bisecting fixing commit since 02de58b24d2e1b2cf947d57205bd2221d897193c
building syzkaller on 8516f6d3332fc21083e2adae55114a022fcc2b9b
testing commit 02de58b24d2e1b2cf947d57205bd2221d897193c with gcc (GCC) 8.1.0
kernel signature: 67d0a09640c82a60c91f453d03db8c889a66c23f2aa49562d087b7effd4d3f2b
run #0: crashed: general protection fault in afs_proc_cell_setup
run #1: crashed: BUG: Dentry still in use [unmount of afs afs]
run #2: crashed: general protection fault in afs_proc_cell_setup
run #3: crashed: WARNING in __xlate_proc_name
run #4: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_deactivate_cell
run #5: crashed: BUG: Dentry still in use [unmount of afs afs]
run #6: crashed: BUG: unable to handle kernel paging request in afs_proc_cell_remove
run #7: crashed: WARNING in __proc_create
run #8: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_proc_cell_remove
run #9: crashed: WARNING: ODEBUG bug in __do_softirq
testing current HEAD 5fc6b075e165f641fbc366b58b578055762d5f8c
testing commit 5fc6b075e165f641fbc366b58b578055762d5f8c with gcc (GCC) 8.1.0
kernel signature: 2d2bc922267b39b37135921e8541e2a3d18207274853c3368138bdabcbbabb4f
all runs: OK
# git bisect start 5fc6b075e165f641fbc366b58b578055762d5f8c 02de58b24d2e1b2cf947d57205bd2221d897193c
Bisecting: 7588 revisions left to test after this (roughly 13 steps)
[c48b75b7271db23c1b2d1204d6e8496d91f27711] Merge tag 'sound-5.10-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound
testing commit c48b75b7271db23c1b2d1204d6e8496d91f27711 with gcc (GCC) 8.1.0
kernel signature: 1d19833f6c7836c1985b9843ea4dc2bca159c5a372fb5fdc1b9c4e4a90fe2c7b
run #0: crashed: WARNING: proc registration bug in afs_manage_cell
run #1: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_manage_cell
run #2: crashed: WARNING: ODEBUG bug in __do_softirq
run #3: crashed: WARNING: ODEBUG bug in __do_softirq
run #4: crashed: WARNING: ODEBUG bug in __do_softirq
run #5: crashed: BUG: unable to handle kernel paging request in afs_proc_cell_remove
run #6: crashed: general protection fault in afs_proc_cell_setup
run #7: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_manage_cell
run #8: basic kernel testing failed: failed to copy test binary to VM: failed to run ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "-i" "/syzkaller/jobs/linux/workdir/image/key" "/tmp/syz-executor825515885" "root@10.128.0.61:./syz-executor825515885"]: exit status 1
ssh: connect to host 10.128.0.61 port 22: Connection timed out
lost connection

run #9: basic kernel testing failed: failed to copy test binary to VM: failed to run ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "-i" "/syzkaller/jobs/linux/workdir/image/key" "/tmp/syz-executor868941800" "root@10.128.15.196:./syz-executor868941800"]: exit status 1
ssh: connect to host 10.128.15.196 port 22: Connection timed out
lost connection

