ci2 starts bisection 2025-11-13 17:30:26.586613997 +0000 UTC m=+102503.603179411
bisecting fixing commit since 60a9e718726fa7019ae00916e4b1c52498da5b60
building syzkaller on e2beed91937c0ace342f19a2e9afb67adb3a828a
ensuring issue is reproducible on original commit 60a9e718726fa7019ae00916e4b1c52498da5b60

testing commit 60a9e718726fa7019ae00916e4b1c52498da5b60 gcc
compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
kernel signature: 112dce05c7285784c767b82a2439a39544ee46320e6465ddb67e5777c8af1e10
all runs: crashed: WARNING in ext4_xattr_block_set
representative crash: WARNING in ext4_xattr_block_set, types: [WARNING]
check whether we can drop unnecessary instrumentation
disabling configs for [kasan locking atomic_sleep hang memleak ubsan], they are not needed
testing commit 60a9e718726fa7019ae00916e4b1c52498da5b60 gcc
compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
kernel signature: cd6cf9aace9660c3711456f2cfb729a8d0472ed3352bcbe3f30d954363f9a4b8
all runs: crashed: WARNING in ext4_xattr_block_set
representative crash: WARNING in ext4_xattr_block_set, types: [WARNING]
the bug reproduces without the instrumentation
disabling configs for [memleak ubsan kasan locking atomic_sleep hang], they are not needed
kconfig minimization: base=3913 full=7800 leaves diff=2160
split chunks (needed=false): <2160>
split chunk #0 of len 2160 into 5 parts
testing without sub-chunk 1/5
disabling configs for [memleak ubsan kasan locking atomic_sleep hang], they are not needed
testing commit 60a9e718726fa7019ae00916e4b1c52498da5b60 gcc
compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
kernel signature: 60ac6fcda68df5bf87307bf188f2adaefc335213ef6efc85d666af21afad92a2
all runs: crashed: WARNING in ext4_xattr_block_set
representative crash: WARNING in ext4_xattr_block_set, types: [WARNING]
the chunk can be dropped
testing without sub-chunk 2/5
disabling configs for [memleak ubsan kasan locking atomic_sleep hang], they are not needed
testing commit 60a9e718726fa7019ae00916e4b1c52498da5b60 gcc
compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
kernel signature: 3ad7f6ce4e709f7a95e62722deaed64e008bbf944e643f8c9575c8c013c5dbc8
all runs: crashed: WARNING in ext4_xattr_block_set
representative crash: WARNING in ext4_xattr_block_set, types: [WARNING]
the chunk can be dropped
testing without sub-chunk 3/5
disabling configs for [atomic_sleep hang memleak ubsan kasan locking], they are not needed
testing commit 60a9e718726fa7019ae00916e4b1c52498da5b60 gcc
compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
kernel signature: 52829359a043f1838484952b58af77bd33d635ec1ff4f66f684b04c356b38179
all runs: crashed: WARNING in ext4_xattr_block_set
representative crash: WARNING in ext4_xattr_block_set, types: [WARNING]
the chunk can be dropped
testing without sub-chunk 4/5
disabling configs for [ubsan kasan locking atomic_sleep hang memleak], they are not needed
testing commit 60a9e718726fa7019ae00916e4b1c52498da5b60 gcc
compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
kernel signature: d6a93c029f3054ec447352c84ef848db22da8567a933d5f9e6cdff106cb1b0ef
all runs: crashed: WARNING in ext4_xattr_block_set
representative crash: WARNING in ext4_xattr_block_set, types: [WARNING]
the chunk can be dropped
testing without sub-chunk 5/5
disabling configs for [hang memleak ubsan kasan locking atomic_sleep], they are not needed
testing commit 60a9e718726fa7019ae00916e4b1c52498da5b60 gcc
compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
kernel signature: f91c48a85153909938728c2d6f3f55de2fe7d6b9b829205e21ea47305076b80a
all runs: crashed: WARNING in ext4_xattr_block_set
representative crash: WARNING in ext4_xattr_block_set, types: [WARNING]
the chunk can be dropped
disabling configs for [hang memleak ubsan kasan locking atomic_sleep], they are not needed
testing current HEAD 0a805b6ea8cda0caa268b396a2e5117f3772d849
testing commit 0a805b6ea8cda0caa268b396a2e5117f3772d849 gcc
compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
kernel signature: 04e1e3c7d956c282d952aa12f57eab2ff47298d72f917836565e173e01895211
all runs: OK
false negative chance: 0.000
# git bisect start 0a805b6ea8cda0caa268b396a2e5117f3772d849 60a9e718726fa7019ae00916e4b1c52498da5b60
Bisecting: 459 revisions left to test after this (roughly 9 steps)
[ea87151df398d407a632c7bf63013290f01c5009] net: dlink: handle copy_thresh allocation failure

