ci2 starts bisection 2025-08-13 21:08:06.301701762 +0000 UTC m=+99373.812177240
bisecting fixing commit since db710ea87c32d5f806ffaaccbf98ecd3108314e4
building syzkaller on 874a1386706482fe473dfe96f8a3acc52c1b2ba1
ensuring issue is reproducible on original commit db710ea87c32d5f806ffaaccbf98ecd3108314e4

testing commit db710ea87c32d5f806ffaaccbf98ecd3108314e4 gcc
compiler: Debian clang version 20.1.7 (++20250616065708+6146a88f6049-1~exp1~20250616065826.132), Debian LLD 20.1.7
kernel signature: da6a67312e3448d8509f13422262847bf19091cc529db1257fef7b38d46869b8
all runs: crashed: invalid opcode in __traceiter_percpu_free_percpu
representative crash: invalid opcode in __traceiter_percpu_free_percpu, types: [DoS]
check whether we can drop unnecessary instrumentation
disabling configs for [kasan locking atomic_sleep hang memleak ubsan bug_or_warning], they are not needed
testing commit db710ea87c32d5f806ffaaccbf98ecd3108314e4 gcc
compiler: Debian clang version 20.1.7 (++20250616065708+6146a88f6049-1~exp1~20250616065826.132), Debian LLD 20.1.7
kernel signature: 2bc574b0055d7199a692c8a3cb2a51383551f4795f2aea61d7f58924bc95f3b4
all runs: crashed: invalid opcode in __traceiter_percpu_free_percpu
representative crash: invalid opcode in __traceiter_percpu_free_percpu, types: [DoS]
the bug reproduces without the instrumentation
disabling configs for [hang memleak ubsan bug_or_warning kasan locking atomic_sleep], they are not needed
kconfig minimization: base=5186 full=6555 leaves diff=264
split chunks (needed=false): <264>
split chunk #0 of len 264 into 5 parts
testing without sub-chunk 1/5
disabling configs for [hang memleak ubsan bug_or_warning kasan locking atomic_sleep], they are not needed
testing commit db710ea87c32d5f806ffaaccbf98ecd3108314e4 gcc
compiler: Debian clang version 20.1.7 (++20250616065708+6146a88f6049-1~exp1~20250616065826.132), Debian LLD 20.1.7
kernel signature: 49b35e0403557aa3ab44acb4a5eafae3cb5e17b14ed9104fa991b9203c53aed2
all runs: crashed: invalid opcode in __traceiter_percpu_free_percpu
representative crash: invalid opcode in __traceiter_percpu_free_percpu, types: [DoS]
the chunk can be dropped
testing without sub-chunk 2/5
disabling configs for [hang memleak ubsan bug_or_warning kasan locking atomic_sleep], they are not needed
testing commit db710ea87c32d5f806ffaaccbf98ecd3108314e4 gcc
compiler: Debian clang version 20.1.7 (++20250616065708+6146a88f6049-1~exp1~20250616065826.132), Debian LLD 20.1.7
kernel signature: 9314b6573b6192bdd5aa25ba7837a97463a367da4189984446d28bdfe5cb4fc7
all runs: crashed: invalid opcode in __traceiter_percpu_free_percpu
representative crash: invalid opcode in __traceiter_percpu_free_percpu, types: [DoS]
the chunk can be dropped
testing without sub-chunk 3/5
disabling configs for [bug_or_warning kasan locking atomic_sleep hang memleak ubsan], they are not needed
testing commit db710ea87c32d5f806ffaaccbf98ecd3108314e4 gcc
compiler: Debian clang version 20.1.7 (++20250616065708+6146a88f6049-1~exp1~20250616065826.132), Debian LLD 20.1.7
