ci2 starts bisection 2023-10-30 14:22:39.717678383 +0000 UTC m=+9422.279985816
bisecting fixing commit since 8a28a0b6f1a1dcbf5a834600a9acfbe2ba51e5eb
building syzkaller on 79782afcff30fd0c0af8c2725d508b2c7150f3ed
ensuring issue is reproducible on original commit 8a28a0b6f1a1dcbf5a834600a9acfbe2ba51e5eb

testing commit 8a28a0b6f1a1dcbf5a834600a9acfbe2ba51e5eb gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 5b2a99b3d87169a7dffe94786b97e682e3718c5187dffafd207d28c99ed507a6
run #0: crashed: KASAN: use-after-free Read in ext4_ext_insert_extent
run #1: crashed: KASAN: use-after-free Read in ext4_find_extent
run #2: crashed: KASAN: use-after-free Read in ext4_find_extent
run #3: crashed: KASAN: use-after-free Read in ext4_find_extent
run #4: crashed: KASAN: use-after-free Read in ext4_find_extent
run #5: crashed: KASAN: use-after-free Read in ext4_find_extent
run #6: crashed: KASAN: use-after-free Read in ext4_find_extent
run #7: crashed: KASAN: use-after-free Read in ext4_find_extent
run #8: crashed: KASAN: out-of-bounds Read in ext4_find_extent
run #9: crashed: KASAN: use-after-free Read in ext4_find_extent
run #10: crashed: KASAN: use-after-free Read in ext4_find_extent
run #11: crashed: KASAN: use-after-free Read in ext4_find_extent
run #12: crashed: KASAN: use-after-free Read in ext4_find_extent
run #13: crashed: KASAN: out-of-bounds Read in ext4_find_extent
run #14: crashed: KASAN: use-after-free Read in ext4_find_extent
run #15: crashed: KASAN: use-after-free Read in ext4_find_extent
run #16: crashed: KASAN: use-after-free Read in ext4_find_extent
run #17: crashed: KASAN: use-after-free Read in ext4_find_extent
run #18: crashed: KASAN: use-after-free Read in ext4_find_extent
run #19: crashed: KASAN: use-after-free Read in ext4_find_extent
representative crash: KASAN: use-after-free Read in ext4_ext_insert_extent, types: [KASAN]
check whether we can drop unnecessary instrumentation
disabling configs for [BUG LOCKDEP ATOMIC_SLEEP HANG LEAK UBSAN], they are not needed
testing commit 8a28a0b6f1a1dcbf5a834600a9acfbe2ba51e5eb gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 10aa6b0114022b26e8abf3045061d6da7943a3452362c15f81d1ffb38c6777f6
run #0: crashed: KASAN: use-after-free Read in ext4_find_extent
run #1: crashed: KASAN: use-after-free Read in ext4_find_extent
run #2: crashed: KASAN: use-after-free Read in ext4_find_extent
run #3: crashed: KASAN: use-after-free Read in ext4_find_extent
run #4: crashed: KASAN: use-after-free Read in ext4_find_extent
run #5: crashed: KASAN: use-after-free Read in ext4_find_extent
run #6: crashed: KASAN: use-after-free Read in ext4_find_extent
run #7: crashed: KASAN: use-after-free Read in ext4_find_extent
run #8: crashed: KASAN: use-after-free Read in ext4_find_extent
run #9: OK
representative crash: KASAN: use-after-free Read in ext4_find_extent, types: [KASAN]
the bug reproduces without the instrumentation
disabling configs for [UBSAN BUG LOCKDEP ATOMIC_SLEEP HANG LEAK], they are not needed
kconfig minimization: base=3930 full=7602 leaves diff=1993
split chunks (needed=false): <1993>
split chunk #0 of len 1993 into 5 parts
testing without sub-chunk 1/5
disabling configs for [UBSAN BUG LOCKDEP ATOMIC_SLEEP HANG LEAK], they are not needed
testing commit 8a28a0b6f1a1dcbf5a834600a9acfbe2ba51e5eb gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 0f42ed1799e9700fd9ec770d2e8533de05b9df555ea786eb5fd085140f077197
all runs: crashed: KASAN: use-after-free Read in ext4_find_extent
representative crash: KASAN: use-after-free Read in ext4_find_extent, types: [KASAN]
the chunk can be dropped
testing without sub-chunk 2/5
disabling configs for [LOCKDEP ATOMIC_SLEEP HANG LEAK UBSAN BUG], they are not needed
