bisecting fixing commit since c0842fbc1b18c7a044e6ff3e8fa78bfa822c7d1a building syzkaller on 80a0690249dc4dbbbed95ba197192b99c73694c5 testing commit c0842fbc1b18c7a044e6ff3e8fa78bfa822c7d1a with gcc (GCC) 8.1.0 kernel signature: 088213130a28011c92ac9526e63a5b072edc6ea83bdfeec3ce95a57dc9399743 run #0: crashed: WARNING: refcount bug in do_enable_set run #1: crashed: WARNING: refcount bug in do_enable_set run #2: crashed: WARNING: refcount bug in do_enable_set run #3: crashed: WARNING: refcount bug in do_enable_set run #4: crashed: WARNING: refcount bug in do_enable_set run #5: crashed: WARNING: refcount bug in do_enable_set run #6: crashed: BUG: unable to handle kernel NULL pointer dereference in l2cap_chan_close run #7: crashed: WARNING: refcount bug in do_enable_set run #8: crashed: BUG: unable to handle kernel NULL pointer dereference in l2cap_chan_close run #9: crashed: BUG: unable to handle kernel NULL pointer dereference in l2cap_chan_close testing current HEAD 59126901f200f5fc907153468b03c64e0081b6e6 testing commit 59126901f200f5fc907153468b03c64e0081b6e6 with gcc (GCC) 8.1.0 kernel signature: a2ea870684ec3f13048c4ccd0ee9d64c1324e9527159162f8d60e75842cd078e all runs: OK # git bisect start 59126901f200f5fc907153468b03c64e0081b6e6 c0842fbc1b18c7a044e6ff3e8fa78bfa822c7d1a Bisecting: 6090 revisions left to test after this (roughly 13 steps) [921d2597abfc05e303f08baa6ead8f9ab8a723e1] Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm testing commit 921d2597abfc05e303f08baa6ead8f9ab8a723e1 with gcc (GCC) 8.1.0 kernel signature: ef8d1db53ea3b0fe95b2be29edf2b31ec2cd409d085760d8e433a335390fdbe0 all runs: OK # git bisect bad 921d2597abfc05e303f08baa6ead8f9ab8a723e1 Bisecting: 2601 revisions left to test after this (roughly 12 steps) [8186749621ed6b8fc42644c399e8c755a2b6f630] Merge tag 'drm-next-2020-08-06' of git://anongit.freedesktop.org/drm/drm testing commit 8186749621ed6b8fc42644c399e8c755a2b6f630 with gcc (GCC) 8.1.0 kernel signature: e35d93a0b5dfe6bad2b5c687b55c72e027727d2a15e8837de7604cdd84b60cd5 run #0: crashed: WARNING: refcount bug in do_enable_set run #1: crashed: BUG: unable to handle kernel NULL pointer dereference in l2cap_chan_close run #2: crashed: WARNING: refcount bug in do_enable_set run #3: crashed: WARNING: refcount bug in do_enable_set run #4: crashed: WARNING: refcount bug in do_enable_set run #5: crashed: WARNING: refcount bug in do_enable_set run #6: crashed: WARNING: refcount bug in do_enable_set run #7: crashed: WARNING: refcount bug in do_enable_set run #8: crashed: BUG: unable to handle kernel NULL pointer dereference in l2cap_chan_close run #9: crashed: WARNING: refcount bug in do_enable_set # git bisect good 8186749621ed6b8fc42644c399e8c755a2b6f630 Bisecting: 1288 revisions left to test after this (roughly 10 steps) [cfd6920175ac848e057ed258e87c427792f371d0] Merge tag 'wireless-drivers-next-2020-07-20' of git://git.kernel.org/pub/scm/linux/kernel/git/kvalo/wireless-drivers-next testing commit cfd6920175ac848e057ed258e87c427792f371d0 with gcc (GCC) 8.1.0 kernel signature: efcf8095ef491d852e9619ec21b16b804bda393ec9b11fc153b9e03588808e93 run #0: crashed: BUG: unable to handle kernel NULL pointer dereference in l2cap_chan_close run #1: crashed: WARNING: refcount bug in do_enable_set run #2: crashed: WARNING: refcount bug in do_enable_set run #3: crashed: WARNING: refcount bug in do_enable_set run #4: crashed: WARNING: refcount bug in do_enable_set run #5: crashed: BUG: unable to handle kernel NULL pointer dereference in l2cap_chan_close run #6: crashed: WARNING: refcount bug in do_enable_set run #7: crashed: WARNING: refcount bug in do_enable_set run #8: crashed: WARNING: refcount bug in do_enable_set run #9: crashed: WARNING: refcount bug in do_enable_set # git bisect good cfd6920175ac848e057ed258e87c427792f371d0 Bisecting: 649 revisions left to test after this (roughly 9 steps) [2f631133c40cd8e311ae393518c3e651e476ab66] net: Pass NULL to skb_network_protocol() when we don't care about vlan depth testing commit 2f631133c40cd8e311ae393518c3e651e476ab66 with gcc (GCC) 8.1.0 kernel signature: a6281778708c7888e9d21f1c394f2fdb2598ffc55d92f7c45ba55ead348f4ea7 run #0: OK run #1: OK run #2: boot failed: can't ssh into the instance