ci2 starts bisection 2023-05-07 06:26:27.476654283 +0000 UTC m=+68881.691394823
bisecting cause commit starting from 3ad342cf5b2cadf6408597d0cf086c31ab7ef383
building syzkaller on 90c93c40627cb0ac3c2c7cb99d807fd4c137adcb
ensuring issue is reproducible on original commit 3ad342cf5b2cadf6408597d0cf086c31ab7ef383

testing commit 3ad342cf5b2cadf6408597d0cf086c31ab7ef383 gcc
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 5b6fc86ccd9e56f55d7d707ec33d2db22a5546d7d0edd76f0fc9daf380e8394b
all runs: crashed: kernel BUG in kvfree
testing release v5.10.177
testing commit 387078f9030cf336cd9fef521540db75b61615e0 gcc
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: c7b4d5253d4fa18355b4ec48475cae7493d7036361263327c7937faa4c0d4f9c
all runs: crashed: kernel BUG in kvfree
testing release v5.10.176
testing commit ca9787bdecfa2174b0a169a54916e22b89b0ef5b gcc
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: b4677b77d3f6b09e35c40ac0a40b59898d1481914e21a15d416ba3ea49e46b0c
all runs: crashed: kernel BUG in kvfree
testing release v5.10.175
testing commit de26e1b2103b1f56451f6ad77f0190c9066c87dc gcc
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 9d7f11720fd44d623b3fd869b36bc2fb57f3b39e90bb30a89fb5365ed96c8a67
all runs: crashed: kernel BUG in kvfree
testing release v5.10.174
testing commit 955623617f2f505ac08d0efda2bb50c1a52e2c96 gcc
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 965e04421a2a7d51396ae6d77e4337452d1c1e6a8821ac6d18da9a87d27ed25f
all runs: crashed: kernel BUG in kvfree
testing release v5.10.173
testing commit e5f315b55f8e09ac17c968da42f9345f64efcdd2 gcc
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: cc9927e314b3fa054d90eaa48ff2824de82fb3b6312472afe0137f0b285e0ed3
all runs: crashed: kernel BUG in kvfree
testing release v5.10.172
testing commit 9fd42770b50756c08f04b4070ab6572adb2d6e1b gcc
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 5e2068c37471c625c6eed6936be6e4b677e146ad53f8465e7349813d872b3aa0
all runs: OK
# git bisect start e5f315b55f8e09ac17c968da42f9345f64efcdd2 9fd42770b50756c08f04b4070ab6572adb2d6e1b
Bisecting: 264 revisions left to test after this (roughly 8 steps)
[0a2e2674f720836e294523cf165deac9ba3b1425] remoteproc: qcom_q6v5_mss: Use a carveout to authenticate modem headers

testing commit 0a2e2674f720836e294523cf165deac9ba3b1425 gcc
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 55f7cab03edafc10e58123339d318ba5f112682c663dced10f8a9c0299b2d73c
all runs: OK
# git bisect good 0a2e2674f720836e294523cf165deac9ba3b1425
Bisecting: 132 revisions left to test after this (roughly 7 steps)
[0f2fd21b5b54530f14f75ef11cc62dc7f52dab1b] ARM: dts: exynos: correct TMU phandle in Odroid HC1

testing commit 0f2fd21b5b54530f14f75ef11cc62dc7f52dab1b gcc
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 5ff6d21ae06b42b591b6df8aa55ec388e8d89e668d079d5a6dfd84628eab4cca
all runs: crashed: kernel BUG in kvfree
# git bisect bad 0f2fd21b5b54530f14f75ef11cc62dc7f52dab1b
Bisecting: 65 revisions left to test after this (roughly 6 steps)
[66b40f8756d2ef55c60a20831fa5ce28ffdb6f03] rtc: pm8xxx: fix set-alarm race

testing commit 66b40f8756d2ef55c60a20831fa5ce28ffdb6f03 gcc
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 66389864fa293699f9dccbdb9217e9951c2f15ac83f516e41bc0cf6bc3b72c26
all runs: OK
# git bisect good 66b40f8756d2ef55c60a20831fa5ce28ffdb6f03
Bisecting: 32 revisions left to test after this (roughly 5 steps)
[0a89768b85f010107b8051285379dc88c002715b] x86/microcode/amd: Remove load_microcode_amd()'s bsp parameter

