bisecting cause commit starting from 521b619acdc8f1f5acdac15b84f81fd9515b2aff building syzkaller on 64069d48f293e0be98d4a78a6f7be23861cc1e06 testing commit 521b619acdc8f1f5acdac15b84f81fd9515b2aff with gcc (GCC) 8.1.0 kernel signature: 863aef8525ee74a7c340140a7dfdcf3875102f87b645ca4a7999367c609d58cd all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in start_transaction testing release v5.9 testing commit bbf5c979011a099af5dc76498918ed7df445635b with gcc (GCC) 8.1.0 kernel signature: 934f0a134532bbbd345c7e8b605e59600f755e76ac937b8aa8fb348b839f419b all runs: OK # git bisect start 521b619acdc8f1f5acdac15b84f81fd9515b2aff bbf5c979011a099af5dc76498918ed7df445635b Bisecting: 7685 revisions left to test after this (roughly 13 steps) [0cd7d9795fa82226e7516d38b474bddae8b1ff26] Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/livepatching/livepatching testing commit 0cd7d9795fa82226e7516d38b474bddae8b1ff26 with gcc (GCC) 8.1.0 kernel signature: 2b1aa4a30b1bc20d95490bc3ea79f3a7f7a48aebbfd07a0ab6b307ac6109a04c all runs: crashed: BUG: using __this_cpu_read() in preemptible code in trace_hardirqs_on # git bisect bad 0cd7d9795fa82226e7516d38b474bddae8b1ff26 Bisecting: 3838 revisions left to test after this (roughly 12 steps) [b4e1bce85fd8f43dc814049e2641cc6beaa8146b] Merge tag 'pinctrl-v5.10-1' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl testing commit b4e1bce85fd8f43dc814049e2641cc6beaa8146b with gcc (GCC) 8.1.0 kernel signature: 5f168138f92040dc3776601ae8691739f5fc1e2a41bb044bdf4e42d102e82741 all runs: crashed: BUG: using __this_cpu_read() in preemptible code in trace_hardirqs_on # git bisect bad b4e1bce85fd8f43dc814049e2641cc6beaa8146b Bisecting: 1901 revisions left to test after this (roughly 11 steps) [fd5c32d80884268a381ed0e67cccef0b3d37750b] Merge tag 'media/v5.10-1' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media testing commit fd5c32d80884268a381ed0e67cccef0b3d37750b with gcc (GCC) 8.1.0 kernel signature: f49e6724b220343d9a20902bff07e216d80a9f08df3cdf68592750b146b68329 all runs: crashed: BUG: using __this_cpu_read() in preemptible code in trace_hardirqs_on # git bisect bad fd5c32d80884268a381ed0e67cccef0b3d37750b Bisecting: 1062 revisions left to test after this (roughly 10 steps) [865c50e1d279671728c2936cb7680eb89355eeea] x86/uaccess: utilize CONFIG_CC_HAS_ASM_GOTO_OUTPUT testing commit 865c50e1d279671728c2936cb7680eb89355eeea with gcc (GCC) 8.1.0 kernel signature: fb23d9939ea8e635a97d18e2c0887d1743b3f6ac299176ce237f5bef60276a45 all runs: crashed: BUG: using __this_cpu_read() in preemptible code in trace_hardirqs_on # git bisect bad 865c50e1d279671728c2936cb7680eb89355eeea Bisecting: 429 revisions left to test after this (roughly 9 steps) [13cb73490f475f8e7669f9288be0bcfa85399b1f] Merge tag 'x86-entry-2020-10-12' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip testing commit 13cb73490f475f8e7669f9288be0bcfa85399b1f with gcc (GCC) 8.1.0 kernel signature: c9e2bcaae4f0232b079282ccdc838b1ed254cadf28480d569c848787d4db2b4f all runs: OK # git bisect good 13cb73490f475f8e7669f9288be0bcfa85399b1f Bisecting: 228 revisions left to test after this (roughly 8 steps) [dd502a81077a5f3b3e19fa9a1accffdcab5ad5bc] Merge tag 'core-static_call-2020-10-12' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip testing commit dd502a81077a5f3b3e19fa9a1accffdcab5ad5bc