bisecting cause commit starting from c0842fbc1b18c7a044e6ff3e8fa78bfa822c7d1a building syzkaller on 80a0690249dc4dbbbed95ba197192b99c73694c5 testing commit c0842fbc1b18c7a044e6ff3e8fa78bfa822c7d1a with gcc (GCC) 8.1.0 kernel signature: 524eb268f1591f321434cab3a498b462b9bd831e9eeaf6b8a224de68ad199161 all runs: crashed: WARNING: refcount bug in l2cap_global_chan_by_psm testing release v5.8 testing commit bcf876870b95592b52519ed4aafcf9d95999bc9c with gcc (GCC) 8.1.0 kernel signature: 0fc27a297a5f05f4fb170534bbf46835c345a3721ae2cad92493779c4c685bba all runs: crashed: WARNING: refcount bug in l2cap_global_chan_by_psm testing release v5.7 testing commit 3d77e6a8804abcc0504c904bd6e5cdf3a5cf8162 with gcc (GCC) 8.1.0 kernel signature: 363c2c6432f6a23f194e384500b78122effe82b4b21a1947e26d0a0a2d17bcbb all runs: crashed: WARNING: refcount bug in l2cap_global_chan_by_psm testing release v5.6 testing commit 7111951b8d4973bda27ff663f2cf18b663d15b48 with gcc (GCC) 8.1.0 kernel signature: 9e7cd43230f474d7b01389f3e115545d24893180189236fe2484f3ff00a55b96 all runs: crashed: WARNING: refcount bug in l2cap_global_chan_by_psm testing release v5.5 testing commit d5226fa6dbae0569ee43ecfc08bdcd6770fc4755 with gcc (GCC) 8.1.0 kernel signature: 51659ae5c4244a962922b4ad15ddcd12a233faa451f7262d81684031eaffdb56 all runs: crashed: WARNING: refcount bug in l2cap_global_chan_by_psm testing release v5.4 testing commit 219d54332a09e8d8741c1e1982f5eae56099de85 with gcc (GCC) 8.1.0 kernel signature: dcb5a23aa7b86445647d310d9059bcc7fbc977a7d6ecdca8970e09c5eac22a83 all runs: crashed: BUG: corrupted list in l2cap_chan_destroy testing release v5.3 testing commit 4d856f72c10ecb060868ed10ff1b1453943fc6c8 with gcc (GCC) 8.1.0 kernel signature: d67471c871ab46c615b0a8ec91608e2380a1772b0e3a4032d685334428550da9 all runs: crashed: BUG: corrupted list in l2cap_chan_put testing release v5.2 testing commit 0ecfebd2b52404ae0c54a878c872bb93363ada36 with gcc (GCC) 8.1.0 kernel signature: d518d047b2162542f0fa2ebb980bb87c9b11917534873c6a6e15691c74917416 run #0: crashed: KASAN: use-after-free Read in l2cap_sock_release run #1: crashed: BUG: corrupted list in l2cap_chan_put run #2: crashed: BUG: corrupted list in l2cap_chan_put run #3: crashed: BUG: corrupted list in l2cap_chan_put run #4: crashed: BUG: corrupted list in l2cap_chan_put run #5: crashed: BUG: corrupted list in l2cap_chan_put run #6: crashed: BUG: corrupted list in l2cap_chan_put run #7: crashed: BUG: corrupted list in l2cap_chan_put run #8: crashed: BUG: corrupted list in l2cap_chan_put run #9: crashed: BUG: corrupted list in l2cap_chan_put testing release v5.1 testing commit e93c9c99a629c61837d5a7fc2120cd2b6c70dbdd with gcc (GCC) 8.1.0 kernel signature: 1b6cf432be3ba05917b848243efecb7eadfb567dbf68756d9b9241f7b5a3d217 all runs: crashed: BUG: corrupted list in l2cap_chan_put testing release v5.0 testing commit 1c163f4c7b3f621efff9b28a47abb36f7378d783 with gcc (GCC) 8.1.0 kernel signature: 0b5807d7eb07400296cb7e0136ed61552215e11371552d77c09a1fe56e40ae72 run #0: crashed: BUG: corrupted list in l2cap_chan_put run #1: crashed: BUG: corrupted