ci starts bisection 2025-02-07 21:22:52.471967014 +0000 UTC m=+35915.323954460 bisecting cause commit starting from 808eb958781e4ebb6e9c0962af2e856767e20f45 building syzkaller on 577d049b4ea56e459da6e49f4b92fc1981c92440 fetch other tags and check if the commit is present ensuring issue is reproducible on original commit 808eb958781e4ebb6e9c0962af2e856767e20f45 testing commit 808eb958781e4ebb6e9c0962af2e856767e20f45 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 4740bfee75f7faeaf56ec3ad5cc6b6414d33f19120140c194c81e618fdcd0b20 all runs: crashed: general protection fault in clone_private_mount representative crash: general protection fault in clone_private_mount, types: [UNKNOWN] check whether we can drop unnecessary instrumentation disabling configs for [HANG LEAK UBSAN BUG KASAN LOCKDEP ATOMIC_SLEEP], they are not needed testing commit 808eb958781e4ebb6e9c0962af2e856767e20f45 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 3f5c6ec7b76a7721cf818b82ff0627a556eb028ca1822a513feceead52bf0c6e all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in clone_private_mount representative crash: BUG: unable to handle kernel NULL pointer dereference in clone_private_mount, types: [UNKNOWN] the bug reproduces without the instrumentation disabling configs for [HANG LEAK UBSAN BUG KASAN LOCKDEP ATOMIC_SLEEP], they are not needed kconfig minimization: base=4063 full=8261 leaves diff=2115 split chunks (needed=false): <2115> split chunk #0 of len 2115 into 5 parts testing without sub-chunk 1/5 disabling configs for [HANG LEAK UBSAN BUG KASAN LOCKDEP ATOMIC_SLEEP], they are not needed testing commit 808eb958781e4ebb6e9c0962af2e856767e20f45 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: ab470c663684171cf68399ff2523761bf5bb33dc8c5f482b0b7e77c331f48882 all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in clone_private_mount representative crash: BUG: unable to handle kernel NULL pointer dereference in clone_private_mount, types: [UNKNOWN] the chunk can be dropped testing without sub-chunk 2/5 disabling configs for [HANG LEAK UBSAN BUG KASAN LOCKDEP ATOMIC_SLEEP], they are not needed testing commit 808eb958781e4ebb6e9c0962af2e856767e20f45 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 failed building 808eb958781e4ebb6e9c0962af2e856767e20f45: drivers/gpu/drm/bridge/aux-bridge.c:116: undefined reference to `devm_drm_of_get_bridge' testing without sub-chunk 3/5 disabling configs for [LOCKDEP ATOMIC_SLEEP HANG LEAK UBSAN BUG KASAN], they are not needed testing commit 808eb958781e4ebb6e9c0962af2e856767e20f45 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 080b109a91cfd6384fdcd14b1bc39192b22c6f4dbd9cb72c1f63f714b2d994a1 all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in clone_private_mount representative crash: BUG: unable to handle kernel NULL pointer dereference in clone_private_mount, types: [UNKNOWN] the chunk can be dropped testing without sub-chunk 4/5 disabling configs for [UBSAN BUG KASAN LOCKDEP ATOMIC_SLEEP HANG LEAK], they are not needed testing commit 808eb958781e4ebb6e9c0962af2e856767e20f45 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: b8a58ac4b108b018044808b147ed49826cdd1b3de18801758dbaa4cec6c363a8 all runs: OK false negative chance: 0.000 testing without sub-chunk 5/5 disabling configs for [UBSAN BUG KASAN LOCKDEP ATOMIC_SLEEP HANG LEAK], they are not needed testing commit 808eb958781e4ebb6e9c0962af2e856767e20f45 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: cba14ea093d9bbf07229f2d22e6601ded45c28dea1d50dc9b036fb72a8432f75 all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in clone_private_mount representative crash: BUG: unable to handle kernel NULL pointer dereference in clone_private_mount, types: [UNKNOWN] the chunk can be dropped minimized to 846 configs; suspects: [6LOWPAN AF_RXRPC ARCH_ENABLE_MEMORY_HOTREMOVE ASUS_WMI ATM AX25 BT BT_BREDR BT_HIDP BXT_WC_PMIC_OPREGION CFG80211 CHARGER_BQ24190 CMA COMMON_CLK DAX DLM DRM DRM_BRIDGE DRM_GUD DRM_I915 DRM_I915_CAPTURE_ERROR DRM_I915_COMPRESS_ERROR DRM_I915_USERPTR DRM_KMS_HELPER DRM_MIPI_DSI DRM_PANEL DRM_PANEL_BRIDGE DRM_PANEL_EDP DRM_PANEL_ORIENTATION_QUIRKS DRM_SIMPLEDRM DRM_TTM DRM_TTM_HELPER DRM_UDL DRM_VGEM DRM_VIRTIO_GPU DRM_VIRTIO_GPU_KMS DRM_VKMS