ci starts bisection 2024-09-02 05:52:37.985571248 +0000 UTC m=+178616.647281064 bisecting cause commit starting from 431c1646e1f86b949fa3685efc50b660a364c2b6 building syzkaller on 1eda0d1459e5ff07903ffa2f8cedf55ae7b24af0 ensuring issue is reproducible on original commit 431c1646e1f86b949fa3685efc50b660a364c2b6 testing commit 431c1646e1f86b949fa3685efc50b660a364c2b6 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 7441c8485394b6e22843a4a44a103d72672e2e67a6af0e0da3583be960376dce all runs: crashed: INFO: task hung in page_cache_ra_unbounded representative crash: INFO: task hung in page_cache_ra_unbounded, types: [HANG] check whether we can drop unnecessary instrumentation disabling configs for [BUG KASAN LOCKDEP ATOMIC_SLEEP LEAK UBSAN], they are not needed testing commit 431c1646e1f86b949fa3685efc50b660a364c2b6 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 152125002fa45a3730fe46fde04946cc863997d59d2f0460b06789aa19150f02 run #0: crashed: INFO: task hung in page_cache_ra_unbounded run #1: crashed: INFO: task hung in page_cache_ra_unbounded run #2: crashed: INFO: task hung in filemap_fault run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK representative crash: INFO: task hung in page_cache_ra_unbounded, types: [HANG] kconfig minimization: base=4045 full=8137 leaves diff=2108 split chunks (needed=false): <2108> split chunk #0 of len 2108 into 5 parts testing without sub-chunk 1/5 testing commit 431c1646e1f86b949fa3685efc50b660a364c2b6 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 0ad64152fee2a24a09fc2b16049a54c3febc28861289c6b6c75541fcc5ee2e4b all runs: OK false negative chance: 0.000 testing without sub-chunk 2/5 testing commit 431c1646e1f86b949fa3685efc50b660a364c2b6 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 41998bbf4984b87c6f298265657ffe1ff468ee347828f8b3991bd0cae3007dd2 all runs: crashed: INFO: task hung in page_cache_ra_unbounded representative crash: INFO: task hung in page_cache_ra_unbounded, types: [HANG] the chunk can be dropped testing without sub-chunk 3/5 testing commit 431c1646e1f86b949fa3685efc50b660a364c2b6 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: f815fc1ec62047606f44039bf9f655976ca4ad49507aa3864f2e4e7c59afc7e8 all runs: crashed: INFO: task hung in page_cache_ra_unbounded representative crash: INFO: task hung in page_cache_ra_unbounded, types: [HANG] the chunk can be dropped testing without sub-chunk 4/5 testing commit 431c1646e1f86b949fa3685efc50b660a364c2b6 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 978b730062ad0584d20e9603b44147db384d4d9f8775e0f9be023ceabb2ae600 all runs: crashed: INFO: task hung in page_cache_ra_unbounded representative crash: INFO: task hung in page_cache_ra_unbounded, types: [HANG] the chunk can be dropped testing without sub-chunk 5/5 testing commit 431c1646e1f86b949fa3685efc50b660a364c2b6 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 90310b142a18f283ba9d54765d52e3504a9d64e359944536aab70acc227e22f3 all runs: crashed: INFO: task hung in page_cache_ra_unbounded representative crash: INFO: task hung in page_cache_ra_unbounded, types: [HANG] the chunk can be dropped minimized to 422 configs; suspects: [6LOWPAN 6LOWPAN_GHC_EXT_HDR_DEST 6LOWPAN_GHC_EXT_HDR_FRAG 6LOWPAN_GHC_EXT_HDR_HOP 6LOWPAN_GHC_EXT_HDR_ROUTE 6LOWPAN_GHC_ICMPV6 6LOWPAN_GHC_UDP 6LOWPAN_NHC 6LOWPAN_NHC_DEST 6LOWPAN_NHC_FRAGMENT 6LOWPAN_NHC_HOP 6LOWPAN_NHC_IPV6 6LOWPAN_NHC_MOBILITY 6LOWPAN_NHC_ROUTING 6LOWPAN_NHC_UDP 6PACK 842_COMPRESS 842_DECOMPRESS 9P_FSCACHE 9P_FS_POSIX_ACL 9P_FS_SECURITY ACORN_PARTITION ACORN_PARTITION_ADFS ACORN_PARTITION_CUMANA ACORN_PARTITION_EESOX ACORN_PARTITION_ICS ACORN_PARTITION_POWERTEC ACORN_PARTITION_RISCIX ACPI_NFIT ACPI_NHLT ACPI_PLATFORM_PROFILE ADDRESS_MASKING ADFS_FS AFFS_FS AFS_FS AFS_FSCACHE AF_KCM AF_RXRPC AF_RXRPC_IPV6 AIX_PARTITION AMD_SFH_HID AMIGA_PARTITION ANDROID_BINDERFS ANDROID_BINDER_IPC ANON_VMA_NAME APERTURE_HELPERS APPLE_MFI_FASTCHARGE AR5523 ARCH_ENABLE_MEMORY_HOTREMOVE ARCH_ENABLE_THP_MIGRATION ARCH_USES_PG_UNCACHED ARCH_WANT_PMD_MKWRITE ASM_MODVERSIONS ASUS_TF103C_DOCK ASYNC_CORE ASYNC_MEMCPY ASYNC_PQ ASYNC_RAID6_RECOV ASYNC_TX_DMA ASYNC_XOR ATARI_PARTITION ATA_GENERIC ATA_OVER_ETH ATH10K ATH10K_CE ATH10K_LEDS ATH10K_PCI ATH10K_USB ATH11K ATH6KL ATH6KL_USB ATH9K ATH9K_AHB ATH9K_BTCOEX_SUPPORT ATH9K_CHANNEL_CONTEXT ATH9K_COMMON ATH9K_COMMON_DEBUG ATH9K_COMMON_SPECTRAL ATH9K_DEBUGFS ATH9K_DYNACK ATH9K_HTC ATH9K_HTC_DEBUGFS ATH9K_HW ATH9K_PCI ATH9K_PCOEM ATH9K_RFKILL ATH_COMMON ATM ATM_BR2684 ATM_CLIP ATM_DRIVERS ATM_LANE ATM_MPOA ATM_TCP AUXILIARY_BUS AX25 AX25_DAMA_SLAVE AX88796B_PHY BAREUDP BATMAN_ADV BATMAN_ADV_BATMAN_V BATMAN_ADV_BLA BATMAN_ADV_DAT BATMAN_ADV_MCAST BATMAN_ADV_NC BCACHE BCACHEFS_DEBUG BCACHEFS_ERASURE_CODING BCACHEFS_FS BCACHEFS_POSIX_ACL BCACHEFS_QUOTA BCACHEFS_SIX_OPTIMISTIC_SPIN BCMA BCMA_HOST_PCI_POSSIBLE BEFS_FS BFQ_CGROUP_DEBUG BFQ_GROUP_IOSCHED BFS_FS BIG_KEYS BLK_CGROUP_PUNT_BIO BLK_CGROUP_RWSTAT BLK_DEV_BSGLIB BLK_DEV_INITRD BLK_DEV_INTEGRITY BLK_DEV_NBD BLK_DEV_NULL_BLK BLK_DEV_NULL_BLK_FAULT_INJECTION BLK_DEV_NVME BLK_DEV_PMEM BLK_DEV_RAM BLK_DEV_RNBD BLK_DEV_RNBD_CLIENT BLK_DEV_THROTTLING BLK_DEV_ZONED