bisecting fixing commit since c2568c8c9e636a56abf31da4b28b65d3ded02524
building syzkaller on 1880b4a9f394370a7d1fcb5c1cfca0fa1127b463
testing commit c2568c8c9e636a56abf31da4b28b65d3ded02524 with gcc (GCC) 8.1.0
kernel signature: 4e43e8fa8cd77c66d6168fc16a84ab4573bd8a42600222484d229305013219da
run #0: crashed: INFO: task hung in synchronize_rcu
run #1: crashed: INFO: task hung in synchronize_rcu
run #2: crashed: INFO: task hung in synchronize_rcu
run #3: OK
run #4: crashed: INFO: task hung in synchronize_rcu
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
testing current HEAD 3fb6928b56f67167406daefa13ca9d2b94d48eb0
testing commit 3fb6928b56f67167406daefa13ca9d2b94d48eb0 with gcc (GCC) 8.1.0
kernel signature: 6fa83e807c72c1b1bc8ab859d9148b41d2fe5d15a772526b0b9d88317bf29ad2
all runs: crashed: BUG: using __this_cpu_read() in preemptible code in trace_hardirqs_on
revisions tested: 2, total time: 24m6.36795222s (build: 10m6.059901327s, test: 13m32.116306513s)
the crash still happens on HEAD
commit msg: net: ipa: restrict special reset to IPA v3.5.1
crash: BUG: using __this_cpu_read() in preemptible code in trace_hardirqs_on
BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.3/8371
caller is lockdep_hardirqs_on_prepare+0x2f/0x1d0 kernel/locking/lockdep.c:4060
CPU: 1 PID: 8371 Comm: syz-executor.3 Not tainted 5.10.0-rc1-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0xa3/0xc8 lib/dump_stack.c:118
 check_preemption_disabled+0xbe/0xd0 lib/smp_processor_id.c:48
 lockdep_hardirqs_on_prepare+0x2f/0x1d0 kernel/locking/lockdep.c:4060
 trace_hardirqs_on+0x1a/0xf0 kernel/trace/trace_preemptirq.c:49
 __bad_area_nosemaphore+0x5e/0x210 arch/x86/mm/fault.c:797
 do_user_addr_fault arch/x86/mm/fault.c:1355 [inline]
 handle_page_fault arch/x86/mm/fault.c:1429 [inline]
 exc_page_fault+0x1ac/0x700 arch/x86/mm/fault.c:1485
 asm_exc_page_fault+0x1e/0x30 arch/x86/include/asm/idtentry.h:583
RIP: 0033:0x400580
Code: 01 e9 cd 01 00 00 48 8b 44 24 10 48 0b 44 24 28 75 20 48 8b 14 24 48 8b 7c 24 20 be 02 00 00 00 e8 45 68 00 00 48 8b 4c 24 08 <66> 89 01 e9 a1 01 00 00 48 8b 44 24 08 48 8b 14 24 be 02 00 00 00
RSP: 002b:00007ffcf605d150 EFLAGS: 00010206
RAX: 0000000000000018 RBX: 0000000001190600 RCX: 00000000200002c0
RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000000000000018
RBP: 0000000001190608 R08: 0000000000000000 R09: 0000000000000000
R10: 00007ffcf605d260 R11: 0000000000000246 R12: fffffffffffffffe
R13: 000000000000b9ea R14: 00000000000003e8 R15: 000000000118bfd4
BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.3/8371
caller is lockdep_hardirqs_on+0x34/0x120 kernel/locking/lockdep.c:4129
CPU: 1 PID: 8371 Comm: syz-executor.3 Not tainted 5.10.0-rc1-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0xa3/0xc8 lib/dump_stack.c:118
 check_preemption_disabled+0xbe/0xd0 lib/smp_processor_id.c:48