run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect bad 2f631133c40cd8e311ae393518c3e651e476ab66 Bisecting: 319 revisions left to test after this (roughly 8 steps) [5e4ef67346ee8f64b3cac4cbc1c866fd8f18dcd7] sfc_ef100: process events for MCDI completions testing commit 5e4ef67346ee8f64b3cac4cbc1c866fd8f18dcd7 with gcc (GCC) 8.1.0 kernel signature: 3a1577f7a95bb9b75c6f1bca4fe906a6a7a0aa282de3620f630b936b62ba851f run #0: basic kernel testing failed: failed to copy test binary to VM: failed to run ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "-i" "/syzkaller/jobs/linux/workdir/image/key" "/tmp/syz-executor129129696" "root@10.128.15.197:./syz-executor129129696"]: exit status 1 Connection timed out during banner exchange lost connection run #1: crashed: BUG: unable to handle kernel NULL pointer dereference in l2cap_chan_close run #2: basic kernel testing failed: failed to copy test binary to VM: failed to run ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "-i" "/syzkaller/jobs/linux/workdir/image/key" "/tmp/syz-executor025845439" "root@10.128.0.15:./syz-executor025845439"]: exit status 1 Connection timed out during banner exchange lost connection run #3: crashed: WARNING: refcount bug in do_enable_set run #4: crashed: WARNING: refcount bug in do_enable_set run #5: crashed: WARNING: refcount bug in do_enable_set run #6: crashed: WARNING: refcount bug in do_enable_set run #7: crashed: BUG: unable to handle kernel NULL pointer dereference in l2cap_chan_close run #8: crashed: WARNING: refcount bug in do_enable_set run #9: crashed: WARNING: refcount bug in do_enable_set # git bisect good 5e4ef67346ee8f64b3cac4cbc1c866fd8f18dcd7 Bisecting: 185 revisions left to test after this (roughly 7 steps) [bd69058f50d5ffa659423bcfa6fe6280ce9c760a] net: ll_temac: Use devm_platform_ioremap_resource_byname() testing commit bd69058f50d5ffa659423bcfa6fe6280ce9c760a with gcc (GCC) 8.1.0 kernel signature: e2ffb8442e58d63d3f85f014eafda5f1a6fdf7783dc3c9fab75f9d1cdadf5527 all runs: crashed: WARNING: refcount bug in do_enable_set # git bisect good bd69058f50d5ffa659423bcfa6fe6280ce9c760a Bisecting: 92 revisions left to test after this (roughly 7 steps) [02472e28b9a45471c6d8729ff2c7422baa9be46a] s390/qeth: don't process empty bridge port events testing commit 02472e28b9a45471c6d8729ff2c7422baa9be46a with gcc (GCC) 8.1.0 kernel signature: be447f281e4e594ba17b371ccbc93628ac362728ba92e1c1f58e21c1caba5b17 all runs: OK # git bisect bad 02472e28b9a45471c6d8729ff2c7422baa9be46a Bisecting: 46 revisions left to test after this (roughly 6 steps) [737cd06072a72e8984e41af8e5919338d0c5bf2b] Bluetooth: btmtksdio: fix up firmware download sequence testing commit 737cd06072a72e8984e41af8e5919338d0c5bf2b with gcc (GCC) 8.1.0 kernel signature: 42abcc4bec62154821e4dbc01ca74b3f6b8604178276c61f9eed9653bd6b02ca run #0: crashed: general protection fault in __queue_work run #1: crashed: general protection fault in __queue_work run #2: crashed: general protection fault in __queue_work run #3: crashed: general protection fault in __queue_work run #4: crashed: general protection fault in __queue_work run #5: crashed: general protection fault in __queue_work run #6: crashed: general protection fault in __queue_work run #7: basic kernel testing failed: failed to copy test binary to VM: timedout ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "-i" "/syzkaller/jobs/linux/workdir/image/key" "/tmp/syz-executor536125922" "root@10.128.15.202:./syz-executor536125922"] run #8: basic kernel testing failed: failed to copy test binary to VM: timedout ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "-i" "/syzkaller/jobs/linux/workdir/image/key" "/tmp/syz-executor696967896" "root@10.128.0.40:./syz-executor696967896"] run #9: basic kernel testing failed: failed to copy test binary to VM: timedout ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "-i" "/syzkaller/jobs/linux/workdir/image/key" "/tmp/syz-executor963737687" "root@10.128.1.24:./syz-executor963737687"] # git bisect good 737cd06072a72e8984e41af8e5919338d0c5bf2b Bisecting: 23 revisions left to test after this (roughly 5 steps) [339ddaa626995bc6218972ca241471f3717cc5f4] Bluetooth: Fix update of connection state in `hci_encrypt_cfm` testing commit 