bisecting cause commit starting from 01830e6c042e8eb6eb202e05d7df8057135b4c26 building syzkaller on 1f122f880fe2064d038c0152fbdc763974580f15 testing commit 01830e6c042e8eb6eb202e05d7df8057135b4c26 with gcc (GCC) 8.1.0 kernel signature: 9d40a9fca950e90fd12f67ef1c0c79875069fb257d326153015c38c7c2efef5e run #0: crashed: INFO: trying to register non-static key in l2cap_chan_close run #1: crashed: INFO: trying to register non-static key in l2cap_chan_close run #2: crashed: WARNING: refcount bug in l2cap_sock_kill run #3: crashed: INFO: trying to register non-static key in l2cap_chan_close run #4: crashed: WARNING: locking bug in l2cap_chan_close run #5: crashed: WARNING: locking bug in l2cap_chan_close run #6: crashed: INFO: trying to register non-static key in l2cap_chan_close run #7: crashed: WARNING: refcount bug in l2cap_sock_kill run #8: crashed: INFO: trying to register non-static key in l2cap_chan_close run #9: crashed: INFO: trying to register non-static key in l2cap_chan_close testing release v5.7 testing commit 3d77e6a8804abcc0504c904bd6e5cdf3a5cf8162 with gcc (GCC) 8.1.0 kernel signature: a43737125a16be4f8c5563a1c0995e6b94ef360a785f70cf324353e5790ad85a run #0: crashed: KASAN: use-after-free Read in lock_sock_nested run #1: crashed: KASAN: use-after-free Read in lock_sock_nested run #2: crashed: KASAN: use-after-free Read in lock_sock_nested run #3: crashed: KASAN: use-after-free Read in lock_sock_nested run #4: crashed: KASAN: use-after-free Read in lock_sock_nested run #5: crashed: KASAN: use-after-free Read in lock_sock_nested run #6: crashed: KASAN: use-after-free Read in lock_sock_nested run #7: crashed: KASAN: use-after-free Read in lock_sock_nested run #8: crashed: KASAN: use-after-free Read in lock_sock_nested run #9: crashed: BUG: unable to handle kernel paging request in lock_sock_nested testing release v5.6 testing commit 7111951b8d4973bda27ff663f2cf18b663d15b48 with gcc (GCC) 8.1.0 kernel signature: b97c3d90c4e5a043734f567f614454a6fbbb8d5cb81fe8988d705280dd40b936 all runs: crashed: KASAN: use-after-free Read in lock_sock_nested testing release v5.5 testing commit d5226fa6dbae0569ee43ecfc08bdcd6770fc4755 with gcc (GCC) 8.1.0 kernel signature: 059886cfb741aafdf45e6f5e84b4c5a55ac5556af1f4d1b5079f80b737db55fb run #0: crashed: KASAN: use-after-free Read in lock_sock_nested run #1: crashed: KASAN: use-after-free Read in lock_sock_nested run #2: crashed: WARNING in mark_lock run #3: crashed: KASAN: use-after-free Read in lock_sock_nested run #4: crashed: KASAN: use-after-free Read in lock_sock_nested run #5: crashed: KASAN: use-after-free Read in lock_sock_nested run #6: crashed: KASAN: use-after-free Read in lock_sock_nested run #7: crashed: WARNING in mark_lock run #8: crashed: KASAN: use-after-free Read in lock_sock_nested run #9: crashed: KASAN: use-after-free Read in lock_sock_nested testing release v5.4 testing commit 219d54332a09e8d8741c1e1982f5eae56099de85 with gcc (GCC) 8.1.0 kernel signature: 34cef3eaaa66ccc66107a6a304ade63ac3924017f0bdda49abe11322bacb8e60 all runs: crashed: KASAN: use-after-free Read in lock_sock_nested testing release v5.3 testing commit 4d856f72c10ecb060868ed10ff1b1453943fc6c8 with gcc (GCC) 8.1.0 kernel signature: ed97b9aa44891d639a9572623d83ecb95a4dc42bf4812ac9da95c9847ab54c17 all runs: crashed: KASAN: use-after-free Read in lock_sock_nested testing release