ci starts bisection 2023-01-31 09:11:39.809463263 +0000 UTC m=+741613.755525325 bisecting fixing commit since d888c83fcec75194a8a48ccd283953bdba7b2550 building syzkaller on 42718dd659525414aa0bf2794688ac94a32f7764 ensuring issue is reproducible on original commit d888c83fcec75194a8a48ccd283953bdba7b2550 testing commit d888c83fcec75194a8a48ccd283953bdba7b2550 gcc compiler: Debian clang version 13.0.1-6~deb11u1, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: ab148586ceac5b1830e3dc93dff01f922b640fcafdc53c7e95ef91943306853d all runs: crashed: INFO: task hung in lock_sock_nested testing current HEAD 9f266ccaa2f5228bfe67ad58a94ca4e0109b954a testing commit 9f266ccaa2f5228bfe67ad58a94ca4e0109b954a gcc compiler: Debian clang version 13.0.1-6~deb11u1, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 6bd29a3a4652c77e07613dd9527ea038163f4987d21ee7605c854ce05e147445 all runs: OK # git bisect start 9f266ccaa2f5228bfe67ad58a94ca4e0109b954a d888c83fcec75194a8a48ccd283953bdba7b2550 Bisecting: 33735 revisions left to test after this (roughly 15 steps) [3d076fec5a0c3e66e1d8cb16015ea9a59b66ae1b] Merge tag 'rtc-6.0' of git://git.kernel.org/pub/scm/linux/kernel/git/abelloni/linux testing commit 3d076fec5a0c3e66e1d8cb16015ea9a59b66ae1b gcc compiler: Debian clang version 13.0.1-6~deb11u1, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 725023dab5bd97e0225e743589cc9f706bb95604d54d6653a835f459279c5af2 run #0: boot failed: can't ssh into the instance run #1: boot failed: kernel BUG in __phys_addr run #2: boot failed: general protection fault in wiphy_register run #3: boot failed: general protection fault in rcu_core run #4: boot failed: general protection fault in device_bind_driver run #5: boot failed: general protection fault in netdev_queue_update_kobjects run #6: boot failed: general protection fault in really_probe run #7: boot failed: general protection fault in netdev_queue_update_kobjects run #8: boot failed: BUG: unable to handle kernel paging request in kernel_execve run #9: boot failed: WARNING in wiphy_register # git bisect skip 3d076fec5a0c3e66e1d8cb16015ea9a59b66ae1b Bisecting: 33722 revisions left to test after this (roughly 15 steps) [6c833c0581f1c15db2e0344da19360cba75a3351] Merge tag 'devicetree-fixes-for-6.0-1' of git://git.kernel.org/pub/scm/linux/kernel/git/robh/linux testing commit 6c833c0581f1c15db2e0344da19360cba75a3351 gcc compiler: Debian clang version 13.0.1-6~deb11u1, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: aac2a6bb614862cb75925e4005b545ce46e5183faff1d685864e2ad3810a2ae4 run #0: boot failed: can't ssh into the instance run #1: boot failed: general protection fault in driver_register run #2: boot failed: BUG: unable to handle kernel paging request in insert_header run #3: boot failed: general protection fault in getname_kernel run #4: boot failed: general protection fault in driver_register run #5: boot failed: general protection fault in driver_register run #6: boot failed: WARNING in copy_process run #7: boot failed: BUG: unable to handle kernel paging request in ieee80211_register_hw run #8: boot failed: WARNING in corrupted run #9: boot failed: general protection fault in netdev_queue_update_kobjects # git bisect skip 6c833c0581f1c15db2e0344da19360cba75a3351 Bisecting: 33722 revisions left to test after this (roughly 15 steps) [c98e064d540cf88ccd7f9d20b0e1c1bbe5f82810] perf tools: Factor out thread__set_guest_comm() testing commit c98e064d540cf88ccd7f9d20b0e1c1bbe5f82810 gcc compiler: Debian clang version 13.0.1-6~deb11u1, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 0ca1dd82a7ec762b7f314e4481c46168f05a9bc40911037a8d33dbff6e97fc85 all runs: crashed: possible deadlock in rfcomm_sk_state_change # git bisect good c98e064d540cf88ccd7f9d20b0e1c1bbe5f82810 Bisecting: 32066 revisions left to test after this (roughly 15 steps) [186b9e3845b89df945bb9b370d61ca21888dfa52] iio: imu: st_lsm6dsx: add support to LSM6DSTX testing commit 186b9e3845b89df945bb9b370d61ca21888dfa52 