ci starts bisection 2024-12-07 03:07:59.103582891 +0000 UTC m=+46202.103838961 bisecting cause commit starting from af2ea8ab7a546b430726183458da0a173d331272 building syzkaller on 6e50d07bee3b03370f797eaf024fa41ce74da61b fetch other tags and check if the commit is present ensuring issue is reproducible on original commit af2ea8ab7a546b430726183458da0a173d331272 testing commit af2ea8ab7a546b430726183458da0a173d331272 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 4c0eb9dd13c99c91926a5720cf85b7fb21b515ca0520383fecb02c955b7da0cb run #0: crashed: KASAN: slab-use-after-free Read in move_pages_pte run #1: crashed: KASAN: slab-use-after-free Read in move_pages_pte run #2: crashed: WARNING in move_pages_pte run #3: crashed: KASAN: slab-use-after-free Read in move_pages_pte run #4: crashed: KASAN: slab-use-after-free Read in move_pages_pte run #5: crashed: KASAN: slab-use-after-free Read in move_pages_pte run #6: crashed: KASAN: slab-use-after-free Read in move_pages_pte run #7: crashed: WARNING in move_pages_pte run #8: crashed: KASAN: slab-use-after-free Read in move_pages_pte run #9: crashed: KASAN: slab-use-after-free Read in move_pages_pte run #10: crashed: KASAN: slab-use-after-free Read in move_pages_pte run #11: crashed: KASAN: slab-use-after-free Read in move_pages_pte run #12: crashed: KASAN: slab-use-after-free Read in move_pages_pte run #13: crashed: KASAN: slab-use-after-free Read in move_pages_pte run #14: crashed: KASAN: slab-use-after-free Read in move_pages_pte run #15: crashed: KASAN: slab-use-after-free Read in move_pages_pte run #16: crashed: KASAN: slab-use-after-free Read in move_pages_pte run #17: crashed: KASAN: slab-use-after-free Read in move_pages_pte run #18: crashed: KASAN: slab-use-after-free Read in move_pages_pte run #19: crashed: KASAN: slab-use-after-free Write in move_pages_pte representative crash: KASAN: slab-use-after-free Read in move_pages_pte, types: [KASAN] check whether we can drop unnecessary instrumentation disabling configs for [ATOMIC_SLEEP HANG LEAK UBSAN BUG LOCKDEP], they are not needed testing commit af2ea8ab7a546b430726183458da0a173d331272 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 655a3c46e89e6548ae389cfee939d5c687020c692cea2aad89d1a083374b104d run #0: crashed: KASAN: slab-use-after-free Read in move_pages_pte run #1: crashed: KASAN: slab-use-after-free Read in move_pages_pte run #2: crashed: KASAN: slab-use-after-free Read in move_pages_pte run #3: crashed: KASAN: slab-use-after-free Read in move_pages_pte run #4: crashed: KASAN: slab-use-after-free Read in move_pages_pte run #5: crashed: KASAN: slab-use-after-free Read in move_pages_pte run #6: crashed: KASAN: slab-use-after-free Read in move_pages_pte run #7: crashed: KASAN: slab-use-after-free Read in move_pages_pte run #8: crashed: KASAN: slab-use-after-free Write in move_pages_pte run #9: crashed: KASAN: slab-use-after-free Read in move_pages_pte representative crash: KASAN: slab-use-after-free Read in move_pages_pte, types: [KASAN] the bug reproduces without the instrumentation disabling configs for [LEAK UBSAN BUG LOCKDEP ATOMIC_SLEEP HANG], they are not needed kconfig minimization: base=4045 full=8250 leaves diff=2128 split chunks (needed=false): <2128> split chunk #0 of len 2128 into 5 parts testing without sub-chunk 1/5 disabling configs for [HANG LEAK UBSAN BUG LOCKDEP ATOMIC_SLEEP], they are not needed testing commit af2ea8ab7a546b430726183458da0a173d331272 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: de0df8699f5e08831507bb6a2688a6d4ee1f984d6c715332466b5870d300b019 run #0: crashed: KASAN: slab-use-after-free Read in move_pages_pte run #1: crashed: KASAN: slab-use-after-free Read in move_pages_pte run #2: crashed: KASAN: slab-use-after-free Read in move_pages_pte run #3: crashed: KASAN: slab-use-after-free Read in move_pages_pte run #4: crashed: KASAN: slab-use-after-free Read in move_pages_pte run #5: crashed: KASAN: slab-use-after-free Read in move_pages_pte run #6: crashed: KASAN: slab-use-after-free Write in move_pages_pte run #7: crashed: KASAN: slab-use-after-free Read in move_pages_pte run #8: crashed: KASAN: slab-use-after-free Read in move_pages_pte run #9: crashed: KASAN: slab-use-after-free Read in move_pages_pte representative crash: KASAN: slab-use-after-free Read in move_pages_pte, types: [KASAN] the chunk can be dropped testing without sub-chunk 2/5 disabling configs for [HANG LEAK UBSAN BUG LOCKDEP ATOMIC_SLEEP], they are not needed testing commit af2ea8ab7a546b430726183458da0a173d331272 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 failed building af2ea8ab7a546b430726183458da0a173d331272: drivers/gpu/drm/bridge/aux-bridge.c:116: undefined reference to `devm_drm_of_get_bridge' testing without sub-chunk 3/5 disabling configs for [HANG LEAK UBSAN BUG LOCKDEP ATOMIC_SLEEP], they are not needed testing commit af2ea8ab7a546b430726183458da0a173d331272 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 3dc73650731b1ae010c3a653929abc7ed07523bc69a1f8283c824cd2c53c8a59 run #0: crashed: KASAN: slab-use-after-free Read in move_pages_pte run #1: crashed: KASAN: slab-use-after-free Read in move_pages_pte run #2: crashed: KASAN: slab-use-after-free Read in move_pages_pte run #3: crashed: KASAN: slab-use-after-free Read in move_pages_pte run #4: crashed: KASAN: slab-use-after-free Read in move_pages_pte run #5: crashed: KASAN: slab-use-after-free Read in move_pages_pte run #6: crashed: KASAN: slab-use-after-free Read in move_pages_pte run #7: crashed: KASAN: slab-use-after-free Read in move_pages_pte run #8: crashed: KASAN: slab-use-after-free Write in move_pages_pte run #9: crashed: KASAN: slab-use-after-free Read in move_pages_pte representative crash: KASAN: slab-use-after-free Read in move_pages_pte, types: [KASAN] the chunk can be dropped testing without sub-chunk 4/5 disabling configs for [LOCKDEP ATOMIC_SLEEP HANG LEAK UBSAN BUG], they are not needed testing commit af2ea8ab7a546b430726183458da0a173d331272 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: ee712c386e52628d532d61369dca9558d26dda50ac453267de3dcfd4d9896778 run #0: crashed: KASAN: slab-use-after-free Read in move_pages_pte run #1: crashed: KASAN: slab-use-after-free Write in move_pages_pte run #2: crashed: KASAN: slab-use-after-free Read in move_pages_pte run #3: crashed: KASAN: slab-use-after-free Read in move_pages_pte run #4: crashed: KASAN: slab-use-after-free Write in move_pages_pte run #5: crashed: KASAN: slab-use-after-free Read in move_pages_pte run #6: crashed: KASAN: slab-use-after-free Read in move_pages_pte run #7: crashed: KASAN: slab-use-after-free Write in move_pages_pte run #8: crashed: KASAN: slab-use-after-free Read in move_pages_pte run #9: crashed: KASAN: slab-use-after-free Write in move_pages_pte representative crash: KASAN: slab-use-after-free Read in move_pages_pte, types: [KASAN] the chunk can be dropped testing without sub-chunk 5/5 disabling configs for [LEAK UBSAN BUG LOCKDEP ATOMIC_SLEEP HANG], they are not needed testing commit af2ea8ab7a546b430726183458da0a173d331272 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: efe493417767531a6850e9d5cb28163385540d3fbd5c4790c950687526cee858 all runs: OK false negative chance: 0.000 minimized to 850 configs; suspects: [6LOWPAN ARCH_ENABLE_MEMORY_HOTREMOVE ASUS_WMI ATM BCMA BLK_DEV_ZONED BPF_SYSCALL CARDBUS CFG80211 CFG80211_WEXT CHARGER_BQ24190 CMA COMMON_CLK CONTIG_ALLOC DAX DLM DRM DRM_BRIDGE DRM_GUD DRM_I915 DRM_I915_CAPTURE_ERROR DRM_I915_COMPRESS_ERROR DRM_I915_USERPTR DRM_KMS_HELPER DRM_MIPI_DSI DRM_PANEL DRM_PANEL_BRIDGE DRM_PANEL_EDP DRM_PANEL_ORIENTATION_QUIRKS DRM_SIMPLEDRM DRM_TTM DRM_TTM_HELPER DRM_UDL DRM_VGEM DRM_VIRTIO_GPU DRM_VIRTIO_GPU_KMS DRM_VKMS DRM_VMWGFX DUMMY DVB_AF9013 DVB_AF9033 DVB_AS102 DVB_AS102_FE DVB_B2C2_FLEXCOP DVB_B2C2_FLEXCOP_USB DVB_CORE DVB_DIB3000MB DVB_DIB3000MC DVB_EC100 DVB_GP8PSK_FE DVB_RTL2830 DVB_RTL2832 DVB_RTL2832_SDR DVB_TEST_DRIVERS DVB_TTUSB_BUDGET DVB_TTUSB_DEC DVB_USB DVB_USB_A800 DVB_USB_AF9005 DVB_USB_AF9005_REMOTE DVB_USB_AF9015 DVB_USB_AF9035 DVB_USB_ANYSEE DVB_USB_AU6610 DVB_USB_AZ6007 DVB_USB_AZ6027 DVB_USB_CE6230 DVB_USB_CINERGY_T2 DVB_USB_CXUSB DVB_USB_CXUSB_ANALOG DVB_USB_DIB0700 DVB_USB_DIB3000MC DVB_USB_DIBUSB_MB DVB_USB_DIBUSB_MC DVB_USB_DIGITV DVB_USB_DTT200U DVB_USB_DTV5100 DVB_USB_DVBSKY DVB_USB_DW2102 DVB_USB_EC168 DVB_USB_GL861 DVB_USB_GP8PSK DVB_USB_LME2510 DVB_USB_M920X DVB_USB_MXL111SF DVB_USB_NOVA_T_USB2 DVB_USB_OPERA1 DVB_USB_PCTV452E DVB_USB_RTL28XXU DVB_USB_TECHNISAT_USB2 DVB_USB_TTUSB2 DVB_USB_UMT_010 DVB_USB_V2 DVB_USB_VP702X DVB_USB_VP7045 DVB_USB_ZD1301 DVB_VIDTV DVB_ZL10353 ECRYPT_FS ECRYPT_FS_MESSAGING EDAC EEPROM_93CX6 EFS_FS ENCRYPTED_KEYS EQUALIZER EROFS_FS EROFS_FS_BACKED_BY_FILE EROFS_FS_POSIX_ACL EROFS_FS_SECURITY EROFS_FS_XATTR EROFS_FS_ZIP EVM EVM_ADD_XATTRS EVM_ATTR_FSUUID EXFAT_FS EXPORTFS_BLOCK_OPS EXT3_FS EXT3_FS_POSIX_ACL EXT3_FS_SECURITY EXTCON EXTCON_INTEL_CHT_WC EXTCON_PTN5150 EXTCON_USBC_TUSB320 F2FS_CHECK_FS F2FS_FAULT_INJECTION F2FS_FS F2FS_FS_COMPRESSION F2FS_FS_LZ4 F2FS_FS_LZ4HC F2FS_FS_LZO F2FS_FS_LZORLE F2FS_FS_POSIX_ACL F2FS_FS_SECURITY F2FS_FS_XATTR F2FS_FS_ZSTD F2FS_STAT_FS FANOTIFY FANOTIFY_ACCESS_PERMISSIONS FB FB_CFB_COPYAREA FB_CFB_FILLRECT FB_CFB_IMAGEBLIT FB_CORE FB_DEFERRED_IO FB_DEVICE FB_IOMEM_FOPS FB_IOMEM_HELPERS FB_NOTIFY FB_SYSMEM_FOPS FB_SYSMEM_HELPERS FB_SYSMEM_HELPERS_DEFERRED FB_SYS_COPYAREA FB_SYS_FILLRECT FB_SYS_IMAGEBLIT FB_TILEBLITTING FB_VESA FB_VGA16 FB_VIRTUAL FDDI FIREWIRE FIREWIRE_NET FIREWIRE_OHCI FIREWIRE_SBP2 FONT_8x16 FONT_8x8 FONT_SUPPORT FRAMEBUFFER_CONSOLE FRAMEBUFFER_CONSOLE_DETECT_PRIMARY FRAMEBUFFER_CONSOLE_ROTATION FS_DAX FS_DAX_PMD FS_ENCRYPTION FS_ENCRYPTION_ALGS FS_STACK FS_VERITY FS_VERITY_BUILTIN_SIGNATURES FTL FUSE_DAX FUSE_FS FW_LOADER_COMPRESS FW_LOADER_PAGED_BUF FW_LOADER_SYSFS FW_LOADER_USER_HELPER FW_LOADER_USER_HELPER_FALLBACK GACT_PROB GARP GENERIC_PHY GET_FREE_REGION GFS2_FS GFS2_FS_LOCKING_DLM GNSS GNSS_USB GOOGLE_COREBOOT_TABLE GOOGLE_FIRMWARE GOOGLE_MEMCONSOLE GOOGLE_MEMCONSOLE_COREBOOT GOOGLE_VPD GPIOLIB GPIOLIB_IRQCHIP GPIO_ACPI GPIO_DLN2 GPIO_LJCA GPIO_VIPERBOARD GREENASIA_FF GREYBUS GREYBUS_BRIDGED_PHY GREYBUS_ES2 GREYBUS_HID GREYBUS_USB GROUP_SCHED_WEIGHT GTP GUEST_PERF_EVENTS GVE HAVE_ARCH_NODE_DEV_GROUP HAVE_ARCH_USERFAULTFD_MINOR HAVE_ARCH_USERFAULTFD_WP HAVE_BOOTMEM_INFO_NODE HAVE_CLK_PREPARE HAVE_KVM_CPU_RELAX_INTERCEPT HAVE_KVM_DIRTY_RING HAVE_KVM_DIRTY_RING_ACQ_REL