bisecting cause commit starting from fdd06dc6b0f832a9cd8033438cc3b01d253c3981 building syzkaller on 8f633d840e3eb6454f036e9da3285bcf27345616 testing commit fdd06dc6b0f832a9cd8033438cc3b01d253c3981 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 0771e9de89ea986853eb29932254ce0ba2bef4f5112b4a74c8a487b9ce767d6e run #0: crashed: general protection fault in kernfs_name_hash run #1: crashed: general protection fault in del_gendisk run #2: crashed: general protection fault in kernfs_name_hash run #3: crashed: general protection fault in del_gendisk run #4: crashed: general protection fault in kernfs_name_hash run #5: crashed: general protection fault in kernfs_name_hash run #6: crashed: general protection fault in kernfs_name_hash run #7: crashed: general protection fault in del_gendisk run #8: crashed: general protection fault in kernfs_name_hash run #9: crashed: general protection fault in del_gendisk run #10: crashed: general protection fault in kernfs_name_hash run #11: crashed: general protection fault in kernfs_name_hash run #12: crashed: general protection fault in kernfs_name_hash run #13: crashed: general protection fault in kernfs_name_hash run #14: crashed: general protection fault in del_gendisk run #15: crashed: general protection fault in kernfs_name_hash run #16: crashed: general protection fault in kernfs_name_hash run #17: crashed: general protection fault in kernfs_name_hash run #18: crashed: general protection fault in kernfs_name_hash run #19: crashed: general protection fault in kernfs_name_hash testing release v5.10.117 testing commit 7686a5c2a8d398196259b1bf3fa369a4fd6bcd6f compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 993152b5941818ca147cb2c5ff42e56244782638499f7c405485fe7d6e8aad4c all runs: OK # git bisect start fdd06dc6b0f832a9cd8033438cc3b01d253c3981 7686a5c2a8d398196259b1bf3fa369a4fd6bcd6f Bisecting: 2953 revisions left to test after this (roughly 12 steps) [fd10db46d00327f730807d776db03eae98948a00] FROMGIT: kasan, mm: optimize krealloc poisoning testing commit fd10db46d00327f730807d776db03eae98948a00 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 mm/memory.c:4800:10: error: assignment of member 'vma' in read-only object mm/memory.c:4942:12: error: assignment of member 'pgoff' in read-only object mm/memory.c:4943:15: error: assignment of member 'gfp_mask' in read-only object # git bisect skip fd10db46d00327f730807d776db03eae98948a00 Bisecting: 2951 revisions left to test after this (roughly 12 steps) [9e7985701d28e10e26a8d2382a4cbd7700ea4f08] FROMGIT: arm64: kasan: simplify and inline MTE functions testing commit 9e7985701d28e10e26a8d2382a4cbd7700ea4f08 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 mm/memory.c:4800:10: error: assignment of member 'vma' in read-only object mm/memory.c:4942:12: error: assignment of member 'pgoff' in read-only object mm/memory.c:4943:15: error: assignment of member 'gfp_mask' in read-only object # git bisect skip 9e7985701d28e10e26a8d2382a4cbd7700ea4f08 Bisecting: 2951 revisions left to test after this (roughly 12 steps) [b397a0387cb280697e83033ec9a45f4a2e7bc444] ANDROID: fips140: test all implementations testing commit b397a0387cb280697e83033ec9a45f4a2e7bc444 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 4608686f77982b86b8300b5aa94261439fe7af204d441dcf9e289c85cb5c4940 run #0: crashed: general protection fault in kernfs_name_hash run #1: crashed: general protection fault in del_gendisk run #2: crashed: general protection fault in kernfs_name_hash run #3: crashed: general protection fault in del_gendisk run #4: crashed: general protection fault in del_gendisk run #5: crashed: general protection fault in kernfs_name_hash run #6: crashed: general protection fault in kernfs_name_hash run #7: crashed: general protection fault in kernfs_name_hash run #8: crashed: general protection fault in kernfs_name_hash run #9: crashed: general protection fault