ci2 starts bisection 2024-02-23 06:58:33.97171116 +0000 UTC m=+51309.844047951 bisecting fixing commit since b496cc3115440c46f376c759f29d3397f54da070 building syzkaller on cb976f63e0177b96eb9ce1c631cc5e2c4b4b0759 ensuring issue is reproducible on original commit b496cc3115440c46f376c759f29d3397f54da070 testing commit b496cc3115440c46f376c759f29d3397f54da070 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 6bacdf2fce1b16a4b9af456d9f78b1386237975751d99fa8c81200273c53db33 all runs: crashed: KASAN: use-after-free Read in ext4_search_dir representative crash: KASAN: use-after-free Read in ext4_search_dir, types: [KASAN] check whether we can drop unnecessary instrumentation disabling configs for [LOCKDEP ATOMIC_SLEEP HANG LEAK UBSAN BUG], they are not needed testing commit b496cc3115440c46f376c759f29d3397f54da070 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 2f51571636fd18fec2e3688fea950131f9f0f33f2fe0bc20ecb89d95e1b1b1f8 all runs: crashed: KASAN: use-after-free Read in ext4_search_dir representative crash: KASAN: use-after-free Read in ext4_search_dir, types: [KASAN] the bug reproduces without the instrumentation disabling configs for [BUG LOCKDEP ATOMIC_SLEEP HANG LEAK UBSAN], they are not needed kconfig minimization: base=5179 full=6485 leaves diff=250 split chunks (needed=false): <250> split chunk #0 of len 250 into 5 parts testing without sub-chunk 1/5 disabling configs for [UBSAN BUG LOCKDEP ATOMIC_SLEEP HANG LEAK], they are not needed testing commit b496cc3115440c46f376c759f29d3397f54da070 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: e1cfde47fc228c849ad00f1f28b3258114163e95d3105d3df2e334862001da90 all runs: crashed: KASAN: use-after-free Read in ext4_search_dir representative crash: KASAN: use-after-free Read in ext4_search_dir, types: [KASAN] the chunk can be dropped testing without sub-chunk 2/5 disabling configs for [UBSAN BUG LOCKDEP ATOMIC_SLEEP HANG LEAK], they are not needed testing commit b496cc3115440c46f376c759f29d3397f54da070 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 8bafa092dd77984086552f1d1d7c75640619bd564063d82e332239570f2daac7 all runs: crashed: KASAN: use-after-free Read in ext4_search_dir representative crash: KASAN: use-after-free Read in ext4_search_dir, types: [KASAN] the chunk can be dropped testing without sub-chunk 3/5 disabling configs for [HANG LEAK UBSAN BUG LOCKDEP ATOMIC_SLEEP], they are not needed testing commit b496cc3115440c46f376c759f29d3397f54da070 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 1c3fc403523531fffcabb8497479473c0c5a121bf8c5c28222aa10fa70e9bdec all runs: crashed: KASAN: use-after-free Read in ext4_search_dir representative crash: KASAN: use-after-free Read in ext4_search_dir, types: [KASAN] the chunk can be dropped testing without sub-chunk 4/5 disabling configs for [ATOMIC_SLEEP HANG LEAK UBSAN BUG LOCKDEP], they are not needed testing commit b496cc3115440c46f376c759f29d3397f54da070 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 77f9e2a2948233144c9fb9cd98126d574c019362dfe4f51a565c8b45265490c3 all runs: crashed: KASAN: use-after-free Read in ext4_search_dir representative crash: KASAN: use-after-free Read in ext4_search_dir, types: [KASAN] the chunk can be dropped testing without sub-chunk 5/5 disabling configs for [ATOMIC_SLEEP HANG LEAK UBSAN BUG LOCKDEP], they are not needed testing commit b496cc3115440c46f376c759f29d3397f54da070 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 failed building b496cc3115440c46f376c759f29d3397f54da070: net/socket.c:1225: undefined reference to `wext_handle_ioctl' net/socket.c:3420: undefined reference to `compat_wext_handle_ioctl' net/core/net-procfs.c:329: undefined reference to `wext_proc_init' net/core/net-procfs.c:345: undefined reference to `wext_proc_exit' minimized to 50 configs; suspects: [HID_ZEROPLUS USB_NET_CDC_MBIM USB_NET_CDC_SUBSET USB_NET_CDC_SUBSET_ENABLE USB_NET_DM9601 USB_NET_GL620A USB_NET_MCS7830 USB_NET_NET1080 USB_NET_PLUSB USB_NET_RNDIS_HOST USB_NET_SMSC75XX USB_NET_SMSC95XX USB_NET_SR9700 USB_NET_SR9800 USB_NET_ZAURUS USB_OHCI_HCD USB_OHCI_HCD_PCI USB_OHCI_HCD_PLATFORM USB_OTG USB_OTG_FSM USB_PRINTER USB_SERIAL_GENERIC