ci starts bisection 2022-11-17 11:04:50.23127239 +0000 UTC m=+124800.795765137
bisecting fixing commit since 55be6084c8e0e0ada9278c2ab60b7a584378efda
building syzkaller on 67cb024cd1a3c95e311263a5c95e957f9abfd8ca
ensuring issue is reproducible on original commit 55be6084c8e0e0ada9278c2ab60b7a584378efda

testing commit 55be6084c8e0e0ada9278c2ab60b7a584378efda gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 203db54feb538574e24c4578195d11d5b4577a4960cb6fa269394d0a7bd9ef29
all runs: crashed: general protection fault in end_page_writeback
testing current HEAD cc675d22e422442f6d230654a55a5fc5682ea018
testing commit cc675d22e422442f6d230654a55a5fc5682ea018 gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 387e9d7c607dc909264cc9d38b1f386fb20c0af588a6e739f3e7b0df6714374f
all runs: crashed: general protection fault in end_page_writeback
revisions tested: 2, total time: 22m7.785578662s (build: 15m10.401522319s, test: 6m14.076299375s)
the crash still happens on HEAD
commit msg: Merge tag 'for-linus-6.1-rc6-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip
crash: general protection fault in end_page_writeback
NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
general protection fault, probably for non-canonical address 0xdffffc0000000009: 0000 [#1] PREEMPT SMP KASAN
KASAN: null-ptr-deref in range [0x0000000000000048-0x000000000000004f]
CPU: 0 PID: 4162 Comm: segctord Not tainted 6.1.0-rc5-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
RIP: 0010:_compound_head include/linux/page-flags.h:253 [inline]
RIP: 0010:end_page_writeback+0x19/0xc0 mm/folio-compat.c:26
Code: 48 89 ef e8 c9 1d 1b 00 eb a9 e8 c2 1d 1b 00 eb c8 48 b8 00 00 00 00 00 fc ff df 55 48 89 fd 48 83 c7 08 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 82 00 00 00 48 8b 45 08 a8 01 75 6d 66 90 48 89
RSP: 0018:ffffc90004ee7b48 EFLAGS: 00010216
RAX: dffffc0000000000 RBX: ffff8880711021f8 RCX: ffffffff82eab517
RDX: 0000000000000009 RSI: 0000000000000008 RDI: 0000000000000048
RBP: 0000000000000040 R08: 0000000000000001 R09: ffff88807120ccb7
R10: ffffed100e241996 R11: 0000000000000000 R12: dffffc0000000000
R13: ffff88807120ccc0 R14: 0000000000000040 R15: ffff888071102160
FS:  0000000000000000(0000) GS:ffff8880b9c00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ff9fac4a378 CR3: 000000001b114000 CR4: 0000000000350ef0
Call Trace:
 <TASK>
 nilfs_segctor_complete_write fs/nilfs2/segment.c:1842 [inline]
 nilfs_segctor_wait fs/nilfs2/segment.c:1929 [inline]
 nilfs_segctor_do_construct+0x3cc4/0x6050 fs/nilfs2/segment.c:2092
 nilfs_segctor_construct+0x73a/0x930 fs/nilfs2/segment.c:2379
 nilfs_segctor_thread_construct fs/nilfs2/segment.c:2487 [inline]
 nilfs_segctor_thread+0x36c/0xd40 fs/nilfs2/segment.c:2570
 kthread+0x294/0x330 kernel/kthread.c:376
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:306
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:_compound_head include/linux/page-flags.h:253 [inline]
RIP: 0010:end_page_writeback+0x19/0xc0 mm/folio-compat.c:26
Code: 48 89 ef e8 c9 1d 1b 00 eb a9 e8 c2 1d 1b 00 eb c8 48 b8 00 00 00 00 00 fc ff df 55 48 89 fd 48 83 c7 08 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 82 00 00 00 48 8b 45 08 a8 01 75 6d 66 90 48 89
RSP: 0018:ffffc90004ee7b48 EFLAGS: 00010216
RAX: dffffc0000000000 RBX: ffff8880711021f8 RCX: ffffffff82eab517
RDX: 0000000000000009 RSI: 0000000000000008 RDI: 0000000000000048
RBP: 0000000000000040 R08: 0000000000000001 R09: ffff88807120ccb7
R10: ffffed100e241996 R11: 0000000000000000 R12: dffffc0000000000
R13: ffff88807120ccc0 R14: 0000000000000040 R15: ffff888071102160
FS:  0000000000000000(0000) GS:ffff8880b9d00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fb06cc83300 CR3: 000000000ae8e000 CR4: 0000000000350ee0
----------------
Code disassembly (best guess):
   0:	48 89 ef             	mov    %rbp,%rdi
   3:	e8 c9 1d 1b 00       	callq  0x1b1dd1
   8:	eb a9                	jmp    0xffffffb3
   a:	e8 c2 1d 1b 00       	callq  0x1b1dd1
   f:	eb c8                	jmp    0xffffffd9
  11:	48 b8 00 00 00 00 00 	movabs $0xdffffc0000000000,%rax
  18:	fc ff df
  1b:	55                   	push   %rbp
  1c:	48 89 fd             	mov    %rdi,%rbp
  1f:	48 83 c7 08          	add    $0x8,%rdi
  23:	48 89 fa             	mov    %rdi,%rdx
  26:	48 c1 ea 03          	shr    $0x3,%rdx
* 2a:	80 3c 02 00          	cmpb   $0x0,(%rdx,%rax,1) <-- trapping instruction
  2e:	0f 85 82 00 00 00    	jne    0xb6
  34:	48 8b 45 08          	mov    0x8(%rbp),%rax
  38:	a8 01                	test   $0x1,%al
  3a:	75 6d                	jne    0xa9
  3c:	66 90                	xchg   %ax,%ax
  3e:	48                   	rex.W
  3f:	89                   	.byte 0x89