bisecting cause commit starting from 729e3d091984487f7aa1ebfabfe594e5b317ed0f building syzkaller on ce441f065b6eebb166bb006dfd28ea0c6b730384 testing commit 729e3d091984487f7aa1ebfabfe594e5b317ed0f with gcc (GCC) 8.1.0 kernel signature: 62d231595e617d516998975c855b85a4e21a0cc5568850212a7c2d427f009c4e run #0: crashed: kernel panic: stack is corrupted in __schedule run #1: crashed: kernel panic: stack is corrupted in __schedule run #2: crashed: general protection fault in fbcon_putcs run #3: crashed: BUG: unable to handle kernel paging request in mntput_no_expire run #4: crashed: general protection fault in load_mm_ldt run #5: crashed: general protection fault in rcu_core run #6: crashed: INFO: trying to register non-static key in try_to_wake_up run #7: crashed: BUG: unable to handle kernel NULL pointer dereference in do_swap_page run #8: crashed: unexpected kernel reboot run #9: crashed: no output from test machine testing release v5.8 testing commit bcf876870b95592b52519ed4aafcf9d95999bc9c with gcc (GCC) 8.1.0 kernel signature: 5da6e61a3e2d04d93151baafd4be523e8171c455656aa5fcd59daf2222ee5138 run #0: crashed: general protection fault in __switch_to run #1: crashed: BUG: unable to handle kernel NULL pointer dereference in wait_consider_task run #2: crashed: BUG: Bad page map run #3: crashed: BUG: unable to handle kernel NULL pointer dereference in corrupted run #4: crashed: kernel panic: Fatal exception run #5: crashed: general protection fault in anon_vma_interval_tree_verify run #6: crashed: unexpected kernel reboot run #7: crashed: general protection fault in rcu_core run #8: crashed: kernel panic: corrupted stack end in sys_futex run #9: boot failed: can't ssh into the instance testing release v5.7 testing commit 3d77e6a8804abcc0504c904bd6e5cdf3a5cf8162 with gcc (GCC) 8.1.0 kernel signature: d90af3629575a8d0bf8c907fa8ea750c362032f1baa2252e7a742ec885d387ab run #0: crashed: unexpected kernel reboot run #1: crashed: BUG: spinlock bad magic in try_to_wake_up run #2: crashed: general protection fault in switch_mm_irqs_off run #3: crashed: general protection fault in psi_task_change run #4: crashed: general protection fault in psi_task_change run #5: crashed: general protection fault in __schedule run #6: crashed: kernel BUG at arch/x86/mm/physaddr.c:LINE! run #7: crashed: general protection fault in do_swap_page run #8: crashed: BUG: Bad page map run #9: crashed: no output from test machine testing release v5.6 testing commit 7111951b8d4973bda27ff663f2cf18b663d15b48 with gcc (GCC) 8.1.0 kernel signature: 73dbf527b7fc97c3ebb933d0cdf51d0aec4f537690597bed2e09774b71319bb2 run #0: crashed: INFO: trying to register non-static key in inode_doinit_with_dentry run #1: crashed: general protection fault in do_swap_page run #2: crashed: BUG: unable to handle kernel paging request in __schedule run #3: crashed: BUG: unable to handle kernel NULL pointer dereference in corrupted run #4: crashed: general protection fault in force_sig_info_to_task run #5: crashed: kernel BUG at arch/x86/mm/physaddr.c:LINE! run #6: crashed: unexpected kernel reboot run #7: crashed: general protection fault in copy_process run #8: crashed: WARNING in debug_mutex_wake_waiter run #9: crashed: no output from test machine testing release v5.5 testing commit d5226fa6dbae0569ee43ecfc08bdcd6770fc4755 with gcc (GCC) 8.1.0 kernel signature: 80a758ff2bedbd061f15b3e7042833a9da02e7b88ff28e11ac448b02040b76a8 