bisecting fixing commit since 397a88b2cc869c823bf40bc403d36a62afec1edd building syzkaller on 06ed56cd22e24a55c40d152880b66b108834c8f2 testing commit 397a88b2cc869c823bf40bc403d36a62afec1edd with gcc (GCC) 8.4.1 20210217 kernel signature: 30abc1d596c26dcf67c0ea26e870084438d0838632cc93291c5f1733776c40b9 run #0: crashed: BUG: unable to handle kernel run #1: crashed: BUG: unable to handle kernel NULL pointer dereference in vhci_shutdown_connection run #2: crashed: BUG: unable to handle kernel NULL pointer dereference in vhci_shutdown_connection run #3: crashed: BUG: unable to handle kernel NULL pointer dereference in vhci_shutdown_connection run #4: crashed: BUG: unable to handle kernel NULL pointer dereference in vhci_shutdown_connection run #5: crashed: BUG: unable to handle kernel NULL pointer dereference in vhci_shutdown_connection run #6: crashed: BUG: unable to handle kernel NULL pointer dereference in vhci_shutdown_connection run #7: crashed: BUG: unable to handle kernel run #8: crashed: BUG: unable to handle kernel NULL pointer dereference in vhci_shutdown_connection run #9: crashed: BUG: unable to handle kernel NULL pointer dereference in vhci_shutdown_connection run #10: crashed: BUG: unable to handle kernel NULL pointer dereference in vhci_shutdown_connection run #11: crashed: BUG: unable to handle kernel run #12: crashed: BUG: unable to handle kernel run #13: crashed: BUG: unable to handle kernel NULL pointer dereference in vhci_shutdown_connection run #14: crashed: INFO: task hung in hub_port_init run #15: crashed: INFO: task hung in hub_port_init run #16: crashed: INFO: task hung in hub_port_init run #17: OK run #18: OK run #19: OK testing current HEAD cf256fbcbe347b7d0ff58fe2dfa382a156bd3694 testing commit cf256fbcbe347b7d0ff58fe2dfa382a156bd3694 with gcc (GCC) 8.4.1 20210217 kernel signature: b516d3bf4aecf9fd00de23b004cdefa27626e0436dd4823eeddf52d6cf4ae5dd all runs: OK # git bisect start cf256fbcbe347b7d0ff58fe2dfa382a156bd3694 397a88b2cc869c823bf40bc403d36a62afec1edd Bisecting: 199 revisions left to test after this (roughly 8 steps) [2d5025afb05b0bddaec0fea8ac12d3fb3c3d9c74] genirq: Disable interrupts for force threaded handlers testing commit 2d5025afb05b0bddaec0fea8ac12d3fb3c3d9c74 with gcc (GCC) 8.4.1 20210217 kernel signature: d3cb37f663d6ecb3d5b33da74767b33785ee5e041a691673c21593333056d64e run #0: crashed: general protection fault in try_to_wake_up run #1: crashed: general protection fault in try_to_wake_up run #2: crashed: general protection fault in try_to_wake_up run #3: crashed: general protection fault in try_to_wake_up run #4: crashed: general protection fault in try_to_wake_up run #5: crashed: general protection fault in try_to_wake_up run #6: crashed: general protection fault in try_to_wake_up run #7: crashed: general protection fault in try_to_wake_up run #8: crashed: general protection fault in try_to_wake_up run #9: OK # git bisect good 2d5025afb05b0bddaec0fea8ac12d3fb3c3d9c74 Bisecting: 99 revisions left to test after this (roughly 7 steps) [8fb4f3e42f2087d5da7146a3b02bf28b0cdcfd43] extcon: Add stubs for extcon_register_notifier_all() functions testing commit 8fb4f3e42f2087d5da7146a3b02bf28b0cdcfd43 with gcc (GCC) 8.4.1 20210217 kernel signature: a39ba38600d6e8b1b09b1452b08364aba881777d3c4a3d6a5a34693f3fb68206 run #0: crashed: general protection fault in try_to_wake_up run #1: crashed: general protection fault in try_to_wake_up run #2: crashed: general protection fault in try_to_wake_up run #3: crashed: general protection fault in try_to_wake_up run #4: crashed: general protection fault in try_to_wake_up run #5: crashed: general protection fault in try_to_wake_up run #6: crashed: general protection fault in try_to_wake_up run #7: crashed: general protection fault in try_to_wake_up run #8: OK run #9: OK # git bisect good 8fb4f3e42f2087d5da7146a3b02bf28b0cdcfd43 Bisecting: 49 revisions left to test after this (roughly 6 steps) [fbf3417833b0fb3a2a00377e50622551aaedc0e5] usbip: stub-dev synchronize sysfs code paths testing commit fbf3417833b0fb3a2a00377e50622551aaedc0e5 with gcc (GCC) 8.4.1 20210217 kernel signature: 9828dbc9ebea085b0135061f84d2a0c74b377b9ac310e4c1c5a0457734115946 run #0: crashed: general protection fault in try_to_wake_up run #1: crashed: general protection