bisecting cause commit starting from 5d30bcacd91af6874481129797af364a53cd9b46 building syzkaller on a8c6a3f8da30ccf825c6001c81a8adff21829c30 testing commit 5d30bcacd91af6874481129797af364a53cd9b46 with gcc (GCC) 8.1.0 kernel signature: 478c0be1fd00bbeb727b234634423f8f756d6e866661766894945a1fb42f31e2 all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in generic_perform_write testing release v5.6 testing commit 7111951b8d4973bda27ff663f2cf18b663d15b48 with gcc (GCC) 8.1.0 kernel signature: 5942c2278b48d5a16945de89fd4e10009b9b40998748578ff81f84c274ba386b all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in generic_perform_write testing release v5.5 testing commit d5226fa6dbae0569ee43ecfc08bdcd6770fc4755 with gcc (GCC) 8.1.0 kernel signature: d4b1e078c87aa8cf6999f9aeaab0c1dbe6fbf5111a8d233296488cbeebb38007 all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in generic_perform_write testing release v5.4 testing commit 219d54332a09e8d8741c1e1982f5eae56099de85 with gcc (GCC) 8.1.0 kernel signature: 1208e7ca44cf784a674d2ed442a523272dd22d810f32b44ef044ba1b340ffa2b all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in generic_perform_write testing release v5.3 testing commit 4d856f72c10ecb060868ed10ff1b1453943fc6c8 with gcc (GCC) 8.1.0 kernel signature: 81d11409b95871c4e32f30f895f142906d4ecc4582596ec737c70afd1fb97b53 all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in generic_perform_write testing release v5.2 testing commit 0ecfebd2b52404ae0c54a878c872bb93363ada36 with gcc (GCC) 8.1.0 kernel signature: 48f393f88cf1ebadf7dbd4b12d63f6cdb50edd7fb059f5b6d6955ed058e95f45 all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in generic_perform_write testing release v5.1 testing commit e93c9c99a629c61837d5a7fc2120cd2b6c70dbdd with gcc (GCC) 8.1.0 kernel signature: b9339140507d6e5d033bf5cb05d05c8ecd5cbe6a4d11d0bbf1ad567153262dbd all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in generic_perform_write testing release v5.0 testing commit 1c163f4c7b3f621efff9b28a47abb36f7378d783 with gcc (GCC) 8.1.0 kernel signature: cf5ef3a21159f52ff0877845314762a190e776cdb48391e3cd0ed552de81715f all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in __generic_file_write_iter testing release v4.20 testing commit 8fe28cb58bcb235034b64cbbb7550a8a43fd88be with gcc (GCC) 8.1.0 kernel signature: d526ef4c2f71c48aca74804648200c004509785a2fb23211d2b8d3e58ba63298 all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in __generic_file_write_iter testing release v4.19 testing commit 84df9525b0c27f3ebc2ebb1864fa62a97fdedb7d with gcc (GCC) 8.1.0 kernel signature: aaf45e6c14642e3f0b5bc742c0ae3a33c36cea8db5ad7ec9b1a2bd25b7eaa3d1 all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in __generic_file_write_iter testing release v4.18 testing commit 94710cac0ef4ee177a63b5227664b38c95bbf703 with gcc (GCC) 8.1.0 kernel signature: 5bd2271ca3145f178e4585bff77ab08c0ba04c30285d4b9ca2c9c16ab275993c all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in __generic_file_write_iter testing release v4.17 testing commit 29dcea88779c856c7dc92040a0c01233263101d4 with gcc (GCC) 8.1.0 kernel signature: 03ffa9a64a4815e75856c59a48da66ee286246efeeefd43b64b77a607557ff50 