bisecting cause commit starting from 5d1131b4d61e52e5702e0fa4bcbec81ac7d6ef52 building syzkaller on f4b7ed0781fd311fccb2dd56f306a07590d440fd testing commit 5d1131b4d61e52e5702e0fa4bcbec81ac7d6ef52 with gcc (GCC) 8.1.0 all runs: crashed: INFO: trying to register non-static key in io_cqring_ev_posted testing release v5.3 testing commit 4d856f72c10ecb060868ed10ff1b1453943fc6c8 with gcc (GCC) 8.1.0 all runs: OK # git bisect start 5d1131b4d61e52e5702e0fa4bcbec81ac7d6ef52 4d856f72c10ecb060868ed10ff1b1453943fc6c8 Bisecting: 14176 revisions left to test after this (roughly 14 steps) [88d0facf186c6c652c2203536fecd77089b43a4e] staging: wfx: fix potential vulnerability to spectre testing commit 88d0facf186c6c652c2203536fecd77089b43a4e with gcc (GCC) 8.1.0 all runs: OK # git bisect good 88d0facf186c6c652c2203536fecd77089b43a4e Bisecting: 6796 revisions left to test after this (roughly 13 steps) [c853673dd5c3860157060408103ceb4f86f9157e] Merge remote-tracking branch 'net-next/master' testing commit c853673dd5c3860157060408103ceb4f86f9157e with gcc (GCC) 8.1.0 all runs: OK # git bisect good c853673dd5c3860157060408103ceb4f86f9157e Bisecting: 3401 revisions left to test after this (roughly 12 steps) [38801470bb9fbd5d3798181e494b6147c0cc7d77] Merge remote-tracking branch 'battery/for-next' testing commit 38801470bb9fbd5d3798181e494b6147c0cc7d77 with gcc (GCC) 8.1.0 all runs: crashed: INFO: trying to register non-static key in io_cqring_ev_posted # git bisect bad 38801470bb9fbd5d3798181e494b6147c0cc7d77 Bisecting: 1744 revisions left to test after this (roughly 11 steps) [2ef4144d1ea8b181d377d0783c43032cb44889f7] Merge tag 'drm-intel-next-2019-11-01-1' of git://anongit.freedesktop.org/drm/drm-intel into drm-next testing commit 2ef4144d1ea8b181d377d0783c43032cb44889f7 with gcc (GCC) 8.1.0 all runs: OK # git bisect good 2ef4144d1ea8b181d377d0783c43032cb44889f7 Bisecting: 946 revisions left to test after this (roughly 10 steps) [0ad37dd1eae8c43e603319bb16a8aba4906a8951] Merge remote-tracking branch 'etnaviv/etnaviv/next' testing commit 0ad37dd1eae8c43e603319bb16a8aba4906a8951 with gcc (GCC) 8.1.0 all runs: OK # git bisect good 0ad37dd1eae8c43e603319bb16a8aba4906a8951 Bisecting: 491 revisions left to test after this (roughly 9 steps) [af08a3e2f2b8684c293d17280c663b7322485bc1] Merge remote-tracking branch 'modules/modules-next' testing commit af08a3e2f2b8684c293d17280c663b7322485bc1 with gcc (GCC) 8.1.0 all runs: OK # git bisect good af08a3e2f2b8684c293d17280c663b7322485bc1 Bisecting: 266 revisions left to test after this (roughly 8 steps) [86ce34b035687ba8c7db55e8934819b9bdb46fa8] Merge branch 'for-5.5/block' into for-next testing commit 86ce34b035687ba8c7db55e8934819b9bdb46fa8 with gcc (GCC) 8.1.0 all runs: crashed: INFO: trying to register non-static key in io_cqring_ev_posted # git bisect bad 86ce34b035687ba8c7db55e8934819b9bdb46fa8 Bisecting: 123 revisions left to test after this (roughly 7 steps) [979c690d9a017db14b7759a099478e3faad991ac] block: move clearing bd_invalidated into check_disk_size_change testing commit 979c690d9a017db14b7759a099478e3faad991ac with gcc (GCC) 8.1.0 all runs: OK # git bisect good 979c690d9a017db14b7759a099478e3faad991ac Bisecting: 61 revisions left to test after this (roughly 6 steps) [a320e9fa1e2680116d165b9369dfa41d7cc1e1d1] io_uring: Fix getting file for non-fd opcodes testing commit a320e9fa1e2680116d165b9369dfa41d7cc1e1d1 with gcc (GCC) 8.1.0 all runs: crashed: INFO: trying to register non-static key in io_cqring_ev_posted # git bisect bad a320e9fa1e2680116d165b9369dfa41d7cc1e1d1 Bisecting: 30 revisions left to test after this (roughly 5 steps) [e5eb6366ac2d1df8ad5b010718ac1997ceae45be] io_uring: io_queue_link*() right after submit testing commit e5eb6366ac2d1df8ad5b010718ac1997ceae45be with gcc (GCC) 8.1.0 all runs: OK # git bisect good e5eb6366ac2d1df8ad5b010718ac1997ceae45be Bisecting: 15 revisions left to test after this (roughly 4 steps) [c69f8dbe2426cbf6150407b7e86ce85bb463c1dc] io_uring: separate the io_free_req