bisecting fixing commit since 926de8c4326c14fcf35f1de142019043597a4fac building syzkaller on 5ae8508a2dd5f8e16a2b9830ae9a6f37d54ec8e7 testing commit 926de8c4326c14fcf35f1de142019043597a4fac compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 1aa9f73e7ae8833acaef6cfb4f193b49f38161920d5be86bab45d190bbaa2a43 run #0: crashed: WARNING in io_wq_submit_work run #1: crashed: WARNING in io_wq_submit_work run #2: crashed: WARNING in io_wq_submit_work run #3: crashed: WARNING in io_wq_submit_work run #4: crashed: WARNING in io_wq_submit_work run #5: crashed: WARNING in io_wq_submit_work run #6: crashed: WARNING in io_wq_submit_work run #7: crashed: BUG: corrupted list in __io_free_req run #8: crashed: WARNING in io_wq_submit_work run #9: crashed: WARNING in io_wq_submit_work run #10: crashed: WARNING in io_wq_submit_work run #11: crashed: WARNING in io_wq_submit_work run #12: crashed: WARNING in corrupted run #13: crashed: WARNING in io_wq_submit_work run #14: crashed: WARNING in io_wq_submit_work run #15: crashed: WARNING in io_wq_submit_work run #16: crashed: WARNING in io_wq_submit_work run #17: crashed: WARNING in io_wq_submit_work run #18: crashed: WARNING in io_wq_submit_work run #19: boot failed: KFENCE: use-after-free in kvm_fastop_exception testing current HEAD 64570fbc14f8d7cb3fe3995f20e26bc25ce4b2cc testing commit 64570fbc14f8d7cb3fe3995f20e26bc25ce4b2cc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 73d8aa11e47d71cf9242913b10f4100fd0ed6e1c83357c356b4d35f73c6b965c all runs: OK # git bisect start 64570fbc14f8d7cb3fe3995f20e26bc25ce4b2cc 926de8c4326c14fcf35f1de142019043597a4fac Bisecting: 811 revisions left to test after this (roughly 10 steps) [5739844347518a0f4c327ae79e73fb101d864726] Merge tag 'for-linus-5.15b-rc3-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip testing commit 5739844347518a0f4c327ae79e73fb101d864726 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: fbf2ab1ce31919059ad5fcae8289a3a9960b478ee942738f49677421dd02ec33 all runs: OK # git bisect bad 5739844347518a0f4c327ae79e73fb101d864726 Bisecting: 402 revisions left to test after this (roughly 9 steps) [46baae56e1001a771a5d132aa883cb5605013ae2] net: dsa: hellcreek: be compatible with masters which unregister on shutdown testing commit 46baae56e1001a771a5d132aa883cb5605013ae2 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: bafcfa2b1e10059249562d0ee75b5ead61d5bbfdd69de49492f6d2535ceb15c7 all runs: OK # git bisect bad 46baae56e1001a771a5d132aa883cb5605013ae2 Bisecting: 193 revisions left to test after this (roughly 8 steps) [78e709522d2c012cb0daad2e668506637bffb7c2] Merge tag 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mst/vhost testing commit 78e709522d2c012cb0daad2e668506637bffb7c2 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: a9ee8b045e5ead72fbe14b5ba3f27f4e7dade83d639c18306638c2a676910138 all runs: OK # git bisect bad 78e709522d2c012cb0daad2e668506637bffb7c2 Bisecting: 105 revisions left to test after this (roughly 7 steps) [6701e7e7d8ee4f80d0c450aeab101e4a2a2678fa] Merge tag 'pwm/for-5.15-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/thierry.reding/linux-pwm testing commit 6701e7e7d8ee4f80d0c450aeab101e4a2a2678fa compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 1aa9f73e7ae8833acaef6cfb4f193b49f38161920d5be86bab45d190bbaa2a43 all runs: crashed: WARNING in io_wq_submit_work # git bisect good 6701e7e7d8ee4f80d0c450aeab101e4a2a2678fa Bisecting: 50 revisions left to test after this (roughly 6 steps) [c605c39677b9842b0566013e0cf30bc13e90bdbc] Merge tag 'io_uring-5.15-2021-09-11' of git://git.kernel.dk/linux-block testing commit c605c39677b9842b0566013e0cf30bc13e90bdbc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: e799088c3b377fb9cc5a85f6a5ab816d4a110cc567a0d5834c9ac73efa6b567f run #0: basic kernel testing failed: KFENCE: use-after-free in kvm_fastop_exception run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect bad c605c39677b9842b0566013e0cf30bc13e90bdbc Bisecting: 26 revisions left to test after this (roughly 5 steps) [8177a5c96229ff24da1e362789e359b68b4f34f5] Merge tag 'libata-5.15-2021-09-11' of git://git.kernel.dk/linux-block testing commit 8177a5c96229ff24da1e362789e359b68b4f34f5 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: ccb3402a1e495b9370b8fec9da84d5d0a8eb1ded7f92b57d0158c87143b8cf11 all runs: crashed: WARNING in io_wq_submit_work # git bisect good 