ci2 starts bisection 2023-08-02 07:53:43.701976754 +0000 UTC m=+56636.408698897 bisecting cause commit starting from 5d0c230f1de8c7515b6567d9afba1f196fb4e2f4 building syzkaller on df07ffe8f9d561e9795b2dcf75a2af0bc1e7e9fa ensuring issue is reproducible on original commit 5d0c230f1de8c7515b6567d9afba1f196fb4e2f4 testing commit 5d0c230f1de8c7515b6567d9afba1f196fb4e2f4 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: a432dc37f2d7c219dad23f919174cec628d67b8a1d56df295f6b3d3727fbd196 all runs: crashed: kernel BUG in btrfs_cancel_balance representative crash: kernel BUG in btrfs_cancel_balance, types: [BUG] check whether we can drop unnecessary instrumentation disabling configs for [KASAN LOCKDEP ATOMIC_SLEEP HANG LEAK UBSAN], they are not needed testing commit 5d0c230f1de8c7515b6567d9afba1f196fb4e2f4 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: a764023df52f0293c1f1f43482de17a59949bfe4ea38207be61d779fd00ecc12 all runs: crashed: kernel BUG in btrfs_cancel_balance representative crash: kernel BUG in btrfs_cancel_balance, types: [BUG] the bug reproduces without the instrumentation disabling configs for [HANG LEAK UBSAN KASAN LOCKDEP ATOMIC_SLEEP], they are not needed kconfig minimization: base=3876 full=7644 leaves diff=1998 split chunks (needed=false): <1998> split chunk #0 of len 1998 into 5 parts testing without sub-chunk 1/5 disabling configs for [LOCKDEP ATOMIC_SLEEP HANG LEAK UBSAN KASAN], they are not needed testing commit 5d0c230f1de8c7515b6567d9afba1f196fb4e2f4 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: b538c2fb0e8656c9c1c0f89bdd680bef4fc941314db7ce375ff3ca0ad9917b8a all runs: OK false negative chance: 0.000 testing without sub-chunk 2/5 disabling configs for [LOCKDEP ATOMIC_SLEEP HANG LEAK UBSAN KASAN], they are not needed testing commit 5d0c230f1de8c7515b6567d9afba1f196fb4e2f4 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: f3356222117047c647a223758825aa56d32bbaabd411dae8833c0579c57c40b7 all runs: crashed: kernel BUG in btrfs_cancel_balance representative crash: kernel BUG in btrfs_cancel_balance, types: [BUG] the chunk can be dropped testing without sub-chunk 3/5 disabling configs for [KASAN LOCKDEP ATOMIC_SLEEP HANG LEAK UBSAN], they are not needed testing commit 5d0c230f1de8c7515b6567d9afba1f196fb4e2f4 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 08ef56093335d71ce50cffe89d9b4c24cb8f329fa29c5ea0ac2a644c7b9ecda4 all runs: crashed: kernel BUG in btrfs_cancel_balance representative crash: kernel BUG in btrfs_cancel_balance, types: [BUG] the chunk can be dropped testing without sub-chunk 4/5 disabling configs for [HANG LEAK UBSAN KASAN LOCKDEP ATOMIC_SLEEP], they are not needed testing commit 5d0c230f1de8c7515b6567d9afba1f196fb4e2f4 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 73cce1815d07cb3a2cbc72e32fad811280c3623e84b282e490e47258feb52121 all runs: crashed: kernel BUG in btrfs_cancel_balance representative crash: kernel BUG in