ci2 starts bisection 2023-06-01 02:26:32.62970826 +0000 UTC m=+24018.745832893 bisecting fixing commit since 3ecc37918c80ffdbfa8f08d3e75a0a9fca1c1979 building syzkaller on 67be1ae742603edad9c97d30b6ed69f9bbe2ffa8 ensuring issue is reproducible on original commit 3ecc37918c80ffdbfa8f08d3e75a0a9fca1c1979 testing commit 3ecc37918c80ffdbfa8f08d3e75a0a9fca1c1979 gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 1290d01a49f2305f1c5d372dee229319a0b49bacd73e36c31e42f219896a2f89 run #0: crashed: INFO: rcu detected stall in corrupted run #1: crashed: INFO: rcu detected stall in corrupted run #2: crashed: KASAN: stack-out-of-bounds Read in xfs_buf_lock run #3: crashed: INFO: rcu detected stall in corrupted run #4: crashed: KASAN: stack-out-of-bounds Read in xfs_buf_lock run #5: crashed: INFO: rcu detected stall in corrupted run #6: crashed: INFO: rcu detected stall in corrupted run #7: crashed: INFO: rcu detected stall in corrupted run #8: crashed: INFO: rcu detected stall in corrupted run #9: crashed: INFO: rcu detected stall in corrupted run #10: crashed: INFO: rcu detected stall in corrupted run #11: crashed: INFO: rcu detected stall in corrupted run #12: crashed: INFO: rcu detected stall in corrupted run #13: crashed: KASAN: stack-out-of-bounds Read in xfs_buf_lock run #14: crashed: KASAN: stack-out-of-bounds Read in xfs_buf_lock run #15: crashed: KASAN: stack-out-of-bounds Read in xfs_buf_lock run #16: crashed: KASAN: stack-out-of-bounds Read in xfs_buf_lock run #17: crashed: KASAN: stack-out-of-bounds Read in xfs_buf_lock run #18: crashed: KASAN: stack-out-of-bounds Read in xfs_buf_lock run #19: crashed: KASAN: stack-out-of-bounds Read in xfs_buf_lock testing current HEAD 929ed21dfdb6ee94391db51c9eedb63314ef6847 testing commit 929ed21dfdb6ee94391db51c9eedb63314ef6847 gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: d0cf7383b7dd0613b35245f07cd08b6269c34f8b8a206faea844b47a197cbebc all runs: crashed: KASAN: stack-out-of-bounds Read in xfs_buf_lock crash still not fixed/happens on the oldest tested release revisions tested: 2, total time: 55m1.942333089s (build: 40m0.361315976s, test: 14m6.930960021s) crash still not fixed on HEAD or HEAD had kernel test errors commit msg: Merge tag '6.4-rc4-smb3-client-fixes' of git://git.samba.org/sfrench/cifs-2.6 crash: KASAN: stack-out-of-bounds Read in xfs_buf_lock ================================================================== BUG: KASAN: stack-out-of-bounds in __lock_acquire+0x77/0x2070 Read of size 8 at addr ffffc90008a1f8d8 by task syz-executor.2/11294 CPU: 1 PID: 11294 Comm: syz-executor.2 Not tainted 6.4.0-rc4-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 Call Trace: dump_stack_lvl+0x12e/0x1d0 print_report+0x163/0x510 kasan_report+0x108/0x140 __lock_acquire+0x77/0x2070 lock_acquire+0x1b9/0x4f0 _raw_spin_lock_irqsave+0xb7/0x100 down+0x39/0xc0 xfs_buf_lock+0xde/0x2e0 xfs_buf_delwri_submit_buffers+0x159/0x760 xfs_buf_delwri_submit+0xb8/0x240 xfs_qm_shrink_scan+0x1b8/0x380 do_shrink_slab+0x3e8/0xa50 shrink_slab+0x18f/0x8d0 drop_slab+0xee/0x1c0 drop_caches_sysctl_handler+0x5c/0xf0 proc_sys_call_handler+0x498/0x770 do_iter_write+0x756/0xbc0 iter_file_splice_write+0x770/0xf00 direct_splice_actor+0xe2/0x1a0 splice_direct_to_actor+0x42e/0xa60 do_splice_direct+0x26a/0x3b0 do_sendfile+0x508/0xcd0 __se_sys_sendfile64+0xaa/0x160 do_syscall_64+0x41/0xc0 entry_SYSCALL_64_after_hwframe+0x63/0xcd RIP: 0033:0x7f2c5a88c0d9 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f2c5b56d168 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 RAX: ffffffffffffffda RBX: 00007f2c5a9abf80 RCX: 00007f2c5a88c0d9 RDX: 0000000020002080 RSI: 0000000000000004 RDI: 0000000000000005 RBP: 00007f2c5a8e7ae9 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000870 R11: 0000000000000246 R12: 0000000000000000 R13: 00007fff370923df R14: 00007f2c5b56d300 R15: 0000000000022000 The buggy address belongs to the virtual mapping at [ffffc90008a18000, ffffc90008a21000) created by: copy_process+0x40a/0x3c80 The buggy address belongs to the physical page: page:ffffea0000a19600 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x28658 memcg:ffff888075bd5c82 flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) page_type: 0xffffffff() raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000 raw: 0000000000000000 0000000000000000 00000001ffffffff ffff888075bd5c82 page dumped because: kasan: bad access detected page_owner tracks the page as allocated page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102dc2(GFP_HIGHUSER|__GFP_NOWARN|__GFP_ZERO), pid 11295, tgid 11295 (syz-executor.4), ts 265662588989, free_ts 265247491917 get_page_from_freelist+0x31bf/0x3340 __alloc_pages+0x255/0x670 __vmalloc_node_range+0x7cc/0x10d0 dup_task_struct+0x5c3/0x720 copy_process+0x40a/0x3c80 kernel_clone+0x17d/0x5d0 __x64_sys_clone+0x268/0x2e0 do_syscall_64+0x41/0xc0 entry_SYSCALL_64_after_hwframe+0x63/0xcd page last free stack trace: free_unref_page_prepare+0x8fe/0xa10 free_unref_page+0x37/0x3f0 vfree+0x11f/0x240 delayed_vfree_work+0x3c/0x70 process_one_work+0x7c4/0xe70 worker_thread+0x8c9/0xfd0 kthread+0x276/0x2f0 ret_from_fork+0x1f/0x30 Memory state around the buggy address: ffffc90008a1f780: 00 00 00 00 f1 f1 f1 f1 00 00 00 00 00 00 00 00 ffffc90008a1f800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >ffffc90008a1f880: 00 00 00 00 00 00 00 00 f3 f3 f3 f3 f3 f3 f3 f3 ^ ffffc90008a1f900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffffc90008a1f980: 00 00 00 00 f1 f1 f1 f1 00 00 f3 f3 00 00 00 00 ==================================================================