bisecting cause commit starting from f5b7769eb0400ec5217a47e41148a9f816ca1f9f building syzkaller on 27c5f59f504f562333e3cd5e715fea5cb69c396e testing commit f5b7769eb0400ec5217a47e41148a9f816ca1f9f with gcc (GCC) 8.1.0 all runs: crashed: KASAN: use-after-free Read in blkdev_get testing release v4.17 testing commit 29dcea88779c856c7dc92040a0c01233263101d4 with gcc (GCC) 8.1.0 all runs: crashed: KASAN: use-after-free Read in blkdev_get testing release v4.16 testing commit 0adb32858b0bddf4ada5f364a84ed60b196dbcda with gcc (GCC) 8.1.0 all runs: crashed: KASAN: use-after-free Read in blkdev_get testing release v4.15 testing commit d8a5b80568a9cb66810e75b182018e9edb68e8ff with gcc (GCC) 8.1.0 run #0: crashed: KASAN: use-after-free Read in blkdev_get run #1: crashed: KASAN: use-after-free Read in blkdev_get run #2: crashed: KASAN: use-after-free Read in blkdev_get run #3: crashed: KASAN: use-after-free Read in blkdev_get run #4: crashed: KASAN: use-after-free Read in blkdev_get run #5: crashed: KASAN: use-after-free Read in blkdev_get run #6: crashed: KASAN: use-after-free Read in blkdev_get run #7: crashed: KASAN: use-after-free Read in blkdev_get run #8: OK run #9: OK testing release v4.14 testing commit bebc6082da0a9f5d47a1ea2edc099bf671058bd4 with gcc (GCC) 8.1.0 run #0: crashed: KASAN: use-after-free Read in blkdev_get run #1: crashed: KASAN: use-after-free Read in blkdev_get run #2: crashed: KASAN: use-after-free Read in blkdev_get run #3: crashed: KASAN: use-after-free Read in blkdev_get run #4: crashed: KASAN: use-after-free Read in blkdev_get run #5: crashed: KASAN: use-after-free Read in blkdev_get run #6: crashed: KASAN: use-after-free Read in blkdev_get run #7: crashed: KASAN: use-after-free Read in blkdev_get run #8: crashed: KASAN: use-after-free Read in blkdev_get run #9: OK testing release v4.13 testing commit 569dbb88e80deb68974ef6fdd6a13edb9d686261 with gcc (GCC) 8.1.0 run #0: crashed: KASAN: use-after-free Read in blkdev_get run #1: crashed: KASAN: use-after-free Read in blkdev_get run #2: crashed: KASAN: use-after-free Read in blkdev_get run #3: crashed: KASAN: use-after-free Read in blkdev_get run #4: crashed: KASAN: use-after-free Read in blkdev_get run #5: crashed: KASAN: use-after-free Read in blkdev_get run #6: crashed: KASAN: use-after-free Read in blkdev_get run #7: crashed: KASAN: use-after-free Read in blkdev_get run #8: crashed: KASAN: use-after-free Read in blkdev_get run #9: OK testing release v4.12 testing commit 6f7da290413ba713f0cdd9ff1a2a9bb129ef4f6c with gcc (GCC) 8.1.0 run #0: crashed: KASAN: use-after-free Read in blkdev_get run #1: crashed: KASAN: use-after-free Read in blkdev_get run #2: crashed: KASAN: use-after-free Read in blkdev_get run #3: crashed: KASAN: use-after-free Read in blkdev_get run #4: crashed: KASAN: use-after-free Read in blkdev_get run #5: crashed: KASAN: use-after-free Read in blkdev_get run #6: crashed: KASAN: use-after-free Read in blkdev_get run #7: crashed: KASAN: use-after-free Read in blkdev_get run #8: crashed: KASAN: use-after-free Read in blkdev_get run #9: OK testing release v4.11 testing commit a351e9b9fc24e982ec2f0e76379a49826036da12 with gcc (GCC) 7.3.0 run #0: crashed: KASAN: use-after-free Read in blkdev_get run #1: crashed: KASAN: use-after-free Read in blkdev_get run #2: crashed: KASAN: use-after-free Read in blkdev_get run #3: crashed: KASAN: use-after-free Read in blkdev_get run #4: crashed: KASAN: use-after-free Read in blkdev_get run #5: crashed: KASAN: use-after-free Read in blkdev_get run #6: crashed: KASAN: use-after-free Read in blkdev_get run #7: crashed: KASAN: use-after-free Read in blkdev_get run #8: OK run #9: OK testing release v4.10 testing commit c470abd4fde40ea6a0846a2beab642a578c0b8cd with gcc (GCC) 5.5.0 run #0: crashed: KASAN: use-after-free Read in blkdev_get run #1: crashed: KASAN: use-after-free Read in blkdev_get run #2: crashed: KASAN: use-after-free Read in blkdev_get run #3: crashed: KASAN: use-after-free Read in blkdev_get run #4: crashed: KASAN: use-after-free Read in blkdev_get run #5: crashed: KASAN: use-after-free Read in blkdev_get run #6: crashed: KASAN: use-after-free Read in blkdev_get run #7: OK run #8: OK run #9: OK testing release v4.9 testing commit 69973b830859bc6529a7a0468ba0d80ee5117826 with gcc (GCC) 5.5.0 run #0: crashed: KASAN: use-after-free Read in blkdev_get run #1: crashed: KASAN: use-after-free Read in blkdev_get run #2: crashed: KASAN: use-after-free Read in blkdev_get run #3: crashed: KASAN: use-after-free Read in blkdev_get run #4: crashed: KASAN: use-after-free Read in blkdev_get run #5: crashed: KASAN: use-after-free Read in blkdev_get run #6: crashed: KASAN: use-after-free Read in corrupted run #7: OK run #8: crashed: KASAN: use-after-free in __mutex_unlock_slowpath at addr ADDR run #9: OK testing release v4.8 testing commit c8d2bc9bc39ebea8437fd974fdbc21847bb897a3 with gcc (GCC) 5.5.0 run #0: crashed: KASAN: use-after-free Read in blkdev_get run #1: crashed: KASAN: use-after-free Read in blkdev_get run #2: crashed: KASAN: use-after-free Read in blkdev_get run #3: crashed: KASAN: use-after-free Read in blkdev_get run #4: crashed: KASAN: use-after-free Read in blkdev_get run #5: crashed: KASAN: use-after-free Read in blkdev_get run #6: crashed: KASAN: use-after-free Read in blkdev_get run #7: crashed: KASAN: use-after-free Read in blkdev_get run #8: crashed: KASAN: use-after-free Read in blkdev_get run #9: OK testing release v4.7 testing commit 523d939ef98fd712632d93a5a2b588e477a7565e with gcc (GCC) 5.5.0 run #0: crashed: KASAN: use-after-free Read in blkdev_get run #1: crashed: KASAN: use-after-free Read in blkdev_get run #2: crashed: KASAN: use-after-free Read in blkdev_get run #3: crashed: KASAN: use-after-free Read in blkdev_get run #4: crashed: KASAN: use-after-free Read in blkdev_get run #5: crashed: KASAN: use-after-free in mutex_lock_nested at addr ADDR run #6: crashed: KASAN: use-after-free in debug_mutex_unlock at addr ADDR run #7: OK run #8: OK run #9: crashed: KASAN: use-after-free in mutex_lock_nested at addr ADDR testing release v4.6 testing commit 2dcd0af568b0cf583645c8a317dd12e344b1c72a with gcc (GCC) 5.5.0 run #0: crashed: KASAN: use-after-free Read in blkdev_get run #1: crashed: KASAN: use-after-free Read in blkdev_get run #2: crashed: KASAN: use-after-free Read in blkdev_get run #3: crashed: KASAN: use-after-free Read in blkdev_get