btrfs_cancel_balance, types: [BUG] the chunk can be dropped testing without sub-chunk 5/5 disabling configs for [HANG LEAK UBSAN KASAN LOCKDEP ATOMIC_SLEEP], they are not needed testing commit 5d0c230f1de8c7515b6567d9afba1f196fb4e2f4 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 8ab517d24b60b5ebe461be5fb13b866527b5bf5664fcc43907f26088e0023aaf all runs: crashed: kernel BUG in btrfs_cancel_balance representative crash: kernel BUG in btrfs_cancel_balance, types: [BUG] the chunk can be dropped minimized to 400 configs; suspects: [6LOWPAN 6LOWPAN_GHC_EXT_HDR_DEST 6LOWPAN_GHC_EXT_HDR_FRAG 6LOWPAN_GHC_EXT_HDR_HOP 6LOWPAN_GHC_EXT_HDR_ROUTE 6LOWPAN_GHC_ICMPV6 6LOWPAN_GHC_UDP 6LOWPAN_NHC 6LOWPAN_NHC_DEST 6LOWPAN_NHC_FRAGMENT 6LOWPAN_NHC_HOP 6LOWPAN_NHC_IPV6 6LOWPAN_NHC_MOBILITY 6LOWPAN_NHC_ROUTING 6LOWPAN_NHC_UDP 6PACK 842_COMPRESS 842_DECOMPRESS 9P_FSCACHE 9P_FS_POSIX_ACL 9P_FS_SECURITY ACORN_PARTITION ACORN_PARTITION_ADFS ACORN_PARTITION_CUMANA ACORN_PARTITION_EESOX ACORN_PARTITION_ICS ACORN_PARTITION_POWERTEC ACORN_PARTITION_RISCIX ACPI_NFIT ACPI_PLATFORM_PROFILE ADDRESS_MASKING ADFS_FS AFFS_FS AFS_FS AFS_FSCACHE AF_KCM AF_RXRPC AF_RXRPC_IPV6 AIX_PARTITION AMIGA_PARTITION ANDROID_BINDERFS ANDROID_BINDER_IPC ANON_VMA_NAME APERTURE_HELPERS AR5523 ARCH_ENABLE_MEMORY_HOTREMOVE ARCH_ENABLE_THP_MIGRATION ASM_MODVERSIONS ASYNC_CORE ASYNC_MEMCPY ASYNC_PQ ASYNC_RAID6_RECOV ASYNC_TX_DMA ASYNC_XOR ATARI_PARTITION ATA_GENERIC ATA_OVER_ETH ATH10K ATH10K_CE ATH10K_PCI ATH10K_USB ATH11K ATH6KL ATH6KL_USB ATH9K ATH9K_AHB ATH9K_BTCOEX_SUPPORT ATH9K_CHANNEL_CONTEXT ATH9K_COMMON ATH9K_COMMON_DEBUG ATH9K_DEBUGFS ATH9K_DYNACK ATH9K_HTC ATH9K_HTC_DEBUGFS ATH9K_HW ATH9K_PCI ATH9K_PCOEM ATH9K_RFKILL ATH_COMMON ATM ATM_BR2684 ATM_CLIP ATM_DRIVERS ATM_LANE ATM_MPOA ATM_TCP AUXILIARY_BUS AX25 AX25_DAMA_SLAVE AX88796B_PHY BAREUDP BATMAN_ADV BATMAN_ADV_BATMAN_V BATMAN_ADV_BLA BATMAN_ADV_DAT BATMAN_ADV_MCAST BATMAN_ADV_NC BCACHE BCMA BCMA_HOST_PCI_POSSIBLE BEFS_FS BFQ_CGROUP_DEBUG BFQ_GROUP_IOSCHED BFS_FS BIG_KEYS BLK_CGROUP_PUNT_BIO BLK_CGROUP_RWSTAT BLK_DEBUG_FS_ZONED BLK_DEV_BSGLIB BLK_DEV_FD BLK_DEV_INTEGRITY BLK_DEV_INTEGRITY_T10 BLK_DEV_NBD BLK_DEV_NULL_BLK BLK_DEV_NULL_BLK_FAULT_INJECTION BLK_DEV_NVME BLK_DEV_PMEM BLK_DEV_RAM BLK_DEV_RNBD BLK_DEV_RNBD_CLIENT BLK_DEV_THROTTLING BLK_DEV_ZONED BLK_ICQ BLK_INLINE_ENCRYPTION BLK_INLINE_ENCRYPTION_FALLBACK BLK_WBT BLK_WBT_MQ BONDING BOOT_VESA_SUPPORT BPF_EVENTS BPF_JIT BPF_JIT_ALWAYS_ON BPF_JIT_DEFAULT_ON BPF_LSM BPF_PRELOAD BPF_PRELOAD_UMD BPF_STREAM_PARSER BPF_SYSCALL BPQETHER BRIDGE BRIDGE_CFM BRIDGE_EBT_802_3 BRIDGE_EBT_AMONG BRIDGE_EBT_ARP BRIDGE_EBT_ARPREPLY BRIDGE_EBT_BROUTE BRIDGE_EBT_DNAT BRIDGE_EBT_IP BRIDGE_EBT_IP6 BRIDGE_EBT_LIMIT BRIDGE_EBT_LOG BRIDGE_EBT_MARK BRIDGE_EBT_MARK_T BRIDGE_EBT_NFLOG BRIDGE_EBT_PKTTYPE BRIDGE_EBT_REDIRECT BRIDGE_EBT_SNAT BRIDGE_EBT_STP BRIDGE_EBT_T_FILTER BRIDGE_EBT_T_NAT BRIDGE_EBT_VLAN BRIDGE_IGMP_SNOOPING BRIDGE_MRP