bisecting fixing commit since c0842fbc1b18c7a044e6ff3e8fa78bfa822c7d1a building syzkaller on 80a0690249dc4dbbbed95ba197192b99c73694c5 testing commit c0842fbc1b18c7a044e6ff3e8fa78bfa822c7d1a with gcc (GCC) 8.4.1 20210217 kernel signature: 309329f3cb83491788a34c4254218dd4fd125e3e5ccdb40b0dd87cc675be7d5e run #0: crashed: WARNING: ODEBUG bug in bt_host_release run #1: crashed: KASAN: use-after-free Read in __queue_work run #2: crashed: general protection fault in __queue_work run #3: crashed: WARNING: ODEBUG bug in bt_host_release run #4: crashed: KASAN: use-after-free Read in __queue_work run #5: crashed: WARNING: ODEBUG bug in bt_host_release run #6: crashed: WARNING: ODEBUG bug in bt_host_release run #7: crashed: WARNING: ODEBUG bug in bt_host_release run #8: crashed: general protection fault in __queue_work run #9: OK run #10: OK run #11: OK run #12: OK run #13: OK run #14: OK run #15: OK run #16: OK run #17: OK run #18: OK run #19: OK reproducer seems to be flaky testing current HEAD c06a2ba62fc401b7aaefd23f5d0bc06d2457ccc1 testing commit c06a2ba62fc401b7aaefd23f5d0bc06d2457ccc1 with gcc (GCC) 10.2.1 20210217 kernel signature: 002ba8b608e872d56938e043fd73d153460c00512a6e1c46af8757f0fc931758 all runs: OK # git bisect start c06a2ba62fc401b7aaefd23f5d0bc06d2457ccc1 c0842fbc1b18c7a044e6ff3e8fa78bfa822c7d1a Bisecting: 37842 revisions left to test after this (roughly 15 steps) [3db1a3fa98808aa90f95ec3e0fa2fc7abf28f5c9] Merge tag 'staging-5.11-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging testing commit 3db1a3fa98808aa90f95ec3e0fa2fc7abf28f5c9 with gcc (GCC) 10.2.1 20210217 kernel signature: ecec0840fa6a1c9e238235414b89c0a788a3bd47f04c966edd146d67a6b10792 run #0: crashed: WARNING: ODEBUG bug in bt_host_release run #1: crashed: WARNING: ODEBUG bug in bt_host_release run #2: crashed: WARNING: ODEBUG bug in bt_host_release run #3: crashed: general protection fault in __queue_work run #4: crashed: WARNING: ODEBUG bug in bt_host_release run #5: crashed: general protection fault in __queue_work run #6: crashed: WARNING: ODEBUG bug in bt_host_release run #7: crashed: KASAN: use-after-free Read in __queue_work run #8: crashed: WARNING: ODEBUG bug in bt_host_release run #9: crashed: WARNING in __queue_work run #10: OK run #11: OK run #12: OK run #13: OK run #14: OK run #15: OK run #16: OK run #17: OK run #18: OK run #19: OK # git bisect good 3db1a3fa98808aa90f95ec3e0fa2fc7abf28f5c9 Bisecting: 18954 revisions left to test after this (roughly 14 steps) [a553e3cd2053501b658feec2be9a3b662eb1b22b] mm/migrate: remove unneeded semicolons testing commit a553e3cd2053501b658feec2be9a3b662eb1b22b with gcc (GCC) 10.2.1 20210217 kernel signature: 4a2c3a3ba29f94876ed88a1bc640f845fe77e6619fd0076de1a96f61b2c693eb run #0: crashed: general protection fault in __queue_work run #1: crashed: WARNING: ODEBUG bug in bt_host_release run #2: crashed: KASAN: use-after-free Read in __queue_work run #3: crashed: general protection fault in __queue_work run #4: crashed: general protection fault in __queue_work run #5: crashed: KASAN: use-after-free Read in __queue_work run #6: crashed: WARNING: ODEBUG bug in bt_host_release run #7: crashed: general protection fault in __queue_work run #8: crashed: WARNING: ODEBUG bug in bt_host_release run #9: crashed: WARNING: ODEBUG bug in bt_host_release run #10: crashed: general protection fault in __queue_work run #11: OK run #12: OK run #13: OK run #14: OK run #15: OK run #16: OK run #17: crashed: WARNING: ODEBUG