bisecting cause commit starting from 7d68e38288421ebd6d62f695f91f6c8bde8a323a building syzkaller on d4f4eca56fbea6f58a4d5adfd19cb5e0dc32fe46 testing commit 7d68e38288421ebd6d62f695f91f6c8bde8a323a with gcc (GCC) 8.1.0 kernel signature: 2b934fca9067d396721bdbda2052f011738a08970a056183cfeb34e142e23048 run #0: crashed: BUG: unable to handle kernel paging request in bpf_trace_run7 run #1: crashed: BUG: unable to handle kernel paging request in bpf_trace_run7 run #2: crashed: BUG: unable to handle kernel NULL pointer dereference in bpf_trace_run7 run #3: crashed: BUG: unable to handle kernel paging request in __traceiter_percpu_alloc_percpu run #4: crashed: BUG: unable to handle kernel paging request in bpf_trace_run7 run #5: crashed: BUG: unable to handle kernel paging request in __traceiter_percpu_alloc_percpu run #6: crashed: BUG: unable to handle kernel paging request in __traceiter_percpu_alloc_percpu run #7: crashed: BUG: unable to handle kernel paging request in bpf_trace_run7 run #8: crashed: BUG: unable to handle kernel paging request in __traceiter_percpu_alloc_percpu run #9: crashed: BUG: unable to handle kernel paging request in __traceiter_percpu_alloc_percpu testing release v5.10 testing commit 2c85ebc57b3e1817b6ce1a6b703928e113a90442 with gcc (GCC) 8.1.0 kernel signature: 395a614079c9030036488f72c030c4708fae86b9aba956ca15d15003efd3a593 run #0: crashed: BUG: unable to handle kernel paging request in __traceiter_percpu_alloc_percpu run #1: crashed: BUG: unable to handle kernel paging request in bpf_trace_run7 run #2: crashed: BUG: unable to handle kernel paging request in bpf_trace_run7 run #3: crashed: BUG: unable to handle kernel paging request in bpf_trace_run7 run #4: crashed: BUG: unable to handle kernel paging request in bpf_trace_run7 run #5: crashed: BUG: unable to handle kernel paging request in __traceiter_percpu_alloc_percpu run #6: crashed: BUG: unable to handle kernel paging request in bpf_trace_run7 run #7: crashed: BUG: unable to handle kernel paging request in bpf_trace_run7 run #8: crashed: BUG: unable to handle kernel paging request in __traceiter_percpu_alloc_percpu run #9: crashed: BUG: unable to handle kernel paging request in __traceiter_percpu_alloc_percpu testing release v5.9 testing commit bbf5c979011a099af5dc76498918ed7df445635b with gcc (GCC) 8.1.0 kernel signature: 267e4e72ea6151d6ca484a7d3cc70be89ff7365b860f2a296ca76a677664b0bf run #0: crashed: BUG: unable to handle kernel paging request in bpf_trace_run7 run #1: crashed: BUG: unable to handle kernel paging request in bpf_trace_run7 run #2: crashed: BUG: unable to handle kernel paging request in bpf_trace_run7 run #3: crashed: BUG: unable to handle kernel paging request in bpf_trace_run7 run #4: crashed: BUG: unable to handle kernel NULL pointer dereference in bpf_trace_run7 run #5: crashed: BUG: unable to handle kernel paging request in pcpu_alloc run #6: crashed: BUG: unable to handle kernel NULL pointer dereference in bpf_trace_run7 run #7: crashed: BUG: unable to handle kernel paging request in bpf_trace_run7 run #8: crashed: BUG: unable to handle kernel paging request in bpf_trace_run7 run #9: crashed: BUG: unable to handle kernel paging request in bpf_trace_run7 testing release v5.8 testing commit bcf876870b95592b52519ed4aafcf9d95999bc9c with gcc (GCC) 8.1.0 kernel signature: e1b748eb2406e6b7622d3ac2ddd4d5444e7de9e64fd85ab34f83bf371b1755d5 run #0: crashed: BUG: unable to handle kernel paging request in bpf_trace_run7 run #1: crashed: BUG: unable to handle kernel paging request in bpf_trace_run7 run #2: crashed: BUG: unable to handle kernel paging request in bpf_trace_run7 run #3: crashed: BUG: unable to handle kernel paging request in pcpu_alloc run #4: crashed: BUG: unable to handle kernel paging request in bpf_trace_run7 run #5: crashed: BUG: unable