bisecting fixing commit since f75aef392f869018f78cfedf3c320a6b3fcfda6b building syzkaller on d5a3ae1f760e7cb2cd5a721d9645ae22eae114fe testing commit f75aef392f869018f78cfedf3c320a6b3fcfda6b with gcc (GCC) 8.1.0 kernel signature: 5c64292cc66cab6e418f7e5b6733b50f8adbf8799210562ae4d66c53a95e195b run #0: crashed: WARNING: refcount bug in delete_partition run #1: crashed: WARNING: kobject bug in delete_partition run #2: crashed: no output from test machine run #3: crashed: no output from test machine run #4: crashed: no output from test machine run #5: crashed: no output from test machine run #6: crashed: no output from test machine run #7: crashed: no output from test machine run #8: crashed: no output from test machine run #9: crashed: no output from test machine testing current HEAD c85fb28b6f999db9928b841f63f1beeb3074eeca testing commit c85fb28b6f999db9928b841f63f1beeb3074eeca with gcc (GCC) 8.1.0 kernel signature: 0b635d1338cfd5d3c30ca26e582c40ea9c0de1c9ea76718540bebf838c136776 all runs: OK # git bisect start c85fb28b6f999db9928b841f63f1beeb3074eeca f75aef392f869018f78cfedf3c320a6b3fcfda6b Bisecting: 779 revisions left to test after this (roughly 10 steps) [1fd79656f7d59b2ccfc8d7ec8136db60d21f1e0a] Merge tag 'iommu-fixes-v5.9-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/joro/iommu testing commit 1fd79656f7d59b2ccfc8d7ec8136db60d21f1e0a with gcc (GCC) 8.1.0 kernel signature: 27ff82fb4c0a684ed6c0d9f3564860be93285826102634cbf2622b4b5be17b34 all runs: OK # git bisect bad 1fd79656f7d59b2ccfc8d7ec8136db60d21f1e0a Bisecting: 387 revisions left to test after this (roughly 9 steps) [70187f7727d4ddd8282b576ece93ca233e88b19e] Merge tag 'arc-5.9-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/vgupta/arc testing commit 70187f7727d4ddd8282b576ece93ca233e88b19e with gcc (GCC) 8.1.0 kernel signature: 66228dde29623f01aecc7e4cb6d2cb9b139765f5eef75cc0e77efa5369d9f157 all runs: OK # git bisect bad 70187f7727d4ddd8282b576ece93ca233e88b19e Bisecting: 170 revisions left to test after this (roughly 8 steps) [3e8d3bdc2a757cc6be5470297947799a7df445cc] Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net testing commit 3e8d3bdc2a757cc6be5470297947799a7df445cc with gcc (GCC) 8.1.0 kernel signature: 2145e4dfd7910e25506a92ef63e9dfeea03af80992ed3e38c40a5744b9ad1eec run #0: crashed: WARNING: refcount bug in delete_partition run #1: crashed: BUG: unable to handle kernel NULL pointer dereference in kernfs_find_ns run #2: crashed: WARNING: kobject bug in delete_partition run #3: crashed: WARNING: refcount bug in delete_partition run #4: crashed: no output from test machine run #5: crashed: no output from test machine run #6: crashed: no output from test machine run #7: crashed: no output from test machine run #8: crashed: no output from test machine run #9: crashed: no output from test machine # git bisect good 3e8d3bdc2a757cc6be5470297947799a7df445cc Bisecting: 86 revisions left to test after this (roughly 7 steps) [d849ca483dba7546ad176da83bf66d1c013725f6] Merge tag 'io_uring-5.9-2020-09-04' of git://git.kernel.dk/linux-block testing commit d849ca483dba7546ad176da83bf66d1c013725f6 with gcc (GCC) 8.1.0 kernel signature: fa826bd457fb5a11fe8cd0f3347d5aae4dff9077461d80e31ad5f757cd05b099 run #0: crashed: WARNING: refcount bug in delete_partition run #1: crashed: WARNING: kobject bug in delete_partition run #2: crashed: WARNING: kobject bug in delete_partition run #3: crashed: WARNING: refcount bug in delete_partition run #4: crashed: no output from test machine run #5: crashed: no output from test machine run #6: crashed: no output from test machine run #7: crashed: no output from test machine run #8: crashed: no output from test machine run #9: crashed: no output from test machine # git bisect good d849ca483dba7546ad176da83bf66d1c013725f6 Bisecting: 46 revisions left to test after this (roughly 6 steps) [41bef91c8aa351255cd19e7e72608ee86f7f4bab] Merge tag 'kbuild-fixes-v5.9-2' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild testing commit 41bef91c8aa351255cd19e7e72608ee86f7f4bab with gcc (GCC) 8.1.0 kernel signature: bf5892c258134bf58a88e145de6b57de4ea7dba4be01b4356b64651efb79d5c1 all runs: OK # git bisect bad 41bef91c8aa351255cd19e7e72608ee86f7f4bab Bisecting: 19 revisions left to test after this (roughly 4 steps) [e11d80a849e010f78243bb6f6af7dccef3a71a90] blk-stat: make q->stats->lock irqsafe testing commit e11d80a849e010f78243bb6f6af7dccef3a71a90 with gcc (GCC) 8.1.0 kernel signature: 5e884f99c2262d1cecd1bec8747a4b9aa71adcd17367b0286ee1b9fd3157998e all runs: OK # git bisect bad e11d80a849e010f78243bb6f6af7dccef3a71a90 