bisecting cause commit starting from f88cd3fb9df228e5ce4e13ec3dbad671ddb2146e building syzkaller on 0740de696b19a870c7208bd97f3194988281c282 testing commit f88cd3fb9df228e5ce4e13ec3dbad671ddb2146e with gcc (GCC) 10.2.1 20210217 kernel signature: 81478f8d98d9ec7e0df9915ea74a6daad2522437495087d5e963d524cf50486e all runs: crashed: WARNING in io_wqe_enqueue testing release v5.12 testing commit 9f4ad9e425a1d3b6a34617b8ea226d56a119a717 with gcc (GCC) 10.2.1 20210217 kernel signature: d7c08b8f5548a7dddc64d732a7776572f6770a2e1e6c085fa2b12af699e6bb46 run #0: crashed: WARNING in io_wqe_wake_worker run #1: crashed: WARNING in io_wqe_wake_worker run #2: crashed: WARNING in io_wqe_wake_worker run #3: crashed: WARNING in io_wqe_wake_worker run #4: crashed: WARNING in io_wqe_wake_worker run #5: crashed: WARNING in io_wqe_wake_worker run #6: crashed: WARNING in io_wqe_wake_worker run #7: OK run #8: OK run #9: OK testing release v5.11 testing commit f40ddce88593482919761f74910f42f4b84c004b with gcc (GCC) 10.2.1 20210217 kernel signature: 1fd4e0f672a4cfa3fd562b6fd10b32258b5bbc4df95dbf3efa4e8e6eb0e908d3 run #0: crashed: WARNING in io_wqe_wake_worker run #1: crashed: WARNING in io_wqe_wake_worker run #2: crashed: WARNING in io_wqe_wake_worker run #3: crashed: WARNING in io_wqe_wake_worker run #4: crashed: WARNING in io_wqe_wake_worker run #5: crashed: WARNING in io_wqe_wake_worker run #6: crashed: WARNING in io_wqe_wake_worker run #7: crashed: WARNING in io_wqe_wake_worker run #8: OK run #9: OK testing release v5.10 testing commit 2c85ebc57b3e1817b6ce1a6b703928e113a90442 with gcc (GCC) 10.2.1 20210217 kernel signature: 7fea9c16b5fd487e9a093c1f6457fd83b7ec27c17c9d25d7c137e9f812781f8e run #0: crashed: WARNING in io_wqe_wake_worker run #1: crashed: WARNING in percpu_ref_kill_and_confirm run #2: crashed: WARNING in io_wqe_wake_worker run #3: crashed: WARNING in io_wqe_wake_worker run #4: crashed: WARNING in io_wqe_wake_worker run #5: crashed: WARNING in io_wqe_wake_worker run #6: crashed: WARNING in io_wqe_wake_worker run #7: crashed: WARNING in io_wqe_wake_worker run #8: crashed: WARNING in io_wqe_wake_worker run #9: OK testing release v5.9 testing commit bbf5c979011a099af5dc76498918ed7df445635b with gcc (GCC) 10.2.1 20210217 kernel signature: 420cda82b0de3924b13e537dec9a1e0ae3454289b3e28d76cef04355a3677ed5 all runs: crashed: WARNING in io_wqe_wake_worker testing release v5.8 testing commit bcf876870b95592b52519ed4aafcf9d95999bc9c with gcc (GCC) 8.4.1 20210217 kernel signature: 1d9f85b73ac2cbeb67b17c6aafca4c33f42ba96461c0094c3a6f241635081857 all runs: crashed: WARNING in io_wqe_wake_worker testing release v5.7 testing commit 3d77e6a8804abcc0504c904bd6e5cdf3a5cf8162 with gcc (GCC) 8.4.1 20210217 kernel signature: a2c35a82256638b5b1bcd46778b342d303929db8cdb52f4f06c7e3d13f06987f run #0: crashed: WARNING in io_wqe_wake_worker run #1: crashed: WARNING in io_wqe_wake_worker run #2: crashed: WARNING in io_wqe_wake_worker run #3: crashed: WARNING in io_wqe_wake_worker run #4: OK run #5: crashed: WARNING in io_wqe_wake_worker run #6: OK run #7: OK run #8: OK run #9: OK testing release v5.6 testing commit 7111951b8d4973bda27ff663f2cf18b663d15b48 with gcc (GCC) 8.4.1 20210217 kernel signature: b9f1fd9326d12ba88a3a15afa7c71c2abd6e6d2104bb6f1512e94eb8fc21f961 