bisecting cause commit starting from fdcbcd1348f4ef713668bae1b0fa9774e1811205 building syzkaller on 9d49f3a7c56a414597a16f28dd8b6b2be6352ad8 testing commit fdcbcd1348f4ef713668bae1b0fa9774e1811205 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 4a7a90bb3247b19409949bab30d22286d617dacc51d8adee715b623c011c3303 all runs: crashed: WARNING in bio_free testing release v5.17 testing commit f443e374ae131c168a065ea1748feac6b2e76613 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: f248ff88433755371e73436b748f186c5ff0ac7934ee997a129b7c9d1f73488b all runs: OK # git bisect start fdcbcd1348f4ef713668bae1b0fa9774e1811205 f443e374ae131c168a065ea1748feac6b2e76613 Bisecting: 7396 revisions left to test after this (roughly 13 steps) [169e77764adc041b1dacba84ea90516a895d43b2] Merge tag 'net-next-5.18' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next testing commit 169e77764adc041b1dacba84ea90516a895d43b2 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 605d1bfa69d175edbe14c178de8349d3eb5b8dba10cef8dba9d3a3378bd61552 run #0: basic kernel testing failed: BUG: program execution failed: executor NUM: failed to write control pipe: write |NUM: broken pipe run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect good 169e77764adc041b1dacba84ea90516a895d43b2 Bisecting: 3697 revisions left to test after this (roughly 12 steps) [1523cc875a6ba127f63a5a8e4e63dd6d199050d9] Merge branch 'for-5.18/alloc-cleanups' into for-next testing commit 1523cc875a6ba127f63a5a8e4e63dd6d199050d9 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: d7ac0d2181798abfc844ba04bc56531c323cd05ef5265a5c998b737cdf06fe9a all runs: crashed: WARNING in bio_free # git bisect bad 1523cc875a6ba127f63a5a8e4e63dd6d199050d9 Bisecting: 1856 revisions left to test after this (roughly 11 steps) [b1f8ccdaae0310332d16f65bf0f622f9d4ae2391] Merge tag 'for-5.18/dm-changes' of git://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm testing commit b1f8ccdaae0310332d16f65bf0f622f9d4ae2391 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: c0e07f1dd4034f4198d4c2e37e3f725dd3b150cf00f3a18d7824fb607a3f2d27 all runs: OK # git bisect good b1f8ccdaae0310332d16f65bf0f622f9d4ae2391 Bisecting: 930 revisions left to test after this (roughly 10 steps) [5e206459f670b579da9b7861a0f3ce3b989a68b6] Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/hid/hid testing commit 5e206459f670b579da9b7861a0f3ce3b989a68b6 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 530c4420fe34902d63d72f28e73b2917dbfe96558bd1f85ef3c12021e1017698 all runs: OK # git bisect good 5e206459f670b579da9b7861a0f3ce3b989a68b6 Bisecting: 496 revisions left to test after this (roughly 9 steps) [bddac7c1e02ba47f0570e494c9289acea3062cc1] Revert "swiotlb: rework "fix info leak with DMA_FROM_DEVICE"" testing commit bddac7c1e02ba47f0570e494c9289acea3062cc1 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 7b9c10ba416b121a8e78c74e9084de29bc029be0aad4191235518cd0e07e9c86 run #0: basic kernel testing failed: BUG: program execution failed: executor NUM: failed to write control pipe: write |NUM: broken pipe run #1: basic kernel testing failed: BUG: program execution failed: executor NUM: failed to write control pipe: write |NUM: broken pipe run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect good bddac7c1e02ba47f0570e494c9289acea3062cc1 Bisecting: 292 revisions left to test after this (roughly 8 steps) [5627ecb8374a00163d90bc92c33f829ac27895b2] Merge branch 'i2c/for-mergewindow' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux testing commit 5627ecb8374a00163d90bc92c33f829ac27895b2 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: d99c0b66c86ea4731aafb5c25e369d3ee927ccced37428696d770e6996fa8c07 all runs: OK # git bisect good 5627ecb8374a00163d90bc92c33f829ac27895b2 