ci starts bisection 2024-08-11 15:15:45.314486258 +0000 UTC m=+130871.047001749 bisecting cause commit starting from 5189dafa4cf950e675f02ee04b577dfbbad0d9b1 building syzkaller on 6f4edef43e90da260aa93c16da223a2a5569c978 ensuring issue is reproducible on original commit 5189dafa4cf950e675f02ee04b577dfbbad0d9b1 testing commit 5189dafa4cf950e675f02ee04b577dfbbad0d9b1 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: f7554693c1e30f3516ad8781cbf2ab814a7ce27fc087c8f55a831930da0edbe7 all runs: crashed: general protection fault in iter_file_splice_write representative crash: general protection fault in iter_file_splice_write, types: [UNKNOWN] check whether we can drop unnecessary instrumentation disabling configs for [UBSAN BUG KASAN LOCKDEP ATOMIC_SLEEP HANG LEAK], they are not needed testing commit 5189dafa4cf950e675f02ee04b577dfbbad0d9b1 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: d495f33f5c6057a68fdc53a4068b368dabce48b19fbc26fe636e790b11db904e all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in iter_file_splice_write representative crash: BUG: unable to handle kernel NULL pointer dereference in iter_file_splice_write, types: [UNKNOWN] the bug reproduces without the instrumentation disabling configs for [LOCKDEP ATOMIC_SLEEP HANG LEAK UBSAN BUG KASAN], they are not needed kconfig minimization: base=4001 full=8136 leaves diff=2114 split chunks (needed=false): <2114> split chunk #0 of len 2114 into 5 parts testing without sub-chunk 1/5 disabling configs for [HANG LEAK UBSAN BUG KASAN LOCKDEP ATOMIC_SLEEP], they are not needed testing commit 5189dafa4cf950e675f02ee04b577dfbbad0d9b1 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 4890daa8c2bcc20cba88a4af3ce17e33a426f4a552511dc4939e92820fce3a9d all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in iter_file_splice_write representative crash: BUG: unable to handle kernel NULL pointer dereference in iter_file_splice_write, types: [UNKNOWN] the chunk can be dropped testing without sub-chunk 2/5 disabling configs for [HANG LEAK UBSAN BUG KASAN LOCKDEP ATOMIC_SLEEP], they are not needed testing commit 5189dafa4cf950e675f02ee04b577dfbbad0d9b1 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 53af4b9e4128d46bcbcad9e967bbb903472f98af531343de6c7b1ece56cb5595 all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in iter_file_splice_write representative crash: BUG: unable to handle kernel NULL pointer dereference in iter_file_splice_write, types: [UNKNOWN] the chunk can be dropped testing without sub-chunk 3/5 disabling configs for [LOCKDEP ATOMIC_SLEEP HANG LEAK UBSAN BUG KASAN], they are not needed testing commit 5189dafa4cf950e675f02ee04b577dfbbad0d9b1 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 23cb45b1fb7827fcd3cb000625a6a4e1e21b21e25e90ce21142a11552b756842 all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in iter_file_splice_write representative crash: BUG: unable to handle kernel NULL pointer dereference in iter_file_splice_write, types: [UNKNOWN] the chunk can be dropped testing without sub-chunk 4/5 disabling configs for [UBSAN BUG KASAN LOCKDEP ATOMIC_SLEEP HANG LEAK], they are not needed testing commit 5189dafa4cf950e675f02ee04b577dfbbad0d9b1 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: b11bd3502e058d5258fab97a210e3dd05f7b768ac1532be7ab5d7ee874846ff4 run #0: crashed: BUG: unable to handle kernel NULL pointer dereference in