bisecting cause commit starting from 2865ba82476a6b2603db40cfc1c8c0831409fb41 building syzkaller on 07e953c105af057cb474bc086f68fb7ec5b241ec testing commit 2865ba82476a6b2603db40cfc1c8c0831409fb41 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 746662267ca1a876f26b1203a6bf4cafd9a3a37faedb68bff68f729dea6a9470 run #0: basic kernel testing failed: BUG: program execution failed: executor NUM: failed to write control pipe: write |NUM: broken pipe run #1: crashed: general protection fault in bpf_skb_ancestor_cgroup_id run #2: crashed: general protection fault in bpf_skb_ancestor_cgroup_id run #3: crashed: general protection fault in bpf_skb_ancestor_cgroup_id run #4: crashed: general protection fault in bpf_skb_ancestor_cgroup_id run #5: crashed: general protection fault in bpf_skb_ancestor_cgroup_id run #6: crashed: general protection fault in bpf_skb_ancestor_cgroup_id run #7: crashed: general protection fault in bpf_skb_ancestor_cgroup_id run #8: crashed: general protection fault in bpf_skb_ancestor_cgroup_id run #9: crashed: general protection fault in bpf_skb_ancestor_cgroup_id run #10: crashed: general protection fault in bpf_skb_ancestor_cgroup_id run #11: crashed: general protection fault in bpf_skb_ancestor_cgroup_id run #12: crashed: general protection fault in bpf_skb_ancestor_cgroup_id run #13: crashed: general protection fault in bpf_skb_ancestor_cgroup_id run #14: crashed: general protection fault in bpf_skb_ancestor_cgroup_id run #15: crashed: general protection fault in bpf_skb_ancestor_cgroup_id run #16: crashed: general protection fault in bpf_skb_ancestor_cgroup_id run #17: crashed: general protection fault in bpf_skb_ancestor_cgroup_id run #18: crashed: general protection fault in bpf_skb_ancestor_cgroup_id run #19: crashed: general protection fault in bpf_skb_ancestor_cgroup_id testing release v5.14 testing commit 7d2a07b769330c34b4deabeed939325c77a7ec2f compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 8c219514f33cf5f7e995cffb6643e798eb9f0e406da2dbcbb7423680d5a3f503 all runs: OK # git bisect start 2865ba82476a6b2603db40cfc1c8c0831409fb41 7d2a07b769330c34b4deabeed939325c77a7ec2f Bisecting: 4988 revisions left to test after this (roughly 12 steps) [0d290223a6c77107b1c3988959e49279a8dafaba] Merge tag 'sound-5.15-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound testing commit 0d290223a6c77107b1c3988959e49279a8dafaba compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 4f4c373d75524ee5d41a15f4b700b49630e44c880e37ab2ac3a87b7305b3164b all runs: OK # git bisect good 0d290223a6c77107b1c3988959e49279a8dafaba Bisecting: 2517 revisions left to test after this (roughly 11 steps) [1c500ad706383f1a6609e63d0b5d1723fd84dab9] loop: reduce the loop_ctl_mutex scope testing commit 1c500ad706383f1a6609e63d0b5d1723fd84dab9 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 7408278ff9dd84fe297aeef3e3ee85b32ee52c860bc6cac50b5d76c66407ea3e all runs: OK # git bisect good 1c500ad706383f1a6609e63d0b5d1723fd84dab9 Bisecting: 1265 revisions left to test after this (roughly 10 steps) [3de18c865f504ab59ed2588b1e11acd4bcb9ea09] Merge branch 'stable/for-linus-5.15' of git://git.kernel.org/pub/scm/linux/kernel/git/konrad/swiotlb testing commit 3de18c865f504ab59ed2588b1e11acd4bcb9ea09 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: c16821c5e9537c235b36c886103475beb4d5ba1f611787d39bdfd7b9ee6c1c15 all runs: OK # git bisect good 3de18c865f504ab59ed2588b1e11acd4bcb9ea09 Bisecting: 656 revisions left to test after this (roughly 9 steps) [58ca24158758f1784400d32743373d7d6227d018] Merge tag 'trace-v5.15' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace testing commit 58ca24158758f1784400d32743373d7d6227d018 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: e38602a0687196019678eea613b91531812f34905071007b27836067a6a8b4ad all runs: OK # git bisect good 58ca24158758f1784400d32743373d7d6227d018 Bisecting: 388 revisions left to test after this (roughly 8 steps) [a2b28235335fee2586b4bd16448fb59ed6c80eef] Merge branch 