bisecting cause commit starting from 15ac8fdb74403772780be1a8c4f7c1eff1040fc4
building syzkaller on 51a9082e064119316893e12187cab2843283ed4d
testing commit 15ac8fdb74403772780be1a8c4f7c1eff1040fc4 with gcc (GCC) 8.1.0
kernel signature: a7b140657b98ecf533a868ed61174dd64cd1d917d6d463dffbb1410e5df15ee3
all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in bdi_put
testing release v5.9
testing commit bbf5c979011a099af5dc76498918ed7df445635b with gcc (GCC) 8.1.0
kernel signature: 0a239a63f936e094afcdc973a4a1640a49766a3338df273434ed919c9d53b108
all runs: OK
# git bisect start 15ac8fdb74403772780be1a8c4f7c1eff1040fc4 bbf5c979011a099af5dc76498918ed7df445635b
Bisecting: 14455 revisions left to test after this (roughly 14 steps)
[2e368dd2bbeac6bfd50886371db185b1092067b4] Merge tag 'armsoc-drivers' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc
testing commit 2e368dd2bbeac6bfd50886371db185b1092067b4 with gcc (GCC) 8.1.0
kernel signature: 46bd581ae5af2566b74f193465b8f75b479a29428c1eaed980292d92d5c32bd2
all runs: crashed: BUG: using __this_cpu_read() in preemptible code in trace_hardirqs_on
# git bisect bad 2e368dd2bbeac6bfd50886371db185b1092067b4
Bisecting: 6991 revisions left to test after this (roughly 13 steps)
[93b694d096cc10994c817730d4d50288f9ae3d66] Merge tag 'drm-next-2020-10-15' of git://anongit.freedesktop.org/drm/drm
testing commit 93b694d096cc10994c817730d4d50288f9ae3d66 with gcc (GCC) 8.1.0
kernel signature: b2c277fbceee8a616273d649628747add292ca90ecded5353916c0e68ec84932
all runs: crashed: BUG: using __this_cpu_read() in preemptible code in trace_hardirqs_on
# git bisect bad 93b694d096cc10994c817730d4d50288f9ae3d66
Bisecting: 3475 revisions left to test after this (roughly 12 steps)
[4815519ed0af833884ce9c288183bf1ae3cb9caa] Merge tag 'for-5.10/dm-changes' of git://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm
testing commit 4815519ed0af833884ce9c288183bf1ae3cb9caa with gcc (GCC) 8.1.0
kernel signature: 120a7d6ecc349410f3b290280178357aea8e48571ca220efec4690c48f0e566f
all runs: crashed: BUG: using __this_cpu_read() in preemptible code in trace_hardirqs_on
# git bisect bad 4815519ed0af833884ce9c288183bf1ae3cb9caa
Bisecting: 1507 revisions left to test after this (roughly 11 steps)
[fd5c32d80884268a381ed0e67cccef0b3d37750b] Merge tag 'media/v5.10-1' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media
testing commit fd5c32d80884268a381ed0e67cccef0b3d37750b with gcc (GCC) 8.1.0
kernel signature: bab37928ec6ae76a41f0d18edc96cb4e8a414ee39541d71d51116d517b2e0cbc
all runs: crashed: BUG: using __this_cpu_read() in preemptible code in trace_hardirqs_on
# git bisect bad fd5c32d80884268a381ed0e67cccef0b3d37750b
Bisecting: 1062 revisions left to test after this (roughly 10 steps)
[865c50e1d279671728c2936cb7680eb89355eeea] x86/uaccess: utilize CONFIG_CC_HAS_ASM_GOTO_OUTPUT
testing commit 865c50e1d279671728c2936cb7680eb89355eeea with gcc (GCC) 8.1.0
kernel signature: 1e515e7f50181359add2d0065a258b186f276b9873cf61bbdb0f00f5e2ae2e5a
all runs: crashed: BUG: using __this_cpu_read() in preemptible code in trace_hardirqs_on
# git bisect bad 865c50e1d279671728c2936cb7680eb89355eeea
Bisecting: 429 revisions left to test after this (roughly 9 steps)
[13cb73490f475f8e7669f9288be0bcfa85399b1f] Merge tag 'x86-entry-2020-10-12' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
testing commit 13cb73490f475f8e7669f9288be0bcfa85399b1f with gcc (GCC) 8.1.0
kernel signature: 21db958cb1499e5228a4021b83a43088ab30ee6a51ea55d13b51b6b634f85c0f
all runs: OK
# git bisect good 13cb73490f475f8e7669f9288be0bcfa85399b1f
Bisecting: 228 revisions left to test after this (roughly 8 steps)
[dd502a81077a5f3b3e19fa9a1accffdcab5ad5bc] Merge tag 'core-static_call-2020-10-12' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
testing commit dd502a81077a5f3b3e19fa9a1accffdcab5ad5bc with gcc (GCC) 8.1.0
kernel signature: 915dad9f8bb5ac307ca8972fab8e5a6900db722373cced3905e7bb9b62dfbfa3
