* [Bug 221696] New: btmtk: regression in 6.6.142: NULL pointer dereference in btmtk_usb_hci_wmt_sync during resume from S4
@ 2026-06-27 10:13 bugzilla-daemon
2026-07-01 6:42 ` [Bug 221696] " bugzilla-daemon
` (8 more replies)
0 siblings, 9 replies; 10+ messages in thread
From: bugzilla-daemon @ 2026-06-27 10:13 UTC (permalink / raw)
To: linux-bluetooth
https://bugzilla.kernel.org/show_bug.cgi?id=221696
Bug ID: 221696
Summary: btmtk: regression in 6.6.142: NULL pointer dereference
in btmtk_usb_hci_wmt_sync during resume from S4
Product: Drivers
Version: 2.5
Kernel Version: 6.6.142
Hardware: All
OS: Linux
Status: NEW
Severity: normal
Priority: P3
Component: Bluetooth
Assignee: linux-bluetooth@vger.kernel.org
Reporter: kernel@mattwhitlock.name
Regression: Yes
I have a problem that appeared in the 6.6.y series recently, I believe in or
around f0457842215438786e2e205ad06a4fbb8ab63cd0, although I haven't bisected.
The problem did not exist in 6.6.140 but does exist in 6.6.142 and 6.6.143.
The problem — during resume from hibernation (platform S4) I see this NULL
pointer dereference in the kernel log:
BUG: kernel NULL pointer dereference, address: 0000000000000219
#PF: supervisor read access in kernel mode
#PF: error_code(0x0000) - not-present page
PGD 0 P4D 0
Oops: 0000 [#1] SMP
CPU: 7 PID: 214 Comm: kworker/u33:0 Not tainted 6.6.143-gentoo #1
Hardware name: Framework Laptop 16 (AMD Ryzen 7040 Series)/FRANMZCP09, BIOS
04.03 12/22/2025
Workqueue: hci0 hci_power_on
RIP: 0010:__pm_runtime_resume+0x15/0x80
Code: 55 fe ff ff 83 e0 02 45 31 e4 e9 45 fd ff ff 66 0f 1f 44 00 00 f3 0f 1e
fa 41 54 55 53 48 89 fb 48 83 ec…
RSP: 0018:ffffc90004a37c18 EFLAGS: 00010246
RAX: ffff88810bdcd4f8 RBX: 0000000000000050 RCX: 0000000000000000
RDX: 0000000000000035 RSI: 0000000000000004 RDI: 0000000000000050
RBP: 0000000000000035 R08: ffff888fdfde6bd0 R09: ffff888101338a40
R10: 0000000000000001 R11: 0000000000000040 R12: ffff888101338a40
R13: ffffc90004a37cc0 R14: 000000000000003a R15: ffffc90004a37cb4
FS: 0000000000000000(0000) GS:ffff888fdfdc0000(0000) knlGS:0000000000000000
GS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000219 CR3: 0000000003e11000 CR4: 0000000000750ee0
PKRU: 55555554
Call Trace:
<TASK>
usb_autopm_get_interface+0x1a/0x50
btmtk_usb_hci_wmt_sync+0xb8/0x480
? btmtk_usb_wmt_recv+0x240/0x240
btmtk_setup_firmware_79xx+0x1a4/0x360
btusb_mtk_setup+0x45b/0x690
hci_dev_open_sync+0xdd/0xa40
? try_to_wake_up+0x235/0x510
hci_power_on+0x69/0x2b0
? lock_timer_base+0x6a/0x90
process_one_work+0x154/0x2f0
? process_one_work+0x2f0/0x2f0
worker_thread+0x18b/0x310
kthread+0xe0/0x110
? kthread_complete_and_exit+0x30/0x30
ret_from_fork+0x2c/0x40
? kthread_complete_and_exit+0x30/0x30
ret_from_frok_asm+0x11/0x20
</TASK>
CR2: 0000000000000219
---[ end trace 0000000000000000 ]---
The BUG dump appears while the system is waiting for me to enter my LUKS
passphrase — i.e., *before* the initramfs writes the swap device major:minor to
/sys/power/resume to initiate resume from hibernation.
I am still running kernel 6.6.140 in my current session. In other words, a
6.6.143 kernel is booting to resume a suspended session that is running a
6.6.140 kernel.
--
You may reply to this email to add a comment.
You are receiving this mail because:
You are the assignee for the bug.
