bisecting fixing commit since dd63bf22fccd68913e3088c5ed5de3bf406a7546 building syzkaller on ebf656d79bf25a135f1b295b5fd582004e1ac7b3 testing commit dd63bf22fccd68913e3088c5ed5de3bf406a7546 with gcc (GCC) 8.1.0 run #0: crashed: KASAN: use-after-free Write in end_requests run #1: crashed: BUG: corrupted list in end_requests run #2: crashed: KASAN: use-after-free Write in end_requests run #3: crashed: KASAN: use-after-free Write in end_requests run #4: crashed: BUG: corrupted list in end_requests run #5: crashed: INFO: rcu detected stall in corrupted run #6: crashed: INFO: rcu detected stall in __cleanup_mnt run #7: crashed: INFO: rcu detected stall in corrupted run #8: crashed: INFO: rcu detected stall in fuse_dev_release run #9: crashed: INFO: rcu detected stall in fuse_dev_release testing current HEAD dcb8cfbd8fe9e62c7d64e82288d3ffe2502b7371 testing commit dcb8cfbd8fe9e62c7d64e82288d3ffe2502b7371 with gcc (GCC) 8.1.0 all runs: OK # git bisect start dcb8cfbd8fe9e62c7d64e82288d3ffe2502b7371 dd63bf22fccd68913e3088c5ed5de3bf406a7546 Bisecting: 43822 revisions left to test after this (roughly 16 steps) [5016bd248076ccdcd1a0dc28cf7e10b9f8cb6102] Merge tag 'drm-intel-fixes-2019-02-13' of git://anongit.freedesktop.org/drm/drm-intel into drm-fixes testing commit 5016bd248076ccdcd1a0dc28cf7e10b9f8cb6102 with gcc (GCC) 8.1.0 run #0: basic kernel testing failed: failed to copy test binary to VM: failed to run ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "-i" "/syzkaller/jobs/linux/workdir/image/key" "/tmp/syz-executor978205678" "root@10.128.0.103:./syz-executor978205678"]: exit status 1 ssh: connect to host 10.128.0.103 port 22: Connection timed out lost connection run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect bad 5016bd248076ccdcd1a0dc28cf7e10b9f8cb6102 Bisecting: 21927 revisions left to test after this (roughly 15 steps) [da19a102ce87bf3e0a7fe277a659d1fc35330d6d] Merge tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma testing commit da19a102ce87bf3e0a7fe277a659d1fc35330d6d with gcc (GCC) 8.1.0 all runs: OK # git bisect bad da19a102ce87bf3e0a7fe277a659d1fc35330d6d Bisecting: 10924 revisions left to test after this (roughly 14 steps) [e61cf2e3a5b452cfefcb145021f5a8ea88735cc1] Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm testing commit e61cf2e3a5b452cfefcb145021f5a8ea88735cc1 with gcc (GCC) 8.1.0 run #0: crashed: KASAN: slab-out-of-bounds Read in request_end run #1: crashed: KASAN: use-after-free Write in end_requests run #2: crashed: KASAN: use-after-free Write in end_requests run #3: crashed: KASAN: use-after-free Read in end_requests run #4: crashed: INFO: rcu detected stall in __cleanup_mnt run #5: crashed: INFO: rcu detected stall in fuse_dev_release run #6: crashed: INFO: rcu detected stall in __cleanup_mnt run #7: crashed: BUG: corrupted list in end_requests run #8: crashed: INFO: rcu detected stall in fuse_dev_release run #9: crashed: KASAN: use-after-free Write in end_requests # git bisect good e61cf2e3a5b452cfefcb145021f5a8ea88735cc1 Bisecting: 5481 revisions left to test after this (roughly 13 steps) [72438f8cef4e75a22140853baa4c68392c721b22] Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net testing commit 72438f8cef4e75a22140853baa4c68392c721b22 with gcc (GCC) 8.1.0 all runs: OK # git bisect bad 72438f8cef4e75a22140853baa4c68392c721b22 Bisecting: 2721 revisions left to test after this (roughly 11 steps) [6d6631fd788dcead846ccdc89f3c83e768a98580] mt76x02: add static qualifier to mt76x02_remove_dma_hdr testing commit 6d6631fd788dcead846ccdc89f3c83e768a98580 with gcc (GCC) 8.1.0 all runs: OK # git bisect bad 6d6631fd788dcead846ccdc89f3c83e768a98580 