bisecting fixing commit since b19ffe6e7205c0b0d26b750673873f3f9f61da35 building syzkaller on aff9e255cd708709adef545d1f932020ee5c0978 testing commit b19ffe6e7205c0b0d26b750673873f3f9f61da35 with gcc (GCC) 8.1.0 kernel signature: 3757bf5ee8206ae4e023aeb73687e71c36529f87 all runs: crashed: general protection fault in rose_send_frame testing current HEAD 4c5bf01e16a7ec59e59a38a61f793c5d1d5560c7 testing commit 4c5bf01e16a7ec59e59a38a61f793c5d1d5560c7 with gcc (GCC) 8.1.0 kernel signature: 17fb8e09df44e8f1bc18b523773f7877ea6eb613 all runs: crashed: general protection fault in rose_send_frame revisions tested: 2, total time: 25m18.955765507s (build: 16m48.138067928s, test: 7m48.248424144s) the crash still happens on HEAD commit msg: Linux 4.14.161 crash: general protection fault in rose_send_frame IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready kasan: CONFIG_KASAN_INLINE enabled IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready kasan: GPF could be caused by NULL-ptr deref or user memory access IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready general protection fault: 0000 [#1] PREEMPT SMP KASAN Modules linked in: IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready CPU: 0 PID: 6843 Comm: modprobe Not tainted 4.14.161-syzkaller #0 kobject: 'loop2' (ffff8880a4a12a20): kobject_uevent_env Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 kobject: 'loop2' (ffff8880a4a12a20): fill_kobj_path: path = '/devices/virtual/block/loop2' task: ffff88809ff3e5c0 task.stack: ffff888084b00000 RIP: 0010:rose_send_frame+0x140/0x240 net/rose/rose_link.c:104 RSP: 0000:ffff8880aee07b40 EFLAGS: 00010202 RAX: dffffc0000000000 RBX: ffff88821638d840 RCX: 0000000000000006 RDX: 000000000000006b RSI: ffffffff87190280 RDI: 0000000000000358 RBP: ffff8880aee07b70 R08: ffffed101057e3c5 R09: 0000000000000000 R10: ffffed101057e3c4 R11: ffff888082bf1e23 R12: ffff88821638d840 R13: 0000000000000078 R14: ffff888092aa7080 R15: ffff888092aa7080 FS: 00007f622c5fd700(0000) GS:ffff8880aee00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f622be784c0 CR3: 00000000a4d11000 CR4: 00000000001406f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: rose_transmit_clear_request+0x1d0/0x290 net/rose/rose_link.c:258 rose_rx_call_request+0x395/0x1d4b net/rose/af_rose.c:1000 8021q: adding VLAN 0 to HW filter on device bond0 rose_loopback_timer+0x11f/0x430 net/rose/rose_loopback.c:103 call_timer_fn+0x142/0x570 kernel/time/timer.c:1279 IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready expire_timers kernel/time/timer.c:1318 [inline] __run_timers kernel/time/timer.c:1636 [inline] run_timer_softirq+0xc99/0x1210 kernel/time/timer.c:1649 IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready __do_softirq+0x246/0x9b0 kernel/softirq.c:288 IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready invoke_softirq kernel/softirq.c:368 [inline] irq_exit+0x15f/0x1a0 kernel/softirq.c:409 exiting_irq arch/x86/include/asm/apic.h:648 [inline] smp_apic_timer_interrupt+0x149/0x5d0 arch/x86/kernel/apic/apic.c:1102 apic_timer_interrupt+0x96/0xa0 arch/x86/entry/entry_64.S:792 8021q: adding VLAN 0 to HW filter on device team0 RIP: 0033:0x7f622be784c0 RSP: 002b:00007ffe22ad3f98 EFLAGS: 00010297 ORIG_RAX: ffffffffffffff10 RAX: 0000000000000000 RBX: 0000000076036300 RCX: 0000000000000008 RDX: 0000000000000044 RSI: 00007f622bf8d7a0 RDI: 00007ffe22ad3fa0 RBP: 0000000000000003 R08: 00007f622bed3840 R09: 000000000000000b IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready R10: 00007ffe22ad3e10 R11: 00007ffe22ad3e10 R12: 00007ffe22ad400e R13: 00000000000000bc R14: 00007ffe22ad400f R15: 00007ffe22ad400e Code: 5d IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready 41 5e 5d c3 80 3c 02 00 0f 85 e0 00 00 00 48 IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready b8 00 00 00 00 00 fc ff df 4c 8b 4b 20 49 8d b9 58 03 00 00 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 d1 00 00 00 49 8b 91 58 03 00 00 e9 04 ff ff RIP: rose_send_frame+0x140/0x240 net/rose/rose_link.c:104 RSP: ffff8880aee07b40 ---[ end trace 22ccfa03ce1fb720 ]---