all runs: crashed: WARNING in io_wqe_wake_worker testing release v5.5 testing commit d5226fa6dbae0569ee43ecfc08bdcd6770fc4755 with gcc (GCC) 8.4.1 20210217 kernel signature: b850d158647ee311ab2e1d3a5c3b8d28b148d0c8c53e775564b89ad65ba0573e all runs: OK # git bisect start 7111951b8d4973bda27ff663f2cf18b663d15b48 d5226fa6dbae0569ee43ecfc08bdcd6770fc4755 Bisecting: 6113 revisions left to test after this (roughly 13 steps) [9f68e3655aae6d49d6ba05dd263f99f33c2567af] Merge tag 'drm-next-2020-01-30' of git://anongit.freedesktop.org/drm/drm testing commit 9f68e3655aae6d49d6ba05dd263f99f33c2567af with gcc (GCC) 8.4.1 20210217 kernel signature: 13bcb7f366e250ed87849cf504d5277ef8093d726e76fecf0ca7467ea0f57c3e all runs: crashed: WARNING in io_wqe_wake_worker # git bisect bad 9f68e3655aae6d49d6ba05dd263f99f33c2567af Bisecting: 3686 revisions left to test after this (roughly 12 steps) [fb95aae6e67c4e319a24b3eea32032d4246a5335] Merge tag 'sound-5.6-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound testing commit fb95aae6e67c4e319a24b3eea32032d4246a5335 with gcc (GCC) 8.4.1 20210217 kernel signature: a0a5d761664875061e3049696c2b7d61fa6e5c635a2a9fa208d8dda538760c4b all runs: OK # git bisect good fb95aae6e67c4e319a24b3eea32032d4246a5335 Bisecting: 1843 revisions left to test after this (roughly 11 steps) [8815a94f27d2f30fe1216ce10c7da0f6ae69ca0f] drm/vmwgfx: move the require_exist handling together testing commit 8815a94f27d2f30fe1216ce10c7da0f6ae69ca0f with gcc (GCC) 8.4.1 20210217 kernel signature: b2cacbb8715fe22277aff9b78e3a4822214f0ef3d72e33687d493e4a1e82c866 all runs: boot failed: general protection fault in do_mount_root # git bisect skip 8815a94f27d2f30fe1216ce10c7da0f6ae69ca0f Bisecting: 1842 revisions left to test after this (roughly 11 steps) [4872e6aa217fbb475ffa0ad7bda0d9acff543f2c] drm/vmwgfx: check master authentication in surface_ref ioctls testing commit 4872e6aa217fbb475ffa0ad7bda0d9acff543f2c with gcc (GCC) 8.4.1 20210217 kernel signature: 4e794fee5fabfde1a034d622e9fb6584815c8fe9661ed6f7b6749f8bb7844d44 all runs: boot failed: general protection fault in do_mount_root # git bisect skip 4872e6aa217fbb475ffa0ad7bda0d9acff543f2c Bisecting: 1842 revisions left to test after this (roughly 11 steps) [fa889d85551e0bd962fdefe1cc113f9ba1d04a36] Merge tag 'gpio-v5.6-1' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-gpio testing commit fa889d85551e0bd962fdefe1cc113f9ba1d04a36 with gcc (GCC) 8.4.1 20210217 kernel signature: f098880018f55c70a690ba974ae116a22889413b01948ad5dc560289f7526001 all runs: OK # git bisect good fa889d85551e0bd962fdefe1cc113f9ba1d04a36 Bisecting: 1827 revisions left to test after this (roughly 11 steps) [dd22dfa62c9cb2669ed4b181e359645108c69578] Merge branch 'linux-5.6' of git://github.com/skeggsb/linux into drm-next testing commit dd22dfa62c9cb2669ed4b181e359645108c69578 with gcc (GCC) 8.4.1 20210217 kernel signature: 49022b6594ae7b28d57764000a6d5ac0aa1d10bf984427f272e3a27e2e94aea6 all runs: boot failed: general protection fault in do_mount_root # git bisect skip dd22dfa62c9cb2669ed4b181e359645108c69578 Bisecting: 1827 revisions left to test after this (roughly 11 steps) [1d47d0bb72895e754ffbdc410314ddb9c790c6fa] fbdev: omapfb: use devm_platform_ioremap_resource() to simplify