list in l2cap_chan_put run #2: crashed: BUG: corrupted list in l2cap_chan_put run #3: crashed: BUG: corrupted list in l2cap_chan_put run #4: crashed: BUG: corrupted list in l2cap_chan_put run #5: crashed: BUG: corrupted list in l2cap_chan_put run #6: crashed: KASAN: use-after-free Read in l2cap_chan_put run #7: crashed: BUG: corrupted list in l2cap_chan_put run #8: crashed: KASAN: use-after-free Read in l2cap_chan_put run #9: crashed: BUG: corrupted list in l2cap_chan_put testing release v4.20 testing commit 8fe28cb58bcb235034b64cbbb7550a8a43fd88be with gcc (GCC) 8.1.0 kernel signature: b675a41e48af9da321f530e7abdc457df5c3843b85483250d0d33a7a83d600ab all runs: crashed: BUG: corrupted list in l2cap_chan_put testing release v4.19 testing commit 84df9525b0c27f3ebc2ebb1864fa62a97fdedb7d with gcc (GCC) 8.1.0 kernel signature: ab6cc7765890bdf1c99fb73e3f56811ea73ccc75782d30be6d38277c39e4512c all runs: crashed: BUG: corrupted list in l2cap_chan_put testing release v4.18 testing commit 94710cac0ef4ee177a63b5227664b38c95bbf703 with gcc (GCC) 8.1.0 kernel signature: c120386542e1c787d2a916a33e7739dda5812aed495ad1c165fd08740ef3e55d run #0: crashed: BUG: corrupted list in l2cap_chan_put run #1: crashed: BUG: corrupted list in l2cap_chan_put run #2: crashed: BUG: corrupted list in l2cap_chan_put run #3: crashed: BUG: corrupted list in l2cap_chan_put run #4: crashed: BUG: corrupted list in l2cap_chan_put run #5: crashed: KASAN: use-after-free Read in l2cap_chan_put run #6: crashed: BUG: corrupted list in l2cap_chan_put run #7: crashed: KASAN: use-after-free Read in l2cap_chan_put run #8: crashed: BUG: corrupted list in l2cap_chan_put run #9: crashed: BUG: corrupted list in l2cap_chan_put testing release v4.17 testing commit 29dcea88779c856c7dc92040a0c01233263101d4 with gcc (GCC) 8.1.0 kernel signature: ef6ce6b4b024c93f84aa22c5d68c85d43e85b9d44dd92ad57b1a838336437098 all runs: crashed: BUG: corrupted list in l2cap_chan_put testing release v4.16 testing commit 0adb32858b0bddf4ada5f364a84ed60b196dbcda with gcc (GCC) 8.1.0 kernel signature: eb5475a71053b014b95aa514b7b789dffd2c7cac0b854b50e0b1666cc5b3759d all runs: crashed: BUG: corrupted list in l2cap_chan_put testing release v4.15 testing commit d8a5b80568a9cb66810e75b182018e9edb68e8ff with gcc (GCC) 8.1.0 kernel signature: adb2d7bf8ab323d23e86f65891468553573d642689b3ef70d437a4e50c5571b6 all runs: crashed: BUG: corrupted list in l2cap_chan_put testing release v4.14 testing commit bebc6082da0a9f5d47a1ea2edc099bf671058bd4 with gcc (GCC) 8.1.0 kernel signature: 46b7ea049f8dae82f2a13daf1d5a574317a859baa7aa7c5348e8201cda901431 run #0: crashed: BUG: corrupted list in l2cap_chan_put run #1: crashed: BUG: corrupted list in l2cap_chan_put run #2: crashed: BUG: corrupted list in l2cap_chan_put run #3: crashed: BUG: corrupted list in l2cap_chan_put run #4: crashed: BUG: corrupted list in l2cap_chan_put run #5: crashed: BUG: corrupted list in l2cap_chan_put run #6: crashed: BUG: corrupted list in l2cap_chan_put run #7: crashed: BUG: corrupted list in l2cap_chan_put run #8: crashed: KASAN: use-after-free Read in