bisecting cause commit starting from da5322e65940e4e8426613a8ff3d99a08b350a52 building syzkaller on f5e275d1d9ad023a25bb60af9011b452ad9cbaf9 testing commit da5322e65940e4e8426613a8ff3d99a08b350a52 with gcc (GCC) 8.1.0 run #0: basic kernel testing failed: timed out run #1: basic kernel testing failed: timed out run #2: basic kernel testing failed: timed out run #3: crashed: possible deadlock in acct_pin_kill run #4: crashed: possible deadlock in acct_pin_kill run #5: crashed: possible deadlock in acct_pin_kill run #6: crashed: WARNING: possible circular locking dependency detected run #7: crashed: possible deadlock in acct_pin_kill run #8: crashed: possible deadlock in acct_pin_kill run #9: crashed: possible deadlock in acct_pin_kill testing release v4.19 testing commit 84df9525b0c27f3ebc2ebb1864fa62a97fdedb7d with gcc (GCC) 8.1.0 run #0: basic kernel testing failed: timed out run #1: basic kernel testing failed: timed out run #2: basic kernel testing failed: timed out run #3: basic kernel testing failed: timed out run #4: basic kernel testing failed: timed out run #5: crashed: possible deadlock in acct_pin_kill run #6: crashed: possible deadlock in acct_pin_kill run #7: crashed: possible deadlock in acct_pin_kill run #8: crashed: possible deadlock in acct_pin_kill run #9: crashed: possible deadlock in acct_pin_kill testing release v4.18 testing commit 94710cac0ef4ee177a63b5227664b38c95bbf703 with gcc (GCC) 8.1.0 run #0: basic kernel testing failed: timed out run #1: basic kernel testing failed: timed out run #2: basic kernel testing failed: timed out run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect start v4.19 v4.18 Bisecting: 7596 revisions left to test after this (roughly 13 steps) [db06f826ec12bf0701ea7fc0a3c0aa00b84417c8] Merge tag 'clk-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/clk/linux testing commit db06f826ec12bf0701ea7fc0a3c0aa00b84417c8 with gcc (GCC) 8.1.0 all runs: crashed: BUG: corrupted list in inode_insert5 # git bisect bad db06f826ec12bf0701ea7fc0a3c0aa00b84417c8 Bisecting: 4493 revisions left to test after this (roughly 12 steps) [0a957467c5fd46142bc9c52758ffc552d4c5e2f7] x86: i8259: Add missing include file testing commit 0a957467c5fd46142bc9c52758ffc552d4c5e2f7 with gcc (GCC) 8.1.0 all runs: crashed: BUG: corrupted list in inode_insert5 # git bisect bad 0a957467c5fd46142bc9c52758ffc552d4c5e2f7 Bisecting: 1595 revisions left to test after this (roughly 11 steps) [958f338e96f874a0d29442396d6adf9c1e17aa2d] Merge branch 'l1tf-final' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip testing commit 958f338e96f874a0d29442396d6adf9c1e17aa2d with gcc (GCC) 8.1.0 all runs: crashed: BUG: corrupted list in inode_insert5 # git bisect bad 958f338e96f874a0d29442396d6adf9c1e17aa2d Bisecting: 757 revisions left to test after this (roughly 10 steps) [85a0b791bc17f7a49280b33e2905d109c062a47b] Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux testing commit 85a0b791bc17f7a49280b33e2905d109c062a47b with gcc (GCC) 8.1.0 all runs: OK # git bisect good 85a0b791bc17f7a49280b33e2905d109c062a47b Bisecting: 324 revisions left to test after this (roughly 9 steps) [a1a4f841ec4585185c0e75bfae43a18b282dd316] Merge tag 'for-4.19-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux testing commit a1a4f841ec4585185c0e75bfae43a18b282dd316 with gcc (GCC) 8.1.0 all runs: crashed: BUG: corrupted list in inode_insert5 # git