bisecting cause commit starting from d6efb3ac3e6c19ab722b28bdb9252bae0b9676b6 building syzkaller on cb436c69d9bcb0330518a48559649c9436ed5e7a testing commit d6efb3ac3e6c19ab722b28bdb9252bae0b9676b6 with gcc (GCC) 8.1.0 kernel signature: 980e023a32538c111c2ebf57a674b54f08bc4436c2c779cf414897939d5a4c3f run #0: crashed: BUG: spinlock bad magic in lock_sock_nested run #1: crashed: INFO: trying to register non-static key in l2cap_chan_del run #2: crashed: INFO: trying to register non-static key in l2cap_chan_del run #3: crashed: BUG: spinlock bad magic in lock_sock_nested run #4: crashed: INFO: trying to register non-static key in l2cap_chan_del run #5: crashed: BUG: spinlock bad magic in lock_sock_nested run #6: crashed: INFO: trying to register non-static key in l2cap_chan_del run #7: crashed: INFO: trying to register non-static key in l2cap_chan_del run #8: crashed: INFO: trying to register non-static key in l2cap_chan_del run #9: crashed: INFO: trying to register non-static key in l2cap_chan_del testing release v5.8 testing commit bcf876870b95592b52519ed4aafcf9d95999bc9c with gcc (GCC) 8.1.0 kernel signature: 71d9d80f74c92e360cb92ef9d691aad471204c07c28db2d2aa9d0f0d27b76d7c run #0: crashed: INFO: trying to register non-static key in l2cap_chan_del run #1: crashed: INFO: trying to register non-static key in l2cap_chan_del run #2: crashed: INFO: trying to register non-static key in l2cap_chan_del run #3: crashed: INFO: trying to register non-static key in l2cap_chan_del run #4: crashed: INFO: trying to register non-static key in l2cap_chan_del run #5: crashed: INFO: trying to register non-static key in l2cap_chan_del run #6: crashed: INFO: trying to register non-static key in l2cap_chan_del run #7: crashed: INFO: trying to register non-static key in l2cap_chan_del run #8: crashed: INFO: trying to register non-static key in l2cap_chan_del run #9: crashed: WARNING: locking bug in l2cap_chan_del testing release v5.7 testing commit 3d77e6a8804abcc0504c904bd6e5cdf3a5cf8162 with gcc (GCC) 8.1.0 kernel signature: c380a9091b68d59d85bfdf58be8c0f546a763496df38224f15a6e3234d7e7ebc run #0: crashed: KASAN: use-after-free Read in lock_sock_nested run #1: crashed: KASAN: use-after-free Read in lock_sock_nested run #2: crashed: KASAN: use-after-free Read in lock_sock_nested run #3: crashed: KASAN: use-after-free Read in lock_sock_nested run #4: crashed: KASAN: use-after-free Read in lock_sock_nested run #5: crashed: INFO: trying to register non-static key in l2cap_chan_del run #6: crashed: KASAN: use-after-free Read in lock_sock_nested run #7: crashed: KASAN: use-after-free Read in lock_sock_nested run #8: crashed: KASAN: slab-out-of-bounds Read in lock_sock_nested run #9: crashed: BUG: unable to handle kernel paging request in lock_sock_nested testing release v5.6 testing commit 7111951b8d4973bda27ff663f2cf18b663d15b48 with gcc (GCC) 8.1.0 kernel signature: 1dd154b06eaaad6b1fe4e0490613387155ae8437b026d9d1dd0d4534409172b9 run #0: crashed: INFO: trying to register non-static key in l2cap_chan_del run #1: crashed: KASAN: use-after-free Read in lock_sock_nested run #2: crashed: KASAN: slab-out-of-bounds Read in lock_sock_nested run #3: crashed: KASAN: use-after-free Read in lock_sock_nested run #4: crashed: KASAN: use-after-free Read in lock_sock_nested