bisecting cause commit starting from 34d4ddd359dbcdf6c5fb3f85a179243d7a1cb7f8 building syzkaller on 409809d8a7c9c775eaea317add40e7a86a1e836c testing commit 34d4ddd359dbcdf6c5fb3f85a179243d7a1cb7f8 with gcc (GCC) 8.1.0 kernel signature: 4dfadb2a7549835206106d7e514d3a92df2c1ca21bd0fea161dc37a4a0fc376f run #0: crashed: BUG: unable to handle kernel paging request in afs_proc_cell_setup run #1: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_deactivate_cell run #2: crashed: general protection fault in afs_proc_cell_setup run #3: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_manage_cell run #4: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_deactivate_cell run #5: crashed: BUG: unable to handle kernel paging request in afs_proc_cell_remove run #6: OK run #7: OK run #8: OK run #9: OK testing release v5.8 testing commit bcf876870b95592b52519ed4aafcf9d95999bc9c with gcc (GCC) 8.1.0 kernel signature: fefec158c14c9ee579ba2782f37f5965b646d5cc3acd1b1f08201d1db7e04784 run #0: crashed: WARNING in __proc_create run #1: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_request_key run #2: crashed: WARNING in __proc_create run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK testing release v5.7 testing commit 3d77e6a8804abcc0504c904bd6e5cdf3a5cf8162 with gcc (GCC) 8.1.0 kernel signature: 8e7150b09db630f8ac0a91556ced41052e415838f563e7163c1594a6f9d14e27 run #0: crashed: KASAN: use-after-free Write in afs_deactivate_cell run #1: crashed: KASAN: use-after-free Write in afs_manage_cell run #2: crashed: KASAN: use-after-free Read in afs_deactivate_cell run #3: crashed: KASAN: use-after-free Read in __proc_create run #4: crashed: KASAN: use-after-free Read in fscache_alloc_cookie run #5: crashed: INFO: rcu detected stall in corrupted run #6: OK run #7: OK run #8: OK run #9: OK testing release v5.6 testing commit 7111951b8d4973bda27ff663f2cf18b663d15b48 with gcc (GCC) 8.1.0 kernel signature: 1b5e77e3f0c5af6a181234a12da423633a4d6b8395634a458c597944a2721df5 run #0: crashed: KASAN: use-after-free Write in afs_manage_cell run #1: crashed: KASAN: use-after-free Write in afs_manage_cell run #2: crashed: KASAN: use-after-free Write in afs_manage_cell run #3: crashed: KASAN: use-after-free Read in __proc_create run #4: crashed: KASAN: use-after-free Read in afs_deactivate_cell run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK testing release v5.5 testing commit d5226fa6dbae0569ee43ecfc08bdcd6770fc4755 with gcc (GCC) 8.1.0 kernel signature: ecb008677f69a6c17afae4b6544d3ff478fc94cff9e81cc084d54c9dad575ae0 run #0: crashed: WARNING: proc registration bug in afs_manage_cell run #1: crashed: WARNING: ODEBUG bug in __do_softirq run #2: crashed: KASAN: use-after-free Read in __proc_create run #3: crashed: KASAN: use-after-free Read in fscache_alloc_cookie run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK testing release v5.4 testing commit 219d54332a09e8d8741c1e1982f5eae56099de85 with gcc (GCC) 8.1.0 kernel signature: 176016851ec0ab97d9ccfd7a0a01c8f6feacc10beb022579fc2a11b80133e3ec run #0: crashed: KASAN: use-after-free Write in afs_deactivate_cell run #1: crashed: KASAN: use-after-free Read in afs_deactivate_cell run #2: crashed: KASAN: use-after-free Read in fscache_alloc_cookie run #3: crashed: KASAN: use-after-free Write in