v5.2 testing commit 0ecfebd2b52404ae0c54a878c872bb93363ada36 with gcc (GCC) 8.1.0 kernel signature: 3a3b6dd30aa77f259857b946d7bf9f231fa256d79c168e89d827c161f64bc9a8 run #0: crashed: KASAN: use-after-free Read in lock_sock_nested run #1: crashed: KASAN: use-after-free Read in lock_sock_nested run #2: crashed: KASAN: use-after-free Read in lock_sock_nested run #3: crashed: KASAN: use-after-free Read in lock_sock_nested run #4: crashed: KASAN: use-after-free Read in lock_sock_nested run #5: crashed: KASAN: use-after-free Read in lock_sock_nested run #6: crashed: INFO: trying to register non-static key in l2cap_chan_close run #7: crashed: KASAN: use-after-free Read in lock_sock_nested run #8: crashed: KASAN: use-after-free Read in lock_sock_nested run #9: crashed: KASAN: use-after-free Read in lock_sock_nested testing release v5.1 testing commit e93c9c99a629c61837d5a7fc2120cd2b6c70dbdd with gcc (GCC) 8.1.0 kernel signature: 54d46f34e6435592c528db5820ce552079cf4d6a05881fb189eb821e6ae41707 all runs: crashed: KASAN: use-after-free Read in lock_sock_nested testing release v5.0 testing commit 1c163f4c7b3f621efff9b28a47abb36f7378d783 with gcc (GCC) 8.1.0 kernel signature: ba7778dedec135bee22c355c0e84252c6e2aa2bd380870f58ced7c97731c9f72 all runs: crashed: KASAN: use-after-free Read in lock_sock_nested testing release v4.20 testing commit 8fe28cb58bcb235034b64cbbb7550a8a43fd88be with gcc (GCC) 8.1.0 kernel signature: 4147869ff99b0323f653fcdf08de871bee6657a7eadf876e65f2c00a846aba96 run #0: crashed: KASAN: use-after-free Read in lock_sock_nested run #1: crashed: KASAN: use-after-free Read in lock_sock_nested run #2: crashed: KASAN: use-after-free Read in lock_sock_nested run #3: crashed: KASAN: use-after-free Read in lock_sock_nested run #4: crashed: KASAN: use-after-free Read in lock_sock_nested run #5: crashed: KASAN: use-after-free Read in lock_sock_nested run #6: crashed: KASAN: use-after-free Read in lock_sock_nested run #7: crashed: KASAN: use-after-free Read in lock_sock_nested run #8: crashed: KASAN: use-after-free Read in lock_sock_nested run #9: crashed: INFO: trying to register non-static key in l2cap_chan_close testing release v4.19 testing commit 84df9525b0c27f3ebc2ebb1864fa62a97fdedb7d with gcc (GCC) 8.1.0 kernel signature: e5644e30f35d90d4a6798db1ee890b874d628e9baf3e235d0068abf192859ad5 all runs: crashed: KASAN: use-after-free Read in lock_sock_nested testing release v4.18 testing commit 94710cac0ef4ee177a63b5227664b38c95bbf703 with gcc (GCC) 8.1.0 kernel signature: 395ea3f1706afbc0dff1c153e9bd856c9ae30a67a1bc5635057997d6f8687075 all runs: crashed: KASAN: use-after-free Read in lock_sock_nested testing release v4.17 testing commit 29dcea88779c856c7dc92040a0c01233263101d4 with gcc (GCC) 8.1.0 kernel signature: 4d8156fc92ae9b209a05a4dfc8569ae2c662cab48f0bf5a9e64bf910bb56f093 run #0: crashed: KASAN: use-after-free Read in lock_sock_nested run #1: crashed: KASAN: use-after-free Read in lock_sock_nested run #2: crashed: KASAN: use-after-free Read in lock_sock_nested run #3: crashed: KASAN: use-after-free Read in lock_sock_nested run #4: crashed: KASAN: use-after-free Read in lock_sock_nested run #5: crashed: KASAN: use-after-free Read in lock_sock_nested run #6: crashed: KASAN: use-after-free Read in lock_sock_nested run #7: crashed: KASAN: use-after-free Read in lock_sock_nested run #8: crashed: KASAN: slab-out-of-bounds Read in lock_sock_nested run #9: crashed: KASAN: use-after-free Read in lock_sock_nested testing release v4.16 testing commit 0adb32858b0bddf4ada5f364a84ed60b196dbcda with gcc (GCC) 8.1.0 kernel signature: 7d74f9c2838e4c43eaf7a269b01496547e9008c2eb624d09eb44766f90aac2af run #0: crashed: KASAN: use-after-free Read in lock_sock_nested run #1: crashed: INFO: trying to register non-static key in l2cap_chan_close run #2: crashed: KASAN: use-after-free Read in lock_sock_nested run #3: crashed: KASAN: use-after-free Read in lock_sock_nested run #4: crashed: KASAN: use-after-free Read in lock_sock_nested run #5: crashed: KASAN: use-after-free Read in lock_sock_nested run #6: crashed: KASAN: use-after-free Read in lock_sock_nested run #7: crashed: KASAN: use-after-free Read in lock_sock_nested run #8: crashed: KASAN: use-after-free Read in lock_sock_nested run #9: crashed: KASAN: use-after-free Read in lock_sock_nested testing release v4.15 testing commit d8a5b80568a9cb66810e75b182018e9edb68e8ff with gcc (GCC) 8.1.0 kernel signature: fc69a7044209ef2e6c545be004c284648b1c75b111b9159ffa731a06c5174ea2 run #0: crashed: KASAN: slab-out-of-bounds Read in lock_sock_nested run #1: crashed: KASAN: use-after-free Read in lock_sock_nested run #2: crashed: KASAN: use-after-free Read in lock_sock_nested run #3: crashed: KASAN: use-after-free Read in lock_sock_nested run #4: crashed: KASAN: use-after-free Read in lock_sock_nested run #5: crashed: KASAN: use-after-free Read in lock_sock_nested run #6: crashed: KASAN: use-after-free Read in lock_sock_nested run #7: crashed: KASAN: use-after-free Read in lock_sock_nested run #8: crashed: KASAN: use-after-free Read in lock_sock_nested run #9: crashed: KASAN: use-after-free Read in lock_sock_nested testing release v4.14 testing commit bebc6082da0a9f5d47a1ea2edc099bf671058bd4 with gcc (GCC) 8.1.0 kernel signature: 10d2c34a6a1340df37a90bd7171ca7a03e20f53d125609fde37ae7512086b22a all runs: crashed: KASAN: use-after-free Read in lock_sock_nested testing release v4.13 testing commit 569dbb88e80deb68974ef6fdd6a13edb9d686261 with gcc (GCC) 8.1.0 kernel signature: 639f12c5cbc84ce21c7a29dc9fbde8ded9d8c9ca23f1ade4e0735d8b3fc7cfe6 run #0: crashed: KASAN: use-after-free Read in lock_sock_nested run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK testing release v4.12 testing commit 6f7da290413ba713f0cdd9ff1a2a9bb129ef4f6c with gcc (GCC) 8.1.0 kernel signature: cbe573ccd096e8d904a8beed51462e96abcd61af3d39b51d6ca1b228a56892bf all runs: crashed: BUG: sleeping function called from invalid context in tap_get_minor testing release v4.11 testing commit a351e9b9fc24e982ec2f0e76379a49826036da12 with gcc (GCC) 7.3.0 kernel signature: 17656bcbfe60bb9718560b7fa61d7cb3a6e0dc1b5623149406eae85a409878d0 all runs: crashed: BUG: sleeping function called from invalid context in tap_get_minor testing release v4.10 testing commit c470abd4fde40ea6a0846a2beab642a578c0b8cd with gcc (GCC) 5.5.0 kernel signature: b76d9215cfb0518cb28866b3204dc46447688b112af02e69e00f6bbd35e1a5af all runs: crashed: KASAN: use-after-free Read in lock_sock_nested testing release v4.9 testing commit 69973b830859bc6529a7a0468ba0d80ee5117826 with gcc (GCC) 5.5.0 kernel signature: ffc5777a0a56d5a9e233cc3fa2921a0de7bd409b90d9f9415f38781db57bbe70 all runs: OK # git bisect start c470abd4fde40ea6a0846a2beab642a578c0b8cd 