bisecting cause commit starting from 0d52778b8710eb11cb616761a02aee0a7fd60425 building syzkaller on 04201c0669446145fd9c347c5538da0ca13ff29b testing commit 0d52778b8710eb11cb616761a02aee0a7fd60425 with gcc (GCC) 8.1.0 kernel signature: 734dc75cfbdd13a444475bd6fc1a1e0a24265dea742a31a2bf5552c639812355 run #0: crashed: WARNING: ODEBUG bug in corrupted run #1: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_commit_super run #2: crashed: WARNING: ODEBUG bug in corrupted run #3: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_commit_super run #4: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_commit_super run #5: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_commit_super run #6: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_commit_super run #7: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_commit_super run #8: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_commit_super run #9: crashed: WARNING: ODEBUG bug in corrupted testing release v5.10 testing commit 2c85ebc57b3e1817b6ce1a6b703928e113a90442 with gcc (GCC) 8.1.0 kernel signature: f5760b2c445d15f5ece92b856df5a49be8c93d3d22f6cda3cb5ed85afe8f4ee1 all runs: OK # git bisect start 0d52778b8710eb11cb616761a02aee0a7fd60425 2c85ebc57b3e1817b6ce1a6b703928e113a90442 Bisecting: 6822 revisions left to test after this (roughly 13 steps) [3db1a3fa98808aa90f95ec3e0fa2fc7abf28f5c9] Merge tag 'staging-5.11-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging testing commit 3db1a3fa98808aa90f95ec3e0fa2fc7abf28f5c9 with gcc (GCC) 8.1.0 kernel signature: 74a6448752b17aa3adfba80dd907b56cb718dc122e5a61edc120a16d8aaff1a3 all runs: OK # git bisect good 3db1a3fa98808aa90f95ec3e0fa2fc7abf28f5c9 Bisecting: 3222 revisions left to test after this (roughly 12 steps) [9805529ec544ea7a82d891d5239a8ebd3dbb2a3e] Merge tag 'arm-soc-dt-5.11' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc testing commit 9805529ec544ea7a82d891d5239a8ebd3dbb2a3e with gcc (GCC) 8.1.0 kernel signature: c995e198344f8c1b51cf8829f5d9e59b317367207d46640f980bf1096c00083d all runs: OK # git bisect good 9805529ec544ea7a82d891d5239a8ebd3dbb2a3e Bisecting: 1602 revisions left to test after this (roughly 11 steps) [30712f9595dbf02c62d170c4765f3098b1a3d678] Merge remote-tracking branch 'risc-v/for-next' testing commit 30712f9595dbf02c62d170c4765f3098b1a3d678 with gcc (GCC) 8.1.0 kernel signature: bfd9ec93d9b8eabbb4a94b5c639956627274ab4e0b40e86d55dddddaf27a4650 all runs: OK # git bisect good 30712f9595dbf02c62d170c4765f3098b1a3d678 Bisecting: 814 revisions left to test after this (roughly 10 steps) [3fe08c6f2ecc7a9b1a8ab81fb8a463b82aa4606e] Merge remote-tracking branch 'rcu/rcu/next' testing commit 3fe08c6f2ecc7a9b1a8ab81fb8a463b82aa4606e with gcc (GCC) 8.1.0 kernel signature: fb618251ee105a166dd72de572f38928d34c5d6ada48ecfbbb2b833e86d6a6c6 run #0: crashed: WARNING: ODEBUG bug in corrupted run #1: crashed: WARNING: ODEBUG bug in corrupted run #2: crashed: WARNING: ODEBUG bug in corrupted run #3: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_commit_super run #4: crashed: WARNING: ODEBUG bug in corrupted run #5: crashed: WARNING: ODEBUG bug in ext4_fill_super run #6: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_commit_super run #7: crashed: WARNING: ODEBUG bug in ext4_fill_super run #8: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_commit_super run #9: crashed: WARNING: ODEBUG bug in ext4_fill_super # git bisect bad 3fe08c6f2ecc7a9b1a8ab81fb8a463b82aa4606e Bisecting: 396 revisions left to test after this (roughly 9 steps) [f200e8ae94a98e0d11cb01b0b80ba4af6a827551] Merge