ci starts bisection 2024-02-24 12:34:25.666836937 +0000 UTC m=+151721.920866188 bisecting cause commit starting from 603c04e27c3e9891ce7afa5cd6b496bfacff4206 building syzkaller on 8d446f1521b580230a60c9ae228bf0c26312c80b ensuring issue is reproducible on original commit 603c04e27c3e9891ce7afa5cd6b496bfacff4206 testing commit 603c04e27c3e9891ce7afa5cd6b496bfacff4206 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 13ae780b26648654a3891ade0f4a6cfec460d5eaaa896a52fde5c6190847c8a7 all runs: crashed: WARNING in hci_conn_del representative crash: WARNING in hci_conn_del, types: [WARNING] check whether we can drop unnecessary instrumentation disabling configs for [HANG LEAK UBSAN KASAN LOCKDEP ATOMIC_SLEEP], they are not needed testing commit 603c04e27c3e9891ce7afa5cd6b496bfacff4206 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 4c393805b47739a8ad8504fc872b0623b07907a5bd4be68210b46b5a92ba14bc all runs: crashed: WARNING in hci_conn_del representative crash: WARNING in hci_conn_del, types: [WARNING] the bug reproduces without the instrumentation disabling configs for [KASAN LOCKDEP ATOMIC_SLEEP HANG LEAK UBSAN], they are not needed kconfig minimization: base=3937 full=7963 leaves diff=2020 split chunks (needed=false): <2020> split chunk #0 of len 2020 into 5 parts testing without sub-chunk 1/5 disabling configs for [ATOMIC_SLEEP HANG LEAK UBSAN KASAN LOCKDEP], they are not needed testing commit 603c04e27c3e9891ce7afa5cd6b496bfacff4206 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 19d98b54703b56a7f7217430a58b94e916e01a0b87f0e67acb924167beb80bc9 all runs: OK false negative chance: 0.000 testing without sub-chunk 2/5 disabling configs for [HANG LEAK UBSAN KASAN LOCKDEP ATOMIC_SLEEP], they are not needed testing commit 603c04e27c3e9891ce7afa5cd6b496bfacff4206 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: b9aa2d455415566c4587babaecbebac9d031cde0b6c2887ad0b0e808628722f1 all runs: crashed: WARNING in hci_conn_del representative crash: WARNING in hci_conn_del, types: [WARNING] the chunk can be dropped testing without sub-chunk 3/5 disabling configs for [LEAK UBSAN KASAN LOCKDEP ATOMIC_SLEEP HANG], they are not needed testing commit 603c04e27c3e9891ce7afa5cd6b496bfacff4206 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 5a328dbfca854efb30e5ed13833ab05035fb9f3da9665e67ec9355d089eb01e2 all runs: crashed: WARNING in hci_conn_del representative crash: WARNING in hci_conn_del, types: [WARNING] the chunk can be dropped testing without sub-chunk 4/5 disabling configs for [ATOMIC_SLEEP HANG LEAK UBSAN KASAN LOCKDEP], they are not needed testing commit 603c04e27c3e9891ce7afa5cd6b496bfacff4206 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 9b8862beff70efa01f2d758c3f08cb5b5ae04d6c56faad2ce1908a5cc734deb4 all runs: crashed: WARNING in hci_conn_del representative crash: WARNING in hci_conn_del, types: [WARNING] the chunk can be dropped testing without sub-chunk 5/5 disabling configs for [HANG LEAK UBSAN KASAN LOCKDEP ATOMIC_SLEEP], they are not needed testing commit 603c04e27c3e9891ce7afa5cd6b496bfacff4206 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: a3a9069f00ec00f69cf3021784c5c058f27cb4ce0e950f0f3b09295e15ca2f63 all runs: crashed: WARNING in hci_conn_del