ci2 starts bisection 2023-01-30 02:59:39.935559396 +0000 UTC m=+565870.916142805 bisecting fixing commit since 0d1409e4ff08aa4a9a254d3f723410db32aa7552 building syzkaller on 67be1ae742603edad9c97d30b6ed69f9bbe2ffa8 ensuring issue is reproducible on original commit 0d1409e4ff08aa4a9a254d3f723410db32aa7552 testing commit 0d1409e4ff08aa4a9a254d3f723410db32aa7552 gcc compiler: Debian clang version 13.0.1-6~deb11u1, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 089ab1c8d2f6f1caacc63e42250f82d984e1404c2a72509809f5ace0a116f36f run #0: crashed: general protection fault in diRead run #1: crashed: general protection fault in diRead run #2: crashed: general protection fault in diRead run #3: crashed: general protection fault in diRead run #4: crashed: general protection fault in diRead run #5: crashed: general protection fault in diRead run #6: crashed: general protection fault in diRead run #7: crashed: general protection fault in diRead run #8: crashed: general protection fault in diRead run #9: crashed: general protection fault in diRead run #10: crashed: general protection fault in diRead run #11: crashed: KASAN: use-after-free Read in diRead run #12: crashed: general protection fault in diRead run #13: crashed: general protection fault in diRead run #14: crashed: general protection fault in diRead run #15: crashed: general protection fault in diRead run #16: crashed: general protection fault in diRead run #17: crashed: general protection fault in diRead run #18: crashed: general protection fault in diRead run #19: crashed: general protection fault in diRead testing current HEAD 6d796c50f84ca79f1722bb131799e5a5710c4700 testing commit 6d796c50f84ca79f1722bb131799e5a5710c4700 gcc compiler: Debian clang version 13.0.1-6~deb11u1, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 5cf91e0df9169b734c9e6164706fb25fa7f751572e9adc943713ec3f58a878b3 run #0: crashed: KASAN: out-of-bounds Read in diRead run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK reproducer seems to be flaky Reproducer flagged being flaky revisions tested: 2, total time: 45m28.469992829s (build: 29m17.667723413s, test: 13m1.750812505s) the crash still happens on HEAD commit msg: Linux 6.2-rc6 crash: KASAN: out-of-bounds Read in diRead loop0: detected capacity change from 0 to 32768 ================================================================== BUG: KASAN: out-of-bounds in diRead+0x74c/0x9b0 fs/jfs/jfs_imap.c:328 Read of size 4 at addr ffff88807da00010 by task syz-executor.0/6958 CPU: 1 PID: 6958 Comm: syz-executor.0 Not tainted 6.2.0-rc6-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023 Call Trace: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x12a/0x1c0 lib/dump_stack.c:106 print_address_description+0x74/0x340 mm/kasan/report.c:306 print_report+0x107/0x1f0 mm/kasan/report.c:417 kasan_report+0xcd/0x100 mm/kasan/report.c:517 diRead+0x74c/0x9b0 fs/jfs/jfs_imap.c:328 jfs_iget+0x53/0x340 fs/jfs/inode.c:35 jfs_lookup+0x177/0x2f0 fs/jfs/namei.c:1462 __lookup_slow+0x212/0x2f0 fs/namei.c:1685 lookup_slow+0x4e/0x70 fs/namei.c:1702 walk_component fs/namei.c:1993 [inline] link_path_walk+0x8c6/0xcf0 fs/namei.c:2320 path_openat+0x21a/0x27f0 fs/namei.c:3710 do_filp_open+0x256/0x4a0 fs/namei.c:3741 do_sys_openat2+0xfc/0x410 fs/open.c:1310 do_sys_open fs/open.c:1326 [inline] __do_sys_openat fs/open.c:1342 [inline] __se_sys_openat fs/open.c:1337 [inline] __x64_sys_openat+0x209/0x250 fs/open.c:1337 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd RIP: 0033:0x7f79cbe8c0d9 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f79ccbcc168 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 RAX: ffffffffffffffda RBX: 00007f79cbfabf80 RCX: 00007f79cbe8c0d9 RDX: 0000000000101800 RSI: 00000000200000c0 RDI: ffffffffffffff9c RBP: 00007f79cbee7ae9 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000059 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffe1e77ad8f R14: 00007f79ccbcc300 R15: 0000000000022000 The buggy address belongs to the physical page: page:ffffea0001f68000 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7da00 head:ffffea0001f68000 order:3 compound_mapcount:0 subpages_mapcount:0 compound_pincount:0 flags: 0xfff00000010000(head|node=0|zone=1|lastcpupid=0x7ff) raw: 00fff00000010000 0000000000000000 dead000000000122 0000000000000000 raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 page dumped because: kasan: bad access detected page_owner tracks the page as allocated page last allocated via order 3, migratetype Unmovable, gfp_mask 0x140cc0(GFP_USER|__GFP_COMP), pid 6959, tgid 6957 (syz-executor.0), ts 160075788707, free_ts 160075745631 prep_new_page mm/page_alloc.c:2531 [inline] get_page_from_freelist+0x742/0x7c0 mm/page_alloc.c:4283 __alloc_pages+0x259/0x560 mm/page_alloc.c:5549 __alloc_pages_node include/linux/gfp.h:237 [inline] alloc_pages_node include/linux/gfp.h:260 [inline] __kmalloc_large_node+0x95/0x1e0 mm/slab_common.c:1113 kmalloc_large+0x1c/0x90 mm/slab_common.c:1130 kmalloc include/linux/slab.h:577 [inline] diMount+0x20/0x820 fs/jfs/jfs_imap.c:105 jfs_mount_rw+0x240/0x6d0 fs/jfs/jfs_mount.c:240 jfs_remount+0x2b5/0x5a0 fs/jfs/super.c:454 reconfigure_super+0x310/0x6a0 fs/super.c:935 vfs_fsconfig_locked fs/fsopen.c:254 [inline] __do_sys_fsconfig fs/fsopen.c:439 [inline] __se_sys_fsconfig+0x8aa/0xb60 fs/fsopen.c:314 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd page last free stack trace: reset_page_owner include/linux/page_owner.h:24 [inline] free_pages_prepare mm/page_alloc.c:1446 [inline] free_pcp_prepare+0x751/0x780 mm/page_alloc.c:1496 free_unref_page_prepare mm/page_alloc.c:3369 [inline] free_unref_page+0x19/0x4c0 mm/page_alloc.c:3464 free_large_kmalloc+0xfb/0x190 mm/slab_common.c:945 diUnmount+0xcc/0xe0 fs/jfs/jfs_imap.c:195 jfs_mount_rw+0x21e/0x6d0 fs/jfs/jfs_mount.c:239 jfs_remount+0x2b5/0x5a0 fs/jfs/super.c:454 reconfigure_super+0x310/0x6a0 fs/super.c:935 vfs_fsconfig_locked fs/fsopen.c:254 [inline] __do_sys_fsconfig fs/fsopen.c:439 [inline] __se_sys_fsconfig+0x8aa/0xb60 fs/fsopen.c:314 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd Memory state around the buggy address: ffff88807d9fff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ffff88807d9fff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc >ffff88807da00000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ^ ffff88807da00080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffff88807da00100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ==================================================================