ci2 starts bisection 2024-05-03 08:44:27.061412616 +0000 UTC m=+63.984437939
bisecting fixing commit since 92432f07d6635531a982c0d4c7ea1274915aac67
building syzkaller on d9b1cdd561af5d0795ce39a120b819f6e3687830
ensuring issue is reproducible on original commit 92432f07d6635531a982c0d4c7ea1274915aac67
testing commit 92432f07d6635531a982c0d4c7ea1274915aac67 gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: a72348b30580ea02417d693e0d68b4bdd593d489f4abab43e1e7a1bcd88da926
all runs: crashed: BUG: unable to handle kernel paging request in bpf_probe_read_kernel_str
representative crash: BUG: unable to handle kernel paging request in bpf_probe_read_kernel_str, types: [UNKNOWN]
check whether we can drop unnecessary instrumentation
disabling configs for [HANG LEAK UBSAN BUG KASAN LOCKDEP ATOMIC_SLEEP], they are not needed
testing commit 92432f07d6635531a982c0d4c7ea1274915aac67 gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: f0f2a5a88b33ccdcaac994da505d9f792e4e97b3ee24d258309d75922928e09a
all runs: crashed: BUG: unable to handle kernel paging request in bpf_probe_read_kernel_str
representative crash: BUG: unable to handle kernel paging request in bpf_probe_read_kernel_str, types: [UNKNOWN]
the bug reproduces without the instrumentation
disabling configs for [HANG LEAK UBSAN BUG KASAN LOCKDEP ATOMIC_SLEEP], they are not needed
kconfig minimization: base=5179 full=6492 leaves diff=255
split chunks (needed=false): <255>
split chunk #0 of len 255 into 5 parts
testing without sub-chunk 1/5
disabling configs for [HANG LEAK UBSAN BUG KASAN LOCKDEP ATOMIC_SLEEP], they are not needed
testing commit 92432f07d6635531a982c0d4c7ea1274915aac67 gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 189d0cd78687d733aca0b553757aef671a93ff5a04146730c5d5514e1b9542e7
all runs: crashed: BUG: unable to handle kernel paging request in bpf_probe_read_kernel_str
representative crash: BUG: unable to handle kernel paging request in bpf_probe_read_kernel_str, types: [UNKNOWN]
the chunk can be dropped
testing without sub-chunk 2/5
disabling configs for [LOCKDEP ATOMIC_SLEEP HANG LEAK UBSAN BUG KASAN], they are not needed
testing commit 92432f07d6635531a982c0d4c7ea1274915aac67 gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: e95173d70e84f4114d1bee721fc9ecaa57ab5e2e442edf6bec2c51379ed56253
all runs: crashed: BUG: unable to handle kernel paging request in bpf_probe_read_kernel_str
representative crash: BUG: unable to handle kernel paging request in bpf_probe_read_kernel_str, types: [UNKNOWN]
the chunk can be dropped
testing without sub-chunk 3/5
disabling configs for [BUG KASAN LOCKDEP ATOMIC_SLEEP HANG LEAK UBSAN], they are not needed
testing commit 92432f07d6635531a982c0d4c7ea1274915aac67 gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: e2d49b4a97b346556f6077a40519226a4b195f9c261f0ed52dbda485f01c34bf
