bisecting cause commit starting from c3d8f220d01220a5b253e422be407d068dc65511
building syzkaller on 1da71ab086c5d9e6a32beae37b109efaa856b257
testing commit c3d8f220d01220a5b253e422be407d068dc65511 with gcc (GCC) 8.1.0
kernel signature: cf78399d2c7002d6ed9b13e1beebd0bdd77895d807813561e6fc6e098ee01b5c
run #0: crashed: kernel BUG at fs/ext4/inode.c:LINE!
run #1: crashed: kernel BUG at fs/ext4/inode.c:LINE!
run #2: OK
run #3: OK
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
testing release v5.8
testing commit bcf876870b95592b52519ed4aafcf9d95999bc9c with gcc (GCC) 8.1.0
kernel signature: e5145e590f40edc410c258d2c6eacc1bfe29475077ecf61bda0d57d855b47cae
all runs: OK
# git bisect start c3d8f220d01220a5b253e422be407d068dc65511 bcf876870b95592b52519ed4aafcf9d95999bc9c
Bisecting: 8063 revisions left to test after this (roughly 13 steps)
[8186749621ed6b8fc42644c399e8c755a2b6f630] Merge tag 'drm-next-2020-08-06' of git://anongit.freedesktop.org/drm/drm
testing commit 8186749621ed6b8fc42644c399e8c755a2b6f630 with gcc (GCC) 8.1.0
kernel signature: f9a4fbd42527428ea226340c42574777c2257448aa9c8938f9a42c708c64b595
all runs: OK
# git bisect good 8186749621ed6b8fc42644c399e8c755a2b6f630
Bisecting: 3963 revisions left to test after this (roughly 12 steps)
[dfdf16ecfd6abafc22b7f02364d9bb879ca8a5ee] Merge tag 'scsi-misc' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi
testing commit dfdf16ecfd6abafc22b7f02364d9bb879ca8a5ee with gcc (GCC) 8.1.0
kernel signature: 696d8d821def020d58084bc0810d3d72b7119d1e16041799c885bbb11cfb222e
all runs: OK
# git bisect good dfdf16ecfd6abafc22b7f02364d9bb879ca8a5ee
Bisecting: 1967 revisions left to test after this (roughly 11 steps)
[4bcf69e57063c9b1b15df1a293c969e80a1c97e6] Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input
testing commit 4bcf69e57063c9b1b15df1a293c969e80a1c97e6 with gcc (GCC) 8.1.0
kernel signature: 9ba7621e96682e64e46c2fc09c70a6086831e923fe248d77c0fb3b3dba36adce
run #0: crashed: kernel BUG at fs/ext4/inode.c:LINE!
run #1: OK
run #2: OK
run #3: OK
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
# git bisect bad 4bcf69e57063c9b1b15df1a293c969e80a1c97e6
Bisecting: 1011 revisions left to test after this (roughly 10 steps)
[75dee3b6de4ce31464ffb827b81ddb5414599159] Merge tag 'mailbox-v5.9' of git://git.linaro.org/landing-teams/working/fujitsu/integration
testing commit 75dee3b6de4ce31464ffb827b81ddb5414599159 with gcc (GCC) 8.1.0
kernel signature: 8437eccf4a9f1c35692cd396d2ab404def676022879999c6d81c91dbcc1d415e
run #0: crashed: kernel BUG at fs/ext4/inode.c:LINE!
run #1: OK
run #2: OK
run #3: OK
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
# git bisect bad 75dee3b6de4ce31464ffb827b81ddb5414599159
Bisecting: 381 revisions left to test after this (roughly 9 steps)
[25d8d4eecace9de5a6a2193e4df1917afbdd3052] Merge tag 'powerpc-5.9-1' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux
testing commit 25d8d4eecace9de5a6a2193e4df1917afbdd3052 with gcc (GCC) 8.1.0
kernel signature: 91b06999cd433d8000edf1fa80b6378bd1614b089b9945b5bba250e0e48c4dd5
all runs: OK
# git bisect good 25d8d4eecace9de5a6a2193e4df1917afbdd3052
Bisecting: 219 revisions left to test after this (roughly 8 steps)
[912c05720f00d039103d356a59c37dc7c3995e01] mm: vmscan: consistent update to pgrefill
testing commit 912c05720f00d039103d356a59c37dc7c3995e01 with gcc (GCC) 8.1.0
kernel signature: 26dc57856e14ca141b90f6aa5379d71c6b042136852c924cec0344b847c2e06d
all runs: OK
# git bisect good 912c05720f00d039103d356a59c37dc7c3995e01
Bisecting: 109 revisions left to test after this (roughly 7 steps)
[f44df68c82dc060b9b9942e204096447e1efc677] xfs: Add helper function xfs_attr_leaf_mark_incomplete
testing commit f44df68c82dc060b9b9942e204096447e1efc677 with gcc (GCC) 8.1.0
kernel signature: 02a4a6428c0f01357d31ded101cf16f0a6c7f29df8743d1e4210bdecc56c41bb
all runs: OK
# git bisect good f44df68c82dc060b9b9942e204096447e1efc677
Bisecting: 54 revisions left to test after this (roughly 6 steps)
