bisecting cause commit starting from 76c057c84d286140c6c416c3b4ba832cd1d8984e building syzkaller on eefc07f2541beeb1bcd50b1d75f40b5f04af2b06 testing commit 76c057c84d286140c6c416c3b4ba832cd1d8984e with gcc (GCC) 8.1.0 kernel signature: 9a466f84c7f089e67d8a19cd584b4c31ffa9ea76cfde1550506ec4bb7979f781 all runs: crashed: BUG: corrupted list in io_file_get testing release v5.10 testing commit 2c85ebc57b3e1817b6ce1a6b703928e113a90442 with gcc (GCC) 8.1.0 kernel signature: e508189465d39ffd8a9dcf9ccae50cef7d9bf7cb4686aa21cb801f2c95ce4704 all runs: OK # git bisect start 76c057c84d286140c6c416c3b4ba832cd1d8984e 2c85ebc57b3e1817b6ce1a6b703928e113a90442 Bisecting: 7346 revisions left to test after this (roughly 13 steps) [0f97458173a23c8f218f6041767d0a145a13abe6] Merge tag 'hwmon-for-v5.11' of git://git.kernel.org/pub/scm/linux/kernel/git/groeck/linux-staging testing commit 0f97458173a23c8f218f6041767d0a145a13abe6 with gcc (GCC) 8.1.0 kernel signature: 88c4f7c8f1ca4ae4083da047a4b858ea352f0d4c2d768aa0b6ae4760f6dd84b6 run #0: boot failed: create image operation failed: &{Code:ZONE_RESOURCE_POOL_EXHAUSTED_WITH_DETAILS Location: Message:The zone 'projects/syzkaller/zones/us-central1-c' does not have enough resources available to fulfill the request. '(resource type:compute)'. ForceSendFields:[] NullFields:[]}. run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect good 0f97458173a23c8f218f6041767d0a145a13abe6 Bisecting: 3678 revisions left to test after this (roughly 12 steps) [2e7f545096f954a9726c9415763dd0bfbcac47e0] perf mem: Factor out a function to generate sort order testing commit 2e7f545096f954a9726c9415763dd0bfbcac47e0 with gcc (GCC) 8.1.0 kernel signature: f2a3efc3d1ab19c8c12c6d17d85775866cb47c9fb8cc672b3ae9b894ef92a5b8 all runs: OK # git bisect good 2e7f545096f954a9726c9415763dd0bfbcac47e0 Bisecting: 1846 revisions left to test after this (roughly 11 steps) [1375b9803e007842493c64d0d73d7dd0e385e17c] Merge branch 'akpm' (patches from Andrew) testing commit 1375b9803e007842493c64d0d73d7dd0e385e17c with gcc (GCC) 8.1.0 kernel signature: d9ffe71534a322016805213f5a0160a3922b74a37a0c3bb180f2aa489ddff160 all runs: OK # git bisect good 1375b9803e007842493c64d0d73d7dd0e385e17c Bisecting: 921 revisions left to test after this (roughly 10 steps) [a440e4d7618cbe232e4f96dea805bcb89f79b18c] Merge tag 'x86_urgent_for_v5.11_rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip testing commit a440e4d7618cbe232e4f96dea805bcb89f79b18c with gcc (GCC) 8.1.0 kernel signature: 9a7f12a071b1856be0bef8d94362e35e93175292ddd8dff87b37993cc52662b2 run #0: boot failed: create image operation failed: &{Code:ZONE_RESOURCE_POOL_EXHAUSTED_WITH_DETAILS Location: Message:The zone 'projects/syzkaller/zones/us-central1-c' does not have enough resources available to fulfill the request. '(resource type:compute)'. ForceSendFields:[] NullFields:[]}. run #1: boot failed: create image operation failed: &{Code:ZONE_RESOURCE_POOL_EXHAUSTED_WITH_DETAILS Location: Message:The zone 'projects/syzkaller/zones/us-central1-c' does not have enough resources available to fulfill the request. '(resource type:compute)'. ForceSendFields:[] NullFields:[]}. run #2: boot failed: create image operation failed: &{Code:ZONE_RESOURCE_POOL_EXHAUSTED_WITH_DETAILS Location: Message:The zone 'projects/syzkaller/zones/us-central1-c' does not have