HAVE_KVM_DIRTY_RING_TSO HAVE_KVM_IRQCHIP HAVE_KVM_IRQ_BYPASS HAVE_KVM_IRQ_ROUTING HAVE_KVM_MSI HAVE_KVM_NO_POLL HAVE_KVM_PFNCACHE HAVE_KVM_PM_NOTIFIER HAVE_KVM_READONLY_MEM HAVE_SCHED_AVG_IRQ HDLC HDLC_CISCO HDLC_FR HDLC_PPP HDLC_RAW HDLC_RAW_ETH HDLC_X25 HDMI HFSPLUS_FS HFS_FS HID_ACCUTOUCH HID_ACRUX HID_ACRUX_FF HID_ALPS HID_APPLEIR HID_ASUS HID_AUREAL HID_BATTERY_STRENGTH HID_BETOP_FF HID_BIGBEN_FF HID_CMEDIA HID_CORSAIR HID_COUGAR HID_CP2112 HID_CREATIVE_SB0540 HID_ELAN HID_ELECOM HID_ELO HID_EMS_FF HID_EVISION HID_FT260 HID_GEMBIRD HID_GFRM HID_GLORIOUS HID_GOOGLE_STADIA_FF HID_GREENASIA HID_GT683R HID_HOLTEK HID_ICADE HID_JABRA HID_KEYTOUCH HID_KYE HID_LCPOWER HID_LED HID_LENOVO HID_LETSKETCH HID_LOGITECH_DJ HID_LOGITECH_HIDPP HID_MACALLY HID_MAGICMOUSE HID_MALTRON HID_MAYFLASH HID_MCP2200 HID_MCP2221 HID_MEGAWORLD_FF HID_MULTITOUCH HID_NTI HID_ORTEK HID_PENMOUNT HID_PICOLCD HID_PICOLCD_BACKLIGHT HID_PICOLCD_CIR HID_PICOLCD_FB HID_PICOLCD_LCD HID_PICOLCD_LEDS HID_PLANTRONICS HID_PRIMAX HID_PRODIKEYS HID_PXRC HID_RAZER HID_RETRODE HID_RMI HID_ROCCAT HID_SAITEK HID_SEMITEK HID_SENSOR_ACCEL_3D HID_SENSOR_ALS HID_SENSOR_CUSTOM_INTEL_HINGE HID_SENSOR_CUSTOM_SENSOR HID_SENSOR_DEVICE_ROTATION HID_SENSOR_GYRO_3D HID_SENSOR_HUB HID_SENSOR_HUMIDITY HID_SENSOR_IIO_COMMON HID_SENSOR_IIO_TRIGGER HID_SENSOR_INCLINOMETER_3D HID_SENSOR_MAGNETOMETER_3D HID_SENSOR_PRESS HID_SENSOR_PROX HID_SENSOR_TEMP HID_SIGMAMICRO HID_SPEEDLINK HID_STEELSERIES HID_THINGM HID_TIVO HID_TOPRE HID_TWINHAN HID_U2FZERO HID_UCLOGIC HID_UDRAW_PS3 HID_VIEWSONIC HID_VIVALDI HID_VIVALDI_COMMON HID_VRC2 HID_WACOM HID_WALTOP HID_WIIMOTE HID_XIAOMI HID_XINMO HID_ZEROPLUS HID_ZYDACRON HMM_MIRROR HOLTEK_FF HOTPLUG_PCI_PCIE HPET_MMAP HPET_MMAP_DEFAULT HPFS_FS I2C_ALGOBIT I2C_CHARDEV I2C_CP2615 I2C_DESIGNWARE_CORE I2C_DESIGNWARE_PLATFORM I2C_DIOLAN_U2C I2C_DLN2 I2C_HID_ACPI I2C_HID_CORE I2C_HID_OF I2C_LJCA I2C_MUX I2C_MUX_REG I2C_ROBOTFUZZ_OSIF I2C_SI4713 I2C_SLAVE I2C_SLAVE_EEPROM I2C_TINY_USB I2C_VIPERBOARD IEEE802154 IEEE802154_6LOWPAN IEEE802154_ATUSB IEEE802154_DRIVERS IEEE802154_HWSIM IEEE802154_NL802154_EXPERIMENTAL IEEE802154_SOCKET IFB IIO IIO_BUFFER IIO_KFIFO_BUF IIO_TRIGGER IIO_TRIGGERED_BUFFER IKCONFIG IKCONFIG_PROC IMA IMA_APPRAISE IMA_APPRAISE_MODSIG IMA_DEFAULT_HASH_SHA256 IMA_LSM_RULES IMA_MEASURE_ASYMMETRIC_KEYS IMA_NG_TEMPLATE IMA_QUEUE_EARLY_BOOT_KEYS IMA_READ_POLICY IMA_WRITE_POLICY INET6_ESPINTCP INET6_ESP_OFFLOAD INET6_IPCOMP INET6_TUNNEL INET6_XFRM_TUNNEL INET_AH INET_DCCP_DIAG INET_DIAG INET_DIAG_DESTROY INET_ESP INET_ESPINTCP INET_ESP_OFFLOAD INET_IPCOMP INET_MPTCP_DIAG INET_RAW_DIAG INET_SCTP_DIAG INET_TCP_DIAG INET_UDP_DIAG INET_XFRM_TUNNEL INFINIBAND INFINIBAND_ADDR_TRANS INFINIBAND_ADDR_TRANS_CONFIGFS INFINIBAND_IPOIB INFINIBAND_IPOIB_CM INFINIBAND_IPOIB_DEBUG INFINIBAND_ISER INFINIBAND_ON_DEMAND_PAGING INFINIBAND_RTRS INFINIBAND_SRP INFINIBAND_USER_ACCESS INFINIBAND_USER_MAD INFINIBAND_USER_MEM INPUT_ATI_REMOTE2 INPUT_CM109 INPUT_IMS_PCU INPUT_JOYDEV INPUT_KEYSPAN_REMOTE INPUT_LEDS INPUT_MOUSEDEV INPUT_MOUSEDEV_PSAUX INPUT_POWERMATE INPUT_UINPUT INPUT_YEALINK INTEGRITY INTEGRITY_ASYMMETRIC_KEYS INTEGRITY_AUDIT INTEGRITY_SIGNATURE INTEGRITY_TRUSTED_KEYRING INTEL_CHTWC_INT33FE INTEL_IDMA64 INTEL_IOATDMA INTEL_IOMMU_DEFAULT_ON INTEL_IOMMU_SVM INTEL_ISHTP_ECLITE INTEL_ISH_FIRMWARE_DOWNLOADER INTEL_ISH_HID INTEL_SOC_PMIC_CHTWC INTERVAL_TREE_SPAN_ITER IOMMUFD IOMMUFD_DRIVER IOMMUFD_DRIVER_CORE IOMMUFD_TEST IP6_NF_MATCH_AH IP6_NF_MATCH_EUI64 IP6_NF_MATCH_FRAG IP6_NF_MATCH_HL IP6_NF_MATCH_MH IP6_NF_MATCH_OPTS IP6_NF_MATCH_RPFILTER IP6_NF_MATCH_RT IP6_NF_MATCH_SRH IP6_NF_NAT IP6_NF_RAW IP6_NF_SECURITY IP6_NF_TARGET_HL IP6_NF_TARGET_MASQUERADE IP6_NF_TARGET_NPT IP6_NF_TARGET_SYNPROXY IPV6_FOU IPV6_FOU_TUNNEL IPV6_GRE IPV6_ILA IPV6_MIP6 IPV6_MROUTE IPV6_MROUTE_MULTIPLE_TABLES IPV6_MULTIPLE_TABLES IPV6_OPTIMISTIC_DAD IPV6_PIMSM_V2 IPV6_ROUTER_PREF IPV6_ROUTE_INFO IPV6_RPL_LWTUNNEL IPV6_SEG6_BPF IPV6_SEG6_HMAC IPV6_SEG6_LWTUNNEL IPV6_SIT_6RD IPV6_SUBTREES IPV6_TUNNEL IPV6_VTI IPVLAN IPVLAN_L3S IPVTAP IP_DCCP IP_DCCP_CCID3 IP_DCCP_TFRC_LIB IP_FIB_TRIE_STATS IP_MROUTE_MULTIPLE_TABLES IP_NF_ARPFILTER IP_NF_ARPTABLES IP_NF_ARP_MANGLE IP_NF_MATCH_AH IP_NF_MATCH_ECN IP_NF_MATCH_RPFILTER IP_NF_MATCH_TTL IP_NF_RAW IP_NF_SECURITY IP_NF_TARGET_ECN IP_NF_TARGET_NETMAP IP_NF_TARGET_REDIRECT IP_NF_TARGET_SYNPROXY IP_NF_TARGET_TTL IP_ROUTE_CLASSID IP_SCTP IP_SET IP_SET_BITMAP_IP IP_SET_BITMAP_IPMAC IP_SET_BITMAP_PORT IP_SET_HASH_IP IP_SET_HASH_IPMAC IP_SET_HASH_IPMARK IP_SET_HASH_IPPORT IP_SET_HASH_IPPORTIP IP_SET_HASH_IPPORTNET IP_SET_HASH_MAC IP_SET_HASH_NET IP_SET_HASH_NETIFACE IP_SET_HASH_NETNET IP_SET_HASH_NETPORT IP_SET_HASH_NETPORTNET IP_SET_LIST_SET IP_VS IP_VS_DH IP_VS_FO IRQ_REMAP IRQ_TIME_ACCOUNTING KVM KVM_INTEL LAPB LCD_CLASS_DEVICE LIBNVDIMM MAC802154 MEDIA_ANALOG_TV_SUPPORT MEDIA_CAMERA_SUPPORT MEDIA_CEC_SUPPORT MEDIA_CONTROLLER MEDIA_DIGITAL_TV_SUPPORT MEDIA_RADIO_SUPPORT MEDIA_SDR_SUPPORT MEDIA_SUPPORT MEDIA_TEST_SUPPORT MEDIA_USB_SUPPORT MEMORY_HOTPLUG MEMORY_HOTREMOVE MFD_DLN2 MFD_VIPERBOARD MPTCP MTD NETFILTER_ADVANCED NET_ACT_GACT NET_ACT_MIRRED NET_IPGRE_DEMUX NFT_COMPAT NFT_COMPAT_ARP NFT_FWD_NETDEV NF_TABLES NF_TABLES_ARP NF_TABLES_NETDEV