Bisecting: 1453 revisions left to test after this (roughly 10 steps) [ee090756962c58b32af62b768ac7c58cc53af700] Merge tag 'armsoc-defconfig' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc testing commit ee090756962c58b32af62b768ac7c58cc53af700 with gcc (GCC) 8.1.0 all runs: OK # git bisect bad ee090756962c58b32af62b768ac7c58cc53af700 Bisecting: 673 revisions left to test after this (roughly 9 steps) [0027ff2a75f9dcf0537ac0a65c5840b0e21a4950] KVM: VMX: fixes for vmentry_l1d_flush module parameter testing commit 0027ff2a75f9dcf0537ac0a65c5840b0e21a4950 with gcc (GCC) 8.1.0 all runs: OK # git bisect bad 0027ff2a75f9dcf0537ac0a65c5840b0e21a4950 Bisecting: 295 revisions left to test after this (roughly 8 steps) [7140ad3898dd119d993aff76a8752570c4f23871] Merge tag 'trace-v4.19' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace testing commit 7140ad3898dd119d993aff76a8752570c4f23871 with gcc (GCC) 8.1.0 run #0: crashed: KASAN: use-after-free Write in end_requests run #1: crashed: KASAN: slab-out-of-bounds Read in request_end run #2: crashed: KASAN: use-after-free Write in end_requests run #3: crashed: BUG: corrupted list in end_requests run #4: crashed: BUG: corrupted list in end_requests run #5: crashed: INFO: rcu detected stall in fuse_dev_release run #6: crashed: INFO: rcu detected stall in fuse_dev_release run #7: crashed: INFO: rcu detected stall in fuse_dev_release run #8: crashed: INFO: rcu detected stall in fuse_dev_release run #9: crashed: INFO: rcu detected stall in fuse_dev_release # git bisect good 7140ad3898dd119d993aff76a8752570c4f23871 Bisecting: 135 revisions left to test after this (roughly 7 steps) [c1fecabecc352e40f99e6c5d7a74b8fcdfb38ae1] Merge tag 'for-v4.19' of git://git.kernel.org/pub/scm/linux/kernel/git/sre/linux-power-supply testing commit c1fecabecc352e40f99e6c5d7a74b8fcdfb38ae1 with gcc (GCC) 8.1.0 run #0: crashed: BUG: corrupted list in end_requests run #1: crashed: KASAN: use-after-free Write in end_requests run #2: crashed: KASAN: use-after-free Write in end_requests run #3: crashed: KASAN: slab-out-of-bounds Read in request_end run #4: crashed: KASAN: slab-out-of-bounds Read in request_end run #5: crashed: KASAN: use-after-free Write in end_requests run #6: crashed: KASAN: use-after-free Write in end_requests run #7: crashed: INFO: rcu detected stall in fuse_dev_release run #8: crashed: KASAN: use-after-free Write in end_requests run #9: crashed: INFO: rcu detected stall in __cleanup_mnt # git bisect good c1fecabecc352e40f99e6c5d7a74b8fcdfb38ae1 Bisecting: 67 revisions left to test after this (roughly 6 steps) [989974c804574d250ac92d44e220081959ac8ac1] ovl: Enable metadata only feature testing commit 989974c804574d250ac92d44e220081959ac8ac1 with gcc (GCC) 8.1.0 run #0: crashed: BUG: corrupted list in end_requests run #1: crashed: BUG: corrupted list in end_requests run #2: crashed: KASAN: slab-out-of-bounds Read in request_end run #3: crashed: KASAN: use-after-free Write in end_requests run #4: crashed: INFO: rcu detected stall in corrupted run #5: crashed: INFO: rcu detected stall in fuse_dev_release run #6: crashed: INFO: rcu detected stall in fuse_dev_release run #7: crashed: INFO: rcu detected stall in fuse_dev_release run #8: crashed: INFO: rcu detected stall in __cleanup_mnt run #9: OK # git bisect good 989974c804574d250ac92d44e220081959ac8ac1 Bisecting: 33 revisions left to test after this (roughly 5 steps) [d0823cb346bc6f685f230bdbec51910a329e3fe3] KVM: arm/arm64: vgic: Do not use spin_lock_irqsave/restore with irq disabled testing commit d0823cb346bc6f685f230bdbec51910a329e3fe3 with gcc (GCC) 8.1.0 run #0: crashed: BUG: corrupted list in end_requests