ci starts bisection 2023-03-14 23:53:52.629488212 +0000 UTC m=+55391.656191780 bisecting fixing commit since a689b938df39ab513026c53fb7011fd7cd594943 building syzkaller on 1dac8c7a01e2bdd35cb04eb4901ddb157291ac2d ensuring issue is reproducible on original commit a689b938df39ab513026c53fb7011fd7cd594943 testing commit a689b938df39ab513026c53fb7011fd7cd594943 gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: bb8a4b52b58106a3f0969d02bfd3072342daeced7d29143ac686d1faede6e41a run #0: crashed: KASAN: use-after-free Read in io_wq_worker_running run #1: crashed: KASAN: use-after-free Read in io_wq_worker_running run #2: crashed: KASAN: use-after-free Read in io_wq_worker_running run #3: crashed: KASAN: use-after-free Read in io_wq_worker_running run #4: crashed: KASAN: use-after-free Read in io_wq_worker_running run #5: crashed: KASAN: use-after-free Read in io_wq_worker_running run #6: crashed: KASAN: use-after-free Read in io_wq_worker_running run #7: crashed: KASAN: use-after-free Read in io_wq_worker_running run #8: crashed: KASAN: use-after-free Read in io_wq_worker_running run #9: crashed: KASAN: use-after-free Read in io_wqe_worker run #10: crashed: KASAN: use-after-free Read in io_wq_worker_running run #11: crashed: KASAN: use-after-free Read in io_wq_worker_running run #12: crashed: KASAN: use-after-free Read in io_wq_worker_running run #13: crashed: KASAN: use-after-free Read in io_wq_worker_running run #14: crashed: KASAN: use-after-free Read in io_wq_worker_running run #15: crashed: KASAN: use-after-free Read in io_wq_worker_running run #16: crashed: KASAN: use-after-free Read in io_wq_worker_running run #17: crashed: KASAN: use-after-free Read in io_wq_worker_running run #18: crashed: KASAN: use-after-free Read in io_wq_worker_running run #19: crashed: KASAN: use-after-free Read in io_wq_worker_running testing current HEAD 4979bf8668255a67449714653314662fbc7e5bdb testing commit 4979bf8668255a67449714653314662fbc7e5bdb gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 300d7c5e3680f9dc07bd511ffa0fc71cebea07dd76bacab269f57b0cf44987a6 all runs: OK # git bisect start 4979bf8668255a67449714653314662fbc7e5bdb a689b938df39ab513026c53fb7011fd7cd594943 Bisecting: 7890 revisions left to test after this (roughly 13 steps) [d5176cdbf64ce7d4eebf339205f17c23118e9f72] Merge tag 'pinctrl-v6.3-1' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl testing commit d5176cdbf64ce7d4eebf339205f17c23118e9f72 gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: e4f1986b58d4d13e79fbc858e05130bb5051a48c15d1855512aa86875efe25e6 all runs: OK # git bisect bad d5176cdbf64ce7d4eebf339205f17c23118e9f72 Bisecting: 3927 revisions left to test after this (roughly 12 steps) [1adce1b9440cdf0c427419b99bc9db756b5ad931] Merge tag 'x86_alternatives_for_v6.3_rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip testing commit 1adce1b9440cdf0c427419b99bc9db756b5ad931 gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 1fa5538245fa9038818d4264e202ba9c17245a60485de02a7f86dc36beac0801 all runs: OK # git bisect bad 1adce1b9440cdf0c427419b99bc9db756b5ad931 Bisecting: 1962 revisions left to test after this (roughly 11 steps) [91bc559d8d3aed488b4b50e9eba1d7ebb1da7bbf] Merge tag 'fs.acl.v6.3' of git://git.kernel.org/pub/scm/linux/kernel/git/vfs/idmapping testing commit 91bc559d8d3aed488b4b50e9eba1d7ebb1da7bbf gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 0dc20c5b1615d6bc027c445e323bd942271ef5078a5465883718684659e969ae all runs: OK # git bisect bad 91bc559d8d3aed488b4b50e9eba1d7ebb1da7bbf Bisecting: 976 revisions left to test after this (roughly 10 steps) [3139b1d79588f65977b3543149df01063dc3d323] nfsd: move nfsd4_change_attribute