ci starts bisection 2023-10-15 06:25:01.52300528 +0000 UTC m=+182428.019107570 bisecting fixing commit since 28f20a19294da7df158dfca259d0e2b5866baaf9 building syzkaller on 03d9c195daed8fca30b642783f35657aa7e32209 ensuring issue is reproducible on original commit 28f20a19294da7df158dfca259d0e2b5866baaf9 testing commit 28f20a19294da7df158dfca259d0e2b5866baaf9 gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 9f9d9e23f9a22f965851965d3f000d55100b356a4f47f9f64ad0c96732d36d05 run #0: crashed: general protection fault in __hrtimer_run_queues run #1: crashed: general protection fault in enqueue_entity run #2: crashed: kernel panic: corrupted stack end in corrupted run #3: crashed: general protection fault in debug_check_no_obj_freed run #4: crashed: general protection fault in __call_rcu_common run #5: crashed: general protection fault in process_one_work run #6: basic kernel testing failed: failed to copy binary to VM: failed to run ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "-v" "/tmp/syz-executor901696880" "root@10.128.1.171:./syz-executor901696880"]: exit status 255 Executing: program /usr/bin/ssh host 10.128.1.171, user root, command sftp OpenSSH_9.2p1 Debian-2, OpenSSL 3.0.9 30 May 2023 debug1: Reading configuration data /dev/null debug1: Connecting to 10.128.1.171 [10.128.1.171] port 22. debug1: connect to address 10.128.1.171 port 22: Connection timed out ssh: connect to host 10.128.1.171 port 22: Connection timed out scp: Connection closed run #7: crashed: general protection fault in __call_rcu_common run #8: crashed: general protection fault in corrupted run #9: crashed: general protection fault in update_curr run #10: crashed: general protection fault in debug_check_no_obj_freed run #11: crashed: BUG: unable to handle kernel paging request in generic_file_write_iter run #12: crashed: general protection fault in end_bio_bh_io_sync run #13: crashed: general protection fault in end_bio_bh_io_sync run #14: crashed: general protection fault in ext4_meta_trans_blocks run #15: crashed: general protection fault in locks_remove_posix run #16: crashed: general protection fault in ieee80211_rx_handlers run #17: crashed: general protection fault in __hrtimer_run_queues run #18: crashed: kernel BUG in corrupted run #19: crashed: general protection fault in debug_check_no_obj_freed representative crash: general protection fault in __hrtimer_run_queues, types: [UNKNOWN] check whether we can drop unnecessary instrumentation disabling configs for [ATOMIC_SLEEP HANG LEAK UBSAN BUG KASAN LOCKDEP], they are not needed testing commit 28f20a19294da7df158dfca259d0e2b5866baaf9 gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: dab2060f516203148b719e350cac955d97a224bbb08ab4ec6b2eea094504e576 run #0: crashed: kernel panic: corrupted stack end in corrupted run #1: crashed: kernel panic: corrupted stack end in corrupted run #2: crashed: kernel panic: corrupted stack end in corrupted run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK representative crash: kernel panic: corrupted stack end in corrupted, types: [UNKNOWN] kconfig minimization: base=3883 full=7652 leaves diff=1999 split chunks (needed=false): <1999> split chunk #0 of len 1999 into 5 parts testing without sub-chunk 1/5 testing commit 28f20a19294da7df158dfca259d0e2b5866baaf9 gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 9eb845a59b0f39e4966fa97ac858f2cfdfd83ffde474edf813d62d60ebcd4678 run #0: crashed: general protection fault in mm_update_next_owner run #1: crashed: BUG: unable to handle kernel paging request in ext4_ext_remove_space run #2: crashed: general protection fault in locks_remove_posix run #3: crashed: WARNING: locking bug in psi_group_change run #4: crashed: general protection fault in debug_check_no_obj_freed run #5: crashed: general protection fault in debug_check_no_obj_freed run #6: crashed: BUG: unable to handle kernel paging request in ext4_ext_remove_space run #7: crashed: BUG: unable to handle kernel paging request in ext4_ext_remove_space run #8: crashed: general