[3b6d694eb3eebd86ec44a119e730943ac8e03a6b] dmaengine: Introduce DMA-device device_caps callback
testing commit 3b6d694eb3eebd86ec44a119e730943ac8e03a6b with gcc (GCC) 8.1.0
kernel signature: d844cbefc9ff8d7e07d8dbb2d1e49f644890592f246e2d2360266412eb32bbda
all runs: basic kernel testing failed: BUG: using smp_processor_id() in preemptible code in ext4_mb_new_blocks
# git bisect skip 3b6d694eb3eebd86ec44a119e730943ac8e03a6b
Bisecting: 54 revisions left to test after this (roughly 6 steps)
[b1b40b8fe7e8fb26e33bad1766ce322d2c63a6c7] dmaengine: Introduce max SG burst capability
testing commit b1b40b8fe7e8fb26e33bad1766ce322d2c63a6c7 with gcc (GCC) 8.1.0
kernel signature: fce1c1cbea137ddb2bd868d39802511e36fae6fd7b5a9e12e97c5b521f87e439
all runs: basic kernel testing failed: BUG: using smp_processor_id() in preemptible code in ext4_mb_new_blocks
# git bisect skip b1b40b8fe7e8fb26e33bad1766ce322d2c63a6c7
Bisecting: 54 revisions left to test after this (roughly 6 steps)
[81e11336d97e7a4c25a65c302ef2bf9cd9808ed4] Merge branch 'akpm' (patches from Andrew)
testing commit 81e11336d97e7a4c25a65c302ef2bf9cd9808ed4 with gcc (GCC) 8.1.0
kernel signature: 5103c355d7a091ad73bb60da75dd9e87034ba996e365a34e73bfee9bc4a78aef
run #0: crashed: kernel BUG at fs/ext4/inode.c:LINE!
run #1: crashed: kernel BUG at fs/ext4/inode.c:LINE!
run #2: OK
run #3: OK
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
# git bisect bad 81e11336d97e7a4c25a65c302ef2bf9cd9808ed4
Bisecting: 13 revisions left to test after this (roughly 4 steps)
[38ba51de46767cbcef04305c3e8a99f0965fc9df] swiotlb-xen: add struct device * parameter to is_xen_swiotlb_buffer
testing commit 38ba51de46767cbcef04305c3e8a99f0965fc9df with gcc (GCC) 8.1.0
kernel signature: aaf8ac3376a0f952d88872b9b33368b86c7b1ddcc71e7acf60fc169de1a34648
all runs: OK
# git bisect good 38ba51de46767cbcef04305c3e8a99f0965fc9df
Bisecting: 6 revisions left to test after this (roughly 3 steps)
[818d5a91559ffe1e1f2095dcbbdb96c13fdb94ec] fs/xfs: Support that ioctl(SETXFLAGS/GETXFLAGS) can set/get inode DAX on XFS.
testing commit 818d5a91559ffe1e1f2095dcbbdb96c13fdb94ec with gcc (GCC) 8.1.0
kernel signature: 631b9119d4746383c2618f0cc5298444ad0343e04dedfb5c96f0cf6e68ae372d
all runs: OK
# git bisect good 818d5a91559ffe1e1f2095dcbbdb96c13fdb94ec
Bisecting: 3 revisions left to test after this (roughly 2 steps)
[63f0620cc552c4cd5bb2747f77efce407487cb12] xen/arm: introduce phys/dma translations in xen_dma_sync_for_*
testing commit 63f0620cc552c4cd5bb2747f77efce407487cb12 with gcc (GCC) 8.1.0
kernel signature: 7a960fcf16fa45a62ce4f2aa87580041fdf9676291e42d31143b269fd670e312
all runs: OK
# git bisect good 63f0620cc552c4cd5bb2747f77efce407487cb12
Bisecting: 1 revision left to test after this (roughly 1 step)
[e51418191f5a741b5f94764798c81bf69dec4806] Merge tag 'for-linus-5.9-rc1-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip
testing commit e51418191f5a741b5f94764798c81bf69dec4806 with gcc (GCC) 8.1.0
kernel signature: f9479f7be812ba38376079598bad093b71b1c33df91fd0e0cf0a177d85d2336b
run #0: crashed: kernel BUG at fs/ext4/inode.c:LINE!
run #1: crashed: kernel BUG at fs/ext4/inode.c:LINE!
run #2: OK
run #3: OK
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
# git bisect bad e51418191f5a741b5f94764798c81bf69dec4806
Bisecting: 0 revisions left to test after this (roughly 0 steps)
[d7b461caa6cc64dd190577b46b0ec892a8d5e7c0] xen/arm: call dma_to_phys on the dma_addr_t parameter of dma_cache_maint
testing commit d7b461caa6cc64dd190577b46b0ec892a8d5e7c0 with gcc (GCC) 8.1.0
kernel signature: e5a76997afee88e5c77343262cd3d48724e718c27781b779e55371436b870a5d
all runs: OK
# git bisect good d7b461caa6cc64dd190577b46b0ec892a8d5e7c0
e51418191f5a741b5f94764798c81bf69dec4806 is the first bad commit
commit e51418191f5a741b5f94764798c81bf69dec4806
Merge: 25d8d4eecace d7b461caa6cc
Author: Linus Torvalds <torvalds@linux-foundation.org>
Date:   Fri Aug 7 10:53:02 2020 -0700

