ci2 starts bisection 2023-02-21 15:26:07.984301693 +0000 UTC m=+31542.621498985 bisecting fixing commit since 72d681a01da5f02769fd75f229ed2f9276894c4f building syzkaller on cc0f9968db1abe397e6c93bf4f5dff51be20f914 ensuring issue is reproducible on original commit 72d681a01da5f02769fd75f229ed2f9276894c4f testing commit 72d681a01da5f02769fd75f229ed2f9276894c4f gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 022ee1447c9f1087ad3bc71cb8d42a485ab752f6797845afdee9a0e894f42548 run #0: crashed: KASAN: slab-out-of-bounds Read in ext4_ext_remove_space run #1: crashed: KASAN: use-after-free Read in ext4_ext_remove_space run #2: crashed: KASAN: use-after-free Read in ext4_ext_remove_space run #3: crashed: KASAN: use-after-free Read in ext4_ext_remove_space run #4: crashed: KASAN: use-after-free Read in ext4_ext_remove_space run #5: crashed: KASAN: use-after-free Read in ext4_ext_remove_space run #6: crashed: KASAN: use-after-free Read in ext4_ext_remove_space run #7: crashed: KASAN: use-after-free Read in ext4_ext_remove_space run #8: crashed: KASAN: use-after-free Read in ext4_ext_remove_space run #9: crashed: KASAN: use-after-free Read in ext4_ext_remove_space run #10: crashed: KASAN: use-after-free Read in ext4_ext_remove_space run #11: crashed: KASAN: use-after-free Read in ext4_ext_remove_space run #12: crashed: KASAN: use-after-free Read in ext4_ext_remove_space run #13: crashed: KASAN: slab-out-of-bounds Read in ext4_ext_remove_space run #14: crashed: KASAN: use-after-free Read in ext4_ext_remove_space run #15: crashed: KASAN: use-after-free Read in ext4_ext_remove_space run #16: crashed: KASAN: use-after-free Read in ext4_ext_remove_space run #17: crashed: KASAN: use-after-free Read in ext4_ext_remove_space run #18: crashed: KASAN: use-after-free Read in ext4_ext_remove_space run #19: OK testing current HEAD 5448b2fda85f2d90de03f053226f721ba2f7e731 testing commit 5448b2fda85f2d90de03f053226f721ba2f7e731 gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 4f737368927dae6c18562192e89e4180d1b9ac233604c711b74cae3f38597c50 all runs: OK # git bisect start 5448b2fda85f2d90de03f053226f721ba2f7e731 72d681a01da5f02769fd75f229ed2f9276894c4f Bisecting: 1442 revisions left to test after this (roughly 11 steps) [0bec17f1ce31c6c948396d8c633810a3e0e4a242] net: amd-xgbe: add missed tasklet_kill testing commit 0bec17f1ce31c6c948396d8c633810a3e0e4a242 gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 1ee512f27ed2e659fd92bf8f42452a28806be8b3900692205931abe60ebacc61 all runs: OK # git bisect bad 0bec17f1ce31c6c948396d8c633810a3e0e4a242 Bisecting: 721 revisions left to test after this (roughly 10 steps) [210fcf64be4db82c0e190e74b5111e4eef661a7a] media: dvb-usb: az6027: fix null-ptr-deref in az6027_i2c_xfer() testing commit 210fcf64be4db82c0e190e74b5111e4eef661a7a gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 38b4132065d90bbbac543e08b20c2031ce9227f3c7fd565bd74779e37035e138 run #0: crashed: KASAN: use-after-free Read in ext4_ext_remove_space run #1: crashed: KASAN: use-after-free Read in ext4_ext_remove_space run #2: crashed: KASAN: use-after-free Read in ext4_ext_remove_space run #3: crashed: KASAN: slab-out-of-bounds Read in ext4_ext_remove_space run #4: crashed: KASAN: use-after-free Read in ext4_ext_remove_space run #5: crashed: KASAN: slab-out-of-bounds Read in ext4_ext_remove_space run #6: crashed: KASAN: use-after-free Read in ext4_ext_remove_space run #7: crashed: KASAN: use-after-free Read in ext4_ext_remove_space run #8: crashed: KASAN: use-after-free Read in ext4_ext_remove_space run #9: crashed: KASAN: use-after-free Read in ext4_ext_remove_space # git bisect good 210fcf64be4db82c0e190e74b5111e4eef661a7a Bisecting: 360 revisions left to test after this (roughly 9 steps) [04e454bd97e261f957709ece5935e57aee3bd7cd] selftests: devlink: fix the