bisecting cause commit starting from 74c4a24df7cac1f9213a811d79558ecde23be9a2 building syzkaller on 65ed24721ef645d99569b0ef4ea78932451ae5f8 testing commit 74c4a24df7cac1f9213a811d79558ecde23be9a2 with gcc (GCC) 8.1.0 run #0: crashed: kernel panic: corrupted stack end in wb_workfn run #1: crashed: kernel panic: corrupted stack end in wb_workfn run #2: crashed: kernel panic: corrupted stack end in sys_access run #3: crashed: kernel panic: corrupted stack end in wb_workfn run #4: crashed: kernel panic: corrupted stack end in wb_workfn run #5: crashed: kernel panic: corrupted stack end in wb_workfn run #6: crashed: kernel panic: corrupted stack end in wb_workfn run #7: crashed: kernel panic: corrupted stack end in wb_workfn run #8: crashed: kernel panic: corrupted stack end in wb_workfn run #9: crashed: kernel panic: corrupted stack end in wb_workfn testing release v4.19 testing commit 84df9525b0c27f3ebc2ebb1864fa62a97fdedb7d with gcc (GCC) 8.1.0 run #0: crashed: kernel panic: corrupted stack end in wb_workfn run #1: crashed: kernel panic: corrupted stack end in wb_workfn run #2: crashed: kernel panic: corrupted stack end in wb_workfn run #3: crashed: kernel panic: corrupted stack end in wb_workfn run #4: crashed: kernel panic: corrupted stack end in wb_workfn run #5: crashed: kernel panic: corrupted stack end in wb_workfn run #6: crashed: kernel panic: corrupted stack end in wb_workfn run #7: OK run #8: OK run #9: OK testing release v4.18 testing commit 94710cac0ef4ee177a63b5227664b38c95bbf703 with gcc (GCC) 8.1.0 run #0: crashed: kernel panic: corrupted stack end in wb_workfn run #1: OK run #2: crashed: kernel panic: corrupted stack end in wb_workfn run #3: crashed: kernel panic: corrupted stack end in wb_workfn run #4: crashed: kernel panic: corrupted stack end in wb_workfn run #5: crashed: kernel panic: corrupted stack end in wb_workfn run #6: crashed: kernel panic: corrupted stack end in wb_workfn run #7: crashed: kernel panic: corrupted stack end in wb_workfn run #8: OK run #9: OK testing release v4.17 testing commit 29dcea88779c856c7dc92040a0c01233263101d4 with gcc (GCC) 8.1.0 run #0: crashed: kernel panic: corrupted stack end in wb_workfn run #1: crashed: kernel panic: corrupted stack end in wb_workfn run #2: crashed: kernel panic: corrupted stack end in worker_thread run #3: crashed: kernel panic: corrupted stack end in worker_thread run #4: crashed: BUG: unable to handle kernel paging request in put_pid run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK testing release v4.16 testing commit 0adb32858b0bddf4ada5f364a84ed60b196dbcda with gcc (GCC) 8.1.0 all runs: OK # git bisect start v4.17 v4.16 Bisecting: 7380 revisions left to test after this (roughly 13 steps) [97b1255cb27c551d7c3c5c496d787da40772da99] mm,oom_reaper: check for MMF_OOM_SKIP before complaining testing commit 97b1255cb27c551d7c3c5c496d787da40772da99 with gcc (GCC) 8.1.0 run #0: crashed: kernel panic: corrupted stack end in wb_workfn run #1: crashed: kernel panic: corrupted stack end in wb_workfn run #2: crashed: kernel panic: corrupted stack end in wb_workfn run #3: crashed: BUG: corrupted list in list_lru_del run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect bad 97b1255cb27c551d7c3c5c496d787da40772da99 Bisecting: 4372 revisions left to test after this (roughly 12 steps) [bb2407a7219760926760f0448fddf00d625e5aec] Merge tag 'docs-4.17' of git://git.lwn.net/linux testing commit