ci starts bisection 2023-07-07 05:13:23.763238419 +0000 UTC m=+109.290065731 bisecting cause commit starting from c17414a273b81fe4e34e11d69fc30cc8b1431614 building syzkaller on 1a2f6297df2e11f3ef37e97803568cb1b9ef875b ensuring issue is reproducible on original commit c17414a273b81fe4e34e11d69fc30cc8b1431614 testing commit c17414a273b81fe4e34e11d69fc30cc8b1431614 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 177fa7cecf106fc9cb6447fa45b74ff238a76e1cbe8bcba707885bfcc6ee35b7 run #0: crashed: BUG: unable to handle kernel paging request in corrupted run #1: crashed: BUG: unable to handle kernel paging request in corrupted run #2: crashed: general protection fault in corrupted run #3: crashed: general protection fault in corrupted run #4: crashed: BUG: Bad rss-counter state run #5: crashed: BUG: Bad rss-counter state run #6: crashed: general protection fault in corrupted run #7: crashed: general protection fault in corrupted run #8: crashed: BUG: unable to handle kernel paging request in lookup_object_or_alloc run #9: crashed: BUG: unable to handle kernel paging request in lookup_object_or_alloc run #10: crashed: general protection fault in inode_permission run #11: crashed: general protection fault in inode_permission run #12: crashed: general protection fault in percpu_counter_add_batch run #13: crashed: general protection fault in percpu_counter_add_batch run #14: crashed: general protection fault in mas_ascend run #15: crashed: general protection fault in mas_ascend run #16: crashed: general protection fault in timerqueue_add run #17: crashed: general protection fault in timerqueue_add run #18: crashed: general protection fault in find_match run #19: crashed: general protection fault in find_match run #20: crashed: general protection fault in update_curr run #21: crashed: general protection fault in update_curr run #22: crashed: general protection fault in update_curr run #23: crashed: general protection fault in update_curr run #24: crashed: kernel panic: corrupted stack end in sys_mount run #25: crashed: kernel panic: corrupted stack end in sys_mount run #26: crashed: BUG: unable to handle kernel paging request in corrupted run #27: crashed: BUG: unable to handle kernel paging request in corrupted run #28: crashed: stack segment fault in __stack_depot_save run #29: crashed: stack segment fault in __stack_depot_save run #30: crashed: BUG: unable to handle kernel paging request in corrupted run #31: crashed: BUG: unable to handle kernel paging request in corrupted run #32: crashed: BUG: unable to handle kernel paging request in corrupted run #33: crashed: BUG: unable to handle kernel paging request in corrupted run #34: crashed: general protection fault in mtree_range_walk run #35: crashed: general protection fault in mtree_range_walk run #36: crashed: KASAN: null-ptr-deref Read in __fput run #37: crashed: KASAN: null-ptr-deref Read in __fput run #38: crashed: general protection fault in timerqueue_del run #39: crashed: general protection fault in timerqueue_del representative crash: BUG: unable to handle kernel paging request in corrupted, types: [UNKNOWN] check whether we can drop unnecessary instrumentation disabling configs for [HANG LEAK UBSAN BUG KASAN LOCKDEP ATOMIC_SLEEP], they are not needed testing commit c17414a273b81fe4e34e11d69fc30cc8b1431614 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 failed building c17414a273b81fe4e34e11d69fc30cc8b1431614: ./include/linux/thread_info.h:244:4: error: call to '__bad_copy_from' declared with attribute error: copy source size is too small testing release v6.4 testing commit 6995e2de6891c724bfeb2db33d7b87775f913ad1 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 176699f55b00ca7aa6886cb1de6f4501aedec3ac01f02ec4e1767cb27d27c50e run #0: crashed: BUG: unable to handle kernel NULL pointer dereference in do_notify_parent run #1: crashed: BUG: unable to handle kernel NULL pointer dereference in do_notify_parent run #2: crashed: general protection fault in __call_rcu_common run #3: crashed: general protection fault in __call_rcu_common run #4: crashed: general protection fault in timerqueue_add run #5: crashed: general protection fault in timerqueue_add run #6: crashed: BUG: Bad page map run #7: crashed: BUG: Bad page map run #8: crashed: general protection fault in unlink_file_vma run #9: crashed: general protection fault in unlink_file_vma run #10: crashed: BUG: unable to handle kernel NULL pointer dereference in corrupted run #11: crashed: BUG: unable to handle kernel NULL pointer dereference in corrupted run #12: crashed: general protection fault in expire_timers run #13: crashed: general protection fault in expire_timers run #14: crashed: BUG: unable to handle kernel paging request in ip6t_do_table run #15: crashed: BUG: unable to handle kernel paging request in ip6t_do_table run #16: crashed: general protection fault in call_timer_fn run #17: crashed: general protection fault in call_timer_fn run #18: crashed: kernel BUG in corrupted run #19: crashed: kernel BUG in corrupted representative crash: BUG: unable to handle kernel NULL pointer dereference in do_notify_parent, types: [UNKNOWN] testing release v6.3 testing commit 457391b0380335d5e9a5babdec90ac53928b23b4 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 7e167bd5197ef970da40d6212c1528f5d4a0b6c54eb7056697ead4b849b4cbc4 run #0: crashed: general protection fault in cpuacct_account_field run #1: crashed: general protection fault in cpuacct_account_field run #2: crashed: general protection fault in __fput run #3: crashed: general protection fault in __fput run #4: crashed: general protection fault in debug_check_no_obj_freed run #5: crashed: general protection fault in debug_check_no_obj_freed run #6: crashed: general protection fault in common_perm_cond run #7: crashed: general protection fault in common_perm_cond run #8: crashed: general protection fault in debug_check_no_obj_freed run #9: crashed: general protection fault in debug_check_no_obj_freed run #10: crashed: BUG: Bad rss-counter state run #11: crashed: BUG: Bad rss-counter state run #12: crashed: general protection fault in add_grec run #13: crashed: general protection fault in add_grec run #14: crashed: general protection fault in timerqueue_del run #15: crashed: general protection fault in timerqueue_del run #16: crashed: general protection fault in inode_permission run #17: crashed: general protection fault in inode_permission run #18: crashed: general protection fault in call_timer_fn run #19: crashed: general protection fault in call_timer_fn representative crash: general protection fault in cpuacct_account_field, types: [UNKNOWN] testing release v6.2 testing commit c9c3395d5e3dcc6daee66c6908354d47bf98cb0c gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 02596db68927240c3d0fca26812f73873047a0f6bd98a595c2952ccb7dbde508 all runs: crashed: KASAN: out-of-bounds Read in leaf_paste_entries representative crash: KASAN: out-of-bounds Read in leaf_paste_entries, types: [KASAN] testing release v6.1 testing commit 830b3c68c1fb1e9176028d02ef86f3cf76aa2476 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: c1f1ca21f2008157f323e2188ffc98a408a4cd5c3d242e2ca95cc809b8ef7097 all runs: crashed: KASAN: out-of-bounds Read in leaf_paste_entries representative crash: KASAN: out-of-bounds Read in leaf_paste_entries, types: [KASAN] testing release v6.0 testing commit 4fe89d07dcc2804c8b562f6c7896a45643d34b2f gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: e1aea949bb255931e4d765d14f3adc831a0554ed3e4cb373c657b3b4d4a9ada0 all runs: crashed: KASAN: out-of-bounds Read in leaf_paste_entries representative crash: KASAN: out-of-bounds Read in leaf_paste_entries, types: [KASAN] testing release v5.19 testing commit 3d7cb6b04c3f3115719235cc6866b10326de34cd gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 58e6ae6a5efe7627393925496b6c1b33e172632094e62f21cb39562caa301cb8 all runs: crashed: KASAN: out-of-bounds Read in leaf_paste_entries representative crash: KASAN: out-of-bounds Read in leaf_paste_entries, types: [KASAN] testing release v5.18 testing commit 4b0986a3613c92f4ec1bdc7f60ec66fea135991f gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 6759354e39126f4d374a9393ee6b0fcf3f3a6c5b950d468598d0dcf442a03424 all runs: crashed: KASAN: out-of-bounds Read in leaf_paste_entries representative crash: KASAN: out-of-bounds Read in leaf_paste_entries, types: [KASAN] testing release v5.17 testing commit f443e374ae131c168a065ea1748feac6b2e76613 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: edb620b3e827f50bfaa07b0ec19f9e93e91799ee05b484b12ae35f3d062e96e9 all runs: crashed: KASAN: out-of-bounds Read in leaf_paste_entries representative crash: KASAN: out-of-bounds Read in leaf_paste_entries, types: [KASAN] testing release v5.16 testing commit df0cc57e057f18e44dac8e6c18aba47ab53202f9 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 478186a4a8cba0d6187a1aa978e75066270178af8f50bd2e6a178342c800cda4 all runs: crashed: KASAN: out-of-bounds Read in leaf_paste_entries representative crash: KASAN: out-of-bounds Read in leaf_paste_entries, types: [KASAN] testing release v5.15 testing commit 8bb7eca972ad531c9b149c0a51ab43a417385813 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 52deceb84f9154e8d7d186ed4b082df7535f9bf2e364f116d18b665bb998d7e7 all runs: crashed: KASAN: out-of-bounds Read in leaf_paste_entries representative crash: KASAN: out-of-bounds Read in leaf_paste_entries, types: [KASAN] testing release v5.14 testing commit 7d2a07b769330c34b4deabeed939325c77a7ec2f gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 03a00456334e93920cb9bf9dc5fb4755483a92fbfbf614f9900f5a0e4c1448b9 all runs: crashed: KASAN: out-of-bounds Read in leaf_paste_entries representative crash: KASAN: out-of-bounds Read in leaf_paste_entries, types: [KASAN] testing release v5.13 testing commit 62fb9874f5da54fdb243003b386128037319b219 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 1ffe567f35fbb2d99115e2207f93af4ff17b975cef71392b011ff00c26e7b40f all runs: OK # git bisect start 7d2a07b769330c34b4deabeed939325c77a7ec2f 62fb9874f5da54fdb243003b386128037319b219 Bisecting: 7914 revisions left to test after this (roughly 13 steps) [406254918b232db198ed60f5bf1f8b84d96bca00] Merge tag 'perf-tools-for-v5.14-2021-07-01' of git://git.kernel.org/pub/scm/linux/kernel/git/acme/linux testing commit 406254918b232db198ed60f5bf1f8b84d96bca00 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: acbf5f6b1ddb741c012b27421214a0971b08eeb4df269524b41b03ad614a3b39 all runs: OK # git bisect good 406254918b232db198ed60f5bf1f8b84d96bca00 Bisecting: 3969 revisions left to test after this (roughly 12 steps) [4ea90317956718e0648e1f87e56530db809a5a04] Merge tag 'for-linus-5.14-rc1-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip testing commit 4ea90317956718e0648e1f87e56530db809a5a04 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 42b43ced378c2a28aaf50bdb5103585b6c36d9f56c5dff64a84f4316ea1a3524 run #0: boot failed: kernel panic: VFS: Unable to mount root fs on unknown-block(NUM,NUM) run #1: boot failed: BUG: sleeping function called from invalid context in stack_depot_save run #2: boot failed: BUG: sleeping function called from invalid context in stack_depot_save run #3: boot failed: possible deadlock in fs_reclaim_acquire run #4: boot failed: BUG: sleeping function