bisecting fixing commit since a844dc4c544291470aa69edbe2434b040794e269 building syzkaller on 9fd5a512f39cdc0ec154632d7165855c9dfb3390 testing commit a844dc4c544291470aa69edbe2434b040794e269 with gcc (GCC) 8.1.0 kernel signature: 73530e5b2afc3235274fc498096bba3f1644d5caf388f554420f2aa075318785 run #0: crashed: BUG: sleeping function called from invalid context in tpk_write run #1: crashed: BUG: sleeping function called from invalid context in tpk_write run #2: crashed: BUG: sleeping function called from invalid context in tpk_write run #3: crashed: BUG: sleeping function called from invalid context in tpk_write run #4: crashed: BUG: sleeping function called from invalid context in tpk_write run #5: crashed: BUG: sleeping function called from invalid context in tpk_write run #6: crashed: WARNING in tpk_write run #7: crashed: BUG: sleeping function called from invalid context in tpk_write run #8: crashed: BUG: sleeping function called from invalid context in tpk_write run #9: crashed: BUG: sleeping function called from invalid context in tpk_write testing current HEAD 78d697fc93f98054e36a3ab76dca1a88802ba7be testing commit 78d697fc93f98054e36a3ab76dca1a88802ba7be with gcc (GCC) 8.1.0 kernel signature: ec280689aaad85a77cd1e0072c041d3005c3c09c8320db5da6c1cca4913cde8b all runs: OK # git bisect start 78d697fc93f98054e36a3ab76dca1a88802ba7be a844dc4c544291470aa69edbe2434b040794e269 Bisecting: 881 revisions left to test after this (roughly 10 steps) [137875d425bb04eb6fbf98f50fdae0a592dee96b] mfd: intel-lpss: Add default I2C device properties for Gemini Lake testing commit 137875d425bb04eb6fbf98f50fdae0a592dee96b with gcc (GCC) 8.1.0 kernel signature: 42cd3797ac27fb19a9988392ed343cd8a9237f8202a971c04ed3b6cc6b0fee9c all runs: crashed: BUG: sleeping function called from invalid context in tpk_write # git bisect good 137875d425bb04eb6fbf98f50fdae0a592dee96b Bisecting: 440 revisions left to test after this (roughly 9 steps) [89f54ffd507359db9aef5e59e32312773fc72747] mac80211: mesh: restrict airtime metric to peered established plinks testing commit 89f54ffd507359db9aef5e59e32312773fc72747 with gcc (GCC) 8.1.0 kernel signature: 90ec84e9a5168a2263e5884eb70a6fd1e0ab4600f948beb72026b93fe2a17e7a all runs: OK # git bisect bad 89f54ffd507359db9aef5e59e32312773fc72747 Bisecting: 220 revisions left to test after this (roughly 8 steps) [4f80b033f61bafc56239ae6507d944aa4d13ddd6] inet: frags: call inet_frags_fini() after unregister_pernet_subsys() testing commit 4f80b033f61bafc56239ae6507d944aa4d13ddd6 with gcc (GCC) 8.1.0 kernel signature: 34055094157591741687b84101edaf60a60a62c9b42321f8f55ede11a644c6ae all runs: crashed: BUG: sleeping function called from invalid context in tpk_write # git bisect good 4f80b033f61bafc56239ae6507d944aa4d13ddd6 Bisecting: 110 revisions left to test after this (roughly 7 steps) [8c17dd4b587bed444f1ea58bfc9bd90f44bf9db3] mmc: core: fix wl1251 sdio quirks testing commit 8c17dd4b587bed444f1ea58bfc9bd90f44bf9db3 with gcc (GCC) 8.1.0 kernel signature: 571d2d03e459b2e03936ffecea4846ba7c8be232adc85a9529eb294fc2af4b84 run #0: crashed: BUG: sleeping function called from invalid context in tpk_write run #1: crashed: BUG: sleeping function called from invalid context in tpk_write run #2: crashed: BUG: sleeping function called from invalid context in tpk_write run #3: crashed: BUG: sleeping function called from invalid context in tpk_write run #4: crashed: BUG: sleeping function called from invalid context in tpk_write run #5: crashed: BUG: sleeping function called from invalid context in tpk_write run #6: crashed: BUG: sleeping function called from invalid context in tpk_write run #7: crashed: BUG: sleeping function called from invalid context in tpk_write run #8: crashed: BUG: sleeping function called from invalid context in tpk_write run #9: crashed: WARNING in tpk_write # git bisect good 8c17dd4b587bed444f1ea58bfc9bd90f44bf9db3 Bisecting: 55 revisions left to test after this (roughly 6 steps) [9fa690a2a016e1b55356835f047b952e67d3d73a] Linux 4.14.169 testing commit 9fa690a2a016e1b55356835f047b952e67d3d73a with gcc (GCC) 8.1.0 kernel signature: 0f886ac163c42a45ae5c88bc2a63a780cea7c0da008d9a9e30ae6e19ce30b478 all runs: crashed: BUG: sleeping function called from invalid context in tpk_write # git bisect good 9fa690a2a016e1b55356835f047b952e67d3d73a Bisecting: 27 revisions left to test after this (roughly 5 steps) [5ed8ea1798f5585f81252fbbf49ddf50029de2a4] PCI: Add DMA alias quirk for Intel VCA NTB testing commit 5ed8ea1798f5585f81252fbbf49ddf50029de2a4 with gcc (GCC) 8.1.0 kernel signature: aaea026c265bf4881fbf040294ff8adf793b5d9d56b6fcd59ed10e478f1d5dda failed: failed to create VM pool: failed to write image file: googleapi: got HTTP response code 503 with body: # git bisect skip 5ed8ea1798f5585f81252fbbf49ddf50029de2a4 Bisecting: 27 revisions left to test after this (roughly 5 steps) [d24cfcdb6285470316c71558722d30aa73c55be7] drivers/net/b44: Change to non-atomic bit operations on pwol_mask testing commit d24cfcdb6285470316c71558722d30aa73c55be7 with gcc (GCC) 8.1.0 kernel signature: 1b0ea1f4e32816c364303b40577238b02f5dccc581d81c23dd567d835c69c253 all runs: crashed: BUG: sleeping function called from invalid context in tpk_write # git bisect good d24cfcdb6285470316c71558722d30aa73c55be7 Bisecting: 15 revisions left to test after this (roughly 4 steps) [44d8703769f363593b41d51aeaac6ddeee8bc7da] tools lib: Fix builds when glibc contains strlcpy() testing commit 44d8703769f363593b41d51aeaac6ddeee8bc7da with gcc (GCC) 8.1.0 kernel signature: 18f03f6a30f3a9a19532cdc06af1163a75ed12b53c0a3b13dac1ac164998e7bd all runs: crashed: BUG: sleeping function called from invalid context in tpk_write # git bisect good 44d8703769f363593b41d51aeaac6ddeee8bc7da Bisecting: 7 revisions left to test after this (roughly 3 steps) [fb5e3b56c4c4cc7a83a5f8bd6e9869e53015e41c] media: dvb-usb/dvb-usb-urb.c: initialize actlen to 0 testing commit fb5e3b56c4c4cc7a83a5f8bd6e9869e53015e41c with gcc (GCC) 8.1.0 kernel signature: 655913a7fdf5f9f118e6c40146799f7045d1282219c83e256d8450b7f3a19cdf run #0: crashed: BUG: sleeping function called from invalid context in tpk_write run #1: crashed: BUG: sleeping function called from invalid context in tpk_write run #2: crashed: BUG: sleeping function called from invalid context in tpk_write run #3: crashed: BUG: sleeping function called from invalid context in tpk_write run #4: crashed: BUG: sleeping function called from invalid context in tpk_write run #5: crashed: BUG: sleeping function called from invalid context in tpk_write run #6: crashed: BUG: sleeping function called from invalid context in tpk_write run #7: crashed: BUG: sleeping function called from invalid context in tpk_write run #8: crashed: WARNING in tpk_write run #9: crashed: BUG: sleeping function called