ci starts bisection 2024-01-24 08:01:42.311557833 +0000 UTC m=+57613.483398397 bisecting cause commit starting from 7ed2632ec7d72e926b9e8bcc9ad1bb0cd37274bf building syzkaller on 1e153dc8b31e685ca8495576db4f8c077585e39c ensuring issue is reproducible on original commit 7ed2632ec7d72e926b9e8bcc9ad1bb0cd37274bf testing commit 7ed2632ec7d72e926b9e8bcc9ad1bb0cd37274bf gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 11cc3444976d1ce6ab67dd81a1e5fe99134b33dd24cb00db949674a95bcddcea run #0: crashed: INFO: task hung in hci_conn_failed run #1: crashed: INFO: task hung in hci_conn_failed run #2: crashed: INFO: task hung in hci_conn_failed run #3: crashed: INFO: task hung in hci_conn_failed run #4: crashed: INFO: task hung in hci_conn_failed run #5: crashed: INFO: task hung in hci_conn_failed run #6: crashed: INFO: task hung in hci_conn_failed run #7: crashed: INFO: task hung in hci_conn_failed run #8: crashed: INFO: task hung in hci_conn_failed run #9: crashed: INFO: task hung in hci_conn_failed run #10: crashed: INFO: task hung in hci_conn_failed run #11: crashed: INFO: task hung in hci_conn_failed run #12: OK run #13: OK run #14: OK run #15: OK run #16: OK run #17: OK run #18: OK run #19: OK representative crash: INFO: task hung in hci_conn_failed, types: [HANG] check whether we can drop unnecessary instrumentation disabling configs for [LEAK UBSAN BUG KASAN LOCKDEP ATOMIC_SLEEP], they are not needed testing commit 7ed2632ec7d72e926b9e8bcc9ad1bb0cd37274bf gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: dbe9c85ea058fafbe57a6c2e950bc1ec3fcaef4bc9fe19bf21fe8be3ea7c7d52 all runs: OK false negative chance: 0.000 kconfig minimization: base=3923 full=7687 leaves diff=2015 split chunks (needed=false): <2015> split chunk #0 of len 2015 into 5 parts testing without sub-chunk 1/5 testing commit 7ed2632ec7d72e926b9e8bcc9ad1bb0cd37274bf gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 9e1a596beefd916cc62bc55da36485db54789eb96cfb1274e3fea1ca9514dae9 all runs: OK false negative chance: 0.000 testing without sub-chunk 2/5 testing commit 7ed2632ec7d72e926b9e8bcc9ad1bb0cd37274bf gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 92499ec5647acb599106ddb2af9a052aff0ab328d8b71e0410f6c9acc39309af run #0: crashed: INFO: task hung in hci_conn_failed run #1: crashed: INFO: task hung in hci_conn_failed run #2: crashed: INFO: task hung in hci_conn_failed run #3: crashed: INFO: task hung in hci_conn_failed run #4: crashed: INFO: task hung in hci_conn_failed run #5: crashed: INFO: task hung in hci_conn_failed run #6: OK run #7: OK run #8: OK run #9: OK representative crash: INFO: task hung in hci_conn_failed, types: [HANG] the chunk can be dropped testing without sub-chunk 3/5 testing commit 7ed2632ec7d72e926b9e8bcc9ad1bb0cd37274bf gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 93fe86174e84859875da2e429e49bf011d5413a7726deda6c7608bec95bf538b run #0: crashed: INFO: task hung in hci_conn_failed run #1: crashed: INFO: task hung in hci_conn_failed run #2: crashed: INFO: task hung in hci_conn_failed run #3: crashed: INFO: task hung in hci_conn_failed run #4: crashed: INFO: task hung in hci_conn_failed run #5: crashed: INFO: task hung in hci_conn_failed run #6: OK run #7: OK run #8: OK run #9: OK representative crash: INFO: task hung in hci_conn_failed, types: [HANG] the chunk can be dropped testing without sub-chunk 4/5 testing commit 7ed2632ec7d72e926b9e8bcc9ad1bb0cd37274bf gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: a77a68ed8ac73621b958d193ed786bb73e301d4af4210275599627c0cae2be2f all runs: OK false negative chance: 0.000 testing without sub-chunk 5/5 testing commit 7ed2632ec7d72e926b9e8bcc9ad1bb0cd37274bf gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 79b0ca4480da61e35b7fdd2c52497c3aa286f684b36d542e1b4cb08a1fe2f2f7 run #0: crashed: INFO: task hung in hci_conn_failed run #1: crashed: INFO: task hung in hci_conn_failed run #2: crashed: INFO: task hung in hci_conn_failed run #3: crashed: INFO: task hung in hci_conn_failed run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK representative crash: INFO: task hung in hci_conn_failed, types: [HANG] the chunk can be dropped minimized to 806 configs; suspects: [6LOWPAN 6LOWPAN_GHC_EXT_HDR_DEST 6LOWPAN_GHC_EXT_HDR_FRAG 6LOWPAN_GHC_EXT_HDR_HOP 6LOWPAN_GHC_EXT_HDR_ROUTE 6LOWPAN_GHC_ICMPV6 6LOWPAN_GHC_UDP 6LOWPAN_NHC 6LOWPAN_NHC_DEST 6LOWPAN_NHC_FRAGMENT 6LOWPAN_NHC_HOP 6LOWPAN_NHC_IPV6 6LOWPAN_NHC_MOBILITY 6LOWPAN_NHC_ROUTING 6LOWPAN_NHC_UDP 6PACK 842_COMPRESS 842_DECOMPRESS 9P_FSCACHE 9P_FS_POSIX_ACL 9P_FS_SECURITY ACORN_PARTITION ACORN_PARTITION_ADFS ACORN_PARTITION_CUMANA ACORN_PARTITION_EESOX ACORN_PARTITION_ICS ACORN_PARTITION_POWERTEC ACORN_PARTITION_RISCIX ACPI_NFIT ACPI_PLATFORM_PROFILE ACPI_THERMAL_LIB ADDRESS_MASKING ADFS_FS AFFS_FS AFS_FS AFS_FSCACHE AF_KCM AF_RXRPC AF_RXRPC_IPV6 AIX_PARTITION AMIGA_PARTITION ANDROID_BINDERFS ANDROID_BINDER_IPC ANON_VMA_NAME APERTURE_HELPERS AR5523 ARCH_ENABLE_MEMORY_HOTREMOVE ARCH_ENABLE_THP_MIGRATION ARCH_HAS_CPU_PASID ARCH_WANT_PMD_MKWRITE ASM_MODVERSIONS ASYNC_CORE ASYNC_MEMCPY ASYNC_PQ ASYNC_RAID6_RECOV ASYNC_TX_DMA ASYNC_XOR AS_HAS_NON_CONST_ULEB128 ATARI_PARTITION ATA_GENERIC ATA_OVER_ETH ATH10K ATH10K_CE ATH10K_PCI ATH10K_USB ATH11K ATH6KL ATH6KL_USB ATH9K ATH9K_AHB ATH9K_BTCOEX_SUPPORT ATH9K_CHANNEL_CONTEXT ATH9K_COMMON ATH9K_COMMON_DEBUG ATH9K_DEBUGFS ATH9K_DYNACK ATH9K_HTC ATH9K_HTC_DEBUGFS ATH9K_HW ATH9K_PCI ATH9K_PCOEM ATH9K_RFKILL ATH_COMMON ATM ATM_BR2684 ATM_CLIP ATM_DRIVERS ATM_LANE ATM_MPOA ATM_TCP AUXILIARY_BUS AX25 AX25_DAMA_SLAVE AX88796B_PHY BAREUDP BATMAN_ADV BATMAN_ADV_BATMAN_V BATMAN_ADV_BLA BATMAN_ADV_DAT BATMAN_ADV_MCAST BATMAN_ADV_NC BCACHE BCACHEFS_DEBUG BCACHEFS_FS BCACHEFS_QUOTA BCACHEFS_SIX_OPTIMISTIC_SPIN BCMA BCMA_HOST_PCI_POSSIBLE BEFS_FS BFQ_CGROUP_DEBUG BFQ_GROUP_IOSCHED BFS_FS BIG_KEYS BLK_CGROUP_PUNT_BIO BLK_CGROUP_RWSTAT BLK_DEBUG_FS_ZONED BLK_DEV_BSGLIB BLK_DEV_INITRD BLK_DEV_INTEGRITY BLK_DEV_INTEGRITY_T10 BLK_DEV_NBD BLK_DEV_NULL_BLK BLK_DEV_NULL_BLK_FAULT_INJECTION BLK_DEV_NVME BLK_DEV_PMEM BLK_DEV_RAM BLK_DEV_RNBD BLK_DEV_RNBD_CLIENT BLK_DEV_THROTTLING BLK_DEV_ZONED BLK_ICQ BLK_INLINE_ENCRYPTION BLK_INLINE_ENCRYPTION_FALLBACK BLK_WBT BLK_WBT_MQ BONDING BOOT_VESA_SUPPORT BPF_EVENTS BPF_JIT BPF_JIT_ALWAYS_ON BPF_JIT_DEFAULT_ON BPF_LSM BPF_PRELOAD BPF_PRELOAD_UMD BPF_STREAM_PARSER BPF_SYSCALL BPQETHER BRIDGE BRIDGE_CFM BRIDGE_EBT_802_3 BRIDGE_EBT_AMONG BRIDGE_EBT_ARP BRIDGE_EBT_ARPREPLY BRIDGE_EBT_BROUTE BRIDGE_EBT_DNAT BRIDGE_EBT_IP BRIDGE_EBT_IP6 BRIDGE_EBT_LIMIT BRIDGE_EBT_LOG BRIDGE_EBT_MARK BRIDGE_EBT_MARK_T BRIDGE_EBT_NFLOG BRIDGE_EBT_PKTTYPE BRIDGE_EBT_REDIRECT BRIDGE_EBT_SNAT BRIDGE_EBT_STP BRIDGE_EBT_T_FILTER