ci2 starts bisection 2023-06-12 02:23:50.913416927 +0000 UTC m=+143606.362748786
bisecting fixing commit since 43c801dc3325b9f07f8869e95ad87b05a9f21eb6
building syzkaller on ecca8a243762a781257ba0b65291bca940e13e9c
ensuring issue is reproducible on original commit 43c801dc3325b9f07f8869e95ad87b05a9f21eb6

testing commit 43c801dc3325b9f07f8869e95ad87b05a9f21eb6 gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 9fd27b9ddfc6d5132b128ca52123087ecf4cd4b1fca2cb04d19d291f01c038b7
all runs: crashed: KASAN: use-after-free Read in f2fs_truncate_data_blocks_range
testing current HEAD 43c801dc3325b9f07f8869e95ad87b05a9f21eb6
testing commit 43c801dc3325b9f07f8869e95ad87b05a9f21eb6 gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: e4f49f24d83c49802ecc59a5ff65bd329a75657ad33962c87643b05423b8cc3c
run #0: crashed: KASAN: use-after-free Read in f2fs_truncate_data_blocks_range
run #1: crashed: KASAN: use-after-free Read in f2fs_truncate_data_blocks_range
run #2: crashed: KASAN: use-after-free Read in f2fs_truncate_data_blocks_range
run #3: crashed: KASAN: slab-out-of-bounds Read in f2fs_truncate_data_blocks_range
run #4: crashed: KASAN: use-after-free Read in f2fs_truncate_data_blocks_range
run #5: crashed: KASAN: use-after-free Read in f2fs_truncate_data_blocks_range
run #6: crashed: KASAN: use-after-free Read in f2fs_truncate_data_blocks_range
run #7: crashed: KASAN: use-after-free Read in f2fs_truncate_data_blocks_range
run #8: crashed: KASAN: slab-out-of-bounds Read in f2fs_truncate_data_blocks_range
run #9: crashed: KASAN: slab-out-of-bounds Read in f2fs_truncate_data_blocks_range
crash still not fixed/happens on the oldest tested release
revisions tested: 2, total time: 15m15.563950331s (build: 8m43.128089259s, test: 6m11.999423848s)
crash still not fixed on HEAD or HEAD had kernel test errors
commit msg: Revert "ASoC: hdac_hdmi: use set_stream() instead of set_tdm_slots()"
crash: KASAN: slab-out-of-bounds Read in f2fs_truncate_data_blocks_range
RAX: ffffffffffffffda RBX: 00007f5622deff80 RCX: 00007f5622cd0169
RDX: 0000000000000000 RSI: 00000000000001f8 RDI: 00000000200000c0
RBP: 00007f5622d2bca1 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffcec4c99ef R14: 00007f5622843300 R15: 0000000000022000
==================================================================
BUG: KASAN: slab-out-of-bounds in f2fs_truncate_data_blocks_range+0xc51/0xe90 fs/f2fs/file.c:581
Read of size 4 at addr ffff88810cf080f0 by task syz-executor.0/367

CPU: 1 PID: 367 Comm: syz-executor.0 Not tainted 5.10.178-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack_lvl+0x81/0xac lib/dump_stack.c:118
 print_address_description.constprop.0+0x24/0x160 mm/kasan/report.c:248
 __kasan_report mm/kasan/report.c:435 [inline]
 kasan_report.cold+0x82/0xdb mm/kasan/report.c:452
 __asan_report_load4_noabort+0x14/0x20 mm/kasan/report_generic.c:308
 f2fs_truncate_data_blocks_range+0xc51/0xe90 fs/f2fs/file.c:581
