bisecting fixing commit since d573e8a79f70404ba08623d1de7ea617d55092ac building syzkaller on d96e88f3207d7ac7ad65e13b896f702ad04c46f7 testing commit d573e8a79f70404ba08623d1de7ea617d55092ac with gcc (GCC) 8.1.0 kernel signature: a61727c0310638542b3287177f49ecb7461214d3 run #0: crashed: WARNING: ODEBUG bug in free_task run #1: crashed: WARNING: ODEBUG bug in free_task run #2: crashed: WARNING: ODEBUG bug in free_task run #3: crashed: WARNING: ODEBUG bug in free_task run #4: crashed: WARNING: ODEBUG bug in free_task run #5: crashed: WARNING: ODEBUG bug in free_task run #6: crashed: WARNING: ODEBUG bug in free_task run #7: crashed: WARNING: ODEBUG bug in corrupted run #8: crashed: WARNING: ODEBUG bug in corrupted run #9: crashed: WARNING: ODEBUG bug in corrupted testing current HEAD fb683b5e3f53a73e761952735736180939a313df testing commit fb683b5e3f53a73e761952735736180939a313df with gcc (GCC) 8.1.0 kernel signature: 5876c370e8312a20e17c960e7601c216fd5e31f2 all runs: OK # git bisect start fb683b5e3f53a73e761952735736180939a313df d573e8a79f70404ba08623d1de7ea617d55092ac Bisecting: 1167 revisions left to test after this (roughly 10 steps) [cd554b025c09ab67c278fb8599fd268185a07628] rtl8187: Fix warning generated when strncpy() destination length matches the sixe argument testing commit cd554b025c09ab67c278fb8599fd268185a07628 with gcc (GCC) 8.1.0 kernel signature: 6067d81ca0e1bca878efd239d195ffb997a169c9 all runs: OK # git bisect bad cd554b025c09ab67c278fb8599fd268185a07628 Bisecting: 583 revisions left to test after this (roughly 9 steps) [a23cd06c2cd2aab5728c1755616d2a1ffb95d6ac] ARM: OMAP2+: Fix missing reset done flag for am3 and am43 testing commit a23cd06c2cd2aab5728c1755616d2a1ffb95d6ac with gcc (GCC) 8.1.0 kernel signature: a553ef0eec6039b46df37e0f10cb58f9ec290479 all runs: OK # git bisect bad a23cd06c2cd2aab5728c1755616d2a1ffb95d6ac Bisecting: 291 revisions left to test after this (roughly 8 steps) [782a77f2eb39207589ef9175a2ceadd0cca12112] drm/amd/display: reprogram VM config when system resume testing commit 782a77f2eb39207589ef9175a2ceadd0cca12112 with gcc (GCC) 8.1.0 kernel signature: 7eb55c9dfad89c00f38a8e432a5699c30134d983 all runs: OK # git bisect bad 782a77f2eb39207589ef9175a2ceadd0cca12112 Bisecting: 145 revisions left to test after this (roughly 7 steps) [dfaf60580191207627a85739850799bbb13280f4] ARM: dts: imx7-colibri: disable HS400 testing commit dfaf60580191207627a85739850799bbb13280f4 with gcc (GCC) 8.1.0 kernel signature: 8f7ce6f015665b79f439cb3bf73fb19cf857d23a all runs: OK # git bisect bad dfaf60580191207627a85739850799bbb13280f4 Bisecting: 72 revisions left to test after this (roughly 6 steps) [587df35cbf654a063372fb1b523a0b56a5f789ab] nfp: flower: fix memory leak in nfp_flower_spawn_vnic_reprs testing commit 587df35cbf654a063372fb1b523a0b56a5f789ab with gcc (GCC) 8.1.0 kernel signature: e17074a6dd7b231e352f46efebd1c4c7ae290118 all runs: OK # git bisect bad 587df35cbf654a063372fb1b523a0b56a5f789ab Bisecting: 35 revisions left to test after this (roughly 5 steps) [6b449e4cf09021310552e319fa1cccff45b67a4a] scsi: qla2xxx: Turn off IOCB timeout timer on IOCB completion testing commit 6b449e4cf09021310552e319fa1cccff45b67a4a with gcc (GCC) 8.1.0 kernel signature: 