bisecting fixing commit since dc4ba5be1babd3b3ec905751a30df89a5899a7a9
building syzkaller on 0342f8c7bc656ea8ee3c45e49edeb4ee9cc12cce
testing commit dc4ba5be1babd3b3ec905751a30df89a5899a7a9 with gcc (GCC) 8.1.0
kernel signature: 457e88029018cc9e1149fab79f6148c85608113e8eda86e8327afd50f5a967d3
all runs: crashed: KASAN: use-after-free Read in tcp_check_sack_reordering
testing current HEAD 9b15f7fae677336e04b9e026ff91854e43165455
testing commit 9b15f7fae677336e04b9e026ff91854e43165455 with gcc (GCC) 8.1.0
kernel signature: f2dca17bed9eaee0bdc57dc4fe88075a253ab5e21bf42587bcddfd47ba968874
all runs: OK
# git bisect start 9b15f7fae677336e04b9e026ff91854e43165455 dc4ba5be1babd3b3ec905751a30df89a5899a7a9
Bisecting: 605 revisions left to test after this (roughly 9 steps)
[9f14acadf13bf945521681caf295c0e3d0e2523c] ASoC: wm8737: Fix copy-paste error in wm8737_snd_controls
testing commit 9f14acadf13bf945521681caf295c0e3d0e2523c with gcc (GCC) 8.1.0
kernel signature: 7af359f4b272f52c98e855d924baafce421017925c0eb1370e4d460fdd62cc18
all runs: crashed: KASAN: use-after-free Read in tcp_check_sack_reordering
# git bisect good 9f14acadf13bf945521681caf295c0e3d0e2523c
Bisecting: 302 revisions left to test after this (roughly 8 steps)
[8f1c7fe1d57e37d03107c75f5deaa6ead31b8a4d] tomoyo: Use atomic_t for statistics counter
testing commit 8f1c7fe1d57e37d03107c75f5deaa6ead31b8a4d with gcc (GCC) 8.1.0
kernel signature: 2b3c384da7ff214004681806e1b5a23d1a68185ade5624b16c68ccd715f5db6d
run #0: crashed: WARNING: ODEBUG bug in netdev_freemem
run #1: OK
run #2: OK
run #3: OK
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
# git bisect good 8f1c7fe1d57e37d03107c75f5deaa6ead31b8a4d
Bisecting: 151 revisions left to test after this (roughly 7 steps)
[ede3b2392d527da83ef2bc76f0ff2b7795bfe21c] crypto: atmel-aes - Fix counter overflow in CTR mode
testing commit ede3b2392d527da83ef2bc76f0ff2b7795bfe21c with gcc (GCC) 8.1.0
kernel signature: 3642c140bc1ff720c01643d9767846329dfc2dc64c7d4c0c61206a14713a06d5
all runs: OK
# git bisect bad ede3b2392d527da83ef2bc76f0ff2b7795bfe21c
Bisecting: 75 revisions left to test after this (roughly 6 steps)
[dba85332fdba4ce3f94a9c8e1137b8b29b06facb] rxrpc: Fix insufficient receive notification generation
testing commit dba85332fdba4ce3f94a9c8e1137b8b29b06facb with gcc (GCC) 8.1.0
kernel signature: 54e1ee691380941c4f1f259a7e19b6f7ed14619868032bb4d1959b67f841bba2
all runs: OK
# git bisect bad dba85332fdba4ce3f94a9c8e1137b8b29b06facb
Bisecting: 37 revisions left to test after this (roughly 5 steps)
[3ac901fc064ddcfbe3e24af4a25f67ee182e4581] tee: optee: Fix compilation issue with nommu
testing commit 3ac901fc064ddcfbe3e24af4a25f67ee182e4581 with gcc (GCC) 8.1.0
kernel signature: 3b558d1a9ce4678ecc2ac000334c7830f28d19f8501e6b145f262160105d6140
all runs: OK
# git bisect bad 3ac901fc064ddcfbe3e24af4a25f67ee182e4581
Bisecting: 18 revisions left to test after this (roughly 4 steps)
[678ad8eb4250dcffe65c527d9865633b9512e0cb] platform/x86: GPD pocket fan: Allow somewhat lower/higher temperature limits
testing commit 678ad8eb4250dcffe65c527d9865633b9512e0cb with gcc (GCC) 8.1.0
kernel signature: 41c32717cce3be91bcb4f284bbe6eb7649937cda75d4ff6c429ae59599c7bf35
all runs: OK
# git bisect bad 678ad8eb4250dcffe65c527d9865633b9512e0cb
Bisecting: 8 revisions left to test after this (roughly 3 steps)
[6cb939e8d47d2edf74761d885aeb66a75d0620b5] tools lib traceevent: Fix memory leakage in filter_event
testing commit 6cb939e8d47d2edf74761d885aeb66a75d0620b5 with gcc (GCC) 8.1.0
kernel signature: 3202179c5063bbd21758fe0213cc57fb6bd1dc412fa1fa045b57a7e21c721abf
all runs: OK
# git bisect bad 6cb939e8d47d2edf74761d885aeb66a75d0620b5
Bisecting: 4 revisions left to test after this (roughly 2 steps)
[0bf57f087e57d6eb5fc80b6a413897a51655ca76] media: si470x-i2c: Move free() past last use of 'radio'
testing commit 0bf57f087e57d6eb5fc80b6a413897a51655ca76 with gcc (GCC) 8.1.0
kernel signature: 946fd44f52cea81c95fdb742e27157d6fd739a8f7426e60fb12d4bc60ae98802
all runs: OK
# git bisect bad 0bf57f087e57d6eb5fc80b6a413897a51655ca76
Bisecting: 1 revision left to test after this (roughly 1 step)
[71729b05e727c06a78e99a42c234f8ad4ea2aed9] Bluetooth: Fix race condition in hci_release_sock()
testing commit 71729b05e727c06a78e99a42c234f8ad4ea2aed9 with gcc (GCC) 8.1.0
kernel signature: c7453535dd4e65c7501f70ed446bfbdc7cd301a27ee94699c2abd2f188b0278c
all runs: OK
# git bisect bad 71729b05e727c06a78e99a42c234f8ad4ea2aed9
Bisecting: 0 revisions left to test after this (roughly 0 steps)
[fb56687038cfd0e82b6185bdb134d5d7c2b6073f] ttyprintk: fix a potential deadlock in interrupt context issue
testing commit fb56687038cfd0e82b6185bdb134d5d7c2b6073f with gcc (GCC) 8.1.0
kernel signature: d1eecd0820a246ef8860d96b1bb4b7f8532a972058d088d0026bd70a83364851
all runs: OK
# git bisect bad fb56687038cfd0e82b6185bdb134d5d7c2b6073f
fb56687038cfd0e82b6185bdb134d5d7c2b6073f is the first bad commit
commit fb56687038cfd0e82b6185bdb134d5d7c2b6073f
Author: Zhenzhong Duan <zhenzhong.duan@gmail.com>
Date:   Mon Jan 13 11:48:42 2020 +0800