    Merge tag 'for-linus-5.9-rc1-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip
    
    Pull xen updates from Juergen Gross:
    
     - two trivial comment fixes
    
     - a small series for the Xen balloon driver fixing some issues
    
     - a series of the Xen privcmd driver targeting elimination of using
       get_user_pages*() in this driver
    
     - a series for the Xen swiotlb driver cleaning it up and adding support
       for letting the kernel run as dom0 on Rpi4
    
    * tag 'for-linus-5.9-rc1-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip:
      xen/arm: call dma_to_phys on the dma_addr_t parameter of dma_cache_maint
      xen/arm: introduce phys/dma translations in xen_dma_sync_for_*
      swiotlb-xen: introduce phys_to_dma/dma_to_phys translations
      swiotlb-xen: remove XEN_PFN_PHYS
      swiotlb-xen: add struct device * parameter to is_xen_swiotlb_buffer
      swiotlb-xen: add struct device * parameter to xen_dma_sync_for_device
      swiotlb-xen: add struct device * parameter to xen_dma_sync_for_cpu
      swiotlb-xen: add struct device * parameter to xen_bus_to_phys
      swiotlb-xen: add struct device * parameter to xen_phys_to_bus
      swiotlb-xen: remove start_dma_addr
      swiotlb-xen: use vmalloc_to_page on vmalloc virt addresses
      Revert "xen/balloon: Fix crash when ballooning on x86 32 bit PAE"
      xen/balloon: make the balloon wait interruptible
      xen/balloon: fix accounting in alloc_xenballooned_pages error path
      xen: hypercall.h: fix duplicated word
      xen/gntdev: gntdev.h: drop a duplicated word
      xen/privcmd: Convert get_user_pages*() to pin_user_pages*()
      xen/privcmd: Mark pages as dirty
      xen/privcmd: Corrected error handling path

