bisecting cause commit starting from 83bdc7275e6206f560d247be856bceba3e1ed8f2 building syzkaller on 8df85ed9883abc2a200858f44f22c11c602d218a testing commit 83bdc7275e6206f560d247be856bceba3e1ed8f2 with gcc (GCC) 8.1.0 kernel signature: 58c5c065b045a5b4d033b3061286dbb55538e5d8c03cb8a69390bd2bd9f4069d all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in amp_read_loc_assoc_final_data testing release v5.7 testing commit 3d77e6a8804abcc0504c904bd6e5cdf3a5cf8162 with gcc (GCC) 8.1.0 kernel signature: 247552638ad9baecd679315f1859e82045706408f624088242b4e526160d1928 all runs: crashed: KASAN: null-ptr-deref Write in amp_read_loc_assoc_final_data testing release v5.6 testing commit 7111951b8d4973bda27ff663f2cf18b663d15b48 with gcc (GCC) 8.1.0 kernel signature: 0d7de25092a13891efdb4875e47aeec0ffe788ee20d8607068ace067006a168a all runs: crashed: KASAN: null-ptr-deref Write in amp_read_loc_assoc_final_data testing release v5.5 testing commit d5226fa6dbae0569ee43ecfc08bdcd6770fc4755 with gcc (GCC) 8.1.0 kernel signature: 5226a2a7e69d71dea4ba1a5cc64a45e6a0a2e2bd64210d3342e65867cb7fac58 all runs: crashed: KASAN: null-ptr-deref Write in amp_read_loc_assoc_final_data testing release v5.4 testing commit 219d54332a09e8d8741c1e1982f5eae56099de85 with gcc (GCC) 8.1.0 kernel signature: 58f4c8ba25ef012150973e4f7821d50ffea8cabe6df04f13e4200f7af0f3c03e all runs: crashed: KASAN: null-ptr-deref Write in amp_read_loc_assoc_final_data testing release v5.3 testing commit 4d856f72c10ecb060868ed10ff1b1453943fc6c8 with gcc (GCC) 8.1.0 kernel signature: fcf9ecf0972c57875038670fbf1e8e5e56d7e1e64d3121e9d80856549a69ed18 run #0: crashed: KASAN: null-ptr-deref Write in amp_read_loc_assoc_final_data run #1: crashed: BUG: unable to handle kernel NULL pointer dereference in amp_read_loc_assoc_final_data run #2: crashed: KASAN: null-ptr-deref Write in amp_read_loc_assoc_final_data run #3: crashed: KASAN: null-ptr-deref Write in amp_read_loc_assoc_final_data run #4: crashed: KASAN: null-ptr-deref Write in amp_read_loc_assoc_final_data run #5: crashed: KASAN: null-ptr-deref Write in amp_read_loc_assoc_final_data run #6: crashed: KASAN: null-ptr-deref Write in amp_read_loc_assoc_final_data run #7: crashed: KASAN: null-ptr-deref Write in amp_read_loc_assoc_final_data run #8: crashed: KASAN: null-ptr-deref Write in amp_read_loc_assoc_final_data run #9: crashed: KASAN: null-ptr-deref Write in amp_read_loc_assoc_final_data testing release v5.2 testing commit 0ecfebd2b52404ae0c54a878c872bb93363ada36 with gcc (GCC) 8.1.0 kernel signature: b80e91cc942cd4b2185744c952f8a263e45bc03c6edb4ad5cc38dd0cc5fc4787 all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in amp_read_loc_assoc_final_data testing release v5.1 testing commit e93c9c99a629c61837d5a7fc2120cd2b6c70dbdd with gcc (GCC) 8.1.0 kernel signature: 7cd2730f0291d17d9cbcdd03011dbfedfd34291bf94e9bd3a620710e2cd18eb8 all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in amp_read_loc_assoc_final_data testing release v5.0 testing commit 1c163f4c7b3f621efff9b28a47abb36f7378d783 with gcc (GCC) 8.1.0 kernel signature: 7fa1744ea78781991a9b39f5cf4d1a8e0e91448f070910ffea38ae5dd99bd533 run #0: crashed: BUG: unable to handle kernel NULL pointer dereference in corrupted run #1: crashed: BUG: unable to handle kernel NULL pointer dereference in amp_read_loc_assoc_final_data run #2: crashed: BUG: unable to handle kernel NULL pointer dereference in amp_read_loc_assoc_final_data run #3: crashed: BUG: unable to handle kernel NULL pointer dereference in amp_read_loc_assoc_final_data run #4: crashed: BUG: unable to handle kernel NULL pointer dereference in amp_read_loc_assoc_final_data run #5: crashed: BUG: unable to handle kernel NULL pointer dereference in amp_read_loc_assoc_final_data run #6: crashed: BUG: unable to