fault in try_to_wake_up run #2: crashed: general protection fault in try_to_wake_up run #3: crashed: general protection fault in try_to_wake_up run #4: crashed: general protection fault in try_to_wake_up run #5: crashed: general protection fault in try_to_wake_up run #6: crashed: general protection fault in try_to_wake_up run #7: OK run #8: OK run #9: OK # git bisect good fbf3417833b0fb3a2a00377e50622551aaedc0e5 Bisecting: 24 revisions left to test after this (roughly 5 steps) [d4a8169615a0ed1c8c7085871ccd58f51333b74d] net/ncsi: Avoid GFP_KERNEL in response handler testing commit d4a8169615a0ed1c8c7085871ccd58f51333b74d with gcc (GCC) 8.4.1 20210217 kernel signature: d3b6b39d1d562d4be60b9858b1c8dd64e8c38d0798ec2a156b7452dcc2ead418 all runs: OK # git bisect bad d4a8169615a0ed1c8c7085871ccd58f51333b74d Bisecting: 12 revisions left to test after this (roughly 4 steps) [bf59100b96090b3fd6cf243e018177645547df61] soc/fsl: qbman: fix conflicting alignment attributes testing commit bf59100b96090b3fd6cf243e018177645547df61 with gcc (GCC) 8.4.1 20210217 kernel signature: 9c73e3627fa16e56721bca3ee183784f68955614f8203b0c16e05f55716bdb09 all runs: OK # git bisect bad bf59100b96090b3fd6cf243e018177645547df61 Bisecting: 5 revisions left to test after this (roughly 3 steps) [a4173e6b7ba3b6cc712ed422bb16a1bd8773d8c4] sch_red: fix off-by-one checks in red_check_params() testing commit a4173e6b7ba3b6cc712ed422bb16a1bd8773d8c4 with gcc (GCC) 8.4.1 20210217 kernel signature: 0a5eceee601cd5e2a73309475a2a6ebdc61ee2d6ffad5c1457c0a80f2cc127ce all runs: OK # git bisect bad a4173e6b7ba3b6cc712ed422bb16a1bd8773d8c4 Bisecting: 2 revisions left to test after this (roughly 2 steps) [e3b12e7336b770f4099f7e334e32ef54a5d5e4ee] regulator: bd9571mwv: Fix AVS and DVFS voltage range testing commit e3b12e7336b770f4099f7e334e32ef54a5d5e4ee with gcc (GCC) 8.4.1 20210217 kernel signature: 57344091b96ec3fec569e53226e421706c3dbdbf93cad809bb304163e72948d9 all runs: OK # git bisect bad e3b12e7336b770f4099f7e334e32ef54a5d5e4ee Bisecting: 0 revisions left to test after this (roughly 1 step) [d1e0d46fb15891278d77823232fcf3e3fb8448cf] i2c: turn recovery error on init to debug testing commit d1e0d46fb15891278d77823232fcf3e3fb8448cf with gcc (GCC) 8.4.1 20210217 kernel signature: 57344091b96ec3fec569e53226e421706c3dbdbf93cad809bb304163e72948d9 all runs: OK # git bisect bad d1e0d46fb15891278d77823232fcf3e3fb8448cf Bisecting: 0 revisions left to test after this (roughly 0 steps) [534d2cf487b972b2c039bfc55898a7edc2b0ea45] usbip: synchronize event handler with sysfs code paths testing commit 534d2cf487b972b2c039bfc55898a7edc2b0ea45 with gcc (GCC) 8.4.1 20210217 kernel signature: 90826682b232591341675ddacc0b470a4ef3586ad0dfbc1390e9455057d818fa all runs: OK # git bisect bad 534d2cf487b972b2c039bfc55898a7edc2b0ea45 534d2cf487b972b2c039bfc55898a7edc2b0ea45 is the first bad commit commit 534d2cf487b972b2c039bfc55898a7edc2b0ea45 Author: Shuah Khan Date: Mon Mar 29 19:36:51 2021 -0600 usbip: synchronize event handler with sysfs code paths commit 363eaa3a450abb4e63bd6e3ad79d1f7a0f717814 upstream. Fuzzing uncovered race condition between sysfs code paths in usbip drivers. Device connect/disconnect code paths initiated through sysfs interface are prone to races if disconnect happens during connect and vice versa. Use sysfs_lock to synchronize event handler with sysfs paths in usbip drivers. Cc: stable@vger.kernel.org Reported-and-tested-by: syzbot+a93fba6d384346a761e3@syzkaller.appspotmail.com Signed-off-by: Shuah Khan Link: https://lore.kernel.org/r/c5c8723d3f29dfe3d759cfaafa7dd16b0dfe2918.1616807117.git.skhan@linuxfoundation.org Signed-off-by: Greg Kroah-Hartman drivers/usb/usbip/usbip_event.c | 2 ++ 1 file changed, 2 insertions(+) culprit signature: 90826682b232591341675ddacc0b470a4ef3586ad0dfbc1390e9455057d818fa parent signature: 9828dbc9ebea085b0135061f84d2a0c74b377b9ac310e4c1c5a0457734115946 revisions tested: 11, total time: 2h51m49.598177887s (build: 1h16m50.761746547s, test: 1h34m3.826333196s) first good commit: 534d2cf487b972b2c039bfc55898a7edc2b0ea45 usbip: synchronize event handler with sysfs code paths recipients (to): ["gregkh@linuxfoundation.org" "skhan@linuxfoundation.org" "syzbot+a93fba6d384346a761e3@syzkaller.appspotmail.com"] recipients (cc): []