Bisecting: 146 revisions left to test after this (roughly 7 steps) [b6c44bee2a1c2d05023c9faab609290614159005] usb: gadget: s3c-hsudc: remove usage of list iterator past the loop body testing commit b6c44bee2a1c2d05023c9faab609290614159005 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: b76b32f7c5eae070c50020c5523313660d17cd41503a36a536b8bb4d222c3b49 all runs: OK # git bisect good b6c44bee2a1c2d05023c9faab609290614159005 Bisecting: 89 revisions left to test after this (roughly 6 steps) [3986f65d4f408ce9d0a361e3226a3246a5fb701c] kvm/emulate: Fix SETcc emulation for ENDBR testing commit 3986f65d4f408ce9d0a361e3226a3246a5fb701c compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 50119b9ccd873fb2cc75014d187647ce4bda31c993e9222a9bc3ece59542a35f all runs: OK # git bisect good 3986f65d4f408ce9d0a361e3226a3246a5fb701c Bisecting: 51 revisions left to test after this (roughly 6 steps) [88b3be5c6391a5b4be1dcdc4bb8dca8438105438] Merge tag 'for-linus' of https://github.com/openrisc/linux testing commit 88b3be5c6391a5b4be1dcdc4bb8dca8438105438 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 4958313a983b422b9c1758f4a6603595a4f95324c996b48a447e4e0bcab2017e all runs: OK # git bisect good 88b3be5c6391a5b4be1dcdc4bb8dca8438105438 Bisecting: 24 revisions left to test after this (roughly 5 steps) [3b255fe79c9eaa84a48e35e8cd6406788ba90d9c] Merge branch 'for-5.18/drivers' into for-next testing commit 3b255fe79c9eaa84a48e35e8cd6406788ba90d9c compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 8028a962cf383f219ac95cb28a89467ba7147f8229d362fda7c96c0800a5e71b all runs: OK # git bisect good 3b255fe79c9eaa84a48e35e8cd6406788ba90d9c Bisecting: 14 revisions left to test after this (roughly 4 steps) [c02b67509585dcd8c5561759dc78165230519d9c] Merge branch 'for-5.18/drivers' into for-next testing commit c02b67509585dcd8c5561759dc78165230519d9c compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 9ef0fec0c89e8f4c7d4d91c829809c36932c1f253841ecb8fb34fff8a2b965ea all runs: OK # git bisect good c02b67509585dcd8c5561759dc78165230519d9c Bisecting: 7 revisions left to test after this (roughly 3 steps) [7f07e5f0e0d1e59e7a3e09ca7f8dff7b99a45ce0] Merge branch 'for-5.18/io_uring' into for-next testing commit 7f07e5f0e0d1e59e7a3e09ca7f8dff7b99a45ce0 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 77176f41770ac664cd6a20e2faf9d4759623c3c1ecc1f1d326e62444261d7a1c all runs: OK # git bisect good 7f07e5f0e0d1e59e7a3e09ca7f8dff7b99a45ce0 Bisecting: 3 revisions left to test after this (roughly 2 steps) [57c47b42f4545b5f8fa288f190c0d68f96bc477f] block: turn bio_kmalloc into a simple kmalloc wrapper testing commit 57c47b42f4545b5f8fa288f190c0d68f96bc477f compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 2728bcf59f7f4afe95fb047d7f9d2381f29788335c30bececa04b2042a6436bc all runs: crashed: WARNING in bio_free # git bisect bad 57c47b42f4545b5f8fa288f190c0d68f96bc477f Bisecting: 1 revision left to test after this (roughly 1 step) [88a39feabf25efbaec775ffb48ea240af198994e] squashfs: always use bio_kmalloc in squashfs_bio_read testing commit 88a39feabf25efbaec775ffb48ea240af198994e compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 47f97c99d1506883e846b2e9308139752a7e8ca0e8fdeef054c6ed28714d76c1 all runs: OK # git bisect good 88a39feabf25efbaec775ffb48ea240af198994e Bisecting: 0 revisions left to test after this (roughly 0 steps) [bbccc65bd7c1b22f050b65d8171fbdd8d72cf39c] target/pscsi: remove pscsi_get_bio testing commit bbccc65bd7c1b22f050b65d8171fbdd8d72cf39c compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 4f1d90cac5cb949a7c9d59e5905f6b4c00db5a0bfba42276fada20fdf9f5da50 all runs: OK # git bisect good bbccc65bd7c1b22f050b65d8171fbdd8d72cf39c 57c47b42f4545b5f8fa288f190c0d68f96bc477f is the