bisecting cause commit starting from b2e2a818a01717ba15c74fd355f76822b81a95f6 building syzkaller on 99a9604483616177d7cd7d3e092ce42a3eaff74a testing commit b2e2a818a01717ba15c74fd355f76822b81a95f6 with gcc (GCC) 8.1.0 kernel signature: d5e0db455d81d837a231acf5d075fcbe47354b0c1287701a8a1d394ad8c1b2d8 all runs: crashed: INFO: trying to register non-static key in __io_uring_register testing release v5.6 testing commit 7111951b8d4973bda27ff663f2cf18b663d15b48 with gcc (GCC) 8.1.0 kernel signature: f47b43146584ac9d9917df7e38c34acbf694bade0f711a7cb0a4c3cd009af0cb all runs: OK # git bisect start b2e2a818a01717ba15c74fd355f76822b81a95f6 7111951b8d4973bda27ff663f2cf18b663d15b48 Bisecting: 6410 revisions left to test after this (roughly 13 steps) [f365ab31efacb70bed1e821f7435626e0b2528a6] Merge tag 'drm-next-2020-04-01' of git://anongit.freedesktop.org/drm/drm testing commit f365ab31efacb70bed1e821f7435626e0b2528a6 with gcc (GCC) 8.1.0 kernel signature: 9d62cdc6467f73a967ae73d9924b1ca1a79b43ebe6760d46bd92aa7d1e52064b all runs: OK # git bisect good f365ab31efacb70bed1e821f7435626e0b2528a6 Bisecting: 3210 revisions left to test after this (roughly 12 steps) [5364abc57993b3bf60c41923cb98a8f1a594e749] Merge tag 'arc-5.7-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/vgupta/arc testing commit 5364abc57993b3bf60c41923cb98a8f1a594e749 with gcc (GCC) 8.1.0 kernel signature: 4c0a275447e4b046eafa1776f90cbd855257e2d97cb75204ab4fd0ecac6ec92e all runs: OK # git bisect good 5364abc57993b3bf60c41923cb98a8f1a594e749 Bisecting: 1636 revisions left to test after this (roughly 11 steps) [3b42ce82b16f93998d9bf083cdcf61609e12755b] Merge remote-tracking branch 'ext3/for_next' testing commit 3b42ce82b16f93998d9bf083cdcf61609e12755b with gcc (GCC) 8.1.0 kernel signature: d45eb143256069466014ec37324503e6c8ec7b1259eca5dd6beb9567f17a9dea all runs: OK # git bisect good 3b42ce82b16f93998d9bf083cdcf61609e12755b Bisecting: 817 revisions left to test after this (roughly 10 steps) [fbed65b1932e42df7dabda4b88ee5cd5ffa07a62] Merge remote-tracking branch 'modules/modules-next' testing commit fbed65b1932e42df7dabda4b88ee5cd5ffa07a62 with gcc (GCC) 8.1.0 kernel signature: 4491c3599ae0617bf43bc5de43415ca572f0d7bb9fce5cf0748b2869132be4ad all runs: OK # git bisect good fbed65b1932e42df7dabda4b88ee5cd5ffa07a62 Bisecting: 408 revisions left to test after this (roughly 9 steps) [ff76bf6c6ff10246db94976ed08673c50a74f465] Merge remote-tracking branch 'pwm/for-next' testing commit ff76bf6c6ff10246db94976ed08673c50a74f465 with gcc (GCC) 8.1.0 kernel signature: 3b28ac1dfc290b497eb21a0f089f6ece6c6df1f46118e231cee49a24eb87f127 all runs: crashed: INFO: trying to register non-static key in __io_uring_register # git bisect bad ff76bf6c6ff10246db94976ed08673c50a74f465 Bisecting: 177 revisions left to test after this (roughly 8 steps) [872b48d7316802c701fd493d9142e684820d0549] Merge remote-tracking branch 'tip/auto-latest' testing commit 872b48d7316802c701fd493d9142e684820d0549 with gcc (GCC) 8.1.0 kernel signature: 14e11316db8ae78dae3c1b60df873261d085e7e68f63c9d78027f06c6693c3f7 all runs: crashed: INFO: trying to register non-static key in __io_uring_register # git bisect bad 872b48d7316802c701fd493d9142e684820d0549 Bisecting: 114 revisions left to test after this (roughly 7 steps) [9ae4ca7b7836e9a3fb1ed175a49e3366c39a8e4c] Merge remote-tracking branch 'smack/for-next' testing commit 9ae4ca7b7836e9a3fb1ed175a49e3366c39a8e4c with gcc (GCC) 8.1.0 kernel signature: e1435a8724f114b00f8f93524be7326a113735f16d888e5d1f547fa936c1a7cd all runs: crashed: INFO: trying to register non-static key in __io_uring_register # git bisect bad 9ae4ca7b7836e9a3fb1ed175a49e3366c39a8e4c Bisecting: 66 revisions left to test after this (roughly 6 steps) [57689f111fc43035e34878bfa409ac95e7daffa4] Merge remote-tracking branch 'pcmcia/pcmcia-next' testing commit 57689f111fc43035e34878bfa409ac95e7daffa4 with gcc (GCC) 8.1.0 kernel signature: 234988d86548628f4d0c721232aa880429f317f6fb57143e1f3501c0a0ffa632 all runs: crashed: INFO: trying to register non-static key in __io_uring_register # git bisect bad 57689f111fc43035e34878bfa409ac95e7daffa4 Bisecting: 24 revisions left to test after this (roughly 5 steps) [c9c20ee3cfce924e7b2a8138df2d6958c500858a] Input: goodix - fix compilation when ACPI support is disabled testing commit c9c20ee3cfce924e7b2a8138df2d6958c500858a with gcc (GCC) 8.1.0 kernel signature: 2bda14aae9505d97e154e3529a9778e4b9771ac60aa61395ef5e376d5e5fd62c all runs: OK # git bisect good c9c20ee3cfce924e7b2a8138df2d6958c500858a Bisecting: 11 revisions left to test after this (roughly 4 steps) [7bd314cdd7a88ff53043f24d02f64cf9b89c023d] Merge branch 'io_uring-5.7' into for-next testing commit 7bd314cdd7a88ff53043f24d02f64cf9b89c023d with gcc (GCC) 8.1.0 kernel signature: 9b934497dcd301d3063740290f547df08fe45a921dd89567d4cc0c96a2764b45 all runs: crashed: INFO: trying to register non-static key in __io_uring_register # git bisect bad 7bd314cdd7a88ff53043f24d02f64cf9b89c023d Bisecting: 6 revisions left to test after this (roughly 3 steps) [c336e992cb1cb1db9ee608dfb30342ae781057ab] io_uring: remove bogus RLIMIT_NOFILE check in file registration testing commit c336e992cb1cb1db9ee608dfb30342ae781057ab with gcc (GCC) 8.1.0 kernel signature: 9a3141f4f72711324892d79debc28d0fbc8d546a18263a2fcd69e83395edfee9 all runs: crashed: INFO: trying to register non-static key in __io_uring_register # git bisect bad c336e992cb1cb1db9ee608dfb30342ae781057ab Bisecting: 2 revisions left to test after this (roughly 2 steps) [a6ba632d2c249a4390289727c07b8b55eb02a41d] io_uring: retry poll if we got woken with non-matching mask testing commit a6ba632d2c249a4390289727c07b8b55eb02a41d with gcc (GCC) 8.1.0 kernel signature: ae69372491d8befd7f3d3aaf472ef4be3ccdf13af063d4323f6916012e7603be all runs: crashed: INFO: trying to register non-static key in __io_uring_register # git bisect bad a6ba632d2c249a4390289727c07b8b55eb02a41d Bisecting: 0 revisions left to test after this (roughly 1 step) [10bea96dcc13ad841d53bdcc9d8e731e9e0ad58f] io_uring: add missing finish_wait() in io_sq_thread() testing commit 10bea96dcc13ad841d53bdcc9d8e731e9e0ad58f with gcc (GCC) 8.1.0 kernel signature: 1a530bc3481b723c6a848e73fa1c8bfd1c9849b1a3263cc18a281f73da23f736 all runs: crashed: INFO: trying to register non-static key in __io_uring_register # git bisect bad 10bea96dcc13ad841d53bdcc9d8e731e9e0ad58f Bisecting: 0 revisions left to test after this (roughly 0 steps) [0558955373023b08f638c9ede36741b0e4200f58] io_uring: refactor file register/unregister/update handling testing commit 0558955373023b08f638c9ede36741b0e4200f58 with gcc (GCC) 8.1.0 kernel signature: 3a2b0f2053af3aa91f5d27a11a20a0a312e4979650e6c5647ff41986164ad1c6 all runs: crashed: INFO: trying to register non-static key in __io_uring_register # git bisect bad 0558955373023b08f638c9ede36741b0e4200f58 0558955373023b08f638c9ede36741b0e4200f58 is the first bad commit commit 0558955373023b08f638c9ede36741b0e4200f58 Author: Xiaoguang Wang Date: Tue Mar 31 14:05:18 2020 +0800 io_uring: refactor file register/unregister/update handling While diving into