ci starts bisection 2024-05-18 17:23:48.464347547 +0000 UTC m=+60587.573440714
bisecting cause commit starting from 9221b2819b8a4196eecf5476d66201be60fbcf29
building syzkaller on 375d4445a31b220afd91f42a7aa1b610d689a897
fetch other tags and check if the commit is present
ensuring issue is reproducible on original commit 9221b2819b8a4196eecf5476d66201be60fbcf29

testing commit 9221b2819b8a4196eecf5476d66201be60fbcf29 gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 8de5a7e06cf968a74be1b27332019970d4dd3a08a6c80d34094da20b065ced67
all runs: crashed: UBSAN: shift-out-of-bounds in extAlloc
representative crash: UBSAN: shift-out-of-bounds in extAlloc, types: [UBSAN]
check whether we can drop unnecessary instrumentation
disabling configs for [LEAK BUG KASAN LOCKDEP ATOMIC_SLEEP HANG], they are not needed
testing commit 9221b2819b8a4196eecf5476d66201be60fbcf29 gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 9e4057dd181d693ae19aa28e5c79ae8b96e27d1b7a2de6526daa102f9150d793
all runs: crashed: UBSAN: shift-out-of-bounds in extAlloc
representative crash: UBSAN: shift-out-of-bounds in extAlloc, types: [UBSAN]
the bug reproduces without the instrumentation
disabling configs for [HANG LEAK BUG KASAN LOCKDEP ATOMIC_SLEEP], they are not needed
kconfig minimization: base=3976 full=8037 leaves diff=2019
split chunks (needed=false): <2019>
split chunk #0 of len 2019 into 5 parts
testing without sub-chunk 1/5
disabling configs for [LEAK BUG KASAN LOCKDEP ATOMIC_SLEEP HANG], they are not needed
testing commit 9221b2819b8a4196eecf5476d66201be60fbcf29 gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 62810f8df1568896a8824db8bbccc016b1aebb93e9ee91d03eb483f36cf52c92
all runs: crashed: UBSAN: shift-out-of-bounds in extAlloc
representative crash: UBSAN: shift-out-of-bounds in extAlloc, types: [UBSAN]
the chunk can be dropped
testing without sub-chunk 2/5
disabling configs for [HANG LEAK BUG KASAN LOCKDEP ATOMIC_SLEEP], they are not needed
testing commit 9221b2819b8a4196eecf5476d66201be60fbcf29 gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 1111fa687ebe45c773daa7f2040836aa3812b0907701ec95462d7c6b9ddb28ff
all runs: crashed: UBSAN: shift-out-of-bounds in extAlloc
representative crash: UBSAN: shift-out-of-bounds in extAlloc, types: [UBSAN]
the chunk can be dropped
testing without sub-chunk 3/5
disabling configs for [BUG KASAN LOCKDEP ATOMIC_SLEEP HANG LEAK], they are not needed
testing commit 9221b2819b8a4196eecf5476d66201be60fbcf29 gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 410446e7f9c3e585bdbfb9b557c25738555d1d7f660394e8acf0d6ed4c0b11ab
all runs: OK
false negative chance: 0.000
testing without sub-chunk 4/5
