bisecting fixing commit since 70b971118e074d5042715587953f27929e99117a building syzkaller on 53ce8104a7b0e1c4c79ab17d5faddce6ad16a1f1 testing commit 70b971118e074d5042715587953f27929e99117a with gcc (GCC) 8.4.1 20210217 kernel signature: cbeba9d0c786051b4b278adfa12f70dcc900868052dc41ca5a8286faf23e56ec run #0: crashed: BUG: unable to handle kernel paging request in __bpf_trace_sys_enter run #1: crashed: BUG: unable to handle kernel paging request in __bpf_trace_sys_enter run #2: crashed: BUG: unable to handle kernel paging request in __bpf_trace_sys_enter run #3: crashed: BUG: unable to handle kernel paging request in bpf_trace_run2 run #4: crashed: BUG: unable to handle kernel paging request in __bpf_trace_sys_enter run #5: crashed: BUG: unable to handle kernel paging request in __bpf_trace_sys_enter run #6: crashed: BUG: unable to handle kernel paging request in __bpf_trace_sys_enter run #7: crashed: BUG: unable to handle kernel paging request in bpf_trace_run2 run #8: crashed: BUG: unable to handle kernel paging request in __bpf_trace_sys_enter run #9: crashed: BUG: unable to handle kernel paging request in __bpf_trace_sys_enter run #10: crashed: BUG: unable to handle kernel paging request in __bpf_trace_sys_enter run #11: crashed: BUG: unable to handle kernel paging request in __bpf_trace_sys_enter run #12: crashed: BUG: unable to handle kernel paging request in __bpf_trace_sys_enter run #13: crashed: BUG: unable to handle kernel paging request in __bpf_trace_sys_enter run #14: crashed: BUG: unable to handle kernel paging request in __bpf_trace_sys_enter run #15: crashed: BUG: unable to handle kernel paging request in __bpf_trace_sys_enter run #16: crashed: BUG: unable to handle kernel paging request in __bpf_trace_sys_enter run #17: crashed: BUG: unable to handle kernel paging request in __bpf_trace_sys_enter run #18: crashed: BUG: unable to handle kernel paging request in __bpf_trace_sys_enter run #19: crashed: BUG: unable to handle kernel paging request in __bpf_trace_sys_enter testing current HEAD e27bfefb21f28d5295432f042b5d9d7871100c35 testing commit e27bfefb21f28d5295432f042b5d9d7871100c35 with gcc (GCC) 10.2.1 20210217 kernel signature: dc3d5fd39e0aaa9af6b0f3f12faf6f3c1cc3300253192d825f70b702f256a9cd all runs: OK # git bisect start e27bfefb21f28d5295432f042b5d9d7871100c35 70b971118e074d5042715587953f27929e99117a Bisecting: 24071 revisions left to test after this (roughly 15 steps) [d635a69dd4981cc51f90293f5f64268620ed1565] Merge tag 'net-next-5.11' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next testing commit d635a69dd4981cc51f90293f5f64268620ed1565 with gcc (GCC) 10.2.1 20210217 kernel signature: f44f754aabb2b96d8d246bdbde226efe37604ecae4b3f83afcc949c62239daee run #0: crashed: BUG: unable to handle kernel paging request in corrupted run #1: crashed: BUG: unable to handle kernel paging request in corrupted run #2: crashed: BUG: unable to handle kernel paging request in corrupted run #3: crashed: BUG: unable to handle kernel paging request in corrupted run #4: crashed: BUG: unable to handle kernel paging request in bpf_trace_run2 run #5: crashed: BUG: unable to handle kernel paging request in corrupted run #6: crashed: BUG: unable to handle kernel paging request in bpf_trace_run2 run #7: crashed: BUG: unable to handle kernel paging request in corrupted run #8: crashed: KASAN: vmalloc-out-of-bounds Read in bpf_trace_run2 run #9: crashed: BUG: unable to handle