'dmi-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jdelvare/staging testing commit a2b28235335fee2586b4bd16448fb59ed6c80eef compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 3fc844170f857db9edb86cd2cf9e7a12f2b440ef3c756b5c36007b0ca2866cca all runs: OK # git bisect good a2b28235335fee2586b4bd16448fb59ed6c80eef Bisecting: 166 revisions left to test after this (roughly 8 steps) [e99314a340d27efafab3b7ea226beb239162cd46] Merge tag 'kvmarm-5.15' of git://git.kernel.org/pub/scm/linux/kernel/git/kvmarm/kvmarm into HEAD testing commit e99314a340d27efafab3b7ea226beb239162cd46 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: cf3eb88facb5c12fb25995dd17baeeb208e07fbcaafe8619fd771fca414a9d76 run #0: crashed: BUG: sleeping function called from invalid context in lock_sock_nested run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK reproducer seems to be flaky # git bisect bad e99314a340d27efafab3b7ea226beb239162cd46 Bisecting: 110 revisions left to test after this (roughly 7 steps) [0176ec51290f8ef543a8c18a02e932d6ccedbbc5] KVM: stats: Update doc for histogram statistics testing commit 0176ec51290f8ef543a8c18a02e932d6ccedbbc5 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: df1b4c84d5a93059d5cc47ebd309df79f93cfc3c5fcaef73c24374b31e9c07ea all runs: OK # git bisect good 0176ec51290f8ef543a8c18a02e932d6ccedbbc5 Bisecting: 56 revisions left to test after this (roughly 6 steps) [cf0c7125d5783f93b78921845d4b101c65a7998b] Merge branch kvm-arm64/mmu/el2-tracking into kvmarm-master/next testing commit cf0c7125d5783f93b78921845d4b101c65a7998b compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: de7475de2b00db129240cb1858b4cf9f13515746a67552514243ceb11b17af7a run #0: crashed: BUG: sleeping function called from invalid context in lock_sock_nested run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK run #10: OK run #11: OK run #12: OK run #13: OK run #14: OK run #15: OK run #16: OK run #17: OK run #18: OK run #19: OK # git bisect bad cf0c7125d5783f93b78921845d4b101c65a7998b Bisecting: 27 revisions left to test after this (roughly 5 steps) [3ce5db8a597794c0d0be2a319a0923c6fe81c899] Merge branch kvm-arm64/misc-5.15 into kvmarm-master/next testing commit 3ce5db8a597794c0d0be2a319a0923c6fe81c899 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: de7475de2b00db129240cb1858b4cf9f13515746a67552514243ceb11b17af7a all runs: OK # git bisect good 3ce5db8a597794c0d0be2a319a0923c6fe81c899 Bisecting: 13 revisions left to test after this (roughly 4 steps) [e009dce1292c37cf8ee7c33e0887ad3c642f980f] KVM: arm64: Introduce addr_is_memory() testing commit e009dce1292c37cf8ee7c33e0887ad3c642f980f compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: f44fc8332005ac671566b7cb09e4fbc8fbbcccb123c390825b99f5cf40369cf9 run #0: crashed: BUG: sleeping function called from invalid context in lock_sock_nested run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK run #10: OK run #11: OK run #12: OK run #13: OK run #14: OK run #15: OK run #16: OK run #17: OK run #18: OK run #19: OK # git bisect bad e009dce1292c37cf8ee7c33e0887ad3c642f980f Bisecting: 6 revisions left to test after this (roughly 3 steps) [8a0282c68121e53ab17413283cfed408a47e1a2a] KVM: arm64: Don't overwrite software bits with owner id testing commit 8a0282c68121e53ab17413283cfed408a47e1a2a compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: f44fc8332005ac671566b7cb09e4fbc8fbbcccb123c390825b99f5cf40369cf9 all runs: OK # git bisect good 8a0282c68121e53ab17413283cfed408a47e1a2a Bisecting: 3 revisions left to test after this (roughly 2 steps) [4505e9b624cefafa4b75d8a28e72f32076c33375] KVM: arm64: Allow populating software bits testing commit 4505e9b624cefafa4b75d8a28e72f32076c33375 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: f44fc8332005ac671566b7cb09e4fbc8fbbcccb123c390825b99f5cf40369cf9 all runs: OK # git bisect good 4505e9b624cefafa4b75d8a28e72f32076c33375 Bisecting: 1 revision left to test after this (roughly 1 step) [39257da0e04e5cdb1e4a3ca715dc3d949fe8b059] KVM: arm64: Expose host