ci2 starts bisection 2024-10-05 04:54:28.573230954 +0000 UTC m=+137356.154081465 bisecting fixing commit since a507f147e6f06e86b7649b46bc1d3caa34b196d6 building syzkaller on fb427a0782000106c62de76d251e5a02de5406a9 ensuring issue is reproducible on original commit a507f147e6f06e86b7649b46bc1d3caa34b196d6 testing commit a507f147e6f06e86b7649b46bc1d3caa34b196d6 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: af53d2730a8cb6bd93a5358c3fb6d8d2dac5dc79eb55c5e649504af9b034192c all runs: crashed: INFO: task hung in ext4_quota_write representative crash: INFO: task hung in ext4_quota_write, types: [HANG] check whether we can drop unnecessary instrumentation disabling configs for [KASAN LOCKDEP ATOMIC_SLEEP LEAK UBSAN BUG], they are not needed testing commit a507f147e6f06e86b7649b46bc1d3caa34b196d6 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 4dcf66917854394a1d752b71bdb40623b687e2cffad707db6e08f29b4face45d all runs: crashed: INFO: task hung in ext4_quota_write representative crash: INFO: task hung in ext4_quota_write, types: [HANG] the bug reproduces without the instrumentation disabling configs for [ATOMIC_SLEEP LEAK UBSAN BUG KASAN LOCKDEP], they are not needed kconfig minimization: base=3824 full=7526 leaves diff=1995 split chunks (needed=false): <1995> split chunk #0 of len 1995 into 5 parts testing without sub-chunk 1/5 disabling configs for [LEAK UBSAN BUG KASAN LOCKDEP ATOMIC_SLEEP], they are not needed testing commit a507f147e6f06e86b7649b46bc1d3caa34b196d6 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: f7619c89154970d907771d84ad475ddf7a0c4a66c4bae594e29b4f829e0b02b3 all runs: crashed: INFO: task hung in ext4_quota_write representative crash: INFO: task hung in ext4_quota_write, types: [HANG] the chunk can be dropped testing without sub-chunk 2/5 disabling configs for [KASAN LOCKDEP ATOMIC_SLEEP LEAK UBSAN BUG], they are not needed testing commit a507f147e6f06e86b7649b46bc1d3caa34b196d6 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 1d5c0004b950588f83b7fac5f71172d35507bf39df34d3bd64aedee343a9b295 all runs: crashed: INFO: task hung in ext4_quota_write representative crash: INFO: task hung in ext4_quota_write, types: [HANG] the chunk can be dropped testing without sub-chunk 3/5 disabling configs for [UBSAN BUG KASAN LOCKDEP ATOMIC_SLEEP LEAK], they are not needed testing commit a507f147e6f06e86b7649b46bc1d3caa34b196d6 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 0bc6b760f9cda64bb3b13be579888f9be2b5e6cff67cc3b56a19b8744586f717 all runs: crashed: INFO: task hung in ext4_quota_write representative crash: INFO: task hung in ext4_quota_write, types: [HANG] the chunk can be dropped testing without sub-chunk 4/5 disabling configs for [LOCKDEP ATOMIC_SLEEP LEAK UBSAN BUG KASAN], they are not needed testing commit a507f147e6f06e86b7649b46bc1d3caa34b196d6 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 076826d2f80abb33508a7f7c6b530ca27920ab64256334d5a98f8e336d64ca51 all runs: crashed: INFO: task hung in ext4_quota_write representative crash: INFO: task hung in ext4_quota_write, types: [HANG] the chunk can be dropped testing without sub-chunk 5/5 disabling configs for [ATOMIC_SLEEP LEAK UBSAN BUG KASAN LOCKDEP], they are not needed testing commit a507f147e6f06e86b7649b46bc1d3caa34b196d6 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 646d6b6c20dbedbbd65afe74f367f946fbe8cad24ba4edbdae7a7c823ceff135 all runs: crashed: INFO: task hung in ext4_quota_write representative crash: INFO: task hung in ext4_quota_write, types: [HANG] the chunk can be dropped disabling configs for [ATOMIC_SLEEP LEAK UBSAN BUG KASAN LOCKDEP], they are not needed testing current HEAD aa4cd140bba57b7064b4c7a7141bebd336d32087 testing commit aa4cd140bba57b7064b4c7a7141bebd336d32087 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 846f63459ebf0bea84f91913bcfea96939f3cfe211b1733915adff8d8f76fea1 all runs: OK false negative chance: 0.000 # git bisect start aa4cd140bba57b7064b4c7a7141bebd336d32087 a507f147e6f06e86b7649b46bc1d3caa34b196d6 Bisecting: 3187 revisions left to test after this (roughly 12 steps) [909ba1f1b4146de529469910c1bd0b1248964536] Linux 6.1.90 determine whether the revision contains the guilty commit revision a507f147e6f06e86b7649b46bc1d3caa34b196d6 crashed and is reachable testing commit 