bisecting cause commit starting from 23203e3f34c97f4ddd6e353adba45161880a52a4 building syzkaller on e3bd7ab805a9a4541c9fe135ec90c95089f49153 testing commit 23203e3f34c97f4ddd6e353adba45161880a52a4 with gcc (GCC) 8.1.0 all runs: crashed: WARNING in untrack_pfn testing release v4.19 testing commit 84df9525b0c27f3ebc2ebb1864fa62a97fdedb7d with gcc (GCC) 8.1.0 all runs: crashed: WARNING in untrack_pfn testing release v4.18 testing commit 94710cac0ef4ee177a63b5227664b38c95bbf703 with gcc (GCC) 8.1.0 all runs: crashed: WARNING in untrack_pfn testing release v4.17 testing commit 29dcea88779c856c7dc92040a0c01233263101d4 with gcc (GCC) 8.1.0 all runs: crashed: WARNING in untrack_pfn testing release v4.16 testing commit 0adb32858b0bddf4ada5f364a84ed60b196dbcda with gcc (GCC) 8.1.0 all runs: crashed: WARNING in untrack_pfn testing release v4.15 testing commit d8a5b80568a9cb66810e75b182018e9edb68e8ff with gcc (GCC) 8.1.0 all runs: crashed: WARNING in untrack_pfn testing release v4.14 testing commit bebc6082da0a9f5d47a1ea2edc099bf671058bd4 with gcc (GCC) 8.1.0 all runs: crashed: WARNING in untrack_pfn testing release v4.13 testing commit 569dbb88e80deb68974ef6fdd6a13edb9d686261 with gcc (GCC) 8.1.0 all runs: OK # git bisect start v4.14 v4.13 Bisecting: 7300 revisions left to test after this (roughly 13 steps) [15d8ffc96464f6571ecf22043c45fad659f11bdd] Merge tag 'mmc-v4.14' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmc testing commit 15d8ffc96464f6571ecf22043c45fad659f11bdd with gcc (GCC) 8.1.0 all runs: basic kernel testing failed: WARNING in __nf_hook_entries_try_shrink # git bisect skip 15d8ffc96464f6571ecf22043c45fad659f11bdd Bisecting: 7300 revisions left to test after this (roughly 13 steps) [ace743214ea205c7d433562c5fa24e33bdfda7ab] net/mlx5e: Fix erroneous freeing of encap header buffer testing commit ace743214ea205c7d433562c5fa24e33bdfda7ab with gcc (GCC) 8.1.0 all runs: crashed: WARNING in untrack_pfn # git bisect bad ace743214ea205c7d433562c5fa24e33bdfda7ab Bisecting: 6370 revisions left to test after this (roughly 13 steps) [aae3dbb4776e7916b6cd442d00159bea27a695c1] Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next testing commit aae3dbb4776e7916b6cd442d00159bea27a695c1 with gcc (GCC) 8.1.0 all runs: basic kernel testing failed: WARNING in __nf_hook_entries_try_shrink # git bisect skip aae3dbb4776e7916b6cd442d00159bea27a695c1 Bisecting: 6370 revisions left to test after this (roughly 13 steps) [f5808ac158f2b16b686a3d3c0879c5d6048aba14] leds: gpio: Allow LED to retain state at shutdown testing commit f5808ac158f2b16b686a3d3c0879c5d6048aba14 with gcc (GCC) 8.1.0 run #0: crashed: WARNING in untrack_pfn run #1: crashed: WARNING in untrack_pfn run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect bad f5808ac158f2b16b686a3d3c0879c5d6048aba14 Bisecting: 8 revisions left to test after this (roughly 3 steps) [15201b5de9d62fd6ece51ba9005c441d588fcb94] dt-bindings: leds: add pca955x testing commit 15201b5de9d62fd6ece51ba9005c441d588fcb94 with gcc (GCC) 8.1.0 run #0: crashed: WARNING in untrack_pfn run #1: crashed: WARNING in untrack_pfn run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect bad 15201b5de9d62fd6ece51ba9005c441d588fcb94 Bisecting: 3 revisions left to test after this (roughly 2 steps) [0571753e65b5bf7fe9a50004e9e1367cc4e51d0a] leds: Convert to using %pOF instead of full_name testing commit 0571753e65b5bf7fe9a50004e9e1367cc4e51d0a with gcc (GCC) 8.1.0 run #0: crashed: WARNING in untrack_pfn run #1: crashed: WARNING in untrack_pfn run #2: crashed: WARNING in untrack_pfn run #3: crashed: WARNING in untrack_pfn run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect bad 0571753e65b5bf7fe9a50004e9e1367cc4e51d0a Bisecting: 1 revision left to test after this (roughly 1 step) [c68729119f4d2993bec3c9cb999ad76de5aeddba] leds: tlc591xx: add missing of_node_put testing commit c68729119f4d2993bec3c9cb999ad76de5aeddba with gcc (GCC) 8.1.0 run #0: crashed: WARNING in untrack_pfn run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect bad c68729119f4d2993bec3c9cb999ad76de5aeddba Bisecting: 0 revisions left to test after this (roughly 0 steps) [1055790b0df7202e363a55817688e3edbe1498a4] leds: tlc591xx: merge conditional tests testing commit 1055790b0df7202e363a55817688e3edbe1498a4 with gcc (GCC) 8.1.0 all runs: OK # git bisect good 1055790b0df7202e363a55817688e3edbe1498a4 c68729119f4d2993bec3c9cb999ad76de5aeddba is the first bad commit commit c68729119f4d2993bec3c9cb999ad76de5aeddba Author: Julia Lawall Date: Sat Jul 15 11:58:19 2017 +0200 leds: tlc591xx: add missing of_node_put for_each_child_of_node performs an of_node_get on each iteration, so a return from the loop requires an of_node_put. The semantic patch that fixes this problem is as follows (http://coccinelle.lip6.fr): // @@ local idexpression n; expression e,e1; iterator name for_each_child_of_node; @@ for_each_child_of_node(e1,n) { ... ( of_node_put(n); | e = n | return n; | + of_node_put(n); ? return ...; ) ... } // Signed-off-by: Julia Lawall Acked-by: Pavel Machek Signed-off-by: Jacek Anaszewski :040000 040000 dd5eaa8dbe9006cb3b53c2de66b98940cc38aa9d c3e9f15bea8a1ebd18e6ce90094aaf60fbfb17eb M drivers revisions tested: 16, total time: 3h36m45.287923125s (build: 1h24m2.34982811s, test: 2h6m17.606895378s) first bad commit: c68729119f4d2993bec3c9cb999ad76de5aeddba leds: tlc591xx: add missing of_node_put cc: ["jacek.anaszewski@gmail.com" "julia.lawall@lip6.fr" "linux-kernel@vger.kernel.org" "linux-leds@vger.kernel.org" "pavel@ucw.cz" "rpurdie@rpsys.net"] crash: WARNING in untrack_pfn ------------[ cut here ]------------ WARNING: CPU: 1 PID: 14809 at arch/x86/mm/pat.c:1017 untrack_pfn+0x1f0/0x290 arch/x86/mm/pat.c:1024 Kernel panic - not syncing: panic_on_warn set ... CPU: 1 PID: 14809 Comm: syz-executor4 Not tainted 4.13.0-rc1+ #1 kobject: 'loop5' (ffff8801d22c8aa0): kobject_uevent_env kobject: 'loop5' (ffff8801d22c8aa0): fill_kobj_path: path = '/devices/virtual/block/loop5' Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:16 [inline] dump_stack+0x145/0x1e1 lib/dump_stack.c:52 panic+0x1a9/0x34e kernel/panic.c:180 __warn.cold.8+0x11a/0x156 kernel/panic.c:541 kobject: 'loop5' (ffff8801d22c8aa0): kobject_uevent_env kobject: 'loop5' (ffff8801d22c8aa0): fill_kobj_path: path = '/devices/virtual/block/loop5' kobject: 'loop3' (ffff8801d21f7220): kobject_uevent_env kobject: 'loop3' (ffff8801d21f7220): fill_kobj_path: path = '/devices/virtual/block/loop3' report_bug+0x1a3/0x227 lib/bug.c:183 fixup_bug arch/x86/kernel/traps.c:190 [inline] do_trap_no_signal arch/x86/kernel/traps.c:224 [inline] do_trap+0x1ef/0x2d0 arch/x86/kernel/traps.c:273 do_error_trap+0x11f/0x390 arch/x86/kernel/traps.c:310 kobject: 'loop5' (ffff8801d22c8aa0): kobject_uevent_env kobject: 'loop5' (ffff8801d22c8aa0): fill_kobj_path: path = '/devices/virtual/block/loop5' do_invalid_op+0x1b/0x20 arch/x86/kernel/traps.c:323 invalid_op+0x1e/0x30 arch/x86/entry/entry_64.S:845 RIP: 0010:untrack_pfn+0x1f0/0x290 arch/x86/mm/pat.c:1017 RSP: 0018:ffff8801c402efc0 EFLAGS: 00010282 RAX: 00000000ffffffea RBX: ffff8801b7ee6300 RCX: 0000000000000000 RDX: 0000000000000001 RSI: 0000000000000001 RDI: ffffffff89da63c0 RBP: ffff8801c402f098 R08: 0000000000000001 R09: 0000000000000000 R10: ffff8801d969efa0 R11: ffff8801d969e740 R12: 1ffff10038805dfa R13: 0000000000000000 R14: ffff8801c402f070 R15: ffff8801c402eff0 unmap_single_vma+0x144/0x300 mm/memory.c:1412 unmap_vmas+0xe2/0x190 mm/memory.c:1463 exit_mmap+0x204/0x3b0 mm/mmap.c:2994 __mmput kernel/fork.c:903 [inline] mmput+0x1e0/0x640 kernel/fork.c:925 exit_mm kernel/exit.c:544 [inline] do_exit+0xc0c/0x17d0 kernel/exit.c:852 do_group_exit+0x135/0x3b0 kernel/exit.c:969 get_signal+0x78c/0x15f0 kernel/signal.c:2330 do_signal+0x94/0x2210 arch/x86/kernel/signal.c:808 exit_to_usermode_loop+0x1bc/0x280 arch/x86/entry/common.c:157 prepare_exit_to_usermode arch/x86/entry/common.c:194 [inline] syscall_return_slowpath+0x2cb/0x360 arch/x86/entry/common.c:263 entry_SYSCALL_64_fastpath+0xc0/0xc2 RIP: 0033:0x4577b9 RSP: 002b:00007f8d6eaf5cf8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca RAX: fffffffffffffe00 RBX: 000000000072bf08 RCX: 00000000004577b9 RDX: 0000000000000000 RSI: 0000000000000080 RDI: 000000000072bf08 RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000072bf0c R13: 00007ffefce6324f R14: 00007f8d6eaf69c0 R15: 000000000072bf0c Kernel Offset: disabled Rebooting in 86400 seconds..