BLK_ICQ BLK_INLINE_ENCRYPTION BLK_INLINE_ENCRYPTION_FALLBACK BLK_WBT BLK_WBT_MQ BONDING BOOT_VESA_SUPPORT BPF_EVENTS BPF_JIT BPF_JIT_ALWAYS_ON BPF_JIT_DEFAULT_ON BPF_LSM BPF_PRELOAD BPF_PRELOAD_UMD BPF_STREAM_PARSER BPF_SYSCALL BPQETHER BRIDGE BRIDGE_CFM BRIDGE_EBT_802_3 BRIDGE_EBT_AMONG BRIDGE_EBT_ARP BRIDGE_EBT_ARPREPLY BRIDGE_EBT_BROUTE BRIDGE_EBT_DNAT BRIDGE_EBT_IP BRIDGE_EBT_IP6 BRIDGE_EBT_LIMIT BRIDGE_EBT_LOG BRIDGE_EBT_MARK BRIDGE_EBT_MARK_T BRIDGE_EBT_NFLOG BRIDGE_EBT_PKTTYPE BRIDGE_EBT_REDIRECT BRIDGE_EBT_SNAT BRIDGE_EBT_STP BRIDGE_EBT_T_FILTER BRIDGE_EBT_T_NAT BRIDGE_EBT_VLAN BRIDGE_IGMP_SNOOPING BRIDGE_MRP BRIDGE_NF_EBTABLES BRIDGE_NF_EBTABLES_LEGACY BRIDGE_VLAN_FILTERING BSD_DISKLABEL BSD_PROCESS_ACCT_V3 BT BTRFS_ASSERT BTRFS_FS BTRFS_FS_POSIX_ACL BTRFS_FS_REF_VERIFY BTT BT_6LOWPAN BT_ATH3K BT_BCM BT_BNEP BT_BNEP_MC_FILTER BT_BNEP_PROTO_FILTER BT_BREDR BT_CMTP BT_HCIBCM203X BT_HCIBFUSB BT_HCIBPA10X BT_HCIBTUSB BT_HCIBTUSB_AUTOSUSPEND BT_HCIBTUSB_BCM BT_HCIBTUSB_MTK BT_HCIBTUSB_POLL_SYNC BT_HCIBTUSB_RTL BT_HCIUART BT_HCIUART_3WIRE BT_HCIUART_AG6XX BT_HCIUART_BCSP BT_HCIUART_H4 BT_HCIUART_LL BT_HCIUART_MRVL BT_HCIUART_QCA BT_HCIUART_SERDEV BT_HCIVHCI BT_INTEL BT_LE BT_LEDS BT_LE_L2CAP_ECRED BT_MRVL BT_MRVL_SDIO BT_MSFTEXT BT_MTK BT_MTKSDIO BT_MTKUART BT_QCA BT_RFCOMM BT_RFCOMM_TTY BT_RTL CACHEFILES CAIF CAIF_DEBUG CAIF_DRIVERS CAIF_NETDEV CAIF_TTY CAIF_USB CAIF_VIRTIO CAN CAN_8DEV_USB CAN_BCM CAN_CALC_BITTIMING CAN_DEV CAN_EMS_USB CAN_ESD_USB CAN_ETAS_ES58X CAN_F81604 CAN_GS_USB CAN_GW CAN_IFI_CANFD CAN_ISOTP CAN_J1939 CAN_KVASER_USB CAN_MCBA_USB CAN_NETLINK CAN_PEAK_USB CAN_RAW CAN_RX_OFFLOAD CAN_SLCAN CAN_UCAN CAN_VCAN CAN_VXCAN CAPI_TRACE CARL9170 CARL9170_HWRNG CARL9170_LEDS CARL9170_WPC CEC_CORE CEPH_FS CEPH_FSCACHE CEPH_FS_POSIX_ACL CEPH_LIB CEPH_LIB_USE_DNS_RESOLVER CFG80211 CFG80211_CRDA_SUPPORT CFG80211_DEBUGFS CFG80211_DEFAULT_PS CFG80211_REQUIRE_SIGNED_REGDB CFG80211_USE_KERNEL_REGDB_KEYS CFG80211_WEXT CFS_BANDWIDTH CGROUP_BPF CHARGER_ISP1704 CHR_DEV_ST CIFS CIFS_ALLOW_INSECURE_LEGACY CIFS_DEBUG CIFS_DFS_UPCALL CIFS_FSCACHE CIFS_POSIX CIFS_SMB_DIRECT CIFS_SWN_UPCALL CIFS_UPCALL CIFS_XATTR CLOSURES CLS_U32_MARK CLS_U32_PERF CMA CMA_SIZE_SEL_MAX CMDLINE_PARTITION COMEDI COMEDI_DT9812 COMEDI_NI_USB6501 COMEDI_USBDUX COMEDI_USBDUXFAST COMEDI_USBDUXSIGMA COMEDI_USB_DRIVERS COMEDI_VMK80XX COMPAT_NETLINK_MESSAGES COUNTER CRAMFS CRAMFS_BLOCKDEV CRAMFS_MTD CRC4 CRC64 CRC64_ROCKSOFT CRC7 CRC8 CRC_ITU_T CRC_T10DIF CRYPTO_ADIANTUM CRYPTO_AEGIS128 CRYPTO_AEGIS128_AESNI_SSE2 CRYPTO_AES_NI_INTEL CRYPTO_AES_TI CRYPTO_ANSI_CPRNG CRYPTO_ANUBIS CRYPTO_ARC4 CRYPTO_ARCH_HAVE_LIB_BLAKE2S CRYPTO_ARCH_HAVE_LIB_CHACHA CRYPTO_ARCH_HAVE_LIB_CURVE25519 CRYPTO_ARCH_HAVE_LIB_POLY1305 CRYPTO_ARIA CRYPTO_ARIA_AESNI_AVX_X86_64 CRYPTO_BLAKE2B CRYPTO_BLAKE2S_X86 CRYPTO_BLOWFISH CRYPTO_BLOWFISH_COMMON CRYPTO_BLOWFISH_X86_64 CRYPTO_CAMELLIA CRYPTO_CAMELLIA_AESNI_AVX2_X86_64 CRYPTO_CAMELLIA_AESNI_AVX_X86_64 CRYPTO_CAMELLIA_X86_64 CRYPTO_CAST5 CRYPTO_CAST5_AVX_X86_64 CRYPTO_CAST6 CRYPTO_CAST6_AVX_X86_64 CRYPTO_CAST_COMMON CRYPTO_CHACHA20POLY1305 CRYPTO_CHACHA20_X86_64 CRYPTO_CRC32 CRYPTO_CRC32C_INTEL CRYPTO_CRC32_PCLMUL CRYPTO_CRC64_ROCKSOFT CRYPTO_CRCT10DIF CRYPTO_CRCT10DIF_PCLMUL CRYPTO_CRYPTD CRYPTO_CURVE25519 CRYPTO_CURVE25519_X86 CRYPTO_DEFLATE CRYPTO_DES CRYPTO_DES3_EDE_X86_64 CRYPTO_DEV_CCP CRYPTO_DEV_CCP_DD CRYPTO_DEV_PADLOCK CRYPTO_DEV_PADLOCK_AES CRYPTO_DEV_PADLOCK_SHA CRYPTO_DEV_QAT CRYPTO_DEV_QAT_C3XXX CRYPTO_DEV_QAT_C3XXXVF CRYPTO_DEV_QAT_C62X CRYPTO_DEV_QAT_C62XVF CRYPTO_DEV_QAT_DH895xCC CRYPTO_DEV_QAT_DH895xCCVF CRYPTO_DEV_VIRTIO CRYPTO_DH CRYPTO_DRBG_CTR CRYPTO_DRBG_HASH CRYPTO_ECDH CRYPTO_ECRDSA CRYPTO_ENGINE CRYPTO_ESSIV CRYPTO_FCRYPT CRYPTO_GHASH_CLMUL_NI_INTEL CRYPTO_HCTR2 CRYPTO_KDF800108_CTR CRYPTO_KEYWRAP CRYPTO_KHAZAD CRYPTO_KPP CRYPTO_LIB_ARC4 CRYPTO_LIB_CHACHA CRYPTO_LIB_CHACHA20POLY1305 CRYPTO_LIB_CURVE25519 CRYPTO_LIB_CURVE25519_GENERIC CRYPTO_LIB_POLY1305 CRYPTO_LIB_POLY1305_GENERIC CRYPTO_LRW CRYPTO_NHPOLY1305 CRYPTO_NHPOLY1305_AVX2 CRYPTO_NHPOLY1305_SSE2 CRYPTO_PCBC CRYPTO_PCRYPT CRYPTO_POLY1305 CRYPTO_POLY1305_X86_64 CRYPTO_POLYVAL CRYPTO_POLYVAL_CLMUL_NI CRYPTO_RMD160 CRYPTO_SEED CRYPTO_SERPENT CRYPTO_SERPENT_AVX2_X86_64 CRYPTO_SERPENT_AVX_X86_64 CRYPTO_SERPENT_SSE2_X86_64 CRYPTO_SHA1_SSSE3 CRYPTO_SHA256_SSSE3 CRYPTO_SHA512_SSSE3 CRYPTO_SIMD CRYPTO_SM3_AVX_X86_64 CRYPTO_SM4_AESNI_AVX2_X86_64 CRYPTO_SM4_AESNI_AVX_X86_64 CRYPTO_STREEBOG CRYPTO_TEA CRYPTO_TWOFISH CRYPTO_TWOFISH_AVX_X86_64 CRYPTO_TWOFISH_COMMON CRYPTO_TWOFISH_X86_64 CRYPTO_TWOFISH_X86_64_3WAY CRYPTO_USER CRYPTO_USER_API CRYPTO_USER_API_AEAD CRYPTO_USER_API_ENABLE_OBSOLETE CRYPTO_USER_API_HASH CRYPTO_USER_API_RNG CRYPTO_USER_API_SKCIPHER CRYPTO_VMAC CRYPTO_WP512 CRYPTO_XCTR CRYPTO_XXHASH CUSE CYPRESS_FIRMWARE DAMON DAMON_PADDR DAMON_RECLAIM DAMON_VADDR DAX DCA DCB DEFAULT_CODEL DEVICE_MIGRATION DEVICE_PRIVATE DEV_COREDUMP DEV_DAX DLN2_ADC DMABUF_HEAPS DMABUF_HEAPS_CMA DMABUF_HEAPS_SYSTEM DMABUF_MOVE_NOTIFY DMA_CMA DMA_ENGINE_RAID DMA_OPS DM_AUDIT DM_BIO_PRISON DM_BUFIO DM_CACHE DM_CACHE_SMQ DM_CLONE DM_CRYPT DM_FLAKEY DM_INTEGRITY DM_MULTIPATH DM_MULTIPATH_QL DM_MULTIPATH_ST