F2FS-fs (loop0): Mounted with checkpoint version = 48b305e4
F2FS-fs (loop0): Corrupted max_depth of 3: 2049
syz-executor360[8114]: segfault at 0 ip 00007f1e2a338ac0 sp 00007ffe6067cee8 error 4 in syz-executor3603873955[7f1e2a2d2000+88000]
Code: 66 0f ef c0 66 0f ef c9 66 0f ef d2 66 0f ef db 48 89 f8 48 89 f9 48 81 e1 ff 0f 00 00 48 81 f9 cf 0f 00 00 77 74 48 83 e0 f0 <66> 0f 74 00 66 0f 74 48 10 66 0f 74 50 20 66 0f 74 58 30 66 0f d7
------------[ cut here ]------------
kernel BUG at fs/f2fs/inode.c:706!
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
CPU: 0 PID: 8114 Comm: syz-executor360 Not tainted 4.19.211-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
RIP: 0010:f2fs_evict_inode+0x1054/0x1330 fs/f2fs/inode.c:706
Code: de e8 60 27 52 fe 85 db 0f 84 1a ff ff ff e9 08 ff ff ff e8 de 25 52 fe 48 89 ef e8 26 58 03 00 e9 29 f4 ff ff e8 cc 25 52 fe <0f> 0b 4c 89 f7 e8 b2 02 88 fe e9 61 f6 ff ff e8 a8 02 88 fe e9 38
RSP: 0018:ffff8880b15af6d0 EFLAGS: 00010293
RAX: ffff8880b162e080 RBX: 0000000000000001 RCX: ffffffff831053bf
RDX: 0000000000000000 RSI: ffffffff83105fa4 RDI: 0000000000000007
RBP: ffff88808b0970c0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000007 R11: 0000000000074071 R12: ffff8880b00ac0c0
R13: ffff88808b097490 R14: ffff88808b097518 R15: ffff8880b25f0978
FS: 0000555555c30300(0000) GS:ffff8880ba000000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f8ae5245000 CR3: 00000000a0e10000 CR4: 00000000003406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
evict+0x2ed/0x760 fs/inode.c:559
dispose_list+0x124/0x1f0 fs/inode.c:594
evict_inodes+0x341/0x430 fs/inode.c:644
generic_shutdown_super+0xb3/0x370 fs/super.c:448
kill_block_super+0x97/0xf0 fs/super.c:1185
kill_f2fs_super+0x241/0x330 fs/f2fs/super.c:3257
deactivate_locked_super+0x94/0x160 fs/super.c:329
deactivate_super+0x174/0x1a0 fs/super.c:360
cleanup_mnt+0x1a8/0x290 fs/namespace.c:1098
task_work_run+0x148/0x1c0 kernel/task_work.c:113
exit_task_work include/linux/task_work.h:22 [inline]
do_exit+0xbf3/0x2be0 kernel/exit.c:870
do_group_exit+0x125/0x310 kernel/exit.c:967
get_signal+0x3f2/0x1f70 kernel/signal.c:2589
do_signal+0x8f/0x1670 arch/x86/kernel/signal.c:799
exit_to_usermode_loop+0x204/0x2a0 arch/x86/entry/common.c:163
prepare_exit_to_usermode+0x277/0x2d0 arch/x86/entry/common.c:198
retint_user+0x8/0x18
RIP: 0033:0x7f1e2a338ac0
Code: Bad RIP value.
RSP: 002b:00007ffe6067cee8 EFLAGS: 00010246
RAX: 0000000000000000 RBX: 00000000000000e0 RCX: 0000000000000000
RDX: 00000000000000e0 RSI: 00000000000000e0 RDI: 0000000000000000
RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000
R10: 00000000000000c0 R11: 00000000000000e0 R12: 0000000020000100
R13: 00007ffe6067cfb0 R14: 0000000000000000 R15: 00007ffe6067cfb0
Modules linked in:
---[ end trace d3a5ba92d399075f ]---
RIP: 0010:f2fs_evict_inode+0x1054/0x1330 fs/f2fs/inode.c:706
Code: de e8 60 27 52 fe 85 db 0f 84 1a ff ff ff e9 08 ff ff ff e8 de 25 52 fe 48 89 ef e8 26 58 03 00 e9 29 f4 ff ff e8 cc 25 52 fe <0f> 0b 4c 89 f7 e8 b2 02 88 fe e9 61 f6 ff ff e8 a8 02 88 fe e9 38
RSP: 0018:ffff8880b15af6d0 EFLAGS: 00010293
RAX: ffff8880b162e080 RBX: 0000000000000001 RCX: ffffffff831053bf
RDX: 0000000000000000 RSI: ffffffff83105fa4 RDI: 0000000000000007
RBP: ffff88808b0970c0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000007 R11: 0000000000074071 R12: ffff8880b00ac0c0
R13: ffff88808b097490 R14: ffff88808b097518 R15: ffff8880b25f0978
FS: 0000555555c30300(0000) GS:ffff8880ba100000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055bf7005c2e8 CR3: 0000000094248000 CR4: 00000000003406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
----------------
Code disassembly (best guess):
0: 66 0f ef c0 pxor %xmm0,%xmm0
4: 66 0f ef c9 pxor %xmm1,%xmm1
8: 66 0f ef d2 pxor %xmm2,%xmm2
c: 66 0f ef db pxor %xmm3,%xmm3
10: 48 89 f8 mov %rdi,%rax
13: 48 89 f9 mov %rdi,%rcx
16: 48 81 e1 ff 0f 00 00 and $0xfff,%rcx
1d: 48 81 f9 cf 0f 00 00 cmp $0xfcf,%rcx
24: 77 74 ja 0x9a
26: 48 83 e0 f0 and $0xfffffffffffffff0,%rax
* 2a: 66 0f 74 00 pcmpeqb (%rax),%xmm0 <-- trapping instruction
2e: 66 0f 74 48 10 pcmpeqb 0x10(%rax),%xmm1
33: 66 0f 74 50 20 pcmpeqb 0x20(%rax),%xmm2
38: 66 0f 74 58 30 pcmpeqb 0x30(%rax),%xmm3
3d: 66 data16
3e: 0f .byte 0xf
3f: d7 xlat %ds:(%rbx)