ci2 starts bisection 2023-07-07 10:33:49.237706995 +0000 UTC m=+32745.099574281
bisecting fixing commit since 1fe619a7d25218e9b9fdcce9fcac6a05cd62abed
building syzkaller on cf1845599c0bdab59c69518eaa0ecb960ec7ddf0
ensuring issue is reproducible on original commit 1fe619a7d25218e9b9fdcce9fcac6a05cd62abed

testing commit 1fe619a7d25218e9b9fdcce9fcac6a05cd62abed gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: e461f37bca428c5d14e9cedbf7c0e2050e8eddc06759c1ecc11ab8a864063323
all runs: crashed: general protection fault in gfs2_evict_inode
representative crash: general protection fault in gfs2_evict_inode, types: [UNKNOWN]
check whether we can drop unnecessary instrumentation
disabling configs for [KASAN LOCKDEP ATOMIC_SLEEP HANG LEAK UBSAN BUG], they are not needed
testing commit 1fe619a7d25218e9b9fdcce9fcac6a05cd62abed gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 5f78ddb1322c6baddd53ef1263538ce2b98930f92bed99858d6e32a1b2b37e9a
all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in gfs2_evict_inode
representative crash: BUG: unable to handle kernel NULL pointer dereference in gfs2_evict_inode, types: [UNKNOWN]
the bug reproduces without the instrumentation
disabling configs for [LOCKDEP ATOMIC_SLEEP HANG LEAK UBSAN BUG KASAN], they are not needed
testing current HEAD d54cfc420586425d418a53871290cc4a59d33501
testing commit d54cfc420586425d418a53871290cc4a59d33501 gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: a8b8821eabbbd792d1d42c512b6843934b402308de3088fd2682d3942aae4a46
all runs: OK
# git bisect start d54cfc420586425d418a53871290cc4a59d33501 1fe619a7d25218e9b9fdcce9fcac6a05cd62abed
Bisecting: 290 revisions left to test after this (roughly 8 steps)
[53c056ccda02b8427b3a2214dec7d97f5fad4826] Bluetooth: Fix l2cap_disconnect_req deadlock

testing commit 53c056ccda02b8427b3a2214dec7d97f5fad4826 gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: c394836a1b0900f740040f2dd95f0ba3972bb36a54e6af784998bcd9b7ec835f
all runs: OK
# git bisect bad 53c056ccda02b8427b3a2214dec7d97f5fad4826
Bisecting: 144 revisions left to test after this (roughly 7 steps)
[8ac106aade8f496713e760550f0bdcaa18bc6f9a] rtnetlink: call validate_linkmsg in rtnl_create_link

testing commit 8ac106aade8f496713e760550f0bdcaa18bc6f9a gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 41165a8ffae654a81eea7d016218f53139df45619d6e32fe9b80d3fabbd7205e
all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in gfs2_evict_inode
representative crash: BUG: unable to handle kernel NULL pointer dereference in gfs2_evict_inode, types: [UNKNOWN]
# git bisect good 8ac106aade8f496713e760550f0bdcaa18bc6f9a
Bisecting: 72 revisions left to test after this (roughly 6 steps)
[d3103fc0d1914ae21d717720a5c2131be4b42b24] md/raid5: fix miscalculation of 'end_sector' in raid5_read_one_chunk()

testing commit d3103fc0d1914ae21d717720a5c2131be4b42b24 gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 9bfde047b6eb03b83dc1a36f1012d33520a7963701dea8b6f54ac98657f72bf5
all runs: OK
# git bisect bad d3103fc0d1914ae21d717720a5c2131be4b42b24
Bisecting: 35 revisions left to test after this (roughly 5 steps)
[a47a3f7a9bf6a350d41f06c232d7c3468bce1b9a] media: dvb-core: Fix use-after-free due to race at dvb_register_device()

testing commit a47a3f7a9bf6a350d41f06c232d7c3468bce1b9a gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: c94513f645b9dce1542f0a42c6f881758597a887cdd84a028f1b614e572e2060
all runs: OK
# git bisect bad a47a3f7a9bf6a350d41f06c232d7c3468bce1b9a
Bisecting: 17 revisions left to test after this (roughly 4 steps)
[84dfd8bee506e0d8c959594d6309792ffd05d550] nvme-pci: add quirk for missing secondary temperature thresholds

testing commit 84dfd8bee506e0d8c959594d6309792ffd05d550 gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 00d16972d6504b083cad274838d3362c587551b66f67b11d5a92b8778399c4b7
all runs: OK
# git bisect bad 84dfd8bee506e0d8c959594d6309792ffd05d550
Bisecting: 8 revisions left to test after this (roughly 3 steps)
[736626df53e9eaf1b5127e26bebd213b541719ef] media: rcar-vin: Select correct interrupt mode for V4L2_FIELD_ALTERNATE

