ci2 starts bisection 2025-08-13 11:47:28.23654722 +0000 UTC m=+65735.747022668 bisecting cause commit starting from 0e39a731820ad26533eb988cef27ad2506063b5b building syzkaller on 22ec1469fe8c0ba256de07e8f97fa7b375b522bd ensuring issue is reproducible on original commit 0e39a731820ad26533eb988cef27ad2506063b5b testing commit 0e39a731820ad26533eb988cef27ad2506063b5b gcc compiler: Debian clang version 20.1.7 (++20250616065708+6146a88f6049-1~exp1~20250616065826.132), Debian LLD 20.1.7 kernel signature: c6fb303e4c3b4863041ffdc31090ebcf50e5268f47a3ebaa4813cdb5a9e9e916 run #0: crashed: general protection fault in f2fs_check_opt_consistency run #1: crashed: general protection fault in f2fs_check_opt_consistency run #2: crashed: general protection fault in f2fs_check_opt_consistency run #3: crashed: general protection fault in corrupted run #4: crashed: general protection fault in f2fs_check_opt_consistency run #5: crashed: general protection fault in f2fs_check_opt_consistency run #6: crashed: general protection fault in f2fs_check_opt_consistency run #7: crashed: general protection fault in f2fs_check_opt_consistency run #8: crashed: general protection fault in f2fs_check_opt_consistency run #9: crashed: general protection fault in f2fs_check_opt_consistency run #10: crashed: general protection fault in f2fs_check_opt_consistency run #11: crashed: general protection fault in f2fs_check_opt_consistency run #12: crashed: general protection fault in f2fs_check_opt_consistency run #13: crashed: general protection fault in f2fs_check_opt_consistency run #14: crashed: general protection fault in f2fs_check_opt_consistency run #15: crashed: general protection fault in f2fs_check_opt_consistency run #16: crashed: general protection fault in corrupted run #17: crashed: general protection fault in f2fs_check_opt_consistency run #18: crashed: general protection fault in f2fs_check_opt_consistency run #19: crashed: general protection fault in f2fs_check_opt_consistency representative crash: general protection fault in f2fs_check_opt_consistency, types: [DoS] check whether we can drop unnecessary instrumentation disabling configs for [kasan locking atomic_sleep hang memleak ubsan bug_or_warning], they are not needed testing commit 0e39a731820ad26533eb988cef27ad2506063b5b gcc compiler: Debian clang version 20.1.7 (++20250616065708+6146a88f6049-1~exp1~20250616065826.132), Debian LLD 20.1.7 kernel signature: edacc08235808c78ab62f9efa7a1e7bfd76ca12c89776012292ca8a91c65a82d all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in f2fs_check_opt_consistency representative crash: BUG: unable to handle kernel NULL pointer dereference in f2fs_check_opt_consistency, types: [NULL-POINTER-DEREFERENCE] the bug reproduces without the instrumentation disabling configs for [ubsan bug_or_warning kasan locking atomic_sleep hang memleak], they are not needed kconfig minimization: base=4092 full=8349 leaves diff=2173 split chunks (needed=false): <2173> split chunk #0 of len 2173 into 5 parts testing without sub-chunk 1/5 disabling configs for [memleak ubsan bug_or_warning kasan locking atomic_sleep hang], they are not needed testing commit 0e39a731820ad26533eb988cef27ad2506063b5b gcc compiler: Debian clang version 20.1.7 (++20250616065708+6146a88f6049-1~exp1~20250616065826.132), Debian LLD 20.1.7 kernel signature: bab8472fc7d6b9d2b4ec4782223460411826af68356dd305b02f7d3b92bf549c all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in f2fs_check_opt_consistency representative crash: BUG: unable to handle kernel NULL pointer dereference in f2fs_check_opt_consistency, types: [NULL-POINTER-DEREFERENCE] the chunk