in kernfs_name_hash # git bisect bad b397a0387cb280697e83033ec9a45f4a2e7bc444 Bisecting: 2621 revisions left to test after this (roughly 11 steps) [2a6bc198915275a36c2822d80d680922bba7ba3c] UPSTREAM: arm64: alternatives: Remove READ_ONCE() usage during patch operation testing commit 2a6bc198915275a36c2822d80d680922bba7ba3c compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 7524d3b0260ea8d31f005c6a9f8e6c930a152f26b116018a6dacf02138fd279e all runs: basic kernel testing failed: KASAN: use-after-free Read in task_active_pid_ns # git bisect skip 2a6bc198915275a36c2822d80d680922bba7ba3c Bisecting: 2621 revisions left to test after this (roughly 11 steps) [79d3d549f9b3060fd78da0477c543f9e70d6e851] ANDROID: GKI: 5/7 KMI update testing commit 79d3d549f9b3060fd78da0477c543f9e70d6e851 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 191b76cc9fa9d953b6f1dc576564e5a593a9799f71b0e379ea1db1924cc73ba4 all runs: basic kernel testing failed: KASAN: use-after-free Read in task_active_pid_ns # git bisect skip 79d3d549f9b3060fd78da0477c543f9e70d6e851 Bisecting: 2621 revisions left to test after this (roughly 11 steps) [8a0e4c2b94375dcb0021c6173c3c3a4a4a8cc55a] FROMLIST: fuse: Fix crediantials leak in passthrough read_iter testing commit 8a0e4c2b94375dcb0021c6173c3c3a4a4a8cc55a compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 8615cb6d325ffa9182400ea191cefba87a0f508bf1257bf061eaf13c19bafa40 all runs: basic kernel testing failed: KASAN: use-after-free Read in task_active_pid_ns # git bisect skip 8a0e4c2b94375dcb0021c6173c3c3a4a4a8cc55a Bisecting: 2621 revisions left to test after this (roughly 11 steps) [f3f8d55011837f34584fc223e2a26b13623ff296] ANDROID: sched: Add vendor hooks for update_load_avg testing commit f3f8d55011837f34584fc223e2a26b13623ff296 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 9009a34f64d1b33d26fba0bd5e6c632b8d4a5614a8197c06cc6d33b6b09b0ee3 all runs: basic kernel testing failed: KASAN: use-after-free Read in task_active_pid_ns # git bisect skip f3f8d55011837f34584fc223e2a26b13623ff296 Bisecting: 2621 revisions left to test after this (roughly 11 steps) [18ebdc37464a1288c3c6ca853e66efebf3e793db] ANDROID: sched: add vendor hooks for bad scheduling testing commit 18ebdc37464a1288c3c6ca853e66efebf3e793db compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: bc44f3bbaeb29bdffb0b38ee3ff07f8bea61a84cf137b97650279e3470b29b91 all runs: basic kernel testing failed: KASAN: use-after-free Read in task_active_pid_ns # git bisect skip 18ebdc37464a1288c3c6ca853e66efebf3e793db Bisecting: 2621 revisions left to test after this (roughly 11 steps) [f9761818fe9a95752e6c49f5ee5bf4640e0507db] ANDROID: GKI: Refresh ABI following trimmed symbol CRC fix testing commit f9761818fe9a95752e6c49f5ee5bf4640e0507db compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 3b516885eba346876d725d12a84762478407fb2bb4141d97d302c2ec0ef9ada2 all runs: basic kernel testing failed: KASAN: use-after-free Read in task_active_pid_ns # git bisect skip f9761818fe9a95752e6c49f5ee5bf4640e0507db Bisecting: 2621 revisions left to test after this (roughly 11 steps) [1c2af92b869c363ada8df84340bab033b81e6628] UPSTREAM: psci: Support psci_ops.get_version for v0.1 testing commit 1c2af92b869c363ada8df84340bab033b81e6628 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 0ee02d089ca7e9c23a07421335c2f3543930d890b6e13fedd1f86242d65b1539 all runs: basic kernel testing failed: KASAN: use-after-free Read in task_active_pid_ns # git bisect skip 1c2af92b869c363ada8df84340bab033b81e6628 Bisecting: 2621 revisions left to test after this (roughly 11 steps) [73372c9835b2de23dedd57892fcc0c971d97fedf] ANDROID: scsi: ufs: add UFSHCD_QUIRK_NO_KEYSLOTS testing commit 73372c9835b2de23dedd57892fcc0c971d97fedf compiler: gcc (GCC) 8.4.