bisecting cause commit starting from 3dbdb38e286903ec220aaf1fb29a8d94297da246 building syzkaller on 4846d5c1dcbf362c2e9949b24feca9670ca9b4b9 testing commit 3dbdb38e286903ec220aaf1fb29a8d94297da246 with gcc (GCC) 10.2.1 20210217 kernel signature: 8481f9b2f2a7ab11d955c97afbc70c98b55326b531dbb64e72a19810026b3ae0 run #0: basic kernel testing failed: possible deadlock in fs_reclaim_acquire run #1: crashed: possible deadlock in fs_reclaim_acquire run #2: crashed: INFO: task hung in io_uring_cancel_generic run #3: crashed: INFO: task hung in io_uring_cancel_generic run #4: crashed: INFO: task hung in io_uring_cancel_generic run #5: crashed: INFO: task hung in io_uring_cancel_generic run #6: crashed: INFO: task hung in io_uring_cancel_generic run #7: crashed: INFO: task hung in io_uring_cancel_generic run #8: crashed: INFO: task hung in io_uring_cancel_generic run #9: crashed: INFO: task hung in io_uring_cancel_generic run #10: crashed: INFO: task hung in io_uring_cancel_generic run #11: crashed: INFO: task hung in io_uring_cancel_generic run #12: crashed: INFO: task hung in io_uring_cancel_generic run #13: crashed: INFO: task hung in io_uring_cancel_generic run #14: crashed: INFO: task hung in io_uring_cancel_generic run #15: crashed: INFO: task hung in io_uring_cancel_generic run #16: crashed: INFO: task hung in io_uring_cancel_generic run #17: crashed: INFO: task hung in io_uring_cancel_generic run #18: crashed: INFO: task hung in io_uring_cancel_generic run #19: crashed: INFO: task hung in io_uring_cancel_generic testing release v5.13 testing commit 62fb9874f5da54fdb243003b386128037319b219 with gcc (GCC) 10.2.1 20210217 kernel signature: b2b01d09ecb07ab9e2391336ffec13128978f4df5fdf36ea6198ee0e3ee4b360 run #0: crashed: BUG: sleeping function called from invalid context in lock_sock_nested run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK reproducer seems to be flaky testing release v5.12 testing commit 9f4ad9e425a1d3b6a34617b8ea226d56a119a717 with gcc (GCC) 10.2.1 20210217 kernel signature: c0aa1dc77972e653d27b1131ed0a6e6fe8407d5227a7d01b1cbd0807e2bc6832 all runs: OK # git bisect start 62fb9874f5da54fdb243003b386128037319b219 9f4ad9e425a1d3b6a34617b8ea226d56a119a717 Bisecting: 8739 revisions left to test after this (roughly 13 steps) [85f3f17b5db2dd9f8a094a0ddc665555135afd22] Merge branch 'md-fixes' of https://git.kernel.org/pub/scm/linux/kernel/git/song/md into block-5.13 testing commit 85f3f17b5db2dd9f8a094a0ddc665555135afd22 with gcc (GCC) 10.2.1 20210217 kernel signature: b597907b22cbee9a33bc42ec0b83df40f11f8b83a1d5d5ed9ce8c5bc0e9a5bac all runs: OK # git bisect good 85f3f17b5db2dd9f8a094a0ddc665555135afd22 Bisecting: 4369 revisions left to test after this (roughly 12 steps) [23243c1ace9fb4eae2f75e0fe0ece8e3219fb4f3] arch: use cross_compiling to check whether it is a cross build or not testing commit 23243c1ace9fb4eae2f75e0fe0ece8e3219fb4f3 with gcc (GCC) 10.2.1 20210217 kernel signature: f3d72fb516ee1421e240cd1c07c1178a09737b39a0d0250621fa6c477d8d94bf run #0: basic kernel testing failed: WARNING in __nf_unregister_net_hook run #1: basic kernel testing failed: WARNING in __nf_unregister_net_hook run #2: basic kernel testing failed: WARNING in __nf_unregister_net_hook run #3: basic kernel testing failed: WARNING in __nf_unregister_net_hook run #4: basic kernel testing failed: WARNING in __nf_unregister_net_hook run #5: basic kernel testing failed: WARNING in __nf_unregister_net_hook run #6: basic kernel testing failed: WARNING in __nf_unregister_net_hook run #7: basic kernel testing failed: WARNING in __nf_unregister_net_hook run #8: basic kernel testing failed: WARNING in __nf_unregister_net_hook run #9: basic kernel testing failed: WARNING in __nf_unregister_net_hook run #10: basic kernel testing failed: WARNING in __nf_unregister_net_hook run #11: basic kernel testing failed: WARNING in __nf_unregister_net_hook run #12: basic kernel testing failed: WARNING in __nf_unregister_net_hook run #13: basic kernel testing failed: WARNING in __nf_unregister_net_hook run #14: basic kernel