ci2 starts bisection 2024-06-03 15:40:57.386134831 +0000 UTC m=+25777.021873351 bisecting fixing commit since 92432f07d6635531a982c0d4c7ea1274915aac67 building syzkaller on d9b1cdd561af5d0795ce39a120b819f6e3687830 ensuring issue is reproducible on original commit 92432f07d6635531a982c0d4c7ea1274915aac67 testing commit 92432f07d6635531a982c0d4c7ea1274915aac67 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 54000b50d1f2f9e784c337d368dceb00e80fd425c7212536d407fc95703ceb5a all runs: crashed: BUG: unable to handle kernel paging request in bpf_probe_read_kernel_str representative crash: BUG: unable to handle kernel paging request in bpf_probe_read_kernel_str, types: [UNKNOWN] check whether we can drop unnecessary instrumentation disabling configs for [ATOMIC_SLEEP HANG LEAK UBSAN BUG KASAN LOCKDEP], they are not needed testing commit 92432f07d6635531a982c0d4c7ea1274915aac67 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 8254da96e5d30995a88de155054aa3eef3e29d8b8c5cf0f907f3bbb7c04e5a11 all runs: crashed: BUG: unable to handle kernel paging request in bpf_probe_read_kernel_str representative crash: BUG: unable to handle kernel paging request in bpf_probe_read_kernel_str, types: [UNKNOWN] the bug reproduces without the instrumentation disabling configs for [LEAK UBSAN BUG KASAN LOCKDEP ATOMIC_SLEEP HANG], they are not needed kconfig minimization: base=5179 full=6492 leaves diff=255 split chunks (needed=false): <255> split chunk #0 of len 255 into 5 parts testing without sub-chunk 1/5 disabling configs for [HANG LEAK UBSAN BUG KASAN LOCKDEP ATOMIC_SLEEP], they are not needed testing commit 92432f07d6635531a982c0d4c7ea1274915aac67 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 7d34db4ddf40b6f825047c28b9f004229b307f54788409b390d33617da0123a3 all runs: crashed: BUG: unable to handle kernel paging request in bpf_probe_read_kernel_str representative crash: BUG: unable to handle kernel paging request in bpf_probe_read_kernel_str, types: [UNKNOWN] the chunk can be dropped testing without sub-chunk 2/5 disabling configs for [HANG LEAK UBSAN BUG KASAN LOCKDEP ATOMIC_SLEEP], they are not needed testing commit 92432f07d6635531a982c0d4c7ea1274915aac67 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: dacd4af8745f4d9218290c8736064d3854a7402da25a71e6045d7ebbdaea8f77 all runs: crashed: BUG: unable to handle kernel paging request in bpf_probe_read_kernel_str representative crash: BUG: unable to handle kernel paging request in bpf_probe_read_kernel_str, types: [UNKNOWN] the chunk can be dropped testing without sub-chunk 3/5 disabling configs for [HANG LEAK UBSAN BUG KASAN LOCKDEP ATOMIC_SLEEP], they are not needed testing commit 92432f07d6635531a982c0d4c7ea1274915aac67 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: cc2601ea70f9d9f19b41f137f89a1b1c7cbf58545b98b00a5bad433611516191 all runs: crashed: BUG: unable to handle kernel paging request in bpf_probe_read_kernel_str representative crash: BUG: unable to handle kernel paging request in bpf_probe_read_kernel_str, types: [UNKNOWN] the chunk can be dropped testing without sub-chunk 4/5 disabling configs for [HANG LEAK UBSAN BUG KASAN LOCKDEP ATOMIC_SLEEP], they are not needed testing commit 92432f07d6635531a982c0d4c7ea1274915aac67 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: caabafd0e053057a7b18af9f5b63785a38ea66b1f246bb7ddd227e2442d2d8c8 all runs: crashed: BUG: unable to handle kernel paging request in bpf_probe_read_kernel_str representative crash: BUG: unable to