stage-2 manipulation helpers testing commit 39257da0e04e5cdb1e4a3ca715dc3d949fe8b059 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: f44fc8332005ac671566b7cb09e4fbc8fbbcccb123c390825b99f5cf40369cf9 run #0: crashed: BUG: sleeping function called from invalid context in lock_sock_nested run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK run #10: OK run #11: OK run #12: OK run #13: OK run #14: OK run #15: OK run #16: OK run #17: OK run #18: OK run #19: OK # git bisect bad 39257da0e04e5cdb1e4a3ca715dc3d949fe8b059 Bisecting: 0 revisions left to test after this (roughly 0 steps) [ec250a67ea8db6209918a389554cf3aec0395b1f] KVM: arm64: Add helpers to tag shared pages in SW bits testing commit ec250a67ea8db6209918a389554cf3aec0395b1f compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: f44fc8332005ac671566b7cb09e4fbc8fbbcccb123c390825b99f5cf40369cf9 all runs: OK # git bisect good ec250a67ea8db6209918a389554cf3aec0395b1f 39257da0e04e5cdb1e4a3ca715dc3d949fe8b059 is the first bad commit commit 39257da0e04e5cdb1e4a3ca715dc3d949fe8b059 Author: Quentin Perret Date: Mon Aug 9 16:24:40 2021 +0100 KVM: arm64: Expose host stage-2 manipulation helpers We will need to manipulate the host stage-2 page-table from outside mem_protect.c soon. Introduce two functions allowing this, and make them usable to users of mem_protect.h. Signed-off-by: Quentin Perret Reviewed-by: Fuad Tabba Signed-off-by: Marc Zyngier Link: https://lore.kernel.org/r/20210809152448.1810400-14-qperret@google.com arch/arm64/kvm/hyp/include/nvhe/mem_protect.h | 2 ++ arch/arm64/kvm/hyp/nvhe/mem_protect.c | 18 +++++++++++++++++- 2 files changed, 19 insertions(+), 1 deletion(-) culprit signature: f44fc8332005ac671566b7cb09e4fbc8fbbcccb123c390825b99f5cf40369cf9 parent signature: f44fc8332005ac671566b7cb09e4fbc8fbbcccb123c390825b99f5cf40369cf9 Reproducer flagged being flaky revisions tested: 16, total time: 4h17m44.118906981s (build: 1h54m45.651455114s, test: 2h21m32.163898187s) first bad commit: 39257da0e04e5cdb1e4a3ca715dc3d949fe8b059 KVM: arm64: Expose host stage-2 manipulation helpers recipients (to): ["maz@kernel.org" "qperret@google.com" "tabba@google.com"] recipients (cc): [] crash: BUG: sleeping function called from invalid context in lock_sock_nested BUG: sleeping function called from invalid context at net/core/sock.c:3161 in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 8848, name: syz-executor.0 1 lock held by syz-executor.0/8848: #0: ffffffff8c40f280 (hci_sk_list.lock){++++}-{2:2}, at: hci_sock_dev_event+0x374/0x5c0 net/bluetooth/hci_sock.c:763 Preemption disabled at: [<0000000000000000>] 0x0 CPU: 1 PID: 8848 Comm: syz-executor.0 Not tainted 5.14.0-rc4-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x57/0x7d lib/dump_stack.c:105 ___might_sleep.cold+0x1f1/0x237 kernel/sched/core.c:9154 lock_sock_nested+0x1e/0xf0 net/core/sock.c:3161 lock_sock include/net/sock.h:1613 [inline] hci_sock_dev_event+0x3ea/0x5c0 net/bluetooth/hci_sock.c:765 hci_unregister_dev+0x29b/0xfb0 net/bluetooth/hci_core.c:4033 vhci_release+0x62/0xd0 drivers/bluetooth/hci_vhci.c:340 __fput+0x209/0x870 fs/file_table.c:280 task_work_run+0xc0/0x160 kernel/task_work.c:164 exit_task_work include/linux/task_work.h:32 [inline] do_exit+0x9fe/0x24e0 kernel/exit.c:825 do_group_exit+0xe7/0x290 kernel/exit.c:922 __do_sys_exit_group kernel/exit.c:933 [inline] __se_sys_exit_group kernel/exit.c:931 [inline] __x64_sys_exit_group+0x35/0x40 kernel/exit.c:931 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x4665f9 Code: Unable to access opcode bytes at RIP 0x4665cf. RSP: 002b:00007ffd0fa0a718 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 RAX: ffffffffffffffda RBX: 00007ffd0fa0aed8 RCX: 00000000004665f9 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000043 RBP: 0000000000000000 R08: 0000000000000025 R09: 00007ffd0fa0aed8 R10: 00000000ffffffff R11: 0000000000000246 R12: 00000000004bef74 R13: 0000000000000010 R14: 0000000000000000 R15: 0000000000400538 ======================================================