and io_free_req_find_next interface testing commit c69f8dbe2426cbf6150407b7e86ce85bb463c1dc with gcc (GCC) 8.1.0 all runs: crashed: INFO: trying to register non-static key in io_cqring_ev_posted # git bisect bad c69f8dbe2426cbf6150407b7e86ce85bb463c1dc Bisecting: 7 revisions left to test after this (roughly 3 steps) [78e19bbef38362cebff38aa1ca12e2c82bb72eb8] io_uring: pass in io_kiocb to fill/add CQ handlers testing commit 78e19bbef38362cebff38aa1ca12e2c82bb72eb8 with gcc (GCC) 8.1.0 all runs: OK # git bisect good 78e19bbef38362cebff38aa1ca12e2c82bb72eb8 Bisecting: 3 revisions left to test after this (roughly 2 steps) [5f8fd2d3e0a7aa7fc9d97226be24286edd289835] io_uring: properly mark async work as bounded vs unbounded testing commit 5f8fd2d3e0a7aa7fc9d97226be24286edd289835 with gcc (GCC) 8.1.0 all runs: OK # git bisect good 5f8fd2d3e0a7aa7fc9d97226be24286edd289835 Bisecting: 1 revision left to test after this (roughly 1 step) [a197f664a0db8a6219d9ce949f5f29b89f60fb2b] io_uring: remove passed in 'ctx' function parameter ctx if possible testing commit a197f664a0db8a6219d9ce949f5f29b89f60fb2b with gcc (GCC) 8.1.0 all runs: crashed: INFO: trying to register non-static key in io_cqring_ev_posted # git bisect bad a197f664a0db8a6219d9ce949f5f29b89f60fb2b Bisecting: 0 revisions left to test after this (roughly 0 steps) [206aefde4f886fdeb3b6339aacab3a85fb74cb7e] io_uring: reduce/pack size of io_ring_ctx testing commit 206aefde4f886fdeb3b6339aacab3a85fb74cb7e with gcc (GCC) 8.1.0 all runs: crashed: INFO: trying to register non-static key in io_cqring_ev_posted # git bisect bad 206aefde4f886fdeb3b6339aacab3a85fb74cb7e 206aefde4f886fdeb3b6339aacab3a85fb74cb7e is the first bad commit commit 206aefde4f886fdeb3b6339aacab3a85fb74cb7e Author: Jens Axboe Date: Thu Nov 7 18:27:42 2019 -0700 io_uring: reduce/pack size of io_ring_ctx With the recent flurry of additions and changes to io_uring, the layout of io_ring_ctx has become a bit stale. We're right now at 704 bytes in size on my x86-64 build, or 11 cachelines. This patch does two things: - We have to completion structs embedded, that we only use for quiesce of the ctx (or shutdown) and for sqthread init cases. That 2x32 bytes right there, let's dynamically allocate them. - Reorder the struct a bit with an eye on cachelines, use cases, and holes. With this patch, we're down to 512 bytes, or 8 cachelines. Reviewed-by: Jackie Liu Signed-off-by: Jens Axboe :040000 040000 00647367444f1f3f8d30e540e9ecb664816433eb 8af2b7eaf0e673f95279d89de4b240a86386a44d M fs revisions tested: 17, total time: 4h4m1.848588316s (build: 1h44m29.305182742s, test: 2h13m52.432449062s) first bad commit: 206aefde4f886fdeb3b6339aacab3a85fb74cb7e io_uring: reduce/pack size of io_ring_ctx cc: ["axboe@kernel.dk" "linux-block@vger.kernel.org" "linux-fsdevel@vger.kernel.org" "linux-kernel@vger.kernel.org" "liuyun01@kylinos.cn" "viro@zeniv.linux.org.uk"] crash: INFO: trying to register non-static key in io_cqring_ev_posted RSP: 002b:00007feea697bc78 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9 RAX: ffffffffffffffda RBX: 00007feea697bc90 RCX: 000000000045a639 RDX: 0000000000000000 RSI: 0000000020000340 RDI: 00000000000002a6 RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00007feea697c6d4 R13: 00000000004c1d40 R14: 00000000004d5a18 R15: 0000000000000003 INFO: trying to register non-static key. the code is fine but needs lockdep annotation. turning off the locking correctness validator. CPU: 1 PID: 7759 Comm: syz-executor.4 Not tainted 5.4.0-rc5-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x113/0x167 lib/dump_stack.c:113 assign_lock_key kernel/locking/lockdep.c:881 [inline] register_lock_class+0x2028/0x22d0 kernel/locking/lockdep.c:1190 __lock_acquire+0xff/0x4ef0 kernel/locking/lockdep.c:3837 lock_acquire+0x194/0x410 kernel/locking/lockdep.c:4487 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline] _raw_spin_lock_irqsave+0x99/0xd0 kernel/locking/spinlock.c:159 __wake_up_common_lock+0xc1/0x140 kernel/sched/wait.c:122 __wake_up+0xe/0x10 kernel/sched/wait.c:142 io_cqring_ev_posted+0x92/0xf0 fs/io_uring.c:619 io_cqring_overflow_flush+0x5fa/0xa00 fs/io_uring.c:666 io_ring_ctx_wait_and_kill+0x1f1/0x690 fs/io_uring.c:4161 io_uring_create fs/io_uring.c:4498 [inline] io_uring_setup+0x15f1/0x1b40 fs/io_uring.c:4524 __do_sys_io_uring_setup fs/io_uring.c:4537 [inline] __se_sys_io_uring_setup fs/io_uring.c:4534 [inline] __x64_sys_io_uring_setup+0x4f/0x70 fs/io_uring.c:4534 do_syscall_64+0xca/0x5d0 arch/x86/entry/common.c:290 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x45a639 Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007feea697bc78 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9 RAX: ffffffffffffffda RBX: 00007feea697bc90 RCX: 000000000045a639 RDX: 0000000000000000 RSI: 0000000020000340 RDI: 00000000000002a6 RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00007feea697c6d4 R13: 00000000004c1d40 R14: 00000000004d5a18 R15: 0000000000000003 kasan: CONFIG_KASAN_INLINE enabled kasan: GPF could be caused by NULL-ptr deref or user memory access general protection fault: 0000 [#1] PREEMPT SMP KASAN CPU: 1 PID: 7759 Comm: syz-executor.4 Not tainted 5.4.0-rc5-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:__wake_up_common+0xdd/0x5f0 kernel/sched/wait.c:86 Code: fc 04 00 00 4c 8b 43 38 49 83 e8 18 49 8d 78 18 49 39 fc 0f 84 5c 02 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 f9 48 c1 e9 03 <80> 3c 01 00 0f 85 ef 04 00 00 49 8b 40 18 89 55 b8 31 db 49 be 00 RSP: 0018:ffff888080187b40 EFLAGS: 00010046 RAX: dffffc0000000000 RBX: ffff888099a30920 RCX: 0000000000000000 RDX: 0000000000000001 RSI: 0000000000000003 RDI: 0000000000000000 RBP: ffff888080187b98 R08: ffffffffffffffe8 R09: ffff888080187bd8 R10: ffffed1010030f61 R11: 0000000000000003 R12: ffff888099a30958 R13: 0000000000000286 R14: ffff888080187c38 R15: 0000000000000000 FS: 00007feea697c700(0000) GS:ffff8880aeb00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000001c947d0 CR3: 0000000080bf4000 CR4: 00000000001406e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: __wake_up_common_lock+0xe5/0x140 kernel/sched/wait.c:123 __wake_up+0xe/0x10 kernel/sched/wait.c:142 io_cqring_ev_posted+0x92/0xf0 fs/io_uring.c:619 io_cqring_overflow_flush+0x5fa/0xa00 fs/io_uring.c:666 io_ring_ctx_wait_and_kill+0x1f1/0x690 fs/io_uring.c:4161 io_uring_create fs/io_uring.c:4498 [inline] io_uring_setup+0x15f1/0x1b40 fs/io_uring.c:4524 __do_sys_io_uring_setup fs/io_uring.c:4537 [inline] __se_sys_io_uring_setup fs/io_uring.c:4534 [inline] __x64_sys_io_uring_setup+0x4f/0x70 fs/io_uring.c:4534 do_syscall_64+0xca/0x5d0 arch/x86/entry/common.c:290 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x45a639 Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007feea697bc78 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9 RAX: ffffffffffffffda RBX: 00007feea697bc90 RCX: 000000000045a639 RDX: 0000000000000000 RSI: 0000000020000340 RDI: 00000000000002a6 RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00007feea697c6d4 R13: 00000000004c1d40 R14: 00000000004d5a18 R15: 0000000000000003 Modules linked in: ---[ end trace 16b5d9ca482df8fd ]--- RIP: 0010:__wake_up_common+0xdd/0x5f0 kernel/sched/wait.c:86 Code: fc 04 00 00 4c 8b 43 38 49 83 e8 18 49 8d 78 18 49 39 fc 0f 84 5c 02 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 f9 48 c1 e9 03 <80> 3c 01 00 0f 85 ef 04 00 00 49 8b 40 18 89 55 b8 31 db 49 be 00 RSP: 0018:ffff888080187b40 EFLAGS: 00010046 RAX: dffffc0000000000 RBX: ffff888099a30920 RCX: 0000000000000000 RDX: 0000000000000001 RSI: 0000000000000003 RDI: 0000000000000000 RBP: ffff888080187b98 R08: ffffffffffffffe8 R09: ffff888080187bd8 R10: ffffed1010030f61 R11: 0000000000000003 R12: ffff888099a30958 R13: 0000000000000286 R14: ffff888080187c38 R15: 0000000000000000 FS: 00007feea697c700(0000) GS:ffff8880aeb00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000001c947d0 CR3: 0000000080bf4000 CR4: 00000000001406e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400