bisecting cause commit starting from 15bc20c6af4ceee97a1f90b43c0e386643c071b4 building syzkaller on 318430cbb3b2ceefe51518ecccabbdabb32ffe3b testing commit 15bc20c6af4ceee97a1f90b43c0e386643c071b4 with gcc (GCC) 8.1.0 kernel signature: 7a9117018acce102ef72dee1dca38c28789d01a486b88eeef2277f47ca1c9173 run #0: crashed: BUG: unable to handle kernel NULL pointer dereference in snd_pcm_oss_make_ready run #1: crashed: BUG: unable to handle kernel NULL pointer dereference in snd_pcm_oss_make_ready run #2: crashed: BUG: unable to handle kernel NULL pointer dereference in add_wait_queue run #3: crashed: BUG: unable to handle kernel NULL pointer dereference in add_wait_queue run #4: crashed: WARNING: ODEBUG bug in exit_to_user_mode_prepare run #5: crashed: BUG: unable to handle kernel NULL pointer dereference in add_wait_queue run #6: crashed: BUG: unable to handle kernel NULL pointer dereference in snd_pcm_oss_make_ready run #7: crashed: BUG: unable to handle kernel paging request in snd_pcm_oss_release run #8: crashed: BUG: unable to handle kernel NULL pointer dereference in snd_pcm_oss_make_ready run #9: crashed: BUG: unable to handle kernel NULL pointer dereference in snd_pcm_oss_make_ready testing release v5.8 testing commit bcf876870b95592b52519ed4aafcf9d95999bc9c with gcc (GCC) 8.1.0 kernel signature: b23eb61d4cb2042d28fe412bea60c021264f0d529425580418187016c7bb41c5 all runs: OK # git bisect start 15bc20c6af4ceee97a1f90b43c0e386643c071b4 bcf876870b95592b52519ed4aafcf9d95999bc9c Bisecting: 5975 revisions left to test after this (roughly 13 steps) [47ec5303d73ea344e84f46660fff693c57641386] Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next testing commit 47ec5303d73ea344e84f46660fff693c57641386 with gcc (GCC) 8.1.0 kernel signature: 052965e69cd71586e225b03ec4ed4b832734c509448029e9fad821c0e025a2df all runs: OK # git bisect good 47ec5303d73ea344e84f46660fff693c57641386 Bisecting: 2845 revisions left to test after this (roughly 12 steps) [fa73e212318a3277ae1f304febbc617c75d4d2db] Merge tag 'media/v5.9-1' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media testing commit fa73e212318a3277ae1f304febbc617c75d4d2db with gcc (GCC) 8.1.0 kernel signature: ce0106bd66a966c775f3b622fb83c3baaeab74daa065a5e37ea799408fddc722 all runs: OK # git bisect good fa73e212318a3277ae1f304febbc617c75d4d2db Bisecting: 1420 revisions left to test after this (roughly 11 steps) [9ad57f6dfc2345ed5d3a8bf4dabac0a34069c54c] Merge branch 'akpm' (patches from Andrew) testing commit 9ad57f6dfc2345ed5d3a8bf4dabac0a34069c54c with gcc (GCC) 8.1.0 kernel signature: 5c932f746843f1d237d7dae1f462d4ccb5fb2d3ac42fa6bee0956e2912062dfd all runs: boot failed: WARNING in mem_cgroup_css_alloc # git bisect skip 9ad57f6dfc2345ed5d3a8bf4dabac0a34069c54c Bisecting: 1420 revisions left to test after this (roughly 11 steps) [2f059db0b8313f8964ac917394e7425d966a6884] ktest.pl: Always show log file location if defined even on success testing commit 2f059db0b8313f8964ac917394e7425d966a6884 with gcc (GCC) 8.1.0 kernel signature: f049276e8e55dc7b10178ccb8bafe653d2fa8b26c6dc89a6c20efa348f6d5e4b all runs: OK # git bisect good 2f059db0b8313f8964ac917394e7425d966a6884 