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: ade378bb3364bc44b9407766465bc1d71aa642cb9a638cfb0278f5111e142542 all runs: basic kernel testing failed: KASAN: use-after-free Read in task_active_pid_ns # git bisect skip 73372c9835b2de23dedd57892fcc0c971d97fedf Bisecting: 2621 revisions left to test after this (roughly 11 steps) [2dc1df560308a1882143693b64c4f893d75f8d94] UPSTREAM: xhci: use xhci_td_cleanup() helper when giving back cancelled URBs testing commit 2dc1df560308a1882143693b64c4f893d75f8d94 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 9b7f989b9b8d52deddebd0d9a98aa86bfa53fd209d9765512b04281e973ffcdf all runs: basic kernel testing failed: KASAN: use-after-free Read in task_active_pid_ns # git bisect skip 2dc1df560308a1882143693b64c4f893d75f8d94 Bisecting: 2621 revisions left to test after this (roughly 11 steps) [a428f6d3cdab8091c39c7145e6f8bbb03b22693f] FROMGIT: drm/virtio: Fix use after free in get_capset_info callback. testing commit a428f6d3cdab8091c39c7145e6f8bbb03b22693f compiler: gcc (GCC) 8.4.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 932dc535afd525abc6f76e153f0ee82a23bf8ed05f5b58563dd0ed33866bfd07 all runs: basic kernel testing failed: KASAN: use-after-free Read in task_active_pid_ns # git bisect skip a428f6d3cdab8091c39c7145e6f8bbb03b22693f Bisecting: 2621 revisions left to test after this (roughly 11 steps) [2a492c11b930f14c1f69d5aacd70146c0938756a] UPSTREAM: xhci: prevent a theoretical endless loop while preparing rings. testing commit 2a492c11b930f14c1f69d5aacd70146c0938756a compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 5d3cab34478cd464a0a8120938f53d730f80089d5eaa1ede02ae1d335f40c0ce all runs: basic kernel testing failed: KASAN: use-after-free Read in task_active_pid_ns # git bisect skip 2a492c11b930f14c1f69d5aacd70146c0938756a Bisecting: 2621 revisions left to test after this (roughly 11 steps) [836219141ff7a77e7fab0bd749edd746fd36fef2] Revert "iov_iter: transparently handle compat iovecs in import_iovec" testing commit 836219141ff7a77e7fab0bd749edd746fd36fef2 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 77eb21e56711cf3ffb70d62bdc2d81ce8bb9eb3983dc2dc62e508943d00e536b all runs: basic kernel testing failed: KASAN: use-after-free Read in task_active_pid_ns # git bisect skip 836219141ff7a77e7fab0bd749edd746fd36fef2 Bisecting: 2621 revisions left to test after this (roughly 11 steps) [d4091df63c80ad87e4c3256d13405730da54bdc7] ANDROID: GKI: Update symbols list for vivo testing commit d4091df63c80ad87e4c3256d13405730da54bdc7 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 89022af4f02530998d9086d8bd7c42c03d8b99902985e716190a628f6147a453 run #0: crashed: general protection fault in kernfs_name_hash run #1: crashed: general protection fault in kernfs_name_hash run #2: crashed: general protection fault in kernfs_name_hash run #3: crashed: general protection fault in kernfs_name_hash run #4: crashed: general protection fault in del_gendisk run #5: crashed: general protection fault in kernfs_name_hash run #6: crashed: general protection fault in kernfs_name_hash run #7: crashed: general protection fault in kernfs_name_hash run #8: crashed: general protection fault in kernfs_name_hash run #9: crashed: general protection fault in del_gendisk # git bisect bad d4091df63c80ad87e4c3256d13405730da54bdc7 Bisecting: 2616 revisions left to test after this (roughly 11 steps) [d728c7f91b31139eeb94604f465fe51b5aedc84d] FROMLIST: kbuild: improve libelf detection testing commit d728c7f91b31139eeb94604f465fe51b5aedc84d compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 2762ae268d1d24292de63700a039d53020f9f5e270f81379eff12e9c0fb8c580 all runs: basic kernel testing failed: KASAN: use-after-free Read in task_active_pid_ns # git bisect skip d728c7f91b31139eeb94604f465fe51b5aedc84d Bisecting: 2616 revisions left to test after this (roughly 11 steps) [b011ee0886ae3b5184cfd119c03c379a161a87b1] ANDROID: softirq: Export irq_handler_exit tracepoint testing commit b011ee0886ae3b5184cfd119c03c379a161a87b1 