ci2 starts bisection 2023-12-16 09:27:51.514738784 +0000 UTC m=+223834.503315613
bisecting cause commit starting from 3bd7d748816927202268cb335921f7f68b3ca723
building syzkaller on 3222d10cbe77bbedb5a7c455e5bcb6b7081a63b7
ensuring issue is reproducible on original commit 3bd7d748816927202268cb335921f7f68b3ca723

testing commit 3bd7d748816927202268cb335921f7f68b3ca723 gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 3a9c8cd0e6eec2d729223e158f1a2791d8d06ee6a7a7f1fc734a46f28d0321f0
all runs: crashed: KASAN: slab-out-of-bounds Read in getname_kernel
representative crash: KASAN: slab-out-of-bounds Read in getname_kernel, types: [KASAN]
check whether we can drop unnecessary instrumentation
disabling configs for [ATOMIC_SLEEP HANG LEAK UBSAN BUG LOCKDEP], they are not needed
testing commit 3bd7d748816927202268cb335921f7f68b3ca723 gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: cbb2628d00771ba5d81839298047a397f684a361352fa3146bbbc22d29f9c341
all runs: crashed: KASAN: slab-out-of-bounds Read in getname_kernel
representative crash: KASAN: slab-out-of-bounds Read in getname_kernel, types: [KASAN]
the bug reproduces without the instrumentation
disabling configs for [ATOMIC_SLEEP HANG LEAK UBSAN BUG LOCKDEP], they are not needed
kconfig minimization: base=3915 full=7652 leaves diff=2007
split chunks (needed=false): <2007>
split chunk #0 of len 2007 into 5 parts
testing without sub-chunk 1/5
disabling configs for [LOCKDEP ATOMIC_SLEEP HANG LEAK UBSAN BUG], they are not needed
testing commit 3bd7d748816927202268cb335921f7f68b3ca723 gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: b95561f87bc2db2760b76e85db7b0dfb7ad526801f99fa61d18dc48980e441cc
all runs: OK
false negative chance: 0.000
testing without sub-chunk 2/5
disabling configs for [LEAK UBSAN BUG LOCKDEP ATOMIC_SLEEP HANG], they are not needed
testing commit 3bd7d748816927202268cb335921f7f68b3ca723 gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 5f558b44a0ea209d8069435cbf02150528e303b9aa91bfaccbfaa0037e5e7728
all runs: crashed: KASAN: slab-out-of-bounds Read in getname_kernel
representative crash: KASAN: slab-out-of-bounds Read in getname_kernel, types: [KASAN]
the chunk can be dropped
testing without sub-chunk 3/5
disabling configs for [ATOMIC_SLEEP HANG LEAK UBSAN BUG LOCKDEP], they are not needed
testing commit 3bd7d748816927202268cb335921f7f68b3ca723 gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 6850a3eb0cf15a950ad72970292345ebeca1d5d5f29faa4cdf11bb5d21c35930
all runs: crashed: KASAN: slab-out-of-bounds Read in getname_kernel
representative crash: KASAN: slab-out-of-bounds Read in getname_kernel, types: [KASAN]
the chunk can be dropped
testing without sub-chunk 4/5
disabling configs for [LEAK UBSAN BUG LOCKDEP ATOMIC_SLEEP HANG], they are not needed
testing commit 3bd7d748816927202268cb335921f7f68b3ca723 gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 07dc2cd9c0bfd8238b50dd3e46c0124a2141a851ed531621ab4f7253aff56a1c
all runs: crashed: KASAN: slab-out-of-bounds Read in getname_kernel
representative crash: KASAN: slab-out-of-bounds Read in getname_kernel, types: [KASAN]
the chunk can be dropped
testing without sub-chunk 5/5
disabling configs for [ATOMIC_SLEEP HANG LEAK UBSAN BUG LOCKDEP], they are not needed
testing commit 3bd7d748816927202268cb335921f7f68b3ca723 gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 21cc7c865eeaec43276d8d3da67fc48c2e54ad75ff674b6741457f91473fb6e5
all runs: crashed: KASAN: slab-out-of-bounds Read in getname_kernel
representative crash: KASAN: slab-out-of-bounds Read in getname_kernel, types: [KASAN]
the chunk can be dropped
minimized to 402 configs; suspects: [6LOWPAN 6LOWPAN_GHC_EXT_HDR_DEST 6LOWPAN_GHC_EXT_HDR_FRAG 6LOWPAN_GHC_EXT_HDR_HOP 6LOWPAN_GHC_EXT_HDR_ROUTE 6LOWPAN_GHC_ICMPV6 6LOWPAN_GHC_UDP 6LOWPAN_NHC 6LOWPAN_NHC_DEST 6LOWPAN_NHC_FRAGMENT 6LOWPAN_NHC_HOP 6LOWPAN_NHC_IPV6 6LOWPAN_NHC_MOBILITY 6LOWPAN_NHC_ROUTING 6LOWPAN_NHC_UDP 6PACK 842_COMPRESS 842_DECOMPRESS 9P_FSCACHE 9P_FS_POSIX_ACL 9P_FS_SECURITY ACORN_PARTITION ACORN_PARTITION_ADFS ACORN_PARTITION_CUMANA ACORN_PARTITION_EESOX ACORN_PARTITION_ICS ACORN_PARTITION_POWERTEC ACORN_PARTITION_RISCIX ACPI_NFIT ACPI_PLATFORM_PROFILE ADDRESS_MASKING ADFS_FS AFFS_FS AFS_FS AFS_FSCACHE AF_KCM AF_RXRPC AF_RXRPC_IPV6 AIX_PARTITION AMIGA_PARTITION ANDROID_BINDERFS ANDROID_BINDER_IPC ANON_VMA_NAME APERTURE_HELPERS AR5523 ARCH_ENABLE_MEMORY_HOTREMOVE ARCH_ENABLE_THP_MIGRATION ARCH_WANT_PMD_MKWRITE ASM_MODVERSIONS ASYNC_CORE ASYNC_MEMCPY ASYNC_PQ ASYNC_RAID6_RECOV ASYNC_TX_DMA ASYNC_XOR ATARI_PARTITION ATA_GENERIC ATA_OVER_ETH ATH10K ATH10K_CE ATH10K_PCI ATH10K_USB ATH11K ATH6KL ATH6KL_USB ATH9K