bisecting cause commit starting from 27bba9c532a8d21050b94224ffd310ad0058c353 building syzkaller on 680688040fc26d17a49a9663fbbd6a716c6247b6 testing commit 27bba9c532a8d21050b94224ffd310ad0058c353 with gcc (GCC) 8.1.0 kernel signature: 41217fdc183a4764e26a2427056fa279011e6e6d9c789dab01284651adbca8fc all runs: crashed: kernel BUG at fs/notify/dnotify/dnotify.c:LINE! testing release v5.9 testing commit bbf5c979011a099af5dc76498918ed7df445635b with gcc (GCC) 8.1.0 kernel signature: 1b5b3de9b55a7181ffba9b6457a83807d531a3bbd536e6c35bc5192c1659ed42 all runs: crashed: kernel BUG at fs/notify/dnotify/dnotify.c:LINE! testing release v5.8 testing commit bcf876870b95592b52519ed4aafcf9d95999bc9c with gcc (GCC) 8.1.0 kernel signature: 82cdf2423a5af0a98678b8bd92dd3fc56ec26583c958eeed51bda4d4aeb36f3b run #0: crashed: kernel BUG at fs/notify/dnotify/dnotify.c:LINE! run #1: crashed: kernel BUG at fs/notify/dnotify/dnotify.c:LINE! run #2: crashed: kernel BUG at fs/notify/dnotify/dnotify.c:LINE! run #3: crashed: kernel BUG at fs/notify/dnotify/dnotify.c:LINE! run #4: crashed: kernel BUG at fs/notify/dnotify/dnotify.c:LINE! run #5: crashed: kernel BUG at fs/notify/dnotify/dnotify.c:LINE! run #6: crashed: kernel BUG at fs/notify/dnotify/dnotify.c:LINE! run #7: crashed: kernel BUG at fs/notify/dnotify/dnotify.c:LINE! run #8: crashed: kernel BUG at fs/notify/dnotify/dnotify.c:LINE! run #9: boot failed: can't ssh into the instance testing release v5.7 testing commit 3d77e6a8804abcc0504c904bd6e5cdf3a5cf8162 with gcc (GCC) 8.1.0 kernel signature: f4ef9bbf4213b89c508003623c8f8a427547b6b16955c7ee6446b98f4ec03e52 all runs: crashed: kernel BUG at fs/notify/dnotify/dnotify.c:LINE! testing release v5.6 testing commit 7111951b8d4973bda27ff663f2cf18b663d15b48 with gcc (GCC) 8.1.0 kernel signature: 7084b229360b1d4c11d1fb2625b5c3c026bb5302e5e9206f26588c5ac59000bc all runs: crashed: kernel BUG at fs/notify/dnotify/dnotify.c:LINE! testing release v5.5 testing commit d5226fa6dbae0569ee43ecfc08bdcd6770fc4755 with gcc (GCC) 8.1.0 kernel signature: 373412731a18e276df3a91eb20d2369e6b27d018cdc04ba7be0fbe19947ac887 all runs: crashed: kernel BUG at fs/notify/dnotify/dnotify.c:LINE! testing release v5.4 testing commit 219d54332a09e8d8741c1e1982f5eae56099de85 with gcc (GCC) 8.1.0 kernel signature: 6779b4f00aa7600b4736b8eec77e851888325d17e44f4242d76df29dbeb69592 all runs: crashed: kernel BUG at fs/notify/dnotify/dnotify.c:LINE! testing release v5.3 testing commit 4d856f72c10ecb060868ed10ff1b1453943fc6c8 with gcc (GCC) 8.1.0 kernel signature: 0f6303c3f816f470b9763a92dd25a9ad42f8414eb150a629d97170c6152b6a42 all runs: crashed: kernel BUG at fs/notify/dnotify/dnotify.c:LINE! testing release v5.2 testing commit 0ecfebd2b52404ae0c54a878c872bb93363ada36 with gcc (GCC) 8.1.0 kernel signature: 7e995a2a0f913fb64cd2c14dcbd04046c26ffeef29277131e7b6860c4739a70d all runs: crashed: kernel BUG at fs/notify/dnotify/dnotify.c:LINE! testing release v5.1 testing commit e93c9c99a629c61837d5a7fc2120cd2b6c70dbdd with gcc (GCC) 8.1.0 kernel signature: ae3b59540985da0dfb3b22102e28a8992f710dc9c514db67a57a843793f57c1d all runs: crashed: kernel BUG at fs/notify/dnotify/dnotify.c:LINE! testing release v5.0 testing commit 