run #0: crashed: WARNING in drop_futex_key_refs run #1: crashed: BUG: Bad page map run #2: crashed: general protection fault in do_swap_page run #3: crashed: KASAN: unknown-crash Read in __mutex_add_waiter run #4: crashed: KASAN: unknown-crash Read in sprintf run #5: crashed: KASAN: out-of-bounds Read in futex_wake run #6: crashed: WARNING: bad unlock balance in do_con_write run #7: crashed: kernel BUG at arch/x86/mm/physaddr.c:LINE! run #8: crashed: INFO: trying to register non-static key in calculate_sigpending run #9: crashed: BUG: corrupted list in tty_write_lock testing release v5.4 testing commit 219d54332a09e8d8741c1e1982f5eae56099de85 with gcc (GCC) 8.1.0 kernel signature: 2013785545b46d3fe6e93844452c2ddfdbd1e366cfa73bffff0a387acd272114 run #0: crashed: kernel panic: corrupted stack end in corrupted run #1: crashed: WARNING in mark_lock run #2: crashed: general protection fault in hrtimer_init run #3: crashed: BUG: unable to handle kernel NULL pointer dereference in __hrtimer_run_queues run #4: crashed: BUG: unable to handle kernel paging request in corrupted run #5: crashed: unexpected kernel reboot run #6: crashed: general protection fault in __enqueue_entity run #7: crashed: kernel BUG at arch/x86/mm/physaddr.c:LINE! run #8: crashed: BUG: corrupted list in tty_write_lock run #9: crashed: BUG: corrupted list in __mutex_add_waiter testing release v5.3 testing commit 4d856f72c10ecb060868ed10ff1b1453943fc6c8 with gcc (GCC) 8.1.0 kernel signature: 848d5a00286eb15e370176a1c1ba38a3113ce7bc560bbfe00db4f2d6b76eac83 run #0: crashed: general protection fault in schedule run #1: crashed: general protection fault in hrtimer_nanosleep run #2: crashed: general protection fault in get_unmapped_area run #3: crashed: kernel panic: corrupted stack end in corrupted run #4: crashed: general protection fault in update_cfs_rq_h_load run #5: crashed: BUG: unable to handle kernel paging request in copy_process run #6: crashed: general protection fault in __enqueue_entity run #7: crashed: BUG: Bad page map run #8: crashed: general protection fault in rb_insert_color run #9: crashed: kernel BUG at arch/x86/mm/physaddr.c:LINE! testing release v5.2 testing commit 0ecfebd2b52404ae0c54a878c872bb93363ada36 with gcc (GCC) 8.1.0 kernel signature: 95695ea02682784e5dcbf0336484c5519c8ffc77463c256f984594ebbe335e8a run #0: crashed: general protection fault in plist_check_prev_next run #1: crashed: WARNING in corrupted run #2: crashed: WARNING in corrupted run #3: crashed: BUG: unable to handle kernel paging request in corrupted run #4: crashed: kernel panic: stack is corrupted in __schedule run #5: crashed: kernel BUG at arch/x86/mm/physaddr.c:LINE! run #6: crashed: kernel BUG at arch/x86/mm/physaddr.c:LINE! run #7: crashed: INFO: trying to register non-static key in release_task run #8: crashed: WARNING: locking bug in try_to_wake_up run #9: crashed: BUG: unable to handle kernel paging request in task_clear_jobctl_pending testing release v5.1 testing commit e93c9c99a629c61837d5a7fc2120cd2b6c70dbdd with gcc (GCC) 8.1.0 kernel signature: 375b4fcd838ee7ff2fe4993894f8f6f448664dfc107d45735a828d3629bf5f05 run #0: crashed: BUG: corrupted list in tty_write_lock run #1: crashed: general protection fault in futex_wake run #2: crashed: kernel panic: stack is corrupted in __se_sys_futex run #3: crashed: BUG: unable to handle kernel NULL pointer dereference in corrupted run #4: crashed: general protection fault in __schedule run #5: crashed: general protection fault in switch_mm_irqs_off run #6: crashed: kernel BUG at arch/x86/mm/physaddr.c:LINE! run #7: crashed: BUG: unable to handle kernel paging request in cfb_imageblit run #8: crashed: WARNING: locking bug in add_wait_queue run #9: crashed: no output from test machine testing release v5.0 testing commit 1c163f4c7b3f621efff9b28a47abb36f7378d783 with gcc (GCC) 8.1.0 kernel signature: 997f9393935885681129596262770d640067dbe14447eea382f3080c360e664b run #0: crashed: BUG: unable to handle kernel NULL pointer dereference in corrupted run #1: crashed: BUG: unable to handle kernel NULL pointer dereference in corrupted run #2: crashed: general protection fault in __schedule run #3: crashed: kernel panic: Fatal exception run #4: crashed: general protection fault in xas_start run #5: crashed: WARNING in debug_mutex_wake_waiter run #6: crashed: BUG: unable to handle kernel paging request in corrupted run #7: crashed: unexpected kernel reboot run #8: crashed: general protection fault in mm_update_next_owner run #9: crashed: no output from test machine testing release v4.20 testing commit 8fe28cb58bcb235034b64cbbb7550a8a43fd88be with gcc (GCC) 8.1.0 kernel signature: 3233ebd2abd2596b6c3ccc6acf2e4d4348d98f733855415ac9c8838c9d5c22aa run #0: crashed: BUG: corrupted list in __mutex_add_waiter run #1: crashed: kernel panic: corrupted stack end in sys_futex run #2: crashed: BUG: unable to handle kernel NULL pointer dereference in corrupted run #3: crashed: general protection fault in shmem_evict_inode run #4: crashed: general protection fault in anon_vma_interval_tree_insert run #5: crashed: WARNING in try_to_wake_up run #6: crashed: unexpected kernel reboot run #7: crashed: kernel panic: stack is corrupted in __schedule run #8: crashed: general protection fault in do_con_write run #9: crashed: BUG: corrupted list in wait_for_common testing release v4.19 testing commit 84df9525b0c27f3ebc2ebb1864fa62a97fdedb7d with gcc (GCC) 8.1.0 kernel signature: 51dc9a8576e0da47fd75ec292e9608b1f92350d35d56636320734b9f492b67a4 run #0: crashed: BUG: unable to handle kernel NULL pointer dereference in futex_wait run #1: crashed: general protection fault in __insert_vmap_area run #2: crashed: general protection fault in anon_vma_interval_tree_verify run #3: crashed: kernel panic: stack is corrupted in __schedule run #4: crashed: general protection fault in __radix_tree_lookup run #5: crashed: WARNING in try_to_wake_up run #6: crashed: unexpected kernel reboot run #7: crashed: BUG: corrupted list in corrupted run #8: crashed: unexpected kernel reboot run #9: crashed: kernel BUG at arch/x86/mm/physaddr.c:LINE! testing release v4.18 testing commit 94710cac0ef4ee177a63b5227664b38c95bbf703 with gcc (GCC) 8.1.0 kernel signature: 5d899a18c473c8faca5583069f023894271d4bcb47bebec05a5e5a1606c4a4cd run #0: crashed: BUG: unable to handle kernel NULL pointer dereference in hrtimer_interrupt run #1: crashed: WARNING in perf_event_delayed_put run #2: crashed: kernel BUG at mm/mmap.c:LINE! run #3: crashed: BUG: Bad page map run #4: crashed: kernel panic: stack is corrupted in __schedule run #5: crashed: WARNING: ODEBUG bug in __do_softirq run #6: crashed: general protection fault in futex_wake run #7: crashed: kernel panic: stack is corrupted in __schedule run #8: crashed: kernel BUG at arch/x86/mm/physaddr.c:LINE! run #9: crashed: BUG: unable to handle kernel paging request in corrupted testing release v4.17 testing commit 29dcea88779c856c7dc92040a0c01233263101d4 with gcc (GCC) 8.1.0 kernel signature: 417fcaab65d57ab670c045558de7fd8fbfb88e5a400aca13be0436f0cf17161c run #0: crashed: BUG: unable to handle kernel NULL pointer dereference in corrupted run #1: crashed: general protection fault in __insert_vmap_area run #2: crashed: kernel BUG at arch/x86/mm/physaddr.c:LINE! run #3: crashed: BUG: unable to handle kernel NULL pointer dereference in corrupted run #4: crashed: kernel BUG at mm/memory.c:LINE! run #5: crashed: general protection fault in tty_write_lock run #6: crashed: BUG: unable to handle kernel NULL pointer dereference in corrupted run #7: crashed: unexpected kernel reboot run #8: crashed: kernel BUG at arch/x86/mm/physaddr.c:LINE! run #9: crashed: unexpected kernel reboot testing release v4.16 testing commit 0adb32858b0bddf4ada5f364a84ed60b196dbcda with gcc (GCC) 8.1.0 kernel signature: 5475a424e9ec474a9bf3876c56222adf4862e8f8e188f54d4a75196f056b3c3b run #0: crashed: WARNING in try_to_wake_up run #1: crashed: general protection fault in __radix_tree_lookup run #2: crashed: BUG: unable to handle kernel paging request in alloc_vmap_area run #3: crashed: general protection fault in switch_mm_irqs_off run #4: crashed: KASAN: slab-out-of-bounds Write in selinux_sb_show_options run #5: crashed: BUG: Bad page map run #6: crashed: general protection fault in quarantine_remove_cache run #7: crashed: general protection fault in __switch_to run #8: crashed: WARNING in vmacache_find run #9: crashed: kernel panic: Fatal exception testing release v4.15 testing commit d8a5b80568a9cb66810e75b182018e9edb68e8ff with gcc (GCC) 8.1.0 kernel signature: 8d3ab9f0875bdf77a75384738b76ec2bee22013236277bd3cb7cc9ba68966248 run #0: crashed: BUG: corrupted list in copy_process run #1: crashed: kernel panic: Fatal exception run #2: crashed: general protection fault in alloc_vmap_area run #3: crashed: unexpected kernel reboot run #4: crashed: general protection fault in __insert_vmap_area run #5: crashed: BUG: corrupted list in account_entity_dequeue run #6: crashed: unexpected kernel reboot run #7: crashed: unexpected kernel reboot run #8: crashed: BUG: Bad page map run #9: crashed: kernel BUG at arch/x86/mm/physaddr.c:LINE! testing release v4.14 testing commit bebc6082da0a9f5d47a1ea2edc099bf671058bd4 with gcc (GCC) 8.1.0 kernel signature: f9f734ab78191317886e9376dfa4fdfcb26dc9ba2c110e3d6ff8011ac0593bcd run #0: crashed: INFO: trying to register non-static key in try_to_wake_up run #1: crashed: unexpected kernel reboot run #2: crashed: BUG: Bad page map run #3: crashed: BUG: unable to handle kernel paging request in corrupted run #4: crashed: general protection fault in __radix_tree_lookup run #5: crashed: general protection fault in acct_collect run #6: crashed: kernel BUG at arch/x86/mm/physaddr.c:LINE! run #7: crashed: BUG: sleeping function called from invalid context in __do_page_fault run #8: crashed: BUG: unable to handle kernel paging request in corrupted run #9: crashed: general protection fault in cgroup_show_path testing release v4.13 testing commit 569dbb88e80deb68974ef6fdd6a13edb9d686261 with gcc (GCC) 8.1.0 kernel signature: 126f3bf6ae78722497056186c805e40ba1befbed933245488669c79e1bd0aa36 run #0: crashed: BUG: unable to handle kernel NULL pointer dereference in