bisecting cause commit starting from abb3438d69fb6dd5baa4ae23eafbf5b87945eff1 building syzkaller on 344da168cb738076d82a75e1a7a1f5177df8dbc7 testing commit abb3438d69fb6dd5baa4ae23eafbf5b87945eff1 with gcc (GCC) 8.1.0 kernel signature: 35addd3cca59d06e28026db26cb8aa30f4df54ae59318a2ad64f5914b8e71745 run #0: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_proc_cell_remove run #1: crashed: BUG: unable to handle kernel paging request in afs_proc_cell_setup run #2: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_deactivate_cell run #3: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_manage_cell run #4: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_proc_cell_setup run #5: crashed: INFO: rcu detected stall in sys_mount run #6: crashed: BUG: unable to handle kernel paging request in afs_proc_cell_remove run #7: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_alloc_anon_key run #8: crashed: WARNING in __proc_create run #9: crashed: WARNING: proc registration bug in afs_manage_cell testing release v5.8 testing commit bcf876870b95592b52519ed4aafcf9d95999bc9c with gcc (GCC) 8.1.0 kernel signature: 4a1278766f3484490c18be4b561fcf993079415673bc0a5a0a0b65cec6384a79 run #0: crashed: general protection fault in afs_proc_cell_setup run #1: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_manage_cell run #2: crashed: BUG: unable to handle kernel paging request in afs_proc_cell_setup run #3: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_deactivate_cell run #4: crashed: general protection fault in afs_proc_cell_remove run #5: crashed: WARNING: proc registration bug in afs_manage_cell run #6: crashed: BUG: unable to handle kernel paging request in afs_proc_cell_remove run #7: crashed: WARNING: proc registration bug in afs_manage_cell run #8: crashed: WARNING: proc registration bug in afs_manage_cell run #9: crashed: INFO: rcu detected stall in sys_mount testing release v5.7 testing commit 3d77e6a8804abcc0504c904bd6e5cdf3a5cf8162 with gcc (GCC) 8.1.0 kernel signature: 058c0bdf6307cf1061be62b5b80030ed29dbf7216713d7dc8452cd1f62822a54 run #0: crashed: KASAN: use-after-free Write in afs_manage_cell run #1: crashed: KASAN: use-after-free Write in afs_manage_cell run #2: crashed: KASAN: use-after-free Write in afs_manage_cell run #3: crashed: KASAN: use-after-free Write in afs_manage_cell run #4: crashed: KASAN: use-after-free Write in afs_manage_cell run #5: crashed: KASAN: use-after-free Write in afs_deactivate_cell run #6: crashed: KASAN: use-after-free Write in afs_deactivate_cell run #7: crashed: INFO: rcu detected stall in corrupted run #8: crashed: WARNING: ODEBUG bug in __do_softirq run #9: crashed: KASAN: use-after-free Write in afs_manage_cell testing release v5.6 testing commit 7111951b8d4973bda27ff663f2cf18b663d15b48 with gcc (GCC) 8.1.0 kernel signature: c0e654f88abeb487b8914e4be91c2cf0e0f4390b08bc5f4da462f68f4840df41 run #0: crashed: KASAN: use-after-free Read in afs_manage_cell run #1: crashed: KASAN: use-after-free Read in afs_deactivate_cell run #2: crashed: KASAN: use-after-free Read in __proc_create run #3: crashed: KASAN: use-after-free Read in afs_deactivate_cell run #4: crashed: KASAN: use-after-free Write in afs_manage_cell run #5: crashed: KASAN: use-after-free Read in afs_deactivate_cell run #6: crashed: KASAN: use-after-free Write in afs_manage_cell run #7: crashed: KASAN: use-after-free Write in afs_manage_cell run #8: crashed: KASAN: use-after-free Read in __proc_create run #9: crashed: KASAN: use-after-free Write in afs_manage_cell testing release v5.5 testing commit d5226fa6dbae0569ee43ecfc08bdcd6770fc4755 with gcc (GCC) 8.1.0 kernel signature: fc304fc7246b5fa41969d40d434e561c05b7c6a5a14e99443f2295b77aa62109 run #0: crashed: WARNING: ODEBUG bug in __do_softirq