bisecting cause commit starting from 612ab8ad64140f0f291d7baae45982ce7119839a building syzkaller on abf9ba4fc75d9b29af15625d44dcfc1360fad3b7 testing commit 612ab8ad64140f0f291d7baae45982ce7119839a with gcc (GCC) 8.1.0 kernel signature: 06dca0becdfde9c5cac746ea600e81dd95598d29220cd7b0f4171436ed82ebe7 run #0: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_deactivate_cell run #1: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_manage_cell run #2: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_manage_cell run #3: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_deactivate_cell run #4: crashed: general protection fault in afs_proc_cell_setup run #5: crashed: general protection fault in afs_deactivate_cell run #6: crashed: WARNING in __proc_create run #7: crashed: WARNING in __proc_create run #8: crashed: general protection fault in afs_proc_cell_setup run #9: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_manage_cell testing release v5.8 testing commit bcf876870b95592b52519ed4aafcf9d95999bc9c with gcc (GCC) 8.1.0 kernel signature: 87c07c5966832cba4c74430a830e931eca54c9b02bfe6fc3a290057ba04b4140 run #0: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_manage_cell run #1: crashed: WARNING in __proc_create run #2: crashed: kernel BUG at fs/afs/cell.c:LINE! run #3: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_manage_cell run #4: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_manage_cell run #5: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_manage_cell run #6: crashed: BUG: unable to handle kernel paging request in afs_proc_cell_setup run #7: crashed: WARNING in __xlate_proc_name run #8: crashed: INFO: rcu detected stall in sys_mount run #9: OK testing release v5.7 testing commit 3d77e6a8804abcc0504c904bd6e5cdf3a5cf8162 with gcc (GCC) 8.1.0 kernel signature: 531c1121517ec94618bee695efdd37b90d625686bc9cb283819094a058d82a99 run #0: crashed: KASAN: use-after-free Read in __proc_create run #1: crashed: KASAN: use-after-free Read in afs_deactivate_cell run #2: crashed: KASAN: use-after-free Write in afs_manage_cell run #3: crashed: KASAN: use-after-free Write in afs_manage_cell run #4: crashed: KASAN: use-after-free Read in afs_deactivate_cell run #5: crashed: KASAN: use-after-free Write in afs_manage_cell run #6: crashed: KASAN: use-after-free Read in afs_deactivate_cell run #7: crashed: KASAN: use-after-free Write in afs_manage_cell run #8: crashed: KASAN: use-after-free Read in fscache_alloc_cookie run #9: crashed: KASAN: use-after-free Write in afs_manage_cell testing release v5.6 testing commit 7111951b8d4973bda27ff663f2cf18b663d15b48 with gcc (GCC) 8.1.0 kernel signature: 2a69b009490e8204d8b627bd598f641dd159c2a3152e5d19313a2c5e7115dd8c run #0: crashed: KASAN: use-after-free Write in afs_manage_cell run #1: crashed: WARNING: ODEBUG bug in __do_softirq run #2: crashed: KASAN: use-after-free Read in afs_deactivate_cell run #3: crashed: KASAN: use-after-free Write in afs_manage_cell run #4: crashed: KASAN: use-after-free Write in afs_deactivate_cell run #5: crashed: KASAN: use-after-free Read in afs_deactivate_cell run #6: crashed: KASAN: use-after-free Read in fscache_alloc_cookie run #7: crashed: INFO: rcu detected stall in corrupted run #8: crashed: INFO: rcu detected stall in sys_mount run #9: boot failed: can't ssh into the instance