bisecting cause commit starting from 8ee15f3248660f85102a47410079d408615723d4 building syzkaller on c402d8f1aa5d2fdc219d2155fa467fb7f02321a5 testing commit 8ee15f3248660f85102a47410079d408615723d4 with gcc (GCC) 8.1.0 all runs: crashed: WARNING in io_uring_setup testing release v5.0 testing commit 1c163f4c7b3f621efff9b28a47abb36f7378d783 with gcc (GCC) 8.1.0 all runs: OK # git bisect start 8ee15f3248660f85102a47410079d408615723d4 v5.0 Bisecting: 6687 revisions left to test after this (roughly 13 steps) [ae5906ceee038ea29ff5162d1bcd18fb50af8b94] Merge branch 'next-general' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security testing commit ae5906ceee038ea29ff5162d1bcd18fb50af8b94 with gcc (GCC) 8.1.0 all runs: OK # git bisect good ae5906ceee038ea29ff5162d1bcd18fb50af8b94 Bisecting: 3324 revisions left to test after this (roughly 12 steps) [92fff53b7191cae566be9ca6752069426c7f8241] Merge tag 'scsi-misc' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi testing commit 92fff53b7191cae566be9ca6752069426c7f8241 with gcc (GCC) 8.1.0 all runs: crashed: WARNING in io_uring_setup # git bisect bad 92fff53b7191cae566be9ca6752069426c7f8241 Bisecting: 1689 revisions left to test after this (roughly 11 steps) [e13284da944df29ab08e8a9d2a50fc0ad1d858ab] Merge branch 'ras-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip testing commit e13284da944df29ab08e8a9d2a50fc0ad1d858ab with gcc (GCC) 8.1.0 all runs: OK # git bisect good e13284da944df29ab08e8a9d2a50fc0ad1d858ab Bisecting: 989 revisions left to test after this (roughly 10 steps) [36011ddc78395b59a8a418c37f20bcc18828f1ef] Merge tag 'gfs2-5.1.fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/gfs2/linux-gfs2 testing commit 36011ddc78395b59a8a418c37f20bcc18828f1ef with gcc (GCC) 8.1.0 all runs: crashed: WARNING in io_uring_setup # git bisect bad 36011ddc78395b59a8a418c37f20bcc18828f1ef Bisecting: 312 revisions left to test after this (roughly 9 steps) [3601fe43e8164f67a8de3de8e988bfcb3a94af46] Merge tag 'gpio-v5.1-1' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-gpio testing commit 3601fe43e8164f67a8de3de8e988bfcb3a94af46 with gcc (GCC) 8.1.0 all runs: OK # git bisect good 3601fe43e8164f67a8de3de8e988bfcb3a94af46 Bisecting: 156 revisions left to test after this (roughly 7 steps) [2bb995405fe52dd893db57456556e8dc4fce35a7] Merge tag 'gcc-plugins-v5.1-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux testing commit 2bb995405fe52dd893db57456556e8dc4fce35a7 with gcc (GCC) 8.1.0 all runs: crashed: WARNING in io_uring_setup # git bisect bad 2bb995405fe52dd893db57456556e8dc4fce35a7 Bisecting: 77 revisions left to test after this (roughly 6 steps) [49b1f22b567ba1d7d8174950be4398a69d0effb7] block: avoid to READ fields of null bio testing commit 49b1f22b567ba1d7d8174950be4398a69d0effb7 with gcc (GCC) 8.1.0 all runs: OK # git bisect good 49b1f22b567ba1d7d8174950be4398a69d0effb7 Bisecting: 38 revisions left to test after this (roughly 5 steps) [9a56a2323dbbd8ed7f380a5af7ae3ff82caa55a6] io_uring: use fget/fput_many() for file references testing commit 9a56a2323dbbd8ed7f380a5af7ae3ff82caa55a6 with gcc (GCC) 8.1.0 all runs: OK # git