run #4: crashed: KASAN: use-after-free Read in blkdev_get run #5: crashed: KASAN: use-after-free Read in blkdev_get run #6: crashed: KASAN: use-after-free Read in blkdev_get run #7: crashed: KASAN: use-after-free Read in blkdev_get run #8: crashed: KASAN: use-after-free Read in blkdev_get run #9: OK testing release v4.5 testing commit b562e44f507e863c6792946e4e1b1449fbbac85d with gcc (GCC) 5.5.0 all runs: OK # git bisect start 2dcd0af568b0cf583645c8a317dd12e344b1c72a b562e44f507e863c6792946e4e1b1449fbbac85d Bisecting: 8131 revisions left to test after this (roughly 13 steps) [6b5f04b6cf8ebab9a65d9c0026c650bb2538fd0f] Merge branch 'for-4.6' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/cgroup testing commit 6b5f04b6cf8ebab9a65d9c0026c650bb2538fd0f with gcc (GCC) 5.5.0 all runs: OK # git bisect good 6b5f04b6cf8ebab9a65d9c0026c650bb2538fd0f Bisecting: 3735 revisions left to test after this (roughly 12 steps) [266c73b77706f2d05b4a3e70a5bb702ed35431d6] Merge branch 'drm-next' of git://people.freedesktop.org/~airlied/linux testing commit 266c73b77706f2d05b4a3e70a5bb702ed35431d6 with gcc (GCC) 5.5.0 all runs: OK # git bisect good 266c73b77706f2d05b4a3e70a5bb702ed35431d6 Bisecting: 1902 revisions left to test after this (roughly 11 steps) [b4cec5f66849872d2e9573bc95c2016cb8e530ec] Merge tag 'ntb-4.6' of git://github.com/jonmason/ntb testing commit b4cec5f66849872d2e9573bc95c2016cb8e530ec with gcc (GCC) 5.5.0 mm/kasan/kasan.c:501:3: error: too few arguments to function ‘set_track’ # git bisect skip b4cec5f66849872d2e9573bc95c2016cb8e530ec Bisecting: 1902 revisions left to test after this (roughly 11 steps) [eff471b1b9475cfda38078308e71a9e2d811ff44] MAINTAINERS: intel-wired-lan list is moderated testing commit eff471b1b9475cfda38078308e71a9e2d811ff44 with gcc (GCC) 5.5.0 all runs: crashed: KASAN: use-after-free Read in blkdev_get # git bisect bad eff471b1b9475cfda38078308e71a9e2d811ff44 Bisecting: 1130 revisions left to test after this (roughly 10 steps) [c130423620331a104492bbbcc49f25125e26a21a] Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 testing commit c130423620331a104492bbbcc49f25125e26a21a with gcc (GCC) 5.5.0 all runs: OK # git bisect good c130423620331a104492bbbcc49f25125e26a21a Bisecting: 551 revisions left to test after this (roughly 9 steps) [3d66c6ba3f978fa88d62b83ad35e9adc31c8ea9e] Merge tag 'pm+acpi-4.6-rc1-2' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm testing commit 3d66c6ba3f978fa88d62b83ad35e9adc31c8ea9e with gcc (GCC) 5.5.0 all runs: OK # git bisect good 3d66c6ba3f978fa88d62b83ad35e9adc31c8ea9e Bisecting: 250 revisions left to test after this (roughly 8 steps) [698f415cf5756e320623bdb015a600945743377c] Merge tag 'ofs-pull-tag-1' of git://git.kernel.org/pub/scm/linux/kernel/git/hubcap/linux testing commit 698f415cf5756e320623bdb015a600945743377c with gcc (GCC) 5.5.0 mm/kasan/kasan.c:501:3: error: too few arguments to function ‘set_track’ # git bisect skip 698f415cf5756e320623bdb015a600945743377c Bisecting: 250 revisions left to test after this (roughly 8 steps) [5e263f712691615fb802f06c98d7638c378f5d11] bridge: Allow set bridge ageing time when switchdev disabled testing commit 5e263f712691615fb802f06c98d7638c378f5d11 