ci2 starts bisection 2026-05-09 05:24:26.150837865 +0000 UTC m=+15130.990903480 bisecting fixing commit since 9136079e403ad15ed26ea110e148d3555a295f84 building syzkaller on 176bead5023749b301d573375d79dabee4d0d888 ensuring issue is reproducible on original commit 9136079e403ad15ed26ea110e148d3555a295f84 testing commit 9136079e403ad15ed26ea110e148d3555a295f84 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.44 kernel signature: 7b00ce9b85a85b96ed8e18ca1f4a2fb266dad549db52111e6c0b3104694983da run #0: crashed: kernel BUG in ext4_ext_insert_extent run #1: crashed: kernel BUG in ext4_es_cache_extent run #2: crashed: kernel BUG in ext4_split_extent_at run #3: crashed: kernel BUG in ext4_mb_normalize_request run #4: crashed: kernel BUG in ext4_ext_insert_extent run #5: crashed: kernel BUG in ext4_es_cache_extent run #6: crashed: kernel BUG in ext4_mb_normalize_request run #7: crashed: kernel BUG in ext4_ext_insert_extent run #8: crashed: kernel BUG in ext4_split_extent_at run #9: crashed: kernel BUG in ext4_ext_insert_extent run #10: crashed: kernel BUG in ext4_ext_insert_extent run #11: crashed: kernel BUG in ext4_split_extent_at run #12: crashed: kernel BUG in ext4_ext_insert_extent run #13: crashed: kernel BUG in ext4_es_cache_extent run #14: crashed: kernel BUG in ext4_ext_insert_extent run #15: crashed: kernel BUG in ext4_split_extent_at run #16: crashed: kernel BUG in ext4_ext_insert_extent run #17: crashed: kernel BUG in ext4_ext_insert_extent run #18: crashed: kernel BUG in ext4_ext_insert_extent run #19: crashed: KASAN: use-after-free Read in ext4_find_extent representative crash: kernel BUG in ext4_ext_insert_extent, types: [BUG] check whether we can drop unnecessary instrumentation disabling configs for [ubsan kasan locking atomic_sleep hang memleak], they are not needed testing commit 9136079e403ad15ed26ea110e148d3555a295f84 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.44 kernel signature: 621f2b355fe0b951c39228972fea01d2f06287aa265d995541bf3d2a0e7ab455 run #0: crashed: kernel BUG in ext4_split_extent_at run #1: crashed: kernel BUG in ext4_split_extent_at run #2: crashed: kernel BUG in ext4_es_cache_extent run #3: crashed: kernel BUG in ext4_mb_normalize_request run #4: crashed: kernel BUG in ext4_split_extent_at run #5: crashed: kernel BUG in ext4_mb_normalize_request run #6: crashed: kernel BUG in ext4_ext_insert_extent run #7: crashed: kernel BUG in ext4_ext_insert_extent run #8: crashed: kernel BUG in ext4_mb_normalize_request run #9: crashed: kernel BUG in ext4_mb_normalize_request representative crash: kernel BUG in ext4_split_extent_at, types: [BUG] the bug reproduces without the instrumentation disabling configs for [ubsan kasan locking atomic_sleep hang memleak], they are not needed kconfig minimization: base=4788 full=6025 leaves diff=248 split chunks (needed=false): <248> split chunk #0 of len 248 into 5 parts testing without sub-chunk 1/5 disabling configs for [memleak ubsan kasan locking atomic_sleep hang], they are not needed testing commit 9136079e403ad15ed26ea110e148d3555a295f84 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.44 kernel signature: d87dd9bdbda27d05658aa569151c7251879449717c82f359b2dd6ed3e21a18da run #0: crashed: kernel BUG in ext4_mb_normalize_request run #1: crashed: kernel BUG in ext4_split_extent_at run #2: crashed: kernel BUG in ext4_mb_use_inode_pa run #3: crashed: kernel BUG in ext4_split_extent_at run #4: crashed: kernel BUG in