enough resources available to fulfill the request. '(resource type:compute)'. ForceSendFields:[] NullFields:[]}. run #3: boot failed: create image operation failed: &{Code:ZONE_RESOURCE_POOL_EXHAUSTED_WITH_DETAILS Location: Message:The zone 'projects/syzkaller/zones/us-central1-c' does not have enough resources available to fulfill the request. '(resource type:compute)'. ForceSendFields:[] NullFields:[]}. run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect good a440e4d7618cbe232e4f96dea805bcb89f79b18c Bisecting: 456 revisions left to test after this (roughly 9 steps) [0da0a8a0a0e1845f495431c3d8d733d2bbf9e9e5] Merge tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi testing commit 0da0a8a0a0e1845f495431c3d8d733d2bbf9e9e5 with gcc (GCC) 8.1.0 kernel signature: fbe4380c400a6915ab56443c03173901df7054dc6fe5b4c7a1f7910dcb39d418 run #0: boot failed: create image operation failed: &{Code:ZONE_RESOURCE_POOL_EXHAUSTED_WITH_DETAILS Location: Message:The zone 'projects/syzkaller/zones/us-central1-c' does not have enough resources available to fulfill the request. '(resource type:compute)'. ForceSendFields:[] NullFields:[]}. run #1: boot failed: create image operation failed: &{Code:ZONE_RESOURCE_POOL_EXHAUSTED_WITH_DETAILS Location: Message:The zone 'projects/syzkaller/zones/us-central1-c' does not have enough resources available to fulfill the request. '(resource type:compute)'. ForceSendFields:[] NullFields:[]}. run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect good 0da0a8a0a0e1845f495431c3d8d733d2bbf9e9e5 Bisecting: 227 revisions left to test after this (roughly 8 steps) [929b979611f5d2a264a2c1b9fe84baa975828522] Merge tag 'linux-kselftest-kunit-fixes-5.11-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/shuah/linux-kselftest testing commit 929b979611f5d2a264a2c1b9fe84baa975828522 with gcc (GCC) 8.1.0 kernel signature: 888c076d55c6c46f118aed083e5a565bc01bed69898741c2acad2e1fe52bf104 all runs: OK # git bisect good 929b979611f5d2a264a2c1b9fe84baa975828522 Bisecting: 116 revisions left to test after this (roughly 7 steps) [832bceefa08ef830388c175911fe17e6ef0125b9] Merge tag 'staging-5.11-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging testing commit 832bceefa08ef830388c175911fe17e6ef0125b9 with gcc (GCC) 8.1.0 kernel signature: 59124c103e05c090efc9f4ea0f3a8843a0bc8d693f97bb7018308ea586c1b160 all runs: OK # git bisect good 832bceefa08ef830388c175911fe17e6ef0125b9 Bisecting: 60 revisions left to test after this (roughly 6 steps) [a692a610d7ed632cab31b61d6c350db68a10e574] Merge tag 'block-5.11-2021-01-24' of git://git.kernel.dk/linux-block testing commit a692a610d7ed632cab31b61d6c350db68a10e574 with gcc (GCC) 8.1.0 kernel signature: f1d186718d3571b75051915e205f34f3cb958613cbdb40fa0bf4ec1b1e66bdcb all runs: OK # git bisect good a692a610d7ed632cab31b61d6c350db68a10e574 Bisecting: 30 revisions left to test after this (roughly 5 steps) [00e35f2b0e8acb88d4e1aa96ff0490e3bfe46580] parisc: Enable -mlong-calls gcc option by default when !CONFIG_MODULES testing commit 00e35f2b0e8acb88d4e1aa96ff0490e3bfe46580 with gcc (GCC) 8.1.0 kernel signature: 7f3772be7e927f066856033a6eb87dc3e9e15e146722fb205151f1208c86c7d0 all runs: crashed: BUG: corrupted list in io_file_get # git bisect bad 00e35f2b0e8acb88d4e1aa96ff0490e3bfe46580 Bisecting: 19 revisions left to test after this (roughly 4 steps) [b89bc060b53e7054e5c8ca11feea4bc884d83611] sh/intc: Restore devm_ioremap() alignment testing commit b89bc060b53e7054e5c8ca11feea4bc884d83611 with gcc (GCC) 8.1.0 kernel signature: b871ef8954a5e199caee029b475c3595f6a0a13f713309613ebe0953b111727c all runs: OK # git bisect good b89bc060b53e7054e5c8ca11feea4bc884d83611 Bisecting: 9 revisions left to test after this (roughly 3 steps) [228a65d4544af5086bd167dcc5a0cb4fae2c42b4] Merge tag 'sh-for-5.11' of git://git.libc.org/linux-sh testing commit 228a65d4544af5086bd167dcc5a0cb4fae2c42b4 with gcc (GCC) 8.1.0 kernel signature: 0394f15e28a899e0d70637cb760af16eb8aad1c9dd8eed958b862928f4e314eb all runs: crashed: BUG: corrupted list in io_file_get # git bisect bad 228a65d4544af5086bd167dcc5a0cb4fae2c42b4 Bisecting: 4 revisions left to test after this (roughly 2 steps) [607ec89ed18f49ca59689572659b9c0076f1991f] io_uring: fix SQPOLL IORING_OP_CLOSE cancelation state testing commit 607ec89ed18f49ca59689572659b9c0076f1991f with gcc (GCC) 8.1.0 kernel signature: 168694c35e43234a813874c1d0ae6f6390a6c06c00d4097c88c3424044fd404b all runs: OK # git bisect good 607ec89ed18f49ca59689572659b9c0076f1991f Bisecting: 2 revisions left to test after this (roughly 1 step) [9d5c8190683a462dbc787658467a0da17011ea5f] io_uring: fix sleeping under spin in __io_clean_op testing commit 9d5c8190683a462dbc787658467a0da17011ea5f with gcc (GCC) 8.1.0 kernel signature: 75da9f03ee7d9cc327b4faea17654c1e4e35194e7e40319537ed28bf672f626b all runs: OK # git bisect good 9d5c8190683a462dbc787658467a0da17011ea5f Bisecting: 0 revisions left to test after this (roughly 1 step) [ef7b1a0ea857af076ea64d131e95b59166ab6163] Merge tag 'io_uring-5.11-2021-01-24' of git://git.kernel.dk/linux-block testing commit ef7b1a0ea857af076ea64d131e95b59166ab6163 with gcc (GCC) 8.1.0 kernel signature: 0394f15e28a899e0d70637cb760af16eb8aad1c9dd8eed958b862928f4e314eb run #0: boot failed: create image operation failed: &{Code:ZONE_RESOURCE_POOL_EXHAUSTED_WITH_DETAILS Location: Message:The zone 'projects/syzkaller/zones/us-central1-c' does not have enough resources available to fulfill the request. '(resource type:compute)'. ForceSendFields:[] NullFields:[]}. run #1: boot failed: create image operation failed: &{Code:ZONE_RESOURCE_POOL_EXHAUSTED_WITH_DETAILS Location: Message:The zone 'projects/syzkaller/zones/us-central1-c' does not have enough resources available to fulfill the request. '(resource type:compute)'. ForceSendFields:[] NullFields:[]}. run #2: boot failed: create image operation failed: &{Code:ZONE_RESOURCE_POOL_EXHAUSTED_WITH_DETAILS Location: Message:The zone 'projects/syzkaller/zones/us-central1-c' does not have enough resources available to fulfill the request. '(resource type:compute)'. ForceSendFields:[] NullFields:[]}. run #3: boot failed: create image operation failed: &{Code:ZONE_RESOURCE_POOL_EXHAUSTED_WITH_DETAILS Location: Message:The zone 'projects/syzkaller/zones/us-central1-c' does not have enough resources available to fulfill the request. '(resource type:compute)'. ForceSendFields:[] NullFields:[]}. run #4: crashed: BUG: corrupted list in io_file_get run #5: crashed: BUG: corrupted list in io_file_get run #6: crashed: BUG: corrupted list in io_file_get run #7: crashed: BUG: corrupted list in io_file_get run #8: crashed: BUG: corrupted list in io_file_get run #9: crashed: BUG: corrupted list in io_file_get # git bisect bad ef7b1a0ea857af076ea64d131e95b59166ab6163 Bisecting: 0 revisions left to test after this (roughly 0 steps) [02a13674fa0e8dd326de8b9f4514b41b03d99003] io_uring: account io_uring internal files as REQ_F_INFLIGHT testing commit 02a13674fa0e8dd326de8b9f4514b41b03d99003 with gcc (GCC) 8.1.0 kernel signature: d3c3250383699c6fe278760633ddb48c56fc92d47d241500804573f486117de0 run #0: boot failed: create image operation failed: &{Code:ZONE_RESOURCE_POOL_EXHAUSTED_WITH_DETAILS Location: Message:The zone 'projects/syzkaller/zones/us-central1-c' does not have enough resources available to fulfill the request. '(resource type:compute)'. ForceSendFields:[] NullFields:[]}. run #1: boot failed: create image operation failed: &{Code:ZONE_RESOURCE_POOL_EXHAUSTED_WITH_DETAILS Location: Message:The zone 'projects/syzkaller/zones/us-central1-c' does not have enough resources available to fulfill the request. '(resource type:compute)'. ForceSendFields:[] NullFields:[]}. run #2: boot failed: create image operation failed: &{Code:ZONE_RESOURCE_POOL_EXHAUSTED_WITH_DETAILS Location: Message:The zone 'projects/syzkaller/zones/us-central1-c' does not have enough resources available to fulfill the request. '(resource type:compute)'. ForceSendFields:[] NullFields:[]}. run #3: boot failed: create image operation failed: &{Code:ZONE_RESOURCE_POOL_EXHAUSTED_WITH_DETAILS Location: Message:The zone 'projects/syzkaller/zones/us-central1-c' does not have enough resources available to fulfill the request. '(resource type:compute)'. ForceSendFields:[] NullFields:[]}. run #4: boot failed: create image operation failed: &{Code:ZONE_RESOURCE_POOL_EXHAUSTED_WITH_DETAILS Location: Message:The zone 'projects/syzkaller/zones/us-central1-c' does not have enough resources available to fulfill the request. '(resource type:compute)'. ForceSendFields:[] NullFields:[]}. run #5: boot failed: create image operation failed: &{Code:ZONE_RESOURCE_POOL_EXHAUSTED_WITH_DETAILS Location: Message:The zone 'projects/syzkaller/zones/us-central1-c' does not have enough resources available to fulfill the request. '(resource type:compute)'. ForceSendFields:[] NullFields:[]}. run #6: crashed: BUG: corrupted list in io_file_get run #7: crashed: BUG: corrupted list in io_file_get run #8: crashed: BUG: corrupted list in io_file_get run #9: crashed: BUG: corrupted list in io_file_get # git bisect bad 02a13674fa0e8dd326de8b9f4514b41b03d99003 02a13674fa0e8dd326de8b9f4514b41b03d99003 is the first bad commit commit 02a13674fa0e8dd326de8b9f4514b41b03d99003 Author: Jens Axboe Date: Sat Jan 23 15:49:31 2021 -0700 io_uring: account io_uring internal files as REQ_F_INFLIGHT We need to actively cancel anything that introduces a potential circular loop, where io_uring holds a reference to itself. If the file in question is an io_uring file, then add the request to the inflight list. Cc: stable@vger.kernel.org # 5.9+ Signed-off-by: Jens Axboe fs/io_uring.c | 36 ++++++++++++++++++++++++++---------- 1 file changed, 26 insertions(+), 10 deletions(-) culprit signature: d3c3250383699c6fe278760633ddb48c56fc92d47d241500804573f486117de0 parent signature: 75da9f03ee7d9cc327b4faea17654c1e4e35194e7e40319537ed28bf672f626b revisions tested: 17, total time: 3h19m26.951302082s (build: 1h21m31.98841389s, test: 