ci starts bisection 2025-06-25 14:05:38.665977865 +0000 UTC m=+81446.178097860 bisecting fixing commit since 80e54e84911a923c40d7bee33a34c1b4be148d7a building syzkaller on 16256247d9c41cf4980c36db3841ddd674a04b58 ensuring issue is reproducible on original commit 80e54e84911a923c40d7bee33a34c1b4be148d7a testing commit 80e54e84911a923c40d7bee33a34c1b4be148d7a gcc compiler: Debian clang version 20.1.6 (++20250514063057+1e4d39e07757-1~exp1~20250514183223.118), Debian LLD 20.1.6 kernel signature: 443d0d341f7908a9a6b8418a98243e6d388339c358cca50c363bb7e44e71db76 all runs: crashed: general protection fault in do_pagemap_cmd representative crash: general protection fault in do_pagemap_cmd, types: [UNKNOWN] check whether we can drop unnecessary instrumentation disabling configs for [UBSAN BUG KASAN LOCKDEP ATOMIC_SLEEP HANG LEAK], they are not needed testing commit 80e54e84911a923c40d7bee33a34c1b4be148d7a gcc compiler: Debian clang version 20.1.6 (++20250514063057+1e4d39e07757-1~exp1~20250514183223.118), Debian LLD 20.1.6 kernel signature: 65a02438e224a98d3d72d57c2f467fcb665460417eb2c888d16e2b952f7c52cb all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in do_pagemap_cmd representative crash: BUG: unable to handle kernel NULL pointer dereference in do_pagemap_cmd, types: [UNKNOWN] the bug reproduces without the instrumentation disabling configs for [BUG KASAN LOCKDEP ATOMIC_SLEEP HANG LEAK UBSAN], they are not needed kconfig minimization: base=4088 full=8254 leaves diff=2144 split chunks (needed=false): <2144> split chunk #0 of len 2144 into 5 parts testing without sub-chunk 1/5 disabling configs for [HANG LEAK UBSAN BUG KASAN LOCKDEP ATOMIC_SLEEP], they are not needed testing commit 80e54e84911a923c40d7bee33a34c1b4be148d7a gcc compiler: Debian clang version 20.1.6 (++20250514063057+1e4d39e07757-1~exp1~20250514183223.118), Debian LLD 20.1.6 kernel signature: 147172b862d244182725cebda817447f368765138f3d937955f08e8da4ac3396 all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in do_pagemap_cmd representative crash: BUG: unable to handle kernel NULL pointer dereference in do_pagemap_cmd, types: [UNKNOWN] the chunk can be dropped testing without sub-chunk 2/5 disabling configs for [LEAK UBSAN BUG KASAN LOCKDEP ATOMIC_SLEEP HANG], they are not needed testing commit 80e54e84911a923c40d7bee33a34c1b4be148d7a gcc compiler: Debian clang version 20.1.6 (++20250514063057+1e4d39e07757-1~exp1~20250514183223.118), Debian LLD 20.1.6 failed building 80e54e84911a923c40d7bee33a34c1b4be148d7a: ld.lld: error: undefined symbol: devm_drm_of_get_bridge testing without sub-chunk 3/5 disabling configs for [HANG LEAK UBSAN BUG KASAN LOCKDEP ATOMIC_SLEEP], they are not needed testing commit 80e54e84911a923c40d7bee33a34c1b4be148d7a gcc compiler: Debian clang version 20.1.6 (++20250514063057+1e4d39e07757-1~exp1~20250514183223.118), Debian LLD 20.1.6 kernel signature: de0dd7cff82e547c40aa2155f58f7d8f6f75fc4bf28a1309809282cae4d972f9 all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in do_pagemap_cmd representative crash: BUG: unable to handle kernel NULL pointer dereference in do_pagemap_cmd, types: [UNKNOWN] the chunk can be dropped testing without sub-chunk 4/5 disabling configs for [BUG KASAN LOCKDEP ATOMIC_SLEEP HANG LEAK UBSAN], they are not needed testing