Bisecting: 1420 revisions left to test after this (roughly 11 steps) [44a7f3e8222a7345b72a83a26d6d599bba815cf9] clk: socfpga: agilex: mpu_l2ram_clk should be mpu_ccu_clk testing commit 44a7f3e8222a7345b72a83a26d6d599bba815cf9 with gcc (GCC) 8.1.0 kernel signature: 13a6c42fbd96a41bfa0277bd78a89af62a88e31b422836a19acbe5116cf68366 all runs: basic kernel testing failed: BUG: using smp_processor_id() in preemptible code in ext4_mb_new_blocks # git bisect skip 44a7f3e8222a7345b72a83a26d6d599bba815cf9 Bisecting: 1420 revisions left to test after this (roughly 11 steps) [347a7389a7cc9b91f80deb8d7043e9827d08b328] perf intel-pt: Add support for decoding PSB+ only testing commit 347a7389a7cc9b91f80deb8d7043e9827d08b328 with gcc (GCC) 8.1.0 kernel signature: 5ea64e090343b8cbb15bf8fe0bf7b0cc4da425ca7bc018e325a40d0a05db0465 all runs: OK # git bisect good 347a7389a7cc9b91f80deb8d7043e9827d08b328 Bisecting: 1343 revisions left to test after this (roughly 10 steps) [ea6ec774372740b024a6c27caac0d0af8960ea15] Merge tag 'drm-next-2020-08-12' of git://anongit.freedesktop.org/drm/drm testing commit ea6ec774372740b024a6c27caac0d0af8960ea15 with gcc (GCC) 8.1.0 kernel signature: a287ff1988edf558017b1796bce2c2d83c67fe7a35dba0dfac9dba200a642175 all runs: boot failed: WARNING in mem_cgroup_css_alloc # git bisect skip ea6ec774372740b024a6c27caac0d0af8960ea15 Bisecting: 1343 revisions left to test after this (roughly 10 steps) [43b1bb4a9b3e183af12225f56c27164c10d06223] clk: at91: clk-sam9x60-pll: re-factor to support plls with multiple outputs testing commit 43b1bb4a9b3e183af12225f56c27164c10d06223 with gcc (GCC) 8.1.0 kernel signature: b1b47a748ead54f792dd76e1ad422e1b4163d5df0859fcb8854984d268bf0dd8 run #0: basic kernel testing failed: BUG: using smp_processor_id() in preemptible code in ext4_mb_new_blocks run #1: basic kernel testing failed: BUG: using smp_processor_id() in preemptible code in ext4_mb_new_blocks run #2: basic kernel testing failed: BUG: using smp_processor_id() in preemptible code in ext4_mb_new_blocks run #3: basic kernel testing failed: BUG: using smp_processor_id() in preemptible code in ext4_mb_new_blocks run #4: basic kernel testing failed: BUG: using smp_processor_id() in preemptible code in ext4_mb_new_blocks run #5: basic kernel testing failed: BUG: using smp_processor_id() in preemptible code in ext4_mb_new_blocks run #6: basic kernel testing failed: BUG: using smp_processor_id() in preemptible code in ext4_mb_new_blocks run #7: basic kernel testing failed: BUG: using smp_processor_id() in preemptible code in ext4_mb_new_blocks run #8: basic kernel testing failed: BUG: using smp_processor_id() in preemptible code in corrupted run #9: basic kernel testing failed: BUG: using smp_processor_id() in preemptible code in ext4_mb_new_blocks # git bisect skip 43b1bb4a9b3e183af12225f56c27164c10d06223 Bisecting: 1343 revisions left to test after this (roughly 10 steps) [35759383133f64d90eba120a0d3efe8f71241650] mptcp: sendmsg: reset iter on error testing commit 35759383133f64d90eba120a0d3efe8f71241650 with gcc (GCC) 8.1.0 kernel signature: b5058ee026b7e62cebaa49bb1d94529b866edd2013b89cf07f72e6620bbb64ef