ci2 starts bisection 2023-10-29 17:51:39.102178682 +0000 UTC m=+187354.777797297 bisecting fixing commit since d7dacaa439c7cd0f3e2130e90ac8f2b91370d3da building syzkaller on 39990d513277ce9372a4cc89bdac23d9fc30b056 ensuring issue is reproducible on original commit d7dacaa439c7cd0f3e2130e90ac8f2b91370d3da testing commit d7dacaa439c7cd0f3e2130e90ac8f2b91370d3da gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: ed0cb2e8201634321adf8f41f4a0be1ce5ec5437682f51df3bef794ff0e546f8 all runs: crashed: KASAN: out-of-bounds Read in ext4_ext_remove_space representative crash: KASAN: out-of-bounds Read in ext4_ext_remove_space, types: [KASAN] check whether we can drop unnecessary instrumentation disabling configs for [LEAK UBSAN BUG LOCKDEP ATOMIC_SLEEP HANG], they are not needed testing commit d7dacaa439c7cd0f3e2130e90ac8f2b91370d3da gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: a4d991aa93101b4cb6242530bf246f84522b46c4b78aa63a3831339700ea359f all runs: crashed: KASAN: out-of-bounds Read in ext4_ext_remove_space representative crash: KASAN: out-of-bounds Read in ext4_ext_remove_space, types: [KASAN] the bug reproduces without the instrumentation disabling configs for [HANG LEAK UBSAN BUG LOCKDEP ATOMIC_SLEEP], they are not needed kconfig minimization: base=5179 full=6487 leaves diff=250 split chunks (needed=false): <250> split chunk #0 of len 250 into 5 parts testing without sub-chunk 1/5 disabling configs for [LOCKDEP ATOMIC_SLEEP HANG LEAK UBSAN BUG], they are not needed testing commit d7dacaa439c7cd0f3e2130e90ac8f2b91370d3da gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: a2325133dd1193172c5da935b295fcf1a72631766b84fd5067f7ca169a649686 all runs: crashed: KASAN: out-of-bounds Read in ext4_ext_remove_space representative crash: KASAN: out-of-bounds Read in ext4_ext_remove_space, types: [KASAN] the chunk can be dropped testing without sub-chunk 2/5 disabling configs for [LOCKDEP ATOMIC_SLEEP HANG LEAK UBSAN BUG], they are not needed testing commit d7dacaa439c7cd0f3e2130e90ac8f2b91370d3da gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 938644f8e51aba5a5c83c7606e31e57249a1de611c67a7e103fe2f24ab54548d all runs: crashed: KASAN: out-of-bounds Read in ext4_ext_remove_space representative crash: KASAN: out-of-bounds Read in ext4_ext_remove_space, types: [KASAN] the chunk can be dropped testing without sub-chunk 3/5 disabling configs for [LEAK UBSAN BUG LOCKDEP ATOMIC_SLEEP HANG], they are not needed testing commit d7dacaa439c7cd0f3e2130e90ac8f2b91370d3da gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: ffd0f2a43395acb13381ce8b21cb77f8d8a592d433d7fca0338ebc0a8d800aa2 all runs: crashed: KASAN: out-of-bounds Read in ext4_ext_remove_space representative crash: KASAN: out-of-bounds Read in ext4_ext_remove_space, types: [KASAN] the chunk can be dropped testing without sub-chunk 4/5 disabling configs for [UBSAN BUG LOCKDEP ATOMIC_SLEEP HANG LEAK], they are not needed testing commit d7dacaa439c7cd0f3e2130e90ac8f2b91370d3da gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 2ef4aeacee8718be12ef300bb110ec0c9d27de9851535b407068f58146f5f67d all runs: crashed: KASAN: out-of-bounds Read in ext4_ext_remove_space representative crash: KASAN: out-of-bounds Read in ext4_ext_remove_space, types: [KASAN] the chunk can be dropped testing without sub-chunk 5/5 disabling configs for [HANG LEAK UBSAN BUG LOCKDEP ATOMIC_SLEEP], they are not needed testing commit d7dacaa439c7cd0f3e2130e90ac8f2b91370d3da gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 failed building d7dacaa439c7cd0f3e2130e90ac8f2b91370d3da: net/socket.c:1225: undefined reference to `wext_handle_ioctl' net/socket.c:3420: undefined reference to `compat_wext_handle_ioctl' net/core/net-procfs.c:329: undefined reference to `wext_proc_init' net/core/net-procfs.c:345: undefined reference to `wext_proc_exit' minimized to 50 configs; suspects: [HID_ZEROPLUS USB_NET_CDC_MBIM USB_NET_CDC_SUBSET USB_NET_CDC_SUBSET_ENABLE USB_NET_DM9601 USB_NET_GL620A USB_NET_MCS7830 USB_NET_NET1080 USB_NET_PLUSB USB_NET_RNDIS_HOST USB_NET_SMSC75XX USB_NET_SMSC95XX USB_NET_SR9700 USB_NET_SR9800 USB_NET_ZAURUS USB_OHCI_HCD USB_OHCI_HCD_PCI USB_OHCI_HCD_PLATFORM USB_OTG USB_OTG_FSM USB_PRINTER USB_SERIAL_GENERIC USB_SERIAL_PL2303 USB_STORAGE_ALAUDA USB_STORAGE_CYPRESS_ATACB USB_STORAGE_DATAFAB USB_STORAGE_FREECOM USB_STORAGE_ISD200 USB_STORAGE_JUMPSHOT USB_STORAGE_KARMA USB_STORAGE_ONETOUCH USB_STORAGE_SDDR09 USB_STORAGE_SDDR55 USB_STORAGE_USBAT USB_TRANCEVIBRATOR USB_U_AUDIO USB_U_ETHER USB_U_SERIAL USB_WDM WLAN WLAN_VENDOR_ATH WLAN_VENDOR_ATMEL WLAN_VENDOR_BROADCOM WLAN_VENDOR_INTERSIL WLAN_VENDOR_MARVELL WLAN_VENDOR_MEDIATEK WLAN_VENDOR_MICROCHIP WLAN_VENDOR_PURELIFI WLAN_VENDOR_RALINK WLAN_VENDOR_REALTEK WLAN_VENDOR_RSI WLAN_VENDOR_SILABS WLAN_VENDOR_ZYDAS X86_X32_ABI ZEROPLUS_FF] disabling configs for [ATOMIC_SLEEP HANG LEAK UBSAN BUG LOCKDEP], they are not needed testing current HEAD 5418491fa533316d91f14193f7cde2845982ebe2 testing commit 5418491fa533316d91f14193f7cde2845982ebe2 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: bf90457372e3f62aa6ffd6d292faa0d5d9e593275b1eece07bab57b4902e217c all runs: crashed: KASAN: out-of-bounds Read in ext4_ext_remove_space representative crash: KASAN: out-of-bounds Read in ext4_ext_remove_space, types: [KASAN] crash still not fixed/happens on the oldest tested release revisions tested: 7, total time: 42m20.803323276s (build: 19m48.595858179s, test: 19m37.046616933s) crash still not fixed or there were kernel test errors commit msg: ANDROID: Update the ABI symbol list crash: KASAN: out-of-bounds Read in ext4_ext_remove_space EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:477: comm syz-executor.0: Invalid block bitmap block 0 in block_group 0 EXT4-fs (loop0): Remounting filesystem read-only EXT4-fs error (device loop0) in ext4_mb_clear_bb:6138: Corrupt filesystem ================================================================== BUG: KASAN: out-of-bounds in ext4_ext_rm_leaf fs/ext4/extents.c:2737 [inline] BUG: KASAN: out-of-bounds in ext4_ext_remove_space+0x1fa0/0x4970 fs/ext4/extents.c:2959 Read of size 18446744073709551544 at addr ffff888123d2a054 by task syz-executor.0/370 CPU: 1 PID: 370 Comm: syz-executor.0 Not tainted 6.1.43-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023 Call Trace: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x105/0x148 lib/dump_stack.c:106 print_address_description mm/kasan/report.c:316 [inline] print_report+0x158/0x4e0 mm/kasan/report.c:427 kasan_report+0x13c/0x170 mm/kasan/report.c:531 kasan_check_range+0x294/0x2a0 mm/kasan/generic.c:189 memmove+0x2d/0x70 mm/kasan/shadow.c:54 ext4_ext_rm_leaf fs/ext4/extents.c:2737 [inline] ext4_ext_remove_space+0x1fa0/0x4970 fs/ext4/extents.c:2959 ext4_punch_hole+0x5d7/0x8e0 fs/ext4/inode.c:4117 ext4_fallocate+0x2b1/0x1730 fs/ext4/extents.c:4708 vfs_fallocate+0x330/0x410 fs/open.c:324 do_vfs_ioctl+0x1aca/0x2350 