ci starts bisection 2024-11-03 01:32:19.268757048 +0000 UTC m=+128546.634045787 bisecting cause commit starting from f9f24ca362a4d84dd8aeb4b8f3ec28cb6c43dd06 building syzkaller on fb888278a6b21eda7fa63551c83fd17b90305ba1 fetch other tags and check if the commit is present ensuring issue is reproducible on original commit f9f24ca362a4d84dd8aeb4b8f3ec28cb6c43dd06 testing commit f9f24ca362a4d84dd8aeb4b8f3ec28cb6c43dd06 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: fb7769c91fc8e496705042f31528743c5535c038046776df7844adb9b8ed62fd all runs: crashed: general protection fault in io_sqe_buffer_register representative crash: general protection fault in io_sqe_buffer_register, types: [UNKNOWN] check whether we can drop unnecessary instrumentation disabling configs for [HANG LEAK UBSAN BUG KASAN LOCKDEP ATOMIC_SLEEP], they are not needed testing commit f9f24ca362a4d84dd8aeb4b8f3ec28cb6c43dd06 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: a2305ee13e6ee204687e994c749bf420dac2b57b1485f98d322837fdf5e3772d all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in io_sqe_buffer_register representative crash: BUG: unable to handle kernel NULL pointer dereference in io_sqe_buffer_register, types: [UNKNOWN] the bug reproduces without the instrumentation disabling configs for [KASAN LOCKDEP ATOMIC_SLEEP HANG LEAK UBSAN BUG], they are not needed kconfig minimization: base=4045 full=8229 leaves diff=2118 split chunks (needed=false): <2118> split chunk #0 of len 2118 into 5 parts testing without sub-chunk 1/5 disabling configs for [UBSAN BUG KASAN LOCKDEP ATOMIC_SLEEP HANG LEAK], they are not needed testing commit f9f24ca362a4d84dd8aeb4b8f3ec28cb6c43dd06 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: aa2b1cbb041a0dacd30cb5d762b38602ca617b6c1cb18f9cc550bf7bb3ad2dcf all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in io_sqe_buffer_register representative crash: BUG: unable to handle kernel NULL pointer dereference in io_sqe_buffer_register, types: [UNKNOWN] the chunk can be dropped testing without sub-chunk 2/5 disabling configs for [LOCKDEP ATOMIC_SLEEP HANG LEAK UBSAN BUG KASAN], they are not needed testing commit f9f24ca362a4d84dd8aeb4b8f3ec28cb6c43dd06 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 failed building f9f24ca362a4d84dd8aeb4b8f3ec28cb6c43dd06: drivers/gpu/drm/bridge/aux-bridge.c:116: undefined reference to `devm_drm_of_get_bridge' testing without sub-chunk 3/5 disabling configs for [KASAN LOCKDEP ATOMIC_SLEEP HANG LEAK UBSAN BUG], they are not needed testing commit f9f24ca362a4d84dd8aeb4b8f3ec28cb6c43dd06 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: d4f4c660b17fa0481780499ec4c5776f80231b8c223329f9289359ffb146e7a1 all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in io_sqe_buffer_register representative crash: BUG: unable to handle kernel NULL pointer dereference in io_sqe_buffer_register, types: [UNKNOWN] the chunk can be dropped testing without sub-chunk 4/5 disabling configs for [HANG LEAK UBSAN BUG KASAN LOCKDEP ATOMIC_SLEEP], they are not needed testing commit f9f24ca362a4d84dd8aeb4b8f3ec28cb6c43dd06 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: bc8c7ffbb83f24190fe0660d5c142dd08ba19417805f09492d2a1bf6aa119b16 all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in