ci2 starts bisection 2024-06-13 16:38:50.497430278 +0000 UTC m=+10340.454739439
bisecting fixing commit since 6364d594125d5489b4f160c055505ec08c68c4eb
building syzkaller on 3ce4924c386b24ce0dea10478efdecc852cda540
ensuring issue is reproducible on original commit 6364d594125d5489b4f160c055505ec08c68c4eb

testing commit 6364d594125d5489b4f160c055505ec08c68c4eb gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 42bda6ea1b82e05409db9b48db82a20e9bbbc62e5e35a14537c165478330d876
all runs: crashed: KASAN: use-after-free Read in ext4_convert_inline_data_nolock
representative crash: KASAN: use-after-free Read in ext4_convert_inline_data_nolock, types: [KASAN]
check whether we can drop unnecessary instrumentation
disabling configs for [UBSAN BUG LOCKDEP ATOMIC_SLEEP HANG LEAK], they are not needed
testing commit 6364d594125d5489b4f160c055505ec08c68c4eb gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 28235406a1729a6c128d8ef0499b1f30e8ffabb8e72b26a76f0e89be97a3dfa4
all runs: crashed: KASAN: use-after-free Read in ext4_convert_inline_data_nolock
representative crash: KASAN: use-after-free Read in ext4_convert_inline_data_nolock, types: [KASAN]
the bug reproduces without the instrumentation
disabling configs for [LOCKDEP ATOMIC_SLEEP HANG LEAK UBSAN BUG], they are not needed
kconfig minimization: base=5179 full=6494 leaves diff=257
split chunks (needed=false): <257>
split chunk #0 of len 257 into 5 parts
testing without sub-chunk 1/5
disabling configs for [UBSAN BUG LOCKDEP ATOMIC_SLEEP HANG LEAK], they are not needed
testing commit 6364d594125d5489b4f160c055505ec08c68c4eb gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 80106497adea96635c4be5a5e3c40dd91be999f5164abf32ba8e095a722af2c3
all runs: crashed: KASAN: use-after-free Read in ext4_convert_inline_data_nolock
representative crash: KASAN: use-after-free Read in ext4_convert_inline_data_nolock, types: [KASAN]
the chunk can be dropped
testing without sub-chunk 2/5
disabling configs for [LEAK UBSAN BUG LOCKDEP ATOMIC_SLEEP HANG], they are not needed
testing commit 6364d594125d5489b4f160c055505ec08c68c4eb gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: e35c78e8211a1acd34f24193340e04c6a7d17c3ba4abc5eaa9afba52d11e3661
all runs: crashed: KASAN: use-after-free Read in ext4_convert_inline_data_nolock
representative crash: KASAN: use-after-free Read in ext4_convert_inline_data_nolock, types: [KASAN]
the chunk can be dropped
testing without sub-chunk 3/5
disabling configs for [HANG LEAK UBSAN BUG LOCKDEP ATOMIC_SLEEP], they are not needed
testing commit 6364d594125d5489b4f160c055505ec08c68c4eb gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 340039ca4b89672aacec3113f259f9fbb8491a64bdfe4eaeabd2283a71f24b23
all runs: crashed: KASAN: use-after-free Read in ext4_convert_inline_data_nolock
representative crash: KASAN: use-after-free Read in ext4_convert_inline_data_nolock, types: [KASAN]
the chunk can be dropped
testing without sub-chunk 4/5
disabling configs for [ATOMIC_SLEEP HANG LEAK UBSAN BUG LOCKDEP], they are not needed
testing commit 6364d594125d5489b4f160c055505ec08c68c4eb gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: dbc2fef3f92ed88688512a1f11b2d30c1a572152ea4fb0dc9bb5082a6ab41062
all runs: crashed: KASAN: use-after-free Read in ext4_convert_inline_data_nolock
representative crash: KASAN: use-after-free Read in ext4_convert_inline_data_nolock, types: [KASAN]
the chunk can be dropped
testing without sub-chunk 5/5
disabling configs for [UBSAN BUG LOCKDEP ATOMIC_SLEEP HANG LEAK], they are not needed
testing commit 6364d594125d5489b4f160c055505ec08c68c4eb gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
failed building 6364d594125d5489b4f160c055505ec08c68c4eb: net/socket.c:1245: undefined reference to `wext_handle_ioctl'
net/socket.c:3442: undefined reference to `compat_wext_handle_ioctl'
net/core/net-procfs.c:329: undefined reference to `wext_proc_init'
net/core/net-procfs.c:345: undefined reference to `wext_proc_exit'
minimized to 49 configs; suspects: [HID_ZEROPLUS USB_NET_MCS7830 USB_NET_NET1080 USB_NET_PLUSB USB_NET_RNDIS_HOST USB_NET_SMSC75XX USB_NET_SMSC95XX USB_NET_SR9700 USB_NET_SR9800 USB_NET_ZAURUS USB_OHCI_HCD USB_OHCI_HCD_PCI USB_OHCI_HCD_PLATFORM USB_OTG USB_OTG_FSM USB_PRINTER USB_SERIAL_GENERIC USB_SERIAL_PL2303 USB_STORAGE_ALAUDA USB_STORAGE_CYPRESS_ATACB USB_STORAGE_DATAFAB USB_STORAGE_FREECOM USB_STORAGE_ISD200 USB_STORAGE_JUMPSHOT USB_STORAGE_KARMA USB_STORAGE_ONETOUCH USB_STORAGE_SDDR09 USB_STORAGE_SDDR55 USB_STORAGE_USBAT USB_TRANCEVIBRATOR USB_U_AUDIO USB_U_ETHER USB_U_SERIAL USB_WDM V4L2_ASYNC V4L2_FWNODE VIDEO_CAMERA_SENSOR WLAN WLAN_VENDOR_ATH WLAN_VENDOR_ATMEL WLAN_VENDOR_BROADCOM WLAN_VENDOR_INTERSIL WLAN_VENDOR_MARVELL WLAN_VENDOR_MEDIATEK WLAN_VENDOR_MICROCHIP WLAN_VENDOR_PURELIFI WLAN_VENDOR_RALINK WLAN_VENDOR_REALTEK WLAN_VENDOR_RSI WLAN_VENDOR_SILABS WLAN_VENDOR_ZYDAS X86_X32_ABI ZEROPLUS_FF]
disabling configs for [LOCKDEP ATOMIC_SLEEP HANG LEAK UBSAN BUG], they are not needed
testing current HEAD 7c734edeaafdb668b1fa91d119f0010e1f41f764
testing commit 7c734edeaafdb668b1fa91d119f0010e1f41f764 gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 8c7c64b9dbcb92d62a71f46fb48f5c5931c7dddef65183d4de58000dfc446c46
all runs: crashed: KASAN: use-after-free Read in ext4_convert_inline_data_nolock
representative crash: KASAN: use-after-free Read in ext4_convert_inline_data_nolock, types: [KASAN]
crash still not fixed/happens on the oldest tested release
revisions tested: 7, total time: 1h0m8.093335617s (build: 32m58.345680075s, test: 22m20.41671112s)
crash still not fixed or there were kernel test errors
commit msg: ANDROID: GKI: Add symbol list for exynosauto
crash: KASAN: use-after-free Read in ext4_convert_inline_data_nolock
==================================================================
BUG: KASAN: use-after-free in ext4_read_inline_data fs/ext4/inline.c:210 [inline]
BUG: KASAN: use-after-free in ext4_convert_inline_data_nolock+0x280/0x980 fs/ext4/inline.c:1216
Read of size 68 at addr ffff8881244980cf by task syz-executor.2/380