iter_file_splice_write run #1: crashed: BUG: unable to handle kernel NULL pointer dereference in iter_file_splice_write run #2: crashed: BUG: unable to handle kernel NULL pointer dereference in iter_file_splice_write run #3: crashed: BUG: unable to handle kernel NULL pointer dereference in iter_file_splice_write run #4: crashed: BUG: unable to handle kernel NULL pointer dereference in iter_file_splice_write run #5: crashed: BUG: unable to handle kernel NULL pointer dereference in iter_file_splice_write run #6: OK run #7: OK run #8: OK run #9: OK representative crash: BUG: unable to handle kernel NULL pointer dereference in iter_file_splice_write, types: [UNKNOWN] the chunk can be dropped testing without sub-chunk 5/5 disabling configs for [BUG KASAN LOCKDEP ATOMIC_SLEEP HANG LEAK UBSAN], they are not needed testing commit 5189dafa4cf950e675f02ee04b577dfbbad0d9b1 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: f5e5f3b4ca4a1b82f407579c763150872b7659a168b2904620a7963fef9db733 run #0: crashed: BUG: unable to handle kernel NULL pointer dereference in iter_file_splice_write run #1: crashed: BUG: unable to handle kernel NULL pointer dereference in iter_file_splice_write run #2: crashed: BUG: unable to handle kernel NULL pointer dereference in iter_file_splice_write run #3: crashed: BUG: unable to handle kernel NULL pointer dereference in iter_file_splice_write run #4: crashed: BUG: unable to handle kernel NULL pointer dereference in iter_file_splice_write run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK representative crash: BUG: unable to handle kernel NULL pointer dereference in iter_file_splice_write, types: [UNKNOWN] the chunk can be dropped disabling configs for [LEAK UBSAN BUG KASAN LOCKDEP ATOMIC_SLEEP HANG], they are not needed picked [v6.10 v6.9 v6.8 v6.6 v6.4 v6.2 v6.0 v5.18 v5.15 v5.12 v5.9 v5.6 v5.3 v5.0 v4.19] out of 33 release tags testing release v6.10 testing commit 0c3836482481200ead7b416ca80c68a29cfdaabd gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: da0e2c74b320e2d6c37bb2acb856e6ee719ab839c3856cf2e7549495c40814d2 run #0: crashed: BUG: unable to handle kernel NULL pointer dereference in iter_file_splice_write run #1: crashed: BUG: unable to handle kernel NULL pointer dereference in iter_file_splice_write run #2: crashed: BUG: unable to handle kernel NULL pointer dereference in iter_file_splice_write run #3: crashed: BUG: unable to handle kernel NULL pointer dereference in iter_file_splice_write run #4: crashed: BUG: unable to handle kernel NULL pointer dereference in iter_file_splice_write run #5: OK run #6: crashed: BUG: unable to handle kernel NULL pointer dereference in iter_file_splice_write run #7: OK run #8: OK run #9: OK representative crash: BUG: unable to handle kernel NULL pointer dereference in iter_file_splice_write, types: [UNKNOWN] testing release v6.9 testing commit a38297e3fb012ddfa7ce0321a7e5a8daeb1872b6 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: c7f319b322a27a829434be18de670c0414bace5d2c9ebf88a7fbdd16da0c8c66 all runs: OK false negative chance: 0.001 # git bisect start 0c3836482481200ead7b416ca80c68a29cfdaabd a38297e3fb012ddfa7ce0321a7e5a8daeb1872b6 Bisecting: 7190 revisions left to test after this (roughly 13 steps) [33e02dc69afbd8f1b85a51d74d72f139ba4ca623] Merge tag 'sound-6.10-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound testing commit 33e02dc69afbd8f1b85a51d74d72f139ba4ca623 