ci starts bisection 2024-06-05 10:26:52.29303979 +0000 UTC m=+39529.589393314 bisecting cause commit starting from cc8ed4d0a8486c7472cd72ec3c19957e509dc68c building syzkaller on 3113787fe7a0c96998737e520aa95c303fdd41ef ensuring issue is reproducible on original commit cc8ed4d0a8486c7472cd72ec3c19957e509dc68c testing commit cc8ed4d0a8486c7472cd72ec3c19957e509dc68c gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 5e68eaa3b357f77f88e6d01f659d5d1072b5054626c4f9c7d54d51edbfe56ceb run #0: crashed: general protection fault in l2cap_sock_recv_cb run #1: crashed: general protection fault in l2cap_sock_recv_cb run #2: crashed: general protection fault in l2cap_sock_recv_cb run #3: crashed: general protection fault in l2cap_sock_recv_cb run #4: crashed: general protection fault in l2cap_sock_recv_cb run #5: crashed: general protection fault in l2cap_sock_recv_cb run #6: crashed: general protection fault in l2cap_sock_recv_cb run #7: crashed: general protection fault in l2cap_sock_recv_cb run #8: crashed: general protection fault in l2cap_sock_recv_cb run #9: crashed: general protection fault in lock_sock_nested run #10: crashed: general protection fault in l2cap_sock_recv_cb run #11: crashed: general protection fault in l2cap_sock_recv_cb run #12: crashed: KASAN: slab-use-after-free Read in __lock_sock run #13: crashed: general protection fault in l2cap_sock_recv_cb run #14: crashed: general protection fault in l2cap_sock_recv_cb run #15: crashed: general protection fault in l2cap_sock_recv_cb run #16: crashed: general protection fault in l2cap_sock_recv_cb run #17: crashed: general protection fault in l2cap_sock_recv_cb run #18: crashed: general protection fault in l2cap_sock_recv_cb run #19: crashed: KASAN: slab-use-after-free Read in __lock_sock representative crash: general protection fault in l2cap_sock_recv_cb, types: [UNKNOWN] check whether we can drop unnecessary instrumentation disabling configs for [LEAK UBSAN BUG KASAN LOCKDEP ATOMIC_SLEEP HANG], they are not needed testing commit cc8ed4d0a8486c7472cd72ec3c19957e509dc68c gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 990acef503a744d3fdf5b538cebe42adcfbdbca423587d5534385a080b9e5c8c all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in l2cap_sock_recv_cb representative crash: BUG: unable to handle kernel NULL pointer dereference in l2cap_sock_recv_cb, types: [UNKNOWN] the bug reproduces without the instrumentation disabling configs for [ATOMIC_SLEEP HANG LEAK UBSAN BUG KASAN LOCKDEP], they are not needed kconfig minimization: base=3971 full=8037 leaves diff=2024 split chunks (needed=false): <2024> split chunk #0 of len 2024 into 5 parts testing without sub-chunk 1/5 disabling configs for [LEAK UBSAN BUG KASAN LOCKDEP ATOMIC_SLEEP HANG], they are not needed testing commit cc8ed4d0a8486c7472cd72ec3c19957e509dc68c gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: cdaa6296e0865d250bd19e738faa8266fbfa616ccb0da721c34b06c3d31ce182 all runs: OK false negative chance: 0.000 testing without sub-chunk 2/5 disabling configs for [LOCKDEP ATOMIC_SLEEP HANG LEAK UBSAN BUG KASAN], they are not needed testing commit cc8ed4d0a8486c7472cd72ec3c19957e509dc68c gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 8b03e9c32071b9dc1fdfd26df509e1372f22aaecd832d11c6b9977368324b94f all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in l2cap_sock_recv_cb representative crash: BUG: unable to handle kernel NULL pointer dereference in l2cap_sock_recv_cb, types: [UNKNOWN] the chunk can be dropped testing without sub-chunk 3/5 disabling configs for [ATOMIC_SLEEP HANG LEAK UBSAN BUG KASAN LOCKDEP], they are not needed testing commit cc8ed4d0a8486c7472cd72ec3c19957e509dc68c gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: ae3d11b640cb1b2c274e856f580152edd041e461945c2f1c1824848eaa446c7a all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in l2cap_sock_recv_cb representative crash: BUG: unable to handle kernel NULL pointer dereference in l2cap_sock_recv_cb, types: [UNKNOWN] the chunk can be dropped testing without sub-chunk 4/5 disabling configs for [LOCKDEP ATOMIC_SLEEP HANG LEAK UBSAN BUG KASAN], they are not needed testing commit cc8ed4d0a8486c7472cd72ec3c19957e509dc68c gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 6bc1ee91c492c82d6bad344360cc94156e469447cd1080a0b0e33a6af2c6fd83 all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in l2cap_sock_recv_cb