gcc compiler: Debian clang version 13.0.1-6~deb11u1, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 879fb40ba239f0f0d32fd99961fa6e7afb937cdba9ccec455b26adecfc2243b1 all runs: crashed: possible deadlock in rfcomm_sk_state_change # git bisect good 186b9e3845b89df945bb9b370d61ca21888dfa52 Bisecting: 16033 revisions left to test after this (roughly 14 steps) [26d7cc0abe6181148c50982ec2e8e0e46f74b419] wifi: iwlwifi: mvm: Advertise EHT capabilities testing commit 26d7cc0abe6181148c50982ec2e8e0e46f74b419 gcc compiler: Debian clang version 13.0.1-6~deb11u1, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: ef698f21b5608c056f69d2b117a847c50a652a15ba4d40ac2a94d1003bfd256c run #0: basic kernel testing failed: BUG: program execution failed: executor NUM: failed to write control pipe: write |NUM: broken pipe run #1: crashed: possible deadlock in rfcomm_sk_state_change run #2: crashed: possible deadlock in rfcomm_sk_state_change run #3: crashed: possible deadlock in rfcomm_sk_state_change run #4: crashed: possible deadlock in rfcomm_sk_state_change run #5: crashed: possible deadlock in rfcomm_sk_state_change run #6: crashed: possible deadlock in rfcomm_sk_state_change run #7: crashed: possible deadlock in rfcomm_sk_state_change run #8: crashed: possible deadlock in rfcomm_sk_state_change run #9: crashed: possible deadlock in rfcomm_sk_state_change # git bisect good 26d7cc0abe6181148c50982ec2e8e0e46f74b419 Bisecting: 7997 revisions left to test after this (roughly 13 steps) [71946a25f357a51dcce849367501d7fb04c0465b] Merge tag 'mmc-v6.2' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmc testing commit 71946a25f357a51dcce849367501d7fb04c0465b gcc compiler: Debian clang version 13.0.1-6~deb11u1, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: ac51ba15667ece3f5b79ee483f6f452c1ed09a165efff30239094705f5d7d66e all runs: crashed: possible deadlock in rfcomm_sk_state_change # git bisect good 71946a25f357a51dcce849367501d7fb04c0465b Bisecting: 3978 revisions left to test after this (roughly 12 steps) [dd6f9b17cd7af68b6a5090deedf1f5e84f66f4e6] Merge tag 'tty-6.2-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty testing commit dd6f9b17cd7af68b6a5090deedf1f5e84f66f4e6 gcc compiler: Debian clang version 13.0.1-6~deb11u1, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: d39896ac6bd92ac41b7b68677e0fe4e0f3b71ab1f8b01c6d60a45a20e0c015c8 run #0: basic kernel testing failed: BUG: program execution failed: executor NUM: failed to write control pipe: write |NUM: broken pipe run #1: crashed: possible deadlock in rfcomm_sk_state_change run #2: crashed: possible deadlock in rfcomm_sk_state_change run #3: crashed: possible deadlock in rfcomm_sk_state_change run #4: crashed: possible deadlock in rfcomm_sk_state_change run #5: crashed: possible deadlock in rfcomm_sk_state_change run #6: crashed: possible deadlock in rfcomm_sk_state_change run #7: crashed: possible deadlock in rfcomm_sk_state_change run #8: crashed: possible deadlock in rfcomm_sk_state_change run #9: crashed: possible deadlock in rfcomm_sk_state_change # git bisect good dd6f9b17cd7af68b6a5090deedf1f5e84f66f4e6 Bisecting: 1994 revisions left to test after this (roughly 11 steps) [9cf5b508bd260d5693d337bcf1f9b82b961b6137] Merge tag 'rproc-v6.2' of git://git.kernel.org/pub/scm/linux/kernel/git/remoteproc/linux testing commit 9cf5b508bd260d5693d337bcf1f9b82b961b6137 gcc compiler: Debian clang version 13.0.1-6~deb11u1, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 309a27568f84aa894b38bf0e8b1dc63fa4bf9616eb0b9965949690debce995aa run #0: basic kernel testing failed: BUG: program execution failed: executor NUM: failed to write control pipe: write |NUM: broken pipe run #1: basic kernel testing failed: BUG: program execution failed: executor NUM: exit status NUM run #2: crashed: possible deadlock in rfcomm_sk_state_change run #3: crashed: possible deadlock in rfcomm_sk_state_change run #4: crashed: possible deadlock in rfcomm_sk_state_change