BRIDGE_EBT_T_NAT BRIDGE_EBT_VLAN BRIDGE_IGMP_SNOOPING BRIDGE_MRP BRIDGE_NF_EBTABLES BRIDGE_VLAN_FILTERING BSD_DISKLABEL BSD_PROCESS_ACCT_V3 BT BTRFS_ASSERT BTRFS_FS BTRFS_FS_POSIX_ACL BTRFS_FS_REF_VERIFY BTT BT_6LOWPAN BT_ATH3K BT_BCM BT_BNEP BT_BNEP_MC_FILTER BT_BNEP_PROTO_FILTER BT_BREDR BT_CMTP BT_HCIBCM203X BT_HCIBFUSB BT_HCIBPA10X BT_HCIBTUSB BT_HCIBTUSB_BCM BT_HCIBTUSB_MTK BT_HCIBTUSB_POLL_SYNC BT_HCIBTUSB_RTL BT_HCIUART BT_HCIUART_3WIRE BT_HCIUART_AG6XX BT_HCIUART_BCSP BT_HCIUART_H4 BT_HCIUART_LL BT_HCIUART_MRVL BT_HCIUART_QCA BT_HCIUART_SERDEV BT_HCIVHCI BT_HIDP BT_HS BT_INTEL BT_LE BT_LEDS BT_LE_L2CAP_ECRED BT_MSFTEXT BT_MTK BT_QCA BT_RFCOMM BT_RFCOMM_TTY BT_RTL CACHEFILES CAIF CAIF_DEBUG CAIF_DRIVERS CAIF_NETDEV CAIF_TTY CAIF_USB CAIF_VIRTIO CAN CAN_8DEV_USB CAN_BCM CAN_CALC_BITTIMING CAN_DEV CAN_EMS_USB CAN_GS_USB CAN_GW CAN_IFI_CANFD CAN_ISOTP CAN_J1939 CAN_KVASER_USB CAN_MCBA_USB CAN_NETLINK CAN_PEAK_USB CAN_RAW CAN_RX_OFFLOAD CAN_SLCAN CAN_VCAN CAN_VXCAN CAPI_TRACE CARL9170 CARL9170_HWRNG CARL9170_LEDS CARL9170_WPC CC_STRINGOP_OVERFLOW CEC_CORE CEPH_FS CEPH_FSCACHE CEPH_FS_POSIX_ACL CEPH_LIB CEPH_LIB_USE_DNS_RESOLVER CFG80211 CFG80211_CRDA_SUPPORT CFG80211_DEBUGFS CFG80211_DEFAULT_PS CFG80211_REQUIRE_SIGNED_REGDB CFG80211_USE_KERNEL_REGDB_KEYS CFG80211_WEXT CFS_BANDWIDTH CGROUP_BPF CHARGER_BQ24190 CHARGER_ISP1704 CHR_DEV_ST CIFS CIFS_ALLOW_INSECURE_LEGACY CIFS_DEBUG CIFS_DFS_UPCALL CIFS_FSCACHE CIFS_POSIX CIFS_SMB_DIRECT CIFS_SWN_UPCALL CIFS_UPCALL CIFS_XATTR CLOSURES CLS_U32_MARK CLS_U32_PERF CMA CMA_SIZE_SEL_MBYTES CMDLINE_PARTITION COMEDI COMEDI_DT9812 COMEDI_NI_USB6501 COMEDI_USBDUX COMEDI_USBDUXFAST COMEDI_USBDUXSIGMA COMEDI_USB_DRIVERS COMEDI_VMK80XX COMPAT_NETLINK_MESSAGES COUNTER CRAMFS CRAMFS_BLOCKDEV CRAMFS_MTD CRC4 CRC64 CRC64_ROCKSOFT CRC7 CRC8 CRC_ITU_T CRC_T10DIF CRYPTO_ADIANTUM CRYPTO_AEGIS128 CRYPTO_AEGIS128_AESNI_SSE2 CRYPTO_AES_NI_INTEL CRYPTO_AES_TI CRYPTO_ANSI_CPRNG CRYPTO_ANUBIS CRYPTO_ARC4 CRYPTO_ARCH_HAVE_LIB_BLAKE2S CRYPTO_ARCH_HAVE_LIB_CHACHA CRYPTO_ARCH_HAVE_LIB_CURVE25519 CRYPTO_ARCH_HAVE_LIB_POLY1305 CRYPTO_ARIA CRYPTO_ARIA_AESNI_AVX_X86_64 CRYPTO_BLAKE2B CRYPTO_BLAKE2S_X86 CRYPTO_BLOWFISH CRYPTO_BLOWFISH_COMMON CRYPTO_BLOWFISH_X86_64 CRYPTO_CAMELLIA CRYPTO_CAMELLIA_AESNI_AVX2_X86_64 CRYPTO_CAMELLIA_AESNI_AVX_X86_64 CRYPTO_CAMELLIA_X86_64 CRYPTO_CAST5 CRYPTO_CAST5_AVX_X86_64 CRYPTO_CAST6 CRYPTO_CAST6_AVX_X86_64 CRYPTO_CAST_COMMON CRYPTO_CHACHA20 CRYPTO_CHACHA20POLY1305 CRYPTO_CHACHA20_X86_64 CRYPTO_CRC32 CRYPTO_CRC32C_INTEL CRYPTO_CRC32_PCLMUL CRYPTO_CRC64_ROCKSOFT CRYPTO_CRCT10DIF CRYPTO_CRCT10DIF_PCLMUL CRYPTO_CRYPTD CRYPTO_CTS CRYPTO_CURVE25519 CRYPTO_CURVE25519_X86 CRYPTO_DEFLATE CRYPTO_DES CRYPTO_DES3_EDE_X86_64 CRYPTO_DEV_CCP CRYPTO_DEV_CCP_DD CRYPTO_DEV_PADLOCK CRYPTO_DEV_PADLOCK_AES CRYPTO_DEV_PADLOCK_SHA CRYPTO_DEV_QAT CRYPTO_DEV_QAT_C3XXX CRYPTO_DEV_QAT_C3XXXVF CRYPTO_DEV_QAT_C62X CRYPTO_DEV_QAT_C62XVF CRYPTO_DEV_QAT_DH895xCC CRYPTO_DEV_QAT_DH895xCCVF CRYPTO_DEV_VIRTIO CRYPTO_DH CRYPTO_DRBG_CTR CRYPTO_DRBG_HASH CRYPTO_ECC CRYPTO_ECDH CRYPTO_ECRDSA CRYPTO_ENGINE CRYPTO_ESSIV CRYPTO_FCRYPT CRYPTO_GHASH_CLMUL_NI_INTEL CRYPTO_HCTR2 CRYPTO_KDF800108_CTR CRYPTO_KEYWRAP CRYPTO_KHAZAD CRYPTO_KPP CRYPTO_LIB_ARC4 CRYPTO_LIB_CHACHA CRYPTO_LIB_CHACHA20POLY1305 CRYPTO_LIB_CHACHA_GENERIC CRYPTO_LIB_CURVE25519 CRYPTO_LIB_CURVE25519_GENERIC CRYPTO_LIB_DES CRYPTO_LIB_POLY1305 CRYPTO_LIB_POLY1305_GENERIC CRYPTO_LRW CRYPTO_MICHAEL_MIC CRYPTO_NHPOLY1305 CRYPTO_NHPOLY1305_AVX2 CRYPTO_NHPOLY1305_SSE2 CRYPTO_PCBC CRYPTO_PCRYPT CRYPTO_POLY1305 CRYPTO_POLY1305_X86_64 CRYPTO_POLYVAL CRYPTO_POLYVAL_CLMUL_NI CRYPTO_RMD160 CRYPTO_SEED CRYPTO_SERPENT CRYPTO_SERPENT_AVX2_X86_64 CRYPTO_SERPENT_AVX_X86_64 CRYPTO_SERPENT_SSE2_X86_64 CRYPTO_SHA1_SSSE3 CRYPTO_SHA256_SSSE3 CRYPTO_SHA512_SSSE3 CRYPTO_SIMD CRYPTO_SM2 CRYPTO_SM3 CRYPTO_SM3_AVX_X86_64 CRYPTO_SM4 CRYPTO_SM4_AESNI_AVX2_X86_64 CRYPTO_SM4_AESNI_AVX_X86_64 CRYPTO_SM4_GENERIC CRYPTO_STREEBOG CRYPTO_TEA CRYPTO_TWOFISH CRYPTO_TWOFISH_AVX_X86_64 CRYPTO_TWOFISH_COMMON CRYPTO_TWOFISH_X86_64 CRYPTO_TWOFISH_X86_64_3WAY CRYPTO_USER CRYPTO_USER_API CRYPTO_USER_API_AEAD CRYPTO_USER_API_ENABLE_OBSOLETE CRYPTO_USER_API_HASH CRYPTO_USER_API_RNG CRYPTO_USER_API_SKCIPHER CRYPTO_VMAC CRYPTO_WP512 CRYPTO_XCBC CRYPTO_XCTR CRYPTO_XTS CRYPTO_XXHASH CUSE CYPRESS_FIRMWARE DAMON DAMON_DBGFS DAMON_PADDR DAMON_RECLAIM DAMON_VADDR DAX DCA DCB DEFAULT_PFIFO_FAST DEVICE_MIGRATION DEVICE_PRIVATE DEV_COREDUMP DEV_DAX DIMLIB DLM DLN2_ADC DMABUF_HEAPS DMABUF_HEAPS_CMA DMABUF_HEAPS_SYSTEM DMABUF_MOVE_NOTIFY DMA_CMA DMA_ENGINE_RAID DM_AUDIT DM_BIO_PRISON DM_BUFIO DM_CACHE DM_CACHE_SMQ DM_CLONE DM_CRYPT DM_FLAKEY DM_INTEGRITY DM_MULTIPATH DM_MULTIPATH_QL DM_MULTIPATH_ST DM_PERSISTENT_DATA DM_RAID DM_SNAPSHOT DM_THIN_PROVISIONING DM_UEVENT DM_VERITY DM_VERITY_FEC DM_WRITECACHE DM_ZONED DRAGONRISE_FF DVB_CORE ENCRYPTED_KEYS EXTCON FSCACHE FUSE_FS GENEVE GPIOLIB HAMRADIO HAVE_CLK HID_DRAGONRISE HID_SENSOR_HUB HID_SMARTJOYPLUS HID_THRUSTMASTER IIO INFINIBAND INFINIBAND_ADDR_TRANS INFINIBAND_IPOIB INFINIBAND_RTRS_CLIENT INFINIBAND_USER_ACCESS INFINIBAND_VIRT_DMA INPUT_TABLET INPUT_TOUCHSCREEN IOSCHED_BFQ IP_SCTP ISDN ISDN_CAPI L2TP LIBNVDIMM MAC80211 MAC80211_DEBUGFS MAC80211_LEDS MEDIA_COMMON_OPTIONS MEDIA_DIGITAL_TV_SUPPORT MEDIA_RADIO_SUPPORT MEDIA_SDR_SUPPORT MEDIA_SUPPORT MEDIA_USB_SUPPORT MEMORY_HOTPLUG MEMORY_HOTREMOVE MFD_DLN2 MFD_RETU MMC MTD MTD_UBI NETFILTER_ADVANCED NETFILTER_CONNCOUNT NET_CLS_U32 NET_IPGRE NET_IPGRE_DEMUX NET_SCH_DEFAULT NFS_V4_1 NF_CONNTRACK_SNMP NF_NAT_REDIRECT NF_NAT_SNMP_BASIC NF_NAT_TFTP NF_SOCKET_IPV4 NF_SOCKET_IPV6 NF_TABLES NF_TABLES_ARP NF_TPROXY_IPV4 NF_TPROXY_IPV6 NILFS2_FS NLMON NLS_CODEPAGE_1250 NLS_CODEPAGE_1251 NLS_CODEPAGE_737 NLS_CODEPAGE_775 NLS_CODEPAGE_850 NLS_CODEPAGE_852 NLS_CODEPAGE_855 NLS_CODEPAGE_857 NLS_CODEPAGE_860 NLS_CODEPAGE_861 NLS_CODEPAGE_862 NLS_CODEPAGE_863 NLS_CODEPAGE_864 NLS_CODEPAGE_865 NLS_CODEPAGE_866 NLS_CODEPAGE_869 NLS_CODEPAGE_874 NLS_CODEPAGE_932 NLS_CODEPAGE_936 NLS_CODEPAGE_949 NLS_CODEPAGE_950 NLS_ISO8859_13 NLS_ISO8859_14 NLS_ISO8859_15 NLS_ISO8859_2 NLS_ISO8859_3 NLS_ISO8859_4 NLS_ISO8859_5 NLS_ISO8859_6 NLS_ISO8859_7 NLS_ISO8859_8 NLS_ISO8859_9 NLS_KOI8_R NLS_KOI8_U NLS_MAC_CELTIC NLS_MAC_CENTEURO NLS_MAC_CROATIAN NLS_MAC_CYRILLIC NLS_MAC_GAELIC NLS_MAC_GREEK NLS_MAC_ICELAND NLS_MAC_INUIT NLS_MAC_ROMAN NLS_MAC_ROMANIAN NLS_MAC_TURKISH NLS_UCS2_UTILS NOP_USB_XCEIV NOZOMI NTFS3_FS NTFS3_FS_POSIX_ACL NTFS3_LZX_XPRESS NTFS_FS NTFS_RW NULL_TTY NUMA_BALANCING NUMA_BALANCING_DEFAULT_ENABLED NUMA_EMU NUMA_KEEP_MEMINFO NVDIMM_DAX NVDIMM_KEYS NVDIMM_PFN NVMEM_LAYOUTS NVME_CORE NVME_FABRICS NVME_FC NVME_MULTIPATH NVME_RDMA NVME_TARGET