testing commit 8a28a0b6f1a1dcbf5a834600a9acfbe2ba51e5eb gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: f460b2724f4ac73c59437f5f61ffacf61913422cd59b6019cca4a8b102fe7f56
run #0: crashed: KASAN: use-after-free Read in ext4_find_extent
run #1: crashed: KASAN: use-after-free Read in ext4_find_extent
run #2: crashed: KASAN: use-after-free Read in ext4_find_extent
run #3: crashed: KASAN: use-after-free Read in ext4_find_extent
run #4: crashed: KASAN: use-after-free Read in ext4_find_extent
run #5: crashed: KASAN: out-of-bounds Read in ext4_find_extent
run #6: crashed: KASAN: use-after-free Read in ext4_find_extent
run #7: crashed: KASAN: use-after-free Read in ext4_find_extent
run #8: crashed: invalid opcode in ext4_split_extent_at
run #9: crashed: KASAN: use-after-free Read in ext4_find_extent
representative crash: KASAN: use-after-free Read in ext4_find_extent, types: [KASAN]
the chunk can be dropped
testing without sub-chunk 3/5
disabling configs for [HANG LEAK UBSAN BUG LOCKDEP ATOMIC_SLEEP], they are not needed
testing commit 8a28a0b6f1a1dcbf5a834600a9acfbe2ba51e5eb gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 35aa1e29360331a5de6e99b618833554227f911a5b2546a17ad17b8f1190dd94
all runs: crashed: KASAN: use-after-free Read in ext4_find_extent
representative crash: KASAN: use-after-free Read in ext4_find_extent, types: [KASAN]
the chunk can be dropped
testing without sub-chunk 4/5
disabling configs for [LOCKDEP ATOMIC_SLEEP HANG LEAK UBSAN BUG], they are not needed
testing commit 8a28a0b6f1a1dcbf5a834600a9acfbe2ba51e5eb gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 81092c468bb374b83a0fcf7be8c7372c68a45c1beabbf09f2353ca4cb9b270c1
run #0: crashed: KASAN: use-after-free Read in ext4_find_extent
run #1: crashed: KASAN: use-after-free Read in ext4_find_extent
run #2: crashed: KASAN: use-after-free Read in ext4_find_extent
run #3: crashed: KASAN: use-after-free Read in ext4_ext_insert_extent
run #4: crashed: KASAN: use-after-free Read in ext4_find_extent
run #5: crashed: KASAN: use-after-free Read in ext4_find_extent
run #6: crashed: KASAN: use-after-free Read in ext4_find_extent
run #7: crashed: KASAN: use-after-free Read in ext4_find_extent
run #8: crashed: KASAN: use-after-free Read in ext4_find_extent
run #9: crashed: KASAN: use-after-free Read in ext4_find_extent
representative crash: KASAN: use-after-free Read in ext4_find_extent, types: [KASAN]
the chunk can be dropped
testing without sub-chunk 5/5
disabling configs for [HANG LEAK UBSAN BUG LOCKDEP ATOMIC_SLEEP], they are not needed
testing commit 8a28a0b6f1a1dcbf5a834600a9acfbe2ba51e5eb gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 13c458f86ebb1acfe411cf5f5ca46fea594575e00267652008e4151dd878b684
all runs: crashed: KASAN: use-after-free Read in ext4_find_extent
representative crash: KASAN: use-after-free Read in ext4_find_extent, types: [KASAN]
the chunk can be dropped
disabling configs for [ATOMIC_SLEEP HANG LEAK UBSAN BUG LOCKDEP], they are not needed
testing current HEAD ffc253263a1375a65fa6c9f62a893e9767fbebfa
testing commit ffc253263a1375a65fa6c9f62a893e9767fbebfa gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 99021297bf9e277888f72c4de4fa1ee7af8e1c5193a38565a781761b6d7797c7
run #0: crashed: KASAN: use-after-free Read in ext4_find_extent
run #1: crashed: KASAN: use-after-free Read in ext4_find_extent
run #2: crashed: KASAN: use-after-free Read in ext4_find_extent
run #3: crashed: KASAN: use-after-free Read in ext4_find_extent
run #4: crashed: KASAN: use-after-free Read in ext4_ext_insert_extent
run #5: crashed: KASAN: use-after-free Read in ext4_find_extent
run #6: crashed: KASAN: use-after-free Read in ext4_find_extent