from invalid context in tpk_write # git bisect good fb5e3b56c4c4cc7a83a5f8bd6e9869e53015e41c Bisecting: 3 revisions left to test after this (roughly 2 steps) [c7d812223d2241b331e60df738918f05b93173ac] media: si470x-i2c: Move free() past last use of 'radio' testing commit c7d812223d2241b331e60df738918f05b93173ac with gcc (GCC) 8.1.0 kernel signature: 3c219cee0fce47db02ad8acc64e0fd3501e368e70daf4001ccfb0bc7a57e1331 all runs: OK # git bisect bad c7d812223d2241b331e60df738918f05b93173ac Bisecting: 1 revision left to test after this (roughly 1 step) [58e957b9c7c22e89188558c27437b6e9a2ddae3d] Bluetooth: Fix race condition in hci_release_sock() testing commit 58e957b9c7c22e89188558c27437b6e9a2ddae3d with gcc (GCC) 8.1.0 kernel signature: 81b6be2f7be5d8771cf6fb0d21d8aaccb95fcb0fbe0727845fa883787deeef43 all runs: OK # git bisect bad 58e957b9c7c22e89188558c27437b6e9a2ddae3d Bisecting: 0 revisions left to test after this (roughly 0 steps) [ab84fd0d3dc83277d6ab7246a6b2cd45ba924367] ttyprintk: fix a potential deadlock in interrupt context issue testing commit ab84fd0d3dc83277d6ab7246a6b2cd45ba924367 with gcc (GCC) 8.1.0 kernel signature: b48dac70d64a62cfa58f5fd281777835554cb3897edc4e5f0095fbeea7d346d2 all runs: OK # git bisect bad ab84fd0d3dc83277d6ab7246a6b2cd45ba924367 ab84fd0d3dc83277d6ab7246a6b2cd45ba924367 is the first bad commit commit ab84fd0d3dc83277d6ab7246a6b2cd45ba924367 Author: Zhenzhong Duan Date: Mon Jan 13 11:48:42 2020 +0800 ttyprintk: fix a potential deadlock in interrupt context issue commit 9a655c77ff8fc65699a3f98e237db563b37c439b upstream. tpk_write()/tpk_close() could be interrupted when holding a mutex, then in timer handler tpk_write() may be called again trying to acquire same mutex, lead to deadlock. Google syzbot reported this issue with CONFIG_DEBUG_ATOMIC_SLEEP enabled: BUG: sleeping function called from invalid context at kernel/locking/mutex.c:938 in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 0, name: swapper/1 1 lock held by swapper/1/0: ... Call Trace: dump_stack+0x197/0x210 ___might_sleep.cold+0x1fb/0x23e __might_sleep+0x95/0x190 __mutex_lock+0xc5/0x13c0 mutex_lock_nested+0x16/0x20 tpk_write+0x5d/0x340 resync_tnc+0x1b6/0x320 call_timer_fn+0x1ac/0x780 run_timer_softirq+0x6c3/0x1790 __do_softirq+0x262/0x98c irq_exit+0x19b/0x1e0 smp_apic_timer_interrupt+0x1a3/0x610 apic_timer_interrupt+0xf/0x20 See link https://syzkaller.appspot.com/bug?extid=2eeef62ee31f9460ad65 for more details. Fix it by using spinlock in process context instead of mutex and having interrupt disabled in critical section. Reported-by: syzbot+2eeef62ee31f9460ad65@syzkaller.appspotmail.com Signed-off-by: Zhenzhong Duan Cc: Arnd Bergmann Cc: Greg Kroah-Hartman Link: https://lore.kernel.org/r/20200113034842.435-1-zhenzhong.duan@gmail.com Signed-off-by: Greg Kroah-Hartman drivers/char/ttyprintk.c | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) culprit signature: b48dac70d64a62cfa58f5fd281777835554cb3897edc4e5f0095fbeea7d346d2 parent signature: 655913a7fdf5f9f118e6c40146799f7045d1282219c83e256d8450b7f3a19cdf revisions tested: 14, total time: 3h30m28.909844137s (build: 2h1m2.916331032s, test: 1h28m10.570363766s) first good commit: ab84fd0d3dc83277d6ab7246a6b2cd45ba924367 ttyprintk: fix a potential deadlock in interrupt context issue cc: ["arnd@arndb.de" "gregkh@linuxfoundation.org" "linux-kernel@vger.kernel.org" "zhenzhong.duan@gmail.com"]