with gcc (GCC) 5.5.0 all runs: OK # git bisect good 5e263f712691615fb802f06c98d7638c378f5d11 Bisecting: 211 revisions left to test after this (roughly 8 steps) [f1f973ffce96a47c2b3f142e91eccef5bf22f699] ocfs2: code clean up for direct io testing commit f1f973ffce96a47c2b3f142e91eccef5bf22f699 with gcc (GCC) 5.5.0 all runs: OK # git bisect good f1f973ffce96a47c2b3f142e91eccef5bf22f699 Bisecting: 211 revisions left to test after this (roughly 8 steps) [4f20854bf7363cc28d4088f2fa954f1a63b5efce] Orangefs: don't change EXTRAVERSION testing commit 4f20854bf7363cc28d4088f2fa954f1a63b5efce with gcc (GCC) 5.5.0 all runs: OK # git bisect good 4f20854bf7363cc28d4088f2fa954f1a63b5efce Bisecting: 211 revisions left to test after this (roughly 8 steps) [32867fcc0ef9e56939d5200ad983801bbfd581ad] fec: Do not access unexisting register in Coldfire testing commit 32867fcc0ef9e56939d5200ad983801bbfd581ad with gcc (GCC) 5.5.0 all runs: OK # git bisect good 32867fcc0ef9e56939d5200ad983801bbfd581ad Bisecting: 184 revisions left to test after this (roughly 8 steps) [583fa62d082483412715af9ab4f528fcf00e4c38] scsi: ufs: add error recovery after DL NAC error testing commit 583fa62d082483412715af9ab4f528fcf00e4c38 with gcc (GCC) 5.5.0 all runs: OK # git bisect good 583fa62d082483412715af9ab4f528fcf00e4c38 Bisecting: 184 revisions left to test after this (roughly 8 steps) [c57c7a95da842807b475b823ed2e5435c42cb3b0] rtnl: fix msg size calculation in if_nlmsg_size() testing commit c57c7a95da842807b475b823ed2e5435c42cb3b0 with gcc (GCC) 5.5.0 all runs: OK # git bisect good c57c7a95da842807b475b823ed2e5435c42cb3b0 Bisecting: 183 revisions left to test after this (roughly 8 steps) [98815ade9eaca3c4729710129a651aa0b43d007a] orangefs: sanitize handling of request list testing commit 98815ade9eaca3c4729710129a651aa0b43d007a with gcc (GCC) 5.5.0 all runs: OK # git bisect good 98815ade9eaca3c4729710129a651aa0b43d007a Bisecting: 148 revisions left to test after this (roughly 7 steps) [d5a38f6e4668b3110a66cd96ce2096184bf66def] Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/sage/ceph-client testing commit d5a38f6e4668b3110a66cd96ce2096184bf66def with gcc (GCC) 5.5.0 mm/kasan/kasan.c:501:3: error: too few arguments to function ‘set_track’ # git bisect skip d5a38f6e4668b3110a66cd96ce2096184bf66def Bisecting: 148 revisions left to test after this (roughly 7 steps) [ce2a04c15f4b943015aab0c7476cb1460654e914] Merge branch 'stmmac-fixes' testing commit ce2a04c15f4b943015aab0c7476cb1460654e914 with gcc (GCC) 5.5.0 all runs: OK # git bisect good ce2a04c15f4b943015aab0c7476cb1460654e914 Bisecting: 139 revisions left to test after this (roughly 7 steps) [fc0c2028135c7f75fce36b90e44efb8003a9173b] x86, pmem: use memcpy_mcsafe() for memcpy_from_pmem() testing commit fc0c2028135c7f75fce36b90e44efb8003a9173b with gcc (GCC) 5.5.0 mm/kasan/kasan.c:501:3: error: too few arguments to function ‘set_track’ # git bisect skip fc0c2028135c7f75fce36b90e44efb8003a9173b Bisecting: 139 revisions left to test after this (roughly 7 steps) [6ceaf7818f266d917ed61338885ddd2b77008f06] orangefs: we never lookup with sym_follow set testing commit 6ceaf7818f266d917ed61338885ddd2b77008f06 with