with gcc (GCC) 8.1.0 kernel signature: d1e93dc19d7a51b7f735ff8994a811b0642d02ec52ceda4c00631330b2baf46a all runs: crashed: BUG: using __this_cpu_read() in preemptible code in trace_hardirqs_on # git bisect bad dd502a81077a5f3b3e19fa9a1accffdcab5ad5bc Bisecting: 86 revisions left to test after this (roughly 7 steps) [ed016af52ee3035b4799ebd7d53f9ae59d5782c4] Merge tag 'locking-core-2020-10-12' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip testing commit ed016af52ee3035b4799ebd7d53f9ae59d5782c4 with gcc (GCC) 8.1.0 kernel signature: 1090f57acd6737d3b74032dd7a1a6456ff204198b54c0fd5f3e07b0a5fca98f9 all runs: crashed: BUG: using __this_cpu_read() in preemptible code in trace_hardirqs_on # git bisect bad ed016af52ee3035b4799ebd7d53f9ae59d5782c4 Bisecting: 49 revisions left to test after this (roughly 6 steps) [d6c4c11348816fb4d16e33bf47d559d7aa59350a] Merge branch 'kcsan' of git://git.kernel.org/pub/scm/linux/kernel/git/paulmck/linux-rcu into locking/core testing commit d6c4c11348816fb4d16e33bf47d559d7aa59350a with gcc (GCC) 8.1.0 kernel signature: f6216a9c1e050e4946f60dd097fcdd9cdfb14ca4d43a713adaf15bc12d43ed93 all runs: crashed: BUG: using __this_cpu_read() in preemptible code in trace_hardirqs_on # git bisect bad d6c4c11348816fb4d16e33bf47d559d7aa59350a Bisecting: 31 revisions left to test after this (roughly 5 steps) [6dd699b13d53f26a7603702d8bada3482312df74] seqlock: seqcount_LOCKNAME_t: Standardize naming convention testing commit 6dd699b13d53f26a7603702d8bada3482312df74 with gcc (GCC) 8.1.0 kernel signature: 3c2d11c8ba005ac47133d69aedf713c80485c30fd883f805ac591db2f5d70f4a all runs: OK # git bisect good 6dd699b13d53f26a7603702d8bada3482312df74 Bisecting: 15 revisions left to test after this (roughly 4 steps) [178a1877d782c034f466edd80e30a107af5469df] kcsan: Use pr_fmt for consistency testing commit 178a1877d782c034f466edd80e30a107af5469df with gcc (GCC) 8.1.0 kernel signature: aa88fa848a3b2a8d6756a3ea687a36d293b7a1720f58c232a6ee1a90b8491a98 all runs: OK # git bisect good 178a1877d782c034f466edd80e30a107af5469df Bisecting: 7 revisions left to test after this (roughly 3 steps) [d89d5f855f84ccf3f7e648813b4bb95c780bd7cd] locking/atomics: Check atomic-arch-fallback.h too testing commit d89d5f855f84ccf3f7e648813b4bb95c780bd7cd with gcc (GCC) 8.1.0 kernel signature: 9b6b44f63941a34afe373ef2689e27209775cfde75e5679f6ae26c58763a4bd7 all runs: OK # git bisect good d89d5f855f84ccf3f7e648813b4bb95c780bd7cd Bisecting: 3 revisions left to test after this (roughly 2 steps) [e705d397965811ac528d7213b42d74ffe43caf38] Merge branch 'locking/urgent' into locking/core, to pick up fixes testing commit e705d397965811ac528d7213b42d74ffe43caf38 with gcc (GCC) 8.1.0 kernel signature: dea9d98123947ea7b33e591f6d84f070ebc46e0a89f97385ebc8885c75a59df3 all runs: crashed: BUG: using __this_cpu_read() in preemptible code in trace_hardirqs_on # git bisect bad e705d397965811ac528d7213b42d74ffe43caf38 Bisecting: 1 revision left to test after this (roughly 1 step) [4d004099a668c41522242aa146a38cc4eb59cb1e] lockdep: Fix lockdep recursion testing commit 4d004099a668c41522242aa146a38cc4eb59cb1e with gcc (GCC) 8.1.0 kernel signature: 0fff65edd672bf2487eee1fe0a22fd6f91c4cfbcbdbc71e49ffae85b6fb8fb49 all runs: crashed: BUG: using __this_cpu_read() in preemptible code in trace_hardirqs_on # git bisect