ci2 starts bisection 2023-01-05 13:50:50.667307032 +0000 UTC m=+110827.516352641 bisecting cause commit starting from 644e9524388a5dbc6d4f58c492ee9ef7bd4ddf4d building syzkaller on f4470a7b5efeb021c66c8fb38656bcb2b1597974 ensuring issue is reproducible on original commit 644e9524388a5dbc6d4f58c492ee9ef7bd4ddf4d testing commit 644e9524388a5dbc6d4f58c492ee9ef7bd4ddf4d gcc compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 19b3813c19d0d6c0a68867ead61c9f372b501cb46606afe7e7c9b819d923d1f9 all runs: crashed: kernel BUG in insert_state_fast testing release v6.0 testing commit 4fe89d07dcc2804c8b562f6c7896a45643d34b2f gcc compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 4d7b0cdcad01ecd9bcea709682a37c61db4d1761af22092d873dbeed7615c691 all runs: crashed: kernel BUG in set_state_bits testing release v5.19 testing commit 3d7cb6b04c3f3115719235cc6866b10326de34cd gcc compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 9944bb0162711e78265e9f6bd300ad0ce58e64f9812dae225ea852314bde78cf all runs: crashed: kernel BUG in set_state_bits testing release v5.18 testing commit 4b0986a3613c92f4ec1bdc7f60ec66fea135991f gcc compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 7747ee60398b407addcb44e039cce12b4bddae608345b3449494d19cd8023208 all runs: crashed: kernel BUG in set_state_bits testing release v5.17 testing commit f443e374ae131c168a065ea1748feac6b2e76613 gcc compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: e86f3791417136c644605e88e0e4e7c0c87456f04304571cb7424f2d70080075 all runs: OK # git bisect start 4b0986a3613c92f4ec1bdc7f60ec66fea135991f f443e374ae131c168a065ea1748feac6b2e76613 Bisecting: 8498 revisions left to test after this (roughly 13 steps) [25fd2d41b505d0640bdfe67aa77c549de2d3c18a] selftests: kselftest framework: provide "finished" helper testing commit 25fd2d41b505d0640bdfe67aa77c549de2d3c18a gcc compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 402fcdbb9d0456bf25f02f452e840c3ecdec12d3a935d9e66847dbc94fab76de all runs: OK # git bisect good 25fd2d41b505d0640bdfe67aa77c549de2d3c18a Bisecting: 4033 revisions left to test after this (roughly 12 steps) [02e2af20f4f9f2aa0c84e9a30a35c02f0fbb7daa] Merge tag 'char-misc-5.18-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc testing commit 02e2af20f4f9f2aa0c84e9a30a35c02f0fbb7daa gcc compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 02f64c888ab8a8aa7acd4ac736661a477271aef8516d909c2354655eb0628d7f all runs: OK # git bisect good 02e2af20f4f9f2aa0c84e9a30a35c02f0fbb7daa Bisecting: 2017 revisions left to test after this (roughly 11 steps) [887f75cfd0da44c19dda93b2ff9e70ca8792cdc1] drm/amdgpu: Ensure HDA function is suspended before ASIC reset testing commit 887f75cfd0da44c19dda93b2ff9e70ca8792cdc1 gcc compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 2114d988862507d7d5539e3e08b01d7bf72f5f1b77f666ead39b642bb8b66ed9 all runs: OK # git bisect good 887f75cfd0da44c19dda93b2ff9e70ca8792cdc1 Bisecting: 1015 revisions left to test after this (roughly 10 steps) [cf424ef014ac30b0da27125dd1fbdf10b0d3a520] Merge tag 'for-5.18/fbdev-2' of git://git.kernel.org/pub/scm/linux/kernel/git/deller/linux-fbdev testing commit cf424ef014ac30b0da27125dd1fbdf10b0d3a520 gcc compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: a459532b8da6908a8bfed100e2fcfec1334ca3fb63cfd04a8725f9bed96925e8 all runs: crashed: kernel BUG in set_state_bits # git bisect bad cf424ef014ac30b0da27125dd1fbdf10b0d3a520 Bisecting: 479 revisions left to