bisecting fixing commit since 59456c9cc40c8f75b5a7efa0fe1f211d9c6fcaf1 building syzkaller on b599f2fcc734e2183016a340d4f6fc2891d8e41f testing commit 59456c9cc40c8f75b5a7efa0fe1f211d9c6fcaf1 compiler: gcc version 8.4.1 20210217 (GCC) kernel signature: 5301064b3d5770297f736a9c6aefe74e16c193bd02261fa1896d87f49ea1b0f0 run #0: crashed: kernel BUG in corrupted run #1: crashed: kernel BUG in ext4_mb_load_buddy_gfp run #2: crashed: kernel BUG in corrupted run #3: crashed: kernel BUG in ext4_mb_load_buddy_gfp run #4: crashed: kernel BUG in ext4_mb_load_buddy_gfp run #5: crashed: kernel BUG in ext4_mb_load_buddy_gfp run #6: crashed: kernel BUG in ext4_mb_load_buddy_gfp run #7: crashed: kernel BUG in ext4_mb_load_buddy_gfp run #8: crashed: kernel BUG in ext4_mb_load_buddy_gfp run #9: crashed: kernel BUG in ext4_mb_load_buddy_gfp run #10: crashed: kernel BUG in ext4_mb_load_buddy_gfp run #11: crashed: kernel BUG in ext4_mb_load_buddy_gfp run #12: crashed: kernel BUG in ext4_mb_load_buddy_gfp run #13: crashed: kernel BUG in ext4_mb_load_buddy_gfp run #14: crashed: kernel BUG in ext4_mb_load_buddy_gfp run #15: crashed: kernel BUG in ext4_mb_load_buddy_gfp run #16: crashed: kernel BUG in ext4_mb_load_buddy_gfp run #17: crashed: kernel BUG in ext4_mb_load_buddy_gfp run #18: crashed: kernel BUG in ext4_mb_load_buddy_gfp run #19: crashed: kernel BUG in ext4_mb_load_buddy_gfp testing current HEAD b172b44fcb1771e083aad806fa96f3f60e2ddfac testing commit b172b44fcb1771e083aad806fa96f3f60e2ddfac compiler: gcc version 8.4.1 20210217 (GCC) kernel signature: 569e8cc0e93add6f58e59a8bf6202d79600798c78e9fdbafe82243d2daa3af66 run #0: crashed: kernel BUG in ext4_mb_load_buddy_gfp run #1: crashed: kernel BUG in ext4_mb_load_buddy_gfp run #2: crashed: kernel BUG in ext4_mb_load_buddy_gfp run #3: crashed: kernel BUG in ext4_mb_load_buddy_gfp run #4: crashed: kernel BUG in ext4_mb_load_buddy_gfp run #5: crashed: kernel BUG in ext4_mb_load_buddy_gfp run #6: crashed: kernel BUG in ext4_mb_load_buddy_gfp run #7: crashed: kernel BUG in ext4_mb_load_buddy_gfp run #8: crashed: kernel BUG in ext4_mb_load_buddy_gfp run #9: basic kernel testing failed: failed to copy test binary to VM: failed to run ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "/tmp/syz-executor022202424" "root@10.128.0.70:./syz-executor022202424"]: exit status 1 ssh: connect to host 10.128.0.70 port 22: Connection timed out lost connection revisions tested: 2, total time: 22m56.538430685s (build: 15m50.790520071s, test: 6m33.613662121s) the crash still happens on HEAD commit msg: Linux 4.19.206 crash: kernel BUG in ext4_mb_load_buddy_gfp EXT4-fs (sda1): Delayed block allocation failed for inode 13857 at logical offset 0 with max blocks 435 with error 117 Bluetooth: hci2: command 0x0419 tx timeout EXT4-fs (sda1): This should not happen!! Data will be lost EXT4-fs warning (device sda1): htree_dirblock_to_tree:995: inode #4058: lblock 0: comm modprobe: error -117 reading directory block ------------[ cut here ]------------ kernel BUG at fs/ext4/ext4.h:2870! EXT4-fs warning (device sda1): htree_dirblock_to_tree:995: inode #4058: lblock 0: comm modprobe: error -117 reading directory block EXT4-fs (sda1): Delayed block allocation failed for inode 13865 at logical offset 0 with max blocks 1 with error 117 invalid opcode: 0000 [#1] PREEMPT SMP KASAN CPU: 0 PID: 7767 Comm: rs:main Q:Reg Not tainted 4.19.206-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:ext4_get_group_info fs/ext4/ext4.h:2870 [inline] RIP: 0010:ext4_mb_load_buddy_gfp+0xfdd/0x1560 fs/ext4/mballoc.c:1116 Code: 0f 87 3c fc ff ff 4c 89 e7 e8 2f be a2 ff e9 93 fc ff ff e9 3d fa ff ff e9 9f f7 ff ff 4c 89 e7 e8 d8 34 a8 ff e9 bd fb ff ff <0f> 0b 8b 55 bc 44 89 e6 4c 89 ff e8 53 de ff ff 85 c0 41 89 c5 0f RSP: 0018:ffff8880926374c8 EFLAGS: 00010282 RAX: dffffc0000000000 