ci starts bisection 2025-11-11 11:09:36.617761252 +0000 UTC m=+415430.919024134
bisecting cause commit starting from ab40c92c74c6b0c611c89516794502b3a3173966
building syzkaller on 4e1406b4defac0e2a9d9424c70706f79a7750cf3
fetch other tags and check if the commit is present
ensuring issue is reproducible on original commit ab40c92c74c6b0c611c89516794502b3a3173966

testing commit ab40c92c74c6b0c611c89516794502b3a3173966 gcc
compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
kernel signature: 3619df31fd2c1c8f1fb5a1aee043e6a23c7fb3a9000384f3baf04036af44b12b
run #0: basic kernel testing failed: SYZFAIL: failed to recv rpc
run #1: basic kernel testing failed: SYZFAIL: failed to recv rpc
run #2: basic kernel testing failed: SYZFAIL: failed to recv rpc
run #3: basic kernel testing failed: SYZFAIL: failed to recv rpc
run #4: crashed: general protection fault in bio_seg_gap
run #5: crashed: general protection fault in bio_seg_gap
run #6: crashed: general protection fault in bio_seg_gap
run #7: crashed: general protection fault in bio_seg_gap
run #8: crashed: general protection fault in bio_seg_gap
run #9: crashed: general protection fault in bio_seg_gap
run #10: crashed: general protection fault in bio_seg_gap
run #11: crashed: general protection fault in bio_seg_gap
run #12: crashed: general protection fault in bio_seg_gap
run #13: crashed: general protection fault in bio_seg_gap
run #14: crashed: general protection fault in bio_seg_gap
run #15: crashed: general protection fault in bio_seg_gap
run #16: crashed: general protection fault in bio_seg_gap
run #17: crashed: general protection fault in bio_seg_gap
run #18: crashed: general protection fault in bio_seg_gap
run #19: crashed: general protection fault in bio_seg_gap
representative crash: general protection fault in bio_seg_gap, types: [DoS]
check whether we can drop unnecessary instrumentation
disabling configs for [locking atomic_sleep hang memleak ubsan bug_or_warning kasan], they are not needed
testing commit ab40c92c74c6b0c611c89516794502b3a3173966 gcc
compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
kernel signature: e66d005c3c1e5279b84ccf5d6d460fec2f5af7ceeb53238b76796b3d9b6daf38
run #0: basic kernel testing failed: SYZFAIL: failed to recv rpc
run #1: basic kernel testing failed: SYZFAIL: failed to recv rpc
run #2: basic kernel testing failed: SYZFAIL: failed to recv rpc
run #3: basic kernel testing failed: SYZFAIL: failed to recv rpc
run #4: crashed: BUG: unable to handle kernel NULL pointer dereference in bio_seg_gap
run #5: crashed: BUG: unable to handle kernel NULL pointer dereference in bio_seg_gap
run #6: crashed: BUG: unable to handle kernel NULL pointer dereference in bio_seg_gap
run #7: crashed: BUG: unable to handle kernel NULL pointer dereference in bio_seg_gap
run #8: crashed: BUG: unable to handle kernel NULL pointer dereference in bio_seg_gap
run #9: crashed: BUG: unable to handle kernel NULL pointer dereference in bio_seg_gap
representative crash: BUG: unable to handle kernel NULL pointer dereference in bio_seg_gap, types: [NULL-POINTER-DEREFERENCE]
the bug reproduces without the instrumentation
disabling configs for [ubsan bug_or_warning kasan locking atomic_sleep hang memleak], they are not needed
kconfig minimization: base=4116 full=8564 leaves diff=2166
split chunks (needed=false): <2166>
split chunk #0 of len 2166 into 5 parts
testing without sub-chunk 1/5
disabling configs for [hang memleak ubsan bug_or_warning kasan locking atomic_sleep], they are not needed
testing commit ab40c92c74c6b0c611c89516794502b3a3173966 gcc
compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
kernel signature: e914e5c01bdff8b2d93f9028eec21d3af0f679e22553b28cf5d661427235f918
run #0: basic kernel testing failed: SYZFAIL: failed to recv rpc
run #1: crashed: BUG: unable to handle kernel NULL pointer dereference in bio_seg_gap
run #2: crashed: BUG: unable to handle kernel NULL pointer dereference in bio_seg_gap
run #3: crashed: BUG: unable to handle kernel NULL pointer dereference in bio_seg_gap
run #4: crashed: BUG: unable to handle kernel NULL pointer dereference in bio_seg_gap
run #5: crashed: BUG: unable to handle kernel NULL pointer dereference in bio_seg_gap
run #6: crashed: BUG: unable to handle kernel NULL pointer dereference in bio_seg_gap
run #7: crashed: BUG: unable to handle kernel NULL pointer dereference in bio_seg_gap
run #8: crashed: BUG: unable to handle kernel NULL pointer dereference in bio_seg_gap
run #9: crashed: BUG: unable to handle kernel NULL pointer dereference in bio_seg_gap
representative crash: BUG: unable to handle kernel NULL pointer dereference in bio_seg_gap, types: [NULL-POINTER-DEREFERENCE]
the chunk can be dropped
testing without sub-chunk 2/5
disabling configs for [locking atomic_sleep hang memleak ubsan bug_or_warning kasan], they are not needed
testing commit ab40c92c74c6b0c611c89516794502b3a3173966 gcc
compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
kernel signature: a4e5471363d901e045a2b40479e4c1ef11379cf77d5a61d9b440837b516d93e3
run #0: basic kernel testing failed: SYZFAIL: failed to recv rpc
run #1: basic kernel testing failed: SYZFAIL: failed to recv rpc
run #2: crashed: BUG: unable to handle kernel NULL pointer dereference in bio_seg_gap
run #3: crashed: BUG: unable to handle kernel NULL pointer dereference in bio_seg_gap
run #4: crashed: BUG: unable to handle kernel NULL pointer dereference in bio_seg_gap
