bisecting cause commit starting from a3fa7a101dcff93791d1b1bdb3affcad1410c8c1 building syzkaller on e2776ee417c18d6e0056b058f3b6055f65206ee9 testing commit a3fa7a101dcff93791d1b1bdb3affcad1410c8c1 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: 97b8eba14cac9f39467ec15a4397ddf53c31f7baf0c4341a828fb6b785d4e4b9 all runs: crashed: possible deadlock in rfcomm_sk_state_change testing release v5.14 testing commit 7d2a07b769330c34b4deabeed939325c77a7ec2f compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: 780e01b7faf9c44608128a56f47a36fee5b24072cfc0753fb40d3e64dac3817c all runs: OK # git bisect start a3fa7a101dcff93791d1b1bdb3affcad1410c8c1 7d2a07b769330c34b4deabeed939325c77a7ec2f Bisecting: 5330 revisions left to test after this (roughly 12 steps) [0d290223a6c77107b1c3988959e49279a8dafaba] Merge tag 'sound-5.15-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound testing commit 0d290223a6c77107b1c3988959e49279a8dafaba compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: 25a7ebe1d4ab6c94b0685330e36f7129a11fd8d119b16321c74b9fdc8a475fe7 run #0: crashed: KASAN: use-after-free Read in __d_alloc run #1: crashed: WARNING: ODEBUG bug in netdev_run_todo run #2: crashed: KASAN: use-after-free Read in __d_alloc run #3: crashed: INFO: task hung in rfcomm_run run #4: crashed: INFO: task hung in rfcomm_dlc_close run #5: crashed: INFO: task hung in rfcomm_run run #6: crashed: INFO: task hung in rfcomm_run run #7: crashed: INFO: task hung in rfcomm_run run #8: crashed: INFO: task hung in rfcomm_dlc_close run #9: crashed: INFO: task hung in rfcomm_run # git bisect bad 0d290223a6c77107b1c3988959e49279a8dafaba Bisecting: 3322 revisions left to test after this (roughly 11 steps) [29ce8f9701072fc221d9c38ad952de1a9578f95c] Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net testing commit 29ce8f9701072fc221d9c38ad952de1a9578f95c compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: b9d1c0341830ed7a03c10468f25361076d560de0d4f161dea145950f54faa07d all runs: crashed: possible deadlock in rfcomm_sk_state_change # git bisect bad 29ce8f9701072fc221d9c38ad952de1a9578f95c Bisecting: 951 revisions left to test after this (roughly 10 steps) [bed5a942e27e1df67250e27e1f2eb5ea2d4cc362] Merge tag 'mlx5-updates-2021-08-11' of git://git.kernel.org/pub/scm/linux/kernel/git/saeed/linux testing commit bed5a942e27e1df67250e27e1f2eb5ea2d4cc362 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: 97e2d528a698ebc29122dfabb72186bc17ba7ceb9e798bc7f17001759a28c825 run #0: basic kernel testing failed: failed to copy test binary to VM: failed to run ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "/tmp/syz-executor321092090" "root@10.128.0.224:./syz-executor321092090"]: exit status 1 Connection timed out during banner exchange Connection to 10.128.0.224 port 22 timed out lost connection run #1: basic kernel testing failed: failed to copy test binary to VM: failed to run ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "/tmp/syz-executor015243490" "root@10.128.15.203:./syz-executor015243490"]: exit status 1 Connection timed out during banner exchange Connection to 10.128.15.203 port 22 timed out lost connection run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect good bed5a942e27e1df67250e27e1f2eb5ea2d4cc362 Bisecting: 475 revisions left to test after this (roughly 9 steps) [38cbd6e77f85c7fbf5a34a0aebf9c3e6d01fc214] Merge branch 'lan7800-improvements' testing commit 38cbd6e77f85c7fbf5a34a0aebf9c3e6d01fc214 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: 1dd2230fe6ab11bc60f208459432b7ca12c8cbe0c57805d7c10656e3d244b9d6 all runs: crashed: possible deadlock in rfcomm_sk_state_change # git bisect bad 38cbd6e77f85c7fbf5a34a0aebf9c3e6d01fc214 Bisecting: 215 revisions left to test after this (roughly 8 steps) [e61fbee7be4b9566f8e8fcb15aadad0f17936c31] Merge tag 'for-net-next-2021-08-19' of git://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next testing commit e61fbee7be4b9566f8e8fcb15aadad0f17936c31 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: 7467540c73cf308243f9fcce902728470a2a7c889238795efa46a88ba39eb12a all runs: crashed: possible deadlock in rfcomm_sk_state_change # git bisect bad e61fbee7be4b9566f8e8fcb15aadad0f17936c31 Bisecting: 129 revisions left to test after this (roughly 7 steps) [371b90377e6041ddacbee59068ebdbff85774829] selftests: mptcp: set and print the fullmesh flag