all runs: OK # git bisect good 35759383133f64d90eba120a0d3efe8f71241650 Bisecting: 432 revisions left to test after this (roughly 9 steps) [4cf7562190c795f1f95be6ee0d161107d0dc5d49] Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net testing commit 4cf7562190c795f1f95be6ee0d161107d0dc5d49 with gcc (GCC) 8.1.0 kernel signature: 41cbefc27110300ea3159f86ef58974f558ccea4d5a9f9403dd9d81d0cc12745 all runs: OK # git bisect good 4cf7562190c795f1f95be6ee0d161107d0dc5d49 Bisecting: 215 revisions left to test after this (roughly 8 steps) [9e574b74b781f14fa7348ba8b980b19a250a9c83] Merge tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi testing commit 9e574b74b781f14fa7348ba8b980b19a250a9c83 with gcc (GCC) 8.1.0 kernel signature: 93ad976f083c73fb8d0a0a8364e419a93950e0c1cb503b601e4eaf34ba497a8b all runs: OK # git bisect good 9e574b74b781f14fa7348ba8b980b19a250a9c83 Bisecting: 112 revisions left to test after this (roughly 7 steps) [550c2129d93d5eb198835ac83c05ef672e8c491c] Merge tag 'x86-urgent-2020-08-23' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip testing commit 550c2129d93d5eb198835ac83c05ef672e8c491c with gcc (GCC) 8.1.0 kernel signature: e0404da9ad954427101780410399e67fc7a13c0ccce49a7eb1fc135d77131a88 run #0: crashed: WARNING: ODEBUG bug in get_signal run #1: crashed: BUG: unable to handle kernel NULL pointer dereference in snd_pcm_oss_make_ready run #2: crashed: WARNING in snd_pcm_drop run #3: crashed: BUG: unable to handle kernel paging request in snd_pcm_oss_release run #4: crashed: WARNING in snd_pcm_drop run #5: crashed: BUG: unable to handle kernel NULL pointer dereference in snd_pcm_oss_make_ready run #6: crashed: general protection fault in snd_pcm_oss_release run #7: crashed: BUG: unable to handle kernel NULL pointer dereference in snd_pcm_oss_make_ready run #8: crashed: WARNING in corrupted run #9: crashed: BUG: unable to handle kernel NULL pointer dereference in snd_pcm_oss_make_ready # git bisect bad 550c2129d93d5eb198835ac83c05ef672e8c491c Bisecting: 51 revisions left to test after this (roughly 6 steps) [4af7b32f84aa4cd60e39b355bc8a1eab6cd8d8a4] Merge git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf testing commit 4af7b32f84aa4cd60e39b355bc8a1eab6cd8d8a4 with gcc (GCC) 8.1.0 kernel signature: 7c3568c4d3267c8e5e49b5054549075c982b4c9747a3c5048bcb7ff479af17b7 all runs: OK # git bisect good 4af7b32f84aa4cd60e39b355bc8a1eab6cd8d8a4 Bisecting: 20 revisions left to test after this (roughly 5 steps) [c3d8f220d01220a5b253e422be407d068dc65511] Merge tag 'kbuild-fixes-v5.9' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild testing commit c3d8f220d01220a5b253e422be407d068dc65511 with gcc (GCC) 8.1.0 kernel signature: 9781ef381aa6d8a256f56329d1bb22550ef507daf8c0c9719b2983b69b043b09 all runs: OK # git bisect good c3d8f220d01220a5b253e422be407d068dc65511 Bisecting: 11 revisions left to test after this (roughly 3 steps) [e99b2507baccca79394ec646e3d1a0884667ea98] Merge tag 'core-urgent-2020-08-23' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip testing commit e99b2507baccca79394ec646e3d1a0884667ea98 with gcc (GCC) 8.1.0 kernel signature: 