ci2 starts bisection 2024-11-20 02:14:21.702347372 +0000 UTC m=+34962.559496313 bisecting fixing commit since cfa154389a656247d15205f7e01a0b10912183bd building syzkaller on c8349e48534ea6d8f01515335d95de8ebf5da8df ensuring issue is reproducible on original commit cfa154389a656247d15205f7e01a0b10912183bd testing commit cfa154389a656247d15205f7e01a0b10912183bd gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 5c9be5658c479bab1249b8a268feeffbcb07cac4cae078eb523f08982dd323bd run #0: crashed: invalid opcode in bpf_dispatcher_xdp run #1: crashed: invalid opcode in bpf_dispatcher_xdp run #2: crashed: invalid opcode in bpf_dispatcher_xdp run #3: crashed: kernel panic: Fatal exception run #4: crashed: invalid opcode in bpf_dispatcher_xdp run #5: crashed: invalid opcode in bpf_dispatcher_xdp run #6: crashed: invalid opcode in bpf_dispatcher_xdp run #7: crashed: invalid opcode in bpf_dispatcher_xdp run #8: OK run #9: crashed: invalid opcode in bpf_dispatcher_xdp run #10: OK run #11: OK run #12: OK run #13: OK run #14: OK run #15: OK run #16: OK run #17: OK run #18: OK run #19: OK representative crash: invalid opcode in bpf_dispatcher_xdp, types: [UNKNOWN] check whether we can drop unnecessary instrumentation disabling configs for [LOCKDEP ATOMIC_SLEEP HANG LEAK UBSAN BUG KASAN], they are not needed testing commit cfa154389a656247d15205f7e01a0b10912183bd gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 16b5720d0cd54e0d46d8652c25279b64b7bce16dfa4bef33704e6d399bb2f7ac run #0: crashed: invalid opcode in bpf_dispatcher_xdp run #1: crashed: invalid opcode in bpf_dispatcher_xdp run #2: crashed: invalid opcode in bpf_dispatcher_xdp run #3: crashed: invalid opcode in bpf_dispatcher_xdp run #4: crashed: BUG: unable to handle kernel paging request in bpf_dispatcher_xdp run #5: crashed: invalid opcode in bpf_dispatcher_xdp run #6: crashed: invalid opcode in bpf_dispatcher_xdp run #7: crashed: invalid opcode in bpf_dispatcher_xdp run #8: crashed: PANIC: double fault in bpf_dispatcher_xdp run #9: crashed: general protection fault in bpf_dispatcher_xdp run #10: crashed: invalid opcode in bpf_dispatcher_xdp run #11: crashed: BUG: unable to handle kernel NULL pointer dereference in bpf_dispatcher_xdp run #12: crashed: BUG: unable to handle kernel paging request in bpf_dispatcher_xdp run #13: OK run #14: crashed: invalid opcode in bpf_dispatcher_xdp run #15: crashed: invalid opcode in bpf_dispatcher_xdp run #16: OK run #17: OK run #18: OK run #19: OK representative crash: invalid opcode in bpf_dispatcher_xdp, types: [UNKNOWN] the bug reproduces without the instrumentation disabling configs for [HANG LEAK UBSAN BUG KASAN LOCKDEP ATOMIC_SLEEP], they are not needed kconfig minimization: base=5179 full=6491 leaves diff=256 split chunks (needed=false): <256> split chunk #0 of len 256 into 5 parts testing without sub-chunk 1/5 disabling configs for [UBSAN BUG KASAN LOCKDEP ATOMIC_SLEEP HANG LEAK], they are not needed testing commit cfa154389a656247d15205f7e01a0b10912183bd gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 33967b555fa4a919ea19d29af6c672d399b1d1523384f566f4e736c61d25b35f run #0: crashed: invalid opcode in bpf_dispatcher_xdp run #1: crashed: invalid opcode in bpf_dispatcher_xdp run #2: crashed: invalid opcode in bpf_dispatcher_xdp run #3: crashed: invalid opcode in bpf_dispatcher_xdp run #4: crashed: invalid opcode in bpf_dispatcher_xdp run #5: crashed: BUG: unable to handle kernel paging request in x32_sys_call_table run #6: crashed: BUG: unable to handle kernel paging request in bpf_dispatcher_xdp run #7: crashed: kernel panic: Fatal exception run #8: crashed: invalid opcode in bpf_dispatcher_xdp run #9: crashed: invalid opcode in bpf_dispatcher_xdp run #10: crashed: PANIC: double fault in bpf_dispatcher_xdp run #11: crashed: invalid opcode in bpf_dispatcher_xdp run #12: OK run #13: OK run #14: OK run #15: OK run #16: OK run #17: OK run #18: OK run #19: OK representative crash: invalid opcode in bpf_dispatcher_xdp, types: [UNKNOWN] the chunk can be dropped testing without sub-chunk 2/5 disabling configs for [LOCKDEP ATOMIC_SLEEP HANG LEAK UBSAN BUG KASAN], they are not needed testing commit cfa154389a656247d15205f7e01a0b10912183bd gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: bd8440f406262c6cf394c8c195ff58586162d920ae8a5992c25f1911bcc874bf run #0: crashed: invalid opcode in bpf_dispatcher_xdp run #1: crashed: kernel panic: Fatal exception run #2: crashed: invalid opcode in bpf_dispatcher_xdp run #3: crashed: invalid opcode in bpf_dispatcher_xdp run #4: crashed: invalid opcode in bpf_dispatcher_xdp run #5: crashed: BUG: unable to handle kernel paging request in bpf_test_run run #6: crashed: BUG: unable to handle kernel NULL pointer dereference in bpf_dispatcher_xdp run #7: crashed: invalid opcode in bpf_dispatcher_xdp run #8: crashed: invalid opcode in bpf_dispatcher_xdp run #9: crashed: invalid opcode in bpf_dispatcher_xdp run #10: crashed: invalid opcode in bpf_dispatcher_xdp run #11: crashed: invalid opcode in bpf_dispatcher_xdp run #12: crashed: invalid opcode in bpf_dispatcher_xdp run #13: OK run #14: OK run #15: OK run #16: OK run #17: OK run #18: OK run #19: OK representative crash: invalid opcode in bpf_dispatcher_xdp, types: [UNKNOWN] the chunk can be dropped testing without sub-chunk 3/5 disabling configs for [ATOMIC_SLEEP HANG LEAK UBSAN BUG KASAN LOCKDEP], they are not needed testing commit cfa154389a656247d15205f7e01a0b10912183bd gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 159fab33e7568bdefc1def1a3cecd1b1fae6741c838a88939668c88cde97c3d5 run #0: crashed: invalid opcode in bpf_dispatcher_xdp run #1: crashed: invalid opcode in bpf_dispatcher_xdp run #2: crashed: general protection fault in bpf_dispatcher_xdp run #3: crashed: invalid opcode in bpf_dispatcher_xdp run #4: crashed: invalid opcode in bpf_dispatcher_xdp run #5: crashed: invalid opcode in bpf_dispatcher_xdp run #6: crashed: invalid opcode in bpf_dispatcher_xdp run #7: crashed: BUG: unable to handle kernel NULL pointer dereference in bpf_prog_change_xdp run #8: crashed: invalid opcode in bpf_dispatcher_xdp run #9: crashed: invalid opcode in bpf_dispatcher_xdp run #10: crashed: invalid opcode in bpf_dispatcher_xdp run #11: crashed: invalid opcode in bpf_dispatcher_xdp run #12: crashed: invalid opcode in bpf_dispatcher_xdp run #13: crashed: PANIC: double fault in bpf_prog_ADDR run #14: crashed: invalid opcode in bpf_dispatcher_xdp run #15: OK run #16: OK run #17: OK run #18: OK run #19: crashed: invalid opcode in bpf_dispatcher_xdp representative crash: invalid opcode in bpf_dispatcher_xdp, types: [UNKNOWN] the chunk can be dropped testing without sub-chunk 4/5 disabling configs for [ATOMIC_SLEEP HANG LEAK UBSAN BUG KASAN LOCKDEP], they are not needed testing commit cfa154389a656247d15205f7e01a0b10912183bd gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: dcf30eb22d2241f5816b223d5d1a7a0ed74787929c20cd6f60f9d5b70e431186 run #0: crashed: invalid opcode in bpf_dispatcher_xdp run #1: crashed: general protection fault in bpf_dispatcher_xdp run #2: crashed: invalid opcode in bpf_dispatcher_xdp run #3: crashed: invalid opcode in bpf_dispatcher_xdp run #4: crashed: kernel panic: Fatal exception run #5: crashed: invalid opcode in bpf_dispatcher_xdp run #6: crashed: invalid opcode in corrupted run #7: basic kernel testing failed: failed to copy binary to VM: timedout after 1m0s ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "IdentitiesOnly=yes" "-o" "BatchMode=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "-v" "/tmp/syz-executor2881943691" "root@10.128.0.244:./syz-executor2881943691"] Executing: program /usr/bin/ssh host 10.128.0.244, user root, command sftp OpenSSH_9.2p1 Debian-2+deb12u3, OpenSSL 3.0.14 4 Jun 2024 debug1: Reading configuration data /dev/null debug1: Connecting to 10.128.0.244 [10.128.0.244] port 22. debug1: fd 3 clearing O_NONBLOCK debug1: Connection established. debug1: identity file /root/.ssh/id_rsa type -1 debug1: identity file /root/.ssh/id_rsa-cert type -1 debug1: identity file /root/.ssh/id_ecdsa type -1 debug1: identity file /root/.ssh/id_ecdsa-cert type -1 debug1: identity file /root/.ssh/id_ecdsa_sk type -1 debug1: identity file /root/.ssh/id_ecdsa_sk-cert type -1 debug1: identity file /root/.ssh/id_ed25519 type -1 debug1: identity file /root/.ssh/id_ed25519-cert type -1 debug1: identity file /root/.ssh/id_ed25519_sk type -1 debug1: identity file /root/.ssh/id_ed25519_sk-cert type -1 debug1: identity file /root/.ssh/id_xmss type -1 debug1: identity file /root/.ssh/id_xmss-cert type -1 debug1: identity file /root/.ssh/id_dsa type -1 debug1: identity file /root/.ssh/id_dsa-cert type -1 debug1: Local version string SSH-2.0-OpenSSH_9.2p1 Debian-2+deb12u3 debug1: Remote protocol version 2.0, remote software version OpenSSH_9.1 debug1: compat_banner: match: OpenSSH_9.1 pat OpenSSH* compat 0x04000000 debug1: Authenticating to 10.128.0.244:22 as 'root' debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: algorithm: sntrup761x25519-sha512@openssh.com debug1: kex: host key algorithm: ssh-ed25519 debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: compression: none debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: compression: none debug1: expecting SSH2_MSG_KEX_ECDH_REPLY run #8: crashed: invalid opcode in bpf_dispatcher_xdp run #9: crashed: invalid opcode in bpf_dispatcher_xdp run #10: crashed: invalid opcode in bpf_dispatcher_xdp run #11: crashed: BUG: unable to handle kernel paging request in bpf_dispatcher_xdp run #12: crashed: invalid opcode in bpf_dispatcher_xdp run #13: crashed: BUG: unable to handle kernel paging request in bpf_dispatcher_xdp run #14: OK run #15: crashed: PANIC: double fault in bpf_dispatcher_xdp run #16: OK run #17: OK run #18: OK run #19: OK representative crash: invalid opcode in bpf_dispatcher_xdp, types: [UNKNOWN] the chunk can be dropped testing without sub-chunk 5/5 disabling configs for [BUG KASAN LOCKDEP ATOMIC_SLEEP HANG LEAK UBSAN], they are not needed testing commit cfa154389a656247d15205f7e01a0b10912183bd gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 failed building cfa154389a656247d15205f7e01a0b10912183bd: net/socket.c:1245: undefined reference to `wext_handle_ioctl' net/socket.c:3442: undefined reference to `compat_wext_handle_ioctl' net/core/net-procfs.c:329: undefined reference to `wext_proc_init' net/core/net-procfs.c:345: undefined reference to `wext_proc_exit' minimized to 48 configs; suspects: [HID_ZEROPLUS USB_NET_NET1080 USB_NET_PLUSB USB_NET_RNDIS_HOST USB_NET_SMSC75XX USB_NET_SMSC95XX USB_NET_SR9700 USB_NET_SR9800 USB_NET_ZAURUS USB_OHCI_HCD USB_OHCI_HCD_PCI USB_OHCI_HCD_PLATFORM USB_OTG USB_OTG_FSM USB_PRINTER USB_SERIAL_GENERIC USB_SERIAL_PL2303 USB_STORAGE_ALAUDA USB_STORAGE_CYPRESS_ATACB USB_STORAGE_DATAFAB USB_STORAGE_FREECOM USB_STORAGE_ISD200 USB_STORAGE_JUMPSHOT USB_STORAGE_KARMA USB_STORAGE_ONETOUCH USB_STORAGE_SDDR09 USB_STORAGE_SDDR55 USB_STORAGE_USBAT USB_TRANCEVIBRATOR USB_U_AUDIO USB_U_ETHER USB_U_SERIAL USB_WDM V4L2_ASYNC V4L2_FWNODE VIDEO_CAMERA_SENSOR WLAN WLAN_VENDOR_ATH WLAN_VENDOR_ATMEL WLAN_VENDOR_BROADCOM WLAN_VENDOR_INTERSIL WLAN_VENDOR_MARVELL WLAN_VENDOR_MEDIATEK WLAN_VENDOR_MICROCHIP WLAN_VENDOR_PURELIFI WLAN_VENDOR_RALINK WLAN_VENDOR_REALTEK WLAN_VENDOR_RSI WLAN_VENDOR_SILABS WLAN_VENDOR_ZYDAS X86_X32_ABI ZEROPLUS_FF] disabling configs for [ATOMIC_SLEEP HANG LEAK UBSAN BUG KASAN LOCKDEP], they are not needed testing current HEAD 5b095ade1229b05268480a885f0d00f60e558854 testing commit 5b095ade1229b05268480a885f0d00f60e558854 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: a35af3bf115c187443d7a3c9d28775aad2c85c5a52fe663d22b30b4719238cd7 all runs: OK false negative chance: 0.000 # git bisect start 5b095ade1229b05268480a885f0d00f60e558854 cfa154389a656247d15205f7e01a0b10912183bd Bisecting: 3133 revisions left to test after this (roughly 12 steps) [729fdbfc181f00facdddb0aa42d7c0ecbee8b178] spi: Don't mark message DMA mapped when no transfer in it is determine whether the revision contains the guilty commit checking the merge base 883d1a9562083922c6d293e9adad8cca4626adf3 no existing result, test the revision testing commit 883d1a9562083922c6d293e9adad8cca4626adf3 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 