testing commit 371b90377e6041ddacbee59068ebdbff85774829 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: d45a9c8dde33d68551a629f0f06429031fd71d144284a1d89519148eea817753 all runs: OK # git bisect good 371b90377e6041ddacbee59068ebdbff85774829 Bisecting: 65 revisions left to test after this (roughly 6 steps) [f444fea7896dbc267249d27f604082a51b8efca2] Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net testing commit f444fea7896dbc267249d27f604082a51b8efca2 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: 10a60ac661ac073054788597f5443602e0405de4e10f312c7756aaab38d39731 all runs: OK # git bisect good f444fea7896dbc267249d27f604082a51b8efca2 Bisecting: 32 revisions left to test after this (roughly 5 steps) [53492a668e3b9b823fc9a3ba563a5d10fef32c03] Bluetooth: btintel: Add btintel data struct testing commit 53492a668e3b9b823fc9a3ba563a5d10fef32c03 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: c506270edf7a80f4921f98186e31c99ca5216e91db51f6c37763a6219f9724b2 run #0: basic kernel testing failed: failed to copy test binary to VM: failed to run ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "/tmp/syz-executor985142419" "root@10.128.15.207:./syz-executor985142419"]: exit status 1 Connection timed out during banner exchange Connection to 10.128.15.207 port 22 timed out lost connection run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect good 53492a668e3b9b823fc9a3ba563a5d10fef32c03 Bisecting: 16 revisions left to test after this (roughly 4 steps) [55981d3541812234e687062926ff199c83f79a39] Bluetooth: btusb: check conditions before enabling USB ALT 3 for WBS testing commit 55981d3541812234e687062926ff199c83f79a39 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: d056d2dabcc3cc3b3c16f97c716c8eaabafc6e7848ecb83d386dfa201040e22a run #0: basic kernel testing failed: BUG: sleeping function called from invalid context in stack_depot_save run #1: crashed: possible deadlock in rfcomm_sk_state_change run #2: crashed: possible deadlock in rfcomm_sk_state_change run #3: crashed: INFO: task hung in lock_sock_nested run #4: crashed: INFO: task hung in lock_sock_nested run #5: crashed: INFO: task hung in rfcomm_run run #6: crashed: INFO: task hung in rfcomm_run run #7: crashed: INFO: task hung in rfcomm_dlc_close run #8: crashed: INFO: task hung in rfcomm_dlc_close run #9: crashed: INFO: task hung in rfcomm_dlc_close # git bisect bad 55981d3541812234e687062926ff199c83f79a39 Bisecting: 7 revisions left to test after this (roughly 3 steps) [1804fdf6e494e5e2938c65d8391690b59bcff897] Bluetooth: btintel: Combine setting up MSFT extension testing commit 1804fdf6e494e5e2938c65d8391690b59bcff897 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: 5fb77de86cc89ca00ee15979c91ae8553c1d6bbd843da1052429751d313157eb run #0: crashed: BUG: sleeping function called from invalid context in stack_depot_save run #1: basic kernel testing failed: failed to copy test binary to VM: failed to run ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "/tmp/syz-executor256753490" "root@10.128.10.19:./syz-executor256753490"]: exit status 1 Connection timed out during banner exchange Connection to 10.128.10.19 port 22 timed out lost connection run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK reproducer seems to be flaky # git bisect bad 1804fdf6e494e5e2938c65d8391690b59bcff897 Bisecting: 3 revisions left to test after this (roughly 2 steps) [019a1caa7fd2c9bb689f9a15fe8cb1d53aa6d8b8] Bluetooth: btintel: Refactoring setup routine for bootloader devices testing commit 019a1caa7fd2c9bb689f9a15fe8cb1d53aa6d8b8 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: 12d11da6d2b6c034d28abd56ba75ad1385dfa35713be2590c807c973f4ca54b0 run #0: basic kernel testing failed: BUG: sleeping function called from invalid context in stack_depot_save run #1: basic kernel testing failed: failed to copy test binary to VM: failed to run ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "/tmp/syz-executor383409060" "root@10.128.15.209:./syz-executor383409060"]: exit status 1 Connection timed out during banner exchange Connection to 10.128.15.209 port 22 timed out lost connection run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK run #10: OK run #11: OK run #12: OK run #13: OK run #14: OK run #15: OK run #16: OK run #17: OK run #18: OK run #19: OK # git bisect good 019a1caa7fd2c9bb689f9a15fe8cb1d53aa6d8b8 