bisecting cause commit starting from d01f2f7e35573049673b71e18be7abfe3f80323f building syzkaller on 4c37c133e4bf703d023995535f1e264d8658e08e testing commit d01f2f7e35573049673b71e18be7abfe3f80323f with gcc (GCC) 10.2.1 20210217 kernel signature: 44b2ebce7577423adb24639454b9304d018f224c9de41eb114d6a17b2ff1e029 all runs: crashed: KASAN: use-after-free Read in __cpuhp_state_remove_instance testing release v5.11 testing commit f40ddce88593482919761f74910f42f4b84c004b with gcc (GCC) 10.2.1 20210217 kernel signature: b47e4715276950756b03b5ad9dbf4728b20992193d0763caa8c0112f7aa0328d all runs: OK # git bisect start d01f2f7e35573049673b71e18be7abfe3f80323f f40ddce88593482919761f74910f42f4b84c004b Bisecting: 6778 revisions left to test after this (roughly 13 steps) [c88fb897c1fb5a590dc6353ac4b01c8f46a347b3] ALSA: n64: Fix return value check in n64audio_probe() testing commit c88fb897c1fb5a590dc6353ac4b01c8f46a347b3 with gcc (GCC) 10.2.1 20210217 kernel signature: a5207523c95a618801b0b5f3c1bd78a84107e0c7029f09f00448e34397f8e672 all runs: OK # git bisect good c88fb897c1fb5a590dc6353ac4b01c8f46a347b3 Bisecting: 3389 revisions left to test after this (roughly 12 steps) [9fe190462668d4dc6db56e819322624cbfda919b] Merge tag 'fs_for_v5.12-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs testing commit 9fe190462668d4dc6db56e819322624cbfda919b with gcc (GCC) 10.2.1 20210217 kernel signature: db4e783f19a19b3d88ce2a26f35f38a98932c4c13d1ed65e7ae73c23aea4dc34 all runs: OK # git bisect good 9fe190462668d4dc6db56e819322624cbfda919b Bisecting: 1692 revisions left to test after this (roughly 11 steps) [5b47b10e8fb92f8beca6aa8a7d97fc84e090384c] Merge tag 'pci-v5.12-changes' of git://git.kernel.org/pub/scm/linux/kernel/git/helgaas/pci testing commit 5b47b10e8fb92f8beca6aa8a7d97fc84e090384c with gcc (GCC) 10.2.1 20210217 kernel signature: 22d07b2a0e4731ea21121d05a19a916105bfbaf09b82874115c4a7341969c3ac all runs: OK # git bisect good 5b47b10e8fb92f8beca6aa8a7d97fc84e090384c Bisecting: 848 revisions left to test after this (roughly 10 steps) [e845124748204ef711987068014f07a9bf855c1e] Merge remote-tracking branch 'ext3/for_next' testing commit e845124748204ef711987068014f07a9bf855c1e with gcc (GCC) 10.2.1 20210217 kernel signature: 665f85be2ac26c850948799a34eda8c6a6dec35899183dde5a96e160b1f1bb24 all runs: OK # git bisect good e845124748204ef711987068014f07a9bf855c1e Bisecting: 411 revisions left to test after this (roughly 9 steps) [6d7fa7d273bd7352b30b3ecf55ccd57c04ca383f] Merge remote-tracking branch 'block/for-next' testing commit 6d7fa7d273bd7352b30b3ecf55ccd57c04ca383f with gcc (GCC) 10.2.1 20210217 kernel signature: adee14c9a37e1248f8b04dd0ce899161aa91f1e1811d9703ad8497dda1ce277f all runs: crashed: KASAN: use-after-free Read in __cpuhp_state_remove_instance # git bisect bad 6d7fa7d273bd7352b30b3ecf55ccd57c04ca383f Bisecting: 219 revisions left to test after this (roughly 8 steps) [3e1e24a0d80223b1e9ba9f881281fda3b681cf0e] Merge remote-tracking branch 'i2c/i2c/for-next' testing commit 3e1e24a0d80223b1e9ba9f881281fda3b681cf0e with gcc (GCC) 10.2.1 20210217 kernel signature: 25ebc17d8ea2cf66be66fcf4228ff81dbc3fd34ef16516414178d6fefa9b783d all