909ba1f1b4146de529469910c1bd0b1248964536 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 3bf482f68826802fcf1ddb190e1f1b63e92b87de768f9f87138b5291d28ba81b all runs: crashed: INFO: task hung in ext4_quota_write representative crash: INFO: task hung in ext4_quota_write, types: [HANG] # git bisect good 909ba1f1b4146de529469910c1bd0b1248964536 Bisecting: 1594 revisions left to test after this (roughly 11 steps) [79b4be70d5a160969b805f638ac5b4efd0aac7a3] s390/sclp: Fix sclp_init() cleanup on failure determine whether the revision contains the guilty commit revision 909ba1f1b4146de529469910c1bd0b1248964536 crashed and is reachable testing commit 79b4be70d5a160969b805f638ac5b4efd0aac7a3 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 2b0040072dbbc02e2af14e460fa8b064e43795a08e45b90c09017b78060c9c39 all runs: crashed: INFO: task hung in ext4_quota_write representative crash: INFO: task hung in ext4_quota_write, types: [HANG] # git bisect good 79b4be70d5a160969b805f638ac5b4efd0aac7a3 Bisecting: 797 revisions left to test after this (roughly 10 steps) [b8a50877f68efdcc0be3fcc5116e00c31b90e45b] fs/netfs/fscache_cookie: add missing "n_accesses" check determine whether the revision contains the guilty commit revision 909ba1f1b4146de529469910c1bd0b1248964536 crashed and is reachable testing commit b8a50877f68efdcc0be3fcc5116e00c31b90e45b gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 30f68beee57dc533b13dcb1676172a3209fc7f24c72c28ba60eba9026df2e51b all runs: crashed: INFO: task hung in ext4_quota_write representative crash: INFO: task hung in ext4_quota_write, types: [HANG] # git bisect good b8a50877f68efdcc0be3fcc5116e00c31b90e45b Bisecting: 398 revisions left to test after this (roughly 9 steps) [753427d8e4605c75933fbb38f8bea3e806b8a9a2] selftests: mptcp: join: no extra msg if no counter determine whether the revision contains the guilty commit revision a507f147e6f06e86b7649b46bc1d3caa34b196d6 crashed and is reachable testing commit 753427d8e4605c75933fbb38f8bea3e806b8a9a2 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 621d4a43a261f6acf6ad3d09efb8d1c8c20913a6a25dc6896c8473f29c67cdd3 all runs: OK false negative chance: 0.000 # git bisect bad 753427d8e4605c75933fbb38f8bea3e806b8a9a2 Bisecting: 199 revisions left to test after this (roughly 8 steps) [a23c49a5ea13edbb1a321a229f7f85a882a48e32] Bluetooth: SMP: Fix assumption of Central always being Initiator determine whether the revision contains the guilty commit revision 79b4be70d5a160969b805f638ac5b4efd0aac7a3 crashed and is reachable testing commit a23c49a5ea13edbb1a321a229f7f85a882a48e32 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 4c34d09101d735c43a21cd70fc27a7bd85325be4f98e8b156b01f4e680d87efb all runs: OK false negative chance: 0.000 # git bisect bad a23c49a5ea13edbb1a321a229f7f85a882a48e32 Bisecting: 99 revisions left to test after this (roughly 7 steps) [e5d961bff417ac8504d16ef9142d5e2da950724c] s390/smp,mcck: fix early IPI handling determine whether the revision contains the guilty commit revision a507f147e6f06e86b7649b46bc1d3caa34b196d6 crashed and is reachable testing commit e5d961bff417ac8504d16ef9142d5e2da950724c gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 7c358fb88487e8701b8298823307887d143decb49df8d41d52b01a033d2e53d4 all runs: OK false negative chance: 0.000 # git bisect bad e5d961bff417ac8504d16ef9142d5e2da950724c Bisecting: 49 revisions left to test after this (roughly 6 steps) [eea40d33bf936a5c7fb03c190e61e0cfee00e872] Bluetooth: RFCOMM: Fix not validating setsockopt user input determine whether the revision contains the guilty commit revision 79b4be70d5a160969b805f638ac5b4efd0aac7a3 crashed and is reachable testing commit eea40d33bf936a5c7fb03c190e61e0cfee00e872 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: b057c1e4658291f770fc9bde76254c5b8ca662d37361b34ce5e45e1082c45810 all runs: crashed: INFO: task hung in ext4_quota_write representative crash: INFO: task hung in ext4_quota_write, types: [HANG] # git bisect good eea40d33bf936a5c7fb03c190e61e0cfee00e872 Bisecting: 24 revisions left to test after this (roughly 5 steps) [6dcc8ba8a6074bb79040f502dc66ad23a58a1c86] netfilter: nf_queue: drop packets with cloned unconfirmed conntracks determine whether the revision contains the guilty commit revision