ci starts bisection 2024-12-26 06:32:38.539114765 +0000 UTC m=+244329.534291829 bisecting cause commit starting from 0a9b9d17f3a781dea03baca01c835deaa07f7cc3 building syzkaller on 77f3eeb755d0c3e79023775a7e72e05dded0f8a1 ensuring issue is reproducible on original commit 0a9b9d17f3a781dea03baca01c835deaa07f7cc3 testing commit 0a9b9d17f3a781dea03baca01c835deaa07f7cc3 gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: c975c9e2ab8884afda46f61d8b4c48b0f3f1e84faa05313c040512b5b49c3bc6 all runs: crashed: INFO: task hung in hci_cmd_sync_clear representative crash: INFO: task hung in hci_cmd_sync_clear, types: [HANG] check whether we can drop unnecessary instrumentation disabling configs for [KASAN LOCKDEP ATOMIC_SLEEP LEAK UBSAN BUG], they are not needed testing commit 0a9b9d17f3a781dea03baca01c835deaa07f7cc3 gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 952705a515e84fdd763a471ee3124c6b62caab7ab0d40cea1c65cf09b80b089c all runs: crashed: INFO: task hung in hci_cmd_sync_clear representative crash: INFO: task hung in hci_cmd_sync_clear, types: [HANG] the bug reproduces without the instrumentation disabling configs for [UBSAN BUG KASAN LOCKDEP ATOMIC_SLEEP LEAK], they are not needed kconfig minimization: base=4046 full=8191 leaves diff=2107 split chunks (needed=false): <2107> split chunk #0 of len 2107 into 5 parts testing without sub-chunk 1/5 disabling configs for [UBSAN BUG KASAN LOCKDEP ATOMIC_SLEEP LEAK], they are not needed testing commit 0a9b9d17f3a781dea03baca01c835deaa07f7cc3 gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 8e7232be95867cbcbd9db73919c2bb9625a899d7a8f8d46c23521d654421ccc9 all runs: OK false negative chance: 0.000 testing without sub-chunk 2/5 disabling configs for [BUG KASAN LOCKDEP ATOMIC_SLEEP LEAK UBSAN], they are not needed testing commit 0a9b9d17f3a781dea03baca01c835deaa07f7cc3 gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 5c1cb8c19ee8999f10ab9c04bb9751dc4968b86d77adf088e0cffb69562cb635 all runs: crashed: INFO: task hung in hci_cmd_sync_clear representative crash: INFO: task hung in hci_cmd_sync_clear, types: [HANG] the chunk can be dropped testing without sub-chunk 3/5 disabling configs for [LEAK UBSAN BUG KASAN LOCKDEP ATOMIC_SLEEP], they are not needed testing commit 0a9b9d17f3a781dea03baca01c835deaa07f7cc3 gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 30738c5326c335b6f0b6ea03ecb189291ef4517cdd4d3460378a8489b7344583 all runs: crashed: INFO: task hung in hci_cmd_sync_clear representative crash: INFO: task hung in hci_cmd_sync_clear, types: [HANG] the chunk can be dropped testing without sub-chunk 4/5 disabling configs for [LEAK UBSAN BUG KASAN LOCKDEP ATOMIC_SLEEP], they are not needed testing commit 0a9b9d17f3a781dea03baca01c835deaa07f7cc3 gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 2ebd1f9832770e61f2aedb229d6cae4a88791c9a0f68272ea205d2a937e93512 all runs: crashed: INFO: task hung in hci_cmd_sync_clear representative crash: INFO: task hung in hci_cmd_sync_clear, types: [HANG] the chunk can be dropped testing without sub-chunk 5/5 disabling configs for [LOCKDEP ATOMIC_SLEEP LEAK UBSAN BUG KASAN], they are not needed testing commit 0a9b9d17f3a781dea03baca01c835deaa07f7cc3 gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 389b5a477ed53bce67d5b2015cec90cb3ef1bb81e098e08b3d93dd0f6fc55349 all runs: crashed: INFO: task hung in hci_cmd_sync_clear representative crash: INFO: task hung in hci_cmd_sync_clear, types: [HANG] the chunk can be dropped minimized to 422 configs; suspects: [6LOWPAN 6LOWPAN_GHC_EXT_HDR_DEST 6LOWPAN_GHC_EXT_HDR_FRAG 6LOWPAN_GHC_EXT_HDR_HOP 6LOWPAN_GHC_EXT_HDR_ROUTE 6LOWPAN_GHC_ICMPV6 6LOWPAN_GHC_UDP 6LOWPAN_NHC 6LOWPAN_NHC_DEST 6LOWPAN_NHC_FRAGMENT 6LOWPAN_NHC_HOP 6LOWPAN_NHC_IPV6 6LOWPAN_NHC_MOBILITY 6LOWPAN_NHC_ROUTING 6LOWPAN_NHC_UDP 6PACK 842_COMPRESS 842_DECOMPRESS 9P_FSCACHE 9P_FS_POSIX_ACL 9P_FS_SECURITY ACORN_PARTITION ACORN_PARTITION_ADFS ACORN_PARTITION_CUMANA ACORN_PARTITION_EESOX ACORN_PARTITION_ICS ACORN_PARTITION_POWERTEC ACORN_PARTITION_RISCIX ACPI_NFIT ACPI_NHLT ACPI_PLATFORM_PROFILE ADFS_FS AFFS_FS AFS_FS AFS_FSCACHE AF_KCM AF_RXRPC AF_RXRPC_IPV6 AIX_PARTITION AMD_SFH_HID AMIGA_PARTITION ANDROID_BINDERFS ANDROID_BINDER_IPC ANON_VMA_NAME APERTURE_HELPERS APPLE_MFI_FASTCHARGE AR5523 ARCH_ENABLE_MEMORY_HOTREMOVE ARCH_ENABLE_THP_MIGRATION ARCH_SUPPORTS_HUGE_PFNMAP ARCH_SUPPORTS_PMD_PFNMAP ARCH_SUPPORTS_PUD_PFNMAP ARCH_SUPPORTS_RT ARCH_WANT_PMD_MKWRITE ASM_MODVERSIONS ASUS_TF103C_DOCK ASYNC_CORE ASYNC_MEMCPY ASYNC_PQ ASYNC_RAID6_RECOV ASYNC_TX_DMA ASYNC_XOR ATARI_PARTITION ATA_GENERIC ATA_OVER_ETH ATH10K ATH10K_CE ATH10K_LEDS ATH10K_PCI ATH10K_USB ATH11K ATH6KL ATH6KL_USB ATH9K ATH9K_AHB ATH9K_BTCOEX_SUPPORT ATH9K_CHANNEL_CONTEXT ATH9K_COMMON ATH9K_COMMON_DEBUG ATH9K_COMMON_SPECTRAL ATH9K_DEBUGFS ATH9K_DYNACK ATH9K_HTC ATH9K_HTC_DEBUGFS ATH9K_HW ATH9K_PCI ATH9K_PCOEM ATH9K_RFKILL ATH_COMMON ATM ATM_BR2684 ATM_CLIP ATM_DRIVERS ATM_LANE ATM_MPOA ATM_TCP AUXILIARY_BUS AX25 AX25_DAMA_SLAVE AX88796B_PHY BAREUDP BATMAN_ADV BATMAN_ADV_BATMAN_V BATMAN_ADV_BLA BATMAN_ADV_DAT BATMAN_ADV_MCAST BATMAN_ADV_NC BCACHE BCACHEFS_DEBUG BCACHEFS_ERASURE_CODING BCACHEFS_FS BCACHEFS_POSIX_ACL BCACHEFS_QUOTA BCACHEFS_SIX_OPTIMISTIC_SPIN BCMA BCMA_HOST_PCI_POSSIBLE BEFS_FS BFQ_CGROUP_DEBUG BFQ_GROUP_IOSCHED BFS_FS BIG_KEYS BLK_CGROUP_PUNT_BIO BLK_CGROUP_RWSTAT BLK_DEV_BSGLIB BLK_DEV_INTEGRITY BLK_DEV_NBD BLK_DEV_NULL_BLK BLK_DEV_NULL_BLK_FAULT_INJECTION BLK_DEV_NVME BLK_DEV_PMEM BLK_DEV_RAM BLK_DEV_RNBD BLK_DEV_RNBD_CLIENT BLK_DEV_THROTTLING BLK_DEV_ZONED BLK_ICQ BLK_INLINE_ENCRYPTION BLK_INLINE_ENCRYPTION_FALLBACK BLK_WBT BLK_WBT_MQ BONDING BOOT_VESA_SUPPORT BPF_EVENTS BPF_JIT BPF_JIT_DEFAULT_ON BPF_LSM BPF_PRELOAD BPF_PRELOAD_UMD BPF_STREAM_PARSER BPF_SYSCALL BPQETHER BRIDGE BRIDGE_CFM BRIDGE_EBT_802_3 BRIDGE_EBT_AMONG BRIDGE_EBT_ARP BRIDGE_EBT_ARPREPLY BRIDGE_EBT_BROUTE BRIDGE_EBT_DNAT BRIDGE_EBT_IP BRIDGE_EBT_IP6 BRIDGE_EBT_LIMIT BRIDGE_EBT_LOG BRIDGE_EBT_MARK BRIDGE_EBT_MARK_T BRIDGE_EBT_NFLOG BRIDGE_EBT_PKTTYPE BRIDGE_EBT_REDIRECT BRIDGE_EBT_SNAT BRIDGE_EBT_STP BRIDGE_EBT_T_FILTER BRIDGE_EBT_T_NAT BRIDGE_EBT_VLAN BRIDGE_IGMP_SNOOPING BRIDGE_MRP BRIDGE_NF_EBTABLES BRIDGE_NF_EBTABLES_LEGACY BRIDGE_VLAN_FILTERING BSD_DISKLABEL BSD_PROCESS_ACCT_V3 BT BTRFS_ASSERT BTRFS_FS BTRFS_FS_POSIX_ACL BTRFS_FS_REF_VERIFY BTT BT_6LOWPAN BT_ATH3K BT_BCM BT_BNEP BT_BNEP_MC_FILTER BT_BNEP_PROTO_FILTER BT_BREDR BT_HCIBCM203X BT_HCIBFUSB BT_HCIBPA10X BT_HCIBTUSB BT_HCIBTUSB_AUTOSUSPEND BT_HCIBTUSB_BCM BT_HCIBTUSB_MTK BT_HCIBTUSB_POLL_SYNC BT_HCIBTUSB_RTL BT_HCIUART BT_HCIUART_3WIRE BT_HCIUART_AG6XX BT_HCIUART_BCSP BT_HCIUART_H4 BT_HCIUART_LL BT_HCIUART_MRVL BT_HCIUART_QCA BT_HCIUART_SERDEV BT_HCIVHCI BT_INTEL BT_LE BT_LEDS BT_LE_L2CAP_ECRED BT_MRVL BT_MRVL_SDIO BT_MSFTEXT BT_MTK BT_MTKSDIO BT_MTKUART BT_QCA BT_RFCOMM BT_RFCOMM_TTY BT_RTL CACHEFILES CAIF CAIF_DEBUG CAIF_DRIVERS CAIF_NETDEV CAIF_TTY CAIF_USB CAIF_VIRTIO CAN CAN_8DEV_USB CAN_BCM CAN_CALC_BITTIMING CAN_DEV CAN_EMS_USB CAN_ESD_USB CAN_ETAS_ES58X CAN_F81604 CAN_GS_USB CAN_GW CAN_IFI_CANFD CAN_ISOTP CAN_J1939 CAN_KVASER_USB CAN_MCBA_USB CAN_NETLINK CAN_PEAK_USB CAN_RAW CAN_RX_OFFLOAD CAN_SLCAN CAN_UCAN CAN_VCAN CAN_VXCAN CARL9170 CARL9170_HWRNG CARL9170_LEDS CARL9170_WPC CEC_CORE CEPH_FS CEPH_FSCACHE CEPH_FS_POSIX_ACL CEPH_LIB CEPH_LIB_USE_DNS_RESOLVER CFG80211 CFG80211_CRDA_SUPPORT CFG80211_DEBUGFS CFG80211_DEFAULT_PS CFG80211_REQUIRE_SIGNED_REGDB CFG80211_USE_KERNEL_REGDB_KEYS CFG80211_WEXT CFS_BANDWIDTH CGROUP_BPF CHARGER_ISP1704 CHR_DEV_ST CIFS CIFS_ALLOW_INSECURE_LEGACY CIFS_DEBUG CIFS_DFS_UPCALL CIFS_FSCACHE CIFS_POSIX CIFS_SMB_DIRECT CIFS_SWN_UPCALL CIFS_UPCALL CIFS_XATTR CLOSURES CLS_U32_MARK CLS_U32_PERF CMA CMA_SIZE_SEL_MAX CMDLINE_PARTITION COMEDI COMEDI_DT9812 COMEDI_NI_USB6501 COMEDI_USBDUX COMEDI_USBDUXFAST COMEDI_USBDUXSIGMA COMEDI_USB_DRIVERS COMEDI_VMK80XX COMPAT_NETLINK_MESSAGES COUNTER CRAMFS CRAMFS_BLOCKDEV CRAMFS_MTD CRC4 CRC64 CRC64_ROCKSOFT CRC7 CRC8 CRC_ITU_T CRC_T10DIF CRYPTO_842 CRYPTO_ADIANTUM CRYPTO_AEGIS128 CRYPTO_AEGIS128_AESNI_SSE2 CRYPTO_AES_NI_INTEL CRYPTO_AES_TI CRYPTO_ANSI_CPRNG CRYPTO_ANUBIS CRYPTO_ARC4 CRYPTO_ARCH_HAVE_LIB_BLAKE2S CRYPTO_ARCH_HAVE_LIB_CHACHA CRYPTO_ARCH_HAVE_LIB_CURVE25519 CRYPTO_ARCH_HAVE_LIB_POLY1305 CRYPTO_ARIA CRYPTO_ARIA_AESNI_AVX_X86_64 CRYPTO_BLAKE2B CRYPTO_BLAKE2S_X86 CRYPTO_BLOWFISH CRYPTO_BLOWFISH_COMMON CRYPTO_BLOWFISH_X86_64 CRYPTO_CAMELLIA CRYPTO_CAMELLIA_AESNI_AVX2_X86_64 CRYPTO_CAMELLIA_AESNI_AVX_X86_64 CRYPTO_CAMELLIA_X86_64 CRYPTO_CAST5 CRYPTO_CAST5_AVX_X86_64 CRYPTO_CAST6 CRYPTO_CAST6_AVX_X86_64 CRYPTO_CAST_COMMON CRYPTO_CHACHA20POLY1305 CRYPTO_CHACHA20_X86_64 CRYPTO_CRC32 CRYPTO_CRC32C_INTEL CRYPTO_CRC32_PCLMUL CRYPTO_CRC64_ROCKSOFT CRYPTO_CRCT10DIF CRYPTO_CRCT10DIF_PCLMUL CRYPTO_CRYPTD CRYPTO_CURVE25519 CRYPTO_CURVE25519_X86 CRYPTO_DEFLATE CRYPTO_DES CRYPTO_DES3_EDE_X86_64 CRYPTO_DEV_CCP CRYPTO_DEV_CCP_DD CRYPTO_DEV_PADLOCK CRYPTO_DEV_PADLOCK_AES CRYPTO_DEV_PADLOCK_SHA CRYPTO_DEV_QAT CRYPTO_DEV_QAT_C3XXX CRYPTO_DEV_QAT_C3XXXVF CRYPTO_DEV_QAT_C62X CRYPTO_DEV_QAT_C62XVF CRYPTO_DEV_QAT_DH895xCC CRYPTO_DEV_QAT_DH895xCCVF CRYPTO_DEV_VIRTIO CRYPTO_DH CRYPTO_DRBG_CTR CRYPTO_DRBG_HASH CRYPTO_ECDH CRYPTO_ECRDSA CRYPTO_ENGINE CRYPTO_ESSIV CRYPTO_FCRYPT CRYPTO_GHASH_CLMUL_NI_INTEL CRYPTO_HCTR2 CRYPTO_KDF800108_CTR CRYPTO_KEYWRAP CRYPTO_KHAZAD CRYPTO_KPP CRYPTO_LIB_ARC4 CRYPTO_LIB_CHACHA CRYPTO_LIB_CHACHA20POLY1305 CRYPTO_LIB_CURVE25519 CRYPTO_LIB_CURVE25519_GENERIC CRYPTO_LIB_POLY1305 CRYPTO_LIB_POLY1305_GENERIC CRYPTO_LRW CRYPTO_LZ4 CRYPTO_LZ4HC CRYPTO_NHPOLY1305 CRYPTO_NHPOLY1305_AVX2 CRYPTO_NHPOLY1305_SSE2 CRYPTO_PCBC CRYPTO_PCRYPT CRYPTO_POLY1305 CRYPTO_POLY1305_X86_64 CRYPTO_POLYVAL CRYPTO_POLYVAL_CLMUL_NI CRYPTO_RMD160 CRYPTO_SEED CRYPTO_SERPENT CRYPTO_SERPENT_AVX2_X86_64 CRYPTO_SERPENT_AVX_X86_64 CRYPTO_SERPENT_SSE2_X86_64 CRYPTO_SHA1_SSSE3 CRYPTO_SHA256_SSSE3 CRYPTO_SHA512_SSSE3 CRYPTO_SIMD CRYPTO_SM3_AVX_X86_64 CRYPTO_SM4_AESNI_AVX2_X86_64 CRYPTO_SM4_AESNI_AVX_X86_64 CRYPTO_STREEBOG CRYPTO_TEA CRYPTO_TWOFISH CRYPTO_TWOFISH_AVX_X86_64 CRYPTO_TWOFISH_COMMON CRYPTO_TWOFISH_X86_64 CRYPTO_TWOFISH_X86_64_3WAY CRYPTO_USER CRYPTO_USER_API CRYPTO_USER_API_AEAD CRYPTO_USER_API_ENABLE_OBSOLETE CRYPTO_USER_API_HASH CRYPTO_USER_API_RNG CRYPTO_USER_API_SKCIPHER CRYPTO_VMAC CRYPTO_WP512 CRYPTO_XCTR CRYPTO_XXHASH CRYPTO_ZSTD CUSE CYPRESS_FIRMWARE DAMON DAMON_PADDR DAMON_RECLAIM DAMON_VADDR DAX DCA DCB DEFAULT_CODEL DEVICE_MIGRATION DEVICE_PRIVATE DEV_COREDUMP DEV_DAX DLN2_ADC DMABUF_HEAPS DMABUF_HEAPS_CMA DMABUF_HEAPS_SYSTEM DMABUF_MOVE_NOTIFY DMA_CMA DMA_ENGINE_RAID DM_AUDIT DM_BIO_PRISON DM_BUFIO DM_CACHE DM_CACHE_SMQ DM_CLONE DM_CRYPT DM_FLAKEY DM_INTEGRITY DM_MULTIPATH DM_MULTIPATH_QL DM_MULTIPATH_ST DM_PERSISTENT_DATA DM_RAID DM_SNAPSHOT DM_THIN_PROVISIONING DM_UEVENT DM_VERITY DM_VERITY_FEC DM_WRITECACHE DM_ZONED DRAGONRISE_FF DRM DRM_AUX_BRIDGE DRM_BOCHS DRM_BRIDGE DRM_BUDDY DRM_CIRRUS_QEMU DRM_DEBUG_MM DRM_DISPLAY_DP_AUX_BUS DRM_DISPLAY_DP_HELPER DRM_DISPLAY_HDCP_HELPER DRM_DISPLAY_HDMI_HELPER DRM_DISPLAY_HELPER DRM_FBDEV_EMULATION DRM_GEM_SHMEM_HELPER DRM_GM12U320 DRM_GUD DRM_I915 DRM_I915_CAPTURE_ERROR DRM_I915_COMPRESS_ERROR DRM_I915_USERPTR DRM_KMS_HELPER DRM_MIPI_DSI DRM_PANEL DRM_PANEL_BRIDGE DRM_PANEL_EDP DRM_PANEL_ORIENTATION_QUIRKS DRM_SIMPLEDRM DRM_TTM DRM_TTM_HELPER ENCRYPTED_KEYS FSCACHE FUSE_FS GPIOLIB HAMRADIO HID_DRAGONRISE IIO INFINIBAND INFINIBAND_ADDR_TRANS INFINIBAND_RTRS_CLIENT IOSCHED_BFQ LIBNVDIMM MAC80211 MAC80211_DEBUGFS MAC80211_LEDS MEDIA_SUPPORT MEMORY_HOTPLUG MEMORY_HOTREMOVE MFD_DLN2 MMC MTD NET_CLS_U32 NET_SCH_DEFAULT PARTITION_ADVANCED RFKILL SERIAL_DEV_BUS TLS TLS_DEVICE TRANSPARENT_HUGEPAGE TRUSTED_KEYS USB_GADGET USB_PHY VLAN_8021Q WANT_COMPAT_NETLINK_MESSAGES WEXT_CORE WIRELESS WIRELESS_EXT WLAN WLAN_VENDOR_ATH X86_X32_ABI ZONE_DEVICE] disabling configs for [KASAN LOCKDEP ATOMIC_SLEEP LEAK UBSAN BUG], they are not needed picked [v6.11 v6.10 v6.9 v6.7 v6.5 v6.3 v6.1 v5.19 v5.16 v5.13 v5.10 v5.7 v5.4 v5.1 v4.19] out of 34 release tags testing release v6.11 testing commit 98f7e32f20d28ec452afb208f9cffc08448a2652 gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: b36ec2a5380d981258fab16a7ddbcb5b7a545befb2f0619499f5772611ad1ffe all runs: crashed: INFO: task hung in hci_cmd_sync_clear representative crash: INFO: task hung in hci_cmd_sync_clear, types: [HANG] testing release v6.10 testing commit 0c3836482481200ead7b416ca80c68a29cfdaabd gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 8ab6676dad0c22023ccf99ae5d206c82bf83c8f71f76f3b98ac8576becb0ef32 all runs: crashed: INFO: task hung in hci_cmd_sync_clear representative crash: INFO: task hung in hci_cmd_sync_clear, types: [HANG] testing release v6.9 testing commit a38297e3fb012ddfa7ce0321a7e5a8daeb1872b6 gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 3b9117d40659ed818c894aa2bd89803bc18e2cfaa717e42590cd54f02cd6d932 all runs: crashed: INFO: task hung in hci_cmd_sync_clear representative crash: INFO: task hung in hci_cmd_sync_clear, types: [HANG] testing release v6.7 testing commit 0dd3ee31125508cd67f7e7172247f05b7fd1753a gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 3263e296a0a5d957883bbd8985e1a0ea87b53c842aae78f474fba372256150b5 all runs: crashed: INFO: task hung in hci_cmd_sync_clear representative crash: INFO: task hung in hci_cmd_sync_clear, types: [HANG] testing release v6.5 testing commit 2dde18cd1d8fac735875f2e4987f11817cc0bc2c gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 3da3bc83aaa96f1a053d20be782f84adf8d9894e4cbcb80f3a7e1c655ab6e883 all runs: OK false negative chance: 0.000 # git bisect start 0dd3ee31125508cd67f7e7172247f05b7fd1753a 2dde18cd1d8fac735875f2e4987f11817cc0bc2c Bisecting: 16833 revisions left to test after this (roughly 14 steps) [ec4c20ca09831ddba8fac10a7d82a9902e96e717] Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net testing commit ec4c20ca09831ddba8fac10a7d82a9902e96e717 gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 085fad58213d67545a5835c42105100bc44a26276e29c9a75fc117b5f552a593 all runs: crashed: INFO: task hung in hci_cmd_sync_clear representative crash: INFO: task hung in hci_cmd_sync_clear, types: [HANG] # git bisect bad ec4c20ca09831ddba8fac10a7d82a9902e96e717 Bisecting: 8496 revisions left to test after this (roughly 13 steps) [4a3b1007eeb26b2bb7ae4d734cc8577463325165] Merge tag 'pinctrl-v6.6-1' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl testing commit 4a3b1007eeb26b2bb7ae4d734cc8577463325165 gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: ff0d0e84070cd7c172cd12209b0498bf47731c7c573cb243733869e24923beb5 all runs: crashed: INFO: task hung in hci_dev_close_sync representative crash: INFO: task hung in hci_dev_close_sync, types: [HANG] # git bisect bad 4a3b1007eeb26b2bb7ae4d734cc8577463325165 Bisecting: 4343 revisions left to test after this (roughly 12 steps) [651a00bc56403161351090a9d7ddbd7095975324] Merge tag 'slab-for-6.6' of git://git.kernel.org/pub/scm/linux/kernel/git/vbabka/slab testing commit 651a00bc56403161351090a9d7ddbd7095975324 gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 70976963828902bdd510ac4987ff74305513b0aad2f213ba767f2f4a37064cad run #0: basic kernel testing failed: lost connection to test machine run #1: basic kernel testing failed: lost connection to test machine run #2: basic kernel testing failed: lost connection to test machine run #3: basic kernel testing failed: lost connection to test machine run #4: basic kernel testing failed: lost connection to test machine run #5: crashed: INFO: task hung in hci_dev_close_sync run #6: crashed: INFO: task hung in hci_dev_close_sync run #7: crashed: INFO: task hung in hci_dev_close_sync run #8: crashed: INFO: task hung in hci_dev_close_sync run #9: crashed: INFO: task hung in hci_dev_close_sync representative crash: INFO: task hung in hci_dev_close_sync, types: [HANG] # git bisect bad 651a00bc56403161351090a9d7ddbd7095975324 Bisecting: 2011 revisions left to test after this (roughly 11 steps) [c873512ef3a39cc1a605b7a5ff2ad0a33d619aa8] Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net testing commit c873512ef3a39cc1a605b7a5ff2ad0a33d619aa8 gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 3ea2291fad59bcc8eeca2917e8a5a1131e35d3eb056a69689ea16dd9f49f0d50 all runs: crashed: INFO: task hung in hci_dev_close_sync representative crash: INFO: task hung in hci_dev_close_sync, types: [HANG] # git bisect bad c873512ef3a39cc1a605b7a5ff2ad0a33d619aa8 Bisecting: 1002 revisions left to test after this (roughly 10 steps) [6e97ba552b8d3dd074a28b8600740b8bed42267b] tcp: set TCP_DEFER_ACCEPT locklessly testing commit 6e97ba552b8d3dd074a28b8600740b8bed42267b gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 647e4c45de56488f72c2432fe2ee71f03ff151f162f0826613aff54ebcc2fa0f all runs: OK false negative chance: 0.000 # git bisect good 6e97ba552b8d3dd074a28b8600740b8bed42267b Bisecting: 500 revisions left to test after this (roughly 9 steps) [85c786340a65eb059183a5c3c6fab8664e1f6e8a] Merge branch 'vcap_get_rule-return-value' testing commit 85c786340a65eb059183a5c3c6fab8664e1f6e8a gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: ded70a6bbc879d5012b4b34bcfb4152a645fce3e0f47c9f3af307a44dafa1420 all runs: crashed: INFO: task hung in hci_dev_close_sync representative crash: INFO: task hung in hci_dev_close_sync, types: [HANG] # git bisect bad 85c786340a65eb059183a5c3c6fab8664e1f6e8a Bisecting: 250 revisions left to test after this (roughly 8 steps) [f88670161eb205f842989df555d0dd2f9fe2d4b5] Bluetooth: hci_core: Make hci_is_le_conn_scanning public testing commit f88670161eb205f842989df555d0dd2f9fe2d4b5 gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: bdc46626dd30a3e2c3fbb390d891227feea6e9c5ab532437ae829cee1e58f399 all runs: crashed: INFO: task hung in hci_dev_close_sync representative crash: INFO: task hung in hci_dev_close_sync, types: [HANG] # git bisect bad f88670161eb205f842989df555d0dd2f9fe2d4b5 Bisecting: 125 revisions left to test after this (roughly 7 steps) [e05a53ab867c106a3f21a806599ef885c67e59bd] Merge branch 'remove-redundant-functions-and-use-generic-functions' testing commit e05a53ab867c106a3f21a806599ef885c67e59bd gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 5fd5788d390035a1e0e86afc01941f77ce921bda2a4ec5109c59dd8797d9076d run #0: boot failed: can't ssh into the instance run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK false negative chance: 0.000 # git bisect good e05a53ab867c106a3f21a806599ef885c67e59bd Bisecting: 62 revisions left to test after this (roughly 6 steps) [cc317ea3d9272fab4f6fef527c865f30ca479394] bonding: remove redundant NULL check in debugfs function testing commit cc317ea3d9272fab4f6fef527c865f30ca479394 gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: da34a89bea90a963549068888a0535ae53d6cd816c0341c8fb45a0d80d3cd005 all runs: OK false negative chance: 0.000 # git bisect good cc317ea3d9272fab4f6fef527c865f30ca479394 Bisecting: 31 revisions left to test after this (roughly 5 steps) [9f78191cc9f1b34c2e2afd7b554a83bf034092dd] Bluetooth: hci_conn: Always allocate unique handles testing commit 9f78191cc9f1b34c2e2afd7b554a83bf034092dd gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 932335a5c9a23f36ac2a4097b9e804a6e65b5089bde04591359d44238628049d all runs: crashed: INFO: task hung in hci_dev_close_sync representative crash: INFO: task hung in hci_dev_close_sync, types: [HANG] # git bisect bad 9f78191cc9f1b34c2e2afd7b554a83bf034092dd Bisecting: 15 revisions left to test after this (roughly 4 steps) [464c702fb9374ff8f3f816f24fb7ac719dd20e1e] Bluetooth: Init sk_peer_* on bt_sock_alloc testing commit 464c702fb9374ff8f3f816f24fb7ac719dd20e1e gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 5524dcac83d339e7faf4a633807abd0b49f9b7691030e1c9a9dd8b8dc608a4ae all runs: crashed: INFO: task hung in hci_dev_close_sync representative crash: INFO: task hung in hci_dev_close_sync, types: [HANG] # git bisect bad 464c702fb9374ff8f3f816f24fb7ac719dd20e1e Bisecting: 6 revisions left to test after this (roughly 3 steps) [80f9ad046052509d0eee9b72e11d0e8ae31b665f] Merge branch 'rzn1-a5psw-vlan-port_bridge_flags' testing commit 80f9ad046052509d0eee9b72e11d0e8ae31b665f gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: db48fd86174c5d9f5844d36c208467afd8dd4edb21a70022e5fd66e51daa1c3d all runs: OK false negative chance: 0.000 # git bisect good 80f9ad046052509d0eee9b72e11d0e8ae31b665f Bisecting: 3 revisions left to test after this (roughly 2 steps) [a0bfde167b506423111ddb8cd71930497a40fc54] Bluetooth: ISO: Add support for connecting multiple BISes testing commit a0bfde167b506423111ddb8cd71930497a40fc54 gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: f969a5bf5104ca3fc44da4f0a0fe7cb7e8296c03f72b51b8cf3b304e17e4c661 run #0: basic kernel testing failed: lost connection to test machine run #1: crashed: INFO: task hung in hci_dev_close_sync run #2: crashed: INFO: task hung in hci_dev_close_sync run #3: crashed: INFO: task hung in hci_dev_close_sync run #4: crashed: INFO: task hung in hci_dev_close_sync run #5: crashed: INFO: task hung in hci_dev_close_sync run #6: crashed: INFO: task hung in hci_dev_close_sync run #7: crashed: INFO: task hung in hci_dev_close_sync run #8: crashed: INFO: task hung in hci_dev_close_sync run #9: crashed: INFO: task hung in hci_dev_close_sync representative crash: INFO: task hung in hci_dev_close_sync, types: [HANG] # git bisect bad a0bfde167b506423111ddb8cd71930497a40fc54 Bisecting: 0 revisions left to test after this (roughly 1 step) [044014ce85a17c0b7fab8e5df0925792010c29b2] Bluetooth: btrtl: Add Realtek devcoredump support testing commit 044014ce85a17c0b7fab8e5df0925792010c29b2 gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 9bc2958ec987e3b86318be5530dcb2704917109f8f1a79ddb2fd8f4a5d391ed4 all runs: OK false negative chance: 0.000 # git bisect good 044014ce85a17c0b7fab8e5df0925792010c29b2 a0bfde167b506423111ddb8cd71930497a40fc54 is the first bad commit commit a0bfde167b506423111ddb8cd71930497a40fc54 Author: Iulia Tanasescu Date: Tue May 30 17:21:59 2023 +0300 Bluetooth: ISO: Add support for connecting multiple BISes It is required for some configurations to have multiple BISes as part of the same BIG. Similar to the flow implemented for unicast, DEFER_SETUP will also be used to bind multiple BISes for the same BIG, before starting Periodic Advertising and creating the BIG. The user will have to open a new socket for each BIS. By setting the BT_DEFER_SETUP socket option and calling connect, a new connection will be added for the BIG and advertising handle set by the socket QoS parameters. Since all BISes will be bound for the same BIG and advertising handle, the socket QoS options and base parameters should match for all connections. By calling connect on a socket that does not have the BT_DEFER_SETUP option set, periodic advertising will be started and the BIG will be created, with a BIS for each previously bound connection. Since a BIG cannot be reconfigured with additional BISes after creation, no more connections can be bound for the BIG after the start periodic advertising and create BIG commands have been queued. The bis_cleanup function has also been updated, so that the advertising set and the BIG will not be terminated unless there are no more bound or connected BISes. The HCI_CONN_BIG_CREATED connection flag has been added to indicate that the BIG has been successfully created. This flag is checked at bis_cleanup, so that the BIG is only terminated if the HCI_LE_Create_BIG_Complete has been received. This implementation has been tested on hardware, using the "isotest" tool with an additional command line option, to specify the number of BISes to create as part of the desired BIG: tools/isotest -i hci0 -s 00:00:00:00:00:00 -N 2 -G 1 -T 1 The btmon log shows that a BIG containing 2 BISes has been created: < HCI Command: LE Create Broadcast Isochronous Group (0x08|0x0068) plen 31 Handle: 0x01 Advertising Handle: 0x01 Number of BIS: 2 SDU Interval: 10000 us (0x002710) Maximum SDU size: 40 Maximum Latency: 10 ms (0x000a) RTN: 0x02 PHY: LE 2M (0x02) Packing: Sequential (0x00) Framing: Unframed (0x00) Encryption: 0x00 Broadcast Code: 00000000000000000000000000000000 > HCI Event: Command Status (0x0f) plen 4 LE Create Broadcast Isochronous Group (0x08|0x0068) ncmd 1 Status: Success (0x00) > HCI Event: LE Meta Event (0x3e) plen 23 LE Broadcast Isochronous Group Complete (0x1b) Status: Success (0x00) Handle: 0x01 BIG Synchronization Delay: 1974 us (0x0007b6) Transport Latency: 1974 us (0x0007b6) PHY: LE 2M (0x02) NSE: 3 BN: 1 PTO: 1 IRC: 3 Maximum PDU: 40 ISO Interval: 10.00 msec (0x0008) Connection Handle #0: 10 Connection Handle #1: 11 < HCI Command: LE Setup Isochronous Data Path (0x08|0x006e) plen 13 Handle: 10 Data Path Direction: Input (Host to Controller) (0x00) Data Path: HCI (0x00) Coding Format: Transparent (0x03) Company Codec ID: Ericsson Technology Licensing (0) Vendor Codec ID: 0 Controller Delay: 0 us (0x000000) Codec Configuration Length: 0 Codec Configuration: > HCI Event: Command Complete (0x0e) plen 6 LE Setup Isochronous Data Path (0x08|0x006e) ncmd 1 Status: Success (0x00) Handle: 10 < HCI Command: LE Setup Isochronous Data Path (0x08|0x006e) plen 13 Handle: 11 Data Path Direction: Input (Host to Controller) (0x00) Data Path: HCI (0x00) Coding Format: Transparent (0x03) Company Codec ID: Ericsson Technology Licensing (0) Vendor Codec ID: 0 Controller Delay: 0 us (0x000000) Codec Configuration Length: 0 Codec Configuration: > HCI Event: Command Complete (0x0e) plen 6 LE Setup Isochronous Data Path (0x08|0x006e) ncmd 1 Status: Success (0x00) Handle: 11 < ISO Data TX: Handle 10 flags 0x02 dlen 44 < ISO Data TX: Handle 11 flags 0x02 dlen 44 > HCI Event: Number of Completed Packets (0x13) plen 5 Num handles: 1 Handle: 10 Count: 1 > HCI Event: Number of Completed Packets (0x13) plen 5 Num handles: 1 Handle: 11 Count: 1 Signed-off-by: Iulia Tanasescu Signed-off-by: Luiz Augusto von Dentz include/net/bluetooth/hci_core.h | 30 ++++++++ net/bluetooth/hci_conn.c | 152 +++++++++++++++++++++++++++------------ net/bluetooth/hci_event.c | 52 ++++++++------ net/bluetooth/iso.c | 28 ++++++-- 4 files changed, 189 insertions(+), 73 deletions(-) accumulated error probability: 0.00 culprit signature: f969a5bf5104ca3fc44da4f0a0fe7cb7e8296c03f72b51b8cf3b304e17e4c661 parent signature: 9bc2958ec987e3b86318be5530dcb2704917109f8f1a79ddb2fd8f4a5d391ed4 revisions tested: 26, total time: 6h31m43.36262607s (build: 3h22m12.482078839s, test: 2h48m22.871848554s) first bad commit: a0bfde167b506423111ddb8cd71930497a40fc54 Bluetooth: ISO: Add support for connecting multiple BISes recipients (to): ["davem@davemloft.net" "edumazet@google.com" "iulia.tanasescu@nxp.com" "johan.hedberg@gmail.com" "kuba@kernel.org" "linux-bluetooth@vger.kernel.org" "luiz.dentz@gmail.com" "luiz.von.dentz@intel.com" "marcel@holtmann.org" "netdev@vger.kernel.org" "pabeni@redhat.com"] recipients (cc): ["linux-kernel@vger.kernel.org"] crash: INFO: task hung in hci_dev_close_sync INFO: task syz-executor:2885 blocked for more than 143 seconds. Not tainted 6.5.0-rc5-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz-executor state:D stack:12736 pid:2885 ppid:1 flags:0x00004006 Call Trace: context_switch kernel/sched/core.c:5381 [inline] __schedule+0x3b4/0xa10 kernel/sched/core.c:6710 schedule+0x59/0xb0 kernel/sched/core.c:6786 schedule_timeout+0x137/0x150 kernel/time/timer.c:2143 do_wait_for_common kernel/sched/completion.c:85 [inline] __wait_for_common kernel/sched/completion.c:106 [inline] wait_for_common kernel/sched/completion.c:117 [inline] wait_for_completion+0x85/0x160 kernel/sched/completion.c:138 __flush_work+0x2e1/0x3e0 kernel/workqueue.c:3389 hci_dev_close_sync+0xd0/0x590 net/bluetooth/hci_sync.c:5001 hci_dev_do_close+0x24/0x60 net/bluetooth/hci_core.c:554 hci_unregister_dev+0xb8/0x1d0 net/bluetooth/hci_core.c:2731 vhci_release+0x3a/0x70 drivers/bluetooth/hci_vhci.c:669 __fput+0xe8/0x290 fs/file_table.c:384 task_work_run+0x55/0x90 kernel/task_work.c:179 exit_task_work include/linux/task_work.h:38 [inline] do_exit+0x350/0xb80 kernel/exit.c:874 do_group_exit+0x32/0xa0 kernel/exit.c:1024 get_signal+0xac4/0xad0 kernel/signal.c:2881 arch_do_signal_or_restart+0x39/0x290 arch/x86/kernel/signal.c:308 exit_to_user_mode_loop kernel/entry/common.c:168 [inline] exit_to_user_mode_prepare+0xc3/0x150 kernel/entry/common.c:204 __syscall_exit_to_user_mode_work kernel/entry/common.c:286 [inline] syscall_exit_to_user_mode+0x17/0x40 kernel/entry/common.c:297 do_syscall_64+0x4c/0xc0 arch/x86/entry/common.c:86 entry_SYSCALL_64_after_hwframe+0x74/0xde RIP: 0033:0x7f2e1857d15c RSP: 002b:00007ffedc236090 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 RAX: fffffffffffffe00 RBX: 0000000000000003 RCX: 00007f2e1857d15c RDX: 0000000000000028 RSI: 00007ffedc236140 RDI: 00000000000000f9 RBP: 00007ffedc2360ec R08: 0000000000000000 R09: 00007ffedc235e07 R10: 00007ffedc235a50 R11: 0000000000000246 R12: 00007f2e18706f68 R13: 000000000000eb92 R14: 000000000000eb92 R15: 00007ffedc236140 Showing all locks held in the system: 3 locks held by kworker/0:0/7: #0: ffff88810006c738 ((wq_completion)events){....}-{0:0}, at: wake_up_worker kernel/workqueue.c:901 [inline] #0: ffff88810006c738 ((wq_completion)events){....}-{0:0}, at: process_one_work+0x204/0x4f0 kernel/workqueue.c:2562 #1: ffffc90000043e58 ((linkwatch_work).work){....}-{0:0}, at: wake_up_worker kernel/workqueue.c:901 [inline] #1: ffffc90000043e58 ((linkwatch_work).work){....}-{0:0}, at: process_one_work+0x204/0x4f0 kernel/workqueue.c:2562 #2: ffffffff83b17348 (rtnl_mutex){....}-{3:3}, at: linkwatch_event+0xd/0x40 net/core/link_watch.c:277 3 locks held by kworker/0:1/9: #0: ffff8881026a5338 ((wq_completion)ipv6_addrconf){....}-{0:0}, at: wake_up_worker kernel/workqueue.c:901 [inline] #0: ffff8881026a5338 ((wq_completion)ipv6_addrconf){....}-{0:0}, at: process_one_work+0x204/0x4f0 kernel/workqueue.c:2562 #1: ffffc90000053e58 ((work_completion)(&(&ifa->dad_work)->work)){....}-{0:0}, at: wake_up_worker kernel/workqueue.c:901 [inline] #1: ffffc90000053e58 ((work_completion)(&(&ifa->dad_work)->work)){....}-{0:0}, at: process_one_work+0x204/0x4f0 kernel/workqueue.c:2562 #2: ffffffff83b17348 (rtnl_mutex){....}-{3:3}, at: addrconf_dad_work+0x55/0x510 net/ipv6/addrconf.c:4125 1 lock held by rcu_tasks_kthre/13: #0: ffffffff83983e10 (rcu_tasks.tasks_gp_mutex){....}-{3:3}, at: rcu_tasks_one_gp+0x26/0x3d0 kernel/rcu/tasks.h:522 1 lock held by rcu_tasks_trace/14: #0: ffffffff83983b50 (rcu_tasks_trace.tasks_gp_mutex){....}-{3:3}, at: rcu_tasks_one_gp+0x26/0x3d0 kernel/rcu/tasks.h:522 1 lock held by khungtaskd/28: #0: ffffffff839844c0 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x12/0x120 kernel/locking/lockdep.c:6615 5 locks held by kworker/u4:2/39: #0: ffff888101255938 ((wq_completion)netns){....}-{0:0}, at: wake_up_worker kernel/workqueue.c:901 [inline] #0: ffff888101255938 ((wq_completion)netns){....}-{0:0}, at: process_one_work+0x204/0x4f0 kernel/workqueue.c:2562 #1: ffffc90000363e58 (net_cleanup_work){....}-{0:0}, at: wake_up_worker kernel/workqueue.c:901 [inline] #1: ffffc90000363e58 (net_cleanup_work){....}-{0:0}, at: process_one_work+0x204/0x4f0 kernel/workqueue.c:2562 #2: ffffffff83b15ed0 (pernet_ops_rwsem){....}-{3:3}, at: cleanup_net+0x46/0x3e0 net/core/net_namespace.c:576 #3: ffffffff83b17348 (rtnl_mutex){....}-{3:3}, at: default_device_exit_batch+0x33/0x2c0 net/core/dev.c:11431 #4: ffffffff839850b8 (rcu_state.exp_mutex){....}-{3:3}, at: exp_funnel_lock kernel/rcu/tree_exp.h:293 [inline] #4: ffffffff839850b8 (rcu_state.exp_mutex){....}-{3:3}, at: synchronize_rcu_expedited+0x329/0x450 kernel/rcu/tree_exp.h:992 4 locks held by kworker/u5:1/1352: #0: ffff888106f30d38 ((wq_completion)hci0#2){....}-{0:0}, at: wake_up_worker kernel/workqueue.c:901 [inline] #0: ffff888106f30d38 ((wq_completion)hci0#2){....}-{0:0}, at: process_one_work+0x204/0x4f0 kernel/workqueue.c:2562 #1: ffffc90002cafe58 ((work_completion)(&hdev->rx_work)){....}-{0:0}, at: wake_up_worker kernel/workqueue.c:901 [inline] #1: ffffc90002cafe58 ((work_completion)(&hdev->rx_work)){....}-{0:0}, at: process_one_work+0x204/0x4f0 kernel/workqueue.c:2562 #2: ffff88810532c078 (&hdev->lock){....}-{3:3}, at: hci_le_create_big_complete_evt+0x69/0x300 net/bluetooth/hci_event.c:6947 #3: ffffffff839844c0 (rcu_read_lock){....}-{1:2}, at: hci_le_ev_skb_pull net/bluetooth/hci_event.c:79 [inline] #3: ffffffff839844c0 (rcu_read_lock){....}-{1:2}, at: hci_le_create_big_complete_evt+0x4a/0x300 net/bluetooth/hci_event.c:6943 2 locks held by getty/1454: #0: ffff88810c2c2098 (&tty->ldisc_sem){....}-{0:0}, at: tty_ldisc_ref_wait+0x23/0x60 drivers/tty/tty_ldisc.c:243 #1: ffffc90002cc32f0 (&ldata->atomic_read_lock){....}-{3:3}, at: n_tty_read+0x524/0x650 drivers/tty/n_tty.c:2187 2 locks held by kworker/0:3/1612: #0: ffff88810006d338 ((wq_completion)rcu_gp){....}-{0:0}, at: wake_up_worker kernel/workqueue.c:901 [inline] #0: ffff88810006d338 ((wq_completion)rcu_gp){....}-{0:0}, at: process_one_work+0x204/0x4f0 kernel/workqueue.c:2562 #1: ffffc9000125fe58 ((work_completion)(&rew->rew_work)){....}-{0:0}, at: wake_up_worker kernel/workqueue.c:901 [inline] #1: ffffc9000125fe58 ((work_completion)(&rew->rew_work)){....}-{0:0}, at: process_one_work+0x204/0x4f0 kernel/workqueue.c:2562 4 locks held by kworker/u5:2/1950: #0: ffff888109397938 ((wq_completion)hci1#2){....}-{0:0}, at: wake_up_worker kernel/workqueue.c:901 [inline] #0: ffff888109397938 ((wq_completion)hci1#2){....}-{0:0}, at: process_one_work+0x204/0x4f0 kernel/workqueue.c:2562 #1: ffffc90001b4fe58 ((work_completion)(&hdev->rx_work)){....}-{0:0}, at: wake_up_worker kernel/workqueue.c:901 [inline] #1: ffffc90001b4fe58 ((work_completion)(&hdev->rx_work)){....}-{0:0}, at: process_one_work+0x204/0x4f0 kernel/workqueue.c:2562 #2: ffff88810f68c078 (&hdev->lock){....}-{3:3}, at: hci_le_create_big_complete_evt+0x69/0x300 net/bluetooth/hci_event.c:6947 #3: ffffffff839844c0 (rcu_read_lock){....}-{1:2}, at: hci_le_ev_skb_pull net/bluetooth/hci_event.c:79 [inline] #3: ffffffff839844c0 (rcu_read_lock){....}-{1:2}, at: hci_le_create_big_complete_evt+0x4a/0x300 net/bluetooth/hci_event.c:6943 4 locks held by kworker/u5:3/1951: #0: ffff888105331138 ((wq_completion)hci2#2){....}-{0:0}, at: wake_up_worker kernel/workqueue.c:901 [inline] #0: ffff888105331138 ((wq_completion)hci2#2){....}-{0:0}, at: process_one_work+0x204/0x4f0 kernel/workqueue.c:2562 #1: ffffc90001affe58 ((work_completion)(&hdev->rx_work)){....}-{0:0}, at: wake_up_worker kernel/workqueue.c:901 [inline] #1: ffffc90001affe58 ((work_completion)(&hdev->rx_work)){....}-{0:0}, at: process_one_work+0x204/0x4f0 kernel/workqueue.c:2562 #2: ffff88810afb8078 (&hdev->lock){....}-{3:3}, at: hci_le_create_big_complete_evt+0x69/0x300 net/bluetooth/hci_event.c:6947 #3: ffffffff839844c0 (rcu_read_lock){....}-{1:2}, at: hci_le_ev_skb_pull net/bluetooth/hci_event.c:79 [inline] #3: ffffffff839844c0 (rcu_read_lock){....}-{1:2}, at: hci_le_create_big_complete_evt+0x4a/0x300 net/bluetooth/hci_event.c:6943 3 locks held by kworker/1:4/2221: #0: ffff8881026a5338 ((wq_completion)ipv6_addrconf){....}-{0:0}, at: wake_up_worker kernel/workqueue.c:901 [inline] #0: ffff8881026a5338 ((wq_completion)ipv6_addrconf){....}-{0:0}, at: process_one_work+0x204/0x4f0 kernel/workqueue.c:2562 #1: ffffc90002027e58 ((work_completion)(&(&net->ipv6.addr_chk_work)->work)){....}-{0:0}, at: wake_up_worker kernel/workqueue.c:901 [inline] #1: ffffc90002027e58 ((work_completion)(&(&net->ipv6.addr_chk_work)->work)){....}-{0:0}, at: process_one_work+0x204/0x4f0 kernel/workqueue.c:2562 #2: ffffffff83b17348 (rtnl_mutex){....}-{3:3}, at: addrconf_verify_work+0xd/0x20 net/ipv6/addrconf.c:4667 1 lock held by syz-executor/2885: #0: ffff88810532d0b8 (&hdev->req_lock){....}-{3:3}, at: hci_dev_do_close+0x1c/0x60 net/bluetooth/hci_core.c:552 1 lock held by syz-executor/4485: #0: ffff88810f68d0b8 (&hdev->req_lock){....}-{3:3}, at: hci_dev_do_close+0x1c/0x60 net/bluetooth/hci_core.c:552 1 lock held by syz-executor/6087: #0: ffff88810afb90b8 (&hdev->req_lock){....}-{3:3}, at: hci_dev_do_close+0x1c/0x60 net/bluetooth/hci_core.c:552 4 locks held by kworker/u5:4/6089: #0: ffff888102358938 ((wq_completion)hci3#2){....}-{0:0}, at: wake_up_worker kernel/workqueue.c:901 [inline] #0: ffff888102358938 ((wq_completion)hci3#2){....}-{0:0}, at: process_one_work+0x204/0x4f0 kernel/workqueue.c:2562 #1: ffffc900025bfe58 ((work_completion)(&hdev->rx_work)){....}-{0:0}, at: wake_up_worker kernel/workqueue.c:901 [inline] #1: ffffc900025bfe58 ((work_completion)(&hdev->rx_work)){....}-{0:0}, at: process_one_work+0x204/0x4f0 kernel/workqueue.c:2562 #2: ffff88810eb04078 (&hdev->lock){....}-{3:3}, at: hci_le_create_big_complete_evt+0x69/0x300 net/bluetooth/hci_event.c:6947 #3: ffffffff839844c0 (rcu_read_lock){....}-{1:2}, at: hci_le_ev_skb_pull net/bluetooth/hci_event.c:79 [inline] #3: ffffffff839844c0 (rcu_read_lock){....}-{1:2}, at: hci_le_create_big_complete_evt+0x4a/0x300 net/bluetooth/hci_event.c:6943 1 lock held by syz-executor/7689: #0: ffff88810eb050b8 (&hdev->req_lock){....}-{3:3}, at: hci_dev_do_close+0x1c/0x60 net/bluetooth/hci_core.c:552 4 locks held by kworker/u5:5/7690: #0: ffff888109b47538 ((wq_completion)hci4#2){....}-{0:0}, at: wake_up_worker kernel/workqueue.c:901 [inline] #0: ffff888109b47538 ((wq_completion)hci4#2){....}-{0:0}, at: process_one_work+0x204/0x4f0 kernel/workqueue.c:2562 #1: ffffc900049bfe58 ((work_completion)(&hdev->rx_work)){....}-{0:0}, at: wake_up_worker kernel/workqueue.c:901 [inline] #1: ffffc900049bfe58 ((work_completion)(&hdev->rx_work)){....}-{0:0}, at: process_one_work+0x204/0x4f0 kernel/workqueue.c:2562 #2: ffff888108310078 (&hdev->lock){....}-{3:3}, at: hci_le_create_big_complete_evt+0x69/0x300 net/bluetooth/hci_event.c:6947 #3: ffffffff839844c0 (rcu_read_lock){....}-{1:2}, at: hci_le_ev_skb_pull net/bluetooth/hci_event.c:79 [inline] #3: ffffffff839844c0 (rcu_read_lock){....}-{1:2}, at: hci_le_create_big_complete_evt+0x4a/0x300 net/bluetooth/hci_event.c:6943 1 lock held by syz-executor/9293: #0: ffff8881083110b8 (&hdev->req_lock){....}-{3:3}, at: hci_dev_do_close+0x1c/0x60 net/bluetooth/hci_core.c:552 1 lock held by syz-executor/10895: #0: ffff8881720b50b8 (&hdev->req_lock){....}-{3:3}, at: hci_dev_do_close+0x1c/0x60 net/bluetooth/hci_core.c:552 4 locks held by kworker/u5:7/10896: #0: ffff888109796538 ((wq_completion)hci5#2){....}-{0:0}, at: wake_up_worker kernel/workqueue.c:901 [inline] #0: ffff888109796538 ((wq_completion)hci5#2){....}-{0:0}, at: process_one_work+0x204/0x4f0 kernel/workqueue.c:2562 #1: ffffc90004a87e58 ((work_completion)(&hdev->rx_work)){....}-{0:0}, at: wake_up_worker kernel/workqueue.c:901 [inline] #1: ffffc90004a87e58 ((work_completion)(&hdev->rx_work)){....}-{0:0}, at: process_one_work+0x204/0x4f0 kernel/workqueue.c:2562 #2: ffff8881720b4078 (&hdev->lock){....}-{3:3}, at: hci_le_create_big_complete_evt+0x69/0x300 net/bluetooth/hci_event.c:6947 #3: ffffffff839844c0 (rcu_read_lock){....}-{1:2}, at: hci_le_ev_skb_pull net/bluetooth/hci_event.c:79 [inline] #3: ffffffff839844c0 (rcu_read_lock){....}-{1:2}, at: hci_le_create_big_complete_evt+0x4a/0x300 net/bluetooth/hci_event.c:6943 1 lock held by syz-executor/12499: #0: ffffffff83b17348 (rtnl_mutex){....}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:78 [inline] #0: ffffffff83b17348 (rtnl_mutex){....}-{3:3}, at: rtnetlink_rcv_msg+0x142/0x440 net/core/rtnetlink.c:6424 ============================================= NMI backtrace for cpu 1 CPU: 1 PID: 28 Comm: khungtaskd Not tainted 6.5.0-rc5-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 Call Trace: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x3d/0x70 lib/dump_stack.c:106 nmi_cpu_backtrace+0xd4/0x110 lib/nmi_backtrace.c:113 nmi_trigger_cpumask_backtrace+0x11c/0x140 lib/nmi_backtrace.c:62 trigger_all_cpu_backtrace include/linux/nmi.h:160 [inline] check_hung_uninterruptible_tasks kernel/hung_task.c:222 [inline] watchdog+0x593/0x5c0 kernel/hung_task.c:379 kthread+0xde/0x110 kernel/kthread.c:389 ret_from_fork+0x2c/0x50 arch/x86/kernel/process.c:145 ret_from_fork_asm+0x1b/0x30 arch/x86/entry/entry_64.S:304 Sending NMI from CPU 1 to CPUs 0: NMI backtrace for cpu 0 CPU: 0 PID: 5879 Comm: kworker/u4:5 Not tainted 6.5.0-rc5-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 Workqueue: events_unbound toggle_allocation_gate RIP: 0010:csd_lock_wait kernel/smp.c:296 [inline] RIP: 0010:smp_call_function_many_cond+0x2a0/0x690 kernel/smp.c:835 Code: 74 52 f3 48 0f bc c0 83 f8 07 41 89 c4 77 45 48 98 48 8b 2b 48 03 2c c5 00 39 5e 83 0f 1f 44 00 00 8b 45 08 a8 01 74 09 f3 90 <8b> 45 08 a8 01 75 f7 41 8d 4c 24 01 48 63 c1 48 83 f8 07 77 15 48 RSP: 0018:ffffc90002093cb0 EFLAGS: 00000202 RAX: 0000000000000011 RBX: ffff888237c30100 RCX: 0000000000000002 RDX: 00000000000008fb RSI: ffffffff833da261 RDI: ffffffff833dd7e3 RBP: ffff888237d35740 R08: ffff888237d35740 R09: 0000000000008524 R10: 0000000000000000 R11: 0000000000000005 R12: 0000000000000001 R13: 0000000000000001 R14: 0000000000000001 R15: 0000000000000000 FS: 0000000000000000(0000) GS:ffff888237c00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000559f53d71a48 CR3: 0000000003848000 CR4: 00000000003506f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: on_each_cpu_cond_mask+0x3b/0x70 kernel/smp.c:1003 on_each_cpu include/linux/smp.h:71 [inline] text_poke_sync arch/x86/kernel/alternative.c:2001 [inline] text_poke_bp_batch+0x2ec/0x310 arch/x86/kernel/alternative.c:2294 text_poke_flush arch/x86/kernel/alternative.c:2402 [inline] text_poke_finish+0x1a/0x30 arch/x86/kernel/alternative.c:2409 arch_jump_label_transform_apply+0x17/0x30 arch/x86/kernel/jump_label.c:146 static_key_disable_cpuslocked kernel/jump_label.c:235 [inline] static_key_disable_cpuslocked+0x4e/0x60 kernel/jump_label.c:223 static_key_disable+0x15/0x20 kernel/jump_label.c:243 toggle_allocation_gate mm/kfence/core.c:836 [inline] toggle_allocation_gate+0x71/0x130 mm/kfence/core.c:823 process_one_work+0x29d/0x4f0 kernel/workqueue.c:2600 worker_thread+0x4e/0x340 kernel/workqueue.c:2751 kthread+0xde/0x110 kernel/kthread.c:389 ret_from_fork+0x2c/0x50 arch/x86/kernel/process.c:145 ret_from_fork_asm+0x1b/0x30 arch/x86/entry/entry_64.S:304