ci starts bisection 2025-02-11 13:54:46.411954472 +0000 UTC m=+61.602294983 bisecting cause commit starting from df5d6180169ae06a2eac57e33b077ad6f6252440 building syzkaller on 43f51a00700e5960fc890e6c3d596846757bf29d ensuring issue is reproducible on original commit df5d6180169ae06a2eac57e33b077ad6f6252440 testing commit df5d6180169ae06a2eac57e33b077ad6f6252440 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: abe9abdc1c9d617c7a4ff7beb1cf45836a9c939cb9d2c8f864a56dd3ec8e4dd9 all runs: crashed: general protection fault in h5_recv representative crash: general protection fault in h5_recv, types: [UNKNOWN] check whether we can drop unnecessary instrumentation disabling configs for [HANG LEAK UBSAN BUG KASAN LOCKDEP ATOMIC_SLEEP], they are not needed testing commit df5d6180169ae06a2eac57e33b077ad6f6252440 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: b6bcca59c8e16608e91b01b3677a47f036b9de82c31e99ce02aea11c199f7273 all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in h5_recv representative crash: BUG: unable to handle kernel NULL pointer dereference in h5_recv, types: [UNKNOWN] the bug reproduces without the instrumentation disabling configs for [LEAK UBSAN BUG KASAN LOCKDEP ATOMIC_SLEEP HANG], they are not needed kconfig minimization: base=4063 full=8262 leaves diff=2117 split chunks (needed=false): <2117> split chunk #0 of len 2117 into 5 parts testing without sub-chunk 1/5 disabling configs for [ATOMIC_SLEEP HANG LEAK UBSAN BUG KASAN LOCKDEP], they are not needed testing commit df5d6180169ae06a2eac57e33b077ad6f6252440 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 870d98c2f5c617c06db10cb5d2f6011aded20265f6ee967b1b187df3350c55a7 all runs: OK false negative chance: 0.000 testing without sub-chunk 2/5 disabling configs for [HANG LEAK UBSAN BUG KASAN LOCKDEP ATOMIC_SLEEP], they are not needed testing commit df5d6180169ae06a2eac57e33b077ad6f6252440 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 7bd5ab53a246bf5547d2fd37a526ad3ec72b99c24abded176a5bcafe6e1365a6 all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in h5_recv representative crash: BUG: unable to handle kernel NULL pointer dereference in h5_recv, types: [UNKNOWN] the chunk can be dropped testing without sub-chunk 3/5 disabling configs for [LOCKDEP ATOMIC_SLEEP HANG LEAK UBSAN BUG KASAN], they are not needed testing commit df5d6180169ae06a2eac57e33b077ad6f6252440 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: cb7abdd061059e4f1f0124b3994dad5c6cd80cf8096da2e6605f6300ea063dca all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in h5_recv representative crash: BUG: unable to handle kernel NULL pointer dereference in h5_recv, types: [UNKNOWN] the chunk can be dropped testing without sub-chunk 4/5 disabling configs for [HANG LEAK UBSAN BUG KASAN LOCKDEP ATOMIC_SLEEP], they are not needed testing commit df5d6180169ae06a2eac57e33b077ad6f6252440 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 21956e7a4010c25904469846304484ed3916721147f6da02d70fe80a48a5643d all runs: OK false negative chance: 0.000 testing without sub-chunk 5/5 disabling configs for [UBSAN BUG KASAN LOCKDEP ATOMIC_SLEEP HANG LEAK], they are not needed testing commit df5d6180169ae06a2eac57e33b077ad6f6252440 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 738cd2946a9de0ebbd511e930390a4f4c0beaf590eadfba1f9f0a42acf7d3a00 run #0: crashed: BUG: unable to handle kernel NULL pointer dereference in h5_recv run #1: crashed: BUG: unable to handle kernel NULL pointer dereference in h5_recv run #2: crashed: BUG: unable to handle kernel NULL pointer dereference in h5_recv run #3: crashed: BUG: unable to handle kernel NULL pointer dereference in h5_recv run #4: crashed: BUG: unable to handle kernel NULL pointer dereference in h5_recv run #5: crashed: BUG: unable to handle kernel NULL pointer dereference in h5_recv run #6: crashed: BUG: unable to handle kernel NULL pointer dereference in h5_recv run #7: crashed: BUG: unable to handle kernel NULL pointer dereference in h5_recv run #8: OK run #9: OK representative crash: BUG: unable to handle kernel NULL pointer dereference in h5_recv, types: [UNKNOWN] the chunk can be dropped minimized to 848 configs; suspects: [6LOWPAN 6LOWPAN_GHC_EXT_HDR_DEST 6LOWPAN_GHC_EXT_HDR_FRAG 6LOWPAN_GHC_EXT_HDR_HOP 6LOWPAN_GHC_EXT_HDR_ROUTE 6LOWPAN_GHC_ICMPV6 6LOWPAN_GHC_UDP 