bisecting fixing commit since 14260788bbb9c94b0e36abc17294266b69dd46e4 building syzkaller on 598ca6c8b8766304c3b2865e38f5f301c39bd299 testing commit 14260788bbb9c94b0e36abc17294266b69dd46e4 with gcc (GCC) 8.1.0 kernel signature: 8e6cd3f0b5bdc618cb47f520d33482b8753fa16563c10e649203e510e4de11df all runs: crashed: general protection fault in selinux_socket_sendmsg testing current HEAD 54b4fa6d39551639cb10664f6ac78b01993a1d7e testing commit 54b4fa6d39551639cb10664f6ac78b01993a1d7e with gcc (GCC) 8.1.0 kernel signature: af8f7869c5b9f6b632e18b547030c0eb22a813b5f702b1d6705425a978cdafad all runs: OK # git bisect start 54b4fa6d39551639cb10664f6ac78b01993a1d7e 14260788bbb9c94b0e36abc17294266b69dd46e4 Bisecting: 1824 revisions left to test after this (roughly 11 steps) [b23477d818a63f13412b55655cf2defa3a8e3e85] tcp: refine rule to allow EPOLLOUT generation under mem pressure testing commit b23477d818a63f13412b55655cf2defa3a8e3e85 with gcc (GCC) 8.1.0 kernel signature: e21cd03ea5a9903208849cf733e07c792ace66441bc5d55d30de266740cb032c all runs: crashed: general protection fault in selinux_socket_sendmsg # git bisect good b23477d818a63f13412b55655cf2defa3a8e3e85 Bisecting: 912 revisions left to test after this (roughly 10 steps) [1ee531e8048ebc03d08c9a0064930c8b1b541522] usb: typec: tcpci: mask event interrupts when remove driver testing commit 1ee531e8048ebc03d08c9a0064930c8b1b541522 with gcc (GCC) 8.1.0 kernel signature: 0c136c7441ec13cf5332c46ec37c77261192709ac8cc29686f7908a183668127 all runs: crashed: inconsistent lock state in rxrpc_put_client_conn # git bisect good 1ee531e8048ebc03d08c9a0064930c8b1b541522 Bisecting: 456 revisions left to test after this (roughly 9 steps) [d4878c57a1af388be997de0ede71d9ec5782f852] vt: fix scrollback flushing on background consoles testing commit d4878c57a1af388be997de0ede71d9ec5782f852 with gcc (GCC) 8.1.0 kernel signature: e107e6e8d25cc678c0c10a4a4f7eda20d4e87c49fd24f9c420608c49e34e1f34 all runs: crashed: inconsistent lock state in rxrpc_put_client_conn # git bisect good d4878c57a1af388be997de0ede71d9ec5782f852 Bisecting: 228 revisions left to test after this (roughly 8 steps) [9a51f2ef088969e1a6ef8fc9dbe3187f78921d5c] spi: bcm63xx-hsspi: Really keep pll clk enabled testing commit 9a51f2ef088969e1a6ef8fc9dbe3187f78921d5c with gcc (GCC) 8.1.0 kernel signature: fd206a4fa218a5e73407426dc71ebbb138975471c6562fd7da56e00144aa4548 all runs: OK # git bisect bad 9a51f2ef088969e1a6ef8fc9dbe3187f78921d5c Bisecting: 113 revisions left to test after this (roughly 7 steps) [bee419ec70d957f01aa7d634b1fe4a2dda44ab53] nfc: pn544: Fix occasional HW initialization failure testing commit bee419ec70d957f01aa7d634b1fe4a2dda44ab53 with gcc (GCC) 8.1.0 kernel signature: eeb012a742a5a3bad5bd77e71268fa43fa1d74d52fd96b94e587984ea561133b all runs: OK # git bisect bad bee419ec70d957f01aa7d634b1fe4a2dda44ab53 Bisecting: 56 revisions left to test after this (roughly 6 steps) [85dd0eb771e8cef7839dbd4cb61acde0b86ecd9e] KVM: nVMX: Check IO instruction VM-exit conditions testing commit 85dd0eb771e8cef7839dbd4cb61acde0b86ecd9e with gcc (GCC) 8.1.0 kernel signature: dfe04fa7851bc5500772d6dd083ecef6ce431f7bcb93084e702f4c8137f78709 all runs: crashed: inconsistent lock state in rxrpc_put_client_conn # git bisect good 85dd0eb771e8cef7839dbd4cb61acde0b86ecd9e Bisecting: 28 revisions left to test after this (roughly 5 steps) [9bb5134708f105fdd8cb78bae848c364945607e3] irqchip/gic-v3-its: Fix misuse of GENMASK macro testing commit 9bb5134708f105fdd8cb78bae848c364945607e3 with gcc (GCC) 8.1.0 kernel signature: ede88555430528888ce40be74f206ec397c3065486692ef69a486e92c02ea785 all runs: OK # git bisect bad 9bb5134708f105fdd8cb78bae848c364945607e3 Bisecting: 13 revisions left to test after this (roughly 4 steps) [c0965be4b28b8078202bd174d2cf2beb1b91fe46] ecryptfs: replace BUG_ON with error handling code testing commit c0965be4b28b8078202bd174d2cf2beb1b91fe46 with gcc (GCC) 8.1.0 kernel signature: c8359efae928a926244a1a2ee00260835aeffe624a0224fd0ed2efac824f4f01 all runs: crashed: inconsistent lock state in rxrpc_put_client_conn # git bisect good c0965be4b28b8078202bd174d2cf2beb1b91fe46 Bisecting: 6 revisions left to test after this (roughly 3 steps) [acbc5071f073bc368d7d4f63902adf536cf37772] netfilter: xt_hashlimit: limit the max size of hashtable testing commit acbc5071f073bc368d7d4f63902adf536cf37772 with gcc (GCC) 8.1.0 kernel signature: 6feb3e2e842673c403746d9329b54e5cb01689dfb1edcbff9b227f7ffa55b394 all runs: crashed: inconsistent lock state in rxrpc_put_client_conn # git bisect good acbc5071f073bc368d7d4f63902adf536cf37772 Bisecting: 3 revisions left to test after this (roughly 2 steps) [fee87e931cc58435463975730a892d83af21d98c] xen: Enable interrupts when calling _cond_resched() testing commit fee87e931cc58435463975730a892d83af21d98c with gcc (GCC) 8.1.0 kernel signature: 316e439f27d6cbe8828e46817d94571e77ff1dfcb23b99ff75bca8b141217d09 all runs: OK # git bisect bad fee87e931cc58435463975730a892d83af21d98c Bisecting: 0 revisions left to test after this (roughly 1 step) [28a73a946a46397b3f2946dbd718ba4c0d6decab] ata: ahci: Add shutdown to freeze hardware resources of ahci testing commit 28a73a946a46397b3f2946dbd718ba4c0d6decab with gcc (GCC) 8.1.0 kernel signature: a945b5377aff63ce950acb599c15551fcb7abcc906361f88e02e879623bf1bb7 all runs: OK # git bisect bad 28a73a946a46397b3f2946dbd718ba4c0d6decab Bisecting: 0 revisions left to test after this (roughly 0 steps) [43cac315bec132e962e04c31fe888caac257ec0a] rxrpc: Fix call RCU cleanup using non-bh-safe locks testing commit 43cac315bec132e962e04c31fe888caac257ec0a with gcc (GCC) 8.1.0 kernel signature: bbf0c6f5117e64dbd4d7c219a02c236e016da54cc64ee38b1177c3072aeae21e all runs: OK # git bisect bad 43cac315bec132e962e04c31fe888caac257ec0a 43cac315bec132e962e04c31fe888caac257ec0a is the first bad commit commit 43cac315bec132e962e04c31fe888caac257ec0a Author: David Howells Date: Thu Feb 6 13:57:40 2020 +0000 rxrpc: Fix call RCU cleanup using non-bh-safe locks commit 963485d436ccc2810177a7b08af22336ec2af67b upstream. rxrpc_rcu_destroy_call(), which is called as an RCU callback to clean up a put call, calls rxrpc_put_connection() which, deep in its bowels, takes a number of spinlocks in a non-BH-safe way, including rxrpc_conn_id_lock and local->client_conns_lock. RCU callbacks, however, are normally called from softirq context, which can cause lockdep to notice the locking inconsistency. To get lockdep to detect this, it's necessary to have the connection cleaned up on the put at the end of the last of its calls, though normally the clean up is deferred. This can be induced, however, by starting a call on an AF_RXRPC socket and then closing the socket without reading the reply. Fix this by having rxrpc_rcu_destroy_call() punt the destruction to a workqueue if in softirq-mode and defer the destruction to process context. Note that another way to fix this could be to add a bunch of bh-disable annotations to the spinlocks concerned - and there might be more than just those two - but that means spending more time with BHs disabled. Note also that some of these places were covered by bh-disable spinlocks belonging to the rxrpc_transport object, but these got removed without the _bh annotation being retained on the next lock in. Fixes: 999b69f89241 ("rxrpc: Kill the client connection bundle concept") Reported-by: syzbot+d82f3ac8d87e7ccbb2c9@syzkaller.appspotmail.com Reported-by: syzbot+3f1fd6b8cbf8702d134e@syzkaller.appspotmail.com Signed-off-by: David Howells cc: Hillf Danton Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman net/rxrpc/call_object.c | 22 +++++++++++++++++++--- 1 file changed, 19 insertions(+), 3 deletions(-) culprit signature: bbf0c6f5117e64dbd4d7c219a02c236e016da54cc64ee38b1177c3072aeae21e parent signature: 6feb3e2e842673c403746d9329b54e5cb01689dfb1edcbff9b227f7ffa55b394 revisions tested: 14, total time: 3h36m59.210694027s (build: 1h57m35.170671774s, test: 1h38m10.14594527s) first good commit: 43cac315bec132e962e04c31fe888caac257ec0a rxrpc: Fix call RCU cleanup using non-bh-safe locks cc: ["davem@davemloft.net" "dhowells@redhat.com" "gregkh@linuxfoundation.org"]