BRIDGE_NF_EBTABLES BRIDGE_VLAN_FILTERING BSD_DISKLABEL BSD_PROCESS_ACCT_V3 BT BTRFS_ASSERT BTRFS_FS BTRFS_FS_POSIX_ACL BTRFS_FS_REF_VERIFY BTT BT_6LOWPAN BT_ATH3K BT_BCM BT_BNEP BT_BNEP_MC_FILTER BT_BNEP_PROTO_FILTER BT_BREDR BT_CMTP BT_HCIBCM203X BT_HCIBFUSB BT_HCIBPA10X BT_HCIBTUSB BT_HCIBTUSB_BCM BT_HCIBTUSB_MTK BT_HCIBTUSB_POLL_SYNC BT_HCIBTUSB_RTL BT_HCIUART BT_HCIUART_3WIRE BT_HCIUART_AG6XX BT_HCIUART_BCSP BT_HCIUART_H4 BT_HCIUART_LL BT_HCIUART_MRVL BT_HCIUART_QCA BT_HCIUART_SERDEV BT_HCIVHCI BT_HIDP BT_HS BT_INTEL BT_LE BT_LEDS BT_LE_L2CAP_ECRED BT_MSFTEXT BT_MTK BT_QCA BT_RFCOMM BT_RFCOMM_TTY BT_RTL CACHEFILES CAIF CAIF_DEBUG CAIF_DRIVERS CAIF_NETDEV CAIF_TTY CAIF_USB CAIF_VIRTIO CAN CAN_8DEV_USB CAN_BCM CAN_CALC_BITTIMING CAN_DEV CAN_EMS_USB CAN_GS_USB CAN_GW CAN_IFI_CANFD CAN_ISOTP CAN_J1939 CAN_KVASER_USB CAN_MCBA_USB CAN_NETLINK CAN_PEAK_USB CAN_RAW CAN_SLCAN CAN_VCAN CAN_VXCAN CAPI_TRACE CARL9170 CARL9170_HWRNG CARL9170_LEDS CARL9170_WPC CEC_CORE CEPH_FS CEPH_FSCACHE CEPH_FS_POSIX_ACL CEPH_LIB CEPH_LIB_USE_DNS_RESOLVER CFG80211 CFG80211_CRDA_SUPPORT CFG80211_DEBUGFS CFG80211_DEFAULT_PS CFG80211_REQUIRE_SIGNED_REGDB CFG80211_USE_KERNEL_REGDB_KEYS CFG80211_WEXT CFS_BANDWIDTH CGROUP_BPF CHARGER_BQ24190 CHARGER_ISP1704 CHR_DEV_ST CIFS CIFS_ALLOW_INSECURE_LEGACY CIFS_DEBUG CIFS_DFS_UPCALL CIFS_FSCACHE CIFS_POSIX CIFS_SMB_DIRECT CIFS_SWN_UPCALL CIFS_UPCALL CIFS_XATTR CLS_U32_MARK CLS_U32_PERF CMA CMA_SIZE_SEL_MBYTES CMDLINE_PARTITION COMEDI COMEDI_DT9812 COMEDI_NI_USB6501 COMEDI_USBDUX COMEDI_USBDUXFAST COMEDI_USBDUXSIGMA COMEDI_USB_DRIVERS COMEDI_VMK80XX COMPAT_NETLINK_MESSAGES COUNTER CRAMFS CRAMFS_BLOCKDEV CRAMFS_MTD CRC4 CRC64 CRC64_ROCKSOFT CRC7 CRC8 CRC_ITU_T CRC_T10DIF CRYPTO_ADIANTUM CRYPTO_AEGIS128 CRYPTO_AEGIS128_AESNI_SSE2 CRYPTO_AES_NI_INTEL CRYPTO_AES_TI CRYPTO_ANSI_CPRNG CRYPTO_ANUBIS CRYPTO_ARC4 CRYPTO_ARCH_HAVE_LIB_BLAKE2S CRYPTO_ARCH_HAVE_LIB_CHACHA CRYPTO_ARCH_HAVE_LIB_CURVE25519 CRYPTO_ARCH_HAVE_LIB_POLY1305 CRYPTO_ARIA CRYPTO_ARIA_AESNI_AVX_X86_64 CRYPTO_BLAKE2B CRYPTO_BLAKE2S_X86 CRYPTO_BLOWFISH CRYPTO_BLOWFISH_COMMON CRYPTO_BLOWFISH_X86_64 CRYPTO_CAMELLIA CRYPTO_CAMELLIA_AESNI_AVX2_X86_64 CRYPTO_CAMELLIA_AESNI_AVX_X86_64 CRYPTO_CAMELLIA_X86_64 CRYPTO_CAST5 CRYPTO_CAST5_AVX_X86_64 CRYPTO_CAST6 CRYPTO_CAST6_AVX_X86_64 CRYPTO_CAST_COMMON CRYPTO_CFB CRYPTO_CHACHA20 CRYPTO_CHACHA20POLY1305 CRYPTO_CHACHA20_X86_64 CRYPTO_CRC32 CRYPTO_CRC32C_INTEL CRYPTO_CRC32_PCLMUL CRYPTO_CRC64_ROCKSOFT CRYPTO_CRCT10DIF CRYPTO_CRCT10DIF_PCLMUL CRYPTO_CRYPTD CRYPTO_CTS CRYPTO_CURVE25519 CRYPTO_CURVE25519_X86 CRYPTO_DEFLATE CRYPTO_DES CRYPTO_DES3_EDE_X86_64 CRYPTO_DEV_CCP CRYPTO_DEV_CCP_DD CRYPTO_DEV_PADLOCK CRYPTO_DEV_PADLOCK_AES CRYPTO_DEV_PADLOCK_SHA CRYPTO_DEV_QAT CRYPTO_DEV_QAT_C3XXX CRYPTO_DEV_QAT_C3XXXVF CRYPTO_DEV_QAT_C62X CRYPTO_DEV_QAT_C62XVF CRYPTO_DEV_QAT_DH895xCC CRYPTO_DEV_QAT_DH895xCCVF CRYPTO_DEV_VIRTIO CRYPTO_DH CRYPTO_DRBG_CTR CRYPTO_DRBG_HASH CRYPTO_ECB CRYPTO_ECC