called from invalid context in stack_depot_save run #5: boot failed: BUG: sleeping function called from invalid context in stack_depot_save run #6: boot failed: kernel panic: VFS: Unable to mount root fs on unknown-block(NUM,NUM) run #7: boot failed: kernel panic: VFS: Unable to mount root fs on unknown-block(NUM,NUM) run #8: boot failed: possible deadlock in get_page_from_freelist run #9: boot failed: BUG: sleeping function called from invalid context in stack_depot_save unable to determine the verdict: 0 good runs (wanted 5), for bad wanted 5 in total, got 0 # git bisect skip 4ea90317956718e0648e1f87e56530db809a5a04 Bisecting: 3969 revisions left to test after this (roughly 12 steps) [c1b8ac969febc8f413c4d71f0eefe2e107610449] pwm: tegra: Drop an if block with an always false condition testing commit c1b8ac969febc8f413c4d71f0eefe2e107610449 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 91a423fd269e563d938d1ede7605569f565e739b69e11203ba2ef001fe6187e8 all runs: OK # git bisect good c1b8ac969febc8f413c4d71f0eefe2e107610449 Bisecting: 3937 revisions left to test after this (roughly 12 steps) [b5e6d1261e2090df1325e762669c8eab6d4fb2fb] Merge tag 'hwlock-v5.14' of git://git.kernel.org/pub/scm/linux/kernel/git/andersson/remoteproc testing commit b5e6d1261e2090df1325e762669c8eab6d4fb2fb gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 7ac32b2efb58fe24dea6a7cc88e89d2960955328a99442454f26cebc1d9fc927 run #0: boot failed: possible deadlock in fs_reclaim_acquire run #1: boot failed: kernel panic: VFS: Unable to mount root fs on unknown-block(NUM,NUM) run #2: boot failed: kernel panic: VFS: Unable to mount root fs on unknown-block(NUM,NUM) run #3: boot failed: kernel panic: VFS: Unable to mount root fs on unknown-block(NUM,NUM) run #4: boot failed: possible deadlock in fs_reclaim_acquire run #5: boot failed: BUG: sleeping function called from invalid context in stack_depot_save run #6: boot failed: possible deadlock in fs_reclaim_acquire run #7: boot failed: kernel panic: VFS: Unable to mount root fs on unknown-block(NUM,NUM) run #8: boot failed: kernel panic: VFS: Unable to mount root fs on unknown-block(NUM,NUM) run #9: boot failed: kernel panic: VFS: Unable to mount root fs on unknown-block(NUM,NUM) unable to determine the verdict: 0 good runs (wanted 5), for bad wanted 5 in total, got 0 # git bisect skip b5e6d1261e2090df1325e762669c8eab6d4fb2fb Bisecting: 3937 revisions left to test after this (roughly 12 steps) [5a4e0f58e2d959e2de0f0f1ddaa169e60711d2f0] s390/ipl: use register pair instead of register asm testing commit 5a4e0f58e2d959e2de0f0f1ddaa169e60711d2f0 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 281387699724094a77172102bc6bce7222c9431de17bbb118fd7f72905acb7ef all runs: OK # git bisect good 5a4e0f58e2d959e2de0f0f1ddaa169e60711d2f0 Bisecting: 3929 revisions left to test after this (roughly 12 steps) [2de7e4f67599affc97132bd07e30e3bd59d0b777] ixgbevf: use xso.real_dev instead of xso.dev in callback functions of struct xfrmdev_ops testing commit 2de7e4f67599affc97132bd07e30e3bd59d0b777 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 70a301ff43d561fdb61a8ad889023f50b3165385f9c14e1b51b5947b100b72ec run #0: basic kernel testing failed: BUG: sleeping function called from invalid context in stack_depot_save run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect good 2de7e4f67599affc97132bd07e30e3bd59d0b777 Bisecting: 3847 revisions left to test after this (roughly 12 steps) [d0fe3f47ef09bf5a74f7d20e129b2d15b4a824d0] Merge tag 'rproc-v5.14' of git://git.kernel.org/pub/scm/linux/kernel/git/andersson/remoteproc testing commit d0fe3f47ef09bf5a74f7d20e129b2d15b4a824d0 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 7ac32b2efb58fe24dea6a7cc88e89d2960955328a99442454f26cebc1d9fc927 run #0: boot failed: BUG: sleeping function called from invalid context in stack_depot_save run #1: boot failed: BUG: sleeping function called from invalid context in stack_depot_save run #2: boot failed: BUG: sleeping function called from invalid context in stack_depot_save run #3: boot failed: kernel panic: VFS: Unable to mount root fs on unknown-block(NUM,NUM) run #4: boot failed: kernel panic: VFS: Unable to mount root fs on unknown-block(NUM,NUM) run #5: boot failed: BUG: sleeping function called from invalid context in stack_depot_save run #6: boot failed: kernel panic: VFS: Unable to mount root fs on unknown-block(NUM,NUM) run #7: boot failed: BUG: sleeping function called from invalid context in stack_depot_save run #8: boot failed: kernel panic: VFS: Unable to mount root fs on unknown-block(NUM,NUM) run #9: boot failed: kernel panic: VFS: Unable to mount root fs on unknown-block(NUM,NUM) unable to determine the verdict: 0 good runs (wanted 5), for bad wanted 5 in total, got 0 # git bisect skip d0fe3f47ef09bf5a74f7d20e129b2d15b4a824d0 Bisecting: 3847 revisions left to test after this (roughly 12 steps) [8b95a7d90ce8160ac5cffd5bace6e2eba01a871e] ARM: 9087/1: kprobes: test-thumb: fix for LLVM_IAS=1 testing commit 8b95a7d90ce8160ac5cffd5bace6e2eba01a871e gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: fee427920738ad5e1eb179744143ef630b2de2a27f1ea0838b9139a92f8d8a77 all runs: OK # git bisect good 8b95a7d90ce8160ac5cffd5bace6e2eba01a871e Bisecting: 3843 revisions left to test after this (roughly 12 steps) [ec03554f980f917e0491aa8532aabedc9c080639] usb: host: xhci-tegra: Add missing of_node_put() in tegra_xusb_probe() testing commit ec03554f980f917e0491aa8532aabedc9c080639 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 6281f7f5cf03fd917c058dcec5d7528fc2e3084c7918e28800529bce635b35b0 all runs: OK # git bisect good ec03554f980f917e0491aa8532aabedc9c080639 