to handle kernel paging request in bpf_trace_run7 run #6: crashed: BUG: unable to handle kernel paging request in bpf_trace_run7 run #7: crashed: BUG: unable to handle kernel paging request in pcpu_alloc run #8: crashed: BUG: unable to handle kernel paging request in bpf_trace_run7 run #9: boot failed: can't ssh into the instance testing release v5.7 testing commit 3d77e6a8804abcc0504c904bd6e5cdf3a5cf8162 with gcc (GCC) 8.1.0 kernel signature: 47862bb6707373f5ffcdd61ba6af4294f0c423a6cb2ee4daa5590631048de304 run #0: crashed: KASAN: vmalloc-out-of-bounds Read in bpf_trace_run7 run #1: crashed: KASAN: vmalloc-out-of-bounds Read in bpf_trace_run7 run #2: crashed: KASAN: vmalloc-out-of-bounds Read in bpf_trace_run7 run #3: crashed: BUG: unable to handle kernel paging request in pcpu_alloc run #4: crashed: KASAN: vmalloc-out-of-bounds Read in bpf_trace_run7 run #5: crashed: KASAN: vmalloc-out-of-bounds Read in bpf_trace_run7 run #6: crashed: KASAN: vmalloc-out-of-bounds Read in bpf_trace_run7 run #7: crashed: KASAN: vmalloc-out-of-bounds Read in bpf_trace_run7 run #8: crashed: KASAN: vmalloc-out-of-bounds Read in bpf_trace_run7 run #9: crashed: KASAN: vmalloc-out-of-bounds Read in bpf_trace_run7 testing release v5.6 testing commit 7111951b8d4973bda27ff663f2cf18b663d15b48 with gcc (GCC) 8.1.0 kernel signature: 61d2f47e590b5f5b9af99913aeee4a183890a5a3a42d33ead5af338d6fce77b0 run #0: crashed: KASAN: vmalloc-out-of-bounds Read in bpf_trace_run7 run #1: crashed: KASAN: vmalloc-out-of-bounds Read in bpf_trace_run7 run #2: crashed: KASAN: vmalloc-out-of-bounds Read in bpf_trace_run7 run #3: crashed: KASAN: vmalloc-out-of-bounds Read in bpf_trace_run7 run #4: crashed: KASAN: vmalloc-out-of-bounds Read in bpf_trace_run7 run #5: crashed: BUG: unable to handle kernel paging request in pcpu_alloc run #6: crashed: KASAN: vmalloc-out-of-bounds Read in bpf_trace_run7 run #7: crashed: KASAN: vmalloc-out-of-bounds Read in bpf_trace_run7 run #8: crashed: KASAN: vmalloc-out-of-bounds Read in bpf_trace_run7 run #9: crashed: BUG: unable to handle kernel paging request in bpf_trace_run7 testing release v5.5 testing commit d5226fa6dbae0569ee43ecfc08bdcd6770fc4755 with gcc (GCC) 8.1.0 kernel signature: c02e30c85a426c1e8f9c3abeaf54f05a4c728b21f645f4db12a4be37adab4f4f run #0: crashed: BUG: unable to handle kernel paging request in pcpu_alloc run #1: crashed: KASAN: vmalloc-out-of-bounds Read in bpf_trace_run7 run #2: crashed: BUG: unable to handle kernel paging request in pcpu_alloc run #3: crashed: BUG: unable to handle kernel paging request in pcpu_alloc run #4: crashed: KASAN: vmalloc-out-of-bounds Read in bpf_trace_run7 run #5: crashed: BUG: unable to handle kernel paging request in pcpu_alloc run #6: crashed: KASAN: vmalloc-out-of-bounds Read in bpf_trace_run7 run #7: crashed: KASAN: vmalloc-out-of-bounds Read in bpf_trace_run7 run #8: crashed: KASAN: vmalloc-out-of-bounds Read in bpf_trace_run7 run #9: crashed: KASAN: vmalloc-out-of-bounds Read in bpf_trace_run7 testing release v5.4 testing commit 219d54332a09e8d8741c1e1982f5eae56099de85 with gcc (GCC) 8.1.0 kernel signature: 418d776f3a3a1cc9254eb5d6ca3b32cfdd18be0b9d67b015b468405fb2daecff run #0: crashed: BUG: unable to handle kernel paging request in bpf_trace_run7 run #1: crashed: BUG: unable to handle kernel paging request in bpf_trace_run7 run #2: crashed: BUG: unable to handle kernel NULL pointer dereference in bpf_trace_run7 run #3: crashed: BUG: unable to handle kernel paging request in bpf_trace_run7 run #4: crashed: BUG: unable to handle kernel paging request in bpf_trace_run7 run #5: crashed: BUG: unable to handle kernel paging request in bpf_trace_run7 run #6: crashed: BUG: unable to handle kernel paging request in pcpu_alloc run #7: crashed: BUG: unable to handle kernel paging request in bpf_trace_run7 run #8: crashed: BUG: unable to handle kernel paging request in bpf_trace_run7 run #9: crashed: BUG: unable to handle kernel paging request in pcpu_alloc testing release v5.3 testing commit 4d856f72c10ecb060868ed10ff1b1453943fc6c8 with gcc (GCC) 8.1.0 kernel signature: e249628c1ee34f77f2aa319be282abb58f3d9140778e2d153979f2cd76c9b777 run #0: crashed: BUG: unable to handle kernel paging request in bpf_trace_run7 run #1: crashed: BUG: unable to handle kernel paging request in bpf_trace_run7 run #2: crashed: BUG: unable to handle kernel NULL pointer dereference in bpf_trace_run7 run #3: crashed: BUG: unable to handle kernel paging request in bpf_trace_run7 run #4: crashed: BUG: unable to handle kernel paging request in bpf_trace_run7 run #5: crashed: BUG: unable to handle kernel paging request in bpf_trace_run7 run #6: crashed: BUG: unable to handle kernel NULL pointer dereference in bpf_trace_run7 run #7: crashed: BUG: unable to handle kernel paging request in __bpf_trace_percpu_alloc_percpu run #8: crashed: BUG: unable to handle kernel paging request in bpf_trace_run7 run #9: crashed: BUG: unable to handle kernel paging request in __bpf_trace_percpu_alloc_percpu testing release v5.2 testing commit 0ecfebd2b52404ae0c54a878c872bb93363ada36 with gcc (GCC) 8.1.0 kernel signature: a6a68d9583d3a8125b02c95fc9622169e78400904b09f46799b9f3c98b341f31 all runs: OK # git bisect start 4d856f72c10ecb060868ed10ff1b1453943fc6c8 0ecfebd2b52404ae0c54a878c872bb93363ada36 Bisecting: 7848 revisions left to test after this (roughly 13 steps) [43c95d3694cc448fdf50bd53b7ff3a5bb4655883] Merge tag 'pinctrl-v5.3-1' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl testing commit 43c95d3694cc448fdf50bd53b7ff3a5bb4655883 with gcc (GCC) 8.1.0 kernel signature: 726b3466d490903b8afcb19f34cdf5ad2dbaedcb06f381026b9f861c400e59c1 run #0: crashed: BUG: unable to handle kernel paging request in bpf_trace_run7 run #1: crashed: BUG: unable to handle kernel NULL pointer dereference in bpf_trace_run7 run #2: crashed: BUG: unable to handle kernel NULL pointer dereference in bpf_trace_run7 run #3: crashed: BUG: unable to handle kernel paging request in bpf_trace_run7 run #4: crashed: BUG: unable to handle kernel NULL pointer dereference in bpf_trace_run7 run #5: crashed: BUG: unable to handle kernel paging request in bpf_trace_run7 run #6: crashed: BUG: unable to handle kernel NULL pointer dereference in bpf_trace_run7 run #7: crashed: BUG: unable to handle kernel paging request in bpf_trace_run7 run #8: crashed: BUG: unable to handle kernel paging request in bpf_trace_run7 run #9: crashed: BUG: unable to handle kernel NULL pointer dereference in bpf_trace_run7 # git bisect bad 43c95d3694cc448fdf50bd53b7ff3a5bb4655883 Bisecting: 4619 revisions left to test after this (roughly 12 steps) [8f6ccf6159aed1f04c6d179f61f6fb2691261e84] Merge tag 'clone3-v5.3' of git://git.kernel.org/pub/scm/linux/kernel/git/brauner/linux testing commit 8f6ccf6159aed1f04c6d179f61f6fb2691261e84 with gcc (GCC) 8.1.0 kernel signature: 9707ba4c5d374367ea4c71ffac7dbc204d7e3c32d7129b7036f2b12d46a0e7ec all runs: OK # git bisect good 8f6ccf6159aed1f04c6d179f61f6fb2691261e84 Bisecting: 2306 revisions left to test after this (roughly 11 steps) [753c8d9b7d81206bb5d011b28abe829d364b028e] Merge branch 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip testing commit 753c8d9b7d81206bb5d011b28abe829d364b028e with gcc (GCC) 8.1.0 kernel signature: 880fe4c8f2119be219c02acc51be0d136904eaa02fb1ec49b0b8898d0d52e7c9 run #0: crashed: BUG: unable to handle kernel paging request in bpf_trace_run7 run #1: crashed: BUG: unable to handle kernel paging request in __bpf_trace_percpu_alloc_percpu run #2: crashed: BUG: unable to handle kernel paging request in bpf_trace_run7 run #3: crashed: BUG: unable to handle kernel paging request in