CRYPTO_ECDH CRYPTO_ECRDSA CRYPTO_ENGINE CRYPTO_ESSIV CRYPTO_FCRYPT CRYPTO_GHASH_CLMUL_NI_INTEL CRYPTO_HCTR2 CRYPTO_KDF800108_CTR CRYPTO_KEYWRAP CRYPTO_KHAZAD CRYPTO_KPP CRYPTO_LIB_ARC4 CRYPTO_LIB_CHACHA CRYPTO_LIB_CHACHA20POLY1305 CRYPTO_LIB_CHACHA_GENERIC CRYPTO_LIB_CURVE25519 CRYPTO_LIB_CURVE25519_GENERIC CRYPTO_LIB_DES CRYPTO_LIB_POLY1305 CRYPTO_LIB_POLY1305_GENERIC CRYPTO_LRW CRYPTO_MICHAEL_MIC CRYPTO_NHPOLY1305 CRYPTO_NHPOLY1305_AVX2 CRYPTO_NHPOLY1305_SSE2 CRYPTO_OFB CRYPTO_PCBC CRYPTO_PCRYPT CRYPTO_POLY1305 CRYPTO_POLY1305_X86_64 CRYPTO_POLYVAL CRYPTO_POLYVAL_CLMUL_NI CRYPTO_RMD160 CRYPTO_SEED CRYPTO_SERPENT CRYPTO_SERPENT_AVX2_X86_64 CRYPTO_SERPENT_AVX_X86_64 CRYPTO_SERPENT_SSE2_X86_64 CRYPTO_SHA1_SSSE3 CRYPTO_SHA256_SSSE3 CRYPTO_SHA512_SSSE3 CRYPTO_SIMD CRYPTO_SM2 CRYPTO_SM3 CRYPTO_SM3_AVX_X86_64 CRYPTO_SM4 CRYPTO_SM4_AESNI_AVX2_X86_64 CRYPTO_SM4_AESNI_AVX_X86_64 CRYPTO_SM4_GENERIC CRYPTO_STREEBOG CRYPTO_TEA CRYPTO_TWOFISH CRYPTO_TWOFISH_AVX_X86_64 CRYPTO_TWOFISH_COMMON CRYPTO_TWOFISH_X86_64 CRYPTO_TWOFISH_X86_64_3WAY CRYPTO_USER CRYPTO_USER_API CRYPTO_USER_API_AEAD CRYPTO_USER_API_ENABLE_OBSOLETE CRYPTO_USER_API_HASH CRYPTO_USER_API_RNG CRYPTO_USER_API_SKCIPHER CRYPTO_VMAC CRYPTO_WP512 CRYPTO_XCBC CRYPTO_XCTR CRYPTO_XTS CRYPTO_XXHASH CUSE CYPRESS_FIRMWARE DAMON DAMON_DBGFS DAMON_PADDR DAMON_RECLAIM DAMON_VADDR DAX DCA DCB DEFAULT_PFIFO_FAST DEVICE_MIGRATION DEVICE_PRIVATE DEV_COREDUMP DEV_DAX DIMLIB DLN2_ADC DMABUF_HEAPS DMABUF_HEAPS_CMA DMABUF_HEAPS_SYSTEM DMABUF_MOVE_NOTIFY DMA_CMA DMA_ENGINE_RAID DM_AUDIT DM_BIO_PRISON DM_BUFIO DM_CACHE DM_CACHE_SMQ DM_CLONE DM_CRYPT DM_FLAKEY DM_INTEGRITY DM_MULTIPATH DM_MULTIPATH_QL DM_MULTIPATH_ST DM_PERSISTENT_DATA DM_RAID DM_SNAPSHOT DM_THIN_PROVISIONING DM_UEVENT DM_VERITY DM_VERITY_FEC DM_WRITECACHE DM_ZONED DRAGONRISE_FF DRM DRM_BOCHS DRM_BUDDY DRM_CIRRUS_QEMU DRM_DEBUG_MM ENCRYPTED_KEYS EXTCON FSCACHE FUSE_FS GPIOLIB HAMRADIO HID_DRAGONRISE IIO INFINIBAND INFINIBAND_ADDR_TRANS INFINIBAND_RTRS_CLIENT IOSCHED_BFQ ISDN ISDN_CAPI LIBNVDIMM MAC80211 MAC80211_LEDS MEDIA_SUPPORT MEMORY_HOTPLUG MEMORY_HOTREMOVE MFD_DLN2 MTD NET_CLS_U32 NET_SCH_DEFAULT PARTITION_ADVANCED RFKILL SERIAL_DEV_BUS TLS TLS_DEVICE TRANSPARENT_HUGEPAGE TRUSTED_KEYS USB_GADGET USB_PHY VLAN_8021Q WANT_COMPAT_NETLINK_MESSAGES WEXT_CORE WIRELESS WIRELESS_EXT WLAN WLAN_VENDOR_ATH X86_X32_ABI ZONE_DEVICE] disabling configs for [LOCKDEP ATOMIC_SLEEP HANG LEAK UBSAN KASAN], they are not needed testing release v6.4 testing commit 6995e2de6891c724bfeb2db33d7b87775f913ad1 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 2f708e0a47d72ae38d64f2ba87bb80493710fd6d7bcb4aaaea60f16af5c4edf7 all runs: OK false negative chance: 0.000 # git bisect start 5d0c230f1de8c7515b6567d9afba1f196fb4e2f4 6995e2de6891c724bfeb2db33d7b87775f913ad1 Bisecting: 6500 revisions left to test after this (roughly 13 steps) [1b722407a13b7f8658d2e26917791f32805980a2] Merge tag 'drm-next-2023-06-29' of