gcc (GCC) 5.5.0 all runs: OK # git bisect good 6ceaf7818f266d917ed61338885ddd2b77008f06 Bisecting: 139 revisions left to test after this (roughly 7 steps) [f76be61755c52f4e827755901f6317cc1d007b51] Make CONFIG_FHANDLE default y testing commit f76be61755c52f4e827755901f6317cc1d007b51 with gcc (GCC) 5.5.0 run #0: crashed: KASAN: use-after-free Read in blkdev_get run #1: crashed: KASAN: use-after-free Read in blkdev_get run #2: crashed: KASAN: use-after-free Read in blkdev_get run #3: crashed: KASAN: use-after-free Read in blkdev_get run #4: crashed: KASAN: use-after-free Read in blkdev_get run #5: crashed: KASAN: use-after-free Read in blkdev_get run #6: crashed: KASAN: use-after-free Read in blkdev_get run #7: crashed: KASAN: use-after-free Read in blkdev_get run #8: crashed: KASAN: use-after-free Read in blkdev_get run #9: OK # git bisect bad f76be61755c52f4e827755901f6317cc1d007b51 Bisecting: 109 revisions left to test after this (roughly 7 steps) [f971f2263deaa4a441e377b385c11aee0f3b3f9a] drm/radeon: add a dpm quirk for sapphire Dual-X R7 370 2G D5 testing commit f971f2263deaa4a441e377b385c11aee0f3b3f9a with gcc (GCC) 5.5.0 all runs: OK # git bisect good f971f2263deaa4a441e377b385c11aee0f3b3f9a Bisecting: 107 revisions left to test after this (roughly 7 steps) [910cd32e552ea09caa89cdbe328e468979b030dd] parisc: Fix and enable seccomp filter support testing commit 910cd32e552ea09caa89cdbe328e468979b030dd with gcc (GCC) 5.5.0 all runs: OK # git bisect good 910cd32e552ea09caa89cdbe328e468979b030dd Bisecting: 105 revisions left to test after this (roughly 7 steps) [8c34d8d9bec0b2a38e8beab46a643e9b323c8310] MAINTAINERS: update web link for tile architecture testing commit 8c34d8d9bec0b2a38e8beab46a643e9b323c8310 with gcc (GCC) 5.5.0 run #0: basic kernel testing failed: failed to copy test binary to VM: failed to run ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "-i" "/syzkaller/jobs/linux/workdir/image/key" "/tmp/syz-executor731454466" "root@10.128.0.124:./syz-executor731454466"]: exit status 1 ssh: connect to host 10.128.0.124 port 22: Connection timed out lost connection run #1: basic kernel testing failed: failed to copy test binary to VM: failed to run ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "-i" "/syzkaller/jobs/linux/workdir/image/key" "/tmp/syz-executor023289209" "root@10.128.0.138:./syz-executor023289209"]: exit status 1 ssh: connect to host 10.128.0.138 port 22: Connection timed out lost connection run #2: basic kernel testing failed: failed to copy test binary to VM: failed to run ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "-i" "/syzkaller/jobs/linux/workdir/image/key" "/tmp/syz-executor778702468" "root@10.128.0.227:./syz-executor778702468"]: exit status 1 ssh: connect to host 10.128.0.227 port 22: Connection timed out lost connection run #3: crashed: BUG: spinlock lockup suspected in nf_conntrack_lock run #4: crashed: BUG: spinlock lockup suspected in nf_conntrack_lock run #5: crashed: BUG: spinlock lockup suspected in nf_conntrack_lock run #6: crashed: BUG: spinlock lockup suspected in nf_conntrack_lock run #7: crashed: BUG: spinlock lockup suspected in nf_conntrack_lock run #8: crashed: BUG: spinlock