io_sqe_buffer_register representative crash: BUG: unable to handle kernel NULL pointer dereference in io_sqe_buffer_register, types: [UNKNOWN] the chunk can be dropped testing without sub-chunk 5/5 disabling configs for [UBSAN BUG KASAN LOCKDEP ATOMIC_SLEEP HANG LEAK], they are not needed testing commit f9f24ca362a4d84dd8aeb4b8f3ec28cb6c43dd06 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: feebea9d7380c26b433e3d8927dce57a6bb90e57976fcb0fa9d7f551d582f196 all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in io_sqe_buffer_register representative crash: BUG: unable to handle kernel NULL pointer dereference in io_sqe_buffer_register, types: [UNKNOWN] the chunk can be dropped minimized to 424 configs; suspects: [6LOWPAN ARCH_ENABLE_MEMORY_HOTREMOVE ASUS_WMI CHARGER_BQ24190 CMA COMMON_CLK DAX DLM DRM DRM_BRIDGE DRM_PANEL DRM_PANEL_BRIDGE DRM_PANEL_EDP DRM_PANEL_ORIENTATION_QUIRKS DRM_SIMPLEDRM DRM_TTM DRM_TTM_HELPER DRM_UDL DRM_VGEM DRM_VIRTIO_GPU DRM_VIRTIO_GPU_KMS DRM_VKMS DRM_VMWGFX DUMMY DVB_AF9013 DVB_AF9033 DVB_AS102 DVB_AS102_FE DVB_B2C2_FLEXCOP DVB_B2C2_FLEXCOP_USB DVB_CORE DVB_DIB3000MB DVB_DIB3000MC DVB_EC100 DVB_GP8PSK_FE DVB_RTL2830 DVB_RTL2832 DVB_RTL2832_SDR DVB_TEST_DRIVERS DVB_TTUSB_BUDGET DVB_TTUSB_DEC DVB_USB DVB_USB_A800 DVB_USB_AF9005 DVB_USB_AF9005_REMOTE DVB_USB_AF9015 DVB_USB_AF9035 DVB_USB_ANYSEE DVB_USB_AU6610 DVB_USB_AZ6007 DVB_USB_AZ6027 DVB_USB_CE6230 DVB_USB_CINERGY_T2 DVB_USB_CXUSB DVB_USB_CXUSB_ANALOG DVB_USB_DIB0700 DVB_USB_DIB3000MC DVB_USB_DIBUSB_MB DVB_USB_DIBUSB_MC DVB_USB_DIGITV DVB_USB_DTT200U DVB_USB_DTV5100 DVB_USB_DVBSKY DVB_USB_DW2102 DVB_USB_EC168 DVB_USB_GL861 DVB_USB_GP8PSK DVB_USB_LME2510 DVB_USB_M920X DVB_USB_MXL111SF DVB_USB_NOVA_T_USB2 DVB_USB_OPERA1 DVB_USB_PCTV452E DVB_USB_RTL28XXU DVB_USB_TECHNISAT_USB2 DVB_USB_TTUSB2 DVB_USB_UMT_010 DVB_USB_V2 DVB_USB_VP702X DVB_USB_VP7045 DVB_USB_ZD1301 DVB_VIDTV DVB_ZL10353 ECRYPT_FS ECRYPT_FS_MESSAGING EDAC EEPROM_93CX6 EFS_FS ENCRYPTED_KEYS EQUALIZER EROFS_FS EROFS_FS_BACKED_BY_FILE EROFS_FS_POSIX_ACL EROFS_FS_SECURITY EROFS_FS_XATTR EROFS_FS_ZIP EVM EVM_ADD_XATTRS EVM_ATTR_FSUUID EXFAT_FS EXPORTFS_BLOCK_OPS EXT3_FS EXT3_FS_POSIX_ACL EXT3_FS_SECURITY EXTCON EXTCON_INTEL_CHT_WC EXTCON_PTN5150 EXTCON_USBC_TUSB320 F2FS_CHECK_FS F2FS_FAULT_INJECTION F2FS_FS F2FS_FS_COMPRESSION F2FS_FS_LZ4 F2FS_FS_LZ4HC F2FS_FS_LZO F2FS_FS_LZORLE F2FS_FS_POSIX_ACL F2FS_FS_SECURITY F2FS_FS_XATTR F2FS_FS_ZSTD F2FS_STAT_FS FANOTIFY FANOTIFY_ACCESS_PERMISSIONS FB FB_CFB_COPYAREA FB_CFB_FILLRECT FB_CFB_IMAGEBLIT FB_CORE FB_DEFERRED_IO FB_DEVICE FB_IOMEM_FOPS FB_IOMEM_HELPERS FB_NOTIFY FB_SYSMEM_FOPS FB_SYSMEM_HELPERS FB_SYSMEM_HELPERS_DEFERRED FB_SYS_COPYAREA FB_SYS_FILLRECT FB_SYS_IMAGEBLIT FB_TILEBLITTING FB_VESA FB_VGA16 FB_VIRTUAL FDDI FIREWIRE FIREWIRE_NET FIREWIRE_OHCI FIREWIRE_SBP2 FONT_8x16 FONT_8x8 FONT_SUPPORT FRAMEBUFFER_CONSOLE FRAMEBUFFER_CONSOLE_DETECT_PRIMARY FRAMEBUFFER_CONSOLE_ROTATION FS_DAX FS_DAX_PMD FS_ENCRYPTION FS_ENCRYPTION_ALGS FS_STACK FS_VERITY FS_VERITY_BUILTIN_SIGNATURES FTL FUSE_DAX FUSE_FS FW_LOADER_COMPRESS FW_LOADER_PAGED_BUF FW_LOADER_SYSFS FW_LOADER_USER_HELPER FW_LOADER_USER_HELPER_FALLBACK GACT_PROB GARP GENERIC_PHY GET_FREE_REGION GFS2_FS GFS2_FS_LOCKING_DLM GNSS GNSS_USB GOOGLE_COREBOOT_TABLE GOOGLE_FIRMWARE GOOGLE_MEMCONSOLE