ATH9K_AHB ATH9K_BTCOEX_SUPPORT ATH9K_CHANNEL_CONTEXT ATH9K_COMMON ATH9K_COMMON_DEBUG ATH9K_DEBUGFS ATH9K_DYNACK ATH9K_HTC ATH9K_HTC_DEBUGFS ATH9K_HW ATH9K_PCI ATH9K_PCOEM ATH9K_RFKILL ATH_COMMON ATM ATM_BR2684 ATM_CLIP ATM_DRIVERS ATM_LANE ATM_MPOA ATM_TCP AUXILIARY_BUS AX25 AX25_DAMA_SLAVE AX88796B_PHY BAREUDP BATMAN_ADV BATMAN_ADV_BATMAN_V BATMAN_ADV_BLA BATMAN_ADV_DAT BATMAN_ADV_MCAST BATMAN_ADV_NC BCACHE BCACHEFS_DEBUG BCACHEFS_FS BCACHEFS_QUOTA BCMA BCMA_HOST_PCI_POSSIBLE BEFS_FS BFQ_CGROUP_DEBUG BFQ_GROUP_IOSCHED BFS_FS BIG_KEYS BLK_CGROUP_PUNT_BIO BLK_CGROUP_RWSTAT BLK_DEBUG_FS_ZONED BLK_DEV_BSGLIB BLK_DEV_INTEGRITY BLK_DEV_INTEGRITY_T10 BLK_DEV_NBD BLK_DEV_NULL_BLK BLK_DEV_NULL_BLK_FAULT_INJECTION BLK_DEV_NVME BLK_DEV_PMEM BLK_DEV_RAM BLK_DEV_RNBD BLK_DEV_RNBD_CLIENT BLK_DEV_THROTTLING BLK_DEV_ZONED BLK_ICQ BLK_INLINE_ENCRYPTION BLK_INLINE_ENCRYPTION_FALLBACK BLK_WBT BLK_WBT_MQ BONDING BOOT_VESA_SUPPORT BPF_EVENTS BPF_JIT BPF_JIT_ALWAYS_ON BPF_JIT_DEFAULT_ON BPF_LSM BPF_PRELOAD BPF_PRELOAD_UMD BPF_STREAM_PARSER BPF_SYSCALL BPQETHER BRIDGE BRIDGE_CFM BRIDGE_EBT_802_3 BRIDGE_EBT_AMONG BRIDGE_EBT_ARP BRIDGE_EBT_ARPREPLY BRIDGE_EBT_BROUTE BRIDGE_EBT_DNAT BRIDGE_EBT_IP BRIDGE_EBT_IP6 BRIDGE_EBT_LIMIT BRIDGE_EBT_LOG BRIDGE_EBT_MARK BRIDGE_EBT_MARK_T BRIDGE_EBT_NFLOG BRIDGE_EBT_PKTTYPE BRIDGE_EBT_REDIRECT BRIDGE_EBT_SNAT BRIDGE_EBT_STP BRIDGE_EBT_T_FILTER BRIDGE_EBT_T_NAT BRIDGE_EBT_VLAN BRIDGE_IGMP_SNOOPING BRIDGE_MRP BRIDGE_NF_EBTABLES BRIDGE_VLAN_FILTERING BSD_DISKLABEL BSD_PROCESS_ACCT_V3 BT BTRFS_ASSERT BTRFS_FS BTRFS_FS_POSIX_ACL BTRFS_FS_REF_VERIFY BTT BT_6LOWPAN BT_ATH3K BT_BCM BT_BNEP BT_BNEP_MC_FILTER BT_BNEP_PROTO_FILTER BT_BREDR BT_CMTP BT_HCIBCM203X BT_HCIBFUSB BT_HCIBPA10X BT_HCIBTUSB BT_HCIBTUSB_BCM BT_HCIBTUSB_MTK BT_HCIBTUSB_POLL_SYNC BT_HCIBTUSB_RTL BT_HCIUART BT_HCIUART_3WIRE BT_HCIUART_AG6XX BT_HCIUART_BCSP BT_HCIUART_H4 BT_HCIUART_LL BT_HCIUART_MRVL BT_HCIUART_QCA BT_HCIUART_SERDEV BT_HCIVHCI BT_HIDP BT_HS BT_INTEL BT_LE BT_LEDS BT_LE_L2CAP_ECRED BT_MSFTEXT BT_MTK BT_QCA BT_RFCOMM BT_RFCOMM_TTY BT_RTL CACHEFILES CAIF CAIF_DEBUG CAIF_DRIVERS CAIF_NETDEV CAIF_TTY CAIF_USB CAIF_VIRTIO CAN CAN_8DEV_USB CAN_BCM CAN_CALC_BITTIMING CAN_DEV CAN_EMS_USB CAN_GS_USB CAN_GW CAN_IFI_CANFD CAN_ISOTP CAN_J1939 CAN_KVASER_USB CAN_MCBA_USB CAN_NETLINK CAN_PEAK_USB CAN_RAW CAN_RX_OFFLOAD CAN_SLCAN CAN_VCAN CAN_VXCAN CAPI_TRACE CARL9170 CARL9170_HWRNG CARL9170_LEDS CARL9170_WPC CEC_CORE CEPH_FS CEPH_FSCACHE CEPH_FS_POSIX_ACL CEPH_LIB CEPH_LIB_USE_DNS_RESOLVER CFG80211 CFG80211_CRDA_SUPPORT CFG80211_DEBUGFS CFG80211_DEFAULT_PS CFG80211_REQUIRE_SIGNED_REGDB CFG80211_USE_KERNEL_REGDB_KEYS CFG80211_WEXT CFS_BANDWIDTH CGROUP_BPF CHARGER_BQ24190 CHARGER_ISP1704 CHR_DEV_ST CIFS CIFS_ALLOW_INSECURE_LEGACY CIFS_DEBUG CIFS_DFS_UPCALL CIFS_FSCACHE CIFS_POSIX CIFS_SMB_DIRECT CIFS_SWN_UPCALL CIFS_UPCALL CIFS_XATTR CLOSURES CLS_U32_MARK CLS_U32_PERF CMA CMA_SIZE_SEL_MBYTES CMDLINE_PARTITION COMEDI COMEDI_DT9812 COMEDI_NI_USB6501 COMEDI_USBDUX COMEDI_USBDUXFAST COMEDI_USBDUXSIGMA COMEDI_USB_DRIVERS COMEDI_VMK80XX COMPAT_NETLINK_MESSAGES COUNTER CRAMFS CRAMFS_BLOCKDEV CRAMFS_MTD CRC4 CRC64 CRC64_ROCKSOFT CRC7 CRC8 CRC_ITU_T CRC_T10DIF CRYPTO_ADIANTUM CRYPTO_AEGIS128 CRYPTO_AEGIS128_AESNI_SSE2 CRYPTO_AES_NI_INTEL CRYPTO_AES_TI CRYPTO_ANSI_CPRNG CRYPTO_ANUBIS CRYPTO_ARC4 CRYPTO_ARCH_HAVE_LIB_BLAKE2S CRYPTO_ARCH_HAVE_LIB_CHACHA CRYPTO_ARCH_HAVE_LIB_CURVE25519 CRYPTO_ARCH_HAVE_LIB_POLY1305 CRYPTO_ARIA CRYPTO_ARIA_AESNI_AVX_X86_64 CRYPTO_BLAKE2B CRYPTO_BLAKE2S_X86 CRYPTO_BLOWFISH CRYPTO_BLOWFISH_COMMON CRYPTO_BLOWFISH_X86_64 CRYPTO_CAMELLIA CRYPTO_CAMELLIA_AESNI_AVX2_X86_64 CRYPTO_CAMELLIA_AESNI_AVX_X86_64 CRYPTO_CAMELLIA_X86_64 CRYPTO_CAST5 CRYPTO_CAST5_AVX_X86_64 CRYPTO_CAST6 CRYPTO_CAST6_AVX_X86_64 CRYPTO_CAST_COMMON CRYPTO_CFB CRYPTO_CHACHA20 CRYPTO_CHACHA20POLY1305 CRYPTO_CHACHA20_X86_64 CRYPTO_CRC32 CRYPTO_CRC32C_INTEL CRYPTO_CRC32_PCLMUL CRYPTO_CRC64_ROCKSOFT CRYPTO_CRCT10DIF CRYPTO_CRCT10DIF_PCLMUL CRYPTO_CRYPTD CRYPTO_CTS CRYPTO_CURVE25519 CRYPTO_CURVE25519_X86 CRYPTO_DEFLATE CRYPTO_DES CRYPTO_DES3_EDE_X86_64 CRYPTO_DEV_CCP CRYPTO_DEV_CCP_DD CRYPTO_DEV_PADLOCK CRYPTO_DEV_PADLOCK_AES CRYPTO_DEV_PADLOCK_SHA CRYPTO_DEV_QAT CRYPTO_DEV_QAT_C3XXX CRYPTO_DEV_QAT_C3XXXVF CRYPTO_DEV_QAT_C62X CRYPTO_DEV_QAT_C62XVF CRYPTO_DEV_QAT_DH895xCC CRYPTO_DEV_QAT_DH895xCCVF CRYPTO_DEV_VIRTIO CRYPTO_DH CRYPTO_DRBG_CTR CRYPTO_DRBG_HASH CRYPTO_ECC CRYPTO_ECDH CRYPTO_ECRDSA CRYPTO_ENGINE CRYPTO_ESSIV CRYPTO_FCRYPT CRYPTO_GHASH_CLMUL_NI_INTEL CRYPTO_HCTR2 CRYPTO_KDF800108_CTR CRYPTO_KEYWRAP CRYPTO_KHAZAD CRYPTO_KPP CRYPTO_LIB_ARC4 CRYPTO_LIB_CHACHA CRYPTO_LIB_CHACHA20POLY1305 CRYPTO_LIB_CHACHA_GENERIC