ci starts bisection 2024-02-03 08:17:51.022754521 +0000 UTC m=+79998.112437356 bisecting cause commit starting from 6fb3f72702fba97323a89e53f484de58bc59d13c building syzkaller on 60bf9982e3c5f47dee643bd88d86c7f0b631e32d ensuring issue is reproducible on original commit 6fb3f72702fba97323a89e53f484de58bc59d13c testing commit 6fb3f72702fba97323a89e53f484de58bc59d13c gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 50ee46680c72855382867d3d71d72e9deec2de5ab59ad17d121bc9be98e4bad7 all runs: crashed: BUG: unable to handle kernel paging request in bpf_probe_read_kernel_str representative crash: BUG: unable to handle kernel paging request in bpf_probe_read_kernel_str, types: [UNKNOWN] check whether we can drop unnecessary instrumentation disabling configs for [BUG KASAN LOCKDEP ATOMIC_SLEEP HANG LEAK UBSAN], they are not needed testing commit 6fb3f72702fba97323a89e53f484de58bc59d13c gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 03d3d773f673dac31c3640a316101433cf5a4aa1da72acd01468b0bbd70960c9 all runs: crashed: BUG: unable to handle kernel paging request in bpf_probe_read_kernel_str representative crash: BUG: unable to handle kernel paging request in bpf_probe_read_kernel_str, types: [UNKNOWN] the bug reproduces without the instrumentation disabling configs for [LEAK UBSAN BUG KASAN LOCKDEP ATOMIC_SLEEP HANG], they are not needed kconfig minimization: base=3937 full=7963 leaves diff=2019 split chunks (needed=false): <2019> split chunk #0 of len 2019 into 5 parts testing without sub-chunk 1/5 disabling configs for [LOCKDEP ATOMIC_SLEEP HANG LEAK UBSAN BUG KASAN], they are not needed testing commit 6fb3f72702fba97323a89e53f484de58bc59d13c gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 5f28f34aceab816a8ecd0472c3769a3e0ef7a40db2c7a4d364cf3c5c72a6daf7 all runs: crashed: BUG: unable to handle kernel paging request in bpf_probe_read_kernel_str representative crash: BUG: unable to handle kernel paging request in bpf_probe_read_kernel_str, types: [UNKNOWN] the chunk can be dropped testing without sub-chunk 2/5 disabling configs for [LOCKDEP ATOMIC_SLEEP HANG LEAK UBSAN BUG KASAN], they are not needed testing commit 6fb3f72702fba97323a89e53f484de58bc59d13c gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 5133f52081631a04f522967e3a10a996e10a322d51040741e32cbde083ae9358 all runs: crashed: BUG: unable to handle kernel paging request in bpf_probe_read_kernel_str representative crash: BUG: unable to handle kernel paging request in bpf_probe_read_kernel_str, types: [UNKNOWN] the chunk can be dropped testing without sub-chunk 3/5 disabling configs for [HANG LEAK UBSAN BUG KASAN LOCKDEP ATOMIC_SLEEP], they are not needed testing commit 6fb3f72702fba97323a89e53f484de58bc59d13c gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 18ae3e5f0b03773c4f17fdf4eb8709986663267b374a3cbdbc45c0539e1d047e all runs: crashed: BUG: unable to handle kernel paging request in bpf_probe_read_kernel_str representative crash: BUG: unable to handle kernel paging request in bpf_probe_read_kernel_str, types: [UNKNOWN] the chunk can be dropped testing without sub-chunk 4/5 disabling configs for [HANG LEAK UBSAN BUG KASAN LOCKDEP ATOMIC_SLEEP], they are not needed testing commit 6fb3f72702fba97323a89e53f484de58bc59d13c gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 811841bb58f1d9e16cb87e3496391349fac98551352ea105b915013ea86fda85 all runs: crashed: BUG: unable to handle kernel paging request in bpf_probe_read_kernel_str representative crash: BUG: unable to handle kernel paging request in bpf_probe_read_kernel_str, types: [UNKNOWN] the chunk can be dropped testing without sub-chunk 5/5 disabling configs for [HANG LEAK UBSAN BUG KASAN LOCKDEP ATOMIC_SLEEP], they are not needed testing commit 6fb3f72702fba97323a89e53f484de58bc59d13c gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 