testing release v5.5 testing commit d5226fa6dbae0569ee43ecfc08bdcd6770fc4755 with gcc (GCC) 8.1.0 kernel signature: 367d776a28eb2582142fa52d7a90d6fd0ed40c9cebf6fc17e1000ac532d49a7f run #0: crashed: KASAN: use-after-free Read in afs_deactivate_cell run #1: crashed: KASAN: use-after-free Write in afs_manage_cell run #2: crashed: KASAN: use-after-free Write in afs_manage_cell run #3: crashed: KASAN: use-after-free Write in afs_deactivate_cell run #4: crashed: WARNING: ODEBUG bug in __do_softirq run #5: crashed: KASAN: use-after-free Write in afs_manage_cell run #6: crashed: KASAN: use-after-free Write in afs_manage_cell run #7: crashed: KASAN: use-after-free Read in __proc_create run #8: crashed: KASAN: use-after-free Read in afs_deactivate_cell run #9: crashed: KASAN: use-after-free Write in afs_manage_cell testing release v5.4 testing commit 219d54332a09e8d8741c1e1982f5eae56099de85 with gcc (GCC) 8.1.0 kernel signature: a169bfaf3205565fbafce57bbd2aede5094b8a0a589141db22120b9cb80df389 run #0: crashed: KASAN: use-after-free Write in afs_manage_cell run #1: crashed: KASAN: use-after-free Write in afs_manage_cell run #2: crashed: KASAN: use-after-free Write in afs_deactivate_cell run #3: crashed: KASAN: use-after-free Write in afs_manage_cell run #4: crashed: KASAN: use-after-free Write in afs_manage_cell run #5: crashed: KASAN: use-after-free Write in afs_manage_cell run #6: crashed: KASAN: use-after-free Write in afs_manage_cell run #7: crashed: KASAN: use-after-free Write in afs_manage_cell run #8: crashed: KASAN: use-after-free Read in fscache_alloc_cookie run #9: crashed: KASAN: use-after-free Write in afs_manage_cell testing release v5.3 testing commit 4d856f72c10ecb060868ed10ff1b1453943fc6c8 with gcc (GCC) 8.1.0 kernel signature: f82087bf8d4663328264da2917ec3d0daf24debf3a9ec0c64aa2f3783fde7bdb run #0: crashed: KASAN: use-after-free Read in afs_deactivate_cell run #1: crashed: KASAN: use-after-free Write in afs_manage_cell run #2: crashed: KASAN: use-after-free Read in afs_deactivate_cell run #3: crashed: KASAN: use-after-free Write in afs_manage_cell run #4: crashed: KASAN: use-after-free Write in afs_manage_cell run #5: crashed: KASAN: use-after-free Write in afs_deactivate_cell run #6: crashed: KASAN: use-after-free Write in afs_deactivate_cell run #7: crashed: KASAN: use-after-free Write in afs_manage_cell run #8: crashed: KASAN: use-after-free Read in fscache_alloc_cookie run #9: crashed: KASAN: use-after-free Read in afs_deactivate_cell testing release v5.2 testing commit 0ecfebd2b52404ae0c54a878c872bb93363ada36 with gcc (GCC) 8.1.0 kernel signature: bf06d1028287788398ff320ab4e7cf1293515307111b54325ebfd6df12c1d1e6 run #0: crashed: KASAN: use-after-free Write in afs_manage_cell run #1: crashed: WARNING: ODEBUG bug in afs_cell_destroy run #2: crashed: KASAN: use-after-free Write in afs_manage_cell run #3: crashed: KASAN: use-after-free Write in afs_deactivate_cell run #4: crashed: KASAN: use-after-free Write in afs_manage_cell run #5: crashed: KASAN: use-after-free Write in afs_manage_cell run #6: crashed: KASAN: use-after-free Write in afs_deactivate_cell run #7: crashed: KASAN: use-after-free Write in afs_deactivate_cell run #8: crashed: KASAN: use-after-free Read in fscache_alloc_cookie run #9: crashed: INFO: rcu detected stall in corrupted testing release v5.1 testing