ci2 starts bisection 2024-02-11 02:19:41.426050341 +0000 UTC m=+119456.505773312 bisecting fixing commit since a27512601c2d65569fdd5a843246dc8da96b6408 building syzkaller on 0b6a67ac4b0dc26f43030c5edd01c9175f13b784 ensuring issue is reproducible on original commit a27512601c2d65569fdd5a843246dc8da96b6408 testing commit a27512601c2d65569fdd5a843246dc8da96b6408 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 23e828bfda655b47b16e941e3610e7dc9017f69ebe9c15748c2ef230b6f25120 all runs: crashed: KASAN: out-of-bounds Read in ext4_xattr_set_entry representative crash: KASAN: out-of-bounds Read in ext4_xattr_set_entry, types: [KASAN] check whether we can drop unnecessary instrumentation disabling configs for [LOCKDEP ATOMIC_SLEEP HANG LEAK UBSAN BUG], they are not needed testing commit a27512601c2d65569fdd5a843246dc8da96b6408 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: e3c4c6a1048fa12d6b34fb52aa17110f78c3ee6266d92c0ad58b8ecde3390b7a all runs: crashed: KASAN: out-of-bounds Read in ext4_xattr_set_entry representative crash: KASAN: out-of-bounds Read in ext4_xattr_set_entry, types: [KASAN] the bug reproduces without the instrumentation disabling configs for [HANG LEAK UBSAN BUG LOCKDEP ATOMIC_SLEEP], they are not needed kconfig minimization: base=4789 full=6024 leaves diff=238 split chunks (needed=false): <238> split chunk #0 of len 238 into 5 parts testing without sub-chunk 1/5 disabling configs for [UBSAN BUG LOCKDEP ATOMIC_SLEEP HANG LEAK], they are not needed testing commit a27512601c2d65569fdd5a843246dc8da96b6408 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 2b6952a095b602b49cf7ffe2a87b082dad4472b6b3f00f1118905c76b8310cca all runs: crashed: KASAN: out-of-bounds Read in ext4_xattr_set_entry representative crash: KASAN: out-of-bounds Read in ext4_xattr_set_entry, types: [KASAN] the chunk can be dropped testing without sub-chunk 2/5 disabling configs for [BUG LOCKDEP ATOMIC_SLEEP HANG LEAK UBSAN], they are not needed testing commit a27512601c2d65569fdd5a843246dc8da96b6408 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: ee8c8186c7cbdc16d42966b2c28ce73cd5d719e54eccac7a6f637d6bec32746b all runs: crashed: KASAN: out-of-bounds Read in ext4_xattr_set_entry representative crash: KASAN: out-of-bounds Read in ext4_xattr_set_entry, types: [KASAN] the chunk can be dropped testing without sub-chunk 3/5 disabling configs for [ATOMIC_SLEEP HANG LEAK UBSAN BUG LOCKDEP], they are not needed testing commit a27512601c2d65569fdd5a843246dc8da96b6408 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 2842f8b3afd25f2ee8c909047fc17fa8b1fd820fd5621f707e2db644b408c8ae all runs: crashed: KASAN: out-of-bounds Read in ext4_xattr_set_entry representative crash: KASAN: out-of-bounds Read in ext4_xattr_set_entry, types: [KASAN] the chunk can be dropped testing without sub-chunk 4/5 disabling configs for [HANG LEAK UBSAN BUG LOCKDEP ATOMIC_SLEEP], they are not needed testing commit a27512601c2d65569fdd5a843246dc8da96b6408 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 96ed7d91501ab131b8497f2aa852eebf6da67f2f6dbb3b7181efea89076b8065 run #0: crashed: KASAN: out-of-bounds Read in ext4_xattr_set_entry run #1: crashed: KASAN: out-of-bounds Read in ext4_xattr_set_entry run #2: crashed: KASAN: out-of-bounds Read in ext4_xattr_set_entry run #3: crashed: KASAN: out-of-bounds Read in ext4_xattr_set_entry run #4: crashed: KASAN: out-of-bounds Read in ext4_xattr_set_entry run #5: crashed: KASAN: out-of-bounds Read in ext4_xattr_set_entry run #6: crashed: KASAN: out-of-bounds Read in ext4_xattr_set_entry run #7: crashed: KASAN: out-of-bounds Read in ext4_xattr_set_entry run #8: crashed: KASAN: out-of-bounds Read in ext4_xattr_set_entry run #9: OK representative crash: KASAN: out-of-bounds Read in ext4_xattr_set_entry, types: [KASAN] the chunk can be dropped testing without sub-chunk 5/5 disabling configs for [LEAK