bisecting fixing commit since a844dc4c544291470aa69edbe2434b040794e269
building syzkaller on 4b83c8fbed7b9cea831be880ec8aa1098b465f25
testing commit a844dc4c544291470aa69edbe2434b040794e269 with gcc (GCC) 8.1.0
kernel signature: 12cfff3e6b20f65aee0769fc0b548a99ee70ec50e9c8d63498abfe7240331ea9
all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in mem_serial_out
testing current HEAD e0f8b8a65a473a8baa439cf865a694bbeb83fe90
testing commit e0f8b8a65a473a8baa439cf865a694bbeb83fe90 with gcc (GCC) 8.1.0
kernel signature: 36f29961e924d689f72bc9a376f7a45590992e06c67e45eb65804d43cd98f80c
all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in mem_serial_out
revisions tested: 2, total time: 24m1.717901937s (build: 17m11.968774456s, test: 6m18.087376613s)
the crash still happens on HEAD
commit msg: Linux 4.14.170
crash: BUG: unable to handle kernel NULL pointer dereference in mem_serial_out
IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready
hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready
IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
BUG: unable to handle kernel NULL pointer dereference at 0000000000000003
IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
IP: writeb arch/x86/include/asm/io.h:65 [inline]
IP: mem_serial_out+0x61/0x90 drivers/tty/serial/8250/8250_port.c:408
PGD 8f925067 P4D 8f925067 PUD 8f6fa067 PMD 0 
Oops: 0002 [#1] PREEMPT SMP KASAN
Modules linked in:
CPU: 0 PID: 7070 Comm: syz-executor.0 Not tainted 4.14.170-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
task: ffff88807ca40280 task.stack: ffff88808dcc0000
RIP: 0010:writeb arch/x86/include/asm/io.h:65 [inline]
RIP: 0010:mem_serial_out+0x61/0x90 drivers/tty/serial/8250/8250_port.c:408
RSP: 0018:ffff88808dcc78c0 EFLAGS: 00010206
RAX: dffffc0000000000 RBX: ffffffff8a45de10 RCX: 1ffffffff148bbca
RDX: 00000000000000bf RSI: 0000000000000003 RDI: ffffffff8a45de50
RBP: ffff88808dcc78d0 R08: ffff88807ca40b48 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: ffffffff8a45df50
R13: ffffffff8a45de10 R14: ffffffff8a45de60 R15: ffffffff8a45dedc
FS:  00007f21708f7700(0000) GS:ffff8880aec00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000003 CR3: 000000008f00c000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 serial_port_out include/linux/serial_core.h:266 [inline]
 serial8250_do_startup+0xf1f/0x1ad0 drivers/tty/serial/8250/8250_port.c:2140
 serial8250_startup+0x39/0x50 drivers/tty/serial/8250/8250_port.c:2411
IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
 uart_port_startup drivers/tty/serial/serial_core.c:231 [inline]
 uart_startup.part.20+0x2a0/0x710 drivers/tty/serial/serial_core.c:270
 uart_startup drivers/tty/serial/serial_core.c:267 [inline]
 uart_set_info drivers/tty/serial/serial_core.c:1010 [inline]
 uart_set_info_user drivers/tty/serial/serial_core.c:1038 [inline]
 uart_ioctl+0x127e/0x2b90 drivers/tty/serial/serial_core.c:1361
IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
 tty_ioctl+0x434/0x1260 drivers/tty/tty_io.c:2661
IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready
8021q: adding VLAN 0 to HW filter on device team0
 vfs_ioctl fs/ioctl.c:46 [inline]
 file_ioctl fs/ioctl.c:500 [inline]
 do_vfs_ioctl+0x180/0xfb0 fs/ioctl.c:684
8021q: adding VLAN 0 to HW filter on device bond0
 SYSC_ioctl fs/ioctl.c:701 [inline]
 SyS_ioctl+0x74/0x80 fs/ioctl.c:692
 do_syscall_64+0x1c7/0x5b0 arch/x86/entry/common.c:292
 entry_SYSCALL_64_after_hwframe+0x42/0xb7
IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
RIP: 0033:0x45a6f9
RSP: 002b:00007f21708f6c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a6f9
RDX: 0000000020000080 RSI: 000000000000541f RDI: 0000000000000003
RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f21708f76d4
R13: 00000000004c5c0b R14: 00000000004dbf70 R15: 00000000ffffffff
Code: 
IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
0f b6 8b d1 00 00 00 48 8d 7b 40 48 b8 00 00 00 00 00 fc ff df d3 e6 48 89 f9 48 c1 e9 03 80 3c 01 
IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready
00 75 23 48 63 f6 48 03 73 40 <88> 16 48 83 c4 08 5b 5d c3 89 55 f0 89 75 f4 e8 ab ff 
8021q: adding VLAN 0 to HW filter on device team0
37 fe 8b 
RIP: writeb arch/x86/include/asm/io.h:65 [inline] RSP: ffff88808dcc78c0
RIP: mem_serial_out+0x61/0x90 drivers/tty/serial/8250/8250_port.c:408 RSP: ffff88808dcc78c0
CR2: 0000000000000003
---[ end trace 77d2e9833fd5c533 ]---