commit e93c9c99a629c61837d5a7fc2120cd2b6c70dbdd with gcc (GCC) 8.1.0 kernel signature: 87a34f7fd613cdf32c3764dc3baf23ca1ebfa1f76c5fe314f1d00c65071bb7bf run #0: crashed: KASAN: use-after-free Read in __proc_create run #1: crashed: KASAN: use-after-free Write in afs_deactivate_cell run #2: crashed: KASAN: use-after-free Read in __proc_create run #3: crashed: KASAN: use-after-free Write in afs_manage_cell run #4: crashed: KASAN: use-after-free Write in afs_manage_cell run #5: crashed: WARNING: proc registration bug in afs_manage_cell run #6: crashed: KASAN: use-after-free Read in afs_manage_cell run #7: crashed: KASAN: use-after-free Write in afs_deactivate_cell run #8: crashed: KASAN: use-after-free Write in afs_manage_cell run #9: crashed: KASAN: use-after-free Write in afs_manage_cell testing release v5.0 testing commit 1c163f4c7b3f621efff9b28a47abb36f7378d783 with gcc (GCC) 8.1.0 kernel signature: d6d6ce39f90ad8cee2b518752680848996b30e95b77020644cd06cafd1c053f2 all runs: OK # git bisect start e93c9c99a629c61837d5a7fc2120cd2b6c70dbdd 1c163f4c7b3f621efff9b28a47abb36f7378d783 Bisecting: 7074 revisions left to test after this (roughly 13 steps) [b5dd0c658c31b469ccff1b637e5124851e7a4a1c] Merge branch 'akpm' (patches from Andrew) testing commit b5dd0c658c31b469ccff1b637e5124851e7a4a1c with gcc (GCC) 8.1.0 kernel signature: 00a8c940a474a407cb63f882a946677027dcd2ad4fb6657e7f66d3f17ca50c1a all runs: OK # git bisect good b5dd0c658c31b469ccff1b637e5124851e7a4a1c Bisecting: 3573 revisions left to test after this (roughly 12 steps) [4f0237062ca70c8e34e16e518aee4b84c30d1832] Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input testing commit 4f0237062ca70c8e34e16e518aee4b84c30d1832 with gcc (GCC) 8.1.0 kernel signature: dd4ff20fcc0eb01beeaa345bc130aafe41a1682a15d9958d04d5ee0bf03460bf run #0: crashed: WARNING: proc registration bug in afs_manage_cell run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect bad 4f0237062ca70c8e34e16e518aee4b84c30d1832 Bisecting: 1707 revisions left to test after this (roughly 11 steps) [80201fe175cbf7f3e372f53eba0a881a702ad926] Merge tag 'for-5.1/block-20190302' of git://git.kernel.dk/linux-block testing commit 80201fe175cbf7f3e372f53eba0a881a702ad926 with gcc (GCC) 8.1.0 kernel signature: 628699124a92155dd77018e812092816f449b716373550b25357e448a7e2d4d8 all runs: OK # git bisect good 80201fe175cbf7f3e372f53eba0a881a702ad926 Bisecting: 775 revisions left to test after this (roughly 10 steps) [a50243b1ddcdd766d0d17fbfeeb1a22e62fdc461] Merge tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma testing commit a50243b1ddcdd766d0d17fbfeeb1a22e62fdc461 with gcc (GCC) 8.1.0 kernel signature: c80d954c0ea27275b2db1d25acfbd31572f4796e0953becd34bf885e34674655 all runs: OK # git bisect good a50243b1ddcdd766d0d17fbfeeb1a22e62fdc461 Bisecting: 410 revisions left to test after this (roughly 9 steps) [b7a7d1c1ec688104fdc922568c26395a756f616d] Merge tag 'dma-mapping-5.1' of git://git.infradead.org/users/hch/dma-mapping testing commit b7a7d1c1ec688104fdc922568c26395a756f616d with gcc (GCC) 8.1.0 kernel signature: 1d99a8988030946a360a6ecf7e76f5e29ba38f46787da51b2e499534ca8e40cf all runs: OK # git bisect good b7a7d1c1ec688104fdc922568c26395a756f616d Bisecting: 217 revisions left to test after this (roughly 8 steps) [c3665a6be5de16cf6670a00003642114c44d8a70] Merge