# git bisect good c48b75b7271db23c1b2d1204d6e8496d91f27711
Bisecting: 3759 revisions left to test after this (roughly 12 steps)
[54a4c789ca8091ab8fcd70285caeee2c5bc62997] Merge tag 'docs/v5.10-1' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media
testing commit 54a4c789ca8091ab8fcd70285caeee2c5bc62997 with gcc (GCC) 8.1.0
kernel signature: 032b18ae67f7a9bdc255251c654090f199235d6f38a100c15812a8229a73fe13
run #0: crashed: general protection fault in afs_proc_cell_remove
run #1: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_manage_cell
run #2: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_deactivate_cell
run #3: crashed: BUG: unable to handle kernel paging request in afs_proc_cell_remove
run #4: crashed: BUG: Dentry still in use [unmount of afs afs]
run #5: crashed: WARNING in __proc_create
run #6: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_deactivate_cell
run #7: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_deactivate_cell
run #8: crashed: WARNING in __proc_create
run #9: crashed: WARNING: proc registration bug in afs_manage_cell
# git bisect good 54a4c789ca8091ab8fcd70285caeee2c5bc62997
Bisecting: 1760 revisions left to test after this (roughly 11 steps)
[f9a705ad1c077ec2872c641f0db9c0d5b4a097bb] Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm
testing commit f9a705ad1c077ec2872c641f0db9c0d5b4a097bb with gcc (GCC) 8.1.0
kernel signature: 6f03e0f91359f981c985ef541d58749241205a8d366ab7cbdb677911c76c1170
all runs: OK
# git bisect bad f9a705ad1c077ec2872c641f0db9c0d5b4a097bb
Bisecting: 1003 revisions left to test after this (roughly 10 steps)
[c4d6fe7311762f2e03b3c27ad38df7c40c80cc93] Merge tag 'xarray-5.9' of git://git.infradead.org/users/willy/xarray
testing commit c4d6fe7311762f2e03b3c27ad38df7c40c80cc93 with gcc (GCC) 8.1.0
kernel signature: 48d4831186f4e326ecd721bd21f3a461ffc7e34042cf7310196233265c2cb4de
all runs: OK
# git bisect bad c4d6fe7311762f2e03b3c27ad38df7c40c80cc93
Bisecting: 496 revisions left to test after this (roughly 9 steps)
[a96fd1cc3ff3f9dd6f06140fc0b8c91342859450] Merge tag 'for-linus-5.10-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/rw/ubifs
testing commit a96fd1cc3ff3f9dd6f06140fc0b8c91342859450 with gcc (GCC) 8.1.0
kernel signature: c38e152f58780d31b4cc501b971c1eb9a5a48ec8f0c8565ca7cb6062df44fc68
all runs: OK
# git bisect bad a96fd1cc3ff3f9dd6f06140fc0b8c91342859450
Bisecting: 302 revisions left to test after this (roughly 8 steps)
[c7a198c700763ac89abbb166378f546aeb9afb33] RDMA/ucma: Fix use after free in destroy id flow
testing commit c7a198c700763ac89abbb166378f546aeb9afb33 with gcc (GCC) 8.1.0
kernel signature: 3303a3f08a97c51521132118f5904355b44be9e9039d622546739dd31233b063
run #0: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_deactivate_cell
run #1: crashed: general protection fault in afs_proc_cell_remove
run #2: crashed: BUG: Dentry still in use [unmount of afs afs]
run #3: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_manage_cell
run #4: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_deactivate_cell
run #5: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_manage_cell
run #6: crashed: WARNING in __proc_create
run #7: crashed: WARNING: proc registration bug in afs_manage_cell
run #8: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_manage_cell
run #9: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_proc_cell_remove
# git bisect good c7a198c700763ac89abbb166378f546aeb9afb33
Bisecting: 129 revisions left to test after this (roughly 7 steps)
[6f78b9acf04fbf9ede7f4265e7282f9fb39d2c8c] Merge tag 'mtd/for-5.10' of git://git.kernel.org/pub/scm/linux/kernel/git/mtd/linux
testing commit 6f78b9acf04fbf9ede7f4265e7282f9fb39d2c8c with gcc (GCC) 8.1.0
kernel signature: dc50b38007c553c36014f46e71fde52da9c975f2a871c47fddbf6a392dd447cc
all runs: OK
# git bisect bad 6f78b9acf04fbf9ede7f4265e7282f9fb39d2c8c
Bisecting: 79 revisions left to test after this (roughly 7 steps)
[5a77b6a0131f7197e1a037f65fc7cbabcb4fe680] Merge tag 'thermal-v5.10-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/thermal/linux
testing commit 5a77b6a0131f7197e1a037f65fc7cbabcb4fe680 with gcc (GCC) 8.1.0
kernel signature: 01bcfcf08a3cb80305c9d37a5c3b46c82f00454227458d660f8b3ae3740bacba