representative crash: WARNING in hci_conn_del, types: [WARNING] the chunk can be dropped minimized to 404 configs; suspects: [6LOWPAN 6LOWPAN_GHC_EXT_HDR_DEST 6LOWPAN_GHC_EXT_HDR_FRAG 6LOWPAN_GHC_EXT_HDR_HOP 6LOWPAN_GHC_EXT_HDR_ROUTE 6LOWPAN_GHC_ICMPV6 6LOWPAN_GHC_UDP 6LOWPAN_NHC 6LOWPAN_NHC_DEST 6LOWPAN_NHC_FRAGMENT 6LOWPAN_NHC_HOP 6LOWPAN_NHC_IPV6 6LOWPAN_NHC_MOBILITY 6LOWPAN_NHC_ROUTING 6LOWPAN_NHC_UDP 6PACK 842_COMPRESS 842_DECOMPRESS 9P_FSCACHE 9P_FS_POSIX_ACL 9P_FS_SECURITY ACORN_PARTITION ACORN_PARTITION_ADFS ACORN_PARTITION_CUMANA ACORN_PARTITION_EESOX ACORN_PARTITION_ICS ACORN_PARTITION_POWERTEC ACORN_PARTITION_RISCIX ACPI_NFIT ACPI_PLATFORM_PROFILE ADDRESS_MASKING ADFS_FS AFFS_FS AFS_FS AFS_FSCACHE AF_KCM AF_RXRPC AF_RXRPC_IPV6 AIX_PARTITION AMIGA_PARTITION ANDROID_BINDERFS ANDROID_BINDER_IPC ANON_VMA_NAME APERTURE_HELPERS AR5523 ARCH_ENABLE_MEMORY_HOTREMOVE ARCH_ENABLE_THP_MIGRATION ARCH_HAS_CPU_PASID ARCH_HAS_GENERIC_CRASHKERNEL_RESERVATION ARCH_WANT_PMD_MKWRITE ASM_MODVERSIONS ASYNC_CORE ASYNC_MEMCPY ASYNC_PQ ASYNC_RAID6_RECOV ASYNC_TX_DMA ASYNC_XOR ATARI_PARTITION ATA_GENERIC ATA_OVER_ETH ATH10K ATH10K_CE ATH10K_PCI ATH10K_USB ATH11K ATH6KL ATH6KL_USB ATH9K ATH9K_AHB ATH9K_BTCOEX_SUPPORT ATH9K_CHANNEL_CONTEXT ATH9K_COMMON ATH9K_COMMON_DEBUG ATH9K_DEBUGFS ATH9K_DYNACK ATH9K_HTC ATH9K_HTC_DEBUGFS ATH9K_HW ATH9K_PCI ATH9K_PCOEM ATH9K_RFKILL ATH_COMMON ATM ATM_BR2684 ATM_CLIP ATM_DRIVERS ATM_LANE ATM_MPOA ATM_TCP AUXILIARY_BUS AX25 AX25_DAMA_SLAVE AX88796B_PHY BAREUDP BATMAN_ADV BATMAN_ADV_BATMAN_V BATMAN_ADV_BLA BATMAN_ADV_DAT BATMAN_ADV_MCAST BATMAN_ADV_NC BCACHE BCACHEFS_DEBUG BCACHEFS_FS BCACHEFS_QUOTA BCMA BCMA_HOST_PCI_POSSIBLE BEFS_FS BFQ_CGROUP_DEBUG BFQ_GROUP_IOSCHED BFS_FS BIG_KEYS BLK_CGROUP_PUNT_BIO BLK_CGROUP_RWSTAT BLK_DEBUG_FS_ZONED BLK_DEV_BSGLIB BLK_DEV_INTEGRITY BLK_DEV_INTEGRITY_T10 BLK_DEV_NBD BLK_DEV_NULL_BLK BLK_DEV_NULL_BLK_FAULT_INJECTION BLK_DEV_NVME BLK_DEV_PMEM BLK_DEV_RAM BLK_DEV_RNBD BLK_DEV_RNBD_CLIENT BLK_DEV_THROTTLING BLK_ICQ BLK_INLINE_ENCRYPTION BLK_INLINE_ENCRYPTION_FALLBACK BLK_WBT BLK_WBT_MQ BONDING BOOT_VESA_SUPPORT BPF_EVENTS BPF_JIT BPF_JIT_ALWAYS_ON BPF_JIT_DEFAULT_ON BPF_LSM BPF_PRELOAD BPF_PRELOAD_UMD BPF_STREAM_PARSER BPF_SYSCALL BPQETHER BRIDGE BRIDGE_CFM BRIDGE_EBT_802_3 BRIDGE_EBT_AMONG BRIDGE_EBT_ARP BRIDGE_EBT_ARPREPLY BRIDGE_EBT_BROUTE BRIDGE_EBT_DNAT BRIDGE_EBT_IP BRIDGE_EBT_IP6 BRIDGE_EBT_LIMIT BRIDGE_EBT_LOG BRIDGE_EBT_MARK BRIDGE_EBT_MARK_T BRIDGE_EBT_NFLOG BRIDGE_EBT_PKTTYPE BRIDGE_EBT_REDIRECT BRIDGE_EBT_SNAT BRIDGE_EBT_STP BRIDGE_EBT_T_FILTER BRIDGE_EBT_T_NAT BRIDGE_EBT_VLAN BRIDGE_IGMP_SNOOPING BRIDGE_MRP BRIDGE_NF_EBTABLES BRIDGE_VLAN_FILTERING BSD_DISKLABEL BSD_PROCESS_ACCT_V3 BT BTRFS_ASSERT BTRFS_FS BTRFS_FS_POSIX_ACL BTRFS_FS_REF_VERIFY BTT BT_6LOWPAN BT_ATH3K BT_BCM BT_BNEP BT_BNEP_MC_FILTER BT_BNEP_PROTO_FILTER BT_BREDR BT_CMTP BT_HCIBCM203X BT_HCIBFUSB BT_HCIBPA10X BT_HCIBTUSB BT_HCIBTUSB_BCM BT_HCIBTUSB_MTK BT_HCIBTUSB_POLL_SYNC BT_HCIBTUSB_RTL BT_HCIUART BT_HCIUART_3WIRE BT_HCIUART_AG6XX BT_HCIUART_BCSP BT_HCIUART_H4 BT_HCIUART_LL BT_HCIUART_MRVL BT_HCIUART_QCA BT_HCIUART_SERDEV BT_HCIVHCI BT_HIDP BT_HS BT_INTEL BT_LE BT_LEDS BT_LE_L2CAP_ECRED BT_MRVL BT_MRVL_SDIO BT_MSFTEXT BT_MTK BT_QCA BT_RFCOMM BT_RFCOMM_TTY BT_RTL CACHEFILES CAIF CAIF_DEBUG CAIF_DRIVERS CAIF_NETDEV CAIF_TTY CAIF_USB CAIF_VIRTIO CALL_DEPTH_TRACKING CAN CAN_8DEV_USB CAN_BCM CAN_CALC_BITTIMING CAN_DEV CAN_EMS_USB CAN_GS_USB CAN_GW CAN_IFI_CANFD CAN_ISOTP CAN_J1939 CAN_KVASER_USB CAN_MCBA_USB CAN_NETLINK CAN_PEAK_USB CAN_RAW CAN_RX_OFFLOAD CAN_SLCAN CAN_VCAN CAN_VXCAN CAPI_TRACE CARL9170 CARL9170_HWRNG CARL9170_LEDS CARL9170_WPC CEC_CORE CEPH_FS CEPH_FSCACHE CEPH_FS_POSIX_ACL CEPH_LIB CEPH_LIB_USE_DNS_RESOLVER CFG80211 CFG80211_CRDA_SUPPORT CFG80211_DEBUGFS CFG80211_DEFAULT_PS CFG80211_REQUIRE_SIGNED_REGDB CFG80211_USE_KERNEL_REGDB_KEYS CFG80211_WEXT CFS_BANDWIDTH CGROUP_BPF CHARGER_BQ24190 CHARGER_ISP1704 CHR_DEV_ST CIFS CIFS_ALLOW_INSECURE_LEGACY CIFS_DEBUG CIFS_DFS_UPCALL CIFS_FSCACHE CIFS_POSIX CIFS_SMB_DIRECT CIFS_SWN_UPCALL CIFS_UPCALL CIFS_XATTR CLOSURES CLS_U32_MARK CLS_U32_PERF CMA CMA_SIZE_SEL_MBYTES CMDLINE_PARTITION COMEDI COMEDI_DT9812 COMEDI_NI_USB6501 COMEDI_USBDUX COMEDI_USBDUXFAST COMEDI_USBDUXSIGMA COMEDI_USB_DRIVERS COMEDI_VMK80XX COMPAT_NETLINK_MESSAGES COUNTER CPU_IBPB_ENTRY CPU_IBRS_ENTRY CPU_SRSO CPU_UNRET_ENTRY CRAMFS CRAMFS_BLOCKDEV CRAMFS_MTD CRASH_CORE CRC4 CRC64 CRC64_ROCKSOFT CRC7 CRC8 CRC_ITU_T CRC_T10DIF CRYPTO_ADIANTUM CRYPTO_AEGIS128 CRYPTO_AEGIS128_AESNI_SSE2 CRYPTO_AES_NI_INTEL CRYPTO_AES_TI CRYPTO_ANSI_CPRNG CRYPTO_ANUBIS CRYPTO_ARC4 CRYPTO_ARCH_HAVE_LIB_BLAKE2S CRYPTO_ARCH_HAVE_LIB_CHACHA CRYPTO_ARCH_HAVE_LIB_CURVE25519 CRYPTO_ARCH_HAVE_LIB_POLY1305 CRYPTO_ARIA CRYPTO_ARIA_AESNI_AVX_X86_64 CRYPTO_BLAKE2B CRYPTO_BLAKE2S_X86 CRYPTO_BLOWFISH CRYPTO_BLOWFISH_COMMON CRYPTO_BLOWFISH_X86_64 CRYPTO_CAMELLIA CRYPTO_CAMELLIA_AESNI_AVX2_X86_64 CRYPTO_CAMELLIA_AESNI_AVX_X86_64 CRYPTO_CAMELLIA_X86_64 CRYPTO_CAST5 CRYPTO_CAST5_AVX_X86_64 CRYPTO_CAST6 CRYPTO_CAST6_AVX_X86_64 CRYPTO_CAST_COMMON CRYPTO_CHACHA20 CRYPTO_CHACHA20POLY1305 CRYPTO_CHACHA20_X86_64 CRYPTO_CRC32 CRYPTO_CRC32C_INTEL CRYPTO_CRC32_PCLMUL CRYPTO_CRC64_ROCKSOFT CRYPTO_CRCT10DIF CRYPTO_CRCT10DIF_PCLMUL CRYPTO_CRYPTD CRYPTO_CTS CRYPTO_CURVE25519 CRYPTO_CURVE25519_X86 CRYPTO_DEFLATE CRYPTO_DES CRYPTO_DES3_EDE_X86_64 CRYPTO_DEV_CCP CRYPTO_DEV_CCP_DD CRYPTO_DEV_PADLOCK CRYPTO_DEV_PADLOCK_AES CRYPTO_DEV_PADLOCK_SHA CRYPTO_DEV_QAT CRYPTO_DEV_QAT_C3XXX CRYPTO_DEV_QAT_C3XXXVF CRYPTO_DEV_QAT_C62X CRYPTO_DEV_QAT_C62XVF CRYPTO_DEV_QAT_DH895xCC CRYPTO_DEV_QAT_DH895xCCVF CRYPTO_DEV_VIRTIO CRYPTO_DH CRYPTO_DRBG_CTR CRYPTO_DRBG_HASH CRYPTO_ECC CRYPTO_ECDH CRYPTO_ECRDSA CRYPTO_ENGINE CRYPTO_ESSIV CRYPTO_FCRYPT CRYPTO_GHASH_CLMUL_NI_INTEL CRYPTO_HCTR2 CRYPTO_KDF800108_CTR CRYPTO_KEYWRAP CRYPTO_KHAZAD CRYPTO_KPP CRYPTO_LIB_ARC4 CRYPTO_LIB_CHACHA CRYPTO_LIB_CHACHA20POLY1305 CRYPTO_LIB_CHACHA_GENERIC CRYPTO_LIB_CURVE25519 CRYPTO_LIB_CURVE25519_GENERIC CRYPTO_LIB_DES CRYPTO_LIB_POLY1305 CRYPTO_LIB_POLY1305_GENERIC CRYPTO_LRW CRYPTO_MICHAEL_MIC CRYPTO_NHPOLY1305 CRYPTO_NHPOLY1305_AVX2 CRYPTO_NHPOLY1305_SSE2 CRYPTO_PCBC CRYPTO_PCRYPT CRYPTO_POLY1305 CRYPTO_POLY1305_X86_64 CRYPTO_POLYVAL CRYPTO_POLYVAL_CLMUL_NI CRYPTO_RMD160 CRYPTO_SEED CRYPTO_SERPENT CRYPTO_SERPENT_AVX2_X86_64 CRYPTO_SERPENT_AVX_X86_64 CRYPTO_SERPENT_SSE2_X86_64 CRYPTO_SHA1 CRYPTO_SHA1_SSSE3 CRYPTO_SHA256_SSSE3 CRYPTO_SHA512_SSSE3 CRYPTO_SIMD CRYPTO_SM2 CRYPTO_SM3 