28d1768aa345f9314e6c39bea18325c866dca3a64e0bc78677fa0505f9974af2 run #0: crashed: invalid opcode in bpf_dispatcher_xdp run #1: crashed: invalid opcode in bpf_dispatcher_xdp run #2: crashed: invalid opcode in bpf_dispatcher_xdp run #3: crashed: kernel panic: Fatal exception run #4: crashed: invalid opcode in bpf_dispatcher_xdp run #5: crashed: BUG: unable to handle kernel NULL pointer dereference in bpf_dispatcher_xdp run #6: crashed: invalid opcode in bpf_dispatcher_xdp run #7: crashed: invalid opcode in bpf_dispatcher_xdp run #8: crashed: BUG: unable to handle kernel paging request in bpf_dispatcher_xdp run #9: crashed: invalid opcode in bpf_dispatcher_xdp run #10: crashed: invalid opcode in bpf_dispatcher_xdp run #11: crashed: invalid opcode in bpf_dispatcher_xdp run #12: crashed: invalid opcode in bpf_dispatcher_xdp run #13: crashed: invalid opcode in bpf_dispatcher_xdp run #14: crashed: kernel panic: Fatal exception run #15: OK run #16: OK run #17: OK run #18: crashed: invalid opcode in bpf_dispatcher_xdp run #19: OK representative crash: invalid opcode in bpf_dispatcher_xdp, types: [UNKNOWN] testing commit 729fdbfc181f00facdddb0aa42d7c0ecbee8b178 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: ede2ea3b95e80ed4a4c578b4e25f02596edf30750abb37d3d33a057c6b065490 run #0: crashed: BUG: unable to handle kernel paging request in bpf_test_run run #1: crashed: PANIC: double fault in bpf_dispatcher_xdp run #2: crashed: invalid opcode in bpf_dispatcher_xdp run #3: crashed: invalid opcode in bpf_dispatcher_xdp run #4: crashed: invalid opcode in corrupted run #5: crashed: invalid opcode in bpf_dispatcher_xdp run #6: crashed: invalid opcode in bpf_dispatcher_xdp run #7: crashed: invalid opcode in bpf_dispatcher_xdp run #8: crashed: invalid opcode in bpf_dispatcher_xdp run #9: crashed: BUG: unable to handle kernel paging request in bpf_test_run run #10: crashed: invalid opcode in bpf_dispatcher_xdp run #11: crashed: invalid opcode in bpf_dispatcher_xdp run #12: crashed: invalid opcode in bpf_dispatcher_xdp run #13: crashed: invalid opcode in bpf_dispatcher_xdp run #14: crashed: invalid opcode in bpf_dispatcher_xdp run #15: OK run #16: OK run #17: OK run #18: OK run #19: OK representative crash: BUG: unable to handle kernel paging request in bpf_test_run, types: [UNKNOWN] # git bisect good 729fdbfc181f00facdddb0aa42d7c0ecbee8b178 Bisecting: 1567 revisions left to test after this (roughly 11 steps) [dd4b9babf129bc0c7acdc2e08197a08754164cf0] kcov: properly check for softirq context determine whether the revision contains the guilty commit revision 883d1a9562083922c6d293e9adad8cca4626adf3 crashed and is reachable testing commit dd4b9babf129bc0c7acdc2e08197a08754164cf0 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 failed building dd4b9babf129bc0c7acdc2e08197a08754164cf0: ./include/linux/blk-integrity.h:181:9: error: returning 'struct bio_vec' from a function with incompatible result type 'struct bio_vec *'; take the address with & # git bisect skip dd4b9babf129bc0c7acdc2e08197a08754164cf0 Bisecting: 1566 revisions left to test after this (roughly 11 steps) [ed590d0f75f0fca42fc617c70bb3ddda172ebce7] irqchip/xilinx: Fix shift out of bounds determine whether the revision contains the guilty commit revision 729fdbfc181f00facdddb0aa42d7c0ecbee8b178 crashed and is reachable testing commit ed590d0f75f0fca42fc617c70bb3ddda172ebce7 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 failed building ed590d0f75f0fca42fc617c70bb3ddda172ebce7: ./include/linux/blk-integrity.h:181:9: error: returning 'struct bio_vec' from a function with incompatible result type 'struct bio_vec *'; take the address with & # git bisect skip ed590d0f75f0fca42fc617c70bb3ddda172ebce7 Bisecting: 1566 revisions left to test after this (roughly 11 steps) [f4bcd4ef0f7de263132d8c7c3b61e83eb7e9f8bd] ANDROID: 16K: Fixup padding vm_flags bits on VMA splits determine whether the revision contains the guilty commit revision 883d1a9562083922c6d293e9adad8cca4626adf3 crashed and is reachable testing commit f4bcd4ef0f7de263132d8c7c3b61e83eb7e9f8bd gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 52f5d56f2a60270318c64f7fa31058de57695f96a15e7009e2d9aaefe85940a8 run #0: crashed: general protection fault in bpf_dispatcher_xdp run #1: crashed: invalid opcode in bpf_dispatcher_xdp run #2: crashed: invalid opcode in bpf_dispatcher_xdp run #3: crashed: invalid opcode in bpf_dispatcher_xdp run #4: crashed: invalid opcode in bpf_dispatcher_xdp run #5: crashed: invalid opcode in bpf_dispatcher_xdp run #6: crashed: invalid opcode in bpf_dispatcher_xdp run #7: crashed: invalid opcode in bpf_dispatcher_xdp run #8: crashed: invalid opcode in bpf_dispatcher_xdp run #9: crashed: invalid opcode in bpf_dispatcher_xdp run #10: crashed: invalid opcode in bpf_dispatcher_xdp run #11: crashed: invalid opcode in bpf_dispatcher_xdp run #12: crashed: invalid opcode in bpf_dispatcher_xdp run #13: crashed: invalid opcode in bpf_dispatcher_xdp run #14: OK run #15: crashed: invalid opcode in bpf_dispatcher_xdp run #16: OK run #17: OK run #18: OK run #19: OK representative crash: general protection fault in bpf_dispatcher_xdp, types: [UNKNOWN] # git bisect good f4bcd4ef0f7de263132d8c7c3b61e83eb7e9f8bd Bisecting: 964 revisions left to test after this (roughly 10 steps) [20758427ec7622a8b1bd79fa5b44689848315431] s390/uv: Panic for set and remove shared access UVC errors determine whether the revision contains the guilty commit revision dd4b9babf129bc0c7acdc2e08197a08754164cf0 crashed and is reachable testing commit 20758427ec7622a8b1bd79fa5b44689848315431 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 2a66aa4d60e4e1a1fd4a389698648620683fe5183f2b0965cab3092c88a70e79 all runs: OK false negative chance: 0.000 # git bisect bad 20758427ec7622a8b1bd79fa5b44689848315431 Bisecting: 482 revisions left to test after this (roughly 9 steps) [cc8b7284d5076722e0b8062373b68d8e47c3bace] s390/dasd: fix error checks in dasd_copy_pair_store() determine whether the revision contains the guilty commit revision 883d1a9562083922c6d293e9adad8cca4626adf3 crashed and is reachable testing commit cc8b7284d5076722e0b8062373b68d8e47c3bace gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: bb68c9ea2f35bcb53935d3b739c8414fb4eed6d7b1888e13d3f3eccd3fd347f3 run #0: crashed: invalid opcode in bpf_dispatcher_xdp run #1: crashed: invalid opcode in bpf_dispatcher_xdp run #2: crashed: BUG: unable to handle kernel NULL pointer dereference in bpf_dispatcher_xdp run #3: crashed: invalid opcode in bpf_dispatcher_xdp run #4: crashed: invalid opcode in bpf_dispatcher_xdp run #5: crashed: invalid opcode in bpf_dispatcher_xdp run #6: crashed: invalid opcode in bpf_dispatcher_xdp run #7: crashed: BUG: unable to handle kernel paging request in bpf_dispatcher_xdp run #8: crashed: invalid opcode in bpf_dispatcher_xdp run #9: crashed: invalid opcode in bpf_dispatcher_xdp run #10: crashed: invalid opcode in bpf_dispatcher_xdp run #11: crashed: invalid opcode in bpf_dispatcher_xdp run #12: crashed: invalid opcode in bpf_dispatcher_xdp run #13: crashed: kernel panic: Fatal exception run #14: crashed: invalid opcode in bpf_dispatcher_xdp run #15: crashed: invalid opcode in bpf_dispatcher_xdp run #16: OK run #17: OK run #18: OK run #19: OK representative crash: invalid opcode in bpf_dispatcher_xdp, types: [UNKNOWN] # git bisect good cc8b7284d5076722e0b8062373b68d8e47c3bace Bisecting: 241 revisions left to test after this (roughly 8 steps) [1b3777d2f248d6e2a12346431ef6d6cd0e420d5c] platform/chrome: cros_ec_proto: Lock device when updating MKBP version determine whether the revision contains the guilty commit revision cc8b7284d5076722e0b8062373b68d8e47c3bace crashed and is reachable testing commit 1b3777d2f248d6e2a12346431ef6d6cd0e420d5c gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 70bd8ed1207c1e366bff649cde975ca89a38ebf9fa5b93e081ca8799e864eb5a run #0: crashed: lost connection to test machine run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK run #10: OK run #11: OK run #12: OK run #13: OK run #14: OK run #15: OK run #16: OK run #17: OK run #18: OK run #19: OK representative crash: lost