ci2 starts bisection 2023-09-05 01:58:12.183952882 +0000 UTC m=+104.291185074
bisecting fixing commit since 19c0ed55a470d1cd766484abab04871b648560fb
building syzkaller on 4bce1a3e705a8b62de8194bdb28f5eef89c8feec
ensuring issue is reproducible on original commit 19c0ed55a470d1cd766484abab04871b648560fb

testing commit 19c0ed55a470d1cd766484abab04871b648560fb gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 61989dfb6ff3e33e4670e7552a681312218b98f441ada9c72e7f21d8903152d4
run #0: crashed: general protection fault in ext4_acquire_dquot
run #1: crashed: general protection fault in ext4_acquire_dquot
run #2: crashed: general protection fault in ext4_acquire_dquot
run #3: crashed: general protection fault in ext4_acquire_dquot
run #4: crashed: general protection fault in ext4_acquire_dquot
run #5: crashed: general protection fault in ext4_acquire_dquot
run #6: crashed: general protection fault in ext4_acquire_dquot
run #7: crashed: general protection fault in ext4_acquire_dquot
run #8: crashed: general protection fault in ext4_acquire_dquot
run #9: crashed: general protection fault in ext4_acquire_dquot
run #10: crashed: general protection fault in ext4_acquire_dquot
run #11: crashed: general protection fault in ext4_acquire_dquot
run #12: crashed: general protection fault in ext4_acquire_dquot
run #13: crashed: general protection fault in ext4_acquire_dquot
run #14: crashed: general protection fault in ext4_release_dquot
run #15: crashed: general protection fault in ext4_acquire_dquot
run #16: crashed: general protection fault in ext4_acquire_dquot
run #17: crashed: general protection fault in ext4_acquire_dquot
run #18: crashed: general protection fault in ext4_acquire_dquot
run #19: crashed: general protection fault in ext4_acquire_dquot
representative crash: general protection fault in ext4_acquire_dquot, types: [UNKNOWN]
check whether we can drop unnecessary instrumentation
disabling configs for [HANG LEAK UBSAN BUG KASAN LOCKDEP ATOMIC_SLEEP], they are not needed
testing commit 19c0ed55a470d1cd766484abab04871b648560fb gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 59c3556a12f9d118700d3938caa36a9368e3cc0ed1ac099bf06bc6150b511207
run #0: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_release_dquot
run #1: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_acquire_dquot
run #2: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_acquire_dquot
run #3: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_acquire_dquot
run #4: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_acquire_dquot
run #5: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_acquire_dquot
run #6: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_acquire_dquot
run #7: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_acquire_dquot
run #8: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_acquire_dquot
run #9: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_release_dquot
representative crash: BUG: unable to handle kernel NULL pointer dereference in ext4_release_dquot, types: [UNKNOWN]
the bug reproduces without the instrumentation
disabling configs for [HANG LEAK UBSAN BUG KASAN LOCKDEP ATOMIC_SLEEP], they are not needed
kconfig minimization: base=4920 full=6166 leaves diff=244
split chunks (needed=false): <244>
split chunk #0 of len 244 into 5 parts
testing without sub-chunk 1/5
disabling configs for [BUG KASAN LOCKDEP ATOMIC_SLEEP HANG LEAK UBSAN], they are not needed
testing commit 19c0ed55a470d1cd766484abab04871b648560fb gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 12580fab7e5901b7b53a44c68558a3c2de1006d8de4f08b95c61b22a0952655c
run #0: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_acquire_dquot
run #1: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_acquire_dquot
run #2: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_acquire_dquot
run #3: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_release_dquot
run #4: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_acquire_dquot
run #5: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_acquire_dquot
run #6: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_acquire_dquot
run #7: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_acquire_dquot
run #8: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_acquire_dquot
run #9: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_acquire_dquot
representative crash: BUG: unable to handle kernel NULL pointer dereference in ext4_acquire_dquot, types: [UNKNOWN]
the chunk can be dropped
testing without sub-chunk 2/5
disabling configs for [HANG LEAK UBSAN BUG KASAN LOCKDEP ATOMIC_SLEEP], they are not needed
testing commit 19c0ed55a470d1cd766484abab04871b648560fb gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 1dab16295a2ffff13747e5b0e92407f109f622f155018ec02d8b6d1c964d822c
run #0: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_release_dquot
run #1: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_acquire_dquot
run #2: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_acquire_dquot
run #3: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_acquire_dquot