remote-tracking branch 'gfs2/for-next' testing commit f200e8ae94a98e0d11cb01b0b80ba4af6a827551 with gcc (GCC) 8.1.0 kernel signature: 5a8754fde2cb016b1f404badef50cabe6e493bfba1d1ac9a3d06469ca951d932 run #0: crashed: WARNING: ODEBUG bug in ext4_fill_super run #1: crashed: WARNING: ODEBUG bug in corrupted run #2: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_commit_super run #3: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_commit_super run #4: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_commit_super run #5: crashed: WARNING: ODEBUG bug in ext4_fill_super run #6: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_commit_super run #7: crashed: WARNING: ODEBUG bug in ext4_fill_super run #8: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_commit_super run #9: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_commit_super # git bisect bad f200e8ae94a98e0d11cb01b0b80ba4af6a827551 Bisecting: 197 revisions left to test after this (roughly 8 steps) [ceee0b1449737ebca78c58b446b1930d61105829] Merge remote-tracking branch 'orangefs/for-next' testing commit ceee0b1449737ebca78c58b446b1930d61105829 with gcc (GCC) 8.1.0 kernel signature: 2ae725be5ebbff87fe6251a417b4d27d5397aa58ad7c7a6fc29d3f41c3b25aec run #0: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_commit_super run #1: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_commit_super run #2: crashed: WARNING: ODEBUG bug in ext4_fill_super run #3: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_commit_super run #4: crashed: WARNING: ODEBUG bug in ext4_fill_super run #5: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_commit_super run #6: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_commit_super run #7: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_commit_super run #8: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_commit_super run #9: crashed: WARNING: ODEBUG bug in corrupted # git bisect bad ceee0b1449737ebca78c58b446b1930d61105829 Bisecting: 113 revisions left to test after this (roughly 7 steps) [9f367894ba30182d79f6fcdd912680fef4907b5b] Merge remote-tracking branch 'btrfs/for-next' testing commit 9f367894ba30182d79f6fcdd912680fef4907b5b with gcc (GCC) 8.1.0 kernel signature: 1aacf015a73a832f2937daba5ac9c5da9d1b4302b6fd26927c27c8bc94b03fc6 all runs: OK # git bisect good 9f367894ba30182d79f6fcdd912680fef4907b5b Bisecting: 57 revisions left to test after this (roughly 6 steps) [3436e6a383c9efc514780beaed80733f074f1dbd] Merge remote-tracking branch 'cifs/for-next' testing commit 3436e6a383c9efc514780beaed80733f074f1dbd with gcc (GCC) 8.1.0 kernel signature: e061393f68be513260253ad69ef8d91551dec158e2cb282b75b0d33a284a7582 all runs: OK # git bisect good 3436e6a383c9efc514780beaed80733f074f1dbd Bisecting: 28 revisions left to test after this (roughly 5 steps) [73d860278e9049a1288e52bf4fc2968321570b47] ext4: remove unnecessary wbc parameter from ext4_bio_write_page testing commit 73d860278e9049a1288e52bf4fc2968321570b47 with gcc (GCC) 8.1.0 kernel signature: fe7d015994e276edf0607b51208a8091b785cb0ae0f59ca5458aea79159d1fbb all runs: OK # git bisect good 73d860278e9049a1288e52bf4fc2968321570b47 Bisecting: 16 revisions left to test after this (roughly 4 steps) [b88708b6a10c1c343f2924cf0b36f2f8bd25d014] Merge remote-tracking branch 'ext3/for_next' testing commit b88708b6a10c1c343f2924cf0b36f2f8bd25d014 with gcc (GCC) 8.1.0 kernel signature: 849f6bb017061399c02d07c7209d70548398b6712a6128d1c6b619f34de4ddc8 all runs: OK # git bisect good b88708b6a10c1c343f2924cf0b36f2f8bd25d014 Bisecting: 8 revisions left to test after this (roughly 3 