representative crash: BUG: unable to handle kernel NULL pointer dereference in l2cap_sock_recv_cb, types: [UNKNOWN] the chunk can be dropped testing without sub-chunk 5/5 disabling configs for [UBSAN BUG KASAN LOCKDEP ATOMIC_SLEEP HANG LEAK], they are not needed testing commit cc8ed4d0a8486c7472cd72ec3c19957e509dc68c gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 594ce5602080278ccf478f2d6668aab36e522840d035b7f64e46a8c9fe2a0f1f all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in l2cap_sock_recv_cb representative crash: BUG: unable to handle kernel NULL pointer dereference in l2cap_sock_recv_cb, types: [UNKNOWN] the chunk can be dropped minimized to 405 configs; suspects: [6LOWPAN 6LOWPAN_GHC_EXT_HDR_DEST 6LOWPAN_GHC_EXT_HDR_FRAG 6LOWPAN_GHC_EXT_HDR_HOP 6LOWPAN_GHC_EXT_HDR_ROUTE 6LOWPAN_GHC_ICMPV6 6LOWPAN_GHC_UDP 6LOWPAN_NHC 6LOWPAN_NHC_DEST 6LOWPAN_NHC_FRAGMENT 6LOWPAN_NHC_HOP 6LOWPAN_NHC_IPV6 6LOWPAN_NHC_MOBILITY 6LOWPAN_NHC_ROUTING 6LOWPAN_NHC_UDP 6PACK 842_COMPRESS 842_DECOMPRESS 9P_FSCACHE 9P_FS_POSIX_ACL 9P_FS_SECURITY ACORN_PARTITION ACORN_PARTITION_ADFS ACORN_PARTITION_CUMANA ACORN_PARTITION_EESOX ACORN_PARTITION_ICS ACORN_PARTITION_POWERTEC ACORN_PARTITION_RISCIX ACPI_NFIT ACPI_NHLT ACPI_PLATFORM_PROFILE ADDRESS_MASKING ADFS_FS AFFS_FS AFS_FS AFS_FSCACHE AF_KCM AF_RXRPC AF_RXRPC_IPV6 AIX_PARTITION AMIGA_PARTITION ANDROID_BINDERFS ANDROID_BINDER_IPC ANON_VMA_NAME APERTURE_HELPERS AR5523 ARCH_CONFIGURES_CPU_MITIGATIONS ARCH_ENABLE_MEMORY_HOTREMOVE ARCH_ENABLE_THP_MIGRATION ARCH_HAS_CPU_PASID ARCH_WANT_PMD_MKWRITE ASM_MODVERSIONS ASYNC_CORE ASYNC_MEMCPY ASYNC_PQ ASYNC_RAID6_RECOV ASYNC_TX_DMA ASYNC_XOR AS_VAES AS_VPCLMULQDQ ATARI_PARTITION ATA_GENERIC ATA_OVER_ETH ATH10K ATH10K_CE ATH10K_PCI ATH10K_USB ATH11K ATH6KL ATH6KL_USB ATH9K ATH9K_AHB ATH9K_BTCOEX_SUPPORT ATH9K_CHANNEL_CONTEXT ATH9K_COMMON ATH9K_COMMON_DEBUG ATH9K_DEBUGFS ATH9K_DYNACK ATH9K_HTC ATH9K_HTC_DEBUGFS ATH9K_HW ATH9K_PCI ATH9K_PCOEM ATH9K_RFKILL ATH_COMMON ATM ATM_BR2684 ATM_CLIP ATM_DRIVERS ATM_LANE ATM_MPOA ATM_TCP AUXILIARY_BUS AX25 AX25_DAMA_SLAVE AX88796B_PHY BAREUDP BATMAN_ADV BATMAN_ADV_BATMAN_V BATMAN_ADV_BLA BATMAN_ADV_DAT BATMAN_ADV_MCAST BATMAN_ADV_NC BCACHE BCACHEFS_DEBUG BCACHEFS_ERASURE_CODING BCACHEFS_FS BCACHEFS_POSIX_ACL BCACHEFS_QUOTA BCACHEFS_SIX_OPTIMISTIC_SPIN BCMA BCMA_HOST_PCI_POSSIBLE BEFS_FS BFQ_CGROUP_DEBUG BFQ_GROUP_IOSCHED BFS_FS BIG_KEYS BLK_CGROUP_PUNT_BIO BLK_CGROUP_RWSTAT BLK_DEV_BSGLIB BLK_DEV_INTEGRITY BLK_DEV_INTEGRITY_T10 BLK_DEV_NBD BLK_DEV_NULL_BLK BLK_DEV_NULL_BLK_FAULT_INJECTION BLK_DEV_NVME BLK_DEV_PMEM BLK_DEV_RAM BLK_DEV_RNBD BLK_DEV_RNBD_CLIENT BLK_DEV_THROTTLING BLK_ICQ BLK_INLINE_ENCRYPTION BLK_INLINE_ENCRYPTION_FALLBACK BLK_WBT BLK_WBT_MQ BONDING BOOT_VESA_SUPPORT BPF_EVENTS BPF_JIT BPF_JIT_ALWAYS_ON BPF_JIT_DEFAULT_ON BPF_LSM BPF_PRELOAD BPF_PRELOAD_UMD BPF_STREAM_PARSER BPF_SYSCALL BPQETHER BRIDGE BRIDGE_CFM BRIDGE_EBT_802_3 BRIDGE_EBT_AMONG BRIDGE_EBT_ARP BRIDGE_EBT_ARPREPLY BRIDGE_EBT_BROUTE BRIDGE_EBT_DNAT BRIDGE_EBT_IP BRIDGE_EBT_IP6 BRIDGE_EBT_LIMIT BRIDGE_EBT_LOG BRIDGE_EBT_MARK BRIDGE_EBT_MARK_T BRIDGE_EBT_NFLOG BRIDGE_EBT_PKTTYPE BRIDGE_EBT_REDIRECT BRIDGE_EBT_SNAT BRIDGE_EBT_STP BRIDGE_EBT_T_FILTER BRIDGE_EBT_T_NAT BRIDGE_EBT_VLAN BRIDGE_IGMP_SNOOPING BRIDGE_MRP BRIDGE_NF_EBTABLES BRIDGE_NF_EBTABLES_LEGACY BRIDGE_VLAN_FILTERING BSD_DISKLABEL BSD_PROCESS_ACCT_V3 BT BTRFS_ASSERT BTRFS_FS BTRFS_FS_POSIX_ACL BTRFS_FS_REF_VERIFY BTT BT_6LOWPAN BT_ATH3K BT_BCM BT_BNEP BT_BNEP_MC_FILTER BT_BNEP_PROTO_FILTER BT_BREDR BT_CMTP BT_HCIBCM203X BT_HCIBFUSB BT_HCIBPA10X BT_HCIBTUSB BT_HCIBTUSB_BCM BT_HCIBTUSB_MTK BT_HCIBTUSB_POLL_SYNC BT_HCIBTUSB_RTL BT_HCIUART BT_HCIUART_3WIRE BT_HCIUART_AG6XX BT_HCIUART_BCSP BT_HCIUART_H4 BT_HCIUART_LL BT_HCIUART_MRVL BT_HCIUART_QCA BT_HCIUART_SERDEV BT_HCIVHCI BT_HIDP BT_INTEL BT_LE BT_LEDS BT_LE_L2CAP_ECRED BT_MRVL BT_MRVL_SDIO BT_MSFTEXT BT_MTK BT_QCA BT_RFCOMM BT_RFCOMM_TTY BT_RTL CACHEFILES CAIF CAIF_DEBUG CAIF_DRIVERS CAIF_NETDEV CAIF_TTY CAIF_USB CAIF_VIRTIO CAN CAN_8DEV_USB CAN_BCM CAN_CALC_BITTIMING CAN_DEV CAN_EMS_USB CAN_GS_USB CAN_GW CAN_IFI_CANFD CAN_ISOTP CAN_J1939 CAN_KVASER_USB CAN_MCBA_USB CAN_NETLINK CAN_PEAK_USB CAN_RAW CAN_RX_OFFLOAD CAN_SLCAN CAN_VCAN CAN_VXCAN CAPI_TRACE CARL9170 CARL9170_HWRNG CARL9170_LEDS CARL9170_WPC CEC_CORE CEPH_FS CEPH_FSCACHE CEPH_FS_POSIX_ACL CEPH_LIB CEPH_LIB_USE_DNS_RESOLVER CFG80211 