bug in bt_host_release run #18: OK run #19: OK # git bisect good a553e3cd2053501b658feec2be9a3b662eb1b22b Bisecting: 10034 revisions left to test after this (roughly 13 steps) [3aa139aa9fdc138a84243dc49dc18d9b40e1c6e4] Merge tag 'media/v5.13-1' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media testing commit 3aa139aa9fdc138a84243dc49dc18d9b40e1c6e4 with gcc (GCC) 10.2.1 20210217 kernel signature: 5426735a04cd1123a09aa3656ff76a6104e1678cecc367f56cc089e6951388ed all runs: OK # git bisect bad 3aa139aa9fdc138a84243dc49dc18d9b40e1c6e4 Bisecting: 4486 revisions left to test after this (roughly 12 steps) [90035c28f17d59be660b9992757d09853ab203ec] Merge tag 'platform-drivers-x86-v5.13-1' of git://git.kernel.org/pub/scm/linux/kernel/git/pdx86/platform-drivers-x86 testing commit 90035c28f17d59be660b9992757d09853ab203ec with gcc (GCC) 10.2.1 20210217 kernel signature: b325058e4059a7821246448238f9920779c2a5c5d457f8db69bdce3b0036bec6 run #0: crashed: general protection fault in __queue_work run #1: crashed: WARNING: ODEBUG bug in bt_host_release run #2: crashed: WARNING: ODEBUG bug in bt_host_release run #3: crashed: WARNING: ODEBUG bug in bt_host_release run #4: crashed: WARNING: ODEBUG bug in bt_host_release run #5: crashed: WARNING: ODEBUG bug in bt_host_release run #6: crashed: WARNING: ODEBUG bug in bt_host_release run #7: crashed: WARNING: ODEBUG bug in bt_host_release run #8: crashed: WARNING: ODEBUG bug in bt_host_release run #9: crashed: WARNING: ODEBUG bug in bt_host_release run #10: crashed: general protection fault in __queue_work run #11: OK run #12: OK run #13: OK run #14: OK run #15: OK run #16: OK run #17: OK run #18: OK run #19: OK # git bisect good 90035c28f17d59be660b9992757d09853ab203ec Bisecting: 2265 revisions left to test after this (roughly 11 steps) [37f00ab4a003f371f81e0eae76cf372f06dec780] Merge tag 'arm-drivers-5.13' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc testing commit 37f00ab4a003f371f81e0eae76cf372f06dec780 with gcc (GCC) 10.2.1 20210217 kernel signature: 9b11a272a0d3450defbfb5464c10e34dba0c391021c414122fd8351bc368cdb8 all runs: OK # git bisect bad 37f00ab4a003f371f81e0eae76cf372f06dec780 Bisecting: 1306 revisions left to test after this (roughly 10 steps) [c295d3007ff63064181befa734d9705dfc10b396] staging: octeon: Use 'for_each_child_of_node' testing commit c295d3007ff63064181befa734d9705dfc10b396 with gcc (GCC) 10.2.1 20210217 kernel signature: e7626b2b061cdfc1f4193a6b41bbf1e8c89b970f9958c76ea1268dd025c7583f run #0: crashed: WARNING: ODEBUG bug in bt_host_release run #1: crashed: KASAN: use-after-free Read in __queue_work run #2: crashed: WARNING: ODEBUG bug in bt_host_release run #3: crashed: KASAN: use-after-free Read in __queue_work run #4: crashed: KASAN: use-after-free Read in __queue_work run #5: crashed: general protection fault in __queue_work run #6: crashed: WARNING: ODEBUG bug in bt_host_release run #7: crashed: WARNING: ODEBUG bug in bt_host_release run #8: crashed: WARNING: ODEBUG bug in bt_host_release run #9: crashed: WARNING: ODEBUG bug in bt_host_release run #10: OK run #11: OK run #12: crashed: WARNING: ODEBUG bug in bt_host_release run #13: OK run #14: OK run #15: OK run #16: OK run #17: OK run #18: OK run #19: OK # git bisect good c295d3007ff63064181befa734d9705dfc10b396 Bisecting: 717 revisions left to test after this (roughly 9 steps) [d08410d8c9908058a2f69b55e24edfb0d19da7a1] Merge tag 'tty-5.13-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty testing