Warning: Permanently added '10.128.0.107' (ECDSA) to the list of known hosts. executing program executing program executing program executing program executing program executing program syzkaller login: [ 559.812604] F2FS-fs (loop5): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 559.827148] F2FS-fs (loop5): Can't find valid F2FS filesystem in 2th superblock [ 559.827944] F2FS-fs (loop3): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 559.836498] F2FS-fs (loop5): invalid crc value [ 559.844081] F2FS-fs (loop3): Can't find valid F2FS filesystem in 2th superblock [ 559.860841] F2FS-fs (loop4): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 559.864417] F2FS-fs (loop1): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 559.868491] F2FS-fs (loop2): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 559.877394] F2FS-fs (loop5): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 559.891167] F2FS-fs (loop4): Can't find valid F2FS filesystem in 2th superblock [ 560.252407] ================================================================== [ 560.259906] BUG: KASAN: use-after-free in f2fs_evict_inode+0x100b/0x1330 [ 560.266734] Read of size 4 at addr ffff888094931190 by task syz-executor877/8121 [ 560.274245] [ 560.275859] CPU: 0 PID: 8121 Comm: syz-executor877 Not tainted 4.19.172-syzkaller #0 [ 560.283720] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 560.293055] Call Trace: [ 560.295631] dump_stack+0x1fc/0x2ef [ 560.299247] print_address_description.cold+0x54/0x219 [ 560.304510] kasan_report_error.cold+0x8a/0x1b9 [ 560.309163] ? f2fs_evict_inode+0x100b/0x1330 [ 560.313645] __asan_report_load4_noabort+0x88/0x90 [ 560.318559] ? f2fs_evict_inode+0x100b/0x1330 [ 560.323038] f2fs_evict_inode+0x100b/0x1330 [ 560.327348] ? f2fs_write_inode+0x600/0x600 [ 560.331652] evict+0x2ed/0x760 [ 560.334830] iput+0x4f1/0x860 [ 560.337923] dentry_unlink_inode+0x265/0x320 [ 560.342316] __dentry_kill+0x3c0/0x640 [ 560.346195] dentry_kill+0xc4/0x510 [ 560.349810] shrink_dentry_list+0x2ab/0x6e0 [ 560.354123] shrink_dcache_sb+0x144/0x220 [ 560.358259] ? shrink_dentry_list+0x6e0/0x6e0 [ 560.362743] ? mark_held_locks+0xa6/0xf0 [ 560.366786] ? f2fs_fill_super+0x1439/0x7050 [ 560.371184] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 560.375751] f2fs_fill_super+0x1461/0x7050 [ 560.379985] ? snprintf+0xbb/0xf0 [ 560.383424] ? f2fs_commit_super+0x400/0x400 [ 560.387819] ? wait_for_completion_io+0x10/0x10 [ 560.392473] ? set_blocksize+0x163/0x3f0 [ 560.396521] mount_bdev+0x2fc/0x3b0 [ 560.400133] ? f2fs_commit_super+0x400/0x400 [ 560.404526] mount_fs+0xa3/0x310 [ 560.407884] vfs_kern_mount.part.0+0x68/0x470 [ 560.412370] do_mount+0x113c/0x2f10 [ 560.415984] ? cmp_ex_sort+0xc0/0xc0 [ 560.419687] ? __do_page_fault+0x180/0xd60 [ 560.423910] ? copy_mount_string+0x40/0x40 [ 560.428135] ? copy_mount_options+0x1cd/0x380 [ 560.432637] ? memset+0x20/0x40 [ 560.435906] ? copy_mount_options+0x26f/0x380 [ 560.440391] ksys_mount+0xcf/0x130 [ 560.443915] __x64_sys_mount+0xba/0x150 [ 560.447877] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 560.452445] do_syscall_64+0xf9/0x620 [ 560.456231] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 560.461405] RIP: 0033:0x44c94a [ 560.464600] Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 a8 00 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 560.483484] RSP: 002b:00007f83a5788068 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5 [ 560.491177] RAX: ffffffffffffffda RBX: 00007f83a57880c0 RCX: 000000000044c94a [ 560.498429] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007f83a5788080 [ 560.505783] RBP: 0000000000000008 R08: 00007f83a57880c0 R09: 00007f83a57886bc [ 560.513036] R10: 0000000000000000 R11: 0000000000000286 R12: 00007f83a5788080 [ 560.520289] R13: 00000000200002c0 R14: 0000000000000003 R15: 0000000000000004 [ 560.527547] [ 560.529156] Allocated by task 8121: [ 560.532772] kmem_cache_alloc_trace+0x12f/0x380 [ 560.537425] f2fs_fill_super+0xfd/0x7050 [ 560.541471] mount_bdev+0x2fc/0x3b0 [ 560.545080] mount_fs+0xa3/0x310 [ 560.548430] vfs_kern_mount.part.0+0x68/0x470 [ 560.552909] do_mount+0x113c/0x2f10 [ 560.556517] ksys_mount+0xcf/0x130 [ 560.560041] __x64_sys_mount+0xba/0x150 [ 560.563995] do_syscall_64+0xf9/0x620 [ 560.567776] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 560.572941] [ 560.574550] Freed by task 8121: [ 560.577831] kfree+0xcc/0x210 [ 560.580917] f2fs_fill_super+0x1439/0x7050 [ 560.585130] mount_bdev+0x2fc/0x3b0 [ 560.588742] mount_fs+0xa3/0x310 [ 560.592096] vfs_kern_mount.part.0+0x68/0x470 [ 560.596576] do_mount+0x113c/0x2f10 [ 560.600183] ksys_mount+0xcf/0x130 [ 560.603707] __x64_sys_mount+0xba/0x150 [ 560.607664] do_syscall_64+0xf9/0x620 [ 560.611464] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 560.616632] [ 560.618244] The buggy address belongs to the object at ffff888094930440 [ 560.618244] which belongs to the cache kmalloc-8192 of size 8192 [ 560.631061] The buggy address is located 3408 bytes inside of [ 560.631061] 8192-byte region [ffff888094930440, ffff888094932440) [ 560.643109] The buggy address belongs to the page: [ 560.648022] page:ffffea0002524c00 count:1 mapcount:0 mapping:ffff88813bff2080 index:0x0 compound_mapcount: 0 [ 560.657970] flags: 0xfff00000008100(slab|head) [ 560.662540] raw: 00fff00000008100 ffffea0002554008 ffff88813bff1b48 ffff88813bff2080 [ 560.670408] raw: 0000000000000000 ffff888094930440 0000000100000001 0000000000000000 [ 560.678268] page dumped because: kasan: bad access detected [ 560.683953] [ 560.685561] Memory state around the buggy address: [ 560.690472] ffff888094931080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 560.697859] ffff888094931100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 560.705218] >ffff888094931180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 560.712555] ^ [ 560.716424] ffff888094931200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 560.723763] ffff888094931280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 560.731100] ================================================================== [ 560.738438] Disabling lock debugging due to kernel taint [ 560.745292] kasan: CONFIG_KASAN_INLINE enabled [ 560.751314] kasan: CONFIG_KASAN_INLINE enabled [ 560.769256] kasan: GPF could be caused by NULL-ptr deref or user memory access [ 560.777898] kasan: GPF could be caused by NULL-ptr deref or user memory access [ 560.793645] general protection fault: 0000 [#1] PREEMPT SMP KASAN [ 560.799914] CPU: 0 PID: 8114 Comm: syz-executor877 Tainted: G B 4.19.172-syzkaller #0 [ 560.809185] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 560.818550] RIP: 0010:f2fs_evict_inode+0xe92/0x1330 [ 560.823572] Code: c1 ea 03 80 3c 02 00 0f 85 c6 03 00 00 49 8b 9c 24 38 01 00 00 48 b8 00 00 00 00 00 fc ff df 48 8d 7b 30 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 95 03 00 00 48 8b 7b 30 4c 89 f2 4c 89 f6 e8 95 [ 560.842474] RSP: 0018:ffff8880b140f790 EFLAGS: 00010206 [ 560.847833] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffffff830ed037 [ 560.855098] RDX: 0000000000000006 RSI: ffffffff830ed9e2 RDI: 0000000000000030 [ 560.861176] kasan: CONFIG_KASAN_INLINE enabled [ 