bisecting fixing commit since 1e09177acae32a61586af26d83ca5ef591cdcaf5 building syzkaller on 2e0e3130f967984ba51ac1387b67040f0d953942 testing commit 1e09177acae32a61586af26d83ca5ef591cdcaf5 with gcc (GCC) 8.1.0 all runs: crashed: KASAN: use-after-free Read in ep_scan_ready_list testing current HEAD 847120f859cc45e074204f4cf33c8df069306eb2 testing commit 847120f859cc45e074204f4cf33c8df069306eb2 with gcc (GCC) 8.1.0 all runs: OK # git bisect start 847120f859cc45e074204f4cf33c8df069306eb2 1e09177acae32a61586af26d83ca5ef591cdcaf5 Bisecting: 53022 revisions left to test after this (roughly 16 steps) [b5dd0c658c31b469ccff1b637e5124851e7a4a1c] Merge branch 'akpm' (patches from Andrew) testing commit b5dd0c658c31b469ccff1b637e5124851e7a4a1c with gcc (GCC) 8.1.0 all runs: OK # git bisect bad b5dd0c658c31b469ccff1b637e5124851e7a4a1c Bisecting: 25806 revisions left to test after this (roughly 15 steps) [738b04fba18d35cd352b7b15afefb8a7b798648e] Merge tag 'staging-4.20-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging testing commit 738b04fba18d35cd352b7b15afefb8a7b798648e with gcc (GCC) 8.1.0 all runs: OK # git bisect bad 738b04fba18d35cd352b7b15afefb8a7b798648e Bisecting: 13454 revisions left to test after this (roughly 14 steps) [ee090756962c58b32af62b768ac7c58cc53af700] Merge tag 'armsoc-defconfig' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc testing commit ee090756962c58b32af62b768ac7c58cc53af700 with gcc (GCC) 8.1.0 all runs: OK # git bisect bad ee090756962c58b32af62b768ac7c58cc53af700 Bisecting: 6501 revisions left to test after this (roughly 13 steps) [dafa5f6577a9eecd2941add553d1672c30b02364] Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 testing commit dafa5f6577a9eecd2941add553d1672c30b02364 with gcc (GCC) 8.1.0 all runs: crashed: KASAN: use-after-free Read in ep_scan_ready_list # git bisect good dafa5f6577a9eecd2941add553d1672c30b02364 Bisecting: 3181 revisions left to test after this (roughly 12 steps) [9bd553929f68921be0f2014dd06561e0c8249a0d] Merge tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma testing commit 9bd553929f68921be0f2014dd06561e0c8249a0d with gcc (GCC) 8.1.0 all runs: crashed: KASAN: use-after-free Read in ep_scan_ready_list # git bisect good 9bd553929f68921be0f2014dd06561e0c8249a0d Bisecting: 1605 revisions left to test after this (roughly 11 steps) [307797159ac25fe5a2048bf5c6a5718298edca57] pcmcia: remove long deprecated pcmcia_request_exclusive_irq() function testing commit 307797159ac25fe5a2048bf5c6a5718298edca57 with gcc (GCC) 8.1.0 all runs: OK # git bisect bad 307797159ac25fe5a2048bf5c6a5718298edca57 Bisecting: 787 revisions left to test after this (roughly 10 steps) [c3e39b07f64d56992080f8f634632dcfa7dfc85d] staging: fsl-dpaa2/eth: Merge header files testing commit c3e39b07f64d56992080f8f634632dcfa7dfc85d with gcc (GCC) 8.1.0 all runs: crashed: KASAN: use-after-free Read in ep_scan_ready_list # git bisect good c3e39b07f64d56992080f8f634632dcfa7dfc85d Bisecting: 411 revisions left to test after this (roughly 9 steps) [336722eb9d9732c5a497fb6299bf38cde413592b] Merge tag 'tty-4.19-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty testing commit 336722eb9d9732c5a497fb6299bf38cde413592b with gcc (GCC) 8.1.0 all runs: OK # git bisect bad 336722eb9d9732c5a497fb6299bf38cde413592b Bisecting: 209 revisions left to test after this (roughly 8 steps) [29c692c96b3a39cd1911fb79cd2505af8d070f07] USB: serial: pl2303: add a new device id for ATEN testing commit 29c692c96b3a39cd1911fb79cd2505af8d070f07 with gcc (GCC) 8.1.0 all runs: crashed: KASAN: use-after-free Read in ep_scan_ready_list # git bisect good 29c692c96b3a39cd1911fb79cd2505af8d070f07 Bisecting: 104 revisions left to test after this (roughly 7 steps) [87a5ffc163966b2eb675c9c863c0caccab3183f6] mm/list_lru.c: use list_lru_walk_one() in list_lru_walk_node() testing commit 87a5ffc163966b2eb675c9c863c0caccab3183f6 with gcc (GCC) 8.1.0 run #0: crashed: KASAN: use-after-free Read in ep_scan_ready_list run #1: crashed: KASAN: use-after-free Read in ep_scan_ready_list run #2: crashed: KASAN: use-after-free Read in ep_scan_ready_list run #3: crashed: KASAN: use-after-free Read in ep_scan_ready_list run #4: crashed: KASAN: use-after-free Read in ep_scan_ready_list run #5: crashed: KASAN: use-after-free Read in ep_scan_ready_list run #6: crashed: KASAN: use-after-free Read in ep_scan_ready_list run #7: crashed: KASAN: use-after-free Read in ep_scan_ready_list run #8: crashed: KASAN: use-after-free Read in p9_conn_cancel run #9: crashed: KASAN: use-after-free Read in ep_scan_ready_list # git bisect good 87a5ffc163966b2eb675c9c863c0caccab3183f6 Bisecting: 52 revisions left to test after this (roughly 6 steps) [36ecc1481dc8d8c52d43ba18c6b642c1d2fde789] pty: fix O_CLOEXEC for TIOCGPTPEER testing commit 36ecc1481dc8d8c52d43ba18c6b642c1d2fde789 with gcc (GCC) 8.1.0 all runs: crashed: KASAN: use-after-free Read in ep_scan_ready_list # git bisect good 36ecc1481dc8d8c52d43ba18c6b642c1d2fde789 Bisecting: 23 revisions left to test after this (roughly 5 steps) [1f7a4c73a739a63b3f108d8eda6f947fdc70dd65] Merge tag '9p-for-4.19-2' of git://github.com/martinetd/linux testing commit 1f7a4c73a739a63b3f108d8eda6f947fdc70dd65 with gcc (GCC) 8.1.0 all runs: OK # git bisect bad 1f7a4c73a739a63b3f108d8eda6f947fdc70dd65 Bisecting: 14 revisions left to test after this (roughly 4 steps) [430ac66eb4c5b5c4eb846b78ebf65747510b30f1] net/9p/trans_fd.c: fix race-condition by flushing workqueue before the kfree() testing commit 430ac66eb4c5b5c4eb846b78ebf65747510b30f1 with gcc (GCC) 8.1.0 all runs: OK # git bisect bad 430ac66eb4c5b5c4eb846b78ebf65747510b30f1 Bisecting: 6 revisions left to test after this (roughly 3 steps) [2d58f63f72f28ba297a9ae344a5b5f0cf75bcd94] 9p: Fix comment on smp_wmb testing commit 2d58f63f72f28ba297a9ae344a5b5f0cf75bcd94 with gcc (GCC) 8.1.0 all runs: crashed: KASAN: use-after-free Read in ep_scan_ready_list # git bisect good 2d58f63f72f28ba297a9ae344a5b5f0cf75bcd94 Bisecting: 3 revisions left to test after this (roughly 2 steps) [2557d0c57c0c11af915d0d4d97402527958c0c01] 9p: Embed wait_queue_head into p9_req_t testing commit 2557d0c57c0c11af915d0d4d97402527958c0c01 with gcc (GCC) 8.1.0 all runs: crashed: KASAN: use-after-free Read in ep_scan_ready_list # git bisect good 2557d0c57c0c11af915d0d4d97402527958c0c01 Bisecting: 1 revision left to test after this (roughly 1 step) [c7ebbae7cf9c50253a978f25d72d16e012bd46f1] net/9p/trans_virtio.c: fix some spell mistakes in comments testing commit c7ebbae7cf9c50253a978f25d72d16e012bd46f1 with gcc (GCC) 8.1.0 run #0: crashed: KASAN: use-after-free Read in ep_scan_ready_list run #1: crashed: KASAN: use-after-free Read in ep_scan_ready_list run #2: crashed: KASAN: use-after-free Read in ep_scan_ready_list run #3: crashed: KASAN: use-after-free Read in ep_scan_ready_list run #4: crashed: KASAN: use-after-free Read in ep_scan_ready_list run #5: crashed: KASAN: use-after-free Read in p9_conn_cancel run #6: crashed: KASAN: use-after-free Read in ep_scan_ready_list run #7: crashed: KASAN: use-after-free Read in ep_scan_ready_list run #8: crashed: KASAN: use-after-free Read in ep_scan_ready_list run #9: crashed: KASAN: use-after-free Read in ep_scan_ready_list # git bisect good c7ebbae7cf9c50253a978f25d72d16e012bd46f1 Bisecting: 0 revisions left to test after this (roughly 0 steps) [31934da810365f603dec5a67e690e00cf900fc73] net/9p/virtio: Fix hard lockup in req_done testing commit 31934da810365f603dec5a67e690e00cf900fc73 with gcc (GCC) 8.1.0 all runs: crashed: KASAN: use-after-free Read in ep_scan_ready_list # git bisect good 31934da810365f603dec5a67e690e00cf900fc73 430ac66eb4c5b5c4eb846b78ebf65747510b30f1 is the first bad commit commit 430ac66eb4c5b5c4eb846b78ebf65747510b30f1 Author: Tomas Bortoli Date: Fri Jul 20 11:27:30 2018 +0200 net/9p/trans_fd.c: fix race-condition by flushing workqueue before the kfree() The patch adds the flush in p9_mux_poll_stop() as it the function used by p9_conn_destroy(), in turn called by p9_fd_close() to stop the async polling associated with the data regarding the connection. Link: http://lkml.kernel.org/r/20180720092730.27104-1-tomasbortoli@gmail.com Signed-off-by: Tomas Bortoli Reported-by: syzbot+39749ed7d9ef6dfb23f6@syzkaller.appspotmail.com To: Eric Van Hensbergen To: Ron Minnich To: Latchesar Ionkov Cc: Yiwen Jiang Cc: stable@vger.kernel.org Signed-off-by: Dominique Martinet :040000 040000 2b90a26742f41f590296c62a5919e5585e6c55de 580948df285ae96f8ff9ccd49ec535c78ad96685 M net revisions tested: 19, total time: 3h46m47.098638842s (build: 1h35m53.740195196s, test: 2h2m49.383542183s) first good commit: 430ac66eb4c5b5c4eb846b78ebf65747510b30f1 net/9p/trans_fd.c: fix race-condition by flushing workqueue before the kfree() cc: ["asmadeus@codewreck.org" "davem@davemloft.net" "dominique.martinet@cea.fr" "ericvh@gmail.com" "jiangyiwen@huwei.com" "linux-kernel@vger.kernel.org" "lucho@ionkov.net" "netdev@vger.kernel.org" "tomasbortoli@gmail.com" "v9fs-developer@lists.sourceforge.net"]