a507f147e6f06e86b7649b46bc1d3caa34b196d6 crashed and is reachable testing commit 6dcc8ba8a6074bb79040f502dc66ad23a58a1c86 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: d6c6ec08f3b3ee343bebeba9d8e70662af6c7026a1fd13a0d8a813c7a98dfe56 all runs: OK false negative chance: 0.000 # git bisect bad 6dcc8ba8a6074bb79040f502dc66ad23a58a1c86 Bisecting: 12 revisions left to test after this (roughly 4 steps) [f6943e19f776b0bd66bb137f0e6a9c948b1c13e2] igc: Fix packet still tx after gate close by reducing i226 MAC retry buffer determine whether the revision contains the guilty commit revision b8a50877f68efdcc0be3fcc5116e00c31b90e45b crashed and is reachable testing commit f6943e19f776b0bd66bb137f0e6a9c948b1c13e2 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 7db0aa93113d005fea18844bc34b09d40c4ce3775d219afe2dfb332999cc3338 all runs: OK false negative chance: 0.000 # git bisect bad f6943e19f776b0bd66bb137f0e6a9c948b1c13e2 Bisecting: 5 revisions left to test after this (roughly 3 steps) [5a2e37bc648a2503bf6d687aed27b9f4455d82eb] fou: remove warn in gue_gro_receive on unsupported protocol determine whether the revision contains the guilty commit revision 909ba1f1b4146de529469910c1bd0b1248964536 crashed and is reachable testing commit 5a2e37bc648a2503bf6d687aed27b9f4455d82eb gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: d55daf1e38ac86fc464d768244f2cbcacdac118693273270e492080fe7e84ae3 all runs: OK false negative chance: 0.000 # git bisect bad 5a2e37bc648a2503bf6d687aed27b9f4455d82eb Bisecting: 2 revisions left to test after this (roughly 2 steps) [0752e7fb549d90c33b4d4186f11cfd25a556d1dd] ext4: do not create EA inode under buffer lock determine whether the revision contains the guilty commit revision a507f147e6f06e86b7649b46bc1d3caa34b196d6 crashed and is reachable testing commit 0752e7fb549d90c33b4d4186f11cfd25a556d1dd gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: c7ba3ee53468ecd2e413dd6b098e1f022652801c8c48bee0e3827dec4b3ea0d3 all runs: OK false negative chance: 0.000 # git bisect bad 0752e7fb549d90c33b4d4186f11cfd25a556d1dd Bisecting: 0 revisions left to test after this (roughly 1 step) [db015e961cfc52e09b41ee693f3c4f3b9f48ac5e] ext4: fold quota accounting into ext4_xattr_inode_lookup_create() determine whether the revision contains the guilty commit revision 909ba1f1b4146de529469910c1bd0b1248964536 crashed and is reachable testing commit db015e961cfc52e09b41ee693f3c4f3b9f48ac5e gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: c94d4764e45923b6483e06170415555077450b605834c27c197e10cc6e4bcba4 all runs: crashed: INFO: task hung in ext4_quota_write representative crash: INFO: task hung in ext4_quota_write, types: [HANG] # git bisect good db015e961cfc52e09b41ee693f3c4f3b9f48ac5e 0752e7fb549d90c33b4d4186f11cfd25a556d1dd is the first bad commit commit 0752e7fb549d90c33b4d4186f11cfd25a556d1dd Author: Jan Kara Date: Thu Mar 21 17:26:50 2024 +0100 ext4: do not create EA inode under buffer lock [ Upstream commit 0a46ef234756dca04623b7591e8ebb3440622f0b ] ext4_xattr_set_entry() creates new EA inodes while holding buffer lock on the external xattr block. This is problematic as it nests all the allocation locking (which acquires locks on other buffers) under the buffer lock. This can even deadlock when the filesystem is corrupted and e.g. quota file is setup to contain xattr block as data block. Move the allocation of EA inode out of ext4_xattr_set_entry() into the callers. Reported-by: syzbot+a43d4f48b8397d0e41a9@syzkaller.appspotmail.com Signed-off-by: Jan Kara Link: https://lore.kernel.org/r/20240321162657.27420-2-jack@suse.cz Signed-off-by: Theodore Ts'o Signed-off-by: Sasha Levin fs/ext4/xattr.c | 113 ++++++++++++++++++++++++++------------------------------ 1 file changed, 53 insertions(+), 60 deletions(-) accumulated error probability: 0.00 culprit signature: c7ba3ee53468ecd2e413dd6b098e1f022652801c8c48bee0e3827dec4b3ea0d3 parent signature: c94d4764e45923b6483e06170415555077450b605834c27c197e10cc6e4bcba4 revisions tested: 20, total time: 5h3m49.376223126s (build: 1h12m4.036392193s, test: 3h44m38.60519732s) first good commit: 0752e7fb549d90c33b4d4186f11cfd25a556d1dd ext4: do not create EA inode under buffer lock recipients (to): ["jack@suse.cz" "sashal@kernel.org" "tytso@mit.edu"] recipients (cc): []