bisecting cause commit starting from 835d31d319d9c8c4eb6cac074643360ba0ecab10 building syzkaller on 7eb7e15259fddd67759f90feb2b016da878f76c7 testing commit 835d31d319d9c8c4eb6cac074643360ba0ecab10 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: 9854be32fa8b60d6063f44e68ff320be704d7e0e7af2425ca5b8f2d67f0c3902 all runs: crashed: KASAN: null-ptr-deref Write in __pm_runtime_resume testing release v5.14 testing commit 7d2a07b769330c34b4deabeed939325c77a7ec2f compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: 22f356b24ddd30ea3e41017a45adf7b1452162a1d468cc20535b0490e0ecba4c all runs: OK # git bisect start 835d31d319d9c8c4eb6cac074643360ba0ecab10 7d2a07b769330c34b4deabeed939325c77a7ec2f Bisecting: 3520 revisions left to test after this (roughly 11 steps) [29ce8f9701072fc221d9c38ad952de1a9578f95c] Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net testing commit 29ce8f9701072fc221d9c38ad952de1a9578f95c compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: 3d319e55a89f4cc10c56530bb0a6ce66ad61ca2f13a073f123aa35ee10710ea9 all runs: crashed: KASAN: null-ptr-deref Write in __pm_runtime_resume # git bisect bad 29ce8f9701072fc221d9c38ad952de1a9578f95c Bisecting: 951 revisions left to test after this (roughly 10 steps) [bed5a942e27e1df67250e27e1f2eb5ea2d4cc362] Merge tag 'mlx5-updates-2021-08-11' of git://git.kernel.org/pub/scm/linux/kernel/git/saeed/linux testing commit bed5a942e27e1df67250e27e1f2eb5ea2d4cc362 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: 361ff5d602c39e9ff822d6baf3af27896c140978afbe170ec3f40dd11ea71cec all runs: OK # git bisect good bed5a942e27e1df67250e27e1f2eb5ea2d4cc362 Bisecting: 475 revisions left to test after this (roughly 9 steps) [38cbd6e77f85c7fbf5a34a0aebf9c3e6d01fc214] Merge branch 'lan7800-improvements' testing commit 38cbd6e77f85c7fbf5a34a0aebf9c3e6d01fc214 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: 34e180f7cdd47773b0df691f39153cc6740fc601daa967fb9a22c26e76a7c438 all runs: crashed: KASAN: null-ptr-deref Write in __pm_runtime_resume # git bisect bad 38cbd6e77f85c7fbf5a34a0aebf9c3e6d01fc214 Bisecting: 215 revisions left to test after this (roughly 8 steps) [e61fbee7be4b9566f8e8fcb15aadad0f17936c31] Merge tag 'for-net-next-2021-08-19' of git://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next testing commit e61fbee7be4b9566f8e8fcb15aadad0f17936c31 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: 196d1602902838906e5bbfd39192daa41a4c085186a8c1eb57644b6ad767c28e all runs: crashed: KASAN: null-ptr-deref Write in __pm_runtime_resume # git bisect bad e61fbee7be4b9566f8e8fcb15aadad0f17936c31 Bisecting: 129 revisions left to test after this (roughly 7 steps) [371b90377e6041ddacbee59068ebdbff85774829] selftests: mptcp: set and print the fullmesh flag testing commit 371b90377e6041ddacbee59068ebdbff85774829 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: e890be48f942513f5d0739469b5d1b997fbc0a4d6b75f6ec34af2cefb33f24b6 all runs: OK # git bisect good 371b90377e6041ddacbee59068ebdbff85774829 Bisecting: 65 revisions left to test after this (roughly 6 steps) [f444fea7896dbc267249d27f604082a51b8efca2] Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net testing commit f444fea7896dbc267249d27f604082a51b8efca2 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: a171a1b744dcf7bb3d2b069cfc10e7753c08f275fab1850716ab60803afcaed0 all runs: OK # git bisect good f444fea7896dbc267249d27f604082a51b8efca2 Bisecting: 32 revisions left to test after this (roughly 5 steps) [53492a668e3b9b823fc9a3ba563a5d10fef32c03] Bluetooth: btintel: Add btintel data struct testing commit 