bisecting fixing commit since da690031a5d6d50a361e3f19f3eeabd086a6f20d building syzkaller on 4a77ae0bdc5cd75ebe88ce7c896aae6bbf457a29 testing commit da690031a5d6d50a361e3f19f3eeabd086a6f20d with gcc (GCC) 8.1.0 kernel signature: 45be175f635461b91386358bccfd59aa1aacdc8bbc6c1718ada6eb172cf74d5c run #0: crashed: WARNING in __xlate_proc_name run #1: crashed: WARNING: ODEBUG bug in __do_softirq run #2: crashed: general protection fault in afs_proc_cell_setup run #3: crashed: BUG: Dentry still in use [unmount of afs afs] run #4: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_manage_cell run #5: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_manage_cell run #6: crashed: WARNING: ODEBUG bug in __do_softirq run #7: crashed: WARNING in __proc_create run #8: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_manage_cell run #9: crashed: WARNING in __xlate_proc_name testing current HEAD f01c30de86f1047e9bae1b1b1417b0ce8dcd15b1 testing commit f01c30de86f1047e9bae1b1b1417b0ce8dcd15b1 with gcc (GCC) 8.1.0 kernel signature: 969aa00643297747262a83ac46a8bc90d424e8945916831f88bdc5a5a1a7d817 all runs: OK # git bisect start f01c30de86f1047e9bae1b1b1417b0ce8dcd15b1 da690031a5d6d50a361e3f19f3eeabd086a6f20d Bisecting: 8114 revisions left to test after this (roughly 13 steps) [4d0e9df5e43dba52d38b251e3b909df8fa1110be] lib, uaccess: add failure injection to usercopy functions testing commit 4d0e9df5e43dba52d38b251e3b909df8fa1110be with gcc (GCC) 8.1.0 kernel signature: 3aafdf68009644b37b26530b45e90e95b7c00c0b583cdfed3d3af1b7f39614fe run #0: crashed: WARNING: ODEBUG bug in __do_softirq run #1: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_manage_cell run #2: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_deactivate_cell run #3: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_manage_cell run #4: crashed: WARNING: proc registration bug in afs_manage_cell run #5: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_deactivate_cell run #6: crashed: BUG: Dentry still in use [unmount of afs afs] run #7: crashed: BUG: unable to handle kernel paging request in afs_proc_cell_setup run #8: crashed: BUG: unable to handle kernel paging request in afs_proc_cell_setup run #9: crashed: no output from test machine # git bisect good 4d0e9df5e43dba52d38b251e3b909df8fa1110be Bisecting: 4042 revisions left to test after this (roughly 12 steps) [41eea65e2aaadc0611fd56a1b177ce25dcc4c1df] Merge tag 'core-rcu-2020-10-12' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip testing commit 41eea65e2aaadc0611fd56a1b177ce25dcc4c1df with gcc (GCC) 8.1.0 kernel signature: 9f4a0b36d82053c73be8d6ee4f07a60ab31e0d08e03c9f937d79c2cf851d6b45 all runs: OK # git bisect bad 41eea65e2aaadc0611fd56a1b177ce25dcc4c1df Bisecting: 2035 revisions left to test after this (roughly 11 steps) [7a155fa3d84ef1418ded16ba477b20b2a4c0f528] net: mscc: ocelot: parse flower action before key testing commit 7a155fa3d84ef1418ded16ba477b20b2a4c0f528 with gcc (GCC) 8.1.0 kernel signature: f47114d9279d78ed1edcf7e242305a2e2c1f54668440fe91ca17a2a71dd9c1ac run #0: crashed: WARNING: ODEBUG bug in __do_softirq run #1: crashed: WARNING in __proc_create run #2: crashed: BUG: unable to handle kernel paging request in afs_proc_cell_remove run #3: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_proc_cell_setup run #4: crashed: WARNING: proc registration bug in afs_manage_cell run #5: crashed: WARNING: proc registration bug in afs_manage_cell run #6: crashed: BUG: Dentry still in use [unmount of afs afs] run #7: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_deactivate_cell run #8: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_manage_cell run #9: crashed: BUG: unable to handle kernel paging request in afs_proc_cell_setup # git bisect good 7a155fa3d84ef1418ded16ba477b20b2a4c0f528 Bisecting: 925 revisions left to test after this (roughly 10 steps) [96685f8666714233d34abb71b242448c80077536] Merge tag 'powerpc-5.10-1' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux testing commit 96685f8666714233d34abb71b242448c80077536 with gcc (GCC) 8.1.0 kernel signature: 8e0be99ebb31e40a9720099e769a3b7180b2ec4389978bbca6827ff1577e32e1 run #0: crashed: BUG: unable to handle kernel paging request in afs_proc_cell_remove run #1: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_manage_cell run #2: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_manage_cell run #3: crashed: BUG: unable to handle kernel paging request in afs_proc_cell_remove run #4: crashed: general protection fault in afs_proc_cell_setup run #5: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_proc_cell_remove run #6: crashed: WARNING: proc registration bug in afs_manage_cell run #7: crashed: WARNING: proc registration bug in afs_manage_cell run #8: crashed: WARNING: proc registration bug in afs_manage_cell run #9: crashed: no output from test machine # git bisect good 96685f8666714233d34abb71b242448c80077536 Bisecting: 480 revisions left to test after this (roughly 9 steps) [2a934b38c066ff221b08a9c703314a2a1c885dbd] Merge tag 'i3c/for-5.10' of git://git.kernel.org/pub/scm/linux/kernel/git/i3c/linux testing commit 2a934b38c066ff221b08a9c703314a2a1c885dbd with gcc (GCC) 8.1.0 kernel signature: dc50b38007c553c36014f46e71fde52da9c975f2a871c47fddbf6a392dd447cc all runs: OK # git bisect bad 2a934b38c066ff221b08a9c703314a2a1c885dbd Bisecting: 252 revisions left to test after this (roughly 8 steps) [93f3d8f54a22eaa5ae4ec269615729c4f9b1cf1e] Merge tag 'trace-v5.10-2' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace testing commit 93f3d8f54a22eaa5ae4ec269615729c4f9b1cf1e with gcc (GCC) 8.1.0 kernel signature: 508eba49799c044f18eb5489531e37c5400dbf0bff26995dc721c67f37517cf8 run #0: crashed: WARNING: proc registration bug in afs_manage_cell run #1: crashed: WARNING in __proc_create run #2: crashed: BUG: Dentry still in use [unmount of afs afs] run #3: crashed: WARNING in __proc_create run #4: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_manage_cell run #5: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_manage_cell run #6: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_proc_cell_setup run #7: crashed: BUG: Dentry still in use [unmount of afs afs] run #8: crashed: general protection fault in afs_proc_cell_remove run #9: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_alloc_anon_key # git bisect good 93f3d8f54a22eaa5ae4ec269615729c4f9b1cf1e Bisecting: 124 revisions left to test after this (roughly 7 steps) [7a3dadedc82e340f8292f64e7bfa964c525009c0] Merge tag 'f2fs-for-5.10-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/jaegeuk/f2fs testing commit 7a3dadedc82e340f8292f64e7bfa964c525009c0 with gcc (GCC) 8.1.0 kernel signature: 63faf5efc4513b4267cd01d320d6fbac8a0349ae5b3119be7bf9296f8429e37a run #0: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_proc_cell_setup run #1: crashed: BUG: unable to handle kernel paging request in afs_proc_cell_setup run #2: crashed: general protection fault in afs_deactivate_cell run #3: crashed: WARNING in __xlate_proc_name run #4: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_deactivate_cell run #5: crashed: WARNING in __proc_create run #6: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_deactivate_cell