all runs: crashed: BUG: unable to handle kernel paging request in bpf_probe_read_kernel_str
representative crash: BUG: unable to handle kernel paging request in bpf_probe_read_kernel_str, types: [UNKNOWN]
the chunk can be dropped
testing without sub-chunk 4/5
disabling configs for [HANG LEAK UBSAN BUG KASAN LOCKDEP ATOMIC_SLEEP], they are not needed
testing commit 92432f07d6635531a982c0d4c7ea1274915aac67 gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: fc39d43e4ed16bbb3ac38a2318637e973fb4d08316dd46e9717b03554805c884
all runs: crashed: BUG: unable to handle kernel paging request in bpf_probe_read_kernel_str
representative crash: BUG: unable to handle kernel paging request in bpf_probe_read_kernel_str, types: [UNKNOWN]
the chunk can be dropped
testing without sub-chunk 5/5
disabling configs for [UBSAN BUG KASAN LOCKDEP ATOMIC_SLEEP HANG LEAK], they are not needed
testing commit 92432f07d6635531a982c0d4c7ea1274915aac67 gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
failed building 92432f07d6635531a982c0d4c7ea1274915aac67: net/socket.c:1242: undefined reference to `wext_handle_ioctl'
net/socket.c:3437: undefined reference to `compat_wext_handle_ioctl'
net/core/net-procfs.c:329: undefined reference to `wext_proc_init'
net/core/net-procfs.c:345: undefined reference to `wext_proc_exit'
minimized to 51 configs; suspects: [HID_ZEROPLUS USB_NET_DM9601 USB_NET_GL620A USB_NET_MCS7830 USB_NET_NET1080 USB_NET_PLUSB USB_NET_RNDIS_HOST USB_NET_SMSC75XX USB_NET_SMSC95XX USB_NET_SR9700 USB_NET_SR9800 USB_NET_ZAURUS USB_OHCI_HCD USB_OHCI_HCD_PCI USB_OHCI_HCD_PLATFORM USB_OTG USB_OTG_FSM USB_PRINTER USB_SERIAL_GENERIC USB_SERIAL_PL2303 USB_STORAGE_ALAUDA USB_STORAGE_CYPRESS_ATACB USB_STORAGE_DATAFAB USB_STORAGE_FREECOM USB_STORAGE_ISD200 USB_STORAGE_JUMPSHOT USB_STORAGE_KARMA USB_STORAGE_ONETOUCH USB_STORAGE_SDDR09 USB_STORAGE_SDDR55 USB_STORAGE_USBAT USB_TRANCEVIBRATOR USB_U_AUDIO USB_U_ETHER USB_U_SERIAL USB_WDM V4L2_ASYNC V4L2_FWNODE VIDEO_CAMERA_SENSOR WLAN WLAN_VENDOR_ATH WLAN_VENDOR_ATMEL WLAN_VENDOR_BROADCOM WLAN_VENDOR_INTERSIL WLAN_VENDOR_MARVELL WLAN_VENDOR_MEDIATEK WLAN_VENDOR_MICROCHIP WLAN_VENDOR_PURELIFI WLAN_VENDOR_RALINK WLAN_VENDOR_REALTEK WLAN_VENDOR_RSI WLAN_VENDOR_SILABS WLAN_VENDOR_ZYDAS X86_X32_ABI ZEROPLUS_FF]
disabling configs for [ATOMIC_SLEEP HANG LEAK UBSAN BUG KASAN LOCKDEP], they are not needed
testing current HEAD 1794308d463f6fc05c5fef7192f55882ba6252ce
testing commit 1794308d463f6fc05c5fef7192f55882ba6252ce gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 2a38efe074c7658888082ddc2bc594dc5aed417809eb205eef80af00da1558f1
all runs: crashed: BUG: unable to handle kernel paging request in bpf_probe_read_kernel_str
representative crash: BUG: unable to handle kernel paging request in bpf_probe_read_kernel_str, types: [UNKNOWN]
crash still not fixed/happens on the oldest tested release
