ci2 starts bisection 2024-11-08 12:58:02.988711233 +0000 UTC m=+37241.649920513
bisecting fixing commit since 3a5928702e7120f83f703fd566082bfb59f1a57e
building syzkaller on c673ca06b23cea94091ab496ef62c3513e434585
ensuring issue is reproducible on original commit 3a5928702e7120f83f703fd566082bfb59f1a57e

testing commit 3a5928702e7120f83f703fd566082bfb59f1a57e gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 79721a3a87bc683fe023875b9c43376ce3d53c9a6f3cf3e87a537247c5f6375e
run #0: crashed: KASAN: use-after-free Read in ext4_search_dir
run #1: crashed: KASAN: use-after-free Read in ext4_search_dir
run #2: crashed: KASAN: slab-out-of-bounds Read in ext4_search_dir
run #3: crashed: KASAN: use-after-free Read in ext4_search_dir
run #4: crashed: KASAN: slab-out-of-bounds Read in ext4_search_dir
run #5: crashed: KASAN: use-after-free Read in ext4_search_dir
run #6: crashed: KASAN: use-after-free Read in ext4_search_dir
run #7: crashed: KASAN: use-after-free Read in ext4_search_dir
run #8: crashed: KASAN: slab-out-of-bounds Read in ext4_search_dir
run #9: crashed: KASAN: use-after-free Read in ext4_search_dir
run #10: crashed: KASAN: use-after-free Read in ext4_search_dir
run #11: crashed: KASAN: use-after-free Read in ext4_search_dir
run #12: crashed: KASAN: use-after-free Read in ext4_search_dir
run #13: crashed: KASAN: slab-out-of-bounds Read in ext4_search_dir
run #14: crashed: KASAN: use-after-free Read in ext4_search_dir
run #15: crashed: KASAN: use-after-free Read in ext4_search_dir
run #16: crashed: KASAN: use-after-free Read in ext4_search_dir
run #17: crashed: KASAN: use-after-free Read in ext4_search_dir
run #18: crashed: KASAN: use-after-free Read in ext4_search_dir
run #19: crashed: KASAN: use-after-free Read in ext4_search_dir
representative crash: KASAN: use-after-free Read in ext4_search_dir, types: [KASAN]
check whether we can drop unnecessary instrumentation
disabling configs for [LOCKDEP ATOMIC_SLEEP HANG LEAK UBSAN BUG], they are not needed
testing commit 3a5928702e7120f83f703fd566082bfb59f1a57e gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: fb00618c8b12c1c9060823ba9f92ac0640c57be03e6401ec6f1c92eee16b1055
run #0: crashed: KASAN: use-after-free Read in ext4_search_dir
run #1: crashed: KASAN: use-after-free Read in ext4_search_dir
run #2: crashed: KASAN: use-after-free Read in ext4_search_dir
run #3: crashed: KASAN: use-after-free Read in ext4_search_dir
run #4: crashed: KASAN: use-after-free Read in ext4_search_dir
run #5: crashed: KASAN: use-after-free Read in ext4_search_dir
run #6: crashed: KASAN: slab-out-of-bounds Read in ext4_search_dir
run #7: crashed: KASAN: use-after-free Read in ext4_search_dir
run #8: crashed: KASAN: use-after-free Read in ext4_search_dir
run #9: crashed: KASAN: slab-out-of-bounds Read in ext4_search_dir
representative crash: KASAN: use-after-free Read in ext4_search_dir, types: [KASAN]
the bug reproduces without the instrumentation
disabling configs for [LEAK UBSAN BUG LOCKDEP ATOMIC_SLEEP HANG], they are not needed
kconfig minimization: base=3706 full=7299 leaves diff=2036
split chunks (needed=false): <2036>
split chunk #0 of len 2036 into 5 parts
testing without sub-chunk 1/5
disabling configs for [LOCKDEP ATOMIC_SLEEP HANG LEAK UBSAN BUG], they are not needed
testing commit 3a5928702e7120f83f703fd566082bfb59f1a57e gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: a96c8584ed9214454ac539733529efa1d39c0ab633bb20722778e7dc8be13f8a
all runs: crashed: KASAN: use-after-free Read in ext4_search_dir
representative crash: KASAN: use-after-free Read in ext4_search_dir, types: [KASAN]
the chunk can be dropped
testing without sub-chunk 2/5
disabling configs for [LOCKDEP ATOMIC_SLEEP HANG LEAK UBSAN BUG], they are not needed
testing commit 3a5928702e7120f83f703fd566082bfb59f1a57e gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 58d8d264aa03aeaf151d5963b73afc8c9b7d9f0195b8e6829f9959b01740d7b3
