bisecting fixing commit since b94de4d19498b454645b72d08a05d32fa9074fb5
building syzkaller on cba33199be220cbf61f7c0c8223d88a25a913d6f
testing commit b94de4d19498b454645b72d08a05d32fa9074fb5 with gcc (GCC) 8.4.1 20210217
kernel signature: 5ff1d6af5a0abde83df7bc209a59f9ce6db677ecd98ecee93fd714ab0b782f3a
run #0: crashed: kernel BUG in f2fs_get_meta_page_nofail
run #1: crashed: kernel BUG in f2fs_get_meta_page_nofail
run #2: crashed: kernel BUG in corrupted
run #3: crashed: kernel BUG in corrupted
run #4: crashed: kernel BUG in f2fs_get_meta_page_nofail
run #5: crashed: kernel BUG in corrupted
run #6: crashed: kernel BUG in f2fs_get_meta_page_nofail
run #7: crashed: kernel BUG in f2fs_get_meta_page_nofail
run #8: crashed: kernel BUG in f2fs_get_meta_page_nofail
run #9: crashed: kernel BUG in f2fs_get_meta_page_nofail
run #10: crashed: kernel BUG in corrupted
run #11: crashed: kernel BUG in f2fs_get_meta_page_nofail
run #12: crashed: kernel BUG in f2fs_get_meta_page_nofail
run #13: crashed: kernel BUG in f2fs_get_meta_page_nofail
run #14: crashed: kernel BUG in f2fs_get_meta_page_nofail
run #15: crashed: kernel BUG in f2fs_get_meta_page_nofail
run #16: crashed: kernel BUG in f2fs_get_meta_page_nofail
run #17: crashed: kernel BUG in f2fs_get_meta_page_nofail
run #18: crashed: kernel BUG in f2fs_get_meta_page_nofail
run #19: crashed: kernel BUG in corrupted
testing current HEAD 2965db2e004cf9c92b87c1f559e9812c0ae878c1
testing commit 2965db2e004cf9c92b87c1f559e9812c0ae878c1 with gcc (GCC) 8.4.1 20210217
kernel signature: ec60e9237cc3ed54d78775c1682b15f9fba23593a027e1302a704792fc3c1e73
all runs: crashed: kernel BUG in f2fs_get_meta_page_nofail
revisions tested: 2, total time: 22m57.289284533s (build: 15m46.256020402s, test: 6m46.163838416s)
the crash still happens on HEAD
commit msg: Linux 4.19.188
crash: kernel BUG in f2fs_get_meta_page_nofail
attempt to access beyond end of device
loop5: rw=12288, want=20520, limit=16368
loop3: rw=12288, want=20488, limit=16368
attempt to access beyond end of device
------------[ cut here ]------------
kernel BUG at fs/f2fs/checkpoint.c:127!
attempt to access beyond end of device
loop5: rw=12288, want=20528, limit=16368
loop1: rw=12288, want=20512, limit=16368
loop2: rw=12288, want=20488, limit=16368
loop0: rw=12288, want=20488, limit=16368
attempt to access beyond end of device
attempt to access beyond end of device
attempt to access beyond end of device
attempt to access beyond end of device
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
loop2: rw=12288, want=20488, limit=16368
CPU: 0 PID: 9130 Comm: syz-executor.3 Not tainted 4.19.188-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:f2fs_get_meta_page_nofail+0x41/0x50 fs/f2fs/checkpoint.c:127
Code: 00 00 4c 89 ee 4c 89 e7 e8 dc bc ff ff 48 3d 00 f0 ff ff 76 17 48 83 f8 fb 75 05 83 eb 01 75 dd 31 f6 4c 89 e7 e8 cf f2 ff ff <0f> 0b 5b 41 5c 41 5d 5d c3 66 0f 1f 44 00 00 55 31 d2 48 89 e5 e8
loop1: rw=12288, want=20520, limit=16368
RSP: 0018:ffff8881cf4d7858 EFLAGS: 00010286
RAX: ffff8881d2633b00 RBX: 0000000000000000 RCX: 1ffff1103a9a453f
RDX: ffffffff00000001 RSI: 0000000000000004 RDI: ffffffff8bad9720
RBP: ffff8881cf4d7870 R08: 0000000000000000 R09: ffffffff8b5d55d8
R10: ffff8881d4d22a80 R11: 0000000000000001 R12: ffff8881edd28040
R13: 0000000000000a00 R14: ffff8881edd28040 R15: ffff8881ec4d5240
FS:  00007f72623d2700(0000) GS:ffff8881f6400000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f2cf13739a9 CR3: 00000001d25c0002 CR4: 00000000001606f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 get_current_nat_page+0x12d/0x1b0 fs/f2fs/node.c:116
loop5: rw=12288, want=20536, limit=16368
