ci starts bisection 2023-01-06 20:56:04.049425316 +0000 UTC m=+116079.344160671
bisecting cause commit starting from 41c03ba9beea760bd2d2ac9250b09a2e192da2dc
building syzkaller on 1dac8c7a01e2bdd35cb04eb4901ddb157291ac2d
ensuring issue is reproducible on original commit 41c03ba9beea760bd2d2ac9250b09a2e192da2dc

testing commit 41c03ba9beea760bd2d2ac9250b09a2e192da2dc gcc
compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 217f699c5790771ef777402d9af800ca20f758ca0566491d1a801d41a63d871e
run #0: crashed: kernel panic: stack is corrupted in lock_acquire
run #1: crashed: BUG: looking up invalid subclass: ADDR
run #2: crashed: BUG: unable to handle kernel paging request in page_cache_ra_unbounded
run #3: crashed: kernel panic: stack is corrupted in lock_release
run #4: crashed: WARNING: nested lock was not taken in is_bpf_text_address
run #5: crashed: WARNING: nested lock was not taken in is_bpf_text_address
run #6: crashed: kernel panic: stack is corrupted in arch_stack_walk
run #7: crashed: WARNING: nested lock was not taken in is_bpf_text_address
run #8: crashed: WARNING: bad unlock balance in ntfs_set_size
run #9: crashed: BUG: looking up invalid subclass: ADDR
run #10: crashed: BUG: looking up invalid subclass: ADDR
run #11: crashed: BUG: unable to handle kernel paging request in ktime_get_coarse_real_ts64
run #12: crashed: WARNING: bad unlock balance in ntfs_set_size
run #13: crashed: BUG: unable to handle kernel paging request in ktime_get_coarse_real_ts64
run #14: crashed: WARNING: nested lock was not taken in filemap_get_read_batch
run #15: crashed: kernel panic: stack is corrupted in arch_stack_walk
run #16: crashed: BUG: looking up invalid subclass: ADDR
run #17: crashed: BUG: looking up invalid subclass: ADDR
run #18: crashed: KASAN: out-of-bounds Write in end_buffer_read_sync
run #19: crashed: BUG: unable to handle kernel paging request in ktime_get_coarse_real_ts64
testing release v6.1
testing commit 830b3c68c1fb1e9176028d02ef86f3cf76aa2476 gcc
compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 4410a034b0ca34b2b8119c5cbb77bca9774f7490f9a1c899b5e4b010c9b8b76f
all runs: OK
# git bisect start 41c03ba9beea760bd2d2ac9250b09a2e192da2dc 830b3c68c1fb1e9176028d02ef86f3cf76aa2476
Bisecting: 7394 revisions left to test after this (roughly 13 steps)
[740afa4d39414516c36836ad88bed8294c72ba5f] Merge tag 'x86_sev_for_v6.2' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip

testing commit 740afa4d39414516c36836ad88bed8294c72ba5f gcc
compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 411c5778b6e77e9a559b1c904f52b9bbdfb96af5b2b7afe29fe59b54c0bea83d
all runs: OK
# git bisect good 740afa4d39414516c36836ad88bed8294c72ba5f
Bisecting: 3689 revisions left to test after this (roughly 12 steps)
[c0f234ff90a211272138be1611ba53f3155ebd78] Merge tag 'gpio-updates-for-v6.2' of git://git.kernel.org/pub/scm/linux/kernel/git/brgl/linux

testing commit c0f234ff90a211272138be1611ba53f3155ebd78 gcc
compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 127b77f77b6a897f45734451de3656f74463ee57133e695bfd1b03d16cf83b65
all runs: OK
# git bisect good c0f234ff90a211272138be1611ba53f3155ebd78
Bisecting: 1741 revisions left to test after this (roughly 11 steps)
[aa4800e31c547ed00681318335ca2298c4bca33a] Merge tag 'perf-tools-for-v6.2-1-2022-12-16' of git://git.kernel.org/pub/scm/linux/kernel/git/acme/linux

