ci starts bisection 2023-11-05 00:50:14.109549516 +0000 UTC m=+100454.285761175 bisecting cause commit starting from 90b0c2b2edd1adff742c621e246562fbefa11b70 building syzkaller on 500bfdc41735bc8d617cbfd4f1ab6b5980c8f1e5 ensuring issue is reproducible on original commit 90b0c2b2edd1adff742c621e246562fbefa11b70 testing commit 90b0c2b2edd1adff742c621e246562fbefa11b70 gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 2c7783721d9ddad2222cfd8852f8390b94ff8d8331ae101222e94277d9f752e0 run #0: crashed: KASAN: slab-use-after-free Read in btrfs_qgroup_account_extent run #1: crashed: KASAN: slab-use-after-free Read in btrfs_qgroup_account_extent run #2: crashed: KASAN: slab-use-after-free Read in btrfs_qgroup_account_extent run #3: crashed: KASAN: slab-use-after-free Read in btrfs_qgroup_account_extent run #4: crashed: KASAN: slab-use-after-free Read in btrfs_qgroup_account_extent run #5: crashed: KASAN: slab-use-after-free Read in btrfs_qgroup_account_extent run #6: crashed: KASAN: slab-use-after-free Read in btrfs_qgroup_account_extent run #7: crashed: KASAN: slab-use-after-free Read in btrfs_qgroup_account_extent run #8: crashed: KASAN: slab-use-after-free Read in btrfs_qgroup_account_extent run #9: crashed: KASAN: slab-use-after-free Read in btrfs_qgroup_account_extent run #10: crashed: KASAN: slab-use-after-free Read in btrfs_qgroup_account_extent run #11: crashed: KASAN: slab-use-after-free Read in btrfs_qgroup_account_extent run #12: OK run #13: OK run #14: OK run #15: OK run #16: OK run #17: OK run #18: OK run #19: OK representative crash: KASAN: slab-use-after-free Read in btrfs_qgroup_account_extent, types: [KASAN] check whether we can drop unnecessary instrumentation disabling configs for [UBSAN BUG LOCKDEP ATOMIC_SLEEP HANG LEAK], they are not needed testing commit 90b0c2b2edd1adff742c621e246562fbefa11b70 gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: c1f323cc2e304e6b23b06e3b40d346be51e8a5facba3a1af8e0e37393921a421 run #0: crashed: KASAN: slab-use-after-free Read in btrfs_qgroup_account_extent run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK representative crash: KASAN: slab-use-after-free Read in btrfs_qgroup_account_extent, types: [KASAN] kconfig minimization: base=3938 full=7662 leaves diff=1997 split chunks (needed=false): <1997> split chunk #0 of len 1997 into 5 parts testing without sub-chunk 1/5 testing commit 90b0c2b2edd1adff742c621e246562fbefa11b70 gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: f002619201c6793377e82af41a7d51505e6d54de1d3a487b822dd5ef5f214678 all runs: OK false negative chance: 0.000 testing without sub-chunk 2/5 testing commit 90b0c2b2edd1adff742c621e246562fbefa11b70 gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 9721feedcc24bd4da2755a930f5dae3d894b412e2e1d94fb6b8e0cd6eaf6ea36 run #0: crashed: KASAN: slab-use-after-free Read in btrfs_qgroup_account_extent run #1: crashed: KASAN: slab-use-after-free Read in btrfs_qgroup_account_extent run #2: crashed: KASAN: slab-use-after-free Read in btrfs_qgroup_account_extent run #3: crashed: KASAN: slab-use-after-free Read in btrfs_qgroup_account_extent run #4: crashed: KASAN: slab-use-after-free Read in btrfs_qgroup_account_extent run #5: crashed: KASAN: slab-use-after-free Read in btrfs_qgroup_account_extent run #6: crashed: KASAN: slab-use-after-free Read in btrfs_qgroup_account_extent run #7: crashed: KASAN: slab-use-after-free Read in btrfs_qgroup_account_extent run #8: crashed: KASAN: slab-use-after-free Read in btrfs_qgroup_account_extent run #9: crashed: KASAN: slab-use-after-free Read in btrfs_qgroup_account_extent run #10: crashed: KASAN: slab-use-after-free Read in btrfs_qgroup_account_extent run #11: OK run #12: OK run #13: OK run #14: OK run #15: OK run #16: OK run #17: OK run #18: OK run #19: crashed: BUG: MAX_LOCKDEP_KEYS too low! representative crash: KASAN: slab-use-after-free Read in btrfs_qgroup_account_extent, types: [KASAN] the chunk can be dropped testing without sub-chunk 3/5 testing commit 90b0c2b2edd1adff742c621e246562fbefa11b70 gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 6737dcd0cb3f12805e57ccad0cb6c5163e0ed7dc073b0a19d57dd4d1597e4811 run #0: crashed: KASAN: slab-use-after-free Read in btrfs_qgroup_account_extent run #1: crashed: KASAN: slab-use-after-free Read in btrfs_qgroup_account_extent run #2: crashed: KASAN: slab-use-after-free Read in btrfs_qgroup_account_extent run #3: crashed: KASAN: slab-use-after-free Read in btrfs_qgroup_account_extent run #4: crashed: KASAN: slab-use-after-free Read in btrfs_qgroup_account_extent run #5: crashed: KASAN: slab-use-after-free Read in btrfs_qgroup_account_extent run #6: crashed: KASAN: slab-use-after-free Read in btrfs_qgroup_account_extent run #7: crashed: KASAN: slab-use-after-free Read in btrfs_qgroup_account_extent run #8: crashed: KASAN: slab-use-after-free Read in btrfs_qgroup_account_extent run #9: crashed: KASAN: slab-use-after-free Read in btrfs_qgroup_account_extent run #10: crashed: BUG: MAX_LOCKDEP_KEYS too low! run #11: OK run #12: OK run #13: OK run #14: OK run #15: OK run #16: OK run #17: OK run #18: OK run #19: OK representative crash: KASAN: slab-use-after-free Read in btrfs_qgroup_account_extent, types: [KASAN] the chunk