NOP_USB_XCEIV PARPORT PCCARD PCMCIA PHONET RADIO_ADAPTERS RADIO_SI470X RADIO_SI4713 RAS RC_CORE REGULATOR RFKILL SND SOUND SPI SSB STAGING TAP TARGET_CORE TRANSPARENT_HUGEPAGE TUN TYPEC TYPEC_MUX_PI3USB30532 USB_AMD5536UDC USB_ATM USB_CDNS3 USB_CDNS3_HOST USB_CDNS3_PCI_WRAP USB_CDNSP_GADGET USB_CDNSP_HOST USB_CDNSP_PCI USB_CDNS_HOST USB_CDNS_SUPPORT USB_CHAOSKEY USB_CHIPIDEA USB_CHIPIDEA_GENERIC USB_CHIPIDEA_HOST USB_CHIPIDEA_MSM USB_CHIPIDEA_NPCM USB_CHIPIDEA_PCI USB_CHIPIDEA_UDC USB_CONFIGFS USB_CONFIGFS_ACM USB_CONFIGFS_ECM USB_CONFIGFS_ECM_SUBSET USB_CONFIGFS_EEM USB_CONFIGFS_F_FS USB_CONFIGFS_F_HID USB_CONFIGFS_F_LB_SS USB_CONFIGFS_F_MIDI USB_CONFIGFS_F_MIDI2 USB_CONFIGFS_F_PRINTER USB_CONFIGFS_F_TCM USB_CONFIGFS_F_UAC1 USB_CONFIGFS_F_UAC1_LEGACY USB_CONFIGFS_F_UAC2 USB_CONFIGFS_F_UVC USB_CONFIGFS_MASS_STORAGE USB_CONFIGFS_NCM USB_CONFIGFS_OBEX USB_CONFIGFS_PHONET USB_CONFIGFS_RNDIS USB_CONFIGFS_SERIAL USB_CONN_GPIO USB_CXACRU USB_CYPRESS_CY7C63 USB_CYTHERM USB_DSBR USB_DUMMY_HCD USB_DWC2 USB_DWC2_HOST USB_DWC2_PCI USB_DWC3 USB_DWC3_GADGET USB_DWC3_HAPS USB_DWC3_OF_SIMPLE USB_DWC3_PCI USB_DWC3_ULPI USB_DYNAMIC_MINORS USB_EG20T USB_EHCI_FSL USB_EHCI_HCD_PLATFORM USB_EHCI_ROOT_HUB_TT USB_EHSET_TEST_FIXTURE USB_EMI26 USB_EMI62 USB_EPSON2888 USB_EZUSB_FX2 USB_FEW_INIT_RETRIES USB_F_ACM USB_F_ECM USB_F_EEM USB_F_FS USB_F_HID USB_F_MASS_STORAGE USB_F_MIDI USB_F_MIDI2 USB_F_NCM USB_F_OBEX USB_F_PHONET USB_F_PRINTER USB_F_RNDIS USB_F_SERIAL USB_F_SS_LB USB_F_SUBSET USB_F_TCM USB_F_UAC1 USB_F_UAC1_LEGACY USB_F_UAC2 USB_F_UVC USB_GADGET USB_GADGETFS USB_GADGET_DEBUG_FILES USB_GADGET_DEBUG_FS USB_GL860 USB_GOKU USB_GR_UDC USB_GSPCA USB_GSPCA_BENQ USB_GSPCA_CONEX USB_GSPCA_CPIA1 USB_GSPCA_DTCS033 USB_GSPCA_ETOMS USB_GSPCA_FINEPIX USB_GSPCA_JEILINJ USB_GSPCA_JL2005BCD USB_GSPCA_KINECT USB_GSPCA_KONICA USB_GSPCA_MARS USB_GSPCA_MR97310A USB_GSPCA_NW80X USB_GSPCA_OV519 USB_GSPCA_OV534 USB_GSPCA_OV534_9 USB_GSPCA_PAC207 USB_GSPCA_PAC7302 USB_GSPCA_PAC7311 USB_GSPCA_SE401 USB_GSPCA_SN9C2028 USB_GSPCA_SN9C20X USB_GSPCA_SONIXB USB_GSPCA_SONIXJ USB_GSPCA_SPCA1528 USB_GSPCA_SPCA500 USB_GSPCA_SPCA501 USB_GSPCA_SPCA505 USB_GSPCA_SPCA506 USB_GSPCA_SPCA508 USB_GSPCA_SPCA561 USB_GSPCA_SQ905 USB_GSPCA_SQ905C USB_GSPCA_SQ930X USB_GSPCA_STK014 USB_GSPCA_STK1135 USB_GSPCA_STV0680 USB_GSPCA_SUNPLUS USB_GSPCA_T613 USB_GSPCA_TOPRO USB_GSPCA_TOUPTEK USB_GSPCA_TV8532 USB_GSPCA_VC032X USB_GSPCA_VICAM USB_GSPCA_XIRLINK_CIT USB_GSPCA_ZC3XX USB_HACKRF USB_HCD_BCMA USB_HCD_SSB USB_HSIC_USB3503 USB_HSIC_USB4604 USB_HSO USB_HUB_USB251XB USB_IDMOUSE USB_IOWARRIOR USB_IPHETH USB_ISIGHTFW USB_ISP116X_HCD USB_ISP1301 USB_ISP1760 USB_ISP1760_DUAL_ROLE USB_ISP1760_HCD USB_ISP1761_UDC USB_KAWETH USB_KC2190 USB_KEENE USB_LAN78XX USB_LCD USB_LD USB_LEDS_TRIGGER_USBPORT USB_LED_TRIG USB_LEGOTOWER USB_LGM_PHY USB_LIBCOMPOSITE USB_LINK_LAYER_TEST USB_LJCA USB_M5602 USB_MA901 USB_MAX3420_UDC USB_MAX3421_HCD USB_MDC800 USB_MICROTEK USB_MR800 USB_MSI2500 USB_MUSB_DUAL_ROLE USB_MUSB_HDRC USB_MV_U3D USB_MV_UDC USB_NET2272 USB_NET2272_DMA USB_NET2280 USB_NET_AQC111 USB_NET_AX88179_178A USB_NET_AX8817X USB_NET_CDCETHER USB_NET_CDC_EEM USB_NET_CDC_MBIM USB_NET_CDC_NCM USB_NET_CDC_SUBSET USB_NET_CDC_SUBSET_ENABLE USB_NET_CH9200 USB_NET_CX82310_ETH USB_NET_DM9601 USB_NET_GL620A USB_NET_HUAWEI_CDC_NCM USB_NET_INT51X1 USB_NET_KALMIA USB_NET_MCS7830 USB_NET_NET1080 USB_NET_PLUSB USB_NET_QMI_WWAN USB_NET_RNDIS_HOST USB_NET_SMSC75XX USB_NET_SMSC95XX USB_NET_SR9700 USB_NET_SR9800 USB_NET_ZAURUS USB_OHCI_HCD_PLATFORM USB_OTG USB_OTG_FSM USB_OXU210HP_HCD USB_PEGASUS USB_PULSE8_CEC USB_PWC USB_PWC_INPUT_EVDEV USB_PXA27X USB_R8A66597 USB_R8A66597_HCD USB_RAINSHADOW_CEC USB_RAREMONO USB_RAW_GADGET USB_ROLES_INTEL_XHCI USB_ROLE_SWITCH USB_RTL8150 USB_RTL8152 USB_RTL8153_ECM USB_S2255 USB_SERIAL USB_SERIAL_AIRCABLE USB_SERIAL_ARK3116 USB_SERIAL_BELKIN USB_SERIAL_CH341 USB_SERIAL_CONSOLE USB_SERIAL_CP210X USB_SERIAL_CYBERJACK USB_SERIAL_CYPRESS_M8 USB_SERIAL_DEBUG USB_SERIAL_DIGI_ACCELEPORT USB_SERIAL_EDGEPORT USB_SERIAL_EDGEPORT_TI USB_SERIAL_EMPEG USB_SERIAL_F81232 USB_SERIAL_F8153X USB_SERIAL_FTDI_SIO USB_SERIAL_GARMIN USB_SERIAL_GENERIC USB_SERIAL_IPAQ USB_SERIAL_IPW USB_SERIAL_IR USB_SERIAL_IUU USB_SERIAL_KEYSPAN USB_SERIAL_KEYSPAN_PDA USB_SERIAL_KLSI USB_SERIAL_KOBIL_SCT USB_SERIAL_MCT_U232 USB_SERIAL_METRO USB_SERIAL_MOS7715_PARPORT USB_SERIAL_MOS7720 USB_SERIAL_MOS7840 USB_SERIAL_MXUPORT USB_SERIAL_NAVMAN USB_SERIAL_OMNINET USB_SERIAL_OPTICON USB_SERIAL_OPTION USB_SERIAL_OTI6858 USB_SERIAL_PL2303 USB_SERIAL_QCAUX USB_SERIAL_QT2 USB_SERIAL_QUALCOMM USB_SERIAL_SAFE USB_SERIAL_SIERRAWIRELESS USB_SERIAL_SIMPLE USB_SERIAL_SPCP8X5 USB_SERIAL_SSU100 USB_SERIAL_SYMBOL USB_SERIAL_TI USB_SERIAL_UPD78F0730 USB_SERIAL_VISOR USB_SERIAL_WHITEHEAT USB_SERIAL_WISHBONE USB_SERIAL_WWAN USB_SERIAL_XR USB_SERIAL_XSENS_MT USB_SEVSEG USB_SI470X USB_SI4713 USB_SIERRA_NET USB_SISUSBVGA USB_SL811_CS USB_SL811_HCD USB_SL811_HCD_ISO USB_SNP_CORE USB_SPEEDTOUCH USB_STORAGE_ALAUDA USB_STORAGE_CYPRESS_ATACB USB_STORAGE_DATAFAB USB_STORAGE_ENE_UB6250 USB_STORAGE_FREECOM USB_STORAGE_ISD200 USB_STORAGE_JUMPSHOT USB_STORAGE_KARMA USB_STORAGE_ONETOUCH USB_STORAGE_SDDR09 USB_STORAGE_SDDR55 USB_STORAGE_USBAT USB_STV06XX USB_TEST