f5aa7bae286a0f22] UPSTREAM: tracing: Add division and multiplication support for hist triggers

testing commit 2dfec93ac31e61745690a053f5aa7bae286a0f22 gcc
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: bf2e810296f14d555d03329e6276c3fd3a4cd75e8545b67e348b270b585cc14d
all runs: basic kernel testing failed: UBSAN: object-size-mismatch in wg_xmit
# git bisect skip 2dfec93ac31e61745690a053f5aa7bae286a0f22
Bisecting: 2925 revisions left to test after this (roughly 12 steps)
[49ada579d12e0aa9dc796f9fc3dc361ccf984a4a] UPSTREAM: tracing/histogram: Simplify handling of .sym-offset in expressions

testing commit 49ada579d12e0aa9dc796f9fc3dc361ccf984a4a gcc
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: ada5b0ed9042b4a2b6324cda1d7b470ed2f833860dcef3c4ba79de7612713c49
all runs: basic kernel testing failed: UBSAN: object-size-mismatch in wg_xmit
# git bisect skip 49ada579d12e0aa9dc796f9fc3dc361ccf984a4a
Bisecting: 2925 revisions left to test after this (roughly 12 steps)
[6249944245b8b57c30ef87819f0342c85c02426f] ANDROID: gki_defconfig: enable IOMMU_LIMIT_IOVA_ALIGNMENT

testing commit 6249944245b8b57c30ef87819f0342c85c02426f gcc
compiler: gcc (GCC) 8.4.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 5b0bed026fab2beb1a9ba4696a915deee5539e153060000af3bdc37c025dbea9
run #0: basic kernel testing failed: KASAN: use-after-free Read in attach_pid
run #1: basic kernel testing failed: KASAN: use-after-free Read in attach_pid
run #2: basic kernel testing failed: KASAN: use-after-free Read in task_active_pid_ns
run #3: basic kernel testing failed: KASAN: use-after-free Read in task_active_pid_ns
run #4: basic kernel testing failed: KASAN: use-after-free Read in attach_pid
run #5: basic kernel testing failed: KASAN: use-after-free Read in task_active_pid_ns
run #6: basic kernel testing failed: KASAN: use-after-free Read in attach_pid
run #7: basic kernel testing failed: KASAN: use-after-free Read in attach_pid
run #8: basic kernel testing failed: KASAN: use-after-free Read in attach_pid
run #9: basic kernel testing failed: KASAN: use-after-free Read in task_active_pid_ns
# git bisect skip 6249944245b8b57c30ef87819f0342c85c02426f
Bisecting: 2925 revisions left to test after this (roughly 12 steps)
[650b7fa416c28a776e93e5c87799194d135d4fc8] Revert "FROMLIST: overlayfs: override_creds=off option bypass cr..."

testing commit 650b7fa416c28a776e93e5c87799194d135d4fc8 gcc
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 17bcbefc265a9dcd08fb888444c46dc315ac76aeec32b1fdf31252895e41d2b0
all runs: basic kernel testing failed: UBSAN: object-size-mismatch in wg_xmit
# git bisect skip 650b7fa416c28a776e93e5c87799194d135d4fc8
Bisecting: 2925 revisions left to test after this (roughly 12 steps)
[b24cd8be89c6b6ede275e63d2ce44f6735864236] ANDROID: ABI: gki_defconfig: disable cfg80211 and mac80211

testing commit b24cd8be89c6b6ede275e63d2ce44f6735864236 gcc
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 41faa4b5eea971f6135015ac462f6fcc044297f460dfc4270c1e427d34f9d3c6
all runs: OK
# git bisect good b24cd8be89c6b6ede275e63d2ce44f6735864236
Bisecting: 770 revisions left to test after this (roughly 10 steps)
[b3bb41cebdeb0688b508df20f0db5f55a87e46e8] ANDROID: GKI: Update abi_gki_aarch64_qcom for DMA