RBX: ffff888092637640 RCX: 1ffff11046aea8e0 RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff888235754700 Bluetooth: hci0: command 0x0419 tx timeout RBP: ffff888092637538 R08: 1ffff110154c1998 R09: ffffed10120688e8 R10: ffffed10120688e8 R11: ffff888090344743 R12: 00000000fffe8f8c R13: ffff8882357546c0 R14: ffff888235752d00 R15: ffff888235752680 FS: 00007f94c6c88700(0000) GS:ffff8880ba200000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f7f2e88c5f0 CR3: 00000000b3072000 CR4: 00000000001406f0 Bluetooth: hci1: command 0x0419 tx timeout DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: ext4_discard_preallocations+0x9f1/0xe70 fs/ext4/mballoc.c:4090 Bluetooth: hci5: command 0x0419 tx timeout ext4_truncate+0x9ed/0xf90 fs/ext4/inode.c:4554 ext4_truncate_failed_write fs/ext4/truncate.h:20 [inline] ext4_write_begin+0x949/0x1140 fs/ext4/inode.c:1368 Bluetooth: hci3: command 0x0419 tx timeout ext4_da_write_begin+0x6c1/0xd70 fs/ext4/inode.c:3051 generic_perform_write+0x22f/0x480 mm/filemap.c:3170 __generic_file_write_iter+0x205/0x590 mm/filemap.c:3295 ext4_file_write_iter+0x281/0xe50 fs/ext4/file.c:272 call_write_iter include/linux/fs.h:1821 [inline] new_sync_write fs/read_write.c:474 [inline] __vfs_write+0x443/0x890 fs/read_write.c:487 vfs_write+0x150/0x4d0 fs/read_write.c:549 ksys_write+0x103/0x260 fs/read_write.c:599 __do_sys_write fs/read_write.c:611 [inline] __se_sys_write fs/read_write.c:608 [inline] __x64_sys_write+0x6e/0xb0 fs/read_write.c:608 do_syscall_64+0xd0/0x4e0 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7f94c96cc1cd Code: c2 20 00 00 75 10 b8 01 00 00 00 0f 05 48 3d 01 f0 ff ff 73 31 c3 48 83 ec 08 e8 ae fc ff ff 48 89 04 24 b8 01 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 f7 fc ff ff 48 89 d0 48 83 c4 08 48 3d 01 RSP: 002b:00007f94c6c87590 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 00007f94bc023a90 RCX: 00007f94c96cc1cd RDX: 000000000000009e RSI: 00007f94bc023a90 RDI: 0000000000000008 RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000293 R12: 00007f94bc023810 R13: 00007f94c6c875b0 R14: 000055e1b385a440 R15: 000000000000009e Modules linked in: IPv6: ADDRCONF(NETDEV_UP): wlan1: link is not ready ---[ end trace 01dfc8fbe3724c42 ]--- IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready RIP: 0010:ext4_get_group_info fs/ext4/ext4.h:2870 [inline] RIP: 0010:ext4_mb_load_buddy_gfp+0xfdd/0x1560 fs/ext4/mballoc.c:1116 Code: 0f 87 3c fc ff ff 4c 89 e7 e8 2f be a2 ff e9 93 fc ff ff e9 3d fa ff ff e9 9f f7 ff ff 4c 89 e7 e8 d8 34 a8 ff e9 bd fb ff ff <0f> 0b 8b 55 bc 44 89 e6 4c 89 ff e8 53 de ff ff 85 c0 41 89 c5 0f EXT4-fs (sda1): This should not happen!! Data will be lost RSP: 0018:ffff8880926374c8 EFLAGS: 00010282 wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 EXT4-fs warning (device sda1): htree_dirblock_to_tree:995: inode #13894: lblock 0: comm syz-execprog: error -117 reading directory block EXT4-fs (sda1): Delayed block allocation failed for inode 13872 at logical offset 0 with max blocks 2048 with error 117 RAX: dffffc0000000000 RBX: ffff888092637640 RCX: 1ffff11046aea8e0 wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 EXT4-fs warning (device sda1): htree_dirblock_to_tree:995: inode #16704: lblock 0: comm modprobe: error -117 reading directory block EXT4-fs (sda1): This should not happen!! Data will be lost RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff888235754700 RBP: ffff888092637538 R08: 1ffff110154c1998 R09: ffffed10120688e8 R10: ffffed10120688e8 R11: ffff888090344743 R12: 00000000fffe8f8c R13: ffff8882357546c0 R14: ffff888235752d00 R15: ffff888235752680 FS: 00007f94c6c88700(0000) GS:ffff8880ba200000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000055c13b0f8958 CR3: 00000000b3072000 CR4: 00000000001406f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400