connection to test machine, types: [UNKNOWN] unable to determine the verdict: 19 good runs (wanted 15), for bad wanted 10 in total, got 20 # git bisect skip 1b3777d2f248d6e2a12346431ef6d6cd0e420d5c Bisecting: 241 revisions left to test after this (roughly 8 steps) [2dd415c2e34c5a6347ade1a4e6c316c6501d3246] drm/etnaviv: don't block scheduler when GPU is still active determine whether the revision contains the guilty commit revision cc8b7284d5076722e0b8062373b68d8e47c3bace crashed and is reachable testing commit 2dd415c2e34c5a6347ade1a4e6c316c6501d3246 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 01f0d7c305142cd9bfc38311f16c1c11e5405da548fd8d8b41c4afb1064c60a1 run #0: crashed: invalid opcode in bpf_dispatcher_xdp run #1: crashed: BUG: unable to handle kernel NULL pointer dereference in bpf_dispatcher_xdp run #2: crashed: BUG: unable to handle kernel paging request in __init_begin run #3: crashed: BUG: unable to handle kernel paging request in bpf_test_run run #4: crashed: general protection fault in bpf_dispatcher_xdp run #5: crashed: invalid opcode in bpf_dispatcher_xdp run #6: crashed: invalid opcode in bpf_dispatcher_xdp run #7: crashed: invalid opcode in bpf_dispatcher_xdp run #8: crashed: invalid opcode in bpf_dispatcher_xdp run #9: crashed: invalid opcode in bpf_dispatcher_xdp run #10: crashed: invalid opcode in bpf_dispatcher_xdp run #11: crashed: BUG: unable to handle kernel paging request in bpf_dispatcher_xdp run #12: crashed: invalid opcode in bpf_dispatcher_xdp run #13: crashed: invalid opcode in bpf_dispatcher_xdp run #14: crashed: invalid opcode in bpf_dispatcher_xdp run #15: crashed: invalid opcode in bpf_dispatcher_xdp run #16: crashed: invalid opcode in bpf_dispatcher_xdp run #17: OK run #18: crashed: invalid opcode in bpf_dispatcher_xdp run #19: OK representative crash: invalid opcode in bpf_dispatcher_xdp, types: [UNKNOWN] # git bisect good 2dd415c2e34c5a6347ade1a4e6c316c6501d3246 Bisecting: 184 revisions left to test after this (roughly 8 steps) [48cada0ac79e4775236d642e9ec5998a7c7fb7a4] drm/amdgpu: Fix the null pointer dereference to ras_manager determine whether the revision contains the guilty commit revision 729fdbfc181f00facdddb0aa42d7c0ecbee8b178 crashed and is reachable testing commit 48cada0ac79e4775236d642e9ec5998a7c7fb7a4 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 failed building 48cada0ac79e4775236d642e9ec5998a7c7fb7a4: ./include/linux/blk-integrity.h:181:9: error: returning 'struct bio_vec' from a function with incompatible result type 'struct bio_vec *'; take the address with & # git bisect skip 48cada0ac79e4775236d642e9ec5998a7c7fb7a4 Bisecting: 184 revisions left to test after this (roughly 8 steps) [6e73f0dd340ba9afbf937a144e6012425b4c5c4c] power: supply: axp288_charger: Round constant_charge_voltage writes down determine whether the revision contains the guilty commit revision dd4b9babf129bc0c7acdc2e08197a08754164cf0 crashed and is reachable testing commit 6e73f0dd340ba9afbf937a144e6012425b4c5c4c gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 failed building 6e73f0dd340ba9afbf937a144e6012425b4c5c4c: ./include/linux/blk-integrity.h:181:9: error: returning 'struct bio_vec' from a function with incompatible result type 'struct bio_vec *'; take the address with & # git bisect skip 6e73f0dd340ba9afbf937a144e6012425b4c5c4c Bisecting: 184 revisions left to test after this (roughly 8 steps) [c2629daf218a325f4d69754452cd42fe8451c15b] drm/amd/pm: Fix the null pointer dereference for vega10_hwmgr determine whether the revision contains the guilty commit revision 729fdbfc181f00facdddb0aa42d7c0ecbee8b178 crashed and is reachable testing commit c2629daf218a325f4d69754452cd42fe8451c15b gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 failed building c2629daf218a325f4d69754452cd42fe8451c15b: ./include/linux/blk-integrity.h:181:9: error: returning 'struct bio_vec' from a function with incompatible result type 'struct bio_vec *'; take the address with & # git bisect skip c2629daf218a325f4d69754452cd42fe8451c15b Bisecting: 184 revisions left to test after this (roughly 8 steps) [5a80b682e3e161784edf1550de9b8602a5013140] ice: add missing WRITE_ONCE when clearing ice_rx_ring::xdp_prog determine whether the revision contains the guilty commit revision 883d1a9562083922c6d293e9adad8cca4626adf3 crashed and is reachable testing commit 5a80b682e3e161784edf1550de9b8602a5013140 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 3956dba9cfaac28c1d92831dc5ae36277eb185f4a28a94f43bfc05c59072d7a0 all runs: OK false negative chance: 0.000 # git bisect bad 5a80b682e3e161784edf1550de9b8602a5013140 Bisecting: 55 revisions left to test after this (roughly 6 steps) [dfe90030a0cfa26dca4cb6510de28920e5ad22fb] iommu: sprd: Avoid NULL deref in sprd_iommu_hw_en determine whether the revision contains the guilty commit revision 729fdbfc181f00facdddb0aa42d7c0ecbee8b178 crashed and is reachable testing commit dfe90030a0cfa26dca4cb6510de28920e5ad22fb gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: b6db3263213e3043a24a24eb34cd52862ad9851ced82e4d3cb70df24df7747f6 all runs: OK false negative chance: 0.000 # git bisect bad dfe90030a0cfa26dca4cb6510de28920e5ad22fb Bisecting: 27 revisions left to test after this (roughly 5 steps) [8d17f72a6ecdb5fbdf3abc89dc90564b1d3c4597] bpf, events: Use prog to emit ksymbol event for main program determine whether the revision contains the guilty commit revision 2dd415c2e34c5a6347ade1a4e6c316c6501d3246 crashed and is reachable testing commit 8d17f72a6ecdb5fbdf3abc89dc90564b1d3c4597 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: dc64da95ac46bfa9d2523fc1748589b2cb27bc7a0a02a5c39594cf2d357921ae all runs: OK false negative chance: 0.000 # git bisect bad 8d17f72a6ecdb5fbdf3abc89dc90564b1d3c4597 Bisecting: 13 revisions left to test after this (roughly 4 steps) [325b68a05b77e2ad727d67da43ef44dbf2837a4b] kdb: Use the passed prompt in kdb_position_cursor() determine whether the revision contains the guilty commit revision 883d1a9562083922c6d293e9adad8cca4626adf3 crashed and is reachable testing commit 325b68a05b77e2ad727d67da43ef44dbf2837a4b gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 93e280dcd33dec6268a19816003af7d684f75f16526fbd92135959920c266973 all runs: OK false negative chance: 0.000 # git bisect bad 325b68a05b77e2ad727d67da43ef44dbf2837a4b Bisecting: 7 revisions left to test after this (roughly 3 steps) [012be828a118bf496e666ef1fc47fc0e7358ada2] nilfs2: handle inconsistent state in nilfs_btnode_create_block() determine whether the revision contains the guilty commit revision 729fdbfc181f00facdddb0aa42d7c0ecbee8b178 crashed and is reachable testing commit 012be828a118bf496e666ef1fc47fc0e7358ada2 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 3755b297c43f181cc17d9c690d4b9ee7e460f240f61e197374a791275b295499 all runs: OK false negative chance: 0.000 # git bisect bad 012be828a118bf496e666ef1fc47fc0e7358ada2 Bisecting: 3 revisions left to test after this (roughly 2 steps) [3746b113e9f0963bf27bc207fc764caa8d03146f] rbd: don't assume RBD_LOCK_STATE_LOCKED for exclusive mappings determine whether the revision contains the guilty commit revision 729fdbfc181f00facdddb0aa42d7c0ecbee8b178 crashed and is reachable testing commit 3746b113e9f0963bf27bc207fc764caa8d03146f gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 004f06d2aae3bfab2f70320e7f5cb9d1fb7361ee5c09d75370d79b405305da68 run #0: crashed: invalid opcode in bpf_dispatcher_xdp run #1: crashed: BUG: unable to handle kernel NULL pointer dereference in bpf_dispatcher_xdp run #2: crashed: invalid opcode in bpf_dispatcher_xdp run #3: crashed: invalid opcode in bpf_dispatcher_xdp run #4: crashed: BUG: unable to handle kernel paging request in bpf_test_run run #5: crashed: invalid opcode in bpf_dispatcher_xdp run #6: crashed: invalid opcode in bpf_dispatcher_xdp run #7: crashed: invalid opcode in bpf_dispatcher_xdp run #8: crashed: BUG: unable to handle kernel NULL pointer dereference in corrupted run #9: crashed: invalid opcode in bpf_dispatcher_xdp run #10: crashed: invalid opcode in bpf_dispatcher_xdp run #11: crashed: BUG: unable to handle kernel paging request in bpf_dispatcher_xdp