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 948a69ce48e2bfc18d4648667b9d63c005212692e3ca49740c8a2f205ef059d5 run #0: crashed: BUG: unable to handle kernel NULL pointer dereference in iter_file_splice_write run #1: crashed: BUG: unable to handle kernel NULL pointer dereference in iter_file_splice_write run #2: crashed: BUG: unable to handle kernel NULL pointer dereference in iter_file_splice_write run #3: crashed: BUG: unable to handle kernel NULL pointer dereference in iter_file_splice_write run #4: crashed: BUG: unable to handle kernel NULL pointer dereference in iter_file_splice_write run #5: crashed: BUG: unable to handle kernel NULL pointer dereference in iter_file_splice_write run #6: crashed: BUG: unable to handle kernel NULL pointer dereference in iter_file_splice_write run #7: OK run #8: OK run #9: OK representative crash: BUG: unable to handle kernel NULL pointer dereference in iter_file_splice_write, types: [UNKNOWN] # git bisect bad 33e02dc69afbd8f1b85a51d74d72f139ba4ca623 Bisecting: 4252 revisions left to test after this (roughly 12 steps) [b850dc206a57ae272c639e31ac202ec0c2f46960] Merge tag 'firewire-updates-6.10' of git://git.kernel.org/pub/scm/linux/kernel/git/ieee1394/linux1394 testing commit b850dc206a57ae272c639e31ac202ec0c2f46960 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 20b7636a9a3370ece73f90460145c867619d4cb5b39c6bd7a822a1af46924d42 run #0: crashed: BUG: unable to handle kernel NULL pointer dereference in iter_file_splice_write run #1: crashed: BUG: unable to handle kernel NULL pointer dereference in iter_file_splice_write run #2: crashed: BUG: unable to handle kernel NULL pointer dereference in iter_file_splice_write run #3: crashed: BUG: unable to handle kernel NULL pointer dereference in iter_file_splice_write run #4: crashed: BUG: unable to handle kernel NULL pointer dereference in iter_file_splice_write run #5: crashed: BUG: unable to handle kernel NULL pointer dereference in iter_file_splice_write run #6: crashed: BUG: unable to handle kernel NULL pointer dereference in iter_file_splice_write run #7: crashed: BUG: unable to handle kernel NULL pointer dereference in iter_file_splice_write run #8: OK run #9: OK representative crash: BUG: unable to handle kernel NULL pointer dereference in iter_file_splice_write, types: [UNKNOWN] # git bisect bad b850dc206a57ae272c639e31ac202ec0c2f46960 Bisecting: 1559 revisions left to test after this (roughly 11 steps) [59729c8a76544d9d7651287a5d28c5bf7fc9fccc] Merge tag 'tag-chrome-platform-for-v6.10' of git://git.kernel.org/pub/scm/linux/kernel/git/chrome-platform/linux testing commit 59729c8a76544d9d7651287a5d28c5bf7fc9fccc gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 203070720f52554b52889b8cb91c58f7e83e899dad041b0d1d3ebce6b08b0925 run #0: crashed: BUG: unable to handle kernel NULL pointer dereference in iter_file_splice_write run #1: crashed: BUG: unable to handle kernel NULL pointer dereference in iter_file_splice_write run #2: crashed: BUG: unable to handle kernel NULL pointer dereference in iter_file_splice_write run #3: crashed: BUG: unable to handle kernel NULL pointer dereference in iter_file_splice_write run #4: crashed: BUG: unable to handle kernel NULL pointer dereference in iter_file_splice_write run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK representative crash: BUG: unable to handle kernel NULL pointer dereference