471ba9a54706938ba6caa390b890be383fad7659 all runs: OK # git bisect bad 6b449e4cf09021310552e319fa1cccff45b67a4a Bisecting: 17 revisions left to test after this (roughly 4 steps) [79e972a89cad2b98643cb5555dc14c4f60c5dd16] net/mlx5e: Allow reporting of checksum unnecessary testing commit 79e972a89cad2b98643cb5555dc14c4f60c5dd16 with gcc (GCC) 8.1.0 kernel signature: acf736b09da431c91deeaf36cf87b08196a25f9c all runs: OK # git bisect bad 79e972a89cad2b98643cb5555dc14c4f60c5dd16 Bisecting: 8 revisions left to test after this (roughly 3 steps) [acc96be807bb2229cdd1589e67558f99ae4db672] HID: logitech: Fix general protection fault caused by Logitech driver testing commit acc96be807bb2229cdd1589e67558f99ae4db672 with gcc (GCC) 8.1.0 kernel signature: bc92b294b219c581a55cf873c522fb8de2ad3f15 all runs: OK # git bisect bad acc96be807bb2229cdd1589e67558f99ae4db672 Bisecting: 4 revisions left to test after this (roughly 2 steps) [80fc27953e74d664bf946d45feae90df1023327b] powerpc/xive: Fix bogus error code returned by OPAL testing commit 80fc27953e74d664bf946d45feae90df1023327b with gcc (GCC) 8.1.0 kernel signature: d1d020542745adc3b2fee61f47e0a0f3cf4c07ef all runs: OK # git bisect bad 80fc27953e74d664bf946d45feae90df1023327b Bisecting: 1 revision left to test after this (roughly 1 step) [373f9092df9556685174aeec9ac5658a8d3bff72] net/ibmvnic: free reset work of removed device from queue testing commit 373f9092df9556685174aeec9ac5658a8d3bff72 with gcc (GCC) 8.1.0 kernel signature: 87309671cdb3a2a172d7d5e26180900a938bc8f5 run #0: crashed: WARNING: ODEBUG bug in free_task run #1: crashed: WARNING: ODEBUG bug in corrupted run #2: crashed: WARNING: ODEBUG bug in free_task run #3: crashed: WARNING: ODEBUG bug in free_task run #4: crashed: WARNING: ODEBUG bug in free_task run #5: crashed: WARNING: ODEBUG bug in free_task run #6: crashed: WARNING: ODEBUG bug in corrupted run #7: crashed: WARNING: ODEBUG bug in free_task run #8: crashed: WARNING: ODEBUG bug in free_task run #9: crashed: WARNING: ODEBUG bug in free_task # git bisect good 373f9092df9556685174aeec9ac5658a8d3bff72 Bisecting: 0 revisions left to test after this (roughly 0 steps) [4eb92a1148342af1d6f82018d20cd862e1d3ab7e] RDMA/restrack: Protect from reentry to resource return path testing commit 4eb92a1148342af1d6f82018d20cd862e1d3ab7e with gcc (GCC) 8.1.0 kernel signature: 4bdc6437d6b752597e82b2254739e314fe4f1cd9 all runs: OK # git bisect bad 4eb92a1148342af1d6f82018d20cd862e1d3ab7e 4eb92a1148342af1d6f82018d20cd862e1d3ab7e is the first bad commit commit 4eb92a1148342af1d6f82018d20cd862e1d3ab7e Author: Leon Romanovsky Date: Thu Oct 11 22:10:10 2018 +0300 RDMA/restrack: Protect from reentry to resource return path commit fe9bc1644918aa1d02a889b4ca788bfb67f90816 upstream. Nullify the resource task struct pointer to ensure that subsequent calls won't try to release task_struct again. ------------[ cut here ]------------ ODEBUG: free active (active state 1) object type: rcu_head hint: (null) WARNING: CPU: 0 PID: 6048 at lib/debugobjects.c:329 debug_print_object+0x16a/0x210 lib/debugobjects.c:326 Kernel panic - not syncing: panic_on_warn set ... CPU: 0 PID: 6048 Comm: syz-executor022 Not tainted 4.19.0-rc7-next-20181008+ #89 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x244/0x3ab