run #4: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_release_dquot
run #5: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_acquire_dquot
run #6: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_acquire_dquot
run #7: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_release_dquot
run #8: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_acquire_dquot
run #9: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_acquire_dquot
representative crash: BUG: unable to handle kernel NULL pointer dereference in ext4_release_dquot, types: [UNKNOWN]
the chunk can be dropped
testing without sub-chunk 3/5
disabling configs for [HANG LEAK UBSAN BUG KASAN LOCKDEP ATOMIC_SLEEP], they are not needed
testing commit 19c0ed55a470d1cd766484abab04871b648560fb gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: bf8209b103e1001d521b08b68308c744be4ea33e8b5a0efc9671c8ed383e02bb
run #0: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_acquire_dquot
run #1: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_acquire_dquot
run #2: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_acquire_dquot
run #3: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_acquire_dquot
run #4: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_acquire_dquot
run #5: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_acquire_dquot
run #6: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_acquire_dquot
run #7: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_acquire_dquot
run #8: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_release_dquot
run #9: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_acquire_dquot
representative crash: BUG: unable to handle kernel NULL pointer dereference in ext4_acquire_dquot, types: [UNKNOWN]
the chunk can be dropped
testing without sub-chunk 4/5
disabling configs for [LEAK UBSAN BUG KASAN LOCKDEP ATOMIC_SLEEP HANG], they are not needed
testing commit 19c0ed55a470d1cd766484abab04871b648560fb gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: cc687455cf7c5ab7c986fe4a0cbd842c30f17c1ee9e1bd90afe9d02319b3d104
run #0: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_acquire_dquot
run #1: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_acquire_dquot
run #2: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_acquire_dquot
run #3: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_acquire_dquot
run #4: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_acquire_dquot
run #5: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_release_dquot
run #6: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_acquire_dquot
run #7: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_acquire_dquot
run #8: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_acquire_dquot
run #9: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_acquire_dquot
representative crash: BUG: unable to handle kernel NULL pointer dereference in ext4_acquire_dquot, types: [UNKNOWN]
the chunk can be dropped
testing without sub-chunk 5/5
disabling configs for [HANG LEAK UBSAN BUG KASAN LOCKDEP ATOMIC_SLEEP], they are not needed
testing commit 19c0ed55a470d1cd766484abab04871b648560fb gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40
failed building 19c0ed55a470d1cd766484abab04871b648560fb: net/socket.c:1172: undefined reference to `wext_handle_ioctl'
net/socket.c:3366: undefined reference to `compat_wext_handle_ioctl'
net/core/net-procfs.c:343: undefined reference to `wext_proc_exit'
net/core/net-procfs.c:327: undefined reference to `wext_proc_init'
minimized to 48 configs; suspects: [HID_ZEROPLUS USB_NET_CDC_SUBSET USB_NET_CDC_SUBSET_ENABLE USB_NET_DM9601 USB_NET_GL620A USB_NET_MCS7830 USB_NET_NET1080 USB_NET_PLUSB USB_NET_RNDIS_HOST USB_NET_SMSC75XX USB_NET_SMSC95XX USB_NET_SR9700 USB_NET_SR9800 USB_NET_ZAURUS USB_OHCI_HCD USB_OHCI_HCD_PCI USB_OHCI_HCD_PLATFORM USB_OTG USB_OTG_FSM USB_PRINTER USB_SERIAL USB_SERIAL_FTDI_SIO USB_SERIAL_GENERIC USB_SERIAL_PL2303 USB_STORAGE_ALAUDA USB_STORAGE_CYPRESS_ATACB USB_STORAGE_DATAFAB USB_STORAGE_FREECOM USB_STORAGE_ISD200 USB_STORAGE_JUMPSHOT USB_STORAGE_KARMA USB_STORAGE_ONETOUCH USB_STORAGE_SDDR09 USB_STORAGE_SDDR55 USB_STORAGE_USBAT USB_TRANCEVIBRATOR USB_U_AUDIO USB_U_ETHER USB_U_SERIAL USB_WDM WLAN WLAN_VENDOR_ATH WLAN_VENDOR_ATMEL WLAN_VENDOR_BROADCOM WLAN_VENDOR_INTERSIL WLAN_VENDOR_MARVELL WLAN_VENDOR_MEDIATEK WLAN_VENDOR_MICROCHIP WLAN_VENDOR_RALINK WLAN_VENDOR_REALTEK WLAN_VENDOR_RSI WLAN_VENDOR_ZYDAS X86_X32 ZEROPLUS_FF]
disabling configs for [KASAN LOCKDEP ATOMIC_SLEEP HANG LEAK UBSAN BUG], they are not needed
testing current HEAD 1317bd27a72f76b46e44e146c26202186c5fff6a
testing commit 1317bd27a72f76b46e44e146c26202186c5fff6a gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: d36bdad79b20f05e9582db551b4e0fbc70ec9758b6ce1348d5587551ac7e8566
all runs: OK
false negative chance: 0.000
# git bisect start 1317bd27a72f76b46e44e146c26202186c5fff6a 19c0ed55a470d1cd766484abab04871b648560fb
Bisecting: 1581 revisions left to test after this (roughly 11 steps)
[cf78062aa9887e97f3d4f11adde92d1e56c6fe03] x86/mm: Fix __swp_entry_to_pte() for Xen PV guests