commit 80e54e84911a923c40d7bee33a34c1b4be148d7a gcc compiler: Debian clang version 20.1.6 (++20250514063057+1e4d39e07757-1~exp1~20250514183223.118), Debian LLD 20.1.6 kernel signature: 6ef7fda6dac3de50c18029f73293e87af2a7ebc3044c78d20ebd21c9cd5989de all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in do_pagemap_cmd representative crash: BUG: unable to handle kernel NULL pointer dereference in do_pagemap_cmd, types: [UNKNOWN] the chunk can be dropped testing without sub-chunk 5/5 disabling configs for [LOCKDEP ATOMIC_SLEEP HANG LEAK UBSAN BUG KASAN], they are not needed testing commit 80e54e84911a923c40d7bee33a34c1b4be148d7a gcc compiler: Debian clang version 20.1.6 (++20250514063057+1e4d39e07757-1~exp1~20250514183223.118), Debian LLD 20.1.6 kernel signature: bc73ce8762d5a8841380a7c222d8e75473d562a18ea0c2a3df86d27d8d73776d all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in do_pagemap_cmd representative crash: BUG: unable to handle kernel NULL pointer dereference in do_pagemap_cmd, types: [UNKNOWN] the chunk can be dropped minimized to 429 configs; suspects: [6LOWPAN ARCH_ENABLE_MEMORY_HOTREMOVE ASUS_WMI CHARGER_BQ24190 CMA COMMON_CLK DAX DLM DRM DRM_BRIDGE DRM_DISPLAY_DP_AUX_BUS DRM_DISPLAY_DP_HELPER DRM_DISPLAY_DSC_HELPER DRM_DISPLAY_HDCP_HELPER DRM_DISPLAY_HDMI_HELPER DRM_DISPLAY_HELPER DRM_GEM_SHMEM_HELPER DRM_GM12U320 DRM_GUD DRM_I915 DRM_I915_CAPTURE_ERROR DRM_I915_COMPRESS_ERROR DRM_I915_USERPTR DRM_KMS_HELPER DRM_MIPI_DSI DRM_PANEL DRM_PANEL_BRIDGE DRM_PANEL_EDP DRM_PANEL_ORIENTATION_QUIRKS DRM_SIMPLEDRM DRM_TTM DRM_TTM_HELPER DRM_UDL DRM_VGEM DRM_VIRTIO_GPU DRM_VIRTIO_GPU_KMS DRM_VKMS DRM_VMWGFX DUMMY DVB_AF9013 DVB_AF9033 DVB_AS102 DVB_AS102_FE DVB_B2C2_FLEXCOP DVB_B2C2_FLEXCOP_USB DVB_CORE DVB_DIB3000MB DVB_DIB3000MC DVB_EC100 DVB_GP8PSK_FE DVB_RTL2830 DVB_RTL2832 DVB_RTL2832_SDR DVB_TEST_DRIVERS DVB_TTUSB_BUDGET DVB_TTUSB_DEC DVB_USB DVB_USB_A800 DVB_USB_AF9005 DVB_USB_AF9005_REMOTE DVB_USB_AF9015 DVB_USB_AF9035 DVB_USB_ANYSEE DVB_USB_AU6610 DVB_USB_AZ6007 DVB_USB_AZ6027 DVB_USB_CE6230 DVB_USB_CINERGY_T2 DVB_USB_CXUSB DVB_USB_CXUSB_ANALOG DVB_USB_DIB0700 DVB_USB_DIB3000MC DVB_USB_DIBUSB_MB DVB_USB_DIBUSB_MC DVB_USB_DIGITV DVB_USB_DTT200U DVB_USB_DTV5100 DVB_USB_DVBSKY DVB_USB_DW2102 DVB_USB_EC168 DVB_USB_GL861 DVB_USB_GP8PSK DVB_USB_LME2510 DVB_USB_M920X DVB_USB_MXL111SF DVB_USB_NOVA_T_USB2 DVB_USB_OPERA1 DVB_USB_PCTV452E DVB_USB_RTL28XXU DVB_USB_TECHNISAT_USB2 DVB_USB_TTUSB2 DVB_USB_UMT_010 DVB_USB_V2 DVB_USB_VP702X DVB_USB_VP7045 DVB_USB_ZD1301 DVB_VIDTV DVB_ZL10353 ECRYPT_FS ECRYPT_FS_MESSAGING EDAC EFS_FS ENCRYPTED_KEYS EQUALIZER EROFS_FS EROFS_FS_POSIX_ACL EROFS_FS_SECURITY EROFS_FS_XATTR EROFS_FS_ZIP EVM EVM_ADD_XATTRS EVM_ATTR_FSUUID EVM_EXTRA_SMACK_XATTRS EXFAT_FS EXPORTFS_BLOCK_OPS EXT3_FS EXT3_FS_POSIX_ACL EXT3_FS_SECURITY EXTCON EXTCON_INTEL_CHT_WC EXTCON_PTN5150 EXTCON_USBC_TUSB320 F2FS_CHECK_FS F2FS_FAULT_INJECTION F2FS_FS F2FS_FS_COMPRESSION F2FS_FS_LZ4 F2FS_FS_LZ4HC F2FS_FS_LZO F2FS_FS_LZORLE F2FS_FS_POSIX_ACL F2FS_FS_SECURITY F2FS_FS_XATTR F2FS_FS_ZSTD F2FS_STAT_FS FANOTIFY FANOTIFY_ACCESS_PERMISSIONS FB FB_CFB_COPYAREA FB_CFB_FILLRECT FB_CFB_IMAGEBLIT FB_CORE FB_DEFERRED_IO FB_DEVICE FB_IOMEM_FOPS FB_IOMEM_HELPERS FB_NOTIFY FB_SYSMEM_FOPS FB_SYSMEM_HELPERS FB_SYSMEM_HELPERS_DEFERRED FB_SYS_COPYAREA