^ permalink raw reply [flat|nested] 10+ messages in thread
* [Bug 221696] btmtk: regression in 6.6.142: NULL pointer dereference in btmtk_usb_hci_wmt_sync during resume from S4
2026-06-27 10:13 [Bug 221696] New: btmtk: regression in 6.6.142: NULL pointer dereference in btmtk_usb_hci_wmt_sync during resume from S4 bugzilla-daemon
@ 2026-07-01 6:42 ` bugzilla-daemon
2026-07-02 6:46 ` bugzilla-daemon
` (7 subsequent siblings)
8 siblings, 0 replies; 10+ messages in thread
From: bugzilla-daemon @ 2026-07-01 6:42 UTC (permalink / raw)
To: linux-bluetooth
https://bugzilla.kernel.org/show_bug.cgi?id=221696
The Linux kernel's regression tracker (Thorsten Leemhuis) (regressions@leemhuis.info) changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |regressions@leemhuis.info
--- Comment #1 from The Linux kernel's regression tracker (Thorsten Leemhuis) (regressions@leemhuis.info) ---
Not my area of expertise, but sounds a bit like your problem will hopefully
soon be fixed by
https://lore.kernel.org/all/20260626104604.3465124-1-sivakumar.bs@gmail.com/
--
You may reply to this email to add a comment.
You are receiving this mail because:
You are the assignee for the bug.
^ permalink raw reply [flat|nested] 10+ messages in thread
* [Bug 221696] btmtk: regression in 6.6.142: NULL pointer dereference in btmtk_usb_hci_wmt_sync during resume from S4
2026-06-27 10:13 [Bug 221696] New: btmtk: regression in 6.6.142: NULL pointer dereference in btmtk_usb_hci_wmt_sync during resume from S4 bugzilla-daemon
2026-07-01 6:42 ` [Bug 221696] " bugzilla-daemon
@ 2026-07-02 6:46 ` bugzilla-daemon
2026-07-02 6:53 ` bugzilla-daemon
` (6 subsequent siblings)
8 siblings, 0 replies; 10+ messages in thread
From: bugzilla-daemon @ 2026-07-02 6:46 UTC (permalink / raw)
To: linux-bluetooth
https://bugzilla.kernel.org/show_bug.cgi?id=221696
--- Comment #2 from Matt Whitlock (kernel@mattwhitlock.name) ---
(In reply to The Linux kernel's regression tracker (Thorsten Leemhuis) from
comment #1)
> Not my area of expertise, but sounds a bit like your problem will hopefully
> soon be fixed by
> https://lore.kernel.org/all/20260626104604.3465124-1-sivakumar.bs@gmail.com/
Thanks for the tip. I applied those two patches atop 6.6.143, then rebuilt and
rebooted, but the BUG trace still appears in the kernel log. I agree that the
patches did look promising, but they do not solve my issue.
--
You may reply to this email to add a comment.
You are receiving this mail because:
You are the assignee for the bug.
^ permalink raw reply [flat|nested] 10+ messages in thread
* [Bug 221696] btmtk: regression in 6.6.142: NULL pointer dereference in btmtk_usb_hci_wmt_sync during resume from S4
2026-06-27 10:13 [Bug 221696] New: btmtk: regression in 6.6.142: NULL pointer dereference in btmtk_usb_hci_wmt_sync during resume from S4 bugzilla-daemon
2026-07-01 6:42 ` [Bug 221696] " bugzilla-daemon
2026-07-02 6:46 ` bugzilla-daemon
@ 2026-07-02 6:53 ` bugzilla-daemon
2026-07-02 8:41 ` bugzilla-daemon
` (5 subsequent siblings)
8 siblings, 0 replies; 10+ messages in thread
From: bugzilla-daemon @ 2026-07-02 6:53 UTC (permalink / raw)
To: linux-bluetooth
https://bugzilla.kernel.org/show_bug.cgi?id=221696
--- Comment #3 from The Linux kernel's regression tracker (Thorsten Leemhuis) (regressions@leemhuis.info) ---
In that case: unless someone chimes in here with an idea what's wrong you most
likely need to check (a) if 7.2-rc is affected as well and (b) run a git
bisection (c) check if this is a stable-specific problem or happens in
mainline, too.
--
You may reply to this email to add a comment.
You are receiving this mail because:
You are the assignee for the bug.
^ permalink raw reply [flat|nested] 10+ messages in thread
* [Bug 221696] btmtk: regression in 6.6.142: NULL pointer dereference in btmtk_usb_hci_wmt_sync during resume from S4
2026-06-27 10:13 [Bug 221696] New: btmtk: regression in 6.6.142: NULL pointer dereference in btmtk_usb_hci_wmt_sync during resume from S4 bugzilla-daemon
` (2 preceding siblings ...)