can be dropped testing without sub-chunk 2/5 disabling configs for [hang memleak ubsan bug_or_warning kasan locking atomic_sleep], they are not needed testing commit 0e39a731820ad26533eb988cef27ad2506063b5b gcc compiler: Debian clang version 20.1.7 (++20250616065708+6146a88f6049-1~exp1~20250616065826.132), Debian LLD 20.1.7 kernel signature: 9c80f61f3dd12b0c4830afc5432c392f4c728afef99aeb2ec110f765fc0e8dbb all runs: OK false negative chance: 0.000 testing without sub-chunk 3/5 disabling configs for [ubsan bug_or_warning kasan locking atomic_sleep hang memleak], they are not needed testing commit 0e39a731820ad26533eb988cef27ad2506063b5b gcc compiler: Debian clang version 20.1.7 (++20250616065708+6146a88f6049-1~exp1~20250616065826.132), Debian LLD 20.1.7 kernel signature: 248cfebebe5ac611eabc68d370bf445f55980b8a8e858342de1461ba74740a88 all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in f2fs_check_opt_consistency representative crash: BUG: unable to handle kernel NULL pointer dereference in f2fs_check_opt_consistency, types: [NULL-POINTER-DEREFERENCE] the chunk can be dropped testing without sub-chunk 4/5 disabling configs for [atomic_sleep hang memleak ubsan bug_or_warning kasan locking], they are not needed testing commit 0e39a731820ad26533eb988cef27ad2506063b5b gcc compiler: Debian clang version 20.1.7 (++20250616065708+6146a88f6049-1~exp1~20250616065826.132), Debian LLD 20.1.7 kernel signature: e8f30560b98d7fcfa1bdda32b55cd06b75aa66985e4072979a6a9ee59855f2c0 all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in f2fs_check_opt_consistency representative crash: BUG: unable to handle kernel NULL pointer dereference in f2fs_check_opt_consistency, types: [NULL-POINTER-DEREFERENCE] the chunk can be dropped testing without sub-chunk 5/5 disabling configs for [bug_or_warning kasan locking atomic_sleep hang memleak ubsan], they are not needed testing commit 0e39a731820ad26533eb988cef27ad2506063b5b gcc compiler: Debian clang version 20.1.7 (++20250616065708+6146a88f6049-1~exp1~20250616065826.132), Debian LLD 20.1.7 kernel signature: f9e70b6dc5fdc6872837355d5804e6a35eeaf2096a8d2f3ce0ec3d02727885aa all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in f2fs_check_opt_consistency representative crash: BUG: unable to handle kernel NULL pointer dereference in f2fs_check_opt_consistency, types: [NULL-POINTER-DEREFERENCE] the chunk can be dropped minimized to 435 configs; suspects: [6LOWPAN ARCH_ENABLE_MEMORY_HOTREMOVE ASUS_WMI BLK_DEV_ZONED CHARGER_BQ24190 CMA COMMON_CLK DAX DEV_COREDUMP DLM DLN2_ADC DMABUF_HEAPS DMABUF_HEAPS_CMA DMABUF_HEAPS_CMA_LEGACY DMABUF_HEAPS_SYSTEM DMABUF_MOVE_NOTIFY DMA_CMA DMA_ENGINE_RAID DM_AUDIT DM_BIO_PRISON DM_BUFIO DM_CACHE DM_CACHE_SMQ DM_CLONE DM_CRYPT DM_FLAKEY DM_INTEGRITY DM_MULTIPATH DM_MULTIPATH_QL DM_MULTIPATH_ST DM_PERSISTENT_DATA DM_RAID DM_SNAPSHOT DM_THIN_PROVISIONING DM_UEVENT DM_VERITY DM_VERITY_FEC DM_WRITECACHE DM_ZONED DRAGONRISE_FF DRM DRM_AUX_BRIDGE DRM_BOCHS DRM_BRIDGE DRM_CIRRUS_QEMU DRM_CLIENT DRM_CLIENT_DEFAULT_FBDEV DRM_CLIENT_LIB DRM_CLIENT_SELECTION DRM_CLIENT_SETUP DRM_DEBUG_MM DRM_DISPLAY_DP_AUX_BUS DRM_DISPLAY_DP_HELPER DRM_DISPLAY_HELPER DRM_FBDEV_EMULATION DRM_GEM_SHMEM_HELPER DRM_GM12U320 DRM_GUD DRM_KMS_HELPER DRM_PANEL DRM_PANEL_BRIDGE DRM_PANEL_EDP DRM_PANEL_ORIENTATION_QUIRKS DRM_SIMPLEDRM DRM_SYSFB_HELPER DRM_TTM DRM_TTM_HELPER DRM_UDL DRM_VGEM DRM_VIRTIO_GPU DRM_VIRTIO_GPU_KMS DRM_VKMS DRM_VMWGFX DUMMY DVB_AF9013 DVB_AF9033 DVB_AS102 DVB_AS102_FE DVB_B2C2_FLEXCOP DVB_B2C2_FLEXCOP_USB DVB_CORE DVB_DIB3000MB DVB_DIB3000MC DVB_EC100 DVB_GP8PSK_FE DVB_RTL2830 DVB_RTL2832 DVB_RTL2832_SDR DVB_TEST_DRIVERS