FB_SYS_FILLRECT FB_SYS_IMAGEBLIT FB_TILEBLITTING FB_VESA FB_VGA16 FB_VIRTUAL FDDI FIREWIRE FIREWIRE_NET FIREWIRE_OHCI FIREWIRE_SBP2 FONT_8x16 FONT_8x8 FONT_SUPPORT FRAMEBUFFER_CONSOLE FRAMEBUFFER_CONSOLE_DETECT_PRIMARY FRAMEBUFFER_CONSOLE_ROTATION FS_DAX FS_DAX_PMD FS_ENCRYPTION FS_ENCRYPTION_ALGS FS_STACK FS_VERITY FS_VERITY_BUILTIN_SIGNATURES FTL FUSE_DAX FUSE_FS FW_LOADER_COMPRESS FW_LOADER_PAGED_BUF FW_LOADER_SYSFS FW_LOADER_USER_HELPER FW_LOADER_USER_HELPER_FALLBACK GACT_PROB GARP GENDWARFKSYMS GENERIC_PHY GENERIC_PTDUMP GET_FREE_REGION GFS2_FS GFS2_FS_LOCKING_DLM GNSS GNSS_USB GOOGLE_COREBOOT_TABLE GOOGLE_FIRMWARE GOOGLE_MEMCONSOLE GOOGLE_MEMCONSOLE_COREBOOT GOOGLE_VPD GPIOLIB GPIOLIB_IRQCHIP GPIO_ACPI GPIO_DLN2 GPIO_LJCA GPIO_VIPERBOARD GREENASIA_FF GREYBUS GREYBUS_BRIDGED_PHY GREYBUS_ES2 GREYBUS_HID GREYBUS_USB GTP GUEST_PERF_EVENTS GVE HAVE_ARCH_NODE_DEV_GROUP HAVE_ARCH_USERFAULTFD_MINOR HAVE_ARCH_USERFAULTFD_WP HAVE_BOOTMEM_INFO_NODE HAVE_CLK_PREPARE HAVE_EISA HAVE_KVM_CPU_RELAX_INTERCEPT HAVE_KVM_DIRTY_RING HAVE_KVM_DIRTY_RING_ACQ_REL HAVE_KVM_DIRTY_RING_TSO HAVE_KVM_IRQCHIP HAVE_KVM_IRQ_BYPASS HAVE_KVM_IRQ_ROUTING HAVE_KVM_MSI HAVE_KVM_NO_POLL HAVE_KVM_PFNCACHE HAVE_KVM_PM_NOTIFIER HAVE_KVM_READONLY_MEM HAVE_SCHED_AVG_IRQ HDLC HDLC_CISCO HDLC_FR HDLC_PPP HDLC_RAW HDLC_RAW_ETH HDLC_X25 HDMI HFSPLUS_FS HFS_FS HID_ACCUTOUCH HID_ACRUX HID_ACRUX_FF HID_ALPS HID_APPLEIR HID_ASUS HID_AUREAL HID_BATTERY_STRENGTH HID_BETOP_FF HID_BIGBEN_FF HID_CMEDIA HID_CORSAIR HID_COUGAR HID_CP2112 HID_CREATIVE_SB0540 HID_ELAN HID_ELECOM HID_ELO HID_EMS_FF HID_EVISION HID_FT260 HID_GEMBIRD HID_GFRM HID_GLORIOUS HID_GOOGLE_STADIA_FF HID_GREENASIA HID_GT683R HID_HOLTEK HID_ICADE HID_JABRA HID_KEYTOUCH HID_KYE HID_LCPOWER HID_LED HID_LENOVO HID_LETSKETCH HID_LOGITECH HID_LOGITECH_DJ HID_LOGITECH_HIDPP HID_MACALLY HID_MAGICMOUSE HID_MALTRON HID_MAYFLASH HID_MCP2200 HID_MCP2221 HID_MEGAWORLD_FF HID_MULTITOUCH HID_NTI HID_ORTEK HID_PENMOUNT HID_PICOLCD HID_PICOLCD_BACKLIGHT HID_PICOLCD_CIR HID_PICOLCD_FB HID_PICOLCD_LCD HID_PICOLCD_LEDS HID_PLANTRONICS HID_PRIMAX HID_PRODIKEYS HID_PXRC HID_RAZER HID_RETRODE HID_RMI HID_ROCCAT HID_SAITEK HID_SEMITEK HID_SENSOR_ACCEL_3D HID_SENSOR_ALS HID_SENSOR_CUSTOM_INTEL_HINGE HID_SENSOR_CUSTOM_SENSOR HID_SENSOR_DEVICE_ROTATION HID_SENSOR_GYRO_3D HID_SENSOR_HUB HID_SENSOR_HUMIDITY HID_SENSOR_IIO_COMMON HID_SENSOR_IIO_TRIGGER HID_SENSOR_INCLINOMETER_3D HID_SENSOR_MAGNETOMETER_3D HID_SENSOR_PRESS HID_SENSOR_PROX HID_SENSOR_TEMP HID_SIGMAMICRO HID_SPEEDLINK HID_STEELSERIES HID_THINGM HID_TIVO HID_TOPRE HID_TWINHAN HID_U2FZERO HID_UCLOGIC HID_UDRAW_PS3 HID_VIEWSONIC HID_VIVALDI HID_VIVALDI_COMMON HID_VRC2 HID_WACOM HID_WALTOP HID_WIIMOTE HID_XIAOMI HID_XINMO HID_ZYDACRON HMM_MIRROR HOLTEK_FF HOTPLUG_PCI_PCIE HPET_MMAP HPET_MMAP_DEFAULT HPFS_FS I2C_ALGOBIT I2C_CHARDEV I2C_CP2615 I2C_DESIGNWARE_CORE I2C_DESIGNWARE_PLATFORM I2C_DIOLAN_U2C I2C_DLN2 I2C_HID_ACPI I2C_HID_CORE I2C_HID_OF I2C_LJCA I2C_MUX I2C_MUX_REG I2C_ROBOTFUZZ_OSIF I2C_SI4713 I2C_SLAVE I2C_SLAVE_EEPROM I2C_TINY_USB I2C_VIPERBOARD IEEE802154 IEEE802154_6LOWPAN IEEE802154_ATUSB IEEE802154_DRIVERS IEEE802154_HWSIM IEEE802154_NL802154_EXPERIMENTAL IEEE802154_SOCKET IFB IIO IIO_BUFFER IIO_KFIFO_BUF IIO_TRIGGER IIO_TRIGGERED_BUFFER IKCONFIG IKCONFIG_PROC IMA