bpf_trace_run7 run #4: crashed: BUG: unable to handle kernel NULL pointer dereference in bpf_trace_run7 run #5: crashed: BUG: unable to handle kernel paging request in __bpf_trace_percpu_alloc_percpu run #6: crashed: BUG: unable to handle kernel NULL pointer dereference in bpf_trace_run7 run #7: crashed: BUG: unable to handle kernel NULL pointer dereference in bpf_trace_run7 run #8: crashed: BUG: unable to handle kernel paging request in bpf_trace_run7 run #9: crashed: BUG: unable to handle kernel NULL pointer dereference in bpf_trace_run7 # git bisect bad 753c8d9b7d81206bb5d011b28abe829d364b028e Bisecting: 1156 revisions left to test after this (roughly 10 steps) [2f9b0d93a9d3ec64558537ab5d7cff820886afa4] net: ethernet: ti: cpsw: Fix suspend/resume break testing commit 2f9b0d93a9d3ec64558537ab5d7cff820886afa4 with gcc (GCC) 8.1.0 kernel signature: 7ae6542b3cd908eb8dfa1e83816502eb2ac09cfd112a0be5e718df337555651b run #0: crashed: BUG: unable to handle kernel NULL pointer dereference in bpf_trace_run7 run #1: crashed: BUG: unable to handle kernel paging request in bpf_trace_run7 run #2: crashed: BUG: unable to handle kernel paging request in bpf_trace_run7 run #3: crashed: BUG: unable to handle kernel paging request in bpf_trace_run7 run #4: crashed: BUG: unable to handle kernel paging request in bpf_trace_run7 run #5: crashed: BUG: unable to handle kernel paging request in bpf_trace_run7 run #6: crashed: BUG: unable to handle kernel NULL pointer dereference in bpf_trace_run7 run #7: crashed: BUG: unable to handle kernel paging request in bpf_trace_run7 run #8: crashed: BUG: unable to handle kernel NULL pointer dereference in bpf_trace_run7 run #9: crashed: BUG: unable to handle kernel paging request in bpf_trace_run7 # git bisect bad 2f9b0d93a9d3ec64558537ab5d7cff820886afa4 Bisecting: 577 revisions left to test after this (roughly 9 steps) [d28d66e5a92de81199d21b696df707068361a4e7] net: ethernet: mediatek: fix mtk_eth_soc build errors & warnings testing commit d28d66e5a92de81199d21b696df707068361a4e7 with gcc (GCC) 8.1.0 kernel signature: 54eb02b856237c7598acd44ad006eb4b1c59474d2f252c04635f6bef7aa082ef run #0: crashed: BUG: unable to handle kernel NULL pointer dereference in bpf_trace_run7 run #1: crashed: BUG: unable to handle kernel NULL pointer dereference in bpf_trace_run7 run #2: crashed: BUG: unable to handle kernel paging request in bpf_trace_run7 run #3: crashed: BUG: unable to handle kernel paging request in bpf_trace_run7 run #4: crashed: BUG: unable to handle kernel paging request in __bpf_trace_percpu_alloc_percpu run #5: crashed: BUG: unable to handle kernel paging request in bpf_trace_run7 run #6: crashed: BUG: unable to handle kernel NULL pointer dereference in bpf_trace_run7 run #7: crashed: BUG: unable to handle kernel NULL pointer dereference in bpf_trace_run7 run #8: crashed: BUG: unable to handle kernel paging request in __bpf_trace_percpu_alloc_percpu run #9: crashed: BUG: unable to handle kernel paging request in bpf_trace_run7 # git bisect bad d28d66e5a92de81199d21b696df707068361a4e7 Bisecting: 281 revisions left to test after this (roughly 8 steps) [7b3ed2a137b077bc0967352088b0adb6049eed20] Merge branch '100GbE' of git://git.kernel.org/pub/scm/linux/kernel/git/jkirsher/next-queue testing commit 7b3ed2a137b077bc0967352088b0adb6049eed20 with gcc (GCC) 8.1.0 ./include/linux/netfilter_ipv6.h:110:9: error: implicit declaration of function 'nf_ct_frag6_gather'; did you mean 'nf_ct_attach'? [-Werror=implicit-function-declaration] # git bisect skip 7b3ed2a137b077bc0967352088b0adb6049eed20 Bisecting: 281 revisions left to test after this (roughly 8 steps) [f87845cf0f892d8f4b5aaa9117b2cb0a2f255666] net: stmmac: dwmac-meson: update with SPDX Licence identifier testing commit f87845cf0f892d8f4b5aaa9117b2cb0a2f255666 with gcc (GCC) 8.1.0 