bisecting cause commit starting from 0457e5153e0e8420134f60921349099e907264ca building syzkaller on a7dab6385c1d95547a88e22577fb56fbcd5c37eb testing commit 0457e5153e0e8420134f60921349099e907264ca compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: aa8b88b84d3bf91f7f885a4c59cc9e484383098b50930f92c534fad96cf3cdee run #0: basic kernel testing failed: BUG: program execution failed: executor NUM: exit status NUM run #1: crashed: general protection fault in ext4_fill_super run #2: crashed: general protection fault in ext4_fill_super run #3: crashed: general protection fault in ext4_fill_super run #4: crashed: general protection fault in ext4_fill_super run #5: crashed: general protection fault in ext4_fill_super run #6: crashed: general protection fault in ext4_fill_super run #7: crashed: general protection fault in ext4_fill_super run #8: crashed: general protection fault in ext4_fill_super run #9: crashed: general protection fault in ext4_fill_super run #10: crashed: general protection fault in ext4_fill_super run #11: crashed: general protection fault in ext4_fill_super run #12: crashed: general protection fault in ext4_fill_super run #13: crashed: general protection fault in ext4_fill_super run #14: crashed: general protection fault in ext4_fill_super run #15: crashed: general protection fault in ext4_fill_super run #16: crashed: general protection fault in ext4_fill_super run #17: crashed: general protection fault in ext4_fill_super run #18: crashed: general protection fault in ext4_fill_super run #19: crashed: general protection fault in ext4_fill_super testing release v5.16 testing commit df0cc57e057f18e44dac8e6c18aba47ab53202f9 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 9a62145d11d56479d620b59e4ed976fd3866a0517d4fab5a5346421482d858bc all runs: OK # git bisect start 0457e5153e0e8420134f60921349099e907264ca df0cc57e057f18e44dac8e6c18aba47ab53202f9 Bisecting: 6288 revisions left to test after this (roughly 13 steps) [d601e58c5f2901783428bc1181e83ff783592b6b] Merge tag 'for-5.17-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux testing commit d601e58c5f2901783428bc1181e83ff783592b6b compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 258309d3f9a0d819142236ffb545ea924336d0e793a5cf9d81a17e78aecec0fe run #0: basic kernel testing failed: BUG: program execution failed: executor NUM: exit status NUM run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect good d601e58c5f2901783428bc1181e83ff783592b6b Bisecting: 2966 revisions left to test after this (roughly 12 steps) [3bad80dab94a16c9b7991105e3bffd5fe5957e9a] Merge tag 'char-misc-5.17-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc testing commit 3bad80dab94a16c9b7991105e3bffd5fe5957e9a compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 8e602dc57a17f977f3f2645190e47f16dcaddd1796421a947eae47d01c8ade6f all runs: crashed: general protection fault in ext4_fill_super # git bisect bad 3bad80dab94a16c9b7991105e3bffd5fe5957e9a Bisecting: 1712 revisions left to test after this (roughly 11 steps) [d9b5941bb5933932051e315de18a43db7d3c9e13] Merge tag 'leds-5.17-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/pavel/linux-leds testing commit d9b5941bb5933932051e315de18a43db7d3c9e13 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 660600b6b84ad80532c093107d6a28c3d95c8405635cc1e8644a161a48dedd4d all runs: crashed: general protection fault in ext4_fill_super # git bisect bad d9b5941bb5933932051e315de18a43db7d3c9e13 Bisecting: 696 revisions left to test after this (roughly 10 steps) [22ef12195e13c5ec58320dbf99ef85059a2c0820] Merge tag 'staging-5.17-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging testing commit 22ef12195e13c5ec58320dbf99ef85059a2c0820 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 9f4889944d7e7a9e49081beea2dfc08778ec8f7b42ecab4a4ae553183b3c35eb all runs: crashed: general protection fault in ext4_fill_super # git bisect bad 22ef12195e13c5ec58320dbf99ef85059a2c0820 Bisecting: 458 revisions left to test after this (roughly 9 steps) [2ab9c9675fe892e7fe9fa8c0a6125e2b40d2889d] Merge tag 'media/v5.17-2' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media testing commit 2ab9c9675fe892e7fe9fa8c0a6125e2b40d2889d compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 52d4a53c7ebd6c0c0446d15ad55ff601dd5eccf9ed84874d5571b5e9f7e9dca1 all runs: crashed: general protection fault in ext4_fill_super # git bisect bad 2ab9c9675fe892e7fe9fa8c0a6125e2b40d2889d Bisecting: 225 revisions left to test after this (roughly 8 steps) [daadb3bd0e8d3e317e36bc2c1542e86c528665e5] Merge tag 'locking_core_for_v5.17_rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip testing commit daadb3bd0e8d3e317e36bc2c1542e86c528665e5 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 54a908de58694bd8ad3ce97d701c56b981aea72906efeb901a6deb7ca741f353 all runs: crashed: general protection fault in ext4_fill_super # git bisect bad daadb3bd0e8d3e317e36bc2c1542e86c528665e5 Bisecting: 111 revisions left to test after this (roughly 7 steps) [5672cdfba4fefd6178b6c4078cb1bb7bf6ce0573] Merge tag 'for-linus-5.17-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/rw/ubifs testing commit 5672cdfba4fefd6178b6c4078cb1bb7bf6ce0573 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 5972faf45ba32dd70f00861581c769de16abfdc0b2f72e38a24bb3b3715fadd5 all runs: crashed: general protection fault in ext4_fill_super # git bisect bad 5672cdfba4fefd6178b6c4078cb1bb7bf6ce0573 Bisecting: 50 revisions left to test after this (roughly 6 steps) [1dbfae0113f1423b42c304989a3cc8a7dd0ea53e] Merge tag 'ext4_for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4 testing commit 1dbfae0113f1423b42c304989a3cc8a7dd0ea53e compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: eee093e91d97250d9aad510257072720740466ac49db134abb0482d864073d11 run #0: basic kernel testing failed: BUG: program execution failed: executor NUM: exit status NUM run #1: crashed: general protection fault in ext4_fill_super run #2: crashed: general protection fault in ext4_fill_super run #3: crashed: general protection fault in ext4_fill_super run #4: crashed: general protection fault in ext4_fill_super run #5: crashed: general protection fault in ext4_fill_super run #6: crashed: general protection fault in ext4_fill_super run #7: crashed: general protection fault in ext4_fill_super run #8: crashed: general protection fault in ext4_fill_super run #9: crashed: general protection fault in ext4_fill_super # git bisect bad 1dbfae0113f1423b42c304989a3cc8a7dd0ea53e Bisecting: 31 revisions left to test after this (roughly 5 steps) [5c48a7df91499e371ef725895b2e2d21a126e227] ext4: fix an use-after-free issue about data=journal writeback mode testing commit 5c48a7df91499e371ef725895b2e2d21a126e227 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: bfd4661a2fd98d8aa1873738f4b27251000673ead7d81bb81b642c036c070208 all runs: crashed: general protection fault in ext4_fill_super # git bisect bad 5c48a7df91499e371ef725895b2e2d21a126e227 Bisecting: 15 revisions left to test after this (roughly 4 steps) [960e0ab63b2e5d8476bc873743f812e9e90cd047] ext4: fix i_version handling on remount testing commit 960e0ab63b2e5d8476bc873743f812e9e90cd047 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 93b139b26e66b67b327815fb612868f1b6d4444abfc003cc2e8442e03e9c5fc4 run #0: basic kernel testing failed: BUG: program execution failed: executor NUM: exit status NUM run #1: crashed: general protection fault in ext4_fill_super run #2: crashed: general protection fault in ext4_fill_super run #3: crashed: general protection fault in ext4_fill_super run #4: crashed: general protection fault in ext4_fill_super run #5: crashed: general protection fault in ext4_fill_super run #6: crashed: general protection fault in ext4_fill_super run #7: crashed: general protection fault in ext4_fill_super run #8: crashed: general protection fault in ext4_fill_super run #9: crashed: general protection fault in ext4_fill_super # git bisect bad 960e0ab63b2e5d8476bc873743f812e9e90cd047 Bisecting: 7 revisions left to test after this (roughly 3 steps) [6e47a3cc68fc525428297a00524833361ebbb0e9] ext4: get rid of super block and sbi from handle_mount_ops() testing commit 6e47a3cc68fc525428297a00524833361ebbb0e9 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 7c61a4334c129201f045bd7db72df929cd67ee59364c526a0ff04e83deeec44f all runs: OK # git bisect good 6e47a3cc68fc525428297a00524833361ebbb0e9 Bisecting: 3 revisions left to test after this (roughly 2 steps) [cebe85d570cf84804e848332d6721bc9e5300e07] ext4: switch to the new mount api testing commit cebe85d570cf84804e848332d6721bc9e5300e07 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: b6f848f5ffaa5e1359d0b7c7f8632532c0b7aef3e403d81f56aaf8960c206640 all runs: crashed: general protection fault in ext4_fill_super # git bisect bad cebe85d570cf84804e848332d6721bc9e5300e07 Bisecting: 1 revision left to test after this (roughly 1 step) [02f960f8db1cd0aa9c182f8804b2b41ffd2c37b2] ext4: clean up return values in handle_mount_opt() testing commit 02f960f8db1cd0aa9c182f8804b2b41ffd2c37b2 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 4d976241c906d2550ee59045a751e8a40b7a7c9e553246faea496928b0178e39 all runs: OK # git bisect good 02f960f8db1cd0aa9c182f8804b2b41ffd2c37b2 Bisecting: 0 revisions left to test after this (roughly 0 steps) [97d8a670b4531437d5b842cf68dafa6d1a932ddf] ext4: change token2str() to use ext4_param_specs testing commit 97d8a670b4531437d5b842cf68dafa6d1a932ddf compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: d035595adc583443dbed54b2132980b68eb623128fb1716799adb3508bdc5d5c all runs: OK # git bisect good 97d8a670b4531437d5b842cf68dafa6d1a932ddf cebe85d570cf84804e848332d6721bc9e5300e07 is the first bad commit commit cebe85d570cf84804e848332d6721bc9e5300e07 Author: Lukas Czerner Date: Wed Oct 27 16:18:56 2021 +0200 ext4: switch to the new mount api Add the necessary functions for the fs_context_operations. Convert and rename ext4_remount() and ext4_fill_super() to ext4_get_tree() and ext4_reconfigure() respectively and switch the ext4 to use the new api. One user facing change is the fact that we no longer have access to the entire string of mount options provided by mount(2) since the mount api does not store it anywhere. As a result we can't print the options to the log as we did in the past after the successful mount. Signed-off-by: Lukas Czerner Reviewed-by: Carlos Maiolino Link: https://lore.kernel.org/r/20211027141857.33657-13-lczerner@redhat.com Signed-off-by: Theodore Ts'o fs/ext4/super.c | 195 +++++++++++++++++++++++++------------------------------- 1 file changed, 86 insertions(+), 109 deletions(-) culprit signature: b6f848f5ffaa5e1359d0b7c7f8632532c0b7aef3e403d81f56aaf8960c206640 parent signature: d035595adc583443dbed54b2132980b68eb623128fb1716799adb3508bdc5d5c revisions tested: 16, total time: 2h48m20.495514088s (build: 1h48m53.658302247s, test: 58m0.86329347s) first bad commit: cebe85d570cf84804e848332d6721bc9e5300e07 ext4: switch to the new mount api recipients (to): ["cmaiolino@redhat.com" "lczerner@redhat.com" "tytso@mit.edu"] recipients (cc): [] crash: general protection fault in ext4_fill_super RDX: 0000000020000100 RSI: 00000000200000c0 RDI: 0000000020000080 RBP: 00007ffc4b618b90 R08: 0000000000000000 R09: 0000000000003636 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 R13: 00007ffc4b618c30 R14: 00007ffc4b618bf0 R15: 0000000000000001 general protection fault, probably for non-canonical address 0xdffffc0000000012: 0000 [#1] PREEMPT SMP KASAN KASAN: null-ptr-deref in range [0x0000000000000090-0x0000000000000097] CPU: 1 PID: 4070 Comm: syz-executor369 Not tainted 5.16.0-rc4-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:ext4_fill_super+0x2c7/0xccc0 fs/ext4/super.c:5656 Code: 8d be a8 06 00 00 4c 89 b8 f0 00 00 00 e8 d1 b0 84 01 49 8d bf 90 00 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 de 3e 00 00 48 8b 85 e8 fe ff ff 48 8d bb 88 00 RSP: 0018:ffffc900025cfac0 EFLAGS: 00010206 RAX: dffffc0000000000 RBX: ffff88801cd69300 RCX: 0000000000000004 RDX: 0000000000000012 RSI: 000000000000002f RDI: 0000000000000090 RBP: ffffc900025cfd10 R08: 0000000000000dc0 R09: ffffffff8acbdf93 R10: fffffbfff1597bf2 R11: 3e4b5341542f3c20 R12: ffff88801009cd18 R13: ffff8880196724f8 R14: ffff88801d348000 R15: 0000000000000000 FS: 0000555555d493c0(0000) GS:ffff8880b9f00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007ffc4b618b98 CR3: 00000000770b6000 CR4: 00000000003506e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: get_tree_bdev+0x398/0x680 fs/super.c:1295 vfs_get_tree+0x7f/0x2c0 fs/super.c:1500 do_new_mount fs/namespace.c:2988 [inline] path_mount+0x41e/0x1a30 fs/namespace.c:3318 do_mount fs/namespace.c:3331 [inline] __do_sys_mount fs/namespace.c:3539 [inline] __se_sys_mount fs/namespace.c:3516 [inline] __x64_sys_mount+0x1f5/0x260 fs/namespace.c:3516 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7f43c0dd0a39 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ffc4b618b88 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f43c0dd0a39 RDX: 0000000020000100 RSI: 00000000200000c0 RDI: 0000000020000080 RBP: 00007ffc4b618b90 R08: 0000000000000000 R09: 0000000000003636 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 R13: 00007ffc4b618c30 R14: 00007ffc4b618bf0 R15: 0000000000000001 Modules linked in: ---[ end trace 478559488d8a3c49 ]--- RIP: 0010:ext4_fill_super+0x2c7/0xccc0 fs/ext4/super.c:5656 Code: 8d be a8 06 00 00 4c 89 b8 f0 00 00 00 e8 d1 b0 84 01 49 8d bf 90 00 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 de 3e 00 00 48 8b 85 e8 fe ff ff 48 8d bb 88 00 RSP: 0018:ffffc900025cfac0 EFLAGS: 00010206 RAX: dffffc0000000000 RBX: ffff88801cd69300 RCX: 0000000000000004 RDX: 0000000000000012 RSI: 000000000000002f RDI: 0000000000000090 RBP: ffffc900025cfd10 R08: 0000000000000dc0 R09: ffffffff8acbdf93 R10: fffffbfff1597bf2 R11: 3e4b5341542f3c20 R12: ffff88801009cd18 R13: ffff8880196724f8 R14: ffff88801d348000 R15: 0000000000000000 FS: 0000555555d493c0(0000) GS:ffff8880b9f00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007ffc4b618b98 CR3: 00000000770b6000 CR4: 00000000003506e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 ---------------- Code disassembly (best guess): 0: 8d be a8 06 00 00 lea 0x6a8(%rsi),%edi 6: 4c 89 b8 f0 00 00 00 mov %r15,0xf0(%rax) d: e8 d1 b0 84 01 callq 0x184b0e3 12: 49 8d bf 90 00 00 00 lea 0x90(%r15),%rdi 19: 48 b8 00 00 00 00 00 movabs $0xdffffc0000000000,%rax 20: fc ff df 23: 48 89 fa mov %rdi,%rdx 26: 48 c1 ea 03 shr $0x3,%rdx * 2a: 80 3c 02 00 cmpb $0x0,(%rdx,%rax,1) <-- trapping instruction 2e: 0f 85 de 3e 00 00 jne 0x3f12 34: 48 8b 85 e8 fe ff ff mov -0x118(%rbp),%rax 3b: 48 rex.W 3c: 8d .byte 0x8d 3d: bb .byte 0xbb 3e: 88 00 mov %al,(%rax)