bb2407a7219760926760f0448fddf00d625e5aec with gcc (GCC) 8.1.0 all runs: OK # git bisect good bb2407a7219760926760f0448fddf00d625e5aec Bisecting: 2394 revisions left to test after this (roughly 11 steps) [147a89bc71e7db40f011454a40add7ff2d10f8d8] Merge tag 'kconfig-v4.17' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild testing commit 147a89bc71e7db40f011454a40add7ff2d10f8d8 with gcc (GCC) 8.1.0 all runs: OK # git bisect good 147a89bc71e7db40f011454a40add7ff2d10f8d8 Bisecting: 1210 revisions left to test after this (roughly 10 steps) [f9ca6a561d40115696a54f16085c4edb17effc74] Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net testing commit f9ca6a561d40115696a54f16085c4edb17effc74 with gcc (GCC) 8.1.0 all runs: OK # git bisect good f9ca6a561d40115696a54f16085c4edb17effc74 Bisecting: 626 revisions left to test after this (roughly 9 steps) [049b5e2ae30b3c2f870cc9550af6f9a947fbd5b5] staging: rtl8723bs: Remove yield call, replace with cond_resched() testing commit 049b5e2ae30b3c2f870cc9550af6f9a947fbd5b5 with gcc (GCC) 8.1.0 all runs: OK # git bisect good 049b5e2ae30b3c2f870cc9550af6f9a947fbd5b5 Bisecting: 302 revisions left to test after this (roughly 8 steps) [9abf8acea297b4c65f5fa3206e2b8e468e730e84] Merge tag 'tty-4.17-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty testing commit 9abf8acea297b4c65f5fa3206e2b8e468e730e84 with gcc (GCC) 8.1.0 all runs: OK # git bisect good 9abf8acea297b4c65f5fa3206e2b8e468e730e84 Bisecting: 148 revisions left to test after this (roughly 7 steps) [86f690e8bfd124c38940e7ad58875ef383003348] Merge tag 'stm-intel_th-for-greg-20180329' of git://git.kernel.org/pub/scm/linux/kernel/git/ash/stm into char-misc-next testing commit 86f690e8bfd124c38940e7ad58875ef383003348 with gcc (GCC) 8.1.0 run #0: crashed: kernel panic: corrupted stack end in wb_workfn run #1: crashed: kernel panic: corrupted stack end in wb_workfn run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect bad 86f690e8bfd124c38940e7ad58875ef383003348 Bisecting: 76 revisions left to test after this (roughly 6 steps) [3ba9faedc180097805613dac7a866432852cc4e5] char: nvram: disable on ARM testing commit 3ba9faedc180097805613dac7a866432852cc4e5 with gcc (GCC) 8.1.0 all runs: OK # git bisect good 3ba9faedc180097805613dac7a866432852cc4e5 Bisecting: 38 revisions left to test after this (roughly 5 steps) [c50099f856bfab9449752c4796d891858f01d9f4] Merge tag 'extcon-next-for-4.17' of git://git.kernel.org/pub/scm/linux/kernel/git/chanwoo/extcon into char-misc-next testing commit c50099f856bfab9449752c4796d891858f01d9f4 with gcc (GCC) 8.1.0 all runs: OK # git bisect good c50099f856bfab9449752c4796d891858f01d9f4 Bisecting: 19 revisions left to test after this (roughly 4 steps) [de5db101fc89fbbbf26abc7eeb3d48c40ca25105] eeprom: at24: tweak newlines testing commit de5db101fc89fbbbf26abc7eeb3d48c40ca25105 with gcc (GCC) 8.1.0 all runs: OK # git bisect good de5db101fc89fbbbf26abc7eeb3d48c40ca25105 Bisecting: 9 revisions left to test after this (roughly 3 steps) [72ef0f24d587d38f235334aef69afe611bba0d16] hwtracing: Add HW tracing support menu testing commit 72ef0f24d587d38f235334aef69afe611bba0d16 with gcc (GCC) 8.1.0 all runs: OK # git bisect good 72ef0f24d587d38f235334aef69afe611bba0d16 Bisecting: 4 revisions left to test after this (roughly 2 steps) [b5b38200ebe54879a7264cb6f33821f61c586a7e] /dev/mem: Avoid overwriting "err" in read_mem() testing commit b5b38200ebe54879a7264cb6f33821f61c586a7e with