NVME_TARGET_FC NVME_TARGET_FCLOOP NVME_TARGET_LOOP NVME_TARGET_RDMA NVME_TARGET_TCP NVME_TCP N_GSM N_HDLC OCFS2_DEBUG_FS OCFS2_FS OCFS2_FS_O2CB OCFS2_FS_STATS OCFS2_FS_USERSPACE_CLUSTER OF_GPIO OF_PMEM OMFS_FS OPENVSWITCH OPENVSWITCH_GENEVE OPENVSWITCH_GRE OPENVSWITCH_VXLAN ORANGEFS_FS OSF_PARTITION OVERLAY_FS OVERLAY_FS_DEBUG OVERLAY_FS_INDEX OVERLAY_FS_REDIRECT_ALWAYS_FOLLOW OVERLAY_FS_REDIRECT_DIR PACKET_DIAG PADATA PAGE_IDLE_FLAG PAGE_POOL PAGE_REPORTING PAHOLE_HAS_LANG_EXCLUDE PAHOLE_HAS_SPLIT_BTF PARPORT PARPORT_NOT_PC PARTITION_ADVANCED PCCARD PCCARD_NONSTATIC PCIEAER PCI_ENDPOINT PCI_IOV PCMCIA PCMCIA_LOAD_CIS PERCPU_STATS PERSISTENT_KEYRINGS PHONET PHYLINK PHY_CPCAP_USB PHY_QCOM_USB_HS PHY_QCOM_USB_HSIC PHY_SAMSUNG_USB2 PHY_TUSB1210 PKCS7_TEST_KEY PKCS8_PRIVATE_KEY_PARSER PM_CLK PNFS_BLOCK PNFS_FILE_LAYOUT PNFS_FLEXFILE_LAYOUT PPP PPPOATM PPPOE PPPOE_HASH_BITS_4 PPPOL2TP PPP_ASYNC PPP_BSDCOMP PPP_DEFLATE PPP_FILTER PPP_MPPE PPP_MULTILINK PPP_SYNC_TTY PPTP PREEMPT PREEMPT_NOTIFIERS PRISM2_USB PROC_CHILDREN PSI PSTORE PSTORE_COMPRESS QCOM_QMI_HELPERS QNX4FS_FS QNX6FS_FS QRTR QRTR_TUN R8712U RADIO_ADAPTERS RADIO_SHARK RADIO_SHARK2 RADIO_TEA575X RAID6_PQ RAID_ATTRS RC_ATI_REMOTE RC_CORE RC_DEVICES RDMA_RXE RDMA_SIW RDS RDS_RDMA RDS_TCP READ_ONLY_THP_FOR_FS REALTEK_AUTOPM REED_SOLOMON REED_SOLOMON_DEC8 REGMAP REGMAP_I2C REGMAP_IRQ REGMAP_MMIO REGULATOR REGULATOR_TWL4030 REISERFS_FS REISERFS_FS_POSIX_ACL REISERFS_FS_SECURITY REISERFS_FS_XATTR REISERFS_PROC_INFO RESET_CONTROLLER RFKILL RFKILL_INPUT RFKILL_LEDS RMI4_2D_SENSOR RMI4_CORE RMI4_F03 RMI4_F03_SERIO RMI4_F11 RMI4_F12 RMI4_F30 ROMFS_BACKED_BY_BOTH ROMFS_FS ROMFS_ON_BLOCK ROMFS_ON_MTD ROSE RTC_DRV_HID_SENSOR_TIME RXKAD SCHED_CORE SCSI_FC_ATTRS SCSI_HPSA SCSI_ISCSI_ATTRS SCSI_LOGGING SCSI_NETLINK SCSI_SAS_ATA SCSI_SAS_ATTRS SCSI_SAS_LIBSAS SCSI_SCAN_ASYNC SCSI_SRP_ATTRS SCTP_COOKIE_HMAC_MD5 SCTP_COOKIE_HMAC_SHA1 SCTP_DEFAULT_COOKIE_HMAC_MD5 SECONDARY_TRUSTED_KEYRING SECURITY_INFINIBAND SECURITY_NETWORK_XFRM SERIAL_DEV_BUS SERIAL_DEV_CTRL_TTYPORT SERIAL_MCTRL_GPIO SGI_PARTITION SIGNATURE SIGNED_PE_FILE_VERIFICATION SLHC SLIP SLIP_COMPRESSED SLIP_MODE_SLIP6 SLIP_SMART SMARTJOYPLUS_FF SMBFS SMC SMC_DIAG SMSC_PHY SMS_SIANO_MDTV SMS_SIANO_RC SMS_USB_DRV SND SND_ALOOP SND_BCD2000 SND_CTL_FAST_LOOKUP SND_CTL_LED SND_DEBUG SND_DMA_SGBUF SND_DRIVERS SND_DUMMY SND_DYNAMIC_MINORS SND_HDA SND_HDA_CODEC_ANALOG SND_HDA_CODEC_CA0110 SND_HDA_CODEC_CA0132 SND_HDA_CODEC_CIRRUS SND_HDA_CODEC_CMEDIA SND_HDA_CODEC_CONEXANT SND_HDA_CODEC_HDMI SND_HDA_CODEC_REALTEK SND_HDA_CODEC_SI3054 SND_HDA_CODEC_SIGMATEL SND_HDA_CODEC_VIA SND_HDA_COMPONENT SND_HDA_CORE SND_HDA_GENERIC SND_HDA_GENERIC_LEDS SND_HDA_HWDEP SND_HDA_I915 SND_HDA_INPUT_BEEP SND_HDA_INTEL SND_HDA_PATCH_LOADER SND_HDA_RECONFIG SND_HRTIMER SND_HWDEP SND_INTEL_DSP_CONFIG SND_INTEL_NHLT SND_INTEL_SOUNDWIRE_ACPI SND_JACK SND_JACK_INPUT_DEV SND_MIXER_OSS SND_OSSEMUL SND_PCI SND_PCM SND_PCMCIA SND_PCM_OSS SND_PCM_OSS_PLUGINS SND_PCM_TIMER SND_PCM_XRUN_DEBUG SND_PROC_FS SND_RAWMIDI SND_SEQUENCER SND_SEQUENCER_OSS SND_SEQ_DEVICE SND_SEQ_DUMMY SND_SEQ_HRTIMER_DEFAULT SND_SEQ_MIDI SND_SEQ_MIDI_EVENT SND_SEQ_VIRMIDI SND_SUPPORT_OLD_API SND_TIMER SND_USB SND_USB_6FIRE SND_USB_AUDIO SND_USB_AUDIO_USE_MEDIA_CONTROLLER SND_USB_CAIAQ SND_USB_CAIAQ_INPUT SND_USB_HIFACE SND_USB_LINE6 SND_USB_POD SND_USB_PODHD SND_USB_TONEPORT SND_USB_UA101 SND_USB_US122L SND_USB_USX2Y SND_USB_VARIAX SND_VERBOSE_PROCFS SND_VIRMIDI SND_VIRTIO SND_VMASTER SND_X86 SOCK_VALIDATE_XMIT SOLARIS_X86_PARTITION SONY_FF SOUND SOUND_OSS_CORE SOUND_OSS_CORE_PRECLAIM SPI SPI_DLN2 SPI_DYNAMIC SPI_MASTER SQUASHFS SQUASHFS_4K_DEVBLK_SIZE SQUASHFS_COMPILE_DECOMP_SINGLE SQUASHFS_DECOMP_SINGLE SQUASHFS_FILE_DIRECT SQUASHFS_LZ4 SQUASHFS_LZO SQUASHFS_XATTR SQUASHFS_XZ SQUASHFS_ZLIB SQUASHFS_ZSTD SSB SSB_PCIHOST_POSSIBLE SSB_PCMCIAHOST_POSSIBLE SSB_SDIOHOST_POSSIBLE STAGING STP STREAM_PARSER SUNRPC_BACKCHANNEL SUN_PARTITION SW_SYNC SYSFB SYSV68_PARTITION SYSV_FS TABLET_USB_ACECAD TABLET_USB_AIPTEK TABLET_USB_HANWANG TABLET_USB_KBTAB TABLET_USB_PEGASUS TAHVO_USB TAHVO_USB_HOST_BY_DEFAULT TASKS_TRACE_RCU TCG_CRB TCG_TIS TCG_TIS_CORE TCG_TPM TCP_CONG_BBR TCP_CONG_BIC TCP_CONG_CDG TCP_CONG_DCTCP TCP_CONG_HSTCP TCP_CONG_HTCP TCP_CONG_HYBLA TCP_CONG_ILLINOIS TCP_CONG_LP TCP_CONG_NV TCP_CONG_SCALABLE TCP_CONG_VEGAS TCP_CONG_VENO TCP_CONG_WESTWOOD TCP_CONG_YEAH TEXTSEARCH TEXTSEARCH_BM TEXTSEARCH_FSM TEXTSEARCH_KMP THERMAL_NETLINK THP_SWAP THRUSTMASTER_FF TIPC TIPC_CRYPTO TIPC_DIAG TIPC_MEDIA_IB TIPC_MEDIA_UDP TLS TLS_DEVICE TLS_TOE TMPFS_QUOTA TOUCHSCREEN_SUR40 TOUCHSCREEN_USB_3M TOUCHSCREEN_USB_COMPOSITE TOUCHSCREEN_USB_DMC_TSC10 TOUCHSCREEN_USB_E2I TOUCHSCREEN_USB_EASYTOUCH TOUCHSCREEN_USB_EGALAX TOUCHSCREEN_USB_ELO TOUCHSCREEN_USB_ETT_TC45USB TOUCHSCREEN_USB_ETURBO TOUCHSCREEN_USB_GENERAL_TOUCH TOUCHSCREEN_USB_GOTOP TOUCHSCREEN_USB_GUNZE TOUCHSCREEN_USB_IDEALTEK TOUCHSCREEN_USB_IRTOUCH TOUCHSCREEN_USB_ITM TOUCHSCREEN_USB_JASTEC TOUCHSCREEN_USB_NEXIO TOUCHSCREEN_USB_PANJIT TOUCHSCREEN_USB_ZYTRONIC TRANSPARENT_HUGEPAGE TRANSPARENT_HUGEPAGE_MADVISE TRUSTED_KEYS TTPCI_EEPROM TTY_PRINTK TUN_VNET_CROSS_LE TWL4030_CORE TYPEC TYPEC_FUSB302 TYPEC_TCPCI TYPEC_TCPM TYPEC_TPS6598X TYPEC_UCSI UBIFS_ATIME_SUPPORT UBIFS_FS UBIFS_FS_ADVANCED_COMPR UBIFS_FS_LZO UBIFS_FS_SECURITY UBIFS_FS_XATTR UBIFS_FS_ZLIB UBIFS_FS_ZSTD UCSI_ACPI UDF_FS UDMABUF UFS_FS UFS_FS_WRITE UHID ULTRIX_PARTITION UNICODE UNIXWARE_DISKLABEL UNIX_DIAG USB4 USB4_NET USBIP_CORE USBIP_HOST USBIP_VHCI_HCD USBIP_VUDC USBPCWATCHDOG USB_ACM USB_ADUTUX USB_AIRSPY USB_ALI_M5632 USB_AN2720 USB_APPLEDISPLAY USB_ARMLINUX USB_BDC_UDC USB_BELKIN USB_C67X00_HCD USB_CATC USB_CDC_PHONET USB_CHAOSKEY USB_CHIPIDEA USB_CHIPIDEA_HOST USB_CHIPIDEA_PCI USB_CHIPIDEA_UDC USB_CONFIGFS USB_CONFIGFS_ACM USB_CONFIGFS_ECM USB_DWC2 USB_GADGET USB_MUSB_HDRC USB_NET_CDC_SUBSET USB_PHY USB_ROLE_SWITCH USB_STORAGE_REALTEK USB_ULPI_BUS USB_USBNET VIDEO_DEV VLAN_8021Q VXLAN WANT_COMPAT_NETLINK_MESSAGES WEXT_CORE WIRELESS WIRELESS_EXT WLAN WLAN_VENDOR_ATH X86_HAVE_PAE X86_X32_ABI ZONE_DEVICE] picked [v6.7 v6.6 v6.5 v6.3 v6.1 v5.19 v5.17 v5.15 v5.12 v5.9 v5.6 v5.3 v5.0 v4.19] out of 30 release tags testing release v6.7 testing commit 0dd3ee31125508cd67f7e7172247f05b7fd1753a gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 89a68abaab711e3541a8c7fb35eb356a5256b70e09592f46d59b4b0b667be576 run #0: crashed: INFO: task hung in hci_conn_failed run #1: crashed: INFO: task hung in hci_conn_failed run #2: crashed: INFO: task hung in hci_conn_failed run #3: crashed: INFO: task hung in hci_conn_failed run #4: crashed: INFO: task hung in hci_conn_failed run #5: crashed: INFO: task hung in hci_conn_failed