bisecting cause commit starting from d03154e8bb6a9830c4d3c4a993f964c8518c7bfa
building syzkaller on 7df34f59bca2c74f1dfa5c198b94577cf918cbb2
testing commit d03154e8bb6a9830c4d3c4a993f964c8518c7bfa with gcc (GCC) 8.1.0
kernel signature: ae97c802e4dfc4a880ac0ee0142a15ac8977b335494e6a62761f6d514d89a9dd
all runs: crashed: WARNING in io_uring_cancel_task_requests
testing release v5.10
testing commit 2c85ebc57b3e1817b6ce1a6b703928e113a90442 with gcc (GCC) 8.1.0
kernel signature: 0ac21c7bec8a01fc2233fe2faf9cb6641f5d6068f7226445cdb28206bf6f01d9
all runs: crashed: WARNING in percpu_ref_kill_and_confirm
testing release v5.9
testing commit bbf5c979011a099af5dc76498918ed7df445635b with gcc (GCC) 8.1.0
kernel signature: 2ed500e43c4488b8a0bfec1335443a98eaed201e0caf50ae5ffe968a69394ff9
all runs: OK
# git bisect start 2c85ebc57b3e1817b6ce1a6b703928e113a90442 bbf5c979011a099af5dc76498918ed7df445635b
Bisecting: 9594 revisions left to test after this (roughly 13 steps)
[4d0e9df5e43dba52d38b251e3b909df8fa1110be] lib, uaccess: add failure injection to usercopy functions

testing commit 4d0e9df5e43dba52d38b251e3b909df8fa1110be with gcc (GCC) 8.1.0
kernel signature: db23e441762b4702b21f97bdcfc5a60c6771dbb11fcd09691ffb88a73fdf5c69
all runs: crashed: BUG: using __this_cpu_read() in preemptible code in trace_hardirqs_on
# git bisect bad 4d0e9df5e43dba52d38b251e3b909df8fa1110be
Bisecting: 3935 revisions left to test after this (roughly 12 steps)
[f888bdf9823c85fe945c4eb3ba353f749dec3856] Merge tag 'devicetree-for-5.10' of git://git.kernel.org/pub/scm/linux/kernel/git/robh/linux

testing commit f888bdf9823c85fe945c4eb3ba353f749dec3856 with gcc (GCC) 8.1.0
kernel signature: 8c0ce3f5a8f38b2f4a51ffe1e19175160bc1139b519577d5712056ef008c3261
all runs: crashed: BUG: using __this_cpu_read() in preemptible code in trace_hardirqs_on
# git bisect bad f888bdf9823c85fe945c4eb3ba353f749dec3856
Bisecting: 1997 revisions left to test after this (roughly 11 steps)
[57218d7f2e87069f73c7a841b6ed6c1cc7acf616] Merge tag 'regmap-v5.10' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regmap

testing commit 57218d7f2e87069f73c7a841b6ed6c1cc7acf616 with gcc (GCC) 8.1.0
kernel signature: 3deabe257a06934344200005e83cb315674e8f59ebd7f0e9055656087a5107ef
all runs: crashed: BUG: using __this_cpu_read() in preemptible code in trace_hardirqs_on
# git bisect bad 57218d7f2e87069f73c7a841b6ed6c1cc7acf616
Bisecting: 873 revisions left to test after this (roughly 10 steps)
[39a5101f989e8d2be557136704d53990f9b402c8] Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6

testing commit 39a5101f989e8d2be557136704d53990f9b402c8 with gcc (GCC) 8.1.0
kernel signature: 2bd0b6ed6b3601b9a57d0d39dd1822e01a31dfea98723064902555b8ce51972f
all runs: crashed: BUG: using __this_cpu_read() in preemptible code in trace_hardirqs_on
# git bisect bad 39a5101f989e8d2be557136704d53990f9b402c8
Bisecting: 521 revisions left to test after this (roughly 9 steps)
[ed016af52ee3035b4799ebd7d53f9ae59d5782c4] Merge tag 'locking-core-2020-10-12' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip

testing commit ed016af52ee3035b4799ebd7d53f9ae59d5782c4 with gcc (GCC) 8.1.0
kernel signature: ccc678efb9e2c8561ddd1a50a30eecacbaccd3a73a908c08380db36c75f82345
all runs: crashed: BUG: using __this_cpu_read() in preemptible code in trace_hardirqs_on
# git bisect bad ed016af52ee3035b4799ebd7d53f9ae59d5782c4
Bisecting: 274 revisions left to test after this (roughly 8 steps)
[f94ab231136c53ee26b1ddda76b29218018834ff] Merge tag 'x86_cleanups_for_v5.10' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip

testing commit f94ab231136c53ee26b1ddda76b29218018834ff with gcc (GCC) 8.1.0
kernel signature: 0204754ef0e862bfa54e1eb8bc26fe3e1ab3395b62613788c06baad325142109
all runs: OK
# git bisect good f94ab231136c53ee26b1ddda76b29218018834ff
Bisecting: 125 revisions left to test after this (roughly 7 steps)
[cc7343724eb77ce0752b1097a275f22f6fe47057] Merge tag 'x86-irq-2020-10-12' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip

testing commit cc7343724eb77ce0752b1097a275f22f6fe47057 with gcc (GCC) 8.1.0
kernel signature: 5652d6672ef2c7d92dfc4a1598058e166ae0b1d6839c94e573396ae3d1a77980
all runs: OK
# git bisect good cc7343724eb77ce0752b1097a275f22f6fe47057
Bisecting: 61 revisions left to test after this (roughly 6 steps)
[d6c4c11348816fb4d16e33bf47d559d7aa59350a] Merge branch 'kcsan' of git://git.kernel.org/pub/scm/linux/kernel/git/paulmck/linux-rcu into locking/core

testing commit d6c4c11348816fb4d16e33bf47d559d7aa59350a with gcc (GCC) 8.1.0
kernel signature: 2adf86ee58183fde9847a407368047c0875d70b9f1cd44bdec2bc7b6de2a298e
all runs: crashed: BUG: using __this_cpu_read() in preemptible code in trace_hardirqs_on
# git bisect bad d6c4c11348816fb4d16e33bf47d559d7aa59350a
Bisecting: 31 revisions left to test after this (roughly 5 steps)
[6dd699b13d53f26a7603702d8bada3482312df74] seqlock: seqcount_LOCKNAME_t: Standardize naming convention

testing commit 6dd699b13d53f26a7603702d8bada3482312df74 with gcc (GCC) 8.1.0
kernel signature: 12cf76950a8fc1c5c1bade0e8d222727536e296a024e2ce620dba16fcedfd433
all runs: OK
# git bisect good 6dd699b13d53f26a7603702d8bada3482312df74
Bisecting: 15 revisions left to test after this (roughly 4 steps)
[178a1877d782c034f466edd80e30a107af5469df] kcsan: Use pr_fmt for consistency

testing commit 178a1877d782c034f466edd80e30a107af5469df with gcc (GCC) 8.1.0
kernel signature: ed6f24efa6af40f9110ff45e30e9dadd87420c33c9c9102276a5bfda360b2956
all runs: OK
# git bisect good 178a1877d782c034f466edd80e30a107af5469df
Bisecting: 7 revisions left to test after this (roughly 3 steps)
[d89d5f855f84ccf3f7e648813b4bb95c780bd7cd] locking/atomics: Check atomic-arch-fallback.h too

testing commit d89d5f855f84ccf3f7e648813b4bb95c780bd7cd with gcc (GCC) 8.1.0
kernel signature: f570fff3f0806e09497a378ec2f5e1312b82ea2d1577554b58fbe6af76d15fae
all runs: OK
# git bisect good d89d5f855f84ccf3f7e648813b4bb95c780bd7cd
Bisecting: 3 revisions left to test after this (roughly 2 steps)
[e705d397965811ac528d7213b42d74ffe43caf38] Merge branch 'locking/urgent' into locking/core, to pick up fixes

testing commit e705d397965811ac528d7213b42d74ffe43caf38 with gcc (GCC) 8.1.0
kernel signature: e14e7bbaf77430901e4ff1686bc842753ce9c81a85f2a472420657b9ced65f6e
all runs: crashed: BUG: using __this_cpu_read() in preemptible code in trace_hardirqs_on
# git bisect bad e705d397965811ac528d7213b42d74ffe43caf38
Bisecting: 1 revision left to test after this (roughly 1 step)
[4d004099a668c41522242aa146a38cc4eb59cb1e] lockdep: Fix lockdep recursion

testing commit 4d004099a668c41522242aa146a38cc4eb59cb1e with gcc (GCC) 8.1.0
kernel signature: 165d666492d7bb1c24366fa0da2fd081af73f257e4748cb0fdc0a1fff00a936e
all runs: crashed: BUG: using __this_cpu_read() in preemptible code in trace_hardirqs_on
# git bisect bad 4d004099a668c41522242aa146a38cc4eb59cb1e
Bisecting: 0 revisions left to test after this (roughly 0 steps)
[2bb8945bcc1a768f2bc402a16c9610bba8d5187d] lockdep: Fix usage_traceoverflow

testing commit 2bb8945bcc1a768f2bc402a16c9610bba8d5187d with gcc (GCC) 8.1.0
kernel signature: e57e8b3df83e73c51eca2ca88d5d6c5d0f4d25a0475e334da22f434d54d2d1ab
all runs: OK
# git bisect good 2bb8945bcc1a768f2bc402a16c9610bba8d5187d
4d004099a668c41522242aa146a38cc4eb59cb1e is the first bad commit
commit 4d004099a668c41522242aa146a38cc4eb59cb1e
Author: Peter Zijlstra <peterz@infradead.org>
Date:   Fri Oct 2 11:04:21 2020 +0200

    lockdep: Fix lockdep recursion
    
    Steve reported that lockdep_assert*irq*(), when nested inside lockdep
    itself, will trigger a false-positive.
    
    One example is the stack-trace code, as called from inside lockdep,
    triggering tracing, which in turn calls RCU, which then uses
    lockdep_assert_irqs_disabled().
    
    Fixes: a21ee6055c30 ("lockdep: Change hardirq{s_enabled,_context} to per-cpu variables")
    Reported-by: Steven Rostedt <rostedt@goodmis.org>
    Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
    Signed-off-by: Ingo Molnar <mingo@kernel.org>

 include/linux/lockdep.h  | 13 ++++---
 kernel/locking/lockdep.c | 99 +++++++++++++++++++++++++++++-------------------
 2 files changed, 67 insertions(+), 45 deletions(-)

culprit signature: 165d666492d7bb1c24366fa0da2fd081af73f257e4748cb0fdc0a1fff00a936e
parent  signature: e57e8b3df83e73c51eca2ca88d5d6c5d0f4d25a0475e334da22f434d54d2d1ab
revisions tested: 17, total time: 2h52m20.68796188s (build: 1h20m39.891261815s, test: 1h29m39.635582205s)
first bad commit: 4d004099a668c41522242aa146a38cc4eb59cb1e lockdep: Fix lockdep recursion
recipients (to): ["linux-kernel@vger.kernel.org" "mingo@kernel.org" "mingo@redhat.com" "peterz@infradead.org" "peterz@infradead.org" "will@kernel.org"]
recipients (cc): []
crash: BUG: using __this_cpu_read() in preemptible code in trace_hardirqs_on
BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.0/10140
caller is lockdep_hardirqs_on_prepare+0x2f/0x1b0 kernel/locking/lockdep.c:3684
CPU: 0 PID: 10140 Comm: syz-executor.0 Not tainted 5.9.0-rc8-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x77/0xa0 lib/dump_stack.c:118
 check_preemption_disabled+0xb4/0xc0 lib/smp_processor_id.c:48
 lockdep_hardirqs_on_prepare+0x2f/0x1b0 kernel/locking/lockdep.c:3684
 trace_hardirqs_on+0x1c/0x100 kernel/trace/trace_preemptirq.c:49
 __bad_area_nosemaphore+0x5e/0x220 arch/x86/mm/fault.c:797
 do_user_addr_fault arch/x86/mm/fault.c:1345 [inline]
 handle_page_fault arch/x86/mm/fault.c:1429 [inline]
 exc_page_fault+0x5cb/0x6c0 arch/x86/mm/fault.c:1482
 asm_exc_page_fault+0x1e/0x30 arch/x86/include/asm/idtentry.h:538
RIP: 0033:0x40260b
Code: 40 41 89 e8 4c 89 ef b9 11 80 00 00 c1 e6 04 03 73 64 8d 14 90 39 f2 48 0f 43 f2 45 31 c9 ba 03 00 00 00 e8 27 bc 05 00 8b 33 <49> 89 07 41 89 e8 4c 89 e7 41 b9 00 00 00 10 b9 11 80 00 00 ba 03
RSP: 002b:00007f0e468f8bf0 EFLAGS: 00010207
RAX: 0000000020ffd000 RBX: 0000000020000080 RCX: 000000000045e26a
RDX: 0000000000000003 RSI: 0000000000008000 RDI: 0000000020ffd000
RBP: 0000000000000004 R08: 0000000000000004 R09: 0000000000000000
R10: 0000000000008011 R11: 0000000000000206 R12: 0000000020ffd000
R13: 0000000020ffd000 R14: 0000000000000000 R15: 0000000000000000
BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.0/10140
caller is lockdep_hardirqs_on+0x38/0x110 kernel/locking/lockdep.c:3753
CPU: 0 PID: 10140 Comm: syz-executor.0 Not tainted 5.9.0-rc8-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x77/0xa0 lib/dump_stack.c:118
 check_preemption_disabled+0xb4/0xc0 lib/smp_processor_id.c:48
 lockdep_hardirqs_on+0x38/0x110 kernel/locking/lockdep.c:3753
 __bad_area_nosemaphore+0x5e/0x220 arch/x86/mm/fault.c:797
 do_user_addr_fault arch/x86/mm/fault.c:1345 [inline]
 handle_page_fault arch/x86/mm/fault.c:1429 [inline]
 exc_page_fault+0x5cb/0x6c0 arch/x86/mm/fault.c:1482
 asm_exc_page_fault+0x1e/0x30 arch/x86/include/asm/idtentry.h:538
RIP: 0033:0x40260b
Code: 40 41 89 e8 4c 89 ef b9 11 80 00 00 c1 e6 04 03 73 64 8d 14 90 39 f2 48 0f 43 f2 45 31 c9 ba 03 00 00 00 e8 27 bc 05 00 8b 33 <49> 89 07 41 89 e8 4c 89 e7 41 b9 00 00 00 10 b9 11 80 00 00 ba 03
RSP: 002b:00007f0e468f8bf0 EFLAGS: 00010207
RAX: 0000000020ffd000 RBX: 0000000020000080 RCX: 000000000045e26a
RDX: 0000000000000003 RSI: 0000000000008000 RDI: 0000000020ffd000
RBP: 0000000000000004 R08: 0000000000000004 R09: 0000000000000000
R10: 0000000000008011 R11: 0000000000000206 R12: 0000000020ffd000
R13: 0000000020ffd000 R14: 0000000000000000 R15: 0000000000000000