run #5: crashed: BUG: unable to handle kernel NULL pointer dereference in bio_seg_gap
run #6: crashed: BUG: unable to handle kernel NULL pointer dereference in bio_seg_gap
run #7: crashed: BUG: unable to handle kernel NULL pointer dereference in bio_seg_gap
run #8: crashed: BUG: unable to handle kernel NULL pointer dereference in bio_seg_gap
run #9: crashed: BUG: unable to handle kernel NULL pointer dereference in bio_seg_gap
representative crash: BUG: unable to handle kernel NULL pointer dereference in bio_seg_gap, types: [NULL-POINTER-DEREFERENCE]
the chunk can be dropped
testing without sub-chunk 3/5
disabling configs for [locking atomic_sleep hang memleak ubsan bug_or_warning kasan], they are not needed
testing commit ab40c92c74c6b0c611c89516794502b3a3173966 gcc
compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
kernel signature: d9905cb2ee9889e53a7b256f0891cf61795632088b75d715b0538e3ac7971d27
run #0: basic kernel testing failed: SYZFAIL: failed to recv rpc
run #1: crashed: BUG: unable to handle kernel NULL pointer dereference in bio_seg_gap
run #2: crashed: BUG: unable to handle kernel NULL pointer dereference in bio_seg_gap
run #3: crashed: BUG: unable to handle kernel NULL pointer dereference in bio_seg_gap
run #4: crashed: BUG: unable to handle kernel NULL pointer dereference in bio_seg_gap
run #5: crashed: BUG: unable to handle kernel NULL pointer dereference in bio_seg_gap
run #6: crashed: BUG: unable to handle kernel NULL pointer dereference in bio_seg_gap
run #7: crashed: BUG: unable to handle kernel NULL pointer dereference in bio_seg_gap
run #8: crashed: BUG: unable to handle kernel NULL pointer dereference in bio_seg_gap
run #9: crashed: BUG: unable to handle kernel NULL pointer dereference in bio_seg_gap
representative crash: BUG: unable to handle kernel NULL pointer dereference in bio_seg_gap, types: [NULL-POINTER-DEREFERENCE]
the chunk can be dropped
testing without sub-chunk 4/5
disabling configs for [hang memleak ubsan bug_or_warning kasan locking atomic_sleep], they are not needed
testing commit ab40c92c74c6b0c611c89516794502b3a3173966 gcc
compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
kernel signature: 6803aa7ddb98ea85f2075c656742db4532dc31394815049b7712848981558bd4
run #0: basic kernel testing failed: SYZFAIL: failed to recv rpc
run #1: basic kernel testing failed: SYZFAIL: failed to recv rpc
run #2: crashed: BUG: unable to handle kernel NULL pointer dereference in bio_seg_gap
run #3: crashed: BUG: unable to handle kernel NULL pointer dereference in bio_seg_gap
run #4: crashed: BUG: unable to handle kernel NULL pointer dereference in bio_seg_gap
run #5: crashed: BUG: unable to handle kernel NULL pointer dereference in bio_seg_gap
run #6: crashed: BUG: unable to handle kernel NULL pointer dereference in bio_seg_gap
run #7: crashed: BUG: unable to handle kernel NULL pointer dereference in bio_seg_gap
run #8: crashed: BUG: unable to handle kernel NULL pointer dereference in bio_seg_gap
run #9: crashed: BUG: unable to handle kernel NULL pointer dereference in bio_seg_gap
representative crash: BUG: unable to handle kernel NULL pointer dereference in bio_seg_gap, types: [NULL-POINTER-DEREFERENCE]
the chunk can be dropped
testing without sub-chunk 5/5
disabling configs for [ubsan bug_or_warning kasan locking atomic_sleep hang memleak], they are not needed
testing commit ab40c92c74c6b0c611c89516794502b3a3173966 gcc
compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
kernel signature: 0ec8d5b36def5be4c2c60bc0582336595fc625a7f2ffb92bcae9476dbc9d324e
run #0: basic kernel testing failed: SYZFAIL: failed to recv rpc
run #1: basic kernel testing failed: SYZFAIL: failed to recv rpc
run #2: basic kernel testing failed: SYZFAIL: failed to recv rpc
run #3: basic kernel testing failed: SYZFAIL: failed to recv rpc
run #4: crashed: BUG: unable to handle kernel NULL pointer dereference in bio_seg_gap
run #5: crashed: BUG: unable to handle kernel NULL pointer dereference in bio_seg_gap
run #6: crashed: BUG: unable to handle kernel NULL pointer dereference in bio_seg_gap
run #7: crashed: BUG: unable to handle kernel NULL pointer dereference in bio_seg_gap
run #8: crashed: BUG: unable to handle kernel NULL pointer dereference in bio_seg_gap
run #9: crashed: BUG: unable to handle kernel NULL pointer dereference in bio_seg_gap
representative crash: BUG: unable to handle kernel NULL pointer dereference in bio_seg_gap, types: [NULL-POINTER-DEREFERENCE]
the chunk can be dropped
disabling configs for [ubsan bug_or_warning kasan locking atomic_sleep hang memleak], they are not needed
picked [v6.17 v6.16 v6.15 v6.13 v6.11 v6.9 v6.7 v6.5 v6.2 v5.19 v5.16 v5.13 v5.10 v5.7 v5.4 v5.1 v4.19] out of 40 release tags
testing release v6.17
testing commit e5f0a698b34ed76002dc5cff3804a61c80233a7a gcc
compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
kernel signature: bb78f486a78cfa33dbff501e116a92e85c183dec36d2cb0864c4e11a7d35c663
run #0: basic kernel testing failed: SYZFAIL: failed to recv rpc
run #1: OK
run #2: OK
run #3: OK
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
false negative chance: 0.000
# git bisect start ab40c92c74c6b0c611c89516794502b3a3173966 e5f0a698b34ed76002dc5cff3804a61c80233a7a
Bisecting: 10705 revisions left to test after this (roughly 13 steps)
[c6006b8ca14dcc604567be99fc4863e6e11ab6e3] Merge tag 'usb-6.18-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb

testing commit c6006b8ca14dcc604567be99fc4863e6e11ab6e3 gcc
compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
kernel signature: 3487602dff82a40ca5e48657fd854c210928d4908167bed586402f9a59ea92fc
run #0: basic kernel testing failed: SYZFAIL: failed to recv rpc
run #1: basic kernel testing failed: SYZFAIL: failed to recv rpc
run #2: basic kernel testing failed: SYZFAIL: failed to recv rpc
run #3: OK
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
false negative chance: 0.000
# git bisect good c6006b8ca14dcc604567be99fc4863e6e11ab6e3
Bisecting: 5244 revisions left to test after this (roughly 12 steps)
[ce7b46718a1bc524de74a8aebdd348596be785a4] Merge branch 'fs-next' of linux-next

testing commit ce7b46718a1bc524de74a8aebdd348596be785a4 gcc
compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
kernel signature: 73fb9b5e66745fd949ce2279fa1570904ba4508a310b9ce8b8c1cb5e10c64b66
all runs: OK
false negative chance: 0.000
# git bisect good ce7b46718a1bc524de74a8aebdd348596be785a4
Bisecting: 2483 revisions left to test after this (roughly 11 steps)
[88c7d0dbb8889f24d0807a5141fd214dccdde102] Merge branch 'drm-next' of https://gitlab.freedesktop.org/drm/kernel.git

testing commit 88c7d0dbb8889f24d0807a5141fd214dccdde102 gcc
compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
kernel signature: 048e616dec01bb54fc331488a2b5a0d1eb7cecb1e27d7de8f4800790eb77d738
run #0: basic kernel testing failed: SYZFAIL: failed to recv rpc
run #1: basic kernel testing failed: SYZFAIL: failed to recv rpc
run #2: basic kernel testing failed: SYZFAIL: failed to recv rpc
run #3: OK
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
false negative chance: 0.000
# git bisect good 88c7d0dbb8889f24d0807a5141fd214dccdde102
Bisecting: 1133 revisions left to test after this (roughly 10 steps)
[cced6e7f48253fe0ec168433cff7b1982b324ca4] Merge branch 'master' of https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git

