bisecting fixing commit since 312017a460d5ea31d646e7148e400e13db799ddc building syzkaller on 2a752b7c5e39457c3c16ef91cf2192a42813c802 testing commit 312017a460d5ea31d646e7148e400e13db799ddc with gcc (GCC) 8.1.0 kernel signature: 1e84204f4bb5933821242d541c23535db537598751def9ad366e5388fdbe423e run #0: crashed: KASAN: use-after-free Read in ext4_xattr_set_entry run #1: crashed: KASAN: use-after-free Read in ext4_xattr_set_entry run #2: crashed: KASAN: use-after-free Read in ext4_xattr_set_entry run #3: crashed: KASAN: use-after-free Read in __xattr_check_inode run #4: crashed: KASAN: use-after-free Read in ext4_xattr_set_entry run #5: crashed: KASAN: use-after-free Read in ext4_xattr_set_entry run #6: crashed: KASAN: use-after-free Read in ext4_xattr_set_entry run #7: crashed: KASAN: use-after-free Read in ext4_xattr_set_entry run #8: crashed: KASAN: use-after-free Read in ext4_xattr_set_entry run #9: crashed: KASAN: use-after-free Read in ext4_xattr_set_entry testing current HEAD 54b4fa6d39551639cb10664f6ac78b01993a1d7e testing commit 54b4fa6d39551639cb10664f6ac78b01993a1d7e with gcc (GCC) 8.1.0 kernel signature: 1f04492ad3aa82a4247ae54c70659b24d132707a362e6f4ff9c5e8a021e72769 all runs: OK # git bisect start 54b4fa6d39551639cb10664f6ac78b01993a1d7e 312017a460d5ea31d646e7148e400e13db799ddc Bisecting: 1387 revisions left to test after this (roughly 11 steps) [91ae7928fb1f4415623d9fad0833989c4569f418] serial: stm32: fix a recursive locking in stm32_config_rs485 testing commit 91ae7928fb1f4415623d9fad0833989c4569f418 with gcc (GCC) 8.1.0 kernel signature: 2533f18b90763d8b6b1aac25aea95b451486a8badd23e8e88b1d88bb1c38c759 run #0: crashed: KASAN: use-after-free Read in ext4_xattr_set_entry run #1: crashed: KASAN: use-after-free Read in ext4_xattr_set_entry run #2: crashed: KASAN: use-after-free Read in __xattr_check_inode run #3: crashed: KASAN: use-after-free Read in ext4_xattr_set_entry run #4: crashed: KASAN: out-of-bounds Read in __xattr_check_inode run #5: crashed: KASAN: use-after-free Read in ext4_xattr_set_entry run #6: crashed: KASAN: use-after-free Read in ext4_xattr_set_entry run #7: crashed: KASAN: use-after-free Read in ext4_xattr_set_entry run #8: crashed: KASAN: use-after-free Read in ext4_xattr_set_entry run #9: crashed: KASAN: use-after-free Read in ext4_xattr_set_entry # git bisect good 91ae7928fb1f4415623d9fad0833989c4569f418 Bisecting: 693 revisions left to test after this (roughly 10 steps) [9b15f7fae677336e04b9e026ff91854e43165455] Linux 4.19.104 testing commit 9b15f7fae677336e04b9e026ff91854e43165455 with gcc (GCC) 8.1.0 kernel signature: 325ff5db8261f8072cf2d7489f2747d1cfaa0deff1b9d5fa76ac893dac16e527 all runs: OK # git bisect bad 9b15f7fae677336e04b9e026ff91854e43165455 Bisecting: 346 revisions left to test after this (roughly 9 steps) [e0fcfcda809cb3b52e59cfb28d72d95bc93436b0] phy: cpcap-usb: Prevent USB line glitches from waking up modem testing commit e0fcfcda809cb3b52e59cfb28d72d95bc93436b0 with gcc (GCC) 8.1.0 kernel signature: 8cc844c3606b528509a9497df8de26e16fb2148e289977d3c6d5620cbda3a466 run #0: crashed: KASAN: use-after-free Read in ext4_xattr_set_entry run #1: crashed: KASAN: use-after-free Read in ext4_xattr_set_entry run #2: crashed: KASAN: use-after-free Read in ext4_xattr_set_entry run #3: crashed: KASAN: use-after-free Read in ext4_xattr_set_entry run #4: crashed: KASAN: use-after-free Read in __xattr_check_inode run #5: crashed: KASAN: use-after-free Read in ext4_xattr_set_entry run #6: crashed: KASAN: use-after-free Read in ext4_xattr_set_entry run #7: crashed: KASAN: use-after-free Read in ext4_xattr_set_entry run #8: crashed: KASAN: use-after-free Read in ext4_xattr_set_entry run #9: crashed: KASAN: use-after-free Read in ext4_xattr_set_entry # git bisect good e0fcfcda809cb3b52e59cfb28d72d95bc93436b0 Bisecting: 173 revisions left to test after this (roughly 8 steps) [41b1306c006be8af0ba9ed148c62058ca2909597] scripts/find-unused-docs: Fix massive false positives testing commit 41b1306c006be8af0ba9ed148c62058ca2909597 with gcc (GCC) 8.1.0 kernel signature: 9b08506f227a91c7314410c7591daa77425a4e867552d95c3d9483bb0cd7e48d all runs: OK # git bisect bad 41b1306c006be8af0ba9ed148c62058ca2909597 Bisecting: 86 revisions left to test after this (roughly 7 steps) [7c5d75c9e05cc32e1ef7551711b52828011eb9ac] qlcnic: Fix CPU soft lockup while collecting firmware dump testing commit 7c5d75c9e05cc32e1ef7551711b52828011eb9ac with gcc (GCC) 8.1.0 kernel signature: 764064c04babec21677cb9566c518f92e6bddb523fb647a66f028b04ada8490c all runs: OK # git bisect bad 7c5d75c9e05cc32e1ef7551711b52828011eb9ac Bisecting: 42 revisions left to test after this (roughly 6 steps) [ddba92fa8338d3ee081d9be7702c287a8daf9111] media: dvb-usb/dvb-usb-urb.c: initialize actlen to 0 testing commit ddba92fa8338d3ee081d9be7702c287a8daf9111 with gcc (GCC) 8.1.0 kernel signature: 2748c31cac29f13c488698a8ea73a1872f683e9542d8c85256cf577f57948a46 all runs: OK # git bisect bad ddba92fa8338d3ee081d9be7702c287a8daf9111 Bisecting: 21 revisions left to test after this (roughly 5 steps) [b0be61a5a59e295dc0804afd13e51ae9aa846b69] block: cleanup __blkdev_issue_discard() testing commit b0be61a5a59e295dc0804afd13e51ae9aa846b69 with gcc (GCC) 8.1.0 kernel signature: 9debcac4696c1bf41f27d1a42488ead0baf9b1453551c261a49596d36851dc0f run #0: crashed: KASAN: use-after-free Read in __xattr_check_inode run #1: crashed: KASAN: use-after-free Read in ext4_xattr_set_entry run #2: crashed: KASAN: use-after-free Read in ext4_xattr_set_entry run #3: OK run #4: crashed: KASAN: use-after-free Read in ext4_xattr_set_entry run #5: crashed: KASAN: out-of-bounds Read in ext4_xattr_set_entry run #6: crashed: KASAN: use-after-free Read in ext4_xattr_set_entry run #7: crashed: KASAN: use-after-free Read in ext4_xattr_set_entry run #8: crashed: KASAN: use-after-free Read in ext4_xattr_set_entry run #9: crashed: KASAN: use-after-free Read in ext4_xattr_set_entry # git bisect good b0be61a5a59e295dc0804afd13e51ae9aa846b69 Bisecting: 10 revisions left to test after this (roughly 4 steps) [e292b266359d4ddb8d6aab91a33fe206b76bf22c] perf c2c: Fix return type for histogram sorting comparision functions testing commit e292b266359d4ddb8d6aab91a33fe206b76bf22c with gcc (GCC) 8.1.0 kernel signature: 4d2748ac92de25ec090e0f8ddf8e861bfb3ad795f2e71c8c37e6d1b5eeccab2f run #0: crashed: KASAN: use-after-free Read in ext4_xattr_set_entry run #1: crashed: KASAN: use-after-free Read in ext4_xattr_set_entry run #2: crashed: KASAN: use-after-free Read in ext4_xattr_set_entry run #3: crashed: KASAN: use-after-free Read in ext4_xattr_set_entry run #4: crashed: KASAN: use-after-free Read in ext4_xattr_set_entry run #5: crashed: KASAN: use-after-free Read in ext4_xattr_set_entry run #6: crashed: KASAN: use-after-free Read in ext4_xattr_set_entry run #7: crashed: KASAN: use-after-free Read in ext4_xattr_set_entry run #8: crashed: KASAN: use-after-free Read in ext4_xattr_set_entry run #9: OK # git bisect good e292b266359d4ddb8d6aab91a33fe206b76bf22c Bisecting: 5 revisions left to test after this (roughly 3 steps) [732ecd4aad51d336b49b9be431219d173ac826c8] mm/mempolicy.c: fix out of bounds write in mpol_parse_str() testing commit 732ecd4aad51d336b49b9be431219d173ac826c8 with gcc (GCC) 8.1.0 kernel signature: 7e3015762ef8bf5c613cef30d3cb5c47777d442a7fa6e068e03801cd13dc070b all runs: OK # git bisect bad 732ecd4aad51d336b49b9be431219d173ac826c8 Bisecting: 2 revisions left to test after this (roughly 1 step) [6d6c4c1bb569edc88624d8f6894928064363d9d5] tools