ci2 starts bisection 2025-12-22 16:38:30.274983573 +0000 UTC m=+2257722.452106660
bisecting fixing commit since db710ea87c32d5f806ffaaccbf98ecd3108314e4
building syzkaller on 874a1386706482fe473dfe96f8a3acc52c1b2ba1
ensuring issue is reproducible on original commit db710ea87c32d5f806ffaaccbf98ecd3108314e4

testing commit db710ea87c32d5f806ffaaccbf98ecd3108314e4 gcc
compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
kernel signature: 135ae8dc45d09fe3f0b7246ada4da667b3498659a3b884fbcb32f5de933765b7
all runs: crashed: invalid opcode in __traceiter_percpu_free_percpu
representative crash: invalid opcode in __traceiter_percpu_free_percpu, types: [DoS]
check whether we can drop unnecessary instrumentation
disabling configs for [hang memleak ubsan bug_or_warning kasan locking atomic_sleep], they are not needed
testing commit db710ea87c32d5f806ffaaccbf98ecd3108314e4 gcc
compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
kernel signature: 07ff06df75353ac871ee6bcb3a8abc0041fba3d1e2b77acde5fc0ce2b0118863
all runs: crashed: invalid opcode in __traceiter_percpu_free_percpu
representative crash: invalid opcode in __traceiter_percpu_free_percpu, types: [DoS]
the bug reproduces without the instrumentation
disabling configs for [bug_or_warning kasan locking atomic_sleep hang memleak ubsan], they are not needed
kconfig minimization: base=5186 full=6555 leaves diff=264
split chunks (needed=false): <264>
split chunk #0 of len 264 into 5 parts
testing without sub-chunk 1/5
disabling configs for [atomic_sleep hang memleak ubsan bug_or_warning kasan locking], they are not needed
testing commit db710ea87c32d5f806ffaaccbf98ecd3108314e4 gcc
compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
kernel signature: e311d708fe3f764b005e641c04640a66f17d29c40aa8954297725353d1804873
all runs: crashed: invalid opcode in __traceiter_percpu_free_percpu
representative crash: invalid opcode in __traceiter_percpu_free_percpu, types: [DoS]
the chunk can be dropped
testing without sub-chunk 2/5
disabling configs for [memleak ubsan bug_or_warning kasan locking atomic_sleep hang], they are not needed
testing commit db710ea87c32d5f806ffaaccbf98ecd3108314e4 gcc
compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
kernel signature: 7ee0e7d6d5ce100643385c007998d3dbbe392f51e52ee1c072581dd3e9793f3e
all runs: crashed: invalid opcode in __traceiter_percpu_free_percpu
representative crash: invalid opcode in __traceiter_percpu_free_percpu, types: [DoS]
the chunk can be dropped
testing without sub-chunk 3/5
disabling configs for [kasan locking atomic_sleep hang memleak ubsan bug_or_warning], they are not needed
testing commit db710ea87c32d5f806ffaaccbf98ecd3108314e4 gcc
compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
kernel signature: 2383c5d83f693c2e92522faa8fd9d7093a4feb11e555a6ad44537312f04b97c5
all runs: crashed: invalid opcode in __traceiter_percpu_free_percpu
