ci starts bisection 2023-10-14 03:00:06.958481783 +0000 UTC m=+83733.454584072 bisecting fixing commit since a5e505a99ca748583dbe558b691be1b26f05d678 building syzkaller on 4d7ae7ab1c3ef41cc0e71fb19799dcec94213101 ensuring issue is reproducible on original commit a5e505a99ca748583dbe558b691be1b26f05d678 testing commit a5e505a99ca748583dbe558b691be1b26f05d678 gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 3ab65fa3c3da64549f68b9732e7a20bdfa9e66f63a05e2b0e3a60e217cf00298 run #0: crashed: general protection fault in psi_task_change run #1: crashed: general protection fault in mm_update_next_owner run #2: crashed: general protection fault in cpuacct_account_field run #3: crashed: general protection fault in debug_check_no_obj_freed run #4: crashed: general protection fault in __blk_crypto_rq_bio_prep run #5: basic kernel testing failed: failed to copy binary to VM: failed to run ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "-v" "/tmp/syz-executor1038610247" "root@10.128.10.62:./syz-executor1038610247"]: exit status 255 Executing: program /usr/bin/ssh host 10.128.10.62, user root, command sftp OpenSSH_9.2p1 Debian-2, OpenSSL 3.0.9 30 May 2023 debug1: Reading configuration data /dev/null debug1: Connecting to 10.128.10.62 [10.128.10.62] port 22. debug1: connect to address 10.128.10.62 port 22: Connection timed out ssh: connect to host 10.128.10.62 port 22: Connection timed out scp: Connection closed run #6: crashed: general protection fault in do_arch_prctl_64 run #7: crashed: general protection fault in rcu_core run #8: crashed: WARNING in signal_wake_up_state run #9: crashed: general protection fault in __call_rcu_common run #10: crashed: general protection fault in hrtimer_nanosleep run #11: crashed: general protection fault in io_serial_in run #12: crashed: general protection fault in debug_check_no_obj_freed run #13: crashed: general protection fault in bio_associate_blkg_from_css run #14: crashed: general protection fault in hrtimer_nanosleep run #15: crashed: BUG: unable to handle kernel paging request in generic_file_write_iter run #16: crashed: general protection fault in do_exit run #17: crashed: general protection fault in __hrtimer_run_queues run #18: crashed: general protection fault in pid_task run #19: OK representative crash: general protection fault in psi_task_change, types: [UNKNOWN] check whether we can drop unnecessary instrumentation disabling configs for [LOCKDEP ATOMIC_SLEEP HANG LEAK UBSAN BUG KASAN], they are not needed testing commit a5e505a99ca748583dbe558b691be1b26f05d678 gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: ecd249087b04cc9b4eafcc276052e3a9b48869ccb3dab902f5a489da362761c4 run #0: crashed: general protection fault in timerqueue_del run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK representative crash: general protection fault in timerqueue_del, types: [UNKNOWN] kconfig minimization: base=3883 full=7652 leaves diff=1999 split chunks (needed=false): <1999> split chunk #0 of len 1999 into 5 parts testing without sub-chunk 1/5 testing commit a5e505a99ca748583dbe558b691be1b26f05d678 gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: e8068d533e35e6a768d15baeb4a01e3c85549babe0b27027871f7b9cffc9dbca run #0: crashed: WARNING: locking bug in __dquot_free_space run #1: crashed: general protection fault in __hrtimer_run_queues run #2: crashed: general protection fault, probably for noSeaBIOS (version NUM.NUM.NUM-google) run #3: crashed: general protection fault,SeaBIOS (version NUM.NUM.NUM-google) run #4: crashed: go runtime error run #5: crashed: general protection fault in __hrtimer_run_queues run #6: crashed: general protection fault in debug_check_no_obj_freed run #7: crashed: general protection fault in hrtimer_nanosleep run #8: crashed: general protection fault in __hrtimer_run_queues run #9: crashed: BUG: unable to handle