run #5: crashed: KASAN: use-after-free Read in lock_sock_nested run #6: crashed: WARNING in mark_lock run #7: crashed: KASAN: use-after-free Read in lock_sock_nested run #8: crashed: KASAN: use-after-free Read in lock_sock_nested run #9: crashed: KASAN: use-after-free Read in lock_sock_nested testing release v5.5 testing commit d5226fa6dbae0569ee43ecfc08bdcd6770fc4755 with gcc (GCC) 8.1.0 kernel signature: 6356e4d07ded983f1923b3dc42d708dd8f65142fd7a905630c8c93083d52737d run #0: crashed: KASAN: use-after-free Read in lock_sock_nested run #1: crashed: KASAN: use-after-free Read in lock_sock_nested run #2: crashed: WARNING in mark_lock run #3: crashed: KASAN: use-after-free Read in lock_sock_nested run #4: crashed: KASAN: use-after-free Read in lock_sock_nested run #5: crashed: KASAN: use-after-free Read in lock_sock_nested run #6: crashed: KASAN: use-after-free Read in lock_sock_nested run #7: crashed: KASAN: use-after-free Read in lock_sock_nested run #8: crashed: KASAN: use-after-free Read in lock_sock_nested run #9: crashed: KASAN: use-after-free Read in lock_sock_nested testing release v5.4 testing commit 219d54332a09e8d8741c1e1982f5eae56099de85 with gcc (GCC) 8.1.0 kernel signature: fa973431c6494dd7cb993c7ec9d5aea9e735c8e213311689adda3ddfa3d51c6b all runs: crashed: KASAN: use-after-free Read in lock_sock_nested testing release v5.3 testing commit 4d856f72c10ecb060868ed10ff1b1453943fc6c8 with gcc (GCC) 8.1.0 kernel signature: a567d5f1ec756499190c235ba092740d111424144747b9a667b225c7b4b37ba1 all runs: crashed: KASAN: use-after-free Read in lock_sock_nested testing release v5.2 testing commit 0ecfebd2b52404ae0c54a878c872bb93363ada36 with gcc (GCC) 8.1.0 kernel signature: 0fdbf9defc2ce2490f65f431f7d7eeb0cb980c17764fd2f9e9a1453f0b020f97 run #0: crashed: KASAN: use-after-free Read in lock_sock_nested run #1: crashed: KASAN: use-after-free Read in lock_sock_nested run #2: crashed: KASAN: use-after-free Read in lock_sock_nested run #3: crashed: KASAN: use-after-free Read in lock_sock_nested run #4: crashed: KASAN: use-after-free Read in lock_sock_nested run #5: crashed: KASAN: use-after-free Read in lock_sock_nested run #6: crashed: KASAN: use-after-free Read in lock_sock_nested run #7: crashed: INFO: trying to register non-static key in l2cap_chan_del run #8: crashed: KASAN: use-after-free Read in lock_sock_nested run #9: crashed: KASAN: use-after-free Read in lock_sock_nested testing release v5.1 testing commit e93c9c99a629c61837d5a7fc2120cd2b6c70dbdd with gcc (GCC) 8.1.0 kernel signature: a601392ceff589498bae67e89498570b6891bde8f4786419cb1b3911f802d0bf all runs: crashed: KASAN: use-after-free Read in lock_sock_nested testing release v5.0 testing commit 1c163f4c7b3f621efff9b28a47abb36f7378d783 with gcc (GCC) 8.1.0 kernel signature: 7d6d1f8db2dcf5d0dee77aec38dead92cdb5481d508d2d379f3da321d8327e03 all runs: crashed: KASAN: use-after-free Read in lock_sock_nested testing release v4.20 testing commit 8fe28cb58bcb235034b64cbbb7550a8a43fd88be with gcc (GCC) 8.1.0 kernel signature: a84bb38a9b4842ee927b6028eff35de565f76fdbe4b50a080bded4ab8699ec6b all runs: crashed: KASAN: use-after-free Read in lock_sock_nested testing release v4.19 testing commit 84df9525b0c27f3ebc2ebb1864fa62a97fdedb7d with gcc (GCC) 8.1.0 kernel signature: 