CRYPTO_LIB_CURVE25519 CRYPTO_LIB_CURVE25519_GENERIC CRYPTO_LIB_DES CRYPTO_LIB_POLY1305 CRYPTO_LIB_POLY1305_GENERIC CRYPTO_LRW CRYPTO_MICHAEL_MIC CRYPTO_NHPOLY1305 CRYPTO_NHPOLY1305_AVX2 CRYPTO_NHPOLY1305_SSE2 CRYPTO_OFB CRYPTO_PCBC CRYPTO_PCRYPT CRYPTO_POLY1305 CRYPTO_POLY1305_X86_64 CRYPTO_POLYVAL CRYPTO_POLYVAL_CLMUL_NI CRYPTO_RMD160 CRYPTO_SEED CRYPTO_SERPENT CRYPTO_SERPENT_AVX2_X86_64 CRYPTO_SERPENT_AVX_X86_64 CRYPTO_SERPENT_SSE2_X86_64 CRYPTO_SHA1 CRYPTO_SHA1_SSSE3 CRYPTO_SHA256_SSSE3 CRYPTO_SHA512_SSSE3 CRYPTO_SIMD CRYPTO_SM2 CRYPTO_SM3 CRYPTO_SM3_AVX_X86_64 CRYPTO_SM4 CRYPTO_SM4_AESNI_AVX2_X86_64 CRYPTO_SM4_AESNI_AVX_X86_64 CRYPTO_SM4_GENERIC CRYPTO_STREEBOG CRYPTO_TEA CRYPTO_TWOFISH CRYPTO_TWOFISH_AVX_X86_64 CRYPTO_TWOFISH_COMMON CRYPTO_TWOFISH_X86_64 CRYPTO_TWOFISH_X86_64_3WAY CRYPTO_USER CRYPTO_USER_API CRYPTO_USER_API_AEAD CRYPTO_USER_API_ENABLE_OBSOLETE CRYPTO_USER_API_HASH CRYPTO_USER_API_RNG CRYPTO_USER_API_SKCIPHER CRYPTO_VMAC CRYPTO_WP512 CRYPTO_XCBC CRYPTO_XCTR CRYPTO_XTS CRYPTO_XXHASH CUSE CYPRESS_FIRMWARE DAMON DAMON_DBGFS DAMON_PADDR DAMON_RECLAIM DAMON_VADDR DAX DCA DCB DEFAULT_PFIFO_FAST DEVICE_MIGRATION DEVICE_PRIVATE DEV_COREDUMP DEV_DAX DIMLIB DLN2_ADC DMABUF_HEAPS DMABUF_HEAPS_CMA DMABUF_HEAPS_SYSTEM DMABUF_MOVE_NOTIFY DMA_CMA DMA_ENGINE_RAID DM_AUDIT DM_BIO_PRISON DM_BUFIO DM_CACHE DM_CACHE_SMQ DM_CLONE DM_CRYPT DM_FLAKEY DM_INTEGRITY DM_MULTIPATH DM_MULTIPATH_QL DM_MULTIPATH_ST DM_PERSISTENT_DATA DM_RAID DM_SNAPSHOT DM_THIN_PROVISIONING DM_UEVENT DM_VERITY DM_VERITY_FEC DM_WRITECACHE DM_ZONED DRAGONRISE_FF DRM DRM_BOCHS DRM_BUDDY DRM_CIRRUS_QEMU ENCRYPTED_KEYS EXTCON FSCACHE FUSE_FS GPIOLIB HAMRADIO HID_DRAGONRISE IIO INFINIBAND INFINIBAND_ADDR_TRANS INFINIBAND_RTRS_CLIENT IOSCHED_BFQ ISDN ISDN_CAPI LIBNVDIMM MAC80211 MAC80211_DEBUGFS MAC80211_LEDS MEDIA_SUPPORT MEMORY_HOTPLUG MEMORY_HOTREMOVE MFD_DLN2 MTD NET_CLS_U32 NET_SCH_DEFAULT PARTITION_ADVANCED RFKILL SERIAL_DEV_BUS TLS TLS_DEVICE TRANSPARENT_HUGEPAGE TRUSTED_KEYS USB_GADGET USB_PHY VLAN_8021Q WANT_COMPAT_NETLINK_MESSAGES WEXT_CORE WIRELESS WIRELESS_EXT WLAN WLAN_VENDOR_ATH X86_X32_ABI ZONE_DEVICE]
disabling configs for [LOCKDEP ATOMIC_SLEEP HANG LEAK UBSAN BUG], they are not needed
picked [v6.6 v6.5 v6.4 v6.2 v6.0 v5.18 v5.16 v5.14 v5.11 v5.8 v5.5 v5.2 v4.20 v4.19] out of 29 release tags
testing release v6.6
testing commit ffc253263a1375a65fa6c9f62a893e9767fbebfa gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 623ca0cd8066c9ad3392ce27c4eea3dc652e9e6b3c4a36ea3ed3bba8da8667f8
all runs: crashed: KASAN: slab-out-of-bounds Read in getname_kernel
representative crash: KASAN: slab-out-of-bounds Read in getname_kernel, types: [KASAN]
testing release v6.5
testing commit 2dde18cd1d8fac735875f2e4987f11817cc0bc2c gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 5ba4bc67d5c9e33df083c1303a60b3491caa9e2afa5688cf8d6a3d296bd33a86
all runs: crashed: KASAN: slab-out-of-bounds Read in getname_kernel
representative crash: KASAN: slab-out-of-bounds Read in getname_kernel, types: [KASAN]
testing release v6.4
testing commit 6995e2de6891c724bfeb2db33d7b87775f913ad1 gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: fb065a1b86c9cfaa6dfe727347add449328d27093bce63c80b888622c8c0d16d
all runs: crashed: KASAN: slab-out-of-bounds Read in getname_kernel
representative crash: KASAN: slab-out-of-bounds Read in getname_kernel, types: [KASAN]
testing release v6.2
testing commit c9c3395d5e3dcc6daee66c6908354d47bf98cb0c gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: a390cc1d5ab782a5dc8c508a96613d4b0552a6e2ec06b34600bd70a98283b348
all runs: crashed: KASAN: slab-out-of-bounds Read in getname_kernel
representative crash: KASAN: slab-out-of-bounds Read in getname_kernel, types: [KASAN]
testing release v6.0
testing commit 4fe89d07dcc2804c8b562f6c7896a45643d34b2f gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 4bbc2ba6e4c46cdf1a3731c0ad296c9ed300c228f59dfea5e594e5dda75a70c9
all runs: crashed: KASAN: slab-out-of-bounds Read in getname_kernel
representative crash: KASAN: slab-out-of-bounds Read in getname_kernel, types: [KASAN]
testing release v5.18
testing commit 4b0986a3613c92f4ec1bdc7f60ec66fea135991f gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 933d0020bce1a506d8532478ca86cc9e671b8b5addd14173af94dd731b8532fa
all runs: OK
false negative chance: 0.000
# git bisect start 4fe89d07dcc2804c8b562f6c7896a45643d34b2f 4b0986a3613c92f4ec1bdc7f60ec66fea135991f
Bisecting: 16503 revisions left to test after this (roughly 14 steps)
[0fac198def2b41138850867b6aa92044c76ff802] Merge tag 'fs.idmapped.overlay.acl.v5.20' of git://git.kernel.org/pub/scm/linux/kernel/git/brauner/linux