DRM_VMWGFX DUMMY DVB_AF9013 DVB_AF9033 DVB_AS102 DVB_AS102_FE DVB_B2C2_FLEXCOP DVB_B2C2_FLEXCOP_USB DVB_CORE DVB_DIB3000MB DVB_DIB3000MC DVB_EC100 DVB_GP8PSK_FE DVB_RTL2830 DVB_RTL2832 DVB_RTL2832_SDR DVB_TEST_DRIVERS DVB_TTUSB_BUDGET DVB_TTUSB_DEC DVB_USB DVB_USB_A800 DVB_USB_AF9005 DVB_USB_AF9005_REMOTE DVB_USB_AF9015 DVB_USB_AF9035 DVB_USB_ANYSEE DVB_USB_AU6610 DVB_USB_AZ6007 DVB_USB_AZ6027 DVB_USB_CE6230 DVB_USB_CINERGY_T2 DVB_USB_CXUSB DVB_USB_CXUSB_ANALOG DVB_USB_DIB0700 DVB_USB_DIB3000MC DVB_USB_DIBUSB_MB DVB_USB_DIBUSB_MC DVB_USB_DIGITV DVB_USB_DTT200U DVB_USB_DTV5100 DVB_USB_DVBSKY DVB_USB_DW2102 DVB_USB_EC168 DVB_USB_GL861 DVB_USB_GP8PSK DVB_USB_LME2510 DVB_USB_M920X DVB_USB_MXL111SF DVB_USB_NOVA_T_USB2 DVB_USB_OPERA1 DVB_USB_PCTV452E DVB_USB_RTL28XXU DVB_USB_TECHNISAT_USB2 DVB_USB_TTUSB2 DVB_USB_UMT_010 DVB_USB_V2 DVB_USB_VP702X DVB_USB_VP7045 DVB_USB_ZD1301 DVB_VIDTV DVB_ZL10353 ECRYPT_FS ECRYPT_FS_MESSAGING EDAC EFS_FS ENCRYPTED_KEYS EQUALIZER EROFS_FS EROFS_FS_POSIX_ACL EROFS_FS_SECURITY EROFS_FS_XATTR EROFS_FS_ZIP EVM EVM_ADD_XATTRS EVM_ATTR_FSUUID EXFAT_FS EXPORTFS_BLOCK_OPS EXT3_FS EXT3_FS_POSIX_ACL EXT3_FS_SECURITY EXTCON EXTCON_INTEL_CHT_WC EXTCON_PTN5150 EXTCON_USBC_TUSB320 F2FS_CHECK_FS F2FS_FAULT_INJECTION F2FS_FS F2FS_FS_COMPRESSION F2FS_FS_LZ4 F2FS_FS_LZ4HC F2FS_FS_LZO F2FS_FS_LZORLE F2FS_FS_POSIX_ACL F2FS_FS_SECURITY F2FS_FS_XATTR F2FS_FS_ZSTD F2FS_STAT_FS FANOTIFY FANOTIFY_ACCESS_PERMISSIONS FB FB_CFB_COPYAREA FB_CFB_FILLRECT FB_CFB_IMAGEBLIT FB_CORE FB_DEFERRED_IO FB_DEVICE FB_IOMEM_FOPS FB_IOMEM_HELPERS FB_NOTIFY FB_SYSMEM_FOPS FB_SYSMEM_HELPERS FB_SYSMEM_HELPERS_DEFERRED FB_SYS_COPYAREA FB_SYS_FILLRECT FB_SYS_IMAGEBLIT FB_TILEBLITTING FB_VESA FB_VGA16 FB_VIRTUAL FDDI FIREWIRE FIREWIRE_NET FIREWIRE_OHCI FIREWIRE_SBP2 FONT_8x16 FONT_8x8 FONT_SUPPORT FRAMEBUFFER_CONSOLE FRAMEBUFFER_CONSOLE_DETECT_PRIMARY FRAMEBUFFER_CONSOLE_ROTATION FS_DAX FS_DAX_PMD FS_ENCRYPTION FS_ENCRYPTION_ALGS FS_STACK FS_VERITY FS_VERITY_BUILTIN_SIGNATURES FTL FUSE_DAX FUSE_FS FW_LOADER_COMPRESS FW_LOADER_PAGED_BUF FW_LOADER_SYSFS FW_LOADER_USER_HELPER FW_LOADER_USER_HELPER_FALLBACK GACT_PROB GARP GENDWARFKSYMS GENERIC_PHY GENEVE GET_FREE_REGION GFS2_FS GFS2_FS_LOCKING_DLM GNSS GNSS_USB GOOGLE_COREBOOT_TABLE GOOGLE_FIRMWARE GOOGLE_MEMCONSOLE GOOGLE_MEMCONSOLE_COREBOOT GOOGLE_VPD GPIOLIB GPIOLIB_IRQCHIP GPIO_ACPI GPIO_DLN2 GPIO_LJCA GPIO_VIPERBOARD GREENASIA_FF GREYBUS GREYBUS_BRIDGED_PHY GREYBUS_ES2 GREYBUS_HID GREYBUS_USB GTP GUEST_PERF_EVENTS GVE HAMRADIO HAVE_ARCH_NODE_DEV_GROUP HAVE_ARCH_USERFAULTFD_MINOR HAVE_ARCH_USERFAULTFD_WP HAVE_BOOTMEM_INFO_NODE HAVE_CLK HAVE_CLK_PREPARE HAVE_KVM_CPU_RELAX_INTERCEPT HAVE_KVM_DIRTY_RING HAVE_KVM_DIRTY_RING_ACQ_REL HAVE_KVM_DIRTY_RING_TSO HAVE_KVM_IRQCHIP HAVE_KVM_IRQ_BYPASS HAVE_KVM_IRQ_ROUTING HAVE_KVM_MSI HAVE_KVM_NO_POLL HAVE_KVM_PFNCACHE HAVE_KVM_PM_NOTIFIER HAVE_KVM_READONLY_MEM HAVE_SCHED_AVG_IRQ HDLC HDLC_CISCO HDLC_FR HDLC_PPP HDLC_RAW HDLC_RAW_ETH HDLC_X25 HDMI HFSPLUS_FS HFS_FS HID_ACCUTOUCH HID_ACRUX HID_ACRUX_FF HID_ALPS HID_APPLEIR HID_ASUS HID_AUREAL HID_BATTERY_STRENGTH HID_BETOP_FF HID_BIGBEN_FF HID_CMEDIA HID_CORSAIR HID_COUGAR HID_CP2112 HID_CREATIVE_SB0540 HID_ELAN HID_ELECOM HID_ELO HID_EMS_FF HID_EVISION HID_FT260 HID_GEMBIRD HID_GFRM HID_GLORIOUS HID_GOOGLE_STADIA_FF HID_GREENASIA HID_GT683R HID_HOLTEK HID_ICADE HID_JABRA HID_KEYTOUCH HID_KYE HID_LCPOWER HID_LED HID_LENOVO HID_LETSKETCH HID_LOGITECH_DJ HID_LOGITECH_HIDPP HID_MACALLY HID_MAGICMOUSE HID_MALTRON HID_MAYFLASH HID_MCP2200 HID_MCP2221 HID_MEGAWORLD_FF HID_MULTITOUCH HID_NTI HID_NVIDIA_SHIELD HID_ORTEK HID_PENMOUNT HID_PICOLCD HID_PICOLCD_BACKLIGHT HID_PICOLCD_CIR HID_PICOLCD_FB HID_PICOLCD_LCD HID_PICOLCD_LEDS HID_PLANTRONICS HID_PLAYSTATION HID_PRIMAX HID_PRODIKEYS HID_PXRC HID_RAZER HID_RETRODE HID_RMI HID_ROCCAT HID_SAITEK HID_SEMITEK HID_SENSOR_ACCEL_3D HID_SENSOR_ALS HID_SENSOR_CUSTOM_INTEL_HINGE HID_SENSOR_CUSTOM_SENSOR HID_SENSOR_DEVICE_ROTATION HID_SENSOR_GYRO_3D HID_SENSOR_HUB HID_SENSOR_HUMIDITY HID_SENSOR_IIO_COMMON HID_SENSOR_IIO_TRIGGER HID_SENSOR_INCLINOMETER_3D HID_SENSOR_MAGNETOMETER_3D HID_SENSOR_PRESS HID_SENSOR_PROX HID_SENSOR_TEMP HID_SIGMAMICRO HID_SMARTJOYPLUS HID_SPEEDLINK HID_STEAM HID_STEELSERIES HID_THINGM HID_THRUSTMASTER