handle kernel NULL pointer dereference in amp_read_loc_assoc_final_data run #7: crashed: BUG: unable to handle kernel NULL pointer dereference in amp_read_loc_assoc_final_data run #8: crashed: BUG: unable to handle kernel NULL pointer dereference in amp_read_loc_assoc_final_data run #9: crashed: BUG: unable to handle kernel NULL pointer dereference in amp_read_loc_assoc_final_data testing release v4.20 testing commit 8fe28cb58bcb235034b64cbbb7550a8a43fd88be with gcc (GCC) 8.1.0 kernel signature: 267354453f8ded85dd81eb0a00c145ad74e8ec4381f4fac564e27ecaae1e0bcc run #0: crashed: BUG: unable to handle kernel NULL pointer dereference in amp_read_loc_assoc_final_data run #1: crashed: BUG: unable to handle kernel NULL pointer dereference in amp_read_loc_assoc_final_data run #2: crashed: BUG: unable to handle kernel NULL pointer dereference in amp_read_loc_assoc_final_data run #3: crashed: BUG: unable to handle kernel NULL pointer dereference in amp_read_loc_assoc_final_data run #4: crashed: BUG: unable to handle kernel NULL pointer dereference in amp_read_loc_assoc_final_data run #5: crashed: BUG: unable to handle kernel NULL pointer dereference in amp_read_loc_assoc_final_data run #6: crashed: BUG: unable to handle kernel NULL pointer dereference in corrupted run #7: crashed: BUG: unable to handle kernel NULL pointer dereference in amp_read_loc_assoc_final_data run #8: crashed: BUG: unable to handle kernel NULL pointer dereference in amp_read_loc_assoc_final_data run #9: crashed: BUG: unable to handle kernel NULL pointer dereference in amp_read_loc_assoc_final_data testing release v4.19 testing commit 84df9525b0c27f3ebc2ebb1864fa62a97fdedb7d with gcc (GCC) 8.1.0 kernel signature: 86e31b7da9be154f97bf074850749fab7506b3402b6d76d7b3b3f8c978102b93 all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in amp_read_loc_assoc_final_data testing release v4.18 testing commit 94710cac0ef4ee177a63b5227664b38c95bbf703 with gcc (GCC) 8.1.0 kernel signature: 829307f9c88660cb8aaf4614f20b4bac19c19c684db479eaef90ab601540163e all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in amp_read_loc_assoc_final_data testing release v4.17 testing commit 29dcea88779c856c7dc92040a0c01233263101d4 with gcc (GCC) 8.1.0 kernel signature: e95d2f142a43330186bd9e9a627e67dcfc2177d04f7a91d37894de5248cd3b38 all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in amp_read_loc_assoc_final_data testing release v4.16 testing commit 0adb32858b0bddf4ada5f364a84ed60b196dbcda with gcc (GCC) 8.1.0 kernel signature: be5b8598ea4694109ed58a389bdf9cdf51d14f722a5450cd573adc79acdd00c5 all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in amp_read_loc_assoc_final_data testing release v4.15 testing commit d8a5b80568a9cb66810e75b182018e9edb68e8ff with gcc (GCC) 8.1.0 kernel signature: d20375f57c5f474439262f01f6e945509e495faf7ab8d6feeede5981aa18563e all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in amp_read_loc_assoc_final_data testing release v4.14 testing commit bebc6082da0a9f5d47a1ea2edc099bf671058bd4 with gcc (GCC) 8.1.0 kernel signature: 271e53713c8cc46060ad5660d9ae92ece98622ce4e2bc13d2dcd19ede8ce19b2 all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in amp_read_loc_assoc_final_data testing release v4.13 testing commit 569dbb88e80deb68974ef6fdd6a13edb9d686261 with gcc (GCC) 8.1.0 kernel signature: aeb1f6bf120bffcef335be746dd54df746c5c5444728ac6eb783b4f99a4dfb3c all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in amp_read_loc_assoc_final_data testing release v4.12 testing commit 6f7da290413ba713f0cdd9ff1a2a9bb129ef4f6c with gcc (GCC) 8.1.0 kernel signature: 3d1bcf9edbd480557ef2a570462c4689537fa92d761365e198a6e39c55a13326 all runs: crashed: BUG: sleeping function called from invalid context in tap_get_minor testing release v4.11 testing commit a351e9b9fc24e982ec2f0e76379a49826036da12 with gcc (GCC) 7.3.0 kernel signature: 3f9cb9b50c7c6ea57c260679c21bee47df21a95dbf4a6d93cc97a19d1f0eb962 all runs: crashed: BUG: sleeping function called from invalid context in tap_get_minor testing release v4.10 testing commit c470abd4fde40ea6a0846a2beab642a578c0b8cd with gcc (GCC) 5.5.0 kernel signature: a13763eea150b791c28e73681fb36757d3c5ad0c32206ff369e4c28b3b70eb11 all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in amp_read_loc_assoc_final_data testing release v4.9 testing commit 69973b830859bc6529a7a0468ba0d80ee5117826 with gcc (GCC) 5.5.0 kernel signature: af6f38a08eb2071738210d07d154ba0d0063c91257c75a336c73f0db964cb8ae all runs: OK # git bisect start c470abd4fde40ea6a0846a2beab642a578c0b8cd 69973b830859bc6529a7a0468ba0d80ee5117826 Bisecting: 7099 revisions left to test after this (roughly 13 steps) [f4000cd99750065d5177555c0a805c97174d1b9f] Merge tag 'arm64-upstream' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux testing commit f4000cd99750065d5177555c0a805c97174d1b9f with gcc (GCC) 5.5.0 kernel signature: 9f85ec565613f205e86c970a5ffe42f2977df84ac5314a1478967e383df4b22a run #0: basic kernel testing failed: failed to copy test binary to VM: timedout ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "-i" "/syzkaller/jobs/linux/workdir/image/key" "/syzkaller/jobs/linux/gopath/src/github.com/google/syzkaller/bin/linux_amd64/syz-executor" "root@10.128.0.165:./syz-executor"] run #1: basic kernel testing failed: failed to copy test binary to VM: timedout ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "-i" "/syzkaller/jobs/linux/workdir/image/key" "/syzkaller/jobs/linux/gopath/src/github.com/google/syzkaller/bin/linux_amd64/syz-fuzzer" "root@10.128.15.196:./syz-fuzzer"] Warning: Permanently added '10.128.15.196' (ECDSA) to the list of known hosts. run #2: boot failed: WARNING: unrecognized kernel stack return address ADDR at ADDR in systemd-udevd:LINE run #3: boot failed: can't ssh into the instance run #4: boot failed: can't ssh into the instance run #5: boot failed: can't ssh into the instance run #6: boot failed: can't ssh into the instance run #7: boot failed: can't ssh into the instance run #8: boot failed: can't ssh into the instance run #9: boot failed: can't ssh into the instance # git bisect skip f4000cd99750065d5177555c0a805c97174d1b9f Bisecting: 7099 revisions left to test after this (roughly 13 steps) [ab1effc09519f3bb4b84dd6d8276cedf07b17a1b] staging: ks7010: Add blank line after declarations testing commit ab1effc09519f3bb4b84dd6d8276cedf07b17a1b with gcc (GCC) 5.5.0 kernel signature: 536ca36aff01336c7e31b0f24a7b7b49156572dd323e750cd6277dd1e72f02e2 all runs: OK # git bisect good ab1effc09519f3bb4b84dd6d8276cedf07b17a1b Bisecting: 7022 revisions left to test after this (roughly 13 steps) [09cb6464fe5e7fcd5177911429badd139c4481b7] Merge tag 'for-f2fs-4.10' of git://git.kernel.org/pub/scm/linux/kernel/git/jaegeuk/f2fs testing commit 09cb6464fe5e7fcd5177911429badd139c4481b7 with gcc (GCC) 5.5.0 kernel signature: 811854946c7873135f62581f66ffb10dbab31777cfccd71a971da827d4054acc run #0: boot failed: can't ssh into the instance run #1: boot failed: can't ssh into the instance run #2: boot failed: can't ssh into the instance run #3: boot failed: WARNING: unrecognized kernel stack return address ADDR at ADDR in systemd-udevd:LINE run #4: boot failed: WARNING: unrecognized kernel stack return address ADDR at ADDR in systemd-udevd:LINE run #5: boot failed: can't ssh into the instance run #6: boot failed: can't ssh into the instance run #7: boot failed: WARNING: unrecognized kernel stack return address ADDR at ADDR in systemd-udevd:LINE run #8: boot failed: can't ssh into the instance run #9: boot failed: can't ssh into the