bisecting fixing commit since fb0155a09b0224a7147cb07a4ce6034c8d29667f building syzkaller on 1b88c6d5c8477f1d4fb3b389443b200acc32e9a8 testing commit fb0155a09b0224a7147cb07a4ce6034c8d29667f with gcc (GCC) 8.1.0 kernel signature: 11c2edb6d0b21ae177e544419404d48ed572eea722b27fb78dddce8c493939d6 run #0: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_proc_cell_setup run #1: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_deactivate_cell run #2: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_manage_cell run #3: crashed: BUG: unable to handle kernel paging request in afs_proc_cell_remove run #4: crashed: BUG: unable to handle kernel paging request in afs_lookup_cell run #5: crashed: BUG: sleeping function called from invalid context in corrupted run #6: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_deactivate_cell run #7: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_deactivate_cell run #8: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_deactivate_cell run #9: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_deactivate_cell testing current HEAD 07e0887302450a62f51dba72df6afb5fabb23d1c testing commit 07e0887302450a62f51dba72df6afb5fabb23d1c with gcc (GCC) 8.1.0 kernel signature: 82079bd4e8d3d8fd4afcf100ea7fad3b496c446fd560e5d17237c4bb205e8704 all runs: OK # git bisect start 07e0887302450a62f51dba72df6afb5fabb23d1c fb0155a09b0224a7147cb07a4ce6034c8d29667f Bisecting: 7414 revisions left to test after this (roughly 13 steps) [c48b75b7271db23c1b2d1204d6e8496d91f27711] Merge tag 'sound-5.10-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound testing commit c48b75b7271db23c1b2d1204d6e8496d91f27711 with gcc (GCC) 8.1.0 kernel signature: b974ef13095fd786e6ba64c7c9ddbae41bdc5fec1edd9325a771da3e108845f2 run #0: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_manage_cell run #1: crashed: WARNING: proc registration bug in afs_manage_cell run #2: crashed: WARNING in __xlate_proc_name run #3: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_manage_cell run #4: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_deactivate_cell run #5: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_manage_cell run #6: crashed: BUG: unable to handle kernel paging request in afs_proc_cell_remove run #7: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_deactivate_cell run #8: crashed: INFO: task hung in synchronize_rcu run #9: basic kernel testing failed: failed to copy test binary to VM: failed to run ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "-i" "/syzkaller/jobs/linux/workdir/image/key" "/tmp/syz-executor446618846" "root@10.128.1.17:./syz-executor446618846"]: exit status 1 ssh: connect to host 10.128.1.17 port 22: Connection timed out lost connection # git bisect good c48b75b7271db23c1b2d1204d6e8496d91f27711 Bisecting: 3674 revisions left to test after this (roughly 12 steps) [09a31a7e3723afd79022d5d3ff3634c2630c2eeb] Merge tag 'mips_5.10' of git://git.kernel.org/pub/scm/linux/kernel/git/mips/linux testing commit 09a31a7e3723afd79022d5d3ff3634c2630c2eeb with gcc (GCC) 8.1.0 kernel signature: 6fe4d59b48e4cf2008783299af94fa89cdae8b36bf869a71825d80b0f66e95be run #0: crashed: general protection fault in afs_proc_cell_setup run #1: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_alloc_anon_key run #2: crashed: WARNING in __proc_create run #3: crashed: general protection fault in afs_deactivate_cell run #4: crashed: WARNING in __xlate_proc_name run #5: crashed: BUG: Dentry still in use [unmount of afs afs] run #6: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_deactivate_cell run #7: crashed: WARNING in __proc_create run #8: crashed: INFO: rcu detected stall in afs_manage_cell run #9: crashed: no output from test machine # git bisect good 09a31a7e3723afd79022d5d3ff3634c2630c2eeb Bisecting: 1831 revisions left to test after this (roughly 11 steps) [9313f8026328d0309d093f6774be4b8f5340c0e5] Merge tag 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mst/vhost testing commit 9313f8026328d0309d093f6774be4b8f5340c0e5 with gcc (GCC) 8.1.0 kernel signature: 725f5ee3fc7e4db0abe3d473b5bc0ddd473fef48aaddce76f12de3d3a525ed1d all runs: OK # git bisect bad 9313f8026328d0309d093f6774be4b8f5340c0e5 Bisecting: 929 revisions left to test after this (roughly 10 steps) [f9915b964c25193a6be1aed744c946d6ff177149] Merge tag 'drm-next-2020-10-19' of git://anongit.freedesktop.org/drm/drm testing commit f9915b964c25193a6be1aed744c946d6ff177149 with gcc (GCC) 8.1.0 kernel signature: 92843ca66858eb74ccad8d48046a8b2d4de61df7214ab3e46512e8253ddf0a48 