l2cap_chan_put run #9: crashed: BUG: corrupted list in l2cap_chan_put testing release v4.13 testing commit 569dbb88e80deb68974ef6fdd6a13edb9d686261 with gcc (GCC) 8.1.0 kernel signature: feeba8667f856f5c3a5a07c81c9533fc9f4ecaf50fe86ace3294b20671f300b5 run #0: crashed: BUG: corrupted list in l2cap_chan_put run #1: crashed: BUG: corrupted list in l2cap_chan_put run #2: crashed: BUG: corrupted list in l2cap_chan_put run #3: crashed: BUG: corrupted list in l2cap_chan_put run #4: crashed: BUG: corrupted list in l2cap_chan_put run #5: crashed: BUG: corrupted list in l2cap_chan_put run #6: crashed: BUG: corrupted list in l2cap_chan_put run #7: crashed: BUG: corrupted list in l2cap_chan_put run #8: crashed: BUG: corrupted list in l2cap_chan_put run #9: crashed: KASAN: use-after-free Read in l2cap_chan_put testing release v4.12 testing commit 6f7da290413ba713f0cdd9ff1a2a9bb129ef4f6c with gcc (GCC) 8.1.0 kernel signature: 543d646afacd1359671a8a6ca1a19e9677fba1ae11618149efc504525fcf6fd4 all runs: crashed: BUG: sleeping function called from invalid context in tap_get_minor testing release v4.11 testing commit a351e9b9fc24e982ec2f0e76379a49826036da12 with gcc (GCC) 7.3.0 kernel signature: 654d359903fd8e298279879bafd8c37c8d33127047ee1f9fa0ec5a1185ab7ad7 all runs: crashed: BUG: sleeping function called from invalid context in tap_get_minor testing release v4.10 testing commit c470abd4fde40ea6a0846a2beab642a578c0b8cd with gcc (GCC) 5.5.0 kernel signature: 50592acedde2df078e5f530f8f248c9d57f16d142bfe6fdd14c21c75924c31c8 all runs: crashed: WARNING in l2cap_chan_hold testing release v4.9 testing commit 69973b830859bc6529a7a0468ba0d80ee5117826 with gcc (GCC) 5.5.0 kernel signature: 2c77e9fd1b6f3000165711cbf8e3ea0877d04e628f7d946f140d309158d9b373 all runs: OK # git bisect start c470abd4fde40ea6a0846a2beab642a578c0b8cd 69973b830859bc6529a7a0468ba0d80ee5117826 Bisecting: 7099 revisions left to test after this (roughly 13 steps) [f4000cd99750065d5177555c0a805c97174d1b9f] Merge tag 'arm64-upstream' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux testing commit f4000cd99750065d5177555c0a805c97174d1b9f with gcc (GCC) 5.5.0 kernel signature: ca082ae186c94ca32234d74ef119c655390fb54523eb4c433661089bb2430154 run #0: boot failed: WARNING: unrecognized kernel stack return address ADDR at ADDR in systemd-udevd:LINE run #1: boot failed: can't ssh into the instance run #2: boot failed: can't ssh into the instance run #3: boot failed: can't ssh into the instance run #4: boot failed: can't ssh into the instance run #5: boot failed: can't ssh into the instance run #6: boot failed: can't ssh into the instance run #7: boot failed: can't ssh into the instance run #8: boot failed: can't ssh into the instance run #9: boot failed: can't ssh into the instance # git bisect skip f4000cd99750065d5177555c0a805c97174d1b9f Bisecting: 7099 revisions left to test after this (roughly 13 steps) [ab1effc09519f3bb4b84dd6d8276cedf07b17a1b] staging: ks7010: Add blank line after declarations testing commit ab1effc09519f3bb4b84dd6d8276cedf07b17a1b with gcc (GCC) 5.5.0 kernel signature: 