run #7: crashed: WARNING: ODEBUG bug in __do_softirq run #8: crashed: general protection fault in __fscache_relinquish_cookie run #9: crashed: WARNING in __proc_create # git bisect good 7a3dadedc82e340f8292f64e7bfa964c525009c0 Bisecting: 58 revisions left to test after this (roughly 6 steps) [3856a28cfe9161927fa13bb7cb561f6d8fd2e82a] Merge tag 'nand/for-5.10' of git://git.kernel.org/pub/scm/linux/kernel/git/mtd/linux into mtd/next testing commit 3856a28cfe9161927fa13bb7cb561f6d8fd2e82a with gcc (GCC) 8.1.0 kernel signature: 7cba5336f3e886cf0277b3a9c75a2c37f26f9930d1a7dee19689ec31a5a2ace0 run #0: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_proc_cell_setup run #1: crashed: BUG: unable to handle kernel paging request in afs_proc_cell_setup run #2: crashed: WARNING in __xlate_proc_name run #3: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_proc_cell_remove run #4: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_deactivate_cell run #5: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_deactivate_cell run #6: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_proc_cell_setup run #7: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_deactivate_cell run #8: crashed: WARNING: ODEBUG bug in __do_softirq run #9: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_manage_cell # git bisect good 3856a28cfe9161927fa13bb7cb561f6d8fd2e82a Bisecting: 37 revisions left to test after this (roughly 5 steps) [071a0578b0ce0b0e543d1e38ee6926b9cc21c198] Merge tag 'ovl-update-5.10' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/vfs testing commit 071a0578b0ce0b0e543d1e38ee6926b9cc21c198 with gcc (GCC) 8.1.0 kernel signature: 889bd6a726683338b48d961bbc46d9eefc050121b2a00ec67ffcc25398c1de18 all runs: OK # git bisect bad 071a0578b0ce0b0e543d1e38ee6926b9cc21c198 Bisecting: 10 revisions left to test after this (roughly 3 steps) [43d193f8440d67f0dddd93ae973eb94174039e83] ovl: enumerate private xattrs testing commit 43d193f8440d67f0dddd93ae973eb94174039e83 with gcc (GCC) 8.1.0 kernel signature: 9b27e69530760920dd15681179f9edba25e184e5a639449e32f96b2546b21c7a run #0: crashed: WARNING: proc registration bug in afs_manage_cell run #1: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_manage_cell run #2: crashed: WARNING: ODEBUG bug in __do_softirq run #3: crashed: WARNING in __proc_create run #4: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_deactivate_cell run #5: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_alloc_anon_key run #6: crashed: BUG: unable to handle kernel paging request in afs_proc_cell_remove run #7: crashed: BUG: unable to handle kernel paging request in afs_proc_cell_remove run #8: crashed: WARNING: ODEBUG bug in __do_softirq run #9: crashed: BUG: unable to handle kernel paging request in afs_proc_cell_remove # git bisect good 43d193f8440d67f0dddd93ae973eb94174039e83 Bisecting: 5 revisions left to test after this (roughly 3 steps) [dca54a7bbb8ca9148ae10d60c66c926e222a9c4b] afs: Add tracing for cell refcount and active user count testing commit dca54a7bbb8ca9148ae10d60c66c926e222a9c4b with gcc (GCC) 8.1.0 kernel signature: 9d383a448bfa9b34576d4c23817dded50821ed2e8ebeb1fa84ccb7e36f847664 all runs: OK # git bisect bad dca54a7bbb8ca9148ae10d60c66c926e222a9c4b Bisecting: 2 revisions left to test after this (roughly 1 step) [88c853c3f5c0a07c5db61b494ee25152535cfeee] afs: Fix cell refcounting by splitting the usage counter testing commit 88c853c3f5c0a07c5db61b494ee25152535cfeee with gcc (GCC) 8.1.0 kernel signature: 1a457348a47089a042a87f6ba56fa6de9112379955702ca4085c20275527563f run #0: crashed: WARNING: proc