bisecting cause commit starting from 36bbbd0e234d817938bdc52121a0f5473b3e58f5
building syzkaller on a0234d980eccaa87f5821ac8e95ed9c94a104acf
testing commit 36bbbd0e234d817938bdc52121a0f5473b3e58f5 with gcc (GCC) 8.1.0
kernel signature: 43517a3bd3bd9b20a8d051297c85caf2fdbb46ca306724947576fe830fbe8ced
all runs: crashed: BUG: unable to handle kernel paging request in percpu_ref_exit
testing release v5.10
testing commit 2c85ebc57b3e1817b6ce1a6b703928e113a90442 with gcc (GCC) 8.1.0
kernel signature: 395a614079c9030036488f72c030c4708fae86b9aba956ca15d15003efd3a593
all runs: crashed: inconsistent lock state in io_file_data_ref_zero
testing release v5.9
testing commit bbf5c979011a099af5dc76498918ed7df445635b with gcc (GCC) 8.1.0
kernel signature: 267e4e72ea6151d6ca484a7d3cc70be89ff7365b860f2a296ca76a677664b0bf
all runs: OK
# git bisect start 2c85ebc57b3e1817b6ce1a6b703928e113a90442 bbf5c979011a099af5dc76498918ed7df445635b
Bisecting: 9594 revisions left to test after this (roughly 13 steps)
[4d0e9df5e43dba52d38b251e3b909df8fa1110be] lib, uaccess: add failure injection to usercopy functions

testing commit 4d0e9df5e43dba52d38b251e3b909df8fa1110be with gcc (GCC) 8.1.0
kernel signature: adf5c405dd67b7187b8c7a52cca0fc6cc5133c6871aaec8f932c63715200b76f
all runs: crashed: BUG: using __this_cpu_read() in preemptible code in trace_hardirqs_on
# git bisect bad 4d0e9df5e43dba52d38b251e3b909df8fa1110be
Bisecting: 3935 revisions left to test after this (roughly 12 steps)
[f888bdf9823c85fe945c4eb3ba353f749dec3856] Merge tag 'devicetree-for-5.10' of git://git.kernel.org/pub/scm/linux/kernel/git/robh/linux

testing commit f888bdf9823c85fe945c4eb3ba353f749dec3856 with gcc (GCC) 8.1.0
kernel signature: dbea0b188e0196df194a1ca51eddaa9916732a69851abb9911722d46c9148a74
all runs: crashed: BUG: using __this_cpu_read() in preemptible code in trace_hardirqs_on
# git bisect bad f888bdf9823c85fe945c4eb3ba353f749dec3856
Bisecting: 1997 revisions left to test after this (roughly 11 steps)
[57218d7f2e87069f73c7a841b6ed6c1cc7acf616] Merge tag 'regmap-v5.10' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regmap

testing commit 57218d7f2e87069f73c7a841b6ed6c1cc7acf616 with gcc (GCC) 8.1.0
kernel signature: f8b59d24f7ecc5eb8f31b5fd08ef45eabe3dd0742e8860a39e4c937b486046ff
all runs: crashed: BUG: using __this_cpu_read() in preemptible code in trace_hardirqs_on
# git bisect bad 57218d7f2e87069f73c7a841b6ed6c1cc7acf616
Bisecting: 873 revisions left to test after this (roughly 10 steps)
[39a5101f989e8d2be557136704d53990f9b402c8] Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6

testing commit 39a5101f989e8d2be557136704d53990f9b402c8 with gcc (GCC) 8.1.0
kernel signature: 245a51c8e6539f5140dd0dc141ca0ddc83535fc3ffaadc104994fdd016acbcf3
all runs: crashed: BUG: using __this_cpu_read() in preemptible code in trace_hardirqs_on
# git bisect bad 39a5101f989e8d2be557136704d53990f9b402c8
Bisecting: 521 revisions left to test after this (roughly 9 steps)
[ed016af52ee3035b4799ebd7d53f9ae59d5782c4] Merge tag 'locking-core-2020-10-12' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip

testing commit ed016af52ee3035b4799ebd7d53f9ae59d5782c4 with gcc (GCC) 8.1.0
kernel signature: 7cb4b879cad4dc6a0e7bb23f70d7e11f3e82732feb1c9f4a79329e6b09eba6f2
all runs: crashed: BUG: using __this_cpu_read() in preemptible code in trace_hardirqs_on
# git bisect bad ed016af52ee3035b4799ebd7d53f9ae59d5782c4
Bisecting: 274 revisions left to test after this (roughly 8 steps)
[f94ab231136c53ee26b1ddda76b29218018834ff] Merge tag 'x86_cleanups_for_v5.10' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip

testing commit f94ab231136c53ee26b1ddda76b29218018834ff with gcc (GCC) 8.1.0
kernel signature: 375ac5c6f79993d0916ad1f6f2b54e3837ba1b519ca39359fd40a5edc414bceb
all runs: OK
# git bisect good f94ab231136c53ee26b1ddda76b29218018834ff
Bisecting: 125 revisions left to test after this (roughly 7 steps)
[cc7343724eb77ce0752b1097a275f22f6fe47057] Merge tag 'x86-irq-2020-10-12' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip

testing commit cc7343724eb77ce0752b1097a275f22f6fe47057 with gcc (GCC) 8.1.0
kernel signature: f9ea5356418feb04bf0ec8c5aa52201768553c0f7c34f432a156d8f85d035ec7
all runs: OK
# git bisect good cc7343724eb77ce0752b1097a275f22f6fe47057
Bisecting: 61 revisions left to test after this (roughly 6 steps)
[d6c4c11348816fb4d16e33bf47d559d7aa59350a] Merge branch 'kcsan' of git://git.kernel.org/pub/scm/linux/kernel/git/paulmck/linux-rcu into locking/core

testing commit d6c4c11348816fb4d16e33bf47d559d7aa59350a with gcc (GCC) 8.1.0
kernel signature: 000cfd8647086879aafa66b2b3141af589d747d1a76ee9d07ef7c8b6618ce16d
all runs: crashed: BUG: using __this_cpu_read() in preemptible code in trace_hardirqs_on
# git bisect bad d6c4c11348816fb4d16e33bf47d559d7aa59350a
Bisecting: 31 revisions left to test after this (roughly 5 steps)
[6dd699b13d53f26a7603702d8bada3482312df74] seqlock: seqcount_LOCKNAME_t: Standardize naming convention

testing commit 6dd699b13d53f26a7603702d8bada3482312df74 with gcc (GCC) 8.1.0
kernel signature: c700483aa18b56539777ae40b37738bc402a3932661545fa7fb91d0418baa01a
all runs: OK
# git bisect good 6dd699b13d53f26a7603702d8bada3482312df74
Bisecting: 15 revisions left to test after this (roughly 4 steps)
[178a1877d782c034f466edd80e30a107af5469df] kcsan: Use pr_fmt for consistency

testing commit 178a1877d782c034f466edd80e30a107af5469df with gcc (GCC) 8.1.0
kernel signature: 7366ecededd3b2a1774991927717c90df2de6f48e9de19edb9d2d05223df3780
all runs: OK
# git bisect good 178a1877d782c034f466edd80e30a107af5469df
Bisecting: 7 revisions left to test after this (roughly 3 steps)
[d89d5f855f84ccf3f7e648813b4bb95c780bd7cd] locking/atomics: Check atomic-arch-fallback.h too

testing commit d89d5f855f84ccf3f7e648813b4bb95c780bd7cd with gcc (GCC) 8.1.0
kernel signature: 18a777c60ed116ffb36d5ed9febe4a712576ee0a32574c486e0848d37524ff96
all runs: OK
# git bisect good d89d5f855f84ccf3f7e648813b4bb95c780bd7cd
Bisecting: 3 revisions left to test after this (roughly 2 steps)
[e705d397965811ac528d7213b42d74ffe43caf38] Merge branch 'locking/urgent' into locking/core, to pick up fixes

testing commit e705d397965811ac528d7213b42d74ffe43caf38 with gcc (GCC) 8.1.0
kernel signature: 6685b33c8d002601f17315769f52a146a8ee18b987485e0a98a131554d52b524
all runs: crashed: BUG: using __this_cpu_read() in preemptible code in trace_hardirqs_on
# git bisect bad e705d397965811ac528d7213b42d74ffe43caf38
Bisecting: 1 revision left to test after this (roughly 1 step)
[4d004099a668c41522242aa146a38cc4eb59cb1e] lockdep: Fix lockdep recursion

testing commit 4d004099a668c41522242aa146a38cc4eb59cb1e with gcc (GCC) 8.1.0
kernel signature: 235c57cfcd96458ed4ab7a56e64837b480b808aab6ce49cbe5ef1794a326744f
all runs: crashed: BUG: using __this_cpu_read() in preemptible code in trace_hardirqs_on
# git bisect bad 4d004099a668c41522242aa146a38cc4eb59cb1e
Bisecting: 0 revisions left to test after this (roughly 0 steps)
[2bb8945bcc1a768f2bc402a16c9610bba8d5187d] lockdep: Fix usage_traceoverflow

testing commit 2bb8945bcc1a768f2bc402a16c9610bba8d5187d with gcc (GCC) 8.1.0
kernel signature: 327a581005595fc63a8318a98aea76eb50e6fc66ddf888fccf47213aa267aaea
all runs: OK
# git bisect good 2bb8945bcc1a768f2bc402a16c9610bba8d5187d
4d004099a668c41522242aa146a38cc4eb59cb1e is the first bad commit
commit 4d004099a668c41522242aa146a38cc4eb59cb1e
Author: Peter Zijlstra <peterz@infradead.org>
Date:   Fri Oct 2 11:04:21 2020 +0200

    lockdep: Fix lockdep recursion
    
    Steve reported that lockdep_assert*irq*(), when nested inside lockdep
    itself, will trigger a false-positive.
    
    One example is the stack-trace code, as called from inside lockdep,
    triggering tracing, which in turn calls RCU, which then uses
    lockdep_assert_irqs_disabled().
    
