bisecting fixing commit since 811218eceeaa7618652e1b8d11caeff67ab42072 building syzkaller on a5f86b15f4f60350198e4b98fb7451d45d38a186 testing commit 811218eceeaa7618652e1b8d11caeff67ab42072 compiler: gcc version 8.4.1 20210217 (GCC) kernel signature: c38f9eabdb738be91a152b3a8ea438278e68a3c6735455f47bb6cc720f8d7987 run #0: crashed: KASAN: slab-out-of-bounds Write in ext4_write_inline_data run #1: crashed: KASAN: slab-out-of-bounds Write in ext4_write_inline_data run #2: crashed: KASAN: use-after-free Write in ext4_write_inline_data run #3: crashed: KASAN: slab-out-of-bounds Write in ext4_write_inline_data run #4: crashed: KASAN: use-after-free Write in ext4_write_inline_data run #5: crashed: KASAN: use-after-free Write in ext4_write_inline_data run #6: crashed: KASAN: use-after-free Write in ext4_write_inline_data run #7: crashed: KASAN: use-after-free Write in ext4_write_inline_data run #8: crashed: KASAN: slab-out-of-bounds Write in ext4_write_inline_data run #9: crashed: KASAN: slab-out-of-bounds Write in ext4_write_inline_data run #10: crashed: KASAN: use-after-free Write in ext4_write_inline_data run #11: crashed: KASAN: use-after-free Write in ext4_write_inline_data run #12: crashed: KASAN: use-after-free Write in ext4_write_inline_data run #13: crashed: KASAN: use-after-free Write in ext4_write_inline_data run #14: crashed: KASAN: slab-out-of-bounds Write in ext4_write_inline_data run #15: crashed: KASAN: slab-out-of-bounds Write in ext4_write_inline_data run #16: crashed: KASAN: slab-out-of-bounds Write in ext4_write_inline_data run #17: crashed: KASAN: slab-out-of-bounds Write in ext4_write_inline_data run #18: crashed: KASAN: slab-out-of-bounds Write in ext4_write_inline_data run #19: crashed: KASAN: use-after-free Write in ext4_write_inline_data testing current HEAD c2276d585654e8d573366c29c565043ec36adf63 testing commit c2276d585654e8d573366c29c565043ec36adf63 compiler: gcc version 8.4.1 20210217 (GCC) kernel signature: a2e827fe8ee57454535591f5415dca52e33849e89c225dc0707b0c1515d0369b all runs: OK # git bisect start c2276d585654e8d573366c29c565043ec36adf63 811218eceeaa7618652e1b8d11caeff67ab42072 Bisecting: 1486 revisions left to test after this (roughly 11 steps) [24347f561816634ab780bf7e03deeb049898b3bc] mac80211: do not accept/forward invalid EAPOL frames testing commit 24347f561816634ab780bf7e03deeb049898b3bc compiler: gcc version 8.4.1 20210217 (GCC) kernel signature: d66d2d446937cbd27ea3826c60bc7ffb8ab75671e2801a958a72413be67aab00 run #0: crashed: KASAN: use-after-free Write in ext4_write_inline_data run #1: crashed: KASAN: slab-out-of-bounds Write in ext4_write_inline_data run #2: crashed: KASAN: slab-out-of-bounds Write in ext4_write_inline_data run #3: crashed: KASAN: use-after-free Write in ext4_write_inline_data run #4: crashed: KASAN: slab-out-of-bounds Write in ext4_write_inline_data run #5: crashed: KASAN: use-after-free Write in ext4_write_inline_data run #6: crashed: KASAN: slab-out-of-bounds Write in ext4_write_inline_data run #7: crashed: KASAN: use-after-free Write in ext4_write_inline_data run #8: crashed: KASAN: slab-out-of-bounds Write in ext4_write_inline_data run #9: crashed: KASAN: use-after-free Write in ext4_write_inline_data # git bisect good 24347f561816634ab780bf7e03deeb049898b3bc Bisecting: 743 revisions left to test after this (roughly 10 steps) [6a8a25196a818096f02c187233812c312359c1c9] ACPI: AMBA: Fix resource name in /proc/iomem testing commit 