code testing commit 1d47d0bb72895e754ffbdc410314ddb9c790c6fa with gcc (GCC) 8.4.1 20210217 kernel signature: f49ff14bc8864bedadcc91e3400d039185126f7470bdaf09a460e0aafa5014d2 all runs: OK # git bisect good 1d47d0bb72895e754ffbdc410314ddb9c790c6fa Bisecting: 1573 revisions left to test after this (roughly 11 steps) [3d4743131b8de970faa4b979ead0fadfe5d2de9d] Backmerge v5.5-rc7 into drm-next testing commit 3d4743131b8de970faa4b979ead0fadfe5d2de9d with gcc (GCC) 8.4.1 20210217 kernel signature: 74b4b87cb81767cadcdd4444c773d9de900af543e1082da904237c011adf2d24 all runs: OK # git bisect good 3d4743131b8de970faa4b979ead0fadfe5d2de9d Bisecting: 751 revisions left to test after this (roughly 10 steps) [7ba31c3f2f1ee095d8126f4d3757fc3b2bc3c838] Merge tag 'staging-5.6-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging testing commit 7ba31c3f2f1ee095d8126f4d3757fc3b2bc3c838 with gcc (GCC) 8.4.1 20210217 kernel signature: f5aabd3f737afdbfb1042ea264bff6fa1111bf5249454b30e9a429f3dc61ea38 all runs: OK # git bisect good 7ba31c3f2f1ee095d8126f4d3757fc3b2bc3c838 Bisecting: 303 revisions left to test after this (roughly 9 steps) [33c84e89abe4a92ab699c33029bd54269d574782] Merge tag 'scsi-misc' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi testing commit 33c84e89abe4a92ab699c33029bd54269d574782 with gcc (GCC) 8.4.1 20210217 kernel signature: 82262aebacf1c339b9bbc7b3ff049f15fd8ae8a7658c3d488e0e8ac489a2eb69 all runs: OK # git bisect good 33c84e89abe4a92ab699c33029bd54269d574782 Bisecting: 119 revisions left to test after this (roughly 7 steps) [893e591b59036f9bc629f55bce715d67bdd266a2] Merge tag 'devicetree-for-5.6' of git://git.kernel.org/pub/scm/linux/kernel/git/robh/linux testing commit 893e591b59036f9bc629f55bce715d67bdd266a2 with gcc (GCC) 8.4.1 20210217 kernel signature: 0950212561699fdb2f8c90d1d431b25da420650f7e5f07edc9dc62448e3b31cf all runs: crashed: WARNING in io_wqe_wake_worker # git bisect bad 893e591b59036f9bc629f55bce715d67bdd266a2 Bisecting: 95 revisions left to test after this (roughly 7 steps) [9ca4c6429f92598a84e4c3292ea7d187c9d7b033] Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc testing commit 9ca4c6429f92598a84e4c3292ea7d187c9d7b033 with gcc (GCC) 8.4.1 20210217 kernel signature: c8e9f59d6907cc9347295ea368847c5ce7312b85432603e58fa4cfd750ea69ec all runs: crashed: WARNING in io_wqe_wake_worker # git bisect bad 9ca4c6429f92598a84e4c3292ea7d187c9d7b033 Bisecting: 43 revisions left to test after this (roughly 6 steps) [66f4af93da5761d2fa05c0dc673a47003cdb9cfe] io_uring: add support for probing opcodes testing commit 66f4af93da5761d2fa05c0dc673a47003cdb9cfe with gcc (GCC) 8.4.1 20210217 kernel signature: 53733551d626e3fc0e417628d804c10a5a5e83a32d45696a539b6d39b807625d all runs: OK # git bisect good 66f4af93da5761d2fa05c0dc673a47003cdb9cfe Bisecting: 21 revisions left to test after this (roughly 5 steps) [3e4827b05d2ac2d377ed136a52829ec46787bf4b] io_uring: add support for epoll_ctl(2) testing commit 3e4827b05d2ac2d377ed136a52829ec46787bf4b with gcc (GCC) 8.4.1 20210217 kernel signature: 67e3f4a7989000f79df2108a8cdbcc15fcbf827efa848b9d8941e936081b93ef all runs: crashed: WARNING in io_wqe_wake_worker # git bisect bad 3e4827b05d2ac2d377ed136a52829ec46787bf4b Bisecting: 10 revisions left to test after this (roughly 4 steps) [8cdf2193a3335b4cfb6e023b41ac293d0843d287] io_uring: add comment for drain_next testing commit 8cdf2193a3335b4cfb6e023b41ac293d0843d287 with gcc (GCC) 8.4.1 20210217 kernel signature: d1ea6fd9ed2c9e38b30a85062631e0a1af360771983554096c288da6d15ba5b1 all runs: OK # git bisect good 8cdf2193a3335b4cfb6e023b41ac293d0843d287 Bisecting: 4 revisions left to test after this (roughly 3 steps) [071698e13ac6ba786dfa22349a7b62deb5a9464d] io_uring: allow registering credentials testing commit 071698e13ac6ba786dfa22349a7b62deb5a9464d with gcc (GCC) 8.4.1 20210217 kernel signature: 43b52f572bcaf4e53211901e259d32325caaca2239501f8b57f609cc3d0566dc all runs: crashed: WARNING in io_wqe_wake_worker # git bisect bad 071698e13ac6ba786dfa22349a7b62deb5a9464d Bisecting: 2 revisions left to test after this (roughly 2 steps) [cccf0ee834559ae0b327b40290e14f6a2a017177] io_uring/io-wq: don't use static creds/mm assignments testing commit cccf0ee834559ae0b327b40290e14f6a2a017177 with gcc (GCC) 8.4.1 20210217 kernel signature: aa1b71344d5eba6827aa4e9ff5bf5348f0b13ffdbae1a9b36fbead9fd1947156 run #0: basic kernel testing failed: failed to copy test binary to VM: failed to run ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "/syzkaller/jobs/linux/workdir/repro.prog" "root@10.128.0.210:./repro.prog"]: exit status 1 Warning: Permanently added '10.128.0.210' (ECDSA) to the list of known hosts. /syzkaller/jobs/linux/workdir/repro.prog: Broken pipe run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect good cccf0ee834559ae0b327b40290e14f6a2a017177 Bisecting: 0 revisions left to test after this (roughly 1 step) [24369c2e3bb06d8c4e71fd6ceaf4f8a01ae79b7c] io_uring: add io-wq workqueue sharing testing commit 24369c2e3bb06d8c4e71fd6ceaf4f8a01ae79b7c with gcc (GCC) 8.4.1 20210217 kernel signature: e795014f16fe7c630832f30d0b5f90c8c0e58b64d18da56b4920752caab85d24 all runs: crashed: WARNING in io_wqe_wake_worker # git bisect bad 24369c2e3bb06d8c4e71fd6ceaf4f8a01ae79b7c Bisecting: 0 revisions left to test after this (roughly 0 steps) [eba6f5a330cf042bb0001f0b5e8cbf21be1b25d6] io-wq: allow grabbing existing io-wq testing commit eba6f5a330cf042bb0001f0b5e8cbf21be1b25d6 with gcc (GCC) 8.4.1 20210217 kernel signature: 91091a736d2330f9c03d9f1c301b41de751bbdb176b488273be3c2a68380aa6a all runs: OK # git bisect good eba6f5a330cf042bb0001f0b5e8cbf21be1b25d6 24369c2e3bb06d8c4e71fd6ceaf4f8a01ae79b7c is the first bad commit commit 24369c2e3bb06d8c4e71fd6ceaf4f8a01ae79b7c Author: Pavel Begunkov Date: Tue Jan 28 03:15:48 2020 +0300 io_uring: add io-wq workqueue sharing If IORING_SETUP_ATTACH_WQ is set, it expects wq_fd in io_uring_params to be a valid io_uring fd io-wq of which will be shared with the newly created io_uring instance. If the flag is set but it can't share io-wq, it fails. This allows creation of "sibling" io_urings, where we prefer to keep the SQ/CQ private, but want to share the async backend to minimize the amount of overhead associated with having multiple rings that belong to the same backend. Reported-by: Jens Axboe Reported-by: Daurnimator Signed-off-by: Pavel Begunkov Signed-off-by: Jens Axboe fs/io_uring.c | 64 +++++++++++++++++++++++++++++++++---------- include/uapi/linux/io_uring.h | 4 ++- 2 files changed, 53 insertions(+), 15 