testing commit aa4800e31c547ed00681318335ca2298c4bca33a gcc
compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 7972639fa9f3ce6fe64b1942d7fb27fb9a6dcde66046742914f06f56ae2c496a
all runs: OK
# git bisect good aa4800e31c547ed00681318335ca2298c4bca33a
Bisecting: 887 revisions left to test after this (roughly 10 steps)
[e96b95c2b7a63a454b6498e2df67aac14d046d13] gcov: add support for checksum field

testing commit e96b95c2b7a63a454b6498e2df67aac14d046d13 gcc
compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 01e75f2628a49d95ebe8d4a0d313a2071851569ec8f1ad5d609b8c629722468e
all runs: OK
# git bisect good e96b95c2b7a63a454b6498e2df67aac14d046d13
Bisecting: 438 revisions left to test after this (roughly 9 steps)
[0a924817d2ed9396401e0557c6134276d2e26382] Merge tag '6.2-rc-smb3-client-fixes-part2' of git://git.samba.org/sfrench/cifs-2.6

testing commit 0a924817d2ed9396401e0557c6134276d2e26382 gcc
compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 20d8d221477b9b9f17c0d724fcd892c9704f2bfd6c6cd321e75c907a44192ee3
run #0: crashed: BUG: looking up invalid subclass: ADDR
run #1: crashed: kernel panic: stack is corrupted in arch_stack_walk
run #2: crashed: KASAN: out-of-bounds Write in end_buffer_read_sync
run #3: crashed: BUG: unable to handle kernel paging request in ktime_get_coarse_real_ts64
run #4: crashed: WARNING: nested lock was not taken in filemap_get_read_batch
run #5: crashed: WARNING: bad unlock balance in ntfs_set_size
run #6: crashed: BUG: looking up invalid subclass: ADDR
run #7: crashed: WARNING: bad unlock balance in ntfs_set_size
run #8: crashed: WARNING: bad unlock balance in ntfs_set_size
run #9: crashed: WARNING: nested lock was not taken in is_bpf_text_address
# git bisect bad 0a924817d2ed9396401e0557c6134276d2e26382
Bisecting: 203 revisions left to test after this (roughly 8 steps)
[7406fd75a92066712b6f696983f89438f474049a] Merge tag 'mfd-next-6.2' of git://git.kernel.org/pub/scm/linux/kernel/git/lee/mfd

testing commit 7406fd75a92066712b6f696983f89438f474049a gcc
compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: b64f5796d9eb8b0a1448061873f832d0fc8e572cee3127ce6daf3ac46891c66f
all runs: OK
# git bisect good 7406fd75a92066712b6f696983f89438f474049a
Bisecting: 106 revisions left to test after this (roughly 7 steps)
[7a693ea78e3c48605a2d849fd241ff15561f10d5] Merge tag 'pwm/for-6.2-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/thierry.reding/linux-pwm

testing commit 7a693ea78e3c48605a2d849fd241ff15561f10d5 gcc
compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 4b1d896eecb4c8173acdceaddc9c2edc007030735f27306b9f1262e73519eec8
all runs: OK
# git bisect good 7a693ea78e3c48605a2d849fd241ff15561f10d5
Bisecting: 53 revisions left to test after this (roughly 6 steps)
[0ad9dfcb8d3fd6ef91983ccb93fafbf9e3115796] fs/ntfs3: Changing locking in ntfs_rename