first bad commit commit 57c47b42f4545b5f8fa288f190c0d68f96bc477f Author: Christoph Hellwig Date: Tue Mar 8 07:15:50 2022 +0100 block: turn bio_kmalloc into a simple kmalloc wrapper Remove the magic autofree semantics and require the callers to explicitly call bio_init to initialize the bio. This allows bio_free to catch accidental bio_put calls on bio_init()ed bios as well. Signed-off-by: Christoph Hellwig Reviewed-by: Martin K. Petersen Link: https://lore.kernel.org/r/20220308061551.737853-5-hch@lst.de Signed-off-by: Jens Axboe block/bio.c | 47 +++++++++++++++----------------------- block/blk-crypto-fallback.c | 14 +++++++----- block/blk-map.c | 42 ++++++++++++++++++++++------------ drivers/block/pktcdvd.c | 25 ++++++++++---------- drivers/md/bcache/debug.c | 10 ++++---- drivers/md/dm-bufio.c | 9 ++++---- drivers/md/raid1.c | 12 ++++++---- drivers/md/raid10.c | 21 +++++++++++------ drivers/target/target_core_pscsi.c | 10 ++++---- fs/squashfs/block.c | 9 ++++---- include/linux/bio.h | 2 +- 11 files changed, 108 insertions(+), 93 deletions(-) culprit signature: 2728bcf59f7f4afe95fb047d7f9d2381f29788335c30bececa04b2042a6436bc parent signature: 4f1d90cac5cb949a7c9d59e5905f6b4c00db5a0bfba42276fada20fdf9f5da50 revisions tested: 17, total time: 3h21m0.692272184s (build: 2h31m24.216034531s, test: 47m58.330824693s) first bad commit: 57c47b42f4545b5f8fa288f190c0d68f96bc477f block: turn bio_kmalloc into a simple kmalloc wrapper recipients (to): ["axboe@kernel.dk" "hch@lst.de" "martin.petersen@oracle.com"] recipients (cc): [] crash: WARNING in bio_free loop0: detected capacity change from 0 to 8 ------------[ cut here ]------------ WARNING: CPU: 1 PID: 4053 at block/bio.c:229 bio_free+0xd2/0x110 block/bio.c:233 Modules linked in: CPU: 1 PID: 4053 Comm: syz-executor367 Not tainted 5.17.0-rc2-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:bio_free+0xd2/0x110 block/bio.c:229 Code: 8d 75 18 48 89 fa 48 c1 ea 03 0f b6 04 02 84 c0 74 04 3c 03 7e 1b 8b 45 08 48 83 c4 08 48 29 c3 48 89 df 5b 5d e9 8e e4 19 fe <0f> 0b e9 5f ff ff ff 48 89 34 24 e8 9e e6 34 fe 48 8b 34 24 eb d6 RSP: 0018:ffffc900026ffb00 EFLAGS: 00010246 RAX: dffffc0000000000 RBX: ffff88801c2c7100 RCX: 1ffffffff1de41de RDX: 1ffff11003858e30 RSI: ffffffff88cb95a0 RDI: ffff88801c2c7180 RBP: 0000000000000000 R08: 0000000000000001 R09: ffffffff8eeaaa7f R10: 0000000000000001 R11: 0000000000000001 R12: 0000000000000060 R13: ffff888075d0a700 R14: 0000000000000060 R15: 0000000000000060 FS: 000055555642f300(0000) GS:ffff8880b9e00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007ff401112370 CR3: 0000000074c7c000 CR4: 00000000003506f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: squashfs_read_data+0x22c/0xf50 fs/squashfs/block.c:221 squashfs_read_table+0xe1/0x160 fs/squashfs/cache.c:432 squashfs_fill_super+0x2fc/0x2390 fs/squashfs/super.c:184 get_tree_bdev+0x398/0x680 fs/super.c:1292 vfs_get_tree+0x7f/0x2c0 fs/super.c:1497 do_new_mount fs/namespace.c:2994 [inline] path_mount+0x7e8/0x1a40 fs/namespace.c:3324 do_mount fs/namespace.c:3337 [inline] __do_sys_mount fs/namespace.c:3545 [inline] __se_sys_mount fs/namespace.c:3522 [inline] __x64_sys_mount+0x1f5/0x260 fs/namespace.c:3522 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0x80 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7ff39d90a0ca Code: 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ffc7acc1ac8 EFLAGS: 00000282 ORIG_RAX: 00000000000000a5 RAX: ffffffffffffffda RBX: 00007ffc7acc1b20 RCX: 00007ff39d90a0ca RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007ffc7acc1ae0 RBP: 00007ffc7acc1ae0 R08: 00007ffc7acc1b20 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000282 R12: 0000000020000218 R13: 0000000000000003 R14: 0000000000000004 R15: 0000000000000001