bisect bad a1a4f841ec4585185c0e75bfae43a18b282dd316 Bisecting: 221 revisions left to test after this (roughly 8 steps) [a66b4cd1e7163adb327838a3c81faaf6a9330d5a] Merge branch 'work.open3' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs testing commit a66b4cd1e7163adb327838a3c81faaf6a9330d5a with gcc (GCC) 8.1.0 run #0: basic kernel testing failed: failed to copy test binary to VM: failed to run ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "-i" "/syzkaller/jobs/linux/workdir/image/key" "/tmp/syz-executor590944713" "root@10.128.0.225:./syz-executor590944713"]: exit status 1 ssh: connect to host 10.128.0.225 port 22: Connection timed out lost connection run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect good a66b4cd1e7163adb327838a3c81faaf6a9330d5a Bisecting: 110 revisions left to test after this (roughly 7 steps) [ac8a866af17edc692b50cbdd2aec612de4205c8f] btrfs: qgroup: Drop root parameter from update_qgroup_limit_item testing commit ac8a866af17edc692b50cbdd2aec612de4205c8f with gcc (GCC) 8.1.0 run #0: basic kernel testing failed: failed to copy test binary to VM: failed to run ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "-i" "/syzkaller/jobs/linux/workdir/image/key" "/tmp/syz-executor275488590" "root@10.128.0.253:./syz-executor275488590"]: exit status 1 ssh: connect to host 10.128.0.253 port 22: Connection timed out lost connection run #1: basic kernel testing failed: failed to copy test binary to VM: failed to run ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "-i" "/syzkaller/jobs/linux/workdir/image/key" "/tmp/syz-executor554883157" "root@10.128.0.233:./syz-executor554883157"]: exit status 1 ssh: connect to host 10.128.0.233 port 22: Connection timed out lost connection run #2: basic kernel testing failed: failed to copy test binary to VM: failed to run ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "-i" "/syzkaller/jobs/linux/workdir/image/key" "/tmp/syz-executor198174640" "root@10.128.0.188:./syz-executor198174640"]: exit status 1 ssh: connect to host 10.128.0.188 port 22: Connection timed out lost connection run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect good ac8a866af17edc692b50cbdd2aec612de4205c8f Bisecting: 55 revisions left to test after this (roughly 6 steps) [6025c19fb208e93b99eafc304e7f16160e49fc88] btrfs: Remove fs_info from btrfs_add_root_ref testing commit 6025c19fb208e93b99eafc304e7f16160e49fc88 with gcc (GCC) 8.1.0 run #0: basic kernel testing failed: failed to copy test binary to VM: failed to run ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "-i" "/syzkaller/jobs/linux/workdir/image/key" "/tmp/syz-executor564499671" "root@10.128.10.30:./syz-executor564499671"]: exit status 1 ssh: connect to host 10.128.10.30 port 22: Connection timed out lost connection run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect good 6025c19fb208e93b99eafc304e7f16160e49fc88 Bisecting: 30 revisions left to test after this (roughly 5 steps) [f2be269897708700ed9b2a96f695348a10a003e8] Merge branch 'work.aio' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs testing commit f2be269897708700ed9b2a96f695348a10a003e8 with gcc (GCC) 8.1.0 all runs: crashed: BUG: corrupted list in inode_insert5 # git bisect bad f2be269897708700ed9b2a96f695348a10a003e8 Bisecting: 12 revisions left to test after this (roughly 4 steps) [c7b15a8657da7f8d11269c7cc3d8beef10d26b43] jfs: don't bother with