bisecting cause commit starting from a8205e310011f09cc73cd577d7b0074c57b9bb54 building syzkaller on abf9ba4fc75d9b29af15625d44dcfc1360fad3b7 testing commit a8205e310011f09cc73cd577d7b0074c57b9bb54 with gcc (GCC) 8.1.0 kernel signature: acd42029c624a4d0a263d4b4c2a9b822aad483f74666e2b986cad672266cf81f run #0: crashed: BUG: corrupted list in tty_write_lock run #1: crashed: BUG: corrupted list in __mutex_add_waiter run #2: crashed: BUG: unable to handle kernel paging request in rb_next run #3: crashed: general protection fault in __switch_to run #4: crashed: BUG: corrupted list in fb_open run #5: crashed: BUG: unable to handle kernel NULL pointer dereference in do_swap_page run #6: crashed: general protection fault in __switch_to run #7: crashed: no output from test machine run #8: crashed: no output from test machine run #9: basic kernel testing failed: failed to copy test binary to VM: failed to run ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "-i" "/syzkaller/jobs/linux/workdir/image/key" "/tmp/syz-executor434139038" "root@10.128.10.29:./syz-executor434139038"]: exit status 1 ssh: connect to host 10.128.10.29 port 22: Connection timed out lost connection testing release v5.8 testing commit bcf876870b95592b52519ed4aafcf9d95999bc9c with gcc (GCC) 8.1.0 kernel signature: 016ba2efbb81303f1d450b80cc52e3e4efa4c2c31a0c8ea9230195373bb9c298 run #0: crashed: BUG: unable to handle kernel NULL pointer dereference in corrupted run #1: crashed: BUG: Bad page map run #2: crashed: BUG: Bad page map run #3: crashed: BUG: unable to handle kernel paging request in corrupted run #4: crashed: BUG: unable to handle kernel paging request in corrupted run #5: crashed: BUG: unable to handle kernel paging request in do_exit run #6: crashed: BUG: unable to handle kernel paging request in cfb_imageblit run #7: crashed: BUG: unable to handle kernel NULL pointer dereference in do_swap_page run #8: crashed: general protection fault in try_to_wake_up run #9: basic kernel testing failed: failed to copy test binary to VM: failed to run ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "-i" "/syzkaller/jobs/linux/workdir/image/key" "/tmp/syz-executor703663232" "root@10.128.0.214:./syz-executor703663232"]: exit status 1 ssh: connect to host 10.128.0.214 port 22: Connection timed out lost connection testing release v5.7 testing commit 3d77e6a8804abcc0504c904bd6e5cdf3a5cf8162 with gcc (GCC) 8.1.0 kernel signature: f44c0277880590437252951dc073c113b304ebcd729b09fdb936727fa1720857 run #0: crashed: WARNING in match_held_lock run #1: crashed: general protection fault in psi_task_switch run #2: crashed: BUG: unable to handle kernel NULL pointer dereference in corrupted run #3: crashed: WARNING: refcount bug in proc_evict_inode run #4: crashed: kernel BUG at arch/x86/mm/physaddr.c:LINE! run #5: crashed: general protection fault in bit_putcs run #6: crashed: BUG: corrupted list in tty_write_lock run #7: crashed: kernel BUG at arch/x86/mm/physaddr.c:LINE! run #8: crashed: no output from test machine run #9: crashed: no output from test machine testing release v5.6 testing commit 7111951b8d4973bda27ff663f2cf18b663d15b48 with gcc (GCC) 8.1.0 kernel signature: dbf831810911327ee1ddd1838bd928cd705b6dff959f90738c4f9c4293ff3c8d run #0: crashed: BUG: spinlock bad magic in calculate_sigpending run #1: crashed: INFO: trying to register non-static key in try_to_wake_up run #2: crashed: BUG: corrupted list in load_balance run #3: crashed: general protection fault in mm_update_next_owner run #4: crashed: general protection fault in