testing commit 736626df53e9eaf1b5127e26bebd213b541719ef gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: a916cbee0d8db130eb4be852415402d1eed2074a0230e517edd5769adad01578
all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in gfs2_evict_inode
representative crash: BUG: unable to handle kernel NULL pointer dereference in gfs2_evict_inode, types: [UNKNOWN]
# git bisect good 736626df53e9eaf1b5127e26bebd213b541719ef
Bisecting: 4 revisions left to test after this (roughly 2 steps)
[b3c785428797410e51fa62a773f0bba3da6f11ff] fbdev: modedb: Add 1920x1080 at 60 Hz video mode

testing commit b3c785428797410e51fa62a773f0bba3da6f11ff gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: c001a5512b2033eaa5e613173d53ba931e65bc9af1fd52c651d30aa0cc44a704
all runs: OK
# git bisect bad b3c785428797410e51fa62a773f0bba3da6f11ff
Bisecting: 1 revision left to test after this (roughly 1 step)
[fd8b4e28f400a067e6ef84569816967be1f0642b] gfs2: Don't deref jdesc in evict

testing commit fd8b4e28f400a067e6ef84569816967be1f0642b gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: d568681364b13dc5d6121ef452609f04404a61f633df7fd74325633d4a694fcf
all runs: OK
# git bisect bad fd8b4e28f400a067e6ef84569816967be1f0642b
Bisecting: 0 revisions left to test after this (roughly 0 steps)
[a00cc8562835782fa584d76881dbacdc4a50ace4] platform/x86: intel_scu_pcidrv: Add back PCI ID for Medfield

testing commit a00cc8562835782fa584d76881dbacdc4a50ace4 gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: a916cbee0d8db130eb4be852415402d1eed2074a0230e517edd5769adad01578
all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in gfs2_evict_inode
representative crash: BUG: unable to handle kernel NULL pointer dereference in gfs2_evict_inode, types: [UNKNOWN]
# git bisect good a00cc8562835782fa584d76881dbacdc4a50ace4
fd8b4e28f400a067e6ef84569816967be1f0642b is the first bad commit
commit fd8b4e28f400a067e6ef84569816967be1f0642b
Author: Bob Peterson <rpeterso@redhat.com>
Date:   Fri Apr 28 12:07:46 2023 -0400

    gfs2: Don't deref jdesc in evict
    
    [ Upstream commit 504a10d9e46bc37b23d0a1ae2f28973c8516e636 ]
    
    On corrupt gfs2 file systems the evict code can try to reference the
    journal descriptor structure, jdesc, after it has been freed and set to
    NULL. The sequence of events is:
    
    init_journal()
    ...
    fail_jindex:
       gfs2_jindex_free(sdp); <------frees journals, sets jdesc = NULL
          if (gfs2_holder_initialized(&ji_gh))
             gfs2_glock_dq_uninit(&ji_gh);
    fail:
       iput(sdp->sd_jindex); <--references jdesc in evict_linked_inode
          evict()
             gfs2_evict_inode()
                evict_linked_inode()
                   ret = gfs2_trans_begin(sdp, 0, sdp->sd_jdesc->jd_blocks);
    <------references the now freed/zeroed sd_jdesc pointer.
    
    The call to gfs2_trans_begin is done because the truncate_inode_pages
    call can cause gfs2 events that require a transaction, such as removing
    journaled data (jdata) blocks from the journal.
    
    This patch fixes the problem by adding a check for sdp->sd_jdesc to
    function gfs2_evict_inode. In theory, this should only happen to corrupt
    gfs2 file systems, when gfs2 detects the problem, reports it, then tries
    to evict all the system inodes it has read in up to that point.
    
    Reported-by: Yang Lan <lanyang0908@gmail.com>
    Signed-off-by: Bob Peterson <rpeterso@redhat.com>
    Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com>
    Signed-off-by: Sasha Levin <sashal@kernel.org>

 fs/gfs2/super.c | 8 ++++++++
 1 file changed, 8 insertions(+)

culprit signature: d568681364b13dc5d6121ef452609f04404a61f633df7fd74325633d4a694fcf
parent  signature: a916cbee0d8db130eb4be852415402d1eed2074a0230e517edd5769adad01578
revisions tested: 12, total time: 5h27m41.418901117s (build: 3h54m29.252137602s, test: 1h15m43.083774795s)
first good commit: fd8b4e28f400a067e6ef84569816967be1f0642b gfs2: Don't deref jdesc in evict
recipients (to): ["agruenba@redhat.com" "rpeterso@redhat.com" "sashal@kernel.org"]
recipients (cc): []