    ttyprintk: fix a potential deadlock in interrupt context issue
    
    commit 9a655c77ff8fc65699a3f98e237db563b37c439b upstream.
    
    tpk_write()/tpk_close() could be interrupted when holding a mutex, then
    in timer handler tpk_write() may be called again trying to acquire same
    mutex, lead to deadlock.
    
    Google syzbot reported this issue with CONFIG_DEBUG_ATOMIC_SLEEP
    enabled:
    
    BUG: sleeping function called from invalid context at
    kernel/locking/mutex.c:938
    in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 0, name: swapper/1
    1 lock held by swapper/1/0:
    ...
    Call Trace:
      <IRQ>
      dump_stack+0x197/0x210
      ___might_sleep.cold+0x1fb/0x23e
      __might_sleep+0x95/0x190
      __mutex_lock+0xc5/0x13c0
      mutex_lock_nested+0x16/0x20
      tpk_write+0x5d/0x340
      resync_tnc+0x1b6/0x320
      call_timer_fn+0x1ac/0x780
      run_timer_softirq+0x6c3/0x1790
      __do_softirq+0x262/0x98c
      irq_exit+0x19b/0x1e0
      smp_apic_timer_interrupt+0x1a3/0x610
      apic_timer_interrupt+0xf/0x20
      </IRQ>
    
    See link https://syzkaller.appspot.com/bug?extid=2eeef62ee31f9460ad65 for
    more details.
    
    Fix it by using spinlock in process context instead of mutex and having
    interrupt disabled in critical section.
    
    Reported-by: syzbot+2eeef62ee31f9460ad65@syzkaller.appspotmail.com
    Signed-off-by: Zhenzhong Duan <zhenzhong.duan@gmail.com>
    Cc: Arnd Bergmann <arnd@arndb.de>
    Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
    Link: https://lore.kernel.org/r/20200113034842.435-1-zhenzhong.duan@gmail.com
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

 drivers/char/ttyprintk.c | 15 +++++++++------
 1 file changed, 9 insertions(+), 6 deletions(-)
culprit signature: d1eecd0820a246ef8860d96b1bb4b7f8532a972058d088d0026bd70a83364851
parent  signature: 2b3c384da7ff214004681806e1b5a23d1a68185ade5624b16c68ccd715f5db6d
revisions tested: 12, total time: 3h53m47.617476229s (build: 1h53m34.286874832s, test: 1h58m25.950161509s)
first good commit: fb56687038cfd0e82b6185bdb134d5d7c2b6073f ttyprintk: fix a potential deadlock in interrupt context issue
cc: ["arnd@arndb.de" "gregkh@linuxfoundation.org" "linux-kernel@vger.kernel.org" "zhenzhong.duan@gmail.com"]