bisecting cause commit starting from 6e764bcd1cf72a2846c0e53d3975a09b242c04c9 building syzkaller on b599f2fcc734e2183016a340d4f6fc2891d8e41f testing commit 6e764bcd1cf72a2846c0e53d3975a09b242c04c9 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: c7fc4fa7d121c2bb2e3f5701d39b8718d23b5031c78362d9fd1605f577277924 all runs: crashed: INFO: task hung in __xfs_buf_submit testing release v5.13 testing commit 62fb9874f5da54fdb243003b386128037319b219 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: eaab50170f966c8b3eb39852b91e95d9bc7e454d96827a490e5a435720d1ffbe all runs: crashed: INFO: task hung in __xfs_buf_submit testing release v5.12 testing commit 9f4ad9e425a1d3b6a34617b8ea226d56a119a717 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: a2c67d0aa4cd9031fb2dccc0e9429d13c38be324308c26aa1ef6b084265ddb79 all runs: crashed: INFO: task hung in __xfs_buf_submit testing release v5.11 testing commit f40ddce88593482919761f74910f42f4b84c004b compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: 760afc9eb3d03287b34ea942b7a411382f5645571be3e022de43df2d69784b74 all runs: crashed: INFO: task hung in __xfs_buf_submit testing release v5.10 testing commit 2c85ebc57b3e1817b6ce1a6b703928e113a90442 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: ed87a01106570e960457a093defc61da2463f8df499a22d92a19e05b34bca040 all runs: crashed: INFO: task hung in __xfs_buf_submit testing release v5.9 testing commit bbf5c979011a099af5dc76498918ed7df445635b compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: a6ff38e82dd9e7b72f8594f21d4456e9f130fed2d0baffe8f9a1ac831a8846b8 all runs: crashed: INFO: task hung in __xfs_buf_submit testing release v5.8 testing commit bcf876870b95592b52519ed4aafcf9d95999bc9c compiler: gcc (GCC) 8.4.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: 148af9454d2419d8c534f359dc0ada77e2a0b73e26499bd1d569517b33bb77e1 all runs: crashed: INFO: task hung in __xfs_buf_submit testing release v5.7 testing commit 3d77e6a8804abcc0504c904bd6e5cdf3a5cf8162 compiler: gcc version 8.4.1 20210217 (GCC), GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: c39813ac1b4cf9ee17cd9581d29834c9312d7a9e2d37c5149682cd29e326d445 all runs: crashed: INFO: task hung in __xfs_buf_submit testing release v5.6 testing commit 7111951b8d4973bda27ff663f2cf18b663d15b48 compiler: gcc version 8.4.1 20210217 (GCC) kernel signature: 65e9f41c1707ffe281e68adea77024db743fc3aec52e15a3092851b775aa1091 all runs: crashed: INFO: task hung in __xfs_buf_submit testing release v5.5 testing commit d5226fa6dbae0569ee43ecfc08bdcd6770fc4755 compiler: gcc version 8.4.1 20210217 (GCC) kernel signature: df229a265ef77d7ea04c00e82025c3f1c0476396510a270bc6ec4e905f5dd17e all runs: crashed: INFO: task hung in __xfs_buf_submit testing release v5.4 testing commit 219d54332a09e8d8741c1e1982f5eae56099de85 compiler: gcc version 8.4.1 20210217 (GCC) kernel signature: 4db262e20e001154554aacba8ee069cf005e1d0d472bd35a6ff08601ed7ef2f2 all runs: crashed: INFO: task hung in __xfs_buf_submit testing release v5.3 testing commit 4d856f72c10ecb060868ed10ff1b1453943fc6c8 compiler: gcc version 8.4.1 20210217 (GCC) kernel signature: 8a03cb69477372e7c3f6c0fee23e5ea1b68880d5ca37439f59113cf3c4eda96e all runs: OK # git bisect start 219d54332a09e8d8741c1e1982f5eae56099de85 4d856f72c10ecb060868ed10ff1b1453943fc6c8 Bisecting: 7882 revisions left to test after this (roughly 13 