Bisecting: 9 revisions left to test after this (roughly 3 steps) [7cd49f7576b0c61d6c4a2114cda08cc4d5ce0028] nvme: Fix NULL dereference for pci nvme controllers testing commit 7cd49f7576b0c61d6c4a2114cda08cc4d5ce0028 with gcc (GCC) 8.1.0 kernel signature: 4b84029a22553ed39166464e9715897289fc86f5fe3aea2a7ddaea93816c68c3 run #0: crashed: WARNING: refcount bug in delete_partition run #1: crashed: WARNING: refcount bug in delete_partition run #2: crashed: WARNING: kobject bug in delete_partition run #3: crashed: no output from test machine run #4: crashed: no output from test machine run #5: crashed: no output from test machine run #6: crashed: no output from test machine run #7: crashed: no output from test machine run #8: crashed: no output from test machine run #9: crashed: no output from test machine # git bisect good 7cd49f7576b0c61d6c4a2114cda08cc4d5ce0028 Bisecting: 4 revisions left to test after this (roughly 2 steps) [5d220bcd378a1de14b9609c2706e041ba62253b6] Merge branch 'nvme-5.9-rc' of git://git.infradead.org/nvme into block-5.9 testing commit 5d220bcd378a1de14b9609c2706e041ba62253b6 with gcc (GCC) 8.1.0 kernel signature: 3e5d41b9ceb2f4bd3cce510b99da2f5524aca458e52398dd11678294e99db755 run #0: crashed: WARNING: kobject bug in delete_partition run #1: crashed: no output from test machine run #2: crashed: no output from test machine run #3: crashed: no output from test machine run #4: crashed: no output from test machine run #5: crashed: no output from test machine run #6: crashed: no output from test machine run #7: crashed: no output from test machine run #8: crashed: no output from test machine run #9: crashed: no output from test machine # git bisect good 5d220bcd378a1de14b9609c2706e041ba62253b6 Bisecting: 2 revisions left to test after this (roughly 1 step) [cafe01ef8fcb248583038e1be071383530fe355a] block: release disk reference in hd_struct_free_work testing commit cafe01ef8fcb248583038e1be071383530fe355a with gcc (GCC) 8.1.0 kernel signature: 06e8c21ca126c349fb4f909a600914a9b740a61c06996fe1f9c05ff5b3d78644 run #0: crashed: WARNING: kobject bug in delete_partition run #1: crashed: WARNING: kobject bug in delete_partition run #2: crashed: WARNING: kobject bug in delete_partition run #3: crashed: no output from test machine run #4: crashed: no output from test machine run #5: crashed: no output from test machine run #6: crashed: no output from test machine run #7: crashed: no output from test machine run #8: crashed: no output from test machine run #9: crashed: no output from test machine # git bisect good cafe01ef8fcb248583038e1be071383530fe355a Bisecting: 0 revisions left to test after this (roughly 1 step) [5aeac7c4b16069aae49005f0a8d4526baa83341b] blk-iocost: ioc_pd_free() shouldn't assume irq disabled testing commit 5aeac7c4b16069aae49005f0a8d4526baa83341b with gcc (GCC) 8.1.0 kernel signature: ca05a13d3524c10872ebe6fd360a9b4ccca5ab1a98c2496ae755865102906665 all runs: OK # git bisect bad 5aeac7c4b16069aae49005f0a8d4526baa83341b Bisecting: 0 revisions left to test after this (roughly 0 steps) [08fc1ab6d748ab1a690fd483f41e2938984ce353] block: fix locking in bdev_del_partition testing commit 08fc1ab6d748ab1a690fd483f41e2938984ce353 with gcc (GCC) 8.1.0 kernel signature: 6a5b05203e732e0639a6817aed3d1f43eee5b36876849acd1da70d8d22750635 all runs: OK # git bisect bad 08fc1ab6d748ab1a690fd483f41e2938984ce353 08fc1ab6d748ab1a690fd483f41e2938984ce353 is the first bad commit commit 08fc1ab6d748ab1a690fd483f41e2938984ce353 Author: Christoph Hellwig Date: Tue Sep 1 11:59:41 2020 +0200 block: fix locking in bdev_del_partition We need to hold the whole device bd_mutex to protect against other thread concurrently deleting out partition before we get to it, and thus causing a use after free. Fixes: cddae808aeb7 ("block: pass a hd_struct to delete_partition") Reported-by: syzbot+6448f3c229bc52b82f69@syzkaller.appspotmail.com Signed-off-by: Christoph Hellwig Signed-off-by: Jens Axboe block/partitions/core.c | 27 +++++++++++++-------------- 1 file changed, 13 insertions(+), 14 deletions(-) culprit signature: 6a5b05203e732e0639a6817aed3d1f43eee5b36876849acd1da70d8d22750635 parent signature: 06e8c21ca126c349fb4f909a600914a9b740a61c06996fe1f9c05ff5b3d78644 revisions tested: 13, total time: 3h10m24.081567068s (build: 1h5m49.134912274s, test: 2h3m1.158516853s) first good commit: 08fc1ab6d748ab1a690fd483f41e2938984ce353 block: fix locking in bdev_del_partition recipients (to): ["axboe@kernel.dk" "axboe@kernel.dk" "hch@lst.de" "linux-block@vger.kernel.org"] recipients (cc): ["linux-kernel@vger.kernel.org"]