disabling configs for [LOCKDEP ATOMIC_SLEEP HANG LEAK BUG KASAN], they are not needed
testing commit 9221b2819b8a4196eecf5476d66201be60fbcf29 gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: f93d736d21795e0e83f61fe98f07881a85d7062d4a3a4132f21780d3486abf36
all runs: crashed: UBSAN: shift-out-of-bounds in extAlloc
representative crash: UBSAN: shift-out-of-bounds in extAlloc, types: [UBSAN]
the chunk can be dropped
testing without sub-chunk 5/5
disabling configs for [HANG LEAK BUG KASAN LOCKDEP ATOMIC_SLEEP], they are not needed
testing commit 9221b2819b8a4196eecf5476d66201be60fbcf29 gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 259bb2022953f583958a1de762d2acf3491ed6d4ccfc16d0c6e9822c5816a5cb
all runs: crashed: UBSAN: shift-out-of-bounds in extAlloc
representative crash: UBSAN: shift-out-of-bounds in extAlloc, types: [UBSAN]
the chunk can be dropped
minimized to 404 configs; suspects: [AX25 BRIDGE BRIDGE_NETFILTER CAN CFG80211 CHECKPOINT_RESTORE CPU_MITIGATIONS DVB_CORE FB_CORE HAMRADIO HSR INFINIBAND INFINIBAND_ADDR_TRANS INFINIBAND_USER_ACCESS INPUT_JOYSTICK INPUT_MOUSE IP6_NF_RAW IPV6_MULTIPLE_TABLES IP_NF_RAW IP_SET IP_VS IP_VS_LBLCR IP_VS_LC IP_VS_MH IP_VS_NFCT IP_VS_NQ IP_VS_OVF IP_VS_PE_SIP IP_VS_PROTO_AH IP_VS_PROTO_AH_ESP IP_VS_PROTO_ESP IP_VS_PROTO_SCTP IP_VS_PROTO_UDP IP_VS_RR IP_VS_SED IP_VS_SH IP_VS_TWOS IP_VS_WLC IP_VS_WRR IRQ_BYPASS_MANAGER IRQ_POLL IR_IGORPLUGUSB IR_IGUANA IR_IMON IR_MCEUSB IR_REDRAT3 IR_STREAMZAP IR_TTUSBIR ISDN ISDN_CAPI_MIDDLEWARE JFFS2_CMODE_PRIORITY JFFS2_COMPRESSION_OPTIONS JFFS2_FS JFFS2_FS_POSIX_ACL JFFS2_FS_SECURITY JFFS2_FS_WRITEBUFFER JFFS2_FS_XATTR JFFS2_LZO JFFS2_RTIME JFFS2_RUBIN JFFS2_SUMMARY JFFS2_ZLIB JFS_DEBUG JFS_FS JFS_POSIX_ACL JFS_SECURITY JOYSTICK_IFORCE JOYSTICK_IFORCE_USB JOYSTICK_XPAD JOYSTICK_XPAD_FF JOYSTICK_XPAD_LEDS KARMA_PARTITION KCOV KCOV_ENABLE_COMPARISONS KCOV_INSTRUMENT_ALL KEYS_REQUEST_CACHE KEY_DH_OPERATIONS KEY_NOTIFICATIONS KSM KVM KVM_AMD KVM_ASYNC_PF KVM_COMMON KVM_COMPAT KVM_GENERIC_DIRTYLOG_READ_PROTECT KVM_GENERIC_HARDWARE_ENABLING KVM_GENERIC_MEMORY_ATTRIBUTES KVM_GENERIC_MMU_NOTIFIER KVM_GENERIC_PRIVATE_MEM KVM_HYPERV KVM_MMIO KVM_PRIVATE_MEM KVM_PROVE_MMU KVM_SW_PROTECTED_VM KVM_VFIO KVM_XEN KVM_XFER_TO_GUEST_WORK L2TP L2TP_ETH L2TP_IP L2TP_V3 LAPB LAPBETHER LDM_PARTITION LEGACY_PTYS LIBCRC32C LIBNVDIMM LINEAR_RANGES LLC LLC2 LOGIG940_FF LOGIRUMBLEPAD2_FF LOGO LOGO_LINUX_MONO LOGO_LINUX_VGA16 LPC_ICH LRU_GEN LRU_GEN_ENABLED LRU_GEN_WALKS_MMU LWTUNNEL LWTUNNEL_BPF LZ4HC_COMPRESS LZ4_COMPRESS MAC80211 MAC80211_HAS_RC MAC80211_HWSIM MAC80211_MESH MAC80211_RC_DEFAULT_MINSTREL MAC80211_RC_MINSTREL MACSEC MACVLAN MACVTAP MAC_PARTITION MAPPING_DIRTY_HELPERS MD_RAID0 MD_RAID1 