bisecting fixing commit since c85fb28b6f999db9928b841f63f1beeb3074eeca building syzkaller on 1880b4a9f394370a7d1fcb5c1cfca0fa1127b463 testing commit c85fb28b6f999db9928b841f63f1beeb3074eeca with gcc (GCC) 8.1.0 kernel signature: d759c37a19ddf0cbab667334f12c2003e54bc3fb9529062f9785a9dfa989dc3e run #0: crashed: general protection fault in afs_deactivate_cell run #1: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_manage_cell run #2: crashed: WARNING in __proc_create run #3: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_proc_cell_setup run #4: crashed: WARNING: proc registration bug in afs_manage_cell run #5: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_proc_cell_remove run #6: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_alloc_anon_key run #7: crashed: BUG: workqueue lockup run #8: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_manage_cell run #9: crashed: BUG: unable to handle kernel paging request in afs_proc_cell_remove testing current HEAD 5e60366d56c630e32befce7ef05c569e04391ca3 testing commit 5e60366d56c630e32befce7ef05c569e04391ca3 with gcc (GCC) 8.1.0 kernel signature: c492ec4fcc711599b428c3b2e9878931d8179d278a8d82a2c3c356e373882289 all runs: OK # git bisect start 5e60366d56c630e32befce7ef05c569e04391ca3 c85fb28b6f999db9928b841f63f1beeb3074eeca Bisecting: 13008 revisions left to test after this (roughly 14 steps) [fc996db970a33c74d3db3ee63532b15187258027] Merge tag 'vfio-v5.10-rc1' of git://github.com/awilliam/linux-vfio testing commit fc996db970a33c74d3db3ee63532b15187258027 with gcc (GCC) 8.1.0 kernel signature: 3a696772347e10cf47659b83a7e6a71240dc1c1214d63f68196aec17b5d5b932 all runs: OK # git bisect bad fc996db970a33c74d3db3ee63532b15187258027 Bisecting: 6038 revisions left to test after this (roughly 13 steps) [93b694d096cc10994c817730d4d50288f9ae3d66] Merge tag 'drm-next-2020-10-15' of git://anongit.freedesktop.org/drm/drm testing commit 93b694d096cc10994c817730d4d50288f9ae3d66 with gcc (GCC) 8.1.0 kernel signature: d6738677dacee109900c714cff047003a7bf4b89e3f5838fe86be041b125e867 run #0: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_proc_cell_remove run #1: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_deactivate_cell run #2: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_deactivate_cell run #3: crashed: WARNING: ODEBUG bug in __do_softirq run #4: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_proc_cell_remove run #5: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_manage_cell run #6: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_manage_cell run #7: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_manage_cell run #8: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_deactivate_cell run #9: crashed: BUG: workqueue lockup # git bisect good 93b694d096cc10994c817730d4d50288f9ae3d66 Bisecting: 3219 revisions left to test after this (roughly 12 steps) [105faa8742437c28815b2a3eb8314ebc5fd9288c] Merge git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next testing commit 105faa8742437c28815b2a3eb8314ebc5fd9288c with gcc (GCC) 8.1.0 kernel signature: c094b04dc466b21863a9812b569f70ada33631d8defd89a20614984d3b9d0fed run #0: crashed: BUG: unable to handle kernel paging request in afs_proc_cell_remove run #1: crashed: general protection fault in afs_proc_cell_setup run #2: crashed: BUG: unable to handle kernel paging request in afs_proc_cell_remove run #3: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_proc_cell_remove run #4: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_manage_cell