ci2 starts bisection 2023-03-21 19:52:51.538655946 +0000 UTC m=+10758.627429954 bisecting cause commit starting from 17214b70a159c6547df9ae204a6275d983146f6b building syzkaller on 8b4eb097b2e5a6f78a8d0b1ae48de4bbaa4c45a1 ensuring issue is reproducible on original commit 17214b70a159c6547df9ae204a6275d983146f6b testing commit 17214b70a159c6547df9ae204a6275d983146f6b gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 220372c1f37de08452d60d54beb83d823b47c1359778358e175ba054b50a3d7d all runs: crashed: KASAN: null-ptr-deref Write in xfs_filestream_select_ag testing release v6.2 testing commit c9c3395d5e3dcc6daee66c6908354d47bf98cb0c gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 5a5ad6368529e396e32afd869488efeb0cffa8760612e6dd853b3f60e670d8cb all runs: OK # git bisect start 17214b70a159c6547df9ae204a6275d983146f6b c9c3395d5e3dcc6daee66c6908354d47bf98cb0c Bisecting: 7588 revisions left to test after this (roughly 13 steps) [307e14c039063f0c9bd7a18a7add8f940580dcc9] Merge tag '6.3-rc-smb3-client-fixes' of git://git.samba.org/sfrench/cifs-2.6 testing commit 307e14c039063f0c9bd7a18a7add8f940580dcc9 gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 0b159e86925d8f066f207a08a42f05f3e91ad732f7a8417a0bb57fc590c90702 all runs: OK # git bisect good 307e14c039063f0c9bd7a18a7add8f940580dcc9 Bisecting: 3780 revisions left to test after this (roughly 12 steps) [90ddb3f03418cce0d83c415c0c1d470cf524ba46] Merge tag 'pci-v6.3-changes' of git://git.kernel.org/pub/scm/linux/kernel/git/pci/pci testing commit 90ddb3f03418cce0d83c415c0c1d470cf524ba46 gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 9544daaadaa798608b9551fedfb535dc42d1ea4f5195fb85ccec6e6fc48ac0ae all runs: OK # git bisect good 90ddb3f03418cce0d83c415c0c1d470cf524ba46 Bisecting: 1915 revisions left to test after this (roughly 11 steps) [cc38a46de76e15d20bea5768e99af17b65a9caeb] Merge tag 'rpmsg-v6.3' of git://git.kernel.org/pub/scm/linux/kernel/git/remoteproc/linux testing commit cc38a46de76e15d20bea5768e99af17b65a9caeb gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: f1d78f1dcac041d23cb0fe28c1b814798bb12b0ce87b534d47b9bae601b08770 all runs: OK # git bisect good cc38a46de76e15d20bea5768e99af17b65a9caeb Bisecting: 949 revisions left to test after this (roughly 10 steps) [9d0281b56be5d90117a75065f4edc27b25b14c8c] Merge tag 'block-6.3-2023-03-03' of git://git.kernel.dk/linux testing commit 9d0281b56be5d90117a75065f4edc27b25b14c8c gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 21745b52c65ba05015827c34ae04d4fd1576b87bb76a016ff0cdf2275ec0b765 all runs: crashed: no output from test machine # git bisect bad 9d0281b56be5d90117a75065f4edc27b25b14c8c Bisecting: 470 revisions left to test after this (roughly 9 steps) [103830683cfc8f43b15158b0a48014b6d6e83633] Merge tag 'f2fs-for-6.3-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/jaegeuk/f2fs testing commit 103830683cfc8f43b15158b0a48014b6d6e83633 gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 520692c7ca62214b28b473b4461e10bb74869cb512c5ecacf8d3417b11b0fefa all runs: OK # git bisect good 103830683cfc8f43b15158b0a48014b6d6e83633 Bisecting: 226 revisions left to test after this (roughly 8 steps) [857f1268a591147f7be7509f249dbb3aba6fc65c] Merge tag 