2baa743c49409f85bbcf68e1eb5e281ea12fc24b62158ed6387b135d4b84eab2 all runs: OK # git bisect good ab1effc09519f3bb4b84dd6d8276cedf07b17a1b Bisecting: 7022 revisions left to test after this (roughly 13 steps) [09cb6464fe5e7fcd5177911429badd139c4481b7] Merge tag 'for-f2fs-4.10' of git://git.kernel.org/pub/scm/linux/kernel/git/jaegeuk/f2fs testing commit 09cb6464fe5e7fcd5177911429badd139c4481b7 with gcc (GCC) 5.5.0 kernel signature: 42bc787f782b3efdf28e73b867251c3bc7275763aeaaa22a942704972e79d7e3 run #0: basic kernel testing failed: failed to copy test binary to VM: failed to run ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "-i" "/syzkaller/jobs/linux/workdir/image/key" "/syzkaller/jobs/linux/gopath/src/github.com/google/syzkaller/bin/linux_amd64/syz-fuzzer" "root@10.128.10.48:./syz-fuzzer"]: exit status 1 Connection timed out during banner exchange lost connection run #1: basic kernel testing failed: failed to copy test binary to VM: timedout ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "-i" "/syzkaller/jobs/linux/workdir/image/key" "/syzkaller/jobs/linux/gopath/src/github.com/google/syzkaller/bin/linux_amd64/syz-fuzzer" "root@10.128.0.236:./syz-fuzzer"] Warning: Permanently added '10.128.0.236' (ECDSA) to the list of known hosts. run #2: boot failed: can't ssh into the instance run #3: boot failed: can't ssh into the instance run #4: boot failed: can't ssh into the instance run #5: boot failed: WARNING: unrecognized kernel stack return address ADDR at ADDR in systemd-timesyn:LINE run #6: boot failed: can't ssh into the instance run #7: boot failed: can't ssh into the instance run #8: boot failed: WARNING: unrecognized kernel stack return address ADDR at ADDR in systemd-udevd:LINE run #9: boot failed: can't ssh into the instance # git bisect skip 09cb6464fe5e7fcd5177911429badd139c4481b7 Bisecting: 7022 revisions left to test after this (roughly 13 steps) [68226b4dfa9b2e064e2f9e792bf7469f465054c7] [media] dvb-tc90522: Rename a jump label in tc90522_probe() testing commit 68226b4dfa9b2e064e2f9e792bf7469f465054c7 with gcc (GCC) 5.5.0 kernel signature: 4b17356ae16757245c869a027d70ac0adeef98712e7d2184ba9f23e660b0a423 run #0: OK run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: crashed: WARNING in nf_unregister_net_hook run #8: crashed: WARNING in nf_unregister_net_hook run #9: crashed: WARNING in nf_unregister_net_hook # git bisect bad 68226b4dfa9b2e064e2f9e792bf7469f465054c7 Bisecting: 94 revisions left to test after this (roughly 7 steps) [988fcf0c0ea694f6e6ba00fc9eb1c6a2e72edfe8] [media] Add documentation for V4L2_PIX_FMT_VP9 testing commit 988fcf0c0ea694f6e6ba00fc9eb1c6a2e72edfe8 with gcc (GCC) 5.5.0 kernel signature: a80e04dc3e7e18106cab7880fd657d840265e96636e03d712e834f73a9fca8b3 run #0: OK run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: crashed: WARNING in nf_unregister_net_hook run #7: crashed: WARNING in nf_unregister_net_hook run #8: crashed: WARNING in nf_unregister_net_hook run #9: crashed: WARNING in nf_unregister_net_hook # git bisect bad 988fcf0c0ea694f6e6ba00fc9eb1c6a2e72edfe8 Bisecting: 46 revisions left to test