ci starts bisection 2023-03-01 03:47:41.374575703 +0000 UTC m=+87587.322463442 bisecting cause commit starting from e492250d5252635b6c97d52eddf2792ec26f1ec1 building syzkaller on 95aee97a7beb71d14db32465bb39b1d650ec6868 ensuring issue is reproducible on original commit e492250d5252635b6c97d52eddf2792ec26f1ec1 testing commit e492250d5252635b6c97d52eddf2792ec26f1ec1 gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 2001fb1e7ad53805cffa827179a64b39a0a508ab413e0668e1b23cec13ae9810 all runs: crashed: possible deadlock in jbd2_log_wait_commit testing release v6.2 testing commit c9c3395d5e3dcc6daee66c6908354d47bf98cb0c gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 577b946f2539a217a8b62ec3f728e0fd2b30c818ef5abb9be0dff37f2719e3c2 all runs: OK # git bisect start e492250d5252635b6c97d52eddf2792ec26f1ec1 c9c3395d5e3dcc6daee66c6908354d47bf98cb0c Bisecting: 6456 revisions left to test after this (roughly 13 steps) [8762069330316392331e693befd8a5b632833618] Merge tag 'scsi-misc' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi testing commit 8762069330316392331e693befd8a5b632833618 gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: b4a99199303cadd7d639fd4a97c3090a2afc53738c76d820a61d8edd0071b9e5 all runs: OK # git bisect good 8762069330316392331e693befd8a5b632833618 Bisecting: 3313 revisions left to test after this (roughly 12 steps) [17cd4d6f05087ea1ae5c1416ef260e5b7fc5d5c9] Merge tag 'tty-6.3-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty testing commit 17cd4d6f05087ea1ae5c1416ef260e5b7fc5d5c9 gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 2c9a93e7ad1e4581285bafa43ded4844e2fe2e1da90e000ae9928269a308cd2b all runs: OK # git bisect good 17cd4d6f05087ea1ae5c1416ef260e5b7fc5d5c9 Bisecting: 1816 revisions left to test after this (roughly 11 steps) [01687e7c935ef70eca69ea2d468020bc93e898dc] Merge tag 'riscv-for-linus-6.3-mw1' of git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux testing commit 01687e7c935ef70eca69ea2d468020bc93e898dc gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: d9509896d959b55f5e32921152ae2a1d1be1be1c5a8734cd8fb390263e4ea309 all runs: OK # git bisect good 01687e7c935ef70eca69ea2d468020bc93e898dc Bisecting: 924 revisions left to test after this (roughly 10 steps) [d4563201f33a022fc0353033d9dfeb1606a88330] Documentation: simplify and clarify DCO contribution example language testing commit d4563201f33a022fc0353033d9dfeb1606a88330 gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 72070eb1aa51cb93edebd55769492a527bb5cc0c5cbb6fb335a6d3024b89562d all runs: OK # git bisect good d4563201f33a022fc0353033d9dfeb1606a88330 Bisecting: 458 revisions left to test after this (roughly 9 steps) [f3a2439f20d918930cc4ae8f76fe1c1afd26958f] Merge tag 'rproc-v6.3' of git://git.kernel.org/pub/scm/linux/kernel/git/remoteproc/linux testing commit f3a2439f20d918930cc4ae8f76fe1c1afd26958f gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: eed32167785850d393006cf0dd9e3a8ba0880d34242c405a16f091c96f5d31fd all runs: OK # git bisect good f3a2439f20d918930cc4ae8f76fe1c1afd26958f Bisecting: 192 revisions left to test after this (roughly 8 steps) [11c70529983e8136ea1bd5c32e4f9cd14503c644] Merge tag 'soc-drivers-6.3' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc testing commit 11c70529983e8136ea1bd5c32e4f9cd14503c644 gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 03c4dd60f8a3a39e0b216c9301499f4c948f4ce171447444c4080d67d0d22d68 all runs: OK # git bisect good 11c70529983e8136ea1bd5c32e4f9cd14503c644 Bisecting: 111 revisions left to test after this (roughly 7 steps) [ddf1eca4fc5a4038cb323306f51fbba34ce3f4d2] f2fs: drop unnecessary arg for f2fs_ioc_*() testing commit ddf1eca4fc5a4038cb323306f51fbba34ce3f4d2 gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 4b61b8e89830fb144b83cfa691795ba7e2f6c93e7d3d5edd062f8c487fca7bee all runs: OK # git bisect good ddf1eca4fc5a4038cb323306f51fbba34ce3f4d2 Bisecting: 54 revisions left to test after this (roughly 6 steps) [4db692d68256d860c9d35140b1de7324b432082b] Merge tag 'wireless-2023-02-27' of git://git.kernel.org/pub/scm/linux/kernel/git/wireless/wireless testing commit 4db692d68256d860c9d35140b1de7324b432082b gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 81a3ebb280b0731587e7db66abe426016f61f52da51f8ee6fc44d13b35261f52 all runs: OK # git bisect good 4db692d68256d860c9d35140b1de7324b432082b Bisecting: 30 revisions left to test after this (roughly 5 steps) [ae3419fbac845b4d3f3a9fae4cc80c68d82cdf6e] vc_screen: don't clobber return value in vcs_read testing commit ae3419fbac845b4d3f3a9fae4cc80c68d82cdf6e gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: cf4ab8c3836f6d11fb6d60327b4823fd27219db3cf61f2b4ab0226bec9919fdd all runs: OK # git bisect good ae3419fbac845b4d3f3a9fae4cc80c68d82cdf6e Bisecting: 15 revisions left to test after this (roughly 4 steps) [172e344e6f82dc266cb65a69f4bed03428ea8a05] ext4: init error handle resource before init group descriptors testing commit 172e344e6f82dc266cb65a69f4bed03428ea8a05 gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: f801eba6c470b25f24d7c11770ae248dd5b83b4b82c7e442eb52e638d75e4d4d all runs: OK # git bisect good 172e344e6f82dc266cb65a69f4bed03428ea8a05 Bisecting: 7 revisions left to test after this (roughly 3 steps) [860793bbdcdfbeae684d552ce0121846cffc4803] pwm: iqs620a: Replace one remaining instance of regmap_update_bits() testing commit 860793bbdcdfbeae684d552ce0121846cffc4803 gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: ab3101ffbbd10effdd3dd0984f5ffeab58ec9d9e2cceabdfb3127065829dc9c1 all runs: OK # git bisect good 860793bbdcdfbeae684d552ce0121846cffc4803 Bisecting: 3 revisions left to test after this (roughly 2 steps) [cf70d01a62c712ee715df1f7892b58c77474bcfb] pwm: dwc: Use devm_pwmchip_add() testing commit cf70d01a62c712ee715df1f7892b58c77474bcfb gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 7fa77957a1222a82d088141cae4f8a13b9226c5beb0f2a1e5bc7b7614c77ee33 all runs: OK # git bisect good cf70d01a62c712ee715df1f7892b58c77474bcfb Bisecting: 1 revision left to test after this (roughly 1 step) [e3645d72f8865ffe36f9dc811540d40aa3c848d3] ext4: fix incorrect options show of original mount_opt and extend mount_opt2 testing commit e3645d72f8865ffe36f9dc811540d40aa3c848d3 gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 0ce7f4e496e831d968e542c2722837fe686edc011f9b92855c73ea82488a2719 all runs: crashed: possible deadlock in jbd2_log_wait_commit # git bisect bad e3645d72f8865ffe36f9dc811540d40aa3c848d3 Bisecting: 0 revisions