make_bad_inode() in ialloc() testing commit c7b15a8657da7f8d11269c7cc3d8beef10d26b43 with gcc (GCC) 8.1.0 all runs: crashed: BUG: corrupted list in inode_insert5 # git bisect bad c7b15a8657da7f8d11269c7cc3d8beef10d26b43 Bisecting: 5 revisions left to test after this (roughly 3 steps) [5c1a68a358f94b9ac2e33183327bc04f207feed2] udf: switch to discard_new_inode() testing commit 5c1a68a358f94b9ac2e33183327bc04f207feed2 with gcc (GCC) 8.1.0 all runs: OK # git bisect good 5c1a68a358f94b9ac2e33183327bc04f207feed2 Bisecting: 2 revisions left to test after this (roughly 2 steps) [e950564b97fd0f541b02eb207685d0746f5ecf29] vfs: don't evict uninitialized inode testing commit e950564b97fd0f541b02eb207685d0746f5ecf29 with gcc (GCC) 8.1.0 all runs: crashed: BUG: corrupted list in inode_insert5 # git bisect bad e950564b97fd0f541b02eb207685d0746f5ecf29 Bisecting: 0 revisions left to test after this (roughly 1 step) [a6cbedfa8783b42b9272c05297865bdb501005cb] jfs: switch to discard_new_inode() testing commit a6cbedfa8783b42b9272c05297865bdb501005cb with gcc (GCC) 8.1.0 run #0: basic kernel testing failed: failed to copy test binary to VM: failed to run ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "-i" "/syzkaller/jobs/linux/workdir/image/key" "/tmp/syz-executor284760066" "root@10.128.15.216:./syz-executor284760066"]: exit status 1 ssh: connect to host 10.128.15.216 port 22: Connection timed out lost connection run #1: basic kernel testing failed: failed to copy test binary to VM: failed to run ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "-i" "/syzkaller/jobs/linux/workdir/image/key" "/tmp/syz-executor506476921" "root@10.128.0.192:./syz-executor506476921"]: exit status 1 ssh: connect to host 10.128.0.192 port 22: Connection timed out lost connection run #2: basic kernel testing failed: failed to copy test binary to VM: failed to run ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "-i" "/syzkaller/jobs/linux/workdir/image/key" "/tmp/syz-executor560169092" "root@10.128.15.209:./syz-executor560169092"]: exit status 1 ssh: connect to host 10.128.15.209 port 22: Connection timed out lost connection run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect good a6cbedfa8783b42b9272c05297865bdb501005cb e950564b97fd0f541b02eb207685d0746f5ecf29 is the first bad commit commit e950564b97fd0f541b02eb207685d0746f5ecf29 Author: Miklos Szeredi Date: Tue Jul 24 15:01:55 2018 +0200 vfs: don't evict uninitialized inode iput() ends up calling ->evict() on new inode, which is not yet initialized by owning fs. So use destroy_inode() instead. Add to sb->s_inodes list only if inode is not in I_CREATING state (meaning that it wasn't allocated with new_inode(), which already does the insertion). Reported-by: Al Viro Signed-off-by: Miklos Szeredi Fixes: 80ea09a002bf ("vfs: factor out inode_insert5()") Signed-off-by: Al Viro :040000 040000 69a347ad13d9d83380ac7175e89f25aa9afced3e e20a480981bc5b0683043ef3b152b1b18869eb27 M fs revisions tested: 16, total time: 3h45m27.838995552s (build: 1h34m12.120171236s, test: 2h5m35.717983098s) first bad commit: e950564b97fd0f541b02eb207685d0746f5ecf29 vfs: don't evict uninitialized inode cc: ["linux-fsdevel@vger.kernel.org" "linux-kernel@vger.kernel.org" "mszeredi@redhat.com" "viro@zeniv.linux.org.uk"] crash: BUG: corrupted list in inode_insert5 8021q: adding VLAN 0 to HW filter on device team0 8021q: adding VLAN 0 to HW