steps) [739c541bd3ea1f5943284542abb855116632a84b] ext4: don't leak old mountpoint samples testing commit 739c541bd3ea1f5943284542abb855116632a84b with gcc (GCC) 8.1.0 kernel signature: 9be52598d3382202c447943742920f07af495ff4649db09c3e9cbaac1530e050 run #0: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_commit_super run #1: crashed: WARNING: ODEBUG bug in corrupted run #2: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_commit_super run #3: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_commit_super run #4: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_commit_super run #5: crashed: WARNING: ODEBUG bug in ext4_fill_super run #6: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_commit_super run #7: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_commit_super run #8: crashed: WARNING: ODEBUG bug in ext4_fill_super run #9: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_commit_super # git bisect bad 739c541bd3ea1f5943284542abb855116632a84b Bisecting: 3 revisions left to test after this (roughly 2 steps) [e810c942a325cf749e859d7aa3a43dc219cea299] ext4: save error info to sb through journal if available testing commit e810c942a325cf749e859d7aa3a43dc219cea299 with gcc (GCC) 8.1.0 kernel signature: fbc53d691c74c0bc6eb871c369d1ab32725b9b1d0df449d7d32eb329b1f61b10 run #0: crashed: WARNING: ODEBUG bug in corrupted run #1: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_commit_super run #2: crashed: WARNING: ODEBUG bug in ext4_fill_super run #3: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_commit_super run #4: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_commit_super run #5: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_commit_super run #6: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_commit_super run #7: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_commit_super run #8: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_commit_super run #9: crashed: WARNING: ODEBUG bug in ext4_fill_super # git bisect bad e810c942a325cf749e859d7aa3a43dc219cea299 Bisecting: 1 revision left to test after this (roughly 1 step) [abcac58a6d0e44bc86e53ea4dc79653057665fa5] ext4: drop sync argument of ext4_commit_super() testing commit abcac58a6d0e44bc86e53ea4dc79653057665fa5 with gcc (GCC) 8.1.0 kernel signature: 8a539175a67ce8758948a1e7f8b0a09ede17f7681d3fdae2ef4add49c211317b all runs: OK # git bisect good abcac58a6d0e44bc86e53ea4dc79653057665fa5 Bisecting: 0 revisions left to test after this (roughly 0 steps) [c582b258be3c13cf241df98e93e06c3298b65338] ext4: protect superblock modifications with a buffer lock testing commit c582b258be3c13cf241df98e93e06c3298b65338 with gcc (GCC) 8.1.0 kernel signature: ca55b5e6af2f3a53ee57c8f51e4706ae9562fd4a394bfc958727805a14556e14 all runs: OK # git bisect good c582b258be3c13cf241df98e93e06c3298b65338 e810c942a325cf749e859d7aa3a43dc219cea299 is the first bad commit commit e810c942a325cf749e859d7aa3a43dc219cea299 Author: Jan Kara Date: Wed Dec 16 11:18:40 2020 +0100 ext4: save error info to sb through journal if available If journalling is still working at the moment we get to writing error information to the superblock we cannot write directly to the superblock as such write could race with journalled update of the superblock and cause journal checksum failures, writing inconsistent information to the journal or other problems. We cannot journal the superblock directly from the error handling functions as we are running in uncertain context and could deadlock so just punt journalled superblock update to a workqueue. Signed-off-by: Jan Kara Link: https://lore.kernel.org/r/20201216101844.22917-5-jack@suse.cz Signed-off-by: Theodore Ts'o fs/ext4/super.c | 101 +++++++++++++++++++++++++++++++++++++++++--------------- 1 file changed, 75 insertions(+), 26 deletions(-) culprit signature: fbc53d691c74c0bc6eb871c369d1ab32725b9b1d0df449d7d32eb329b1f61b10 parent signature: ca55b5e6af2f3a53ee57c8f51e4706ae9562fd4a394bfc958727805a14556e14 revisions tested: 16, total time: 3h34m57.748407221s (build: 1h13m20.724462928s, test: 2h20m2.540745346s) first bad commit: e810c942a325cf749e859d7aa3a43dc219cea299 ext4: save error info to sb through journal if available recipients (to): ["adilger.kernel@dilger.ca" "jack@suse.cz" "linux-ext4@vger.kernel.org" "tytso@mit.edu" "tytso@mit.edu"] recipients (cc): ["linux-kernel@vger.kernel.org"] crash: WARNING: ODEBUG bug in ext4_fill_super EXT4-fs error (device loop3): ext4_fill_super:4944: inode #2: comm syz-executor.3: iget: root inode unallocated EXT4-fs (loop3): get root inode failed EXT4-fs (loop3): mount failed ------------[ cut here ]------------ ODEBUG: free active (active state 0) object type: work_struct hint: flush_stashed_error_work+0x0/0xa0 fs/ext4/super.c:5764 WARNING: CPU: 0 PID: 9913 at lib/debugobjects.c:508 debug_print_object+0x96/0x110 lib/debugobjects.c:505 Modules linked in: CPU: 0 PID: 9913 Comm: syz-executor.3 Not tainted 5.10.0-rc5-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:debug_print_object+0x96/0x110 lib/debugobjects.c:505 Code: ff ff ff ff 48 89 f7 48 29 c7 48 83 ff 30 48 89 f8 77 5c 48 8b 14 dd c0 ee 4c 85 4c 89 e6 48 c7 c7 e8 35 bc 84 e8 33 9a 8f 01 <0f> 0b 83 05 3d 92 c0 03 01 48 83 c4 18 5b 5d 41 5c c3 83 05 2d 92 RSP: 0018:ffffc90001573b98 EFLAGS: 00010282 RAX: 0000000000000000 RBX: 0000000000000003 RCX: 0000000000000001 RDX: 0000000080000001 RSI: 0000000000000027 RDI: 00000000ffffffff RBP: ffffffff8402a960 R08: 0000000000000001 R09: 0000000000000001 R10: 0000000000000001 R11: 0000000000000000 R12: ffffffff84b96465 R13: ffffffff8402a960 R14: ffff88811ea7a6e0 R15: 0000000000000000 FS: 00007f46f1e63700(0000) GS:ffff88813bc00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000000000342aad8 CR3: 000000011f5fc000 CR4: 00000000001506f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: __debug_check_no_obj_freed lib/debugobjects.c:987 [inline] debug_check_no_obj_freed+0x1c5/0x200 lib/debugobjects.c:1018 slab_free_hook mm/slub.c:1536 [inline] slab_free_freelist_hook+0xef/0x130 mm/slub.c:1577 slab_free mm/slub.c:3142 [inline] kfree+0xe1/0x640 mm/slub.c:4124 ext4_fill_super+0x3d8/0x4480 fs/ext4/super.c:5180 mount_bdev+0x18c/0x1c0 fs/super.c:1419 legacy_get_tree+0x28/0x60 fs/fs_context.c:592 vfs_get_tree+0x1d/0xd0 fs/super.c:1549 do_new_mount fs/namespace.c:2875 [inline] path_mount+0x75e/0xac0 fs/namespace.c:3205 do_mount+0x70/0x90 fs/namespace.c:3218 __do_sys_mount fs/namespace.c:3426 [inline] __se_sys_mount fs/namespace.c:3403 [inline] __x64_sys_mount+0xbf/0xe0 fs/namespace.c:3403 do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x44/0xa9 RIP: 0033:0x460b9a Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 ad 89 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 8a 89 fb ff c3 66 0f 1f 84 00 00 00 00 00 RSP: 002b:00007f46f1e62a78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 RAX: ffffffffffffffda RBX: 00007f46f1e62b10 RCX: 0000000000460b9a RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007f46f1e62ad0 RBP: 00007f46f1e62ad0 R08: 00007f46f1e62b10 R09: 0000000020000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000020000000 R13: 0000000020000100 R14: 0000000020000200 R15: 0000000020014a00