testing commit 0a89768b85f010107b8051285379dc88c002715b gcc
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: a521daf4b02d5971e457e087c02f5ccd9fd112de8239a653aed96240232b1ea2
all runs: OK
# git bisect good 0a89768b85f010107b8051285379dc88c002715b
Bisecting: 16 revisions left to test after this (roughly 4 steps)
[ae2340769ed3c2a3d3de0fab64b667db6df27744] ALSA: ice1712: Do not left ice->gpio_mutex locked in aureon_add_controls()

testing commit ae2340769ed3c2a3d3de0fab64b667db6df27744 gcc
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: c7e24153b0ededfeef0a577ce231ac5ce54209aaa5078832c8931d81f6f4b029
all runs: OK
# git bisect good ae2340769ed3c2a3d3de0fab64b667db6df27744
Bisecting: 8 revisions left to test after this (roughly 3 steps)
[2cfe78619b0de6d2da773978bc2d22797212eaa7] wifi: cfg80211: Fix use after free for wext

testing commit 2cfe78619b0de6d2da773978bc2d22797212eaa7 gcc
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 6de34737269639462b205df6041f9cf5e7b43739e2653dd2c3f6f06e63564b85
all runs: crashed: kernel BUG in kvfree
# git bisect bad 2cfe78619b0de6d2da773978bc2d22797212eaa7
Bisecting: 3 revisions left to test after this (roughly 2 steps)
[0dc0fa313bb4e86382a3e7125429710d44383196] ext4: refuse to create ea block when umounted

testing commit 0dc0fa313bb4e86382a3e7125429710d44383196 gcc
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 1c386d8295eb29801f72e1e5945908bec5b5d896ad1c8bed3ca8b7242a91bbe1
all runs: crashed: kernel BUG in kvfree
# git bisect bad 0dc0fa313bb4e86382a3e7125429710d44383196
Bisecting: 1 revision left to test after this (roughly 1 step)
[ab22799f11e378a37d1c8c4e47e796f84be97a60] jbd2: fix data missing when reusing bh which is ready to be checkpointed

testing commit ab22799f11e378a37d1c8c4e47e796f84be97a60 gcc
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 971b994a3ac61cb4faf85de465bfe158cebe85ee2d929ab91e068581112dba21
all runs: OK
# git bisect good ab22799f11e378a37d1c8c4e47e796f84be97a60
Bisecting: 0 revisions left to test after this (roughly 0 steps)
[d738789ae9ec47d3458a008788f3cdc862ebf0cb] ext4: optimize ea_inode block expansion

testing commit d738789ae9ec47d3458a008788f3cdc862ebf0cb gcc
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: fc65cc96607aebade5ecb083ec83a5625317e6fbd1e1ff62bcc6a8be1febe3dd
all runs: crashed: kernel BUG in kvfree
# git bisect bad d738789ae9ec47d3458a008788f3cdc862ebf0cb
d738789ae9ec47d3458a008788f3cdc862ebf0cb is the first bad commit
commit d738789ae9ec47d3458a008788f3cdc862ebf0cb
Author: Jun Nie <jun.nie@linaro.org>
Date:   Tue Jan 3 09:45:16 2023 +0800

    ext4: optimize ea_inode block expansion
    
    commit 1e9d62d252812575ded7c620d8fc67c32ff06c16 upstream.
    
    Copy ea data from inode entry when expanding ea block if possible.
    Then remove the ea entry if expansion success. Thus memcpy to a
    temporary buffer may be avoided.
    
    If the expansion fails, we do not need to recovery the removed ea
    entry neither in this way.
    
    Reported-by: syzbot+2dacb8f015bf1420155f@syzkaller.appspotmail.com
    Link: https://syzkaller.appspot.com/bug?id=3613786cb88c93aa1c6a279b1df6a7b201347d08
    Link: https://lore.kernel.org/r/20230103014517.495275-2-jun.nie@linaro.org
    Cc: stable@kernel.org
    Signed-off-by: Jun Nie <jun.nie@linaro.org>
    Signed-off-by: Theodore Ts'o <tytso@mit.edu>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

 fs/ext4/xattr.c | 28 +++++++++++++++++-----------
 1 file changed, 17 insertions(+), 11 deletions(-)

