ci2 starts bisection 2023-06-06 09:57:07.882998136 +0000 UTC m=+392851.529905800 bisecting fixing commit since f48aeeaaa64c628519273f6007a745cf55b68d95 building syzkaller on 62df2017e3b1edd786a4c737bd4ccba2b4581d88 ensuring issue is reproducible on original commit f48aeeaaa64c628519273f6007a745cf55b68d95 testing commit f48aeeaaa64c628519273f6007a745cf55b68d95 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 017f5febc402d10cabd5449365bbce23ae764f4f2aae94afd90ccd7a254a00a6 all runs: crashed: kernel BUG in end_page_writeback testing current HEAD d7af3e5ba454d007b4939f858739cf1cecdeab46 testing commit d7af3e5ba454d007b4939f858739cf1cecdeab46 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: e332a55b4efe5e081c68703f7250b6c563230834bd06cf6a5a8b3b76ded506a2 all runs: OK # git bisect start d7af3e5ba454d007b4939f858739cf1cecdeab46 f48aeeaaa64c628519273f6007a745cf55b68d95 Bisecting: 414 revisions left to test after this (roughly 9 steps) [d0ebe36065a884bbf80967e269fab06c5de99637] r8152: fix flow control issue of RTL8156A testing commit d0ebe36065a884bbf80967e269fab06c5de99637 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: f1eda9ab0abc65f215df4fb1ee22442eb53df8e0c18590976487d6452c2eb20a all runs: OK # git bisect bad d0ebe36065a884bbf80967e269fab06c5de99637 Bisecting: 207 revisions left to test after this (roughly 8 steps) [c7e98afecab2d9b3d8b8f3c5ba6353fe763e3ab8] nvmet: fix error handling in nvmet_execute_identify_cns_cs_ns() testing commit c7e98afecab2d9b3d8b8f3c5ba6353fe763e3ab8 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 6a49907b8751e562eb570ca5bb4a7811297f69a8eca659d2169f6e414670ff1c all runs: OK # git bisect bad c7e98afecab2d9b3d8b8f3c5ba6353fe763e3ab8 Bisecting: 103 revisions left to test after this (roughly 7 steps) [aefde9ada4667a641973f5517f5c2dce6ae718fb] ARM64: dts: Add DTS files for bcmbca SoC BCM6858 testing commit aefde9ada4667a641973f5517f5c2dce6ae718fb gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: ec291dbb17064292ce776dbf43c23f62e8f6d7ccd217f50ac905988d7a3481af all runs: crashed: kernel BUG in end_page_writeback # git bisect good aefde9ada4667a641973f5517f5c2dce6ae718fb Bisecting: 51 revisions left to test after this (roughly 6 steps) [b8c2678d0fe7cd283d0fd46da46a91d11f68c51d] media: venus: dec: Fix handling of the start cmd testing commit b8c2678d0fe7cd283d0fd46da46a91d11f68c51d gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: c1a87fdbed5fd5fc01d105a1a0b2da2b22f7a6d7699bbf6dd638776c487c5c4a all runs: crashed: kernel BUG in end_page_writeback # git bisect good b8c2678d0fe7cd283d0fd46da46a91d11f68c51d Bisecting: 25 revisions left to test after this (roughly 5 steps) [ad4a647aa58753433e34de8eb8f737aed1f804ce] net/packet: convert po->auxdata to an atomic flag testing commit ad4a647aa58753433e34de8eb8f737aed1f804ce gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: bba7be2a9746787cb1a4ea685a33fff0905c0e7a3cb3aa468105ff1e76ba21d8 all runs: crashed: kernel BUG in end_page_writeback # git bisect good ad4a647aa58753433e34de8eb8f737aed1f804ce Bisecting: 12 revisions left to test after this (roughly 4 steps) [c4afd6410f3c1e9ecd58f38cee612b74e5483014] net: qrtr: correct types of trace event parameters testing commit c4afd6410f3c1e9ecd58f38cee612b74e5483014 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: a1559c7b4417f28e514aa69ae90c4c6b06a005fbfa047c01438645687a6a665c all runs: crashed: kernel BUG in end_page_writeback # git bisect good c4afd6410f3c1e9ecd58f38cee612b74e5483014 Bisecting: 6 revisions left to test after this (roughly 3 steps) [119f278ea9c15e5dec9858faf16b0c1da9737088] xsk: Fix