branch 'next-integrity' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security testing commit c3665a6be5de16cf6670a00003642114c44d8a70 with gcc (GCC) 8.1.0 kernel signature: 9955277447f00a26c27b2b9c06b6eb409d43cae8f7e70dd3ef9326a164adadbf all runs: OK # git bisect good c3665a6be5de16cf6670a00003642114c44d8a70 Bisecting: 137 revisions left to test after this (roughly 7 steps) [ffd602eb4693bbb49b301fa059b109bbdebf9524] Merge tag 'kbuild-v5.1' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild testing commit ffd602eb4693bbb49b301fa059b109bbdebf9524 with gcc (GCC) 8.1.0 kernel signature: 86017a6641d89fd214f7e13371eefe30443ff5b8e1fe3ec015638a767ddbd22e all runs: OK # git bisect good ffd602eb4693bbb49b301fa059b109bbdebf9524 Bisecting: 68 revisions left to test after this (roughly 6 steps) [1039c6e1936ef2be0f342bd56fcf0fb25c1df5fe] net: keep refcount warning in reqsk_free() testing commit 1039c6e1936ef2be0f342bd56fcf0fb25c1df5fe with gcc (GCC) 8.1.0 kernel signature: 48aa2f2ab832ed3053e2d389204ae2ec472b03c4998c771577731fc2e9287829 all runs: OK # git bisect good 1039c6e1936ef2be0f342bd56fcf0fb25c1df5fe Bisecting: 34 revisions left to test after this (roughly 5 steps) [4958891764749304ac1511f6140ae3888c088e23] Input: ili210x - add ILI251X support testing commit 4958891764749304ac1511f6140ae3888c088e23 with gcc (GCC) 8.1.0 kernel signature: c3c5b8b0eb9bc4386cf3c7bc26b785bb22f1f3bb318b519e55bb9adfc8d5801b all runs: OK # git bisect good 4958891764749304ac1511f6140ae3888c088e23 Bisecting: 17 revisions left to test after this (roughly 4 steps) [65e91e2845b5b8965f21a856e1e0ad70c6522ce7] Merge branch 'next' into for-linus testing commit 65e91e2845b5b8965f21a856e1e0ad70c6522ce7 with gcc (GCC) 8.1.0 kernel signature: 411ae0f2d11e39292b5e798c2a550ad10bfc993703661d41223cba72994c0953 all runs: OK # git bisect good 65e91e2845b5b8965f21a856e1e0ad70c6522ce7 Bisecting: 10 revisions left to test after this (roughly 3 steps) [8f49a658b4ea1d0205068da76b7c8c844817dc44] Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net testing commit 8f49a658b4ea1d0205068da76b7c8c844817dc44 with gcc (GCC) 8.1.0 kernel signature: 00d27a0db7b0199efe3eb44be1d0c9c909ed9230a42c054341797dc4ee62c8ba all runs: OK # git bisect good 8f49a658b4ea1d0205068da76b7c8c844817dc44 Bisecting: 5 revisions left to test after this (roughly 3 steps) [bc119dd954ba172554b4cc49db249c4fb62701e6] Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/ide testing commit bc119dd954ba172554b4cc49db249c4fb62701e6 with gcc (GCC) 8.1.0 kernel signature: d9c166ec95ca2a24d4bc42c35386b57960609562fa4a4878489592f9d5dbabb9 run #0: crashed: WARNING: proc registration bug in afs_manage_cell run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect bad bc119dd954ba172554b4cc49db249c4fb62701e6 Bisecting: 2 revisions left to test after this (roughly 1 step) [498b58944c4ea227e4b43d56814c1fadf9b78438] ide: hpt366: mark expected switch fall-throughs testing commit 498b58944c4ea227e4b43d56814c1fadf9b78438 with gcc (GCC) 8.1.0 kernel signature: d38bcc000abf80329965e75d7a8ceda2c7e49a8afacb389630042d231cc42b5e all runs: OK # git bisect good 498b58944c4ea227e4b43d56814c1fadf9b78438 Bisecting: 0 revisions left to test after this (roughly 1 step) [dc5c37736d16ec90559888fb4c974977fc8ed1ca] drivers: ide: Kconfig: pedantic formatting testing commit