bisecting cause commit starting from 0d1c3530e1bd38382edef72591b78e877e0edcd3 building syzkaller on 749688d22abef3f3cb9a0480e15c19a3f2ed8e13 testing commit 0d1c3530e1bd38382edef72591b78e877e0edcd3 with gcc (GCC) 8.1.0 kernel signature: 839a0c12cbdcf3fdff3cd0a5e0c08890477b5efffe5055d59220375ec557919c run #0: crashed: WARNING: refcount bug in sk_alloc run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK testing release v5.5 testing commit d5226fa6dbae0569ee43ecfc08bdcd6770fc4755 with gcc (GCC) 8.1.0 kernel signature: 010ce2ae225a671be5b2578b2ca7612ddd18f73187700fbcdf8bd8f60705ad86 all runs: OK # git bisect start 0d1c3530e1bd38382edef72591b78e877e0edcd3 d5226fa6dbae0569ee43ecfc08bdcd6770fc4755 Bisecting: 7569 revisions left to test after this (roughly 13 steps) [4cadc60d6bcfee9c626d4b55e9dc1475d21ad3bb] Merge tag 'for-v5.6' of git://git.kernel.org/pub/scm/linux/kernel/git/sre/linux-power-supply testing commit 4cadc60d6bcfee9c626d4b55e9dc1475d21ad3bb with gcc (GCC) 8.1.0 kernel signature: c5ca0208dc012fb0c5cfb37691c8f4c881d4e3edfbf8dd960674cba777e081dd all runs: OK # git bisect good 4cadc60d6bcfee9c626d4b55e9dc1475d21ad3bb Bisecting: 3785 revisions left to test after this (roughly 12 steps) [d60ddd244215da7c695cba858427094d8e366aa7] Merge tag 'for-linus' of git://git.armlinux.org.uk/~rmk/linux-arm testing commit d60ddd244215da7c695cba858427094d8e366aa7 with gcc (GCC) 8.1.0 kernel signature: 799a52a4cd3aa413b9f8cae163ce1159f1649d81361c26520a711d4ad8ed2907 run #0: crashed: WARNING: refcount bug in sk_alloc run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect bad d60ddd244215da7c695cba858427094d8e366aa7 Bisecting: 1935 revisions left to test after this (roughly 11 steps) [b20414252068263c736d008e536658f9ce13d74a] drm/vmwgfx: Use VM_PFNMAP instead of VM_MIXEDMAP when possible testing commit b20414252068263c736d008e536658f9ce13d74a with gcc (GCC) 8.1.0 kernel signature: 85e3cc0f3024e173f97f14276fdbc23f20add5059d3e9155937a71d6d69ee96b all runs: boot failed: general protection fault in do_mount_root # git bisect skip b20414252068263c736d008e536658f9ce13d74a Bisecting: 1935 revisions left to test after this (roughly 11 steps) [b504c6540d1752c73e16548062c49bc9f447cb12] ovl: improving copy-up efficiency for big sparse file testing commit b504c6540d1752c73e16548062c49bc9f447cb12 with gcc (GCC) 8.1.0 kernel signature: 16b4d6201b0c097eb9134a02ecced3bc6f84abb299808d40e16b158838ab5156 all runs: OK # git bisect good b504c6540d1752c73e16548062c49bc9f447cb12 Bisecting: 1931 revisions left to test after this (roughly 11 steps) [f3c560a61b4e32961738b5917674e5d9102aeb7f] MIPS: mm: Place per_cpu on different nodes, if NUMA is enabled testing commit f3c560a61b4e32961738b5917674e5d9102aeb7f with gcc (GCC) 8.1.0 kernel signature: 6d0272747a732a260e32a4d86a0acff31a454273020a984c934a8ce57bdea583 all runs: OK # git bisect good f3c560a61b4e32961738b5917674e5d9102aeb7f Bisecting: 1921 revisions left to test after this (roughly 11 steps) [636e9d23dd45ec7d637c2c2ca63c38d9aa5c5fbd] MIPS: OCTEON: octeon-irq: fix spelling mistake "to" -> "too" testing commit 636e9d23dd45ec7d637c2c2ca63c38d9aa5c5fbd with gcc (GCC) 8.1.0 kernel signature: 05ac9f4010a42b7bb3d8adba5025664d1493bfc22a61e5fbd6651fc95d9fd4ec run #0: crashed: WARNING: refcount bug in sk_alloc run #1: crashed: WARNING: refcount bug in sk_alloc run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect bad 636e9d23dd45ec7d637c2c2ca63c38d9aa5c5fbd Bisecting: 22 revisions left to test after this (roughly 5 steps) [72d052e28d1d2363f9107be63ef3a3afdea6143c] MIPS: Loongson: Fix potential NULL dereference in loongson3_platform_init() testing commit 72d052e28d1d2363f9107be63ef3a3afdea6143c with gcc (GCC) 8.1.0 kernel signature: 28ece28af9b8b0ffb0411cb04a2a50ab83a7a371ccd9f6d334f1350b8867f051 run #0: crashed: WARNING: refcount bug in sk_alloc run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect bad 72d052e28d1d2363f9107be63ef3a3afdea6143c Bisecting: 11 revisions left to test after this (roughly 4 steps) [2c616e9f03dbe291debc367f7c9a18cc34c3cfbe] MIPS: SGI-IP27: Use structs for decoding error status registers testing commit 2c616e9f03dbe291debc367f7c9a18cc34c3cfbe with gcc (GCC) 8.1.0 kernel signature: bb3661bf395ee2ce23205e3e6e398f1edd99f2c99a50ff9935009576a4e87e1e run #0: crashed: WARNING: refcount bug in sk_alloc run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect bad 2c616e9f03dbe291debc367f7c9a18cc34c3cfbe Bisecting: 4 revisions left to test after this (roughly 3 steps) [5388b58143eae288cb5dfbbf797beff50ff6567f] MIPS: SGI-IP27: get rid of asm/sn/sn0/ip27.h testing commit 5388b58143eae288cb5dfbbf797beff50ff6567f with gcc (GCC) 8.1.0 kernel signature: 262b1435d671947b4b6da8c13a500d2e540f1df7126734bcff89f6042bebb676 run #0: crashed: WARNING: refcount bug in sk_alloc run #1: crashed: WARNING: refcount bug in sk_alloc run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect bad 5388b58143eae288cb5dfbbf797beff50ff6567f Bisecting: 2 revisions left to test after this (roughly 2 steps) [2d11e6a4ff5070aa3e62e43010b2e39eea596f76] MIPS: SGI-IP27: use nodemask instead of cpumask testing commit 2d11e6a4ff5070aa3e62e43010b2e39eea596f76 with gcc (GCC) 8.1.0 kernel signature: 2cf58bb7c32fdf1bf7e58855c7ad8cab5ed1390dac0ec9b4f56b5070c0f021be all runs: OK # git bisect good 2d11e6a4ff5070aa3e62e43010b2e39eea596f76 Bisecting: 0 revisions left to test after this (roughly 1 step) [b78e9d63a3b6307b6b786e6ba189d3978b60ceb5] MIPS: SGI-IP27: use asm/sn/agent.h for including HUB related stuff testing commit b78e9d63a3b6307b6b786e6ba189d3978b60ceb5 with gcc (GCC) 8.1.0 kernel signature: dfdceb6d3e10af8e58fe2153aa5556a6336fa21b4dfb1b6eae98d1450a08898b run #0: crashed: WARNING: refcount bug in sk_alloc run #1: crashed: WARNING: refcount bug in sk_alloc run #2: crashed: WARNING: refcount bug in sk_alloc run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect bad b78e9d63a3b6307b6b786e6ba189d3978b60ceb5 Bisecting: 0 revisions left to test after this (roughly 0 steps) [d6972bb477544bea3fa0124ae88fd9a9d131a213] MIPS: SGI-IP27: use cpu physid already present while scanning for CPUs testing commit d6972bb477544bea3fa0124ae88fd9a9d131a213 with gcc (GCC) 8.1.0 kernel signature: b6491a4a5852799fcce2dbb3f4334a27769e4ab0335f552b53013d06facdefd8 all runs: OK # git bisect good d6972bb477544bea3fa0124ae88fd9a9d131a213 b78e9d63a3b6307b6b786e6ba189d3978b60ceb5 is the first bad commit commit b78e9d63a3b6307b6b786e6ba189d3978b60ceb5 Author: Thomas Bogendoerfer Date: Thu Jan 9 13:33:40 2020 +0100 MIPS: SGI-IP27: use asm/sn/agent.h for including HUB related stuff By including agent.h where hub related defines/structs are needed, we have only one place to select, which agent chip (HUB or BEDROCK) is used. Signed-off-by: Thomas Bogendoerfer Signed-off-by: Paul Burton Cc: Ralf Baechle Cc: James Hogan Cc: linux-mips@vger.kernel.org Cc: linux-kernel@vger.kernel.org arch/mips/include/asm/mach-ip27/kernel-entry-init.h | 2 +- arch/mips/include/asm/mach-ip27/mmzone.h | 3 ++- arch/mips/include/asm/mach-ip27/topology.h | 1 - arch/mips/include/asm/sn/arch.h | 4 ++++ arch/mips/include/asm/sn/hub.h | 17 ----------------- arch/mips/include/asm/sn/types.h | 4 ++++ arch/mips/pci/pci-ip27.c | 2 +- arch/mips/sgi-ip27/ip27-berr.c | 2 +- arch/mips/sgi-ip27/ip27-console.c | 2 +- arch/mips/sgi-ip27/ip27-hubio.c | 4 +++- arch/mips/sgi-ip27/ip27-init.c | 5 +---- arch/mips/sgi-ip27/ip27-irq.c | 1 - arch/mips/sgi-ip27/ip27-klnuma.c | 1 - arch/mips/sgi-ip27/ip27-memory.c | 1 - arch/mips/sgi-ip27/ip27-nmi.c | 2 +- arch/mips/sgi-ip27/ip27-reset.c | 2 +- arch/mips/sgi-ip27/ip27-smp.c | 3 +-- arch/mips/sgi-ip27/ip27-timer.c | 5 +---- arch/mips/sgi-ip27/ip27-xtalk.c | 1 - 19 files changed, 22 insertions(+), 40 deletions(-) delete mode 100644 arch/mips/include/asm/sn/hub.h culprit signature: dfdceb6d3e10af8e58fe2153aa5556a6336fa21b4dfb1b6eae98d1450a08898b parent signature: b6491a4a5852799fcce2dbb3f4334a27769e4ab0335f552b53013d06facdefd8 revisions tested: 14, total time: 3h57m43.605836607s (build: 1h29m28.728681468s, test: 2h27m0.574083733s) first bad commit: b78e9d63a3b6307b6b786e6ba189d3978b60ceb5 MIPS: SGI-IP27: use asm/sn/agent.h for including HUB related stuff cc: ["alexios.zavras@intel.com" "allison@lohutok.net" "davem@davemloft.net" "ebiederm@xmission.com" "gregkh@linuxfoundation.org" "jhogan@kernel.org" "linux-kernel@vger.kernel.org" "linux-mips@vger.kernel.org" "mojha@codeaurora.org" "paulburton@kernel.org" "ralf@linux-mips.org" "rppt@linux.ibm.com" "swinslow@gmail.com" "tbogendoerfer@suse.de" "tglx@linutronix.de"] crash: WARNING: refcount bug in sk_alloc ------------[ cut here ]------------ refcount_t: addition on 0; use-after-free. WARNING: CPU: 0 PID: 8885 at lib/refcount.c:25 refcount_warn_saturate+0xdd/0x140 lib/refcount.c:25 Kernel panic - not syncing: panic_on_warn set ... CPU: 0 PID: 8885 Comm: syz-executor.3 Not tainted 5.5.0-rc5-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x128/0x182 lib/dump_stack.c:118 panic+0x22a/0x4e3 kernel/panic.c:221 __warn.cold.10+0x25/0x26 kernel/panic.c:582 report_bug+0x1ad/0x270 lib/bug.c:195 fixup_bug arch/x86/kernel/traps.c:174 [inline] do_error_trap+0x123/0x210 arch/x86/kernel/traps.c:267 do_invalid_op+0x31/0x40 arch/x86/kernel/traps.c:286 invalid_op+0x23/0x30 arch/x86/entry/entry_64.S:1027 RIP: 0010:refcount_warn_saturate+0xdd/0x140 lib/refcount.c:25 Code: 4c 9e 2c 06 01 e8 8f 11 ff fd 0f 0b eb 9d 80 3d 3b 9e 2c 06 00 75 94 48 c7 c7 40 12 8d 87 c6 05 2b 9e 2c 06 01 e8 6f 11 ff fd <0f> 0b e9 7a ff ff ff 80 3d 15 9e 2c 06 00 0f 85 6d ff ff ff 48 c7 RSP: 0018:ffffc90003d2fd30 EFLAGS: 00010282 RAX: 0000000000000000 RBX: ffff88808fb7e104 RCX: 0000000000000000 RDX: 0000000000000001 RSI: 0000000000000008 RDI: ffffffff8b3d6360 RBP: 0000000000000002 R08: ffffed1015d06621 R09: ffffed1015d06621 R10: ffffed1015d06620 R11: ffff8880ae833107 R12: 0000000000000001 R13: 0000000000000010 R14: ffff88808fb7e104 R15: ffff88808a8a0000 refcount_add include/linux/refcount.h:191 [inline] refcount_inc include/linux/refcount.h:228 [inline] get_net include/net/net_namespace.h:241 [inline] sk_alloc+0xb78/0xca0 net/core/sock.c:1669 __netlink_create+0x56/0x250 net/netlink/af_netlink.c:629 netlink_create+0x2f3/0x540 net/netlink/af_netlink.c:692 __sock_create+0x25d/0x540 net/socket.c:1420 sock_create net/socket.c:1471 [inline] __sys_socket+0xd1/0x1a0 net/socket.c:1513 __do_sys_socket net/socket.c:1522 [inline] __se_sys_socket net/socket.c:1520 [inline] __x64_sys_socket+0x6a/0xb0 net/socket.c:1520 do_syscall_64+0xc6/0x5e0 arch/x86/entry/common.c:294 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x45c849 Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007fa590ac3c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 RAX: ffffffffffffffda RBX: 00007fa590ac46d4 RCX: 000000000045c849 RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000010 RBP: 000000000076bf00 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff R13: 0000000000000b8b R14: 00000000004cdbcf R15: 000000000076bf0c Kernel Offset: disabled Rebooting in 86400 seconds..