run #1: crashed: KASAN: use-after-free Write in afs_manage_cell run #2: crashed: KASAN: use-after-free Write in afs_deactivate_cell run #3: crashed: WARNING: ODEBUG bug in __do_softirq run #4: crashed: KASAN: use-after-free Write in afs_manage_cell run #5: crashed: WARNING: ODEBUG bug in __do_softirq run #6: crashed: KASAN: use-after-free Write in afs_deactivate_cell run #7: crashed: KASAN: use-after-free Read in afs_deactivate_cell run #8: crashed: WARNING: ODEBUG bug in __do_softirq run #9: crashed: KASAN: use-after-free Write in afs_manage_cell testing release v5.4 testing commit 219d54332a09e8d8741c1e1982f5eae56099de85 with gcc (GCC) 8.1.0 kernel signature: e193509e45a4cccae72d35fd5f71fdda782abfb084e274e9f32b08b91dbe80c9 run #0: crashed: KASAN: use-after-free Write in afs_manage_cell run #1: crashed: KASAN: use-after-free Write in afs_manage_cell run #2: crashed: KASAN: use-after-free Write in afs_manage_cell run #3: crashed: KASAN: use-after-free Read in afs_deactivate_cell run #4: crashed: KASAN: use-after-free Write in afs_manage_cell run #5: crashed: KASAN: use-after-free Write in afs_manage_cell run #6: crashed: KASAN: use-after-free Write in afs_manage_cell run #7: crashed: KASAN: use-after-free Read in afs_deactivate_cell run #8: crashed: KASAN: use-after-free Write in afs_manage_cell run #9: crashed: KASAN: use-after-free Write in afs_manage_cell testing release v5.3 testing commit 4d856f72c10ecb060868ed10ff1b1453943fc6c8 with gcc (GCC) 8.1.0 kernel signature: 52a1ebd6ce23c261fbf87f4a7655561edbb24debce41d58ff96961af92b97696 run #0: crashed: KASAN: use-after-free Read in __proc_create run #1: crashed: KASAN: use-after-free Read in afs_deactivate_cell run #2: crashed: KASAN: use-after-free Read in afs_manage_cell run #3: crashed: KASAN: use-after-free Read in afs_deactivate_cell run #4: crashed: KASAN: use-after-free Read in afs_deactivate_cell run #5: crashed: KASAN: use-after-free Write in afs_deactivate_cell run #6: crashed: KASAN: use-after-free Write in afs_manage_cell run #7: crashed: WARNING: ODEBUG bug in afs_cell_destroy run #8: crashed: KASAN: use-after-free Read in __proc_create run #9: crashed: INFO: rcu detected stall in corrupted testing release v5.2 testing commit 0ecfebd2b52404ae0c54a878c872bb93363ada36 with gcc (GCC) 8.1.0 kernel signature: abda171998014197f9c1756a27468e710aa72657f6e5f541c9b431344bc5098e run #0: crashed: KASAN: use-after-free Write in afs_manage_cell run #1: crashed: KASAN: use-after-free Write in afs_manage_cell run #2: crashed: WARNING: ODEBUG bug in afs_cell_destroy run #3: crashed: KASAN: use-after-free Write in afs_manage_cell run #4: crashed: KASAN: use-after-free Write in afs_manage_cell run #5: crashed: KASAN: use-after-free Write in afs_manage_cell run #6: crashed: WARNING: ODEBUG bug in afs_cell_destroy run #7: crashed: KASAN: use-after-free Read in afs_deactivate_cell run #8: crashed: KASAN: use-after-free Read in fscache_alloc_cookie run #9: crashed: WARNING: ODEBUG bug in afs_cell_destroy testing release v5.1 testing commit e93c9c99a629c61837d5a7fc2120cd2b6c70dbdd with gcc (GCC) 8.1.0 kernel signature: 34df85302982e2bc222ae57b7470f85c3f1f5f996113f133426383490d078912 run #0: crashed: KASAN: use-after-free Write in afs_manage_cell run #1: crashed: KASAN: use-after-free Write in afs_manage_cell run #2: crashed: KASAN: use-after-free Write in afs_manage_cell run #3: crashed: KASAN: use-after-free Write in afs_manage_cell run #4: crashed: KASAN: use-after-free Write in afs_manage_cell run #5: crashed: KASAN: use-after-free Read in afs_deactivate_cell run #6: crashed: KASAN: use-after-free Write in afs_manage_cell run #7: crashed: KASAN: use-after-free Write in afs_deactivate_cell run #8: OK run #9: OK testing release v5.0 testing commit 