ext4_split_extent_at run #5: crashed: kernel BUG in ext4_split_extent_at run #6: crashed: kernel BUG in ext4_mb_normalize_request run #7: crashed: kernel BUG in ext4_mb_normalize_request run #8: crashed: kernel BUG in ext4_split_extent_at run #9: crashed: kernel BUG in ext4_split_extent_at representative crash: kernel BUG in ext4_mb_normalize_request, types: [BUG] the chunk can be dropped testing without sub-chunk 2/5 disabling configs for [hang memleak ubsan kasan locking atomic_sleep], they are not needed testing commit 9136079e403ad15ed26ea110e148d3555a295f84 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.44 kernel signature: f7cb632b9b5b793907f349b31aa50fbc073a6b1c2637b90a5f13a9cb5308632e run #0: crashed: kernel BUG in ext4_ext_insert_extent run #1: crashed: kernel BUG in ext4_ext_insert_extent run #2: crashed: kernel BUG in ext4_split_extent_at run #3: crashed: kernel BUG in ext4_split_extent_at run #4: crashed: kernel BUG in ext4_split_extent_at run #5: crashed: kernel BUG in ext4_mb_normalize_request run #6: crashed: kernel BUG in ext4_split_extent_at run #7: crashed: kernel BUG in ext4_mb_normalize_request run #8: crashed: kernel BUG in ext4_split_extent_at run #9: crashed: kernel BUG in ext4_split_extent_at representative crash: kernel BUG in ext4_ext_insert_extent, types: [BUG] the chunk can be dropped testing without sub-chunk 3/5 disabling configs for [hang memleak ubsan kasan locking atomic_sleep], they are not needed testing commit 9136079e403ad15ed26ea110e148d3555a295f84 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.44 kernel signature: 7746fd1a4884560a5ae6d15e748b8ca6ad6fd7e42d2dd4cbf299c6e8ee9405d6 run #0: crashed: kernel BUG in ext4_ext_insert_extent run #1: crashed: kernel BUG in ext4_split_extent_at run #2: crashed: kernel BUG in ext4_split_extent_at run #3: crashed: kernel BUG in ext4_split_extent_at run #4: crashed: kernel BUG in ext4_split_extent_at run #5: crashed: kernel BUG in ext4_split_extent_at run #6: crashed: kernel BUG in ext4_mb_use_inode_pa run #7: crashed: kernel BUG in ext4_split_extent_at run #8: crashed: kernel BUG in ext4_split_extent_at run #9: crashed: kernel BUG in ext4_ext_insert_extent representative crash: kernel BUG in ext4_ext_insert_extent, types: [BUG] the chunk can be dropped testing without sub-chunk 4/5 disabling configs for [hang memleak ubsan kasan locking atomic_sleep], they are not needed testing commit 9136079e403ad15ed26ea110e148d3555a295f84 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.44 kernel signature: 0aab104344104a8cef43eb86eecc69a975bb835e4546954ada53aa1a7041846e run #0: crashed: kernel BUG in ext4_split_extent_at run #1: crashed: kernel BUG in ext4_ext_insert_extent run #2: crashed: kernel BUG in ext4_split_extent_at run #3: crashed: kernel BUG in ext4_es_cache_extent run #4: crashed: kernel BUG in ext4_mb_use_inode_pa run #5: crashed: kernel BUG in ext4_split_extent_at run #6: crashed: kernel BUG in ext4_mb_normalize_request run #7: crashed: BUG: unable to handle kernel NULL pointer dereference in ext4_finish_bio run #8: crashed: kernel BUG in ext4_ext_insert_extent run #9: crashed: kernel BUG in ext4_ext_insert_extent representative crash: kernel BUG in ext4_split_extent_at, types: [BUG] the chunk can be dropped testing without sub-chunk 5/5 disabling configs for [atomic_sleep hang memleak ubsan kasan locking], they are not needed testing commit 9136079e403ad15ed26ea110e148d3555a295f84 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.44 