bisecting fixing commit since fffe3ae0ee84e25d2befe2ae59bc32aa2b6bc77b building syzkaller on 0487ea6f5d997a8363eba0d2eb0ea7a925444555 testing commit fffe3ae0ee84e25d2befe2ae59bc32aa2b6bc77b with gcc (GCC) 8.1.0 kernel signature: 213b240fb2e4c05b76f9a426c63ebfc26b97d3afb401074da7f08d000d91b3a3 run #0: crashed: WARNING: refcount bug in do_enable_set run #1: crashed: BUG: unable to handle kernel NULL pointer dereference in l2cap_chan_close run #2: crashed: WARNING: refcount bug in do_enable_set run #3: crashed: WARNING: refcount bug in do_enable_set run #4: crashed: WARNING: refcount bug in do_enable_set run #5: crashed: WARNING: refcount bug in do_enable_set run #6: crashed: WARNING: refcount bug in do_enable_set run #7: crashed: WARNING: refcount bug in do_enable_set run #8: crashed: WARNING: refcount bug in do_enable_set run #9: crashed: WARNING: refcount bug in do_enable_set testing current HEAD 9322c47b21b9e05d7f9c037aa2c472e9f0dc7f3b testing commit 9322c47b21b9e05d7f9c037aa2c472e9f0dc7f3b with gcc (GCC) 8.1.0 kernel signature: b1e0cd4c04b24631b727413ece697f614002c418d4637ad194908a3e5c7939b8 all runs: OK # git bisect start 9322c47b21b9e05d7f9c037aa2c472e9f0dc7f3b fffe3ae0ee84e25d2befe2ae59bc32aa2b6bc77b Bisecting: 5253 revisions left to test after this (roughly 12 steps) [c0c419c04557117258d184876d94091d29bbd9a6] Merge tag 'staging-5.9-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging testing commit c0c419c04557117258d184876d94091d29bbd9a6 with gcc (GCC) 8.1.0 kernel signature: cee8599a1e1cbe64f8cabf52e1e22f230a54811b1e3b9d4975ea7dcca4b63318 all runs: OK # git bisect bad c0c419c04557117258d184876d94091d29bbd9a6 Bisecting: 3106 revisions left to test after this (roughly 11 steps) [c1055b76ad00aed0e8b79417080f212d736246b6] net: thunderx: initialize VF's mailbox mutex before first usage testing commit c1055b76ad00aed0e8b79417080f212d736246b6 with gcc (GCC) 8.1.0 kernel signature: ee2dadb33706117b212a92244c156ebd0cdc22335552efe1c8d9f3b25caf098a all runs: OK # git bisect bad c1055b76ad00aed0e8b79417080f212d736246b6 Bisecting: 1135 revisions left to test after this (roughly 10 steps) [9b7b0d1a395d54c12be9f18d1bf7be06aecaa785] sctp: pass a kernel pointer to sctp_setsockopt_peer_addr_params testing commit 9b7b0d1a395d54c12be9f18d1bf7be06aecaa785 with gcc (GCC) 8.1.0 kernel signature: 7c53f19d6c800f49f7b0c81bd844fee4a59ba1300fcc70df416470262a71e37a run #0: crashed: BUG: unable to handle kernel NULL pointer dereference in l2cap_chan_close run #1: crashed: BUG: unable to handle kernel NULL pointer dereference in l2cap_chan_close run #2: crashed: WARNING: refcount bug in do_enable_set run #3: crashed: WARNING: refcount bug in do_enable_set run #4: crashed: WARNING: refcount bug in do_enable_set run #5: crashed: WARNING: refcount bug in do_enable_set run #6: crashed: WARNING: refcount bug in do_enable_set run #7: crashed: WARNING: refcount bug in do_enable_set run #8: crashed: WARNING: refcount bug in do_enable_set run #9: crashed: WARNING: refcount bug in do_enable_set # git bisect good 9b7b0d1a395d54c12be9f18d1bf7be06aecaa785 Bisecting: 567 revisions left to test after this (roughly 9 steps) [1d8e5b0f3f2c6d05697f8192aac7255e6be1e715] net: stmmac: Support WOL with phy testing commit 1d8e5b0f3f2c6d05697f8192aac7255e6be1e715 with gcc (GCC) 8.1.0 kernel signature: 1caa58e3737459754abb391b3d2d397e509045228dbb37a73402c7193ed3f3e8 run #0: crashed: BUG: unable to handle kernel NULL pointer dereference in l2cap_chan_close run #1: crashed: WARNING: refcount bug in do_enable_set run #2: crashed: BUG: unable to handle kernel NULL pointer dereference in l2cap_chan_close run #3: crashed: BUG: unable to handle kernel NULL pointer dereference in l2cap_chan_close run #4: crashed: WARNING: refcount bug in do_enable_set run #5: crashed: BUG: unable to handle kernel NULL pointer dereference in l2cap_chan_close run #6: crashed: WARNING: refcount bug in do_enable_set run #7: crashed: WARNING: refcount bug in do_enable_set run #8: crashed: WARNING: refcount bug in do_enable_set run #9: crashed: BUG: unable to handle kernel NULL pointer dereference in l2cap_chan_close # git bisect good 1d8e5b0f3f2c6d05697f8192aac7255e6be1e715 Bisecting: 283 revisions left to test after this (roughly 8 steps) [99f47abd9f7bf6e365820d355dc98f6955a562df] fsl/fman: use 32-bit unsigned integer testing commit 99f47abd9f7bf6e365820d355dc98f6955a562df with gcc (GCC) 8.1.0 kernel signature: 9cee675216d182928cebc5089e8a50a991b0c81f1b483b5a21e2f3b768195895 run #0: OK run #1: OK run #2: OK run #3: boot failed: can't ssh into the instance run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect bad 99f47abd9f7bf6e365820d355dc98f6955a562df Bisecting: 133 revisions left to test after this (roughly 7 steps) [4bb540dbe442ec5e4b48af8aed12663e0754bbe2] Merge branch 'for-upstream' of git://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next testing commit 4bb540dbe442ec5e4b48af8aed12663e0754bbe2 with gcc (GCC) 8.1.0 net/bluetooth/sco.c:862:3: error: cannot convert to a pointer type # git bisect skip 4bb540dbe442ec5e4b48af8aed12663e0754bbe2 Bisecting: 133 revisions left to test after this (roughly 7 steps) [6259e0f5478d7a7e4ff3e38bc739b612b8907246] net: mdiobus: use flexible sleeping for reset-delay-us testing commit 6259e0f5478d7a7e4ff3e38bc739b612b8907246 with gcc (GCC) 8.1.0 kernel signature: 85146c992a32f47f97f763c970f743fc4b1a2967ed1576fed1f81ea0fb49fa89 all runs: OK # git bisect bad 6259e0f5478d7a7e4ff3e38bc739b612b8907246 Bisecting: 136 revisions left to test after this (roughly 7 steps) [075f77324f90149bac12c8a705dae5786a1d24fb] Bluetooth: Remove CRYPTO_ALG_INTERNAL flag testing commit 075f77324f90149bac12c8a705dae5786a1d24fb with gcc (GCC) 8.1.0 kernel signature: 0483d4ae7d2a31b9e14f4d040c72bd738724c026599ae5264414de6e17dc3e59 all runs: OK # git bisect bad 075f77324f90149bac12c8a705dae5786a1d24fb Bisecting: 43 revisions left to test after this (roughly 6 steps) [8746f135bb01872ff412d408ea1aa9ebd328c1f5] Bluetooth: Disconnect if E0 is used for Level 4 testing commit 8746f135bb01872ff412d408ea1aa9ebd328c1f5 with gcc (GCC) 8.1.0 kernel signature: b6f423910826bde767ab77b04e492b7499a1ed6c9d3b2b7f80a0a84739aba4c0 run #0: crashed: WARNING: refcount bug in do_enable_set run #1: crashed: KASAN: use-after-free Read in l2cap_chan_close run #2: crashed: WARNING: refcount bug in do_enable_set run #3: crashed: KASAN: use-after-free Read in l2cap_chan_close run #4: crashed: KASAN: use-after-free Read in l2cap_chan_close run #5: crashed: KASAN: use-after-free Read in l2cap_chan_close run #6: crashed: KASAN: use-after-free Read in l2cap_chan_close run #7: crashed: WARNING: refcount bug in do_enable_set run #8: crashed: WARNING: refcount bug in do_enable_set run #9: crashed: KASAN: use-after-free Read in l2cap_chan_close # git bisect good 8746f135bb01872ff412d408ea1aa9ebd328c1f5 Bisecting: 21 revisions left to test after this (roughly 5 steps) [3344537f614b966f726c1ec044d1c70a8cabe178] Bluetooth: hci_qca: Bug fixes for SSR testing commit 3344537f614b966f726c1ec044d1c70a8cabe178 with gcc (GCC) 8.1.0 kernel signature: d5956bef78c8661c5bd43e9991f363d61361a4682208147e1267ef4ef9749e99 all runs: OK # git bisect bad 3344537f614b966f726c1ec044d1c70a8cabe178 Bisecting: 10 revisions left to test after this (roughly 4 steps) [d4edda0f791fccf4cbb8a88566a8f2b1228faaee] Bluetooth: use configured default params for active scans testing commit d4edda0f791fccf4cbb8a88566a8f2b1228faaee with gcc (GCC) 8.1.0 kernel signature: 5b463fc209eb1502f177e1118b1fc6e8ce5e1f76991d611f8815d9cec97a32ac run #0: crashed: general protection fault in __queue_work run #1: basic kernel testing failed: failed to copy test binary to VM: failed to run ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "-i" "/syzkaller/jobs/linux/workdir/image/key" "/tmp/syz-executor759293617" "root@10.128.0.189:./syz-executor759293617"]: exit status 1 Connection timed out during banner exchange lost connection run #2: crashed: general protection fault in __queue_work run #3: crashed: general protection fault in __queue_work run #4: crashed: general protection fault in __queue_work run #5: crashed: general protection fault in __queue_work run #6: crashed: general protection fault in __queue_work run #7: crashed: general protection fault in __queue_work run #8: crashed: general protection fault in __queue_work run #9: basic kernel testing failed: failed to copy test binary to VM: timedout ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "-i" "/syzkaller/jobs/linux/workdir/image/key" "/tmp/syz-executor957736194" "root@10.128.0.68:./syz-executor957736194"] # git bisect good d4edda0f791fccf4cbb8a88566a8f2b1228faaee Bisecting: 4 revisions left to test after this (roughly 3 steps) [19186c7b45c134820ea6fde3165a2cf30c1ace47] Bluetooth: core: Use fallthrough pseudo-keyword testing commit 19186c7b45c134820ea6fde3165a2cf30c1ace47 with gcc (GCC) 8.1.0 kernel signature: 9cc5a20fe51433e9d7fdb782213e09f2476f94a0de809f69752c5b9cbc01ee1a all runs: OK # git bisect bad 19186c7b45c134820ea6fde3165a2cf30c1ace47 Bisecting: 2 revisions left to test after this (roughly 2 steps) [15d8ce05ebec37a0d701cde768bbf21349f2329d] Bluetooth: le_simult_central_peripheral experimental feature testing commit 15d8ce05ebec37a0d701cde768bbf21349f2329d with gcc (GCC) 8.1.0 kernel signature: 412efa75a7c652fa9368aacf6816cb41a17325aa4fea4cbce6b61d99974ff20e all runs: OK # git bisect bad 15d8ce05ebec37a0d701cde768bbf21349f2329d Bisecting: 1 revision left to test after this (roughly 1 step) [461f95f04f19382dcfd17da2d8db37e0cdc719f2] Bluetooth: btusb: USB alternate setting 1 for WBS testing commit 461f95f04f19382dcfd17da2d8db37e0cdc719f2 with gcc (GCC) 8.1.0 kernel signature: 872f54fc314e8226bacd2fcb1ae95898b850823971b287083b0da11f88adf2ea run #0: crashed: general protection fault in __queue_work run #1: basic kernel testing failed: failed to copy test binary to VM: failed to run ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "-i" "/syzkaller/jobs/linux/workdir/image/key" "/tmp/syz-executor212567482" "root@10.128.15.203:./syz-executor212567482"]: exit status 1 Connection timed out during banner exchange lost connection run #2: basic kernel testing failed: failed to copy test binary to VM: failed to run ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "-i" "/syzkaller/jobs/linux/workdir/image/key" "/tmp/syz-executor463694076" "root@10.128.0.197:./syz-executor463694076"]: exit status 1 Connection timed out during banner exchange lost connection run #3: basic kernel testing failed: failed to copy test binary to VM: failed to run ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "-i" "/syzkaller/jobs/linux/workdir/image/key" "/tmp/syz-executor671864363" "root@10.128.10.13:./syz-executor671864363"]: exit status 1 Connection timed out during banner exchange lost connection run #4: crashed: general protection fault in __queue_work run #5: basic kernel testing failed: failed to copy test binary to VM: failed to run ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "-i" "/syzkaller/jobs/linux/workdir/image/key" "/tmp/syz-executor818734754" "root@10.128.0.91:./syz-executor818734754"]: exit status 1 ssh: connect to host 10.128.0.91 port 22: Connection timed out lost connection run #6: crashed: general protection fault in __queue_work run #7: crashed: general protection fault in __queue_work run #8: basic kernel testing failed: failed to copy test binary to VM: timedout ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "-i" "/syzkaller/jobs/linux/workdir/image/key" "/tmp/syz-executor735448469" "root@10.128.0.95:./syz-executor735448469"] Warning: Permanently added '10.128.0.95' (ECDSA) to the list of known hosts. run #9: basic kernel testing failed: failed to copy test binary to VM: timedout ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "-i" "/syzkaller/jobs/linux/workdir/image/key" "/tmp/syz-executor323224048" "root@10.128.15.205:./syz-executor323224048"] # git bisect good 461f95f04f19382dcfd17da2d8db37e0cdc719f2 Bisecting: 0 revisions left to test after this (roughly 0 steps) [b83764f9220a4a14525657466f299850bbc98de9] Bluetooth: Fix kernel oops triggered by hci_adv_monitors_clear() testing commit b83764f9220a4a14525657466f299850bbc98de9 with gcc (GCC) 8.1.0 kernel signature: cf7da45dcf3533c234356f09c81408320345b33f3ab211e3c68ce5836610bdd6 all runs: OK # git bisect bad b83764f9220a4a14525657466f299850bbc98de9 b83764f9220a4a14525657466f299850bbc98de9 is the first bad commit commit b83764f9220a4a14525657466f299850bbc98de9 Author: Miao-chen Chou Date: Mon Jun 29 20:15:00 2020 -0700 Bluetooth: Fix kernel oops triggered by hci_adv_monitors_clear() This fixes the kernel oops by removing unnecessary background scan update from hci_adv_monitors_clear() which shouldn't invoke any work queue. The following test was performed. - Run "rmmod btusb" and verify that no kernel oops is triggered. Signed-off-by: Miao-chen Chou Reviewed-by: Abhishek Pandit-Subedi Reviewed-by: Alain Michaud Signed-off-by: Marcel Holtmann net/bluetooth/hci_core.c | 2 -- 1 file changed, 2 deletions(-) culprit signature: cf7da45dcf3533c234356f09c81408320345b33f3ab211e3c68ce5836610bdd6 parent signature: 872f54fc314e8226bacd2fcb1ae95898b850823971b287083b0da11f88adf2ea revisions tested: 17, total time: 3h53m32.397956143s (build: 1h29m11.009725537s, test: 2h22m29.098774642s) first good commit: b83764f9220a4a14525657466f299850bbc98de9 Bluetooth: Fix kernel oops triggered by hci_adv_monitors_clear() recipients (to): ["abhishekpandit@chromium.org" "alainm@chromium.org" "marcel@holtmann.org" "mcchou@chromium.org"] recipients (cc): []