bisecting fixing commit since 645ff1e8e704c4f33ab1fcd3c87f95cb9b6d7144 building syzkaller on 7da2392541a49c3f17b2e7d24e04b84d72b965fb testing commit 645ff1e8e704c4f33ab1fcd3c87f95cb9b6d7144 with gcc (GCC) 8.1.0 kernel signature: bbf6e10d76defcb9965de5fdd691c9440ae3901f8794df70d76d2d5367530c47 run #0: crashed: KASAN: use-after-free Read in put_device run #1: crashed: KASAN: use-after-free Write in hci_sock_release run #2: crashed: KASAN: use-after-free Read in put_device run #3: crashed: KASAN: use-after-free Read in put_device run #4: crashed: KASAN: use-after-free Read in put_device run #5: crashed: KASAN: use-after-free Write in hci_sock_release run #6: crashed: KASAN: use-after-free Read in put_device run #7: crashed: KASAN: use-after-free Read in put_device run #8: crashed: WARNING in kernfs_get run #9: crashed: KASAN: use-after-free Read in put_device testing current HEAD 12bf0b632ed090358cbf03e323e5342212d0b2e4 testing commit 12bf0b632ed090358cbf03e323e5342212d0b2e4 with gcc (GCC) 8.1.0 kernel signature: 06f9c140faba3d61f7952a8d9b9f6747c36e04b82f8b862f08d881e90538f76c run #0: basic kernel testing failed: failed to copy test binary to VM: failed to run ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "-i" "/syzkaller/jobs/linux/workdir/image/key" "/tmp/syz-executor020923752" "root@10.128.10.24:./syz-executor020923752"]: exit status 1 Connection timed out during banner exchange lost connection run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect start 12bf0b632ed090358cbf03e323e5342212d0b2e4 645ff1e8e704c4f33ab1fcd3c87f95cb9b6d7144 Bisecting: 54041 revisions left to test after this (roughly 16 steps) [8b53c76533aa4356602aea98f98a2f3b4051464c] Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 testing commit 8b53c76533aa4356602aea98f98a2f3b4051464c with gcc (GCC) 8.1.0 kernel signature: 818562fb4dc7dbf1c48e9765a11b72238bd93324d46e1495e98e5b026d387df5 all runs: crashed: BUG: MAX_LOCKDEP_CHAIN_HLOCKS too low! # git bisect good 8b53c76533aa4356602aea98f98a2f3b4051464c Bisecting: 27020 revisions left to test after this (roughly 15 steps) [00ea2fb7274f568cd982a5958c66cab578aada25] net: sched: pie: fix alignment in struct instances testing commit 00ea2fb7274f568cd982a5958c66cab578aada25 with gcc (GCC) 8.1.0 kernel signature: 8756251f588305392c587313401dae7a4c50aa5100a4f9f2d3b7a6cb580afa72 all runs: crashed: BUG: MAX_LOCKDEP_CHAIN_HLOCKS too low! # git bisect good 00ea2fb7274f568cd982a5958c66cab578aada25 Bisecting: 13510 revisions left to test after this (roughly 14 steps) [c58b1558a7474fea6c914f061fab9121f10e38bb] Merge branch 'bpf_sk_assign' testing commit c58b1558a7474fea6c914f061fab9121f10e38bb with gcc (GCC) 8.1.0 kernel signature: b69fd1c68b7314328f0adc4bb48c01b0afd08c9a8e7e5adc1c0abc115c3b134b all runs: crashed: BUG: MAX_LOCKDEP_CHAIN_HLOCKS too low! # git bisect good c58b1558a7474fea6c914f061fab9121f10e38bb Bisecting: 6752 revisions left to test after this (roughly 13 steps) [919dce24701f7b34681a6a1d3ef95c9f6c4fb1cc] Merge tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma testing commit 919dce24701f7b34681a6a1d3ef95c9f6c4fb1cc with gcc (GCC) 8.1.0 kernel signature: cd60b38a62b149ea7205a7c04ed46f8b306cd5992c9d8ccb6fb68b40ce04ddb3 all runs: OK # git bisect bad 919dce24701f7b34681a6a1d3ef95c9f6c4fb1cc Bisecting: 3363 revisions left to test after this (roughly 12 steps) [15c981d16d70e8a5be297fa4af07a64ab7e080ed] Merge tag 'for-5.7-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux testing commit 15c981d16d70e8a5be297fa4af07a64ab7e080ed with gcc (GCC) 8.1.0 kernel signature: bee14c110c482e8d01c85f4f68fa24432938028314af445995f886f3b1bcadfd all runs: OK # git bisect bad 15c981d16d70e8a5be297fa4af07a64ab7e080ed Bisecting: 1797 revisions left to test after this (roughly 11 steps) [59838093be51ee9447f6ad05483d697b6fa0368d] Merge tag 'driver-core-5.7-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core testing commit 59838093be51ee9447f6ad05483d697b6fa0368d with gcc (GCC) 8.1.0 kernel signature: 9bd22a1646505f88886024633ac6329a58d534e15bd9abbb3fd1454f16d258ad all runs: crashed: BUG: MAX_LOCKDEP_CHAIN_HLOCKS too low! # git bisect good 59838093be51ee9447f6ad05483d697b6fa0368d Bisecting: 901 revisions left to test after this (roughly 10 steps) [a776c270a0b2fad6715cb714187e4290cadb9237] Merge branch 'efi-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip testing commit a776c270a0b2fad6715cb714187e4290cadb9237 with gcc (GCC) 8.1.0 kernel signature: 6d07e6a2522942ef1ac0a79c1800e698a8b63ead83e211b5e7f8d201d45e6c69 all runs: crashed: BUG: MAX_LOCKDEP_CHAIN_HLOCKS too low! # git bisect good a776c270a0b2fad6715cb714187e4290cadb9237 Bisecting: 439 revisions left to test after this (roughly 9 steps) [58233ccf94607c1df2c545b689c52c0b002f054e] Merge tag 'm68k-for-v5.7-tag1' of git://git.kernel.org/pub/scm/linux/kernel/git/geert/linux-m68k testing commit 58233ccf94607c1df2c545b689c52c0b002f054e with gcc (GCC) 8.1.0 kernel signature: 70d803331d03e2f1df082ccbfce3110caaf4487968eb9a3ca51cb8b0bc372ce4 all runs: OK # git bisect bad 58233ccf94607c1df2c545b689c52c0b002f054e Bisecting: 242 revisions left to test after this (roughly 8 steps) [673b41e04a035d760bc0aff83fa9ee24fd9c2779] staging/octeon: fix up merge error testing commit 673b41e04a035d760bc0aff83fa9ee24fd9c2779 with gcc (GCC) 8.1.0 kernel signature: c9b647b3130b9b505ad6a31746a377dd35d4c6f0a8e3bc0653b7b67275b747fc all runs: OK # git bisect bad 673b41e04a035d760bc0aff83fa9ee24fd9c2779 Bisecting: 123 revisions left to test after this (roughly 7 steps) [629b3df7ecb01fddfdf71cb5d3c563d143117c33] Merge branch 'x86/cpu' into perf/core, to resolve conflict testing commit 629b3df7ecb01fddfdf71cb5d3c563d143117c33 with gcc (GCC) 8.1.0 kernel signature: 64164a4864d88eb4549d03e35183dce5946e92aa075e476cf1889a0f2745d06f all runs: crashed: BUG: MAX_LOCKDEP_CHAIN_HLOCKS too low! # git bisect good 629b3df7ecb01fddfdf71cb5d3c563d143117c33 Bisecting: 61 revisions left to test after this (roughly 6 steps) [9c40365a65d62d7c06a95fb331b3442cb02d2fd9] threads: Update PID limit comment according to futex UAPI change testing commit 9c40365a65d62d7c06a95fb331b3442cb02d2fd9 with gcc (GCC) 8.1.0 kernel signature: b4184b58cb5c419dac283bd1e2fc180bd92f16bc2a0fa06eb9f0305027f21ca7 all runs: crashed: BUG: MAX_LOCKDEP_CHAIN_HLOCKS too low! # git bisect good 9c40365a65d62d7c06a95fb331b3442cb02d2fd9 