23a286b0c5abef8baf097e55c15b3705bcdd42f3fa20f1a50612bf4133e8cdb7 run #0: basic kernel testing failed: lost connection to test machine run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK false negative chance: 0.000 minimized to 403 configs; suspects: [ARCH_ENABLE_MEMORY_HOTREMOVE ATM BCMA BLK_DEV_ZONED BPF_SYSCALL CARDBUS CFG80211 CFG80211_WEXT CMA COMMON_CLK CONTIG_ALLOC CRYPTO_842 CRYPTO_LZ4 CRYPTO_LZ4HC CRYPTO_LZO CRYPTO_ZSTD DVB_CORE EXTCON FB GPIOLIB HID_ZEROPLUS I2C_MUX IIO IOMMUFD IRQ_REMAP KVM KVM_INTEL LIBNVDIMM MEDIA_ANALOG_TV_SUPPORT MEDIA_CAMERA_SUPPORT MEDIA_CEC_SUPPORT MEDIA_CONTROLLER MEDIA_DIGITAL_TV_SUPPORT MEDIA_RADIO_SUPPORT MEDIA_SDR_SUPPORT MEDIA_SUPPORT MEDIA_TEST_SUPPORT MEDIA_USB_SUPPORT MEMORY_HOTPLUG MEMORY_HOTREMOVE MFD_VIPERBOARD PARPORT PCCARD PCMCIA PHONET RADIO_ADAPTERS RADIO_SI470X RADIO_SI4713 RC_CORE RFKILL SND SOUND SPI SSB TAP TARGET_CORE TUN USB_AMD5536UDC USB_ATM USB_CONFIGFS USB_CONFIGFS_ECM USB_CONFIGFS_ECM_SUBSET USB_CONFIGFS_EEM USB_CONFIGFS_F_FS USB_CONFIGFS_F_HID USB_CONFIGFS_F_LB_SS USB_CONFIGFS_F_MIDI USB_CONFIGFS_F_PRINTER USB_CONFIGFS_F_TCM USB_CONFIGFS_F_UAC1 USB_CONFIGFS_F_UAC1_LEGACY USB_CONFIGFS_F_UAC2 USB_CONFIGFS_F_UVC USB_CONFIGFS_MASS_STORAGE USB_CONFIGFS_NCM USB_CONFIGFS_OBEX USB_CONFIGFS_PHONET USB_CONFIGFS_RNDIS USB_CONFIGFS_SERIAL USB_CXACRU USB_CYPRESS_CY7C63 USB_CYTHERM USB_DSBR USB_DUMMY_HCD USB_DWC2 USB_DWC2_HOST USB_DWC2_PCI USB_DWC3 USB_DWC3_GADGET USB_DWC3_OF_SIMPLE USB_DWC3_PCI USB_DWC3_ULPI USB_DYNAMIC_MINORS USB_EG20T USB_EHCI_HCD_PLATFORM USB_EHCI_ROOT_HUB_TT USB_EHSET_TEST_FIXTURE USB_EMI26 USB_EMI62 USB_EPSON2888 USB_EZUSB_FX2 USB_FEW_INIT_RETRIES USB_F_ACM USB_F_ECM USB_F_EEM USB_F_FS USB_F_HID USB_F_MASS_STORAGE USB_F_MIDI USB_F_NCM USB_F_OBEX USB_F_PHONET USB_F_PRINTER USB_F_RNDIS USB_F_SERIAL USB_F_SS_LB USB_F_SUBSET USB_F_TCM USB_F_UAC1 USB_F_UAC1_LEGACY USB_F_UAC2 USB_F_UVC USB_GADGET USB_GADGETFS USB_GADGET_DEBUG_FILES USB_GADGET_DEBUG_FS USB_GL860 USB_GOKU USB_GPIO_VBUS USB_GR_UDC USB_GSPCA USB_GSPCA_BENQ USB_GSPCA_CONEX USB_GSPCA_CPIA1 USB_GSPCA_DTCS033 USB_GSPCA_ETOMS USB_GSPCA_FINEPIX USB_GSPCA_JEILINJ USB_GSPCA_JL2005BCD USB_GSPCA_KINECT USB_GSPCA_KONICA USB_GSPCA_MARS USB_GSPCA_MR97310A USB_GSPCA_NW80X USB_GSPCA_OV519 USB_GSPCA_OV534 USB_GSPCA_OV534_9 USB_GSPCA_PAC207 USB_GSPCA_PAC7302 USB_GSPCA_PAC7311 USB_GSPCA_SE401 USB_GSPCA_SN9C2028 USB_GSPCA_SN9C20X USB_GSPCA_SONIXB USB_GSPCA_SONIXJ USB_GSPCA_SPCA1528 USB_GSPCA_SPCA500 USB_GSPCA_SPCA501 USB_GSPCA_SPCA505 USB_GSPCA_SPCA506 USB_GSPCA_SPCA508 USB_GSPCA_SPCA561 USB_GSPCA_SQ905 USB_GSPCA_SQ905C USB_GSPCA_SQ930X USB_GSPCA_STK014 USB_GSPCA_STK1135 USB_GSPCA_STV0680 USB_GSPCA_SUNPLUS USB_GSPCA_T613 USB_GSPCA_TOPRO USB_GSPCA_TOUPTEK USB_GSPCA_TV8532 USB_GSPCA_VC032X USB_GSPCA_VICAM USB_GSPCA_XIRLINK_CIT USB_GSPCA_ZC3XX USB_HACKRF USB_HCD_BCMA USB_HCD_SSB USB_HSIC_USB3503 USB_HSIC_USB4604 USB_HSO USB_HUB_USB251XB USB_IDMOUSE USB_IOWARRIOR USB_IPHETH USB_ISIGHTFW USB_ISP116X_HCD USB_ISP1301 USB_ISP1760 USB_ISP1760_DUAL_ROLE USB_ISP1760_HCD USB_ISP1761_UDC USB_KAWETH USB_KC2190 USB_KEENE USB_LAN78XX USB_LCD USB_LD USB_LEDS_TRIGGER_USBPORT USB_LED_TRIG USB_LEGOTOWER USB_LIBCOMPOSITE USB_LINK_LAYER_TEST USB_M5602 USB_MA901 USB_MAX3421_HCD USB_MDC800 USB_MICROTEK USB_MR800 USB_MSI2500 USB_MUSB_DUAL_ROLE USB_MUSB_HDRC USB_MV_U3D USB_MV_UDC USB_NET2272 USB_NET2272_DMA USB_NET2280 USB_NET_AX88179_178A USB_NET_AX8817X USB_NET_CDCETHER USB_NET_CDC_EEM USB_NET_CDC_MBIM USB_NET_CDC_NCM USB_NET_CDC_SUBSET USB_NET_CDC_SUBSET_ENABLE USB_NET_CH9200 USB_NET_CX82310_ETH USB_NET_DM9601 USB_NET_GL620A USB_NET_HUAWEI_CDC_NCM USB_NET_INT51X1 USB_NET_KALMIA USB_NET_MCS7830 USB_NET_NET1080 USB_NET_PLUSB USB_NET_QMI_WWAN USB_NET_RNDIS_HOST USB_NET_SMSC75XX USB_NET_SMSC95XX USB_NET_SR9700 USB_NET_SR9800 USB_NET_ZAURUS USB_OHCI_HCD_PLATFORM USB_OTG USB_OTG_FSM