testing failed: WARNING in __nf_unregister_net_hook run #15: crashed: WARNING in __nf_unregister_net_hook run #16: basic kernel testing failed: WARNING in __nf_unregister_net_hook run #17: basic kernel testing failed: WARNING in __nf_unregister_net_hook run #18: crashed: WARNING in __nf_unregister_net_hook run #19: crashed: kernel panic: panic_on_warn set # git bisect bad 23243c1ace9fb4eae2f75e0fe0ece8e3219fb4f3 Bisecting: 2187 revisions left to test after this (roughly 11 steps) [aeacb52a8de7046be5399ba311f49bce96e1b269] net/mlx5: DR, Add support for isolate_vl_tc QP testing commit aeacb52a8de7046be5399ba311f49bce96e1b269 with gcc (GCC) 10.2.1 20210217 kernel signature: b345e6b1f1f6b940cc52f7aa10cfe7180ddbaf1da3c6bf970213ade788bf5a9d run #0: basic kernel testing failed: failed to copy test binary to VM: failed to run ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "/syzkaller/jobs/linux/gopath/src/github.com/google/syzkaller/bin/linux_amd64/syz-fuzzer" "root@10.128.0.37:./syz-fuzzer"]: exit status 1 ssh: connect to host 10.128.0.37 port 22: Connection timed out lost connection run #1: basic kernel testing failed: failed to copy test binary to VM: failed to run ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "/syzkaller/jobs/linux/gopath/src/github.com/google/syzkaller/bin/linux_amd64/syz-fuzzer" "root@10.128.10.60:./syz-fuzzer"]: exit status 1 ssh: connect to host 10.128.10.60 port 22: Connection timed out lost connection run #2: basic kernel testing failed: failed to copy test binary to VM: timedout ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "/syzkaller/jobs/linux/gopath/src/github.com/google/syzkaller/bin/linux_amd64/syz-fuzzer" "root@10.128.0.183:./syz-fuzzer"] run #3: basic kernel testing failed: failed to copy test binary to VM: timedout ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "/syzkaller/jobs/linux/gopath/src/github.com/google/syzkaller/bin/linux_amd64/syz-fuzzer" "root@10.128.15.194:./syz-fuzzer"] run #4: basic kernel testing failed: failed to copy test binary to VM: timedout ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "/syzkaller/jobs/linux/gopath/src/github.com/google/syzkaller/bin/linux_amd64/syz-fuzzer" "root@10.128.15.204:./syz-fuzzer"] run #5: basic kernel testing failed: failed to copy test binary to VM: timedout ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "/syzkaller/jobs/linux/gopath/src/github.com/google/syzkaller/bin/linux_amd64/syz-fuzzer" "root@10.128.15.206:./syz-fuzzer"] run #6: boot failed: KASAN: use-after-free Read in page_to_skb run #7: boot failed: KASAN: use-after-free Read in page_to_skb run #8: boot failed: KASAN: use-after-free Read in page_to_skb run #9: boot failed: KASAN: use-after-free Read in page_to_skb run #10: boot failed: KASAN: use-after-free Read in page_to_skb run #11: boot failed: KASAN: use-after-free Read in page_to_skb run #12: boot failed: KASAN: use-after-free Read in page_to_skb run #13: boot failed: KASAN: use-after-free Read in page_to_skb run #14: boot failed: KASAN: use-after-free Read in page_to_skb run #15: boot failed: KASAN: use-after-free Read in page_to_skb run #16: boot failed: KASAN: use-after-free Read in page_to_skb run #17: boot failed: KASAN: slab-out-of-bounds Read in page_to_skb run #18: boot failed: KASAN: use-after-free Read in page_to_skb run #19: boot failed: KASAN: use-after-free Read in page_to_skb # git bisect skip aeacb52a8de7046be5399ba311f49bce96e1b269 Bisecting: 2187 revisions left to test after this (roughly 11 steps) [e7d48e5fbf30f85c89d83683c3d2dbdaa8884103] net: enetc: add a mini driver for the Integrated Endpoint Register Block testing commit e7d48e5fbf30f85c89d83683c3d2dbdaa8884103 with gcc (GCC) 10.2.1 20210217 kernel signature: 41d8de57f97ec3eda2ccad3bf5a60ac1b37d98c27d0d7357c23b0ccab9c5c29d run #0: basic kernel testing failed: failed to copy test binary to VM: failed to run ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "/syzkaller/jobs/linux/gopath/src/github.com/google/syzkaller/bin/linux_amd64/syz-fuzzer" "root@10.128.10.40:./syz-fuzzer"]: exit