bisecting fixing commit since fb683b5e3f53a73e761952735736180939a313df building syzkaller on 9fd5a512f39cdc0ec154632d7165855c9dfb3390 testing commit fb683b5e3f53a73e761952735736180939a313df with gcc (GCC) 8.1.0 kernel signature: 06e670dfb45a70346e8f7a9c340468bd2601a031b1d18ddad38544c2b66abd63 all runs: crashed: BUG: sleeping function called from invalid context in tpk_write testing current HEAD 7472c4028e2357202949f99ad94c5a5a34f95666 testing commit 7472c4028e2357202949f99ad94c5a5a34f95666 with gcc (GCC) 8.1.0 kernel signature: 75c5785527ccd646a1c134de328487178ef349467371e6f9a733fd9eef31c945 all runs: OK # git bisect start 7472c4028e2357202949f99ad94c5a5a34f95666 fb683b5e3f53a73e761952735736180939a313df Bisecting: 1370 revisions left to test after this (roughly 11 steps) [72c50d87f76326e1bd3c1081d09ef25aad243586] spi/topcliff_pch: Fix potential NULL dereference on allocation error testing commit 72c50d87f76326e1bd3c1081d09ef25aad243586 with gcc (GCC) 8.1.0 kernel signature: 4653264cbbee8a9de83280988d170cbe08be7c8b908346150b2b08bb5de961ac all runs: crashed: BUG: sleeping function called from invalid context in tpk_write # git bisect good 72c50d87f76326e1bd3c1081d09ef25aad243586 Bisecting: 685 revisions left to test after this (roughly 10 steps) [a4f85674e4693904ade7cbf6722d0d105d8062d8] cfg80211: Fix radar event during another phy CAC testing commit a4f85674e4693904ade7cbf6722d0d105d8062d8 with gcc (GCC) 8.1.0 kernel signature: d0e4f6f873a0cf3811aa85a6d075dd2280bcec3ce2c651130d920e4c2460fc64 all runs: OK # git bisect bad a4f85674e4693904ade7cbf6722d0d105d8062d8 Bisecting: 342 revisions left to test after this (roughly 9 steps) [572b6278483ed3cc33b70658930b16e0cee8366e] crypto: ccp - Reduce maximum stack usage testing commit 572b6278483ed3cc33b70658930b16e0cee8366e with gcc (GCC) 8.1.0 kernel signature: ec865e37122a39de08863d29b929611a9b0d158f917f7f0f5f64f1a99abf0d0e all runs: crashed: BUG: sleeping function called from invalid context in tpk_write # git bisect good 572b6278483ed3cc33b70658930b16e0cee8366e Bisecting: 171 revisions left to test after this (roughly 8 steps) [9bbde0825846002c6931f41fbbd71eeb848ca0e1] tcp: do not leave dangling pointers in tp->highest_sack testing commit 9bbde0825846002c6931f41fbbd71eeb848ca0e1 with gcc (GCC) 8.1.0 kernel signature: 269cd7179ed887211a5bc5fa3c19d54b20717045f283e1baefdd35e6ad0e6da8 all runs: crashed: BUG: sleeping function called from invalid context in tpk_write # git bisect good 9bbde0825846002c6931f41fbbd71eeb848ca0e1 Bisecting: 85 revisions left to test after this (roughly 7 steps) [ad7a72e8180170cb97407d03be349ab7e5b6dc98] serial: 8250_bcm2835aux: Fix line mismatch on driver unbind testing commit ad7a72e8180170cb97407d03be349ab7e5b6dc98 with gcc (GCC) 8.1.0 kernel signature: aa10f4342e7682993391adc1dd96bbf2581274dccdb061ec720a43951eb356d6 all runs: crashed: BUG: sleeping function called from invalid context in tpk_write # git bisect good ad7a72e8180170cb97407d03be349ab7e5b6dc98 Bisecting: 42 revisions left to test after this (roughly 6 steps) [32ee7492f104d82b01a44fc4b4ae17d5d2bb237b] Linux 4.19.101 testing commit 32ee7492f104d82b01a44fc4b4ae17d5d2bb237b with gcc (GCC) 8.1.0 kernel signature: fcf796dfecbe72af146a4a7d6b310393b9fa4ab61ee0b3633628d2c277c421ec all runs: crashed: BUG: sleeping function called from invalid context in tpk_write # git bisect good 32ee7492f104d82b01a44fc4b4ae17d5d2bb237b Bisecting: 21 revisions left to test after this (roughly 5 steps) [fb56687038cfd0e82b6185bdb134d5d7c2b6073f] ttyprintk: fix a potential deadlock in interrupt context issue testing commit fb56687038cfd0e82b6185bdb134d5d7c2b6073f with gcc (GCC) 8.1.0 kernel signature: 3a9326c0c60195ad6b6c1ca46ffa50b020fba7179612d268e1a99dfdc7dd53e7 all runs: OK # git bisect bad fb56687038cfd0e82b6185bdb134d5d7c2b6073f Bisecting: 10 revisions left to test after this (roughly 3 