bisecting fixing commit since fffe3ae0ee84e25d2befe2ae59bc32aa2b6bc77b building syzkaller on 0487ea6f5d997a8363eba0d2eb0ea7a925444555 testing commit fffe3ae0ee84e25d2befe2ae59bc32aa2b6bc77b with gcc (GCC) 8.1.0 kernel signature: 76f4ca4c8305b567184a7d0b9fbd4584f61a49ab1ba701158e39b86670cbe278 run #0: crashed: WARNING: refcount bug in do_enable_set run #1: crashed: WARNING: refcount bug in do_enable_set run #2: crashed: WARNING: refcount bug in do_enable_set run #3: crashed: WARNING: refcount bug in do_enable_set run #4: crashed: WARNING: refcount bug in do_enable_set run #5: crashed: WARNING: refcount bug in do_enable_set run #6: crashed: WARNING: refcount bug in do_enable_set run #7: crashed: WARNING: refcount bug in do_enable_set run #8: crashed: BUG: unable to handle kernel NULL pointer dereference in l2cap_chan_close run #9: crashed: WARNING: refcount bug in do_enable_set testing current HEAD dd9fb9bb3340c791a2be106fdc895db75f177343 testing commit dd9fb9bb3340c791a2be106fdc895db75f177343 with gcc (GCC) 8.1.0 kernel signature: 7198cf694d4e8c47f271a20bfe659182d71ab5b60b6e0e99cc7d1933ed7b8054 all runs: OK # git bisect start dd9fb9bb3340c791a2be106fdc895db75f177343 fffe3ae0ee84e25d2befe2ae59bc32aa2b6bc77b Bisecting: 5287 revisions left to test after this (roughly 12 steps) [c0c419c04557117258d184876d94091d29bbd9a6] Merge tag 'staging-5.9-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging testing commit c0c419c04557117258d184876d94091d29bbd9a6 with gcc (GCC) 8.1.0 kernel signature: 46bf905afd160304d59f2cabe584dcce8c3050f18d97fe7c7bf7ec60c386f531 all runs: OK # git bisect bad c0c419c04557117258d184876d94091d29bbd9a6 Bisecting: 3106 revisions left to test after this (roughly 11 steps) [c1055b76ad00aed0e8b79417080f212d736246b6] net: thunderx: initialize VF's mailbox mutex before first usage testing commit c1055b76ad00aed0e8b79417080f212d736246b6 with gcc (GCC) 8.1.0 kernel signature: c2a2d65eaa818634946c88e02ac5aea80a05d07c7b634afbb11e654797b66b9c all runs: OK # git bisect bad c1055b76ad00aed0e8b79417080f212d736246b6 Bisecting: 1135 revisions left to test after this (roughly 10 steps) [9b7b0d1a395d54c12be9f18d1bf7be06aecaa785] sctp: pass a kernel pointer to sctp_setsockopt_peer_addr_params testing commit 9b7b0d1a395d54c12be9f18d1bf7be06aecaa785 with gcc (GCC) 8.1.0 kernel signature: fbb0c2b2d6715242a567886a43f8d46b7faaf0f54615cb47fe2aa901c9ff6ba6 run #0: crashed: WARNING: refcount bug in do_enable_set run #1: crashed: WARNING: refcount bug in do_enable_set run #2: crashed: WARNING: refcount bug in do_enable_set run #3: crashed: WARNING: refcount bug in do_enable_set run #4: crashed: WARNING: refcount bug in do_enable_set run #5: crashed: BUG: unable to handle kernel NULL pointer dereference in l2cap_chan_close run #6: crashed: WARNING: refcount bug in do_enable_set run #7: crashed: WARNING: refcount bug in do_enable_set run #8: crashed: WARNING: refcount bug in do_enable_set run #9: crashed: WARNING: refcount bug in do_enable_set # git bisect good 9b7b0d1a395d54c12be9f18d1bf7be06aecaa785 Bisecting: 567 revisions left to test after this (roughly 9 steps) [1d8e5b0f3f2c6d05697f8192aac7255e6be1e715] net: stmmac: Support WOL with phy testing commit 1d8e5b0f3f2c6d05697f8192aac7255e6be1e715 with gcc (GCC) 8.1.0 kernel signature: e50667c5a05deb7a20f17ac3cad614443b7ab1805680cf4872c6522fe73decd1 run #0: crashed: WARNING: refcount bug in do_enable_set run #1: crashed: WARNING: refcount bug in do_enable_set run #2: crashed: WARNING: refcount bug in do_enable_set run #3: crashed: WARNING: refcount bug in do_enable_set run #4: crashed: WARNING: refcount bug in do_enable_set run #5: crashed: WARNING: refcount bug in do_enable_set run #6: crashed: WARNING: refcount bug in do_enable_set run #7: crashed: WARNING: refcount bug in do_enable_set run #8: crashed: WARNING: refcount bug in do_enable_set run #9: crashed: BUG: unable to handle kernel NULL pointer dereference in l2cap_chan_close # git bisect good 1d8e5b0f3f2c6d05697f8192aac7255e6be1e715 Bisecting: 283 revisions left to test after this (roughly 8 steps) [99f47abd9f7bf6e365820d355dc98f6955a562df] fsl/fman: use 32-bit unsigned