in iter_file_splice_write, types: [UNKNOWN] # git bisect bad 59729c8a76544d9d7651287a5d28c5bf7fc9fccc Bisecting: 732 revisions left to test after this (roughly 10 steps) [14a60290edf6d947b9e2210f7a223bcc6af1716a] Merge tag 'soc-drivers-6.10' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc testing commit 14a60290edf6d947b9e2210f7a223bcc6af1716a gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 028d0141f9d5042e9033acbcdba489708ac175878e6197f995d9039cb7e974e3 all runs: OK false negative chance: 0.001 # git bisect good 14a60290edf6d947b9e2210f7a223bcc6af1716a Bisecting: 402 revisions left to test after this (roughly 9 steps) [f4e8d80292859809ea135e9f4c43bae47e4f58bc] Merge tag 'vfs-6.10.rw' of git://git.kernel.org/pub/scm/linux/kernel/git/vfs/vfs testing commit f4e8d80292859809ea135e9f4c43bae47e4f58bc gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 6b2930bc0e480a527209f9d7b292eaee257b46929acda029edda7772b5988135 run #0: crashed: BUG: unable to handle kernel NULL pointer dereference in iter_file_splice_write run #1: crashed: BUG: unable to handle kernel NULL pointer dereference in iter_file_splice_write run #2: crashed: BUG: unable to handle kernel NULL pointer dereference in iter_file_splice_write run #3: crashed: BUG: unable to handle kernel NULL pointer dereference in iter_file_splice_write run #4: crashed: BUG: unable to handle kernel NULL pointer dereference in iter_file_splice_write run #5: crashed: BUG: unable to handle kernel NULL pointer dereference in iter_file_splice_write run #6: OK run #7: OK run #8: OK run #9: OK representative crash: BUG: unable to handle kernel NULL pointer dereference in iter_file_splice_write, types: [UNKNOWN] # git bisect bad f4e8d80292859809ea135e9f4c43bae47e4f58bc Bisecting: 150 revisions left to test after this (roughly 7 steps) [b19239143e393d4b52b3b9a17c7ac07138f2cfd4] Merge tag 'tpmdd-next-6.10-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/jarkko/linux-tpmdd testing commit b19239143e393d4b52b3b9a17c7ac07138f2cfd4 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 1e08c92bc0d906e44d75e7a602a1765645bee541b961a70dc1256f5768f223c4 all runs: OK false negative chance: 0.001 # git bisect good b19239143e393d4b52b3b9a17c7ac07138f2cfd4 Bisecting: 54 revisions left to test after this (roughly 6 steps) [1b0aabcc9a35e729a6c7ce71e725fd63513b35de] Merge tag 'vfs-6.10.misc' of git://git.kernel.org/pub/scm/linux/kernel/git/vfs/vfs testing commit 1b0aabcc9a35e729a6c7ce71e725fd63513b35de gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: e6ac5fa6757701d6db0e80ff0ddaa127df29345f06547828bd6422005359b634 all runs: OK false negative chance: 0.001 # git bisect good 1b0aabcc9a35e729a6c7ce71e725fd63513b35de Bisecting: 27 revisions left to test after this (roughly 5 steps) [56257334e8e0075515aedc44044a5585dcf7f465] cifs: Make wait_mtu_credits take size_t args testing commit 56257334e8e0075515aedc44044a5585dcf7f465 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 10b17ee73db50207d6ba6396421e789f6db3f60338ce0815ab78e12c0e4ae89e run #0: crashed: BUG: unable to handle kernel NULL pointer dereference in iter_file_splice_write run #1: crashed: BUG: unable to handle kernel NULL pointer dereference in iter_file_splice_write run #2: crashed: BUG: unable to handle kernel NULL pointer dereference in iter_file_splice_write run #3: crashed: BUG: unable to handle kernel NULL pointer dereference in