 f2fs_truncate_data_blocks+0x66/0x120 fs/f2fs/file.c:638
 truncate_dnode+0x135/0x1b0 fs/f2fs/node.c:943
 f2fs_truncate_inode_blocks+0x23b/0xb40 fs/f2fs/node.c:1153
 f2fs_do_truncate_blocks+0x396/0x9e0 fs/f2fs/file.c:727
 f2fs_truncate_blocks+0x5f/0x260 fs/f2fs/file.c:755
 f2fs_truncate fs/f2fs/file.c:807 [inline]
 f2fs_truncate+0x18d/0x360 fs/f2fs/file.c:778
 f2fs_setattr+0x834/0x12b0 fs/f2fs/file.c:971
 notify_change+0x796/0xd70 fs/attr.c:394
 do_truncate+0xfc/0x1b0 fs/open.c:65
 handle_truncate fs/namei.c:3060 [inline]
 do_open fs/namei.c:3401 [inline]
 path_openat+0x1f9b/0x3980 fs/namei.c:3515
 do_filp_open+0x193/0x3d0 fs/namei.c:3542
 do_sys_openat2+0x135/0x750 fs/open.c:1217
 do_sys_open fs/open.c:1233 [inline]
 __do_sys_creat fs/open.c:1307 [inline]
 __se_sys_creat fs/open.c:1301 [inline]
 __x64_sys_creat+0xd4/0x130 fs/open.c:1301
 do_syscall_64+0x32/0x80 arch/x86/entry/common.c:46
 entry_SYSCALL_64_after_hwframe+0x61/0xc6
RIP: 0033:0x7f5622cd0169
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f5622843168 EFLAGS: 00000246 ORIG_RAX: 0000000000000055
RAX: ffffffffffffffda RBX: 00007f5622deff80 RCX: 00007f5622cd0169
RDX: 0000000000000000 RSI: 00000000000001f8 RDI: 00000000200000c0
RBP: 00007f5622d2bca1 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffcec4c99ef R14: 00007f5622843300 R15: 0000000000022000

Allocated by task 367:
 kasan_save_stack+0x26/0x50 mm/kasan/common.c:38
 kasan_set_track mm/kasan/common.c:45 [inline]
 set_alloc_info mm/kasan/common.c:430 [inline]
 __kasan_slab_alloc+0x94/0xc0 mm/kasan/common.c:463
 kasan_slab_alloc include/linux/kasan.h:244 [inline]
 slab_post_alloc_hook mm/slab.h:583 [inline]
 slab_alloc_node mm/slub.c:2947 [inline]
 slab_alloc mm/slub.c:2955 [inline]
 kmem_cache_alloc+0x15d/0x510 mm/slub.c:2960
 kmem_cache_alloc_node include/linux/slab.h:423 [inline]
 __alloc_skb+0x41/0x4d0 net/core/skbuff.c:199
 alloc_skb include/linux/skbuff.h:1125 [inline]
 alloc_skb_with_frags+0x76/0x4a0 net/core/skbuff.c:5922
 sock_alloc_send_pskb+0x697/0x850 net/core/sock.c:2354
 sock_alloc_send_skb+0x13/0x20 net/core/sock.c:2371
 mld_newpack+0x1c0/0x950 net/ipv6/mcast.c:1604
 add_grhead+0x243/0x320 net/ipv4/igmp.c:442
 add_grec+0xb29/0xdc0 net/ipv6/mcast.c:1838
 mld_send_initial_cr.part.0+0x9c/0x110 net/ipv6/mcast.c:2088
 mld_send_initial_cr net/ipv6/mcast.c:1191 [inline]
 mld_dad_timer_expire+0x168/0x530 net/ipv6/mcast.c:2112
 call_timer_fn+0x2b/0x1c0 kernel/time/timer.c:1420
 expire_timers kernel/time/timer.c:1465 [inline]
 __run_timers.part.0+0x559/0x930 kernel/time/timer.c:1759
 __run_timers kernel/time/timer.c:1737 [inline]
 run_timer_softirq+0xa2/0x1a0 kernel/time/timer.c:1772
 __do_softirq+0x1c6/0x675 kernel/softirq.c:309

The buggy address belongs to the object at ffff88810cf08000
 which belongs to the cache skbuff_head_cache of size 240
The buggy address is located 0 bytes to the right of
 240-byte region [ffff88810cf08000, ffff88810cf080f0)
The buggy address belongs to the page:
page:ffffea000433c200 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10cf08
flags: 0x4000000000000200(slab)
raw: 4000000000000200 dead000000000100 dead000000000122 ffff888107faac00
raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
page dumped because: kasan: bad access detected
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112a20(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_HARDWALL), pid 367, ts 48086104435, free_ts 47650423852
 set_page_owner include/linux/page_owner.h:35 [inline]
 post_alloc_hook mm/page_alloc.c:2455 [inline]
 prep_new_page mm/page_alloc.c:2461 [inline]
 get_page_from_freelist+0x204a/0x2e30 mm/page_alloc.c:4253
 __alloc_pages_nodemask+0x2ae/0x2470 mm/page_alloc.c:5345
 __alloc_pages include/linux/gfp.h:544 [inline]
 __alloc_pages_node include/linux/gfp.h:557 [inline]
 alloc_pages_node include/linux/gfp.h:571 [inline]
 alloc_pages include/linux/gfp.h:590 [inline]
 alloc_slab_page mm/slub.c:1665 [inline]
 allocate_slab+0x30f/0x460 mm/slub.c:1808
 new_slab mm/slub.c:1869 [inline]
 new_slab_objects mm/slub.c:2627 [inline]
 ___slab_alloc.constprop.0+0x33e/0x750 mm/slub.c:2791
 __slab_alloc mm/slub.c:2831 [inline]
 slab_alloc_node mm/slub.c:2913 [inline]
 slab_alloc mm/slub.c:2955 [inline]
 kmem_cache_alloc+0x499/0x510 mm/slub.c:2960
 kmem_cache_alloc_node include/linux/slab.h:423 [inline]
 __alloc_skb+0x41/0x4d0 net/core/skbuff.c:199
 alloc_skb include/linux/skbuff.h:1125 [inline]
 alloc_skb_with_frags+0x76/0x4a0 net/core/skbuff.c:5922
 sock_alloc_send_pskb+0x697/0x850 net/core/sock.c:2354
 sock_alloc_send_skb+0x13/0x20 net/core/sock.c:2371
 mld_newpack+0x1c0/0x950 net/ipv6/mcast.c:1604
 add_grhead+0x243/0x320 net/ipv4/igmp.c:442
 add_grec+0xb29/0xdc0 net/ipv6/mcast.c:1838
 mld_send_cr net/ipv6/mcast.c:1964 [inline]
 mld_ifc_timer_expire+0x438/0xc50 net/ipv6/mcast.c:2471
 call_timer_fn+0x2b/0x1c0 kernel/time/timer.c:1420
 expire_timers kernel/time/timer.c:1465 [inline]
 __run_timers.part.0+0x559/0x930 kernel/time/timer.c:1759
 __run_timers kernel/time/timer.c:1737 [inline]
 run_timer_softirq+0xa2/0x1a0 kernel/time/timer.c:1772
page last free stack trace:
 reset_page_owner include/linux/page_owner.h:28 [inline]
 free_pages_prepare mm/page_alloc.c:1348 [inline]
 __free_pages_ok+0x44b/0x840 mm/page_alloc.c:1628
 free_the_page mm/page_alloc.c:5406 [inline]
 __free_pages+0xda/0xf0 mm/page_alloc.c:5415
 __free_slab+0xde/0x1d0 mm/slub.c:1894
 free_slab mm/slub.c:1909 [inline]
 discard_slab+0x2b/0x40 mm/slub.c:1915
 unfreeze_partials+0x1e1/0x240 mm/slub.c:2410
 put_cpu_partial+0xdb/0x160 mm/slub.c:2446
 __slab_free+0x23f/0x560 mm/slub.c:3095
 do_slab_free mm/slub.c:3191 [inline]
 ___cache_free+0x255/0x2b0 mm/slub.c:3210
 qlink_free mm/kasan/quarantine.c:157 [inline]
 qlist_free_all+0x71/0x150 mm/kasan/quarantine.c:176
 kasan_quarantine_reduce+0x15f/0x1d0 mm/kasan/quarantine.c:283
 __kasan_slab_alloc+0xaa/0xc0 mm/kasan/common.c:440
 kasan_slab_alloc include/linux/kasan.h:244 [inline]