to nfsfh.c testing commit 3139b1d79588f65977b3543149df01063dc3d323 gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 8b62c6faa41e116e62a2013795a5da3f22ee5b9da1aa1b3637e69b51fd591967 all runs: OK # git bisect bad 3139b1d79588f65977b3543149df01063dc3d323 Bisecting: 489 revisions left to test after this (roughly 9 steps) [6e50979a9c87371fdb85d16058f9b5cb40751501] Merge tag 'mm-hotfixes-stable-2023-01-16-15-23' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm testing commit 6e50979a9c87371fdb85d16058f9b5cb40751501 gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 42bef3709e94964ba582833cfbc14bea0bfd77acc469bfa636a2a8a8161e4cd8 all runs: OK # git bisect bad 6e50979a9c87371fdb85d16058f9b5cb40751501 Bisecting: 238 revisions left to test after this (roughly 8 steps) [d45b832d6f41b003c1dee953096cfd4c6e5233b0] Merge tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux testing commit d45b832d6f41b003c1dee953096cfd4c6e5233b0 gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 476ba66e0af86c376475d5f00028fc342658abf70705d3f1045230009b42484c all runs: crashed: KASAN: use-after-free Read in io_wq_worker_running # git bisect good d45b832d6f41b003c1dee953096cfd4c6e5233b0 Bisecting: 120 revisions left to test after this (roughly 7 steps) [689968db7b6145b2e4beb8b472d31162ffa5ad7d] Merge tag 'sound-6.2-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound testing commit 689968db7b6145b2e4beb8b472d31162ffa5ad7d gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: c9d2b62b686e9f9b27d57c185b63b22dee07e42c9cba4461c115f28eed93913a run #0: crashed: KASAN: use-after-free Read in io_wq_worker_running run #1: crashed: KASAN: use-after-free Read in io_wq_worker_running run #2: crashed: KASAN: use-after-free Read in io_wq_worker_running run #3: crashed: KASAN: use-after-free Read in io_wqe_worker run #4: crashed: KASAN: use-after-free Read in io_wq_worker_running run #5: crashed: KASAN: use-after-free Read in io_wq_worker_running run #6: crashed: KASAN: use-after-free Read in io_wq_worker_running run #7: crashed: KASAN: use-after-free Read in io_wq_worker_running run #8: crashed: KASAN: use-after-free Read in io_wq_worker_running run #9: crashed: KASAN: use-after-free Read in io_wq_worker_running # git bisect good 689968db7b6145b2e4beb8b472d31162ffa5ad7d Bisecting: 58 revisions left to test after this (roughly 6 steps) [b35ad63eeccadbcc83f295a64a029f7e7188444f] Merge tag '6.2-rc3-smb3-client-fixes' of git://git.samba.org/sfrench/cifs-2.6 testing commit b35ad63eeccadbcc83f295a64a029f7e7188444f gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 78f98663c30ab974676f21d826167c820dc2e273bbce3cc088044635a17beff6 all runs: OK # git bisect bad b35ad63eeccadbcc83f295a64a029f7e7188444f Bisecting: 32 revisions left to test after this (roughly 5 steps) [92783a90bcbde8659dd4a160506c46c56db494d6] Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm testing commit 92783a90bcbde8659dd4a160506c46c56db494d6 gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 35747bd473a3edab773e3f03532e2abfb8913a955b29e7450e6140a55f247ae8 run #0: crashed: KASAN: use-after-free Read in io_wq_worker_running run #1: crashed: KASAN: use-after-free Read in io_wq_worker_running run #2: crashed: KASAN: use-after-free Read in io_wq_worker_running run #3: crashed: KASAN: use-after-free Read in io_wq_worker_running run #4: crashed: KASAN: use-after-free Read in io_wq_worker_running run #5: crashed: KFENCE: use-after-free in io_wq_worker_running run #6: crashed: KASAN: use-after-free Read in io_wq_worker_running run #7: crashed: KASAN: use-after-free Read in io_wq_worker_running run #8: crashed: KASAN: use-after-free Read in