339ddaa626995bc6218972ca241471f3717cc5f4 with gcc (GCC) 8.1.0 kernel signature: fb8e3c816ef33b536e5eecfc7360afabceaa3aaaa9711c78e06a91dd69b25646 all runs: OK # git bisect bad 339ddaa626995bc6218972ca241471f3717cc5f4 Bisecting: 11 revisions left to test after this (roughly 4 steps) [15d8ce05ebec37a0d701cde768bbf21349f2329d] Bluetooth: le_simult_central_peripheral experimental feature testing commit 15d8ce05ebec37a0d701cde768bbf21349f2329d with gcc (GCC) 8.1.0 kernel signature: 2c135fab44fd0b63235ba2e20997bd43f8eee8463ce2ab5ddda7f22418ddcd62 all runs: OK # git bisect bad 15d8ce05ebec37a0d701cde768bbf21349f2329d Bisecting: 5 revisions left to test after this (roughly 3 steps) [b980d477de2d8393f289fee982cd86ee44f5e37c] Bluetooth: btusb: Comment on unbalanced pm reference testing commit b980d477de2d8393f289fee982cd86ee44f5e37c with gcc (GCC) 8.1.0 kernel signature: 6a499e7a3d7abd05fe13ffad994c01675456f0149fc2ed836981ecfcb3046be6 run #0: basic kernel testing failed: failed to copy test binary to VM: failed to run ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "-i" "/syzkaller/jobs/linux/workdir/image/key" "/tmp/syz-executor809569796" "root@10.128.15.209:./syz-executor809569796"]: exit status 1 Connection timed out during banner exchange lost connection run #1: basic kernel testing failed: failed to copy test binary to VM: failed to run ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "-i" "/syzkaller/jobs/linux/workdir/image/key" "/tmp/syz-executor246772074" "root@10.128.0.32:./syz-executor246772074"]: exit status 1 Connection timed out during banner exchange lost connection run #2: crashed: general protection fault in __queue_work run #3: crashed: general protection fault in __queue_work run #4: crashed: general protection fault in __queue_work run #5: basic kernel testing failed: failed to copy test binary to VM: timedout ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "-i" "/syzkaller/jobs/linux/workdir/image/key" "/tmp/syz-executor029405654" "root@10.128.15.202:./syz-executor029405654"] run #6: basic kernel testing failed: failed to copy test binary to VM: timedout ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "-i" "/syzkaller/jobs/linux/workdir/image/key" "/tmp/syz-executor760891197" "root@10.128.1.18:./syz-executor760891197"] Warning: Permanently added '10.128.1.18' (ECDSA) to the list of known hosts. run #7: basic kernel testing failed: failed to copy test binary to VM: timedout ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "-i" "/syzkaller/jobs/linux/workdir/image/key" "/tmp/syz-executor002509688" "root@10.128.0.148:./syz-executor002509688"] run #8: basic kernel testing failed: failed to copy test binary to VM: timedout ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "-i" "/syzkaller/jobs/linux/workdir/image/key" "/tmp/syz-executor118144631" "root@10.128.15.204:./syz-executor118144631"] run #9: basic kernel testing failed: failed to copy test binary to VM: timedout ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "-i" "/syzkaller/jobs/linux/workdir/image/key" "/tmp/syz-executor721626049" "root@10.128.15.205:./syz-executor721626049"] # git bisect good b980d477de2d8393f289fee982cd86ee44f5e37c Bisecting: 2 revisions left to test after this (roughly 2 steps) [d4edda0f791fccf4cbb8a88566a8f2b1228faaee] Bluetooth: use configured default params for active scans testing commit d4edda0f791fccf4cbb8a88566a8f2b1228faaee with gcc (GCC) 8.1.0 kernel signature: 30b1b1aff7ce91156a324e3954a7653739068c27751b526ee5f50defced0c4bf run #0: basic kernel testing failed: failed to copy test binary to VM: failed to run ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "-i" "/syzkaller/jobs/linux/workdir/image/key" "/tmp/syz-executor299320713" "root@10.128.15.197:./syz-executor299320713"]: exit status 1 Connection timed out during banner exchange lost connection run #1: basic kernel testing failed: failed to copy test binary to VM: failed to run ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "-i" "/syzkaller/jobs/linux/workdir/image/key" "/tmp/syz-executor859935142" "root@10.128.15.204:./syz-executor859935142"]: exit status 1 Connection timed out during banner exchange lost connection run #2: crashed: general protection fault in __queue_work