ci2 starts bisection 2023-10-27 21:11:50.619269965 +0000 UTC m=+26566.294888590
bisecting fixing commit since 86a6bbdc8ffe588059b2cef842f78fa44a6fefb0
building syzkaller on 4bce1a3e705a8b62de8194bdb28f5eef89c8feec
ensuring issue is reproducible on original commit 86a6bbdc8ffe588059b2cef842f78fa44a6fefb0

testing commit 86a6bbdc8ffe588059b2cef842f78fa44a6fefb0 gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: c0cc697e81201dfa8e1d372f6214bf1a83704f1e2ce45836c601f8203830c9ac
run #0: crashed: general protection fault in ext4_acquire_dquot
run #1: crashed: general protection fault in ext4_acquire_dquot
run #2: crashed: general protection fault in ext4_release_dquot
run #3: crashed: general protection fault in ext4_acquire_dquot
run #4: crashed: general protection fault in ext4_acquire_dquot
run #5: crashed: general protection fault in ext4_release_dquot
run #6: crashed: general protection fault in ext4_acquire_dquot
run #7: crashed: general protection fault in ext4_acquire_dquot
run #8: crashed: general protection fault in ext4_acquire_dquot
run #9: crashed: general protection fault in ext4_release_dquot
run #10: crashed: general protection fault in ext4_acquire_dquot
run #11: crashed: general protection fault in ext4_release_dquot
run #12: crashed: general protection fault in ext4_acquire_dquot
run #13: crashed: general protection fault in ext4_acquire_dquot
run #14: crashed: general protection fault in ext4_acquire_dquot
run #15: crashed: general protection fault in ext4_acquire_dquot
run #16: crashed: general protection fault in ext4_acquire_dquot
run #17: crashed: general protection fault in ext4_acquire_dquot
run #18: crashed: general protection fault in ext4_acquire_dquot
run #19: crashed: general protection fault in ext4_acquire_dquot
representative crash: general protection fault in ext4_acquire_dquot, types: [UNKNOWN]
check whether we can drop unnecessary instrumentation
disabling configs for [UBSAN BUG KASAN LOCKDEP ATOMIC_SLEEP HANG LEAK], they are not needed
testing commit 86a6bbdc8ffe588059b2cef842f78fa44a6fefb0 gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 446a134e05548223aed5536eda36b507777d2c93bc08de7da78c7cbace6480ae
run #0: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_acquire_dquot
run #1: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_acquire_dquot
run #2: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_acquire_dquot
run #3: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_acquire_dquot
run #4: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_release_dquot
run #5: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_acquire_dquot
run #6: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_acquire_dquot
run #7: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_acquire_dquot
run #8: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_acquire_dquot
run #9: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_acquire_dquot
representative crash: BUG: unable to handle kernel NULL pointer dereference in ext4_acquire_dquot, types: [UNKNOWN]
the bug reproduces without the instrumentation
disabling configs for [KASAN LOCKDEP ATOMIC_SLEEP HANG LEAK UBSAN BUG], they are not needed
kconfig minimization: base=5179 full=6520 leaves diff=250
split chunks (needed=false): <250>
split chunk #0 of len 250 into 5 parts
testing without sub-chunk 1/5
disabling configs for [LEAK UBSAN BUG KASAN LOCKDEP ATOMIC_SLEEP HANG], they are not needed
testing commit 86a6bbdc8ffe588059b2cef842f78fa44a6fefb0 gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 73e7f65fcc616d2e524341298843dd80af15a2f814956470cb66964f843f6128
run #0: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_acquire_dquot
run #1: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_acquire_dquot
run #2: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_acquire_dquot
run #3: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_acquire_dquot
run #4: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_acquire_dquot
run #5: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_release_dquot
run #6: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_acquire_dquot
run #7: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_acquire_dquot
run #8: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_acquire_dquot
run #9: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_acquire_dquot
representative crash: BUG: unable to handle kernel NULL pointer dereference in ext4_acquire_dquot, types: [UNKNOWN]
the chunk can be dropped
testing without sub-chunk 2/5
disabling configs for [HANG LEAK UBSAN BUG KASAN LOCKDEP ATOMIC_SLEEP], they are not needed
testing commit 86a6bbdc8ffe588059b2cef842f78fa44a6fefb0 gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: e6e096cc8a9586c09f4c7c9a79cb757d247ef788c1b7a0ce4a082b4d5bd90306