DM_PERSISTENT_DATA DM_RAID DM_SNAPSHOT DM_THIN_PROVISIONING DM_UEVENT DM_VERITY DM_VERITY_FEC DM_WRITECACHE DM_ZONED DRAGONRISE_FF DRM DRM_AUX_BRIDGE DRM_BOCHS DRM_BRIDGE DRM_BUDDY DRM_CIRRUS_QEMU DRM_DEBUG_MM DRM_DISPLAY_DP_AUX_BUS DRM_DISPLAY_DP_HELPER DRM_DISPLAY_HDCP_HELPER DRM_DISPLAY_HDMI_HELPER DRM_DISPLAY_HELPER DRM_FBDEV_EMULATION DRM_GEM_SHMEM_HELPER DRM_GM12U320 DRM_GUD DRM_I915 DRM_I915_CAPTURE_ERROR DRM_I915_COMPRESS_ERROR DRM_I915_USERPTR DRM_KMS_HELPER DRM_MIPI_DSI DRM_PANEL DRM_PANEL_BRIDGE DRM_PANEL_EDP DRM_PANEL_ORIENTATION_QUIRKS DRM_SIMPLEDRM DRM_TTM DRM_TTM_HELPER ENCRYPTED_KEYS FSCACHE FUSE_FS GPIOLIB HAMRADIO HID_DRAGONRISE IIO INFINIBAND INFINIBAND_ADDR_TRANS INFINIBAND_RTRS_CLIENT IOSCHED_BFQ ISDN ISDN_CAPI LIBNVDIMM MAC80211 MAC80211_DEBUGFS MAC80211_LEDS MEDIA_SUPPORT MEMORY_HOTPLUG MEMORY_HOTREMOVE MFD_DLN2 MMC MTD NET_CLS_U32 NET_SCH_DEFAULT PARTITION_ADVANCED RFKILL SERIAL_DEV_BUS TLS TLS_DEVICE TRANSPARENT_HUGEPAGE TRUSTED_KEYS USB_GADGET USB_PHY VLAN_8021Q WANT_COMPAT_NETLINK_MESSAGES WEXT_CORE WIRELESS WIRELESS_EXT WLAN WLAN_VENDOR_ATH X86_X32_ABI ZONE_DEVICE] picked [v6.10 v6.9 v6.8 v6.6 v6.4 v6.2 v6.0 v5.18 v5.15 v5.12 v5.9 v5.6 v5.3 v5.0 v4.19] out of 33 release tags testing release v6.10 testing commit 0c3836482481200ead7b416ca80c68a29cfdaabd gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: d4754ffe45a62bbd4c8ee6fc48a2827de9f9bfccac55777bff785e6608177eac run #0: crashed: INFO: task hung in page_cache_ra_unbounded run #1: crashed: INFO: task hung in page_cache_ra_unbounded run #2: crashed: INFO: task hung in page_cache_ra_unbounded run #3: crashed: INFO: task hung in page_cache_ra_unbounded run #4: crashed: INFO: task hung in page_cache_ra_unbounded run #5: crashed: INFO: task hung in page_cache_ra_unbounded run #6: crashed: INFO: task hung in page_cache_ra_unbounded run #7: crashed: INFO: task hung in page_cache_ra_unbounded run #8: crashed: INFO: task hung in page_cache_ra_unbounded run #9: crashed: INFO: task hung in page_cache_ra_unbounded run #10: crashed: INFO: task hung in page_cache_ra_unbounded run #11: crashed: INFO: task hung in page_cache_ra_unbounded run #12: crashed: INFO: task hung in page_cache_ra_unbounded run #13: crashed: INFO: task hung in page_cache_ra_unbounded run #14: crashed: INFO: task hung in page_cache_ra_unbounded run #15: crashed: INFO: task hung in page_cache_ra_unbounded run #16: crashed: INFO: task hung in page_cache_ra_unbounded run #17: crashed: INFO: task hung in page_cache_ra_unbounded run #18: crashed: INFO: task hung in page_cache_ra_unbounded run #19: OK representative crash: INFO: task hung in page_cache_ra_unbounded, types: [HANG] testing release v6.9 testing commit a38297e3fb012ddfa7ce0321a7e5a8daeb1872b6 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 0b9f5910985d1d924fa57a90c63debeeec60262863423c66d4a078baaf3a05b6 run #0: crashed: INFO: task hung in page_cache_ra_unbounded run #1: crashed: INFO: task hung in page_cache_ra_unbounded run #2: crashed: INFO: task hung in page_cache_ra_unbounded run #3: crashed: INFO: task hung in page_cache_ra_unbounded run #4: crashed: INFO: task hung in page_cache_ra_unbounded run #5: crashed: INFO: task hung in page_cache_ra_unbounded run #6: crashed: INFO: task hung in page_cache_ra_unbounded run #7: crashed: INFO: task hung in page_cache_ra_unbounded run #8: crashed: INFO: task hung in page_cache_ra_unbounded run #9: crashed: INFO: task hung in page_cache_ra_unbounded run #10: crashed: INFO: task hung in page_cache_ra_unbounded run #11: crashed: INFO: task hung in page_cache_ra_unbounded run #12: crashed: INFO: task hung in page_cache_ra_unbounded run #13: crashed: INFO: task hung in page_cache_ra_unbounded run #14: crashed: INFO: task hung in page_cache_ra_unbounded run #15: crashed: INFO: task hung in page_cache_ra_unbounded run #16: crashed: INFO: task hung in page_cache_ra_unbounded run #17: crashed: INFO: task hung in page_cache_ra_unbounded run #18: crashed: INFO: task hung in page_cache_ra_unbounded run #19: OK representative crash: INFO: task hung in page_cache_ra_unbounded, types: [HANG] testing release v6.8 testing commit e8f897f4afef0031fe618a8e94127a0934896aba gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 59c0bfdb3df1352c24c52d49d29443cffc22f20204974673b06fab84064b3986 all runs: crashed: INFO: task hung in page_cache_ra_unbounded representative crash: INFO: task hung in page_cache_ra_unbounded, types: [HANG] testing release v6.6 testing commit ffc253263a1375a65fa6c9f62a893e9767fbebfa gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 2b047c0e2242e023f085af1db534a153fffa847d37fbcd2cff4fa487e556143c all runs: crashed: INFO: task hung in page_cache_ra_unbounded representative crash: INFO: task hung in page_cache_ra_unbounded, types: [HANG] testing release v6.4 testing commit 6995e2de6891c724bfeb2db33d7b87775f913ad1 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 1c0375c4f4fdc15daa175dcaaf39855217e61e0f161e4434bf6557021e8f49c9 all runs: crashed: INFO: task hung in page_cache_ra_unbounded representative crash: INFO: task hung in page_cache_ra_unbounded, types: [HANG] testing release v6.2 testing commit