run #6: crashed: INFO: task hung in hci_conn_failed run #7: crashed: INFO: task hung in hci_conn_failed run #8: crashed: INFO: task hung in hci_conn_failed run #9: crashed: INFO: task hung in hci_conn_failed run #10: crashed: INFO: task hung in hci_conn_failed run #11: crashed: INFO: task hung in hci_conn_failed run #12: crashed: INFO: task hung in hci_conn_failed run #13: OK run #14: OK run #15: OK run #16: OK run #17: OK run #18: OK run #19: OK representative crash: INFO: task hung in hci_conn_failed, types: [HANG] testing release v6.6 testing commit ffc253263a1375a65fa6c9f62a893e9767fbebfa gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 70e64b3147e98e6cea10279669fffbb615ea606c0eab8bf4ccef93c2b260f9b4 run #0: crashed: INFO: task hung in hci_conn_failed run #1: crashed: INFO: task hung in hci_conn_failed run #2: crashed: INFO: task hung in hci_conn_failed run #3: crashed: INFO: task hung in hci_conn_failed run #4: crashed: INFO: task hung in hci_conn_failed run #5: crashed: INFO: task hung in hci_conn_failed run #6: crashed: INFO: task hung in hci_conn_failed run #7: crashed: INFO: task hung in hci_conn_failed run #8: crashed: INFO: task hung in hci_conn_failed run #9: crashed: INFO: task hung in hci_conn_failed run #10: crashed: INFO: task hung in hci_conn_failed run #11: crashed: INFO: task hung in hci_conn_failed run #12: crashed: INFO: task hung in hci_conn_failed run #13: crashed: INFO: task hung in hci_conn_failed run #14: OK run #15: OK run #16: OK run #17: OK run #18: OK run #19: OK representative crash: INFO: task hung in hci_conn_failed, types: [HANG] testing release v6.5 testing commit 2dde18cd1d8fac735875f2e4987f11817cc0bc2c gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 3dbbf65832580b172902206c85b70d6482ce7aeb40ca952e8d4d6ca2e4c3bfd4 all runs: OK false negative chance: 0.000 # git bisect start ffc253263a1375a65fa6c9f62a893e9767fbebfa 2dde18cd1d8fac735875f2e4987f11817cc0bc2c Bisecting: 7882 revisions left to test after this (roughly 13 steps) [a1c19328a160c80251868dbd80066dce23d07995] Merge tag 'soc-arm-6.6' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc testing commit a1c19328a160c80251868dbd80066dce23d07995 gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 36d622a7f702dd79a0d448f5534892e6ec22a1f6fd208def70718ff0f9475771 run #0: crashed: INFO: task hung in hci_conn_failed run #1: crashed: INFO: task hung in hci_conn_failed run #2: crashed: INFO: task hung in hci_conn_failed run #3: crashed: INFO: task hung in hci_conn_failed run #4: crashed: INFO: task hung in hci_conn_failed run #5: crashed: INFO: task hung in hci_conn_failed run #6: crashed: INFO: task hung in hci_conn_failed run #7: crashed: INFO: task hung in hci_conn_failed run #8: OK run #9: OK run #10: OK run #11: OK run #12: OK run #13: OK run #14: OK run #15: OK run #16: OK run #17: OK run #18: OK run #19: OK representative crash: INFO: task hung in hci_conn_failed, types: [HANG] # git bisect bad a1c19328a160c80251868dbd80066dce23d07995 Bisecting: 3438 revisions left to test after this (roughly 12 steps) [bd6c11bc43c496cddfc6cf603b5d45365606dbd5] Merge tag 'net-next-6.6' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next testing commit bd6c11bc43c496cddfc6cf603b5d45365606dbd5 gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 7984a83e47a7972a8ba2bbf74df583216a213565575308a5591761d7837d10fa run #0: crashed: INFO: task hung in hci_conn_failed run #1: crashed: INFO: task hung in hci_conn_failed run #2: crashed: INFO: task hung in hci_conn_failed run #3: crashed: INFO: task hung in hci_conn_failed run #4: crashed: INFO: task hung in hci_conn_failed run #5: crashed: INFO: task hung in hci_conn_failed run #6: crashed: INFO: task hung in hci_conn_failed run #7: OK run #8: OK run #9: OK run #10: OK run #11: OK run #12: OK run #13: OK run #14: OK run #15: OK run #16: OK run #17: OK run #18: OK run #19: OK representative crash: INFO: task hung in hci_conn_failed, types: [HANG] # git bisect bad bd6c11bc43c496cddfc6cf603b5d45365606dbd5 Bisecting: 1988 revisions left to test after this (roughly 11 steps) [6c9cfb853063f317b2953c5e852b6bac1eb0cade] net: ethernet: mtk_wed: minor change in wed_{tx,rx}info_show testing commit 6c9cfb853063f317b2953c5e852b6bac1eb0cade gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 4cc709a74b59c3d20647e6bbf6413028c6d747c6a277e80bc42fd08911c22f97 run #0: crashed: INFO: task hung in hci_conn_failed run #1: crashed: INFO: task hung in hci_conn_failed run #2: crashed: INFO: task hung in hci_conn_failed run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK run #10: OK run #11: OK run #12: OK run #13: OK run #14: OK run #15: OK run #16: OK run #17: OK run #18: OK run #19: OK representative crash: INFO: task hung in hci_conn_failed, types: [HANG] # git bisect bad 6c9cfb853063f317b2953c5e852b6bac1eb0cade Bisecting: 980 revisions left to test after this (roughly 10 steps) [81083076a007d3af3f2216ad9be1374de0687d49] Merge tag 'wireless-next-2023-08-04' of git://git.kernel.org/pub/scm/linux/kernel/git/wireless/wireless-next testing commit 81083076a007d3af3f2216ad9be1374de0687d49 gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: a1fdde6360a11aa9ee869dfcc2f4fdfc918d7d3774affef82f9d50f010a764d9 run #0: basic kernel testing failed: failed to copy binary to VM: failed to run ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "-v" "/tmp/syz-executor4275518628" "root@10.128.1.168:./syz-executor4275518628"]: exit status 255 Executing: program /usr/bin/ssh host 10.128.1.168, user root, command sftp OpenSSH_9.2p1 Debian-2+deb12u1, OpenSSL 3.0.11 19 Sep 2023 debug1: Reading configuration data /dev/null debug1: Connecting to 10.128.1.168 [10.128.1.168] port 22. debug1: fd 3 clearing O_NONBLOCK debug1: Connection established. debug1: identity file /root/.ssh/id_rsa type -1 debug1: identity file /root/.ssh/id_rsa-cert type -1 debug1: identity file /root/.ssh/id_ecdsa type -1 debug1: identity file /root/.ssh/id_ecdsa-cert type -1 debug1: identity file /root/.ssh/id_ecdsa_sk type -1 debug1: identity file /root/.ssh/id_ecdsa_sk-cert type -1 debug1: identity file /root/.ssh/id_ed25519 type -1 debug1: identity file /root/.ssh/id_ed25519-cert type -1 debug1: identity file /root/.ssh/id_ed25519_sk type -1 debug1: identity file /root/.ssh/id_ed25519_sk-cert type -1 debug1: identity file /root/.ssh/id_xmss type -1 debug1: identity file /root/.ssh/id_xmss-cert type -1 debug1: identity file /root/.ssh/id_dsa type -1 debug1: identity file /root/.ssh/id_dsa-cert type -1 debug1: Local version string SSH-2.0-OpenSSH_9.2p1 Debian-2+deb12u1 Connection timed out during banner exchange Connection to 10.128.1.168 port 22 timed out scp: Connection closed