run #0: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_acquire_dquot
run #1: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_acquire_dquot
run #2: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_acquire_dquot
run #3: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_acquire_dquot
run #4: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_acquire_dquot
run #5: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_acquire_dquot
run #6: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_acquire_dquot
run #7: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_acquire_dquot
run #8: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_acquire_dquot
run #9: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_release_dquot
representative crash: BUG: unable to handle kernel NULL pointer dereference in ext4_acquire_dquot, types: [UNKNOWN]
the chunk can be dropped
testing without sub-chunk 3/5
disabling configs for [ATOMIC_SLEEP HANG LEAK UBSAN BUG KASAN LOCKDEP], they are not needed
testing commit 86a6bbdc8ffe588059b2cef842f78fa44a6fefb0 gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 445ccba5a3bea22cb582a233b4a4e58176a2ad7e6ffe687a670b64e162b6ae86
all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_acquire_dquot
representative crash: BUG: unable to handle kernel NULL pointer dereference in ext4_acquire_dquot, types: [UNKNOWN]
the chunk can be dropped
testing without sub-chunk 4/5
disabling configs for [LEAK UBSAN BUG KASAN LOCKDEP ATOMIC_SLEEP HANG], they are not needed
testing commit 86a6bbdc8ffe588059b2cef842f78fa44a6fefb0 gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 170af240ee46646a0686cc18432610bdbdbf73f4aedb4fb827d047d729083818
run #0: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_release_dquot
run #1: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_acquire_dquot
run #2: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_acquire_dquot
run #3: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_acquire_dquot
run #4: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_acquire_dquot
run #5: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_acquire_dquot
run #6: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_acquire_dquot
run #7: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_acquire_dquot
run #8: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_acquire_dquot
run #9: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_acquire_dquot
representative crash: BUG: unable to handle kernel NULL pointer dereference in ext4_release_dquot, types: [UNKNOWN]
the chunk can be dropped
testing without sub-chunk 5/5
disabling configs for [ATOMIC_SLEEP HANG LEAK UBSAN BUG KASAN LOCKDEP], they are not needed
testing commit 86a6bbdc8ffe588059b2cef842f78fa44a6fefb0 gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
failed building 86a6bbdc8ffe588059b2cef842f78fa44a6fefb0: net/socket.c:1225: undefined reference to `wext_handle_ioctl'
net/socket.c:3420: undefined reference to `compat_wext_handle_ioctl'
net/core/net-procfs.c:329: undefined reference to `wext_proc_init'
net/core/net-procfs.c:345: undefined reference to `wext_proc_exit'
minimized to 50 configs; suspects: [HID_ZEROPLUS USB_NET_CDC_MBIM USB_NET_CDC_SUBSET USB_NET_CDC_SUBSET_ENABLE USB_NET_DM9601 USB_NET_GL620A USB_NET_MCS7830 USB_NET_NET1080 USB_NET_PLUSB USB_NET_RNDIS_HOST USB_NET_SMSC75XX USB_NET_SMSC95XX USB_NET_SR9700 USB_NET_SR9800 USB_NET_ZAURUS USB_OHCI_HCD USB_OHCI_HCD_PCI USB_OHCI_HCD_PLATFORM USB_OTG USB_OTG_FSM USB_PRINTER USB_SERIAL_GENERIC USB_SERIAL_PL2303 USB_STORAGE_ALAUDA USB_STORAGE_CYPRESS_ATACB USB_STORAGE_DATAFAB USB_STORAGE_FREECOM USB_STORAGE_ISD200 USB_STORAGE_JUMPSHOT USB_STORAGE_KARMA USB_STORAGE_ONETOUCH USB_STORAGE_SDDR09 USB_STORAGE_SDDR55 USB_STORAGE_USBAT USB_TRANCEVIBRATOR USB_U_AUDIO USB_U_ETHER USB_U_SERIAL USB_WDM WLAN WLAN_VENDOR_ATH WLAN_VENDOR_ATMEL WLAN_VENDOR_BROADCOM WLAN_VENDOR_INTERSIL WLAN_VENDOR_MARVELL WLAN_VENDOR_MEDIATEK WLAN_VENDOR_MICROCHIP WLAN_VENDOR_PURELIFI WLAN_VENDOR_RALINK WLAN_VENDOR_REALTEK WLAN_VENDOR_RSI WLAN_VENDOR_SILABS WLAN_VENDOR_ZYDAS X86_X32_ABI ZEROPLUS_FF]
disabling configs for [HANG LEAK UBSAN BUG KASAN LOCKDEP ATOMIC_SLEEP], they are not needed
testing current HEAD 35361bdac25a867d60abc3c01ee11782a7e2b0ed
testing commit 35361bdac25a867d60abc3c01ee11782a7e2b0ed gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 5ecb6a5f302b2e6661d37b702b056c1e30a37cb17855eef1bbb03ff85c2c543b
all runs: OK
false negative chance: 0.000
# git bisect start 35361bdac25a867d60abc3c01ee11782a7e2b0ed 86a6bbdc8ffe588059b2cef842f78fa44a6fefb0
Bisecting: 2116 revisions left to test after this (roughly 11 steps)
[be1a3ec63a840cc9e59a033acf154f56255699a1] md/raid10: check slab-out-of-bounds in md_bitmap_get_counter