0fcf16fa55c40405942b18f592d5ddd881698b908c3702d14f7d4c8259eea10e run #0: crashed: BUG: unable to handle kernel NULL pointer dereference in snd_pcm_oss_release run #1: crashed: BUG: unable to handle kernel NULL pointer dereference in snd_pcm_oss_make_ready run #2: crashed: BUG: unable to handle kernel NULL pointer dereference in snd_pcm_oss_make_ready run #3: crashed: WARNING in corrupted run #4: crashed: WARNING in snd_pcm_drop run #5: crashed: BUG: unable to handle kernel NULL pointer dereference in snd_pcm_oss_make_ready run #6: crashed: WARNING: ODEBUG bug in get_signal run #7: crashed: BUG: unable to handle kernel NULL pointer dereference in snd_pcm_oss_make_ready run #8: crashed: BUG: unable to handle kernel NULL pointer dereference in snd_pcm_oss_make_ready run #9: crashed: BUG: unable to handle kernel NULL pointer dereference in snd_pcm_oss_make_ready # git bisect bad e99b2507baccca79394ec646e3d1a0884667ea98 Bisecting: 3 revisions left to test after this (roughly 2 steps) [9d045ed1ebe1a6115d3fa9930c5371defb31d95a] Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net testing commit 9d045ed1ebe1a6115d3fa9930c5371defb31d95a with gcc (GCC) 8.1.0 kernel signature: 242a3eb28a592cb6579fb5e3ffc904a10a26cb3e4035b4f1a602169bf359f300 run #0: crashed: BUG: unable to handle kernel NULL pointer dereference in snd_pcm_oss_make_ready run #1: crashed: BUG: unable to handle kernel NULL pointer dereference in snd_pcm_oss_make_ready run #2: crashed: BUG: unable to handle kernel NULL pointer dereference in snd_pcm_oss_make_ready run #3: crashed: WARNING in snd_pcm_drop run #4: crashed: BUG: unable to handle kernel NULL pointer dereference in snd_pcm_oss_make_ready run #5: crashed: WARNING: ODEBUG bug in get_signal run #6: crashed: BUG: unable to handle kernel NULL pointer dereference in snd_pcm_oss_make_ready run #7: crashed: INFO: trying to register non-static key in snd_pcm_oss_change_params run #8: crashed: WARNING in snd_pcm_drop run #9: crashed: WARNING in snd_pcm_oss_release # git bisect bad 9d045ed1ebe1a6115d3fa9930c5371defb31d95a Bisecting: 2 revisions left to test after this (roughly 1 step) [52c479697c9b73f628140dcdfcd39ea302d05482] do_epoll_ctl(): clean the failure exits up a bit testing commit 52c479697c9b73f628140dcdfcd39ea302d05482 with gcc (GCC) 8.1.0 kernel signature: f53c6a32fdd20a701bca1fa6f3fe302fa29a8af10286a9754789a03ac6499cb4 run #0: crashed: WARNING: ODEBUG bug in get_signal run #1: crashed: WARNING: ODEBUG bug in get_signal run #2: crashed: BUG: unable to handle kernel NULL pointer dereference in snd_pcm_oss_make_ready run #3: crashed: WARNING in snd_pcm_drop run #4: crashed: BUG: unable to handle kernel NULL pointer dereference in snd_pcm_oss_make_ready run #5: crashed: WARNING: ODEBUG bug in get_signal run #6: crashed: BUG: unable to handle kernel NULL pointer dereference in snd_pcm_oss_make_ready run #7: crashed: general protection fault in snd_pcm_oss_release run #8: crashed: BUG: unable to handle kernel NULL pointer dereference in snd_pcm_prepare run #9: crashed: BUG: unable to handle kernel NULL pointer dereference in snd_pcm_oss_make_ready # git bisect bad 52c479697c9b73f628140dcdfcd39ea302d05482 