bisecting fixing commit since dc4ba5be1babd3b3ec905751a30df89a5899a7a9 building syzkaller on c40da18cc303e26bac17f4fea1a4263661dd829e testing commit dc4ba5be1babd3b3ec905751a30df89a5899a7a9 with gcc (GCC) 8.1.0 kernel signature: d8dfbb1b4fa8ce66f05ed6c664f70c43559778b577d96a975cb10c0183b5ff95 all runs: crashed: kernel BUG at net/rxrpc/local_object.c:LINE! testing current HEAD 54b4fa6d39551639cb10664f6ac78b01993a1d7e testing commit 54b4fa6d39551639cb10664f6ac78b01993a1d7e with gcc (GCC) 8.1.0 kernel signature: c169a46b2ef929e5de8233d1fac2fb903bde63d8b73df4b998d2b695e5d86df5 all runs: OK # git bisect start 54b4fa6d39551639cb10664f6ac78b01993a1d7e dc4ba5be1babd3b3ec905751a30df89a5899a7a9 Bisecting: 952 revisions left to test after this (roughly 10 steps) [c37d91475be0bf35a46bf99bd35cc95faa7069f8] net/fsl: treat fsl,erratum-a011043 testing commit c37d91475be0bf35a46bf99bd35cc95faa7069f8 with gcc (GCC) 8.1.0 kernel signature: 4a56e72a0b4988dea7d3008e29272035008252434f37eeadd7867783d2e36ef4 all runs: OK # git bisect bad c37d91475be0bf35a46bf99bd35cc95faa7069f8 Bisecting: 475 revisions left to test after this (roughly 9 steps) [a0a4643f1899b6f9339957d3c7c8e749735be494] EDAC/mc: Fix edac_mc_find() in case no device is found testing commit a0a4643f1899b6f9339957d3c7c8e749735be494 with gcc (GCC) 8.1.0 kernel signature: a040a5ac5d6c63bde7a6bde1e4d8fb644f6f6b4cb0fc436d7f6c8ac8e95a9391 all runs: crashed: kernel BUG at net/rxrpc/local_object.c:LINE! # git bisect good a0a4643f1899b6f9339957d3c7c8e749735be494 Bisecting: 237 revisions left to test after this (roughly 8 steps) [4544f000c83323f3183eec44691a64e251eaefc6] hv_netvsc: Fix offset usage in netvsc_send_table() testing commit 4544f000c83323f3183eec44691a64e251eaefc6 with gcc (GCC) 8.1.0 kernel signature: 940927ed5cf1aa3d975ada6742cfe1992c29fe48061fc192ca523bfeca63ec7f all runs: OK # git bisect bad 4544f000c83323f3183eec44691a64e251eaefc6 Bisecting: 118 revisions left to test after this (roughly 7 steps) [5ba099d4df90a40ffb38df0187c5372ba0ff7660] iio: tsl2772: Use devm_add_action_or_reset for tsl2772_chip_off testing commit 5ba099d4df90a40ffb38df0187c5372ba0ff7660 with gcc (GCC) 8.1.0 kernel signature: c93cd43cd18071bf3be1a493df36c038ce76daaf674efcf674bbd492bb12c202 all runs: crashed: kernel BUG at net/rxrpc/local_object.c:LINE! # git bisect good 5ba099d4df90a40ffb38df0187c5372ba0ff7660 Bisecting: 59 revisions left to test after this (roughly 6 steps) [cbbc34abc395d3cf91265f3b35a29ca76f7c0c04] Btrfs: fix inode cache waiters hanging on path allocation failure testing commit cbbc34abc395d3cf91265f3b35a29ca76f7c0c04 with gcc (GCC) 8.1.0 kernel signature: df28fdd86bcaa858d235a4a222a1f2b276955b206b4723e1260ea631db4a99d2 all runs: OK # git bisect bad cbbc34abc395d3cf91265f3b35a29ca76f7c0c04 Bisecting: 29 revisions left to test after this (roughly 5 steps) [5571688c22a8d55c73c4ca06424e6ec36f74e736] ahci: Do not export local variable ahci_em_messages testing commit 5571688c22a8d55c73c4ca06424e6ec36f74e736 with gcc (GCC) 8.1.0 kernel signature: 2ef51ffed73d1d2f4de94ab15b298b07a5e1a97db64691829a81875ad641157c all runs: crashed: kernel BUG at net/rxrpc/local_object.c:LINE! # git bisect good 5571688c22a8d55c73c4ca06424e6ec36f74e736 Bisecting: 14 revisions left to test after this (roughly 4 steps) [afe31dc0f543fc0947cf072c3b1a92bf5efd27f5] wcn36xx: use dynamic allocation for large variables testing commit afe31dc0f543fc0947cf072c3b1a92bf5efd27f5 with gcc (GCC) 8.1.0 kernel signature: 0c1222fd7dc9130324f863c0e27372539cd5026db536cf5a4d0408a764f3571f all runs: OK # git bisect bad afe31dc0f543fc0947cf072c3b1a92bf5efd27f5 Bisecting: 7 revisions left to test after this (roughly 3 steps) [8e456b4b1a3b91aa5cd59813a0bdc99f41de5f00] staging: greybus: light: fix a couple double frees testing commit 8e456b4b1a3b91aa5cd59813a0bdc99f41de5f00 with gcc (GCC) 8.1.0 