determine whether the revision contains the guilty commit
checking the merge base d86dfc4d95cd218246b10ca7adf22c8626547599
no existing result, test the revision
testing commit d86dfc4d95cd218246b10ca7adf22c8626547599 gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: d19c8413ff1dfeb3b242b17fd7794ba88d4e60d0bdf24d801bbbb157659ee2bc
run #0: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_acquire_dquot
run #1: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_acquire_dquot
run #2: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_acquire_dquot
run #3: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_release_dquot
run #4: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_acquire_dquot
run #5: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_acquire_dquot
run #6: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_acquire_dquot
run #7: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_quota_read
run #8: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_acquire_dquot
run #9: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_acquire_dquot
representative crash: BUG: unable to handle kernel NULL pointer dereference in ext4_acquire_dquot, types: [UNKNOWN]
testing commit cf78062aa9887e97f3d4f11adde92d1e56c6fe03 gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 069cf1e3ac56774313615a983e9f12b0ff63c63c5b615dab93dd01c699bc1876
all runs: OK
false negative chance: 0.000
# git bisect bad cf78062aa9887e97f3d4f11adde92d1e56c6fe03
Bisecting: 789 revisions left to test after this (roughly 10 steps)
[96b3233f42fbf789bcb0237cbf6dc108334205e6] fbdev: arcfb: Fix error handling in arcfb_probe()

determine whether the revision contains the guilty commit
revision d86dfc4d95cd218246b10ca7adf22c8626547599 crashed and is reachable
testing commit 96b3233f42fbf789bcb0237cbf6dc108334205e6 gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 6e7b97343577e433a47e0f79fc50e244b9c4011686d6ef3ae12c631ca16e754c
all runs: OK
false negative chance: 0.000
# git bisect bad 96b3233f42fbf789bcb0237cbf6dc108334205e6
Bisecting: 394 revisions left to test after this (roughly 9 steps)
[3c300022c18809ad6fb38bab5debbf1eab96e737] media: rcar_fdp1: Make use of the helper function devm_platform_ioremap_resource()