run #5: crashed: WARNING in __proc_create run #6: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_deactivate_cell run #7: crashed: BUG: workqueue lockup run #8: crashed: BUG: workqueue lockup run #9: crashed: WARNING: proc registration bug in afs_manage_cell # git bisect good 105faa8742437c28815b2a3eb8314ebc5fd9288c Bisecting: 1605 revisions left to test after this (roughly 11 steps) [7a3dadedc82e340f8292f64e7bfa964c525009c0] Merge tag 'f2fs-for-5.10-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/jaegeuk/f2fs testing commit 7a3dadedc82e340f8292f64e7bfa964c525009c0 with gcc (GCC) 8.1.0 kernel signature: 501b21c9eaf80ba0796421f3080b0633f9abed4f5cec36dcd299532ebfa5c4ad run #0: crashed: WARNING in __xlate_proc_name run #1: crashed: BUG: unable to handle kernel paging request in afs_proc_cell_setup run #2: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_manage_cell run #3: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_put_cell run #4: crashed: BUG: unable to handle kernel paging request in afs_proc_cell_setup run #5: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_alloc_anon_key run #6: crashed: BUG: Dentry still in use [unmount of afs afs] run #7: crashed: WARNING: proc registration bug in afs_manage_cell run #8: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_proc_cell_setup run #9: crashed: BUG: unable to handle kernel paging request in afs_proc_cell_remove # git bisect good 7a3dadedc82e340f8292f64e7bfa964c525009c0 Bisecting: 833 revisions left to test after this (roughly 10 steps) [f9915b964c25193a6be1aed744c946d6ff177149] Merge tag 'drm-next-2020-10-19' of git://anongit.freedesktop.org/drm/drm testing commit f9915b964c25193a6be1aed744c946d6ff177149 with gcc (GCC) 8.1.0 kernel signature: 9e745fb9ed9be453781c5c5d7b6c77fc09b1a2f589c20259d41f6e7c813dbda3 all runs: OK # git bisect bad f9915b964c25193a6be1aed744c946d6ff177149 Bisecting: 333 revisions left to test after this (roughly 9 steps) [9d9af1007bc08971953ae915d88dc9bb21344b53] Merge tag 'perf-tools-for-v5.10-2020-10-15' of git://git.kernel.org/pub/scm/linux/kernel/git/acme/linux testing commit 9d9af1007bc08971953ae915d88dc9bb21344b53 with gcc (GCC) 8.1.0 kernel signature: d09095c0efed2d9aa3e1484ae894fb8d998ae31cbf2cddaceab6fbe0c260b9ce all runs: OK # git bisect bad 9d9af1007bc08971953ae915d88dc9bb21344b53 Bisecting: 242 revisions left to test after this (roughly 8 steps) [c7a198c700763ac89abbb166378f546aeb9afb33] RDMA/ucma: Fix use after free in destroy id flow testing commit c7a198c700763ac89abbb166378f546aeb9afb33 with gcc (GCC) 8.1.0 kernel signature: 20813a246e5c3ff88cd48384b48e2ad3e9f529d84503204fccc9f892d0b8c011 run #0: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_deactivate_cell run #1: crashed: general protection fault in afs_proc_cell_setup run #2: crashed: BUG: unable to handle kernel paging request in afs_proc_cell_remove run #3: crashed: WARNING: ODEBUG bug in __do_softirq run #4: crashed: general protection fault in afs_proc_cell_setup run #5: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_manage_cell run #6: crashed: BUG: unable to handle kernel paging request in afs_proc_cell_remove run #7: crashed: WARNING: ODEBUG bug in __do_softirq run #8: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_manage_cell run #9: crashed: WARNING: proc registration bug in afs_manage_cell # git bisect good c7a198c700763ac89abbb166378f546aeb9afb33 Bisecting: 121 revisions left to test after this (roughly 7 steps) [6f78b9acf04fbf9ede7f4265e7282f9fb39d2c8c] Merge tag 