GOOGLE_MEMCONSOLE_COREBOOT GOOGLE_VPD GPIOLIB GPIOLIB_IRQCHIP GPIO_ACPI GPIO_DLN2 GPIO_LJCA GPIO_VIPERBOARD GREENASIA_FF GREYBUS GREYBUS_BRIDGED_PHY GREYBUS_ES2 GREYBUS_HID GREYBUS_USB GROUP_SCHED_WEIGHT GTP GUEST_PERF_EVENTS GVE HAVE_ARCH_NODE_DEV_GROUP HAVE_ARCH_USERFAULTFD_MINOR HAVE_ARCH_USERFAULTFD_WP HAVE_BOOTMEM_INFO_NODE HAVE_CLK_PREPARE HAVE_KVM_CPU_RELAX_INTERCEPT HAVE_KVM_DIRTY_RING HAVE_KVM_DIRTY_RING_ACQ_REL HAVE_KVM_DIRTY_RING_TSO HAVE_KVM_IRQCHIP HAVE_KVM_IRQ_BYPASS HAVE_KVM_IRQ_ROUTING HAVE_KVM_MSI HAVE_KVM_NO_POLL HAVE_KVM_PFNCACHE HAVE_KVM_PM_NOTIFIER HAVE_KVM_READONLY_MEM HAVE_SCHED_AVG_IRQ HDLC HDLC_CISCO HDLC_FR HDLC_PPP HDLC_RAW HDLC_RAW_ETH HDLC_X25 HDMI HFSPLUS_FS HFS_FS HID_ACCUTOUCH HID_ACRUX HID_ACRUX_FF HID_ALPS HID_APPLEIR HID_ASUS HID_AUREAL HID_BATTERY_STRENGTH HID_BETOP_FF HID_BIGBEN_FF HID_CMEDIA HID_CORSAIR HID_COUGAR HID_CP2112 HID_CREATIVE_SB0540 HID_ELAN HID_ELECOM HID_ELO HID_EMS_FF HID_EVISION HID_FT260 HID_GEMBIRD HID_GFRM HID_GLORIOUS HID_GOOGLE_STADIA_FF HID_GREENASIA HID_GT683R HID_HOLTEK HID_ICADE HID_JABRA HID_KEYTOUCH HID_KYE HID_LCPOWER HID_LED HID_LENOVO HID_LETSKETCH HID_LOGITECH_DJ HID_LOGITECH_HIDPP HID_MACALLY HID_MAGICMOUSE HID_MALTRON HID_MAYFLASH HID_MCP2200 HID_MCP2221 HID_MEGAWORLD_FF HID_MULTITOUCH HID_NTI HID_ORTEK HID_PENMOUNT HID_PICOLCD HID_PICOLCD_BACKLIGHT HID_PICOLCD_CIR HID_PICOLCD_FB HID_PICOLCD_LCD HID_PICOLCD_LEDS HID_PLANTRONICS HID_PRIMAX HID_PRODIKEYS HID_PXRC HID_RAZER HID_RETRODE HID_RMI HID_ROCCAT HID_SAITEK HID_SEMITEK HID_SENSOR_ACCEL_3D HID_SENSOR_ALS HID_SENSOR_CUSTOM_INTEL_HINGE HID_SENSOR_CUSTOM_SENSOR HID_SENSOR_DEVICE_ROTATION HID_SENSOR_GYRO_3D HID_SENSOR_HUB HID_SENSOR_HUMIDITY HID_SENSOR_IIO_COMMON HID_SENSOR_IIO_TRIGGER HID_SENSOR_INCLINOMETER_3D HID_SENSOR_MAGNETOMETER_3D HID_SENSOR_PRESS HID_SENSOR_PROX HID_SENSOR_TEMP HID_SIGMAMICRO HID_SPEEDLINK HID_STEELSERIES HID_THINGM HID_TIVO HID_TOPRE HID_TWINHAN HID_U2FZERO HID_UCLOGIC HID_UDRAW_PS3 HID_VIEWSONIC HID_VIVALDI HID_VIVALDI_COMMON HID_VRC2 HID_WACOM HID_WALTOP HID_WIIMOTE HID_XIAOMI HID_XINMO HID_ZYDACRON HMM_MIRROR HOLTEK_FF HOTPLUG_PCI_PCIE HPET_MMAP HPET_MMAP_DEFAULT HPFS_FS I2C_ALGOBIT I2C_CHARDEV I2C_CP2615 I2C_DESIGNWARE_CORE I2C_DESIGNWARE_PLATFORM I2C_DIOLAN_U2C I2C_DLN2 I2C_HID_ACPI I2C_HID_CORE I2C_HID_OF I2C_LJCA I2C_MUX I2C_MUX_REG I2C_ROBOTFUZZ_OSIF I2C_SI4713 I2C_SLAVE I2C_SLAVE_EEPROM I2C_TINY_USB I2C_VIPERBOARD IEEE802154 IEEE802154_6LOWPAN IEEE802154_ATUSB IEEE802154_DRIVERS IEEE802154_HWSIM IEEE802154_NL802154_EXPERIMENTAL IEEE802154_SOCKET IFB IIO IIO_BUFFER IIO_KFIFO_BUF IIO_TRIGGER IIO_TRIGGERED_BUFFER IKCONFIG IKCONFIG_PROC IMA IMA_APPRAISE IMA_APPRAISE_MODSIG IMA_DEFAULT_HASH_SHA256 IMA_LSM_RULES IMA_MEASURE_ASYMMETRIC_KEYS IMA_NG_TEMPLATE IMA_QUEUE_EARLY_BOOT_KEYS IMA_READ_POLICY IMA_WRITE_POLICY INET6_ESPINTCP INET6_ESP_OFFLOAD INET6_IPCOMP INET6_TUNNEL INET6_XFRM_TUNNEL INET_AH INET_DCCP_DIAG INET_DIAG INET_DIAG_DESTROY INET_ESP INET_ESPINTCP INET_ESP_OFFLOAD INET_IPCOMP INET_MPTCP_DIAG INET_RAW_DIAG INET_SCTP_DIAG INET_TCP_DIAG INET_UDP_DIAG INET_XFRM_TUNNEL INFINIBAND INFINIBAND_ADDR_TRANS INFINIBAND_ADDR_TRANS_CONFIGFS INFINIBAND_IPOIB INFINIBAND_IPOIB_CM INFINIBAND_IPOIB_DEBUG INFINIBAND_ISER INFINIBAND_ON_DEMAND_PAGING INFINIBAND_RTRS INFINIBAND_SRP