culprit signature: fc65cc96607aebade5ecb083ec83a5625317e6fbd1e1ff62bcc6a8be1febe3dd
parent  signature: 971b994a3ac61cb4faf85de465bfe158cebe85ee2d929ab91e068581112dba21
revisions tested: 16, total time: 7h13m34.5882556s (build: 5h20m25.265431042s, test: 1h49m39.906363171s)
first bad commit: d738789ae9ec47d3458a008788f3cdc862ebf0cb ext4: optimize ea_inode block expansion
recipients (to): ["gregkh@linuxfoundation.org" "jun.nie@linaro.org" "tytso@mit.edu"]
recipients (cc): []
crash: kernel BUG in kvfree
------------[ cut here ]------------
kernel BUG at mm/slub.c:4118!
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
CPU: 0 PID: 441 Comm: syz-executor.0 Not tainted 5.10.172-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023
RIP: 0010:kfree+0x269/0x270 mm/slub.c:305
Code: 08 4c 89 ee 48 89 da e8 a5 8b f5 ff 65 ff 0d aa db 78 7e 0f 85 d2 fd ff ff e8 c2 d5 76 ff e9 c8 fd ff ff e8 89 b4 7a 02 0f 0b <0f> 0b 0f 1f 44 00 00 55 48 89 e5 53 48 83 ec 18 89 f2 65 48 8b 04
RSP: 0018:ffffc900008879f8 EFLAGS: 00010246
RAX: dead000000000100 RBX: ffff88811e2035a4 RCX: ffffea00047880c0
RDX: dffffc0000000000 RSI: ffffffff84bd9fe0 RDI: ffff88811e2035a4
RBP: ffffc90000887a50 R08: dffffc0000000000 R09: fffff52000110ed0
R10: 0000000000000000 R11: dffffc0000000001 R12: 0000000000000020
R13: ffffffff817d9d00 R14: 0000000000000000 R15: ffffea00047880c0
FS:  00007f4550799700(0000) GS:ffff8881f7200000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000563df67a40a0 CR3: 000000011e419000 CR4: 00000000003506b0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 kvfree+0x20/0x30 mm/util.c:642
 ext4_xattr_move_to_block fs/ext4/xattr.c:2625 [inline]
 ext4_xattr_make_inode_space fs/ext4/xattr.c:2688 [inline]
 ext4_expand_extra_isize_ea+0xf47/0x1bc0 fs/ext4/xattr.c:2780
 __ext4_expand_extra_isize+0x217/0x360 fs/ext4/inode.c:5893
 ext4_try_to_expand_extra_isize fs/ext4/inode.c:5936 [inline]
 __ext4_mark_inode_dirty+0x334/0x550 fs/ext4/inode.c:6013
 __ext4_unlink+0x56c/0x8a0 fs/ext4/namei.c:3296
 ext4_unlink+0xfc/0x2a0 fs/ext4/namei.c:3339
 vfs_unlink+0x268/0x3e0 fs/namei.c:3839
 do_unlinkat+0x365/0x710 fs/namei.c:3904
 __do_sys_unlinkat fs/namei.c:3945 [inline]
 __se_sys_unlinkat fs/namei.c:3938 [inline]
 __x64_sys_unlinkat+0x97/0xb0 fs/namei.c:3938
 do_syscall_64+0x34/0x70 arch/x86/entry/common.c:46
 entry_SYSCALL_64_after_hwframe+0x61/0xc6
RIP: 0033:0x7f4550c26169
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f4550799168 EFLAGS: 00000246 ORIG_RAX: 0000000000000107
RAX: ffffffffffffffda RBX: 00007f4550d45f80 RCX: 00007f4550c26169
RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003
RBP: 00007f4550c81ca1 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffe684b3eaf R14: 00007f4550799300 R15: 0000000000022000
Modules linked in:
---[ end trace 650730378d5a8ad1 ]---
RIP: 0010:kfree+0x269/0x270 mm/slub.c:305
Code: 08 4c 89 ee 48 89 da e8 a5 8b f5 ff 65 ff 0d aa db 78 7e 0f 85 d2 fd ff ff e8 c2 d5 76 ff e9 c8 fd ff ff e8 89 b4 7a 02 0f 0b <0f> 0b 0f 1f 44 00 00 55 48 89 e5 53 48 83 ec 18 89 f2 65 48 8b 04
RSP: 0018:ffffc900008879f8 EFLAGS: 00010246
RAX: dead000000000100 RBX: ffff88811e2035a4 RCX: ffffea00047880c0
RDX: dffffc0000000000 RSI: ffffffff84bd9fe0 RDI: ffff88811e2035a4
RBP: ffffc90000887a50 R08: dffffc0000000000 R09: fffff52000110ed0
R10: 0000000000000000 R11: dffffc0000000001 R12: 0000000000000020
R13: ffffffff817d9d00 R14: 0000000000000000 R15: ffffea00047880c0
FS:  00007f4550799700(0000) GS:ffff8881f7300000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f4550c00180 CR3: 000000011e419000 CR4: 00000000003506a0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400