ci2 starts bisection 2025-09-07 19:42:11.803900197 +0000 UTC m=+322846.792874143 bisecting fixing commit since cf6ed0f1511dde4812a5a30a1450af323934dad9 building syzkaller on 3d2f584ddab119da50e8a8d26765aa98d3b33c02 ensuring issue is reproducible on original commit cf6ed0f1511dde4812a5a30a1450af323934dad9 testing commit cf6ed0f1511dde4812a5a30a1450af323934dad9 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: b4d46675cdd6be7ab68aacc072dbeeb6456babb079410fd185e4bd952b15cc53 all runs: crashed: kernel BUG in ext4_create_inline_data representative crash: kernel BUG in ext4_create_inline_data, types: [BUG] check whether we can drop unnecessary instrumentation disabling configs for [memleak ubsan kasan locking atomic_sleep hang], they are not needed testing commit cf6ed0f1511dde4812a5a30a1450af323934dad9 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 0e4a70494c4fb0b93bee772a70f7e2ce54ba7e828f788bbb1bd985b40ffe41ea all runs: crashed: kernel BUG in ext4_create_inline_data representative crash: kernel BUG in ext4_create_inline_data, types: [BUG] the bug reproduces without the instrumentation disabling configs for [memleak ubsan kasan locking atomic_sleep hang], they are not needed kconfig minimization: base=4788 full=6022 leaves diff=244 split chunks (needed=false): <244> split chunk #0 of len 244 into 5 parts testing without sub-chunk 1/5 disabling configs for [kasan locking atomic_sleep hang memleak ubsan], they are not needed testing commit cf6ed0f1511dde4812a5a30a1450af323934dad9 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: b0b6e4847476629ef71cd4615c68226cd29ed6f5c4a48bd69f33787cf13ec9b7 all runs: crashed: kernel BUG in ext4_create_inline_data representative crash: kernel BUG in ext4_create_inline_data, types: [BUG] the chunk can be dropped testing without sub-chunk 2/5 disabling configs for [hang memleak ubsan kasan locking atomic_sleep], they are not needed testing commit cf6ed0f1511dde4812a5a30a1450af323934dad9 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: b89e9ba0c922399640f65493ff64f2c93134862be1f3cee9e484fb5bf10a9f48 all runs: crashed: kernel BUG in ext4_create_inline_data representative crash: kernel BUG in ext4_create_inline_data, types: [BUG] the chunk can be dropped testing without sub-chunk 3/5 disabling configs for [kasan locking atomic_sleep hang memleak ubsan], they are not needed testing commit cf6ed0f1511dde4812a5a30a1450af323934dad9 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 56cdf0721a27910567e3d13a42274c7dbc9f5c58ab04947a7f61161cd4b0e5f7 all runs: crashed: kernel BUG in ext4_create_inline_data representative crash: kernel BUG in ext4_create_inline_data, types: [BUG] the chunk can be dropped testing without sub-chunk 4/5 disabling configs for [ubsan kasan locking atomic_sleep hang memleak], they are not needed testing commit cf6ed0f1511dde4812a5a30a1450af323934dad9 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: ece15477cbdba008fb1a4a840c23554aca4f2c0dd3a10086f38abc8d6b98dbaf all runs: crashed: kernel BUG in ext4_create_inline_data representative crash: kernel BUG in ext4_create_inline_data, types: [BUG] the chunk can be dropped testing without sub-chunk 5/5 disabling configs for [locking atomic_sleep hang memleak ubsan kasan], they are not needed testing commit cf6ed0f1511dde4812a5a30a1450af323934dad9 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 failed building