kernel paging request in corrupted # git bisect good d635a69dd4981cc51f90293f5f64268620ed1565 Bisecting: 12007 revisions left to test after this (roughly 14 steps) [56bf6fc266ca14d2b9276c8a62e4ff6783bfe68b] Merge tag 'arm-defconfig-v5.12' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc testing commit 56bf6fc266ca14d2b9276c8a62e4ff6783bfe68b with gcc (GCC) 10.2.1 20210217 kernel signature: 89d02a2279505b3ca4c84250aa6b3a1698789cfcd6f17f87108de07acb9b3b08 run #0: crashed: BUG: unable to handle kernel paging request in corrupted run #1: crashed: BUG: unable to handle kernel paging request in corrupted run #2: crashed: BUG: unable to handle kernel paging request in bpf_trace_run2 run #3: crashed: BUG: unable to handle kernel paging request in bpf_trace_run2 run #4: crashed: BUG: unable to handle kernel paging request in corrupted run #5: crashed: BUG: unable to handle kernel paging request in corrupted run #6: crashed: BUG: unable to handle kernel paging request in bpf_trace_run2 run #7: crashed: BUG: unable to handle kernel paging request in bpf_trace_run2 run #8: crashed: BUG: unable to handle kernel paging request in corrupted run #9: crashed: BUG: unable to handle kernel paging request in corrupted # git bisect good 56bf6fc266ca14d2b9276c8a62e4ff6783bfe68b Bisecting: 5993 revisions left to test after this (roughly 13 steps) [f158bbee9403b7bd2ad22f0c03b7e9762c20ad18] Merge tag 'mfd-next-5.12' of git://git.kernel.org/pub/scm/linux/kernel/git/lee/mfd testing commit f158bbee9403b7bd2ad22f0c03b7e9762c20ad18 with gcc (GCC) 10.2.1 20210217 kernel signature: bf36b9a70302befac196a66e02da8487ab3ccf108e32470127de591cbbfa43ba run #0: crashed: BUG: unable to handle kernel paging request in corrupted run #1: crashed: BUG: unable to handle kernel paging request in bpf_trace_run2 run #2: crashed: KASAN: vmalloc-out-of-bounds Read in bpf_trace_run2 run #3: crashed: BUG: unable to handle kernel paging request in bpf_trace_run2 run #4: crashed: BUG: unable to handle kernel paging request in corrupted run #5: crashed: BUG: unable to handle kernel paging request in bpf_trace_run2 run #6: crashed: BUG: unable to handle kernel paging request in corrupted run #7: crashed: BUG: unable to handle kernel paging request in corrupted run #8: crashed: BUG: unable to handle kernel paging request in corrupted run #9: crashed: BUG: unable to handle kernel paging request in corrupted # git bisect good f158bbee9403b7bd2ad22f0c03b7e9762c20ad18 Bisecting: 2996 revisions left to test after this (roughly 12 steps) [43a219cbe5a46ec3f6a1874bb2cb2fd4de8322cc] kasan: optimize large kmalloc poisoning testing commit 43a219cbe5a46ec3f6a1874bb2cb2fd4de8322cc with gcc (GCC) 10.2.1 20210217 kernel signature: bacf958a15ebcdcda2b2fedff8a02c1dda170fb130fea9ab0ed64308a6dab530 all runs: OK # git bisect bad 43a219cbe5a46ec3f6a1874bb2cb2fd4de8322cc Bisecting: 1587 revisions left to test after this (roughly 11 steps) [6ff6f86bc4d02949b5688d69de1c89c310d62c44] Merge tag 'for-linus' of git://git.armlinux.org.uk/~rmk/linux-arm testing commit 6ff6f86bc4d02949b5688d69de1c89c310d62c44 with gcc (GCC) 10.2.1 20210217 kernel signature: 13bbe716ef5df60d07d4a5f8e9272415c6ade57ee6b2dd076e1e906f8bd1a94a all runs: OK # git bisect bad 6ff6f86bc4d02949b5688d69de1c89c310d62c44 Bisecting: 696 revisions left to test after this (roughly 10 steps) [bdb39c9509e6d31943cb29dbb6ccd1b64013fb98] Merge tag 'scsi-misc' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi testing commit bdb39c9509e6d31943cb29dbb6ccd1b64013fb98 with gcc (GCC) 10.2.1 20210217 kernel signature: 78bc14c3411b3d24ed5dd8ee135dfc971fc9a525547a470ae8a3272cd46cb234 run #0: crashed: BUG: unable to handle kernel paging request in corrupted run #1: crashed: BUG: unable to handle kernel paging request in bpf_trace_run2 run #2: crashed: BUG: unable to handle kernel paging request in corrupted run #3: crashed: BUG: unable to handle kernel paging request in corrupted run #4: crashed: KASAN: vmalloc-out-of-bounds Read in bpf_trace_run2 run #5: crashed: BUG: unable to handle kernel paging request in corrupted run #6: crashed: BUG: unable to handle kernel paging request in bpf_trace_run2 run #7: crashed: BUG: unable to handle kernel paging request in bpf_trace_run2 run #8: crashed: BUG: unable to handle kernel paging request in bpf_trace_run2 run #9: crashed: BUG: unable to handle kernel paging request in corrupted # git bisect good bdb39c9509e6d31943cb29dbb6ccd1b64013fb98 Bisecting: 384 revisions left to test after this (roughly 9 steps) [ae42c3173ba5cbe12fab0dad330e997c4ff9f68a] Merge tag 'for-5.12/block-ipi-2021-02-21' of git://git.kernel.dk/linux-block testing commit ae42c3173ba5cbe12fab0dad330e997c4ff9f68a with gcc (GCC) 10.2.1 20210217 kernel signature: cd4a848cbdcff236e41348c2452e1ca4bde7feedf7b6c678569413827771822a run #0: crashed: BUG: unable to handle kernel paging request in corrupted run #1: crashed: BUG: unable to handle kernel paging request in corrupted run #2: crashed: KASAN: vmalloc-out-of-bounds Read in bpf_trace_run2 run #3: crashed: BUG: unable to handle kernel paging request in bpf_trace_run2 run #4: crashed: BUG: unable to handle kernel paging request in corrupted run #5: crashed: BUG: unable to handle kernel paging request in bpf_trace_run2 run #6: crashed: BUG: unable to handle kernel paging request in corrupted run #7: crashed: BUG: unable to handle kernel paging request in bpf_trace_run2 run #8: crashed: BUG: unable to handle kernel paging request in corrupted run #9: crashed: KASAN: vmalloc-out-of-bounds Read in bpf_trace_run2 # git bisect good ae42c3173ba5cbe12fab0dad330e997c4ff9f68a Bisecting: 215 revisions left to test after this (roughly 8 steps) [7c70f3a7488d2fa62d32849d138bf2b8420fe788] Merge tag 'nfsd-5.12-1' of git://git.kernel.org/pub/scm/linux/kernel/git/cel/linux testing commit 7c70f3a7488d2fa62d32849d138bf2b8420fe788 with gcc (GCC) 10.2.1 20210217 kernel signature: a38766df4a1c08fa73d3e16fcce336896ebf2531bdb9a497e69ee46b10b0a485 run #0: crashed: BUG: unable to handle kernel paging request in bpf_trace_run2 run #1: crashed: BUG: unable to handle kernel paging request in bpf_trace_run2 run #2: crashed: BUG: unable to handle kernel paging request in corrupted run #3: crashed: BUG: unable to handle kernel paging request in corrupted run #4: crashed: BUG: unable to handle kernel paging request in corrupted run #5: crashed: BUG: unable to handle kernel paging request in corrupted run #6: crashed: BUG: unable to handle kernel paging request in bpf_trace_run2 run #7: crashed: BUG: unable to handle kernel paging request in corrupted run #8: crashed: BUG: unable to handle kernel paging request in corrupted run #9: crashed: BUG: unable to handle kernel paging request in bpf_trace_run2 # git bisect good 7c70f3a7488d2fa62d32849d138bf2b8420fe788 Bisecting: 108 revisions left to test after this (roughly 7 steps) [a89dbc9b988f3ba8700df3c58614744de0c5043f] perf