gcc (GCC) 8.1.0 all runs: OK # git bisect good b5b38200ebe54879a7264cb6f33821f61c586a7e Bisecting: 2 revisions left to test after this (roughly 1 step) [238064f13d057390a8c5e1a6a80f4f0a0ec46499] Drivers: hv: vmbus: do not mark HV_PCIE as perf_device testing commit 238064f13d057390a8c5e1a6a80f4f0a0ec46499 with gcc (GCC) 8.1.0 all runs: OK # git bisect good 238064f13d057390a8c5e1a6a80f4f0a0ec46499 Bisecting: 0 revisions left to test after this (roughly 1 step) [45ea83f02dc090c477261ac6c93aa2097edca601] hv: add SPDX license id to Kconfig testing commit 45ea83f02dc090c477261ac6c93aa2097edca601 with gcc (GCC) 8.1.0 all runs: OK # git bisect good 45ea83f02dc090c477261ac6c93aa2097edca601 86f690e8bfd124c38940e7ad58875ef383003348 is the first bad commit revisions tested: 19, total time: 5h7m50.051583066s (build: 1h46m17.93434697s, test: 3h15m58.746707848s) first bad commit: 86f690e8bfd124c38940e7ad58875ef383003348 Merge tag 'stm-intel_th-for-greg-20180329' of git://git.kernel.org/pub/scm/linux/kernel/git/ash/stm into char-misc-next cc: ["gregkh@linuxfoundation.org"] crash: kernel panic: corrupted stack end in wb_workfn bio-1 1KB 3KB pid_namespace 1KB 7KB rpc_buffers 17KB 19KB rpc_tasks 2KB 3KB UNIX 8KB 14KB Kernel panic - not syncing: corrupted stack end detected inside scheduler CPU: 1 PID: 5 Comm: kworker/u4:0 Not tainted 4.16.0-rc7+ #1 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 tcp_bind_bucket 1KB 4KB Workqueue: writeback wb_workfn (flush-8:0) Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x153/0x201 lib/dump_stack.c:53 panic+0x1b2/0x369 kernel/panic.c:183 ip_fib_trie 11KB 15KB ip_fib_alias 52KB 63KB schedule_debug kernel/sched/core.c:3253 [inline] __schedule+0x2000/0x2000 kernel/sched/core.c:3362 schedule+0xfe/0x460 kernel/sched/core.c:3499 ip_dst_cache 1KB 8KB __rwsem_down_read_failed_common kernel/locking/rwsem-xadd.c:269 [inline] rwsem_down_read_failed+0x405/0x720 kernel/locking/rwsem-xadd.c:286 call_rwsem_down_read_failed+0x18/0x30 arch/x86/lib/rwsem.S:94 __down_read arch/x86/include/asm/rwsem.h:83 [inline] down_read+0xa7/0x160 kernel/locking/rwsem.c:26 i_mmap_lock_read include/linux/fs.h:478 [inline] rmap_walk_file+0x634/0xc40 mm/rmap.c:1822 RAW 40KB 50KB UDP 15KB 23KB rmap_walk+0x196/0x2c0 mm/rmap.c:1850 page_referenced+0x629/0x8f0 mm/rmap.c:873 TCP 49KB 55KB page_check_references mm/vmscan.c:789 [inline] shrink_page_list+0x2158/0x5300 mm/vmscan.c:1040 hugetlbfs_inode_cache 2KB 7KB fscache_cookie_jar 0KB 7KB eventpoll_pwq 24KB 51KB eventpoll_epi 49KB 94KB inotify_inode_mark 46KB 86KB request_queue 129KB 137KB blkdev_requests 1KB 3KB blkdev_ioc 46KB 46KB bio-0 7710KB 7710KB biovec-(1<<(21-12)) 5007KB 5007KB biovec-64 7449KB 7449KB biovec-16 1800KB 1800KB bio_integrity_payload 1KB 8KB khugepaged_mm_slot 0KB 3KB dmaengine-unmap-256 2KB 6KB dmaengine-unmap-128 1KB 3KB dmaengine-unmap-16 0KB 4KB dmaengine-unmap-2 0KB 3KB skbuff_fclone_cache 6KB 11KB skbuff_head_cache 497KB 1068KB configfs_dir_cache 0KB 4KB file_lock_cache 0KB 3KB file_lock_ctx 0KB 3KB fsnotify_mark_connector 27KB 51KB shrink_inactive_list+0x656/0x1b10 mm/vmscan.c:1739 net_namespace 41KB 41KB shmem_inode_cache 5369KB 5769KB task_delay_info 79KB 320KB shrink_list mm/vmscan.c:2098 [inline] shrink_node_memcg+0x5f8/0x1670 mm/vmscan.c:2361 taskstats 117KB 160KB sigqueue 62KB 232KB kernfs_node_cache 10990KB 10993KB mnt_cache 4172KB 5256KB filp 2793KB 4811KB names_cache 67545KB 67583KB iint_cache 40KB 63KB