afs_manage_cell run #4: crashed: KASAN: use-after-free Write in afs_deactivate_cell run #5: crashed: KASAN: use-after-free Read in __proc_create run #6: OK run #7: OK run #8: OK run #9: OK testing release v5.3 testing commit 4d856f72c10ecb060868ed10ff1b1453943fc6c8 with gcc (GCC) 8.1.0 kernel signature: d4caf22381c81d8a30bb3ca6434d63db37831404b7946673bb2a344c6cd31ee1 run #0: crashed: KASAN: use-after-free Write in afs_manage_cell run #1: crashed: KASAN: use-after-free Read in afs_deactivate_cell run #2: crashed: KASAN: use-after-free Read in afs_deactivate_cell run #3: crashed: KASAN: use-after-free Write in afs_deactivate_cell run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK testing release v5.2 testing commit 0ecfebd2b52404ae0c54a878c872bb93363ada36 with gcc (GCC) 8.1.0 kernel signature: bbddd355e2406f848a9f789e74e3eaddaebf59140b985b0808c92a417303c8c3 run #0: crashed: KASAN: use-after-free Write in afs_deactivate_cell run #1: crashed: KASAN: use-after-free Write in afs_manage_cell run #2: crashed: KASAN: use-after-free Read in afs_deactivate_cell run #3: crashed: KASAN: use-after-free Read in afs_deactivate_cell run #4: crashed: KASAN: use-after-free Write in afs_manage_cell run #5: crashed: KASAN: use-after-free Write in afs_deactivate_cell run #6: OK run #7: OK run #8: OK run #9: OK testing release v5.1 testing commit e93c9c99a629c61837d5a7fc2120cd2b6c70dbdd with gcc (GCC) 8.1.0 kernel signature: f228472011275734e7d95ab5cfaa17b2a4a83e54aa0bc254eeb63f73c37b93cb run #0: crashed: KASAN: use-after-free Read in afs_deactivate_cell run #1: crashed: WARNING: ODEBUG bug in afs_cell_destroy run #2: crashed: KASAN: use-after-free Read in afs_deactivate_cell run #3: crashed: KASAN: use-after-free Read in fscache_alloc_cookie run #4: crashed: WARNING: ODEBUG bug in afs_cell_destroy run #5: crashed: KASAN: use-after-free Write in afs_deactivate_cell run #6: OK run #7: OK run #8: basic kernel testing failed: failed to copy test binary to VM: timedout ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "-i" "/syzkaller/jobs/linux/workdir/image/key" "/tmp/syz-executor018891703" "root@10.128.15.198:./syz-executor018891703"] run #9: OK testing release v5.0 testing commit 1c163f4c7b3f621efff9b28a47abb36f7378d783 with gcc (GCC) 8.1.0 kernel signature: 10cd51ccf85785bf04771c4782c1df396aca93ddc148b3c26d09f273a57abfc3 all runs: OK # git bisect start e93c9c99a629c61837d5a7fc2120cd2b6c70dbdd 1c163f4c7b3f621efff9b28a47abb36f7378d783 Bisecting: 7074 revisions left to test after this (roughly 13 steps) [b5dd0c658c31b469ccff1b637e5124851e7a4a1c] Merge branch 'akpm' (patches from Andrew) testing commit b5dd0c658c31b469ccff1b637e5124851e7a4a1c with gcc (GCC) 8.1.0 kernel signature: e2d1c8eceabc7663c7edcba91fdf13a41e31caa2be6529dfd91f9876ac62e0e5 all runs: OK # git bisect good b5dd0c658c31b469ccff1b637e5124851e7a4a1c Bisecting: 3573 revisions left to test after this (roughly 12 steps) [4f0237062ca70c8e34e16e518aee4b84c30d1832] Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input testing commit 4f0237062ca70c8e34e16e518aee4b84c30d1832 with gcc (GCC) 8.1.0 kernel signature: 11d9ef9f75387f595adbe642b659089a556b17c80599d6d296e5dd6bfc467c3d all runs: OK # git bisect good 4f0237062ca70c8e34e16e518aee4b84c30d1832 Bisecting: 1796 revisions left to test after this (roughly 11 steps) [345077c8e172c255ea0707214303ccd099e5656b] KVM: PPC: Book3S: Protect memslots while validating user address testing commit 345077c8e172c255ea0707214303ccd099e5656b with gcc (GCC) 8.1.0 kernel signature: efd872e3df145072b11c4aaea5f798c63e019631975119192c20396b6b5a0fbb run #0: crashed: KASAN: use-after-free Write in afs_manage_cell run #1: crashed: WARNING: ODEBUG bug in afs_cell_destroy run #2: crashed: KASAN: use-after-free Read in afs_deactivate_cell run #3: crashed: KASAN: use-after-free Write in afs_manage_cell run #4: crashed: KASAN: use-after-free Write in afs_manage_cell run #5: crashed: KASAN: use-after-free Read in afs_deactivate_cell run #6: crashed: KASAN: use-after-free Write in afs_deactivate_cell run #7: crashed: KASAN: use-after-free Read in fscache_alloc_cookie run #8: OK run #9: OK # git bisect bad 345077c8e172c255ea0707214303ccd099e5656b Bisecting: 880 revisions left to test after this (roughly 10 steps) [f3ca4c55a6581c46e9f4a592dd698a7c67a713dd] Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net testing commit f3ca4c55a6581c46e9f4a592dd698a7c67a713dd with gcc (GCC) 8.1.0 kernel signature: 212dadd35ddff117d7e9030483001ceb38f933c824a75428ecddd66dc2b5db4f run #0: crashed: KASAN: use-after-free Write in afs_manage_cell run #1: crashed: KASAN: use-after-free Write in afs_manage_cell run #2: crashed: KASAN: use-after-free Write in afs_manage_cell run #3: crashed: KASAN: use-after-free Write in afs_manage_cell run #4: crashed: KASAN: use-after-free Write in afs_deactivate_cell run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect bad f3ca4c55a6581c46e9f4a592dd698a7c67a713dd Bisecting: 441 revisions left to test after this (roughly 9 steps) [a5adcfcad55d5f034b33f79f1a873229d1e77b24] Merge tag 'ext4_for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4 testing commit a5adcfcad55d5f034b33f79f1a873229d1e77b24 with gcc (GCC) 8.1.0 kernel signature: 90b580d09332b19a2f12edc9cd7e0fc5f94275da8cbba7d440f3627871a461dd run #0: crashed: KASAN: use-after-free Write in afs_manage_cell run #1: crashed: KASAN: use-after-free Write in afs_deactivate_cell run #2: crashed: KASAN: use-after-free Write in afs_deactivate_cell run #3: crashed: KASAN: use-after-free Write in afs_manage_cell run #4: crashed: KASAN: use-after-free Read in afs_deactivate_cell run #5: crashed: WARNING: ODEBUG bug in afs_cell_destroy run #6: crashed: KASAN: use-after-free Write in afs_deactivate_cell run #7: crashed: WARNING: ODEBUG bug in afs_cell_destroy run #8: OK run #9: OK # git bisect bad a5adcfcad55d5f034b33f79f1a873229d1e77b24 Bisecting: 225 revisions left to test after this (roughly 8 steps) [5f739e4a491ab63730ef3b7464171340c689fbff] Merge branch 'work.misc' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs testing commit 5f739e4a491ab63730ef3b7464171340c689fbff with gcc (GCC) 8.1.0 kernel signature: 0bd68355ae54d89d4eb25844c200c885839d2a11b00b3db2ca9c3c288660a432 all runs: OK # git bisect good 5f739e4a491ab63730ef3b7464171340c689fbff Bisecting: 134 revisions left to test after this (roughly 7 steps) [4d6c671ace569d4b0d3f8d92ab3aef18a5d166bc] SUNRPC: Take the transport send lock before binding+connecting testing commit 4d6c671ace569d4b0d3f8d92ab3aef18a5d166bc with gcc (GCC) 8.1.0 kernel signature: 