representative crash: invalid opcode in __traceiter_percpu_free_percpu, types: [DoS]
the chunk can be dropped
testing without sub-chunk 4/5
disabling configs for [bug_or_warning kasan locking atomic_sleep hang memleak ubsan], they are not needed
testing commit db710ea87c32d5f806ffaaccbf98ecd3108314e4 gcc
compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
kernel signature: 996f1580d47c97a765bbb0b5c193dca4f1e75da6400a7e7c8639e422fb7be46b
all runs: crashed: invalid opcode in __traceiter_percpu_free_percpu
representative crash: invalid opcode in __traceiter_percpu_free_percpu, types: [DoS]
the chunk can be dropped
testing without sub-chunk 5/5
disabling configs for [ubsan bug_or_warning kasan locking atomic_sleep hang memleak], they are not needed
testing commit db710ea87c32d5f806ffaaccbf98ecd3108314e4 gcc
compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
failed building db710ea87c32d5f806ffaaccbf98ecd3108314e4: ld.lld: error: undefined symbol: wext_proc_init
ld.lld: error: undefined symbol: wext_proc_exit
ld.lld: error: undefined symbol: wext_handle_ioctl
ld.lld: error: undefined symbol: compat_wext_handle_ioctl
minimized to 52 configs; suspects: [HID_ZEROPLUS USB_NET_CDC_MBIM USB_NET_CDC_SUBSET USB_NET_CDC_SUBSET_ENABLE USB_NET_DM9601 USB_NET_GL620A USB_NET_MCS7830 USB_NET_NET1080 USB_NET_PLUSB USB_NET_RNDIS_HOST USB_NET_SMSC75XX USB_NET_SMSC95XX USB_NET_SR9700 USB_NET_SR9800 USB_NET_ZAURUS USB_OHCI_HCD USB_OHCI_HCD_PCI USB_OHCI_HCD_PLATFORM USB_OTG USB_OTG_FSM USB_PRINTER USB_SERIAL_GENERIC USB_SERIAL_PL2303 USB_STORAGE_ALAUDA USB_STORAGE_CYPRESS_ATACB USB_STORAGE_DATAFAB USB_STORAGE_FREECOM USB_STORAGE_ISD200 USB_STORAGE_JUMPSHOT USB_STORAGE_KARMA USB_STORAGE_ONETOUCH USB_STORAGE_SDDR09 USB_STORAGE_SDDR55 USB_STORAGE_USBAT USB_TRANCEVIBRATOR USB_U_AUDIO USB_U_ETHER USB_U_SERIAL USB_WDM V4L2_ASYNC V4L2_FWNODE VIDEO_CAMERA_SENSOR WLAN WLAN_VENDOR_ATH WLAN_VENDOR_ATMEL WLAN_VENDOR_BROADCOM WLAN_VENDOR_INTERSIL WLAN_VENDOR_MARVELL WLAN_VENDOR_MEDIATEK WLAN_VENDOR_MICROCHIP WLAN_VENDOR_PURELIFI WLAN_VENDOR_RALINK WLAN_VENDOR_REALTEK WLAN_VENDOR_RSI WLAN_VENDOR_SILABS WLAN_VENDOR_ZYDAS ZEROPLUS_FF]
disabling configs for [atomic_sleep hang memleak ubsan bug_or_warning kasan locking], they are not needed
testing current HEAD b952cc514e6f0e92951693f5131909bb1264ded3
testing commit b952cc514e6f0e92951693f5131909bb1264ded3 gcc
compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
kernel signature: 41f64ea736f5d480196549fe1255ef77e6913561b2d4c81294f266290155b86b
all runs: crashed: invalid opcode in __traceiter_percpu_free_percpu
representative crash: invalid opcode in __traceiter_percpu_free_percpu, types: [DoS]
crash still not fixed/happens on the oldest tested release
revisions tested: 7, total time: 2h0m28.987586463s (build: 51m37.425876122s, test: 59m14.547487894s)
crash still not fixed or there were kernel test errors
commit msg: UPSTREAM: af_unix: Initialise scc_index in unix_add_edge().