git://anongit.freedesktop.org/drm/drm testing commit 1b722407a13b7f8658d2e26917791f32805980a2 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 0b4b81fe3bb298584c970783a6a7d515a817cb9f196727c8f6b6a88d02ff2cb4 all runs: OK false negative chance: 0.000 # git bisect good 1b722407a13b7f8658d2e26917791f32805980a2 Bisecting: 3252 revisions left to test after this (roughly 12 steps) [c156d4af4354091c38a1cbef62c0b1574e8c4394] Merge tag 'leds-next-6.5' of git://git.kernel.org/pub/scm/linux/kernel/git/lee/leds testing commit c156d4af4354091c38a1cbef62c0b1574e8c4394 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: c1a6e440348043f9a2e0f29a2cab44140f0d8c07d2dfd17e97f9ffabd0c78cce all runs: OK false negative chance: 0.000 # git bisect good c156d4af4354091c38a1cbef62c0b1574e8c4394 Bisecting: 1657 revisions left to test after this (roughly 11 steps) [73a3fcdaa73200e38e38f7e8a32c9b901c5b95b5] Merge tag 'f2fs-for-6.5-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/jaegeuk/f2fs testing commit 73a3fcdaa73200e38e38f7e8a32c9b901c5b95b5 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: e0a05985e6307e06019ab4d2018bdeafb28797cdc083bf5b5a632babdd19a524 all runs: OK false negative chance: 0.000 # git bisect good 73a3fcdaa73200e38e38f7e8a32c9b901c5b95b5 Bisecting: 828 revisions left to test after this (roughly 10 steps) [9b39f758974ff8dfa721e68c6cecfd37e6ddb206] Merge tag 'nf-23-07-20' of https://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf testing commit 9b39f758974ff8dfa721e68c6cecfd37e6ddb206 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: a1e0519e53b1eb1cac166ea44884d9272727be001c7c0d279cde4887e752900c all runs: OK false negative chance: 0.000 # git bisect good 9b39f758974ff8dfa721e68c6cecfd37e6ddb206 Bisecting: 413 revisions left to test after this (roughly 9 steps) [15b593ba68445a2b436a63044eaecd0679457dc2] Merge tag 'ext4_for_linus-6.5-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4 testing commit 15b593ba68445a2b436a63044eaecd0679457dc2 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 50b5e1572531c79febe097f3d0789239b95cd6308e6f049bc3377d2d79129ce5 all runs: crashed: kernel BUG in btrfs_cancel_balance representative crash: kernel BUG in btrfs_cancel_balance, types: [BUG] # git bisect bad 15b593ba68445a2b436a63044eaecd0679457dc2 Bisecting: 205 revisions left to test after this (roughly 8 steps) [bfa3037d828050896ae52f6467b6ca2489ae6fb1] Merge tag 'fuse-update-6.5' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/fuse testing commit bfa3037d828050896ae52f6467b6ca2489ae6fb1 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: addd30cf99b1617ff433b010dbb2a3a808ef1bf2150d95a66c35468f607f9f65 all runs: OK false negative chance: 0.000 # git bisect good bfa3037d828050896ae52f6467b6ca2489ae6fb1 Bisecting: 117 revisions left to test after this (roughly 7 steps) [55c225fbd8532a1bac6fd93c5085031650083a4a] Merge tag 'fbdev-for-6.5-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/deller/linux-fbdev