5d15cf8ca8e5514fbf35889a77fdf7598f584b9f5492a54f6826b0b570832d06 all runs: OK # git bisect good 4d6c671ace569d4b0d3f8d92ab3aef18a5d166bc Bisecting: 63 revisions left to test after this (roughly 6 steps) [dfee9c257b102d7c0407629eef2ed32e152de0d2] Merge tag 'fuse-update-5.1' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/fuse testing commit dfee9c257b102d7c0407629eef2ed32e152de0d2 with gcc (GCC) 8.1.0 kernel signature: 461b28fbe77a9fb4914bf7ec08cb4ef4fbb313257dd04f5af7b1d060b2c8d387 run #0: crashed: KASAN: use-after-free Write in afs_manage_cell run #1: crashed: KASAN: use-after-free Read in afs_deactivate_cell run #2: crashed: KASAN: use-after-free Write in afs_deactivate_cell run #3: crashed: KASAN: use-after-free Write in afs_deactivate_cell run #4: crashed: KASAN: use-after-free Read in afs_deactivate_cell run #5: crashed: KASAN: use-after-free Read in afs_deactivate_cell run #6: crashed: KASAN: use-after-free Write in afs_manage_cell run #7: crashed: INFO: rcu detected stall in corrupted run #8: crashed: KASAN: use-after-free Read in afs_deactivate_cell run #9: crashed: KASAN: use-after-free Write in afs_manage_cell # git bisect bad dfee9c257b102d7c0407629eef2ed32e152de0d2 Bisecting: 35 revisions left to test after this (roughly 5 steps) [32021982a324dce93b4ae00c06213bf45fb319c8] hugetlbfs: Convert to fs_context testing commit 32021982a324dce93b4ae00c06213bf45fb319c8 with gcc (GCC) 8.1.0 kernel signature: 5e85c0423eb91c663c23c187c2a99a340571ac63099ccd60750dc6bdcbd1867e run #0: crashed: WARNING in batadv_mcast_mla_tt_retract run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect bad 32021982a324dce93b4ae00c06213bf45fb319c8 Bisecting: 17 revisions left to test after this (roughly 4 steps) [846e56621897a63966b7f03a70be29060394c363] vfs: Put security flags into the fs_context struct testing commit 846e56621897a63966b7f03a70be29060394c363 with gcc (GCC) 8.1.0 kernel signature: 834956d77ddf116f9ec94ceca79fa5674f9e37dc9d97c5362456a1f87d34eb6a all runs: OK # git bisect good 846e56621897a63966b7f03a70be29060394c363 Bisecting: 8 revisions left to test after this (roughly 3 steps) [f5dfb5315d340abd71bec523be9b114d5ac410de] cgroup: take options parsing into ->parse_monolithic() testing commit f5dfb5315d340abd71bec523be9b114d5ac410de with gcc (GCC) 8.1.0 kernel signature: 0142814bc4c31542ac67edb011dd570caccb7f5ec84c06bf1be2c2dca045c6c3 all runs: OK # git bisect good f5dfb5315d340abd71bec523be9b114d5ac410de Bisecting: 4 revisions left to test after this (roughly 2 steps) [71d883c37e8d4484207708af56685abb39703b04] cgroup_do_mount(): massage calling conventions testing commit 71d883c37e8d4484207708af56685abb39703b04 with gcc (GCC) 8.1.0 kernel signature: f68834cb6133e3e45c2d9d2b9dad2fcbbf2da0e953f69a48f7c1fb7aa794da46 all runs: OK # git bisect good 71d883c37e8d4484207708af56685abb39703b04 Bisecting: 2 revisions left to test after this (roughly 1 step) [cca8f32714d3a8bb4d109c9d7d790fd705b734e5] cgroup: store a reference to cgroup_ns into cgroup_fs_context testing commit cca8f32714d3a8bb4d109c9d7d790fd705b734e5 with gcc (GCC) 8.1.0 kernel signature: 5bb9dde97bd524496950437f1b1798d583b3b44b71260ebe3eb710df570c1b27 all runs: OK # git bisect good cca8f32714d3a8bb4d109c9d7d790fd705b734e5 Bisecting: 0 revisions left to test after this (roughly 1 