ci2 starts bisection 2023-05-01 02:33:58.892786884 +0000 UTC m=+211892.913158094 bisecting fixing commit since 3ecc37918c80ffdbfa8f08d3e75a0a9fca1c1979 building syzkaller on 67be1ae742603edad9c97d30b6ed69f9bbe2ffa8 ensuring issue is reproducible on original commit 3ecc37918c80ffdbfa8f08d3e75a0a9fca1c1979 testing commit 3ecc37918c80ffdbfa8f08d3e75a0a9fca1c1979 gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: b9b3cfb5c477d74dc2a14b7ce3f2a557c9c40b8c48fe3f46edbcffb47652b067 run #0: crashed: INFO: rcu detected stall in corrupted run #1: crashed: INFO: rcu detected stall in corrupted run #2: crashed: INFO: rcu detected stall in corrupted run #3: crashed: INFO: rcu detected stall in corrupted run #4: crashed: INFO: rcu detected stall in corrupted run #5: crashed: INFO: rcu detected stall in corrupted run #6: crashed: INFO: rcu detected stall in corrupted run #7: crashed: INFO: rcu detected stall in corrupted run #8: crashed: INFO: rcu detected stall in corrupted run #9: crashed: INFO: rcu detected stall in corrupted run #10: crashed: INFO: rcu detected stall in corrupted run #11: crashed: INFO: rcu detected stall in corrupted run #12: crashed: INFO: rcu detected stall in corrupted run #13: crashed: INFO: rcu detected stall in corrupted run #14: crashed: INFO: rcu detected stall in corrupted run #15: crashed: INFO: rcu detected stall in corrupted run #16: crashed: INFO: rcu detected stall in corrupted run #17: crashed: KASAN: stack-out-of-bounds Read in xfs_buf_lock run #18: crashed: KASAN: stack-out-of-bounds Read in xfs_buf_lock run #19: crashed: KASAN: stack-out-of-bounds Read in xfs_buf_lock testing current HEAD 58390c8ce1bddb6c623f62e7ed36383e7fa5c02f testing commit 58390c8ce1bddb6c623f62e7ed36383e7fa5c02f gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 77813cea31b2c8b7173dea9fc677c6ea279061b66c4ad8ca9de802f733aa68d3 all runs: crashed: KASAN: stack-out-of-bounds Read in xfs_buf_lock revisions tested: 2, total time: 46m13.369592791s (build: 31m16.665301751s, test: 13m56.762850733s) the crash still happens on HEAD commit msg: Merge tag 'iommu-updates-v6.4' of git://git.kernel.org/pub/scm/linux/kernel/git/joro/iommu crash: KASAN: stack-out-of-bounds Read in xfs_buf_lock ================================================================== BUG: KASAN: stack-out-of-bounds in __lock_acquire+0x77/0x2000 Read of size 8 at addr ffffc9000abef8d8 by task syz-executor.3/11481 CPU: 1 PID: 11481 Comm: syz-executor.3 Not tainted 6.3.0-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023 Call Trace: dump_stack_lvl+0x12e/0x1d0 print_report+0x163/0x510 kasan_report+0x108/0x140 __lock_acquire+0x77/0x2000 lock_acquire+0x1b9/0x4f0 _raw_spin_lock_irqsave+0xb7/0x100 down+0x39/0xc0 xfs_buf_lock+0xde/0x2e0 xfs_buf_delwri_submit_buffers+0x159/0x760 xfs_buf_delwri_submit+0xb8/0x240 xfs_qm_shrink_scan+0x1b8/0x380 do_shrink_slab+0x3e8/0xa50 shrink_slab+0x18f/0x8d0 drop_slab+0xee/0x1c0 drop_caches_sysctl_handler+0x5c/0xf0 proc_sys_call_handler+0x498/0x770 do_iter_write+0x756/0xbc0 iter_file_splice_write+0x770/0xf00 direct_splice_actor+0xe2/0x1a0 splice_direct_to_actor+0x42e/0xa60 do_splice_direct+0x26a/0x3b0 do_sendfile+0x508/0xcd0 __se_sys_sendfile64+0xaa/0x160 do_syscall_64+0x41/0xc0 entry_SYSCALL_64_after_hwframe+0x63/0xcd RIP: 0033:0x7f0b04a8c0d9 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f0b057c3168 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 RAX: ffffffffffffffda RBX: 00007f0b04babf80 RCX: 00007f0b04a8c0d9 RDX: 0000000020002080 RSI: 0000000000000004 RDI: 0000000000000005 RBP: 00007f0b04ae7ae9 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000870 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffe1d7ad9ef R14: 00007f0b057c3300 R15: 0000000000022000 The buggy address belongs to the virtual mapping at [ffffc9000abe8000, ffffc9000abf1000) created by: copy_process+0x40a/0x3c80 The buggy address belongs to the physical page: page:ffffea000096bfc0 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x25aff memcg:ffff88801c060b82 flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) page_type: 0xffffffff() raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000 raw: 0000000000000000 0000000000000000 00000001ffffffff ffff88801c060b82 page dumped because: kasan: bad access detected page_owner tracks the page as allocated page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102dc2(GFP_HIGHUSER|__GFP_NOWARN|__GFP_ZERO), pid 2, tgid 2 (kthreadd), ts 254424309201, free_ts 253453875921 get_page_from_freelist+0x31bf/0x3340 __alloc_pages+0x255/0x670 __vmalloc_node_range+0x7cc/0x10d0 dup_task_struct+0x5c3/0x720 copy_process+0x40a/0x3c80 kernel_clone+0x17d/0x5d0 kernel_thread+0x1ad/0x220 kthreadd+0x50e/0x6c0 ret_from_fork+0x1f/0x30 page last free stack trace: free_unref_page_prepare+0x8fe/0xa10 free_unref_page+0x37/0x3f0 vfree+0x11f/0x240 delayed_vfree_work+0x3c/0x70 process_one_work+0x7c4/0xe70 worker_thread+0x8c9/0xfd0 kthread+0x276/0x2f0 ret_from_fork+0x1f/0x30 Memory state around the buggy address: ffffc9000abef780: 00 00 00 00 f1 f1 f1 f1 00 00 00 00 00 00 00 00 ffffc9000abef800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >ffffc9000abef880: 00 00 00 00 00 00 00 00 f3 f3 f3 f3 f3 f3 f3 f3 ^ ffffc9000abef900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffffc9000abef980: 00 00 00 00 f1 f1 f1 f1 00 00 f3 f3 00 00 00 00 ==================================================================