runs: OK # git bisect good 3e1e24a0d80223b1e9ba9f881281fda3b681cf0e Bisecting: 92 revisions left to test after this (roughly 7 steps) [344628bf83954c78cf4043e1d4bef2e1ff14da6d] Merge remote-tracking branch 'amdgpu/drm-next' testing commit 344628bf83954c78cf4043e1d4bef2e1ff14da6d with gcc (GCC) 10.2.1 20210217 kernel signature: 286099f7b2e4edeb29723127b56c580cba2bc11fe26581547310d026da33b8d1 all runs: OK # git bisect good 344628bf83954c78cf4043e1d4bef2e1ff14da6d Bisecting: 46 revisions left to test after this (roughly 6 steps) [8b3e78b5955abb98863832453f5c74eca8f53c3a] io-wq: fix races around manager/worker creation and task exit testing commit 8b3e78b5955abb98863832453f5c74eca8f53c3a with gcc (GCC) 10.2.1 20210217 kernel signature: daa0be87ba446944d31ad59af02458822a5d1b51ac8400ab2c20f5c02a649146 run #0: crashed: KASAN: use-after-free Read in try_to_wake_up run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK reproducer seems to be flaky # git bisect bad 8b3e78b5955abb98863832453f5c74eca8f53c3a Bisecting: 22 revisions left to test after this (roughly 5 steps) [7c25c0d16ef3c37e49c593ac92f69fa3884d4bb9] io_uring: remove the need for relying on an io-wq fallback worker testing commit 7c25c0d16ef3c37e49c593ac92f69fa3884d4bb9 with gcc (GCC) 10.2.1 20210217 kernel signature: 1a2901351ff5ea1733acd7ab331e7560085cbdd629f031ea7df909dc2bd0e33b run #0: crashed: SYZFAIL: wrong response packet run #1: crashed: SYZFAIL: wrong response packet run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK run #10: OK run #11: OK run #12: OK run #13: OK run #14: OK run #15: OK run #16: OK run #17: OK run #18: OK run #19: OK # git bisect bad 7c25c0d16ef3c37e49c593ac92f69fa3884d4bb9 Bisecting: 11 revisions left to test after this (roughly 4 steps) [1ee43ba8d267b5e6729c45b8756263f69c2978cc] io_uring: don't do async setup for links' heads testing commit 1ee43ba8d267b5e6729c45b8756263f69c2978cc with gcc (GCC) 10.2.1 20210217 kernel signature: fa4a2fdc3e911fe8cd21bbb280a3c6fec5eb75f54301f33222005333d7d6cc4c run #0: OK run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK run #10: OK run #11: OK run #12: OK run #13: OK run #14: OK run #15: OK run #16: OK run #17: boot failed: can't ssh into the instance run #18: OK run #19: OK # git bisect good 1ee43ba8d267b5e6729c45b8756263f69c2978cc Bisecting: 5 revisions left to test after this (roughly 3 steps) [e6cb007c45dedada0a847eaa486c49509d63b1e8] io_uring: zero ref_node after killing it testing commit e6cb007c45dedada0a847eaa486c49509d63b1e8 with gcc (GCC) 10.2.1 20210217 kernel signature: eea47e165e42bb4fdd9532f923b5c86402c9d0dc455092047c84a9e6a1358cc0 all runs: OK # git bisect good e6cb007c45dedada0a847eaa486c49509d63b1e8 Bisecting: 2 revisions left to test after this (roughly 2 steps) [ebf4a5db690a47e71056381ead8a134de7202694] io_uring: fix leaving invalid req->flags testing commit ebf4a5db690a47e71056381ead8a134de7202694 with gcc (GCC) 10.2.1 20210217 kernel signature: 7cef0bf515ce8a1a1501d91348207aba1db4b13d0fdfced0091214fbd7d627ad all runs: OK # git bisect good ebf4a5db690a47e71056381ead8a134de7202694 Bisecting: 0 revisions left to test after this (roughly 1 step) [27131549060ee87f1c50c56539b8f6c4c1a4acec] Merge