ci starts bisection 2024-01-25 08:16:11.579045898 +0000 UTC m=+144882.750886438
bisecting cause commit starting from d47b9f68d2899b390a3655f2365f332a63396adf
building syzkaller on 1e153dc8b31e685ca8495576db4f8c077585e39c
ensuring issue is reproducible on original commit d47b9f68d2899b390a3655f2365f332a63396adf

testing commit d47b9f68d2899b390a3655f2365f332a63396adf gcc
compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 78e8356a34bfc49d1642e25647128733a67576eab8bc14b793a2701b38df2935
all runs: crashed: general protection fault in bpf_struct_ops_find_value
representative crash: general protection fault in bpf_struct_ops_find_value, types: [UNKNOWN]
check whether we can drop unnecessary instrumentation
disabling configs for [LOCKDEP ATOMIC_SLEEP HANG LEAK UBSAN BUG KASAN], they are not needed
testing commit d47b9f68d2899b390a3655f2365f332a63396adf gcc
compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 70ca7d8daeced4964d042e27ec196fc77dff0a67a408df719aaa1256090a0923
all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in bpf_struct_ops_find_value
representative crash: BUG: unable to handle kernel NULL pointer dereference in bpf_struct_ops_find_value, types: [UNKNOWN]
the bug reproduces without the instrumentation
disabling configs for [HANG LEAK UBSAN BUG KASAN LOCKDEP ATOMIC_SLEEP], they are not needed
kconfig minimization: base=3923 full=7684 leaves diff=2010
split chunks (needed=false): <2010>
split chunk #0 of len 2010 into 5 parts
testing without sub-chunk 1/5
disabling configs for [LEAK UBSAN BUG KASAN LOCKDEP ATOMIC_SLEEP HANG], they are not needed
testing commit d47b9f68d2899b390a3655f2365f332a63396adf gcc
compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 7841caa7c9294cc5ebe63ed069ea1868eca3f8259b8dda0ccd58f03775088d53
all runs: OK
false negative chance: 0.000
testing without sub-chunk 2/5
disabling configs for [HANG LEAK UBSAN BUG KASAN LOCKDEP ATOMIC_SLEEP], they are not needed
testing commit d47b9f68d2899b390a3655f2365f332a63396adf gcc
compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 690091bf9c8d96f80595255be6f0ff008cc40e81683f7566b5c7f9a9bfc4ba15
all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in bpf_struct_ops_find_value
representative crash: BUG: unable to handle kernel NULL pointer dereference in bpf_struct_ops_find_value, types: [UNKNOWN]
the chunk can be dropped
testing without sub-chunk 3/5
disabling configs for [LOCKDEP ATOMIC_SLEEP HANG LEAK UBSAN BUG KASAN], they are not needed
testing commit d47b9f68d2899b390a3655f2365f332a63396adf gcc
compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: f2c7ddc94c3c0abc2cc16ababbe2f0ff35f2cc25f55f1a266a74905d577670f8
all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in bpf_struct_ops_find_value
representative crash: BUG: unable to handle kernel NULL pointer dereference in bpf_struct_ops_find_value, types: [UNKNOWN]
the chunk can be dropped
testing without sub-chunk 4/5
disabling configs for [BUG KASAN LOCKDEP ATOMIC_SLEEP HANG LEAK UBSAN], they are not needed
testing commit d47b9f68d2899b390a3655f2365f332a63396adf gcc
compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: fed7afcee41895726cc667cf00223073ac8be3dc1043d466caa0571a8a572cad
all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in bpf_struct_ops_find_value
representative crash: BUG: unable to handle kernel NULL pointer dereference in bpf_struct_ops_find_value, types: [UNKNOWN]
the chunk can be dropped
testing without sub-chunk 5/5
disabling configs for [LOCKDEP ATOMIC_SLEEP HANG LEAK UBSAN BUG KASAN], they are not needed
testing commit d47b9f68d2899b390a3655f2365f332a63396adf gcc
compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 02abe9883124ca893acc87cfb0bf8aa88e8227de7e24b29a10fde470b74c12ed
all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in bpf_struct_ops_find_value
representative crash: BUG: unable to handle kernel NULL pointer dereference in bpf_struct_ops_find_value, types: [UNKNOWN]
the chunk can be dropped
minimized to 402 configs; suspects: [6LOWPAN 6LOWPAN_GHC_EXT_HDR_DEST 6LOWPAN_GHC_EXT_HDR_FRAG 6LOWPAN_GHC_EXT_HDR_HOP 6LOWPAN_GHC_EXT_HDR_ROUTE 6LOWPAN_GHC_ICMPV6 6LOWPAN_GHC_UDP 6LOWPAN_NHC 6LOWPAN_NHC_DEST 6LOWPAN_NHC_FRAGMENT 6LOWPAN_NHC_HOP 6LOWPAN_NHC_IPV6 6LOWPAN_NHC_MOBILITY 6LOWPAN_NHC_ROUTING 6LOWPAN_NHC_UDP 6PACK 842_COMPRESS 842_DECOMPRESS 9P_FSCACHE 9P_FS_POSIX_ACL 9P_FS_SECURITY ACORN_PARTITION ACORN_PARTITION_ADFS ACORN_PARTITION_CUMANA ACORN_PARTITION_EESOX ACORN_PARTITION_ICS ACORN_PARTITION_POWERTEC ACORN_PARTITION_RISCIX ACPI_NFIT ACPI_PLATFORM_PROFILE ACPI_THERMAL_LIB ADDRESS_MASKING ADFS_FS AFFS_FS AFS_FS AFS_FSCACHE AF_KCM AF_RXRPC AF_RXRPC_IPV6 AIX_PARTITION AMIGA_PARTITION ANDROID_BINDERFS ANDROID_BINDER_IPC ANON_VMA_NAME APERTURE_HELPERS AR5523 ARCH_ENABLE_MEMORY_HOTREMOVE ARCH_ENABLE_THP_MIGRATION ARCH_HAS_CPU_PASID ARCH_WANT_PMD_MKWRITE ASM_MODVERSIONS ASYNC_CORE ASYNC_MEMCPY ASYNC_PQ ASYNC_RAID6_RECOV ASYNC_TX_DMA ASYNC_XOR ATARI_PARTITION ATA_GENERIC ATA_OVER_ETH ATH10K ATH10K_CE ATH10K_PCI ATH10K_USB ATH11K ATH6KL ATH6KL_USB ATH9K ATH9K_AHB ATH9K_BTCOEX_SUPPORT ATH9K_CHANNEL_CONTEXT ATH9K_COMMON ATH9K_COMMON_DEBUG ATH9K_DEBUGFS ATH9K_DYNACK ATH9K_HTC ATH9K_HTC_DEBUGFS ATH9K_HW ATH9K_PCI ATH9K_PCOEM ATH9K_RFKILL ATH_COMMON ATM ATM_BR2684 ATM_CLIP ATM_DRIVERS ATM_LANE ATM_MPOA ATM_TCP AUXILIARY_BUS AX25 AX25_DAMA_SLAVE AX88796B_PHY BAREUDP BATMAN_ADV BATMAN_ADV_BATMAN_V BATMAN_ADV_BLA BATMAN_ADV_DAT BATMAN_ADV_MCAST BATMAN_ADV_NC BCACHE BCACHEFS_DEBUG BCACHEFS_FS BCACHEFS_QUOTA BCACHEFS_SIX_OPTIMISTIC_SPIN BCMA BCMA_HOST_PCI_POSSIBLE BEFS_FS BFQ_CGROUP_DEBUG BFQ_GROUP_IOSCHED BFS_FS BIG_KEYS BLK_CGROUP_PUNT_BIO BLK_CGROUP_RWSTAT BLK_DEBUG_FS_ZONED BLK_DEV_BSGLIB BLK_DEV_INTEGRITY BLK_DEV_INTEGRITY_T10 BLK_DEV_NBD BLK_DEV_NULL_BLK BLK_DEV_NULL_BLK_FAULT_INJECTION BLK_DEV_NVME BLK_DEV_PMEM BLK_DEV_RAM BLK_DEV_RNBD BLK_DEV_RNBD_CLIENT BLK_DEV_THROTTLING BLK_DEV_ZONED BLK_ICQ BLK_INLINE_ENCRYPTION BLK_INLINE_ENCRYPTION_FALLBACK BLK_WBT BLK_WBT_MQ BONDING BOOT_VESA_SUPPORT BPF_EVENTS BPF_JIT BPF_JIT_ALWAYS_ON BPF_JIT_DEFAULT_ON BPF_LSM BPF_PRELOAD BPF_PRELOAD_UMD BPF_STREAM_PARSER BPF_SYSCALL BPQETHER BRIDGE BRIDGE_CFM BRIDGE_EBT_802_3 BRIDGE_EBT_AMONG BRIDGE_EBT_ARP BRIDGE_EBT_ARPREPLY BRIDGE_EBT_BROUTE BRIDGE_EBT_DNAT BRIDGE_EBT_IP