8177a5c96229ff24da1e362789e359b68b4f34f5 Bisecting: 12 revisions left to test after this (roughly 4 steps) [49d82b1445f13b2754aacc38d73d0cf1b515456c] Merge tag 'nvme-5.15-2021-09-07' of git://git.infradead.org/nvme into block-5.15 testing commit 49d82b1445f13b2754aacc38d73d0cf1b515456c compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: a256dc574bf5336acd5e1d4710d3255c8353eee160f0f080ae4d413a6a3538e2 run #0: OK run #1: OK run #2: OK run #3: crashed: KASAN: use-after-free Read in __d_alloc run #4: OK run #5: crashed: KASAN: use-after-free Read in __d_alloc run #6: OK run #7: OK run #8: OK run #9: OK reproducer seems to be flaky # git bisect good 49d82b1445f13b2754aacc38d73d0cf1b515456c Bisecting: 6 revisions left to test after this (roughly 3 steps) [2ae2eb9dde18979b40629dd413b9adbd6c894cdf] io_uring: fail links of cancelled timeouts testing commit 2ae2eb9dde18979b40629dd413b9adbd6c894cdf compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: ed77807082af51082d9a284cc0b04497b3a2bddc967e71a99ac119e7bb9d6a8b all runs: OK # git bisect bad 2ae2eb9dde18979b40629dd413b9adbd6c894cdf Bisecting: 2 revisions left to test after this (roughly 2 steps) [009ad9f0c6eed0caa7943bc46aa1ae2cb8c382fb] io_uring: drop ctx->uring_lock before acquiring sqd->lock testing commit 009ad9f0c6eed0caa7943bc46aa1ae2cb8c382fb compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 6a8325f1d879f797c29de7aa5ee9632d118c7777d12e7b7219b3dcc1527ffd0d run #0: OK run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK run #10: OK run #11: OK run #12: OK run #13: OK run #14: OK run #15: OK run #16: OK run #17: OK run #18: boot failed: KFENCE: use-after-free in kvm_fastop_exception run #19: boot failed: KFENCE: use-after-free in kvm_fastop_exception # git bisect bad 009ad9f0c6eed0caa7943bc46aa1ae2cb8c382fb Bisecting: 0 revisions left to test after this (roughly 1 step) [c57a91fb1ccfa203ba3e31e5a389cb04de5b0561] io_uring: fix missing mb() before waitqueue_active testing commit c57a91fb1ccfa203ba3e31e5a389cb04de5b0561 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 43e342b95d17cdfce5b3a4e231b34190184b92698f610e613428811fe89a72f7 run #0: OK run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK run #10: OK run #11: OK run #12: OK run #13: OK run #14: OK run #15: OK run #16: OK run #17: OK run #18: OK run #19: boot failed: KFENCE: use-after-free in kvm_fastop_exception # git bisect bad c57a91fb1ccfa203ba3e31e5a389cb04de5b0561 Bisecting: 0 revisions left to test after this (roughly 0 steps) [713b9825a4c47897f66ad69409581e7734a8728e] io-wq: fix cancellation on create-worker failure testing commit 713b9825a4c47897f66ad69409581e7734a8728e compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 4aa9f6307080c1352ec65918352bcdf665e519db0d76ef3e3ab8be0a5b4f483c run #0: crashed: INFO: task hung in io_wq_put_and_exit run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK run #10: OK run #11: OK run #12: OK run #13: OK run #14: OK run #15: OK run #16: OK run #17: OK run #18: OK run #19: OK # git bisect good 713b9825a4c47897f66ad69409581e7734a8728e c57a91fb1ccfa203ba3e31e5a389cb04de5b0561 is the first bad commit commit c57a91fb1ccfa203ba3e31e5a389cb04de5b0561 Author: Pavel Begunkov Date: Wed Sep 8 20:49:17 2021 +0100 io_uring: fix missing mb() before waitqueue_active In case of !SQPOLL, io_cqring_ev_posted_iopoll() doesn't provide a memory barrier required by waitqueue_active(&ctx->poll_wait). There is a wq_has_sleeper(), which does smb_mb() inside, but it's called only for SQPOLL. Fixes: 5fd4617840596 ("io_uring: be smarter about waking multiple CQ ring waiters") Signed-off-by: Pavel Begunkov Link: https://lore.kernel.org/r/2982e53bcea2274006ed435ee2a77197107d8a29.1631130542.git.asml.silence@gmail.com Signed-off-by: Jens Axboe fs/io_uring.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) culprit signature: 43e342b95d17cdfce5b3a4e231b34190184b92698f610e613428811fe89a72f7 parent signature: 4aa9f6307080c1352ec65918352bcdf665e519db0d76ef3e3ab8be0a5b4f483c Reproducer flagged being flaky revisions tested: 13, total time: 3h21m22.385180039s (build: 1h27m44.84479773s, test: 1h52m8.400838728s) first good commit: c57a91fb1ccfa203ba3e31e5a389cb04de5b0561 io_uring: fix missing mb() before waitqueue_active recipients (to): ["asml.silence@gmail.com" "axboe@kernel.dk" "axboe@kernel.dk" "io-uring@vger.kernel.org"] recipients (cc): ["asml.silence@gmail.com" "linux-kernel@vger.kernel.org"]