run #0: crashed: KASAN: use-after-free Read in ext4_search_dir
run #1: crashed: KASAN: use-after-free Read in ext4_search_dir
run #2: crashed: KASAN: use-after-free Read in ext4_search_dir
run #3: crashed: KASAN: slab-out-of-bounds Read in ext4_read_inline_data
run #4: crashed: KASAN: use-after-free Read in ext4_search_dir
run #5: crashed: KASAN: use-after-free Read in ext4_search_dir
run #6: crashed: KASAN: use-after-free Read in ext4_search_dir
run #7: crashed: KASAN: slab-out-of-bounds Read in ext4_search_dir
run #8: crashed: KASAN: use-after-free Read in ext4_search_dir
run #9: crashed: KASAN: use-after-free Read in ext4_search_dir
representative crash: KASAN: use-after-free Read in ext4_search_dir, types: [KASAN]
the chunk can be dropped
testing without sub-chunk 3/5
disabling configs for [LEAK UBSAN BUG LOCKDEP ATOMIC_SLEEP HANG], they are not needed
testing commit 3a5928702e7120f83f703fd566082bfb59f1a57e gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 2ba8e8f4de681b7930bc83c85498a7a2a32a560d0bb391bdb20cb5fd4659e8c7
all runs: crashed: KASAN: use-after-free Read in ext4_search_dir
representative crash: KASAN: use-after-free Read in ext4_search_dir, types: [KASAN]
the chunk can be dropped
testing without sub-chunk 4/5
disabling configs for [ATOMIC_SLEEP HANG LEAK UBSAN BUG LOCKDEP], they are not needed
testing commit 3a5928702e7120f83f703fd566082bfb59f1a57e gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: cb0b7c5a9966bb9db0d89e6b6a642feb1e6ab4d2040526b16bd1a186aa17db4c
run #0: crashed: KASAN: use-after-free Read in ext4_search_dir
run #1: crashed: KASAN: slab-out-of-bounds Read in ext4_search_dir
run #2: crashed: KASAN: slab-out-of-bounds Read in ext4_search_dir
run #3: crashed: KASAN: use-after-free Read in ext4_search_dir
run #4: crashed: KASAN: use-after-free Read in ext4_search_dir
run #5: crashed: KASAN: use-after-free Read in ext4_search_dir
run #6: crashed: KASAN: slab-out-of-bounds Read in ext4_search_dir
run #7: crashed: KASAN: use-after-free Read in ext4_search_dir
run #8: crashed: KASAN: use-after-free Read in ext4_search_dir
run #9: crashed: KASAN: use-after-free Read in ext4_search_dir
representative crash: KASAN: use-after-free Read in ext4_search_dir, types: [KASAN]
the chunk can be dropped
testing without sub-chunk 5/5
disabling configs for [LOCKDEP ATOMIC_SLEEP HANG LEAK UBSAN BUG], they are not needed
testing commit 3a5928702e7120f83f703fd566082bfb59f1a57e gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 7a1fae3d923c91ea893cbcccd26ae0dfc74992fea765d1135efc2075b2f143f3
run #0: crashed: KASAN: use-after-free Read in ext4_search_dir
run #1: crashed: KASAN: use-after-free Read in ext4_search_dir
run #2: crashed: KASAN: slab-out-of-bounds Read in ext4_search_dir
run #3: crashed: KASAN: use-after-free Read in ext4_search_dir
run #4: crashed: KASAN: slab-out-of-bounds Read in ext4_search_dir
run #5: crashed: KASAN: use-after-free Read in ext4_search_dir
run #6: crashed: KASAN: use-after-free Read in ext4_search_dir
run #7: crashed: KASAN: use-after-free Read in ext4_search_dir
run #8: crashed: KASAN: slab-out-of-bounds Read in ext4_search_dir
run #9: crashed: KASAN: slab-out-of-bounds Read in ext4_search_dir
representative crash: KASAN: use-after-free Read in ext4_search_dir, types: [KASAN]
the chunk can be dropped
disabling configs for [LOCKDEP ATOMIC_SLEEP HANG LEAK UBSAN BUG], they are not needed
testing current HEAD 72244eab0dad81e1553d4f5e105ffadc412885cb
testing commit 72244eab0dad81e1553d4f5e105ffadc412885cb gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 6dbcd7cd726acc557c59b7eb09b545c5847ec756cef94cc2abc9e51aedd1e662
all runs: OK
false negative chance: 0.000
# git bisect start 72244eab0dad81e1553d4f5e105ffadc412885cb 3a5928702e7120f83f703fd566082bfb59f1a57e
Bisecting: 424 revisions left to test after this (roughly 9 steps)
[4a55880fa90902939c48b7d9035dc1ea4ee3a71f] proc: add config & param to block forcing mem writes