kernel paging request in generic_file_write_iter run #10: crashed: kernel BUG in corrupted run #11: crashed: BUG: unable to handle kernel paging request in generic_file_write_iter run #12: crashed: general protection fault in cgroup_rstat_updated run #13: crashed: general protection fault in cpuacct_account_field run #14: crashed: general protection fault in debug_check_no_obj_freed run #15: crashed: WARNING: locking bug in psi_group_change run #16: crashed: general protection fault in list_lru_add run #17: crashed: go runtime error run #18: crashed: general protection fault in lookup_object_or_alloc run #19: crashed: no output from test machine representative crash: general protection fault in __hrtimer_run_queues, types: [UNKNOWN] the chunk can be dropped testing without sub-chunk 2/5 testing commit a5e505a99ca748583dbe558b691be1b26f05d678 gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 6c03a255f17435e2debbe040f6d81779257b04c95020a5db1eed8945981a482e run #0: crashed: general protection fault in enqueue_task_fair run #1: basic kernel testing failed: failed to copy binary to VM: failed to run ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "-v" "/tmp/syz-executor2950947827" "root@10.128.0.188:./syz-executor2950947827"]: exit status 255 Executing: program /usr/bin/ssh host 10.128.0.188, user root, command sftp OpenSSH_9.2p1 Debian-2, OpenSSL 3.0.9 30 May 2023 debug1: Reading configuration data /dev/null debug1: Connecting to 10.128.0.188 [10.128.0.188] port 22. debug1: connect to address 10.128.0.188 port 22: Connection timed out ssh: connect to host 10.128.0.188 port 22: Connection timed out scp: Connection closed run #2: crashed: general protection fault in tomoyo_realpath_from_path run #3: crashed: general protection fault in update_blocked_averages run #4: crashed: BUG: unable to handle kernel paging request in ext4_ext_remove_space run #5: crashed: general protection fault in lookup_object_or_alloc run #6: crashed: general protection fault in cpuacct_account_field run #7: crashed: general protection fault in timerqueue_del run #8: crashed: general protection fault in cpuacct_charge run #9: crashed: general protection fault in ext4_handle_error run #10: crashed: BUG: unable to handle kernel NULL pointer dereference in rcu_core run #11: crashed: general protection fault in psi_task_change run #12: crashed: BUG: Bad rss-counter state run #13: crashed: BUG: unable to handle kernel NULL pointer dereference in rcu_core run #14: crashed: BUG: unable to handle kernel paging request in ext4_ext_remove_space run #15: crashed: general protection fault in refill_obj_stock run #16: crashed: KASAN: wild-memory-access Read in __lock_task_sighand run #17: crashed: BUG: unable to handle kernel paging request in ext4_es_lookup_extent run #18: crashed: kernel panic: corrupted stack end in corrupted run #19: basic kernel testing failed: failed to copy binary to VM: failed to run ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "-v" "/tmp/syz-executor3636747665" "root@10.128.10.43:./syz-executor3636747665"]: exit status 255 Executing: program /usr/bin/ssh host 10.128.10.43, user root, command sftp OpenSSH_9.2p1 Debian-2, OpenSSL 3.0.9 30 May 2023 debug1: Reading configuration data /dev/null debug1: Connecting to 10.128.10.43 [10.128.10.43] port 22. debug1: connect to address 10.128.10.43 port 22: Connection timed out ssh: connect to host 10.128.10.43 port 22: Connection timed out scp: Connection closed representative crash: general protection fault in enqueue_task_fair, types: [UNKNOWN] the chunk can be dropped testing without sub-chunk 3/5 testing commit a5e505a99ca748583dbe558b691be1b26f05d678 gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 1a0e013a80a0a8d6bdee1d4e8d069a28fe8b02a7e751ace7c65e6ead266aa719 run #0: crashed: general protection fault in cpuacct_account_field run #1: crashed: general protection fault in __ext4_error_inode run #2: crashed: general protection fault in ext4_handle_error run #3: crashed: general protection fault in rcu_core run #4: crashed: stack segment fault in __stack_depot_save run #5: crashed: KASAN: wild-memory-access Write in filemap_get_entry run #6: crashed: BUG: unable to handle kernel paging request in ext4_ext_remove_space run #7: crashed: kernel BUG in __phys_addr run #8: crashed: general protection fault in lock_mm_and_find_vma run #9: crashed: general protection fault in ext4_handle_error run #10: crashed: BUG: unable to handle kernel NULL pointer dereference in rcu_core run #11: crashed: possible deadlock in task_fork_fair run #12: basic kernel testing failed: failed to copy binary to VM: failed to run ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "-v" "/tmp/syz-executor3091248579" "root@10.128.0.158:./syz-executor3091248579"]: exit status 255 Executing: program /usr/bin/ssh host 10.128.0.158, user root, command sftp OpenSSH_9.2p1 Debian-2, OpenSSL 3.0.9 30 May 2023 debug1: Reading configuration data /dev/null debug1: Connecting to 10.128.0.158 [10.128.0.158] port 22. debug1: fd 3 clearing O_NONBLOCK debug1: Connection established. debug1: identity file /root/.ssh/id_rsa type -1 debug1: identity file /root/.ssh/id_rsa-cert type -1 debug1: identity file /root/.ssh/id_ecdsa type -1 debug1: identity file /root/.ssh/id_ecdsa-cert type -1 debug1: identity file /root/.ssh/id_ecdsa_sk type -1 debug1: identity file /root/.ssh/id_ecdsa_sk-cert type -1 debug1: identity file /root/.ssh/id_ed25519 type -1 debug1: identity file /root/.ssh/id_ed25519-cert type -1 debug1: identity file /root/.ssh/id_ed25519_sk type -1 debug1: identity file /root/.ssh/id_ed25519_sk-cert type -1 debug1: identity file /root/.ssh/id_xmss type -1 debug1: identity file /root/.ssh/id_xmss-cert type -1 debug1: identity file /root/.ssh/id_dsa type -1 debug1: identity file /root/.ssh/id_dsa-cert type -1 debug1: Local version string SSH-2.0-OpenSSH_9.2p1 Debian-2 debug1: Remote protocol version 2.0, remote software version OpenSSH_9.1 debug1: compat_banner: match: OpenSSH_9.1 pat OpenSSH* compat 0x04000000 debug1: Authenticating to 10.128.0.158:22 as 'root' debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: algorithm: sntrup761x25519-sha512@openssh.com debug1: kex: host key algorithm: ssh-ed25519 debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: compression: none debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: compression: none debug1: expecting SSH2_MSG_KEX_ECDH_REPLY Connection closed by 10.128.0.158 port 22 scp: Connection closed run #13: crashed: general protection fault in io_serial_out run #14: crashed: kernel BUG in corrupted run #15: OK run #16: OK run #17: OK run #18: OK run #19: OK representative crash: general protection fault in cpuacct_account_field, types: [UNKNOWN] the chunk can be dropped testing without sub-chunk 4/5 testing commit a5e505a99ca748583dbe558b691be1b26f05d678 gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: a6476c5e268df5eb6da1bfe5fa499e795511d734839fa8eda229f5627d7ab61c run #0: crashed: BUG: unable to handle kernel paging request in __stack_depot_save run #1: crashed: go runtime error run #2: crashed: general protection fault in ip6t_do_table run #3: crashed: go runtime error run #4: crashed: go runtime error run #5: crashed: general protection fault in update_blocked_averages run #6: crashed: BUG: unable to handle kernel paging request in __stack_depot_save run #7: crashed: go runtime error run #8: crashed: general protection fault in rcu_core run #9: crashed: KASAN: user-memory-access Write in filemap_get_read_batch run #10: crashed: WARNING: still has locks held in ksys_write run #11: crashed: general protection fault in __d_alloc run #12: crashed: general protection fault in