53492a668e3b9b823fc9a3ba563a5d10fef32c03 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: dcce5628363aff7ac09ef3313b586ae4ec3989f1079fe472acf706979b43536f all runs: crashed: KASAN: null-ptr-deref Write in __pm_runtime_resume # git bisect bad 53492a668e3b9b823fc9a3ba563a5d10fef32c03 Bisecting: 16 revisions left to test after this (roughly 4 steps) [92fe24a7db751b80925214ede43f8d2be792ea7b] Bluetooth: skip invalid hci_sync_conn_complete_evt testing commit 92fe24a7db751b80925214ede43f8d2be792ea7b compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: 1f4b348fda23beaa8dee2bac317b1a8050366f3bc96aa6f9d1202bd156b0b196 run #0: basic kernel testing failed: BUG: sleeping function called from invalid context in stack_depot_save run #1: basic kernel testing failed: possible deadlock in fs_reclaim_acquire run #2: crashed: KASAN: null-ptr-deref Write in __pm_runtime_resume run #3: crashed: KASAN: null-ptr-deref Write in __pm_runtime_resume run #4: crashed: KASAN: null-ptr-deref Write in __pm_runtime_resume run #5: crashed: KASAN: null-ptr-deref Write in __pm_runtime_resume run #6: crashed: KASAN: null-ptr-deref Write in __pm_runtime_resume run #7: crashed: KASAN: null-ptr-deref Write in __pm_runtime_resume run #8: crashed: KASAN: null-ptr-deref Write in __pm_runtime_resume run #9: crashed: KASAN: null-ptr-deref Write in __pm_runtime_resume # git bisect bad 92fe24a7db751b80925214ede43f8d2be792ea7b Bisecting: 7 revisions left to test after this (roughly 3 steps) [ee3f96ad3eff61b5f3a48c050af533e0320c43ab] Bluetooth: btrsi: use non-kernel-doc comment for copyright testing commit ee3f96ad3eff61b5f3a48c050af533e0320c43ab compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: adff16319aa58cbe5f792edda66fd36b5aed13de9a242222a907488fb3e7328d all runs: OK # git bisect good ee3f96ad3eff61b5f3a48c050af533e0320c43ab Bisecting: 3 revisions left to test after this (roughly 2 steps) [d9dd833cf6d29695682ec7e7924c0d0992b906bc] Bluetooth: hci_h5: Add runtime suspend testing commit d9dd833cf6d29695682ec7e7924c0d0992b906bc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: ae6d0697fd831c2b6179bb5d7c3b9b6e3d812038ad1fde5d19d132ea54891a72 run #0: crashed: KASAN: null-ptr-deref Write in __pm_runtime_resume run #1: crashed: KASAN: null-ptr-deref Write in __pm_runtime_resume run #2: crashed: KASAN: null-ptr-deref Write in __pm_runtime_resume run #3: crashed: BUG: unable to handle kernel NULL pointer dereference in __pm_runtime_resume run #4: crashed: KASAN: null-ptr-deref Write in __pm_runtime_resume run #5: crashed: KASAN: null-ptr-deref Write in __pm_runtime_resume run #6: crashed: KASAN: null-ptr-deref Write in __pm_runtime_resume run #7: crashed: KASAN: null-ptr-deref Write in __pm_runtime_resume run #8: crashed: KASAN: null-ptr-deref Write in __pm_runtime_resume run #9: crashed: KASAN: null-ptr-deref Write in __pm_runtime_resume # git bisect bad d9dd833cf6d29695682ec7e7924c0d0992b906bc Bisecting: 1 revision left to test after this (roughly 1 step) [66f077dde74943e9dd84a9205b4951b19556c9ea] Bluetooth: hci_h5: add WAKEUP_DISABLE flag testing commit 66f077dde74943e9dd84a9205b4951b19556c9ea compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: f5541cebdd2915a4a19814ad3b070fc401c5e7857e5ca74eb7d8497a7e87555c run #0: basic kernel testing failed: BUG: sleeping function called from invalid context in stack_depot_save run #1: crashed: BUG: sleeping function called from invalid context in lock_sock_nested run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK reproducer seems to be flaky # git bisect bad 66f077dde74943e9dd84a9205b4951b19556c9ea Bisecting: 0 revisions