shrink_node+0x487/0xe90 mm/vmscan.c:2552 key_jar 3KB 7KB nsproxy 43KB 71KB shrink_zones mm/vmscan.c:2728 [inline] do_try_to_free_pages+0x347/0x10d0 mm/vmscan.c:2790 vm_area_struct 4821KB 8778KB try_to_free_pages+0x41d/0xa50 mm/vmscan.c:2996 mm_struct 715KB 1570KB __perform_reclaim mm/page_alloc.c:3645 [inline] __alloc_pages_direct_reclaim mm/page_alloc.c:3666 [inline] __alloc_pages_slowpath+0x9f5/0x2e80 mm/page_alloc.c:4065 fs_cache 65KB 284KB files_cache 242KB 468KB signal_cache 592KB 1193KB sighand_cache 504KB 506KB task_struct 2580KB 2635KB cred_jar 438KB 1528KB anon_vma_chain 3017KB 5583KB anon_vma 185KB 342KB __alloc_pages_nodemask+0xaae/0xe10 mm/page_alloc.c:4265 pid 54KB 276KB Acpi-Operand 107KB 178KB __alloc_pages include/linux/gfp.h:456 [inline] __alloc_pages_node include/linux/gfp.h:469 [inline] kmem_getpages mm/slab.c:1410 [inline] cache_grow_begin+0x81/0x720 mm/slab.c:2665 fallback_alloc+0x203/0x2c0 mm/slab.c:3206 ____cache_alloc_node+0x1c7/0x1e0 mm/slab.c:3274 slab_alloc_node mm/slab.c:3314 [inline] kmem_cache_alloc_node_trace+0xe7/0x780 mm/slab.c:3648 Acpi-Namespace 19KB 23KB __do_kmalloc_node mm/slab.c:3668 [inline] __kmalloc_node+0x33/0x70 mm/slab.c:3676 kmalloc_node include/linux/slab.h:554 [inline] alloc_request_size+0x75/0x100 block/blk-core.c:754 mempool_alloc+0x148/0x490 mm/mempool.c:330 numa_policy 0KB 3KB __get_request block/blk-core.c:1331 [inline] get_request+0xe5d/0x2750 block/blk-core.c:1441 debug_objects_cache 896KB 1021KB trace_event_file 247KB 251KB blk_queue_bio+0x50d/0x1900 block/blk-core.c:1969 ftrace_event_field 353KB 354KB pool_workqueue 80KB 84KB generic_make_request+0x2ff/0xdd0 block/blk-core.c:2350 submit_bio+0x9f/0x400 block/blk-core.c:2458 submit_bh_wbc+0x4f3/0x730 fs/buffer.c:3099 __block_write_full_page+0x5e3/0xce0 fs/buffer.c:1781 block_write_full_page+0x1b1/0x240 fs/buffer.c:2967 blkdev_writepage+0x13/0x20 fs/block_dev.c:566 __writepage+0x5b/0xc0 mm/page-writeback.c:2301 write_cache_pages+0x723/0x12f0 mm/page-writeback.c:2239 task_group 4KB 7KB page->ptl 860KB 2779KB kmalloc-4194304 5640192KB 5640192KB kmalloc-2097152 2050KB 2050KB kmalloc-524288 1028KB 1028KB kmalloc-262144 1290KB 1290KB kmalloc-131072 650KB 650KB generic_writepages+0xca/0x130 mm/page-writeback.c:2325 blkdev_writepages+0x66/0xb0 fs/block_dev.c:1954 kmalloc-65536 264KB 264KB do_writepages+0x74/0x130 mm/page-writeback.c:2340 __writeback_single_inode+0x1b0/0x1290 fs/fs-writeback.c:1322 kmalloc-32768 1254KB 1254KB kmalloc-16384 379KB 379KB kmalloc-8192 1782KB 1782KB writeback_sb_inodes+0x639/0x1420 fs/fs-writeback.c:1586 kmalloc-4096 14135KB 14173KB kmalloc-2048 41596KB 41596KB __writeback_inodes_wb+0x190/0x2e0 fs/fs-writeback.c:1655 kmalloc-1024 5479KB 6890KB wb_writeback+0x82a/0xd50 fs/fs-writeback.c:1764 kmalloc-512 2683KB 4327KB kmalloc-256 3003KB 3495KB kmalloc-128 1165KB 1504KB kmalloc-96 2869KB 3556KB kmalloc-64 1850KB 2156KB wb_check_start_all fs/fs-writeback.c:1888 [inline] wb_do_writeback fs/fs-writeback.c:1914 [inline] wb_workfn+0x68f/0x1650 fs/fs-writeback.c:1948 kmalloc-32 2279KB 3110KB kmalloc-192 830KB 920KB kmem_cache 202KB 202KB Out of memory: Kill process 26618 (syz-executor3) score 999 or sacrifice child process_one_work+0xa31/0x19e0 kernel/workqueue.c:2113 worker_thread+0x217/0x1910 kernel/workqueue.c:2247 kthread+0x319/0x3e0 kernel/kthread.c:238 ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:406 Kernel Offset: disabled Rebooting in 86400 seconds..