2026-07-02 6:53 ` bugzilla-daemon
@ 2026-07-02 8:41 ` bugzilla-daemon
2026-07-02 9:13 ` bugzilla-daemon
` (4 subsequent siblings)
8 siblings, 0 replies; 10+ messages in thread
From: bugzilla-daemon @ 2026-07-02 8:41 UTC (permalink / raw)
To: linux-bluetooth
https://bugzilla.kernel.org/show_bug.cgi?id=221696
--- Comment #4 from Matt Whitlock (kernel@mattwhitlock.name) ---
(In reply to The Linux kernel's regression tracker (Thorsten Leemhuis) from
comment #3)
> (b) run a git bisection
# bad: [924b4a879cbb75aef37c160b955b92f6894b11a4] Linux 6.6.142
# good: [eac8889a3a1c81d7113cc4656b9420e84c379cf5] Linux 6.6.140
git bisect start '--no-checkout' 'refs/tags/v6.6.142' 'refs/tags/v6.6.140'
# good: [1ff46c9915c1cbf454db58a8cb87f7cac818e6a6] ksmbd: scope conn->binding
slowpath to bound sessions only
git bisect good 1ff46c9915c1cbf454db58a8cb87f7cac818e6a6
# good: [9426265e157dd77ec237c795901ed4dea6d69b5c] mptcp: pm: ADD_ADDR rtx:
always decrease sk refcount
git bisect good 9426265e157dd77ec237c795901ed4dea6d69b5c
# good: [f85c81e93dbd6915970bd5f3bffcf62633c4c54c] hwmon: (pmbus/adm1266)
reject implausible blackbox record_count
git bisect good f85c81e93dbd6915970bd5f3bffcf62633c4c54c
# good: [acdc12b71c9aa4be5dcd2c8062753c6d2033e235] net: tls: prevent
chain-after-chain in plain text SG
git bisect good acdc12b71c9aa4be5dcd2c8062753c6d2033e235
# good: [60ef1675b652e912f3eb064767af4432393291fd] pds_core: fix debugfs_lookup
dentry leak and error handling
git bisect good 60ef1675b652e912f3eb064767af4432393291fd
# bad: [c9ea01768903ae47f210cd457af1dead6de7a9c3] bpf, skmsg: fix verdict
sk_data_ready racing with ktls rx
git bisect bad c9ea01768903ae47f210cd457af1dead6de7a9c3
# good: [b748250d778e575ef1a0e09939bd1366ee9b6bbf] Bluetooth: btmtk: add the
function to get the fw name
git bisect good b748250d778e575ef1a0e09939bd1366ee9b6bbf
# bad: [f0457842215438786e2e205ad06a4fbb8ab63cd0] Bluetooth: btmtk: move
btusb_mtk_hci_wmt_sync to btmtk.c
git bisect bad f0457842215438786e2e205ad06a4fbb8ab63cd0
# good: [73377cf3056ad72b10df90f54ce6b9822057bc66] Bluetooth: btmtk: rename
btmediatek_data
git bisect good 73377cf3056ad72b10df90f54ce6b9822057bc66
# first 'bad' commit: [f0457842215438786e2e205ad06a4fbb8ab63cd0] Bluetooth:
btmtk: move btusb_mtk_hci_wmt_sync to btmtk.c
f0457842215438786e2e205ad06a4fbb8ab63cd0 is the first 'bad' commit
commit f0457842215438786e2e205ad06a4fbb8ab63cd0
Author: Chris Lu <chris.lu@mediatek.com>
Date: Thu Jul 4 14:01:13 2024 +0800
Bluetooth: btmtk: move btusb_mtk_hci_wmt_sync to btmtk.c
[ Upstream commit d019930b0049fc2648a6b279893d8ad330596e81 ]
Move btusb_mtk_hci_wmt_sync from btusb.c to btmtk.c which holds
vendor specific stuff and would make btusb.c clean.
Add usb.h header to btmtksdio.c/btmtkuart.c for usb related element
defined in btmtk.h
Signed-off-by: Sean Wang <sean.wang@mediatek.com>
Signed-off-by: Chris Lu <chris.lu@mediatek.com>
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Stable-dep-of: dd1dda6b8d6e ("Bluetooth: btmtk: fix urb->setup_packet leak
in error paths")
Signed-off-by: Sasha Levin <sashal@kernel.org>
drivers/bluetooth/btmtk.c | 265 ++++++++++++++++++++++++++++++++++++++
drivers/bluetooth/btmtk.h | 31 +++++
drivers/bluetooth/btmtksdio.c | 1 +
drivers/bluetooth/btmtkuart.c | 1 +
drivers/bluetooth/btusb.c | 290 +-----------------------------------------
5 files changed, 305 insertions(+), 283 deletions(-)
--
You may reply to this email to add a comment.