HID_TIVO HID_TOPRE HID_TWINHAN HID_U2FZERO HID_UCLOGIC HID_UDRAW_PS3 HID_VIEWSONIC HID_VIVALDI HID_VIVALDI_COMMON HID_VRC2 HID_WACOM HID_WALTOP HID_WIIMOTE HID_XIAOMI HID_XINMO HID_ZYDACRON HMM_MIRROR HOLTEK_FF HOTPLUG_PCI_PCIE HPET_MMAP HPET_MMAP_DEFAULT HPFS_FS I2C_ALGOBIT I2C_CHARDEV I2C_CP2615 I2C_DESIGNWARE_CORE I2C_DESIGNWARE_PLATFORM I2C_DIOLAN_U2C I2C_DLN2 I2C_HID_ACPI I2C_HID_CORE I2C_HID_OF I2C_LJCA I2C_MUX I2C_MUX_REG I2C_ROBOTFUZZ_OSIF I2C_SI4713 I2C_SLAVE I2C_SLAVE_EEPROM I2C_TINY_USB I2C_VIPERBOARD IEEE802154 IEEE802154_6LOWPAN IEEE802154_ATUSB IEEE802154_DRIVERS IEEE802154_HWSIM IEEE802154_NL802154_EXPERIMENTAL IEEE802154_SOCKET IFB IIO IIO_BUFFER IIO_KFIFO_BUF IIO_TRIGGER IIO_TRIGGERED_BUFFER IKCONFIG IKCONFIG_PROC IMA IMA_APPRAISE IMA_APPRAISE_MODSIG IMA_DEFAULT_HASH_SHA256 IMA_LSM_RULES IMA_MEASURE_ASYMMETRIC_KEYS IMA_NG_TEMPLATE IMA_QUEUE_EARLY_BOOT_KEYS IMA_READ_POLICY IMA_WRITE_POLICY INET6_ESPINTCP INET6_ESP_OFFLOAD INET6_IPCOMP INET6_TUNNEL INET6_XFRM_TUNNEL INET_AH INET_DCCP_DIAG INET_DIAG INET_DIAG_DESTROY INET_ESP INET_ESPINTCP INET_ESP_OFFLOAD INET_IPCOMP INET_MPTCP_DIAG INET_RAW_DIAG INET_SCTP_DIAG INET_TCP_DIAG INET_UDP_DIAG INET_XFRM_TUNNEL INFINIBAND INFINIBAND_ADDR_TRANS INFINIBAND_ADDR_TRANS_CONFIGFS INFINIBAND_IPOIB INFINIBAND_IPOIB_CM INFINIBAND_IPOIB_DEBUG INFINIBAND_ISER INFINIBAND_ON_DEMAND_PAGING INFINIBAND_RTRS INFINIBAND_SRP INFINIBAND_USER_ACCESS INFINIBAND_USER_MAD INFINIBAND_USER_MEM INFINIBAND_VIRT_DMA INPUT_ATI_REMOTE2 INPUT_CM109 INPUT_IMS_PCU INPUT_JOYDEV INPUT_KEYSPAN_REMOTE INPUT_LEDS INPUT_MOUSEDEV INPUT_MOUSEDEV_PSAUX INPUT_POWERMATE INPUT_TABLET INPUT_TOUCHSCREEN INPUT_UINPUT INPUT_YEALINK INTEGRITY INTEGRITY_ASYMMETRIC_KEYS INTEGRITY_AUDIT INTEGRITY_SIGNATURE INTEGRITY_TRUSTED_KEYRING INTEL_CHTWC_INT33FE INTEL_IDMA64 INTEL_IOATDMA INTEL_IOMMU_DEFAULT_ON INTEL_IOMMU_SVM INTEL_ISHTP_ECLITE INTEL_ISH_FIRMWARE_DOWNLOADER INTEL_ISH_HID INTEL_SCU_IPC INTEL_SOC_PMIC_BXTWC INTEL_SOC_PMIC_CHTWC INTERVAL_TREE_SPAN_ITER IOMMUFD IOMMUFD_DRIVER IOMMUFD_DRIVER_CORE IOMMUFD_TEST IP6_NF_MATCH_AH IP6_NF_MATCH_EUI64 IP6_NF_MATCH_FRAG IP6_NF_MATCH_HL IP6_NF_MATCH_MH IP6_NF_MATCH_OPTS IP6_NF_MATCH_RPFILTER IP6_NF_MATCH_RT IP6_NF_MATCH_SRH IP6_NF_NAT IP6_NF_RAW IP6_NF_SECURITY IP6_NF_TARGET_HL IP6_NF_TARGET_MASQUERADE IP6_NF_TARGET_NPT IP6_NF_TARGET_SYNPROXY IPV6_FOU IPV6_FOU_TUNNEL IPV6_GRE IPV6_ILA IPV6_MIP6 IPV6_MROUTE IPV6_MROUTE_MULTIPLE_TABLES IPV6_MULTIPLE_TABLES IPV6_OPTIMISTIC_DAD IPV6_PIMSM_V2 IPV6_ROUTER_PREF IPV6_ROUTE_INFO IPV6_RPL_LWTUNNEL IPV6_SEG6_BPF IPV6_SEG6_HMAC IPV6_SEG6_LWTUNNEL IPV6_SIT_6RD IPV6_SUBTREES IPV6_TUNNEL IPV6_VTI IPVLAN IPVLAN_L3S IPVTAP IP_DCCP IP_DCCP_CCID3 IP_DCCP_TFRC_LIB IP_FIB_TRIE_STATS IP_MROUTE_MULTIPLE_TABLES IP_NF_ARPFILTER IP_NF_ARPTABLES IP_NF_ARP_MANGLE IP_NF_MATCH_AH IP_NF_MATCH_ECN IP_NF_MATCH_RPFILTER IP_NF_MATCH_TTL IP_NF_RAW IP_NF_SECURITY IP_NF_TARGET_ECN IP_NF_TARGET_NETMAP IP_NF_TARGET_REDIRECT IP_NF_TARGET_SYNPROXY IP_NF_TARGET_TTL IP_ROUTE_CLASSID IP_SCTP IP_SET IP_SET_BITMAP_IP IP_SET_BITMAP_IPMAC IP_SET_BITMAP_PORT IP_SET_HASH_IP IP_SET_HASH_IPMAC IP_SET_HASH_IPMARK IP_SET_HASH_IPPORT IP_SET_HASH_IPPORTIP IP_SET_HASH_IPPORTNET IP_SET_HASH_MAC IP_SET_HASH_NET IP_SET_HASH_NETIFACE IP_SET_HASH_NETNET IP_SET_HASH_NETPORT IP_SET_HASH_NETPORTNET IP_SET_LIST_SET IP_VS IP_VS_DH IRQ_TIME_ACCOUNTING L2TP LAPB LCD_CLASS_DEVICE LEDS_CLASS_MULTICOLOR LIBNVDIMM MAC80211 MAC802154 MEDIA_COMMON_OPTIONS MEDIA_DIGITAL_TV_SUPPORT MEDIA_PLATFORM_SUPPORT MEDIA_RADIO_SUPPORT MEDIA_SDR_SUPPORT MEDIA_SUPPORT MEDIA_TEST_SUPPORT MEDIA_USB_SUPPORT MEMORY_HOTPLUG MEMORY_HOTREMOVE MFD_DLN2 MFD_INTEL_PMC_BXT MFD_MT6360 MFD_MT6370 MFD_RETU MFD_VIPERBOARD MMC MODVERSIONS MPTCP MTD MTD_UBI NETFILTER_ADVANCED NETFILTER_CONNCOUNT NET_ACT_GACT NET_ACT_MIRRED NET_IPGRE NET_IPGRE_DEMUX NFS_V4_1 NFT_COMPAT NFT_COMPAT_ARP NFT_FWD_NETDEV NF_TABLES NF_TABLES_ARP NF_TABLES_NETDEV NLS_CODEPAGE_1250 NLS_CODEPAGE_1251 NLS_CODEPAGE_737 NLS_CODEPAGE_775 NLS_CODEPAGE_850 NLS_CODEPAGE_852 NLS_CODEPAGE_855 NLS_CODEPAGE_857 NLS_CODEPAGE_860 NLS_CODEPAGE_861 NLS_CODEPAGE_862 NLS_CODEPAGE_863 NLS_CODEPAGE_864 NLS_CODEPAGE_865 NLS_CODEPAGE_866 NLS_CODEPAGE_869 NLS_CODEPAGE_874 NLS_CODEPAGE_932 NLS_CODEPAGE_936 