bisecting fixing commit since a1b977b49b66c75e6c51a515f6700371ae720217
building syzkaller on d32b0bbf2f8cfe548553c4012e2c0f79040d999f
testing commit a1b977b49b66c75e6c51a515f6700371ae720217 with gcc (GCC) 8.1.0
kernel signature: ebcbfa8465dc7b7a643d511426f3689eb02cb3825cf6ed97d94359cd602c789b
all runs: crashed: BUG: unable to handle kernel paging request in dquot_add_space
testing current HEAD 31acccdc877486a649a86d37725a15175fcd5ed6
testing commit 31acccdc877486a649a86d37725a15175fcd5ed6 with gcc (GCC) 8.1.0
kernel signature: 17aacddc7734cb4bb2b6f1c30fffdd56643074beda303c50a5efdd2959919b88
all runs: crashed: BUG: unable to handle kernel paging request in dquot_add_space
revisions tested: 2, total time: 24m8.754503113s (build: 18m2.280842671s, test: 5m27.711873956s)
the crash still happens on HEAD
commit msg: Linux 4.19.157
crash: BUG: unable to handle kernel paging request in dquot_add_space
wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
Quota error (device loop4): qtree_write_dquot: Error -927940090 occurred while creating quota
Bluetooth: hci1: command 0x0419 tx timeout
wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
BUG: unable to handle kernel paging request at fffffbfff9161860
IPv6: ADDRCONF(NETDEV_UP): wlan1: link is not ready
PGD 23ffed067 P4D 23ffed067 PUD 23ffec067 PMD 0 
Oops: 0000 [#1] PREEMPT SMP KASAN
CPU: 1 PID: 8120 Comm: syz-executor.5 Not tainted 4.19.157-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:dquot_add_space+0x34/0x1240 fs/quota/dquot.c:1307
Code: e5 41 57 41 56 41 55 41 54 53 48 89 fb 48 83 ec 58 48 89 55 c8 48 89 c2 48 89 45 b8 48 c1 ea 03 48 b8 00 00 00 00 00 fc ff df <80> 3c 02 00 48 89 75 d0 89 4d b0 4c 89 45 c0 0f 85 24 0b 00 00 4c
RSP: 0018:ffff88809faff0d8 EFLAGS: 00010a07
RAX: dffffc0000000000 RBX: ffffffffc8b0c206 RCX: 0000000000000001
RDX: 1ffffffff9161860 RSI: 0000000000000400 RDI: ffffffffc8b0c206
RBP: ffff88809faff158 R08: ffff88809faff1c8 R09: ffffed101026fcc7
R10: 0000000000000000 R11: ffff88809faff1c8 R12: 0000000000000000
R13: 0000000000000000 R14: ffff88808137eb50 R15: 0000000000000400
FS:  00007fc96341d700(0000) GS:ffff8880ba500000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: fffffbfff9161860 CR3: 00000000a2c17000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 __dquot_alloc_space+0x3f4/0x6f0 fs/quota/dquot.c:1672
 dquot_alloc_space_nodirty include/linux/quotaops.h:298 [inline]
 dquot_alloc_space include/linux/quotaops.h:311 [inline]
 dquot_alloc_block include/linux/quotaops.h:335 [inline]
 ext4_mb_new_blocks+0x4a4/0x3aa0 fs/ext4/mballoc.c:4533
 ext4_new_meta_blocks+0x1cc/0x360 fs/ext4/balloc.c:665
 ext4_xattr_block_set+0x10e3/0x2e10 fs/ext4/xattr.c:2075
 ext4_xattr_set_handle+0x861/0xc20 fs/ext4/xattr.c:2411
 ext4_xattr_set+0x1bc/0x300 fs/ext4/xattr.c:2511
 ext4_xattr_trusted_set+0x1e/0x20 fs/ext4/xattr_trusted.c:37