You are receiving this mail because:
You are the assignee for the bug.
^ permalink raw reply [flat|nested] 10+ messages in thread
* [Bug 221696] btmtk: regression in 6.6.142: NULL pointer dereference in btmtk_usb_hci_wmt_sync during resume from S4
2026-06-27 10:13 [Bug 221696] New: btmtk: regression in 6.6.142: NULL pointer dereference in btmtk_usb_hci_wmt_sync during resume from S4 bugzilla-daemon
` (3 preceding siblings ...)
2026-07-02 8:41 ` bugzilla-daemon
@ 2026-07-02 9:13 ` bugzilla-daemon
2026-07-02 9:25 ` bugzilla-daemon
` (3 subsequent siblings)
8 siblings, 0 replies; 10+ messages in thread
From: bugzilla-daemon @ 2026-07-02 9:13 UTC (permalink / raw)
To: linux-bluetooth
https://bugzilla.kernel.org/show_bug.cgi?id=221696
--- Comment #5 from Matt Whitlock (kernel@mattwhitlock.name) ---
(In reply to The Linux kernel's regression tracker (Thorsten Leemhuis) from
comment #3)
> (a) if 7.2-rc is affected as well
The problem does not present on torvalds/master at
4a50a141f05a8d1737661b19ee22ff8455b94409.
I'll check the "upstream commit" d019930b0049fc2648a6b279893d8ad330596e81, and
if that's bad, then I'll bisect to find where the fix happened.
--
You may reply to this email to add a comment.
You are receiving this mail because:
You are the assignee for the bug.
^ permalink raw reply [flat|nested] 10+ messages in thread
* [Bug 221696] btmtk: regression in 6.6.142: NULL pointer dereference in btmtk_usb_hci_wmt_sync during resume from S4
2026-06-27 10:13 [Bug 221696] New: btmtk: regression in 6.6.142: NULL pointer dereference in btmtk_usb_hci_wmt_sync during resume from S4 bugzilla-daemon
` (4 preceding siblings ...)
2026-07-02 9:13 ` bugzilla-daemon
@ 2026-07-02 9:25 ` bugzilla-daemon
2026-07-02 12:36 ` bugzilla-daemon
` (2 subsequent siblings)
8 siblings, 0 replies; 10+ messages in thread
From: bugzilla-daemon @ 2026-07-02 9:25 UTC (permalink / raw)
To: linux-bluetooth
https://bugzilla.kernel.org/show_bug.cgi?id=221696
--- Comment #6 from The Linux kernel's regression tracker (Thorsten Leemhuis) (regressions@leemhuis.info) ---
Another wild guess: wondering if e3ac0d9f1a205f ("Bluetooth: btmtk: accept too
short WMT FUNC_CTRL events") [v7.1-rc5, v7.0.10, v6.18.33, v6.12.91] will help
(https://lore.kernel.org/all/770d36b07311bf88210c187923f243fb9f126f04.1777058551.git.pav@iki.fi/
)
--
You may reply to this email to add a comment.
You are receiving this mail because:
You are the assignee for the bug.
^ permalink raw reply [flat|nested] 10+ messages in thread
* [Bug 221696] btmtk: regression in 6.6.142: NULL pointer dereference in btmtk_usb_hci_wmt_sync during resume from S4
2026-06-27 10:13 [Bug 221696] New: btmtk: regression in 6.6.142: NULL pointer dereference in btmtk_usb_hci_wmt_sync during resume from S4 bugzilla-daemon
` (5 preceding siblings ...)
2026-07-02 9:25 ` bugzilla-daemon
@ 2026-07-02 12:36 ` bugzilla-daemon
2026-07-02 14:18 ` bugzilla-daemon
2026-07-02 14:52 ` bugzilla-daemon
8 siblings, 0 replies; 10+ messages in thread
From: bugzilla-daemon @ 2026-07-02 12:36 UTC (permalink / raw)
To: linux-bluetooth
https://bugzilla.kernel.org/show_bug.cgi?id=221696
--- Comment #7 from Matt Whitlock (kernel@mattwhitlock.name) ---
(In reply to Matt Whitlock from comment #5)
> I'll check the "upstream commit" d019930b0049fc2648a6b279893d8ad330596e81,
> and if that's bad, then I'll bisect to find where the fix happened.
Well that bisection took an absurd amount of time and yielded a nonsensical
result.