6LOWPAN_NHC 6LOWPAN_NHC_DEST 6LOWPAN_NHC_FRAGMENT 6LOWPAN_NHC_HOP 6LOWPAN_NHC_IPV6 6LOWPAN_NHC_MOBILITY 6LOWPAN_NHC_ROUTING 6LOWPAN_NHC_UDP 6PACK 842_COMPRESS 842_DECOMPRESS 9P_FSCACHE 9P_FS_POSIX_ACL 9P_FS_SECURITY ACORN_PARTITION ACORN_PARTITION_ADFS ACORN_PARTITION_CUMANA ACORN_PARTITION_EESOX ACORN_PARTITION_ICS ACORN_PARTITION_POWERTEC ACORN_PARTITION_RISCIX ACPI_NFIT ACPI_NHLT ACPI_PLATFORM_PROFILE ADFS_FS AFFS_FS AFS_FS AFS_FSCACHE AF_KCM AF_RXRPC AF_RXRPC_IPV6 AIX_PARTITION AMD_SFH_HID AMIGA_PARTITION ANDROID_BINDER_IPC ANON_VMA_NAME APERTURE_HELPERS APPLE_MFI_FASTCHARGE AR5523 ARCH_ENABLE_MEMORY_HOTREMOVE ARCH_ENABLE_THP_MIGRATION ARCH_HAS_EXECMEM_ROX ARCH_HAS_USER_SHADOW_STACK ARCH_SUPPORTS_HUGE_PFNMAP ARCH_SUPPORTS_KEXEC_HANDOVER ARCH_SUPPORTS_PMD_PFNMAP ARCH_SUPPORTS_PUD_PFNMAP ARCH_WANT_PMD_MKWRITE ARCH_WANT_SPARSEMEM_VMEMMAP_PREINIT ASM_MODVERSIONS ASUS_TF103C_DOCK ASYNC_CORE ASYNC_MEMCPY ASYNC_PQ ASYNC_RAID6_RECOV ASYNC_TX_DMA ASYNC_XOR ATARI_PARTITION ATA_GENERIC ATA_OVER_ETH ATH10K ATH10K_CE ATH10K_LEDS ATH10K_PCI ATH10K_USB ATH11K ATH6KL ATH6KL_USB ATH9K ATH9K_AHB ATH9K_BTCOEX_SUPPORT ATH9K_CHANNEL_CONTEXT ATH9K_COMMON ATH9K_COMMON_DEBUG ATH9K_COMMON_SPECTRAL ATH9K_DEBUGFS ATH9K_DYNACK ATH9K_HTC ATH9K_HTC_DEBUGFS ATH9K_HW ATH9K_PCI ATH9K_PCOEM ATH9K_RFKILL ATH_COMMON ATM ATM_BR2684 ATM_CLIP ATM_DRIVERS ATM_LANE ATM_MPOA ATM_TCP AUXILIARY_BUS AX25 AX25_DAMA_SLAVE AX88796B_PHY BAREUDP BATMAN_ADV BATMAN_ADV_BATMAN_V BATMAN_ADV_BLA BATMAN_ADV_DAT BATMAN_ADV_MCAST BATMAN_ADV_NC BCACHE BCACHEFS_DEBUG BCACHEFS_ERASURE_CODING BCACHEFS_FS BCACHEFS_POSIX_ACL BCACHEFS_QUOTA BCACHEFS_SIX_OPTIMISTIC_SPIN BCMA BCMA_HOST_PCI_POSSIBLE BEFS_FS BFQ_CGROUP_DEBUG BFQ_GROUP_IOSCHED BFS_FS BIG_KEYS BLK_CGROUP_PUNT_BIO BLK_CGROUP_RWSTAT BLK_DEV_BSGLIB BLK_DEV_INTEGRITY BLK_DEV_NBD BLK_DEV_NULL_BLK BLK_DEV_NULL_BLK_FAULT_INJECTION BLK_DEV_NVME BLK_DEV_PMEM BLK_DEV_RAM BLK_DEV_RNBD BLK_DEV_RNBD_CLIENT BLK_DEV_THROTTLING BLK_DEV_ZONED BLK_ICQ BLK_INLINE_ENCRYPTION BLK_INLINE_ENCRYPTION_FALLBACK BLK_WBT BLK_WBT_MQ BONDING BOOT_VESA_SUPPORT BPF_EVENTS BPF_JIT BPF_JIT_ALWAYS_ON BPF_JIT_DEFAULT_ON BPF_LSM BPF_PRELOAD BPF_PRELOAD_UMD BPF_STREAM_PARSER BPF_SYSCALL BPQETHER BRIDGE BRIDGE_CFM BRIDGE_EBT_802_3 BRIDGE_EBT_AMONG BRIDGE_EBT_ARP BRIDGE_EBT_ARPREPLY BRIDGE_EBT_BROUTE BRIDGE_EBT_DNAT BRIDGE_EBT_IP BRIDGE_EBT_IP6 BRIDGE_EBT_LIMIT BRIDGE_EBT_LOG BRIDGE_EBT_MARK BRIDGE_EBT_MARK_T BRIDGE_EBT_NFLOG BRIDGE_EBT_PKTTYPE BRIDGE_EBT_REDIRECT BRIDGE_EBT_SNAT BRIDGE_EBT_STP BRIDGE_EBT_T_FILTER BRIDGE_EBT_T_NAT BRIDGE_EBT_VLAN BRIDGE_IGMP_SNOOPING BRIDGE_MRP BRIDGE_NF_EBTABLES BRIDGE_NF_EBTABLES_LEGACY BRIDGE_VLAN_FILTERING BSD_DISKLABEL BSD_PROCESS_ACCT_V3 BT BTRFS_ASSERT BTRFS_FS BTRFS_FS_POSIX_ACL BTRFS_FS_REF_VERIFY BTT BT_6LOWPAN BT_ATH3K BT_BCM BT_BNEP BT_BNEP_MC_FILTER BT_BNEP_PROTO_FILTER BT_BREDR BT_HCIBCM203X BT_HCIBFUSB BT_HCIBPA10X BT_HCIBTUSB BT_HCIBTUSB_AUTOSUSPEND BT_HCIBTUSB_BCM BT_HCIBTUSB_MTK BT_HCIBTUSB_POLL_SYNC BT_HCIBTUSB_RTL BT_HCIUART BT_HCIUART_3WIRE BT_HCIUART_AG6XX BT_HCIUART_BCSP BT_HCIUART_H4 BT_HCIUART_LL BT_HCIUART_MRVL BT_HCIUART_QCA BT_HCIUART_SERDEV BT_HCIVHCI BT_HIDP BT_INTEL BT_LE BT_LEDS BT_LE_L2CAP_ECRED BT_MRVL BT_MRVL_SDIO BT_MSFTEXT BT_MTK BT_MTKSDIO BT_MTKUART BT_QCA BT_RFCOMM BT_RFCOMM_TTY BT_RTL BXT_WC_PMIC_OPREGION CACHEFILES CAIF CAIF_DEBUG CAIF_DRIVERS CAIF_NETDEV CAIF_TTY CAIF_USB CAIF_VIRTIO CAN CAN_8DEV_USB CAN_BCM CAN_CALC_BITTIMING CAN_DEV CAN_EMS_USB CAN_ESD_USB CAN_ETAS_ES58X CAN_F81604 CAN_GS_USB CAN_GW CAN_IFI_CANFD CAN_ISOTP CAN_J1939 CAN_KVASER_USB CAN_MCBA_USB CAN_NETLINK CAN_PEAK_USB CAN_RAW CAN_RX_OFFLOAD CAN_SLCAN CAN_UCAN CAN_VCAN CAN_VXCAN CARL9170 CARL9170_HWRNG CARL9170_LEDS CARL9170_WPC CEC_CORE CEPH_FS CEPH_FSCACHE CEPH_FS_POSIX_ACL CEPH_LIB CEPH_LIB_USE_DNS_RESOLVER CFG80211 CFG80211_CRDA_SUPPORT CFG80211_DEBUGFS CFG80211_DEFAULT_PS CFG80211_REQUIRE_SIGNED_REGDB CFG80211_USE_KERNEL_REGDB_KEYS CFG80211_WEXT CFS_BANDWIDTH CGROUP_BPF CHARGER_ISP1704 CHR_DEV_ST CIFS CIFS_ALLOW_INSECURE_LEGACY CIFS_DEBUG CIFS_DFS_UPCALL CIFS_FSCACHE CIFS_POSIX CIFS_SMB_DIRECT CIFS_SWN_UPCALL CIFS_UPCALL CIFS_XATTR CLOSURES CLS_U32_MARK CLS_U32_PERF CMA CMA_SIZE_SEL_MAX CMDLINE_PARTITION COMEDI COMEDI_DT9812 COMEDI_NI_USB6501 COMEDI_USBDUX COMEDI_USBDUXFAST COMEDI_USBDUXSIGMA COMEDI_USB_DRIVERS COMEDI_VMK80XX COMPAT_NETLINK_MESSAGES