USB_OXU210HP_HCD USB_PEGASUS USB_PULSE8_CEC USB_PWC USB_PWC_INPUT_EVDEV USB_PXA27X USB_R8A66597 USB_R8A66597_HCD USB_RAINSHADOW_CEC USB_RAREMONO USB_RAW_GADGET USB_RTL8150 USB_RTL8152 USB_RTL8153_ECM USB_S2255 USB_SERIAL USB_SERIAL_AIRCABLE USB_SERIAL_ARK3116 USB_SERIAL_BELKIN USB_SERIAL_CH341 USB_SERIAL_CONSOLE USB_SERIAL_CP210X USB_SERIAL_CYBERJACK USB_SERIAL_CYPRESS_M8 USB_SERIAL_DEBUG USB_SERIAL_DIGI_ACCELEPORT USB_SERIAL_EDGEPORT USB_SERIAL_EDGEPORT_TI USB_SERIAL_EMPEG USB_SERIAL_F81232 USB_SERIAL_F8153X USB_SERIAL_FTDI_SIO USB_SERIAL_GARMIN USB_SERIAL_GENERIC USB_SERIAL_IPAQ USB_SERIAL_IPW USB_SERIAL_IR USB_SERIAL_IUU USB_SERIAL_KEYSPAN USB_SERIAL_KEYSPAN_PDA USB_SERIAL_KLSI USB_SERIAL_KOBIL_SCT USB_SERIAL_MCT_U232 USB_SERIAL_METRO USB_SERIAL_MOS7715_PARPORT USB_SERIAL_MOS7720 USB_SERIAL_MOS7840 USB_SERIAL_MXUPORT USB_SERIAL_NAVMAN USB_SERIAL_OMNINET USB_SERIAL_OPTICON USB_SERIAL_OPTION USB_SERIAL_OTI6858 USB_SERIAL_PL2303 USB_SERIAL_QCAUX USB_SERIAL_QT2 USB_SERIAL_QUALCOMM USB_SERIAL_SAFE USB_SERIAL_SIERRAWIRELESS USB_SERIAL_SIMPLE USB_SERIAL_SPCP8X5 USB_SERIAL_SSU100 USB_SERIAL_SYMBOL USB_SERIAL_TI USB_SERIAL_UPD78F0730 USB_SERIAL_VISOR USB_SERIAL_WHITEHEAT USB_SERIAL_WISHBONE USB_SERIAL_WWAN USB_SERIAL_XR USB_SERIAL_XSENS_MT USB_SEVSEG USB_SI470X USB_SI4713 USB_SIERRA_NET USB_SISUSBVGA USB_SL811_CS USB_SL811_HCD USB_SL811_HCD_ISO USB_SNP_CORE USB_SPEEDTOUCH USB_STORAGE_ALAUDA USB_STORAGE_CYPRESS_ATACB USB_STORAGE_DATAFAB USB_STORAGE_ENE_UB6250 USB_STORAGE_FREECOM USB_STORAGE_ISD200 USB_STORAGE_JUMPSHOT USB_STORAGE_KARMA USB_STORAGE_ONETOUCH USB_STORAGE_SDDR09 USB_STORAGE_SDDR55 USB_STORAGE_USBAT USB_STV06XX USB_TEST USB_TMC USB_TRANCEVIBRATOR USB_UAS USB_UEAGLEATM USB_ULPI_BUS USB_USBNET USB_USS720 USB_U_AUDIO USB_U_ETHER USB_U_SERIAL USB_VIDEO_CLASS USB_VIDEO_CLASS_INPUT_EVDEV USB_VL600 USB_WDM USB_XHCI_DBGCAP USB_XHCI_PLATFORM USB_XUSBATM USB_YUREX USERFAULTFD USERIO USERMODE_DRIVER USER_RETURN_NOTIFIER UVC_COMMON U_SERIAL_CONSOLE V4L2_MEM2MEM_DEV V4L_TEST_DRIVERS VALIDATE_FS_PARSER VDPA VDPA_SIM VDPA_SIM_BLOCK VDPA_SIM_NET VDPA_USER VETH VFIO VFIO_DEVICE_CDEV VFIO_PCI VFIO_PCI_CORE VFIO_PCI_INTX VFIO_PCI_MMAP VFIO_VIRQFD VGASTATE VHOST VHOST_CROSS_ENDIAN_LEGACY VHOST_IOTLB VHOST_NET VHOST_RING VHOST_TASK VHOST_VDPA VHOST_VSOCK VIDEOBUF2_CORE VIDEOBUF2_DMA_CONTIG VIDEOBUF2_DMA_SG VIDEOBUF2_MEMOPS VIDEOBUF2_V4L2 VIDEOBUF2_VMALLOC VIDEOMODE_HELPERS VIDEO_AU0828 VIDEO_AU0828_RC VIDEO_AU0828_V4L2 VIDEO_CMDLINE VIDEO_CS53L32A VIDEO_CX231XX VIDEO_CX231XX_ALSA VIDEO_CX231XX_DVB VIDEO_CX231XX_RC VIDEO_CX2341X VIDEO_CX25840 VIDEO_DEV VIDEO_EM28XX VIDEO_EM28XX_ALSA VIDEO_EM28XX_DVB VIDEO_EM28XX_RC VIDEO_EM28XX_V4L2 VIDEO_GO7007 VIDEO_GO7007_LOADER VIDEO_GO7007_USB VIDEO_GO7007_USB_S2250_BOARD VIDEO_HDPVR VIDEO_MSP3400 VIDEO_NOMODESET VIDEO_PVRUSB2 VIDEO_PVRUSB2_DVB VIDEO_PVRUSB2_SYSFS VIDEO_SAA711X VIDEO_STK1160 VIDEO_TUNER VIDEO_TVEEPROM VIDEO_USBTV VIDEO_V4L2_I2C VIDEO_V4L2_SUBDEV_API VIDEO_V4L2_TPG VIDEO_VICODEC VIDEO_VIM2M VIDEO_VIMC VIDEO_VIVID VIDEO_VIVID_CEC VIDEO_WM8775 VIPERBOARD_ADC VIRTIO_BALLOON VIRTIO_DMA_SHARED_BUFFER VIRTIO_MEM VIRTIO_MMIO VIRTIO_MMIO_CMDLINE_DEVICES VIRTIO_PMEM VIRTIO_VDPA VIRTIO_VSOCKETS VIRTIO_VSOCKETS_COMMON VIRT_WIFI VLAN_8021Q VLAN_8021Q_GVRP VLAN_8021Q_MVRP VMAP_PFN VMWARE_VMCI VMXNET3 VP_VDPA VSOCKETS VSOCKETS_DIAG VSOCKETS_LOOPBACK VSOCKMON VT_HW_CONSOLE_BINDING VXFS_FS WANT_DEV_COREDUMP WEXT_CORE WEXT_PRIV WEXT_PROC WIREGUARD WIRELESS WIRELESS_EXT WLAN WLAN_VENDOR_ADMTEK WLAN_VENDOR_PURELIFI WLAN_VENDOR_SILABS X86_SGX X86_SGX_KVM X86_USER_SHADOW_STACK X86_X2APIC X86_X32_ABI XDP_SOCKETS XDP_SOCKETS_DIAG XFRM_ESPINTCP XFRM_INTERFACE XFRM_IPCOMP XFRM_MIGRATE XFRM_OFFLOAD XFRM_STATISTICS XFRM_SUB_POLICY XFRM_USER_COMPAT XFS_FS XFS_POSIX_ACL XFS_QUOTA XFS_RT XOR_BLOCKS YENTA YENTA_ENE_TUNE YENTA_O2 YENTA_RICOH YENTA_TI