revisions tested: 7, total time: 3h9m3.804029907s (build: 53m39.642509276s, test: 1h8m36.868792775s)
crash still not fixed or there were kernel test errors
commit msg: ANDROID: 16K: Fix show maps CFI failure
crash: BUG: unable to handle kernel paging request in bpf_probe_read_kernel_str
BUG: unable to handle page fault for address: ffffffffff600000
#PF: supervisor read access in kernel mode
#PF: error_code(0x0000) - not-present page
PGD 300e067 P4D 300e067 PUD 3010067 PMD 3012067 PTE 0
Oops: 0000 [#1] PREEMPT SMP
CPU: 0 PID: 220 Comm: kworker/0:2 Not tainted 6.1.75-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
Workqueue: mld mld_ifc_work
RIP: 0010:strncpy_from_kernel_nofault+0x42/0x80 mm/maccess.c:91
Code: 89 f7 48 89 d6 e8 be 52 dc ff 89 c1 48 c7 c0 de ff ff ff 84 c9 74 33 65 48 8b 35 49 4d ce 7e ff 86 58 0b 00 00 31 c0 48 89 c2 <41> 8a 0c 07 41 88 0c 16 48 8d 42 01 84 c9 74 05 48 39 d8 7c e8 ff
RSP: 0018:ffffc90000003c50 EFLAGS: 00010246
RAX: 0000000000000000 RBX: 0000000000000005 RCX: 00000000ff600001
RDX: 0000000000000000 RSI: ffff888100345f00 RDI: ffffffffff600000
RBP: ffffc90000003c68 R08: 0000000000000a20 R09: 0000000000000001
R10: ffffc90000003ae0 R11: 00000000ffffffff R12: 0000000000000680
R13: 0000000000000010 R14: ffffc90000003ca0 R15: ffffffffff600000
FS: 0000000000000000(0000) GS:ffff888237c00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffffffff600000 CR3: 00000001151b0000 CR4: 00000000003506b0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
bpf_probe_read_kernel_str_common kernel/trace/bpf_trace.c:265 [inline]
____bpf_probe_read_kernel_str kernel/trace/bpf_trace.c:274 [inline]
bpf_probe_read_kernel_str+0x1a/0x40 kernel/trace/bpf_trace.c:271
bpf_prog_ef3a4661c9d1378e+0x42/0x44
bpf_dispatcher_nop_func include/linux/bpf.h:987 [inline]
__bpf_prog_run include/linux/filter.h:600 [inline]
bpf_prog_run include/linux/filter.h:607 [inline]
__bpf_trace_run kernel/trace/bpf_trace.c:2275 [inline]
bpf_trace_run2+0x4f/0xc0 kernel/trace/bpf_trace.c:2314
__bpf_trace_kfree+0x9/0x10 include/trace/events/kmem.h:94
trace_kfree include/trace/events/kmem.h:94 [inline]
kfree+0xce/0xf0 mm/slab_common.c:996
skb_free_head net/core/skbuff.c:762 [inline]
skb_release_data+0x144/0x1b0 net/core/skbuff.c:791
skb_release_all net/core/skbuff.c:856 [inline]
__kfree_skb net/core/skbuff.c:870 [inline]
kfree_skb_reason+0x44/0x120 net/core/skbuff.c:893
kfree_skb include/linux/skbuff.h:1232 [inline]
ip6_mc_input+0x16f/0x1e0 net/ipv6/ip6_input.c:589
dst_input include/net/dst.h:454 [inline]
ip6_rcv_finish+0x4a/0xa0 net/ipv6/ip6_input.c:79
NF_HOOK include/linux/netfilter.h:305 [inline]
ipv6_rcv+0x47/0xe0 net/ipv6/ip6_input.c:310
__netif_receive_skb_one_core net/core/dev.c:5535 [inline]
__netif_receive_skb+0x52/0xe0 net/core/dev.c:5649
process_backlog+0xda/0x190 net/core/dev.c:5977