left to test after this (roughly 0 steps) [64832df2ac056f111b51aaebbe54a996e0fce7f1] Bluetooth: btusb: Add support for Foxconn Mediatek Chip testing commit 64832df2ac056f111b51aaebbe54a996e0fce7f1 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: b8bdf8c17a349908546b663a0a2ac9c7b45d13a5765eccff3e572878c6e0af25 all runs: OK # git bisect good 64832df2ac056f111b51aaebbe54a996e0fce7f1 66f077dde74943e9dd84a9205b4951b19556c9ea is the first bad commit commit 66f077dde74943e9dd84a9205b4951b19556c9ea Author: Archie Pusaka Date: Fri Jul 23 19:31:55 2021 +0800 Bluetooth: hci_h5: add WAKEUP_DISABLE flag Some RTL chips resets the FW on suspend, so wakeup is disabled on those chips. This patch introduces this WAKEUP_DISABLE flag so that chips that doesn't reset FW on suspend can leave the flag unset and is allowed to wake the host. This patch also left RTL8822 WAKEUP_DISABLE flag unset, therefore allowing it to wake the host, and preventing reprobing on resume. Signed-off-by: Archie Pusaka Reviewed-by: Abhishek Pandit-Subedi Reviewed-by: Hilda Wu Signed-off-by: Marcel Holtmann drivers/bluetooth/hci_h5.c | 83 ++++++++++++++++++++++++++++++++-------------- 1 file changed, 59 insertions(+), 24 deletions(-) culprit signature: f5541cebdd2915a4a19814ad3b070fc401c5e7857e5ca74eb7d8497a7e87555c parent signature: b8bdf8c17a349908546b663a0a2ac9c7b45d13a5765eccff3e572878c6e0af25 Reproducer flagged being flaky revisions tested: 14, total time: 3h6m12.434425342s (build: 1h37m56.786625917s, test: 1h26m48.845409834s) first bad commit: 66f077dde74943e9dd84a9205b4951b19556c9ea Bluetooth: hci_h5: add WAKEUP_DISABLE flag recipients (to): ["abhishekpandit@chromium.org" "apusaka@chromium.org" "hildawu@realtek.com" "marcel@holtmann.org"] recipients (cc): [] crash: BUG: sleeping function called from invalid context in lock_sock_nested BUG: sleeping function called from invalid context at net/core/sock.c:3161 in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 8916, name: syz-executor.1 1 lock held by syz-executor.1/8916: #0: ffffffff8c1f96a0 (hci_sk_list.lock){++++}-{2:2}, at: hci_sock_dev_event+0x374/0x5c0 net/bluetooth/hci_sock.c:763 Preemption disabled at: [<0000000000000000>] 0x0 CPU: 0 PID: 8916 Comm: syz-executor.1 Not tainted 5.14.0-rc1-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x57/0x7d lib/dump_stack.c:105 ___might_sleep.cold+0x1f1/0x237 kernel/sched/core.c:9154 lock_sock_nested+0x1e/0xf0 net/core/sock.c:3161 lock_sock include/net/sock.h:1613 [inline] hci_sock_dev_event+0x3ea/0x5c0 net/bluetooth/hci_sock.c:765 hci_unregister_dev+0x29b/0xfb0 net/bluetooth/hci_core.c:4033 vhci_release+0x62/0xd0 drivers/bluetooth/hci_vhci.c:340 __fput+0x209/0x870 fs/file_table.c:280 task_work_run+0xc0/0x160 kernel/task_work.c:164 exit_task_work include/linux/task_work.h:32 [inline] do_exit+0x9fe/0x24e0 kernel/exit.c:825 do_group_exit+0xe7/0x290 kernel/exit.c:922 __do_sys_exit_group kernel/exit.c:933 [inline] __se_sys_exit_group kernel/exit.c:931 [inline] __x64_sys_exit_group+0x35/0x40 kernel/exit.c:931 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x4665f9 Code: Unable to access opcode bytes at RIP 0x4665cf. RSP: 002b:00007ffdf1141088 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 RAX: ffffffffffffffda RBX: 00007ffdf1141848 RCX: 00000000004665f9 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000043 RBP: 0000000000000000 R08: 0000000000000025 R09: 00007ffdf1141848 R10: 00000000ffffffff R11: 0000000000000246 R12: 00000000004bef74 R13: 0000000000000010 R14: 0000000000000000 R15: 0000000000400538 ======================================================