CFG80211_CRDA_SUPPORT CFG80211_DEBUGFS CFG80211_DEFAULT_PS CFG80211_REQUIRE_SIGNED_REGDB CFG80211_USE_KERNEL_REGDB_KEYS CFG80211_WEXT CFS_BANDWIDTH CGROUP_BPF CHARGER_BQ24190 CHARGER_ISP1704 CHR_DEV_ST CIFS CIFS_ALLOW_INSECURE_LEGACY CIFS_DEBUG CIFS_DFS_UPCALL CIFS_FSCACHE CIFS_POSIX CIFS_SMB_DIRECT CIFS_SWN_UPCALL CIFS_UPCALL CIFS_XATTR CLOSURES CLS_U32_MARK CLS_U32_PERF CMA CMA_SIZE_SEL_MBYTES CMDLINE_PARTITION COMEDI COMEDI_DT9812 COMEDI_NI_USB6501 COMEDI_USBDUX COMEDI_USBDUXFAST COMEDI_USBDUXSIGMA COMEDI_USB_DRIVERS COMEDI_VMK80XX COMPAT_NETLINK_MESSAGES COUNTER CRAMFS CRAMFS_BLOCKDEV CRAMFS_MTD CRC4 CRC64 CRC64_ROCKSOFT CRC7 CRC8 CRC_ITU_T CRC_T10DIF CRYPTO_ADIANTUM CRYPTO_AEGIS128 CRYPTO_AEGIS128_AESNI_SSE2 CRYPTO_AES_NI_INTEL CRYPTO_AES_TI CRYPTO_ANSI_CPRNG CRYPTO_ANUBIS CRYPTO_ARC4 CRYPTO_ARCH_HAVE_LIB_BLAKE2S CRYPTO_ARCH_HAVE_LIB_CHACHA CRYPTO_ARCH_HAVE_LIB_CURVE25519 CRYPTO_ARCH_HAVE_LIB_POLY1305 CRYPTO_ARIA CRYPTO_ARIA_AESNI_AVX_X86_64 CRYPTO_BLAKE2B CRYPTO_BLAKE2S_X86 CRYPTO_BLOWFISH CRYPTO_BLOWFISH_COMMON CRYPTO_BLOWFISH_X86_64 CRYPTO_CAMELLIA CRYPTO_CAMELLIA_AESNI_AVX2_X86_64 CRYPTO_CAMELLIA_AESNI_AVX_X86_64 CRYPTO_CAMELLIA_X86_64 CRYPTO_CAST5 CRYPTO_CAST5_AVX_X86_64 CRYPTO_CAST6 CRYPTO_CAST6_AVX_X86_64 CRYPTO_CAST_COMMON CRYPTO_CHACHA20 CRYPTO_CHACHA20POLY1305 CRYPTO_CHACHA20_X86_64 CRYPTO_CRC32 CRYPTO_CRC32C_INTEL CRYPTO_CRC32_PCLMUL CRYPTO_CRC64_ROCKSOFT CRYPTO_CRCT10DIF CRYPTO_CRCT10DIF_PCLMUL CRYPTO_CRYPTD CRYPTO_CTS CRYPTO_CURVE25519 CRYPTO_CURVE25519_X86 CRYPTO_DEFLATE CRYPTO_DES CRYPTO_DES3_EDE_X86_64 CRYPTO_DEV_CCP CRYPTO_DEV_CCP_DD CRYPTO_DEV_PADLOCK CRYPTO_DEV_PADLOCK_AES CRYPTO_DEV_PADLOCK_SHA CRYPTO_DEV_QAT CRYPTO_DEV_QAT_C3XXX CRYPTO_DEV_QAT_C3XXXVF CRYPTO_DEV_QAT_C62X CRYPTO_DEV_QAT_C62XVF CRYPTO_DEV_QAT_DH895xCC CRYPTO_DEV_QAT_DH895xCCVF CRYPTO_DEV_VIRTIO CRYPTO_DH CRYPTO_DRBG_CTR CRYPTO_DRBG_HASH CRYPTO_ECC CRYPTO_ECDH CRYPTO_ECRDSA CRYPTO_ENGINE CRYPTO_ESSIV CRYPTO_FCRYPT CRYPTO_GHASH_CLMUL_NI_INTEL CRYPTO_HCTR2 CRYPTO_KDF800108_CTR CRYPTO_KEYWRAP CRYPTO_KHAZAD CRYPTO_KPP CRYPTO_LIB_AESCFB CRYPTO_LIB_ARC4 CRYPTO_LIB_CHACHA CRYPTO_LIB_CHACHA20POLY1305 CRYPTO_LIB_CHACHA_GENERIC CRYPTO_LIB_CURVE25519 CRYPTO_LIB_CURVE25519_GENERIC CRYPTO_LIB_DES CRYPTO_LIB_POLY1305 CRYPTO_LIB_POLY1305_GENERIC CRYPTO_LRW CRYPTO_MICHAEL_MIC CRYPTO_NHPOLY1305 CRYPTO_NHPOLY1305_AVX2 CRYPTO_NHPOLY1305_SSE2 CRYPTO_PCBC CRYPTO_PCRYPT CRYPTO_POLY1305 CRYPTO_POLY1305_X86_64 CRYPTO_POLYVAL CRYPTO_POLYVAL_CLMUL_NI CRYPTO_RMD160 CRYPTO_SEED CRYPTO_SERPENT CRYPTO_SERPENT_AVX2_X86_64 CRYPTO_SERPENT_AVX_X86_64 CRYPTO_SERPENT_SSE2_X86_64 CRYPTO_SHA1_SSSE3 CRYPTO_SHA256_SSSE3 CRYPTO_SHA512_SSSE3 CRYPTO_SIG CRYPTO_SIMD CRYPTO_SM2 CRYPTO_SM3 CRYPTO_SM3_AVX_X86_64 CRYPTO_SM4 CRYPTO_SM4_AESNI_AVX2_X86_64 CRYPTO_SM4_AESNI_AVX_X86_64 CRYPTO_SM4_GENERIC CRYPTO_STREEBOG CRYPTO_TEA CRYPTO_TWOFISH CRYPTO_TWOFISH_AVX_X86_64 CRYPTO_TWOFISH_COMMON CRYPTO_TWOFISH_X86_64 CRYPTO_TWOFISH_X86_64_3WAY CRYPTO_USER CRYPTO_USER_API CRYPTO_USER_API_AEAD CRYPTO_USER_API_ENABLE_OBSOLETE CRYPTO_USER_API_HASH CRYPTO_USER_API_RNG CRYPTO_USER_API_SKCIPHER CRYPTO_VMAC CRYPTO_WP512 CRYPTO_XCBC CRYPTO_XCTR CRYPTO_XTS CRYPTO_XXHASH CUSE CYPRESS_FIRMWARE DAMON DAMON_PADDR DAMON_RECLAIM DAMON_VADDR DAX DCA DCB DEFAULT_PFIFO_FAST DEVICE_MIGRATION DEVICE_PRIVATE DEV_COREDUMP DEV_DAX DLN2_ADC DMABUF_HEAPS DMABUF_HEAPS_CMA DMABUF_HEAPS_SYSTEM DMABUF_MOVE_NOTIFY DMA_CMA DMA_ENGINE_RAID DMA_NEED_SYNC DM_AUDIT DM_BIO_PRISON DM_BUFIO DM_CACHE DM_CACHE_SMQ DM_CLONE DM_CRYPT DM_FLAKEY DM_INTEGRITY DM_MULTIPATH DM_MULTIPATH_QL DM_MULTIPATH_ST DM_PERSISTENT_DATA DM_RAID DM_SNAPSHOT DM_THIN_PROVISIONING DM_UEVENT DM_VERITY DM_VERITY_FEC DM_WRITECACHE ENCRYPTED_KEYS EXTCON FSCACHE FUSE_FS GPIOLIB HAMRADIO IIO INFINIBAND INFINIBAND_ADDR_TRANS INFINIBAND_RTRS_CLIENT IOSCHED_BFQ ISDN ISDN_CAPI LIBNVDIMM MAC80211 MAC80211_DEBUGFS MAC80211_LEDS MEDIA_SUPPORT MEMORY_HOTPLUG MEMORY_HOTREMOVE MFD_DLN2 MMC MTD NET_CLS_U32 NET_SCH_DEFAULT PARTITION_ADVANCED RFKILL SERIAL_DEV_BUS TLS TLS_DEVICE TRANSPARENT_HUGEPAGE TRUSTED_KEYS USB_GADGET USB_PHY VLAN_8021Q WANT_COMPAT_NETLINK_MESSAGES WEXT_CORE WIRELESS WIRELESS_EXT WLAN WLAN_VENDOR_ATH X86_X32_ABI ZONE_DEVICE] disabling configs for [LOCKDEP ATOMIC_SLEEP HANG LEAK UBSAN BUG KASAN], they are not needed picked [v6.9 v6.8 v6.7 v6.5 v6.3 v6.1 v5.19 v5.17 v5.14 v5.11 v5.8 v5.5 v5.2 v4.20 v4.19] out of 32 release tags testing release v6.9 