'mtd/for-5.10' of git://git.kernel.org/pub/scm/linux/kernel/git/mtd/linux testing commit 6f78b9acf04fbf9ede7f4265e7282f9fb39d2c8c with gcc (GCC) 8.1.0 kernel signature: 0b4a9e352397f21d6d62f5206b88d71a36adc979bd6fadc77733bd1a26e2ab4d all runs: OK # git bisect bad 6f78b9acf04fbf9ede7f4265e7282f9fb39d2c8c Bisecting: 54 revisions left to test after this (roughly 6 steps) [3856a28cfe9161927fa13bb7cb561f6d8fd2e82a] Merge tag 'nand/for-5.10' of git://git.kernel.org/pub/scm/linux/kernel/git/mtd/linux into mtd/next testing commit 3856a28cfe9161927fa13bb7cb561f6d8fd2e82a with gcc (GCC) 8.1.0 kernel signature: 653543745cb212d9ca4d0e46c5a6117320906e5018c6d5655941bedf8166fc88 run #0: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_manage_cell run #1: crashed: WARNING in __xlate_proc_name run #2: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_deactivate_cell run #3: crashed: BUG: unable to handle kernel paging request in afs_proc_cell_remove run #4: crashed: BUG: unable to handle kernel paging request in afs_proc_cell_setup run #5: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_manage_cell run #6: crashed: general protection fault in afs_dns_query run #7: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_deactivate_cell run #8: crashed: BUG: unable to handle kernel paging request in afs_proc_cell_setup run #9: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_alloc_anon_key # git bisect good 3856a28cfe9161927fa13bb7cb561f6d8fd2e82a Bisecting: 33 revisions left to test after this (roughly 5 steps) [071a0578b0ce0b0e543d1e38ee6926b9cc21c198] Merge tag 'ovl-update-5.10' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/vfs testing commit 071a0578b0ce0b0e543d1e38ee6926b9cc21c198 with gcc (GCC) 8.1.0 kernel signature: 89b0d24be762ba14015d4b34d54bb563d8d24a3118d0135a347c908c3d0a140d all runs: OK # git bisect bad 071a0578b0ce0b0e543d1e38ee6926b9cc21c198 Bisecting: 10 revisions left to test after this (roughly 3 steps) [43d193f8440d67f0dddd93ae973eb94174039e83] ovl: enumerate private xattrs testing commit 43d193f8440d67f0dddd93ae973eb94174039e83 with gcc (GCC) 8.1.0 kernel signature: c301cb2969874bce64fe957a2bb5b6974bbd6f669a3016a63482dafc1f7a552f run #0: crashed: WARNING in __xlate_proc_name run #1: crashed: general protection fault in afs_proc_cell_setup run #2: crashed: WARNING: proc registration bug in afs_manage_cell run #3: crashed: BUG: unable to handle kernel paging request in afs_proc_cell_remove run #4: crashed: WARNING in __proc_create run #5: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_deactivate_cell run #6: crashed: WARNING: proc registration bug in afs_manage_cell run #7: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_manage_cell run #8: crashed: WARNING: proc registration bug in afs_manage_cell run #9: crashed: WARNING: proc registration bug in afs_manage_cell # git bisect good 43d193f8440d67f0dddd93ae973eb94174039e83 Bisecting: 5 revisions left to test after this (roughly 3 steps) [dca54a7bbb8ca9148ae10d60c66c926e222a9c4b] afs: Add tracing for cell refcount and active user count testing commit dca54a7bbb8ca9148ae10d60c66c926e222a9c4b with gcc (GCC) 8.1.0 kernel signature: 5621868da5720ea91e5def62d4a66927367fc4b7e0b88a843a9ab1b0df012cb6 all runs: OK # git bisect bad dca54a7bbb8ca9148ae10d60c66c926e222a9c4b Bisecting: 2 revisions left to test after this (roughly 1 step) [88c853c3f5c0a07c5db61b494ee25152535cfeee] afs: Fix cell refcounting by splitting the usage counter testing commit 88c853c3f5c0a07c5db61b494ee25152535cfeee with gcc (GCC) 8.1.0 