NLS_CODEPAGE_949 NLS_CODEPAGE_950 NLS_ISO8859_13 NLS_ISO8859_14 NLS_ISO8859_15 NLS_ISO8859_2 NLS_ISO8859_3 NLS_ISO8859_4 NLS_ISO8859_5 NLS_ISO8859_6 NLS_ISO8859_7 NLS_ISO8859_8 NLS_ISO8859_9 NLS_KOI8_R NLS_KOI8_U NLS_MAC_CELTIC NLS_MAC_CENTEURO NLS_MAC_CROATIAN NLS_MAC_CYRILLIC NLS_MAC_GAELIC NLS_MAC_GREEK NLS_MAC_ICELAND NLS_MAC_INUIT NLS_MAC_ROMAN NLS_MAC_ROMANIAN NLS_MAC_TURKISH NLS_UCS2_UTILS NOZOMI NTFS3_FS NTFS3_FS_POSIX_ACL NTFS3_LZX_XPRESS NULL_TTY NUMA_BALANCING NUMA_BALANCING_DEFAULT_ENABLED NUMA_EMU NUMA_KEEP_MEMINFO NVDIMM_DAX NVDIMM_KEYS NVDIMM_PFN NVIDIA_SHIELD_FF NVME_CORE NVME_FABRICS NVME_FC NVME_MULTIPATH NVME_RDMA NVME_TARGET NVME_TARGET_FC NVME_TARGET_FCLOOP NVME_TARGET_LOOP NVME_TARGET_RDMA NVME_TARGET_TCP NVME_TCP N_GSM N_HDLC OCFS2_DEBUG_FS OCFS2_FS OCFS2_FS_O2CB OCFS2_FS_STATS OCFS2_FS_USERSPACE_CLUSTER OF_GPIO OF_PMEM OMFS_FS OPENVSWITCH OPENVSWITCH_GENEVE OPENVSWITCH_GRE OPENVSWITCH_VXLAN ORANGEFS_FS OSF_PARTITION OVERLAY_FS OVERLAY_FS_DEBUG OVERLAY_FS_INDEX OVERLAY_FS_REDIRECT_ALWAYS_FOLLOW OVERLAY_FS_REDIRECT_DIR PACKET_DIAG PAGE_IDLE_FLAG PAGE_REPORTING PAHOLE_HAS_BTF_TAG PAHOLE_HAS_LANG_EXCLUDE PAHOLE_HAS_SPLIT_BTF PARPORT PARPORT_NOT_PC PARTITION_ADVANCED PCCARD PCCARD_NONSTATIC PCIEAER PCI_ENDPOINT PCI_IOV PCMCIA PCMCIA_LOAD_CIS PERCPU_STATS PERSISTENT_KEYRINGS PHONET PHYLINK PHY_CPCAP_USB PHY_QCOM_USB_HS PHY_QCOM_USB_HSIC PHY_SAMSUNG_USB2 PHY_TUSB1210 PKCS7_TEST_KEY PKCS8_PRIVATE_KEY_PARSER PLAYSTATION_FF PLFXLC PMIC_OPREGION PM_CLK PNFS_BLOCK PNFS_FILE_LAYOUT PNFS_FLEXFILE_LAYOUT PPP PPPOATM PPPOE PPPOE_HASH_BITS_1 PPPOL2TP PPP_ASYNC PPP_BSDCOMP PPP_DEFLATE PPP_FILTER PPP_MPPE PPP_MULTILINK PPP_SYNC_TTY PPTP PREEMPT PREEMPT_NOTIFIERS PROC_CHILDREN PSAMPLE PSI PSTORE PSTORE_COMPRESS QCOM_QMI_HELPERS QNX4FS_FS QNX6FS_FS QRTR QRTR_TUN RADIO_ADAPTERS RADIO_SHARK RADIO_SHARK2 RADIO_SI4713 RADIO_TEA575X RAID6_PQ RAID_ATTRS RAS RC_ATI_REMOTE RC_CORE RC_DEVICES RC_XBOX_DVD RDMA_RXE RDMA_SIW RDS RDS_RDMA RDS_TCP READ_ONLY_THP_FOR_FS REALTEK_AUTOPM REED_SOLOMON REED_SOLOMON_DEC8 REGMAP REGMAP_I2C REGMAP_IRQ REGMAP_MMIO REGMAP_SPI REGULATOR REGULATOR_FIXED_VOLTAGE REGULATOR_TWL4030 RESET_CONTROLLER RFKILL RFKILL_INPUT RFKILL_LEDS RMI4_2D_SENSOR RMI4_CORE RMI4_F03 RMI4_F03_SERIO RMI4_F11 RMI4_F12 RMI4_F30 RMI4_F3A ROMFS_BACKED_BY_BOTH ROMFS_FS ROMFS_ON_BLOCK ROMFS_ON_MTD ROSE RTC_DRV_HID_SENSOR_TIME RXKAD SCHED_CORE SCREEN_INFO SCSI_FC_ATTRS SCSI_HPSA SCSI_ISCSI_ATTRS SCSI_LOGGING SCSI_NETLINK SCSI_SAS_ATA SCSI_SAS_ATTRS SCSI_SAS_LIBSAS SCSI_SCAN_ASYNC SCSI_SRP_ATTRS SCTP_COOKIE_HMAC_MD5 SCTP_COOKIE_HMAC_SHA1 SCTP_DEFAULT_COOKIE_HMAC_MD5 SECONDARY_TRUSTED_KEYRING SECURITY_INFINIBAND SECURITY_NETWORK_XFRM SENSORS_AQUACOMPUTER_D5NEXT SENSORS_CORSAIR_CPRO SENSORS_CORSAIR_PSU SENSORS_GIGABYTE_WATERFORCE SENSORS_NZXT_KRAKEN2 SENSORS_NZXT_SMART2 SENSORS_POWERZ SERIAL_DEV_BUS SERIAL_DEV_CTRL_TTYPORT SERIAL_MCTRL_GPIO SGI_PARTITION SIGNATURE SIGNED_PE_FILE_VERIFICATION SKB_DECRYPTED SLHC SLIP SLIP_COMPRESSED SLIP_MODE_SLIP6 SLIP_SMART SMARTJOYPLUS_FF SMBFS SMB_SERVER SMC SMC_DIAG SMSC_PHY SMS_SDIO_DRV SMS_SIANO_DEBUGFS SMS_SIANO_MDTV SMS_SIANO_RC SMS_USB_DRV SND SND_ALOOP SND_BCD2000 SND_CTL_FAST_LOOKUP SND_CTL_LED SND_DEBUG SND_DMA_SGBUF SND_DRIVERS SND_DUMMY SND_DYNAMIC_MINORS SND_HDA SND_HDA_CODEC_ANALOG SND_HDA_CODEC_CA0110 SND_HDA_CODEC_CA0132 SND_HDA_CODEC_CIRRUS SND_HDA_CODEC_CMEDIA SND_HDA_CODEC_CONEXANT SND_HDA_CODEC_HDMI SND_HDA_CODEC_REALTEK SND_HDA_CODEC_SI3054 SND_HDA_CODEC_SIGMATEL SND_HDA_CODEC_VIA SND_HDA_COMPONENT SND_HDA_CORE SND_HDA_GENERIC SND_HDA_GENERIC_LEDS SND_HDA_HWDEP SND_HDA_I915 SND_HDA_INPUT_BEEP SND_HDA_INTEL SND_HDA_PATCH_LOADER SND_HDA_RECONFIG SND_HDA_SCODEC_COMPONENT SND_HRTIMER SND_HWDEP SND_INTEL_DSP_CONFIG SND_INTEL_NHLT SND_INTEL_SOUNDWIRE_ACPI SND_JACK SND_JACK_INPUT_DEV SND_MIXER_OSS SND_OSSEMUL SND_PCI SND_PCM SND_PCMCIA SND_PCM_ELD SND_PCM_OSS SND_PCM_OSS_PLUGINS SND_PCM_TIMER SND_PCM_XRUN_DEBUG SND_PROC_FS SND_RAWMIDI SND_SEQUENCER SND_SEQUENCER_OSS SND_SEQ_DEVICE SND_SEQ_DUMMY SND_SEQ_HRTIMER_DEFAULT SND_SEQ_MIDI SND_SEQ_MIDI_EVENT SND_SEQ_VIRMIDI SND_SOC SND_SOC_I2C_AND_SPI SND_SOC_SDCA_OPTIONAL SND_SUPPORT_OLD_API SND_TIMER SND_UMP SND_UMP_LEGACY_RAWMIDI SND_USB SND_USB_6FIRE SND_USB_AUDIO SND_USB_AUDIO_MIDI_V2 