bisecting cause commit starting from d72cd4ad4174cfd2257c426ad51e4f53bcfde9c9 building syzkaller on 77e2b66864e69c17416614228723a1ebd3581ddc testing commit d72cd4ad4174cfd2257c426ad51e4f53bcfde9c9 with gcc (GCC) 10.2.1 20210217 kernel signature: 9de088cd7a5fe03ad8a8ca678f8620a397842c00b9b96c4606b0055da1024d02 all runs: crashed: WARNING in io_rsrc_node_switch testing release v5.12 testing commit 9f4ad9e425a1d3b6a34617b8ea226d56a119a717 with gcc (GCC) 10.2.1 20210217 kernel signature: 730f820ef927730b5ef5036ebf8e045defb185547743f53f909f9d8782e2962b all runs: OK # git bisect start d72cd4ad4174cfd2257c426ad51e4f53bcfde9c9 9f4ad9e425a1d3b6a34617b8ea226d56a119a717 Bisecting: 4086 revisions left to test after this (roughly 12 steps) [e19eede54240d64b4baf9b0df4dfb8191f7ae48b] Merge branch 'dmi-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jdelvare/staging testing commit e19eede54240d64b4baf9b0df4dfb8191f7ae48b with gcc (GCC) 10.2.1 20210217 kernel signature: 8da594d138bfc8d22545c3700232cf991a04049abdef100317d3bc631b2ed8d1 all runs: OK # git bisect good e19eede54240d64b4baf9b0df4dfb8191f7ae48b Bisecting: 1596 revisions left to test after this (roughly 11 steps) [68a32ba14177d4a21c4a9a941cf1d7aea86d436f] Merge tag 'drm-next-2021-04-28' of git://anongit.freedesktop.org/drm/drm testing commit 68a32ba14177d4a21c4a9a941cf1d7aea86d436f with gcc (GCC) 10.2.1 20210217 kernel signature: 10af68932626703965826f4522f4f375014118a6d891ad696567656a25cb246d all runs: OK # git bisect good 68a32ba14177d4a21c4a9a941cf1d7aea86d436f Bisecting: 817 revisions left to test after this (roughly 10 steps) [5a69e9bce9984806029926f405b4517878e703e2] Merge tag 'for-v5.13' of git://git.kernel.org/pub/scm/linux/kernel/git/sre/linux-power-supply testing commit 5a69e9bce9984806029926f405b4517878e703e2 with gcc (GCC) 10.2.1 20210217 kernel signature: 533d8a1dc38200064389a5ca65e248f5dcee741a43bb068554b63c3bc5758841 all runs: crashed: WARNING in io_rsrc_node_switch # git bisect bad 5a69e9bce9984806029926f405b4517878e703e2 Bisecting: 313 revisions left to test after this (roughly 9 steps) [fc0586062816559defb14c947319ef8c4c326fb3] Merge tag 'for-5.13/drivers-2021-04-27' of git://git.kernel.dk/linux-block testing commit fc0586062816559defb14c947319ef8c4c326fb3 with gcc (GCC) 10.2.1 20210217 kernel signature: 1a1577e9e6d462b18be805825c71d9675f9db7d398b5a1ad5b35256de43a2425 all runs: OK # git bisect good fc0586062816559defb14c947319ef8c4c326fb3 Bisecting: 157 revisions left to test after this (roughly 7 steps) [7b289c38335ec7bebe45ed31137d596c808e23ac] io_uring: maintain drain logic for multishot poll requests testing commit 7b289c38335ec7bebe45ed31137d596c808e23ac with gcc (GCC) 10.2.1 20210217 kernel signature: 7ea84a40a61e13e8d0dfd0a035c9b27484fbd00e8f52fa64ba7cfea0af8c7f63 all runs: crashed: WARNING in io_rsrc_node_switch # git bisect bad 7b289c38335ec7bebe45ed31137d596c808e23ac Bisecting: 77 revisions left to test after this (roughly 6 steps) [df9727affa058f4f18e388b30247650f8ae13cd8] io_uring: put link timeout req consistently testing commit df9727affa058f4f18e388b30247650f8ae13cd8 with gcc (GCC) 10.2.1 20210217 kernel signature: 1fa50de7791be3d35ec69490155dbbb533b1358bb576ff7755ffb8bd38e8a566 all runs: OK # git bisect good df9727affa058f4f18e388b30247650f8ae13cd8 Bisecting: 38 revisions left to test after this (roughly 5 steps) [7f00651aebc9af600be1d9df2a775eeeaee6bebb] io_uring: refactor io_ring_exit_work() testing commit 7f00651aebc9af600be1d9df2a775eeeaee6bebb with gcc (GCC) 10.2.1 20210217 kernel signature: 2621f69c2f806c931fec37acce2d01b168f64d0594672ed7927acc0990533a66 all runs: OK # git bisect good 7f00651aebc9af600be1d9df2a775eeeaee6bebb Bisecting: 19 revisions left to test after this (roughly 4 steps) [44b31f2fa2c4b6479a578e74e4ed6bf7ad243955] io_uring: return back rsrc data free helper testing commit 44b31f2fa2c4b6479a578e74e4ed6bf7ad243955 with gcc (GCC) 10.2.1 20210217 kernel signature: 0aed68fb0d3034f4f2c48d6323ab566d4b75a057e22a8f24ee00b52d9c733ca1 all runs: OK # git bisect good 44b31f2fa2c4b6479a578e74e4ed6bf7ad243955 Bisecting: 9 revisions left to test after this (roughly 3 steps) [634d00df5e1cfc4a707b629a814bd607f726bd52] io_uring: add full-fledged dynamic buffers support testing commit 634d00df5e1cfc4a707b629a814bd607f726bd52 with gcc (GCC) 10.2.1 20210217 kernel signature: 36f91173021368d053d1798736acdc31b6d96bb1c34a3c4ce0a1558b6bb3b11c all runs: crashed: WARNING in io_rsrc_node_switch # git bisect bad 634d00df5e1cfc4a707b629a814bd607f726bd52 Bisecting: 4 revisions left to test after this (roughly 2 steps) [792e35824be9af9fb4dac956229fb97bda04e25e] io_uring: add IORING_REGISTER_RSRC testing commit 792e35824be9af9fb4dac956229fb97bda04e25e with gcc (GCC) 10.2.1 20210217 kernel signature: 680ab889bdda32c320ae93404d7aecb0b2ea7e3e2666f956a3033ea5ab590bb5 all runs: OK # git bisect good 792e35824be9af9fb4dac956229fb97bda04e25e Bisecting: 2 revisions left to test after this (roughly 1 step) [41edf1a5ec967bf4bddedb83c48e02dfea8315b4] io_uring: keep table of pointers to ubufs testing commit 41edf1a5ec967bf4bddedb83c48e02dfea8315b4 with gcc (GCC) 10.2.1 20210217 kernel signature: 0ea372592b6e7c74bcda87d1e5c8df3d363d1e2aa21ca90b698647f718a7f7d4 all runs: OK # git bisect good 41edf1a5ec967bf4bddedb83c48e02dfea8315b4 Bisecting: 0 revisions left to test after this (roughly 1 step) [bd54b6fe3316ec1d469513b888ced31eec20032a] io_uring: implement fixed buffers registration similar to fixed files testing commit bd54b6fe3316ec1d469513b888ced31eec20032a with gcc (GCC) 10.2.1 20210217 kernel signature: 36cf582aa41b2609c008a0fa6d22b2acf3e72b963c2752a09c0955e536dfb46f all runs: crashed: WARNING in io_rsrc_node_switch # git bisect bad bd54b6fe3316ec1d469513b888ced31eec20032a Bisecting: 0 revisions left to test after this (roughly 0 steps) [eae071c9b4cefbcc3f985c5abf9a6e32c1608ca9] io_uring: prepare fixed rw for dynanic buffers testing commit eae071c9b4cefbcc3f985c5abf9a6e32c1608ca9 with gcc (GCC) 10.2.1 20210217 kernel signature: 1d0a9a1dd8aa2c765d4d4fb7cf4cdf8b324e662e5a29c52c06c414b01e7514b1 all runs: crashed: WARNING in io_rsrc_node_switch # git bisect bad eae071c9b4cefbcc3f985c5abf9a6e32c1608ca9 eae071c9b4cefbcc3f985c5abf9a6e32c1608ca9 is the first bad commit commit eae071c9b4cefbcc3f985c5abf9a6e32c1608ca9 Author: Pavel Begunkov Date: Sun Apr 25 14:32:24 2021 +0100 io_uring: prepare fixed rw for dynanic buffers With dynamic buffer updates, registered buffers in the table may change at any moment. First of all we want to prevent future races between updating and importing (i.e. io_import_fixed()), where the latter one may happen without uring_lock held, e.g. from io-wq. Save the first loaded io_mapped_ubuf buffer and reuse. Signed-off-by: Pavel Begunkov Link: https://lore.kernel.org/r/21a2302d07766ae956640b6f753292c45200fe8f.1619356238.git.asml.silence@gmail.com Signed-off-by: Jens Axboe fs/io_uring.c | 39 +++++++++++++++++++++++++++++---------- 1 file changed, 29 insertions(+), 10 deletions(-) culprit signature: 1d0a9a1dd8aa2c765d4d4fb7cf4cdf8b324e662e5a29c52c06c414b01e7514b1 parent signature: 0ea372592b6e7c74bcda87d1e5c8df3d363d1e2aa21ca90b698647f718a7f7d4 revisions tested: 15, total time: 3h28m4.859281624s (build: 1h43m52.27395687s, test: 1h42m33.485508731s) first bad commit: eae071c9b4cefbcc3f985c5abf9a6e32c1608ca9 io_uring: prepare fixed rw for dynanic buffers recipients (to): ["asml.silence@gmail.com" "axboe@kernel.dk" "axboe@kernel.dk" "io-uring@vger.kernel.org"] recipients (cc): ["asml.silence@gmail.com" "linux-kernel@vger.kernel.org"] crash: WARNING in io_rsrc_node_switch ------------[ cut here ]------------ WARNING: CPU: 0 PID: 10159 at fs/io_uring.c:7072 io_rsrc_node_switch+0x265/0x370 fs/io_uring.c:7073 Modules linked in: CPU: 0 PID: 10159 Comm: syz-executor.2 Not tainted 5.12.0-rc7-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:io_rsrc_node_switch+0x265/0x370 fs/io_uring.c:7072 Code: 48 83 c4 20 5b 5d 41 5c 41 5d 41 5e 41 5f c3 4d 85 e4 74 a1 48 83 c4 20 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 0b e9 1a fe ff ff <0f> 0b e9 d8 fd ff ff 4c 89 f7 e8 3c 15 e2 ff eb 91 4c 89 ef e8 32 RSP: 0018:ffffc9000a73fd98 EFLAGS: 00010246 RAX: dffffc0000000000 RBX: ffff88801266e000 RCX: 0000000000000400 RDX: 1ffff110024cdd01 RSI: 0000000000000000 RDI: ffff88801266e000 RBP: 0000000000000000 R08: 0000000000000dc0 R09: ffffffff8a89ed93 R10: fffffbfff1513db2 R11: 0000000000000001 R12: ffff88801266e4b0 R13: 0000000000000000 R14: ffff88801266e808 R15: 00000000000007ff FS: 00007feb0b87e700(0000) GS:ffff8880ba100000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007ff792f8f008 CR3: 00000000253fa000 CR4: 00000000001506e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: io_uring_create fs/io_uring.c:9527 [inline] io_uring_setup+0xdb3/0x24e0 fs/io_uring.c:9605 do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x4665f9 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007feb0b87e108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 00000000004665f9 RDX: 0000000020ffd000 RSI: 0000000020000000 RDI: 0000000000000345 RBP: 0000000020000000 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000 R13: 0000000020ffd000 R14: 0000000000000000 R15: 0000000020ffb000