COUNTER CRAMFS CRAMFS_BLOCKDEV CRAMFS_MTD CRC4 CRC64 CRC7 CRC8 CRC_ITU_T CRC_T10DIF CRC_T10DIF_ARCH CRYPTO_842 CRYPTO_ADIANTUM CRYPTO_AEGIS128 CRYPTO_AEGIS128_AESNI_SSE2 CRYPTO_AES_NI_INTEL CRYPTO_AES_TI CRYPTO_ANSI_CPRNG CRYPTO_ANUBIS CRYPTO_ARC4 CRYPTO_ARCH_HAVE_LIB_BLAKE2S CRYPTO_ARCH_HAVE_LIB_CHACHA CRYPTO_ARCH_HAVE_LIB_CURVE25519 CRYPTO_ARCH_HAVE_LIB_POLY1305 CRYPTO_ARIA CRYPTO_ARIA_AESNI_AVX_X86_64 CRYPTO_BLAKE2B CRYPTO_BLAKE2S_X86 CRYPTO_BLOWFISH CRYPTO_BLOWFISH_COMMON CRYPTO_BLOWFISH_X86_64 CRYPTO_CAMELLIA CRYPTO_CAMELLIA_AESNI_AVX2_X86_64 CRYPTO_CAMELLIA_AESNI_AVX_X86_64 CRYPTO_CAMELLIA_X86_64 CRYPTO_CAST5 CRYPTO_CAST5_AVX_X86_64 CRYPTO_CAST6 CRYPTO_CAST6_AVX_X86_64 CRYPTO_CAST_COMMON CRYPTO_CHACHA20 CRYPTO_CHACHA20POLY1305 CRYPTO_CHACHA20_X86_64 CRYPTO_CRC32 CRYPTO_CRC32C CRYPTO_CRYPTD CRYPTO_CTS CRYPTO_CURVE25519 CRYPTO_CURVE25519_X86 CRYPTO_DEFLATE CRYPTO_DES CRYPTO_DES3_EDE_X86_64 CRYPTO_DEV_CCP CRYPTO_DEV_CCP_DD CRYPTO_DEV_PADLOCK CRYPTO_DEV_PADLOCK_AES CRYPTO_DEV_PADLOCK_SHA CRYPTO_DEV_QAT CRYPTO_DEV_QAT_C3XXX CRYPTO_DEV_QAT_C3XXXVF CRYPTO_DEV_QAT_C62X CRYPTO_DEV_QAT_C62XVF CRYPTO_DEV_QAT_DH895xCC CRYPTO_DEV_QAT_DH895xCCVF CRYPTO_DEV_VIRTIO CRYPTO_DH CRYPTO_DRBG_CTR CRYPTO_DRBG_HASH CRYPTO_ECDH CRYPTO_ECRDSA CRYPTO_ENGINE CRYPTO_ESSIV CRYPTO_FCRYPT CRYPTO_GHASH_CLMUL_NI_INTEL CRYPTO_HCTR2 CRYPTO_KDF800108_CTR CRYPTO_KHAZAD CRYPTO_KPP CRYPTO_LIB_ARC4 CRYPTO_LIB_CHACHA CRYPTO_LIB_CHACHA20POLY1305 CRYPTO_LIB_CHACHA_GENERIC CRYPTO_LIB_CURVE25519 CRYPTO_LIB_CURVE25519_GENERIC CRYPTO_LIB_DES CRYPTO_LIB_POLY1305 CRYPTO_LIB_POLY1305_GENERIC CRYPTO_LRW CRYPTO_LZ4 CRYPTO_LZ4HC CRYPTO_MICHAEL_MIC CRYPTO_NHPOLY1305 CRYPTO_NHPOLY1305_AVX2 CRYPTO_NHPOLY1305_SSE2 CRYPTO_PCBC CRYPTO_PCRYPT CRYPTO_POLY1305 CRYPTO_POLY1305_X86_64 CRYPTO_POLYVAL CRYPTO_POLYVAL_CLMUL_NI CRYPTO_RMD160 CRYPTO_SEED CRYPTO_SERPENT CRYPTO_SERPENT_AVX2_X86_64 CRYPTO_SERPENT_AVX_X86_64 CRYPTO_SERPENT_SSE2_X86_64 CRYPTO_SHA1_SSSE3 CRYPTO_SHA256_SSSE3 CRYPTO_SHA512_SSSE3 CRYPTO_SIMD CRYPTO_SM3 CRYPTO_SM3_AVX_X86_64 CRYPTO_SM4 CRYPTO_SM4_AESNI_AVX2_X86_64 CRYPTO_SM4_AESNI_AVX_X86_64 CRYPTO_SM4_GENERIC CRYPTO_STREEBOG CRYPTO_TEA CRYPTO_TWOFISH CRYPTO_TWOFISH_AVX_X86_64 CRYPTO_TWOFISH_COMMON CRYPTO_TWOFISH_X86_64 CRYPTO_TWOFISH_X86_64_3WAY CRYPTO_USER CRYPTO_USER_API CRYPTO_USER_API_AEAD CRYPTO_USER_API_ENABLE_OBSOLETE CRYPTO_USER_API_HASH CRYPTO_USER_API_RNG CRYPTO_USER_API_SKCIPHER CRYPTO_WP512 CRYPTO_XCBC CRYPTO_XCTR CRYPTO_XTS CRYPTO_XXHASH CRYPTO_ZSTD CUSE CYPRESS_FIRMWARE DAMON DAMON_PADDR DAMON_RECLAIM DAMON_VADDR DAX DCA DCB DEFAULT_CODEL DEVICE_MIGRATION DEVICE_PRIVATE DEV_COREDUMP DEV_DAX DLM DLN2_ADC DMABUF_HEAPS DMABUF_HEAPS_CMA DMABUF_HEAPS_SYSTEM DMABUF_MOVE_NOTIFY DMA_CMA DMA_ENGINE_RAID DM_AUDIT DM_BIO_PRISON DM_BUFIO DM_CACHE DM_CACHE_SMQ DM_CLONE DM_CRYPT DM_FLAKEY DM_INTEGRITY DM_MULTIPATH DM_MULTIPATH_QL DM_MULTIPATH_ST DM_PERSISTENT_DATA DM_RAID DM_SNAPSHOT DM_THIN_PROVISIONING DM_UEVENT DM_VERITY DM_VERITY_FEC DM_WRITECACHE DM_ZONED DRAGONRISE_FF DRM DRM_AUX_BRIDGE DRM_BOCHS DRM_BRIDGE DRM_BUDDY DRM_CIRRUS_QEMU DRM_CLIENT DRM_CLIENT_DEFAULT_FBDEV DRM_CLIENT_LIB DRM_CLIENT_SELECTION DRM_CLIENT_SETUP DRM_DEBUG_MM DRM_DISPLAY_DP_AUX_BUS DRM_DISPLAY_DP_HELPER DRM_DISPLAY_DSC_HELPER DRM_DISPLAY_HDCP_HELPER DRM_DISPLAY_HDMI_HELPER DRM_DISPLAY_HELPER DRM_FBDEV_EMULATION DRM_GEM_SHMEM_HELPER DRM_GM12U320 DVB_CORE ENCRYPTED_KEYS EXTCON FSCACHE FUSE_FS GENEVE GPIOLIB HAMRADIO HAVE_CLK HID_DRAGONRISE HID_NVIDIA_SHIELD HID_PLAYSTATION HID_SENSOR_HUB HID_SMARTJOYPLUS HID_STEAM HID_THRUSTMASTER IIO INFINIBAND INFINIBAND_ADDR_TRANS INFINIBAND_IPOIB INFINIBAND_RTRS_CLIENT INFINIBAND_USER_ACCESS INFINIBAND_VIRT_DMA INPUT_TABLET INPUT_TOUCHSCREEN INTEL_SCU_IPC INTEL_SOC_PMIC_BXTWC IOSCHED_BFQ IP_SCTP L2TP LEDS_CLASS_MULTICOLOR LIBNVDIMM MAC80211 MAC80211_DEBUGFS MAC80211_LEDS MEDIA_COMMON_OPTIONS MEDIA_DIGITAL_TV_SUPPORT MEDIA_PLATFORM_SUPPORT MEDIA_RADIO_SUPPORT MEDIA_SDR_SUPPORT MEDIA_SUPPORT MEDIA_USB_SUPPORT MEMORY_HOTPLUG MEMORY_HOTREMOVE MFD_DLN2 MFD_INTEL_PMC_BXT MFD_MT6360 MFD_MT6370 MFD_RETU MMC MTD MTD_UBI NETFILTER_CONNCOUNT NET_CLS_U32 NET_IPGRE NET_IPGRE_DEMUX NET_SCH_DEFAULT NFS_V4_1 NLS_CODEPAGE_737 NLS_CODEPAGE_775 NLS_CODEPAGE_850 NLS_CODEPAGE_852 NLS_CODEPAGE_855 NLS_CODEPAGE_857 NLS_CODEPAGE_860 NLS_CODEPAGE_861 NLS_CODEPAGE_862 NLS_CODEPAGE_863 NLS_CODEPAGE_864 