steps) [a9f8b38a071b468276a243ea3ea5a0636e848cf2] Merge tag 'for-linus-5.4-1' of git://github.com/cminyard/linux-ipmi testing commit a9f8b38a071b468276a243ea3ea5a0636e848cf2 compiler: gcc version 8.4.1 20210217 (GCC) kernel signature: ceeaa8b0cfd529302ba500b7667f68e052337f4d182c21133fad9a5ec409b8b0 all runs: crashed: INFO: task hung in __xfs_buf_submit # git bisect bad a9f8b38a071b468276a243ea3ea5a0636e848cf2 Bisecting: 3920 revisions left to test after this (roughly 12 steps) [fe38bd6862074c0a2b9be7f31f043aaa70b2af5f] Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm testing commit fe38bd6862074c0a2b9be7f31f043aaa70b2af5f compiler: gcc version 8.4.1 20210217 (GCC) kernel signature: 3d0d4a9da4bc7c928f19ca21482e2c6d6e64a677674bf2710088819cd7d655b2 all runs: crashed: INFO: task hung in __xfs_buf_submit # git bisect bad fe38bd6862074c0a2b9be7f31f043aaa70b2af5f Bisecting: 1970 revisions left to test after this (roughly 11 steps) [fc6fd1392a8f3d5f3d722ad9c92314477c1a2a35] Merge branch 'x86-build-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip testing commit fc6fd1392a8f3d5f3d722ad9c92314477c1a2a35 compiler: gcc version 8.4.1 20210217 (GCC) kernel signature: e373d806f28bfbb66cbcdfb29000ac6c191d7d29a1e277419a3a9a9ca03df288 all runs: OK # git bisect good fc6fd1392a8f3d5f3d722ad9c92314477c1a2a35 Bisecting: 1254 revisions left to test after this (roughly 10 steps) [ea982ba7f79141d86eb7a440fcba6796ed718b9b] Merge tag 'mmc-v5.4' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmc testing commit ea982ba7f79141d86eb7a440fcba6796ed718b9b compiler: gcc version 8.4.1 20210217 (GCC) kernel signature: 7a52bc2ba4602b2af1de67bba8e9d78dee0a42af97a1c2d88a4a64731cbd32bd all runs: crashed: INFO: task hung in __xfs_buf_submit # git bisect bad ea982ba7f79141d86eb7a440fcba6796ed718b9b Bisecting: 358 revisions left to test after this (roughly 9 steps) [6dec8c15e5faa2a3c02d2e1d1b03b926b545ec0a] Merge tag 'xtensa-20190917' of git://github.com/jcmvbkbc/linux-xtensa testing commit 6dec8c15e5faa2a3c02d2e1d1b03b926b545ec0a compiler: gcc version 8.4.1 20210217 (GCC) kernel signature: 4104b18a3e28c4e3e64a4934fb0829523612432f24733ff7675703a0bebdb7a9 all runs: OK # git bisect good 6dec8c15e5faa2a3c02d2e1d1b03b926b545ec0a Bisecting: 179 revisions left to test after this (roughly 8 steps) [21fa1004ff5d749c90cef77525b73a49ef5583dc] Merge branch 'nvme-5.4' of git://git.infradead.org/nvme into for-5.4/block testing commit 21fa1004ff5d749c90cef77525b73a49ef5583dc compiler: gcc version 8.4.1 20210217 (GCC) kernel signature: 0396b0c4320751d79e736d530246ede91d1b6d5d6d99b1c378be552efea8fec6 all runs: crashed: INFO: task hung in __xfs_buf_submit # git bisect bad 21fa1004ff5d749c90cef77525b73a49ef5583dc Bisecting: 89 revisions left to test after this (roughly 7 steps) [10407ec9b42d30a6ebc49f7f84e2bb2131438699] nvme-tcp: Use protocol specific operations while reading socket testing commit 10407ec9b42d30a6ebc49f7f84e2bb2131438699 compiler: gcc version 8.4.1 20210217 (GCC) kernel signature: 90621288b81685cc57a00da24ad78d6b86fe3d15d79c05617740e651b96c1b64 all runs: crashed: INFO: task hung in __xfs_buf_submit # git bisect bad 10407ec9b42d30a6ebc49f7f84e2bb2131438699 Bisecting: 44 revisions left to test after this (roughly 6 steps) [5cc23ed75b629dfb0f8f7a7d0c80e0bab36b3960] block: sed-opal: Add/remove spaces testing commit 5cc23ed75b629dfb0f8f7a7d0c80e0bab36b3960 