YENTA_TOSHIBA ZEROPLUS_FF ZLIB_DEFLATE ZONEFS_FS ZPOOL ZRAM ZRAM_DEF_COMP_LZORLE ZSMALLOC ZSTD_COMPRESS ZSWAP ZSWAP_COMPRESSOR_DEFAULT_LZO ZSWAP_DEFAULT_ON ZSWAP_SHRINKER_DEFAULT_ON ZSWAP_ZPOOL_DEFAULT_ZSMALLOC] disabling configs for [HANG LEAK UBSAN BUG KASAN LOCKDEP ATOMIC_SLEEP], they are not needed picked [v6.7 v6.6 v6.5 v6.3 v6.1 v5.19 v5.17 v5.15 v5.12 v5.9 v5.6 v5.3 v5.0 v4.19] out of 30 release tags testing release v6.7 testing commit 0dd3ee31125508cd67f7e7172247f05b7fd1753a gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 9da7339fb9f7f7e966a7c1fb24517acbb29b4d24bfbe6d721f970498bbda5d0d all runs: crashed: BUG: unable to handle kernel paging request in bpf_probe_read_kernel_str representative crash: BUG: unable to handle kernel paging request in bpf_probe_read_kernel_str, types: [UNKNOWN] testing release v6.6 testing commit ffc253263a1375a65fa6c9f62a893e9767fbebfa gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: a2c1ac404d5c9f2432b0aedf6065892bc5085d80ee0aa1bbecd2fe1e4b512423 all runs: crashed: BUG: unable to handle kernel paging request in bpf_probe_read_kernel_str representative crash: BUG: unable to handle kernel paging request in bpf_probe_read_kernel_str, types: [UNKNOWN] testing release v6.5 testing commit 2dde18cd1d8fac735875f2e4987f11817cc0bc2c gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 3ff75e5b99fa576f24e24e8abd7128beeabdeb9f0d20b7e7de71104196cf7a09 all runs: crashed: BUG: unable to handle kernel paging request in bpf_probe_read_kernel_str representative crash: BUG: unable to handle kernel paging request in bpf_probe_read_kernel_str, types: [UNKNOWN] testing release v6.3 testing commit 457391b0380335d5e9a5babdec90ac53928b23b4 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: d11e5f1b279b40e9f49f7fc351cb1e916f0985d606fab5f9418c134b8f8dd1cd all runs: crashed: BUG: unable to handle kernel paging request in bpf_probe_read_kernel_str representative crash: BUG: unable to handle kernel paging request in bpf_probe_read_kernel_str, types: [UNKNOWN] testing release v6.1 testing commit 830b3c68c1fb1e9176028d02ef86f3cf76aa2476 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: d7c21c35d07ac6022ee17ea5a90995089d3d52d32395999f073035721253c834 all runs: crashed: BUG: unable to handle kernel paging request in bpf_probe_read_kernel_str representative crash: BUG: unable to handle kernel paging request in bpf_probe_read_kernel_str, types: [UNKNOWN] testing release v5.19 testing commit 3d7cb6b04c3f3115719235cc6866b10326de34cd gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: f8efb64db3a8380ef8d120ad313becb8eee1e2c0120d740d85cb2dafab3d887c all runs: crashed: BUG: unable to handle kernel paging request in bpf_probe_read_kernel_str representative crash: BUG: unable to handle kernel paging request in bpf_probe_read_kernel_str, types: [UNKNOWN] testing release v5.17 testing commit f443e374ae131c168a065ea1748feac6b2e76613 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 9dace05c7d79ca26192fbad06d3566bdb35b80158938ec859233417c8544b760 all runs: crashed: BUG: unable to handle kernel paging request in bpf_probe_read_kernel_str representative crash: BUG: unable to handle kernel paging request in bpf_probe_read_kernel_str, types: [UNKNOWN] testing release v5.15 testing commit 8bb7eca972ad531c9b149c0a51ab43a417385813 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 314b2b3c888396f0c374509305f717e820205bc9cf3325fe43b546785fc9f2f1 all runs: crashed: BUG: unable to handle kernel paging request in bpf_probe_read_kernel_str representative crash: BUG: unable to handle kernel paging request in bpf_probe_read_kernel_str, types: [UNKNOWN] testing release v5.12 testing commit 9f4ad9e425a1d3b6a34617b8ea226d56a119a717 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: dec7467e046b09e13fbb2a8eb1e9761bed6c4e6269b8a19bd23a6eff6e7932bb all runs: crashed: BUG: unable to handle kernel paging request in bpf_probe_read_kernel_str representative crash: BUG: unable to handle kernel paging request in bpf_probe_read_kernel_str, types: [UNKNOWN] testing release v5.9 testing commit bbf5c979011a099af5dc76498918ed7df445635b gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: d544f7dcc750f6cfaa7c5c3d6723ff13d70f9d1aa86afd80494eac52860be424 all runs: OK false negative chance: 0.000 # git bisect start 9f4ad9e425a1d3b6a34617b8ea226d56a119a717 bbf5c979011a099af5dc76498918ed7df445635b Bisecting: 23480 revisions left to test after this (roughly 15 steps) [0cee54c890a40051928991072e5d1cd279611dfd] Merge tag 'usb-5.11-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb testing commit 0cee54c890a40051928991072e5d1cd279611dfd gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 9db4f4a1163786b76a73b8273b728c4c115379b670bcd69ea518587faea39252 all runs: OK false negative chance: 0.000 # git bisect good 0cee54c890a40051928991072e5d1cd279611dfd Bisecting: 11465 revisions left to test after this (roughly 14 steps) [82851fce6107d5a3e66d95aee2ae68860a732703] Merge tag 'arm-dt-v5.12' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc testing commit 82851fce6107d5a3e66d95aee2ae68860a732703 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 202fd88d1a46d3695c2be173bf557ed70b3a7123b44cc4efdf0930acc5c0d7bc all runs: OK false negative chance: 0.000 # git bisect good 82851fce6107d5a3e66d95aee2ae68860a732703 Bisecting: 5706 revisions left to test after this (roughly 13 steps) [0328b5f2ef4af8ba060e64baa928c94037e7308f] Merge tag 'rtc-5.12' of git://git.kernel.org/pub/scm/linux/kernel/git/abelloni/linux testing commit 0328b5f2ef4af8ba060e64baa928c94037e7308f gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 499c7d589d6689459a88dbce78f2ee1229fcbc80b90c5eb2b7e2b8944324dabf all runs: crashed: BUG: unable to handle kernel paging request in bpf_probe_read_kernel_str representative crash: BUG: unable to handle kernel paging request in bpf_probe_read_kernel_str, types: [UNKNOWN] # git bisect bad 0328b5f2ef4af8ba060e64baa928c94037e7308f Bisecting: 2946 revisions left to test after this (roughly 12 steps) [de1617578849acab8e16c9ffdce39b91fb50639d] Merge tag 'media/v5.12-1' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media testing commit de1617578849acab8e16c9ffdce39b91fb50639d gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 9add7510c82a6aa616629e297185cbb247ee3f7fb76ffd7a2a9a32f9e6123fa9 all runs: crashed: BUG: unable to handle kernel paging request in bpf_probe_read_kernel_str representative crash: BUG: unable to handle kernel paging request in bpf_probe_read_kernel_str, types: [UNKNOWN] # git bisect bad de1617578849acab8e16c9ffdce39b91fb50639d Bisecting: 1381 revisions left to test after this (roughly 11 steps) [582cd91f69de8e44857cb610ebca661dac8656b7] Merge tag 'for-5.12/block-2021-02-17' of git://git.kernel.dk/linux-block testing commit 582cd91f69de8e44857cb610ebca661dac8656b7 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: f26ade12aeda2cd003f6b1c2a5ab81b0bf72087ed03f5194ec50361fbb26472e all runs: crashed: BUG: unable to handle kernel paging request in bpf_probe_read_kernel_str representative crash: BUG: unable to handle kernel paging request in bpf_probe_read_kernel_str, types: [UNKNOWN] # git bisect bad 582cd91f69de8e44857cb610ebca661dac8656b7 Bisecting: 669 revisions left to test after this (roughly 10 steps) [5d99aa093b566d234b51b7822c67059e2bd3ed8d] Merge tag 'staging-5.12-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging testing commit 5d99aa093b566d234b51b7822c67059e2bd3ed8d gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 6ece44465f1bc3f08bd8f8a4b878b09b6f04b7509ab6894345f941b611377cab all runs: crashed: BUG: unable to handle kernel paging request in bpf_probe_read_kernel_str representative crash: BUG: unable to handle kernel paging request in bpf_probe_read_kernel_str, types: [UNKNOWN] # git bisect bad 5d99aa093b566d234b51b7822c67059e2bd3ed8d Bisecting: 450 revisions left to test after this (roughly 9 steps) [b5a12546e779d4f5586f58e60e0ef5070a833a64] dt-bindings: usb: mediatek: musb: add mt8516 compatbile testing commit b5a12546e779d4f5586f58e60e0ef5070a833a64 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 0c341f5f71606066281e36cedaeae2994a1f6a70fea8814fdb2bad69b52b6af8 all runs: OK false negative chance: 0.000 # git bisect good b5a12546e779d4f5586f58e60e0ef5070a833a64 Bisecting: 251 revisions left to test after this (roughly 8 steps) [3342ff2698e9720f4040cc458a2744b2b32f5c3a] tty: protect tty_write from odd low-level tty disciplines testing commit 3342ff2698e9720f4040cc458a2744b2b32f5c3a gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: fafbceb5bd7dba57d1d99a91e2176c056b857176912a7318a55afd82d680a3a9 all runs: crashed: BUG: unable to handle kernel paging request in bpf_probe_read_kernel_str representative crash: BUG: unable to handle kernel paging request in bpf_probe_read_kernel_str, types: [UNKNOWN] # git bisect bad 3342ff2698e9720f4040cc458a2744b2b32f5c3a Bisecting: 98 revisions left to test after this (roughly 7 steps) [168b322e36c5f8903f31d89f34355004920b5e00] Merge tag 'imx-drivers-5.12' of git://git.kernel.org/pub/scm/linux/kernel/git/shawnguo/linux into arm/drivers testing commit 168b322e36c5f8903f31d89f34355004920b5e00 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: a8effbfb4485c0ba8daa9cb40e3e8126fc6638dd73b545fe25f101efa11e8218 all runs: OK false negative chance: 0.000 # git bisect good 168b322e36c5f8903f31d89f34355004920b5e00 Bisecting: 49 revisions left to test after this (roughly 6 steps) [1255f44017c02d14e3ad5b63cdf619a734d765a1] Merge tag 'x86_paravirt_for_v5.12' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip testing commit 1255f44017c02d14e3ad5b63cdf619a734d765a1 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 6dbeee2329b6247d08f8929e66c3c222dc9befd0390ac929dc9453f3387f860d all runs: OK false negative chance: 0.000 # git bisect good 1255f44017c02d14e3ad5b63cdf619a734d765a1 Bisecting: 24 revisions left to test after this (roughly 5 steps) [ae821d2107e378bb086a02afcce82d0f43c29a6f] Merge tag 'x86_mm_for_v5.12' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip testing commit ae821d2107e378bb086a02afcce82d0f43c29a6f gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: afc89433bbba728132f789a96aa9d19e02aeafa869f6b18aa56d491ca56b74e5 all runs: crashed: BUG: unable to handle kernel paging request in bpf_probe_read_kernel_str representative crash: BUG: unable to handle kernel paging request in bpf_probe_read_kernel_str, types: [UNKNOWN] # git bisect bad ae821d2107e378bb086a02afcce82d0f43c29a6f Bisecting: 12 revisions left to test after this (roughly 4 steps) [66fcd98883816dba3b66da20b5fc86fa410638b5] x86/fault: Don't look for extable entries for SMEP violations testing commit 66fcd98883816dba3b66da20b5fc86fa410638b5 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 3cd677a227a644c10fa63d731d0bc111ca2b1d17c41bc4bfa4cf853712240e5d all runs: OK false negative chance: 0.000 # git bisect good 66fcd98883816dba3b66da20b5fc86fa410638b5 Bisecting: 6 revisions left to test after this (roughly 3 steps) [8ece53ef7f428ee3f8eab936268b1a3fe2725e6b] x86/vm86/32: Remove VM86_SCREEN_BITMAP support testing commit 8ece53ef7f428ee3f8eab936268b1a3fe2725e6b gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 57950e9c35bc50a91d9ff2755a7115ed46d27c485a97e4fa8e4c05136019a620 all runs: OK false negative chance: 0.000 # git bisect good 8ece53ef7f428ee3f8eab936268b1a3fe2725e6b Bisecting: 3 revisions left to test after this (roughly 2 steps) [3228e1dc80983ee1f5d2e533d010b3bd8b50f0e2] x86/Kconfig: Remove HPET_EMULATE_RTC depends