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 810df438211aa1814a013bfcd03a57928c9c31ea17d5a661d8bcd8775d6e967c all runs: basic kernel testing failed: KASAN: use-after-free Read in task_active_pid_ns # git bisect skip b011ee0886ae3b5184cfd119c03c379a161a87b1 Bisecting: 2616 revisions left to test after this (roughly 11 steps) [f9fcdaeab7006daef51a87b61801264805a7a729] ANDROID: sched: remove regular vendor hooks for 32bit execve testing commit f9fcdaeab7006daef51a87b61801264805a7a729 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: be5f5185dbaaa3c81d40aef5b306c1e1d350a0cd07f6672f6d86a380292e41e9 all runs: OK # git bisect good f9fcdaeab7006daef51a87b61801264805a7a729 Bisecting: 281 revisions left to test after this (roughly 8 steps) [60a4c35570d985cd1e1304fcbd31e4df79d07d6e] ANDROID: xt_quota2: clear quota2_log message before sending testing commit 60a4c35570d985cd1e1304fcbd31e4df79d07d6e compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: ac64b538eccea812511e90bc29cd4bf018c585213dc5fa788c264039a1b67ecc run #0: crashed: general protection fault in kernfs_name_hash run #1: crashed: general protection fault in del_gendisk run #2: crashed: general protection fault in del_gendisk run #3: crashed: general protection fault in kernfs_name_hash run #4: crashed: general protection fault in del_gendisk run #5: crashed: general protection fault in del_gendisk run #6: crashed: general protection fault in kernfs_name_hash run #7: crashed: general protection fault in kernfs_name_hash run #8: crashed: general protection fault in del_gendisk run #9: crashed: general protection fault in kernfs_name_hash # git bisect bad 60a4c35570d985cd1e1304fcbd31e4df79d07d6e Bisecting: 139 revisions left to test after this (roughly 7 steps) [194fd9239ae697974aad9e038d4aea509bf45c43] ANDROID: GKI: fscrypt: add ABI padding to struct fscrypt_operations testing commit 194fd9239ae697974aad9e038d4aea509bf45c43 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 23f584833a7a1e6865b28492637fee2634d8f9faca2aee7ac97a22fa390f97bc all runs: OK # git bisect good 194fd9239ae697974aad9e038d4aea509bf45c43 Bisecting: 69 revisions left to test after this (roughly 6 steps) [e30728e4ff6f4ae77cf89547d5f1df3bddb0d1f6] ANDROID: ABI: initial update allowed list for galaxy testing commit e30728e4ff6f4ae77cf89547d5f1df3bddb0d1f6 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 460d2359de9dd5e5aecfbbd869914f6f78688b7a1225c4abc5e60d21c4c31ed0 all runs: OK # git bisect good e30728e4ff6f4ae77cf89547d5f1df3bddb0d1f6 Bisecting: 34 revisions left to test after this (roughly 5 steps) [bda49ad0602e5250a9d3dd61deda19d3e5615c54] FROMGIT: loop: Select I/O scheduler 'none' from inside add_disk() testing commit bda49ad0602e5250a9d3dd61deda19d3e5615c54 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 2b2b9dcb407e1480854c1a89dfeb4b9f5a22b68843cbc8954323e37301c18953 run #0: crashed: general protection fault in kernfs_name_hash run #1: crashed: general protection fault in kernfs_name_hash run #2: crashed: general protection fault in kernfs_name_hash run #3: crashed: general protection fault in kernfs_name_hash run #4: crashed: general protection fault in del_gendisk run #5: crashed: general protection fault in kernfs_name_hash run #6: crashed: general protection fault in kernfs_name_hash run #7: crashed: general protection fault in del_gendisk run #8: crashed: general protection fault in kernfs_name_hash run #9: crashed: general protection fault in kernfs_name_hash # git bisect bad bda49ad0602e5250a9d3dd61deda19d3e5615c54 Bisecting: 16 revisions left to test after this (roughly 4 steps) [36fbb55631563638f7a5e6d53168361618c5c168] FROMGIT: procfs: prevent unpriveleged processes accessing fdinfo dir testing commit 36fbb55631563638f7a5e6d53168361618c5c168 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: a590c6841da1017d271f246339a99b7d95316f81eafa1ffcc37df27aff98c8ad all runs: OK # git bisect good 