c9c3395d5e3dcc6daee66c6908354d47bf98cb0c gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 6c3ec10701a45e1412a2e281d8805542f5a8a383fe43359c894dca87d8c0a101 all runs: crashed: INFO: task hung in page_cache_ra_unbounded representative crash: INFO: task hung in page_cache_ra_unbounded, types: [HANG] testing release v6.0 testing commit 4fe89d07dcc2804c8b562f6c7896a45643d34b2f gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 6bdc4005a50d828a5e3f2c14813128657fae271c23be8d782aca59390b8316b5 all runs: crashed: INFO: task hung in page_cache_ra_unbounded representative crash: INFO: task hung in page_cache_ra_unbounded, types: [HANG] testing release v5.18 testing commit 4b0986a3613c92f4ec1bdc7f60ec66fea135991f gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 5ed77104ec184f344822dcf6b0ed2b94df6090e8e25a750e5de977afa45b2ccf all runs: crashed: INFO: task hung in page_cache_ra_unbounded representative crash: INFO: task hung in page_cache_ra_unbounded, types: [HANG] testing release v5.15 testing commit 8bb7eca972ad531c9b149c0a51ab43a417385813 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 047c9da0892ff753f3fcc6f87ed754e64414dbd98d93b71f96be9fa3a5ee3cda run #0: crashed: INFO: task hung in page_cache_ra_unbounded run #1: crashed: INFO: task hung in page_cache_ra_unbounded run #2: crashed: INFO: task hung in page_cache_ra_unbounded run #3: crashed: INFO: task hung in page_cache_ra_unbounded run #4: crashed: INFO: task hung in page_cache_ra_unbounded run #5: crashed: INFO: task hung in page_cache_ra_unbounded run #6: crashed: INFO: task hung in page_cache_ra_unbounded run #7: crashed: INFO: task hung in page_cache_ra_unbounded run #8: crashed: INFO: task hung in page_cache_ra_unbounded run #9: crashed: INFO: task hung in page_cache_ra_unbounded run #10: crashed: INFO: task hung in page_cache_ra_unbounded run #11: crashed: INFO: task hung in page_cache_ra_unbounded run #12: OK run #13: crashed: INFO: task hung in page_cache_ra_unbounded run #14: OK run #15: OK run #16: OK run #17: OK run #18: OK run #19: OK representative crash: INFO: task hung in page_cache_ra_unbounded, types: [HANG] testing release v5.12 testing commit 9f4ad9e425a1d3b6a34617b8ea226d56a119a717 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: d1ff4c6ce53f1b3591a5a27b79f62f8f5ded69188096d064be7d7b16f68def09 all runs: OK false negative chance: 0.000 # git bisect start 8bb7eca972ad531c9b149c0a51ab43a417385813 9f4ad9e425a1d3b6a34617b8ea226d56a119a717 Bisecting: 23811 revisions left to test after this (roughly 15 steps) [bcb9928a155444dbd212473e60241ca0a7f641e1] net: dsa: properly check for the bridge_leave methods in dsa_switch_bridge_leave() testing commit bcb9928a155444dbd212473e60241ca0a7f641e1 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: bfcfa821f3d23a699f112f086870cd22c94345ff5355f6b5cecd83962e7de616 run #0: crashed: BUG: sleeping function called from invalid context in lock_sock_nested run #1: crashed: BUG: sleeping function called from invalid context in lock_sock_nested run #2: crashed: BUG: sleeping function called from invalid context in lock_sock_nested run #3: crashed: BUG: sleeping function called from invalid context in lock_sock_nested run #4: crashed: BUG: sleeping function called from invalid context in lock_sock_nested run #5: crashed: BUG: sleeping function called from invalid context in lock_sock_nested run #6: crashed: BUG: sleeping function called from invalid context in lock_sock_nested run #7: crashed: BUG: sleeping function called from invalid context in lock_sock_nested run #8: crashed: BUG: sleeping function called from invalid context in lock_sock_nested run #9: crashed: BUG: sleeping function called from invalid context in lock_sock_nested run #10: crashed: BUG: sleeping function called from invalid context in lock_sock_nested run #11: crashed: BUG: sleeping function called from invalid context in lock_sock_nested run #12: crashed: BUG: sleeping function called from invalid context in lock_sock_nested run #13: crashed: BUG: sleeping function called from invalid context in lock_sock_nested run #14: crashed: BUG: sleeping function called from invalid context in lock_sock_nested run #15: crashed: BUG: sleeping function called from invalid context in lock_sock_nested run #16: crashed: BUG: sleeping function called from invalid context in lock_sock_nested run #17: crashed: BUG: sleeping function called from invalid context in lock_sock_nested run #18: crashed: BUG: sleeping function called from invalid context in lock_sock_nested run #19: OK representative crash: BUG: sleeping function called from invalid context in lock_sock_nested, types: [ATOMIC_SLEEP] # git bisect bad bcb9928a155444dbd212473e60241ca0a7f641e1 Bisecting: 11369 revisions left to test after this (roughly 14 steps) [89dc6a9682919dbd64213c630a71eedaa021d7e5] mm/khugepaged.c: replace barrier() with READ_ONCE() for a selective variable testing commit 89dc6a9682919dbd64213c630a71eedaa021d7e5 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 13408cd00ebf79bac4f55b69dd4dd1af841512737b519c7a457148a31765921a all runs: OK false negative chance: 0.000 # git bisect good 