bisecting fixing commit since eff48ddeab782e35e58ccc8853f7386bbae9dec4 building syzkaller on 3e8f6c27551f163a2fd2661e4b3cac126a5e7ef2 testing commit eff48ddeab782e35e58ccc8853f7386bbae9dec4 with gcc (GCC) 8.1.0 kernel signature: d69143ab9e722c66eb57a614935b8691f3cc04e506dc2e11abef1acc15de720a run #0: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_proc_cell_setup run #1: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_proc_cell_setup run #2: crashed: general protection fault in afs_deactivate_cell run #3: crashed: WARNING in __proc_create run #4: crashed: general protection fault in afs_proc_cell_setup run #5: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_proc_cell_setup run #6: crashed: general protection fault in afs_proc_cell_setup run #7: crashed: general protection fault in afs_proc_cell_setup run #8: crashed: general protection fault in afs_proc_cell_setup run #9: crashed: WARNING: proc registration bug in afs_manage_cell testing current HEAD f9893351acaecf0a414baf9942b48d5bb5c688c6 testing commit f9893351acaecf0a414baf9942b48d5bb5c688c6 with gcc (GCC) 8.1.0 kernel signature: 33ff0bdedfee50202f38d30e55ba03e83cfde69745d3e61e9ea364350f4b81e5 all runs: OK # git bisect start f9893351acaecf0a414baf9942b48d5bb5c688c6 eff48ddeab782e35e58ccc8853f7386bbae9dec4 Bisecting: 7612 revisions left to test after this (roughly 13 steps) [726eb70e0d34dc4bc4dada71f52bba8ed638431e] Merge tag 'char-misc-5.10-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc testing commit 726eb70e0d34dc4bc4dada71f52bba8ed638431e with gcc (GCC) 8.1.0 kernel signature: 16c724b228ba844e69928f15a931baf4e3db8afd99fc117e005949254011f91b run #0: crashed: WARNING: ODEBUG bug in __do_softirq run #1: crashed: WARNING in __proc_create run #2: crashed: WARNING: ODEBUG bug in __do_softirq run #3: crashed: WARNING: ODEBUG bug in __do_softirq run #4: crashed: general protection fault in afs_proc_cell_setup run #5: crashed: WARNING: ODEBUG bug in __do_softirq run #6: crashed: WARNING: ODEBUG bug in __do_softirq run #7: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_deactivate_cell run #8: crashed: WARNING: ODEBUG bug in __do_softirq run #9: crashed: no output from test machine # git bisect good 726eb70e0d34dc4bc4dada71f52bba8ed638431e Bisecting: 4793 revisions left to test after this (roughly 12 steps) [105faa8742437c28815b2a3eb8314ebc5fd9288c] Merge git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next testing commit 105faa8742437c28815b2a3eb8314ebc5fd9288c with gcc (GCC) 8.1.0 kernel signature: c4394826dcd948e125381b1a4518b9dde96e8e5e820f974d305716840b594369 run #0: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_request_key run #1: crashed: general protection fault in afs_proc_cell_setup run #2: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_request_key run #3: crashed: WARNING: ODEBUG bug in __do_softirq run #4: crashed: WARNING: ODEBUG bug in __do_softirq run #5: crashed: WARNING: ODEBUG bug in __do_softirq run #6: crashed: general protection fault in afs_proc_cell_setup run #7: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_proc_cell_setup run #8: crashed: WARNING in __proc_create run #9: crashed: WARNING: proc registration bug in afs_manage_cell # git bisect good 105faa8742437c28815b2a3eb8314ebc5fd9288c Bisecting: 2396 revisions left to test after this (roughly 11 steps) [257bea71582d895894201b604990a900df489103] mm/page_alloc: simplify __offline_isolated_pages() testing commit 257bea71582d895894201b604990a900df489103 with gcc (GCC) 8.1.0 kernel signature: cf078f58fd64d0435b63d9a8d1b53bbce7e3baa0e8dda0945a25c163418d2b36 run #0: crashed: general protection fault in afs_proc_cell_setup run #1: crashed: general protection fault in afs_dns_query run #2: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_deactivate_cell run #3: crashed: general protection fault in afs_proc_cell_setup run #4: crashed: general protection fault in afs_proc_cell_remove run #5: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_manage_cell run #6: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_manage_cell run #7: crashed: no output from test machine run #8: basic kernel testing failed: failed to copy test binary to VM: failed to run ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "-i" "/syzkaller/jobs/linux/workdir/image/key" "/tmp/syz-executor099622753" "root@10.128.0.193:./syz-executor099622753"]: exit status 1 ssh: connect to host 10.128.0.193 port 22: Connection timed out lost connection run #9: basic kernel testing failed: failed to copy test binary to VM: failed to run ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "-i" "/syzkaller/jobs/linux/workdir/image/key" "/tmp/syz-executor227545420" "root@10.128.1.55:./syz-executor227545420"]: exit status 1 ssh: connect to host 10.128.1.55 port 22: Connection timed out lost connection # git bisect good 257bea71582d895894201b604990a900df489103 Bisecting: 1198 revisions left to test after this (roughly 10 steps) [b944afc9d64ddf1b6a152c23ff86bf26e1fd430c] mm: add a VM_MAP_PUT_PAGES flag for vmap testing commit b944afc9d64ddf1b6a152c23ff86bf26e1fd430c with gcc (GCC) 8.1.0 kernel signature: 1862bb4e01dae61be2c6bbaeb0ec1caf47e56db2de90e6bec0d21a6d930eff73 all runs: OK # git bisect bad b944afc9d64ddf1b6a152c23ff86bf26e1fd430c Bisecting: 597 revisions left to test after this (roughly 9 steps) [09a31a7e3723afd79022d5d3ff3634c2630c2eeb] Merge tag 'mips_5.10' of git://git.kernel.org/pub/scm/linux/kernel/git/mips/linux testing commit 09a31a7e3723afd79022d5d3ff3634c2630c2eeb with gcc (GCC) 8.1.0 kernel signature: 3fa27346c64a3ecea618a539095db4b4edb6b9e8c2950c2027a0846279ba236d run #0: crashed: BUG: unable to handle kernel paging request in afs_proc_cell_setup run #1: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_deactivate_cell run #2: crashed: WARNING: proc registration bug in afs_manage_cell run #3: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_deactivate_cell run #4: crashed: WARNING in __proc_create run #5: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_deactivate_cell run #6: crashed: general protection fault in afs_proc_cell_setup run #7: crashed: no output from test machine run #8: crashed: no output from test machine run #9: OK # git bisect good 09a31a7e3723afd79022d5d3ff3634c2630c2eeb Bisecting: 331 revisions left to test after this (roughly 8 steps) [2a934b38c066ff221b08a9c703314a2a1c885dbd] Merge tag 'i3c/for-5.10' of git://git.kernel.org/pub/scm/linux/kernel/git/i3c/linux testing commit 2a934b38c066ff221b08a9c703314a2a1c885dbd with gcc (GCC) 8.1.0 kernel signature: 0c6fad37806b02ed983362944006740bf2a2394fb368715111bcd905f106b674 all runs: OK # git bisect bad 2a934b38c066ff221b08a9c703314a2a1c885dbd Bisecting: 124 revisions left to test after this (roughly 7 steps) [7a3dadedc82e340f8292f64e7bfa964c525009c0] Merge tag 'f2fs-for-5.10-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/jaegeuk/f2fs testing commit 7a3dadedc82e340f8292f64e7bfa964c525009c0 with gcc (GCC) 8.1.0 kernel signature: 2fff3a0c8dcfeb6df37c9529deb1a704826cc91bb01e687c141bb65b127fb68b run #0: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_manage_cell