unaligned descriptor validation testing commit 119f278ea9c15e5dec9858faf16b0c1da9737088 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 5855b62be6bd10ae227fb804fe35263daa57dc69343ca58c0c24da5de7c3063e all runs: crashed: kernel BUG in end_page_writeback # git bisect good 119f278ea9c15e5dec9858faf16b0c1da9737088 Bisecting: 3 revisions left to test after this (roughly 2 steps) [c8a67bc85772b183b81d06551029835282dc949d] net: ethernet: stmmac: dwmac-rk: fix optional phy regulator handling testing commit c8a67bc85772b183b81d06551029835282dc949d gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: a03c3f74849c91e4f2105a9115f9fc8bf850a0d03bc00349d163b4c160504741 all runs: OK # git bisect bad c8a67bc85772b183b81d06551029835282dc949d Bisecting: 0 revisions left to test after this (roughly 1 step) [fd8c83d8375b9dac1949f2753485a5c055ebfad0] scsi: lpfc: Fix ioremap issues in lpfc_sli4_pci_mem_setup() testing commit fd8c83d8375b9dac1949f2753485a5c055ebfad0 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: a03c3f74849c91e4f2105a9115f9fc8bf850a0d03bc00349d163b4c160504741 all runs: OK # git bisect bad fd8c83d8375b9dac1949f2753485a5c055ebfad0 Bisecting: 0 revisions left to test after this (roughly 0 steps) [9a7f63283af6befc0f91d549f4f6917dff7479a9] f2fs: fix to avoid use-after-free for cached IPU bio testing commit 9a7f63283af6befc0f91d549f4f6917dff7479a9 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: a03c3f74849c91e4f2105a9115f9fc8bf850a0d03bc00349d163b4c160504741 all runs: OK # git bisect bad 9a7f63283af6befc0f91d549f4f6917dff7479a9 9a7f63283af6befc0f91d549f4f6917dff7479a9 is the first bad commit commit 9a7f63283af6befc0f91d549f4f6917dff7479a9 Author: Chao Yu Date: Mon Apr 10 10:14:02 2023 +0800 f2fs: fix to avoid use-after-free for cached IPU bio [ Upstream commit 5cdb422c839134273866208dad5360835ddb9794 ] xfstest generic/019 reports a bug: kernel BUG at mm/filemap.c:1619! RIP: 0010:folio_end_writeback+0x8a/0x90 Call Trace: end_page_writeback+0x1c/0x60 f2fs_write_end_io+0x199/0x420 bio_endio+0x104/0x180 submit_bio_noacct+0xa5/0x510 submit_bio+0x48/0x80 f2fs_submit_write_bio+0x35/0x300 f2fs_submit_merged_ipu_write+0x2a0/0x2b0 f2fs_write_single_data_page+0x838/0x8b0 f2fs_write_cache_pages+0x379/0xa30 f2fs_write_data_pages+0x30c/0x340 do_writepages+0xd8/0x1b0 __writeback_single_inode+0x44/0x370 writeback_sb_inodes+0x233/0x4d0 __writeback_inodes_wb+0x56/0xf0 wb_writeback+0x1dd/0x2d0 wb_workfn+0x367/0x4a0 process_one_work+0x21d/0x430 worker_thread+0x4e/0x3c0 kthread+0x103/0x130 ret_from_fork+0x2c/0x50 The root cause is: after cp_error is set, f2fs_submit_merged_ipu_write() in f2fs_write_single_data_page() tries to flush IPU bio in cache, however f2fs_submit_merged_ipu_write() missed to check validity of @bio parameter, result in submitting random cached bio which belong to other IO context, then it will cause use-after-free issue, fix it by adding additional validity check. Fixes: 0b20fcec8651 ("f2fs: cache global IPU bio") Signed-off-by: Chao Yu Signed-off-by: Jaegeuk Kim Signed-off-by: Sasha Levin fs/f2fs/data.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) culprit signature: a03c3f74849c91e4f2105a9115f9fc8bf850a0d03bc00349d163b4c160504741 parent signature: 5855b62be6bd10ae227fb804fe35263daa57dc69343ca58c0c24da5de7c3063e revisions tested: 12, total time: 4h5m53.527148371s (build: 2h35m59.890456406s, test: 1h28m40.788329159s) first good commit: 9a7f63283af6befc0f91d549f4f6917dff7479a9 f2fs: fix to avoid use-after-free for cached IPU bio recipients (to): ["chao@kernel.org" "jaegeuk@kernel.org" "sashal@kernel.org"] recipients (cc): []