    Fixes: a21ee6055c30 ("lockdep: Change hardirq{s_enabled,_context} to per-cpu variables")
    Reported-by: Steven Rostedt <rostedt@goodmis.org>
    Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
    Signed-off-by: Ingo Molnar <mingo@kernel.org>

 include/linux/lockdep.h  | 13 ++++---
 kernel/locking/lockdep.c | 99 +++++++++++++++++++++++++++++-------------------
 2 files changed, 67 insertions(+), 45 deletions(-)

culprit signature: 235c57cfcd96458ed4ab7a56e64837b480b808aab6ce49cbe5ef1794a326744f
parent  signature: 327a581005595fc63a8318a98aea76eb50e6fc66ddf888fccf47213aa267aaea
revisions tested: 17, total time: 2h51m30.919948914s (build: 1h22m2.766803869s, test: 1h27m49.431953656s)
first bad commit: 4d004099a668c41522242aa146a38cc4eb59cb1e lockdep: Fix lockdep recursion
recipients (to): ["linux-kernel@vger.kernel.org" "mingo@kernel.org" "mingo@redhat.com" "peterz@infradead.org" "peterz@infradead.org" "will@kernel.org"]
recipients (cc): []
crash: BUG: using __this_cpu_read() in preemptible code in trace_hardirqs_on
BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.4/10166
caller is lockdep_hardirqs_on_prepare+0x2f/0x1b0 kernel/locking/lockdep.c:3684
CPU: 0 PID: 10166 Comm: syz-executor.4 Not tainted 5.9.0-rc8-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x77/0xa0 lib/dump_stack.c:118
 check_preemption_disabled+0xb4/0xc0 lib/smp_processor_id.c:48
 lockdep_hardirqs_on_prepare+0x2f/0x1b0 kernel/locking/lockdep.c:3684
 trace_hardirqs_on+0x1c/0x100 kernel/trace/trace_preemptirq.c:49
 __bad_area_nosemaphore+0x5e/0x220 arch/x86/mm/fault.c:797
 do_user_addr_fault arch/x86/mm/fault.c:1345 [inline]
 handle_page_fault arch/x86/mm/fault.c:1429 [inline]
 exc_page_fault+0x5cb/0x6c0 arch/x86/mm/fault.c:1482
 asm_exc_page_fault+0x1e/0x30 arch/x86/include/asm/idtentry.h:538
RIP: 0033:0x43ca10
Code: 66 0f ef c0 66 0f ef c9 66 0f ef d2 66 0f ef db 48 89 f8 48 89 f9 48 81 e1 ff 0f 00 00 48 81 f9 cf 0f 00 00 77 74 48 83 e0 f0 <66> 0f 74 00 66 0f 74 48 10 66 0f 74 50 20 66 0f 74 58 30 66 0f d7
RSP: 002b:00007f1c59ed5b98 EFLAGS: 00010246
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
RDX: 0000000000000000 RSI: 000000000000000f RDI: 0000000000000000
RBP: 0000000000000003 R08: 0000000000000004 R09: 00007f1c59ed5ba0
R10: 0000000000000000 R11: 000000000000000f R12: 00007f1c59ed5be0
R13: 00007ffc5dd0e35f R14: 00007f1c59ed79c0 R15: 000000000119bf8c
BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.4/10166
caller is lockdep_hardirqs_on+0x38/0x110 kernel/locking/lockdep.c:3753
CPU: 0 PID: 10166 Comm: syz-executor.4 Not tainted 5.9.0-rc8-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x77/0xa0 lib/dump_stack.c:118
 check_preemption_disabled+0xb4/0xc0 lib/smp_processor_id.c:48
 lockdep_hardirqs_on+0x38/0x110 kernel/locking/lockdep.c:3753
 __bad_area_nosemaphore+0x5e/0x220 arch/x86/mm/fault.c:797
 do_user_addr_fault arch/x86/mm/fault.c:1345 [inline]
 handle_page_fault arch/x86/mm/fault.c:1429 [inline]
 exc_page_fault+0x5cb/0x6c0 arch/x86/mm/fault.c:1482
 asm_exc_page_fault+0x1e/0x30 arch/x86/include/asm/idtentry.h:538
RIP: 0033:0x43ca10
Code: 66 0f ef c0 66 0f ef c9 66 0f ef d2 66 0f ef db 48 89 f8 48 89 f9 48 81 e1 ff 0f 00 00 48 81 f9 cf 0f 00 00 77 74 48 83 e0 f0 <66> 0f 74 00 66 0f 74 48 10 66 0f 74 50 20 66 0f 74 58 30 66 0f d7
RSP: 002b:00007f1c59ed5b98 EFLAGS: 00010246
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
RDX: 0000000000000000 RSI: 000000000000000f RDI: 0000000000000000
RBP: 0000000000000003 R08: 0000000000000004 R09: 00007f1c59ed5ba0
R10: 0000000000000000 R11: 000000000000000f R12: 00007f1c59ed5be0
R13: 00007ffc5dd0e35f R14: 00007f1c59ed79c0 R15: 000000000119bf8c