testing commit a38297e3fb012ddfa7ce0321a7e5a8daeb1872b6 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 9d2ceafc3815613392f5e1f2a314c48e323f2990dc032c0e61f564d6f7c0df15 run #0: crashed: BUG: unable to handle kernel NULL pointer dereference in lock_sock_nested run #1: crashed: BUG: unable to handle kernel NULL pointer dereference in lock_sock_nested run #2: crashed: BUG: unable to handle kernel NULL pointer dereference in lock_sock_nested run #3: crashed: BUG: unable to handle kernel NULL pointer dereference in lock_sock_nested run #4: crashed: BUG: unable to handle kernel NULL pointer dereference in lock_sock_nested run #5: OK run #6: OK run #7: crashed: BUG: unable to handle kernel NULL pointer dereference in lock_sock_nested run #8: OK run #9: OK representative crash: BUG: unable to handle kernel NULL pointer dereference in lock_sock_nested, types: [UNKNOWN] testing release v6.8 testing commit e8f897f4afef0031fe618a8e94127a0934896aba gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 670ba7f8380453109aabbe0d543433cc023f3865462e2935cb60b38e5cdd766b run #0: crashed: BUG: unable to handle kernel NULL pointer dereference in lock_sock_nested run #1: crashed: BUG: unable to handle kernel NULL pointer dereference in lock_sock_nested run #2: crashed: BUG: unable to handle kernel NULL pointer dereference in lock_sock_nested run #3: crashed: BUG: unable to handle kernel NULL pointer dereference in lock_sock_nested run #4: crashed: BUG: unable to handle kernel NULL pointer dereference in lock_sock_nested run #5: OK run #6: OK run #7: OK run #8: crashed: BUG: unable to handle kernel NULL pointer dereference in lock_sock_nested run #9: OK representative crash: BUG: unable to handle kernel NULL pointer dereference in lock_sock_nested, types: [UNKNOWN] testing release v6.7 testing commit 0dd3ee31125508cd67f7e7172247f05b7fd1753a gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: c2cffeca39e0894fae38f3207262fa42903d22f3b0e9536c74e49e0f1b7da8f9 run #0: crashed: BUG: unable to handle kernel NULL pointer dereference in lock_sock_nested run #1: crashed: BUG: unable to handle kernel NULL pointer dereference in lock_sock_nested run #2: crashed: BUG: unable to handle kernel NULL pointer dereference in lock_sock_nested run #3: crashed: BUG: unable to handle kernel NULL pointer dereference in lock_sock_nested run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK representative crash: BUG: unable to handle kernel NULL pointer dereference in lock_sock_nested, types: [UNKNOWN] testing release v6.5 testing commit 2dde18cd1d8fac735875f2e4987f11817cc0bc2c gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: c236b2fdf938831966cc4ce124bef7d7ea9be2eca0344374702dda7512d73ddb run #0: crashed: BUG: unable to handle kernel NULL pointer dereference in lock_sock_nested run #1: crashed: BUG: unable to handle kernel NULL pointer dereference in lock_sock_nested run #2: crashed: BUG: unable to handle kernel NULL pointer dereference in lock_sock_nested run #3: crashed: BUG: unable to handle kernel NULL pointer dereference in lock_sock_nested run #4: crashed: BUG: unable to handle kernel NULL pointer dereference in lock_sock_nested run #5: crashed: BUG: unable to handle kernel NULL pointer dereference in lock_sock_nested run #6: crashed: BUG: unable to handle kernel NULL pointer dereference in lock_sock_nested run #7: crashed: BUG: unable to handle kernel NULL pointer dereference in lock_sock_nested run #8: crashed: BUG: unable to handle kernel NULL pointer dereference in lock_sock_nested run #9: crashed: BUG: unable to handle kernel NULL pointer dereference in lock_sock_nested run #10: OK run #11: OK run #12: OK run #13: OK run #14: OK run #15: OK run #16: OK run #17: OK run #18: OK run #19: OK representative crash: BUG: unable to handle kernel NULL pointer dereference in lock_sock_nested, types: [UNKNOWN] testing release v6.3 testing commit 457391b0380335d5e9a5babdec90ac53928b23b4 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 8d1a8b5633625b21374592ca09098a6a47bf53d414c27d1d2c86ebb185f8b2c4 run #0: crashed: BUG: unable to handle kernel NULL pointer dereference in lock_sock_nested run #1: crashed: BUG: unable to handle kernel NULL pointer dereference in lock_sock_nested run #2: crashed: BUG: unable to handle kernel NULL pointer dereference in lock_sock_nested run #3: crashed: BUG: unable to handle kernel NULL pointer dereference in lock_sock_nested run #4: crashed: BUG: unable to handle kernel NULL pointer dereference in lock_sock_nested run #5: crashed: BUG: unable to handle kernel NULL pointer dereference in lock_sock_nested run #6: crashed: BUG: unable to handle kernel NULL pointer dereference in lock_sock_nested run #7: crashed: BUG: unable to handle kernel NULL pointer dereference in lock_sock_nested run #8: crashed: BUG: unable to handle kernel NULL pointer dereference in lock_sock_nested run #9: crashed: BUG: unable to handle kernel NULL pointer dereference in lock_sock_nested run #10: crashed: BUG: unable to handle kernel NULL pointer dereference in lock_sock_nested run #11: crashed: BUG: unable to handle kernel NULL pointer dereference in lock_sock_nested run #12: crashed: BUG: unable to handle kernel NULL pointer dereference in lock_sock_nested run #13: OK run #14: OK run #15: OK run #16: OK run #17: OK run #18: OK run #19: OK representative crash: BUG: unable to handle kernel NULL pointer dereference in lock_sock_nested, types: [UNKNOWN] testing release v6.1 testing commit 830b3c68c1fb1e9176028d02ef86f3cf76aa2476 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: a9036c988fcb4a45261b4c91ff4b3dd6dd7169dea6198f9e8aeb16c36d9fafe1 run #0: crashed: BUG: unable to handle kernel NULL pointer dereference in lock_sock_nested run #1: crashed: BUG: unable to handle kernel NULL pointer dereference in lock_sock_nested run #2: crashed: BUG: unable to handle kernel NULL pointer dereference in lock_sock_nested run #3: crashed: BUG: unable to handle kernel NULL pointer dereference in lock_sock_nested run #4: crashed: BUG: unable to handle kernel NULL pointer dereference in lock_sock_nested run #5: crashed: BUG: unable to handle kernel NULL pointer dereference in lock_sock_nested run #6: crashed: BUG: unable to handle kernel NULL pointer dereference in lock_sock_nested run #7: crashed: BUG: unable to handle kernel NULL pointer dereference in lock_sock_nested run #8: crashed: BUG: unable to handle kernel NULL pointer dereference in lock_sock_nested run #9: crashed: BUG: unable to handle kernel NULL pointer dereference in lock_sock_nested run #10: crashed: BUG: unable to handle kernel NULL pointer dereference in lock_sock_nested run #11: OK run #12: OK run #13: OK run #14: OK run #15: OK run #16: OK run #17: OK run #18: OK run #19: OK representative crash: BUG: unable to handle kernel NULL pointer dereference in lock_sock_nested, types: [UNKNOWN] testing release v5.19 testing commit 3d7cb6b04c3f3115719235cc6866b10326de34cd gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 0c14c8d263e8425019b173ad7abcb7491998dd83ad799bcc30288032fdd69824 run #0: crashed: BUG: unable to handle kernel NULL pointer dereference in l2cap_global_chan_by_psm run #1: crashed: BUG: unable to handle kernel NULL pointer dereference in l2cap_global_chan_by_psm run #2: crashed: BUG: unable to handle kernel NULL pointer dereference in l2cap_global_chan_by_psm run #3: crashed: BUG: unable to handle kernel NULL pointer dereference in l2cap_global_chan_by_psm run #4: crashed: BUG: unable to handle kernel NULL pointer dereference in l2cap_global_chan_by_psm run #5: crashed: BUG: unable to handle kernel NULL pointer dereference in l2cap_global_chan_by_psm run #6: crashed: BUG: unable to handle kernel NULL pointer dereference in l2cap_global_chan_by_psm run #7: crashed: BUG: unable to handle kernel NULL pointer dereference in l2cap_global_chan_by_psm run #8: crashed: BUG: unable to handle kernel NULL pointer dereference in l2cap_global_chan_by_psm run #9: crashed: BUG: unable to handle kernel NULL pointer dereference in l2cap_global_chan_by_psm run #10: crashed: BUG: unable to handle kernel NULL pointer dereference in lock_sock_nested run #11: crashed: BUG: unable to handle kernel NULL pointer dereference in l2cap_global_chan_by_psm run #12: crashed: BUG: unable to handle kernel NULL pointer dereference in l2cap_global_chan_by_psm run #13: crashed: BUG: unable to handle kernel NULL pointer dereference in lock_sock_nested run #14: crashed: BUG: unable to handle kernel NULL pointer dereference in lock_sock_nested run #15: crashed: BUG: unable to handle kernel NULL pointer dereference in l2cap_global_chan_by_psm run #16: crashed: BUG: unable to handle kernel NULL pointer dereference in l2cap_global_chan_by_psm run #17: crashed: BUG: unable to handle kernel NULL pointer dereference in l2cap_global_chan_by_psm run #18: crashed: BUG: unable to handle kernel NULL pointer dereference in l2cap_global_chan_by_psm run #19: crashed: BUG: unable to handle kernel NULL pointer dereference in l2cap_global_chan_by_psm representative crash: BUG: unable to handle kernel NULL pointer dereference in l2cap_global_chan_by_psm, types: [UNKNOWN] testing release v5.17 testing commit f443e374ae131c168a065ea1748feac6b2e76613 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 6fa7269540235949ef16491349cce633a32cd2b690437b0ba5c148fc3094cbfb run #0: crashed: BUG: unable to handle kernel NULL pointer dereference in lock_sock_nested run #1: crashed: BUG: unable to handle kernel NULL pointer dereference in lock_sock_nested run #2: crashed: BUG: unable to handle kernel NULL pointer dereference in lock_sock_nested run #3: crashed: BUG: unable to handle kernel NULL pointer dereference in lock_sock_nested run #4: crashed: BUG: unable to handle kernel NULL pointer dereference in lock_sock_nested run #5: crashed: BUG: unable to handle kernel NULL pointer dereference in lock_sock_nested run #6: crashed: BUG: unable to handle kernel NULL pointer dereference in lock_sock_nested run #7: crashed: BUG: unable to handle kernel NULL pointer dereference in lock_sock_nested run #8: crashed: BUG: unable to handle kernel NULL pointer dereference in lock_sock_nested run #9: crashed: BUG: unable to handle kernel NULL pointer dereference in lock_sock_nested run #10: crashed: BUG: spinlock bad magic in lock_sock_nested run #11: crashed: BUG: unable to handle kernel NULL pointer dereference in lock_sock_nested run #12: crashed: BUG: unable to handle kernel NULL pointer dereference in lock_sock_nested run #13: crashed: BUG: unable to handle kernel NULL pointer dereference in lock_sock_nested run #14: crashed: BUG: unable to handle kernel NULL pointer dereference in lock_sock_nested run #15: crashed: BUG: unable to handle kernel NULL pointer dereference in lock_sock_nested run #16: basic kernel testing failed: failed to copy binary to VM: failed to run ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "IdentitiesOnly=yes" "-o" "BatchMode=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "-v" "/tmp/syz-executor3806943731" "root@10.128.0.255:./syz-executor3806943731"]: exit status 255 Executing: program /usr/bin/ssh host 10.128.0.255, user root, command sftp OpenSSH_9.2p1 Debian-2+deb12u2, OpenSSL 3.0.11 19 Sep 2023 debug1: Reading configuration data /dev/null debug1: Connecting to 10.128.0.255 [10.128.0.255] port 22. debug1: connect to address 10.128.0.255 port 22: Connection timed out ssh: connect to host 10.128.0.255 port 22: Connection timed out scp: Connection closed run #17: crashed: BUG: unable to handle kernel NULL pointer dereference in lock_sock_nested run #18: OK run #19: OK representative crash: BUG: unable to handle kernel NULL pointer dereference in lock_sock_nested, types: [UNKNOWN] testing release v5.14 testing commit 7d2a07b769330c34b4deabeed939325c77a7ec2f gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 071e88d72d44bea4ab57dc0a58cb0d6712d817841cc5b0658706f8fa2c1a964a run #0: crashed: BUG: spinlock bad magic in lock_sock_nested run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK run #10: OK run #11: OK run #12: OK run #13: OK run #14: OK run #15: OK run #16: OK run #17: OK run #18: OK run #19: OK representative crash: BUG: spinlock bad magic in lock_sock_nested, types: [LOCKDEP] testing release v5.11 testing commit f40ddce88593482919761f74910f42f4b84c004b gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 6babd9b613807af20e17a9161e24c08e2eb6906ee635f00ebdd821d86cd59bf0 run #0: crashed: INFO: trying to register non-static key in l2cap_sock_recv_cb run #1: crashed: INFO: trying to register non-static key in l2cap_sock_recv_cb run #2: crashed: INFO: trying to register non-static key in l2cap_sock_recv_cb run #3: crashed: INFO: trying to register non-static key in l2cap_sock_recv_cb run #4: crashed: INFO: trying to register non-static key in l2cap_sock_recv_cb run #5: OK run #6: OK run #7: OK run #8: crashed: INFO: trying to register non-static key in l2cap_sock_recv_cb run #9: OK run #10: OK run #11: crashed: INFO: trying to register non-static key in l2cap_sock_recv_cb run #12: OK run #13: OK run #14: OK run #15: OK run #16: OK run #17: OK run #18: OK run #19: OK representative crash: INFO: trying to register non-static key in l2cap_sock_recv_cb, types: [UNKNOWN] testing release v5.8 testing commit bcf876870b95592b52519ed4aafcf9d95999bc9c gcc compiler: gcc (GCC) 8.4.