testing commit 0ad9dfcb8d3fd6ef91983ccb93fafbf9e3115796 gcc
compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 02dbb0f5db7e980deb3c4a7c10a7c5c8f36c3094abcfc28fad48193f06402438
run #0: crashed: KASAN: out-of-bounds Write in end_buffer_read_sync
run #1: crashed: WARNING: stack recursion on stack type NUM
run #2: crashed: KASAN: out-of-bounds Write in end_buffer_read_sync
run #3: crashed: KASAN: out-of-bounds Write in end_buffer_read_sync
run #4: crashed: KASAN: out-of-bounds Write in end_buffer_read_sync
run #5: crashed: WARNING: locking bug in ntfs_file_write_iter
run #6: crashed: KASAN: out-of-bounds Write in end_buffer_read_sync
run #7: crashed: kernel panic: stack is corrupted in __rmqueue_pcplist
run #8: crashed: KASAN: out-of-bounds Write in end_buffer_read_sync
run #9: crashed: WARNING: stack recursion on stack type NUM
# git bisect bad 0ad9dfcb8d3fd6ef91983ccb93fafbf9e3115796
Bisecting: 26 revisions left to test after this (roughly 5 steps)
[0d0f659bf713662fabed973f9996b8f23c59ca51] fs/ntfs3: Use __GFP_NOWARN allocation at wnd_init()

testing commit 0d0f659bf713662fabed973f9996b8f23c59ca51 gcc
compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 56cc35c4169bd96d92ac3b3be095cac6fdc6ced420d383ef85f81cb396bc8d1f
all runs: OK
# git bisect good 0d0f659bf713662fabed973f9996b8f23c59ca51
Bisecting: 13 revisions left to test after this (roughly 4 steps)
[658015167a8432b88f5d032e9d85d8fd50e5bf2c] fs/ntfs3: Delete duplicate condition in ntfs_read_mft()

testing commit 658015167a8432b88f5d032e9d85d8fd50e5bf2c gcc
compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 04ab2dd9274640f6a1d7ed24be5856b07bedb6fa0e5c24844a551270ffd0ee09
all runs: OK
# git bisect good 658015167a8432b88f5d032e9d85d8fd50e5bf2c
Bisecting: 6 revisions left to test after this (roughly 3 steps)
[3929042111de8cb283489ef4ea184103e3443536] fs/ntfs3: Remove unused functions

testing commit 3929042111de8cb283489ef4ea184103e3443536 gcc
compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: d011ac44eb7f53ea038e40ffcd833dbdd78d090227a0be8fc3e12c03071d5eab
all runs: OK
# git bisect good 3929042111de8cb283489ef4ea184103e3443536
Bisecting: 3 revisions left to test after this (roughly 2 steps)
[c380b52f6c5702cc4bdda5e6d456d6c19a201a0b] fs/ntfs3: Change new sparse cluster processing

testing commit c380b52f6c5702cc4bdda5e6d456d6c19a201a0b gcc
compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 8912e3e02cbc526b1695a3108b97628adcb8ecbca06e67d2bf8d0c8f33170c2f
all runs: OK
# git bisect good c380b52f6c5702cc4bdda5e6d456d6c19a201a0b
Bisecting: 1 revision left to test after this (roughly 1 step)
[2b108260ea2c9ec07651aea4911d7e2e6ab560f7] fs/ntfs3: atomic_open implementation

testing commit 2b108260ea2c9ec07651aea4911d7e2e6ab560f7 gcc
compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: ae56710f0cdd4faacd540b36d4f25cb92c430b80fbca69db2f048b221248b6ce
all runs: OK
# git bisect good 2b108260ea2c9ec07651aea4911d7e2e6ab560f7
Bisecting: 0 revisions left to test after this (roughly 0 steps)
[ad26a9c84510af7252e582e811de970433a9758f] fs/ntfs3: Fixing wrong logic in attr_set_size and ntfs_fallocate