bisect good 9a56a2323dbbd8ed7f380a5af7ae3ff82caa55a6 Bisecting: 20 revisions left to test after this (roughly 4 steps) [80201fe175cbf7f3e372f53eba0a881a702ad926] Merge tag 'for-5.1/block-20190302' of git://git.kernel.dk/linux-block testing commit 80201fe175cbf7f3e372f53eba0a881a702ad926 with gcc (GCC) 8.1.0 all runs: OK # git bisect good 80201fe175cbf7f3e372f53eba0a881a702ad926 Bisecting: 10 revisions left to test after this (roughly 3 steps) [21b4aa5d20fd07207e73270cadffed5c63fb4343] io_uring: add a few test tools testing commit 21b4aa5d20fd07207e73270cadffed5c63fb4343 with gcc (GCC) 8.1.0 all runs: crashed: WARNING in io_uring_setup # git bisect bad 21b4aa5d20fd07207e73270cadffed5c63fb4343 Bisecting: 4 revisions left to test after this (roughly 2 steps) [6b06314c47e141031be043539900d80d2c7ba10f] io_uring: add file set registration testing commit 6b06314c47e141031be043539900d80d2c7ba10f with gcc (GCC) 8.1.0 all runs: OK # git bisect good 6b06314c47e141031be043539900d80d2c7ba10f Bisecting: 2 revisions left to test after this (roughly 1 step) [c16361c1d805b6ea50c3c1fc5c314e944c71a984] io_uring: add io_kiocb ref count testing commit c16361c1d805b6ea50c3c1fc5c314e944c71a984 with gcc (GCC) 8.1.0 all runs: crashed: WARNING in io_uring_setup # git bisect bad c16361c1d805b6ea50c3c1fc5c314e944c71a984 Bisecting: 0 revisions left to test after this (roughly 0 steps) [6c271ce2f1d572f7fa225700a13cfe7ced492434] io_uring: add submission polling testing commit 6c271ce2f1d572f7fa225700a13cfe7ced492434 with gcc (GCC) 8.1.0 all runs: crashed: WARNING in io_uring_setup # git bisect bad 6c271ce2f1d572f7fa225700a13cfe7ced492434 6c271ce2f1d572f7fa225700a13cfe7ced492434 is the first bad commit commit 6c271ce2f1d572f7fa225700a13cfe7ced492434 Author: Jens Axboe Date: Thu Jan 10 11:22:30 2019 -0700 io_uring: add submission polling This enables an application to do IO, without ever entering the kernel. By using the SQ ring to fill in new sqes and watching for completions on the CQ ring, we can submit and reap IOs without doing a single system call. The kernel side thread will poll for new submissions, and in case of HIPRI/polled IO, it'll also poll for completions. By default, we allow 1 second of active spinning. This can by changed by passing in a different grace period at io_uring_register(2) time. If the thread exceeds this idle time without having any work to do, it will set: sq_ring->flags |= IORING_SQ_NEED_WAKEUP. The application will have to call io_uring_enter() to start things back up again. If IO is kept busy, that will never be needed. Basically an application that has this feature enabled will guard it's io_uring_enter(2) call with: read_barrier(); if (*sq_ring->flags & IORING_SQ_NEED_WAKEUP) io_uring_enter(fd, 0, 0, IORING_ENTER_SQ_WAKEUP); instead of calling it unconditionally. It's mandatory to use fixed files with this feature. Failure to do so will result in the application getting an -EBADF CQ entry when submitting IO. Reviewed-by: Hannes Reinecke Signed-off-by: Jens Axboe :040000 040000 ca5e05e36f61886129f91db070f217a812c4dd7b 487222729602cd9d12f91557ef31c73e4dfa4b86 M fs :040000 040000 