ci2 starts bisection 2023-05-20 03:40:34.426099703 +0000 UTC m=+45534.460172030 bisecting cause commit starting from 43c801dc3325b9f07f8869e95ad87b05a9f21eb6 building syzkaller on 9668920024926d5a21c38fbc0d15d403d7c732ac ensuring issue is reproducible on original commit 43c801dc3325b9f07f8869e95ad87b05a9f21eb6 testing commit 43c801dc3325b9f07f8869e95ad87b05a9f21eb6 gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 3128e516965abfa53ab9f95be53c29b921ae0d93bf5c32ca91d2002f9212e65a all runs: crashed: kernel BUG in ext4_expand_extra_isize_ea testing release v5.10.178 testing commit 791a854ae5a5f5988f1291ae91168a149bd5ba57 gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 310f6acb29637763480dee18d387c68c0be1244c11683c33f7c9bd71ab1ca529 all runs: crashed: kernel BUG in ext4_expand_extra_isize_ea testing release v5.10.177 testing commit 387078f9030cf336cd9fef521540db75b61615e0 gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: ba055d636d9e6f311567d3fd85b07d73dabc6f5f060ddaf26460057f22d411fb all runs: crashed: kernel BUG in ext4_expand_extra_isize_ea testing release v5.10.176 testing commit ca9787bdecfa2174b0a169a54916e22b89b0ef5b gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 97ed3d9ba2b8b5f40b8c2fc1b39ba4faed3f84baa034e6869022871204562f0e all runs: crashed: kernel BUG in ext4_expand_extra_isize_ea testing release v5.10.175 testing commit de26e1b2103b1f56451f6ad77f0190c9066c87dc gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: edc7aad8871698db58f6d6cda0973d03866a1a396fc85eadc5e410e5b0aec694 all runs: crashed: kernel BUG in ext4_expand_extra_isize_ea testing release v5.10.174 testing commit 955623617f2f505ac08d0efda2bb50c1a52e2c96 gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 798ee596bb649ec53dc2fd8dc40bd36a280169a9b8c758cd1d36f076d9330767 all runs: crashed: kernel BUG in ext4_expand_extra_isize_ea testing release v5.10.173 testing commit e5f315b55f8e09ac17c968da42f9345f64efcdd2 gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 05f61e593b032d325af2fff035deb39f5d4040eb45c4a64bb9e7dd0ab3765328 all runs: crashed: kernel BUG in ext4_expand_extra_isize_ea testing release v5.10.172 testing commit 9fd42770b50756c08f04b4070ab6572adb2d6e1b gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 5f687f52af070f9147d8a6a9421c8693b0458d099e5b948934c2064219b534fc all runs: OK # git bisect start e5f315b55f8e09ac17c968da42f9345f64efcdd2 9fd42770b50756c08f04b4070ab6572adb2d6e1b Bisecting: 264 revisions left to test after this (roughly 8 steps) [0a2e2674f720836e294523cf165deac9ba3b1425] remoteproc: qcom_q6v5_mss: Use a carveout to authenticate modem headers testing commit 0a2e2674f720836e294523cf165deac9ba3b1425 gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 55ad9f28049d55bfe0e045fb6cc190c94d2cb1ce6d5cd56b76567bdfb4278064 all runs: OK # git bisect good 0a2e2674f720836e294523cf165deac9ba3b1425 Bisecting: 132 revisions left to test after this (roughly 7 steps) [0f2fd21b5b54530f14f75ef11cc62dc7f52dab1b] ARM: dts: exynos: correct TMU phandle in Odroid HC1 testing commit 0f2fd21b5b54530f14f75ef11cc62dc7f52dab1b gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: e25a8f20b4a0a30fc09c3517bfaa869c8588a65a7615ea32368069bc167749ca all runs: crashed: kernel BUG in ext4_expand_extra_isize_ea # git bisect bad 0f2fd21b5b54530f14f75ef11cc62dc7f52dab1b Bisecting: 65 revisions left to test after this (roughly 6 steps) [66b40f8756d2ef55c60a20831fa5ce28ffdb6f03] rtc: pm8xxx: fix set-alarm race testing commit 66b40f8756d2ef55c60a20831fa5ce28ffdb6f03 gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 2976ba352b4895fd18c6c595a9bd1bdd3a64e40682602b0a350925863df95513 