ci starts bisection 2024-05-15 05:51:04.574726009 +0000 UTC m=+130262.682495156 bisecting cause commit starting from 443574b033876c85a35de4c65c14f7fe092222b2 building syzkaller on 6baf506947ba27ed9ce775cf9351cb0886166083 ensuring issue is reproducible on original commit 443574b033876c85a35de4c65c14f7fe092222b2 testing commit 443574b033876c85a35de4c65c14f7fe092222b2 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: c2b708d3ed581583d2a3421abf2b0879985da5b5c182108b49f9f045b00b4c2b run #0: crashed: KASAN: stack-out-of-bounds Read in hash run #1: crashed: KASAN: stack-out-of-bounds Read in hash run #2: crashed: KASAN: stack-out-of-bounds Read in hash run #3: crashed: KASAN: stack-out-of-bounds Read in hash run #4: crashed: BUG: unable to handle kernel paging request in hash run #5: crashed: KASAN: stack-out-of-bounds Read in hash run #6: crashed: KASAN: stack-out-of-bounds Read in hash run #7: crashed: KASAN: stack-out-of-bounds Read in hash run #8: crashed: KASAN: stack-out-of-bounds Read in hash run #9: crashed: KASAN: stack-out-of-bounds Read in hash run #10: crashed: KASAN: stack-out-of-bounds Read in hash run #11: crashed: KASAN: stack-out-of-bounds Read in hash run #12: crashed: KASAN: stack-out-of-bounds Read in hash run #13: crashed: KASAN: stack-out-of-bounds Read in hash run #14: crashed: KASAN: stack-out-of-bounds Read in hash run #15: crashed: KASAN: stack-out-of-bounds Read in hash run #16: crashed: KASAN: stack-out-of-bounds Read in hash run #17: crashed: KASAN: stack-out-of-bounds Read in hash run #18: crashed: KASAN: stack-out-of-bounds Read in hash run #19: crashed: KASAN: stack-out-of-bounds Read in hash representative crash: KASAN: stack-out-of-bounds Read in hash, types: [KASAN] check whether we can drop unnecessary instrumentation disabling configs for [HANG LEAK UBSAN BUG LOCKDEP ATOMIC_SLEEP], they are not needed testing commit 443574b033876c85a35de4c65c14f7fe092222b2 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 31ccc038a592e404d0e10b6ecd2ecf436ffbcb3e7bb7c95b7344db72aebcabce run #0: crashed: KASAN: stack-out-of-bounds Read in hash run #1: crashed: KASAN: stack-out-of-bounds Read in hash run #2: crashed: KASAN: stack-out-of-bounds Read in hash run #3: crashed: KASAN: stack-out-of-bounds Read in hash run #4: crashed: KASAN: stack-out-of-bounds Read in hash run #5: crashed: KASAN: stack-out-of-bounds Read in hash run #6: crashed: KASAN: stack-out-of-bounds Read in hash run #7: crashed: KASAN: stack-out-of-bounds Read in hash run #8: crashed: BUG: unable to handle kernel paging request in hash run #9: crashed: KASAN: stack-out-of-bounds Read in hash representative crash: KASAN: stack-out-of-bounds Read in hash, types: [KASAN] the bug reproduces without the instrumentation disabling configs for [LEAK UBSAN BUG LOCKDEP ATOMIC_SLEEP HANG], they are not needed kconfig minimization: base=3976 full=7972 leaves diff=2011 split chunks (needed=false): <2011> split chunk #0 of len 2011 into 5 parts testing without sub-chunk 1/5 disabling configs for [ATOMIC_SLEEP HANG LEAK UBSAN BUG LOCKDEP], they are not needed testing commit 443574b033876c85a35de4c65c14f7fe092222b2 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 7b3cddfbfade9bdc08610820b298bd27a676cf38b0b4f484e35a4131056cffe3 all runs: crashed: KASAN: stack-out-of-bounds Read in hash representative crash: KASAN: stack-out-of-bounds Read in hash, types: [KASAN] the chunk can be dropped testing without sub-chunk 2/5 disabling configs for [BUG LOCKDEP ATOMIC_SLEEP HANG LEAK UBSAN], they are not needed testing commit 443574b033876c85a35de4c65c14f7fe092222b2 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: a6f0c7e26114e7ea45cca0bc93b37f733c32db33d6a34b539aaf507257ce2f28 run #0: crashed: KASAN: stack-out-of-bounds Read in hash run #1: crashed: BUG: unable to handle kernel paging request in hash run #2: crashed: KASAN: stack-out-of-bounds Read in hash run #3: crashed: KASAN: stack-out-of-bounds Read in hash run #4: crashed: KASAN: stack-out-of-bounds Read in hash run #5: crashed: KASAN: stack-out-of-bounds Read in hash run #6: crashed: KASAN: stack-out-of-bounds Read in hash run #7: crashed: BUG: unable to handle kernel paging request in hash run #8: crashed: KASAN: stack-out-of-bounds Read in hash run #9: crashed: KASAN: stack-out-of-bounds Read in hash representative crash: KASAN: stack-out-of-bounds Read in hash, types: [KASAN] the chunk can be dropped testing without sub-chunk 3/5 disabling configs for [UBSAN BUG LOCKDEP ATOMIC_SLEEP HANG LEAK], they are not needed testing commit 443574b033876c85a35de4c65c14f7fe092222b2 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 7c3542f3e457a0b9f2c0e1fdf046aca142633a24f098573ecc2355bedc656c01 run #0: crashed: KASAN: stack-out-of-bounds Read in hash run #1: crashed: KASAN: stack-out-of-bounds Read in hash run #2: crashed: KASAN: stack-out-of-bounds Read in hash run #3: crashed: KASAN: stack-out-of-bounds Read in hash run #4: crashed: BUG: unable to handle kernel paging request in hash run #5: crashed: BUG: unable to