testing commit 0fac198def2b41138850867b6aa92044c76ff802 gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: afbe0323465344b497441c4f1dac99e75a1f518cd854ecaa13fb0645441e716c
all runs: OK
false negative chance: 0.000
# git bisect good 0fac198def2b41138850867b6aa92044c76ff802
Bisecting: 8189 revisions left to test after this (roughly 13 steps)
[723c188d5cd42a07344f997b0b7e1d83b4173c8d] Merge tag 'staging-6.0-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging

testing commit 723c188d5cd42a07344f997b0b7e1d83b4173c8d gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: bbe9b41e4c46d279ec76c7ba4b3ec4f7fc489a52750d8700e6fec64bc2930bc5
run #0: crashed: KFENCE: out-of-bounds in getname_kernel
run #1: crashed: KFENCE: out-of-bounds in getname_kernel
run #2: crashed: KFENCE: out-of-bounds in getname_kernel
run #3: crashed: KFENCE: out-of-bounds in getname_kernel
run #4: crashed: KFENCE: out-of-bounds in getname_kernel
run #5: crashed: KFENCE: out-of-bounds in getname_kernel
run #6: OK
run #7: OK
run #8: OK
run #9: OK
representative crash: KFENCE: out-of-bounds in getname_kernel, types: [UNKNOWN]
# git bisect bad 723c188d5cd42a07344f997b0b7e1d83b4173c8d
Bisecting: 5185 revisions left to test after this (roughly 12 steps)
[526942b8134cc34d25d27f95dfff98b8ce2f6fcd] Merge tag 'ata-5.20-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/dlemoal/libata