testing commit cced6e7f48253fe0ec168433cff7b1982b324ca4 gcc
compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
kernel signature: e6997eee5daaef8d2533fd634321ae049c2f83ad81aefdbf138360f5208881f4
run #0: basic kernel testing failed: SYZFAIL: failed to recv rpc
run #1: basic kernel testing failed: SYZFAIL: failed to recv rpc
run #2: crashed: BUG: unable to handle kernel NULL pointer dereference in bio_seg_gap
run #3: crashed: BUG: unable to handle kernel NULL pointer dereference in bio_seg_gap
run #4: crashed: BUG: unable to handle kernel NULL pointer dereference in bio_seg_gap
run #5: crashed: BUG: unable to handle kernel NULL pointer dereference in bio_seg_gap
run #6: crashed: BUG: unable to handle kernel NULL pointer dereference in bio_seg_gap
run #7: crashed: BUG: unable to handle kernel NULL pointer dereference in bio_seg_gap
run #8: crashed: BUG: unable to handle kernel NULL pointer dereference in bio_seg_gap
run #9: crashed: BUG: unable to handle kernel NULL pointer dereference in bio_seg_gap
representative crash: BUG: unable to handle kernel NULL pointer dereference in bio_seg_gap, types: [NULL-POINTER-DEREFERENCE]
# git bisect bad cced6e7f48253fe0ec168433cff7b1982b324ca4
Bisecting: 616 revisions left to test after this (roughly 9 steps)
[a3b611267c6fc36a133d5898233676421faf796f] Merge branch 'for-next' of https://git.kernel.org/pub/scm/linux/kernel/git/axboe/linux.git

testing commit a3b611267c6fc36a133d5898233676421faf796f gcc
compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
kernel signature: d93d367cd1183a2659dbcad9cab26fcf74a49867d27d5dd548f8d5aea3611c41
run #0: basic kernel testing failed: SYZFAIL: failed to recv rpc
run #1: basic kernel testing failed: SYZFAIL: failed to recv rpc
run #2: crashed: BUG: unable to handle kernel NULL pointer dereference in bio_seg_gap
run #3: crashed: BUG: unable to handle kernel NULL pointer dereference in bio_seg_gap
run #4: crashed: BUG: unable to handle kernel NULL pointer dereference in bio_seg_gap
run #5: crashed: BUG: unable to handle kernel NULL pointer dereference in bio_seg_gap
run #6: crashed: BUG: unable to handle kernel NULL pointer dereference in bio_seg_gap
run #7: crashed: BUG: unable to handle kernel NULL pointer dereference in bio_seg_gap
run #8: crashed: BUG: unable to handle kernel NULL pointer dereference in bio_seg_gap
run #9: crashed: BUG: unable to handle kernel NULL pointer dereference in bio_seg_gap
representative crash: BUG: unable to handle kernel NULL pointer dereference in bio_seg_gap, types: [NULL-POINTER-DEREFERENCE]
# git bisect bad a3b611267c6fc36a133d5898233676421faf796f
Bisecting: 429 revisions left to test after this (roughly 9 steps)
[9d531e65d5055482edb17399732e78ad21200091] Merge remote-tracking branch 'asoc/for-6.19' into asoc-next

testing commit 9d531e65d5055482edb17399732e78ad21200091 gcc
compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
kernel signature: 6548c45e2ca9cf3b4ab75070b51b14da55715429fd36eb4eda3f9988684fc19d
run #0: basic kernel testing failed: SYZFAIL: failed to recv rpc
run #1: OK
run #2: OK
run #3: OK
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
false negative chance: 0.000
# git bisect good 9d531e65d5055482edb17399732e78ad21200091
Bisecting: 192 revisions left to test after this (roughly 8 steps)
[7f9e34207d3413afc6fd39ba515af958d3523790] Merge branch 'drm-xe-next' of https://gitlab.freedesktop.org/drm/xe/kernel.git

testing commit 7f9e34207d3413afc6fd39ba515af958d3523790 gcc
compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
kernel signature: eba323b6e6b3158fa66588dc9424ce79a36c4467840f09070787ae8f99ee9adc
run #0: basic kernel testing failed: SYZFAIL: failed to recv rpc
run #1: basic kernel testing failed: SYZFAIL: failed to recv rpc
run #2: basic kernel testing failed: SYZFAIL: failed to recv rpc
run #3: basic kernel testing failed: SYZFAIL: failed to recv rpc
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
false negative chance: 0.000
# git bisect good 7f9e34207d3413afc6fd39ba515af958d3523790
Bisecting: 99 revisions left to test after this (roughly 7 steps)
[2ece8de5e84eec0cdd093220447e1cc17fe6a925] Merge branch 'for-6.19/block' into for-next