deletions(-) culprit signature: e795014f16fe7c630832f30d0b5f90c8c0e58b64d18da56b4920752caab85d24 parent signature: 91091a736d2330f9c03d9f1c301b41de751bbdb176b488273be3c2a68380aa6a revisions tested: 28, total time: 7h11m51.386911182s (build: 3h38m52.203236075s, test: 3h29m1.980931001s) first bad commit: 24369c2e3bb06d8c4e71fd6ceaf4f8a01ae79b7c io_uring: add io-wq workqueue sharing recipients (to): ["asml.silence@gmail.com" "axboe@kernel.dk" "axboe@kernel.dk" "io-uring@vger.kernel.org"] recipients (cc): ["linux-fsdevel@vger.kernel.org" "linux-kernel@vger.kernel.org" "viro@zeniv.linux.org.uk"] crash: WARNING in io_wqe_wake_worker ------------[ cut here ]------------ WARNING: CPU: 1 PID: 10389 at fs/io-wq.c:280 refcount_add_not_zero include/linux/refcount.h:165 [inline] WARNING: CPU: 1 PID: 10389 at fs/io-wq.c:280 refcount_inc_not_zero include/linux/refcount.h:211 [inline] WARNING: CPU: 1 PID: 10389 at fs/io-wq.c:280 io_worker_get fs/io-wq.c:121 [inline] WARNING: CPU: 1 PID: 10389 at fs/io-wq.c:280 io_wqe_activate_free_worker fs/io-wq.c:259 [inline] WARNING: CPU: 1 PID: 10389 at fs/io-wq.c:280 io_wqe_wake_worker+0x430/0x4a0 fs/io-wq.c:283 Kernel panic - not syncing: panic_on_warn set ... CPU: 1 PID: 10389 Comm: syz-executor.3 Not tainted 5.5.0-rc7-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x96/0xe0 lib/dump_stack.c:118 panic+0x2a1/0x52a kernel/panic.c:221 __warn.cold.10+0x25/0x2f kernel/panic.c:582 report_bug+0x1aa/0x260 lib/bug.c:195 fixup_bug arch/x86/kernel/traps.c:174 [inline] fixup_bug arch/x86/kernel/traps.c:169 [inline] do_error_trap+0x12d/0x1e0 arch/x86/kernel/traps.c:267 do_invalid_op+0x31/0x40 arch/x86/kernel/traps.c:286 invalid_op+0x2d/0x40 arch/x86/entry/entry_64.S:1027 RIP: 0010:io_wqe_wake_worker+0x430/0x4a0 fs/io-wq.c:280 Code: 48 c7 c7 00 d1 56 88 c6 05 01 2a 68 0a 01 e8 04 5c 92 ff e9 36 fd ff ff 31 f6 4c 89 ef e8 18 65 b8 01 8b 45 98 e9 db fe ff ff <0f> 0b e9 6a fc ff ff 4c 89 e7 e8 91 6f df ff e9 4b fc ff ff 31 c0 RSP: 0018:ffffc9000aacf938 EFLAGS: 00010246 RAX: ffff8880b0c0c890 RBX: 1ffff92001559f2a RCX: 0000000000000000 RDX: 0000000000000000 RSI: ffff8880b0c0c890 RDI: ffff8880b0c0c800 RBP: ffffc9000aacf9d8 R08: ffffed1016181914 R09: ffffed1016181914 R10: ffffed1016181913 R11: ffff8880b0c0c89b R12: ffff8880b0c0c894 R13: ffff8880b0c0c890 R14: ffff8880b0c0c800 R15: ffff8880b0c0c838 io_wqe_enqueue+0x166/0x700 fs/io-wq.c:780 io_queue_async_work+0x28e/0x7a0 fs/io_uring.c:932 __io_queue_sqe fs/io_uring.c:4552 [inline] io_queue_sqe+0x7a2/0x1240 fs/io_uring.c:4607 io_submit_sqe fs/io_uring.c:4702 [inline] io_submit_sqes+0x1b4a/0x3030 fs/io_uring.c:4856 __do_sys_io_uring_enter fs/io_uring.c:6375 [inline] __se_sys_io_uring_enter fs/io_uring.c:6326 [inline] __x64_sys_io_uring_enter+0x7e6/0x980 fs/io_uring.c:6326 do_syscall_64+0x98/0x560 arch/x86/entry/common.c:294 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x4665d9 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f79e92af188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9 RDX: 0000000000000000 RSI: 0000000000002a6e RDI: 0000000000000003 RBP: 00000000004bfcb9 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf80 R13: 00007ffe0065059f R14: 00007f79e92af300 R15: 0000000000022000 Kernel Offset: disabled Rebooting in 86400 seconds..