bisecting cause commit starting from 2d3d8c7643a56bfe2e808f97d5a4360d49f3b45b building syzkaller on 4ebb27982f8984ed57466f87099acc0b250a1b5c testing commit 2d3d8c7643a56bfe2e808f97d5a4360d49f3b45b compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 9db1cbd4bbb31ca72dc7e2ccf9a0d413c9e82ea5604a2276031059ff38238856 run #0: basic kernel testing failed: BUG: program execution failed: executor NUM: failed to write control pipe: write |NUM: broken pipe run #1: basic kernel testing failed: BUG: program execution failed: executor NUM: exit status NUM run #2: crashed: general protection fault in submit_bio_checks run #3: crashed: general protection fault in submit_bio_checks run #4: crashed: general protection fault in submit_bio_checks run #5: crashed: general protection fault in submit_bio_checks run #6: crashed: general protection fault in submit_bio_checks run #7: crashed: general protection fault in submit_bio_checks run #8: crashed: general protection fault in submit_bio_checks run #9: crashed: general protection fault in submit_bio_checks run #10: crashed: general protection fault in submit_bio_checks run #11: crashed: general protection fault in submit_bio_checks run #12: crashed: general protection fault in submit_bio_checks run #13: crashed: general protection fault in submit_bio_checks run #14: crashed: general protection fault in submit_bio_checks run #15: crashed: general protection fault in submit_bio_checks run #16: crashed: general protection fault in submit_bio_checks run #17: crashed: general protection fault in submit_bio_checks run #18: crashed: general protection fault in submit_bio_checks run #19: crashed: general protection fault in submit_bio_checks testing release v5.16 testing commit df0cc57e057f18e44dac8e6c18aba47ab53202f9 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 6392e7dc90e0a4647080a5029d93ca58348fb8a5852ea8aba24fe1cfc2cb5f6d all runs: OK # git bisect start 2d3d8c7643a56bfe2e808f97d5a4360d49f3b45b df0cc57e057f18e44dac8e6c18aba47ab53202f9 Bisecting: 8103 revisions left to test after this (roughly 13 steps) [fd04899208d2057b2de808e8447cfd806fd0a607] Merge tag 'timers-core-2022-01-13' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip testing commit fd04899208d2057b2de808e8447cfd806fd0a607 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 3787d75f0e7849aac9ea1e84c3aaf11cb8e60e0ce985a29252ac522a36f01853 all runs: OK # git bisect good fd04899208d2057b2de808e8447cfd806fd0a607 Bisecting: 4053 revisions left to test after this (roughly 12 steps) [169387e2aa291a4e3cb856053730fe99d6cec06f] Merge tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi testing commit 169387e2aa291a4e3cb856053730fe99d6cec06f compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 31f6f53d67adee2d4cf4dcff61af91884dbf3bd40bab2a9aea29814ae1d28893 all runs: OK # git bisect good 169387e2aa291a4e3cb856053730fe99d6cec06f Bisecting: 2007 revisions left to test after this (roughly 11 steps) [d18668ec546511a12b0f21ea7cefb4ca2191b021] Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next.git testing commit d18668ec546511a12b0f21ea7cefb4ca2191b021 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: b8f2e7b810fdf3f5104e67005e8ef27b453fd4a5aa48829db22d8bc13f623785 all runs: OK # git bisect good d18668ec546511a12b0f21ea7cefb4ca2191b021 Bisecting: 1002 revisions left to test after this (roughly 10 steps) [d0c931842df223c7bb52655193801dd68542c608] Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regulator.git testing commit d0c931842df223c7bb52655193801dd68542c608 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 