bisecting cause commit starting from 63de37476ebd1e9bab6a9e17186dc5aa1da9ea99 building syzkaller on b20883285d2350f5694399287b7f03478a3036c6 testing commit 63de37476ebd1e9bab6a9e17186dc5aa1da9ea99 with gcc (GCC) 8.1.0 kernel signature: a45bf5138ef41e22e37a5cc8a01d6ddc4c9f5ce0 all runs: crashed: KASAN: slab-out-of-bounds Write in decode_data testing release v5.4 testing commit 219d54332a09e8d8741c1e1982f5eae56099de85 with gcc (GCC) 8.1.0 kernel signature: dfb3c098faf12a929ca0b0584fded4e43fc042eb all runs: crashed: KASAN: slab-out-of-bounds Write in decode_data testing release v5.3 testing commit 4d856f72c10ecb060868ed10ff1b1453943fc6c8 with gcc (GCC) 8.1.0 kernel signature: ffc0eb9265b7c584e6bf38d6a2b20129a3775147 all runs: crashed: KASAN: slab-out-of-bounds Write in decode_data testing release v5.2 testing commit 0ecfebd2b52404ae0c54a878c872bb93363ada36 with gcc (GCC) 8.1.0 kernel signature: 26cbdeb01ffd4b67e84b3cb9cbd77e2a4641577f all runs: crashed: KASAN: slab-out-of-bounds Write in decode_data testing release v5.1 testing commit e93c9c99a629c61837d5a7fc2120cd2b6c70dbdd with gcc (GCC) 8.1.0 kernel signature: ec8287922aad06c33401ff8828a1dc81169bfb18 all runs: crashed: KASAN: slab-out-of-bounds Write in decode_data testing release v5.0 testing commit 1c163f4c7b3f621efff9b28a47abb36f7378d783 with gcc (GCC) 8.1.0 kernel signature: 53098c8452fb33ab77417ae5a2b2d9e670b87e8f all runs: crashed: KASAN: slab-out-of-bounds Write in decode_data testing release v4.20 testing commit 8fe28cb58bcb235034b64cbbb7550a8a43fd88be with gcc (GCC) 8.1.0 kernel signature: 10f930ae606f8dce316f0f7ad37bf1a5394a8c02 all runs: crashed: KASAN: slab-out-of-bounds Write in decode_data testing release v4.19 testing commit 84df9525b0c27f3ebc2ebb1864fa62a97fdedb7d with gcc (GCC) 8.1.0 kernel signature: 4bbde4025a3bed0c0b5d203467297646256bd687 all runs: crashed: KASAN: slab-out-of-bounds Write in decode_data testing release v4.18 testing commit 94710cac0ef4ee177a63b5227664b38c95bbf703 with gcc (GCC) 8.1.0 kernel signature: da5721917c971f9f783bdedcbb2bba08a76e6d9c all runs: crashed: KASAN: slab-out-of-bounds Write in decode_data testing release v4.17 testing commit 29dcea88779c856c7dc92040a0c01233263101d4 with gcc (GCC) 8.1.0 kernel signature: 2b526d50b2a79692d3556ccb0f84f9073b6619a3 all runs: crashed: KASAN: slab-out-of-bounds Write in decode_data testing release v4.16 testing commit 0adb32858b0bddf4ada5f364a84ed60b196dbcda with gcc (GCC) 8.1.0 kernel signature: 9fee3dbcacf1d177a17f00386261e36a6db8aaf2 all runs: crashed: KASAN: slab-out-of-bounds Write in decode_data testing release v4.15 testing commit d8a5b80568a9cb66810e75b182018e9edb68e8ff with gcc (GCC) 8.1.0 kernel signature: 62fe8e3458c6396b3da59bdf126e3d04d6aabc60 all runs: crashed: KASAN: slab-out-of-bounds Write in decode_data testing release v4.14 testing commit bebc6082da0a9f5d47a1ea2edc099bf671058bd4 with gcc (GCC) 8.1.0 kernel signature: eb67f1575bd398edbc1217b80a90a085e4dff42a all runs: crashed: KASAN: slab-out-of-bounds Write in decode_data testing release v4.13 testing commit 569dbb88e80deb68974ef6fdd6a13edb9d686261 with gcc (GCC) 8.1.0 kernel signature: 4dced7479b16d331b51c12e654a200e69652ae6c all runs: crashed: KASAN: slab-out-of-bounds Write in decode_data testing release v4.12 testing commit 6f7da290413ba713f0cdd9ff1a2a9bb129ef4f6c with gcc (GCC) 8.1.0 kernel signature: ef489df9e4f1a7af52a3e9760df41ec8ce2759ab all runs: crashed: KASAN: slab-out-of-bounds Write in decode_data testing release v4.11 testing commit a351e9b9fc24e982ec2f0e76379a49826036da12 with gcc (GCC) 7.3.0 kernel signature: 1df13c5b63bb2e73e6a33c5ea055e945f9fe02fe all runs: crashed: KASAN: slab-out-of-bounds Write in decode_data testing release v4.10 testing commit c470abd4fde40ea6a0846a2beab642a578c0b8cd with gcc (GCC) 5.5.0 kernel signature: d0ac8a11e9cb7df2e158713ccfab16f971eddc6e all runs: crashed: KASAN: slab-out-of-bounds Write in decode_data testing release v4.9 testing commit 69973b830859bc6529a7a0468ba0d80ee5117826 with gcc (GCC) 5.5.0 kernel signature: 233cba5ac05742eb416662f35445a3e96d4b1488 run #0: crashed: KASAN: slab-out-of-bounds Read in sixpack_receive_buf run #1: crashed: KASAN: slab-out-of-bounds Write in decode_data run #2: crashed: KASAN: slab-out-of-bounds Read in sixpack_receive_buf run #3: crashed: KASAN: slab-out-of-bounds in sixpack_receive_buf at addr ADDR run #4: crashed: KASAN: slab-out-of-bounds Read in sixpack_receive_buf run #5: crashed: KASAN: slab-out-of-bounds in sixpack_receive_buf at addr ADDR run #6: crashed: KASAN: slab-out-of-bounds Write in decode_data run #7: crashed: KASAN: slab-out-of-bounds Read in sixpack_receive_buf run #8: crashed: KASAN: slab-out-of-bounds Read in sixpack_receive_buf run #9: crashed: KASAN: slab-out-of-bounds Write in decode_data testing release v4.8 testing commit c8d2bc9bc39ebea8437fd974fdbc21847bb897a3 with gcc (GCC) 5.5.0 kernel signature: e8f5c1efe71c4094c4af0fabc2532c4de819981c run #0: crashed: KASAN: stack-out-of-bounds Read in sixpack_receive_buf run #1: crashed: KASAN: stack-out-of-bounds Read in sixpack_receive_buf run #2: crashed: KASAN: stack-out-of-bounds Read in sixpack_receive_buf run #3: crashed: KASAN: stack-out-of-bounds Read in sixpack_receive_buf run #4: crashed: KASAN: stack-out-of-bounds in sixpack_receive_buf at addr ADDR run #5: crashed: KASAN: stack-out-of-bounds Read in sixpack_receive_buf run #6: crashed: KASAN: stack-out-of-bounds Read in sixpack_receive_buf run #7: crashed: KASAN: slab-out-of-bounds in sixpack_receive_buf at addr ADDR run #8: crashed: KASAN: stack-out-of-bounds Read in sixpack_receive_buf run #9: crashed: KASAN: stack-out-of-bounds Read in sixpack_receive_buf testing release v4.7 testing commit 523d939ef98fd712632d93a5a2b588e477a7565e with gcc (GCC) 5.5.0 kernel signature: 047caa6f141ea854b0ed34522df9889dc6982142 run #0: crashed: KASAN: stack-out-of-bounds Read in sixpack_receive_buf run #1: crashed: KASAN: stack-out-of-bounds Read in sixpack_receive_buf run #2: crashed: KASAN: use-after-free Read in sixpack_receive_buf run #3: crashed: KASAN: stack-out-of-bounds Read in sixpack_receive_buf run #4: crashed: KASAN: stack-out-of-bounds Read in sixpack_receive_buf run #5: crashed: KASAN: stack-out-of-bounds Read in sixpack_receive_buf run #6: crashed: KASAN: stack-out-of-bounds Read in sixpack_receive_buf run #7: crashed: KASAN: slab-out-of-bounds Read in sixpack_receive_buf run #8: crashed: KASAN: stack-out-of-bounds Read in sixpack_receive_buf