 slab_post_alloc_hook mm/slab.h:583 [inline]
 slab_alloc_node mm/slub.c:2947 [inline]
 slab_alloc mm/slub.c:2955 [inline]
 kmem_cache_alloc_trace+0x165/0x520 mm/slub.c:2972
 kmalloc include/linux/slab.h:552 [inline]
 __kthread_create_on_node+0xe3/0x400 kernel/kthread.c:358
 kthread_create_on_node+0x96/0xc0 kernel/kthread.c:447
 f2fs_start_ckpt_thread+0xd6/0x1d0 fs/f2fs/checkpoint.c:1900
 f2fs_fill_super+0x4bc5/0x6610 fs/f2fs/super.c:4269

Memory state around the buggy address:
 ffff88810cf07f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ffff88810cf08000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>ffff88810cf08080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc
                                                             ^
 ffff88810cf08100: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
 ffff88810cf08180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
==================================================================
F2FS-fs (loop0): access invalid blkaddr:367
CPU: 1 PID: 367 Comm: syz-executor.0 Tainted: G    B             5.10.178-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack_lvl+0x81/0xac lib/dump_stack.c:118
 dump_stack+0x10/0x12 lib/dump_stack.c:135
 __is_bitmap_valid fs/f2fs/checkpoint.c:166 [inline]
 f2fs_is_valid_blkaddr.cold+0x2a/0x47 fs/f2fs/checkpoint.c:208
 f2fs_truncate_data_blocks_range+0x2b2/0xe90 fs/f2fs/file.c:599
 f2fs_truncate_data_blocks+0x66/0x120 fs/f2fs/file.c:638
 truncate_dnode+0x135/0x1b0 fs/f2fs/node.c:943
 f2fs_truncate_inode_blocks+0x23b/0xb40 fs/f2fs/node.c:1153
 f2fs_do_truncate_blocks+0x396/0x9e0 fs/f2fs/file.c:727
 f2fs_truncate_blocks+0x5f/0x260 fs/f2fs/file.c:755
 f2fs_truncate fs/f2fs/file.c:807 [inline]
 f2fs_truncate+0x18d/0x360 fs/f2fs/file.c:778
 f2fs_setattr+0x834/0x12b0 fs/f2fs/file.c:971
 notify_change+0x796/0xd70 fs/attr.c:394
 do_truncate+0xfc/0x1b0 fs/open.c:65
 handle_truncate fs/namei.c:3060 [inline]
 do_open fs/namei.c:3401 [inline]
 path_openat+0x1f9b/0x3980 fs/namei.c:3515
 do_filp_open+0x193/0x3d0 fs/namei.c:3542
 do_sys_openat2+0x135/0x750 fs/open.c:1217
 do_sys_open fs/open.c:1233 [inline]
 __do_sys_creat fs/open.c:1307 [inline]
 __se_sys_creat fs/open.c:1301 [inline]
 __x64_sys_creat+0xd4/0x130 fs/open.c:1301
 do_syscall_64+0x32/0x80 arch/x86/entry/common.c:46
 entry_SYSCALL_64_after_hwframe+0x61/0xc6
RIP: 0033:0x7f5622cd0169
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f5622843168 EFLAGS: 00000246 ORIG_RAX: 0000000000000055
RAX: ffffffffffffffda RBX: 00007f5622deff80 RCX: 00007f5622cd0169
RDX: 0000000000000000 RSI: 00000000000001f8 RDI: 00000000200000c0
RBP: 00007f5622d2bca1 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffcec4c99ef R14: 00007f5622843300 R15: 0000000000022000
F2FS-fs (loop0): access invalid blkaddr:2275410191
CPU: 1 PID: 367 Comm: syz-executor.0 Tainted: G    B             5.10.178-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack_lvl+0x81/0xac lib/dump_stack.c:118