NLS_CODEPAGE_865 NLS_CODEPAGE_866 NLS_CODEPAGE_869 NLS_CODEPAGE_874 NLS_CODEPAGE_932 NLS_CODEPAGE_936 NLS_CODEPAGE_949 NLS_CODEPAGE_950 NLS_ISO8859_13 NLS_ISO8859_14 NLS_ISO8859_15 NLS_ISO8859_2 NLS_ISO8859_3 NLS_ISO8859_4 NLS_ISO8859_5 NLS_ISO8859_6 NLS_ISO8859_7 NLS_ISO8859_8 NLS_ISO8859_9 NLS_KOI8_R NLS_KOI8_U NLS_MAC_CELTIC NLS_MAC_CENTEURO NLS_MAC_CROATIAN NLS_MAC_CYRILLIC NLS_MAC_GAELIC NLS_MAC_GREEK NLS_MAC_ICELAND NLS_MAC_INUIT NLS_MAC_ROMAN NLS_MAC_ROMANIAN NLS_MAC_TURKISH NLS_UCS2_UTILS NOZOMI NTFS3_FS NTFS3_FS_POSIX_ACL NTFS3_LZX_XPRESS NULL_TTY NUMA_BALANCING NUMA_BALANCING_DEFAULT_ENABLED NUMA_EMU NUMA_KEEP_MEMINFO NVDIMM_DAX NVDIMM_KEYS NVDIMM_PFN NVIDIA_SHIELD_FF NVME_CORE NVME_FABRICS NVME_FC NVME_MULTIPATH NVME_RDMA NVME_TARGET NVME_TARGET_FC NVME_TARGET_FCLOOP NVME_TARGET_LOOP NVME_TARGET_RDMA NVME_TARGET_TCP NVME_TCP N_GSM N_HDLC OCFS2_DEBUG_FS OCFS2_FS OCFS2_FS_O2CB OCFS2_FS_STATS OCFS2_FS_USERSPACE_CLUSTER OF_GPIO OF_PMEM OMFS_FS OPENVSWITCH OPENVSWITCH_GENEVE OPENVSWITCH_GRE OPENVSWITCH_VXLAN ORANGEFS_FS OSF_PARTITION OVERLAY_FS OVERLAY_FS_DEBUG OVERLAY_FS_INDEX OVERLAY_FS_REDIRECT_ALWAYS_FOLLOW OVERLAY_FS_REDIRECT_DIR PACKET_DIAG PAGE_IDLE_FLAG PAGE_REPORTING PAHOLE_HAS_BTF_TAG PAHOLE_HAS_LANG_EXCLUDE PAHOLE_HAS_SPLIT_BTF PARPORT PARPORT_NOT_PC PARTITION_ADVANCED PCCARD PCCARD_NONSTATIC PCIEAER PCI_ENDPOINT PCI_IOV PCMCIA PCMCIA_LOAD_CIS PERCPU_STATS PERSISTENT_KEYRINGS PHONET PHYLINK PHY_CPCAP_USB PHY_QCOM_USB_HS PHY_QCOM_USB_HSIC PHY_SAMSUNG_USB2 PHY_TUSB1210 PKCS7_TEST_KEY PKCS8_PRIVATE_KEY_PARSER PLAYSTATION_FF PLFXLC PMIC_OPREGION PM_CLK PNFS_BLOCK PNFS_FILE_LAYOUT PNFS_FLEXFILE_LAYOUT PPP PPPOATM PPPOE PPPOE_HASH_BITS_1 PPPOL2TP PPP_ASYNC PPP_BSDCOMP PPP_DEFLATE PPP_FILTER PPP_MPPE PPP_MULTILINK PPP_SYNC_TTY PPTP PREEMPT PREEMPT_NOTIFIERS PROC_CHILDREN PSAMPLE PSI PSTORE PSTORE_COMPRESS QCOM_QMI_HELPERS QNX4FS_FS QNX6FS_FS QRTR QRTR_TUN RADIO_ADAPTERS RADIO_SHARK RADIO_SHARK2 RADIO_TEA575X RAID6_PQ RAID_ATTRS RC_ATI_REMOTE RC_CORE RC_DEVICES RC_XBOX_DVD RDMA_RXE RDMA_SIW RDS RDS_RDMA RDS_TCP READ_ONLY_THP_FOR_FS REALTEK_AUTOPM REED_SOLOMON REED_SOLOMON_DEC8 REGMAP REGMAP_I2C REGMAP_IRQ REGMAP_MMIO REGMAP_SPI REGULATOR REGULATOR_FIXED_VOLTAGE REGULATOR_TWL4030 RESET_CONTROLLER RFKILL RFKILL_INPUT RFKILL_LEDS RMI4_2D_SENSOR RMI4_CORE RMI4_F03 RMI4_F03_SERIO RMI4_F11 RMI4_F12 RMI4_F30 RMI4_F3A ROMFS_BACKED_BY_BOTH ROMFS_FS ROMFS_ON_BLOCK ROMFS_ON_MTD ROSE RTC_DRV_HID_SENSOR_TIME RXKAD SCHED_CORE SCREEN_INFO SCSI_FC_ATTRS SCSI_HPSA SCSI_ISCSI_ATTRS SCSI_LOGGING SCSI_NETLINK SCSI_SAS_ATA SCSI_SAS_ATTRS SCSI_SAS_LIBSAS SCSI_SCAN_ASYNC SCSI_SRP_ATTRS SCTP_COOKIE_HMAC_MD5 SCTP_COOKIE_HMAC_SHA1 SCTP_DEFAULT_COOKIE_HMAC_MD5 SECONDARY_TRUSTED_KEYRING SECURITY_INFINIBAND SECURITY_NETWORK_XFRM SENSORS_AQUACOMPUTER_D5NEXT SENSORS_CORSAIR_CPRO SENSORS_CORSAIR_PSU SENSORS_GIGABYTE_WATERFORCE SENSORS_NZXT_KRAKEN2 SENSORS_NZXT_SMART2 SENSORS_POWERZ SERIAL_DEV_BUS SERIAL_DEV_CTRL_TTYPORT SERIAL_MCTRL_GPIO SGI_PARTITION SIGNATURE SIGNED_PE_FILE_VERIFICATION SKB_DECRYPTED SLHC SLIP SLIP_COMPRESSED SLIP_MODE_SLIP6 SLIP_SMART SMARTJOYPLUS_FF SMBFS SMB_SERVER SMC SMC_DIAG SMSC_PHY SMS_SDIO_DRV SMS_SIANO_DEBUGFS SMS_SIANO_MDTV SMS_SIANO_RC SMS_USB_DRV SND SND_ALOOP SND_BCD2000 SND_CTL_FAST_LOOKUP SND_CTL_LED SND_DEBUG SND_DMA_SGBUF SND_DRIVERS SND_DUMMY SND_DYNAMIC_MINORS SND_HDA SND_HDA_CODEC_ANALOG SND_HDA_CODEC_CA0110 SND_HDA_CODEC_CA0132 SND_HDA_CODEC_CIRRUS SND_HDA_CODEC_CMEDIA SND_HDA_CODEC_CONEXANT SND_HDA_CODEC_HDMI SND_HDA_CODEC_REALTEK SND_HDA_CODEC_SI3054 SND_HDA_CODEC_SIGMATEL SND_HDA_CODEC_VIA SND_HDA_COMPONENT SND_HDA_CORE SND_HDA_GENERIC SND_HDA_GENERIC_LEDS SND_HDA_HWDEP SND_HDA_I915 SND_HDA_INPUT_BEEP SND_HDA_INTEL SND_HDA_PATCH_LOADER SND_HDA_RECONFIG SND_HDA_SCODEC_COMPONENT SND_HRTIMER SND_HWDEP SND_INTEL_DSP_CONFIG SND_INTEL_NHLT SND_INTEL_SOUNDWIRE_ACPI SND_JACK SND_JACK_INPUT_DEV SND_MIXER_OSS SND_OSSEMUL SND_PCI SND_PCM SND_PCMCIA SND_PCM_ELD SND_PCM_OSS SND_PCM_OSS_PLUGINS SND_PCM_TIMER SND_PCM_XRUN_DEBUG SND_PROC_FS SND_RAWMIDI SND_SEQUENCER SND_SEQUENCER_OSS SND_SEQ_DEVICE SND_SEQ_DUMMY SND_SEQ_HRTIMER_DEFAULT SND_SEQ_MIDI SND_SEQ_MIDI_EVENT SND_SEQ_VIRMIDI SND_SOC SND_SOC_I2C_AND_SPI SND_SOC_SDCA_OPTIONAL SND_SUPPORT_OLD_API SND_TIMER SND_UMP SND_UMP_LEGACY_RAWMIDI SND_USB SND_USB_6FIRE SND_USB_AUDIO SND_USB_AUDIO_MIDI_V2 