run #3: crashed: general protection fault in __queue_work run #4: crashed: general protection fault in __queue_work run #5: crashed: general protection fault in __queue_work run #6: crashed: general protection fault in __queue_work run #7: crashed: general protection fault in __queue_work run #8: basic kernel testing failed: failed to copy test binary to VM: timedout ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "-i" "/syzkaller/jobs/linux/workdir/image/key" "/tmp/syz-executor307127328" "root@10.128.0.88:./syz-executor307127328"] Warning: Permanently added '10.128.0.88' (ECDSA) to the list of known hosts. run #9: basic kernel testing failed: failed to copy test binary to VM: timedout ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "-i" "/syzkaller/jobs/linux/workdir/image/key" "/tmp/syz-executor566973268" "root@10.128.15.202:./syz-executor566973268"] # git bisect good d4edda0f791fccf4cbb8a88566a8f2b1228faaee Bisecting: 0 revisions left to test after this (roughly 1 step) [b83764f9220a4a14525657466f299850bbc98de9] Bluetooth: Fix kernel oops triggered by hci_adv_monitors_clear() testing commit b83764f9220a4a14525657466f299850bbc98de9 with gcc (GCC) 8.1.0 kernel signature: 187c2e154f670be241b6613fbb519a3888b5f29515971c3ea73c40df0798e92a all runs: OK # git bisect bad b83764f9220a4a14525657466f299850bbc98de9 Bisecting: 0 revisions left to test after this (roughly 0 steps) [461f95f04f19382dcfd17da2d8db37e0cdc719f2] Bluetooth: btusb: USB alternate setting 1 for WBS testing commit 461f95f04f19382dcfd17da2d8db37e0cdc719f2 with gcc (GCC) 8.1.0 kernel signature: c5568ba007060d724cd33c9c606aeb42dc6259ce07e448fa2c6468ca94b8f139 run #0: crashed: general protection fault in __queue_work run #1: crashed: general protection fault in __queue_work run #2: crashed: general protection fault in __queue_work run #3: crashed: general protection fault in __queue_work run #4: crashed: general protection fault in __queue_work run #5: crashed: general protection fault in __queue_work run #6: crashed: general protection fault in __queue_work run #7: basic kernel testing failed: failed to copy test binary to VM: timedout ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "-i" "/syzkaller/jobs/linux/workdir/image/key" "/tmp/syz-executor689896822" "root@10.128.0.203:./syz-executor689896822"] Warning: Permanently added '10.128.0.203' (ECDSA) to the list of known hosts. run #8: basic kernel testing failed: failed to copy test binary to VM: timedout ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "-i" "/syzkaller/jobs/linux/workdir/image/key" "/tmp/syz-executor967941386" "root@10.128.0.115:./syz-executor967941386"] run #9: basic kernel testing failed: failed to copy test binary to VM: timedout ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "-i" "/syzkaller/jobs/linux/workdir/image/key" "/tmp/syz-executor317637324" "root@10.128.0.118:./syz-executor317637324"] Warning: Permanently added '10.128.0.118' (ECDSA) to the list of known hosts. # git bisect good 461f95f04f19382dcfd17da2d8db37e0cdc719f2 b83764f9220a4a14525657466f299850bbc98de9 is the first bad commit commit b83764f9220a4a14525657466f299850bbc98de9 Author: Miao-chen Chou Date: Mon Jun 29 20:15:00 2020 -0700 Bluetooth: Fix kernel oops triggered by hci_adv_monitors_clear() This fixes the kernel oops by removing unnecessary background scan update from hci_adv_monitors_clear() which shouldn't invoke any work queue. The following test was performed. - Run "rmmod btusb" and verify that no kernel oops is triggered. Signed-off-by: Miao-chen Chou Reviewed-by: Abhishek Pandit-Subedi Reviewed-by: Alain Michaud Signed-off-by: Marcel Holtmann net/bluetooth/hci_core.c | 2 -- 1 file changed, 2 deletions(-) culprit signature: 187c2e154f670be241b6613fbb519a3888b5f29515971c3ea73c40df0798e92a parent signature: c5568ba007060d724cd33c9c606aeb42dc6259ce07e448fa2c6468ca94b8f139 revisions tested: 16, total time: 3h47m48.029706138s (build: 1h24m5.546507281s, test: 2h22m3.91739398s) first good commit: b83764f9220a4a14525657466f299850bbc98de9 Bluetooth: Fix kernel oops triggered by hci_adv_monitors_clear() recipients (to): ["abhishekpandit@chromium.org" "alainm@chromium.org" "marcel@holtmann.org" "mcchou@chromium.org"] recipients (cc): []