testing commit 526942b8134cc34d25d27f95dfff98b8ce2f6fcd gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 256f73ebde3113f5b311c27880fbe5e19f7fa87b85a3b325873b90d9033315b3
all runs: OK
false negative chance: 0.000
# git bisect good 526942b8134cc34d25d27f95dfff98b8ce2f6fcd
Bisecting: 2622 revisions left to test after this (roughly 11 steps)
[12b68040a5e468068fd7f4af1150eab8f6e96235] Merge tag 'media/v5.20-1' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media

testing commit 12b68040a5e468068fd7f4af1150eab8f6e96235 gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: c4cb46c11f44050c689a8bac2b3c9fe668385114d21efc510e4928d2995b83a7
run #0: crashed: KFENCE: out-of-bounds in getname_kernel
run #1: OK
run #2: OK
run #3: OK
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
representative crash: KFENCE: out-of-bounds in getname_kernel, types: [UNKNOWN]
# git bisect bad 12b68040a5e468068fd7f4af1150eab8f6e96235
Bisecting: 1281 revisions left to test after this (roughly 10 steps)
[b945804d993072e24138741ab67e28f6b09b2502] Merge tag 'linux-can-next-for-5.20-20220721' of git://git.kernel.org/pub/scm/linux/kernel/git/mkl/linux-can-next

testing commit b945804d993072e24138741ab67e28f6b09b2502 gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 2469367126d196e6f1e06e49263b70b542c98a92bced52f5db1aecdd1558cefc
all runs: OK
false negative chance: 0.000
# git bisect good b945804d993072e24138741ab67e28f6b09b2502
Bisecting: 626 revisions left to test after this (roughly 9 steps)
[ff4970b130e74af4f2fe5bc6a7a963bc977cae1a] Merge tag 'wireless-next-2022-07-29' of git://git.kernel.org/pub/scm/linux/kernel/git/wireless/wireless-next

testing commit ff4970b130e74af4f2fe5bc6a7a963bc977cae1a gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 89aabcacac0cc84cd988164b757f264864addc32e2d5a4a35688c0604eb4e508
run #0: crashed: KFENCE: out-of-bounds in getname_kernel
run #1: crashed: KFENCE: out-of-bounds in getname_kernel
run #2: crashed: KFENCE: out-of-bounds in getname_kernel
run #3: OK
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
run #10: OK
run #11: OK
run #12: OK
run #13: OK
run #14: OK
run #15: OK
run #16: OK
run #17: OK
run #18: OK
run #19: OK
representative crash: KFENCE: out-of-bounds in getname_kernel, types: [UNKNOWN]
# git bisect bad ff4970b130e74af4f2fe5bc6a7a963bc977cae1a
Bisecting: 391 revisions left to test after this (roughly 8 steps)
[5cc8cc4406edee1bc22991c23d38efbbb797aa6d] wifi: wcn36xx: Add debugfs entry to read firmware feature strings

testing commit 5cc8cc4406edee1bc22991c23d38efbbb797aa6d gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: a3f571f3d6e625eac658cb57ededf2508d541dc4376805ac905bde94aa744f57
all runs: OK
false negative chance: 0.001
# git bisect good 5cc8cc4406edee1bc22991c23d38efbbb797aa6d
Bisecting: 195 revisions left to test after this (roughly 8 steps)
[9bfe3c16fc23eb826e360c225e8a73556d60d1cb] mlxsw: spectrum_ptp: Use 'struct mlxsw_sp_ptp_clock' per ASIC