test after this (roughly 9 steps) [d20339fa93e9810fcf87518bdd62e44f62bb64ee] Merge tag 'net-5.18-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net testing commit d20339fa93e9810fcf87518bdd62e44f62bb64ee gcc compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: c82a5f429b447b9cb2c74b5f48e90ba4c67063998f0a207e8fd0d95085c1a90b all runs: crashed: kernel BUG in set_state_bits # git bisect bad d20339fa93e9810fcf87518bdd62e44f62bb64ee Bisecting: 260 revisions left to test after this (roughly 8 steps) [fa3b895da8e06d6e3dcf3e6941a3fd428343e3d7] Merge tag 'gpio-fixes-for-v5.18-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/brgl/linux testing commit fa3b895da8e06d6e3dcf3e6941a3fd428343e3d7 gcc compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: c08d6b67dec816336f5c73b745a3f0640c4f11c15c6f65523e93543a92a681f0 all runs: crashed: kernel BUG in set_state_bits # git bisect bad fa3b895da8e06d6e3dcf3e6941a3fd428343e3d7 Bisecting: 130 revisions left to test after this (roughly 7 steps) [98849765a58b56479dbb105565a24417752eff25] Merge tag 'regulator-fix-v5.18-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regulator testing commit 98849765a58b56479dbb105565a24417752eff25 gcc compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 342d63b334fa925e8edc18bd06957f8e97c1f0f78226263e208eadb0e45abadc all runs: crashed: kernel BUG in set_state_bits # git bisect bad 98849765a58b56479dbb105565a24417752eff25 Bisecting: 68 revisions left to test after this (roughly 6 steps) [b423e54ba965b4469b48e46fd16941f1e1701697] myri10ge: fix an incorrect free for skb in myri10ge_sw_tso testing commit b423e54ba965b4469b48e46fd16941f1e1701697 gcc compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 4c5821fc05b53e44c3c53d7cbaf39ed56ac22cb096daf98e6462c436d2053dc8 all runs: OK # git bisect good b423e54ba965b4469b48e46fd16941f1e1701697 Bisecting: 31 revisions left to test after this (roughly 5 steps) [42e7a03d3badebd4e70aea5362d6914dfc7c220b] Merge tag 'hyperv-fixes-signed-20220407' of git://git.kernel.org/pub/scm/linux/kernel/git/hyperv/linux testing commit 42e7a03d3badebd4e70aea5362d6914dfc7c220b gcc compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: cf4bc7548787fa584255aaf6ad89f6f4df34fd979cb741a9757751ee9fae19ac all runs: crashed: kernel BUG in set_state_bits # git bisect bad 42e7a03d3badebd4e70aea5362d6914dfc7c220b Bisecting: 20 revisions left to test after this (roughly 4 steps) [3e732ebf7316ac83e8562db7e64cc68aec390a18] Merge tag 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mst/vhost testing commit 3e732ebf7316ac83e8562db7e64cc68aec390a18 gcc compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: b2acd0401c98bd54e2863fefd7e8e359030f53f33fa957007178ff2a1373f042 all runs: crashed: kernel BUG in set_state_bits # git bisect bad 3e732ebf7316ac83e8562db7e64cc68aec390a18 Bisecting: 7 revisions left to test after this (roughly 3 steps) [60021bd754c6ca0addc6817994f20290a321d8d6] btrfs: prevent subvol with swapfile from being deleted testing commit 60021bd754c6ca0addc6817994f20290a321d8d6 gcc compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 6cc1661c1190f4299a2b9494b480489f2811e6ad03dff36bff7a30d8e49df447 all runs: crashed: kernel BUG in set_state_bits # git bisect bad 60021bd754c6ca0addc6817994f20290a321d8d6 Bisecting: 3 revisions left to test after this (roughly 2 steps) [bbac58698a55cc0a6f0c0d69a6dcd3f9f3134c11] btrfs: remove device item and update super block in the same transaction