testing commit 55c225fbd8532a1bac6fd93c5085031650083a4a gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 12e84ccaba1bd48afad65bb72caeeabe362b7837614d2df0b5222288b4a173da all runs: crashed: kernel BUG in btrfs_cancel_balance representative crash: kernel BUG in btrfs_cancel_balance, types: [BUG] # git bisect bad 55c225fbd8532a1bac6fd93c5085031650083a4a Bisecting: 53 revisions left to test after this (roughly 6 steps) [12a5088eb138fbf14eaa0eea5fe6061c4341401c] Merge tag 'ata-6.5-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/dlemoal/libata testing commit 12a5088eb138fbf14eaa0eea5fe6061c4341401c gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 8b2a2df7006103a095992b6028df94e30b7b51a0c9b055db6b1e9d95e3248267 all runs: crashed: kernel BUG in btrfs_cancel_balance representative crash: kernel BUG in btrfs_cancel_balance, types: [BUG] # git bisect bad 12a5088eb138fbf14eaa0eea5fe6061c4341401c Bisecting: 15 revisions left to test after this (roughly 4 steps) [69435880cf138484c3012f6c38dcbc5605de39ee] Merge tag 'xfs-6.5-fixes-1' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux testing commit 69435880cf138484c3012f6c38dcbc5605de39ee gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: a0e9f30ab9f4345c828f2013a894246e663d8f8a9bf618c4f58fab6d51fd1091 all runs: crashed: kernel BUG in btrfs_cancel_balance representative crash: kernel BUG in btrfs_cancel_balance, types: [BUG] # git bisect bad 69435880cf138484c3012f6c38dcbc5605de39ee Bisecting: 8 revisions left to test after this (roughly 3 steps) [17b17fcd6d446b95904a6929c40012ee7f0afc0c] btrfs: set_page_extent_mapped after read_folio in btrfs_cont_expand testing commit 17b17fcd6d446b95904a6929c40012ee7f0afc0c gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: c39fcb1b58c636368c693a940978433f7d3b9d0fa073d3a1b0a64e84da08eb72 all runs: crashed: kernel BUG in btrfs_cancel_balance representative crash: kernel BUG in btrfs_cancel_balance, types: [BUG] # git bisect bad 17b17fcd6d446b95904a6929c40012ee7f0afc0c Bisecting: 4 revisions left to test after this (roughly 2 steps) [f1a07c2b4e2c473ec322b8b9ece071b8c88a3512] btrfs: zoned: fix memory leak after finding block group with super blocks testing commit f1a07c2b4e2c473ec322b8b9ece071b8c88a3512 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: feb2544b9d98b61c75e7d9d806045b7d5b10a480c5fd18673d2b6ed5feb4091b all runs: crashed: kernel BUG in btrfs_cancel_balance representative crash: kernel BUG in btrfs_cancel_balance, types: [BUG] # git bisect bad f1a07c2b4e2c473ec322b8b9ece071b8c88a3512 Bisecting: 1 revision left to test after this (roughly 1 step) [4e7de35eb7d1a1d4f2dda15f39fbedd4798a0b8d] btrfs: be a bit more careful when setting mirror_num_ret in btrfs_map_block testing commit 4e7de35eb7d1a1d4f2dda15f39fbedd4798a0b8d gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 47c3a08adea47dc8d5c1614ff062d15238336bc8cee437516f1119278781c10b