bisecting fixing commit since 3e968c9f1401088abc9a19ae6ff571644d37a355 building syzkaller on 676bd07e7e80f8a270af7f0276443c68f4a99e25 testing commit 3e968c9f1401088abc9a19ae6ff571644d37a355 with gcc (GCC) 8.1.0 kernel signature: deaf3444c1ecba623001855d9f5297c0bf2b96b5d9f8ddeaac7d60749b4bf493 all runs: crashed: KASAN: use-after-free Read in ntfs_read_locked_inode testing current HEAD 04300d66f0a06d572d9f2ad6768c38cabde22179 testing commit 04300d66f0a06d572d9f2ad6768c38cabde22179 with gcc (GCC) 8.1.0 kernel signature: 15c5e54e9eef19db020dbdd1b20499b69f11d7db0fee37426316a9b8159fffee run #0: crashed: panic: bad group arg size 2137, should be <= 1 for &prog.GroupArg{ArgCommon:prog.ArgCommon{typ:(*prog.StructType)(ADDR)} run #1: crashed: panic: runtime error: invalid memory address or nil pointer dereference run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK revisions tested: 2, total time: 23m39.058568594s (build: 8m41.61199388s, test: 14m13.339180453s) the crash still happens on HEAD commit msg: Merge tag 'riscv-for-linus-5.8-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux into master crash: panic: runtime error: invalid memory address or nil pointer dereference RESULT: signal 0, coverage 0 errno 0 RESULT: signal 0, coverage 0 errno 0 RESULT: signal 0, coverage 0 errno 0 RESULT: signal 0, coverage 0 errno 0 RESULT: signal 0, coverage 0 errno 0 panic: runtime error: invalid memory address or nil pointer dereference [signal SIGSEGV: segmentation violation code=0x1 addr=0x58 pc=0x4da027] goroutine 18 [running]: github.com/google/syzkaller/prog.findCsummedArg(0x65cdc0, 0x982ea0, 0x0, 0xc000283370, 0x1, 0x1020280) /syzkaller/jobs/linux/gopath/src/github.com/google/syzkaller/prog/checksum.go:83 +0x37 github.com/google/syzkaller/prog.calcChecksumsCall(0xc00005a6c0, 0xffffffffffffffff) /syzkaller/jobs/linux/gopath/src/github.com/google/syzkaller/prog/checksum.go:136 +0x236 github.com/google/syzkaller/prog.(*Prog).SerializeForExec(0xc000345620, 0x7f6a1d456000, 0x200000, 0x200000, 0xc0002839d8, 0x46ad6c, 0x872520) /syzkaller/jobs/linux/gopath/src/github.com/google/syzkaller/prog/encodingexec.go:72 +0x237 github.com/google/syzkaller/pkg/ipc.(*Env).Exec(0xc000090800, 0xc000018140, 0xc000345620, 0x4c8d97c0, 0xc000283cc8, 0x3, 0x3, 0x25, 0x0, 0x0, ...) /syzkaller/jobs/linux/gopath/src/github.com/google/syzkaller/pkg/ipc/ipc.go:308 +0x82 main.main.func1.1(0xc000073f00, 0xc0000163b8, 0xc000016400, 0xc000345600, 0xc00000da40, 0xc000018140, 0xc0000163e0, 0x1, 0xc000090800, 0xc0000580c0, ...) /syzkaller/jobs/linux/gopath/src/github.com/google/syzkaller/tools/syz-execprog/execprog.go:154 +0x3df main.main.func1(0xc0000163d0, 0xc0001cbb60, 0x1, 0xc000073f00, 0xc0000163b8, 0xc000016400, 0xc000345600, 0xc00000da40, 0xc000018140, 0xc0000163e0, ...) /syzkaller/jobs/linux/gopath/src/github.com/google/syzkaller/tools/syz-execprog/execprog.go:218 +0x1a2 created by main.main /syzkaller/jobs/linux/gopath/src/github.com/google/syzkaller/tools/syz-execprog/execprog.go:110 +0x925 [