bisecting cause commit starting from b07f636fca1c8fbba124b0082487c0b3890a0e0c building syzkaller on ddc3e85997efdad885e208db6a98bca86e5dd52f testing commit b07f636fca1c8fbba124b0082487c0b3890a0e0c with gcc (GCC) 8.1.0 kernel signature: 2b7b982bf85bbbadbb86cb3ba3b94228cc9e664c all runs: crashed: WARNING in __xlate_proc_name testing release v5.4 testing commit 219d54332a09e8d8741c1e1982f5eae56099de85 with gcc (GCC) 8.1.0 kernel signature: 1066d1c30adeb05c948c21e32d7f01a2f4b913c1 all runs: crashed: WARNING in __xlate_proc_name testing release v5.3 testing commit 4d856f72c10ecb060868ed10ff1b1453943fc6c8 with gcc (GCC) 8.1.0 kernel signature: fc317865fb284acb2faf8870a1e467dfd46d6e6d all runs: crashed: WARNING in __xlate_proc_name testing release v5.2 testing commit 0ecfebd2b52404ae0c54a878c872bb93363ada36 with gcc (GCC) 8.1.0 kernel signature: 139d58ed52cb546a67d011b0a3d4b6473a1663d2 all runs: crashed: WARNING in __xlate_proc_name testing release v5.1 testing commit e93c9c99a629c61837d5a7fc2120cd2b6c70dbdd with gcc (GCC) 8.1.0 kernel signature: f7d766db4affc1efded4037d1929a973add317ae all runs: crashed: WARNING in __xlate_proc_name testing release v5.0 testing commit 1c163f4c7b3f621efff9b28a47abb36f7378d783 with gcc (GCC) 8.1.0 kernel signature: cf3fada1fd7f5fbe4fdee23a89ec5d6eda4a31b1 all runs: crashed: WARNING in __xlate_proc_name testing release v4.20 testing commit 8fe28cb58bcb235034b64cbbb7550a8a43fd88be with gcc (GCC) 8.1.0 kernel signature: 5ef5bc96568fd0baad71bfecaa6e0b72658c773a all runs: crashed: WARNING in __xlate_proc_name testing release v4.19 testing commit 84df9525b0c27f3ebc2ebb1864fa62a97fdedb7d with gcc (GCC) 8.1.0 kernel signature: 4375d72692dc492c307c202906c7b26ff24ae97a all runs: crashed: WARNING in __xlate_proc_name testing release v4.18 testing commit 94710cac0ef4ee177a63b5227664b38c95bbf703 with gcc (GCC) 8.1.0 kernel signature: 95cc28fd231728ffcb36efed4463bcc6f930feae all runs: crashed: KASAN: slab-out-of-bounds Read in fscache_alloc_cookie testing release v4.17 testing commit 29dcea88779c856c7dc92040a0c01233263101d4 with gcc (GCC) 8.1.0 kernel signature: 0aec811aff9cb60354198a572da924346a65e738 all runs: crashed: KASAN: slab-out-of-bounds Read in fscache_alloc_cookie testing release v4.16 testing commit 0adb32858b0bddf4ada5f364a84ed60b196dbcda with gcc (GCC) 8.1.0 kernel signature: 5d9035204e2cb7499fd99bcaf5230e16e271c3d3 all runs: crashed: WARNING in __xlate_proc_name testing release v4.15 testing commit d8a5b80568a9cb66810e75b182018e9edb68e8ff with gcc (GCC) 8.1.0 kernel signature: 453383afb1e8d26b5b8628eaf3e9579da0964724 all runs: crashed: WARNING in __xlate_proc_name testing release v4.14 testing commit bebc6082da0a9f5d47a1ea2edc099bf671058bd4 with gcc (GCC) 8.1.0 kernel signature: 82676547c1280c1e0a77225989a76449e49101b3 all runs: OK # git bisect start d8a5b80568a9cb66810e75b182018e9edb68e8ff bebc6082da0a9f5d47a1ea2edc099bf671058bd4 Bisecting: 8497 revisions left to test after this (roughly 13 steps) [5d352e69c60e54b5f04d6e337a1d2bf0dbf3d94a] Merge tag 'media/v4.15-1' of ssh://gitolite.