Bisecting: 30 revisions left to test after this (roughly 5 steps) [6f28b46c4f93b4b4632e8f598c4f796244851a58] ia64: Remove mm.h from asm/uaccess.h testing commit 6f28b46c4f93b4b4632e8f598c4f796244851a58 with gcc (GCC) 8.1.0 kernel signature: 68d9e39398b3e6d9dc43e3c5105825045529476c98b9bbbaae031cd52a996e14 run #0: crashed: WARNING: locking bug in hci_sock_dev_event run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect good 6f28b46c4f93b4b4632e8f598c4f796244851a58 Bisecting: 17 revisions left to test after this (roughly 4 steps) [9e860351550b28901a78f122b1e2dc97f78ba369] m68knommu: Remove mm.h include from uaccess_no.h testing commit 9e860351550b28901a78f122b1e2dc97f78ba369 with gcc (GCC) 8.1.0 kernel signature: 72c3a6fbddb6e2e0187a7a1d3a0e6062656d659a70d97f89fbab8c49d1670a3c run #0: crashed: KASAN: use-after-free Read in create_monitor_ctrl_close run #1: crashed: WARNING: locking bug in hci_sock_dev_event run #2: basic kernel testing failed: failed to copy test binary to VM: failed to run ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "-i" "/syzkaller/jobs/linux/workdir/image/key" "/tmp/syz-executor181749786" "root@10.128.0.243:./syz-executor181749786"]: exit status 1 Connection timed out during banner exchange lost connection run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect good 9e860351550b28901a78f122b1e2dc97f78ba369 Bisecting: 8 revisions left to test after this (roughly 3 steps) [cf226c42b2d66b0f60d18fc2e44e68091fee6cef] Merge branch 'uaccess.futex' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs into locking/core testing commit cf226c42b2d66b0f60d18fc2e44e68091fee6cef with gcc (GCC) 8.1.0 kernel signature: 62cd54e2f33c274ab5219efa8af744b93d8c49ee18fd0d49ecccea5a75beedd3 run #0: crashed: WARNING: locking bug in hci_sock_dev_event run #1: boot failed: can't ssh into the instance run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect good cf226c42b2d66b0f60d18fc2e44e68091fee6cef Bisecting: 4 revisions left to test after this (roughly 2 steps) [f1e67e355c2aafeddf1eac31335709236996d2fe] fs/buffer: Make BH_Uptodate_Lock bit_spin_lock a regular spinlock_t testing commit f1e67e355c2aafeddf1eac31335709236996d2fe with gcc (GCC) 8.1.0 kernel signature: 84ca4d2878b1d8fc1b2b15b7d020a0e50d82d57f80e8ac257e6f7b8f91918eef run #0: basic kernel testing failed: failed to copy test binary to VM: failed to run ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "-i" "/syzkaller/jobs/linux/workdir/image/key" "/tmp/syz-executor045694747" "root@10.128.15.203:./syz-executor045694747"]: exit status 1 Connection timed out during banner exchange lost connection run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect bad f1e67e355c2aafeddf1eac31335709236996d2fe Bisecting: 1 revision left to test after this (roughly 1 step) [51e69e6551a8c6fffe0185ba305bb4e2d7223616] Documentation/locking/locktypes: Minor copy editor fixes testing commit 51e69e6551a8c6fffe0185ba305bb4e2d7223616 with gcc (GCC) 8.1.0 kernel signature: 2e27b6d2df28278f2aa47aa34233caf94aa9321b2c157e2e4e17b20f536ea3a0 run #0: crashed: WARNING: locking bug in hci_sock_dev_event run #1: basic kernel testing failed: failed to copy test