ci2 starts bisection 2024-01-28 15:47:34.072103708 +0000 UTC m=+248207.946297478
bisecting cause commit starting from 8a696a29c6905594e4abf78eaafcb62165ac61f1
building syzkaller on cc4a4020ecb6d62110981f597feea0c04a643efa
ensuring issue is reproducible on original commit 8a696a29c6905594e4abf78eaafcb62165ac61f1

testing commit 8a696a29c6905594e4abf78eaafcb62165ac61f1 gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 7e721a746fe30df1ed33a9483d396b3896e040f7d4069c0e5dd4acc7b19cdf4e
run #0: crashed: KASAN: slab-use-after-free Read in mi_enum_attr
run #1: crashed: KASAN: slab-out-of-bounds Read in mi_enum_attr
run #2: crashed: KASAN: use-after-free Read in mi_enum_attr
run #3: crashed: KASAN: slab-use-after-free Read in mi_enum_attr
run #4: crashed: KASAN: slab-out-of-bounds Read in mi_enum_attr
run #5: crashed: KASAN: slab-out-of-bounds Read in mi_enum_attr
run #6: OK
run #7: crashed: KASAN: slab-use-after-free Read in mi_enum_attr
run #8: OK
run #9: OK
run #10: crashed: KASAN: slab-use-after-free Read in mi_enum_attr
run #11: OK
run #12: OK
run #13: OK
run #14: OK
run #15: OK
run #16: OK
run #17: OK
run #18: OK
run #19: OK
representative crash: KASAN: slab-use-after-free Read in mi_enum_attr, types: [KASAN]
check whether we can drop unnecessary instrumentation
disabling configs for [HANG LEAK UBSAN BUG LOCKDEP ATOMIC_SLEEP], they are not needed
testing commit 8a696a29c6905594e4abf78eaafcb62165ac61f1 gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 2b944bd11523746082e027535a9357540bd8ff27918e9647cd49c12392645117
run #0: crashed: KASAN: slab-out-of-bounds Read in mi_enum_attr
run #1: crashed: KASAN: use-after-free Read in mi_enum_attr
run #2: crashed: KASAN: slab-use-after-free Read in mi_enum_attr
run #3: crashed: KASAN: slab-out-of-bounds Read in mi_enum_attr
run #4: crashed: KASAN: slab-out-of-bounds Read in mi_enum_attr
run #5: crashed: KASAN: slab-use-after-free Read in mi_enum_attr
run #6: crashed: KASAN: slab-out-of-bounds Read in mi_enum_attr
run #7: crashed: KASAN: slab-use-after-free Read in mi_enum_attr
run #8: crashed: KASAN: slab-out-of-bounds Read in mi_enum_attr
run #9: crashed: KASAN: use-after-free Read in mi_enum_attr
run #10: crashed: KASAN: use-after-free Read in mi_enum_attr
run #11: crashed: KASAN: use-after-free Read in mi_enum_attr
run #12: crashed: KASAN: slab-out-of-bounds Read in mi_enum_attr
run #13: crashed: KASAN: slab-out-of-bounds Read in mi_enum_attr
run #14: crashed: KASAN: slab-use-after-free Read in mi_enum_attr
run #15: crashed: KASAN: slab-use-after-free Read in mi_enum_attr
run #16: crashed: KASAN: slab-out-of-bounds Read in mi_enum_attr
run #17: crashed: KASAN: slab-use-after-free Read in mi_enum_attr
run #18: OK
run #19: OK
representative crash: KASAN: slab-out-of-bounds Read in mi_enum_attr, types: [KASAN]
the bug reproduces without the instrumentation
disabling configs for [UBSAN BUG LOCKDEP ATOMIC_SLEEP HANG LEAK], they are not needed
kconfig minimization: base=3915 full=7678 leaves diff=2014
split chunks (needed=false): <2014>
split chunk #0 of len 2014 into 5 parts
testing without sub-chunk 1/5
disabling configs for [LOCKDEP ATOMIC_SLEEP HANG LEAK UBSAN BUG], they are not needed
testing commit 8a696a29c6905594e4abf78eaafcb62165ac61f1 gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: caca4a6eaa355b574bc971c930585928514a253e4dded814911f818d9f03ef51
run #0: crashed: KASAN: use-after-free Read in mi_enum_attr
run #1: crashed: KASAN: slab-out-of-bounds Read in mi_enum_attr
run #2: crashed: KASAN: slab-out-of-bounds Read in mi_enum_attr
run #3: crashed: KASAN: slab-use-after-free Read in mi_enum_attr
run #4: crashed: KASAN: slab-out-of-bounds Read in mi_enum_attr
run #5: crashed: KASAN: slab-use-after-free Read in mi_enum_attr
run #6: crashed: KASAN: slab-use-after-free Read in mi_enum_attr
run #7: crashed: KASAN: slab-use-after-free Read in mi_enum_attr
run #8: crashed: KASAN: slab-out-of-bounds Read in mi_enum_attr
run #9: crashed: KASAN: slab-out-of-bounds Read in mi_enum_attr
run #10: crashed: KASAN: slab-use-after-free Read in mi_enum_attr
run #11: crashed: KASAN: slab-out-of-bounds Read in mi_enum_attr
run #12: OK
run #13: OK
run #14: OK
run #15: OK
run #16: OK
run #17: OK
run #18: OK
run #19: OK
representative crash: KASAN: use-after-free Read in mi_enum_attr, types: [KASAN]
the chunk can be dropped
testing without sub-chunk 2/5
disabling configs for [LOCKDEP ATOMIC_SLEEP HANG LEAK UBSAN BUG], they are not needed
testing commit 8a696a29c6905594e4abf78eaafcb62165ac61f1 gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 112ba5ddbeb99cfd853f72b2d8b2f67bec1dc292f9722ac077015caa64e244a8
run #0: crashed: KASAN: slab-use-after-free Read in mi_enum_attr
run #1: crashed: KASAN: slab-use-after-free Read in mi_enum_attr
run #2: crashed: KASAN: slab-out-of-bounds Read in mi_enum_attr
run #3: crashed: KASAN: slab-out-of-bounds Read in mi_enum_attr
run #4: crashed: KASAN: slab-use-after-free Read in mi_enum_attr
run #5: crashed: KASAN: slab-use-after-free Read in mi_enum_attr
run #6: crashed: KASAN: use-after-free Read in mi_enum_attr
run #7: crashed: KASAN: use-after-free Read in mi_enum_attr
run #8: crashed: KASAN: slab-use-after-free Read in mi_enum_attr
run #9: crashed: KASAN: slab-out-of-bounds Read in mi_enum_attr
run #10: crashed: KASAN: slab-out-of-bounds Read in mi_enum_attr
run #11: OK
run #12: crashed: KASAN: use-after-free Read in mi_enum_attr
run #13: OK
run #14: OK
run #15: OK
run #16: OK
run #17: crashed: KASAN: use-after-free Read in mi_enum_attr
run #18: OK
run #19: OK
representative crash: KASAN: slab-use-after-free Read in mi_enum_attr, types: [KASAN]
the chunk can be dropped
testing without sub-chunk 3/5
disabling configs for [UBSAN BUG LOCKDEP ATOMIC_SLEEP HANG LEAK], they are not needed
testing commit 8a696a29c6905594e4abf78eaafcb62165ac61f1 gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: e28ac95c3b8602d1f522147f677fe3be15369fc8d8d5b447c14bc68b7e9a6f3c
run #0: crashed: KASAN: slab-use-after-free Read in mi_enum_attr
run #1: crashed: KASAN: slab-out-of-bounds Read in mi_enum_attr
run #2: crashed: KASAN: slab-use-after-free Read in mi_enum_attr
run #3: crashed: KASAN: slab-out-of-bounds Read in mi_enum_attr
run #4: crashed: KASAN: slab-out-of-bounds Read in mi_enum_attr
run #5: crashed: KASAN: slab-use-after-free Read in mi_enum_attr
run #6: crashed: KASAN: slab-use-after-free Read in mi_enum_attr
run #7: crashed: KASAN: slab-out-of-bounds Read in mi_enum_attr
run #8: OK
run #9: OK
run #10: OK
run #11: OK
run #12: OK
run #13: OK
run #14: OK
run #15: OK
run #16: OK
run #17: OK
run #18: OK
run #19: OK
representative crash: KASAN: slab-use-after-free Read in mi_enum_attr, types: [KASAN]
the chunk can be dropped
testing without sub-chunk 4/5
disabling configs for [LOCKDEP ATOMIC_SLEEP HANG LEAK UBSAN BUG], they are not needed
testing commit 8a696a29c6905594e4abf78eaafcb62165ac61f1 gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 938cbdb7ad83588289dc6fd4fb4ca7ae202240d9e02d863961526c9d95eb5b89
all runs: OK
false negative chance: 0.000
testing without sub-chunk 5/5
disabling configs for [HANG LEAK UBSAN BUG LOCKDEP ATOMIC_SLEEP], they are not needed
testing commit 8a696a29c6905594e4abf78eaafcb62165ac61f1 gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: cdb25afd8eb8bb9e1f7f34fbf360cfe95d607d2f610d33cff87f9e3910b81464
run #0: crashed: KASAN: slab-use-after-free Read in mi_enum_attr
run #1: crashed: KASAN: use-after-free Read in mi_enum_attr
run #2: crashed: KASAN: slab-use-after-free Read in mi_enum_attr
run #3: crashed: KASAN: slab-out-of-bounds Read in mi_enum_attr
run #4: crashed: KASAN: slab-out-of-bounds Read in mi_enum_attr
run #5: crashed: KASAN: slab-use-after-free Read in mi_enum_attr
run #6: crashed: KASAN: slab-out-of-bounds Read in mi_enum_attr
run #7: crashed: KASAN: slab-use-after-free Read in mi_enum_attr
run #8: crashed: KASAN: slab-out-of-bounds Read in mi_enum_attr
run #9: OK
run #10: OK
run #11: OK
run #12: OK
run #13: OK
run #14: OK
run #15: OK
run #16: OK
run #17: OK
run #18: OK
run #19: OK
representative crash: KASAN: slab-use-after-free Read in mi_enum_attr, types: [KASAN]
the chunk can be dropped
minimized to 403 configs; suspects: [AF_RXRPC ARCH_ENABLE_MEMORY_HOTREMOVE ATM AX25 CFG80211 CMA DAX DLM DVB_CORE ENCRYPTED_KEYS EXTCON GENEVE GPIOLIB HAMRADIO HAVE_CLK HID_SENSOR_HUB HID_SMARTJOYPLUS HID_THRUSTMASTER IIO INFINIBAND INFINIBAND_ADDR_TRANS INFINIBAND_IPOIB INFINIBAND_USER_ACCESS INFINIBAND_VIRT_DMA INPUT_TABLET INPUT_TOUCHSCREEN IP_SCTP L2TP LIBNVDIMM MEDIA_COMMON_OPTIONS MEDIA_DIGITAL_TV_SUPPORT MEDIA_RADIO_SUPPORT MEDIA_SDR_SUPPORT MEDIA_SUPPORT MEDIA_USB_SUPPORT MEMORY_HOTPLUG MEMORY_HOTREMOVE MFD_DLN2 MFD_RETU MMC MTD MTD_UBI NETFILTER_CONNCOUNT NET_IPGRE NET_IPGRE_DEMUX NFS_V4_1 NF_SOCKET_IPV4 NF_SOCKET_IPV6 NF_TABLES NF_TABLES_ARP NF_TPROXY_IPV4 NF_TPROXY_IPV6 NILFS2_FS NLMON NLS_CODEPAGE_1250 NLS_CODEPAGE_1251 NLS_CODEPAGE_737 NLS_CODEPAGE_775 NLS_CODEPAGE_850 NLS_CODEPAGE_852 NLS_CODEPAGE_855 NLS_CODEPAGE_857 NLS_CODEPAGE_860 NLS_CODEPAGE_861 NLS_CODEPAGE_862 NLS_CODEPAGE_863 NLS_CODEPAGE_864 NLS_CODEPAGE_865 NLS_CODEPAGE_866 NLS_CODEPAGE_869 NLS_CODEPAGE_874 NLS_CODEPAGE_932 NLS_CODEPAGE_936 NLS_CODEPAGE_949 NLS_CODEPAGE_950 NLS_ISO8859_13 NLS_ISO8859_14 NLS_ISO8859_15 NLS_ISO8859_2 NLS_ISO8859_3 NLS_ISO8859_4 NLS_ISO8859_5 NLS_ISO8859_6 NLS_ISO8859_7 NLS_ISO8859_8 NLS_ISO8859_9 NLS_KOI8_R NLS_KOI8_U NLS_MAC_CELTIC NLS_MAC_CENTEURO NLS_MAC_CROATIAN NLS_MAC_CYRILLIC NLS_MAC_GAELIC NLS_MAC_GREEK NLS_MAC_ICELAND NLS_MAC_INUIT NLS_MAC_ROMAN NLS_MAC_ROMANIAN NLS_MAC_TURKISH NLS_UCS2_UTILS NOP_USB_XCEIV NOZOMI NTFS3_FS NTFS3_FS_POSIX_ACL NTFS3_LZX_XPRESS NTFS_FS NTFS_RW NULL_TTY NUMA_BALANCING NUMA_BALANCING_DEFAULT_ENABLED NUMA_EMU NUMA_KEEP_MEMINFO NVDIMM_DAX NVDIMM_KEYS NVDIMM_PFN NVMEM_LAYOUTS NVME_CORE NVME_FABRICS NVME_FC NVME_MULTIPATH NVME_RDMA NVME_TARGET NVME_TARGET_FC NVME_TARGET_FCLOOP NVME_TARGET_LOOP NVME_TARGET_RDMA NVME_TARGET_TCP NVME_TCP N_GSM N_HDLC OCFS2_DEBUG_FS OCFS2_FS OCFS2_FS_O2CB OCFS2_FS_STATS OCFS2_FS_USERSPACE_CLUSTER OF_GPIO OF_PMEM OMFS_FS OPENVSWITCH OPENVSWITCH_GENEVE OPENVSWITCH_GRE OPENVSWITCH_VXLAN ORANGEFS_FS OSF_PARTITION OVERLAY_FS OVERLAY_FS_DEBUG OVERLAY_FS_INDEX OVERLAY_FS_REDIRECT_ALWAYS_FOLLOW OVERLAY_FS_REDIRECT_DIR PACKET_DIAG PADATA PAGE_IDLE_FLAG PAGE_POOL PAGE_REPORTING PAHOLE_HAS_BTF_TAG PAHOLE_HAS_LANG_EXCLUDE PAHOLE_HAS_SPLIT_BTF PARPORT PARPORT_NOT_PC PARTITION_ADVANCED PCCARD PCCARD_NONSTATIC PCIEAER PCI_ENDPOINT PCI_IOV PCMCIA PCMCIA_LOAD_CIS PERCPU_STATS PERSISTENT_KEYRINGS PHONET PHYLINK PHY_CPCAP_USB PHY_QCOM_USB_HS PHY_QCOM_USB_HSIC PHY_SAMSUNG_USB2 PHY_TUSB1210 PKCS7_TEST_KEY PKCS8_PRIVATE_KEY_PARSER PM_CLK PNFS_BLOCK PNFS_FILE_LAYOUT PNFS_FLEXFILE_LAYOUT PPP PPPOATM PPPOE PPPOE_HASH_BITS_4 PPPOL2TP PPP_ASYNC PPP_BSDCOMP PPP_DEFLATE PPP_FILTER PPP_MPPE PPP_MULTILINK PPP_SYNC_TTY PPTP PREEMPT PREEMPT_NOTIFIERS PRISM2_USB PROC_CHILDREN PSI PSTORE PSTORE_COMPRESS QCOM_QMI_HELPERS QNX4FS_FS QNX6FS_FS QRTR QRTR_TUN R8712U RADIO_ADAPTERS RADIO_SHARK RADIO_SHARK2 RADIO_TEA575X RAID6_PQ RAID_ATTRS RC_ATI_REMOTE RC_CORE RC_DEVICES RDMA_RXE RDMA_SIW RDS RDS_RDMA RDS_TCP READ_ONLY_THP_FOR_FS REALTEK_AUTOPM REED_SOLOMON REED_SOLOMON_DEC8 REGMAP REGMAP_I2C REGMAP_IRQ REGMAP_MMIO REGULATOR REGULATOR_TWL4030 REISERFS_FS REISERFS_FS_POSIX_ACL REISERFS_FS_SECURITY REISERFS_FS_XATTR REISERFS_PROC_INFO RESET_CONTROLLER RFKILL RFKILL_INPUT RFKILL_LEDS RMI4_2D_SENSOR RMI4_CORE RMI4_F03 RMI4_F03_SERIO RMI4_F11 RMI4_F12 RMI4_F30 ROMFS_BACKED_BY_BOTH ROMFS_FS ROMFS_ON_BLOCK ROMFS_ON_MTD ROSE RTC_DRV_HID_SENSOR_TIME RXKAD SCHED_CORE SCSI_FC_ATTRS SCSI_HPSA SCSI_ISCSI_ATTRS SCSI_LOGGING SCSI_NETLINK SCSI_SAS_ATA SCSI_SAS_ATTRS SCSI_SAS_LIBSAS SCSI_SCAN_ASYNC SCSI_SRP_ATTRS SCTP_COOKIE_HMAC_MD5 SCTP_COOKIE_HMAC_SHA1 SCTP_DEFAULT_COOKIE_HMAC_MD5 SECONDARY_TRUSTED_KEYRING SECURITY_INFINIBAND SECURITY_NETWORK_XFRM SECURITY_SMACK_NETFILTER SERIAL_DEV_BUS SERIAL_DEV_CTRL_TTYPORT SERIAL_MCTRL_GPIO SGI_PARTITION SIGNATURE SIGNED_PE_FILE_VERIFICATION SLHC SLIP SLIP_COMPRESSED SLIP_MODE_SLIP6 SLIP_SMART SMARTJOYPLUS_FF SMBFS SMC SMC_DIAG SMSC_PHY SMS_SIANO_MDTV SMS_SIANO_RC SMS_USB_DRV SND SND_ALOOP SND_BCD2000 SND_CTL_FAST_LOOKUP SND_CTL_LED SND_DEBUG SND_DMA_SGBUF SND_DRIVERS SND_DUMMY SND_DYNAMIC_MINORS SND_HDA SND_HDA_CODEC_ANALOG SND_HDA_CODEC_CA0110 SND_HDA_CODEC_CA0132 SND_HDA_CODEC_CIRRUS SND_HDA_CODEC_CMEDIA SND_HDA_CODEC_CONEXANT SND_HDA_CODEC_HDMI SND_HDA_CODEC_REALTEK SND_HDA_CODEC_SI3054 SND_HDA_CODEC_SIGMATEL SND_HDA_CODEC_VIA SND_HDA_COMPONENT SND_HDA_CORE SND_HDA_GENERIC SND_HDA_GENERIC_LEDS SND_HDA_HWDEP SND_HDA_I915 SND_HDA_INPUT_BEEP SND_HDA_INTEL SND_HDA_PATCH_LOADER SND_HDA_RECONFIG SND_HRTIMER SND_HWDEP SND_INTEL_DSP_CONFIG SND_INTEL_NHLT SND_INTEL_SOUNDWIRE_ACPI SND_JACK SND_JACK_INPUT_DEV SND_MIXER_OSS SND_OSSEMUL SND_PCI SND_PCM SND_PCMCIA SND_PCM_OSS SND_PCM_OSS_PLUGINS SND_PCM_TIMER SND_PCM_XRUN_DEBUG SND_PROC_FS SND_RAWMIDI SND_SEQUENCER SND_SEQUENCER_OSS SND_SEQ_DEVICE SND_SEQ_DUMMY SND_SEQ_HRTIMER_DEFAULT SND_SEQ_MIDI SND_SEQ_MIDI_EVENT SND_SEQ_VIRMIDI SND_SUPPORT_OLD_API SND_TIMER SND_USB SND_USB_6FIRE SND_USB_AUDIO SND_USB_AUDIO_USE_MEDIA_CONTROLLER SND_USB_CAIAQ SND_USB_CAIAQ_INPUT SND_USB_HIFACE SND_USB_LINE6 SND_USB_POD SND_USB_PODHD SND_USB_TONEPORT SND_USB_UA101 SND_USB_US122L SND_USB_USX2Y SND_USB_VARIAX SND_VERBOSE_PROCFS SND_VIRMIDI SND_VIRTIO SND_VMASTER SND_X86 SOCK_VALIDATE_XMIT SOLARIS_X86_PARTITION SONY_FF SOUND SOUND_OSS_CORE SOUND_OSS_CORE_PRECLAIM SPI SPI_DLN2 SPI_DYNAMIC SPI_MASTER SQUASHFS SQUASHFS_4K_DEVBLK_SIZE SQUASHFS_COMPILE_DECOMP_SINGLE SQUASHFS_DECOMP_SINGLE SQUASHFS_FILE_DIRECT SQUASHFS_LZ4 SQUASHFS_LZO SQUASHFS_XATTR SQUASHFS_XZ SQUASHFS_ZLIB SQUASHFS_ZSTD SSB SSB_PCIHOST_POSSIBLE SSB_PCMCIAHOST_POSSIBLE SSB_SDIOHOST_POSSIBLE STAGING STP STREAM_PARSER SUNRPC_BACKCHANNEL SUN_PARTITION SW_SYNC SYSFB SYSV68_PARTITION SYSV_FS TABLET_USB_ACECAD TABLET_USB_AIPTEK TABLET_USB_HANWANG TABLET_USB_KBTAB TABLET_USB_PEGASUS TAHVO_USB TAHVO_USB_HOST_BY_DEFAULT TASKS_TRACE_RCU TCG_CRB TCG_TIS TCG_TIS_CORE TCG_TPM TCP_CONG_BBR TCP_CONG_BIC TCP_CONG_CDG TCP_CONG_DCTCP TCP_CONG_HSTCP TCP_CONG_HTCP TCP_CONG_HYBLA TCP_CONG_ILLINOIS TCP_CONG_LP TCP_CONG_NV TCP_CONG_SCALABLE TCP_CONG_VEGAS TCP_CONG_VENO TCP_CONG_WESTWOOD TCP_CONG_YEAH TEXTSEARCH TEXTSEARCH_BM TEXTSEARCH_FSM TEXTSEARCH_KMP THERMAL_NETLINK THP_SWAP THRUSTMASTER_FF TIPC TIPC_CRYPTO TIPC_DIAG TIPC_MEDIA_IB TIPC_MEDIA_UDP TLS TLS_TOE TMPFS_QUOTA TOUCHSCREEN_SUR40 TOUCHSCREEN_USB_3M TOUCHSCREEN_USB_COMPOSITE TOUCHSCREEN_USB_DMC_TSC10 TOUCHSCREEN_USB_E2I TOUCHSCREEN_USB_EASYTOUCH TOUCHSCREEN_USB_EGALAX TOUCHSCREEN_USB_ELO TOUCHSCREEN_USB_ETT_TC45USB TOUCHSCREEN_USB_ETURBO TOUCHSCREEN_USB_GENERAL_TOUCH TOUCHSCREEN_USB_GOTOP TOUCHSCREEN_USB_GUNZE TOUCHSCREEN_USB_IDEALTEK TOUCHSCREEN_USB_IRTOUCH TOUCHSCREEN_USB_ITM TOUCHSCREEN_USB_JASTEC TOUCHSCREEN_USB_NEXIO TOUCHSCREEN_USB_PANJIT TOUCHSCREEN_USB_ZYTRONIC TRANSPARENT_HUGEPAGE TRANSPARENT_HUGEPAGE_MADVISE TTPCI_EEPROM TTY_PRINTK TUN_VNET_CROSS_LE TWL4030_CORE TYPEC TYPEC_FUSB302 TYPEC_TCPCI TYPEC_TCPM TYPEC_TPS6598X TYPEC_UCSI UBIFS_ATIME_SUPPORT UBIFS_FS UBIFS_FS_ADVANCED_COMPR UBIFS_FS_LZO UBIFS_FS_SECURITY UBIFS_FS_XATTR UBIFS_FS_ZLIB UBIFS_FS_ZSTD UCSI_ACPI UDF_FS UDMABUF UFS_FS UFS_FS_WRITE UHID ULTRIX_PARTITION UNICODE UNIXWARE_DISKLABEL UNIX_DIAG USB4 USB4_NET USBIP_CORE USBIP_HOST USBIP_VHCI_HCD USBIP_VUDC USBPCWATCHDOG USB_ACM USB_ADUTUX USB_AIRSPY USB_ALI_M5632 USB_AN2720 USB_APPLEDISPLAY USB_ARMLINUX USB_BDC_UDC USB_BELKIN USB_C67X00_HCD USB_CATC USB_CDC_PHONET USB_CHAOSKEY USB_CHIPIDEA USB_CHIPIDEA_HOST USB_CHIPIDEA_PCI USB_CHIPIDEA_UDC USB_CONFIGFS USB_CONFIGFS_ACM USB_CONFIGFS_ECM USB_CONFIGFS_ECM_SUBSET USB_DWC2 USB_GADGET USB_MUSB_HDRC USB_NET_CDC_SUBSET USB_ROLE_SWITCH USB_STORAGE_REALTEK USB_ULPI_BUS USB_USBNET VIDEO_DEV VXLAN WIRELESS WLAN X86_HAVE_PAE ZONE_DEVICE]
disabling configs for [HANG LEAK UBSAN BUG LOCKDEP ATOMIC_SLEEP], they are not needed
picked [v6.7 v6.6 v6.5 v6.3 v6.1 v5.19 v5.17 v5.15 v5.12 v5.9 v5.6 v5.3 v5.0 v4.19] out of 30 release tags
testing release v6.7
testing commit 0dd3ee31125508cd67f7e7172247f05b7fd1753a gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: f4272dafcf88a88eea31ede1c3a72263628fc3415eee0ff717afb180bacb6862
run #0: crashed: KASAN: slab-use-after-free Read in mi_enum_attr
run #1: crashed: KASAN: slab-use-after-free Read in mi_enum_attr
run #2: crashed: KASAN: slab-use-after-free Read in mi_enum_attr
run #3: crashed: KASAN: slab-use-after-free Read in mi_enum_attr
run #4: crashed: KASAN: slab-use-after-free Read in mi_enum_attr
run #5: crashed: KASAN: slab-use-after-free Read in mi_enum_attr
run #6: crashed: KASAN: slab-use-after-free Read in mi_enum_attr
run #7: crashed: KASAN: slab-use-after-free Read in mi_enum_attr
run #8: crashed: KASAN: slab-use-after-free Read in mi_enum_attr
run #9: crashed: KASAN: slab-out-of-bounds Read in mi_enum_attr
run #10: crashed: KASAN: slab-use-after-free Read in mi_enum_attr
run #11: crashed: KASAN: use-after-free Read in mi_enum_attr
run #12: crashed: KASAN: use-after-free Read in mi_enum_attr
run #13: crashed: KASAN: slab-use-after-free Read in mi_enum_attr
run #14: OK
run #15: OK
run #16: OK
run #17: OK
run #18: OK
run #19: OK
representative crash: KASAN: slab-use-after-free Read in mi_enum_attr, types: [KASAN]
testing release v6.6
testing commit ffc253263a1375a65fa6c9f62a893e9767fbebfa gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: d787698d82899702658628e8aebd03276b4c9863e95c375a6437996331c2b045
run #0: crashed: KASAN: use-after-free Read in mi_enum_attr
run #1: crashed: KASAN: use-after-free Read in mi_enum_attr
run #2: crashed: KASAN: slab-out-of-bounds Read in mi_enum_attr
run #3: crashed: KASAN: slab-out-of-bounds Read in mi_enum_attr
run #4: crashed: KASAN: slab-use-after-free Read in mi_enum_attr
run #5: crashed: KASAN: slab-use-after-free Read in mi_enum_attr
run #6: crashed: KASAN: slab-use-after-free Read in mi_enum_attr
run #7: crashed: KASAN: slab-use-after-free Read in mi_enum_attr
run #8: OK
run #9: OK
run #10: OK
run #11: OK
run #12: OK
run #13: OK
run #14: OK
run #15: OK
run #16: OK
run #17: OK
run #18: OK
run #19: OK
representative crash: KASAN: use-after-free Read in mi_enum_attr, types: [KASAN]
testing release v6.5
testing commit 2dde18cd1d8fac735875f2e4987f11817cc0bc2c gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 85e2450cd7c107b7dfe7363c4bafb327dc01863ae0a78d1f8a84c248379447d0
run #0: crashed: KASAN: slab-out-of-bounds Read in mi_enum_attr
run #1: crashed: KASAN: slab-out-of-bounds Read in mi_enum_attr
run #2: crashed: KASAN: slab-use-after-free Read in mi_enum_attr
run #3: crashed: KASAN: slab-out-of-bounds Read in mi_enum_attr
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
run #10: OK
run #11: OK
run #12: OK
run #13: OK
run #14: OK
run #15: OK
run #16: OK
run #17: OK
run #18: OK
run #19: OK
representative crash: KASAN: slab-out-of-bounds Read in mi_enum_attr, types: [KASAN]
testing release v6.3
testing commit 457391b0380335d5e9a5babdec90ac53928b23b4 gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: da94a51fd6bda17153dfb4b623d63aac1d8eb1f2ef443f4b6e2852f9af9cdcd0
run #0: crashed: KASAN: slab-use-after-free Read in mi_enum_attr
run #1: crashed: KASAN: slab-out-of-bounds Read in mi_enum_attr
run #2: crashed: KASAN: slab-out-of-bounds Read in mi_enum_attr
run #3: crashed: KASAN: slab-use-after-free Read in mi_enum_attr
run #4: crashed: KASAN: use-after-free Read in mi_enum_attr
run #5: crashed: KASAN: use-after-free Read in mi_enum_attr
run #6: crashed: KASAN: slab-use-after-free Read in mi_enum_attr
run #7: crashed: KASAN: use-after-free Read in mi_enum_attr
run #8: crashed: KASAN: slab-use-after-free Read in mi_enum_attr
run #9: OK
run #10: OK
run #11: OK
run #12: OK
run #13: OK
run #14: OK
run #15: OK
run #16: OK
run #17: OK
run #18: OK
run #19: OK
representative crash: KASAN: slab-use-after-free Read in mi_enum_attr, types: [KASAN]
testing release v6.1
testing commit 830b3c68c1fb1e9176028d02ef86f3cf76aa2476 gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: bc4020507a2eb6aed64c3a1dbd1720f63fce4bb7534e4d4f828fb435e11fbe7f
run #0: crashed: KASAN: use-after-free Read in mi_enum_attr
run #1: crashed: KASAN: use-after-free Read in mi_enum_attr
run #2: crashed: KASAN: slab-out-of-bounds Read in mi_enum_attr
run #3: OK
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
run #10: OK
run #11: OK
run #12: OK
run #13: OK
run #14: OK
run #15: OK
run #16: OK
run #17: OK
run #18: OK
run #19: OK
representative crash: KASAN: use-after-free Read in mi_enum_attr, types: [KASAN]
testing release v5.19
testing commit 3d7cb6b04c3f3115719235cc6866b10326de34cd gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: fee31775f81b9c6c9e6254be0e9df4a19e92ac8fbdfad84488ea3841009634d2
run #0: crashed: KASAN: use-after-free Read in mi_enum_attr
run #1: crashed: KASAN: slab-out-of-bounds Read in mi_enum_attr
run #2: crashed: KASAN: use-after-free Read in mi_enum_attr
run #3: crashed: KASAN: use-after-free Read in mi_enum_attr
run #4: crashed: KASAN: use-after-free Read in mi_enum_attr
run #5: crashed: KASAN: use-after-free Read in mi_enum_attr
run #6: crashed: KASAN: use-after-free Read in mi_enum_attr
run #7: crashed: KASAN: slab-out-of-bounds Read in mi_enum_attr
run #8: crashed: KASAN: use-after-free Read in mi_enum_attr
run #9: crashed: KASAN: use-after-free Read in mi_enum_attr
run #10: crashed: KASAN: use-after-free Read in mi_enum_attr
run #11: crashed: KASAN: use-after-free Read in mi_enum_attr
run #12: crashed: KASAN: use-after-free Read in mi_enum_attr
run #13: crashed: KASAN: use-after-free Read in mi_enum_attr
run #14: crashed: KASAN: use-after-free Read in mi_enum_attr
run #15: OK
run #16: OK
run #17: OK
run #18: OK
run #19: OK
representative crash: KASAN: use-after-free Read in mi_enum_attr, types: [KASAN]
testing release v5.17
testing commit f443e374ae131c168a065ea1748feac6b2e76613 gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 0fdd4eaccd9c4c950d29ee29a0dfb574b683d5a10dab0f3097826a78bae2f323
run #0: crashed: KASAN: use-after-free Read in mi_enum_attr
run #1: crashed: KASAN: use-after-free Read in mi_enum_attr
run #2: crashed: KASAN: use-after-free Read in mi_enum_attr
run #3: crashed: KASAN: use-after-free Read in mi_enum_attr
run #4: crashed: KASAN: use-after-free Read in mi_enum_attr
run #5: crashed: KASAN: use-after-free Read in mi_enum_attr
run #6: crashed: KASAN: use-after-free Read in mi_enum_attr
run #7: crashed: KASAN: use-after-free Read in mi_enum_attr
run #8: crashed: KASAN: use-after-free Read in mi_enum_attr
run #9: OK
run #10: OK
run #11: OK
run #12: OK
run #13: OK
run #14: OK
run #15: OK
run #16: OK
run #17: OK
run #18: OK
run #19: OK
representative crash: KASAN: use-after-free Read in mi_enum_attr, types: [KASAN]
testing release v5.15
testing commit 8bb7eca972ad531c9b149c0a51ab43a417385813 gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 431a776c9dd38ae5a30a1847cbd7943cd6c4265ede0b69415288df7e4982bc34
all runs: OK
false negative chance: 0.000
# git bisect start f443e374ae131c168a065ea1748feac6b2e76613 8bb7eca972ad531c9b149c0a51ab43a417385813
Bisecting: 14802 revisions left to test after this (roughly 14 steps)
[0109841fc4565bb3cefcdfb2991da0c47cd94b23] Merge tag 'mlx5-updates-2021-12-02' of git://git.kernel.org/pub/scm/linux/kernel/git/saeed/linux

testing commit 0109841fc4565bb3cefcdfb2991da0c47cd94b23 gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: d7b5853bfca699a3cef70fb774d1a8a43724f81d3153c297b0d5ce3c44e8ec79
all runs: OK
false negative chance: 0.000
# git bisect good 0109841fc4565bb3cefcdfb2991da0c47cd94b23
Bisecting: 7349 revisions left to test after this (roughly 13 steps)
[e3084ed48fd6b661fe434da0cb36d7d6706cf27f] Merge tag 'pinctrl-v5.17-1' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl

testing commit e3084ed48fd6b661fe434da0cb36d7d6706cf27f gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 3557a2d3a435eccfdcaddd42a83cf772a55820f8fa9551af14fb2d3d236a6252
run #0: crashed: KASAN: use-after-free Read in mi_enum_attr
run #1: crashed: KASAN: use-after-free Read in mi_enum_attr
run #2: crashed: KASAN: slab-out-of-bounds Read in mi_enum_attr
run #3: crashed: KASAN: slab-out-of-bounds Read in mi_enum_attr
run #4: crashed: KASAN: slab-out-of-bounds Read in mi_enum_attr
run #5: crashed: KASAN: slab-out-of-bounds Read in mi_enum_attr
run #6: crashed: KASAN: slab-out-of-bounds Read in mi_enum_attr
run #7: crashed: KASAN: use-after-free Read in mi_enum_attr
run #8: crashed: KASAN: slab-out-of-bounds Read in mi_enum_attr
run #9: crashed: KASAN: use-after-free Read in mi_enum_attr
run #10: crashed: KASAN: use-after-free Read in mi_enum_attr
run #11: crashed: KASAN: use-after-free Read in mi_enum_attr
run #12: OK
run #13: OK
run #14: OK
run #15: OK
run #16: OK
run #17: OK
run #18: OK
run #19: OK
representative crash: KASAN: use-after-free Read in mi_enum_attr, types: [KASAN]
# git bisect bad e3084ed48fd6b661fe434da0cb36d7d6706cf27f
Bisecting: 3787 revisions left to test after this (roughly 12 steps)
[75b950ef6166e4ef52e43e7ec80985c5705f7e81] Revert "drm/amd/display: Fix for otg synchronization logic"

testing commit 75b950ef6166e4ef52e43e7ec80985c5705f7e81 gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: b39c2714cbb8664c0937ee9fa7403d415bb1d4e3b33dfeb326ac3f1fe32bfb41
run #0: crashed: KASAN: slab-out-of-bounds Read in mi_enum_attr
run #1: crashed: KASAN: use-after-free Read in mi_enum_attr
run #2: crashed: KASAN: use-after-free Read in mi_enum_attr
run #3: crashed: KASAN: use-after-free Read in mi_enum_attr
run #4: crashed: KASAN: use-after-free Read in mi_enum_attr
run #5: crashed: KASAN: slab-out-of-bounds Read in mi_enum_attr
run #6: crashed: KASAN: use-after-free Read in mi_enum_attr
run #7: OK
run #8: OK
run #9: OK
run #10: OK
run #11: OK
run #12: OK
run #13: OK
run #14: OK
run #15: OK
run #16: OK
run #17: OK
run #18: OK
run #19: OK
representative crash: KASAN: slab-out-of-bounds Read in mi_enum_attr, types: [KASAN]
# git bisect bad 75b950ef6166e4ef52e43e7ec80985c5705f7e81
Bisecting: 1836 revisions left to test after this (roughly 11 steps)
[cb6846fbb83b574c85c2a80211b402a6347b60b1] Merge tag 'amd-drm-next-5.17-2021-12-30' of ssh://gitlab.freedesktop.org/agd5f/linux into drm-next

testing commit cb6846fbb83b574c85c2a80211b402a6347b60b1 gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 08b33a050f9bc2cac54f41bd48592037803e682e88911acd65f70169d7648a4a
all runs: OK
false negative chance: 0.000
# git bisect good cb6846fbb83b574c85c2a80211b402a6347b60b1
Bisecting: 993 revisions left to test after this (roughly 10 steps)
[e85195d5bf8979f6db3f12cf8f1294887bf6b037] Merge tag 'drivers-5.17' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc

testing commit e85195d5bf8979f6db3f12cf8f1294887bf6b037 gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 7427bcd19da79d419f97be15209efeaba1202ac54b0002e90d13e2e98ce828b9
run #0: crashed: KASAN: use-after-free Read in mi_enum_attr
run #1: crashed: KASAN: slab-out-of-bounds Read in mi_enum_attr
run #2: crashed: KASAN: use-after-free Read in mi_enum_attr
run #3: crashed: KASAN: use-after-free Read in mi_enum_attr
run #4: crashed: KASAN: use-after-free Read in mi_enum_attr
run #5: crashed: KASAN: slab-out-of-bounds Read in mi_enum_attr
run #6: crashed: KASAN: slab-out-of-bounds Read in mi_enum_attr
run #7: OK
run #8: OK
run #9: OK
run #10: OK
run #11: OK
run #12: OK
run #13: OK
run #14: OK
run #15: OK
run #16: OK
run #17: OK
run #18: OK
run #19: OK
representative crash: KASAN: use-after-free Read in mi_enum_attr, types: [KASAN]
# git bisect bad e85195d5bf8979f6db3f12cf8f1294887bf6b037
Bisecting: 419 revisions left to test after this (roughly 9 steps)
[7a29b11da9651ef6a970e2f6bfd276f053aeb06a] Merge tag '5.16-rc5-ksmbd-fixes' of git://git.samba.org/ksmbd

testing commit 7a29b11da9651ef6a970e2f6bfd276f053aeb06a gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: f3c876758f41407aa1dfaaa2216660eb951c3561efa26101b206d93f70bf73d0
all runs: OK
false negative chance: 0.000
# git bisect good 7a29b11da9651ef6a970e2f6bfd276f053aeb06a
Bisecting: 198 revisions left to test after this (roughly 8 steps)
[75acfdb6fd922598a408a0d864486aeb167c1a97] Merge tag 'net-5.16-final' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net

testing commit 75acfdb6fd922598a408a0d864486aeb167c1a97 gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 9ca4cdbe198fe2706af4b1eb5b0a8bba17b54e1ff4c58d16453147bde83c6348
all runs: OK
false negative chance: 0.000
# git bisect good 75acfdb6fd922598a408a0d864486aeb167c1a97
Bisecting: 89 revisions left to test after this (roughly 7 steps)
[13ee75c7b57c546f7973984d9a87cfa7d73cbf5c] Merge tag 'qcom-drivers-for-5.17' of git://git.kernel.org/pub/scm/linux/kernel/git/qcom/linux into arm/drivers

testing commit 13ee75c7b57c546f7973984d9a87cfa7d73cbf5c gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 98fb19583d700556bf670d708a49f242805a369fbb634ea00d866b45ba5e77a4
all runs: OK
false negative chance: 0.000
# git bisect good 13ee75c7b57c546f7973984d9a87cfa7d73cbf5c
Bisecting: 44 revisions left to test after this (roughly 6 steps)
[df5bc0aa7ff6e2e14cb75182b4eda20253c711d4] Revert "drm/amdgpu: stop scheduler when calling hw_fini (v2)"

testing commit df5bc0aa7ff6e2e14cb75182b4eda20253c711d4 gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: a61f635bd864f1233dcfff6e45e52dfd9b21ebfce647dda7aca1512f97a283df
all runs: OK
false negative chance: 0.000
# git bisect good df5bc0aa7ff6e2e14cb75182b4eda20253c711d4
Bisecting: 20 revisions left to test after this (roughly 5 steps)
[1135ec008ef3745cd1cee5bc543cfe48427c22a9] Merge tag 'soc-5.17' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc

testing commit 1135ec008ef3745cd1cee5bc543cfe48427c22a9 gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 7cf9094982823d1b6e3df46261a1bd93811d7cb379e3c4f96a5e982d8c74a524
run #0: crashed: KASAN: slab-out-of-bounds Read in mi_enum_attr
run #1: crashed: KASAN: slab-out-of-bounds Read in mi_enum_attr
run #2: crashed: KASAN: slab-out-of-bounds Read in mi_enum_attr
run #3: crashed: KASAN: use-after-free Read in mi_enum_attr
run #4: crashed: KASAN: use-after-free Read in mi_enum_attr
run #5: crashed: KASAN: slab-out-of-bounds Read in mi_enum_attr
run #6: crashed: KASAN: use-after-free Read in mi_enum_attr
run #7: crashed: KASAN: use-after-free Read in mi_enum_attr
run #8: crashed: KASAN: use-after-free Read in mi_enum_attr
run #9: crashed: KASAN: use-after-free Read in mi_enum_attr
run #10: OK
run #11: OK
run #12: OK
run #13: OK
run #14: OK
run #15: OK
run #16: OK
run #17: OK
run #18: OK
run #19: OK
representative crash: KASAN: slab-out-of-bounds Read in mi_enum_attr, types: [KASAN]
# git bisect bad 1135ec008ef3745cd1cee5bc543cfe48427c22a9
Bisecting: 11 revisions left to test after this (roughly 4 steps)
[e91aad4b604a62661eb3e51027840bbd4173a78a] Merge tag 'samsung-soc-5.17' of git://git.kernel.org/pub/scm/linux/kernel/git/krzk/linux into arm/soc

testing commit e91aad4b604a62661eb3e51027840bbd4173a78a gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 477288f44f201f096d01a3de4fb1e57017088b3501f619cd8d4161bccaafef65
all runs: OK
false negative chance: 0.000
# git bisect good e91aad4b604a62661eb3e51027840bbd4173a78a
Bisecting: 6 revisions left to test after this (roughly 3 steps)
[95350123bb5568a7d95e3789225144bd1a154274] Merge tag 'soc-fixes-5.16-5' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc

testing commit 95350123bb5568a7d95e3789225144bd1a154274 gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: a61f635bd864f1233dcfff6e45e52dfd9b21ebfce647dda7aca1512f97a283df
all runs: OK
false negative chance: 0.000
# git bisect good 95350123bb5568a7d95e3789225144bd1a154274
Bisecting: 3 revisions left to test after this (roughly 2 steps)
[fe47ec5fa8ec223691f280bb8395fdc79548ecd4] Merge tag 'arm-soc/for-5.17/maintainers' of https://github.com/Broadcom/stblinux into arm/soc

testing commit fe47ec5fa8ec223691f280bb8395fdc79548ecd4 gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 477288f44f201f096d01a3de4fb1e57017088b3501f619cd8d4161bccaafef65
all runs: OK
false negative chance: 0.000
# git bisect good fe47ec5fa8ec223691f280bb8395fdc79548ecd4
Bisecting: 1 revision left to test after this (roughly 1 step)
[e900deb2482002a9c10b77c750f63fba928fe142] Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input

testing commit e900deb2482002a9c10b77c750f63fba928fe142 gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: a61f635bd864f1233dcfff6e45e52dfd9b21ebfce647dda7aca1512f97a283df
all runs: OK
false negative chance: 0.000
# git bisect good e900deb2482002a9c10b77c750f63fba928fe142
Bisecting: 0 revisions left to test after this (roughly 0 steps)
[df0cc57e057f18e44dac8e6c18aba47ab53202f9] Linux 5.16

testing commit df0cc57e057f18e44dac8e6c18aba47ab53202f9 gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 7cf9094982823d1b6e3df46261a1bd93811d7cb379e3c4f96a5e982d8c74a524
run #0: crashed: KASAN: use-after-free Read in mi_enum_attr
run #1: crashed: KASAN: use-after-free Read in mi_enum_attr
run #2: crashed: KASAN: slab-out-of-bounds Read in mi_enum_attr
run #3: crashed: KASAN: use-after-free Read in mi_enum_attr
run #4: crashed: KASAN: slab-out-of-bounds Read in mi_enum_attr
run #5: crashed: KASAN: use-after-free Read in mi_enum_attr
run #6: OK
run #7: OK
run #8: OK
run #9: OK
run #10: OK
run #11: OK
run #12: OK
run #13: OK
run #14: OK
run #15: OK
run #16: OK
run #17: OK
run #18: OK
run #19: OK
representative crash: KASAN: use-after-free Read in mi_enum_attr, types: [KASAN]
# git bisect bad df0cc57e057f18e44dac8e6c18aba47ab53202f9
df0cc57e057f18e44dac8e6c18aba47ab53202f9 is the first bad commit
commit df0cc57e057f18e44dac8e6c18aba47ab53202f9
Author: Linus Torvalds <torvalds@linux-foundation.org>
Date:   Sun Jan 9 14:55:34 2022 -0800

    Linux 5.16

 Makefile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

accumulated error probability: 0.00
culprit signature: 7cf9094982823d1b6e3df46261a1bd93811d7cb379e3c4f96a5e982d8c74a524
parent  signature: a61f635bd864f1233dcfff6e45e52dfd9b21ebfce647dda7aca1512f97a283df
reproducer is flaky (0.34 repro chance estimate)
revisions tested: 30, total time: 8h24m18.679584748s (build: 1h58m58.351536529s, test: 6h15m41.972832412s)
first bad commit: df0cc57e057f18e44dac8e6c18aba47ab53202f9 Linux 5.16
recipients (to): ["torvalds@linux-foundation.org"]
recipients (cc): []
crash: KASAN: use-after-free Read in mi_enum_attr
==================================================================
BUG: KASAN: use-after-free in mi_enum_attr+0x365/0x480 fs/ntfs3/record.c:227
Read of size 4 at addr ffff88800c7d9b45 by task syz-executor.2/3809

CPU: 1 PID: 3809 Comm: syz-executor.2 Not tainted 5.16.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0xf4/0x251 lib/dump_stack.c:106
 print_address_description+0x62/0x350 mm/kasan/report.c:247
 __kasan_report mm/kasan/report.c:433 [inline]
 kasan_report+0x16b/0x1c0 mm/kasan/report.c:450
 mi_enum_attr+0x365/0x480 fs/ntfs3/record.c:227
 mi_find_attr+0x54/0x200 fs/ntfs3/record.c:296
 ni_find_attr+0x46c/0x680 fs/ntfs3/frecord.c:217
 ntfs_readlink_hlp+0xa2/0x960 fs/ntfs3/inode.c:1782
 ntfs_get_link+0x68/0xe0 fs/ntfs3/inode.c:1923
 pick_link+0x4f2/0xb70
 step_into+0x918/0xc20 fs/namei.c:1826
 open_last_lookups fs/namei.c:3373 [inline]
 path_openat+0x14ed/0x2700 fs/namei.c:3556
 do_filp_open+0x208/0x400 fs/namei.c:3586
 do_sys_openat2+0x10b/0x430 fs/open.c:1212
 do_sys_open fs/open.c:1228 [inline]
 __do_sys_open fs/open.c:1236 [inline]
 __se_sys_open fs/open.c:1232 [inline]
 __x64_sys_open+0x1eb/0x240 fs/open.c:1232
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x45/0xa0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x7ff7fe900da9
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ff7fe4620c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000002
RAX: ffffffffffffffda RBX: 00007ff7fea30050 RCX: 00007ff7fe900da9
RDX: 0000000000000065 RSI: 0000000000000080 RDI: 0000000020000440
RBP: 00007ff7fe94d47a R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000006 R14: 00007ff7fea30050 R15: 00007fff5b205b78
 </TASK>

Allocated by task 3767:
 kasan_save_stack mm/kasan/common.c:38 [inline]
 kasan_set_track mm/kasan/common.c:46 [inline]
 set_alloc_info mm/kasan/common.c:434 [inline]
 __kasan_slab_alloc+0xb1/0xf0 mm/kasan/common.c:467
 kasan_slab_alloc include/linux/kasan.h:259 [inline]
 slab_post_alloc_hook+0x54/0x2f0 mm/slab.h:519
 slab_alloc_node mm/slub.c:3234 [inline]
 slab_alloc mm/slub.c:3242 [inline]
 kmem_cache_alloc+0x107/0x2a0 mm/slub.c:3247
 getname_flags+0x9c/0x430 fs/namei.c:138
 getname fs/namei.c:217 [inline]
 __do_sys_renameat fs/namei.c:4817 [inline]
 __se_sys_renameat fs/namei.c:4814 [inline]
 __x64_sys_renameat+0x9f/0xc0 fs/namei.c:4814
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x45/0xa0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x44/0xae

Freed by task 3767:
 kasan_save_stack mm/kasan/common.c:38 [inline]
 kasan_set_track+0x4b/0x80 mm/kasan/common.c:46
 kasan_set_free_info+0x1f/0x40 mm/kasan/generic.c:370
 ____kasan_slab_free+0x102/0x140 mm/kasan/common.c:366
 kasan_slab_free include/linux/kasan.h:235 [inline]
 slab_free_hook mm/slub.c:1723 [inline]
 slab_free_freelist_hook+0x12c/0x1a0 mm/slub.c:1749
 slab_free mm/slub.c:3513 [inline]
 kmem_cache_free+0xc8/0x1f0 mm/slub.c:3530
 putname fs/namei.c:270 [inline]
 do_renameat2+0xfe3/0x1140 fs/namei.c:4803
 __do_sys_renameat fs/namei.c:4817 [inline]
 __se_sys_renameat fs/namei.c:4814 [inline]
 __x64_sys_renameat+0xb3/0xc0 fs/namei.c:4814
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x45/0xa0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x44/0xae

The buggy address belongs to the object at ffff88800c7d9100
 which belongs to the cache names_cache of size 4096
The buggy address is located 2629 bytes inside of
 4096-byte region [ffff88800c7d9100, ffff88800c7da100)
The buggy address belongs to the page:
page:ffffea000031f600 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0xc7d8
head:ffffea000031f600 order:3 compound_mapcount:0 compound_pincount:0
flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000010200 dead000000000100 dead000000000122 ffff8881400073c0
raw: 0000000000000000 0000000000070007 00000001ffffffff 0000000000000000
page dumped because: kasan: bad access detected
page_owner tracks the page as allocated
page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1088, ts 48990608652, free_ts 48976482592
 prep_new_page mm/page_alloc.c:2418 [inline]
 get_page_from_freelist+0x3191/0x3340 mm/page_alloc.c:4149
 __alloc_pages+0x277/0x700 mm/page_alloc.c:5369
 alloc_slab_page mm/slub.c:1793 [inline]
 allocate_slab mm/slub.c:1930 [inline]
 new_slab+0x9c/0x440 mm/slub.c:1993
 ___slab_alloc+0x5c1/0xac0 mm/slub.c:3022
 __slab_alloc mm/slub.c:3109 [inline]
 slab_alloc_node mm/slub.c:3200 [inline]
 slab_alloc mm/slub.c:3242 [inline]
 kmem_cache_alloc+0x19e/0x2a0 mm/slub.c:3247
 getname_flags+0x9c/0x430 fs/namei.c:138
 user_path_at_empty+0x1e/0x140 fs/namei.c:2800
 user_path_at include/linux/namei.h:57 [inline]
 vfs_statx+0xe3/0x320 fs/stat.c:221
 vfs_fstatat fs/stat.c:243 [inline]
 __do_sys_newfstatat fs/stat.c:412 [inline]
 __se_sys_newfstatat+0xc4/0x730 fs/stat.c:406
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x45/0xa0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x44/0xae
page last free stack trace:
 reset_page_owner include/linux/page_owner.h:24 [inline]
 free_pages_prepare mm/page_alloc.c:1338 [inline]
 free_pcp_prepare mm/page_alloc.c:1389 [inline]
 free_unref_page_prepare+0xb5f/0xc10 mm/page_alloc.c:3309
 free_unref_page+0x95/0x280 mm/page_alloc.c:3388
 free_slab mm/slub.c:2033 [inline]
 discard_slab mm/slub.c:2039 [inline]
 __unfreeze_partials+0x1af/0x210 mm/slub.c:2527
 put_cpu_partial+0xdc/0x120 mm/slub.c:2603
 do_slab_free mm/slub.c:3501 [inline]
 ___cache_free+0xe3/0x100 mm/slub.c:3520
 qlist_free_all+0x36/0x90 mm/kasan/quarantine.c:165
 kasan_quarantine_reduce+0x162/0x190 mm/kasan/quarantine.c:272
 __kasan_slab_alloc+0x2f/0xf0 mm/kasan/common.c:444
 kasan_slab_alloc include/linux/kasan.h:259 [inline]
 slab_post_alloc_hook+0x54/0x2f0 mm/slab.h:519
 slab_alloc_node mm/slub.c:3234 [inline]
 slab_alloc mm/slub.c:3242 [inline]
 __kmalloc+0x130/0x320 mm/slub.c:4419
 kmalloc include/linux/slab.h:595 [inline]
 load_elf_phdrs fs/binfmt_elf.c:480 [inline]
 load_elf_binary+0x23a/0x2240 fs/binfmt_elf.c:860
 search_binary_handler fs/exec.c:1723 [inline]
 exec_binprm fs/exec.c:1764 [inline]
 bprm_execve+0x785/0x1230 fs/exec.c:1833
 kernel_execve+0x657/0x720 fs/exec.c:1976
 call_usermodehelper_exec_async+0x1fc/0x310 kernel/umh.c:112
 ret_from_fork+0x1f/0x30

Memory state around the buggy address:
 ffff88800c7d9a00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
 ffff88800c7d9a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
>ffff88800c7d9b00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
                                           ^
 ffff88800c7d9b80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
 ffff88800c7d9c00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
==================================================================