bisecting fixing commit since f6d5cb9e2c06f7d583dd9f4f7cca21d13d78c32a
building syzkaller on abf9ba4fc75d9b29af15625d44dcfc1360fad3b7
testing commit f6d5cb9e2c06f7d583dd9f4f7cca21d13d78c32a with gcc (GCC) 8.1.0
kernel signature: 0207ec555c3686162998ad6cdd8ada1f9ac441bd3b00075229a7a1c79553bd68
all runs: crashed: KASAN: use-after-free Read in cuse_channel_release
testing current HEAD b09c34517e1ac4018e3bb75ed5c8610a8a1f486b
testing commit b09c34517e1ac4018e3bb75ed5c8610a8a1f486b with gcc (GCC) 8.1.0
kernel signature: 81a28e9be4391b919e347667ad010b48703b0b67661efe268feac731add95347
all runs: OK
# git bisect start b09c34517e1ac4018e3bb75ed5c8610a8a1f486b f6d5cb9e2c06f7d583dd9f4f7cca21d13d78c32a
Bisecting: 316 revisions left to test after this (roughly 8 steps)
[61279a7b3e337b8c8605987591964db4a2b3eb91] SUNRPC: stop printk reading past end of string
testing commit 61279a7b3e337b8c8605987591964db4a2b3eb91 with gcc (GCC) 8.1.0
kernel signature: 0c55842c39aa486c5d16c62e3d46c95feb4329e0605da89f34a8a5ff226b2b8c
all runs: OK
# git bisect bad 61279a7b3e337b8c8605987591964db4a2b3eb91
Bisecting: 158 revisions left to test after this (roughly 7 steps)
[9895dfea9610ae54be8890b98eb17fd7f1496c75] bnxt_en: Fix PCI AER error recovery flow
testing commit 9895dfea9610ae54be8890b98eb17fd7f1496c75 with gcc (GCC) 8.1.0
kernel signature: 590bf2840db069aebced7d3b7d0f49efdd623399f572e84ffe7404f2516a439b
all runs: crashed: KASAN: use-after-free Read in cuse_channel_release
# git bisect good 9895dfea9610ae54be8890b98eb17fd7f1496c75
Bisecting: 79 revisions left to test after this (roughly 6 steps)
[d2dd6d5a77c5dbee03a5ffe75811f6e906599df4] arm64: dts: ns2: Fixed QSPI compatible string
testing commit d2dd6d5a77c5dbee03a5ffe75811f6e906599df4 with gcc (GCC) 8.1.0
kernel signature: 53fe7a7e3f3034edc5a4c1a9dc75eb5f64729c64a5f89d1143c1c1a154862750
all runs: OK
# git bisect bad d2dd6d5a77c5dbee03a5ffe75811f6e906599df4
Bisecting: 39 revisions left to test after this (roughly 5 steps)
[b0a689f84d53a8b923302cfab10527ada27d962c] affs: fix basic permission bits to actually work
testing commit b0a689f84d53a8b923302cfab10527ada27d962c with gcc (GCC) 8.1.0
kernel signature: ab4cebc22cb96dbaaf00f5d3e404fb37e90fd3379d6c259273f87a2eeda42551
all runs: OK
# git bisect bad b0a689f84d53a8b923302cfab10527ada27d962c
Bisecting: 19 revisions left to test after this (roughly 4 steps)
[884fee7632168ab59ed49a26de430fa3ed5c6a86] xfs: don't update mtime on COW faults
testing commit 884fee7632168ab59ed49a26de430fa3ed5c6a86 with gcc (GCC) 8.1.0
kernel signature: cb70108e6e0355d51a0f63388bebbb4245eb48ebfd1ac40a84aebeea2d5edb54
all runs: OK
# git bisect bad 884fee7632168ab59ed49a26de430fa3ed5c6a86
Bisecting: 9 revisions left to test after this (roughly 3 steps)
[37d933e8b41b83bb8278815e366aec5a542b7e31] fix regression in "epoll: Keep a reference on files added to the check list"
testing commit 37d933e8b41b83bb8278815e366aec5a542b7e31 with gcc (GCC) 8.1.0
kernel signature: 19852b4733c33ef28ec40a27725315d6a5520ae2a2482b12d584f71d713c0a78
all runs: OK
# git bisect bad 37d933e8b41b83bb8278815e366aec5a542b7e31
Bisecting: 4 revisions left to test after this (roughly 2 steps)
[0430561c8e0f4b497b29a169445e2477c607e27b] selftests/bpf: Fix massive output from test_maps
testing commit 0430561c8e0f4b497b29a169445e2477c607e27b with gcc (GCC) 8.1.0
kernel signature: ad7cb6eb5fedc4d1e152c30efad1d32de8bb622f1a2aedabd345137d5269d1aa
run #0: crashed: BUG: corrupted list in fuse_dev_free