I told git-bisect that d019930b0049fc2648a6b279893d8ad330596e81 (which indeed
exhibits the bug) was "old" and that torvalds/master
(4a50a141f05a8d1737661b19ee22ff8455b94409) was "new", and this is how it went:
# status: waiting for both 'good' and 'bad' commits
# old: [d019930b0049fc2648a6b279893d8ad330596e81] Bluetooth: btmtk: move
btusb_mtk_hci_wmt_sync to btmtk.c
git bisect old d019930b0049fc2648a6b279893d8ad330596e81
# status: waiting for 'new' commit, 1 'old' commit known
# new: [4a50a141f05a8d1737661b19ee22ff8455b94409] Merge tag
'bootconfig-fixes-v7.2-rc1' of
git://git.kernel.org/pub/scm/linux/kernel/git/trace/linux-trace
git bisect new 4a50a141f05a8d1737661b19ee22ff8455b94409
# new: [115e74a29b530d121891238e9551c4bcdf7b04b5] Merge tag 'soc-dt-6.17' of
git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc
git bisect new 115e74a29b530d121891238e9551c4bcdf7b04b5
# new: [b394eabd539d01db10e27b57ac2497cbd1d32c6d] Merge tag
'chrome-platform-v6.14' of
git://git.kernel.org/pub/scm/linux/kernel/git/chrome-platform/linux
git bisect new b394eabd539d01db10e27b57ac2497cbd1d32c6d
# new: [f8ffbc365f703d74ecca8ca787318d05bbee2bf7] Merge tag
'pull-stable-struct_fd' of
git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
git bisect new f8ffbc365f703d74ecca8ca787318d05bbee2bf7
# new: [c85e1497dd10879f447d6a12f97762c581093e9b] Merge tag 'i3c/for-6.11' of
git://git.kernel.org/pub/scm/linux/kernel/git/i3c/linux
git bisect new c85e1497dd10879f447d6a12f97762c581093e9b
# new: [b3ce7a30847a54a7f96a35e609303d8afecd460b] Merge tag
'drm-next-2024-07-18' of https://gitlab.freedesktop.org/drm/kernel
git bisect new b3ce7a30847a54a7f96a35e609303d8afecd460b
# new: [e2f710f97f3544df08ebe608c8157536e0ffb494] Merge tag 'ata-6.11-rc1' of
git://git.kernel.org/pub/scm/linux/kernel/git/libata/linux
git bisect new e2f710f97f3544df08ebe608c8157536e0ffb494
# new: [cc0f7c3f97bc6e888bf4be28a9da9dbd3735d2b4] Merge tag 'soc-drivers-6.11'
of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc
git bisect new cc0f7c3f97bc6e888bf4be28a9da9dbd3735d2b4
# new: [cdf471c348c1200ca243775b4b8d6eaa6d7f3979] Merge tag
'tag-chrome-platform-firmware-for-v6.11' of
git://git.kernel.org/pub/scm/linux/kernel/git/chrome-platform/linux
git bisect new cdf471c348c1200ca243775b4b8d6eaa6d7f3979
# new: [3e7819886281e077e82006fe4804b0d6b0f5643b] Merge tag
'for-6.11/block-20240710' of git://git.kernel.dk/linux
git bisect new 3e7819886281e077e82006fe4804b0d6b0f5643b
# new: [3a56e241732975c2c1247047ddbfc0ac6f6a4905] Merge tag
'for-6.11/io_uring-20240714' of git://git.kernel.dk/linux
git bisect new 3a56e241732975c2c1247047ddbfc0ac6f6a4905
# new: [7d156879ffd6c48428c2f46d5c2b4b80d9c9ee79] Merge tag
'vfs-6.11.module.description' of
git://git.kernel.org/pub/scm/linux/kernel/git/vfs/vfs
git bisect new 7d156879ffd6c48428c2f46d5c2b4b80d9c9ee79
# new: [2ffd45da0b06b26f30480584de7c660d84b2d7dc] Merge tag
'drm-fixes-2024-07-12' of https://gitlab.freedesktop.org/drm/kernel
git bisect new 2ffd45da0b06b26f30480584de7c660d84b2d7dc
# new: [a5819099f601c1af5b86b1f5921a56859e45b19a] Merge branch
'runtime-constants'
git bisect new a5819099f601c1af5b86b1f5921a56859e45b19a
# new: [35ce46324556ba2dbc66a88013870d8bec8a99ef] Merge tag
'x86_urgent_for_v6.10' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
git bisect new 35ce46324556ba2dbc66a88013870d8bec8a99ef
# new: [119736c7af442ab398dbb806865988c98ef60d46] i2c: testunit: avoid
re-issued work after read message
git bisect new 119736c7af442ab398dbb806865988c98ef60d46
# new: [0830f975e021608c527887ed2d9e122e76b9e280] MAINTAINERS: VIRTIO I2C loses
a maintainer, gains a reviewer
git bisect new 0830f975e021608c527887ed2d9e122e76b9e280
# new: [ca8e83a13ace8d63ede6501a8c313fce625c141f] MAINTAINERS: delete entries
for Thor Thayer
git bisect new ca8e83a13ace8d63ede6501a8c313fce625c141f
# first 'new' commit: [ca8e83a13ace8d63ede6501a8c313fce625c141f] MAINTAINERS:
delete entries for Thor Thayer
That "first 'new' commit," which is supposed to be the first commit that no
longer exhibits the bug, is just some housekeeping on the MAINTAINERS file.