status 1 ssh: connect to host 10.128.10.40 port 22: Connection timed out lost connection run #1: basic kernel testing failed: failed to copy test binary to VM: failed to run ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "/syzkaller/jobs/linux/gopath/src/github.com/google/syzkaller/bin/linux_amd64/syz-fuzzer" "root@10.128.1.30:./syz-fuzzer"]: exit status 1 ssh: connect to host 10.128.1.30 port 22: Connection timed out lost connection run #2: basic kernel testing failed: failed to copy test binary to VM: failed to run ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "/syzkaller/jobs/linux/gopath/src/github.com/google/syzkaller/bin/linux_amd64/syz-fuzzer" "root@10.128.15.210:./syz-fuzzer"]: exit status 1 ssh: connect to host 10.128.15.210 port 22: Connection timed out lost connection run #3: basic kernel testing failed: failed to copy test binary to VM: failed to run ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "/syzkaller/jobs/linux/gopath/src/github.com/google/syzkaller/bin/linux_amd64/syz-fuzzer" "root@10.128.15.209:./syz-fuzzer"]: exit status 1 ssh: connect to host 10.128.15.209 port 22: Connection timed out lost connection run #4: basic kernel testing failed: failed to copy test binary to VM: timedout ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "/syzkaller/jobs/linux/gopath/src/github.com/google/syzkaller/bin/linux_amd64/syz-fuzzer" "root@10.128.10.56:./syz-fuzzer"] run #5: basic kernel testing failed: failed to copy test binary to VM: timedout ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "/syzkaller/jobs/linux/gopath/src/github.com/google/syzkaller/bin/linux_amd64/syz-fuzzer" "root@10.128.0.171:./syz-fuzzer"] run #6: boot failed: KASAN: use-after-free Read in page_to_skb run #7: boot failed: KASAN: use-after-free Read in page_to_skb run #8: boot failed: KASAN: use-after-free Read in page_to_skb run #9: boot failed: KASAN: use-after-free Read in page_to_skb run #10: boot failed: KASAN: use-after-free Read in page_to_skb run #11: boot failed: KASAN: use-after-free Read in page_to_skb run #12: boot failed: KASAN: use-after-free Read in page_to_skb run #13: boot failed: KASAN: use-after-free Read in page_to_skb run #14: boot failed: KASAN: use-after-free Read in page_to_skb run #15: boot failed: KASAN: use-after-free Read in page_to_skb run #16: boot failed: KASAN: use-after-free in page_to_skb run #17: boot failed: KASAN: use-after-free Read in page_to_skb run #18: boot failed: KASAN: use-after-free Read in page_to_skb run #19: boot failed: KASAN: use-after-free Read in page_to_skb # git bisect skip e7d48e5fbf30f85c89d83683c3d2dbdaa8884103 Bisecting: 2187 revisions left to test after this (roughly 11 steps) [5b7c0c32c90494f5aaf13f417cff5dc204575597] net: ocelot: Simplify MRP deletion testing commit 5b7c0c32c90494f5aaf13f417cff5dc204575597 with gcc (GCC) 10.2.1 20210217 kernel signature: e25b3b711baf4143c276ef84754008240077c500374dba9933cd4d680606c650 run #0: crashed: WARNING in kvm_wait run #1: crashed: WARNING in kvm_wait run #2: crashed: WARNING in kvm_wait run #3: crashed: WARNING in kvm_wait run #4: crashed: WARNING in kvm_wait run #5: crashed: WARNING in kvm_wait run #6: crashed: WARNING in kvm_wait run #7: boot failed: WARNING in kvm_wait run #8: boot failed: WARNING in kvm_wait run #9: boot failed: WARNING in kvm_wait run #10: boot failed: WARNING in kvm_wait run #11: boot failed: WARNING in kvm_wait run #12: boot failed: WARNING in kvm_wait run #13: OK run #14: OK run #15: OK run #16: OK run #17: OK run #18: OK run #19: OK # git bisect bad 5b7c0c32c90494f5aaf13f417cff5dc204575597 Bisecting: 375 revisions left to test after this (roughly 9 steps) [5acd0cfbfbb5a688da1bfb1a2152b0c855115a35] net: lapbether: Prevent racing when checking whether the netif is running testing commit 5acd0cfbfbb5a688da1bfb1a2152b0c855115a35 with gcc (GCC) 10.2.1 20210217 kernel signature: c8b40a7c9a4b9a963d8a978654c38c9e42703580ebc3e261f16bc840b67f5498 run #0: crashed: WARNING in kvm_wait run #1: crashed: WARNING in kvm_wait run #2: crashed: WARNING in kvm_wait run #3: crashed: WARNING in kvm_wait run #4: crashed: WARNING in kvm_wait run #5: crashed: WARNING in kvm_wait run #6: boot failed: WARNING in kvm_wait run #7: boot failed: WARNING in kvm_wait run #8: boot failed: WARNING in kvm_wait run #9: boot failed: WARNING in kvm_wait run #10: boot failed: WARNING in kvm_wait run #11: boot failed: WARNING in kvm_wait run #12: boot failed: WARNING in kvm_wait run #13: boot failed: WARNING in kvm_wait run #14: OK run #15: OK run #16: OK run #17: OK run #18: OK run #19: OK # git bisect bad 5acd0cfbfbb5a688da1bfb1a2152b0c855115a35 Bisecting: 186 revisions left to test after this (roughly 8 steps) [3094552bcd726682ded98e4f4aa97a7c6646f638] net/mlx5: SF, Fix return type testing commit 3094552bcd726682ded98e4f4aa97a7c6646f638 with gcc (GCC) 10.2.1 20210217 kernel signature: aa3417e0188206d287c530816cd86e1d099d6c71320c494a537f87675aff4997 run #0: crashed: WARNING in kvm_wait run #1: crashed: WARNING in kvm_wait run #2: crashed: WARNING in kvm_wait run #3: crashed: WARNING in kvm_wait run #4: crashed: WARNING in kvm_wait run #5: basic kernel testing failed: failed to copy test binary to VM: timedout ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "/tmp/syz-executor466678204" "root@10.128.1.43:./syz-executor466678204"] Warning: Permanently added '10.128.1.43' (ECDSA) to the list of known hosts. run #6: boot failed: WARNING in kvm_wait run #7: boot failed: WARNING in kvm_wait run #8: boot failed: WARNING in kvm_wait run #9: boot failed: WARNING in kvm_wait run #10: boot failed: WARNING in kvm_wait run #11: boot failed: WARNING in kvm_wait run #12: boot failed: WARNING in kvm_wait run #13: boot failed: WARNING in kvm_wait run #14: boot failed: WARNING in kvm_wait run #15: OK run #16: OK run #17: OK run #18: OK run #19: OK # git bisect bad 3094552bcd726682ded98e4f4aa97a7c6646f638 Bisecting: 93 revisions left to test after this (roughly 7 steps) [3fcd50d6f9a963a21e142d71be135eff6a374d2d] selftests/bpf: Add BTF_KIND_FLOAT to test_core_reloc_size testing commit 3fcd50d6f9a963a21e142d71be135eff6a374d2d with gcc (GCC) 10.2.1 20210217 kernel signature: 4857f068e8ecc34427b0c113a6f51a99e8ba49b0c0f883a6f8b9970f6a8381e3 run #0: crashed: WARNING in kvm_wait run #1: crashed: KASAN: invalid-free in io_req_caches_free run #2: crashed: KASAN: invalid-free in io_req_caches_free run #3: crashed: KASAN: invalid-free in io_req_caches_free run #4: crashed: KASAN: invalid-free in io_req_caches_free run #5: crashed: KASAN: invalid-free in io_req_caches_free run #6: crashed: KASAN: invalid-free in io_req_caches_free run #7: crashed: KASAN: invalid-free in io_req_caches_free run #8: crashed: KASAN: invalid-free in io_req_caches_free run #9: crashed: KASAN: invalid-free in io_req_caches_free run #10: crashed: KASAN: invalid-free in io_req_caches_free run #11: crashed: KASAN: invalid-free in io_req_caches_free run #12: boot failed: WARNING in kvm_wait run #13: boot failed: WARNING in kvm_wait run #14: boot failed: WARNING in kvm_wait run #15: boot failed: WARNING in kvm_wait run #16: boot failed: WARNING in kvm_wait run #17: boot failed: WARNING in kvm_wait run #18: boot failed: WARNING in kvm_wait run #19: boot failed: WARNING in kvm_wait # git bisect bad 3fcd50d6f9a963a21e142d71be135eff6a374d2d Bisecting: 46 revisions left to test after this (roughly 6 steps) [04883a079968e6250a4549f6fadb6427c534885e] tools, bpf_asm: Hard error on out of range jumps testing commit 04883a079968e6250a4549f6fadb6427c534885e with gcc (GCC) 10.2.1 20210217 kernel signature: 8e0d9b1036e11a0ff829959c29c4218a2c5a086e76f21c7acb80af6d46cfd6f4 run #0: crashed: WARNING in kvm_wait run #1: crashed: WARNING in kvm_wait run #2: crashed: KASAN: invalid-free in io_req_caches_free run #3: crashed: KASAN: invalid-free in io_req_caches_free run #4: crashed: KASAN: invalid-free in io_req_caches_free run #5: crashed: KASAN: invalid-free in io_req_caches_free run #6: crashed: KASAN: invalid-free in io_req_caches_free run #7: crashed: KASAN: invalid-free in io_req_caches_free run #8: crashed: KASAN: invalid-free in io_req_caches_free