 lockdep_hardirqs_on+0x34/0x120 kernel/locking/lockdep.c:4129
 __bad_area_nosemaphore+0x5e/0x210 arch/x86/mm/fault.c:797
 do_user_addr_fault arch/x86/mm/fault.c:1355 [inline]
 handle_page_fault arch/x86/mm/fault.c:1429 [inline]
 exc_page_fault+0x1ac/0x700 arch/x86/mm/fault.c:1485
 asm_exc_page_fault+0x1e/0x30 arch/x86/include/asm/idtentry.h:583
RIP: 0033:0x400580
Code: 01 e9 cd 01 00 00 48 8b 44 24 10 48 0b 44 24 28 75 20 48 8b 14 24 48 8b 7c 24 20 be 02 00 00 00 e8 45 68 00 00 48 8b 4c 24 08 <66> 89 01 e9 a1 01 00 00 48 8b 44 24 08 48 8b 14 24 be 02 00 00 00
RSP: 002b:00007ffcf605d150 EFLAGS: 00010206
RAX: 0000000000000018 RBX: 0000000001190600 RCX: 00000000200002c0
RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000000000000018
RBP: 0000000001190608 R08: 0000000000000000 R09: 0000000000000000
R10: 00007ffcf605d260 R11: 0000000000000246 R12: fffffffffffffffe
R13: 000000000000b9ea R14: 00000000000003e8 R15: 000000000118bfd4
BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.3/8371
caller is lockdep_hardirqs_on_prepare+0x2f/0x1d0 kernel/locking/lockdep.c:4060
CPU: 1 PID: 8371 Comm: syz-executor.3 Not tainted 5.10.0-rc1-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0xa3/0xc8 lib/dump_stack.c:118
 check_preemption_disabled+0xbe/0xd0 lib/smp_processor_id.c:48
 lockdep_hardirqs_on_prepare+0x2f/0x1d0 kernel/locking/lockdep.c:4060
 trace_hardirqs_on+0x1a/0xf0 kernel/trace/trace_preemptirq.c:49
 __bad_area_nosemaphore+0x5e/0x210 arch/x86/mm/fault.c:797
 do_user_addr_fault arch/x86/mm/fault.c:1355 [inline]
 handle_page_fault arch/x86/mm/fault.c:1429 [inline]
 exc_page_fault+0x1ac/0x700 arch/x86/mm/fault.c:1485
 asm_exc_page_fault+0x1e/0x30 arch/x86/include/asm/idtentry.h:583
RIP: 0033:0x400604
Code: 06 e9 49 01 00 00 48 8b 44 24 10 48 0b 44 24 28 75 1f 48 8b 14 24 48 8b 7c 24 20 be 04 00 00 00 e8 c1 67 00 00 48 8b 74 24 08 <89> 06 e9 1e 01 00 00 48 8b 44 24 08 48 8b 14 24 be 04 00 00 00 8b
RSP: 002b:00007ffcf605d150 EFLAGS: 00010206
RAX: 0000000000000007 RBX: 0000000001190628 RCX: 0000000000000000
RDX: 0000000000000000 RSI: 00000000200002c2 RDI: 0000000000000007
RBP: 0000000001190630 R08: 0000000000000000 R09: 0000000000000000
R10: 00007ffcf605d260 R11: 0000000000000246 R12: fffffffffffffffe
R13: 000000000000b9ea R14: 00000000000003e8 R15: 000000000118bfd4
BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.3/8371
caller is lockdep_hardirqs_on+0x34/0x120 kernel/locking/lockdep.c:4129
CPU: 1 PID: 8371 Comm: syz-executor.3 Not tainted 5.10.0-rc1-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0xa3/0xc8 lib/dump_stack.c:118
 check_preemption_disabled+0xbe/0xd0 lib/smp_processor_id.c:48
 lockdep_hardirqs_on+0x34/0x120 kernel/locking/lockdep.c:4129
 __bad_area_nosemaphore+0x5e/0x210 arch/x86/mm/fault.c:797
 do_user_addr_fault arch/x86/mm/fault.c:1355 [inline]
 handle_page_fault arch/x86/mm/fault.c:1429 [inline]
