ci starts bisection 2023-03-13 08:27:42.723877036 +0000 UTC m=+264897.183128675 bisecting fixing commit since 1fe4fd6f5cad346e598593af36caeadc4f5d4fa9 building syzkaller on 1dac8c7a01e2bdd35cb04eb4901ddb157291ac2d ensuring issue is reproducible on original commit 1fe4fd6f5cad346e598593af36caeadc4f5d4fa9 testing commit 1fe4fd6f5cad346e598593af36caeadc4f5d4fa9 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 54c2fc0112208016342ffc2b879713ce4b860fd870c6f49bf663ee574c352abf run #0: crashed: KASAN: use-after-free Read in io_wq_put_and_exit run #1: crashed: KASAN: use-after-free Read in io_wq_worker_running run #2: crashed: KASAN: use-after-free Read in io_wq_put_and_exit run #3: crashed: KASAN: use-after-free Read in io_wq_worker_running run #4: crashed: KASAN: use-after-free Read in io_wq_worker_running run #5: crashed: KASAN: use-after-free Read in io_wqe_worker run #6: crashed: KASAN: use-after-free Read in io_wq_worker_running run #7: crashed: KASAN: use-after-free Read in io_wqe_worker run #8: crashed: KASAN: use-after-free Read in io_wqe_worker run #9: crashed: KASAN: use-after-free Read in io_wq_worker_running run #10: crashed: KASAN: use-after-free Read in io_wq_worker_running run #11: crashed: KASAN: use-after-free Read in io_wq_worker_running run #12: crashed: KASAN: use-after-free Read in io_wq_worker_running run #13: crashed: KASAN: use-after-free Read in io_wqe_worker run #14: OK run #15: crashed: KASAN: use-after-free Read in io_wqe_worker run #16: OK run #17: OK run #18: OK run #19: OK testing current HEAD eeac8ede17557680855031c6f305ece2378af326 testing commit eeac8ede17557680855031c6f305ece2378af326 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 945b9b822ec3436b274d0a102f44d5dd49af0962d8372ebf45b3746e517ce1ee all runs: OK # git bisect start eeac8ede17557680855031c6f305ece2378af326 1fe4fd6f5cad346e598593af36caeadc4f5d4fa9 Bisecting: 7874 revisions left to test after this (roughly 13 steps) [d5176cdbf64ce7d4eebf339205f17c23118e9f72] Merge tag 'pinctrl-v6.3-1' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl testing commit d5176cdbf64ce7d4eebf339205f17c23118e9f72 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: f383a7e98985af854b0262440de400e606d3bdc4528e9dbad04cd73136542fe2 all runs: OK # git bisect bad d5176cdbf64ce7d4eebf339205f17c23118e9f72 Bisecting: 3881 revisions left to test after this (roughly 12 steps) [056612fd41fef88eef22a032021cc15ef98cfc34] Merge tag 'x86-cleanups-2023-02-20' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip testing commit 056612fd41fef88eef22a032021cc15ef98cfc34 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: d9a31a4ec11aaa1d9a405aadab04747ee1a3804ae229f2fe27fc04f11217be2a all runs: OK # git bisect bad 056612fd41fef88eef22a032021cc15ef98cfc34 Bisecting: 1956 revisions left to test after this (roughly 11 steps) [cd776a4342b322a9e3df59b2da949fac4db313a0] Merge tag 'fsnotify_for_v6.3-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs testing commit cd776a4342b322a9e3df59b2da949fac4db313a0 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 2ad67024f4f25265bea4048e7ad586bc6b10e55b6b0f6d4607759fd0dbaace28 all runs: OK # git bisect bad cd776a4342b322a9e3df59b2da949fac4db313a0 Bisecting: 965 revisions left to test after this (roughly 10 steps) [e5eb2b22f0f4a1f0b98bc9b7efb352b0841a3bd2] Merge tag 'for-linus' of git://git.armlinux.org.uk/~rmk/linux-arm testing commit e5eb2b22f0f4a1f0b98bc9b7efb352b0841a3bd2 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 3a83e86ab4e8d2644edef85cee377605afb401c5f71847b35ba3b358d9e03858 all runs: OK # git bisect bad e5eb2b22f0f4a1f0b98bc9b7efb352b0841a3bd2 Bisecting: 496 revisions left to