ci2 starts bisection 2024-06-29 12:28:03.564690265 +0000 UTC m=+82234.063033188
bisecting fixing commit since 70b6ab09a34b4cbcada982b2f5c68a408a5c0cde
building syzkaller on de979bc20b2b73242b7d6fbbdf614a8cb4c574f4
ensuring issue is reproducible on original commit 70b6ab09a34b4cbcada982b2f5c68a408a5c0cde

testing commit 70b6ab09a34b4cbcada982b2f5c68a408a5c0cde gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 519bddc14cd3312ba1b52f4a4c355e3bf5cd65fb3700b3a70f66b00085628d20
all runs: crashed: KASAN: use-after-free Read in __ext4_check_dir_entry
representative crash: KASAN: use-after-free Read in __ext4_check_dir_entry, types: [KASAN]
check whether we can drop unnecessary instrumentation
disabling configs for [ATOMIC_SLEEP HANG LEAK UBSAN BUG LOCKDEP], they are not needed
testing commit 70b6ab09a34b4cbcada982b2f5c68a408a5c0cde gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 513619f879f436ce11cf1d30179feede22941026a4a613f6d556ab8c4d126420
all runs: crashed: KASAN: use-after-free Read in __ext4_check_dir_entry
representative crash: KASAN: use-after-free Read in __ext4_check_dir_entry, types: [KASAN]
the bug reproduces without the instrumentation
disabling configs for [LOCKDEP ATOMIC_SLEEP HANG LEAK UBSAN BUG], they are not needed
kconfig minimization: base=4789 full=6018 leaves diff=238
split chunks (needed=false): <238>
split chunk #0 of len 238 into 5 parts
testing without sub-chunk 1/5
disabling configs for [LOCKDEP ATOMIC_SLEEP HANG LEAK UBSAN BUG], they are not needed
testing commit 70b6ab09a34b4cbcada982b2f5c68a408a5c0cde gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 49dc694e6da509b8a929d5c17e90d537c01d7451cc25e9ae20f8001902ce31a2
all runs: crashed: KASAN: use-after-free Read in __ext4_check_dir_entry
representative crash: KASAN: use-after-free Read in __ext4_check_dir_entry, types: [KASAN]
the chunk can be dropped
testing without sub-chunk 2/5
disabling configs for [LOCKDEP ATOMIC_SLEEP HANG LEAK UBSAN BUG], they are not needed
testing commit 70b6ab09a34b4cbcada982b2f5c68a408a5c0cde gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: dba25667a03407c96556e873e047497239b1580fd9c8ea4778058cb4004eaeb5
all runs: crashed: KASAN: use-after-free Read in __ext4_check_dir_entry
representative crash: KASAN: use-after-free Read in __ext4_check_dir_entry, types: [KASAN]
the chunk can be dropped
testing without sub-chunk 3/5
disabling configs for [UBSAN BUG LOCKDEP ATOMIC_SLEEP HANG LEAK], they are not needed
testing commit 70b6ab09a34b4cbcada982b2f5c68a408a5c0cde gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 9e7f92a9547491e58f0165c48b770752432313ee280a5c448fb341654cac7f5a
all runs: crashed: KASAN: use-after-free Read in __ext4_check_dir_entry
representative crash: KASAN: use-after-free Read in __ext4_check_dir_entry, types: [KASAN]
the chunk can be dropped
testing without sub-chunk 4/5
disabling configs for [HANG LEAK UBSAN BUG LOCKDEP ATOMIC_SLEEP], they are not needed
testing commit 70b6ab09a34b4cbcada982b2f5c68a408a5c0cde gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: fa5b2fcc53743ab6881251179727e643bfbec865caf0d8ff698447349fee25c9
all runs: crashed: KASAN: use-after-free Read in __ext4_check_dir_entry
representative crash: KASAN: use-after-free Read in __ext4_check_dir_entry, types: [KASAN]
the chunk can be dropped
testing without sub-chunk 5/5
disabling configs for [UBSAN BUG LOCKDEP ATOMIC_SLEEP HANG LEAK], they are not needed
testing commit 70b6ab09a34b4cbcada982b2f5c68a408a5c0cde gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40
failed building 70b6ab09a34b4cbcada982b2f5c68a408a5c0cde: net/socket.c:1128: undefined reference to `wext_handle_ioctl'
net/socket.c:3397: undefined reference to `compat_wext_handle_ioctl'
net/core/net-procfs.c:346: undefined reference to `wext_proc_exit'
net/core/net-procfs.c:330: undefined reference to `wext_proc_init'
minimized to 46 configs; suspects: [HID_ZEROPLUS USB_NET_GL620A USB_NET_MCS7830 USB_NET_NET1080 USB_NET_PLUSB USB_NET_RNDIS_HOST USB_NET_SMSC75XX USB_NET_SMSC95XX USB_NET_SR9700 USB_NET_SR9800 USB_NET_ZAURUS USB_OHCI_HCD USB_OHCI_HCD_PCI USB_OHCI_HCD_PLATFORM USB_OTG USB_OTG_FSM USB_PRINTER USB_SERIAL USB_SERIAL_FTDI_SIO USB_SERIAL_GENERIC USB_SERIAL_PL2303 USB_STORAGE_ALAUDA USB_STORAGE_CYPRESS_ATACB USB_STORAGE_DATAFAB USB_STORAGE_FREECOM USB_STORAGE_ISD200 USB_STORAGE_JUMPSHOT USB_STORAGE_KARMA USB_STORAGE_ONETOUCH USB_STORAGE_SDDR09 USB_STORAGE_SDDR55 USB_STORAGE_USBAT USB_TRANCEVIBRATOR USB_U_AUDIO USB_U_ETHER USB_U_SERIAL USB_WDM WLAN WLAN_VENDOR_ATH WLAN_VENDOR_ATMEL WLAN_VENDOR_BROADCOM WLAN_VENDOR_INTERSIL WLAN_VENDOR_MARVELL WLAN_VENDOR_MEDIATEK WLAN_VENDOR_MICROCHIP WLAN_VENDOR_RALINK WLAN_VENDOR_REALTEK WLAN_VENDOR_RSI WLAN_VENDOR_ZYDAS X86_X32 ZEROPLUS_FF]
disabling configs for [LOCKDEP ATOMIC_SLEEP HANG LEAK UBSAN BUG], they are not needed
testing current HEAD a4a2b7a82ee4b9e22e4df945431d3a0d573e80df
testing commit a4a2b7a82ee4b9e22e4df945431d3a0d573e80df gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 1ad764d984dad3f412b4c8460f577703040b07ba27ce7cf6fd48fa24c9ef8cc3
all runs: crashed: KASAN: use-after-free Read in __ext4_check_dir_entry
representative crash: KASAN: use-after-free Read in __ext4_check_dir_entry, types: [KASAN]
crash still not fixed/happens on the oldest tested release
revisions tested: 7, total time: 36m1.249143177s (build: 14m36.069845811s, test: 20m0.256689714s)
crash still not fixed or there were kernel test errors
commit msg: ANDROID: Update .xml file du eto sruct clk_core change
crash: KASAN: use-after-free Read in __ext4_check_dir_entry
EXT4-fs warning (device loop0): dx_probe:944: inode #2: comm syz-executor.0: Corrupt directory, running e2fsck is recommended
==================================================================
BUG: KASAN: use-after-free in __ext4_check_dir_entry+0x5df/0x890 fs/ext4/dir.c:85
Read of size 2 at addr ffff88811fc0f003 by task syz-executor.0/352