cf6ed0f1511dde4812a5a30a1450af323934dad9: net/socket.c:1128: undefined reference to `wext_handle_ioctl' net/socket.c:3397: undefined reference to `compat_wext_handle_ioctl' net/core/net-procfs.c:346: undefined reference to `wext_proc_exit' net/core/net-procfs.c:330: undefined reference to `wext_proc_init' minimized to 48 configs; suspects: [HID_ZEROPLUS USB_NET_CDC_SUBSET USB_NET_CDC_SUBSET_ENABLE USB_NET_DM9601 USB_NET_GL620A USB_NET_MCS7830 USB_NET_NET1080 USB_NET_PLUSB USB_NET_RNDIS_HOST USB_NET_SMSC75XX USB_NET_SMSC95XX USB_NET_SR9700 USB_NET_SR9800 USB_NET_ZAURUS USB_OHCI_HCD USB_OHCI_HCD_PCI USB_OHCI_HCD_PLATFORM USB_OTG USB_OTG_FSM USB_PRINTER USB_SERIAL USB_SERIAL_FTDI_SIO USB_SERIAL_GENERIC USB_SERIAL_PL2303 USB_STORAGE_ALAUDA USB_STORAGE_CYPRESS_ATACB USB_STORAGE_DATAFAB USB_STORAGE_FREECOM USB_STORAGE_ISD200 USB_STORAGE_JUMPSHOT USB_STORAGE_KARMA USB_STORAGE_ONETOUCH USB_STORAGE_SDDR09 USB_STORAGE_SDDR55 USB_STORAGE_USBAT USB_TRANCEVIBRATOR USB_U_AUDIO USB_U_ETHER USB_U_SERIAL USB_WDM USB_XHCI_PCI_RENESAS WLAN WLAN_VENDOR_ATH WLAN_VENDOR_ATMEL WLAN_VENDOR_BROADCOM WLAN_VENDOR_INTERSIL WLAN_VENDOR_MARVELL WLAN_VENDOR_MEDIATEK WLAN_VENDOR_MICROCHIP WLAN_VENDOR_RALINK WLAN_VENDOR_REALTEK WLAN_VENDOR_RSI WLAN_VENDOR_ZYDAS ZEROPLUS_FF] disabling configs for [memleak ubsan kasan locking atomic_sleep hang], they are not needed testing current HEAD 48647f2c6800c3eaa375f44ec58f3da7867eb85b testing commit 48647f2c6800c3eaa375f44ec58f3da7867eb85b gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: d1368ecc9f4f0cbda7b8eeacff50cea8b99556510b53c1844de7d8797a94dd8c all runs: OK false negative chance: 0.000 # git bisect start 48647f2c6800c3eaa375f44ec58f3da7867eb85b cf6ed0f1511dde4812a5a30a1450af323934dad9 Bisecting: 726 revisions left to test after this (roughly 10 steps) [d54771571f74a82c59830a32e76af78a8e57ac69] mtk-sd: Prevent memory corruption from DMA map failure determine whether the revision contains the guilty commit checking the merge base 024a4a45fdf87218e3c0925475b05a27bcea103f no existing result, test the revision testing commit 024a4a45fdf87218e3c0925475b05a27bcea103f gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 6fb8822ca15eda55238fd76b06b0966862a2b70e00416ccfd5f1855f2598a535 all runs: crashed: kernel BUG in ext4_create_inline_data representative crash: kernel BUG in ext4_create_inline_data, types: [BUG] testing commit d54771571f74a82c59830a32e76af78a8e57ac69 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: aa1d07c733a0249636b658cd4713cbee695c7b43ee5e3504525f35a90251037d all runs: crashed: kernel BUG in ext4_create_inline_data representative crash: kernel BUG in ext4_create_inline_data, types: [BUG] # git bisect good d54771571f74a82c59830a32e76af78a8e57ac69 Bisecting: 363 revisions left to test after this (roughly 9 steps) [bb4ae7227ebed686fdce54a0bdeaf640e2d2885c] net: ag71xx: Add missing check after DMA map determine whether the revision contains the guilty commit revision 024a4a45fdf87218e3c0925475b05a27bcea103f crashed and is reachable testing commit bb4ae7227ebed686fdce54a0bdeaf640e2d2885c gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 21b2485e432e0570a8625b8afba714cbaba528303d335745d6f2a41220ff6cb8 all runs: crashed: kernel BUG in ext4_create_inline_data representative crash: kernel BUG in ext4_create_inline_data, types: [BUG] # git bisect good bb4ae7227ebed686fdce54a0bdeaf640e2d2885c Bisecting: 