ci starts bisection 2023-03-15 05:40:08.136535695 +0000 UTC m=+76167.163239260
bisecting cause commit starting from 3c2611bac08a834697be918ac357eaff2e47d5b3
building syzkaller on 0d5c4377b3122ec946edab50132de6cdde9eac4d
ensuring issue is reproducible on original commit 3c2611bac08a834697be918ac357eaff2e47d5b3

testing commit 3c2611bac08a834697be918ac357eaff2e47d5b3 gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: a1eb69fc3aadedfba95a9e2c469c5b7781a783d35ae6c392c33bab7d0d8ab873
all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in __build_skb_around
testing release v6.2
testing commit c9c3395d5e3dcc6daee66c6908354d47bf98cb0c gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: e19653c5a26cfefb7e4d77c2868c7c987ec0e0d1b07fbb4da9f55e3088a3b8d4
all runs: OK
# git bisect start 3c2611bac08a834697be918ac357eaff2e47d5b3 c9c3395d5e3dcc6daee66c6908354d47bf98cb0c
Bisecting: 6519 revisions left to test after this (roughly 13 steps)
[28e335208ce90c2cca9990543983b97ccc66f302] Merge tag 'xfs-6.3-merge-2' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux

testing commit 28e335208ce90c2cca9990543983b97ccc66f302 gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 3d5660163a206a8afbdb0d1fe1021dc217bd7800d3c9df9dd4591124a9185935
all runs: OK
# git bisect good 28e335208ce90c2cca9990543983b97ccc66f302
Bisecting: 3178 revisions left to test after this (roughly 12 steps)
[0601f25d1c4937c678db786961705ce56fbd6bb6] Merge tag 'staging-6.3-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging

testing commit 0601f25d1c4937c678db786961705ce56fbd6bb6 gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 6255a87401795a859096bbe940aded0dc1bce90315875b2967e02958036e46dd
all runs: OK
# git bisect good 0601f25d1c4937c678db786961705ce56fbd6bb6
Bisecting: 1549 revisions left to test after this (roughly 11 steps)
[49d575926890e6ada930bf6f06d62b2fde8fce95] Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm

testing commit 49d575926890e6ada930bf6f06d62b2fde8fce95 gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: e333ca62436740ab52d4bff4d849087d10eb66d6bc1cf4f636358c085d43038d
all runs: OK
# git bisect good 49d575926890e6ada930bf6f06d62b2fde8fce95
Bisecting: 709 revisions left to test after this (roughly 10 steps)
[4b8c673b761e74add4fd185d806ac16c9b40158f] Merge tag 'media/v6.3-1' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media

testing commit 4b8c673b761e74add4fd185d806ac16c9b40158f gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: e5d5fc5aa0c2a37c4b694595b002f705002db7fdbe50be66df9c3ff33acb0b18
all runs: OK
# git bisect good 4b8c673b761e74add4fd185d806ac16c9b40158f
Bisecting: 278 revisions left to test after this (roughly 9 steps)
[11c70529983e8136ea1bd5c32e4f9cd14503c644] Merge tag 'soc-drivers-6.3' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc

testing commit 11c70529983e8136ea1bd5c32e4f9cd14503c644 gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: b57b41ad2fc9e722497f2f11e315dea792fe38e69611ee288be5e08456b21e2d
all runs: OK
# git bisect good 11c70529983e8136ea1bd5c32e4f9cd14503c644
Bisecting: 107 revisions left to test after this (roughly 7 steps)
[36e5e391a25af28dc1f4586f95d577b38ff4ed72] Merge tag 'for-netdev' of https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next

testing commit 36e5e391a25af28dc1f4586f95d577b38ff4ed72 gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 3df73d65e2a808efd369d567a63ec9c562573e92f78d396a692be94a6979d22c
all runs: OK
# git bisect good 36e5e391a25af28dc1f4586f95d577b38ff4ed72
Bisecting: 53 revisions left to test after this (roughly 6 steps)
[57400dcce6c2cf3985120c4ee28b37a1f4238dbb] selftests/bpf: add iterators tests

testing commit 57400dcce6c2cf3985120c4ee28b37a1f4238dbb gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: ef078070e3496f9dd1d2fb6a260272f11143cf5135d6f0a9025b97a7d2cc5848
all runs: OK
# git bisect good 57400dcce6c2cf3985120c4ee28b37a1f4238dbb
Bisecting: 26 revisions left to test after this (roughly 5 steps)
[7e30a8477b0bdd13dfd0b24e4f32b26d22b96e6c] bpf: Add bpf_local_storage_free()

testing commit 7e30a8477b0bdd13dfd0b24e4f32b26d22b96e6c gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: c74822fbd201f920698b2455e7d600ffabcf95952c4f22a5f93ce3edbc238645
all runs: OK
# git bisect good 7e30a8477b0bdd13dfd0b24e4f32b26d22b96e6c
Bisecting: 13 revisions left to test after this (roughly 4 steps)
[22df776a9a866713d9decfb92b633bcfdb571954] tasks: Extract rcu_users out of union

testing commit 22df776a9a866713d9decfb92b633bcfdb571954 gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 11ced916bd0351849cb9b01be137e17d4eb3ba8d1ea369f9dabd6ed33b53da48
all runs: OK
# git bisect good 22df776a9a866713d9decfb92b633bcfdb571954
Bisecting: 6 revisions left to test after this (roughly 3 steps)
[f25fd6088216bd257902e5c212177cddcb291218] selftests/bpf: Add various tests to check helper access into ptr_to_btf_id.