run #5: crashed: possible deadlock in rfcomm_sk_state_change run #6: crashed: possible deadlock in rfcomm_sk_state_change run #7: crashed: possible deadlock in rfcomm_sk_state_change run #8: crashed: possible deadlock in rfcomm_sk_state_change run #9: crashed: possible deadlock in rfcomm_sk_state_change # git bisect good 9cf5b508bd260d5693d337bcf1f9b82b961b6137 Bisecting: 966 revisions left to test after this (roughly 10 steps) [d9fc1511728c15df49ff18e49a494d00f78b7cd4] Merge tag 'net-6.2-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net testing commit d9fc1511728c15df49ff18e49a494d00f78b7cd4 gcc compiler: Debian clang version 13.0.1-6~deb11u1, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: f1b40af7890205ea11fe63becf78e3cd75318b13e44074637bb4eb9a22c48aeb run #0: basic kernel testing failed: BUG: program execution failed: executor NUM: exit status NUM run #1: crashed: possible deadlock in rfcomm_sk_state_change run #2: crashed: possible deadlock in rfcomm_sk_state_change run #3: crashed: possible deadlock in rfcomm_sk_state_change run #4: crashed: possible deadlock in rfcomm_sk_state_change run #5: crashed: possible deadlock in rfcomm_sk_state_change run #6: crashed: possible deadlock in rfcomm_sk_state_change run #7: crashed: possible deadlock in rfcomm_sk_state_change run #8: crashed: possible deadlock in rfcomm_sk_state_change run #9: crashed: possible deadlock in rfcomm_sk_state_change # git bisect good d9fc1511728c15df49ff18e49a494d00f78b7cd4 Bisecting: 500 revisions left to test after this (roughly 9 steps) [ff83fec8179e392be2f472f0a9ec3da8f6d529c6] Merge tag 'drm-fixes-2023-01-20' of git://anongit.freedesktop.org/drm/drm testing commit ff83fec8179e392be2f472f0a9ec3da8f6d529c6 gcc compiler: Debian clang version 13.0.1-6~deb11u1, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 8e74eeef2732d67c479a62bf966a019c33a353fc15170e21706eb6076aee7941 all runs: OK # git bisect bad ff83fec8179e392be2f472f0a9ec3da8f6d529c6 Bisecting: 232 revisions left to test after this (roughly 8 steps) [dc74a9e8a8c57966a563ab078ba91c8b2c0d0a72] LoongArch: Add generic ex-handler unwind in prologue unwinder testing commit dc74a9e8a8c57966a563ab078ba91c8b2c0d0a72 gcc compiler: Debian clang version 13.0.1-6~deb11u1, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 933f9f610b23b8d228344e344ee2dc8d49dcf06c35b37a5c1369664d8732658e run #0: basic kernel testing failed: BUG: program execution failed: executor NUM: exit status NUM run #1: crashed: possible deadlock in rfcomm_sk_state_change run #2: crashed: possible deadlock in rfcomm_sk_state_change run #3: crashed: possible deadlock in rfcomm_sk_state_change run #4: crashed: possible deadlock in rfcomm_sk_state_change run #5: crashed: possible deadlock in rfcomm_sk_state_change run #6: crashed: possible deadlock in rfcomm_sk_state_change run #7: crashed: possible deadlock in rfcomm_sk_state_change run #8: crashed: possible deadlock in rfcomm_sk_state_change run #9: crashed: possible deadlock in rfcomm_sk_state_change # git bisect good dc74a9e8a8c57966a563ab078ba91c8b2c0d0a72 Bisecting: 133 revisions left to test after this (roughly 7 steps) [45a919bbb21c642e0c34dac483d1e003560159dc] Revert "Merge branch 'octeontx2-af-CPT'" testing commit 45a919bbb21c642e0c34dac483d1e003560159dc gcc compiler: Debian clang version 13.0.1-6~deb11u1, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 6246f88622f0b3778485bf653e830ab9f81b06a0b2a9327445e3b1b88864aabe run #0: basic kernel testing failed: BUG: program execution failed: executor NUM: exit status NUM run #1: basic kernel testing failed: BUG: program execution failed: executor NUM: failed to write control pipe: write |NUM: broken pipe run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect bad 45a919bbb21c642e0c34dac483d1e003560159dc Bisecting: 44 revisions left to test after this (roughly 6 steps) [010a74f52203eae037dd6aa111ba371f6a2dedc5] Merge tag 'for-net-2023-01-17' of git://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth testing commit 010a74f52203eae037dd6aa111ba371f6a2dedc5 gcc compiler: Debian clang version 13.0.1-6~deb11u1, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 981a523d40a3f98233c8a9bfeaa4c9abee043409710cdd21e81da225d59612f7 all runs: OK # git bisect bad 010a74f52203eae037dd6aa111ba371f6a2dedc5 Bisecting: 26 revisions left to test after this (roughly 5 steps) [21705c771934f24cab8beb554e3b7f40e3511ad7] Merge git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf testing commit 21705c771934f24cab8beb554e3b7f40e3511ad7 gcc compiler: Debian clang version 13.0.1-6~deb11u1, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 80b9109f84890480de78b80d2c9eef652d40462442be284af8f715502684a26a run #0: basic kernel testing failed: BUG: program execution failed: executor NUM: exit status NUM run #1: basic kernel testing failed: BUG: program execution failed: executor NUM: exit status NUM run #2: crashed: possible deadlock in rfcomm_sk_state_change run #3: crashed: possible deadlock in rfcomm_sk_state_change run #4: crashed: possible deadlock in rfcomm_sk_state_change run #5: crashed: possible deadlock in rfcomm_sk_state_change run #6: crashed: possible deadlock in rfcomm_sk_state_change run #7: crashed: possible deadlock in rfcomm_sk_state_change run #8: crashed: possible deadlock in rfcomm_sk_state_change run #9: crashed: possible deadlock in rfcomm_sk_state_change # git bisect good 21705c771934f24cab8beb554e3b7f40e3511ad7 Bisecting: 13 revisions left to test after this (roughly 4 steps) [1ed8b37cbaf14574c779064ef1372af62e8ba6aa] Bluetooth: hci_sync: fix memory leak in hci_update_adv_data() testing commit 1ed8b37cbaf14574c779064ef1372af62e8ba6aa gcc compiler: Debian clang version 13.0.1-6~deb11u1, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 3ad08a3ef8bbeac171232adea27be1e04971599ca1aecb9a1fa73c9562a1289f run #0: basic kernel testing failed: BUG: program execution failed: executor NUM: exit status NUM run #1: crashed: possible deadlock in rfcomm_sk_state_change run #2: crashed: possible deadlock in rfcomm_sk_state_change run #3: crashed: possible deadlock in rfcomm_sk_state_change run #4: crashed: possible deadlock in rfcomm_sk_state_change run #5: crashed: possible deadlock in rfcomm_sk_state_change run #6: crashed: possible deadlock in rfcomm_sk_state_change run #7: crashed: possible deadlock in rfcomm_sk_state_change run #8: crashed: possible deadlock in rfcomm_sk_state_change run #9: crashed: possible deadlock in rfcomm_sk_state_change # git bisect good 1ed8b37cbaf14574c779064ef1372af62e8ba6aa Bisecting: 7 revisions left to test after this (roughly 3 steps) [e4f4db47794c9f474b184ee1418f42e6a07412b6] bpf: Fix pointer-leak due to insufficient speculative store bypass mitigation testing commit e4f4db47794c9f474b184ee1418f42e6a07412b6 gcc compiler: Debian clang version 13.0.1-6~deb11u1, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: a15e39cde1d3fbfd8b938af1bc8ad3bdb712d153119b5b7ab3ec07a671bffecb run #0: basic kernel testing failed: BUG: program execution failed: executor NUM: exit status NUM run #1: basic kernel testing failed: BUG: program execution failed: executor NUM: exit status NUM run #2: crashed: possible deadlock in rfcomm_sk_state_change run #3: crashed: possible deadlock in rfcomm_sk_state_change run #4: crashed: possible deadlock in rfcomm_sk_state_change run #5: crashed: possible deadlock in rfcomm_sk_state_change run #6: crashed: possible deadlock in rfcomm_sk_state_change run #7: crashed: possible deadlock in rfcomm_sk_state_change run #8: crashed: possible deadlock in rfcomm_sk_state_change run #9: crashed: possible deadlock in rfcomm_sk_state_change # git bisect good e4f4db47794c9f474b184ee1418f42e6a07412b6 Bisecting: 3 revisions left to test after this (roughly 2 steps) [1d80d57ffcb55488f0ec0b77928d4f82d16b6a90] Bluetooth: Fix possible deadlock in rfcomm_sk_state_change testing commit 1d80d57ffcb55488f0ec0b77928d4f82d16b6a90 gcc compiler: Debian