run #9: crashed: KASAN: invalid-free in io_req_caches_free run #10: crashed: KASAN: invalid-free in io_req_caches_free run #11: crashed: KASAN: invalid-free in io_req_caches_free run #12: crashed: KASAN: invalid-free in io_req_caches_free run #13: boot failed: WARNING in kvm_wait run #14: boot failed: WARNING in kvm_wait run #15: boot failed: WARNING in kvm_wait run #16: boot failed: WARNING in kvm_wait run #17: boot failed: WARNING in kvm_wait run #18: boot failed: WARNING in kvm_wait run #19: boot failed: WARNING in kvm_wait # git bisect bad 04883a079968e6250a4549f6fadb6427c534885e Bisecting: 22 revisions left to test after this (roughly 5 steps) [16137b09a66f2b75090f1e56a9ba0e27ef845ebc] bpf: Compute data_end dynamically with JIT code testing commit 16137b09a66f2b75090f1e56a9ba0e27ef845ebc with gcc (GCC) 10.2.1 20210217 kernel signature: f780a06fb3701892017bd3b91f1d36d6abdfd16792b4a40c85897c9592a97057 run #0: crashed: WARNING in kvm_wait run #1: crashed: WARNING in kvm_wait run #2: crashed: KASAN: invalid-free in io_req_caches_free run #3: crashed: KASAN: invalid-free in io_req_caches_free run #4: crashed: KASAN: invalid-free in io_req_caches_free run #5: crashed: KASAN: invalid-free in io_req_caches_free run #6: crashed: KASAN: invalid-free in io_req_caches_free run #7: crashed: KASAN: invalid-free in io_req_caches_free run #8: crashed: KASAN: invalid-free in io_req_caches_free run #9: crashed: KASAN: invalid-free in io_req_caches_free run #10: crashed: KASAN: invalid-free in io_req_caches_free run #11: crashed: KASAN: invalid-free in io_req_caches_free run #12: crashed: KASAN: invalid-free in io_req_caches_free run #13: crashed: KASAN: invalid-free in io_req_caches_free run #14: boot failed: WARNING in kvm_wait run #15: boot failed: WARNING in kvm_wait run #16: boot failed: WARNING in kvm_wait run #17: boot failed: WARNING in kvm_wait run #18: boot failed: WARNING in kvm_wait run #19: boot failed: WARNING in kvm_wait # git bisect bad 16137b09a66f2b75090f1e56a9ba0e27ef845ebc Bisecting: 11 revisions left to test after this (roughly 4 steps) [ced47e30ab8b3ed986e28411f63e041b51c1fdf8] bpf: runqslower: Use task local storage testing commit ced47e30ab8b3ed986e28411f63e041b51c1fdf8 with gcc (GCC) 10.2.1 20210217 kernel signature: cdee7b01fad33f45a1f1479580bfb1e1131ae7b6dc2c0eb6a92bc4d794a4f76f run #0: crashed: WARNING in kvm_wait run #1: crashed: KASAN: invalid-free in io_req_caches_free run #2: crashed: KASAN: invalid-free in io_req_caches_free run #3: crashed: KASAN: invalid-free in io_req_caches_free run #4: crashed: KASAN: invalid-free in io_req_caches_free run #5: crashed: KASAN: invalid-free in io_req_caches_free run #6: crashed: KASAN: invalid-free in io_req_caches_free run #7: crashed: KASAN: invalid-free in io_req_caches_free run #8: crashed: KASAN: invalid-free in io_req_caches_free run #9: crashed: KASAN: invalid-free in io_req_caches_free run #10: crashed: KASAN: invalid-free in io_req_caches_free run #11: crashed: KASAN: invalid-free in io_req_caches_free run #12: crashed: KASAN: invalid-free in io_req_caches_free run #13: crashed: KASAN: invalid-free in io_req_caches_free run #14: crashed: KASAN: invalid-free in io_req_caches_free run #15: crashed: KASAN: invalid-free in io_req_caches_free run #16: boot failed: WARNING in kvm_wait run #17: boot failed: WARNING in kvm_wait run #18: boot failed: WARNING in kvm_wait run #19: boot failed: WARNING in kvm_wait # git bisect bad ced47e30ab8b3ed986e28411f63e041b51c1fdf8 Bisecting: 5 revisions left to test after this (roughly 3 steps) [9c8f21e6f8856a96634e542a58ef3abf27486801] xsk: Build skb by page (aka generic zerocopy xmit) testing commit 9c8f21e6f8856a96634e542a58ef3abf27486801 with gcc (GCC) 10.2.1 20210217 kernel signature: 13fa82c9c80e16c67bddf5969b6f3858a53c1c0f13d9a706d75851654283f36f run #0: crashed: KASAN: invalid-free in io_req_caches_free run #1: crashed: KASAN: invalid-free in io_req_caches_free run #2: crashed: KASAN: invalid-free in io_req_caches_free run #3: crashed: KASAN: invalid-free in io_req_caches_free run #4: crashed: KASAN: invalid-free in io_req_caches_free run #5: crashed: KASAN: invalid-free in io_req_caches_free run #6: crashed: KASAN: invalid-free in io_req_caches_free run #7: crashed: KASAN: invalid-free in io_req_caches_free run #8: crashed: KASAN: invalid-free in io_req_caches_free run #9: crashed: KASAN: invalid-free in io_req_caches_free run #10: crashed: KASAN: invalid-free in io_req_caches_free run #11: crashed: KASAN: invalid-free in io_req_caches_free run #12: crashed: KASAN: invalid-free in io_req_caches_free run #13: crashed: KASAN: invalid-free in io_req_caches_free run #14: boot failed: WARNING in kvm_wait run #15: boot failed: WARNING in kvm_wait run #16: boot failed: WARNING in kvm_wait run #17: boot failed: WARNING in kvm_wait run #18: boot failed: WARNING in kvm_wait run #19: boot failed: WARNING in kvm_wait # git bisect bad 9c8f21e6f8856a96634e542a58ef3abf27486801 Bisecting: 2 revisions left to test after this (roughly 2 steps) [c2ff53d8049f30098153cd2d1299a44d7b124c57] net: Add priv_flags for allow tx skb without linear testing commit c2ff53d8049f30098153cd2d1299a44d7b124c57 with gcc (GCC) 10.2.1 20210217 kernel signature: 8301d9c3ac25107963d24c0cd808b0d86290f6e341116022827ef14bcc78c159 run #0: crashed: WARNING in kvm_wait run #1: crashed: KASAN: invalid-free in io_req_caches_free run #2: crashed: KASAN: invalid-free in io_req_caches_free run #3: crashed: KASAN: invalid-free in io_req_caches_free run #4: crashed: KASAN: invalid-free in io_req_caches_free run #5: crashed: KASAN: invalid-free in io_req_caches_free run #6: crashed: KASAN: invalid-free in io_req_caches_free run #7: crashed: KASAN: invalid-free in io_req_caches_free run #8: crashed: KASAN: invalid-free in io_req_caches_free run #9: crashed: KASAN: invalid-free in io_req_caches_free run #10: crashed: KASAN: invalid-free in io_req_caches_free run #11: crashed: KASAN: invalid-free in io_req_caches_free run #12: crashed: KASAN: invalid-free in io_req_caches_free run #13: crashed: KASAN: invalid-free in io_req_caches_free run #14: crashed: KASAN: invalid-free in io_req_caches_free run #15: boot failed: WARNING in kvm_wait run #16: boot failed: WARNING in kvm_wait run #17: boot failed: WARNING in kvm_wait run #18: boot failed: WARNING in kvm_wait run #19: boot failed: WARNING in kvm_wait # git bisect bad c2ff53d8049f30098153cd2d1299a44d7b124c57 Bisecting: 0 revisions left to test after this (roughly 1 step) [2463e073497385ef63c220571013a2b89e9b95cc] netdevice: Add missing IFF_PHONY_HEADROOM self-definition testing commit 2463e073497385ef63c220571013a2b89e9b95cc with gcc (GCC) 10.2.1 20210217 kernel signature: 68aba14ef6c2f2845fa854e306efaedd55c5a07a2f76157c7c399684c068c3f4 run #0: crashed: WARNING in kvm_wait run #1: crashed: KASAN: invalid-free in io_req_caches_free run #2: crashed: KASAN: invalid-free in io_req_caches_free run #3: crashed: KASAN: invalid-free in io_req_caches_free run #4: crashed: KASAN: invalid-free in io_req_caches_free run #5: crashed: KASAN: invalid-free in io_req_caches_free run #6: crashed: KASAN: invalid-free in io_req_caches_free run #7: crashed: KASAN: invalid-free in io_req_caches_free run #8: crashed: KASAN: invalid-free in io_req_caches_free run #9: crashed: KASAN: invalid-free in io_req_caches_free run #10: crashed: KASAN: invalid-free in io_req_caches_free run #11: crashed: KASAN: invalid-free in io_req_caches_free run #12: crashed: KASAN: invalid-free in io_req_caches_free run #13: crashed: KASAN: invalid-free in io_req_caches_free run #14: crashed: KASAN: invalid-free in io_req_caches_free run #15: crashed: KASAN: invalid-free in io_req_caches_free run #16: boot failed: WARNING in kvm_wait run #17: boot failed: WARNING in kvm_wait run #18: boot failed: WARNING in kvm_wait run #19: boot failed: WARNING in kvm_wait # git bisect bad 2463e073497385ef63c220571013a2b89e9b95cc Bisecting: 0 revisions left to test after this (roughly 0 steps) [b9fc8b4a591811546fec2dbef7e9f809362100c9] bpf: Add kernel/modules BTF presence checks to bpftool feature command testing commit