handle kernel paging request in hash run #6: crashed: KASAN: stack-out-of-bounds Read in hash run #7: crashed: BUG: unable to handle kernel paging request in hash run #8: crashed: BUG: unable to handle kernel paging request in hash run #9: crashed: BUG: unable to handle kernel paging request in hash representative crash: KASAN: stack-out-of-bounds Read in hash, types: [KASAN UNKNOWN] the chunk can be dropped testing without sub-chunk 4/5 disabling configs for [LOCKDEP ATOMIC_SLEEP HANG LEAK UBSAN BUG], they are not needed testing commit 443574b033876c85a35de4c65c14f7fe092222b2 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 1ae9c42e3c475434572b6e8839e8d80a9b0808c828878f75358439592f64d4ae run #0: crashed: KASAN: stack-out-of-bounds Read in hash run #1: crashed: BUG: unable to handle kernel paging request in hash run #2: crashed: BUG: unable to handle kernel paging request in hash run #3: crashed: BUG: unable to handle kernel paging request in hash run #4: crashed: KASAN: stack-out-of-bounds Read in hash run #5: crashed: BUG: unable to handle kernel paging request in hash run #6: crashed: KASAN: stack-out-of-bounds Read in hash run #7: crashed: BUG: unable to handle kernel paging request in hash run #8: crashed: KASAN: stack-out-of-bounds Read in hash run #9: crashed: KASAN: stack-out-of-bounds Read in hash representative crash: KASAN: stack-out-of-bounds Read in hash, types: [KASAN UNKNOWN] the chunk can be dropped testing without sub-chunk 5/5 disabling configs for [HANG LEAK UBSAN BUG LOCKDEP ATOMIC_SLEEP], they are not needed testing commit 443574b033876c85a35de4c65c14f7fe092222b2 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 596f1354c10e9e7f4937a07b305c23df3f507a198cef21d5d0891ccf234d0dd9 all runs: OK false negative chance: 0.000 minimized to 399 configs; suspects: [ARCH_ENABLE_MEMORY_HOTREMOVE ATM BCMA BLK_DEV_ZONED BPF_SYSCALL CARDBUS CFG80211 CFG80211_WEXT CMA COMMON_CLK CONTIG_ALLOC CRYPTO_842 CRYPTO_LZ4 CRYPTO_LZ4HC CRYPTO_ZSTD DVB_CORE EXTCON FB GPIOLIB HAVE_KVM HID_ZEROPLUS HW_CONSOLE I2C_MUX IIO IOMMUFD IRQ_REMAP KVM KVM_INTEL LIBNVDIMM MEDIA_ANALOG_TV_SUPPORT MEDIA_CAMERA_SUPPORT MEDIA_CEC_SUPPORT MEDIA_CONTROLLER MEDIA_DIGITAL_TV_SUPPORT MEDIA_RADIO_SUPPORT MEDIA_SDR_SUPPORT MEDIA_SUPPORT MEDIA_TEST_SUPPORT MEDIA_USB_SUPPORT MEMORY_HOTPLUG MEMORY_HOTREMOVE MFD_VIPERBOARD PARPORT PCCARD PCMCIA PHONET RADIO_ADAPTERS RADIO_SI470X RADIO_SI4713 RC_CORE RFKILL SND SOUND SPI SSB TAP TARGET_CORE TUN USB_AMD5536UDC USB_ATM USB_CONFIGFS USB_CONFIGFS_F_HID USB_CONFIGFS_F_LB_SS USB_CONFIGFS_F_MIDI USB_CONFIGFS_F_PRINTER USB_CONFIGFS_F_TCM USB_CONFIGFS_F_UAC1 USB_CONFIGFS_F_UAC1_LEGACY USB_CONFIGFS_F_UAC2 USB_CONFIGFS_F_UVC USB_CONFIGFS_MASS_STORAGE USB_CONFIGFS_NCM USB_CONFIGFS_OBEX USB_CONFIGFS_PHONET USB_CONFIGFS_RNDIS USB_CONFIGFS_SERIAL USB_CXACRU USB_CYPRESS_CY7C63 USB_CYTHERM USB_DSBR USB_DUMMY_HCD USB_DWC2 USB_DWC2_HOST USB_DWC2_PCI USB_DWC3 USB_DWC3_GADGET USB_DWC3_OF_SIMPLE USB_DWC3_PCI USB_DWC3_ULPI USB_DYNAMIC_MINORS USB_EG20T USB_EHCI_HCD_PLATFORM USB_EHCI_ROOT_HUB_TT USB_EHSET_TEST_FIXTURE USB_EMI26 USB_EMI62 USB_EPSON2888 USB_EZUSB_FX2 USB_FEW_INIT_RETRIES USB_F_ACM USB_F_ECM USB_F_EEM USB_F_FS USB_F_HID USB_F_MASS_STORAGE USB_F_MIDI USB_F_NCM USB_F_OBEX USB_F_PHONET USB_F_PRINTER USB_F_RNDIS USB_F_SERIAL USB_F_SS_LB USB_F_SUBSET USB_F_TCM USB_F_UAC1 USB_F_UAC1_LEGACY USB_F_UAC2 USB_F_UVC USB_GADGET USB_GADGETFS USB_GADGET_DEBUG_FILES USB_GADGET_DEBUG_FS USB_GL860 USB_GOKU USB_GPIO_VBUS USB_GR_UDC USB_GSPCA USB_GSPCA_BENQ USB_GSPCA_CONEX USB_GSPCA_CPIA1 USB_GSPCA_DTCS033 USB_GSPCA_ETOMS USB_GSPCA_FINEPIX USB_GSPCA_JEILINJ USB_GSPCA_JL2005BCD USB_GSPCA_KINECT USB_GSPCA_KONICA USB_GSPCA_MARS USB_GSPCA_MR97310A USB_GSPCA_NW80X USB_GSPCA_OV519 USB_GSPCA_OV534 USB_GSPCA_OV534_9 USB_GSPCA_PAC207 USB_GSPCA_PAC7302 USB_GSPCA_PAC7311 USB_GSPCA_SE401 USB_GSPCA_SN9C2028 USB_GSPCA_SN9C20X USB_GSPCA_SONIXB USB_GSPCA_SONIXJ USB_GSPCA_SPCA1528 USB_GSPCA_SPCA500 USB_GSPCA_SPCA501 USB_GSPCA_SPCA505 USB_GSPCA_SPCA506 USB_GSPCA_SPCA508 USB_GSPCA_SPCA561 USB_GSPCA_SQ905 USB_GSPCA_SQ905C USB_GSPCA_SQ930X USB_GSPCA_STK014 USB_GSPCA_STK1135 USB_GSPCA_STV0680 USB_GSPCA_SUNPLUS USB_GSPCA_T613 USB_GSPCA_TOPRO USB_GSPCA_TOUPTEK USB_GSPCA_TV8532 USB_GSPCA_VC032X USB_GSPCA_VICAM USB_GSPCA_XIRLINK_CIT USB_GSPCA_ZC3XX USB_HACKRF USB_HCD_BCMA USB_HCD_SSB USB_HSIC_USB3503 USB_HSIC_USB4604 USB_HSO USB_HUB_USB251XB USB_IDMOUSE USB_IOWARRIOR USB_IPHETH USB_ISIGHTFW USB_ISP116X_HCD USB_ISP1301 USB_ISP1760 USB_ISP1760_DUAL_ROLE USB_ISP1760_HCD USB_ISP1761_UDC USB_KAWETH USB_KC2190 USB_KEENE USB_LAN78XX USB_LCD USB_LD USB_LEDS_TRIGGER_USBPORT USB_LED_TRIG USB_LEGOTOWER USB_LIBCOMPOSITE USB_LINK_LAYER_TEST USB_M5602 USB_MA901 USB_MAX3421_HCD USB_MDC800 USB_MICROTEK USB_MR800 USB_MSI2500 USB_MUSB_DUAL_ROLE USB_MUSB_HDRC USB_MV_U3D USB_MV_UDC USB_NET2272 USB_NET2272_DMA USB_NET2280 USB_NET_AX88179_178A USB_NET_AX8817X USB_NET_CDCETHER USB_NET_CDC_EEM USB_NET_CDC_MBIM USB_NET_CDC_NCM USB_NET_CDC_SUBSET USB_NET_CDC_SUBSET_ENABLE USB_NET_CH9200 USB_NET_CX82310_ETH