kernel signature: df15181d0bade4e74d03c836ddc68e0aa46674bb7e900b0297fe9330e2acbdb9
all runs: crashed: invalid opcode in __traceiter_percpu_free_percpu
representative crash: invalid opcode in __traceiter_percpu_free_percpu, types: [DoS]
the chunk can be dropped
testing without sub-chunk 4/5
disabling configs for [locking atomic_sleep hang memleak ubsan bug_or_warning kasan], they are not needed
testing commit db710ea87c32d5f806ffaaccbf98ecd3108314e4 gcc
compiler: Debian clang version 20.1.7 (++20250616065708+6146a88f6049-1~exp1~20250616065826.132), Debian LLD 20.1.7
kernel signature: 66e8392d008a6e1d8a2c5bccc0541042650339116540595ab57cf8363f0be58f
all runs: crashed: invalid opcode in __traceiter_percpu_free_percpu
representative crash: invalid opcode in __traceiter_percpu_free_percpu, types: [DoS]
the chunk can be dropped
testing without sub-chunk 5/5
disabling configs for [locking atomic_sleep hang memleak ubsan bug_or_warning kasan], they are not needed
testing commit db710ea87c32d5f806ffaaccbf98ecd3108314e4 gcc
compiler: Debian clang version 20.1.7 (++20250616065708+6146a88f6049-1~exp1~20250616065826.132), Debian LLD 20.1.7
failed building db710ea87c32d5f806ffaaccbf98ecd3108314e4: ld.lld: error: undefined symbol: wext_handle_ioctl
ld.lld: error: undefined symbol: compat_wext_handle_ioctl
ld.lld: error: undefined symbol: wext_proc_init
ld.lld: error: undefined symbol: wext_proc_exit
minimized to 52 configs; suspects: [HID_ZEROPLUS USB_NET_CDC_MBIM USB_NET_CDC_SUBSET USB_NET_CDC_SUBSET_ENABLE USB_NET_DM9601 USB_NET_GL620A USB_NET_MCS7830 USB_NET_NET1080 USB_NET_PLUSB USB_NET_RNDIS_HOST USB_NET_SMSC75XX USB_NET_SMSC95XX USB_NET_SR9700 USB_NET_SR9800 USB_NET_ZAURUS USB_OHCI_HCD USB_OHCI_HCD_PCI USB_OHCI_HCD_PLATFORM USB_OTG USB_OTG_FSM USB_PRINTER USB_SERIAL_GENERIC USB_SERIAL_PL2303 USB_STORAGE_ALAUDA USB_STORAGE_CYPRESS_ATACB USB_STORAGE_DATAFAB USB_STORAGE_FREECOM USB_STORAGE_ISD200 USB_STORAGE_JUMPSHOT USB_STORAGE_KARMA USB_STORAGE_ONETOUCH USB_STORAGE_SDDR09 USB_STORAGE_SDDR55 USB_STORAGE_USBAT USB_TRANCEVIBRATOR USB_U_AUDIO USB_U_ETHER USB_U_SERIAL USB_WDM V4L2_ASYNC V4L2_FWNODE VIDEO_CAMERA_SENSOR WLAN WLAN_VENDOR_ATH WLAN_VENDOR_ATMEL WLAN_VENDOR_BROADCOM WLAN_VENDOR_INTERSIL WLAN_VENDOR_MARVELL WLAN_VENDOR_MEDIATEK WLAN_VENDOR_MICROCHIP WLAN_VENDOR_PURELIFI WLAN_VENDOR_RALINK WLAN_VENDOR_REALTEK WLAN_VENDOR_RSI WLAN_VENDOR_SILABS WLAN_VENDOR_ZYDAS ZEROPLUS_FF]
disabling configs for [hang memleak ubsan bug_or_warning kasan locking atomic_sleep], they are not needed
testing current HEAD c750dc582629811994978507b7055b679be149f0
testing commit c750dc582629811994978507b7055b679be149f0 gcc
compiler: Debian clang version 20.1.7 (++20250616065708+6146a88f6049-1~exp1~20250616065826.132), Debian LLD 20.1.7
kernel signature: ad8808113ff3d440d67a75536d10901f3e4ad5cedaf808b51f6bd60de7c78ce1
all runs: crashed: invalid opcode in __traceiter_percpu_free_percpu
