bisecting fixing commit since b91db6a0b52e019b6bdabea3f1dbe36d85c7e52c building syzkaller on 7eb7e15259fddd67759f90feb2b016da878f76c7 testing commit b91db6a0b52e019b6bdabea3f1dbe36d85c7e52c compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 05f6f3a555b0728b3a901eada208081797c8ecf9291c6dc7b4b4ecf4480e6bb3 run #0: crashed: general protection fault in __io_file_supports_nowait run #1: crashed: general protection fault in __io_file_supports_nowait run #2: crashed: general protection fault in __io_file_supports_nowait run #3: crashed: general protection fault in __io_file_supports_nowait run #4: crashed: general protection fault in __io_file_supports_nowait run #5: crashed: general protection fault in __io_file_supports_nowait run #6: crashed: general protection fault in __io_file_supports_nowait run #7: crashed: general protection fault in __io_file_supports_nowait run #8: crashed: general protection fault in __io_file_supports_nowait run #9: crashed: general protection fault in __io_file_supports_nowait run #10: crashed: general protection fault in __io_file_supports_nowait run #11: crashed: general protection fault in __io_file_supports_nowait run #12: crashed: general protection fault in __io_file_supports_nowait run #13: crashed: general protection fault in __io_file_supports_nowait run #14: crashed: general protection fault in __io_file_supports_nowait run #15: crashed: general protection fault in __io_file_supports_nowait run #16: crashed: general protection fault in __io_file_supports_nowait run #17: crashed: general protection fault in __io_file_supports_nowait run #18: crashed: general protection fault in __io_file_supports_nowait run #19: boot failed: possible deadlock in blktrans_open testing current HEAD 60a9483534ed0d99090a2ee1d4bb0b8179195f51 testing commit 60a9483534ed0d99090a2ee1d4bb0b8179195f51 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 8db19b9062a1e47664400316b31ff23f997e121508755aae98e9b7ec4eeab9ff all runs: OK # git bisect start 60a9483534ed0d99090a2ee1d4bb0b8179195f51 b91db6a0b52e019b6bdabea3f1dbe36d85c7e52c Bisecting: 5457 revisions left to test after this (roughly 13 steps) [477f70cd2a67904e04c2c2b9bd0fa2e95222f2f6] Merge tag 'drm-next-2021-08-31-1' of git://anongit.freedesktop.org/drm/drm testing commit 477f70cd2a67904e04c2c2b9bd0fa2e95222f2f6 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 0e0145073c5c69a8263c67b15814e02ca63cd1ac00cff9e40abd691218b4c98e run #0: crashed: general protection fault in __io_file_supports_nowait run #1: crashed: general protection fault in __io_file_supports_nowait run #2: crashed: general protection fault in __io_file_supports_nowait run #3: crashed: general protection fault in __io_file_supports_nowait run #4: crashed: general protection fault in __io_file_supports_nowait run #5: crashed: general protection fault in __io_file_supports_nowait run #6: crashed: general protection fault in __io_file_supports_nowait run #7: crashed: general protection fault in __io_file_supports_nowait run #8: crashed: general protection fault in __io_file_supports_nowait run #9: boot failed: possible deadlock in blktrans_open # git bisect good 477f70cd2a67904e04c2c2b9bd0fa2e95222f2f6 Bisecting: 2718 revisions left to test after this (roughly 11 steps) [e07af2626643293fa16df655979e7963250abc63] Merge tag 'arc-5.15-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/vgupta/arc testing commit e07af2626643293fa16df655979e7963250abc63 