Bisecting: 3759 revisions left to test after this (roughly 12 steps) [1423e2660cf134a8f21f2451865a04792013e49e] Merge tag 'x86-fpu-2021-07-07' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip testing commit 1423e2660cf134a8f21f2451865a04792013e49e gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 54eccf03d83d86b3fb81874f9f468340c8293b0048869190c3643e3486e53c0e run #0: boot failed: possible deadlock in get_page_from_freelist run #1: boot failed: kernel panic: VFS: Unable to mount root fs on unknown-block(NUM,NUM) run #2: boot failed: kernel panic: VFS: Unable to mount root fs on unknown-block(NUM,NUM) run #3: boot failed: kernel panic: VFS: Unable to mount root fs on unknown-block(NUM,NUM) run #4: boot failed: kernel panic: VFS: Unable to mount root fs on unknown-block(NUM,NUM) run #5: boot failed: BUG: sleeping function called from invalid context in stack_depot_save run #6: boot failed: kernel panic: VFS: Unable to mount root fs on unknown-block(NUM,NUM) run #7: boot failed: BUG: sleeping function called from invalid context in stack_depot_save run #8: boot failed: kernel panic: VFS: Unable to mount root fs on unknown-block(NUM,NUM) run #9: boot failed: BUG: sleeping function called from invalid context in stack_depot_save unable to determine the verdict: 0 good runs (wanted 5), for bad wanted 5 in total, got 0 # git bisect skip 1423e2660cf134a8f21f2451865a04792013e49e Bisecting: 3759 revisions left to test after this (roughly 12 steps) [50ac7479846053ca8054be833c1594e64de496bb] ice: Prevent probing virtual functions testing commit 50ac7479846053ca8054be833c1594e64de496bb gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: bce3ca282df6be2b8abea688d7e39070a436407ccf495b7bd53678035ce60fac all runs: crashed: KASAN: out-of-bounds Read in leaf_paste_entries representative crash: KASAN: out-of-bounds Read in leaf_paste_entries, types: [KASAN] # git bisect bad 50ac7479846053ca8054be833c1594e64de496bb Bisecting: 3373 revisions left to test after this (roughly 12 steps) [a16d8644bad461bb073b92e812080ea6715ddf2b] Merge tag 'staging-5.14-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging testing commit a16d8644bad461bb073b92e812080ea6715ddf2b gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: f808e9f36e98415d7a357a54475e967ffc05dbadc6c298980d2c23b9e987a781 run #0: boot failed: BUG: sleeping function called from invalid context in stack_depot_save run #1: boot failed: kernel panic: VFS: Unable to mount root fs on unknown-block(NUM,NUM) run #2: boot failed: BUG: sleeping function called from invalid context in stack_depot_save run #3: boot failed: kernel panic: VFS: Unable to mount root fs on unknown-block(NUM,NUM) run #4: boot failed: BUG: sleeping function called from invalid context in stack_depot_save run #5: boot failed: kernel panic: VFS: Unable to mount root fs on unknown-block(NUM,NUM) run #6: boot failed: possible deadlock in get_page_from_freelist run #7: boot failed: possible deadlock in get_page_from_freelist run #8: boot failed: kernel panic: VFS: Unable to mount root fs on unknown-block(NUM,NUM) run #9: boot failed: kernel panic: VFS: Unable to mount root fs on unknown-block(NUM,NUM) unable to determine the verdict: 0 good runs (wanted 5), for bad wanted 5 in total, got 0 # git bisect skip a16d8644bad461bb073b92e812080ea6715ddf2b Bisecting: 3373 revisions left to test after this (roughly 12 steps) [62d7ecaf56bacf0c4248d640ac11cb632b01361b] staging: greybus: spi: add blank line after variable declaration testing commit 62d7ecaf56bacf0c4248d640ac11cb632b01361b gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 2f0270a67501070a67c864f54f446f2d68c24a182b86db7d75a462cc86227900 all runs: OK # git bisect good 62d7ecaf56bacf0c4248d640ac11cb632b01361b Bisecting: 3143 revisions left to test after this (roughly 12 steps) [c932ed0adb09a7fa6d6649ee04dd78c83ab07ada] Merge tag 'tty-5.14-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty testing commit c932ed0adb09a7fa6d6649ee04dd78c83ab07ada gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 620ee6a12e1cab8715b85b7d72686d404a99fcb8d9ca765b2296b837da50a327 run #0: boot failed: BUG: sleeping function called from invalid context in stack_depot_save run #1: boot failed: BUG: sleeping function called from invalid context in stack_depot_save run #2: boot failed: kernel panic: VFS: Unable to mount root fs on unknown-block(NUM,NUM) run #3: boot failed: kernel panic: VFS: Unable to mount root fs on unknown-block(NUM,NUM) run #4: boot failed: kernel panic: VFS: Unable to mount root fs on unknown-block(NUM,NUM) run #5: boot failed: kernel panic: VFS: Unable to mount root fs on unknown-block(NUM,NUM) run #6: boot failed: kernel panic: VFS: Unable to mount root fs on unknown-block(NUM,NUM) run #7: boot failed: kernel panic: VFS: Unable to mount root fs on unknown-block(NUM,NUM) run #8: boot failed: kernel panic: VFS: Unable to mount root fs on unknown-block(NUM,NUM) run #9: boot failed: kernel panic: VFS: Unable to mount root fs on unknown-block(NUM,NUM) unable to determine the verdict: 0 good runs (wanted 5), for bad wanted 5 in total, got 0 # git bisect skip c932ed0adb09a7fa6d6649ee04dd78c83ab07ada Bisecting: 3143 revisions left to test after this (roughly 12 steps) [de5540965853e514a85d3b775e9049deb85a2ff3] Merge tag 'rtc-5.14' of git://git.kernel.org/pub/scm/linux/kernel/git/abelloni/linux testing commit de5540965853e514a85d3b775e9049deb85a2ff3 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: f16427a6576247d241251cc507ddb6516e0b6e9a079de8ea05b927bc32905e10 run #0: boot failed: kernel panic: VFS: Unable to mount root fs on unknown-block(NUM,NUM) run #1: boot failed: kernel