kernel signature: 6360914750821db1d220a7c81aaac846eea6d8f02bc1f77f9d1b1186f28ab1af all runs: OK # git bisect good f87845cf0f892d8f4b5aaa9117b2cb0a2f255666 Bisecting: 257 revisions left to test after this (roughly 8 steps) [33aae28285b73e013f7f697a61f569c5b48c6650] Merge branch '40GbE' of git://git.kernel.org/pub/scm/linux/kernel/git/jkirsher/next-queue testing commit 33aae28285b73e013f7f697a61f569c5b48c6650 with gcc (GCC) 8.1.0 kernel signature: e213a373b60e4b599db3222640f21477ee38f09883e95aca82ff2e135848f3b6 all runs: OK # git bisect good 33aae28285b73e013f7f697a61f569c5b48c6650 Bisecting: 128 revisions left to test after this (roughly 7 steps) [db4bad07371b53dbce34e8ae54d4aa93096841d6] net: ethernet: improve eth_platform_get_mac_address testing commit db4bad07371b53dbce34e8ae54d4aa93096841d6 with gcc (GCC) 8.1.0 kernel signature: 2c04172697ed9f99d5bbbaa36ab93fc2511595afbedd02d576471483854dd010 run #0: crashed: BUG: unable to handle kernel paging request in bpf_trace_run7 run #1: crashed: BUG: unable to handle kernel NULL pointer dereference in bpf_trace_run7 run #2: crashed: BUG: unable to handle kernel paging request in bpf_trace_run7 run #3: crashed: BUG: unable to handle kernel paging request in bpf_trace_run7 run #4: crashed: BUG: unable to handle kernel paging request in bpf_trace_run7 run #5: crashed: BUG: unable to handle kernel paging request in __bpf_trace_percpu_alloc_percpu run #6: crashed: BUG: unable to handle kernel paging request in bpf_trace_run7 run #7: crashed: BUG: unable to handle kernel paging request in bpf_trace_run7 run #8: crashed: BUG: unable to handle kernel NULL pointer dereference in bpf_trace_run7 run #9: crashed: BUG: unable to handle kernel paging request in bpf_trace_run7 # git bisect bad db4bad07371b53dbce34e8ae54d4aa93096841d6 Bisecting: 63 revisions left to test after this (roughly 6 steps) [02205d2ed6fe26a8f4fd9e9cec251d1dc7f79316] bpf: media: properly use bpf_prog_array api testing commit 02205d2ed6fe26a8f4fd9e9cec251d1dc7f79316 with gcc (GCC) 8.1.0 kernel signature: 3a883eaa36d0588f404ea910db58d5804d8e68f292f995fcbe868f80ece3f99d run #0: crashed: BUG: unable to handle kernel NULL pointer dereference in bpf_trace_run7 run #1: crashed: BUG: unable to handle kernel paging request in bpf_trace_run7 run #2: crashed: BUG: unable to handle kernel paging request in bpf_trace_run7 run #3: crashed: BUG: unable to handle kernel NULL pointer dereference in bpf_trace_run7 run #4: crashed: BUG: unable to handle kernel NULL pointer dereference in bpf_trace_run7 run #5: crashed: BUG: unable to handle kernel paging request in bpf_trace_run7 run #6: crashed: BUG: unable to handle kernel paging request in bpf_trace_run7 run #7: crashed: BUG: unable to handle kernel paging request in bpf_trace_run7 run #8: crashed: BUG: unable to handle kernel NULL pointer dereference in bpf_trace_run7 run #9: crashed: BUG: unable to handle kernel paging request in bpf_trace_run7 # git bisect bad 02205d2ed6fe26a8f4fd9e9cec251d1dc7f79316 Bisecting: 32 revisions left to test after this (roughly 5 steps) [a4b1d3c1ddf6cb441187b6c130a473c16a05a356] bpf: verifier: insert zero extension according to analysis result testing commit a4b1d3c1ddf6cb441187b6c130a473c16a05a356 with gcc (GCC) 8.1.0 kernel signature: a017ccabd87ca419d152a9723b64d8e4fede0ac65ba3e3429206534bf8dbafb7 run #0: crashed: BUG: unable to handle kernel NULL pointer dereference in bpf_trace_run7 run #1: crashed: BUG: unable to handle kernel paging request in bpf_trace_run7 run #2: crashed: BUG: unable to handle kernel paging request in __bpf_trace_percpu_alloc_percpu run #3: crashed: BUG: unable to handle kernel paging request in __bpf_trace_percpu_alloc_percpu run #4: crashed: BUG: unable to handle kernel paging request in bpf_trace_run7 run #5: crashed: BUG: unable to handle kernel