IMA_APPRAISE IMA_APPRAISE_MODSIG IMA_DEFAULT_HASH_SHA256 IMA_LSM_RULES IMA_MEASURE_ASYMMETRIC_KEYS IMA_NG_TEMPLATE IMA_QUEUE_EARLY_BOOT_KEYS IMA_READ_POLICY IMA_WRITE_POLICY INET6_ESPINTCP INET6_ESP_OFFLOAD INET6_IPCOMP INET6_TUNNEL INET6_XFRM_TUNNEL INET_AH INET_DCCP_DIAG INET_DIAG INET_DIAG_DESTROY INET_ESP INET_ESPINTCP INET_ESP_OFFLOAD INET_IPCOMP INET_MPTCP_DIAG INET_RAW_DIAG INET_SCTP_DIAG INET_TCP_DIAG INET_UDP_DIAG INET_XFRM_TUNNEL INFINIBAND INFINIBAND_ADDR_TRANS INFINIBAND_ADDR_TRANS_CONFIGFS INFINIBAND_IPOIB INFINIBAND_IPOIB_CM INFINIBAND_IPOIB_DEBUG INFINIBAND_ISER INFINIBAND_ON_DEMAND_PAGING INFINIBAND_RTRS INFINIBAND_SRP INFINIBAND_USER_ACCESS INFINIBAND_USER_MAD INFINIBAND_USER_MEM INPUT_ATI_REMOTE2 INPUT_CM109 INPUT_IMS_PCU INPUT_JOYDEV INPUT_KEYSPAN_REMOTE INPUT_LEDS INPUT_MOUSEDEV INPUT_MOUSEDEV_PSAUX INPUT_POWERMATE INPUT_UINPUT INPUT_YEALINK INTEGRITY INTEGRITY_ASYMMETRIC_KEYS INTEGRITY_AUDIT INTEGRITY_SIGNATURE INTEGRITY_TRUSTED_KEYRING INTEL_CHTWC_INT33FE INTEL_IDMA64 INTEL_IOATDMA INTEL_IOMMU_DEFAULT_ON INTEL_IOMMU_SVM INTEL_ISHTP_ECLITE INTEL_ISH_FIRMWARE_DOWNLOADER INTEL_ISH_HID INTEL_SOC_PMIC_CHTWC INTERVAL_TREE_SPAN_ITER IOMMUFD IOMMUFD_DRIVER IOMMUFD_DRIVER_CORE IOMMUFD_TEST IP6_NF_MATCH_AH IP6_NF_MATCH_EUI64 IP6_NF_MATCH_FRAG IP6_NF_MATCH_HL IP6_NF_MATCH_MH IP6_NF_MATCH_OPTS IP6_NF_MATCH_RPFILTER IP6_NF_MATCH_RT IP6_NF_MATCH_SRH IP6_NF_NAT IP6_NF_RAW IP6_NF_SECURITY IP6_NF_TARGET_HL IP6_NF_TARGET_MASQUERADE IP6_NF_TARGET_NPT IP6_NF_TARGET_SYNPROXY IPV6_FOU IPV6_FOU_TUNNEL IPV6_GRE IPV6_ILA IPV6_MIP6 IPV6_MROUTE IPV6_MROUTE_MULTIPLE_TABLES IPV6_MULTIPLE_TABLES IPV6_OPTIMISTIC_DAD IPV6_PIMSM_V2 IPV6_ROUTER_PREF IPV6_ROUTE_INFO IPV6_RPL_LWTUNNEL IPV6_SEG6_BPF IPV6_SEG6_HMAC IPV6_SEG6_LWTUNNEL IPV6_SIT_6RD IPV6_SUBTREES IPV6_TUNNEL IPV6_VTI IPVLAN IPVLAN_L3S IPVTAP IP_DCCP IP_DCCP_CCID3 IP_DCCP_TFRC_LIB IP_FIB_TRIE_STATS IP_MROUTE_MULTIPLE_TABLES IP_NF_ARPFILTER IP_NF_ARPTABLES IP_NF_ARP_MANGLE IP_NF_MATCH_AH IP_NF_MATCH_ECN IP_NF_MATCH_RPFILTER IP_NF_MATCH_TTL IP_NF_RAW IP_NF_SECURITY IP_NF_TARGET_ECN IP_NF_TARGET_NETMAP IP_NF_TARGET_REDIRECT IP_NF_TARGET_SYNPROXY IP_NF_TARGET_TTL IP_ROUTE_CLASSID IP_SCTP IP_SET IP_SET_BITMAP_IP IP_SET_BITMAP_IPMAC IP_SET_BITMAP_PORT IP_SET_HASH_IP IP_SET_HASH_IPMAC IP_SET_HASH_IPMARK IP_SET_HASH_IPPORT IP_SET_HASH_IPPORTIP IP_SET_HASH_IPPORTNET IP_SET_HASH_MAC IP_SET_HASH_NET IP_SET_HASH_NETIFACE IP_SET_HASH_NETNET IP_SET_HASH_NETPORT IRQ_TIME_ACCOUNTING LAPB LCD_CLASS_DEVICE MAC802154 MCORE2 MEDIA_DIGITAL_TV_SUPPORT MEDIA_RADIO_SUPPORT MEDIA_SDR_SUPPORT MEDIA_SUPPORT MEDIA_TEST_SUPPORT MEDIA_USB_SUPPORT MEMORY_HOTPLUG MEMORY_HOTREMOVE MFD_DLN2 MFD_VIPERBOARD MODVERSIONS MPTCP MTD NETFILTER_ADVANCED NET_ACT_GACT NET_ACT_MIRRED NET_IPGRE_DEMUX NFT_COMPAT NFT_COMPAT_ARP NFT_FWD_NETDEV NF_TABLES NF_TABLES_ARP NF_TABLES_NETDEV RADIO_ADAPTERS RADIO_SI4713 RAS RC_CORE REGULATOR RFKILL SND SOUND STAGING TRANSPARENT_HUGEPAGE TYPEC TYPEC_MUX_PI3USB30532 USB_LJCA USB_ROLES_INTEL_XHCI USB_ROLE_SWITCH VIDEO_DEV VIRTIO_FS WAN ZONE_DEVICE] disabling configs for [HANG LEAK UBSAN BUG KASAN LOCKDEP ATOMIC_SLEEP], they are not needed testing current HEAD 7595b66ae9de667bf35a8c99e8f1bfc4792e207e testing commit 7595b66ae9de667bf35a8c99e8f1bfc4792e207e gcc compiler: Debian clang version 20.1.6 (++20250514063057+1e4d39e07757-1~exp1~20250514183223.118), Debian LLD 20.1.6 kernel signature: 94de89c6f6042083cfee00956619add90f6a134965396d2d8ffc48bda419f149 all runs: OK false negative chance: 0.000 # git bisect start 7595b66ae9de667bf35a8c99e8f1bfc4792e207e 80e54e84911a923c40d7bee33a34c1b4be148d7a Bisecting: 15451 revisions left to test after this (roughly 14 steps) [5565acd1e6c4a1994e0ba32281ec10b69c0be14d] Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net determine whether the revision contains the guilty commit revision 80e54e84911a923c40d7bee33a34c1b4be148d7a crashed and is reachable testing commit 5565acd1e6c4a1994e0ba32281ec10b69c0be14d gcc compiler: Debian clang version 20.1.6 (++20250514063057+1e4d39e07757-1~exp1~20250514183223.118), Debian LLD 20.1.6 kernel signature: c8e6204d94b20f7deee883144f28f211250b38d92f0a38656b921c8c4d31a9be all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in do_pagemap_cmd representative crash: BUG: unable to handle kernel NULL pointer dereference in do_pagemap_cmd, types: [UNKNOWN] # git bisect good 5565acd1e6c4a1994e0ba32281ec10b69c0be14d Bisecting: 8147 revisions left to test after this (roughly 13 steps) [47cf96fbe393839b125a9b694a8cfdd3f4216baa] Merge tag 'arm64-upstream' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux determine whether the revision contains the guilty commit revision 80e54e84911a923c40d7bee33a34c1b4be148d7a crashed and is reachable testing commit 47cf96fbe393839b125a9b694a8cfdd3f4216baa gcc compiler: Debian clang version 20.1.6 (++20250514063057+1e4d39e07757-1~exp1~20250514183223.118), Debian LLD 20.1.6 kernel signature: f858fc9a68808bce07644833d3fd2272343aa5df516fd62953ffc30d149a6752 all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in do_pagemap_cmd representative crash: BUG: unable to handle kernel NULL pointer dereference in do_pagemap_cmd, types: [UNKNOWN] # git bisect good 47cf96fbe393839b125a9b694a8cfdd3f4216baa Bisecting: 4074 revisions left to test after this (roughly 12 steps) [31848987f177a6c0944fd0254a55ffd7c52a8c50] Merge tag 'soc-newsoc-6.16' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc determine whether the revision contains the guilty commit revision 80e54e84911a923c40d7bee33a34c1b4be148d7a crashed and is reachable testing commit 31848987f177a6c0944fd0254a55ffd7c52a8c50 gcc compiler: Debian clang version 20.1.6 (++20250514063057+1e4d39e07757-1~exp1~20250514183223.118), Debian LLD 20.1.6 kernel signature: 8d0846c0772dc621bceeff1c79bfe71658529bd2f4e8424d438c20f9291029e7 all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in do_pagemap_cmd representative crash: BUG: unable to handle kernel NULL pointer dereference in do_pagemap_cmd, types: [UNKNOWN] # git bisect good 31848987f177a6c0944fd0254a55ffd7c52a8c50 Bisecting: 2037 revisions left to test after this (roughly 11 steps) [f694481b1d3177144fcac4242eb750cfcb9f7bd5] ACPI: processor: Rescan "dead" SMT siblings during initialization determine whether the revision contains the guilty commit revision 47cf96fbe393839b125a9b694a8cfdd3f4216baa crashed and is reachable testing commit f694481b1d3177144fcac4242eb750cfcb9f7bd5 gcc compiler: Debian clang version 20.1.6 (++20250514063057+1e4d39e07757-1~exp1~20250514183223.118), Debian LLD 20.1.6 kernel signature: d0ea162b7ebff012fb3797e262cf090ab959601b30020273376a8ca509c61b88 