run #7: crashed: KASAN: use-after-free Read in ext4_find_extent
run #8: crashed: KASAN: use-after-free Read in ext4_find_extent
run #9: crashed: KASAN: use-after-free Read in ext4_find_extent
representative crash: KASAN: use-after-free Read in ext4_find_extent, types: [KASAN]
crash still not fixed/happens on the oldest tested release
revisions tested: 8, total time: 1h22m35.308933535s (build: 47m17.094595978s, test: 28m24.63187296s)
crash still not fixed or there were kernel test errors
commit msg: Linux 6.6
crash: KASAN: use-after-free Read in ext4_find_extent
==================================================================
BUG: KASAN: use-after-free in ext4_ext_binsearch fs/ext4/extents.c:837 [inline]
BUG: KASAN: use-after-free in ext4_find_extent+0xb28/0xcd0 fs/ext4/extents.c:953
Read of size 4 at addr ffff88812490d070 by task syz-executor.0/1846

CPU: 0 PID: 1846 Comm: syz-executor.0 Not tainted 6.6.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/09/2023
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0xf8/0x260 lib/dump_stack.c:106
 print_address_description mm/kasan/report.c:364 [inline]
 print_report+0x163/0x540 mm/kasan/report.c:475
 kasan_report+0x175/0x1b0 mm/kasan/report.c:588
 ext4_ext_binsearch fs/ext4/extents.c:837 [inline]
 ext4_find_extent+0xb28/0xcd0 fs/ext4/extents.c:953
 ext4_ext_map_blocks+0x282/0x6380 fs/ext4/extents.c:4101
 ext4_map_blocks+0x831/0x1800 fs/ext4/inode.c:621
 _ext4_get_block+0x1dc/0x5a0 fs/ext4/inode.c:763
 __block_write_begin_int+0x3b7/0x1380 fs/buffer.c:2120
 block_page_mkwrite+0x272/0x4a0 fs/buffer.c:2637
 ext4_page_mkwrite+0x654/0x1140 fs/ext4/inode.c:6150
 do_page_mkwrite+0x144/0x370 mm/memory.c:2934
 wp_page_shared mm/memory.c:3294 [inline]
 do_wp_page+0x3fc/0x26f0 mm/memory.c:3379
 handle_pte_fault mm/memory.c:4997 [inline]
 __handle_mm_fault mm/memory.c:5122 [inline]
 handle_mm_fault+0x15c3/0x31e0 mm/memory.c:5287
 do_user_addr_fault arch/x86/mm/fault.c:1413 [inline]
 handle_page_fault arch/x86/mm/fault.c:1505 [inline]
 exc_page_fault+0x354/0x8b0 arch/x86/mm/fault.c:1561
 asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:570
RIP: 0033:0x7ffa3abb2d07
Code: ce 48 ff c7 48 01 fe 48 8d 54 11 80 0f 1f 80 00 00 00 00 c5 fe 6f 0e c5 fe 6f 56 20 c5 fe 6f 5e 40 c5 fe 6f 66 60 48 83 ee 80 <c5> fd 7f 0f c5 fd 7f 57 20 c5 fd 7f 5f 40 c5 fd 7f 67 60 48 83 ef
RSP: 002b:00007ffed58ffc38 EFLAGS: 00010203
RAX: 0000000020003600 RBX: 00007ffed58ffd48 RCX: 0000000020003600
RDX: 00000000200036a9 RSI: 00007ffa3a7757b0 RDI: 0000000020003620
RBP: 0000000000000001 R08: 0000000000000000 R09: 00007ffa3acf0f8c
R10: 00007ffed58ffd70 R11: 0000000000000246 R12: 00007ffa3a7756f0
R13: fffffffffffffffe R14: 00007ffa3a755000 R15: 00007ffa3a7756f8
 </TASK>

The buggy address belongs to the physical page:
page:ffffea0004924340 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x12490d
flags: 0x200000000000000(node=0|zone=2)
page_type: 0xffffffff()
raw: 0200000000000000 ffffea0004924388 ffff8881f743e6e0 0000000000000000
raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000
page dumped because: kasan: bad access detected
page_owner info is not present (never set?)

Memory state around the buggy address:
 ffff88812490cf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ffff88812490cf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>ffff88812490d000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
                                                             ^
 ffff88812490d080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
 ffff88812490d100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
==================================================================