all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in __generic_file_write_iter testing release v4.16 testing commit 0adb32858b0bddf4ada5f364a84ed60b196dbcda with gcc (GCC) 8.1.0 kernel signature: 8c7fb204e8f05a5769d38146008e6cfa86f8bb20ff5631f22389184f554da2f6 all runs: OK # git bisect start 29dcea88779c856c7dc92040a0c01233263101d4 0adb32858b0bddf4ada5f364a84ed60b196dbcda Bisecting: 7380 revisions left to test after this (roughly 13 steps) [97b1255cb27c551d7c3c5c496d787da40772da99] mm,oom_reaper: check for MMF_OOM_SKIP before complaining testing commit 97b1255cb27c551d7c3c5c496d787da40772da99 with gcc (GCC) 8.1.0 kernel signature: ee802857da50eec1db973718ae39e072e4911801cdf47d57b39e1cb5805fda39 all runs: OK # git bisect good 97b1255cb27c551d7c3c5c496d787da40772da99 Bisecting: 3715 revisions left to test after this (roughly 12 steps) [5e630afdcb82779f5bf03fd4a5e86adc56fe7c8a] Merge tag 'fbdev-v4.17' of git://github.com/bzolnier/linux testing commit 5e630afdcb82779f5bf03fd4a5e86adc56fe7c8a with gcc (GCC) 8.1.0 kernel signature: b2beffeaf293b916f4df908912fd9822084237ab5e576abcd4295f8152d5daac all runs: OK # git bisect good 5e630afdcb82779f5bf03fd4a5e86adc56fe7c8a Bisecting: 1873 revisions left to test after this (roughly 11 steps) [d19efb729f10339f91c35003d480dc718cae3b3c] Merge branch '1GbE' of git://git.kernel.org/pub/scm/linux/kernel/git/jkirsher/net-queue testing commit d19efb729f10339f91c35003d480dc718cae3b3c with gcc (GCC) 8.1.0 kernel signature: 9ac7d5f0f9c40245e0136cb222e48d3ada22d425d61fa98af35f8ac0d1f92454 all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in __generic_file_write_iter # git bisect bad d19efb729f10339f91c35003d480dc718cae3b3c Bisecting: 917 revisions left to test after this (roughly 10 steps) [16e205cf42da1f497b10a4a24f563e6c0d574eec] Merge tag 'drm-fixes-for-v4.17-rc1' of git://people.freedesktop.org/~airlied/linux testing commit 16e205cf42da1f497b10a4a24f563e6c0d574eec with gcc (GCC) 8.1.0 kernel signature: 92c73efd8c0f149f77e2534fd90948645be9f83ac9615b0097b479e20b9c120b all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in __generic_file_write_iter # git bisect bad 16e205cf42da1f497b10a4a24f563e6c0d574eec Bisecting: 463 revisions left to test after this (roughly 9 steps) [67698287031be7c1821f9b151237ca8cdb231fd1] parisc: Prevent panic at system halt testing commit 67698287031be7c1821f9b151237ca8cdb231fd1 with gcc (GCC) 8.1.0 kernel signature: c4492d64347290e08d0cafe848a70544c35a8e80b81d1b50b44aebc47a885957 all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in __generic_file_write_iter # git bisect bad 67698287031be7c1821f9b151237ca8cdb231fd1 Bisecting: 219 revisions left to test after this (roughly 8 steps) [2a56bb596b2c1fb612f9988afda9655c8c872a6e] Merge tag 'trace-v4.17' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace testing commit 2a56bb596b2c1fb612f9988afda9655c8c872a6e with gcc (GCC) 8.1.0 kernel signature: 1460c9b4f5a81e366d469794c46866048c5b92c641b6957fe72e4564c4f5ff9d all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in __generic_file_write_iter # git bisect bad 2a56bb596b2c1fb612f9988afda9655c8c872a6e Bisecting: 119 revisions left to test after this (roughly 7 