b9fc8b4a591811546fec2dbef7e9f809362100c9 with gcc (GCC) 10.2.1 20210217 kernel signature: 4c6d2ec159830c704b760d02fb7b97f10a33ee59eb9a2fa45e0b6b594ee823c7 run #0: crashed: WARNING in kvm_wait run #1: crashed: WARNING in kvm_wait run #2: crashed: KASAN: invalid-free in io_req_caches_free run #3: crashed: KASAN: invalid-free in io_req_caches_free run #4: crashed: KASAN: invalid-free in io_req_caches_free run #5: crashed: KASAN: invalid-free in io_req_caches_free run #6: crashed: KASAN: invalid-free in io_req_caches_free run #7: crashed: KASAN: invalid-free in io_req_caches_free run #8: crashed: KASAN: invalid-free in io_req_caches_free run #9: crashed: KASAN: invalid-free in io_req_caches_free run #10: crashed: KASAN: invalid-free in io_req_caches_free run #11: crashed: KASAN: invalid-free in io_req_caches_free run #12: crashed: KASAN: invalid-free in io_req_caches_free run #13: crashed: KASAN: invalid-free in io_req_caches_free run #14: crashed: KASAN: invalid-free in io_req_caches_free run #15: crashed: KASAN: invalid-free in io_req_caches_free run #16: boot failed: WARNING in kvm_wait run #17: boot failed: WARNING in kvm_wait run #18: boot failed: WARNING in kvm_wait run #19: boot failed: WARNING in kvm_wait # git bisect bad b9fc8b4a591811546fec2dbef7e9f809362100c9 b9fc8b4a591811546fec2dbef7e9f809362100c9 is the first bad commit commit b9fc8b4a591811546fec2dbef7e9f809362100c9 Author: Grant Seltzer Date: Mon Feb 22 19:58:46 2021 +0000 bpf: Add kernel/modules BTF presence checks to bpftool feature command This adds both the CONFIG_DEBUG_INFO_BTF and CONFIG_DEBUG_INFO_BTF_MODULES kernel compile option to output of the bpftool feature command. This is relevant for developers that want to account for data structure definition differences between kernels. Signed-off-by: Grant Seltzer Signed-off-by: Andrii Nakryiko Signed-off-by: Daniel Borkmann Acked-by: Martin KaFai Lau Link: https://lore.kernel.org/bpf/20210222195846.155483-1-grantseltzer@gmail.com tools/bpf/bpftool/feature.c | 4 ++++ 1 file changed, 4 insertions(+) parent commit d310ec03a34e92a77302edb804f7d68ee4f01ba0 wasn't tested testing commit d310ec03a34e92a77302edb804f7d68ee4f01ba0 with gcc (GCC) 10.2.1 20210217 kernel signature: 4c6d2ec159830c704b760d02fb7b97f10a33ee59eb9a2fa45e0b6b594ee823c7 culprit signature: 4c6d2ec159830c704b760d02fb7b97f10a33ee59eb9a2fa45e0b6b594ee823c7 parent signature: 4c6d2ec159830c704b760d02fb7b97f10a33ee59eb9a2fa45e0b6b594ee823c7 Reproducer flagged being flaky revisions tested: 18, total time: 5h26m31.769391617s (build: 2h12m52.634495263s, test: 3h11m32.023792384s) first bad commit: b9fc8b4a591811546fec2dbef7e9f809362100c9 bpf: Add kernel/modules BTF presence checks to bpftool feature command recipients (to): ["andrii@kernel.org" "daniel@iogearbox.net" "grantseltzer@gmail.com" "kafai@fb.com"] recipients (cc): [] crash: KASAN: invalid-free in io_req_caches_free ================================================================== BUG: KASAN: double-free or invalid-free in io_req_caches_free.constprop.0+0x35a/0x580 fs/io_uring.c:8709 CPU: 1 PID: 18291 Comm: kworker/u4:13 Not tainted 5.11.0-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: events_unbound io_ring_exit_work Call Trace: __dump_stack lib/dump_stack.c:79 [inline] dump_stack+0xa5/0xe6 lib/dump_stack.c:120 print_address_description.constprop.0.cold+0x5b/0x2c6 mm/kasan/report.c:230 kasan_report_invalid_free+0x51/0x80 mm/kasan/report.c:355 ____kasan_slab_free+0xcc/0xe0 mm/kasan/common.c:341 kasan_slab_free include/linux/kasan.h:192 [inline] __cache_free mm/slab.c:3424 [inline] kmem_cache_free_bulk+0x4b/0x1b0 mm/slab.c:3744 io_req_caches_free.constprop.0+0x35a/0x580 fs/io_uring.c:8709 io_ring_ctx_free fs/io_uring.c:8764 [inline] io_ring_exit_work+0x426/0x5a0 fs/io_uring.c:8846 process_one_work+0x84c/0x13b0 kernel/workqueue.c:2275 worker_thread+0x598/0xf80 kernel/workqueue.c:2421 kthread+0x36f/0x450 kernel/kthread.c:292 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294 Allocated by task 3527: kasan_save_stack+0x1b/0x40 mm/kasan/common.c:38 kasan_set_track