BRIDGE_EBT_IP6 BRIDGE_EBT_LIMIT BRIDGE_EBT_LOG BRIDGE_EBT_MARK BRIDGE_EBT_MARK_T BRIDGE_EBT_NFLOG BRIDGE_EBT_PKTTYPE BRIDGE_EBT_REDIRECT BRIDGE_EBT_SNAT BRIDGE_EBT_STP BRIDGE_EBT_T_FILTER BRIDGE_EBT_T_NAT BRIDGE_EBT_VLAN BRIDGE_IGMP_SNOOPING BRIDGE_MRP BRIDGE_NF_EBTABLES BRIDGE_VLAN_FILTERING BSD_DISKLABEL BSD_PROCESS_ACCT_V3 BT BTRFS_ASSERT BTRFS_FS BTRFS_FS_POSIX_ACL BTRFS_FS_REF_VERIFY BTT BT_6LOWPAN BT_ATH3K BT_BCM BT_BNEP BT_BNEP_MC_FILTER BT_BNEP_PROTO_FILTER BT_BREDR BT_CMTP BT_HCIBCM203X BT_HCIBFUSB BT_HCIBPA10X BT_HCIBTUSB BT_HCIBTUSB_BCM BT_HCIBTUSB_MTK BT_HCIBTUSB_POLL_SYNC BT_HCIBTUSB_RTL BT_HCIUART BT_HCIUART_3WIRE BT_HCIUART_AG6XX BT_HCIUART_BCSP BT_HCIUART_H4 BT_HCIUART_LL BT_HCIUART_MRVL BT_HCIUART_QCA BT_HCIUART_SERDEV BT_HCIVHCI BT_HIDP BT_HS BT_INTEL BT_LE BT_LEDS BT_LE_L2CAP_ECRED BT_MSFTEXT BT_MTK BT_QCA BT_RFCOMM BT_RFCOMM_TTY BT_RTL CACHEFILES CAIF CAIF_DEBUG CAIF_DRIVERS CAIF_NETDEV CAIF_TTY CAIF_USB CAIF_VIRTIO CAN CAN_8DEV_USB CAN_BCM CAN_CALC_BITTIMING CAN_DEV CAN_EMS_USB CAN_GS_USB CAN_GW CAN_IFI_CANFD CAN_ISOTP CAN_J1939 CAN_KVASER_USB CAN_MCBA_USB CAN_NETLINK CAN_PEAK_USB CAN_RAW CAN_RX_OFFLOAD CAN_SLCAN CAN_VCAN CAN_VXCAN CAPI_TRACE CARL9170 CARL9170_HWRNG CARL9170_LEDS CARL9170_WPC CEC_CORE CEPH_FS CEPH_FSCACHE CEPH_FS_POSIX_ACL CEPH_LIB CEPH_LIB_USE_DNS_RESOLVER CFG80211 CFG80211_CRDA_SUPPORT CFG80211_DEBUGFS CFG80211_DEFAULT_PS CFG80211_REQUIRE_SIGNED_REGDB CFG80211_USE_KERNEL_REGDB_KEYS CFG80211_WEXT CFS_BANDWIDTH CGROUP_BPF CHARGER_BQ24190 CHARGER_ISP1704 CHR_DEV_ST CIFS CIFS_ALLOW_INSECURE_LEGACY CIFS_DEBUG CIFS_DFS_UPCALL CIFS_FSCACHE CIFS_POSIX CIFS_SMB_DIRECT CIFS_SWN_UPCALL CIFS_UPCALL CIFS_XATTR CLOSURES CLS_U32_MARK CLS_U32_PERF CMA CMA_SIZE_SEL_MBYTES CMDLINE_PARTITION COMEDI COMEDI_DT9812 COMEDI_NI_USB6501 COMEDI_USBDUX COMEDI_USBDUXFAST COMEDI_USBDUXSIGMA COMEDI_USB_DRIVERS COMEDI_VMK80XX COMPAT_NETLINK_MESSAGES COUNTER CRAMFS CRAMFS_BLOCKDEV CRAMFS_MTD CRC4 CRC64 CRC64_ROCKSOFT CRC7 CRC8 CRC_ITU_T CRC_T10DIF CRYPTO_ADIANTUM CRYPTO_AEGIS128 CRYPTO_AEGIS128_AESNI_SSE2 CRYPTO_AES_NI_INTEL CRYPTO_AES_TI CRYPTO_ANSI_CPRNG CRYPTO_ANUBIS CRYPTO_ARC4 CRYPTO_ARCH_HAVE_LIB_BLAKE2S CRYPTO_ARCH_HAVE_LIB_CHACHA CRYPTO_ARCH_HAVE_LIB_CURVE25519 CRYPTO_ARCH_HAVE_LIB_POLY1305 CRYPTO_ARIA CRYPTO_ARIA_AESNI_AVX_X86_64 CRYPTO_BLAKE2B CRYPTO_BLAKE2S_X86 CRYPTO_BLOWFISH CRYPTO_BLOWFISH_COMMON CRYPTO_BLOWFISH_X86_64 CRYPTO_CAMELLIA CRYPTO_CAMELLIA_AESNI_AVX2_X86_64 CRYPTO_CAMELLIA_AESNI_AVX_X86_64 CRYPTO_CAMELLIA_X86_64 CRYPTO_CAST5 CRYPTO_CAST5_AVX_X86_64 CRYPTO_CAST6 CRYPTO_CAST6_AVX_X86_64 CRYPTO_CAST_COMMON CRYPTO_CHACHA20 CRYPTO_CHACHA20POLY1305 CRYPTO_CHACHA20_X86_64 CRYPTO_CRC32 CRYPTO_CRC32C_INTEL CRYPTO_CRC32_PCLMUL CRYPTO_CRC64_ROCKSOFT CRYPTO_CRCT10DIF CRYPTO_CRCT10DIF_PCLMUL CRYPTO_CRYPTD CRYPTO_CTS CRYPTO_CURVE25519 CRYPTO_CURVE25519_X86 CRYPTO_DEFLATE CRYPTO_DES CRYPTO_DES3_EDE_X86_64 CRYPTO_DEV_CCP CRYPTO_DEV_CCP_DD CRYPTO_DEV_PADLOCK CRYPTO_DEV_PADLOCK_AES CRYPTO_DEV_PADLOCK_SHA CRYPTO_DEV_QAT CRYPTO_DEV_QAT_C3XXX CRYPTO_DEV_QAT_C3XXXVF CRYPTO_DEV_QAT_C62X CRYPTO_DEV_QAT_C62XVF CRYPTO_DEV_QAT_DH895xCC CRYPTO_DEV_QAT_DH895xCCVF CRYPTO_DEV_VIRTIO