kernel signature: 5f1f407c13cce4152839f030d7c86bf94accde92d2b5396e27faed9870fc6b47 all runs: OK # git bisect bad 8e456b4b1a3b91aa5cd59813a0bdc99f41de5f00 Bisecting: 3 revisions left to test after this (roughly 2 steps) [55027bf48126c3314c10ccaffe623833ec696adf] hwmon: (lm75) Fix write operations for negative temperatures testing commit 55027bf48126c3314c10ccaffe623833ec696adf with gcc (GCC) 8.1.0 kernel signature: 6e246e83fda776959fbea9636853f976f53dcf398fed179946b185704c64bd67 all runs: OK # git bisect bad 55027bf48126c3314c10ccaffe623833ec696adf Bisecting: 0 revisions left to test after this (roughly 1 step) [d9711896dddfa9ba5257d8570124ab7e157f8cc9] Partially revert "kfifo: fix kfifo_alloc() and kfifo_init()" testing commit d9711896dddfa9ba5257d8570124ab7e157f8cc9 with gcc (GCC) 8.1.0 kernel signature: 18f81dda89cb4e9bd03b2e3410857656622a2565147615d2fa1dddd4fc745293 all runs: OK # git bisect bad d9711896dddfa9ba5257d8570124ab7e157f8cc9 Bisecting: 0 revisions left to test after this (roughly 0 steps) [792668145b56165fd113f318f531e499a23e9a52] rxrpc: Fix lack of conn cleanup when local endpoint is cleaned up [ver #2] testing commit 792668145b56165fd113f318f531e499a23e9a52 with gcc (GCC) 8.1.0 kernel signature: 3d9b6ef72ecf20e3639e2697a427506be4f0109f3b286506adea3b928a800289 all runs: OK # git bisect bad 792668145b56165fd113f318f531e499a23e9a52 792668145b56165fd113f318f531e499a23e9a52 is the first bad commit commit 792668145b56165fd113f318f531e499a23e9a52 Author: David Howells Date: Thu Aug 29 14:12:11 2019 +0100 rxrpc: Fix lack of conn cleanup when local endpoint is cleaned up [ver #2] [ Upstream commit d12040b6933f684a26773afad46dbba9778608d7 ] When a local endpoint is ceases to be in use, such as when the kafs module is unloaded, the kernel will emit an assertion failure if there are any outstanding client connections: rxrpc: Assertion failed ------------[ cut here ]------------ kernel BUG at net/rxrpc/local_object.c:433! and even beyond that, will evince other oopses if there are service connections still present. Fix this by: (1) Removing the triggering of connection reaping when an rxrpc socket is released. These don't actually clean up the connections anyway - and further, the local endpoint may still be in use through another socket. (2) Mark the local endpoint as dead when we start the process of tearing it down. (3) When destroying a local endpoint, strip all of its client connections from the idle list and discard the ref on each that the list was holding. (4) When destroying a local endpoint, call the service connection reaper directly (rather than through a workqueue) to immediately kill off all outstanding service connections. (5) Make the service connection reaper reap connections for which the local endpoint is marked dead. Only after destroying the connections can we close the socket lest we get an oops in a workqueue that's looking at a connection or a peer. Fixes: 3d18cbb7fd0c ("rxrpc: Fix conn expiry timers") Signed-off-by: David Howells Tested-by: Marc Dionne Signed-off-by: David S. Miller Signed-off-by: Sasha Levin net/rxrpc/af_rxrpc.c | 3 --- net/rxrpc/ar-internal.h | 1 + net/rxrpc/conn_client.c | 44 ++++++++++++++++++++++++++++++++++++++++++++ net/rxrpc/conn_object.c | 2 +- net/rxrpc/local_object.c | 5 ++++- 5 files changed, 50 insertions(+), 5 deletions(-) culprit signature: 3d9b6ef72ecf20e3639e2697a427506be4f0109f3b286506adea3b928a800289 parent signature: 2ef51ffed73d1d2f4de94ab15b298b07a5e1a97db64691829a81875ad641157c revisions tested: 13, total time: 3h37m24.825085565s (build: 1h52m24.049630518s, test: 1h43m13.679697742s) first good commit: 792668145b56165fd113f318f531e499a23e9a52 rxrpc: Fix lack of conn cleanup when local endpoint is cleaned up [ver #2] cc: ["davem@davemloft.net" "dhowells@redhat.com" "marc.dionne@auristor.com" "sashal@kernel.org"]