There is no way that it could have fixed the bug. Moreover, given that there is
only one "old" commit in the entire bisection log, then the "first 'new'
commit" logically should be a direct child of that "old" commit, but it isn't.
Not even close.
So I'm genuinely flabbergasted as to how git-bisect utterly failed to do
anything logical here.
--
You may reply to this email to add a comment.
You are receiving this mail because:
You are the assignee for the bug.
^ permalink raw reply [flat|nested] 10+ messages in thread
* [Bug 221696] btmtk: regression in 6.6.142: NULL pointer dereference in btmtk_usb_hci_wmt_sync during resume from S4
2026-06-27 10:13 [Bug 221696] New: btmtk: regression in 6.6.142: NULL pointer dereference in btmtk_usb_hci_wmt_sync during resume from S4 bugzilla-daemon
` (6 preceding siblings ...)
2026-07-02 12:36 ` bugzilla-daemon
@ 2026-07-02 14:18 ` bugzilla-daemon
2026-07-02 14:52 ` bugzilla-daemon
8 siblings, 0 replies; 10+ messages in thread
From: bugzilla-daemon @ 2026-07-02 14:18 UTC (permalink / raw)
To: linux-bluetooth
https://bugzilla.kernel.org/show_bug.cgi?id=221696
--- Comment #8 from Matt Whitlock (kernel@mattwhitlock.name) ---
I've figured out where the bisection went wrong. It isn't sufficient to tell
Git that a commit that exhibits the bug is "old" and one that doesn't is "new"
because git-bisect actually wants to test some commits that do not have the
bug-introducing commit as an ancestor.
So, at each step of the bisection, I have to manually check that the
bug-introducing commit (d019930b0049fc2648a6b279893d8ad330596e81) is actually
an ancestor of the current bisection step, and if it isn't, then the current
step is definitionally "old":
$ git merge-base --is-ancestor \
d019930b0049fc2648a6b279893d8ad330596e81 BISECT_HEAD ||
git bisect old
--
You may reply to this email to add a comment.
You are receiving this mail because:
You are the assignee for the bug.
^ permalink raw reply [flat|nested] 10+ messages in thread
* [Bug 221696] btmtk: regression in 6.6.142: NULL pointer dereference in btmtk_usb_hci_wmt_sync during resume from S4
2026-06-27 10:13 [Bug 221696] New: btmtk: regression in 6.6.142: NULL pointer dereference in btmtk_usb_hci_wmt_sync during resume from S4 bugzilla-daemon
` (7 preceding siblings ...)
2026-07-02 14:18 ` bugzilla-daemon
@ 2026-07-02 14:52 ` bugzilla-daemon
8 siblings, 0 replies; 10+ messages in thread
From: bugzilla-daemon @ 2026-07-02 14:52 UTC (permalink / raw)
To: linux-bluetooth
https://bugzilla.kernel.org/show_bug.cgi?id=221696
--- Comment #9 from Matt Whitlock (kernel@mattwhitlock.name) ---
Okay, got a result that makes some sense now.
