bisecting fixing commit since f873db9acd3c92d4741bc3676c9eb511b2f9a6f6 building syzkaller on 6436ce4bcd8e2c7dcca0b171ac91f51e96d973f8 testing commit f873db9acd3c92d4741bc3676c9eb511b2f9a6f6 with gcc (GCC) 8.4.1 20210217 kernel signature: c196333d61055a51843447eddd8c71c128677bd015e04f7517dcaabfa414350b run #0: crashed: general protection fault in __queue_work run #1: crashed: WARNING: ODEBUG bug in bt_host_release run #2: crashed: WARNING: ODEBUG bug in bt_host_release run #3: crashed: WARNING: ODEBUG bug in bt_host_release run #4: crashed: WARNING: ODEBUG bug in bt_host_release run #5: OK run #6: crashed: WARNING: ODEBUG bug in bt_host_release run #7: OK run #8: OK run #9: OK run #10: OK run #11: OK run #12: OK run #13: OK run #14: OK run #15: OK run #16: OK run #17: OK run #18: OK run #19: OK reproducer seems to be flaky testing current HEAD 315d99318179b9cd5077ccc9f7f26a164c9fa998 testing commit 315d99318179b9cd5077ccc9f7f26a164c9fa998 with gcc (GCC) 10.2.1 20210217 kernel signature: 27e586a9e87289819f6cdc462997f6e704adab8466a1af94893d6575e5f6045e all runs: OK # git bisect start 315d99318179b9cd5077ccc9f7f26a164c9fa998 f873db9acd3c92d4741bc3676c9eb511b2f9a6f6 Bisecting: 32268 revisions left to test after this (roughly 15 steps) [8552d28e140110fc935b39a6bfaf33c8ce3a1ad5] Merge tag 'm68knommu-for-v5.11' of git://git.kernel.org/pub/scm/linux/kernel/git/gerg/m68knommu testing commit 8552d28e140110fc935b39a6bfaf33c8ce3a1ad5 with gcc (GCC) 10.2.1 20210217 kernel signature: abf423d9f660c65f4ae97d60adad0c57066e87f79f79f720771f0950e4d45d75 run #0: crashed: WARNING: ODEBUG bug in bt_host_release run #1: crashed: general protection fault in __queue_work run #2: crashed: WARNING: ODEBUG bug in bt_host_release run #3: crashed: WARNING: ODEBUG bug in bt_host_release run #4: crashed: general protection fault in __queue_work run #5: crashed: KASAN: use-after-free Read in __queue_work run #6: crashed: general protection fault in __queue_work run #7: crashed: KASAN: use-after-free Read in __queue_work run #8: crashed: WARNING: ODEBUG bug in bt_host_release run #9: crashed: KASAN: use-after-free Read in __queue_work run #10: crashed: general protection fault in __queue_work run #11: OK run #12: OK run #13: OK run #14: OK run #15: OK run #16: OK run #17: OK run #18: OK run #19: OK # git bisect good 8552d28e140110fc935b39a6bfaf33c8ce3a1ad5 Bisecting: 16134 revisions left to test after this (roughly 14 steps) [8a03dd925786bdc3834d56ccc980bb70668efa35] net: qrtr: Fix memory leak on qrtr_tx_wait failure testing commit 8a03dd925786bdc3834d56ccc980bb70668efa35 with gcc (GCC) 10.2.1 20210217 kernel signature: 4f23c22859b89a926809d7ea59dd7d598bb5d4505a117692ca00a8fbbd1e4b48 run #0: crashed: WARNING: ODEBUG bug in bt_host_release run #1: crashed: WARNING: ODEBUG bug in bt_host_release run #2: crashed: general protection fault in __queue_work run #3: crashed: KASAN: use-after-free Read in __queue_work run #4: crashed: WARNING: ODEBUG bug in bt_host_release run #5: crashed: WARNING: ODEBUG bug in bt_host_release run #6: crashed: WARNING: ODEBUG bug in bt_host_release run #7: crashed: WARNING: ODEBUG bug in bt_host_release run #8: crashed: WARNING: ODEBUG bug in bt_host_release