 exc_page_fault+0x1ac/0x700 arch/x86/mm/fault.c:1485
 asm_exc_page_fault+0x1e/0x30 arch/x86/include/asm/idtentry.h:583
RIP: 0033:0x400604
Code: 06 e9 49 01 00 00 48 8b 44 24 10 48 0b 44 24 28 75 1f 48 8b 14 24 48 8b 7c 24 20 be 04 00 00 00 e8 c1 67 00 00 48 8b 74 24 08 <89> 06 e9 1e 01 00 00 48 8b 44 24 08 48 8b 14 24 be 04 00 00 00 8b
RSP: 002b:00007ffcf605d150 EFLAGS: 00010206

RAX: 0000000000000007 RBX: 0000000001190628 RCX: 0000000000000000
RDX: 0000000000000000 RSI: 00000000200002c2 RDI: 0000000000000007
RBP: 0000000001190630 R08: 0000000000000000 R09: 0000000000000000
R10: 00007ffcf605d260 R11: 0000000000000246 R12: fffffffffffffffe
R13: 000000000000b9ea R14: 00000000000003e8 R15: 000000000118bfd4
BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.3/8371
caller is lockdep_hardirqs_on_prepare+0x2f/0x1d0 kernel/locking/lockdep.c:4060
CPU: 0 PID: 8371 Comm: syz-executor.3 Not tainted 5.10.0-rc1-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0xa3/0xc8 lib/dump_stack.c:118
 check_preemption_disabled+0xbe/0xd0 lib/smp_processor_id.c:48
 lockdep_hardirqs_on_prepare+0x2f/0x1d0 kernel/locking/lockdep.c:4060
 trace_hardirqs_on+0x1a/0xf0 kernel/trace/trace_preemptirq.c:49
 __bad_area_nosemaphore+0x5e/0x210 arch/x86/mm/fault.c:797
 do_user_addr_fault arch/x86/mm/fault.c:1355 [inline]
 handle_page_fault arch/x86/mm/fault.c:1429 [inline]
 exc_page_fault+0x1ac/0x700 arch/x86/mm/fault.c:1485
 asm_exc_page_fault+0x1e/0x30 arch/x86/include/asm/idtentry.h:583
RIP: 0033:0x400604
Code: 06 e9 49 01 00 00 48 8b 44 24 10 48 0b 44 24 28 75 1f 48 8b 14 24 48 8b 7c 24 20 be 04 00 00 00 e8 c1 67 00 00 48 8b 74 24 08 <89> 06 e9 1e 01 00 00 48 8b 44 24 08 48 8b 14 24 be 04 00 00 00 8b
RSP: 002b:00007ffcf605d150 EFLAGS: 00010206
RAX: 0000000000000000 RBX: 0000000001190650 RCX: 0000000000000000
RDX: 0000000000000000 RSI: 00000000200002c6 RDI: 0000000000000000
RBP: 0000000001190658 R08: 0000000000000000 R09: 0000000000000000
R10: 00007ffcf605d260 R11: 0000000000000246 R12: fffffffffffffffe
R13: 000000000000b9ea R14: 00000000000003e8 R15: 000000000118bfd4
BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.3/8371
caller is lockdep_hardirqs_on+0x34/0x120 kernel/locking/lockdep.c:4129
CPU: 0 PID: 8371 Comm: syz-executor.3 Not tainted 5.10.0-rc1-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0xa3/0xc8 lib/dump_stack.c:118
 check_preemption_disabled+0xbe/0xd0 lib/smp_processor_id.c:48
 lockdep_hardirqs_on+0x34/0x120 kernel/locking/lockdep.c:4129
 __bad_area_nosemaphore+0x5e/0x210 arch/x86/mm/fault.c:797
 do_user_addr_fault arch/x86/mm/fault.c:1355 [inline]
 handle_page_fault arch/x86/mm/fault.c:1429 [inline]
 exc_page_fault+0x1ac/0x700 arch/x86/mm/fault.c:1485
 asm_exc_page_fault+0x1e/0x30 arch/x86/include/asm/idtentry.h:583
RIP: 0033:0x400604
Code: 06 e9 49 01 00 00 48 8b 44 24 10 48 0b 44 24 28 75 1f 48 8b 14 24 48 8b 7c 24 20 be 04 00 00 00 e8 c1 67 00 00 48 8b 74 24 08 <89> 06 e9 1e 01 00 00 48 8b 44 24 08 48 8b 14 24 be 04 00 00 00 8b
RSP: 002b:00007ffcf605d150 EFLAGS: 00010206
RAX: 0000000000000000 RBX: 0000000001190650 RCX: 0000000000000000
RDX: 0000000000000000 RSI: 00000000200002c6 RDI: 0000000000000000
RBP: 0000000001190658 R08: 0000000000000000 R09: 0000000000000000
R10: 00007ffcf605d260 R11: 0000000000000246 R12: fffffffffffffffe
R13: 000000000000b9ea R14: 00000000000003e8 R15: 000000000118bfd4
BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.3/8371
caller is lockdep_hardirqs_on_prepare+0x2f/0x1d0 kernel/locking/lockdep.c:4060
CPU: 0 PID: 8371 Comm: syz-executor.3 Not tainted 5.10.0-rc1-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0xa3/0xc8 lib/dump_stack.c:118
 check_preemption_disabled+0xbe/0xd0 lib/smp_processor_id.c:48
 lockdep_hardirqs_on_prepare+0x2f/0x1d0 kernel/locking/lockdep.c:4060
 trace_hardirqs_on+0x1a/0xf0 kernel/trace/trace_preemptirq.c:49
 __bad_area_nosemaphore+0x5e/0x210 arch/x86/mm/fault.c:797
 do_user_addr_fault arch/x86/mm/fault.c:1355 [inline]
 handle_page_fault arch/x86/mm/fault.c:1429 [inline]
 exc_page_fault+0x1ac/0x700 arch/x86/mm/fault.c:1485
 asm_exc_page_fault+0x1e/0x30 arch/x86/include/asm/idtentry.h:583
RIP: 0033:0x400604
Code: 06 e9 49 01 00 00 48 8b 44 24 10 48 0b 44 24 28 75 1f 48 8b 14 24 48 8b 7c 24 20 be 04 00 00 00 e8 c1 67 00 00 48 8b 74 24 08 <89> 06 e9 1e 01 00 00 48 8b 44 24 08 48 8b 14 24 be 04 00 00 00 8b
RSP: 002b:00007ffcf605d150 EFLAGS: 00010206
RAX: ffffffffffffffff RBX: 0000000001190678 RCX: 0000000000000000
RDX: 0000000000000000 RSI: 00000000200002ca RDI: ffffffffffffffff
RBP: 0000000001190680 R08: 0000000000000000 R09: 0000000000000000
R10: 00007ffcf605d260 R11: 0000000000000246 R12: fffffffffffffffe
R13: 000000000000b9ea R14: 00000000000003e8 R15: 000000000118bfd4
BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.3/8371
caller is lockdep_hardirqs_on+0x34/0x120 kernel/locking/lockdep.c:4129
CPU: 0 PID: 8371 Comm: syz-executor.3 Not tainted 5.10.0-rc1-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0xa3/0xc8 lib/dump_stack.c:118
 check_preemption_disabled+0xbe/0xd0 lib/smp_processor_id.c:48
 lockdep_hardirqs_on+0x34/0x120 kernel/locking/lockdep.c:4129
 __bad_area_nosemaphore+0x5e/0x210 arch/x86/mm/fault.c:797
 do_user_addr_fault arch/x86/mm/fault.c:1355 [inline]
 handle_page_fault arch/x86/mm/fault.c:1429 [inline]
 exc_page_fault+0x1ac/0x700 arch/x86/mm/fault.c:1485
 asm_exc_page_fault+0x1e/0x30 arch/x86/include/asm/idtentry.h:583
RIP: 0033:0x400604
Code: 06 e9 49 01 00 00 48 8b 44 24 10 48 0b 44 24 28 75 1f 48 8b 14 24 48 8b 7c 24 20 be 04 00 00 00 e8 c1 67 00 00 48 8b 74 24 08 <89> 06 e9 1e 01 00 00 48 8b 44 24 08 48 8b 14 24 be 04 00 00 00 8b
RSP: 002b:00007ffcf605d150 EFLAGS: 00010206
RAX: ffffffffffffffff RBX: 0000000001190678 RCX: 0000000000000000