Bisecting: 0 revisions left to test after this (roughly 0 steps) [a9ed4a6560b8562b7e2e2bed9527e88001f7b682] epoll: Keep a reference on files added to the check list testing commit a9ed4a6560b8562b7e2e2bed9527e88001f7b682 with gcc (GCC) 8.1.0 kernel signature: a4fd8940d4035d68cdd73dffdb2b521ca4a370690ecd1c416741a4a792a6ff5c run #0: crashed: WARNING: ODEBUG bug in get_signal run #1: crashed: BUG: unable to handle kernel NULL pointer dereference in snd_pcm_oss_make_ready run #2: crashed: BUG: unable to handle kernel NULL pointer dereference in snd_pcm_oss_make_ready run #3: crashed: BUG: unable to handle kernel NULL pointer dereference in snd_pcm_oss_make_ready run #4: crashed: general protection fault in snd_pcm_oss_release run #5: crashed: BUG: unable to handle kernel NULL pointer dereference in snd_pcm_oss_make_ready run #6: crashed: BUG: unable to handle kernel NULL pointer dereference in snd_pcm_oss_make_ready run #7: crashed: BUG: unable to handle kernel paging request in snd_pcm_oss_release run #8: crashed: BUG: unable to handle kernel paging request in snd_pcm_format_set_silence run #9: crashed: WARNING in corrupted # git bisect bad a9ed4a6560b8562b7e2e2bed9527e88001f7b682 a9ed4a6560b8562b7e2e2bed9527e88001f7b682 is the first bad commit commit a9ed4a6560b8562b7e2e2bed9527e88001f7b682 Author: Marc Zyngier Date: Wed Aug 19 17:12:17 2020 +0100 epoll: Keep a reference on files added to the check list When adding a new fd to an epoll, and that this new fd is an epoll fd itself, we recursively scan the fds attached to it to detect cycles, and add non-epool files to a "check list" that gets subsequently parsed. However, this check list isn't completely safe when deletions can happen concurrently. To sidestep the issue, make sure that a struct file placed on the check list sees its f_count increased, ensuring that a concurrent deletion won't result in the file disapearing from under our feet. Cc: stable@vger.kernel.org Signed-off-by: Marc Zyngier Signed-off-by: Al Viro fs/eventpoll.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) parent commit 9123e3a74ec7b934a4a099e98af6a61c2f80bbf5 wasn't tested testing commit 9123e3a74ec7b934a4a099e98af6a61c2f80bbf5 with gcc (GCC) 8.1.0 kernel signature: c33d8a7063d31aad730d75d2f4c17af4c6a69bef8a9768df5b80e96adff35dd8 culprit signature: a4fd8940d4035d68cdd73dffdb2b521ca4a370690ecd1c416741a4a792a6ff5c parent signature: c33d8a7063d31aad730d75d2f4c17af4c6a69bef8a9768df5b80e96adff35dd8 revisions tested: 20, total time: 4h3m23.25761287s (build: 1h39m18.998852923s, test: 2h22m3.547044274s) first bad commit: a9ed4a6560b8562b7e2e2bed9527e88001f7b682 epoll: Keep a reference on files added to the check list recipients (to): ["linux-kernel@vger.kernel.org" "maz@kernel.org" "viro@zeniv.linux.org.uk"] recipients (cc): ["linux-fsdevel@vger.kernel.org" "viro@zeniv.linux.org.uk"] crash: WARNING in corrupted ------------[ cut here ]------------ WARNING: CPU: 1 PID: 8281 at sound/core/pcm_native.c:2120 snd_pcm_drop+0x57/0x80 sound/core/pcm_native.c:2138 Kernel panic - not syncing: panic_on_warn set ... Kernel Offset: disabled Rebooting in 86400 seconds..