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media testing commit 5d352e69c60e54b5f04d6e337a1d2bf0dbf3d94a with gcc (GCC) 8.1.0 kernel signature: d4daf8a8711ceededd43c12c2555bd8895211eea all runs: OK # git bisect good 5d352e69c60e54b5f04d6e337a1d2bf0dbf3d94a Bisecting: 3900 revisions left to test after this (roughly 12 steps) [f6705bf959efac87bca76d40050d342f1d212587] Merge tag 'drm-for-v4.15-amd-dc' of git://people.freedesktop.org/~airlied/linux testing commit f6705bf959efac87bca76d40050d342f1d212587 with gcc (GCC) 8.1.0 kernel signature: ef8337af1c2703082a794674976763bef158babc all runs: crashed: WARNING in __xlate_proc_name # git bisect bad f6705bf959efac87bca76d40050d342f1d212587 Bisecting: 2234 revisions left to test after this (roughly 11 steps) [8c609698569578913ad40bb160b97c3f6cfa15ec] Merge tag 'armsoc-soc' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc testing commit 8c609698569578913ad40bb160b97c3f6cfa15ec with gcc (GCC) 8.1.0 kernel signature: 80f9052e82abc5560de7d9e2789f1c315b4bbc20 all runs: crashed: WARNING in __xlate_proc_name # git bisect bad 8c609698569578913ad40bb160b97c3f6cfa15ec Bisecting: 1174 revisions left to test after this (roughly 10 steps) [87331c83797b5d5763a82f09f26fbb6e1a7e6661] Merge tag 'drm-msm-next-2017-11-01' of git://people.freedesktop.org/~robclark/linux into drm-next testing commit 87331c83797b5d5763a82f09f26fbb6e1a7e6661 with gcc (GCC) 8.1.0 kernel signature: 98e282de9ac5d56c1330abc04e6ecf9734b15b8c all runs: OK # git bisect good 87331c83797b5d5763a82f09f26fbb6e1a7e6661 Bisecting: 570 revisions left to test after this (roughly 9 steps) [487e2c9f44c4b5ea23bfe87bb34679f7297a0bce] Merge tag 'afs-next-20171113' of git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs testing commit 487e2c9f44c4b5ea23bfe87bb34679f7297a0bce with gcc (GCC) 8.1.0 kernel signature: c32f405a453815341d3013a9971156a24364a5dc all runs: crashed: WARNING in __xlate_proc_name # git bisect bad 487e2c9f44c4b5ea23bfe87bb34679f7297a0bce Bisecting: 301 revisions left to test after this (roughly 8 steps) [086711708b5a0b1662fb86a10dbf2ae9b3c18d0a] Merge branch 'drm-next-4.15' of git://people.freedesktop.org/~agd5f/linux into drm-next testing commit 086711708b5a0b1662fb86a10dbf2ae9b3c18d0a with gcc (GCC) 8.1.0 kernel signature: b3d785bce17bcfaf95cfb08d43e7cd6b7b3b0451 all runs: OK # git bisect good 086711708b5a0b1662fb86a10dbf2ae9b3c18d0a Bisecting: 158 revisions left to test after this (roughly 7 steps) [2bf16b7a73caf3435f782e4170cfe563675e10f9] Merge tag 'char-misc-4.15-rc1' of ssh://gitolite.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc testing commit 2bf16b7a73caf3435f782e4170cfe563675e10f9 with gcc (GCC) 8.1.0 kernel signature: ba4b7df0348c953aadcf2f3d7e7ce8a68152677e all runs: OK # git bisect good 2bf16b7a73caf3435f782e4170cfe563675e10f9 Bisecting: 79 revisions left to test after this (roughly 6 steps) [1396007286b1e2fd5dd10ae6a5ccaaaed51ab762] pinctrl: sunxi: Enforce the strict mode by default testing commit 1396007286b1e2fd5dd10ae6a5ccaaaed51ab762 with gcc (GCC) 8.1.0 kernel signature: c7e06e2d6cfe3f74b92adb3f056507995b76e7cd all runs: OK # git bisect good 1396007286b1e2fd5dd10ae6a5ccaaaed51ab762 Bisecting: 36 revisions left to test after this (roughly 5 steps) [b630a23a731a436f9edbd9fa00739aaa3e174c15] Merge tag 'pinctrl-v4.15-1' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl testing commit b630a23a731a436f9edbd9fa00739aaa3e174c15 with gcc (GCC) 8.1.0 kernel signature: 26fa7a2d319233dfe3a3db26a381f73bb3d139fd all runs: OK # git bisect good b630a23a731a436f9edbd9fa00739aaa3e174c15 Bisecting: 18 revisions left to test after this (roughly 4 steps) [c435ee34551e1f5a02a253ca8e235287efd2727c] afs: Overhaul the callback handling testing commit c435ee34551e1f5a02a253ca8e235287efd2727c with gcc (GCC) 8.1.0 kernel signature: 63a23748a297ae0a6d3d89fe6f7dd57bad385559 all runs: OK # git bisect good c435ee34551e1f5a02a253ca8e235287efd2727c Bisecting: 9 revisions left to test after this (roughly 3 steps) [becfcc7e576eed03b93f412769573c93de550527] afs: Fix documentation on # vs % prefix in mount source specification testing commit becfcc7e576eed03b93f412769573c93de550527 with gcc (GCC) 8.1.0 kernel signature: c7e74eb382248392aa331a1ea097ed5c3fc1586f all runs: crashed: WARNING in __xlate_proc_name # git bisect bad becfcc7e576eed03b93f412769573c93de550527 Bisecting: 4 revisions left to test after this (roughly 2 steps) [9cc6fc50f7bc69ac28bee45eed13cbc65a86210f] afs: Move server rotation code into its own file testing commit 9cc6fc50f7bc69ac28bee45eed13cbc65a86210f with gcc (GCC) 8.1.0 kernel signature: 6d579780d891359766612ca2208537f0869877f0 all runs: crashed: WARNING in __xlate_proc_name # git bisect bad 9cc6fc50f7bc69ac28bee45eed13cbc65a86210f Bisecting: 1 revision left to test after this (roughly 1 step) [989782dcdc91a5e6d5999c7a52a84a60a0811e56] afs: Overhaul cell database management testing commit 989782dcdc91a5e6d5999c7a52a84a60a0811e56 with gcc (GCC) 8.1.0 kernel signature: 1f4fe8bfe5feccf431d5085cf84d9d8a7009eef2 all runs: crashed: WARNING in __xlate_proc_name # git bisect bad 989782dcdc91a5e6d5999c7a52a84a60a0811e56 Bisecting: 0 revisions left to test after this (roughly 0 steps) [be080a6f43c40976afc950ee55e9b7f8e2b53525] afs: Overhaul permit caching testing commit be080a6f43c40976afc950ee55e9b7f8e2b53525 with gcc (GCC) 8.1.0 kernel signature: 4c8eeaf63418560401e0d6938fb04d748404db77 all runs: OK # git bisect good be080a6f43c40976afc950ee55e9b7f8e2b53525 989782dcdc91a5e6d5999c7a52a84a60a0811e56 is the first bad commit commit 989782dcdc91a5e6d5999c7a52a84a60a0811e56 Author: David Howells Date: Thu Nov 2 15:27:50 2017 +0000 afs: Overhaul cell database management Overhaul the way that the in-kernel AFS client keeps track of cells in the following manner: (1) Cells are now held in an rbtree to make walking them quicker and RCU managed (though this is probably overkill). (2) Cells now have a manager work item that: (A) Looks after fetching and refreshing the VL server list. (B) Manages cell record lifetime, including initialising and destruction. (B) Manages cell record caching whereby threads are kept around for a certain time after last use and then destroyed. (C) Manages the FS-Cache index cookie for a cell. It is not permitted for a cookie to be in use twice, so we have to be careful to not allow a new cell record to exist at the same time as an old record of the same name. (3) Each AFS network namespace is given a manager work item that manages the cells within it, maintaining a single timer to prod