can be dropped testing without sub-chunk 4/5 testing commit 90b0c2b2edd1adff742c621e246562fbefa11b70 gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 6f2efe3733702092c2bf95517132e568713b4897c1c1d21d3b273dcfb1056a24 all runs: OK false negative chance: 0.000 testing without sub-chunk 5/5 testing commit 90b0c2b2edd1adff742c621e246562fbefa11b70 gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 71b5e5458325a54badaa583f4d6834ec9eaa12eaf99e9a3b83c822b2015645c6 run #0: crashed: KASAN: slab-use-after-free Read in btrfs_qgroup_account_extent run #1: crashed: KASAN: slab-use-after-free Read in btrfs_qgroup_account_extent run #2: crashed: KASAN: slab-use-after-free Read in btrfs_qgroup_account_extent run #3: crashed: KASAN: slab-use-after-free Read in btrfs_qgroup_account_extent run #4: crashed: BUG: MAX_LOCKDEP_KEYS too low! run #5: crashed: KASAN: slab-use-after-free Read in btrfs_qgroup_account_extent run #6: crashed: KASAN: slab-use-after-free Read in btrfs_qgroup_account_extent run #7: crashed: BUG: MAX_LOCKDEP_KEYS too low! run #8: OK run #9: OK run #10: OK run #11: OK run #12: OK run #13: OK run #14: OK run #15: OK run #16: OK run #17: OK run #18: OK run #19: OK representative crash: KASAN: slab-use-after-free Read in btrfs_qgroup_account_extent, types: [KASAN] the chunk can be dropped minimized to 800 configs; suspects: [6LOWPAN 6LOWPAN_GHC_EXT_HDR_DEST 6LOWPAN_GHC_EXT_HDR_FRAG 6LOWPAN_GHC_EXT_HDR_HOP 6LOWPAN_GHC_EXT_HDR_ROUTE 6LOWPAN_GHC_ICMPV6 6LOWPAN_GHC_UDP 6LOWPAN_NHC 6LOWPAN_NHC_DEST 6LOWPAN_NHC_FRAGMENT 6LOWPAN_NHC_HOP 6LOWPAN_NHC_IPV6 6LOWPAN_NHC_MOBILITY 6LOWPAN_NHC_ROUTING 6LOWPAN_NHC_UDP 6PACK 842_COMPRESS 842_DECOMPRESS 9P_FSCACHE 9P_FS_POSIX_ACL 9P_FS_SECURITY ACORN_PARTITION ACORN_PARTITION_ADFS ACORN_PARTITION_CUMANA ACORN_PARTITION_EESOX ACORN_PARTITION_ICS ACORN_PARTITION_POWERTEC ACORN_PARTITION_RISCIX ACPI_NFIT ACPI_PLATFORM_PROFILE ADDRESS_MASKING ADFS_FS AFFS_FS AFS_FS AFS_FSCACHE AF_KCM AF_RXRPC AF_RXRPC_IPV6 AIX_PARTITION AMIGA_PARTITION ANDROID_BINDERFS ANDROID_BINDER_IPC ANON_VMA_NAME APERTURE_HELPERS AR5523 ARCH_ENABLE_MEMORY_HOTREMOVE ARCH_ENABLE_THP_MIGRATION ARCH_WANT_PMD_MKWRITE ASM_MODVERSIONS ASYNC_CORE ASYNC_MEMCPY ASYNC_PQ ASYNC_RAID6_RECOV ASYNC_TX_DMA ASYNC_XOR ATARI_PARTITION ATA_GENERIC ATA_OVER_ETH ATH10K ATH10K_CE ATH10K_PCI ATH10K_USB ATH11K ATH6KL ATH6KL_USB ATH9K ATH9K_AHB ATH9K_BTCOEX_SUPPORT ATH9K_CHANNEL_CONTEXT ATH9K_COMMON ATH9K_COMMON_DEBUG ATH9K_DEBUGFS ATH9K_DYNACK ATH9K_HTC ATH9K_HTC_DEBUGFS ATH9K_HW ATH9K_PCI ATH9K_PCOEM ATH9K_RFKILL ATH_COMMON ATM ATM_BR2684 ATM_CLIP ATM_DRIVERS ATM_LANE ATM_MPOA ATM_TCP AUXILIARY_BUS AX25 AX25_DAMA_SLAVE AX88796B_PHY BAREUDP BATMAN_ADV BATMAN_ADV_BATMAN_V BATMAN_ADV_BLA BATMAN_ADV_DAT BATMAN_ADV_MCAST BATMAN_ADV_NC BCACHE BCMA BCMA_HOST_PCI_POSSIBLE BEFS_FS BFQ_CGROUP_DEBUG BFQ_GROUP_IOSCHED BFS_FS BIG_KEYS BLK_CGROUP_PUNT_BIO BLK_CGROUP_RWSTAT BLK_DEBUG_FS_ZONED BLK_DEV_BSGLIB BLK_DEV_INITRD BLK_DEV_INTEGRITY BLK_DEV_INTEGRITY_T10 BLK_DEV_NBD BLK_DEV_NULL_BLK BLK_DEV_NULL_BLK_FAULT_INJECTION BLK_DEV_NVME BLK_DEV_PMEM BLK_DEV_RAM BLK_DEV_RNBD BLK_DEV_RNBD_CLIENT BLK_DEV_THROTTLING BLK_DEV_ZONED BLK_ICQ BLK_INLINE_ENCRYPTION BLK_INLINE_ENCRYPTION_FALLBACK BLK_WBT BLK_WBT_MQ BONDING BOOT_VESA_SUPPORT BPF_EVENTS BPF_JIT BPF_JIT_ALWAYS_ON BPF_JIT_DEFAULT_ON BPF_LSM BPF_PRELOAD BPF_PRELOAD_UMD BPF_STREAM_PARSER BPF_SYSCALL BPQETHER BRIDGE BRIDGE_CFM BRIDGE_EBT_802_3 BRIDGE_EBT_AMONG BRIDGE_EBT_ARP BRIDGE_EBT_ARPREPLY BRIDGE_EBT_BROUTE BRIDGE_EBT_DNAT BRIDGE_EBT_IP BRIDGE_EBT_IP6 BRIDGE_EBT_LIMIT BRIDGE_EBT_LOG BRIDGE_EBT_MARK BRIDGE_EBT_MARK_T BRIDGE_EBT_NFLOG BRIDGE_EBT_PKTTYPE BRIDGE_EBT_REDIRECT BRIDGE_EBT_SNAT BRIDGE_EBT_STP BRIDGE_EBT_T_FILTER BRIDGE_EBT_T_NAT BRIDGE_EBT_VLAN BRIDGE_IGMP_SNOOPING BRIDGE_MRP BRIDGE_NF_EBTABLES BRIDGE_VLAN_FILTERING BSD_DISKLABEL BSD_PROCESS_ACCT_V3 BT BTRFS_ASSERT BTRFS_FS BTRFS_FS_POSIX_ACL BTRFS_FS_REF_VERIFY BTT BT_6LOWPAN BT_ATH3K BT_BCM BT_BNEP BT_BNEP_MC_FILTER BT_BNEP_PROTO_FILTER BT_BREDR BT_CMTP BT_HCIBCM203X BT_HCIBFUSB BT_HCIBPA10X BT_HCIBTUSB BT_HCIBTUSB_BCM BT_HCIBTUSB_MTK BT_HCIBTUSB_POLL_SYNC BT_HCIBTUSB_RTL BT_HCIUART BT_HCIUART_3WIRE BT_HCIUART_AG6XX BT_HCIUART_BCSP BT_HCIUART_H4 BT_HCIUART_LL BT_HCIUART_MRVL BT_HCIUART_QCA BT_HCIUART_SERDEV BT_HCIVHCI BT_HIDP BT_HS BT_INTEL BT_LE BT_LEDS BT_LE_L2CAP_ECRED BT_MSFTEXT BT_MTK BT_QCA BT_RFCOMM BT_RFCOMM_TTY BT_RTL CACHEFILES CAIF CAIF_DEBUG CAIF_DRIVERS CAIF_NETDEV CAIF_TTY CAIF_USB CAIF_VIRTIO CAN CAN_8DEV_USB CAN_BCM CAN_CALC_BITTIMING CAN_DEV CAN_EMS_USB CAN_GS_USB CAN_GW CAN_IFI_CANFD CAN_ISOTP CAN_J1939 CAN_KVASER_USB CAN_MCBA_USB CAN_NETLINK CAN_PEAK_USB CAN_RAW CAN_RX_OFFLOAD CAN_SLCAN CAN_VCAN CAN_VXCAN CAPI_TRACE CARL9170 CARL9170_HWRNG CARL9170_LEDS CARL9170_WPC CEC_CORE CEPH_FS CEPH_FSCACHE CEPH_FS_POSIX_ACL CEPH_LIB CEPH_LIB_USE_DNS_RESOLVER CFG80211 CFG80211_CRDA_SUPPORT CFG80211_DEBUGFS CFG80211_DEFAULT_PS CFG80211_REQUIRE_SIGNED_REGDB CFG80211_USE_KERNEL_REGDB_KEYS CFG80211_WEXT CFS_BANDWIDTH CGROUP_BPF CHARGER_BQ24190 CHARGER_ISP1704 CHR_DEV_ST CIFS CIFS_ALLOW_INSECURE_LEGACY CIFS_DEBUG CIFS_DFS_UPCALL CIFS_FSCACHE CIFS_POSIX CIFS_SMB_DIRECT CIFS_SWN_UPCALL CIFS_UPCALL CIFS_XATTR CLS_U32_MARK CLS_U32_PERF CMA