branch 'for-5.12/io_uring' into io_uring-worker.v3 testing commit 27131549060ee87f1c50c56539b8f6c4c1a4acec with gcc (GCC) 10.2.1 20210217 kernel signature: 4ab7fb74d8847b220ed25ba8ef05cd8580df56795f67ad19207950c040f24ef7 run #0: crashed: SYZFAIL: wrong response packet run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK run #10: OK run #11: OK run #12: OK run #13: OK run #14: OK run #15: OK run #16: OK run #17: OK run #18: OK run #19: OK # git bisect bad 27131549060ee87f1c50c56539b8f6c4c1a4acec Bisecting: 0 revisions left to test after this (roughly 0 steps) [b6c23dd5a483174f386e4c2e1711d9532e090c00] io_uring: run task_work on io_uring_register() testing commit b6c23dd5a483174f386e4c2e1711d9532e090c00 with gcc (GCC) 10.2.1 20210217 kernel signature: 7807120d228bb4eae81ac7ff6b5965b071bc4a0d3501c7e53032c9a5c295ea7a run #0: OK run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK run #10: OK run #11: OK run #12: OK run #13: OK run #14: OK run #15: OK run #16: OK run #17: OK run #18: boot failed: can't ssh into the instance run #19: boot failed: can't ssh into the instance # git bisect good b6c23dd5a483174f386e4c2e1711d9532e090c00 27131549060ee87f1c50c56539b8f6c4c1a4acec is the first bad commit commit 27131549060ee87f1c50c56539b8f6c4c1a4acec Merge: d99676af540c b6c23dd5a483 Author: Jens Axboe Date: Sun Feb 21 17:22:53 2021 -0700 Merge branch 'for-5.12/io_uring' into io_uring-worker.v3 * for-5.12/io_uring: (21 commits) io_uring: run task_work on io_uring_register() io_uring: fix leaving invalid req->flags io_uring: wait potential ->release() on resurrect io_uring: keep generic rsrc infra generic io_uring: zero ref_node after killing it io_uring: make the !CONFIG_NET helpers a bit more robust io_uring: don't hold uring_lock when calling io_run_task_work* io_uring: fail io-wq submission from a task_work io_uring: don't take uring_lock during iowq cancel io_uring: fail links more in io_submit_sqe() io_uring: don't do async setup for links' heads io_uring: do io_*_prep() early in io_submit_sqe() io_uring: split sqe-prep and async setup io_uring: don't submit link on error io_uring: move req link into submit_state io_uring: move io_init_req() into io_submit_sqe() io_uring: move io_init_req()'s definition io_uring: don't duplicate ->file check in sfr io_uring: keep io_*_prep() naming consistent io_uring: kill fictitious submit iteration index ... fs/io_uring.c | 689 +++++++++++++++++++++++++++++----------------------------- 1 file changed, 347 insertions(+), 342 deletions(-) Reproducer flagged being flaky revisions tested: 16, total time: 4h16m32.818786013s (build: 1h53m25.463856691s, test: 2h21m45.49631228s) first bad commit: 27131549060ee87f1c50c56539b8f6c4c1a4acec Merge branch 'for-5.12/io_uring' into io_uring-worker.v3 recipients (to): ["axboe@kernel.dk"] recipients (cc): [] crash: SYZFAIL: wrong response packet 2021/02/27 03:29:36 result: hanged=false err=executor 4: failed to write control pipe: write |1: broken pipe SYZFAIL: wrong response packet (errno 16: Device or resource busy) loop exited with status 67 2021/02/27 03:29:39 executed programs: 31 2021/02/27 03:29:44 executed programs: 281