steps) [6d6c4c1bb569edc88624d8f6894928064363d9d5] tools lib: Fix builds when glibc contains strlcpy() testing commit 6d6c4c1bb569edc88624d8f6894928064363d9d5 with gcc (GCC) 8.1.0 kernel signature: 3e0d34ef467cd2e9a2f958579fe0dc9ada21004ab49d8566922837359b4b69c4 all runs: crashed: BUG: sleeping function called from invalid context in tpk_write # git bisect good 6d6c4c1bb569edc88624d8f6894928064363d9d5 Bisecting: 5 revisions left to test after this (roughly 3 steps) [1246693820123c83eabc888b869bf15c1246bb65] media: digitv: don't continue if remote control state can't be read testing commit 1246693820123c83eabc888b869bf15c1246bb65 with gcc (GCC) 8.1.0 kernel signature: 43b539c7cb3fe2cdefe1d04d1e400de2b7295660dbc8f2f2ecd0be8044d3cbf8 all runs: crashed: BUG: sleeping function called from invalid context in tpk_write # git bisect good 1246693820123c83eabc888b869bf15c1246bb65 Bisecting: 2 revisions left to test after this (roughly 2 steps) [3f43d55a25534d4b81ca7a981801354b7f07ce00] media: gspca: zero usb_buf testing commit 3f43d55a25534d4b81ca7a981801354b7f07ce00 with gcc (GCC) 8.1.0 kernel signature: 550c5182e3012b7f4e5b778cf052d6758fb56493b454f9cb51cb32105adc23b3 all runs: crashed: BUG: sleeping function called from invalid context in tpk_write # git bisect good 3f43d55a25534d4b81ca7a981801354b7f07ce00 Bisecting: 0 revisions left to test after this (roughly 1 step) [8f1c7fe1d57e37d03107c75f5deaa6ead31b8a4d] tomoyo: Use atomic_t for statistics counter testing commit 8f1c7fe1d57e37d03107c75f5deaa6ead31b8a4d with gcc (GCC) 8.1.0 kernel signature: a1d143c10703cf1cd6eaca7a2182a736caaba04e73117c6e903b253a3f2406bb all runs: crashed: BUG: sleeping function called from invalid context in tpk_write # git bisect good 8f1c7fe1d57e37d03107c75f5deaa6ead31b8a4d fb56687038cfd0e82b6185bdb134d5d7c2b6073f is the first bad commit commit fb56687038cfd0e82b6185bdb134d5d7c2b6073f Author: Zhenzhong Duan Date: Mon Jan 13 11:48:42 2020 +0800 ttyprintk: fix a potential deadlock in interrupt context issue commit 9a655c77ff8fc65699a3f98e237db563b37c439b upstream. tpk_write()/tpk_close() could be interrupted when holding a mutex, then in timer handler tpk_write() may be called again trying to acquire same mutex, lead to deadlock. Google syzbot reported this issue with CONFIG_DEBUG_ATOMIC_SLEEP enabled: BUG: sleeping function called from invalid context at kernel/locking/mutex.c:938 in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 0, name: swapper/1 1 lock held by swapper/1/0: ... Call Trace: dump_stack+0x197/0x210 ___might_sleep.cold+0x1fb/0x23e __might_sleep+0x95/0x190 __mutex_lock+0xc5/0x13c0 mutex_lock_nested+0x16/0x20 tpk_write+0x5d/0x340 resync_tnc+0x1b6/0x320 call_timer_fn+0x1ac/0x780 run_timer_softirq+0x6c3/0x1790 __do_softirq+0x262/0x98c irq_exit+0x19b/0x1e0 smp_apic_timer_interrupt+0x1a3/0x610 apic_timer_interrupt+0xf/0x20 See link https://syzkaller.appspot.com/bug?extid=2eeef62ee31f9460ad65 for more details. Fix it by using spinlock in process context instead of mutex and having interrupt disabled in critical section. Reported-by: syzbot+2eeef62ee31f9460ad65@syzkaller.appspotmail.com Signed-off-by: Zhenzhong Duan Cc: Arnd Bergmann Cc: Greg Kroah-Hartman Link: https://lore.kernel.org/r/20200113034842.435-1-zhenzhong.duan@gmail.com Signed-off-by: Greg Kroah-Hartman drivers/char/ttyprintk.c | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) culprit signature: 3a9326c0c60195ad6b6c1ca46ffa50b020fba7179612d268e1a99dfdc7dd53e7 parent signature: a1d143c10703cf1cd6eaca7a2182a736caaba04e73117c6e903b253a3f2406bb revisions tested: 13, total time: 3h8m30.915553613s (build: 1h58m48.401981015s, test: 1h8m13.907004362s) first good commit: fb56687038cfd0e82b6185bdb134d5d7c2b6073f ttyprintk: fix a potential deadlock in interrupt context issue cc: ["arnd@arndb.de" "gregkh@linuxfoundation.org" "linux-kernel@vger.kernel.org" "zhenzhong.duan@gmail.com"]