bisecting fixing commit since a844dc4c544291470aa69edbe2434b040794e269
building syzkaller on 0ae38e44894e5a52fe35a56b1d2ad18477cc6b59
testing commit a844dc4c544291470aa69edbe2434b040794e269 with gcc (GCC) 8.1.0
kernel signature: 00474ce273f96955154f1b703b5ba6857ae6adc2f9bbc07187e1fdb8a0dd2228
run #0: crashed: KASAN: use-after-free Read in ext4_xattr_set_entry
run #1: crashed: KASAN: use-after-free Read in ext4_xattr_set_entry
run #2: crashed: KASAN: use-after-free Read in ext4_xattr_set_entry
run #3: crashed: KASAN: use-after-free Read in ext4_xattr_set_entry
run #4: crashed: KASAN: use-after-free Read in ext4_xattr_set_entry
run #5: crashed: KASAN: use-after-free Read in ext4_xattr_set_entry
run #6: crashed: KASAN: use-after-free Read in ext4_xattr_set_entry
run #7: crashed: KASAN: use-after-free Read in ext4_xattr_set_entry
run #8: crashed: KASAN: use-after-free Read in ext4_xattr_set_entry
run #9: basic kernel testing failed: failed to copy test binary to VM: failed to run ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "-i" "/syzkaller/jobs/linux/workdir/image/key" "/tmp/syz-executor575816051" "root@10.128.10.62:./syz-executor575816051"]: exit status 1
Warning: Permanently added '10.128.10.62' (ECDSA) to the list of known hosts.
scp: ./syz-executor575816051: Structure needs cleaning

testing current HEAD 78d697fc93f98054e36a3ab76dca1a88802ba7be
testing commit 78d697fc93f98054e36a3ab76dca1a88802ba7be with gcc (GCC) 8.1.0
kernel signature: 4f1863a3e989e186f7d9cc80347e7ecbfbce08f5a4ac6fb7caaddb1ddd34e7bc
all runs: OK
# git bisect start 78d697fc93f98054e36a3ab76dca1a88802ba7be a844dc4c544291470aa69edbe2434b040794e269
Bisecting: 881 revisions left to test after this (roughly 10 steps)
[137875d425bb04eb6fbf98f50fdae0a592dee96b] mfd: intel-lpss: Add default I2C device properties for Gemini Lake
testing commit 137875d425bb04eb6fbf98f50fdae0a592dee96b with gcc (GCC) 8.1.0
kernel signature: 91c3b4b86bc1cebfabff5f11f085debf214caf648187de5f93889d95b22a6663
all runs: crashed: KASAN: use-after-free Read in ext4_xattr_set_entry
# git bisect good 137875d425bb04eb6fbf98f50fdae0a592dee96b
Bisecting: 440 revisions left to test after this (roughly 9 steps)
[89f54ffd507359db9aef5e59e32312773fc72747] mac80211: mesh: restrict airtime metric to peered established plinks
testing commit 89f54ffd507359db9aef5e59e32312773fc72747 with gcc (GCC) 8.1.0
kernel signature: d29570ca09521ea7c8992dd2b79b3a6e9ae515a2b8247577ff9a2100e4a0a4bb
all runs: OK
# git bisect bad 89f54ffd507359db9aef5e59e32312773fc72747
Bisecting: 220 revisions left to test after this (roughly 8 steps)
[4f80b033f61bafc56239ae6507d944aa4d13ddd6] inet: frags: call inet_frags_fini() after unregister_pernet_subsys()
testing commit 4f80b033f61bafc56239ae6507d944aa4d13ddd6 with gcc (GCC) 8.1.0
kernel signature: f108a43f5398dc01688126e918ead6fb65736b4021c25f4b06286dc8e54da581
all runs: crashed: KASAN: use-after-free Read in ext4_xattr_set_entry
# git bisect good 4f80b033f61bafc56239ae6507d944aa4d13ddd6
Bisecting: 110 revisions left to test after this (roughly 7 steps)
[8c17dd4b587bed444f1ea58bfc9bd90f44bf9db3] mmc: core: fix wl1251 sdio quirks
testing commit 8c17dd4b587bed444f1ea58bfc9bd90f44bf9db3 with gcc (GCC) 8.1.0
kernel signature: dd91b63f75d504fb1582e4efeb07bd6077c2bf6da33250cb15bcfc6f266358e6
run #0: crashed: KASAN: use-after-free Read in ext4_xattr_set_entry
run #1: crashed: KASAN: use-after-free Read in ext4_xattr_set_entry
run #2: crashed: KASAN: use-after-free Read in ext4_xattr_set_entry
run #3: crashed: KASAN: use-after-free Read in ext4_xattr_set_entry
run #4: crashed: KASAN: use-after-free Read in ext4_xattr_set_entry
run #5: crashed: KASAN: use-after-free Read in ext4_xattr_set_entry
run #6: crashed: KASAN: use-after-free Read in ext4_xattr_set_entry
run #7: crashed: KASAN: use-after-free Read in ext4_xattr_set_entry
run #8: crashed: KASAN: use-after-free Read in ext4_xattr_set_entry
run #9: basic kernel testing failed: failed to copy test binary to VM: failed to run ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "-i" "/syzkaller/jobs/linux/workdir/image/key" "/tmp/syz-executor812730101" "root@10.128.15.195:./syz-executor812730101"]: exit status 1
Warning: Permanently added '10.128.15.195' (ECDSA) to the list of known hosts.
scp: ./syz-executor812730101: Structure needs cleaning