__napi_poll+0x2a/0x1a0 net/core/dev.c:6544
napi_poll net/core/dev.c:6611 [inline]
net_rx_action+0x144/0x2a0 net/core/dev.c:6722
__do_softirq+0x11b/0x31e kernel/softirq.c:617
do_softirq+0x81/0xc0 kernel/softirq.c:499
__local_bh_enable_ip+0x63/0x70 kernel/softirq.c:423
local_bh_enable include/linux/bottom_half.h:33 [inline]
rcu_read_unlock_bh include/linux/rcupdate.h:838 [inline]
__dev_queue_xmit+0x553/0xd70 net/core/dev.c:4327
dev_queue_xmit include/linux/netdevice.h:3076 [inline]
neigh_resolve_output+0x145/0x1b0 net/core/neighbour.c:1563
neigh_output include/net/neighbour.h:552 [inline]
ip6_finish_output2+0x3ac/0x530 net/ipv6/ip6_output.c:134
__ip6_finish_output net/ipv6/ip6_output.c:201 [inline]
ip6_finish_output+0x154/0x2b0 net/ipv6/ip6_output.c:212
NF_HOOK_COND include/linux/netfilter.h:294 [inline]
ip6_output+0x69/0x130 net/ipv6/ip6_output.c:233
dst_output include/net/dst.h:444 [inline]
NF_HOOK include/linux/netfilter.h:305 [inline]
mld_sendpack+0x24b/0x380 net/ipv6/mcast.c:1820
mld_send_cr net/ipv6/mcast.c:2121 [inline]
mld_ifc_work+0x287/0x3c0 net/ipv6/mcast.c:2653
process_one_work+0x1b2/0x380 kernel/workqueue.c:2299
worker_thread+0x222/0x390 kernel/workqueue.c:2446
kthread+0xda/0xf0 kernel/kthread.c:386
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:306
Modules linked in:
CR2: ffffffffff600000
---[ end trace 0000000000000000 ]---
RIP: 0010:strncpy_from_kernel_nofault+0x42/0x80 mm/maccess.c:91
Code: 89 f7 48 89 d6 e8 be 52 dc ff 89 c1 48 c7 c0 de ff ff ff 84 c9 74 33 65 48 8b 35 49 4d ce 7e ff 86 58 0b 00 00 31 c0 48 89 c2 <41> 8a 0c 07 41 88 0c 16 48 8d 42 01 84 c9 74 05 48 39 d8 7c e8 ff
RSP: 0018:ffffc90000003c50 EFLAGS: 00010246
RAX: 0000000000000000 RBX: 0000000000000005 RCX: 00000000ff600001
RDX: 0000000000000000 RSI: ffff888100345f00 RDI: ffffffffff600000
RBP: ffffc90000003c68 R08: 0000000000000a20 R09: 0000000000000001
R10: ffffc90000003ae0 R11: 00000000ffffffff R12: 0000000000000680
R13: 0000000000000010 R14: ffffc90000003ca0 R15: ffffffffff600000
FS: 0000000000000000(0000) GS:ffff888237c00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffffffff600000 CR3: 00000001151b0000 CR4: 00000000003506b0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
----------------
Code disassembly (best guess):
0: 89 f7 mov %esi,%edi
2: 48 89 d6 mov %rdx,%rsi
5: e8 be 52 dc ff call 0xffdc52c8
a: 89 c1 mov %eax,%ecx
c: 48 c7 c0 de ff ff ff mov $0xffffffffffffffde,%rax
13: 84 c9 test %cl,%cl
15: 74 33 je 0x4a
17: 65 48 8b 35 49 4d ce mov %gs:0x7ece4d49(%rip),%rsi # 0x7ece4d68
1e: 7e
1f: ff 86 58 0b 00 00 incl 0xb58(%rsi)
25: 31 c0 xor %eax,%eax
27: 48 89 c2 mov %rax,%rdx
* 2a: 41 8a 0c 07 mov (%r15,%rax,1),%cl <-- trapping instruction
2e: 41 88 0c 16 mov %cl,(%r14,%rdx,1)
32: 48 8d 42 01 lea 0x1(%rdx),%rax
36: 84 c9 test %cl,%cl
38: 74 05 je 0x3f
3a: 48 39 d8 cmp %rbx,%rax
3d: 7c e8 jl 0x27
3f: ff .byte 0xff