binary to VM: failed to run ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "-i" "/syzkaller/jobs/linux/workdir/image/key" "/tmp/syz-executor892307921" "root@10.128.15.195:./syz-executor892307921"]: exit status 1 Connection timed out during banner exchange lost connection run #2: OK run #3: OK run #4: OK run #5: OK run #6: crashed: WARNING: locking bug in hci_sock_dev_event run #7: OK run #8: OK run #9: OK # git bisect good 51e69e6551a8c6fffe0185ba305bb4e2d7223616 Bisecting: 0 revisions left to test after this (roughly 0 steps) [fc32150e6f43d6cb93ea75937bb6a88a1764cc37] thermal/x86_pkg_temp: Make pkg_temp_lock a raw_spinlock_t testing commit fc32150e6f43d6cb93ea75937bb6a88a1764cc37 with gcc (GCC) 8.1.0 kernel signature: 1cc248f12c82ed7713ecfb33b3fbadb4e4cde27315c88e71cccb040197dde34f run #0: crashed: WARNING: locking bug in hci_sock_dev_event run #1: basic kernel testing failed: failed to copy test binary to VM: failed to run ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "-i" "/syzkaller/jobs/linux/workdir/image/key" "/tmp/syz-executor580444196" "root@10.128.0.40:./syz-executor580444196"]: exit status 1 Connection timed out during banner exchange lost connection run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect good fc32150e6f43d6cb93ea75937bb6a88a1764cc37 f1e67e355c2aafeddf1eac31335709236996d2fe is the first bad commit commit f1e67e355c2aafeddf1eac31335709236996d2fe Author: Thomas Gleixner Date: Mon Nov 18 14:28:24 2019 +0100 fs/buffer: Make BH_Uptodate_Lock bit_spin_lock a regular spinlock_t Bit spinlocks are problematic if PREEMPT_RT is enabled, because they disable preemption, which is undesired for latency reasons and breaks when regular spinlocks are taken within the bit_spinlock locked region because regular spinlocks are converted to 'sleeping spinlocks' on RT. PREEMPT_RT replaced the bit spinlocks with regular spinlocks to avoid this problem. The replacement was done conditionaly at compile time, but Christoph requested to do an unconditional conversion. Jan suggested to move the spinlock into a existing padding hole which avoids a size increase of struct buffer_head on production kernels. As a benefit the lock gains lockdep coverage. [ bigeasy: Remove the wrapper and use always spinlock_t and move it into the padding hole ] Signed-off-by: Thomas Gleixner Signed-off-by: Sebastian Andrzej Siewior Signed-off-by: Thomas Gleixner Reviewed-by: Jan Kara Cc: Christoph Hellwig Link: https://lkml.kernel.org/r/20191118132824.rclhrbujqh4b4g4d@linutronix.de fs/buffer.c | 19 +++++++------------ fs/ext4/page-io.c | 8 +++----- fs/ntfs/aops.c | 9 +++------ include/linux/buffer_head.h | 6 +++--- 4 files changed, 16 insertions(+), 26 deletions(-) culprit signature: 84ca4d2878b1d8fc1b2b15b7d020a0e50d82d57f80e8ac257e6f7b8f91918eef parent signature: 1cc248f12c82ed7713ecfb33b3fbadb4e4cde27315c88e71cccb040197dde34f revisions tested: 19, total time: 4h33m48.583919259s (build: 1h50m2.812392083s, test: 2h41m32.240060717s) first good commit: f1e67e355c2aafeddf1eac31335709236996d2fe fs/buffer: Make BH_Uptodate_Lock bit_spin_lock a regular spinlock_t cc: ["bigeasy@linutronix.de" "jack@suse.cz" "tglx@linutronix.de"]