run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK run #10: OK run #11: OK run #12: OK run #13: OK run #14: OK run #15: OK run #16: OK run #17: OK run #18: OK run #19: OK false negative chance: 0.003 # git bisect good 81083076a007d3af3f2216ad9be1374de0687d49 Bisecting: 489 revisions left to test after this (roughly 9 steps) [fc720399ffd9e3cc556dc48773f3cde1d28fc20d] Merge branch 'bnxt_en-update-for-net-next' testing commit fc720399ffd9e3cc556dc48773f3cde1d28fc20d gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 3bbc6bb7daf844b5f3049fb181453d7815881e5a943873c6159c4c9b67b8a274 run #0: crashed: INFO: task hung in hci_conn_failed run #1: OK run #2: crashed: INFO: task hung in hci_conn_failed run #3: crashed: INFO: task hung in hci_conn_failed run #4: crashed: INFO: task hung in hci_conn_failed run #5: crashed: INFO: task hung in hci_conn_failed run #6: OK run #7: OK run #8: OK run #9: OK run #10: OK run #11: OK run #12: OK run #13: OK run #14: OK run #15: OK run #16: OK run #17: OK run #18: OK run #19: OK representative crash: INFO: task hung in hci_conn_failed, types: [HANG] # git bisect bad fc720399ffd9e3cc556dc48773f3cde1d28fc20d Bisecting: 245 revisions left to test after this (roughly 8 steps) [c55c8a7cfafe41c71b87b3f7baf16249ce4fbd3d] Bluetooth: btnxpuart: Add support for AW693 chipset testing commit c55c8a7cfafe41c71b87b3f7baf16249ce4fbd3d gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 004fba1ed7baeb12fec79d9914c955a4690ab2f9edf66843101c97541d2758bd run #0: basic kernel testing failed: failed to copy binary to VM: failed to run ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "-v" "/tmp/syz-executor2130421617" "root@10.128.0.246:./syz-executor2130421617"]: exit status 255 Executing: program /usr/bin/ssh host 10.128.0.246, user root, command sftp OpenSSH_9.2p1 Debian-2+deb12u1, OpenSSL 3.0.11 19 Sep 2023 debug1: Reading configuration data /dev/null debug1: Connecting to 10.128.0.246 [10.128.0.246] port 22. debug1: fd 3 clearing O_NONBLOCK debug1: Connection established. debug1: identity file /root/.ssh/id_rsa type -1 debug1: identity file /root/.ssh/id_rsa-cert type -1 debug1: identity file /root/.ssh/id_ecdsa type -1 debug1: identity file /root/.ssh/id_ecdsa-cert type -1 debug1: identity file /root/.ssh/id_ecdsa_sk type -1 debug1: identity file /root/.ssh/id_ecdsa_sk-cert type -1 debug1: identity file /root/.ssh/id_ed25519 type -1 debug1: identity file /root/.ssh/id_ed25519-cert type -1 debug1: identity file /root/.ssh/id_ed25519_sk type -1 debug1: identity file /root/.ssh/id_ed25519_sk-cert type -1 debug1: identity file /root/.ssh/id_xmss type -1 debug1: identity file /root/.ssh/id_xmss-cert type -1 debug1: identity file /root/.ssh/id_dsa type -1 debug1: identity file /root/.ssh/id_dsa-cert type -1 debug1: Local version string SSH-2.0-OpenSSH_9.2p1 Debian-2+deb12u1 Connection timed out during banner exchange Connection to 10.128.0.246 port 22 timed out scp: Connection closed run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK run #10: OK run #11: OK run #12: OK run #13: OK run #14: OK run #15: OK run #16: OK run #17: OK run #18: OK run #19: OK false negative chance: 0.004 # git bisect good c55c8a7cfafe41c71b87b3f7baf16249ce4fbd3d Bisecting: 126 revisions left to test after this (roughly 7 steps) [9cf3db3cd898a256247ad9f0661f14c05003b57f] Merge branch 'net-warn-about-attempts-to-register-negative-ifindex' testing commit 9cf3db3cd898a256247ad9f0661f14c05003b57f gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 7a6f241236f501b6eb119caabd7852ad9aff549f2e66592dd7453cb2c59629de run #0: crashed: INFO: task hung in hci_conn_failed run #1: crashed: INFO: task hung in hci_conn_failed run #2: basic kernel testing failed: failed to copy binary to VM: failed to run ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "-v" "/tmp/syz-executor1525230954" "root@10.128.1.143:./syz-executor1525230954"]: exit status 255 Executing: program /usr/bin/ssh host 10.128.1.143, user root, command sftp OpenSSH_9.2p1 Debian-2+deb12u1, OpenSSL 3.0.11 19 Sep 2023 debug1: Reading configuration data /dev/null debug1: Connecting to 10.128.1.143 [10.128.1.143] port 22. debug1: fd 3 clearing O_NONBLOCK debug1: Connection established. debug1: identity file /root/.ssh/id_rsa type -1 debug1: identity file /root/.ssh/id_rsa-cert type -1 debug1: identity file /root/.ssh/id_ecdsa type -1 debug1: identity file /root/.ssh/id_ecdsa-cert type -1 debug1: identity file /root/.ssh/id_ecdsa_sk type -1 debug1: identity file /root/.ssh/id_ecdsa_sk-cert type -1 debug1: identity file /root/.ssh/id_ed25519 type -1 debug1: identity file /root/.ssh/id_ed25519-cert type -1 debug1: identity file /root/.ssh/id_ed25519_sk type -1 debug1: identity file /root/.ssh/id_ed25519_sk-cert type -1 debug1: identity file /root/.ssh/id_xmss type -1 debug1: identity file /root/.ssh/id_xmss-cert type -1 debug1: identity file /root/.ssh/id_dsa type -1 debug1: identity file /root/.ssh/id_dsa-cert type -1 debug1: Local version string SSH-2.0-OpenSSH_9.2p1 Debian-2+deb12u1 Connection timed out during banner exchange Connection to 10.128.1.143 port 22 timed out scp: Connection closed run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK run #10: OK run #11: OK run #12: OK run #13: OK run #14: OK run #15: OK run #16: OK run #17: OK run #18: OK run #19: OK representative crash: INFO: task hung in hci_conn_failed, types: [HANG] # git bisect bad 9cf3db3cd898a256247ad9f0661f14c05003b57f Bisecting: 59 revisions left to test after this (roughly 6 steps) [afb0c19242a0c9a19fc2013dd1389b553acc0ede] Merge branch 'mptcp-remove-msk-subflow' testing commit afb0c19242a0c9a19fc2013dd1389b553acc0ede gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 13d3c4f494c974b874693f0f3387bad4e7658dee47bdb12985136b4b0396e5a9 run #0: crashed: INFO: task hung in hci_conn_failed run #1: crashed: INFO: task hung in hci_conn_failed run #2: basic kernel testing failed: failed to copy binary to VM: failed to run ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "-v" "/tmp/syz-executor1104641723" "root@10.128.15.197:./syz-executor1104641723"]: exit status 255 Executing: program /usr/bin/ssh host 10.128.15.197, user root, command sftp OpenSSH_9.2p1 Debian-2+deb12u1, OpenSSL 3.0.11 19 Sep 2023 debug1: Reading configuration data /dev/null debug1: Connecting to 10.128.15.197 [10.128.15.197] port 22. debug1: fd 3 clearing O_NONBLOCK debug1: Connection established. debug1: identity file /root/.ssh/id_rsa type -1 debug1: identity file /root/.ssh/id_rsa-cert type -1 debug1: identity file /root/.ssh/id_ecdsa type -1 debug1: identity file /root/.ssh/id_ecdsa-cert type -1 debug1: identity file /root/.ssh/id_ecdsa_sk type -1 