run #9: crashed: WARNING: ODEBUG bug in bt_host_release run #10: crashed: WARNING: ODEBUG bug in bt_host_release run #11: OK run #12: OK run #13: OK run #14: crashed: WARNING: ODEBUG bug in bt_host_release run #15: OK run #16: OK run #17: OK run #18: OK run #19: OK # git bisect good 8a03dd925786bdc3834d56ccc980bb70668efa35 Bisecting: 8120 revisions left to test after this (roughly 13 steps) [c05a182bf45681c5529a58c71ce5647535b3ae7a] Merge tag 'for-5.13/libata-2021-04-27' of git://git.kernel.dk/linux-block testing commit c05a182bf45681c5529a58c71ce5647535b3ae7a with gcc (GCC) 10.2.1 20210217 kernel signature: 11f4cf2466bb2b126dd42712322cc5a397df2a7d84ec947b537d7e0bcae3628e all runs: OK # git bisect bad c05a182bf45681c5529a58c71ce5647535b3ae7a Bisecting: 4198 revisions left to test after this (roughly 12 steps) [37f00ab4a003f371f81e0eae76cf372f06dec780] Merge tag 'arm-drivers-5.13' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc testing commit 37f00ab4a003f371f81e0eae76cf372f06dec780 with gcc (GCC) 10.2.1 20210217 kernel signature: 90612fc2b0552b54ae64b1fde01d699aef17a0b108d93868ad315f1e210890f5 all runs: OK # git bisect bad 37f00ab4a003f371f81e0eae76cf372f06dec780 Bisecting: 1877 revisions left to test after this (roughly 11 steps) [8e3a3249502d8ff92d73d827fb41dd44c5a16f76] Merge tag 'char-misc-5.13-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc testing commit 8e3a3249502d8ff92d73d827fb41dd44c5a16f76 with gcc (GCC) 10.2.1 20210217 kernel signature: 9b71b9766d831b7eaf85fc6136b5dfdd2cb6693ec8a1de6e5bfe4d880fe70955 all runs: OK # git bisect bad 8e3a3249502d8ff92d73d827fb41dd44c5a16f76 Bisecting: 966 revisions left to test after this (roughly 10 steps) [7dd1ce1a526cb444bd2308c9fda52add4c532ac1] Merge tag 'tpmdd-next-v5.13' of git://git.kernel.org/pub/scm/linux/kernel/git/jarkko/linux-tpmdd testing commit 7dd1ce1a526cb444bd2308c9fda52add4c532ac1 with gcc (GCC) 10.2.1 20210217 kernel signature: 9b69753a6dfb5f7fa19c49c4116f92f7218c0f64fc65a21aca32c8ccfbdb9053 run #0: crashed: WARNING: ODEBUG bug in bt_host_release run #1: crashed: WARNING: ODEBUG bug in bt_host_release run #2: crashed: WARNING: ODEBUG bug in bt_host_release run #3: crashed: WARNING: ODEBUG bug in bt_host_release run #4: crashed: general protection fault in __queue_work run #5: crashed: WARNING: ODEBUG bug in bt_host_release run #6: crashed: general protection fault in __queue_work run #7: crashed: WARNING: ODEBUG bug in bt_host_release run #8: crashed: WARNING: ODEBUG bug in bt_host_release run #9: crashed: general protection fault in __queue_work run #10: crashed: WARNING: ODEBUG bug in bt_host_release run #11: crashed: WARNING: ODEBUG bug in bt_host_release run #12: crashed: WARNING: ODEBUG bug in bt_host_release run #13: crashed: WARNING: ODEBUG bug in bt_host_release run #14: OK run #15: crashed: WARNING: ODEBUG bug in bt_host_release run #16: OK run #17: OK run #18: OK run #19: crashed: WARNING: ODEBUG bug in bt_host_release # git bisect good 7dd1ce1a526cb444bd2308c9fda52add4c532ac1 Bisecting: 471 revisions left to test after this (roughly 9 steps) [31a24ae89c92d5533c049046a76c6a2d649efb72] Merge tag 'arm64-upstream' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux testing commit 31a24ae89c92d5533c049046a76c6a2d649efb72 with gcc (GCC) 10.2.1 20210217 kernel signature: b53eba3e06695a8c438f54f545a1e68ca2ba6e5a2451e5a606e02bf5373b9b84 run #0: crashed: WARNING: ODEBUG bug in bt_host_release run #1: crashed: general protection fault in __queue_work run #2: crashed: KASAN: use-after-free Read in __queue_work run #3: crashed: WARNING: ODEBUG bug in bt_host_release run #4: crashed: WARNING: ODEBUG bug in bt_host_release run #5: crashed: WARNING: ODEBUG bug in bt_host_release run #6: crashed: WARNING: ODEBUG bug in bt_host_release run #7: crashed: WARNING: ODEBUG bug in bt_host_release run #8: crashed: general protection fault in __queue_work run #9: crashed: WARNING: ODEBUG bug in bt_host_release run #10: crashed: WARNING: ODEBUG bug in bt_host_release run #11: crashed: WARNING: ODEBUG bug in bt_host_release run #12: crashed: WARNING: ODEBUG bug in bt_host_release run #13: crashed: KASAN: use-after-free Read in __queue_work run #14: crashed: general protection fault in __queue_work run #15: OK run #16: OK run #17: crashed: WARNING: ODEBUG bug in bt_host_release run #18: OK run #19: OK # git bisect good 31a24ae89c92d5533c049046a76c6a2d649efb72 Bisecting: 235 revisions left to test after this (roughly 8 steps) [12e66a172773320e66df29908d7533f4f4663938] habanalabs/gaudi: always use single-msi mode testing commit 12e66a172773320e66df29908d7533f4f4663938 with gcc (GCC) 10.2.1 20210217 kernel signature: e0366189e24ff1798891105edce2ea5c4ff53fed299290dc04d248a6f14412a5 run #0: crashed: general protection fault in __queue_work run #1: crashed: general protection fault in __queue_work run #2: crashed: WARNING: ODEBUG bug in bt_host_release run #3: crashed: WARNING: ODEBUG bug in bt_host_release run #4: crashed: WARNING: ODEBUG bug in bt_host_release run #5: crashed: KASAN: use-after-free Read in __queue_work run #6: crashed: WARNING: ODEBUG bug in bt_host_release run #7: crashed: WARNING: ODEBUG bug in bt_host_release run #8: crashed: WARNING: ODEBUG bug in bt_host_release run #9: crashed: general protection fault in __queue_work run #10: crashed: WARNING: ODEBUG bug in bt_host_release run #11: OK run #12: OK run #13: OK run #14: OK run #15: OK run #16: OK run #17: OK run #18: OK run #19: OK # git bisect good 12e66a172773320e66df29908d7533f4f4663938 Bisecting: 106 revisions left to test after this (roughly 7 steps) [90035c28f17d59be660b9992757d09853ab203ec] Merge tag 'platform-drivers-x86-v5.13-1' of git://git.kernel.org/pub/scm/linux/kernel/git/pdx86/platform-drivers-x86 testing commit 90035c28f17d59be660b9992757d09853ab203ec with gcc (GCC) 10.2.1 20210217 kernel signature: 592d5fb21601af7ac3b072826340ec8fbcf9a7b9f1aa13004b8bd217acd4452e run #0: crashed: WARNING: ODEBUG bug in bt_host_release run #1: crashed: general protection fault in __queue_work run #2: crashed: general protection fault in __queue_work run #3: crashed: WARNING: ODEBUG bug in bt_host_release run #4: crashed: WARNING: ODEBUG bug in bt_host_release run #5: crashed: WARNING: ODEBUG bug in bt_host_release run #6: crashed: KASAN: use-after-free Read in __queue_work run #7: crashed: WARNING: ODEBUG bug in bt_host_release run #8: crashed: WARNING: ODEBUG bug in bt_host_release run #9: crashed: WARNING: ODEBUG bug in bt_host_release run #10: crashed: WARNING: ODEBUG bug in bt_host_release run #11: OK run #12: OK run #13: crashed: WARNING: ODEBUG bug in corrupted run #14: OK run #15: OK run #16: crashed: WARNING: ODEBUG bug in bt_host_release run #17: OK run #18: OK run #19: OK # git bisect good 90035c28f17d59be660b9992757d09853ab203ec Bisecting: 57 revisions left to test after this (roughly 6 steps) [a503d1628c9c341dc5e1a26272e38182dca3e823] bus: mhi: fix typo in comments for struct mhi_channel_config testing commit a503d1628c9c341dc5e1a26272e38182dca3e823 with gcc (GCC) 10.2.1 20210217 kernel signature: 8b832d18ccbc63cf2fd116cfea76c5fef3cf9c63d79093cedc9c195d7c62028b run #0: crashed: general protection fault in __queue_work run #1: crashed: WARNING: ODEBUG bug in bt_host_release run #2: crashed: WARNING: ODEBUG bug in bt_host_release run #3: crashed: WARNING: ODEBUG bug in bt_host_release run #4: crashed: WARNING: ODEBUG bug in bt_host_release run #5: crashed: KASAN: use-after-free Read in __queue_work run #6: OK run #7: crashed: KASAN: use-after-free Read in __queue_work run #8: OK run #9: OK run #10: OK run #11: OK run #12: OK run #13: OK run #14: OK run #15: OK run #16: OK run #17: OK run #18: OK run #19: OK # git bisect good a503d1628c9c341dc5e1a26272e38182dca3e823 Bisecting: 28 revisions left to test after this (roughly 5 steps) [b21a57636c71c95deac98c9136ac91c975aa6e6c] dw-xdata-pcie: Fix documentation build warns testing commit b21a57636c71c95deac98c9136ac91c975aa6e6c with gcc (GCC) 10.2.1 20210217 kernel signature: 904c7c43d968e19c1a2d9cd9e72549d60bf08cbfec68680c114d36fe71dfbb9c run #0: crashed: general protection fault in __queue_work run #1: crashed: KASAN: use-after-free Read in __queue_work run #2: crashed: WARNING: ODEBUG bug in bt_host_release run #3: crashed: general protection fault in __queue_work run #4: crashed: general protection fault in __queue_work run #5: crashed: WARNING: ODEBUG bug in bt_host_release run #6: crashed: WARNING: ODEBUG bug in bt_host_release run #7: crashed: WARNING: ODEBUG bug in bt_host_release run #8: crashed: WARNING: ODEBUG bug in bt_host_release run #9: crashed: KASAN: use-after-free Read in __queue_work run #10: crashed: WARNING: ODEBUG bug in bt_host_release run #11: crashed: WARNING: ODEBUG bug in bt_host_release run #12: crashed: WARNING: ODEBUG bug in bt_host_release run #13: crashed: WARNING: ODEBUG bug in bt_host_release run #14: crashed: WARNING: ODEBUG bug in bt_host_release run #15: OK run #16: crashed: KASAN: use-after-free Read in __queue_work run #17: OK run #18: OK run #19: OK # git bisect good b21a57636c71c95deac98c9136ac91c975aa6e6c Bisecting: 14 revisions left to test after this (roughly 4 steps) [4615df5df23031120637baf0c4e4a20b1459737e] Merge tag 'icc-5.13-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/djakov/icc into char-misc-next testing commit 4615df5df23031120637baf0c4e4a20b1459737e with gcc (GCC) 10.2.1 20210217 kernel signature: 904c7c43d968e19c1a2d9cd9e72549d60bf08cbfec68680c114d36fe71dfbb9c run #0: crashed: WARNING: ODEBUG bug in bt_host_release run #1: crashed: WARNING: ODEBUG bug in bt_host_release run #2: crashed: WARNING: ODEBUG bug in bt_host_release run #3: crashed: general protection fault in __queue_work run #4: crashed: WARNING: ODEBUG bug in bt_host_release run #5: crashed: WARNING: ODEBUG bug in bt_host_release run #6: crashed: WARNING: ODEBUG bug in bt_host_release run #7: crashed: WARNING: ODEBUG bug in bt_host_release run #8: crashed: WARNING: ODEBUG bug in bt_host_release run #9: crashed: WARNING: ODEBUG bug in bt_host_release run #10: crashed: WARNING: ODEBUG bug in bt_host_release run #11: crashed: general protection fault in __queue_work run #12: OK run #13: OK run #14: OK run #15: OK run #16: OK run #17: OK run #18: OK run #19: OK # git bisect good 4615df5df23031120637baf0c4e4a20b1459737e Bisecting: 7 revisions left to test after this (roughly 3 steps) [9f7f2a5e01ab4ee56b6d9c0572536fe5fd56e376] intel_th: pci: Add Rocket Lake CPU support testing commit 9f7f2a5e01ab4ee56b6d9c0572536fe5fd56e376 with gcc (GCC) 10.2.1 20210217 kernel signature: 904c7c43d968e19c1a2d9cd9e72549d60bf08cbfec68680c114d36fe71dfbb9c run #0: crashed: WARNING: ODEBUG bug in bt_host_release run #1: crashed: WARNING: ODEBUG bug in bt_host_release run #2: crashed: WARNING: ODEBUG bug in bt_host_release run #3: crashed: general protection fault in __queue_work run #4: crashed: WARNING: ODEBUG bug in bt_host_release run #5: crashed: WARNING: ODEBUG bug in bt_host_release run #6: crashed: WARNING: ODEBUG bug in bt_host_release run #7: crashed: WARNING: ODEBUG bug in bt_host_release run #8: crashed: KASAN: use-after-free Read in __queue_work run #9: crashed: WARNING: ODEBUG bug in bt_host_release run #10: crashed: KASAN: use-after-free Read in __queue_work run #11: OK run #12: crashed: general protection fault in __queue_work run #13: OK run #14: OK run #15: OK run #16: OK run #17: OK run #18: OK run #19: OK # git bisect good 9f7f2a5e01ab4ee56b6d9c0572536fe5fd56e376 Bisecting: 3 revisions left to test after this (roughly 2 steps) [76b453873628946d4794964fee75835114e5f35b] phy: ti: j721e-wiz: Add missing include linux/slab.h testing commit 76b453873628946d4794964fee75835114e5f35b with gcc (GCC) 10.2.1 20210217 kernel signature: 904c7c43d968e19c1a2d9cd9e72549d60bf08cbfec68680c114d36fe71dfbb9c run #0: crashed: WARNING: ODEBUG bug in bt_host_release run #1: crashed: WARNING: ODEBUG bug in bt_host_release run #2: crashed: general protection fault in __queue_work run #3: crashed: WARNING: ODEBUG bug in bt_host_release run #4: crashed: WARNING: ODEBUG bug in bt_host_release run #5: crashed: general protection fault in __queue_work run #6: crashed: WARNING: ODEBUG bug in bt_host_release run #7: crashed: WARNING: ODEBUG bug in bt_host_release run #8: crashed: KASAN: use-after-free Read in __queue_work run #9: crashed: WARNING: ODEBUG bug in bt_host_release run #10: OK run #11: OK run #12: OK run #13: OK run #14: OK run #15: OK run #16: OK run #17: OK run #18: OK run #19: OK # git bisect good 76b453873628946d4794964fee75835114e5f35b Bisecting: 1 revision left to test after this (roughly 1 step) [9204ff94868496f2d9b8b173af52ec455160c364] coresight: etm-perf: Fix define build issue when built as module testing commit 9204ff94868496f2d9b8b173af52ec455160c364 with gcc (GCC) 10.2.1 