ci starts bisection 2025-11-17 11:49:28.909711831 +0000 UTC m=+4651.155927512
bisecting fixing commit since 739a6c93cc755c0daf3a7e57e018a8c61047cd90
building syzkaller on d6cdfb8a765c64793bc63cf630e68fbdd0ee0974
ensuring issue is reproducible on original commit 739a6c93cc755c0daf3a7e57e018a8c61047cd90

testing commit 739a6c93cc755c0daf3a7e57e018a8c61047cd90 gcc
compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
kernel signature: cd3149ba53c86c61ca6190f8fd4f0a6ac52d8ff4b9ed9826a6033870d3bcf3aa
run #0: crashed: kernel BUG in ext4_ext_insert_extent
run #1: crashed: kernel BUG in ext4_ext_insert_extent
run #2: crashed: kernel BUG in ext4_ext_insert_extent
run #3: crashed: kernel BUG in ext4_ext_insert_extent
run #4: crashed: kernel BUG in ext4_ext_insert_extent
run #5: crashed: kernel BUG in ext4_ext_insert_extent
run #6: crashed: kernel BUG in ext4_ext_insert_extent
run #7: crashed: kernel BUG in ext4_ext_insert_extent
run #8: crashed: kernel BUG in ext4_ext_insert_extent
run #9: crashed: KASAN: use-after-free Read in ext4_ext_remove_space
run #10: crashed: kernel BUG in ext4_ext_insert_extent
run #11: crashed: kernel BUG in ext4_ext_insert_extent
run #12: crashed: kernel BUG in ext4_ext_insert_extent
run #13: crashed: kernel BUG in ext4_ext_insert_extent
run #14: crashed: kernel BUG in ext4_ext_insert_extent
run #15: crashed: kernel BUG in ext4_ext_insert_extent
run #16: crashed: kernel BUG in ext4_ext_insert_extent
run #17: crashed: kernel BUG in ext4_ext_insert_extent
run #18: crashed: kernel BUG in ext4_ext_insert_extent
run #19: crashed: kernel BUG in ext4_ext_insert_extent
representative crash: kernel BUG in ext4_ext_insert_extent, types: [BUG]
check whether we can drop unnecessary instrumentation
disabling configs for [hang memleak ubsan kasan locking atomic_sleep], they are not needed
testing commit 739a6c93cc755c0daf3a7e57e018a8c61047cd90 gcc
compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
kernel signature: caf6746a0531e47807486d3f23cd152b40f57907248403b0fd7f232f8524908e
run #0: crashed: kernel BUG in ext4_mb_use_inode_pa
run #1: crashed: kernel BUG in ext4_ext_insert_extent
run #2: crashed: kernel BUG in ext4_ext_insert_extent
run #3: crashed: kernel BUG in ext4_ext_insert_extent
run #4: crashed: kernel BUG in ext4_ext_insert_extent
run #5: crashed: kernel BUG in ext4_ext_insert_extent
run #6: crashed: kernel BUG in ext4_ext_insert_extent
run #7: crashed: kernel BUG in ext4_ext_insert_extent
run #8: crashed: kernel BUG in ext4_ext_insert_extent
run #9: crashed: kernel BUG in ext4_mb_use_inode_pa
representative crash: kernel BUG in ext4_mb_use_inode_pa, types: [BUG]
the bug reproduces without the instrumentation
disabling configs for [hang memleak ubsan kasan locking atomic_sleep], they are not needed
kconfig minimization: base=4116 full=8363 leaves diff=2145
split chunks (needed=false): <2145>
split chunk #0 of len 2145 into 5 parts
testing without sub-chunk 1/5
disabling configs for [hang memleak ubsan kasan locking atomic_sleep], they are not needed
testing commit 739a6c93cc755c0daf3a7e57e018a8c61047cd90 gcc
compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
kernel signature: b761cf3a46711092cecb482f0862cb75fdd8a9e5440c83baf7e3697ee0b30828
run #0: crashed: kernel BUG in ext4_ext_insert_extent
run #1: crashed: kernel BUG in ext4_mb_use_inode_pa
run #2: crashed: kernel BUG in ext4_ext_insert_extent
run #3: crashed: kernel BUG in ext4_ext_insert_extent
run #4: crashed: kernel BUG in ext4_ext_insert_extent
run #5: crashed: kernel BUG in ext4_split_extent_at
run #6: crashed: kernel BUG in ext4_split_extent_at
run #7: crashed: kernel BUG in ext4_ext_insert_extent
run #8: OK
run #9: OK
representative crash: kernel BUG in ext4_ext_insert_extent, types: [BUG]
the chunk can be dropped
testing without sub-chunk 2/5
disabling configs for [memleak ubsan kasan locking atomic_sleep hang], they are not needed
testing commit 739a6c93cc755c0daf3a7e57e018a8c61047cd90 gcc
compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
kernel signature: 83ebd186f30e61f2ea53453fef9f45fa2ae6ce3e0081b8e8fb950f9eb46dc480
run #0: crashed: kernel BUG in ext4_ext_insert_extent
run #1: crashed: kernel BUG in ext4_ext_insert_extent