5ce273074ea8def9cd54d245860b1679b8f4b2b18c17238df380c9f7de87ff0d all runs: crashed: general protection fault in submit_bio_checks # git bisect bad d0c931842df223c7bb52655193801dd68542c608 Bisecting: 452 revisions left to test after this (roughly 9 steps) [84650a6f1f8e9d20877803f2c6cb9ea6ca6c77e2] Merge branch 'drm-next' of https://gitlab.freedesktop.org/agd5f/linux testing commit 84650a6f1f8e9d20877803f2c6cb9ea6ca6c77e2 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: de5f83fca9c04a4e6ed06fdba65d484e7ba9bc8bb76bddc8471a9c8f9e1f628b all runs: OK # git bisect good 84650a6f1f8e9d20877803f2c6cb9ea6ca6c77e2 Bisecting: 235 revisions left to test after this (roughly 8 steps) [3513cd73ba6ad74e4b8d1a4e93813f02b8b979dd] Merge branch 'imx-drm/next' of https://git.pengutronix.de/git/pza/linux testing commit 3513cd73ba6ad74e4b8d1a4e93813f02b8b979dd compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: b25b167ea0cd44a9b3176571e4d227141fca6a11570321af4bcdc4fefa8d0d10 all runs: OK # git bisect good 3513cd73ba6ad74e4b8d1a4e93813f02b8b979dd Bisecting: 113 revisions left to test after this (roughly 7 steps) [3aa0cb7ac476c05de10ee45eb537d75c3614b8fa] Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/sound.git testing commit 3aa0cb7ac476c05de10ee45eb537d75c3614b8fa compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: da93ce5293c1fff2f75037b5ec144a252d95bc7b8fb747afda56421c1987967b all runs: OK # git bisect good 3aa0cb7ac476c05de10ee45eb537d75c3614b8fa Bisecting: 53 revisions left to test after this (roughly 6 steps) [ccbc867ce4ad2955b96db73ae9ac1d92cef1b7d7] Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmc.git testing commit ccbc867ce4ad2955b96db73ae9ac1d92cef1b7d7 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 40bbb8a33c8cf023d4841d941e96085e29dfe30b4049da403b52607e33f80f46 all runs: crashed: general protection fault in submit_bio_checks # git bisect bad ccbc867ce4ad2955b96db73ae9ac1d92cef1b7d7 Bisecting: 29 revisions left to test after this (roughly 5 steps) [448025c103938d944f88db9671c1c224295deeae] block/rnbd: client device does not care queue/rotational testing commit 448025c103938d944f88db9671c1c224295deeae compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: da5074c8f2ec57d8afc936bdd6a8d27f098caf97e553db5fafe56008cc64795b all runs: crashed: general protection fault in submit_bio_checks # git bisect bad 448025c103938d944f88db9671c1c224295deeae Bisecting: 14 revisions left to test after this (roughly 4 steps) [d7b78de2b1552e3e7ce3a069f075cc2729aa5c34] rnbd-srv: remove struct rnbd_dev_blk_io testing commit d7b78de2b1552e3e7ce3a069f075cc2729aa5c34 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 3c8c04b7bb44b557fc8db227cf56eabf0478e9c8985b28d4a38ab2fd60b7e076 all runs: OK # git bisect good d7b78de2b1552e3e7ce3a069f075cc2729aa5c34 Bisecting: 7 revisions left to test after this (roughly 3 steps) [49add4966d79244013fce35f95c6833fae82b8b1] block: pass a block_device and opf to bio_init testing commit 49add4966d79244013fce35f95c6833fae82b8b1 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 34ab5bc79b95693ccec28600f7db1ec592540d8d1b0e9cea183dec0194c1992a all runs: OK # git bisect good 49add4966d79244013fce35f95c6833fae82b8b1 Bisecting: 3 revisions left to test after this (roughly 2 steps) [b42c1fc3d55e077d36718ad9800d89100b2aff81] block: fix the kerneldoc for bio_end_io_acct testing commit b42c1fc3d55e077d36718ad9800d89100b2aff81 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 78ec8f284424980c894c9f1d43458acb265405f53f35eebcfa8a3d8d9cda8098 all runs: crashed: general protection fault in submit_bio_checks # git bisect bad