kernel BUG at fs/inode.c:LINE! (2)

kernel BUG at fs/inode.c:LINE! (2)
Status: upstream: reported C repro on 2020/08/28 13:18
Reported-by: syzbot+c92c93d1f1aaaacdb9db@syzkaller.appspotmail.com
First crash: 338d, last: 295d

Cause bisection: introduced by (bisect log) :
commit a9ed4a6560b8562b7e2e2bed9527e88001f7b682
Author: Marc Zyngier <maz@kernel.org>
Date: Wed Aug 19 16:12:17 2020 +0000

epoll: Keep a reference on files added to the check list

Crash: WARNING: ODEBUG bug in exit_to_user_mode_prepare (log)
Repro: C syz .config

Fix bisection: fixed by (bisect log) [merge commit]:
commit 0fdf68c767c08004ff3a2fc032a139bdaf7826c5
Author: Linus Torvalds <torvalds@linux-foundation.org>
Date: Thu Sep 3 15:22:16 2020 +0000

Merge tag 'media/v5.9-2' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media

similar bugs (6):
Kernel	Title	Repro	Cause bisect	Fix bisect	Count	Last	Reported	Patched	Status
linux-4.19	kernel BUG in iput	C			6	21d	57d	0/1	upstream: reported C repro on 2021/06/01 01:19
linux-4.19	kernel BUG at fs/inode.c:LINE!	syz		done	2	330d	359d	1/1	fixed on 2020/10/01 20:29
linux-4.19	kernel BUG at fs/inode.c:LINE! (2)	C		done	5	92d	231d	1/1	fixed on 2021/05/29 15:40
linux-4.14	kernel BUG at fs/inode.c:LINE!				1	444d	444d	0/1	auto-closed as invalid on 2020/09/07 09:12
android-54	kernel BUG at fs/inode.c:LINE!	C			5	325d	334d	0/1	upstream: reported C repro on 2020/08/27 14:35
upstream	kernel BUG at fs/inode.c:LINE!	C	done		2	955d	954d	13/22	fixed on 2019/04/12 21:13

Patch testing requests:
Created	Duration	User	Patch	Repo	Result
2020/09/02 00:01	9m	anant.thazhemadam@gmail.com	patch	https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master	report log
2020/09/02 00:00	10m	anant.thazhemadam@gmail.com		https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master	report log
2020/09/01 23:59	4m	anant.thazhemadam@gmail.com	patch	https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master	error
2020/09/01 21:32	17m	anant.thazhemadam@gmail.com	patch	https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master	OK
2020/09/01 21:30	17m	anant.thazhemadam@gmail.com	patch	https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master	OK
2020/08/31 05:16	4m	anant.thazhemadam@gmail.com	patch	https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master	error
2020/08/31 05:08	10m	anant.thazhemadam@gmail.com		https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master	report log

Sample crash report:

------------[ cut here ]------------
kernel BUG at fs/inode.c:1668!
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
CPU: 1 PID: 9371 Comm: syz-executor300 Not tainted 5.9.0-rc3-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:iput+0x6d8/0x6e0 fs/inode.c:1668
Code: ef ff e9 1a fc ff ff 44 89 e9 80 e1 07 80 c1 03 38 c1 0f 8c c8 fe ff ff 4c 89 ef e8 62 53 ef ff e9 bb fe ff ff e8 48 7b af ff <0f> 0b 66 0f 1f 44 00 00 55 41 57 41 56 53 48 89 f5 48 89 fb 49 bf
RSP: 0018:ffffc9000d347da8 EFLAGS: 00010293
RAX: ffffffff81c580d8 RBX: ffff88808531ab40 RCX: ffff8880869c4000
RDX: 0000000000000000 RSI: 0000000000000040 RDI: 0000000000000000
RBP: 0000000000000040 R08: ffffffff81c57a60 R09: ffffed1014cc900d
R10: ffffed1014cc900d R11: 0000000000000000 R12: 1ffff11010a63554
R13: dffffc0000000000 R14: ffff88808531ab40 R15: ffff88808531aaa0
FS:  0000000001efe880(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ffd1c88b280 CR3: 00000000a3213000 CR4: 00000000001506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 __sock_release net/socket.c:608 [inline]
 sock_close+0x1c3/0x260 net/socket.c:1277
 __fput+0x34f/0x7b0 fs/file_table.c:281
 task_work_run+0x137/0x1c0 kernel/task_work.c:141
 tracehook_notify_resume include/linux/tracehook.h:188 [inline]
 exit_to_user_mode_loop kernel/entry/common.c:140 [inline]
 exit_to_user_mode_prepare+0x11a/0x1e0 kernel/entry/common.c:167
 syscall_exit_to_user_mode+0x82/0x1d0 kernel/entry/common.c:242
 entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x405891
Code: 75 14 b8 03 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 19 00 00 c3 48 83 ec 08 e8 6a fc ff ff 48 89 04 24 b8 03 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 b3 fc ff ff 48 89 d0 48 83 c4 08 48 3d 01
RSP: 002b:00007ffd1c88b260 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
RAX: 0000000000000000 RBX: 0000000000000004 RCX: 0000000000405891
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
RBP: 0000000000000005 R08: 0000000120080522 R09: 0000000120080522
R10: 00007ffd1c88b280 R11: 0000000000000293 R12: 00000000006dbc4c
R13: 000000000000002d R14: 0000000000000064 R15: 0000000000000000
Modules linked in:
---[ end trace 1fd93a73c7fcfd6b ]---
RIP: 0010:iput+0x6d8/0x6e0 fs/inode.c:1668
Code: ef ff e9 1a fc ff ff 44 89 e9 80 e1 07 80 c1 03 38 c1 0f 8c c8 fe ff ff 4c 89 ef e8 62 53 ef ff e9 bb fe ff ff e8 48 7b af ff <0f> 0b 66 0f 1f 44 00 00 55 41 57 41 56 53 48 89 f5 48 89 fb 49 bf
RSP: 0018:ffffc9000d347da8 EFLAGS: 00010293
RAX: ffffffff81c580d8 RBX: ffff88808531ab40 RCX: ffff8880869c4000
RDX: 0000000000000000 RSI: 0000000000000040 RDI: 0000000000000000
RBP: 0000000000000040 R08: ffffffff81c57a60 R09: ffffed1014cc900d
R10: ffffed1014cc900d R11: 0000000000000000 R12: 1ffff11010a63554
R13: dffffc0000000000 R14: ffff88808531ab40 R15: ffff88808531aaa0
FS:  0000000001efe880(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ffd1c88b280 CR3: 00000000a3213000 CR4: 00000000001506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400