INFINIBAND_USER_ACCESS INFINIBAND_USER_MAD INFINIBAND_USER_MEM INPUT_ATI_REMOTE2 INPUT_CM109 INPUT_IMS_PCU INPUT_JOYDEV INPUT_KEYSPAN_REMOTE INPUT_LEDS INPUT_MOUSEDEV INPUT_MOUSEDEV_PSAUX INPUT_POWERMATE INPUT_UINPUT INPUT_YEALINK INTEGRITY INTEGRITY_ASYMMETRIC_KEYS INTEGRITY_AUDIT INTEGRITY_SIGNATURE INTEGRITY_TRUSTED_KEYRING INTEL_CHTWC_INT33FE INTEL_IDMA64 INTEL_IOATDMA INTEL_IOMMU_DEFAULT_ON INTEL_IOMMU_SVM INTEL_ISHTP_ECLITE INTEL_ISH_FIRMWARE_DOWNLOADER INTEL_ISH_HID INTEL_SOC_PMIC_CHTWC INTERVAL_TREE_SPAN_ITER IOMMUFD IOMMUFD_DRIVER IOMMUFD_TEST IP6_NF_MATCH_AH IP6_NF_MATCH_EUI64 IP6_NF_MATCH_FRAG IP6_NF_MATCH_HL IP6_NF_MATCH_MH IP6_NF_MATCH_OPTS IP6_NF_MATCH_RPFILTER IP6_NF_MATCH_RT IP6_NF_MATCH_SRH IP6_NF_NAT IP6_NF_RAW IP6_NF_SECURITY IP6_NF_TARGET_HL IP6_NF_TARGET_MASQUERADE IP6_NF_TARGET_NPT IP6_NF_TARGET_SYNPROXY IPV6_FOU IPV6_FOU_TUNNEL IPV6_GRE IPV6_ILA IPV6_MIP6 IPV6_MROUTE IPV6_MROUTE_MULTIPLE_TABLES IPV6_MULTIPLE_TABLES IPV6_OPTIMISTIC_DAD IPV6_PIMSM_V2 IPV6_ROUTER_PREF IPV6_ROUTE_INFO IPV6_RPL_LWTUNNEL IPV6_SEG6_BPF IPV6_SEG6_HMAC IPV6_SEG6_LWTUNNEL IPV6_SIT_6RD IPV6_SUBTREES IPV6_TUNNEL IPV6_VTI IPVLAN IPVLAN_L3S IPVTAP IP_DCCP IP_DCCP_CCID3 IP_DCCP_TFRC_LIB IP_FIB_TRIE_STATS IP_MROUTE_MULTIPLE_TABLES IP_NF_ARPFILTER IP_NF_ARPTABLES IP_NF_ARP_MANGLE IP_NF_MATCH_AH IP_NF_MATCH_ECN IP_NF_MATCH_RPFILTER IP_NF_MATCH_TTL IP_NF_RAW IP_NF_SECURITY IP_NF_TARGET_ECN IP_NF_TARGET_NETMAP IP_NF_TARGET_REDIRECT IP_NF_TARGET_SYNPROXY IP_NF_TARGET_TTL IP_ROUTE_CLASSID IP_SCTP IP_SET IP_SET_BITMAP_IP IP_SET_BITMAP_IPMAC IP_SET_BITMAP_PORT IP_SET_HASH_IP IP_SET_HASH_IPMAC IP_SET_HASH_IPMARK IP_SET_HASH_IPPORT IP_SET_HASH_IPPORTIP IP_SET_HASH_IPPORTNET IP_SET_HASH_MAC IP_SET_HASH_NET IP_SET_HASH_NETIFACE IP_SET_HASH_NETNET IP_SET_HASH_NETPORT IP_SET_HASH_NETPORTNET IP_SET_LIST_SET IP_VS IP_VS_DH IP_VS_FO IP_VS_FTP IP_VS_IPV6 IP_VS_LBLC IP_VS_LBLCR IP_VS_PROTO_TCP IRQ_TIME_ACCOUNTING LAPB LCD_CLASS_DEVICE MAC802154 MEDIA_DIGITAL_TV_SUPPORT MEDIA_RADIO_SUPPORT MEDIA_SDR_SUPPORT MEDIA_SUPPORT MEDIA_TEST_SUPPORT MEDIA_USB_SUPPORT MEMORY_HOTPLUG MEMORY_HOTREMOVE MFD_DLN2 MFD_VIPERBOARD MPTCP MTD NETFILTER_ADVANCED NET_ACT_GACT NET_ACT_MIRRED NET_IPGRE_DEMUX NFT_COMPAT NFT_COMPAT_ARP NFT_FWD_NETDEV NF_TABLES NF_TABLES_ARP NF_TABLES_NETDEV RADIO_ADAPTERS RADIO_SI4713 RAS RC_CORE REGULATOR RFKILL SND SOUND STAGING TRANSPARENT_HUGEPAGE TYPEC TYPEC_MUX_PI3USB30532 USB_LJCA USB_ROLES_INTEL_XHCI USB_ROLE_SWITCH VIDEO_DEV VIRTIO_FS WAN ZONE_DEVICE] disabling configs for [KASAN LOCKDEP ATOMIC_SLEEP HANG LEAK UBSAN BUG], they are not needed picked [v6.11 v6.10 v6.9 v6.7 v6.5 v6.3 v6.1 v5.19 v5.16 v5.13 v5.10 v5.7 v5.4 v5.1 v4.19] out of 34 release tags testing release v6.11 testing commit 98f7e32f20d28ec452afb208f9cffc08448a2652 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 5b08198e0f464364c741f49f2a0e78ebd3e551c7d852db1b1ac5b2929326b0cb all runs: OK false negative chance: 0.000 # git bisect start f9f24ca362a4d84dd8aeb4b8f3ec28cb6c43dd06 98f7e32f20d28ec452afb208f9cffc08448a2652 Bisecting: 11011 revisions left to test after this (roughly 14 steps) [b707512b8b07396f8982103a84285a165a1bd94c] Merge tag 'staging-6.12-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging testing commit b707512b8b07396f8982103a84285a165a1bd94c gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: e6399aa2cb9ee393b0035003faceaf16b67fd0b2dc7d0a2d9ffc6045aa3df186 all runs: OK false negative chance: 0.000 # git bisect good b707512b8b07396f8982103a84285a165a1bd94c Bisecting: 5479 revisions left to test after this (roughly 13 steps) [71462022ce763028ca02a9a27d25aedd821a0c3a] Merge branch 'next' of git://git.linuxtv.org/media testing commit 71462022ce763028ca02a9a27d25aedd821a0c3a gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: df1e6ad4ba489d338b04d34673eba044a9e9cf989c368632066d7ecd4c36cd12 all runs: OK false negative chance: 0.000 # git bisect good 71462022ce763028ca02a9a27d25aedd821a0c3a Bisecting: 2720 revisions left to test after this (roughly 12 steps) [825950559de24f4a0c0d20a64cfdc5b7e70a1349] Merge branch 'drm-xe-next' of https://gitlab.freedesktop.org/drm/xe/kernel testing commit 825950559de24f4a0c0d20a64cfdc5b7e70a1349 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 997f78f32056a0e45b2c2d1edec59465ef1a8f95f749a27410c4118c1d9d5454 all runs: OK false negative chance: 0.000 # git bisect good 825950559de24f4a0c0d20a64cfdc5b7e70a1349 Bisecting: 1369 revisions left to test after this (roughly 10 steps) [0642c2d4265befb33be5276a9aa06df74041dec8] Merge branch 'next' of git://git.kernel.org/pub/scm/virt/kvm/kvm.git testing commit 0642c2d4265befb33be5276a9aa06df74041dec8 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 33c7f33b509718ab9037f1c98952e41c8fce3c194b3a9bcea2714ca7e44a4186 all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in io_sqe_buffer_register representative crash: BUG: unable to handle kernel NULL pointer dereference in io_sqe_buffer_register, types: [UNKNOWN] # git bisect bad 0642c2d4265befb33be5276a9aa06df74041dec8 Bisecting: 677 revisions left to test after this (roughly 9 steps) [85b6d544fae369c35478466b6ad47953a77ff42b] Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regulator.git testing commit 85b6d544fae369c35478466b6ad47953a77ff42b gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 0bd8588d59abe1c2d396a430628cc8ed0a77682e9d233bdbcce0213e001d4d79 all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in io_sqe_buffer_register representative crash: BUG: unable to handle kernel NULL pointer dereference in io_sqe_buffer_register, types: [UNKNOWN] # git bisect bad 85b6d544fae369c35478466b6ad47953a77ff42b Bisecting: 320 revisions left to test after this (roughly 8 steps) [0bdf5b4ffba59885261082888ceda1b76841e507] Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input.git testing commit 0bdf5b4ffba59885261082888ceda1b76841e507 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 55f304435a3543e75835731e72687ab7dcdfd2d54286b64d878e7c1e7b111694 all runs: OK false negative chance: 0.000 # git bisect good 0bdf5b4ffba59885261082888ceda1b76841e507 Bisecting: 125 revisions left to test after this (roughly 7 steps) [210d8204d769f4583bc3bfc6f9c2bb09553e5b87] Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmc.git testing commit 210d8204d769f4583bc3bfc6f9c2bb09553e5b87 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: da9fa854ddcd080a6b621d37f011d54857583318fe5c59815a19e54c1013e074 all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in io_sqe_buffer_register representative crash: BUG: unable to handle kernel NULL pointer