debug1: identity file /root/.ssh/id_ecdsa_sk-cert type -1 debug1: identity file /root/.ssh/id_ed25519 type -1 debug1: identity file /root/.ssh/id_ed25519-cert type -1 debug1: identity file /root/.ssh/id_ed25519_sk type -1 debug1: identity file /root/.ssh/id_ed25519_sk-cert type -1 debug1: identity file /root/.ssh/id_xmss type -1 debug1: identity file /root/.ssh/id_xmss-cert type -1 debug1: identity file /root/.ssh/id_dsa type -1 debug1: identity file /root/.ssh/id_dsa-cert type -1 debug1: Local version string SSH-2.0-OpenSSH_9.2p1 Debian-2+deb12u1 Connection timed out during banner exchange Connection to 10.128.15.197 port 22 timed out scp: Connection closed run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK run #10: OK run #11: OK run #12: OK run #13: OK run #14: OK run #15: OK run #16: OK run #17: OK run #18: OK run #19: OK representative crash: INFO: task hung in hci_conn_failed, types: [HANG] # git bisect bad afb0c19242a0c9a19fc2013dd1389b553acc0ede Bisecting: 36 revisions left to test after this (roughly 5 steps) [2f4503f94c5d81d1589842bfb457be466c8c670b] net: pcs: lynx: fix lynx_pcs_link_up_sgmii() not doing anything in fixed-link mode testing commit 2f4503f94c5d81d1589842bfb457be466c8c670b gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 8ffe7c38a78c116f4b6d6c5b3ed08400e342e9a4596beec902e3941521f97ebf all runs: OK false negative chance: 0.046 # git bisect good 2f4503f94c5d81d1589842bfb457be466c8c670b Bisecting: 18 revisions left to test after this (roughly 4 steps) [bd003fb338afee97c76f13c3e9144a7e4ad37179] Bluetooth: btrtl: Load FW v2 otherwise FW v1 for RTL8852C testing commit bd003fb338afee97c76f13c3e9144a7e4ad37179 gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 558c89bd473e9b66de0cf330cdd4ad44e323d6a7719736a786fce16c7b109305 run #0: crashed: INFO: task hung in hci_conn_failed run #1: crashed: INFO: task hung in hci_conn_failed run #2: crashed: INFO: task hung in hci_conn_failed run #3: crashed: INFO: task hung in hci_conn_failed run #4: crashed: INFO: task hung in hci_conn_failed run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK run #10: OK run #11: OK run #12: OK run #13: OK run #14: OK run #15: OK run #16: OK run #17: OK run #18: OK run #19: OK representative crash: INFO: task hung in hci_conn_failed, types: [HANG] # git bisect bad bd003fb338afee97c76f13c3e9144a7e4ad37179 Bisecting: 8 revisions left to test after this (roughly 3 steps) [b7f923b1ef6a2e76013089d30c9552257056360a] Bluetooth: ISO: Fix not checking for valid CIG/CIS IDs testing commit b7f923b1ef6a2e76013089d30c9552257056360a gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 2d9339cf8bea831e596015a46ccabb149195ac019d1da7f10ca49612e4968e51 run #0: crashed: INFO: task hung in hci_conn_failed run #1: crashed: INFO: task hung in hci_conn_failed run #2: crashed: INFO: task hung in hci_conn_failed run #3: crashed: INFO: task hung in hci_conn_failed run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK run #10: OK run #11: OK run #12: OK run #13: OK run #14: OK run #15: OK run #16: OK run #17: OK run #18: OK run #19: OK representative crash: INFO: task hung in hci_conn_failed, types: [HANG] # git bisect bad b7f923b1ef6a2e76013089d30c9552257056360a Bisecting: 4 revisions left to test after this (roughly 2 steps) [90005880a68cc8908885f5c9c9e2e60deaf78700] Bluetooth: Remove unused declaration amp_read_loc_info() testing commit 90005880a68cc8908885f5c9c9e2e60deaf78700 gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: e249c709bd12a32c48a1cf112cd1522f403f27b7183ad33ccdfe6178a53606c7 run #0: basic kernel testing failed: failed to copy binary to VM: failed to run ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "-v" "/tmp/syz-executor2505833061" "root@10.128.0.69:./syz-executor2505833061"]: exit status 255 Executing: program /usr/bin/ssh host 10.128.0.69, user root, command sftp OpenSSH_9.2p1 Debian-2+deb12u1, OpenSSL 3.0.11 19 Sep 2023 debug1: Reading configuration data /dev/null debug1: Connecting to 10.128.0.69 [10.128.0.69] port 22. debug1: fd 3 clearing O_NONBLOCK debug1: Connection established. debug1: identity file /root/.ssh/id_rsa type -1 debug1: identity file /root/.ssh/id_rsa-cert type -1 debug1: identity file /root/.ssh/id_ecdsa type -1 debug1: identity file /root/.ssh/id_ecdsa-cert type -1 debug1: identity file /root/.ssh/id_ecdsa_sk type -1 debug1: identity file /root/.ssh/id_ecdsa_sk-cert type -1 debug1: identity file /root/.ssh/id_ed25519 type -1 debug1: identity file /root/.ssh/id_ed25519-cert type -1 debug1: identity file /root/.ssh/id_ed25519_sk type -1 debug1: identity file /root/.ssh/id_ed25519_sk-cert type -1 debug1: identity file /root/.ssh/id_xmss type -1 debug1: identity file /root/.ssh/id_xmss-cert type -1 debug1: identity file /root/.ssh/id_dsa type -1 debug1: identity file /root/.ssh/id_dsa-cert type -1 debug1: Local version string SSH-2.0-OpenSSH_9.2p1 Debian-2+deb12u1 Connection timed out during banner exchange Connection to 10.128.0.69 port 22 timed out scp: Connection closed run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK run #10: OK run #11: OK run #12: OK run #13: OK run #14: OK run #15: OK run #16: OK run #17: OK run #18: OK run #19: OK false negative chance: 0.053 # git bisect good 90005880a68cc8908885f5c9c9e2e60deaf78700 Bisecting: 2 revisions left to test after this (roughly 1 step) [2889bdd0a9a195533c2103e7b39ab0de844d72f6] Bluetooth: hci_sync: delete CIS in BT_OPEN/CONNECT/BOUND when aborting testing commit 2889bdd0a9a195533c2103e7b39ab0de844d72f6 gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 06e526310570e1a4ea2f836396b16990e375c7fd12234f2aa2b37b6734d2a3bc all runs: OK false negative chance: 0.046 # git bisect good 2889bdd0a9a195533c2103e7b39ab0de844d72f6 Bisecting: 0 revisions left to test after this (roughly 1 step) [5af1f84ed13a416297ab9ced7537f4d5ae7f329a] Bluetooth: hci_sync: Fix UAF on hci_abort_conn_sync testing commit 5af1f84ed13a416297ab9ced7537f4d5ae7f329a gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: e020668f264d3facd00fe058a87446f10fe7bb39366cd9e685a45b4b9f65d667 run #0: crashed: INFO: task hung in hci_conn_failed run #1: crashed: INFO: task hung in hci_conn_failed run #2: crashed: INFO: task hung in hci_conn_failed run #3: crashed: INFO: task hung in hci_conn_failed run #4: crashed: INFO: task hung in hci_conn_failed run #5: crashed: INFO: task hung in hci_conn_failed run #6: crashed: INFO: task hung in hci_conn_failed run #7: OK run #8: OK run #9: OK run #10: OK run #11: OK run #12: OK run #13: OK run #14: OK run #15: OK run #16: OK run #17: OK run #18: OK run #19: OK representative crash: INFO: task hung in hci_conn_failed, types: [HANG] # git bisect bad 