testing commit ad26a9c84510af7252e582e811de970433a9758f gcc
compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 5e9c6b02ccedf57e449f6416f84ff175a422ddc9119a94ed02ab1483d1c16688
run #0: crashed: KASAN: out-of-bounds Write in end_buffer_read_sync
run #1: crashed: KASAN: out-of-bounds Write in end_buffer_read_sync
run #2: crashed: KASAN: out-of-bounds Write in end_buffer_read_sync
run #3: crashed: KASAN: out-of-bounds Write in end_buffer_read_sync
run #4: crashed: kernel panic: stack is corrupted in _raw_spin_unlock_irqrestore
run #5: crashed: WARNING: stack recursion on stack type NUM
run #6: crashed: KASAN: out-of-bounds Write in end_buffer_read_sync
run #7: crashed: KASAN: out-of-bounds Write in end_buffer_read_sync
run #8: crashed: kernel panic: stack is corrupted in _raw_spin_unlock_irqrestore
run #9: crashed: KASAN: out-of-bounds Write in end_buffer_read_sync
# git bisect bad ad26a9c84510af7252e582e811de970433a9758f
ad26a9c84510af7252e582e811de970433a9758f is the first bad commit
commit ad26a9c84510af7252e582e811de970433a9758f
Author: Konstantin Komarov <almaz.alexandrovich@paragon-software.com>
Date:   Fri Oct 7 20:08:06 2022 +0300

    fs/ntfs3: Fixing wrong logic in attr_set_size and ntfs_fallocate
    
    There were 2 problems:
    - in some cases we lost dirty flag;
    - cluster allocation can be called even when it wasn't needed.
    Fixes xfstest generic/465
    
    Signed-off-by: Konstantin Komarov <almaz.alexandrovich@paragon-software.com>

 fs/ntfs3/attrib.c | 25 +++++++++++--------------
 fs/ntfs3/file.c   | 30 ++++++++++++++++++------------
 fs/ntfs3/index.c  |  9 +++++++++
 fs/ntfs3/inode.c  | 17 +++++------------
 4 files changed, 43 insertions(+), 38 deletions(-)

culprit signature: 5e9c6b02ccedf57e449f6416f84ff175a422ddc9119a94ed02ab1483d1c16688
parent  signature: ae56710f0cdd4faacd540b36d4f25cb92c430b80fbca69db2f048b221248b6ce
revisions tested: 16, total time: 5h0m46.011378721s (build: 2h21m15.836788153s, test: 2h37m9.773395365s)
first bad commit: ad26a9c84510af7252e582e811de970433a9758f fs/ntfs3: Fixing wrong logic in attr_set_size and ntfs_fallocate
recipients (to): ["almaz.alexandrovich@paragon-software.com" "almaz.alexandrovich@paragon-software.com" "ntfs3@lists.linux.dev"]
recipients (cc): ["linux-kernel@vger.kernel.org"]
crash: KASAN: out-of-bounds Write in end_buffer_read_sync
==================================================================
BUG: KASAN: out-of-bounds in instrument_atomic_read_write include/linux/instrumented.h:101 [inline]
BUG: KASAN: out-of-bounds in atomic_dec include/linux/atomic/atomic-instrumented.h:257 [inline]
BUG: KASAN: out-of-bounds in put_bh include/linux/buffer_head.h:321 [inline]
BUG: KASAN: out-of-bounds in end_buffer_read_sync+0x85/0x90 fs/buffer.c:160
Write of size 4 at addr ffffc90003e7f260 by task ksoftirqd/1/22

CPU: 1 PID: 22 Comm: ksoftirqd/1 Not tainted 6.0.0-rc7-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x163/0x213 lib/dump_stack.c:106
 print_address_description+0x65/0x4b0 mm/kasan/report.c:317
 print_report+0x108/0x220 mm/kasan/report.c:433
 kasan_report+0xfb/0x130 mm/kasan/report.c:495
 kasan_check_range+0x2a7/0x2e0 mm/kasan/generic.c:189
 instrument_atomic_read_write include/linux/instrumented.h:101 [inline]
 atomic_dec include/linux/atomic/atomic-instrumented.h:257 [inline]
 put_bh include/linux/buffer_head.h:321 [inline]
 end_buffer_read_sync+0x85/0x90 fs/buffer.c:160
 end_bio_bh_io_sync+0x87/0xd0 fs/buffer.c:2672
 req_bio_endio block/blk-mq.c:695 [inline]
 blk_update_request+0x3c4/0x1040 block/blk-mq.c:825
 blk_mq_end_request+0x34/0x60 block/blk-mq.c:951
 blk_complete_reqs block/blk-mq.c:1022 [inline]
 blk_done_softirq+0x95/0x140 block/blk-mq.c:1027
 __do_softirq+0x382/0x793 kernel/softirq.c:571
 run_ksoftirqd+0xc1/0x120 kernel/softirq.c:934
 smpboot_thread_fn+0x523/0x880 kernel/smpboot.c:164
 kthread+0x228/0x2a0 kernel/kthread.c:376
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:306
 </TASK>