560.862369] RBP: ffff88808b084300 R08: 0000000000000000 R09: 0000000000000000 [ 560.862376] R10: 0000000000000007 R11: 1ffff1101545cd51 R12: ffff8880b2bf83c0 [ 560.862382] R13: ffff88808b0846d0 R14: 0000000000000003 R15: ffff8880b134eaf8 [ 560.862394] FS: 00007f83a5788700(0000) GS:ffff8880ba000000(0000) knlGS:0000000000000000 [ 560.866987] kasan: GPF could be caused by NULL-ptr deref or user memory access [ 560.874213] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 560.874221] CR2: 00007ffcc1b1cc20 CR3: 00000000b3e7e000 CR4: 00000000001406f0 [ 560.874229] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 560.874236] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 560.874240] Call Trace: [ 560.874260] ? f2fs_write_inode+0x600/0x600 [ 560.874274] evict+0x2ed/0x760 [ 560.889716] kasan: CONFIG_KASAN_INLINE enabled [ 560.897001] iput+0x4f1/0x860 [ 560.897017] dentry_unlink_inode+0x265/0x320 [ 560.953988] __dentry_kill+0x3c0/0x640 [ 560.957857] dentry_kill+0xc4/0x510 [ 560.961461] shrink_dentry_list+0x2ab/0x6e0 [ 560.965764] shrink_dcache_sb+0x144/0x220 [ 560.969890] ? shrink_dentry_list+0x6e0/0x6e0 [ 560.974383] ? trace_hardirqs_on+0x55/0x210 [ 560.978684] f2fs_fill_super+0x1461/0x7050 [ 560.982921] ? snprintf+0xbb/0xf0 [ 560.986364] ? f2fs_commit_super+0x400/0x400 [ 560.990761] ? wait_for_completion_io+0x10/0x10 [ 560.995427] ? set_blocksize+0x163/0x3f0 [ 560.999469] mount_bdev+0x2fc/0x3b0 [ 561.003073] ? f2fs_commit_super+0x400/0x400 [ 561.007459] mount_fs+0xa3/0x310 [ 561.010808] vfs_kern_mount.part.0+0x68/0x470 [ 561.015302] do_mount+0x113c/0x2f10 [ 561.018908] ? cmp_ex_sort+0xc0/0xc0 [ 561.022601] ? __do_page_fault+0x180/0xd60 [ 561.026814] ? copy_mount_string+0x40/0x40 [ 561.031025] ? copy_mount_options+0x1cd/0x380 [ 561.035522] ? memset+0x20/0x40 [ 561.038778] ? copy_mount_options+0x26f/0x380 [ 561.043250] ksys_mount+0xcf/0x130 [ 561.046782] __x64_sys_mount+0xba/0x150 [ 561.050751] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 561.055310] do_syscall_64+0xf9/0x620 [ 561.059090] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 561.064255] RIP: 0033:0x44c94a [ 561.067426] Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 a8 00 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 561.086314] RSP: 002b:00007f83a5788068 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5 [ 561.093998] RAX: ffffffffffffffda RBX: 00007f83a57880c0 RCX: 000000000044c94a [ 561.101243] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007f83a5788080 [ 561.108491] RBP: 0000000000000008 R08: 00007f83a57880c0 R09: 00007f83a57886bc [ 561.115738] R10: 0000000000000000 R11: 0000000000000286 R12: 00007f83a5788080 [ 561.122983] R13: 00000000200002c0 R14: 0000000000000003 R15: 0000000000000004 [ 561.130230] Modules linked in: [ 561.133450] general protection fault: 0000 [#2] PREEMPT SMP KASAN [ 561.139697] CPU: 1 PID: 8120 Comm: syz-executor877 Tainted: G B D 4.19.172-syzkaller #0 [ 561.149074] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 561.158422] RIP: 0010:f2fs_evict_inode+0xe92/0x1330 [ 561.163419] Code: c1 ea 03 80 3c 02 00 0f 85 c6 03 00 00 49 8b 9c 24 38 01 00 00 48 b8 00 00 00 00 00 fc ff df 48 8d 7b 30 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 95 03 00 00 48 8b 7b 30 4c 89 f2 4c 89 f6 e8 95 [ 561.182298] RSP: 0018:ffff8880b142f790 EFLAGS: 00010206 [ 561.187637] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffffff830ed037 [ 561.194885] RDX: 0000000000000006 RSI: ffffffff830ed9e2 RDI: 0000000000000030 [ 561.202197] RBP: ffff88808b0cd480 R08: 0000000000000000 R09: 0000000000000000 [ 561.209459] R10: 