all runs: OK false negative chance: 0.000 # git bisect bad f694481b1d3177144fcac4242eb750cfcb9f7bd5 Bisecting: 1028 revisions left to test after this (roughly 10 steps) [69352bd52b2667e5c6e8ebb14143528c28f5e37d] Merge tag 'mfd-next-6.16' of git://git.kernel.org/pub/scm/linux/kernel/git/lee/mfd determine whether the revision contains the guilty commit revision 31848987f177a6c0944fd0254a55ffd7c52a8c50 crashed and is reachable testing commit 69352bd52b2667e5c6e8ebb14143528c28f5e37d gcc compiler: Debian clang version 20.1.6 (++20250514063057+1e4d39e07757-1~exp1~20250514183223.118), Debian LLD 20.1.6 kernel signature: 5c92c810e06c1494cffb4f00f10c8fb78efa9dac78fe535882357b816c03af77 all runs: OK false negative chance: 0.000 # git bisect bad 69352bd52b2667e5c6e8ebb14143528c28f5e37d Bisecting: 512 revisions left to test after this (roughly 9 steps) [b509c16e1d7cba8d0fd3843f6641fcafb3761432] Merge tag 'rpmsg-v6.16' of git://git.kernel.org/pub/scm/linux/kernel/git/remoteproc/linux determine whether the revision contains the guilty commit revision 80e54e84911a923c40d7bee33a34c1b4be148d7a crashed and is reachable testing commit b509c16e1d7cba8d0fd3843f6641fcafb3761432 gcc compiler: Debian clang version 20.1.6 (++20250514063057+1e4d39e07757-1~exp1~20250514183223.118), Debian LLD 20.1.6 kernel signature: 73ab56f92b7cb7ed2359dd25e138ed5f370bd68292ee0a8295ae0bc8c5eb3f35 all runs: OK false negative chance: 0.000 # git bisect bad b509c16e1d7cba8d0fd3843f6641fcafb3761432 Bisecting: 247 revisions left to test after this (roughly 8 steps) [83b6d498d027002e79c2ce40b5729137500c3170] mm: cma: set early_pfn and bitmap as a union in cma_memrange determine whether the revision contains the guilty commit revision 80e54e84911a923c40d7bee33a34c1b4be148d7a crashed and is reachable testing commit 83b6d498d027002e79c2ce40b5729137500c3170 gcc compiler: Debian clang version 20.1.6 (++20250514063057+1e4d39e07757-1~exp1~20250514183223.118), Debian LLD 20.1.6 kernel signature: a900d3280fabf3e69cb431bfec1928c2e10f109032ef29a1d2336c6b83ff0165 all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in do_pagemap_cmd representative crash: BUG: unable to handle kernel NULL pointer dereference in do_pagemap_cmd, types: [UNKNOWN] # git bisect good 83b6d498d027002e79c2ce40b5729137500c3170 Bisecting: 118 revisions left to test after this (roughly 7 steps) [7d4e49a77d9930c69751b9192448fda6ff9100f1] Merge tag 'mm-nonmm-stable-2025-05-31-15-28' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm determine whether the revision contains the guilty commit revision 83b6d498d027002e79c2ce40b5729137500c3170 crashed and is reachable testing commit 7d4e49a77d9930c69751b9192448fda6ff9100f1 gcc compiler: Debian clang version 20.1.6 (++20250514063057+1e4d39e07757-1~exp1~20250514183223.118), Debian LLD 20.1.6 kernel signature: 86525101c3a00105fbace24d5fccc19177e2e9c3f6c01e643e2b58d5ededaab6 all runs: OK false negative chance: 0.000 # git bisect bad 7d4e49a77d9930c69751b9192448fda6ff9100f1 Bisecting: 64 revisions left to test after this (roughly 6 steps) [4496e1c1354bd4837bcc1414f6e1a4d042857903] crash_dump, nvme: select CONFIGFS_FS as built-in determine whether the revision contains the guilty commit revision 80e54e84911a923c40d7bee33a34c1b4be148d7a crashed and is