bisecting fixing commit since b98aebd298246df37b472c52a2ee1023256d02e3
building syzkaller on 5ea87a6638e52a94361b26b8576a1605585815fb
testing commit b98aebd298246df37b472c52a2ee1023256d02e3 with gcc (GCC) 8.1.0
kernel signature: ba9f6c86697bffb904d0a60c4c7b45ab48fec3d546e7ed9eb8e724b0c28cf944
run #0: crashed: general protection fault in kernfs_kill_sb
run #1: crashed: general protection fault in kernfs_kill_sb
run #2: crashed: general protection fault in kernfs_kill_sb
run #3: crashed: general protection fault in kernfs_kill_sb
run #4: crashed: general protection fault in kernfs_kill_sb
run #5: crashed: general protection fault in corrupted
run #6: crashed: general protection fault in corrupted
run #7: crashed: general protection fault in corrupted
run #8: crashed: general protection fault in corrupted
run #9: crashed: general protection fault in corrupted
testing current HEAD cbfa1702aaf69b2311ea1b35e04f113c48368c67
testing commit cbfa1702aaf69b2311ea1b35e04f113c48368c67 with gcc (GCC) 8.1.0
kernel signature: 7fb4f20d037ea879764385a18b47a80a8bc3cf21d74f0c5e410186662657e16f
run #0: crashed: general protection fault in kernfs_kill_sb
run #1: crashed: general protection fault in kernfs_kill_sb
run #2: crashed: general protection fault in kernfs_kill_sb
run #3: crashed: general protection fault in kernfs_kill_sb
run #4: crashed: general protection fault in kernfs_kill_sb
run #5: crashed: general protection fault in kernfs_kill_sb
run #6: crashed: general protection fault in kernfs_kill_sb
run #7: crashed: general protection fault in corrupted
run #8: crashed: general protection fault in kernfs_kill_sb
run #9: crashed: general protection fault in kernfs_kill_sb
revisions tested: 2, total time: 22m35.259327733s (build: 15m45.96905391s, test: 5m58.023597913s)
the crash still happens on HEAD
commit msg: Linux 4.14.198
crash: general protection fault in kernfs_kill_sb
 kernfs_mount_ns+0xdd/0x770 fs/kernfs/mount.c:324
 sysfs_mount+0xa8/0x160 fs/sysfs/mount.c:39
kasan: GPF could be caused by NULL-ptr deref or user memory access
 mount_fs+0x7f/0x269 fs/super.c:1237
general protection fault: 0000 [#1] PREEMPT SMP KASAN
Modules linked in:
 vfs_kern_mount.part.33+0x58/0x3c0 fs/namespace.c:1046
 vfs_kern_mount fs/namespace.c:1036 [inline]
 do_new_mount fs/namespace.c:2549 [inline]
 do_mount+0x36b/0x26a0 fs/namespace.c:2879
CPU: 0 PID: 7317 Comm: syz-executor.5 Not tainted 4.14.198-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
task: ffff888087c4e180 task.stack: ffff8880a0db8000
RIP: 0010:__list_del_entry_valid+0x84/0xf3 lib/list_debug.c:51
RSP: 0018:ffff8880a0dbfad0 EFLAGS: 00010246
 SYSC_mount fs/namespace.c:3095 [inline]
 SyS_mount+0xb8/0xd0 fs/namespace.c:3072
RAX: dffffc0000000000 RBX: ffff88808a891d98 RCX: 0000000000000000
RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff88808a891da0
 do_syscall_64+0x1c7/0x5b0 arch/x86/entry/common.c:292
RBP: ffff8880a0dbfae8 R08: ffff888087c4ea50 R09: 0000000000005162
R10: ffff8880a0dbfae8 R11: ffff888087c4e180 R12: 0000000000000000
R13: 0000000000000000 R14: ffff88808a891da0 R15: fffffffffffffff4
 entry_SYSCALL_64_after_hwframe+0x46/0xbb
FS:  00007f8f90db2700(0000) GS:ffff8880aee00000(0000) knlGS:0000000000000000
RIP: 0033:0x459fc9
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
RSP: 002b:00007f9f60cb2c78 EFLAGS: 00000246
CR2: 00007f1bd2d904fb CR3: 000000008b717000 CR4: 00000000001406f0
 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 00007f9f60cb2c90 RCX: 0000000000459fc9
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
RDX: 0000000020000500 RSI: 0000000020000480 RDI: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
Call Trace:
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f9f60cb36d4
R13: 00000000004c6a32 R14: 00000000004dbe98 R15: 0000000000000004
 __list_del_entry include/linux/list.h:117 [inline]
 list_del include/linux/list.h:125 [inline]
 kernfs_kill_sb+0x5c/0x1d0 fs/kernfs/mount.c:365
CPU: 1 PID: 7332 Comm: syz-executor.4 Not tainted 4.14.198-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 sysfs_kill_sb+0x1a/0x30 fs/sysfs/mount.c:53
Call Trace:
 deactivate_locked_super+0x62/0xb0 fs/super.c:319
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0xf7/0x13b lib/dump_stack.c:58
 sget_userns+0x8eb/0xb40 fs/super.c:537
 fail_dump lib/fault-inject.c:51 [inline]
 should_fail.cold.3+0x105/0x14b lib/fault-inject.c:149
 should_failslab+0xba/0xf0 mm/failslab.c:32
 slab_pre_alloc_hook mm/slab.h:421 [inline]
 slab_alloc mm/slab.c:3376 [inline]
 __do_kmalloc mm/slab.c:3718 [inline]
 __kmalloc+0x2e8/0x7b0 mm/slab.c:3729
 kernfs_mount_ns+0xdd/0x770 fs/kernfs/mount.c:324
 sysfs_mount+0xa8/0x160 fs/sysfs/mount.c:39
 kmalloc include/linux/slab.h:493 [inline]
 kzalloc include/linux/slab.h:661 [inline]
 __list_lru_init+0x69/0x5f0 mm/list_lru.c:539
 alloc_super fs/super.c:231 [inline]
 sget_userns+0x3e0/0xb40 fs/super.c:516
 mount_fs+0x7f/0x269 fs/super.c:1237
 kernfs_mount_ns+0xdd/0x770 fs/kernfs/mount.c:324
 vfs_kern_mount.part.33+0x58/0x3c0 fs/namespace.c:1046
 sysfs_mount+0xa8/0x160 fs/sysfs/mount.c:39
 vfs_kern_mount fs/namespace.c:1036 [inline]
 do_new_mount fs/namespace.c:2549 [inline]
 do_mount+0x36b/0x26a0 fs/namespace.c:2879
 mount_fs+0x7f/0x269 fs/super.c:1237
 vfs_kern_mount.part.33+0x58/0x3c0 fs/namespace.c:1046
 vfs_kern_mount fs/namespace.c:1036 [inline]
 do_new_mount fs/namespace.c:2549 [inline]
 do_mount+0x36b/0x26a0 fs/namespace.c:2879
 SYSC_mount fs/namespace.c:3095 [inline]
 SyS_mount+0xb8/0xd0 fs/namespace.c:3072
 do_syscall_64+0x1c7/0x5b0 arch/x86/entry/common.c:292
 entry_SYSCALL_64_after_hwframe+0x46/0xbb
RIP: 0033:0x459fc9
 SYSC_mount fs/namespace.c:3095 [inline]
 SyS_mount+0xb8/0xd0 fs/namespace.c:3072
RSP: 002b:00007f8f90db1c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 00007f8f90db1c90 RCX: 0000000000459fc9
 do_syscall_64+0x1c7/0x5b0 arch/x86/entry/common.c:292
RDX: 0000000020000500 RSI: 0000000020000480 RDI: 0000000000000000
RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
 entry_SYSCALL_64_after_hwframe+0x46/0xbb
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8f90db26d4
RIP: 0033:0x459fc9
R13: 00000000004c6a32 R14: 00000000004dbe98 R15: 0000000000000004
Code: 
RSP: 002b:00007fc94dc38c78 EFLAGS: 00000246
c5 
 ORIG_RAX: 00000000000000a5
0f 
RAX: ffffffffffffffda RBX: 00007fc94dc38c90 RCX: 0000000000459fc9
84 
RDX: 0000000020000500 RSI: 0000000020000480 RDI: 0000000000000000
cc 
RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
00 
R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc94dc396d4
00 
R13: 00000000004c6a32 R14: 00000000004dbe98 R15: 0000000000000004
00 48 b8 00 02 00 00 00 00 ad de 49 39 c4 0f 84 a5 00 00 00 48 b8 00 00 00 00 00 fc ff df 4c 89 e2 48 c1 ea 03 <80> 3c 02 00 75 5f 49 8b 14 24 48 39 da 0f 85 ba 00 00 00 49 8d 
RIP: __list_del_entry_valid+0x84/0xf3 lib/list_debug.c:51 RSP: ffff8880a0dbfad0
---[ end trace 65edf343c624c0ff ]---