testing commit bbac58698a55cc0a6f0c0d69a6dcd3f9f3134c11 gcc compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 4f23dce8067c37e4886f5e9dff38467a77f3d690c7a62b529f211067e6fdfb66 all runs: OK # git bisect good bbac58698a55cc0a6f0c0d69a6dcd3f9f3134c11 Bisecting: 1 revision left to test after this (roughly 1 step) [75a36a7d3ea904cef2e5b56af0c58cc60dcf947a] btrfs: avoid defragging extents whose next extents are not targets testing commit 75a36a7d3ea904cef2e5b56af0c58cc60dcf947a gcc compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 0f77d88c910854624f173a3f46dc6f36383d94574351a07e007386008ffca98b all runs: crashed: kernel BUG in set_state_bits # git bisect bad 75a36a7d3ea904cef2e5b56af0c58cc60dcf947a Bisecting: 0 revisions left to test after this (roughly 0 steps) [05fd9564e9faf0f23b4676385e27d9405cef6637] btrfs: fix fallocate to use file_modified to update permissions consistently testing commit 05fd9564e9faf0f23b4676385e27d9405cef6637 gcc compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: f93904dee194989414d65078f62e157d368e94c43d3edfd9b8b389fa3a0b970b all runs: crashed: kernel BUG in set_state_bits # git bisect bad 05fd9564e9faf0f23b4676385e27d9405cef6637 05fd9564e9faf0f23b4676385e27d9405cef6637 is the first bad commit commit 05fd9564e9faf0f23b4676385e27d9405cef6637 Author: Darrick J. Wong Date: Mon Mar 14 10:55:32 2022 -0700 btrfs: fix fallocate to use file_modified to update permissions consistently Since the initial introduction of (posix) fallocate back at the turn of the century, it has been possible to use this syscall to change the user-visible contents of files. This can happen by extending the file size during a preallocation, or through any of the newer modes (punch, zero range). Because the call can be used to change file contents, we should treat it like we do any other modification to a file -- update the mtime, and drop set[ug]id privileges/capabilities. The VFS function file_modified() does all this for us if pass it a locked inode, so let's make fallocate drop permissions correctly. Reviewed-by: Filipe Manana Signed-off-by: Darrick J. Wong Signed-off-by: David Sterba fs/btrfs/file.c | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) culprit signature: f93904dee194989414d65078f62e157d368e94c43d3edfd9b8b389fa3a0b970b parent signature: 4f23dce8067c37e4886f5e9dff38467a77f3d690c7a62b529f211067e6fdfb66 revisions tested: 19, total time: 5h39m14.958413702s (build: 3h55m31.031915763s, test: 1h31m57.978265893s) first bad commit: 05fd9564e9faf0f23b4676385e27d9405cef6637 btrfs: fix fallocate to use file_modified to update permissions consistently recipients (to): ["djwong@kernel.org" "dsterba@suse.com" "fdmanana@suse.com"] recipients (cc): [] crash: kernel BUG in set_state_bits Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f2943e88168 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 00007f2944c35f80 RCX: 00007f2944b160d9 RDX: 0000000000000049 RSI: 0000000020000180 RDI: 0000000000000005 RBP: 00007f2943e881d0 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 R13: 00007ffd031a3ddf R14: 00007f2943e88300 R15: 0000000000022000 ------------[ cut here ]------------ kernel BUG at fs/btrfs/extent_io.c:938! invalid opcode: 0000 [#1] PREEMPT SMP KASAN CPU: 1 PID: 4153 Comm: syz-executor.0 Not tainted 5.17.0-rc8-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 RIP: 0010:set_state_bits+0x2f6/0x300 fs/btrfs/extent_io.c:938 Code: ff ff 48 89 df e8 3a 3f 8c fe