20210217 kernel signature: 904c7c43d968e19c1a2d9cd9e72549d60bf08cbfec68680c114d36fe71dfbb9c run #0: crashed: WARNING: ODEBUG bug in bt_host_release run #1: crashed: WARNING: ODEBUG bug in bt_host_release run #2: crashed: WARNING: ODEBUG bug in bt_host_release run #3: crashed: WARNING: ODEBUG bug in bt_host_release run #4: crashed: WARNING: ODEBUG bug in bt_host_release run #5: crashed: WARNING: ODEBUG bug in bt_host_release run #6: crashed: WARNING: ODEBUG bug in bt_host_release run #7: crashed: WARNING: ODEBUG bug in netdev_run_todo run #8: crashed: WARNING: ODEBUG bug in bt_host_release run #9: crashed: WARNING: ODEBUG bug in bt_host_release run #10: crashed: WARNING: ODEBUG bug in bt_host_release run #11: crashed: WARNING: ODEBUG bug in bt_host_release run #12: crashed: WARNING: ODEBUG bug in bt_host_release run #13: crashed: WARNING: ODEBUG bug in bt_host_release run #14: OK run #15: OK run #16: crashed: WARNING: ODEBUG bug in bt_host_release run #17: OK run #18: OK run #19: OK # git bisect good 9204ff94868496f2d9b8b173af52ec455160c364 Bisecting: 0 revisions left to test after this (roughly 0 steps) [e2cb6b891ad2b8caa9131e3be70f45243df82a80] bluetooth: eliminate the potential race condition when removing the HCI controller testing commit e2cb6b891ad2b8caa9131e3be70f45243df82a80 with gcc (GCC) 10.2.1 20210217 kernel signature: cbb3be3d5487f0ea3e127d631590edf9a7a3140420c5d883ba52cba93736f553 all runs: OK # git bisect bad e2cb6b891ad2b8caa9131e3be70f45243df82a80 e2cb6b891ad2b8caa9131e3be70f45243df82a80 is the first bad commit commit e2cb6b891ad2b8caa9131e3be70f45243df82a80 Author: Lin Ma Date: Mon Apr 12 19:17:57 2021 +0800 bluetooth: eliminate the potential race condition when removing the HCI controller There is a possible race condition vulnerability between issuing a HCI command and removing the cont. Specifically, functions hci_req_sync() and hci_dev_do_close() can race each other like below: thread-A in hci_req_sync() | thread-B in hci_dev_do_close() | hci_req_sync_lock(hdev); test_bit(HCI_UP, &hdev->flags); | ... | test_and_clear_bit(HCI_UP, &hdev->flags) hci_req_sync_lock(hdev); | | In this commit we alter the sequence in function hci_req_sync(). Hence, the thread-A cannot issue th. Signed-off-by: Lin Ma Cc: Marcel Holtmann Fixes: 7c6a329e4447 ("[Bluetooth] Fix regression from using default link policy") Signed-off-by: Greg Kroah-Hartman net/bluetooth/hci_request.c | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) culprit signature: cbb3be3d5487f0ea3e127d631590edf9a7a3140420c5d883ba52cba93736f553 parent signature: 904c7c43d968e19c1a2d9cd9e72549d60bf08cbfec68680c114d36fe71dfbb9c Reproducer flagged being flaky revisions tested: 18, total time: 4h35m52.355232535s (build: 1h50m25.435952699s, test: 2h43m4.44502662s) first good commit: e2cb6b891ad2b8caa9131e3be70f45243df82a80 bluetooth: eliminate the potential race condition when removing the HCI controller recipients (to): ["davem@davemloft.net" "gregkh@linuxfoundation.org" "johan.hedberg@gmail.com" "kuba@kernel.org" "linma@zju.edu.cn" "linux-bluetooth@vger.kernel.org" "luiz.dentz@gmail.com" "marcel@holtmann.org" "netdev@vger.kernel.org"] recipients (cc): ["linux-kernel@vger.kernel.org"]