b42c1fc3d55e077d36718ad9800d89100b2aff81 Bisecting: 1 revision left to test after this (roughly 1 step) [b1f866b013e6e5583f2f0bf4a61d13eddb9a1799] block: remove blk_needs_flush_plug testing commit b1f866b013e6e5583f2f0bf4a61d13eddb9a1799 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: f891da647441d8dd4a2b7761fc47c6fbbeceab4e486dd309689f73fd9b8ac02b all runs: crashed: general protection fault in submit_bio_checks # git bisect bad b1f866b013e6e5583f2f0bf4a61d13eddb9a1799 Bisecting: 0 revisions left to test after this (roughly 0 steps) [a7c50c940477bae89fb2b4f51bd969a2d95d7512] block: pass a block_device and opf to bio_reset testing commit a7c50c940477bae89fb2b4f51bd969a2d95d7512 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 0e548de1261ae387a4f45240056092d5529f7be83e1b13a197c0448f269ef1bf all runs: crashed: general protection fault in submit_bio_checks # git bisect bad a7c50c940477bae89fb2b4f51bd969a2d95d7512 a7c50c940477bae89fb2b4f51bd969a2d95d7512 is the first bad commit commit a7c50c940477bae89fb2b4f51bd969a2d95d7512 Author: Christoph Hellwig Date: Mon Jan 24 10:11:07 2022 +0100 block: pass a block_device and opf to bio_reset Pass the block_device that we plan to use this bio for and the operation to bio_reset to optimize the assigment. A NULL block_device can be passed, both for the passthrough case on a raw request_queue and to temporarily avoid refactoring some nasty code. Signed-off-by: Christoph Hellwig Reviewed-by: Chaitanya Kulkarni Link: https://lore.kernel.org/r/20220124091107.642561-20-hch@lst.de Signed-off-by: Jens Axboe block/bio.c | 6 +++++- drivers/block/pktcdvd.c | 8 ++------ drivers/md/bcache/journal.c | 12 ++++-------- drivers/md/bcache/request.c | 4 ++-- drivers/md/raid1.c | 5 ++--- drivers/md/raid10.c | 8 +++----- drivers/md/raid5-cache.c | 9 +++------ drivers/md/raid5.c | 8 ++++---- fs/btrfs/disk-io.c | 4 +--- fs/crypto/bio.c | 8 ++------ include/linux/bio.h | 9 +-------- 11 files changed, 29 insertions(+), 52 deletions(-) culprit signature: 0e548de1261ae387a4f45240056092d5529f7be83e1b13a197c0448f269ef1bf parent signature: 34ab5bc79b95693ccec28600f7db1ec592540d8d1b0e9cea183dec0194c1992a revisions tested: 16, total time: 2h44m8.954600392s (build: 1h55m54.541139946s, test: 46m30.670155306s) first bad commit: a7c50c940477bae89fb2b4f51bd969a2d95d7512 block: pass a block_device and opf to bio_reset recipients (to): ["axboe@kernel.dk" "hch@lst.de" "kch@nvidia.com"] recipients (cc): [] crash: general protection fault in submit_bio_checks BTRFS: device fsid 9ef2b0c0-0642-4475-a2ba-d53d18884f0b devid 1 transid 7 /dev/loop0 scanned by syz-executor700 (4049) BTRFS info (device loop0): disk space caching is enabled BTRFS info (device loop0): has skinny extents BTRFS info (device loop0): enabling ssd optimizations general protection fault, probably for non-canonical address 0xdffffc000000002f: 0000 [#1] PREEMPT SMP KASAN KASAN: null-ptr-deref in range [0x0000000000000178-0x000000000000017f] CPU: 1 PID: 4049 Comm: syz-executor700 Not tainted 5.17.0-rc2-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:blk_throtl_bio block/blk-throttle.h:175 [inline] RIP: 0010:submit_bio_checks+0x61f/0x17a0 block/blk-core.c:765 Code: 74 08 3c 03 0f 8e ba 0e 00 00 48 b8 00 00 00 00 00 fc ff df 41 8b 6f 10 83 e5 01 49 8d bc 2e 7c 01 00 00 48 89 fa 48 c1 ea 03 <0f> b6 04 02 48 89 fa 83 e2 07 38 d0 7f 08 84 c0 0f 85 7a 0e 00 00 RSP: 0018:ffffc900026ef2e0 EFLAGS: 00010203 RAX: dffffc0000000000 RBX: 1ffff920004dde63 RCX: ffff88801ba61214 RDX: 000000000000002f RSI: 0000000000000008 RDI: 000000000000017d RBP: 0000000000000001 R08: 0000000000000000 R09: ffff88814700b96f