all runs: OK # git bisect good 66b40f8756d2ef55c60a20831fa5ce28ffdb6f03 Bisecting: 32 revisions left to test after this (roughly 5 steps) [0a89768b85f010107b8051285379dc88c002715b] x86/microcode/amd: Remove load_microcode_amd()'s bsp parameter testing commit 0a89768b85f010107b8051285379dc88c002715b gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 9a39fb44d81bf3f14c0e5974337c3bb52d2f7a12eeca7057985ef4486655730a all runs: OK # git bisect good 0a89768b85f010107b8051285379dc88c002715b Bisecting: 16 revisions left to test after this (roughly 4 steps) [ae2340769ed3c2a3d3de0fab64b667db6df27744] ALSA: ice1712: Do not left ice->gpio_mutex locked in aureon_add_controls() testing commit ae2340769ed3c2a3d3de0fab64b667db6df27744 gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 644edec2075bddacaf90c08053cc89b810c08660d9cdf357132156b8bdcc9900 all runs: OK # git bisect good ae2340769ed3c2a3d3de0fab64b667db6df27744 Bisecting: 8 revisions left to test after this (roughly 3 steps) [2cfe78619b0de6d2da773978bc2d22797212eaa7] wifi: cfg80211: Fix use after free for wext testing commit 2cfe78619b0de6d2da773978bc2d22797212eaa7 gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 3e082c14d55e7e65f986a4c27fabc5f691a9af4ac1c8cd2fb6370c63fc1bcaa1 all runs: crashed: kernel BUG in ext4_expand_extra_isize_ea # git bisect bad 2cfe78619b0de6d2da773978bc2d22797212eaa7 Bisecting: 3 revisions left to test after this (roughly 2 steps) [0dc0fa313bb4e86382a3e7125429710d44383196] ext4: refuse to create ea block when umounted testing commit 0dc0fa313bb4e86382a3e7125429710d44383196 gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 1ffff98c77c34b28e4e7a815d8e92185a9129e727c00530f4cc922c5e2f9d665 all runs: crashed: kernel BUG in ext4_expand_extra_isize_ea # git bisect bad 0dc0fa313bb4e86382a3e7125429710d44383196 Bisecting: 1 revision left to test after this (roughly 1 step) [ab22799f11e378a37d1c8c4e47e796f84be97a60] jbd2: fix data missing when reusing bh which is ready to be checkpointed testing commit ab22799f11e378a37d1c8c4e47e796f84be97a60 gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 111b1670b76b7a92a977237419c23af25ea2eb9b958b1c373361568f0f74e367 all runs: OK # git bisect good ab22799f11e378a37d1c8c4e47e796f84be97a60 Bisecting: 0 revisions left to test after this (roughly 0 steps) [d738789ae9ec47d3458a008788f3cdc862ebf0cb] ext4: optimize ea_inode block expansion testing commit d738789ae9ec47d3458a008788f3cdc862ebf0cb gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 840404fb8ef6e463efe03fbc29b94ac835809ecd1e0d6d6d550126000173fcb7 all runs: crashed: kernel BUG in ext4_expand_extra_isize_ea # git bisect bad d738789ae9ec47d3458a008788f3cdc862ebf0cb d738789ae9ec47d3458a008788f3cdc862ebf0cb is the first bad commit commit d738789ae9ec47d3458a008788f3cdc862ebf0cb Author: Jun Nie Date: Tue Jan 3 09:45:16 2023 +0800 ext4: optimize ea_inode block expansion commit 1e9d62d252812575ded7c620d8fc67c32ff06c16 upstream. Copy ea data from inode entry when expanding ea block if possible. Then remove the ea entry if expansion success. Thus memcpy to a temporary buffer may be avoided. If the expansion fails, we do not need to recovery the removed ea entry neither in this way. Reported-by: syzbot+2dacb8f015bf1420155f@syzkaller.appspotmail.com Link: https://syzkaller.appspot.com/bug?id=3613786cb88c93aa1c6a279b1df6a7b201347d08 Link: https://lore.kernel.org/r/20230103014517.495275-2-jun.nie@linaro.org Cc: stable@kernel.org Signed-off-by: Jun Nie Signed-off-by: Theodore Ts'o Signed-off-by: Greg Kroah-Hartman fs/ext4/xattr.c | 28 +++++++++++++++++----------- 1 file changed, 17 insertions(+), 11 