paging request in __bpf_trace_percpu_alloc_percpu run #6: crashed: BUG: unable to handle kernel paging request in bpf_trace_run7 run #7: crashed: BUG: unable to handle kernel paging request in __bpf_trace_percpu_alloc_percpu run #8: crashed: BUG: unable to handle kernel paging request in __bpf_trace_percpu_alloc_percpu run #9: crashed: BUG: unable to handle kernel NULL pointer dereference in bpf_trace_run7 # git bisect bad a4b1d3c1ddf6cb441187b6c130a473c16a05a356 Bisecting: 15 revisions left to test after this (roughly 4 steps) [e3b924224028c6fc31545e3812eecbe2ddbf35f6] libbpf: add resizable non-thread safe internal hashmap testing commit e3b924224028c6fc31545e3812eecbe2ddbf35f6 with gcc (GCC) 8.1.0 kernel signature: 292addb5e4131b6a1be6fdfd909e7bb31e900e6a514fc19d50d41cf9454180f5 all runs: OK # git bisect good e3b924224028c6fc31545e3812eecbe2ddbf35f6 Bisecting: 7 revisions left to test after this (roughly 3 steps) [5420f3207759cd618a7b8a04a4eb5fc1c12b35cb] Merge branch 'btf2c-converter' testing commit 5420f3207759cd618a7b8a04a4eb5fc1c12b35cb with gcc (GCC) 8.1.0 kernel signature: 292addb5e4131b6a1be6fdfd909e7bb31e900e6a514fc19d50d41cf9454180f5 all runs: OK # git bisect good 5420f3207759cd618a7b8a04a4eb5fc1c12b35cb Bisecting: 3 revisions left to test after this (roughly 2 steps) [a08acd118d5ca7f6e745ef81cfc6cbadacb56462] Merge branch 'bpf-send-sig' testing commit a08acd118d5ca7f6e745ef81cfc6cbadacb56462 with gcc (GCC) 8.1.0 kernel signature: eb299a451d7ff8646deb880049bbb3093e4cd5914a3a6d0cd494a4987614f401 run #0: crashed: BUG: unable to handle kernel NULL pointer dereference in __bpf_trace_percpu_alloc_percpu run #1: crashed: BUG: unable to handle kernel paging request in bpf_trace_run7 run #2: crashed: BUG: unable to handle kernel paging request in bpf_trace_run7 run #3: crashed: BUG: unable to handle kernel NULL pointer dereference in bpf_trace_run7 run #4: crashed: BUG: unable to handle kernel paging request in bpf_trace_run7 run #5: crashed: BUG: unable to handle kernel paging request in __bpf_trace_percpu_alloc_percpu run #6: crashed: BUG: unable to handle kernel NULL pointer dereference in bpf_trace_run7 run #7: crashed: BUG: unable to handle kernel paging request in bpf_trace_run7 run #8: crashed: BUG: unable to handle kernel paging request in __bpf_trace_percpu_alloc_percpu run #9: crashed: BUG: unable to handle kernel paging request in __bpf_trace_percpu_alloc_percpu # git bisect bad a08acd118d5ca7f6e745ef81cfc6cbadacb56462 Bisecting: 1 revision left to test after this (roughly 1 step) [edaccf8985305967c22903a78283c8c837ea48dd] tools/bpf: sync bpf uapi header bpf.h to tools directory testing commit edaccf8985305967c22903a78283c8c837ea48dd with gcc (GCC) 8.1.0 kernel signature: eb299a451d7ff8646deb880049bbb3093e4cd5914a3a6d0cd494a4987614f401 run #0: crashed: BUG: unable to handle kernel paging request in __bpf_trace_percpu_alloc_percpu run #1: crashed: BUG: unable to handle kernel paging request in __bpf_trace_percpu_alloc_percpu run #2: crashed: BUG: unable to handle kernel paging request in __bpf_trace_percpu_alloc_percpu run #3: crashed: BUG: unable to handle kernel paging request in bpf_trace_run7 run #4: crashed: BUG: unable to handle kernel NULL pointer dereference in bpf_trace_run7 run #5: crashed: BUG: unable to handle kernel NULL pointer dereference in bpf_trace_run7 run #6: crashed: BUG: unable to handle kernel paging request in bpf_trace_run7 run #7: crashed: BUG: unable to handle kernel paging request in __bpf_trace_percpu_alloc_percpu run #8: crashed: BUG: unable to handle kernel NULL pointer dereference in bpf_trace_run7 run #9: crashed: BUG: unable to handle kernel paging request in bpf_trace_run7 # git bisect bad edaccf8985305967c22903a78283c8c837ea48dd Bisecting: 0 revisions left to test after this (roughly 0 