Bisecting: 1 revision left to test after this (roughly 1 step) [0d8603b4ee0ce8b572da6de776172bf235dce1bd] Bluetooth: btintel: Clean the exported function to static testing commit 0d8603b4ee0ce8b572da6de776172bf235dce1bd compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: a52861552caa6a650b5ef4840607f6b5905a9008c0ceb634e7b873fb05e72927 all runs: OK # git bisect good 0d8603b4ee0ce8b572da6de776172bf235dce1bd Bisecting: 0 revisions left to test after this (roughly 0 steps) [c86c7285bb087b709e31f46e1aedeebb7e2a40d7] Bluetooth: btintel: Fix the legacy bootloader returns tlv based version testing commit c86c7285bb087b709e31f46e1aedeebb7e2a40d7 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: 6693000e84bf57122e76ed2d018859d30cdd46d6c6695d254c2849e304bf3821 run #0: basic kernel testing failed: BUG: sleeping function called from invalid context in stack_depot_save run #1: basic kernel testing failed: BUG: sleeping function called from invalid context in stack_depot_save run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK run #10: OK run #11: OK run #12: OK run #13: OK run #14: OK run #15: OK run #16: OK run #17: OK run #18: OK run #19: OK # git bisect good c86c7285bb087b709e31f46e1aedeebb7e2a40d7 1804fdf6e494e5e2938c65d8391690b59bcff897 is the first bad commit commit 1804fdf6e494e5e2938c65d8391690b59bcff897 Author: Tedd Ho-Jeong An Date: Wed Aug 4 17:32:19 2021 -0700 Bluetooth: btintel: Combine setting up MSFT extension This patch combines the setting up MSFT extension for the legacy and TLV based bootloader into the common function based on hw_variant. Signed-off-by: Tedd Ho-Jeong An Signed-off-by: Marcel Holtmann drivers/bluetooth/btintel.c | 41 +++++++++++++++++++++++++++++------------ 1 file changed, 29 insertions(+), 12 deletions(-) culprit signature: 5fb77de86cc89ca00ee15979c91ae8553c1d6bbd843da1052429751d313157eb parent signature: 6693000e84bf57122e76ed2d018859d30cdd46d6c6695d254c2849e304bf3821 Reproducer flagged being flaky revisions tested: 15, total time: 3h54m23.813245121s (build: 1h36m51.445832425s, test: 2h15m57.376539662s) first bad commit: 1804fdf6e494e5e2938c65d8391690b59bcff897 Bluetooth: btintel: Combine setting up MSFT extension recipients (to): ["johan.hedberg@gmail.com" "linux-bluetooth@vger.kernel.org" "luiz.dentz@gmail.com" "marcel@holtmann.org" "marcel@holtmann.org" "tedd.an@intel.com"] recipients (cc): ["linux-kernel@vger.kernel.org"] crash: BUG: sleeping function called from invalid context in stack_depot_save BUG: sleeping function called from invalid context at mm/page_alloc.c:5167 in_atomic(): 0, irqs_disabled(): 1, non_block: 0, pid: 10996, name: syz-executor.3 INFO: lockdep is turned off. irq event stamp: 0 hardirqs last enabled at (0): [<0000000000000000>] 0x0 hardirqs last disabled at (0): [] copy_process+0x1a69/0x6910 kernel/fork.c:2061 softirqs last enabled at (0): [] copy_process+0x1aa5/0x6910 kernel/fork.c:2065 softirqs last disabled at (0): [<0000000000000000>] 0x0 CPU: 0 PID: 10996 Comm: syz-executor.3 Not tainted 5.14.0-rc1-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x57/0x7d lib/dump_stack.c:105 ___might_sleep.cold+0x1f1/0x237 kernel/sched/core.c:9154 prepare_alloc_pages+0x3da/0x580 mm/page_alloc.c:5167 __alloc_pages+0x12f/0x500 mm/page_alloc.c:5363 stack_depot_save+0x39d/0x4e0 lib/stackdepot.c:303 save_stack+0x131/0x1a0 mm/page_owner.c:120 __set_page_owner+0x2e/0x250 mm/page_owner.c:181 prep_new_page mm/page_alloc.c:2433 [inline] __alloc_pages_bulk+0x8b9/0x1870 mm/page_alloc.c:5301 alloc_pages_bulk_array_node include/linux/gfp.h:557 [inline] vm_area_alloc_pages mm/vmalloc.c:2793 [inline] __vmalloc_area_node mm/vmalloc.c:2863 [inline] __vmalloc_node_range+0x2f6/0x7e0 mm/vmalloc.c:2966 alloc_thread_stack_node kernel/fork.c:245 [inline] dup_task_struct kernel/fork.c:875 [inline] copy_process+0x6e0/0x6910 kernel/fork.c:1952 kernel_clone+0xb8/0x7f0 kernel/fork.c:2509 __do_sys_fork+0x83/0xc0 kernel/fork.c:2572 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x4665f9 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007fd1106db188 EFLAGS: 00000246 ORIG_RAX: 0000000000000039 RAX: ffffffffffffffda RBX: 000000000056c038 RCX: 00000000004665f9 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 RBP: 00000000004bfcc4 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056c038 R13: 00007fff5c428def R14: 00007fd1106db300 R15: 0000000000022000