handle kernel paging request in bpf_probe_read_kernel_str, types: [UNKNOWN] the chunk can be dropped testing without sub-chunk 5/5 disabling configs for [HANG LEAK UBSAN BUG KASAN LOCKDEP ATOMIC_SLEEP], they are not needed testing commit 92432f07d6635531a982c0d4c7ea1274915aac67 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 failed building 92432f07d6635531a982c0d4c7ea1274915aac67: net/socket.c:1242: undefined reference to `wext_handle_ioctl' net/socket.c:3437: undefined reference to `compat_wext_handle_ioctl' net/core/net-procfs.c:329: undefined reference to `wext_proc_init' net/core/net-procfs.c:345: undefined reference to `wext_proc_exit' minimized to 51 configs; suspects: [HID_ZEROPLUS USB_NET_DM9601 USB_NET_GL620A USB_NET_MCS7830 USB_NET_NET1080 USB_NET_PLUSB USB_NET_RNDIS_HOST USB_NET_SMSC75XX USB_NET_SMSC95XX USB_NET_SR9700 USB_NET_SR9800 USB_NET_ZAURUS USB_OHCI_HCD USB_OHCI_HCD_PCI USB_OHCI_HCD_PLATFORM USB_OTG USB_OTG_FSM USB_PRINTER USB_SERIAL_GENERIC USB_SERIAL_PL2303 USB_STORAGE_ALAUDA USB_STORAGE_CYPRESS_ATACB USB_STORAGE_DATAFAB USB_STORAGE_FREECOM USB_STORAGE_ISD200 USB_STORAGE_JUMPSHOT USB_STORAGE_KARMA USB_STORAGE_ONETOUCH USB_STORAGE_SDDR09 USB_STORAGE_SDDR55 USB_STORAGE_USBAT USB_TRANCEVIBRATOR USB_U_AUDIO USB_U_ETHER USB_U_SERIAL USB_WDM V4L2_ASYNC V4L2_FWNODE VIDEO_CAMERA_SENSOR WLAN WLAN_VENDOR_ATH WLAN_VENDOR_ATMEL WLAN_VENDOR_BROADCOM WLAN_VENDOR_INTERSIL WLAN_VENDOR_MARVELL WLAN_VENDOR_MEDIATEK WLAN_VENDOR_MICROCHIP WLAN_VENDOR_PURELIFI WLAN_VENDOR_RALINK WLAN_VENDOR_REALTEK WLAN_VENDOR_RSI WLAN_VENDOR_SILABS WLAN_VENDOR_ZYDAS X86_X32_ABI ZEROPLUS_FF] disabling configs for [LOCKDEP ATOMIC_SLEEP HANG LEAK UBSAN BUG KASAN], they are not needed testing current HEAD a7462d7032e5ed971980180c6a5aadc8ad700331 testing commit a7462d7032e5ed971980180c6a5aadc8ad700331 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 904294a2569e4d6ab1f34be355200ff25955cd7d01bc2c5691c34bb54c6e7056 all runs: crashed: BUG: unable to handle kernel paging request in bpf_probe_read_kernel_str representative crash: BUG: unable to handle kernel paging request in bpf_probe_read_kernel_str, types: [UNKNOWN] crash still not fixed/happens on the oldest tested release revisions tested: 7, total time: 39m54.194431043s (build: 18m2.858089488s, test: 19m18.5526154s) crash still not fixed or there were kernel test errors commit msg: ANDROID: ABI fixup for abi break in struct dst_ops crash: BUG: unable to handle kernel paging request in bpf_probe_read_kernel_str BUG: unable to handle page fault for address: ffffffffff600000 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 300e067 P4D 300e067 PUD 3010067 PMD 3012067 PTE 0 Oops: 0000 [#1] PREEMPT SMP CPU: 0 PID: 6 Comm: kworker/0:0 Not tainted 6.1.78-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 Workqueue: wg-crypt-wg1 wg_packet_tx_worker RIP: 0010:strncpy_from_kernel_nofault+0x42/0x80 mm/maccess.c:91 Code: 89 f7 48 89 d6 e8 de 4d dc ff 89 c1 48 c7 c0 de ff ff ff 84 c9 74 33 65 48 8b 35 b9 48 ce 7e ff 86 58 0b 00 00 31 c0 48 89 c2 <41> 8a 0c 07 41 88 0c 16 48 8d 42 01 84 c9 74 05 48 39 d8 7c e8 ff RSP: 0018:ffffc90000003d60 EFLAGS: 00010246 RAX: 0000000000000000 RBX: 0000000000000005 RCX: 00000000ff600001 RDX: 0000000000000000 RSI: ffff888100208000 RDI: ffffffffff600000 RBP: ffffc90000003d78 R08: ffff88810ba2a3c0 R09: 00000000800c000a R10: ffff888100182900 R11: ffff88810ba2a3c0 R12: ffff888237c2bc00 R13: ffff888100208000 R14: ffffc90000003db0 R15: ffffffffff600000 FS: 