testing commit f25fd6088216bd257902e5c212177cddcb291218 gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: c840ec77341ec95448c6da870fcc890242e5d0dda305694424cffc644ddc04d3
all runs: OK
# git bisect good f25fd6088216bd257902e5c212177cddcb291218
Bisecting: 3 revisions left to test after this (roughly 2 steps)
[2c854e5fcd7e243f5a7cf6a6afa0ef83060c903c] net: page_pool, skbuff: make skb_mark_for_recycle() always available

testing commit 2c854e5fcd7e243f5a7cf6a6afa0ef83060c903c gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 395eb2e7640203899c6d80cb5ab725edbbff094ccb100680ebf5a3168f42f626
all runs: OK
# git bisect good 2c854e5fcd7e243f5a7cf6a6afa0ef83060c903c
Bisecting: 1 revision left to test after this (roughly 1 step)
[d4e492338d11937c55841b1279287280d6e35894] xdp: remove unused {__,}xdp_release_frame()

testing commit d4e492338d11937c55841b1279287280d6e35894 gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: fe9fcf79775d2d7553a235cb3bf18a348e07ddb7d8c475be3edb404d3b4aed54
all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in __build_skb_around
# git bisect bad d4e492338d11937c55841b1279287280d6e35894
Bisecting: 0 revisions left to test after this (roughly 0 steps)
[9c94bbf9a87b264294f42e6cc0f76d87854733ec] xdp: recycle Page Pool backed skbs built from XDP frames

testing commit 9c94bbf9a87b264294f42e6cc0f76d87854733ec gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 9cec8e82f8b2b8900feba886a821f776b5f95e1e60e42572fd82f9c4011d0367
all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in __build_skb_around
# git bisect bad 9c94bbf9a87b264294f42e6cc0f76d87854733ec
9c94bbf9a87b264294f42e6cc0f76d87854733ec is the first bad commit
commit 9c94bbf9a87b264294f42e6cc0f76d87854733ec
Author: Alexander Lobakin <aleksander.lobakin@intel.com>
Date:   Mon Mar 13 22:55:52 2023 +0100

    xdp: recycle Page Pool backed skbs built from XDP frames
    
    __xdp_build_skb_from_frame() state(d):
    
    /* Until page_pool get SKB return path, release DMA here */
    
    Page Pool got skb pages recycling in April 2021, but missed this
    function.
    
    xdp_release_frame() is relevant only for Page Pool backed frames and it
    detaches the page from the corresponding page_pool in order to make it
    freeable via page_frag_free(). It can instead just mark the output skb
    as eligible for recycling if the frame is backed by a pp. No change for
    other memory model types (the same condition check as before).
    cpumap redirect and veth on Page Pool drivers now become zero-alloc (or
    almost).
    
    Signed-off-by: Alexander Lobakin <aleksander.lobakin@intel.com>
    Link: https://lore.kernel.org/r/20230313215553.1045175-4-aleksander.lobakin@intel.com
    Signed-off-by: Alexei Starovoitov <ast@kernel.org>