R10: ffffed1028e0172d R11: 0000000000000000 R12: ffff88801ba61210 R13: 0000000000000000 R14: 0000000000000000 R15: ffff88801ba61200 FS: 00005555566e9300(0000) GS:ffff8880b9f00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fdb355e2c28 CR3: 00000000797cf000 CR4: 00000000003506e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: __submit_bio+0xa9/0x2f0 block/blk-core.c:802 __submit_bio_noacct_mq block/blk-core.c:881 [inline] submit_bio_noacct block/blk-core.c:907 [inline] submit_bio_noacct+0x5c8/0x830 block/blk-core.c:896 submit_bio block/blk-core.c:968 [inline] submit_bio+0x158/0x360 block/blk-core.c:926 write_dev_flush fs/btrfs/disk-io.c:4162 [inline] barrier_all_devices fs/btrfs/disk-io.c:4212 [inline] write_all_supers+0x29b4/0x3460 fs/btrfs/disk-io.c:4307 btrfs_commit_transaction+0x1520/0x26f0 fs/btrfs/transaction.c:2323 close_ctree+0x2bc/0xa8f fs/btrfs/disk-io.c:4590 btrfs_fill_super fs/btrfs/super.c:1380 [inline] btrfs_mount_root.cold+0x83/0x118 fs/btrfs/super.c:1724 legacy_get_tree+0xfa/0x1f0 fs/fs_context.c:610 vfs_get_tree+0x7f/0x2c0 fs/super.c:1497 fc_mount fs/namespace.c:1000 [inline] vfs_kern_mount.part.0+0x70/0x100 fs/namespace.c:1030 btrfs_mount+0x1aa/0x860 fs/btrfs/super.c:1784 legacy_get_tree+0xfa/0x1f0 fs/fs_context.c:610 vfs_get_tree+0x7f/0x2c0 fs/super.c:1497 do_new_mount fs/namespace.c:2994 [inline] path_mount+0x7e8/0x1a40 fs/namespace.c:3324 do_mount fs/namespace.c:3337 [inline] __do_sys_mount fs/namespace.c:3545 [inline] __se_sys_mount fs/namespace.c:3522 [inline] __x64_sys_mount+0x1f5/0x260 fs/namespace.c:3522 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7f9c6f128d6a Code: 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ffeed457828 EFLAGS: 00000282 ORIG_RAX: 00000000000000a5 RAX: ffffffffffffffda RBX: 00007ffeed457880 RCX: 00007f9c6f128d6a RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007ffeed457840 RBP: 00007ffeed457840 R08: 00007ffeed457880 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000282 R12: 0000000020000f50 R13: 0000000000000003 R14: 0000000000000004 R15: 000000000000008e Modules linked in: ---[ end trace 0000000000000000 ]--- RIP: 0010:blk_throtl_bio block/blk-throttle.h:175 [inline] RIP: 0010:submit_bio_checks+0x61f/0x17a0 block/blk-core.c:765 Code: 74 08 3c 03 0f 8e ba 0e 00 00 48 b8 00 00 00 00 00 fc ff df 41 8b 6f 10 83 e5 01 49 8d bc 2e 7c 01 00 00 48 89 fa 48 c1 ea 03 <0f> b6 04 02 48 89 fa 83 e2 07 38 d0 7f 08 84 c0 0f 85 7a 0e 00 00 RSP: 0018:ffffc900026ef2e0 EFLAGS: 00010203 RAX: dffffc0000000000 RBX: 1ffff920004dde63 RCX: ffff88801ba61214 RDX: 000000000000002f RSI: 0000000000000008 RDI: 000000000000017d RBP: 0000000000000001 R08: 0000000000000000 R09: ffff88814700b96f R10: ffffed1028e0172d R11: 0000000000000000 R12: ffff88801ba61210 R13: 0000000000000000 R14: 0000000000000000 R15: ffff88801ba61200 FS: 00005555566e9300(0000) GS:ffff8880b9f00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f31e169a600 CR3: 00000000797cf000 CR4: 00000000003506e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 ---------------- Code disassembly (best guess): 0: 74 08 je 0xa 2: 3c 03 cmp $0x3,%al 4: 0f 8e ba 0e 00 00 jle 0xec4 a: 48 b8 00 00 00 00 00 movabs $0xdffffc0000000000,%rax 11: fc ff df 14: 41 8b 6f 10 mov 0x10(%r15),%ebp 18: 83 e5 01 and $0x1,%ebp 1b: 49 8d bc 2e 7c 01 00 lea 0x17c(%r14,%rbp,1),%rdi 22: 00 23: 48 89 fa mov %rdi,%rdx 26: 48 c1 ea 03 shr $0x3,%rdx * 2a: 0f b6 04 02 movzbl (%rdx,%rax,1),%eax <-- trapping instruction 2e: 48 89 fa mov %rdi,%rdx 31: 83 e2 07 and $0x7,%edx 34: 38 d0 cmp %dl,%al 36: 7f 08 jg 0x40 38: 84 c0 test %al,%al 3a: 0f 85 7a 0e 00 00 jne 0xeba