fd redirect in dummy_reporter_test testing commit 04e454bd97e261f957709ece5935e57aee3bd7cd gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: b3cfa57fe5e2ffbca95556da9e90ca78b0fd7315362fac7fc1eca6bf68eef94d run #0: crashed: KASAN: use-after-free Read in ext4_ext_remove_space run #1: crashed: KASAN: use-after-free Read in ext4_ext_remove_space run #2: crashed: KASAN: use-after-free Read in ext4_ext_remove_space run #3: crashed: KASAN: use-after-free Read in ext4_ext_remove_space run #4: crashed: KASAN: use-after-free Read in ext4_ext_remove_space run #5: crashed: KASAN: use-after-free Read in ext4_ext_remove_space run #6: crashed: KASAN: use-after-free Read in ext4_ext_remove_space run #7: crashed: KASAN: use-after-free Read in ext4_ext_remove_space run #8: crashed: KASAN: slab-out-of-bounds Read in ext4_ext_remove_space run #9: crashed: KASAN: use-after-free Read in ext4_ext_remove_space # git bisect good 04e454bd97e261f957709ece5935e57aee3bd7cd Bisecting: 180 revisions left to test after this (roughly 8 steps) [7eb57bc92f1ba0e2d27b0c8f16f2c69ae65fce70] f2fs: allow to read node block after shutdown testing commit 7eb57bc92f1ba0e2d27b0c8f16f2c69ae65fce70 gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 3884442ff8e8b5727a283ccf7760d46fd50a833e9e1baf542885fbae8adfb527 run #0: crashed: KASAN: use-after-free Read in ext4_ext_remove_space run #1: crashed: KASAN: use-after-free Read in ext4_ext_remove_space run #2: crashed: KASAN: use-after-free Read in ext4_ext_remove_space run #3: crashed: KASAN: use-after-free Read in ext4_ext_remove_space run #4: crashed: KASAN: use-after-free Read in ext4_ext_remove_space run #5: crashed: kernel BUG in ext4_free_blocks run #6: crashed: KASAN: use-after-free Read in ext4_ext_remove_space run #7: crashed: KASAN: use-after-free Read in ext4_ext_remove_space run #8: crashed: KASAN: use-after-free Read in ext4_ext_remove_space run #9: crashed: KASAN: use-after-free Read in ext4_ext_remove_space # git bisect good 7eb57bc92f1ba0e2d27b0c8f16f2c69ae65fce70 Bisecting: 90 revisions left to test after this (roughly 7 steps) [af4ceb00ebeae5cc025ebeaf858e0a9785acee47] drm/ingenic: Fix missing platform_driver_unregister() call in ingenic_drm_init() testing commit af4ceb00ebeae5cc025ebeaf858e0a9785acee47 gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 07f74ff00766597cf2fa5ef3084debe54ddbe3fb57b15926f5cff418d5cad20f all runs: crashed: KASAN: use-after-free Read in ext4_ext_remove_space # git bisect good af4ceb00ebeae5cc025ebeaf858e0a9785acee47 Bisecting: 45 revisions left to test after this (roughly 6 steps) [1bd7283dc0bee2067398a8f1a4847449cb9dfbee] x86/MCE/AMD: Clear DFR errors found in THR handler testing commit 1bd7283dc0bee2067398a8f1a4847449cb9dfbee gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 4fbd567b86f2c44748ed5c16cb4070ad3d0839563c79dd75b45e7ed17100e422 all runs: OK # git bisect bad 1bd7283dc0bee2067398a8f1a4847449cb9dfbee Bisecting: 22 revisions left to test after this (roughly 5 steps) [877247222a0c5a67ac41a1d04efe41471c47ce67] ext4: initialize quota before expanding inode in setproject ioctl testing commit 877247222a0c5a67ac41a1d04efe41471c47ce67 gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: d53bdc5a8327c3f8fd0507e498aafd78f1a08b4255914702085aa5a6f0bc8a61 all runs: OK # git bisect bad 877247222a0c5a67ac41a1d04efe41471c47ce67 Bisecting: 10 revisions left to test after this (roughly 4 steps) [91009e361e8cb2cbd1dc9496cb5fb4f8de3f4b11] ext4: check and assert if marking an no_delete evicting inode dirty testing commit 91009e361e8cb2cbd1dc9496cb5fb4f8de3f4b11 gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 9b91b5e75f165f1c9d1ec45099855f394676a06e61ff0aa02b3edbc11a59ce78 all runs: OK # git bisect bad 91009e361e8cb2cbd1dc9496cb5fb4f8de3f4b11 Bisecting: 5 revisions left to test after