registration bug in afs_manage_cell_work run #1: crashed: INFO: task hung in synchronize_rcu run #2: crashed: INFO: task hung in synchronize_rcu run #3: crashed: INFO: task hung in synchronize_rcu run #4: crashed: INFO: task hung in synchronize_rcu run #5: crashed: INFO: task hung in synchronize_rcu run #6: crashed: INFO: task hung in synchronize_rcu run #7: crashed: INFO: task hung in synchronize_rcu run #8: crashed: INFO: task hung in lru_add_drain_all run #9: crashed: INFO: task hung in synchronize_rcu # git bisect good 88c853c3f5c0a07c5db61b494ee25152535cfeee Bisecting: 0 revisions left to test after this (roughly 1 step) [1d0e850a49a5b56f8f3cb51e74a11e2fedb96be6] afs: Fix cell removal testing commit 1d0e850a49a5b56f8f3cb51e74a11e2fedb96be6 with gcc (GCC) 8.1.0 kernel signature: be7167262657bc202661cbcd649faea371af09dda84e9786ee85be06d1eee2c8 all runs: OK # git bisect bad 1d0e850a49a5b56f8f3cb51e74a11e2fedb96be6 Bisecting: 0 revisions left to test after this (roughly 0 steps) [286377f6bdf71568a4cf07104fe44006ae0dba6d] afs: Fix cell purging with aliases testing commit 286377f6bdf71568a4cf07104fe44006ae0dba6d with gcc (GCC) 8.1.0 kernel signature: c145768effe5179b39957c39b723aac1f5e413831632ccb1a0f45e2848a803ce run #0: crashed: WARNING: proc registration bug in afs_manage_cell_work run #1: crashed: WARNING: proc registration bug in afs_manage_cell_work run #2: crashed: INFO: task hung in synchronize_rcu run #3: crashed: INFO: task hung in lru_add_drain_all run #4: crashed: INFO: task hung in synchronize_rcu run #5: crashed: INFO: task hung in synchronize_rcu run #6: crashed: INFO: task hung in synchronize_rcu run #7: crashed: INFO: task hung in synchronize_rcu run #8: crashed: INFO: task hung in synchronize_rcu run #9: crashed: INFO: task hung in synchronize_rcu # git bisect good 286377f6bdf71568a4cf07104fe44006ae0dba6d 1d0e850a49a5b56f8f3cb51e74a11e2fedb96be6 is the first bad commit commit 1d0e850a49a5b56f8f3cb51e74a11e2fedb96be6 Author: David Howells Date: Fri Oct 16 13:21:14 2020 +0100 afs: Fix cell removal Fix cell removal by inserting a more final state than AFS_CELL_FAILED that indicates that the cell has been unpublished in case the manager is already requeued and will go through again. The new AFS_CELL_REMOVED state will just immediately leave the manager function. Going through a second time in the AFS_CELL_FAILED state will cause it to try to remove the cell again, potentially leading to the proc list being removed. Fixes: 989782dcdc91 ("afs: Overhaul cell database management") Reported-by: syzbot+b994ecf2b023f14832c1@syzkaller.appspotmail.com Reported-by: syzbot+0e0db88e1eb44a91ae8d@syzkaller.appspotmail.com Reported-by: syzbot+2d0585e5efcd43d113c2@syzkaller.appspotmail.com Reported-by: syzbot+1ecc2f9d3387f1d79d42@syzkaller.appspotmail.com Reported-by: syzbot+18d51774588492bf3f69@syzkaller.appspotmail.com Reported-by: syzbot+a5e4946b04d6ca8fa5f3@syzkaller.appspotmail.com Suggested-by: Hillf Danton Signed-off-by: David Howells cc: Hillf Danton fs/afs/cell.c | 16 ++++++++++------ fs/afs/internal.h | 1 + 2 files changed, 11 insertions(+), 6 deletions(-) culprit signature: be7167262657bc202661cbcd649faea371af09dda84e9786ee85be06d1eee2c8 parent signature: c145768effe5179b39957c39b723aac1f5e413831632ccb1a0f45e2848a803ce revisions tested: 16, total time: 3h29m50.491368179s (build: 1h18m6.953587463s, test: 2h9m51.482635766s) first good commit: 1d0e850a49a5b56f8f3cb51e74a11e2fedb96be6 afs: Fix cell removal recipients (to): ["dhowells@redhat.com" "dhowells@redhat.com" "linux-afs@lists.infradead.org"] recipients (cc): ["linux-kernel@vger.kernel.org"]