all runs: crashed: BUG: using __this_cpu_read() in preemptible code in trace_hardirqs_on
# git bisect bad dd502a81077a5f3b3e19fa9a1accffdcab5ad5bc
Bisecting: 86 revisions left to test after this (roughly 7 steps)
[ed016af52ee3035b4799ebd7d53f9ae59d5782c4] Merge tag 'locking-core-2020-10-12' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
testing commit ed016af52ee3035b4799ebd7d53f9ae59d5782c4 with gcc (GCC) 8.1.0
kernel signature: 90517873ed8b3299daaec2ab5b28a1ec59b8faf7641a5ce14936815d800c6aa3
all runs: crashed: BUG: using __this_cpu_read() in preemptible code in trace_hardirqs_on
# git bisect bad ed016af52ee3035b4799ebd7d53f9ae59d5782c4
Bisecting: 49 revisions left to test after this (roughly 6 steps)
[d6c4c11348816fb4d16e33bf47d559d7aa59350a] Merge branch 'kcsan' of git://git.kernel.org/pub/scm/linux/kernel/git/paulmck/linux-rcu into locking/core
testing commit d6c4c11348816fb4d16e33bf47d559d7aa59350a with gcc (GCC) 8.1.0
kernel signature: fdd43640caaaaf79ce7196b199501d7fee8723e50666086861032f87a108bea0
all runs: crashed: BUG: using __this_cpu_read() in preemptible code in trace_hardirqs_on
# git bisect bad d6c4c11348816fb4d16e33bf47d559d7aa59350a
Bisecting: 31 revisions left to test after this (roughly 5 steps)
[6dd699b13d53f26a7603702d8bada3482312df74] seqlock: seqcount_LOCKNAME_t: Standardize naming convention
testing commit 6dd699b13d53f26a7603702d8bada3482312df74 with gcc (GCC) 8.1.0
kernel signature: b75d110e4f582be36cc0dde15106a91175018d3df0166892e84aaad01043438a
all runs: OK
# git bisect good 6dd699b13d53f26a7603702d8bada3482312df74
Bisecting: 15 revisions left to test after this (roughly 4 steps)
[178a1877d782c034f466edd80e30a107af5469df] kcsan: Use pr_fmt for consistency
testing commit 178a1877d782c034f466edd80e30a107af5469df with gcc (GCC) 8.1.0
kernel signature: 285810c4e2deb802b1de11aa0b2e206c2f4c7f31de25c3638c184538b1eb6954
all runs: OK
# git bisect good 178a1877d782c034f466edd80e30a107af5469df
Bisecting: 7 revisions left to test after this (roughly 3 steps)
[d89d5f855f84ccf3f7e648813b4bb95c780bd7cd] locking/atomics: Check atomic-arch-fallback.h too
testing commit d89d5f855f84ccf3f7e648813b4bb95c780bd7cd with gcc (GCC) 8.1.0
kernel signature: 5487e2a9b137bfd8665fb83c19cd32ffa03705f3e8017c03e68215b74670534e
all runs: OK
# git bisect good d89d5f855f84ccf3f7e648813b4bb95c780bd7cd
Bisecting: 3 revisions left to test after this (roughly 2 steps)
[e705d397965811ac528d7213b42d74ffe43caf38] Merge branch 'locking/urgent' into locking/core, to pick up fixes
testing commit e705d397965811ac528d7213b42d74ffe43caf38 with gcc (GCC) 8.1.0
kernel signature: 7f44ad00fda35fcac1f3fb16e86301ab1210fb1253ed8eda240ef4ed8460c7c6
all runs: crashed: BUG: using __this_cpu_read() in preemptible code in trace_hardirqs_on
# git bisect bad e705d397965811ac528d7213b42d74ffe43caf38
Bisecting: 1 revision left to test after this (roughly 1 step)
[4d004099a668c41522242aa146a38cc4eb59cb1e] lockdep: Fix lockdep recursion
testing commit 4d004099a668c41522242aa146a38cc4eb59cb1e with gcc (GCC) 8.1.0
kernel signature: ff8f313be945475d9de54adddd5962c551119f0c47c2dfd2e39a2cb37d82b400
all runs: crashed: BUG: using __this_cpu_read() in preemptible code in trace_hardirqs_on
# git bisect bad 4d004099a668c41522242aa146a38cc4eb59cb1e
Bisecting: 0 revisions left to test after this (roughly 0 steps)
[2bb8945bcc1a768f2bc402a16c9610bba8d5187d] lockdep: Fix usage_traceoverflow
testing commit 2bb8945bcc1a768f2bc402a16c9610bba8d5187d with gcc (GCC) 8.1.0
kernel signature: a5cdfef25b9a16282d183d96487f2819190f60bb5dbfa8b38b04493572579bab
all runs: OK
# git bisect good 2bb8945bcc1a768f2bc402a16c9610bba8d5187d
4d004099a668c41522242aa146a38cc4eb59cb1e is the first bad commit
commit 4d004099a668c41522242aa146a38cc4eb59cb1e
Author: Peter Zijlstra <peterz@infradead.org>
Date:   Fri Oct 2 11:04:21 2020 +0200

    lockdep: Fix lockdep recursion
    
    Steve reported that lockdep_assert*irq*(), when nested inside lockdep
    itself, will trigger a false-positive.