run #2: crashed: kernel BUG in ext4_ext_insert_extent
run #3: crashed: kernel BUG in ext4_ext_insert_extent
run #4: crashed: kernel BUG in ext4_ext_insert_extent
run #5: crashed: kernel BUG in ext4_mb_use_inode_pa
run #6: OK
run #7: OK
run #8: OK
run #9: OK
representative crash: kernel BUG in ext4_ext_insert_extent, types: [BUG]
the chunk can be dropped
testing without sub-chunk 3/5
disabling configs for [hang memleak ubsan kasan locking atomic_sleep], they are not needed
testing commit 739a6c93cc755c0daf3a7e57e018a8c61047cd90 gcc
compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
kernel signature: 698d99af4679d5576228aa10b145a4804157b18d1245815ffa6db35a20e85cc8
run #0: crashed: kernel BUG in ext4_split_extent_at
run #1: crashed: kernel BUG in ext4_split_extent_at
run #2: crashed: kernel BUG in ext4_ext_insert_extent
run #3: crashed: kernel BUG in ext4_ext_insert_extent
run #4: crashed: kernel BUG in ext4_ext_insert_extent
run #5: crashed: kernel BUG in ext4_mb_normalize_request
run #6: crashed: kernel BUG in ext4_ext_insert_extent
run #7: crashed: kernel BUG in ext4_ext_insert_extent
run #8: crashed: kernel BUG in ext4_ext_insert_extent
run #9: crashed: kernel BUG in ext4_ext_insert_extent
representative crash: kernel BUG in ext4_split_extent_at, types: [BUG]
the chunk can be dropped
testing without sub-chunk 4/5
disabling configs for [locking atomic_sleep hang memleak ubsan kasan], they are not needed
testing commit 739a6c93cc755c0daf3a7e57e018a8c61047cd90 gcc
compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
kernel signature: 2ce1d553aa885c30b0be348f67352990654d1b2bd2ef1fe8cdcf6a46b35e0453
run #0: crashed: kernel BUG in ext4_ext_insert_extent
run #1: crashed: kernel BUG in ext4_split_extent_at
run #2: crashed: kernel BUG in ext4_split_extent_at
run #3: crashed: kernel BUG in ext4_ext_insert_extent
run #4: crashed: kernel BUG in ext4_split_extent_at
run #5: crashed: kernel BUG in ext4_ext_insert_extent
run #6: crashed: kernel BUG in ext4_split_extent_at
run #7: OK
run #8: OK
run #9: OK
representative crash: kernel BUG in ext4_ext_insert_extent, types: [BUG]
the chunk can be dropped
testing without sub-chunk 5/5
disabling configs for [atomic_sleep hang memleak ubsan kasan locking], they are not needed
testing commit 739a6c93cc755c0daf3a7e57e018a8c61047cd90 gcc
compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
kernel signature: 06b54d024712c8e67b7cc6226962ddea730a31ab73b8035c2e93af405cad7c02
run #0: crashed: kernel BUG in ext4_split_extent_at
run #1: crashed: kernel BUG in ext4_ext_insert_extent
run #2: crashed: kernel BUG in ext4_ext_insert_extent
run #3: crashed: kernel BUG in ext4_split_extent_at
run #4: crashed: kernel BUG in ext4_ext_insert_extent
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
representative crash: kernel BUG in ext4_split_extent_at, types: [BUG]
the chunk can be dropped
disabling configs for [hang memleak ubsan kasan locking atomic_sleep], they are not needed
testing current HEAD 6a23ae0a96a600d1d12557add110e0bb6e32730c
testing commit 6a23ae0a96a600d1d12557add110e0bb6e32730c gcc
compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
kernel signature: 13d5786182802562dc21db7b8be5ae830c13761310b50ef65f03b72711d12509
run #0: crashed: kernel BUG in ext4_split_extent_at
run #1: crashed: kernel BUG in ext4_split_extent_at
run #2: crashed: kernel BUG in ext4_split_extent_at
run #3: crashed: kernel BUG in ext4_split_extent_at
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
representative crash: kernel BUG in ext4_split_extent_at, types: [BUG]
crash still not fixed/happens on the oldest tested release
reproducer is flaky (0.50 repro chance estimate)
revisions tested: 8, total time: 2h54m47.150764701s (build: 1h31m22.30011112s, test: 1h7m52.432329507s)
crash still not fixed or there were kernel test errors
commit msg: Linux 6.18-rc6
crash: kernel BUG in ext4_split_extent_at
EXT4-fs error (device loop3): ext4_free_blocks:6706: comm syz.3.16: Freeing blocks not in datazone - block = 0, count = 0
EXT4-fs error (device loop3): ext4_free_blocks:6706: comm syz.3.16: Freeing blocks not in datazone - block = 0, count = 16
------------[ cut here ]------------
kernel BUG at fs/ext4/extents.c:3206!