1c163f4c7b3f621efff9b28a47abb36f7378d783 with gcc (GCC) 8.1.0 kernel signature: 72b03c0b04ec08b00bf17719ea533594ddaa13003a285ea1a8a1bb4f094ce1cd all runs: crashed: kernel BUG at fs/notify/dnotify/dnotify.c:LINE! testing release v4.20 testing commit 8fe28cb58bcb235034b64cbbb7550a8a43fd88be with gcc (GCC) 8.1.0 kernel signature: 895b5a29f419cb7b7ce3f8db9eb8b7a355d3d4d03f8defbb78165479a7ed6d17 run #0: basic kernel testing failed: general protection fault in batadv_iv_ogm_queue_add run #1: crashed: kernel BUG at fs/notify/dnotify/dnotify.c:LINE! run #2: crashed: kernel BUG at fs/notify/dnotify/dnotify.c:LINE! run #3: crashed: kernel BUG at fs/notify/dnotify/dnotify.c:LINE! run #4: crashed: kernel BUG at fs/notify/dnotify/dnotify.c:LINE! run #5: crashed: kernel BUG at fs/notify/dnotify/dnotify.c:LINE! run #6: crashed: kernel BUG at fs/notify/dnotify/dnotify.c:LINE! run #7: crashed: kernel BUG at fs/notify/dnotify/dnotify.c:LINE! run #8: crashed: kernel BUG at fs/notify/dnotify/dnotify.c:LINE! run #9: crashed: kernel BUG at fs/notify/dnotify/dnotify.c:LINE! testing release v4.19 testing commit 84df9525b0c27f3ebc2ebb1864fa62a97fdedb7d with gcc (GCC) 8.1.0 kernel signature: ae05ba1071c863e07e7c4afe761a82d84b1f0f9b269d9f5bb292d99b8d3ab0f9 all runs: crashed: kernel BUG at fs/notify/dnotify/dnotify.c:LINE! testing release v4.18 testing commit 94710cac0ef4ee177a63b5227664b38c95bbf703 with gcc (GCC) 8.1.0 kernel signature: 2a8bb4d76b8288f7a99cb91be5073dc1d3357c035790d5cf4a702e03f2f02933 all runs: crashed: kernel BUG at fs/notify/dnotify/dnotify.c:LINE! testing release v4.17 testing commit 29dcea88779c856c7dc92040a0c01233263101d4 with gcc (GCC) 8.1.0 kernel signature: 72165d1d86b4dee9744ba491c91fc9c80ffb37cf390303c0f72354a9dc4a45be all runs: crashed: kernel BUG at fs/notify/dnotify/dnotify.c:LINE! testing release v4.16 testing commit 0adb32858b0bddf4ada5f364a84ed60b196dbcda with gcc (GCC) 8.1.0 kernel signature: 3fc5f0eab0af84452405f9bc3c5543e4a6ce652e5ecb1fa268bd83573d3c510d all runs: crashed: kernel BUG at fs/notify/dnotify/dnotify.c:LINE! testing release v4.15 testing commit d8a5b80568a9cb66810e75b182018e9edb68e8ff with gcc (GCC) 8.1.0 kernel signature: 53fd15debb53298402b4317cc331560304ecea552ed8ea121affe2082556f1dc run #0: basic kernel testing failed: WARNING in check_flush_dependency run #1: basic kernel testing failed: WARNING in check_flush_dependency run #2: basic kernel testing failed: WARNING in check_flush_dependency run #3: basic kernel testing failed: failed to copy test binary to VM: failed to run ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "-i" "/syzkaller/jobs/linux/workdir/image/key" "/syzkaller/jobs/linux/gopath/src/github.com/google/syzkaller/bin/linux_amd64/syz-execprog" "root@10.128.15.196:./syz-execprog"]: exit status 1 Connection timed out during banner exchange lost connection run #4: basic kernel testing failed: WARNING in check_flush_dependency run #5: basic kernel testing failed: WARNING in check_flush_dependency run #6: basic kernel testing failed: WARNING in check_flush_dependency run #7: basic kernel testing failed: WARNING in check_flush_dependency run #8: basic kernel testing failed: WARNING in check_flush_dependency run #9: crashed: kernel BUG at fs/notify/dnotify/dnotify.c:LINE! testing release v4.14 testing commit bebc6082da0a9f5d47a1ea2edc099bf671058bd4 with gcc (GCC) 8.1.0 kernel signature: 6cad98fbb4c7a6e0d8c37d81d34a5d503540a3d8ea462d91bf298f14e9d653e1 all runs: crashed: kernel BUG at fs/notify/dnotify/dnotify.c:LINE! testing release v4.13 testing commit 569dbb88e80deb68974ef6fdd6a13edb9d686261 with gcc (GCC) 8.1.0 kernel signature: 5f7238e3f4c24bfe826d90f486b93b58c8347df5f801c966b169b37d7e8ba843 all runs: crashed: kernel BUG at fs/notify/dnotify/dnotify.c:LINE! testing release v4.12 testing commit 6f7da290413ba713f0cdd9ff1a2a9bb129ef4f6c with gcc (GCC) 8.1.0 kernel signature: 2cb9b8b4da694d0e256c6756757ce7d475ac035fd266854dd70503d229bb54ba all runs: basic kernel testing failed: BUG: sleeping function called from invalid context in tap_get_minor testing release v4.11 testing commit a351e9b9fc24e982ec2f0e76379a49826036da12 with gcc (GCC) 7.3.0 kernel signature: 0d588755891e7d7a4d87a3cb3b4ef8247c6cd95aff3f1c255502eb6a3d590f95 all runs: basic kernel testing failed: BUG: sleeping function called from invalid context in tap_get_minor testing release v4.10 testing commit c470abd4fde40ea6a0846a2beab642a578c0b8cd with gcc (GCC) 5.5.0 kernel signature: 5c8bd7eb322a8fad8fe89eecf5769972222cd06a85216f0e6159b5fc8acd91bb all runs: crashed: kernel BUG at fs/notify/dnotify/dnotify.c:LINE! testing release v4.9 testing commit 69973b830859bc6529a7a0468ba0d80ee5117826 with gcc (GCC) 5.5.0 kernel signature: 7d9da2442d27cda1b82fe8b0e25e3dfe8bd4430ed90b31b4fe96dedff4969360 all runs: crashed: kernel BUG at fs/notify/dnotify/dnotify.c:LINE! testing release v4.8 testing commit c8d2bc9bc39ebea8437fd974fdbc21847bb897a3 with gcc (GCC) 5.5.0 kernel signature: ad09b57e67f739483460a40863abf46b122d757975a23d9dfaf0f290583aeef5 run #0: basic kernel testing failed: general protection fault in br_multicast_group_expired run #1: crashed: kernel BUG at fs/notify/dnotify/dnotify.c:LINE! run #2: crashed: kernel BUG at fs/notify/dnotify/dnotify.c:LINE! run #3: crashed: kernel BUG at fs/notify/dnotify/dnotify.c:LINE! run #4: crashed: kernel BUG at fs/notify/dnotify/dnotify.c:LINE! run #5: crashed: kernel BUG at fs/notify/dnotify/dnotify.c:LINE! run #6: crashed: kernel BUG at fs/notify/dnotify/dnotify.c:LINE! run #7: crashed: kernel BUG at fs/notify/dnotify/dnotify.c:LINE! run #8: crashed: kernel BUG at fs/notify/dnotify/dnotify.c:LINE! run #9: crashed: kernel BUG at fs/notify/dnotify/dnotify.c:LINE! testing release v4.7 testing commit 523d939ef98fd712632d93a5a2b588e477a7565e with gcc (GCC) 5.5.0 kernel signature: 54cb4cc15abdc10124def5cb15f0eca1f887ecefa35a798f06c6f21a02036e6d run #0: basic kernel testing failed: BUG: program execution failed: executor 0: failed to write control pipe: write |1: broken pipe run #1: basic kernel testing failed: BUG: program execution failed: executor 0: failed to write control pipe: write |1: broken pipe run #2: basic kernel testing failed: BUG: program execution failed: executor 0: failed to write control pipe: write |1: broken pipe run #3: basic kernel testing failed: BUG: program execution failed: executor 0: failed to write control pipe: write |1: broken pipe run #4: basic kernel testing