0000000000000007 R11: 1ffff11016a6ad35 R12: ffff888095500400 [ 561.216726] R13: ffff88808b0cd850 R14: 0000000000000003 R15: ffff88809532cd78 [ 561.224002] FS: 00007f83a5788700(0000) GS:ffff8880ba100000(0000) knlGS:0000000000000000 [ 561.232205] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 561.238064] CR2: 00007fb3f43320d0 CR3: 00000000af844000 CR4: 00000000001406e0 [ 561.245314] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 561.252563] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 561.259808] Call Trace: [ 561.262397] ? f2fs_write_inode+0x600/0x600 [ 561.266695] evict+0x2ed/0x760 [ 561.269866] iput+0x4f1/0x860 [ 561.272956] dentry_unlink_inode+0x265/0x320 [ 561.277342] __dentry_kill+0x3c0/0x640 [ 561.281209] dentry_kill+0xc4/0x510 [ 561.284813] shrink_dentry_list+0x2ab/0x6e0 [ 561.289116] shrink_dcache_sb+0x144/0x220 [ 561.293242] ? shrink_dentry_list+0x6e0/0x6e0 [ 561.297716] ? trace_hardirqs_on+0x55/0x210 [ 561.302016] f2fs_fill_super+0x1461/0x7050 [ 561.306236] ? snprintf+0xbb/0xf0 [ 561.309667] ? f2fs_commit_super+0x400/0x400 [ 561.314058] ? wait_for_completion_io+0x10/0x10 [ 561.318710] ? set_blocksize+0x163/0x3f0 [ 561.322751] mount_bdev+0x2fc/0x3b0 [ 561.326355] ? f2fs_commit_super+0x400/0x400 [ 561.330742] mount_fs+0xa3/0x310 [ 561.334107] vfs_kern_mount.part.0+0x68/0x470 [ 561.338581] do_mount+0x113c/0x2f10 [ 561.342185] ? cmp_ex_sort+0xc0/0xc0 [ 561.345878] ? __do_page_fault+0x180/0xd60 [ 561.350091] ? copy_mount_string+0x40/0x40 [ 561.354304] ? copy_mount_options+0x1cd/0x380 [ 561.358777] ? memset+0x20/0x40 [ 561.362034] ? copy_mount_options+0x26f/0x380 [ 561.366523] ksys_mount+0xcf/0x130 [ 561.370041] __x64_sys_mount+0xba/0x150 [ 561.373994] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 561.378556] do_syscall_64+0xf9/0x620 [ 561.382336] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 561.387614] RIP: 0033:0x44c94a [ 561.390788] Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 a8 00 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 561.409681] RSP: 002b:00007f83a5788068 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5 [ 561.417384] RAX: ffffffffffffffda RBX: 00007f83a57880c0 RCX: 000000000044c94a [ 561.424632] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007f83a5788080 [ 561.431879] RBP: 0000000000000008 R08: 00007f83a57880c0 R09: 00007f83a57886bc [ 561.439125] R10: 0000000000000000 R11: 0000000000000286 R12: 00007f83a5788080 [ 561.446375] R13: 00000000200002c0 R14: 0000000000000003 R15: 0000000000000004 [ 561.453626] Modules linked in: [ 561.456848] general protection fault: 0000 [#3] PREEMPT SMP KASAN [ 561.463097] CPU: 0 PID: 8112 Comm: syz-executor877 Tainted: G B D 4.19.172-syzkaller #0 [ 561.472370] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 561.474906] kasan: CONFIG_KASAN_INLINE enabled [ 561.481733] RIP: 0010:f2fs_evict_inode+0xe92/0x1330 [ 561.481743] Code: c1 ea 03 80 3c 02 00 0f 85 c6 03 00 00 49 8b 9c 24 38 01 00 00 48 b8 00 00 00 00 00 fc ff df 48 8d 7b 30 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 95 03 00 00 48 8b 7b 30 4c 89 f2 4c 89 f6 e8 95 [ 561.481748] RSP: 0018:ffff888094157790 EFLAGS: 00010206 [ 561.481756] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffffff830ed037 [ 561.481768] RDX: 0000000000000006 RSI: ffffffff830ed9e2 RDI: 0000000000000030 [ 561.488409] kasan: GPF could be caused by NULL-ptr deref or user memory access [ 561.491363] RBP: ffff88808b080280 R08: 0000000000000000 R09: 0000000000000000 [ 561.491369] R10: 0000000000000007 R11: 1ffff11015f1f797 R12: ffff8880b04d4300 [ 561.491375] R13: ffff88808b080650 R14: 