determine whether the revision contains the guilty commit
revision 3a5928702e7120f83f703fd566082bfb59f1a57e crashed and is reachable
testing commit 4a55880fa90902939c48b7d9035dc1ea4ee3a71f gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 61690aa95b6cc409857073caab09a544ffaf6b627a620ca57c26df9d381bbc38
run #0: crashed: lost connection to test machine
run #1: OK
run #2: OK
run #3: OK
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
representative crash: lost connection to test machine, types: [UNKNOWN]
unable to determine the verdict: 9 good runs (wanted 5), for bad wanted 5 in total, got 10
# git bisect skip 4a55880fa90902939c48b7d9035dc1ea4ee3a71f
Bisecting: 424 revisions left to test after this (roughly 9 steps)
[438e11739cb304a365822562f34b3548cce4e2e0] i2c: xiic: Wait for TX empty to avoid missed TX NAKs

determine whether the revision contains the guilty commit
revision 3a5928702e7120f83f703fd566082bfb59f1a57e crashed and is reachable
testing commit 438e11739cb304a365822562f34b3548cce4e2e0 gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 32177a55a6050874e94926262aaf094e1237a035bd795252c6e4afa54093af1f
all runs: OK
false negative chance: 0.000
# git bisect bad 438e11739cb304a365822562f34b3548cce4e2e0
Bisecting: 242 revisions left to test after this (roughly 8 steps)
[15bcd2dc26d7cb368e8dc93b4e5152f7f3fded33] RDMA/hns: Don't modify rq next block addr in HIP09 QPC

determine whether the revision contains the guilty commit
revision 3a5928702e7120f83f703fd566082bfb59f1a57e crashed and is reachable
testing commit 15bcd2dc26d7cb368e8dc93b4e5152f7f3fded33 gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: df10b9ee7c6b2b525f9bed32dd66bd443f4a82b6db1ee9c3139d0f8cc78e88a3
all runs: OK
false negative chance: 0.000
# git bisect bad 15bcd2dc26d7cb368e8dc93b4e5152f7f3fded33
Bisecting: 120 revisions left to test after this (roughly 7 steps)
[bf090f4fe935294361eabd9dc5a949fdd77d3d1b] wifi: wilc1000: fix potential RCU dereference issue in wilc_parse_join_bss_param

determine whether the revision contains the guilty commit
revision 3a5928702e7120f83f703fd566082bfb59f1a57e crashed and is reachable
testing commit bf090f4fe935294361eabd9dc5a949fdd77d3d1b gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: bd06dfb299e3b1ce72538d910e50ec20691b4db6c67e1d0b89dbf69ab5b26bd2
run #0: crashed: KASAN: use-after-free Read in ext4_search_dir
run #1: crashed: KASAN: use-after-free Read in ext4_search_dir
run #2: crashed: KASAN: use-after-free Read in ext4_search_dir
run #3: crashed: KASAN: use-after-free Read in ext4_search_dir
run #4: crashed: KASAN: use-after-free Read in ext4_search_dir
run #5: crashed: KASAN: use-after-free Read in ext4_search_dir
run #6: crashed: KASAN: use-after-free Read in ext4_search_dir
run #7: crashed: KASAN: out-of-bounds Read in ext4_search_dir
run #8: crashed: KASAN: use-after-free Read in ext4_search_dir
run #9: crashed: KASAN: use-after-free Read in ext4_search_dir
representative crash: KASAN: use-after-free Read in ext4_search_dir, types: [KASAN]
# git bisect good bf090f4fe935294361eabd9dc5a949fdd77d3d1b
Bisecting: 60 revisions left to test after this (roughly 6 steps)
[b43f548e7593b86bb11db04fea564818e04ef754] drm/msm/a5xx: properly clear preemption records on resume