steps) [8b401f9ed2441ad9e219953927a842d24ed051fc] bpf: implement bpf_send_signal() helper testing commit 8b401f9ed2441ad9e219953927a842d24ed051fc with gcc (GCC) 8.1.0 kernel signature: eb299a451d7ff8646deb880049bbb3093e4cd5914a3a6d0cd494a4987614f401 run #0: crashed: BUG: unable to handle kernel paging request in bpf_trace_run7 run #1: crashed: BUG: unable to handle kernel NULL pointer dereference in bpf_trace_run7 run #2: crashed: BUG: unable to handle kernel paging request in bpf_trace_run7 run #3: crashed: BUG: unable to handle kernel paging request in bpf_trace_run7 run #4: crashed: BUG: unable to handle kernel paging request in __bpf_trace_percpu_alloc_percpu run #5: crashed: BUG: unable to handle kernel paging request in bpf_trace_run7 run #6: crashed: BUG: unable to handle kernel paging request in bpf_trace_run7 run #7: crashed: BUG: unable to handle kernel paging request in __bpf_trace_percpu_alloc_percpu run #8: crashed: BUG: unable to handle kernel paging request in bpf_trace_run7 run #9: crashed: BUG: unable to handle kernel paging request in bpf_trace_run7 # git bisect bad 8b401f9ed2441ad9e219953927a842d24ed051fc 8b401f9ed2441ad9e219953927a842d24ed051fc is the first bad commit commit 8b401f9ed2441ad9e219953927a842d24ed051fc Author: Yonghong Song Date: Thu May 23 14:47:45 2019 -0700 bpf: implement bpf_send_signal() helper This patch tries to solve the following specific use case. Currently, bpf program can already collect stack traces through kernel function get_perf_callchain() when certain events happens (e.g., cache miss counter or cpu clock counter overflows). But such stack traces are not enough for jitted programs, e.g., hhvm (jited php). To get real stack trace, jit engine internal data structures need to be traversed in order to get the real user functions. bpf program itself may not be the best place to traverse the jit engine as the traversing logic could be complex and it is not a stable interface either. Instead, hhvm implements a signal handler, e.g. for SIGALARM, and a set of program locations which it can dump stack traces. When it receives a signal, it will dump the stack in next such program location. Such a mechanism can be implemented in the following way: . a perf ring buffer is created between bpf program and tracing app. . once a particular event happens, bpf program writes to the ring buffer and the tracing app gets notified. . the tracing app sends a signal SIGALARM to the hhvm. But this method could have large delays and causing profiling results skewed. This patch implements bpf_send_signal() helper to send a signal to hhvm in real time, resulting in intended stack traces. Acked-by: Andrii Nakryiko Signed-off-by: Yonghong Song Signed-off-by: Daniel Borkmann include/uapi/linux/bpf.h | 17 +++++++++++- kernel/trace/bpf_trace.c | 72 ++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 88 insertions(+), 1 deletion(-) culprit signature: eb299a451d7ff8646deb880049bbb3093e4cd5914a3a6d0cd494a4987614f401 parent signature: 292addb5e4131b6a1be6fdfd909e7bb31e900e6a514fc19d50d41cf9454180f5 revisions tested: 25, total time: 4h31m43.984481187s (build: 2h19m6.64140725s, test: 2h9m46.910466298s) first bad commit: 8b401f9ed2441ad9e219953927a842d24ed051fc bpf: implement bpf_send_signal() helper recipients (to): ["andriin@fb.com" "daniel@iogearbox.net" "yhs@fb.com"] recipients (cc): [] crash: BUG: unable to handle kernel paging request in bpf_trace_run7 ieee80211 phy13: Selected rate control algorithm 'minstrel_ht' BUG: unable to handle page fault for address: ffffc90001a3d030 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD b5ce9067 P4D b5ce9067 PUD 23b803067 PMD afadb067 PTE 0 Oops: 0000 [#1] PREEMPT SMP KASAN CPU: 1 PID: 9140 Comm: syz-executor.4 Not tainted 5.2.0-rc1-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:__bpf_trace_run