left to test after this (roughly 0 steps) [0813299c586b175d7edb25f56412c54b812d0379] ext4: Fix possible corruption when moving a directory testing commit 0813299c586b175d7edb25f56412c54b812d0379 gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 9724aa94c403243329fffd9f9f5092e49c604806ea4eba7e7128945786830372 all runs: crashed: possible deadlock in jbd2_log_wait_commit # git bisect bad 0813299c586b175d7edb25f56412c54b812d0379 0813299c586b175d7edb25f56412c54b812d0379 is the first bad commit commit 0813299c586b175d7edb25f56412c54b812d0379 Author: Jan Kara Date: Thu Jan 26 12:22:21 2023 +0100 ext4: Fix possible corruption when moving a directory When we are renaming a directory to a different directory, we need to update '..' entry in the moved directory. However nothing prevents moved directory from being modified and even converted from the inline format to the normal format. When such race happens the rename code gets confused and we crash. Fix the problem by locking the moved directory. CC: stable@vger.kernel.org Fixes: 32f7f22c0b52 ("ext4: let ext4_rename handle inline dir") Signed-off-by: Jan Kara Link: https://lore.kernel.org/r/20230126112221.11866-1-jack@suse.cz Signed-off-by: Theodore Ts'o fs/ext4/namei.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) culprit signature: 9724aa94c403243329fffd9f9f5092e49c604806ea4eba7e7128945786830372 parent signature: f801eba6c470b25f24d7c11770ae248dd5b83b4b82c7e442eb52e638d75e4d4d revisions tested: 16, total time: 6h19m59.659922682s (build: 3h39m58.547117245s, test: 2h37m38.291542406s) first bad commit: 0813299c586b175d7edb25f56412c54b812d0379 ext4: Fix possible corruption when moving a directory recipients (to): ["jack@suse.cz" "tytso@mit.edu"] recipients (cc): [] crash: possible deadlock in jbd2_log_wait_commit ====================================================== WARNING: possible circular locking dependency detected 6.2.0-rc5-syzkaller #0 Not tainted ------------------------------------------------------ syz-executor.0/5570 is trying to acquire lock: ffff88814b628990 (jbd2_handle){++++}-{0:0}, at: jbd2_log_wait_commit+0x122/0x400 fs/jbd2/journal.c:693 but task is already holding lock: ffff888073785440 (&type->i_mutex_dir_key#3/4){+.+.}-{3:3}, at: inode_lock_nested include/linux/fs.h:791 [inline] ffff888073785440 (&type->i_mutex_dir_key#3/4){+.+.}-{3:3}, at: ext4_rename fs/ext4/namei.c:3879 [inline] ffff888073785440 (&type->i_mutex_dir_key#3/4){+.+.}-{3:3}, at: ext4_rename2+0x1e53/0x3a10 fs/ext4/namei.c:4193 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #1 (&type->i_mutex_dir_key#3/4){+.+.}-{3:3}: lock_acquire+0x235/0x630 kernel/locking/lockdep.c:5668 down_write_nested+0x3d/0x60 kernel/locking/rwsem.c:1672 inode_lock_nested include/linux/fs.h:791 [inline] ext4_rename fs/ext4/namei.c:3879 [inline] ext4_rename2+0x1e53/0x3a10 fs/ext4/namei.c:4193 vfs_rename+0x975/0xdb0 fs/namei.c:4779 do_renameat2+0x896/0x1120 fs/namei.c:4930 __do_sys_renameat2 fs/namei.c:4963 [inline] __se_sys_renameat2 fs/namei.c:4960 [inline] __x64_sys_renameat2+0xcd/0xe0 fs/namei.c:4960 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd -> #0 (jbd2_handle){++++}-{0:0}: check_prev_add kernel/locking/lockdep.c:3097 [inline] check_prevs_add kernel/locking/lockdep.c:3216 [inline] validate_chain+0x166b/0x58e0 kernel/locking/lockdep.c:3831 __lock_acquire+0x125b/0x1f80 kernel/locking/lockdep.c:5055 lock_acquire+0x235/0x630 kernel/locking/lockdep.c:5668 jbd2_log_wait_commit+0x142/0x400 fs/jbd2/journal.c:693 jbd2_journal_stop+0x6d1/0xc50 fs/jbd2/transaction.c:1959 __ext4_journal_stop+0xee/0x150 fs/ext4/ext4_jbd2.c:133 ext4_rename fs/ext4/namei.c:4011 [inline] ext4_rename2+0x22b5/0x3a10 fs/ext4/namei.c:4193 vfs_rename+0x975/0xdb0 fs/namei.c:4779 do_renameat2+0x896/0x1120 fs/namei.c:4930 __do_sys_renameat2 fs/namei.c:4963 [inline] __se_sys_renameat2 fs/namei.c:4960 [inline] __x64_sys_renameat2+0xcd/0xe0 fs/namei.c:4960 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd other info that might help us debug this: Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(&type->i_mutex_dir_key#3/4); lock(jbd2_handle); lock(&type->i_mutex_dir_key#3/4); lock(jbd2_handle); *** DEADLOCK *** 5 locks held by syz-executor.0/5570: #0: ffff88814b624460 (sb_writers#4){.+.+}-{0:0}, at: mnt_want_write+0x3a/0x70 fs/namespace.c:508 #1: ffff88814b624748 (&type->s_vfs_rename_key){+.+.}-{3:3}, at: lock_rename+0x53/0x180 fs/namei.c:2994 #2: ffff888073780e08 (&type->i_mutex_dir_key#3/1){+.+.}-{3:3}, at: lock_rename+0x12c/0x180 #3: ffff888073784a38 (&type->i_mutex_dir_key#3/2){+.+.}-{3:3}, at: lock_rename+0x15b/0x180 #4: ffff888073785440 (&type->i_mutex_dir_key#3/4){+.+.}-{3:3}, at: inode_lock_nested include/linux/fs.h:791 [inline] #4: ffff888073785440 (&type->i_mutex_dir_key#3/4){+.+.}-{3:3}, at: ext4_rename fs/ext4/namei.c:3879 [inline] #4: ffff888073785440 (&type->i_mutex_dir_key#3/4){+.+.}-{3:3}, at: ext4_rename2+0x1e53/0x3a10 fs/ext4/namei.c:4193 stack backtrace: CPU: 0 PID: 5570 Comm: syz-executor.0 Not tainted 6.2.0-rc5-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/16/2023 Call Trace: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x167/0x220 lib/dump_stack.c:106 check_noncircular+0x2fe/0x3b0 kernel/locking/lockdep.c:2177 check_prev_add kernel/locking/lockdep.c:3097 [inline] check_prevs_add kernel/locking/lockdep.c:3216 [inline] validate_chain+0x166b/0x58e0 kernel/locking/lockdep.c:3831 __lock_acquire+0x125b/0x1f80 kernel/locking/lockdep.c:5055 lock_acquire+0x235/0x630 kernel/locking/lockdep.c:5668 jbd2_log_wait_commit+0x142/0x400 fs/jbd2/journal.c:693 jbd2_journal_stop+0x6d1/0xc50 fs/jbd2/transaction.c:1959 __ext4_journal_stop+0xee/0x150 fs/ext4/ext4_jbd2.c:133 ext4_rename fs/ext4/namei.c:4011 [inline] ext4_rename2+0x22b5/0x3a10 fs/ext4/namei.c:4193 vfs_rename+0x975/0xdb0 fs/namei.c:4779 do_renameat2+0x896/0x1120 fs/namei.c:4930 __do_sys_renameat2 fs/namei.c:4963 [inline] __se_sys_renameat2 fs/namei.c:4960 [inline] __x64_sys_renameat2+0xcd/0xe0 fs/namei.c:4960 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd RIP: 0033:0x7f0001a8c0f9 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f000278e168 EFLAGS: 00000246 ORIG_RAX: 000000000000013c RAX: ffffffffffffffda RBX: 00007f0001babf80 RCX: 00007f0001a8c0f9 RDX: 0000000000000004 RSI: 0000000020000140 RDI: 0000000000000004 RBP: 00007f0001ae7ae9 R08: 0000000000000004 R09: 0000000000000000 R10: 00000000200002c0 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffd6780d0ff R14: 00007f000278e300 R15: 0000000000022000