corrupted run #1: crashed: BUG: unable to handle kernel NULL pointer dereference in corrupted run #2: crashed: general protection fault in __switch_to run #3: crashed: general protection fault in dup_userfaultfd run #4: crashed: unexpected kernel reboot run #5: crashed: general protection fault in quarantine_remove_cache run #6: crashed: BUG: Bad page map run #7: crashed: BUG: corrupted list in tty_write_lock run #8: crashed: BUG: unable to handle kernel paging request in mm_update_next_owner run #9: crashed: general protection fault in wait_consider_task testing release v4.12 testing commit 6f7da290413ba713f0cdd9ff1a2a9bb129ef4f6c with gcc (GCC) 8.1.0 kernel signature: c40590176584feda23a550433d344ccaf312f18e250d46092c165f36e8aed1f8 all runs: crashed: BUG: sleeping function called from invalid context in tap_get_minor testing release v4.11 testing commit a351e9b9fc24e982ec2f0e76379a49826036da12 with gcc (GCC) 7.3.0 kernel signature: ba7b600e5b0152262320be5cf638b8d812fefb8a23552c9731b07892fe71102e all runs: crashed: BUG: sleeping function called from invalid context in tap_get_minor testing release v4.10 testing commit c470abd4fde40ea6a0846a2beab642a578c0b8cd with gcc (GCC) 5.5.0 kernel signature: 5c4cef9ed121e52e9bdd3aee4a694b7eabe02f9cbbc78462effdbfba6632d059 run #0: crashed: general protection fault in __schedule run #1: crashed: BUG: corrupted list in css_set_move_task run #2: crashed: kernel BUG at fs/namei.c:LINE! run #3: crashed: general protection fault in futex_wake run #4: crashed: general protection fault in quarantine_remove_cache run #5: crashed: unexpected kernel reboot run #6: crashed: BUG: unable to handle kernel NULL pointer dereference in corrupted run #7: crashed: WARNING in corrupted run #8: crashed: general protection fault in futex_wake run #9: crashed: kernel BUG at arch/x86/mm/physaddr.c:LINE! testing release v4.9 testing commit 69973b830859bc6529a7a0468ba0d80ee5117826 with gcc (GCC) 5.5.0 kernel signature: 8d29639f908553a7250abd529d3a81bc40fdbac1bb3ff252ce71ca9be4d013ba run #0: crashed: WARNING in vmacache_find run #1: crashed: INFO: trying to register non-static key in entry_SYSCALL_64_fastpath run #2: crashed: BUG: unable to handle kernel paging request in switch_mm_irqs_off run #3: crashed: general protection fault in batadv_iv_send_outstanding_bat_ogm_packet run #4: crashed: WARNING in try_to_wake_up run #5: crashed: BUG: Bad page map run #6: crashed: general protection fault in creds_are_invalid run #7: crashed: general protection fault in acct_collect run #8: crashed: general protection fault in _do_fork run #9: crashed: WARNING in corrupted testing release v4.8 testing commit c8d2bc9bc39ebea8437fd974fdbc21847bb897a3 with gcc (GCC) 5.5.0 kernel signature: e3c44264e04a4c60a59d8ad2622b684dcd098d83a54c654e7c914920840ea62b run #0: crashed: BUG: unable to handle kernel NULL pointer dereference in hrtimer_interrupt run #1: crashed: general protection fault in selinux_netlbl_sk_security_free run #2: crashed: BUG: unable to handle kernel NULL pointer dereference in corrupted run #3: crashed: kernel BUG at mm/mmap.c:LINE! run #4: crashed: BUG: unable to handle kernel NULL pointer dereference in corrupted run #5: crashed: WARNING in debug_mutex_wake_waiter run #6: crashed: kernel BUG at kernel/cred.c:LINE! run #7: crashed: WARNING in corrupted run #8: crashed: kernel BUG at fs/namei.c:LINE! run #9: crashed: WARNING in corrupted