89dc6a9682919dbd64213c630a71eedaa021d7e5 Bisecting: 5682 revisions left to test after this (roughly 13 steps) [9ed13a17e38e0537e24d9b507645002bf8d0201f] Merge tag 'net-5.13-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net testing commit 9ed13a17e38e0537e24d9b507645002bf8d0201f gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: ad29766f1585d1f010b2d7875215e1efca014be3c1c5c5e93f3fa00d6aec2712 run #0: crashed: BUG: sleeping function called from invalid context in lock_sock_nested run #1: crashed: BUG: sleeping function called from invalid context in lock_sock_nested run #2: crashed: BUG: sleeping function called from invalid context in lock_sock_nested run #3: crashed: BUG: sleeping function called from invalid context in lock_sock_nested run #4: crashed: BUG: sleeping function called from invalid context in lock_sock_nested run #5: crashed: BUG: sleeping function called from invalid context in lock_sock_nested run #6: crashed: BUG: sleeping function called from invalid context in lock_sock_nested run #7: crashed: BUG: sleeping function called from invalid context in lock_sock_nested run #8: crashed: BUG: sleeping function called from invalid context in lock_sock_nested run #9: crashed: BUG: sleeping function called from invalid context in lock_sock_nested run #10: crashed: BUG: sleeping function called from invalid context in lock_sock_nested run #11: crashed: BUG: sleeping function called from invalid context in lock_sock_nested run #12: crashed: BUG: sleeping function called from invalid context in lock_sock_nested run #13: crashed: BUG: sleeping function called from invalid context in lock_sock_nested run #14: crashed: BUG: sleeping function called from invalid context in lock_sock_nested run #15: crashed: BUG: sleeping function called from invalid context in lock_sock_nested run #16: crashed: BUG: sleeping function called from invalid context in lock_sock_nested run #17: crashed: BUG: sleeping function called from invalid context in lock_sock_nested run #18: crashed: BUG: sleeping function called from invalid context in lock_sock_nested run #19: OK representative crash: BUG: sleeping function called from invalid context in lock_sock_nested, types: [ATOMIC_SLEEP] # git bisect bad 9ed13a17e38e0537e24d9b507645002bf8d0201f Bisecting: 2839 revisions left to test after this (roughly 12 steps) [57151b502cbc0fa6ff9074a76883fa9d9eda322e] Merge tag 'pci-v5.13-changes' of git://git.kernel.org/pub/scm/linux/kernel/git/helgaas/pci testing commit 57151b502cbc0fa6ff9074a76883fa9d9eda322e gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 7c4d5b3c8e28c53dc0b36c6ecde1e227143e8c17c85eb517b6fc6efae94566f6 all runs: OK false negative chance: 0.000 # git bisect good 57151b502cbc0fa6ff9074a76883fa9d9eda322e Bisecting: 1419 revisions left to test after this (roughly 11 steps) [b9231dfbcbc0034cf333fee33c190853daee48c0] Merge tag 'io_uring-5.13-2021-05-22' of git://git.kernel.dk/linux-block testing commit b9231dfbcbc0034cf333fee33c190853daee48c0 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: fbb39462101fd8619b09db2f349295045503b4f7fec096d219ec27a1f7b7313c all runs: OK false negative chance: 0.000 # git bisect good b9231dfbcbc0034cf333fee33c190853daee48c0 Bisecting: 709 revisions left to test after this (roughly 10 steps) [263e88d678baa1a2e3f2d5afbdcd9fd3feb80a4d] proc: add .gitignore for proc-subset-pid selftest testing commit 263e88d678baa1a2e3f2d5afbdcd9fd3feb80a4d gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 24e5694584304673fb67489b1f6022cb672a85c89e2b53d280d4a0e607ce746d all runs: OK false negative chance: 0.000 # git bisect good 263e88d678baa1a2e3f2d5afbdcd9fd3feb80a4d Bisecting: 352 revisions left to test after this (roughly 9 steps) [99f925947ab0fd5c17b74460d8b32f1aa1c86e3a] Merge tag 'sched-urgent-2021-06-12' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip testing commit 99f925947ab0fd5c17b74460d8b32f1aa1c86e3a gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: c880d5b438f3a7c3489397efdf8eb740ca67df685faf28c915569cf27b33afca run #0: crashed: BUG: sleeping function called from invalid context in lock_sock_nested run #1: crashed: BUG: sleeping function called from invalid context in lock_sock_nested run #2: crashed: BUG: sleeping function called from invalid context in lock_sock_nested run #3: crashed: BUG: sleeping function called from invalid context in lock_sock_nested run #4: crashed: BUG: sleeping function called from invalid context in lock_sock_nested run #5: crashed: BUG: sleeping function called from invalid context in lock_sock_nested run #6: crashed: BUG: sleeping function called from invalid context in lock_sock_nested run #7: crashed: BUG: sleeping function called from invalid context in lock_sock_nested run #8: crashed: BUG: sleeping function called from invalid context in lock_sock_nested run #9: crashed: BUG: sleeping function called from invalid context in lock_sock_nested run #10: crashed: BUG: sleeping function called from invalid context in lock_sock_nested run #11: crashed: BUG: sleeping function called from invalid context in lock_sock_nested run #12: crashed: BUG: sleeping function called from invalid context in