bisecting cause commit starting from 139287cc2cc0c3e2a3fc4c57164b0236d00795f4 building syzkaller on 69d69aa92d131444455d18b61ecdfdcb1fcb54e2 testing commit 139287cc2cc0c3e2a3fc4c57164b0236d00795f4 with gcc (GCC) 8.1.0 all runs: crashed: WARNING in ep_poll_callback testing release v4.20 testing commit 8fe28cb58bcb235034b64cbbb7550a8a43fd88be with gcc (GCC) 8.1.0 all runs: OK # git bisect start 139287cc2cc0c3e2a3fc4c57164b0236d00795f4 v4.20 Bisecting: 6486 revisions left to test after this (roughly 13 steps) [4e45f712d82c6b7a37e02faf388173ad12ab464d] include/linux/slab.h: fix sparse warning in kmalloc_type() testing commit 4e45f712d82c6b7a37e02faf388173ad12ab464d with gcc (GCC) 8.1.0 all runs: OK # git bisect good 4e45f712d82c6b7a37e02faf388173ad12ab464d Bisecting: 3514 revisions left to test after this (roughly 12 steps) [d36377c6eb071e3d0751e9e0e3c19198c58d9a5d] Merge tag 'armsoc-drivers' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc testing commit d36377c6eb071e3d0751e9e0e3c19198c58d9a5d with gcc (GCC) 8.1.0 all runs: OK # git bisect good d36377c6eb071e3d0751e9e0e3c19198c58d9a5d Bisecting: 1758 revisions left to test after this (roughly 11 steps) [c7eaf342ecb164d79275a6c1c93aef19293a4aaf] Merge tag 'ceph-for-4.21-rc1' of git://github.com/ceph/ceph-client testing commit c7eaf342ecb164d79275a6c1c93aef19293a4aaf with gcc (GCC) 8.1.0 all runs: OK # git bisect good c7eaf342ecb164d79275a6c1c93aef19293a4aaf Bisecting: 881 revisions left to test after this (roughly 10 steps) [f89e90eaa3aeffdd61a751e217c95c33d110517f] Merge remote-tracking branch 'jfs/jfs-next' testing commit f89e90eaa3aeffdd61a751e217c95c33d110517f with gcc (GCC) 8.1.0 all runs: OK # git bisect good f89e90eaa3aeffdd61a751e217c95c33d110517f Bisecting: 439 revisions left to test after this (roughly 9 steps) [95e8f386748b67bdd92e2c512fef3e71476dcdd3] Merge remote-tracking branch 'kgdb/kgdb-next' testing commit 95e8f386748b67bdd92e2c512fef3e71476dcdd3 with gcc (GCC) 8.1.0 all runs: OK # git bisect good 95e8f386748b67bdd92e2c512fef3e71476dcdd3 Bisecting: 220 revisions left to test after this (roughly 8 steps) [6b20506fae15e4d51547b04a508f3f466f581975] Merge remote-tracking branch 'gpio/for-next' testing commit 6b20506fae15e4d51547b04a508f3f466f581975 with gcc (GCC) 8.1.0 all runs: OK # git bisect good 6b20506fae15e4d51547b04a508f3f466f581975 Bisecting: 110 revisions left to test after this (roughly 7 steps) [3b8f1772b25d42cf6b12c2d13b441e0085888cbb] mm, compaction: capture a page under direct compaction testing commit 3b8f1772b25d42cf6b12c2d13b441e0085888cbb with gcc (GCC) 8.1.0 all runs: OK # git bisect good 3b8f1772b25d42cf6b12c2d13b441e0085888cbb Bisecting: 56 revisions left to test after this (roughly 6 steps) [0f4dd344756019cb3b3c7b34f28eb14bc9bee504] Merge remote-tracking branch 'kgdb-dt/kgdb/for-next' testing commit 0f4dd344756019cb3b3c7b34f28eb14bc9bee504 with gcc (GCC) 8.1.0 all runs: OK # git bisect good 0f4dd344756019cb3b3c7b34f28eb14bc9bee504 Bisecting: 28 revisions left to test after this (roughly 5 steps) [e1020f95c53380fc42de3c74ca368acac7af7b3b] mm: don't expose page to fast gup before it's ready testing commit e1020f95c53380fc42de3c74ca368acac7af7b3b