testing release v4.7 testing commit 523d939ef98fd712632d93a5a2b588e477a7565e with gcc (GCC) 5.5.0 kernel signature: bccc48d33f804fcc72bbd8467f72e9aec2a03fdf280384c890460994caf565b5 all runs: crashed: possible deadlock in copy_cgroup_ns testing release v4.6 testing commit 2dcd0af568b0cf583645c8a317dd12e344b1c72a with gcc (GCC) 5.5.0 kernel signature: 6808081f088c03ba78237e44517fb296c104f38ff42dd3bb306b2accdc945d51 all runs: crashed: WARNING in sysfs_warn_dup revisions tested: 25, total time: 4h41m34.24746717s (build: 2h18m32.521859642s, test: 2h19m11.280588342s) the crash already happened on the oldest tested release commit msg: Linux 4.6 crash: WARNING in sysfs_warn_dup bond0: Enslaving bond_slave_0 as an active interface with an up link IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready bond0: Enslaving bond_slave_1 as an active interface with an up link IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready ------------[ cut here ]------------ WARNING: CPU: 1 PID: 5874 at fs/sysfs/dir.c:31 sysfs_warn_dup+0x7b/0xa0 fs/sysfs/dir.c:30 sysfs: cannot create duplicate filename '/class/macvtap/tap50' Kernel panic - not syncing: panic_on_warn set ... CPU: 1 PID: 5874 Comm: syz-executor.5 Not tainted 4.6.0-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 0000000000000000 ffff8800b0b06fc8 ffffffff82c65e52 ffffffff85c81040 ffff8800b0b070a0 ffffffff85d2bb80 ffffffff8191bd7b 0000000000000009 ffff8800b0b07090 ffffffff8160d884 0000000041b58ab3 ffffffff868f8c5a Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0x136/0x1d4 lib/dump_stack.c:51 [] panic+0x1af/0x348 kernel/panic.c:152 [] __warn+0x18d/0x1b0 kernel/panic.c:504 [] warn_slowpath_fmt+0x92/0xb0 kernel/panic.c:527 [] sysfs_warn_dup+0x7b/0xa0 fs/sysfs/dir.c:30 [] sysfs_do_create_link_sd.isra.0+0xd1/0xf0 fs/sysfs/symlink.c:51 [] sysfs_do_create_link fs/sysfs/symlink.c:80 [inline] [] sysfs_create_link+0x43/0xb0 fs/sysfs/symlink.c:92 [] device_add_class_symlinks drivers/base/core.c:891 [inline] [] device_add+0x677/0x1350 drivers/base/core.c:1086 [] device_create_groups_vargs+0x1c8/0x220 drivers/base/core.c:1709 [] device_create_vargs drivers/base/core.c:1749 [inline] [] device_create+0x88/0xa0 drivers/base/core.c:1785 [] macvtap_device_event+0x1c4/0x2a0 drivers/net/macvtap.c:1298 [] notifier_call_chain+0x8b/0x170 kernel/notifier.c:93 [] __raw_notifier_call_chain kernel/notifier.c:394 [inline] [] raw_notifier_call_chain+0x11/0x20 kernel/notifier.c:401 [] call_netdevice_notifiers_info+0x47/0x80 net/core/dev.c:1643 [] call_netdevice_notifiers net/core/dev.c:1659 [inline] [] register_netdevice+0x8e8/0xd00 net/core/dev.c:7027 [] macvlan_common_newlink+0x8b9/0x1090 drivers/net/macvlan.c:1316 [] macvtap_newlink+0xbf/0x110 drivers/net/macvtap.c:471 [] rtnl_newlink+0xd4b/0x1230 net/core/rtnetlink.c:2466 [] rtnetlink_rcv_msg+0x222/0x680 net/core/rtnetlink.c:3513 [] netlink_rcv_skb+0x242/0x350 net/netlink/af_netlink.c:2277 [] rtnetlink_rcv+0x25/0x30 net/core/rtnetlink.c:3519 [] netlink_unicast_kernel net/netlink/af_netlink.c:1214 [inline] [] netlink_unicast+0x3da/0x560 net/netlink/af_netlink.c:1240 [] netlink_sendmsg+0x9bb/0xb40 net/netlink/af_netlink.c:1786 [] sock_sendmsg_nosec net/socket.c:612 [inline] [] sock_sendmsg+0xb5/0xf0 net/socket.c:622 [] SYSC_sendto net/socket.c:1648 [inline] [] SyS_sendto+0x1ca/0x290 net/socket.c:1616 [] entry_SYSCALL_64_fastpath+0x23/0xc1 Kernel Offset: disabled