commit d08410d8c9908058a2f69b55e24edfb0d19da7a1 with gcc (GCC) 10.2.1 20210217 kernel signature: bbf64d9358e0199066fc2094273bb2d6bfd7fafed6a9c3f891369b4a5a108acf all runs: OK # git bisect bad d08410d8c9908058a2f69b55e24edfb0d19da7a1 Bisecting: 275 revisions left to test after this (roughly 8 steps) [31d8df9f4ae540bee25ca963a8c8b6847867a3d0] Merge tag 'mhi-for-v5.13' of git://git.kernel.org/pub/scm/linux/kernel/git/mani/mhi into char-misc-next testing commit 31d8df9f4ae540bee25ca963a8c8b6847867a3d0 with gcc (GCC) 10.2.1 20210217 kernel signature: b1eee438e99ad470ec1da26cb0e078701946d9d372b5a882823e2aeeb91ca54c run #0: crashed: KASAN: use-after-free Read in __queue_work run #1: crashed: KASAN: use-after-free Read in __queue_work run #2: crashed: general protection fault in __queue_work run #3: crashed: general protection fault in __queue_work run #4: crashed: general protection fault in __queue_work run #5: crashed: WARNING: ODEBUG bug in bt_host_release run #6: crashed: WARNING: ODEBUG bug in bt_host_release run #7: crashed: WARNING: ODEBUG bug in bt_host_release run #8: crashed: KASAN: use-after-free Read in __queue_work run #9: crashed: WARNING: ODEBUG bug in bt_host_release run #10: OK run #11: OK run #12: OK run #13: OK run #14: OK run #15: OK run #16: OK run #17: OK run #18: OK run #19: OK # git bisect good 31d8df9f4ae540bee25ca963a8c8b6847867a3d0 Bisecting: 137 revisions left to test after this (roughly 7 steps) [a13df3bec5963dc8f0f49257ae4f83c1445acaff] dt-bindings: serial: 8250: deprecate aspeed, sirq-polarity-sense testing commit a13df3bec5963dc8f0f49257ae4f83c1445acaff with gcc (GCC) 10.2.1 20210217 kernel signature: 1da1fc642d64ef73aa3266204c8f7d456d4caa01f807a01c4e4beb511b085a82 run #0: crashed: WARNING: ODEBUG bug in bt_host_release run #1: crashed: WARNING: ODEBUG bug in bt_host_release run #2: crashed: WARNING: ODEBUG bug in bt_host_release run #3: crashed: WARNING: ODEBUG bug in bt_host_release run #4: crashed: WARNING: ODEBUG bug in bt_host_release run #5: crashed: WARNING: ODEBUG bug in bt_host_release run #6: crashed: WARNING: ODEBUG bug in bt_host_release run #7: crashed: WARNING: ODEBUG bug in bt_host_release run #8: OK run #9: OK run #10: OK run #11: OK run #12: OK run #13: OK run #14: OK run #15: OK run #16: OK run #17: OK run #18: OK run #19: OK # git bisect good a13df3bec5963dc8f0f49257ae4f83c1445acaff Bisecting: 82 revisions left to test after this (roughly 6 steps) [a943d76352dbb4707a5e5537bbe696c00f5ddd36] devm-helpers: Fix devm_delayed_work_autocancel() kerneldoc testing commit a943d76352dbb4707a5e5537bbe696c00f5ddd36 with gcc (GCC) 10.2.1 20210217 kernel signature: 5f302b677dc5635f6b301c97e515b2f3b20e27b2ad5a412f52c9c3b1d0085adc run #0: crashed: WARNING: ODEBUG bug in bt_host_release run #1: crashed: WARNING: ODEBUG bug in bt_host_release run #2: crashed: general protection fault in __queue_work run #3: crashed: WARNING: ODEBUG bug in bt_host_release run #4: crashed: WARNING: ODEBUG bug in bt_host_release run #5: crashed: WARNING: ODEBUG bug in bt_host_release run #6: crashed: WARNING: ODEBUG bug in bt_host_release run #7: crashed: general protection fault in __queue_work run #8: crashed: WARNING: ODEBUG bug in bt_host_release run #9: crashed: WARNING: ODEBUG bug in bt_host_release run #10: crashed: WARNING: ODEBUG bug in bt_host_release run #11: OK run #12: OK run #13: OK run #14: OK run #15: OK run #16: OK run #17: OK run #18: OK run #19: OK # git bisect good a943d76352dbb4707a5e5537bbe696c00f5ddd36 