iter_file_splice_write run #4: crashed: BUG: unable to handle kernel NULL pointer dereference in iter_file_splice_write run #5: crashed: BUG: unable to handle kernel NULL pointer dereference in iter_file_splice_write run #6: OK run #7: OK run #8: OK run #9: OK representative crash: BUG: unable to handle kernel NULL pointer dereference in iter_file_splice_write, types: [UNKNOWN] # git bisect bad 56257334e8e0075515aedc44044a5585dcf7f465 Bisecting: 13 revisions left to test after this (roughly 4 steps) [7ba167c4c73ed96eb002c98a9d7d49317dfb0191] netfs: Switch to using unsigned long long rather than loff_t testing commit 7ba167c4c73ed96eb002c98a9d7d49317dfb0191 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 0780052c4de0296ba65ed828f3c9061c5495facb135a5a1af91831d46782da7a all runs: OK false negative chance: 0.001 # git bisect good 7ba167c4c73ed96eb002c98a9d7d49317dfb0191 Bisecting: 6 revisions left to test after this (roughly 3 steps) [c245868524cc6e4954dd26588aade08e2cc405d0] netfs: Remove the old writeback code testing commit c245868524cc6e4954dd26588aade08e2cc405d0 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 56b0456a6e11696acc3ce116c96187942e18d831295cde8d7d96883f595dbc7a run #0: crashed: BUG: unable to handle kernel NULL pointer dereference in iter_file_splice_write run #1: crashed: BUG: unable to handle kernel NULL pointer dereference in iter_file_splice_write run #2: crashed: BUG: unable to handle kernel NULL pointer dereference in iter_file_splice_write run #3: OK run #4: crashed: BUG: unable to handle kernel NULL pointer dereference in iter_file_splice_write run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK representative crash: BUG: unable to handle kernel NULL pointer dereference in iter_file_splice_write, types: [UNKNOWN] # git bisect bad c245868524cc6e4954dd26588aade08e2cc405d0 Bisecting: 3 revisions left to test after this (roughly 2 steps) [ed22e1dbf831bbc747a726b7c1f924c18c1ad350] netfs, afs: Implement helpers for new write code testing commit ed22e1dbf831bbc747a726b7c1f924c18c1ad350 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 9f5c35240254583531a38d9a46c6603c838e5c4f51b4c0d7d0f12eb96a77e215 all runs: OK false negative chance: 0.000 # git bisect good ed22e1dbf831bbc747a726b7c1f924c18c1ad350 Bisecting: 1 revision left to test after this (roughly 1 step) [64e64e6c18c6bc7767ea6f2762c87c9ac981f2d1] netfs, cachefiles: Implement helpers for new write code testing commit 64e64e6c18c6bc7767ea6f2762c87c9ac981f2d1 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 7178e52835befd56bf526020e18bc8164208e25eb1897fd6ab65e061939a9e8e all runs: OK false negative chance: 0.000 # git bisect good 64e64e6c18c6bc7767ea6f2762c87c9ac981f2d1 Bisecting: 0 revisions left to test after this (roughly 0 steps) [2df86547b23dabcd02ab000a24ed7813606c269f] netfs: Cut over to using new writeback code testing commit 2df86547b23dabcd02ab000a24ed7813606c269f gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: e7de76722753024090181e273a748c7aa7a12eb2662bfd18a636b4ee1bfb835e run #0: crashed: BUG: unable to handle kernel NULL pointer dereference in iter_file_splice_write run #1: crashed: BUG: unable to handle kernel NULL pointer dereference in iter_file_splice_write run #2: crashed: BUG: unable to handle kernel NULL pointer dereference in iter_file_splice_write run #3: crashed: BUG: unable to handle kernel NULL pointer dereference