6a8a25196a818096f02c187233812c312359c1c9 compiler: gcc version 8.4.1 20210217 (GCC) kernel signature: 220de4244f47a2a07d54be1ed26f17b9ec78d973f0b5280d17626dc3ab45d819 run #0: crashed: KASAN: slab-out-of-bounds Write in ext4_write_inline_data run #1: crashed: KASAN: slab-out-of-bounds Write in ext4_write_inline_data run #2: crashed: KASAN: use-after-free Write in ext4_write_inline_data run #3: crashed: KASAN: slab-out-of-bounds Write in ext4_write_inline_data run #4: crashed: KASAN: use-after-free Write in ext4_write_inline_data run #5: crashed: KASAN: use-after-free Write in ext4_write_inline_data run #6: crashed: KASAN: slab-out-of-bounds Write in ext4_write_inline_data run #7: crashed: KASAN: use-after-free Write in ext4_write_inline_data run #8: crashed: KASAN: use-after-free Write in ext4_write_inline_data run #9: crashed: KASAN: slab-out-of-bounds Write in ext4_write_inline_data # git bisect good 6a8a25196a818096f02c187233812c312359c1c9 Bisecting: 371 revisions left to test after this (roughly 9 steps) [299400448c7889dd4293f2e2d34e8276ceae40da] slimbus: ngd: reset dma setup during runtime pm testing commit 299400448c7889dd4293f2e2d34e8276ceae40da compiler: gcc version 8.4.1 20210217 (GCC) kernel signature: bcac6d45148f8f2a88ba8b9de3b01ce64a183a58e9197be42d7387769a236e80 run #0: crashed: KASAN: slab-out-of-bounds Write in ext4_write_inline_data run #1: crashed: KASAN: slab-out-of-bounds Write in ext4_write_inline_data run #2: crashed: KASAN: use-after-free Write in ext4_write_inline_data run #3: crashed: KASAN: slab-out-of-bounds Write in ext4_write_inline_data run #4: crashed: KASAN: slab-out-of-bounds Write in ext4_write_inline_data run #5: crashed: KASAN: use-after-free Write in ext4_write_inline_data run #6: crashed: KASAN: slab-out-of-bounds Write in ext4_write_inline_data run #7: crashed: KASAN: slab-out-of-bounds Write in ext4_write_inline_data run #8: crashed: KASAN: slab-out-of-bounds Write in ext4_write_inline_data run #9: crashed: KASAN: use-after-free Write in ext4_write_inline_data # git bisect good 299400448c7889dd4293f2e2d34e8276ceae40da Bisecting: 185 revisions left to test after this (roughly 8 steps) [aab312696d37de80502ca633b40184de24f22917] crypto: public_key: fix overflow during implicit conversion testing commit aab312696d37de80502ca633b40184de24f22917 compiler: gcc version 8.4.1 20210217 (GCC) kernel signature: e9ce47440b0cfde898edc53b288f9fcda17e2b56221d50a7d05f6164ae370711 all runs: OK # git bisect bad aab312696d37de80502ca633b40184de24f22917 Bisecting: 92 revisions left to test after this (roughly 7 steps) [38b589d176e83693868db60d78307e5ba629bc23] crypto: qat - fix naming for init/shutdown VF to PF notifications testing commit 38b589d176e83693868db60d78307e5ba629bc23 compiler: gcc version 8.4.1 20210217 (GCC) kernel signature: dd3a1e2801b7fd461500c40ab706b5d7dd84569a111c8c73b2ef1f9555d26b1b all runs: OK # git bisect bad 38b589d176e83693868db60d78307e5ba629bc23 Bisecting: 46 revisions left to test after this (roughly 6 steps) [42150e1b46a474541f677c759ac61599277c8a9c] gpu: ipu-v3: Fix i.MX IPU-v3 offset calculations for (semi)planar U/V formats testing commit 42150e1b46a474541f677c759ac61599277c8a9c compiler: gcc version 8.4.1 20210217 (GCC) kernel signature: ad94aca07fb8f21927a0ff199df7b05f904e5612cda37abff621f9cacb56fffb all runs: OK # git bisect bad 42150e1b46a474541f677c759ac61599277c8a9c Bisecting: 22 revisions left to test after this (roughly 5 