bisecting fixing commit since a1b977b49b66c75e6c51a515f6700371ae720217
building syzkaller on d32b0bbf2f8cfe548553c4012e2c0f79040d999f
testing commit a1b977b49b66c75e6c51a515f6700371ae720217 with gcc (GCC) 8.1.0
kernel signature: 3d2efd814dfda3c71c2578b08792a438e3bc45522260d3d280ca7c8d4e1afa0d
all runs: crashed: kernel BUG at fs/f2fs/inode.c:LINE!
testing current HEAD 13d2ce42de8cb98ff952f8de6307f896203854c2
testing commit 13d2ce42de8cb98ff952f8de6307f896203854c2 with gcc (GCC) 8.1.0
kernel signature: 4385b94fc410a48a163b7f804ee95bcca7fe141381669b15c64545d95d551eb5
all runs: crashed: kernel BUG at fs/f2fs/inode.c:LINE!
revisions tested: 2, total time: 29m6.932652339s (build: 22m54.030153568s, test: 5m28.96742624s)
the crash still happens on HEAD
commit msg: Linux 4.19.163
crash: kernel BUG at fs/f2fs/inode.c:LINE!
wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
IPv6: ADDRCONF(NETDEV_UP): wlan1: link is not ready
------------[ cut here ]------------
kernel BUG at fs/f2fs/inode.c:706!
wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
CPU: 1 PID: 7396 Comm: syz-executor.4 Not tainted 4.19.163-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:f2fs_evict_inode+0xd06/0x1000 fs/f2fs/inode.c:706
Code: e9 df f8 ff ff 48 8b 7d a0 e8 76 86 a3 fe e9 a3 f3 ff ff 85 c0 0f 84 8b fc ff ff eb 9a 4c 89 e7 e8 1f 41 03 00 e9 94 f6 ff ff <0f> 0b e8 73 86 a3 fe e9 1c f8 ff ff 4c 89 f7 e8 66 86 a3 fe e9 2f
------------[ cut here ]------------
RSP: 0018:ffff8881cf14f910 EFLAGS: 00010202
kernel BUG at fs/f2fs/inode.c:706!
RAX: 0000000000000142 RBX: ffff8881cd579300 RCX: 0000000000000001
RDX: 1ffff11038ff90a2 RSI: 0000000000000001 RDI: ffff8881f48d85c4
IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
RBP: ffff8881cf14f988 R08: 0000000000000000 R09: ffffed103ece473a
R10: ffffed103ece473a R11: ffff8881f67239d3 R12: ffff8881c7fc8140
R13: ffff8881f48d8540 R14: dffffc0000000000 R15: ffff8881cd5798b8
FS:  00007f06c4145700(0000) GS:ffff8881f6700000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ffef149dd08 CR3: 00000001d54b2004 CR4: 00000000001606e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 evict+0x29c/0x590 fs/inode.c:559
 iput_final fs/inode.c:1555 [inline]
 iput+0x378/0x6b0 fs/inode.c:1581
 f2fs_fill_super+0x4b52/0x70c0 fs/f2fs/super.c:3064
 mount_bdev+0x26f/0x330 fs/super.c:1158
 f2fs_mount+0x10/0x20 fs/f2fs/super.c:3234
 mount_fs+0x7f/0x2a2 fs/super.c:1261
 vfs_kern_mount.part.11+0x58/0x3d0 fs/namespace.c:961
 vfs_kern_mount fs/namespace.c:951 [inline]
 do_new_mount fs/namespace.c:2469 [inline]
 do_mount+0x376/0x2710 fs/namespace.c:2799
 ksys_mount+0xba/0xe0 fs/namespace.c:3015
 __do_sys_mount fs/namespace.c:3029 [inline]
 __se_sys_mount fs/namespace.c:3026 [inline]
 __x64_sys_mount+0xb9/0x150 fs/namespace.c:3026
 do_syscall_64+0xd0/0x4e0 arch/x86/entry/common.c:293
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x4608aa
Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 ad 89 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 8a 89 fb ff c3 66 0f 1f 84 00 00 00 00 00
RSP: 002b:00007f06c4144a88 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 00007f06c4144b20 RCX: 00000000004608aa
RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007f06c4144ae0
RBP: 00007f06c4144ae0 R08: 00007f06c4144b20 R09: 0000000020000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000020000000
R13: 0000000020000100 R14: 0000000020000200 R15: 00000000200015c0
Modules linked in:
invalid opcode: 0000 [#2] PREEMPT SMP KASAN
---[ end trace c39310fe98f35ead ]---
CPU: 0 PID: 7382 Comm: syz-executor.1 Tainted: G      D           4.19.163-syzkaller #0
RIP: 0010:f2fs_evict_inode+0xd06/0x1000 fs/f2fs/inode.c:706
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:f2fs_evict_inode+0xd06/0x1000 fs/f2fs/inode.c:706
Code: e9 df f8 ff ff 48 8b 7d a0 e8 76 86 a3 fe e9 a3 f3 ff ff 85 c0 0f 84 8b fc ff ff eb 9a 4c 89 e7 e8 1f 41 03 00 e9 94 f6 ff ff <0f> 0b e8 73 86 a3 fe e9 1c f8 ff ff 4c 89 f7 e8 66 86 a3 fe e9 2f
RSP: 0018:ffff8881cd9b7910 EFLAGS: 00010202
RAX: 0000000000000142 RBX: ffff8881cd510f40 RCX: 0000000000000001
RDX: 1ffff11038ffdcb2 RSI: 0000000000000001 RDI: ffff8881cf292a44
RBP: ffff8881cd9b7988 R08: 0000000000000000 R09: fffff94000fa3fe6
R10: fffff94000fa3fe6 R11: ffffea0007d1ff37 R12: ffff8881c7fee1c0
R13: ffff8881cf2929c0 R14: dffffc0000000000 R15: ffff8881cd5114f8
FS:  00007fb88c8d8700(0000) GS:ffff8881f6600000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000001590004 CR3: 00000001d49bf003 CR4: 00000000001606f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 evict+0x29c/0x590 fs/inode.c:559
 iput_final fs/inode.c:1555 [inline]
 iput+0x378/0x6b0 fs/inode.c:1581
 f2fs_fill_super+0x4b52/0x70c0 fs/f2fs/super.c:3064
 mount_bdev+0x26f/0x330 fs/super.c:1158
 f2fs_mount+0x10/0x20 fs/f2fs/super.c:3234
 mount_fs+0x7f/0x2a2 fs/super.c:1261
 vfs_kern_mount.part.11+0x58/0x3d0 fs/namespace.c:961
 vfs_kern_mount fs/namespace.c:951 [inline]
 do_new_mount fs/namespace.c:2469 [inline]
 do_mount+0x376/0x2710 fs/namespace.c:2799
 ksys_mount+0xba/0xe0 fs/namespace.c:3015
 __do_sys_mount fs/namespace.c:3029 [inline]
 __se_sys_mount fs/namespace.c:3026 [inline]
 __x64_sys_mount+0xb9/0x150 fs/namespace.c:3026
 do_syscall_64+0xd0/0x4e0 arch/x86/entry/common.c:293
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x4608aa
Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 ad 89 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 8a 89 fb ff c3 66 0f 1f 84 00 00 00 00 00
RSP: 002b:00007fb88c8d7a88 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 00007fb88c8d7b20 RCX: 00000000004608aa
RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007fb88c8d7ae0
RBP: 00007fb88c8d7ae0 R08: 00007fb88c8d7b20 R09: 0000000020000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000020000000
R13: 0000000020000100 R14: 0000000020000200 R15: 00000000200015c0
Modules linked in:
ieee80211 phy12: Selected rate control algorithm 'minstrel_ht'
Code: e9 df f8 ff ff 48 8b 7d a0 e8 76 86 a3 fe e9 a3 f3 ff ff 85 c0 0f 84 8b fc ff ff eb 9a 4c 89 e7 e8 1f 41 03 00 e9 94 f6 ff ff <0f> 0b e8 73 86 a3 fe e9 1c f8 ff ff 4c 89 f7 e8 66 86 a3 fe e9 2f
------------[ cut here ]------------
RSP: 0018:ffff8881cf14f910 EFLAGS: 00010202
kernel BUG at fs/f2fs/inode.c:706!
invalid opcode: 0000 [#3] PREEMPT SMP KASAN
RAX: 0000000000000142 RBX: ffff8881cd579300 RCX: 0000000000000001
CPU: 0 PID: 7437 Comm: syz-executor.5 Tainted: G      D           4.19.163-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:f2fs_evict_inode+0xd06/0x1000 fs/f2fs/inode.c:706
Code: e9 df f8 ff ff 48 8b 7d a0 e8 76 86 a3 fe e9 a3 f3 ff ff 85 c0 0f 84 8b fc ff ff eb 9a 4c 89 e7 e8 1f 41 03 00 e9 94 f6 ff ff <0f> 0b e8 73 86 a3 fe e9 1c f8 ff ff 4c 89 f7 e8 66 86 a3 fe e9 2f
RSP: 0018:ffff8881cd64f910 EFLAGS: 00010202
RDX: 1ffff11038ff90a2 RSI: 0000000000000001 RDI: ffff8881f48d85c4
RAX: 0000000000000142 RBX: ffff8881cece19c0 RCX: 0000000000000001
RDX: 1ffff11038fff8c2 RSI: 0000000000000001 RDI: ffff8881d3c2a084
RBP: ffff8881cd64f988 R08: 0000000000000000 R09: fffff94000fa0736
R10: fffff94000fa0736 R11: ffffea0007d039b7 R12: ffff8881c7ffc240
R13: ffff8881d3c2a000 R14: dffffc0000000000 R15: ffff8881cece1f78
FS:  00007f722ac36700(0000) GS:ffff8881f6600000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ffef149da08 CR3: 00000001dacc7005 CR4: 00000000001606f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 evict+0x29c/0x590 fs/inode.c:559
RBP: ffff8881cf14f988 R08: 0000000000000000 R09: ffffed103ece473a
 iput_final fs/inode.c:1555 [inline]
 iput+0x378/0x6b0 fs/inode.c:1581
 f2fs_fill_super+0x4b52/0x70c0 fs/f2fs/super.c:3064
R10: ffffed103ece473a R11: ffff8881f67239d3 R12: ffff8881c7fc8140
 mount_bdev+0x26f/0x330 fs/super.c:1158
 f2fs_mount+0x10/0x20 fs/f2fs/super.c:3234
 mount_fs+0x7f/0x2a2 fs/super.c:1261
 vfs_kern_mount.part.11+0x58/0x3d0 fs/namespace.c:961
R13: ffff8881f48d8540 R14: dffffc0000000000 R15: ffff8881cd5798b8
 vfs_kern_mount fs/namespace.c:951 [inline]
 do_new_mount fs/namespace.c:2469 [inline]
 do_mount+0x376/0x2710 fs/namespace.c:2799
FS:  00007f06c4145700(0000) GS:ffff8881f6700000(0000) knlGS:0000000000000000
 ksys_mount+0xba/0xe0 fs/namespace.c:3015
 __do_sys_mount fs/namespace.c:3029 [inline]
 __se_sys_mount fs/namespace.c:3026 [inline]
 __x64_sys_mount+0xb9/0x150 fs/namespace.c:3026
 do_syscall_64+0xd0/0x4e0 arch/x86/entry/common.c:293
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x4608aa
Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 ad 89 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 8a 89 fb ff c3 66 0f 1f 84 00 00 00 00 00
RSP: 002b:00007f722ac35a88 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 00007f722ac35b20 RCX: 00000000004608aa
RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007f722ac35ae0
RBP: 00007f722ac35ae0 R08: 00007f722ac35b20 R09: 0000000020000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000020000000
R13: 0000000020000100 R14: 0000000020000200 R15: 00000000200015c0
Modules linked in:
---[ end trace c39310fe98f35eae ]---
------------[ cut here ]------------
------------[ cut here ]------------
kernel BUG at fs/f2fs/inode.c:706!
kernel BUG at fs/f2fs/inode.c:706!
CR2: 000055a48c2b4000 CR3: 00000001d54b2005 CR4: 00000000001606e0
RIP: 0010:f2fs_evict_inode+0xd06/0x1000 fs/f2fs/inode.c:706
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
invalid opcode: 0000 [#4] PREEMPT SMP KASAN
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
CPU: 0 PID: 7451 Comm: syz-executor.2 Tainted: G      D           4.19.163-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:f2fs_evict_inode+0xd06/0x1000 fs/f2fs/inode.c:706
Code: e9 df f8 ff ff 48 8b 7d a0 e8 76 86 a3 fe e9 a3 f3 ff ff 85 c0 0f 84 8b fc ff ff eb 9a 4c 89 e7 e8 1f 41 03 00 e9 94 f6 ff ff <0f> 0b e8 73 86 a3 fe e9 1c f8 ff ff 4c 89 f7 e8 66 86 a3 fe e9 2f
RSP: 0018:ffff8881f3d1f910 EFLAGS: 00010202
RAX: 0000000000000142 RBX: ffff8881f355dd40 RCX: 0000000000000001
RDX: 1ffff11038d952f2 RSI: 0000000000000001 RDI: ffff8881d51d0144
RBP: ffff8881f3d1f988 R08: 0000000000000000 R09: fffff94000f989f6
R10: fffff94000f989f6 R11: ffffea0007cc4fb7 R12: ffff8881c6ca93c0
R13: ffff8881d51d00c0 R14: dffffc0000000000 R15: ffff8881f355e2f8
FS:  00007f39d4430700(0000) GS:ffff8881f6600000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055a48afa00e8 CR3: 00000001f410b006 CR4: 00000000001606f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 evict+0x29c/0x590 fs/inode.c:559
 iput_final fs/inode.c:1555 [inline]
 iput+0x378/0x6b0 fs/inode.c:1581
 f2fs_fill_super+0x4b52/0x70c0 fs/f2fs/super.c:3064
 mount_bdev+0x26f/0x330 fs/super.c:1158
 f2fs_mount+0x10/0x20 fs/f2fs/super.c:3234
 mount_fs+0x7f/0x2a2 fs/super.c:1261
 vfs_kern_mount.part.11+0x58/0x3d0 fs/namespace.c:961
 vfs_kern_mount fs/namespace.c:951 [inline]
 do_new_mount fs/namespace.c:2469 [inline]
 do_mount+0x376/0x2710 fs/namespace.c:2799
 ksys_mount+0xba/0xe0 fs/namespace.c:3015
 __do_sys_mount fs/namespace.c:3029 [inline]
 __se_sys_mount fs/namespace.c:3026 [inline]
 __x64_sys_mount+0xb9/0x150 fs/namespace.c:3026
 do_syscall_64+0xd0/0x4e0 arch/x86/entry/common.c:293
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x4608aa
Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 ad 89 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 8a 89 fb ff c3 66 0f 1f 84 00 00 00 00 00
RSP: 002b:00007f39d442fa88 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 00007f39d442fb20 RCX: 00000000004608aa
RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007f39d442fae0
RBP: 00007f39d442fae0 R08: 00007f39d442fb20 R09: 0000000020000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000020000000
R13: 0000000020000100 R14: 0000000020000200 R15: 00000000200015c0
Modules linked in:
invalid opcode: 0000 [#5] PREEMPT SMP KASAN
CPU: 1 PID: 7449 Comm: syz-executor.0 Tainted: G      D           4.19.163-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:f2fs_evict_inode+0xd06/0x1000 fs/f2fs/inode.c:706
Code: e9 df f8 ff ff 48 8b 7d a0 e8 76 86 a3 fe e9 a3 f3 ff ff 85 c0 0f 84 8b fc ff ff eb 9a 4c 89 e7 e8 1f 41 03 00 e9 94 f6 ff ff <0f> 0b e8 73 86 a3 fe e9 1c f8 ff ff 4c 89 f7 e8 66 86 a3 fe e9 2f
RSP: 0018:ffff8881d4597910 EFLAGS: 00010202
RAX: 0000000000000142 RBX: ffff8881f3a4dd00 RCX: 0000000000000001
RDX: 1ffff11038d8d6e2 RSI: 0000000000000001 RDI: ffff8881f395a184
RBP: ffff8881d4597988 R08: 0000000000000000 R09: fffff94000ea5756
R10: fffff94000ea5756 R11: ffffea000752bab7 R12: ffff8881c6c6b340
R13: ffff8881f395a100 R14: dffffc0000000000 R15: ffff8881f3a4e2b8
FS:  00007f40b6b6c700(0000) GS:ffff8881f6700000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fe1cae8e008 CR3: 00000001d7773005 CR4: 00000000001606e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 evict+0x29c/0x590 fs/inode.c:559
 iput_final fs/inode.c:1555 [inline]
 iput+0x378/0x6b0 fs/inode.c:1581
 f2fs_fill_super+0x4b52/0x70c0 fs/f2fs/super.c:3064
 mount_bdev+0x26f/0x330 fs/super.c:1158
 f2fs_mount+0x10/0x20 fs/f2fs/super.c:3234
 mount_fs+0x7f/0x2a2 fs/super.c:1261
 vfs_kern_mount.part.11+0x58/0x3d0 fs/namespace.c:961
 vfs_kern_mount fs/namespace.c:951 [inline]
 do_new_mount fs/namespace.c:2469 [inline]
 do_mount+0x376/0x2710 fs/namespace.c:2799
 ksys_mount+0xba/0xe0 fs/namespace.c:3015
 __do_sys_mount fs/namespace.c:3029 [inline]
 __se_sys_mount fs/namespace.c:3026 [inline]
 __x64_sys_mount+0xb9/0x150 fs/namespace.c:3026
 do_syscall_64+0xd0/0x4e0 arch/x86/entry/common.c:293
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x4608aa
Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 ad 89 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 8a 89 fb ff c3 66 0f 1f 84 00 00 00 00 00
RSP: 002b:00007f40b6b6ba88 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 00007f40b6b6bb20 RCX: 00000000004608aa
RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007f40b6b6bae0
RBP: 00007f40b6b6bae0 R08: 00007f40b6b6bb20 R09: 0000000020000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000020000000
R13: 0000000020000100 R14: 0000000020000200 R15: 00000000200015c0
Modules linked in:
---[ end trace c39310fe98f35eaf ]---
IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready
wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
---[ end trace c39310fe98f35eb0 ]---