Bisecting: 41 revisions left to test after this (roughly 5 steps) [0f8a732822bab43313400e5ae6af6560e4a7ce85] serial: sifive: drop low-latency workaround testing commit 0f8a732822bab43313400e5ae6af6560e4a7ce85 with gcc (GCC) 10.2.1 20210217 kernel signature: ac64847edfcf2a98b542f4698f9c5d304c85dcb324ecc1efadd0a351d855f444 run #0: crashed: WARNING: ODEBUG bug in bt_host_release run #1: crashed: KASAN: use-after-free Read in __queue_work run #2: crashed: general protection fault in __queue_work run #3: crashed: WARNING: ODEBUG bug in bt_host_release run #4: crashed: general protection fault in __queue_work run #5: crashed: general protection fault in __queue_work run #6: OK run #7: OK run #8: OK run #9: OK run #10: OK run #11: OK run #12: OK run #13: OK run #14: crashed: general protection fault in __queue_work run #15: OK run #16: OK run #17: OK run #18: OK run #19: OK # git bisect good 0f8a732822bab43313400e5ae6af6560e4a7ce85 Bisecting: 20 revisions left to test after this (roughly 4 steps) [18ffbc47d45a1489b664dd68fb3a7610a6e1dea3] intel_th: Consistency and off-by-one fix testing commit 18ffbc47d45a1489b664dd68fb3a7610a6e1dea3 with gcc (GCC) 10.2.1 20210217 kernel signature: b1eee438e99ad470ec1da26cb0e078701946d9d372b5a882823e2aeeb91ca54c run #0: crashed: WARNING: ODEBUG bug in bt_host_release run #1: crashed: WARNING: ODEBUG bug in bt_host_release run #2: crashed: WARNING: ODEBUG bug in bt_host_release run #3: crashed: WARNING: ODEBUG bug in bt_host_release run #4: crashed: WARNING: ODEBUG bug in bt_host_release run #5: crashed: KASAN: use-after-free Read in __queue_work run #6: OK run #7: crashed: WARNING: ODEBUG bug in bt_host_release run #8: crashed: general protection fault in __queue_work run #9: crashed: WARNING: ODEBUG bug in bt_host_release run #10: OK run #11: OK run #12: OK run #13: OK run #14: OK run #15: OK run #16: OK run #17: OK run #18: OK run #19: OK # git bisect good 18ffbc47d45a1489b664dd68fb3a7610a6e1dea3 Bisecting: 10 revisions left to test after this (roughly 3 steps) [c01c0716ccf5db2086d9693033472f37de96a699] Merge tag 'driver-core-5.13-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core testing commit c01c0716ccf5db2086d9693033472f37de96a699 with gcc (GCC) 10.2.1 20210217 kernel signature: f25abcef2ebd826297c188de14588e722cd997d136b452bc8c228c83d2f0d198 all runs: OK # git bisect bad c01c0716ccf5db2086d9693033472f37de96a699 Bisecting: 4 revisions left to test after this (roughly 2 steps) [76b453873628946d4794964fee75835114e5f35b] phy: ti: j721e-wiz: Add missing include linux/slab.h testing commit 76b453873628946d4794964fee75835114e5f35b with gcc (GCC) 10.2.1 20210217 kernel signature: b1eee438e99ad470ec1da26cb0e078701946d9d372b5a882823e2aeeb91ca54c run #0: crashed: WARNING: ODEBUG bug in bt_host_release run #1: crashed: WARNING: ODEBUG bug in bt_host_release run #2: crashed: general protection fault in __queue_work run #3: crashed: WARNING: ODEBUG bug in bt_host_release run #4: crashed: WARNING: ODEBUG bug in bt_host_release run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK run #10: crashed: general protection fault in __queue_work run #11: OK run #12: OK run #13: OK run #14: OK run #15: OK run #16: OK run #17: OK run #18: OK run #19: OK # git bisect good 76b453873628946d4794964fee75835114e5f35b Bisecting: 2 revisions left to test after this (roughly 1 step) [9204ff94868496f2d9b8b173af52ec455160c364] coresight: etm-perf: Fix define build issue when built as module testing commit 9204ff94868496f2d9b8b173af52ec455160c364 with gcc (GCC) 10.2.1 20210217 kernel signature: b1eee438e99ad470ec1da26cb0e078701946d9d372b5a882823e2aeeb91ca54c run #0: crashed: WARNING: ODEBUG bug in bt_host_release run #1: crashed: general protection fault in __queue_work run #2: crashed: KASAN: use-after-free Read in __queue_work run #3: crashed: WARNING: ODEBUG bug in bt_host_release run #4: crashed: WARNING: ODEBUG bug in bt_host_release run #5: crashed: general protection fault in __queue_work run #6: crashed: KASAN: use-after-free Read in __queue_work run #7: crashed: WARNING: ODEBUG bug in bt_host_release run #8: crashed: KASAN: use-after-free Read in __queue_work run #9: OK run #10: OK run #11: crashed: general protection fault in __queue_work run #12: OK run #13: OK run #14: OK run #15: OK run #16: OK run #17: OK run #18: OK run #19: OK # git bisect good 9204ff94868496f2d9b8b173af52ec455160c364 Bisecting: 0 revisions left to test after this (roughly 1 step) [8e3a3249502d8ff92d73d827fb41dd44c5a16f76] Merge tag 'char-misc-5.13-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc testing commit 8e3a3249502d8ff92d73d827fb41dd44c5a16f76 with gcc (GCC) 10.2.1 20210217 kernel signature: e2e2320105957dfbb0682d3f39a74b069e93e65bbc6cba0f4d9de0c847700489 all runs: OK # git bisect bad 8e3a3249502d8ff92d73d827fb41dd44c5a16f76 Bisecting: 0 revisions left to test after this (roughly 0 steps) [e2cb6b891ad2b8caa9131e3be70f45243df82a80] bluetooth: eliminate the potential race condition when removing the HCI controller testing commit e2cb6b891ad2b8caa9131e3be70f45243df82a80 with gcc (GCC) 10.2.1 20210217 kernel signature: a270d32c5b6dff2ec854e029b659c6681a51d347912bf9eec873ba78bdf48555 all runs: OK # git bisect bad e2cb6b891ad2b8caa9131e3be70f45243df82a80 e2cb6b891ad2b8caa9131e3be70f45243df82a80 is the first bad commit commit e2cb6b891ad2b8caa9131e3be70f45243df82a80 Author: Lin Ma Date: Mon Apr 12 19:17:57 2021 +0800 bluetooth: eliminate the potential race condition when removing the HCI controller There is a possible race condition vulnerability between issuing a HCI command and removing the cont. Specifically, functions hci_req_sync() and hci_dev_do_close() can race each other like below: thread-A in hci_req_sync() | thread-B in hci_dev_do_close() | hci_req_sync_lock(hdev); test_bit(HCI_UP, &hdev->flags); | ... | test_and_clear_bit(HCI_UP, &hdev->flags) hci_req_sync_lock(hdev); | | In this commit we alter the sequence in function hci_req_sync(). Hence, the thread-A cannot issue th. Signed-off-by: Lin Ma Cc: Marcel Holtmann Fixes: 7c6a329e4447 ("[Bluetooth] Fix regression from using default link policy") Signed-off-by: Greg Kroah-Hartman net/bluetooth/hci_request.c | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) culprit signature: a270d32c5b6dff2ec854e029b659c6681a51d347912bf9eec873ba78bdf48555 parent signature: b1eee438e99ad470ec1da26cb0e078701946d9d372b5a882823e2aeeb91ca54c Reproducer flagged being flaky revisions tested: 19, total time: 4h53m3.911156543s (build: 1h59m7.209221131s, test: 2h51m21.348497523s) first good commit: e2cb6b891ad2b8caa9131e3be70f45243df82a80 bluetooth: eliminate the potential race condition when removing the HCI controller recipients (to): ["davem@davemloft.net" "gregkh@linuxfoundation.org" "johan.hedberg@gmail.com" "kuba@kernel.org" "linma@zju.edu.cn" "linux-bluetooth@vger.kernel.org" "luiz.dentz@gmail.com" "marcel@holtmann.org" "netdev@vger.kernel.org"] recipients (cc): ["linux-kernel@vger.kernel.org"]