bad 4d004099a668c41522242aa146a38cc4eb59cb1e Bisecting: 0 revisions left to test after this (roughly 0 steps) [2bb8945bcc1a768f2bc402a16c9610bba8d5187d] lockdep: Fix usage_traceoverflow testing commit 2bb8945bcc1a768f2bc402a16c9610bba8d5187d with gcc (GCC) 8.1.0 kernel signature: 53f131f365d8267d6848a198567ac95b39376c8d9f9382dd64e0172e2eef6a7d all runs: OK # git bisect good 2bb8945bcc1a768f2bc402a16c9610bba8d5187d 4d004099a668c41522242aa146a38cc4eb59cb1e is the first bad commit commit 4d004099a668c41522242aa146a38cc4eb59cb1e Author: Peter Zijlstra Date: Fri Oct 2 11:04:21 2020 +0200 lockdep: Fix lockdep recursion Steve reported that lockdep_assert*irq*(), when nested inside lockdep itself, will trigger a false-positive. One example is the stack-trace code, as called from inside lockdep, triggering tracing, which in turn calls RCU, which then uses lockdep_assert_irqs_disabled(). Fixes: a21ee6055c30 ("lockdep: Change hardirq{s_enabled,_context} to per-cpu variables") Reported-by: Steven Rostedt Signed-off-by: Peter Zijlstra (Intel) Signed-off-by: Ingo Molnar include/linux/lockdep.h | 13 ++++--- kernel/locking/lockdep.c | 99 +++++++++++++++++++++++++++++------------------- 2 files changed, 67 insertions(+), 45 deletions(-) culprit signature: 0fff65edd672bf2487eee1fe0a22fd6f91c4cfbcbdbc71e49ffae85b6fb8fb49 parent signature: 53f131f365d8267d6848a198567ac95b39376c8d9f9382dd64e0172e2eef6a7d revisions tested: 16, total time: 2h45m18.192364289s (build: 1h12m6.185028247s, test: 1h31m48.296703913s) first bad commit: 4d004099a668c41522242aa146a38cc4eb59cb1e lockdep: Fix lockdep recursion recipients (to): ["linux-kernel@vger.kernel.org" "mingo@kernel.org" "mingo@redhat.com" "peterz@infradead.org" "peterz@infradead.org" "will@kernel.org"] recipients (cc): [] crash: BUG: using __this_cpu_read() in preemptible code in trace_hardirqs_on BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.0/10187 caller is lockdep_hardirqs_on_prepare+0x2f/0x1a0 kernel/locking/lockdep.c:3684 CPU: 1 PID: 10187 Comm: syz-executor.0 Not tainted 5.9.0-rc8-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x77/0xa0 lib/dump_stack.c:118 check_preemption_disabled+0xab/0xc0 lib/smp_processor_id.c:48 lockdep_hardirqs_on_prepare+0x2f/0x1a0 kernel/locking/lockdep.c:3684 trace_hardirqs_on+0x1c/0x100 kernel/trace/trace_preemptirq.c:49 __bad_area_nosemaphore+0x5e/0x1c0 arch/x86/mm/fault.c:797 do_user_addr_fault arch/x86/mm/fault.c:1345 [inline] handle_page_fault arch/x86/mm/fault.c:1429 [inline] exc_page_fault+0x587/0x690 arch/x86/mm/fault.c:1482 asm_exc_page_fault+0x1e/0x30 arch/x86/include/asm/idtentry.h:538 RIP: 0033:0x43c4f6 Code: 00 0f 1f 00 66 0f ef c0 66 0f ef c9 66 0f ef d2 66 0f ef db 48 89 f8 48 89 f9 48 81 e1 ff 0f 00 00 48 81 f9 cf 0f 00 00 77 6a 0f 6f 20 66 0f 74 e0 66 0f d7 d4 85 d2 74 04 0f bc c2 c3 48 83 RSP: 002b:00007fcccad10a88 EFLAGS: 00010293 RAX: 0000000000000000 RBX: 00007fcccad10b20 RCX: 0000000000000000 RDX: 0000000000000000 RSI: 00000000000001ff RDI: 0000000000000000 RBP: 00007fcccad10ae0 R08: 0000000000000000 R09: 0000000000000000 R10: 00007fcccad119d0 R11: 0000000000000246 R12: 0000000000000000 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.0/10187 caller is lockdep_hardirqs_on+0x38/0x110 kernel/locking/lockdep.c:3753 CPU: 1 PID: 10187 Comm: syz-executor.0 Not tainted 