testing commit 2ece8de5e84eec0cdd093220447e1cc17fe6a925 gcc
compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
kernel signature: dd076503017bb95332d7dec342c5c3fefddb37cf8c336929df7ed2c3f1d427d4
run #0: basic kernel testing failed: SYZFAIL: failed to recv rpc
run #1: basic kernel testing failed: SYZFAIL: failed to recv rpc
run #2: basic kernel testing failed: SYZFAIL: failed to recv rpc
run #3: OK
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
false negative chance: 0.000
# git bisect good 2ece8de5e84eec0cdd093220447e1cc17fe6a925
Bisecting: 52 revisions left to test after this (roughly 6 steps)
[2ded500374a336a616534a3a255cdcc9bcdcb3c7] Merge branch 'modules-next' of https://git.kernel.org/pub/scm/linux/kernel/git/modules/linux.git

testing commit 2ded500374a336a616534a3a255cdcc9bcdcb3c7 gcc
compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
kernel signature: 478bf553d955223b9a4a53c5cb1e4c5056e3261ab2aec4b100707b6780ec51d1
run #0: basic kernel testing failed: SYZFAIL: failed to recv rpc
run #1: basic kernel testing failed: SYZFAIL: failed to recv rpc
run #2: OK
run #3: OK
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
false negative chance: 0.000
# git bisect good 2ded500374a336a616534a3a255cdcc9bcdcb3c7
Bisecting: 26 revisions left to test after this (roughly 5 steps)
[b822e8fa6a20ed3ca95a237292af5a154d5fe950] Merge branch 'for-6.19/block' into for-next

testing commit b822e8fa6a20ed3ca95a237292af5a154d5fe950 gcc
compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
kernel signature: 02572669eb8566cc3e7f403b787b8607ed41f4b379fb90eb5ff3762ec4600645
run #0: basic kernel testing failed: SYZFAIL: failed to recv rpc
run #1: basic kernel testing failed: SYZFAIL: failed to recv rpc
run #2: basic kernel testing failed: SYZFAIL: failed to recv rpc
run #3: basic kernel testing failed: SYZFAIL: failed to recv rpc
run #4: basic kernel testing failed: SYZFAIL: failed to recv rpc
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
false negative chance: 0.000
# git bisect good b822e8fa6a20ed3ca95a237292af5a154d5fe950
Bisecting: 12 revisions left to test after this (roughly 4 steps)
[2a2bc224e43b61e9d00fe379b1b3190e77b708f3] Merge branch 'for-6.19/io_uring' into for-next

testing commit 2a2bc224e43b61e9d00fe379b1b3190e77b708f3 gcc
compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
kernel signature: 4ed98a0207867573bec122082b72836d7c43c7094980c60c8fb2d78d4bca2a8c
run #0: basic kernel testing failed: SYZFAIL: failed to recv rpc
run #1: basic kernel testing failed: SYZFAIL: failed to recv rpc
run #2: basic kernel testing failed: SYZFAIL: failed to recv rpc
run #3: basic kernel testing failed: SYZFAIL: failed to recv rpc
run #4: crashed: BUG: unable to handle kernel NULL pointer dereference in bio_seg_gap
run #5: crashed: BUG: unable to handle kernel NULL pointer dereference in bio_seg_gap
run #6: crashed: BUG: unable to handle kernel NULL pointer dereference in bio_seg_gap
run #7: crashed: BUG: unable to handle kernel NULL pointer dereference in bio_seg_gap
run #8: crashed: BUG: unable to handle kernel NULL pointer dereference in bio_seg_gap
run #9: crashed: BUG: unable to handle kernel NULL pointer dereference in bio_seg_gap
representative crash: BUG: unable to handle kernel NULL pointer dereference in bio_seg_gap, types: [NULL-POINTER-DEREFERENCE]
# git bisect bad 2a2bc224e43b61e9d00fe379b1b3190e77b708f3
Bisecting: 6 revisions left to test after this (roughly 3 steps)
[9517b82d8d422d426a988b213fdd45c6b417b86d] nbd: defer config put in recv_work

testing commit 9517b82d8d422d426a988b213fdd45c6b417b86d gcc
compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
kernel signature: 31764e832275d4a450b2f46ad539d02fc42773fa56e87408f8a59784f6f26c87
all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in bio_seg_gap
representative crash: BUG: unable to handle kernel NULL pointer dereference in bio_seg_gap, types: [NULL-POINTER-DEREFERENCE]
# git bisect bad 9517b82d8d422d426a988b213fdd45c6b417b86d
Bisecting: 3 revisions left to test after this (roughly 2 steps)
[86a9ce21f5b781c56eba23cbbd2264ab74778ab0] block: don't return 1 for the fallback case in blkdev_get_zone_info

testing commit 86a9ce21f5b781c56eba23cbbd2264ab74778ab0 gcc
compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
kernel signature: 721d8b3d4f46f73bbbbeb374d30027720df53aefd61f5baa7a1a3b846bfbf865
run #0: basic kernel testing failed: SYZFAIL: failed to recv rpc
run #1: basic kernel testing failed: SYZFAIL: failed to recv rpc
run #2: crashed: BUG: unable to handle kernel NULL pointer dereference in bio_seg_gap
run #3: crashed: BUG: unable to handle kernel NULL pointer dereference in bio_seg_gap
run #4: crashed: BUG: unable to handle kernel NULL pointer dereference in bio_seg_gap
run #5: crashed: BUG: unable to handle kernel NULL pointer dereference in bio_seg_gap
run #6: crashed: BUG: unable to handle kernel NULL pointer dereference in bio_seg_gap
run #7: crashed: BUG: unable to handle kernel NULL pointer dereference in bio_seg_gap
run #8: crashed: BUG: unable to handle kernel NULL pointer dereference in bio_seg_gap
run #9: crashed: BUG: unable to handle kernel NULL pointer dereference in bio_seg_gap
representative crash: BUG: unable to handle kernel NULL pointer dereference in bio_seg_gap, types: [NULL-POINTER-DEREFERENCE]
# git bisect bad 86a9ce21f5b781c56eba23cbbd2264ab74778ab0
Bisecting: 0 revisions left to test after this (roughly 1 step)
[bc840b21a25a50f00e2b240329c09281506df387] nvme: remove virtual boundary for sgl capable devices

testing commit bc840b21a25a50f00e2b240329c09281506df387 gcc
compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
kernel signature: 2ca41485a4afbae4ef88c03f1d85096073fcacdc1119c0827973bb7c24654e5c
run #0: basic kernel testing failed: SYZFAIL: failed to recv rpc
run #1: basic kernel testing failed: SYZFAIL: failed to recv rpc
run #2: crashed: BUG: unable to handle kernel NULL pointer dereference in bio_seg_gap
run #3: crashed: BUG: unable to handle kernel NULL pointer dereference in bio_seg_gap
run #4: crashed: BUG: unable to handle kernel NULL pointer dereference in bio_seg_gap
run #5: crashed: BUG: unable to handle kernel NULL pointer dereference in bio_seg_gap
run #6: crashed: BUG: unable to handle kernel NULL pointer dereference in bio_seg_gap
run #7: crashed: BUG: unable to handle kernel NULL pointer dereference in bio_seg_gap
run #8: crashed: BUG: unable to handle kernel NULL pointer dereference in bio_seg_gap
run #9: crashed: BUG: unable to handle kernel NULL pointer dereference in bio_seg_gap
representative crash: BUG: unable to handle kernel NULL pointer dereference in bio_seg_gap, types: [NULL-POINTER-DEREFERENCE]
# git bisect bad bc840b21a25a50f00e2b240329c09281506df387
Bisecting: 0 revisions left to test after this (roughly 0 steps)
[2f6b2565d43cdb5087cac23d530cca84aa3d897e] block: accumulate memory segment gaps per bio

testing commit 2f6b2565d43cdb5087cac23d530cca84aa3d897e gcc
compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
kernel signature: c89b1aa978f88f5a0248f1a0d965317668d0fa9ecd1abd6ee1d6ce3065ff2e13
run #0: basic kernel testing failed: SYZFAIL: failed to recv rpc
run #1: basic kernel testing failed: SYZFAIL: failed to recv rpc
run #2: crashed: BUG: unable to handle kernel NULL pointer dereference in bio_seg_gap
run #3: crashed: BUG: unable to handle kernel NULL pointer dereference in bio_seg_gap
run #4: crashed: BUG: unable to handle kernel NULL pointer dereference in bio_seg_gap
run #5: crashed: BUG: unable to handle kernel NULL pointer dereference in bio_seg_gap
run #6: crashed: BUG: unable to handle kernel NULL pointer dereference in bio_seg_gap
run #7: crashed: BUG: unable to handle kernel NULL pointer dereference in bio_seg_gap
run #8: crashed: BUG: unable to handle kernel NULL pointer dereference in bio_seg_gap
run #9: crashed: BUG: unable to handle kernel NULL pointer dereference in bio_seg_gap
representative crash: BUG: unable to handle kernel NULL pointer dereference in bio_seg_gap, types: [NULL-POINTER-DEREFERENCE]
# git bisect bad 2f6b2565d43cdb5087cac23d530cca84aa3d897e
2f6b2565d43cdb5087cac23d530cca84aa3d897e is the first bad commit
commit 2f6b2565d43cdb5087cac23d530cca84aa3d897e
Author: Keith Busch <kbusch@kernel.org>
Date:   Tue Oct 14 08:04:55 2025 -0700

    block: accumulate memory segment gaps per bio
    
    The blk-mq dma iterator has an optimization for requests that align to
    the device's iommu merge boundary. This boundary may be larger than the
    device's virtual boundary, but the code had been depending on that queue
    limit to know ahead of time if the request is guaranteed to align to
    that optimization.
    