failed building 9136079e403ad15ed26ea110e148d3555a295f84: net/socket.c:1128:(.text+0x837): undefined reference to `wext_handle_ioctl' net/socket.c:3397:(.text+0xa28): undefined reference to `compat_wext_handle_ioctl' net/core/net-procfs.c:346:(.text+0x109): undefined reference to `wext_proc_exit' net/core/net-procfs.c:330:(.text+0x1e4): undefined reference to `wext_proc_init' minimized to 48 configs; suspects: [HID_ZEROPLUS USB_NET_CDC_SUBSET USB_NET_CDC_SUBSET_ENABLE USB_NET_DM9601 USB_NET_GL620A USB_NET_MCS7830 USB_NET_NET1080 USB_NET_PLUSB USB_NET_RNDIS_HOST USB_NET_SMSC75XX USB_NET_SMSC95XX USB_NET_SR9700 USB_NET_SR9800 USB_NET_ZAURUS USB_OHCI_HCD USB_OHCI_HCD_PCI USB_OHCI_HCD_PLATFORM USB_OTG USB_OTG_FSM USB_PRINTER USB_SERIAL USB_SERIAL_FTDI_SIO USB_SERIAL_GENERIC USB_SERIAL_PL2303 USB_STORAGE_ALAUDA USB_STORAGE_CYPRESS_ATACB USB_STORAGE_DATAFAB USB_STORAGE_FREECOM USB_STORAGE_ISD200 USB_STORAGE_JUMPSHOT USB_STORAGE_KARMA USB_STORAGE_ONETOUCH USB_STORAGE_SDDR09 USB_STORAGE_SDDR55 USB_STORAGE_USBAT USB_TRANCEVIBRATOR USB_U_AUDIO USB_U_ETHER USB_U_SERIAL USB_WDM USB_XHCI_PCI_RENESAS WLAN WLAN_VENDOR_ATH WLAN_VENDOR_ATMEL WLAN_VENDOR_BROADCOM WLAN_VENDOR_INTERSIL WLAN_VENDOR_MARVELL WLAN_VENDOR_MEDIATEK WLAN_VENDOR_MICROCHIP WLAN_VENDOR_RALINK WLAN_VENDOR_REALTEK WLAN_VENDOR_RSI WLAN_VENDOR_ZYDAS ZEROPLUS_FF] disabling configs for [atomic_sleep hang memleak ubsan kasan locking], they are not needed testing current HEAD 5feb5545d40a606710dea0c26c732f3050ee29cd testing commit 5feb5545d40a606710dea0c26c732f3050ee29cd gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.44 kernel signature: 7e07c3d911e2320ee713ddbf9d81dd3244d9ca2bfa914ea978fbc2884aaba847 all runs: OK false negative chance: 0.000 # git bisect start 5feb5545d40a606710dea0c26c732f3050ee29cd 9136079e403ad15ed26ea110e148d3555a295f84 Bisecting: 182 revisions left to test after this (roughly 8 steps) [1148450f947b188c99c012c89993ee467f32f4f5] iio: imu: inv_icm42600: fix odr switch when turning buffer off determine whether the revision contains the guilty commit checking the merge base aed5c3b77cd53ba74f66767b03bfb9177662af4b no existing result, test the revision testing commit aed5c3b77cd53ba74f66767b03bfb9177662af4b gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.44 kernel signature: 7ab1e321fc1f28a5431e5e5b73dc7b21974528254e30003e5dfea2df349848a5 run #0: crashed: kernel BUG in ext4_ext_insert_extent run #1: crashed: kernel BUG in ext4_split_extent_at run #2: crashed: kernel BUG in ext4_split_extent_at run #3: crashed: kernel BUG in ext4_es_cache_extent run #4: crashed: kernel BUG in ext4_mb_normalize_request run #5: crashed: kernel BUG in ext4_es_insert_extent run #6: crashed: kernel BUG in ext4_split_extent_at run #7: crashed: kernel BUG in ext4_split_extent_at run #8: OK run #9: crashed: kernel BUG in ext4_ext_insert_extent representative crash: kernel BUG in ext4_ext_insert_extent, types: [BUG] testing commit 1148450f947b188c99c012c89993ee467f32f4f5 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.44 kernel signature: 6f9f8415b4c1231a6673d030fcb7605643f6c5982cdbe13b0772ba5170a25b99 run #0: crashed: kernel BUG in ext4_ext_insert_extent run #1: crashed: kernel BUG in ext4_split_extent_at run #2: crashed: kernel BUG in ext4_ext_insert_extent run #3: crashed: kernel BUG in ext4_split_extent_at run #4: crashed: kernel BUG in ext4_ext_insert_extent run #5: crashed: kernel BUG in ext4_ext_map_blocks run #6: crashed: kernel BUG in ext4_split_extent_at run #7: crashed: kernel BUG in ext4_mb_normalize_request run #8: crashed: kernel BUG in ext4_ext_insert_extent run #9: crashed: kernel BUG in ext4_split_extent_at representative crash: kernel BUG in ext4_ext_insert_extent, types: [BUG] # git bisect good 1148450f947b188c99c012c89993ee467f32f4f5 Bisecting: 91 revisions left to test after this (roughly 7 steps) [342aae6459e1d0631d990dd293887da755d1aa43] x86/fault: Fold mm_fault_error() into do_user_addr_fault() determine whether the revision contains the guilty commit revision aed5c3b77cd53ba74f66767b03bfb9177662af4b crashed and is reachable testing commit 342aae6459e1d0631d990dd293887da755d1aa43 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.44 kernel signature: 9c5ea0a29139ff41c4bc2c9029f709409c1c9ae4ac8c46ae461bcd42d2b1ba97 run #0: crashed: kernel BUG in ext4_split_extent_at run #1: crashed: kernel BUG in ext4_ext_insert_extent run #2: crashed: kernel BUG in ext4_mb_normalize_request run #3: crashed: kernel BUG in ext4_split_extent_at run #4: crashed: kernel BUG in ext4_ext_insert_extent run #5: crashed: kernel BUG in ext4_mb_normalize_request run #6: crashed: kernel BUG in ext4_split_extent_at run #7: crashed: kernel BUG in ext4_es_cache_extent run #8: crashed: kernel BUG in ext4_es_cache_extent run #9: crashed: kernel BUG in ext4_split_extent_at representative crash: kernel BUG in ext4_split_extent_at, types: [BUG] # git bisect good 342aae6459e1d0631d990dd293887da755d1aa43 Bisecting: 45 revisions left to test after this (roughly 6 steps) [c68433fd291c9e88c00292095172c62d1997d662] bridge: br_nd_send: linearize skb before parsing ND options determine whether the revision contains the guilty commit revision 1148450f947b188c99c012c89993ee467f32f4f5 crashed and is reachable testing commit c68433fd291c9e88c00292095172c62d1997d662 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.44 kernel signature: 1dfbbf5b3a288f84a1fdfdf1fa5274889b9551fa7345006bf72fbadbbe321b32 all runs: OK false negative chance: 0.000 # git bisect bad c68433fd291c9e88c00292095172c62d1997d662 Bisecting: 22 revisions left to test after this (roughly 5 steps) [fea6b2e250ff48f10d166011b57a8516ae5438c9] ext4: avoid allocate block from corrupted group in ext4_mb_find_by_goal() determine whether the revision contains the guilty commit revision aed5c3b77cd53ba74f66767b03bfb9177662af4b crashed and is reachable testing commit fea6b2e250ff48f10d166011b57a8516ae5438c9 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.44 kernel signature: cd151858ededf3001bc0f469e0a931a65039e15da55b842b6d6de06dfce2e993 run #0: crashed: kernel BUG in ext4_split_extent_at run #1: crashed: kernel BUG in ext4_split_extent_at run #2: crashed: kernel BUG in ext4_split_extent_at run #3: crashed: kernel BUG in ext4_mb_normalize_request run #4: crashed: kernel BUG in ext4_split_extent_at run #5: crashed: kernel BUG in ext4_split_extent_at run #6: crashed: kernel BUG in ext4_split_extent_at run #7: crashed: kernel BUG in ext4_ext_insert_extent run #8: crashed: kernel BUG in ext4_split_extent_at run #9: OK representative crash: kernel BUG in ext4_split_extent_at, types: [BUG] # git bisect good fea6b2e250ff48f10d166011b57a8516ae5438c9 Bisecting: 11 revisions left to test after this (roughly 4 steps) [d0ae84b3c9f3ea1a564eb1b7612113ca9fe8aada] HID: wacom: fix out-of-bounds read in wacom_intuos_bt_irq determine whether the revision contains the guilty commit revision