lockup suspected in nf_conntrack_lock run #9: crashed: BUG: spinlock lockup suspected in nf_conntrack_lock # git bisect bad 8c34d8d9bec0b2a38e8beab46a643e9b323c8310 Bisecting: 1 revision left to test after this (roughly 1 step) [77ef8f5177599efd0cedeb52c1950c1bd73fa5e3] tile kgdb: fix bug in copy to gdb regs, and optimize memset testing commit 77ef8f5177599efd0cedeb52c1950c1bd73fa5e3 with gcc (GCC) 5.5.0 run #0: basic kernel testing failed: failed to copy test binary to VM: failed to run ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "-i" "/syzkaller/jobs/linux/workdir/image/key" "/tmp/syz-executor395028566" "root@10.128.0.212:./syz-executor395028566"]: exit status 1 ssh: connect to host 10.128.0.212 port 22: Connection timed out lost connection run #1: basic kernel testing failed: failed to copy test binary to VM: failed to run ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "-i" "/syzkaller/jobs/linux/workdir/image/key" "/tmp/syz-executor588545469" "root@10.128.15.202:./syz-executor588545469"]: exit status 1 ssh: connect to host 10.128.15.202 port 22: Connection timed out lost connection run #2: basic kernel testing failed: failed to copy test binary to VM: failed to run ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "-i" "/syzkaller/jobs/linux/workdir/image/key" "/tmp/syz-executor814712824" "root@10.128.15.200:./syz-executor814712824"]: exit status 1 ssh: connect to host 10.128.15.200 port 22: Connection timed out lost connection run #3: basic kernel testing failed: failed to copy test binary to VM: failed to run ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "-i" "/syzkaller/jobs/linux/workdir/image/key" "/tmp/syz-executor931899127" "root@10.128.15.213:./syz-executor931899127"]: exit status 1 ssh: connect to host 10.128.15.213 port 22: Connection timed out lost connection run #4: crashed: BUG: spinlock lockup suspected in nf_conntrack_lock run #5: crashed: BUG: spinlock lockup suspected in nf_conntrack_lock run #6: crashed: BUG: spinlock lockup suspected in nf_conntrack_lock run #7: crashed: BUG: spinlock lockup suspected in nf_conntrack_lock run #8: crashed: BUG: spinlock lockup suspected in nf_conntrack_lock run #9: crashed: BUG: spinlock lockup suspected in nf_conntrack_lock # git bisect bad 77ef8f5177599efd0cedeb52c1950c1bd73fa5e3 77ef8f5177599efd0cedeb52c1950c1bd73fa5e3 is the first bad commit commit 77ef8f5177599efd0cedeb52c1950c1bd73fa5e3 Author: Chris Metcalf Date: Mon Jan 25 15:05:34 2016 -0500 tile kgdb: fix bug in copy to gdb regs, and optimize memset David Binderman pointed out that we were doing a full memset() of the gdb register buffer and then doing a memcpy() to it that was almost as big. This commit optimizes that by only doing a memset() of the registers that are intended to be zero. While making this change I noticed that we were not copying the link register (LR, number 55) due to a fencepost error in commit f419e6f63c5a ("arch: tile: kernel: kgdb.c: Use memcpy() instead of pointer copy one by one"), and I've corrected that as well. Reported-by: David Binderman Signed-off-by: Chris Metcalf :040000 040000 fc537138774688d119adeef93580a7019b489ba7 8f5c259a0e8d3634f9af9a808d7f697fa68e960b M arch