0000000000000003 R15: ffff8880b13713f8 [ 561.491383] FS: 00007f83a5788700(0000) GS:ffff8880ba000000(0000) knlGS:0000000000000000 [ 561.491390] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 561.491397] CR2: 00005648db36cf28 CR3: 00000000a330e000 CR4: 00000000001406f0 [ 561.491406] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 561.491418] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 561.515151] kasan: GPF could be caused by NULL-ptr deref or user memory access [ 561.515653] Call Trace: [ 561.605097] ? f2fs_write_inode+0x600/0x600 [ 561.609397] evict+0x2ed/0x760 [ 561.612568] iput+0x4f1/0x860 [ 561.615654] dentry_unlink_inode+0x265/0x320 [ 561.620060] __dentry_kill+0x3c0/0x640 [ 561.623942] dentry_kill+0xc4/0x510 [ 561.627557] shrink_dentry_list+0x2ab/0x6e0 [ 561.631862] shrink_dcache_sb+0x144/0x220 [ 561.636007] ? shrink_dentry_list+0x6e0/0x6e0 [ 561.641530] ? trace_hardirqs_on+0x55/0x210 [ 561.645838] f2fs_fill_super+0x1461/0x7050 [ 561.650066] ? snprintf+0xbb/0xf0 [ 561.653500] ? f2fs_commit_super+0x400/0x400 [ 561.657892] ? wait_for_completion_io+0x10/0x10 [ 561.662537] ? set_blocksize+0x163/0x3f0 [ 561.666577] mount_bdev+0x2fc/0x3b0 [ 561.670183] ? f2fs_commit_super+0x400/0x400 [ 561.674568] mount_fs+0xa3/0x310 [ 561.677914] vfs_kern_mount.part.0+0x68/0x470 [ 561.682389] do_mount+0x113c/0x2f10 [ 561.685993] ? cmp_ex_sort+0xc0/0xc0 [ 561.689687] ? __do_page_fault+0x180/0xd60 [ 561.693899] ? copy_mount_string+0x40/0x40 [ 561.698112] ? copy_mount_options+0x1cd/0x380 [ 561.702589] ? memset+0x20/0x40 [ 561.705845] ? copy_mount_options+0x26f/0x380 [ 561.710317] ksys_mount+0xcf/0x130 [ 561.713834] __x64_sys_mount+0xba/0x150 [ 561.717787] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 561.722361] do_syscall_64+0xf9/0x620 [ 561.726153] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 561.731321] RIP: 0033:0x44c94a [ 561.734493] Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 a8 00 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 561.753383] RSP: 002b:00007f83a5788068 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5 [ 561.761444] RAX: ffffffffffffffda RBX: 00007f83a57880c0 RCX: 000000000044c94a [ 561.768808] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007f83a5788080 [ 561.776071] RBP: 0000000000000008 R08: 00007f83a57880c0 R09: 00007f83a57886bc [ 561.783323] R10: 0000000000000000 R11: 0000000000000286 R12: 00007f83a5788080 [ 561.790573] R13: 00000000200002c0 R14: 0000000000000003 R15: 0000000000000004 [ 561.797871] Modules linked in: [ 561.801098] general protection fault: 0000 [#4] PREEMPT SMP KASAN [ 561.804345] ---[ end trace 7b3bf44963e5978e ]--- [ 561.807340] CPU: 1 PID: 8113 Comm: syz-executor877 Tainted: G B D 4.19.172-syzkaller #0 [ 561.807347] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 561.807364] RIP: 0010:f2fs_evict_inode+0xe92/0x1330 [ 561.807378] Code: c1 ea 03 80 3c 02 00 0f 85 c6 03 00 00 49 8b 9c 24 38 01 00 00 48 b8 00 00 00 00 00 fc ff df 48 8d 7b 30 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 95 03 00 00 48 8b 7b 30 4c 89 f2 4c 89 f6 e8 95 [ 561.812198] RIP: 0010:f2fs_evict_inode+0xe92/0x1330 [ 561.821363] RSP: 0018:ffff8880b27e7790 EFLAGS: 00010206 [ 561.821374] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffffff830ed037 [ 561.821381] RDX: 0000000000000006 RSI: ffffffff830ed9e2 RDI: 0000000000000030 [ 561.821387] RBP: ffff88808b0c8400 R08: 0000000000000000 R09: 0000000000000000 [ 561.821393] R10: 0000000000000007 R11: 1ffff110155f4f3c R12: ffff8880b05e4340 [ 561.821404] R13: ffff88808b0c87d0 R14: 0000000000000003 R15: ffff8880b2ab7138 [ 561.830809] Code: c1 ea 03 80 3c 02 00 0f 85 c6 03 00 00 49 8b 9c 24 38 01 00 00 48 b8 00 00 00 00 00 fc ff df 48 8d 7b 30 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 95 03 00 00 48 8b 7b 30 4c 89 f2 4c 89 f6 e8 95 [ 561.835741] FS: 00007f83a5788700(0000) GS:ffff8880ba100000(0000) knlGS:0000000000000000 [ 561.835749] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 561.835756] CR2: 00007fb3f4338010 CR3: 00000000ac2ff000 CR4: 00000000001406e0 [ 561.835769] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 561.854733] RSP: 0018:ffff8880b140f790 EFLAGS: 00010206 [ 561.859645] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 561.859649] Call Trace: [ 561.859669] ? f2fs_write_inode+0x600/0x600 [ 561.859683] evict+0x2ed/0x760 [ 561.865067] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffffff830ed037 [ 561.872279] iput+0x4f1/0x860 [ 561.872296] dentry_unlink_inode+0x265/0x320 [ 561.872311] __dentry_kill+0x3c0/0x640 [ 561.879628] RDX: 0000000000000006 RSI: ffffffff830ed9e2 RDI: 0000000000000030 [ 561.886821] dentry_kill+0xc4/0x510 [ 561.886834] shrink_dentry_list+0x2ab/0x6e0 [ 561.886850] shrink_dcache_sb+0x144/0x220 [ 561.894158] RBP: ffff88808b084300 R08: 0000000000000000 R09: 0000000000000000 [ 561.901356] ? shrink_dentry_list+0x6e0/0x6e0 [ 561.901373] ? trace_hardirqs_on+0x55/0x210 [ 561.901389] f2fs_fill_super+0x1461/0x7050 [ 561.921271] R10: 0000000000000007 R11: 1ffff1101545cd51 R12: ffff8880b2bf83c0 [ 561.929426] ? snprintf+0xbb/0xf0 [ 561.929438] ? f2fs_commit_super+0x400/0x400 [ 561.929454] ? wait_for_completion_io+0x10/0x10 [ 561.929469] ? set_blocksize+0x163/0x3f0 [ 561.935427] R13: ffff88808b0846d0 R14: 0000000000000003 R15: ffff8880b134eaf8 [ 561.942606] mount_bdev+0x2fc/0x3b0 [ 561.942619] ? f2fs_commit_super+0x400/0x400 [ 561.942628] mount_fs+0xa3/0x310 [ 561.942641] vfs_kern_mount.part.0+0x68/0x470 [ 561.942656] do_mount+0x113c/0x2f10 [ 561.949987] FS: 00007f83a5788700(0000) GS:ffff8880ba000000(0000) knlGS:0000000000000000 [ 561.955246] ? cmp_ex_sort+0xc0/0xc0 [ 561.955260] ? __do_page_fault+0x180/0xd60 [ 561.955275] ? copy_mount_string+0x40/0x40 [ 561.962589] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 561.965095] ? copy_mount_options+0x1cd/0x380 [ 561.965107] ? memset+0x20/0x40 [ 561.965121] ? copy_mount_options+0x26f/0x380 [ 561.969470] CR2: 00007ff84a483740 CR3: 00000000b3e7e000 CR4: 00000000001406f0 [ 561.972594] ksys_mount+0xcf/0x130 [ 561.972611] __x64_sys_mount+0xba/0x150 [ 561.979920] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 561.982951] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 561.982962] do_syscall_64+0xf9/0x620 [ 561.982977] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 561.987463] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 561.991251] RIP: 0033:0x44c94a [ 561.991265] Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 a8 00 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 561.991270] RSP: 002b:00007f83a5788068 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5 [ 561.991280] RAX: ffffffffffffffda RBX: 00007f83a57880c0 RCX: 000000000044c94a [ 561.991286] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007f83a5788080 [ 561.991292] RBP: 0000000000000008 R08: 00007f83a57880c0 R09: 00007f83a57886bc [ 561.991302] R10: 0000000000000000 R11: 0000000000000286 R12: 00007f83a5788080 [ 561.998611] Kernel panic - not syncing: Fatal exception [ 562.002162] R13: 00000000200002c0 R14: 0000000000000003 R15: 0000000000000004 [ 562.233725] Modules linked in: [ 562.237444] Kernel Offset: disabled [ 562.241067] Rebooting in 86400 seconds..