lock_sock_nested run #13: crashed: BUG: sleeping function called from invalid context in lock_sock_nested run #14: crashed: lost connection to test machine run #15: crashed: BUG: sleeping function called from invalid context in lock_sock_nested run #16: crashed: BUG: sleeping function called from invalid context in lock_sock_nested run #17: crashed: BUG: sleeping function called from invalid context in lock_sock_nested run #18: OK run #19: OK representative crash: BUG: sleeping function called from invalid context in lock_sock_nested, types: [ATOMIC_SLEEP] # git bisect bad 99f925947ab0fd5c17b74460d8b32f1aa1c86e3a Bisecting: 168 revisions left to test after this (roughly 8 steps) [decad3e1d1ed150588dd9d44beacf82295b9d5a5] Merge tag 'arm-soc-fixes-v5.13-2' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc testing commit decad3e1d1ed150588dd9d44beacf82295b9d5a5 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 597eabf3cdce6fef8744299f212b0fcbd89e2bd4cdce27bdc59cf88cb08e47cd all runs: crashed: BUG: sleeping function called from invalid context in lock_sock_nested representative crash: BUG: sleeping function called from invalid context in lock_sock_nested, types: [ATOMIC_SLEEP] # git bisect bad decad3e1d1ed150588dd9d44beacf82295b9d5a5 Bisecting: 93 revisions left to test after this (roughly 7 steps) [dc680de28ca849dfe589dc15ac56d22505f0ef11] wireguard: allowedips: allocate nodes in kmem_cache testing commit dc680de28ca849dfe589dc15ac56d22505f0ef11 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 72ef3623fc795e17e5f1a4e5ab999a08f2bd1b9579961616cb938e38a5958069 run #0: crashed: BUG: sleeping function called from invalid context in lock_sock_nested run #1: crashed: BUG: sleeping function called from invalid context in lock_sock_nested run #2: crashed: BUG: sleeping function called from invalid context in lock_sock_nested run #3: crashed: BUG: sleeping function called from invalid context in lock_sock_nested run #4: crashed: BUG: sleeping function called from invalid context in lock_sock_nested run #5: crashed: BUG: sleeping function called from invalid context in lock_sock_nested run #6: crashed: BUG: sleeping function called from invalid context in lock_sock_nested run #7: crashed: BUG: sleeping function called from invalid context in lock_sock_nested run #8: crashed: BUG: sleeping function called from invalid context in lock_sock_nested run #9: crashed: BUG: sleeping function called from invalid context in lock_sock_nested run #10: crashed: BUG: sleeping function called from invalid context in lock_sock_nested run #11: crashed: BUG: sleeping function called from invalid context in lock_sock_nested run #12: crashed: BUG: sleeping function called from invalid context in lock_sock_nested run #13: crashed: BUG: sleeping function called from invalid context in lock_sock_nested run #14: crashed: BUG: sleeping function called from invalid context in lock_sock_nested run #15: crashed: BUG: sleeping function called from invalid context in lock_sock_nested run #16: crashed: BUG: sleeping function called from invalid context in lock_sock_nested run #17: crashed: BUG: sleeping function called from invalid context in lock_sock_nested run #18: crashed: BUG: sleeping function called from invalid context in lock_sock_nested run #19: OK representative crash: BUG: sleeping function called from invalid context in lock_sock_nested, types: [ATOMIC_SLEEP] # git bisect bad dc680de28ca849dfe589dc15ac56d22505f0ef11 Bisecting: 47 revisions left to test after this (roughly 6 steps) [86b84066dc8fbb93221000e60946960cf7d54587] Merge git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf testing commit 86b84066dc8fbb93221000e60946960cf7d54587 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 1d40ca689222ca767f0a8e2d5f08010a680087bffabb742e4d15ab3a7f312cbf all runs: OK false negative chance: 0.000 # git bisect good 86b84066dc8fbb93221000e60946960cf7d54587 Bisecting: 20 revisions left to test after this (roughly 5 steps) [5e7a2c6494813e58252caf342f5ddb166ad44d1a] Merge tag 'wireless-drivers-2021-06-03' of git://git.kernel.org/pub/scm/linux/kernel/git/kvalo/wireless-drivers testing commit 5e7a2c6494813e58252caf342f5ddb166ad44d1a gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 8af95e711c581d50076b3c31701099efcce2fc8d3c19fc53f0714883016be4f3 all runs: OK false negative chance: 0.000 # git bisect good 5e7a2c6494813e58252caf342f5ddb166ad44d1a Bisecting: 12 revisions left to test after this (roughly 3 steps) [1a8024239dacf53fcf39c0f07fbf2712af22864f] virtio-net: fix for skb_over_panic inside big mode testing commit 1a8024239dacf53fcf39c0f07fbf2712af22864f gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: c049bfbdcd5b2f0034610cad081195edf20ac616217cddadc8d33fb9f5c66585 all runs: OK false negative chance: 0.000 # git bisect good 1a8024239dacf53fcf39c0f07fbf2712af22864f Bisecting: 6 revisions left to test after this (roughly 3 steps) [acf2492b51c9a3c4dfb947f4d3477a86d315150f] wireguard: selftests: remove old conntrack kconfig value testing commit acf2492b51c9a3c4dfb947f4d3477a86d315150f gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 