protection fault in __mod_timer run #9: crashed: WARNING: locking bug in psi_group_change run #10: crashed: kernel BUG in __phys_addr run #11: crashed: general protection fault in refill_obj_stock run #12: crashed: BUG: unable to handle kernel NULL pointer dereference in rcu_core run #13: crashed: general protection fault in __d_lookup_rcu run #14: crashed: KASAN: wild-memory-access Read in ieee80211_rx_list run #15: crashed: general protection fault in hrtimer_nanosleep run #16: crashed: general protection fault in __hrtimer_run_queues run #17: crashed: no output from test machine run #18: crashed: BUG: unable to handle kernel paging request in ext4_ext_remove_space run #19: OK representative crash: general protection fault in mm_update_next_owner, types: [UNKNOWN] the chunk can be dropped testing without sub-chunk 2/5 testing commit 28f20a19294da7df158dfca259d0e2b5866baaf9 gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 0c1145bbe76bf1507ab27dcd3cb89c6eafdf54277ea670e96f2c6a3c17f9f97a run #0: crashed: general protection fault in preempt_count_add run #1: crashed: general protection fault in cpuacct_account_field run #2: crashed: general protection fault in mm_update_next_owner run #3: crashed: BUG: unable to handle kernel paging request in ext4_ext_remove_space run #4: crashed: general protection fault in mod_objcg_mlstate run #5: crashed: general protection fault in cpuacct_account_field run #6: crashed: general protection fault in __hrtimer_run_queues run #7: crashed: BUG: unable to handle kernel paging request in vfs_fsync run #8: crashed: kernel BUG in corrupted run #9: crashed: BUG: unable to handle kernel NULL pointer dereference in rcu_core run #10: crashed: general protection fault in end_bio_bh_io_sync run #11: crashed: general protection fault in __d_lookup run #12: crashed: general protection fault in psi_task_change run #13: crashed: BUG: unable to handle kernel paging request in corrupted run #14: crashed: BUG: unable to handle kernel paging request in ext4_ext_remove_space run #15: crashed: general protection fault in mm_update_next_owner run #16: crashed: general protection fault in common_perm_cond run #17: crashed: go runtime error run #18: crashed: general protection fault in debug_check_no_obj_freed run #19: crashed: kernel BUG in corrupted representative crash: general protection fault in preempt_count_add, types: [UNKNOWN] the chunk can be dropped testing without sub-chunk 3/5 testing commit 28f20a19294da7df158dfca259d0e2b5866baaf9 gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 7574f29efc89f042d17d412ebb64c13b29bef93a969896d1cfe46ac6813e6196 run #0: crashed: BUG: unable to handle kernel NULL pointer dereference in rcu_core run #1: crashed: BUG: unable to handle kernel paging request in generic_file_write_iter run #2: crashed: general protection fault in update_curr run #3: crashed: general protection fault in cpuacct_account_field run #4: crashed: WARNING: locking bug in psi_group_change run #5: crashed: general protection fault in loop_process_work run #6: crashed: general protection fault in process_one_work run #7: crashed: no output from test machine run #8: crashed: WARNING in corrupted run #9: basic kernel testing failed: failed to copy binary to VM: failed to run ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "-v" "/tmp/syz-executor4109512015" "root@10.128.1.47:./syz-executor4109512015"]: exit status 255 Executing: program /usr/bin/ssh host 10.128.1.47, user root, command sftp OpenSSH_9.2p1 Debian-2, OpenSSL 3.0.9 30 May 2023 debug1: Reading configuration data /dev/null debug1: Connecting to 10.128.1.47 [10.128.1.47] port 22. debug1: fd 3 clearing O_NONBLOCK debug1: Connection established. debug1: identity file /root/.ssh/id_rsa type -1 debug1: identity file /root/.ssh/id_rsa-cert type -1 debug1: identity file /root/.ssh/id_ecdsa type -1 debug1: identity file /root/.ssh/id_ecdsa-cert type -1 debug1: identity file /root/.ssh/id_ecdsa_sk type -1 debug1: identity file /root/.ssh/id_ecdsa_sk-cert type -1 debug1: identity file /root/.ssh/id_ed25519 type -1 debug1: identity file /root/.ssh/id_ed25519-cert type -1 debug1: identity file /root/.ssh/id_ed25519_sk type -1 debug1: identity file /root/.ssh/id_ed25519_sk-cert type -1 debug1: identity file /root/.ssh/id_xmss type -1 debug1: identity file /root/.ssh/id_xmss-cert type -1 debug1: identity file /root/.ssh/id_dsa type -1 debug1: identity file /root/.ssh/id_dsa-cert type -1 debug1: Local version string SSH-2.0-OpenSSH_9.2p1 Debian-2 Connection timed out during banner exchange Connection to 10.128.1.47 port 22 timed out scp: Connection closed run #10: crashed: BUG: unable to handle kernel paging request in corrupted run #11: crashed: general protection fault in io_serial_in run #12: OK run #13: OK run #14: crashed: BUG: unable to handle kernel paging request in corrupted run #15: OK run #16: OK run #17: OK run #18: OK run #19: OK representative crash: BUG: unable to handle kernel NULL pointer dereference in rcu_core, types: [UNKNOWN] the chunk can be dropped testing without sub-chunk 4/5 testing commit 28f20a19294da7df158dfca259d0e2b5866baaf9 gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 3fd20fdb093f4766e4123e7c9cf7f1411b543b23fdb55f07bd341331772db140 run #0: crashed: general protection fault,SeaBIOS (version NUM.NUM.NUM-google) run #1: crashed: go runtime error run #2: crashed: general protection fault in cpuacct_account_field run #3: crashed: WARNING: locking bug in lockref_get run #4: crashed: general protection fault in io_serial_in run #5: crashed: general protection fault in cpuacct_account_field run #6: crashed: general protection fault in rcu_core run #7: crashed: BUG: corrupted list in dquot_disable run #8: crashed: WARNING: locking bug in d_walk run #9: crashed: possible deadlock in task_fork_fair run #10: crashed: general protection fault in do_iter_write run #11: crashed: general protection fault in mm_update_next_owner run #12: crashed: general protection fault in __d_lookup run #13: crashed: general protection fault in cpuacct_charge run #14: crashed: general protection fault in rcu_core run #15: crashed: UBSAN: shift-out-of-bounds in __radix_tree_lookup run #16: crashed: general protection fault in __d_lookup_rcu run #17: basic kernel testing failed: failed to copy binary to VM: failed to run ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "-v" "/tmp/syz-executor1547398852" "root@10.128.0.201:./syz-executor1547398852"]: exit status 255 Executing: program /usr/bin/ssh host 10.128.0.201, user root, command sftp OpenSSH_9.2p1 Debian-2, OpenSSL 3.0.9 30 May 2023 debug1: Reading configuration data /dev/null debug1: Connecting to 10.128.0.201 [10.128.0.201] port 22. debug1: connect to address 10.128.0.201 port 22: Connection timed out ssh: connect to host 10.128.0.201 port 22: Connection timed out scp: Connection closed run #18: crashed: BUG: unable to handle kernel paging request in ext4_ext_remove_space run #19: OK representative crash: general protection fault,SeaBIOS (version NUM.NUM.NUM-google), types: [UNKNOWN] the chunk can be dropped testing without sub-chunk 5/5 testing commit 28f20a19294da7df158dfca259d0e2b5866baaf9 gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 670c693fcfea9d5ba8a74ff04f9f6c48fab04ac392a2733e2897ab3998bea9be run #0: crashed: KASAN: stack-out-of-bounds Read in timerqueue_del run #1: crashed: general protection fault in inode_permission run #2: crashed: general protection fault in __d_lookup run #3: crashed: KFENCE: invalid read in ext4_ext_remove_space run #4: crashed: BUG: unable to handle kernel paging request in ext4_ext_remove_space run #5: crashed: KFENCE: invalid read in ext4_ext_remove_space run #6: crashed: KFENCE: invalid read in ext4_ext_remove_space run #7: crashed: KFENCE: invalid read in ext4_ext_remove_space run #8: crashed: general protection fault in dquot_disable run #9: crashed: go runtime error run #10: crashed: general protection fault in end_bio_bh_io_sync run #11: crashed: BUG: unable to handle kernel paging request in