steps) [f441f98f5834a7f9734f6b183b5580f510344a87] rtc: mrst: remove artificial limitation testing commit f441f98f5834a7f9734f6b183b5580f510344a87 with gcc (GCC) 8.1.0 kernel signature: b381279c04d2209f1558858b8e6ba3ed15d1de8c03afe91fe78255c6f0d6ea9e all runs: OK # git bisect good f441f98f5834a7f9734f6b183b5580f510344a87 Bisecting: 59 revisions left to test after this (roughly 6 steps) [927e56db6253225166d521cee3772624347b5cd5] ring-buffer: Add set/clear_current_oom_origin() during allocations testing commit 927e56db6253225166d521cee3772624347b5cd5 with gcc (GCC) 8.1.0 kernel signature: 65a453214c04d6e85ee0a393c5dbacaa190d7d5192b8d50fa47c2fa4fa585e00 all runs: OK # git bisect good 927e56db6253225166d521cee3772624347b5cd5 Bisecting: 29 revisions left to test after this (roughly 5 steps) [291717b6fbdb175da88ae2144fc58d63a490128d] libnvdimm, of_pmem: workaround OF_NUMA=n build error testing commit 291717b6fbdb175da88ae2144fc58d63a490128d with gcc (GCC) 8.1.0 kernel signature: 421372de85ad18b8b6bc3037a11b60aba291390080542dbb6069b7080016c6f6 all runs: OK # git bisect good 291717b6fbdb175da88ae2144fc58d63a490128d Bisecting: 18 revisions left to test after this (roughly 4 steps) [e13e75b86ef2f88e3a47d672dd4c52a293efb95b] Merge branch 'for-4.17/dax' into libnvdimm-for-next testing commit e13e75b86ef2f88e3a47d672dd4c52a293efb95b with gcc (GCC) 8.1.0 kernel signature: 621a23365b536f525ac3fe224c2e7632416625156d8b5efb8da03e550ff5fadf all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in __generic_file_write_iter # git bisect bad e13e75b86ef2f88e3a47d672dd4c52a293efb95b Bisecting: 5 revisions left to test after this (roughly 3 steps) [5f0663bb4a64f588f0a2dd6d1be68d40f9af0086] ext4, dax: introduce ext4_dax_aops testing commit 5f0663bb4a64f588f0a2dd6d1be68d40f9af0086 with gcc (GCC) 8.1.0 kernel signature: d58e5af089ae50ab8939bf261af9485987b0fe978c3e21382b9c6355b0d701a2 all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in __generic_file_write_iter # git bisect bad 5f0663bb4a64f588f0a2dd6d1be68d40f9af0086 Bisecting: 2 revisions left to test after this (roughly 1 step) [f44c77630d26ca2c2a60b20c47dd9ce07c4361b3] fs, dax: prepare for dax-specific address_space_operations testing commit f44c77630d26ca2c2a60b20c47dd9ce07c4361b3 with gcc (GCC) 8.1.0 kernel signature: 1427381ca72841a0c7f8d088b0840d5e094518d1376d938038d10976cb21fb4e all runs: OK # git bisect good f44c77630d26ca2c2a60b20c47dd9ce07c4361b3 Bisecting: 0 revisions left to test after this (roughly 1 step) [6e2608dfd93464bb26ba868b301ad5336c8c1df8] xfs, dax: introduce xfs_dax_aops testing commit 6e2608dfd93464bb26ba868b301ad5336c8c1df8 with gcc (GCC) 8.1.0 kernel signature: ba710c5e9f63816204acbf49a19c387662d11b952ab42cff9e48a6a88fde4116 all runs: OK # git bisect good 6e2608dfd93464bb26ba868b301ad5336c8c1df8 5f0663bb4a64f588f0a2dd6d1be68d40f9af0086 is the first bad commit commit 5f0663bb4a64f588f0a2dd6d1be68d40f9af0086 Author: Dan Williams Date: Thu Dec 21 12:25:11 2017 -0800 ext4, dax: introduce ext4_dax_aops In preparation for the dax implementation to start associating dax pages to inodes via page->mapping, we need to provide a 'struct address_space_operations' instance for dax. Otherwise, direct-I/O triggers