Crashes (37):
Manager	Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro	VM info
ci-upstream-kasan-gce-smack-root	2020/09/02 21:13	upstream	9c7d619be5a0	abf9ba4f	.config	log	report	syz	C
ci-upstream-kasan-gce-selinux-root	2020/08/29 06:31	upstream	96d454cd2c16	d5a3ae1f	.config	log	report	syz	C
ci-upstream-kasan-gce-root	2020/08/29 02:17	upstream	96d454cd2c16	d5a3ae1f	.config	log	report	syz	C
ci-upstream-kasan-gce-selinux-root	2020/08/28 00:49	upstream	15bc20c6af4c	816e0689	.config	log	report	syz	C
ci-upstream-kasan-gce-smack-root	2020/08/28 00:29	upstream	15bc20c6af4c	816e0689	.config	log	report	syz	C
ci-upstream-kasan-gce-root	2020/08/28 00:20	upstream	15bc20c6af4c	816e0689	.config	log	report	syz	C
ci-upstream-kasan-gce-root	2020/08/27 14:57	upstream	15bc20c6af4c	816e0689	.config	log	report	syz	C
ci-upstream-kasan-gce-selinux-root	2020/08/27 14:57	upstream	15bc20c6af4c	816e0689	.config	log	report	syz	C
ci-upstream-kasan-gce-smack-root	2020/08/27 14:49	upstream	15bc20c6af4c	816e0689	.config	log	report	syz	C
ci-upstream-kasan-gce-smack-root	2020/08/24 23:15	upstream	d012a7190fc1	67b599d1	.config	log	report	syz	C
ci-upstream-net-this-kasan-gce	2020/09/03 15:20	net	1996cf46e467	abf9ba4f	.config	log	report	syz	C
ci-upstream-net-this-kasan-gce	2020/08/31 22:34	net	bb8872a1e6bc	d5a3ae1f	.config	log	report	syz	C
ci-upstream-net-this-kasan-gce	2020/08/27 14:56	net	5875568aa187	816e0689	.config	log	report	syz	C
ci-upstream-net-kasan-gce	2020/09/03 13:45	net-next	d3dfc362e073	abf9ba4f	.config	log	report	syz	C
ci-upstream-net-kasan-gce	2020/08/31 22:48	net-next	c30a3c957c88	d5a3ae1f	.config	log	report	syz	C
ci-upstream-net-kasan-gce	2020/08/28 20:20	net-next	0baf01942d3d	d5a3ae1f	.config	log	report	syz	C
ci-upstream-net-kasan-gce	2020/08/27 14:55	net-next	f09665811b14	816e0689	.config	log	report	syz	C
ci-upstream-linux-next-kasan-gce-root	2020/08/29 18:09	linux-next	b36c969764ab	d5a3ae1f	.config	log	report	syz	C
ci-upstream-linux-next-kasan-gce-root	2020/08/28 00:30	linux-next	88abac0b753d	816e0689	.config	log	report	syz	C
ci-upstream-linux-next-kasan-gce-root	2020/08/27 15:05	linux-next	88abac0b753d	816e0689	.config	log	report	syz	C
ci-upstream-linux-next-kasan-gce-root	2020/08/25 13:58	linux-next	3a00d3dfd4b6	344da168	.config	log	report	syz	C
ci-upstream-linux-next-kasan-gce-root	2020/08/25 07:10	linux-next	d8be0e12a522	344da168	.config	log	report	syz	C
ci-upstream-linux-next-kasan-gce-root	2020/08/25 06:33	linux-next	d8be0e12a522	344da168	.config	log	report	syz	C
ci-upstream-kasan-gce-root	2020/08/31 22:17	upstream	f75aef392f86	d5a3ae1f	.config	log	report	syz
ci-upstream-kasan-gce-smack-root	2020/08/31 12:07	upstream	dcc5c6f013d8	d5a3ae1f	.config	log	report	syz
ci-upstream-kasan-gce-selinux-root	2020/08/27 01:51	upstream	2ac69819ba9e	318430cb	.config	log	report	syz
ci-upstream-kasan-gce-386	2020/08/30 19:30	upstream	1127b219ce94	d5a3ae1f	.config	log	report	syz
ci-upstream-net-this-kasan-gce	2020/08/27 02:03	net	2e1ec861a605	318430cb	.config	log	report	syz
ci-upstream-net-kasan-gce	2020/09/03 22:44	net-next	22b330b622e3	abf9ba4f	.config	log	report	syz
ci-upstream-net-kasan-gce	2020/08/26 22:39	net-next	ea416e277f09	318430cb	.config	log	report	syz
ci-upstream-linux-next-kasan-gce-root	2020/08/26 23:21	linux-next	f37be72473a0	318430cb	.config	log	report	syz
ci-upstream-kasan-gce	2020/09/15 21:10	upstream	fc4f28bb3daf	6989d6f6	.config	log	report			info
ci-upstream-kasan-gce	2020/09/03 05:06	upstream	fc3abb53250a	abf9ba4f	.config	log	report
ci-upstream-kasan-gce-selinux-root	2020/09/02 03:46	upstream	b765a32a2e91	abf9ba4f	.config	log	report
ci-upstream-kasan-gce-smack-root	2020/08/27 22:16	upstream	15bc20c6af4c	816e0689	.config	log	report
ci-upstream-kasan-gce-selinux-root	2020/08/24 13:14	upstream	d012a7190fc1	67b599d1	.config	log	report
ci-upstream-kasan-gce-386	2020/10/06 04:54	upstream	7575fdda569b	1880b4a9	.config	log	report			info