deletions(-) culprit signature: 840404fb8ef6e463efe03fbc29b94ac835809ecd1e0d6d6d550126000173fcb7 parent signature: 111b1670b76b7a92a977237419c23af25ea2eb9b958b1c373361568f0f74e367 revisions tested: 17, total time: 6h34m38.214815829s (build: 5h0m46.058213733s, test: 1h30m33.753448291s) first bad commit: d738789ae9ec47d3458a008788f3cdc862ebf0cb ext4: optimize ea_inode block expansion recipients (to): ["gregkh@linuxfoundation.org" "jun.nie@linaro.org" "tytso@mit.edu"] recipients (cc): [] crash: kernel BUG in ext4_expand_extra_isize_ea ------------[ cut here ]------------ kernel BUG at mm/slub.c:4118! invalid opcode: 0000 [#1] PREEMPT SMP KASAN CPU: 0 PID: 416 Comm: syz-executor.0 Not tainted 5.10.172-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/28/2023 RIP: 0010:kfree+0x269/0x270 mm/slub.c:305 Code: 08 4c 89 ee 48 89 da e8 a5 8b f5 ff 65 ff 0d aa db 78 7e 0f 85 d2 fd ff ff e8 c2 d5 76 ff e9 c8 fd ff ff e8 89 b4 7a 02 0f 0b <0f> 0b 0f 1f 44 00 00 55 48 89 e5 53 48 83 ec 18 89 f2 65 48 8b 04 RSP: 0018:ffffc900008c79f8 EFLAGS: 00010246 RAX: ffffea00044fda88 RBX: ffff8881073125a4 RCX: ffffea00041cc480 RDX: dffffc0000000000 RSI: ffffffff84bda360 RDI: ffff8881073125a4 RBP: ffffc900008c7a50 R08: dffffc0000000000 R09: fffff52000118ed0 R10: 0000000000000000 R11: dffffc0000000001 R12: 0000000000000020 R13: ffffffff817d9d00 R14: 0000000000000000 R15: ffffea00041cc480 FS: 00007f7876a08700(0000) GS:ffff8881f7200000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000563321356ca0 CR3: 0000000107e3a000 CR4: 00000000003506b0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: kvfree+0x20/0x30 mm/util.c:642 ext4_xattr_move_to_block fs/ext4/xattr.c:2625 [inline] ext4_xattr_make_inode_space fs/ext4/xattr.c:2688 [inline] ext4_expand_extra_isize_ea+0xf47/0x1bc0 fs/ext4/xattr.c:2780 __ext4_expand_extra_isize+0x217/0x360 fs/ext4/inode.c:5893 ext4_try_to_expand_extra_isize fs/ext4/inode.c:5936 [inline] __ext4_mark_inode_dirty+0x334/0x550 fs/ext4/inode.c:6013 __ext4_unlink+0x56c/0x8a0 fs/ext4/namei.c:3296 ext4_unlink+0xfc/0x2a0 fs/ext4/namei.c:3339 vfs_unlink+0x268/0x3e0 fs/namei.c:3839 do_unlinkat+0x365/0x710 fs/namei.c:3904 __do_sys_unlinkat fs/namei.c:3945 [inline] __se_sys_unlinkat fs/namei.c:3938 [inline] __x64_sys_unlinkat+0x97/0xb0 fs/namei.c:3938 do_syscall_64+0x34/0x70 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x61/0xc6 RIP: 0033:0x7f7876e95169 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f7876a08168 EFLAGS: 00000246 ORIG_RAX: 0000000000000107 RAX: ffffffffffffffda RBX: 00007f7876fb4f80 RCX: 00007f7876e95169 RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 RBP: 00007f7876ef0ca1 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffeea74074f R14: 00007f7876a08300 R15: 0000000000022000 Modules linked in: ---[ end trace 2edb7ee0deba0882 ]--- RIP: 0010:kfree+0x269/0x270 mm/slub.c:305 Code: 08 4c 89 ee 48 89 da e8 a5 8b f5 ff 65 ff 0d aa db 78 7e 0f 85 d2 fd ff ff e8 c2 d5 76 ff e9 c8 fd ff ff e8 89 b4 7a 02 0f 0b <0f> 0b 0f 1f 44 00 00 55 48 89 e5 53 48 83 ec 18 89 f2 65 48 8b 04 RSP: 0018:ffffc900008c79f8 EFLAGS: 00010246 RAX: ffffea00044fda88 RBX: ffff8881073125a4 RCX: ffffea00041cc480 RDX: dffffc0000000000 RSI: ffffffff84bda360 RDI: ffff8881073125a4 RBP: ffffc900008c7a50 R08: dffffc0000000000 R09: fffff52000118ed0 R10: 0000000000000000 R11: dffffc0000000001 R12: 0000000000000020 R13: ffffffff817d9d00 R14: 0000000000000000 R15: ffffea00041cc480 FS: 00007f7876a08700(0000) GS:ffff8881f7200000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000563321356ca0 CR3: 0000000107e3a000 CR4: 00000000003506b0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400