incorrect page cache assumptions and warnings. Cc: "Theodore Ts'o" Cc: Andreas Dilger Cc: linux-ext4@vger.kernel.org Reviewed-by: Jan Kara Signed-off-by: Dan Williams fs/ext4/inode.c | 42 +++++++++++++++++++++++++++++++----------- 1 file changed, 31 insertions(+), 11 deletions(-) culprit signature: d58e5af089ae50ab8939bf261af9485987b0fe978c3e21382b9c6355b0d701a2 parent signature: ba710c5e9f63816204acbf49a19c387662d11b952ab42cff9e48a6a88fde4116 revisions tested: 26, total time: 4h55m38.447543319s (build: 2h31m4.08779586s, test: 2h22m28.111591165s) first bad commit: 5f0663bb4a64f588f0a2dd6d1be68d40f9af0086 ext4, dax: introduce ext4_dax_aops cc: ["adilger.kernel@dilger.ca" "dan.j.williams@intel.com" "jack@suse.cz" "linux-ext4@vger.kernel.org" "linux-kernel@vger.kernel.org" "tytso@mit.edu"] crash: BUG: unable to handle kernel NULL pointer dereference in __generic_file_write_iter EXT4-fs (sda1): re-mounted. Opts: dax, EXT4-fs (sda1): DAX enabled. Warning: EXPERIMENTAL, use at your own risk EXT4-fs: 380 callbacks suppressed EXT4-fs (sda1): DAX enabled. Warning: EXPERIMENTAL, use at your own risk EXT4-fs (sda1): warning: refusing change of dax flag with busy inodes while remounting BUG: unable to handle kernel NULL pointer dereference at 0000000000000000 EXT4-fs (sda1): re-mounted. Opts: dax, IP: (null) PGD 8ea1b067 P4D 8ea1b067 PUD 9beaa067 PMD 0 Oops: 0010 [#1] PREEMPT SMP KASAN Modules linked in: CPU: 1 PID: 14920 Comm: syz-executor.3 Not tainted 4.16.0-rc4-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010: (null) RSP: 0018:ffff88009da97968 EFLAGS: 00010246 RAX: ffffffff86f738e0 RBX: 0000000000000001 RCX: 0000000000000001 RDX: 0000000000000000 RSI: ffff880076df28f8 RDI: ffff88008aaf3500 RBP: ffff88009da97aa0 R08: 0000000000000000 R09: ffff88009da979f8 R10: ffff880072548a70 R11: 0000000000000001 R12: 0000000000000000 R13: ffff88009da97a78 R14: ffff880076df28f8 R15: ffff880072548140 FS: 00007f133a935700(0000) GS:ffff8800aed00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000000 CR3: 0000000098ff4000 CR4: 00000000001406e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: __generic_file_write_iter+0x201/0x580 mm/filemap.c:3263 ext4_file_write_iter+0x295/0xfd0 fs/ext4/file.c:266 call_write_iter include/linux/fs.h:1781 [inline] new_sync_write fs/read_write.c:469 [inline] __vfs_write+0x42d/0x860 fs/read_write.c:482 vfs_write+0x150/0x4f0 fs/read_write.c:544 SYSC_write fs/read_write.c:589 [inline] SyS_write+0xcd/0x1b0 fs/read_write.c:581 do_syscall_64+0x1c7/0x690 arch/x86/entry/common.c:287 entry_SYSCALL_64_after_hwframe+0x42/0xb7 RIP: 0033:0x45c889 RSP: 002b:00007f133a934c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 00007f133a9356d4 RCX: 000000000045c889 RDX: 0000000000000001 RSI: 0000000020000080 RDI: 0000000000000003 RBP: 000000000076bf00 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff R13: 0000000000000cdc R14: 00000000004cf042 R15: 000000000076bf0c Code: Bad RIP value. RIP: (null) RSP: ffff88009da97968 CR2: 0000000000000000 EXT4-fs (sda1): DAX enabled. Warning: EXPERIMENTAL, use at your own risk ---[ end trace 4923fd02a42209f8 ]--- EXT4-fs (sda1): warning: refusing change of dax flag with busy inodes while remounting