5af1f84ed13a416297ab9ced7537f4d5ae7f329a Bisecting: 0 revisions left to test after this (roughly 0 steps) [094e3639623ee3b8a043e2b5285498b036a4dc09] Bluetooth: hci_sync: Fix handling of HCI_OP_CREATE_CONN_CANCEL testing commit 094e3639623ee3b8a043e2b5285498b036a4dc09 gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 3ccc5b892f1a9a7fe20ec1685de2c0541a9ede0b1fc8e9867a702d6213372ba4 all runs: OK false negative chance: 0.046 # git bisect good 094e3639623ee3b8a043e2b5285498b036a4dc09 5af1f84ed13a416297ab9ced7537f4d5ae7f329a is the first bad commit commit 5af1f84ed13a416297ab9ced7537f4d5ae7f329a Author: Luiz Augusto von Dentz Date: Thu Aug 3 11:04:51 2023 -0700 Bluetooth: hci_sync: Fix UAF on hci_abort_conn_sync Connections may be cleanup while waiting for the commands to complete so this attempts to check if the connection handle remains valid in case of errors that would lead to call hci_conn_failed: BUG: KASAN: slab-use-after-free in hci_conn_failed+0x1f/0x160 Read of size 8 at addr ffff888001376958 by task kworker/u3:0/52 CPU: 0 PID: 52 Comm: kworker/u3:0 Not tainted 6.5.0-rc1-00527-g2dfe76d58d3a #5615 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-1.fc38 04/01/2014 Workqueue: hci0 hci_cmd_sync_work Call Trace: dump_stack_lvl+0x1d/0x70 print_report+0xce/0x620 ? __virt_addr_valid+0xd4/0x150 ? hci_conn_failed+0x1f/0x160 kasan_report+0xd1/0x100 ? hci_conn_failed+0x1f/0x160 hci_conn_failed+0x1f/0x160 hci_abort_conn_sync+0x237/0x360 Signed-off-by: Luiz Augusto von Dentz net/bluetooth/hci_sync.c | 45 +++++++++++++++++++++++++++++---------------- 1 file changed, 29 insertions(+), 16 deletions(-) accumulated error probability: 0.18 culprit signature: e020668f264d3facd00fe058a87446f10fe7bb39366cd9e685a45b4b9f65d667 parent signature: 3ccc5b892f1a9a7fe20ec1685de2c0541a9ede0b1fc8e9867a702d6213372ba4 reproducer is flaky (0.14 repro chance estimate) revisions tested: 25, total time: 10h38m37.54566171s (build: 4h21m11.16145441s, test: 5h38m3.583325161s) first bad commit: 5af1f84ed13a416297ab9ced7537f4d5ae7f329a Bluetooth: hci_sync: Fix UAF on hci_abort_conn_sync recipients (to): ["johan.hedberg@gmail.com" "linux-bluetooth@vger.kernel.org" "luiz.dentz@gmail.com" "luiz.von.dentz@intel.com" "marcel@holtmann.org"] recipients (cc): ["linux-kernel@vger.kernel.org"] crash: INFO: task hung in hci_conn_failed INFO: task kworker/u5:7:2671 blocked for more than 143 seconds. Not tainted 6.5.0-rc5-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:kworker/u5:7 state:D stack:28384 pid:2671 ppid:2 flags:0x00004000 Workqueue: hci4 hci_cmd_sync_work Call Trace: context_switch kernel/sched/core.c:5381 [inline] __schedule+0xe64/0x59b0 kernel/sched/core.c:6710 schedule+0xe7/0x1b0 kernel/sched/core.c:6786 schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:6845 __mutex_lock_common kernel/locking/mutex.c:679 [inline] __mutex_lock+0x5b4/0x990 kernel/locking/mutex.c:747 hci_connect_cfm include/net/bluetooth/hci_core.h:1882 [inline] hci_conn_failed+0xf8/0x2c0 net/bluetooth/hci_conn.c:1230 hci_abort_conn_sync+0x346/0x800 net/bluetooth/hci_sync.c:5433 hci_cmd_sync_work+0x173/0x340 net/bluetooth/hci_sync.c:306 process_one_work+0x973/0x1530 kernel/workqueue.c:2600 worker_thread+0xff/0x12d0 kernel/workqueue.c:2751 kthread+0x28d/0x350 kernel/kthread.c:389 ret_from_fork+0x2c/0x70 arch/x86/kernel/process.c:145 ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:304 Showing all locks held in the system: 5 locks held by kworker/u4:1/12: 1 lock held by rcu_tasks_kthre/13: #0: ffffffff886be930 (rcu_tasks.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x2c/0xe30 kernel/rcu/tasks.h:522 1 lock held by rcu_tasks_trace/14: #0: ffffffff886be630 (rcu_tasks_trace.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x2c/0xe30 kernel/rcu/tasks.h:522 3 locks held by kworker/1:0/22: 3 locks held by kworker/1:1/26: 1 lock held by khungtaskd/28: #0: ffffffff886bf540 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x55/0x340 kernel/locking/lockdep.c:6615 2 locks held by kworker/u4:2/40: #0: ffff88800d079138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:20 [inline] #0: ffff88800d079138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: raw_atomic64_set include/linux/atomic/atomic-arch-fallback.h:2608 [inline] #0: ffff88800d079138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: raw_atomic_long_set include/linux/atomic/atomic-long.h:79 [inline] #0: ffff88800d079138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: atomic_long_set include/linux/atomic/atomic-instrumented.h:3196 [inline] #0: ffff88800d079138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:678 [inline] #0: ffff88800d079138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:705 [inline] #0: ffff88800d079138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x861/0x1530 kernel/workqueue.c:2570 #1: ffffc90000b17d98 ((reaper_work).work){+.+.}-{0:0}, at: process_one_work+0x88e/0x1530 kernel/workqueue.c:2574 6 locks held by kworker/u5:0/46: #0: ffff888076730938 ((wq_completion)hci0){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:20 [inline] #0: ffff888076730938 ((wq_completion)hci0){+.+.}-{0:0}, at: raw_atomic64_set include/linux/atomic/atomic-arch-fallback.h:2608 [inline] #0: ffff888076730938 ((wq_completion)hci0){+.+.}-{0:0}, at: raw_atomic_long_set include/linux/atomic/atomic-long.h:79 [inline] #0: ffff888076730938 ((wq_completion)hci0){+.+.}-{0:0}, at: atomic_long_set include/linux/atomic/atomic-instrumented.h:3196 [inline] #0: ffff888076730938 ((wq_completion)hci0){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:678 [inline] #0: ffff888076730938 ((wq_completion)hci0){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:705 [inline] #0: ffff888076730938 ((wq_completion)hci0){+.+.}-{0:0}, at: process_one_work+0x861/0x1530 kernel/workqueue.c:2570 #1: ffffc90000b77d98 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_one_work+0x88e/0x1530 kernel/workqueue.c:2574 #2: ffff88807abf50b8 (&hdev->req_lock){+.+.}-{3:3}, at: hci_cmd_sync_work+0x13f/0x340 net/bluetooth/hci_sync.c:305 #3: ffff88807abf4078 (&hdev->lock){+.+.}-{3:3}, at: hci_abort_conn_sync+0x33a/0x800 net/bluetooth/hci_sync.c:5432 #4: ffffffff898c8b48 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_connect_cfm include/net/bluetooth/hci_core.h:1882 [inline] #4: ffffffff898c8b48 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_conn_failed+0xf8/0x2c0 net/bluetooth/hci_conn.c:1230 #5: ffffffff886ca9f8 (rcu_state.exp_mutex){+.+.