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 5ecd44ae3c8977821cf8834793c6557b1c34ad6a752202f9d753037e1abe9d22 all runs: crashed: general protection fault in __io_file_supports_nowait # git bisect good e07af2626643293fa16df655979e7963250abc63 Bisecting: 1388 revisions left to test after this (roughly 10 steps) [a668acb8f01fc0d1e3877cddecbe319ef2ef651c] Merge tag 'drm-next-2021-09-10' of git://anongit.freedesktop.org/drm/drm testing commit a668acb8f01fc0d1e3877cddecbe319ef2ef651c compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: b3a2a44d2283f84c6a493661cc0ce3519b38ace2cd6521708a89f38d99a9d828 all runs: OK # git bisect bad a668acb8f01fc0d1e3877cddecbe319ef2ef651c Bisecting: 691 revisions left to test after this (roughly 9 steps) [b339ec9c229aaf399296a120d7be0e34fbc355ca] kbuild: Only default to -Werror if COMPILE_TEST testing commit b339ec9c229aaf399296a120d7be0e34fbc355ca compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 854df4c5ec02470f86f70e4e2a15bdf39e5d2d17432641eca77179d57acde928 run #0: basic kernel testing failed: KFENCE: use-after-free in kvm_fastop_exception run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect bad b339ec9c229aaf399296a120d7be0e34fbc355ca Bisecting: 329 revisions left to test after this (roughly 8 steps) [a2b28235335fee2586b4bd16448fb59ed6c80eef] Merge branch 'dmi-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jdelvare/staging testing commit a2b28235335fee2586b4bd16448fb59ed6c80eef compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 1f788fd228d5e540096ed1ad69abdc8bd6219e91b179c2889656ea14f4b3225f all runs: OK # git bisect bad a2b28235335fee2586b4bd16448fb59ed6c80eef Bisecting: 138 revisions left to test after this (roughly 7 steps) [27151f177827d478508e756c7657273261aaf8a9] Merge tag 'perf-tools-for-v5.15-2021-09-04' of git://git.kernel.org/pub/scm/linux/kernel/git/acme/linux testing commit 27151f177827d478508e756c7657273261aaf8a9 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: ede238ad5d326cfafe992d480af119fe228a18a13de87f94ce8346646c97de4a all runs: crashed: general protection fault in __io_file_supports_nowait # git bisect good 27151f177827d478508e756c7657273261aaf8a9 Bisecting: 87 revisions left to test after this (roughly 6 steps) [75b96f0ec5faf730128c32187e3e28441c27a094] Merge tag 'fuse-update-5.15' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/fuse testing commit 75b96f0ec5faf730128c32187e3e28441c27a094 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 3387f8b6e7e16e64e46cfd2c6a494c2deb98b50fe65b3d3290536db816df9454 all runs: OK # git bisect bad 75b96f0ec5faf730128c32187e3e28441c27a094 Bisecting: 27 revisions left to test after this (roughly 5 steps) [03085b3d5a45a60061423ac4857f339c7cb260ff] Merge tag 'misc-5.15-2021-09-05' of git://git.kernel.dk/linux-block testing commit 03085b3d5a45a60061423ac4857f339c7cb260ff compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 4c7477dfd22196cd2fc2a26dd67f1afdec010229f005b00f9c2cec66f5c892da all runs: OK # git bisect bad 03085b3d5a45a60061423ac4857f339c7cb260ff Bisecting: 11 revisions left to test after this (roughly 4 steps) [3146cba99aa284b1d4a10fbd923df953f1d18035] io-wq: make worker creation resilient against signals testing commit 3146cba99aa284b1d4a10fbd923df953f1d18035 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 475d2b0dc13f66514f20eb0c899ea3dc1b9c75457b6e812949d90f224b2eb02b all runs: OK # git