testing commit 9bfe3c16fc23eb826e360c225e8a73556d60d1cb gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 5c97734fb78b734a35ceb06bc339a5d05f10bb5bdf4061ae98b05a906bbc2b78
run #0: crashed: KFENCE: out-of-bounds in getname_kernel
run #1: crashed: KFENCE: out-of-bounds in getname_kernel
run #2: crashed: KFENCE: out-of-bounds in getname_kernel
run #3: OK
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
run #10: OK
run #11: OK
run #12: OK
run #13: OK
run #14: OK
run #15: OK
run #16: OK
run #17: OK
run #18: OK
run #19: OK
representative crash: KFENCE: out-of-bounds in getname_kernel, types: [UNKNOWN]
# git bisect bad 9bfe3c16fc23eb826e360c225e8a73556d60d1cb
Bisecting: 97 revisions left to test after this (roughly 7 steps)
[b3fce974d4239bd46ae81bba07b59f255eb979d7] Merge https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next

testing commit b3fce974d4239bd46ae81bba07b59f255eb979d7 gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 0b6162bbb0bc5e804b702aad475ae62f9fa541d0e8d91e603ffa898e71961a14
run #0: crashed: KFENCE: out-of-bounds in getname_kernel
run #1: crashed: KFENCE: out-of-bounds in getname_kernel
run #2: crashed: KFENCE: out-of-bounds in getname_kernel
run #3: crashed: KFENCE: out-of-bounds in getname_kernel
run #4: crashed: KFENCE: out-of-bounds in getname_kernel
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
run #10: OK
run #11: OK
run #12: OK
run #13: OK
run #14: OK
run #15: OK
run #16: OK
run #17: OK
run #18: OK
run #19: OK
representative crash: KFENCE: out-of-bounds in getname_kernel, types: [UNKNOWN]
# git bisect bad b3fce974d4239bd46ae81bba07b59f255eb979d7
Bisecting: 48 revisions left to test after this (roughly 6 steps)
[979855d3026401ed6eecfd1935d19fd7b74df479] bpf, docs: document BPF_MAP_TYPE_HASH and variants

testing commit 979855d3026401ed6eecfd1935d19fd7b74df479 gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: b37ecb5be23b2d7e9b58b9f1e9d25e5be2d89b49d7730f36f213a7ad216e59f9
run #0: crashed: KFENCE: out-of-bounds in getname_kernel
run #1: crashed: KFENCE: out-of-bounds in getname_kernel
run #2: crashed: KFENCE: out-of-bounds in getname_kernel
run #3: OK
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
run #10: OK
run #11: OK
run #12: OK
run #13: OK
run #14: OK
run #15: OK
run #16: OK
run #17: OK
run #18: OK
run #19: OK
representative crash: KFENCE: out-of-bounds in getname_kernel, types: [UNKNOWN]
# git bisect bad 979855d3026401ed6eecfd1935d19fd7b74df479
Bisecting: 24 revisions left to test after this (roughly 5 steps)
[9c7c48d6a1e2eb5192ad5294c1c4dbd42a88e88b] bpf: Fix subprog names in stack traces.

testing commit 9c7c48d6a1e2eb5192ad5294c1c4dbd42a88e88b gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 9f87ec8d358ec848bcfec9a4a4ae6726328672b1486c7a7f703622c8c568c8d4
run #0: crashed: KFENCE: out-of-bounds in getname_kernel
run #1: crashed: KFENCE: out-of-bounds in getname_kernel
run #2: OK
run #3: crashed: KFENCE: out-of-bounds in getname_kernel
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
run #10: OK
run #11: OK
run #12: OK
run #13: OK
run #14: OK
run #15: OK
run #16: OK
run #17: OK
run #18: OK
run #19: OK
representative crash: KFENCE: out-of-bounds in getname_kernel, types: [UNKNOWN]
# git bisect bad 9c7c48d6a1e2eb5192ad5294c1c4dbd42a88e88b
Bisecting: 11 revisions left to test after this (roughly 4 steps)
[1d5f82d9dd477d5c66e0214a68c3e4f308eadd6d] bpf, x86: fix freeing of not-finalized bpf_prog_pack

testing commit 1d5f82d9dd477d5c66e0214a68c3e4f308eadd6d gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: d8e44fa3d63ba75ae3c33a4fe0116560c3111d5f7f51595a0532b3a00e8677f0
run #0: crashed: KFENCE: out-of-bounds in getname_kernel
run #1: OK
run #2: OK
run #3: OK
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
run #10: OK
run #11: OK
run #12: OK
run #13: OK
run #14: OK
run #15: OK
run #16: OK
run #17: OK
run #18: OK
run #19: OK
representative crash: KFENCE: out-of-bounds in getname_kernel, types: [UNKNOWN]
# git bisect bad 1d5f82d9dd477d5c66e0214a68c3e4f308eadd6d
Bisecting: 5 revisions left to test after this (roughly 3 steps)
[49705c4ab324654a7038fc843255140730477e04] samples/bpf: Fix xdp_redirect_map egress devmap prog

testing commit 49705c4ab324654a7038fc843255140730477e04 gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 4cd885e4b3063d5bc37d4e5521874e532529cb2a0e2b5e00b67e614114055fd4
run #0: crashed: KFENCE: out-of-bounds in getname_kernel
run #1: crashed: KFENCE: out-of-bounds in getname_kernel
run #2: crashed: KFENCE: out-of-bounds in getname_kernel
run #3: OK
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
run #10: OK
run #11: OK
run #12: OK
run #13: OK
run #14: OK
run #15: OK
run #16: OK
run #17: OK
run #18: OK
run #19: OK
representative crash: KFENCE: out-of-bounds in getname_kernel, types: [UNKNOWN]
# git bisect bad 49705c4ab324654a7038fc843255140730477e04
Bisecting: 2 revisions left to test after this (roughly 2 steps)
[f1e8a24ed2cab1c907bb47ca5f8dee684896456e] arm64: Add LDR (literal) instruction