USB_TMC USB_TRANCEVIBRATOR USB_UAS USB_UEAGLEATM USB_ULPI_BUS USB_USBNET USB_USS720 USB_U_AUDIO USB_U_ETHER USB_U_SERIAL USB_VIDEO_CLASS USB_VIDEO_CLASS_INPUT_EVDEV USB_VL600 USB_WDM USB_XHCI_DBGCAP USB_XHCI_PCI_RENESAS USB_XHCI_PLATFORM USB_XUSBATM USB_YUREX USERFAULTFD USERIO USERMODE_DRIVER USER_RETURN_NOTIFIER UVC_COMMON U_SERIAL_CONSOLE V4L2_MEM2MEM_DEV V4L_TEST_DRIVERS VALIDATE_FS_PARSER VDPA VDPA_SIM VDPA_SIM_BLOCK VDPA_SIM_NET VETH VFIO VFIO_DEVICE_CDEV VFIO_PCI VFIO_PCI_CORE VFIO_PCI_INTX VFIO_PCI_MMAP VFIO_VIRQFD VGASTATE VHOST VHOST_CROSS_ENDIAN_LEGACY VHOST_IOTLB VHOST_NET VHOST_RING VHOST_TASK VHOST_VDPA VHOST_VSOCK VIDEO VIDEOBUF2_CORE VIDEOBUF2_DMA_CONTIG VIDEOBUF2_DMA_SG VIDEOBUF2_MEMOPS VIDEOBUF2_V4L2 VIDEOBUF2_VMALLOC VIDEOMODE_HELPERS VIDEO_AU0828 VIDEO_AU0828_RC VIDEO_AU0828_V4L2 VIDEO_CS53L32A VIDEO_CX231XX VIDEO_CX231XX_ALSA VIDEO_CX231XX_DVB VIDEO_CX231XX_RC VIDEO_CX2341X VIDEO_CX25840 VIDEO_DEV VIDEO_EM28XX VIDEO_EM28XX_ALSA VIDEO_EM28XX_DVB VIDEO_EM28XX_RC VIDEO_EM28XX_V4L2 VIDEO_GO7007 VIDEO_GO7007_LOADER VIDEO_GO7007_USB VIDEO_GO7007_USB_S2250_BOARD VIDEO_HDPVR VIDEO_MSP3400 VIDEO_PVRUSB2 VIDEO_PVRUSB2_DVB VIDEO_PVRUSB2_SYSFS VIDEO_SAA711X VIDEO_STK1160 VIDEO_TUNER VIDEO_TVEEPROM VIDEO_USBTV VIDEO_V4L2_I2C VIDEO_V4L2_SUBDEV_API VIDEO_V4L2_TPG VIDEO_VICODEC VIDEO_VIM2M VIDEO_VIMC VIDEO_VIVID VIDEO_VIVID_CEC VIDEO_WM8775 VIPERBOARD_ADC VIRTIO_BALLOON VIRTIO_DMA_SHARED_BUFFER VIRTIO_FS VIRTIO_MEM VIRTIO_MMIO VIRTIO_MMIO_CMDLINE_DEVICES VIRTIO_PMEM VIRTIO_VDPA VIRTIO_VSOCKETS VIRTIO_VSOCKETS_COMMON VIRT_WIFI VLAN_8021Q VLAN_8021Q_GVRP VLAN_8021Q_MVRP VMAP_PFN VMWARE_VMCI VMXNET3 VP_VDPA VSOCKETS VSOCKETS_DIAG VSOCKETS_LOOPBACK VSOCKMON VT_HW_CONSOLE_BINDING VXFS_FS WAN WANT_DEV_COREDUMP WEXT_CORE WEXT_PROC WIREGUARD WIRELESS WLAN WLAN_VENDOR_ADMTEK WLAN_VENDOR_SILABS X86_SGX X86_SGX_KVM X86_USER_SHADOW_STACK X86_X2APIC X86_X32_ABI XDP_SOCKETS XDP_SOCKETS_DIAG XFRM_ESPINTCP XFRM_INTERFACE XFRM_IPCOMP XFRM_MIGRATE XFRM_OFFLOAD XFRM_STATISTICS XFRM_SUB_POLICY XFRM_USER_COMPAT XFS_FS XFS_POSIX_ACL XFS_QUOTA XFS_RT XILLYBUS_CLASS XILLYUSB XOR_BLOCKS YENTA YENTA_ENE_TUNE YENTA_O2 YENTA_RICOH YENTA_TI YENTA_TOSHIBA Z3FOLD Z3FOLD_DEPRECATED ZEROPLUS_FF ZLIB_DEFLATE ZONEFS_FS ZONE_DEVICE ZPOOL ZRAM ZRAM_BACKEND_FORCE_LZO ZRAM_BACKEND_LZO ZRAM_DEF_COMP_LZO ZSMALLOC ZSTD_COMPRESS ZSWAP ZSWAP_COMPRESSOR_DEFAULT_842 ZSWAP_DEFAULT_ON ZSWAP_SHRINKER_DEFAULT_ON ZSWAP_ZPOOL_DEFAULT_Z3FOLD_DEPRECATED] disabling configs for [ATOMIC_SLEEP HANG LEAK UBSAN BUG LOCKDEP], they are not needed picked [v6.12 v6.11 v6.10 v6.8 v6.6 v6.4 v6.2 v6.0 v5.17 v5.14 v5.11 v5.8 v5.5 v5.2 v4.20 v4.19] out of 35 release tags testing release v6.12 testing commit adc218676eef25575469234709c2d87185ca223a gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: d1452c4a9624e10173634ab6a7ebbd464b41c7c19d5d4d40c20276a6ee355c1d all runs: OK false negative chance: 0.000 # git bisect start af2ea8ab7a546b430726183458da0a173d331272 adc218676eef25575469234709c2d87185ca223a Bisecting: 6589 revisions left to test after this (roughly 13 steps) [28eb75e178d389d325f1666e422bc13bbbb9804c] Merge tag 'drm-next-2024-11-21' of https://gitlab.freedesktop.org/drm/kernel testing commit 28eb75e178d389d325f1666e422bc13bbbb9804c gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 91a659481f990a7b61ddc9a7e9a2988811e720878b5fe749bf45a629cc806323 all runs: OK false negative chance: 0.000 # git bisect good 28eb75e178d389d325f1666e422bc13bbbb9804c Bisecting: 3203 revisions left to test after this (roughly 12 steps) [a0c1ca3934ddffe4f3f2a2bd860283a7b0ca5439] Merge tag 'staging-6.13-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging testing commit a0c1ca3934ddffe4f3f2a2bd860283a7b0ca5439 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 41196ea78fcfe91a32caf10754fc19073b985a0df34b81250761bbb798acf4bd all runs: OK false negative chance: 0.000 # git bisect good a0c1ca3934ddffe4f3f2a2bd860283a7b0ca5439 Bisecting: 1587 revisions left to test after this (roughly 11 steps) [54515459e52adbe44608b7c3a42830d624747f56] Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/joel/bmc.git testing commit 54515459e52adbe44608b7c3a42830d624747f56 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 96ed9c61800769e5a632944835589563b15fc69a6a2a0485cc9964b7af80e460 all runs: crashed: KASAN: slab-use-after-free Read in move_pages_pte representative crash: KASAN: slab-use-after-free Read in move_pages_pte, types: [KASAN] # git bisect bad 54515459e52adbe44608b7c3a42830d624747f56 Bisecting: 820 revisions left to test after this (roughly 10 steps) [0e287d31b62bb53ad81d5e59778384a40f8b6f56] Merge tag 'rtc-6.13' of git://git.kernel.org/pub/scm/linux/kernel/git/abelloni/linux testing commit 0e287d31b62bb53ad81d5e59778384a40f8b6f56 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: daa08c9cda35a56dda5688fd1d16c81058df73dac899e58ea2409213de9279d7 all runs: OK false negative chance: 0.000 # git bisect good 0e287d31b62bb53ad81d5e59778384a40f8b6f56 Bisecting: 403 revisions left to test after this (roughly 9 steps) [f92d3390b756c6913ad3815b8166e9277437267e] Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf.git testing commit f92d3390b756c6913ad3815b8166e9277437267e gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 32f1497fb9d7dc211753f76d8b79b4bfde2ce37a3b46916b532da20ceb92f571 all runs: OK false negative chance: 0.000 # git bisect good f92d3390b756c6913ad3815b8166e9277437267e Bisecting: 209 revisions left to test after this (roughly 8 steps) [f308c6624ce8ff7bf306d721de8ca540c06f867f] Merge branch 'tip/urgent' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git testing commit f308c6624ce8ff7bf306d721de8ca540c06f867f gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: cd9358b70de23bb1c17033c655a684ede30ad608c8b7c5fa8150b1e7126b96dd all runs: OK false negative chance: 0.000 # git bisect good f308c6624ce8ff7bf306d721de8ca540c06f867f Bisecting: 104 revisions left to test after this (roughly 7 steps) [e8597e91699a67c27ef688640b4bbb702e0a2848] mm/mglru: rework workingset protection testing commit e8597e91699a67c27ef688640b4bbb702e0a2848 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 2a6f7d3f113107f5736d6458ac3784b38a44ac4d98cd4dbff69e6cdb50c21893 run #0: crashed: KASAN: slab-use-after-free Read in move_pages_pte run #1: crashed: KASAN: slab-use-after-free Read in move_pages_pte run #2: crashed: KASAN: slab-use-after-free Read in move_pages_pte run #3: crashed: KASAN: slab-use-after-free Read in move_pages_pte run #4: crashed: KASAN: slab-use-after-free Read in move_pages_pte run #5: crashed: KASAN: slab-use-after-free Write in move_pages_pte run #6: crashed: KASAN: slab-use-after-free Write in move_pages_pte run #7: crashed: KASAN: slab-use-after-free Read in move_pages_pte run #8: crashed: KASAN: slab-use-after-free Read in move_pages_pte run #9: crashed: KASAN: slab-use-after-free Read in move_pages_pte representative crash: KASAN: slab-use-after-free Read in move_pages_pte, types: [KASAN] # git bisect bad e8597e91699a67c27ef688640b4bbb702e0a2848 Bisecting: 52 revisions left to test after this (roughly 6 steps) [2b396aa406eedd3a1e3b02488e1a15340ede4ca4] maple_tree: only root node could be deficient testing commit 2b396aa406eedd3a1e3b02488e1a15340ede4ca4 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 756b15bf6a35700814dbebb623e82ca750fb20531054bdf952c1d7701ed78f76 all runs: OK false negative chance: 0.000 # git bisect good 2b396aa406eedd3a1e3b02488e1a15340ede4ca4 Bisecting: 26 revisions left to test after this (roughly 5 steps) [65648c65d0f77ea80d22e8aa10705aaf438c68a1] fs/proc/vmcore: move vmcore definitions out of kcore.h testing commit 65648c65d0f77ea80d22e8aa10705aaf438c68a1 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 4e17621b38d3c4cb2ca4d5e62fe5adf128f7e9f9f26529661601825192d3ac72 all runs: OK false negative chance: 0.000 # git bisect good 65648c65d0f77ea80d22e8aa10705aaf438c68a1 Bisecting: 13 revisions left to test after this (roughly 4 steps) [79d5a1cf55295d8cb7025878fbfae6c9029df949] mm: zap_install_uffd_wp_if_needed: return whether uffd-wp pte has been re-installed testing commit 79d5a1cf55295d8cb7025878fbfae6c9029df949 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 0b3397d578b0aa9e9cdb765d2290eb19b62ddb420efe321425a3af277390e483 all runs: OK false negative chance: 0.000 # git bisect good 79d5a1cf55295d8cb7025878fbfae6c9029df949 Bisecting: 6 revisions left to test after this (roughly 3 steps) [897390d7780d4d0dc5b573261052ea6929653d7a] mm/hugetlb: support FOLL_FORCE|FOLL_WRITE testing commit 897390d7780d4d0dc5b573261052ea6929653d7a gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 5cf8b0c9eb4f504ef81597de0a04522030ad72201073c8ce3de14958943f78e4 run #0: crashed: KASAN: slab-use-after-free Read in move_pages_pte run #1: crashed: KASAN: slab-use-after-free Read in move_pages_pte run #2: crashed: KASAN: slab-use-after-free Read in move_pages_pte run #3: crashed: KASAN: slab-use-after-free Read in move_pages_pte run #4: crashed: KASAN: slab-use-after-free Read in move_pages_pte run #5: crashed: KASAN: slab-use-after-free Write in move_pages_pte run #6: crashed: KASAN: slab-use-after-free Write in move_pages_pte run #7: crashed: KASAN: slab-use-after-free Read in move_pages_pte run #8: crashed: KASAN: slab-use-after-free Read in move_pages_pte run #9: crashed: KASAN: slab-use-after-free Read in move_pages_pte representative crash: KASAN: slab-use-after-free Read in move_pages_pte, types: [KASAN] # git bisect bad 897390d7780d4d0dc5b573261052ea6929653d7a Bisecting: 3 revisions left to test after this (roughly 2 steps) [e3aafd2d3551f99478473fe237ee3c34a7023258] mm: pgtable: reclaim empty PTE page in madvise(MADV_DONTNEED) testing commit e3aafd2d3551f99478473fe237ee3c34a7023258 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 1ac3579e3392695f94fdcf99d1c9d7c773e4dfe6fee7008d2f500c19eb13323f all runs: OK false negative chance: 0.000 # git bisect good e3aafd2d3551f99478473fe237ee3c34a7023258 Bisecting: 1 revision left to test after this (roughly 1 step) [5b29c4156f5801fced2ec504b44ab98f60c480bf] x86: select ARCH_SUPPORTS_PT_RECLAIM if X86_64 testing commit 5b29c4156f5801fced2ec504b44ab98f60c480bf gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 7493744b18d6283246ea81107ef9d0817f16aab12554e318b124548c2d3f43fb run #0: crashed: KASAN: slab-use-after-free Read in move_pages_pte run #1: crashed: KASAN: slab-use-after-free Read in move_pages_pte run #2: crashed: KASAN: slab-use-after-free Read in move_pages_pte run #3: crashed: KASAN: slab-use-after-free Read in move_pages_pte run #4: crashed: KASAN: slab-use-after-free Read in move_pages_pte run #5: crashed: KASAN: slab-use-after-free Read in move_pages_pte run #6: crashed: KASAN: slab-use-after-free Read in move_pages_pte run #7: crashed: KASAN: slab-use-after-free Read in move_pages_pte run #8: crashed: KASAN: slab-use-after-free Read in move_pages_pte run #9: crashed: KASAN: slab-use-after-free Write in move_pages_pte representative crash: KASAN: slab-use-after-free Read in move_pages_pte, types: [KASAN] # git bisect bad 5b29c4156f5801fced2ec504b44ab98f60c480bf Bisecting: 0 revisions left to test after this (roughly 0 steps) [fab0301943b37da655e2ee0726fcb7e6d8551d05] x86: mm: free page table pages by RCU instead of semi RCU testing commit fab0301943b37da655e2ee0726fcb7e6d8551d05 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: a5461f26bf7ed4ae26768a92cbc2053ef3da543f842aa764173398d2bdf02c55 all runs: OK false negative chance: 0.000 # git bisect good fab0301943b37da655e2ee0726fcb7e6d8551d05 5b29c4156f5801fced2ec504b44ab98f60c480bf is the first bad commit commit 5b29c4156f5801fced2ec504b44ab98f60c480bf Author: Qi Zheng Date: Wed Dec 4 19:09:51 2024 +0800 x86: select ARCH_SUPPORTS_PT_RECLAIM if X86_64 Now, x86 has fully supported the CONFIG_PT_RECLAIM feature, and reclaiming PTE pages is profitable only on 64-bit systems, so select ARCH_SUPPORTS_PT_RECLAIM if X86_64. Link: https://lkml.kernel.org/r/841c1f35478d5354872d307888979c9e20de9c09.1733305182.git.zhengqi.arch@bytedance.com Signed-off-by: Qi Zheng Cc: Dave Hansen Cc: Andy Lutomirski Cc: Peter Zijlstra Cc: Catalin Marinas Cc: David Hildenbrand Cc: David Rientjes Cc: Hugh Dickins Cc: Jann Horn Cc: Lorenzo Stoakes Cc: Matthew Wilcox Cc: Mel Gorman Cc: Muchun Song Cc: Peter Xu Cc: Will Deacon Cc: Zach O'Keefe Signed-off-by: Andrew Morton arch/x86/Kconfig | 1 + 1 file changed, 1 insertion(+) accumulated error probability: 0.00 culprit signature: 7493744b18d6283246ea81107ef9d0817f16aab12554e318b124548c2d3f43fb parent signature: a5461f26bf7ed4ae26768a92cbc2053ef3da543f842aa764173398d2bdf02c55 revisions tested: 21, total time: 11h55m20.739019364s (build: 8h7m0.590275797s, test: 3h20m16.827895489s) first bad commit: 5b29c4156f5801fced2ec504b44ab98f60c480bf x86: select ARCH_SUPPORTS_PT_RECLAIM if X86_64 recipients (to): ["akpm@linux-foundation.org" "linux-kernel@vger.kernel.org" "zhengqi.arch@bytedance.com"] recipients (cc): ["bp@alien8.de" "dave.hansen@linux.intel.com" "hpa@zytor.com" "mingo@redhat.com" "tglx@linutronix.de" "x86@kernel.org"] crash: KASAN: slab-use-after-free Read in move_pages_pte ================================================================== BUG: KASAN: slab-use-after-free in debug_spin_unlock kernel/locking/spinlock_debug.c:100 [inline] BUG: KASAN: slab-use-after-free in do_raw_spin_unlock+0x48c/0x8b0 kernel/locking/spinlock_debug.c:141 Read of size 4 at addr ffff888178c48184 by task syz.2.25/4414 CPU: 1 UID: 0 PID: 4414 Comm: syz.2.25 Not tainted 6.13.0-rc1-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 Call Trace: __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x108/0x280 lib/dump_stack.c:120 print_address_description mm/kasan/report.c:378 [inline] print_report+0x169/0x550 mm/kasan/report.c:489 kasan_report+0x143/0x180 mm/kasan/report.c:602 debug_spin_unlock kernel/locking/spinlock_debug.c:100 [inline] do_raw_spin_unlock+0x48c/0x8b0 kernel/locking/spinlock_debug.c:141 __raw_spin_unlock include/linux/spinlock_api_smp.h:142 [inline] _raw_spin_unlock+0x1e/0x50 kernel/locking/spinlock.c:186 spin_unlock include/linux/spinlock.h:391 [inline] move_pages_pte+0x5a5/0x23e0 mm/userfaultfd.c:1212 move_pages+0x980/0x1010 mm/userfaultfd.c:1754 userfaultfd_move fs/userfaultfd.c:1899 [inline] userfaultfd_ioctl+0x744/0x4e50 fs/userfaultfd.c:2022 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:906 [inline] __se_sys_ioctl+0xab/0x100 fs/ioctl.c:892 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0x8d/0x190 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f2926f7ff19 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f2927d92058 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 00007f2927145fa0 RCX: 00007f2926f7ff19 RDX: 0000000020000080 RSI: 00000000c028aa05 RDI: 0000000000000003 RBP: 00007f2926ff3986 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 0000000000000000 R14: 00007f2927145fa0 R15: 00007ffd9947b448 Allocated by task 4413: kasan_save_stack mm/kasan/common.c:47 [inline] kasan_save_track+0x3f/0x80 mm/kasan/common.c:68 unpoison_slab_object mm/kasan/common.c:319 [inline] __kasan_slab_alloc+0x66/0x80 mm/kasan/common.c:345 kasan_slab_alloc include/linux/kasan.h:250 [inline] slab_post_alloc_hook mm/slub.c:4104 [inline] slab_alloc_node mm/slub.c:4153 [inline] kmem_cache_alloc_noprof+0x1b9/0x410 mm/slub.c:4160 ptlock_alloc+0x1b/0x60 mm/memory.c:7022 ptlock_init include/linux/mm.h:2971 [inline] pagetable_pte_ctor include/linux/mm.h:2998 [inline] __pte_alloc_one_noprof include/asm-generic/pgalloc.h:73 [inline] pte_alloc_one+0xc1/0x3b0 arch/x86/mm/pgtable.c:41 __do_huge_pmd_anonymous_page mm/huge_memory.c:1223 [inline] do_huge_pmd_anonymous_page+0x240/0x8d0 mm/huge_memory.c:1368 create_huge_pmd mm/memory.c:5735 [inline] __handle_mm_fault mm/memory.c:5984 [inline] handle_mm_fault+0xf9b/0x1920 mm/memory.c:6181 do_user_addr_fault arch/x86/mm/fault.c:1338 [inline] handle_page_fault arch/x86/mm/fault.c:1481 [inline] exc_page_fault+0x432/0x7b0 arch/x86/mm/fault.c:1539 asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:623 Freed by task 4415: kasan_save_stack mm/kasan/common.c:47 [inline] kasan_save_track+0x3f/0x80 mm/kasan/common.c:68 kasan_save_free_info+0x40/0x50 mm/kasan/generic.c:576 poison_slab_object mm/kasan/common.c:247 [inline] __kasan_slab_free+0x59/0x70 mm/kasan/common.c:264 kasan_slab_free include/linux/kasan.h:233 [inline] slab_free_hook mm/slub.c:2338 [inline] slab_free mm/slub.c:4598 [inline] kmem_cache_free+0x17e/0x470 mm/slub.c:4700 pagetable_pte_dtor include/linux/mm.h:3009 [inline] ___pte_free_tlb+0x87/0x330 arch/x86/mm/pgtable.c:63 __pte_free_tlb arch/x86/include/asm/pgalloc.h:61 [inline] free_pte+0x11c/0x170 mm/pt_reclaim.c:31 zap_pte_range mm/memory.c:1780 [inline] zap_pmd_range mm/memory.c:1822 [inline] zap_pud_range mm/memory.c:1851 [inline] zap_p4d_range mm/memory.c:1872 [inline] unmap_page_range+0x3dee/0x43c0 mm/memory.c:1893 zap_page_range_single+0x3d2/0x550 mm/memory.c:2018 madvise_dontneed_single_vma mm/madvise.c:859 [inline] madvise_dontneed_free mm/madvise.c:940 [inline] madvise_vma_behavior mm/madvise.c:1270 [inline] madvise_walk_vmas mm/madvise.c:1502 [inline] do_madvise+0x24be/0x3ee0 mm/madvise.c:1689 __do_sys_madvise mm/madvise.c:1705 [inline] __se_sys_madvise mm/madvise.c:1703 [inline] __x64_sys_madvise+0xa1/0xb0 mm/madvise.c:1703 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0x8d/0x190 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f The buggy address belongs to the object at ffff888178c48180 which belongs to the cache page->ptl of size 64 The buggy address is located 4 bytes inside of freed 64-byte region [ffff888178c48180, ffff888178c481c0) The buggy address belongs to the physical page: page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x178c48 anon flags: 0x100000000000000(node=0|zone=2) page_type: f5(slab) raw: 0100000000000000 ffff88810004f780 ffffea0004757380 dead000000000005 raw: 0000000000000000 00000000802a002a 00000000f5000000 0000000000000000 page dumped because: kasan: bad access detected page_owner tracks the page as allocated page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 3126, tgid 3126 (udevd), ts 14068640973, free_ts 14060442946 set_page_owner include/linux/page_owner.h:32 [inline] post_alloc_hook+0x108/0x120 mm/page_alloc.c:1549 prep_new_page mm/page_alloc.c:1557 [inline] get_page_from_freelist+0x3229/0x3370 mm/page_alloc.c:3475 __alloc_frozen_pages_noprof+0x256/0x650 mm/page_alloc.c:4752 alloc_pages_mpol+0x21c/0x460 mm/mempolicy.c:2270 alloc_slab_page mm/slub.c:2408 [inline] allocate_slab+0x8b/0x350 mm/slub.c:2574 new_slab mm/slub.c:2627 [inline] ___slab_alloc+0x9ff/0x1130 mm/slub.c:3815 __slab_alloc mm/slub.c:3905 [inline] __slab_alloc_node mm/slub.c:3980 [inline] slab_alloc_node mm/slub.c:4141 [inline] kmem_cache_alloc_noprof+0x279/0x410 mm/slub.c:4160 ptlock_alloc+0x1b/0x60 mm/memory.c:7022 ptlock_init include/linux/mm.h:2971 [inline] pagetable_pte_ctor include/linux/mm.h:2998 [inline] __pte_alloc_one_noprof include/asm-generic/pgalloc.h:73 [inline] pte_alloc_one+0xc1/0x3b0 arch/x86/mm/pgtable.c:41 __pte_alloc+0x71/0x200 mm/memory.c:446 copy_pte_range mm/memory.c:1106 [inline] copy_pmd_range mm/memory.c:1261 [inline] copy_pud_range+0x5299/0x5880 mm/memory.c:1298 copy_p4d_range mm/memory.c:1322 [inline] copy_page_range+0x52e/0x7c0 mm/memory.c:1420 dup_mmap kernel/fork.c:751 [inline] dup_mm kernel/fork.c:1695 [inline] copy_mm+0xf6a/0x1a70 kernel/fork.c:1744 copy_process+0x1194/0x3350 kernel/fork.c:2395 kernel_clone+0x195/0x720 kernel/fork.c:2807 __do_sys_clone kernel/fork.c:2950 [inline] __se_sys_clone kernel/fork.c:2934 [inline] __x64_sys_clone+0x253/0x2a0 kernel/fork.c:2934 page last free pid 16 tgid 16 stack trace: reset_page_owner include/linux/page_owner.h:25 [inline] free_pages_prepare mm/page_alloc.c:1127 [inline] free_frozen_pages+0xc15/0xe90 mm/page_alloc.c:2658 __folio_put+0x234/0x2c0 mm/swap.c:112 __tlb_remove_table arch/x86/include/asm/tlb.h:34 [inline] __tlb_remove_table_free mm/mmu_gather.c:227 [inline] tlb_remove_table_rcu+0x5e/0xc0 mm/mmu_gather.c:282 rcu_do_batch kernel/rcu/tree.c:2567 [inline] rcu_core+0xcb3/0x1630 kernel/rcu/tree.c:2823 handle_softirqs+0x1ba/0x580 kernel/softirq.c:554 run_ksoftirqd+0x28/0x40 kernel/softirq.c:943 smpboot_thread_fn+0x578/0x7f0 kernel/smpboot.c:164 kthread+0x268/0x2c0 kernel/kthread.c:389 ret_from_fork+0x32/0x60 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 Memory state around the buggy address: ffff888178c48080: 00 00 00 00 fc fc fc fc fa fb fb fb fb fb fb fb ffff888178c48100: fc fc fc fc fa fb fb fb fb fb fb fb fc fc fc fc >ffff888178c48180: fa fb fb fb fb fb fb fb fc fc fc fc fa fb fb fb ^ ffff888178c48200: fb fb fb fb fc fc fc fc fa fb fb fb fb fb fb fb ffff888178c48280: fc fc fc fc 00 00 00 00 00 00 00 00 fc fc fc fc ==================================================================