8fce66961b1d4e22c32e7db53c990a9d35e0532ce5a2f82108c4951f15a22d3d all runs: crashed: KASAN: use-after-free Read in lock_sock_nested testing release v4.18 testing commit 94710cac0ef4ee177a63b5227664b38c95bbf703 with gcc (GCC) 8.1.0 kernel signature: 916766a18a7e0bcfe11fb86b46ed9a74d929f4f692b844ea26a601780bff0627 all runs: crashed: KASAN: use-after-free Read in lock_sock_nested testing release v4.17 testing commit 29dcea88779c856c7dc92040a0c01233263101d4 with gcc (GCC) 8.1.0 kernel signature: d448292ead6a081f5d3204c3bf435062fd6b2638a96cf0d1857f1638d99e1ac2 run #0: crashed: INFO: trying to register non-static key in l2cap_chan_del run #1: crashed: KASAN: use-after-free Read in lock_sock_nested run #2: crashed: KASAN: use-after-free Read in lock_sock_nested run #3: crashed: KASAN: use-after-free Read in lock_sock_nested run #4: crashed: KASAN: use-after-free Read in lock_sock_nested run #5: crashed: KASAN: use-after-free Read in lock_sock_nested run #6: crashed: KASAN: use-after-free Read in lock_sock_nested run #7: crashed: KASAN: use-after-free Read in lock_sock_nested run #8: crashed: KASAN: use-after-free Read in lock_sock_nested run #9: crashed: KASAN: use-after-free Read in lock_sock_nested testing release v4.16 testing commit 0adb32858b0bddf4ada5f364a84ed60b196dbcda with gcc (GCC) 8.1.0 kernel signature: 95e11335d7a1a642675062f82c3ce69e227c5360388b608cbc11b83580c3e94a all runs: crashed: KASAN: use-after-free Read in lock_sock_nested testing release v4.15 testing commit d8a5b80568a9cb66810e75b182018e9edb68e8ff with gcc (GCC) 8.1.0 kernel signature: febd5d5ae93d638d8cc1c21b4a7bd6fee19b505697b5634c3fbfa5a8a4b6ecb3 all runs: crashed: KASAN: use-after-free Read in lock_sock_nested testing release v4.14 testing commit bebc6082da0a9f5d47a1ea2edc099bf671058bd4 with gcc (GCC) 8.1.0 kernel signature: e2babcf3d95530ad4bc09fcea65f6c6ec1d2a9b6eafb0fe5301d8d15ab8d989f all runs: crashed: KASAN: use-after-free Read in lock_sock_nested testing release v4.13 testing commit 569dbb88e80deb68974ef6fdd6a13edb9d686261 with gcc (GCC) 8.1.0 kernel signature: 012d2b299110fc2ac0f298e33ad7cdc9bdaab51a9cbbe093c1d24f80ef28a8a9 run #0: crashed: KASAN: use-after-free Read in lock_sock_nested run #1: crashed: KASAN: use-after-free Read in lock_sock_nested run #2: crashed: KASAN: use-after-free Read in lock_sock_nested run #3: crashed: KASAN: use-after-free Read in lock_sock_nested run #4: crashed: KASAN: use-after-free Read in lock_sock_nested run #5: crashed: INFO: trying to register non-static key in l2cap_chan_del run #6: crashed: KASAN: use-after-free Read in lock_sock_nested run #7: crashed: KASAN: use-after-free Read in lock_sock_nested run #8: crashed: KASAN: use-after-free Read in lock_sock_nested run #9: crashed: INFO: trying to register non-static key in l2cap_chan_del testing release v4.12 testing commit 6f7da290413ba713f0cdd9ff1a2a9bb129ef4f6c with gcc (GCC) 8.1.0 kernel signature: 8bf5ab69260b6a1e24b97d6ce6fe43b3e6eb2fc2c1190f007a56a5f5ad34696a all runs: crashed: BUG: sleeping function called from invalid context in tap_get_minor testing release v4.11 testing commit a351e9b9fc24e982ec2f0e76379a49826036da12 with gcc (GCC) 7.3.0 kernel signature: 6a800a64776c514b996d4ed9e691c901575130b49e9cd21347348bf4f9f73ebd all runs: crashed: BUG: sleeping