all runs: OK
# git bisect bad 5a77b6a0131f7197e1a037f65fc7cbabcb4fe680
Bisecting: 46 revisions left to test after this (roughly 6 steps)
[86f33603f8c51537265ff7ac0320638fd2cbdb1b] f2fs: handle errors of f2fs_get_meta_page_nofail
testing commit 86f33603f8c51537265ff7ac0320638fd2cbdb1b with gcc (GCC) 8.1.0
kernel signature: 01590b9f60786cde52fc12a6f9949a00032b655837a29622f89275a9bb722d5c
run #0: crashed: BUG: unable to handle kernel paging request in afs_proc_cell_remove
run #1: crashed: WARNING: ODEBUG bug in __do_softirq
run #2: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_manage_cell
run #3: crashed: WARNING: proc registration bug in afs_manage_cell
run #4: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_deactivate_cell
run #5: crashed: WARNING: proc registration bug in afs_manage_cell
run #6: crashed: WARNING: proc registration bug in afs_manage_cell
run #7: crashed: BUG: Dentry still in use [unmount of afs afs]
run #8: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_deactivate_cell
run #9: crashed: WARNING in __proc_create
# git bisect good 86f33603f8c51537265ff7ac0320638fd2cbdb1b
Bisecting: 19 revisions left to test after this (roughly 5 steps)
[071a0578b0ce0b0e543d1e38ee6926b9cc21c198] Merge tag 'ovl-update-5.10' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/vfs
testing commit 071a0578b0ce0b0e543d1e38ee6926b9cc21c198 with gcc (GCC) 8.1.0
kernel signature: 889bd6a726683338b48d961bbc46d9eefc050121b2a00ec67ffcc25398c1de18
all runs: OK
# git bisect bad 071a0578b0ce0b0e543d1e38ee6926b9cc21c198
Bisecting: 13 revisions left to test after this (roughly 4 steps)
[fad70111d57e0b728b587eabc6f9f9b5240faa17] Merge tag 'afs-fixes-20201016' of git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs
testing commit fad70111d57e0b728b587eabc6f9f9b5240faa17 with gcc (GCC) 8.1.0
kernel signature: 67456a4fd7513691871994b0b2f5a8fb7851d65bee09d4af7a1f95a8d8c18d81
all runs: OK
# git bisect bad fad70111d57e0b728b587eabc6f9f9b5240faa17
Bisecting: 6 revisions left to test after this (roughly 3 steps)
[7530d3eb3dcf1a30750e8e7f1f88b782b96b72b8] afs: Don't assert on unpurgeable server records
testing commit 7530d3eb3dcf1a30750e8e7f1f88b782b96b72b8 with gcc (GCC) 8.1.0
kernel signature: 880eb9c2f164dd05a15f592fd4f61c317787ced57d866491913d83346e195141
all runs: OK
# git bisect bad 7530d3eb3dcf1a30750e8e7f1f88b782b96b72b8
Bisecting: 2 revisions left to test after this (roughly 2 steps)
[286377f6bdf71568a4cf07104fe44006ae0dba6d] afs: Fix cell purging with aliases
testing commit 286377f6bdf71568a4cf07104fe44006ae0dba6d with gcc (GCC) 8.1.0
kernel signature: c145768effe5179b39957c39b723aac1f5e413831632ccb1a0f45e2848a803ce
run #0: crashed: WARNING: proc registration bug in afs_manage_cell_work
run #1: crashed: INFO: task hung in synchronize_rcu
run #2: crashed: INFO: task hung in synchronize_rcu
run #3: crashed: INFO: task hung in synchronize_rcu
run #4: crashed: INFO: task hung in synchronize_rcu
run #5: crashed: INFO: task hung in synchronize_rcu
run #6: crashed: INFO: task hung in synchronize_rcu
run #7: crashed: INFO: task hung in synchronize_rcu
run #8: crashed: INFO: task hung in synchronize_rcu
run #9: crashed: INFO: task hung in synchronize_rcu
# git bisect good 286377f6bdf71568a4cf07104fe44006ae0dba6d
Bisecting: 0 revisions left to test after this (roughly 1 step)
[dca54a7bbb8ca9148ae10d60c66c926e222a9c4b] afs: Add tracing for cell refcount and active user count
testing commit dca54a7bbb8ca9148ae10d60c66c926e222a9c4b with gcc (GCC) 8.1.0
kernel signature: 9d383a448bfa9b34576d4c23817dded50821ed2e8ebeb1fa84ccb7e36f847664
all runs: OK
# git bisect bad dca54a7bbb8ca9148ae10d60c66c926e222a9c4b
Bisecting: 0 revisions left to test after this (roughly 0 steps)
[1d0e850a49a5b56f8f3cb51e74a11e2fedb96be6] afs: Fix cell removal
testing commit 1d0e850a49a5b56f8f3cb51e74a11e2fedb96be6 with gcc (GCC) 8.1.0
kernel signature: be7167262657bc202661cbcd649faea371af09dda84e9786ee85be06d1eee2c8
all runs: OK
# git bisect bad 1d0e850a49a5b56f8f3cb51e74a11e2fedb96be6
1d0e850a49a5b56f8f3cb51e74a11e2fedb96be6 is the first bad commit
commit 1d0e850a49a5b56f8f3cb51e74a11e2fedb96be6
Author: David Howells <dhowells@redhat.com>
Date:   Fri Oct 16 13:21:14 2020 +0100