fs/ioctl.c:849 __do_sys_ioctl fs/ioctl.c:868 [inline] __se_sys_ioctl+0x5d/0x110 fs/ioctl.c:856 __x64_sys_ioctl+0x76/0x80 fs/ioctl.c:856 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd RIP: 0033:0x7fb26e67cae9 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007fb26f3630c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 00007fb26e79c050 RCX: 00007fb26e67cae9 RDX: 0000000020000080 RSI: 000000004030582b RDI: 0000000000000004 RBP: 00007fb26e6c847a R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 000000000000000b R14: 00007fb26e79c050 R15: 00007ffc189aaa58 The buggy address belongs to the physical page: page:ffffea00048f4a80 refcount:2 mapcount:0 mapping:ffff88810aeaab50 index:0x3a pfn:0x123d2a memcg:ffff8881200ec000 aops:def_blk_aops ino:700000 flags: 0x4e00000000002056(referenced|uptodate|lru|workingset|private|zone=1) raw: 4e00000000002056 ffffea00048f2388 ffffea0004912388 ffff88810aeaab50 raw: 000000000000003a ffff8881229069d8 00000002ffffffff ffff8881200ec000 page dumped because: kasan: bad access detected page_owner tracks the page as allocated page last allocated via order 0, migratetype Movable, gfp_mask 0x148c48(GFP_NOFS|__GFP_NOFAIL|__GFP_COMP|__GFP_HARDWALL|__GFP_MOVABLE), pid 367, tgid 366 (syz-executor.0), ts 46100824197, free_ts 0 set_page_owner include/linux/page_owner.h:33 [inline] post_alloc_hook mm/page_alloc.c:2582 [inline] prep_new_page+0x512/0x5e0 mm/page_alloc.c:2589 get_page_from_freelist+0x2900/0x2990 mm/page_alloc.c:4390 __alloc_pages+0x39f/0x780 mm/page_alloc.c:5672 __folio_alloc+0x15/0x40 mm/page_alloc.c:5704 __folio_alloc_node include/linux/gfp.h:245 [inline] folio_alloc include/linux/gfp.h:274 [inline] filemap_alloc_folio include/linux/pagemap.h:474 [inline] __filemap_get_folio+0x53b/0x6a0 mm/filemap.c:1983 pagecache_get_page+0x15/0xb0 mm/folio-compat.c:110 find_or_create_page include/linux/pagemap.h:615 [inline] grow_dev_page fs/buffer.c:989 [inline] grow_buffers fs/buffer.c:1054 [inline] __getblk_slow fs/buffer.c:1081 [inline] __getblk_gfp+0x1ac/0x590 fs/buffer.c:1376 sb_getblk_gfp include/linux/buffer_head.h:363 [inline] ext4_ext_grow_indepth fs/ext4/extents.c:1334 [inline] ext4_ext_create_new_leaf fs/ext4/extents.c:1435 [inline] ext4_ext_insert_extent+0xf76/0x5490 fs/ext4/extents.c:2102 ext4_ext_map_blocks+0x1a04/0x64d0 fs/ext4/extents.c:4308 ext4_map_blocks+0x821/0x1890 fs/ext4/inode.c:651 _ext4_get_block+0x1d0/0x540 fs/ext4/inode.c:798 ext4_get_block+0x12/0x20 fs/ext4/inode.c:815 ext4_block_write_begin+0x399/0xbc0 fs/ext4/inode.c:1088 ext4_write_begin+0x588/0xe00 ext4_da_write_begin+0x397/0x6f0 fs/ext4/inode.c:2977 generic_perform_write+0x2ee/0x520 mm/filemap.c:3772 page_owner free stack trace missing Memory state around the buggy address: ffff888123d29f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ffff888123d29f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff >ffff888123d2a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ^ ffff888123d2a080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffff888123d2a100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ================================================================== EXT4-fs error (device loop0): __ext4_get_inode_loc:4485: comm syz-executor.0: Invalid inode table block 0 in block_group 0 EXT4-fs error (device loop0) in ext4_reserve_inode_write:5858: Corrupt filesystem EXT4-fs error (device loop0): ext4_punch_hole:4130: inode #16: comm syz-executor.0: mark_inode_dirty error