in iter_file_splice_write run #4: crashed: BUG: unable to handle kernel NULL pointer dereference in iter_file_splice_write run #5: crashed: BUG: unable to handle kernel NULL pointer dereference in iter_file_splice_write run #6: crashed: BUG: unable to handle kernel NULL pointer dereference in iter_file_splice_write run #7: crashed: BUG: unable to handle kernel NULL pointer dereference in iter_file_splice_write run #8: crashed: BUG: unable to handle kernel NULL pointer dereference in iter_file_splice_write run #9: crashed: BUG: unable to handle kernel NULL pointer dereference in iter_file_splice_write run #10: crashed: BUG: unable to handle kernel NULL pointer dereference in iter_file_splice_write run #11: crashed: BUG: unable to handle kernel NULL pointer dereference in iter_file_splice_write run #12: OK run #13: OK run #14: OK run #15: OK run #16: OK run #17: OK run #18: OK run #19: OK representative crash: BUG: unable to handle kernel NULL pointer dereference in iter_file_splice_write, types: [UNKNOWN] # git bisect bad 2df86547b23dabcd02ab000a24ed7813606c269f 2df86547b23dabcd02ab000a24ed7813606c269f is the first bad commit commit 2df86547b23dabcd02ab000a24ed7813606c269f Author: David Howells Date: Fri Mar 8 12:36:05 2024 +0000 netfs: Cut over to using new writeback code Cut over to using the new writeback code. The old code is #ifdef'd out or otherwise removed from compilation to avoid conflicts and will be removed in a future patch. Signed-off-by: David Howells Reviewed-by: Jeff Layton cc: Eric Van Hensbergen cc: Latchesar Ionkov cc: Dominique Martinet cc: Christian Schoenebeck cc: Marc Dionne cc: v9fs@lists.linux.dev cc: linux-afs@lists.infradead.org cc: netfs@lists.linux.dev cc: linux-fsdevel@vger.kernel.org fs/9p/vfs_addr.c | 6 ++---- fs/afs/file.c | 3 +-- fs/afs/internal.h | 1 - fs/afs/write.c | 2 ++ fs/netfs/Makefile | 1 - fs/netfs/buffered_write.c | 45 ++++++++++++++++++++++++--------------------- fs/netfs/direct_write.c | 26 ++++++++++++++------------ fs/netfs/internal.h | 21 ++++++--------------- fs/netfs/write_collect.c | 8 ++++---- fs/netfs/write_issue.c | 18 +++++++++--------- include/linux/netfs.h | 9 --------- 11 files changed, 62 insertions(+), 78 deletions(-) accumulated error probability: 0.00 culprit signature: e7de76722753024090181e273a748c7aa7a12eb2662bfd18a636b4ee1bfb835e parent signature: 7178e52835befd56bf526020e18bc8164208e25eb1897fd6ab65e061939a9e8e reproducer is flaky (0.45 repro chance estimate) revisions tested: 22, total time: 7h26m34.804019586s (build: 3h15m10.703518262s, test: 3h55m9.85436353s) first bad commit: 2df86547b23dabcd02ab000a24ed7813606c269f netfs: Cut over to using new writeback code recipients (to): ["asmadeus@codewreck.org" "dhowells@redhat.com" "dhowells@redhat.com" "ericvh@kernel.org" "jlayton@kernel.org" "linux-afs@lists.infradead.org" "linux-fsdevel@vger.kernel.org" "lucho@ionkov.net" "marc.dionne@auristor.com" "netfs@lists.linux.dev" "v9fs@lists.linux.dev"] recipients (cc): ["jlayton@kernel.org" "linux-kernel@vger.kernel.org" "linux_oss@crudebyte.com"] crash: BUG: unable to handle kernel NULL pointer dereference in iter_file_splice_write BUG: kernel NULL pointer dereference, address: 0000000000000008 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 10af44067 P4D 10af44067 PUD 109b5b067 PMD 0 Oops: 0000 [#1] PREEMPT SMP NOPTI CPU: 1 PID: 26177 Comm: syz.0.8524 Not tainted 