69973b830859bc6529a7a0468ba0d80ee5117826 Bisecting: 7099 revisions left to test after this (roughly 13 steps) [f4000cd99750065d5177555c0a805c97174d1b9f] Merge tag 'arm64-upstream' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux testing commit f4000cd99750065d5177555c0a805c97174d1b9f with gcc (GCC) 5.5.0 kernel signature: de1dad4dfc35845d4640bd9400b5b8323512cfad6cf7093c47c2e058b46bdf99 run #0: basic kernel testing failed: failed to copy test binary to VM: timedout ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "-i" "/syzkaller/jobs/linux/workdir/image/key" "/syzkaller/jobs/linux/gopath/src/github.com/google/syzkaller/bin/linux_amd64/syz-fuzzer" "root@10.128.10.46:./syz-fuzzer"] run #1: boot failed: can't ssh into the instance run #2: boot failed: WARNING: unrecognized kernel stack return address ADDR at ADDR in systemd-udevd:LINE run #3: boot failed: WARNING: unrecognized kernel stack return address ADDR at ADDR in systemd-udevd:LINE run #4: boot failed: can't ssh into the instance run #5: boot failed: can't ssh into the instance run #6: boot failed: can't ssh into the instance run #7: boot failed: WARNING: unrecognized kernel stack return address ADDR at ADDR in systemd-udevd:LINE run #8: boot failed: can't ssh into the instance run #9: boot failed: can't ssh into the instance # git bisect skip f4000cd99750065d5177555c0a805c97174d1b9f Bisecting: 7099 revisions left to test after this (roughly 13 steps) [ab1effc09519f3bb4b84dd6d8276cedf07b17a1b] staging: ks7010: Add blank line after declarations testing commit ab1effc09519f3bb4b84dd6d8276cedf07b17a1b with gcc (GCC) 5.5.0 kernel signature: a11ee5dfe8e8520f09bd45fe86b1ca0cf815a6a30195fe2f7f7d8a3b87cfed1f all runs: OK # git bisect good ab1effc09519f3bb4b84dd6d8276cedf07b17a1b Bisecting: 7022 revisions left to test after this (roughly 13 steps) [09cb6464fe5e7fcd5177911429badd139c4481b7] Merge tag 'for-f2fs-4.10' of git://git.kernel.org/pub/scm/linux/kernel/git/jaegeuk/f2fs testing commit 09cb6464fe5e7fcd5177911429badd139c4481b7 with gcc (GCC) 5.5.0 kernel signature: 40edd523046157864090842379c52920a9de38533a60ae3f77115447a31d9d68 run #0: basic kernel testing failed: failed to copy test binary to VM: timedout ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "-i" "/syzkaller/jobs/linux/workdir/image/key" "/syzkaller/jobs/linux/gopath/src/github.com/google/syzkaller/bin/linux_amd64/syz-fuzzer" "root@10.128.10.37:./syz-fuzzer"] run #1: basic kernel testing failed: failed to copy test binary to VM: timedout ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "-i" "/syzkaller/jobs/linux/workdir/image/key" "/syzkaller/jobs/linux/gopath/src/github.com/google/syzkaller/bin/linux_amd64/syz-fuzzer" "root@10.128.0.72:./syz-fuzzer"] run #2: boot failed: can't ssh into the instance run #3: boot failed: can't ssh into the instance run #4: boot failed: can't ssh into the instance run #5: boot failed: can't ssh into the instance run #6: boot failed: WARNING: unrecognized kernel stack return address ADDR at ADDR in systemd-timesyn:LINE run #7: boot failed: WARNING: unrecognized kernel stack return address ADDR at ADDR in v4l_id:LINE run #8: boot failed: WARNING: unrecognized kernel stack return address ADDR at ADDR in systemd-udevd:LINE run #9: boot failed: can't ssh into the instance # git bisect skip 09cb6464fe5e7fcd5177911429badd139c4481b7 