ci starts bisection 2023-06-24 18:15:44.92379917 +0000 UTC m=+387210.585285586 bisecting fixing commit since 0dd2a6fb1e34d6dcb96806bc6b111388ad324722 building syzkaller on 4bce1a3e705a8b62de8194bdb28f5eef89c8feec ensuring issue is reproducible on original commit 0dd2a6fb1e34d6dcb96806bc6b111388ad324722 testing commit 0dd2a6fb1e34d6dcb96806bc6b111388ad324722 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: ca0d8cb3cd06168a09a8b55128fcdb176f2bed71eb25defef277502e5f5acd8f run #0: crashed: general protection fault in folio_create_empty_buffers run #1: crashed: general protection fault in folio_create_empty_buffers run #2: crashed: general protection fault in folio_create_empty_buffers run #3: crashed: general protection fault in folio_create_empty_buffers run #4: crashed: general protection fault in folio_create_empty_buffers run #5: crashed: general protection fault in folio_create_empty_buffers run #6: crashed: general protection fault in folio_create_empty_buffers run #7: crashed: general protection fault in folio_create_empty_buffers run #8: crashed: general protection fault in folio_create_empty_buffers run #9: crashed: general protection fault in folio_create_empty_buffers run #10: crashed: general protection fault in folio_create_empty_buffers run #11: crashed: general protection fault in folio_create_empty_buffers run #12: crashed: general protection fault in folio_create_empty_buffers run #13: crashed: general protection fault in folio_create_empty_buffers run #14: crashed: general protection fault in folio_create_empty_buffers run #15: crashed: general protection fault in folio_create_empty_buffers run #16: crashed: general protection fault in folio_create_empty_buffers run #17: crashed: general protection fault in folio_create_empty_buffers run #18: OK run #19: OK testing current HEAD a92b7d26c743b9dc06d520f863d624e94978a1d9 testing commit a92b7d26c743b9dc06d520f863d624e94978a1d9 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 771fcee254313d1df315b7c1f423fa882077f9353ea80082dbbfa733b50f56e6 run #0: crashed: general protection fault in folio_create_empty_buffers run #1: crashed: general protection fault in folio_create_empty_buffers run #2: crashed: general protection fault in folio_create_empty_buffers run #3: crashed: general protection fault in folio_create_empty_buffers run #4: crashed: general protection fault in folio_create_empty_buffers run #5: crashed: general protection fault in folio_create_empty_buffers run #6: crashed: general protection fault in folio_create_empty_buffers run #7: crashed: general protection fault in folio_create_empty_buffers run #8: crashed: general protection fault in folio_create_empty_buffers run #9: OK crash still not fixed/happens on the oldest tested release revisions tested: 2, total time: 36m26.912314842s (build: 18m14.41585206s, test: 17m15.201608899s) crash still not fixed on HEAD or HEAD had kernel test errors commit msg: Merge tag 'drm-fixes-2023-06-23' of git://anongit.freedesktop.org/drm/drm crash: general protection fault in folio_create_empty_buffers general protection fault, probably for non-canonical address 0xdffffc000000003d: 0000 [#1] PREEMPT SMP KASAN KASAN: null-ptr-deref in range [0x00000000000001e8-0x00000000000001ef] CPU: 