bisecting cause commit starting from 931294922e65a23e1aad6398b9ae02df74044679
building syzkaller on a8529b82fb3bb45832b08a099e7eb51707da9b37
testing commit 931294922e65a23e1aad6398b9ae02df74044679 with gcc (GCC) 10.2.1 20210217
kernel signature: ec3ab82421b045b41126fadd0410a844a75d86d6520ad2394d4122fa17f0b308
all runs: crashed: KASAN: use-after-free Read in create_worker_cb
testing release v5.11
testing commit f40ddce88593482919761f74910f42f4b84c004b with gcc (GCC) 10.2.1 20210217
kernel signature: e99cd9f143ce9d9fcac692e506c1f42fd7bad007e669bcc2d658384620d3ab58
run #0: crashed: INFO: task hung in io_uring_cancel_task_requests
run #1: crashed: INFO: task hung in io_uring_cancel_task_requests
run #2: OK
run #3: OK
run #4: crashed: INFO: task hung in io_uring_cancel_task_requests
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
reproducer seems to be flaky
testing release v5.10
testing commit 2c85ebc57b3e1817b6ce1a6b703928e113a90442 with gcc (GCC) 10.2.1 20210217
kernel signature: a85323b0701dba111ac583b145ff31def09d195ee905600b53b701659a53318a
run #0: crashed: WARNING in percpu_ref_kill_and_confirm
run #1: OK
run #2: OK
run #3: OK
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
run #10: OK
run #11: OK
run #12: OK
run #13: OK
run #14: OK
run #15: OK
run #16: OK
run #17: OK
run #18: OK
run #19: OK
testing release v5.9
testing commit bbf5c979011a099af5dc76498918ed7df445635b with gcc (GCC) 10.2.1 20210217
kernel signature: 518fb1aeda7a24ee3d4efae5c88e23f29027cd3df6defd6a587437de3d25454c
all runs: OK
# git bisect start 2c85ebc57b3e1817b6ce1a6b703928e113a90442 bbf5c979011a099af5dc76498918ed7df445635b
Bisecting: 9594 revisions left to test after this (roughly 13 steps)
[4d0e9df5e43dba52d38b251e3b909df8fa1110be] lib, uaccess: add failure injection to usercopy functions

testing commit 4d0e9df5e43dba52d38b251e3b909df8fa1110be with gcc (GCC) 10.2.1 20210217
kernel signature: 44bdea635c9522fe5139048b047fed229025f70da5f037bbe2ba0a946b16525b
all runs: crashed: BUG: using __this_cpu_read() in preemptible code in trace_hardirqs_on
# git bisect bad 4d0e9df5e43dba52d38b251e3b909df8fa1110be
Bisecting: 3935 revisions left to test after this (roughly 12 steps)
[f888bdf9823c85fe945c4eb3ba353f749dec3856] Merge tag 'devicetree-for-5.10' of git://git.kernel.org/pub/scm/linux/kernel/git/robh/linux

testing commit f888bdf9823c85fe945c4eb3ba353f749dec3856 with gcc (GCC) 10.2.1 20210217
kernel signature: 10c15fb4807735fa0c32f5c1fafa6c75cc29d96a09452fd0fa1f976c674dac8b
all runs: crashed: BUG: using __this_cpu_read() in preemptible code in trace_hardirqs_on
# git bisect bad f888bdf9823c85fe945c4eb3ba353f749dec3856
Bisecting: 1997 revisions left to test after this (roughly 11 steps)
[57218d7f2e87069f73c7a841b6ed6c1cc7acf616] Merge tag 'regmap-v5.10' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regmap

testing commit 57218d7f2e87069f73c7a841b6ed6c1cc7acf616 with gcc (GCC) 10.2.1 20210217
kernel signature: 29bfb898df903a2c91170e508b354d96735dd1c4cb3f241a4332046031288cb3
all runs: crashed: BUG: using __this_cpu_read() in preemptible code in trace_hardirqs_on
# git bisect bad 57218d7f2e87069f73c7a841b6ed6c1cc7acf616
Bisecting: 873 revisions left to test after this (roughly 10 steps)
[39a5101f989e8d2be557136704d53990f9b402c8] Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6

