ci starts bisection 2023-11-30 06:34:27.03355513 +0000 UTC m=+10576.433454525
bisecting fixing commit since 1c7873e3364570ec89343ff4877e0f27a7b21a61
building syzkaller on 668cb1fa42960ece96b7da8d9204e486ba6dcdf6
ensuring issue is reproducible on original commit 1c7873e3364570ec89343ff4877e0f27a7b21a61
testing commit 1c7873e3364570ec89343ff4877e0f27a7b21a61 gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 2258e963471384aa4abb3142117489930d48aa681d3e039b9e58dc9f63c2f744
run #0: crashed: WARNING: locking bug in ext4_xattr_inode_update_ref
run #1: crashed: INFO: task hung in ext4_evict_ea_inode
run #2: crashed: INFO: task hung in find_inode_fast
run #3: crashed: INFO: task hung in find_inode_fast
run #4: crashed: INFO: task hung in find_inode_fast
run #5: crashed: INFO: task hung in ext4_evict_ea_inode
run #6: crashed: INFO: task hung in find_inode_fast
run #7: crashed: INFO: task hung in find_inode_fast
run #8: crashed: INFO: task hung in find_inode_fast
run #9: crashed: INFO: task hung in find_inode_fast
run #10: crashed: INFO: task hung in find_inode_fast
run #11: crashed: INFO: task hung in find_inode_fast
run #12: crashed: INFO: task hung in ext4_evict_ea_inode
run #13: crashed: INFO: task hung in find_inode_fast
run #14: crashed: INFO: task hung in find_inode_fast
run #15: OK
run #16: OK
run #17: OK
run #18: OK
run #19: OK
representative crash: INFO: task hung in ext4_evict_ea_inode, types: [HANG]
check whether we can drop unnecessary instrumentation
disabling configs for [KASAN LOCKDEP ATOMIC_SLEEP LEAK UBSAN BUG], they are not needed
testing commit 1c7873e3364570ec89343ff4877e0f27a7b21a61 gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 33c6863a8dde048e23e98549ab1c763cbc531338fedcab4355ee057d7cfacb49
all runs: OK
false negative chance: 0.000
kconfig minimization: base=3915 full=7644 leaves diff=2004
split chunks (needed=false): <2004>
split chunk #0 of len 2004 into 5 parts
testing without sub-chunk 1/5
testing commit 1c7873e3364570ec89343ff4877e0f27a7b21a61 gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: b957a3a186b648476eb9fc0f911c06ed511e9d355dda7c382b6694d908ee6224
run #0: crashed: INFO: task hung in find_inode_fast
run #1: crashed: INFO: task hung in ext4_evict_ea_inode
run #2: crashed: INFO: task hung in find_inode_fast
run #3: crashed: INFO: task hung in find_inode_fast
run #4: crashed: INFO: task hung in ext4_evict_ea_inode
run #5: crashed: INFO: task hung in find_inode_fast
run #6: crashed: INFO: task hung in find_inode_fast
run #7: crashed: INFO: task hung in ext4_evict_ea_inode
run #8: crashed: INFO: task hung in find_inode_fast
run #9: OK
representative crash: INFO: task hung in find_inode_fast, types: [HANG]
the chunk can be dropped
testing without sub-chunk 2/5
testing commit 1c7873e3364570ec89343ff4877e0f27a7b21a61 gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 3e6bb0d714bb734b8424fd7149f290e89216b5b52bfffe1d99ea3afce3ab0561
run #0: crashed: INFO: task hung in find_inode_fast
run #1: crashed: INFO: task hung in ext4_evict_ea_inode
run #2: crashed: INFO: task hung in find_inode_fast
run #3: crashed: INFO: task hung in find_inode_fast
run #4: crashed: INFO: task hung in find_inode_fast
run #5: crashed: INFO: task hung in ext4_evict_ea_inode
run #6: crashed: INFO: task hung in ext4_evict_ea_inode
run #7: crashed: INFO: task hung in ext4_evict_ea_inode
run #8: crashed: INFO: task hung in find_inode_fast