testing commit f1e8a24ed2cab1c907bb47ca5f8dee684896456e gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: a1a61addad54cb22075b3502c586ed72ab417f58b77f5b2e384504d56ef6a1b2
run #0: crashed: KFENCE: out-of-bounds in getname_kernel
run #1: crashed: KFENCE: out-of-bounds in getname_kernel
run #2: crashed: KFENCE: out-of-bounds in getname_kernel
run #3: OK
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
run #10: OK
run #11: OK
run #12: OK
run #13: OK
run #14: OK
run #15: OK
run #16: OK
run #17: OK
run #18: OK
run #19: OK
representative crash: KFENCE: out-of-bounds in getname_kernel, types: [UNKNOWN]
# git bisect bad f1e8a24ed2cab1c907bb47ca5f8dee684896456e
Bisecting: 0 revisions left to test after this (roughly 1 step)
[535a57a7ffc04932ad83c1a5649b09ba6c93ce83] bpf: Remove is_valid_bpf_tramp_flags()

testing commit 535a57a7ffc04932ad83c1a5649b09ba6c93ce83 gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 0bc1a486396951dcc1bfbaf13afc7a4d0beb6749f129871b8e575d486f3d7ea6
run #0: crashed: KFENCE: out-of-bounds in getname_kernel
run #1: crashed: KFENCE: out-of-bounds in getname_kernel
run #2: crashed: KFENCE: out-of-bounds in getname_kernel
run #3: OK
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
run #10: OK
run #11: OK
run #12: OK
run #13: OK
run #14: OK
run #15: OK
run #16: OK
run #17: OK
run #18: OK
run #19: OK
representative crash: KFENCE: out-of-bounds in getname_kernel, types: [UNKNOWN]
# git bisect bad 535a57a7ffc04932ad83c1a5649b09ba6c93ce83
Bisecting: 0 revisions left to test after this (roughly 0 steps)
[9974d37ea75f01b47d16072b5dad305bd8d23fcc] skmsg: Fix invalid last sg check in sk_msg_recvmsg()

testing commit 9974d37ea75f01b47d16072b5dad305bd8d23fcc gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 43c5b7b416691b3dac0bdf900be411fb12c600d54063c9496e6b5d8a770c8174
run #0: crashed: KFENCE: out-of-bounds in getname_kernel
run #1: crashed: KFENCE: out-of-bounds in getname_kernel
run #2: crashed: KFENCE: out-of-bounds in getname_kernel
run #3: crashed: KFENCE: out-of-bounds in getname_kernel
run #4: crashed: KFENCE: out-of-bounds in getname_kernel
run #5: crashed: KFENCE: out-of-bounds in getname_kernel
run #6: crashed: KFENCE: out-of-bounds in getname_kernel
run #7: OK
run #8: OK
run #9: OK
run #10: OK
run #11: OK
run #12: OK
run #13: OK
run #14: OK
run #15: OK
run #16: OK
run #17: OK
run #18: OK
run #19: OK
representative crash: KFENCE: out-of-bounds in getname_kernel, types: [UNKNOWN]
# git bisect bad 9974d37ea75f01b47d16072b5dad305bd8d23fcc
9974d37ea75f01b47d16072b5dad305bd8d23fcc is the first bad commit
commit 9974d37ea75f01b47d16072b5dad305bd8d23fcc
Author: Liu Jian <liujian56@huawei.com>
Date:   Tue Jun 28 20:36:16 2022 +0800

    skmsg: Fix invalid last sg check in sk_msg_recvmsg()
    
    In sk_psock_skb_ingress_enqueue function, if the linear area + nr_frags +
    frag_list of the SKB has NR_MSG_FRAG_IDS blocks in total, skb_to_sgvec
    will return NR_MSG_FRAG_IDS, then msg->sg.end will be set to
    NR_MSG_FRAG_IDS, and in addition, (NR_MSG_FRAG_IDS - 1) is set to the last
    SG of msg. Recv the msg in sk_msg_recvmsg, when i is (NR_MSG_FRAG_IDS - 1),
    the sk_msg_iter_var_next(i) will change i to 0 (not NR_MSG_FRAG_IDS), the
    judgment condition "msg_rx->sg.start==msg_rx->sg.end" and
    "i != msg_rx->sg.end" can not work.
    
    As a result, the processed msg cannot be deleted from ingress_msg list.
    But the length of all the sge of the msg has changed to 0. Then the next
    recvmsg syscall will process the msg repeatedly, because the length of sge
    is 0, the -EFAULT error is always returned.
    
    Fixes: 604326b41a6f ("bpf, sockmap: convert to generic sk_msg interface")
    Signed-off-by: Liu Jian <liujian56@huawei.com>
    Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
    Acked-by: John Fastabend <john.fastabend@gmail.com>
    Link: https://lore.kernel.org/bpf/20220628123616.186950-1-liujian56@huawei.com

 net/core/skmsg.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

accumulated error probability: 0.00
parent commit edb2c3476db9898a63fb5d0011ecaa43ebf46c9b wasn't tested
testing commit edb2c3476db9898a63fb5d0011ecaa43ebf46c9b gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 9e3c8115ae6e544eb9a93dd84897a8a4881d622dac68c71b4fa7568d558d9681
culprit signature: 43c5b7b416691b3dac0bdf900be411fb12c600d54063c9496e6b5d8a770c8174
parent  signature: 9e3c8115ae6e544eb9a93dd84897a8a4881d622dac68c71b4fa7568d558d9681
reproducer is flaky (0.11 repro chance estimate)
revisions tested: 29, total time: 5h54m15.940764351s (build: 2h18m48.095514108s, test: 3h24m37.71090674s)
first bad commit: 9974d37ea75f01b47d16072b5dad305bd8d23fcc skmsg: Fix invalid last sg check in sk_msg_recvmsg()
recipients (to): ["daniel@iogearbox.net" "john.fastabend@gmail.com" "liujian56@huawei.com"]
recipients (cc): []
crash: KFENCE: out-of-bounds in getname_kernel
BTRFS info (device loop0): clearing free space tree
BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
==================================================================
BUG: KFENCE: out-of-bounds read in strlen+0x3d/0x70 lib/string.c:487

Out-of-bounds read at 0xffff8881f605d000 (4096B right of kfence-#45):
 strlen+0x3d/0x70 lib/string.c:487
 getname_kernel+0x16/0x270 fs/namei.c:225
 kern_path+0x18/0x140 fs/namei.c:2611
 lookup_bdev block/bdev.c:982 [inline]
 blkdev_get_by_path+0xba/0x340 block/bdev.c:884
 btrfs_init_dev_replace_tgtdev fs/btrfs/dev-replace.c:259 [inline]
 btrfs_dev_replace_start fs/btrfs/dev-replace.c:655 [inline]
 btrfs_dev_replace_by_ioctl+0x2e6/0x1c00 fs/btrfs/dev-replace.c:764
 btrfs_ioctl_dev_replace+0x235/0x2d0 fs/btrfs/ioctl.c:4163
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:870 [inline]
 __se_sys_ioctl+0xa7/0xf0 fs/ioctl.c:856
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x42/0xc0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x46/0xb0

kfence-#45: 0xffff8881f605c000-0xffff8881f605ca27, size=2600, cache=kmalloc-4k

allocated by task 2586 on cpu 1 at 85.713066s:
 memdup_user+0x21/0x80 mm/util.c:174
 btrfs_ioctl_dev_replace+0xa1/0x2d0 fs/btrfs/ioctl.c:4150
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:870 [inline]
 __se_sys_ioctl+0xa7/0xf0 fs/ioctl.c:856
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x42/0xc0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x46/0xb0

CPU: 1 PID: 2586 Comm: syz-executor.0 Not tainted 5.19.0-rc5-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023
RIP: 0010:strlen+0x3d/0x70 lib/string.c:487
Code: ff ff 49 bf 00 00 00 00 00 fc ff df 48 89 fb 49 89 c4 48 89 d8 48 c1 e8 03 42 0f b6 04 38 84 c0 75 12 48 ff c3 49 8d 44 24 01 <43> 80 7c 26 01 00 75 dd eb 13 89 d9 80 e1 07 38 c1 7c e5 48 89 df
RSP: 0018:ffffc9000565fb88 EFLAGS: 00010282
RAX: 0000000000000bdf RBX: ffff8881f605d001 RCX: 0000000000000000
RDX: ffffc9000565fc60 RSI: 0000000000000001 RDI: ffff8881f605c421
RBP: ffffc9000565fc60 R08: dffffc0000000000 R09: ffffc9000565fc60
R10: 0000000000000000 R11: dffffc0000000001 R12: 0000000000000bde
R13: ffffc9000565fc60 R14: ffff8881f605c421 R15: dffffc0000000000
FS:  00007faa926396c0(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffff8881f605d000 CR3: 000000016d205000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 getname_kernel+0x16/0x270 fs/namei.c:225
 kern_path+0x18/0x140 fs/namei.c:2611
 lookup_bdev block/bdev.c:982 [inline]
 blkdev_get_by_path+0xba/0x340 block/bdev.c:884
 btrfs_init_dev_replace_tgtdev fs/btrfs/dev-replace.c:259 [inline]
 btrfs_dev_replace_start fs/btrfs/dev-replace.c:655 [inline]
 btrfs_dev_replace_by_ioctl+0x2e6/0x1c00 fs/btrfs/dev-replace.c:764
 btrfs_ioctl_dev_replace+0x235/0x2d0 fs/btrfs/ioctl.c:4163
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:870 [inline]
 __se_sys_ioctl+0xa7/0xf0 fs/ioctl.c:856
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x42/0xc0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x46/0xb0
RIP: 0033:0x7faa9187cba9
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007faa926390c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007faa9199bf80 RCX: 00007faa9187cba9
RDX: 0000000020000540 RSI: 00000000ca289435 RDI: 0000000000000005
RBP: 00007faa918c847a R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000016 R14: 00007faa9199bf80 R15: 00007fff4ebd7178
 </TASK>
==================================================================
----------------
Code disassembly (best guess), 2 bytes skipped:
   0:	49 bf 00 00 00 00 00 	movabs $0xdffffc0000000000,%r15
   7:	fc ff df
   a:	48 89 fb             	mov    %rdi,%rbx
   d:	49 89 c4             	mov    %rax,%r12
  10:	48 89 d8             	mov    %rbx,%rax
  13:	48 c1 e8 03          	shr    $0x3,%rax
  17:	42 0f b6 04 38       	movzbl (%rax,%r15,1),%eax
  1c:	84 c0                	test   %al,%al
  1e:	75 12                	jne    0x32
  20:	48 ff c3             	inc    %rbx
  23:	49 8d 44 24 01       	lea    0x1(%r12),%rax
* 28:	43 80 7c 26 01 00    	cmpb   $0x0,0x1(%r14,%r12,1) <-- trapping instruction
  2e:	75 dd                	jne    0xd
  30:	eb 13                	jmp    0x45
  32:	89 d9                	mov    %ebx,%ecx
  34:	80 e1 07             	and    $0x7,%cl
  37:	38 c1                	cmp    %al,%cl
  39:	7c e5                	jl     0x20
  3b:	48 89 df             	mov    %rbx,%rdi