function called from invalid context in tap_get_minor testing release v4.10 testing commit c470abd4fde40ea6a0846a2beab642a578c0b8cd with gcc (GCC) 5.5.0 kernel signature: ec842bf95c5105cc3c0e11411d3545814cec38680851a3fccc98f589e9760424 all runs: crashed: KASAN: use-after-free Read in lock_sock_nested testing release v4.9 testing commit 69973b830859bc6529a7a0468ba0d80ee5117826 with gcc (GCC) 5.5.0 kernel signature: 4005bfa1abedbd9b50ad427147d35d1b831dfd8a1c3296d277da300ddcd4e8e6 all runs: OK # git bisect start c470abd4fde40ea6a0846a2beab642a578c0b8cd 69973b830859bc6529a7a0468ba0d80ee5117826 Bisecting: 7099 revisions left to test after this (roughly 13 steps) [f4000cd99750065d5177555c0a805c97174d1b9f] Merge tag 'arm64-upstream' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux testing commit f4000cd99750065d5177555c0a805c97174d1b9f with gcc (GCC) 5.5.0 kernel signature: b03f253ab5e03698450da69598227cbd890524d592d2669a05ca87db43663b3b run #0: basic kernel testing failed: failed to copy test binary to VM: failed to run ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "-i" "/syzkaller/jobs/linux/workdir/image/key" "/syzkaller/jobs/linux/gopath/src/github.com/google/syzkaller/bin/linux_amd64/syz-fuzzer" "root@10.128.15.198:./syz-fuzzer"]: exit status 1 Connection timed out during banner exchange lost connection run #1: boot failed: WARNING: unrecognized kernel stack return address ADDR at ADDR in systemd-udevd:LINE run #2: boot failed: can't ssh into the instance run #3: boot failed: can't ssh into the instance run #4: boot failed: can't ssh into the instance run #5: boot failed: can't ssh into the instance run #6: boot failed: can't ssh into the instance run #7: boot failed: can't ssh into the instance run #8: boot failed: WARNING: unrecognized kernel stack return address ADDR at ADDR in systemd-udevd:LINE run #9: boot failed: WARNING: unrecognized kernel stack return address ADDR at ADDR in systemd-sysctl:LINE # git bisect skip f4000cd99750065d5177555c0a805c97174d1b9f Bisecting: 7099 revisions left to test after this (roughly 13 steps) [ab1effc09519f3bb4b84dd6d8276cedf07b17a1b] staging: ks7010: Add blank line after declarations testing commit ab1effc09519f3bb4b84dd6d8276cedf07b17a1b with gcc (GCC) 5.5.0 kernel signature: c93937aba578cf62c6026123828deb5da2dc4400772c1c84fe5df277c32059b9 all runs: OK # git bisect good ab1effc09519f3bb4b84dd6d8276cedf07b17a1b Bisecting: 7022 revisions left to test after this (roughly 13 steps) [09cb6464fe5e7fcd5177911429badd139c4481b7] Merge tag 'for-f2fs-4.10' of git://git.kernel.org/pub/scm/linux/kernel/git/jaegeuk/f2fs testing commit 09cb6464fe5e7fcd5177911429badd139c4481b7 with gcc (GCC) 5.5.0 kernel signature: 98370ce2e973c3cbde6af90ceeacbe6e32b437332d4de16d6731b4666f88b08b run #0: basic kernel testing failed: failed to copy test binary to VM: timedout ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "-i" "/syzkaller/jobs/linux/workdir/image/key" "/syzkaller/jobs/linux/gopath/src/github.com/google/syzkaller/bin/linux_amd64/syz-fuzzer" "root@10.128.0.227:./syz-fuzzer"] run #1: boot failed: can't ssh into the instance run #2: boot failed: can't ssh into the instance run #3: boot failed: can't ssh into the instance run #4: boot failed: WARNING: unrecognized kernel stack return