DVB_TTUSB_BUDGET DVB_TTUSB_DEC DVB_USB DVB_USB_A800 DVB_USB_AF9005 DVB_USB_AF9005_REMOTE DVB_USB_AF9015 DVB_USB_AF9035 DVB_USB_ANYSEE DVB_USB_AU6610 DVB_USB_AZ6007 DVB_USB_AZ6027 DVB_USB_CE6230 DVB_USB_CINERGY_T2 DVB_USB_CXUSB DVB_USB_CXUSB_ANALOG DVB_USB_DIB0700 DVB_USB_DIB3000MC DVB_USB_DIBUSB_MB DVB_USB_DIBUSB_MC DVB_USB_DIGITV DVB_USB_DTT200U DVB_USB_DTV5100 DVB_USB_DVBSKY DVB_USB_DW2102 DVB_USB_EC168 DVB_USB_GL861 DVB_USB_GP8PSK DVB_USB_LME2510 DVB_USB_M920X DVB_USB_MXL111SF DVB_USB_NOVA_T_USB2 DVB_USB_OPERA1 DVB_USB_PCTV452E DVB_USB_RTL28XXU DVB_USB_TECHNISAT_USB2 DVB_USB_TTUSB2 DVB_USB_UMT_010 DVB_USB_V2 DVB_USB_VP702X DVB_USB_VP7045 DVB_USB_ZD1301 DVB_VIDTV DVB_ZL10353 ECRYPT_FS ECRYPT_FS_MESSAGING EDAC EFS_FS ENCRYPTED_KEYS EPROBE_EVENTS EQUALIZER EROFS_FS EROFS_FS_POSIX_ACL EROFS_FS_SECURITY EROFS_FS_XATTR EROFS_FS_ZIP EVM EVM_ADD_XATTRS EVM_ATTR_FSUUID EVM_EXTRA_SMACK_XATTRS EXFAT_FS EXPORTFS_BLOCK_OPS EXT3_FS EXT3_FS_POSIX_ACL EXT3_FS_SECURITY EXTCON EXTCON_INTEL_CHT_WC EXTCON_PTN5150 EXTCON_USBC_TUSB320 F2FS_CHECK_FS F2FS_FAULT_INJECTION F2FS_FS F2FS_FS_COMPRESSION F2FS_FS_LZ4 F2FS_FS_LZ4HC F2FS_FS_LZO F2FS_FS_LZORLE F2FS_FS_POSIX_ACL F2FS_FS_SECURITY F2FS_FS_XATTR F2FS_FS_ZSTD F2FS_STAT_FS FANOTIFY FANOTIFY_ACCESS_PERMISSIONS FB FB_CFB_COPYAREA FB_CFB_FILLRECT FB_CFB_IMAGEBLIT FB_CORE FB_DEFERRED_IO FB_DEVICE FB_IOMEM_FOPS FB_IOMEM_HELPERS FB_NOTIFY FB_SYSMEM_FOPS FB_SYSMEM_HELPERS FB_SYSMEM_HELPERS_DEFERRED FB_SYS_COPYAREA FB_SYS_FILLRECT FB_SYS_IMAGEBLIT FB_TILEBLITTING FB_VESA FB_VGA16 FB_VIRTUAL FDDI FIREWIRE FIREWIRE_NET FIREWIRE_OHCI FIREWIRE_SBP2 FONT_8x16 FONT_8x8 FONT_SUPPORT FRAMEBUFFER_CONSOLE FRAMEBUFFER_CONSOLE_DETECT_PRIMARY FRAMEBUFFER_CONSOLE_ROTATION FS_DAX FS_ENCRYPTION FS_ENCRYPTION_ALGS FS_STACK FS_VERITY FS_VERITY_BUILTIN_SIGNATURES FTL FUSE_DAX FUSE_FS FW_LOADER_COMPRESS FW_LOADER_PAGED_BUF FW_LOADER_SYSFS FW_LOADER_USER_HELPER FW_LOADER_USER_HELPER_FALLBACK GACT_PROB GARP GENDWARFKSYMS GENERIC_IRQ_ENTRY GENERIC_PHY GENERIC_SYSCALL GET_FREE_REGION GFS2_FS GFS2_FS_LOCKING_DLM GNSS GNSS_USB GOOGLE_COREBOOT_TABLE GOOGLE_FIRMWARE GOOGLE_MEMCONSOLE GOOGLE_MEMCONSOLE_COREBOOT GOOGLE_VPD GPIOLIB GPIOLIB_IRQCHIP GPIOLIB_LEGACY GPIO_ACPI GPIO_DLN2 GPIO_LJCA GPIO_VIPERBOARD GREENASIA_FF GREYBUS GREYBUS_BRIDGED_PHY GREYBUS_ES2 GREYBUS_HID GREYBUS_USB GROUP_SCHED_BANDWIDTH GTP GUEST_PERF_EVENTS HAS_LTO_CLANG HAVE_ARCH_KSTACK_ERASE HAVE_ARCH_NODE_DEV_GROUP HAVE_ARCH_USERFAULTFD_MINOR HAVE_ARCH_USERFAULTFD_WP HAVE_BOOTMEM_INFO_NODE HAVE_CLK_PREPARE HAVE_KVM_CPU_RELAX_INTERCEPT HAVE_KVM_DIRTY_RING HAVE_KVM_DIRTY_RING_ACQ_REL HAVE_KVM_DIRTY_RING_TSO HAVE_KVM_IRQCHIP HAVE_KVM_IRQ_BYPASS HAVE_KVM_IRQ_ROUTING HAVE_KVM_MSI HAVE_KVM_NO_POLL HAVE_KVM_PFNCACHE HAVE_KVM_PM_NOTIFIER HAVE_KVM_READONLY_MEM HAVE_SCHED_AVG_IRQ HDLC HDLC_CISCO HDLC_FR HDLC_PPP HDLC_RAW HDLC_RAW_ETH HDLC_X25 HDMI HFSPLUS_FS HFS_FS HID_ACCUTOUCH HID_ACRUX HID_ACRUX_FF HID_ALPS HID_APPLEIR HID_ASUS HID_AUREAL HID_BATTERY_STRENGTH HID_BETOP_FF HID_BIGBEN_FF HID_CMEDIA HID_CORSAIR HID_COUGAR HID_CP2112 HID_CREATIVE_SB0540 HID_DRAGONRISE HID_ELAN HID_ELECOM HID_ELO HID_EMS_FF HID_EVISION HID_FT260 HID_GEMBIRD HID_GFRM HID_GLORIOUS HID_GOOGLE_STADIA_FF HID_GREENASIA HID_GT683R HID_HOLTEK HID_ICADE HID_JABRA HID_KEYTOUCH HID_KYE HID_LCPOWER HID_LED HID_LENOVO HID_LETSKETCH HID_LOGITECH HID_LOGITECH_DJ HID_LOGITECH_HIDPP HID_MACALLY HID_MAGICMOUSE HID_MALTRON HID_MAYFLASH HID_MCP2200 HID_MCP2221 HID_MEGAWORLD_FF HID_MULTITOUCH HID_NTI HID_ORTEK HID_PENMOUNT HID_PICOLCD HID_PICOLCD_BACKLIGHT HID_PICOLCD_CIR HID_PICOLCD_FB HID_PICOLCD_LCD HID_PICOLCD_LEDS HID_PLANTRONICS HID_PRIMAX HID_PRODIKEYS