bisecting cause commit starting from fdd06dc6b0f832a9cd8033438cc3b01d253c3981 building syzkaller on 0f08704067fce8a2a7ef7c508247aad6d48ed1f3 testing commit fdd06dc6b0f832a9cd8033438cc3b01d253c3981 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: fab4a29ce07b078ed28aa69e38fe28f60a5db3fb4f2d51421da2f2d9c302458f run #0: crashed: general protection fault in kernfs_name_hash run #1: crashed: general protection fault in del_gendisk run #2: crashed: general protection fault in del_gendisk run #3: crashed: general protection fault in kernfs_name_hash run #4: crashed: general protection fault in kernfs_name_hash run #5: crashed: general protection fault in kernfs_name_hash run #6: crashed: general protection fault in del_gendisk run #7: crashed: general protection fault in kernfs_name_hash run #8: crashed: general protection fault in del_gendisk run #9: crashed: general protection fault in del_gendisk run #10: crashed: general protection fault in del_gendisk run #11: crashed: general protection fault in kernfs_name_hash run #12: crashed: general protection fault in kernfs_name_hash run #13: crashed: general protection fault in kernfs_name_hash run #14: crashed: general protection fault in del_gendisk run #15: crashed: general protection fault in kernfs_name_hash run #16: crashed: general protection fault in del_gendisk run #17: crashed: general protection fault in kernfs_name_hash run #18: crashed: general protection fault in del_gendisk run #19: crashed: general protection fault in del_gendisk testing release v5.10.117 testing commit 7686a5c2a8d398196259b1bf3fa369a4fd6bcd6f compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 06d41c50064646c64767eead5d33d1a16986f72a9073704a19e97727b469b4f2 all runs: OK # git bisect start fdd06dc6b0f832a9cd8033438cc3b01d253c3981 7686a5c2a8d398196259b1bf3fa369a4fd6bcd6f Bisecting: 2953 revisions left to test after this (roughly 12 steps) [fd10db46d00327f730807d776db03eae98948a00] FROMGIT: kasan, mm: optimize krealloc poisoning testing commit fd10db46d00327f730807d776db03eae98948a00 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 mm/memory.c:4800:10: error: assignment of member 'vma' in read-only object mm/memory.c:4942:12: error: assignment of member 'pgoff' in read-only object mm/memory.c:4943:15: error: assignment of member 'gfp_mask' in read-only object # git bisect skip fd10db46d00327f730807d776db03eae98948a00 Bisecting: 2951 revisions left to test after this (roughly 12 steps) [9e7985701d28e10e26a8d2382a4cbd7700ea4f08] FROMGIT: arm64: kasan: simplify and inline MTE functions testing commit 9e7985701d28e10e26a8d2382a4cbd7700ea4f08 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 mm/memory.c:4800:10: error: assignment of member 'vma' in read-only object mm/memory.c:4942:12: error: assignment of member 'pgoff' in read-only object mm/memory.c:4943:15: error: assignment of member 'gfp_mask' in read-only object # git bisect skip 9e7985701d28e10e26a8d2382a4cbd7700ea4f08 Bisecting: 2951 revisions left to test after this (roughly 12 steps) [b397a0387cb280697e83033ec9a45f4a2e7bc444] ANDROID: fips140: test all implementations testing commit b397a0387cb280697e83033ec9a45f4a2e7bc444 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 21c0d43c56553d2e095d10d8ff6d0e2632e2ac2c72f7b333ac6db69e0e994f55 run #0: crashed: general protection fault in kernfs_name_hash run #1: crashed: general protection fault in kernfs_name_hash run #2: crashed: general protection fault in del_gendisk run #3: crashed: general protection fault in del_gendisk run #4: crashed: general protection fault in del_gendisk run #5: crashed: general protection fault in del_gendisk run #6: crashed: general protection fault in del_gendisk run #7: crashed: general protection fault in kernfs_name_hash run #8: crashed: general protection fault in del_gendisk run #9: crashed: general protection fault in kernfs_name_hash # git