 __f2fs_build_free_nids fs/f2fs/node.c:2287 [inline]
 f2fs_build_free_nids+0x2a6/0xf30 fs/f2fs/node.c:2328
 f2fs_build_node_manager+0x1fb8/0x2c30 fs/f2fs/node.c:3052
attempt to access beyond end of device
 f2fs_fill_super fs/f2fs/super.c:3022 [inline]
 f2fs_fill_super+0x31a3/0x70f0 fs/f2fs/super.c:2803
 mount_bdev+0x26f/0x330 fs/super.c:1158
 f2fs_mount+0x10/0x20 fs/f2fs/super.c:3234
 mount_fs+0x7f/0x2b0 fs/super.c:1261
loop2: rw=12288, want=20488, limit=16368
 vfs_kern_mount.part.11+0x58/0x3d0 fs/namespace.c:961
 vfs_kern_mount fs/namespace.c:951 [inline]
 do_new_mount fs/namespace.c:2469 [inline]
 do_mount+0x376/0x2710 fs/namespace.c:2799
 ksys_mount+0xb1/0xd0 fs/namespace.c:3015
attempt to access beyond end of device
 __do_sys_mount fs/namespace.c:3029 [inline]
 __se_sys_mount fs/namespace.c:3026 [inline]
 __x64_sys_mount+0xb9/0x150 fs/namespace.c:3026
 do_syscall_64+0xd0/0x4e0 arch/x86/entry/common.c:293
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x466daa
Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f72623d1fa8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 0000000020000200 RCX: 0000000000466daa
RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007f72623d2000
RBP: 00007f72623d2040 R08: 00007f72623d2040 R09: 0000000020000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000020000000
loop1: rw=12288, want=20528, limit=16368
R13: 0000000020000100 R14: 00007f72623d2000 R15: 0000000020012400
Modules linked in:
loop0: rw=12288, want=20496, limit=16368
------------[ cut here ]------------
attempt to access beyond end of device
kernel BUG at fs/f2fs/checkpoint.c:127!
attempt to access beyond end of device
loop0: rw=12288, want=20504, limit=16368
invalid opcode: 0000 [#2] PREEMPT SMP KASAN
attempt to access beyond end of device
CPU: 1 PID: 9136 Comm: syz-executor.2 Tainted: G      D           4.19.188-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:f2fs_get_meta_page_nofail+0x41/0x50 fs/f2fs/checkpoint.c:127
Code: 00 00 4c 89 ee 4c 89 e7 e8 dc bc ff ff 48 3d 00 f0 ff ff 76 17 48 83 f8 fb 75 05 83 eb 01 75 dd 31 f6 4c 89 e7 e8 cf f2 ff ff <0f> 0b 5b 41 5c 41 5d 5d c3 66 0f 1f 44 00 00 55 31 d2 48 89 e5 e8
RSP: 0018:ffff8881ec8cf858 EFLAGS: 00010286
RAX: ffff8881ccba3880 RBX: 0000000000000000 RCX: 0000000000000000
RDX: ffffffff00000001 RSI: 0000000000000000 RDI: ffffffff8bad9720
RBP: ffff8881ec8cf870 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: ffff8881d3ea0080
R13: 0000000000000a00 R14: ffff8881d3ea0080 R15: ffff8881f36b7200
FS:  00007f2b6193d700(0000) GS:ffff8881f6500000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f0db3063000 CR3: 00000001ecc82004 CR4: 00000000001606e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 get_current_nat_page+0x12d/0x1b0 fs/f2fs/node.c:116
 __f2fs_build_free_nids fs/f2fs/node.c:2287 [inline]
 f2fs_build_free_nids+0x2a6/0xf30 fs/f2fs/node.c:2328
 f2fs_build_node_manager+0x1fb8/0x2c30 fs/f2fs/node.c:3052
 f2fs_fill_super fs/f2fs/super.c:3022 [inline]
 f2fs_fill_super+0x31a3/0x70f0 fs/f2fs/super.c:2803
 mount_bdev+0x26f/0x330 fs/super.c:1158
 f2fs_mount+0x10/0x20 fs/f2fs/super.c:3234
 mount_fs+0x7f/0x2b0 fs/super.c:1261
 vfs_kern_mount.part.11+0x58/0x3d0 fs/namespace.c:961
loop0: rw=12288, want=20512, limit=16368
 vfs_kern_mount fs/namespace.c:951 [inline]
 do_new_mount fs/namespace.c:2469 [inline]
 do_mount+0x376/0x2710 fs/namespace.c:2799
attempt to access beyond end of device
 ksys_mount+0xb1/0xd0 fs/namespace.c:3015
 __do_sys_mount fs/namespace.c:3029 [inline]
 __se_sys_mount fs/namespace.c:3026 [inline]
 __x64_sys_mount+0xb9/0x150 fs/namespace.c:3026
 do_syscall_64+0xd0/0x4e0 arch/x86/entry/common.c:293