determine whether the revision contains the guilty commit
revision 60a9e718726fa7019ae00916e4b1c52498da5b60 crashed and is reachable
testing commit ea87151df398d407a632c7bf63013290f01c5009 gcc
compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
kernel signature: 0fb32d0a4fc4298a267764d2f1ff55cc9da6756eabe9b158f3269f8cd04a83bf
all runs: crashed: WARNING in ext4_xattr_block_set
representative crash: WARNING in ext4_xattr_block_set, types: [WARNING]
# git bisect good ea87151df398d407a632c7bf63013290f01c5009
Bisecting: 229 revisions left to test after this (roughly 8 steps)
[09d227c59d97efda7d5cc878a4335a6b2bb224c2] pid: Add a judgment for ns null in pid_nr_ns

determine whether the revision contains the guilty commit
revision 60a9e718726fa7019ae00916e4b1c52498da5b60 crashed and is reachable
testing commit 09d227c59d97efda7d5cc878a4335a6b2bb224c2 gcc
compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
kernel signature: 47903f67701927c72085f45129c910f77d126f498831c01b850cb449a2849e2a
all runs: OK
false negative chance: 0.000
# git bisect bad 09d227c59d97efda7d5cc878a4335a6b2bb224c2
Bisecting: 114 revisions left to test after this (roughly 7 steps)
[f74a135c561762a97f842db49274420990106683] blk-crypto: fix missing blktrace bio split events

determine whether the revision contains the guilty commit
revision 60a9e718726fa7019ae00916e4b1c52498da5b60 crashed and is reachable
testing commit f74a135c561762a97f842db49274420990106683 gcc
compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
kernel signature: 56f333eed0ad1e6c9f5eb527b4fe8da1f3f69bee5048eaa4471e3aa38ddf1591
all runs: crashed: WARNING in ext4_xattr_block_set
representative crash: WARNING in ext4_xattr_block_set, types: [WARNING]
# git bisect good f74a135c561762a97f842db49274420990106683
Bisecting: 57 revisions left to test after this (roughly 6 steps)
[d7760884ee3f75bf318b0ff38869e74214ce64d7] spi: cadence-quadspi: Flush posted register writes before DAC access

determine whether the revision contains the guilty commit
revision 60a9e718726fa7019ae00916e4b1c52498da5b60 crashed and is reachable
testing commit d7760884ee3f75bf318b0ff38869e74214ce64d7 gcc
compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
kernel signature: 0df28c7288f7dde1da05fa4cc6c91ebf83450f47a1578aae440b7dc30c45b23b
all runs: crashed: WARNING in ext4_xattr_block_set
representative crash: WARNING in ext4_xattr_block_set, types: [WARNING]
# git bisect good d7760884ee3f75bf318b0ff38869e74214ce64d7
Bisecting: 28 revisions left to test after this (roughly 5 steps)
[bc718d0bd87e372f7786c0239e340f3577ac94fa] ksmbd: add max ip connections parameter

determine whether the revision contains the guilty commit
revision f74a135c561762a97f842db49274420990106683 crashed and is reachable
testing commit bc718d0bd87e372f7786c0239e340f3577ac94fa gcc
compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
kernel signature: 58dd1bf180af51f7dbef53794c82738e29357779d0ae19d9a0d8a5be62f6dad0
all runs: OK
false negative chance: 0.000
# git bisect bad bc718d0bd87e372f7786c0239e340f3577ac94fa
Bisecting: 14 revisions left to test after this (roughly 4 steps)
[9e642ab8e5b272df965c97aa77903a3c41223032] ext4: fix an off-by-one issue during moving extents

determine whether the revision contains the guilty commit
revision d7760884ee3f75bf318b0ff38869e74214ce64d7 crashed and is reachable
testing commit 9e642ab8e5b272df965c97aa77903a3c41223032 gcc
compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
kernel signature: fa5d0a5ae61b6f8d9afd64f0a7da6e1b542ea85892fcd843531642e77fe85a03
all runs: crashed: WARNING in ext4_xattr_block_set
representative crash: WARNING in ext4_xattr_block_set, types: [WARNING]
# git bisect good 9e642ab8e5b272df965c97aa77903a3c41223032
Bisecting: 7 revisions left to test after this (roughly 3 steps)
[8c7aad76751816207fee556d44aa88a710824810] Squashfs: reject negative file sizes in squashfs_read_inode()