cells into updating their DNS records. This uses the reduce_timer() facility to make the timer expire at the soonest timed event that needs happening. (4) When a module is being unloaded, cells and cell managers are now counted out using dec_after_work() to make sure the module text is pinned until after the data structures have been cleaned up. (5) Each cell's VL server list is now protected by a seqlock rather than a semaphore. Signed-off-by: David Howells fs/afs/cell.c | 916 +++++++++++++++++++++++++++++++++++++----------------- fs/afs/internal.h | 60 +++- fs/afs/main.c | 16 +- fs/afs/proc.c | 15 +- fs/afs/super.c | 12 +- fs/afs/xattr.c | 2 +- 6 files changed, 704 insertions(+), 317 deletions(-) culprit signature: 1f4fe8bfe5feccf431d5085cf84d9d8a7009eef2 parent signature: 4c8eeaf63418560401e0d6938fb04d748404db77 revisions tested: 27, total time: 6h40m31.305274321s (build: 2h32m32.265345493s, test: 4h5m25.666150949s) first bad commit: 989782dcdc91a5e6d5999c7a52a84a60a0811e56 afs: Overhaul cell database management cc: ["dhowells@redhat.com" "linux-afs@lists.infradead.org" "linux-kernel@vger.kernel.org"] crash: WARNING in __xlate_proc_name bond0 (unregistering): Releasing backup interface bond_slave_1 bond0 (unregistering): Releasing backup interface bond_slave_0 bond0 (unregistering): Released all slaves name '哢0=#z /g#!wja+2' ------------[ cut here ]------------ WARNING: CPU: 0 PID: 32081 at fs/proc/generic.c:163 __xlate_proc_name.cold.11+0x10/0x1c fs/proc/generic.c:163 Kernel panic - not syncing: panic_on_warn set ... CPU: 0 PID: 32081 Comm: kworker/0:6 Not tainted 4.14.0-rc8-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: afs afs_manage_cell Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x145/0x1e1 lib/dump_stack.c:53 panic+0x1a9/0x34e kernel/panic.c:181 __warn.cold.8+0x11a/0x156 kernel/panic.c:542 report_bug+0x1a3/0x227 lib/bug.c:184 fixup_bug arch/x86/kernel/traps.c:178 [inline] do_trap_no_signal arch/x86/kernel/traps.c:212 [inline] do_trap+0x1ef/0x2d0 arch/x86/kernel/traps.c:261 do_error_trap+0x11f/0x390 arch/x86/kernel/traps.c:298 do_invalid_op+0x1b/0x20 arch/x86/kernel/traps.c:311 invalid_op+0x18/0x20 arch/x86/entry/entry_64.S:906 RIP: 0010:__xlate_proc_name.cold.11+0x10/0x1c fs/proc/generic.c:163 RSP: 0018:ffff880126897000 EFLAGS: 00010286 RAX: 0000000000000025 RBX: ffff8801238038b9 RCX: 0000000000000000 RDX: 0000000000000025 RSI: ffffffff87abe3a0 RDI: ffffed0024d12df7 RBP: ffff880126897030 R08: ffff88011d132930 R09: 0000000000000007 R10: 0000000000000000 R11: dffffc0000000000 R12: ffff8801268971f0 R13: ffff8801268970d8 R14: 0000000000000000 R15: 0000000000000010 xlate_proc_name fs/proc/generic.c:179 [inline] __proc_create+0xc7/0xa30 fs/proc/generic.c:349 proc_mkdir_data+0x84/0x1d0 fs/proc/generic.c:419 proc_mkdir+0x10/0x20 fs/proc/generic.c:445 afs_proc_cell_setup+0x4c/0x110 fs/afs/proc.c:356 afs_activate_cell fs/afs/cell.c:588 [inline] afs_manage_cell+0x386/0x14a0 fs/afs/cell.c:654 process_one_work+0x9c3/0x1a40 kernel/workqueue.c:2112 worker_thread+0x212/0x18f0 kernel/workqueue.c:2246 kthread+0x338/0x400 kernel/kthread.c:231 ret_from_fork+0x2a/0x40 arch/x86/entry/entry_64.S:432 Kernel Offset: disabled Rebooting in 86400 seconds..