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x466daa
Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
loop0: rw=12288, want=20520, limit=16368
RSP: 002b:00007f2b6193cfa8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 0000000020000200 RCX: 0000000000466daa
RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007f2b6193d000
RBP: 00007f2b6193d040 R08: 00007f2b6193d040 R09: 0000000020000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000020000000
R13: 0000000020000100 R14: 00007f2b6193d000 R15: 0000000020012400
Modules linked in:
attempt to access beyond end of device
attempt to access beyond end of device
loop5: rw=12288, want=20544, limit=16368
loop0: rw=12288, want=20528, limit=16368
loop1: rw=12288, want=20536, limit=16368
attempt to access beyond end of device
attempt to access beyond end of device
loop0: rw=12288, want=20536, limit=16368
attempt to access beyond end of device
loop1: rw=12288, want=20544, limit=16368
attempt to access beyond end of device
attempt to access beyond end of device
loop0: rw=12288, want=20544, limit=16368
attempt to access beyond end of device
attempt to access beyond end of device
loop4: rw=12288, want=20488, limit=16368
loop0: rw=12288, want=20488, limit=16368
loop1: rw=12288, want=20488, limit=16368
attempt to access beyond end of device
attempt to access beyond end of device
---[ end trace a86bb43027d7c36e ]---
loop1: rw=12288, want=20488, limit=16368
loop0: rw=12288, want=20488, limit=16368
attempt to access beyond end of device
attempt to access beyond end of device
loop1: rw=12288, want=20488, limit=16368
loop5: rw=12288, want=20488, limit=16368
attempt to access beyond end of device
---[ end trace a86bb43027d7c36f ]---
loop1: rw=12288, want=20488, limit=16368
loop4: rw=12288, want=20496, limit=16368
attempt to access beyond end of device
RIP: 0010:f2fs_get_meta_page_nofail+0x41/0x50 fs/f2fs/checkpoint.c:127
loop1: rw=12288, want=20488, limit=16368
attempt to access beyond end of device
attempt to access beyond end of device
attempt to access beyond end of device
loop1: rw=12288, want=20488, limit=16368
attempt to access beyond end of device
attempt to access beyond end of device
loop0: rw=12288, want=20488, limit=16368
loop1: rw=12288, want=20488, limit=16368
attempt to access beyond end of device
Code: 00 00 4c 89 ee 4c 89 e7 e8 dc bc ff ff 48 3d 00 f0 ff ff 76 17 48 83 f8 fb 75 05 83 eb 01 75 dd 31 f6 4c 89 e7 e8 cf f2 ff ff <0f> 0b 5b 41 5c 41 5d 5d c3 66 0f 1f 44 00 00 55 31 d2 48 89 e5 e8
attempt to access beyond end of device
RIP: 0010:f2fs_get_meta_page_nofail+0x41/0x50 fs/f2fs/checkpoint.c:127
loop0: rw=12288, want=20488, limit=16368
attempt to access beyond end of device
RSP: 0018:ffff8881cf4d7858 EFLAGS: 00010286
loop4: rw=12288, want=20504, limit=16368
loop5: rw=12288, want=20488, limit=16368
loop1: rw=12288, want=20488, limit=16368
attempt to access beyond end of device
Code: 00 00 4c 89 ee 4c 89 e7 e8 dc bc ff ff 48 3d 00 f0 ff ff 76 17 48 83 f8 fb 75 05 83 eb 01 75 dd 31 f6 4c 89 e7 e8 cf f2 ff ff <0f> 0b 5b 41 5c 41 5d 5d c3 66 0f 1f 44 00 00 55 31 d2 48 89 e5 e8
attempt to access beyond end of device
attempt to access beyond end of device
loop0: rw=12288, want=20488, limit=16368
attempt to access beyond end of device
loop0: rw=12288, want=20488, limit=16368
attempt to access beyond end of device
loop5: rw=12288, want=20488, limit=16368
loop0: rw=12288, want=20488, limit=16368
RAX: ffff8881d2633b00 RBX: 0000000000000000 RCX: 1ffff1103a9a453f
loop1: rw=12288, want=20488, limit=16368
------------[ cut here ]------------
RSP: 0018:ffff8881cf4d7858 EFLAGS: 00010286
kernel BUG at fs/f2fs/checkpoint.c:127!