reachable testing commit 4496e1c1354bd4837bcc1414f6e1a4d042857903 gcc compiler: Debian clang version 20.1.6 (++20250514063057+1e4d39e07757-1~exp1~20250514183223.118), Debian LLD 20.1.6 kernel signature: 33fc95efba885fec7d61e0f45e3e2b4a176add8892ae688235aa5a80df7ca6b6 all runs: OK false negative chance: 0.000 # git bisect bad 4496e1c1354bd4837bcc1414f6e1a4d042857903 Bisecting: 31 revisions left to test after this (roughly 5 steps) [cdc3ed3035d0fe934aa1d9b78ce256752fd3bb7d] ocfs2: fix possible memory leak in ocfs2_finish_quota_recovery determine whether the revision contains the guilty commit revision 80e54e84911a923c40d7bee33a34c1b4be148d7a crashed and is reachable testing commit cdc3ed3035d0fe934aa1d9b78ce256752fd3bb7d gcc compiler: Debian clang version 20.1.6 (++20250514063057+1e4d39e07757-1~exp1~20250514183223.118), Debian LLD 20.1.6 kernel signature: b25273315c11ca394ac2cd3f82c6e672b47934e8d09f9b994329f7e7a0b64d93 all runs: OK false negative chance: 0.000 # git bisect bad cdc3ed3035d0fe934aa1d9b78ce256752fd3bb7d Bisecting: 15 revisions left to test after this (roughly 4 steps) [50af973cd71ab9eea3b18429343659f4a6ebd825] ocfs2: o2net_idle_timer: Rename del_timer_sync in comment determine whether the revision contains the guilty commit revision 80e54e84911a923c40d7bee33a34c1b4be148d7a crashed and is reachable testing commit 50af973cd71ab9eea3b18429343659f4a6ebd825 gcc compiler: Debian clang version 20.1.6 (++20250514063057+1e4d39e07757-1~exp1~20250514183223.118), Debian LLD 20.1.6 kernel signature: e9da40fafd38b08f63e8fc68bd945b3f4a015c3425c5086db886509b42007c73 all runs: OK false negative chance: 0.000 # git bisect bad 50af973cd71ab9eea3b18429343659f4a6ebd825 Bisecting: 7 revisions left to test after this (roughly 3 steps) [15d4734c7a5837bd1a3d261ae232fa698fef39c4] checkpatch: qualify do-while-0 advice determine whether the revision contains the guilty commit revision 80e54e84911a923c40d7bee33a34c1b4be148d7a crashed and is reachable testing commit 15d4734c7a5837bd1a3d261ae232fa698fef39c4 gcc compiler: Debian clang version 20.1.6 (++20250514063057+1e4d39e07757-1~exp1~20250514183223.118), Debian LLD 20.1.6 kernel signature: f40cb44aa93eb77d56b44992111b37cc236028c0a9f3162230434b1ca6b0de14 all runs: OK false negative chance: 0.000 # git bisect bad 15d4734c7a5837bd1a3d261ae232fa698fef39c4 Bisecting: 3 revisions left to test after this (roughly 2 steps) [db80bd2cea1b7c2574578461c9de4c3d9ee7634a] task_stack.h: remove obsolete __HAVE_ARCH_KSTACK_END check determine whether the revision contains the guilty commit revision 80e54e84911a923c40d7bee33a34c1b4be148d7a crashed and is reachable testing commit db80bd2cea1b7c2574578461c9de4c3d9ee7634a gcc compiler: Debian clang version 20.1.6 (++20250514063057+1e4d39e07757-1~exp1~20250514183223.118), Debian LLD 20.1.6 kernel signature: 7aff0359803218765a9774d07aa2c68c781214512859b180fd99fc11754eacb5 all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in do_pagemap_cmd representative crash: BUG: unable to handle kernel NULL pointer dereference in do_pagemap_cmd, types: [UNKNOWN] # git bisect good db80bd2cea1b7c2574578461c9de4c3d9ee7634a Bisecting: 1 revision left to test after this (roughly 1 step) [65c66047259fad1b868d4454bc5af95b46a5f954] proc: fix the issue of proc_mem_open returning NULL determine whether the revision contains the guilty commit revision db80bd2cea1b7c2574578461c9de4c3d9ee7634a crashed and is reachable testing commit 65c66047259fad1b868d4454bc5af95b46a5f954 gcc compiler: Debian clang version 20.1.6 (++20250514063057+1e4d39e07757-1~exp1~20250514183223.118), Debian LLD 20.1.6 kernel signature: 9ac8d38b7d3f3e08a28a6c6ab803d4f5ae1bbe5050190367a2f62ff2e8ae5e27 all runs: OK false negative chance: 0.000 # git bisect bad 65c66047259fad1b868d4454bc5af95b46a5f954 Bisecting: 0 revisions left to test after this (roughly 0 steps) [3dfd79cc8772bc2f02e060aa8c0bbbba8c1a1e45] lib/rbtree.c: fix the example typo determine whether the revision contains the guilty commit revision db80bd2cea1b7c2574578461c9de4c3d9ee7634a crashed and is reachable testing commit 3dfd79cc8772bc2f02e060aa8c0bbbba8c1a1e45 gcc compiler: Debian clang version 20.1.6 (++20250514063057+1e4d39e07757-1~exp1~20250514183223.118), Debian LLD 20.1.6 kernel signature: 67697877b7d2be51013681870f390728cdebd48c9756a5e29ed812cc36077e27 all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in do_pagemap_cmd representative crash: BUG: unable to handle kernel NULL pointer dereference in do_pagemap_cmd, types: [UNKNOWN] # git bisect good 3dfd79cc8772bc2f02e060aa8c0bbbba8c1a1e45 65c66047259fad1b868d4454bc5af95b46a5f954 is the first bad commit commit 65c66047259fad1b868d4454bc5af95b46a5f954 Author: Penglei Jiang Date: Thu Apr 3 23:33:57 2025 -0700 proc: fix the issue of proc_mem_open returning NULL proc_mem_open() can return an errno, NULL, or mm_struct*. If it fails to acquire mm, it returns NULL, but the caller does not check for the case when the return value is NULL. The following conditions lead to failure in acquiring mm: - The task is a kernel thread (PF_KTHREAD) - The task is exiting (PF_EXITING) Changes: - Add documentation comments for the return value of proc_mem_open(). - Add checks in the caller to return -ESRCH when proc_mem_open() returns NULL. Link: https://lkml.kernel.org/r/20250404063357.78891-1-superman.xpt@gmail.com Reported-by: syzbot+f9238a0a31f9b5603fef@syzkaller.appspotmail.com Closes: https://lore.kernel.org/all/000000000000f52642060d4e3750@google.com Signed-off-by: Penglei Jiang Cc: Al Viro Cc: Adrian Ratiu Cc: Christian Brauner Cc: Felix Moessbauer Cc: Jeff layton Cc: Lorenzo Stoakes Cc: Mateusz Guzik Cc: Thomas Gleinxer Cc: xu xin Cc: Alexey Dobriyan Signed-off-by: Andrew Morton fs/proc/base.c | 12 +++++++++--- fs/proc/task_mmu.c | 12 ++++++------ fs/proc/task_nommu.c | 4 ++-- 3 files changed, 17 insertions(+), 11 deletions(-) accumulated error probability: 0.00 culprit signature: 9ac8d38b7d3f3e08a28a6c6ab803d4f5ae1bbe5050190367a2f62ff2e8ae5e27 parent signature: 67697877b7d2be51013681870f390728cdebd48c9756a5e29ed812cc36077e27 revisions tested: 22, total time: 9h16m43.948086793s (build: 6h6m31.833181814s, test: 2h42m48.414002086s) first good commit: 65c66047259fad1b868d4454bc5af95b46a5f954 proc: fix the issue of proc_mem_open returning NULL recipients (to): ["akpm@linux-foundation.org" "linux-fsdevel@vger.kernel.org" "superman.xpt@gmail.com"] recipients (cc): ["adrian.ratiu@collabora.com" "akpm@linux-foundation.org" "andrii@kernel.org" "brauner@kernel.org" "david@redhat.com" "linux-kernel@vger.kernel.org" "superman.xpt@gmail.com" "tglx@linutronix.de"]