run #9: crashed: INFO: task hung in find_inode_fast
representative crash: INFO: task hung in find_inode_fast, types: [HANG]
the chunk can be dropped
testing without sub-chunk 3/5
testing commit 1c7873e3364570ec89343ff4877e0f27a7b21a61 gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 246ff1fc6e999c9c8218fd0505f9ec8dabd07d0a7ddcaa3c9b383d48e17b762b
run #0: crashed: INFO: task hung in find_inode_fast
run #1: crashed: INFO: task hung in find_inode_fast
run #2: crashed: INFO: task hung in find_inode_fast
run #3: crashed: INFO: task hung in find_inode_fast
run #4: crashed: INFO: task hung in ext4_evict_ea_inode
run #5: crashed: INFO: task hung in find_inode_fast
run #6: crashed: INFO: task hung in find_inode_fast
run #7: crashed: INFO: task hung in ext4_evict_ea_inode
run #8: OK
run #9: OK
representative crash: INFO: task hung in find_inode_fast, types: [HANG]
the chunk can be dropped
testing without sub-chunk 4/5
testing commit 1c7873e3364570ec89343ff4877e0f27a7b21a61 gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 1dfabcaf3831a6495cd70e6777e6623ca438755111d034ff7260c23b4c500676
run #0: crashed: INFO: task hung in ext4_evict_ea_inode
run #1: crashed: INFO: task hung in ext4_evict_ea_inode
run #2: crashed: INFO: task hung in find_inode_fast
run #3: crashed: INFO: task hung in ext4_evict_ea_inode
run #4: crashed: INFO: task hung in find_inode_fast
run #5: crashed: INFO: task hung in ext4_evict_ea_inode
run #6: crashed: INFO: task hung in find_inode_fast
run #7: crashed: INFO: task hung in ext4_evict_ea_inode
run #8: crashed: INFO: task hung in find_inode_fast
run #9: OK
representative crash: INFO: task hung in ext4_evict_ea_inode, types: [HANG]
the chunk can be dropped
testing without sub-chunk 5/5
testing commit 1c7873e3364570ec89343ff4877e0f27a7b21a61 gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: e4b7aab9ab58b6ea8c3766e0f24d16616cc97bc400c51c281fe66c88974b9b09
run #0: crashed: INFO: task hung in find_inode_fast
run #1: crashed: INFO: task hung in ext4_evict_ea_inode
run #2: crashed: INFO: task hung in find_inode_fast
run #3: crashed: INFO: task hung in corrupted
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
representative crash: INFO: task hung in find_inode_fast, types: [HANG]
the chunk can be dropped
testing current HEAD 3b47bc037bd44f142ac09848e8d3ecccc726be99
testing commit 3b47bc037bd44f142ac09848e8d3ecccc726be99 gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 2eecacaadd638330710a6559748550d792ba3061189136b0b83216880347848c
run #0: crashed: INFO: task hung in ext4_evict_ea_inode
run #1: crashed: INFO: task hung in ext4_evict_ea_inode
run #2: OK
run #3: OK
run #4: crashed: INFO: task hung in ext4_evict_ea_inode
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
run #10: OK
run #11: OK
run #12: OK
run #13: OK
run #14: OK
run #15: OK
run #16: OK
run #17: OK
run #18: OK
run #19: OK
representative crash: INFO: task hung in ext4_evict_ea_inode, types: [HANG]
crash still not fixed/happens on the oldest tested release
reproducer is flaky (0.40 repro chance estimate)
revisions tested: 8, total time: 2h38m33.691197108s (build: 58m10.027435185s, test: 1h34m8.35489219s)
crash still not fixed or there were kernel test errors
commit msg: Merge tag 'pinctrl-v6.7-2' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl
crash: INFO: task hung in ext4_evict_ea_inode
INFO: task syz-executor.0:10523 blocked for more than 143 seconds.
Not tainted 6.7.0-rc3-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor.0 state:D stack:23024 pid:10523 tgid:10520 ppid:1426 flags:0x00004006
Call Trace:
context_switch kernel/sched/core.c:5376 [inline]
__schedule+0x15f5/0x2320 kernel/sched/core.c:6688
__schedule_loop kernel/sched/core.c:6763 [inline]
schedule+0x149/0x260 kernel/sched/core.c:6778
mb_cache_entry_wait_unused+0x16e/0x200 fs/mbcache.c:148
ext4_evict_ea_inode+0x169/0x2b0 fs/ext4/xattr.c:480
ext4_evict_inode+0x117/0xc40 fs/ext4/inode.c:180
evict+0x262/0x550 fs/inode.c:666
ext4_xattr_set_entry+0x2b0a/0x3dd0 fs/ext4/xattr.c:1870
ext4_xattr_block_set+0x66f/0x3310 fs/ext4/xattr.c:1970
ext4_xattr_set_handle+0xb0f/0x1270 fs/ext4/xattr.c:2456
ext4_xattr_set+0x218/0x370 fs/ext4/xattr.c:2558
__vfs_setxattr+0x334/0x380 fs/xattr.c:201
__vfs_setxattr_noperm+0x106/0x4c0 fs/xattr.c:235
vfs_setxattr+0x1d3/0x350 fs/xattr.c:322
do_setxattr fs/xattr.c:630 [inline]
setxattr+0x182/0x1f0 fs/xattr.c:653
path_setxattr+0x17d/0x230 fs/xattr.c:672
__do_sys_setxattr fs/xattr.c:688 [inline]
__se_sys_setxattr fs/xattr.c:684 [inline]
__x64_sys_setxattr+0xb6/0xd0 fs/xattr.c:684
do_syscall_x64 arch/x86/entry/common.c:51 [inline]
do_syscall_64+0x45/0xe0 arch/x86/entry/common.c:82
entry_SYSCALL_64_after_hwframe+0x63/0x6b
RIP: 0033:0x7f2f61f6eb29
RSP: 002b:00007f2f61af10c8 EFLAGS: 00000246 ORIG_RAX: 00000000000000bc
RAX: ffffffffffffffda RBX: 00007f2f6208df80 RCX: 00007f2f61f6eb29
RDX: 0000000000000000 RSI: 0000000020000200 RDI: 00000000200001c0
RBP: 00007f2f61fba47a R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000006 R14: 00007f2f6208df80 R15: 00007fff4e610fa8
INFO: task syz-executor.0:10545 blocked for more than 143 seconds.
Not tainted 6.7.0-rc3-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor.0 state:D stack:25488 pid:10545 tgid:10520 ppid:1426 flags:0x00004006
Call Trace:
context_switch kernel/sched/core.c:5376 [inline]
__schedule+0x15f5/0x2320 kernel/sched/core.c:6688
__schedule_loop kernel/sched/core.c:6763 [inline]
schedule+0x149/0x260 kernel/sched/core.c:6778
__wait_on_freeing_inode fs/inode.c:2281 [inline]
find_inode_fast+0x2e8/0x3d0 fs/inode.c:938
iget_locked+0x9b/0x720 fs/inode.c:1303
__ext4_iget+0x2ab/0x3ca0 fs/ext4/inode.c:4712
ext4_xattr_inode_cache_find fs/ext4/xattr.c:1542 [inline]
ext4_xattr_inode_lookup_create fs/ext4/xattr.c:1577 [inline]
ext4_xattr_set_entry+0x12ee/0x3dd0 fs/ext4/xattr.c:1719
ext4_xattr_block_set+0xbf4/0x3310 fs/ext4/xattr.c:2039
ext4_xattr_set_handle+0xb0f/0x1270 fs/ext4/xattr.c:2456
ext4_xattr_set+0x218/0x370 fs/ext4/xattr.c:2558
__vfs_setxattr+0x334/0x380 fs/xattr.c:201
__vfs_setxattr_noperm+0x106/0x4c0 fs/xattr.c:235
vfs_setxattr+0x1d3/0x350 fs/xattr.c:322
do_setxattr fs/xattr.c:630 [inline]
setxattr+0x182/0x1f0 fs/xattr.c:653
path_setxattr+0x17d/0x230 fs/xattr.c:672
__do_sys_setxattr fs/xattr.c:688 [inline]
__se_sys_setxattr fs/xattr.c:684 [inline]
__x64_sys_setxattr+0xb6/0xd0 fs/xattr.c:684
do_syscall_x64 arch/x86/entry/common.c:51 [inline]
do_syscall_64+0x45/0xe0 arch/x86/entry/common.c:82
entry_SYSCALL_64_after_hwframe+0x63/0x6b
RIP: 0033:0x7f2f61f6eb29
RSP: 002b:00007f2f597100c8 EFLAGS: 00000246 ORIG_RAX: 00000000000000bc
RAX: ffffffffffffffda RBX: 00007f2f6208e050 RCX: 00007f2f61f6eb29
RDX: 00000000200005c0 RSI: 0000000020000180 RDI: 00000000200000c0
RBP: 00007f2f61fba47a R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000002000 R11: 0000000000000246 R12: 0000000000000000
R13: 000000000000006e R14: 00007f2f6208e050 R15: 00007fff4e610fa8
Showing all locks held in the system:
1 lock held by khungtaskd/27:
#0: ffffffff8405fdc0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:301 [inline]
#0: ffffffff8405fdc0 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:747 [inline]
#0: ffffffff8405fdc0 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x55/0x2a0 kernel/locking/lockdep.c:6614
2 locks held by getty/779:
#0: ffff88810235e0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x20/0x60 drivers/tty/tty_ldisc.c:243
#1: ffffc900000432f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x648/0x18e0 drivers/tty/n_tty.c:2201
3 locks held by syz-executor.0/10523:
#0: ffff888117a443f0 (sb_writers#4){.+.+}-{0:0}, at: mnt_want_write+0x3a/0x70 fs/namespace.c:404
#1: ffff88812449f0f8 (&type->i_mutex_dir_key#3){++++}-{3:3}, at: inode_lock include/linux/fs.h:802 [inline]
#1: ffff88812449f0f8 (&type->i_mutex_dir_key#3){++++}-{3:3}, at: vfs_setxattr+0x192/0x350 fs/xattr.c:321
#2: ffff88812449edc0 (&ei->xattr_sem){++++}-{3:3}, at: ext4_write_lock_xattr fs/ext4/xattr.h:155 [inline]
#2: ffff88812449edc0 (&ei->xattr_sem){++++}-{3:3}, at: ext4_xattr_set_handle+0x23b/0x1270 fs/ext4/xattr.c:2371
3 locks held by syz-executor.0/10545:
#0: ffff888117a443f0 (sb_writers#4){.+.+}-{0:0}, at: mnt_want_write+0x3a/0x70 fs/namespace.c:404
#1: ffff88812051bf70 (&sb->s_type->i_mutex_key#6){++++}-{3:3}, at: inode_lock include/linux/fs.h:802 [inline]
#1: ffff88812051bf70 (&sb->s_type->i_mutex_key#6){++++}-{3:3}, at: vfs_setxattr+0x192/0x350 fs/xattr.c:321
#2: ffff88812051bc38 (&ei->xattr_sem){++++}-{3:3}, at: ext4_write_lock_xattr fs/ext4/xattr.h:155 [inline]
#2: ffff88812051bc38 (&ei->xattr_sem){++++}-{3:3}, at: ext4_xattr_set_handle+0x23b/0x1270 fs/ext4/xattr.c:2371
3 locks held by syz-executor.2/14399:
#0: ffff8881164523f0 (sb_writers#4){.+.+}-{0:0}, at: mnt_want_write+0x3a/0x70 fs/namespace.c:404
#1: ffff888124568400 (&sb->s_type->i_mutex_key#6){++++}-{3:3}, at: inode_lock include/linux/fs.h:802 [inline]
#1: ffff888124568400 (&sb->s_type->i_mutex_key#6){++++}-{3:3}, at: vfs_setxattr+0x192/0x350 fs/xattr.c:321
#2: ffff8881245680c8 (&ei->xattr_sem){++++}-{3:3}, at: ext4_write_lock_xattr fs/ext4/xattr.h:155 [inline]
#2: ffff8881245680c8 (&ei->xattr_sem){++++}-{3:3}, at: ext4_xattr_set_handle+0x23b/0x1270 fs/ext4/xattr.c:2371
3 locks held by syz-executor.2/14423:
#0: ffff8881164523f0 (sb_writers#4){.+.+}-{0:0}, at: mnt_want_write+0x3a/0x70 fs/namespace.c:404
#1: ffff888112b721b8 (&type->i_mutex_dir_key#3){++++}-{3:3}, at: inode_lock include/linux/fs.h:802 [inline]
#1: ffff888112b721b8 (&type->i_mutex_dir_key#3){++++}-{3:3}, at: vfs_setxattr+0x192/0x350 fs/xattr.c:321
#2: ffff888112b71e80 (&ei->xattr_sem){++++}-{3:3}, at: ext4_write_lock_xattr fs/ext4/xattr.h:155 [inline]
#2: ffff888112b71e80 (&ei->xattr_sem){++++}-{3:3}, at: ext4_xattr_set_handle+0x23b/0x1270 fs/ext4/xattr.c:2371
=============================================
NMI backtrace for cpu 1
CPU: 1 PID: 27 Comm: khungtaskd Not tainted 6.7.0-rc3-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023
Call Trace:
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x167/0x220 lib/dump_stack.c:106
nmi_cpu_backtrace+0x34f/0x380 lib/nmi_backtrace.c:113
nmi_trigger_cpumask_backtrace+0x104/0x200 lib/nmi_backtrace.c:62
trigger_all_cpu_backtrace include/linux/nmi.h:160 [inline]
check_hung_uninterruptible_tasks kernel/hung_task.c:222 [inline]
watchdog+0xb34/0xb70 kernel/hung_task.c:379
kthread+0x27d/0x2f0 kernel/kthread.c:388
ret_from_fork+0x2e/0x60 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:242
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 PID: 537 Comm: kworker/u4:11 Not tainted 6.7.0-rc3-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023
Workqueue: events_unbound toggle_allocation_gate
RIP: 0010:lookup_object lib/debugobjects.c:195 [inline]
RIP: 0010:lookup_object_or_alloc lib/debugobjects.c:564 [inline]
RIP: 0010:debug_object_assert_init+0x1ae/0x420 lib/debugobjects.c:929
Code: 4c 8b 2b 4d 85 ed 4d 89 e7 74 51 31 db eb 0b 4d 8b 6d 00 ff c3 4d 85 ed 74 44 4d 8d 65 18 4c 89 e0 48 c1 e8 03 42 80 3c 30 00 <74> 08 4c 89 e7 e8 c8 1d 76 ff 4c 89 f8 4d 39 3c 24 4d 89 fc 0f 84
RSP: 0018:ffffc9000220f7c0 EFLAGS: 00000046
RAX: 1ffff1102000afd8 RBX: 0000000000000001 RCX: 0000000000000001
RDX: dffffc0000000000 RSI: 0000000000000004 RDI: ffffc9000220f6a0
RBP: ffffc9000220f8d0 R08: 0000000000000003 R09: fffff52000441ed4
R10: dffffc0000000000 R11: fffff52000441ed4 R12: ffff888100057ec0
R13: ffff888100057ea8 R14: dffffc0000000000 R15: ffffffff86c213e8
FS: 0000000000000000(0000) GS:ffff8881f7200000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055f90caf5008 CR3: 0000000003e7e000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
debug_timer_assert_init kernel/time/timer.c:792 [inline]
debug_assert_init kernel/time/timer.c:837 [inline]
__mod_timer+0xfa/0xc00 kernel/time/timer.c:1020
queue_delayed_work_on+0x104/0x1c0 kernel/workqueue.c:1986
queue_delayed_work include/linux/workqueue.h:577 [inline]
toggle_allocation_gate+0x18c/0x1e0 mm/kfence/core.c:837
process_one_work kernel/workqueue.c:2630 [inline]
process_scheduled_works+0x82f/0x1100 kernel/workqueue.c:2703
worker_thread+0x887/0xd40 kernel/workqueue.c:2784
kthread+0x27d/0x2f0 kernel/kthread.c:388
ret_from_fork+0x2e/0x60 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:242