    
    One example is the stack-trace code, as called from inside lockdep,
    triggering tracing, which in turn calls RCU, which then uses
    lockdep_assert_irqs_disabled().
    
    Fixes: a21ee6055c30 ("lockdep: Change hardirq{s_enabled,_context} to per-cpu variables")
    Reported-by: Steven Rostedt <rostedt@goodmis.org>
    Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
    Signed-off-by: Ingo Molnar <mingo@kernel.org>

 include/linux/lockdep.h  | 13 ++++---
 kernel/locking/lockdep.c | 99 +++++++++++++++++++++++++++++-------------------
 2 files changed, 67 insertions(+), 45 deletions(-)
culprit signature: ff8f313be945475d9de54adddd5962c551119f0c47c2dfd2e39a2cb37d82b400
parent  signature: a5cdfef25b9a16282d183d96487f2819190f60bb5dbfa8b38b04493572579bab
revisions tested: 17, total time: 2h48m14.046553661s (build: 1h18m17.999072173s, test: 1h28m2.319813783s)
first bad commit: 4d004099a668c41522242aa146a38cc4eb59cb1e lockdep: Fix lockdep recursion
recipients (to): ["linux-kernel@vger.kernel.org" "mingo@kernel.org" "mingo@redhat.com" "peterz@infradead.org" "peterz@infradead.org" "will@kernel.org"]
recipients (cc): []
crash: BUG: using __this_cpu_read() in preemptible code in trace_hardirqs_on
BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.4/10201
caller is lockdep_hardirqs_on_prepare+0x2f/0x1b0 kernel/locking/lockdep.c:3684
CPU: 1 PID: 10201 Comm: syz-executor.4 Not tainted 5.9.0-rc8-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x77/0xa0 lib/dump_stack.c:118
 check_preemption_disabled+0xb4/0xc0 lib/smp_processor_id.c:48
 lockdep_hardirqs_on_prepare+0x2f/0x1b0 kernel/locking/lockdep.c:3684
 trace_hardirqs_on+0x1c/0x100 kernel/trace/trace_preemptirq.c:49
 __bad_area_nosemaphore+0x5e/0x220 arch/x86/mm/fault.c:797
 do_user_addr_fault arch/x86/mm/fault.c:1345 [inline]
 handle_page_fault arch/x86/mm/fault.c:1429 [inline]
 exc_page_fault+0x5cb/0x6c0 arch/x86/mm/fault.c:1482
 asm_exc_page_fault+0x1e/0x30 arch/x86/include/asm/idtentry.h:538
RIP: 0033:0x43c736
Code: 00 0f 1f 00 66 0f ef c0 66 0f ef c9 66 0f ef d2 66 0f ef db 48 89 f8 48 89 f9 48 81 e1 ff 0f 00 00 48 81 f9 cf 0f 00 00 77 6a <f3> 0f 6f 20 66 0f 74 e0 66 0f d7 d4 85 d2 74 04 0f bc c2 c3 48 83
RSP: 002b:00007f0cfcf54a78 EFLAGS: 00010293
RAX: 0000000000000000 RBX: 00007f0cfcf54b10 RCX: 0000000000000000
RDX: 0000000000000000 RSI: 00000000000001ff RDI: 0000000000000000
RBP: 00007f0cfcf54ad0 R08: 0000000000000000 R09: 0000000000000000
R10: 00007f0cfcf559d0 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000020000040 R14: 0000000000000000 R15: 0000000000000000
BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.4/10201
caller is lockdep_hardirqs_on+0x38/0x110 kernel/locking/lockdep.c:3753
CPU: 1 PID: 10201 Comm: syz-executor.4 Not tainted 5.9.0-rc8-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x77/0xa0 lib/dump_stack.c:118
 check_preemption_disabled+0xb4/0xc0 lib/smp_processor_id.c:48
 lockdep_hardirqs_on+0x38/0x110 kernel/locking/lockdep.c:3753
 __bad_area_nosemaphore+0x5e/0x220 arch/x86/mm/fault.c:797
 do_user_addr_fault arch/x86/mm/fault.c:1345 [inline]
 handle_page_fault arch/x86/mm/fault.c:1429 [inline]
 exc_page_fault+0x5cb/0x6c0 arch/x86/mm/fault.c:1482