36fbb55631563638f7a5e6d53168361618c5c168 Bisecting: 8 revisions left to test after this (roughly 3 steps) [045204b0801f06ac45b9931cffed155624b1ae55] FROMGIT: KVM: arm64: Unregister HYP sections from kmemleak in protected mode testing commit 045204b0801f06ac45b9931cffed155624b1ae55 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 0a58a839fea06626c7cd202e346b81be897e345f9d220e298d319f56ad69e99e all runs: OK # git bisect good 045204b0801f06ac45b9931cffed155624b1ae55 Bisecting: 3 revisions left to test after this (roughly 2 steps) [41b79ac98d5dc5469e47488a5f095116cf2dbe7c] FROMGIT: usb: dwc3: gadget: Use list_replace_init() before traversing lists testing commit 41b79ac98d5dc5469e47488a5f095116cf2dbe7c compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: e682db748dbed1b97a10f94a7381837d1752387e9f764c0dbf45da54a05293d5 all runs: OK # git bisect good 41b79ac98d5dc5469e47488a5f095116cf2dbe7c Bisecting: 1 revision left to test after this (roughly 1 step) [8914725a582861666a2a298efbcb5ae7613a47b7] FROMGIT: usb: typec: tcpm: Keep other events when receiving FRS and Sourcing_vbus events testing commit 8914725a582861666a2a298efbcb5ae7613a47b7 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 3a98fe6e9e9f466e9e523a1f5573ceebd6209b78bd499a4a9b428cc3eebc63bf all runs: OK # git bisect good 8914725a582861666a2a298efbcb5ae7613a47b7 Bisecting: 0 revisions left to test after this (roughly 0 steps) [d8b946254effbe36780f0b855da509a07470b8d2] FROMGIT: blk-mq: Introduce the BLK_MQ_F_NO_SCHED_BY_DEFAULT flag testing commit d8b946254effbe36780f0b855da509a07470b8d2 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 14acba34b019ed604b753b720b7ed3cdbcf625ee1c2e9aadddb6ee62d8802d3a all runs: OK # git bisect good d8b946254effbe36780f0b855da509a07470b8d2 bda49ad0602e5250a9d3dd61deda19d3e5615c54 is the first bad commit commit bda49ad0602e5250a9d3dd61deda19d3e5615c54 Author: Bart Van Assche Date: Mon Aug 2 10:05:29 2021 -0700 FROMGIT: loop: Select I/O scheduler 'none' from inside add_disk() We noticed that the user interface of Android devices becomes very slow under memory pressure. This is because Android uses the zram driver on top of the loop driver for swapping, because under memory pressure the swap code alternates reads and writes quickly, because mq-deadline is the default scheduler for loop devices and because mq-deadline delays writes by five seconds for such a workload with default settings. Fix this by making the kernel select I/O scheduler 'none' from inside add_disk() for loop devices. This default can be overridden at any time from user space, e.g. via a udev rule. This approach has an advantage compared to changing the I/O scheduler from userspace from 'mq-deadline' into 'none', namely that synchronize_rcu() does not get called. Additionally, this patch reduces the Android boot time on my test setup with 0.5 seconds compared to configuring the loop I/O scheduler from user space. Signed-off-by: Bart Van Assche Bug: 194450129 (cherry picked from commit 2112f5c1330a671fa852051d85cb9eadc05d7eb7 git://git.kernel.dk/linux-block/ for-5.15/block) Change-Id: I6f9579b4cd2cb22fcb5c858d4f292f1870336fdd Signed-off-by: Bart Van Assche drivers/block/loop.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) culprit signature: 2b2b9dcb407e1480854c1a89dfeb4b9f5a22b68843cbc8954323e37301c18953 parent signature: 14acba34b019ed604b753b720b7ed3cdbcf625ee1c2e9aadddb6ee62d8802d3a revisions tested: 28, total time: 4h31m45.238149446s (build: 2h8m19.304435486s, test: 2h20m10.776360729s) first bad commit: bda49ad0602e5250a9d3dd61deda19d3e5615c54 FROMGIT: loop: Select I/O scheduler 'none' from inside add_disk() recipients (to): ["axboe@kernel.dk" "bvanassche@acm.org" "bvanassche@google.com" "linux-block@vger.kernel.org"] recipients (cc): ["linux-kernel@vger.kernel.org"] crash: general protection fault in kernfs_name_hash RSP: 