    Rather than rely on that queue limit, which many devices may not report,
    save the lowest set bit of any boundary gap between each segment in the
    bio while checking the segments. The request stores the value for
    merging and quickly checking per io if the request can use iova
    optimizations.
    
    Signed-off-by: Keith Busch <kbusch@kernel.org>
    Reviewed-by: Christoph Hellwig <hch@lst.de>
    Reviewed-by: Martin K. Petersen <martin.petersen@oracle.com>
    Signed-off-by: Jens Axboe <axboe@kernel.dk>

 block/bio.c               |  1 +
 block/blk-map.c           |  3 +++
 block/blk-merge.c         | 39 ++++++++++++++++++++++++++++++++++++---
 block/blk-mq-dma.c        |  3 +--
 block/blk-mq.c            |  6 ++++++
 include/linux/bio.h       |  2 ++
 include/linux/blk-mq.h    | 16 ++++++++++++++++
 include/linux/blk_types.h | 12 ++++++++++++
 8 files changed, 77 insertions(+), 5 deletions(-)

accumulated error probability: 0.00
parent commit 0739c2c6a015604a7c01506bea28200a2cc2e08c wasn't tested
testing commit 0739c2c6a015604a7c01506bea28200a2cc2e08c gcc
compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
kernel signature: 33249e78c7bf2704d31c8c776103d67c294e6c23b9da7f8e5133e62e0355b732
culprit signature: c89b1aa978f88f5a0248f1a0d965317668d0fa9ecd1abd6ee1d6ce3065ff2e13
parent  signature: 33249e78c7bf2704d31c8c776103d67c294e6c23b9da7f8e5133e62e0355b732
revisions tested: 23, total time: 11h15m27.254701784s (build: 7h38m58.99409865s, test: 2h45m43.540124638s)
first bad commit: 2f6b2565d43cdb5087cac23d530cca84aa3d897e block: accumulate memory segment gaps per bio
recipients (to): ["axboe@kernel.dk" "hch@lst.de" "kbusch@kernel.org" "martin.petersen@oracle.com"]
recipients (cc): []
crash: BUG: unable to handle kernel NULL pointer dereference in bio_seg_gap
WARNING: The mand mount option has been deprecated and
         and is ignored by this kernel. Remove the mand
         option from the mount to silence this warning.
=======================================================
EXT4-fs: Ignoring removed i_version option
BUG: kernel NULL pointer dereference, address: 0000000000000008
#PF: supervisor read access in kernel mode
#PF: error_code(0x0000) - not-present page
PGD 80000001093f6067 P4D 80000001093f6067 PUD 0 
Oops: Oops: 0000 [#1] SMP PTI
CPU: 1 UID: 0 PID: 2883 Comm: syz.3.17 Not tainted syzkaller #0 PREEMPT(none) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
RIP: 0010:bio_get_first_bvec block/blk-merge.c:22 [inline]
RIP: 0010:bio_get_last_bvec block/blk-merge.c:30 [inline]
RIP: 0010:bio_seg_gap+0x74/0x1e0 block/blk-merge.c:743
Code: db 74 0f 0f b6 c0 38 d8 0f b6 cb 0f 42 c8 89 cb eb 02 89 c3 44 8b 4e 28 8b 4e 2c 44 8b 46 30 48 8b 46 68 49 89 ca 49 c1 e2 04 <42> 8b 6c 10 08 44 29 c5 46 8b 5c 10 0c 45 01 c3 41 39 e9 41 0f 42
RSP: 0018:ffffc900020db670 EFLAGS: 00010246
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
RDX: ffff888101bcfe40 RSI: ffff888101bcfd80 RDI: ffff888106289ba8
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000400
R10: 0000000000000000 R11: 0000000000000800 R12: 0000000000000000
R13: ffff888106289c01 R14: ffff888101bcfe40 R15: 0000000000000000
FS:  00007f67871976c0(0000) GS:ffff8882b4b14000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000008 CR3: 00000001179a2000 CR4: 00000000003506f0
Call Trace:
 <TASK>
 bio_attempt_back_merge+0xc9/0x180 block/blk-merge.c:940
 blk_attempt_plug_merge+0x51/0x80 block/blk-merge.c:1073
 blk_mq_attempt_bio_merge block/blk-mq.c:3022 [inline]
 blk_mq_submit_bio+0x55b/0x7d0 block/blk-mq.c:3186
 __submit_bio+0xd7/0x250 block/blk-core.c:637
 __submit_bio_noacct_mq block/blk-core.c:724 [inline]
 submit_bio_noacct_nocheck+0xdd/0x310 block/blk-core.c:755