 asm_exc_page_fault+0x1e/0x30 arch/x86/include/asm/idtentry.h:538
RIP: 0033:0x43c736
Code: 00 0f 1f 00 66 0f ef c0 66 0f ef c9 66 0f ef d2 66 0f ef db 48 89 f8 48 89 f9 48 81 e1 ff 0f 00 00 48 81 f9 cf 0f 00 00 77 6a <f3> 0f 6f 20 66 0f 74 e0 66 0f d7 d4 85 d2 74 04 0f bc c2 c3 48 83
RSP: 002b:00007f0cfcf54a78 EFLAGS: 00010293
RAX: 0000000000000000 RBX: 00007f0cfcf54b10 RCX: 0000000000000000
RDX: 0000000000000000 RSI: 00000000000001ff RDI: 0000000000000000
RBP: 00007f0cfcf54ad0 R08: 0000000000000000 R09: 0000000000000000
R10: 00007f0cfcf559d0 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000020000040 R14: 0000000000000000 R15: 0000000000000000
BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.4/10201
caller is lockdep_hardirqs_on_prepare+0x2f/0x1b0 kernel/locking/lockdep.c:3684
CPU: 1 PID: 10201 Comm: syz-executor.4 Not tainted 5.9.0-rc8-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x77/0xa0 lib/dump_stack.c:118
 check_preemption_disabled+0xb4/0xc0 lib/smp_processor_id.c:48
 lockdep_hardirqs_on_prepare+0x2f/0x1b0 kernel/locking/lockdep.c:3684
 trace_hardirqs_on+0x1c/0x100 kernel/trace/trace_preemptirq.c:49
 __bad_area_nosemaphore+0x5e/0x220 arch/x86/mm/fault.c:797
 do_user_addr_fault arch/x86/mm/fault.c:1345 [inline]
 handle_page_fault arch/x86/mm/fault.c:1429 [inline]
 exc_page_fault+0x5cb/0x6c0 arch/x86/mm/fault.c:1482
 asm_exc_page_fault+0x1e/0x30 arch/x86/include/asm/idtentry.h:538
RIP: 0033:0x43c736
Code: 00 0f 1f 00 66 0f ef c0 66 0f ef c9 66 0f ef d2 66 0f ef db 48 89 f8 48 89 f9 48 81 e1 ff 0f 00 00 48 81 f9 cf 0f 00 00 77 6a <f3> 0f 6f 20 66 0f 74 e0 66 0f d7 d4 85 d2 74 04 0f bc c2 c3 48 83
RSP: 002b:00007f0cfcf54a78 EFLAGS: 00010293
RAX: 0000000000000000 RBX: 00007f0cfcf54b10 RCX: 0000000000000000
RDX: 0000000000000000 RSI: 00000000000001ff RDI: 0000000000000000
RBP: 00007f0cfcf54ad0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000020000040 R14: 0000000000000000 R15: 0000000000000000
BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.4/10201
caller is lockdep_hardirqs_on+0x38/0x110 kernel/locking/lockdep.c:3753
CPU: 1 PID: 10201 Comm: syz-executor.4 Not tainted 5.9.0-rc8-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x77/0xa0 lib/dump_stack.c:118
 check_preemption_disabled+0xb4/0xc0 lib/smp_processor_id.c:48
 lockdep_hardirqs_on+0x38/0x110 kernel/locking/lockdep.c:3753
 __bad_area_nosemaphore+0x5e/0x220 arch/x86/mm/fault.c:797
 do_user_addr_fault arch/x86/mm/fault.c:1345 [inline]
 handle_page_fault arch/x86/mm/fault.c:1429 [inline]
 exc_page_fault+0x5cb/0x6c0 arch/x86/mm/fault.c:1482
 asm_exc_page_fault+0x1e/0x30 arch/x86/include/asm/idtentry.h:538
RIP: 0033:0x43c736
Code: 00 0f 1f 00 66 0f ef c0 66 0f ef c9 66 0f ef d2 66 0f ef db 48 89 f8 48 89 f9 48 81 e1 ff 0f 00 00 48 81 f9 cf 0f 00 00 77 6a <f3> 0f 6f 20 66 0f 74 e0 66 0f d7 d4 85 d2 74 04 0f bc c2 c3 48 83
RSP: 002b:00007f0cfcf54a78 EFLAGS: 00010293
RAX: 0000000000000000 RBX: 00007f0cfcf54b10 RCX: 0000000000000000
RDX: 0000000000000000 RSI: 00000000000001ff RDI: 0000000000000000
RBP: 00007f0cfcf54ad0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000020000040 R14: 0000000000000000 R15: 0000000000000000