bisecting cause commit starting from 34d4ddd359dbcdf6c5fb3f85a179243d7a1cb7f8 building syzkaller on 409809d8a7c9c775eaea317add40e7a86a1e836c testing commit 34d4ddd359dbcdf6c5fb3f85a179243d7a1cb7f8 with gcc (GCC) 8.1.0 kernel signature: 5c3029f2681380ccd471f93b764ca976b4becf5ee2efa57be90aba449b1468c7 run #0: crashed: PANIC: double fault in __switch_to_asm run #1: crashed: general protection fault in vma_interval_tree_remove run #2: crashed: kernel panic: Fatal exception run #3: crashed: BUG: unable to handle kernel paging request in __count_memcg_events run #4: crashed: WARNING in vmacache_find run #5: crashed: BUG: unable to handle kernel NULL pointer dereference in corrupted run #6: crashed: general protection fault in anon_vma_interval_tree_insert run #7: crashed: BUG: unable to handle kernel NULL pointer dereference in corrupted run #8: crashed: BUG: unable to handle kernel paging request in vma_compute_subtree_gap run #9: crashed: BUG: unable to handle kernel paging request in wait_consider_task testing release v5.8 testing commit bcf876870b95592b52519ed4aafcf9d95999bc9c with gcc (GCC) 8.1.0 kernel signature: 1702dd7a830562c10b4619ef3b07b302e2ca1dff7d142d681c78d6150901dcb4 run #0: crashed: unexpected kernel reboot run #1: crashed: general protection fault in __rb_insert_augmented run #2: crashed: general protection fault in anon_vma_interval_tree_insert run #3: crashed: BUG: Bad page map run #4: crashed: BUG: Bad page map run #5: crashed: general protection fault in wait_consider_task run #6: crashed: BUG: unable to handle kernel paging request in __count_memcg_events run #7: crashed: unexpected kernel reboot run #8: crashed: general protection fault in anon_vma_interval_tree_insert run #9: crashed: general protection fault in anon_vma_interval_tree_insert testing release v5.7 testing commit 3d77e6a8804abcc0504c904bd6e5cdf3a5cf8162 with gcc (GCC) 8.1.0 kernel signature: 8b34ef13f59f57cb1604e07bc590798e7b5c5ae7e29893ddc1ad51c4a1a27de9 run #0: crashed: unexpected kernel reboot run #1: crashed: WARNING in plist_check_prev_next run #2: crashed: kernel panic: stack is corrupted in __schedule run #3: crashed: general protection fault in load_mm_ldt run #4: crashed: unexpected kernel reboot run #5: crashed: KASAN: out-of-bounds Read in __unqueue_futex run #6: crashed: WARNING: refcount bug in rcu_core run #7: crashed: kernel panic: Fatal exception run #8: crashed: BUG: Bad page map run #9: crashed: WARNING: locking bug in put_timespec64 testing release v5.6 testing commit 7111951b8d4973bda27ff663f2cf18b663d15b48 with gcc (GCC) 8.1.0 kernel signature: 12d9ab7808aef5da529a7ec427f44c8200f03f33d13c6ae8fe0f4808d3f3b466 run #0: crashed: kernel BUG at arch/x86/mm/physaddr.c:LINE! run #1: crashed: general protection fault in free_pages_and_swap_cache run #2: crashed: kernel BUG at arch/x86/mm/physaddr.c:LINE! run #3: crashed: kernel BUG at arch/x86/mm/physaddr.c:LINE! run #4: crashed: general protection fault in enqueue_entity run #5: crashed: general protection fault in anon_vma_interval_tree_insert run #6: crashed: general protection fault in anon_vma_interval_tree_insert run #7: crashed: general protection fault in __rb_insert_augmented run #8: crashed: BUG: unable to handle kernel NULL pointer dereference in rcu_core run #9: crashed: no output from test machine testing release v5.5 testing commit d5226fa6dbae0569ee43ecfc08bdcd6770fc4755 with gcc (GCC) 8.1.0 kernel signature: a602ec6799fc6786ccecf913081ea5edc703630739b550e38861b6aa74250db7 run #0: crashed: general protection fault in do_swap_page run #1: crashed: general protection fault in __rb_insert_augmented run #2: crashed: KASAN: wild-memory-access Write in dup_fd run #3: crashed: general protection fault in __switch_to run #4: crashed: general protection fault in wait_consider_task run #5: crashed: general protection fault in anon_vma_interval_tree_insert run #6: crashed: general protection fault in copy_process run #7: crashed: BUG: Bad page map run #8: crashed: general protection fault in mm_update_next_owner run #9: crashed: kernel BUG at arch/x86/mm/physaddr.c:LINE! testing release v5.4 testing commit 219d54332a09e8d8741c1e1982f5eae56099de85 with gcc (GCC) 8.1.0 kernel signature: c0bb9c5051d537b3250b5a7fc7f688b9406433ba40335fda9f2059964ce692f3 run #0: crashed: BUG: Bad page map run #1: crashed: general protection fault in __change_pid run #2: crashed: kernel panic: Fatal exception run #3: crashed: general protection fault in anon_vma_interval_tree_remove run #4: crashed: general protection fault in find_vma run #5: crashed: general protection fault in __x64_sys_nanosleep run #6: crashed: kernel BUG at arch/x86/mm/physaddr.c:LINE! run #7: crashed: BUG: unable to handle kernel paging request in __handle_mm_fault run #8: crashed: INFO: trying to register non-static key in try_to_wake_up run #9: crashed: no output from test machine testing release v5.3 testing commit 4d856f72c10ecb060868ed10ff1b1453943fc6c8 with gcc (GCC) 8.1.0 kernel signature: 1f00917d4edd207c8304e6fb9bfec528673e3c0d3561cca6a90d06895ccb41c8 run #0: crashed: general protection fault in __mmu_notifier_invalidate_range_end run #1: crashed: unexpected kernel reboot run #2: crashed: general protection fault in insert_vmap_area run #3: crashed: BUG: Bad page map run #4: crashed: BUG: unable to handle kernel NULL pointer dereference in corrupted run #5: crashed: general protection fault in anon_vma_interval_tree_insert run #6: crashed: unexpected kernel reboot run #7: crashed: unexpected kernel reboot run #8: crashed: no output from test machine run #9: crashed: no output from test machine testing release v5.2 testing commit 0ecfebd2b52404ae0c54a878c872bb93363ada36 with gcc (GCC) 8.1.0 kernel signature: d15394fce383ef949737c8449ec4eca6c7df900e5ab68a3979710cd0c2964f76 run #0: crashed: general protection fault in try_to_wake_up run #1: crashed: BUG: Bad page map run #2: crashed: general protection fault in anon_vma_interval_tree_insert run #3: crashed: BUG: spinlock bad magic in try_to_wake_up run #4: crashed: BUG: Bad page map run #5: crashed: general protection fault in futex_wake run #6: crashed: BUG: Bad page map run #7: crashed: BUG: corrupted list in tty_write_lock run #8: crashed: kernel BUG at arch/x86/mm/physaddr.c:LINE! run #9: crashed: KASAN: slab-out-of-bounds Read in corrupted testing release v5.1 testing commit e93c9c99a629c61837d5a7fc2120cd2b6c70dbdd with gcc (GCC) 8.1.0 kernel signature: 387e51c63568684e78d979417077b93d57350d645df9dcef9fb85b421faeda95 run #0: crashed: unexpected kernel reboot run #1: crashed: inconsistent lock state in __mutex_lock run #2: crashed: BUG: Bad page map run #3: crashed: BUG: Bad page map run #4: crashed: kernel panic: Fatal exception run #5: crashed: BUG: unable to handle kernel paging request in corrupted run #6: crashed: kernel BUG at arch/x86/mm/physaddr.c:LINE! run #7: crashed: BUG: corrupted list in __unqueue_futex run #8: crashed: kernel BUG at arch/x86/mm/physaddr.c:LINE! run #9: crashed: no output from test machine testing release v5.0 testing commit 1c163f4c7b3f621efff9b28a47abb36f7378d783 with gcc (GCC) 8.1.0 kernel signature: 0f2610a103b94be5c624f3a81f8a27143f45ec721a19adaf1e7f9672aeea767f run #0: crashed: general protection fault in vma_interval_tree_remove run #1: crashed: general protection fault in xas_start run #2: crashed: unexpected kernel reboot run #3: crashed: BUG: unable to handle kernel paging request in kmem_cache_free run #4: crashed: BUG: corrupted list in tty_write_lock run #5: crashed: unexpected kernel reboot run #6: crashed: BUG: spinlock bad magic in calculate_sigpending run #7: crashed: kernel panic: stack is corrupted in __schedule run #8: crashed: unexpected kernel reboot run #9: crashed: no output from test machine testing release v4.20 testing commit 8fe28cb58bcb235034b64cbbb7550a8a43fd88be with gcc (GCC) 8.1.0 kernel signature: 950d9746b7735ee35c5903aac7ae71dd4268cb8601d6d6ee7c9ffe490b06842a run #0: crashed: BUG: unable to handle kernel paging request in corrupted run #1: crashed: general protection fault in anon_vma_interval_tree_insert run #2: crashed: general protection fault in __switch_to run #3: crashed: BUG: corrupted list in tty_write_lock run #4: crashed: kernel panic: stack is corrupted in __schedule run #5: crashed: WARNING: locking bug in __up_console_sem run #6: crashed: unexpected kernel reboot run #7: crashed: general protection fault in anon_vma_interval_tree_insert run #8: crashed: BUG: corrupted list in tty_write_lock run #9: crashed: kernel panic: corrupted stack end in corrupted testing release v4.19 testing commit 84df9525b0c27f3ebc2ebb1864fa62a97fdedb7d with gcc (GCC) 8.1.0 kernel signature: 6159234b78d669b07087962cc4b36e3bcbec47bd3398cec4b9b28340a08f9465 run #0: crashed: general protection fault in __radix_tree_lookup run #1: crashed: BUG: corrupted list in copy_process run #2: crashed: unexpected kernel reboot run #3: crashed: general protection fault in anon_vma_interval_tree_insert run #4: crashed: general protection fault in fbcon_putcs run #5: crashed: kernel panic: stack is corrupted in bit_cursor run #6: crashed: unexpected kernel reboot run #7: crashed: kernel BUG at kernel/exit.c:LINE! run #8: crashed: no output from test machine run #9: crashed: no output from test machine testing release v4.18 testing commit 94710cac0ef4ee177a63b5227664b38c95bbf703 with gcc (GCC) 8.1.0 kernel signature: 5094a90c3797306a1b149081f7f273e4eae87c685851ed9c363dac1108d9800f run #0: crashed: general protection fault in futex_wake run #1: crashed: BUG: Bad page map run #2: crashed: general protection fault in anon_vma_interval_tree_remove run #3: crashed: general protection fault in vma_interval_tree_remove run #4: crashed: BUG: Bad page map run #5: crashed: BUG: Bad page map run #6: crashed: BUG: Bad page map run #7: crashed: KASAN: null-ptr-deref Write in wake_q_add run #8: crashed: general protection fault in validate_mm run #9: crashed: BUG: corrupted list in __unqueue_futex testing release v4.17 testing commit 29dcea88779c856c7dc92040a0c01233263101d4 with gcc (GCC) 8.1.0 kernel signature: 61cc7a93b5eca5db44130cc3e5c0e6e7fcd20a9bf830cbf6ca54e8889f303bc5 run #0: crashed: BUG: unable to handle kernel paging request in corrupted run #1: crashed: general protection fault in anon_vma_interval_tree_verify run #2: crashed: general protection fault in anon_vma_interval_tree_insert run #3: crashed: general protection fault in switch_mm_irqs_off run #4: crashed: general protection fault in rb_erase run #5: crashed: general protection fault in anon_vma_interval_tree_insert run #6: crashed: INFO: trying to register non-static key in add_wait_queue run #7: crashed: general protection fault in rb_erase_cached run #8: crashed: general protection fault in bit_putcs run #9: crashed: kernel BUG at arch/x86/mm/physaddr.c:LINE! testing release v4.16 testing commit 0adb32858b0bddf4ada5f364a84ed60b196dbcda with gcc (GCC) 8.1.0 kernel signature: c25b5a0a035c1c0f9008c996941549e990e79ab8c45e130187f5509bf7348f58 run #0: crashed: general protection fault in validate_mm run #1: crashed: general protection fault in rb_erase run #2: crashed: general protection fault in alloc_set_pte run #3: crashed: general protection fault in unmap_page_range run #4: crashed: unexpected kernel reboot run #5: crashed: unexpected kernel reboot run #6: crashed: general protection fault in wait_consider_task run #7: crashed: general protection fault in do_exit run #8: crashed: kernel BUG at arch/x86/mm/physaddr.c:LINE! run #9: crashed: kernel BUG at kernel/exit.c:LINE! testing release v4.15 testing commit d8a5b80568a9cb66810e75b182018e9edb68e8ff with gcc (GCC) 8.1.0 kernel signature: 87462c6fb039997623085fa9c7370f2fecb179f810e84871cb7af0615268454c run #0: crashed: general protection fault in timerqueue_add run #1: crashed: general protection fault in vma_interval_tree_insert_after run #2: crashed: general protection fault in __radix_tree_lookup run #3: crashed: WARNING in corrupted run #4: crashed: general protection fault in rcu_cblist_dequeue run #5: crashed: unexpected kernel reboot run #6: crashed: kernel BUG at arch/x86/mm/physaddr.c:LINE! run #7: crashed: BUG: Bad rss-counter state run #8: crashed: kernel BUG at arch/x86/mm/physaddr.c:LINE! run #9: crashed: no output from test machine testing release v4.14 testing commit bebc6082da0a9f5d47a1ea2edc099bf671058bd4 with gcc (GCC) 8.1.0 kernel signature: a880bdcddcd1f57c03d8d819a0e2d2f6189c22a51444a73d588f05e82b29d466 run #0: crashed: general protection fault in anon_vma_interval_tree_insert run #1: crashed: WARNING in vmacache_find run #2: crashed: WARNING in perf_event_delayed_put run #3: crashed: general protection fault in __radix_tree_lookup run #4: crashed: general protection fault in quarantine_remove_cache run #5: crashed: unexpected kernel reboot run #6: crashed: BUG: corrupted list in fb_open run #7: crashed: WARNING in vmacache_find run #8: crashed: unexpected kernel reboot run #9: crashed: kernel BUG at arch/x86/mm/physaddr.c:LINE! testing release v4.13 testing commit 569dbb88e80deb68974ef6fdd6a13edb9d686261 with gcc (GCC) 8.1.0 kernel signature: 5ef47add79428901c32d36c5ff2d7929c9b652cc73d25744e989d8550fbe56ac run #0: crashed: WARNING: ODEBUG bug in __do_softirq run #1: crashed: unexpected kernel reboot run #2: crashed: general protection fault in __radix_tree_lookup run #3: crashed: BUG: Bad page map run #4: crashed: general protection fault in timerqueue_add run #5: crashed: general protection fault in __switch_to run #6: crashed: general protection fault in schedule run #7: crashed: unexpected kernel reboot run #8: crashed: unexpected kernel reboot run #9: crashed: no output from test machine testing release v4.12 testing commit 6f7da290413ba713f0cdd9ff1a2a9bb129ef4f6c with gcc (GCC) 8.1.0 kernel signature: 466a011de817a6fc10f3450f9d8b592014fa6884eaf392e6e58607b838ffc31f all runs: crashed: BUG: sleeping function called from invalid context in tap_get_minor testing release v4.11 testing commit a351e9b9fc24e982ec2f0e76379a49826036da12 with gcc (GCC) 7.3.0 kernel signature: 449c8bfb685e47bfddef14f137055dfa93f49fbb4dd39feeae6dd0f8524ac36d all runs: crashed: BUG: sleeping function called from invalid context in tap_get_minor testing release v4.10 testing commit c470abd4fde40ea6a0846a2beab642a578c0b8cd with gcc (GCC) 5.5.0 kernel signature: d3f34b8e3a9ad13a0f6cf78025aee7a56d55464bb5a5b6fd9470d469cdc83035 run #0: crashed: BUG: unable to handle kernel paging request in switch_mm_irqs_off run #1: crashed: BUG: unable to handle kernel NULL pointer dereference in corrupted run #2: crashed: kernel panic: corrupted stack end in corrupted run #3: crashed: BUG: corrupted list in tty_write_lock run #4: crashed: BUG: unable to handle kernel paging request in fbcon_cursor run #5: crashed: BUG: unable to handle kernel paging request in corrupted run #6: crashed: general protection fault in __switch_to run #7: crashed: WARNING in corrupted run #8: crashed: general protection fault in futex_wake run #9: crashed: WARNING in corrupted testing release v4.9 testing commit 69973b830859bc6529a7a0468ba0d80ee5117826 with gcc (GCC) 5.5.0 kernel signature: 44d7a5edbd09b7e72e1ea74143e39ac1cd97fdbc31caf65773c2cf2a3d4342d8 run #0: crashed: WARNING in corrupted run #1: crashed: general protection fault in anon_vma_interval_tree_insert run #2: crashed: general protection fault in rcu_process_callbacks run #3: crashed: general protection fault in __fget run #4: crashed: WARNING in css_set_move_task run #5: crashed: general protection fault in selinux_file_permission run #6: crashed: BUG: unable to handle kernel paging request in wait_consider_task run #7: crashed: general protection fault in mem_cgroup_from_task run #8: crashed: WARNING in tty_write_lock run #9: crashed: WARNING: ODEBUG bug in __do_softirq testing release v4.8 testing commit c8d2bc9bc39ebea8437fd974fdbc21847bb897a3 with gcc (GCC) 5.5.0 kernel signature: c49a189a1d16ff8137fdee3710cdc3134a1ffeb15361629ed099dbc4d4bbd16c run #0: crashed: unexpected kernel reboot run #1: crashed: BUG: unable to handle kernel paging request in wait_consider_task run #2: crashed: general protection fault in set_task_cpu run #3: crashed: BUG: Bad page map run #4: crashed: WARNING in corrupted run #5: crashed: WARNING in corrupted run #6: crashed: WARNING in copy_process run #7: crashed: WARNING in corrupted run #8: crashed: general protection fault in rb_first run #9: OK testing release v4.7 testing commit 523d939ef98fd712632d93a5a2b588e477a7565e with gcc (GCC) 5.5.0 kernel signature: c9206a988160dbcdaeb2263fc6672b0007f46d9b4b1deb3e93a0eeb0760471df run #0: crashed: general protection fault in debug_check_no_obj_freed run #1: crashed: kernel BUG at arch/x86/mm/physaddr.c:LINE! run #2: crashed: general protection fault in anon_vma_interval_tree_insert run #3: crashed: general protection fault in __ipv6_dev_get_saddr run #4: crashed: general protection fault in debug_check_no_obj_freed run #5: crashed: general protection fault in __mark_inode_dirty run #6: crashed: general protection fault in kernfs_fop_readdir run #7: crashed: general protection fault in __qdisc_calculate_pkt_len run #8: crashed: general protection fault in mm_update_next_owner run #9: crashed: BUG: Bad page map testing release v4.6 testing commit 2dcd0af568b0cf583645c8a317dd12e344b1c72a with gcc (GCC) 5.5.0 kernel signature: 8c0b0eadc66856d8a47a6918144e6cd64136f01e5386bc4cab9a9f4650c01385 all runs: crashed: WARNING in sysfs_warn_dup revisions tested: 25, total time: 4h43m32.271125108s (build: 2h24m19.10435113s, test: 2h15m9.834357879s) the crash already happened on the oldest tested release commit msg: Linux 4.6 crash: WARNING in sysfs_warn_dup bridge0: port 2(bridge_slave_1) entered disabled state device bridge_slave_1 entered promiscuous mode bond0: Enslaving bond_slave_0 as an active interface with an up link IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready ------------[ cut here ]------------ WARNING: CPU: 1 PID: 5879 at fs/sysfs/dir.c:31 sysfs_warn_dup+0x7b/0xa0 fs/sysfs/dir.c:30 sysfs: cannot create duplicate filename '/class/macvtap/tap50' Kernel panic - not syncing: panic_on_warn set ... CPU: 1 PID: 5879 Comm: syz-executor.0 Not tainted 4.6.0-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 0000000000000000 ffff8800b067efc8 ffffffff82c65e52 ffffffff85c81040 ffff8800b067f0a0 ffffffff85d2bb80 ffffffff8191bd7b 0000000000000009 ffff8800b067f090 ffffffff8160d884 0000000041b58ab3 ffffffff868f8c5a Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0x136/0x1d4 lib/dump_stack.c:51 [] panic+0x1af/0x348 kernel/panic.c:152 [] __warn+0x18d/0x1b0 kernel/panic.c:504 [] warn_slowpath_fmt+0x92/0xb0 kernel/panic.c:527 [] sysfs_warn_dup+0x7b/0xa0 fs/sysfs/dir.c:30 [] sysfs_do_create_link_sd.isra.0+0xd1/0xf0 fs/sysfs/symlink.c:51 [] sysfs_do_create_link fs/sysfs/symlink.c:80 [inline] [] sysfs_create_link+0x43/0xb0 fs/sysfs/symlink.c:92 [] device_add_class_symlinks drivers/base/core.c:891 [inline] [] device_add+0x677/0x1350 drivers/base/core.c:1086 [] device_create_groups_vargs+0x1c8/0x220 drivers/base/core.c:1709 [] device_create_vargs drivers/base/core.c:1749 [inline] [] device_create+0x88/0xa0 drivers/base/core.c:1785 [] macvtap_device_event+0x1c4/0x2a0 drivers/net/macvtap.c:1298 [] notifier_call_chain+0x8b/0x170 kernel/notifier.c:93 [] __raw_notifier_call_chain kernel/notifier.c:394 [inline] [] raw_notifier_call_chain+0x11/0x20 kernel/notifier.c:401 [] call_netdevice_notifiers_info+0x47/0x80 net/core/dev.c:1643 [] call_netdevice_notifiers net/core/dev.c:1659 [inline] [] register_netdevice+0x8e8/0xd00 net/core/dev.c:7027 [] macvlan_common_newlink+0x8b9/0x1090 drivers/net/macvlan.c:1316 [] macvtap_newlink+0xbf/0x110 drivers/net/macvtap.c:471 [] rtnl_newlink+0xd4b/0x1230 net/core/rtnetlink.c:2466 [] rtnetlink_rcv_msg+0x222/0x680 net/core/rtnetlink.c:3513 [] netlink_rcv_skb+0x242/0x350 net/netlink/af_netlink.c:2277 [] rtnetlink_rcv+0x25/0x30 net/core/rtnetlink.c:3519 [] netlink_unicast_kernel net/netlink/af_netlink.c:1214 [inline] [] netlink_unicast+0x3da/0x560 net/netlink/af_netlink.c:1240 [] netlink_sendmsg+0x9bb/0xb40 net/netlink/af_netlink.c:1786 [] sock_sendmsg_nosec net/socket.c:612 [inline] [] sock_sendmsg+0xb5/0xf0 net/socket.c:622 [] SYSC_sendto net/socket.c:1648 [inline] [] SyS_sendto+0x1ca/0x290 net/socket.c:1616 [] entry_SYSCALL_64_fastpath+0x23/0xc1 Kernel Offset: disabled