}-{3:3}, at: exp_funnel_lock kernel/rcu/tree_exp.h:325 [inline] #5: ffffffff886ca9f8 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x3ff/0x800 kernel/rcu/tree_exp.h:992 2 locks held by kworker/u4:3/408: #0: ffff88800d079138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:20 [inline] #0: ffff88800d079138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: raw_atomic64_set include/linux/atomic/atomic-arch-fallback.h:2608 [inline] #0: ffff88800d079138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: raw_atomic_long_set include/linux/atomic/atomic-long.h:79 [inline] #0: ffff88800d079138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: atomic_long_set include/linux/atomic/atomic-instrumented.h:3196 [inline] #0: ffff88800d079138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:678 [inline] #0: ffff88800d079138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:705 [inline] #0: ffff88800d079138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x861/0x1530 kernel/workqueue.c:2570 #1: ffffc90002ab7d98 (connector_reaper_work){+.+.}-{0:0}, at: process_one_work+0x88e/0x1530 kernel/workqueue.c:2574 3 locks held by kworker/0:2/599: 2 locks held by getty/2129: #0: ffff8881401ff098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x23/0x80 drivers/tty/tty_ldisc.c:243 #1: ffffc900000bb2f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0xc6c/0x1310 drivers/tty/n_tty.c:2187 3 locks held by kworker/1:3/2547: 2 locks held by syz-executor.5/2661: #0: ffff88807d80afe0 (&mm->mmap_lock){++++}-{3:3}, at: mmap_read_trylock include/linux/mmap_lock.h:167 [inline] #0: ffff88807d80afe0 (&mm->mmap_lock){++++}-{3:3}, at: get_mmap_lock_carefully mm/memory.c:5261 [inline] #0: ffff88807d80afe0 (&mm->mmap_lock){++++}-{3:3}, at: lock_mm_and_find_vma+0x26/0x590 mm/memory.c:5323 #1: ffffffff887bc5e8 (oom_lock){+.+.}-{3:3}, at: mem_cgroup_out_of_memory+0x8d/0x270 mm/memcontrol.c:1734 5 locks held by kworker/u5:7/2671: #0: ffff8880760f9938 ((wq_completion)hci4){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:20 [inline] #0: ffff8880760f9938 ((wq_completion)hci4){+.+.}-{0:0}, at: raw_atomic64_set include/linux/atomic/atomic-arch-fallback.h:2608 [inline] #0: ffff8880760f9938 ((wq_completion)hci4){+.+.}-{0:0}, at: raw_atomic_long_set include/linux/atomic/atomic-long.h:79 [inline] #0: ffff8880760f9938 ((wq_completion)hci4){+.+.}-{0:0}, at: atomic_long_set include/linux/atomic/atomic-instrumented.h:3196 [inline] #0: ffff8880760f9938 ((wq_completion)hci4){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:678 [inline] #0: ffff8880760f9938 ((wq_completion)hci4){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:705 [inline] #0: ffff8880760f9938 ((wq_completion)hci4){+.+.}-{0:0}, at: process_one_work+0x861/0x1530 kernel/workqueue.c:2570 #1: ffffc9000341fd98 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_one_work+0x88e/0x1530 kernel/workqueue.c:2574 #2: ffff88807b5f90b8 (&hdev->req_lock){+.+.}-{3:3}, at: hci_cmd_sync_work+0x13f/0x340 net/bluetooth/hci_sync.c:305 #3: ffff88807b5f8078 (&hdev->lock){+.+.}-{3:3}, at: hci_abort_conn_sync+0x33a/0x800 net/bluetooth/hci_sync.c:5432 #4: ffffffff898c8b48 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_connect_cfm include/net/bluetooth/hci_core.h:1882 [inline] #4: ffffffff898c8b48 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_conn_failed+0xf8/0x2c0 net/bluetooth/hci_conn.c:1230 3 locks held by kworker/0:5/4848: 3 locks held by kworker/1:4/4867: 3 locks held by kworker/0:6/4869: 3 locks held by kworker/1:9/4991: 3 locks held by kworker/0:10/8268: 3 locks held by kworker/1:11/11791: ============================================= NMI backtrace for cpu 0 CPU: 0 PID: 28 Comm: khungtaskd Not tainted 6.5.0-rc5-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023 Call Trace: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x5c/0xb0 lib/dump_stack.c:106 nmi_cpu_backtrace+0x167/0x210 lib/nmi_backtrace.c:113 nmi_trigger_cpumask_backtrace+0x1d4/0x220 lib/nmi_backtrace.c:62 trigger_all_cpu_backtrace include/linux/nmi.h:160 [inline] check_hung_uninterruptible_tasks kernel/hung_task.c:222 [inline] watchdog+0xa22/0xca0 kernel/hung_task.c:379 kthread+0x28d/0x350 kernel/kthread.c:389 ret_from_fork+0x2c/0x70 arch/x86/kernel/process.c:145 ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:304 Sending NMI from CPU 0 to CPUs 1: NMI backtrace for cpu 1 CPU: 1 PID: 26203 Comm: syz-executor.5 Not tainted 6.5.0-rc5-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023 RIP: 0010:stack_access_ok+0x166/0x1f0 arch/x86/kernel/unwind_orc.c:398 Code: 0f 85 8d 00 00 00 49 39 ee 48 8b 43 10 77 25 48 39 e8 76 20 4c 01 e5 48 39 e8 0f 93 c0 49 39 ee 0f 92 c2 21 d0 48 83 c4 08 5b <5d> 41 5c 41 5d 41 5e 41 5f c3 48 83 c4 08 31 c0 5b 5d 41 5c 41 5d RSP: 0018:ffffc900be67f730 EFLAGS: 00000286 RAX: 0000000000000001 RBX: 0000000000000001 RCX: ffffc900be680000 RDX: ffffc900be67ff01 RSI: ffffc900be67ff50 RDI: ffffc900be67f7d0 RBP: ffffc900be67ff50 R08: ffffffff8a98625e R09: ffffffff8a98625c R10: ffffc900be67f7d0 R11: 000000000005b88c R12: 0000000000000008 R13: ffffc900be67f7e0 R14: ffffc900be67f7d8 R15: ffffc900be678000 FS: 0000555555f6a480(0000) GS:ffff8880ba500000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007ff8dddabf84 CR3: 000000003d9bf000 CR4: 0000000000350ee0 Call Trace: deref_stack_reg arch/x86/kernel/unwind_orc.c:403 [inline] unwind_next_frame+0xab5/0x2020 arch/x86/kernel/unwind_orc.c:585 arch_stack_walk+0x8b/0xf0 arch/x86/kernel/stacktrace.c:25 stack_trace_save+0x96/0xd0 kernel/stacktrace.c:122 kasan_save_stack+0x33/0x50 mm/kasan/common.c:45 kasan_set_track+0x25/0x30 mm/kasan/common.c:52 __kasan_slab_alloc+0x81/0x90 mm/kasan/common.c:328 kasan_slab_alloc include/linux/kasan.h:186 [inline] slab_post_alloc_hook+0x5a/0xd0 mm/slab.h:762 kmem_cache_alloc_bulk+0x40c/0x7d0 mm/slub.c:4048 mt_alloc_bulk lib/maple_tree.c:164 [inline] mas_alloc_nodes+0x2dd/0x700 lib/maple_tree.c:1304 mas_node_count_gfp lib/maple_tree.c:1362 [inline] mas_preallocate+0x16e/0x300 lib/maple_tree.c:5547 vma_iter_prealloc mm/internal.h:1032 [inline] mmap_region+0x645/0x1f70 mm/mmap.c:2810 do_mmap+0x61a/0xd30 mm/mmap.c:1363 vm_mmap_pgoff+0x16d/0x350 mm/util.c:543 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd RIP: 0033:0x7ff8ddc7cde3 Code: f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 41 89 ca 41 f7 c1 ff 0f 00 00 75 14 b8 09 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 25 c3 0f 1f 40 00 48 c7 c0 b0 ff ff ff 64 c7 RSP: 002b:00007ffd51115998 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 RAX: ffffffffffffffda RBX: 00007ff8dd7ff6c0 RCX: 00007ff8ddc7cde3 RDX: 0000000000000000 RSI: 0000000000021000 RDI: 0000000000000000 RBP: 0000000000000000 R08: 00000000ffffffff R09: 0000000000000000 R10: 0000000000020022 R11: 0000000000000246 R12: 00007ffd51115c40 R13: ffffffffffffffc0 R14: 0000000000001000 R15: 0000000000000000