run #1: crashed: KASAN: use-after-free Write in end_requests run #2: crashed: KASAN: use-after-free Read in end_requests run #3: crashed: INFO: rcu detected stall in fuse_dev_release run #4: crashed: INFO: rcu detected stall in __cleanup_mnt run #5: crashed: INFO: rcu detected stall in fuse_dev_release run #6: crashed: INFO: rcu detected stall in fuse_dev_release run #7: crashed: INFO: rcu detected stall in __cleanup_mnt run #8: crashed: INFO: rcu detected stall in __cleanup_mnt run #9: crashed: KASAN: slab-out-of-bounds Read in request_end # git bisect good d0823cb346bc6f685f230bdbec51910a329e3fe3 Bisecting: 15 revisions left to test after this (roughly 4 steps) [ad1d69735878a6bf797705b5d2a20316d35e1113] Merge tag 'fuse-update-4.19' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/fuse testing commit ad1d69735878a6bf797705b5d2a20316d35e1113 with gcc (GCC) 8.1.0 all runs: OK # git bisect bad ad1d69735878a6bf797705b5d2a20316d35e1113 Bisecting: 8 revisions left to test after this (roughly 3 steps) [46fb504a7145a8f0a82d92c2f1aba6f7215005e1] fs: fuse: Adding new return type vm_fault_t testing commit 46fb504a7145a8f0a82d92c2f1aba6f7215005e1 with gcc (GCC) 8.1.0 all runs: OK # git bisect bad 46fb504a7145a8f0a82d92c2f1aba6f7215005e1 Bisecting: 4 revisions left to test after this (roughly 2 steps) [e8f3bd773d22f488724dffb886a1618da85c2966] fuse: Fix oops at process_init_reply() testing commit e8f3bd773d22f488724dffb886a1618da85c2966 with gcc (GCC) 8.1.0 all runs: OK # git bisect bad e8f3bd773d22f488724dffb886a1618da85c2966 Bisecting: 1 revision left to test after this (roughly 1 step) [45ff350bbd9d0f0977ff270a0d427c71520c0c37] fuse: fix unlocked access to processing queue testing commit 45ff350bbd9d0f0977ff270a0d427c71520c0c37 with gcc (GCC) 8.1.0 all runs: OK # git bisect bad 45ff350bbd9d0f0977ff270a0d427c71520c0c37 Bisecting: 0 revisions left to test after this (roughly 0 steps) [87114373ea507895a62afb10d2910bd9adac35a8] fuse: fix double request_end() testing commit 87114373ea507895a62afb10d2910bd9adac35a8 with gcc (GCC) 8.1.0 run #0: crashed: KASAN: use-after-free Write in end_requests run #1: crashed: KASAN: use-after-free Read in request_end run #2: crashed: KASAN: use-after-free Read in request_end run #3: crashed: KASAN: use-after-free Read in request_end run #4: crashed: KASAN: use-after-free Read in fuse_put_request run #5: crashed: KASAN: slab-out-of-bounds Read in request_end run #6: crashed: INFO: rcu detected stall in corrupted run #7: crashed: INFO: rcu detected stall in __cleanup_mnt run #8: crashed: INFO: rcu detected stall in fuse_dev_release run #9: crashed: KASAN: use-after-free Write in end_requests # git bisect good 87114373ea507895a62afb10d2910bd9adac35a8 45ff350bbd9d0f0977ff270a0d427c71520c0c37 is the first bad commit commit 45ff350bbd9d0f0977ff270a0d427c71520c0c37 Author: Miklos Szeredi Date: Thu Jul 26 16:13:11 2018 +0200 fuse: fix unlocked access to processing queue fuse_dev_release() assumes that it's the only one referencing the fpq->processing list, but that's not true, since fuse_abort_conn() can be doing the same without any serialization between the two. Fixes: c3696046beb3 ("fuse: separate pqueue for clones") Cc: # v4.2 Signed-off-by: Miklos Szeredi :040000 040000 ef06673150e9de4690dc2e2db36b868e6e87fb63 c97da97eb24167a4d5d677ea6292c128f325524d M fs revisions tested: 18, total time: 4h37m45.946812988s (build: 1h20m52.851623325s, test: 3h11m9.749296962s) first good commit: 45ff350bbd9d0f0977ff270a0d427c71520c0c37 fuse: fix unlocked access to processing queue cc: ["linux-fsdevel@vger.kernel.org" "linux-kernel@vger.kernel.org" "miklos@szeredi.hu" "mszeredi@redhat.com"]