determine whether the revision contains the guilty commit
revision d86dfc4d95cd218246b10ca7adf22c8626547599 crashed and is reachable
testing commit 3c300022c18809ad6fb38bab5debbf1eab96e737 gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 832b31b2f9f23ff2fc4cb365518019e47f0cee5be6bbfa0e7e4d2443cd3d7890
run #0: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_acquire_dquot
run #1: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_release_dquot
run #2: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_acquire_dquot
run #3: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_acquire_dquot
run #4: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_acquire_dquot
run #5: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_acquire_dquot
run #6: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_acquire_dquot
run #7: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_release_dquot
run #8: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_acquire_dquot
run #9: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_acquire_dquot
representative crash: BUG: unable to handle kernel NULL pointer dereference in ext4_acquire_dquot, types: [UNKNOWN]
# git bisect good 3c300022c18809ad6fb38bab5debbf1eab96e737
Bisecting: 197 revisions left to test after this (roughly 8 steps)
[dce3bdaee3f2c48e6306b388bd55ab547fcbce7c] phy: tegra: xusb: Add missing tegra_xusb_port_unregister for usb2_port and ulpi_port

determine whether the revision contains the guilty commit
revision d86dfc4d95cd218246b10ca7adf22c8626547599 crashed and is reachable
testing commit dce3bdaee3f2c48e6306b388bd55ab547fcbce7c gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 0bc8bcd45677da6f675981c2f19d829458bc5386554a80c19e877e6879eb8871
run #0: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_acquire_dquot
run #1: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_acquire_dquot
run #2: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_acquire_dquot
run #3: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_acquire_dquot
run #4: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_acquire_dquot
run #5: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_acquire_dquot
run #6: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_acquire_dquot
run #7: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_release_dquot
run #8: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_acquire_dquot
run #9: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_acquire_dquot
representative crash: BUG: unable to handle kernel NULL pointer dereference in ext4_acquire_dquot, types: [UNKNOWN]
# git bisect good dce3bdaee3f2c48e6306b388bd55ab547fcbce7c
Bisecting: 98 revisions left to test after this (roughly 7 steps)
[2baa45d8f55ec07648baacfa2965353df38a58a6] perf evlist: Refactor evlist__for_each_cpu()

determine whether the revision contains the guilty commit
revision dce3bdaee3f2c48e6306b388bd55ab547fcbce7c crashed and is reachable
testing commit 2baa45d8f55ec07648baacfa2965353df38a58a6 gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: afb97c59d51ae22fc09240b881aa5adf104e7858778075549bfb3456fb84a4e5
all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_acquire_dquot
representative crash: BUG: unable to handle kernel NULL pointer dereference in ext4_acquire_dquot, types: [UNKNOWN]
# git bisect good 2baa45d8f55ec07648baacfa2965353df38a58a6
Bisecting: 49 revisions left to test after this (roughly 6 steps)
[615aff165bdacd8661e57d54730c96c2c8366f4e] drm/amd/display: Add NULL plane_state check for cursor disable logic

determine whether the revision contains the guilty commit
revision 2baa45d8f55ec07648baacfa2965353df38a58a6 crashed and is reachable
testing commit 615aff165bdacd8661e57d54730c96c2c8366f4e gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 46671144c2165c473c02f9bb7952aa1dba1201aa6e2d605fc0c697d32eaf7a0a
run #0: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_acquire_dquot
run #1: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_acquire_dquot
run #2: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_acquire_dquot
run #3: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_acquire_dquot
run #4: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_acquire_dquot
run #5: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_acquire_dquot
run #6: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_release_dquot
run #7: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_acquire_dquot
run #8: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_acquire_dquot
run #9: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_acquire_dquot
representative crash: BUG: unable to handle kernel NULL pointer dereference in ext4_acquire_dquot, types: [UNKNOWN]
# git bisect good 615aff165bdacd8661e57d54730c96c2c8366f4e
Bisecting: 24 revisions left to test after this (roughly 5 steps)
[de9a3ed42333bef494a4a67b92f03860ee837a62] RISC-V: Fix up a cherry-pick warning in setup_vm_final()

