bisecting cause commit starting from 92edc4aef86780a8ad01b092c6d6630bb3cb423d building syzkaller on 1bf9a662c66aa432ff2fe3bf2562578cef626c09 testing commit 92edc4aef86780a8ad01b092c6d6630bb3cb423d with gcc (GCC) 8.1.0 kernel signature: dbcf8e877795b95260664b7823b3b0881bb832dfea1a931ba82497d3ec175d92 run #0: basic kernel testing failed: BUG: sleeping function called from invalid context in sta_info_move_state run #1: basic kernel testing failed: BUG: sleeping function called from invalid context in sta_info_move_state run #2: crashed: INFO: task can't die in perf_event_free_task run #3: crashed: INFO: task can't die in perf_event_free_task run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK testing release v5.9 testing commit bbf5c979011a099af5dc76498918ed7df445635b with gcc (GCC) 8.1.0 kernel signature: a82b63d060ceb014a456a27cdef2f1ec1d15fc82de1427bc4784201d6479e67b all runs: OK # git bisect start 92edc4aef86780a8ad01b092c6d6630bb3cb423d bbf5c979011a099af5dc76498918ed7df445635b Bisecting: 10698 revisions left to test after this (roughly 13 steps) [c4cf498dc0241fa2d758dba177634268446afb06] Merge branch 'akpm' (patches from Andrew) testing commit c4cf498dc0241fa2d758dba177634268446afb06 with gcc (GCC) 8.1.0 kernel signature: 51a71635a707ef8aa9090000dc84146c9056fb92ac5f2f84cdbc122302a95b29 all runs: crashed: BUG: using __this_cpu_read() in preemptible code in trace_hardirqs_on # git bisect bad c4cf498dc0241fa2d758dba177634268446afb06 Bisecting: 5404 revisions left to test after this (roughly 12 steps) [726eb70e0d34dc4bc4dada71f52bba8ed638431e] Merge tag 'char-misc-5.10-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc testing commit 726eb70e0d34dc4bc4dada71f52bba8ed638431e with gcc (GCC) 8.1.0 kernel signature: d5bd28ba36e60e83ed074ec70cf139f5bc065cfc4d5edf0dfe079783098eed4e all runs: crashed: BUG: using __this_cpu_read() in preemptible code in trace_hardirqs_on # git bisect bad 726eb70e0d34dc4bc4dada71f52bba8ed638431e Bisecting: 2690 revisions left to test after this (roughly 11 steps) [527f6750d92beb9c787d8aba48477b1e834d64e5] kasan: remove mentions of unsupported Clang versions testing commit 527f6750d92beb9c787d8aba48477b1e834d64e5 with gcc (GCC) 8.1.0 kernel signature: 7a9c31039090fe1cbcde8b3fe9e6fd4a69113a7b63335b9d7e8c5c085a5f33c5 run #0: crashed: BUG: using __this_cpu_read() in preemptible code in trace_hardirqs_on run #1: crashed: BUG: using __this_cpu_read() in preemptible code in trace_hardirqs_on run #2: crashed: BUG: using __this_cpu_read() in preemptible code in trace_hardirqs_on run #3: crashed: BUG: using __this_cpu_read() in preemptible code in trace_hardirqs_on run #4: crashed: BUG: using __this_cpu_read() in preemptible code in trace_hardirqs_on run #5: crashed: BUG: using __this_cpu_read() in preemptible code in trace_hardirqs_on run #6: crashed: BUG: using __this_cpu_read() in preemptible code in trace_hardirqs_on run #7: crashed: INFO: task hung in perf_event_free_task run #8: crashed: BUG: using __this_cpu_read() in preemptible code in trace_hardirqs_on run #9: crashed: BUG: using __this_cpu_read() in preemptible code in trace_hardirqs_on # git bisect bad 527f6750d92beb9c787d8aba48477b1e834d64e5 Bisecting: 1326 revisions left to test after this (roughly 10 steps) [647412daeb454b6dad12a6c6961ab90aac9e5d29] Merge tag 'mmc-v5.10' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmc testing commit 647412daeb454b6dad12a6c6961ab90aac9e5d29 with gcc (GCC) 8.1.0 kernel signature: 7d1d62a2633770e9926affe2d928bf62bb5dfe9f521c45c61724148210a280ca all runs: crashed: BUG: using __this_cpu_read() in preemptible code in trace_hardirqs_on # git bisect bad 647412daeb454b6dad12a6c6961ab90aac9e5d29 Bisecting: 687 revisions left to test after this (roughly 9 steps) [3bff6112c80cecb76af5fe485506f96e8adb6122] Merge tag 'perf-core-2020-10-12' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip testing commit 3bff6112c80cecb76af5fe485506f96e8adb6122 with gcc (GCC) 8.1.0 kernel signature: 9df8ab64eb68a26d43ed878cd913ddbc0700bcdbfaf229c1cf653a8e6a0b2704 all runs: crashed: BUG: using __this_cpu_read() in preemptible code in trace_hardirqs_on # git bisect bad 3bff6112c80cecb76af5fe485506f96e8adb6122 Bisecting: 370 revisions left to test after this (roughly 8 steps) [f5f59336a9ae8f683772d6b8cb2d6732b5e567ea] Merge tag 'timers-core-2020-10-12' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip testing commit f5f59336a9ae8f683772d6b8cb2d6732b5e567ea with gcc (GCC) 8.1.0 kernel signature: bb408c90d534046327cc0f4f7118c8eddc58e67a41e33c26f90e42ad57957f81 run #0: crashed: INFO: task hung in perf_event_free_task run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect bad f5f59336a9ae8f683772d6b8cb2d6732b5e567ea Bisecting: 151 revisions left to test after this (roughly 7 steps) [d13027bb35e089bc1bb9f19c4976decf32a09b97] Revert "arm64: initialize per-cpu offsets earlier" testing commit d13027bb35e089bc1bb9f19c4976decf32a09b97 with gcc (GCC) 8.1.0 kernel signature: 9fdf56f2eca43482fae71a2436c9fb7be1594c85b5122ee199318e3a99cd3b2a all runs: OK # git bisect good d13027bb35e089bc1bb9f19c4976decf32a09b97 Bisecting: 81 revisions left to test after this (roughly 6 steps) [92a0610b6acd3bfdc977b612853ba6711447e887] Merge tag 'x86_cpu_for_v5.10' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip testing commit 92a0610b6acd3bfdc977b612853ba6711447e887 with gcc (GCC) 8.1.0 kernel signature: bf0d3c0693aab91229837e6c86b1d7c6daeccd1628dc8e424d88a8533746bd14 all runs: OK # git bisect good 92a0610b6acd3bfdc977b612853ba6711447e887 Bisecting: 41 revisions left to test after this (roughly 5 steps) [a0d445f70c5d746eb3aa28c4d80619e624e49b4b] Merge tag 'x86_fpu_for_v5.10' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip testing commit a0d445f70c5d746eb3aa28c4d80619e624e49b4b with gcc (GCC) 8.1.0 kernel signature: 3ef7f3d30e218c393ed0ce57b4d34ba98ac8940d2ba856c44b6d45b9bec4e8fe run #0: crashed: INFO: task hung in perf_event_free_task run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect bad a0d445f70c5d746eb3aa28c4d80619e624e49b4b Bisecting: 24 revisions left to test after this (roughly 4 steps) [8b6591fd0ac8b7e8b2873703bc24b71a6f3d2d3e] Merge tag 'x86_platform_for_v5.10' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip testing commit 8b6591fd0ac8b7e8b2873703bc24b71a6f3d2d3e with gcc (GCC) 8.1.0 kernel signature: 82f7618efe588f37dde0e2dfe98e3dfc1e0d8f0e9aef3e558004525c4fe49355 all runs: OK # git bisect good 8b6591fd0ac8b7e8b2873703bc24b71a6f3d2d3e Bisecting: 12 revisions left to test after this (roughly 4 steps) [ac74075e5d525f3e782f88ed8d8b1df35c1497e5] Merge tag 'x86_pasid_for_5.10' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip testing commit ac74075e5d525f3e782f88ed8d8b1df35c1497e5 with gcc (GCC) 8.1.0 kernel signature: a2b73a40aafc40c6454480d3f292089a6d6eddf967a611fa97268a07842d2366 all runs: OK # git bisect good ac74075e5d525f3e782f88ed8d8b1df35c1497e5 Bisecting: 7 revisions left to test after this (roughly 3 steps) [9e536c817960c698c23feed6f9bff6d192805543] Merge tag 'x86_misc_for_v5.10' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip testing commit 9e536c817960c698c23feed6f9bff6d192805543 with gcc (GCC) 8.1.0 kernel signature: 37e682ad079658a6d0bb417b0c5fbbd2d5de4bec50fb7cedd5f592b3703abc70 all runs: OK # git bisect good 9e536c817960c698c23feed6f9bff6d192805543 Bisecting: 3 revisions left to test after this (roughly 2 steps) [1b9abd1755ad947d7c9913e92e7837b533124c90] selftests/x86/fsgsbase: Test PTRACE_PEEKUSER for GSBASE with invalid LDT GS testing commit 1b9abd1755ad947d7c9913e92e7837b533124c90 with gcc (GCC) 8.1.0 kernel signature: 04afc908ede73650dce510e5f77d31c71df666e2f700402379438fe9600b5d92 run #0: crashed: INFO: task hung in perf_event_free_task run #1: crashed: INFO: task hung in perf_event_free_task run #2: crashed: INFO: task hung in perf_event_free_task run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect bad 1b9abd1755ad947d7c9913e92e7837b533124c90 Bisecting: 1 revision left to test after this (roughly 1 step) [5f1dd4dda5c8796c405e856aaa11e187f6885924] x86/fsgsbase: Replace static_cpu_has() with boot_cpu_has() testing commit 5f1dd4dda5c8796c405e856aaa11e187f6885924 with gcc (GCC) 8.1.0 kernel signature: 04afc908ede73650dce510e5f77d31c71df666e2f700402379438fe9600b5d92 all runs: OK # git bisect good 5f1dd4dda5c8796c405e856aaa11e187f6885924 Bisecting: 0 revisions left to test after this (roughly 0 steps) [ab2dd173330a3f07142e68cd65682205036cd00f] selftests/x86/fsgsbase: Reap a forgotten child testing commit ab2dd173330a3f07142e68cd65682205036cd00f with gcc (GCC) 8.1.0 kernel signature: 04afc908ede73650dce510e5f77d31c71df666e2f700402379438fe9600b5d92 run #0: crashed: INFO: task hung in perf_event_free_task run #1: OK run #2: crashed: INFO: task hung in perf_event_free_task run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect bad ab2dd173330a3f07142e68cd65682205036cd00f ab2dd173330a3f07142e68cd65682205036cd00f is the first bad commit commit ab2dd173330a3f07142e68cd65682205036cd00f Author: Andy Lutomirski Date: Wed Aug 26 10:00:45 2020 -0700 selftests/x86/fsgsbase: Reap a forgotten child The ptrace() test forgot to reap its child. Reap it. Signed-off-by: Andy Lutomirski Signed-off-by: Ingo Molnar Link: https://lore.kernel.org/r/e7700a503f30e79ab35a63103938a19893dbeff2.1598461151.git.luto@kernel.org tools/testing/selftests/x86/fsgsbase.c | 3 +++ 1 file changed, 3 insertions(+) culprit signature: 04afc908ede73650dce510e5f77d31c71df666e2f700402379438fe9600b5d92 parent signature: 04afc908ede73650dce510e5f77d31c71df666e2f700402379438fe9600b5d92 revisions tested: 17, total time: 3h35m54.329483514s (build: 1h14m3.81693169s, test: 2h20m4.438361262s) first bad commit: ab2dd173330a3f07142e68cd65682205036cd00f selftests/x86/fsgsbase: Reap a forgotten child recipients (to): ["linux-kselftest@vger.kernel.org" "luto@kernel.org" "mingo@kernel.org" "shuah@kernel.org"] recipients (cc): ["chang.seok.bae@intel.com" "linux-kernel@vger.kernel.org" "luto@kernel.org" "sashal@kernel.org" "tglx@linutronix.de" "tony.luck@intel.com"] crash: INFO: task hung in perf_event_free_task INFO: task syz-executor.3:22956 blocked for more than 143 seconds. Not tainted 5.9.0-rc2-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz-executor.3 state:D stack:13728 pid:22956 ppid: 8841 flags:0x00004004 Call Trace: context_switch kernel/sched/core.c:3778 [inline] __schedule+0x37b/0x8c0 kernel/sched/core.c:4527 schedule+0x37/0xe0 kernel/sched/core.c:4602 perf_event_free_task+0x23c/0x280 kernel/events/core.c:12446 copy_process+0xb22/0x1d50 kernel/fork.c:2326 _do_fork+0x98/0x730 kernel/fork.c:2428 __do_sys_clone+0x66/0x80 kernel/fork.c:2545 do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x44/0xa9 RIP: 0033:0x45deb9 Code: Bad RIP value. RSP: 002b:00007f6352fafc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 RAX: ffffffffffffffda RBX: 0000000000002040 RCX: 000000000045deb9 RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000100 RBP: 000000000118bf70 R08: ffffffffffffffff R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000118bf2c R13: 00007ffc4956ea3f R14: 00007f6352fb09c0 R15: 000000000118bf2c Showing all locks held in the system: 1 lock held by khungtaskd/1308: #0: ffffffff84b0ee20 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x15/0x17a kernel/locking/lockdep.c:5826 1 lock held by in:imklog/8044: #0: ffff88812fba0ef0 (&f->f_pos_lock){+.+.}-{3:3}, at: __fdget_pos+0x45/0x50 fs/file.c:930 ============================================= NMI backtrace for cpu 1 CPU: 1 PID: 1308 Comm: khungtaskd Not tainted 5.9.0-rc2-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x78/0xa0 lib/dump_stack.c:118 nmi_cpu_backtrace.cold.8+0x3e/0x58 lib/nmi_backtrace.c:101 nmi_trigger_cpumask_backtrace+0xd5/0xec lib/nmi_backtrace.c:62 trigger_all_cpu_backtrace include/linux/nmi.h:146 [inline] check_hung_uninterruptible_tasks kernel/hung_task.c:209 [inline] watchdog+0x58e/0x680 kernel/hung_task.c:295 kthread+0x147/0x170 kernel/kthread.c:292 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294 Sending NMI from CPU 1 to CPUs 0: NMI backtrace for cpu 0 CPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.9.0-rc2-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:lookup_chain_cache kernel/locking/lockdep.c:3109 [inline] RIP: 0010:lookup_chain_cache_add kernel/locking/lockdep.c:3128 [inline] RIP: 0010:validate_chain kernel/locking/lockdep.c:3183 [inline] RIP: 0010:__lock_acquire+0xa98/0x2ab0 kernel/locking/lockdep.c:4426 Code: 34 d5 60 c5 5e 86 49 89 d7 48 89 34 24 0f 84 86 01 00 00 4a 8b 04 fd 60 c5 5e 86 48 85 c0 74 1b 48 83 f8 08 74 15 48 8b 50 10 <49> 39 d5 0f 84 0f fb ff ff 48 8b 00 48 85 c0 75 e5 8b 35 e9 eb 73 RSP: 0018:ffffffff84a03c50 EFLAGS: 00000082 RAX: ffffffff85f33688 RBX: 00000000b91432e6 RCX: 00000000d165c30c RDX: ba4719117f6c87ac RSI: ffffffff86617258 RDI: 0000000055bf9380 RBP: ffffffff84a90080 R08: 0000000000000001 R09: 0000000000000000 R10: 0000000000000001 R11: 0000000000000001 R12: ffffffff84a90990 R13: 600de905542ab586 R14: 0000000000000000 R15: 000000000000559f FS: 0000000000000000(0000) GS:ffff88813bc00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fa6e25bc000 CR3: 000000012e580000 CR4: 00000000001506f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: lock_acquire+0xa7/0x3a0 kernel/locking/lockdep.c:5005 write_seqcount_t_begin_nested include/linux/seqlock.h:469 [inline] write_seqcount_t_begin include/linux/seqlock.h:495 [inline] psi_group_change+0x8f/0x320 kernel/sched/psi.c:707 psi_task_switch+0x143/0x180 kernel/sched/psi.c:833 psi_sched_switch kernel/sched/stats.h:144 [inline] __schedule+0x525/0x8c0 kernel/sched/core.c:4522 schedule_idle+0x19/0x30 kernel/sched/core.c:4630 do_idle+0x197/0x2d0 kernel/sched/idle.c:304 cpu_startup_entry+0x14/0x20 kernel/sched/idle.c:372 start_kernel+0x4af/0x4ce init/main.c:1048 secondary_startup_64+0xa4/0xb0 arch/x86/kernel/head_64.S:243