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 937acce5184aa94c794c866c12a604735234930cec3d30b5c4979431c0b44ef5 run #0: crashed: INFO: trying to register non-static key in l2cap_sock_recv_cb run #1: crashed: INFO: trying to register non-static key in l2cap_sock_recv_cb run #2: crashed: INFO: trying to register non-static key in l2cap_sock_recv_cb run #3: crashed: INFO: trying to register non-static key in l2cap_sock_recv_cb run #4: crashed: INFO: trying to register non-static key in l2cap_sock_recv_cb run #5: crashed: INFO: trying to register non-static key in l2cap_sock_recv_cb run #6: crashed: INFO: trying to register non-static key in l2cap_sock_recv_cb run #7: crashed: INFO: trying to register non-static key in l2cap_sock_recv_cb run #8: OK run #9: OK run #10: OK run #11: OK run #12: crashed: INFO: trying to register non-static key in l2cap_sock_recv_cb run #13: crashed: INFO: trying to register non-static key in l2cap_sock_recv_cb run #14: OK run #15: OK run #16: OK run #17: OK run #18: OK run #19: OK representative crash: INFO: trying to register non-static key in l2cap_sock_recv_cb, types: [UNKNOWN] testing release v5.5 testing commit d5226fa6dbae0569ee43ecfc08bdcd6770fc4755 gcc compiler: gcc version 8.4.1 20210217 (GCC) kernel signature: e6864d5531502676e699888a8cd0a6ad878ff0b508c42892aad18b3d40b6e404 run #0: crashed: INFO: trying to register non-static key in l2cap_sock_recv_cb run #1: crashed: INFO: trying to register non-static key in l2cap_sock_recv_cb run #2: crashed: INFO: trying to register non-static key in l2cap_sock_recv_cb run #3: crashed: INFO: trying to register non-static key in l2cap_sock_recv_cb run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK run #10: OK run #11: OK run #12: crashed: INFO: trying to register non-static key in l2cap_sock_recv_cb run #13: OK run #14: OK run #15: OK run #16: OK run #17: OK run #18: OK run #19: OK representative crash: INFO: trying to register non-static key in l2cap_sock_recv_cb, types: [UNKNOWN] testing release v5.2 testing commit 0ecfebd2b52404ae0c54a878c872bb93363ada36 gcc compiler: gcc version 8.4.1 20210217 (GCC) kernel signature: 136428c7b49b8cc7621fad5133dcabb0e6e55fc7fa807bb4f28fc4014d75373d all runs: crashed: invalid opcode in corrupted representative crash: invalid opcode in corrupted, types: [UNKNOWN] testing release v4.20 testing commit 8fe28cb58bcb235034b64cbbb7550a8a43fd88be gcc compiler: gcc version 8.4.1 20210217 (GCC) kernel signature: a54b53cdb096f29de627ad65aa8036d3e525fb1f8d42d96bf300f3be1ddf8bbe all runs: crashed: invalid opcode in corrupted representative crash: invalid opcode in corrupted, types: [UNKNOWN] testing release v4.19 testing commit 84df9525b0c27f3ebc2ebb1864fa62a97fdedb7d gcc compiler: gcc version 8.4.1 20210217 (GCC) kernel signature: 7499cd4c6aa01e7e7543ff05c76759b4e496a5e9184d944204c04ea33bdbee90 run #0: basic kernel testing failed: failed to copy syz-execprog to VM: failed to run ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "IdentitiesOnly=yes" "-o" "BatchMode=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "-v" "/syzkaller/jobs/linux/gopath/src/github.com/google/syzkaller/bin/linux_amd64/syz-execprog" "root@10.128.1.185:./syz-execprog"]: exit status 255 Executing: program /usr/bin/ssh host 10.128.1.185, user root, command sftp OpenSSH_9.2p1 Debian-2+deb12u2, OpenSSL 3.0.11 19 Sep 2023 debug1: Reading configuration data /dev/null debug1: Connecting to 10.128.1.185 [10.128.1.185] port 22. debug1: connect to address 10.128.1.185 port 22: Connection timed out ssh: connect to host 10.128.1.185 port 22: Connection timed out scp: Connection closed run #1: basic kernel testing failed: failed to copy syz-execprog to VM: failed to run ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "IdentitiesOnly=yes" "-o" "BatchMode=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "-v" "/syzkaller/jobs/linux/gopath/src/github.com/google/syzkaller/bin/linux_amd64/syz-execprog" "root@10.128.10.31:./syz-execprog"]: exit status 255 Executing: program /usr/bin/ssh host 10.128.10.31, user root, command sftp OpenSSH_9.2p1 Debian-2+deb12u2, OpenSSL 3.0.11 19 Sep 2023 debug1: Reading configuration data /dev/null debug1: Connecting to 10.128.10.31 [10.128.10.31] port 22. debug1: connect to address 10.128.10.31 port 22: Connection timed out ssh: connect to host 10.128.10.31 port 22: Connection timed out scp: Connection closed run #2: crashed: invalid opcode in corrupted run #3: crashed: invalid opcode in corrupted run #4: crashed: invalid opcode in corrupted run #5: basic kernel testing failed: BUG: unable to handle kernel paging request in count_subheaders run #6: crashed: invalid opcode in corrupted run #7: crashed: invalid opcode in corrupted run #8: crashed: invalid opcode in corrupted run #9: crashed: invalid opcode in corrupted run #10: crashed: invalid opcode in corrupted run #11: crashed: invalid opcode in corrupted run #12: crashed: invalid opcode in corrupted run #13: crashed: invalid opcode in corrupted run #14: crashed: invalid opcode in corrupted run #15: crashed: invalid opcode in corrupted run #16: crashed: invalid opcode in corrupted run #17: crashed: invalid opcode in corrupted run #18: crashed: invalid opcode in corrupted run #19: crashed: invalid opcode in corrupted representative crash: invalid opcode in corrupted, types: [UNKNOWN] crash still not fixed/happens on the oldest tested release reproducer is flaky (1.00 repro chance estimate) revisions tested: 22, total time: 8h55m53.726056204s (build: 5h34m48.36246122s, test: 3h9m15.319372684s) oldest tested release already had the bug or it had kernel test errors commit msg: Linux 4.19 crash: invalid opcode in corrupted IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready 8021q: adding VLAN 0 to HW filter on device batadv0 IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready list_del corruption, ffff88022d1edc48->next is LIST_POISON1 (dead000000000100) invalid opcode: 0000 [#1] SMP PTI CPU: 0 PID: 2219 Comm: kworker/u5:1 Not tainted 4.19.0-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 Workqueue: hci0 hci_rx_work RIP: 0010:__list_del_entry_valid.cold.1+0x12/0x47 lib/list_debug.c:45 Code: a8 ff 0f 0b 48 89 c1 4c 89 c6 48 c7 c7 90 68 a5 82 e8 42 db a8 ff 0f 0b 48 89 fe 48 89 c2 48 c7 c7 20 69 a5 82 e8 2e db a8 ff <0f> 0b 48 c7 c7 d0 69 a5 82 e8 20 db a8 ff 0f 0b 48 89 f2 48 89 fe RSP: 0018:ffffc90001937bf8 EFLAGS: 00010246 RAX: 000000000000004e RBX: ffff88022d1ed800 RCX: 0000000000000000 RDX: 0000000000000000 RSI: ffff880237a15788 RDI: ffff880237a15788 RBP: ffffc90001937bf8 R08: 0000000000000008 R09: 000000009a9a2997 R10: 0000000000000000 R11: ffff880231f48880 R12: ffff88022d1ed800 R13: 0000000000000000 R14: ffff88022c5ae014 R15: ffff88022ed9be00 FS: 0000000000000000(0000) GS:ffff880237a00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000020000040 CR3: 000000022cce8000 CR4: 00000000003406f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: __list_del_entry include/linux/list.h:117 [inline] list_del include/linux/list.h:125 [inline] l2cap_chan_destroy net/bluetooth/l2cap_core.c:476 [inline] kref_put include/linux/kref.h:70 [inline] l2cap_chan_put+0x54/0xc0 net/bluetooth/l2cap_core.c:493 l2cap_conless_channel net/bluetooth/l2cap_core.c:6918 [inline] l2cap_recv_frame+0x311/0x37b0 net/bluetooth/l2cap_core.c:6965 l2cap_recv_acldata+0x2f4/0x300 net/bluetooth/l2cap_core.c:7530 hci_acldata_packet net/bluetooth/hci_core.c:4176 [inline] hci_rx_work+0x3cd/0x400 net/bluetooth/hci_core.c:4352 process_one_work+0x247/0x480 kernel/workqueue.c:2153 worker_thread+0x2f/0x320 kernel/workqueue.c:2296 kthread+0x11c/0x140 kernel/kthread.c:246 ret_from_fork+0x35/0x40 arch/x86/entry/entry_64.S:413 Modules linked in: ---[ end trace 2ea56f62f95b09a7 ]--- RIP: 0010:__list_del_entry_valid.cold.1+0x12/0x47 lib/list_debug.c:45 Code: a8 ff 0f 0b 48 89 c1 4c 89 c6 48 c7 c7 90 68 a5 82 e8 42 db a8 ff 0f 0b 48 89 fe 48 89 c2 48 c7 c7 20 69 a5 82 e8 2e db a8 ff <0f> 0b 48 c7 c7 d0 69 a5 82 e8 20 db a8 ff 0f 0b 48 89 f2 48 89 fe RSP: 0018:ffffc90001937bf8 EFLAGS: 00010246 RAX: 000000000000004e RBX: ffff88022d1ed800 RCX: 0000000000000000 RDX: 0000000000000000 RSI: ffff880237a15788 RDI: ffff880237a15788 RBP: ffffc90001937bf8 R08: 0000000000000008 R09: 000000009a9a2997 R10: 0000000000000000 R11: ffff880231f48880 R12: ffff88022d1ed800 R13: 0000000000000000 R14: ffff88022c5ae014 R15: ffff88022ed9be00 FS: 0000000000000000(0000) GS:ffff880237a00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000020000040 CR3: 000000022cce8000 CR4: 00000000003406f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400