bisect bad b397a0387cb280697e83033ec9a45f4a2e7bc444 Bisecting: 2621 revisions left to test after this (roughly 11 steps) [2a6bc198915275a36c2822d80d680922bba7ba3c] UPSTREAM: arm64: alternatives: Remove READ_ONCE() usage during patch operation testing commit 2a6bc198915275a36c2822d80d680922bba7ba3c compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: be090cb2720287ea595c6c5b7aa4c7ec9a7b0e67770f1af08896b4b620ffa6ab all runs: basic kernel testing failed: KASAN: use-after-free Read in task_active_pid_ns # git bisect skip 2a6bc198915275a36c2822d80d680922bba7ba3c Bisecting: 2621 revisions left to test after this (roughly 11 steps) [79d3d549f9b3060fd78da0477c543f9e70d6e851] ANDROID: GKI: 5/7 KMI update testing commit 79d3d549f9b3060fd78da0477c543f9e70d6e851 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 9e152d8bc2a26197d979510b3196809f64f1f971b35391452d0c2c3c62bef838 all runs: basic kernel testing failed: KASAN: use-after-free Read in task_active_pid_ns # git bisect skip 79d3d549f9b3060fd78da0477c543f9e70d6e851 Bisecting: 2621 revisions left to test after this (roughly 11 steps) [8a0e4c2b94375dcb0021c6173c3c3a4a4a8cc55a] FROMLIST: fuse: Fix crediantials leak in passthrough read_iter testing commit 8a0e4c2b94375dcb0021c6173c3c3a4a4a8cc55a compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 68927aefc7226c520fa3e0daaab52eb999e14c44aeceeb09a97b456cf8f33400 all runs: basic kernel testing failed: KASAN: use-after-free Read in task_active_pid_ns # git bisect skip 8a0e4c2b94375dcb0021c6173c3c3a4a4a8cc55a Bisecting: 2621 revisions left to test after this (roughly 11 steps) [f3f8d55011837f34584fc223e2a26b13623ff296] ANDROID: sched: Add vendor hooks for update_load_avg testing commit f3f8d55011837f34584fc223e2a26b13623ff296 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: afed0c7e0356e4f448080ca89ef4afe90b1d46e064f20991563001dc21f6d2be all runs: basic kernel testing failed: KASAN: use-after-free Read in task_active_pid_ns # git bisect skip f3f8d55011837f34584fc223e2a26b13623ff296 Bisecting: 2621 revisions left to test after this (roughly 11 steps) [18ebdc37464a1288c3c6ca853e66efebf3e793db] ANDROID: sched: add vendor hooks for bad scheduling testing commit 18ebdc37464a1288c3c6ca853e66efebf3e793db compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: adbb3897a991c3264a0b39d106990dfdc752969158ff3961d3e1b963829ec814 all runs: basic kernel testing failed: KASAN: use-after-free Read in task_active_pid_ns # git bisect skip 18ebdc37464a1288c3c6ca853e66efebf3e793db Bisecting: 2621 revisions left to test after this (roughly 11 steps) [f9761818fe9a95752e6c49f5ee5bf4640e0507db] ANDROID: GKI: Refresh ABI following trimmed symbol CRC fix testing commit f9761818fe9a95752e6c49f5ee5bf4640e0507db compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: d7ca35714372e00a98f47fa2ddca07a1d80842c66e40443ef4c64196e77b926c all runs: basic kernel testing failed: KASAN: use-after-free Read in task_active_pid_ns # git bisect skip f9761818fe9a95752e6c49f5ee5bf4640e0507db Bisecting: 2621 revisions left to test after this (roughly 11 steps) [1c2af92b869c363ada8df84340bab033b81e6628] UPSTREAM: psci: Support psci_ops.get_version for v0.1 testing commit 1c2af92b869c363ada8df84340bab033b81e6628 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 4ad1948d0097405a6cec0b39fb61ff88a7738eadef7ec23c826dbb9ab9ed80e5 failed: failed to create VM pool: failed to create GCE image: create image operation failed: &{Code:PERMISSIONS_ERROR Location: Message:Required 'read' permission for 'ci2-android-5-10-bisect-job-bisect-job-image.tar.gz' ForceSendFields:[] NullFields:[]}. # git bisect skip 1c2af92b869c363ada8df84340bab033b81e6628 Bisecting: 2621 revisions left to test after this (roughly 11 steps) [73372c9835b2de23dedd57892fcc0c971d97fedf] ANDROID: scsi: ufs: add UFSHCD_QUIRK_NO_KEYSLOTS testing commit 73372c9835b2de23dedd57892fcc0c971d97fedf compiler: gcc (GCC) 8.4.