CRYPTO_DH CRYPTO_DRBG_CTR CRYPTO_DRBG_HASH CRYPTO_ECC CRYPTO_ECDH CRYPTO_ECRDSA CRYPTO_ENGINE CRYPTO_ESSIV CRYPTO_FCRYPT CRYPTO_GHASH_CLMUL_NI_INTEL CRYPTO_HCTR2 CRYPTO_KDF800108_CTR CRYPTO_KEYWRAP CRYPTO_KHAZAD CRYPTO_KPP CRYPTO_LIB_ARC4 CRYPTO_LIB_CHACHA CRYPTO_LIB_CHACHA20POLY1305 CRYPTO_LIB_CHACHA_GENERIC CRYPTO_LIB_CURVE25519 CRYPTO_LIB_CURVE25519_GENERIC CRYPTO_LIB_DES CRYPTO_LIB_POLY1305 CRYPTO_LIB_POLY1305_GENERIC CRYPTO_LRW CRYPTO_MICHAEL_MIC CRYPTO_NHPOLY1305 CRYPTO_NHPOLY1305_AVX2 CRYPTO_NHPOLY1305_SSE2 CRYPTO_PCBC CRYPTO_PCRYPT CRYPTO_POLY1305 CRYPTO_POLY1305_X86_64 CRYPTO_POLYVAL CRYPTO_POLYVAL_CLMUL_NI CRYPTO_RMD160 CRYPTO_SEED CRYPTO_SERPENT CRYPTO_SERPENT_AVX2_X86_64 CRYPTO_SERPENT_AVX_X86_64 CRYPTO_SERPENT_SSE2_X86_64 CRYPTO_SHA1_SSSE3 CRYPTO_SHA256_SSSE3 CRYPTO_SHA512_SSSE3 CRYPTO_SIMD CRYPTO_SM2 CRYPTO_SM3 CRYPTO_SM3_AVX_X86_64 CRYPTO_SM4 CRYPTO_SM4_AESNI_AVX2_X86_64 CRYPTO_SM4_AESNI_AVX_X86_64 CRYPTO_SM4_GENERIC CRYPTO_STREEBOG CRYPTO_TEA CRYPTO_TWOFISH CRYPTO_TWOFISH_AVX_X86_64 CRYPTO_TWOFISH_COMMON CRYPTO_TWOFISH_X86_64 CRYPTO_TWOFISH_X86_64_3WAY CRYPTO_USER CRYPTO_USER_API CRYPTO_USER_API_AEAD CRYPTO_USER_API_ENABLE_OBSOLETE CRYPTO_USER_API_HASH CRYPTO_USER_API_RNG CRYPTO_USER_API_SKCIPHER CRYPTO_VMAC CRYPTO_WP512 CRYPTO_XCBC CRYPTO_XCTR CRYPTO_XTS CRYPTO_XXHASH CUSE CYPRESS_FIRMWARE DAMON DAMON_DBGFS DAMON_PADDR DAMON_RECLAIM DAMON_VADDR DAX DCA DCB DEFAULT_PFIFO_FAST DEVICE_MIGRATION DEVICE_PRIVATE DEV_COREDUMP DEV_DAX DIMLIB DLN2_ADC DMABUF_HEAPS DMABUF_HEAPS_CMA DMABUF_HEAPS_SYSTEM DMABUF_MOVE_NOTIFY DMA_CMA DMA_ENGINE_RAID DM_AUDIT DM_BIO_PRISON DM_BUFIO DM_CACHE DM_CACHE_SMQ DM_CLONE DM_CRYPT DM_FLAKEY DM_INTEGRITY DM_MULTIPATH DM_MULTIPATH_QL DM_MULTIPATH_ST DM_PERSISTENT_DATA DM_RAID DM_SNAPSHOT DM_THIN_PROVISIONING DM_UEVENT DM_VERITY DM_VERITY_FEC DM_WRITECACHE DM_ZONED DRAGONRISE_FF DRM DRM_BOCHS DRM_BUDDY ENCRYPTED_KEYS EXTCON FSCACHE FUSE_FS GPIOLIB HAMRADIO HID_DRAGONRISE IIO INFINIBAND INFINIBAND_ADDR_TRANS INFINIBAND_RTRS_CLIENT IOSCHED_BFQ ISDN ISDN_CAPI LIBNVDIMM MAC80211 MAC80211_DEBUGFS MAC80211_LEDS MEDIA_SUPPORT MEMORY_HOTPLUG MEMORY_HOTREMOVE MFD_DLN2 MTD NET_CLS_U32 NET_SCH_DEFAULT PARTITION_ADVANCED RFKILL SERIAL_DEV_BUS TLS TLS_DEVICE TRANSPARENT_HUGEPAGE TRUSTED_KEYS USB_GADGET USB_PHY VLAN_8021Q WANT_COMPAT_NETLINK_MESSAGES WEXT_CORE WIRELESS WIRELESS_EXT WLAN WLAN_VENDOR_ATH X86_HAVE_PAE X86_X32_ABI ZONE_DEVICE]
disabling configs for [ATOMIC_SLEEP HANG LEAK UBSAN BUG KASAN LOCKDEP], they are not needed
picked [v6.7 v6.6 v6.5 v6.3 v6.1 v5.19 v5.17 v5.15 v5.12 v5.9 v5.6 v5.3 v5.0 v4.19] out of 30 release tags
testing release v6.7
testing commit 0dd3ee31125508cd67f7e7172247f05b7fd1753a gcc
compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 552245e3d73655efe09575883842040a4b2bb34ccb0f033ca6134ee3af9aeb96
all runs: OK
false negative chance: 0.000
# git bisect start d47b9f68d2899b390a3655f2365f332a63396adf 0dd3ee31125508cd67f7e7172247f05b7fd1753a
Bisecting: 6191 revisions left to test after this (roughly 13 steps)
[bf4e7080aeed29354cb156a8eb5d221ab2b6a8cc] Merge tag 'pull-rename' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs

testing commit bf4e7080aeed29354cb156a8eb5d221ab2b6a8cc gcc
compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: b9db23b7ffad3278f8a6a1e95e444d175f548b4b21987c29e1733553274fe5f1
all runs: OK
false negative chance: 0.000
# git bisect good bf4e7080aeed29354cb156a8eb5d221ab2b6a8cc
Bisecting: 3081 revisions left to test after this (roughly 12 steps)
[c736c9a9553f9cfcb1b03e65f91bc29fc6446fd3] Merge tag 'clk-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/clk/linux

testing commit c736c9a9553f9cfcb1b03e65f91bc29fc6446fd3 gcc
compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 78c6b5b383c856ef85e96c13d247e2c718bec13b42ea3a05a2226a731273a4ce
all runs: OK
false negative chance: 0.000
# git bisect good c736c9a9553f9cfcb1b03e65f91bc29fc6446fd3
Bisecting: 1614 revisions left to test after this (roughly 11 steps)
[e1aa9df440186af73a9e690244eb49cbc99f36ac] Merge tag 'pci-v6.8-changes' of git://git.kernel.org/pub/scm/linux/kernel/git/pci/pci

testing commit e1aa9df440186af73a9e690244eb49cbc99f36ac gcc
compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: a4abc1ca71258b498c4d0f77fffe154e8c4abe1c819d26693e4bcb251916e805
all runs: OK
false negative chance: 0.000
# git bisect good e1aa9df440186af73a9e690244eb49cbc99f36ac
Bisecting: 817 revisions left to test after this (roughly 10 steps)
[bd736f38c014ba70ba7ec3bdc6af6fe5368d6612] Merge tag 'tty-6.8-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty

testing commit bd736f38c014ba70ba7ec3bdc6af6fe5368d6612 gcc
compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 23e5e0b95579c1adea81ad71dfafcb21f5a8738f11c11f4c65baf2a7ad3a4004
all runs: OK
false negative chance: 0.000
# git bisect good bd736f38c014ba70ba7ec3bdc6af6fe5368d6612
Bisecting: 386 revisions left to test after this (roughly 9 steps)
[db5ccb9eb23189e99e244a4915dd31eedd8d428b] Merge tag 'cxl-for-6.8' of git://git.kernel.org/pub/scm/linux/kernel/git/cxl/cxl