crash: invalid opcode in __traceiter_percpu_free_percpu
CFI failure at __traceiter_percpu_free_percpu+0x3e/0x60 include/trace/events/percpu.h:54 (target: tp_stub_func+0x0/0x10; expected type: 0xc88d2a22)
invalid opcode: 0000 [#1] PREEMPT SMP
CPU: 0 PID: 6 Comm: kworker/0:0 Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
Workqueue: wg-crypt-wg1 wg_packet_decrypt_worker
RIP: 0010:__traceiter_percpu_free_percpu+0x3e/0x60 include/trace/events/percpu.h:54
Code: e4 74 38 48 89 cb 41 89 d6 49 89 f7 49 8b 04 24 49 8b 7c 24 08 4c 89 fe 44 89 f2 48 89 d9 41 ba de d5 72 37 44 03 50 fc 74 02 <0f> 0b ff d0 49 83 7c 24 18 00 4d 8d 64 24 18 75 d1 31 c0 5b 41 5c
RSP: 0018:ffffc90000003db8 EFLAGS: 00010092
RAX: ffffffff8129c3d0 RBX: 0000607dc8023f98 RCX: 0000607dc8023f98
RDX: 0000000000023f98 RSI: ffffe8ffffc00000 RDI: ffffc90000acd000
RBP: ffffc90000003dd8 R08: ffff888109e00000 R09: 0000000075e479c7
R10: 00000000dcb33cea R11: ffffffff8122e6c0 R12: ffff88810c6bb9d0
R13: 0000000000000004 R14: 0000000000023f98 R15: ffffe8ffffc00000
FS:  0000000000000000(0000) GS:ffff888237c00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000000 CR3: 000000010b83c000 CR4: 00000000003506b0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <IRQ>
 trace_percpu_free_percpu include/trace/events/percpu.h:54 [inline]
 free_percpu+0x477/0x4f0 mm/percpu.c:2310
 rt_fibinfo_free_cpus net/ipv4/fib_semantics.c:210 [inline]
 fib_nh_common_release+0xa9/0x160 net/ipv4/fib_semantics.c:217
 fib_nh_release net/ipv4/fib_semantics.c:229 [inline]
 free_fib_info_rcu+0x3b/0xa0 net/ipv4/fib_semantics.c:241
 rcu_do_batch+0x1c0/0x420 kernel/rcu/tree.c:2297
 rcu_core+0x1ff/0x4d0 kernel/rcu/tree.c:2557
 rcu_core_si+0x9/0x10 kernel/rcu/tree.c:2574
 handle_softirqs+0x12c/0x330 kernel/softirq.c:642
 __do_softirq+0xb/0xd kernel/softirq.c:680
 do_softirq+0x81/0xc0 kernel/softirq.c:524
 </IRQ>
 <TASK>
 __local_bh_enable_ip+0x63/0x70 kernel/softirq.c:448
 __raw_spin_unlock_bh include/linux/spinlock_api_smp.h:167 [inline]
 _raw_spin_unlock_bh+0x22/0x30 kernel/locking/spinlock.c:210
 spin_unlock_bh include/linux/spinlock.h:396 [inline]
 ptr_ring_consume_bh include/linux/ptr_ring.h:367 [inline]
 wg_packet_decrypt_worker+0xd4/0x350 drivers/net/wireguard/receive.c:499
 process_one_work+0x1bf/0x390 kernel/workqueue.c:2302
 worker_thread+0x231/0x390 kernel/workqueue.c:2449
 kthread+0xe5/0x100 kernel/kthread.c:386
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:__traceiter_percpu_free_percpu+0x3e/0x60 include/trace/events/percpu.h:54
Code: e4 74 38 48 89 cb 41 89 d6 49 89 f7 49 8b 04 24 49 8b 7c 24 08 4c 89 fe 44 89 f2 48 89 d9 41 ba de d5 72 37 44 03 50 fc 74 02 <0f> 0b ff d0 49 83 7c 24 18 00 4d 8d 64 24 18 75 d1 31 c0 5b 41 5c
RSP: 0018:ffffc90000003db8 EFLAGS: 00010092
RAX: ffffffff8129c3d0 RBX: 0000607dc8023f98 RCX: 0000607dc8023f98
RDX: 0000000000023f98 RSI: ffffe8ffffc00000 RDI: ffffc90000acd000
RBP: ffffc90000003dd8 R08: ffff888109e00000 R09: 0000000075e479c7
R10: 00000000dcb33cea R11: ffffffff8122e6c0 R12: ffff88810c6bb9d0
R13: 0000000000000004 R14: 0000000000023f98 R15: ffffe8ffffc00000
FS:  0000000000000000(0000) GS:ffff888237c00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000000 CR3: 000000010b83c000 CR4: 00000000003506b0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400