run #1: crashed: KASAN: use-after-free Read in cuse_channel_release
run #2: crashed: BUG: corrupted list in fuse_dev_free
run #3: crashed: BUG: corrupted list in fuse_dev_free
run #4: crashed: KASAN: use-after-free Read in cuse_channel_release
run #5: crashed: KASAN: use-after-free Read in cuse_channel_release
run #6: crashed: KASAN: use-after-free Read in cuse_channel_release
run #7: crashed: KASAN: use-after-free Read in cuse_channel_release
run #8: crashed: KASAN: use-after-free Read in cuse_channel_release
run #9: crashed: KASAN: use-after-free Read in cuse_channel_release
# git bisect good 0430561c8e0f4b497b29a169445e2477c607e27b
Bisecting: 2 revisions left to test after this (roughly 1 step)
[dff6a2c2828bce13f32c62029def97195f8830f6] nvmet-fc: Fix a missed _irqsave version of spin_lock in 'nvmet_fc_fod_op_done()'
testing commit dff6a2c2828bce13f32c62029def97195f8830f6 with gcc (GCC) 8.1.0
kernel signature: 7c366a75dbdba3a55ca6b3fe0efd623588e85061a7113943e41a3a73cc57559d
all runs: crashed: KASAN: use-after-free Read in cuse_channel_release
# git bisect good dff6a2c2828bce13f32c62029def97195f8830f6
Bisecting: 0 revisions left to test after this (roughly 1 step)
[f00d82c3fb4368afb41cba89b287801a7888627c] net: ethernet: mlx4: Fix memory allocation in mlx4_buddy_init()
testing commit f00d82c3fb4368afb41cba89b287801a7888627c with gcc (GCC) 8.1.0
kernel signature: 4e8c185903bfd31b1630d631ee0fafdd81169398dee85fca9d7dfc85eff837b0
run #0: crashed: KASAN: use-after-free Read in cuse_channel_release
run #1: crashed: KASAN: use-after-free Read in cuse_channel_release
run #2: crashed: BUG: corrupted list in fuse_dev_free
run #3: crashed: KASAN: use-after-free Read in cuse_channel_release
run #4: crashed: KASAN: use-after-free Read in cuse_channel_release
run #5: crashed: BUG: corrupted list in corrupted
run #6: crashed: KASAN: use-after-free Read in cuse_channel_release
run #7: crashed: KASAN: use-after-free Read in cuse_channel_release
run #8: crashed: KASAN: use-after-free Read in cuse_channel_release
run #9: crashed: KASAN: use-after-free Read in cuse_channel_release
# git bisect good f00d82c3fb4368afb41cba89b287801a7888627c
37d933e8b41b83bb8278815e366aec5a542b7e31 is the first bad commit
commit 37d933e8b41b83bb8278815e366aec5a542b7e31
Author: Al Viro <viro@zeniv.linux.org.uk>
Date:   Wed Sep 2 11:30:48 2020 -0400

    fix regression in "epoll: Keep a reference on files added to the check list"
    
    [ Upstream commit 77f4689de17c0887775bb77896f4cc11a39bf848 ]
    
    epoll_loop_check_proc() can run into a file already committed to destruction;
    we can't grab a reference on those and don't need to add them to the set for
    reverse path check anyway.
    
    Tested-by: Marc Zyngier <maz@kernel.org>
    Fixes: a9ed4a6560b8 ("epoll: Keep a reference on files added to the check list")
    Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
    Signed-off-by: Sasha Levin <sashal@kernel.org>

 fs/eventpoll.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)
culprit signature: 19852b4733c33ef28ec40a27725315d6a5520ae2a2482b12d584f71d713c0a78
parent  signature: 4e8c185903bfd31b1630d631ee0fafdd81169398dee85fca9d7dfc85eff837b0
revisions tested: 11, total time: 3h0m26.717901979s (build: 1h43m47.307162646s, test: 1h15m20.657403093s)
first good commit: 37d933e8b41b83bb8278815e366aec5a542b7e31 fix regression in "epoll: Keep a reference on files added to the check list"
recipients (to): ["maz@kernel.org" "sashal@kernel.org" "viro@zeniv.linux.org.uk"]
recipients (cc): []