dc5c37736d16ec90559888fb4c974977fc8ed1ca with gcc (GCC) 8.1.0 kernel signature: c7f78fe4f6143b8dbcfc027a3252da6ecef7d6e7b7178d01ed5f9b9d6441ab4d all runs: OK # git bisect good dc5c37736d16ec90559888fb4c974977fc8ed1ca bc119dd954ba172554b4cc49db249c4fb62701e6 is the first bad commit commit bc119dd954ba172554b4cc49db249c4fb62701e6 Merge: 8f49a658b4ea dc5c37736d16 Author: Linus Torvalds Date: Mon Mar 11 09:34:00 2019 -0700 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/ide Pull IDE updates from David Miller: "Nothing super exciting as usual: 1) Switch fallthrus from Gustavo A. R. Silva 2) Kconfig formatting cleanup from Enrico Weigelt 3) OF interface adjustment from Rob Herring" * git://git.kernel.org/pub/scm/linux/kernel/git/davem/ide: drivers: ide: Kconfig: pedantic formatting ide: mark expected switch fall-through ide: hpt366: mark expected switch fall-throughs ide: Use of_node_name_eq for node name comparisons drivers/ide/Kconfig | 26 +++++++++++++------------- drivers/ide/hpt366.c | 4 ++-- drivers/ide/ide-floppy.c | 2 +- 3 files changed, 16 insertions(+), 16 deletions(-) revisions tested: 24, total time: 6h21m37.207095956s (build: 2h27m49.412400477s, test: 3h50m44.659914218s) first bad commit: bc119dd954ba172554b4cc49db249c4fb62701e6 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/ide recipients (to): ["torvalds@linux-foundation.org"] recipients (cc): [] crash: WARNING: proc registration bug in afs_manage_cell ------------[ cut here ]------------ proc_dir_entry 'afs/üçn¸]ü[o' already registered WARNING: CPU: 0 PID: 25676 at fs/proc/generic.c:360 proc_register+0x2c3/0x490 fs/proc/generic.c:359 Kernel panic - not syncing: panic_on_warn set ... CPU: 0 PID: 25676 Comm: kworker/0:2 Not tainted 5.0.0-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: afs afs_manage_cell Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x165/0x21a lib/dump_stack.c:113 panic+0x212/0x40b kernel/panic.c:214 __warn.cold.7+0x1b/0x38 kernel/panic.c:571 report_bug+0x1a4/0x200 lib/bug.c:186 fixup_bug arch/x86/kernel/traps.c:179 [inline] do_error_trap+0x11b/0x200 arch/x86/kernel/traps.c:272 do_invalid_op+0x36/0x40 arch/x86/kernel/traps.c:291 invalid_op+0x14/0x20 arch/x86/entry/entry_64.S:973 RIP: 0010:proc_register+0x2c3/0x490 fs/proc/generic.c:359 Code: 00 00 fc ff df 48 89 f9 48 c1 e9 03 80 3c 01 00 0f 85 c1 01 00 00 49 8b b4 24 d0 00 00 00 48 c7 c7 e0 89 55 87 e8 80 a8 7f ff <0f> 0b 48 c7 c7 40 bc 86 88 e8 4f a8 2e 05 4c 89 ea 48 b8 00 00 00 RSP: 0018:ffff888093a2fa88 EFLAGS: 00010282 RAX: 0000000000000000 RBX: ffffed10118efb0b RCX: 0000000000000000 RDX: 0000000000000004 RSI: 0000000000000008 RDI: ffffffff8a3ced20 RBP: ffff888093a2fad8 R08: ffffed1015d03ef9 R09: ffffed1015d03ef8 R10: ffffed1015d03ef8 R11: ffff8880ae81f7c7 R12: ffff88809a90fac0 R13: ffff88808c77d80c R14: ffff88808c77d850 R15: ffff88808c77d780 proc_mkdir_data+0x140/0x230 fs/proc/generic.c:475 proc_net_mkdir include/linux/proc_fs.h:124 [inline] afs_proc_cell_setup+0x92/0x170 fs/afs/proc.c:613 afs_activate_cell fs/afs/cell.c:554 [inline] afs_manage_cell+0x42f/0xe50 fs/afs/cell.c:634 process_one_work+0x7b9/0x15e0 kernel/workqueue.c:2269 worker_thread+0x85/0xb60 kernel/workqueue.c:2415 kthread+0x324/0x3e0 kernel/kthread.c:253 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:352 Kernel Offset: disabled Rebooting in 86400 seconds..