ci starts bisection 2023-11-18 17:19:38.706281734 +0000 UTC m=+430941.681447567 bisecting fixing commit since 28f20a19294da7df158dfca259d0e2b5866baaf9 building syzkaller on 03d9c195daed8fca30b642783f35657aa7e32209 ensuring issue is reproducible on original commit 28f20a19294da7df158dfca259d0e2b5866baaf9 testing commit 28f20a19294da7df158dfca259d0e2b5866baaf9 gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 077608847887dfde2c6b7cf55142ef7f4e0b9965ab5a60c98e4513fb6d330d15 run #0: crashed: general protection fault in psi_task_change run #1: crashed: general protection fault in debug_check_no_obj_freed run #2: crashed: BUG: unable to handle kernel paging request in __tlb_remove_page_size run #3: crashed: general protection fault in debug_check_no_obj_freed run #4: crashed: general protection fault in __call_rcu_common run #5: crashed: general protection fault in update_blocked_averages run #6: crashed: general protection fault in rcu_core run #7: crashed: general protection fault in corrupted run #8: crashed: general protection fault in __hrtimer_run_queues run #9: crashed: WARNING: locking bug in ext4_finish_bio run #10: crashed: general protection fault in __hrtimer_run_queues run #11: crashed: WARNING: locking bug in psi_account_irqtime run #12: crashed: general protection fault in rcu_core run #13: crashed: general protection fault in corrupted run #14: crashed: general protection fault in debug_check_no_obj_freed run #15: crashed: general protection fault in rcu_core run #16: crashed: general protection fault in __send_signal_locked run #17: crashed: general protection fault in cpuacct_account_field run #18: crashed: general protection fault in ext4_sb_block_valid run #19: basic kernel testing failed: failed to copy binary to VM: failed to run ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "-v" "/tmp/syz-executor3251004711" "root@10.128.1.169:./syz-executor3251004711"]: exit status 255 Executing: program /usr/bin/ssh host 10.128.1.169, user root, command sftp OpenSSH_9.2p1 Debian-2, OpenSSL 3.0.9 30 May 2023 debug1: Reading configuration data /dev/null debug1: Connecting to 10.128.1.169 [10.128.1.169] port 22. debug1: connect to address 10.128.1.169 port 22: Connection timed out ssh: connect to host 10.128.1.169 port 22: Connection timed out scp: Connection closed representative crash: general protection fault in psi_task_change, types: [UNKNOWN] check whether we can drop unnecessary instrumentation disabling configs for [LOCKDEP ATOMIC_SLEEP HANG LEAK UBSAN BUG KASAN], they are not needed testing commit 28f20a19294da7df158dfca259d0e2b5866baaf9 gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 3b4d3c452440deb0138b6613caf2ce0cf49a29c4a4b61d5adc40682cf3197572 run #0: crashed: BUG: unable to handle kernel paging request in debug_check_no_obj_freed run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK representative crash: BUG: unable to handle kernel paging request in debug_check_no_obj_freed, types: [UNKNOWN] kconfig minimization: base=3923 full=7652 leaves diff=2002 split chunks (needed=false): <2002> split chunk #0 of len 2002 into 5 parts testing without sub-chunk 1/5 testing commit 28f20a19294da7df158dfca259d0e2b5866baaf9 gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 74a638279a66bff0ba55885c5ad9970acfa42e3c68f8235012d7c89a25f06339 run #0: crashed: general protection fault in unlink_anon_vmas run #1: crashed: general protection fault in __d_alloc run #2: crashed: general protection fault in __rhashtable_lookup run #3: crashed: general protection fault in update_load_avg run #4: crashed: kernel BUG in corrupted run #5: crashed: stack segment fault in __stack_depot_save run #6: crashed: go runtime error run #7: crashed: kernel BUG in corrupted run #8: crashed: general protection fault in cpuacct_charge run #9: crashed: possible deadlock in console_flush_all run #10: crashed: general protection fault in rcu_core run #11: crashed: general protection fault in mm_update_next_owner run #12: crashed: general protection fault in end_bio_bh_io_sync run #13: crashed: BUG: unable to handle kernel paging request in __run_timers run #14: crashed: general protection fault in update_curr run #15: crashed: general protection fault in mac80211_hwsim_tx_frame_no_nl run #16: crashed: KASAN: user-memory-access Write in filemap_get_entry run #17: crashed: kernel BUG in corrupted run #18: crashed: BUG: spinlock bad magic in corrupted run #19: OK representative crash: general protection fault in unlink_anon_vmas, types: [UNKNOWN BUG] the chunk can be dropped testing without sub-chunk 2/5 testing commit 28f20a19294da7df158dfca259d0e2b5866baaf9 gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 33cfcd7784c173301eb30c93b6aa5e272cd181d6a395c4f97037edcae7e82047 run #0: crashed: general protection fault in __hrtimer_run_queues run #1: crashed: stack segment fault in __stack_depot_save run #2: crashed: general protection fault in debug_check_no_obj_freed run #3: crashed: general protection fault in debug_check_no_obj_freed run #4: crashed: BUG: unable to handle kernel paging request in ext4_ext_remove_space run #5: crashed: BUG: unable to handle kernel paging request in ext4_ext_remove_space run #6: crashed: general protection fault in __find_get_block run #7: crashed: WARNING: locking bug in force_sig_info_to_task run #8: crashed: general protection fault in put_prev_entity run #9: crashed: BUG: unable to handle kernel paging request in debug_check_no_obj_freed run #10: crashed: general protection fault in do_iter_write run #11: crashed: general protection fault in cpuacct_account_field run #12: crashed: KASAN: wild-memory-access Read in fsnotify_perm run #13: crashed: general protection fault in cgroup_rstat_updated run #14: crashed: general protection fault in debug_check_no_obj_freed run #15: crashed: general protection fault in ext4_mb_new_blocks run #16: crashed: kernel BUG in corrupted run #17: crashed: BUG: unable to handle kernel paging request in ext4_ext_remove_space run #18: crashed: KASAN: stack-out-of-bounds Read in timerqueue_del run #19: OK representative crash: general protection fault in __hrtimer_run_queues, types: [UNKNOWN] the chunk can be dropped testing without sub-chunk 3/5 testing commit 28f20a19294da7df158dfca259d0e2b5866baaf9 gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: b078524d6e556e519083b7e5d6126b278fdb2314cd4dbaf025d45eac6e50b1dd run #0: crashed: kernel panic: corrupted stack end in vfs_fallocate run #1: crashed: WARNING: locking bug in psi_group_change run #2: crashed: BUG: unable to handle kernel paging request in pid_task run #3: crashed: general protection fault in enqueue_task_fair run #4: crashed: general protection fault in __hrtimer_run_queues run #5: crashed: KASAN: slab-out-of-bounds Read in cpuacct_charge run #6: crashed: general protection fault in timerqueue_del run #7: crashed: KASAN: wild-memory-access Read in mpage_process_page_bufs run #8: crashed: general protection fault in rcu_core run #9: crashed: general protection fault in __fget_files run #10: crashed: general protection fault in unregister_shrinker run #11: crashed: general protection fault in end_bio_bh_io_sync run #12: crashed: general protection fault in scan_positives run #13: crashed: general protection fault in __hrtimer_run_queues run #14: OK run #15: OK run #16: OK run #17: OK run #18: OK run #19: OK representative crash: kernel panic: corrupted stack end in vfs_fallocate, types: [UNKNOWN] the chunk can be dropped testing without sub-chunk 4/5 testing commit 28f20a19294da7df158dfca259d0e2b5866baaf9 gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 8f4612f34e11ea0a53d535f4544c58c6e5c518c6a39f20f9a9210ec75493c029 run #0: crashed: general protection fault in __cgroup_account_cputime_field run #1: crashed: BUG: unable to handle kernel paging request in __stack_depot_save run #2: crashed: kernel BUG in __phys_addr run #3: crashed: general protection fault in __d_lookup run #4: crashed: general protection fault in rcu_core run #5: crashed: general protection fault in do_lock_mount run #6: crashed: general protection fault in dequeue_task_fair run #7: crashed: general protection fault in __d_lookup_rcu run #8: crashed: general protection fault in debug_check_no_obj_freed run #9: crashed: general protection fault in __d_lookup_rcu run #10: crashed: general protection fault in cpuacct_account_field run #11: crashed: KASAN: stack-out-of-bounds Read in timerqueue_del run #12: crashed: general protection fault in vfs_write run #13: crashed: UBSAN: shift-out-of-bounds in __radix_tree_lookup run #14: crashed: general protection fault in corrupted run #15: crashed: kernel BUG in corrupted run #16: crashed: general protection fault in rcu_core run #17: OK run #18: OK run #19: OK representative crash: general protection fault in __cgroup_account_cputime_field, types: [UNKNOWN] the chunk can be dropped testing without sub-chunk 5/5 testing commit 28f20a19294da7df158dfca259d0e2b5866baaf9 gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 43e326e02036b85322513e01a61f209188a705028a44ee404c08217b48828fcb run #0: crashed: BUG: corrupted list in loop_queue_rq run #1: crashed: general protection fault in try_to_wake_up run #2: crashed: KASAN: stack-out-of-bounds Read in timerqueue_del run #3: crashed: WARNING: lock held when returning to user space in ksys_write run #4: crashed: go runtime error run #5: crashed: general protection fault in __d_lookup_rcu run #6: crashed: kernel BUG in __phys_addr run #7: crashed: kernel BUG in corrupted run #8: crashed: KFENCE: invalid read in ext4_ext_remove_space run #9: crashed: BUG: unable to handle kernel NULL pointer dereference in rcu_core run #10: crashed: KFENCE: invalid read in ext4_ext_remove_space run #11: crashed: general protection fault in locks_remove_posix run #12: crashed: kernel BUG in __phys_addr run #13: crashed: BUG: unable to handle kernel paging request in timerqueue_del run #14: crashed: general protection fault in do_lock_mount run #15: crashed: general protection fault in ext4_inode_table run #16: OK run #17: OK run #18: OK run #19: OK representative crash: general protection fault in try_to_wake_up, types: [UNKNOWN BUG] the chunk can be dropped testing current HEAD 791c8ab095f71327899023223940dd52257a4173 testing commit 791c8ab095f71327899023223940dd52257a4173 gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 7d607cc0628a9b60c35523b0b7880f9af6883e3f6362ce3d8ac418fe0fbf16e6 run #0: crashed: general protection fault in fsnotify run #1: crashed: go runtime error run #2: crashed: general protection fault in rcu_core run #3: crashed: general protection fault in rcu_core run #4: crashed: KFENCE: invalid read in ext4_ext_remove_space run #5: crashed: general protection fault in pid_task run #6: crashed: general protection fault in fsnotify_perm run #7: crashed: general protection fault in pid_task run #8: crashed: UBSAN: shift-out-of-bounds in __radix_tree_lookup run #9: crashed: KASAN: wild-memory-access Read in mpage_process_page_bufs run #10: crashed: general protection fault in corrupted run #11: crashed: general protection fault in pid_task run #12: crashed: UBSAN: shift-out-of-bounds in radix_tree_next_chunk run #13: crashed: KASAN: wild-memory-access Write in xas_set_mark run #14: crashed: KFENCE: invalid read in ext4_ext_remove_space run #15: crashed: general protection fault in end_bio_bh_io_sync run #16: OK run #17: OK run #18: OK run #19: OK representative crash: general protection fault in fsnotify, types: [UNKNOWN] crash still not fixed/happens on the oldest tested release reproducer is flaky (0.80 repro chance estimate) revisions tested: 8, total time: 4h54m36.257859383s (build: 2h54m35.201516351s, test: 1h47m47.948022415s) crash still not fixed or there were kernel test errors commit msg: Merge tag 'bcachefs-2023-11-17' of https://evilpiepirate.org/git/bcachefs crash: general protection fault in fsnotify EXT4-fs error (device loop0): ext4_ext_remove_space:2863: inode #16: comm syz-executor.0: path[1].p_hdr == NULL general protection fault, probably for non-canonical address 0xe03cfca51ffff1d6: 0000 [#1] PREEMPT SMP KASAN KASAN: maybe wild-memory-access in range [0x01e80528ffff8eb0-0x01e80528ffff8eb7] CPU: 1 PID: 4278 Comm: syz-executor.0 Not tainted 6.7.0-rc1-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023 RIP: 0010:fsnotify+0x38a/0x1730 fs/notify/fsnotify.c:522 Code: 80 3c 02 00 0f 85 1c 10 00 00 48 8b 5b 68 48 8d 85 30 06 00 00 48 89 04 24 48 c1 e8 03 48 89 c2 48 b8 00 00 00 00 00 fc ff df <80> 3c 02 00 0f 85 73 10 00 00 48 83 bd 30 06 00 00 00 0f 84 d8 0b RSP: 0018:ffffc900020af580 EFLAGS: 00010212 RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 0000000000000000 RDX: 003d00a51ffff1d6 RSI: ffffc900020af728 RDI: ffffc900020af630 RBP: 01e80528ffff8881 R08: 0000000000000000 R09: 0000000000000000 R10: ffffc900020af407 R11: 0000000000000001 R12: ffff88812552b460 R13: 0000000000000000 R14: 0000000000000000 R15: ffffc900020af5f8 FS: 00007ff858f4d6c0(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000020040000 CR3: 000000011f642000 CR4: 0000000000350ef0 Call Trace: fsnotify_sb_error include/linux/fsnotify.h:392 [inline] __ext4_error_inode+0x28a/0x5c0 fs/ext4/super.c:875 ext4_ext_remove_space+0x24b3/0x3e40 fs/ext4/extents.c:2863 ext4_punch_hole+0xb7f/0xf70 fs/ext4/inode.c:4019 ext4_fallocate+0x3af/0x3190 fs/ext4/extents.c:4707 vfs_fallocate+0x296/0xba0 fs/open.c:324 ioctl_preallocate+0x15b/0x1d0 fs/ioctl.c:291 file_ioctl fs/ioctl.c:334 [inline] do_vfs_ioctl+0x1336/0x14d0 fs/ioctl.c:850 __do_sys_ioctl fs/ioctl.c:869 [inline] __se_sys_ioctl fs/ioctl.c:857 [inline] __x64_sys_ioctl+0xcc/0x1a0 fs/ioctl.c:857 do_syscall_x64 arch/x86/entry/common.c:51 [inline] do_syscall_64+0x40/0xe0 arch/x86/entry/common.c:82 entry_SYSCALL_64_after_hwframe+0x63/0x6b RIP: 0033:0x7ff8593caae9 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ff858f4d0c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 00007ff8594e9f80 RCX: 00007ff8593caae9 RDX: 0000000020000080 RSI: 000000004030582b RDI: 0000000000000004 RBP: 00007ff85941647a R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 0000000000000016 R14: 00007ff8594e9f80 R15: 00007ffefd886f88 Modules linked in: ---[ end trace 0000000000000000 ]--- RIP: 0010:fsnotify+0x38a/0x1730 fs/notify/fsnotify.c:522 Code: 80 3c 02 00 0f 85 1c 10 00 00 48 8b 5b 68 48 8d 85 30 06 00 00 48 89 04 24 48 c1 e8 03 48 89 c2 48 b8 00 00 00 00 00 fc ff df <80> 3c 02 00 0f 85 73 10 00 00 48 83 bd 30 06 00 00 00 0f 84 d8 0b RSP: 0018:ffffc900020af580 EFLAGS: 00010212 RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 0000000000000000 RDX: 003d00a51ffff1d6 RSI: ffffc900020af728 RDI: ffffc900020af630 RBP: 01e80528ffff8881 R08: 0000000000000000 R09: 0000000000000000 R10: ffffc900020af407 R11: 0000000000000001 R12: ffff88812552b460 R13: 0000000000000000 R14: 0000000000000000 R15: ffffc900020af5f8 FS: 00007ff858f4d6c0(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000020040000 CR3: 000000011f642000 CR4: 0000000000350ef0 ---------------- Code disassembly (best guess): 0: 80 3c 02 00 cmpb $0x0,(%rdx,%rax,1) 4: 0f 85 1c 10 00 00 jne 0x1026 a: 48 8b 5b 68 mov 0x68(%rbx),%rbx e: 48 8d 85 30 06 00 00 lea 0x630(%rbp),%rax 15: 48 89 04 24 mov %rax,(%rsp) 19: 48 c1 e8 03 shr $0x3,%rax 1d: 48 89 c2 mov %rax,%rdx 20: 48 b8 00 00 00 00 00 movabs $0xdffffc0000000000,%rax 27: fc ff df * 2a: 80 3c 02 00 cmpb $0x0,(%rdx,%rax,1) <-- trapping instruction 2e: 0f 85 73 10 00 00 jne 0x10a7 34: 48 83 bd 30 06 00 00 cmpq $0x0,0x630(%rbp) 3b: 00 3c: 0f .byte 0xf 3d: 84 d8 test %bl,%al 3f: 0b .byte 0xb