SND_USB_AUDIO_USE_MEDIA_CONTROLLER SND_USB_CAIAQ SND_USB_CAIAQ_INPUT SND_USB_HIFACE SND_USB_LINE6 SND_USB_POD SND_USB_PODHD SND_USB_TONEPORT SND_USB_UA101 SND_USB_US122L SND_USB_USX2Y SND_USB_VARIAX SND_VERBOSE_PROCFS SND_VIRMIDI SND_VIRTIO SND_VMASTER SND_X86 SOCK_VALIDATE_XMIT SOLARIS_X86_PARTITION SONY_FF SOUND SOUNDWIRE SOUND_OSS_CORE SOUND_OSS_CORE_PRECLAIM SPI SPI_DLN2 SPI_DYNAMIC SPI_LJCA SPI_MASTER SQUASHFS SQUASHFS_4K_DEVBLK_SIZE SQUASHFS_COMPILE_DECOMP_MULTI SQUASHFS_DECOMP_MULTI SQUASHFS_FILE_DIRECT SQUASHFS_LZ4 SQUASHFS_LZO SQUASHFS_XATTR SQUASHFS_XZ SQUASHFS_ZLIB SQUASHFS_ZSTD SSB SSB_PCIHOST_POSSIBLE SSB_PCMCIAHOST_POSSIBLE SSB_SDIOHOST_POSSIBLE STAGING STEAM_FF STP STREAM_PARSER SUNRPC_BACKCHANNEL SUN_PARTITION SW_SYNC SYSFB SYSV68_PARTITION SYSV_FS TABLET_USB_ACECAD TABLET_USB_AIPTEK TABLET_USB_HANWANG TABLET_USB_KBTAB TABLET_USB_PEGASUS TAHVO_USB TAHVO_USB_HOST_BY_DEFAULT TCG_CRB TCG_TIS TCG_TIS_CORE TCG_TPM TCP_CONG_BBR TCP_CONG_BIC TCP_CONG_CDG TCP_CONG_DCTCP TCP_CONG_HSTCP TCP_CONG_HTCP TCP_CONG_HYBLA TCP_CONG_ILLINOIS TCP_CONG_LP TCP_CONG_NV TCP_CONG_SCALABLE TCP_CONG_VEGAS TCP_CONG_VENO TCP_CONG_WESTWOOD TCP_CONG_YEAH TEE TEXTSEARCH TEXTSEARCH_BM TEXTSEARCH_FSM TEXTSEARCH_KMP THP_SWAP THRUSTMASTER_FF TIPC TIPC_CRYPTO TIPC_DIAG TIPC_MEDIA_IB TIPC_MEDIA_UDP TLS TLS_TOE TMPFS_QUOTA TOUCHSCREEN_SUR40 TOUCHSCREEN_USB_3M TOUCHSCREEN_USB_COMPOSITE TOUCHSCREEN_USB_DMC_TSC10 TOUCHSCREEN_USB_E2I TOUCHSCREEN_USB_EASYTOUCH TOUCHSCREEN_USB_EGALAX TOUCHSCREEN_USB_ELO TOUCHSCREEN_USB_ETT_TC45USB TOUCHSCREEN_USB_ETURBO TOUCHSCREEN_USB_GENERAL_TOUCH TOUCHSCREEN_USB_GOTOP TOUCHSCREEN_USB_GUNZE TOUCHSCREEN_USB_IDEALTEK TOUCHSCREEN_USB_IRTOUCH TOUCHSCREEN_USB_ITM TOUCHSCREEN_USB_JASTEC TOUCHSCREEN_USB_NEXIO TOUCHSCREEN_USB_PANJIT TOUCHSCREEN_USB_ZYTRONIC TRANSPARENT_HUGEPAGE TRANSPARENT_HUGEPAGE_MADVISE TTPCI_EEPROM TTY_PRINTK TUN_VNET_CROSS_LE TWL4030_CORE TYPEC TYPEC_ANX7411 TYPEC_DP_ALTMODE TYPEC_FUSB302 TYPEC_HD3SS3220 TYPEC_MT6360 TYPEC_MUX_FSA4480 TYPEC_MUX_GPIO_SBU TYPEC_MUX_INTEL_PMC TYPEC_MUX_NB7VPQ904M TYPEC_MUX_PI3USB30532 TYPEC_MUX_PTN36502 TYPEC_MUX_WCD939X_USBSS TYPEC_NVIDIA_ALTMODE TYPEC_RT1711H TYPEC_RT1719 TYPEC_STUSB160X TYPEC_TCPCI TYPEC_TCPCI_MAXIM TYPEC_TCPCI_MT6370 TYPEC_TCPM TYPEC_TPS6598X TYPEC_UCSI TYPEC_WCOVE TYPEC_WUSB3801 UBIFS_ATIME_SUPPORT UBIFS_FS UBIFS_FS_ADVANCED_COMPR UBIFS_FS_LZO UBIFS_FS_SECURITY UBIFS_FS_XATTR UBIFS_FS_ZLIB UBIFS_FS_ZSTD UCSI_ACPI UCSI_CCG UCSI_STM32G0 UDF_FS UDMABUF UFS_FS UFS_FS_WRITE UHID ULTRIX_PARTITION UNICODE UNIXWARE_DISKLABEL UNIX_DIAG USB4 USB4_NET USBIP_CORE USBIP_HOST USBIP_VHCI_HCD USBIP_VUDC USBPCWATCHDOG USB_ACM USB_ADUTUX USB_AIRSPY USB_ALI_M5632 USB_AN2720 USB_APPLEDISPLAY USB_ARMLINUX USB_BDC_UDC USB_BELKIN USB_C67X00_HCD USB_CATC USB_CDC_PHONET USB_CDNS2_UDC USB_CDNS3 USB_CDNS3_GADGET USB_CDNS_SUPPORT USB_DWC2 USB_GADGET USB_LJCA USB_MUSB_HDRC USB_NET_CDC_SUBSET USB_ROLES_INTEL_XHCI USB_ROLE_SWITCH USB_STORAGE_REALTEK USB_ULPI_BUS USB_USBNET VIDEO_DEV VIRTIO_FS VXLAN WAN WIRELESS WLAN WLAN_VENDOR_PURELIFI ZONE_DEVICE] disabling configs for [HANG LEAK UBSAN BUG KASAN LOCKDEP ATOMIC_SLEEP], they are not needed picked [v6.13 v6.12 v6.11 v6.9 v6.7 v6.5 v6.3 v6.1 v5.18 v5.15 v5.12 v5.9 v5.6 v5.3 v5.0 v4.19] out of 36 release tags testing release v6.13 testing commit ffd294d346d185b70e28b1a28abe367bbfe53c04 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 405e0702ddffd286b7c9b5d7ff15972fccb4ba1f6cd2bff294124c662b9f6a59 all runs: OK false negative chance: 0.000 # git bisect start 808eb958781e4ebb6e9c0962af2e856767e20f45 ffd294d346d185b70e28b1a28abe367bbfe53c04 Bisecting: 6004 revisions left to test after this (roughly 13 steps) [454cb97726fe62a04b187a0d631ec0a69f6b713a] Merge tag 'v6.14-p1' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 testing commit 454cb97726fe62a04b187a0d631ec0a69f6b713a gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: ce93004dd8c05f0d2866a01291c23d9ed34d68cb5a4168ca097079a27a1d8714 all runs: OK false negative chance: 0.000 # git bisect good 454cb97726fe62a04b187a0d631ec0a69f6b713a Bisecting: 2923 revisions left to test after this (roughly 12 steps) [13845bdc869f136f92ad3d40ea09b867bb4ce467] Merge tag 'char-misc-6.14-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc testing commit 13845bdc869f136f92ad3d40ea09b867bb4ce467 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 1518a829951b1804138d2cfe0b1523a576f1a8c0ca61ea1f442f3c6a3ac2113b all runs: OK false negative chance: 0.000 # git bisect good 13845bdc869f136f92ad3d40ea09b867bb4ce467 Bisecting: 1437 revisions left to test after this (roughly 11 steps) [5047e3555477ca0723f3e6e6afca1218eb9e9344] Merge branch 'mm-everything' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm testing commit 5047e3555477ca0723f3e6e6afca1218eb9e9344 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: bc2795154c86c3c814957c5b6365b6ff64e408dd91bc269623364422e657d9eb all runs: OK false negative chance: 0.000 # git bisect good 5047e3555477ca0723f3e6e6afca1218eb9e9344 Bisecting: 794 revisions left to test after this (roughly 10 steps) [d1f3ee77dca0ec13753f6fc3974247e837a3594f] Merge branch 'drm-next' of https://gitlab.freedesktop.org/agd5f/linux testing commit d1f3ee77dca0ec13753f6fc3974247e837a3594f gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 9edc6b4f4ff918711184f062534796b1de0e191cc25091a7847fdb64c049db03 all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in clone_private_mount representative crash: BUG: unable to handle kernel NULL pointer dereference in clone_private_mount, types: [UNKNOWN] # git bisect bad d1f3ee77dca0ec13753f6fc3974247e837a3594f Bisecting: 305 revisions left to test after this (roughly 8 steps) [5edca7724e10593e7c3bcf558553e514773dac41] Merge branch 'fs-next' of linux-next testing commit 5edca7724e10593e7c3bcf558553e514773dac41 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 92c8c0e6384fc624582813aca439b89c523b736fbc4a23693dc7878bb1e6be18 all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in clone_private_mount representative crash: BUG: unable to handle kernel NULL pointer dereference in clone_private_mount, types: [UNKNOWN] # git bisect bad 5edca7724e10593e7c3bcf558553e514773dac41 Bisecting: 168 revisions left to test after this (roughly 7 steps) [a4f420e9169ee3d6077c497ed91be9e0e1847122] Merge branch 'for-next' of git://github.com/Xilinx/linux-xlnx.git testing commit a4f420e9169ee3d6077c497ed91be9e0e1847122 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 460cbda2dd2a5a6baa034155475cf0e9a139539e858cd65075f3b2da6df22326 all runs: OK false negative chance: 0.000 # git bisect good a4f420e9169ee3d6077c497ed91be9e0e1847122 Bisecting: 83 revisions left to test after this (roughly 6 steps) [a79566841c3b254d7e2b19c8bcbb8df38c3c8241] Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/fuse.git testing commit a79566841c3b254d7e2b19c8bcbb8df38c3c8241 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 3ea6f88a9150f3577a935f68748f2c7c44569773d9afe9ead092f51f6593e4af all runs: OK false negative chance: 0.000 # git bisect good a79566841c3b254d7e2b19c8bcbb8df38c3c8241 Bisecting: 33 revisions left to test after this (roughly 5 steps) [9eb9e52ae41e5d97e363126531a1128fe9fab7f5] Merge branch 'vfs.all' of git://git.kernel.org/pub/scm/linux/kernel/git/vfs/vfs.git testing commit 9eb9e52ae41e5d97e363126531a1128fe9fab7f5 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 929b3caa3efee138d0a3dcb3dd183f2e8e1d599bcd262df14053799133462726 all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in clone_private_mount representative crash: BUG: unable to handle kernel NULL pointer dereference in clone_private_mount, types: [UNKNOWN] # git bisect bad 9eb9e52ae41e5d97e363126531a1128fe9fab7f5 Bisecting: 22 revisions left to test after this (roughly 5 steps) [4c14820df511559f7ac111a8550496824b791538] Merge branch 'vfs-6.15.mount' into vfs.all testing commit 4c14820df511559f7ac111a8550496824b791538 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: b10782e4917863b08ae9c16738d24de27413bfd8d740adf6daeac9f3f8b1170c all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in clone_private_mount representative crash: BUG: unable to handle kernel NULL pointer dereference in clone_private_mount, types: [UNKNOWN] # git bisect bad 4c14820df511559f7ac111a8550496824b791538 Bisecting: 13 revisions left to test after this (roughly 4 steps) [6c8ecfbecdaaffe80e84d22c88dfaf4f3ba289bd] Merge patch series "statmount: allow to retrieve idmappings" testing commit 