 submit_bio_wait+0xb0/0xf0 block/bio.c:1389
 blkdev_issue_discard+0x121/0x170 block/blk-lib.c:95
 ext4_mb_clear_bb fs/ext4/mballoc.c:6620 [inline]
 ext4_free_blocks+0x4b9/0x940 fs/ext4/mballoc.c:6770
 ext4_clear_blocks+0x11c/0x180 fs/ext4/indirect.c:888
 ext4_free_data fs/ext4/indirect.c:962 [inline]
 ext4_ind_truncate+0x3b9/0x540 fs/ext4/indirect.c:1154
 ext4_truncate+0x377/0x490 fs/ext4/inode.c:4616
 ext4_evict_inode+0x526/0x730 fs/ext4/inode.c:261
 evict+0x1e4/0x3a0 fs/inode.c:810
 ext4_orphan_cleanup+0x2ef/0x510 fs/ext4/orphan.c:470
 __ext4_fill_super fs/ext4/super.c:5617 [inline]
 ext4_fill_super+0x17ef/0x1a60 fs/ext4/super.c:5736
 get_tree_bdev_flags+0x13c/0x1c0 fs/super.c:1691
 vfs_get_tree+0x29/0xb0 fs/super.c:1751
 fc_mount fs/namespace.c:1208 [inline]
 do_new_mount_fc fs/namespace.c:3651 [inline]
 do_new_mount+0x168/0x3b0 fs/namespace.c:3727
 do_mount fs/namespace.c:4050 [inline]
 __do_sys_mount fs/namespace.c:4238 [inline]
 __se_sys_mount+0x144/0x1b0 fs/namespace.c:4215
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x8f/0x250 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f6787330e6a
Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f6787196e68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 00007f6787196ef0 RCX: 00007f6787330e6a
RDX: 0000200000000ac0 RSI: 0000200000000240 RDI: 00007f6787196eb0
RBP: 0000200000000ac0 R08: 00007f6787196ef0 R09: 0000000003810744
R10: 0000000003810744 R11: 0000000000000246 R12: 0000200000000240
R13: 00007f6787196eb0 R14: 0000000000000453 R15: 000000000000002c
 </TASK>
Modules linked in:
CR2: 0000000000000008
---[ end trace 0000000000000000 ]---
RIP: 0010:bio_get_first_bvec block/blk-merge.c:22 [inline]
RIP: 0010:bio_get_last_bvec block/blk-merge.c:30 [inline]
RIP: 0010:bio_seg_gap+0x74/0x1e0 block/blk-merge.c:743
Code: db 74 0f 0f b6 c0 38 d8 0f b6 cb 0f 42 c8 89 cb eb 02 89 c3 44 8b 4e 28 8b 4e 2c 44 8b 46 30 48 8b 46 68 49 89 ca 49 c1 e2 04 <42> 8b 6c 10 08 44 29 c5 46 8b 5c 10 0c 45 01 c3 41 39 e9 41 0f 42
RSP: 0018:ffffc900020db670 EFLAGS: 00010246
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
RDX: ffff888101bcfe40 RSI: ffff888101bcfd80 RDI: ffff888106289ba8
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000400
R10: 0000000000000000 R11: 0000000000000800 R12: 0000000000000000
R13: ffff888106289c01 R14: ffff888101bcfe40 R15: 0000000000000000
FS:  00007f67871976c0(0000) GS:ffff8882b4b14000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000008 CR3: 00000001179a2000 CR4: 00000000003506f0
----------------
Code disassembly (best guess):
   0:	db 74 0f 0f          	(bad)  0xf(%rdi,%rcx,1)
   4:	b6 c0                	mov    $0xc0,%dh
   6:	38 d8                	cmp    %bl,%al
   8:	0f b6 cb             	movzbl %bl,%ecx
   b:	0f 42 c8             	cmovb  %eax,%ecx
   e:	89 cb                	mov    %ecx,%ebx
  10:	eb 02                	jmp    0x14
  12:	89 c3                	mov    %eax,%ebx
  14:	44 8b 4e 28          	mov    0x28(%rsi),%r9d
  18:	8b 4e 2c             	mov    0x2c(%rsi),%ecx
  1b:	44 8b 46 30          	mov    0x30(%rsi),%r8d
  1f:	48 8b 46 68          	mov    0x68(%rsi),%rax
  23:	49 89 ca             	mov    %rcx,%r10
  26:	49 c1 e2 04          	shl    $0x4,%r10
* 2a:	42 8b 6c 10 08       	mov    0x8(%rax,%r10,1),%ebp <-- trapping instruction
  2f:	44 29 c5             	sub    %r8d,%ebp
  32:	46 8b 5c 10 0c       	mov    0xc(%rax,%r10,1),%r11d
  37:	45 01 c3             	add    %r8d,%r11d
  3a:	41 39 e9             	cmp    %ebp,%r9d
  3d:	41                   	rex.B
  3e:	0f                   	.byte 0xf
  3f:	42                   	rex.X