integer testing commit 99f47abd9f7bf6e365820d355dc98f6955a562df with gcc (GCC) 8.1.0 kernel signature: 9343af7c21a1e4907a7e18d34ab8bae56d88521bceaf625611412a3240f535c5 all runs: OK # git bisect bad 99f47abd9f7bf6e365820d355dc98f6955a562df Bisecting: 133 revisions left to test after this (roughly 7 steps) [4bb540dbe442ec5e4b48af8aed12663e0754bbe2] Merge branch 'for-upstream' of git://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next testing commit 4bb540dbe442ec5e4b48af8aed12663e0754bbe2 with gcc (GCC) 8.1.0 net/bluetooth/sco.c:862:3: error: cannot convert to a pointer type # git bisect skip 4bb540dbe442ec5e4b48af8aed12663e0754bbe2 Bisecting: 133 revisions left to test after this (roughly 7 steps) [6259e0f5478d7a7e4ff3e38bc739b612b8907246] net: mdiobus: use flexible sleeping for reset-delay-us testing commit 6259e0f5478d7a7e4ff3e38bc739b612b8907246 with gcc (GCC) 8.1.0 kernel signature: e0e2bf76b509468380015529fb0e931b5ecbaadab98ae195db86122fc97fcd99 all runs: OK # git bisect bad 6259e0f5478d7a7e4ff3e38bc739b612b8907246 Bisecting: 136 revisions left to test after this (roughly 7 steps) [075f77324f90149bac12c8a705dae5786a1d24fb] Bluetooth: Remove CRYPTO_ALG_INTERNAL flag testing commit 075f77324f90149bac12c8a705dae5786a1d24fb with gcc (GCC) 8.1.0 kernel signature: 82e81aaa8f7e4001614b0706c930c9e00216038c610b9420df2c45eeb064e5bb all runs: OK # git bisect bad 075f77324f90149bac12c8a705dae5786a1d24fb Bisecting: 43 revisions left to test after this (roughly 6 steps) [8746f135bb01872ff412d408ea1aa9ebd328c1f5] Bluetooth: Disconnect if E0 is used for Level 4 testing commit 8746f135bb01872ff412d408ea1aa9ebd328c1f5 with gcc (GCC) 8.1.0 kernel signature: b41647ca73d62d13e37671d446517f40f5e64760b51b44f8b16dd1cdcb8c9907 run #0: crashed: WARNING: refcount bug in do_enable_set run #1: crashed: KASAN: use-after-free Read in l2cap_chan_close run #2: crashed: WARNING: refcount bug in do_enable_set run #3: crashed: WARNING: refcount bug in do_enable_set run #4: crashed: KASAN: use-after-free Read in l2cap_chan_close run #5: crashed: WARNING: refcount bug in do_enable_set run #6: crashed: WARNING: refcount bug in do_enable_set run #7: crashed: WARNING: refcount bug in do_enable_set run #8: crashed: WARNING: refcount bug in do_enable_set run #9: crashed: KASAN: use-after-free Read in l2cap_chan_close # git bisect good 8746f135bb01872ff412d408ea1aa9ebd328c1f5 Bisecting: 21 revisions left to test after this (roughly 5 steps) [3344537f614b966f726c1ec044d1c70a8cabe178] Bluetooth: hci_qca: Bug fixes for SSR testing commit 3344537f614b966f726c1ec044d1c70a8cabe178 with gcc (GCC) 8.1.0 kernel signature: 5f639d301460ef45e71a76d6d36d77d144fb3341941f15cbd6607369e85e08c7 all runs: OK # git bisect bad 3344537f614b966f726c1ec044d1c70a8cabe178 Bisecting: 10 revisions left to test after this (roughly 4 steps) [d4edda0f791fccf4cbb8a88566a8f2b1228faaee] Bluetooth: use configured default params for active scans testing commit d4edda0f791fccf4cbb8a88566a8f2b1228faaee with gcc (GCC) 8.1.0 kernel signature: 407564e1a06efeffb9b5ab3ff5243f3d0c1d1cb7687811b9f96339fa44bd76e2 run #0: crashed: general protection fault in __queue_work run #1: crashed: general protection fault in __queue_work run #2: crashed: general protection fault in __queue_work run #3: crashed: general protection fault in __queue_work run #4: crashed: general protection fault in __queue_work run #5: crashed: general protection fault in __queue_work run #6: crashed: general protection fault in __queue_work run #7: crashed: general protection fault in __queue_work run #8: crashed: general protection fault in __queue_work run #9: basic kernel testing failed: failed to copy test binary to VM: timedout ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "-i" "/syzkaller/jobs/linux/workdir/image/key" "/tmp/syz-executor244592445" "root@10.128.10.48:./syz-executor244592445"] Warning: Permanently added '10.128.10.48' (ECDSA) to the list of known hosts. # git bisect good d4edda0f791fccf4cbb8a88566a8f2b1228faaee Bisecting: 4 revisions left to test after this (roughly 3 steps) [19186c7b45c134820ea6fde3165a2cf30c1ace47] Bluetooth: core: Use fallthrough