USB_NET_DM9601 USB_NET_GL620A USB_NET_HUAWEI_CDC_NCM USB_NET_INT51X1 USB_NET_KALMIA USB_NET_MCS7830 USB_NET_NET1080 USB_NET_PLUSB USB_NET_QMI_WWAN USB_NET_RNDIS_HOST USB_NET_SMSC75XX USB_NET_SMSC95XX USB_NET_SR9700 USB_NET_SR9800 USB_NET_ZAURUS USB_OHCI_HCD_PLATFORM USB_OTG USB_OTG_FSM USB_OXU210HP_HCD USB_PEGASUS USB_PULSE8_CEC USB_PWC USB_PWC_INPUT_EVDEV USB_PXA27X USB_R8A66597 USB_R8A66597_HCD USB_RAINSHADOW_CEC USB_RAREMONO USB_RAW_GADGET USB_RTL8150 USB_RTL8152 USB_RTL8153_ECM USB_S2255 USB_SERIAL USB_SERIAL_AIRCABLE USB_SERIAL_ARK3116 USB_SERIAL_BELKIN USB_SERIAL_CH341 USB_SERIAL_CONSOLE USB_SERIAL_CP210X USB_SERIAL_CYBERJACK USB_SERIAL_CYPRESS_M8 USB_SERIAL_DEBUG USB_SERIAL_DIGI_ACCELEPORT USB_SERIAL_EDGEPORT USB_SERIAL_EDGEPORT_TI USB_SERIAL_EMPEG USB_SERIAL_F81232 USB_SERIAL_F8153X USB_SERIAL_FTDI_SIO USB_SERIAL_GARMIN USB_SERIAL_GENERIC USB_SERIAL_IPAQ USB_SERIAL_IPW USB_SERIAL_IR USB_SERIAL_IUU USB_SERIAL_KEYSPAN USB_SERIAL_KEYSPAN_PDA USB_SERIAL_KLSI USB_SERIAL_KOBIL_SCT USB_SERIAL_MCT_U232 USB_SERIAL_METRO USB_SERIAL_MOS7715_PARPORT USB_SERIAL_MOS7720 USB_SERIAL_MOS7840 USB_SERIAL_MXUPORT USB_SERIAL_NAVMAN USB_SERIAL_OMNINET USB_SERIAL_OPTICON USB_SERIAL_OPTION USB_SERIAL_OTI6858 USB_SERIAL_PL2303 USB_SERIAL_QCAUX USB_SERIAL_QT2 USB_SERIAL_QUALCOMM USB_SERIAL_SAFE USB_SERIAL_SIERRAWIRELESS USB_SERIAL_SIMPLE USB_SERIAL_SPCP8X5 USB_SERIAL_SSU100 USB_SERIAL_SYMBOL USB_SERIAL_TI USB_SERIAL_UPD78F0730 USB_SERIAL_VISOR USB_SERIAL_WHITEHEAT USB_SERIAL_WISHBONE USB_SERIAL_WWAN USB_SERIAL_XR USB_SERIAL_XSENS_MT USB_SEVSEG USB_SI470X USB_SI4713 USB_SIERRA_NET USB_SISUSBVGA USB_SL811_CS USB_SL811_HCD USB_SL811_HCD_ISO USB_SNP_CORE USB_SPEEDTOUCH USB_STORAGE_ALAUDA USB_STORAGE_CYPRESS_ATACB USB_STORAGE_DATAFAB USB_STORAGE_ENE_UB6250 USB_STORAGE_FREECOM USB_STORAGE_ISD200 USB_STORAGE_JUMPSHOT USB_STORAGE_KARMA USB_STORAGE_ONETOUCH USB_STORAGE_SDDR09 USB_STORAGE_SDDR55 USB_STORAGE_USBAT USB_STV06XX USB_TEST USB_TMC USB_TRANCEVIBRATOR USB_UAS USB_UEAGLEATM USB_ULPI_BUS USB_USBNET USB_USS720 USB_U_AUDIO USB_U_ETHER USB_U_SERIAL USB_VIDEO_CLASS USB_VIDEO_CLASS_INPUT_EVDEV USB_VL600 USB_WDM USB_XHCI_DBGCAP USB_XHCI_PLATFORM USB_XUSBATM USB_YUREX USERFAULTFD USERIO USERMODE_DRIVER USER_RETURN_NOTIFIER UVC_COMMON U_SERIAL_CONSOLE V4L2_MEM2MEM_DEV V4L_TEST_DRIVERS VALIDATE_FS_PARSER VDPA VDPA_SIM VDPA_SIM_BLOCK VDPA_SIM_NET VDPA_USER VETH VFIO VFIO_DEVICE_CDEV VFIO_PCI VFIO_PCI_CORE VFIO_PCI_INTX VFIO_PCI_MMAP VFIO_VIRQFD VGASTATE VHOST VHOST_CROSS_ENDIAN_LEGACY VHOST_IOTLB VHOST_NET VHOST_RING VHOST_TASK VHOST_VDPA VHOST_VSOCK VIDEOBUF2_CORE VIDEOBUF2_DMA_CONTIG VIDEOBUF2_DMA_SG VIDEOBUF2_MEMOPS VIDEOBUF2_V4L2 VIDEOBUF2_VMALLOC VIDEOMODE_HELPERS VIDEO_AU0828 VIDEO_AU0828_RC VIDEO_AU0828_V4L2 VIDEO_CMDLINE VIDEO_CS53L32A VIDEO_CX231XX VIDEO_CX231XX_ALSA VIDEO_CX231XX_DVB VIDEO_CX231XX_RC VIDEO_CX2341X VIDEO_CX25840 VIDEO_DEV VIDEO_EM28XX VIDEO_EM28XX_ALSA VIDEO_EM28XX_DVB VIDEO_EM28XX_RC VIDEO_EM28XX_V4L2 VIDEO_GO7007 VIDEO_GO7007_LOADER VIDEO_GO7007_USB VIDEO_GO7007_USB_S2250_BOARD VIDEO_HDPVR VIDEO_MSP3400 VIDEO_NOMODESET VIDEO_PVRUSB2 VIDEO_PVRUSB2_DVB VIDEO_PVRUSB2_SYSFS VIDEO_SAA711X VIDEO_STK1160 VIDEO_TUNER VIDEO_TVEEPROM VIDEO_USBTV VIDEO_V4L2_I2C VIDEO_V4L2_SUBDEV_API VIDEO_V4L2_TPG VIDEO_VICODEC VIDEO_VIM2M VIDEO_VIMC VIDEO_VIVID VIDEO_VIVID_CEC VIDEO_WM8775 VIPERBOARD_ADC VIRTIO_BALLOON VIRTIO_DMA_SHARED_BUFFER VIRTIO_MEM VIRTIO_MMIO VIRTIO_MMIO_CMDLINE_DEVICES VIRTIO_PMEM VIRTIO_VDPA VIRTIO_VSOCKETS VIRTIO_VSOCKETS_COMMON VIRT_WIFI VLAN_8021Q VLAN_8021Q_GVRP VLAN_8021Q_MVRP VMAP_PFN VMWARE_VMCI VMXNET3 VP_VDPA VSOCKETS VSOCKETS_DIAG VSOCKETS_LOOPBACK VSOCKMON VT_HW_CONSOLE_BINDING VXFS_FS WANT_DEV_COREDUMP WEXT_CORE WEXT_PRIV WEXT_PROC WIREGUARD WIRELESS WIRELESS_EXT WLAN WLAN_VENDOR_ADMTEK WLAN_VENDOR_PURELIFI WLAN_VENDOR_SILABS X86_SGX X86_SGX_KVM X86_USER_SHADOW_STACK X86_X2APIC X86_X32_ABI XDP_SOCKETS XDP_SOCKETS_DIAG XFRM_ESPINTCP XFRM_INTERFACE XFRM_IPCOMP XFRM_MIGRATE XFRM_OFFLOAD XFRM_STATISTICS XFRM_SUB_POLICY XFRM_USER_COMPAT XFS_FS XFS_POSIX_ACL XFS_QUOTA XFS_RT XOR_BLOCKS YENTA YENTA_ENE_TUNE YENTA_O2 YENTA_RICOH YENTA_TI YENTA_TOSHIBA ZEROPLUS_FF ZLIB_DEFLATE ZONEFS_FS ZPOOL ZRAM ZRAM_DEF_COMP_LZORLE ZSMALLOC ZSTD_COMPRESS ZSWAP ZSWAP_COMPRESSOR_DEFAULT_LZO ZSWAP_DEFAULT_ON ZSWAP_SHRINKER_DEFAULT_ON ZSWAP_ZPOOL_DEFAULT_ZSMALLOC] disabling configs for [UBSAN BUG LOCKDEP ATOMIC_SLEEP HANG LEAK], they are not needed picked [v6.8 v6.7 v6.6 v6.4 v6.2 v6.0 v5.18 v5.16 v5.13 v5.10 v5.7 v5.4 v5.1 v4.19] out of 31 release tags testing release v6.8 testing commit e8f897f4afef0031fe618a8e94127a0934896aba gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: a53d0c169d89310dffa60af327be2deea5914a2eec74ba9de86d926580725ece run #0: crashed: KASAN: stack-out-of-bounds Read in hash run #1: crashed: KASAN: stack-out-of-bounds Read in hash run #2: crashed: BUG: unable to handle kernel paging request in hash run #3: crashed: KASAN: stack-out-of-bounds Read in hash run #4: crashed: KASAN: stack-out-of-bounds Read in hash run #5: crashed: KASAN: stack-out-of-bounds Read in hash run #6: crashed: KASAN: stack-out-of-bounds Read in hash run #7: crashed: BUG: unable to handle kernel paging request in hash run #8: crashed: KASAN: stack-out-of-bounds Read in hash run #9: crashed: BUG: unable to handle kernel paging request in hash representative crash: KASAN: stack-out-of-bounds Read in hash, types: [KASAN UNKNOWN] testing release v6.7 testing commit 0dd3ee31125508cd67f7e7172247f05b7fd1753a gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: e0ea819f4faca9a5c80e4fc08e617fd039baf962b39f5b33fe0eb4f54fa7a454 run #0: crashed: KASAN: stack-out-of-bounds Read in hash run #1: crashed: KASAN: stack-out-of-bounds Read in hash run #2: crashed: BUG: unable to handle kernel paging request in hash run #3: crashed: KASAN: stack-out-of-bounds Read in hash run #4: crashed: KASAN: stack-out-of-bounds Read in hash run #5: crashed: BUG: unable to handle kernel paging request in hash run #6: crashed: KASAN: stack-out-of-bounds Read in hash run #7: crashed: BUG: unable to handle kernel paging request in hash run #8: crashed: BUG: unable to handle kernel paging request in hash run #9: crashed: BUG: unable to handle kernel paging request in hash representative crash: KASAN: stack-out-of-bounds Read in hash, types: [KASAN UNKNOWN] testing release v6.6 testing commit ffc253263a1375a65fa6c9f62a893e9767fbebfa gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 4cbd0ba39095ea3108b6c00c9372405cfb904fc8da2ce8d3221c0eeea2b6f3cc run #0: crashed: BUG: unable to handle kernel paging request in hash run #1: crashed: KASAN: stack-out-of-bounds Read in hash run #2: crashed: BUG: unable to handle kernel paging request in hash run #3: crashed: KASAN: stack-out-of-bounds Read in hash run #4: crashed: KASAN: stack-out-of-bounds Read in hash run #5: crashed: KASAN: stack-out-of-bounds Read in hash run #6: crashed: KASAN: stack-out-of-bounds Read in hash run #7: crashed: KASAN: stack-out-of-bounds Read in hash run #8: crashed: KASAN: stack-out-of-bounds Read in hash run #9: crashed: KASAN: stack-out-of-bounds Read in hash representative crash: KASAN: stack-out-of-bounds Read in hash, types: [KASAN] testing release v6.4 testing commit 6995e2de6891c724bfeb2db33d7b87775f913ad1 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 7994926f80657918fb2f798c576a0460de70be8a5310dbb764b0aa0931d4b19f run #0: crashed: KASAN: stack-out-of-bounds Read in hash run #1: crashed: BUG: unable to handle kernel paging request in hash run #2: crashed: KASAN: stack-out-of-bounds Read in hash run #3: crashed: BUG: unable to handle kernel paging request in hash run #4: crashed: KASAN: stack-out-of-bounds Read in hash run #5: crashed: BUG: unable to handle kernel paging request in hash run #6: crashed: BUG: unable to handle kernel paging request in hash run #7: crashed: KASAN: stack-out-of-bounds Read in hash run #8: crashed: BUG: unable to handle kernel paging request in hash run #9: crashed: BUG: unable to handle kernel paging request in hash representative crash: BUG: unable to handle kernel paging request in hash, types: [UNKNOWN KASAN] testing release v6.2 testing commit c9c3395d5e3dcc6daee66c6908354d47bf98cb0c gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 9a52b55a58650c791b587d3e4285d807862618958ca43402f06fe2a6fd02b34a run #0: crashed: BUG: unable to handle kernel paging request in hash run #1: crashed: KASAN: stack-out-of-bounds Read in hash run #2: crashed: BUG: unable to handle kernel paging request in hash run #3: crashed: BUG: unable to handle kernel paging request in hash run #4: crashed: KASAN: stack-out-of-bounds Read in hash run #5: crashed: BUG: unable to handle kernel paging request in hash run #6: crashed: BUG: unable to handle kernel paging request in hash run #7: crashed: KASAN: stack-out-of-bounds Read in hash run #8: crashed: BUG: unable to handle kernel paging request in hash run #9: crashed: BUG: unable to handle kernel paging request in hash representative crash: BUG: unable to handle kernel paging request in hash, types: [UNKNOWN KASAN] testing release v6.0 testing commit 4fe89d07dcc2804c8b562f6c7896a45643d34b2f gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 95376d388be8d62ac9c8b81486b8aaadcd1deba96b8f17f50707ef36d4213fd3 run #0: crashed: BUG: unable to handle kernel paging request in hash run #1: crashed: KASAN: stack-out-of-bounds Read in hash run #2: crashed: KASAN: stack-out-of-bounds Read in hash run #3: crashed: KASAN: stack-out-of-bounds Read in hash run #4: crashed: KASAN: stack-out-of-bounds Read in hash run #5: crashed: BUG: unable to handle kernel paging request in hash run #6: crashed: KASAN: stack-out-of-bounds Read in hash run #7: crashed: KASAN: stack-out-of-bounds Read in hash run #8: crashed: KASAN: stack-out-of-bounds Read in hash run #9: crashed: KASAN: stack-out-of-bounds Read in hash representative crash: KASAN: stack-out-of-bounds Read in hash, types: [KASAN] testing release v5.18 testing commit 4b0986a3613c92f4ec1bdc7f60ec66fea135991f gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: ff48436d25b55f3cf69978ecc3227bed0e755c26a0121d2cd74b2b591d8586d6 run #0: crashed: KASAN: stack-out-of-bounds Read in hash run #1: crashed: KASAN: stack-out-of-bounds Read in hash run #2: crashed: KASAN: stack-out-of-bounds Read in hash run #3: crashed: BUG: unable to handle kernel paging request in hash run #4: crashed: KASAN: stack-out-of-bounds Read in hash run #5: crashed: BUG: unable to handle kernel paging request in hash run #6: crashed: KASAN: stack-out-of-bounds Read in hash run #7: crashed: BUG: unable to handle kernel paging request in hash run #8: crashed: BUG: unable to handle kernel paging request in hash run #9: crashed: KASAN: stack-out-of-bounds Read in hash representative crash: KASAN: stack-out-of-bounds Read in hash, types: [KASAN UNKNOWN] testing release v5.16 testing commit df0cc57e057f18e44dac8e6c18aba47ab53202f9 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 5f4cb8e447f4760ec61e1b40d474133bfb71fb41d96b7735b417ba628a00188f run #0: crashed: BUG: unable to handle kernel paging request in hash run #1: crashed: BUG: unable to handle kernel paging request in hash run #2: crashed: BUG: unable to handle kernel paging request in hash run #3: crashed: KASAN: stack-out-of-bounds Read in hash run #4: crashed: KASAN: stack-out-of-bounds Read in hash run #5: crashed: BUG: unable to handle kernel paging request in hash run #6: crashed: KASAN: stack-out-of-bounds Read in hash run #7: crashed: KASAN: stack-out-of-bounds Read in hash run #8: crashed: KASAN: stack-out-of-bounds Read in hash run #9: crashed: BUG: unable to handle kernel paging request in hash representative crash: BUG: unable to handle kernel paging request in hash, types: [UNKNOWN KASAN] testing release v5.13 testing commit 62fb9874f5da54fdb243003b386128037319b219 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 627482b3478367278a2b4632eee242c282c577a556a246032c2f610a66ac935c all runs: OK false negative chance: 0.000 # git bisect start df0cc57e057f18e44dac8e6c18aba47ab53202f9 62fb9874f5da54fdb243003b386128037319b219 Bisecting: 22077 revisions left to test after this (roughly 15 steps) [477f70cd2a67904e04c2c2b9bd0fa2e95222f2f6] Merge tag 'drm-next-2021-08-31-1' of git://anongit.freedesktop.org/drm/drm testing commit 477f70cd2a67904e04c2c2b9bd0fa2e95222f2f6 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: ec21ef0a22e6b648b1a1cf69ce308faabb324fdff8a7dbdd9bd92aaca80e7e15 all runs: OK false negative chance: 0.000 # git bisect good 477f70cd2a67904e04c2c2b9bd0fa2e95222f2f6 Bisecting: 10817 revisions left to test after this (roughly 14 steps) [fc02cb2b37fe2cbf1d3334b9f0f0eab9431766c4] Merge tag 'net-next-for-5.16' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next testing commit fc02cb2b37fe2cbf1d3334b9f0f0eab9431766c4 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 6eb2adae12817d4323a0564104a0ddbf1b21f2e960de04ea99cc5d255433cd80 run #0: crashed: KASAN: stack-out-of-bounds Read in bloom_map_peek_elem run #1: crashed: KASAN: stack-out-of-bounds Read in bloom_map_peek_elem run #2: crashed: KASAN: stack-out-of-bounds Read in bloom_map_peek_elem run #3: crashed: BUG: stack guard page was hit in sys_unlink run #4: crashed: BUG: stack guard page was hit in sys_unlink run #5: crashed: KASAN: stack-out-of-bounds Read in bloom_map_peek_elem run #6: crashed: BUG: stack guard page was hit in sys_unlink run #7: crashed: KASAN: stack-out-of-bounds Read in bloom_map_peek_elem run #8: crashed: KASAN: stack-out-of-bounds Read in bloom_map_peek_elem run #9: crashed: BUG: stack guard page was hit in sys_unlink representative crash: KASAN: stack-out-of-bounds Read in bloom_map_peek_elem, types: [KASAN UNKNOWN] # git bisect bad fc02cb2b37fe2cbf1d3334b9f0f0eab9431766c4 Bisecting: 5629 revisions left to test after this (roughly 13 steps) [3e899c7209dd8f7afca59518c5ace0f03385dbc3] Merge tag 'armsoc-fixes-5.15' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc testing commit 3e899c7209dd8f7afca59518c5ace0f03385dbc3 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: f91420e9731b3cbf6dab34099ba091d1b86e90d6d54fcf7faffa638ffeae6186 all runs: OK false negative chance: 0.000 # git bisect good 3e899c7209dd8f7afca59518c5ace0f03385dbc3 Bisecting: 2816 revisions left to test after this (roughly 12 steps) [d57beb0e1418181faf9042ed9c98f17fd32f99b8] Merge branch 'mlxsw-offload-root-tbf-as-port-shaper' testing commit d57beb0e1418181faf9042ed9c98f17fd32f99b8 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 41f78f636fdd89262c1b7150a62c4b2c2f1501f1cb8d84458a7917318beb464b all runs: OK false negative chance: 0.000 # git bisect good d57beb0e1418181faf9042ed9c98f17fd32f99b8 Bisecting: 1407 revisions left to test after this (roughly 11 steps) [f594e28d805aca2c6e158cc647f133cab58a8bb4] Merge tag 'hardening-v5.16-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux testing commit f594e28d805aca2c6e158cc647f133cab58a8bb4 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 9aa1b7f95e75d3aa6660a2eb00af4d06d15c10594a27f419bcb49f42d994c118 all runs: OK false