dereference in io_sqe_buffer_register, types: [UNKNOWN] # git bisect bad 210d8204d769f4583bc3bfc6f9c2bb09553e5b87 Bisecting: 96 revisions left to test after this (roughly 7 steps) [400617d2effb70c15e3e8d59ec9b6814bfc86e3e] Merge branch 'for-6.13/block' into for-next testing commit 400617d2effb70c15e3e8d59ec9b6814bfc86e3e gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 05492dcbbb94aabffa4503646eb8e6a2680f1da79c13770aaf80ba85c6a23e89 all runs: OK false negative chance: 0.000 # git bisect good 400617d2effb70c15e3e8d59ec9b6814bfc86e3e Bisecting: 48 revisions left to test after this (roughly 6 steps) [9cbb2358bb1f17b61bf75cbebc2c9746b3a29e32] mmc: sdhci-uhs2: add request() and others testing commit 9cbb2358bb1f17b61bf75cbebc2c9746b3a29e32 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: ca37f7f3e4ad2bde6dc278e0430cdfc22d3a95eb86190fbb5b12f05a370d4663 all runs: OK false negative chance: 0.000 # git bisect good 9cbb2358bb1f17b61bf75cbebc2c9746b3a29e32 Bisecting: 21 revisions left to test after this (roughly 5 steps) [025c60e70682b0f402d2768ad624c4450d1e6a11] Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/libata/linux testing commit 025c60e70682b0f402d2768ad624c4450d1e6a11 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 2995698113c484ca716e7f6be27a812df3919d0802c6b26380469fb2e4c0ab0d all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in io_sqe_buffer_register representative crash: BUG: unable to handle kernel NULL pointer dereference in io_sqe_buffer_register, types: [UNKNOWN] # git bisect bad 025c60e70682b0f402d2768ad624c4450d1e6a11 Bisecting: 10 revisions left to test after this (roughly 4 steps) [f91df7f7dd71db9e1d3d18f3a59b05d9fb30c48f] Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm.git testing commit f91df7f7dd71db9e1d3d18f3a59b05d9fb30c48f gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 41b7451c5976ba6b2d1ff85c0d77b89e4fa7e1e15950683e7a8d06fa924c0040 all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in io_sqe_buffer_register representative crash: BUG: unable to handle kernel NULL pointer dereference in io_sqe_buffer_register, types: [UNKNOWN] # git bisect bad f91df7f7dd71db9e1d3d18f3a59b05d9fb30c48f Bisecting: 7 revisions left to test after this (roughly 3 steps) [2ca99346cd626ac569aba0781d0bc4824c381371] dm vdo: Remove unused functions testing commit 2ca99346cd626ac569aba0781d0bc4824c381371 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 0a51e4a74162996599d6805511ef6acf298f7b6a2b3fe5d98eeb8a1c61d14be7 all runs: OK false negative chance: 0.000 # git bisect good 2ca99346cd626ac569aba0781d0bc4824c381371 Bisecting: 3 revisions left to test after this (roughly 2 steps) [be856e188156cb5eed779f5b1b1123efab8f6d07] Merge branch 'for-6.13/io_uring' into for-next testing commit be856e188156cb5eed779f5b1b1123efab8f6d07 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 2d4dcacddcf945a9ea4de8ceddd83497eb45a748858a494ca47f89f5c68ae66c all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in io_sqe_buffer_register representative crash: BUG: unable to handle kernel NULL pointer dereference in io_sqe_buffer_register, types: [UNKNOWN] # git bisect bad be856e188156cb5eed779f5b1b1123efab8f6d07 Bisecting: 1 revision left to test after this (roughly 1 step) [8fdef921e4086fa24c03d2081fe06930f7a94d3b] Merge