    afs: Fix cell removal
    
    Fix cell removal by inserting a more final state than AFS_CELL_FAILED that
    indicates that the cell has been unpublished in case the manager is already
    requeued and will go through again.  The new AFS_CELL_REMOVED state will
    just immediately leave the manager function.
    
    Going through a second time in the AFS_CELL_FAILED state will cause it to
    try to remove the cell again, potentially leading to the proc list being
    removed.
    
    Fixes: 989782dcdc91 ("afs: Overhaul cell database management")
    Reported-by: syzbot+b994ecf2b023f14832c1@syzkaller.appspotmail.com
    Reported-by: syzbot+0e0db88e1eb44a91ae8d@syzkaller.appspotmail.com
    Reported-by: syzbot+2d0585e5efcd43d113c2@syzkaller.appspotmail.com
    Reported-by: syzbot+1ecc2f9d3387f1d79d42@syzkaller.appspotmail.com
    Reported-by: syzbot+18d51774588492bf3f69@syzkaller.appspotmail.com
    Reported-by: syzbot+a5e4946b04d6ca8fa5f3@syzkaller.appspotmail.com
    Suggested-by: Hillf Danton <hdanton@sina.com>
    Signed-off-by: David Howells <dhowells@redhat.com>
    cc: Hillf Danton <hdanton@sina.com>

 fs/afs/cell.c     | 16 ++++++++++------
 fs/afs/internal.h |  1 +
 2 files changed, 11 insertions(+), 6 deletions(-)
culprit signature: be7167262657bc202661cbcd649faea371af09dda84e9786ee85be06d1eee2c8
parent  signature: c145768effe5179b39957c39b723aac1f5e413831632ccb1a0f45e2848a803ce
revisions tested: 17, total time: 4h16m25.601245825s (build: 1h37m43.916978578s, test: 2h36m32.678279929s)
first good commit: 1d0e850a49a5b56f8f3cb51e74a11e2fedb96be6 afs: Fix cell removal
recipients (to): ["dhowells@redhat.com" "dhowells@redhat.com" "linux-afs@lists.infradead.org"]
recipients (cc): ["linux-kernel@vger.kernel.org"]