'objtool-core-2023-03-02' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip testing commit 857f1268a591147f7be7509f249dbb3aba6fc65c gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 5d096927d7221c1e11a6760787aef389793d2c475ef0fd7d66b41c2b083ae563 all runs: crashed: no output from test machine # git bisect bad 857f1268a591147f7be7509f249dbb3aba6fc65c Bisecting: 136 revisions left to test after this (roughly 7 steps) [3808330b20ee0b23e1e3c192610c3a2ee65605e9] Merge tag '9p-6.3-for-linus-part1' of git://git.kernel.org/pub/scm/linux/kernel/git/ericvh/v9fs testing commit 3808330b20ee0b23e1e3c192610c3a2ee65605e9 gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 3862954513ed53f1f79552189384ada8e9f757e6e572ad5e48d8ee9ca6c784bc all runs: crashed: no output from test machine # git bisect bad 3808330b20ee0b23e1e3c192610c3a2ee65605e9 Bisecting: 61 revisions left to test after this (roughly 6 steps) [6e2985c938e8b765b3de299c561d87f98330c546] xfs: restore old agirotor behavior testing commit 6e2985c938e8b765b3de299c561d87f98330c546 gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: c9a70d5168cdddc743397164f036257c116ec3410f8fbf0067f88c76d860cc9c all runs: crashed: no output from test machine # git bisect bad 6e2985c938e8b765b3de299c561d87f98330c546 Bisecting: 22 revisions left to test after this (roughly 5 steps) [db4710fd12248e5d4c3842520cd13f034136576b] xfs: introduce xfs_alloc_vextent_near_bno() testing commit db4710fd12248e5d4c3842520cd13f034136576b gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: c4e71d4f833629a5e65ecb8764f1810963da01d6aac4ed96e5f9b560c7d61d71 all runs: OK # git bisect good db4710fd12248e5d4c3842520cd13f034136576b Bisecting: 11 revisions left to test after this (roughly 4 steps) [8f7747ad8c52cde585b9456f6dbd1984af7b97bc] xfs: move xfs_bmap_btalloc_filestreams() to xfs_filestreams.c testing commit 8f7747ad8c52cde585b9456f6dbd1984af7b97bc gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 33d7eaaf63d07a727d00bfe8b5f527596776a53190b06ab4204188baecdb79ff all runs: OK # git bisect good 8f7747ad8c52cde585b9456f6dbd1984af7b97bc Bisecting: 5 revisions left to test after this (roughly 3 steps) [eb70aa2d8ed9a6fc3525f305226c550524390cd2] xfs: use for_each_perag_wrap in xfs_filestream_pick_ag testing commit eb70aa2d8ed9a6fc3525f305226c550524390cd2 gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 fs/xfs/xfs_filestream.c:111:9: error: use of undeclared label 'next_ag' # git bisect skip eb70aa2d8ed9a6fc3525f305226c550524390cd2 Bisecting: 5 revisions left to test after this (roughly 3 steps) [bd4f5d09cc93c8ca51e4efea86ac90a4bb553d6e] xfs: refactor the filestreams allocator pick functions testing commit bd4f5d09cc93c8ca51e4efea86ac90a4bb553d6e gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: ff8d9de846dcd216f47b6a8fc646a8db031c975ee52ce10843f95cf305f1923a all runs: crashed: no output from test machine # git bisect bad bd4f5d09cc93c8ca51e4efea86ac90a4bb553d6e Bisecting: 3 revisions left to test after this (roughly 2 steps) [3054face139f9c77566a90a0524dd85c2f38c7f2] xfs: track an active perag reference in filestreams testing commit 3054face139f9c77566a90a0524dd85c2f38c7f2 gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 