MD_RAID10 MD_RAID456 MEDIA_ANALOG_TV_SUPPORT MEDIA_ATTACH MEDIA_CONTROLLER MEDIA_CONTROLLER_DVB MEDIA_DIGITAL_TV_SUPPORT MEDIA_RADIO_SUPPORT MEDIA_SDR_SUPPORT MEDIA_SUPPORT MEDIA_SUPPORT_FILTER MEDIA_TUNER MEDIA_TUNER_MSI001 MEMORY_BALLOON MEMORY_HOTPLUG MEMORY_HOTPLUG_DEFAULT_ONLINE MEMORY_ISOLATION MEMREGION MEMSTICK MEMSTICK_REALTEK_USB MEM_SOFT_DIRTY MFD_CORE MFD_SYSCON MHI_BUS MHI_WWAN_CTRL MHP_MEMMAP_ON_MEMORY MICROCHIP_PHY MINIX_FS MINIX_SUBPARTITION MISC_RTSX MISC_RTSX_USB MISDN MISDN_DSP MISDN_HFCUSB MISDN_L1OIP MITIGATION_SPECTRE_BHI MKISS MLX4_CORE MLX4_INFINIBAND MMC MMC_REALTEK_USB MMC_USHC MMC_VUB300 MMU_NOTIFIER MODULE_SRCVERSION_ALL MODVERSIONS MOST MOUSE_APPLETOUCH MOUSE_BCM5974 MOUSE_PS2 MOUSE_PS2_ALPS MOUSE_PS2_BYD MOUSE_PS2_CYPRESS MOUSE_PS2_FOCALTECH MOUSE_PS2_LIFEBOOK MOUSE_PS2_LOGIPS2PP MOUSE_PS2_SMBUS MOUSE_PS2_SYNAPTICS MOUSE_PS2_SYNAPTICS_SMBUS MOUSE_PS2_TRACKPOINT MOUSE_SYNAPTICS_USB MPLS MPLS_IPTUNNEL MPLS_ROUTING MPTCP MPTCP_IPV6 MRP MTD MTD_BLKDEVS MTD_BLOCK MTD_BLOCK2MTD MTD_CFI_I1 MTD_CFI_I2 MTD_MAP_BANK_WIDTH_1 MTD_MAP_BANK_WIDTH_2 MTD_MAP_BANK_WIDTH_4 MTD_MTDRAM MTD_PHRAM MTD_SLRAM MUSB_PIO_ONLY ND_BTT ND_CLAIM ND_PFN NETDEVSIM NETFILTER_ADVANCED NETFILTER_BPF_LINK NETFILTER_FAMILY_ARP NETFILTER_FAMILY_BRIDGE NETFILTER_NETLINK_ACCT NETFILTER_NETLINK_GLUE_CT NETFILTER_NETLINK_OSF NETFILTER_NETLINK_QUEUE NETFILTER_SYNPROXY NETFILTER_XTABLES_COMPAT NETFILTER_XT_CONNMARK NETFILTER_XT_MATCH_BPF NETFILTER_XT_MATCH_CGROUP NETFILTER_XT_MATCH_CLUSTER NETFILTER_XT_MATCH_COMMENT NETFILTER_XT_MATCH_CONNBYTES NETFILTER_XT_MATCH_CONNLABEL NETFILTER_XT_MATCH_CONNLIMIT NETFILTER_XT_MATCH_CONNMARK NETFILTER_XT_MATCH_CPU NETFILTER_XT_MATCH_DCCP NETFILTER_XT_MATCH_DEVGROUP NETFILTER_XT_MATCH_DSCP NETFILTER_XT_MATCH_ECN NETFILTER_XT_MATCH_ESP NETFILTER_XT_MATCH_HASHLIMIT NETFILTER_XT_MATCH_HELPER NETFILTER_XT_MATCH_HL NETFILTER_XT_MATCH_IPCOMP NETFILTER_XT_MATCH_IPRANGE NETFILTER_XT_MATCH_IPVS NETFILTER_XT_MATCH_L2TP NETFILTER_XT_MATCH_LENGTH NETFILTER_XT_MATCH_LIMIT NETFILTER_XT_MATCH_MAC NETFILTER_XT_MATCH_MARK NETFILTER_XT_MATCH_MULTIPORT NETFILTER_XT_MATCH_NFACCT NETFILTER_XT_MATCH_OSF NETFILTER_XT_MATCH_OWNER NETFILTER_XT_MATCH_PHYSDEV NETFILTER_XT_MATCH_PKTTYPE NETFILTER_XT_MATCH_QUOTA NETFILTER_XT_MATCH_RATEEST NETFILTER_XT_MATCH_REALM NETFILTER_XT_MATCH_RECENT NETFILTER_XT_MATCH_SCTP NETFILTER_XT_MATCH_SOCKET NETFILTER_XT_MATCH_STATISTIC NETFILTER_XT_MATCH_STRING NETFILTER_XT_MATCH_TCPMSS NETFILTER_XT_MATCH_TIME NETFILTER_XT_MATCH_U32 NETFILTER_XT_SET NETFILTER_XT_TARGET_AUDIT NETFILTER_XT_TARGET_CHECKSUM NETFILTER_XT_TARGET_CLASSIFY NETFILTER_XT_TARGET_CONNMARK NETFILTER_XT_TARGET_CT NETFILTER_XT_TARGET_DSCP NETFILTER_XT_TARGET_HL