run #12: crashed: invalid opcode in bpf_dispatcher_xdp run #13: crashed: invalid opcode in bpf_dispatcher_xdp run #14: crashed: invalid opcode in bpf_dispatcher_xdp run #15: crashed: BUG: unable to handle kernel paging request in __init_begin run #16: OK run #17: crashed: invalid opcode in bpf_dispatcher_xdp run #18: OK run #19: OK representative crash: invalid opcode in bpf_dispatcher_xdp, types: [UNKNOWN] # git bisect good 3746b113e9f0963bf27bc207fc764caa8d03146f Bisecting: 1 revision left to test after this (roughly 1 step) [e3ddef880d3c32dfd8ba9abfc85be505ab0e13e1] Bluetooth: btusb: Add RTL8852BE device 0489:e125 to device tables determine whether the revision contains the guilty commit revision 883d1a9562083922c6d293e9adad8cca4626adf3 crashed and is reachable testing commit e3ddef880d3c32dfd8ba9abfc85be505ab0e13e1 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 05154d79c6092389b64780b493694c28eb225c837cbc1bcf4bb1fd40aaaf7a11 all runs: OK false negative chance: 0.000 # git bisect bad e3ddef880d3c32dfd8ba9abfc85be505ab0e13e1 Bisecting: 0 revisions left to test after this (roughly 0 steps) [d0d2df38f5d01930d9441b259890cfb04bfea5cd] bpf: Synchronize dispatcher update with bpf_dispatcher_xdp_func determine whether the revision contains the guilty commit revision 3746b113e9f0963bf27bc207fc764caa8d03146f crashed and is reachable testing commit d0d2df38f5d01930d9441b259890cfb04bfea5cd gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 32c017728251d59d0d2f249074f27244a3147a48f39a0ed8b0082458a7e3d60c all runs: OK false negative chance: 0.000 # git bisect bad d0d2df38f5d01930d9441b259890cfb04bfea5cd d0d2df38f5d01930d9441b259890cfb04bfea5cd is the first bad commit commit d0d2df38f5d01930d9441b259890cfb04bfea5cd Author: Jiri Olsa Date: Wed Dec 14 13:35:42 2022 +0100 bpf: Synchronize dispatcher update with bpf_dispatcher_xdp_func commit 4121d4481b72501aa4d22680be4ea1096d69d133 upstream. Hao Sun reported crash in dispatcher image [1]. Currently we don't have any sync between bpf_dispatcher_update and bpf_dispatcher_xdp_func, so following race is possible: cpu 0: cpu 1: bpf_prog_run_xdp ... bpf_dispatcher_xdp_func in image at offset 0x0 bpf_dispatcher_update update image at offset 0x800 bpf_dispatcher_update update image at offset 0x0 in image at offset 0x0 -> crash Fixing this by synchronizing dispatcher image update (which is done in bpf_dispatcher_update function) with bpf_dispatcher_xdp_func that reads and execute the dispatcher image. Calling synchronize_rcu after updating and installing new image ensures that readers leave old image before it's changed in the next dispatcher update. The update itself is locked with dispatcher's mutex. The bpf_prog_run_xdp is called under local_bh_disable and synchronize_rcu will wait for it to leave [2]. [1] https://lore.kernel.org/bpf/Y5SFho7ZYXr9ifRn@krava/T/#m00c29ece654bc9f332a17df493bbca33e702896c [2] https://lore.kernel.org/bpf/0B62D35A-E695-4B7A-A0D4-774767544C1A@gmail.com/T/#mff43e2c003ae99f4a38f353c7969be4c7162e877 Reported-by: Hao Sun Signed-off-by: Jiri Olsa Acked-by: Yonghong Song Acked-by: Paul E. McKenney Link: https://lore.kernel.org/r/20221214123542.1389719-1-jolsa@kernel.org Signed-off-by: Martin KaFai Lau Reported-by: syzbot+08ba1e474d350b613604@syzkaller.appspotmail.com Signed-off-by: Sergio González Collado Signed-off-by: Greg Kroah-Hartman kernel/bpf/dispatcher.c | 5 +++++ 1 file changed, 5 insertions(+) accumulated error probability: 0.00 culprit signature: 32c017728251d59d0d2f249074f27244a3147a48f39a0ed8b0082458a7e3d60c parent signature: 004f06d2aae3bfab2f70320e7f5cb9d1fb7361ee5c09d75370d79b405305da68 reproducer is flaky (0.74 repro chance estimate) revisions tested: 22, total time: 8h2m43.048585279s (build: 2h6m23.660713823s, test: 5h6m54.670413076s) first good commit: d0d2df38f5d01930d9441b259890cfb04bfea5cd bpf: Synchronize dispatcher update with bpf_dispatcher_xdp_func recipients (to): ["gregkh@linuxfoundation.org" "jolsa@kernel.org" "martin.lau@kernel.org" "paulmck@kernel.org" "sergio.collado@gmail.com" "yhs@fb.com"] recipients (cc): []