with gcc (GCC) 8.1.0 all runs: OK # git bisect good e1020f95c53380fc42de3c74ca368acac7af7b3b Bisecting: 14 revisions left to test after this (roughly 4 steps) [07838fd944882bd2e0d0e4043e32900d79666bda] epoll: use rwlock in order to reduce ep_poll_callback() contention testing commit 07838fd944882bd2e0d0e4043e32900d79666bda with gcc (GCC) 8.1.0 all runs: crashed: WARNING in ep_poll_callback # git bisect bad 07838fd944882bd2e0d0e4043e32900d79666bda Bisecting: 6 revisions left to test after this (roughly 3 steps) [12537a0d66b795336e18f0d1d63c4234dcefdde2] kernel/panic.c: taint: fix debugfs_simple_attr.cocci warnings testing commit 12537a0d66b795336e18f0d1d63c4234dcefdde2 with gcc (GCC) 8.1.0 all runs: OK # git bisect good 12537a0d66b795336e18f0d1d63c4234dcefdde2 Bisecting: 3 revisions left to test after this (roughly 2 steps) [bca651e5d8e869cd6847cfe1fca1d5c306f8031f] Documentation: rename addr_in_gen_pool to gen_pool_has_addr testing commit bca651e5d8e869cd6847cfe1fca1d5c306f8031f with gcc (GCC) 8.1.0 all runs: OK # git bisect good bca651e5d8e869cd6847cfe1fca1d5c306f8031f Bisecting: 1 revision left to test after this (roughly 1 step) [f92cacf118171208f62519d92502a8dd0341286d] epoll: loosen irq safety in ep_poll_callback() testing commit f92cacf118171208f62519d92502a8dd0341286d with gcc (GCC) 8.1.0 all runs: crashed: WARNING in ep_poll_callback # git bisect bad f92cacf118171208f62519d92502a8dd0341286d Bisecting: 0 revisions left to test after this (roughly 0 steps) [e89d04c816431202b27d312847df8ca84b1d298f] epoll: make sure all elements in ready list are in FIFO order testing commit e89d04c816431202b27d312847df8ca84b1d298f with gcc (GCC) 8.1.0 all runs: OK # git bisect good e89d04c816431202b27d312847df8ca84b1d298f f92cacf118171208f62519d92502a8dd0341286d is the first bad commit commit f92cacf118171208f62519d92502a8dd0341286d Author: Roman Penyaev Date: Tue Jan 8 12:15:44 2019 +1100 epoll: loosen irq safety in ep_poll_callback() Callers of the ep_poll_callback() (all set of wake_up_*poll()) disable interrupts, so no need to save/restore irq flags. Link: http://lkml.kernel.org/r/20190103150104.17128-3-rpenyaev@suse.de Signed-off-by: Roman Penyaev Reviewed-by: Andrew Morton Cc: Davidlohr Bueso Cc: Jason Baron Cc: Al Viro Cc: "Paul E. McKenney" Signed-off-by: Andrew Morton Signed-off-by: Stephen Rothwell :040000 040000 964e653582ebfbb96309b295d2d6237289ec5439 154d5b9372a41ff76c1c26213c9da2f24debbfae M fs revisions tested: 16, total time: 3h52m21.59631101s (build: 1h31m54.625625803s, test: 2h16m27.428555902s) first bad commit: f92cacf118171208f62519d92502a8dd0341286d epoll: loosen irq safety in ep_poll_callback() cc: ["akpm@linux-foundation.org" "dbueso@suse.de" "jbaron@akamai.com" "paulmck@linux.vnet.ibm.com" "rpenyaev@suse.de" "sfr@canb.auug.org.au" "viro@zeniv.linux.org.uk"] crash: WARNING in ep_poll_callback 8021q: adding VLAN 0 to HW filter on device batadv0 IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready 8021q: adding VLAN 0 to HW filter on device batadv0 ------------[ cut here ]------------ IRQs not disabled as expected WARNING: CPU: 1 PID: 7028 at fs/eventpoll.c:1136 ep_poll_callback+0xb54/0x1410 