ci2 starts bisection 2023-10-20 03:00:20.340169152 +0000 UTC m=+5895.437270580 bisecting fixing commit since 748fd0d9ca0facefe5ec81770f620981fe280489 building syzkaller on cdae481e33658b7c827516ae5c7f16007c505832 ensuring issue is reproducible on original commit 748fd0d9ca0facefe5ec81770f620981fe280489 testing commit 748fd0d9ca0facefe5ec81770f620981fe280489 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: b78710be3b14dbf7700832b41875d2bfe99368c2b5cae14bc9e680434cc1f4af all runs: crashed: KASAN: out-of-bounds Read in ext4_ext_remove_space representative crash: KASAN: out-of-bounds Read in ext4_ext_remove_space, types: [KASAN] check whether we can drop unnecessary instrumentation disabling configs for [LOCKDEP ATOMIC_SLEEP HANG LEAK UBSAN BUG], they are not needed testing commit 748fd0d9ca0facefe5ec81770f620981fe280489 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: d7361a37f07bcf9ab3fc1e63acc5edfdb2c57a100b5b63c129a3cd7746a6c9bf all runs: crashed: KASAN: out-of-bounds Read in ext4_ext_remove_space representative crash: KASAN: out-of-bounds Read in ext4_ext_remove_space, types: [KASAN] the bug reproduces without the instrumentation disabling configs for [UBSAN BUG LOCKDEP ATOMIC_SLEEP HANG LEAK], they are not needed kconfig minimization: base=4920 full=6161 leaves diff=240 split chunks (needed=false): <240> split chunk #0 of len 240 into 5 parts testing without sub-chunk 1/5 disabling configs for [LEAK UBSAN BUG LOCKDEP ATOMIC_SLEEP HANG], they are not needed testing commit 748fd0d9ca0facefe5ec81770f620981fe280489 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 027ab9a721b3067f82c21cec95e61958c5dd4ac9ec1bb241172e2001ea65f33a all runs: crashed: KASAN: out-of-bounds Read in ext4_ext_remove_space representative crash: KASAN: out-of-bounds Read in ext4_ext_remove_space, types: [KASAN] the chunk can be dropped testing without sub-chunk 2/5 disabling configs for [HANG LEAK UBSAN BUG LOCKDEP ATOMIC_SLEEP], they are not needed testing commit 748fd0d9ca0facefe5ec81770f620981fe280489 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 3d9b25b99f6fd3e05bb42f86e70797060a458a07d552feec8e78df6fcb9635da all runs: crashed: KASAN: out-of-bounds Read in ext4_ext_remove_space representative crash: KASAN: out-of-bounds Read in ext4_ext_remove_space, types: [KASAN] the chunk can be dropped testing without sub-chunk 3/5 disabling configs for [HANG LEAK UBSAN BUG LOCKDEP ATOMIC_SLEEP], they are not needed testing commit 748fd0d9ca0facefe5ec81770f620981fe280489 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: aa2b9b6fe11d71e0b3a10abaf001112097956432b757126fe4cfa4ec4dfe62b9 all runs: crashed: KASAN: out-of-bounds Read in ext4_ext_remove_space representative crash: KASAN: out-of-bounds Read in ext4_ext_remove_space, types: [KASAN] the chunk can be dropped testing without sub-chunk 4/5 disabling configs for [LOCKDEP ATOMIC_SLEEP HANG LEAK UBSAN BUG], they are not needed testing commit 748fd0d9ca0facefe5ec81770f620981fe280489 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 58f92097c1e62737ee5e5ef2e7663f097c4bce9e553f2a0409a05c2c69d05fef all runs: crashed: KASAN: out-of-bounds Read in ext4_ext_remove_space representative crash: KASAN: out-of-bounds Read in ext4_ext_remove_space, types: [KASAN] the chunk can be dropped testing without sub-chunk 5/5 disabling configs for [LEAK UBSAN BUG LOCKDEP ATOMIC_SLEEP HANG], they are not needed testing commit 748fd0d9ca0facefe5ec81770f620981fe280489 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 failed building 748fd0d9ca0facefe5ec81770f620981fe280489: net/socket.c:1172: undefined reference to `wext_handle_ioctl' net/socket.c:3366: undefined reference to `compat_wext_handle_ioctl' net/core/net-procfs.c:343: undefined reference to `wext_proc_exit' net/core/net-procfs.c:327: undefined reference to `wext_proc_init' minimized to 48 configs; suspects: [HID_ZEROPLUS USB_NET_CDC_SUBSET USB_NET_CDC_SUBSET_ENABLE