72ef3623fc795e17e5f1a4e5ab999a08f2bd1b9579961616cb938e38a5958069 run #0: crashed: BUG: sleeping function called from invalid context in lock_sock_nested run #1: crashed: BUG: sleeping function called from invalid context in lock_sock_nested run #2: crashed: BUG: sleeping function called from invalid context in lock_sock_nested run #3: crashed: BUG: sleeping function called from invalid context in lock_sock_nested run #4: crashed: BUG: sleeping function called from invalid context in lock_sock_nested run #5: crashed: BUG: sleeping function called from invalid context in lock_sock_nested run #6: crashed: BUG: sleeping function called from invalid context in lock_sock_nested run #7: crashed: BUG: sleeping function called from invalid context in lock_sock_nested run #8: crashed: BUG: sleeping function called from invalid context in lock_sock_nested run #9: crashed: BUG: sleeping function called from invalid context in lock_sock_nested run #10: crashed: BUG: sleeping function called from invalid context in lock_sock_nested run #11: crashed: BUG: sleeping function called from invalid context in lock_sock_nested run #12: crashed: BUG: sleeping function called from invalid context in lock_sock_nested run #13: crashed: BUG: sleeping function called from invalid context in lock_sock_nested run #14: crashed: BUG: sleeping function called from invalid context in lock_sock_nested run #15: crashed: BUG: sleeping function called from invalid context in lock_sock_nested run #16: OK run #17: OK run #18: OK run #19: OK representative crash: BUG: sleeping function called from invalid context in lock_sock_nested, types: [ATOMIC_SLEEP] # git bisect bad acf2492b51c9a3c4dfb947f4d3477a86d315150f Bisecting: 2 revisions left to test after this (roughly 2 steps) [a83d958504734f78f42b1e3392d93816297e790a] Bluetooth: Fix VIRTIO_ID_BT assigned number testing commit a83d958504734f78f42b1e3392d93816297e790a gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 063172649245f2321b7ea7876cc4090c72de76e3cc08507054f96cb1b4e3951b run #0: basic kernel testing failed: BUG: sleeping function called from invalid context in lock_sock_nested run #1: crashed: BUG: sleeping function called from invalid context in lock_sock_nested run #2: crashed: BUG: sleeping function called from invalid context in lock_sock_nested run #3: crashed: BUG: sleeping function called from invalid context in lock_sock_nested run #4: crashed: BUG: sleeping function called from invalid context in lock_sock_nested run #5: crashed: BUG: sleeping function called from invalid context in lock_sock_nested run #6: crashed: BUG: sleeping function called from invalid context in lock_sock_nested run #7: crashed: BUG: sleeping function called from invalid context in lock_sock_nested run #8: crashed: BUG: sleeping function called from invalid context in lock_sock_nested run #9: crashed: BUG: sleeping function called from invalid context in lock_sock_nested run #10: crashed: BUG: sleeping function called from invalid context in lock_sock_nested run #11: crashed: BUG: sleeping function called from invalid context in lock_sock_nested run #12: crashed: BUG: sleeping function called from invalid context in lock_sock_nested run #13: crashed: BUG: sleeping function called from invalid context in lock_sock_nested run #14: crashed: BUG: sleeping function called from invalid context in lock_sock_nested run #15: crashed: BUG: sleeping function called from invalid context in lock_sock_nested run #16: crashed: BUG: sleeping function called from invalid context in lock_sock_nested run #17: crashed: BUG: sleeping function called from invalid context in lock_sock_nested run #18: crashed: BUG: sleeping function called from invalid context in lock_sock_nested run #19: OK representative crash: BUG: sleeping function called from invalid context in lock_sock_nested, types: [ATOMIC_SLEEP] # git bisect bad a83d958504734f78f42b1e3392d93816297e790a Bisecting: 0 revisions left to test after this (roughly 1 step) [e305509e678b3a4af2b3cfd410f409f7cdaabb52] Bluetooth: use correct lock to prevent UAF of hdev object testing commit e305509e678b3a4af2b3cfd410f409f7cdaabb52 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 063172649245f2321b7ea7876cc4090c72de76e3cc08507054f96cb1b4e3951b run #0: crashed: BUG: sleeping function called from invalid context in lock_sock_nested run #1: crashed: BUG: sleeping function called from invalid context in lock_sock_nested run #2: crashed: BUG: sleeping function called from invalid context in lock_sock_nested run #3: crashed: BUG: sleeping function called from invalid context in lock_sock_nested run #4: crashed: BUG: sleeping function called from invalid context in lock_sock_nested run #5: crashed: BUG: sleeping function called from invalid context in lock_sock_nested run #6: crashed: BUG: sleeping function called from invalid context in lock_sock_nested run #7: crashed: BUG: sleeping function called from invalid context in lock_sock_nested run #8: crashed: BUG: sleeping function called from invalid context in lock_sock_nested run #9: crashed: BUG: sleeping function called from invalid context in lock_sock_nested run #10: crashed: BUG: sleeping function