panic: VFS: Unable to mount root fs on unknown-block(NUM,NUM) run #2: boot failed: kernel panic: VFS: Unable to mount root fs on unknown-block(NUM,NUM) run #3: boot failed: kernel panic: VFS: Unable to mount root fs on unknown-block(NUM,NUM) run #4: boot failed: kernel panic: VFS: Unable to mount root fs on unknown-block(NUM,NUM) run #5: boot failed: kernel panic: VFS: Unable to mount root fs on unknown-block(NUM,NUM) run #6: boot failed: kernel panic: VFS: Unable to mount root fs on unknown-block(NUM,NUM) run #7: boot failed: kernel panic: VFS: Unable to mount root fs on unknown-block(NUM,NUM) run #8: boot failed: BUG: sleeping function called from invalid context in stack_depot_save run #9: boot failed: kernel panic: VFS: Unable to mount root fs on unknown-block(NUM,NUM) unable to determine the verdict: 0 good runs (wanted 5), for bad wanted 5 in total, got 0 # git bisect skip de5540965853e514a85d3b775e9049deb85a2ff3 Bisecting: 3143 revisions left to test after this (roughly 12 steps) [e5e0280db792953ee7acbdbf01179d53187a6083] scsi: lpfc: Update lpfc version to 12.8.0.10 testing commit e5e0280db792953ee7acbdbf01179d53187a6083 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: d76ec1e71c9517e4465f1c46d6bdd826035e892dfdc8d8fdf2942f94744906ad all runs: OK # git bisect good e5e0280db792953ee7acbdbf01179d53187a6083 Bisecting: 3143 revisions left to test after this (roughly 12 steps) [991468dcf198bb87f24da330676724a704912b47] io_uring: explicitly catch any illegal async queue attempt testing commit 991468dcf198bb87f24da330676724a704912b47 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: d6378e08382b3cdabb82e44af0315b1cf8fac34d15d954249d08d6da1307a012 all runs: OK # git bisect good 991468dcf198bb87f24da330676724a704912b47 Bisecting: 571 revisions left to test after this (roughly 9 steps) [8b54874ef1617185048029a3083d510569e93751] net/mlx5: Fix flow table chaining testing commit 8b54874ef1617185048029a3083d510569e93751 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 6cb117cc899ba4994f1736bc182e6d59c43fa7c2de687894e0dbe5bdb7c2f3d4 all runs: OK # git bisect good 8b54874ef1617185048029a3083d510569e93751 Bisecting: 282 revisions left to test after this (roughly 8 steps) [cade08a57244497216c46df5e9cbe8f18e143519] Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mattst88/alpha testing commit cade08a57244497216c46df5e9cbe8f18e143519 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: f9545db7fcebfa5755ee33d4161161dd8fa53843c977695ed96fb35b762c748c all runs: crashed: KASAN: out-of-bounds Read in leaf_paste_entries representative crash: KASAN: out-of-bounds Read in leaf_paste_entries, types: [KASAN] # git bisect bad cade08a57244497216c46df5e9cbe8f18e143519 Bisecting: 143 revisions left to test after this (roughly 7 steps) [593311e85b26ecc6e4d45b6fb81b942b6672df09] writeback, cgroup: do not reparent dax inodes testing commit 593311e85b26ecc6e4d45b6fb81b942b6672df09 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 9409ca32a0af2df4b5f55d2473e08da17e4ca20c02251a4c0b06d5bb836e0a07 all runs: OK # git bisect good 593311e85b26ecc6e4d45b6fb81b942b6672df09 Bisecting: 71 revisions left to test after this (roughly 6 steps) [82d712f6d147a2fb9998d0ede483949e80fed759] Merge branch 'for-5.14-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/wq testing commit 82d712f6d147a2fb9998d0ede483949e80fed759 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 2acd51ea584999f35f884be86832d30d6b82c485f5a144bd1b650b254052d7d5 all runs: OK # git bisect good 82d712f6d147a2fb9998d0ede483949e80fed759 Bisecting: 35 revisions left to test after this (roughly 5 steps) [4010a528219e01dd02e768b22168f7f0e78365ce] Merge tag 'fixes_for_v5.14-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs testing commit 4010a528219e01dd02e768b22168f7f0e78365ce gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: a7f5a9cc133b4081f788f8bf77a0ae852da3caf8957f6d9b62221c75104e2033 all runs: crashed: KASAN: out-of-bounds Read in leaf_paste_entries representative crash: KASAN: out-of-bounds Read in leaf_paste_entries, types: [KASAN] # git bisect bad 4010a528219e01dd02e768b22168f7f0e78365ce Bisecting: 18 revisions left to test after this (roughly 4 steps) [2b2c66f607d00d17f879c0d946d44340bfbdc501] platform/x86: gigabyte-wmi: add support for B550 Aorus Elite V2 testing commit 2b2c66f607d00d17f879c0d946d44340bfbdc501 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 82f7ab5b3f29d169edaa6d43df650fdcae8c87c727bbdf00fa510ab53988d338 all runs: OK # git bisect good 2b2c66f607d00d17f879c0d946d44340bfbdc501 Bisecting: 9 revisions left to test after this (roughly 3 steps) [dc6afef7e14252c5ca5b8a8444946cb4b75b0aa0] RDMA/irdma: Change returned type of irdma_setup_virt_qp to void testing commit dc6afef7e14252c5ca5b8a8444946cb4b75b0aa0 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 55bdf90dd8865ed03ca873e7eb7e8bd65ebee845fc3adebc84d77fa7ba68cd3c run #0: basic kernel testing failed: BUG: sleeping function called from invalid context in stack_depot_save run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect good dc6afef7e14252c5ca5b8a8444946cb4b75b0aa0 Bisecting: 4 revisions left to test after this (roughly 2 steps) [25905f602fdb0cfa147017056636768a7aa1ff6f] dmaengine: idxd: Change license on idxd.h to LGPL testing commit 25905f602fdb0cfa147017056636768a7aa1ff6f gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 24e2f9bbc77f87f8573b8174a4ec52018b353963c664d789635593c72322dd8a all runs: OK # git bisect good 25905f602fdb0cfa147017056636768a7aa1ff6f Bisecting: 1 revision left to test after this (roughly 1 step) [13d257503c0930010ef9eed78b689cec417ab741] reiserfs: check directory items on read from