lib: Fix builds when glibc contains strlcpy() testing commit 6d6c4c1bb569edc88624d8f6894928064363d9d5 with gcc (GCC) 8.1.0 kernel signature: 092f2cb5297e4727056d14c909e7be65573aa7709602071e02f3b10e60ceb551 run #0: crashed: KASAN: use-after-free Read in ext4_xattr_set_entry run #1: crashed: KASAN: use-after-free Read in __xattr_check_inode run #2: crashed: KASAN: use-after-free Read in ext4_xattr_set_entry run #3: crashed: KASAN: use-after-free Read in ext4_xattr_set_entry run #4: crashed: KASAN: use-after-free Read in ext4_xattr_set_entry run #5: crashed: KASAN: use-after-free Read in ext4_xattr_set_entry run #6: crashed: KASAN: use-after-free Read in ext4_xattr_set_entry run #7: crashed: KASAN: use-after-free Read in ext4_xattr_set_entry run #8: crashed: KASAN: use-after-free Read in ext4_xattr_set_entry run #9: crashed: KASAN: use-after-free Read in ext4_xattr_set_entry # git bisect good 6d6c4c1bb569edc88624d8f6894928064363d9d5 Bisecting: 0 revisions left to test after this (roughly 1 step) [cb1702c403ad392a9ae6e090702a17cca98a38ca] ext4: validate the debug_want_extra_isize mount option at parse time testing commit cb1702c403ad392a9ae6e090702a17cca98a38ca with gcc (GCC) 8.1.0 kernel signature: 98f383d103cd88d8e7d883dcfbea63a6d801532c6b0daabd40bd06243b87f610 all runs: OK # git bisect bad cb1702c403ad392a9ae6e090702a17cca98a38ca Bisecting: 0 revisions left to test after this (roughly 0 steps) [1f3b1614c274d9f436d831ea9eefd1f64d9ab82a] arm64: kbuild: remove compressed images on 'make ARCH=arm64 (dist)clean' testing commit 1f3b1614c274d9f436d831ea9eefd1f64d9ab82a with gcc (GCC) 8.1.0 kernel signature: e13febf59f0b80a3a80eccebd771fc1c5bd883d13ce40661d8eabb5a006050a2 run #0: crashed: KASAN: use-after-free Read in __xattr_check_inode run #1: crashed: KASAN: use-after-free Read in ext4_xattr_set_entry run #2: crashed: KASAN: use-after-free Read in ext4_xattr_set_entry run #3: crashed: KASAN: use-after-free Read in ext4_xattr_set_entry run #4: crashed: KASAN: use-after-free Read in __xattr_check_inode run #5: crashed: KASAN: use-after-free Read in ext4_xattr_set_entry run #6: crashed: KASAN: use-after-free Read in ext4_xattr_set_entry run #7: crashed: KASAN: use-after-free Read in ext4_xattr_set_entry run #8: OK run #9: OK # git bisect good 1f3b1614c274d9f436d831ea9eefd1f64d9ab82a cb1702c403ad392a9ae6e090702a17cca98a38ca is the first bad commit commit cb1702c403ad392a9ae6e090702a17cca98a38ca Author: Theodore Ts'o Date: Sun Dec 15 01:09:03 2019 -0500 ext4: validate the debug_want_extra_isize mount option at parse time commit 9803387c55f7d2ce69aa64340c5fdc6b3027dbc8 upstream. Instead of setting s_want_extra_size and then making sure that it is a valid value afterwards, validate the field before we set it. This avoids races and other problems when remounting the file system. Link: https://lore.kernel.org/r/20191215063020.GA11512@mit.edu Cc: stable@kernel.org Signed-off-by: Theodore Ts'o Reported-and-tested-by: syzbot+4a39a025912b265cacef@syzkaller.appspotmail.com Signed-off-by: Zubin Mithra Signed-off-by: Greg Kroah-Hartman fs/ext4/super.c | 127 +++++++++++++++++++++++++++++--------------------------- 1 file changed, 66 insertions(+), 61 deletions(-) culprit signature: 98f383d103cd88d8e7d883dcfbea63a6d801532c6b0daabd40bd06243b87f610 parent signature: e13febf59f0b80a3a80eccebd771fc1c5bd883d13ce40661d8eabb5a006050a2 revisions tested: 14, total time: 3h55m0.383506954s (build: 2h1m5.890131437s, test: 1h52m43.117863294s) first good commit: cb1702c403ad392a9ae6e090702a17cca98a38ca ext4: validate the debug_want_extra_isize mount option at parse time cc: ["gregkh@linuxfoundation.org" "syzbot+4a39a025912b265cacef@syzkaller.appspotmail.com" "tytso@mit.edu" "zsm@chromium.org"]