6.9.0-rc6-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 RIP: 0010:pipe_buf_release include/linux/pipe_fs_i.h:219 [inline] RIP: 0010:iter_file_splice_write+0x44a/0x5d0 fs/splice.c:759 Code: 8d 4c d0 0c 44 8b 64 d0 0c 4d 39 e6 0f 8c d4 fc ff ff 48 8d 34 d0 c7 01 00 00 00 00 48 8b 4c d0 10 48 c7 44 d0 10 00 00 00 00 <4c> 8b 59 08 4c 89 ef e8 ea 38 96 00 ff c3 41 83 bd 4c 01 00 00 00 RSP: 0018:ffffc90003cb7c68 EFLAGS: 00010206 RAX: ffff8881066bfc00 RBX: 0000000000000001 RCX: 0000000000000000 RDX: 0000000000000005 RSI: ffff8881066bfc28 RDI: ffff888100aa5800 RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000 R10: 0000000000000000 R11: ffffffff81261ac0 R12: 0000000000000000 R13: ffff888100aa5800 R14: 7ffffffffffffffa R15: 7fffffffffffffff FS: 00007f3dc0cb96c0(0000) GS:ffff888237d00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000008 CR3: 000000010b3a6000 CR4: 0000000000350ef0 Call Trace: do_splice_from fs/splice.c:941 [inline] direct_splice_actor+0xc7/0x1f0 fs/splice.c:1164 splice_direct_to_actor+0x139/0x2d0 fs/splice.c:1108 do_splice_direct_actor fs/splice.c:1207 [inline] do_splice_direct+0x73/0xc0 fs/splice.c:1233 do_sendfile+0x275/0x410 fs/read_write.c:1295 __do_sys_sendfile64 fs/read_write.c:1362 [inline] __se_sys_sendfile64 fs/read_write.c:1348 [inline] __x64_sys_sendfile64+0x9a/0xd0 fs/read_write.c:1348 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0x8f/0x170 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f3dc12319f9 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f3dc0cb9038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 RAX: ffffffffffffffda RBX: 00007f3dc13bff80 RCX: 00007f3dc12319f9 RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000007 RBP: 00007f3dc129f8ee R08: 0000000000000000 R09: 0000000000000000 R10: 000000007ffff000 R11: 0000000000000246 R12: 0000000000000000 R13: 0000000000000000 R14: 00007f3dc13bff80 R15: 00007ffcb2129ef8 Modules linked in: CR2: 0000000000000008 ---[ end trace 0000000000000000 ]--- RIP: 0010:pipe_buf_release include/linux/pipe_fs_i.h:219 [inline] RIP: 0010:iter_file_splice_write+0x44a/0x5d0 fs/splice.c:759 Code: 8d 4c d0 0c 44 8b 64 d0 0c 4d 39 e6 0f 8c d4 fc ff ff 48 8d 34 d0 c7 01 00 00 00 00 48 8b 4c d0 10 48 c7 44 d0 10 00 00 00 00 <4c> 8b 59 08 4c 89 ef e8 ea 38 96 00 ff c3 41 83 bd 4c 01 00 00 00 RSP: 0018:ffffc90003cb7c68 EFLAGS: 00010206 RAX: ffff8881066bfc00 RBX: 0000000000000001 RCX: 0000000000000000 RDX: 0000000000000005 RSI: ffff8881066bfc28 RDI: ffff888100aa5800 RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000 R10: 0000000000000000 R11: ffffffff81261ac0 R12: 0000000000000000 R13: ffff888100aa5800 R14: 7ffffffffffffffa R15: 7fffffffffffffff FS: 00007f3dc0cb96c0(0000) GS:ffff888237d00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000008 CR3: 000000010b3a6000 CR4: 0000000000350ef0 ---------------- Code disassembly (best guess): 0: 8d 4c d0 0c lea 0xc(%rax,%rdx,8),%ecx 4: 44 8b 64 d0 0c mov 0xc(%rax,%rdx,8),%r12d 9: 4d 39 e6 cmp %r12,%r14 c: 0f 8c d4 fc ff ff jl 0xfffffce6 12: 48 8d 34 d0 lea (%rax,%rdx,8),%rsi 16: c7 01 00 00 00 00 movl $0x0,(%rcx) 1c: 48 8b 4c d0 10 mov 0x10(%rax,%rdx,8),%rcx 21: 48 c7 44 d0 10 00 00 movq $0x0,0x10(%rax,%rdx,8) 28: 00 00 * 2a: 4c 8b 59 08 mov 0x8(%rcx),%r11 <-- trapping instruction 2e: 4c 89 ef mov %r13,%rdi 31: e8 ea 38 96 00 call 0x963920 36: ff c3 inc %ebx 38: 41 83 bd 4c 01 00 00 cmpl $0x0,0x14c(%r13) 3f: 00