test after this (roughly 9 steps) [4a0c7a6831a0aa56db78a80f5a3e1ad5412d0fa8] Merge tag 'perf-tools-fixes-for-v6.2-3-2023-01-19' of git://git.kernel.org/pub/scm/linux/kernel/git/acme/linux testing commit 4a0c7a6831a0aa56db78a80f5a3e1ad5412d0fa8 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: eabd1ed88a0ffa53d6bf6bd640c86ce298d0361cf65cfed4f16603535aa4a9ba all runs: OK # git bisect bad 4a0c7a6831a0aa56db78a80f5a3e1ad5412d0fa8 Bisecting: 235 revisions left to test after this (roughly 8 steps) [0d0833e0399efecf3d75b54c3bc277660166d9a4] Merge tag 'platform-drivers-x86-v6.2-2' of git://git.kernel.org/pub/scm/linux/kernel/git/pdx86/platform-drivers-x86 testing commit 0d0833e0399efecf3d75b54c3bc277660166d9a4 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: b1c7484d354371aff76ec5043a092d1dfe9eb3f1880cb38a5af35d2dbe9de713 run #0: crashed: KASAN: use-after-free Read in io_wq_worker_running run #1: crashed: KASAN: use-after-free Read in io_wqe_worker run #2: crashed: KASAN: use-after-free Read in io_wq_put_and_exit run #3: crashed: KASAN: use-after-free Read in io_wq_worker_wake run #4: crashed: KASAN: use-after-free Read in io_wq_worker_running run #5: crashed: KASAN: use-after-free Read in io_wqe_worker run #6: crashed: KASAN: use-after-free Read in io_wqe_worker run #7: crashed: KASAN: use-after-free Read in io_wq_worker_running run #8: crashed: KASAN: use-after-free Read in io_wq_worker_running run #9: crashed: KASAN: use-after-free Read in io_wq_worker_running # git bisect good 0d0833e0399efecf3d75b54c3bc277660166d9a4 Bisecting: 114 revisions left to test after this (roughly 7 steps) [b35ad63eeccadbcc83f295a64a029f7e7188444f] Merge tag '6.2-rc3-smb3-client-fixes' of git://git.samba.org/sfrench/cifs-2.6 testing commit b35ad63eeccadbcc83f295a64a029f7e7188444f gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 3bb8c7fd6641441bdf11a2c7337ba3648de50f462ed4c7d850ff256a60b2f35c all runs: OK # git bisect bad b35ad63eeccadbcc83f295a64a029f7e7188444f Bisecting: 61 revisions left to test after this (roughly 6 steps) [689968db7b6145b2e4beb8b472d31162ffa5ad7d] Merge tag 'sound-6.2-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound testing commit 689968db7b6145b2e4beb8b472d31162ffa5ad7d gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: d60c8b425c71b5b1cf08bd38693084cf3aa41db8d74b81f9c5c70a6ed65361a9 run #0: crashed: KASAN: use-after-free Read in io_wqe_worker run #1: crashed: KASAN: use-after-free Read in io_wq_worker_running run #2: crashed: KASAN: use-after-free Read in io_wq_worker_running run #3: crashed: KASAN: use-after-free Read in io_wq_worker_running run #4: crashed: KASAN: use-after-free Read in io_wq_worker_running run #5: crashed: KASAN: use-after-free Read in io_wq_worker_running run #6: crashed: KASAN: use-after-free Read in io_wq_worker_running run #7: OK run #8: OK run #9: OK # git bisect good 689968db7b6145b2e4beb8b472d31162ffa5ad7d Bisecting: 32 revisions left to test after this (roughly 5 steps) [92783a90bcbde8659dd4a160506c46c56db494d6] Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm testing commit 92783a90bcbde8659dd4a160506c46c56db494d6 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 0ee4e5612c6a7da1409474c628513f5573f40940fee9540493910410a6c37e46 run #0: crashed: KASAN: use-after-free Read in io_wq_worker_running run #1: crashed: KASAN: use-after-free Read in io_wqe_worker run #2: crashed: KASAN: use-after-free Read in io_wqe_worker run #3: crashed: KASAN: use-after-free Read in io_wq_worker_running run #4: crashed: KASAN: use-after-free Read in io_wq_worker_running run #5: OK run #6: crashed: KASAN: use-after-free Read in io_wq_worker_running run #7: OK run #8: OK run #9: crashed: KASAN: use-after-free Read in io_wq_worker_running # git bisect good 92783a90bcbde8659dd4a160506c46c56db494d6 Bisecting: 12 revisions left to test after this (roughly 4 steps) [97ec4d559d939743e8af83628be5af8da610d9dc] Merge tag 'block-6.2-2023-01-13' of git://git.kernel.dk/linux testing commit 97ec4d559d939743e8af83628be5af8da610d9dc gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 4692fbaa047320a7b8ed0abf0a5c000fe795d7399e2165e62a83e2cb7f5aa5dc all runs: OK # git bisect bad 97ec4d559d939743e8af83628be5af8da610d9dc Bisecting: 9 revisions left to test after this (roughly 3 steps) [2ce7592df99f7356cc8697ad10849987237abca4] Merge tag 'io_uring-6.2-2023-01-13' of git://git.kernel.dk/linux testing commit 2ce7592df99f7356cc8697ad10849987237abca4 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 5d3a59b9ebe376b1ccf8cf86a3643667c2a69acf8a51feb44e873e74999e0ffa all runs: OK # git bisect bad 2ce7592df99f7356cc8697ad10849987237abca4 Bisecting: 4 revisions left to test after this (roughly 2 steps) [544d163d659d45a206d8929370d5a2984e546cb7] io_uring: lock overflowing for IOPOLL testing commit 544d163d659d45a206d8929370d5a2984e546cb7 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: e8554c03fe131335937e7ee5ce4cf2e8c3b04aae9c98aabfbb56ed4eb08d05e9 all runs: OK # git bisect bad 544d163d659d45a206d8929370d5a2984e546cb7 Bisecting: 2 revisions left to test after this (roughly 1 step) [febb985c06cb6f5fac63598c0bffd4fd823d110d] io_uring/poll: add hash if ready poll request can't complete inline testing commit febb985c06cb6f5fac63598c0bffd4fd823d110d gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 5d2b1f178409db99939575d4d745e0541ad599ac2f60b6c1a1c1accd1c584f66 all runs: OK # git bisect bad febb985c06cb6f5fac63598c0bffd4fd823d110d Bisecting: 0 revisions left to test after this (roughly 0 steps) [e6db6f9398dadcbc06318a133d4c44a2d3844e61] io_uring/io-wq: only free worker if it was allocated for creation testing commit e6db6f9398dadcbc06318a133d4c44a2d3844e61 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: f1556131b10dfa9c8f1b50f1849f961cdd8c662b68f67fcbc90efe2dabd849ba all runs: OK # git bisect bad e6db6f9398dadcbc06318a133d4c44a2d3844e61 e6db6f9398dadcbc06318a133d4c44a2d3844e61 is the first bad commit commit e6db6f9398dadcbc06318a133d4c44a2d3844e61 Author: Jens Axboe Date: Sun Jan 8 10:39:17 2023 -0700 io_uring/io-wq: only free worker if it was allocated for creation We have two types of task_work based creation, one is using an existing worker to setup a new one (eg when going to sleep and we have no free workers), and the other is allocating a new worker. Only the latter should be freed when we cancel task_work creation for a new worker. Fixes: af82425c6a2d ("io_uring/io-wq: free worker if task_work creation is canceled") Reported-by: syzbot+d56ec896af3637bdb7e4@syzkaller.appspotmail.com Signed-off-by: Jens Axboe io_uring/io-wq.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) parent commit 12521a5d5cb7ff0ad43eadfc9c135d86e1131fa8 wasn't tested testing commit 12521a5d5cb7ff0ad43eadfc9c135d86e1131fa8 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 7ecf50cb4bdfdca5a1888aaf68a8cb857d8269269965fa40772c07af8e46b855 culprit signature: f1556131b10dfa9c8f1b50f1849f961cdd8c662b68f67fcbc90efe2dabd849ba parent signature: 7ecf50cb4bdfdca5a1888aaf68a8cb857d8269269965fa40772c07af8e46b855 revisions tested: 16, total time: 6h3m39.012323719s (build: 2h55m9.456125084s, test: 3h5m15.646560665s) first good commit: e6db6f9398dadcbc06318a133d4c44a2d3844e61 io_uring/io-wq: only free worker if it was allocated for creation recipients (to): ["axboe@kernel.dk"] recipients (cc): []