HID_PXRC HID_RAZER HID_RETRODE HID_RMI HID_ROCCAT HID_SAITEK HID_SEMITEK HID_SENSOR_ACCEL_3D HID_SENSOR_ALS HID_SENSOR_CUSTOM_INTEL_HINGE HID_SENSOR_CUSTOM_SENSOR HID_SENSOR_DEVICE_ROTATION HID_SENSOR_GYRO_3D HID_SENSOR_HUB HID_SENSOR_HUMIDITY HID_SENSOR_IIO_COMMON HID_SENSOR_IIO_TRIGGER HID_SENSOR_INCLINOMETER_3D HID_SENSOR_MAGNETOMETER_3D HID_SENSOR_PRESS HID_SENSOR_PROX HID_SENSOR_TEMP HID_SIGMAMICRO HID_SPEEDLINK HID_STEELSERIES HID_THINGM HID_TIVO HID_TOPRE HID_TWINHAN HID_U2FZERO HID_UCLOGIC HID_UDRAW_PS3 HID_VIEWSONIC HID_VIVALDI HID_VIVALDI_COMMON HID_VRC2 HID_WACOM HID_WALTOP HID_WIIMOTE HID_XIAOMI HID_XINMO HID_ZYDACRON HMM_MIRROR HOLTEK_FF HOTPLUG_PCI_PCIE HPET_MMAP HPET_MMAP_DEFAULT HPFS_FS I2C_ALGOBIT I2C_CHARDEV I2C_CP2615 I2C_DESIGNWARE_CORE I2C_DESIGNWARE_PLATFORM I2C_DIOLAN_U2C I2C_DLN2 I2C_HID_ACPI I2C_HID_CORE I2C_HID_OF I2C_LJCA I2C_MUX I2C_MUX_REG I2C_ROBOTFUZZ_OSIF I2C_SI4713 I2C_SLAVE I2C_SLAVE_EEPROM I2C_TINY_USB I2C_VIPERBOARD IEEE802154 IEEE802154_6LOWPAN IEEE802154_ATUSB IEEE802154_DRIVERS IEEE802154_HWSIM IEEE802154_NL802154_EXPERIMENTAL IEEE802154_SOCKET IFB IIO IIO_BUFFER IIO_KFIFO_BUF IIO_TRIGGER IIO_TRIGGERED_BUFFER IKCONFIG IKCONFIG_PROC IMA IMA_APPRAISE IMA_APPRAISE_MODSIG IMA_DEFAULT_HASH_SHA256 IMA_LSM_RULES IMA_MEASURE_ASYMMETRIC_KEYS IMA_NG_TEMPLATE IMA_QUEUE_EARLY_BOOT_KEYS IMA_READ_POLICY IMA_WRITE_POLICY INET6_ESPINTCP INET6_ESP_OFFLOAD INET6_IPCOMP INET6_TUNNEL INET6_XFRM_TUNNEL INET_AH INET_DIAG INET_DIAG_DESTROY INET_ESP INET_ESPINTCP INET_ESP_OFFLOAD INET_IPCOMP INET_MPTCP_DIAG INET_RAW_DIAG INET_SCTP_DIAG INET_TCP_DIAG INET_UDP_DIAG INET_XFRM_TUNNEL INFINIBAND INFINIBAND_ADDR_TRANS INFINIBAND_ADDR_TRANS_CONFIGFS INFINIBAND_IPOIB INFINIBAND_IPOIB_CM INFINIBAND_IPOIB_DEBUG INFINIBAND_ISER INFINIBAND_ON_DEMAND_PAGING INFINIBAND_RTRS INFINIBAND_SRP INFINIBAND_USER_ACCESS INFINIBAND_USER_MAD INFINIBAND_USER_MEM INPUT_ATI_REMOTE2 INPUT_CM109 INPUT_IMS_PCU INPUT_JOYDEV INPUT_KEYSPAN_REMOTE INPUT_LEDS INPUT_MOUSEDEV INPUT_MOUSEDEV_PSAUX INPUT_POWERMATE INPUT_UINPUT INPUT_YEALINK INTEGRITY INTEGRITY_ASYMMETRIC_KEYS INTEGRITY_AUDIT INTEGRITY_SIGNATURE INTEGRITY_TRUSTED_KEYRING INTEL_CHTWC_INT33FE INTEL_IDMA64 INTEL_IOATDMA INTEL_IOMMU_DEFAULT_ON INTEL_IOMMU_SVM INTEL_ISHTP_ECLITE INTEL_ISH_FIRMWARE_DOWNLOADER INTEL_ISH_HID INTEL_SOC_PMIC_CHTWC INTERVAL_TREE_SPAN_ITER IOMMUFD IOMMUFD_DRIVER IOMMUFD_DRIVER_CORE IOMMUFD_TEST IP6_NF_MATCH_AH IP6_NF_MATCH_EUI64 IP6_NF_MATCH_FRAG IP6_NF_MATCH_HL IP6_NF_MATCH_MH IP6_NF_MATCH_OPTS IP6_NF_MATCH_RPFILTER IP6_NF_MATCH_RT IP6_NF_MATCH_SRH IP6_NF_TARGET_NPT IP6_NF_TARGET_SYNPROXY IPV6_FOU IPV6_FOU_TUNNEL IPV6_GRE IPV6_ILA IPV6_MIP6 IPV6_MROUTE IPV6_MROUTE_MULTIPLE_TABLES IPV6_MULTIPLE_TABLES IPV6_OPTIMISTIC_DAD IPV6_PIMSM_V2 IPV6_ROUTER_PREF IPV6_ROUTE_INFO IPV6_RPL_LWTUNNEL IPV6_SEG6_BPF IPV6_SEG6_HMAC IPV6_SEG6_LWTUNNEL IPV6_SIT_6RD IPV6_SUBTREES IPV6_TUNNEL IPV6_VTI IPVLAN IPVLAN_L3S IPVTAP IP_FIB_TRIE_STATS IP_MROUTE_MULTIPLE_TABLES IP_NF_ARP_MANGLE IP_NF_MATCH_AH IP_NF_MATCH_ECN IP_NF_MATCH_RPFILTER IP_NF_MATCH_TTL IP_NF_TARGET_ECN IP_NF_TARGET_SYNPROXY IP_ROUTE_CLASSID IP_SCTP IRQ_TIME_ACCOUNTING LAPB LCD_CLASS_DEVICE LEDS_CLASS_MULTICOLOR MAC802154 MEDIA_DIGITAL_TV_SUPPORT MEDIA_RADIO_SUPPORT MEDIA_SDR_SUPPORT MEDIA_SUPPORT MEDIA_TEST_SUPPORT MEDIA_USB_SUPPORT MEMORY_HOTPLUG MEMORY_HOTREMOVE MFD_DLN2 MFD_VIPERBOARD MODVERSIONS MPTCP MTD NETFILTER_ADVANCED NET_ACT_GACT NET_ACT_MIRRED NET_IPGRE_DEMUX NFT_COMPAT NFT_COMPAT_ARP NFT_FWD_NETDEV NF_TABLES NF_TABLES_ARP NF_TABLES_NETDEV RADIO_ADAPTERS RADIO_SI4713 RAS RC_CORE REGULATOR RFKILL SND SOUND STAGING TRUSTED_KEYS TYPEC TYPEC_MUX_PI3USB30532 