all runs: OK # git bisect bad f9915b964c25193a6be1aed744c946d6ff177149 Bisecting: 450 revisions left to test after this (roughly 9 steps) [a1e16bc7d5f7ca3599d8a7f061841c93a563665e] Merge tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma testing commit a1e16bc7d5f7ca3599d8a7f061841c93a563665e with gcc (GCC) 8.1.0 kernel signature: a8fdf6695a66f72cfd4225950bf035cd9d3dd4a147eefa2a8324f68a80f957d2 all runs: OK # git bisect bad a1e16bc7d5f7ca3599d8a7f061841c93a563665e Bisecting: 199 revisions left to test after this (roughly 8 steps) [6f78b9acf04fbf9ede7f4265e7282f9fb39d2c8c] Merge tag 'mtd/for-5.10' of git://git.kernel.org/pub/scm/linux/kernel/git/mtd/linux testing commit 6f78b9acf04fbf9ede7f4265e7282f9fb39d2c8c with gcc (GCC) 8.1.0 kernel signature: 6dee16e43943cf38f1afd5f9d02e8f1f6c20a3f7eae7222691382fb3dcef15fa all runs: OK # git bisect bad 6f78b9acf04fbf9ede7f4265e7282f9fb39d2c8c Bisecting: 120 revisions left to test after this (roughly 7 steps) [7a3dadedc82e340f8292f64e7bfa964c525009c0] Merge tag 'f2fs-for-5.10-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/jaegeuk/f2fs testing commit 7a3dadedc82e340f8292f64e7bfa964c525009c0 with gcc (GCC) 8.1.0 kernel signature: 0f1ef49fec0b7081baeb16e4b7680c51a5d4759d17a6ff4c4307158445785d8e run #0: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_deactivate_cell run #1: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_proc_cell_setup run #2: crashed: WARNING in __xlate_proc_name run #3: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_deactivate_cell run #4: crashed: BUG: unable to handle kernel paging request in afs_proc_cell_setup run #5: crashed: general protection fault in afs_proc_cell_setup run #6: crashed: WARNING: proc registration bug in afs_manage_cell run #7: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_deactivate_cell run #8: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_manage_cell run #9: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_manage_cell # git bisect good 7a3dadedc82e340f8292f64e7bfa964c525009c0 Bisecting: 54 revisions left to test after this (roughly 6 steps) [3856a28cfe9161927fa13bb7cb561f6d8fd2e82a] Merge tag 'nand/for-5.10' of git://git.kernel.org/pub/scm/linux/kernel/git/mtd/linux into mtd/next testing commit 3856a28cfe9161927fa13bb7cb561f6d8fd2e82a with gcc (GCC) 8.1.0 kernel signature: ce0426571dfbca3c1946392a5a0f767bbac2318cc3f0988ca0cd8fdf122e9fd8 run #0: crashed: BUG: unable to handle kernel paging request in afs_proc_cell_remove run #1: crashed: BUG: unable to handle kernel paging request in afs_proc_cell_setup run #2: crashed: WARNING: proc registration bug in afs_manage_cell run #3: crashed: BUG: unable to handle kernel paging request in afs_proc_cell_remove run #4: crashed: BUG: Dentry still in use [unmount of afs afs] run #5: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_manage_cell run #6: crashed: WARNING: ODEBUG bug in __do_softirq run #7: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_deactivate_cell run #8: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_manage_cell run #9: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_deactivate_cell # git bisect good 3856a28cfe9161927fa13bb7cb561f6d8fd2e82a Bisecting: 33 revisions left to test after this (roughly 5 steps) [071a0578b0ce0b0e543d1e38ee6926b9cc21c198] Merge tag 'ovl-update-5.10' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/vfs testing commit 071a0578b0ce0b0e543d1e38ee6926b9cc21c198 with gcc (GCC) 8.1.0 kernel signature: c1e9c0621e1a74bdffe448bfd280787802c8ffbec37feeffaa2c683685bc6f62 all runs: OK # git bisect bad 071a0578b0ce0b0e543d1e38ee6926b9cc21c198 Bisecting: 10 revisions left to test after this (roughly 3 steps) [43d193f8440d67f0dddd93ae973eb94174039e83] ovl: enumerate private xattrs testing commit 43d193f8440d67f0dddd93ae973eb94174039e83 with gcc (GCC) 8.1.0 kernel signature: 91f6c40c17f339713f94c7740f508b8330395c67efcc9aebb717b3ba17e1090e run #0: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_manage_cell run #1: crashed: general protection fault in afs_proc_cell_setup run #2: crashed: WARNING: ODEBUG bug in __do_softirq run #3: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_manage_cell run #4: crashed: WARNING: proc registration bug in afs_manage_cell run #5: crashed: WARNING in __proc_create run #6: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_alloc_anon_key run #7: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_put_cell run #8: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_deactivate_cell run #9: crashed: INFO: rcu detected stall in afs_manage_cell # git bisect good 43d193f8440d67f0dddd93ae973eb94174039e83 Bisecting: 5 revisions left to test after this (roughly 3 steps) [dca54a7bbb8ca9148ae10d60c66c926e222a9c4b] afs: Add tracing for cell refcount and active user count testing commit dca54a7bbb8ca9148ae10d60c66c926e222a9c4b with gcc (GCC) 8.1.0 kernel signature: f9d14909555f6d1f4b4f30072bbc9595dad68bfab52213f9bc7c4f5a96b17aae all runs: OK # git bisect bad dca54a7bbb8ca9148ae10d60c66c926e222a9c4b Bisecting: 2 revisions left to test after this (roughly 1 step) [88c853c3f5c0a07c5db61b494ee25152535cfeee] afs: Fix cell refcounting by splitting the usage counter testing commit 88c853c3f5c0a07c5db61b494ee25152535cfeee with gcc (GCC) 8.1.0 kernel signature: dd64af75a55a0e7ac0275ea2ca32e9262b1db59180bbe1cde6c2facdff1bff8a run #0: crashed: WARNING: proc registration bug in afs_manage_cell_work run #1: crashed: WARNING: proc registration bug in afs_manage_cell_work run #2: crashed: WARNING: proc registration bug in afs_manage_cell_work run #3: crashed: INFO: task hung in synchronize_rcu run #4: crashed: INFO: task hung in synchronize_rcu run #5: crashed: INFO: task hung in synchronize_rcu run #6: crashed: INFO: task hung in synchronize_rcu run #7: crashed: INFO: task hung in synchronize_rcu run #8: crashed: INFO: task hung in synchronize_rcu run #9: crashed: BUG: workqueue lockup # git bisect good 88c853c3f5c0a07c5db61b494ee25152535cfeee Bisecting: 0 revisions left to test after this (roughly 1 step) [1d0e850a49a5b56f8f3cb51e74a11e2fedb96be6] afs: Fix cell removal testing commit 1d0e850a49a5b56f8f3cb51e74a11e2fedb96be6 with gcc (GCC) 8.1.0 kernel signature: ec108f117e101c3d37d585e43bb3169898d06f9dfd11f70e10fc35472cc7d311 all runs: OK # git bisect bad 1d0e850a49a5b56f8f3cb51e74a11e2fedb96be6 Bisecting: 0 revisions left to test after this (roughly 0 steps) [286377f6bdf71568a4cf07104fe44006ae0dba6d] afs: Fix cell purging with aliases testing commit 286377f6bdf71568a4cf07104fe44006ae0dba6d with gcc (GCC) 8.1.0 kernel signature: 8e622acbaeb3fcb49cafa78f52b40607d625ee8da97c8ea682602faf09a8adac run #0: crashed: WARNING: proc registration bug in afs_manage_cell_work run #1: crashed: WARNING: proc registration bug in afs_manage_cell_work run #2: crashed: WARNING: proc registration bug in afs_manage_cell_work run #3: crashed: INFO: task hung in synchronize_rcu run #4: crashed: INFO: task hung in synchronize_rcu run #5: crashed: INFO: task hung in synchronize_rcu run #6: crashed: INFO: task hung in synchronize_rcu run #7: crashed: INFO: task hung in synchronize_rcu run #8: crashed: INFO: task hung in synchronize_rcu run #9: crashed: BUG: workqueue lockup # git bisect good 286377f6bdf71568a4cf07104fe44006ae0dba6d 1d0e850a49a5b56f8f3cb51e74a11e2fedb96be6 is the first bad commit commit 1d0e850a49a5b56f8f3cb51e74a11e2fedb96be6 Author: David Howells Date: Fri Oct 16 13:21:14 2020 +0100 afs: Fix cell removal Fix cell removal by inserting a more final state than AFS_CELL_FAILED that indicates that the cell has been unpublished in case the manager is already requeued and will go through again. The new AFS_CELL_REMOVED state will just immediately leave the manager function. Going through a second time in the AFS_CELL_FAILED state will cause it to try to remove the cell again, potentially leading to the proc list being removed. Fixes: 989782dcdc91 ("afs: Overhaul cell database management") Reported-by: syzbot+b994ecf2b023f14832c1@syzkaller.appspotmail.com Reported-by: syzbot+0e0db88e1eb44a91ae8d@syzkaller.appspotmail.com Reported-by: syzbot+2d0585e5efcd43d113c2@syzkaller.appspotmail.com Reported-by: syzbot+1ecc2f9d3387f1d79d42@syzkaller.appspotmail.com Reported-by: syzbot+18d51774588492bf3f69@syzkaller.appspotmail.com Reported-by: syzbot+a5e4946b04d6ca8fa5f3@syzkaller.appspotmail.com Suggested-by: Hillf Danton Signed-off-by: David Howells cc: Hillf Danton fs/afs/cell.c | 16 ++++++++++------ fs/afs/internal.h | 1 + 2 files changed, 11 insertions(+), 6 deletions(-) culprit signature: ec108f117e101c3d37d585e43bb3169898d06f9dfd11f70e10fc35472cc7d311 parent signature: 8e622acbaeb3fcb49cafa78f52b40607d625ee8da97c8ea682602faf09a8adac revisions tested: 16, total time: 3h43m22.394674105s (build: 1h27m9.72989299s, test: 2h13m45.03393314s) first good commit: 1d0e850a49a5b56f8f3cb51e74a11e2fedb96be6 afs: Fix cell removal recipients (to): ["dhowells@redhat.com" "dhowells@redhat.com" "linux-afs@lists.infradead.org"] recipients (cc): ["linux-kernel@vger.kernel.org"]