all runs: crashed: kernel BUG in btrfs_cancel_balance representative crash: kernel BUG in btrfs_cancel_balance, types: [BUG] # git bisect bad 4e7de35eb7d1a1d4f2dda15f39fbedd4798a0b8d Bisecting: 0 revisions left to test after this (roughly 0 steps) [b19c98f237cd76981aaded52c258ce93f7daa8cb] btrfs: fix race between balance and cancel/pause testing commit b19c98f237cd76981aaded52c258ce93f7daa8cb gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 180636f26012f2e44da0b75b3a79b6fd2a3541dac897a05922d6aebe23a3d7b7 all runs: crashed: kernel BUG in btrfs_cancel_balance representative crash: kernel BUG in btrfs_cancel_balance, types: [BUG] # git bisect bad b19c98f237cd76981aaded52c258ce93f7daa8cb b19c98f237cd76981aaded52c258ce93f7daa8cb is the first bad commit commit b19c98f237cd76981aaded52c258ce93f7daa8cb Author: Josef Bacik Date: Fri Jun 23 01:05:41 2023 -0400 btrfs: fix race between balance and cancel/pause Syzbot reported a panic that looks like this: assertion failed: fs_info->exclusive_operation == BTRFS_EXCLOP_BALANCE_PAUSED, in fs/btrfs/ioctl.c:465 ------------[ cut here ]------------ kernel BUG at fs/btrfs/messages.c:259! RIP: 0010:btrfs_assertfail+0x2c/0x30 fs/btrfs/messages.c:259 Call Trace: btrfs_exclop_balance fs/btrfs/ioctl.c:465 [inline] btrfs_ioctl_balance fs/btrfs/ioctl.c:3564 [inline] btrfs_ioctl+0x531e/0x5b30 fs/btrfs/ioctl.c:4632 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:870 [inline] __se_sys_ioctl fs/ioctl.c:856 [inline] __x64_sys_ioctl+0x197/0x210 fs/ioctl.c:856 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd The reproducer is running a balance and a cancel or pause in parallel. The way balance finishes is a bit wonky, if we were paused we need to save the balance_ctl in the fs_info, but clear it otherwise and cleanup. However we rely on the return values being specific errors, or having a cancel request or no pause request. If balance completes and returns 0, but we have a pause or cancel request we won't do the appropriate cleanup, and then the next time we try to start a balance we'll trip this ASSERT. The error handling is just wrong here, we always want to clean up, unless we got -ECANCELLED and we set the appropriate pause flag in the exclusive op. With this patch the reproducer ran for an hour without tripping, previously it would trip in less than a few minutes. Reported-by: syzbot+c0f3acf145cb465426d5@syzkaller.appspotmail.com CC: stable@vger.kernel.org # 6.1+ Signed-off-by: Josef Bacik Reviewed-by: David Sterba Signed-off-by: David Sterba fs/btrfs/volumes.c | 14 ++++---------- 1 file changed, 4 insertions(+), 10 deletions(-) accumulated error probability: 0.00 parent commit 8a4a0b2a3eaf75ca8854f856ef29690c12b2f531 wasn't tested testing commit 8a4a0b2a3eaf75ca8854f856ef29690c12b2f531 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 96a83fd77937eac473915bef4a94dc9e17b7716066beb62cdcc873afa2a3a2b6 culprit signature: 