e9 53 fe ff ff 44 89 f1 80 e1 07 38 c1 0f 8c c8 fd ff ff 4c 89 f7 e8 ff 3e 8c fe e9 bb fd ff ff <0f> 0b 0f 1f 84 00 00 00 00 00 55 41 57 41 56 41 55 41 54 53 48 83 RSP: 0018:ffffc900025ff5e0 EFLAGS: 00010282 RAX: 00000000fffffff4 RBX: 0000000000000fff RCX: ac196cc05e593900 RDX: 0000000000000038 RSI: 0000000000000000 RDI: ffff888011041640 RBP: 0000000000001000 R08: 0000000000000a20 R09: fffffbfff17bc937 R10: fffffbfff17bc937 R11: 1ffffffff17bc936 R12: ffff888146eabd88 R13: ffff88806a81dc80 R14: dffffc0000000000 R15: 0000000000000000 FS: 00007f2943e88700(0000) GS:ffff8880b9d00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00005575a4c29950 CR3: 0000000077d71000 CR4: 00000000003506e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: insert_state+0x9c/0x2e0 fs/btrfs/extent_io.c:571 set_extent_bit+0xfa9/0x1370 fs/btrfs/extent_io.c:1021 set_record_extent_bits+0x1b/0x30 fs/btrfs/extent_io.c:1421 qgroup_reserve_data+0x1f5/0x5a0 fs/btrfs/qgroup.c:3693 btrfs_qgroup_reserve_data+0x18/0x70 fs/btrfs/qgroup.c:3736 btrfs_check_data_free_space+0x1bf/0x2a0 fs/btrfs/delalloc-space.c:145 btrfs_buffered_write+0x4de/0x1740 fs/btrfs/file.c:1700 btrfs_direct_write fs/btrfs/file.c:2016 [inline] btrfs_do_write_iter+0x60a/0xcc0 fs/btrfs/file.c:2097 call_write_iter include/linux/fs.h:2074 [inline] new_sync_write fs/read_write.c:504 [inline] vfs_write+0x82a/0xb30 fs/read_write.c:591 ksys_write+0x123/0x200 fs/read_write.c:644 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x3d/0x90 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7f2944b160d9 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f2943e88168 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 00007f2944c35f80 RCX: 00007f2944b160d9 RDX: 0000000000000049 RSI: 0000000020000180 RDI: 0000000000000005 RBP: 00007f2943e881d0 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 R13: 00007ffd031a3ddf R14: 00007f2943e88300 R15: 0000000000022000 Modules linked in: ---[ end trace 0000000000000000 ]--- RIP: 0010:set_state_bits+0x2f6/0x300 fs/btrfs/extent_io.c:938 Code: ff ff 48 89 df e8 3a 3f 8c fe e9 53 fe ff ff 44 89 f1 80 e1 07 38 c1 0f 8c c8 fd ff ff 4c 89 f7 e8 ff 3e 8c fe e9 bb fd ff ff <0f> 0b 0f 1f 84 00 00 00 00 00 55 41 57 41 56 41 55 41 54 53 48 83 RSP: 0018:ffffc900025ff5e0 EFLAGS: 00010282 RAX: 00000000fffffff4 RBX: 0000000000000fff RCX: ac196cc05e593900 RDX: 0000000000000038 RSI: 0000000000000000 RDI: ffff888011041640 RBP: 0000000000001000 R08: 0000000000000a20 R09: fffffbfff17bc937 R10: fffffbfff17bc937 R11: 1ffffffff17bc936 R12: ffff888146eabd88 R13: ffff88806a81dc80 R14: dffffc0000000000 R15: 0000000000000000 FS: 00007f2943e88700(0000) GS:ffff8880b9d00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00005575a4c29950 CR3: 0000000077d71000 CR4: 00000000003506e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 ---------------- Code disassembly (best guess): 0: 28 00 sub %al,(%rax) 2: 00 00 add %al,(%rax) 4: 75 05 jne 0xb 6: 48 83 c4 28 add $0x28,%rsp a: c3 retq b: e8 f1 19 00 00 callq 0x1a01 10: 90 nop 11: 48 89 f8 mov %rdi,%rax 14: 48 89 f7 mov %rsi,%rdi 17: 48 89 d6 mov %rdx,%rsi 1a: 48 89 ca mov %rcx,%rdx 1d: 4d 89 c2 mov %r8,%r10 20: 4d 89 c8 mov %r9,%r8 23: 4c 8b 4c 24 08 mov 0x8(%rsp),%r9 28: 0f 05 syscall * 2a: 48 3d 01 f0 ff ff cmp $0xfffffffffffff001,%rax <-- trapping instruction 30: 73 01 jae 0x33 32: c3 retq 33: 48 c7 c1 b8 ff ff ff mov $0xffffffffffffffb8,%rcx 3a: f7 d8 neg %eax 3c: 64 89 01 mov %eax,%fs:(%rcx) 3f: 48 rex.W