disk testing commit 13d257503c0930010ef9eed78b689cec417ab741 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: c0f4d6ea78eccb4a9fc1bf38db0e0a48c3fc2f7fb33c844662f1ec6496be5a9f all runs: crashed: KASAN: out-of-bounds Read in leaf_paste_entries representative crash: KASAN: out-of-bounds Read in leaf_paste_entries, types: [KASAN] # git bisect bad 13d257503c0930010ef9eed78b689cec417ab741 Bisecting: 1 revision left to test after this (roughly 1 step) [2acf15b94d5b8ea8392c4b6753a6ffac3135cd78] reiserfs: add check for root_inode in reiserfs_fill_super testing commit 2acf15b94d5b8ea8392c4b6753a6ffac3135cd78 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 539cf1f144c27c1897227ee354a5542aec688c1c6e203667cf5d0b895fb95933 run #0: crashed: possible deadlock in fs_reclaim_acquire run #1: crashed: possible deadlock in fs_reclaim_acquire run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK run #10: OK representative crash: possible deadlock in fs_reclaim_acquire, types: [LOCKDEP] reproducer seems to be flaky # git bisect bad 2acf15b94d5b8ea8392c4b6753a6ffac3135cd78 2acf15b94d5b8ea8392c4b6753a6ffac3135cd78 is the first bad commit commit 2acf15b94d5b8ea8392c4b6753a6ffac3135cd78 Author: Yu Kuai Date: Fri Jul 2 12:07:43 2021 +0800 reiserfs: add check for root_inode in reiserfs_fill_super Our syzcaller report a NULL pointer dereference: BUG: kernel NULL pointer dereference, address: 0000000000000000 PGD 116e95067 P4D 116e95067 PUD 1080b5067 PMD 0 Oops: 0010 [#1] SMP KASAN CPU: 7 PID: 592 Comm: a.out Not tainted 5.13.0-next-20210629-dirty #67 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS ?-20190727_073836-buildvm-p4 RIP: 0010:0x0 Code: Unable to access opcode bytes at RIP 0xffffffffffffffd6. RSP: 0018:ffff888114e779b8 EFLAGS: 00010246 RAX: 0000000000000000 RBX: 1ffff110229cef39 RCX: ffffffffaa67e1aa RDX: 0000000000000000 RSI: ffff88810a58ee00 RDI: ffff8881233180b0 RBP: ffffffffac38e9c0 R08: ffffffffaa67e17e R09: 0000000000000001 R10: ffffffffb91c5557 R11: fffffbfff7238aaa R12: ffff88810a58ee00 R13: ffff888114e77aa0 R14: 0000000000000000 R15: ffff8881233180b0 FS: 00007f946163c480(0000) GS:ffff88839f1c0000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: ffffffffffffffd6 CR3: 00000001099c1000 CR4: 00000000000006e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: __lookup_slow+0x116/0x2d0 ? page_put_link+0x120/0x120 ? __d_lookup+0xfc/0x320 ? d_lookup+0x49/0x90 lookup_one_len+0x13c/0x170 ? __lookup_slow+0x2d0/0x2d0 ? reiserfs_schedule_old_flush+0x31/0x130 reiserfs_lookup_privroot+0x64/0x150 reiserfs_fill_super+0x158c/0x1b90 ? finish_unfinished+0xb10/0xb10 ? bprintf+0xe0/0xe0 ? __mutex_lock_slowpath+0x30/0x30 ? __kasan_check_write+0x20/0x30 ? up_write+0x51/0xb0 ? set_blocksize+0x9f/0x1f0 mount_bdev+0x27c/0x2d0 ? finish_unfinished+0xb10/0xb10 ? reiserfs_kill_sb+0x120/0x120 get_super_block+0x19/0x30 legacy_get_tree+0x76/0xf0 vfs_get_tree+0x49/0x160 ? capable+0x1d/0x30 path_mount+0xacc/0x1380 ? putname+0x97/0xd0 ? finish_automount+0x450/0x450 ? kmem_cache_free+0xf8/0x5a0 ? putname+0x97/0xd0 do_mount+0xe2/0x110 ? path_mount+0x1380/0x1380 ? copy_mount_options+0x69/0x140 __x64_sys_mount+0xf0/0x190 do_syscall_64+0x35/0x80 entry_SYSCALL_64_after_hwframe+0x44/0xae This is because 'root_inode' is initialized with wrong mode, and it's i_op is set to 'reiserfs_special_inode_operations'. Thus add check for 'root_inode' to fix the problem. Link: https://lore.kernel.org/r/20210702040743.1918552-1-yukuai3@huawei.com Signed-off-by: Yu Kuai Signed-off-by: Jan Kara fs/reiserfs/super.c | 8 ++++++++ 1 file changed, 8 insertions(+) parent commit e73f0f0ee7541171d89f2e2491130c7771ba58d3 wasn't tested testing commit e73f0f0ee7541171d89f2e2491130c7771ba58d3 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 82f7ab5b3f29d169edaa6d43df650fdcae8c87c727bbdf00fa510ab53988d338 culprit signature: 539cf1f144c27c1897227ee354a5542aec688c1c6e203667cf5d0b895fb95933 parent signature: 82f7ab5b3f29d169edaa6d43df650fdcae8c87c727bbdf00fa510ab53988d338 Reproducer flagged being flaky revisions tested: 40, total time: 11h10m53.026399405s (build: 5h57m46.685138711s, test: 4h39m27.026789911s) first bad commit: 2acf15b94d5b8ea8392c4b6753a6ffac3135cd78 reiserfs: add check for root_inode in reiserfs_fill_super recipients (to): ["jack@suse.cz" "yukuai3@huawei.com"] recipients (cc): [] crash: possible deadlock in fs_reclaim_acquire loop0: detected capacity change from 0 to 8192 REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal REISERFS (device loop0): using ordered data mode reiserfs: using flush barriers REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 ====================================================== WARNING: possible circular locking dependency detected 5.14.0-rc1-syzkaller #0 Not tainted ------------------------------------------------------ syz-executor.0/5911 is trying to acquire lock: ffffffff8ae97f60 (fs_reclaim){+.+.}-{0:0}, at: fs_reclaim_acquire+0xf7/0x160 mm/page_alloc.c:4574 but task is already holding lock: ffff8880b9c31640 (lock#2){-.-.}-{2:2}, at: __alloc_pages_bulk+0x4ad/0x1870 mm/page_alloc.c:5279 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #2 (lock#2){-.-.