 dump_stack+0x10/0x12 lib/dump_stack.c:135
 __is_bitmap_valid fs/f2fs/checkpoint.c:166 [inline]
 f2fs_is_valid_blkaddr.cold+0x2a/0x47 fs/f2fs/checkpoint.c:208
 f2fs_truncate_data_blocks_range+0x2b2/0xe90 fs/f2fs/file.c:599
 f2fs_truncate_data_blocks+0x66/0x120 fs/f2fs/file.c:638
 truncate_dnode+0x135/0x1b0 fs/f2fs/node.c:943
 f2fs_truncate_inode_blocks+0x23b/0xb40 fs/f2fs/node.c:1153
 f2fs_do_truncate_blocks+0x396/0x9e0 fs/f2fs/file.c:727
 f2fs_truncate_blocks+0x5f/0x260 fs/f2fs/file.c:755
 f2fs_truncate fs/f2fs/file.c:807 [inline]
 f2fs_truncate+0x18d/0x360 fs/f2fs/file.c:778
 f2fs_setattr+0x834/0x12b0 fs/f2fs/file.c:971
 notify_change+0x796/0xd70 fs/attr.c:394
 do_truncate+0xfc/0x1b0 fs/open.c:65
 handle_truncate fs/namei.c:3060 [inline]
 do_open fs/namei.c:3401 [inline]
 path_openat+0x1f9b/0x3980 fs/namei.c:3515
 do_filp_open+0x193/0x3d0 fs/namei.c:3542
 do_sys_openat2+0x135/0x750 fs/open.c:1217
 do_sys_open fs/open.c:1233 [inline]
 __do_sys_creat fs/open.c:1307 [inline]
 __se_sys_creat fs/open.c:1301 [inline]
 __x64_sys_creat+0xd4/0x130 fs/open.c:1301
 do_syscall_64+0x32/0x80 arch/x86/entry/common.c:46
 entry_SYSCALL_64_after_hwframe+0x61/0xc6
RIP: 0033:0x7f5622cd0169
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f5622843168 EFLAGS: 00000246 ORIG_RAX: 0000000000000055
RAX: ffffffffffffffda RBX: 00007f5622deff80 RCX: 00007f5622cd0169
RDX: 0000000000000000 RSI: 00000000000001f8 RDI: 00000000200000c0
RBP: 00007f5622d2bca1 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffcec4c99ef R14: 00007f5622843300 R15: 0000000000022000
F2FS-fs (loop0): access invalid blkaddr:217076992
CPU: 1 PID: 367 Comm: syz-executor.0 Tainted: G    B             5.10.178-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack_lvl+0x81/0xac lib/dump_stack.c:118
 dump_stack+0x10/0x12 lib/dump_stack.c:135
 __is_bitmap_valid fs/f2fs/checkpoint.c:166 [inline]
 f2fs_is_valid_blkaddr.cold+0x2a/0x47 fs/f2fs/checkpoint.c:208
 f2fs_truncate_data_blocks_range+0x2b2/0xe90 fs/f2fs/file.c:599
 f2fs_truncate_data_blocks+0x66/0x120 fs/f2fs/file.c:638
 truncate_dnode+0x135/0x1b0 fs/f2fs/node.c:943
 f2fs_truncate_inode_blocks+0x23b/0xb40 fs/f2fs/node.c:1153
 f2fs_do_truncate_blocks+0x396/0x9e0 fs/f2fs/file.c:727
 f2fs_truncate_blocks+0x5f/0x260 fs/f2fs/file.c:755
 f2fs_truncate fs/f2fs/file.c:807 [inline]
 f2fs_truncate+0x18d/0x360 fs/f2fs/file.c:778
 f2fs_setattr+0x834/0x12b0 fs/f2fs/file.c:971
 notify_change+0x796/0xd70 fs/attr.c:394
 do_truncate+0xfc/0x1b0 fs/open.c:65
 handle_truncate fs/namei.c:3060 [inline]
 do_open fs/namei.c:3401 [inline]
 path_openat+0x1f9b/0x3980 fs/namei.c:3515
 do_filp_open+0x193/0x3d0 fs/namei.c:3542
 do_sys_openat2+0x135/0x750 fs/open.c:1217
 do_sys_open fs/open.c:1233 [inline]
 __do_sys_creat fs/open.c:1307 [inline]
 __se_sys_creat fs/open.c:1301 [inline]
 __x64_sys_creat+0xd4/0x130 fs/open.c:1301
 do_syscall_64+0x32/0x80 arch/x86/entry/common.c:46