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: d409373746a6a4422002b4677802a4f4bdf3dbdd2f5372980e4e783f2d780f97 all runs: basic kernel testing failed: KASAN: use-after-free Read in task_active_pid_ns # git bisect skip 73372c9835b2de23dedd57892fcc0c971d97fedf Bisecting: 2621 revisions left to test after this (roughly 11 steps) [2dc1df560308a1882143693b64c4f893d75f8d94] UPSTREAM: xhci: use xhci_td_cleanup() helper when giving back cancelled URBs testing commit 2dc1df560308a1882143693b64c4f893d75f8d94 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: f06c37525a0a633bf5db60cdee377be38127edfa1ad7d4027c91258ada53a8c5 all runs: basic kernel testing failed: KASAN: use-after-free Read in task_active_pid_ns # git bisect skip 2dc1df560308a1882143693b64c4f893d75f8d94 Bisecting: 2621 revisions left to test after this (roughly 11 steps) [a428f6d3cdab8091c39c7145e6f8bbb03b22693f] FROMGIT: drm/virtio: Fix use after free in get_capset_info callback. testing commit a428f6d3cdab8091c39c7145e6f8bbb03b22693f compiler: gcc (GCC) 8.4.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 182d218848561d604620e7a754f59855f58cdace5ad2c328816c6b1a4f6dcbc4 all runs: basic kernel testing failed: KASAN: use-after-free Read in task_active_pid_ns # git bisect skip a428f6d3cdab8091c39c7145e6f8bbb03b22693f Bisecting: 2621 revisions left to test after this (roughly 11 steps) [2a492c11b930f14c1f69d5aacd70146c0938756a] UPSTREAM: xhci: prevent a theoretical endless loop while preparing rings. testing commit 2a492c11b930f14c1f69d5aacd70146c0938756a compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 964fd23d2052fd5b44646b5398afb43660053d27bdb4bc13c06770c07f91165c all runs: basic kernel testing failed: KASAN: use-after-free Read in task_active_pid_ns # git bisect skip 2a492c11b930f14c1f69d5aacd70146c0938756a Bisecting: 2621 revisions left to test after this (roughly 11 steps) [836219141ff7a77e7fab0bd749edd746fd36fef2] Revert "iov_iter: transparently handle compat iovecs in import_iovec" testing commit 836219141ff7a77e7fab0bd749edd746fd36fef2 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 81a89ecb269db695687db6d8b73c72817ecc9224b28bdd4abc68e807e3af9ef3 all runs: basic kernel testing failed: KASAN: use-after-free Read in task_active_pid_ns # git bisect skip 836219141ff7a77e7fab0bd749edd746fd36fef2 Bisecting: 2621 revisions left to test after this (roughly 11 steps) [d4091df63c80ad87e4c3256d13405730da54bdc7] ANDROID: GKI: Update symbols list for vivo testing commit d4091df63c80ad87e4c3256d13405730da54bdc7 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 9fcc76b6e5e24cb9bea3947d255ae8eda5ffadeee3b7b917d501a3459f553d5c run #0: crashed: general protection fault in del_gendisk run #1: crashed: general protection fault in kernfs_name_hash run #2: crashed: general protection fault in del_gendisk run #3: crashed: general protection fault in del_gendisk run #4: crashed: general protection fault in del_gendisk run #5: crashed: general protection fault in kernfs_name_hash run #6: crashed: general protection fault in kernfs_name_hash run #7: crashed: general protection fault in kernfs_name_hash run #8: crashed: general protection fault in kernfs_name_hash run #9: crashed: general protection fault in del_gendisk # git bisect bad d4091df63c80ad87e4c3256d13405730da54bdc7 Bisecting: 2616 revisions left to test after this (roughly 11 steps) [d728c7f91b31139eeb94604f465fe51b5aedc84d] FROMLIST: kbuild: improve libelf detection testing commit d728c7f91b31139eeb94604f465fe51b5aedc84d compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 640c3b0e8268027b0b0dfd1814c4eae5e9be0b6d79c82cb872478e6435280196 all runs: basic kernel testing failed: KASAN: use-after-free Read in task_active_pid_ns # git bisect skip d728c7f91b31139eeb94604f465fe51b5aedc84d Bisecting: 2616 revisions left to test after this (roughly 11 steps) [b011ee0886ae3b5184cfd119c03c379a161a87b1] ANDROID: softirq: Export irq_handler_exit tracepoint testing commit b011ee0886ae3b5184cfd119c03c379a161a87b1 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 311509ce1db3d71dd99c6ad9aab6960f7e3d92aaa5334b4f4f42be5ef9cb7597 all runs: basic kernel testing failed: KASAN: use-after-free Read in task_active_pid_ns # git bisect skip b011ee0886ae3b5184cfd119c03c379a161a87b1 Bisecting: 2616 revisions left to test after this (roughly 11 steps) [f9fcdaeab7006daef51a87b61801264805a7a729] ANDROID: sched: remove regular vendor hooks for 32bit execve testing commit f9fcdaeab7006daef51a87b61801264805a7a729 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 118397403efad832b562d1379e883ca54d7702ecaf4e3baa9cda95cb508afd34 all runs: OK # git bisect good f9fcdaeab7006daef51a87b61801264805a7a729 Bisecting: 281 revisions left to test after this (roughly 8 steps) [60a4c35570d985cd1e1304fcbd31e4df79d07d6e] ANDROID: xt_quota2: clear quota2_log message before sending testing commit 60a4c35570d985cd1e1304fcbd31e4df79d07d6e compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 95f17a7af28323e8718e866257a7b4d51afff5a5f2fee3cf8a475bf3bd0a5eb8 run #0: crashed: general protection fault in kernfs_name_hash run #1: crashed: general protection fault in del_gendisk run #2: crashed: general protection fault in kernfs_name_hash run #3: crashed: general protection fault in kernfs_name_hash run #4: crashed: general protection fault in del_gendisk run #5: crashed: general protection fault in kernfs_name_hash run #6: crashed: general protection fault in kernfs_name_hash run #7: crashed: general protection fault in del_gendisk run #8: crashed: general protection fault in kernfs_name_hash run #9: crashed: general protection fault in del_gendisk # git bisect bad 60a4c35570d985cd1e1304fcbd31e4df79d07d6e Bisecting: 139 revisions left to test after this (roughly 7 steps) [194fd9239ae697974aad9e038d4aea509bf45c43] ANDROID: GKI: fscrypt: add ABI padding to struct fscrypt_operations testing commit 194fd9239ae697974aad9e038d4aea509bf45c43 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 2b24daca3374033786dbfa84c894f4f127c1fd3fb6d57fa82bfc517240c5e8b4 all runs: OK # git bisect good 194fd9239ae697974aad9e038d4aea509bf45c43 Bisecting: 69 revisions left to test after this (roughly 6 steps) [e30728e4ff6f4ae77cf89547d5f1df3bddb0d1f6] ANDROID: ABI: initial update allowed list for galaxy testing commit e30728e4ff6f4ae77cf89547d5f1df3bddb0d1f6 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 0337fad8d2548d88ea83a00306106d3693db91ba94996cb97c63c54f7d538736 all runs: OK # git bisect good e30728e4ff6f4ae77cf89547d5f1df3bddb0d1f6 Bisecting: 34 revisions left to test after this (roughly 5 steps) [bda49ad0602e5250a9d3dd61deda19d3e5615c54] FROMGIT: loop: Select I/O scheduler 'none' from inside add_disk() testing commit bda49ad0602e5250a9d3dd61deda19d3e5615c54 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 4caa26fea42c968082979338888367c8cb0b26f918a26f54c5995921e52c83bb run #0: crashed: general protection fault in kernfs_name_hash run #1: crashed: general protection fault in del_gendisk run #2: crashed: general protection fault in kernfs_name_hash run #3: crashed: general protection fault in del_gendisk run #4: crashed: general protection fault in del_gendisk run #5: crashed: general protection fault in kernfs_name_hash run #6: crashed: general protection fault in kernfs_name_hash run #7: crashed: general protection fault in del_gendisk run #8: crashed: general protection fault in kernfs_name_hash run #9: crashed: general protection fault in kernfs_name_hash # git bisect bad bda49ad0602e5250a9d3dd61deda19d3e5615c54 Bisecting: 16 revisions left to test after this (roughly 4 steps) [36fbb55631563638f7a5e6d53168361618c5c168] FROMGIT: procfs: prevent unpriveleged processes accessing fdinfo dir testing commit 36fbb55631563638f7a5e6d53168361618c5c168 