clang version 13.0.1-6~deb11u1, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 6db6ed02801791b980c3e108c436a56249899e6ff50a3c4421e2fb76c848f035 run #0: basic kernel testing failed: BUG: program execution failed: executor NUM: failed to write control pipe: write |NUM: broken pipe run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect bad 1d80d57ffcb55488f0ec0b77928d4f82d16b6a90 Bisecting: 1 revision left to test after this (roughly 1 step) [e9d50f76fe1f7f6f251114919247445fb5cb3734] Bluetooth: hci_event: Fix Invalid wait context testing commit e9d50f76fe1f7f6f251114919247445fb5cb3734 gcc compiler: Debian clang version 13.0.1-6~deb11u1, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 482d8f8397d1b6391375900e2634d7f4573b4f17c5c35ea7a572fe7f79942394 all runs: crashed: possible deadlock in rfcomm_sk_state_change # git bisect good e9d50f76fe1f7f6f251114919247445fb5cb3734 Bisecting: 0 revisions left to test after this (roughly 0 steps) [506d9b4099a0ce8249bba16b4d0b828fdcf69d9a] Bluetooth: ISO: Fix possible circular locking dependency testing commit 506d9b4099a0ce8249bba16b4d0b828fdcf69d9a gcc compiler: Debian clang version 13.0.1-6~deb11u1, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 624f3f8d9d9843b0d6fa9e273ed44fcb04fd1cf86ce7a6c4083ecdcadde21be9 run #0: basic kernel testing failed: BUG: program execution failed: executor NUM: failed to write control pipe: write |NUM: broken pipe run #1: crashed: possible deadlock in rfcomm_sk_state_change run #2: crashed: possible deadlock in rfcomm_sk_state_change run #3: crashed: possible deadlock in rfcomm_sk_state_change run #4: crashed: possible deadlock in rfcomm_sk_state_change run #5: crashed: possible deadlock in rfcomm_sk_state_change run #6: crashed: possible deadlock in rfcomm_sk_state_change run #7: crashed: possible deadlock in rfcomm_sk_state_change run #8: crashed: possible deadlock in rfcomm_sk_state_change run #9: crashed: possible deadlock in rfcomm_sk_state_change # git bisect good 506d9b4099a0ce8249bba16b4d0b828fdcf69d9a 1d80d57ffcb55488f0ec0b77928d4f82d16b6a90 is the first bad commit commit 1d80d57ffcb55488f0ec0b77928d4f82d16b6a90 Author: Ying Hsu Date: Wed Jan 11 03:16:14 2023 +0000 Bluetooth: Fix possible deadlock in rfcomm_sk_state_change syzbot reports a possible deadlock in rfcomm_sk_state_change [1]. While rfcomm_sock_connect acquires the sk lock and waits for the rfcomm lock, rfcomm_sock_release could have the rfcomm lock and hit a deadlock for acquiring the sk lock. Here's a simplified flow: rfcomm_sock_connect: lock_sock(sk) rfcomm_dlc_open: rfcomm_lock() rfcomm_sock_release: rfcomm_sock_shutdown: rfcomm_lock() __rfcomm_dlc_close: rfcomm_k_state_change: lock_sock(sk) This patch drops the sk lock before calling rfcomm_dlc_open to avoid the possible deadlock and holds sk's reference count to prevent use-after-free after rfcomm_dlc_open completes. Reported-by: syzbot+d7ce59...@syzkaller.appspotmail.com Fixes: 1804fdf6e494 ("Bluetooth: btintel: Combine setting up MSFT extension") Link: https://syzkaller.appspot.com/bug?extid=d7ce59b06b3eb14fd218 [1] Signed-off-by: Ying Hsu Signed-off-by: Luiz Augusto von Dentz net/bluetooth/rfcomm/sock.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) culprit signature: 6db6ed02801791b980c3e108c436a56249899e6ff50a3c4421e2fb76c848f035 parent signature: 624f3f8d9d9843b0d6fa9e273ed44fcb04fd1cf86ce7a6c4083ecdcadde21be9 revisions tested: 21, total time: 5h55m17.46291964s (build: 3h49m17.735488956s, test: 2h2m2.887275494s) first good commit: 1d80d57ffcb55488f0ec0b77928d4f82d16b6a90 Bluetooth: Fix possible deadlock in rfcomm_sk_state_change recipients (to): ["davem@davemloft.net" "edumazet@google.com" "johan.hedberg@gmail.com" "kuba@kernel.org" "linux-bluetooth@vger.kernel.org" "luiz.dentz@gmail.com" "luiz.von.dentz@intel.com" "marcel@holtmann.org" "netdev@vger.kernel.org" "pabeni@redhat.com" "yinghsu@chromium.org"] recipients (cc): ["linux-kernel@vger.kernel.org" "yinghsu@chromium.org"]