1c163f4c7b3f621efff9b28a47abb36f7378d783 with gcc (GCC) 8.1.0 kernel signature: 59494a71a0cd52104b1588242255259d3aaa5199c7ff98e21f56dea9542ea9ff all runs: OK # git bisect start e93c9c99a629c61837d5a7fc2120cd2b6c70dbdd 1c163f4c7b3f621efff9b28a47abb36f7378d783 Bisecting: 7074 revisions left to test after this (roughly 13 steps) [b5dd0c658c31b469ccff1b637e5124851e7a4a1c] Merge branch 'akpm' (patches from Andrew) testing commit b5dd0c658c31b469ccff1b637e5124851e7a4a1c with gcc (GCC) 8.1.0 kernel signature: 4c653799b4b033033eca8c4e91c47a9892cab88f3ea62f4ccb3660875769c86b all runs: OK # git bisect good b5dd0c658c31b469ccff1b637e5124851e7a4a1c Bisecting: 3573 revisions left to test after this (roughly 12 steps) [4f0237062ca70c8e34e16e518aee4b84c30d1832] Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input testing commit 4f0237062ca70c8e34e16e518aee4b84c30d1832 with gcc (GCC) 8.1.0 kernel signature: 2274db3399607ee0bc73ae6041ca2078b866c1196a50ebe3941b2225ab5cb0a4 all runs: OK # git bisect good 4f0237062ca70c8e34e16e518aee4b84c30d1832 Bisecting: 1796 revisions left to test after this (roughly 11 steps) [345077c8e172c255ea0707214303ccd099e5656b] KVM: PPC: Book3S: Protect memslots while validating user address testing commit 345077c8e172c255ea0707214303ccd099e5656b with gcc (GCC) 8.1.0 kernel signature: 2081ec39c466bf53d9b183177bb481d6832dfcb4414d652da10ce3381c8cf4f0 run #0: crashed: KASAN: use-after-free Write in afs_deactivate_cell run #1: crashed: KASAN: use-after-free Write in afs_manage_cell run #2: crashed: KASAN: use-after-free Write in afs_manage_cell run #3: crashed: KASAN: use-after-free Read in afs_deactivate_cell run #4: crashed: KASAN: use-after-free Read in afs_dynroot_rmdir run #5: crashed: KASAN: use-after-free Write in afs_manage_cell run #6: crashed: KASAN: use-after-free Read in afs_deactivate_cell run #7: crashed: KASAN: use-after-free Write in afs_deactivate_cell run #8: crashed: KASAN: use-after-free Write in afs_manage_cell run #9: OK # git bisect bad 345077c8e172c255ea0707214303ccd099e5656b Bisecting: 880 revisions left to test after this (roughly 10 steps) [f3ca4c55a6581c46e9f4a592dd698a7c67a713dd] Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net testing commit f3ca4c55a6581c46e9f4a592dd698a7c67a713dd with gcc (GCC) 8.1.0 kernel signature: 8be0175b1f8702d493f505f5b4c3cf5d921639a5ccd76a7d43cb5b40c00058e9 run #0: crashed: KASAN: use-after-free Read in afs_deactivate_cell run #1: crashed: KASAN: use-after-free Read in afs_deactivate_cell run #2: crashed: KASAN: use-after-free Write in afs_deactivate_cell run #3: crashed: KASAN: use-after-free Write in afs_manage_cell run #4: crashed: WARNING: ODEBUG bug in afs_cell_destroy run #5: crashed: WARNING: proc registration bug in afs_manage_cell run #6: OK run #7: OK run #8: OK run #9: OK # git bisect bad f3ca4c55a6581c46e9f4a592dd698a7c67a713dd Bisecting: 441 revisions left to test after this (roughly 9 steps) [a5adcfcad55d5f034b33f79f1a873229d1e77b24] Merge tag 'ext4_for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4 testing commit a5adcfcad55d5f034b33f79f1a873229d1e77b24 with gcc (GCC) 8.1.0 kernel signature: 2300d8b826921ea59515a08d8597515a8475d3cf7906ee5da879fe9339538dc3 run #0: crashed: KASAN: use-after-free Write in afs_manage_cell run #1: crashed: KASAN: use-after-free Write in afs_manage_cell run #2: crashed: KASAN: use-after-free Write in afs_deactivate_cell run #3: crashed: KASAN: use-after-free Write in afs_manage_cell run #4: crashed: KASAN: use-after-free Write in afs_deactivate_cell run #5: crashed: KASAN: use-after-free Write in afs_manage_cell run #6: crashed: KASAN: use-after-free Write in afs_manage_cell run #7: OK run #8: OK run #9: OK # git bisect bad a5adcfcad55d5f034b33f79f1a873229d1e77b24 Bisecting: 225 revisions left to test after this (roughly 8 steps) [5f739e4a491ab63730ef3b7464171340c689fbff] Merge branch 'work.misc' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs testing commit 5f739e4a491ab63730ef3b7464171340c689fbff with gcc (GCC) 8.1.0 kernel signature: 04dd8f10dc94cfd98902a5029b142aa41b66e620877cc62adf84303db177def2 run #0: crashed: general protection fault in batadv_iv_ogm_queue_add run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect bad 5f739e4a491ab63730ef3b7464171340c689fbff Bisecting: 113 revisions left to test after this (roughly 7 steps) [f655f40537916d4b1d6d1a023a778697c75a4fe2] mm/percpu: add checks for the return value of memblock_alloc*() testing commit f655f40537916d4b1d6d1a023a778697c75a4fe2 with gcc (GCC) 8.1.0 kernel signature: c4aec69046c1b0ca3b0fadb7b961b80ad8425445bd79ec7e54de4904f703693e all runs: OK # git bisect good f655f40537916d4b1d6d1a023a778697c75a4fe2 Bisecting: 61 revisions left to test after this (roughly 6 steps) [f3124ccf025caf25b764d900d1f9c49731673e49] Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/gerg/m68knommu testing commit f3124ccf025caf25b764d900d1f9c49731673e49 with gcc (GCC) 8.1.0 kernel signature: b5fcd3c050b63df4242788b39829cf87873fa82892ac85a43626362d09d27caf all runs: OK # git bisect good f3124ccf025caf25b764d900d1f9c49731673e49 Bisecting: 25 revisions left to test after this (roughly 5 steps) [f47d633134f7033e3d0c667419d9f8afd69e308d] Merge tag 'tag-chrome-platform-for-v5.1' of git://git.kernel.org/pub/scm/linux/kernel/git/chrome-platform/linux testing commit f47d633134f7033e3d0c667419d9f8afd69e308d with gcc (GCC) 8.1.0 kernel signature: ad8aaeecda49997e1d632784042037fd30b5b49293e0e38fe7545d3484ae5de8 all runs: OK # git bisect good f47d633134f7033e3d0c667419d9f8afd69e308d Bisecting: 12 revisions left to test after this (roughly 4 steps) [ba20ba2e3743bac786dff777954c11930256075e] generic radix trees testing commit ba20ba2e3743bac786dff777954c11930256075e with gcc (GCC) 8.1.0 kernel signature: fbbed703fe9da7f9b63ec3143e8b26863a1c45e8b177eb73e6c9dc34de4caeb9 all runs: OK # git bisect good ba20ba2e3743bac786dff777954c11930256075e Bisecting: 6 revisions left to test after this (roughly 3 steps) [cc4b1242d7e3b42eed73881fc749944146493e4f] vfs: fix preadv64v2 and pwritev64v2 compat syscalls with offset == -1 testing commit cc4b1242d7e3b42eed73881fc749944146493e4f with gcc (GCC) 8.1.0 kernel signature: 54cff30a4ca7b3b965ffe542462fcac9da18fe3313902c7c34bc12363cdabfc9 all runs: OK # git bisect good cc4b1242d7e3b42eed73881fc749944146493e4f Bisecting: 3 revisions left to test after this (roughly 2 steps) [586187d7de71b4da7956ba588ae42253b9ff6482] Drop flex_arrays testing commit 586187d7de71b4da7956ba588ae42253b9ff6482 with gcc (GCC) 8.1.0 kernel signature: 81ba802c4fedad7de57d7a89c40fc429c0da06d1681ddd2a6cad707a08882f9d all runs: OK # git bisect good 586187d7de71b4da7956ba588ae42253b9ff6482 Bisecting: 1 revision left to test after this (roughly 1 step) [a667cb7a94d48a483fb5d6006fe04a440f1a42ce] Merge branch 'akpm' (patches from Andrew) testing commit a667cb7a94d48a483fb5d6006fe04a440f1a42ce with gcc (GCC) 8.1.0 kernel signature: 3dc70ad8bd953acf4e46770f4f9f13f922763698e30992661a400afbee4ef6f1 all runs: OK # git bisect good a667cb7a94d48a483fb5d6006fe04a440f1a42ce Bisecting: 0 revisions left to test after this (roughly 0 steps) [12e1e7af1a55b9f911025365af4c689b3933c22a] vfs: Make __vfs_write() static testing commit 12e1e7af1a55b9f911025365af4c689b3933c22a with gcc (GCC) 8.1.0 kernel signature: 25c6d091b9490b62fff5758e33db15e52d3e428fb360d85f7ef04ceafb96312a all runs: OK # git bisect good 12e1e7af1a55b9f911025365af4c689b3933c22a 5f739e4a491ab63730ef3b7464171340c689fbff is the first bad commit commit 5f739e4a491ab63730ef3b7464171340c689fbff