testing commit db5ccb9eb23189e99e244a4915dd31eedd8d428b gcc
compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: a12a7b0e12a6caf879cb2c49552a42ce628e71587c0b8bab4dbdc01dab2681d0
all runs: OK
false negative chance: 0.000
# git bisect good db5ccb9eb23189e99e244a4915dd31eedd8d428b
Bisecting: 185 revisions left to test after this (roughly 8 steps)
[ed8d84530ab0a3b7b370e8b28f12179314dcfcc3] Merge tag 'i2c-for-6.8-rc1-rebased' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux

testing commit ed8d84530ab0a3b7b370e8b28f12179314dcfcc3 gcc
compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: b8f92edb99506935f0093e8a07c019da1f7a622e92b48d8eb7ad040cf7fccf9f
all runs: OK
false negative chance: 0.000
# git bisect good ed8d84530ab0a3b7b370e8b28f12179314dcfcc3
Bisecting: 86 revisions left to test after this (roughly 7 steps)
[925781a471d8156011e8f8c1baf61bbe020dac55] Merge tag 'nf-24-01-18' of git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf

testing commit 925781a471d8156011e8f8c1baf61bbe020dac55 gcc
compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: f13aa197a90941532db63a868e884435f55b0af06a9fa8256c733a6c2c68aeb8
all runs: OK
false negative chance: 0.000
# git bisect good 925781a471d8156011e8f8c1baf61bbe020dac55
Bisecting: 43 revisions left to test after this (roughly 6 steps)
[e472f88891abbc535a5e16a68a104073985f6061] bpf: tcp: Support arbitrary SYN Cookie.

testing commit e472f88891abbc535a5e16a68a104073985f6061 gcc
compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: ba4c6b516e3b0ea9f83a1c6ac3a7384a4bb1c57bf1cb81af88e46c6553918b2c
all runs: OK
false negative chance: 0.000
# git bisect good e472f88891abbc535a5e16a68a104073985f6061
Bisecting: 21 revisions left to test after this (roughly 5 steps)
[b7896486688af36e3bc5e27a6d5369cc5dcbcf69] selftests/bpf: Add fill_link_info test for perf event

testing commit b7896486688af36e3bc5e27a6d5369cc5dcbcf69 gcc
compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 8fc8105ebcc127770b3ed33654e6b22b9e329406dc0d4a3058e31a20aafd13fe
all runs: OK
false negative chance: 0.000
# git bisect good b7896486688af36e3bc5e27a6d5369cc5dcbcf69
Bisecting: 10 revisions left to test after this (roughly 4 steps)
[fcc2c1fb0651477c8ed78a3a293c175ccd70697a] bpf: pass attached BTF to the bpf_struct_ops subsystem

testing commit fcc2c1fb0651477c8ed78a3a293c175ccd70697a gcc
compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 14ef88e9e6218393524f539aba55de8e294f86e57ef6e96d391f6c0d8844abd6
all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in btf_get
representative crash: BUG: unable to handle kernel NULL pointer dereference in btf_get, types: [UNKNOWN]
# git bisect bad fcc2c1fb0651477c8ed78a3a293c175ccd70697a
Bisecting: 5 revisions left to test after this (roughly 3 steps)
[95678395386d45fa0a075d2e7a6866326a469d76] bpf: get type information with BTF_ID_LIST

testing commit 95678395386d45fa0a075d2e7a6866326a469d76 gcc
compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 863a819865e72b818d2f13b67a392d4918a52e5da8bd73b4b80030b68a088263
all runs: OK
false negative chance: 0.000
# git bisect good 95678395386d45fa0a075d2e7a6866326a469d76
Bisecting: 2 revisions left to test after this (roughly 2 steps)
[47f4f657acd5d04c78c5c5ac7022cba9ce3b4a7d] bpf: make struct_ops_map support btfs other than btf_vmlinux.

testing commit 47f4f657acd5d04c78c5c5ac7022cba9ce3b4a7d gcc
compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 46a325ef5f0435c684ef3687f6d11cdfa96303cfdd41f22a3a2602be8b7b5304
all runs: OK
false negative chance: 0.000
# git bisect good 47f4f657acd5d04c78c5c5ac7022cba9ce3b4a7d
Bisecting: 0 revisions left to test after this (roughly 1 step)
[689423db3bda2244c24db8a64de4cdb37be1de41] bpf: lookup struct_ops types from a given module BTF.

testing commit 689423db3bda2244c24db8a64de4cdb37be1de41 gcc
compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: a14f8ae2a27c33b003a3e789286321143ad232ec6d6f7555f846138036df230c
all runs: OK
false negative chance: 0.000
# git bisect good 689423db3bda2244c24db8a64de4cdb37be1de41
fcc2c1fb0651477c8ed78a3a293c175ccd70697a is the first bad commit
commit fcc2c1fb0651477c8ed78a3a293c175ccd70697a
Author: Kui-Feng Lee <thinker.li@gmail.com>
Date:   Fri Jan 19 14:49:59 2024 -0800

    bpf: pass attached BTF to the bpf_struct_ops subsystem
    
    Pass the fd of a btf from the userspace to the bpf() syscall, and then
    convert the fd into a btf. The btf is generated from the module that
    defines the target BPF struct_ops type.
    
    In order to inform the kernel about the module that defines the target
    struct_ops type, the userspace program needs to provide a btf fd for the
    respective module's btf. This btf contains essential information on the
    types defined within the module, including the target struct_ops type.
    
    A btf fd must be provided to the kernel for struct_ops maps and for the bpf
    programs attached to those maps.
    
    In the case of the bpf programs, the attach_btf_obj_fd parameter is passed
    as part of the bpf_attr and is converted into a btf. This btf is then
    stored in the prog->aux->attach_btf field. Here, it just let the verifier
    access attach_btf directly.
    
    In the case of struct_ops maps, a btf fd is passed as value_type_btf_obj_fd
    of bpf_attr. The bpf_struct_ops_map_alloc() function converts the fd to a
    btf and stores it as st_map->btf. A flag BPF_F_VTYPE_BTF_OBJ_FD is added
    for map_flags to indicate that the value of value_type_btf_obj_fd is set.
    
    Signed-off-by: Kui-Feng Lee <thinker.li@gmail.com>
    Link: https://lore.kernel.org/r/20240119225005.668602-9-thinker.li@gmail.com
    Signed-off-by: Martin KaFai Lau <martin.lau@kernel.org>

 include/uapi/linux/bpf.h       |  8 ++++++
 kernel/bpf/bpf_struct_ops.c    | 65 ++++++++++++++++++++++++++++++------------
 kernel/bpf/syscall.c           |  2 +-
 kernel/bpf/verifier.c          |  9 ++++--
 tools/include/uapi/linux/bpf.h |  8 ++++++
 5 files changed, 70 insertions(+), 22 deletions(-)

accumulated error probability: 0.00
culprit signature: 14ef88e9e6218393524f539aba55de8e294f86e57ef6e96d391f6c0d8844abd6
parent  signature: a14f8ae2a27c33b003a3e789286321143ad232ec6d6f7555f846138036df230c
revisions tested: 21, total time: 8h23m1.562284186s (build: 5h6m1.869783317s, test: 2h59m35.657718262s)
first bad commit: fcc2c1fb0651477c8ed78a3a293c175ccd70697a bpf: pass attached BTF to the bpf_struct_ops subsystem
recipients (to): ["linux-kernel@vger.kernel.org" "martin.lau@kernel.org" "thinker.li@gmail.com"]
recipients (cc): ["andrii@kernel.org" "ast@kernel.org" "bpf@vger.kernel.org" "daniel@iogearbox.net" "haoluo@google.com" "john.fastabend@gmail.com" "jolsa@kernel.org" "kpsingh@kernel.org" "martin.lau@linux.dev" "netdev@vger.kernel.org" "sdf@google.com" "song@kernel.org" "yonghong.song@linux.dev"]
crash: BUG: unable to handle kernel NULL pointer dereference in btf_get
BUG: kernel NULL pointer dereference, address: 0000000000000054
#PF: supervisor write access in kernel mode
#PF: error_code(0x0002) - not-present page
PGD 10d7dd067 P4D 10d7dd067 PUD 10d7fb067 PMD 0 
Oops: 0002 [#1] PREEMPT SMP
CPU: 0 PID: 2370 Comm: syz-executor.0 Not tainted 6.7.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023
RIP: 0010:arch_atomic_fetch_add arch/x86/include/asm/atomic.h:97 [inline]
RIP: 0010:raw_atomic_fetch_add_relaxed include/linux/atomic/atomic-arch-fallback.h:749 [inline]
RIP: 0010:atomic_fetch_add_relaxed include/linux/atomic/atomic-instrumented.h:253 [inline]
RIP: 0010:__refcount_add include/linux/refcount.h:182 [inline]
RIP: 0010:__refcount_inc include/linux/refcount.h:239 [inline]
RIP: 0010:refcount_inc include/linux/refcount.h:256 [inline]
RIP: 0010:btf_get+0xd/0x40 kernel/bpf/btf.c:1733
Code: 03 47 20 c3 66 0f 1f 84 00 00 00 00 00 66 0f 1f 00 48 8d 87 a0 00 00 00 c3 0f 1f 40 00 66 0f 1f 00 48 8d 4f 54 b8 01 00 00 00 <f0> 0f c1 47 54 85 c0 74 15 8d 50 01 09 c2 78 01 c3 be 01 00 00 00
RSP: 0018:ffffc90002807d60 EFLAGS: 00010207
RAX: 0000000000000001 RBX: 0000000000000000 RCX: 0000000000000054
RDX: 0000000000000000 RSI: ffffffff83495d80 RDI: 0000000000000000
RBP: ffffc90002807e40 R08: ffffffff83495d80 R09: 0000000000000004
R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000002
R13: 000000000000001a R14: ffffffff82a2b9c0 R15: 0000000000000000
FS:  00007ff871b156c0(0000) GS:ffff888237c00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000054 CR3: 000000010db04000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 bpf_struct_ops_map_alloc+0x93/0x1f0 kernel/bpf/bpf_struct_ops.c:702
 map_create+0x15c/0x750 kernel/bpf/syscall.c:1237
 __sys_bpf+0x5c7/0x2850 kernel/bpf/syscall.c:5445
 __do_sys_bpf kernel/bpf/syscall.c:5567 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5565 [inline]
 __x64_sys_bpf+0x19/0x20 kernel/bpf/syscall.c:5565
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0x71/0x1a0 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x63/0x6b
RIP: 0033:0x7ff870e7cda9
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ff871b150c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007ff870fabf80 RCX: 00007ff870e7cda9
RDX: 0000000000000048 RSI: 00000000200004c0 RDI: 0000000000000000
RBP: 00007ff870ec947a R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000006 R14: 00007ff870fabf80 R15: 00007fff0a368b68
 </TASK>
Modules linked in:
CR2: 0000000000000054
---[ end trace 0000000000000000 ]---
RIP: 0010:arch_atomic_fetch_add arch/x86/include/asm/atomic.h:97 [inline]
RIP: 0010:raw_atomic_fetch_add_relaxed include/linux/atomic/atomic-arch-fallback.h:749 [inline]
RIP: 0010:atomic_fetch_add_relaxed include/linux/atomic/atomic-instrumented.h:253 [inline]
RIP: 0010:__refcount_add include/linux/refcount.h:182 [inline]
RIP: 0010:__refcount_inc include/linux/refcount.h:239 [inline]
RIP: 0010:refcount_inc include/linux/refcount.h:256 [inline]
RIP: 0010:btf_get+0xd/0x40 kernel/bpf/btf.c:1733
Code: 03 47 20 c3 66 0f 1f 84 00 00 00 00 00 66 0f 1f 00 48 8d 87 a0 00 00 00 c3 0f 1f 40 00 66 0f 1f 00 48 8d 4f 54 b8 01 00 00 00 <f0> 0f c1 47 54 85 c0 74 15 8d 50 01 09 c2 78 01 c3 be 01 00 00 00
RSP: 0018:ffffc90002807d60 EFLAGS: 00010207
RAX: 0000000000000001 RBX: 0000000000000000 RCX: 0000000000000054
RDX: 0000000000000000 RSI: ffffffff83495d80 RDI: 0000000000000000
RBP: ffffc90002807e40 R08: ffffffff83495d80 R09: 0000000000000004
R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000002
R13: 000000000000001a R14: ffffffff82a2b9c0 R15: 0000000000000000
FS:  00007ff871b156c0(0000) GS:ffff888237c00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000054 CR3: 000000010db04000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
----------------
Code disassembly (best guess):
   0:	03 47 20             	add    0x20(%rdi),%eax
   3:	c3                   	ret
   4:	66 0f 1f 84 00 00 00 	nopw   0x0(%rax,%rax,1)
   b:	00 00
   d:	66 0f 1f 00          	nopw   (%rax)
  11:	48 8d 87 a0 00 00 00 	lea    0xa0(%rdi),%rax
  18:	c3                   	ret
  19:	0f 1f 40 00          	nopl   0x0(%rax)
  1d:	66 0f 1f 00          	nopw   (%rax)
  21:	48 8d 4f 54          	lea    0x54(%rdi),%rcx
  25:	b8 01 00 00 00       	mov    $0x1,%eax
* 2a:	f0 0f c1 47 54       	lock xadd %eax,0x54(%rdi) <-- trapping instruction
  2f:	85 c0                	test   %eax,%eax
  31:	74 15                	je     0x48
  33:	8d 50 01             	lea    0x1(%rax),%edx
  36:	09 c2                	or     %eax,%edx
  38:	78 01                	js     0x3b
  3a:	c3                   	ret
  3b:	be 01 00 00 00       	mov    $0x1,%esi