 net/core/xdp.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

culprit signature: 9cec8e82f8b2b8900feba886a821f776b5f95e1e60e42572fd82f9c4011d0367
parent  signature: 395eb2e7640203899c6d80cb5ab725edbbff094ccb100680ebf5a3168f42f626
revisions tested: 15, total time: 5h49m28.872682851s (build: 3h49m21.029181254s, test: 1h57m36.586401852s)
first bad commit: 9c94bbf9a87b264294f42e6cc0f76d87854733ec xdp: recycle Page Pool backed skbs built from XDP frames
recipients (to): ["aleksander.lobakin@intel.com" "ast@kernel.org"]
recipients (cc): []
crash: BUG: unable to handle kernel NULL pointer dereference in __build_skb_around
BUG: kernel NULL pointer dereference, address: 0000000000000d28
#PF: supervisor write access in kernel mode
#PF: error_code(0x0002) - not-present page
PGD 207e7067 P4D 207e7067 PUD 1d995067 PMD 0 
Oops: 0002 [#1] PREEMPT SMP KASAN
CPU: 1 PID: 5623 Comm: syz-executor.0 Not tainted 6.2.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
RIP: 0010:memset_erms+0xd/0x20 arch/x86/lib/memset_64.S:66
Code: 01 48 0f af c6 f3 48 ab 89 d1 f3 aa 4c 89 c8 c3 66 66 2e 0f 1f 84 00 00 00 00 00 66 90 66 0f 1f 00 49 89 f9 40 88 f0 48 89 d1 <f3> aa 4c 89 c8 c3 66 66 2e 0f 1f 84 00 00 00 00 00 66 90 66 0f 1f
RSP: 0018:ffffc90004cff780 EFLAGS: 00010246
RAX: 0000000000000000 RBX: ffff8880295c33c0 RCX: 0000000000000020
RDX: 0000000000000020 RSI: 0000000000000000 RDI: 0000000000000d28
RBP: 0000000000000d48 R08: 0000000000000001 R09: 0000000000000d28
R10: ffffed10052b8693 R11: 0000000000088001 R12: 0000000000000001
R13: 0000000000000d28 R14: 0000000000000100 R15: ffff88807246f094
FS:  00007fdfe93d6700(0000) GS:ffff8880b9b00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000d28 CR3: 00000000172fe000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 __finalize_skb_around net/core/skbuff.c:321 [inline]
 __build_skb_around+0x220/0x320 net/core/skbuff.c:379
 build_skb_around+0x1c/0x1c0 net/core/skbuff.c:444
 __xdp_build_skb_from_frame+0xfc/0x7d0 net/core/xdp.c:637
 xdp_recv_frames net/bpf/test_run.c:248 [inline]
 xdp_test_run_batch net/bpf/test_run.c:334 [inline]
 bpf_test_run_xdp_live+0xf64/0x17a0 net/bpf/test_run.c:362
 bpf_prog_test_run_xdp+0x7ec/0x11e0 net/bpf/test_run.c:1418
 bpf_prog_test_run kernel/bpf/syscall.c:3675 [inline]
 __sys_bpf+0xfc8/0x3d30 kernel/bpf/syscall.c:5028
 __do_sys_bpf kernel/bpf/syscall.c:5114 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5112 [inline]
 __x64_sys_bpf+0x74/0xb0 kernel/bpf/syscall.c:5112
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7fdfe868c0f9
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fdfe93d6168 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007fdfe87abf80 RCX: 00007fdfe868c0f9
RDX: 0000000000000048 RSI: 0000000020000080 RDI: 000000000000000a
RBP: 00007fdfe86e7b39 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fff88eac21f R14: 00007fdfe93d6300 R15: 0000000000022000
 </TASK>
Modules linked in:
CR2: 0000000000000d28
---[ end trace 0000000000000000 ]---
RIP: 0010:memset_erms+0xd/0x20 arch/x86/lib/memset_64.S:66
Code: 01 48 0f af c6 f3 48 ab 89 d1 f3 aa 4c 89 c8 c3 66 66 2e 0f 1f 84 00 00 00 00 00 66 90 66 0f 1f 00 49 89 f9 40 88 f0 48 89 d1 <f3> aa 4c 89 c8 c3 66 66 2e 0f 1f 84 00 00 00 00 00 66 90 66 0f 1f
RSP: 0018:ffffc90004cff780 EFLAGS: 00010246
RAX: 0000000000000000 RBX: ffff8880295c33c0 RCX: 0000000000000020
RDX: 0000000000000020 RSI: 0000000000000000 RDI: 0000000000000d28
RBP: 0000000000000d48 R08: 0000000000000001 R09: 0000000000000d28
R10: ffffed10052b8693 R11: 0000000000088001 R12: 0000000000000001
R13: 0000000000000d28 R14: 0000000000000100 R15: ffff88807246f094
FS:  00007fdfe93d6700(0000) GS:ffff8880b9b00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000d28 CR3: 00000000172fe000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
----------------
Code disassembly (best guess), 1 bytes skipped:
   0:	48 0f af c6          	imul   %rsi,%rax
   4:	f3 48 ab             	rep stos %rax,%es:(%rdi)
   7:	89 d1                	mov    %edx,%ecx
   9:	f3 aa                	rep stos %al,%es:(%rdi)
   b:	4c 89 c8             	mov    %r9,%rax
   e:	c3                   	retq
   f:	66 66 2e 0f 1f 84 00 	data16 nopw %cs:0x0(%rax,%rax,1)
  16:	00 00 00 00
  1a:	66 90                	xchg   %ax,%ax
  1c:	66 0f 1f 00          	nopw   (%rax)
  20:	49 89 f9             	mov    %rdi,%r9
  23:	40 88 f0             	mov    %sil,%al
  26:	48 89 d1             	mov    %rdx,%rcx
* 29:	f3 aa                	rep stos %al,%es:(%rdi) <-- trapping instruction
  2b:	4c 89 c8             	mov    %r9,%rax
  2e:	c3                   	retq
  2f:	66 66 2e 0f 1f 84 00 	data16 nopw %cs:0x0(%rax,%rax,1)
  36:	00 00 00 00
  3a:	66 90                	xchg   %ax,%ax
  3c:	66                   	data16
  3d:	0f                   	.byte 0xf
  3e:	1f                   	(bad)