bisecting fixing commit since b98aebd298246df37b472c52a2ee1023256d02e3
building syzkaller on c59a7cd871bf29d123481b2e5b0bd739b064f15f
testing commit b98aebd298246df37b472c52a2ee1023256d02e3 with gcc (GCC) 8.1.0
kernel signature: 4b9028318d62e5b4b47188a7299d8ddaace26414
all runs: crashed: possible deadlock in mon_bin_vma_fault
testing current HEAD 84f5ad468100f86d70096799e4ee716a17c2962f
testing commit 84f5ad468100f86d70096799e4ee716a17c2962f with gcc (GCC) 8.1.0
kernel signature: 40e86470a9a774b3e081f08dc2ecdca2f92e846f
all runs: OK
# git bisect start 84f5ad468100f86d70096799e4ee716a17c2962f b98aebd298246df37b472c52a2ee1023256d02e3
Bisecting: 887 revisions left to test after this (roughly 10 steps)
[4308d2f4cffefc8f57a8e866bc7577f6bfeea59c] fs/ocfs2/dlm/dlmdebug.c: fix a sleep-in-atomic-context bug in dlm_print_one_mle()
testing commit 4308d2f4cffefc8f57a8e866bc7577f6bfeea59c with gcc (GCC) 8.1.0
kernel signature: 87162304c5889e9eb68d34cb2e310fd79966e430
all runs: crashed: possible deadlock in mon_bin_vma_fault
# git bisect good 4308d2f4cffefc8f57a8e866bc7577f6bfeea59c
Bisecting: 443 revisions left to test after this (roughly 9 steps)
[2c48b0da2b514a715591c5ed3819c8ae828b06e6] fuse: verify nlink
testing commit 2c48b0da2b514a715591c5ed3819c8ae828b06e6 with gcc (GCC) 8.1.0
kernel signature: 0a96758a9ef16bef29a7a60ba0d4670d18f5303b
all runs: crashed: possible deadlock in mon_bin_vma_fault
# git bisect good 2c48b0da2b514a715591c5ed3819c8ae828b06e6
Bisecting: 221 revisions left to test after this (roughly 8 steps)
[4580d7bfecd2e176decabd3013a21ae6f4ed6726] media: ov6650: Fix crop rectangle alignment not passed back
testing commit 4580d7bfecd2e176decabd3013a21ae6f4ed6726 with gcc (GCC) 8.1.0
kernel signature: 330350c738a568c14f390d3ce48e35f0cd0f8acc
all runs: OK
# git bisect bad 4580d7bfecd2e176decabd3013a21ae6f4ed6726
Bisecting: 110 revisions left to test after this (roughly 7 steps)
[f780a35182bf0c37668f734d2bbf8e5dd63d8713] quota: Check that quota is not dirty before release
testing commit f780a35182bf0c37668f734d2bbf8e5dd63d8713 with gcc (GCC) 8.1.0
kernel signature: 486cb8b08f32b09426b897012b0790786399308d
all runs: OK
# git bisect bad f780a35182bf0c37668f734d2bbf8e5dd63d8713
Bisecting: 55 revisions left to test after this (roughly 6 steps)
[19401ee0fb9e199e1ba01adb3c3da13163c2ee6a] USB: idmouse: fix interface sanity checks
testing commit 19401ee0fb9e199e1ba01adb3c3da13163c2ee6a with gcc (GCC) 8.1.0
kernel signature: 9213b36ad59e565a13a1a7f60668ab6cffe75d82
all runs: crashed: possible deadlock in mon_bin_vma_fault
# git bisect good 19401ee0fb9e199e1ba01adb3c3da13163c2ee6a
Bisecting: 27 revisions left to test after this (roughly 5 steps)
[365874a0eab5478d2d4f7b30e57bfc51dde7843c] blk-mq: avoid sysfs buffer overflow with too many CPU cores
testing commit 365874a0eab5478d2d4f7b30e57bfc51dde7843c with gcc (GCC) 8.1.0
kernel signature: 4f03d539decfbfa3cbc4bed04f4c9d773e344918
all runs: OK
# git bisect bad 365874a0eab5478d2d4f7b30e57bfc51dde7843c
Bisecting: 13 revisions left to test after this (roughly 4 steps)
[04e23c8fced1cb2e015ace155a4dd02c32fd1227] btrfs: record all roots for rename exchange on a subvol
testing commit 04e23c8fced1cb2e015ace155a4dd02c32fd1227 with gcc (GCC) 8.1.0
kernel signature: 986dbed4ddbff28be0192e0e02cf903d2920a22b
all runs: OK
# git bisect bad 04e23c8fced1cb2e015ace155a4dd02c32fd1227
Bisecting: 6 revisions left to test after this (roughly 3 steps)
[ef785dd3ca4407e06210645a332728a3f84b34c7] virtio-balloon: fix managed page counts when migrating pages between zones
testing commit ef785dd3ca4407e06210645a332728a3f84b34c7 with gcc (GCC) 8.1.0
kernel signature: 552b169e54783f493ff8f438496255a9e869b6d0
all runs: OK
# git bisect bad ef785dd3ca4407e06210645a332728a3f84b34c7
Bisecting: 3 revisions left to test after this (roughly 2 steps)
[2a275fa6ad522f6b48bce59617dcce1d4ef5ecd2] usb: core: urb: fix URB structure initialization function
testing commit 2a275fa6ad522f6b48bce59617dcce1d4ef5ecd2 with gcc (GCC) 8.1.0
kernel signature: 4b8e250da3c22fcfb2d4f77bf1c73631812c5647
all runs: crashed: possible deadlock in mon_bin_vma_fault
# git bisect good 2a275fa6ad522f6b48bce59617dcce1d4ef5ecd2
Bisecting: 1 revision left to test after this (roughly 1 step)
[3be0e56cd6a8ea11fd8ecfc5f52b5cc52a236213] tpm: add check after commands attribs tab allocation
testing commit 3be0e56cd6a8ea11fd8ecfc5f52b5cc52a236213 with gcc (GCC) 8.1.0
kernel signature: fc2125289076be8d78e50c0cc17e72327e65b6b2
all runs: OK
# git bisect bad 3be0e56cd6a8ea11fd8ecfc5f52b5cc52a236213
Bisecting: 0 revisions left to test after this (roughly 0 steps)
[d41971493d28edf2b916ad5201d8301a8513ed51] usb: mon: Fix a deadlock in usbmon between mmap and read
testing commit d41971493d28edf2b916ad5201d8301a8513ed51 with gcc (GCC) 8.1.0
kernel signature: 0f094ecd781d4809157d70209bd74a6e6e861206
all runs: OK
# git bisect bad d41971493d28edf2b916ad5201d8301a8513ed51
d41971493d28edf2b916ad5201d8301a8513ed51 is the first bad commit
commit d41971493d28edf2b916ad5201d8301a8513ed51
Author: Pete Zaitcev <zaitcev@redhat.com>
Date:   Wed Dec 4 20:39:41 2019 -0600