CPU: 0 PID: 352 Comm: syz-executor.0 Not tainted 5.10.216-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack_lvl+0x81/0xac lib/dump_stack.c:118
 print_address_description.constprop.0+0x24/0x160 mm/kasan/report.c:248
 __kasan_report mm/kasan/report.c:435 [inline]
 kasan_report.cold+0x82/0xdb mm/kasan/report.c:452
 __asan_report_load2_noabort+0x14/0x20 mm/kasan/report_generic.c:307
 __ext4_check_dir_entry+0x5df/0x890 fs/ext4/dir.c:85
 ext4_readdir+0x8d1/0x33e0 fs/ext4/dir.c:258
 iterate_dir+0x404/0x690 fs/readdir.c:65
 __do_sys_getdents64 fs/readdir.c:369 [inline]
 __se_sys_getdents64 fs/readdir.c:354 [inline]
 __x64_sys_getdents64+0x12f/0x230 fs/readdir.c:354
 do_syscall_64+0x32/0x80 arch/x86/entry/common.c:46
 entry_SYSCALL_64_after_hwframe+0x61/0xc6
RIP: 0033:0x7fa7e0272d69
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fa7dfdf40c8 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9
RAX: ffffffffffffffda RBX: 00007fa7e03a0f80 RCX: 00007fa7e0272d69
RDX: 0000000000000010 RSI: 0000000000000000 RDI: 0000000000000005
RBP: 00007fa7e02bf49e R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 000000000000000b R14: 00007fa7e03a0f80 R15: 00007ffcb3496438

The buggy address belongs to the page:
page:ffffea00047f03c0 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x11fc0f
flags: 0x4000000000000000()
raw: 4000000000000000 ffffea00047f0408 ffff8881f745acb0 0000000000000000
raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000
page dumped because: kasan: bad access detected
page_owner info is not present (never set?)

Memory state around the buggy address:
 ffff88811fc0ef00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ffff88811fc0ef80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>ffff88811fc0f000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
                   ^
 ffff88811fc0f080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
 ffff88811fc0f100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
==================================================================
EXT4-fs error (device loop0): ext4_readdir:258: inode #2: block 255: comm syz-executor.0: path /root/syzkaller-testdir1169667066/syzkaller.Oqfa1m/0/file0: bad entry in directory: rec_len is smaller than minimal - offset=1023, inode=0, rec_len=0, size=1024 fake=0