arm-spe: Set sample's data source field testing commit a89dbc9b988f3ba8700df3c58614744de0c5043f with gcc (GCC) 10.2.1 20210217 kernel signature: 1153a9ecfebded5f7af8c1eb06dd0f16499d546c26587a2d54c3e2dd1627b7a1 run #0: crashed: BUG: unable to handle kernel paging request in corrupted run #1: crashed: BUG: unable to handle kernel paging request in bpf_trace_run2 run #2: crashed: BUG: unable to handle kernel paging request in corrupted run #3: crashed: BUG: unable to handle kernel paging request in corrupted run #4: crashed: BUG: unable to handle kernel paging request in bpf_trace_run2 run #5: crashed: BUG: unable to handle kernel paging request in bpf_trace_run2 run #6: crashed: BUG: unable to handle kernel paging request in corrupted run #7: crashed: BUG: unable to handle kernel paging request in corrupted run #8: crashed: BUG: unable to handle kernel paging request in corrupted run #9: crashed: BUG: unable to handle kernel paging request in bpf_trace_run2 # git bisect good a89dbc9b988f3ba8700df3c58614744de0c5043f Bisecting: 61 revisions left to test after this (roughly 6 steps) [3a36281a17199737b468befb826d4a23eb774445] Merge tag 'perf-tools-for-v5.12-2020-02-19' of git://git.kernel.org/pub/scm/linux/kernel/git/acme/linux testing commit 3a36281a17199737b468befb826d4a23eb774445 with gcc (GCC) 10.2.1 20210217 kernel signature: a38766df4a1c08fa73d3e16fcce336896ebf2531bdb9a497e69ee46b10b0a485 run #0: crashed: KASAN: vmalloc-out-of-bounds Read in bpf_trace_run2 run #1: crashed: BUG: unable to handle kernel paging request in corrupted run #2: crashed: BUG: unable to handle kernel paging request in corrupted run #3: crashed: BUG: unable to handle kernel paging request in corrupted run #4: crashed: BUG: unable to handle kernel paging request in bpf_trace_run2 run #5: crashed: BUG: unable to handle kernel paging request in bpf_trace_run2 run #6: crashed: BUG: unable to handle kernel paging request in corrupted run #7: crashed: BUG: unable to handle kernel paging request in bpf_trace_run2 run #8: crashed: BUG: unable to handle kernel paging request in corrupted run #9: crashed: BUG: unable to handle kernel paging request in corrupted # git bisect good 3a36281a17199737b468befb826d4a23eb774445 Bisecting: 30 revisions left to test after this (roughly 5 steps) [99e22ce73c59ac2d6d08893af376483ca7d62850] tracing: Make hash-ptr option default testing commit 99e22ce73c59ac2d6d08893af376483ca7d62850 with gcc (GCC) 10.2.1 20210217 kernel signature: 5aca41200bc6367e391cdb098ac256d94a0b041274893a45e35ddfd5af5ef0a2 all runs: OK # git bisect bad 99e22ce73c59ac2d6d08893af376483ca7d62850 Bisecting: 15 revisions left to test after this (roughly 4 steps) [4b9091e1c1948dea3b0b097496f308ede897d665] kernel: trace: preemptirq_delay_test: add cpu affinity testing commit 4b9091e1c1948dea3b0b097496f308ede897d665 with gcc (GCC) 10.2.1 20210217 kernel signature: 4f24d7b83d75df30e1f535ac4b759f0cae6282efc5456475a0ef042333890583 all runs: OK # git bisect bad 4b9091e1c1948dea3b0b097496f308ede897d665 Bisecting: 7 revisions left to test after this (roughly 3 steps) [0c02006e6f5b0a3e73499bbf5943d9174c5ed640] tracing: Inline tracing_gen_ctx_flags() testing commit 0c02006e6f5b0a3e73499bbf5943d9174c5ed640 with gcc (GCC) 10.2.1 20210217 kernel signature: 2989e1a4f0621c49477b6fbb801ed94bd13c5394adf8cfcaae234c252e8644bf run #0: crashed: BUG: unable to handle kernel paging request in bpf_trace_run2 run #1: crashed: BUG: unable to handle kernel paging request in corrupted run #2: crashed: BUG: unable to handle kernel paging request in corrupted run #3: crashed: BUG: unable to handle kernel paging request in corrupted run #4: crashed: BUG: unable to handle kernel paging request in corrupted run #5: crashed: BUG: unable to handle kernel paging request in bpf_trace_run2 run #6: crashed: BUG: unable to handle kernel paging request in corrupted run #7: crashed: BUG: unable to handle kernel paging request in corrupted run #8: crashed: KASAN: vmalloc-out-of-bounds Read in bpf_trace_run2 run #9: crashed: BUG: unable to handle kernel paging request in corrupted # git bisect good 0c02006e6f5b0a3e73499bbf5943d9174c5ed640 Bisecting: 3 revisions left to test after this (roughly 2 steps) [39bcdd6a964b2d80fcec2f70f11896b1db6fb572] tracing: Fix spelling of controlling in uprobes testing commit 39bcdd6a964b2d80fcec2f70f11896b1db6fb572 with gcc (GCC) 10.2.1 20210217 kernel signature: 63c3336ae26d1f1ae995e6e473d3bbcdf51ca7a43e2028ac5dde85ffc6741ce6 run #0: crashed: BUG: unable to handle kernel paging request in corrupted run #1: crashed: BUG: unable to handle kernel paging request in bpf_trace_run2 run #2: crashed: BUG: unable to handle kernel paging request in corrupted run #3: crashed: BUG: unable to handle kernel paging request in corrupted run #4: crashed: BUG: unable to handle kernel paging request in corrupted run #5: crashed: BUG: unable to handle kernel paging request in bpf_trace_run2 run #6: crashed: BUG: unable to handle kernel paging request in bpf_trace_run2 run #7: crashed: KASAN: vmalloc-out-of-bounds Read in bpf_trace_run2 run #8: crashed: BUG: unable to handle kernel paging request in corrupted run #9: crashed: BUG: unable to handle kernel paging request in corrupted # git bisect good 39bcdd6a964b2d80fcec2f70f11896b1db6fb572 Bisecting: 1 revision left to test after this (roughly 1 step) [f2a99ddfd0aaff5f5c53ea1f652b5160ba5ee9b7] tracing: Remove definition of DEBUG in trace_mmiotrace.c testing commit f2a99ddfd0aaff5f5c53ea1f652b5160ba5ee9b7 with gcc (GCC) 10.2.1 20210217 kernel signature: 398d56dde1e1f53f1de18fce5fcf3ce44cdba2d05e55d180112ee95d26b47dcf run #0: crashed: BUG: unable to handle kernel paging request in corrupted run #1: crashed: BUG: unable to handle kernel paging request in corrupted run #2: crashed: BUG: unable to handle kernel paging request in corrupted run #3: crashed: BUG: unable to handle kernel paging request in bpf_trace_run2 run #4: crashed: BUG: unable to handle kernel paging request in bpf_trace_run2 run #5: crashed: BUG: unable to handle kernel paging request in corrupted run #6: crashed: BUG: unable to handle kernel paging request in bpf_trace_run2 run #7: crashed: BUG: unable to handle kernel paging request in corrupted run #8: crashed: BUG: unable to handle kernel paging request in bpf_trace_run2 run #9: crashed: BUG: unable to handle kernel paging request in bpf_trace_run2 # git bisect good f2a99ddfd0aaff5f5c53ea1f652b5160ba5ee9b7 Bisecting: 0 revisions left to test after this (roughly 0 steps) [befe6d946551d65cddbd32b9cb0170b0249fd5ed] tracepoint: Do not fail unregistering a probe due to memory failure testing commit befe6d946551d65cddbd32b9cb0170b0249fd5ed with gcc (GCC) 10.2.1 20210217 kernel signature: 4f24d7b83d75df30e1f535ac4b759f0cae6282efc5456475a0ef042333890583 all runs: OK # git bisect bad befe6d946551d65cddbd32b9cb0170b0249fd5ed