on RTC testing commit 3228e1dc80983ee1f5d2e533d010b3bd8b50f0e2 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: e4786387f30df69ff5fbed5cd2682e88c3fe186a119a166c08eae913753eaec0 all runs: OK false negative chance: 0.000 # git bisect good 3228e1dc80983ee1f5d2e533d010b3bd8b50f0e2 Bisecting: 1 revision left to test after this (roughly 1 step) [c46f52231e79af025e2c89e889d69ec20a4c024f] x86/{fault,efi}: Fix and rename efi_recover_from_page_fault() testing commit c46f52231e79af025e2c89e889d69ec20a4c024f gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 10225072e57cfb809f537d14df1e6576dd00fd968ad34d03e1c8d9598193f8d4 all runs: crashed: BUG: unable to handle kernel paging request in bpf_probe_read_kernel_str representative crash: BUG: unable to handle kernel paging request in bpf_probe_read_kernel_str, types: [UNKNOWN] # git bisect bad c46f52231e79af025e2c89e889d69ec20a4c024f Bisecting: 0 revisions left to test after this (roughly 0 steps) [ca247283781d754216395a41c5e8be8ec79a5f1c] x86/fault: Don't run fixups for SMAP violations testing commit ca247283781d754216395a41c5e8be8ec79a5f1c gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 10225072e57cfb809f537d14df1e6576dd00fd968ad34d03e1c8d9598193f8d4 all runs: crashed: BUG: unable to handle kernel paging request in bpf_probe_read_kernel_str representative crash: BUG: unable to handle kernel paging request in bpf_probe_read_kernel_str, types: [UNKNOWN] # git bisect bad ca247283781d754216395a41c5e8be8ec79a5f1c ca247283781d754216395a41c5e8be8ec79a5f1c is the first bad commit commit ca247283781d754216395a41c5e8be8ec79a5f1c Author: Andy Lutomirski Date: Tue Feb 9 18:33:45 2021 -0800 x86/fault: Don't run fixups for SMAP violations A SMAP-violating kernel access is not a recoverable condition. Imagine kernel code that, outside of a uaccess region, dereferences a pointer to the user range by accident. If SMAP is on, this will reliably generate as an intentional user access. This makes it easy for bugs to be overlooked if code is inadequately tested both with and without SMAP. This was discovered because BPF can generate invalid accesses to user memory, but those warnings only got printed if SMAP was off. Make it so that this type of error will be discovered with SMAP on as well. [ bp: Massage commit message. ] Signed-off-by: Andy Lutomirski Signed-off-by: Borislav Petkov Link: https://lkml.kernel.org/r/66a02343624b1ff46f02a838c497fc05c1a871b3.1612924255.git.luto@kernel.org arch/x86/mm/fault.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) accumulated error probability: 0.00 culprit signature: 10225072e57cfb809f537d14df1e6576dd00fd968ad34d03e1c8d9598193f8d4 parent signature: 3cd677a227a644c10fa63d731d0bc111ca2b1d17c41bc4bfa4cf853712240e5d revisions tested: 33, total time: 7h31m47.513602776s (build: 4h13m55.782461132s, test: 3h1m37.815800562s) first bad commit: ca247283781d754216395a41c5e8be8ec79a5f1c x86/fault: Don't run fixups for SMAP violations recipients (to): ["bp@suse.de" "dave.hansen@linux.intel.com" "linux-kernel@vger.kernel.org" "luto@kernel.org" "luto@kernel.org" "peterz@infradead.org"] recipients (cc): ["bp@alien8.de" "hpa@zytor.com" "mingo@redhat.com" "tglx@linutronix.de" "x86@kernel.org"] crash: BUG: unable to handle kernel paging request in bpf_probe_read_kernel_str BUG: unable to handle page fault for address: ffffffffff600000 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 2c26067 P4D 2c26067 PUD 2c28067 PMD 2c4b067 PTE 0 Oops: 0000 [#1] SMP PTI CPU: 0 PID: 2130 Comm: udevd Not tainted 5.11.0-rc2-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 RIP: 0010:strncpy_from_kernel_nofault+0x55/0xb0 mm/maccess.c:76 Code: 6f 01 00 83 80 f8 14 00 00 01 31 f6 48 89 ea eb 17 48 83 c2 01 48 83 c3 01 48 89 d0 48 29 e8 84 c9 74 2f 4c 39 e0 7d 2a 89 f0 <8a> 0a 85 c0 88 0b 74 df 65 48 8b 04 25 40 6f 01 00 83 a8 f8 14 00 RSP: 0018:ffffc9000016fac0 EFLAGS: 00010246 RAX: 0000000000000000 RBX: ffffc9000016fb38 RCX: 0000000000000010 RDX: ffffffffff600000 RSI: 0000000000000000 RDI: ffffffffff600000 RBP: ffffffffff600000 R08: 0000000000000246 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000005 R13: ffffffffff600000 R14: ffffc9000016fc88 R15: ffff8881087ee100 FS: 00007f7303ae5c80(0000) GS:ffff888237c00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: ffffffffff600000 CR3: 000000010ca76000 CR4: 00000000003506f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: bpf_probe_read_kernel_str_common kernel/trace/bpf_trace.c:266 [inline] ____bpf_probe_read_kernel_str kernel/trace/bpf_trace.c:279 [inline] bpf_probe_read_kernel_str+0x2e/0x60 kernel/trace/bpf_trace.c:276 ___bpf_prog_run+0xabd/0x1450 kernel/bpf/core.c:1513 __bpf_prog_run32+0x34/0x60 kernel/bpf/core.c:1678 bpf_dispatcher_nop_func include/linux/bpf.h:651 [inline] __bpf_trace_run kernel/trace/bpf_trace.c:2088 [inline] bpf_trace_run2+0x58/0xd0 kernel/trace/bpf_trace.c:2125 trace_kfree include/trace/events/kmem.h:138 [inline] kfree+0x201/0x520 mm/slub.c:4108 skb_release_all net/core/skbuff.c:669 [inline] __kfree_skb net/core/skbuff.c:683 [inline] consume_skb net/core/skbuff.c:839 [inline] consume_skb+0x51/0xc0 net/core/skbuff.c:833 skb_free_datagram+0xc/0x40 net/core/datagram.c:325 unix_dgram_recvmsg+0x279/0x3d0 net/unix/af_unix.c:2179 ____sys_recvmsg+0x85/0x170 net/socket.c:2568 ___sys_recvmsg+0x7d/0x100 net/socket.c:2610 __sys_recvmsg+0x51/0xa0 net/socket.c:2646 do_syscall_64+0x34/0x50 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x44/0xa9 RIP: 0033:0x7f7303c1e91e Code: ff 89 ef 48 89 04 24 e8 4f 57 f9 ff 48 8b 04 24 48 83 c4 30 5d c3 c3 64 8b 04 25 18 00 00 00 85 c0 75 21 b8 2f 00 00 00 0f 05 <48> 3d 00 f0 ff ff 76 70 48 8b 15 db c4 0c 00 f7 d8 64 89 02 48 83 RSP: 002b:00007ffdb2b3dbd8 EFLAGS: 00000246 ORIG_RAX: 000000000000002f RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f7303c1e91e RDX: 0000000000000040 RSI: 00007ffdb2b3dca0 RDI: 0000000000000009 RBP: 00007ffdb2b3dca0 R08: 0000000002842947 R09: 00007ffdb2bb8090 R10: 0000000000000b44 R11: 0000000000000246 R12: 0000000000000000 R13: 0000000200000001 R14: 0000000000000000 R15: 0000000000000000 Modules linked in: CR2: ffffffffff600000 ---[ end trace 798e83451ec2edc5 ]--- RIP: 0010:strncpy_from_kernel_nofault+0x55/0xb0 mm/maccess.c:76 Code: 6f 01 00 83 80 f8 14 00 00 01 31 f6 48 89 ea eb 17 48 83 c2 01 48 83 c3 01 48 89 d0 48 29 e8 84 c9 74 2f 4c 39 e0 7d 2a 89 f0 <8a> 0a 85 c0 88 0b 74 df 65 48 8b 04 25 40 6f 01 00 83 a8 f8 14 00 RSP: 0018:ffffc9000016fac0 EFLAGS: 00010246 RAX: 0000000000000000 RBX: ffffc9000016fb38 RCX: 0000000000000010 RDX: ffffffffff600000 RSI: 0000000000000000 RDI: ffffffffff600000 RBP: ffffffffff600000 R08: 0000000000000246 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000005 R13: ffffffffff600000 R14: ffffc9000016fc88 R15: ffff8881087ee100 FS: 00007f7303ae5c80(0000) GS:ffff888237c00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: ffffffffff600000 CR3: 000000010ca76000 CR4: 00000000003506f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 ---------------- Code disassembly (best guess): 0: 6f outsl %ds:(%rsi),(%dx) 1: 01 00 add %eax,(%rax) 3: 83 80 f8 14 00 00 01 addl $0x1,0x14f8(%rax) a: 31 f6 xor %esi,%esi c: 48 89 ea mov %rbp,%rdx f: eb 17 jmp 0x28 11: 48 83 c2 01 add $0x1,%rdx 15: 48 83 c3 01 add $0x1,%rbx 19: 48 89 d0 mov %rdx,%rax 1c: 48 29 e8 sub %rbp,%rax 1f: 84 c9 test %cl,%cl 21: 74 2f je 0x52 23: 4c 39 e0 cmp %r12,%rax 26: 7d 2a jge 0x52 28: 89 f0 mov %esi,%eax * 2a: 8a 0a mov (%rdx),%cl <-- trapping instruction 2c: 85 c0 test %eax,%eax 2e: 88 0b mov %cl,(%rbx) 30: 74 df je 0x11 32: 65 48 8b 04 25 40 6f mov %gs:0x16f40,%rax 39: 01 00 3b: 83 .byte 0x83 3c: a8 f8 test $0xf8,%al 3e: 14 00 adc $0x0,%al