corrupted run #12: crashed: general protection fault in process_one_work run #13: crashed: kernel BUG in __phys_addr run #14: crashed: general protection fault in __d_lookup run #15: crashed: general protection fault in enqueue_task_fair run #16: crashed: general protection fault in wait_consider_task run #17: OK run #18: OK run #19: OK representative crash: general protection fault in inode_permission, types: [UNKNOWN] the chunk can be dropped testing current HEAD 9a3dad63edbe9a2ab2be1e7361a2133f519f855b testing commit 9a3dad63edbe9a2ab2be1e7361a2133f519f855b gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 07ec02ddde914a83258e65d136205420910883b2b8aa88333ec83e5564d60ef4 run #0: crashed: general protection fault in ext4_sb_block_valid run #1: crashed: UBSAN: shift-out-of-bounds in __radix_tree_lookup run #2: crashed: BUG: unable to handle kernel NULL pointer dereference in rcu_core run #3: crashed: kernel BUG in __phys_addr run #4: crashed: UBSAN: shift-out-of-bounds in __radix_tree_lookup run #5: crashed: general protection fault in mm_update_next_owner run #6: crashed: general protection fault in find_get_entry run #7: crashed: WARNING: locking bug in offset_readdir run #8: crashed: BUG: unable to handle kernel NULL pointer dereference in rcu_core run #9: crashed: general protection fault in read_mmp_block run #10: crashed: WARNING: locking bug in lockref_get run #11: crashed: BUG: corrupted list in new_inode run #12: crashed: KASAN: user-memory-access Read in ext4_setattr run #13: crashed: general protection fault in debug_check_no_obj_freed run #14: crashed: kernel BUG in __phys_addr run #15: OK run #16: OK run #17: OK run #18: OK run #19: OK representative crash: general protection fault in ext4_sb_block_valid, types: [UNKNOWN BUG UBSAN] crash still not fixed/happens on the oldest tested release reproducer is flaky (0.85 repro chance estimate) revisions tested: 8, total time: 2h32m7.190949139s (build: 49m53.328453722s, test: 1h37m27.417944161s) crash still not fixed or there were kernel test errors commit msg: Merge tag '6.6-rc5-ksmbd-server-fixes' of git://git.samba.org/ksmbd crash: general protection fault in ext4_sb_block_valid general protection fault, probably for non-canonical address 0xdffffc0020000003: 0000 [#1] PREEMPT SMP KASAN KASAN: probably user-memory-access in range [0x0000000100000018-0x000000010000001f] CPU: 1 PID: 4191 Comm: syz-executor.5 Not tainted 6.6.0-rc5-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023 RIP: 0010:ext4_sb_block_valid+0x1ff/0x4b0 fs/ext4/block_validity.c:322 Code: 3c 02 00 0f 85 ae 02 00 00 48 8b 1b 49 83 ec 01 49 bf 00 00 00 00 00 fc ff df 48 85 db 74 42 48 8d 7b 18 48 89 f8 48 c1 e8 03 <42> 80 3c 38 00 0f 85 18 02 00 00 48 8b 6b 18 49 39 ec 0f 83 f4 00 RSP: 0018:ffffc90001a7ede8 EFLAGS: 00010216 RAX: 0000000020000003 RBX: 0000000100000000 RCX: 0000000000000001 RDX: 1ffff11022c19738 RSI: ffffffff83675ae0 RDI: 0000000100000018 RBP: 0000105f00000000 R08: 0000000000000000 R09: fffffbfff0ce5538 R10: ffffffff8672a9c7 R11: 0000000000024000 R12: 0000000000000027 R13: ffff8881206d1680 R14: 0000000000000027 R15: dffffc0000000000 FS: 00007fdd9cc4e6c0(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000020009000 CR3: 00000001223eb000 CR4: 0000000000350ee0 Call Trace: ext4_mb_mark_diskspace_used+0x445/0x11a0 fs/ext4/mballoc.c:4006 ext4_mb_new_blocks+0x795/0x4680 fs/ext4/mballoc.c:6243 Modules linked in: ---------------- Code disassembly (best guess): 0: 3c 02 cmp $0x2,%al 2: 00 0f add %cl,(%rdi) 4: 85 ae 02 00 00 48 test %ebp,0x48000002(%rsi) a: 8b 1b mov (%rbx),%ebx c: 49 83 ec 01 sub $0x1,%r12 10: 49 bf 00 00 00 00 00 movabs $0xdffffc0000000000,%r15 17: fc ff df 1a: 48 85 db test %rbx,%rbx 1d: 74 42 je 0x61 1f: 48 8d 7b 18 lea 0x18(%rbx),%rdi 23: 48 89 f8 mov %rdi,%rax 26: 48 c1 e8 03 shr $0x3,%rax * 2a: 42 80 3c 38 00 cmpb $0x0,(%rax,%r15,1) <-- trapping instruction 2f: 0f 85 18 02 00 00 jne 0x24d 35: 48 8b 6b 18 mov 0x18(%rbx),%rbp 39: 49 39 ec cmp %rbp,%r12 3c: 0f .byte 0xf 3d: 83 f4 00 xor $0x0,%esp