this (roughly 3 steps) [cf0e0817b0f925b70d101d7014ea81b7094e1159] ext4: fix use-after-free in ext4_orphan_cleanup testing commit cf0e0817b0f925b70d101d7014ea81b7094e1159 gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: dd71cb4dd269c862d609d1080afeb81ed99f6f42fde51794c399c15cb7d25d66 all runs: OK # git bisect bad cf0e0817b0f925b70d101d7014ea81b7094e1159 Bisecting: 2 revisions left to test after this (roughly 1 step) [7192afa5e4bfa1316a3ad4875562e9b123af7c06] ext4: add inode table check in __ext4_get_inode_loc to aovid possible infinite loop testing commit 7192afa5e4bfa1316a3ad4875562e9b123af7c06 gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 86c2cd46d209f6c9a6310b52590b9eff2bd5b293f17bd0791217d94e720b8a67 all runs: OK # git bisect bad 7192afa5e4bfa1316a3ad4875562e9b123af7c06 Bisecting: 0 revisions left to test after this (roughly 0 steps) [0d041b7251c13679a0f6c7926751ce1d8a7237c1] ext4: silence the warning when evicting inode with dioread_nolock testing commit 0d041b7251c13679a0f6c7926751ce1d8a7237c1 gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 563e6b992bdcece13c94aabc42bb2ca5160fbc281bb1add0150b0687210cc3db all runs: crashed: KASAN: use-after-free Read in ext4_ext_remove_space # git bisect good 0d041b7251c13679a0f6c7926751ce1d8a7237c1 7192afa5e4bfa1316a3ad4875562e9b123af7c06 is the first bad commit commit 7192afa5e4bfa1316a3ad4875562e9b123af7c06 Author: Baokun Li Date: Wed Aug 17 21:27:01 2022 +0800 ext4: add inode table check in __ext4_get_inode_loc to aovid possible infinite loop commit eee22187b53611e173161e38f61de1c7ecbeb876 upstream. In do_writepages, if the value returned by ext4_writepages is "-ENOMEM" and "wbc->sync_mode == WB_SYNC_ALL", retry until the condition is not met. In __ext4_get_inode_loc, if the bh returned by sb_getblk is NULL, the function returns -ENOMEM. In __getblk_slow, if the return value of grow_buffers is less than 0, the function returns NULL. When the three processes are connected in series like the following stack, an infinite loop may occur: do_writepages <--- keep retrying ext4_writepages mpage_map_and_submit_extent mpage_map_one_extent ext4_map_blocks ext4_ext_map_blocks ext4_ext_handle_unwritten_extents ext4_ext_convert_to_initialized ext4_split_extent ext4_split_extent_at __ext4_ext_dirty __ext4_mark_inode_dirty ext4_reserve_inode_write ext4_get_inode_loc __ext4_get_inode_loc <--- return -ENOMEM sb_getblk __getblk_gfp __getblk_slow <--- return NULL grow_buffers grow_dev_page <--- return -ENXIO ret = (block < end_block) ? 1 : -ENXIO; In this issue, bg_inode_table_hi is overwritten as an incorrect value. As a result, `block < end_block` cannot be met in grow_dev_page. Therefore, __ext4_get_inode_loc always returns '-ENOMEM' and do_writepages keeps retrying. As a result, the writeback process is in the D state due to an infinite loop. Add a check on inode table block in the __ext4_get_inode_loc function by referring to ext4_read_inode_bitmap to avoid this infinite loop. Cc: stable@kernel.org Signed-off-by: Baokun Li Reviewed-by: Ritesh Harjani (IBM) Link: https://lore.kernel.org/r/20220817132701.3015912-3-libaokun1@huawei.com Signed-off-by: Theodore Ts'o Signed-off-by: Greg Kroah-Hartman fs/ext4/inode.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) culprit signature: 86c2cd46d209f6c9a6310b52590b9eff2bd5b293f17bd0791217d94e720b8a67 parent signature: 563e6b992bdcece13c94aabc42bb2ca5160fbc281bb1add0150b0687210cc3db revisions tested: 13, total time: 3h27m51.531026859s (build: 1h21m46.529200974s, test: 1h58m2.427855954s) first good commit: 7192afa5e4bfa1316a3ad4875562e9b123af7c06 ext4: add inode table check in __ext4_get_inode_loc to aovid possible infinite loop recipients (to): ["gregkh@linuxfoundation.org" "libaokun1@huawei.com" "ritesh.list@gmail.com" "tytso@mit.edu"] recipients (cc): []