Bisecting: 7022 revisions left to test after this (roughly 13 steps) [68226b4dfa9b2e064e2f9e792bf7469f465054c7] [media] dvb-tc90522: Rename a jump label in tc90522_probe() testing commit 68226b4dfa9b2e064e2f9e792bf7469f465054c7 with gcc (GCC) 5.5.0 kernel signature: 64866c175e4f3f50dcd6daa9c9d3db19174fab51f99d00c6d1f95e62ab52c434 all runs: OK # git bisect good 68226b4dfa9b2e064e2f9e792bf7469f465054c7 Bisecting: 6886 revisions left to test after this (roughly 13 steps) [d03502684b65492339d70f11aa8ed6df3961a3bf] s390/zcrypt: add missing memory clobber to ap_qci inline assembly testing commit d03502684b65492339d70f11aa8ed6df3961a3bf with gcc (GCC) 5.5.0 kernel signature: cb290470b8908b97cf3de5757c1fae7655b1274a4fb623ac06f644c11778e54b run #0: basic kernel testing failed: failed to copy test binary to VM: failed to run ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "-i" "/syzkaller/jobs/linux/workdir/image/key" "/syzkaller/jobs/linux/gopath/src/github.com/google/syzkaller/bin/linux_amd64/syz-fuzzer" "root@10.128.15.208:./syz-fuzzer"]: exit status 1 Connection timed out during banner exchange lost connection run #1: boot failed: can't ssh into the instance run #2: boot failed: can't ssh into the instance run #3: boot failed: WARNING: unrecognized kernel stack return address ADDR at ADDR in systemd-udevd:LINE run #4: boot failed: can't ssh into the instance run #5: boot failed: can't ssh into the instance run #6: boot failed: can't ssh into the instance run #7: boot failed: WARNING: unrecognized kernel stack return address ADDR at ADDR in systemd-udevd:LINE run #8: boot failed: can't ssh into the instance run #9: boot failed: can't ssh into the instance # git bisect skip d03502684b65492339d70f11aa8ed6df3961a3bf Bisecting: 6886 revisions left to test after this (roughly 13 steps) [a149e7c7ce812561f0fdc7a86ddc42f294e5eb3e] ipv6: sr: add support for SRH injection through setsockopt testing commit a149e7c7ce812561f0fdc7a86ddc42f294e5eb3e with gcc (GCC) 5.5.0 kernel signature: f70c8cda65541e8871ea65afd1f86c6bb6712a21339874228774a4b91e71e834 all runs: OK # git bisect good a149e7c7ce812561f0fdc7a86ddc42f294e5eb3e Bisecting: 6483 revisions left to test after this (roughly 13 steps) [a829a8445f09036404060f4d6489cb13433f4304] Merge tag 'scsi-misc' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi testing commit a829a8445f09036404060f4d6489cb13433f4304 with gcc (GCC) 5.5.0 kernel signature: ba2cc9e7139f3e64e0058e1b4fca7198b3045208083dc2e8d14e112f031218e5 run #0: basic kernel testing failed: failed to copy test binary to VM: failed to run ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "-i" "/syzkaller/jobs/linux/workdir/image/key" "/syzkaller/jobs/linux/gopath/src/github.com/google/syzkaller/bin/linux_amd64/syz-fuzzer" "root@10.128.15.201:./syz-fuzzer"]: exit status 1 Connection timed out during banner exchange lost connection run #1: basic kernel testing failed: failed to copy test binary to VM: failed to run ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "-i" "/syzkaller/jobs/linux/workdir/image/key" "/syzkaller/jobs/linux/gopath/src/github.com/google/syzkaller/bin/linux_amd64/syz-fuzzer" "root@10.128.0.192:./syz-fuzzer"]: exit status 1 Connection timed out during banner exchange lost connection run #2: boot failed: can't ssh into the instance run #3: boot failed: WARNING: unrecognized kernel