determine whether the revision contains the guilty commit
revision bf090f4fe935294361eabd9dc5a949fdd77d3d1b crashed and is reachable
testing commit b43f548e7593b86bb11db04fea564818e04ef754 gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 818f98b53afa13576eeda4ff56dd637ca14b515ce96fbee6250e72b0af5e2b3c
run #0: crashed: KASAN: use-after-free Read in ext4_search_dir
run #1: crashed: KASAN: use-after-free Read in ext4_search_dir
run #2: crashed: KASAN: use-after-free Read in ext4_search_dir
run #3: crashed: KASAN: slab-out-of-bounds Read in ext4_search_dir
run #4: crashed: KASAN: use-after-free Read in ext4_search_dir
run #5: crashed: KASAN: use-after-free Read in ext4_search_dir
run #6: crashed: KASAN: use-after-free Read in ext4_search_dir
run #7: crashed: KASAN: slab-out-of-bounds Read in ext4_search_dir
run #8: crashed: KASAN: use-after-free Read in ext4_search_dir
run #9: crashed: KASAN: use-after-free Read in ext4_search_dir
representative crash: KASAN: use-after-free Read in ext4_search_dir, types: [KASAN]
# git bisect good b43f548e7593b86bb11db04fea564818e04ef754
Bisecting: 30 revisions left to test after this (roughly 5 steps)
[42d44163d41b2caaef023a0df75fbf005af8afdc] nilfs2: determine empty node blocks as corrupted

determine whether the revision contains the guilty commit
revision bf090f4fe935294361eabd9dc5a949fdd77d3d1b crashed and is reachable
testing commit 42d44163d41b2caaef023a0df75fbf005af8afdc gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: df10b9ee7c6b2b525f9bed32dd66bd443f4a82b6db1ee9c3139d0f8cc78e88a3
all runs: OK
false negative chance: 0.000
# git bisect bad 42d44163d41b2caaef023a0df75fbf005af8afdc
Bisecting: 14 revisions left to test after this (roughly 4 steps)
[e0fcf564cb6cd56f3b84665fa52400a6bdd7a5bf] selftests/bpf: Fix compiling tcp_rtt.c with musl-libc

determine whether the revision contains the guilty commit
revision 3a5928702e7120f83f703fd566082bfb59f1a57e crashed and is reachable
testing commit e0fcf564cb6cd56f3b84665fa52400a6bdd7a5bf gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 818f98b53afa13576eeda4ff56dd637ca14b515ce96fbee6250e72b0af5e2b3c
all runs: crashed: KASAN: use-after-free Read in ext4_search_dir
representative crash: KASAN: use-after-free Read in ext4_search_dir, types: [KASAN]
# git bisect good e0fcf564cb6cd56f3b84665fa52400a6bdd7a5bf
Bisecting: 7 revisions left to test after this (roughly 3 steps)
[38c0090658e0dae150189a39e221a3b8bafd65a3] ext4: clear EXT4_GROUP_INFO_WAS_TRIMMED_BIT even mount with discard

determine whether the revision contains the guilty commit
revision b43f548e7593b86bb11db04fea564818e04ef754 crashed and is reachable
testing commit 38c0090658e0dae150189a39e221a3b8bafd65a3 gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 479222babc2381c385e5bcc8a6e1c724fd26d04b46d658f71ead90e5f30cb64a
run #0: crashed: KASAN: use-after-free Read in ext4_search_dir
run #1: crashed: KASAN: slab-out-of-bounds Read in ext4_search_dir
run #2: crashed: KASAN: use-after-free Read in ext4_search_dir
run #3: crashed: KASAN: use-after-free Read in ext4_search_dir
run #4: crashed: KASAN: use-after-free Read in ext4_search_dir
run #5: crashed: KASAN: use-after-free Read in ext4_search_dir
run #6: crashed: KASAN: use-after-free Read in ext4_search_dir
run #7: crashed: KASAN: use-after-free Read in ext4_search_dir
run #8: crashed: KASAN: use-after-free Read in ext4_search_dir
run #9: crashed: KASAN: use-after-free Read in ext4_search_dir
representative crash: KASAN: use-after-free Read in ext4_search_dir, types: [KASAN]
# git bisect good 38c0090658e0dae150189a39e221a3b8bafd65a3
Bisecting: 3 revisions left to test after this (roughly 2 steps)
[bf4cabdf3a86ebb39c343ebb498e19f033a631e7] ext4: avoid negative min_clusters in find_group_orlov()