negative chance: 0.000 # git bisect good f594e28d805aca2c6e158cc647f133cab58a8bb4 Bisecting: 724 revisions left to test after this (roughly 10 steps) [d54f486035fd89f14845a7f34a97a3f5da4e70f2] Merge tag 'hwmon-for-v5.16' of git://git.kernel.org/pub/scm/linux/kernel/git/groeck/linux-staging testing commit d54f486035fd89f14845a7f34a97a3f5da4e70f2 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: ccc3dc24f869706455162f80b39d6a04d65d7731ded494bd0b6679be0cb81f92 all runs: OK false negative chance: 0.000 # git bisect good d54f486035fd89f14845a7f34a97a3f5da4e70f2 Bisecting: 263 revisions left to test after this (roughly 9 steps) [b7b98f868987cd3e86c9bd9a6db048614933d7a0] Merge https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next testing commit b7b98f868987cd3e86c9bd9a6db048614933d7a0 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 0c4537660229857bf2859d5cbb78df0553f0f0f24ae229c03431dd0dc499d636 run #0: crashed: KASAN: stack-out-of-bounds Read in bloom_map_peek_elem run #1: crashed: BUG: stack guard page was hit in sys_unlink run #2: crashed: KASAN: stack-out-of-bounds Read in bloom_map_peek_elem run #3: crashed: KASAN: stack-out-of-bounds Read in bloom_map_peek_elem run #4: crashed: KASAN: stack-out-of-bounds Read in bloom_map_peek_elem run #5: crashed: KASAN: stack-out-of-bounds Read in bloom_map_peek_elem run #6: crashed: KASAN: stack-out-of-bounds Read in bloom_map_peek_elem run #7: crashed: KASAN: stack-out-of-bounds Read in bloom_map_peek_elem run #8: crashed: KASAN: stack-out-of-bounds Read in bloom_map_peek_elem run #9: crashed: KASAN: stack-out-of-bounds Read in bloom_map_peek_elem representative crash: KASAN: stack-out-of-bounds Read in bloom_map_peek_elem, types: [KASAN] # git bisect bad b7b98f868987cd3e86c9bd9a6db048614933d7a0 Bisecting: 230 revisions left to test after this (roughly 8 steps) [26c37d89f61d84dda55feefeafb4907f2a7cd944] netdevsim: take rtnl_lock when assigning num_vfs testing commit 26c37d89f61d84dda55feefeafb4907f2a7cd944 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 6d3a8421d19082eee06eabe7fd7f33a8221d39278185fb39e0af386c6c69c82a all runs: OK false negative chance: 0.000 # git bisect good 26c37d89f61d84dda55feefeafb4907f2a7cd944 Bisecting: 115 revisions left to test after this (roughly 7 steps) [58fc155b0e4bbd69584b7a241ab01d55ee7cfde6] bpftool: Switch to new btf__type_cnt API testing commit 58fc155b0e4bbd69584b7a241ab01d55ee7cfde6 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: a50c84f36b73e4a55df70a0350de3a69a54f883b8f8d9aafb464e5f3fb2e3c60 all runs: OK false negative chance: 0.000 # git bisect good 58fc155b0e4bbd69584b7a241ab01d55ee7cfde6 Bisecting: 57 revisions left to test after this (roughly 6 steps) [c24941cd3766b6de682dbe6809bd6af12271ab5b] libbpf: Add typeless ksym support to gen_loader testing commit c24941cd3766b6de682dbe6809bd6af12271ab5b gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: ff8ecfbb912ecee836c8a82a806a50bd9c57f5e009b0ff0eb38867edca3442c2 run #0: crashed: BUG: stack guard page was hit in sys_unlink run #1: crashed: KASAN: stack-out-of-bounds Read in peek_elem run #2: crashed: KASAN: stack-out-of-bounds Read in peek_elem run #3: crashed: BUG: stack guard page was hit in sys_unlink run #4: crashed: BUG: stack guard page was hit in sys_unlink run #5: crashed: BUG: stack guard page was hit in sys_unlink run #6: crashed: KASAN: stack-out-of-bounds Read in peek_elem run #7: crashed: BUG: stack guard page was hit in sys_unlink run #8: crashed: KASAN: stack-out-of-bounds Read in peek_elem run #9: crashed: KASAN: stack-out-of-bounds Read in peek_elem representative crash: BUG: stack guard page was hit in sys_unlink, types: [UNKNOWN KASAN] # git bisect bad c24941cd3766b6de682dbe6809bd6af12271ab5b Bisecting: 28 revisions left to test after this (roughly 5 steps) [c4813e969ac471af730902377a2656b6b1b92c4d] libbpf: Deprecate ambiguously-named bpf_program__size() API testing commit c4813e969ac471af730902377a2656b6b1b92c4d gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 9ebceb341d0d144d37f90dc05af5a3a57e2666dffead53f21a8f403acd3d2c4c all runs: OK false negative chance: 0.000 # git bisect good c4813e969ac471af730902377a2656b6b1b92c4d Bisecting: 13 revisions left to test after this (roughly 4 steps) [f9d532fc5d6c2577687221869f6e7433eb177ec7] Merge branch 'bpf: use 32bit safe version of u64_stats' testing commit f9d532fc5d6c2577687221869f6e7433eb177ec7 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: aa359ffd645c0160741e1a411411b9937c2e466d20f74ff75fa3bd4a467d546f all runs: OK false negative chance: 0.000 # git bisect good f9d532fc5d6c2577687221869f6e7433eb177ec7 Bisecting: 6 revisions left to test after this (roughly 3 steps) [9330986c03006ab1d33d243b7cfe598a7a3c1baa] bpf: Add bloom filter map implementation testing commit 9330986c03006ab1d33d243b7cfe598a7a3c1baa gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 76567282ea17166c05ee1628266d05d0faaca79f2325bb82f4312e55efafe080 run #0: crashed: BUG: stack guard page was hit in sys_unlink run #1: crashed: BUG: stack guard page was hit in sys_unlink run #2: crashed: BUG: stack guard page was hit in sys_unlink run #3: crashed: BUG: stack guard page was hit in sys_unlink run #4: crashed: BUG: stack guard page was hit in sys_unlink run #5: crashed: BUG: stack guard page was hit in sys_unlink run #6: crashed: BUG: stack guard page was hit in sys_unlink run #7: crashed: KASAN: stack-out-of-bounds Read in peek_elem run #8: crashed: KASAN: stack-out-of-bounds Read in peek_elem run #9: crashed: KASAN: stack-out-of-bounds Read in peek_elem representative crash: BUG: stack guard page was hit in sys_unlink, types: [UNKNOWN KASAN] # git bisect bad 9330986c03006ab1d33d243b7cfe598a7a3c1baa Bisecting: 3 revisions left to test after this (roughly 2 steps) [e1ef62a4dd0e66ede4e73791ec1bcec947d4d0b3] selftests/bpf: Adding a namespace reset for tc_redirect testing commit e1ef62a4dd0e66ede4e73791ec1bcec947d4d0b3 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: aa359ffd645c0160741e1a411411b9937c2e466d20f74ff75fa3bd4a467d546f all runs: OK false negative chance: 0.000 # git bisect good e1ef62a4dd0e66ede4e73791ec1bcec947d4d0b3 Bisecting: 1 revision left to test after this (roughly 1 step) [252c765bd764a246a8bd516fabf6d6123df4a24f] riscv, bpf: Add BPF exception tables testing commit 252c765bd764a246a8bd516fabf6d6123df4a24f gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: aa359ffd645c0160741e1a411411b9937c2e466d20f74ff75fa3bd4a467d546f all runs: OK false negative chance: 0.000 # git bisect good 252c765bd764a246a8bd516fabf6d6123df4a24f Bisecting: 0 revisions left to test after this (roughly 0 steps) [b066abba3ef16a4a085d237e95da0de3f0b87713] bpf, tests: Add module parameter test_suite to test_bpf module testing commit b066abba3ef16a4a085d237e95da0de3f0b87713 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: aa359ffd645c0160741e1a411411b9937c2e466d20f74ff75fa3bd4a467d546f all runs: OK false negative chance: 0.000 # git bisect good b066abba3ef16a4a085d237e95da0de3f0b87713 9330986c03006ab1d33d243b7cfe598a7a3c1baa is the first bad commit commit 9330986c03006ab1d33d243b7cfe598a7a3c1baa Author: Joanne Koong Date: Wed Oct 27 16:45:00 2021 -0700 bpf: Add bloom filter map implementation This patch adds the kernel-side changes for the implementation of a bpf bloom filter map. The bloom filter map supports peek (determining whether an element is present in the map) and push (adding an element to the map) operations.These operations are exposed to userspace applications through the already existing syscalls in the following way: BPF_MAP_LOOKUP_ELEM -> peek BPF_MAP_UPDATE_ELEM -> push The bloom filter map does not have keys, only values. In light of this, the bloom filter map's API matches that of queue stack maps: user applications use BPF_MAP_LOOKUP_ELEM/BPF_MAP_UPDATE_ELEM which correspond internally to bpf_map_peek_elem/bpf_map_push_elem, and bpf programs must use the bpf_map_peek_elem and bpf_map_push_elem APIs to query or add an element to the bloom filter map. When the bloom filter map is created, it must be created with a key_size of 0. For updates, the user will pass in the element to add to the map as the value, with a NULL key. For lookups, the user will pass in the element to query in the map as the value, with a NULL key. In the verifier layer, this requires us to modify the argument type of a bloom filter's BPF_FUNC_map_peek_elem call to ARG_PTR_TO_MAP_VALUE; as well, in the syscall layer, we need to copy over the user value so that in bpf_map_peek_elem, we know which specific value to query. A few things to please take note of: * If there are any concurrent lookups + updates, the user is responsible for synchronizing this to ensure no false negative lookups occur. * The number of hashes to use for the bloom filter is configurable from userspace. If no number is specified, the default used will be 5 hash functions. The benchmarks later in this patchset can help compare the performance of using different number of hashes on different entry sizes. In general, using more hashes decreases both the false positive rate and the speed of a lookup. * Deleting an element in the bloom filter map is not supported. * The bloom filter map may be used as an inner map. * The "max_entries" size that is specified at map creation time is used to approximate a reasonable bitmap size for the bloom filter, and is not otherwise strictly enforced. If the user wishes to insert more entries into the bloom filter than "max_entries", they may do so but they should be aware that this may lead to a higher false positive rate. Signed-off-by: Joanne Koong Signed-off-by: Alexei Starovoitov Acked-by: Andrii Nakryiko Link: https://lore.kernel.org/bpf/20211027234504.30744-2-joannekoong@fb.com include/linux/bpf.h | 1 + include/linux/bpf_types.h | 1 + include/uapi/linux/bpf.h | 9 ++ kernel/bpf/Makefile | 2 +- kernel/bpf/bloom_filter.c | 195 +++++++++++++++++++++++++++++++++++++++++ kernel/bpf/syscall.c | 24 ++++- kernel/bpf/verifier.c | 19 +++- tools/include/uapi/linux/bpf.h | 9 ++ 8 files