determine whether the revision contains the guilty commit
revision dce3bdaee3f2c48e6306b388bd55ab547fcbce7c crashed and is reachable
testing commit de9a3ed42333bef494a4a67b92f03860ee837a62 gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 71b61413f8ce31c43b23c21bf1266804069f8d24f3e245d8b0f0274685f2ece4
all runs: OK
false negative chance: 0.000
# git bisect bad de9a3ed42333bef494a4a67b92f03860ee837a62
Bisecting: 12 revisions left to test after this (roughly 4 steps)
[6d9a705a653eb146b4991dbd198b258f787c70b1] ext4: avoid a potential slab-out-of-bounds in ext4_group_desc_csum

determine whether the revision contains the guilty commit
revision 2baa45d8f55ec07648baacfa2965353df38a58a6 crashed and is reachable
testing commit 6d9a705a653eb146b4991dbd198b258f787c70b1 gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: e0e64f21e4a90d98f65bca1dc57098940f22bd964f4b7367ae60d9c5efdc0105
all runs: OK
false negative chance: 0.000
# git bisect bad 6d9a705a653eb146b4991dbd198b258f787c70b1
Bisecting: 5 revisions left to test after this (roughly 3 steps)
[a89ff57e4da11ba770c0ecd8a20cdf0c624a8692] ksmbd: fix kernel oops from idr_remove()

determine whether the revision contains the guilty commit
revision d86dfc4d95cd218246b10ca7adf22c8626547599 crashed and is reachable
testing commit a89ff57e4da11ba770c0ecd8a20cdf0c624a8692 gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: a63316681d80dc70a82c3d6b5cb7bb8105e83bd122f16d36787313215ec9ba8e
all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_acquire_dquot
representative crash: BUG: unable to handle kernel NULL pointer dereference in ext4_acquire_dquot, types: [UNKNOWN]
# git bisect good a89ff57e4da11ba770c0ecd8a20cdf0c624a8692
Bisecting: 2 revisions left to test after this (roughly 2 steps)
[ed76d3a8910be06cd4e4ba63bf6075bf903945a1] ksmbd: not allow guest user on multichannel

determine whether the revision contains the guilty commit
revision 615aff165bdacd8661e57d54730c96c2c8366f4e crashed and is reachable
testing commit ed76d3a8910be06cd4e4ba63bf6075bf903945a1 gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 83c605fa75ff0eee8658f09d46be65ba9770f999315e7014ee325f005957de8a
run #0: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_release_dquot
run #1: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_acquire_dquot
run #2: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_acquire_dquot
run #3: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_acquire_dquot
run #4: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_acquire_dquot
run #5: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_release_dquot
run #6: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_acquire_dquot
run #7: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_acquire_dquot
run #8: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_acquire_dquot
run #9: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_release_dquot
representative crash: BUG: unable to handle kernel NULL pointer dereference in ext4_release_dquot, types: [UNKNOWN]
# git bisect good ed76d3a8910be06cd4e4ba63bf6075bf903945a1
Bisecting: 0 revisions left to test after this (roughly 1 step)
[d55e76e11592a1d18a179c7fd34ca1b52632beb3] ext4: fix WARNING in mb_find_extent

determine whether the revision contains the guilty commit
revision ed76d3a8910be06cd4e4ba63bf6075bf903945a1 crashed and is reachable
testing commit d55e76e11592a1d18a179c7fd34ca1b52632beb3 gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 5e788db3310997eb636f4dbb59180d903d7cef329e2df286bd5e85f4bce4d880
all runs: OK
false negative chance: 0.000
# git bisect bad d55e76e11592a1d18a179c7fd34ca1b52632beb3
Bisecting: 0 revisions left to test after this (roughly 0 steps)
[c5c385baee9bdf3218fc3c37f3cbc4b52621aefb] locking/rwsem: Add __always_inline annotation to __down_read_common() and inlined callers

determine whether the revision contains the guilty commit
revision ed76d3a8910be06cd4e4ba63bf6075bf903945a1 crashed and is reachable
testing commit c5c385baee9bdf3218fc3c37f3cbc4b52621aefb gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 503a2ad254d0693fbc39b3e2d38333be6a47effd34e09af8d14188de71a5524e
run #0: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_acquire_dquot
run #1: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_acquire_dquot
run #2: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_acquire_dquot
run #3: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_acquire_dquot
run #4: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_acquire_dquot
run #5: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_release_dquot
run #6: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_acquire_dquot
run #7: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_release_dquot
run #8: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_acquire_dquot
run #9: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_acquire_dquot
representative crash: BUG: unable to handle kernel NULL pointer dereference in ext4_acquire_dquot, types: [UNKNOWN]
# git bisect good c5c385baee9bdf3218fc3c37f3cbc4b52621aefb
d55e76e11592a1d18a179c7fd34ca1b52632beb3 is the first bad commit
commit d55e76e11592a1d18a179c7fd34ca1b52632beb3
Author: Ye Bin <yebin10@huawei.com>
Date:   Mon Jan 16 10:00:15 2023 +0800

    ext4: fix WARNING in mb_find_extent
    
    commit fa08a7b61dff8a4df11ff1e84abfc214b487caf7 upstream.
    
    Syzbot found the following issue:
    
    EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support!
    EXT4-fs (loop0): orphan cleanup on readonly fs
    ------------[ cut here ]------------
    WARNING: CPU: 1 PID: 5067 at fs/ext4/mballoc.c:1869 mb_find_extent+0x8a1/0xe30
    Modules linked in:
    CPU: 1 PID: 5067 Comm: syz-executor307 Not tainted 6.2.0-rc1-syzkaller #0
    Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
    RIP: 0010:mb_find_extent+0x8a1/0xe30 fs/ext4/mballoc.c:1869
    RSP: 0018:ffffc90003c9e098 EFLAGS: 00010293
    RAX: ffffffff82405731 RBX: 0000000000000041 RCX: ffff8880783457c0
    RDX: 0000000000000000 RSI: 0000000000000041 RDI: 0000000000000040
    RBP: 0000000000000040 R08: ffffffff82405723 R09: ffffed10053c9402
    R10: ffffed10053c9402 R11: 1ffff110053c9401 R12: 0000000000000000
    R13: ffffc90003c9e538 R14: dffffc0000000000 R15: ffffc90003c9e2cc
    FS:  0000555556665300(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000
    CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
    CR2: 000056312f6796f8 CR3: 0000000022437000 CR4: 00000000003506e0
    DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
    DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
    Call Trace:
     <TASK>
     ext4_mb_complex_scan_group+0x353/0x1100 fs/ext4/mballoc.c:2307
     ext4_mb_regular_allocator+0x1533/0x3860 fs/ext4/mballoc.c:2735
     ext4_mb_new_blocks+0xddf/0x3db0 fs/ext4/mballoc.c:5605
     ext4_ext_map_blocks+0x1868/0x6880 fs/ext4/extents.c:4286
     ext4_map_blocks+0xa49/0x1cc0 fs/ext4/inode.c:651
     ext4_getblk+0x1b9/0x770 fs/ext4/inode.c:864
     ext4_bread+0x2a/0x170 fs/ext4/inode.c:920
     ext4_quota_write+0x225/0x570 fs/ext4/super.c:7105
     write_blk fs/quota/quota_tree.c:64 [inline]
     get_free_dqblk+0x34a/0x6d0 fs/quota/quota_tree.c:130
     do_insert_tree+0x26b/0x1aa0 fs/quota/quota_tree.c:340
     do_insert_tree+0x722/0x1aa0 fs/quota/quota_tree.c:375
     do_insert_tree+0x722/0x1aa0 fs/quota/quota_tree.c:375
     do_insert_tree+0x722/0x1aa0 fs/quota/quota_tree.c:375
     dq_insert_tree fs/quota/quota_tree.c:401 [inline]
     qtree_write_dquot+0x3b6/0x530 fs/quota/quota_tree.c:420
     v2_write_dquot+0x11b/0x190 fs/quota/quota_v2.c:358
     dquot_acquire+0x348/0x670 fs/quota/dquot.c:444
     ext4_acquire_dquot+0x2dc/0x400 fs/ext4/super.c:6740
     dqget+0x999/0xdc0 fs/quota/dquot.c:914
     __dquot_initialize+0x3d0/0xcf0 fs/quota/dquot.c:1492
     ext4_process_orphan+0x57/0x2d0 fs/ext4/orphan.c:329
     ext4_orphan_cleanup+0xb60/0x1340 fs/ext4/orphan.c:474
     __ext4_fill_super fs/ext4/super.c:5516 [inline]
     ext4_fill_super+0x81cd/0x8700 fs/ext4/super.c:5644
     get_tree_bdev+0x400/0x620 fs/super.c:1282
     vfs_get_tree+0x88/0x270 fs/super.c:1489
     do_new_mount+0x289/0xad0 fs/namespace.c:3145
     do_mount fs/namespace.c:3488 [inline]
     __do_sys_mount fs/namespace.c:3697 [inline]
     __se_sys_mount+0x2d3/0x3c0 fs/namespace.c:3674
     do_syscall_x64 arch/x86/entry/common.c:50 [inline]
     do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80
     entry_SYSCALL_64_after_hwframe+0x63/0xcd
    