determine whether the revision contains the guilty commit
revision 3a5928702e7120f83f703fd566082bfb59f1a57e crashed and is reachable
testing commit bf4cabdf3a86ebb39c343ebb498e19f033a631e7 gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 93dd689fb17dd0cba1cabf44f17d6babb11fb5f8d6ca64e47fd3cd94e2f21efc
run #0: crashed: KASAN: slab-out-of-bounds Read in ext4_search_dir
run #1: crashed: KASAN: use-after-free Read in ext4_search_dir
run #2: crashed: KASAN: use-after-free Read in ext4_search_dir
run #3: crashed: KASAN: use-after-free Read in ext4_search_dir
run #4: crashed: KASAN: use-after-free Read in ext4_search_dir
run #5: crashed: KASAN: use-after-free Read in ext4_search_dir
run #6: crashed: KASAN: use-after-free Read in ext4_search_dir
run #7: crashed: KASAN: use-after-free Read in ext4_search_dir
run #8: crashed: KASAN: use-after-free Read in ext4_search_dir
run #9: crashed: KASAN: slab-out-of-bounds Read in ext4_search_dir
representative crash: KASAN: slab-out-of-bounds Read in ext4_search_dir, types: [KASAN]
# git bisect good bf4cabdf3a86ebb39c343ebb498e19f033a631e7
Bisecting: 1 revision left to test after this (roughly 1 step)
[be2e9b111e2790962cc66a177869b4e9717b4e29] ext4: avoid OOB when system.data xattr changes underneath the filesystem

determine whether the revision contains the guilty commit
revision bf090f4fe935294361eabd9dc5a949fdd77d3d1b crashed and is reachable
testing commit be2e9b111e2790962cc66a177869b4e9717b4e29 gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: df10b9ee7c6b2b525f9bed32dd66bd443f4a82b6db1ee9c3139d0f8cc78e88a3
all runs: OK
false negative chance: 0.000
# git bisect bad be2e9b111e2790962cc66a177869b4e9717b4e29
Bisecting: 0 revisions left to test after this (roughly 0 steps)
[299d996f1031f60e539d3bfd34d1d9c9facf1e9c] ext4: return error on ext4_find_inline_entry

determine whether the revision contains the guilty commit
revision bf090f4fe935294361eabd9dc5a949fdd77d3d1b crashed and is reachable
testing commit 299d996f1031f60e539d3bfd34d1d9c9facf1e9c gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 12cc3d4aa944129024534e572c5d8cabafd03a6d6e228fea48344a125fd0e438
run #0: crashed: KASAN: use-after-free Read in ext4_search_dir
run #1: crashed: KASAN: slab-out-of-bounds Read in ext4_search_dir
run #2: crashed: KASAN: use-after-free Read in ext4_search_dir
run #3: crashed: KASAN: use-after-free Read in ext4_search_dir
run #4: crashed: KASAN: slab-out-of-bounds Read in ext4_search_dir
run #5: crashed: KASAN: use-after-free Read in ext4_search_dir
run #6: crashed: KASAN: use-after-free Read in ext4_search_dir
run #7: crashed: KASAN: use-after-free Read in ext4_search_dir
run #8: crashed: KASAN: use-after-free Read in ext4_search_dir
run #9: crashed: KASAN: use-after-free Read in ext4_search_dir
representative crash: KASAN: use-after-free Read in ext4_search_dir, types: [KASAN]
# git bisect good 299d996f1031f60e539d3bfd34d1d9c9facf1e9c
be2e9b111e2790962cc66a177869b4e9717b4e29 is the first bad commit
commit be2e9b111e2790962cc66a177869b4e9717b4e29
Author: Thadeu Lima de Souza Cascardo <cascardo@igalia.com>
Date:   Wed Aug 21 12:23:24 2024 -0300

    ext4: avoid OOB when system.data xattr changes underneath the filesystem
    
    [ Upstream commit c6b72f5d82b1017bad80f9ebf502832fc321d796 ]
    
    When looking up for an entry in an inlined directory, if e_value_offs is
    changed underneath the filesystem by some change in the block device, it
    will lead to an out-of-bounds access that KASAN detects as an UAF.
    
    EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
    loop0: detected capacity change from 2048 to 2047
    ==================================================================
    BUG: KASAN: use-after-free in ext4_search_dir+0xf2/0x1c0 fs/ext4/namei.c:1500
    Read of size 1 at addr ffff88803e91130f by task syz-executor269/5103
    
    CPU: 0 UID: 0 PID: 5103 Comm: syz-executor269 Not tainted 6.11.0-rc4-syzkaller #0
    Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
    Call Trace:
     <TASK>
     __dump_stack lib/dump_stack.c:93 [inline]
     dump_stack_lvl+0x241/0x360 lib/dump_stack.c:119
     print_address_description mm/kasan/report.c:377 [inline]
     print_report+0x169/0x550 mm/kasan/report.c:488
     kasan_report+0x143/0x180 mm/kasan/report.c:601
     ext4_search_dir+0xf2/0x1c0 fs/ext4/namei.c:1500
     ext4_find_inline_entry+0x4be/0x5e0 fs/ext4/inline.c:1697
     __ext4_find_entry+0x2b4/0x1b30 fs/ext4/namei.c:1573
     ext4_lookup_entry fs/ext4/namei.c:1727 [inline]
     ext4_lookup+0x15f/0x750 fs/ext4/namei.c:1795
     lookup_one_qstr_excl+0x11f/0x260 fs/namei.c:1633
     filename_create+0x297/0x540 fs/namei.c:3980
     do_symlinkat+0xf9/0x3a0 fs/namei.c:4587
     __do_sys_symlinkat fs/namei.c:4610 [inline]
     __se_sys_symlinkat fs/namei.c:4607 [inline]
     __x64_sys_symlinkat+0x95/0xb0 fs/namei.c:4607
     do_syscall_x64 arch/x86/entry/common.c:52 [inline]
     do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
     entry_SYSCALL_64_after_hwframe+0x77/0x7f
    RIP: 0033:0x7f3e73ced469
    Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
    RSP: 002b:00007fff4d40c258 EFLAGS: 00000246 ORIG_RAX: 000000000000010a
    RAX: ffffffffffffffda RBX: 0032656c69662f2e RCX: 00007f3e73ced469
    RDX: 0000000020000200 RSI: 00000000ffffff9c RDI: 00000000200001c0
    RBP: 0000000000000000 R08: 00007fff4d40c290 R09: 00007fff4d40c290
    R10: 0023706f6f6c2f76 R11: 0000000000000246 R12: 00007fff4d40c27c
    R13: 0000000000000003 R14: 431bde82d7b634db R15: 00007fff4d40c2b0
     </TASK>
    
    Calling ext4_xattr_ibody_find right after reading the inode with
    ext4_get_inode_loc will lead to a check of the validity of the xattrs,
    avoiding this problem.
    
    Reported-by: syzbot+0c2508114d912a54ee79@syzkaller.appspotmail.com
    Closes: https://syzkaller.appspot.com/bug?extid=0c2508114d912a54ee79
    Fixes: e8e948e7802a ("ext4: let ext4_find_entry handle inline data")
    Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@igalia.com>
    Link: https://patch.msgid.link/20240821152324.3621860-5-cascardo@igalia.com
    Signed-off-by: Theodore Ts'o <tytso@mit.edu>
    Signed-off-by: Sasha Levin <sashal@kernel.org>

 fs/ext4/inline.c | 31 +++++++++++++++++++++----------
 1 file changed, 21 insertions(+), 10 deletions(-)

accumulated error probability: 0.00
culprit signature: df10b9ee7c6b2b525f9bed32dd66bd443f4a82b6db1ee9c3139d0f8cc78e88a3
parent  signature: 12cc3d4aa944129024534e572c5d8cabafd03a6d6e228fea48344a125fd0e438
revisions tested: 19, total time: 4h18m12.342269818s (build: 2h21m24.125060229s, test: 1h46m53.870751037s)
first good commit: be2e9b111e2790962cc66a177869b4e9717b4e29 ext4: avoid OOB when system.data xattr changes underneath the filesystem
recipients (to): ["cascardo@igalia.com" "sashal@kernel.org" "tytso@mit.edu"]
recipients (cc): []