ci2 starts bisection 2023-03-01 15:31:36.827022385 +0000 UTC m=+28296.431184403 bisecting fixing commit since 3ecc37918c80ffdbfa8f08d3e75a0a9fca1c1979 building syzkaller on 67be1ae742603edad9c97d30b6ed69f9bbe2ffa8 ensuring issue is reproducible on original commit 3ecc37918c80ffdbfa8f08d3e75a0a9fca1c1979 testing commit 3ecc37918c80ffdbfa8f08d3e75a0a9fca1c1979 gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 105927e6ec72e00ccb2decd521957274d25c8879f8b2deb05b39b05928e9f53a run #0: crashed: INFO: rcu detected stall in corrupted run #1: crashed: INFO: rcu detected stall in corrupted run #2: crashed: INFO: rcu detected stall in corrupted run #3: crashed: KASAN: stack-out-of-bounds Read in xfs_buf_lock run #4: crashed: INFO: rcu detected stall in corrupted run #5: crashed: INFO: rcu detected stall in corrupted run #6: crashed: INFO: rcu detected stall in corrupted run #7: crashed: INFO: rcu detected stall in corrupted run #8: crashed: INFO: rcu detected stall in corrupted run #9: crashed: INFO: rcu detected stall in corrupted run #10: crashed: INFO: rcu detected stall in corrupted run #11: crashed: INFO: rcu detected stall in corrupted run #12: crashed: INFO: rcu detected stall in corrupted run #13: crashed: INFO: rcu detected stall in corrupted run #14: crashed: KASAN: stack-out-of-bounds Read in xfs_buf_lock run #15: crashed: KASAN: stack-out-of-bounds Read in xfs_buf_lock run #16: crashed: KASAN: stack-out-of-bounds Read in xfs_buf_lock run #17: crashed: KASAN: stack-out-of-bounds Read in xfs_buf_lock run #18: crashed: KASAN: stack-out-of-bounds Read in xfs_buf_lock run #19: crashed: KASAN: stack-out-of-bounds Read in xfs_buf_lock testing current HEAD c0927a7a5391f7d8e593e5e50ead7505a23cadf9 testing commit c0927a7a5391f7d8e593e5e50ead7505a23cadf9 gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 7d138002e6f8d83a8f6a6d7a1bbd4b823308e0e33b8e58b3de0a2bc6abbc1497 all runs: crashed: KASAN: stack-out-of-bounds Read in xfs_buf_lock revisions tested: 2, total time: 55m20.342981317s (build: 39m18.799974918s, test: 13m33.262413323s) the crash still happens on HEAD commit msg: Merge tag 'xfs-6.3-merge-4' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux crash: KASAN: stack-out-of-bounds Read in xfs_buf_lock XFS (loop2): Quotacheck: Done. ================================================================== BUG: KASAN: stack-out-of-bounds in __lock_acquire+0x77/0x1f80 Read of size 8 at addr ffffc9000520f8d8 by task syz-executor.2/14696 CPU: 1 PID: 14696 Comm: syz-executor.2 Not tainted 6.2.0-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/16/2023 Call Trace: dump_stack_lvl+0x12e/0x1d0 print_report+0x163/0x510 kasan_report+0xce/0x100 __lock_acquire+0x77/0x1f80 lock_acquire+0x214/0x600 _raw_spin_lock_irqsave+0xb7/0x100 down+0x39/0xc0 xfs_buf_lock+0x13b/0x4f0 xfs_buf_delwri_submit_buffers+0x16c/0x8f0 xfs_buf_delwri_submit+0xb8/0x240 xfs_qm_shrink_scan+0x1b8/0x380 do_shrink_slab+0x46f/0xc70 shrink_slab+0x175/0x730 drop_slab+0xee/0x1c0 drop_caches_sysctl_handler+0x5c/0xf0 proc_sys_call_handler+0x498/0x770 do_iter_write+0x63b/0xaa0 iter_file_splice_write+0x770/0xf00 direct_splice_actor+0xe2/0x1a0 splice_direct_to_actor+0x42e/0xa60 do_splice_direct+0x26a/0x3b0 do_sendfile+0x508/0xcd0 __se_sys_sendfile64+0xaa/0x160 do_syscall_64+0x41/0xc0 entry_SYSCALL_64_after_hwframe+0x63/0xcd RIP: 0033:0x7fd4dc28c0d9 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007fd4dcfaf168 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 RAX: ffffffffffffffda RBX: 00007fd4dc3abf80 RCX: 00007fd4dc28c0d9 RDX: 0000000020002080 RSI: 0000000000000004 RDI: 0000000000000005 RBP: 00007fd4dc2e7ae9 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000870 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffd330f842f R14: 00007fd4dcfaf300 R15: 0000000000022000 The buggy address belongs to the virtual mapping at [ffffc90005208000, ffffc90005211000) created by: copy_process+0x3d5/0x3b60 The buggy address belongs to the physical page: page:ffffea0001f68780 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7da1e memcg:ffff8880251feb02 flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000 raw: 0000000000000000 0000000000000000 00000001ffffffff ffff8880251feb02 page dumped because: kasan: bad access detected page_owner tracks the page as allocated page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102dc2(GFP_HIGHUSER|__GFP_NOWARN|__GFP_ZERO), pid 14695, tgid 14695 (syz-executor.1), ts 395910156678, free_ts 395464434874 get_page_from_freelist+0x3792/0x3910 __alloc_pages+0x291/0x7f0 __vmalloc_node_range+0x700/0x1080 dup_task_struct+0x575/0x690 copy_process+0x3d5/0x3b60 kernel_clone+0x17d/0x700 __x64_sys_clone+0x228/0x290 do_syscall_64+0x41/0xc0 entry_SYSCALL_64_after_hwframe+0x63/0xcd page last free stack trace: free_unref_page_prepare+0xf0e/0xf70 free_unref_page_list+0x6be/0x960 release_pages+0x1a07/0x1bc0 __pagevec_release+0x66/0xe0 invalidate_mapping_pagevec+0x3f1/0x4c0 xfs_free_buftarg+0x77/0xd0 xfs_fs_put_super+0x21e/0x2b0 generic_shutdown_super+0x113/0x2d0 kill_block_super+0x79/0xc0 deactivate_locked_super+0x75/0xd0 cleanup_mnt+0x3af/0x430 task_work_run+0x20a/0x290 exit_to_user_mode_loop+0xd1/0xf0 exit_to_user_mode_prepare+0xb1/0x140 syscall_exit_to_user_mode+0x54/0x2d0 do_syscall_64+0x4d/0xc0 Memory state around the buggy address: ffffc9000520f780: 00 00 00 00 f1 f1 f1 f1 00 00 00 00 00 00 00 00 ffffc9000520f800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >ffffc9000520f880: 00 00 00 00 00 00 00 00 f3 f3 f3 f3 f3 f3 f3 f3 ^ ffffc9000520f900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffffc9000520f980: 00 00 00 00 f1 f1 f1 f1 00 00 f3 f3 00 00 00 00 ==================================================================