steps) [aa3cb20d13acc8c314249199bb69ce6c69d8c9d0] e1000e: Fix the max snoop/no-snoop latency for 10M testing commit aa3cb20d13acc8c314249199bb69ce6c69d8c9d0 compiler: gcc version 8.4.1 20210217 (GCC) kernel signature: c7e0c74347816d37695e4796b29332d679f823c850a179ee4dd0e0e17b0db024 run #0: crashed: KASAN: use-after-free Write in ext4_write_inline_data run #1: crashed: KASAN: use-after-free Write in ext4_write_inline_data run #2: crashed: KASAN: use-after-free Write in ext4_write_inline_data run #3: crashed: KASAN: slab-out-of-bounds Write in ext4_write_inline_data run #4: crashed: KASAN: use-after-free Write in ext4_write_inline_data run #5: crashed: KASAN: use-after-free Write in ext4_write_inline_data run #6: crashed: KASAN: slab-out-of-bounds Write in ext4_write_inline_data run #7: crashed: KASAN: use-after-free Write in ext4_write_inline_data run #8: crashed: KASAN: slab-out-of-bounds Write in ext4_write_inline_data run #9: crashed: KASAN: use-after-free Write in ext4_write_inline_data # git bisect good aa3cb20d13acc8c314249199bb69ce6c69d8c9d0 Bisecting: 11 revisions left to test after this (roughly 4 steps) [e7f5aefd15d9d020065f6f076e2b6e054198317a] qed: Fix null-pointer dereference in qed_rdma_create_qp() testing commit e7f5aefd15d9d020065f6f076e2b6e054198317a compiler: gcc version 8.4.1 20210217 (GCC) kernel signature: 0d7e90d41c90d478e0603cf634de8f65403aa6fe7b448d13ec7177d65812fa26 run #0: crashed: KASAN: use-after-free Write in ext4_write_inline_data run #1: crashed: KASAN: use-after-free Write in ext4_write_inline_data run #2: crashed: KASAN: slab-out-of-bounds Write in ext4_write_inline_data run #3: crashed: KASAN: use-after-free Write in ext4_write_inline_data run #4: crashed: KASAN: use-after-free Write in ext4_write_inline_data run #5: crashed: KASAN: slab-out-of-bounds Write in ext4_write_inline_data run #6: crashed: KASAN: use-after-free Write in ext4_write_inline_data run #7: crashed: KASAN: use-after-free Write in ext4_write_inline_data run #8: crashed: KASAN: slab-out-of-bounds Write in ext4_write_inline_data run #9: crashed: KASAN: use-after-free Write in ext4_write_inline_data # git bisect good e7f5aefd15d9d020065f6f076e2b6e054198317a Bisecting: 5 revisions left to test after this (roughly 3 steps) [3db3ec8f3b414fa76d3a9ae864781ebbb1709a36] KVM: x86/mmu: Treat NX as used (not reserved) for all !TDP shadow MMUs testing commit 3db3ec8f3b414fa76d3a9ae864781ebbb1709a36 compiler: gcc version 8.4.1 20210217 (GCC) kernel signature: 20befedeaf5b74627bb2be3536dae2b0cb1e5468f4c687bb1f06b7897cf03f17 run #0: crashed: KASAN: use-after-free Write in ext4_write_inline_data run #1: crashed: KASAN: slab-out-of-bounds Write in ext4_write_inline_data run #2: crashed: KASAN: use-after-free Write in ext4_write_inline_data run #3: crashed: KASAN: use-after-free Write in ext4_write_inline_data run #4: crashed: KASAN: use-after-free Write in ext4_write_inline_data run #5: crashed: KASAN: slab-out-of-bounds Write in ext4_write_inline_data run #6: crashed: KASAN: use-after-free Write in ext4_write_inline_data run #7: crashed: KASAN: use-after-free Write in ext4_write_inline_data run #8: crashed: KASAN: use-after-free Write in ext4_write_inline_data run #9: crashed: KASAN: use-after-free Write in ext4_write_inline_data # git bisect good 3db3ec8f3b414fa76d3a9ae864781ebbb1709a36 Bisecting: 2 revisions left to test after this (roughly 2 steps) [b172b44fcb1771e083aad806fa96f3f60e2ddfac] Linux 4.19.206 