run #1: crashed: WARNING: ODEBUG bug in __do_softirq run #2: crashed: WARNING: ODEBUG bug in __do_softirq run #3: crashed: WARNING in __xlate_proc_name run #4: crashed: general protection fault in afs_proc_cell_setup run #5: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_deactivate_cell run #6: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_manage_cell run #7: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_request_key run #8: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_proc_cell_setup run #9: OK # git bisect good 7a3dadedc82e340f8292f64e7bfa964c525009c0 Bisecting: 58 revisions left to test after this (roughly 6 steps) [3856a28cfe9161927fa13bb7cb561f6d8fd2e82a] Merge tag 'nand/for-5.10' of git://git.kernel.org/pub/scm/linux/kernel/git/mtd/linux into mtd/next testing commit 3856a28cfe9161927fa13bb7cb561f6d8fd2e82a with gcc (GCC) 8.1.0 kernel signature: cbc4aa85d9926ba4d20b05384eb8bdbd1f3cfaf407f852d2885a052a5ea42b03 run #0: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_manage_cell run #1: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_manage_cell run #2: crashed: WARNING: proc registration bug in afs_manage_cell run #3: crashed: general protection fault in afs_proc_cell_setup run #4: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_manage_cell run #5: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_deactivate_cell run #6: crashed: WARNING in __proc_create run #7: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_request_key run #8: crashed: WARNING: ODEBUG bug in __do_softirq run #9: OK # git bisect good 3856a28cfe9161927fa13bb7cb561f6d8fd2e82a Bisecting: 37 revisions left to test after this (roughly 5 steps) [071a0578b0ce0b0e543d1e38ee6926b9cc21c198] Merge tag 'ovl-update-5.10' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/vfs testing commit 071a0578b0ce0b0e543d1e38ee6926b9cc21c198 with gcc (GCC) 8.1.0 kernel signature: c21894043b3559ebb749c0d017695ef7df2d0812560372b238583af583bcc62f all runs: OK # git bisect bad 071a0578b0ce0b0e543d1e38ee6926b9cc21c198 Bisecting: 10 revisions left to test after this (roughly 3 steps) [43d193f8440d67f0dddd93ae973eb94174039e83] ovl: enumerate private xattrs testing commit 43d193f8440d67f0dddd93ae973eb94174039e83 with gcc (GCC) 8.1.0 kernel signature: b0a6d93627c025d2441ef3082bf20a607c552838c4e8a923b1934c7f31abf2dd run #0: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_deactivate_cell run #1: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_manage_cell run #2: crashed: WARNING: proc registration bug in afs_manage_cell run #3: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_request_key run #4: crashed: WARNING: ODEBUG bug in __do_softirq run #5: crashed: WARNING: ODEBUG bug in __do_softirq run #6: OK run #7: OK run #8: OK run #9: OK # git bisect good 43d193f8440d67f0dddd93ae973eb94174039e83 Bisecting: 5 revisions left to test after this (roughly 3 steps) [dca54a7bbb8ca9148ae10d60c66c926e222a9c4b] afs: Add tracing for cell refcount and active user count testing commit dca54a7bbb8ca9148ae10d60c66c926e222a9c4b with gcc (GCC) 8.1.0 kernel signature: 5c8dced48ba66b954fb921b4ed34693b3489a7da85e259002e701498303c076a all runs: OK # git bisect bad dca54a7bbb8ca9148ae10d60c66c926e222a9c4b Bisecting: 2 revisions left to test after this (roughly 1 step) [88c853c3f5c0a07c5db61b494ee25152535cfeee] afs: Fix cell refcounting by splitting the usage counter testing commit 88c853c3f5c0a07c5db61b494ee25152535cfeee with gcc (GCC) 8.1.0 kernel signature: 5b30adc44a8c0a22b73fb3f2d53b8a263d07fdeef58d7a37a3c73027c95fcafa