io_wq_worker_running run #9: crashed: KASAN: use-after-free Read in io_wq_worker_running # git bisect good 92783a90bcbde8659dd4a160506c46c56db494d6 Bisecting: 12 revisions left to test after this (roughly 4 steps) [97ec4d559d939743e8af83628be5af8da610d9dc] Merge tag 'block-6.2-2023-01-13' of git://git.kernel.dk/linux testing commit 97ec4d559d939743e8af83628be5af8da610d9dc gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 9ac2f294471efedd71227a02d287e58aab05e5b688cd6f9c0a619a8c8fc1fd0a all runs: OK # git bisect bad 97ec4d559d939743e8af83628be5af8da610d9dc Bisecting: 9 revisions left to test after this (roughly 3 steps) [2ce7592df99f7356cc8697ad10849987237abca4] Merge tag 'io_uring-6.2-2023-01-13' of git://git.kernel.dk/linux testing commit 2ce7592df99f7356cc8697ad10849987237abca4 gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 32e179b326b57c99ade37ac1dc6a0fc169f52e1e8e8379a7c6cafb4bee0c6b64 all runs: OK # git bisect bad 2ce7592df99f7356cc8697ad10849987237abca4 Bisecting: 4 revisions left to test after this (roughly 2 steps) [544d163d659d45a206d8929370d5a2984e546cb7] io_uring: lock overflowing for IOPOLL testing commit 544d163d659d45a206d8929370d5a2984e546cb7 gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 7ba5160755a31b25081e11475dcbbd8cc80b983a1df58b101c6b6c29ce07a527 all runs: OK # git bisect bad 544d163d659d45a206d8929370d5a2984e546cb7 Bisecting: 2 revisions left to test after this (roughly 1 step) [febb985c06cb6f5fac63598c0bffd4fd823d110d] io_uring/poll: add hash if ready poll request can't complete inline testing commit febb985c06cb6f5fac63598c0bffd4fd823d110d gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 455a3afcc271b2c9e2935157257a17f7f0245917cb23174a45a777f2647b8f25 all runs: OK # git bisect bad febb985c06cb6f5fac63598c0bffd4fd823d110d Bisecting: 0 revisions left to test after this (roughly 0 steps) [e6db6f9398dadcbc06318a133d4c44a2d3844e61] io_uring/io-wq: only free worker if it was allocated for creation testing commit e6db6f9398dadcbc06318a133d4c44a2d3844e61 gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 9c792a9f5afcd2d79d896b2a583fde278196f87f7a6589020efa40966dc3f00e all runs: OK # git bisect bad e6db6f9398dadcbc06318a133d4c44a2d3844e61 e6db6f9398dadcbc06318a133d4c44a2d3844e61 is the first bad commit commit e6db6f9398dadcbc06318a133d4c44a2d3844e61 Author: Jens Axboe Date: Sun Jan 8 10:39:17 2023 -0700 io_uring/io-wq: only free worker if it was allocated for creation We have two types of task_work based creation, one is using an existing worker to setup a new one (eg when going to sleep and we have no free workers), and the other is allocating a new worker. Only the latter should be freed when we cancel task_work creation for a new worker. Fixes: af82425c6a2d ("io_uring/io-wq: free worker if task_work creation is canceled") Reported-by: syzbot+d56ec896af3637bdb7e4@syzkaller.appspotmail.com Signed-off-by: Jens Axboe io_uring/io-wq.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) parent commit 12521a5d5cb7ff0ad43eadfc9c135d86e1131fa8 wasn't tested testing commit 12521a5d5cb7ff0ad43eadfc9c135d86e1131fa8 gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 03d038517eef7651e7deb4c48a33514366c2b45302d28129bfeb79305692c866 culprit signature: 9c792a9f5afcd2d79d896b2a583fde278196f87f7a6589020efa40966dc3f00e parent signature: 03d038517eef7651e7deb4c48a33514366c2b45302d28129bfeb79305692c866 revisions tested: 16, total time: 5h40m7.931992894s (build: 2h53m23.186284555s, test: 2h44m16.09511297s) first good commit: e6db6f9398dadcbc06318a133d4c44a2d3844e61 io_uring/io-wq: only free worker if it was allocated for creation recipients (to): ["axboe@kernel.dk"] recipients (cc): []