002b:00007f0ec0fbb168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 00007f0ec1157f60 RCX: 00007f0ec1045109 RDX: 0000000000000000 RSI: 0000000000004c81 RDI: 0000000000000003 RBP: 00007f0ec109f05d R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffd2cce3ecf R14: 00007f0ec0fbb300 R15: 0000000000022000 ---[ end trace 58a8fabe1e84c96f ]--- general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] CPU: 0 PID: 434 Comm: syz-executor.0 Tainted: G W 5.10.43-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:strlen+0x1f/0xa0 lib/string.c:568 Code: 48 8b 45 e8 eb 88 0f 1f 44 00 00 48 b8 00 00 00 00 00 fc ff df 55 48 89 fa 48 89 e5 48 c1 ea 03 41 54 49 89 fc 53 48 83 ec 08 <0f> b6 04 02 48 89 fa 83 e2 07 38 d0 7f 04 84 c0 75 4d 41 80 3c 24 RSP: 0018:ffffc900008a7c90 EFLAGS: 00010286 RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffffff84262aa9 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 RBP: ffffc900008a7ca8 R08: 0000000000000001 R09: ffffc900008a7cbf R10: fffff52000114f97 R11: 0000000000000000 R12: 0000000000000000 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000008 FS: 00007f0ec0fbb700(0000) GS:ffff8881f7200000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f0ec0fbaff8 CR3: 0000000109b75000 CR4: 00000000003506b0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: kernfs_name_hash+0x16/0xc0 fs/kernfs/dir.c:302 kernfs_find_ns+0x84/0x210 fs/kernfs/dir.c:841 kernfs_remove_by_name_ns+0x32/0x80 fs/kernfs/dir.c:1514 kernfs_remove_by_name include/linux/kernfs.h:608 [inline] sysfs_remove_link+0x37/0xa0 fs/sysfs/symlink.c:152 del_gendisk+0x5f8/0xa60 block/genhd.c:951 loop_remove drivers/block/loop.c:2194 [inline] loop_control_ioctl drivers/block/loop.c:2293 [inline] loop_control_ioctl+0x30d/0x3d0 drivers/block/loop.c:2259 vfs_ioctl fs/ioctl.c:48 [inline] __do_sys_ioctl fs/ioctl.c:753 [inline] __se_sys_ioctl fs/ioctl.c:739 [inline] __x64_sys_ioctl+0x129/0x1a0 fs/ioctl.c:739 do_syscall_64+0x32/0x80 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x44/0xa9 RIP: 0033:0x7f0ec1045109 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f0ec0fbb168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 00007f0ec1157f60 RCX: 00007f0ec1045109 RDX: 0000000000000000 RSI: 0000000000004c81 RDI: 0000000000000003 RBP: 00007f0ec109f05d R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffd2cce3ecf R14: 00007f0ec0fbb300 R15: 0000000000022000 Modules linked in: ---[ end trace 58a8fabe1e84c970 ]--- RIP: 0010:strlen+0x1f/0xa0 lib/string.c:568 Code: 48 8b 45 e8 eb 88 0f 1f 44 00 00 48 b8 00 00 00 00 00 fc ff df 55 48 89 fa 48 89 e5 48 c1 ea 03 41 54 49 89 fc 53 48 83 ec 08 <0f> b6 04 02 48 89 fa 83 e2 07 38 d0 7f 04 84 c0 75 4d 41 80 3c 24 RSP: 0018:ffffc900008a7c90 EFLAGS: 00010286 RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffffff84262aa9 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 RBP: ffffc900008a7ca8 R08: 0000000000000001 R09: ffffc900008a7cbf R10: fffff52000114f97 R11: 0000000000000000 R12: 0000000000000000 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000008 FS: 00007f0ec0fbb700(0000) GS:ffff8881f7200000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f0ec0fbaff8 CR3: 0000000109b75000 CR4: 00000000003506b0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 ---------------- Code disassembly (best guess): 0: 48 8b 45 e8 mov -0x18(%rbp),%rax 4: eb 88 jmp 0xffffff8e 6: 0f 1f 44 00 00 nopl 0x0(%rax,%rax,1) b: 48 b8 00 00 00 00 00 movabs $0xdffffc0000000000,%rax 12: fc ff df 15: 55 push %rbp 16: 48 89 fa mov %rdi,%rdx 19: 48 89 e5 mov %rsp,%rbp 1c: 48 c1 ea 03 shr $0x3,%rdx 20: 41 54 push %r12 22: 49 89 fc mov %rdi,%r12 25: 53 push %rbx 26: 48 83 ec 08 sub $0x8,%rsp * 2a: 0f b6 04 02 movzbl (%rdx,%rax,1),%eax <-- trapping instruction 2e: 48 89 fa mov %rdi,%rdx 31: 83 e2 07 and $0x7,%edx 34: 38 d0 cmp %dl,%al 36: 7f 04 jg 0x3c 38: 84 c0 test %al,%al 3a: 75 4d jne 0x89 3c: 41 rex.B 3d: 80 .byte 0x80 3e: 3c 24 cmp $0x24,%al