testing commit 39a5101f989e8d2be557136704d53990f9b402c8 with gcc (GCC) 10.2.1 20210217
kernel signature: b572e33b02633eb858480730bb68e1205bb14292acc2067a4bc87e59bccbfc19
all runs: crashed: BUG: using __this_cpu_read() in preemptible code in trace_hardirqs_on
# git bisect bad 39a5101f989e8d2be557136704d53990f9b402c8
Bisecting: 521 revisions left to test after this (roughly 9 steps)
[ed016af52ee3035b4799ebd7d53f9ae59d5782c4] Merge tag 'locking-core-2020-10-12' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip

testing commit ed016af52ee3035b4799ebd7d53f9ae59d5782c4 with gcc (GCC) 10.2.1 20210217
kernel signature: 19c57b9b87b11ebcde5f62be97c1e013d022e6f44640a928ee7d0c27a298fd4c
all runs: crashed: BUG: using __this_cpu_read() in preemptible code in trace_hardirqs_on
# git bisect bad ed016af52ee3035b4799ebd7d53f9ae59d5782c4
Bisecting: 274 revisions left to test after this (roughly 8 steps)
[f94ab231136c53ee26b1ddda76b29218018834ff] Merge tag 'x86_cleanups_for_v5.10' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip

testing commit f94ab231136c53ee26b1ddda76b29218018834ff with gcc (GCC) 10.2.1 20210217
kernel signature: 7e66a106c06e425d19720a46ff4e43cf8a98489baaa1f13e3aa9f6d963c8a5a5
all runs: OK
# git bisect good f94ab231136c53ee26b1ddda76b29218018834ff
Bisecting: 125 revisions left to test after this (roughly 7 steps)
[cc7343724eb77ce0752b1097a275f22f6fe47057] Merge tag 'x86-irq-2020-10-12' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip

testing commit cc7343724eb77ce0752b1097a275f22f6fe47057 with gcc (GCC) 10.2.1 20210217
kernel signature: 9775b2333b0ca679131092271304efb672b812987212d0a34ee394b1497b1371
all runs: OK
# git bisect good cc7343724eb77ce0752b1097a275f22f6fe47057
Bisecting: 61 revisions left to test after this (roughly 6 steps)
[d6c4c11348816fb4d16e33bf47d559d7aa59350a] Merge branch 'kcsan' of git://git.kernel.org/pub/scm/linux/kernel/git/paulmck/linux-rcu into locking/core

testing commit d6c4c11348816fb4d16e33bf47d559d7aa59350a with gcc (GCC) 8.4.1 20210217
kernel signature: bace9fa31031155c52d476d12d241ad62bb87417fadb43cd9e9c5423a3fa153a
all runs: crashed: BUG: using __this_cpu_read() in preemptible code in trace_hardirqs_on
# git bisect bad d6c4c11348816fb4d16e33bf47d559d7aa59350a
Bisecting: 31 revisions left to test after this (roughly 5 steps)
[6dd699b13d53f26a7603702d8bada3482312df74] seqlock: seqcount_LOCKNAME_t: Standardize naming convention

testing commit 6dd699b13d53f26a7603702d8bada3482312df74 with gcc (GCC) 8.4.1 20210217
kernel signature: c826e36a91fd81181431da0aa92b326cf07036ac3518c392f9a120ffcb6a3b1b
all runs: OK
# git bisect good 6dd699b13d53f26a7603702d8bada3482312df74
Bisecting: 15 revisions left to test after this (roughly 4 steps)
[178a1877d782c034f466edd80e30a107af5469df] kcsan: Use pr_fmt for consistency