SND_USB_AUDIO_USE_MEDIA_CONTROLLER SND_USB_CAIAQ SND_USB_CAIAQ_INPUT SND_USB_HIFACE SND_USB_LINE6 SND_USB_POD SND_USB_PODHD SND_USB_TONEPORT SND_USB_UA101 SND_USB_US122L SND_USB_USX2Y SND_USB_VARIAX SND_VERBOSE_PROCFS SND_VIRMIDI SND_VIRTIO SND_VMASTER SND_X86 SOCK_VALIDATE_XMIT SOLARIS_X86_PARTITION SONY_FF SOUND SOUNDWIRE SOUND_OSS_CORE SOUND_OSS_CORE_PRECLAIM SPARSEMEM_VMEMMAP_PREINIT SPI SPI_DLN2 SPI_DYNAMIC SPI_LJCA SPI_MASTER SQUASHFS SQUASHFS_4K_DEVBLK_SIZE SQUASHFS_COMPILE_DECOMP_MULTI SQUASHFS_DECOMP_MULTI SQUASHFS_FILE_DIRECT SQUASHFS_LZ4 SQUASHFS_LZO SQUASHFS_XATTR SQUASHFS_XZ SQUASHFS_ZLIB SQUASHFS_ZSTD SSB SSB_PCIHOST_POSSIBLE SSB_PCMCIAHOST_POSSIBLE SSB_SDIOHOST_POSSIBLE STEAM_FF STP STREAM_PARSER SUNRPC_BACKCHANNEL SUN_PARTITION SW_SYNC SYSFB SYSV68_PARTITION SYSV_FS TABLET_USB_ACECAD TABLET_USB_AIPTEK TABLET_USB_HANWANG TABLET_USB_KBTAB TABLET_USB_PEGASUS TAHVO_USB TAHVO_USB_HOST_BY_DEFAULT TCG_CRB TCG_TIS TCG_TIS_CORE TCG_TPM TCP_CONG_BBR TCP_CONG_BIC TCP_CONG_CDG TCP_CONG_DCTCP TCP_CONG_HSTCP TCP_CONG_HTCP TCP_CONG_HYBLA TCP_CONG_ILLINOIS TCP_CONG_LP TCP_CONG_NV TCP_CONG_SCALABLE TCP_CONG_VEGAS TCP_CONG_VENO TCP_CONG_WESTWOOD TCP_CONG_YEAH TEE TEXTSEARCH TEXTSEARCH_BM TEXTSEARCH_FSM TEXTSEARCH_KMP THP_SWAP THRUSTMASTER_FF TIPC TIPC_CRYPTO TIPC_DIAG TIPC_MEDIA_IB TIPC_MEDIA_UDP TLS TLS_DEVICE TLS_TOE TMPFS_QUOTA TOUCHSCREEN_SUR40 TOUCHSCREEN_USB_3M TOUCHSCREEN_USB_COMPOSITE TOUCHSCREEN_USB_DMC_TSC10 TOUCHSCREEN_USB_E2I TOUCHSCREEN_USB_EASYTOUCH TOUCHSCREEN_USB_EGALAX TOUCHSCREEN_USB_ELO TOUCHSCREEN_USB_ETT_TC45USB TOUCHSCREEN_USB_ETURBO TOUCHSCREEN_USB_GENERAL_TOUCH TOUCHSCREEN_USB_GOTOP TOUCHSCREEN_USB_GUNZE TOUCHSCREEN_USB_IDEALTEK TOUCHSCREEN_USB_IRTOUCH TOUCHSCREEN_USB_ITM TOUCHSCREEN_USB_JASTEC TOUCHSCREEN_USB_NEXIO TOUCHSCREEN_USB_PANJIT TOUCHSCREEN_USB_ZYTRONIC TRANSPARENT_HUGEPAGE TRANSPARENT_HUGEPAGE_MADVISE TRUSTED_KEYS TTPCI_EEPROM TTY_PRINTK TUN_VNET_CROSS_LE TWL4030_CORE TYPEC TYPEC_ANX7411 TYPEC_DP_ALTMODE TYPEC_FUSB302 TYPEC_HD3SS3220 TYPEC_MT6360 TYPEC_MUX_FSA4480 TYPEC_MUX_GPIO_SBU TYPEC_MUX_INTEL_PMC TYPEC_MUX_NB7VPQ904M TYPEC_MUX_PTN36502 TYPEC_MUX_WCD939X_USBSS TYPEC_NVIDIA_ALTMODE TYPEC_RT1711H TYPEC_RT1719 TYPEC_STUSB160X TYPEC_TCPCI TYPEC_TCPCI_MAXIM TYPEC_TCPCI_MT6370 TYPEC_TCPM TYPEC_TPS6598X TYPEC_UCSI TYPEC_WCOVE TYPEC_WUSB3801 UBIFS_ATIME_SUPPORT UBIFS_FS UBIFS_FS_ADVANCED_COMPR UBIFS_FS_LZO UBIFS_FS_SECURITY UBIFS_FS_XATTR UBIFS_FS_ZLIB UBIFS_FS_ZSTD UCSI_ACPI UCSI_CCG UCSI_STM32G0 UDF_FS UDMABUF UFS_FS UFS_FS_WRITE UHID ULTRIX_PARTITION UNICODE UNIXWARE_DISKLABEL UNIX_DIAG USB4 USB4_NET USBIP_CORE USBIP_HOST USBIP_VHCI_HCD USBIP_VUDC USBPCWATCHDOG USB_ACM USB_ADUTUX USB_AIRSPY USB_ALI_M5632 USB_AN2720 USB_APPLEDISPLAY USB_ARMLINUX USB_BDC_UDC USB_BELKIN USB_C67X00_HCD USB_CATC USB_CDC_PHONET USB_CDNS2_UDC USB_CDNS3 USB_CDNS3_GADGET USB_CDNS3_HOST USB_CDNS3_PCI_WRAP USB_CDNS_SUPPORT USB_DWC2 USB_GADGET USB_LJCA USB_MUSB_HDRC USB_NET_CDC_SUBSET USB_PHY USB_ROLE_SWITCH USB_STORAGE_REALTEK USB_ULPI_BUS USB_USBNET VIDEO_DEV VLAN_8021Q VXLAN WANT_COMPAT_NETLINK_MESSAGES WEXT_CORE WIRELESS WLAN WLAN_VENDOR_ATH WLAN_VENDOR_PURELIFI X86_X32_ABI ZONE_DEVICE] disabling configs for [BUG KASAN LOCKDEP ATOMIC_SLEEP HANG LEAK UBSAN], they are not needed picked [v6.13 v6.12 v6.11 v6.9 v6.7 v6.5 v6.3 v6.1 v5.18 v5.15 v5.12 v5.9 v5.6 v5.3 v5.0 v4.19] out of 36 release tags testing release v6.13 testing commit ffd294d346d185b70e28b1a28abe367bbfe53c04 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 3d847f2906ebcdb917105e5f7cebea8b602a7f0171775fb2a9a299792eb180d1 all runs: OK false negative chance: 0.000 # git bisect start df5d6180169ae06a2eac57e33b077ad6f6252440 ffd294d346d185b70e28b1a28abe367bbfe53c04 Bisecting: 6521 revisions left to test after this (roughly 13 steps) [4e517a6acdc40d61076ead4244b980c276af9b6e] Merge tag 'soc-new-6.14' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc testing commit 4e517a6acdc40d61076ead4244b980c276af9b6e gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: da1f38ec0d0993deeca83efa4fc705ce6ee981f743ebc15ca5acd6972dcb7a57 all runs: OK false negative chance: 0.000 # git bisect good 4e517a6acdc40d61076ead4244b980c276af9b6e Bisecting: 3249 revisions left to test after this (roughly 12 steps) [9f10e7fb6a06bce4f81de5fd0f2f0390f99e89e4] Merge tag 'phy-for-6.14' of git://git.kernel.org/pub/scm/linux/kernel/git/phy/linux-phy testing commit 9f10e7fb6a06bce4f81de5fd0f2f0390f99e89e4 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: f92adc285b4cf863ef7a4f6c04e9505e8dae1e18b8aa051be2711015d1256a74 all runs: OK false negative chance: 0.000 # git bisect good 9f10e7fb6a06bce4f81de5fd0f2f0390f99e89e4 Bisecting: 1583 revisions left to test after this (roughly 11 steps) [5b94630b88a35346f8f3ab8cf4e9b19aff867c5a] Merge branch 'fs-next' of linux-next testing commit 5b94630b88a35346f8f3ab8cf4e9b19aff867c5a gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 3da1906b991dc2b0c3f3a0e18b6d3510e7c1ec203101e71da15e09d9ada715dc all runs: OK false negative chance: 0.000 # git bisect good 5b94630b88a35346f8f3ab8cf4e9b19aff867c5a Bisecting: 758 revisions left to test after this (roughly 10 steps) [ecdf7eec84110a9590d182b1e9f06ca65af43992] Merge branch 'for-linux-next' of https://gitlab.freedesktop.org/drm/i915/kernel testing commit ecdf7eec84110a9590d182b1e9f06ca65af43992 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: ac2e2db7c0531d5cad0ef2c4789e507f17b9baafb209f187bddc523f241d6e67 run #0: crashed: BUG: unable to handle kernel NULL pointer dereference in h5_recv run #1: crashed: BUG: unable to handle kernel NULL pointer dereference in h5_recv run #2: crashed: BUG: unable to handle kernel NULL pointer dereference in h5_recv run #3: crashed: BUG: unable to handle kernel NULL pointer dereference in h5_recv run #4: crashed: BUG: unable to handle kernel NULL pointer dereference in h5_recv run #5: crashed: BUG: unable to handle kernel NULL pointer dereference in h5_recv run #6: crashed: BUG: unable to handle kernel NULL pointer dereference in h5_recv run #7: crashed: BUG: unable to handle kernel NULL pointer dereference in h5_recv run #8: OK run #9: OK representative crash: BUG: unable to handle kernel NULL pointer dereference in h5_recv, types: [UNKNOWN] # git bisect bad ecdf7eec84110a9590d182b1e9f06ca65af43992 Bisecting: 393 revisions left to test after this (roughly 9 steps) [52a2b80e4e5090f60ddf2becc5b3d01e80d64e9b] Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/ath/ath.git testing commit 52a2b80e4e5090f60ddf2becc5b3d01e80d64e9b gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 88280d5765a14b2a3839b899c4e2ce71fcf7d36e01f9a91b86618b31d3ce25eb run #0: crashed: BUG: unable to handle kernel NULL pointer dereference in h5_recv run #1: crashed: BUG: unable to handle kernel NULL pointer dereference in h5_recv run #2: crashed: BUG: unable to handle kernel NULL pointer dereference in h5_recv run #3: crashed: BUG: unable to handle kernel NULL pointer dereference in h5_recv run #4: crashed: BUG: unable to handle kernel NULL pointer dereference in h5_recv run #5: crashed: BUG: unable to handle kernel NULL pointer dereference in h5_recv run #6: crashed: BUG: unable to handle kernel NULL pointer dereference in h5_recv run #7: crashed: BUG: unable to handle kernel NULL pointer dereference in h5_recv run #8: crashed: BUG: unable to handle kernel NULL pointer dereference in h5_recv run #9: OK representative crash: BUG: unable to handle kernel NULL pointer dereference in h5_recv, types: [UNKNOWN] # git bisect bad 52a2b80e4e5090f60ddf2becc5b3d01e80d64e9b Bisecting: 240 revisions left to test after this (roughly 8 steps) [35919dc0212cef00e06eeed8bf1c0f3701723954] Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma.git testing commit 35919dc0212cef00e06eeed8bf1c0f3701723954 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: d35c0ab9c07adcb8211e1d7eda4e2aaadc83471de6b41fba021f73acf09d2a92 all runs: OK false negative chance: 0.000 # git bisect good 35919dc0212cef00e06eeed8bf1c0f3701723954 Bisecting: 120 revisions left to test after this (roughly 7 steps) [3e7efc3f4f03bca0ea630c302e7c79cf807476bb] net: devmem: don't call queue stop / start when the interface is down testing commit 3e7efc3f4f03bca0ea630c302e7c79cf807476bb gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 1e8ce9a4190d441608c9728eb02d8e662a7257b99b8687e795e94d570c1fa43f all runs: OK false negative chance: 0.000 # git bisect good 3e7efc3f4f03bca0ea630c302e7c79cf807476bb Bisecting: 60 revisions left to test after this (roughly 6 steps) [f5c90ff80b4c0326e5fd1feecafd88718075b1b7] wifi: ath12k: Add Support to Calculate and Display TPC Values testing commit f5c90ff80b4c0326e5fd1feecafd88718075b1b7 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 8a76c19cb27d5a7397344ed469b494bb3f1febd72a78f28cb5f81ecca849e44d all runs: OK false negative chance: 0.000 # git bisect good f5c90ff80b4c0326e5fd1feecafd88718075b1b7 Bisecting: 32 revisions left to test after this (roughly 5 steps) [ea145d530a2db80ff41622af16757f909a435dc9] bpf: define KF_ARENA_* flags for bpf_arena kfuncs testing commit ea145d530a2db80ff41622af16757f909a435dc9 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 2cfc272036eac3a752204e9992afd7a78de8a382861795b68f5583ec1479c263 all runs: OK false negative chance: 0.000 # git bisect good ea145d530a2db80ff41622af16757f909a435dc9 Bisecting: 16 revisions left to test after this (roughly 4 steps) [c411c62cc13319533b1861e00cedc4883c3bc1bb] Bluetooth: hci_uart: fix race during initialization testing commit c411c62cc13319533b1861e00cedc4883c3bc1bb gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: a6302f26b850b955f6d5440b816ac271d0efcb5a6ca21458917e10aa5a889cfa run #0: crashed: BUG: unable to handle kernel NULL pointer dereference in h5_recv run #1: crashed: BUG: unable to handle kernel NULL pointer dereference in h5_recv run #2: crashed: BUG: unable to handle kernel NULL pointer dereference in h5_recv run #3: crashed: BUG: unable to handle kernel NULL pointer dereference in h5_recv run #4: crashed: BUG: unable to handle kernel NULL pointer dereference in h5_recv run #5: crashed: BUG: unable to handle kernel NULL pointer dereference in h5_recv run #6: crashed: BUG: unable to handle kernel NULL pointer dereference in h5_recv run #7: crashed: BUG: unable to handle kernel NULL pointer dereference in h5_recv run #8: crashed: BUG: unable to handle kernel NULL pointer dereference in h5_recv run #9: OK representative crash: BUG: unable to handle kernel NULL pointer dereference in h5_recv, types: [UNKNOWN] # git bisect bad c411c62cc13319533b1861e00cedc4883c3bc1bb Bisecting: 7 revisions left to test after this (roughly 3 steps) [6ab54a7171894394fa07f28f835d714967b39797] Bluetooth: L2CAP: Fix slab-use-after-free Read in l2cap_send_cmd testing commit 6ab54a7171894394fa07f28f835d714967b39797 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 572c71dbbff9316b2f26767a848b94aaa2aa13282359f381e911e5d5831bae54 all runs: OK false negative chance: 0.000 # git bisect good 6ab54a7171894394fa07f28f835d714967b39797 Bisecting: 3 revisions left to test after this (roughly 2 steps) [55b8d4c01dde95f9c2d1f560094e279b78e105d7] Bluetooth: MGMT: Remove unused mgmt_*_discovery_complete testing commit 55b8d4c01dde95f9c2d1f560094e279b78e105d7 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: a98bdee35fdf3484edc69ae9ac6e00d35381a34c15be4b1a6d19b6ab902a59d1 all runs: OK false negative chance: 0.000 # git bisect good 55b8d4c01dde95f9c2d1f560094e279b78e105d7 Bisecting: 1 revision left to test after this (roughly 1 step) [56cec66d6163705621dd797e227de7151bd22a6b] Bluetooth: L2CAP: accept zero as a special value for MTU auto-selection testing commit 56cec66d6163705621dd797e227de7151bd22a6b gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 4cee964ff3e4f63630858bdd8533342aefea1ffc80679a4e59abd5d51c28ec09 all runs: OK false negative chance: 0.000 # git bisect good 56cec66d6163705621dd797e227de7151bd22a6b Bisecting: 0 revisions left to test after this (roughly 0 steps) [e3d78d54bed506d7bc38f7d069631be0d9d0fea0] Bluetooth: btintel: Add DSBR support for ScP testing commit e3d78d54bed506d7bc38f7d069631be0d9d0fea0 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 4529c1b6beec27828ae97b8ad858deaae895501be2ce6c7a5132e5c139b7ce78 all runs: OK false negative chance: 0.000 # git bisect good e3d78d54bed506d7bc38f7d069631be0d9d0fea0 c411c62cc13319533b1861e00cedc4883c3bc1bb is the first bad commit commit c411c62cc13319533b1861e00cedc4883c3bc1bb Author: Arseniy Krasnov Date: Thu Jan 30 21:43:26 2025 +0300 Bluetooth: hci_uart: fix race during initialization 'hci_register_dev()' calls power up function, which is executed by kworker - 'hci_power_on()'. This function does access to bluetooth chip using callbacks from 'hci_ldisc.c', for example 'hci_uart_send_frame()'. Now 'hci_uart_send_frame()' checks 'HCI_UART_PROTO_READY' bit set, and if not - it fails. Problem is that 'HCI_UART_PROTO_READY' is set after 'hci_register_dev()', and there is tiny chance that 'hci_power_on()' will be executed before setting this bit. In that case HCI init logic fails. Patch moves setting of 'HCI_UART_PROTO_READY' before calling function 'hci_uart_register_dev()'. Signed-off-by: Arseniy Krasnov Signed-off-by: Luiz Augusto von Dentz drivers/bluetooth/hci_ldisc.