lib/dump_stack.c:113 panic+0x238/0x4e7 kernel/panic.c:184 __warn.cold.8+0x163/0x1ba kernel/panic.c:536 report_bug+0x254/0x2d0 lib/bug.c:186 fixup_bug arch/x86/kernel/traps.c:178 [inline] do_error_trap+0x11b/0x200 arch/x86/kernel/traps.c:271 do_invalid_op+0x36/0x40 arch/x86/kernel/traps.c:290 invalid_op+0x14/0x20 arch/x86/entry/entry_64.S:969 RIP: 0010:debug_print_object+0x16a/0x210 lib/debugobjects.c:326 Code: 41 88 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 92 00 00 00 48 8b 14 dd 60 02 41 88 4c 89 fe 48 c7 c7 00 f8 40 88 e8 36 2f b4 fd <0f> 0b 83 05 a9 f4 5e 06 01 48 83 c4 18 5b 41 5c 41 5d 41 5e 41 5f RSP: 0018:ffff8801d8c3eda8 EFLAGS: 00010086 RAX: 0000000000000000 RBX: 0000000000000003 RCX: 0000000000000000 RDX: 0000000000000000 RSI: ffffffff8164d235 RDI: 0000000000000005 RBP: ffff8801d8c3ede8 R08: ffff8801d70aa280 R09: ffffed003b5c3eda R10: ffffed003b5c3eda R11: ffff8801dae1f6d7 R12: 0000000000000001 R13: ffffffff8939a760 R14: 0000000000000000 R15: ffffffff8840fca0 __debug_check_no_obj_freed lib/debugobjects.c:786 [inline] debug_check_no_obj_freed+0x3ae/0x58d lib/debugobjects.c:818 kmem_cache_free+0x202/0x290 mm/slab.c:3759 free_task_struct kernel/fork.c:163 [inline] free_task+0x16e/0x1f0 kernel/fork.c:457 __put_task_struct+0x2e6/0x620 kernel/fork.c:730 put_task_struct include/linux/sched/task.h:96 [inline] finish_task_switch+0x66c/0x900 kernel/sched/core.c:2715 context_switch kernel/sched/core.c:2834 [inline] __schedule+0x8d7/0x21d0 kernel/sched/core.c:3480 schedule+0xfe/0x460 kernel/sched/core.c:3524 freezable_schedule include/linux/freezer.h:172 [inline] futex_wait_queue_me+0x3f9/0x840 kernel/futex.c:2530 futex_wait+0x45c/0xa50 kernel/futex.c:2645 do_futex+0x31a/0x26d0 kernel/futex.c:3528 __do_sys_futex kernel/futex.c:3589 [inline] __se_sys_futex kernel/futex.c:3557 [inline] __x64_sys_futex+0x472/0x6a0 kernel/futex.c:3557 do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x446549 Code: e8 2c b3 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 2b 09 fc ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007f3a998f5da8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca RAX: ffffffffffffffda RBX: 00000000006dbc38 RCX: 0000000000446549 RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00000000006dbc38 RBP: 00000000006dbc30 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dbc3c R13: 2f646e6162696e69 R14: 666e692f7665642f R15: 00000000006dbd2c Kernel Offset: disabled Reported-by: syzbot+71aff6ea121ffefc280f@syzkaller.appspotmail.com Fixes: ed7a01fd3fd7 ("RDMA/restrack: Release task struct which was hold by CM_ID object") Signed-off-by: Leon Romanovsky Signed-off-by: Jason Gunthorpe Cc: Pavel Machek Signed-off-by: Greg Kroah-Hartman drivers/infiniband/core/restrack.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) culprit signature: 4bdc6437d6b752597e82b2254739e314fe4f1cd9 parent signature: 87309671cdb3a2a172d7d5e26180900a938bc8f5 revisions tested: 13, total time: 3h44m16.975322308s (build: 1h46m31.549372921s, test: 1h56m30.47317196s) first good commit: 4eb92a1148342af1d6f82018d20cd862e1d3ab7e RDMA/restrack: Protect from reentry to resource return path cc: ["gregkh@linuxfoundation.org" "jgg@mellanox.com" "leonro@mellanox.com"]