instance # git bisect skip 09cb6464fe5e7fcd5177911429badd139c4481b7 Bisecting: 7022 revisions left to test after this (roughly 13 steps) [68226b4dfa9b2e064e2f9e792bf7469f465054c7] [media] dvb-tc90522: Rename a jump label in tc90522_probe() testing commit 68226b4dfa9b2e064e2f9e792bf7469f465054c7 with gcc (GCC) 5.5.0 kernel signature: a413203a732bfb356fcf2857ce7c1738033432662e476858900a28e2d0433c09 run #0: OK run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: crashed: WARNING in nf_unregister_net_hook # git bisect bad 68226b4dfa9b2e064e2f9e792bf7469f465054c7 Bisecting: 94 revisions left to test after this (roughly 7 steps) [988fcf0c0ea694f6e6ba00fc9eb1c6a2e72edfe8] [media] Add documentation for V4L2_PIX_FMT_VP9 testing commit 988fcf0c0ea694f6e6ba00fc9eb1c6a2e72edfe8 with gcc (GCC) 5.5.0 kernel signature: 5495837f73fd92718867e441d14192c5b81d0b458bd1e111c7dc3cc64689ef91 run #0: OK run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: crashed: WARNING in nf_unregister_net_hook run #9: crashed: WARNING in nf_unregister_net_hook # git bisect bad 988fcf0c0ea694f6e6ba00fc9eb1c6a2e72edfe8 Bisecting: 46 revisions left to test after this (roughly 6 steps) [57425dc76d8174e7bfe94a11d089d3feeebb474c] [media] exynos4-is: don't break long lines testing commit 57425dc76d8174e7bfe94a11d089d3feeebb474c with gcc (GCC) 5.5.0 kernel signature: b07f75148d4827dd99e2b361ee5ddd3e53861048012a5feb43f65cfe0b79adda all runs: OK # git bisect good 57425dc76d8174e7bfe94a11d089d3feeebb474c Bisecting: 23 revisions left to test after this (roughly 5 steps) [68616504573945c24fe8f21466967b0d8a5cabf0] [media] tm6000: don't break long lines testing commit 68616504573945c24fe8f21466967b0d8a5cabf0 with gcc (GCC) 5.5.0 kernel signature: e9ce1116c2505ead19633a760c87819557cfefa3b741d463bfda4c9936603210 run #0: OK run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: crashed: WARNING in nf_unregister_net_hook # git bisect bad 68616504573945c24fe8f21466967b0d8a5cabf0 Bisecting: 11 revisions left to test after this (roughly 4 steps) [4a58d39075e1e2bc5ca8b379278659d95f072363] [media] b2c2: don't break long lines testing commit 4a58d39075e1e2bc5ca8b379278659d95f072363 with gcc (GCC) 5.5.0 kernel signature: dbaecc064fd8b8fe39cb78e18d22699ea40a7f6883a53ffc1fad4fa01e202766 run #0: OK run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: crashed: WARNING in nf_unregister_net_hook run #7: crashed: WARNING in nf_unregister_net_hook run #8: OK run #9: crashed: WARNING in nf_unregister_net_hook # git bisect bad 4a58d39075e1e2bc5ca8b379278659d95f072363 Bisecting: 4 revisions left to test after this (roughly 3 steps) [637d5ac51380b7021c711e183052b81afb89d160] [media] ti-vpe: don't break long lines testing commit 637d5ac51380b7021c711e183052b81afb89d160 with gcc (GCC) 5.5.0 kernel signature: b30130006f9c432f54cfaf67e060ecb13971fc050f8135b4e6a89a84ddefa15f run #0: OK run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: crashed: WARNING in nf_unregister_net_hook run #9: OK # git bisect bad 637d5ac51380b7021c711e183052b81afb89d160 Bisecting: 2 revisions left to test after this (roughly 2 steps) [d26da99058869a5a655820ea43b86f246bf6874a] [media] omap3isp: don't break long lines testing commit d26da99058869a5a655820ea43b86f246bf6874a with gcc (GCC) 5.5.0 kernel signature: c2572da931130c3e02cdf64fdec41eb18c4eaabe9871e26960fb2f5e130940e3 run #0: OK run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: crashed: WARNING in nf_unregister_net_hook # git bisect bad d26da99058869a5a655820ea43b86f246bf6874a Bisecting: 1 revision left to test after this (roughly 1 step) [a4585c31c5018578b4abf699ddfdff719dd1c313] [media] marvell-ccic: don't break long lines testing commit a4585c31c5018578b4abf699ddfdff719dd1c313 with gcc (GCC) 5.5.0 kernel signature: a689b43be4b83f302dc2e3b8ce6bbddd117dc07a1207e1995cd18a05a226810e run #0: OK run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: crashed: WARNING in nf_unregister_net_hook # git bisect bad a4585c31c5018578b4abf699ddfdff719dd1c313 a4585c31c5018578b4abf699ddfdff719dd1c313 is the first bad commit commit a4585c31c5018578b4abf699ddfdff719dd1c313 Author: Mauro Carvalho Chehab Date: Tue Oct 18 17:44:09 2016 -0200 [media] marvell-ccic: don't break long lines Due to the 80-cols restrictions, and latter due to checkpatch warnings, several strings were broken into multiple lines. This is not considered a good practice anymore, as it makes harder to grep for strings at the source code. As we're right now fixing other drivers due to KERN_CONT, we need to be able to identify what printk strings don't end with a "\n". It is a way easier to detect those if we don't break long lines. So, join those continuation lines. The patch was generated via the script below, and manually adjusted if needed. use Text::Tabs; while (<>) { if ($next ne "") { $c=$_; if ($c =~ /^\s+\"(.*)/) { $c2=$1; $next =~ s/\"\n$//; $n = expand($next); $funpos = index($n, '('); $pos = index($c2, '",'); if ($funpos && $pos > 0) { $s1 = substr $c2, 0, $pos + 2; $s2 = ' ' x ($funpos + 1) . substr $c2, $pos + 2; $s2 =~ s/^\s+//; $s2 = ' ' x ($funpos + 1) . $s2 if ($s2 ne ""); print unexpand("$next$s1\n"); print unexpand("$s2\n") if ($s2 ne ""); } else { print "$next$c2\n"; } $next=""; next; } else { print $next; } $next=""; } else { if (m/\"$/) { if (!m/\\n\"$/) { $next=$_; next; } } } print $_; } Signed-off-by: Mauro Carvalho Chehab drivers/media/platform/marvell-ccic/mcam-core.c | 26 +++++++------------------ 1 file changed, 7 insertions(+), 19 deletions(-) culprit signature: a689b43be4b83f302dc2e3b8ce6bbddd117dc07a1207e1995cd18a05a226810e parent signature: b07f75148d4827dd99e2b361ee5ddd3e53861048012a5feb43f65cfe0b79adda revisions tested: 32, total time: 5h54m38.136740862s (build: 2h40m44.264995041s, test: 3h9m54.41313705s) first bad commit: a4585c31c5018578b4abf699ddfdff719dd1c313 [media] marvell-ccic: don't break long lines cc: ["corbet@lwn.net" "linux-kernel@vger.kernel.org" "linux-media@vger.kernel.org" "mchehab@kernel.org" "mchehab@s-opensource.com"] crash: WARNING in nf_unregister_net_hook bond0 (unregistering): Releasing backup interface bond_slave_1 bond0 (unregistering): Releasing backup interface bond_slave_0 bond0 (unregistering): Released all slaves ------------[ cut here ]------------ WARNING: CPU: 0 PID: 9444 at net/netfilter/core.c:151 nf_unregister_net_hook+0x28a/0x3c0 net/netfilter/core.c:151 nf_unregister_net_hook: hook not found! Kernel panic - not syncing: panic_on_warn set ... CPU: 0 PID: 9444 Comm: kworker/u4:1 Not tainted 4.9.0-rc1-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: netns cleanup_net ffff88010f1ef890 ffffffff82d76a92 ffffffff86085f80 ffff88010f1ef968 ffffffff868b2400 ffffffff84d73d0a 0000000000000009 ffff88010f1ef958 ffffffff81641ef2 0000000041b58ab3 ffffffff86d6766f ffffffff81641d3c Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0x136/0x1d4 lib/dump_stack.c:51 [] panic+0x1b6/0x358 kernel/panic.c:179 [] __warn+0x18d/0x1b0 kernel/panic.c:542 [] warn_slowpath_fmt+0x92/0xb0 kernel/panic.c:565 [] nf_unregister_net_hook+0x28a/0x3c0 net/netfilter/core.c:151 [] nf_unregister_hook_list net/netfilter/core.c:484 [inline] [] netfilter_net_exit+0x36/0xa0 net/netfilter/core.c:516 [] ops_exit_list.isra.0+0x8e/0x120 net/core/net_namespace.c:136 [] cleanup_net+0x2d0/0x570 net/core/net_namespace.c:449 [] process_one_work+0x67d/0x14d0 kernel/workqueue.c:2096 [] worker_thread+0xe1/0x1050 kernel/workqueue.c:2230 [] kthread+0x20e/0x2d0 kernel/kthread.c:209 [] ret_from_fork+0x2a/0x40 arch/x86/entry/entry_64.S:433 Kernel Offset: disabled