pseudo-keyword testing commit 19186c7b45c134820ea6fde3165a2cf30c1ace47 with gcc (GCC) 8.1.0 kernel signature: c6edcf7cd991f12543bd6250496d0e938987948cf6be1e84a9bc2f9aca60c963 all runs: OK # git bisect bad 19186c7b45c134820ea6fde3165a2cf30c1ace47 Bisecting: 2 revisions left to test after this (roughly 2 steps) [15d8ce05ebec37a0d701cde768bbf21349f2329d] Bluetooth: le_simult_central_peripheral experimental feature testing commit 15d8ce05ebec37a0d701cde768bbf21349f2329d with gcc (GCC) 8.1.0 kernel signature: 4b7bb0e4d736ec983c26185095ff2e5779866447ef3aa988a6fdd9a885fe1eba all runs: OK # git bisect bad 15d8ce05ebec37a0d701cde768bbf21349f2329d Bisecting: 1 revision left to test after this (roughly 1 step) [461f95f04f19382dcfd17da2d8db37e0cdc719f2] Bluetooth: btusb: USB alternate setting 1 for WBS testing commit 461f95f04f19382dcfd17da2d8db37e0cdc719f2 with gcc (GCC) 8.1.0 kernel signature: f1320fa9a92ae5250719986da6c9f6c3fe908c92bdeed5bb35aefb22c1879021 run #0: basic kernel testing failed: failed to copy test binary to VM: failed to run ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "-i" "/syzkaller/jobs/linux/workdir/image/key" "/tmp/syz-executor264213017" "root@10.128.0.69:./syz-executor264213017"]: exit status 1 Connection timed out during banner exchange lost connection run #1: basic kernel testing failed: failed to copy test binary to VM: failed to run ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "-i" "/syzkaller/jobs/linux/workdir/image/key" "/tmp/syz-executor198992023" "root@10.128.1.11:./syz-executor198992023"]: exit status 1 Connection timed out during banner exchange lost connection run #2: crashed: general protection fault in __queue_work run #3: crashed: general protection fault in __queue_work run #4: crashed: general protection fault in __queue_work run #5: crashed: general protection fault in __queue_work run #6: crashed: general protection fault in __queue_work run #7: crashed: general protection fault in __queue_work run #8: basic kernel testing failed: failed to copy test binary to VM: timedout ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "-i" "/syzkaller/jobs/linux/workdir/image/key" "/tmp/syz-executor817337267" "root@10.128.0.64:./syz-executor817337267"] run #9: basic kernel testing failed: failed to copy test binary to VM: timedout ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "-i" "/syzkaller/jobs/linux/workdir/image/key" "/tmp/syz-executor401143670" "root@10.128.0.176:./syz-executor401143670"] # git bisect good 461f95f04f19382dcfd17da2d8db37e0cdc719f2 Bisecting: 0 revisions left to test after this (roughly 0 steps) [b83764f9220a4a14525657466f299850bbc98de9] Bluetooth: Fix kernel oops triggered by hci_adv_monitors_clear() testing commit b83764f9220a4a14525657466f299850bbc98de9 with gcc (GCC) 8.1.0 kernel signature: 8b30354f63665e39b0362e2f902a24817632b3bbae86043142a96e8438111690 all runs: OK # git bisect bad b83764f9220a4a14525657466f299850bbc98de9 b83764f9220a4a14525657466f299850bbc98de9 is the first bad commit commit b83764f9220a4a14525657466f299850bbc98de9 Author: Miao-chen Chou Date: Mon Jun 29 20:15:00 2020 -0700 Bluetooth: Fix kernel oops triggered by hci_adv_monitors_clear() This fixes the kernel oops by removing unnecessary background scan update from hci_adv_monitors_clear() which shouldn't invoke any work queue. The following test was performed. - Run "rmmod btusb" and verify that no kernel oops is triggered. Signed-off-by: Miao-chen Chou Reviewed-by: Abhishek Pandit-Subedi Reviewed-by: Alain Michaud Signed-off-by: Marcel Holtmann net/bluetooth/hci_core.c | 2 -- 1 file changed, 2 deletions(-) culprit signature: 8b30354f63665e39b0362e2f902a24817632b3bbae86043142a96e8438111690 parent signature: f1320fa9a92ae5250719986da6c9f6c3fe908c92bdeed5bb35aefb22c1879021 revisions tested: 17, total time: 3h55m37.711040856s (build: 1h29m59.890420509s, test: 2h23m45.300882883s) first good commit: b83764f9220a4a14525657466f299850bbc98de9 Bluetooth: Fix kernel oops triggered by hci_adv_monitors_clear() recipients (to): ["abhishekpandit@chromium.org" "alainm@chromium.org" "marcel@holtmann.org" "mcchou@chromium.org"] recipients (cc): []