RDX: 0000000000000000 RSI: 00000000200002ca RDI: ffffffffffffffff
RBP: 0000000001190680 R08: 0000000000000000 R09: 0000000000000000
R10: 00007ffcf605d260 R11: 0000000000000246 R12: fffffffffffffffe
R13: 000000000000b9ea R14: 00000000000003e8 R15: 000000000118bfd4
BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.3/8371
caller is lockdep_hardirqs_on_prepare+0x2f/0x1d0 kernel/locking/lockdep.c:4060
CPU: 1 PID: 8371 Comm: syz-executor.3 Not tainted 5.10.0-rc1-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0xa3/0xc8 lib/dump_stack.c:118
 check_preemption_disabled+0xbe/0xd0 lib/smp_processor_id.c:48
 lockdep_hardirqs_on_prepare+0x2f/0x1d0 kernel/locking/lockdep.c:4060
 trace_hardirqs_on+0x1a/0xf0 kernel/trace/trace_preemptirq.c:49
 __bad_area_nosemaphore+0x5e/0x210 arch/x86/mm/fault.c:797
 do_user_addr_fault arch/x86/mm/fault.c:1355 [inline]
 handle_page_fault arch/x86/mm/fault.c:1429 [inline]
 exc_page_fault+0x1ac/0x700 arch/x86/mm/fault.c:1485
 asm_exc_page_fault+0x1e/0x30 arch/x86/include/asm/idtentry.h:583
RIP: 0033:0x400604
Code: 06 e9 49 01 00 00 48 8b 44 24 10 48 0b 44 24 28 75 1f 48 8b 14 24 48 8b 7c 24 20 be 04 00 00 00 e8 c1 67 00 00 48 8b 74 24 08 <89> 06 e9 1e 01 00 00 48 8b 44 24 08 48 8b 14 24 be 04 00 00 00 8b
RSP: 002b:00007ffcf605d150 EFLAGS: 00010206
RAX: 0000000000000000 RBX: 00000000011906a0 RCX: 0000000000000000
RDX: 0000000000000000 RSI: 00000000200002ce RDI: 0000000000000000
RBP: 00000000011906a8 R08: 0000000000000000 R09: 0000000000000000
R10: 00007ffcf605d260 R11: 0000000000000246 R12: fffffffffffffffe
R13: 000000000000b9ea R14: 00000000000003e8 R15: 000000000118bfd4
BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.3/8371
caller is lockdep_hardirqs_on+0x34/0x120 kernel/locking/lockdep.c:4129
CPU: 1 PID: 8371 Comm: syz-executor.3 Not tainted 5.10.0-rc1-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0xa3/0xc8 lib/dump_stack.c:118
 check_preemption_disabled+0xbe/0xd0 lib/smp_processor_id.c:48
 lockdep_hardirqs_on+0x34/0x120 kernel/locking/lockdep.c:4129
 __bad_area_nosemaphore+0x5e/0x210 arch/x86/mm/fault.c:797
 do_user_addr_fault arch/x86/mm/fault.c:1355 [inline]
 handle_page_fault arch/x86/mm/fault.c:1429 [inline]
 exc_page_fault+0x1ac/0x700 arch/x86/mm/fault.c:1485
 asm_exc_page_fault+0x1e/0x30 arch/x86/include/asm/idtentry.h:583
RIP: 0033:0x400604
Code: 06 e9 49 01 00 00 48 8b 44 24 10 48 0b 44 24 28 75 1f 48 8b 14 24 48 8b 7c 24 20 be 04 00 00 00 e8 c1 67 00 00 48 8b 74 24 08 <89> 06 e9 1e 01 00 00 48 8b 44 24 08 48 8b 14 24 be 04 00 00 00 8b
RSP: 002b:00007ffcf605d150 EFLAGS: 00010206
RAX: 0000000000000000 RBX: 00000000011906a0 RCX: 0000000000000000
RDX: 0000000000000000 RSI: 00000000200002ce RDI: 0000000000000000
RBP: 00000000011906a8 R08: 0000000000000000 R09: 0000000000000000
R10: 00007ffcf605d260 R11: 0000000000000246 R12: fffffffffffffffe
R13: 000000000000b9ea R14: 00000000000003e8 R15: 000000000118bfd4