    usb: mon: Fix a deadlock in usbmon between mmap and read
    
    commit 19e6317d24c25ee737c65d1ffb7483bdda4bb54a upstream.
    
    The problem arises because our read() function grabs a lock of the
    circular buffer, finds something of interest, then invokes copy_to_user()
    straight from the buffer, which in turn takes mm->mmap_sem. In the same
    time, the callback mon_bin_vma_fault() is invoked under mm->mmap_sem.
    It attempts to take the fetch lock and deadlocks.
    
    This patch does away with protecting of our page list with any
    semaphores, and instead relies on the kernel not close the device
    while mmap is active in a process.
    
    In addition, we prohibit re-sizing of a buffer while mmap is active.
    This way, when (now unlocked) fault is processed, it works with the
    page that is intended to be mapped-in, and not some other random page.
    Note that this may have an ABI impact, but hopefully no legitimate
    program is this wrong.
    
    Signed-off-by: Pete Zaitcev <zaitcev@redhat.com>
    Reported-by: syzbot+56f9673bb4cdcbeb0e92@syzkaller.appspotmail.com
    Reviewed-by: Alan Stern <stern@rowland.harvard.edu>
    Fixes: 46eb14a6e158 ("USB: fix usbmon BUG trigger")
    Cc: <stable@vger.kernel.org>
    Link: https://lore.kernel.org/r/20191204203941.3503452b@suzdal.zaitcev.lan
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

 drivers/usb/mon/mon_bin.c | 32 +++++++++++++++++++++-----------
 1 file changed, 21 insertions(+), 11 deletions(-)
culprit signature: 0f094ecd781d4809157d70209bd74a6e6e861206
parent  signature: 4b8e250da3c22fcfb2d4f77bf1c73631812c5647
revisions tested: 13, total time: 3h33m28.162840824s (build: 1h47m9.76518647s, test: 1h44m25.170704812s)
first good commit: d41971493d28edf2b916ad5201d8301a8513ed51 usb: mon: Fix a deadlock in usbmon between mmap and read
cc: ["gregkh@linuxfoundation.org" "stern@rowland.harvard.edu" "zaitcev@redhat.com"]