testing commit b3bb41cebdeb0688b508df20f0db5f55a87e46e8 gcc
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 67b413d98acf292999922d6242a324085cb98f8635846e66845973901baba360
run #0: crashed: kernel BUG in cdc_ncm_fill_tx_frame
run #1: boot failed: can't ssh into the instance
run #2: boot failed: can't ssh into the instance
run #3: boot failed: can't ssh into the instance
run #4: boot failed: can't ssh into the instance
run #5: boot failed: can't ssh into the instance
run #6: boot failed: can't ssh into the instance
run #7: boot failed: can't ssh into the instance
run #8: boot failed: can't ssh into the instance
run #9: boot failed: can't ssh into the instance
# git bisect bad b3bb41cebdeb0688b508df20f0db5f55a87e46e8
Bisecting: 385 revisions left to test after this (roughly 9 steps)
[d26c0e1c409179ea74aaa89f748006bd76000cc3] ANDROID: vendor_hooks: Add hooks to select binder worklist

testing commit d26c0e1c409179ea74aaa89f748006bd76000cc3 gcc
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 7c114312a53119e9e50ed0942cda102c0a15bb5b0f3218b821c5d02f3047c9dc
all runs: crashed: kernel BUG in cdc_ncm_fill_tx_frame
# git bisect bad d26c0e1c409179ea74aaa89f748006bd76000cc3
Bisecting: 192 revisions left to test after this (roughly 8 steps)
[0b6600b7925152274dfd51be6d0be1b5c677dd14] FROMLIST: iommu/io-pgtable-arm-v7s: Add a quirk to allow pgtable PA up to 35bit

testing commit 0b6600b7925152274dfd51be6d0be1b5c677dd14 gcc
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 401a583bfedcb5f5426b7193aade9c84f48ac48e3d79f4f9fc5acd4b54bf9901
all runs: crashed: kernel BUG in cdc_ncm_fill_tx_frame
# git bisect bad 0b6600b7925152274dfd51be6d0be1b5c677dd14
Bisecting: 96 revisions left to test after this (roughly 7 steps)
[7f6e518e432d8d4f6a4c0ad2135e097e5d83399d] ANDROID: GKI: Add ANDROID_OEM_DATA in struct blk_mq_ctx

testing commit 7f6e518e432d8d4f6a4c0ad2135e097e5d83399d gcc
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 3d27b527a94b568811e82fdaf1a7aca1df87d93ca998ffdae963b4d0a788455f
all runs: crashed: kernel BUG in cdc_ncm_fill_tx_frame
# git bisect bad 7f6e518e432d8d4f6a4c0ad2135e097e5d83399d
Bisecting: 47 revisions left to test after this (roughly 6 steps)
[875ca13d08efecff39d80a7131f46f9d25adc767] UPSTREAM: mm/damon/dbgfs: support prioritization weights

testing commit 875ca13d08efecff39d80a7131f46f9d25adc767 gcc
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 7011ce88575829ececcb5b10726d3a6b299528bae758c613b5790dbf93f7f14b
all runs: OK
# git bisect good 875ca13d08efecff39d80a7131f46f9d25adc767
Bisecting: 23 revisions left to test after this (roughly 5 steps)
[82b9795ec78b7e8490846a0fc0a242f3e21a6b73] UPSTREAM: mm/damon: convert macro functions to static inline functions

testing commit 82b9795ec78b7e8490846a0fc0a242f3e21a6b73 gcc
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 7db26090ce65f80502cc5c0cd824355fe445279c07f69fe4673c1d11d0d6e5c5
all runs: OK
# git bisect good 82b9795ec78b7e8490846a0fc0a242f3e21a6b73
Bisecting: 11 revisions left to test after this (roughly 4 steps)
[caffd17b021eb009debc5209f0bdd3817b202dd3] UPSTREAM: mm/damon: modify damon_rand() macro to static inline function

testing commit caffd17b021eb009debc5209f0bdd3817b202dd3 gcc
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: ee6077be041e8feff4c7f71e67a36eb2e9907390a09124b3e943a1722afb80d7
all runs: OK
# git bisect good caffd17b021eb009debc5209f0bdd3817b202dd3
Bisecting: 5 revisions left to test after this (roughly 3 steps)
[149474c544a68da395680cc2d0c0a33645c42ec5] FROMLIST: power_supply: Use of-thermal cdev registration API

testing commit 149474c544a68da395680cc2d0c0a33645c42ec5 gcc
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: ac035f6d1a0f29fc8a1930bbaa10993db83d19f55205b3e88fb67b261cc74f0a
all runs: OK
# git bisect good 149474c544a68da395680cc2d0c0a33645c42ec5
Bisecting: 2 revisions left to test after this (roughly 2 steps)
[c6b53b7aac0eb81d2fd533922b0a64a00d5f9fe5] ANDROID: abi_gki_aarch64_qcom: Update qcom abi symbol list