0000000000000000(0000) GS:ffff888237c00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: ffffffffff600000 CR3: 000000010bad4000 CR4: 00000000003506b0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: bpf_probe_read_kernel_str_common kernel/trace/bpf_trace.c:265 [inline] ____bpf_probe_read_kernel_str kernel/trace/bpf_trace.c:274 [inline] bpf_probe_read_kernel_str+0x1a/0x40 kernel/trace/bpf_trace.c:271 bpf_prog_ef3a4661c9d1378e+0x42/0x44 bpf_dispatcher_nop_func include/linux/bpf.h:987 [inline] __bpf_prog_run include/linux/filter.h:600 [inline] bpf_prog_run include/linux/filter.h:607 [inline] __bpf_trace_run kernel/trace/bpf_trace.c:2275 [inline] bpf_trace_run2+0x4f/0xc0 kernel/trace/bpf_trace.c:2314 __bpf_trace_kfree+0x9/0x10 include/trace/events/kmem.h:94 trace_kfree include/trace/events/kmem.h:94 [inline] kfree+0xce/0xf0 mm/slab_common.c:996 ip_dst_metrics_put include/net/ip.h:524 [inline] ip6_dst_destroy+0x34/0x140 net/ipv6/route.c:363 dst_destroy+0x4f/0x130 net/core/dst.c:119 dst_destroy_rcu+0xd/0x10 net/core/dst.c:140 rcu_do_batch+0x1ae/0x400 kernel/rcu/tree.c:2296 rcu_core+0x193/0x4c0 kernel/rcu/tree.c:2556 rcu_core_si+0x9/0x10 kernel/rcu/tree.c:2573 __do_softirq+0x11b/0x31e kernel/softirq.c:617 do_softirq+0x81/0xc0 kernel/softirq.c:499 __local_bh_enable_ip+0x63/0x70 kernel/softirq.c:423 local_bh_enable include/linux/bottom_half.h:33 [inline] rcu_read_unlock_bh include/linux/rcupdate.h:838 [inline] mod_peer_timer drivers/net/wireguard/timers.c:38 [inline] wg_timers_any_authenticated_packet_traversal+0x6c/0x80 drivers/net/wireguard/timers.c:215 wg_packet_create_data_done drivers/net/wireguard/send.c:247 [inline] wg_packet_tx_worker+0xae/0x1d0 drivers/net/wireguard/send.c:276 process_one_work+0x1b2/0x380 kernel/workqueue.c:2299 worker_thread+0x222/0x390 kernel/workqueue.c:2446 kthread+0xda/0xf0 kernel/kthread.c:386 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:306 Modules linked in: CR2: ffffffffff600000 ---[ end trace 0000000000000000 ]--- RIP: 0010:strncpy_from_kernel_nofault+0x42/0x80 mm/maccess.c:91 Code: 89 f7 48 89 d6 e8 de 4d dc ff 89 c1 48 c7 c0 de ff ff ff 84 c9 74 33 65 48 8b 35 b9 48 ce 7e ff 86 58 0b 00 00 31 c0 48 89 c2 <41> 8a 0c 07 41 88 0c 16 48 8d 42 01 84 c9 74 05 48 39 d8 7c e8 ff RSP: 0018:ffffc90000003d60 EFLAGS: 00010246 RAX: 0000000000000000 RBX: 0000000000000005 RCX: 00000000ff600001 RDX: 0000000000000000 RSI: ffff888100208000 RDI: ffffffffff600000 RBP: ffffc90000003d78 R08: ffff88810ba2a3c0 R09: 00000000800c000a R10: ffff888100182900 R11: ffff88810ba2a3c0 R12: ffff888237c2bc00 R13: ffff888100208000 R14: ffffc90000003db0 R15: ffffffffff600000 FS: 0000000000000000(0000) GS:ffff888237c00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: ffffffffff600000 CR3: 000000010bad4000 CR4: 00000000003506b0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 ---------------- Code disassembly (best guess): 0: 89 f7 mov %esi,%edi 2: 48 89 d6 mov %rdx,%rsi 5: e8 de 4d dc ff call 0xffdc4de8 a: 89 c1 mov %eax,%ecx c: 48 c7 c0 de ff ff ff mov $0xffffffffffffffde,%rax 13: 84 c9 test %cl,%cl 15: 74 33 je 0x4a 17: 65 48 8b 35 b9 48 ce mov %gs:0x7ece48b9(%rip),%rsi # 0x7ece48d8 1e: 7e 1f: ff 86 58 0b 00 00 incl 0xb58(%rsi) 25: 31 c0 xor %eax,%eax 27: 48 89 c2 mov %rax,%rdx * 2a: 41 8a 0c 07 mov (%r15,%rax,1),%cl <-- trapping instruction 2e: 41 88 0c 16 mov %cl,(%r14,%rdx,1) 32: 48 8d 42 01 lea 0x1(%rdx),%rax 36: 84 c9 test %cl,%cl 38: 74 05 je 0x3f 3a: 48 39 d8 cmp %rbx,%rax 3d: 7c e8 jl 0x27 3f: ff .byte 0xff