revisions tested: 37, total time: 7h35m34.555613641s (build: 1h51m53.940775073s, test: 5h34m51.782820469s) first bad commit: 77ef8f5177599efd0cedeb52c1950c1bd73fa5e3 tile kgdb: fix bug in copy to gdb regs, and optimize memset cc: ["cmetcalf@ezchip.com" "gang.chen.5i5j@gmail.com" "linux-kernel@vger.kernel.org"] crash: BUG: spinlock lockup suspected in nf_conntrack_lock [] ret_from_fork+0x3f/0x70 arch/x86/entry/entry_64.S:468 BUG: spinlock lockup suspected on CPU#1, kworker/u4:3/1732 lock: nf_conntrack_locks+0x0/0xe000, .magic: dead4ead, .owner: kworker/u4:3/1732, .owner_cpu: 1 CPU: 1 PID: 1732 Comm: kworker/u4:3 Not tainted 4.5.0-rc5-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: netns cleanup_net 0000000000000000 ffff880215007c10 ffffffff81813bf0 ffff8802157a05c0 ffffffff82e0a780 ffff880215007c30 ffffffff811c0fe3 ffffffff82e0a780 0000000089173700 ffff880215007c60 ffffffff811c110b ffffffff82e0a780 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0x99/0xd9 lib/dump_stack.c:51 [] spin_dump+0x73/0xc0 kernel/locking/spinlock_debug.c:67 [] __spin_lock_debug kernel/locking/spinlock_debug.c:117 [inline] [] do_raw_spin_lock+0x9b/0x160 kernel/locking/spinlock_debug.c:137 [] __raw_spin_lock include/linux/spinlock_api_smp.h:145 [inline] [] _raw_spin_lock+0x3b/0x50 kernel/locking/spinlock.c:151 [] spin_lock include/linux/spinlock.h:302 [inline] [] nf_conntrack_lock+0xd/0x50 net/netfilter/nf_conntrack_core.c:74 [] ctnl_untimeout.isra.4+0xdc/0x110 net/netfilter/nfnetlink_cttimeout.c:315 [] cttimeout_net_exit+0x28/0x80 net/netfilter/nfnetlink_cttimeout.c:581 [] ops_exit_list.isra.4+0x33/0x60 net/core/net_namespace.c:134 [] cleanup_net+0x1a9/0x270 net/core/net_namespace.c:431 [] process_one_work+0x215/0x680 kernel/workqueue.c:2095 [] worker_thread+0x49/0x490 kernel/workqueue.c:2229 [] kthread+0xf9/0x110 kernel/kthread.c:209 [] ret_from_fork+0x3f/0x70 arch/x86/entry/entry_64.S:468 Sending NMI to all CPUs: NMI backtrace for cpu 0 CPU: 0 PID: 0 Comm: swapper/0 Not tainted 4.5.0-rc5-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 task: ffffffff82e21540 ti: ffffffff82e00000 task.ti: ffffffff82e00000 RIP: 0010:[] [] native_safe_halt+0x6/0x10 arch/x86/include/asm/irqflags.h:50 RSP: 0018:ffffffff82e03eb8 EFLAGS: 00000282 RAX: 0000000000000000 RBX: ffffffff82e00000 RCX: 0000000000000000 RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffff81088779 RBP: ffffffff82e03eb8 R08: 0000000000000000 R09: 0000000000000001 R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 R13: 0000000000000000 R14: 0000000000000000 R15: ffffffff82e00000 FS: 0000000000000000(0000) GS:ffff88021fc00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000000c420447ff8 CR3: 0000000213184000 CR4: 00000000001406f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Stack: ffffffff82e03ed8 ffffffff8108878c ffffffff82e00000 ffffffff82e04000 ffffffff82e03ee8 ffffffff8108915a ffffffff82e03ef8 ffffffff811b4b95 ffffffff82e03f40 ffffffff811b4fb5 ffffffff82e04000 5fc487f0d21a4870 Call Trace: [] arch_safe_halt arch/x86/include/asm/paravirt.h:117 [inline] [] default_idle+0x2c/0x1a0 arch/x86/kernel/process.c:304 [] arch_cpu_idle+0xa/0x10 arch/x86/kernel/process.c:295 [] default_idle_call+0x25/0x50 kernel/sched/idle.c:92 [] cpuidle_idle_call kernel/sched/idle.c:150 [inline] [] cpu_idle_loop kernel/sched/idle.c:246 [inline] [] cpu_startup_entry+0x3f5/0x480 kernel/sched/idle.c:294 [] rest_init+0x135/0x140 init/main.c:412 [] start_kernel+0x4a6/0x4b3 init/main.c:683 [] x86_64_start_reservations+0x2a/0x2c arch/x86/kernel/head64.c:203 [] x86_64_start_kernel+0x145/0x152 arch/x86/kernel/head64.c:184 Code: 00 00 00 00 00 55 48 89 e5 fa 5d c3 66 0f 1f 84 00 00 00 00 00 55 48 89 e5 fb 5d c3 66 0f 1f 84 00 00 00 00 00 55 48 89 e5 fb f4 <5d> c3 0f 1f 84 00 00 00 00 00 55 48 89 e5 f4 5d c3 66 0f 1f 84 NMI backtrace for cpu 1 CPU: 1 PID: 1732 Comm: kworker/u4:3 Not tainted 4.5.0-rc5-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: netns cleanup_net task: ffff8802157a05c0 ti: ffff880215004000 task.ti: ffff880215004000 RIP: 0010:[] [] native_write_msr_safe+0x6/0x40 arch/x86/include/asm/msr.h:132 RSP: 0018:ffff880215007b68 EFLAGS: 00000086 RAX: 0000000000000400 RBX: ffffffff8301d5e0 RCX: 0000000000000830 RDX: 0000000000000001 RSI: 0000000000000400 RDI: 0000000000000830 RBP: ffff880215007b70 R08: 0000000000000400 R09: 0000000000000003 R10: ffffffff83239408 R11: 0000000000000001 R12: 0000000000080000 R13: 0000000000000001 R14: 0000000000000001 R15: 000000000000a130 FS: 0000000000000000(0000) GS:ffff88021fd00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f0c9c188150 CR3: 0000000002e1a000 CR4: 00000000001406e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Stack: ffffffff810beb4a ffff880215007bb8 ffffffff810bebff 0000000000000282 0000000200000010 0000000000011440 0000000000000001 ffffffff810bb810 0000000089173700 0000000000000001 ffff880215007bc8 ffffffff810becce Call Trace: [] __x2apic_send_IPI_mask+0xaf/0x120 arch/x86/kernel/apic/x2apic_phys.c:62 [] x2apic_send_IPI_mask+0xe/0x10 arch/x86/kernel/apic/x2apic_cluster.c:87 [] nmi_raise_cpu_backtrace+0x16/0x20 arch/x86/kernel/apic/hw_nmi.c:33 [] nmi_trigger_all_cpu_backtrace+0x243/0x250 lib/nmi_backtrace.c:85 [] arch_trigger_all_cpu_backtrace+0x14/0x20 arch/x86/kernel/apic/hw_nmi.c:38 [] trigger_all_cpu_backtrace include/linux/nmi.h:41 [inline] [] __spin_lock_debug kernel/locking/spinlock_debug.c:119 [inline] [] do_raw_spin_lock+0xa5/0x160 kernel/locking/spinlock_debug.c:137 [] __raw_spin_lock include/linux/spinlock_api_smp.h:145 [inline] [] _raw_spin_lock+0x3b/0x50 kernel/locking/spinlock.c:151 [] spin_lock include/linux/spinlock.h:302 [inline] [] nf_conntrack_lock+0xd/0x50 net/netfilter/nf_conntrack_core.c:74 [] ctnl_untimeout.isra.4+0xdc/0x110 net/netfilter/nfnetlink_cttimeout.c:315 [] cttimeout_net_exit+0x28/0x80 net/netfilter/nfnetlink_cttimeout.c:581 [] ops_exit_list.isra.4+0x33/0x60 net/core/net_namespace.c:134 [] cleanup_net+0x1a9/0x270 net/core/net_namespace.c:431 [] process_one_work+0x215/0x680 kernel/workqueue.c:2095 [] worker_thread+0x49/0x490 kernel/workqueue.c:2229 [] kthread+0xf9/0x110 kernel/kthread.c:209 [] ret_from_fork+0x3f/0x70 arch/x86/entry/entry_64.S:468 Code: 5b 5d c3 48 c1 e2 20 48 89 d3 31 d2 48 09 c3 48 89 de e8 6e 84 78 00 48 89 d8 5b 5d c3 0f 1f 84 00 00 00 00 00 89 f0 89 f9 0f 30 <31> c0 0f 1f 44 00 00 c3 55 41 89 f0 48 89 d6 48 c1 e6 20 89 c2