bisecting fixing commit since c85fb28b6f999db9928b841f63f1beeb3074eeca building syzkaller on 1880b4a9f394370a7d1fcb5c1cfca0fa1127b463 testing commit c85fb28b6f999db9928b841f63f1beeb3074eeca with gcc (GCC) 8.1.0 kernel signature: d759c37a19ddf0cbab667334f12c2003e54bc3fb9529062f9785a9dfa989dc3e run #0: crashed: WARNING: ODEBUG bug in __do_softirq run #1: crashed: BUG: unable to handle kernel paging request in afs_proc_cell_setup run #2: crashed: BUG: unable to handle kernel paging request in afs_proc_cell_remove run #3: crashed: general protection fault in afs_proc_cell_setup run #4: crashed: BUG: unable to handle kernel paging request in afs_proc_cell_setup run #5: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_manage_cell run #6: crashed: BUG: unable to handle kernel paging request in afs_proc_cell_remove run #7: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_deactivate_cell run #8: crashed: WARNING: ODEBUG bug in __do_softirq run #9: crashed: WARNING: ODEBUG bug in __do_softirq testing current HEAD 0477e92881850d44910a7e94fc2c46f96faa131f testing commit 0477e92881850d44910a7e94fc2c46f96faa131f with gcc (GCC) 8.1.0 kernel signature: cdd33d9c323e55c8f1be16195fa20ce45204e40c47eacc21b106ddb23b8ff286 all runs: OK # git bisect start 0477e92881850d44910a7e94fc2c46f96faa131f c85fb28b6f999db9928b841f63f1beeb3074eeca Bisecting: 9322 revisions left to test after this (roughly 13 steps) [4d0e9df5e43dba52d38b251e3b909df8fa1110be] lib, uaccess: add failure injection to usercopy functions testing commit 4d0e9df5e43dba52d38b251e3b909df8fa1110be with gcc (GCC) 8.1.0 kernel signature: 30d6494b78b2d18c1905d9ce8bdc061ca39e03453108ff8957e37411ef8b92b9 run #0: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_proc_cell_setup run #1: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_manage_cell run #2: crashed: WARNING: proc registration bug in afs_manage_cell run #3: crashed: general protection fault in afs_proc_cell_remove run #4: crashed: BUG: unable to handle kernel paging request in afs_proc_cell_remove run #5: crashed: general protection fault in afs_proc_cell_setup run #6: crashed: BUG: unable to handle kernel paging request in afs_deactivate_cell run #7: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_deactivate_cell run #8: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_deactivate_cell run #9: crashed: no output from test machine # git bisect good 4d0e9df5e43dba52d38b251e3b909df8fa1110be Bisecting: 4659 revisions left to test after this (roughly 12 steps) [f56e65dff6ad52395ef45738799b4fb70ff43376] Merge branch 'work.set_fs' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs testing commit f56e65dff6ad52395ef45738799b4fb70ff43376 with gcc (GCC) 8.1.0 kernel signature: 6cb731dfb4b15a3be8c6d01d4a23b60db0802895c0edbff9545cd4f67c6dfec7 all runs: OK # git bisect bad f56e65dff6ad52395ef45738799b4fb70ff43376 Bisecting: 2285 revisions left to test after this (roughly 11 steps) [14c914fcb515c424177bb6848cc2858ebfe717a8] Merge tag 'wireless-drivers-next-2020-10-02' of git://git.kernel.org/pub/scm/linux/kernel/git/kvalo/wireless-drivers-next testing commit 14c914fcb515c424177bb6848cc2858ebfe717a8 with gcc (GCC) 8.1.0 kernel signature: 702b6ba0a073ceb9446e9ec4bbbc14e0b269ae4de89cc109216111aa0f76ea13 run #0: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_proc_cell_setup run #1: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_manage_cell run #2: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_alloc_anon_key run #3: crashed: BUG: Dentry still in use [unmount of afs afs] run #4: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_manage_cell run #5: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_manage_cell run #6: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_manage_cell run #7: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_deactivate_cell run #8: crashed: BUG: Dentry still in use [unmount of afs afs] run #9: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_deactivate_cell # git bisect good 14c914fcb515c424177bb6848cc2858ebfe717a8 Bisecting: 1154 revisions left to test after this (roughly 10 steps) [9ba0d0c81284f4ec0b24529bdba2fc68b9d6a09a] io_uring: use blk_queue_nowait() to check if NOWAIT supported testing commit 9ba0d0c81284f4ec0b24529bdba2fc68b9d6a09a with gcc (GCC) 8.1.0 kernel signature: 2ee28c518354adc9e87aa8163c9757c9ed3280cd0dd74d47a4f9d3b0398c2c9a all runs: OK # git bisect bad 9ba0d0c81284f4ec0b24529bdba2fc68b9d6a09a Bisecting: 593 revisions left to test after this (roughly 9 steps) [c4cf498dc0241fa2d758dba177634268446afb06] Merge branch 'akpm' (patches from Andrew) testing commit c4cf498dc0241fa2d758dba177634268446afb06 with gcc (GCC) 8.1.0 kernel signature: 2cf943b3e2eb8026129a1bdd246dd790336ef61a5b149b7c95c7030a5632a583 run #0: crashed: WARNING: ODEBUG bug in __do_softirq run #1: crashed: general protection fault in afs_proc_cell_setup run #2: crashed: BUG: unable to handle kernel paging request in afs_proc_cell_setup run #3: crashed: WARNING in __xlate_proc_name run #4: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_manage_cell run #5: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_deactivate_cell run #6: crashed: WARNING: ODEBUG bug in __do_softirq run #7: crashed: general protection fault in afs_proc_cell_remove run #8: crashed: WARNING in __proc_create run #9: crashed: no output from test machine # git bisect good c4cf498dc0241fa2d758dba177634268446afb06 Bisecting: 275 revisions left to test after this (roughly 8 steps) [847d4287a0c6709fd1ce24002b96d404a6da8b5b] Merge tag 's390-5.10-1' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux testing commit 847d4287a0c6709fd1ce24002b96d404a6da8b5b with gcc (GCC) 8.1.0 kernel signature: 04488f1c43af13c72d9c189de187c3c3dd03059ec1d617b1826206f2d9e9e849 run #0: crashed: WARNING in __proc_create run #1: crashed: WARNING in __proc_create run #2: crashed: general protection fault in afs_proc_cell_setup run #3: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_manage_cell run #4: crashed: WARNING: ODEBUG bug in __do_softirq run #5: crashed: WARNING in __xlate_proc_name run #6: crashed: WARNING: ODEBUG bug in __do_softirq run #7: crashed: WARNING in __xlate_proc_name run #8: crashed: no output from test machine run #9: basic kernel testing failed: failed to copy test binary to VM: failed to run ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "-i" "/syzkaller/jobs/linux/workdir/image/key" "/tmp/syz-executor399955571" "root@10.128.0.111:./syz-executor399955571"]: exit status 1 ssh: connect to host 10.128.0.111 port 22: Connection timed out lost connection # git bisect good 847d4287a0c6709fd1ce24002b96d404a6da8b5b Bisecting: 169 revisions left to test after this (roughly 7 steps) [93f3d8f54a22eaa5ae4ec269615729c4f9b1cf1e] Merge tag 'trace-v5.10-2' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace testing commit 93f3d8f54a22eaa5ae4ec269615729c4f9b1cf1e with gcc (GCC) 8.1.0 kernel signature: a51958364aebd28db010da9fb653b3164332f5b1d4b70f4d6e646d0917a00290 run #0: crashed: WARNING in __proc_create run #1: crashed: general protection fault in afs_dns_query run #2: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_manage_cell run #3: crashed: BUG: Dentry still in use [unmount of afs afs] run #4: crashed: WARNING: ODEBUG bug in __do_softirq