# git bisect good 8c17dd4b587bed444f1ea58bfc9bd90f44bf9db3
Bisecting: 55 revisions left to test after this (roughly 6 steps)
[9fa690a2a016e1b55356835f047b952e67d3d73a] Linux 4.14.169
testing commit 9fa690a2a016e1b55356835f047b952e67d3d73a with gcc (GCC) 8.1.0
kernel signature: 56e4282f3bcb7c52b84446dce80d54a14bfc234348c112a0d72c88a1e422a850
all runs: crashed: KASAN: use-after-free Read in ext4_xattr_set_entry
# git bisect good 9fa690a2a016e1b55356835f047b952e67d3d73a
Bisecting: 27 revisions left to test after this (roughly 5 steps)
[5ed8ea1798f5585f81252fbbf49ddf50029de2a4] PCI: Add DMA alias quirk for Intel VCA NTB
testing commit 5ed8ea1798f5585f81252fbbf49ddf50029de2a4 with gcc (GCC) 8.1.0
kernel signature: 0f0aee2845d77a61e0df1e9ce755fcb7b9e8893458cc7bb4ce8544c01f018fdb
all runs: crashed: KASAN: use-after-free Read in ext4_xattr_set_entry
# git bisect good 5ed8ea1798f5585f81252fbbf49ddf50029de2a4
Bisecting: 13 revisions left to test after this (roughly 4 steps)
[08e4a312439c294b9753166537baf3cc0bd6bb07] ext4: validate the debug_want_extra_isize mount option at parse time
testing commit 08e4a312439c294b9753166537baf3cc0bd6bb07 with gcc (GCC) 8.1.0
kernel signature: 1d86dc5537706e9c23d3bd4fcbd64efbce93dd2c5b4d0f77a9220226a2f038cd
all runs: OK
# git bisect bad 08e4a312439c294b9753166537baf3cc0bd6bb07
Bisecting: 6 revisions left to test after this (roughly 3 steps)
[df57e8ba374ca0e3e6dec6633ce3ed2adfe0d9a8] x86/resctrl: Fix use-after-free due to inaccurate refcount of rdtgroup
testing commit df57e8ba374ca0e3e6dec6633ce3ed2adfe0d9a8 with gcc (GCC) 8.1.0
kernel signature: b9aa1013cbfbb8076097c9fc6a7a378692476eba735dfe579576f35550cafb9a
all runs: crashed: KASAN: use-after-free Read in ext4_xattr_set_entry
# git bisect good df57e8ba374ca0e3e6dec6633ce3ed2adfe0d9a8
Bisecting: 3 revisions left to test after this (roughly 2 steps)
[806dbe2dfa4855c97ec1da876fbd2fdfb61426f5] perf c2c: Fix return type for histogram sorting comparision functions
testing commit 806dbe2dfa4855c97ec1da876fbd2fdfb61426f5 with gcc (GCC) 8.1.0
kernel signature: 717dbd2696684dc311abbcf23b059bb35e38163eff7e68d4e4eb43331f560ce0
all runs: crashed: KASAN: use-after-free Read in ext4_xattr_set_entry
# git bisect good 806dbe2dfa4855c97ec1da876fbd2fdfb61426f5
Bisecting: 1 revision left to test after this (roughly 1 step)
[44d8703769f363593b41d51aeaac6ddeee8bc7da] tools lib: Fix builds when glibc contains strlcpy()
testing commit 44d8703769f363593b41d51aeaac6ddeee8bc7da with gcc (GCC) 8.1.0
kernel signature: e13ff91e2f9351dfbba7d26a1c6dc42dafa3f1512438c660871ff4b56bc6f1b5
run #0: crashed: KASAN: use-after-free Read in ext4_xattr_set_entry
run #1: crashed: KASAN: use-after-free Read in ext4_xattr_set_entry
run #2: crashed: KASAN: use-after-free Read in ext4_xattr_set_entry
run #3: crashed: KASAN: use-after-free Read in ext4_xattr_set_entry
run #4: crashed: KASAN: use-after-free Read in ext4_xattr_set_entry
run #5: crashed: KASAN: use-after-free Read in ext4_xattr_set_entry
run #6: crashed: KASAN: use-after-free Read in ext4_xattr_set_entry
run #7: crashed: KASAN: use-after-free Read in __xattr_check_inode
run #8: crashed: KASAN: use-after-free Read in ext4_xattr_set_entry
run #9: crashed: KASAN: use-after-free Read in ext4_xattr_set_entry
# git bisect good 44d8703769f363593b41d51aeaac6ddeee8bc7da
Bisecting: 0 revisions left to test after this (roughly 0 steps)
[64700ad97eab8b533afd5dbfff22266b68900e35] arm64: kbuild: remove compressed images on 'make ARCH=arm64 (dist)clean'
testing commit 64700ad97eab8b533afd5dbfff22266b68900e35 with gcc (GCC) 8.1.0
kernel signature: bdfcf75fe1aec3dac77822c80e72995532302f73eb9d1abd2ce6e1c62bea4467
run #0: crashed: KASAN: use-after-free Read in ext4_xattr_set_entry
run #1: crashed: KASAN: use-after-free Read in ext4_xattr_set_entry
run #2: crashed: KASAN: use-after-free Read in ext4_xattr_set_entry
run #3: crashed: KASAN: use-after-free Read in ext4_xattr_set_entry
run #4: crashed: KASAN: use-after-free Read in ext4_xattr_set_entry
run #5: crashed: KASAN: use-after-free Read in ext4_xattr_set_entry
run #6: crashed: KASAN: use-after-free Read in ext4_xattr_set_entry
run #7: crashed: KASAN: use-after-free Read in ext4_xattr_set_entry
run #8: crashed: KASAN: use-after-free Read in ext4_xattr_set_entry
run #9: basic kernel testing failed: failed to copy test binary to VM: failed to run ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "-i" "/syzkaller/jobs/linux/workdir/image/key" "/tmp/syz-executor596377343" "root@10.128.1.48:./syz-executor596377343"]: exit status 1
Warning: Permanently added '10.128.1.48' (ECDSA) to the list of known hosts.
scp: ./syz-executor596377343: Structure needs cleaning

