bisecting fixing commit since b98aebd298246df37b472c52a2ee1023256d02e3 building syzkaller on b24d2b8a213c09b511478e7eab5fa343e4a198de testing commit b98aebd298246df37b472c52a2ee1023256d02e3 with gcc (GCC) 8.1.0 kernel signature: 024146f4a1fa92ba0c603bb7f2f57b1919fd4e93 all runs: crashed: possible deadlock in __might_fault testing current HEAD 84f5ad468100f86d70096799e4ee716a17c2962f testing commit 84f5ad468100f86d70096799e4ee716a17c2962f with gcc (GCC) 8.1.0 kernel signature: 766226ab5bb50311aac8280246c050b906700a92 all runs: OK # git bisect start 84f5ad468100f86d70096799e4ee716a17c2962f b98aebd298246df37b472c52a2ee1023256d02e3 Bisecting: 887 revisions left to test after this (roughly 10 steps) [4308d2f4cffefc8f57a8e866bc7577f6bfeea59c] fs/ocfs2/dlm/dlmdebug.c: fix a sleep-in-atomic-context bug in dlm_print_one_mle() testing commit 4308d2f4cffefc8f57a8e866bc7577f6bfeea59c with gcc (GCC) 8.1.0 kernel signature: 6876dd1b2d421726773d5de1ea1d12262afd55ff all runs: crashed: possible deadlock in __might_fault # git bisect good 4308d2f4cffefc8f57a8e866bc7577f6bfeea59c Bisecting: 443 revisions left to test after this (roughly 9 steps) [2c48b0da2b514a715591c5ed3819c8ae828b06e6] fuse: verify nlink testing commit 2c48b0da2b514a715591c5ed3819c8ae828b06e6 with gcc (GCC) 8.1.0 kernel signature: bfa28710e59d654a10c8fc4156b6632cf8d1bb1e all runs: crashed: possible deadlock in __might_fault # git bisect good 2c48b0da2b514a715591c5ed3819c8ae828b06e6 Bisecting: 221 revisions left to test after this (roughly 8 steps) [4580d7bfecd2e176decabd3013a21ae6f4ed6726] media: ov6650: Fix crop rectangle alignment not passed back testing commit 4580d7bfecd2e176decabd3013a21ae6f4ed6726 with gcc (GCC) 8.1.0 kernel signature: 395d57d233dff3da988e418b9adc4a68b7f26b6d all runs: OK # git bisect bad 4580d7bfecd2e176decabd3013a21ae6f4ed6726 Bisecting: 110 revisions left to test after this (roughly 7 steps) [f780a35182bf0c37668f734d2bbf8e5dd63d8713] quota: Check that quota is not dirty before release testing commit f780a35182bf0c37668f734d2bbf8e5dd63d8713 with gcc (GCC) 8.1.0 kernel signature: 9ff82bd5616831aff41ca2c81e38d2de1ed4367d all runs: OK # git bisect bad f780a35182bf0c37668f734d2bbf8e5dd63d8713 Bisecting: 55 revisions left to test after this (roughly 6 steps) [19401ee0fb9e199e1ba01adb3c3da13163c2ee6a] USB: idmouse: fix interface sanity checks testing commit 19401ee0fb9e199e1ba01adb3c3da13163c2ee6a with gcc (GCC) 8.1.0 kernel signature: 28545869645c56e517e504ece7fd74d3d23d96dd all runs: crashed: possible deadlock in __might_fault # git bisect good 19401ee0fb9e199e1ba01adb3c3da13163c2ee6a Bisecting: 27 revisions left to test after this (roughly 5 steps) [365874a0eab5478d2d4f7b30e57bfc51dde7843c] blk-mq: avoid sysfs buffer overflow with too many CPU cores testing commit 365874a0eab5478d2d4f7b30e57bfc51dde7843c with gcc (GCC) 8.1.0 kernel signature: 3c3316bdce5fe07f7ab15f680b6a09a2f2b0566e all runs: OK # git bisect bad 365874a0eab5478d2d4f7b30e57bfc51dde7843c Bisecting: 13 revisions left to test after this (roughly 4 steps) [04e23c8fced1cb2e015ace155a4dd02c32fd1227] btrfs: record all roots for rename exchange on a subvol testing commit 04e23c8fced1cb2e015ace155a4dd02c32fd1227 with gcc (GCC) 8.1.0 kernel signature: d0ef7974d8dcf004e0915b9d0870fc28c8fa0c33 all runs: OK # git bisect bad 04e23c8fced1cb2e015ace155a4dd02c32fd1227 Bisecting: 6 revisions left to test after this (roughly 3 steps) [ef785dd3ca4407e06210645a332728a3f84b34c7] virtio-balloon: fix managed page counts when migrating pages between zones testing commit ef785dd3ca4407e06210645a332728a3f84b34c7 with gcc (GCC) 8.1.0 kernel signature: 7b053ce3a91aa1cb7eb8cb3cf51ec54f73c4dd22 all runs: OK # git bisect bad ef785dd3ca4407e06210645a332728a3f84b34c7 Bisecting: 3 revisions left to test after this (roughly 2 steps) [2a275fa6ad522f6b48bce59617dcce1d4ef5ecd2] usb: core: urb: fix URB structure initialization function testing commit 2a275fa6ad522f6b48bce59617dcce1d4ef5ecd2 with gcc (GCC) 8.1.0 kernel signature: 60c439dbadd09fec70e391d190667b2d166dbdfd all runs: crashed: possible deadlock in __might_fault # git bisect good 2a275fa6ad522f6b48bce59617dcce1d4ef5ecd2 Bisecting: 1 revision left to test after this (roughly 1 step) [3be0e56cd6a8ea11fd8ecfc5f52b5cc52a236213] tpm: add check after commands attribs tab allocation testing commit 3be0e56cd6a8ea11fd8ecfc5f52b5cc52a236213 with gcc (GCC) 8.1.0 kernel signature: 232f5d41f3cbb13c9fa44e3a5635500cf0a6ae78 all runs: OK # git bisect bad 3be0e56cd6a8ea11fd8ecfc5f52b5cc52a236213 Bisecting: 0 revisions left to test after this (roughly 0 steps) [d41971493d28edf2b916ad5201d8301a8513ed51] usb: mon: Fix a deadlock in usbmon between mmap and read testing commit d41971493d28edf2b916ad5201d8301a8513ed51 with gcc (GCC) 8.1.0 kernel signature: 497089a4123b59fd22a39f38d2577c297aa43126 all runs: OK # git bisect bad d41971493d28edf2b916ad5201d8301a8513ed51 d41971493d28edf2b916ad5201d8301a8513ed51 is the first bad commit commit d41971493d28edf2b916ad5201d8301a8513ed51 Author: Pete Zaitcev Date: Wed Dec 4 20:39:41 2019 -0600 usb: mon: Fix a deadlock in usbmon between mmap and read commit 19e6317d24c25ee737c65d1ffb7483bdda4bb54a upstream. The problem arises because our read() function grabs a lock of the circular buffer, finds something of interest, then invokes copy_to_user() straight from the buffer, which in turn takes mm->mmap_sem. In the same time, the callback mon_bin_vma_fault() is invoked under mm->mmap_sem. It attempts to take the fetch lock and deadlocks. This patch does away with protecting of our page list with any semaphores, and instead relies on the kernel not close the device while mmap is active in a process. In addition, we prohibit re-sizing of a buffer while mmap is active. This way, when (now unlocked) fault is processed, it works with the page that is intended to be mapped-in, and not some other random page. Note that this may have an ABI impact, but hopefully no legitimate program is this wrong. Signed-off-by: Pete Zaitcev Reported-by: syzbot+56f9673bb4cdcbeb0e92@syzkaller.appspotmail.com Reviewed-by: Alan Stern Fixes: 46eb14a6e158 ("USB: fix usbmon BUG trigger") Cc: Link: https://lore.kernel.org/r/20191204203941.3503452b@suzdal.zaitcev.lan Signed-off-by: Greg Kroah-Hartman drivers/usb/mon/mon_bin.c | 32 +++++++++++++++++++++----------- 1 file changed, 21 insertions(+), 11 deletions(-) culprit signature: 497089a4123b59fd22a39f38d2577c297aa43126 parent signature: 60c439dbadd09fec70e391d190667b2d166dbdfd revisions tested: 13, total time: 3h32m1.999965931s (build: 1h50m26.628609s, test: 1h40m3.258264765s) first good commit: d41971493d28edf2b916ad5201d8301a8513ed51 usb: mon: Fix a deadlock in usbmon between mmap and read cc: ["gregkh@linuxfoundation.org" "stern@rowland.harvard.edu" "zaitcev@redhat.com"]