fs/eventpoll.c:1136 Kernel panic - not syncing: panic_on_warn set ... CPU: 1 PID: 7028 Comm: syz-executor4 Not tainted 5.0.0-rc1+ #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1 04/01/2014 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1d3/0x2c6 lib/dump_stack.c:113 panic+0x2ad/0x632 kernel/panic.c:214 kobject: 'loop2' (0000000006e8a216): kobject_uevent_env __warn.cold.8+0x20/0x4f kernel/panic.c:571 report_bug+0x254/0x2d0 lib/bug.c:186 fixup_bug arch/x86/kernel/traps.c:178 [inline] do_error_trap+0x11b/0x200 arch/x86/kernel/traps.c:271 do_invalid_op+0x36/0x40 arch/x86/kernel/traps.c:290 invalid_op+0x14/0x20 arch/x86/entry/entry_64.S:973 RIP: 0010:ep_poll_callback+0xb54/0x1410 fs/eventpoll.c:1136 Code: ff 44 89 e6 e8 1d ec 98 ff 45 84 e4 0f 85 34 f7 ff ff e8 3f eb 98 ff 48 c7 c7 e0 09 56 88 c6 05 4c ee 4d 08 01 e8 ec 27 62 ff <0f> 0b e9 15 f7 ff ff e8 20 eb 98 ff 48 8b bd 58 fc ff ff e8 34 0c RSP: 0018:ffff888022be7360 EFLAGS: 00010282 RAX: 0000000000000000 RBX: ffff8880775edc00 RCX: 0000000000000000 RDX: 0000000000000000 RSI: ffffffff8168b7e5 RDI: 0000000000000005 RBP: ffff888022be7730 R08: ffff88802352e000 R09: ffffed100fd43ef8 R10: ffffed100fd43ef8 R11: ffff88807ea1f7c7 R12: 0000000000000000 R13: ffff8880775edc50 R14: ffff88807db0d3c0 R15: ffff888022be7708 __wake_up_common+0x1d7/0x7d0 kernel/sched/wait.c:92 kobject: 'loop2' (0000000006e8a216): fill_kobj_path: path = '/devices/virtual/block/loop2' kobject: '0:48' (0000000098c3c538): kobject_add_internal: parent: 'bdi', set: 'devices' __wake_up_locked+0x11/0x20 kernel/sched/wait.c:154 fuse_abort_conn+0xccd/0x11e0 fs/fuse/dev.c:2212 kobject: '0:49' (0000000054052472): kobject_add_internal: parent: 'bdi', set: 'devices' kobject: '0:49' (0000000054052472): kobject_uevent_env kobject: '0:48' (0000000098c3c538): kobject_uevent_env kobject: '0:48' (0000000098c3c538): fill_kobj_path: path = '/devices/virtual/bdi/0:48' kobject: '0:49' (0000000054052472): fill_kobj_path: path = '/devices/virtual/bdi/0:49' fuse_sb_destroy+0xd3/0x1d0 fs/fuse/inode.c:1245 fuse_kill_sb_anon+0x15/0x20 fs/fuse/inode.c:1256 deactivate_locked_super+0x97/0x100 fs/super.c:330 deactivate_super+0x2bb/0x320 fs/super.c:361 cleanup_mnt+0xbf/0x160 fs/namespace.c:1096 __cleanup_mnt+0x16/0x20 fs/namespace.c:1103 task_work_run+0x1e8/0x2a0 kernel/task_work.c:113 tracehook_notify_resume include/linux/tracehook.h:188 [inline] exit_to_usermode_loop+0x318/0x380 arch/x86/entry/common.c:166 prepare_exit_to_usermode arch/x86/entry/common.c:197 [inline] syscall_return_slowpath arch/x86/entry/common.c:268 [inline] do_syscall_64+0x6be/0x820 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x4576a9 Code: 4d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 1b b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007fdb734eac88 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 RAX: 0000000000000000 RBX: 000000000071bf00 RCX: 00000000004576a9 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000040 RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00007fdb734eb6d4 R13: 00000000004adbf3 R14: 00000000006ef198 R15: 00000000ffffffff Kernel Offset: disabled Rebooting in 86400 seconds..