CMA_SIZE_SEL_MBYTES CMDLINE_PARTITION COMEDI COMEDI_DT9812 COMEDI_NI_USB6501 COMEDI_USBDUX COMEDI_USBDUXFAST COMEDI_USBDUXSIGMA COMEDI_USB_DRIVERS COMEDI_VMK80XX COMPAT_NETLINK_MESSAGES COUNTER CRAMFS CRAMFS_BLOCKDEV CRAMFS_MTD CRC4 CRC64_ROCKSOFT CRC7 CRC8 CRC_ITU_T CRC_T10DIF CRYPTO_ADIANTUM CRYPTO_AEGIS128 CRYPTO_AEGIS128_AESNI_SSE2 CRYPTO_AES_NI_INTEL CRYPTO_AES_TI CRYPTO_ANSI_CPRNG CRYPTO_ANUBIS CRYPTO_ARC4 CRYPTO_ARCH_HAVE_LIB_BLAKE2S CRYPTO_ARCH_HAVE_LIB_CHACHA CRYPTO_ARCH_HAVE_LIB_CURVE25519 CRYPTO_ARCH_HAVE_LIB_POLY1305 CRYPTO_ARIA CRYPTO_ARIA_AESNI_AVX_X86_64 CRYPTO_BLAKE2B CRYPTO_BLAKE2S_X86 CRYPTO_BLOWFISH CRYPTO_BLOWFISH_COMMON CRYPTO_BLOWFISH_X86_64 CRYPTO_CAMELLIA CRYPTO_CAMELLIA_AESNI_AVX2_X86_64 CRYPTO_CAMELLIA_AESNI_AVX_X86_64 CRYPTO_CAMELLIA_X86_64 CRYPTO_CAST5 CRYPTO_CAST5_AVX_X86_64 CRYPTO_CAST6 CRYPTO_CAST6_AVX_X86_64 CRYPTO_CAST_COMMON CRYPTO_CFB CRYPTO_CHACHA20POLY1305 CRYPTO_CHACHA20_X86_64 CRYPTO_CRC32 CRYPTO_CRC32C_INTEL CRYPTO_CRC32_PCLMUL CRYPTO_CRC64_ROCKSOFT CRYPTO_CRCT10DIF CRYPTO_CRCT10DIF_PCLMUL CRYPTO_CRYPTD CRYPTO_CTS CRYPTO_CURVE25519 CRYPTO_CURVE25519_X86 CRYPTO_DEFLATE CRYPTO_DES CRYPTO_DES3_EDE_X86_64 CRYPTO_DEV_CCP CRYPTO_DEV_CCP_DD CRYPTO_DEV_PADLOCK CRYPTO_DEV_PADLOCK_AES CRYPTO_DEV_PADLOCK_SHA CRYPTO_DEV_QAT CRYPTO_DEV_QAT_C3XXX CRYPTO_DEV_QAT_C3XXXVF CRYPTO_DEV_QAT_C62X CRYPTO_DEV_QAT_C62XVF CRYPTO_DEV_QAT_DH895xCC CRYPTO_DEV_QAT_DH895xCCVF CRYPTO_DEV_VIRTIO CRYPTO_DH CRYPTO_DRBG_CTR CRYPTO_DRBG_HASH CRYPTO_ECC CRYPTO_ECDH CRYPTO_ECRDSA CRYPTO_ENGINE CRYPTO_ESSIV CRYPTO_FCRYPT CRYPTO_GHASH_CLMUL_NI_INTEL CRYPTO_HCTR2 CRYPTO_KDF800108_CTR CRYPTO_KEYWRAP CRYPTO_KHAZAD CRYPTO_KPP CRYPTO_LIB_ARC4 CRYPTO_LIB_CHACHA CRYPTO_LIB_CHACHA20POLY1305 CRYPTO_LIB_CURVE25519 CRYPTO_LIB_CURVE25519_GENERIC CRYPTO_LIB_DES CRYPTO_LIB_POLY1305 CRYPTO_LRW CRYPTO_MICHAEL_MIC CRYPTO_NHPOLY1305 CRYPTO_NHPOLY1305_AVX2 CRYPTO_NHPOLY1305_SSE2 CRYPTO_OFB CRYPTO_PCBC CRYPTO_PCRYPT CRYPTO_POLY1305_X86_64 CRYPTO_POLYVAL CRYPTO_POLYVAL_CLMUL_NI CRYPTO_RMD160 CRYPTO_SEED CRYPTO_SERPENT CRYPTO_SERPENT_AVX2_X86_64 CRYPTO_SERPENT_AVX_X86_64 CRYPTO_SERPENT_SSE2_X86_64 CRYPTO_SHA1_SSSE3 CRYPTO_SHA256_SSSE3 CRYPTO_SHA512_SSSE3 CRYPTO_SIMD CRYPTO_SM2 CRYPTO_SM3 CRYPTO_SM3_AVX_X86_64 CRYPTO_SM4 CRYPTO_SM4_AESNI_AVX2_X86_64 CRYPTO_SM4_AESNI_AVX_X86_64 CRYPTO_SM4_GENERIC CRYPTO_STREEBOG CRYPTO_TEA CRYPTO_TWOFISH CRYPTO_TWOFISH_AVX_X86_64 CRYPTO_TWOFISH_COMMON CRYPTO_TWOFISH_X86_64 CRYPTO_TWOFISH_X86_64_3WAY CRYPTO_USER CRYPTO_USER_API CRYPTO_USER_API_AEAD CRYPTO_USER_API_ENABLE_OBSOLETE CRYPTO_USER_API_HASH CRYPTO_USER_API_RNG CRYPTO_USER_API_SKCIPHER CRYPTO_VMAC CRYPTO_WP512 CRYPTO_XCBC CRYPTO_XCTR CRYPTO_XTS CRYPTO_XXHASH CUSE CYPRESS_FIRMWARE DAMON DAMON_DBGFS DAMON_PADDR DAMON_RECLAIM DAMON_VADDR DAX DCA DCB DEFAULT_PFIFO_FAST DEVICE_MIGRATION DEVICE_PRIVATE DEV_COREDUMP DEV_DAX DIMLIB DLM DLN2_ADC DMABUF_HEAPS DMABUF_HEAPS_CMA DMABUF_HEAPS_SYSTEM DMABUF_MOVE_NOTIFY DMA_CMA DMA_ENGINE_RAID DM_AUDIT DM_BIO_PRISON DM_BUFIO DM_CACHE DM_CACHE_SMQ DM_CLONE DM_CRYPT DM_FLAKEY DM_INTEGRITY DM_MULTIPATH DM_MULTIPATH_QL DM_MULTIPATH_ST DM_PERSISTENT_DATA DM_RAID DM_SNAPSHOT DM_THIN_PROVISIONING DM_UEVENT DM_VERITY DM_VERITY_FEC DM_WRITECACHE DM_ZONED DRAGONRISE_FF DRM DRM_BOCHS DRM_BUDDY DRM_CIRRUS_QEMU DRM_DEBUG_MM DRM_DISPLAY_DP_HELPER DRM_DISPLAY_HDCP_HELPER DRM_DISPLAY_HDMI_HELPER DRM_DISPLAY_HELPER DVB_CORE ENCRYPTED_KEYS EXTCON FSCACHE FUSE_FS GENEVE GPIOLIB HAMRADIO HAVE_CLK HID_DRAGONRISE HID_SENSOR_HUB HID_SMARTJOYPLUS HID_THRUSTMASTER IIO INFINIBAND INFINIBAND_ADDR_TRANS INFINIBAND_IPOIB INFINIBAND_RTRS_CLIENT INFINIBAND_USER_ACCESS INFINIBAND_VIRT_DMA INPUT_TABLET INPUT_TOUCHSCREEN IOSCHED_BFQ IP_SCTP ISDN ISDN_CAPI L2TP LIBNVDIMM MAC80211 MAC80211_LEDS MEDIA_COMMON_OPTIONS MEDIA_DIGITAL_TV_SUPPORT MEDIA_RADIO_SUPPORT MEDIA_SDR_SUPPORT MEDIA_SUPPORT MEDIA_USB_SUPPORT MEMORY_HOTPLUG MEMORY_HOTREMOVE MFD_DLN2 MFD_RETU MMC MTD MTD_UBI NETFILTER_CONNCOUNT NET_CLS_U32 NET_IPGRE NET_IPGRE_DEMUX NET_SCH_DEFAULT NFS_V4_1 NF_TPROXY_IPV4 NF_TPROXY_IPV6 NILFS2_FS NLMON NLS_CODEPAGE_1250 NLS_CODEPAGE_1251 NLS_CODEPAGE_737 NLS_CODEPAGE_775 NLS_CODEPAGE_850 NLS_CODEPAGE_852 NLS_CODEPAGE_855 NLS_CODEPAGE_857 NLS_CODEPAGE_860 NLS_CODEPAGE_861 NLS_CODEPAGE_862 NLS_CODEPAGE_863 NLS_CODEPAGE_864 NLS_CODEPAGE_865 NLS_CODEPAGE_866 NLS_CODEPAGE_869 NLS_CODEPAGE_874 NLS_CODEPAGE_932 NLS_CODEPAGE_936 NLS_CODEPAGE_949 NLS_CODEPAGE_950 NLS_ISO8859_13 NLS_ISO8859_14 NLS_ISO8859_15 NLS_ISO8859_2 NLS_ISO8859_3 NLS_ISO8859_4 NLS_ISO8859_5 NLS_ISO8859_6 NLS_ISO8859_7 NLS_ISO8859_8 NLS_ISO8859_9 NLS_KOI8_R NLS_KOI8_U NLS_MAC_CELTIC NLS_MAC_CENTEURO NLS_MAC_CROATIAN NLS_MAC_CYRILLIC NLS_MAC_GAELIC NLS_MAC_GREEK NLS_MAC_ICELAND NLS_MAC_INUIT NLS_MAC_ROMAN NLS_MAC_ROMANIAN NLS_MAC_TURKISH NLS_UCS2_UTILS NOP_USB_XCEIV NOZOMI NTFS3_FS NTFS3_FS_POSIX_ACL NTFS3_LZX_XPRESS NTFS_FS NTFS_RW NULL_TTY NUMA_BALANCING NUMA_BALANCING_DEFAULT_ENABLED NUMA_EMU NUMA_KEEP_MEMINFO NVDIMM_DAX NVDIMM_KEYS NVDIMM_PFN NVME_CORE NVME_FABRICS NVME_FC NVME_MULTIPATH NVME_RDMA NVME_TARGET NVME_TARGET_FC NVME_TARGET_FCLOOP NVME_TARGET_LOOP NVME_TARGET_RDMA NVME_TARGET_TCP NVME_TCP N_GSM N_HDLC OCFS2_DEBUG_FS OCFS2_FS OCFS2_FS_O2CB OCFS2_FS_STATS OCFS2_FS_USERSPACE_CLUSTER OF_GPIO OF_PMEM OMFS_FS OPENVSWITCH OPENVSWITCH_GENEVE OPENVSWITCH_GRE OPENVSWITCH_VXLAN ORANGEFS_FS OSF_PARTITION OVERLAY_FS OVERLAY_FS_DEBUG OVERLAY_FS_INDEX OVERLAY_FS_REDIRECT_ALWAYS_FOLLOW OVERLAY_FS_REDIRECT_DIR PACKET_DIAG PADATA PAGE_IDLE_FLAG PAGE_POOL PAGE_REPORTING PAHOLE_HAS_LANG_EXCLUDE PAHOLE_HAS_SPLIT_BTF PARPORT PARPORT_NOT_PC PARTITION_ADVANCED PCCARD PCCARD_NONSTATIC PCIEAER PCI_ENDPOINT PCI_IOV PCMCIA PCMCIA_LOAD_CIS PERCPU_STATS PERSISTENT_KEYRINGS PHONET PHYLINK PHY_CPCAP_USB PHY_QCOM_USB_HS PHY_QCOM_USB_HSIC PHY_SAMSUNG_USB2 PHY_TUSB1210 PKCS7_TEST_KEY PKCS8_PRIVATE_KEY_PARSER PM_CLK PNFS_BLOCK PNFS_FILE_LAYOUT PNFS_FLEXFILE_LAYOUT PPP PPPOATM PPPOE PPPOE_HASH_BITS_4 PPPOL2TP PPP_ASYNC PPP_BSDCOMP PPP_DEFLATE PPP_FILTER PPP_MPPE PPP_MULTILINK PPP_SYNC_TTY PPTP PREEMPT PREEMPT_NOTIFIERS PRISM2_USB PROC_CHILDREN PSI PSTORE PSTORE_COMPRESS QCOM_QMI_HELPERS QNX4FS_FS QNX6FS_FS QRTR QRTR_TUN R8712U RADIO_ADAPTERS RADIO_SHARK RADIO_SHARK2 RADIO_TEA575X RAID_ATTRS RC_ATI_REMOTE RC_CORE RC_DEVICES RDMA_RXE RDMA_SIW RDS RDS_RDMA RDS_TCP READ_ONLY_THP_FOR_FS REALTEK_AUTOPM REED_SOLOMON REED_SOLOMON_DEC8 REGMAP REGMAP_I2C REGMAP_IRQ REGMAP_MMIO REGULATOR REGULATOR_TWL4030 REISERFS_FS REISERFS_FS_POSIX_ACL REISERFS_FS_SECURITY REISERFS_FS_XATTR REISERFS_PROC_INFO RESET_CONTROLLER RFKILL RFKILL_INPUT RFKILL_LEDS RMI4_2D_SENSOR RMI4_CORE RMI4_F03 RMI4_F03_SERIO RMI4_F11 RMI4_F12 RMI4_F30 ROMFS_BACKED_BY_BOTH ROMFS_FS ROMFS_ON_BLOCK ROMFS_ON_MTD ROSE RTC_DRV_HID_SENSOR_TIME RXKAD SCHED_CORE SCSI_FC_ATTRS SCSI_HPSA SCSI_ISCSI_ATTRS SCSI_LOGGING SCSI_NETLINK SCSI_SAS_ATA SCSI_SAS_ATTRS SCSI_SAS_LIBSAS SCSI_SCAN_ASYNC SCSI_SRP_ATTRS SCTP_COOKIE_HMAC_MD5 SCTP_COOKIE_HMAC_SHA1 SCTP_DEFAULT_COOKIE_HMAC_MD5 SECONDARY_TRUSTED_KEYRING SECURITY_INFINIBAND SECURITY_NETWORK_XFRM SERIAL_DEV_BUS SERIAL_DEV_CTRL_TTYPORT SERIAL_MCTRL_GPIO SGI_PARTITION SIGNATURE SIGNED_PE_FILE_VERIFICATION SLHC SLIP SLIP_COMPRESSED SLIP_MODE_SLIP6 SLIP_SMART SMARTJOYPLUS_FF SMBFS SMC SMC_DIAG SMSC_PHY SMS_SIANO_MDTV SMS_SIANO_RC SMS_USB_DRV SND SND_ALOOP SND_BCD2000 SND_CTL_FAST_LOOKUP SND_CTL_LED SND_DEBUG SND_DMA_SGBUF SND_DRIVERS SND_DUMMY SND_DYNAMIC_MINORS SND_HDA SND_HDA_CODEC_ANALOG SND_HDA_CODEC_CA0110 SND_HDA_CODEC_CA0132 SND_HDA_CODEC_CIRRUS SND_HDA_CODEC_CMEDIA SND_HDA_CODEC_CONEXANT SND_HDA_CODEC_HDMI SND_HDA_CODEC_REALTEK SND_HDA_CODEC_SI3054 SND_HDA_CODEC_SIGMATEL SND_HDA_CODEC_VIA SND_HDA_COMPONENT SND_HDA_CORE SND_HDA_GENERIC SND_HDA_GENERIC_LEDS SND_HDA_HWDEP SND_HDA_I915 SND_HDA_INPUT_BEEP SND_HDA_INTEL SND_HDA_PATCH_LOADER SND_HDA_RECONFIG SND_HRTIMER SND_HWDEP SND_INTEL_DSP_CONFIG SND_INTEL_NHLT SND_INTEL_SOUNDWIRE_ACPI SND_JACK SND_JACK_INPUT_DEV SND_MIXER_OSS SND_OSSEMUL SND_PCI SND_PCM SND_PCMCIA SND_PCM_OSS SND_PCM_OSS_PLUGINS SND_PCM_TIMER SND_PCM_XRUN_DEBUG SND_PROC_FS SND_RAWMIDI SND_SEQUENCER SND_SEQUENCER_OSS SND_SEQ_DEVICE SND_SEQ_DUMMY SND_SEQ_HRTIMER_DEFAULT SND_SEQ_MIDI SND_SEQ_MIDI_EVENT SND_SEQ_VIRMIDI SND_SUPPORT_OLD_API SND_TIMER SND_USB SND_USB_6FIRE SND_USB_AUDIO SND_USB_AUDIO_USE_MEDIA_CONTROLLER SND_USB_CAIAQ SND_USB_CAIAQ_INPUT SND_USB_HIFACE SND_USB_LINE6 SND_USB_POD SND_USB_PODHD SND_USB_TONEPORT SND_USB_UA101 SND_USB_US122L SND_USB_USX2Y SND_USB_VARIAX SND_VERBOSE_PROCFS SND_VIRMIDI SND_VIRTIO SND_VMASTER SND_X86 SOCK_VALIDATE_XMIT SOLARIS_X86_PARTITION SONY_FF SOUND SOUND_OSS_CORE SOUND_OSS_CORE_PRECLAIM SPI SPI_DLN2 SPI_DYNAMIC SPI_MASTER SQUASHFS SQUASHFS_4K_DEVBLK_SIZE SQUASHFS_COMPILE_DECOMP_SINGLE SQUASHFS_DECOMP_SINGLE SQUASHFS_FILE_DIRECT SQUASHFS_LZ4 SQUASHFS_LZO SQUASHFS_XATTR SQUASHFS_XZ SQUASHFS_ZLIB SQUASHFS_ZSTD SSB SSB_PCIHOST_POSSIBLE SSB_PCMCIAHOST_POSSIBLE SSB_SDIOHOST_POSSIBLE STAGING STP STREAM_PARSER SUNRPC_BACKCHANNEL SUN_PARTITION SW_SYNC SYSFB SYSV68_PARTITION SYSV_FS TABLET_USB_ACECAD TABLET_USB_AIPTEK TABLET_USB_HANWANG TABLET_USB_KBTAB TABLET_USB_PEGASUS TAHVO_USB TAHVO_USB_HOST_BY_DEFAULT TASKS_TRACE_RCU TCG_CRB TCG_TIS TCG_TIS_CORE TCG_TPM TCP_CONG_BBR TCP_CONG_BIC TCP_CONG_CDG TCP_CONG_DCTCP TCP_CONG_HSTCP TCP_CONG_HTCP TCP_CONG_HYBLA TCP_CONG_ILLINOIS TCP_CONG_LP TCP_CONG_NV TCP_CONG_SCALABLE TCP_CONG_VEGAS TCP_CONG_VENO TCP_CONG_WESTWOOD TCP_CONG_YEAH TCP_SIGPOOL TEXTSEARCH TEXTSEARCH_BM TEXTSEARCH_FSM TEXTSEARCH_KMP THERMAL_NETLINK THP_SWAP THRUSTMASTER_FF TIPC TIPC_CRYPTO TIPC_DIAG TIPC_MEDIA_IB TIPC_MEDIA_UDP TLS TLS_DEVICE TLS_TOE TMPFS_QUOTA TOUCHSCREEN_SUR40 TOUCHSCREEN_USB_3M TOUCHSCREEN_USB_COMPOSITE TOUCHSCREEN_USB_DMC_TSC10 TOUCHSCREEN_USB_E2I TOUCHSCREEN_USB_EASYTOUCH TOUCHSCREEN_USB_EGALAX TOUCHSCREEN_USB_ELO TOUCHSCREEN_USB_ETT_TC45USB TOUCHSCREEN_USB_ETURBO TOUCHSCREEN_USB_GENERAL_TOUCH TOUCHSCREEN_USB_GOTOP TOUCHSCREEN_USB_GUNZE TOUCHSCREEN_USB_IDEALTEK TOUCHSCREEN_USB_IRTOUCH TOUCHSCREEN_USB_ITM TOUCHSCREEN_USB_JASTEC TOUCHSCREEN_USB_NEXIO TOUCHSCREEN_USB_PANJIT TOUCHSCREEN_USB_ZYTRONIC TRANSPARENT_HUGEPAGE TRANSPARENT_HUGEPAGE_MADVISE TRUSTED_KEYS TTPCI_EEPROM TTY_PRINTK TUN_VNET_CROSS_LE TWL4030_CORE TYPEC TYPEC_FUSB302 TYPEC_TCPCI TYPEC_TCPM TYPEC_TPS6598X TYPEC_UCSI UBIFS_ATIME_SUPPORT UBIFS_FS UBIFS_FS_ADVANCED_COMPR UBIFS_FS_LZO UBIFS_FS_SECURITY UBIFS_FS_XATTR UBIFS_FS_ZLIB UBIFS_FS_ZSTD UCSI_ACPI UDF_FS UDMABUF UFS_FS UFS_FS_WRITE UHID ULTRIX_PARTITION UNICODE UNIXWARE_DISKLABEL UNIX_DIAG USB4 USB4_NET USBIP_CORE USBIP_HOST USBIP_VHCI_HCD USBIP_VUDC USBPCWATCHDOG USB_ACM USB_ADUTUX USB_AIRSPY USB_ALI_M5632 USB_AN2720 USB_APPLEDISPLAY USB_ARMLINUX USB_BDC_UDC USB_BELKIN USB_C67X00_HCD USB_CATC USB_CDC_PHONET USB_CHAOSKEY USB_CHIPIDEA USB_CHIPIDEA_HOST USB_CHIPIDEA_NPCM USB_CHIPIDEA_PCI USB_CHIPIDEA_UDC USB_CONFIGFS USB_CONFIGFS_ACM USB_CONFIGFS_ECM USB_CONFIGFS_ECM_SUBSET USB_CONFIGFS_EEM USB_CONFIGFS_F_FS USB_DWC2 USB_GADGET USB_MUSB_HDRC USB_NET_CDC_SUBSET USB_PHY USB_ROLE_SWITCH USB_STORAGE_REALTEK USB_ULPI_BUS USB_USBNET VIDEO_DEV VLAN_8021Q VXLAN WANT_COMPAT_NETLINK_MESSAGES WEXT_CORE WIRELESS WIRELESS_EXT WLAN WLAN_VENDOR_ATH X86_X32_ABI ZONE_DEVICE] picked [v6.6 v6.5 v6.4 v6.2 v6.0 v5.18 v5.16 v5.14 v5.11 v5.8 v5.5 v5.2 v4.20 v4.19] out of 29 release tags testing release v6.6 testing commit ffc253263a1375a65fa6c9f62a893e9767fbebfa gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 0f7f37d146cffdb4df3863504ebecb34c319c2c9465983b61013b471920d5ded all runs: OK false negative chance: 0.000 # git bisect start 90b0c2b2edd1adff742c621e246562fbefa11b70 ffc253263a1375a65fa6c9f62a893e9767fbebfa Bisecting: 7317 revisions left to test after this (roughly 13 steps) [8bc9e6515183935fa0cccaf67455c439afe4982b] Merge tag 'devicetree-for-6.7' of git://git.kernel.org/pub/scm/linux/kernel/git/robh/linux testing commit 8bc9e6515183935fa0cccaf67455c439afe4982b gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 04ab8b61d8f87e5752f4c8a4705a104edf5251a01975a72f2a9745e39d395aa3 run #0: crashed: KASAN: slab-use-after-free Read in btrfs_qgroup_account_extent run #1: crashed: KASAN: slab-use-after-free Read in btrfs_qgroup_account_extent run #2: crashed: KASAN: slab-use-after-free Read in btrfs_qgroup_account_extent run #3: crashed: KASAN: slab-use-after-free Read in btrfs_qgroup_account_extent run #4: crashed: KASAN: slab-use-after-free Read in btrfs_qgroup_account_extent run #5: crashed: KASAN: slab-use-after-free Read in btrfs_qgroup_account_extent run #6: crashed: KASAN: slab-use-after-free Read in btrfs_qgroup_account_extent run #7: crashed: KASAN: slab-use-after-free Read in btrfs_qgroup_account_extent run #8: crashed: KASAN: slab-use-after-free Read in btrfs_qgroup_account_extent run #9: crashed: KASAN: slab-use-after-free Read in btrfs_qgroup_account_extent run #10: OK run #11: OK run #12: OK run #13: OK run #14: OK run #15: OK run #16: OK run #17: OK run #18: OK run #19: OK representative crash: KASAN: slab-use-after-free Read in btrfs_qgroup_account_extent, types: [KASAN] # git bisect bad 8bc9e6515183935fa0cccaf67455c439afe4982b Bisecting: 3443 revisions left to test after this (roughly 12 steps) [3cf3fabccb9dc821ffaec3ad6bf0cd6b278bd012] Merge tag 'locking-core-2023-10-28' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip testing commit 3cf3fabccb9dc821ffaec3ad6bf0cd6b278bd012 gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: a011502a98e6851ce7019fb292132a4427096062aa326cd685e773a70cb8e5f5 run #0: crashed: KASAN: slab-use-after-free Read in btrfs_qgroup_account_extent run #1: crashed: KASAN: slab-use-after-free Read in btrfs_qgroup_account_extent run #2: crashed: KASAN: slab-use-after-free Read in btrfs_qgroup_account_extent run #3: crashed: KASAN: slab-use-after-free Read in btrfs_qgroup_account_extent run #4: crashed: KASAN: slab-use-after-free Read in btrfs_qgroup_account_extent run #5: crashed: KASAN: slab-use-after-free Read in btrfs_qgroup_account_extent run #6: crashed: KASAN: slab-use-after-free Read in btrfs_qgroup_account_extent run #7: crashed: KASAN: slab-use-after-free Read in btrfs_qgroup_account_extent run #8: crashed: KASAN: slab-use-after-free Read in btrfs_qgroup_account_extent run #9: OK run #10: OK run #11: OK run #12: OK run #13: OK run #14: OK run #15: OK run #16: OK run #17: OK run #18: OK run #19: OK representative crash: KASAN: slab-use-after-free Read in btrfs_qgroup_account_extent, types: [KASAN] # git bisect bad 3cf3fabccb9dc821ffaec3ad6bf0cd6b278bd012 Bisecting: 1690 revisions left to test after this (roughly 11 steps) [fbec3b8800ac8244ce751d0ba5b83d94ee48fc76] bcachefs: Kill JOURNAL_NEED_WRITE testing commit fbec3b8800ac8244ce751d0ba5b83d94ee48fc76 gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 4c8ffd63143bc1082584b35fa3d0165b6aa551361aa5c5b8866d46ad030c1e1d all runs: OK false negative chance: 0.000 # git bisect good fbec3b8800ac8244ce751d0ba5b83d94ee48fc76 Bisecting: 845 revisions left to test after this (roughly 10 steps) [75da97640a75878cd197f6dd9c50b46cac6cb9a8] bcachefs: fsck needs BTREE_UPDATE_INTERNAL_SNAPSHOT_NODE testing commit 75da97640a75878cd197f6dd9c50b46cac6cb9a8 gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 9f35b0112f54f9eac1a9c84e2fe42600e48c324495e562efeb844ceb326f8d39 all runs: OK false negative chance: 0.000 # git bisect good 75da97640a75878cd197f6dd9c50b46cac6cb9a8 Bisecting: 345 revisions left to test after this (roughly 9 steps) [d5acbc60fafbe0fc94c552ce916dd592cd4c6371] Merge tag 'for-6.7-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux testing commit d5acbc60fafbe0fc94c552ce916dd592cd4c6371 gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 248f33e1996b8cef116eed6be0c0817d413bd385111889d8db432ca902685b1d run #0: crashed: KASAN: slab-use-after-free Read in btrfs_qgroup_account_extent run #1: crashed: KASAN: slab-use-after-free Read in btrfs_qgroup_account_extent run #2: crashed: KASAN: slab-use-after-free Read in btrfs_qgroup_account_extent run #3: crashed: KASAN: slab-use-after-free Read in btrfs_qgroup_account_extent run #4: crashed: KASAN: slab-use-after-free Read in btrfs_qgroup_account_extent run #5: crashed: KASAN: slab-use-after-free Read in btrfs_qgroup_account_extent run #6: crashed: KASAN: slab-use-after-free Read in btrfs_qgroup_account_extent run #7: crashed: KASAN: slab-use-after-free Read in btrfs_qgroup_account_extent run #8: crashed: BUG: MAX_LOCKDEP_KEYS too low! run #9: crashed: KASAN: slab-use-after-free Read in btrfs_qgroup_account_extent run #10: crashed: KASAN: slab-use-after-free Read in btrfs_qgroup_account_extent run #11: crashed: BUG: MAX_LOCKDEP_KEYS too low! run #12: OK run #13: OK run #14: OK run #15: OK run #16: OK run #17: OK run #18: OK run #19: OK representative crash: KASAN: slab-use-after-free Read in btrfs_qgroup_account_extent, types: [KASAN] # git bisect bad d5acbc60fafbe0fc94c552ce916dd592cd4c6371 Bisecting: 292 revisions left to test after this (roughly 8 steps) [14ab6d425e80674b6a0145f05719b11e82e64824] Merge tag 'vfs-6.7.ctime' of gitolite.kernel.org:pub/scm/linux/kernel/git/vfs/vfs testing commit 14ab6d425e80674b6a0145f05719b11e82e64824 gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: b6e9962229f6c0d2daf05fa6da255fa10b55c369a934b068381e338bd8212d87 all runs: OK false negative chance: 0.000 # git bisect good 14ab6d425e80674b6a0145f05719b11e82e64824 Bisecting: 146 revisions left to test after this (roughly 7 steps) [0124855ff18b9bdfe6aec87f7b29d3fdc6f575db] btrfs: add and use helpers for reading and writing last_trans_committed testing commit 0124855ff18b9bdfe6aec87f7b29d3fdc6f575db gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 573c93ec704a158debffc7851a1fe81a3aa425d3a4674392edfefce8806498b3 run #0: crashed: KASAN: slab-use-after-free Read in btrfs_qgroup_account_extent run #1: crashed: KASAN: slab-use-after-free Read in btrfs_qgroup_account_extent run #2: crashed: KASAN: slab-use-after-free Read in btrfs_qgroup_account_extent run #3: crashed: KASAN: slab-use-after-free Read in btrfs_qgroup_account_extent run #4: crashed: KASAN: slab-use-after-free Read in btrfs_qgroup_account_extent run #5: crashed: KASAN: slab-use-after-free Read in btrfs_qgroup_account_extent run #6: OK run #7: OK run #8: OK run #9: OK run #10: OK run #11: OK run #12: OK run #13: OK run #14: OK run #15: OK run #16: OK run #17: OK run #18: OK run #19: OK representative crash: KASAN: slab-use-after-free Read in btrfs_qgroup_account_extent, types: [KASAN] # git bisect bad 0124855ff18b9bdfe6aec87f7b29d3fdc6f575db Bisecting: 72 revisions left to test after this (roughly 6 steps) [ca41504efda646d9c4b00c37be52f5ba07cebebf] btrfs: delete stripe extent on extent deletion testing commit ca41504efda646d9c4b00c37be52f5ba07cebebf gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: c5e1376f6d85e85e1dc59934d22e95e5b505c1d80a61b8c245545ba9617adcd7 run #0: crashed: KASAN: slab-use-after-free Read in btrfs_qgroup_account_extent run #1: crashed: KASAN: slab-use-after-free Read in btrfs_qgroup_account_extent run #2: crashed: KASAN: slab-use-after-free Read in btrfs_qgroup_account_extent run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK run #10: OK run #11: OK run #12: OK run #13: OK run #14: OK run #15: OK run #16: OK run #17: OK run #18: OK run #19: OK representative crash: KASAN: slab-use-after-free Read in btrfs_qgroup_account_extent, types: [KASAN] # git bisect bad ca41504efda646d9c4b00c37be52f5ba07cebebf Bisecting: 36 revisions left to test after this (roughly 5 steps) [af32d3632e7d2031f6581fe6297d39cdb6255893] btrfs: check-integrity: remove btrfsic_mount() function testing commit af32d3632e7d2031f6581fe6297d39cdb6255893 gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: d951571a4d5b35a4a3111698f3fe67e995e123956d25b0b45398c50864db1577 run #0: crashed: KASAN: slab-use-after-free Read in btrfs_qgroup_account_extent run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK run #10: OK run #11: OK run #12: OK run #13: OK run #14: OK run #15: OK run #16: OK run #17: OK run #18: OK run #19: OK representative crash: KASAN: slab-use-after-free Read in btrfs_qgroup_account_extent, types: [KASAN] # git bisect bad af32d3632e7d2031f6581fe6297d39cdb6255893 Bisecting: 17 revisions left to test after this (roughly 4 steps) [a0bdc04b073233b2fbd3c3ab039e74c617566d6c] btrfs: qgroup: use qgroup_iterator in __qgroup_excl_accounting() testing commit a0bdc04b073233b2fbd3c3ab039e74c617566d6c gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: eca9317ce00607e90185cb8e8e4ee37192c19fe1736124747a56f7fec07c542c all runs: OK false negative chance: 0.039 # git bisect good a0bdc04b073233b2fbd3c3ab039e74c617566d6c Bisecting: 8 revisions left to test after this (roughly 3 steps) [203f6a8772fc631a946525decb5df6d98da3730d] btrfs: drop __must_check annotations testing commit 203f6a8772fc631a946525decb5df6d98da3730d gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 2f2840df1bcdaf7e472436a9530a7fd85a16998eb7e346a369634b64850e4a64 run #0: crashed: KASAN: slab-use-after-free Read in btrfs_qgroup_account_extent run #1: crashed: KASAN: slab-use-after-free Read in btrfs_qgroup_account_extent run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK run #10: OK run #11: OK run #12: OK run #13: OK run #14: OK run #15: OK run #16: OK run #17: OK run #18: OK run #19: OK representative crash: KASAN: slab-use-after-free Read in btrfs_qgroup_account_extent, types: [KASAN] # git bisect bad 203f6a8772fc631a946525decb5df6d98da3730d Bisecting: 4 revisions left to test after this (roughly 2 steps) [79ace7b807281ed4c9c4a847ef9bce71a4f5fa97] btrfs: qgroup: prealloc btrfs_qgroup_list for __add_relation_rb() testing commit 79ace7b807281ed4c9c4a847ef9bce71a4f5fa97 gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: f2e19cf83de240a5d325da2facc3dffd0ca81af44793295af109bf9c70ee9b37 run #0: crashed: KASAN: slab-use-after-free Read in btrfs_qgroup_account_extent run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK run #10: OK run #11: OK run #12: OK run #13: OK run #14: OK run #15: OK run #16: OK run #17: OK run #18: OK run #19: OK representative crash: KASAN: slab-use-after-free Read in btrfs_qgroup_account_extent, types: [KASAN] # git bisect bad 79ace7b807281ed4c9c4a847ef9bce71a4f5fa97 Bisecting: 1 revision left to test after this (roughly 1 step) [dce28769a33a95425b007f00842d6e12ffa28f83] btrfs: qgroup: use qgroup_iterator_nested to in qgroup_update_refcnt() testing commit dce28769a33a95425b007f00842d6e12ffa28f83 gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 63b7008a2f5aa62d4195ab8c8714883e6c482d1b7198e16907e7643bc9116d9c run #0: crashed: KASAN: slab-use-after-free Read in btrfs_qgroup_account_extent run #1: crashed: KASAN: slab-use-after-free Read in btrfs_qgroup_account_extent run #2: crashed: KASAN: slab-use-after-free Read in btrfs_qgroup_account_extent run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK run #10: OK run #11: OK run #12: OK run #13: OK run #14: OK run #15: OK run #16: OK run #17: OK run #18: OK run #19: OK representative crash: KASAN: slab-use-after-free Read in btrfs_qgroup_account_extent, types: [KASAN] # git bisect bad dce28769a33a95425b007f00842d6e12ffa28f83 Bisecting: 0 revisions left to test after this (roughly 0 steps) [a4a81383fbf8c4e17ea6bbc7f005be98f5ece61b] btrfs: qgroup: use qgroup_iterator to replace tmp ulist in qgroup_update_refcnt() testing commit a4a81383fbf8c4e17ea6bbc7f005be98f5ece61b gcc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: c05c262129852fe01979ed8c72c03c325d5c3e14c2b4d754b4ae9b207481a273 all runs: OK false negative chance: 0.160 # git bisect good a4a81383fbf8c4e17ea6bbc7f005be98f5ece61b dce28769a33a95425b007f00842d6e12ffa28f83 is the first bad commit commit dce28769a33a95425b007f00842d6e12ffa28f83 Author: Qu Wenruo Date: Sat Sep 2 08:13:57 2023 +0800 btrfs: qgroup: use qgroup_iterator_nested to in qgroup_update_refcnt() The ulist @qgroups is utilized to record all involved qgroups from both old and new roots inside btrfs_qgroup_account_extent(). Due to the fact that qgroup_update_refcnt() itself is already utilizing qgroup_iterator, here we have to introduce another list_head, btrfs_qgroup::nested_iterator, allowing nested iteration. Signed-off-by: Qu Wenruo Reviewed-by: David Sterba Signed-off-by: David Sterba fs/btrfs/qgroup.c | 77 +++++++++++++++++++++++++------------------------------ fs/btrfs/qgroup.h | 18 +++++++++++++ 2 files changed, 53 insertions(+), 42 deletions(-) accumulated error probability: 0.19 culprit signature: 63b7008a2f5aa62d4195ab8c8714883e6c482d1b7198e16907e7643bc9116d9c parent signature: c05c262129852fe01979ed8c72c03c325d5c3e14c2b4d754b4ae9b207481a273 reproducer is flaky (0.09 repro chance estimate) revisions tested: 22, total time: 7h48m42.585533496s (build: 2h54m27.601753138s, test: 4h23m41.040869928s) first bad commit: dce28769a33a95425b007f00842d6e12ffa28f83 btrfs: qgroup: use qgroup_iterator_nested to in qgroup_update_refcnt() recipients (to): ["clm@fb.com" "dsterba@suse.com" "dsterba@suse.com" "josef@toxicpanda.com" "linux-btrfs@vger.kernel.org" "wqu@suse.com"] recipients (cc): ["linux-kernel@vger.kernel.org"] crash: KASAN: slab-use-after-free Read in btrfs_qgroup_account_extent ================================================================== BUG: KASAN: slab-use-after-free in __list_del_entry_valid_or_report+0x13e/0x1b0 lib/list_debug.c:49 Read of size 8 at addr ffff888017a644b0 by task kworker/u4:7/1246 CPU: 0 PID: 1246 Comm: kworker/u4:7 Not tainted 6.6.0-rc5-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/09/2023 Workqueue: btrfs-qgroup-rescan btrfs_work_helper Call Trace: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x5c/0xb0 lib/dump_stack.c:106 print_address_description mm/kasan/report.c:364 [inline] print_report+0xc4/0x620 mm/kasan/report.c:475 kasan_report+0xda/0x110 mm/kasan/report.c:588 __list_del_entry_valid_or_report+0x13e/0x1b0 lib/list_debug.c:49 __list_del_entry_valid include/linux/list.h:124 [inline] __list_del_entry include/linux/list.h:215 [inline] list_del_init include/linux/list.h:287 [inline] qgroup_iterator_nested_clean fs/btrfs/qgroup.c:2435 [inline] btrfs_qgroup_account_extent+0x61b/0xdd0 fs/btrfs/qgroup.c:2695 qgroup_rescan_leaf+0x59e/0xbd0 fs/btrfs/qgroup.c:3271 btrfs_qgroup_rescan_worker+0x4a0/0x850 fs/btrfs/qgroup.c:3324 btrfs_work_helper+0x1bb/0x9f0 fs/btrfs/async-thread.c:315 process_one_work+0x789/0x12a0 kernel/workqueue.c:2630 process_scheduled_works kernel/workqueue.c:2703 [inline] worker_thread+0x6fb/0x1170 kernel/workqueue.c:2784 kthread+0x2ed/0x3d0 kernel/kthread.c:388 ret_from_fork+0x2c/0x70 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:304 Allocated by task 13299: kasan_save_stack+0x33/0x50 mm/kasan/common.c:45 kasan_set_track+0x25/0x30 mm/kasan/common.c:52 ____kasan_kmalloc mm/kasan/common.c:374 [inline] __kasan_kmalloc+0xa2/0xb0 mm/kasan/common.c:383 kmalloc include/linux/slab.h:599 [inline] kzalloc include/linux/slab.h:720 [inline] add_qgroup_rb+0xd4/0x460 fs/btrfs/qgroup.c:203 btrfs_quota_enable+0x89a/0x16f0 fs/btrfs/qgroup.c:1149 btrfs_ioctl_quota_ctl fs/btrfs/ioctl.c:3700 [inline] btrfs_ioctl+0x42a3/0x5870 fs/btrfs/ioctl.c:4663 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:871 [inline] __se_sys_ioctl fs/ioctl.c:857 [inline] __x64_sys_ioctl+0x12b/0x1a0 fs/ioctl.c:857 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x38/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd Freed by task 13299: kasan_save_stack+0x33/0x50 mm/kasan/common.c:45 kasan_set_track+0x25/0x30 mm/kasan/common.c:52 kasan_save_free_info+0x2b/0x40 mm/kasan/generic.c:522 ____kasan_slab_free mm/kasan/common.c:236 [inline] ____kasan_slab_free+0x15b/0x1b0 mm/kasan/common.c:200 kasan_slab_free include/linux/kasan.h:164 [inline] slab_free_hook mm/slub.c:1800 [inline] slab_free_freelist_hook+0x114/0x1e0 mm/slub.c:1826 slab_free mm/slub.c:3809 [inline] __kmem_cache_free+0xb8/0x2f0 mm/slub.c:3822 btrfs_remove_qgroup+0x43a/0x680 fs/btrfs/qgroup.c:1664 btrfs_ioctl_qgroup_create fs/btrfs/ioctl.c:3806 [inline] btrfs_ioctl+0x4637/0x5870 fs/btrfs/ioctl.c:4667 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:871 [inline] __se_sys_ioctl fs/ioctl.c:857 [inline] __x64_sys_ioctl+0x12b/0x1a0 fs/ioctl.c:857 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x38/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd Last potentially related work creation: kasan_save_stack+0x33/0x50 mm/kasan/common.c:45 __kasan_record_aux_stack+0xbc/0xd0 mm/kasan/generic.c:492 __call_rcu_common.constprop.0+0x9a/0x790 kernel/rcu/tree.c:2653 kthread_worker_fn+0x289/0x8b0 kernel/kthread.c:823 kthread+0x2ed/0x3d0 kernel/kthread.c:388 ret_from_fork+0x2c/0x70 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:304 Second to last potentially related work creation: kasan_save_stack+0x33/0x50 mm/kasan/common.c:45 __kasan_record_aux_stack+0xbc/0xd0 mm/kasan/generic.c:492 __call_rcu_common.constprop.0+0x9a/0x790 kernel/rcu/tree.c:2653 kthread_worker_fn+0x289/0x8b0 kernel/kthread.c:823 kthread+0x2ed/0x3d0 kernel/kthread.c:388 ret_from_fork+0x2c/0x70 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:304 The buggy address belongs to the object at ffff888017a64400 which belongs to the cache kmalloc-512 of size 512 The buggy address is located 176 bytes inside of freed 512-byte region [ffff888017a64400, ffff888017a64600) The buggy address belongs to the physical page: page:ffffea00005e9900 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x17a64 head:ffffea00005e9900 order:2 entire_mapcount:0 nr_pages_mapped:0 pincount:0 flags: 0xfff00000000840(slab|head|node=0|zone=1|lastcpupid=0x7ff) page_type: 0xffffffff() raw: 00fff00000000840 ffff88800d441c80 ffffea0001ec7100 dead000000000002 raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 page dumped because: kasan: bad access detected page_owner tracks the page as allocated page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 814, tgid 814 (kworker/u4:4), ts 2883418540, free_ts 0 set_page_owner include/linux/page_owner.h:31 [inline] post_alloc_hook+0x2cf/0x340 mm/page_alloc.c:1536 prep_new_page mm/page_alloc.c:1543 [inline] get_page_from_freelist+0xee0/0x2f10 mm/page_alloc.c:3170 __alloc_pages+0x1d0/0x4a0 mm/page_alloc.c:4426 alloc_slab_page mm/slub.c:1870 [inline] allocate_slab+0x251/0x380 mm/slub.c:2017 new_slab mm/slub.c:2070 [inline] ___slab_alloc+0x8c7/0x1580 mm/slub.c:3223 __slab_alloc.constprop.0+0x56/0xa0 mm/slub.c:3322 __slab_alloc_node mm/slub.c:3375 [inline] slab_alloc_node mm/slub.c:3468 [inline] __kmem_cache_alloc_node+0x131/0x340 mm/slub.c:3517 kmalloc_trace+0x25/0xe0 mm/slab_common.c:1114 kmalloc include/linux/slab.h:599 [inline] kzalloc include/linux/slab.h:720 [inline] alloc_bprm+0x4c/0x9e0 fs/exec.c:1514 kernel_execve+0x83/0x450 fs/exec.c:1989 call_usermodehelper_exec_async+0x232/0x440 kernel/umh.c:110 ret_from_fork+0x2c/0x70 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:304 page_owner free stack trace missing Memory state around the buggy address: ffff888017a64380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ffff888017a64400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb >ffff888017a64480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ^ ffff888017a64500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ffff888017a64580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ==================================================================