stack return address ADDR at ADDR in systemd-sysctl:LINE run #4: boot failed: can't ssh into the instance run #5: boot failed: WARNING: unrecognized kernel stack return address ADDR at ADDR in (imesyncd):LINE run #6: boot failed: can't ssh into the instance run #7: boot failed: can't ssh into the instance run #8: boot failed: can't ssh into the instance run #9: boot failed: can't ssh into the instance # git bisect skip a829a8445f09036404060f4d6489cb13433f4304 Bisecting: 6483 revisions left to test after this (roughly 13 steps) [9004fda59577d439564d44d6d1db52d262fe3f99] Merge branch 'irq-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip testing commit 9004fda59577d439564d44d6d1db52d262fe3f99 with gcc (GCC) 5.5.0 kernel signature: 2c49e0ad7f5747fdd16a9d7b434d967940fdc78f70f04ac18f959bfbb00755b5 all runs: OK # git bisect good 9004fda59577d439564d44d6d1db52d262fe3f99 Bisecting: 1048 revisions left to test after this (roughly 10 steps) [93f955aad4bacee5acebad141d1a03cd51f27b4e] tipc: fix nametbl_lock soft lockup at node/link events testing commit 93f955aad4bacee5acebad141d1a03cd51f27b4e with gcc (GCC) 5.5.0 kernel signature: 787e5bd2e34d85fca3e730abfe283db1a7baa49fb7eab6a84be301de1f877933 all runs: OK # git bisect good 93f955aad4bacee5acebad141d1a03cd51f27b4e Bisecting: 516 revisions left to test after this (roughly 9 steps) [1b1bc42c1692e9b62756323c675a44cb1a1f9dbd] Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net testing commit 1b1bc42c1692e9b62756323c675a44cb1a1f9dbd with gcc (GCC) 5.5.0 kernel signature: dff8a19660452760dca8c7d117af1fdbc22cff569ee3c4d10513bf25f0ba846e all runs: OK # git bisect good 1b1bc42c1692e9b62756323c675a44cb1a1f9dbd Bisecting: 260 revisions left to test after this (roughly 8 steps) [b6789123bccba8b5feb9901ed2e8c3c39181979d] mm: fix KPF_SWAPCACHE in /proc/kpageflags testing commit b6789123bccba8b5feb9901ed2e8c3c39181979d with gcc (GCC) 5.5.0 kernel signature: 46d66c40a1199e2d0461e22ffd71a246cccdc76775e6b905ffb0cecfb23d91c3 all runs: OK # git bisect good b6789123bccba8b5feb9901ed2e8c3c39181979d Bisecting: 120 revisions left to test after this (roughly 7 steps) [1ee18329fae936089c6c599250ae92482ff2b81f] Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net testing commit 1ee18329fae936089c6c599250ae92482ff2b81f with gcc (GCC) 5.5.0 kernel signature: 4ec83b6c46070435de5961e113d38c3602fde7cb46979bd018ee9d218f76e104 all runs: OK # git bisect good 1ee18329fae936089c6c599250ae92482ff2b81f Bisecting: 53 revisions left to test after this (roughly 6 steps) [3c7a9f32f9392c9dfce24f33bdc6799852903e27] Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net testing commit 3c7a9f32f9392c9dfce24f33bdc6799852903e27 with gcc (GCC) 5.5.0 kernel signature: 5387ba73aa3f93a08d7a2484484bf1702f4568015386e34092a8e9a6a9561fd5 all runs: OK # git bisect good 3c7a9f32f9392c9dfce24f33bdc6799852903e27 Bisecting: 26 revisions left to test after this (roughly 5 steps) [2fe1e8a7b2f4dcac3fcb07ff06b0ae7396201fd6] Merge tag 'powerpc-4.10-5' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux testing commit 2fe1e8a7b2f4dcac3fcb07ff06b0ae7396201fd6 with gcc (GCC) 5.5.0 kernel signature: ef8b53779efbd4b6ea3c75848f0872d756bdf6ced00445d54ceb1ea7ba2dc7c2 all runs: OK # git bisect good 2fe1e8a7b2f4dcac3fcb07ff06b0ae7396201fd6 Bisecting: 12 revisions left to test after this (roughly 4 