USB_SERIAL_PL2303 USB_STORAGE_ALAUDA USB_STORAGE_CYPRESS_ATACB USB_STORAGE_DATAFAB USB_STORAGE_FREECOM USB_STORAGE_ISD200 USB_STORAGE_JUMPSHOT USB_STORAGE_KARMA USB_STORAGE_ONETOUCH USB_STORAGE_SDDR09 USB_STORAGE_SDDR55 USB_STORAGE_USBAT USB_TRANCEVIBRATOR USB_U_AUDIO USB_U_ETHER USB_U_SERIAL USB_WDM WLAN WLAN_VENDOR_ATH WLAN_VENDOR_ATMEL WLAN_VENDOR_BROADCOM WLAN_VENDOR_INTERSIL WLAN_VENDOR_MARVELL WLAN_VENDOR_MEDIATEK WLAN_VENDOR_MICROCHIP WLAN_VENDOR_PURELIFI WLAN_VENDOR_RALINK WLAN_VENDOR_REALTEK WLAN_VENDOR_RSI WLAN_VENDOR_SILABS WLAN_VENDOR_ZYDAS X86_X32_ABI ZEROPLUS_FF] disabling configs for [LOCKDEP ATOMIC_SLEEP HANG LEAK UBSAN BUG], they are not needed testing current HEAD d6b58cc171f4d03b10ddc3c5acb32e6f15cc239c testing commit d6b58cc171f4d03b10ddc3c5acb32e6f15cc239c gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: a66a55d196d80265ca60a8e45dcee825c35be4374f6462a5b3d4dcd4ca2033f4 all runs: crashed: KASAN: use-after-free Read in ext4_search_dir representative crash: KASAN: use-after-free Read in ext4_search_dir, types: [KASAN] crash still not fixed/happens on the oldest tested release revisions tested: 7, total time: 46m36.164299664s (build: 25m16.232829992s, test: 18m37.527603519s) crash still not fixed or there were kernel test errors commit msg: ANDROID: PCI: dwc: Wait for the link only if it has been started crash: KASAN: use-after-free Read in ext4_search_dir ================================================================== BUG: KASAN: use-after-free in ext4_search_dir+0xd6/0x180 fs/ext4/namei.c:1543 Read of size 1 at addr ffff88812562ad23 by task syz-executor.0/353 CPU: 0 PID: 353 Comm: syz-executor.0 Not tainted 6.1.68-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 Call Trace: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x105/0x148 lib/dump_stack.c:106 print_address_description mm/kasan/report.c:316 [inline] print_report+0x158/0x4e0 mm/kasan/report.c:427 kasan_report+0x13c/0x170 mm/kasan/report.c:531 __asan_report_load1_noabort+0x14/0x20 mm/kasan/report_generic.c:348 ext4_search_dir+0xd6/0x180 fs/ext4/namei.c:1543 ext4_find_inline_entry+0x367/0x540 fs/ext4/inline.c:1722 __ext4_find_entry+0x2c5/0x15f0 fs/ext4/namei.c:1616 ext4_lookup_entry fs/ext4/namei.c:1771 [inline] ext4_lookup+0x14a/0x5f0 fs/ext4/namei.c:1839 __lookup_hash+0x194/0x1f0 fs/namei.c:1601 filename_create+0x24e/0x490 fs/namei.c:3808 do_mkdirat+0x128/0x390 fs/namei.c:4051 __do_sys_mkdirat fs/namei.c:4076 [inline] __se_sys_mkdirat fs/namei.c:4074 [inline] __x64_sys_mkdirat+0x84/0x90 fs/namei.c:4074 do_syscall_x64 arch/x86/entry/common.c:51 [inline] do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:81 entry_SYSCALL_64_after_hwframe+0x63/0xcd RIP: 0033:0x7f349d07cae9 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f349ddae0c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000102 RAX: ffffffffffffffda RBX: 00007f349d19bf80 RCX: 00007f349d07cae9 RDX: 0000000000000000 RSI: 0000000020000040 RDI: ffffffffffffff9c RBP: 00007f349d0c847a R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 000000000000000b R14: 00007f349d19bf80 R15: 00007ffcebb5d6b8 The buggy address belongs to the physical page: page:ffffea0004958a80 refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x12562a flags: 0x4000000000000000(zone=1) raw: 4000000000000000 ffffea0004958ac8 ffff8881f733b858 0000000000000000 raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 page dumped because: kasan: bad access detected page_owner info is not present (never set?) Memory state around the buggy address: ffff88812562ac00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ffff88812562ac80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff >ffff88812562ad00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ^ ffff88812562ad80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ffff88812562ae00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ================================================================== EXT4-fs error (device loop0): ext4_find_dest_de:2112: inode #12: block 7: comm syz-executor.0: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=3089191003, rec_len=43069, size=56 fake=0