testing commit 178a1877d782c034f466edd80e30a107af5469df with gcc (GCC) 8.4.1 20210217
kernel signature: 0ff19242c2141565511d38c76a6ee55fbe4950f070e6056a982b6e9b63fdf7d3
all runs: OK
# git bisect good 178a1877d782c034f466edd80e30a107af5469df
Bisecting: 7 revisions left to test after this (roughly 3 steps)
[d89d5f855f84ccf3f7e648813b4bb95c780bd7cd] locking/atomics: Check atomic-arch-fallback.h too

testing commit d89d5f855f84ccf3f7e648813b4bb95c780bd7cd with gcc (GCC) 8.4.1 20210217
kernel signature: a37f5b3a2114092bab12b541b95c4680cbc4be614a362621c90e4d5ddfff5d36
all runs: OK
# git bisect good d89d5f855f84ccf3f7e648813b4bb95c780bd7cd
Bisecting: 3 revisions left to test after this (roughly 2 steps)
[e705d397965811ac528d7213b42d74ffe43caf38] Merge branch 'locking/urgent' into locking/core, to pick up fixes

testing commit e705d397965811ac528d7213b42d74ffe43caf38 with gcc (GCC) 8.4.1 20210217
kernel signature: e6ced98db3581aeafad2f525b85c7ffc60898669324d035762579b4ada093906
all runs: crashed: BUG: using __this_cpu_read() in preemptible code in trace_hardirqs_on
# git bisect bad e705d397965811ac528d7213b42d74ffe43caf38
Bisecting: 1 revision left to test after this (roughly 1 step)
[4d004099a668c41522242aa146a38cc4eb59cb1e] lockdep: Fix lockdep recursion

testing commit 4d004099a668c41522242aa146a38cc4eb59cb1e with gcc (GCC) 8.4.1 20210217
kernel signature: b6998f688152b24dee194efab5bb9283407e857afac5f0a6f331549f187a024c
all runs: crashed: BUG: using __this_cpu_read() in preemptible code in trace_hardirqs_on
# git bisect bad 4d004099a668c41522242aa146a38cc4eb59cb1e
Bisecting: 0 revisions left to test after this (roughly 0 steps)
[2bb8945bcc1a768f2bc402a16c9610bba8d5187d] lockdep: Fix usage_traceoverflow

testing commit 2bb8945bcc1a768f2bc402a16c9610bba8d5187d with gcc (GCC) 8.4.1 20210217
kernel signature: a2ccf342d230dc9c6fc240b985c3eb33e7e01130b5a370ca569a932916c1c9a7
all runs: OK
# git bisect good 2bb8945bcc1a768f2bc402a16c9610bba8d5187d
4d004099a668c41522242aa146a38cc4eb59cb1e is the first bad commit
commit 4d004099a668c41522242aa146a38cc4eb59cb1e
Author: Peter Zijlstra <peterz@infradead.org>
Date:   Fri Oct 2 11:04:21 2020 +0200

    lockdep: Fix lockdep recursion
    
    Steve reported that lockdep_assert*irq*(), when nested inside lockdep
    itself, will trigger a false-positive.
    
    One example is the stack-trace code, as called from inside lockdep,
    triggering tracing, which in turn calls RCU, which then uses
    lockdep_assert_irqs_disabled().
    
    Fixes: a21ee6055c30 ("lockdep: Change hardirq{s_enabled,_context} to per-cpu variables")
    Reported-by: Steven Rostedt <rostedt@goodmis.org>
    Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
    Signed-off-by: Ingo Molnar <mingo@kernel.org>

 include/linux/lockdep.h  | 13 ++++---
 kernel/locking/lockdep.c | 99 +++++++++++++++++++++++++++++-------------------
 2 files changed, 67 insertions(+), 45 deletions(-)

culprit signature: b6998f688152b24dee194efab5bb9283407e857afac5f0a6f331549f187a024c
parent  signature: a2ccf342d230dc9c6fc240b985c3eb33e7e01130b5a370ca569a932916c1c9a7
Reproducer flagged being flaky
revisions tested: 18, total time: 4h19m28.689728566s (build: 1h53m29.402327287s, test: 2h23m28.194125568s)
first bad commit: 4d004099a668c41522242aa146a38cc4eb59cb1e lockdep: Fix lockdep recursion
recipients (to): ["linux-kernel@vger.kernel.org" "mingo@kernel.org" "mingo@redhat.com" "peterz@infradead.org" "peterz@infradead.org" "will@kernel.org"]
recipients (cc): []
crash: BUG: using __this_cpu_read() in preemptible code in trace_hardirqs_on
BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.2/10092
caller is lockdep_hardirqs_on_prepare+0x61/0x410 kernel/locking/lockdep.c:3684
CPU: 1 PID: 10092 Comm: syz-executor.2 Not tainted 5.9.0-rc8-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x99/0xd0 lib/dump_stack.c:118
 check_preemption_disabled+0xb4/0xc0 lib/smp_processor_id.c:48
 lockdep_hardirqs_on_prepare+0x61/0x410 kernel/locking/lockdep.c:3684
 trace_hardirqs_on+0x20/0x190 kernel/trace/trace_preemptirq.c:49
 __bad_area_nosemaphore+0x84/0x430 arch/x86/mm/fault.c:797
 handle_page_fault arch/x86/mm/fault.c:1429 [inline]
 exc_page_fault+0x5e/0xc0 arch/x86/mm/fault.c:1482
 asm_exc_page_fault+0x1e/0x30 arch/x86/include/asm/idtentry.h:538
RIP: 0033:0x461bea
Code: 6f 06 c5 fa 6f 4c 16 f0 c5 fa 7f 07 c5 fa 7f 4c 17 f0 c3 48 8b 4c 16 f8 48 8b 36 48 89 4c 17 f8 48 89 37 c3 8b 4c 16 fc 8b 36 <89> 4c 17 fc 89 37 c3 0f b7 4c 16 fe 0f b7 36 66 89 4c 17 fe 66 89
RSP: 002b:00007fe7ba919178 EFLAGS: 00010246
RAX: 0000000000000040 RBX: 000000000056c008 RCX: 000000000000307e
RDX: 0000000000000004 RSI: 000000000000307e RDI: 0000000000000040
RBP: 00000000004bf9fb R08: 0000000000000004 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000202 R12: 000000000056c008
R13: 00007fffcc31569f R14: 00007fe7ba919300 R15: 0000000000022000
BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.2/10092
caller is lockdep_hardirqs_on+0x38/0x110 kernel/locking/lockdep.c:3753
CPU: 1 PID: 10092 Comm: syz-executor.2 Not tainted 5.9.0-rc8-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x99/0xd0 lib/dump_stack.c:118
 check_preemption_disabled+0xb4/0xc0 lib/smp_processor_id.c:48
 lockdep_hardirqs_on+0x38/0x110 kernel/locking/lockdep.c:3753
 __bad_area_nosemaphore+0x84/0x430 arch/x86/mm/fault.c:797
 handle_page_fault arch/x86/mm/fault.c:1429 [inline]
 exc_page_fault+0x5e/0xc0 arch/x86/mm/fault.c:1482
 asm_exc_page_fault+0x1e/0x30 arch/x86/include/asm/idtentry.h:538
RIP: 0033:0x461bea
Code: 6f 06 c5 fa 6f 4c 16 f0 c5 fa 7f 07 c5 fa 7f 4c 17 f0 c3 48 8b 4c 16 f8 48 8b 36 48 89 4c 17 f8 48 89 37 c3 8b 4c 16 fc 8b 36 <89> 4c 17 fc 89 37 c3 0f b7 4c 16 fe 0f b7 36 66 89 4c 17 fe 66 89
RSP: 002b:00007fe7ba919178 EFLAGS: 00010246
RAX: 0000000000000040 RBX: 000000000056c008 RCX: 000000000000307e
RDX: 0000000000000004 RSI: 000000000000307e RDI: 0000000000000040
RBP: 00000000004bf9fb R08: 0000000000000004 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000202 R12: 000000000056c008
R13: 00007fffcc31569f R14: 00007fe7ba919300 R15: 0000000000022000