CPU: 0 PID: 380 Comm: syz-executor.2 Not tainted 6.1.78-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x105/0x148 lib/dump_stack.c:106
 print_address_description mm/kasan/report.c:316 [inline]
 print_report+0x158/0x4e0 mm/kasan/report.c:427
 kasan_report+0x13c/0x170 mm/kasan/report.c:531
 kasan_check_range+0x294/0x2a0 mm/kasan/generic.c:189
 memcpy+0x2d/0x70 mm/kasan/shadow.c:65
 ext4_read_inline_data fs/ext4/inline.c:210 [inline]
 ext4_convert_inline_data_nolock+0x280/0x980 fs/ext4/inline.c:1216
 ext4_try_add_inline_entry+0x69e/0x9c0 fs/ext4/inline.c:1342
 ext4_add_entry+0x384/0xba0 fs/ext4/namei.c:2409
 ext4_mkdir+0x472/0xa50 fs/ext4/namei.c:3032
 vfs_mkdir+0x2ea/0x480 fs/namei.c:4107
 do_mkdirat+0x230/0x390 fs/namei.c:4132
 __do_sys_mkdirat fs/namei.c:4147 [inline]
 __se_sys_mkdirat fs/namei.c:4145 [inline]
 __x64_sys_mkdirat+0x84/0x90 fs/namei.c:4145
 do_syscall_x64 arch/x86/entry/common.c:51 [inline]
 do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:81
 entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7f50a887c9a7
Code: 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 02 01 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f50a9559ef8 EFLAGS: 00000246 ORIG_RAX: 0000000000000102
RAX: ffffffffffffffda RBX: 00007f50a9559f80 RCX: 00007f50a887c9a7
RDX: 00000000000001ff RSI: 0000000020000580 RDI: 00000000ffffff9c
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000020000580
R13: 00007f50a9559f40 R14: 0000000000000000 R15: 0000000000000000
 </TASK>

The buggy address belongs to the physical page:
page:ffffea0004912600 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x124498
flags: 0x4000000000000000(zone=1)
raw: 4000000000000000 ffffea0004912648 ffffea00049125c8 0000000000000000
raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000
page dumped because: kasan: bad access detected
page_owner info is not present (never set?)

Memory state around the buggy address:
 ffff888124497f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
 ffff888124498000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
>ffff888124498080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
                                              ^
 ffff888124498100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
 ffff888124498180: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
==================================================================
EXT4-fs error (device loop2): ext4_check_all_de:655: inode #12: block 5: comm syz-executor.2: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=124 fake=0