0 PID: 12808 Comm: segctord Not tainted 6.4.0-rc7-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023 RIP: 0010:__lock_acquire+0xe01/0x5f30 kernel/locking/lockdep.c:4956 Code: 00 00 3b 05 31 f0 4e 0e 0f 87 7a 09 00 00 41 be 01 00 00 00 e9 84 00 00 00 48 b8 00 00 00 00 00 fc ff df 4c 89 e2 48 c1 ea 03 <80> 3c 02 00 0f 85 9e 33 00 00 49 81 3c 24 20 88 02 8f 0f 84 cd f2 RSP: 0018:ffffc90003fd7638 EFLAGS: 00010012 RAX: dffffc0000000000 RBX: 1ffff920007faef8 RCX: 0000000000000000 RDX: 000000000000003d RSI: 0000000000000000 RDI: 00000000000001e8 RBP: ffff888024649dc0 R08: 0000000000000001 R09: 0000000000000000 R10: 0000000000000001 R11: 0000000000086001 R12: 00000000000001e8 R13: 0000000000000000 R14: 00000000000001e8 R15: 0000000000000000 FS: 0000000000000000(0000) GS:ffff8880b9a00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f63e23fe718 CR3: 000000007e00b000 CR4: 0000000000350ef0 Call Trace: lock_acquire kernel/locking/lockdep.c:5705 [inline] lock_acquire+0x1b1/0x520 kernel/locking/lockdep.c:5670 __raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline] _raw_spin_lock+0x2e/0x40 kernel/locking/spinlock.c:154 spin_lock include/linux/spinlock.h:350 [inline] folio_create_empty_buffers+0x98/0x3b0 fs/buffer.c:1615 nilfs_lookup_dirty_data_buffers+0x432/0x590 fs/nilfs2/segment.c:730 nilfs_segctor_scan_file+0x185/0x6c0 fs/nilfs2/segment.c:1080 nilfs_segctor_collect_blocks fs/nilfs2/segment.c:1202 [inline] nilfs_segctor_collect fs/nilfs2/segment.c:1529 [inline] nilfs_segctor_do_construct+0x25c1/0x6500 fs/nilfs2/segment.c:2077 nilfs_segctor_construct+0x73a/0x930 fs/nilfs2/segment.c:2411 nilfs_segctor_thread_construct fs/nilfs2/segment.c:2519 [inline] nilfs_segctor_thread+0x370/0xd40 fs/nilfs2/segment.c:2602 kthread+0x2f0/0x3d0 kernel/kthread.c:379 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308 Modules linked in: ---[ end trace 0000000000000000 ]--- RIP: 0010:__lock_acquire+0xe01/0x5f30 kernel/locking/lockdep.c:4956 Code: 00 00 3b 05 31 f0 4e 0e 0f 87 7a 09 00 00 41 be 01 00 00 00 e9 84 00 00 00 48 b8 00 00 00 00 00 fc ff df 4c 89 e2 48 c1 ea 03 <80> 3c 02 00 0f 85 9e 33 00 00 49 81 3c 24 20 88 02 8f 0f 84 cd f2 RSP: 0018:ffffc90003fd7638 EFLAGS: 00010012 RAX: dffffc0000000000 RBX: 1ffff920007faef8 RCX: 0000000000000000 RDX: 000000000000003d RSI: 0000000000000000 RDI: 00000000000001e8 RBP: ffff888024649dc0 R08: 0000000000000001 R09: 0000000000000000 R10: 0000000000000001 R11: 0000000000086001 R12: 00000000000001e8 R13: 0000000000000000 R14: 00000000000001e8 R15: 0000000000000000 FS: 0000000000000000(0000) GS:ffff8880b9a00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f63e23fe718 CR3: 000000007e00b000 CR4: 0000000000350ef0 ---------------- Code disassembly (best guess): 0: 00 00 add %al,(%rax) 2: 3b 05 31 f0 4e 0e cmp 0xe4ef031(%rip),%eax # 0xe4ef039 8: 0f 87 7a 09 00 00 ja 0x988 e: 41 be 01 00 00 00 mov $0x1,%r14d 14: e9 84 00 00 00 jmpq 0x9d 19: 48 b8 00 00 00 00 00 movabs $0xdffffc0000000000,%rax 20: fc ff df 23: 4c 89 e2 mov %r12,%rdx 26: 48 c1 ea 03 shr $0x3,%rdx * 2a: 80 3c 02 00 cmpb $0x0,(%rdx,%rax,1) <-- trapping instruction 2e: 0f 85 9e 33 00 00 jne 0x33d2 34: 49 81 3c 24 20 88 02 cmpq $0xffffffff8f028820,(%r12) 3b: 8f 3c: 0f .byte 0xf 3d: 84 cd test %cl,%ch 3f: f2 repnz