io_uring fileset register/unregister/update codes, we found one bug in the fileset update handling. io_uring fileset update use a percpu_ref variable to check whether we can put the previously registered file, only when the refcnt of the perfcpu_ref variable reaches zero, can we safely put these files. But this doesn't work so well. If applications always issue requests continually, this perfcpu_ref will never have an chance to reach zero, and it'll always be in atomic mode, also will defeat the gains introduced by fileset register/unresiger/update feature, which are used to reduce the atomic operation overhead of fput/fget. To fix this issue, while applications do IORING_REGISTER_FILES or IORING_REGISTER_FILES_UPDATE operations, we allocate a new percpu_ref and kill the old percpu_ref, new requests will use the new percpu_ref. Once all previous old requests complete, old percpu_refs will be dropped and registered files will be put safely. Link: https://lore.kernel.org/io-uring/5a8dac33-4ca2-4847-b091-f7dcd3ad0ff3@linux.alibaba.com/T/#t Signed-off-by: Xiaoguang Wang Signed-off-by: Jens Axboe fs/io_uring.c | 204 +++++++++++++++++++++++++++++++++++----------------------- 1 file changed, 124 insertions(+), 80 deletions(-) parent commit 458ef2a25e0cbdc216012aa2b9cf549d64133b08 wasn't tested testing commit 458ef2a25e0cbdc216012aa2b9cf549d64133b08 with gcc (GCC) 8.1.0 kernel signature: f4aaa2e9eace18717643ea73a88d1c15f990ce62ca7d848f9d9ec4508251d31d culprit signature: 3a2b0f2053af3aa91f5d27a11a20a0a312e4979650e6c5647ff41986164ad1c6 parent signature: f4aaa2e9eace18717643ea73a88d1c15f990ce62ca7d848f9d9ec4508251d31d revisions tested: 16, total time: 3h19m58.818896138s (build: 1h45m33.177567692s, test: 1h33m5.814932595s) first bad commit: 0558955373023b08f638c9ede36741b0e4200f58 io_uring: refactor file register/unregister/update handling cc: ["axboe@kernel.dk" "io-uring@vger.kernel.org" "linux-fsdevel@vger.kernel.org" "linux-kernel@vger.kernel.org" "viro@zeniv.linux.org.uk" "xiaoguang.wang@linux.alibaba.com"] crash: INFO: trying to register non-static key in __io_uring_register INFO: trying to register non-static key. the code is fine but needs lockdep annotation. turning off the locking correctness validator. CPU: 1 PID: 8584 Comm: syz-executor.2 Not tainted 5.6.0-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x128/0x182 lib/dump_stack.c:118 assign_lock_key kernel/locking/lockdep.c:913 [inline] register_lock_class+0x1852/0x1860 kernel/locking/lockdep.c:1225 __lock_acquire+0x100/0x3740 kernel/locking/lockdep.c:4223 lock_acquire+0x1e3/0x970 kernel/locking/lockdep.c:4923 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline] _raw_spin_lock_irqsave+0x95/0xc0 kernel/locking/spinlock.c:159 io_sqe_files_register fs/io_uring.c:6571 [inline] __io_uring_register+0x188d/0x2ae0 fs/io_uring.c:7973 __do_sys_io_uring_register fs/io_uring.c:8053 [inline] __se_sys_io_uring_register fs/io_uring.c:8035 [inline] __x64_sys_io_uring_register+0x15d/0x450 fs/io_uring.c:8035 do_syscall_64+0xc6/0x620 arch/x86/entry/common.c:294 entry_SYSCALL_64_after_hwframe+0x49/0xb3 RIP: 0033:0x45c879 Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007f5b7cfa5c78 EFLAGS: 00000246 ORIG_RAX: 00000000000001ab RAX: ffffffffffffffda RBX: 00007f5b7cfa66d4 RCX: 000000000045c879 RDX: 0000000020000280 RSI: 0000000000000002 RDI: 0000000000000003 RBP: 000000000076bf00 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000001 R11: 0000000000000246 R12: 00000000ffffffff R13: 00000000000001fd R14: 00000000004d2f40 R15: 000000000076bf0c