ci2 starts bisection 2023-07-07 22:37:36.988645087 +0000 UTC m=+23650.569195475 bisecting fixing commit since d2869ace6eeb8ea8a6e70e6904524c5a6456d3fb building syzkaller on a4ae4f428721da42ac15f07d6f3b54584dedee27 ensuring issue is reproducible on original commit d2869ace6eeb8ea8a6e70e6904524c5a6456d3fb testing commit d2869ace6eeb8ea8a6e70e6904524c5a6456d3fb gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 99025af47e266c6680038d44d1e9ed1aaa72f89b7f9324ba99dcbb3bc37c33ac all runs: crashed: KASAN: user-memory-access Write in __destroy_inode representative crash: KASAN: user-memory-access Write in __destroy_inode, types: [KASAN] check whether we can drop unnecessary instrumentation disabling configs for [BUG LOCKDEP ATOMIC_SLEEP HANG LEAK UBSAN], they are not needed testing commit d2869ace6eeb8ea8a6e70e6904524c5a6456d3fb gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 76642f998b5200f2b7d861c517b45c95d7eada6ed2f9de6bd43abce6c3ce085b all runs: crashed: KASAN: user-memory-access Write in __destroy_inode representative crash: KASAN: user-memory-access Write in __destroy_inode, types: [KASAN] the bug reproduces without the instrumentation disabling configs for [ATOMIC_SLEEP HANG LEAK UBSAN BUG LOCKDEP], they are not needed testing current HEAD 61fd484b2cf6bc8022e8e5ea6f693a9991740ac2 testing commit 61fd484b2cf6bc8022e8e5ea6f693a9991740ac2 gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: f6de9c79b038977116014d7d9aeae46d2b68b6cfc33932d8f3f83ac9ecc79a93 all runs: crashed: KASAN: user-memory-access Write in __destroy_inode representative crash: KASAN: user-memory-access Write in __destroy_inode, types: [KASAN] crash still not fixed/happens on the oldest tested release revisions tested: 3, total time: 2h27m35.825803173s (build: 1h29m53.539696086s, test: 9m57.287683146s) crash still not fixed on HEAD or HEAD had kernel test errors commit msg: Linux 6.1.38 crash: KASAN: user-memory-access Write in __destroy_inode ================================================================== BUG: KASAN: user-memory-access in instrument_atomic_read_write include/linux/instrumented.h:102 [inline] BUG: KASAN: user-memory-access in atomic_fetch_sub_release include/linux/atomic/atomic-instrumented.h:176 [inline] BUG: KASAN: user-memory-access in __refcount_sub_and_test include/linux/refcount.h:272 [inline] BUG: KASAN: user-memory-access in __refcount_dec_and_test include/linux/refcount.h:315 [inline] BUG: KASAN: user-memory-access in refcount_dec_and_test include/linux/refcount.h:333 [inline] BUG: KASAN: user-memory-access in posix_acl_release include/linux/posix_acl.h:57 [inline] BUG: KASAN: user-memory-access in __destroy_inode+0x29b/0x3a0 fs/inode.c:296 Write of size 4 at addr 0000000b00000000 by task syz-executor.0/3897 CPU: 1 PID: 3897 Comm: syz-executor.0 Not tainted 6.1.38-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023 Call Trace: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x163/0x213 lib/dump_stack.c:106 print_report+0xe6/0x4f0 mm/kasan/report.c:398 kasan_report+0x136/0x160 mm/kasan/report.c:495 kasan_check_range+0x27f/0x290 mm/kasan/generic.c:189 instrument_atomic_read_write include/linux/instrumented.h:102 [inline] atomic_fetch_sub_release include/linux/atomic/atomic-instrumented.h:176 [inline] __refcount_sub_and_test include/linux/refcount.h:272 [inline] __refcount_dec_and_test include/linux/refcount.h:315 [inline] refcount_dec_and_test include/linux/refcount.h:333 [inline] posix_acl_release include/linux/posix_acl.h:57 [inline] __destroy_inode+0x29b/0x3a0 fs/inode.c:296 destroy_inode fs/inode.c:307 [inline] evict+0x544/0x630 fs/inode.c:679 dispose_list fs/inode.c:697 [inline] evict_inodes+0x52c/0x590 fs/inode.c:747 generic_shutdown_super+0x8e/0x2d0 fs/super.c:480 kill_block_super+0x75/0xb0 fs/super.c:1450 deactivate_locked_super+0x71/0xd0 fs/super.c:332 cleanup_mnt+0x2bd/0x330 fs/namespace.c:1186 task_work_run+0x206/0x280 kernel/task_work.c:179 resume_user_mode_work include/linux/resume_user_mode.h:49 [inline] exit_to_user_mode_loop+0xd9/0x100 kernel/entry/common.c:171 exit_to_user_mode_prepare+0xa2/0x100 kernel/entry/common.c:204 __syscall_exit_to_user_mode_work kernel/entry/common.c:286 [inline] syscall_exit_to_user_mode+0x5e/0x210 kernel/entry/common.c:297 do_syscall_64+0x49/0xb0 arch/x86/entry/common.c:86 entry_SYSCALL_64_after_hwframe+0x63/0xcd RIP: 0033:0x7f399ae8d5d7 Code: ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ffdaf34f058 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f399ae8d5d7 RDX: 00007ffdaf34f129 RSI: 000000000000000a RDI: 00007ffdaf34f120 RBP: 00007ffdaf34f120 R08: 00000000ffffffff R09: 00007ffdaf34eef0 R10: 00005555556ad893 R11: 0000000000000246 R12: 00007f399aee6cdc R13: 00007ffdaf3501e0 R14: 00005555556ad810 R15: 00007ffdaf350220 ==================================================================