ci2 starts bisection 2023-06-06 14:09:47.865278785 +0000 UTC m=+408011.512186450 bisecting fixing commit since ca48fc16c49388400eddd6c6614593ebf7c7726a building syzkaller on 90c93c40627cb0ac3c2c7cb99d807fd4c137adcb ensuring issue is reproducible on original commit ca48fc16c49388400eddd6c6614593ebf7c7726a testing commit ca48fc16c49388400eddd6c6614593ebf7c7726a gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 3f0bcc5ffb9cb52f5474dc7ec3ee447d791129341332a33484258aa40b1af2b9 all runs: crashed: WARNING in ext4_expand_extra_isize_ea testing current HEAD 76ba310227d2490018c271f1ecabb6c0a3212eb0 testing commit 76ba310227d2490018c271f1ecabb6c0a3212eb0 gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 31d2b18a855b3db396fb2f1af294874386ae9754b62cff21c452513ece044c9b all runs: OK # git bisect start 76ba310227d2490018c271f1ecabb6c0a3212eb0 ca48fc16c49388400eddd6c6614593ebf7c7726a Bisecting: 651 revisions left to test after this (roughly 9 steps) [c52ebecd89ae2d4724f2ec429cfefff9799220c4] octeontx2-pf: mcs: Match macsec ethertype along with DMAC testing commit c52ebecd89ae2d4724f2ec429cfefff9799220c4 gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: f506aa1190c9862839673cd1a5ac207324fc59f632967a9b4323886657983645 all runs: crashed: WARNING in ext4_expand_extra_isize_ea # git bisect good c52ebecd89ae2d4724f2ec429cfefff9799220c4 Bisecting: 325 revisions left to test after this (roughly 8 steps) [907d6b615e793e82b9f7161cba5cde881eafb63e] usb: typec: ucsi: acpi: add quirk for ASUS Zenbook UM325 testing commit 907d6b615e793e82b9f7161cba5cde881eafb63e gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: ad17b66d780784b7bf673409a578c80ee0e8f057b7118a85da7e18927e0c31fb all runs: OK # git bisect bad 907d6b615e793e82b9f7161cba5cde881eafb63e Bisecting: 162 revisions left to test after this (roughly 7 steps) [e6332695d48434582f1d8e02350a45c8a390dc13] drm/amd/display: Update minimum stutter residency for DCN314 Z8 testing commit e6332695d48434582f1d8e02350a45c8a390dc13 gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 37b73e95115740887836d725321de021923f4f4439ec4a9ee95ed1b59e800c6f all runs: crashed: WARNING in ext4_expand_extra_isize_ea # git bisect good e6332695d48434582f1d8e02350a45c8a390dc13 Bisecting: 81 revisions left to test after this (roughly 6 steps) [d547d499e451f1e38ad22450602122e0e73f8540] drm/amd/display: Enable HostVM based on rIOMMU active testing commit d547d499e451f1e38ad22450602122e0e73f8540 gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 1980b0c011d66fe251a6aa5998be5d8b68563534a3ef01ccd475cd94ba7dcf3e all runs: OK # git bisect bad d547d499e451f1e38ad22450602122e0e73f8540 Bisecting: 40 revisions left to test after this (roughly 5 steps) [3e785c8deb046305c61b9fa02265d0cb900c4a45] net: skb_partial_csum_set() fix against transport header magic value testing commit 3e785c8deb046305c61b9fa02265d0cb900c4a45 gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: caa4188dc84d60a2eff71a2167ba5f46b70d303ff835af5de8dd6ade2c626cbc all runs: OK # git bisect bad 3e785c8deb046305c61b9fa02265d0cb900c4a45 Bisecting: 19 revisions left to test after this (roughly 4 steps) [25c9fca7b71c5045d6dc537430af5b2e79598fa1] ext4: improve error recovery code paths in __ext4_remount() testing commit 25c9fca7b71c5045d6dc537430af5b2e79598fa1 gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: da9153cfcfebde79314416fa575b2af36e0bce388d2da6c8440e279caeeea4ea all runs: crashed: WARNING in ext4_expand_extra_isize_ea # git bisect good 25c9fca7b71c5045d6dc537430af5b2e79598fa1 Bisecting: 9 revisions left to test after this (roughly 3 steps) [514728ffc05b8e4ec30299c820f6186daf88b10e] f2fs: inode: fix to do sanity check on extent cache correctly testing commit 514728ffc05b8e4ec30299c820f6186daf88b10e gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: ea26f25f378c66f9bf6d3b89b455032da8968bd7c14d9a75b2dc174cf6c30248 all runs: OK # git bisect bad 514728ffc05b8e4ec30299c820f6186daf88b10e Bisecting: 4 revisions left to test after this (roughly 2 steps) [19fb73b8eaefccc48918c2f915d021bd4a5572a7] ext4: fix lockdep warning when enabling MMP testing commit 19fb73b8eaefccc48918c2f915d021bd4a5572a7 gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: a765bbf2498ae4161f569a78e522aea5f34bca353b6c59864d6619c01f86fd2c all runs: crashed: WARNING in ext4_expand_extra_isize_ea # git bisect good 19fb73b8eaefccc48918c2f915d021bd4a5572a7 Bisecting: 2 revisions left to test after this (roughly 1 step) [c5fa4eedddd1c8342ce533cb401c0e693e55b4e3] ext4: fix invalid free tracking in ext4_xattr_move_to_block() testing commit c5fa4eedddd1c8342ce533cb401c0e693e55b4e3 gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: cb4394007534d6715f1ef8165bd3fa15029da6580a7e11f2fb8d3a38a1d2fc8e all runs: OK # git bisect bad c5fa4eedddd1c8342ce533cb401c0e693e55b4e3 Bisecting: 0 revisions left to test after this (roughly 0 steps) [d87a4e4094c9879fc8acdff8ce59fdffa979c8e0] ext4: remove a BUG_ON in ext4_mb_release_group_pa() testing commit d87a4e4094c9879fc8acdff8ce59fdffa979c8e0 gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: af4071e2f6639bfd30f758b236d16fa9c685f24f830a5a7b0c98f3d00c751f67 all runs: crashed: WARNING in ext4_expand_extra_isize_ea # git bisect good d87a4e4094c9879fc8acdff8ce59fdffa979c8e0 c5fa4eedddd1c8342ce533cb401c0e693e55b4e3 is the first bad commit commit c5fa4eedddd1c8342ce533cb401c0e693e55b4e3 Author: Theodore Ts'o Date: Sun Apr 30 03:04:13 2023 -0400 ext4: fix invalid free tracking in ext4_xattr_move_to_block() commit b87c7cdf2bed4928b899e1ce91ef0d147017ba45 upstream. In ext4_xattr_move_to_block(), the value of the extended attribute which we need to move to an external block may be allocated by kvmalloc() if the value is stored in an external inode. So at the end of the function the code tried to check if this was the case by testing entry->e_value_inum. However, at this point, the pointer to the xattr entry is no longer valid, because it was removed from the original location where it had been stored. So we could end up calling kvfree() on a pointer which was not allocated by kvmalloc(); or we could also potentially leak memory by not freeing the buffer when it should be freed. Fix this by storing whether it should be freed in a separate variable. Cc: stable@kernel.org Link: https://lore.kernel.org/r/20230430160426.581366-1-tytso@mit.edu Link: https://syzkaller.appspot.com/bug?id=5c2aee8256e30b55ccf57312c16d88417adbd5e1 Link: https://syzkaller.appspot.com/bug?id=41a6b5d4917c0412eb3b3c3c604965bed7d7420b Reported-by: syzbot+64b645917ce07d89bde5@syzkaller.appspotmail.com Reported-by: syzbot+0d042627c4f2ad332195@syzkaller.appspotmail.com Signed-off-by: Theodore Ts'o Signed-off-by: Greg Kroah-Hartman fs/ext4/xattr.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) culprit signature: cb4394007534d6715f1ef8165bd3fa15029da6580a7e11f2fb8d3a38a1d2fc8e parent signature: af4071e2f6639bfd30f758b236d16fa9c685f24f830a5a7b0c98f3d00c751f67 revisions tested: 12, total time: 5h25m0.677983511s (build: 4h11m34.60900097s, test: 1h11m53.305220892s) first good commit: c5fa4eedddd1c8342ce533cb401c0e693e55b4e3 ext4: fix invalid free tracking in ext4_xattr_move_to_block() recipients (to): ["gregkh@linuxfoundation.org" "tytso@mit.edu"] recipients (cc): []