NETFILTER_XT_TARGET_HMARK NETFILTER_XT_TARGET_IDLETIMER NETFILTER_XT_TARGET_LED NETFILTER_XT_TARGET_MARK NETFILTER_XT_TARGET_NETMAP NETFILTER_XT_TARGET_NFQUEUE NETFILTER_XT_TARGET_NOTRACK NETFILTER_XT_TARGET_RATEEST NETFILTER_XT_TARGET_REDIRECT NETFILTER_XT_TARGET_TCPOPTSTRIP NETFILTER_XT_TARGET_TEE NETFILTER_XT_TARGET_TPROXY NETFILTER_XT_TARGET_TRACE NETLABEL NETLINK_DIAG NETROM NET_9P_RDMA NET_ACT_BPF NET_ACT_CONNMARK NET_ACT_CSUM NET_ACT_CT NET_ACT_CTINFO NET_ACT_GATE NET_ACT_IFE NET_ACT_MPLS NET_ACT_NAT NET_ACT_PEDIT NET_ACT_POLICE NET_ACT_SAMPLE NET_ACT_SIMP NET_ACT_SKBEDIT NET_ACT_SKBMOD NET_ACT_TUNNEL_KEY NET_ACT_VLAN NET_CLS_BASIC NET_CLS_BPF NET_CLS_FLOW NET_CLS_FLOWER NET_CLS_FW NET_CLS_MATCHALL NET_CLS_ROUTE4 NET_DEVLINK NET_DROP_MONITOR NET_DSA NET_DSA_TAG_BRCM NET_DSA_TAG_BRCM_COMMON NET_DSA_TAG_BRCM_PREPEND NET_DSA_TAG_MTK NET_DSA_TAG_QCA NET_DSA_TAG_RTL4_A NET_EMATCH_CANID NET_EMATCH_CMP NET_EMATCH_IPSET NET_EMATCH_IPT NET_EMATCH_META NET_EMATCH_NBYTE NET_EMATCH_TEXT NET_EMATCH_U32 NET_FC NET_FOU NET_FOU_IP_TUNNELS NET_IFE NET_IFE_SKBMARK NET_IFE_SKBPRIO NET_IFE_SKBTCINDEX NET_IPGRE NET_IPGRE_BROADCAST NET_IPGRE_DEMUX NET_IPIP NET_IPVTI NET_KEY NET_KEY_MIGRATE NET_L3_MASTER_DEV NET_MPLS_GSO NET_NCSI NET_NSH NET_REDIRECT NET_SCH_CAKE NET_SCH_CBS NET_SCH_CHOKE NET_SCH_CODEL NET_SCH_DRR NET_SCH_ETF NET_SCH_ETS NET_SCH_FQ NET_SCH_FQ_CODEL NET_SCH_FQ_PIE NET_SCH_GRED NET_SCH_HFSC NET_SCH_HHF NET_SCH_HTB NET_SCH_INGRESS NET_SCH_MQPRIO NET_SCH_MQPRIO_LIB NET_SCH_MULTIQ NET_SCH_NETEM NET_SCH_PIE NET_SCH_PLUG NET_SCH_PRIO NET_SCH_QFQ NET_SCH_RED NET_SCH_SFB NET_SCH_SFQ NET_SCH_SKBPRIO NET_SCH_TAPRIO NET_SCH_TBF NET_SCH_TEQL NET_SOCK_MSG NET_SWITCHDEV NET_TC_SKB_EXT NET_TEAM NET_TEAM_MODE_ACTIVEBACKUP NET_TEAM_MODE_BROADCAST NET_TEAM_MODE_LOADBALANCE NET_TEAM_MODE_RANDOM NET_TEAM_MODE_ROUNDROBIN NET_UDP_TUNNEL NET_VRF NFC NFC_DIGITAL NFC_FDP NFC_HCI NFC_MRVL NFC_MRVL_USB NFC_NCI NFC_NCI_UART NFC_PN533 NFC_PN533_USB NFC_PORT100 NFC_SHDLC NFC_SIM NFC_VIRTUAL_NCI NFSD NFSD_BLOCKLAYOUT NFSD_FLEXFILELAYOUT NFSD_PNFS NFSD_SCSILAYOUT NFSD_V3_ACL NFSD_V4 NFSD_V4_2_INTER_SSC NFSD_V4_SECURITY_LABEL NFS_FSCACHE NFS_V4_1 NFS_V4_2 NFS_V4_2_READ_PLUS NFS_V4_2_SSC_HELPER NFS_V4_SECURITY_LABEL NFT_BRIDGE_META NFT_BRIDGE_REJECT NFT_COMPAT NFT_CONNLIMIT NFT_CT NFT_DUP_IPV4 NFT_DUP_IPV6 NFT_DUP_NETDEV NFT_FIB NFT_FIB_INET NFT_FIB_IPV4 NFT_FIB_IPV6 NFT_FIB_NETDEV NFT_FLOW_OFFLOAD NFT_HASH NFT_LIMIT NFT_LOG NFT_MASQ NFT_NAT NFT_NUMGEN NFT_OSF NFT_QUEUE NFT_QUOTA NFT_REDIR NFT_REJECT NFT_REJECT_INET NFT_REJECT_IPV4 NFT_REJECT_IPV6 NFT_REJECT_NETDEV NFT_SOCKET NFT_SYNPROXY NFT_TPROXY NFT_TUNNEL NFT_XFRM NF_CONNTRACK_AMANDA NF_CONNTRACK_BRIDGE NF_CONNTRACK_BROADCAST NF_CONNTRACK_EVENTS NF_CONNTRACK_H323 NF_CONNTRACK_LABELS NF_CONNTRACK_MARK NF_CONNTRACK_NETBIOS_NS NF_CONNTRACK_OVS NF_CONNTRACK_PPTP NF_CONNTRACK_SANE NF_CONNTRACK_TFTP NF_CONNTRACK_TIMEOUT NF_CONNTRACK_TIMESTAMP NF_CONNTRACK_ZONES NF_CT_NETLINK_HELPER NF_CT_NETLINK_TIMEOUT NF_CT_PROTO_DCCP NF_CT_PROTO_GRE NF_CT_PROTO_SCTP NF_CT_PROTO_UDPLITE NF_DUP_IPV4 NF_DUP_IPV6 NF_DUP_NETDEV NF_FLOW_TABLE NF_FLOW_TABLE_INET NF_NAT_AMANDA NF_NAT_H323 NF_NAT_OVS NF_NAT_PPTP NF_TABLES NF_TABLES_BRIDGE NF_TABLES_INET NF_TABLES_IPV4 NF_TABLES_IPV6 NF_TABLES_NETDEV PARTITION_ADVANCED PSAMPLE RC_CORE RC_DEVICES RFKILL SPI USB_GADGET USB_MUSB_HDRC VIDEO_DEV WAN WATCH_QUEUE WIRELESS WLAN WWAN X25 X86_X32_ABI]
disabling configs for [LOCKDEP ATOMIC_SLEEP HANG LEAK BUG KASAN], they are not needed
picked [v6.8 v6.7 v6.6 v6.4 v6.2 v6.0 v5.18 v5.16 v5.13 v5.10 v5.7 v5.4 v5.1 v4.19] out of 31 release tags
testing release v6.8
testing commit e8f897f4afef0031fe618a8e94127a0934896aba gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 31fe4032d36507c69a25848819f16a4fd1a5c54ebf565b343710a44138bdb31a
all runs: crashed: UBSAN: shift-out-of-bounds in extAlloc
representative crash: UBSAN: shift-out-of-bounds in extAlloc, types: [UBSAN]
testing release v6.7
testing commit 0dd3ee31125508cd67f7e7172247f05b7fd1753a gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 76851d62c1c1998f8f53741d3378e74a7f703d3318e24d21c42556f2e53da32c
all runs: crashed: UBSAN: shift-out-of-bounds in extAlloc
representative crash: UBSAN: shift-out-of-bounds in extAlloc, types: [UBSAN]
testing release v6.6
testing commit ffc253263a1375a65fa6c9f62a893e9767fbebfa gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 0a5efa8268e183190e8e3139d77067315b1f745ed35f0d4c85fc3928303be4cc
all runs: crashed: UBSAN: shift-out-of-bounds in extAlloc
representative crash: UBSAN: shift-out-of-bounds in extAlloc, types: [UBSAN]
testing release v6.4
testing commit 6995e2de6891c724bfeb2db33d7b87775f913ad1 gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: cfec6aa90e16bba6671a155a363be458cd618332254cb83f4d60a8db98bf5457
all runs: crashed: UBSAN: shift-out-of-bounds in extAlloc
representative crash: UBSAN: shift-out-of-bounds in extAlloc, types: [UBSAN]
testing release v6.2
testing commit c9c3395d5e3dcc6daee66c6908354d47bf98cb0c gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 81df9e6d7209368e6156359fca70acedddb4db5965c9be46d0446e51cebfd08f
all runs: crashed: UBSAN: shift-out-of-bounds in extAlloc
representative crash: UBSAN: shift-out-of-bounds in extAlloc, types: [UBSAN]
testing release v6.0
testing commit 4fe89d07dcc2804c8b562f6c7896a45643d34b2f gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 1832b5e86e0ce278c1c0e725e997b8f0b2aaa72c649f8a73bb2f1014bb50b36c
all runs: crashed: UBSAN: shift-out-of-bounds in extAlloc
representative crash: UBSAN: shift-out-of-bounds in extAlloc, types: [UBSAN]
testing release v5.18
testing commit 4b0986a3613c92f4ec1bdc7f60ec66fea135991f gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 4b71380c1a98434e8d746da60ff99aa5f463a23e2ba59dec1ecee9cf8517091f
all runs: crashed: UBSAN: shift-out-of-bounds in extAlloc
representative crash: UBSAN: shift-out-of-bounds in extAlloc, types: [UBSAN]
testing release v5.16
testing commit df0cc57e057f18e44dac8e6c18aba47ab53202f9 gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 164080c361a3f5e16a6739fcd1232add8816529b0abd56f19cf056cb172411d1
all runs: boot failed: UBSAN: null-ptr-deref in corrupted
unable to determine the verdict: 0 good runs (wanted 5), for bad wanted 5 in total, got 0
testing release v5.13
testing commit 62fb9874f5da54fdb243003b386128037319b219 gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: a933810ad2e6832d42b9ec5d677bd8beebb6090690fc6f5393a552036169ed3a
all runs: crashed: UBSAN: shift-out-of-bounds in extAlloc
representative crash: UBSAN: shift-out-of-bounds in extAlloc, types: [UBSAN]
testing release v5.10
testing commit 2c85ebc57b3e1817b6ce1a6b703928e113a90442 gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 71f52bbc2179e142274dd37a77807af4a42cabaa5cde216aed362486c86e2b83
all runs: crashed: UBSAN: array-index-out-of-bounds in dbAdjTree
representative crash: UBSAN: array-index-out-of-bounds in dbAdjTree, types: [UBSAN]
testing release v5.7
testing commit 3d77e6a8804abcc0504c904bd6e5cdf3a5cf8162 gcc
compiler: gcc version 8.4.1 20210217 (GCC), GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 9bdd603d882eb5adb38628e6373b846c6ac6a79f1f252c142f238fd548bb9ed5
all runs: crashed: UBSAN: array-index-out-of-bounds in dbAdjTree
representative crash: UBSAN: array-index-out-of-bounds in dbAdjTree, types: [UBSAN]
testing release v5.4
testing commit 219d54332a09e8d8741c1e1982f5eae56099de85 gcc
compiler: gcc version 8.4.1 20210217 (GCC)
kernel signature: 6339eecef00238515b6a771158220fae2d0ef8425ca7dc553a369eef0f235fa6
all runs: crashed: UBSAN: undefined-behaviour in dbAdjTree
representative crash: UBSAN: undefined-behaviour in dbAdjTree, types: [UBSAN]
testing release v5.1
testing commit e93c9c99a629c61837d5a7fc2120cd2b6c70dbdd gcc
compiler: gcc version 8.4.1 20210217 (GCC)
kernel signature: bb8036bec720dbb426523455e9b938b2ca3c4e6036e89fe900aa5cb2cc66ca98
all runs: crashed: BUG: unable to handle kernel paging request in dbAdjTree
representative crash: BUG: unable to handle kernel paging request in dbAdjTree, types: [UNKNOWN]
testing release v4.19
testing commit 84df9525b0c27f3ebc2ebb1864fa62a97fdedb7d gcc
compiler: gcc version 8.4.1 20210217 (GCC)
kernel signature: 6983b0fb75182737492d457bb1cf400f8364ad775c3606dd081321750740b58c
all runs: crashed: BUG: unable to handle kernel paging request in dbAdjTree
representative crash: BUG: unable to handle kernel paging request in dbAdjTree, types: [UNKNOWN]
crash still not fixed/happens on the oldest tested release
revisions tested: 21, total time: 8h13m15.27316378s (build: 6h13m20.735010049s, test: 1h45m3.825371192s)
oldest tested release already had the bug or it had kernel test errors
commit msg: Linux 4.19
crash: BUG: unable to handle kernel paging request in dbAdjTree
IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
BUG: unable to handle kernel paging request at ffff88026fb3f166
PGD 4001067 P4D 4001067 PUD 0 
Oops: 0000 [#1] SMP PTI
CPU: 0 PID: 3054 Comm: syz-executor.0 Not tainted 4.19.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
RIP: 0010:dbAdjTree+0x6/0xc0 fs/jfs/jfs_dmap.c:2910
Code: 0f 1f 40 00 55 31 f6 48 c7 c7 88 51 58 82 48 89 e5 e8 ee 2d ea ff 5d c3 90 90 90 90 90 90 90 90 90 90 90 90 03 77 08 48 63 c6 <0f> be 4c 07 11 39 d1 0f 84 a5 00 00 00 88 54 07 11 44 8b 47 0c 45
RSP: 0018:ffffc90000d5f9d8 EFLAGS: 00010206
RAX: 0000000040000155 RBX: ffff88022fb3f000 RCX: 000000000000005e
RDX: 000000000000006b RSI: 0000000040000155 RDI: ffff88022fb3f000
RBP: ffffc90000d5fa08 R08: 0000000000000002 R09: 0000000022fe1e1f
R10: 0000000000000000 R11: 000000000000006b R12: 0000000000000000
R13: 000000000000000d R14: 000000000000000a R15: 0000000020000000
FS:  00007f1b631156c0(0000) GS:ffff880237a00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffff88026fb3f166 CR3: 000000022ff34000 CR4: 00000000003406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 dbAdjCtl+0xe6/0x280 fs/jfs/jfs_dmap.c:2569
 dbAllocDmap+0x43/0x80 fs/jfs/jfs_dmap.c:2082
 dbAllocNext+0x162/0x190 fs/jfs/jfs_dmap.c:1225
 dbAlloc+0x145/0x410 fs/jfs/jfs_dmap.c:791
 extBalloc fs/jfs/jfs_extent.c:531 [inline]
 extAlloc+0x133/0x470 fs/jfs/jfs_extent.c:138
 jfs_get_block+0x99/0x2a0 fs/jfs/inode.c:257
 nobh_write_begin+0x1a3/0x510 fs/buffer.c:2607
 jfs_write_begin+0x31/0x6a fs/jfs/inode.c:322
 generic_perform_write+0xbe/0x1b0 mm/filemap.c:3139
 __generic_file_write_iter+0x147/0x1c0 mm/filemap.c:3264
 generic_file_write_iter+0x10e/0x210 mm/filemap.c:3292
 call_write_iter include/linux/fs.h:1808 [inline]
 new_sync_write fs/read_write.c:474 [inline]
 __vfs_write+0x11a/0x170 fs/read_write.c:487
 vfs_write fs/read_write.c:549 [inline]
 vfs_write+0xaa/0x1a0 fs/read_write.c:533
 ksys_write+0x53/0xc0 fs/read_write.c:598
 __do_sys_write fs/read_write.c:610 [inline]
 __se_sys_write fs/read_write.c:607 [inline]
 __x64_sys_write+0x15/0x20 fs/read_write.c:607
 do_syscall_64+0x69/0x170 arch/x86/entry/common.c:290
 entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x7f1b63593d29
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f1b631150c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 00007f1b636c1f80 RCX: 00007f1b63593d29
RDX: 00000000fffffef2 RSI: 0000000020000240 RDI: 0000000000000004
RBP: 00007f1b635e047e R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000006 R14: 00007f1b636c1f80 R15: 00007ffd702ef748
Modules linked in:
CR2: ffff88026fb3f166
---[ end trace 930f3033e36cad3b ]---
RIP: 0010:dbAdjTree+0x6/0xc0 fs/jfs/jfs_dmap.c:2910
Code: 0f 1f 40 00 55 31 f6 48 c7 c7 88 51 58 82 48 89 e5 e8 ee 2d ea ff 5d c3 90 90 90 90 90 90 90 90 90 90 90 90 03 77 08 48 63 c6 <0f> be 4c 07 11 39 d1 0f 84 a5 00 00 00 88 54 07 11 44 8b 47 0c 45
RSP: 0018:ffffc90000d5f9d8 EFLAGS: 00010206
RAX: 0000000040000155 RBX: ffff88022fb3f000 RCX: 000000000000005e
RDX: 000000000000006b RSI: 0000000040000155 RDI: ffff88022fb3f000
RBP: ffffc90000d5fa08 R08: 0000000000000002 R09: 0000000022fe1e1f
R10: 0000000000000000 R11: 000000000000006b R12: 0000000000000000
R13: 000000000000000d R14: 000000000000000a R15: 0000000020000000
FS:  00007f1b631156c0(0000) GS:ffff880237a00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffff88026fb3f166 CR3: 000000022ff34000 CR4: 00000000003406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
----------------
Code disassembly (best guess):
   0:	0f 1f 40 00          	nopl   0x0(%rax)
   4:	55                   	push   %rbp
   5:	31 f6                	xor    %esi,%esi
   7:	48 c7 c7 88 51 58 82 	mov    $0xffffffff82585188,%rdi
   e:	48 89 e5             	mov    %rsp,%rbp
  11:	e8 ee 2d ea ff       	call   0xffea2e04
  16:	5d                   	pop    %rbp
  17:	c3                   	ret
  18:	90                   	nop
  19:	90                   	nop
  1a:	90                   	nop
  1b:	90                   	nop
  1c:	90                   	nop
  1d:	90                   	nop
  1e:	90                   	nop
  1f:	90                   	nop
  20:	90                   	nop
  21:	90                   	nop
  22:	90                   	nop
  23:	90                   	nop
  24:	03 77 08             	add    0x8(%rdi),%esi
  27:	48 63 c6             	movslq %esi,%rax
* 2a:	0f be 4c 07 11       	movsbl 0x11(%rdi,%rax,1),%ecx <-- trapping instruction
  2f:	39 d1                	cmp    %edx,%ecx
  31:	0f 84 a5 00 00 00    	je     0xdc
  37:	88 54 07 11          	mov    %dl,0x11(%rdi,%rax,1)
  3b:	44 8b 47 0c          	mov    0xc(%rdi),%r8d
  3f:	45                   	rex.RB