testing commit c6b53b7aac0eb81d2fd533922b0a64a00d5f9fe5 gcc
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 141511d2e04f06a37f0c66cc93ce40cc5ed2c3e067b6fbaa04350dbc64f67509
all runs: crashed: kernel BUG in cdc_ncm_fill_tx_frame
# git bisect bad c6b53b7aac0eb81d2fd533922b0a64a00d5f9fe5
Bisecting: 0 revisions left to test after this (roughly 1 step)
[3c55aa6ffeeff6673ab8077c0b9c0c46a4edd476] ANDROID: GKI: add vendor padding variable in struct skb_shared_info

testing commit 3c55aa6ffeeff6673ab8077c0b9c0c46a4edd476 gcc
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 57f652028fb1a0330e712006807a52524096ff15753b5f77bbb8887ce9cd7396
all runs: crashed: kernel BUG in cdc_ncm_fill_tx_frame
# git bisect bad 3c55aa6ffeeff6673ab8077c0b9c0c46a4edd476
Bisecting: 0 revisions left to test after this (roughly 0 steps)
[f45d12df24bd86efbe6bbb925a4920fde94e3c1a] ANDROID: GKI: Enable DM_INIT

testing commit f45d12df24bd86efbe6bbb925a4920fde94e3c1a gcc
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 25549ea8ccf92e462f12018777744eff8223ed2838d0c6ea209165fe45270172
all runs: OK
# git bisect good f45d12df24bd86efbe6bbb925a4920fde94e3c1a
3c55aa6ffeeff6673ab8077c0b9c0c46a4edd476 is the first bad commit
commit 3c55aa6ffeeff6673ab8077c0b9c0c46a4edd476
Author: Vignesh Saravanaperumal <vignesh1.s@samsung.com>
Date:   Thu Jul 8 07:01:33 2021 -0700

    ANDROID: GKI: add vendor padding variable in struct skb_shared_info
    
    Some vendors want to add things to 'struct skb_shared_info', so give
    them an array to place their data.
    
    Bug: 171013716
    Signed-off-by: Vignesh Saravanaperumal <vignesh1.s@samsung.com>
    Change-Id: Ia0024e3e8de89f4ef335fa26208ec6c45abafb22

 include/linux/skbuff.h | 4 ++++
 1 file changed, 4 insertions(+)