representative crash: invalid opcode in __traceiter_percpu_free_percpu, types: [DoS]
crash still not fixed/happens on the oldest tested release
revisions tested: 7, total time: 1h22m36.650671122s (build: 33m42.859321311s, test: 40m27.194822483s)
crash still not fixed or there were kernel test errors
commit msg: ANDROID: gunyah: Fix use-after-free in gunyah_vm_clean_resources()
crash: invalid opcode in __traceiter_percpu_free_percpu
CFI failure at __traceiter_percpu_free_percpu+0x3e/0x60 include/trace/events/percpu.h:54 (target: tp_stub_func+0x0/0x10; expected type: 0xc88d2a22)
invalid opcode: 0000 [#1] PREEMPT SMP
CPU: 1 PID: 357 Comm: kworker/1:3 Not tainted 6.1.145-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
Workqueue: events bpf_prog_free_deferred
RIP: 0010:__traceiter_percpu_free_percpu+0x3e/0x60 include/trace/events/percpu.h:54
Code: e4 74 38 48 89 cb 41 89 d6 49 89 f7 49 8b 04 24 49 8b 7c 24 08 4c 89 fe 44 89 f2 48 89 d9 41 ba de d5 72 37 44 03 50 fc 74 02 <0f> 0b ff d0 49 83 7c 24 18 00 4d 8d 64 24 18 75 d1 31 c0 5b 41 5c
RSP: 0018:ffffc9000072fd70 EFLAGS: 00010092
RAX: ffffffff8129b660 RBX: 0000607dc8018530 RCX: 0000607dc8018530
RDX: 0000000000018530 RSI: ffffe8ffffc00000 RDI: ffffc90000c31000
RBP: ffffc9000072fd90 R08: 0000000000000190 R09: 000000008010000d
R10: 00000000dcb33cea R11: ffffffff812e09f0 R12: ffff8881130827c0
R13: 0000000000000000 R14: 0000000000018530 R15: ffffe8ffffc00000
FS:  0000000000000000(0000) GS:ffff888237d00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fd58fdedbf8 CR3: 000000000320b000 CR4: 00000000003506a0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 trace_percpu_free_percpu include/trace/events/percpu.h:54 [inline]
 free_percpu+0x477/0x4f0 mm/percpu.c:2304
 __bpf_prog_free+0x2f/0x50 kernel/bpf/core.c:269
 bpf_prog_unlock_free include/linux/filter.h:903 [inline]
 bpf_jit_free+0x65/0x70 arch/x86/net/bpf_jit_comp.c:2648
 bpf_prog_free_deferred+0x1ba/0x1d0 kernel/bpf/core.c:2584
 process_one_work+0x1bf/0x390 kernel/workqueue.c:2302
 worker_thread+0x231/0x390 kernel/workqueue.c:2449
 kthread+0xe5/0x100 kernel/kthread.c:397
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:__traceiter_percpu_free_percpu+0x3e/0x60 include/trace/events/percpu.h:54
Code: e4 74 38 48 89 cb 41 89 d6 49 89 f7 49 8b 04 24 49 8b 7c 24 08 4c 89 fe 44 89 f2 48 89 d9 41 ba de d5 72 37 44 03 50 fc 74 02 <0f> 0b ff d0 49 83 7c 24 18 00 4d 8d 64 24 18 75 d1 31 c0 5b 41 5c
RSP: 0018:ffffc9000072fd70 EFLAGS: 00010092
RAX: ffffffff8129b660 RBX: 0000607dc8018530 RCX: 0000607dc8018530
RDX: 0000000000018530 RSI: ffffe8ffffc00000 RDI: ffffc90000c31000
RBP: ffffc9000072fd90 R08: 0000000000000190 R09: 000000008010000d
R10: 00000000dcb33cea R11: ffffffff812e09f0 R12: ffff8881130827c0
R13: 0000000000000000 R14: 0000000000018530 R15: ffffe8ffffc00000
FS:  0000000000000000(0000) GS:ffff888237d00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fd58fdedbf8 CR3: 000000000320b000 CR4: 00000000003506a0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400