# git bisect good 64700ad97eab8b533afd5dbfff22266b68900e35
08e4a312439c294b9753166537baf3cc0bd6bb07 is the first bad commit
commit 08e4a312439c294b9753166537baf3cc0bd6bb07
Author: Theodore Ts'o <tytso@mit.edu>
Date:   Sun Dec 15 01:09:03 2019 -0500

    ext4: validate the debug_want_extra_isize mount option at parse time
    
    commit 9803387c55f7d2ce69aa64340c5fdc6b3027dbc8 upstream.
    
    Instead of setting s_want_extra_size and then making sure that it is a
    valid value afterwards, validate the field before we set it.  This
    avoids races and other problems when remounting the file system.
    
    Link: https://lore.kernel.org/r/20191215063020.GA11512@mit.edu
    Cc: stable@kernel.org
    Signed-off-by: Theodore Ts'o <tytso@mit.edu>
    Reported-and-tested-by: syzbot+4a39a025912b265cacef@syzkaller.appspotmail.com
    Signed-off-by: Zubin Mithra <zsm@chromium.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

 fs/ext4/super.c | 127 +++++++++++++++++++++++++++++---------------------------
 1 file changed, 66 insertions(+), 61 deletions(-)
culprit signature: 1d86dc5537706e9c23d3bd4fcbd64efbce93dd2c5b4d0f77a9220226a2f038cd
parent  signature: bdfcf75fe1aec3dac77822c80e72995532302f73eb9d1abd2ce6e1c62bea4467
revisions tested: 13, total time: 3h26m53.553159874s (build: 1h58m36.277646151s, test: 1h26m34.3276262s)
first good commit: 08e4a312439c294b9753166537baf3cc0bd6bb07 ext4: validate the debug_want_extra_isize mount option at parse time
cc: ["gregkh@linuxfoundation.org" "syzbot+4a39a025912b265cacef@syzkaller.appspotmail.com" "tytso@mit.edu" "zsm@chromium.org"]