Merge: a667cb7a94d4 12e1e7af1a55 Author: Linus Torvalds Date: Tue Mar 12 13:27:20 2019 -0700 Merge branch 'work.misc' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs Pull misc vfs updates from Al Viro: "Assorted fixes (really no common topic here)" * 'work.misc' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs: vfs: Make __vfs_write() static vfs: fix preadv64v2 and pwritev64v2 compat syscalls with offset == -1 pipe: stop using ->can_merge splice: don't merge into linked buffers fs: move generic stat response attr handling to vfs_getattr_nosec orangefs: don't reinitialize result_mask in ->getattr fs/devpts: always delete dcache dentry-s in dput() fs/devpts/inode.c | 1 + fs/orangefs/inode.c | 7 ++----- fs/pipe.c | 32 +++++++++++++++++++++++++++++--- fs/read_write.c | 10 ++++++++-- fs/splice.c | 8 ++++---- fs/stat.c | 12 +++++++----- include/linux/pipe_fs_i.h | 8 +------- kernel/relay.c | 1 - kernel/trace/trace.c | 2 -- net/smc/smc_rx.c | 1 - 10 files changed, 52 insertions(+), 30 deletions(-) revisions tested: 24, total time: 6h8m34.28285442s (build: 2h19m17.876760357s, test: 3h46m37.764434337s) first bad commit: 5f739e4a491ab63730ef3b7464171340c689fbff Merge branch 'work.misc' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs recipients (to): ["torvalds@linux-foundation.org"] recipients (cc): [] crash: general protection fault in batadv_iv_ogm_queue_add kasan: CONFIG_KASAN_INLINE enabled kasan: GPF could be caused by NULL-ptr deref or user memory access general protection fault: 0000 [#1] PREEMPT SMP KASAN CPU: 0 PID: 32692 Comm: kworker/u4:1 Not tainted 5.0.0-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: bat_events batadv_iv_send_outstanding_bat_ogm_packet RIP: 0010:batadv_iv_ogm_queue_add+0x9b/0xe50 net/batman-adv/bat_iv_ogm.c:611 Code: 44 89 8d 64 ff ff ff c7 02 f1 f1 f1 f1 c7 42 04 04 f2 f2 f2 48 89 fa 65 48 8b 0c 25 28 00 00 00 48 89 4d d0 31 c9 48 c1 ea 03 <0f> b6 04 02 48 89 fa 83 e2 07 38 d0 7f 08 84 c0 0f 85 99 0b 00 00 RSP: 0018:ffff8880a0877ac0 EFLAGS: 00010246 RAX: dffffc0000000000 RBX: ffff8880954b9f80 RCX: 0000000000000000 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 RBP: ffff8880a0877bd8 R08: ffff88808cc785c0 R09: 0000000000000001 R10: ffffed101410ef8f R11: 0000000000000003 R12: ffff88808cc785c0 R13: dffffc0000000000 R14: ffffed101198f0c6 R15: 000000000000003c FS: 0000000000000000(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f8d530ef000 CR3: 000000009dee6000 CR4: 00000000001406f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: batadv_iv_ogm_schedule+0xb47/0xe80 net/batman-adv/bat_iv_ogm.c:819 batadv_iv_send_outstanding_bat_ogm_packet+0x4a2/0x790 net/batman-adv/bat_iv_ogm.c:1681 process_one_work+0x7b9/0x15e0 kernel/workqueue.c:2269 worker_thread+0x85/0xb60 kernel/workqueue.c:2415 kthread+0x324/0x3e0 kernel/kthread.c:253 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:352 Modules linked in: ---[ end trace 835a0c3fb5a09f14 ]--- RIP: 0010:batadv_iv_ogm_queue_add+0x9b/0xe50 net/batman-adv/bat_iv_ogm.c:611 Code: 44 89 8d 64 ff ff ff c7 02 f1 f1 f1 f1 c7 42 04 04 f2 f2 f2 48 89 fa 65 48 8b 0c 25 28 00 00 00 48 89 4d d0 31 c9 48 c1 ea 03 <0f> b6 04 02 48 89 fa 83 e2 07 38 d0 7f 08 84 c0 0f 85 99 0b 00 00 RSP: 0018:ffff8880a0877ac0 EFLAGS: 00010246 RAX: dffffc0000000000 RBX: ffff8880954b9f80 RCX: 0000000000000000 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 RBP: ffff8880a0877bd8 R08: ffff88808cc785c0 R09: 0000000000000001 R10: ffffed101410ef8f R11: 0000000000000003 R12: ffff88808cc785c0 R13: dffffc0000000000 R14: ffffed101198f0c6 R15: 000000000000003c FS: 0000000000000000(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007ffe661272e0 CR3: 000000008ee1b000 CR4: 00000000001406f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400