failed: BUG: program execution failed: executor 0: failed to write control pipe: write |1: broken pipe run #5: basic kernel testing failed: BUG: program execution failed: executor 0: failed to write control pipe: write |1: broken pipe run #6: basic kernel testing failed: BUG: program execution failed: executor 0: exit status 67 run #7: basic kernel testing failed: BUG: program execution failed: executor 0: failed to write control pipe: write |1: broken pipe run #8: basic kernel testing failed: BUG: program execution failed: executor 0: failed to write control pipe: write |1: broken pipe run #9: basic kernel testing failed: BUG: program execution failed: executor 0: exit status 67 testing release v4.6 testing commit 2dcd0af568b0cf583645c8a317dd12e344b1c72a with gcc (GCC) 5.5.0 kernel signature: 0362e41d056acade036fa2aa49eebc326b66481b4172c079263d02c4ca08fa4a all runs: basic kernel testing failed: BUG: program execution failed: executor 0: failed to write control pipe: write |1: broken pipe revisions tested: 26, total time: 3h26m18.887472181s (build: 2h4m27.54534471s, test: 1h17m54.394257147s) the crash already happened on the oldest tested release commit msg: Linux 4.8 crash: kernel BUG at fs/notify/dnotify/dnotify.c:LINE! IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready ------------[ cut here ]------------ kernel BUG at fs/notify/dnotify/dnotify.c:134! invalid opcode: 0000 [#1] PREEMPT SMP KASAN Modules linked in: CPU: 1 PID: 3093 Comm: kworker/u4:4 Not tainted 4.8.0-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: events_unbound fsnotify_mark_destroy_workfn task: ffff8801335c1800 task.stack: ffff880133e60000 RIP: 0010:[] [] dnotify_free_mark+0x3e/0x50 fs/notify/dnotify/dnotify.c:134 RSP: 0018:ffff880133e67b68 EFLAGS: 00010286 RAX: dffffc0000000000 RBX: ffff88012bd79000 RCX: ffff88012bd79010 RDX: 1ffff100257af210 RSI: ffff88012bd79000 RDI: ffff88012bd79080 RBP: ffff880133e67b70 R08: ffff88012bd79010 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: ffff880133e67bc0 R13: ffff880139910000 R14: dffffc0000000000 R15: ffff88012bd79000 FS: 0000000000000000(0000) GS:ffff88013bd00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000055e6fb441188 CR3: 0000000128349000 CR4: 00000000001406e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Stack: ffff880133b94a18 ffff880133e67b88 ffffffff8184b479 ffff880139910010 ffff880133e67c28 ffffffff8184cf13 1ffff100267ccf74 0000000041b58ab3 ffffffff879f7d58 ffffffff8184cda0 ffff880133e67c38 ffff880139910010 Call Trace: [] fsnotify_put_mark+0x59/0x70 fs/notify/mark.c:113 [] fsnotify_mark_destroy_list+0x173/0x210 fs/notify/mark.c:555 [] fsnotify_mark_destroy_workfn+0x9/0x10 fs/notify/mark.c:561 [] process_one_work+0x67d/0x14f0 kernel/workqueue.c:2096 [] worker_thread+0xda/0xf10 kernel/workqueue.c:2230 [] kthread+0x209/0x2d0 kernel/kthread.c:209 [] ret_from_fork+0x1f/0x40 arch/x86/entry/entry_64.S:393 Code: 89 fa 48 89 e5 48 83 ec 08 48 c1 ea 03 80 3c 02 00 75 1a 48 83 be 80 00 00 00 00 75 0e 48 8b 3d 11 65 25 07 e8 c4 ad ec ff c9 c3 <0f> 0b 48 89 75 f8 e8 37 f9 ec ff 48 8b 75 f8 eb d7 90 48 b8 00 RIP [] dnotify_free_mark+0x3e/0x50 fs/notify/dnotify/dnotify.c:137 RSP ---[ end trace 0096b90fd8a7d228 ]---