called from invalid context in lock_sock_nested run #11: crashed: BUG: sleeping function called from invalid context in lock_sock_nested run #12: crashed: BUG: sleeping function called from invalid context in lock_sock_nested run #13: crashed: BUG: sleeping function called from invalid context in lock_sock_nested run #14: crashed: BUG: sleeping function called from invalid context in lock_sock_nested run #15: crashed: BUG: sleeping function called from invalid context in lock_sock_nested run #16: crashed: BUG: sleeping function called from invalid context in lock_sock_nested run #17: crashed: BUG: sleeping function called from invalid context in lock_sock_nested run #18: crashed: BUG: sleeping function called from invalid context in lock_sock_nested run #19: OK representative crash: BUG: sleeping function called from invalid context in lock_sock_nested, types: [ATOMIC_SLEEP] # git bisect bad e305509e678b3a4af2b3cfd410f409f7cdaabb52 Bisecting: 0 revisions left to test after this (roughly 0 steps) [6a137caec23aeb9e036cdfd8a46dd8a366460e5d] Bluetooth: fix the erroneous flush_work() order testing commit 6a137caec23aeb9e036cdfd8a46dd8a366460e5d gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: d9ac25c43a45db6b2ffdf6866f4fe43e390db29bc841d3c7e427d158a0a6ae0e all runs: OK false negative chance: 0.000 # git bisect good 6a137caec23aeb9e036cdfd8a46dd8a366460e5d e305509e678b3a4af2b3cfd410f409f7cdaabb52 is the first bad commit commit e305509e678b3a4af2b3cfd410f409f7cdaabb52 Author: Lin Ma Date: Sun May 30 21:37:43 2021 +0800 Bluetooth: use correct lock to prevent UAF of hdev object The hci_sock_dev_event() function will cleanup the hdev object for sockets even if this object may still be in used within the hci_sock_bound_ioctl() function, result in UAF vulnerability. This patch replace the BH context lock to serialize these affairs and prevent the race condition. Signed-off-by: Lin Ma Signed-off-by: Marcel Holtmann net/bluetooth/hci_sock.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) accumulated error probability: 0.00 culprit signature: 063172649245f2321b7ea7876cc4090c72de76e3cc08507054f96cb1b4e3951b parent signature: d9ac25c43a45db6b2ffdf6866f4fe43e390db29bc841d3c7e427d158a0a6ae0e reproducer is flaky (0.87 repro chance estimate) revisions tested: 33, total time: 9h34m21.844898536s (build: 4h28m53.861562281s, test: 4h51m49.961256105s) first bad commit: e305509e678b3a4af2b3cfd410f409f7cdaabb52 Bluetooth: use correct lock to prevent UAF of hdev object recipients (to): ["davem@davemloft.net" "johan.hedberg@gmail.com" "kuba@kernel.org" "linma@zju.edu.cn" "linux-bluetooth@vger.kernel.org" "luiz.dentz@gmail.com" "marcel@holtmann.org" "marcel@holtmann.org" "netdev@vger.kernel.org"] recipients (cc): ["linux-kernel@vger.kernel.org"] crash: BUG: sleeping function called from invalid context in lock_sock_nested BUG: sleeping function called from invalid context at net/core/sock.c:3056 in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 2776, name: syz-executor 1 lock held by syz-executor/2776: #0: ffffffff87780900 (hci_sk_list.lock){++++}-{2:2}, at: hci_sock_dev_event+0x34a/0x5c0 net/bluetooth/hci_sock.c:763 CPU: 0 PID: 2776 Comm: syz-executor Not tainted 5.12.0-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 Call Trace: __dump_stack lib/dump_stack.c:79 [inline] dump_stack+0xa5/0xe6 lib/dump_stack.c:120 ___might_sleep.cold+0x141/0x16f kernel/sched/core.c:8338 lock_sock_nested+0x1e/0xf0 net/core/sock.c:3056 lock_sock include/net/sock.h:1610 [inline] hci_sock_dev_event+0x3c0/0x5c0 net/bluetooth/hci_sock.c:765 hci_unregister_dev+0x29b/0xfb0 net/bluetooth/hci_core.c:4013 vhci_release+0x62/0xd0 drivers/bluetooth/hci_vhci.c:340 __fput+0x1ff/0x870 fs/file_table.c:280 task_work_run+0xc9/0x170 kernel/task_work.c:164 exit_task_work include/linux/task_work.h:32 [inline] do_exit+0xa1b/0x2480 kernel/exit.c:826 do_group_exit+0xe7/0x2a0 kernel/exit.c:923 get_signal+0x3ad/0x1be0 kernel/signal.c:2818 arch_do_signal_or_restart+0x2b1/0x18b0 arch/x86/kernel/signal.c:789 handle_signal_work kernel/entry/common.c:147 [inline] exit_to_user_mode_loop kernel/entry/common.c:171 [inline] exit_to_user_mode_prepare+0x164/0x230 kernel/entry/common.c:208 __syscall_exit_to_user_mode_work kernel/entry/common.c:290 [inline] syscall_exit_to_user_mode+0x1a/0x60 kernel/entry/common.c:301 do_syscall_64+0x4f/0x80 arch/x86/entry/common.c:57 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7f679f50e8fc Code: Unable to access opcode bytes at RIP 0x7f679f50e8d2. RSP: 002b:00007ffd4ec235b0 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 RAX: fffffffffffffe00 RBX: 0000000000000003 RCX: 00007f679f50e8fc RDX: 0000000000000028 RSI: 00007ffd4ec23660 RDI: 00000000000000f9 RBP: 00007ffd4ec2360c R08: 0000000000000000 R09: 00007ffd4ec23327 R10: 00007ffd4ec22f70 R11: 0000000000000246 R12: 00007f679f67bf68 R13: 00000000000129ad R14: 00000000000129ad R15: 00007ffd4ec23660 BUG: scheduling while atomic: syz-executor/2776/0x00000002 1 lock held by syz-executor/2776: #0: ffffffff87780900 (hci_sk_list.lock){++++}-{2:2}, at: hci_sock_dev_event+0x34a/0x5c0 net/bluetooth/hci_sock.c:763 Modules linked in: