bisecting cause commit starting from d72cd4ad4174cfd2257c426ad51e4f53bcfde9c9 building syzkaller on 77e2b66864e69c17416614228723a1ebd3581ddc testing commit d72cd4ad4174cfd2257c426ad51e4f53bcfde9c9 with gcc (GCC) 10.2.1 20210217 kernel signature: eb63df8dbe3b3f77da02597cce7981aaa227e65521321754deac0f21d61f2f41 all runs: crashed: WARNING in io_rsrc_node_switch testing release v5.12 testing commit 9f4ad9e425a1d3b6a34617b8ea226d56a119a717 with gcc (GCC) 10.2.1 20210217 kernel signature: 6d40b6f5a7f53d09bcc7ad172c8408bec51ae18bb9bd92c662d0f974261d6325 all runs: OK # git bisect start d72cd4ad4174cfd2257c426ad51e4f53bcfde9c9 9f4ad9e425a1d3b6a34617b8ea226d56a119a717 Bisecting: 4086 revisions left to test after this (roughly 12 steps) [e19eede54240d64b4baf9b0df4dfb8191f7ae48b] Merge branch 'dmi-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jdelvare/staging testing commit e19eede54240d64b4baf9b0df4dfb8191f7ae48b with gcc (GCC) 10.2.1 20210217 kernel signature: b2d9876c689957f07666299b0f3e87dd699b94ec15082dfad1f090c848f42207 all runs: OK # git bisect good e19eede54240d64b4baf9b0df4dfb8191f7ae48b Bisecting: 1596 revisions left to test after this (roughly 11 steps) [68a32ba14177d4a21c4a9a941cf1d7aea86d436f] Merge tag 'drm-next-2021-04-28' of git://anongit.freedesktop.org/drm/drm testing commit 68a32ba14177d4a21c4a9a941cf1d7aea86d436f with gcc (GCC) 10.2.1 20210217 kernel signature: f41785813d705240c631c142254850fb0059b13f06cd6d1eeb84c905fb710d31 all runs: OK # git bisect good 68a32ba14177d4a21c4a9a941cf1d7aea86d436f Bisecting: 817 revisions left to test after this (roughly 10 steps) [5a69e9bce9984806029926f405b4517878e703e2] Merge tag 'for-v5.13' of git://git.kernel.org/pub/scm/linux/kernel/git/sre/linux-power-supply testing commit 5a69e9bce9984806029926f405b4517878e703e2 with gcc (GCC) 10.2.1 20210217 kernel signature: 70af25f4507eba84728076e04bec983a257c2ab128575c7c99de3b0c523ef13f all runs: crashed: WARNING in io_rsrc_node_switch # git bisect bad 5a69e9bce9984806029926f405b4517878e703e2 Bisecting: 313 revisions left to test after this (roughly 9 steps) [fc0586062816559defb14c947319ef8c4c326fb3] Merge tag 'for-5.13/drivers-2021-04-27' of git://git.kernel.dk/linux-block testing commit fc0586062816559defb14c947319ef8c4c326fb3 with gcc (GCC) 10.2.1 20210217 kernel signature: b656ebec0ff224a2bc7ef07af5567e73b707f11b061bd8e3647cae8a881d7802 all runs: OK # git bisect good fc0586062816559defb14c947319ef8c4c326fb3 Bisecting: 157 revisions left to test after this (roughly 7 steps) [7b289c38335ec7bebe45ed31137d596c808e23ac] io_uring: maintain drain logic for multishot poll requests testing commit 7b289c38335ec7bebe45ed31137d596c808e23ac with gcc (GCC) 10.2.1 20210217 kernel signature: 2fe552450c4becdaf976332be902d586566a6de105600f1f2c3af65f719d47c5 all runs: crashed: WARNING in io_rsrc_node_switch # git bisect bad 7b289c38335ec7bebe45ed31137d596c808e23ac Bisecting: 77 revisions left to test after this (roughly 6 steps) [df9727affa058f4f18e388b30247650f8ae13cd8] io_uring: put link timeout req consistently testing commit df9727affa058f4f18e388b30247650f8ae13cd8 with gcc (GCC) 10.2.1 20210217 kernel signature: 8779dae5315b268c9b516ea3cc016904e05f7bb186e7cf969d195e3c76b29dc0 all runs: OK # git bisect good df9727affa058f4f18e388b30247650f8ae13cd8 Bisecting: 38 revisions left to test after this (roughly 5 steps) [7f00651aebc9af600be1d9df2a775eeeaee6bebb] io_uring: refactor io_ring_exit_work() testing commit 7f00651aebc9af600be1d9df2a775eeeaee6bebb with gcc (GCC) 10.2.1 20210217 kernel signature: bab95cd62790ab6eb479533ff36b2db4da75fb922749ea4e22aa50351a7409be all runs: OK # git bisect good 7f00651aebc9af600be1d9df2a775eeeaee6bebb Bisecting: 19 revisions left to test after this (roughly 4 steps) [44b31f2fa2c4b6479a578e74e4ed6bf7ad243955] io_uring: return back rsrc data free helper testing commit 44b31f2fa2c4b6479a578e74e4ed6bf7ad243955 with gcc (GCC) 10.2.1 20210217 kernel signature: 16d5c546252c3b2a83f5cfe5613fc201dcab088f3c17d0245598bb4896e1d2c1 all runs: OK # git bisect good 44b31f2fa2c4b6479a578e74e4ed6bf7ad243955 Bisecting: 9 revisions left to test after this (roughly 3 steps) [634d00df5e1cfc4a707b629a814bd607f726bd52] io_uring: add full-fledged dynamic buffers support testing commit 634d00df5e1cfc4a707b629a814bd607f726bd52 with gcc (GCC) 10.2.1 20210217 kernel signature: 1061513166ea2f84566348557be3a83b9c0b65d4687505b6ee9c4fa6bf15e5de all runs: crashed: WARNING in io_rsrc_node_switch # git bisect bad 634d00df5e1cfc4a707b629a814bd607f726bd52 Bisecting: 4 revisions left to test after this (roughly 2 steps) [792e35824be9af9fb4dac956229fb97bda04e25e] io_uring: add IORING_REGISTER_RSRC testing commit 792e35824be9af9fb4dac956229fb97bda04e25e with gcc (GCC) 10.2.1 20210217 kernel signature: 4e927e97e3a78130a8908fbf602a5387ef5aebce4f341ac9c19872d1d7aa0859 all runs: OK # git bisect good 792e35824be9af9fb4dac956229fb97bda04e25e Bisecting: 2 revisions left to test after this (roughly 1 step) [41edf1a5ec967bf4bddedb83c48e02dfea8315b4] io_uring: keep table of pointers to ubufs testing commit 41edf1a5ec967bf4bddedb83c48e02dfea8315b4 with gcc (GCC) 10.2.1 20210217 kernel signature: 36f54c65a6f6eb2a035261951c8794db6e5aefac89b12f31138c4bbda717d08a all runs: OK # git bisect good 41edf1a5ec967bf4bddedb83c48e02dfea8315b4 Bisecting: 0 revisions left to test after this (roughly 1 step) [bd54b6fe3316ec1d469513b888ced31eec20032a] io_uring: implement fixed buffers registration similar to fixed files testing commit bd54b6fe3316ec1d469513b888ced31eec20032a with gcc (GCC) 10.2.1 20210217 kernel signature: 2aa9792e3f03de0d4cb8fb0750d4cd5e76ab614e7f23865c5d0db6ee7f49d1e5 all runs: crashed: WARNING in io_rsrc_node_switch # git bisect bad bd54b6fe3316ec1d469513b888ced31eec20032a Bisecting: 0 revisions left to test after this (roughly 0 steps) [eae071c9b4cefbcc3f985c5abf9a6e32c1608ca9] io_uring: prepare fixed rw for dynanic buffers testing commit eae071c9b4cefbcc3f985c5abf9a6e32c1608ca9 with gcc (GCC) 10.2.1 20210217 kernel signature: 777ed826ef13a4987b609dc3fe5bfd37f7e4b6be100d7c51d1741af74e271874 all runs: crashed: WARNING in io_rsrc_node_switch # git bisect bad eae071c9b4cefbcc3f985c5abf9a6e32c1608ca9 eae071c9b4cefbcc3f985c5abf9a6e32c1608ca9 is the first bad commit commit eae071c9b4cefbcc3f985c5abf9a6e32c1608ca9 Author: Pavel Begunkov Date: Sun Apr 25 14:32:24 2021 +0100 io_uring: prepare fixed rw for dynanic buffers With dynamic buffer updates, registered buffers in the table may change at any moment. First of all we want to prevent future races between updating and importing (i.e. io_import_fixed()), where the latter one may happen without uring_lock held, e.g. from io-wq. Save the first loaded io_mapped_ubuf buffer and reuse. Signed-off-by: Pavel Begunkov Link: https://lore.kernel.org/r/21a2302d07766ae956640b6f753292c45200fe8f.1619356238.git.asml.silence@gmail.com Signed-off-by: Jens Axboe fs/io_uring.c | 39 +++++++++++++++++++++++++++++---------- 1 file changed, 29 insertions(+), 10 deletions(-) culprit signature: 777ed826ef13a4987b609dc3fe5bfd37f7e4b6be100d7c51d1741af74e271874 parent signature: 36f54c65a6f6eb2a035261951c8794db6e5aefac89b12f31138c4bbda717d08a revisions tested: 15, total time: 3h27m4.458975993s (build: 1h46m12.385580429s, test: 1h38m59.987882709s) first bad commit: eae071c9b4cefbcc3f985c5abf9a6e32c1608ca9 io_uring: prepare fixed rw for dynanic buffers recipients (to): ["asml.silence@gmail.com" "axboe@kernel.dk" "axboe@kernel.dk" "io-uring@vger.kernel.org"] recipients (cc): ["asml.silence@gmail.com" "linux-kernel@vger.kernel.org"] crash: WARNING in io_rsrc_node_switch RSP: 002b:00007f4bd76e5108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 00000000004665f9 RDX: 0000000020ffc000 RSI: 00000000200002c0 RDI: 0000000000000182 RBP: 00000000200002c0 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000 R13: 0000000020ffc000 R14: 0000000000000000 R15: 0000000020ee7000 ------------[ cut here ]------------ WARNING: CPU: 0 PID: 10137 at fs/io_uring.c:7072 io_rsrc_node_switch+0x265/0x370 fs/io_uring.c:7073 Modules linked in: CPU: 0 PID: 10137 Comm: syz-executor.4 Not tainted 5.12.0-rc7-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:io_rsrc_node_switch+0x265/0x370 fs/io_uring.c:7072 Code: 48 83 c4 20 5b 5d 41 5c 41 5d 41 5e 41 5f c3 4d 85 e4 74 a1 48 83 c4 20 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 0b e9 1a fe ff ff <0f> 0b e9 d8 fd ff ff 4c 89 f7 e8 3c 15 e2 ff eb 91 4c 89 ef e8 32 RSP: 0018:ffffc9000a477d98 EFLAGS: 00010246 RAX: dffffc0000000000 RBX: ffff888028520000 RCX: 0000000000000400 RDX: 1ffff110050a4101 RSI: 0000000000000000 RDI: ffff888028520000 RBP: 0000000000000000 R08: 0000000000000dc0 R09: ffffffff8a89ed93 R10: fffffbfff1513db2 R11: 0000000000000001 R12: ffff8880285204b0 R13: 0000000000000000 R14: ffff888028520808 R15: 00000000000003ff FS: 00007f4bd76e5700(0000) GS:ffff8880ba000000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fe1a14bd070 CR3: 000000001ba6c000 CR4: 0000000000350ef0 Call Trace: io_uring_create fs/io_uring.c:9527 [inline] io_uring_setup+0xdb3/0x24e0 fs/io_uring.c:9605 do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x4665f9 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f4bd76e5108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 00000000004665f9 RDX: 0000000020ffc000 RSI: 00000000200002c0 RDI: 0000000000000182 RBP: 00000000200002c0 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000 R13: 0000000020ffc000 R14: 0000000000000000 R15: 0000000020ee7000