1h56m3.036000987s) first bad commit: 02a13674fa0e8dd326de8b9f4514b41b03d99003 io_uring: account io_uring internal files as REQ_F_INFLIGHT recipients (to): ["axboe@kernel.dk" "axboe@kernel.dk" "io-uring@vger.kernel.org"] recipients (cc): ["linux-fsdevel@vger.kernel.org" "linux-kernel@vger.kernel.org" "viro@zeniv.linux.org.uk"] crash: BUG: corrupted list in io_file_get list_add double add: new=ffff888107d43d80, prev=ffff88810e3bcd20, next=ffff888107d43d80. ------------[ cut here ]------------ kernel BUG at lib/list_debug.c:31! invalid opcode: 0000 [#1] PREEMPT SMP CPU: 0 PID: 10264 Comm: syz-executor.5 Not tainted 5.11.0-rc1-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:__list_add_valid+0x41/0x50 lib/list_debug.c:29 Code: 85 2f 62 77 01 48 39 c7 74 0b 48 39 d7 74 06 b8 01 00 00 00 c3 48 89 f2 4c 89 c1 48 89 fe 48 c7 c7 88 55 7b 84 e8 29 bb 70 01 <0f> 0b 0f 1f 00 66 2e 0f 1f 84 00 00 00 00 00 48 b9 00 01 00 00 00 RSP: 0018:ffffc90002afbca0 EFLAGS: 00010046 RAX: 0000000000000058 RBX: ffff88810e1ac600 RCX: 0000000000000002 RDX: 0000000000000000 RSI: ffffffff8493e65e RDI: 00000000ffffffff RBP: ffffc90002afbce0 R08: 0000000000000020 R09: ffffffff86a6fea0 R10: 0000000000000000 R11: 0000000000000001 R12: ffff88810e3bc800 R13: ffff888107d43d80 R14: ffff888107d43d80 R15: ffff88810e3bcce0 FS: 00007f40f3e19700(0000) GS:ffff88813bc00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00000000004e6ef0 CR3: 000000011ebac000 CR4: 0000000000350ef0 Call Trace: __list_add include/linux/list.h:67 [inline] list_add include/linux/list.h:86 [inline] io_file_get+0x1f8/0x410 fs/io_uring.c:6466 __io_splice_prep+0x43/0x120 fs/io_uring.c:3866 io_splice_prep fs/io_uring.c:3920 [inline] io_req_prep+0x3c6/0xc70 fs/io_uring.c:6081 io_queue_sqe+0x193/0x370 fs/io_uring.c:6628 io_submit_sqe fs/io_uring.c:6705 [inline] io_submit_sqes+0x7fd/0xc60 fs/io_uring.c:6953 __do_sys_io_uring_enter fs/io_uring.c:9353 [inline] __se_sys_io_uring_enter fs/io_uring.c:9296 [inline] __x64_sys_io_uring_enter+0x38a/0x570 fs/io_uring.c:9296 do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x44/0xa9 RIP: 0033:0x45e219 Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007f40f3e18c68 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 000000000045e219 RDX: 0000000000000000 RSI: 000000000000450c RDI: 0000000000000004 RBP: 000000000119c080 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000002 R11: 0000000000000246 R12: 000000000119c034 R13: 00007ffff095c34f R14: 00007f40f3e199c0 R15: 000000000119c034 Modules linked in: ---[ end trace 006f11b8bd81379b ]--- RIP: 0010:__list_add_valid+0x41/0x50 lib/list_debug.c:29 Code: 85 2f 62 77 01 48 39 c7 74 0b 48 39 d7 74 06 b8 01 00 00 00 c3 48 89 f2 4c 89 c1 48 89 fe 48 c7 c7 88 55 7b 84 e8 29 bb 70 01 <0f> 0b 0f 1f 00 66 2e 0f 1f 84 00 00 00 00 00 48 b9 00 01 00 00 00 RSP: 0018:ffffc90002afbca0 EFLAGS: 00010046 RAX: 0000000000000058 RBX: ffff88810e1ac600 RCX: 0000000000000002 RDX: 0000000000000000 RSI: ffffffff8493e65e RDI: 00000000ffffffff RBP: ffffc90002afbce0 R08: 0000000000000020 R09: ffffffff86a6fea0 R10: 0000000000000000 R11: 0000000000000001 R12: ffff88810e3bc800 R13: ffff888107d43d80 R14: ffff888107d43d80 R15: ffff88810e3bcce0 FS: 00007f40f3e19700(0000) GS:ffff88813bc00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00000000004e6ef0 CR3: 000000011ebac000 CR4: 0000000000350ef0