5.9.0-rc8-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x77/0xa0 lib/dump_stack.c:118 check_preemption_disabled+0xab/0xc0 lib/smp_processor_id.c:48 lockdep_hardirqs_on+0x38/0x110 kernel/locking/lockdep.c:3753 __bad_area_nosemaphore+0x5e/0x1c0 arch/x86/mm/fault.c:797 do_user_addr_fault arch/x86/mm/fault.c:1345 [inline] handle_page_fault arch/x86/mm/fault.c:1429 [inline] exc_page_fault+0x587/0x690 arch/x86/mm/fault.c:1482 asm_exc_page_fault+0x1e/0x30 arch/x86/include/asm/idtentry.h:538 RIP: 0033:0x43c4f6 Code: 00 0f 1f 00 66 0f ef c0 66 0f ef c9 66 0f ef d2 66 0f ef db 48 89 f8 48 89 f9 48 81 e1 ff 0f 00 00 48 81 f9 cf 0f 00 00 77 6a 0f 6f 20 66 0f 74 e0 66 0f d7 d4 85 d2 74 04 0f bc c2 c3 48 83 RSP: 002b:00007fcccad10a88 EFLAGS: 00010293 RAX: 0000000000000000 RBX: 00007fcccad10b20 RCX: 0000000000000000 RDX: 0000000000000000 RSI: 00000000000001ff RDI: 0000000000000000 RBP: 00007fcccad10ae0 R08: 0000000000000000 R09: 0000000000000000 R10: 00007fcccad119d0 R11: 0000000000000246 R12: 0000000000000000 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.0/10187 caller is lockdep_hardirqs_on_prepare+0x2f/0x1a0 kernel/locking/lockdep.c:3684 CPU: 1 PID: 10187 Comm: syz-executor.0 Not tainted 5.9.0-rc8-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x77/0xa0 lib/dump_stack.c:118 check_preemption_disabled+0xab/0xc0 lib/smp_processor_id.c:48 lockdep_hardirqs_on_prepare+0x2f/0x1a0 kernel/locking/lockdep.c:3684 trace_hardirqs_on+0x1c/0x100 kernel/trace/trace_preemptirq.c:49 __bad_area_nosemaphore+0x5e/0x1c0 arch/x86/mm/fault.c:797 do_user_addr_fault arch/x86/mm/fault.c:1345 [inline] handle_page_fault arch/x86/mm/fault.c:1429 [inline] exc_page_fault+0x587/0x690 arch/x86/mm/fault.c:1482 asm_exc_page_fault+0x1e/0x30 arch/x86/include/asm/idtentry.h:538 RIP: 0033:0x43c4f6 Code: 00 0f 1f 00 66 0f ef c0 66 0f ef c9 66 0f ef d2 66 0f ef db 48 89 f8 48 89 f9 48 81 e1 ff 0f 00 00 48 81 f9 cf 0f 00 00 77 6a 0f 6f 20 66 0f 74 e0 66 0f d7 d4 85 d2 74 04 0f bc c2 c3 48 83 RSP: 002b:00007fcccad10a88 EFLAGS: 00010293 RAX: 0000000000000000 RBX: 00007fcccad10b20 RCX: 0000000000000000 RDX: 0000000000000000 RSI: 00000000000001ff RDI: 0000000000000000 RBP: 00007fcccad10ae0 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.0/10187 caller is lockdep_hardirqs_on+0x38/0x110 kernel/locking/lockdep.c:3753 CPU: 1 PID: 10187 Comm: syz-executor.0 Not tainted 5.9.0-rc8-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x77/0xa0 lib/dump_stack.c:118 check_preemption_disabled+0xab/0xc0 lib/smp_processor_id.c:48 lockdep_hardirqs_on+0x38/0x110 kernel/locking/lockdep.c:3753 __bad_area_nosemaphore+0x5e/0x1c0 arch/x86/mm/fault.c:797 do_user_addr_fault arch/x86/mm/fault.c:1345 [inline] handle_page_fault arch/x86/mm/fault.c:1429 [inline] exc_page_fault+0x587/0x690 arch/x86/mm/fault.c:1482 asm_exc_page_fault+0x1e/0x30 arch/x86/include/asm/idtentry.h:538 RIP: 0033:0x43c4f6 Code: 00 0f 1f 00 66 0f ef c0 66 0f ef c9 66 0f ef d2 66 0f ef db 48 89 f8 48 89 f9 48 81 e1 ff 0f 00 00 48 81 f9 cf 0f 00 00 77 6a 0f 6f 20 66 0f 74 e0 66 0f d7 d4 85 d2 74 04 0f bc c2 c3 48 83 RSP: 002b:00007fcccad10a88 EFLAGS: 00010293 RAX: 0000000000000000 RBX: 00007fcccad10b20 RCX: 0000000000000000 RDX: 0000000000000000 RSI: 00000000000001ff RDI: 0000000000000000 RBP: 00007fcccad10ae0 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000