USB_LJCA USB_ROLES_INTEL_XHCI USB_ROLE_SWITCH VIDEO_DEV VIRTIO_FS WAN ZONE_DEVICE] disabling configs for [hang memleak ubsan bug_or_warning kasan locking atomic_sleep], they are not needed picked [v6.16 v6.15 v6.14 v6.12 v6.10 v6.8 v6.6 v6.4 v6.1 v5.18 v5.15 v5.12 v5.9 v5.6 v5.3 v5.0 v4.19] out of 39 release tags testing release v6.16 testing commit 038d61fd642278bab63ee8ef722c50d10ab01e8f gcc compiler: Debian clang version 20.1.7 (++20250616065708+6146a88f6049-1~exp1~20250616065826.132), Debian LLD 20.1.7 kernel signature: 25565df0e1bb554a7137cc7f335062e3651dc9c00427c5dfd314c5531b5e1769 all runs: OK false negative chance: 0.000 # git bisect start 0e39a731820ad26533eb988cef27ad2506063b5b 038d61fd642278bab63ee8ef722c50d10ab01e8f Bisecting: 5951 revisions left to test after this (roughly 13 steps) [8be4d31cb8aaeea27bde4b7ddb26e28a89062ebf] Merge tag 'net-next-6.17' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next testing commit 8be4d31cb8aaeea27bde4b7ddb26e28a89062ebf gcc compiler: Debian clang version 20.1.7 (++20250616065708+6146a88f6049-1~exp1~20250616065826.132), Debian LLD 20.1.7 kernel signature: 00ab6c762770ddeccfffd87a981a1b72b63d8bdc02ea1ade0f4a4e69630de2c0 all runs: OK false negative chance: 0.000 # git bisect good 8be4d31cb8aaeea27bde4b7ddb26e28a89062ebf Bisecting: 2997 revisions left to test after this (roughly 12 steps) [27152608dab9afe748d6b5fc3437a1831dac77c7] Merge tag 'libnvdimm-for-6.17' of git://git.kernel.org/pub/scm/linux/kernel/git/nvdimm/nvdimm testing commit 27152608dab9afe748d6b5fc3437a1831dac77c7 gcc compiler: Debian clang version 20.1.7 (++20250616065708+6146a88f6049-1~exp1~20250616065826.132), Debian LLD 20.1.7 kernel signature: 7520e72b9f108e60d3bfa159e906a567d5617fd2f4405203b95b7eb0dd92bf5e all runs: OK false negative chance: 0.000 # git bisect good 27152608dab9afe748d6b5fc3437a1831dac77c7 Bisecting: 1474 revisions left to test after this (roughly 11 steps) [0bd0a41a5120f78685a132834865b0a631b9026a] Merge tag 'pci-v6.17-changes' of git://git.kernel.org/pub/scm/linux/kernel/git/pci/pci testing commit 0bd0a41a5120f78685a132834865b0a631b9026a gcc compiler: Debian clang version 20.1.7 (++20250616065708+6146a88f6049-1~exp1~20250616065826.132), Debian LLD 20.1.7 kernel signature: 7e4bef822b691888b2aae540041b921a76975d4f5deaa875f37218977387cc3f all runs: OK false negative chance: 0.000 # git bisect good 0bd0a41a5120f78685a132834865b0a631b9026a Bisecting: 734 revisions left to test after this (roughly 10 steps) [d632ab86aff2cef21f794e337a8e7f2320ac3973] Merge tag 'for-6.17/dm-changes' of git://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm testing commit d632ab86aff2cef21f794e337a8e7f2320ac3973 gcc compiler: Debian clang version 20.1.7 (++20250616065708+6146a88f6049-1~exp1~20250616065826.132), Debian LLD 20.1.7 kernel signature: d61d09f8c90b973a169779c688641860ff8c60c4f1b00ac235c12121bd276c24 run #0: ignore: lost connection to test machine run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK false negative chance: 0.000 # git bisect good d632ab86aff2cef21f794e337a8e7f2320ac3973 Bisecting: 350 revisions left to test after this (roughly 9 steps) [6e64f4580381e32c06ee146ca807c555b8f73e24] Merge tag 'input-for-v6.17-rc0' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input testing commit 6e64f4580381e32c06ee146ca807c555b8f73e24 gcc compiler: Debian clang version 20.1.7 (++20250616065708+6146a88f6049-1~exp1~20250616065826.132), Debian LLD 20.1.7 kernel signature: 8cc0afb04af60e18f881b4260d0ba262da8246b25052eb8786444a7220d21efc all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in f2fs_check_opt_consistency representative