compiler: gcc version 8.4.1 20210217 (GCC) kernel signature: 271d7c04ffe486643b1ca1b6a800db1484397cb5bd6d79f8198f3ced1bb73cc5 all runs: OK # git bisect good 5cc23ed75b629dfb0f8f7a7d0c80e0bab36b3960 Bisecting: 22 revisions left to test after this (roughly 5 steps) [97b27821b4854ca744946dae32a3f2fd55bcd5bc] writeback, memcg: Implement foreign dirty flushing testing commit 97b27821b4854ca744946dae32a3f2fd55bcd5bc compiler: gcc version 8.4.1 20210217 (GCC) kernel signature: 0b9094fe49344595aac526c165d67ed6f1fcd85609a1dfc9a580ff6db539beca all runs: crashed: INFO: task hung in __xfs_buf_submit # git bisect bad 97b27821b4854ca744946dae32a3f2fd55bcd5bc Bisecting: 10 revisions left to test after this (roughly 4 steps) [d4b186ed227b80334abf1fe2c918c0ddc4374f38] null_blk: move duplicate code to callers testing commit d4b186ed227b80334abf1fe2c918c0ddc4374f38 compiler: gcc version 8.4.1 20210217 (GCC) kernel signature: 5989732f1028b53b64464b3eb3ac3b6b3f5b09ffc48dcdadf089fd8fa02e7829 all runs: crashed: INFO: task hung in __xfs_buf_submit # git bisect bad d4b186ed227b80334abf1fe2c918c0ddc4374f38 Bisecting: 5 revisions left to test after this (roughly 3 steps) [887e975c4172d0d5670c39ead2f18ba1e4ec8133] nbd: add missing config put testing commit 887e975c4172d0d5670c39ead2f18ba1e4ec8133 compiler: gcc version 8.4.1 20210217 (GCC) kernel signature: faf3842a6b1f594b449b5111a38a08dd83d7bd276bc6c1be0361cbba8b9853b5 run #0: crashed: general protection fault in batadv_iv_ogm_queue_add run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK reproducer seems to be flaky # git bisect bad 887e975c4172d0d5670c39ead2f18ba1e4ec8133 Bisecting: 2 revisions left to test after this (roughly 1 step) [238bdcdf5d0a087f8930c82b7c7cc142ca9399ce] block: sed-opal: Removed duplicate OPAL_METHOD_LENGTH definition testing commit 238bdcdf5d0a087f8930c82b7c7cc142ca9399ce compiler: gcc version 8.4.1 20210217 (GCC) kernel signature: 271d7c04ffe486643b1ca1b6a800db1484397cb5bd6d79f8198f3ced1bb73cc5 all runs: OK # git bisect good 238bdcdf5d0a087f8930c82b7c7cc142ca9399ce Bisecting: 0 revisions left to test after this (roughly 1 step) [00514677ed829efa2fc688ca60a72e52695529cc] nbd: add function to convert blk req op to nbd cmd testing commit 00514677ed829efa2fc688ca60a72e52695529cc compiler: gcc version 8.4.1 20210217 (GCC) kernel signature: ba4931d34704e4304b894a41dd0bd918a5ee1c0a9d7ad0769a0bee2c3ba86caf all runs: OK # git bisect good 00514677ed829efa2fc688ca60a72e52695529cc 887e975c4172d0d5670c39ead2f18ba1e4ec8133 is the first bad commit commit 887e975c4172d0d5670c39ead2f18ba1e4ec8133 Author: Mike Christie Date: Tue Aug 13 11:39:51 2019 -0500 nbd: add missing config put Fix bug added with the patch: commit 8f3ea35929a0806ad1397db99a89ffee0140822a Author: Josef Bacik Date: Mon Jul 16 12:11:35 2018 -0400 nbd: handle unexpected replies better where if the timeout handler runs when the completion path is and we fail to grab the mutex in the timeout handler we will leave a config reference and cannot free the config later. Reviewed-by: Josef Bacik Signed-off-by: Mike Christie Signed-off-by: Jens Axboe drivers/block/nbd.