6c8ecfbecdaaffe80e84d22c88dfaf4f3ba289bd gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: cfbfe539130efe2850a4ec7d0105564aa9b60e37cc24e1ea44bee92656914cc6 all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in clone_private_mount representative crash: BUG: unable to handle kernel NULL pointer dereference in clone_private_mount, types: [UNKNOWN] # git bisect bad 6c8ecfbecdaaffe80e84d22c88dfaf4f3ba289bd Bisecting: 5 revisions left to test after this (roughly 3 steps) [7a72a2d471921b82d29edc6e071fefd53061334c] Merge patch series "fs: allow detached mounts in clone_private_mount()" testing commit 7a72a2d471921b82d29edc6e071fefd53061334c gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 00f81e87d728d2683a06164b0dcae75d9d7af23804a4879d2216e5dbf640656c all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in clone_private_mount representative crash: BUG: unable to handle kernel NULL pointer dereference in clone_private_mount, types: [UNKNOWN] # git bisect bad 7a72a2d471921b82d29edc6e071fefd53061334c Bisecting: 3 revisions left to test after this (roughly 2 steps) [bf630c40164162ba1d3933c2f5e3397d083e0948] vfs: add notifications for mount attach and detach testing commit bf630c40164162ba1d3933c2f5e3397d083e0948 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 363e71482c0a93251ec4779d364970e81168b1fa0b2afc9f756ebd3f53598300 all runs: OK false negative chance: 0.000 # git bisect good bf630c40164162ba1d3933c2f5e3397d083e0948 Bisecting: 1 revision left to test after this (roughly 1 step) [ae63304102ecd597130ecea27395739a6a6371b7] fs: allow detached mounts in clone_private_mount() testing commit ae63304102ecd597130ecea27395739a6a6371b7 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 71738bce7b69bffccfdf439aaadd0f9e13ce69fef30fcd7f2a91c5801a3145d9 all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in clone_private_mount representative crash: BUG: unable to handle kernel NULL pointer dereference in clone_private_mount, types: [UNKNOWN] # git bisect bad ae63304102ecd597130ecea27395739a6a6371b7 Bisecting: 0 revisions left to test after this (roughly 0 steps) [2cc0b7fd4bb0cd7f98fe75758e4c619f74873bd9] Merge patch series "mount notification" testing commit 2cc0b7fd4bb0cd7f98fe75758e4c619f74873bd9 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 23f11fa326e873bf5077831f05b5495f1791750eb9706b08199de64fc1887994 all runs: OK false negative chance: 0.000 # git bisect good 2cc0b7fd4bb0cd7f98fe75758e4c619f74873bd9 ae63304102ecd597130ecea27395739a6a6371b7 is the first bad commit commit ae63304102ecd597130ecea27395739a6a6371b7 Author: Christian Brauner Date: Thu Jan 23 20:19:48 2025 +0100 fs: allow detached mounts in clone_private_mount() In container workloads idmapped mounts are often used as layers for overlayfs. Recently I added the ability to specify layers in overlayfs as file descriptors instead of path names. It should be possible to simply use the detached mounts directly when specifying layers instead of having to attach them beforehand. They are discarded after overlayfs is mounted anyway so it's pointless system calls for userspace and pointless locking for the kernel. This just recently come up again in [1]. So enable clone_private_mount() to use detached mounts directly. Following conditions must be met: - Provided path must be the root of a detached mount tree. - Provided path may not create mount namespace loops. - Provided path must be mounted. It would be possible to be stricter and require that the caller must have CAP_SYS_ADMIN in the owning user namespace of the anonymous mount namespace but since this restriction isn't enforced for move_mount() there's no point in enforcing it for clone_private_mount(). Link: https://lore.kernel.org/r/fd8f6574-f737-4743-b220-79c815ee1554@mbaynton.com [1] Link: https://lore.kernel.org/r/20250123-avancieren-erfreuen-3d61f6588fdd@brauner Tested-by: Mike Baynton Signed-off-by: Christian Brauner fs/namespace.c | 78 ++++++++++++++++++++++++++++++++-------------------------- 1 file changed, 43 insertions(+), 35 deletions(-) accumulated error probability: 0.00 culprit signature: 71738bce7b69bffccfdf439aaadd0f9e13ce69fef30fcd7f2a91c5801a3145d9 parent signature: 23f11fa326e873bf5077831f05b5495f1791750eb9706b08199de64fc1887994 