}-{2:2}: local_lock_acquire include/linux/local_lock_internal.h:42 [inline] free_unref_page+0x1bf/0x690 mm/page_alloc.c:3427 mm_free_pgd kernel/fork.c:636 [inline] __mmdrop+0xb9/0x350 kernel/fork.c:687 mmdrop include/linux/sched/mm.h:49 [inline] finish_task_switch.isra.0+0x792/0xb40 kernel/sched/core.c:4582 context_switch kernel/sched/core.c:4686 [inline] __schedule+0xb07/0x5910 kernel/sched/core.c:5940 preempt_schedule_irq+0x4e/0x90 kernel/sched/core.c:6328 irqentry_exit+0x31/0x80 kernel/entry/common.c:427 asm_sysvec_reschedule_ipi+0x12/0x20 arch/x86/include/asm/idtentry.h:643 kasan_mem_to_shadow include/linux/kasan.h:54 [inline] memory_is_poisoned_n mm/kasan/generic.c:129 [inline] memory_is_poisoned mm/kasan/generic.c:159 [inline] check_region_inline mm/kasan/generic.c:180 [inline] kasan_check_range+0x44/0x180 mm/kasan/generic.c:189 instrument_atomic_read include/linux/instrumented.h:71 [inline] test_bit include/asm-generic/bitops/instrumented-non-atomic.h:134 [inline] cpumask_test_cpu include/linux/cpumask.h:344 [inline] cpu_online include/linux/cpumask.h:895 [inline] trace_lock_release include/trace/events/lock.h:58 [inline] lock_release+0xa1/0x720 kernel/locking/lockdep.c:5636 might_alloc include/linux/sched/mm.h:198 [inline] slab_pre_alloc_hook mm/slab.h:485 [inline] slab_alloc_node mm/slub.c:2902 [inline] slab_alloc mm/slub.c:2989 [inline] kmem_cache_alloc+0x3e/0x3a0 mm/slub.c:2994 __d_alloc+0x25/0x950 fs/dcache.c:1744 d_alloc_anon fs/dcache.c:1842 [inline] d_alloc_cursor+0x32/0xc0 fs/dcache.c:1848 dcache_dir_open+0x2c/0x80 fs/libfs.c:82 do_dentry_open+0x42a/0xfc0 fs/open.c:826 do_open fs/namei.c:3374 [inline] path_openat+0x9ec/0x22c0 fs/namei.c:3507 do_filp_open+0x199/0x3d0 fs/namei.c:3534 do_sys_openat2+0x11e/0x360 fs/open.c:1204 do_sys_open fs/open.c:1220 [inline] __do_sys_openat fs/open.c:1236 [inline] __se_sys_openat fs/open.c:1231 [inline] __x64_sys_openat+0x11b/0x1d0 fs/open.c:1231 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0x80 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x44/0xae -> #1 (mmu_notifier_invalidate_range_start){+.+.}-{0:0}: fs_reclaim_acquire mm/page_alloc.c:4569 [inline] fs_reclaim_acquire+0xd2/0x160 mm/page_alloc.c:4560 might_alloc include/linux/sched/mm.h:198 [inline] slab_pre_alloc_hook mm/slab.h:485 [inline] slab_alloc_node mm/slub.c:2902 [inline] slab_alloc mm/slub.c:2989 [inline] kmem_cache_alloc_trace+0x3b/0x3c0 mm/slub.c:3006 kmalloc include/linux/slab.h:591 [inline] kzalloc include/linux/slab.h:721 [inline] alloc_workqueue_attrs+0x33/0x70 kernel/workqueue.c:3365 wq_numa_init kernel/workqueue.c:5899 [inline] workqueue_init+0x67/0x7d6 kernel/workqueue.c:6031 kernel_init_freeable+0x337/0x60c init/main.c:1577 kernel_init+0x14/0x120 init/main.c:1485 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295 -> #0 (fs_reclaim){+.+.}-{0:0}: check_prev_add kernel/locking/lockdep.c:3051 [inline] check_prevs_add kernel/locking/lockdep.c:3174 [inline] validate_chain kernel/locking/lockdep.c:3789 [inline] __lock_acquire+0x2985/0x5410 kernel/locking/lockdep.c:5015 lock_acquire kernel/locking/lockdep.c:5625 [inline] lock_acquire+0x1ab/0x510 kernel/locking/lockdep.c:5590 __fs_reclaim_acquire mm/page_alloc.c:4552 [inline] fs_reclaim_acquire+0x117/0x160 mm/page_alloc.c:4566 prepare_alloc_pages+0x15c/0x580 mm/page_alloc.c:5164 __alloc_pages+0x12f/0x500 mm/page_alloc.c:5363 stack_depot_save+0x39d/0x4e0 lib/stackdepot.c:303 save_stack+0x131/0x1a0 mm/page_owner.c:120 __set_page_owner+0x2e/0x250 mm/page_owner.c:181 prep_new_page mm/page_alloc.c:2433 [inline] __alloc_pages_bulk+0x8b9/0x1870 mm/page_alloc.c:5301 alloc_pages_bulk_array_node include/linux/gfp.h:557 [inline] vm_area_alloc_pages mm/vmalloc.c:2793 [inline] __vmalloc_area_node mm/vmalloc.c:2863 [inline] __vmalloc_node_range+0x2f6/0x7e0 mm/vmalloc.c:2966 __vmalloc_node mm/vmalloc.c:3015 [inline] vzalloc+0x62/0x80 mm/vmalloc.c:3085 allocate_cnodes fs/reiserfs/journal.c:351 [inline] journal_init+0x16e1/0x5e10 fs/reiserfs/journal.c:2861 reiserfs_fill_super+0x9c5/0x2680 fs/reiserfs/super.c:2032 mount_bdev+0x2cb/0x3b0 fs/super.c:1368 legacy_get_tree+0xfa/0x1f0 fs/fs_context.c:592 vfs_get_tree+0x7f/0x2c0 fs/super.c:1498 do_new_mount fs/namespace.c:2905 [inline] path_mount+0x7f3/0x1a40 fs/namespace.c:3235 do_mount fs/namespace.c:3248 [inline] __do_sys_mount fs/namespace.c:3456 [inline] __se_sys_mount fs/namespace.c:3433 [inline] __x64_sys_mount+0x1f5/0x260 fs/namespace.c:3433 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0x80 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x44/0xae other info that might help us debug this: Chain exists of: fs_reclaim --> mmu_notifier_invalidate_range_start --> lock#2 Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(lock#2); lock(mmu_notifier_invalidate_range_start); lock(lock#2); lock(fs_reclaim); *** DEADLOCK *** 2 locks held by syz-executor.0/5911: #0: ffff88802f8de0e0 (&type->s_umount_key#25/1){+.+.}-{3:3}, at: alloc_super+0x192/0xa00 fs/super.c:229 #1: ffff8880b9c31640 (lock#2){-.-.}-{2:2}, at: __alloc_pages_bulk+0x4ad/0x1870 mm/page_alloc.c:5279 stack backtrace: CPU: 0 PID: 5911 Comm: syz-executor.0 Not tainted 5.14.0-rc1-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023 Call Trace: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x57/0x7d lib/dump_stack.c:105 check_noncircular+0x25f/0x2e0 kernel/locking/lockdep.c:2131 check_prev_add kernel/locking/lockdep.c:3051 [inline] check_prevs_add kernel/locking/lockdep.c:3174 [inline] validate_chain kernel/locking/lockdep.c:3789 [inline] __lock_acquire+0x2985/0x5410 kernel/locking/lockdep.c:5015 lock_acquire kernel/locking/lockdep.c:5625 [inline] lock_acquire+0x1ab/0x510 kernel/locking/lockdep.c:5590 __fs_reclaim_acquire mm/page_alloc.c:4552 [inline] fs_reclaim_acquire+0x117/0x160 mm/page_alloc.c:4566 prepare_alloc_pages+0x15c/0x580 mm/page_alloc.c:5164 __alloc_pages+0x12f/0x500 mm/page_alloc.c:5363 stack_depot_save+0x39d/0x4e0 lib/stackdepot.c:303 save_stack+0x131/0x1a0 mm/page_owner.c:120 __set_page_owner+0x2e/0x250 mm/page_owner.c:181 prep_new_page mm/page_alloc.c:2433 [inline] __alloc_pages_bulk+0x8b9/0x1870 mm/page_alloc.c:5301 alloc_pages_bulk_array_node