CRYPTO_SM3_AVX_X86_64 CRYPTO_SM4 CRYPTO_SM4_AESNI_AVX2_X86_64 CRYPTO_SM4_AESNI_AVX_X86_64 CRYPTO_SM4_GENERIC CRYPTO_STREEBOG CRYPTO_TEA CRYPTO_TWOFISH CRYPTO_TWOFISH_AVX_X86_64 CRYPTO_TWOFISH_COMMON CRYPTO_TWOFISH_X86_64 CRYPTO_TWOFISH_X86_64_3WAY CRYPTO_USER CRYPTO_USER_API CRYPTO_USER_API_AEAD CRYPTO_USER_API_ENABLE_OBSOLETE CRYPTO_USER_API_HASH CRYPTO_USER_API_RNG CRYPTO_USER_API_SKCIPHER CRYPTO_VMAC CRYPTO_WP512 CRYPTO_XCBC CRYPTO_XCTR CRYPTO_XTS CRYPTO_XXHASH CUSE CYPRESS_FIRMWARE DAMON DAMON_DBGFS DAMON_PADDR DAMON_RECLAIM DAMON_VADDR DAX DCA DCB DEFAULT_PFIFO_FAST DEVICE_MIGRATION DEVICE_PRIVATE DEV_COREDUMP DEV_DAX DLN2_ADC DMABUF_HEAPS DMABUF_HEAPS_CMA DMABUF_HEAPS_SYSTEM DMABUF_MOVE_NOTIFY DMA_CMA DMA_ENGINE_RAID DM_AUDIT DM_BIO_PRISON DM_BUFIO DM_CACHE DM_CACHE_SMQ DM_CLONE DM_CRYPT DM_FLAKEY DM_INTEGRITY DM_MULTIPATH DM_MULTIPATH_QL DM_MULTIPATH_ST DM_PERSISTENT_DATA DM_RAID DM_SNAPSHOT DM_THIN_PROVISIONING DM_UEVENT DM_VERITY DM_VERITY_FEC DM_WRITECACHE ENCRYPTED_KEYS EXTCON FSCACHE FUSE_FS GPIOLIB HAMRADIO IIO INFINIBAND INFINIBAND_ADDR_TRANS INFINIBAND_RTRS_CLIENT IOSCHED_BFQ ISDN ISDN_CAPI LIBNVDIMM MAC80211 MAC80211_DEBUGFS MAC80211_LEDS MEDIA_SUPPORT MEMORY_HOTPLUG MEMORY_HOTREMOVE MFD_DLN2 MMC MTD NET_CLS_U32 NET_SCH_DEFAULT PARTITION_ADVANCED RETHUNK RETPOLINE RFKILL SERIAL_DEV_BUS TLS TLS_DEVICE TRANSPARENT_HUGEPAGE TRUSTED_KEYS USB_GADGET USB_PHY VLAN_8021Q WANT_COMPAT_NETLINK_MESSAGES WEXT_CORE WIRELESS WIRELESS_EXT WLAN WLAN_VENDOR_ATH X86_X32_ABI ZONE_DEVICE] disabling configs for [KASAN LOCKDEP ATOMIC_SLEEP HANG LEAK UBSAN], they are not needed picked [v6.7 v6.6 v6.5 v6.3 v6.1 v5.19 v5.17 v5.15 v5.12 v5.9 v5.6 v5.3 v5.0 v4.19] out of 30 release tags testing release v6.7 testing commit 0dd3ee31125508cd67f7e7172247f05b7fd1753a gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: eb1c211c8904a26033168d2c46cab2ef2b4531fa12cd497325b8d4d57feb6813 all runs: crashed: WARNING in hci_conn_del representative crash: WARNING in hci_conn_del, types: [WARNING] testing release v6.6 testing commit ffc253263a1375a65fa6c9f62a893e9767fbebfa gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: c692ecc68c7f4aa659ebd2001587cd1b06dfa6a5f2b73c4971b87f69e4a94430 all runs: OK false negative chance: 0.000 # git bisect start 0dd3ee31125508cd67f7e7172247f05b7fd1753a ffc253263a1375a65fa6c9f62a893e9767fbebfa Bisecting: 9251 revisions left to test after this (roughly 13 steps) [deefd5024f0772cf56052ace9a8c347dc70bcaf3] Merge tag 'vfio-v6.7-rc1' of https://github.com/awilliam/linux-vfio testing commit deefd5024f0772cf56052ace9a8c347dc70bcaf3 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: b2f1817dedf2d019ec71405d0e18079f973f7bba43e492d4476eb11f1f18948a all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in hci_conn_del representative crash: BUG: unable to handle kernel NULL pointer dereference in hci_conn_del, types: [UNKNOWN] # git bisect bad deefd5024f0772cf56052ace9a8c347dc70bcaf3 Bisecting: 5291 revisions left to test after this (roughly 12 steps) [5a6a09e97199d6600d31383055f9d43fbbcbe86f] Merge tag 'cgroup-for-6.7' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/cgroup testing commit 5a6a09e97199d6600d31383055f9d43fbbcbe86f gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: efa91ce3aa6ff74a40f158ad50305d8d90e8ba41b6622077ff72f06a322c349b all runs: OK false negative chance: 0.000 # git bisect good 5a6a09e97199d6600d31383055f9d43fbbcbe86f Bisecting: 2605 revisions left to test after this (roughly 11 steps) [59fff63cc2b75dcfe08f9eeb4b2187d73e53843d] Merge tag 'platform-drivers-x86-v6.7-1' of git://git.kernel.org/pub/scm/linux/kernel/git/pdx86/platform-drivers-x86 testing commit 59fff63cc2b75dcfe08f9eeb4b2187d73e53843d gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 9fe3cc37be4143a14713ecd4dc8cc6f03cc60ed3a37fff1adb88784c704ec16c all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in hci_conn_del representative crash: BUG: unable to handle kernel NULL pointer dereference in hci_conn_del, types: [UNKNOWN] # git bisect bad 59fff63cc2b75dcfe08f9eeb4b2187d73e53843d Bisecting: 1330 revisions left to test after this (roughly 10 steps) [56a7bb12c78ffa1b02e154b1d779ed2a1555fa3c] Merge tag 'wireless-next-2023-10-16' of git://git.kernel.org/pub/scm/linux/kernel/git/wireless/wireless-next testing commit 56a7bb12c78ffa1b02e154b1d779ed2a1555fa3c gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 2cda9bffb0c7d1411db49be494cdeb3560bb1d658895c77b93b972b212cb8397 all runs: OK false negative chance: 0.000 # git bisect good 56a7bb12c78ffa1b02e154b1d779ed2a1555fa3c Bisecting: 702 revisions left to test after this (roughly 9 steps) [89ed67ef126c4160349c1b96fdb775ea6170ac90] Merge tag 'net-next-6.7' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next testing commit 89ed67ef126c4160349c1b96fdb775ea6170ac90 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: b77b3f23fa13148115b12656ef26ed98ebe4a442a6847191a1d5b3f3a9e90142 all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in hci_conn_del representative crash: BUG: unable to handle kernel NULL pointer dereference in hci_conn_del, types: [UNKNOWN] # git bisect bad 89ed67ef126c4160349c1b96fdb775ea6170ac90 Bisecting: 307 revisions left to test after this (roughly 8 steps) [39673361266bcb76a9782ee9e27dad1be5dcadcc] Merge tag 'nf-next-23-10-25' of git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf-next testing commit 39673361266bcb76a9782ee9e27dad1be5dcadcc gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: bfd7316f5f05abf434d8f360b1d7e8615c491a01c67404480e189a12592418e5 all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in hci_conn_del representative crash: BUG: unable to handle kernel NULL pointer dereference in hci_conn_del, types: [UNKNOWN] # git bisect bad 39673361266bcb76a9782ee9e27dad1be5dcadcc Bisecting: 159 revisions left to test after this (roughly 7 steps) [5802e30317d94e77228db960c4786c40124b61e0] bnxt_en: Refactor NRZ/PAM4 link speed related logic testing commit 5802e30317d94e77228db960c4786c40124b61e0 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 2a16ac6a9a5bfb6b41f48d76c07a970943304b32705afe4ebe50e2b16d2c0a42 all runs: OK false negative chance: 0.000 # git bisect good 5802e30317d94e77228db960c4786c40124b61e0 Bisecting: 79 revisions left to test after this (roughly 6 steps) [1d0507f46843b14b0cb051fe50ebc7e6432111ab] net: mptcp: convert netlink from small_ops to ops testing commit 1d0507f46843b14b0cb051fe50ebc7e6432111ab gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 154c06d2cf0ca31706eab94ccc8b0ceca71703c845df72368c8d8aed801d2262 all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in hci_conn_del representative crash: BUG: unable to handle kernel NULL pointer dereference in hci_conn_del, types: [UNKNOWN] # git bisect bad 1d0507f46843b14b0cb051fe50ebc7e6432111ab Bisecting: 39 revisions left to test after this (roughly 5 steps) [624820f7c8826dd010e8b1963303c145f99816e9] Bluetooth: btusb: Add date->evt_skb is NULL check testing commit 624820f7c8826dd010e8b1963303c145f99816e9 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: ae2f69fa49fecb98eca361cf499a9a3fdc540c3012a81b548df1ee91596dd091 all runs: OK false negative chance: 0.000 # git bisect good 624820f7c8826dd010e8b1963303c145f99816e9 Bisecting: 23 revisions left to test after this (roughly 4 steps) [4fb56e3e92bcac98625ebb85bd931785e7779cec] Merge branch 'devlink-finish-conversion-to-generated-split_ops' testing commit 4fb56e3e92bcac98625ebb85bd931785e7779cec gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: d3ef33641d6db7fa6b4c484d07e3fa05e248f2be2155c705f78bd26ee8c0c58e all runs: OK false negative chance: 0.000 # git bisect good 4fb56e3e92bcac98625ebb85bd931785e7779cec Bisecting: 11 revisions left to test after this (roughly 4 steps) [8ab32fa1c7947f4807b1d98af2d411a2587bb841] page_pool: update document about fragment API testing commit 8ab32fa1c7947f4807b1d98af2d411a2587bb841 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 704b8320133abb297a65d4b804cbda9bbd4a002a3d1af77a3b9c32229945258d all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in hci_conn_del representative crash: BUG: unable to handle kernel NULL pointer dereference in hci_conn_del, types: [UNKNOWN] # git bisect bad 8ab32fa1c7947f4807b1d98af2d411a2587bb841 Bisecting: 5 revisions left to test after this (roughly 3 steps) [a85fb91e3d728bdfc80833167e8162cce8bc7004] Bluetooth: Fix double free in hci_conn_cleanup testing commit a85fb91e3d728bdfc80833167e8162cce8bc7004 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 03ce02c0b6d3f42b104619e3c29a777d1c519b724b6a6fbaec217fc768876069 all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in hci_conn_del representative crash: BUG: unable to handle kernel NULL pointer dereference in hci_conn_del, types: [UNKNOWN] # git bisect bad a85fb91e3d728bdfc80833167e8162cce8bc7004 Bisecting: 2 revisions left to test after this (roughly 2 steps) [41e9cdea9c4ab6606ca462ff4ec901a82d022c05] Bluetooth: hci_bcm4377: Mark bcm4378/bcm4387 as BROKEN_LE_CODED testing commit 41e9cdea9c4ab6606ca462ff4ec901a82d022c05 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: cb89c0077488e7943688336caa9336df0b4c07610073c314e2f3f1d99b434c89 all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in hci_conn_del representative crash: BUG: unable to handle kernel NULL pointer dereference in hci_conn_del, types: [UNKNOWN] # git bisect bad 41e9cdea9c4ab6606ca462ff4ec901a82d022c05 Bisecting: 0 revisions left to test after this (roughly 1 step) [f4da3ee15de9944482382181329bb6d7335ca003] Bluetooth: ISO: Copy BASE if service data matches EIR_BAA_SERVICE_UUID testing commit f4da3ee15de9944482382181329bb6d7335ca003 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 0c2e25e5390f5e788ff826f21209962b9ab9112215022ad8a109ccaf4e7bc56e all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in hci_conn_del representative crash: BUG: unable to handle kernel NULL pointer dereference in hci_conn_del, types: [UNKNOWN] # git bisect bad f4da3ee15de9944482382181329bb6d7335ca003 Bisecting: 0 revisions left to test after this (roughly 0 steps) [181a42edddf51d5d9697ecdf365d72ebeab5afb0] Bluetooth: Make handle of hci_conn be unique testing commit 181a42edddf51d5d9697ecdf365d72ebeab5afb0 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: c0c44c3ff77cdd9a229f4e6cf4a7255bd1715aa7088e7f0f1c2e078485779460 all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in hci_conn_del representative crash: BUG: unable to handle kernel NULL pointer dereference in hci_conn_del, types: [UNKNOWN] # git bisect bad 181a42edddf51d5d9697ecdf365d72ebeab5afb0 181a42edddf51d5d9697ecdf365d72ebeab5afb0 is the first bad commit commit 181a42edddf51d5d9697ecdf365d72ebeab5afb0 Author: Ziyang Xuan Date: Wed Oct 11 17:57:31 2023 +0800 Bluetooth: Make handle of hci_conn be unique The handle of new hci_conn is always HCI_CONN_HANDLE_MAX + 1 if the handle of the first hci_conn entry in hci_dev->conn_hash->list is not HCI_CONN_HANDLE_MAX + 1. Use ida to manage the allocation of hci_conn->handle to make it be unique. Fixes: 9f78191cc9f1 ("Bluetooth: hci_conn: Always allocate unique handles") Signed-off-by: Ziyang Xuan Signed-off-by: Luiz Augusto von Dentz include/net/bluetooth/hci_core.h | 6 ++++- net/bluetooth/amp.c | 3 +-- net/bluetooth/hci_conn.c | 57 ++++++++++++++++++++++------------------ net/bluetooth/hci_core.c | 3 +++ net/bluetooth/hci_event.c | 38 +++++++++++---------------- 5 files changed, 56 insertions(+), 51 deletions(-) accumulated error probability: 0.00 culprit signature: c0c44c3ff77cdd9a229f4e6cf4a7255bd1715aa7088e7f0f1c2e078485779460 parent signature: ae2f69fa49fecb98eca361cf499a9a3fdc540c3012a81b548df1ee91596dd091 revisions tested: 24, total time: 5h29m34.89588426s (build: 2h49m48.831130043s, test: 2h23m28.037001594s) first bad commit: 181a42edddf51d5d9697ecdf365d72ebeab5afb0 Bluetooth: Make handle of hci_conn be unique recipients (to): ["davem@davemloft.net" "edumazet@google.com" "johan.hedberg@gmail.com" "kuba@kernel.org" "linux-bluetooth@vger.kernel.org" "luiz.dentz@gmail.com" "luiz.von.dentz@intel.com" "marcel@holtmann.org" "netdev@vger.kernel.org" "pabeni@redhat.com" "william.xuanziyang@huawei.com"] recipients (cc): ["linux-kernel@vger.kernel.org"] crash: BUG: unable to handle kernel NULL pointer dereference in hci_conn_del Bluetooth: hci0: Controller not accepting commands anymore: ncmd = 0 Bluetooth: hci0: Injecting HCI hardware error event Bluetooth: hci0: hardware error 0x00 BUG: kernel NULL pointer dereference, address: 0000000000000000 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 0 P4D 0 Oops: 0000 [#1] PREEMPT SMP PTI CPU: 0 PID: 1414 Comm: kworker/u5:2 Not tainted 6.6.0-rc6-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 Workqueue: hci0 hci_error_reset RIP: 0010:variable_test_bit arch/x86/include/asm/bitops.h:228 [inline] RIP: 0010:arch_test_bit arch/x86/include/asm/bitops.h:240 [inline] RIP: 0010:_test_bit include/asm-generic/bitops/instrumented-non-atomic.h:142 [inline] RIP: 0010:ida_free+0x8c/0x150 lib/idr.c:511 Code: 88 ba 00 00 00 89 f5 89 f3 81 e3 ff 03 00 00 e8 5a 20 05 00 49 89 c6 48 89 e7 e8 ff 3d 02 00 49 89 c7 41 f6 c7 01 75 35 89 d8 <49> 0f a3 07 73 57 49 0f b3 07 48 89 e7 31 f6 e8 40 4d 02 00 be 00 RSP: 0018:ffffc9000103bd00 EFLAGS: 00010046 RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000003 RDX: 6612725794df5284 RSI: ffffffff832fad87 RDI: ffffc9000103bd00 RBP: 0000000000002000 R08: 00000003fffffffc R09: 0000000000000402 R10: 0000000000000000 R11: 0000000000000000 R12: ffff888100ac8338 R13: ffff888109e61800 R14: 0000000000000286 R15: 0000000000000000 FS: 0000000000000000(0000) GS:ffff888237c00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000000 CR3: 0000000101bd6000 CR4: 00000000003506f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: hci_conn_cleanup net/bluetooth/hci_conn.c:157 [inline] hci_conn_del+0x1e3/0x2f0 net/bluetooth/hci_conn.c:1184 hci_conn_hash_flush+0xa0/0xe0 net/bluetooth/hci_conn.c:2617 hci_dev_close_sync+0x305/0x610 net/bluetooth/hci_sync.c:5021 hci_dev_do_close net/bluetooth/hci_core.c:554 [inline] hci_error_reset+0x7b/0x130 net/bluetooth/hci_core.c:1059 process_one_work kernel/workqueue.c:2630 [inline] process_scheduled_works+0x278/0x580 kernel/workqueue.c:2703 worker_thread+0x267/0x360 kernel/workqueue.c:2784 kthread+0xf4/0x110 kernel/kthread.c:388 ret_from_fork+0x32/0x40 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1b/0x30 arch/x86/entry/entry_64.S:304 Modules linked in: CR2: 0000000000000000 ---[ end trace 0000000000000000 ]--- RIP: 0010:variable_test_bit arch/x86/include/asm/bitops.h:228 [inline] RIP: 0010:arch_test_bit arch/x86/include/asm/bitops.h:240 [inline] RIP: 0010:_test_bit include/asm-generic/bitops/instrumented-non-atomic.h:142 [inline] RIP: 0010:ida_free+0x8c/0x150 lib/idr.c:511 Code: 88 ba 00 00 00 89 f5 89 f3 81 e3 ff 03 00 00 e8 5a 20 05 00 49 89 c6 48 89 e7 e8 ff 3d 02 00 49 89 c7 41 f6 c7 01 75 35 89 d8 <49> 0f a3 07 73 57 49 0f b3 07 48 89 e7 31 f6 e8 40 4d 02 00 be 00 RSP: 0018:ffffc9000103bd00 EFLAGS: 00010046 RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000003 RDX: 6612725794df5284 RSI: ffffffff832fad87 RDI: ffffc9000103bd00 RBP: 0000000000002000 R08: 00000003fffffffc R09: 0000000000000402 R10: 0000000000000000 R11: 0000000000000000 R12: ffff888100ac8338 R13: ffff888109e61800 R14: 0000000000000286 R15: 0000000000000000 FS: 0000000000000000(0000) GS:ffff888237c00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000000 CR3: 0000000101bd6000 CR4: 00000000003506f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 ---------------- Code disassembly (best guess): 0: 88 ba 00 00 00 89 mov %bh,-0x77000000(%rdx) 6: f5 cmc 7: 89 f3 mov %esi,%ebx 9: 81 e3 ff 03 00 00 and $0x3ff,%ebx f: e8 5a 20 05 00 call 0x5206e 14: 49 89 c6 mov %rax,%r14 17: 48 89 e7 mov %rsp,%rdi 1a: e8 ff 3d 02 00 call 0x23e1e 1f: 49 89 c7 mov %rax,%r15 22: 41 f6 c7 01 test $0x1,%r15b 26: 75 35 jne 0x5d 28: 89 d8 mov %ebx,%eax * 2a: 49 0f a3 07 bt %rax,(%r15) <-- trapping instruction 2e: 73 57 jae 0x87 30: 49 0f b3 07 btr %rax,(%r15) 34: 48 89 e7 mov %rsp,%rdi 37: 31 f6 xor %esi,%esi 39: e8 40 4d 02 00 call 0x24d7e 3e: be .byte 0xbe