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 605d5f150c44b2a9e62b13a557a9d433bb90734850e43475f3fd3dc2f5418cae all runs: OK # git bisect good 36fbb55631563638f7a5e6d53168361618c5c168 Bisecting: 8 revisions left to test after this (roughly 3 steps) [045204b0801f06ac45b9931cffed155624b1ae55] FROMGIT: KVM: arm64: Unregister HYP sections from kmemleak in protected mode testing commit 045204b0801f06ac45b9931cffed155624b1ae55 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: b218059e86a4fb43081ebeeabf1a81fda13747f6fba261a885fb480b287f5663 all runs: OK # git bisect good 045204b0801f06ac45b9931cffed155624b1ae55 Bisecting: 3 revisions left to test after this (roughly 2 steps) [41b79ac98d5dc5469e47488a5f095116cf2dbe7c] FROMGIT: usb: dwc3: gadget: Use list_replace_init() before traversing lists testing commit 41b79ac98d5dc5469e47488a5f095116cf2dbe7c compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: ff9a4f3038203877bd54415a975871a8dc2d18476fb0d1f01a688ead9c10cf5a all runs: OK # git bisect good 41b79ac98d5dc5469e47488a5f095116cf2dbe7c Bisecting: 1 revision left to test after this (roughly 1 step) [8914725a582861666a2a298efbcb5ae7613a47b7] FROMGIT: usb: typec: tcpm: Keep other events when receiving FRS and Sourcing_vbus events testing commit 8914725a582861666a2a298efbcb5ae7613a47b7 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 31771753b07917dbd7b33ed5ff13058baab52d019ce20b00a8691d1fca51d47a all runs: OK # git bisect good 8914725a582861666a2a298efbcb5ae7613a47b7 Bisecting: 0 revisions left to test after this (roughly 0 steps) [d8b946254effbe36780f0b855da509a07470b8d2] FROMGIT: blk-mq: Introduce the BLK_MQ_F_NO_SCHED_BY_DEFAULT flag testing commit d8b946254effbe36780f0b855da509a07470b8d2 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 408d3d774951f547b0d54417a075cd3dc223c6054ec332514833ba4490f47565 all runs: OK # git bisect good d8b946254effbe36780f0b855da509a07470b8d2 bda49ad0602e5250a9d3dd61deda19d3e5615c54 is the first bad commit commit bda49ad0602e5250a9d3dd61deda19d3e5615c54 Author: Bart Van Assche Date: Mon Aug 2 10:05:29 2021 -0700 FROMGIT: loop: Select I/O scheduler 'none' from inside add_disk() We noticed that the user interface of Android devices becomes very slow under memory pressure. This is because Android uses the zram driver on top of the loop driver for swapping, because under memory pressure the swap code alternates reads and writes quickly, because mq-deadline is the default scheduler for loop devices and because mq-deadline delays writes by five seconds for such a workload with default settings. Fix this by making the kernel select I/O scheduler 'none' from inside add_disk() for loop devices. This default can be overridden at any time from user space, e.g. via a udev rule. This approach has an advantage compared to changing the I/O scheduler from userspace from 'mq-deadline' into 'none', namely that synchronize_rcu() does not get called. Additionally, this patch reduces the Android boot time on my test setup with 0.5 seconds compared to configuring the loop I/O scheduler from user space. Signed-off-by: Bart Van Assche Bug: 194450129 (cherry picked from commit 2112f5c1330a671fa852051d85cb9eadc05d7eb7 git://git.kernel.dk/linux-block/ for-5.15/block) Change-Id: I6f9579b4cd2cb22fcb5c858d4f292f1870336fdd Signed-off-by: Bart Van Assche drivers/block/loop.