181 revisions left to test after this (roughly 8 steps) [609a43e107b2ee7c736d97e602a6c4fcca61229f] mm: drop the assumption that VM_SHARED always implies writable determine whether the revision contains the guilty commit revision 024a4a45fdf87218e3c0925475b05a27bcea103f crashed and is reachable testing commit 609a43e107b2ee7c736d97e602a6c4fcca61229f gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: ae47d872b6dca71789cbb3e38b3162132e313971c420d1521d04ebdec4bd05e9 all runs: OK false negative chance: 0.000 # git bisect bad 609a43e107b2ee7c736d97e602a6c4fcca61229f Bisecting: 90 revisions left to test after this (roughly 7 steps) [c3dc2769bbcd65cedc3ea92f3e42531994cd6a42] usb: atm: cxacru: Merge cxacru_upload_firmware() into cxacru_heavy_init() determine whether the revision contains the guilty commit revision 024a4a45fdf87218e3c0925475b05a27bcea103f crashed and is reachable testing commit c3dc2769bbcd65cedc3ea92f3e42531994cd6a42 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 3a53f69a3be790f7ba5b64eb8ad04200d1c3a79eb80bfcec82260b6354ac8b11 all runs: OK false negative chance: 0.000 # git bisect bad c3dc2769bbcd65cedc3ea92f3e42531994cd6a42 Bisecting: 45 revisions left to test after this (roughly 6 steps) [10ad86fd99fa62d37b24f2be4ec29a2d009c49e3] media: tc358743: Return an appropriate colorspace from tc358743_set_fmt determine whether the revision contains the guilty commit revision bb4ae7227ebed686fdce54a0bdeaf640e2d2885c crashed and is reachable testing commit 10ad86fd99fa62d37b24f2be4ec29a2d009c49e3 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 96596cd873b3929fcc0853351c513892466defb2ccacfe3efdb2bb083c119d9d all runs: OK false negative chance: 0.000 # git bisect bad 10ad86fd99fa62d37b24f2be4ec29a2d009c49e3 Bisecting: 22 revisions left to test after this (roughly 5 steps) [94b2754f8cbc2af5d666206bd9fa9ba4a1dcade4] net: ncsi: Fix buffer overflow in fetching version id determine whether the revision contains the guilty commit revision 024a4a45fdf87218e3c0925475b05a27bcea103f crashed and is reachable testing commit 94b2754f8cbc2af5d666206bd9fa9ba4a1dcade4 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: a3dc7ffc0fbfc22ba1e2ec3682fe70ca19a350a315901c82192a242c093447f7 all runs: crashed: kernel BUG in ext4_create_inline_data representative crash: kernel BUG in ext4_create_inline_data, types: [BUG] # git bisect good 94b2754f8cbc2af5d666206bd9fa9ba4a1dcade4 Bisecting: 11 revisions left to test after this (roughly 4 steps) [9337c2affbaebe00b75fdf84ea0e2fcf93c140af] scsi: bfa: Double-free fix determine whether the revision contains the guilty commit revision 024a4a45fdf87218e3c0925475b05a27bcea103f crashed and is reachable testing commit 9337c2affbaebe00b75fdf84ea0e2fcf93c140af gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 9f6b4088a023660662070ae9aef4fd7c8b7d884529988425eb5337e14bad810f all runs: OK false negative chance: 0.000 # git bisect bad 9337c2affbaebe00b75fdf84ea0e2fcf93c140af Bisecting: 5 revisions left to test after this (roughly 3 steps) [a4dc000de79a4d296ef5bb281d444a76aa9a7770] cifs: Fix calling CIFSFindFirst() for root path without msearch determine whether the revision contains the guilty commit revision bb4ae7227ebed686fdce54a0bdeaf640e2d2885c crashed and is reachable testing commit a4dc000de79a4d296ef5bb281d444a76aa9a7770 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 