run #0: crashed: WARNING: proc registration bug in afs_manage_cell_work run #1: crashed: INFO: task hung in synchronize_rcu run #2: crashed: INFO: task hung in synchronize_rcu run #3: crashed: INFO: task hung in synchronize_rcu run #4: crashed: BUG: workqueue lockup run #5: crashed: INFO: task hung in synchronize_rcu run #6: crashed: INFO: task hung in synchronize_rcu run #7: crashed: INFO: task hung in synchronize_rcu run #8: OK run #9: OK # git bisect good 88c853c3f5c0a07c5db61b494ee25152535cfeee Bisecting: 0 revisions left to test after this (roughly 1 step) [1d0e850a49a5b56f8f3cb51e74a11e2fedb96be6] afs: Fix cell removal testing commit 1d0e850a49a5b56f8f3cb51e74a11e2fedb96be6 with gcc (GCC) 8.1.0 kernel signature: 9af147f09ca923bcf558810322d424f793f5a75ef9b16fbc25445a35309b205c all runs: OK # git bisect bad 1d0e850a49a5b56f8f3cb51e74a11e2fedb96be6 Bisecting: 0 revisions left to test after this (roughly 0 steps) [286377f6bdf71568a4cf07104fe44006ae0dba6d] afs: Fix cell purging with aliases testing commit 286377f6bdf71568a4cf07104fe44006ae0dba6d with gcc (GCC) 8.1.0 kernel signature: c6a31f830a0d4c1d2814f9c033fc0a6a81b2126b2082aac3ed82a7f1c52968d4 run #0: crashed: WARNING: proc registration bug in afs_manage_cell_work run #1: crashed: WARNING: proc registration bug in afs_manage_cell_work run #2: crashed: WARNING: proc registration bug in afs_manage_cell_work run #3: crashed: WARNING: proc registration bug in afs_manage_cell_work run #4: crashed: WARNING: proc registration bug in afs_manage_cell_work run #5: crashed: INFO: task hung in synchronize_rcu run #6: crashed: INFO: task hung in synchronize_rcu run #7: crashed: INFO: task hung in synchronize_rcu run #8: OK run #9: OK # git bisect good 286377f6bdf71568a4cf07104fe44006ae0dba6d 1d0e850a49a5b56f8f3cb51e74a11e2fedb96be6 is the first bad commit commit 1d0e850a49a5b56f8f3cb51e74a11e2fedb96be6 Author: David Howells Date: Fri Oct 16 13:21:14 2020 +0100 afs: Fix cell removal Fix cell removal by inserting a more final state than AFS_CELL_FAILED that indicates that the cell has been unpublished in case the manager is already requeued and will go through again. The new AFS_CELL_REMOVED state will just immediately leave the manager function. Going through a second time in the AFS_CELL_FAILED state will cause it to try to remove the cell again, potentially leading to the proc list being removed. Fixes: 989782dcdc91 ("afs: Overhaul cell database management") Reported-by: syzbot+b994ecf2b023f14832c1@syzkaller.appspotmail.com Reported-by: syzbot+0e0db88e1eb44a91ae8d@syzkaller.appspotmail.com Reported-by: syzbot+2d0585e5efcd43d113c2@syzkaller.appspotmail.com Reported-by: syzbot+1ecc2f9d3387f1d79d42@syzkaller.appspotmail.com Reported-by: syzbot+18d51774588492bf3f69@syzkaller.appspotmail.com Reported-by: syzbot+a5e4946b04d6ca8fa5f3@syzkaller.appspotmail.com Suggested-by: Hillf Danton Signed-off-by: David Howells cc: Hillf Danton fs/afs/cell.c | 16 ++++++++++------ fs/afs/internal.h | 1 + 2 files changed, 11 insertions(+), 6 deletions(-) culprit signature: 9af147f09ca923bcf558810322d424f793f5a75ef9b16fbc25445a35309b205c parent signature: c6a31f830a0d4c1d2814f9c033fc0a6a81b2126b2082aac3ed82a7f1c52968d4 revisions tested: 16, total time: 4h21m4.282817158s (build: 1h36m46.647928528s, test: 2h42m1.348993832s) first good commit: 1d0e850a49a5b56f8f3cb51e74a11e2fedb96be6 afs: Fix cell removal recipients (to): ["dhowells@redhat.com" "dhowells@redhat.com" "linux-afs@lists.infradead.org"] recipients (cc): ["linux-kernel@vger.kernel.org"]