include/linux/gfp.h:557 [inline] vm_area_alloc_pages mm/vmalloc.c:2793 [inline] __vmalloc_area_node mm/vmalloc.c:2863 [inline] __vmalloc_node_range+0x2f6/0x7e0 mm/vmalloc.c:2966 __vmalloc_node mm/vmalloc.c:3015 [inline] vzalloc+0x62/0x80 mm/vmalloc.c:3085 allocate_cnodes fs/reiserfs/journal.c:351 [inline] journal_init+0x16e1/0x5e10 fs/reiserfs/journal.c:2861 reiserfs_fill_super+0x9c5/0x2680 fs/reiserfs/super.c:2032 mount_bdev+0x2cb/0x3b0 fs/super.c:1368 legacy_get_tree+0xfa/0x1f0 fs/fs_context.c:592 vfs_get_tree+0x7f/0x2c0 fs/super.c:1498 do_new_mount fs/namespace.c:2905 [inline] path_mount+0x7f3/0x1a40 fs/namespace.c:3235 do_mount fs/namespace.c:3248 [inline] __do_sys_mount fs/namespace.c:3456 [inline] __se_sys_mount fs/namespace.c:3433 [inline] __x64_sys_mount+0x1f5/0x260 fs/namespace.c:3433 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0x80 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7fb7a6a908ba Code: 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007fb7a5e00f88 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 RAX: ffffffffffffffda RBX: 0000000000001101 RCX: 00007fb7a6a908ba RDX: 0000000020001100 RSI: 0000000020000040 RDI: 00007fb7a5e00fe0 RBP: 00007fb7a5e01020 R08: 00007fb7a5e01020 R09: 0000000000000080 R10: 0000000000000080 R11: 0000000000000246 R12: 0000000020001100 R13: 0000000020000040 R14: 00007fb7a5e00fe0 R15: 00000000200000c0 BUG: sleeping function called from invalid context at mm/page_alloc.c:5167 in_atomic(): 0, irqs_disabled(): 1, non_block: 0, pid: 5911, name: syz-executor.0 INFO: lockdep is turned off. irq event stamp: 20318 hardirqs last enabled at (20317): [] __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:160 [inline] hardirqs last enabled at (20317): [] _raw_spin_unlock_irqrestore+0x50/0x70 kernel/locking/spinlock.c:191 hardirqs last disabled at (20318): [] __alloc_pages_bulk+0x1017/0x1870 mm/page_alloc.c:5279 softirqs last enabled at (20294): [] invoke_softirq kernel/softirq.c:432 [inline] softirqs last enabled at (20294): [] __irq_exit_rcu+0x16e/0x1c0 kernel/softirq.c:636 softirqs last disabled at (20167): [] invoke_softirq kernel/softirq.c:432 [inline] softirqs last disabled at (20167): [] __irq_exit_rcu+0x16e/0x1c0 kernel/softirq.c:636 CPU: 0 PID: 5911 Comm: syz-executor.0 Not tainted 5.14.0-rc1-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023 Call Trace: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x57/0x7d lib/dump_stack.c:105 ___might_sleep.cold+0x1f1/0x237 kernel/sched/core.c:9154 prepare_alloc_pages+0x3da/0x580 mm/page_alloc.c:5167 __alloc_pages+0x12f/0x500 mm/page_alloc.c:5363 stack_depot_save+0x39d/0x4e0 lib/stackdepot.c:303 save_stack+0x131/0x1a0 mm/page_owner.c:120 __set_page_owner+0x2e/0x250 mm/page_owner.c:181 prep_new_page mm/page_alloc.c:2433 [inline] __alloc_pages_bulk+0x8b9/0x1870 mm/page_alloc.c:5301 alloc_pages_bulk_array_node include/linux/gfp.h:557 [inline] vm_area_alloc_pages mm/vmalloc.c:2793 [inline] __vmalloc_area_node mm/vmalloc.c:2863 [inline] __vmalloc_node_range+0x2f6/0x7e0 mm/vmalloc.c:2966 __vmalloc_node mm/vmalloc.c:3015 [inline] vzalloc+0x62/0x80 mm/vmalloc.c:3085 allocate_cnodes fs/reiserfs/journal.c:351 [inline] journal_init+0x16e1/0x5e10 fs/reiserfs/journal.c:2861 reiserfs_fill_super+0x9c5/0x2680 fs/reiserfs/super.c:2032 mount_bdev+0x2cb/0x3b0 fs/super.c:1368 legacy_get_tree+0xfa/0x1f0 fs/fs_context.c:592 vfs_get_tree+0x7f/0x2c0 fs/super.c:1498 do_new_mount fs/namespace.c:2905 [inline] path_mount+0x7f3/0x1a40 fs/namespace.c:3235 do_mount fs/namespace.c:3248 [inline] __do_sys_mount fs/namespace.c:3456 [inline] __se_sys_mount fs/namespace.c:3433 [inline] __x64_sys_mount+0x1f5/0x260 fs/namespace.c:3433 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0x80 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7fb7a6a908ba Code: 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007fb7a5e00f88 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 RAX: ffffffffffffffda RBX: 0000000000001101 RCX: 00007fb7a6a908ba RDX: 0000000020001100 RSI: 0000000020000040 RDI: 00007fb7a5e00fe0 RBP: 00007fb7a5e01020 R08: 00007fb7a5e01020 R09: 0000000000000080 R10: 0000000000000080 R11: 0000000000000246 R12: 0000000020001100 R13: 0000000020000040 R14: 00007fb7a5e00fe0 R15: 00000000200000c0 REISERFS (device loop0): checking transaction log (loop0) REISERFS (device loop0): Using r5 hash to sort names REISERFS (device loop0): using 3.5.x disk format REISERFS warning: reiserfs-5093 is_leaf: item entry count seems wrong *3.5*[2 1 0(1) DIR], item_len 35, item_location 3937, free_space(entry_count) 2 REISERFS error (device loop0): vs-5150 search_by_key: invalid format found in block 531. Fsck? REISERFS (device loop0): Remounting filesystem read-only REISERFS error (device loop0): vs-13050 reiserfs_update_sd_size: i/o failure occurred trying to update [2 1 0x0 SD] stat data REISERFS warning: reiserfs-5093 is_leaf: item entry count seems wrong *3.5*[2 1 0(1) DIR], item_len 35, item_location 3937, free_space(entry_count) 2 REISERFS error (device loop0): vs-5150 search_by_key: invalid format found in block 531. Fsck? REISERFS error (device loop0): zam-7001 reiserfs_find_entry: io error REISERFS warning: reiserfs-5093 is_leaf: item entry count seems wrong *3.5*[2 1 0(1) DIR], item_len 35, item_location 3937, free_space(entry_count) 2 REISERFS error (device loop0): vs-5150 search_by_key: invalid format found in block 531. Fsck? REISERFS error (device loop0): vs-13050 reiserfs_update_sd_size: i/o failure occurred trying to update [2 1 0x0 SD] stat data REISERFS warning (device loop0): jdm-20006 create_privroot: xattrs/ACLs enabled and couldn't find/create .reiserfs_priv. Failing mount.