run #5: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_deactivate_cell run #6: crashed: WARNING in __proc_create run #7: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_deactivate_cell run #8: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_manage_cell run #9: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_manage_cell # git bisect good 93f3d8f54a22eaa5ae4ec269615729c4f9b1cf1e Bisecting: 93 revisions left to test after this (roughly 6 steps) [54a4c789ca8091ab8fcd70285caeee2c5bc62997] Merge tag 'docs/v5.10-1' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media testing commit 54a4c789ca8091ab8fcd70285caeee2c5bc62997 with gcc (GCC) 8.1.0 kernel signature: dc36eae4551bd4f4ea80c11d583b0d03916815ecf5488add9474857e2070f020 run #0: crashed: general protection fault in afs_proc_cell_remove run #1: crashed: WARNING in __proc_create run #2: crashed: general protection fault in afs_proc_cell_setup run #3: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_proc_cell_remove run #4: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_manage_cell run #5: crashed: BUG: unable to handle kernel paging request in afs_proc_cell_remove run #6: crashed: WARNING in __xlate_proc_name run #7: crashed: general protection fault in afs_proc_cell_setup run #8: crashed: WARNING in __proc_create run #9: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_deactivate_cell # git bisect good 54a4c789ca8091ab8fcd70285caeee2c5bc62997 Bisecting: 46 revisions left to test after this (roughly 6 steps) [6ed29fe1cac9745589b7db8de3b5089e3ff591d0] f2fs: don't issue flush in f2fs_flush_device_cache() for nobarrier case testing commit 6ed29fe1cac9745589b7db8de3b5089e3ff591d0 with gcc (GCC) 8.1.0 kernel signature: 30cbc1bc71ae1f26180fb7492e325e74c791130b6e18e965eea88751d8833412 run #0: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_deactivate_cell run #1: crashed: WARNING: ODEBUG bug in __do_softirq run #2: crashed: BUG: unable to handle kernel paging request in afs_proc_cell_setup run #3: crashed: general protection fault in afs_proc_cell_remove run #4: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_manage_cell run #5: crashed: BUG: Dentry still in use [unmount of afs afs] run #6: crashed: WARNING in __proc_create run #7: crashed: WARNING: ODEBUG bug in __do_softirq run #8: crashed: WARNING in __proc_create run #9: crashed: WARNING: proc registration bug in afs_manage_cell # git bisect good 6ed29fe1cac9745589b7db8de3b5089e3ff591d0 Bisecting: 20 revisions left to test after this (roughly 5 steps) [071a0578b0ce0b0e543d1e38ee6926b9cc21c198] Merge tag 'ovl-update-5.10' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/vfs testing commit 071a0578b0ce0b0e543d1e38ee6926b9cc21c198 with gcc (GCC) 8.1.0 kernel signature: 89b0d24be762ba14015d4b34d54bb563d8d24a3118d0135a347c908c3d0a140d all runs: OK # git bisect bad 071a0578b0ce0b0e543d1e38ee6926b9cc21c198 Bisecting: 12 revisions left to test after this (roughly 4 steps) [be4df0cea08a8b59eb38d73de988b7ba8022df41] ovl: use generic vfs_ioc_setflags_prepare() helper testing commit be4df0cea08a8b59eb38d73de988b7ba8022df41 with gcc (GCC) 8.1.0 kernel signature: 69ad941fe5d93725dc92d239ed40824552943ea36d9398db19eacc63a31863c4 run #0: crashed: WARNING: ODEBUG bug in __do_softirq run #1: crashed: BUG: unable to handle kernel paging request in afs_proc_cell_setup run #2: crashed: BUG: unable to handle kernel paging request in afs_proc_cell_setup run #3: crashed: WARNING in __proc_create run #4: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_manage_cell run #5: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_deactivate_cell run #6: crashed: general protection fault in afs_proc_cell_setup run #7: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_manage_cell run #8: crashed: BUG: unable to handle kernel paging request in afs_proc_cell_remove run #9: crashed: general protection fault in afs_proc_cell_remove # git bisect good be4df0cea08a8b59eb38d73de988b7ba8022df41 Bisecting: 6 revisions left to test after this (roughly 3 steps) [7530d3eb3dcf1a30750e8e7f1f88b782b96b72b8] afs: Don't assert on unpurgeable server records testing commit 7530d3eb3dcf1a30750e8e7f1f88b782b96b72b8 with gcc (GCC) 8.1.0 kernel signature: 53af5cb758f332ac03dc76330811e01a16a8334ec8ca87037da6cea33cb8b70d all runs: OK # git bisect bad 7530d3eb3dcf1a30750e8e7f1f88b782b96b72b8 Bisecting: 2 revisions left to test after this (roughly 2 steps) [286377f6bdf71568a4cf07104fe44006ae0dba6d] afs: Fix cell purging with aliases testing commit 286377f6bdf71568a4cf07104fe44006ae0dba6d with gcc (GCC) 8.1.0 kernel signature: 78fbf8fc44c53b09490de5414cc3d37ae4036a41af41cbcd82e91133092d55fc all runs: crashed: BUG: workqueue lockup # git bisect good 286377f6bdf71568a4cf07104fe44006ae0dba6d Bisecting: 0 revisions left to test after this (roughly 1 step) [dca54a7bbb8ca9148ae10d60c66c926e222a9c4b] afs: Add tracing for cell refcount and active user count testing commit dca54a7bbb8ca9148ae10d60c66c926e222a9c4b with gcc (GCC) 8.1.0 kernel signature: 5621868da5720ea91e5def62d4a66927367fc4b7e0b88a843a9ab1b0df012cb6 all runs: OK # git bisect bad dca54a7bbb8ca9148ae10d60c66c926e222a9c4b Bisecting: 0 revisions left to test after this (roughly 0 steps) [1d0e850a49a5b56f8f3cb51e74a11e2fedb96be6] afs: Fix cell removal testing commit 1d0e850a49a5b56f8f3cb51e74a11e2fedb96be6 with gcc (GCC) 8.1.0 kernel signature: 838a8526f1e2349cbb8747b017fc09fbe79d58f5fdc1c40b8f078830dd888329 all runs: OK # git bisect bad 1d0e850a49a5b56f8f3cb51e74a11e2fedb96be6 1d0e850a49a5b56f8f3cb51e74a11e2fedb96be6 is the first bad commit commit 1d0e850a49a5b56f8f3cb51e74a11e2fedb96be6 Author: David Howells Date: Fri Oct 16 13:21:14 2020 +0100 afs: Fix cell removal Fix cell removal by inserting a more final state than AFS_CELL_FAILED that indicates that the cell has been unpublished in case the manager is already requeued and will go through again. The new AFS_CELL_REMOVED state will just immediately leave the manager function. Going through a second time in the AFS_CELL_FAILED state will cause it to try to remove the cell again, potentially leading to the proc list being removed. Fixes: 989782dcdc91 ("afs: Overhaul cell database management") Reported-by: syzbot+b994ecf2b023f14832c1@syzkaller.appspotmail.com Reported-by: syzbot+0e0db88e1eb44a91ae8d@syzkaller.appspotmail.com Reported-by: syzbot+2d0585e5efcd43d113c2@syzkaller.appspotmail.com Reported-by: syzbot+1ecc2f9d3387f1d79d42@syzkaller.appspotmail.com Reported-by: syzbot+18d51774588492bf3f69@syzkaller.appspotmail.com Reported-by: syzbot+a5e4946b04d6ca8fa5f3@syzkaller.appspotmail.com Suggested-by: Hillf Danton Signed-off-by: David Howells cc: Hillf Danton fs/afs/cell.c | 16 ++++++++++------ fs/afs/internal.h | 1 + 2 files changed, 11 insertions(+), 6 deletions(-) culprit signature: 838a8526f1e2349cbb8747b017fc09fbe79d58f5fdc1c40b8f078830dd888329 parent signature: 78fbf8fc44c53b09490de5414cc3d37ae4036a41af41cbcd82e91133092d55fc revisions tested: 17, total time: 3h50m8.183697405s (build: 1h25m14.824731683s, test: 2h22m45.221465755s) first good commit: 1d0e850a49a5b56f8f3cb51e74a11e2fedb96be6 afs: Fix cell removal recipients (to): ["dhowells@redhat.com" "dhowells@redhat.com" "linux-afs@lists.infradead.org"] recipients (cc): ["linux-kernel@vger.kernel.org"]