02fc584885252ff5eec57a8e7faa8fa27dbcebbccda91a393739460c149ca6e4 all runs: crashed: general protection fault in xfs_filestream_select_ag # git bisect bad 3054face139f9c77566a90a0524dd85c2f38c7f2 Bisecting: 1 revision left to test after this (roughly 1 step) [3e43877a9dac13771ac722462c87bea0bdc50759] xfs: remove xfs_filestream_select_ag() longest extent check testing commit 3e43877a9dac13771ac722462c87bea0bdc50759 gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 58f41b2b86e42f970b329788c959ba66793e5ae1cc4003de5ff35f8da9f6a80c all runs: crashed: general protection fault in xfs_filestream_select_ag # git bisect bad 3e43877a9dac13771ac722462c87bea0bdc50759 Bisecting: 1 revision left to test after this (roughly 1 step) [a52dc2ad363088d0e0ab05a71f0496e2377e5cc9] xfs: merge filestream AG lookup into xfs_filestream_select_ag() testing commit a52dc2ad363088d0e0ab05a71f0496e2377e5cc9 gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: f4be862ced2b85d6f6ce2aadd457c0a98d50d8120868bcb7aa6e181153db7e7f all runs: OK # git bisect good a52dc2ad363088d0e0ab05a71f0496e2377e5cc9 Bisecting: 0 revisions left to test after this (roughly 0 steps) [ba34de8defe013e4062bdc2ed57d748d6807a96a] xfs: merge new filestream AG selection into xfs_filestream_select_ag() testing commit ba34de8defe013e4062bdc2ed57d748d6807a96a gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: ff12d22bd55972a0e4e5f2ec973589a5a9198c3b12820956d2fb60d3c26b0afb all runs: OK # git bisect good ba34de8defe013e4062bdc2ed57d748d6807a96a 3e43877a9dac13771ac722462c87bea0bdc50759 is the first bad commit commit 3e43877a9dac13771ac722462c87bea0bdc50759 Author: Dave Chinner Date: Mon Feb 13 09:14:55 2023 +1100 xfs: remove xfs_filestream_select_ag() longest extent check Picking a new AG checks the longest free extent in the AG is valid, so there's no need to repeat the check in xfs_filestream_select_ag(). Remove it. Signed-off-by: Dave Chinner Reviewed-by: Darrick J. Wong fs/xfs/xfs_filestream.c | 18 +----------------- 1 file changed, 1 insertion(+), 17 deletions(-) culprit signature: 58f41b2b86e42f970b329788c959ba66793e5ae1cc4003de5ff35f8da9f6a80c parent signature: ff12d22bd55972a0e4e5f2ec973589a5a9198c3b12820956d2fb60d3c26b0afb revisions tested: 17, total time: 7h56m21.957838519s (build: 5h30m30.699613995s, test: 2h12m46.467777854s) first bad commit: 3e43877a9dac13771ac722462c87bea0bdc50759 xfs: remove xfs_filestream_select_ag() longest extent check recipients (to): ["dchinner@redhat.com" "djwong@kernel.org"] recipients (cc): [] crash: general protection fault in xfs_filestream_select_ag general protection fault, probably for non-canonical address 0xdffffc0000000058: 0000 [#1] PREEMPT SMP KASAN KASAN: null-ptr-deref in range [0x00000000000002c0-0x00000000000002c7] CPU: 0 PID: 35 Comm: kworker/u4:2 Not tainted 6.2.0-rc6-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 Workqueue: writeback wb_workfn (flush-7:0) RIP: 0010:iput+0x40/0x740 fs/inode.c:1763 Code: 48 85 ff 0f 84 3d 03 00 00 49 bf 00 00 00 00 00 fc ff df 48 8b 04 24 48 8d 98 d8 00 00 00 48 89 d8 48 c1 e8 03 48 89 44 24 10 <42> 80 3c 38 00 74 08 48 89 df e8 21 8b ed ff f6 03 40 0f 85 dc 06 RSP: 0018:ffffc90000ac6560 EFLAGS: 00010202 RAX: 0000000000000058 RBX: 00000000000002c0 RCX: 