crash: BUG: unable to handle kernel NULL pointer dereference in f2fs_check_opt_consistency, types: [NULL-POINTER-DEREFERENCE] # git bisect bad 6e64f4580381e32c06ee146ca807c555b8f73e24 Bisecting: 199 revisions left to test after this (roughly 8 steps) [7881cd6886a89eda848192d3f5759ce08672e084] media: venus: Fix OPP table error handling testing commit 7881cd6886a89eda848192d3f5759ce08672e084 gcc compiler: Debian clang version 20.1.7 (++20250616065708+6146a88f6049-1~exp1~20250616065826.132), Debian LLD 20.1.7 kernel signature: a1be988a26c1eaf7ed3404e1f245e15feaf98ac6b74f343a178380ab24f6c446 all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in f2fs_check_opt_consistency representative crash: BUG: unable to handle kernel NULL pointer dereference in f2fs_check_opt_consistency, types: [NULL-POINTER-DEREFERENCE] # git bisect bad 7881cd6886a89eda848192d3f5759ce08672e084 Bisecting: 91 revisions left to test after this (roughly 7 steps) [d185351325237da688de006a2c579e82ea97bdfe] f2fs: separate the options parsing and options checking testing commit d185351325237da688de006a2c579e82ea97bdfe gcc compiler: Debian clang version 20.1.7 (++20250616065708+6146a88f6049-1~exp1~20250616065826.132), Debian LLD 20.1.7 kernel signature: 62df5718c90010b951048992d672a9b94cd3623aad41b22ae6214d7850304e03 all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in f2fs_check_opt_consistency representative crash: BUG: unable to handle kernel NULL pointer dereference in f2fs_check_opt_consistency, types: [NULL-POINTER-DEREFERENCE] # git bisect bad d185351325237da688de006a2c579e82ea97bdfe Bisecting: 45 revisions left to test after this (roughly 6 steps) [889293ea1148857fcf3879073d223dd7c47a61fd] f2fs: Pass a folio to fill_node_footer_blkaddr() testing commit 889293ea1148857fcf3879073d223dd7c47a61fd gcc compiler: Debian clang version 20.1.7 (++20250616065708+6146a88f6049-1~exp1~20250616065826.132), Debian LLD 20.1.7 kernel signature: 8ab2617f478c39709c87fe6c9255c4aa7a8470c478db04da4d41ab1b7a71c711 all runs: OK false negative chance: 0.000 # git bisect good 889293ea1148857fcf3879073d223dd7c47a61fd Bisecting: 22 revisions left to test after this (roughly 5 steps) [5e2a00e6e0099fa7f22be90ee87c5019b2e02223] f2fs: Use a folio in f2fs_merge_page_bio() testing commit 5e2a00e6e0099fa7f22be90ee87c5019b2e02223 gcc compiler: Debian clang version 20.1.7 (++20250616065708+6146a88f6049-1~exp1~20250616065826.132), Debian LLD 20.1.7 kernel signature: 51a9bcf4029dd0136a76d7a93c2fcd08ad74f75b6c559a460bb44f70f2927e22 all runs: OK false negative chance: 0.000 # git bisect good 5e2a00e6e0099fa7f22be90ee87c5019b2e02223 Bisecting: 11 revisions left to test after this (roughly 4 steps) [015622b8c7ed781329284802a690f1517d3599e6] f2fs: Use a folio in f2fs_encrypted_get_link() testing commit 015622b8c7ed781329284802a690f1517d3599e6 gcc compiler: Debian clang version 20.1.7 (++20250616065708+6146a88f6049-1~exp1~20250616065826.132), Debian LLD 20.1.7 kernel signature: 945fa9b954847b6aa0ad7bd2a37913cbf0278f7367d1b760322c86be40bc64d0 all runs: OK false negative chance: 0.000 # git bisect good 015622b8c7ed781329284802a690f1517d3599e6 Bisecting: 5 revisions left to test after this (roughly 3 steps) [816aa305cd499c5fd53a1960b6fa3e80b909d922] f2fs: Remove F2FS_P_SB() testing commit 816aa305cd499c5fd53a1960b6fa3e80b909d922 gcc compiler: Debian clang version 20.1.7 (++20250616065708+6146a88f6049-1~exp1~20250616065826.132), Debian LLD 20.1.7 kernel signature: b30c61025d7e624babc3fc529b725e837ef828f7a1914e8ad95a384643d5bfe3 all runs: OK false negative chance: 0.000 # git bisect good 816aa305cd499c5fd53a1960b6fa3e80b909d922 Bisecting: 2 