 entry_SYSCALL_64_after_hwframe+0x61/0xc6
RIP: 0033:0x7f5622cd0169
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f5622843168 EFLAGS: 00000246 ORIG_RAX: 0000000000000055
RAX: ffffffffffffffda RBX: 00007f5622deff80 RCX: 00007f5622cd0169
RDX: 0000000000000000 RSI: 00000000000001f8 RDI: 00000000200000c0
RBP: 00007f5622d2bca1 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffcec4c99ef R14: 00007f5622843300 R15: 0000000000022000
F2FS-fs (loop0): access invalid blkaddr:4294936705
CPU: 0 PID: 367 Comm: syz-executor.0 Tainted: G    B             5.10.178-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack_lvl+0x81/0xac lib/dump_stack.c:118
 dump_stack+0x10/0x12 lib/dump_stack.c:135
 __is_bitmap_valid fs/f2fs/checkpoint.c:166 [inline]
 f2fs_is_valid_blkaddr.cold+0x2a/0x47 fs/f2fs/checkpoint.c:208
 f2fs_truncate_data_blocks_range+0x2b2/0xe90 fs/f2fs/file.c:599
 f2fs_truncate_data_blocks+0x66/0x120 fs/f2fs/file.c:638
 truncate_dnode+0x135/0x1b0 fs/f2fs/node.c:943
 f2fs_truncate_inode_blocks+0x23b/0xb40 fs/f2fs/node.c:1153
 f2fs_do_truncate_blocks+0x396/0x9e0 fs/f2fs/file.c:727
 f2fs_truncate_blocks+0x5f/0x260 fs/f2fs/file.c:755
 f2fs_truncate fs/f2fs/file.c:807 [inline]
 f2fs_truncate+0x18d/0x360 fs/f2fs/file.c:778
 f2fs_setattr+0x834/0x12b0 fs/f2fs/file.c:971
 notify_change+0x796/0xd70 fs/attr.c:394
 do_truncate+0xfc/0x1b0 fs/open.c:65
 handle_truncate fs/namei.c:3060 [inline]
 do_open fs/namei.c:3401 [inline]
 path_openat+0x1f9b/0x3980 fs/namei.c:3515
 do_filp_open+0x193/0x3d0 fs/namei.c:3542
 do_sys_openat2+0x135/0x750 fs/open.c:1217
 do_sys_open fs/open.c:1233 [inline]
 __do_sys_creat fs/open.c:1307 [inline]
 __se_sys_creat fs/open.c:1301 [inline]
 __x64_sys_creat+0xd4/0x130 fs/open.c:1301
 do_syscall_64+0x32/0x80 arch/x86/entry/common.c:46
 entry_SYSCALL_64_after_hwframe+0x61/0xc6
RIP: 0033:0x7f5622cd0169
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f5622843168 EFLAGS: 00000246 ORIG_RAX: 0000000000000055
RAX: ffffffffffffffda RBX: 00007f5622deff80 RCX: 00007f5622cd0169
RDX: 0000000000000000 RSI: 00000000000001f8 RDI: 00000000200000c0
RBP: 00007f5622d2bca1 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffcec4c99ef R14: 00007f5622843300 R15: 0000000000022000
F2FS-fs (loop0): access invalid blkaddr:367
CPU: 0 PID: 367 Comm: syz-executor.0 Tainted: G    B             5.10.178-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack_lvl+0x81/0xac lib/dump_stack.c:118
 dump_stack+0x10/0x12 lib/dump_stack.c:135
 __is_bitmap_valid fs/f2fs/checkpoint.c:166 [inline]
 f2fs_is_valid_blkaddr.cold+0x2a/0x47 fs/f2fs/checkpoint.c:208
 f2fs_truncate_data_blocks_range+0x2b2/0xe90 fs/f2fs/file.c:599
 f2fs_truncate_data_blocks+0x66/0x120 fs/f2fs/file.c:638
 truncate_dnode+0x135/0x1b0 fs/f2fs/node.c:943
 f2fs_truncate_inode_blocks+0x23b/0xb40 fs/f2fs/node.c:1153
 f2fs_do_truncate_blocks+0x396/0x9e0 fs/f2fs/file.c:727
 f2fs_truncate_blocks+0x5f/0x260 fs/f2fs/file.c:755