after this (roughly 6 steps) [57425dc76d8174e7bfe94a11d089d3feeebb474c] [media] exynos4-is: don't break long lines testing commit 57425dc76d8174e7bfe94a11d089d3feeebb474c with gcc (GCC) 5.5.0 kernel signature: 2b938023cf8c2429b91a1f70af5542c90598a3417e2fb75119ff09f0f44194a2 all runs: OK # git bisect good 57425dc76d8174e7bfe94a11d089d3feeebb474c Bisecting: 23 revisions left to test after this (roughly 5 steps) [68616504573945c24fe8f21466967b0d8a5cabf0] [media] tm6000: don't break long lines testing commit 68616504573945c24fe8f21466967b0d8a5cabf0 with gcc (GCC) 5.5.0 kernel signature: c7525e409dea38cae8e2caee9e7ea94a53278668a1157fe9f58be3ace8d7850f run #0: OK run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: crashed: WARNING in nf_unregister_net_hook # git bisect bad 68616504573945c24fe8f21466967b0d8a5cabf0 Bisecting: 11 revisions left to test after this (roughly 4 steps) [4a58d39075e1e2bc5ca8b379278659d95f072363] [media] b2c2: don't break long lines testing commit 4a58d39075e1e2bc5ca8b379278659d95f072363 with gcc (GCC) 5.5.0 kernel signature: f5d455313bede47b47dbff8363a6f47e584b107b3fc92ebaacec54c0d89e0f4e run #0: OK run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: crashed: WARNING in nf_unregister_net_hook run #8: crashed: WARNING in nf_unregister_net_hook run #9: OK # git bisect bad 4a58d39075e1e2bc5ca8b379278659d95f072363 Bisecting: 4 revisions left to test after this (roughly 3 steps) [637d5ac51380b7021c711e183052b81afb89d160] [media] ti-vpe: don't break long lines testing commit 637d5ac51380b7021c711e183052b81afb89d160 with gcc (GCC) 5.5.0 kernel signature: cf4e9b80a2800d1f587a92af3cd0a8cc1251ebe5f18955a777b652344b0a4b27 all runs: OK # git bisect good 637d5ac51380b7021c711e183052b81afb89d160 Bisecting: 2 revisions left to test after this (roughly 1 step) [3c1e300966d7edc380e405b3ab70b6e3c813a121] [media] si4713: don't break long lines testing commit 3c1e300966d7edc380e405b3ab70b6e3c813a121 with gcc (GCC) 5.5.0 kernel signature: 87aefbba5841511f3be2e5eb46f7a6df62d11e47d11ca2441ead2c62bee0abc1 run #0: OK run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: crashed: WARNING in nf_unregister_net_hook run #9: crashed: WARNING in nf_unregister_net_hook # git bisect bad 3c1e300966d7edc380e405b3ab70b6e3c813a121 Bisecting: 0 revisions left to test after this (roughly 0 steps) [cbfc90809862859a1df6a8b48c7b3c2ac48fdbcd] [media] si470x: don't break long lines testing commit cbfc90809862859a1df6a8b48c7b3c2ac48fdbcd with gcc (GCC) 5.5.0 kernel signature: eb0dba974fd71935cf2199a2fd4d312118a153e08be0d39a02caf6e71dd5481a all runs: OK # git bisect good cbfc90809862859a1df6a8b48c7b3c2ac48fdbcd 3c1e300966d7edc380e405b3ab70b6e3c813a121 is the first bad commit commit 3c1e300966d7edc380e405b3ab70b6e3c813a121 Author: Mauro Carvalho Chehab Date: Tue Oct 18 17:44:12 2016 -0200 [media] si4713: don't break long lines Due to the 80-cols restrictions, and latter due to checkpatch warnings, several strings were broken into multiple lines. This is not considered a good practice anymore, as it makes harder to grep for strings at the source code. As we're right now fixing other drivers due to KERN_CONT, we need to be able to identify what printk strings don't end with a "\n". It is a way easier to detect those if we don't break long lines. So, join those continuation lines. The patch was generated via the script below, and manually adjusted if needed. use Text::Tabs; while (<>) { if ($next ne "") { $c=$_; if ($c =~ /^\s+\"(.*)/) { $c2=$1; $next =~ s/\"\n$//; $n = expand($next); $funpos = index($n, '('); $pos = index($c2, '",'); if ($funpos && $pos > 0) { $s1 = substr $c2, 0, $pos + 2; $s2 = ' ' x ($funpos + 1) . substr $c2, $pos + 2; $s2 =~ s/^\s+//; $s2 = ' ' x ($funpos + 1) . $s2 if ($s2 ne ""); print unexpand("$next$s1\n"); print unexpand("$s2\n") if ($s2 ne ""); } else { print "$next$c2\n"; } $next=""; next; } else { print $next; } $next=""; } else { if (m/\"$/) { if (!m/\\n\"$/) { $next=$_; next; } } } print $_; } Signed-off-by: Mauro Carvalho Chehab drivers/media/radio/si4713/si4713.c | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) culprit signature: 87aefbba5841511f3be2e5eb46f7a6df62d11e47d11ca2441ead2c62bee0abc1 parent signature: eb0dba974fd71935cf2199a2fd4d312118a153e08be0d39a02caf6e71dd5481a revisions tested: 33, total time: 7h9m46.448971685s (build: 2h51m46.686117457s, test: 4h13m53.632495125s) first bad commit: 3c1e300966d7edc380e405b3ab70b6e3c813a121 [media] si4713: don't break long lines recipients (to): ["linux-media@vger.kernel.org" "mchehab@s-opensource.com"] recipients (cc): ["edubezval@gmail.com" "linux-kernel@vger.kernel.org" "mchehab@kernel.org"] crash: WARNING in nf_unregister_net_hook bond0 (unregistering): Releasing backup interface bond_slave_1 bond0 (unregistering): Releasing backup interface bond_slave_0 bond0 (unregistering): Released all slaves ------------[ cut here ]------------ WARNING: CPU: 0 PID: 6888 at net/netfilter/core.c:151 nf_unregister_net_hook+0x28a/0x3c0 net/netfilter/core.c:151 nf_unregister_net_hook: hook not found! Kernel panic - not syncing: panic_on_warn set ... CPU: 0 PID: 6888 Comm: kworker/u4:5 Not tainted 4.9.0-rc1-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: netns cleanup_net ffff880129e37890 ffffffff82d76a92 ffffffff86085f80 ffff880129e37968 ffffffff868b2400 ffffffff84d73d0a 0000000000000009 ffff880129e37958 ffffffff81641ef2 0000000041b58ab3 ffffffff86d6766f ffffffff81641d3c Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0x136/0x1d4 lib/dump_stack.c:51 [] panic+0x1b6/0x358 kernel/panic.c:179 [] __warn+0x18d/0x1b0 kernel/panic.c:542 [] warn_slowpath_fmt+0x92/0xb0 kernel/panic.c:565 [] nf_unregister_net_hook+0x28a/0x3c0 net/netfilter/core.c:151 [] nf_unregister_hook_list net/netfilter/core.c:484 [inline] [] netfilter_net_exit+0x36/0xa0 net/netfilter/core.c:516 [] ops_exit_list.isra.0+0x8e/0x120 net/core/net_namespace.c:136 [] cleanup_net+0x2d0/0x570 net/core/net_namespace.c:449 [] process_one_work+0x67d/0x14d0 kernel/workqueue.c:2096 [] worker_thread+0xe1/0x1050 kernel/workqueue.c:2230 [] kthread+0x20e/0x2d0 kernel/kthread.c:209 [] ret_from_fork+0x2a/0x40 arch/x86/entry/entry_64.S:433 Kernel Offset: disabled