befe6d946551d65cddbd32b9cb0170b0249fd5ed is the first bad commit commit befe6d946551d65cddbd32b9cb0170b0249fd5ed Author: Steven Rostedt (VMware) Date: Wed Nov 18 09:34:05 2020 -0500 tracepoint: Do not fail unregistering a probe due to memory failure The list of tracepoint callbacks is managed by an array that is protected by RCU. To update this array, a new array is allocated, the updates are copied over to the new array, and then the list of functions for the tracepoint is switched over to the new array. After a completion of an RCU grace period, the old array is freed. This process happens for both adding a callback as well as removing one. But on removing a callback, if the new array fails to be allocated, the callback is not removed, and may be used after it is freed by the clients of the tracepoint. There's really no reason to fail if the allocation for a new array fails when removing a function. Instead, the function can simply be replaced by a stub function that could be cleaned up on the next modification of the array. That is, instead of calling the function registered to the tracepoint, it would call a stub function in its place. Link: https://lore.kernel.org/r/20201115055256.65625-1-mmullins@mmlx.us Link: https://lore.kernel.org/r/20201116175107.02db396d@gandalf.local.home Link: https://lore.kernel.org/r/20201117211836.54acaef2@oasis.local.home Link: https://lkml.kernel.org/r/20201118093405.7a6d2290@gandalf.local.home [ Note, this version does use undefined compiler behavior (assuming that a stub function with no parameters or return, can be called by a location that thinks it has parameters but still no return value. Static calls do the same thing, so this trick is not without precedent. There's another solution that uses RCU tricks and is more complex, but can be an alternative if this solution becomes an issue. Link: https://lore.kernel.org/lkml/20210127170721.58bce7cc@gandalf.local.home/ ] Cc: Peter Zijlstra Cc: Josh Poimboeuf Cc: Mathieu Desnoyers Cc: Ingo Molnar Cc: Alexei Starovoitov Cc: Daniel Borkmann Cc: Dmitry Vyukov Cc: Martin KaFai Lau Cc: Song Liu Cc: Yonghong Song Cc: Andrii Nakryiko Cc: John Fastabend Cc: KP Singh Cc: netdev Cc: bpf Cc: Kees Cook Cc: Florian Weimer Fixes: 97e1c18e8d17b ("tracing: Kernel Tracepoints") Reported-by: syzbot+83aa762ef23b6f0d1991@syzkaller.appspotmail.com Reported-by: syzbot+d29e58bb557324e55e5e@syzkaller.appspotmail.com Reported-by: Matt Mullins Signed-off-by: Steven Rostedt (VMware) Tested-by: Matt Mullins kernel/tracepoint.c | 80 ++++++++++++++++++++++++++++++++++++++++++----------- 1 file changed, 64 insertions(+), 16 deletions(-) culprit signature: 4f24d7b83d75df30e1f535ac4b759f0cae6282efc5456475a0ef042333890583 parent signature: 398d56dde1e1f53f1de18fce5fcf3ce44cdba2d05e55d180112ee95d26b47dcf revisions tested: 18, total time: 4h0m57.19735996s (build: 1h58m41.825936069s, test: 1h59m30.436485907s) first good commit: befe6d946551d65cddbd32b9cb0170b0249fd5ed tracepoint: Do not fail unregistering a probe due to memory failure recipients (to): ["linux-kernel@vger.kernel.org" "mmullins@mmlx.us" "rostedt@goodmis.org"] recipients (cc): ["andrii@kernel.org" "ast@kernel.org" "bpf@vger.kernel.org" "daniel@iogearbox.net" "john.fastabend@gmail.com" "kafai@fb.com" "kpsingh@kernel.org" "mathieu.desnoyers@efficios.com" "mingo@kernel.org" "netdev@vger.kernel.org" "peterz@infradead.org" "rostedt@goodmis.org" "songliubraving@fb.com" "yhs@fb.com"]