 f2fs_truncate fs/f2fs/file.c:807 [inline]
 f2fs_truncate+0x18d/0x360 fs/f2fs/file.c:778
 f2fs_setattr+0x834/0x12b0 fs/f2fs/file.c:971
 notify_change+0x796/0xd70 fs/attr.c:394
 do_truncate+0xfc/0x1b0 fs/open.c:65
 handle_truncate fs/namei.c:3060 [inline]
 do_open fs/namei.c:3401 [inline]
 path_openat+0x1f9b/0x3980 fs/namei.c:3515
 do_filp_open+0x193/0x3d0 fs/namei.c:3542
 do_sys_openat2+0x135/0x750 fs/open.c:1217
 do_sys_open fs/open.c:1233 [inline]
 __do_sys_creat fs/open.c:1307 [inline]
 __se_sys_creat fs/open.c:1301 [inline]
 __x64_sys_creat+0xd4/0x130 fs/open.c:1301
 do_syscall_64+0x32/0x80 arch/x86/entry/common.c:46
 entry_SYSCALL_64_after_hwframe+0x61/0xc6
RIP: 0033:0x7f5622cd0169
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f5622843168 EFLAGS: 00000246 ORIG_RAX: 0000000000000055
RAX: ffffffffffffffda RBX: 00007f5622deff80 RCX: 00007f5622cd0169
RDX: 0000000000000000 RSI: 00000000000001f8 RDI: 00000000200000c0
RBP: 00007f5622d2bca1 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffcec4c99ef R14: 00007f5622843300 R15: 0000000000022000
F2FS-fs (loop0): access invalid blkaddr:3800039660
CPU: 0 PID: 367 Comm: syz-executor.0 Tainted: G    B             5.10.178-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack_lvl+0x81/0xac lib/dump_stack.c:118
 dump_stack+0x10/0x12 lib/dump_stack.c:135
 __is_bitmap_valid fs/f2fs/checkpoint.c:166 [inline]
 f2fs_is_valid_blkaddr.cold+0x2a/0x47 fs/f2fs/checkpoint.c:208
 f2fs_truncate_data_blocks_range+0x2b2/0xe90 fs/f2fs/file.c:599
 f2fs_truncate_data_blocks+0x66/0x120 fs/f2fs/file.c:638
 truncate_dnode+0x135/0x1b0 fs/f2fs/node.c:943
 f2fs_truncate_inode_blocks+0x23b/0xb40 fs/f2fs/node.c:1153
 f2fs_do_truncate_blocks+0x396/0x9e0 fs/f2fs/file.c:727
 f2fs_truncate_blocks+0x5f/0x260 fs/f2fs/file.c:755
 f2fs_truncate fs/f2fs/file.c:807 [inline]
 f2fs_truncate+0x18d/0x360 fs/f2fs/file.c:778
 f2fs_setattr+0x834/0x12b0 fs/f2fs/file.c:971
 notify_change+0x796/0xd70 fs/attr.c:394
 do_truncate+0xfc/0x1b0 fs/open.c:65
 handle_truncate fs/namei.c:3060 [inline]
 do_open fs/namei.c:3401 [inline]
 path_openat+0x1f9b/0x3980 fs/namei.c:3515
 do_filp_open+0x193/0x3d0 fs/namei.c:3542
 do_sys_openat2+0x135/0x750 fs/open.c:1217
 do_sys_open fs/open.c:1233 [inline]
 __do_sys_creat fs/open.c:1307 [inline]
 __se_sys_creat fs/open.c:1301 [inline]
 __x64_sys_creat+0xd4/0x130 fs/open.c:1301
 do_syscall_64+0x32/0x80 arch/x86/entry/common.c:46
 entry_SYSCALL_64_after_hwframe+0x61/0xc6
RIP: 0033:0x7f5622cd0169
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f5622843168 EFLAGS: 00000246 ORIG_RAX: 0000000000000055
RAX: ffffffffffffffda RBX: 00007f5622deff80 RCX: 00007f5622cd0169
RDX: 0000000000000000 RSI: 00000000000001f8 RDI: 00000000200000c0
RBP: 00007f5622d2bca1 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffcec4c99ef R14: 00007f5622843300 R15: 0000000000022000
F2FS-fs (loop0): dec_valid_node_count: inconsistent i_blocks, ino:8, iblocks:0