9e3be41ccf488bb2683fb675b1d4809d2ae58d792f85d2eac5aba5154ace1522 all runs: crashed: kernel BUG in ext4_create_inline_data representative crash: kernel BUG in ext4_create_inline_data, types: [BUG] # git bisect good a4dc000de79a4d296ef5bb281d444a76aa9a7770 Bisecting: 2 revisions left to test after this (roughly 2 steps) [9041913136689717de98048d98006f608bdb21d9] fs/orangefs: use snprintf() instead of sprintf() determine whether the revision contains the guilty commit revision 94b2754f8cbc2af5d666206bd9fa9ba4a1dcade4 crashed and is reachable testing commit 9041913136689717de98048d98006f608bdb21d9 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: ee8925be837f15a1294e077ebf2e72c761aa68a1c5f07615a0944e1104749578 all runs: OK false negative chance: 0.000 # git bisect bad 9041913136689717de98048d98006f608bdb21d9 Bisecting: 0 revisions left to test after this (roughly 1 step) [9ea6d961566c7d762ed0204b06db05756fdda3b6] scsi: libiscsi: Initialize iscsi_conn->dd_data only if memory is allocated determine whether the revision contains the guilty commit revision 024a4a45fdf87218e3c0925475b05a27bcea103f crashed and is reachable testing commit 9ea6d961566c7d762ed0204b06db05756fdda3b6 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: d7f3c5fa541525129de9ab787fce367b8ec1625bea303ae08bbab0fa6545fe28 all runs: OK false negative chance: 0.000 # git bisect bad 9ea6d961566c7d762ed0204b06db05756fdda3b6 Bisecting: 0 revisions left to test after this (roughly 0 steps) [1199a6399895f4767f0b9a68a6ff47c3f799b7c7] ext4: do not BUG when INLINE_DATA_FL lacks system.data xattr determine whether the revision contains the guilty commit revision bb4ae7227ebed686fdce54a0bdeaf640e2d2885c crashed and is reachable testing commit 1199a6399895f4767f0b9a68a6ff47c3f799b7c7 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: e0ee89e11a4dd68217849cec9b97d39a8feaacd81e13c1d68862572a2f6f3cad all runs: OK false negative chance: 0.000 # git bisect bad 1199a6399895f4767f0b9a68a6ff47c3f799b7c7 1199a6399895f4767f0b9a68a6ff47c3f799b7c7 is the first bad commit commit 1199a6399895f4767f0b9a68a6ff47c3f799b7c7 Author: Theodore Ts'o Date: Thu Jul 17 10:54:34 2025 -0400 ext4: do not BUG when INLINE_DATA_FL lacks system.data xattr [ Upstream commit 099b847ccc6c1ad2f805d13cfbcc83f5b6d4bc42 ] A syzbot fuzzed image triggered a BUG_ON in ext4_update_inline_data() when an inode had the INLINE_DATA_FL flag set but was missing the system.data extended attribute. Since this can happen due to a maiciouly fuzzed file system, we shouldn't BUG, but rather, report it as a corrupted file system. Add similar replacements of BUG_ON with EXT4_ERROR_INODE() ii ext4_create_inline_data() and ext4_inline_data_truncate(). Reported-by: syzbot+544248a761451c0df72f@syzkaller.appspotmail.com Signed-off-by: Theodore Ts'o Signed-off-by: Sasha Levin fs/ext4/inline.c | 19 ++++++++++++++++--- 1 file changed, 16 insertions(+), 3 deletions(-) accumulated error probability: 0.00 culprit signature: e0ee89e11a4dd68217849cec9b97d39a8feaacd81e13c1d68862572a2f6f3cad parent signature: 9e3be41ccf488bb2683fb675b1d4809d2ae58d792f85d2eac5aba5154ace1522 revisions tested: 19, total time: 4h43m3.973366363s (build: 1h33m34.518718826s, test: 3h2m27.06902628s) first good commit: 1199a6399895f4767f0b9a68a6ff47c3f799b7c7 ext4: do not BUG when INLINE_DATA_FL lacks system.data xattr recipients (to): ["sashal@kernel.org" "tytso@mit.edu"] recipients (cc): []