testing commit b172b44fcb1771e083aad806fa96f3f60e2ddfac compiler: gcc version 8.4.1 20210217 (GCC) kernel signature: d78f3b8df218fc7af159be50e1037fa510b2915c60a9492e4a66df006966dc47 run #0: crashed: KASAN: use-after-free Write in ext4_write_inline_data run #1: crashed: KASAN: use-after-free Write in ext4_write_inline_data run #2: crashed: KASAN: slab-out-of-bounds Write in ext4_write_inline_data run #3: crashed: KASAN: slab-out-of-bounds Write in ext4_write_inline_data run #4: crashed: KASAN: use-after-free Write in ext4_write_inline_data run #5: crashed: KASAN: slab-out-of-bounds Write in ext4_write_inline_data run #6: crashed: KASAN: slab-out-of-bounds Write in ext4_write_inline_data run #7: crashed: KASAN: use-after-free Write in ext4_write_inline_data run #8: crashed: KASAN: slab-out-of-bounds Write in ext4_write_inline_data run #9: crashed: KASAN: slab-out-of-bounds Write in ext4_write_inline_data # git bisect good b172b44fcb1771e083aad806fa96f3f60e2ddfac Bisecting: 0 revisions left to test after this (roughly 1 step) [79a08818e97e52befb0a6d8e8a4461101c46facc] xtensa: fix kconfig unmet dependency warning for HAVE_FUTEX_CMPXCHG testing commit 79a08818e97e52befb0a6d8e8a4461101c46facc compiler: gcc version 8.4.1 20210217 (GCC) kernel signature: ad94aca07fb8f21927a0ff199df7b05f904e5612cda37abff621f9cacb56fffb all runs: OK # git bisect bad 79a08818e97e52befb0a6d8e8a4461101c46facc Bisecting: 0 revisions left to test after this (roughly 0 steps) [c481607ba522e31e6ed01efefc19cc1d0e0a46fa] ext4: fix race writing to an inline_data file while its xattrs are changing testing commit c481607ba522e31e6ed01efefc19cc1d0e0a46fa compiler: gcc version 8.4.1 20210217 (GCC) kernel signature: ad94aca07fb8f21927a0ff199df7b05f904e5612cda37abff621f9cacb56fffb all runs: OK # git bisect bad c481607ba522e31e6ed01efefc19cc1d0e0a46fa c481607ba522e31e6ed01efefc19cc1d0e0a46fa is the first bad commit commit c481607ba522e31e6ed01efefc19cc1d0e0a46fa Author: Theodore Ts'o Date: Fri Aug 20 23:44:17 2021 -0400 ext4: fix race writing to an inline_data file while its xattrs are changing commit a54c4613dac1500b40e4ab55199f7c51f028e848 upstream. The location of the system.data extended attribute can change whenever xattr_sem is not taken. So we need to recalculate the i_inline_off field since it mgiht have changed between ext4_write_begin() and ext4_write_end(). This means that caching i_inline_off is probably not helpful, so in the long run we should probably get rid of it and shrink the in-memory ext4 inode slightly, but let's fix the race the simple way for now. Cc: stable@kernel.org Fixes: f19d5870cbf72 ("ext4: add normal write support for inline data") Reported-by: syzbot+13146364637c7363a7de@syzkaller.appspotmail.com Signed-off-by: Theodore Ts'o Signed-off-by: Greg Kroah-Hartman fs/ext4/inline.c | 6 ++++++ 1 file changed, 6 insertions(+) culprit signature: ad94aca07fb8f21927a0ff199df7b05f904e5612cda37abff621f9cacb56fffb parent signature: d78f3b8df218fc7af159be50e1037fa510b2915c60a9492e4a66df006966dc47 revisions tested: 14, total time: 3h45m1.567762372s (build: 2h25m45.700291072s, test: 1h17m36.962167877s) first good commit: c481607ba522e31e6ed01efefc19cc1d0e0a46fa ext4: fix race writing to an inline_data file while its xattrs are changing recipients (to): ["adilger.kernel@dilger.ca" "gregkh@linuxfoundation.org" "linux-ext4@vger.kernel.org" "tytso@mit.edu" "tytso@mit.edu"] recipients (cc): ["linux-kernel@vger.kernel.org"]