bisecting fixing commit since 4abf26854aade9732a215a168205fa9fecd6149a
building syzkaller on 40cc414d10dabacf34877f4902279729ca3bc011
testing commit 4abf26854aade9732a215a168205fa9fecd6149a with gcc (GCC) 8.1.0
kernel signature: 7aec7ca4b8c1b0b9f59772b57283d7e061719b3141026ed9754b3ef242fc6d0a
all runs: crashed: WARNING in md_ioctl
testing current HEAD 2263955bf7e71ca8419b64d7a60510aad29002f6
testing commit 2263955bf7e71ca8419b64d7a60510aad29002f6 with gcc (GCC) 8.1.0
kernel signature: 3beee0f4bd98353e3f03fec4d86177bdb4b5e7fc3d996317fbbb54de13db2785
all runs: OK
# git bisect start 2263955bf7e71ca8419b64d7a60510aad29002f6 4abf26854aade9732a215a168205fa9fecd6149a
Bisecting: 306 revisions left to test after this (roughly 8 steps)
[64a48bf56640f2f78bebdfa2117df44a3e054955] PM: ACPI: PCI: Drop acpi_pm_set_bridge_wakeup()

testing commit 64a48bf56640f2f78bebdfa2117df44a3e054955 with gcc (GCC) 8.1.0
kernel signature: ab87f19fe1240f9058f996377ff568c6fdae70f9b3f8bc2f62b03621751dceee
all runs: OK
# git bisect bad 64a48bf56640f2f78bebdfa2117df44a3e054955
Bisecting: 152 revisions left to test after this (roughly 7 steps)
[e3cfad9d183a8c0e05ec6829326643edd3f8b122] crypto: talitos - Endianess in current_desc_hdr()

testing commit e3cfad9d183a8c0e05ec6829326643edd3f8b122 with gcc (GCC) 8.1.0
kernel signature: 3005ac270320adb7d869ecd2bb73882143560c234bbbf2babc4871f353205394
all runs: OK
# git bisect bad e3cfad9d183a8c0e05ec6829326643edd3f8b122
Bisecting: 76 revisions left to test after this (roughly 6 steps)
[30b1b5aae6b2ffef8e0cf64fb0b555bb3e4a1026] net: stmmac: delete the eee_ctrl_timer after napi disabled

testing commit 30b1b5aae6b2ffef8e0cf64fb0b555bb3e4a1026 with gcc (GCC) 8.1.0
kernel signature: 477919e86390072d0f0e273767f6973dc146cae59f842f06050f15e9ae3427f5
all runs: crashed: WARNING in md_ioctl
# git bisect good 30b1b5aae6b2ffef8e0cf64fb0b555bb3e4a1026
Bisecting: 38 revisions left to test after this (roughly 5 steps)
[bf187ef6e11c96cc49227eab966572806dbbc59b] vxlan: Add needed_headroom for lower device

testing commit bf187ef6e11c96cc49227eab966572806dbbc59b with gcc (GCC) 8.1.0
kernel signature: c1d2b1d9a51546829a1c6b40c0bb6135fdf76270e2799f2d9d30c061e7ee2eea
all runs: crashed: WARNING in md_ioctl
# git bisect good bf187ef6e11c96cc49227eab966572806dbbc59b
Bisecting: 19 revisions left to test after this (roughly 4 steps)
[7bae84821b47e2ffa87a7afcb6891dd7e61c65ef] quota: Sanity-check quota file headers on load

testing commit 7bae84821b47e2ffa87a7afcb6891dd7e61c65ef with gcc (GCC) 8.1.0
kernel signature: 55bc957c058dd7a8b76fdd958596d5a0c820efb57b05b237fa270e1aa7831f8b
all runs: crashed: WARNING in md_ioctl
# git bisect good 7bae84821b47e2ffa87a7afcb6891dd7e61c65ef
Bisecting: 9 revisions left to test after this (roughly 3 steps)
[adb832343a8fe70ecca0b78abbe88632052de487] soc: qcom: geni: More properly switch to DMA mode

testing commit adb832343a8fe70ecca0b78abbe88632052de487 with gcc (GCC) 8.1.0
kernel signature: 0e0ca8c3464137c77dc138936887c8aecca0409e54d0392dbdbab4a5937f156d
all runs: OK
# git bisect bad adb832343a8fe70ecca0b78abbe88632052de487
Bisecting: 4 revisions left to test after this (roughly 2 steps)
[7c1abeea728aa407cbbda9f31d89d9b0c8b164dd] perf cs-etm: Move definition of 'traceid_list' global variable from header file

testing commit 7c1abeea728aa407cbbda9f31d89d9b0c8b164dd with gcc (GCC) 8.1.0
kernel signature: 0e0ca8c3464137c77dc138936887c8aecca0409e54d0392dbdbab4a5937f156d
all runs: OK
# git bisect bad 7c1abeea728aa407cbbda9f31d89d9b0c8b164dd
Bisecting: 2 revisions left to test after this (roughly 1 step)
[268a84d36ee80752e73db4a3010cac42c7dbdc2b] crypto: af_alg - avoid undefined behavior accessing salg_name