revisions left to test after this (roughly 2 steps) [02eb5fe42a8c6cfcf063126df7e41ec2036b083c] f2fs: move the option parser into handle_mount_opt testing commit 02eb5fe42a8c6cfcf063126df7e41ec2036b083c gcc compiler: Debian clang version 20.1.7 (++20250616065708+6146a88f6049-1~exp1~20250616065826.132), Debian LLD 20.1.7 kernel signature: a6f2abe78e7e58abe5b68dbd291ca967c50ec76bb8144f113a2db467db58ff79 all runs: OK false negative chance: 0.000 # git bisect good 02eb5fe42a8c6cfcf063126df7e41ec2036b083c Bisecting: 0 revisions left to test after this (roughly 1 step) [1a9094b10cf7339e4aa8d8c004534200968b558c] f2fs: Add f2fs_fs_context to record the mount options testing commit 1a9094b10cf7339e4aa8d8c004534200968b558c gcc compiler: Debian clang version 20.1.7 (++20250616065708+6146a88f6049-1~exp1~20250616065826.132), Debian LLD 20.1.7 kernel signature: 85456428341a9c5eb2e594f576415cb736bd42a146d725d6dc00a8a16eed905c run #0: ignore: lost connection to test machine run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK false negative chance: 0.000 # git bisect good 1a9094b10cf7339e4aa8d8c004534200968b558c d185351325237da688de006a2c579e82ea97bdfe is the first bad commit commit d185351325237da688de006a2c579e82ea97bdfe Author: Hongbo Li Date: Thu Jul 10 12:14:13 2025 +0000 f2fs: separate the options parsing and options checking The new mount api separates option parsing and super block setup into two distinct steps and so we need to separate the options parsing out of the parse_options(). In order to achieve this, here we handle the mount options with three steps: - Firstly, we move sb/sbi out of handle_mount_opt. As the former patch introduced f2fs_fs_context, so we record the changed mount options in this context. In handle_mount_opt, sb/sbi is null, so we should move all relative code out of handle_mount_opt (thus, some check case which use sb/sbi should move out). - Secondly, we introduce the some check helpers to keep the option consistent. During filling superblock period, sb/sbi are ready. So we check the f2fs_fs_context which holds the mount options base on sb/sbi. - Thirdly, we apply the new mount options to sb/sbi. After checking the f2fs_fs_context, all changed on mount options are valid. So we can apply them to sb/sbi directly. After do these, option parsing and super block setting have been decoupled. Also it should have retained the original execution flow. Signed-off-by: Hongbo Li [sandeen: forward port, minor fixes and updates] Signed-off-by: Eric Sandeen [hongbo: minor fixes] Signed-off-by: Hongbo Li Reviewed-by: Chao Yu Signed-off-by: Jaegeuk Kim fs/f2fs/super.c | 738 +++++++++++++++++++++++++++++++++++++++++--------------- 1 file changed, 545 insertions(+), 193 deletions(-) accumulated error probability: 0.00 culprit signature: 62df5718c90010b951048992d672a9b94cd3623aad41b22ae6214d7850304e03 parent signature: 85456428341a9c5eb2e594f576415cb736bd42a146d725d6dc00a8a16eed905c revisions tested: 21, total time: 5h36m3.515977979s (build: 2h7m22.848257519s, test: 3h8m1.666139853s) first bad commit: d185351325237da688de006a2c579e82ea97bdfe f2fs: separate the options parsing and options checking recipients (to): ["chao@kernel.org" "jaegeuk@kernel.org" "lihongbo22@huawei.com" "sandeen@redhat.com"] recipients (cc): [] crash: BUG: unable to handle kernel NULL pointer dereference in f2fs_check_opt_consistency loop3: detected capacity change from 0 to 40427 F2FS-fs (loop3): invalid crc value F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 F2FS-fs (loop3): Mounted with checkpoint version = 48b305e4 BUG: kernel NULL pointer dereference, address: 0000000000000000 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 8000000127da2067 P4D 8000000127da2067 PUD 0 Oops: Oops: 0000 [#1] SMP PTI CPU: 0 UID: 0 PID: 3623 Comm: syz.3.17 Not tainted 6.16.0-rc3-syzkaller #0 PREEMPT(undef) Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 RIP: 0010:strcmp+0xa/0x30 lib/string.c:284 Code: 48 8d 40 01 75 f5 e9 95 63 02 00 cc 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 31 c0 0f b6 0c 07 <0f> b6 14 06 38 d1 75 0f 48 ff c0 84 c9 75 ed 31 c0 c3 cc cc cc cc RSP: 0018:ffffc9000296b860 EFLAGS: 00010246 RAX: 0000000000000000 RBX: 0000000000000001 RCX: 0000000000000066 RDX: ffff888108a89b90 RSI: 0000000000000000 RDI: ffff8881033f8e78 RBP: 0000000000000000 R08: 0000000000080000 R09: 0000000000000000 R10: 0000000000000000 R11: ffffffff815c6320 R12: ffff888110328000 R13: ffff888110328000 R14: 0000000000000000 R15: ffffc9000296ba30 FS: 00007f6b9dccf6c0(0000) GS:ffff8882b3baa000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000000 CR3: 0000000105b36000 CR4: 00000000003506f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: f2fs_check_quota_consistency fs/f2fs/super.c:1221 [inline] f2fs_check_opt_consistency+0x615/0xa60 fs/f2fs/super.c:1469 f2fs_remount+0x21e/0x8e0 fs/f2fs/super.c:2696 reconfigure_super+0x1a8/0x220 fs/super.c:1077 do_remount fs/namespace.c:3369 [inline] path_mount+0x514/0x570 fs/namespace.c:4201 do_mount fs/namespace.c:4222 [inline] __do_sys_mount fs/namespace.c:4433 [inline] __se_sys_mount+0x147/0x1b0 fs/namespace.c:4410 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0x8f/0x250 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f6b9de5ebe9 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f6b9dccf038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 RAX: ffffffffffffffda RBX: 00007f6b9e085fa0 RCX: 00007f6b9de5ebe9 RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000000 RBP: 00007f6b9dee1e19 R08: 0000200000000140 R09: 0000000000000000 R10: 0000000000000020 R11: 0000000000000246 R12: 0000000000000000 R13: 00007f6b9e086038 R14: 00007f6b9e085fa0 R15: 00007ffc2c0c41f8 Modules linked in: CR2: 0000000000000000 ---[ end trace 0000000000000000 ]--- RIP: 0010:strcmp+0xa/0x30 lib/string.c:284 Code: 48 8d 40 01 75 f5 e9 95 63 02 00 cc 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 31 c0 0f b6 0c 07 <0f> b6 14 06 38 d1 75 0f 48 ff c0 84 c9 75 ed 31 c0 c3 cc cc cc cc RSP: 0018:ffffc9000296b860 EFLAGS: 00010246 RAX: 0000000000000000 RBX: 0000000000000001 RCX: 0000000000000066 RDX: ffff888108a89b90 RSI: 0000000000000000 RDI: ffff8881033f8e78 RBP: 0000000000000000 R08: 0000000000080000 R09: 0000000000000000 R10: 0000000000000000 R11: ffffffff815c6320 R12: ffff888110328000 R13: ffff888110328000 R14: 0000000000000000 R15: ffffc9000296ba30 FS: 00007f6b9dccf6c0(0000) GS:ffff8882b3baa000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000000 CR3: 0000000105b36000 CR4: 00000000003506f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 ---------------- Code disassembly (best guess): 0: 48 8d 40 01 lea 0x1(%rax),%rax 4: 75 f5 jne 0xfffffffb 6: e9 95 63 02 00 jmp 0x263a0 b: cc int3 c: 0f 1f 40 00 nopl 0x0(%rax) 10: 90 nop 11: 90 nop 12: 90 nop 13: 90 nop 14: 90 nop 15: 90 nop 16: 90 nop 17: 90 nop 18: 90 nop 19: 90 nop 1a: 90 nop 1b: 90 nop 1c: 90 nop 1d: 90 nop 1e: 90 nop 1f: 90 nop 20: f3 0f 1e fa endbr64 24: 31 c0 xor %eax,%eax 26: 0f b6 0c 07 movzbl (%rdi,%rax,1),%ecx * 2a: 0f b6 14 06 movzbl (%rsi,%rax,1),%edx <-- trapping instruction 2e: 38 d1 cmp %dl,%cl 30: 75 0f jne 0x41 32: 48 ff c0 inc %rax 35: 84 c9 test %cl,%cl 37: 75 ed jne 0x26 39: 31 c0 xor %eax,%eax 3b: c3 ret 3c: cc int3 3d: cc int3 3e: cc int3 3f: cc int3