UBSAN BUG LOCKDEP ATOMIC_SLEEP HANG], they are not needed testing commit a27512601c2d65569fdd5a843246dc8da96b6408 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 failed building a27512601c2d65569fdd5a843246dc8da96b6408: net/socket.c:1109: undefined reference to `wext_handle_ioctl' net/socket.c:3378: undefined reference to `compat_wext_handle_ioctl' net/core/net-procfs.c:346: undefined reference to `wext_proc_exit' net/core/net-procfs.c:330: undefined reference to `wext_proc_init' minimized to 46 configs; suspects: [HID_ZEROPLUS USB_NET_GL620A USB_NET_MCS7830 USB_NET_NET1080 USB_NET_PLUSB USB_NET_RNDIS_HOST USB_NET_SMSC75XX USB_NET_SMSC95XX USB_NET_SR9700 USB_NET_SR9800 USB_NET_ZAURUS USB_OHCI_HCD USB_OHCI_HCD_PCI USB_OHCI_HCD_PLATFORM USB_OTG USB_OTG_FSM USB_PRINTER USB_SERIAL USB_SERIAL_FTDI_SIO USB_SERIAL_GENERIC USB_SERIAL_PL2303 USB_STORAGE_ALAUDA USB_STORAGE_CYPRESS_ATACB USB_STORAGE_DATAFAB USB_STORAGE_FREECOM USB_STORAGE_ISD200 USB_STORAGE_JUMPSHOT USB_STORAGE_KARMA USB_STORAGE_ONETOUCH USB_STORAGE_SDDR09 USB_STORAGE_SDDR55 USB_STORAGE_USBAT USB_TRANCEVIBRATOR USB_U_AUDIO USB_U_ETHER USB_U_SERIAL USB_WDM WLAN WLAN_VENDOR_ATH WLAN_VENDOR_ATMEL WLAN_VENDOR_BROADCOM WLAN_VENDOR_INTERSIL WLAN_VENDOR_MARVELL WLAN_VENDOR_MEDIATEK WLAN_VENDOR_MICROCHIP WLAN_VENDOR_RALINK WLAN_VENDOR_REALTEK WLAN_VENDOR_RSI WLAN_VENDOR_ZYDAS X86_X32 ZEROPLUS_FF] disabling configs for [LOCKDEP ATOMIC_SLEEP HANG LEAK UBSAN BUG], they are not needed testing current HEAD fc10db4b193239730f058050e153df17bfdceee7 testing commit fc10db4b193239730f058050e153df17bfdceee7 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: b16a09561b8bb2228fd379b16289b739fb619f70ac3e45d0e595151e247e3c02 all runs: crashed: KASAN: out-of-bounds Read in ext4_xattr_set_entry representative crash: KASAN: out-of-bounds Read in ext4_xattr_set_entry, types: [KASAN] crash still not fixed/happens on the oldest tested release revisions tested: 7, total time: 1h9m4.411467387s (build: 15m15.205956263s, test: 52m28.093890597s) crash still not fixed or there were kernel test errors commit msg: Merge android13-5.10 into android13-5.10-lts crash: KASAN: out-of-bounds Read in ext4_xattr_set_entry ================================================================== BUG: KASAN: out-of-bounds in ext4_xattr_set_entry+0xe7b/0x3da0 fs/ext4/xattr.c:1747 Read of size 18446744073709551552 at addr ffff8881206c22e8 by task syz-executor.0/653 CPU: 1 PID: 653 Comm: syz-executor.0 Not tainted 5.10.209-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack_lvl+0x81/0xac lib/dump_stack.c:118 print_address_description.constprop.0+0x24/0x160 mm/kasan/report.c:248 __kasan_report mm/kasan/report.c:435 [inline] kasan_report.cold+0x82/0xdb mm/kasan/report.c:452 check_region_inline mm/kasan/generic.c:183 [inline] kasan_check_range+0x148/0x190 mm/kasan/generic.c:189 memmove+0x24/0x60 mm/kasan/shadow.c:54 ext4_xattr_set_entry+0xe7b/0x3da0 fs/ext4/xattr.c:1747 ext4_xattr_ibody_set+0xfd/0x350 fs/ext4/xattr.c:2228 ext4_xattr_set_handle+0x7aa/0x10f0 fs/ext4/xattr.c:2385 ext4_xattr_set+0x151/0x310 fs/ext4/xattr.c:2498 ext4_xattr_trusted_set+0x1e/0x20 fs/ext4/xattr_trusted.c:37 __vfs_setxattr+0xe5/0x140 fs/xattr.c:177 __vfs_setxattr_noperm+0xeb/0x470 fs/xattr.c:208 __vfs_setxattr_locked+0x154/0x1e0 fs/xattr.c:266 vfs_setxattr+0x101/0x280 fs/xattr.c:283 setxattr+0x1aa/0x320 fs/xattr.c:548 path_setxattr+0x132/0x150 fs/xattr.c:567 __do_sys_setxattr fs/xattr.c:582 [inline] __se_sys_setxattr fs/xattr.c:578 [inline] __x64_sys_setxattr+0xbf/0x150 fs/xattr.c:578 do_syscall_64+0x32/0x80 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x61/0xc6 RIP: 0033:0x7f43daccbae9 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f43d246d0c8 EFLAGS: 00000246 ORIG_RAX: 00000000000000bc RAX: ffffffffffffffda RBX: 00007f43dadeb050 RCX: 00007f43daccbae9 RDX: 0000000000000000 RSI: 0000000020000240 RDI: 