kernel/trace/bpf_trace.c:1234 [inline] RIP: 0010:bpf_trace_run7+0x119/0x390 kernel/trace/bpf_trace.c:1277 Code: 00 49 8d 7c 24 30 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 0a 02 00 00 49 8d 74 24 38 49 8d 7e a0 <41> ff 54 24 30 bf 01 00 00 00 e8 f8 8f d8 ff 65 8b 05 d9 35 9b 7e RSP: 0018:ffff8880aae6f0b8 EFLAGS: 00010246 RAX: dffffc0000000000 RBX: 1ffff110155cde18 RCX: 0000000000000000 RDX: 1ffff92000347a06 RSI: ffffc90001a3d038 RDI: ffff8880aae6f0e0 RBP: ffff8880aae6f160 R08: ffffed1017466988 R09: ffffed1017466987 R10: ffffed1017466987 R11: ffff8880ba334c3b R12: ffffc90001a3d000 R13: ffffe8ffffc00000 R14: ffff8880aae6f140 R15: 0000000000000000 FS: 0000555555bf0940(0000) GS:ffff8880ba300000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: ffffc90001a3d030 CR3: 00000000b3ab5000 CR4: 00000000001406e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: __bpf_trace_percpu_alloc_percpu+0x17/0x20 include/trace/events/percpu.h:10 trace_percpu_alloc_percpu include/trace/events/percpu.h:10 [inline] pcpu_alloc+0x7d7/0xe60 mm/percpu.c:1740 __alloc_percpu+0x10/0x20 mm/percpu.c:1797 alloc_netdev_mqs+0xbf/0xc00 net/core/dev.c:9161 ieee80211_if_add+0xc40/0x1820 net/mac80211/iface.c:1774 ieee80211_register_hw+0x2cf3/0x3e80 net/mac80211/main.c:1264 mac80211_hwsim_new_radio+0x1c84/0x3d60 drivers/net/wireless/mac80211_hwsim.c:2942 hwsim_new_radio_nl+0x77d/0xef0 drivers/net/wireless/mac80211_hwsim.c:3490 genl_family_rcv_msg+0x5dc/0x1040 net/netlink/genetlink.c:629 genl_rcv_msg+0xa7/0x140 net/netlink/genetlink.c:654 netlink_rcv_skb+0x13c/0x380 net/netlink/af_netlink.c:2486 genl_rcv+0x23/0x40 net/netlink/genetlink.c:665 netlink_unicast_kernel net/netlink/af_netlink.c:1311 [inline] netlink_unicast+0x43b/0x650 net/netlink/af_netlink.c:1337 netlink_sendmsg+0x666/0xc50 net/netlink/af_netlink.c:1926 sock_sendmsg_nosec net/socket.c:652 [inline] sock_sendmsg+0xac/0xf0 net/socket.c:671 __sys_sendto+0x1f2/0x2e0 net/socket.c:1964 __do_sys_sendto net/socket.c:1976 [inline] __se_sys_sendto net/socket.c:1972 [inline] __x64_sys_sendto+0xdc/0x1a0 net/socket.c:1972 do_syscall_64+0x96/0x420 arch/x86/entry/common.c:301 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x417c97 Code: 2c 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 81 19 00 00 c3 48 83 ec 08 e8 e7 fa ff ff 48 89 04 24 49 89 ca b8 2c 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 2d fb ff ff 48 89 d0 48 83 c4 08 48 3d 01 RSP: 002b:00007ffc0f59b2c0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c RAX: ffffffffffffffda RBX: 00000000016b4300 RCX: 0000000000417c97 RDX: 0000000000000024 RSI: 00000000016b4350 RDI: 0000000000000003 RBP: 0000000000000000 R08: 00007ffc0f59b2d0 R09: 000000000000000c R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 R13: 0000000000000000 R14: 00000000016b4350 R15: 0000000000000003 Modules linked in: CR2: ffffc90001a3d030 ---[ end trace fe6f0f3e60f24c26 ]--- RIP: 0010:__bpf_trace_run kernel/trace/bpf_trace.c:1234 [inline] RIP: 0010:bpf_trace_run7+0x119/0x390 kernel/trace/bpf_trace.c:1277 Code: 00 49 8d 7c 24 30 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 0a 02 00 00 49 8d 74 24 38 49 8d 7e a0 <41> ff 54 24 30 bf 01 00 00 00 e8 f8 8f d8 ff 65 8b 05 d9 35 9b 7e RSP: 0018:ffff8880aae6f0b8 EFLAGS: 00010246 RAX: dffffc0000000000 RBX: 1ffff110155cde18 RCX: 0000000000000000 RDX: 1ffff92000347a06 RSI: ffffc90001a3d038 RDI: ffff8880aae6f0e0 RBP: ffff8880aae6f160 R08: ffffed1017466988 R09: ffffed1017466987 R10: ffffed1017466987 R11: ffff8880ba334c3b R12: ffffc90001a3d000 R13: ffffe8ffffc00000 R14: ffff8880aae6f140 R15: 0000000000000000 FS: 0000555555bf0940(0000) GS:ffff8880ba300000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: ffffc90001a3d030 CR3: 00000000b3ab5000 CR4: 00000000001406e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400