determine whether the revision contains the guilty commit
checking the merge base b1644a0031cfb3ca2cbd84c92f771f8ebb62302d
no existing result, test the revision
testing commit b1644a0031cfb3ca2cbd84c92f771f8ebb62302d gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 69a65f7cea4832efa9170dd979f6c7e7b1a020418629d41ebac3a34bc4ba50d5
run #0: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_acquire_dquot
run #1: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_acquire_dquot
run #2: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_acquire_dquot
run #3: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_acquire_dquot
run #4: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_acquire_dquot
run #5: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_acquire_dquot
run #6: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_acquire_dquot
run #7: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_acquire_dquot
run #8: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_release_dquot
run #9: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_acquire_dquot
representative crash: BUG: unable to handle kernel NULL pointer dereference in ext4_acquire_dquot, types: [UNKNOWN]
testing commit be1a3ec63a840cc9e59a033acf154f56255699a1 gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 8b198dc5fe4c07635e96cb7757294bfa16f031b4f6b7b7cb59be51e723ee5c75
all runs: OK
false negative chance: 0.000
# git bisect bad be1a3ec63a840cc9e59a033acf154f56255699a1
Bisecting: 1057 revisions left to test after this (roughly 10 steps)
[474d57adf16ac6322fed2f87cdbc277280742106] af_key: Reject optional tunnel/BEET mode templates in outbound policies

determine whether the revision contains the guilty commit
revision b1644a0031cfb3ca2cbd84c92f771f8ebb62302d crashed and is reachable
testing commit 474d57adf16ac6322fed2f87cdbc277280742106 gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: c1b473ce8f3eda32ac1dbe072fe95a7ece95c444db06a7a157bc1bfdc482982e
all runs: OK
false negative chance: 0.000
# git bisect bad 474d57adf16ac6322fed2f87cdbc277280742106
Bisecting: 528 revisions left to test after this (roughly 9 steps)
[bb0433ae6fa2a35e0bf197427f369b2ec3f50d3b] rtc: k3: handle errors while enabling wake irq

determine whether the revision contains the guilty commit
revision b1644a0031cfb3ca2cbd84c92f771f8ebb62302d crashed and is reachable
testing commit bb0433ae6fa2a35e0bf197427f369b2ec3f50d3b gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: eb11e9acd8a2d6f0ab50760067dabc4d0915219accc8debd58968fca6d24239e
run #0: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_acquire_dquot
run #1: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_acquire_dquot
run #2: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_release_dquot
run #3: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_acquire_dquot
run #4: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_acquire_dquot
run #5: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_acquire_dquot
run #6: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_acquire_dquot
run #7: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_acquire_dquot
run #8: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_acquire_dquot
run #9: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_acquire_dquot
representative crash: BUG: unable to handle kernel NULL pointer dereference in ext4_acquire_dquot, types: [UNKNOWN]
# git bisect good bb0433ae6fa2a35e0bf197427f369b2ec3f50d3b
Bisecting: 264 revisions left to test after this (roughly 8 steps)
[0d6b66657c245bacced9c0b86ffe7c99ba0788cf] remoteproc: stm32: Call of_node_put() on iteration error

determine whether the revision contains the guilty commit
revision bb0433ae6fa2a35e0bf197427f369b2ec3f50d3b crashed and is reachable
testing commit 0d6b66657c245bacced9c0b86ffe7c99ba0788cf gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 6cd9244f88376632f4dee60fa075f83b393c7997966fc80ef2618d2616b23e7e
all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_acquire_dquot
representative crash: BUG: unable to handle kernel NULL pointer dereference in ext4_acquire_dquot, types: [UNKNOWN]
# git bisect good 0d6b66657c245bacced9c0b86ffe7c99ba0788cf
Bisecting: 132 revisions left to test after this (roughly 7 steps)
[36fa6187753a9b52f2bbf2f3ba628f6bad314510] drm/i915: Expand force_probe to block probe of devices as well.