steps) [244ff16fb4717708491fa1b3b2a68f9074742d71] Merge branch 'locking-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip testing commit 244ff16fb4717708491fa1b3b2a68f9074742d71 with gcc (GCC) 5.5.0 kernel signature: a8e30400b548ce75496e55c7227f55b643e67140ff256965dadfa756daba7f3f all runs: OK # git bisect good 244ff16fb4717708491fa1b3b2a68f9074742d71 Bisecting: 7 revisions left to test after this (roughly 3 steps) [b92ce305fcbc8d85d1732fecf17c823c760868bd] Merge branch 'fixes' of git://git.armlinux.org.uk/~rmk/linux-arm testing commit b92ce305fcbc8d85d1732fecf17c823c760868bd with gcc (GCC) 5.5.0 kernel signature: fbb704757d26090be2f8d5862c652a59b80041f5ad2e4a755646bac35be9dafe all runs: OK # git bisect good b92ce305fcbc8d85d1732fecf17c823c760868bd Bisecting: 3 revisions left to test after this (roughly 2 steps) [2763f92f858f7c4c3198335c0542726eaed07ba3] Merge tag 'fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc testing commit 2763f92f858f7c4c3198335c0542726eaed07ba3 with gcc (GCC) 5.5.0 kernel signature: 1c1a44c37fe4c9f21df093d151e59174dcad05da41409a902e2d64aed7575953 all runs: OK # git bisect good 2763f92f858f7c4c3198335c0542726eaed07ba3 Bisecting: 1 revision left to test after this (roughly 1 step) [fd3fc0b4d7305fa7246622dcc0dec69c42443f45] scsi: don't BUG_ON() empty DMA transfers testing commit fd3fc0b4d7305fa7246622dcc0dec69c42443f45 with gcc (GCC) 5.5.0 kernel signature: 241c12ecc4e61e326d2f94ed9bd6fcf569f4a85fb092ccf089a5aae208bef657 all runs: OK # git bisect good fd3fc0b4d7305fa7246622dcc0dec69c42443f45 Bisecting: 0 revisions left to test after this (roughly 0 steps) [137d01df511b3afe1f05499aea05f3bafc0fb221] Fix missing sanity check in /dev/sg testing commit 137d01df511b3afe1f05499aea05f3bafc0fb221 with gcc (GCC) 5.5.0 kernel signature: a0580e804784aa67c74aa436817f127123e3ade35014c30139ab90e3c48faa1d all runs: OK # git bisect good 137d01df511b3afe1f05499aea05f3bafc0fb221 c470abd4fde40ea6a0846a2beab642a578c0b8cd is the first bad commit commit c470abd4fde40ea6a0846a2beab642a578c0b8cd Author: Linus Torvalds Date: Sun Feb 19 14:34:00 2017 -0800 Linux 4.10 Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) culprit signature: b76d9215cfb0518cb28866b3204dc46447688b112af02e69e00f6bbd35e1a5af parent signature: a0580e804784aa67c74aa436817f127123e3ade35014c30139ab90e3c48faa1d revisions tested: 40, total time: 7h59m24.301687135s (build: 3h13m9.533576613s, test: 4h41m34.113552901s) first bad commit: c470abd4fde40ea6a0846a2beab642a578c0b8cd Linux 4.10 recipients (to): ["linux-kbuild@vger.kernel.org" "mmarek@suse.com" "torvalds@linux-foundation.org"] recipients (cc): ["linux-kernel@vger.kernel.org"] crash: KASAN: use-after-free Read in lock_sock_nested ================================================================== BUG: KASAN: use-after-free in __lock_acquire+0x4e7a/0x50c0 kernel/locking/lockdep.c:3224 at addr ffff8801209b7760 Read of size 8 by task kworker/1:0/18 CPU: 1 PID: 18 Comm: kworker/1:0 Not tainted 4.10.0-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: events l2cap_chan_timeout Call Trace: __dump_stack lib/dump_stack.c:15 [inline] dump_stack+0x136/0x1d4 lib/dump_stack.c:51 kasan_object_err+0x1c/0x70 mm/kasan/report.c:162 print_address_description mm/kasan/report.c:200 [inline] kasan_report_error mm/kasan/report.c:289 [inline] kasan_report.part.1+0x1c9/0x480 mm/kasan/report.c:311 