culprit signature: 57f652028fb1a0330e712006807a52524096ff15753b5f77bbb8887ce9cd7396
parent  signature: 25549ea8ccf92e462f12018777744eff8223ed2838d0c6ea209165fe45270172
revisions tested: 18, total time: 6h29m2.190760923s (build: 4h42m9.199779542s, test: 1h42m30.117027175s)
first bad commit: 3c55aa6ffeeff6673ab8077c0b9c0c46a4edd476 ANDROID: GKI: add vendor padding variable in struct skb_shared_info
recipients (to): ["vignesh1.s@samsung.com"]
recipients (cc): []
crash: kernel BUG in cdc_ncm_fill_tx_frame
skbuff: skb_over_panic: text:ffffffff82dab104 len:184 put:172 head:ffff8881232e1800 data:ffff8881232e1800 tail:0xb8 end:0x80 dev:<NULL>
------------[ cut here ]------------
kernel BUG at net/core/skbuff.c:113!
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
CPU: 1 PID: 393 Comm: kworker/1:3 Not tainted 5.15.41-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023
Workqueue: mld mld_ifc_work
RIP: 0010:skb_panic net/core/skbuff.c:113 [inline]
RIP: 0010:skb_over_panic+0x14c/0x150 net/core/skbuff.c:118
Code: 80 62 2f 85 48 c7 c6 00 ed 76 85 48 8b 55 c0 8b 4d d4 44 8b 45 d0 4c 8b 4d c8 53 41 55 41 54 41 57 e8 bd df c5 00 48 83 c4 20 <0f> 0b 66 90 55 48 89 e5 41 57 41 56 41 55 41 54 53 48 83 ec 10 89
RSP: 0018:ffffc9000046efb8 EFLAGS: 00010286
RAX: 0000000000000087 RBX: ffffffff852f6300 RCX: d482ddc3f2d20d00
RDX: 1ffff9200008ddbc RSI: ffffffff8501b780 RDI: 0000000000000001
RBP: ffffc9000046eff8 R08: dffffc0000000000 R09: ffffed103ee665c0
R10: 0000000000000000 R11: dffffc0000000001 R12: 00000000000000b8
R13: 0000000000000080 R14: dffffc0000000000 R15: ffff8881232e1800
FS:  0000000000000000(0000) GS:ffff8881f7300000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000563022216000 CR3: 0000000115c9c000 CR4: 00000000003506a0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 skb_put+0x10c/0x200 net/core/skbuff.c:2023
 skb_put_zero include/linux/skbuff.h:2328 [inline]
 cdc_ncm_ndp16 drivers/net/usb/cdc_ncm.c:1131 [inline]
 cdc_ncm_fill_tx_frame+0xff4/0x4460 drivers/net/usb/cdc_ncm.c:1308
 cdc_ncm_tx_fixup+0x83/0xd0
 usbnet_start_xmit+0x105/0x1a70 drivers/net/usb/usbnet.c:1370
 __netdev_start_xmit include/linux/netdevice.h:4996 [inline]
 netdev_start_xmit include/linux/netdevice.h:5010 [inline]
 xmit_one net/core/dev.c:3591 [inline]
 dev_hard_start_xmit+0x21b/0x530 net/core/dev.c:3607
 sch_direct_xmit+0x228/0x890 net/sched/sch_generic.c:342
 __dev_xmit_skb net/core/dev.c:3818 [inline]
 __dev_queue_xmit+0x132b/0x2790 net/core/dev.c:4186
 dev_queue_xmit+0xb/0x10 net/core/dev.c:4254
 neigh_resolve_output+0x5ec/0x6c0 net/core/neighbour.c:1497
 neigh_output include/net/neighbour.h:524 [inline]
 ip6_finish_output2+0xdb4/0x16b0 net/ipv6/ip6_output.c:126
 __ip6_finish_output+0x541/0x740 net/ipv6/ip6_output.c:191
 ip6_finish_output+0x27/0x180 net/ipv6/ip6_output.c:201
 NF_HOOK_COND include/linux/netfilter.h:299 [inline]
 ip6_output+0x1aa/0x410 net/ipv6/ip6_output.c:224
 dst_output include/net/dst.h:450 [inline]
 NF_HOOK include/linux/netfilter.h:310 [inline]
 mld_sendpack+0x61b/0xb20 net/ipv6/mcast.c:1818
 mld_send_cr net/ipv6/mcast.c:2119 [inline]
 mld_ifc_work+0x73f/0xa70 net/ipv6/mcast.c:2651
 process_one_work+0x635/0xa70 kernel/workqueue.c:2313
 worker_thread+0x8b8/0xf40 kernel/workqueue.c:2460
 kthread+0x3a1/0x480 kernel/kthread.c:319
 ret_from_fork+0x1f/0x30
 </TASK>
Modules linked in:
---[ end trace 997dbd768bd9f9c8 ]---
RIP: 0010:skb_panic net/core/skbuff.c:113 [inline]
RIP: 0010:skb_over_panic+0x14c/0x150 net/core/skbuff.c:118
Code: 80 62 2f 85 48 c7 c6 00 ed 76 85 48 8b 55 c0 8b 4d d4 44 8b 45 d0 4c 8b 4d c8 53 41 55 41 54 41 57 e8 bd df c5 00 48 83 c4 20 <0f> 0b 66 90 55 48 89 e5 41 57 41 56 41 55 41 54 53 48 83 ec 10 89
RSP: 0018:ffffc9000046efb8 EFLAGS: 00010286
RAX: 0000000000000087 RBX: ffffffff852f6300 RCX: d482ddc3f2d20d00
RDX: 1ffff9200008ddbc RSI: ffffffff8501b780 RDI: 0000000000000001
RBP: ffffc9000046eff8 R08: dffffc0000000000 R09: ffffed103ee665c0
R10: 0000000000000000 R11: dffffc0000000001 R12: 00000000000000b8
R13: 0000000000000080 R14: dffffc0000000000 R15: ffff8881232e1800
FS:  0000000000000000(0000) GS:ffff8881f7300000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000563022216000 CR3: 0000000115c9c000 CR4: 00000000003506a0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400