determine whether the revision contains the guilty commit
revision b1644a0031cfb3ca2cbd84c92f771f8ebb62302d crashed and is reachable
testing commit 36fa6187753a9b52f2bbf2f3ba628f6bad314510 gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: c8e8b8fd3ccffc4f7c45674439e919f18ad54a00fe542555990f299e206d0f57
all runs: OK
false negative chance: 0.000
# git bisect bad 36fa6187753a9b52f2bbf2f3ba628f6bad314510
Bisecting: 65 revisions left to test after this (roughly 6 steps)
[25f603624246062fd473812e6ebda98e3c387017] drm/amd/display: Add minimum Z8 residency debug option

determine whether the revision contains the guilty commit
revision 0d6b66657c245bacced9c0b86ffe7c99ba0788cf crashed and is reachable
testing commit 25f603624246062fd473812e6ebda98e3c387017 gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 9dc3f3f41cf12c351d32c43999ab749495438233a8fa32ccf10902a8b331f59b
run #0: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_acquire_dquot
run #1: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_release_dquot
run #2: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_acquire_dquot
run #3: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_acquire_dquot
run #4: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_acquire_dquot
run #5: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_acquire_dquot
run #6: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_acquire_dquot
run #7: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_acquire_dquot
run #8: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_acquire_dquot
run #9: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_acquire_dquot
representative crash: BUG: unable to handle kernel NULL pointer dereference in ext4_acquire_dquot, types: [UNKNOWN]
# git bisect good 25f603624246062fd473812e6ebda98e3c387017
Bisecting: 32 revisions left to test after this (roughly 5 steps)
[76ce32682635fe907e0f8e64e039e773e5c7508f] x86: fix clear_user_rep_good() exception handling annotation

determine whether the revision contains the guilty commit
revision 0d6b66657c245bacced9c0b86ffe7c99ba0788cf crashed and is reachable
testing commit 76ce32682635fe907e0f8e64e039e773e5c7508f gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 720273a1d5b5ea08578f5e45a248d9b6d63d3db6c33bc6723d5e53e80c67ec40
all runs: OK
false negative chance: 0.000
# git bisect bad 76ce32682635fe907e0f8e64e039e773e5c7508f
Bisecting: 16 revisions left to test after this (roughly 4 steps)
[1b9c92432fdf809c2bffa58fd86ace3c48371f7e] locking/rwsem: Add __always_inline annotation to __down_read_common() and inlined callers

determine whether the revision contains the guilty commit
revision 0d6b66657c245bacced9c0b86ffe7c99ba0788cf crashed and is reachable
testing commit 1b9c92432fdf809c2bffa58fd86ace3c48371f7e gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 9967866c3f175c0c12ef4a6e7aca593f1697c6bf484583b3bb8919367ad92366
run #0: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_acquire_dquot
run #1: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_release_dquot
run #2: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_release_dquot
run #3: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_acquire_dquot
run #4: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_acquire_dquot
run #5: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_acquire_dquot
run #6: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_acquire_dquot
run #7: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_acquire_dquot
run #8: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_acquire_dquot
run #9: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_acquire_dquot
representative crash: BUG: unable to handle kernel NULL pointer dereference in ext4_acquire_dquot, types: [UNKNOWN]
# git bisect good 1b9c92432fdf809c2bffa58fd86ace3c48371f7e
Bisecting: 8 revisions left to test after this (roughly 3 steps)
[1d2caddbeeee56fbbc36b428c5b909c3ad88eb7f] ext4: add bounds checking in get_max_inline_xattr_value_size()