address ADDR at ADDR in systemd-udevd:LINE run #5: boot failed: can't ssh into the instance run #6: boot failed: can't ssh into the instance run #7: boot failed: can't ssh into the instance run #8: boot failed: can't ssh into the instance run #9: boot failed: can't ssh into the instance # git bisect skip 09cb6464fe5e7fcd5177911429badd139c4481b7 Bisecting: 7022 revisions left to test after this (roughly 13 steps) [68226b4dfa9b2e064e2f9e792bf7469f465054c7] [media] dvb-tc90522: Rename a jump label in tc90522_probe() testing commit 68226b4dfa9b2e064e2f9e792bf7469f465054c7 with gcc (GCC) 5.5.0 kernel signature: 7c385964a32e0f170e8b15eb87574d4e1164f5be05cb8b6cb140fe47737148b7 all runs: OK # git bisect good 68226b4dfa9b2e064e2f9e792bf7469f465054c7 Bisecting: 6886 revisions left to test after this (roughly 13 steps) [d03502684b65492339d70f11aa8ed6df3961a3bf] s390/zcrypt: add missing memory clobber to ap_qci inline assembly testing commit d03502684b65492339d70f11aa8ed6df3961a3bf with gcc (GCC) 5.5.0 kernel signature: 6afcf492f709fd045bf3e0e7a0aaf057bf83e67791e88ad83fc8b7ba46f7e994 run #0: basic kernel testing failed: failed to copy test binary to VM: failed to run ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "-i" "/syzkaller/jobs/linux/workdir/image/key" "/syzkaller/jobs/linux/gopath/src/github.com/google/syzkaller/bin/linux_amd64/syz-fuzzer" "root@10.128.15.196:./syz-fuzzer"]: exit status 1 Connection timed out during banner exchange lost connection run #1: boot failed: can't ssh into the instance run #2: boot failed: WARNING: unrecognized kernel stack return address ADDR at ADDR in systemd-udevd:LINE run #3: boot failed: WARNING: unrecognized kernel stack return address ADDR at ADDR in systemd-timesyn:LINE run #4: boot failed: WARNING: unrecognized kernel stack return address ADDR at ADDR in systemd-timesyn:LINE run #5: boot failed: can't ssh into the instance run #6: boot failed: WARNING: unrecognized kernel stack return address ADDR at ADDR in sd-resolve:LINE run #7: boot failed: can't ssh into the instance run #8: boot failed: can't ssh into the instance run #9: boot failed: can't ssh into the instance # git bisect skip d03502684b65492339d70f11aa8ed6df3961a3bf Bisecting: 6886 revisions left to test after this (roughly 13 steps) [a149e7c7ce812561f0fdc7a86ddc42f294e5eb3e] ipv6: sr: add support for SRH injection through setsockopt testing commit a149e7c7ce812561f0fdc7a86ddc42f294e5eb3e with gcc (GCC) 5.5.0 kernel signature: 87530800b149a793b1610c2158831cb567d754921d078caafa14e64bbe4ffa0b all runs: OK # git bisect good a149e7c7ce812561f0fdc7a86ddc42f294e5eb3e Bisecting: 6483 revisions left to test after this (roughly 13 steps) [a829a8445f09036404060f4d6489cb13433f4304] Merge tag 'scsi-misc' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi testing commit a829a8445f09036404060f4d6489cb13433f4304 with gcc (GCC) 5.5.0 kernel signature: 602fc62421d9a97cef4379529d6d234a016b611c2c664c7196cfae31df4c0a2e run #0: basic kernel testing failed: failed to copy test binary to VM: timedout ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "-i" "/syzkaller/jobs/linux/workdir/image/key" "/syzkaller/jobs/linux/gopath/src/github.com/google/syzkaller/bin/linux_amd64/syz-fuzzer" "root@10.128.1.53:./syz-fuzzer"] Warning: Permanently added '10.128.1.53' (ECDSA) to the list of known hosts. run #1: boot failed: can't ssh into the instance run #2: boot failed: can't ssh into the instance run #3: boot failed: WARNING: unrecognized kernel stack return address ADDR at ADDR in systemd-sysctl:LINE run #4: boot failed: can't ssh into the instance run #5: boot failed: can't ssh into the instance run #6: boot failed: can't ssh into the instance run #7: boot failed: can't ssh into the instance run #8: boot failed: can't ssh into the instance run #9: boot failed: can't ssh into the instance # git bisect skip a829a8445f09036404060f4d6489cb13433f4304 Bisecting: 6483 revisions left to test after this (roughly 13 steps) [9004fda59577d439564d44d6d1db52d262fe3f99] Merge branch 'irq-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip testing commit 9004fda59577d439564d44d6d1db52d262fe3f99 with gcc (GCC) 5.5.0 kernel signature: 6630f5a516c19c44d0dfde7139f1f063a3a92a395f03f471996d69906354fc49 all runs: OK # git bisect good 9004fda59577d439564d44d6d1db52d262fe3f99 Bisecting: 1048 revisions left to test after this (roughly 10 steps) [93f955aad4bacee5acebad141d1a03cd51f27b4e] tipc: fix nametbl_lock soft lockup at node/link events testing commit 93f955aad4bacee5acebad141d1a03cd51f27b4e with gcc (GCC) 5.5.0 kernel signature: ac431c3a72098ff58241948b5578bf6acd6f736b9125c2e549921a943f82fd08 all runs: OK # git bisect good 93f955aad4bacee5acebad141d1a03cd51f27b4e Bisecting: 516 revisions left to test after this (roughly 9 steps) [1b1bc42c1692e9b62756323c675a44cb1a1f9dbd] Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net testing commit 1b1bc42c1692e9b62756323c675a44cb1a1f9dbd with gcc (GCC) 5.5.0 kernel signature: a80a28bb24bb56b5b774d57819e92295d796352996679e0decd43b3b24c0a9ce all runs: OK # git bisect good 1b1bc42c1692e9b62756323c675a44cb1a1f9dbd Bisecting: 260 revisions left to test after this (roughly 8 steps) [b6789123bccba8b5feb9901ed2e8c3c39181979d] mm: fix KPF_SWAPCACHE in /proc/kpageflags testing commit b6789123bccba8b5feb9901ed2e8c3c39181979d with gcc (GCC) 5.5.0 kernel signature: 79eaa97755115a3b219ff6284901ca1788e16ea2d2f533fc4803eb4e5b5d8ece all runs: OK # git bisect good b6789123bccba8b5feb9901ed2e8c3c39181979d Bisecting: 120 revisions left to test after this (roughly 7 steps) [1ee18329fae936089c6c599250ae92482ff2b81f] Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net testing commit 1ee18329fae936089c6c599250ae92482ff2b81f with gcc (GCC) 5.5.0 kernel signature: 3d2e4e064d8c42007e0cc655d722c69b927e641951d236f2667c40e0a4504327 all runs: OK # git bisect good 1ee18329fae936089c6c599250ae92482ff2b81f Bisecting: 53 revisions left to test after this (roughly 6 steps) [3c7a9f32f9392c9dfce24f33bdc6799852903e27] Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net testing commit 3c7a9f32f9392c9dfce24f33bdc6799852903e27 with gcc (GCC) 5.5.0 kernel signature: 90f00bfb72021548e4867a814a6c8a8a35081b08d0f85f7072830d14b554bdb5 all runs: OK # git bisect good 3c7a9f32f9392c9dfce24f33bdc6799852903e27 Bisecting: 26 revisions left to test after this (roughly 5 steps) [2fe1e8a7b2f4dcac3fcb07ff06b0ae7396201fd6] Merge tag 'powerpc-4.10-5' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux testing commit 2fe1e8a7b2f4dcac3fcb07ff06b0ae7396201fd6 with gcc (GCC) 5.5.0 kernel signature: 01a1379f1504c4409da901ef726010581129a5848197a75a07953527d1a67863 all runs: OK # git bisect good 2fe1e8a7b2f4dcac3fcb07ff06b0ae7396201fd6 Bisecting: 12 revisions left to test after this (roughly 4 steps) [244ff16fb4717708491fa1b3b2a68f9074742d71] Merge branch 'locking-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip testing commit 244ff16fb4717708491fa1b3b2a68f9074742d71 with gcc (GCC) 5.5.0 kernel signature: 84528f76dc3c4e88ecad2418014479c2072658341ffbf17808835fafbe05255c all runs: OK # git bisect good 244ff16fb4717708491fa1b3b2a68f9074742d71 Bisecting: 7 revisions left to test after this (roughly 3 steps) [b92ce305fcbc8d85d1732fecf17c823c760868bd] Merge branch 'fixes' of git://git.armlinux.org.uk/~rmk/linux-arm testing commit b92ce305fcbc8d85d1732fecf17c823c760868bd with gcc (GCC) 5.5.0 kernel signature: c24e66d29a5741cb1fbf7bd1817adb5dee12a2962075e2b7ca28b06a3c1bca58 all runs: OK # git bisect good b92ce305fcbc8d85d1732fecf17c823c760868bd Bisecting: 3 revisions left to test after this (roughly 2 steps) [2763f92f858f7c4c3198335c0542726eaed07ba3] Merge tag 'fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc testing commit 2763f92f858f7c4c3198335c0542726eaed07ba3 with gcc (GCC) 5.5.0 kernel signature: f2e6500760eb264ea415260f71272d1b3f440e4ffc910f2bd7c007ab2c71a023 all runs: OK # git bisect good 2763f92f858f7c4c3198335c0542726eaed07ba3 Bisecting: 1 revision left to test after this (roughly 1 step) [fd3fc0b4d7305fa7246622dcc0dec69c42443f45] scsi: don't BUG_ON() empty DMA transfers testing commit fd3fc0b4d7305fa7246622dcc0dec69c42443f45 with gcc (GCC) 5.5.0 kernel signature: b4f0a5f1bb8756fdf3954c1b866d8b26d9f4832553b7daebec784222ac6c1661 all runs: OK # git bisect good fd3fc0b4d7305fa7246622dcc0dec69c42443f45 Bisecting: 0 revisions left to test after this (roughly 0 steps) [137d01df511b3afe1f05499aea05f3bafc0fb221] Fix missing sanity check in /dev/sg testing commit 137d01df511b3afe1f05499aea05f3bafc0fb221 with gcc (GCC) 5.5.0 kernel signature: b6dcac26e16677a605f101b6071ff83e922325f17b3667492cf79d30f87ceb2c all runs: OK # git bisect good 137d01df511b3afe1f05499aea05f3bafc0fb221 c470abd4fde40ea6a0846a2beab642a578c0b8cd is the first bad commit commit c470abd4fde40ea6a0846a2beab642a578c0b8cd Author: Linus Torvalds Date: Sun Feb 19 14:34:00 2017 -0800 Linux 4.10 Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) culprit signature: ec842bf95c5105cc3c0e11411d3545814cec38680851a3fccc98f589e9760424 parent signature: b6dcac26e16677a605f101b6071ff83e922325f17b3667492cf79d30f87ceb2c revisions tested: 41, total time: 8h5m10.277170373s (build: 3h21m44.712455324s, test: 4h38m50.244263474s) first bad commit: c470abd4fde40ea6a0846a2beab642a578c0b8cd Linux 4.10 recipients (to): ["linux-kbuild@vger.kernel.org" "mmarek@suse.com" "torvalds@linux-foundation.org"] recipients (cc): ["linux-kernel@vger.kernel.org"] crash: KASAN: use-after-free Read in lock_sock_nested ================================================================== BUG: KASAN: use-after-free in __lock_acquire+0x4e7a/0x50c0 kernel/locking/lockdep.c:3224 at addr ffff880110abc9a0 Read of size 8 by task kworker/1:0/18 CPU: 1 PID: 18 Comm: kworker/1:0 Not tainted 4.10.0-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: events l2cap_chan_timeout Call Trace: __dump_stack lib/dump_stack.c:15 [inline] dump_stack+0x136/0x1d4 lib/dump_stack.c:51 kasan_object_err+0x1c/0x70 mm/kasan/report.c:162 print_address_description mm/kasan/report.c:200 [inline] kasan_report_error mm/kasan/report.c:289 [inline] kasan_report.part.1+0x1c9/0x480 mm/kasan/report.c:311 kasan_report mm/kasan/report.c:332 [inline] __asan_report_load8_noabort+0x29/0x30 mm/kasan/report.c:332 __lock_acquire+0x4e7a/0x50c0 kernel/locking/lockdep.c:3224 lock_acquire+0x197/0x4b0 kernel/locking/lockdep.c:3753 __raw_spin_lock_bh include/linux/spinlock_api_smp.h:137 [inline] _raw_spin_lock_bh+0x3a/0x50 kernel/locking/spinlock.c:175 spin_lock_bh include/linux/spinlock.h:307 [inline] lock_sock_nested+0x3e/0x100 net/core/sock.c:2523 l2cap_sock_teardown_cb+0x82/0x3e0 net/bluetooth/l2cap_sock.c:1327 l2cap_chan_del+0x9b/0x7b0 net/bluetooth/l2cap_core.c:596 l2cap_chan_close+0x33b/0x7e0 net/bluetooth/l2cap_core.c:754 l2cap_chan_timeout+0xdc/0x1d0 net/bluetooth/l2cap_core.c:427 process_one_work+0x685/0x1660 kernel/workqueue.c:2098 worker_thread+0xe1/0x1110 kernel/workqueue.c:2232 kthread+0x2c9/0x3d0 kernel/kthread.c:227 ret_from_fork+0x31/0x40 arch/x86/entry/entry_64.S:430 Object at ffff880110abc900, in cache kmalloc-2048 size: 2048 Allocated: PID = 6158 save_stack_trace+0x16/0x20 arch/x86/kernel/stacktrace.c:57 save_stack mm/kasan/kasan.c:502 [inline] set_track mm/kasan/kasan.c:514 [inline] kasan_kmalloc+0xee/0x180 mm/kasan/kasan.c:605 __do_kmalloc mm/slab.c:3724 [inline] __kmalloc+0x162/0x440 mm/slab.c:3733 kmalloc include/linux/slab.h:495 [inline] alloc_fdmem+0x1b/0x40 fs/file.c:40 alloc_fdtable+0xb4/0x240 fs/file.c:134 dup_fd+0x5aa/0xba0 fs/file.c:328 copy_files kernel/fork.c:1241 [inline] copy_process.part.7+0x1844/0x6040 kernel/fork.c:1649 copy_process kernel/fork.c:1486 [inline] _do_fork+0x148/0xbb0 kernel/fork.c:1942 SYSC_clone kernel/fork.c:2052 [inline] SyS_clone+0x14/0x20 kernel/fork.c:2046 do_syscall_64+0x1ba/0x5b0 arch/x86/entry/common.c:280 return_from_SYSCALL_64+0x0/0x7a Freed: PID = 9185 save_stack_trace+0x16/0x20 arch/x86/kernel/stacktrace.c:57 save_stack mm/kasan/kasan.c:502 [inline] set_track mm/kasan/kasan.c:514 [inline] kasan_slab_free+0xad/0x180 mm/kasan/kasan.c:578 __cache_free mm/slab.c:3502 [inline] kfree+0xd4/0x2d0 mm/slab.c:3819 kvfree+0x25/0x30 mm/util.c:332 __free_fdtable+0x2c/0x70 fs/file.c:50 put_files_struct+0x186/0x220 fs/file.c:438 exit_files+0x79/0xa0 fs/file.c:463 do_exit+0x70e/0x2ed0 kernel/exit.c:834 do_group_exit+0xf2/0x2d0 kernel/exit.c:943 get_signal+0x49a/0x1390 kernel/signal.c:2313 do_signal+0x7f/0x1950 arch/x86/kernel/signal.c:807 exit_to_usermode_loop+0x112/0x170 arch/x86/entry/common.c:156 prepare_exit_to_usermode arch/x86/entry/common.c:190 [inline] syscall_return_slowpath+0x251/0x2d0 arch/x86/entry/common.c:259 entry_SYSCALL_64_fastpath+0xc4/0xc6 Memory state around the buggy address: ffff880110abc880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ffff880110abc900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb >ffff880110abc980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ^ ffff880110abca00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ffff880110abca80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ==================================================================