00000000200002c0 RBP: 00007f43dad1747a R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 000000000000000b R14: 00007f43dadeb050 R15: 00007ffcf7dda638 The buggy address belongs to the page: page:ffffea000481b080 refcount:2 mapcount:0 mapping:ffff888108eaf150 index:0x2 pfn:0x1206c2 aops:def_blk_aops ino:0 flags: 0x4000000000002036(referenced|uptodate|lru|active|private) raw: 4000000000002036 ffffea00044d5c08 ffff88811cb0a030 ffff888108eaf150 raw: 0000000000000002 ffff8881213ba9d8 00000002ffffffff ffff88811cb04000 page dumped because: kasan: bad access detected page->mem_cgroup:ffff88811cb04000 page_owner tracks the page as allocated page last allocated via order 0, migratetype Movable, gfp_mask 0x108c48(GFP_NOFS|__GFP_NOFAIL|__GFP_HARDWALL|__GFP_MOVABLE), pid 649, ts 54776031910, free_ts 54766441007 set_page_owner include/linux/page_owner.h:35 [inline] post_alloc_hook mm/page_alloc.c:2456 [inline] prep_new_page mm/page_alloc.c:2462 [inline] get_page_from_freelist+0x1fee/0x2ad0 mm/page_alloc.c:4254 __alloc_pages_nodemask+0x2ae/0x2360 mm/page_alloc.c:5346 __alloc_pages include/linux/gfp.h:544 [inline] __alloc_pages_node include/linux/gfp.h:557 [inline] alloc_pages_node include/linux/gfp.h:571 [inline] alloc_pages include/linux/gfp.h:590 [inline] __page_cache_alloc include/linux/pagemap.h:290 [inline] pagecache_get_page+0x169/0x6f0 mm/filemap.c:1848 find_or_create_page include/linux/pagemap.h:402 [inline] grow_dev_page fs/buffer.c:976 [inline] grow_buffers fs/buffer.c:1045 [inline] __getblk_slow+0x1ad/0x580 fs/buffer.c:1072 __getblk_gfp+0x3d/0x50 fs/buffer.c:1370 sb_getblk include/linux/buffer_head.h:361 [inline] __ext4_get_inode_loc+0x44d/0x1070 fs/ext4/inode.c:4431 __ext4_get_inode_loc_noinmem+0xaf/0x150 fs/ext4/inode.c:4541 __ext4_iget+0x2f0/0x5b20 fs/ext4/inode.c:4766 ext4_orphan_get+0x1f4/0x770 fs/ext4/ialloc.c:1391 ext4_orphan_cleanup fs/ext4/super.c:3083 [inline] ext4_fill_super+0x7757/0xb7d0 fs/ext4/super.c:5075 mount_bdev+0x2b7/0x390 fs/super.c:1429 ext4_mount+0x10/0x20 fs/ext4/super.c:6626 legacy_get_tree+0xf5/0x1d0 fs/fs_context.c:593 vfs_get_tree+0x81/0x1b0 fs/super.c:1559 do_new_mount fs/namespace.c:2910 [inline] path_mount+0x4d9/0x1e30 fs/namespace.c:3240 do_mount fs/namespace.c:3253 [inline] __do_sys_mount fs/namespace.c:3461 [inline] __se_sys_mount fs/namespace.c:3438 [inline] __x64_sys_mount+0x20e/0x280 fs/namespace.c:3438 page last free stack trace: reset_page_owner include/linux/page_owner.h:28 [inline] free_pages_prepare mm/page_alloc.c:1349 [inline] free_pcp_prepare+0x1a7/0x230 mm/page_alloc.c:1421 free_unref_page_prepare mm/page_alloc.c:3336 [inline] free_unref_page_list+0x18a/0xae0 mm/page_alloc.c:3443 release_pages+0x374/0xb00 mm/swap.c:1103 free_pages_and_swap_cache+0x180/0x1e0 mm/swap_state.c:356 tlb_batch_pages_flush mm/mmu_gather.c:49 [inline] tlb_flush_mmu_free mm/mmu_gather.c:240 [inline] tlb_flush_mmu mm/mmu_gather.c:247 [inline] tlb_finish_mmu+0x129/0x790 mm/mmu_gather.c:326 unmap_region+0x2ee/0x400 mm/mmap.c:2807 __do_munmap+0x48b/0x1050 mm/mmap.c:3036 __vm_munmap+0xfb/0x1a0 mm/mmap.c:3059 __do_sys_munmap mm/mmap.c:3085 [inline] __se_sys_munmap mm/mmap.c:3081 [inline] __x64_sys_munmap+0x62/0x80 mm/mmap.c:3081 do_syscall_64+0x32/0x80 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x61/0xc6 Memory state around the buggy address: ffff8881206c2180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffff8881206c2200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >ffff8881206c2280: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ^ ffff8881206c2300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffff8881206c2380: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ================================================================== EXT4-fs warning (device loop0): ext4_update_dynamic_rev:1044: updating to rev 1 because of new feature flag, running e2fsck is recommended