0000000080000001 RDX: 0000000000000000 RSI: ffffffff89ea7220 RDI: 00000000000001e8 RBP: ffffc90000ac6b40 R08: dffffc0000000000 R09: fffffbfff1a7b756 R10: 0000000000000000 R11: dffffc0000000001 R12: ffffc90000ac6ae8 R13: 0000000000000000 R14: 0000000000000000 R15: dffffc0000000000 FS: 0000000000000000(0000) GS:ffff8880b9c00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f5670e019ee CR3: 000000007c687000 CR4: 00000000003506f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: xfs_filestream_select_ag+0x47f/0x1530 fs/xfs/xfs_filestream.c:360 xfs_bmap_btalloc_filestreams fs/xfs/libxfs/xfs_bmap.c:3551 [inline] xfs_bmap_btalloc+0xd13/0x2290 fs/xfs/libxfs/xfs_bmap.c:3655 xfs_bmap_alloc_userdata fs/xfs/libxfs/xfs_bmap.c:4029 [inline] xfs_bmapi_allocate+0x5a5/0xcd0 fs/xfs/libxfs/xfs_bmap.c:4072 xfs_bmapi_convert_delalloc+0x81d/0x10f0 fs/xfs/libxfs/xfs_bmap.c:4537 xfs_convert_blocks fs/xfs/xfs_aops.c:266 [inline] xfs_map_blocks+0x67f/0xf00 fs/xfs/xfs_aops.c:389 iomap_writepage_map fs/iomap/buffered-io.c:1612 [inline] iomap_do_writepage+0x8a5/0x2680 fs/iomap/buffered-io.c:1775 write_cache_pages+0x7fe/0x1140 mm/page-writeback.c:2472 iomap_writepages+0x58/0x210 fs/iomap/buffered-io.c:1792 xfs_vm_writepages+0x12c/0x190 fs/xfs/xfs_aops.c:506 do_writepages+0x340/0x5d0 mm/page-writeback.c:2581 __writeback_single_inode+0x116/0xe50 fs/fs-writeback.c:1598 writeback_sb_inodes+0x65c/0x1020 fs/fs-writeback.c:1889 wb_writeback+0x3d7/0xba0 fs/fs-writeback.c:2063 wb_do_writeback fs/fs-writeback.c:2206 [inline] wb_workfn+0x414/0xe90 fs/fs-writeback.c:2246 process_one_work+0x7e5/0x1000 kernel/workqueue.c:2289 worker_thread+0x8c9/0xfd0 kernel/workqueue.c:2436 kthread+0x232/0x2b0 kernel/kthread.c:376 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308 Modules linked in: ---[ end trace 0000000000000000 ]--- RIP: 0010:iput+0x40/0x740 fs/inode.c:1763 Code: 48 85 ff 0f 84 3d 03 00 00 49 bf 00 00 00 00 00 fc ff df 48 8b 04 24 48 8d 98 d8 00 00 00 48 89 d8 48 c1 e8 03 48 89 44 24 10 <42> 80 3c 38 00 74 08 48 89 df e8 21 8b ed ff f6 03 40 0f 85 dc 06 RSP: 0018:ffffc90000ac6560 EFLAGS: 00010202 RAX: 0000000000000058 RBX: 00000000000002c0 RCX: 0000000080000001 RDX: 0000000000000000 RSI: ffffffff89ea7220 RDI: 00000000000001e8 RBP: ffffc90000ac6b40 R08: dffffc0000000000 R09: fffffbfff1a7b756 R10: 0000000000000000 R11: dffffc0000000001 R12: ffffc90000ac6ae8 R13: 0000000000000000 R14: 0000000000000000 R15: dffffc0000000000 FS: 0000000000000000(0000) GS:ffff8880b9c00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00005580dfa98000 CR3: 000000000bc8e000 CR4: 00000000003506f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 ---------------- Code disassembly (best guess): 0: 48 85 ff test %rdi,%rdi 3: 0f 84 3d 03 00 00 je 0x346 9: 49 bf 00 00 00 00 00 movabs $0xdffffc0000000000,%r15 10: fc ff df 13: 48 8b 04 24 mov (%rsp),%rax 17: 48 8d 98 d8 00 00 00 lea 0xd8(%rax),%rbx 1e: 48 89 d8 mov %rbx,%rax 21: 48 c1 e8 03 shr $0x3,%rax 25: 48 89 44 24 10 mov %rax,0x10(%rsp) * 2a: 42 80 3c 38 00 cmpb $0x0,(%rax,%r15,1) <-- trapping instruction 2f: 74 08 je 0x39 31: 48 89 df mov %rbx,%rdi 34: e8 21 8b ed ff callq 0xffed8b5a 39: f6 03 40 testb $0x40,(%rbx) 3c: 0f .byte 0xf 3d: 85 dc test %ebx,%esp 3f: 06 (bad)