    Add some debug information:
    mb_find_extent: mb_find_extent block=41, order=0 needed=64 next=0 ex=0/41/1@3735929054 64 64 7
    block_bitmap: ff 3f 0c 00 fc 01 00 00 d2 3d 00 00 00 00 00 00 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
    
    Acctually, blocks per group is 64, but block bitmap indicate at least has
    128 blocks. Now, ext4_validate_block_bitmap() didn't check invalid block's
    bitmap if set.
    To resolve above issue, add check like fsck "Padding at end of block bitmap is
    not set".
    
    Cc: stable@kernel.org
    Reported-by: syzbot+68223fe9f6c95ad43bed@syzkaller.appspotmail.com
    Signed-off-by: Ye Bin <yebin10@huawei.com>
    Reviewed-by: Jan Kara <jack@suse.cz>
    Link: https://lore.kernel.org/r/20230116020015.1506120-1-yebin@huaweicloud.com
    Signed-off-by: Theodore Ts'o <tytso@mit.edu>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

 fs/ext4/balloc.c | 25 +++++++++++++++++++++++++
 1 file changed, 25 insertions(+)

accumulated error probability: 0.00
culprit signature: 5e788db3310997eb636f4dbb59180d903d7cef329e2df286bd5e85f4bce4d880
parent  signature: 503a2ad254d0693fbc39b3e2d38333be6a47effd34e09af8d14188de71a5524e
revisions tested: 20, total time: 4h22m25.062912991s (build: 54m46.33539678s, test: 2h38m59.559463858s)
first good commit: d55e76e11592a1d18a179c7fd34ca1b52632beb3 ext4: fix WARNING in mb_find_extent
recipients (to): ["gregkh@linuxfoundation.org" "jack@suse.cz" "tytso@mit.edu" "yebin10@huawei.com"]
recipients (cc): []