revisions tested: 21, total time: 10h1m23.255987037s (build: 7h42m5.725952277s, test: 2h1m35.116000132s) first bad commit: ae63304102ecd597130ecea27395739a6a6371b7 fs: allow detached mounts in clone_private_mount() recipients (to): ["brauner@kernel.org" "linux-kernel@vger.kernel.org" "mike@mbaynton.com"] recipients (cc): ["brauner@kernel.org" "jack@suse.cz" "linux-fsdevel@vger.kernel.org" "viro@zeniv.linux.org.uk"] crash: BUG: unable to handle kernel NULL pointer dereference in clone_private_mount BUG: kernel NULL pointer dereference, address: 0000000000000048 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 8000000106f1d067 P4D 8000000106f1d067 PUD 0 Oops: Oops: 0000 [#1] PREEMPT SMP PTI CPU: 1 UID: 0 PID: 4272 Comm: syz.3.16 Not tainted 6.14.0-rc1-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 RIP: 0010:is_anon_ns fs/mount.h:159 [inline] RIP: 0010:clone_private_mount+0xa2/0x110 fs/namespace.c:2420 Code: c3 40 48 39 dd 75 0b eb 49 48 8b 6d 00 48 39 dd 74 3b 48 8b 7d a8 4c 89 ee e8 ca 26 ff ff 84 c0 74 e7 f6 45 c2 80 74 e1 eb 52 <48> 83 78 48 00 75 4b 4c 89 ff e8 6f 00 00 00 84 c0 74 3f 49 8b 04 RSP: 0018:ffffc900038bfcb0 EFLAGS: 00010246 RAX: 0000000000000000 RBX: ffff88811771e020 RCX: 0000000000000001 RDX: 0000000000000001 RSI: ffffffff83c1bc77 RDI: 00000000ffffffff RBP: 0000000008000020 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: ffff8881022c5788 R13: ffff88810a084020 R14: ffffffffffffffea R15: ffff88811771e000 FS: 00007fa2ca85c6c0(0000) GS:ffff88813bb00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000048 CR3: 000000011036c000 CR4: 00000000003506f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: ovl_get_layers fs/overlayfs/super.c:1061 [inline] ovl_get_lowerstack+0x4be/0x830 fs/overlayfs/super.c:1156 ovl_fill_super+0x202/0x440 fs/overlayfs/super.c:1404 vfs_get_super fs/super.c:1280 [inline] get_tree_nodev+0x55/0x90 fs/super.c:1299 vfs_get_tree+0x24/0xb0 fs/super.c:1814 do_new_mount+0x15a/0x3a0 fs/namespace.c:3651 do_mount fs/namespace.c:3991 [inline] __do_sys_mount fs/namespace.c:4202 [inline] __se_sys_mount+0x148/0x1b0 fs/namespace.c:4179 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0x8d/0x170 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7fa2c998cde9 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007fa2ca85c038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 RAX: ffffffffffffffda RBX: 00007fa2c9ba5fa0 RCX: 00007fa2c998cde9 RDX: 0000200000000180 RSI: 0000200000000140 RDI: 0000000000000000 RBP: 00007fa2c9a0e2a0 R08: 00002000000001c0 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 0000000000000000 R14: 00007fa2c9ba5fa0 R15: 00007ffd597f3a88 Modules linked in: CR2: 0000000000000048 ---[ end trace 0000000000000000 ]--- RIP: 0010:is_anon_ns fs/mount.h:159 [inline] RIP: 0010:clone_private_mount+0xa2/0x110 fs/namespace.c:2420 Code: c3 40 48 39 dd 75 0b eb 49 48 8b 6d 00 48 39 dd 74 3b 48 8b 7d a8 4c 89 ee e8 ca 26 ff ff 84 c0 74 e7 f6 45 c2 80 74 e1 eb 52 <48> 83 78 48 00 75 4b 4c 89 ff e8 6f 00 00 00 84 c0 74 3f 49 8b 04 RSP: 0018:ffffc900038bfcb0 EFLAGS: 00010246 RAX: 0000000000000000 RBX: ffff88811771e020 RCX: 0000000000000001 RDX: 0000000000000001 RSI: ffffffff83c1bc77 RDI: 00000000ffffffff RBP: 0000000008000020 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: ffff8881022c5788 R13: ffff88810a084020 R14: ffffffffffffffea R15: ffff88811771e000 FS: 00007fa2ca85c6c0(0000) GS:ffff88813bb00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000048 CR3: 000000011036c000 CR4: 00000000003506f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 ---------------- Code disassembly (best guess): 0: c3 ret 1: 40 rex 2: 48 39 dd cmp %rbx,%rbp 5: 75 0b jne 0x12 7: eb 49 jmp 0x52 9: 48 8b 6d 00 mov 0x0(%rbp),%rbp d: 48 39 dd cmp %rbx,%rbp 10: 74 3b je 0x4d 12: 48 8b 7d a8 mov -0x58(%rbp),%rdi 16: 4c 89 ee mov %r13,%rsi 19: e8 ca 26 ff ff call 0xffff26e8 1e: 84 c0 test %al,%al 20: 74 e7 je 0x9 22: f6 45 c2 80 testb $0x80,-0x3e(%rbp) 26: 74 e1 je 0x9 28: eb 52 jmp 0x7c * 2a: 48 83 78 48 00 cmpq $0x0,0x48(%rax) <-- trapping instruction 2f: 75 4b jne 0x7c 31: 4c 89 ff mov %r15,%rdi 34: e8 6f 00 00 00 call 0xa8 39: 84 c0 test %al,%al 3b: 74 3f je 0x7c 3d: 49 rex.WB 3e: 8b .byte 0x8b 3f: 04 .byte 0x4