bisecting fixing commit since 4ea3c6425269d33da53c79d539ce9554117cf4d4
building syzkaller on e22c3da3b05600c6c0f62142160839b4b7f82a62
testing commit 4ea3c6425269d33da53c79d539ce9554117cf4d4
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: c20f924c5cd04ab8573903e1b7b6f27fb32b6f1c9927a245e1af9fb61b4b6421
run #0: basic kernel testing failed: BUG: program execution failed: executor NUM: EOF
run #1: crashed: UBSAN: array-index-out-of-bounds in pvr2_i2c_core_init
run #2: crashed: UBSAN: array-index-out-of-bounds in pvr2_i2c_core_init
run #3: crashed: UBSAN: array-index-out-of-bounds in pvr2_i2c_core_init
run #4: crashed: UBSAN: array-index-out-of-bounds in pvr2_i2c_core_init
run #5: crashed: UBSAN: array-index-out-of-bounds in pvr2_i2c_core_init
run #6: crashed: UBSAN: array-index-out-of-bounds in pvr2_i2c_core_init
run #7: crashed: UBSAN: array-index-out-of-bounds in pvr2_i2c_core_init
run #8: crashed: UBSAN: array-index-out-of-bounds in pvr2_i2c_core_init
run #9: crashed: UBSAN: array-index-out-of-bounds in pvr2_i2c_core_init
run #10: crashed: UBSAN: array-index-out-of-bounds in pvr2_i2c_core_init
run #11: crashed: UBSAN: array-index-out-of-bounds in pvr2_i2c_core_init
run #12: crashed: UBSAN: array-index-out-of-bounds in pvr2_i2c_core_init
run #13: crashed: UBSAN: array-index-out-of-bounds in pvr2_i2c_core_init
run #14: crashed: UBSAN: array-index-out-of-bounds in pvr2_i2c_core_init
run #15: crashed: UBSAN: array-index-out-of-bounds in pvr2_i2c_core_init
run #16: crashed: UBSAN: array-index-out-of-bounds in pvr2_i2c_core_init
run #17: crashed: UBSAN: array-index-out-of-bounds in pvr2_i2c_core_init
run #18: crashed: UBSAN: array-index-out-of-bounds in pvr2_i2c_core_init
run #19: crashed: UBSAN: array-index-out-of-bounds in pvr2_i2c_core_init
testing current HEAD feb9c5e19e913b53cb536a7aa7c9f20107bb51ec
testing commit feb9c5e19e913b53cb536a7aa7c9f20107bb51ec
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: cf9be2254ea3b3a51ab7dc2710ed6fe97628a3c96b4cdcc20f6220867b3a43dd
all runs: crashed: UBSAN: array-index-out-of-bounds in pvr2_i2c_core_init
revisions tested: 2, total time: 21m24.351580217s (build: 12m28.379070098s, test: 8m26.343641732s)
the crash still happens on HEAD
commit msg: Merge tag 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mst/vhost
crash: UBSAN: array-index-out-of-bounds in pvr2_i2c_core_init
pvrusb2: You need to resolve the failing condition before this driver can function.  There should be some earlier messages giving more information about the problem.
pvrusb2: Invalid write control endpoint
================================================================================
UBSAN: array-index-out-of-bounds in drivers/media/usb/pvrusb2/pvrusb2-i2c-core.c:602:13
index -1 is out of range for type 'int [20]'
CPU: 1 PID: 1959 Comm: pvrusb2-context Not tainted 5.18.0-rc6-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x57/0x7d lib/dump_stack.c:106
 ubsan_epilogue+0x5/0x36 lib/ubsan.c:151
 __ubsan_handle_out_of_bounds.cold+0x43/0x48 lib/ubsan.c:283
 pvr2_i2c_core_init+0xa2b/0xbe0 drivers/media/usb/pvrusb2/pvrusb2-i2c-core.c:602
 pvr2_hdw_setup_low drivers/media/usb/pvrusb2/pvrusb2-hdw.c:2134 [inline]
 pvr2_hdw_setup drivers/media/usb/pvrusb2/pvrusb2-hdw.c:2261 [inline]
 pvr2_hdw_initialize+0x690/0x3180 drivers/media/usb/pvrusb2/pvrusb2-hdw.c:2338
 pvr2_context_check drivers/media/usb/pvrusb2/pvrusb2-context.c:109 [inline]
 pvr2_context_thread_func+0x1cb/0x680 drivers/media/usb/pvrusb2/pvrusb2-context.c:158
 kthread+0x299/0x340 kernel/kthread.c:376
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:298
 </TASK>
================================================================================
Kernel panic - not syncing: panic_on_warn set ...
CPU: 0 PID: 1959 Comm: pvrusb2-context Not tainted 5.18.0-rc6-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x57/0x7d lib/dump_stack.c:106
 panic+0x227/0x466 kernel/panic.c:250
 ubsan_epilogue+0x35/0x36 lib/ubsan.c:158
 __ubsan_handle_out_of_bounds.cold+0x43/0x48 lib/ubsan.c:283
 pvr2_i2c_core_init+0xa2b/0xbe0 drivers/media/usb/pvrusb2/pvrusb2-i2c-core.c:602
 pvr2_hdw_setup_low drivers/media/usb/pvrusb2/pvrusb2-hdw.c:2134 [inline]
 pvr2_hdw_setup drivers/media/usb/pvrusb2/pvrusb2-hdw.c:2261 [inline]
 pvr2_hdw_initialize+0x690/0x3180 drivers/media/usb/pvrusb2/pvrusb2-hdw.c:2338
 pvr2_context_check drivers/media/usb/pvrusb2/pvrusb2-context.c:109 [inline]
 pvr2_context_thread_func+0x1cb/0x680 drivers/media/usb/pvrusb2/pvrusb2-context.c:158
 kthread+0x299/0x340 kernel/kthread.c:376
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:298
 </TASK>
Kernel Offset: disabled
Rebooting in 86400 seconds..