USB_NET_DM9601 USB_NET_GL620A USB_NET_MCS7830 USB_NET_NET1080 USB_NET_PLUSB USB_NET_RNDIS_HOST USB_NET_SMSC75XX USB_NET_SMSC95XX USB_NET_SR9700 USB_NET_SR9800 USB_NET_ZAURUS USB_OHCI_HCD USB_OHCI_HCD_PCI USB_OHCI_HCD_PLATFORM USB_OTG USB_OTG_FSM USB_PRINTER USB_SERIAL USB_SERIAL_FTDI_SIO USB_SERIAL_GENERIC USB_SERIAL_PL2303 USB_STORAGE_ALAUDA USB_STORAGE_CYPRESS_ATACB USB_STORAGE_DATAFAB USB_STORAGE_FREECOM USB_STORAGE_ISD200 USB_STORAGE_JUMPSHOT USB_STORAGE_KARMA USB_STORAGE_ONETOUCH USB_STORAGE_SDDR09 USB_STORAGE_SDDR55 USB_STORAGE_USBAT USB_TRANCEVIBRATOR USB_U_AUDIO USB_U_ETHER USB_U_SERIAL USB_WDM WLAN WLAN_VENDOR_ATH WLAN_VENDOR_ATMEL WLAN_VENDOR_BROADCOM WLAN_VENDOR_INTERSIL WLAN_VENDOR_MARVELL WLAN_VENDOR_MEDIATEK WLAN_VENDOR_MICROCHIP WLAN_VENDOR_RALINK WLAN_VENDOR_REALTEK WLAN_VENDOR_RSI WLAN_VENDOR_ZYDAS X86_X32 ZEROPLUS_FF] disabling configs for [ATOMIC_SLEEP HANG LEAK UBSAN BUG LOCKDEP], they are not needed testing current HEAD 754f8cc9b7de7629e6aefa505dfc24c36a36d236 testing commit 754f8cc9b7de7629e6aefa505dfc24c36a36d236 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 8d0df16d10881179fd18708349693b67e5fd4b745e1388881b0c5c6631e3a3ca all runs: crashed: KASAN: out-of-bounds Read in ext4_ext_remove_space representative crash: KASAN: out-of-bounds Read in ext4_ext_remove_space, types: [KASAN] crash still not fixed/happens on the oldest tested release revisions tested: 7, total time: 35m42.991263232s (build: 14m42.641677296s, test: 19m18.955624707s) crash still not fixed or there were kernel test errors commit msg: Revert "pwm: atmel-tcb: Convert to platform remove callback returning void" crash: KASAN: out-of-bounds Read in ext4_ext_remove_space EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:475: comm syz-executor.0: Invalid block bitmap block 0 in block_group 0 EXT4-fs (loop0): Remounting filesystem read-only EXT4-fs error (device loop0) in ext4_mb_clear_bb:6152: Corrupt filesystem ================================================================== BUG: KASAN: out-of-bounds in ext4_ext_rm_leaf fs/ext4/extents.c:2735 [inline] BUG: KASAN: out-of-bounds in ext4_ext_remove_space+0xcf5/0x3e20 fs/ext4/extents.c:2957 Read of size 18446744073709551544 at addr ffff88811be26054 by task syz-executor.0/359 CPU: 0 PID: 359 Comm: syz-executor.0 Not tainted 5.15.132-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023 Call Trace: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x38/0x49 lib/dump_stack.c:106 print_address_description.constprop.0+0x24/0x160 mm/kasan/report.c:248 __kasan_report mm/kasan/report.c:427 [inline] kasan_report.cold+0x82/0xdb mm/kasan/report.c:444 check_region_inline mm/kasan/generic.c:183 [inline] kasan_check_range+0x148/0x190 mm/kasan/generic.c:189 memmove+0x24/0x60 mm/kasan/shadow.c:54 ext4_ext_rm_leaf fs/ext4/extents.c:2735 [inline] ext4_ext_remove_space+0xcf5/0x3e20 fs/ext4/extents.c:2957 ext4_punch_hole+0x79c/0xe80 fs/ext4/inode.c:4119 ext4_fallocate+0x3c6/0x2cd0 fs/ext4/extents.c:4711 vfs_fallocate+0x2b1/0xb50 fs/open.c:309 ioctl_preallocate+0x149/0x1c0 fs/ioctl.c:294 file_ioctl fs/ioctl.c:337 [inline] do_vfs_ioctl+0xdff/0x1280 fs/ioctl.c:853 __do_sys_ioctl fs/ioctl.c:872 [inline] __se_sys_ioctl fs/ioctl.c:860 [inline] __x64_sys_ioctl+0xce/0x1a0 fs/ioctl.c:860 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x61/0xcb RIP: 0033:0x7f93d3c34ae9 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f93cb3d60c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 00007f93d3d54050 RCX: 00007f93d3c34ae9 RDX: 0000000020000080 RSI: 000000004030582b RDI: 0000000000000004 RBP: 00007f93d3c8047a R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 000000000000000b R14: 00007f93d3d54050 R15: 00007ffd6798f5e8 The buggy address belongs to the page: page:ffffea00046f8980 refcount:2 mapcount:0 mapping:ffff888108fea4d8 index:0x3a pfn:0x11be26 memcg:ffff88811ce88000 aops:def_blk_aops ino:700000 flags: 