loop4: rw=12288, want=20512, limit=16368
RAX: ffff8881d2633b00 RBX: 0000000000000000 RCX: 1ffff1103a9a453f
attempt to access beyond end of device
RDX: ffffffff00000001 RSI: 0000000000000004 RDI: ffffffff8bad9720
attempt to access beyond end of device
loop0: rw=12288, want=20488, limit=16368
attempt to access beyond end of device
loop0: rw=12288, want=20488, limit=16368
------------[ cut here ]------------
RBP: ffff8881cf4d7870 R08: 0000000000000000 R09: ffffffff8b5d55d8
kernel BUG at fs/f2fs/checkpoint.c:127!
RDX: ffffffff00000001 RSI: 0000000000000004 RDI: ffffffff8bad9720
R10: ffff8881d4d22a80 R11: 0000000000000001 R12: ffff8881edd28040
attempt to access beyond end of device
R13: 0000000000000a00 R14: ffff8881edd28040 R15: ffff8881ec4d5240
invalid opcode: 0000 [#3] PREEMPT SMP KASAN
CPU: 1 PID: 9241 Comm: syz-executor.1 Tainted: G      D           4.19.188-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:f2fs_get_meta_page_nofail+0x41/0x50 fs/f2fs/checkpoint.c:127
Code: 00 00 4c 89 ee 4c 89 e7 e8 dc bc ff ff 48 3d 00 f0 ff ff 76 17 48 83 f8 fb 75 05 83 eb 01 75 dd 31 f6 4c 89 e7 e8 cf f2 ff ff <0f> 0b 5b 41 5c 41 5d 5d c3 66 0f 1f 44 00 00 55 31 d2 48 89 e5 e8
RSP: 0018:ffff8881e80df858 EFLAGS: 00010286
RAX: ffff8881e7c250c0 RBX: 0000000000000000 RCX: 0000000000000000
RDX: ffffffff00000001 RSI: 0000000000000000 RDI: ffffffff8bad9720
RBP: ffff8881e80df870 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: ffff8881cc4814c0
R13: 0000000000000a00 R14: ffff8881cc4814c0 R15: ffff8881d210a480
FS:  00007f1443941700(0000) GS:ffff8881f6500000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00005592c9dac000 CR3: 00000001f2b31003 CR4: 00000000001606e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 get_current_nat_page+0x12d/0x1b0 fs/f2fs/node.c:116
 __f2fs_build_free_nids fs/f2fs/node.c:2287 [inline]
 f2fs_build_free_nids+0x2a6/0xf30 fs/f2fs/node.c:2328
FS:  00007f2b6193d700(0000) GS:ffff8881f6400000(0000) knlGS:0000000000000000
 f2fs_build_node_manager+0x1fb8/0x2c30 fs/f2fs/node.c:3052
 f2fs_fill_super fs/f2fs/super.c:3022 [inline]
 f2fs_fill_super+0x31a3/0x70f0 fs/f2fs/super.c:2803
 mount_bdev+0x26f/0x330 fs/super.c:1158
 f2fs_mount+0x10/0x20 fs/f2fs/super.c:3234
 mount_fs+0x7f/0x2b0 fs/super.c:1261
 vfs_kern_mount.part.11+0x58/0x3d0 fs/namespace.c:961
 vfs_kern_mount fs/namespace.c:951 [inline]
 do_new_mount fs/namespace.c:2469 [inline]
 do_mount+0x376/0x2710 fs/namespace.c:2799
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
 ksys_mount+0xb1/0xd0 fs/namespace.c:3015
 __do_sys_mount fs/namespace.c:3029 [inline]
 __se_sys_mount fs/namespace.c:3026 [inline]
 __x64_sys_mount+0xb9/0x150 fs/namespace.c:3026
 do_syscall_64+0xd0/0x4e0 arch/x86/entry/common.c:293
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x466daa
Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f1443940fa8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 0000000020000200 RCX: 0000000000466daa
RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007f1443941000
RBP: 00007f1443941040 R08: 00007f1443941040 R09: 0000000020000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000020000000
R13: 0000000020000100 R14: 00007f1443941000 R15: 0000000020012400
Modules linked in:
RBP: ffff8881cf4d7870 R08: 0000000000000000 R09: ffffffff8b5d55d8
CR2: 00007f0db3070000 CR3: 00000001ecc82002 CR4: 00000000001606f0
loop5: rw=12288, want=20488, limit=16368
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
loop4: rw=12288, want=20520, limit=16368
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
invalid opcode: 0000 [#4] PREEMPT SMP KASAN