180636f26012f2e44da0b75b3a79b6fd2a3541dac897a05922d6aebe23a3d7b7 parent signature: 96a83fd77937eac473915bef4a94dc9e17b7716066beb62cdcc873afa2a3a2b6 revisions tested: 21, total time: 6h39m35.369276003s (build: 3h41m25.182237812s, test: 2h40m40.407833659s) first bad commit: b19c98f237cd76981aaded52c258ce93f7daa8cb btrfs: fix race between balance and cancel/pause recipients (to): ["dsterba@suse.com" "josef@toxicpanda.com"] recipients (cc): [] crash: kernel BUG in btrfs_cancel_balance ------------[ cut here ]------------ kernel BUG at fs/btrfs/volumes.c:4645! invalid opcode: 0000 [#1] PREEMPT SMP CPU: 0 PID: 4389 Comm: syz-executor.4 Not tainted 6.4.0-rc7-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2023 RIP: 0010:btrfs_cancel_balance+0x19c/0x1a0 fs/btrfs/volumes.c:4644 Code: 89 f7 e8 77 b7 f5 00 31 c0 65 48 8b 0c 25 28 00 00 00 48 3b 4c 24 28 75 0c 48 83 c4 30 5b 41 5c 41 5e 41 5f c3 e8 e4 dd f4 00 <0f> 0b 66 90 f3 0f 1e fa 55 41 57 41 56 41 55 41 54 53 48 81 ec e8 RSP: 0000:ffffc90002463e88 EFLAGS: 00010286 RAX: 0000000000000000 RBX: ffff88810833d468 RCX: 02d8f1a23930ee00 RDX: b469f594890e6dbe RSI: ffffffff830ac941 RDI: 00000000ffffffff RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: ffff88810833c000 R13: 0000000000000005 R14: ffff88810833d3c8 R15: ffffc90002463e88 FS: 00007f0b91bdd6c0(0000) GS:ffff888237c00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fd20ba00000 CR3: 00000001097b3000 CR4: 00000000003506f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: btrfs_ioctl_balance_ctl+0x41/0x50 fs/btrfs/ioctl.c:3632 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:870 [inline] __se_sys_ioctl+0x6a/0xb0 fs/ioctl.c:856 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd RIP: 0033:0x7f0b99c7cae9 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f0b91bdd0c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 00007f0b99d9c050 RCX: 00007f0b99c7cae9 RDX: 0000000000000002 RSI: 0000000040049421 RDI: 0000000000000005 RBP: 00007f0b99cc847a R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 000000000000006e R14: 00007f0b99d9c050 R15: 00007ffd28c73768 Modules linked in: ---[ end trace 0000000000000000 ]--- RIP: 0010:btrfs_cancel_balance+0x19c/0x1a0 fs/btrfs/volumes.c:4644 Code: 89 f7 e8 77 b7 f5 00 31 c0 65 48 8b 0c 25 28 00 00 00 48 3b 4c 24 28 75 0c 48 83 c4 30 5b 41 5c 41 5e 41 5f c3 e8 e4 dd f4 00 <0f> 0b 66 90 f3 0f 1e fa 55 41 57 41 56 41 55 41 54 53 48 81 ec e8 RSP: 0000:ffffc90002463e88 EFLAGS: 00010286 RAX: 0000000000000000 RBX: ffff88810833d468 RCX: 02d8f1a23930ee00 RDX: b469f594890e6dbe RSI: ffffffff830ac941 RDI: 00000000ffffffff RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: ffff88810833c000 R13: 0000000000000005 R14: ffff88810833d3c8 R15: ffffc90002463e88 FS: 00007f0b91bdd6c0(0000) GS:ffff888237c00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fd20ba00000 CR3: 00000001097b3000 CR4: 00000000003506f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400