kernel signature: 05801183c54cd73108278438825391f5913df37ef75792867232c9c41ce30a04 run #0: crashed: BUG: workqueue lockup run #1: crashed: BUG: workqueue lockup run #2: crashed: BUG: workqueue lockup run #3: crashed: BUG: workqueue lockup run #4: crashed: WARNING: proc registration bug in afs_manage_cell_work run #5: crashed: BUG: workqueue lockup run #6: crashed: BUG: workqueue lockup run #7: crashed: BUG: workqueue lockup run #8: crashed: BUG: workqueue lockup run #9: crashed: INFO: task hung in synchronize_rcu # git bisect good 88c853c3f5c0a07c5db61b494ee25152535cfeee Bisecting: 0 revisions left to test after this (roughly 1 step) [1d0e850a49a5b56f8f3cb51e74a11e2fedb96be6] afs: Fix cell removal testing commit 1d0e850a49a5b56f8f3cb51e74a11e2fedb96be6 with gcc (GCC) 8.1.0 kernel signature: 838a8526f1e2349cbb8747b017fc09fbe79d58f5fdc1c40b8f078830dd888329 all runs: OK # git bisect bad 1d0e850a49a5b56f8f3cb51e74a11e2fedb96be6 Bisecting: 0 revisions left to test after this (roughly 0 steps) [286377f6bdf71568a4cf07104fe44006ae0dba6d] afs: Fix cell purging with aliases testing commit 286377f6bdf71568a4cf07104fe44006ae0dba6d with gcc (GCC) 8.1.0 kernel signature: 78fbf8fc44c53b09490de5414cc3d37ae4036a41af41cbcd82e91133092d55fc run #0: crashed: BUG: workqueue lockup run #1: crashed: BUG: workqueue lockup run #2: crashed: BUG: workqueue lockup run #3: crashed: WARNING: proc registration bug in afs_manage_cell_work run #4: crashed: BUG: workqueue lockup run #5: crashed: BUG: workqueue lockup run #6: crashed: BUG: workqueue lockup run #7: crashed: BUG: workqueue lockup run #8: crashed: WARNING: proc registration bug in afs_manage_cell_work run #9: crashed: INFO: task hung in synchronize_rcu # git bisect good 286377f6bdf71568a4cf07104fe44006ae0dba6d 1d0e850a49a5b56f8f3cb51e74a11e2fedb96be6 is the first bad commit commit 1d0e850a49a5b56f8f3cb51e74a11e2fedb96be6 Author: David Howells Date: Fri Oct 16 13:21:14 2020 +0100 afs: Fix cell removal Fix cell removal by inserting a more final state than AFS_CELL_FAILED that indicates that the cell has been unpublished in case the manager is already requeued and will go through again. The new AFS_CELL_REMOVED state will just immediately leave the manager function. Going through a second time in the AFS_CELL_FAILED state will cause it to try to remove the cell again, potentially leading to the proc list being removed. Fixes: 989782dcdc91 ("afs: Overhaul cell database management") Reported-by: syzbot+b994ecf2b023f14832c1@syzkaller.appspotmail.com Reported-by: syzbot+0e0db88e1eb44a91ae8d@syzkaller.appspotmail.com Reported-by: syzbot+2d0585e5efcd43d113c2@syzkaller.appspotmail.com Reported-by: syzbot+1ecc2f9d3387f1d79d42@syzkaller.appspotmail.com Reported-by: syzbot+18d51774588492bf3f69@syzkaller.appspotmail.com Reported-by: syzbot+a5e4946b04d6ca8fa5f3@syzkaller.appspotmail.com Suggested-by: Hillf Danton Signed-off-by: David Howells cc: Hillf Danton fs/afs/cell.c | 16 ++++++++++------ fs/afs/internal.h | 1 + 2 files changed, 11 insertions(+), 6 deletions(-) culprit signature: 838a8526f1e2349cbb8747b017fc09fbe79d58f5fdc1c40b8f078830dd888329 parent signature: 78fbf8fc44c53b09490de5414cc3d37ae4036a41af41cbcd82e91133092d55fc revisions tested: 17, total time: 3h32m41.494601386s (build: 1h25m45.745155388s, test: 2h4m46.19491728s) first good commit: 1d0e850a49a5b56f8f3cb51e74a11e2fedb96be6 afs: Fix cell removal recipients (to): ["dhowells@redhat.com" "dhowells@redhat.com" "linux-afs@lists.infradead.org"] recipients (cc): ["linux-kernel@vger.kernel.org"]