 arch/arm/xen/mm.c                    |  34 +++++-----
 arch/x86/include/asm/xen/hypercall.h |   2 +-
 drivers/xen/balloon.c                |  26 +++-----
 drivers/xen/privcmd.c                |  32 +++++-----
 drivers/xen/swiotlb-xen.c            | 119 +++++++++++++++++++++--------------
 include/uapi/xen/gntdev.h            |   2 +-
 include/xen/page.h                   |   1 -
 include/xen/swiotlb-xen.h            |   8 +--
 8 files changed, 119 insertions(+), 105 deletions(-)
revisions tested: 17, total time: 4h11m37.202195975s (build: 1h22m36.31062915s, test: 2h47m19.646115973s)
first bad commit: e51418191f5a741b5f94764798c81bf69dec4806 Merge tag 'for-linus-5.9-rc1-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip
recipients (to): ["torvalds@linux-foundation.org"]
recipients (cc): []
crash: kernel BUG at fs/ext4/inode.c:LINE!
------------[ cut here ]------------
kernel BUG at fs/ext4/inode.c:2599!
invalid opcode: 0000 [#1] PREEMPT SMP
CPU: 1 PID: 24734 Comm: syz-executor.0 Not tainted 5.8.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:mpage_prepare_extent_to_map+0x2ff/0x370 fs/ext4/inode.c:2599
Code: f2 4c 89 f7 e8 82 96 e2 ff 0f 0b 49 8b 46 08 48 c7 c6 00 7e e3 83 48 8d 50 ff a8 01 4c 0f 45 f2 4c 89 f7 e8 63 96 e2 ff 0f 0b <0f> 0b 48 c7 c6 40 61 e3 83 4c 89 f7 e8 50 96 e2 ff 0f 0b 0f 0b 80
RSP: 0018:ffffc9000115b930 EFLAGS: 00010282
RAX: 017ffe000000a01f RBX: ffffc9000115b960 RCX: ffff88810eade240
RDX: 0000000000000000 RSI: ffffc9000115b8c8 RDI: ffffffff8420ac80
RBP: 0000000000000002 R08: 0000000000000001 R09: 0000000000000001
R10: 0000000000000000 R11: 5791b0293e2a3561 R12: 7fffffffffffffff
R13: ffff888110a798a0 R14: ffffea000465aec0 R15: ffffc9000115baa0
FS:  00007f51c04c1700(0000) GS:ffff88812c100000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f63be3aadb8 CR3: 000000011de33000 CR4: 00000000001506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 ext4_writepages+0x369/0x1190 fs/ext4/inode.c:2736
 do_writepages+0x39/0xe0 mm/page-writeback.c:2354
 __filemap_fdatawrite_range+0xc6/0x100 mm/filemap.c:421
 filemap_write_and_wait_range+0x36/0x90 mm/filemap.c:654
 iomap_dio_rw+0x18c/0x550 fs/iomap/direct-io.c:478
 ext4_dio_read_iter fs/ext4/file.c:77 [inline]
 ext4_file_read_iter+0xff/0x150 fs/ext4/file.c:129
 call_read_iter include/linux/fs.h:1866 [inline]
 generic_file_splice_read+0xf3/0x1a0 fs/splice.c:312
 splice_direct_to_actor+0xd7/0x240 fs/splice.c:950
 do_splice_direct+0x9a/0xd0 fs/splice.c:1059
 do_sendfile+0x1d5/0x400 fs/read_write.c:1540
 __do_sys_sendfile64 fs/read_write.c:1601 [inline]
 __se_sys_sendfile64 fs/read_write.c:1587 [inline]
 __x64_sys_sendfile64+0xab/0xc0 fs/read_write.c:1587
 do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
 entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x45d4d9
Code: 5d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 2b b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007f51c04c0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
RAX: ffffffffffffffda RBX: 0000000000027880 RCX: 000000000045d4d9
RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000004
RBP: 000000000118cf88 R08: 0000000000000000 R09: 0000000000000000
R10: 00008400fffffffb R11: 0000000000000246 R12: 000000000118cf4c
R13: 00007ffdbee38f4f R14: 00007f51c04c19c0 R15: 000000000118cf4c
Modules linked in:
---[ end trace 33a28d16d6540f96 ]---
RIP: 0010:mpage_prepare_extent_to_map+0x2ff/0x370 fs/ext4/inode.c:2599
Code: f2 4c 89 f7 e8 82 96 e2 ff 0f 0b 49 8b 46 08 48 c7 c6 00 7e e3 83 48 8d 50 ff a8 01 4c 0f 45 f2 4c 89 f7 e8 63 96 e2 ff 0f 0b <0f> 0b 48 c7 c6 40 61 e3 83 4c 89 f7 e8 50 96 e2 ff 0f 0b 0f 0b 80
RSP: 0018:ffffc9000115b930 EFLAGS: 00010282
RAX: 017ffe000000a01f RBX: ffffc9000115b960 RCX: ffff88810eade240
RDX: 0000000000000000 RSI: ffffc9000115b8c8 RDI: ffffffff8420ac80
RBP: 0000000000000002 R08: 0000000000000001 R09: 0000000000000001
R10: 0000000000000000 R11: 5791b0293e2a3561 R12: 7fffffffffffffff
R13: ffff888110a798a0 R14: ffffea000465aec0 R15: ffffc9000115baa0
FS:  00007f51c04c1700(0000) GS:ffff88812c100000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000056508738a030 CR3: 000000011de33000 CR4: 00000000001506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400