timerqueue_add run #13: crashed: general protection fault in cpuacct_account_field run #14: crashed: BUG: unable to handle kernel paging request in __stack_depot_save run #15: crashed: general protection fault, probably for non-canonical addrSeaBIOS (version NUM.NUM.NUM-google) run #16: crashed: general protection fault in __hrtimer_run_queues run #17: crashed: BUG: unable to handle kernel paging request in ext4_ext_remove_space run #18: OK run #19: OK representative crash: BUG: unable to handle kernel paging request in __stack_depot_save, types: [UNKNOWN] the chunk can be dropped testing without sub-chunk 5/5 testing commit a5e505a99ca748583dbe558b691be1b26f05d678 gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 8f5d3d20cdee05b27415184442a1243145e0ac0f4df79e45fbd457efca921eca run #0: crashed: general protection fault in end_bio_bh_io_sync run #1: crashed: BUG: unable to handle kernel NULL pointer dereference in rcu_core run #2: crashed: general protection fault in inode_permission run #3: crashed: PANIC: double fault in __switch_to_asm run #4: crashed: KFENCE: invalid read in ext4_ext_remove_space run #5: crashed: general protection fault in pid_task run #6: crashed: BUG: unable to handle kernel NULL pointer dereference in rcu_core run #7: crashed: stack segment fault in __stack_depot_save run #8: crashed: KASAN: wild-memory-access Write in find_get_entry run #9: crashed: general protection fault in d_path run #10: crashed: general protection fault in cpuacct_charge run #11: crashed: KFENCE: invalid read in ext4_ext_remove_space run #12: crashed: general protection fault in rcu_core run #13: crashed: UBSAN: shift-out-of-bounds in __radix_tree_lookup run #14: crashed: general protection fault in __cgroup_account_cputime run #15: crashed: general protection fault in rcu_core run #16: crashed: BUG: unable to handle kernel paging request in generic_file_write_iter run #17: crashed: BUG: corrupted list in enqueue_task_fair run #18: crashed: stack segment fault in __stack_depot_save run #19: OK representative crash: general protection fault in end_bio_bh_io_sync, types: [UNKNOWN] the chunk can be dropped testing current HEAD 8cb1f10d8c4b716c88b87ae4402a3305d96e5db2 testing commit 8cb1f10d8c4b716c88b87ae4402a3305d96e5db2 gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 44d5a159323cf35fef3bea2bde266f1783c30193a41a9a3058389e366562475f run #0: crashed: general protection fault in kernfs_dop_revalidate run #1: crashed: general protection fault in fsnotify run #2: crashed: KFENCE: invalid read in ext4_ext_remove_space run #3: crashed: go runtime error run #4: crashed: general protection fault in rcu_core run #5: crashed: general protection fault in pid_task run #6: crashed: general protection fault in fsnotify run #7: crashed: KFENCE: invalid read in ext4_ext_remove_space run #8: crashed: UBSAN: shift-out-of-bounds in __block_write_begin_int run #9: crashed: BUG: corrupted list in __dentry_kill run #10: crashed: UBSAN: shift-out-of-bounds in idr_get_free run #11: crashed: general protection fault in rcu_core run #12: crashed: KASAN: wild-memory-access Read in force_sig_info_to_task run #13: crashed: general protection fault in validate_mm run #14: crashed: WARNING in ext4_punch_hole run #15: crashed: BUG: unable to handle kernel paging request in corrupted run #16: crashed: BUG: unable to handle kernel NULL pointer dereference in rcu_core run #17: OK run #18: OK run #19: OK representative crash: general protection fault in kernfs_dop_revalidate, types: [UNKNOWN] crash still not fixed/happens on the oldest tested release reproducer is flaky (0.95 repro chance estimate) revisions tested: 8, total time: 2h52m8.367642345s (build: 57m37.019132771s, test: 1h49m11.95364394s) crash still not fixed or there were kernel test errors commit msg: Merge tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi crash: general protection fault in kernfs_dop_revalidate general protection fault, probably for non-canonical address 0xdffffc595ffff116: 0000 [#1] PREEMPT SMP KASAN KASAN: probably user-memory-access in range [0x000002caffff88b0-0x000002caffff88b7] CPU: 1 PID: 714 Comm: udevd Not tainted 6.6.0-rc5-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023 RIP: 0010:kernfs_root fs/kernfs/kernfs-internal.h:68 [inline] RIP: 0010:kernfs_dop_revalidate+0x86/0x4f0 fs/kernfs/dir.c:1137 Code: 48 c1 ea 03 80 3c 02 00 0f 85 a4 03 00 00 48 8b ad 70 04 00 00 48 b8 00 00 00 00 00 fc ff df 4c 8d 75 30 4c 89 f2 48 c1 ea 03 <80> 3c 02 00 0f 85 92 03 00 00 48 b8 00 00 00 00 00 fc ff df 4c 8b RSP: 0018:ffffc900003bfb38 EFLAGS: 00010212 RAX: dffffc0000000000 RBX: ffff88811fdd22f0 RCX: ffffc900003bfab0 RDX: 000000595ffff116 RSI: 0000000000000000 RDI: ffff888128799850 RBP: 000002caffff8881 R08: 0000000000000000 R09: fffffbfff09526e2 R10: ffffffff84a93717 R11: 0000000000000000 R12: ffff888112d31d60 R13: ffffc900003bfcc8 R14: 000002caffff88b1 R15: 0000000000000000 FS: 00007fa59aa17c80(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000020040000 CR3: 00000001073f2000 CR4: 0000000000350ee0 Call Trace: d_revalidate fs/namei.c:861 [inline] d_revalidate fs/namei.c:858 [inline] lookup_fast+0x1c6/0x430 fs/namei.c:1654 walk_component+0x4c/0x4f0 fs/namei.c:1997 lookup_last fs/namei.c:2458 [inline] path_lookupat+0x122/0x670 fs/namei.c:2482 filename_lookup+0x1ad/0x530 fs/namei.c:2511 user_path_at_empty+0x35/0x50 fs/namei.c:2910 do_readlinkat+0xba/0x2b0 fs/stat.c:490 __do_sys_readlink fs/stat.c:523 [inline] __se_sys_readlink fs/stat.c:520 [inline] __x64_sys_readlink+0x73/0xb0 fs/stat.c:520 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x38/0x80 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd RIP: 0033:0x7fa59ab43d47 Code: 73 01 c3 48 8b 0d e1 90 0d 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 59 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d b1 90 0d 00 f7 d8 64 89 01 48 RSP: 002b:00007ffe4860af68 EFLAGS: 00000246 ORIG_RAX: 0000000000000059 RAX: ffffffffffffffda RBX: 00007ffe4860af78 RCX: 00007fa59ab43d47 RDX: 0000000000000400 RSI: 00007ffe4860af78 RDI: 00007ffe4860b458 RBP: 0000000000000400 R08: 000055a5c3e24c24 R09: 0000000000000000 R10: 0000000000000812 R11: 0000000000000246 R12: 00007ffe4860b458 R13: 00007ffe4860b3c8 R14: 000055a5c3e19910 R15: 0000000000000000 Modules linked in: ---[ end trace 0000000000000000 ]--- RIP: 0010:kernfs_root fs/kernfs/kernfs-internal.h:68 [inline] RIP: 0010:kernfs_dop_revalidate+0x86/0x4f0 fs/kernfs/dir.c:1137 Code: 48 c1 ea 03 80 3c 02 00 0f 85 a4 03 00 00 48 8b ad 70 04 00 00 48 b8 00 00 00 00 00 fc ff df 4c 8d 75 30 4c 89 f2 48 c1 ea 03 <80> 3c 02 00 0f 85 92 03 00 00 48 b8 00 00 00 00 00 fc ff df 4c 8b RSP: 0018:ffffc900003bfb38 EFLAGS: 00010212 RAX: dffffc0000000000 RBX: ffff88811fdd22f0 RCX: ffffc900003bfab0 RDX: 000000595ffff116 RSI: 0000000000000000 RDI: ffff888128799850 RBP: 000002caffff8881 R08: 0000000000000000 R09: fffffbfff09526e2 R10: ffffffff84a93717 R11: 0000000000000000 R12: ffff888112d31d60 R13: ffffc900003bfcc8 R14: 000002caffff88b1 R15: 0000000000000000 FS: 00007fa59aa17c80(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000020040000 CR3: 00000001073f2000 CR4: 0000000000350ee0 ---------------- Code disassembly (best guess): 0: 48 c1 ea 03 shr $0x3,%rdx 4: 80 3c 02 00 cmpb $0x0,(%rdx,%rax,1) 8: 0f 85 a4 03 00 00 jne 0x3b2 e: 48 8b ad 70 04 00 00 mov 0x470(%rbp),%rbp 15: 48 b8 00 00 00 00 00 movabs $0xdffffc0000000000,%rax 1c: fc ff df 1f: 4c 8d 75 30 lea 0x30(%rbp),%r14 23: 4c 89 f2 mov %r14,%rdx 26: 48 c1 ea 03 shr $0x3,%rdx * 2a: 80 3c 02 00 cmpb $0x0,(%rdx,%rax,1) <-- trapping instruction 2e: 0f 85 92 03 00 00 jne 0x3c6 34: 48 b8 00 00 00 00 00 movabs $0xdffffc0000000000,%rax 3b: fc ff df 3e: 4c rex.WR 3f: 8b .byte 0x8b