determine whether the revision contains the guilty commit
revision 1b9c92432fdf809c2bffa58fd86ace3c48371f7e crashed and is reachable
testing commit 1d2caddbeeee56fbbc36b428c5b909c3ad88eb7f gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 3051d88f68a73091cc4e9418d4e732f1a7f68cd72e6e34199addf02c4b306194
all runs: OK
false negative chance: 0.000
# git bisect bad 1d2caddbeeee56fbbc36b428c5b909c3ad88eb7f
Bisecting: 3 revisions left to test after this (roughly 2 steps)
[748e4bb27d2e3cb455ed2b75afd6cceee876b378] ext4: check iomap type only if ext4_iomap_begin() does not fail

determine whether the revision contains the guilty commit
revision bb0433ae6fa2a35e0bf197427f369b2ec3f50d3b crashed and is reachable
testing commit 748e4bb27d2e3cb455ed2b75afd6cceee876b378 gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 5ca2d0f22dd7ef089aa56c1c48e8f13355ce701bc6b973bbb8d20d9595c11910
all runs: OK
false negative chance: 0.000
# git bisect bad 748e4bb27d2e3cb455ed2b75afd6cceee876b378
Bisecting: 1 revision left to test after this (roughly 1 step)
[1fffe4750500148f3e744ed77cf233db8342603f] ext4: avoid a potential slab-out-of-bounds in ext4_group_desc_csum

determine whether the revision contains the guilty commit
revision 1b9c92432fdf809c2bffa58fd86ace3c48371f7e crashed and is reachable
testing commit 1fffe4750500148f3e744ed77cf233db8342603f gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 89c42140123d1ff904f497e30fcd41e681c17389f624faf103560c007bfa6be4
all runs: OK
false negative chance: 0.000
# git bisect bad 1fffe4750500148f3e744ed77cf233db8342603f
Bisecting: 0 revisions left to test after this (roughly 0 steps)
[dba62fa84a8eac44a53a2862de8a40e5bdfa0ae3] ext4: fix WARNING in mb_find_extent

determine whether the revision contains the guilty commit
revision bb0433ae6fa2a35e0bf197427f369b2ec3f50d3b crashed and is reachable
testing commit dba62fa84a8eac44a53a2862de8a40e5bdfa0ae3 gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 1876ccf92c6673f12d7c239dc2fab93489beec126f7659e7ee943704f7060207
all runs: OK
false negative chance: 0.000
# git bisect bad dba62fa84a8eac44a53a2862de8a40e5bdfa0ae3
dba62fa84a8eac44a53a2862de8a40e5bdfa0ae3 is the first bad commit
commit dba62fa84a8eac44a53a2862de8a40e5bdfa0ae3
Author: Ye Bin <yebin10@huawei.com>
Date:   Mon Jan 16 10:00:15 2023 +0800

    ext4: fix WARNING in mb_find_extent
    
    commit fa08a7b61dff8a4df11ff1e84abfc214b487caf7 upstream.
    
    Syzbot found the following issue:
    
    EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support!
    EXT4-fs (loop0): orphan cleanup on readonly fs
    ------------[ cut here ]------------
    WARNING: CPU: 1 PID: 5067 at fs/ext4/mballoc.c:1869 mb_find_extent+0x8a1/0xe30
    Modules linked in:
    CPU: 1 PID: 5067 Comm: syz-executor307 Not tainted 6.2.0-rc1-syzkaller #0
    Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
    RIP: 0010:mb_find_extent+0x8a1/0xe30 fs/ext4/mballoc.c:1869
    RSP: 0018:ffffc90003c9e098 EFLAGS: 00010293
    RAX: ffffffff82405731 RBX: 0000000000000041 RCX: ffff8880783457c0
    RDX: 0000000000000000 RSI: 0000000000000041 RDI: 0000000000000040
    RBP: 0000000000000040 R08: ffffffff82405723 R09: ffffed10053c9402
    R10: ffffed10053c9402 R11: 1ffff110053c9401 R12: 0000000000000000
    R13: ffffc90003c9e538 R14: dffffc0000000000 R15: ffffc90003c9e2cc
    FS:  0000555556665300(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000
    CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
    CR2: 000056312f6796f8 CR3: 0000000022437000 CR4: 00000000003506e0
    DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
    DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
    Call Trace:
     <TASK>
     ext4_mb_complex_scan_group+0x353/0x1100 fs/ext4/mballoc.c:2307
     ext4_mb_regular_allocator+0x1533/0x3860 fs/ext4/mballoc.c:2735
     ext4_mb_new_blocks+0xddf/0x3db0 fs/ext4/mballoc.c:5605
     ext4_ext_map_blocks+0x1868/0x6880 fs/ext4/extents.c:4286
     ext4_map_blocks+0xa49/0x1cc0 fs/ext4/inode.c:651
     ext4_getblk+0x1b9/0x770 fs/ext4/inode.c:864
     ext4_bread+0x2a/0x170 fs/ext4/inode.c:920
     ext4_quota_write+0x225/0x570 fs/ext4/super.c:7105
     write_blk fs/quota/quota_tree.c:64 [inline]
     get_free_dqblk+0x34a/0x6d0 fs/quota/quota_tree.c:130
     do_insert_tree+0x26b/0x1aa0 fs/quota/quota_tree.c:340
     do_insert_tree+0x722/0x1aa0 fs/quota/quota_tree.c:375
     do_insert_tree+0x722/0x1aa0 fs/quota/quota_tree.c:375
     do_insert_tree+0x722/0x1aa0 fs/quota/quota_tree.c:375
     dq_insert_tree fs/quota/quota_tree.c:401 [inline]
     qtree_write_dquot+0x3b6/0x530 fs/quota/quota_tree.c:420
     v2_write_dquot+0x11b/0x190 fs/quota/quota_v2.c:358
     dquot_acquire+0x348/0x670 fs/quota/dquot.c:444
     ext4_acquire_dquot+0x2dc/0x400 fs/ext4/super.c:6740
     dqget+0x999/0xdc0 fs/quota/dquot.c:914
     __dquot_initialize+0x3d0/0xcf0 fs/quota/dquot.c:1492
     ext4_process_orphan+0x57/0x2d0 fs/ext4/orphan.c:329
     ext4_orphan_cleanup+0xb60/0x1340 fs/ext4/orphan.c:474
     __ext4_fill_super fs/ext4/super.c:5516 [inline]
     ext4_fill_super+0x81cd/0x8700 fs/ext4/super.c:5644
     get_tree_bdev+0x400/0x620 fs/super.c:1282
     vfs_get_tree+0x88/0x270 fs/super.c:1489
     do_new_mount+0x289/0xad0 fs/namespace.c:3145
     do_mount fs/namespace.c:3488 [inline]
     __do_sys_mount fs/namespace.c:3697 [inline]
     __se_sys_mount+0x2d3/0x3c0 fs/namespace.c:3674
     do_syscall_x64 arch/x86/entry/common.c:50 [inline]
     do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80
     entry_SYSCALL_64_after_hwframe+0x63/0xcd
    
    Add some debug information:
    mb_find_extent: mb_find_extent block=41, order=0 needed=64 next=0 ex=0/41/1@3735929054 64 64 7
    block_bitmap: ff 3f 0c 00 fc 01 00 00 d2 3d 00 00 00 00 00 00 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
    
    Acctually, blocks per group is 64, but block bitmap indicate at least has
    128 blocks. Now, ext4_validate_block_bitmap() didn't check invalid block's
    bitmap if set.
    To resolve above issue, add check like fsck "Padding at end of block bitmap is
    not set".
    
    Cc: stable@kernel.org
    Reported-by: syzbot+68223fe9f6c95ad43bed@syzkaller.appspotmail.com
    Signed-off-by: Ye Bin <yebin10@huawei.com>
    Reviewed-by: Jan Kara <jack@suse.cz>
    Link: https://lore.kernel.org/r/20230116020015.1506120-1-yebin@huaweicloud.com
    Signed-off-by: Theodore Ts'o <tytso@mit.edu>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

 fs/ext4/balloc.c | 25 +++++++++++++++++++++++++
 1 file changed, 25 insertions(+)

accumulated error probability: 0.00
culprit signature: 1876ccf92c6673f12d7c239dc2fab93489beec126f7659e7ee943704f7060207
parent  signature: 9967866c3f175c0c12ef4a6e7aca593f1697c6bf484583b3bb8919367ad92366
revisions tested: 20, total time: 3h3m54.37145559s (build: 43m4.209937334s, test: 2h14m4.239169718s)
first good commit: dba62fa84a8eac44a53a2862de8a40e5bdfa0ae3 ext4: fix WARNING in mb_find_extent
recipients (to): ["gregkh@linuxfoundation.org" "jack@suse.cz" "tytso@mit.edu" "yebin10@huawei.com"]
recipients (cc): []