step) [a18753747385b8b98577a18adc8ec99fda679044] cpuset: Use fs_context testing commit a18753747385b8b98577a18adc8ec99fda679044 with gcc (GCC) 8.1.0 kernel signature: 0273a7cbc67a6fa529d1dcc231c0378a28950a1c2267db31e5e85e662a5f82b9 all runs: OK # git bisect good a18753747385b8b98577a18adc8ec99fda679044 32021982a324dce93b4ae00c06213bf45fb319c8 is the first bad commit commit 32021982a324dce93b4ae00c06213bf45fb319c8 Author: David Howells Date: Thu Nov 1 23:07:26 2018 +0000 hugetlbfs: Convert to fs_context Convert the hugetlbfs to use the fs_context during mount. Signed-off-by: David Howells Signed-off-by: Al Viro fs/hugetlbfs/inode.c | 358 ++++++++++++++++++++++++++++----------------------- 1 file changed, 200 insertions(+), 158 deletions(-) culprit signature: 5e85c0423eb91c663c23c187c2a99a340571ac63099ccd60750dc6bdcbd1867e parent signature: 0273a7cbc67a6fa529d1dcc231c0378a28950a1c2267db31e5e85e662a5f82b9 revisions tested: 24, total time: 6h47m7.827239761s (build: 2h26m26.615071464s, test: 4h17m49.46210782s) first bad commit: 32021982a324dce93b4ae00c06213bf45fb319c8 hugetlbfs: Convert to fs_context recipients (to): ["dhowells@redhat.com" "linux-mm@kvack.org" "mike.kravetz@oracle.com" "viro@zeniv.linux.org.uk"] recipients (cc): ["linux-kernel@vger.kernel.org"] crash: WARNING in batadv_mcast_mla_tt_retract team0 (unregistering): Port device team_slave_0 removed bond0 (unregistering): Releasing backup interface bond_slave_1 bond0 (unregistering): Releasing backup interface bond_slave_0 bond0 (unregistering): Released all slaves WARNING: CPU: 1 PID: 7 at net/batman-adv/multicast.c:337 batadv_mcast_mla_tt_retract+0x2ea/0x4c0 net/batman-adv/multicast.c:353 Kernel panic - not syncing: panic_on_warn set ... CPU: 1 PID: 7 Comm: kworker/u4:0 Not tainted 5.0.0-rc2-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: bat_events batadv_mcast_mla_update Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x165/0x21a lib/dump_stack.c:113 panic+0x212/0x40b kernel/panic.c:214 __warn.cold.7+0x1b/0x38 kernel/panic.c:571 report_bug+0x1a4/0x200 lib/bug.c:186 fixup_bug arch/x86/kernel/traps.c:178 [inline] do_error_trap+0x11b/0x200 arch/x86/kernel/traps.c:271 do_invalid_op+0x36/0x40 arch/x86/kernel/traps.c:290 invalid_op+0x14/0x20 arch/x86/entry/entry_64.S:973 RIP: 0010:batadv_mcast_mla_tt_retract+0x2ea/0x4c0 net/batman-adv/multicast.c:337 Code: e8 db ec ce fa 48 85 db 49 89 dc 0f 85 d0 fd ff ff 48 83 c4 30 5b 41 5c 41 5d 41 5e 41 5f 5d c3 49 8d 74 24 10 e9 3f ff ff ff <0f> 0b e9 5c fd ff ff 48 89 75 b0 44 89 55 bc 44 89 45 c0 48 89 45 RSP: 0018:ffff8880a9837ac8 EFLAGS: 00010202 RAX: 0000000000000121 RBX: ffff8880a9837d30 RCX: 1ffff11015305552 RDX: 1ffff1101139ddb4 RSI: ffff8880a9837c30 RDI: ffff888089ceeda0 RBP: ffff8880a9837b20 R08: ffff8880a9837c70 R09: 0000000000000003 R10: ffffed1015d25bd7 R11: ffff8880ae92debb R12: ffff888089ceeda0 R13: ffff8880a9837c30 R14: 0000000000000000 R15: ffff8880a9837c70 __batadv_mcast_mla_update net/batman-adv/multicast.c:635 [inline] batadv_mcast_mla_update+0x456/0x2020 net/batman-adv/multicast.c:661 process_one_work+0x7b9/0x15a0 kernel/workqueue.c:2153 worker_thread+0x85/0xb60 kernel/workqueue.c:2296 kthread+0x324/0x3e0 kernel/kthread.c:246 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:352 Kernel Offset: disabled Rebooting in 86400 seconds..