Oops: invalid opcode: 0000 [#1] SMP NOPTI
CPU: 1 UID: 0 PID: 2851 Comm: syz.3.16 Not tainted syzkaller #0 PREEMPT(none) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
RIP: 0010:ext4_split_extent_at+0x5cc/0x5f0 fs/ext4/extents.c:3206
Code: ff ff 85 c0 0f 85 ea fc ff ff 48 8d 74 24 68 4c 89 f7 e8 87 00 00 00 49 89 df e9 2f fd ff ff b2 01 84 d2 0f 84 ca fa ff ff 90 <0f> 0b e8 7d 4d 99 00 90 0f 0b 90 0f 0b 90 0f 0b 90 0f 0b 90 0f 0b
RSP: 0018:ffffc900020cb4b8 EFLAGS: 00010202
RAX: 0000000000008001 RBX: ffff88810df6ce40 RCX: 0000000000000016
RDX: 0000000000000001 RSI: 0000000000000010 RDI: 0000000000000015
RBP: 0000000000000030 R08: 0000000000000017 R09: 0000000000000001
R10: 0000000000000017 R11: 0000800100000020 R12: ffff88811aff5430
R13: 0000000000000001 R14: 0000000000000001 R15: ffff88811527c198
FS:  00007f224c96f6c0(0000) GS:ffff8882b48c4000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000020000000a000 CR3: 000000010ef27000 CR4: 0000000000350ef0
Call Trace:
 <TASK>
 ext4_split_extent+0x120/0x1f0 fs/ext4/extents.c:3406
 ext4_split_convert_extents fs/ext4/extents.c:3743 [inline]
 ext4_ext_handle_unwritten_extents fs/ext4/extents.c:3915 [inline]
 ext4_ext_map_blocks+0xae6/0x20b0 fs/ext4/extents.c:4274
 ext4_map_create_blocks fs/ext4/inode.c:609 [inline]
 ext4_map_blocks+0x27c/0x590 fs/ext4/inode.c:811
 mpage_map_one_extent fs/ext4/inode.c:2374 [inline]
 mpage_map_and_submit_extent fs/ext4/inode.c:2468 [inline]
 ext4_do_writepages+0x6ba/0x1380 fs/ext4/inode.c:2931
 ext4_writepages+0x153/0x250 fs/ext4/inode.c:3025
 do_writepages+0xcd/0x1f0 mm/page-writeback.c:2604
 filemap_fdatawrite_wbc mm/filemap.c:389 [inline]
 __filemap_fdatawrite_range mm/filemap.c:422 [inline]
 file_write_and_wait_range+0xb1/0x1d0 mm/filemap.c:797
 generic_buffers_fsync_noflush+0x1c/0x70 fs/buffer.c:609
 ext4_fsync_nojournal fs/ext4/fsync.c:88 [inline]
 ext4_sync_file+0xfe/0x3e0 fs/ext4/fsync.c:147
 generic_write_sync include/linux/fs.h:3046 [inline]
 ext4_buffered_write_iter+0x137/0x170 fs/ext4/file.c:305
 do_iter_readv_writev+0x19b/0x1e0 fs/read_write.c:-1
 vfs_writev+0x237/0x4d0 fs/read_write.c:1057
 do_pwritev fs/read_write.c:1153 [inline]
 __do_sys_pwritev2 fs/read_write.c:1211 [inline]
 __se_sys_pwritev2+0x65/0x100 fs/read_write.c:1202
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xe2/0x2f0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f224cefe929
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f224c96f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000148
RAX: ffffffffffffffda RBX: 00007f224d125fa0 RCX: 00007f224cefe929
RDX: 0000000000000001 RSI: 0000200000000100 RDI: 0000000000000004
RBP: 00007f224cf80b39 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000005412 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f224d125fa0 R15: 00007ffcd728efb8
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:ext4_split_extent_at+0x5cc/0x5f0 fs/ext4/extents.c:3206
Code: ff ff 85 c0 0f 85 ea fc ff ff 48 8d 74 24 68 4c 89 f7 e8 87 00 00 00 49 89 df e9 2f fd ff ff b2 01 84 d2 0f 84 ca fa ff ff 90 <0f> 0b e8 7d 4d 99 00 90 0f 0b 90 0f 0b 90 0f 0b 90 0f 0b 90 0f 0b
RSP: 0018:ffffc900020cb4b8 EFLAGS: 00010202
RAX: 0000000000008001 RBX: ffff88810df6ce40 RCX: 0000000000000016
RDX: 0000000000000001 RSI: 0000000000000010 RDI: 0000000000000015
RBP: 0000000000000030 R08: 0000000000000017 R09: 0000000000000001
R10: 0000000000000017 R11: 0000800100000020 R12: ffff88811aff5430
R13: 0000000000000001 R14: 0000000000000001 R15: ffff88811527c198
FS:  00007f224c96f6c0(0000) GS:ffff8882b48c4000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000020000000a000 CR3: 000000010ef27000 CR4: 0000000000350ef0