ci2 starts bisection 2023-09-16 11:52:51.685685503 +0000 UTC m=+272103.714859606 bisecting fixing commit since c2cbfe5f51227dfe6ef7be013f0d56a32c040faa building syzkaller on a4ae4f428721da42ac15f07d6f3b54584dedee27 ensuring issue is reproducible on original commit c2cbfe5f51227dfe6ef7be013f0d56a32c040faa testing commit c2cbfe5f51227dfe6ef7be013f0d56a32c040faa gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 2e90f6f9cf47cba008812f7125dbbe5b8cb0015e2e55565d476844fe5b9e9bfc all runs: crashed: general protection fault in hci_uart_tty_ioctl representative crash: general protection fault in hci_uart_tty_ioctl, types: [UNKNOWN] check whether we can drop unnecessary instrumentation disabling configs for [BUG KASAN LOCKDEP ATOMIC_SLEEP HANG LEAK UBSAN], they are not needed testing commit c2cbfe5f51227dfe6ef7be013f0d56a32c040faa gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: b44f8008996a47f556a3aeb11533b02672463ba5d16bc03c85395c65d07ed609 run #0: crashed: BUG: unable to handle kernel NULL pointer dereference in hci_uart_tty_ioctl run #1: crashed: BUG: unable to handle kernel NULL pointer dereference in hci_uart_tty_ioctl run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK representative crash: BUG: unable to handle kernel NULL pointer dereference in hci_uart_tty_ioctl, types: [UNKNOWN] kconfig minimization: base=3820 full=7523 leaves diff=1996 split chunks (needed=false): <1996> split chunk #0 of len 1996 into 5 parts testing without sub-chunk 1/5 testing commit c2cbfe5f51227dfe6ef7be013f0d56a32c040faa gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 6f5ae0f63ab330a1da08c67355301f3bf67948f5709709a6c80f03b950e1b0f5 all runs: OK false negative chance: 0.000 testing without sub-chunk 2/5 testing commit c2cbfe5f51227dfe6ef7be013f0d56a32c040faa gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 5c81a916d23611e56be5ab9f7bbd305e0298fce6557fd29c27682278a4e1ee4d all runs: crashed: general protection fault in hci_uart_tty_ioctl representative crash: general protection fault in hci_uart_tty_ioctl, types: [UNKNOWN] the chunk can be dropped testing without sub-chunk 3/5 testing commit c2cbfe5f51227dfe6ef7be013f0d56a32c040faa gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 10355729ad759931aeb0bde82f8fc7f2e7bf83281792a4a69346416d2bb61584 all runs: crashed: general protection fault in hci_uart_tty_ioctl representative crash: general protection fault in hci_uart_tty_ioctl, types: [UNKNOWN] the chunk can be dropped testing without sub-chunk 4/5 testing commit c2cbfe5f51227dfe6ef7be013f0d56a32c040faa gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 34bd9b0088cf5921b51148ae80ca75ef5a40ada00b56ad2203eb258cc31e8d00 all runs: crashed: general protection fault in hci_uart_tty_ioctl representative crash: general protection fault in hci_uart_tty_ioctl, types: [UNKNOWN] the chunk can be dropped testing without sub-chunk 5/5 testing commit c2cbfe5f51227dfe6ef7be013f0d56a32c040faa gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 5dfbaefec5531e9e14a9e9613892769ac998c72afdd2de2257235c1edd3baa48 run #0: crashed: general protection fault in hci_uart_tty_ioctl run #1: crashed: general protection fault in hci_uart_tty_ioctl run #2: crashed: general protection fault in hci_uart_tty_ioctl run #3: crashed: general protection fault in hci_uart_tty_ioctl run #4: crashed: general protection fault in hci_uart_tty_ioctl run #5: crashed: general protection fault in hci_uart_tty_ioctl run #6: crashed: general protection fault in hci_uart_tty_ioctl run #7: crashed: general protection fault in hci_uart_tty_ioctl run #8: crashed: general protection fault in hci_uart_tty_ioctl run #9: crashed: general protection fault in hci_uart_tty_ioctl run #10: crashed: general protection fault in hci_uart_tty_ioctl run #11: crashed: general protection fault in hci_uart_tty_ioctl run #12: crashed: general protection fault in hci_uart_tty_ioctl run #13: crashed: general protection fault in hci_uart_tty_ioctl run #14: crashed: general protection fault in hci_uart_tty_ioctl run #15: crashed: general protection fault in hci_uart_tty_ioctl run #16: crashed: general protection fault in hci_uart_tty_ioctl run #17: crashed: general protection fault in hci_uart_tty_ioctl run #18: crashed: general protection fault in hci_uart_tty_ioctl run #19: OK representative crash: general protection fault in hci_uart_tty_ioctl, types: [UNKNOWN] the chunk can be dropped minimized to 400 configs; suspects: [6LOWPAN 6LOWPAN_GHC_EXT_HDR_DEST 6LOWPAN_GHC_EXT_HDR_FRAG 6LOWPAN_GHC_EXT_HDR_HOP 6LOWPAN_GHC_EXT_HDR_ROUTE 6LOWPAN_GHC_ICMPV6 6LOWPAN_GHC_UDP 6LOWPAN_NHC 6LOWPAN_NHC_DEST 6LOWPAN_NHC_FRAGMENT 6LOWPAN_NHC_HOP 6LOWPAN_NHC_IPV6 6LOWPAN_NHC_MOBILITY 6LOWPAN_NHC_ROUTING 6LOWPAN_NHC_UDP 6PACK 842_COMPRESS 842_DECOMPRESS 9P_FSCACHE 9P_FS_POSIX_ACL 9P_FS_SECURITY ACORN_PARTITION ACORN_PARTITION_ADFS ACORN_PARTITION_CUMANA ACORN_PARTITION_EESOX ACORN_PARTITION_ICS ACORN_PARTITION_POWERTEC ACORN_PARTITION_RISCIX ACPI_NFIT ACPI_PLATFORM_PROFILE ADFS_FS AFFS_FS AFS_FS AFS_FSCACHE AF_KCM AF_RXRPC AF_RXRPC_IPV6 AIX_PARTITION AMIGA_PARTITION ANDROID_BINDERFS ANDROID_BINDER_IPC ANON_VMA_NAME APERTURE_HELPERS AR5523 ARCH_ENABLE_MEMORY_HOTREMOVE ARCH_ENABLE_THP_MIGRATION ASM_MODVERSIONS ASYNC_CORE ASYNC_MEMCPY ASYNC_PQ ASYNC_RAID6_RECOV ASYNC_TX_DMA ASYNC_XOR ATARI_PARTITION ATA_GENERIC ATA_OVER_ETH ATH10K ATH10K_CE ATH10K_PCI ATH10K_USB ATH11K ATH6KL ATH6KL_USB ATH9K ATH9K_AHB ATH9K_BTCOEX_SUPPORT ATH9K_CHANNEL_CONTEXT ATH9K_COMMON ATH9K_COMMON_DEBUG ATH9K_DEBUGFS ATH9K_DYNACK ATH9K_HTC ATH9K_HTC_DEBUGFS ATH9K_HW ATH9K_PCI ATH9K_PCOEM ATH9K_RFKILL ATH_COMMON ATM ATM_BR2684 ATM_CLIP ATM_DRIVERS ATM_LANE ATM_MPOA ATM_TCP AUXILIARY_BUS AX25 AX25_DAMA_SLAVE AX88796B_PHY BAREUDP BATMAN_ADV BATMAN_ADV_BATMAN_V BATMAN_ADV_BLA BATMAN_ADV_DAT BATMAN_ADV_MCAST BATMAN_ADV_NC BCACHE BCMA BCMA_HOST_PCI_POSSIBLE BEFS_FS BFQ_CGROUP_DEBUG BFQ_GROUP_IOSCHED BFS_FS BIG_KEYS BLK_CGROUP_RWSTAT BLK_DEBUG_FS_ZONED BLK_DEV_BSGLIB BLK_DEV_FD BLK_DEV_INITRD BLK_DEV_INTEGRITY BLK_DEV_INTEGRITY_T10 BLK_DEV_NBD BLK_DEV_NULL_BLK BLK_DEV_NULL_BLK_FAULT_INJECTION BLK_DEV_NVME BLK_DEV_PMEM BLK_DEV_RAM BLK_DEV_RNBD BLK_DEV_RNBD_CLIENT BLK_DEV_THROTTLING BLK_DEV_ZONED BLK_ICQ BLK_INLINE_ENCRYPTION BLK_INLINE_ENCRYPTION_FALLBACK BLK_MQ_RDMA BLK_WBT BLK_WBT_MQ BONDING BOOT_VESA_SUPPORT BPF_EVENTS BPF_JIT BPF_JIT_ALWAYS_ON BPF_JIT_DEFAULT_ON BPF_LSM BPF_PRELOAD BPF_PRELOAD_UMD BPF_STREAM_PARSER BPF_SYSCALL BPQETHER BRIDGE BRIDGE_CFM BRIDGE_EBT_802_3 BRIDGE_EBT_AMONG BRIDGE_EBT_ARP BRIDGE_EBT_ARPREPLY BRIDGE_EBT_BROUTE BRIDGE_EBT_DNAT BRIDGE_EBT_IP BRIDGE_EBT_IP6 BRIDGE_EBT_LIMIT BRIDGE_EBT_LOG BRIDGE_EBT_MARK BRIDGE_EBT_MARK_T BRIDGE_EBT_NFLOG BRIDGE_EBT_PKTTYPE BRIDGE_EBT_REDIRECT BRIDGE_EBT_SNAT BRIDGE_EBT_STP BRIDGE_EBT_T_FILTER BRIDGE_EBT_T_NAT BRIDGE_EBT_VLAN BRIDGE_IGMP_SNOOPING BRIDGE_MRP BRIDGE_NF_EBTABLES BRIDGE_VLAN_FILTERING BSD_DISKLABEL BSD_PROCESS_ACCT_V3 BT BTRFS_ASSERT BTRFS_FS BTRFS_FS_POSIX_ACL BTRFS_FS_REF_VERIFY BTT BT_6LOWPAN BT_ATH3K BT_BCM BT_BNEP BT_BNEP_MC_FILTER BT_BNEP_PROTO_FILTER BT_BREDR BT_CMTP BT_HCIBCM203X BT_HCIBFUSB BT_HCIBPA10X BT_HCIBTUSB BT_HCIBTUSB_BCM BT_HCIBTUSB_MTK BT_HCIBTUSB_RTL BT_HCIUART BT_HCIUART_3WIRE BT_HCIUART_AG6XX BT_HCIUART_BCSP BT_HCIUART_H4 BT_HCIUART_LL BT_HCIUART_MRVL BT_HCIUART_QCA BT_HCIUART_SERDEV BT_HCIVHCI BT_HIDP BT_HS BT_INTEL BT_LE BT_LEDS BT_MSFTEXT BT_MTK BT_QCA BT_RFCOMM BT_RFCOMM_TTY BT_RTL CACHEFILES CAIF CAIF_DEBUG CAIF_DRIVERS CAIF_NETDEV CAIF_TTY CAIF_USB CAIF_VIRTIO CAN CAN_8DEV_USB CAN_BCM CAN_CALC_BITTIMING CAN_DEV CAN_EMS_USB CAN_GS_USB CAN_GW CAN_IFI_CANFD CAN_ISOTP CAN_J1939 CAN_KVASER_USB CAN_MCBA_USB CAN_NETLINK CAN_PEAK_USB CAN_RAW CAN_SLCAN CAN_VCAN CAN_VXCAN CAPI_TRACE CARL9170 CARL9170_HWRNG CARL9170_LEDS CARL9170_WPC CC_HAS_ZERO_CALL_USED_REGS CEC_CORE CEPH_FS CEPH_FSCACHE CEPH_FS_POSIX_ACL CEPH_LIB CEPH_LIB_USE_DNS_RESOLVER CFG80211 CFG80211_CRDA_SUPPORT CFG80211_DEBUGFS CFG80211_DEFAULT_PS CFG80211_REQUIRE_SIGNED_REGDB CFG80211_USE_KERNEL_REGDB_KEYS CFG80211_WEXT CFS_BANDWIDTH CGROUP_BPF CHARGER_BQ24190 CHARGER_ISP1704 CHR_DEV_ST CIFS CIFS_ALLOW_INSECURE_LEGACY CIFS_DEBUG CIFS_DFS_UPCALL CIFS_FSCACHE CIFS_POSIX CIFS_SMB_DIRECT CIFS_SWN_UPCALL CIFS_UPCALL CIFS_XATTR CLS_U32_MARK CLS_U32_PERF CMA CMA_SIZE_SEL_MBYTES CMDLINE_PARTITION COMEDI COMEDI_DT9812 COMEDI_NI_USB6501 COMEDI_USBDUX COMEDI_USBDUXFAST COMEDI_USBDUXSIGMA COMEDI_USB_DRIVERS COMEDI_VMK80XX COMPAT_NETLINK_MESSAGES COUNTER CRAMFS CRAMFS_BLOCKDEV CRAMFS_MTD CRC4 CRC64 CRC64_ROCKSOFT CRC7 CRC8 CRC_ITU_T CRC_T10DIF CRYPTO_ADIANTUM CRYPTO_AEGIS128 CRYPTO_AEGIS128_AESNI_SSE2 CRYPTO_AES_NI_INTEL CRYPTO_AES_TI CRYPTO_ANSI_CPRNG CRYPTO_ANUBIS CRYPTO_ARC4 CRYPTO_ARCH_HAVE_LIB_BLAKE2S CRYPTO_ARCH_HAVE_LIB_CHACHA CRYPTO_ARCH_HAVE_LIB_CURVE25519 CRYPTO_ARCH_HAVE_LIB_POLY1305 CRYPTO_ARIA CRYPTO_ARIA_AESNI_AVX_X86_64 CRYPTO_BLAKE2B CRYPTO_BLAKE2S_X86 CRYPTO_BLOWFISH CRYPTO_BLOWFISH_COMMON CRYPTO_BLOWFISH_X86_64 CRYPTO_CAMELLIA CRYPTO_CAMELLIA_AESNI_AVX2_X86_64 CRYPTO_CAMELLIA_AESNI_AVX_X86_64 CRYPTO_CAMELLIA_X86_64 CRYPTO_CAST5 CRYPTO_CAST5_AVX_X86_64 CRYPTO_CAST6 CRYPTO_CAST6_AVX_X86_64 CRYPTO_CAST_COMMON CRYPTO_CFB CRYPTO_CHACHA20 CRYPTO_CHACHA20POLY1305 CRYPTO_CHACHA20_X86_64 CRYPTO_CRC32 CRYPTO_CRC32C_INTEL CRYPTO_CRC32_PCLMUL CRYPTO_CRC64_ROCKSOFT CRYPTO_CRCT10DIF CRYPTO_CRCT10DIF_PCLMUL CRYPTO_CRYPTD CRYPTO_CTS CRYPTO_CURVE25519 CRYPTO_CURVE25519_X86 CRYPTO_DEFLATE CRYPTO_DES CRYPTO_DES3_EDE_X86_64 CRYPTO_DEV_CCP CRYPTO_DEV_CCP_DD CRYPTO_DEV_PADLOCK CRYPTO_DEV_PADLOCK_AES CRYPTO_DEV_PADLOCK_SHA CRYPTO_DEV_QAT CRYPTO_DEV_QAT_C3XXX CRYPTO_DEV_QAT_C3XXXVF CRYPTO_DEV_QAT_C62X CRYPTO_DEV_QAT_C62XVF CRYPTO_DEV_QAT_DH895xCC CRYPTO_DEV_QAT_DH895xCCVF CRYPTO_DEV_VIRTIO CRYPTO_DH CRYPTO_DRBG_CTR CRYPTO_DRBG_HASH CRYPTO_ECB CRYPTO_ECC CRYPTO_ECDH CRYPTO_ECRDSA CRYPTO_ENGINE CRYPTO_ESSIV CRYPTO_FCRYPT CRYPTO_GHASH_CLMUL_NI_INTEL CRYPTO_HCTR2 CRYPTO_KDF800108_CTR CRYPTO_KEYWRAP CRYPTO_KHAZAD CRYPTO_KPP CRYPTO_LIB_ARC4 CRYPTO_LIB_CHACHA CRYPTO_LIB_CHACHA20POLY1305 CRYPTO_LIB_CHACHA_GENERIC CRYPTO_LIB_CURVE25519 CRYPTO_LIB_CURVE25519_GENERIC CRYPTO_LIB_DES CRYPTO_LIB_POLY1305 CRYPTO_LIB_POLY1305_GENERIC CRYPTO_LRW CRYPTO_MICHAEL_MIC CRYPTO_NHPOLY1305 CRYPTO_NHPOLY1305_AVX2 CRYPTO_NHPOLY1305_SSE2 CRYPTO_OFB CRYPTO_PCBC CRYPTO_PCRYPT CRYPTO_POLY1305 CRYPTO_POLY1305_X86_64 CRYPTO_POLYVAL CRYPTO_POLYVAL_CLMUL_NI CRYPTO_RMD160 CRYPTO_SEED CRYPTO_SERPENT CRYPTO_SERPENT_AVX2_X86_64 CRYPTO_SERPENT_AVX_X86_64 CRYPTO_SERPENT_SSE2_X86_64 CRYPTO_SHA1_SSSE3 CRYPTO_SHA256_SSSE3 CRYPTO_SHA3 CRYPTO_SHA512_SSSE3 CRYPTO_SIMD CRYPTO_SM2 CRYPTO_SM3 CRYPTO_SM3_AVX_X86_64 CRYPTO_SM4 CRYPTO_SM4_AESNI_AVX2_X86_64 CRYPTO_SM4_AESNI_AVX_X86_64 CRYPTO_SM4_GENERIC CRYPTO_STREEBOG CRYPTO_TEA CRYPTO_TWOFISH CRYPTO_TWOFISH_AVX_X86_64 CRYPTO_TWOFISH_COMMON CRYPTO_TWOFISH_X86_64 CRYPTO_TWOFISH_X86_64_3WAY CRYPTO_USER CRYPTO_USER_API CRYPTO_USER_API_AEAD CRYPTO_USER_API_ENABLE_OBSOLETE CRYPTO_USER_API_HASH CRYPTO_USER_API_RNG CRYPTO_USER_API_SKCIPHER CRYPTO_VMAC CRYPTO_WP512 CRYPTO_XCBC CRYPTO_XCTR CRYPTO_XTS CRYPTO_XXHASH CUSE CYPRESS_FIRMWARE DAMON DAMON_DBGFS DAMON_PADDR DAMON_RECLAIM DAMON_VADDR DAX DCA DCB DEFAULT_PFIFO_FAST DEVICE_MIGRATION DEVICE_PRIVATE DEV_COREDUMP DEV_DAX DIMLIB DLN2_ADC DMABUF_HEAPS DMABUF_HEAPS_CMA DMABUF_HEAPS_SYSTEM DMABUF_MOVE_NOTIFY DMA_CMA DMA_ENGINE_RAID DM_AUDIT DM_BIO_PRISON DM_BUFIO DM_CACHE DM_CACHE_SMQ DM_CLONE DM_CRYPT DM_FLAKEY DM_INTEGRITY DM_MULTIPATH DM_MULTIPATH_QL DM_MULTIPATH_ST DM_PERSISTENT_DATA DM_RAID DM_SNAPSHOT DM_THIN_PROVISIONING DM_UEVENT DM_VERITY DM_VERITY_FEC DM_WRITECACHE DM_ZONED DRAGONRISE_FF DRM DRM_BOCHS DRM_BUDDY DRM_CIRRUS_QEMU DRM_DEBUG_MM ENCRYPTED_KEYS EXTCON FSCACHE FUSE_FS GPIOLIB HAMRADIO HID_DRAGONRISE IIO INFINIBAND INFINIBAND_ADDR_TRANS INFINIBAND_RTRS_CLIENT IOSCHED_BFQ ISDN ISDN_CAPI LIBNVDIMM MAC80211 MAC80211_LEDS MEDIA_SUPPORT MEMORY_HOTPLUG MEMORY_HOTREMOVE MFD_DLN2 MTD NET_CLS_U32 NET_SCH_DEFAULT PARTITION_ADVANCED RFKILL SERIAL_DEV_BUS TLS TLS_DEVICE TRANSPARENT_HUGEPAGE TRUSTED_KEYS USB_GADGET USB_PHY VLAN_8021Q WANT_COMPAT_NETLINK_MESSAGES WEXT_CORE WIRELESS WIRELESS_EXT WLAN WLAN_VENDOR_ATH X86_X32_ABI ZONE_DEVICE] determining the merge base between c2cbfe5f51227dfe6ef7be013f0d56a32c040faa and 57d88e8a5974644039fbc47806bac7bb12025636 830b3c68c1fb1e9176028d02ef86f3cf76aa2476/Linux 6.1 is a merge base, check if it has the bug testing commit 830b3c68c1fb1e9176028d02ef86f3cf76aa2476 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 6aa6d28293136999abe6e5a8c2c8a47b5793279bf77871ffe417ddb158178ee6 run #0: crashed: general protection fault in hci_uart_tty_ioctl run #1: crashed: general protection fault in hci_uart_tty_ioctl run #2: crashed: general protection fault in hci_uart_tty_ioctl run #3: crashed: general protection fault in hci_uart_tty_ioctl run #4: crashed: general protection fault in hci_uart_tty_ioctl run #5: crashed: general protection fault in hci_uart_tty_ioctl run #6: crashed: general protection fault in hci_uart_tty_ioctl run #7: crashed: general protection fault in hci_uart_tty_ioctl run #8: crashed: general protection fault in hci_uart_tty_ioctl run #9: crashed: general protection fault in hci_uart_tty_ioctl run #10: crashed: general protection fault in hci_uart_tty_ioctl run #11: crashed: general protection fault in hci_uart_tty_ioctl run #12: crashed: general protection fault in hci_uart_tty_ioctl run #13: crashed: general protection fault in hci_uart_tty_ioctl run #14: crashed: general protection fault in hci_uart_tty_ioctl run #15: crashed: general protection fault in hci_uart_tty_ioctl run #16: crashed: general protection fault in hci_uart_tty_ioctl run #17: OK run #18: crashed: general protection fault in hci_uart_tty_ioctl run #19: crashed: general protection fault in hci_uart_tty_ioctl representative crash: general protection fault in hci_uart_tty_ioctl, types: [UNKNOWN] testing current HEAD 57d88e8a5974644039fbc47806bac7bb12025636 testing commit 57d88e8a5974644039fbc47806bac7bb12025636 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 8914caea3a2ccc90e34ad9bb7b62ee9180da6866ab2c6cef5cbc6680da44d313 all runs: OK false negative chance: 0.000 # git bisect start 57d88e8a5974644039fbc47806bac7bb12025636 830b3c68c1fb1e9176028d02ef86f3cf76aa2476 Bisecting: 38401 revisions left to test after this (roughly 15 steps) [b68ee1c6131c540a62ecd443be89c406401df091] Merge tag 'scsi-misc' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi determine whether the revision contains the guilty commit revision 830b3c68c1fb1e9176028d02ef86f3cf76aa2476 crashed and is reachable testing commit b68ee1c6131c540a62ecd443be89c406401df091 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: c1159f05f8572586a81d13bfd1f71f3bf813d19f11efeb1c974134a40147752b all runs: crashed: general protection fault in hci_uart_tty_ioctl representative crash: general protection fault in hci_uart_tty_ioctl, types: [UNKNOWN] # git bisect good b68ee1c6131c540a62ecd443be89c406401df091 Bisecting: 19232 revisions left to test after this (roughly 14 steps) [abaa02fc944f2f9f2c2e1925ddaceaf35c48528c] powerpc: dts: turris1x.dts: Fix PCIe MEM size for pci2 node determine whether the revision contains the guilty commit revision 830b3c68c1fb1e9176028d02ef86f3cf76aa2476 crashed and is reachable testing commit abaa02fc944f2f9f2c2e1925ddaceaf35c48528c gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: ae89db0a51d073af53f5ead11d30aae0ce9052f102648b4bb9ad9b5cea4972b3 all runs: crashed: general protection fault in hci_uart_tty_ioctl representative crash: general protection fault in hci_uart_tty_ioctl, types: [UNKNOWN] # git bisect good abaa02fc944f2f9f2c2e1925ddaceaf35c48528c Bisecting: 9389 revisions left to test after this (roughly 13 steps) [bd6c11bc43c496cddfc6cf603b5d45365606dbd5] Merge tag 'net-next-6.6' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next determine whether the revision contains the guilty commit revision b68ee1c6131c540a62ecd443be89c406401df091 crashed and is reachable testing commit bd6c11bc43c496cddfc6cf603b5d45365606dbd5 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: e8cd505850c507d107be6da12842177af5e8db08ebef8ee9e4026aa1a97cf334 all runs: OK false negative chance: 0.000 # git bisect bad bd6c11bc43c496cddfc6cf603b5d45365606dbd5 Bisecting: 4912 revisions left to test after this (roughly 12 steps) [999f6631866e9ea81add935b9c6ebaab0579d259] Merge tag 'net-6.5-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net determine whether the revision contains the guilty commit revision 830b3c68c1fb1e9176028d02ef86f3cf76aa2476 crashed and is reachable testing commit 999f6631866e9ea81add935b9c6ebaab0579d259 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 5a4a76bd8945792961ae9745e052b19f59e19f1b174508069c4bf18fe0f5c5fa all runs: crashed: general protection fault in hci_uart_tty_ioctl representative crash: general protection fault in hci_uart_tty_ioctl, types: [UNKNOWN] # git bisect good 999f6631866e9ea81add935b9c6ebaab0579d259 Bisecting: 2457 revisions left to test after this (roughly 11 steps) [5d21d0a65b573507bae774708199328b38dedfe6] net: generalize calculation of skb extensions length determine whether the revision contains the guilty commit revision 830b3c68c1fb1e9176028d02ef86f3cf76aa2476 crashed and is reachable testing commit 5d21d0a65b573507bae774708199328b38dedfe6 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: b2ad798660f10b627844607412d4fa5c781302a5d50d13a57ed277755c47b957 all runs: OK false negative chance: 0.000 # git bisect bad 5d21d0a65b573507bae774708199328b38dedfe6 Bisecting: 1305 revisions left to test after this (roughly 10 steps) [4bb28b27040bb070477ce9610173e7360b02ba9b] i40e: Replace one-element array with flex-array member in struct i40e_profile_aq_section determine whether the revision contains the guilty commit revision b68ee1c6131c540a62ecd443be89c406401df091 crashed and is reachable testing commit 4bb28b27040bb070477ce9610173e7360b02ba9b gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 3ae9ed1016a311d9ea1de11f8f4bde49de62a2f917e6db67010d27b1cad8a0bb all runs: crashed: general protection fault in hci_uart_tty_ioctl representative crash: general protection fault in hci_uart_tty_ioctl, types: [UNKNOWN] # git bisect good 4bb28b27040bb070477ce9610173e7360b02ba9b Bisecting: 652 revisions left to test after this (roughly 9 steps) [2c9f0293280e258606e54ed2b96fa71498432eae] netfilter: nf_tables: flush pending destroy work before netlink notifier determine whether the revision contains the guilty commit revision 830b3c68c1fb1e9176028d02ef86f3cf76aa2476 crashed and is reachable testing commit 2c9f0293280e258606e54ed2b96fa71498432eae gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 3f8fdd5ad6c06e4657eac2a5884bb68e8939580fbd7e71a6f6c67e5d54e5c075 all runs: crashed: general protection fault in hci_uart_tty_ioctl representative crash: general protection fault in hci_uart_tty_ioctl, types: [UNKNOWN] # git bisect good 2c9f0293280e258606e54ed2b96fa71498432eae Bisecting: 320 revisions left to test after this (roughly 8 steps) [c6cfc6cd7685a24ea00a24a4fb91aa96d611084e] Merge branch '100GbE' of git://git.kernel.org/pub/scm/linux/kernel/git/tnguy/next-queue determine whether the revision contains the guilty commit revision 999f6631866e9ea81add935b9c6ebaab0579d259 crashed and is reachable testing commit c6cfc6cd7685a24ea00a24a4fb91aa96d611084e gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: faa0228184c4acbfd02afe41e90a973ed777f4095035aee39b8bfda67ce128f5 all runs: OK false negative chance: 0.000 # git bisect bad c6cfc6cd7685a24ea00a24a4fb91aa96d611084e Bisecting: 165 revisions left to test after this (roughly 7 steps) [d0d449c747649dd38e7a1fb66a5e29f10284e287] mlxsw: core_acl_flex_actions: Add IGNORE_ACTION determine whether the revision contains the guilty commit revision 830b3c68c1fb1e9176028d02ef86f3cf76aa2476 crashed and is reachable testing commit d0d449c747649dd38e7a1fb66a5e29f10284e287 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 00d97c225754f5253bad236bf10dc37d229bf284211d3f34ed77270f66d58d22 all runs: OK false negative chance: 0.000 # git bisect bad d0d449c747649dd38e7a1fb66a5e29f10284e287 Bisecting: 82 revisions left to test after this (roughly 6 steps) [6f55eea116ba3646fb5fbb31de703f8cf79d8214] Bluetooth: hci_sync: Don't double print name in add/remove adv_monitor determine whether the revision contains the guilty commit revision 999f6631866e9ea81add935b9c6ebaab0579d259 crashed and is reachable testing commit 6f55eea116ba3646fb5fbb31de703f8cf79d8214 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: ac27fdf9febec98d4bb1581fafd11c5eb5c57a433e095c9101a473054ff15c4c all runs: crashed: general protection fault in hci_uart_tty_ioctl representative crash: general protection fault in hci_uart_tty_ioctl, types: [UNKNOWN] # git bisect good 6f55eea116ba3646fb5fbb31de703f8cf79d8214 Bisecting: 48 revisions left to test after this (roughly 5 steps) [b5793de3cfaefef34a1fc9305c9fe3dbcd0ac792] Bluetooth: hci_conn: avoid checking uninitialized CIG/CIS ids determine whether the revision contains the guilty commit revision abaa02fc944f2f9f2c2e1925ddaceaf35c48528c crashed and is reachable testing commit b5793de3cfaefef34a1fc9305c9fe3dbcd0ac792 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: b3465e21d0f08511d76ca5e21ca3f47714724936e36c3861127dde4f421947da all runs: OK false negative chance: 0.000 # git bisect bad b5793de3cfaefef34a1fc9305c9fe3dbcd0ac792 Bisecting: 16 revisions left to test after this (roughly 4 steps) [123c26311859b1b1848b1cfe80feac228fd5afb5] Bluetooth: btusb: Move btusb_recv_event_intel to btintel determine whether the revision contains the guilty commit revision b68ee1c6131c540a62ecd443be89c406401df091 crashed and is reachable testing commit 123c26311859b1b1848b1cfe80feac228fd5afb5 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: ec61ae4bea5e583500b7b4d4415f237f2fe49e92e19bd630275a019e7786d311 all runs: OK false negative chance: 0.000 # git bisect bad 123c26311859b1b1848b1cfe80feac228fd5afb5 Bisecting: 8 revisions left to test after this (roughly 3 steps) [0e72e3b12c1ee73e8cb180f0bff204a9eb51621a] Bluetooth: btmtk: Fix kernel crash when processing coredump determine whether the revision contains the guilty commit revision b68ee1c6131c540a62ecd443be89c406401df091 crashed and is reachable testing commit 0e72e3b12c1ee73e8cb180f0bff204a9eb51621a gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: ba8e6bb552a462f4235a28aec3a3f607d25c4dff9d7936177668a267bc0bd58c all runs: OK false negative chance: 0.000 # git bisect bad 0e72e3b12c1ee73e8cb180f0bff204a9eb51621a Bisecting: 3 revisions left to test after this (roughly 2 steps) [82eae9dc438cd7932b5a1c79057378839f1e61e0] Bluetooth: hci_debugfs: Use kstrtobool() instead of strtobool() determine whether the revision contains the guilty commit revision 999f6631866e9ea81add935b9c6ebaab0579d259 crashed and is reachable testing commit 82eae9dc438cd7932b5a1c79057378839f1e61e0 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: a0584c6117dc53bfe3baaab30ed8114dbc4035c7183013750bea1ffa0930d807 run #0: basic kernel testing failed: WARNING in call_timer_fn run #1: crashed: general protection fault in hci_uart_tty_ioctl run #2: crashed: general protection fault in hci_uart_tty_ioctl run #3: crashed: general protection fault in hci_uart_tty_ioctl run #4: crashed: general protection fault in hci_uart_tty_ioctl run #5: crashed: general protection fault in hci_uart_tty_ioctl run #6: crashed: general protection fault in hci_uart_tty_ioctl run #7: crashed: general protection fault in hci_uart_tty_ioctl run #8: crashed: general protection fault in hci_uart_tty_ioctl run #9: crashed: general protection fault in hci_uart_tty_ioctl run #10: crashed: general protection fault in hci_uart_tty_ioctl run #11: crashed: general protection fault in hci_uart_tty_ioctl run #12: crashed: general protection fault in hci_uart_tty_ioctl run #13: crashed: general protection fault in hci_uart_tty_ioctl run #14: crashed: general protection fault in hci_uart_tty_ioctl run #15: crashed: general protection fault in hci_uart_tty_ioctl run #16: crashed: general protection fault in hci_uart_tty_ioctl run #17: crashed: general protection fault in hci_uart_tty_ioctl run #18: crashed: general protection fault in hci_uart_tty_ioctl run #19: crashed: general protection fault in hci_uart_tty_ioctl representative crash: general protection fault in hci_uart_tty_ioctl, types: [UNKNOWN] # git bisect good 82eae9dc438cd7932b5a1c79057378839f1e61e0 Bisecting: 1 revision left to test after this (roughly 1 step) [573ebae162111063eedc6c838a659ba628f66a0f] Bluetooth: Fix hci_suspend_sync crash determine whether the revision contains the guilty commit revision 830b3c68c1fb1e9176028d02ef86f3cf76aa2476 crashed and is reachable testing commit 573ebae162111063eedc6c838a659ba628f66a0f gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 4db31fb4ce1fc05464482b7f77fad340f9e23bcace5ac0a7d5a723a787c0a6be all runs: OK false negative chance: 0.000 # git bisect bad 573ebae162111063eedc6c838a659ba628f66a0f Bisecting: 0 revisions left to test after this (roughly 0 steps) [9c33663af9ad115f90c076a1828129a3fbadea98] Bluetooth: hci_ldisc: check HCI_UART_PROTO_READY flag in HCIUARTGETPROTO determine whether the revision contains the guilty commit revision 999f6631866e9ea81add935b9c6ebaab0579d259 crashed and is reachable testing commit 9c33663af9ad115f90c076a1828129a3fbadea98 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 289d22660b5bc49d0ccd1c82103a92ff648be1ce47d61ddb4fbd24c5da08ecf7 all runs: OK false negative chance: 0.000 # git bisect bad 9c33663af9ad115f90c076a1828129a3fbadea98 9c33663af9ad115f90c076a1828129a3fbadea98 is the first bad commit commit 9c33663af9ad115f90c076a1828129a3fbadea98 Author: Lee, Chun-Yi Date: Mon Jul 10 23:17:23 2023 +0800 Bluetooth: hci_ldisc: check HCI_UART_PROTO_READY flag in HCIUARTGETPROTO This patch adds code to check HCI_UART_PROTO_READY flag before accessing hci_uart->proto. It fixes the race condition in hci_uart_tty_ioctl() between HCIUARTSETPROTO and HCIUARTGETPROTO. This issue bug found by Yu Hao and Weiteng Chen: BUG: general protection fault in hci_uart_tty_ioctl [1] The information of C reproducer can also reference the link [2] Reported-by: Yu Hao Closes: https://lore.kernel.org/all/CA+UBctC3p49aTgzbVgkSZ2+TQcqq4fPDO7yZitFT5uBPDeCO2g@mail.gmail.com/ [1] Reported-by: Weiteng Chen Closes: https://lore.kernel.org/lkml/CA+UBctDPEvHdkHMwD340=n02rh+jNRJNNQ5LBZNA+Wm4Keh2ow@mail.gmail.com/T/ [2] Signed-off-by: "Lee, Chun-Yi" Signed-off-by: Luiz Augusto von Dentz drivers/bluetooth/hci_ldisc.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) accumulated error probability: 0.00 culprit signature: 289d22660b5bc49d0ccd1c82103a92ff648be1ce47d61ddb4fbd24c5da08ecf7 parent signature: a0584c6117dc53bfe3baaab30ed8114dbc4035c7183013750bea1ffa0930d807 reproducer is flaky (0.95 repro chance estimate) revisions tested: 25, total time: 6h26m55.934407857s (build: 1h40m59.932463787s, test: 4h35m41.517132658s) first good commit: 9c33663af9ad115f90c076a1828129a3fbadea98 Bluetooth: hci_ldisc: check HCI_UART_PROTO_READY flag in HCIUARTGETPROTO recipients (to): ["jlee@suse.com" "joeyli.kernel@gmail.com" "luiz.von.dentz@intel.com"] recipients (cc): []