The buggy address belongs to the virtual mapping at
 [ffffc90003e78000, ffffc90003e81000) created by:
 dup_task_struct+0x55/0x440 kernel/fork.c:977

The buggy address belongs to the physical page:
page:ffffea0001fcab00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7f2ac
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000
raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
page dumped because: kasan: bad access detected
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102dc2(GFP_HIGHUSER|__GFP_NOWARN|__GFP_ZERO), pid 5868, tgid 5868 (syz-executor.0), ts 254514212959, free_ts 199565363324
 prep_new_page mm/page_alloc.c:2532 [inline]
 get_page_from_freelist+0x72b/0x7a0 mm/page_alloc.c:4283
 __alloc_pages+0x259/0x560 mm/page_alloc.c:5515
 vm_area_alloc_pages mm/vmalloc.c:2958 [inline]
 __vmalloc_area_node mm/vmalloc.c:3026 [inline]
 __vmalloc_node_range+0x66f/0xfb0 mm/vmalloc.c:3196
 alloc_thread_stack_node+0x27f/0x410 kernel/fork.c:312
 dup_task_struct+0x55/0x440 kernel/fork.c:977
 copy_process+0x401/0x3ae0 kernel/fork.c:2085
 kernel_clone+0x193/0x600 kernel/fork.c:2671
 __do_sys_clone kernel/fork.c:2805 [inline]
 __se_sys_clone kernel/fork.c:2789 [inline]
 __x64_sys_clone+0x271/0x2e0 kernel/fork.c:2789
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x2b/0x70 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x63/0xcd
page last free stack trace:
 reset_page_owner include/linux/page_owner.h:24 [inline]
 free_pages_prepare mm/page_alloc.c:1449 [inline]
 free_pcp_prepare+0x812/0x900 mm/page_alloc.c:1499
 free_unref_page_prepare mm/page_alloc.c:3380 [inline]
 free_unref_page+0x7d/0x630 mm/page_alloc.c:3476
 kasan_depopulate_vmalloc_pte+0x66/0x80 mm/kasan/shadow.c:372
 apply_to_pte_range mm/memory.c:2633 [inline]
 apply_to_pmd_range mm/memory.c:2677 [inline]
 apply_to_pud_range mm/memory.c:2713 [inline]
 apply_to_p4d_range mm/memory.c:2749 [inline]
 __apply_to_page_range+0x6ff/0x890 mm/memory.c:2783
 kasan_release_vmalloc+0x96/0xb0 mm/kasan/shadow.c:486
 __purge_vmap_area_lazy+0x1397/0x14e0 mm/vmalloc.c:1753
 drain_vmap_area_work+0x3c/0xd0 mm/vmalloc.c:1782
 process_one_work+0x794/0xc10 kernel/workqueue.c:2289
 worker_thread+0x8ff/0xfe0 kernel/workqueue.c:2436
 kthread+0x228/0x2a0 kernel/kthread.c:376
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:306

Memory state around the buggy address:
 ffffc90003e7f100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ffffc90003e7f180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>ffffc90003e7f200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                          ^
 ffffc90003e7f280: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ffffc90003e7f300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
==================================================================