bisect bad 3146cba99aa284b1d4a10fbd923df953f1d18035 Bisecting: 5 revisions left to test after this (roughly 3 steps) [c6d3d9cbd659de8f2176b4e4721149c88ac096d4] io_uring: fix queueing half-created requests testing commit c6d3d9cbd659de8f2176b4e4721149c88ac096d4 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 8de977ae101a19b0e01f7edabfad61d0b8de46f53d97e8381506749cd14b42a6 all runs: OK # git bisect bad c6d3d9cbd659de8f2176b4e4721149c88ac096d4 Bisecting: 2 revisions left to test after this (roughly 1 step) [7b3188e7ed54102a5dcc73d07727f41fb528f7c8] io_uring: IORING_OP_WRITE needs hash_reg_file set testing commit 7b3188e7ed54102a5dcc73d07727f41fb528f7c8 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 9dc6d721df487b2cfa108ce5e92635ab0ff3e05f2086fa42eb56bd269ac351fa all runs: crashed: general protection fault in __io_file_supports_nowait # git bisect good 7b3188e7ed54102a5dcc73d07727f41fb528f7c8 Bisecting: 0 revisions left to test after this (roughly 1 step) [08bdbd39b58474d762242e1fadb7f2eb9ffcca71] io-wq: ensure that hash wait lock is IRQ disabling testing commit 08bdbd39b58474d762242e1fadb7f2eb9ffcca71 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 638dad55712bda14bfa14a7a5313c5baac9e37c71a7cc2e051c58a4303554f72 all runs: crashed: general protection fault in __io_file_supports_nowait # git bisect good 08bdbd39b58474d762242e1fadb7f2eb9ffcca71 c6d3d9cbd659de8f2176b4e4721149c88ac096d4 is the first bad commit commit c6d3d9cbd659de8f2176b4e4721149c88ac096d4 Author: Pavel Begunkov Date: Tue Aug 31 14:13:10 2021 +0100 io_uring: fix queueing half-created requests [ 27.259845] general protection fault, probably for non-canonical address 0xdffffc0000000005: 0000 [#1] SMP KASAN PTI [ 27.261043] KASAN: null-ptr-deref in range [0x0000000000000028-0x000000000000002f] [ 27.263730] RIP: 0010:sock_from_file+0x20/0x90 [ 27.272444] Call Trace: [ 27.272736] io_sendmsg+0x98/0x600 [ 27.279216] io_issue_sqe+0x498/0x68d0 [ 27.281142] __io_queue_sqe+0xab/0xb50 [ 27.285830] io_req_task_submit+0xbf/0x1b0 [ 27.286306] tctx_task_work+0x178/0xad0 [ 27.288211] task_work_run+0xe2/0x190 [ 27.288571] exit_to_user_mode_prepare+0x1a1/0x1b0 [ 27.289041] syscall_exit_to_user_mode+0x19/0x50 [ 27.289521] do_syscall_64+0x48/0x90 [ 27.289871] entry_SYSCALL_64_after_hwframe+0x44/0xae io_req_complete_failed() -> io_req_complete_post() -> io_req_task_queue() still would try to enqueue hard linked request, which can be half prepared (e.g. failed init), so we can't allow that to happen. Fixes: a8295b982c46d ("io_uring: fix failed linkchain code logic") Reported-by: syzbot+f9704d1878e290eddf73@syzkaller.appspotmail.com Signed-off-by: Pavel Begunkov Link: https://lore.kernel.org/r/70b513848c1000f88bd75965504649c6bb1415c0.1630415423.git.asml.silence@gmail.com Signed-off-by: Jens Axboe fs/io_uring.c | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) culprit signature: 8de977ae101a19b0e01f7edabfad61d0b8de46f53d97e8381506749cd14b42a6 parent signature: 638dad55712bda14bfa14a7a5313c5baac9e37c71a7cc2e051c58a4303554f72 revisions tested: 14, total time: 3h27m49.373348276s (build: 1h38m51.819642498s, test: 1h47m23.601023156s) first good commit: c6d3d9cbd659de8f2176b4e4721149c88ac096d4 io_uring: fix queueing half-created requests recipients (to): ["asml.silence@gmail.com" "axboe@kernel.dk" "axboe@kernel.dk" "io-uring@vger.kernel.org"] recipients (cc): ["asml.silence@gmail.com" "linux-kernel@vger.kernel.org"]