branch 'for-6.13/block' into for-next testing commit 8fdef921e4086fa24c03d2081fe06930f7a94d3b gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 0d9e59382525bc71f74fbcb76e123101a963ce8ac8d565bcd7fce03aadcdfe53 all runs: OK false negative chance: 0.000 # git bisect good 8fdef921e4086fa24c03d2081fe06930f7a94d3b Bisecting: 0 revisions left to test after this (roughly 0 steps) [661768085e99aad356ebc77d78ac41fd02eccbe3] io_uring/rsrc: get rid of the empty node and dummy_ubuf testing commit 661768085e99aad356ebc77d78ac41fd02eccbe3 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 4f08f6e704891bc6c3295d48a44cbd548b090d3bec8a36316b8eee48ba364684 all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in io_sqe_buffer_register representative crash: BUG: unable to handle kernel NULL pointer dereference in io_sqe_buffer_register, types: [UNKNOWN] # git bisect bad 661768085e99aad356ebc77d78ac41fd02eccbe3 661768085e99aad356ebc77d78ac41fd02eccbe3 is the first bad commit commit 661768085e99aad356ebc77d78ac41fd02eccbe3 Author: Jens Axboe Date: Wed Oct 30 09:51:58 2024 -0600 io_uring/rsrc: get rid of the empty node and dummy_ubuf The empty node was used as a placeholder for a sparse entry, but it didn't really solve any issues. The caller still has to check for whether it's the empty node or not, it may as well just check for a NULL return instead. The dummy_ubuf was used for a sparse buffer entry, but NULL will serve the same purpose there of ensuring an -EFAULT on attempted import. Just use NULL for a sparse node, regardless of whether or not it's a file or buffer resource. Signed-off-by: Jens Axboe io_uring/io_uring.c | 4 ++-- io_uring/notif.c | 4 ++-- io_uring/rsrc.c | 43 +++++++++++++++++-------------------------- io_uring/rsrc.h | 23 +++++++---------------- io_uring/splice.c | 2 +- 5 files changed, 29 insertions(+), 47 deletions(-) accumulated error probability: 0.00 parent commit 0f576012ae2ff08009ce91e2294832e2b88aba06 wasn't tested testing commit 0f576012ae2ff08009ce91e2294832e2b88aba06 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 5f7678662eaecb300764d1f9665dfd52665305cbf48fafd837c1075a28c025b1 culprit signature: 4f08f6e704891bc6c3295d48a44cbd548b090d3bec8a36316b8eee48ba364684 parent signature: 5f7678662eaecb300764d1f9665dfd52665305cbf48fafd837c1075a28c025b1 revisions tested: 22, total time: 6h27m15.351001337s (build: 4h1m46.679483732s, test: 2h0m33.455916829s) first bad commit: 661768085e99aad356ebc77d78ac41fd02eccbe3 io_uring/rsrc: get rid of the empty node and dummy_ubuf recipients (to): ["asml.silence@gmail.com" "axboe@kernel.dk" "axboe@kernel.dk" "io-uring@vger.kernel.org"] recipients (cc): ["linux-kernel@vger.kernel.org"] crash: BUG: unable to handle kernel NULL pointer dereference in io_sqe_buffer_register BUG: kernel NULL pointer dereference, address: 0000000000000018 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 800000010e705067 P4D 800000010e705067 PUD 10e711067 PMD 0 Oops: Oops: 0000 [#1] PREEMPT SMP PTI CPU: 1 UID: 0 PID: 3050 Comm: syz.3.15 Not tainted 6.12.0-rc4-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 RIP: 0010:headpage_already_acct io_uring/rsrc.c:584 [inline] RIP: 0010:io_buffer_account_pin io_uring/rsrc.c:614 [inline] RIP: 0010:io_sqe_buffer_register+0x279/0x8f0 