enqueue_entity run #5: crashed: general protection fault in call_rcu run #6: crashed: kernel BUG at arch/x86/mm/physaddr.c:LINE! run #7: crashed: WARNING: refcount bug in tty_write_unlock run #8: crashed: general protection fault in rcu_core run #9: crashed: BUG: unable to handle kernel paging request in corrupted testing release v5.5 testing commit d5226fa6dbae0569ee43ecfc08bdcd6770fc4755 with gcc (GCC) 8.1.0 kernel signature: ebc4cda9cce803acc934e9778e2a353e5cd0dbbf8063cf5d6688854a8ab15795 run #0: crashed: WARNING: refcount bug in mark_wake_futex run #1: crashed: kernel panic: Fatal exception run #2: crashed: KASAN: unknown-crash Read in sprintf run #3: crashed: INFO: trying to register non-static key in calculate_sigpending run #4: crashed: KASAN: unknown-crash Read in tty_write_lock run #5: crashed: unexpected kernel reboot run #6: crashed: BUG: unable to handle kernel paging request in mm_update_next_owner run #7: crashed: kernel BUG at arch/x86/mm/physaddr.c:LINE! run #8: crashed: WARNING: refcount bug in mark_wake_futex run #9: crashed: general protection fault in __close_fd testing release v5.4 testing commit 219d54332a09e8d8741c1e1982f5eae56099de85 with gcc (GCC) 8.1.0 kernel signature: 60ec899b240438fca0afab39cf90d6e0666c97e4df118b936bd802d696e7ac0a run #0: crashed: general protection fault in futex_wake run #1: crashed: BUG: unable to handle kernel NULL pointer dereference in corrupted run #2: crashed: kernel BUG at arch/x86/mm/physaddr.c:LINE! run #3: crashed: general protection fault in hrtimer_active run #4: crashed: general protection fault in futex_wake run #5: crashed: kernel panic: stack is corrupted in __schedule run #6: crashed: kernel panic: stack is corrupted in __schedule run #7: crashed: kernel BUG at arch/x86/mm/physaddr.c:LINE! run #8: crashed: BUG: unable to handle kernel NULL pointer dereference in corrupted run #9: crashed: kernel BUG at arch/x86/mm/physaddr.c:LINE! testing release v5.3 testing commit 4d856f72c10ecb060868ed10ff1b1453943fc6c8 with gcc (GCC) 8.1.0 kernel signature: 0300a8baddef4e6025f4557b520d0c600c3eb48a31f47c10c85a1fe6967c9907 run #0: crashed: general protection fault in futex_wake run #1: crashed: general protection fault in do_swap_page run #2: crashed: general protection fault in calculate_sigpending run #3: crashed: general protection fault in can_migrate_task run #4: crashed: BUG: unable to handle kernel NULL pointer dereference in corrupted run #5: crashed: general protection fault in futex_wake run #6: crashed: kernel BUG at arch/x86/mm/physaddr.c:LINE! run #7: crashed: kernel BUG at arch/x86/mm/physaddr.c:LINE! run #8: crashed: kernel BUG at arch/x86/mm/physaddr.c:LINE! run #9: crashed: kernel BUG at arch/x86/mm/physaddr.c:LINE! testing release v5.2 testing commit 0ecfebd2b52404ae0c54a878c872bb93363ada36 with gcc (GCC) 8.1.0 kernel signature: 8ca7ab09f84b096275dbad1213b64564467c9b5a2af17fa5cac2b75004eccda9 run #0: crashed: general protection fault in futex_wake run #1: crashed: general protection fault in timerqueue_add run #2: crashed: kernel panic: stack is corrupted in __schedule run #3: crashed: kernel panic: stack is corrupted in __schedule run #4: crashed: BUG: corrupted list in copy_process run #5: crashed: BUG: corrupted list in __mutex_add_waiter run #6: crashed: WARNING in drop_futex_key_refs run #7: crashed: general protection fault in __schedule run #8: crashed: kernel BUG at arch/x86/mm/physaddr.c:LINE! run #9: crashed: kernel BUG at arch/x86/mm/physaddr.c:LINE! testing release v5.1 testing commit e93c9c99a629c61837d5a7fc2120cd2b6c70dbdd with gcc (GCC) 8.1.0 kernel signature: d40d255bc2671f7a190ce21adcd629a15427bf38cedde60920b0a35f31997ce2 run #0: crashed: general protection fault in rb_insert_color run #1: crashed: general protection fault in xas_start run #2: crashed: BUG: spinlock bad magic in try_to_wake_up run #3: crashed: unexpected kernel reboot run #4: crashed: kernel BUG at arch/x86/mm/physaddr.c:LINE! run #5: crashed: INFO: trying to register non-static key in try_to_wake_up run #6: crashed: BUG: corrupted list in tty_write_lock run #7: crashed: kernel BUG at arch/x86/mm/physaddr.c:LINE! run #8: crashed: kernel BUG at arch/x86/mm/physaddr.c:LINE! run #9: crashed: no output from test machine testing release v5.0 testing commit 1c163f4c7b3f621efff9b28a47abb36f7378d783 with gcc (GCC) 8.1.0 kernel signature: d68f2d6ae2cc873db94f2357be33c299617dd1ef16277fdc35b417a5103f1593 run #0: crashed: unexpected kernel reboot run #1: crashed: BUG: unable to handle kernel paging request in corrupted run #2: crashed: BUG: corrupted list in tty_write_lock run #3: crashed: general protection fault in rb_insert_color run #4: crashed: BUG: Bad page map run #5: crashed: WARNING in corrupted run #6: crashed: BUG: unable to handle kernel NULL pointer dereference in corrupted run #7: crashed: general protection fault in rb_erase run #8: crashed: BUG: Bad page map run #9: crashed: general protection fault in enqueue_entity testing release v4.20 testing commit 8fe28cb58bcb235034b64cbbb7550a8a43fd88be with gcc (GCC) 8.1.0 kernel signature: 4a994179c4b1b6b0aeed71cced794eb18448548eaf6be35fe920a94b69dfe0ce run #0: crashed: kernel panic: stack is corrupted in __se_sys_futex run #1: crashed: general protection fault in __schedule run #2: crashed: general protection fault in do_splice_direct run #3: crashed: general protection fault in do_nanosleep run #4: crashed: general protection fault in rb_erase run #5: crashed: BUG: unable to handle kernel NULL pointer dereference in corrupted run #6: crashed: kernel BUG at mm/mmap.c:LINE! run #7: crashed: general protection fault in acct_collect run #8: crashed: kernel panic: corrupted stack end in sys_futex run #9: crashed: general protection fault in mm_update_next_owner testing release v4.19 testing commit 84df9525b0c27f3ebc2ebb1864fa62a97fdedb7d with gcc (GCC) 8.1.0 kernel signature: 0298ad967ec7e3db1a37384212324c1aff0fa45d5fe27103b309841e83c5e5d0 run #0: crashed: WARNING in debug_mutex_wake_waiter run #1: crashed: BUG: unable to handle kernel NULL pointer dereference in corrupted run #2: crashed: general protection fault in timerqueue_add run #3: crashed: kernel panic: stack is corrupted in __schedule run #4: crashed: general protection fault in __radix_tree_lookup run #5: crashed: unexpected kernel reboot run #6: crashed: kernel panic: stack is corrupted in path_openat run #7: crashed: kernel BUG at arch/x86/mm/physaddr.c:LINE! run #8: crashed: kernel BUG at arch/x86/mm/physaddr.c:LINE! run #9: crashed: general protection fault in mm_update_next_owner testing release v4.18 testing commit 94710cac0ef4ee177a63b5227664b38c95bbf703 with gcc (GCC) 8.1.0 kernel signature: e0673b31e6b835f2a5f909c48f50ab977a342606b738463ea201415e96455a5e run #0: crashed: general protection fault in rcu_process_callbacks run #1: crashed: general protection fault in update_curr run #2: crashed: BUG: corrupted list in tty_write_lock run #3: crashed: unexpected kernel reboot run #4: crashed: BUG: unable to handle kernel paging request in cfb_imageblit run #5: crashed: BUG: Bad page map run #6: crashed: general protection fault in rb_insert_color_cached run #7: crashed: kernel panic: stack is corrupted in _do_fork run #8: crashed: kernel BUG at arch/x86/mm/physaddr.c:LINE! run #9: crashed: BUG: corrupted list in css_set_move_task testing release v4.17 testing commit 29dcea88779c856c7dc92040a0c01233263101d4 with gcc (GCC) 8.1.0 kernel signature: 700214e96ef718a91631900346483031b8832a63b46f8da40bf337694bc17fe7 run #0: crashed: BUG: unable to handle kernel paging request in __handle_mm_fault run #1: crashed: kernel panic: stack is corrupted in __schedule run #2: crashed: unexpected kernel reboot run #3: crashed: kernel panic: stack is corrupted in schedule_timeout run #4: crashed: unexpected kernel reboot run #5: crashed: BUG: unable to handle kernel paging request in do_coredump run #6: crashed: general protection fault in anon_vma_interval_tree_insert run #7: crashed: general protection fault in __hrtimer_run_queues run #8: crashed: WARNING in __put_task_struct run #9: crashed: general protection fault in wait_consider_task testing release v4.16 testing commit 0adb32858b0bddf4ada5f364a84ed60b196dbcda with gcc (GCC) 8.1.0 kernel signature: 530e3cdcdc49b703ff922a885efde68d73fa4048e0159c24d1386bc04c2b5bbf run #0: crashed: BUG: unable to handle kernel paging request in corrupted run #1: crashed: BUG: corrupted list in account_entity_dequeue run #2: crashed: general protection fault in __schedule run #3: crashed: general protection fault in __switch_to run #4: crashed: general protection fault in call_usermodehelper_exec_async run #5: crashed: unexpected kernel reboot run #6: crashed: general protection fault in cpuset_cpus_allowed_fallback run #7: crashed: BUG: corrupted list in tty_write_lock run #8: crashed: general protection fault in __radix_tree_lookup run #9: crashed: kernel BUG at arch/x86/mm/physaddr.c:LINE! testing release v4.15 testing commit d8a5b80568a9cb66810e75b182018e9edb68e8ff with gcc (GCC) 8.1.0 kernel signature: 8c74274b7e6877a8bd3d713ac8db88e04f138c98a88b9e85f434991372bffa9b run #0: crashed: general protection fault in perf_event_exit_task run #1: crashed: BUG: unable to handle kernel NULL pointer dereference in corrupted run #2: crashed: BUG: unable to handle kernel NULL pointer dereference in corrupted run #3: crashed: general protection fault in anon_vma_interval_tree_insert run #4: crashed: BUG: unable to handle kernel NULL pointer dereference in corrupted run #5: crashed: general protection fault in try_to_wake_up run #6: crashed: BUG: corrupted list in tty_write_lock run #7: crashed: BUG: corrupted list in tty_write_lock run #8: crashed: BUG: unable to handle kernel paging request in wait_consider_task run #9: crashed: no output from test machine testing release v4.14 testing commit bebc6082da0a9f5d47a1ea2edc099bf671058bd4 with gcc (GCC) 8.1.0 kernel signature: d415adc743ae8a015fdce08976074590518031d0c56ac153a1a4d8c40a1119da run #0: crashed: BUG: corrupted list in tty_write_lock run #1: crashed: BUG: unable to handle kernel paging request in corrupted run #2: crashed: BUG: corrupted list in tty_write_lock run #3: crashed: BUG: unable to handle kernel paging request in quarantine_remove_cache run #4: crashed: WARNING: kernel stack regs has bad 'bp' value run #5: crashed: BUG: unable to handle kernel NULL pointer dereference in do_nanosleep run #6: crashed: BUG: unable to handle kernel NULL pointer dereference in hrtimer_interrupt run #7: crashed: general protection fault in __switch_to run #8: crashed: general protection fault in __switch_to run #9: crashed: unexpected kernel reboot testing release v4.13 testing commit 569dbb88e80deb68974ef6fdd6a13edb9d686261 with gcc (GCC) 8.1.0 kernel signature: e317f59885236020e6e91ed489a5887ddb3463f362af5dcb902db9c38614c7c7 run #0: crashed: BUG: unable to handle kernel paging request in corrupted run #1: crashed: KASAN: use-after-free Read in fixup_exception run #2: crashed: general protection fault in __alloc_pages_nodemask run #3: crashed: general protection fault in schedule run #4: crashed: general protection fault in __schedule run #5: crashed: BUG: unable to handle kernel NULL pointer dereference in corrupted run #6: crashed: BUG: unable to handle kernel paging request in soft_cursor run #7: crashed: INFO: trying to register non-static key in try_to_wake_up run #8: crashed: general protection fault in wait_consider_task run #9: crashed: BUG: unable to handle kernel NULL pointer dereference in corrupted testing release v4.12 testing commit 6f7da290413ba713f0cdd9ff1a2a9bb129ef4f6c with gcc (GCC) 8.1.0 kernel signature: 20e07b560aee66f09be0dedd30d2aa734eaa041887017f7ef131bc4c1874a116 all runs: crashed: BUG: sleeping function called from invalid context in tap_get_minor testing release v4.11 testing commit a351e9b9fc24e982ec2f0e76379a49826036da12 with gcc (GCC) 7.3.0 kernel signature: a06b9c5e03b3389c3998b36b28d9ba105d565d14b522dd701dc2ed48f8baf095 all runs: crashed: BUG: sleeping function called from invalid context in tap_get_minor testing release v4.10 testing commit c470abd4fde40ea6a0846a2beab642a578c0b8cd with gcc (GCC) 5.5.0 kernel signature: 48a5c8e4f311699ffb4e1fc23c597f6c6b80b8009251439daa8138b4bcbbdec4 run #0: crashed: general protection fault in cfb_imageblit run #1: crashed: general protection fault in __switch_to run #2: crashed: general protection fault in quarantine_remove_cache run #3: crashed: kernel BUG at arch/x86/mm/physaddr.c:LINE! run #4: crashed: general protection fault in mutex_optimistic_spin run #5: crashed: kernel panic: corrupted stack end in corrupted run #6: crashed: BUG: Bad rss-counter state run #7: crashed: unexpected kernel reboot run #8: crashed: general protection fault in validate_mm run #9: crashed: BUG: Bad page map testing release v4.9 testing commit 69973b830859bc6529a7a0468ba0d80ee5117826 with gcc (GCC) 5.5.0 kernel signature: 3eb9e5138741142c7c5e7bda24a3a0a53addb382d2b5ffec0463f7a89fa1af6e run #0: crashed: BUG: unable to handle kernel NULL pointer dereference in corrupted run #1: crashed: WARNING in copy_process run #2: crashed: BUG: unable to handle kernel paging request in value run #3: crashed: WARNING in update_curr run #4: crashed: general protection fault in rcu_process_callbacks run #5: crashed: general protection fault in __enqueue_entity run #6: crashed: WARNING in copy_process run #7: crashed: BUG: sleeping function called from invalid context in lookup_slow run #8: crashed: general protection fault in enqueue_entity run #9: crashed: WARNING in rcu_process_callbacks testing release v4.8 testing commit c8d2bc9bc39ebea8437fd974fdbc21847bb897a3 with gcc (GCC) 5.5.0 kernel signature: c05242ebc5e43fa8915a489912a814a1f60ff8d97ecb748c81384d2dbbfdbdf6 run #0: crashed: general protection fault in ep_send_events_proc run #1: crashed: general protection fault in __fput run #2: crashed: WARNING in corrupted run #3: crashed: kernel BUG at arch/x86/mm/physaddr.c:LINE! run #4: crashed: general protection fault in do_sendfile run #5: crashed: BUG: unable to handle kernel NULL pointer dereference in __sigqueue_alloc run #6: crashed: kernel BUG at arch/x86/mm/physaddr.c:LINE! run #7: crashed: general protection fault in put_pid run #8: crashed: BUG: unable to handle kernel paging request in value run #9: crashed: unexpected kernel reboot testing release v4.7 testing commit 523d939ef98fd712632d93a5a2b588e477a7565e with gcc (GCC) 5.5.0 kernel signature: 5afea7832220336e9f8210ad33f1f45fc261465a22134c873609a992a60cde0a all runs: crashed: possible deadlock in copy_cgroup_ns testing release v4.6 testing commit 2dcd0af568b0cf583645c8a317dd12e344b1c72a with gcc (GCC) 5.5.0 kernel signature: 467c58c60b877b73e029cebd41671aac229979f3882c3bca92cf9f421c35807b all runs: crashed: WARNING in sysfs_warn_dup revisions tested: 25, total time: 4h32m12.288420155s (build: 2h15m9.417752381s, test: 2h12m57.461580457s) the crash already happened on the oldest tested release commit msg: Linux 4.6 crash: WARNING in sysfs_warn_dup bridge0: port 2(bridge_slave_1) entered disabled state device bridge_slave_1 entered promiscuous mode IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready bond0: Enslaving bond_slave_0 as an active interface with an up link ------------[ cut here ]------------ WARNING: CPU: 1 PID: 5890 at fs/sysfs/dir.c:31 sysfs_warn_dup+0x7b/0xa0 fs/sysfs/dir.c:30 sysfs: cannot create duplicate filename '/class/macvtap/tap50' Kernel panic - not syncing: panic_on_warn set ... CPU: 1 PID: 5890 Comm: syz-executor.0 Not tainted 4.6.0-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 0000000000000000 ffff8800b9956fc8 ffffffff82c65e52 ffffffff85c81040 ffff8800b99570a0 ffffffff85d2bb80 ffffffff8191bd7b 0000000000000009 ffff8800b9957090 ffffffff8160d884 0000000041b58ab3 ffffffff868f8c5a Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0x136/0x1d4 lib/dump_stack.c:51 [] panic+0x1af/0x348 kernel/panic.c:152 [] __warn+0x18d/0x1b0 kernel/panic.c:504 [] warn_slowpath_fmt+0x92/0xb0 kernel/panic.c:527 [] sysfs_warn_dup+0x7b/0xa0 fs/sysfs/dir.c:30 [] sysfs_do_create_link_sd.isra.0+0xd1/0xf0 fs/sysfs/symlink.c:51 [] sysfs_do_create_link fs/sysfs/symlink.c:80 [inline] [] sysfs_create_link+0x43/0xb0 fs/sysfs/symlink.c:92 [] device_add_class_symlinks drivers/base/core.c:891 [inline] [] device_add+0x677/0x1350 drivers/base/core.c:1086 [] device_create_groups_vargs+0x1c8/0x220 drivers/base/core.c:1709 [] device_create_vargs drivers/base/core.c:1749 [inline] [] device_create+0x88/0xa0 drivers/base/core.c:1785 [] macvtap_device_event+0x1c4/0x2a0 drivers/net/macvtap.c:1298 [] notifier_call_chain+0x8b/0x170 kernel/notifier.c:93 [] __raw_notifier_call_chain kernel/notifier.c:394 [inline] [] raw_notifier_call_chain+0x11/0x20 kernel/notifier.c:401 [] call_netdevice_notifiers_info+0x47/0x80 net/core/dev.c:1643 [] call_netdevice_notifiers net/core/dev.c:1659 [inline] [] register_netdevice+0x8e8/0xd00 net/core/dev.c:7027 [] macvlan_common_newlink+0x8b9/0x1090 drivers/net/macvlan.c:1316 [] macvtap_newlink+0xbf/0x110 drivers/net/macvtap.c:471 [] rtnl_newlink+0xd4b/0x1230 net/core/rtnetlink.c:2466 [] rtnetlink_rcv_msg+0x222/0x680 net/core/rtnetlink.c:3513 [] netlink_rcv_skb+0x242/0x350 net/netlink/af_netlink.c:2277 [] rtnetlink_rcv+0x25/0x30 net/core/rtnetlink.c:3519 [] netlink_unicast_kernel net/netlink/af_netlink.c:1214 [inline] [] netlink_unicast+0x3da/0x560 net/netlink/af_netlink.c:1240 [] netlink_sendmsg+0x9bb/0xb40 net/netlink/af_netlink.c:1786 [] sock_sendmsg_nosec net/socket.c:612 [inline] [] sock_sendmsg+0xb5/0xf0 net/socket.c:622 [] SYSC_sendto net/socket.c:1648 [inline] [] SyS_sendto+0x1ca/0x290 net/socket.c:1616 [] entry_SYSCALL_64_fastpath+0x23/0xc1 Kernel Offset: disabled