 __vfs_setxattr+0xd9/0x140 fs/xattr.c:149
 __vfs_setxattr_noperm+0xe9/0x380 fs/xattr.c:180
 __vfs_setxattr_locked+0x185/0x200 fs/xattr.c:238
 vfs_setxattr+0x101/0x280 fs/xattr.c:255
 setxattr+0x1af/0x280 fs/xattr.c:520
 path_setxattr+0x144/0x160 fs/xattr.c:539
 __do_sys_setxattr fs/xattr.c:554 [inline]
 __se_sys_setxattr fs/xattr.c:550 [inline]
 __x64_sys_setxattr+0xbf/0x150 fs/xattr.c:550
 do_syscall_64+0xd0/0x4e0 arch/x86/entry/common.c:293
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x45de59
Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007fc96341cc78 EFLAGS: 00000246 ORIG_RAX: 00000000000000bc
RAX: ffffffffffffffda RBX: 0000000000033bc0 RCX: 000000000045de59
RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000020000040
RBP: 000000000118bf70 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 000000000118bf2c
R13: 00007ffc54edd4df R14: 00007fc96341d9c0 R15: 000000000118bf2c
Modules linked in:
CR2: fffffbfff9161860
---[ end trace a4efc58168aaadd5 ]---
BUG: unable to handle kernel paging request at fffffbfff9161860
RIP: 0010:dquot_add_space+0x34/0x1240 fs/quota/dquot.c:1307
PGD 23ffed067 P4D 23ffed067 PUD 23ffec067 PMD 0 
Code: e5 41 57 41 56 41 55 41 54 53 48 89 fb 48 83 ec 58 48 89 55 c8 48 89 c2 48 89 45 b8 48 c1 ea 03 48 b8 00 00 00 00 00 fc ff df <80> 3c 02 00 48 89 75 d0 89 4d b0 4c 89 45 c0 0f 85 24 0b 00 00 4c
Oops: 0000 [#2] PREEMPT SMP KASAN
RSP: 0018:ffff88809faff0d8 EFLAGS: 00010a07
CPU: 0 PID: 8130 Comm: syz-executor.4 Tainted: G      D           4.19.157-syzkaller #0
RAX: dffffc0000000000 RBX: ffffffffc8b0c206 RCX: 0000000000000001
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RDX: 1ffffffff9161860 RSI: 0000000000000400 RDI: ffffffffc8b0c206
RIP: 0010:dquot_add_space+0x34/0x1240 fs/quota/dquot.c:1307
RBP: ffff88809faff158 R08: ffff88809faff1c8 R09: ffffed101026fcc7
Code: e5 41 57 41 56 41 55 41 54 53 48 89 fb 48 83 ec 58 48 89 55 c8 48 89 c2 48 89 45 b8 48 c1 ea 03 48 b8 00 00 00 00 00 fc ff df <80> 3c 02 00 48 89 75 d0 89 4d b0 4c 89 45 c0 0f 85 24 0b 00 00 4c
R10: 0000000000000000 R11: ffff88809faff1c8 R12: 0000000000000000
RSP: 0018:ffff88808cfdf0d8 EFLAGS: 00010a07
R13: 0000000000000000 R14: ffff88808137eb50 R15: 0000000000000400
RAX: dffffc0000000000 RBX: ffffffffc8b0c206 RCX: 0000000000000001
FS:  00007fc96341d700(0000) GS:ffff8880ba500000(0000) knlGS:0000000000000000
RDX: 1ffffffff9161860 RSI: 0000000000000400 RDI: ffffffffc8b0c206
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
RBP: ffff88808cfdf158 R08: ffff88808cfdf1c8 R09: ffffed1010278edf
CR2: fffffbfff9161860 CR3: 00000000a2c17000 CR4: 00000000001406e0
R10: 0000000000000000 R11: ffff88808cfdf1c8 R12: 0000000000000000
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
R13: 0000000000000000 R14: ffff8880813c7c10 R15: 0000000000000400
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400