0x4000000000002036(referenced|uptodate|lru|active|private|zone=1) raw: 4000000000002036 ffffea0004891c08 ffff88811cdb8030 ffff888108fea4d8 raw: 000000000000003a ffff88811f887f18 00000002ffffffff ffff88811ce88000 page dumped because: kasan: bad access detected page_owner tracks the page as allocated page last allocated via order 0, migratetype Movable, gfp_mask 0x108c48(GFP_NOFS|__GFP_NOFAIL|__GFP_HARDWALL|__GFP_MOVABLE), pid 356, ts 41844445376, free_ts 23601509121 set_page_owner include/linux/page_owner.h:33 [inline] post_alloc_hook mm/page_alloc.c:2602 [inline] prep_new_page+0x1a2/0x310 mm/page_alloc.c:2608 get_page_from_freelist+0x1ce2/0x30a0 mm/page_alloc.c:4482 __alloc_pages+0x217/0x2330 mm/page_alloc.c:5773 __alloc_pages_node include/linux/gfp.h:591 [inline] alloc_pages_node include/linux/gfp.h:605 [inline] alloc_pages include/linux/gfp.h:618 [inline] __page_cache_alloc include/linux/pagemap.h:305 [inline] pagecache_get_page+0x322/0x990 mm/filemap.c:1940 find_or_create_page include/linux/pagemap.h:418 [inline] grow_dev_page fs/buffer.c:949 [inline] grow_buffers fs/buffer.c:1014 [inline] __getblk_slow+0x195/0x5a0 fs/buffer.c:1041 __getblk_gfp+0x48/0x60 fs/buffer.c:1336 sb_getblk_gfp include/linux/buffer_head.h:368 [inline] ext4_ext_grow_indepth fs/ext4/extents.c:1328 [inline] ext4_ext_create_new_leaf fs/ext4/extents.c:1429 [inline] ext4_ext_insert_extent+0xea7/0x4110 fs/ext4/extents.c:2099 ext4_ext_map_blocks+0xf1c/0x5100 fs/ext4/extents.c:4308 ext4_map_blocks+0x593/0x1450 fs/ext4/inode.c:646 _ext4_get_block+0x206/0x5b0 fs/ext4/inode.c:793 ext4_get_block+0x11/0x20 fs/ext4/inode.c:810 ext4_block_write_begin+0x352/0xb20 fs/ext4/inode.c:1078 ext4_write_begin+0x489/0xeb0 fs/ext4/inode.c:1219 ext4_da_write_begin+0x410/0x940 fs/ext4/inode.c:2976 generic_perform_write+0x21a/0x4c0 mm/filemap.c:3833 ext4_buffered_write_iter+0x1e5/0x450 fs/ext4/file.c:270 page last free stack trace: reset_page_owner include/linux/page_owner.h:26 [inline] free_pages_prepare mm/page_alloc.c:1469 [inline] free_pcp_prepare+0x1b6/0x4c0 mm/page_alloc.c:1541 free_unref_page_prepare mm/page_alloc.c:3531 [inline] free_unref_page_list+0x1e3/0xcd0 mm/page_alloc.c:3668 release_pages+0x37f/0xff0 mm/swap.c:1009 free_pages_and_swap_cache+0x5d/0x80 mm/swap_state.c:320 tlb_batch_pages_flush mm/mmu_gather.c:49 [inline] tlb_flush_mmu_free mm/mmu_gather.c:240 [inline] tlb_flush_mmu+0xbe/0x590 mm/mmu_gather.c:247 zap_pte_range mm/memory.c:1504 [inline] zap_pmd_range mm/memory.c:1553 [inline] zap_pud_range mm/memory.c:1582 [inline] zap_p4d_range mm/memory.c:1603 [inline] unmap_page_range+0x1075/0x1a80 mm/memory.c:1624 unmap_single_vma mm/memory.c:1669 [inline] unmap_vmas+0x1dc/0x3a0 mm/memory.c:1701 exit_mmap+0x203/0x710 mm/mmap.c:3209 __mmput+0x70/0x3a0 kernel/fork.c:1171 mmput kernel/fork.c:1194 [inline] mmput+0x35/0xf0 kernel/fork.c:1188 exit_mm kernel/exit.c:551 [inline] do_exit+0x87b/0x2400 kernel/exit.c:862 do_group_exit+0xe6/0x290 kernel/exit.c:997 __do_sys_exit_group kernel/exit.c:1008 [inline] __se_sys_exit_group kernel/exit.c:1006 [inline] __x64_sys_exit_group+0x3e/0x50 kernel/exit.c:1006 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x61/0xcb Memory state around the buggy address: ffff88811be25f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ffff88811be25f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff >ffff88811be26000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ^ ffff88811be26080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffff88811be26100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ================================================================== EXT4-fs error (device loop0): __ext4_get_inode_loc:4339: comm syz-executor.0: Invalid inode table block 0 in block_group 0 EXT4-fs error (device loop0) in ext4_reserve_inode_write:5820: Corrupt filesystem EXT4-fs error (device loop0): ext4_punch_hole:4132: inode #18: comm syz-executor.0: mark_inode_dirty error