kasan_report mm/kasan/report.c:332 [inline] __asan_report_load8_noabort+0x29/0x30 mm/kasan/report.c:332 __lock_acquire+0x4e7a/0x50c0 kernel/locking/lockdep.c:3224 lock_acquire+0x197/0x4b0 kernel/locking/lockdep.c:3753 __raw_spin_lock_bh include/linux/spinlock_api_smp.h:137 [inline] _raw_spin_lock_bh+0x3a/0x50 kernel/locking/spinlock.c:175 spin_lock_bh include/linux/spinlock.h:307 [inline] lock_sock_nested+0x3e/0x100 net/core/sock.c:2523 l2cap_sock_teardown_cb+0x82/0x3e0 net/bluetooth/l2cap_sock.c:1327 l2cap_chan_close+0x3c1/0x7e0 net/bluetooth/l2cap_core.c:758 l2cap_chan_timeout+0xdc/0x1d0 net/bluetooth/l2cap_core.c:427 process_one_work+0x685/0x1660 kernel/workqueue.c:2098 worker_thread+0xe1/0x1110 kernel/workqueue.c:2232 kthread+0x2c9/0x3d0 kernel/kthread.c:227 ret_from_fork+0x31/0x40 arch/x86/entry/entry_64.S:430 Object at ffff8801209b76c0, in cache kmalloc-2048 size: 2048 Allocated: PID = 23203 save_stack_trace+0x16/0x20 arch/x86/kernel/stacktrace.c:57 save_stack mm/kasan/kasan.c:502 [inline] set_track mm/kasan/kasan.c:514 [inline] kasan_kmalloc+0xee/0x180 mm/kasan/kasan.c:605 __do_kmalloc mm/slab.c:3724 [inline] __kmalloc+0x162/0x440 mm/slab.c:3733 kmalloc include/linux/slab.h:495 [inline] sk_prot_alloc+0xda/0x260 net/core/sock.c:1340 sk_alloc+0x31/0x9f0 net/core/sock.c:1396 l2cap_sock_alloc.constprop.4+0x28/0x1e0 net/bluetooth/l2cap_sock.c:1589 l2cap_sock_create+0xb6/0x180 net/bluetooth/l2cap_sock.c:1635 bt_sock_create+0x13f/0x250 net/bluetooth/af_bluetooth.c:128 __sock_create+0x2f2/0x580 net/socket.c:1199 sock_create net/socket.c:1239 [inline] SYSC_socket net/socket.c:1269 [inline] SyS_socket+0xd9/0x1e0 net/socket.c:1249 entry_SYSCALL_64_fastpath+0x23/0xc6 Freed: PID = 23202 save_stack_trace+0x16/0x20 arch/x86/kernel/stacktrace.c:57 save_stack mm/kasan/kasan.c:502 [inline] set_track mm/kasan/kasan.c:514 [inline] kasan_slab_free+0xad/0x180 mm/kasan/kasan.c:578 __cache_free mm/slab.c:3502 [inline] kfree+0xd4/0x2d0 mm/slab.c:3819 sk_prot_free net/core/sock.c:1379 [inline] __sk_destruct+0x356/0x400 net/core/sock.c:1452 sk_destruct+0x3a/0x60 net/core/sock.c:1460 __sk_free+0x4f/0x1f0 net/core/sock.c:1468 sk_free+0x13/0x20 net/core/sock.c:1479 sock_put include/net/sock.h:1638 [inline] l2cap_sock_kill.part.2+0x4b/0x60 net/bluetooth/l2cap_sock.c:1054 l2cap_sock_kill net/bluetooth/l2cap_sock.c:1205 [inline] l2cap_sock_release+0x166/0x1b0 net/bluetooth/l2cap_sock.c:1203 sock_release+0x83/0x1a0 net/socket.c:599 sock_close+0xd/0x20 net/socket.c:1063 __fput+0x232/0x740 fs/file_table.c:208 ____fput+0x9/0x10 fs/file_table.c:244 task_work_run+0xd9/0x150 kernel/task_work.c:116 tracehook_notify_resume include/linux/tracehook.h:191 [inline] exit_to_usermode_loop+0x131/0x170 arch/x86/entry/common.c:160 prepare_exit_to_usermode arch/x86/entry/common.c:190 [inline] syscall_return_slowpath+0x251/0x2d0 arch/x86/entry/common.c:259 entry_SYSCALL_64_fastpath+0xc4/0xc6 Memory state around the buggy address: ffff8801209b7600: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc ffff8801209b7680: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb >ffff8801209b7700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ^ ffff8801209b7780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ffff8801209b7800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ==================================================================