2d991ecff6e14baa890629470b4bd38bd680cf8f 8c9ea07bbb5fd38b10fd5e4673bc08e0c6f2f4f6 M include revisions tested: 15, total time: 3h32m3.053119342s (build: 1h27m9.570908819s, test: 1h59m52.964257532s) first bad commit: 6c271ce2f1d572f7fa225700a13cfe7ced492434 io_uring: add submission polling cc: ["axboe@kernel.dk" "hare@suse.com" "linux-fsdevel@vger.kernel.org" "linux-kernel@vger.kernel.org" "viro@zeniv.linux.org.uk"] crash: WARNING in io_uring_setup 8021q: adding VLAN 0 to HW filter on device batadv0 IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 8021q: adding VLAN 0 to HW filter on device bond0 8021q: adding VLAN 0 to HW filter on device batadv0 WARNING: CPU: 1 PID: 7131 at include/linux/cpumask.h:121 io_sq_offload_start fs/io_uring.c:1818 [inline] WARNING: CPU: 1 PID: 7131 at include/linux/cpumask.h:121 io_uring_create fs/io_uring.c:2393 [inline] WARNING: CPU: 1 PID: 7131 at include/linux/cpumask.h:121 io_uring_setup+0x1003/0x14b0 fs/io_uring.c:2445 Kernel panic - not syncing: panic_on_warn set ... CPU: 1 PID: 7131 Comm: syz-executor.5 Not tainted 5.0.0-rc6+ #1 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x113/0x167 lib/dump_stack.c:113 panic+0x212/0x41d kernel/panic.c:214 __warn.cold.8+0x1b/0x36 kernel/panic.c:571 report_bug+0x1a4/0x200 lib/bug.c:186 fixup_bug arch/x86/kernel/traps.c:178 [inline] do_error_trap+0x11b/0x200 arch/x86/kernel/traps.c:271 do_invalid_op+0x36/0x40 arch/x86/kernel/traps.c:290 invalid_op+0x14/0x20 arch/x86/entry/entry_64.S:973 RIP: 0010:cpu_max_bits_warn include/linux/cpumask.h:121 [inline] RIP: 0010:cpumask_check include/linux/cpumask.h:128 [inline] RIP: 0010:cpumask_test_cpu include/linux/cpumask.h:344 [inline] RIP: 0010:io_sq_offload_start fs/io_uring.c:1787 [inline] RIP: 0010:io_uring_create fs/io_uring.c:2393 [inline] RIP: 0010:io_uring_setup+0x1003/0x14b0 fs/io_uring.c:2445 Code: 00 00 00 fc ff df 48 89 d1 48 c1 e9 03 80 3c 01 00 0f 85 44 01 00 00 49 8b 87 88 00 00 00 49 c7 c5 f4 ff ff ff e9 db fa ff ff <0f> 0b e9 32 f8 ff ff 48 89 c7 e8 de 3d 8c ff e9 b8 fb ff ff 4c 89 RSP: 0018:ffff88808698fde8 EFLAGS: 00010212 RAX: 0000000000000007 RBX: ffff88808698fec8 RCX: 1ffff11012331a5a RDX: 0000000000000400 RSI: 0000000000000004 RDI: ffff88809198d29c RBP: ffff88808698fef0 R08: ffffed1011af0c74 R09: ffffed1011af0c73 R10: ffffed1011af0c73 R11: ffff88808d78639f R12: 1ffff11010d31fc1 R13: ffff88809198d294 R14: ffff88809198d2d0 R15: ffff88809198d240 __do_sys_io_uring_setup fs/io_uring.c:2458 [inline] __se_sys_io_uring_setup fs/io_uring.c:2455 [inline] __x64_sys_io_uring_setup+0x4f/0x70 fs/io_uring.c:2455 do_syscall_64+0xd6/0x4e0 arch/x86/entry/common.c:290 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x458c29 Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007f171d481c78 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9 RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 0000000000458c29 RDX: 0000000000000000 RSI: 0000000020000200 RDI: 0000000000000c9f RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00007f171d4826d4 R13: 00000000004bfe4b R14: 00000000004d2198 R15: 00000000ffffffff Kernel Offset: disabled Rebooting in 86400 seconds..