changed, 253 insertions(+), 7 deletions(-) create mode 100644 kernel/bpf/bloom_filter.c accumulated error probability: 0.00 culprit signature: 76567282ea17166c05ee1628266d05d0faaca79f2325bb82f4312e55efafe080 parent signature: aa359ffd645c0160741e1a411411b9937c2e466d20f74ff75fa3bd4a467d546f revisions tested: 32, total time: 9h37m5.973950532s (build: 5h40m27.402574126s, test: 3h41m28.403684336s) first bad commit: 9330986c03006ab1d33d243b7cfe598a7a3c1baa bpf: Add bloom filter map implementation recipients (to): ["andrii@kernel.org" "ast@kernel.org" "joannekoong@fb.com"] recipients (cc): [] crash: BUG: stack guard page was hit in sys_unlink BUG: stack guard page was hit at ffffc90001178000 (stack is ffffc90001170000..ffffc90001177fff) kernel stack overflow (page fault): 0000 [#1] SMP KASAN PTI CPU: 1 PID: 1803 Comm: syz-executor.3 Not tainted 5.15.0-rc3-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 RIP: 0010:jhash2 include/linux/jhash.h:126 [inline] RIP: 0010:hash kernel/bpf/bloom_filter.c:35 [inline] RIP: 0010:peek_elem+0x13f/0x4e0 kernel/bpf/bloom_filter.c:50 Code: 00 00 00 48 89 f1 48 c1 e9 03 42 0f b6 3c 39 48 89 f1 83 e1 07 83 c1 03 40 38 f9 7c 09 40 84 ff 0f 85 9a 02 00 00 48 8d 7e 04 <8b> 2e 48 89 f9 48 c1 e9 03 46 0f b6 04 39 48 89 f9 83 e1 07 83 c1 RSP: 0018:ffffc90001177ad8 EFLAGS: 00010282 RAX: 00000000c0a409db RBX: 00000000b6075723 RCX: ffffffff8165617f RDX: 0000000091afdf00 RSI: ffffc90001178000 RDI: ffffc90001178004 RBP: 0000000019b10981 R08: 0000000000000000 R09: 000000003ffffe8a R10: fffffbfff0d80bac R11: ffffffff85658120 R12: ffff88811a9b5590 R13: ffff88811a9b5400 R14: 0000000000000000 R15: dffffc0000000000 FS: 00005555573ec480(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: ffffc90001178000 CR3: 00000001206f6000 CR4: 00000000003506e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: ____bpf_map_peek_elem kernel/bpf/helpers.c:108 [inline] bpf_map_peek_elem+0x51/0x80 kernel/bpf/helpers.c:106 ___bpf_prog_run+0x2ea0/0x7130 kernel/bpf/core.c:1549 __bpf_prog_run32+0x79/0xb0 kernel/bpf/core.c:1775 bpf_dispatcher_nop_func include/linux/bpf.h:721 [inline] __bpf_prog_run include/linux/filter.h:624 [inline] bpf_prog_run include/linux/filter.h:631 [inline] __bpf_trace_run kernel/trace/bpf_trace.c:1951 [inline] bpf_trace_run2+0xb4/0x190 kernel/trace/bpf_trace.c:1988 __traceiter_ext4_drop_inode+0x58/0xa0 include/trace/events/ext4.h:238 trace_ext4_drop_inode include/trace/events/ext4.h:238 [inline] ext4_drop_inode+0x109/0x130 fs/ext4/super.c:1328 iput_final fs/inode.c:1634 [inline] iput fs/inode.c:1690 [inline] iput+0x241/0x640 fs/inode.c:1676 do_unlinkat+0x34a/0x550 fs/namei.c:4176 __do_sys_unlink fs/namei.c:4217 [inline] __se_sys_unlink fs/namei.c:4215 [inline] __x64_sys_unlink+0xa0/0xe0 fs/namei.c:4215 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x3c/0x90 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7feb9365a557 Code: 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 57 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ffdf8a6d438 EFLAGS: 00000206 ORIG_RAX: 0000000000000057 RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007feb9365a557 RDX: 00007ffdf8a6d460 RSI: 00007ffdf8a6d4f0 RDI: 00007ffdf8a6d4f0 RBP: 00007ffdf8a6d4f0 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000100 R11: 0000000000000206 R12: 00007ffdf8a6e5b0 R13: 00007feb936a63b9 R14: 000000000000c81d R15: 0000000000000004 Modules linked in: ---[ end trace 6cc7572f4dbc03bb ]--- RIP: 0010:jhash2 include/linux/jhash.h:126 [inline] RIP: 0010:hash kernel/bpf/bloom_filter.c:35 [inline] RIP: 0010:peek_elem+0x13f/0x4e0 kernel/bpf/bloom_filter.c:50 Code: 00 00 00 48 89 f1 48 c1 e9 03 42 0f b6 3c 39 48 89 f1 83 e1 07 83 c1 03 40 38 f9 7c 09 40 84 ff 0f 85 9a 02 00 00 48 8d 7e 04 <8b> 2e 48 89 f9 48 c1 e9 03 46 0f b6 04 39 48 89 f9 83 e1 07 83 c1 RSP: 0018:ffffc90001177ad8 EFLAGS: 00010282 RAX: 00000000c0a409db RBX: 00000000b6075723 RCX: ffffffff8165617f RDX: 0000000091afdf00 RSI: ffffc90001178000 RDI: ffffc90001178004 RBP: 0000000019b10981 R08: 0000000000000000 R09: 000000003ffffe8a R10: fffffbfff0d80bac R11: ffffffff85658120 R12: ffff88811a9b5590 R13: ffff88811a9b5400 R14: 0000000000000000 R15: dffffc0000000000 FS: 00005555573ec480(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: ffffc90001178000 CR3: 00000001206f6000 CR4: 00000000003506e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 ---------------- Code disassembly (best guess): 0: 00 00 add %al,(%rax) 2: 00 48 89 add %cl,-0x77(%rax) 5: f1 int1 6: 48 c1 e9 03 shr $0x3,%rcx a: 42 0f b6 3c 39 movzbl (%rcx,%r15,1),%edi f: 48 89 f1 mov %rsi,%rcx 12: 83 e1 07 and $0x7,%ecx 15: 83 c1 03 add $0x3,%ecx 18: 40 38 f9 cmp %dil,%cl 1b: 7c 09 jl 0x26 1d: 40 84 ff test %dil,%dil 20: 0f 85 9a 02 00 00 jne 0x2c0 26: 48 8d 7e 04 lea 0x4(%rsi),%rdi * 2a: 8b 2e mov (%rsi),%ebp <-- trapping instruction 2c: 48 89 f9 mov %rdi,%rcx 2f: 48 c1 e9 03 shr $0x3,%rcx 33: 46 0f b6 04 39 movzbl (%rcx,%r15,1),%r8d 38: 48 89 f9 mov %rdi,%rcx 3b: 83 e1 07 and $0x7,%ecx 3e: 83 .byte 0x83 3f: c1 .byte 0xc1