determine whether the revision contains the guilty commit
revision 9e642ab8e5b272df965c97aa77903a3c41223032 crashed and is reachable
testing commit 8c7aad76751816207fee556d44aa88a710824810 gcc
compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
kernel signature: dca54011be9fd85d7e4225a9a2c91f2498b3e72c0f2340f08e89f0bc62e1bcac
all runs: OK
false negative chance: 0.000
# git bisect bad 8c7aad76751816207fee556d44aa88a710824810
Bisecting: 3 revisions left to test after this (roughly 2 steps)
[f775f821de46e870fda5ff32437a879f5b217ad7] ACPICA: Allow to skip Global Lock initialization

determine whether the revision contains the guilty commit
revision d7760884ee3f75bf318b0ff38869e74214ce64d7 crashed and is reachable
testing commit f775f821de46e870fda5ff32437a879f5b217ad7 gcc
compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
kernel signature: f7c37866f12c09159dddc2a69d370f5a6bd9f3305abb02cc12a86df2031fbb9c
all runs: OK
false negative chance: 0.000
# git bisect bad f775f821de46e870fda5ff32437a879f5b217ad7
Bisecting: 0 revisions left to test after this (roughly 1 step)
[720a66fdaa6ce3d68e5ad4a469fd428a8d7ce571] ext4: validate ea_ino and size in check_xattrs

determine whether the revision contains the guilty commit
revision 60a9e718726fa7019ae00916e4b1c52498da5b60 crashed and is reachable
testing commit 720a66fdaa6ce3d68e5ad4a469fd428a8d7ce571 gcc
compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
kernel signature: b4e52fe4cc532e0a6dd8fc21c282b84b084888536b965c72e2812fd655903b44
all runs: OK
false negative chance: 0.000
# git bisect bad 720a66fdaa6ce3d68e5ad4a469fd428a8d7ce571
Bisecting: 0 revisions left to test after this (roughly 0 steps)
[79ea7f3e11effe1bd9e753172981d9029133a278] ext4: guard against EA inode refcount underflow in xattr update

determine whether the revision contains the guilty commit
revision d7760884ee3f75bf318b0ff38869e74214ce64d7 crashed and is reachable
testing commit 79ea7f3e11effe1bd9e753172981d9029133a278 gcc
compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
kernel signature: bdcbc8147177aba23c31827d558439887c36066ec7b3de2fd08f13f5f70e0758
all runs: crashed: WARNING in ext4_xattr_block_set
representative crash: WARNING in ext4_xattr_block_set, types: [WARNING]
# git bisect good 79ea7f3e11effe1bd9e753172981d9029133a278
720a66fdaa6ce3d68e5ad4a469fd428a8d7ce571 is the first bad commit
commit 720a66fdaa6ce3d68e5ad4a469fd428a8d7ce571
Author: Deepanshu Kartikey <kartikey406@gmail.com>
Date:   Tue Sep 23 19:02:45 2025 +0530

    ext4: validate ea_ino and size in check_xattrs
    
    commit 44d2a72f4d64655f906ba47a5e108733f59e6f28 upstream.
    
    During xattr block validation, check_xattrs() processes xattr entries
    without validating that entries claiming to use EA inodes have non-zero
    sizes. Corrupted filesystems may contain xattr entries where e_value_size
    is zero but e_value_inum is non-zero, indicating invalid xattr data.
    
    Add validation in check_xattrs() to detect this corruption pattern early
    and return -EFSCORRUPTED, preventing invalid xattr entries from causing
    issues throughout the ext4 codebase.
    
    Cc: stable@kernel.org
    Suggested-by: Theodore Ts'o <tytso@mit.edu>
    Reported-by: syzbot+4c9d23743a2409b80293@syzkaller.appspotmail.com
    Link: https://syzkaller.appspot.com/bug?extid=4c9d23743a2409b80293
    Signed-off-by: Deepanshu Kartikey <kartikey406@gmail.com>
    Signed-off-by: Theodore Ts'o <tytso@mit.edu>
    Message-ID: <20250923133245.1091761-1-kartikey406@gmail.com>
    Signed-off-by: Theodore Ts'o <tytso@mit.edu>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

 fs/ext4/xattr.c | 4 ++++
 1 file changed, 4 insertions(+)

accumulated error probability: 0.00
culprit signature: b4e52fe4cc532e0a6dd8fc21c282b84b084888536b965c72e2812fd655903b44
parent  signature: bdcbc8147177aba23c31827d558439887c36066ec7b3de2fd08f13f5f70e0758
revisions tested: 18, total time: 5h33m19.290540366s (build: 2h56m59.349959341s, test: 2h23m7.742863148s)
first good commit: 720a66fdaa6ce3d68e5ad4a469fd428a8d7ce571 ext4: validate ea_ino and size in check_xattrs
recipients (to): ["gregkh@linuxfoundation.org" "kartikey406@gmail.com" "tytso@mit.edu"]
recipients (cc): []