bisecting fixing commit since 4ac6d90867a4de2e12117e755dbd76e08d88697f building syzkaller on 15cea0a381c6ef9a7b4ffb2770360ce8882274c5 testing commit 4ac6d90867a4de2e12117e755dbd76e08d88697f compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: a5f8505ba1bccba295d8985e4eb1db668e0b026de400acd585212cf6fbabf9a5 all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in kiocb_done testing current HEAD 7b66f4393ad421e425ba643fde0493fa64346a43 testing commit 7b66f4393ad421e425ba643fde0493fa64346a43 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 292d80b9f38f80620a48ebe373c52b4cca58232b8d07fad9e36e8c5a221ef1c7 all runs: OK # git bisect start 7b66f4393ad421e425ba643fde0493fa64346a43 4ac6d90867a4de2e12117e755dbd76e08d88697f Bisecting: 2345 revisions left to test after this (roughly 11 steps) [a2b28235335fee2586b4bd16448fb59ed6c80eef] Merge branch 'dmi-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jdelvare/staging testing commit a2b28235335fee2586b4bd16448fb59ed6c80eef compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: b8ac9becd3114528d5d9e390661b8711c653221f210860e5dd4d5643d9f343a1 all runs: OK # git bisect bad a2b28235335fee2586b4bd16448fb59ed6c80eef Bisecting: 1076 revisions left to test after this (roughly 10 steps) [7a8526a5cd51cf5f070310c6c37dd7293334ac49] libata: Add ATA_HORKAGE_NO_NCQ_ON_ATI for Samsung 860 and 870 SSD. testing commit 7a8526a5cd51cf5f070310c6c37dd7293334ac49 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: b7a7fa450a17cf416485ed969c200b2b452b738390c08e13415a0ece6981117f all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in kiocb_done # git bisect good 7a8526a5cd51cf5f070310c6c37dd7293334ac49 Bisecting: 538 revisions left to test after this (roughly 9 steps) [55d1308bdff7341b778e5cf36220616a0dd6ab8f] cdrom: update uniform CD-ROM maintainership in MAINTAINERS file testing commit 55d1308bdff7341b778e5cf36220616a0dd6ab8f compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: b5d030fad2b29b4cea2b7dfdb28a2032f387540eab76a89a135b4e04cc8968fe all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in kiocb_done # git bisect good 55d1308bdff7341b778e5cf36220616a0dd6ab8f Bisecting: 268 revisions left to test after this (roughly 8 steps) [58ca24158758f1784400d32743373d7d6227d018] Merge tag 'trace-v5.15' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace testing commit 58ca24158758f1784400d32743373d7d6227d018 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 585ecbaf5a18439ab8d862f08fc829b446dc02c080264c5e310e323c9e7d0345 run #0: basic kernel testing failed: KFENCE: use-after-free in kvm_fastop_exception run #1: crashed: BUG: unable to handle kernel NULL pointer dereference in kiocb_done run #2: crashed: BUG: unable to handle kernel NULL pointer dereference in kiocb_done run #3: crashed: BUG: unable to handle kernel NULL pointer dereference in kiocb_done run #4: crashed: BUG: unable to handle kernel NULL pointer dereference in kiocb_done run #5: crashed: BUG: unable to handle kernel NULL pointer dereference in kiocb_done run #6: crashed: BUG: unable to handle kernel NULL pointer dereference in kiocb_done run #7: crashed: BUG: unable to handle kernel NULL pointer dereference in kiocb_done run #8: crashed: BUG: unable to handle kernel NULL pointer dereference in kiocb_done run #9: basic kernel testing failed: failed to copy test binary to VM: timedout ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "/syzkaller/jobs/linux/gopath/src/github.com/google/syzkaller/bin/linux_amd64/syz-fuzzer" "root@10.128.10.5:./syz-fuzzer"] Warning: Permanently added '10.128.10.5' (ECDSA) to the list of known hosts. # git bisect good 58ca24158758f1784400d32743373d7d6227d018 Bisecting: 134 revisions left to test after this (roughly 7 steps) [20fbb11fe4ea99e02d77824613f1438bea456683] don't make the syscall checking produce errors from warnings testing commit 20fbb11fe4ea99e02d77824613f1438bea456683 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 585ecbaf5a18439ab8d862f08fc829b446dc02c080264c5e310e323c9e7d0345 all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in kiocb_done # git bisect good 20fbb11fe4ea99e02d77824613f1438bea456683 Bisecting: 49 revisions left to test after this (roughly 6 steps) [5e6a5845dd651b00754a62edec2f0a439182024d] Merge tag 'gpio-updates-for-v5.15' of git://git.kernel.org/pub/scm/linux/kernel/git/brgl/linux testing commit 5e6a5845dd651b00754a62edec2f0a439182024d compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 308e2302235fffc17267b4e32d5cdbec25600aa777cada8033c5bb7acdffba36 all runs: OK # git bisect bad 5e6a5845dd651b00754a62edec2f0a439182024d Bisecting: 37 revisions left to test after this (roughly 5 steps) [75b96f0ec5faf730128c32187e3e28441c27a094] Merge tag 'fuse-update-5.15' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/fuse testing commit 75b96f0ec5faf730128c32187e3e28441c27a094 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: c4b2e19b1577b349c46af9ec5e3cfccd97385ffa3dc1e96c19fa0b1ddc1d7034 all runs: OK # git bisect bad 75b96f0ec5faf730128c32187e3e28441c27a094 Bisecting: 22 revisions left to test after this (roughly 5 steps) [1dbe7e386f505bdae30f7436c41769149c7dcf32] Merge tag 'block-5.15-2021-09-05' of git://git.kernel.dk/linux-block testing commit 1dbe7e386f505bdae30f7436c41769149c7dcf32 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 5eb393f7637402321f00a4f8c322dd60ecaea58d49b9821c0adb33085eae72c9 run #0: basic kernel testing failed: KFENCE: use-after-free in kvm_fastop_exception run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect bad 1dbe7e386f505bdae30f7436c41769149c7dcf32 Bisecting: 11 revisions left to test after this (roughly 4 steps) [fa84693b3c896460831fe0750554121121a23da8] io_uring: ensure IORING_REGISTER_IOWQ_MAX_WORKERS works with SQPOLL testing commit fa84693b3c896460831fe0750554121121a23da8 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 6ea7a21b06e6559b21fc3034a0cbef43a26550d67477ebd08d54f97fe3736dc6 all runs: OK # git bisect bad fa84693b3c896460831fe0750554121121a23da8 Bisecting: 5 revisions left to test after this (roughly 3 steps) [b8ce1b9d25ccf81e1bbabd45b963ed98b2222df8] io_uring: don't submit half-prepared drain request testing commit b8ce1b9d25ccf81e1bbabd45b963ed98b2222df8 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 043ea7321773c50ea6cfd2004b5da418e2182e3925488c8f7801ce8313339263 all runs: OK # git bisect bad b8ce1b9d25ccf81e1bbabd45b963ed98b2222df8 Bisecting: 2 revisions left to test after this (roughly 2 steps) [7db304375e11741e5940f9bc549155035bfb4dc1] io_uring: retry in case of short read on block device testing commit 7db304375e11741e5940f9bc549155035bfb4dc1 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 696271533c10da39bd2e2d0f0189ae5675a953e586a45a048f3e814732a9cbb4 all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in kiocb_done # git bisect good 7db304375e11741e5940f9bc549155035bfb4dc1 Bisecting: 0 revisions left to test after this (roughly 1 step) [c6d3d9cbd659de8f2176b4e4721149c88ac096d4] io_uring: fix queueing half-created requests testing commit c6d3d9cbd659de8f2176b4e4721149c88ac096d4 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: e321d100a60bffd47ed284ac3d4369ba0defd4048c9975b337d01a00106e94cd all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in kiocb_done # git bisect good c6d3d9cbd659de8f2176b4e4721149c88ac096d4 b8ce1b9d25ccf81e1bbabd45b963ed98b2222df8 is the first bad commit commit b8ce1b9d25ccf81e1bbabd45b963ed98b2222df8 Author: Pavel Begunkov Date: Tue Aug 31 14:13:11 2021 +0100 io_uring: don't submit half-prepared drain request [ 3784.910888] BUG: kernel NULL pointer dereference, address: 0000000000000020 [ 3784.910904] RIP: 0010:__io_file_supports_nowait+0x5/0xc0 [ 3784.910926] Call Trace: [ 3784.910928] ? io_read+0x17c/0x480 [ 3784.910945] io_issue_sqe+0xcb/0x1840 [ 3784.910953] __io_queue_sqe+0x44/0x300 [ 3784.910959] io_req_task_submit+0x27/0x70 [ 3784.910962] tctx_task_work+0xeb/0x1d0 [ 3784.910966] task_work_run+0x61/0xa0 [ 3784.910968] io_run_task_work_sig+0x53/0xa0 [ 3784.910975] __x64_sys_io_uring_enter+0x22/0x30 [ 3784.910977] do_syscall_64+0x3d/0x90 [ 3784.910981] entry_SYSCALL_64_after_hwframe+0x44/0xae io_drain_req() goes before checks for REQ_F_FAIL, which protect us from submitting under-prepared request (e.g. failed in io_init_req(). Fail such drained requests as well. Fixes: a8295b982c46d ("io_uring: fix failed linkchain code logic") Signed-off-by: Pavel Begunkov Link: https://lore.kernel.org/r/e411eb9924d47a131b1e200b26b675df0c2b7627.1630415423.git.asml.silence@gmail.com Signed-off-by: Jens Axboe fs/io_uring.c | 5 +++++ 1 file changed, 5 insertions(+) culprit signature: 043ea7321773c50ea6cfd2004b5da418e2182e3925488c8f7801ce8313339263 parent signature: e321d100a60bffd47ed284ac3d4369ba0defd4048c9975b337d01a00106e94cd revisions tested: 14, total time: 3h0m36.155679346s (build: 1h33m21.854236938s, test: 1h25m45.614839502s) first good commit: b8ce1b9d25ccf81e1bbabd45b963ed98b2222df8 io_uring: don't submit half-prepared drain request recipients (to): ["asml.silence@gmail.com" "axboe@kernel.dk" "axboe@kernel.dk" "io-uring@vger.kernel.org"] recipients (cc): ["asml.silence@gmail.com" "linux-kernel@vger.kernel.org"]