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) accumulated error probability: 0.00 culprit signature: a6302f26b850b955f6d5440b816ac271d0efcb5a6ca21458917e10aa5a889cfa parent signature: 4529c1b6beec27828ae97b8ad858deaae895501be2ce6c7a5132e5c139b7ce78 revisions tested: 22, total time: 10h16m26.546530762s (build: 5h27m48.842210406s, test: 3h58m13.142180447s) first bad commit: c411c62cc13319533b1861e00cedc4883c3bc1bb Bluetooth: hci_uart: fix race during initialization recipients (to): ["avkrasnov@salutedevices.com" "linux-bluetooth@vger.kernel.org" "luiz.dentz@gmail.com" "luiz.von.dentz@intel.com" "marcel@holtmann.org"] recipients (cc): ["linux-kernel@vger.kernel.org"] crash: BUG: unable to handle kernel NULL pointer dereference in h5_recv BUG: kernel NULL pointer dereference, address: 00000000000002f8 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 800000011570f067 P4D 800000011570f067 PUD 0 Oops: Oops: 0000 [#1] PREEMPT SMP PTI CPU: 0 UID: 0 PID: 6116 Comm: syz.4.221 Not tainted 6.13.0-rc6-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 RIP: 0010:h5_recv+0x6a/0x270 drivers/bluetooth/hci_h5.c:572 Code: be 01 00 00 00 e8 e6 6c 37 00 0f b6 0b 88 08 48 ff 8d f8 02 00 00 0f 1f 44 00 00 49 ff c7 41 ff cc 45 85 e4 0f 8e ba 01 00 00 <48> 83 bd f8 02 00 00 00 74 25 41 0f b6 37 81 fe c0 00 00 00 75 40 RSP: 0018:ffffc9000555be00 EFLAGS: 00010202 RAX: ffffffff838ad110 RBX: ffff88810d433600 RCX: 0000000000000001 RDX: 0000000000000001 RSI: ffffc9000555be87 RDI: ffff88810d433600 RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: ffffffff827bebb0 R12: 0000000000000001 R13: ffffc9000555be07 R14: ffff88810d433600 R15: ffffc9000555be87 FS: 00007fdd265d96c0(0000) GS:ffff88813ba00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00000000000002f8 CR3: 0000000106ff2000 CR4: 00000000003506f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: hci_uart_tty_receive+0x13a/0x200 drivers/bluetooth/hci_ldisc.c:622 tiocsti+0xc5/0x110 drivers/tty/tty_io.c:2299 tty_ioctl+0x4f5/0x660 drivers/tty/tty_io.c:2717 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:906 [inline] __se_sys_ioctl+0x68/0xb0 fs/ioctl.c:892 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0x8d/0x190 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7fdd2578cde9 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007fdd265d9038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 00007fdd259a6160 RCX: 00007fdd2578cde9 RDX: 0000400000000040 RSI: 0000000000005412 RDI: 0000000000000006 RBP: 00007fdd2580e2a0 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 0000000000000000 R14: 00007fdd259a6160 R15: 00007ffd4e425938 Modules linked in: CR2: 00000000000002f8 ---[ end trace 0000000000000000 ]--- RIP: 0010:h5_recv+0x6a/0x270 drivers/bluetooth/hci_h5.c:572 Code: be 01 00 00 00 e8 e6 6c 37 00 0f b6 0b 88 08 48 ff 8d f8 02 00 00 0f 1f 44 00 00 49 ff c7 41 ff cc 45 85 e4 0f 8e ba 01 00 00 <48> 83 bd f8 02 00 00 00 74 25 41 0f b6 37 81 fe c0 00 00 00 75 40 RSP: 0018:ffffc9000555be00 EFLAGS: 00010202 RAX: ffffffff838ad110 RBX: ffff88810d433600 RCX: 0000000000000001 RDX: 0000000000000001 RSI: ffffc9000555be87 RDI: ffff88810d433600 RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: ffffffff827bebb0 R12: 0000000000000001 R13: ffffc9000555be07 R14: ffff88810d433600 R15: ffffc9000555be87 FS: 00007fdd265d96c0(0000) GS:ffff88813ba00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00000000000002f8 CR3: 0000000106ff2000 CR4: 00000000003506f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 ---------------- Code disassembly (best guess): 0: be 01 00 00 00 mov $0x1,%esi 5: e8 e6 6c 37 00 call 0x376cf0 a: 0f b6 0b movzbl (%rbx),%ecx d: 88 08 mov %cl,(%rax) f: 48 ff 8d f8 02 00 00 decq 0x2f8(%rbp) 16: 0f 1f 44 00 00 nopl 0x0(%rax,%rax,1) 1b: 49 ff c7 inc %r15 1e: 41 ff cc dec %r12d 21: 45 85 e4 test %r12d,%r12d 24: 0f 8e ba 01 00 00 jle 0x1e4 * 2a: 48 83 bd f8 02 00 00 cmpq $0x0,0x2f8(%rbp) <-- trapping instruction 31: 00 32: 74 25 je 0x59 34: 41 0f b6 37 movzbl (%r15),%esi 38: 81 fe c0 00 00 00 cmp $0xc0,%esi 3e: 75 40 jne 0x80