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) culprit signature: 4caa26fea42c968082979338888367c8cb0b26f918a26f54c5995921e52c83bb parent signature: 408d3d774951f547b0d54417a075cd3dc223c6054ec332514833ba4490f47565 revisions tested: 28, total time: 4h38m53.758193706s (build: 2h8m34.494069794s, test: 2h23m23.024539214s) first bad commit: bda49ad0602e5250a9d3dd61deda19d3e5615c54 FROMGIT: loop: Select I/O scheduler 'none' from inside add_disk() recipients (to): ["axboe@kernel.dk" "bvanassche@acm.org" "bvanassche@google.com" "linux-block@vger.kernel.org"] recipients (cc): ["linux-kernel@vger.kernel.org"] crash: general protection fault in kernfs_name_hash RBP: 00007eff411690ad R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffded1f66df R14: 00007eff41085300 R15: 0000000000022000 ---[ end trace 0f8b16062b1cb00e ]--- general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] CPU: 1 PID: 416 Comm: syz-executor.0 Tainted: G W 5.10.43-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:strlen+0x1f/0xa0 lib/string.c:568 Code: 48 8b 45 e8 eb 88 0f 1f 44 00 00 48 b8 00 00 00 00 00 fc ff df 55 48 89 fa 48 89 e5 48 c1 ea 03 41 54 49 89 fc 53 48 83 ec 08 <0f> b6 04 02 48 89 fa 83 e2 07 38 d0 7f 04 84 c0 75 4d 41 80 3c 24 RSP: 0018:ffffc900008a7c90 EFLAGS: 00010286 RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffffff84262aa9 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 RBP: ffffc900008a7ca8 R08: 0000000000000001 R09: ffffc900008a7cbf R10: fffff52000114f97 R11: 0000000000000000 R12: 0000000000000000 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000008 FS: 00007eff41085700(0000) GS:ffff8881f7300000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007eff41084ff8 CR3: 000000010d5e4000 CR4: 00000000003506a0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: kernfs_name_hash+0x16/0xc0 fs/kernfs/dir.c:302 kernfs_find_ns+0x84/0x210 fs/kernfs/dir.c:841 kernfs_remove_by_name_ns+0x32/0x80 fs/kernfs/dir.c:1514 kernfs_remove_by_name include/linux/kernfs.h:608 [inline] sysfs_remove_link+0x37/0xa0 fs/sysfs/symlink.c:152 del_gendisk+0x5f8/0xa60 block/genhd.c:951 loop_remove drivers/block/loop.c:2194 [inline] loop_control_ioctl drivers/block/loop.c:2293 [inline] loop_control_ioctl+0x30d/0x3d0 drivers/block/loop.c:2259 vfs_ioctl fs/ioctl.c:48 [inline] __do_sys_ioctl fs/ioctl.c:753 [inline] __se_sys_ioctl fs/ioctl.c:739 [inline] __x64_sys_ioctl+0x129/0x1a0 fs/ioctl.c:739 do_syscall_64+0x32/0x80 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x44/0xa9 RIP: 0033:0x7eff4110f109 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007eff41085168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 00007eff41221f60 RCX: 00007eff4110f109 RDX: 0000000000000000 RSI: 0000000000004c81 RDI: 0000000000000003 RBP: 00007eff411690ad R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffded1f66df R14: 00007eff41085300 R15: 0000000000022000 Modules linked in: ---[ end trace 0f8b16062b1cb00f ]--- RIP: 0010:strlen+0x1f/0xa0 lib/string.c:568 Code: 48 8b 45 e8 eb 88 0f 1f 44 00 00 48 b8 00 00 00 00 00 fc ff df 55 48 89 fa 48 89 e5 48 c1 ea 03 41 54 49 89 fc 53 48 83 ec 08 <0f> b6 04 02 48 89 fa 83 e2 07 38 d0 7f 04 84 c0 75 4d 41 80 3c 24 RSP: 0018:ffffc900008a7c90 EFLAGS: 00010286 RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffffff84262aa9 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 RBP: ffffc900008a7ca8 R08: 0000000000000001 R09: ffffc900008a7cbf R10: fffff52000114f97 R11: 0000000000000000 R12: 0000000000000000 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000008 FS: 00007eff41085700(0000) GS:ffff8881f7300000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007eff41084ff8 CR3: 000000010d5e4000 CR4: 00000000003506a0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 ---------------- Code disassembly (best guess): 0: 48 8b 45 e8 mov -0x18(%rbp),%rax 4: eb 88 jmp 0xffffff8e 6: 0f 1f 44 00 00 nopl 0x0(%rax,%rax,1) b: 48 b8 00 00 00 00 00 movabs $0xdffffc0000000000,%rax 12: fc ff df 15: 55 push %rbp 16: 48 89 fa mov %rdi,%rdx 19: 48 89 e5 mov %rsp,%rbp 1c: 48 c1 ea 03 shr $0x3,%rdx 20: 41 54 push %r12 22: 49 89 fc mov %rdi,%r12 25: 53 push %rbx 26: 48 83 ec 08 sub $0x8,%rsp * 2a: 0f b6 04 02 movzbl (%rdx,%rax,1),%eax <-- trapping instruction 2e: 48 89 fa mov %rdi,%rdx 31: 83 e2 07 and $0x7,%edx 34: 38 d0 cmp %dl,%al 36: 7f 04 jg 0x3c 38: 84 c0 test %al,%al 3a: 75 4d jne 0x89 3c: 41 rex.B 3d: 80 .byte 0x80 3e: 3c 24 cmp $0x24,%al