mm/kasan/common.c:46 [inline] set_alloc_info mm/kasan/common.c:401 [inline] ____kasan_kmalloc.constprop.0+0x7f/0xa0 mm/kasan/common.c:429 kasan_slab_alloc include/linux/kasan.h:209 [inline] slab_post_alloc_hook mm/slab.h:512 [inline] kmem_cache_alloc_bulk+0x2c2/0x460 mm/slab.c:3534 io_alloc_req fs/io_uring.c:2014 [inline] io_submit_sqes+0x130e/0x2380 fs/io_uring.c:6915 __do_sys_io_uring_enter+0xb94/0x17d0 fs/io_uring.c:9454 do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x44/0xae Freed by task 3527: kasan_save_stack+0x1b/0x40 mm/kasan/common.c:38 kasan_set_track+0x1c/0x30 mm/kasan/common.c:46 kasan_set_free_info+0x20/0x30 mm/kasan/generic.c:356 ____kasan_slab_free+0xb0/0xe0 mm/kasan/common.c:362 kasan_slab_free include/linux/kasan.h:192 [inline] __cache_free mm/slab.c:3424 [inline] kmem_cache_free_bulk+0x4b/0x1b0 mm/slab.c:3744 io_req_caches_free.constprop.0+0x35a/0x580 fs/io_uring.c:8709 io_uring_flush+0x3ac/0x5c0 fs/io_uring.c:9237 filp_close+0x96/0x120 fs/open.c:1286 close_files fs/file.c:403 [inline] put_files_struct fs/file.c:418 [inline] put_files_struct+0x15c/0x2c0 fs/file.c:415 do_exit+0xa60/0x2570 kernel/exit.c:820 do_group_exit+0xe7/0x290 kernel/exit.c:922 __do_sys_exit_group kernel/exit.c:933 [inline] __se_sys_exit_group kernel/exit.c:931 [inline] __x64_sys_exit_group+0x35/0x40 kernel/exit.c:931 do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x44/0xae The buggy address belongs to the object at ffff88803669a900 which belongs to the cache io_kiocb of size 208 The buggy address is located 0 bytes inside of 208-byte region [ffff88803669a900, ffff88803669a9d0) The buggy address belongs to the page: page:000000007071376c refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff88803669a180 pfn:0x3669a flags: 0xfff00000000200(slab) raw: 00fff00000000200 ffffea000053f948 ffffea0000651648 ffff8880167ee100 raw: ffff88803669a180 ffff88803669a040 0000000100000006 0000000000000000 page dumped because: kasan: bad access detected page_owner tracks the page as allocated page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2420c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_COMP|__GFP_THISNODE), pid 11856, ts 86367571325 set_page_owner include/linux/page_owner.h:31 [inline] post_alloc_hook+0x144/0x1c0 mm/page_alloc.c:2297 prep_new_page mm/page_alloc.c:2306 [inline] get_page_from_freelist+0x1c6f/0x3fb0 mm/page_alloc.c:3945 __alloc_pages_nodemask+0x2d6/0x730 mm/page_alloc.c:4995 __alloc_pages include/linux/gfp.h:511 [inline] __alloc_pages_node include/linux/gfp.h:524 [inline] kmem_getpages mm/slab.c:1376 [inline] cache_grow_begin+0x71/0x430 mm/slab.c:2593 cache_alloc_refill+0x27f/0x380 mm/slab.c:2965 ____cache_alloc mm/slab.c:3048 [inline] ____cache_alloc mm/slab.c:3031 [inline] __do_cache_alloc mm/slab.c:3271 [inline] kmem_cache_alloc_bulk+0x2f9/0x460 mm/slab.c:3519 io_alloc_req fs/io_uring.c:2014 [inline] io_submit_sqes+0x130e/0x2380 fs/io_uring.c:6915 __do_sys_io_uring_enter+0xb94/0x17d0 fs/io_uring.c:9454 do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x44/0xae page last free stack trace: reset_page_owner include/linux/page_owner.h:24 [inline] free_pages_prepare mm/page_alloc.c:1271 [inline] free_pcp_prepare+0x2cb/0x410 mm/page_alloc.c:1306 free_unref_page_prepare mm/page_alloc.c:3200 [inline] free_unref_page+0x12/0x1d0 mm/page_alloc.c:3248 __vunmap+0x5a3/0x950 mm/vmalloc.c:2286 free_work+0x4b/0x70 mm/vmalloc.c:67 process_one_work+0x84c/0x13b0 kernel/workqueue.c:2275 worker_thread+0x598/0xf80 kernel/workqueue.c:2421 kthread+0x36f/0x450 kernel/kthread.c:292 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294 Memory state around the buggy address: ffff88803669a800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ffff88803669a880: fb fb fc fc fc fc fc fc fc fc fc fc fc fc fc fc >ffff88803669a900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ^ ffff88803669a980: fb fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc ffff88803669aa00: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb ==================================================================