run #9: crashed: KASAN: slab-out-of-bounds Read in sixpack_receive_buf testing release v4.6 testing commit 2dcd0af568b0cf583645c8a317dd12e344b1c72a with gcc (GCC) 5.5.0 kernel signature: ce443093b8ddd8457581a98344ac97c9d52781ac run #0: crashed: KASAN: slab-out-of-bounds Read in sixpack_receive_buf run #1: crashed: KASAN: stack-out-of-bounds Read in sixpack_receive_buf run #2: crashed: KASAN: stack-out-of-bounds Read in sixpack_receive_buf run #3: crashed: KASAN: stack-out-of-bounds in sixpack_receive_buf at addr ADDR run #4: crashed: KASAN: stack-out-of-bounds Read in sixpack_receive_buf run #5: crashed: KASAN: slab-out-of-bounds Read in sixpack_receive_buf run #6: crashed: KASAN: stack-out-of-bounds Read in sixpack_receive_buf run #7: crashed: KASAN: stack-out-of-bounds Read in sixpack_receive_buf run #8: crashed: KASAN: stack-out-of-bounds Read in sixpack_receive_buf run #9: crashed: KASAN: stack-out-of-bounds in sixpack_receive_buf at addr ADDR testing release v4.5 testing commit b562e44f507e863c6792946e4e1b1449fbbac85d with gcc (GCC) 5.5.0 kernel signature: 5e1cf97de79a1bf166360e700df85e1cc4ee6e85 run #0: crashed: BUG: unable to handle kernel paging request in corrupted run #1: crashed: INFO: trying to register non-static key in sixpack_close run #2: crashed: general protection fault in sixpack_close run #3: crashed: BUG: Bad page map run #4: crashed: general protection fault in sixpack_close run #5: crashed: BUG: unable to handle kernel NULL pointer dereference in detach_if_pending run #6: crashed: BUG: unable to handle kernel paging request in lock_timer_base run #7: crashed: BUG: unable to handle kernel paging request in detach_if_pending run #8: crashed: BUG: unable to handle kernel paging request in detach_if_pending run #9: crashed: BUG: unable to handle kernel paging request in lock_timer_base testing release v4.4 testing commit afd2ff9b7e1b367172f18ba7f693dfb62bdcb2dc with gcc (GCC) 5.5.0 kernel signature: 9be6db9abf4ad3b8d7b8766e4212a3610f2ab7a8 run #0: crashed: general protection fault in sixpack_close run #1: crashed: BUG: unable to handle kernel paging request in detach_if_pending run #2: crashed: BUG: unable to handle kernel run #3: crashed: BUG: unable to handle kernel NULL pointer dereference in detach_if_pending run #4: crashed: BUG: unable to handle kernel run #5: crashed: general protection fault in lock_timer_base run #6: crashed: BUG: unable to handle kernel run #7: crashed: BUG: unable to handle kernel NULL pointer dereference in detach_if_pending run #8: crashed: BUG: unable to handle kernel paging request in detach_if_pending run #9: basic kernel testing failed: failed to copy test binary to VM: failed to run ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "-i" "/syzkaller/jobs/linux/workdir/image/key" "/tmp/syz-executor033995628" "root@10.128.10.36:./syz-executor033995628"]: exit status 1 Warning: Permanently added '10.128.10.36' (ECDSA) to the list of known hosts. scp: ./syz-executor033995628: No space left on device testing release v4.3 testing commit 6a13feb9c82803e2b815eca72fa7a9f5561d7861 with gcc (GCC) 5.5.0 kernel signature: 7c694e88d86958b7c10c7d4c3a83e6a08fdb47fe run #0: crashed: WARNING: ODEBUG bug in netdev_freemem run #1: crashed: WARNING: ODEBUG bug in netdev_freemem run #2: crashed: WARNING: ODEBUG bug in corrupted run #3: crashed: WARNING: ODEBUG bug in netdev_freemem run #4: crashed: WARNING: ODEBUG bug in netdev_freemem run #5: crashed: WARNING: ODEBUG bug in netdev_freemem run #6: crashed: WARNING: ODEBUG bug in netdev_freemem run #7: crashed: no output from test machine run #8: crashed: no output from test machine run #9: crashed: no output from test machine testing release v4.2 testing commit 64291f7db5bd8150a74ad2036f1037e6a0428df2 with gcc (GCC) 5.5.0 kernel signature: 70821c47a9b74697799dcde28f3a1a09a4988956 run #0: crashed: WARNING: ODEBUG bug in netdev_freemem run #1: crashed: WARNING: ODEBUG bug in netdev_freemem run #2: crashed: WARNING: ODEBUG bug in netdev_freemem run #3: crashed: WARNING: ODEBUG bug in netdev_freemem run #4: crashed: WARNING: ODEBUG bug in netdev_freemem run #5: crashed: WARNING: ODEBUG bug in netdev_freemem run #6: crashed: WARNING: ODEBUG bug in netdev_freemem run #7: crashed: WARNING: ODEBUG bug in corrupted run #8: crashed: WARNING: ODEBUG bug in corrupted run #9: crashed: WARNING: ODEBUG bug in netdev_freemem testing release v4.1 testing commit b953c0d234bc72e8489d3bf51a276c5c4ec85345 with gcc (GCC) 5.5.0 kernel signature: 478f7269885e87c9fa244dd3427e44c91497c8ab run #0: crashed: WARNING: ODEBUG bug in netdev_freemem run #1: crashed: WARNING: ODEBUG bug in netdev_freemem run #2: crashed: WARNING: ODEBUG bug in corrupted run #3: crashed: WARNING: ODEBUG bug in netdev_freemem run #4: crashed: WARNING: ODEBUG bug in netdev_freemem run #5: crashed: WARNING: ODEBUG bug in corrupted run #6: crashed: WARNING: ODEBUG bug in netdev_freemem run #7: crashed: WARNING: ODEBUG bug in netdev_freemem run #8: crashed: WARNING: ODEBUG bug in netdev_freemem run #9: crashed: WARNING: ODEBUG bug in corrupted revisions tested: 26, total time: 3h40m52.297894138s (build: 2h0m21.021089468s, test: 1h37m38.318535315s) the crash already happened on the oldest tested release commit msg: Linux 4.1 crash: WARNING: ODEBUG bug in corrupted sp0: Synchronizing with TNC 8021q: adding VLAN 0 to HW filter on device bond0 IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready ------------[ cut here ]------------ WARNING: CPU: 0 PID: 5903 at lib/debugobjects.c:263 debug_print_object+0x89/0xb0 lib/debugobjects.c:260() IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready bridge0: port 1(bridge_slave_0) entered forwarding state bridge0: port 1(bridge_slave_0) entered forwarding state IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready bridge0: port 2(bridge_slave_1) entered forwarding state bridge0: port 2(bridge_slave_1) entered forwarding state IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready bridge0: port 1(bridge_slave_0) entered forwarding state bridge0: port 1(bridge_slave_0) entered forwarding state IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready bridge0: port 2(bridge_slave_1) entered forwarding state bridge0: port 2(bridge_slave_1) entered forwarding state IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready sp0: Synchronizing with TNC ODEBUG: free active (active state 0) object type: timer_list hint: resync_tnc+0x0/0xb0 drivers/net/hamradio/6pack.c:394