testing commit 268a84d36ee80752e73db4a3010cac42c7dbdc2b with gcc (GCC) 8.1.0
kernel signature: da94465829114a4fe703807f4be05428a945b87f54572adcd0516762b8a9ef5e
all runs: crashed: WARNING in md_ioctl
# git bisect good 268a84d36ee80752e73db4a3010cac42c7dbdc2b
Bisecting: 0 revisions left to test after this (roughly 1 step)
[6cb5508fc9c88974b7300b05c079e98c895f0e86] perf cs-etm: Change tuple from traceID-CPU# to traceID-metadata

testing commit 6cb5508fc9c88974b7300b05c079e98c895f0e86 with gcc (GCC) 8.1.0
kernel signature: 0e0ca8c3464137c77dc138936887c8aecca0409e54d0392dbdbab4a5937f156d
all runs: OK
# git bisect bad 6cb5508fc9c88974b7300b05c079e98c895f0e86
Bisecting: 0 revisions left to test after this (roughly 0 steps)
[b85abab5913d89ee78bc5bb08231acb578677898] md: fix a warning caused by a race between concurrent md_ioctl()s

testing commit b85abab5913d89ee78bc5bb08231acb578677898 with gcc (GCC) 8.1.0
kernel signature: 0e0ca8c3464137c77dc138936887c8aecca0409e54d0392dbdbab4a5937f156d
all runs: OK
# git bisect bad b85abab5913d89ee78bc5bb08231acb578677898
b85abab5913d89ee78bc5bb08231acb578677898 is the first bad commit
commit b85abab5913d89ee78bc5bb08231acb578677898
Author: Dae R. Jeong <dae.r.jeong@kaist.ac.kr>
Date:   Thu Oct 22 10:21:28 2020 +0900

    md: fix a warning caused by a race between concurrent md_ioctl()s
    
    commit c731b84b51bf7fe83448bea8f56a6d55006b0615 upstream.
    
    Syzkaller reports a warning as belows.
    WARNING: CPU: 0 PID: 9647 at drivers/md/md.c:7169
    ...
    Call Trace:
    ...
    RIP: 0010:md_ioctl+0x4017/0x5980 drivers/md/md.c:7169
    RSP: 0018:ffff888096027950 EFLAGS: 00010293
    RAX: ffff88809322c380 RBX: 0000000000000932 RCX: ffffffff84e266f2
    RDX: 0000000000000000 RSI: ffffffff84e299f7 RDI: 0000000000000007
    RBP: ffff888096027bc0 R08: ffff88809322c380 R09: ffffed101341a482
    R10: ffff888096027940 R11: ffff88809a0d240f R12: 0000000000000932
    R13: ffff8880a2c14100 R14: ffff88809a0d2268 R15: ffff88809a0d2408
     __blkdev_driver_ioctl block/ioctl.c:304 [inline]
     blkdev_ioctl+0xece/0x1c10 block/ioctl.c:606
     block_ioctl+0xee/0x130 fs/block_dev.c:1930
     vfs_ioctl fs/ioctl.c:46 [inline]
     file_ioctl fs/ioctl.c:509 [inline]
     do_vfs_ioctl+0xd5f/0x1380 fs/ioctl.c:696
     ksys_ioctl+0xab/0xd0 fs/ioctl.c:713
     __do_sys_ioctl fs/ioctl.c:720 [inline]
     __se_sys_ioctl fs/ioctl.c:718 [inline]
     __x64_sys_ioctl+0x73/0xb0 fs/ioctl.c:718
     do_syscall_64+0xfd/0x680 arch/x86/entry/common.c:301
     entry_SYSCALL_64_after_hwframe+0x49/0xbe
    
    This is caused by a race between two concurrenct md_ioctl()s closing
    the array.
    CPU1 (md_ioctl())                   CPU2 (md_ioctl())
    ------                              ------
    set_bit(MD_CLOSING, &mddev->flags);
    did_set_md_closing = true;
                                        WARN_ON_ONCE(test_bit(MD_CLOSING,
                                                &mddev->flags));
    if(did_set_md_closing)
        clear_bit(MD_CLOSING, &mddev->flags);
    
    Fix the warning by returning immediately if the MD_CLOSING bit is set
    in &mddev->flags which indicates that the array is being closed.
    
    Fixes: 065e519e71b2 ("md: MD_CLOSING needs to be cleared after called md_set_readonly or do_md_stop")
    Reported-by: syzbot+1e46a0864c1a6e9bd3d8@syzkaller.appspotmail.com
    Cc: stable@vger.kernel.org
    Signed-off-by: Dae R. Jeong <dae.r.jeong@kaist.ac.kr>
    Signed-off-by: Song Liu <songliubraving@fb.com>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

 drivers/md/md.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

culprit signature: 0e0ca8c3464137c77dc138936887c8aecca0409e54d0392dbdbab4a5937f156d
parent  signature: da94465829114a4fe703807f4be05428a945b87f54572adcd0516762b8a9ef5e
revisions tested: 12, total time: 3h14m36.495350762s (build: 1h40m50.588291813s, test: 1h32m30.594509284s)
first good commit: b85abab5913d89ee78bc5bb08231acb578677898 md: fix a warning caused by a race between concurrent md_ioctl()s
recipients (to): ["dae.r.jeong@kaist.ac.kr" "gregkh@linuxfoundation.org" "songliubraving@fb.com"]
recipients (cc): []