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) culprit signature: faf3842a6b1f594b449b5111a38a08dd83d7bd276bc6c1be0361cbba8b9853b5 parent signature: ba4931d34704e4304b894a41dd0bd918a5ee1c0a9d7ad0769a0bee2c3ba86caf Reproducer flagged being flaky revisions tested: 25, total time: 5h54m49.470955279s (build: 2h49m12.005146813s, test: 3h1m21.386898959s) first bad commit: 887e975c4172d0d5670c39ead2f18ba1e4ec8133 nbd: add missing config put recipients (to): ["axboe@kernel.dk" "josef@toxicpanda.com" "mchristi@redhat.com"] recipients (cc): [] crash: general protection fault in batadv_iv_ogm_queue_add kasan: CONFIG_KASAN_INLINE enabled kasan: GPF could be caused by NULL-ptr deref or user memory access general protection fault: 0000 [#1] PREEMPT SMP KASAN CPU: 1 PID: 10420 Comm: kworker/u4:7 Not tainted 5.3.0-rc3-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: bat_events batadv_iv_send_outstanding_bat_ogm_packet RIP: 0010:batadv_iv_ogm_queue_add+0x9b/0xec0 net/batman-adv/bat_iv_ogm.c:599 Code: 44 89 8d 64 ff ff ff c7 02 f1 f1 f1 f1 c7 42 04 04 f2 f2 f2 48 89 fa 65 48 8b 0c 25 28 00 00 00 48 89 4d d0 31 c9 48 c1 ea 03 <0f> b6 04 02 48 89 fa 83 e2 07 38 d0 7f 08 84 c0 0f 85 cb 0b 00 00 RSP: 0018:ffff8880ae53fac0 EFLAGS: 00010246 RAX: dffffc0000000000 RBX: ffff8880a07b9680 RCX: 0000000000000000 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 RBP: ffff8880ae53fbd8 R08: ffff8880a07b9680 R09: 0000000000000001 R10: ffffed1015ca7f8f R11: 0000000000000003 R12: ffff8880a07b9680 R13: dffffc0000000000 R14: ffff8880a21e0b40 R15: 000000000000003c FS: 0000000000000000(0000) GS:ffff8880ba300000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f633599a000 CR3: 0000000089f0e000 CR4: 00000000001406e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: batadv_iv_ogm_schedule+0xb47/0xe80 net/batman-adv/bat_iv_ogm.c:807 batadv_iv_send_outstanding_bat_ogm_packet+0x54c/0x780 net/batman-adv/bat_iv_ogm.c:1669 process_one_work+0x7d2/0x1560 kernel/workqueue.c:2269 worker_thread+0x85/0xb60 kernel/workqueue.c:2415 kthread+0x331/0x3f0 kernel/kthread.c:255 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:352 Modules linked in: ---[ end trace 5f0b3431a089646f ]--- RIP: 0010:batadv_iv_ogm_queue_add+0x9b/0xec0 net/batman-adv/bat_iv_ogm.c:599 Code: 44 89 8d 64 ff ff ff c7 02 f1 f1 f1 f1 c7 42 04 04 f2 f2 f2 48 89 fa 65 48 8b 0c 25 28 00 00 00 48 89 4d d0 31 c9 48 c1 ea 03 <0f> b6 04 02 48 89 fa 83 e2 07 38 d0 7f 08 84 c0 0f 85 cb 0b 00 00 RSP: 0018:ffff8880ae53fac0 EFLAGS: 00010246 RAX: dffffc0000000000 RBX: ffff8880a07b9680 RCX: 0000000000000000 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 RBP: ffff8880ae53fbd8 R08: ffff8880a07b9680 R09: 0000000000000001 R10: ffffed1015ca7f8f R11: 0000000000000003 R12: ffff8880a07b9680 R13: dffffc0000000000 R14: ffff8880a21e0b40 R15: 000000000000003c FS: 0000000000000000(0000) GS:ffff8880ba300000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f633599a000 CR3: 0000000089f0e000 CR4: 00000000001406e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 ---------------- Code disassembly (best guess): 0: 44 89 8d 64 ff ff ff mov %r9d,-0x9c(%rbp) 7: c7 02 f1 f1 f1 f1 movl $0xf1f1f1f1,(%rdx) d: c7 42 04 04 f2 f2 f2 movl $0xf2f2f204,0x4(%rdx) 14: 48 89 fa mov %rdi,%rdx 17: 65 48 8b 0c 25 28 00 mov %gs:0x28,%rcx 1e: 00 00 20: 48 89 4d d0 mov %rcx,-0x30(%rbp) 24: 31 c9 xor %ecx,%ecx 26: 48 c1 ea 03 shr $0x3,%rdx * 2a: 0f b6 04 02 movzbl (%rdx,%rax,1),%eax <-- trapping instruction 2e: 48 89 fa mov %rdi,%rdx 31: 83 e2 07 and $0x7,%edx 34: 38 d0 cmp %dl,%al 36: 7f 08 jg 0x40 38: 84 c0 test %al,%al 3a: 0f 85 cb 0b 00 00 jne 0xc0b