aed5c3b77cd53ba74f66767b03bfb9177662af4b crashed and is reachable testing commit d0ae84b3c9f3ea1a564eb1b7612113ca9fe8aada gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.44 kernel signature: d4e24e82d146f7a2f46a617c825275ac669917cae469258ff241f3811b0b3429 all runs: OK false negative chance: 0.000 # git bisect bad d0ae84b3c9f3ea1a564eb1b7612113ca9fe8aada Bisecting: 5 revisions left to test after this (roughly 3 steps) [ee7887e70661d6e8e9cf1a3c42e12951d0189fc0] dmaengine: xilinx: xilinx_dma: Fix unmasked residue subtraction determine whether the revision contains the guilty commit revision fea6b2e250ff48f10d166011b57a8516ae5438c9 crashed and is reachable testing commit ee7887e70661d6e8e9cf1a3c42e12951d0189fc0 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.44 kernel signature: c539c917db7d18454d5cb732487f470ad10e56cde6db0df175dc1bf89b0a229f all runs: OK false negative chance: 0.000 # git bisect bad ee7887e70661d6e8e9cf1a3c42e12951d0189fc0 Bisecting: 2 revisions left to test after this (roughly 1 step) [b4e0ef9f5d116760e6f13d03d47c8fced244508a] phy: ti: j721e-wiz: Fix device node reference leak in wiz_get_lane_phy_types() determine whether the revision contains the guilty commit revision fea6b2e250ff48f10d166011b57a8516ae5438c9 crashed and is reachable testing commit b4e0ef9f5d116760e6f13d03d47c8fced244508a gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.44 kernel signature: 170cb4b9f189b59e7f70120c36f5dc8778ad770b1cb73b0704c313060fa04cae all runs: OK false negative chance: 0.000 # git bisect bad b4e0ef9f5d116760e6f13d03d47c8fced244508a Bisecting: 0 revisions left to test after this (roughly 0 steps) [5ad6d994255e27a3254079dfb50ca861fc31f2d0] ext4: reject mount if bigalloc with s_first_data_block != 0 determine whether the revision contains the guilty commit revision fea6b2e250ff48f10d166011b57a8516ae5438c9 crashed and is reachable testing commit 5ad6d994255e27a3254079dfb50ca861fc31f2d0 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.44 kernel signature: 3612a17d37d3f70a24d2c7783bdac3f67bedf6ea915a49f0ad197325bd4d81b1 all runs: OK false negative chance: 0.000 # git bisect bad 5ad6d994255e27a3254079dfb50ca861fc31f2d0 5ad6d994255e27a3254079dfb50ca861fc31f2d0 is the first bad commit commit 5ad6d994255e27a3254079dfb50ca861fc31f2d0 Author: Helen Koike Date: Tue Mar 17 11:23:10 2026 -0300 ext4: reject mount if bigalloc with s_first_data_block != 0 commit 3822743dc20386d9897e999dbb990befa3a5b3f8 upstream. bigalloc with s_first_data_block != 0 is not supported, reject mounting it. Signed-off-by: Helen Koike Suggested-by: Theodore Ts'o Reported-by: syzbot+b73703b873a33d8eb8f6@syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=b73703b873a33d8eb8f6 Link: https://patch.msgid.link/20260317142325.135074-1-koike@igalia.com Signed-off-by: Theodore Ts'o Cc: stable@kernel.org Signed-off-by: Greg Kroah-Hartman fs/ext4/super.c | 7 +++++++ 1 file changed, 7 insertions(+) accumulated error probability: 0.00 culprit signature: 3612a17d37d3f70a24d2c7783bdac3f67bedf6ea915a49f0ad197325bd4d81b1 parent signature: cd151858ededf3001bc0f469e0a931a65039e15da55b842b6d6de06dfce2e993 revisions tested: 16, total time: 4h21m11.989548346s (build: 49m44.575316775s, test: 3h4m28.518619108s) first good commit: 5ad6d994255e27a3254079dfb50ca861fc31f2d0 ext4: reject mount if bigalloc with s_first_data_block != 0 recipients (to): ["gregkh@linuxfoundation.org" "koike@igalia.com" "tytso@mit.edu"] recipients (cc): []