filter on device team0 8021q: adding VLAN 0 to HW filter on device team0 list_add double add: new=ffff8801b47ebbd0, prev=ffff8801b99ad438, next=ffff8801b47ebbd0. ------------[ cut here ]------------ kernel BUG at lib/list_debug.c:31! invalid opcode: 0000 [#1] PREEMPT SMP KASAN CPU: 0 PID: 7172 Comm: syz-executor0 Not tainted 4.18.0-rc1+ #1 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:__list_add_valid+0xaa/0xb0 lib/list_debug.c:29 Code: e8 eb a9 48 89 f7 48 89 75 e8 e8 91 9a 4c fe 48 8b 75 e8 eb bb 48 89 f2 48 89 d9 4c 89 e6 48 c7 c7 00 70 fd 87 e8 55 ff f7 fd <0f> 0b 0f 1f 40 00 48 b8 00 00 00 00 00 fc ff df 55 48 89 e5 41 55 RSP: 0018:ffff8801b9407188 EFLAGS: 00010282 RAX: 0000000000000058 RBX: ffff8801b47ebbd0 RCX: 0000000000000000 RDX: 0000000000000000 RSI: ffffffff87fd6dc0 RDI: ffffffff8a9fc860 RBP: ffff8801b94071a0 R08: ffffed003b584f99 R09: ffffed003b584f98 R10: ffffed003b584f98 R11: ffff8801dac27cc7 R12: ffff8801b47ebbd0 R13: ffff8801b47ebbd0 R14: ffff8801b47eba48 R15: ffff8801b9407228 FS: 00007f81e0a32700(0000) GS:ffff8801dac00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00000000004cc248 CR3: 00000001bf3dd000 CR4: 00000000001406f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: __list_add include/linux/list.h:60 [inline] list_add include/linux/list.h:79 [inline] inode_sb_list_add+0xff/0x380 fs/inode.c:444 inode_insert5+0x305/0x540 fs/inode.c:1088 ovl_iget5 fs/overlayfs/inode.c:755 [inline] ovl_get_inode+0x22a/0xd57 fs/overlayfs/inode.c:788 ovl_instantiate+0x1ab/0x3f0 fs/overlayfs/dir.c:260 ovl_create_upper fs/overlayfs/dir.c:318 [inline] ovl_create_or_link+0x4ed/0x1110 fs/overlayfs/dir.c:575 ovl_create_object+0x284/0x3f0 fs/overlayfs/dir.c:607 ovl_create+0x1e/0x20 fs/overlayfs/dir.c:621 lookup_open+0x116a/0x1cd0 fs/namei.c:3220 do_last fs/namei.c:3311 [inline] path_openat+0x1033/0x4750 fs/namei.c:3540 do_filp_open+0x233/0x370 fs/namei.c:3574 do_sys_open+0x3dc/0x6b0 fs/open.c:1101 __do_sys_open fs/open.c:1119 [inline] __se_sys_open fs/open.c:1114 [inline] __x64_sys_open+0x79/0xb0 fs/open.c:1114 do_syscall_64+0x183/0x700 arch/x86/entry/common.c:290 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x4576b9 Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007f81e0a31c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004576b9 RDX: 0000000000000000 RSI: 0000000000141042 RDI: 00000000200001c0 RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00007f81e0a326d4 R13: 00000000004f015f R14: 00000000004d4660 R15: 00000000ffffffff Modules linked in: ---[ end trace d42fe4dac3a152a0 ]--- RIP: 0010:__list_add_valid+0xaa/0xb0 lib/list_debug.c:29 Code: e8 eb a9 48 89 f7 48 89 75 e8 e8 91 9a 4c fe 48 8b 75 e8 eb bb 48 89 f2 48 89 d9 4c 89 e6 48 c7 c7 00 70 fd 87 e8 55 ff f7 fd <0f> 0b 0f 1f 40 00 48 b8 00 00 00 00 00 fc ff df 55 48 89 e5 41 55 RSP: 0018:ffff8801b9407188 EFLAGS: 00010282 RAX: 0000000000000058 RBX: ffff8801b47ebbd0 RCX: 0000000000000000 RDX: 0000000000000000 RSI: ffffffff87fd6dc0 RDI: ffffffff8a9fc860 RBP: ffff8801b94071a0 R08: ffffed003b584f99 R09: ffffed003b584f98 R10: ffffed003b584f98 R11: ffff8801dac27cc7 R12: ffff8801b47ebbd0 R13: ffff8801b47ebbd0 R14: ffff8801b47eba48 R15: ffff8801b9407228 FS: 00007f81e0a32700(0000) GS:ffff8801dac00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00000000004cc248 CR3: 00000001bf3dd000 CR4: 00000000001406f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400