ci2 starts bisection 2023-03-31 16:27:18.536998625 +0000 UTC m=+197939.550657634 bisecting fixing commit since 3ecc37918c80ffdbfa8f08d3e75a0a9fca1c1979 building syzkaller on 67be1ae742603edad9c97d30b6ed69f9bbe2ffa8 ensuring issue is reproducible on original commit 3ecc37918c80ffdbfa8f08d3e75a0a9fca1c1979 testing commit 3ecc37918c80ffdbfa8f08d3e75a0a9fca1c1979 gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 375e1f0c5d021542a6b87fa91eb81b818d14e33555558d2f06fcfc9a4bd6ec3f run #0: crashed: INFO: rcu detected stall in corrupted run #1: crashed: INFO: rcu detected stall in corrupted run #2: crashed: INFO: rcu detected stall in corrupted run #3: crashed: INFO: rcu detected stall in corrupted run #4: crashed: INFO: rcu detected stall in corrupted run #5: crashed: INFO: rcu detected stall in corrupted run #6: crashed: INFO: rcu detected stall in corrupted run #7: crashed: INFO: rcu detected stall in corrupted run #8: crashed: INFO: rcu detected stall in corrupted run #9: crashed: INFO: rcu detected stall in corrupted run #10: crashed: INFO: rcu detected stall in corrupted run #11: crashed: INFO: rcu detected stall in corrupted run #12: crashed: INFO: rcu detected stall in corrupted run #13: crashed: KASAN: stack-out-of-bounds Read in xfs_buf_lock run #14: crashed: KASAN: stack-out-of-bounds Read in xfs_buf_lock run #15: crashed: KASAN: stack-out-of-bounds Read in xfs_buf_lock run #16: crashed: KASAN: stack-out-of-bounds Read in xfs_buf_lock run #17: crashed: KASAN: stack-out-of-bounds Read in xfs_buf_lock run #18: crashed: KASAN: stack-out-of-bounds Read in xfs_buf_lock run #19: crashed: KASAN: stack-out-of-bounds Read in xfs_buf_lock testing current HEAD 62bad54b26db8bc98e28749cd76b2d890edb4258 testing commit 62bad54b26db8bc98e28749cd76b2d890edb4258 gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 608d7e634789372efdcd337322efaa1705e206d142a36832b3e99bed854e2f8c all runs: crashed: KASAN: stack-out-of-bounds Read in xfs_buf_lock revisions tested: 2, total time: 42m21.633338135s (build: 25m49.394226912s, test: 14m59.613028305s) the crash still happens on HEAD commit msg: Merge tag 'dma-mapping-6.3-2023-03-31' of git://git.infradead.org/users/hch/dma-mapping crash: KASAN: stack-out-of-bounds Read in xfs_buf_lock syz-executor.0 (13878): drop_caches: 2 ================================================================== BUG: KASAN: stack-out-of-bounds in __lock_acquire+0x77/0x1f80 Read of size 8 at addr ffffc9000ca778d8 by task syz-executor.0/13878 CPU: 0 PID: 13878 Comm: syz-executor.0 Not tainted 6.3.0-rc4-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 Call Trace: dump_stack_lvl+0x12e/0x1d0 print_report+0x163/0x510 kasan_report+0x108/0x140 __lock_acquire+0x77/0x1f80 lock_acquire+0x1b7/0x4f0 _raw_spin_lock_irqsave+0xb7/0x100 down+0x39/0xc0 xfs_buf_lock+0xde/0x2e0 xfs_buf_delwri_submit_buffers+0x159/0x760 xfs_buf_delwri_submit+0xb8/0x240 xfs_qm_shrink_scan+0x1b8/0x380 do_shrink_slab+0x3de/0xa50 shrink_slab+0x175/0x730 drop_slab+0xee/0x1c0 drop_caches_sysctl_handler+0x5c/0xf0 proc_sys_call_handler+0x498/0x770 do_iter_write+0x63b/0xaa0 iter_file_splice_write+0x770/0xf00 direct_splice_actor+0xe2/0x1a0 splice_direct_to_actor+0x42e/0xa60 do_splice_direct+0x26a/0x3b0 do_sendfile+0x508/0xcd0 __se_sys_sendfile64+0xaa/0x160 do_syscall_64+0x41/0xc0 entry_SYSCALL_64_after_hwframe+0x63/0xcd RIP: 0033:0x7efc0d08c0d9 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007efc0de03168 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 RAX: ffffffffffffffda RBX: 00007efc0d1abf80 RCX: 00007efc0d08c0d9 RDX: 0000000020002080 RSI: 0000000000000004 RDI: 0000000000000005 RBP: 00007efc0d0e7ae9 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000870 R11: 0000000000000246 R12: 0000000000000000 R13: 00007fff2e11aebf R14: 00007efc0de03300 R15: 0000000000022000 The buggy address belongs to the virtual mapping at [ffffc9000ca70000, ffffc9000ca79000) created by: copy_process+0x3d5/0x3b60 The buggy address belongs to the physical page: page:ffffea0000a3d780 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x28f5e memcg:ffff88806cb9b802 flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000 raw: 0000000000000000 0000000000000000 00000001ffffffff ffff88806cb9b802 page dumped because: kasan: bad access detected page_owner tracks the page as allocated page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102dc2(GFP_HIGHUSER|__GFP_NOWARN|__GFP_ZERO), pid 13882, tgid 13882 (syz-executor.3), ts 292155723775, free_ts 291836761488 get_page_from_freelist+0x31e9/0x3360 __alloc_pages+0x255/0x670 __vmalloc_node_range+0x7d1/0x1070 dup_task_struct+0x575/0x690 copy_process+0x3d5/0x3b60 kernel_clone+0x17d/0x5d0 __x64_sys_clone+0x228/0x290 do_syscall_64+0x41/0xc0 entry_SYSCALL_64_after_hwframe+0x63/0xcd page last free stack trace: free_unref_page_prepare+0xe2f/0xe70 free_unref_page_list+0x596/0x830 release_pages+0x1a07/0x1bc0 __pagevec_release+0x66/0xe0 invalidate_mapping_pagevec+0x3f1/0x4c0 xfs_free_buftarg+0x77/0xd0 xfs_fs_put_super+0x21e/0x2b0 generic_shutdown_super+0x113/0x2d0 kill_block_super+0x79/0xc0 deactivate_locked_super+0x75/0xd0 cleanup_mnt+0x358/0x3e0 task_work_run+0x20a/0x290 exit_to_user_mode_loop+0xd1/0xf0 exit_to_user_mode_prepare+0xb1/0x140 syscall_exit_to_user_mode+0x54/0x270 do_syscall_64+0x4d/0xc0 Memory state around the buggy address: ffffc9000ca77780: 00 00 00 00 f1 f1 f1 f1 00 00 00 00 00 00 00 00 ffffc9000ca77800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >ffffc9000ca77880: 00 00 00 00 00 00 00 00 f3 f3 f3 f3 f3 f3 f3 f3 ^ ffffc9000ca77900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffffc9000ca77980: 00 00 00 00 f1 f1 f1 f1 00 00 f3 f3 00 00 00 00 ==================================================================