io_uring/rsrc.c:758 Code: c0 0f 84 a3 00 00 00 31 ff eb 11 41 8b 86 20 01 00 00 ff c7 39 c7 0f 83 8e 00 00 00 49 8b 96 28 01 00 00 48 63 ef 48 8b 14 ea <48> 8b 5a 18 8b 53 0c 85 d2 74 dd 31 ed eb 09 8b 53 0c ff c5 39 d5 RSP: 0018:ffffc90001c3bc98 EFLAGS: 00010246 RAX: 0000000000000002 RBX: 00000000fffffe00 RCX: ffffea0008d90000 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 RBP: 0000000000000000 R08: 0000000000000006 R09: 0000000000000000 R10: ffffc90001c3bd48 R11: 0000000000000000 R12: ffff888104faa380 R13: ffff888101fcdb00 R14: ffff888108eb7000 R15: ffff8881057b3fa0 FS: 00007f92705f16c0(0000) GS:ffff888237d00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000018 CR3: 0000000104b26000 CR4: 00000000003506f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: __io_sqe_buffers_update io_uring/rsrc.c:257 [inline] __io_register_rsrc_update+0x205/0x4b0 io_uring/rsrc.c:295 io_register_rsrc_update+0x87/0xb0 io_uring/rsrc.c:326 __do_sys_io_uring_register io_uring/register.c:938 [inline] __se_sys_io_uring_register+0x548/0x13d0 io_uring/register.c:915 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0x8d/0x170 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f926f77e719 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f92705f1038 EFLAGS: 00000246 ORIG_RAX: 00000000000001ab RAX: ffffffffffffffda RBX: 00007f926f935f80 RCX: 00007f926f77e719 RDX: 0000000020000600 RSI: 0000000000000010 RDI: 0000000000000003 RBP: 00007f926f7f132e R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000020 R11: 0000000000000246 R12: 0000000000000000 R13: 0000000000000000 R14: 00007f926f935f80 R15: 00007fff382895a8 Modules linked in: CR2: 0000000000000018 ---[ end trace 0000000000000000 ]--- RIP: 0010:headpage_already_acct io_uring/rsrc.c:584 [inline] RIP: 0010:io_buffer_account_pin io_uring/rsrc.c:614 [inline] RIP: 0010:io_sqe_buffer_register+0x279/0x8f0 io_uring/rsrc.c:758 Code: c0 0f 84 a3 00 00 00 31 ff eb 11 41 8b 86 20 01 00 00 ff c7 39 c7 0f 83 8e 00 00 00 49 8b 96 28 01 00 00 48 63 ef 48 8b 14 ea <48> 8b 5a 18 8b 53 0c 85 d2 74 dd 31 ed eb 09 8b 53 0c ff c5 39 d5 RSP: 0018:ffffc90001c3bc98 EFLAGS: 00010246 RAX: 0000000000000002 RBX: 00000000fffffe00 RCX: ffffea0008d90000 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 RBP: 0000000000000000 R08: 0000000000000006 R09: 0000000000000000 R10: ffffc90001c3bd48 R11: 0000000000000000 R12: ffff888104faa380 R13: ffff888101fcdb00 R14: ffff888108eb7000 R15: ffff8881057b3fa0 FS: 00007f92705f16c0(0000) GS:ffff888237d00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000018 CR3: 0000000104b26000 CR4: 00000000003506f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 ---------------- Code disassembly (best guess): 0: c0 0f 84 rorb $0x84,(%rdi) 3: a3 00 00 00 31 ff eb movabs %eax,0x4111ebff31000000 a: 11 41 c: 8b 86 20 01 00 00 mov 0x120(%rsi),%eax 12: ff c7 inc %edi 14: 39 c7 cmp %eax,%edi 16: 0f 83 8e 00 00 00 jae 0xaa 1c: 49 8b 96 28 01 00 00 mov 0x128(%r14),%rdx 23: 48 63 ef movslq %edi,%rbp 26: 48 8b 14 ea mov (%rdx,%rbp,8),%rdx * 2a: 48 8b 5a 18 mov 0x18(%rdx),%rbx <-- trapping instruction 2e: 8b 53 0c mov 0xc(%rbx),%edx 31: 85 d2 test %edx,%edx 33: 74 dd je 0x12 35: 31 ed xor %ebp,%ebp 37: eb 09 jmp 0x42 39: 8b 53 0c mov 0xc(%rbx),%edx 3c: ff c5 inc %ebp 3e: 39 d5 cmp %edx,%ebp