bisecting fixing commit since d573e8a79f70404ba08623d1de7ea617d55092ac building syzkaller on f8368f999a1964df6d39a225cd3f5ab3942dd755 testing commit d573e8a79f70404ba08623d1de7ea617d55092ac with gcc (GCC) 8.1.0 kernel signature: 6955a070488f96c5311e73bdf7e1ae6e5d4c712e run #0: crashed: WARNING in __put_task_struct run #1: crashed: WARNING in __put_task_struct run #2: crashed: WARNING: ODEBUG bug in free_task run #3: crashed: WARNING: ODEBUG bug in free_task run #4: crashed: WARNING: ODEBUG bug in free_task run #5: crashed: WARNING: ODEBUG bug in free_task run #6: crashed: WARNING: ODEBUG bug in free_task run #7: crashed: WARNING: ODEBUG bug in free_task run #8: crashed: WARNING: ODEBUG bug in corrupted run #9: crashed: WARNING: ODEBUG bug in free_task testing current HEAD fb683b5e3f53a73e761952735736180939a313df testing commit fb683b5e3f53a73e761952735736180939a313df with gcc (GCC) 8.1.0 kernel signature: 8c4055f7b10ad68b5f021c813f76dd57a7be6ef0 all runs: OK # git bisect start fb683b5e3f53a73e761952735736180939a313df d573e8a79f70404ba08623d1de7ea617d55092ac Bisecting: 1167 revisions left to test after this (roughly 10 steps) [cd554b025c09ab67c278fb8599fd268185a07628] rtl8187: Fix warning generated when strncpy() destination length matches the sixe argument testing commit cd554b025c09ab67c278fb8599fd268185a07628 with gcc (GCC) 8.1.0 kernel signature: dae7809c11a8a7a48b264930d025e70fa8555e96 all runs: OK # git bisect bad cd554b025c09ab67c278fb8599fd268185a07628 Bisecting: 583 revisions left to test after this (roughly 9 steps) [a23cd06c2cd2aab5728c1755616d2a1ffb95d6ac] ARM: OMAP2+: Fix missing reset done flag for am3 and am43 testing commit a23cd06c2cd2aab5728c1755616d2a1ffb95d6ac with gcc (GCC) 8.1.0 kernel signature: 24e99d08e6ce9878f7754a065edfb77ed8a3fd5f all runs: OK # git bisect bad a23cd06c2cd2aab5728c1755616d2a1ffb95d6ac Bisecting: 291 revisions left to test after this (roughly 8 steps) [782a77f2eb39207589ef9175a2ceadd0cca12112] drm/amd/display: reprogram VM config when system resume testing commit 782a77f2eb39207589ef9175a2ceadd0cca12112 with gcc (GCC) 8.1.0 kernel signature: c615b855a08eefa54363638b70349015c315f0a9 all runs: OK # git bisect bad 782a77f2eb39207589ef9175a2ceadd0cca12112 Bisecting: 145 revisions left to test after this (roughly 7 steps) [dfaf60580191207627a85739850799bbb13280f4] ARM: dts: imx7-colibri: disable HS400 testing commit dfaf60580191207627a85739850799bbb13280f4 with gcc (GCC) 8.1.0 kernel signature: 260173bc9db04af2140ec0c45e58958afcbfdabd all runs: OK # git bisect bad dfaf60580191207627a85739850799bbb13280f4 Bisecting: 72 revisions left to test after this (roughly 6 steps) [587df35cbf654a063372fb1b523a0b56a5f789ab] nfp: flower: fix memory leak in nfp_flower_spawn_vnic_reprs testing commit 587df35cbf654a063372fb1b523a0b56a5f789ab with gcc (GCC) 8.1.0 kernel signature: a321f6f310d653d7701d0cdcbf3c45b96c99c0f0 all runs: OK # git bisect bad 587df35cbf654a063372fb1b523a0b56a5f789ab Bisecting: 35 revisions left to test after this (roughly 5 steps) [6b449e4cf09021310552e319fa1cccff45b67a4a] scsi: qla2xxx: Turn off IOCB timeout timer on IOCB completion testing commit 6b449e4cf09021310552e319fa1cccff45b67a4a with gcc (GCC) 8.1.0 kernel signature: 33037d8d9eb67f1843ea5feb493d9fb8f1e6b720 all runs: OK # git bisect bad 6b449e4cf09021310552e319fa1cccff45b67a4a Bisecting: 17 revisions left to test after this (roughly 4 steps) [79e972a89cad2b98643cb5555dc14c4f60c5dd16] net/mlx5e: Allow reporting of checksum unnecessary testing commit 79e972a89cad2b98643cb5555dc14c4f60c5dd16 with gcc (GCC) 8.1.0 kernel signature: 79751858333b8da94f3b9e7e62228d991981dce5 all runs: OK # git bisect bad 79e972a89cad2b98643cb5555dc14c4f60c5dd16 Bisecting: 8 revisions left to test after this (roughly 3 steps) [acc96be807bb2229cdd1589e67558f99ae4db672] HID: logitech: Fix general protection fault caused by Logitech driver testing commit acc96be807bb2229cdd1589e67558f99ae4db672 with gcc (GCC) 8.1.0 kernel signature: 44a87ec2e3e12c28a82590346c5aec0932007632 all runs: OK # git bisect bad acc96be807bb2229cdd1589e67558f99ae4db672 Bisecting: 4 revisions left to test after this (roughly 2 steps) [80fc27953e74d664bf946d45feae90df1023327b] powerpc/xive: Fix bogus error code returned by OPAL testing commit 80fc27953e74d664bf946d45feae90df1023327b with gcc (GCC) 8.1.0 kernel signature: 28d8bdb48abeef0aab4137aeb59443f1c2806fae run #0: basic kernel testing failed: failed to copy test binary to VM: failed to run ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "-i" "/syzkaller/jobs/linux/workdir/image/key" "/tmp/syz-executor631781735" "root@10.128.15.219:./syz-executor631781735"]: exit status 1 ssh: connect to host 10.128.15.219 port 22: Connection timed out lost connection run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect bad 80fc27953e74d664bf946d45feae90df1023327b Bisecting: 1 revision left to test after this (roughly 1 step) [373f9092df9556685174aeec9ac5658a8d3bff72] net/ibmvnic: free reset work of removed device from queue testing commit 373f9092df9556685174aeec9ac5658a8d3bff72 with gcc (GCC) 8.1.0 kernel signature: c2ca5330fbf81808e078aed370bae9789ce763f3 run #0: crashed: WARNING: ODEBUG bug in free_task run #1: crashed: WARNING: ODEBUG bug in free_task run #2: crashed: WARNING: ODEBUG bug in free_task run #3: crashed: WARNING: ODEBUG bug in free_task run #4: crashed: WARNING: ODEBUG bug in free_task run #5: crashed: WARNING in corrupted run #6: crashed: WARNING: ODEBUG bug in free_task run #7: crashed: WARNING: ODEBUG bug in free_task run #8: crashed: WARNING: ODEBUG bug in free_task run #9: crashed: WARNING: ODEBUG bug in corrupted # git bisect good 373f9092df9556685174aeec9ac5658a8d3bff72 Bisecting: 0 revisions left to test after this (roughly 0 steps) [4eb92a1148342af1d6f82018d20cd862e1d3ab7e] RDMA/restrack: Protect from reentry to resource return path testing commit 4eb92a1148342af1d6f82018d20cd862e1d3ab7e with gcc (GCC) 8.1.0 kernel signature: 01992a6db0a5707fdefd3025783ef776bbb591fa all runs: OK # git bisect bad 4eb92a1148342af1d6f82018d20cd862e1d3ab7e 4eb92a1148342af1d6f82018d20cd862e1d3ab7e is the first bad commit commit 4eb92a1148342af1d6f82018d20cd862e1d3ab7e Author: Leon Romanovsky Date: Thu Oct 11 22:10:10 2018 +0300 RDMA/restrack: Protect from reentry to resource return path commit fe9bc1644918aa1d02a889b4ca788bfb67f90816 upstream. Nullify the resource task struct pointer to ensure that subsequent calls won't try to release task_struct again. ------------[ cut here ]------------ ODEBUG: free active (active state 1) object type: rcu_head hint: (null) WARNING: CPU: 0 PID: 6048 at lib/debugobjects.c:329 debug_print_object+0x16a/0x210 lib/debugobjects.c:326 Kernel panic - not syncing: panic_on_warn set ... CPU: 0 PID: 6048 Comm: syz-executor022 Not tainted 4.19.0-rc7-next-20181008+ #89 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x244/0x3ab lib/dump_stack.c:113 panic+0x238/0x4e7 kernel/panic.c:184 __warn.cold.8+0x163/0x1ba kernel/panic.c:536 report_bug+0x254/0x2d0 lib/bug.c:186 fixup_bug arch/x86/kernel/traps.c:178 [inline] do_error_trap+0x11b/0x200 arch/x86/kernel/traps.c:271 do_invalid_op+0x36/0x40 arch/x86/kernel/traps.c:290 invalid_op+0x14/0x20 arch/x86/entry/entry_64.S:969 RIP: 0010:debug_print_object+0x16a/0x210 lib/debugobjects.c:326 Code: 41 88 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 92 00 00 00 48 8b 14 dd 60 02 41 88 4c 89 fe 48 c7 c7 00 f8 40 88 e8 36 2f b4 fd <0f> 0b 83 05 a9 f4 5e 06 01 48 83 c4 18 5b 41 5c 41 5d 41 5e 41 5f RSP: 0018:ffff8801d8c3eda8 EFLAGS: 00010086 RAX: 0000000000000000 RBX: 0000000000000003 RCX: 0000000000000000 RDX: 0000000000000000 RSI: ffffffff8164d235 RDI: 0000000000000005 RBP: ffff8801d8c3ede8 R08: ffff8801d70aa280 R09: ffffed003b5c3eda R10: ffffed003b5c3eda R11: ffff8801dae1f6d7 R12: 0000000000000001 R13: ffffffff8939a760 R14: 0000000000000000 R15: ffffffff8840fca0 __debug_check_no_obj_freed lib/debugobjects.c:786 [inline] debug_check_no_obj_freed+0x3ae/0x58d lib/debugobjects.c:818 kmem_cache_free+0x202/0x290 mm/slab.c:3759 free_task_struct kernel/fork.c:163 [inline] free_task+0x16e/0x1f0 kernel/fork.c:457 __put_task_struct+0x2e6/0x620 kernel/fork.c:730 put_task_struct include/linux/sched/task.h:96 [inline] finish_task_switch+0x66c/0x900 kernel/sched/core.c:2715 context_switch kernel/sched/core.c:2834 [inline] __schedule+0x8d7/0x21d0 kernel/sched/core.c:3480 schedule+0xfe/0x460 kernel/sched/core.c:3524 freezable_schedule include/linux/freezer.h:172 [inline] futex_wait_queue_me+0x3f9/0x840 kernel/futex.c:2530 futex_wait+0x45c/0xa50 kernel/futex.c:2645 do_futex+0x31a/0x26d0 kernel/futex.c:3528 __do_sys_futex kernel/futex.c:3589 [inline] __se_sys_futex kernel/futex.c:3557 [inline] __x64_sys_futex+0x472/0x6a0 kernel/futex.c:3557 do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x446549 Code: e8 2c b3 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 2b 09 fc ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007f3a998f5da8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca RAX: ffffffffffffffda RBX: 00000000006dbc38 RCX: 0000000000446549 RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00000000006dbc38 RBP: 00000000006dbc30 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dbc3c R13: 2f646e6162696e69 R14: 666e692f7665642f R15: 00000000006dbd2c Kernel Offset: disabled Reported-by: syzbot+71aff6ea121ffefc280f@syzkaller.appspotmail.com Fixes: ed7a01fd3fd7 ("RDMA/restrack: Release task struct which was hold by CM_ID object") Signed-off-by: Leon Romanovsky Signed-off-by: Jason Gunthorpe Cc: Pavel Machek Signed-off-by: Greg Kroah-Hartman drivers/infiniband/core/restrack.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) culprit signature: 01992a6db0a5707fdefd3025783ef776bbb591fa parent signature: c2ca5330fbf81808e078aed370bae9789ce763f3 revisions tested: 13, total time: 3h57m30.13335515s (build: 1h47m27.757883639s, test: 2h8m51.915558088s) first good commit: 4eb92a1148342af1d6f82018d20cd862e1d3ab7e RDMA/restrack: Protect from reentry to resource return path cc: ["gregkh@linuxfoundation.org" "jgg@mellanox.com" "leonro@mellanox.com"]