# status: waiting for both 'good' and 'bad' commits
# old: [d019930b0049fc2648a6b279893d8ad330596e81] Bluetooth: btmtk: move
btusb_mtk_hci_wmt_sync to btmtk.c
git bisect old d019930b0049fc2648a6b279893d8ad330596e81
# status: waiting for 'new' commit, 1 'old' commit known
# new: [4a50a141f05a8d1737661b19ee22ff8455b94409] Merge tag
'bootconfig-fixes-v7.2-rc1' of
git://git.kernel.org/pub/scm/linux/kernel/git/trace/linux-trace
git bisect new 4a50a141f05a8d1737661b19ee22ff8455b94409
# new: [115e74a29b530d121891238e9551c4bcdf7b04b5] Merge tag 'soc-dt-6.17' of
git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc
git bisect new 115e74a29b530d121891238e9551c4bcdf7b04b5
# new: [b394eabd539d01db10e27b57ac2497cbd1d32c6d] Merge tag
'chrome-platform-v6.14' of
git://git.kernel.org/pub/scm/linux/kernel/git/chrome-platform/linux
git bisect new b394eabd539d01db10e27b57ac2497cbd1d32c6d
# new: [f8ffbc365f703d74ecca8ca787318d05bbee2bf7] Merge tag
'pull-stable-struct_fd' of
git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
git bisect new f8ffbc365f703d74ecca8ca787318d05bbee2bf7
# new: [c85e1497dd10879f447d6a12f97762c581093e9b] Merge tag 'i3c/for-6.11' of
git://git.kernel.org/pub/scm/linux/kernel/git/i3c/linux
git bisect new c85e1497dd10879f447d6a12f97762c581093e9b
# new: [b3ce7a30847a54a7f96a35e609303d8afecd460b] Merge tag
'drm-next-2024-07-18' of https://gitlab.freedesktop.org/drm/kernel
git bisect new b3ce7a30847a54a7f96a35e609303d8afecd460b
# new: [e2f710f97f3544df08ebe608c8157536e0ffb494] Merge tag 'ata-6.11-rc1' of
git://git.kernel.org/pub/scm/linux/kernel/git/libata/linux
git bisect new e2f710f97f3544df08ebe608c8157536e0ffb494
# old: [cc0f7c3f97bc6e888bf4be28a9da9dbd3735d2b4] Merge tag 'soc-drivers-6.11'
of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc
git bisect old cc0f7c3f97bc6e888bf4be28a9da9dbd3735d2b4
# old: [cdf471c348c1200ca243775b4b8d6eaa6d7f3979] Merge tag
'tag-chrome-platform-firmware-for-v6.11' of
git://git.kernel.org/pub/scm/linux/kernel/git/chrome-platform/linux
git bisect old cdf471c348c1200ca243775b4b8d6eaa6d7f3979
# old: [3e7819886281e077e82006fe4804b0d6b0f5643b] Merge tag
'for-6.11/block-20240710' of git://git.kernel.dk/linux
git bisect old 3e7819886281e077e82006fe4804b0d6b0f5643b
# old: [3a56e241732975c2c1247047ddbfc0ac6f6a4905] Merge tag
'for-6.11/io_uring-20240714' of git://git.kernel.dk/linux
git bisect old 3a56e241732975c2c1247047ddbfc0ac6f6a4905
# old: [7d156879ffd6c48428c2f46d5c2b4b80d9c9ee79] Merge tag
'vfs-6.11.module.description' of
git://git.kernel.org/pub/scm/linux/kernel/git/vfs/vfs
git bisect old 7d156879ffd6c48428c2f46d5c2b4b80d9c9ee79
# old: [2ffd45da0b06b26f30480584de7c660d84b2d7dc] Merge tag
'drm-fixes-2024-07-12' of https://gitlab.freedesktop.org/drm/kernel
git bisect old 2ffd45da0b06b26f30480584de7c660d84b2d7dc
# old: [a5819099f601c1af5b86b1f5921a56859e45b19a] Merge branch
'runtime-constants'
git bisect old a5819099f601c1af5b86b1f5921a56859e45b19a
# old: [35ce46324556ba2dbc66a88013870d8bec8a99ef] Merge tag
'x86_urgent_for_v6.10' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
git bisect old 35ce46324556ba2dbc66a88013870d8bec8a99ef
# old: [119736c7af442ab398dbb806865988c98ef60d46] i2c: testunit: avoid
re-issued work after read message
git bisect old 119736c7af442ab398dbb806865988c98ef60d46
# old: [0830f975e021608c527887ed2d9e122e76b9e280] MAINTAINERS: VIRTIO I2C loses
a maintainer, gains a reviewer
git bisect old 0830f975e021608c527887ed2d9e122e76b9e280
# old: [ca8e83a13ace8d63ede6501a8c313fce625c141f] MAINTAINERS: delete entries
for Thor Thayer
git bisect old ca8e83a13ace8d63ede6501a8c313fce625c141f
# old: [a5db8e4544a4dc7143f30a1438686a4d5fa6d775] Merge tag 'soc-arm-6.11' of
git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc
git bisect old a5db8e4544a4dc7143f30a1438686a4d5fa6d775
# old: [0434dbe32053d07d658165be681505120c6b1abc] Merge tag
'linux_kselftest-next-6.11-rc1' of
git://git.kernel.org/pub/scm/linux/kernel/git/shuah/linux-kselftest
git bisect old 0434dbe32053d07d658165be681505120c6b1abc
# new: [6706415bf9f3dcb425f4b60a08a3a6f1d94ec0e0] Merge tag
'gfs2-v6.10-rc1-fixes' of
git://git.kernel.org/pub/scm/linux/kernel/git/gfs2/linux-gfs2
git bisect new 6706415bf9f3dcb425f4b60a08a3a6f1d94ec0e0
# new: [af58de31bebe737235f0238843f2054996998bd5] Merge branch
'eth-fbnic-add-network-driver-for-meta-platforms-host-network-interface'
git bisect new af58de31bebe737235f0238843f2054996998bd5
# old: [30b3560050486275c6207c8c90c0d53a7cc73ac1] Merge branch
'net-make-timestamping-selectable'
git bisect old 30b3560050486275c6207c8c90c0d53a7cc73ac1
# new: [03afeb613bfe6b0c28e8b843959f716a3d2c42df] flow_dissector: set
encapsulated control flags from tun_flags
git bisect new 03afeb613bfe6b0c28e8b843959f716a3d2c42df
# new: [921ad2879aa7733620585e4904ba673c6c916dab] Bluetooth: hci_qca: use the
power sequencer for wcn7850 and wcn6855
git bisect new 921ad2879aa7733620585e4904ba673c6c916dab
# new: [d4f6acfcb0b0962e2a59165108e212a976d1f078] Bluetooth: btnxpuart: Add
support for IW615 chipset
git bisect new d4f6acfcb0b0962e2a59165108e212a976d1f078
# new: [ceac1cb0259de682d78f5c784ef8e0b13022e9d9] Bluetooth: btusb: mediatek:
add ISO data transmission functions
git bisect new ceac1cb0259de682d78f5c784ef8e0b13022e9d9
# new: [6dc22ab9f085ae165e4ce89d61fb426f94e8a969] Bluetooth: btmtk: move
btusb_recv_acl_mtk to btmtk.c
git bisect new 6dc22ab9f085ae165e4ce89d61fb426f94e8a969
# new: [5c5e8c52e3cafaa6f71efd44a42a674271e5b3ad] Bluetooth: btmtk: move
btusb_mtk_[setup, shutdown] to btmtk.c
git bisect new 5c5e8c52e3cafaa6f71efd44a42a674271e5b3ad
# first 'new' commit: [5c5e8c52e3cafaa6f71efd44a42a674271e5b3ad] Bluetooth:
btmtk: move btusb_mtk_[setup, shutdown] to btmtk.c
5c5e8c52e3cafaa6f71efd44a42a674271e5b3ad is the first 'new' commit
commit 5c5e8c52e3cafaa6f71efd44a42a674271e5b3ad
Author: Chris Lu <chris.lu@mediatek.com>
Date: Thu Jul 4 14:01:14 2024 +0800
Bluetooth: btmtk: move btusb_mtk_[setup, shutdown] to btmtk.c
Move btusb_mtk_[setup, shutdown] and related function from
btusb.c to btmtk.c which holds vendor specific stuff and
would make btusb.c clean.
Signed-off-by: Sean Wang <sean.wang@mediatek.com>
Signed-off-by: Chris Lu <chris.lu@mediatek.com>
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
drivers/bluetooth/btmtk.c | 454
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++-
drivers/bluetooth/btmtk.h | 23 ++++-
drivers/bluetooth/btusb.c | 452
+++----------------------------------------------------------------------------------------------
3 files changed, 484 insertions(+), 445 deletions(-)
--
You may reply to this email to add a comment.
You are receiving this mail because:
You are the assignee for the bug.
^ permalink raw reply [flat|nested] 10+ messages in thread
end of thread, other threads:[~2026-07-02 14:52 UTC | newest]
Thread overview: 10+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-06-27 10:13 [Bug 221696] New: btmtk: regression in 6.6.142: NULL pointer dereference in btmtk_usb_hci_wmt_sync during resume from S4 bugzilla-daemon
2026-07-01 6:42 ` [Bug 221696] " bugzilla-daemon
2026-07-02 6:46 ` bugzilla-daemon
2026-07-02 6:53 ` bugzilla-daemon
2026-07-02 8:41 ` bugzilla-daemon
2026-07-02 9:13 ` bugzilla-daemon
2026-07-02 9:25 ` bugzilla-daemon
2026-07-02 12:36 ` bugzilla-daemon
2026-07-02 14:18 ` bugzilla-daemon
2026-07-02 14:52 ` bugzilla-daemon
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox