bisecting fixing commit since 7f2c5eb458b8855655a19c44cd0043f7f83c595f
building syzkaller on 80a0690249dc4dbbbed95ba197192b99c73694c5
testing commit 7f2c5eb458b8855655a19c44cd0043f7f83c595f with gcc (GCC) 8.4.1 20210217
kernel signature: 14083db063a896b5ceeb928786ece9f91b9b22366b20c60ba5eeb72466c0c5d4
run #0: crashed: WARNING in cgroup_apply_control_disable
run #1: crashed: WARNING in cgroup_apply_control_disable
run #2: crashed: WARNING in cgroup_apply_control_disable
run #3: crashed: WARNING in cgroup_apply_control_disable
run #4: crashed: WARNING in cgroup_apply_control_disable
run #5: crashed: WARNING in cgroup_apply_control_disable
run #6: crashed: WARNING in cgroup_apply_control_disable
run #7: crashed: WARNING in cgroup_apply_control_disable
run #8: crashed: WARNING in cgroup_apply_control_disable
run #9: crashed: WARNING in cgroup_apply_control_disable
run #10: crashed: WARNING in cgroup_apply_control_disable
run #11: crashed: WARNING in cgroup_apply_control_disable
run #12: crashed: WARNING in cgroup_apply_control_disable
run #13: crashed: WARNING in cgroup_apply_control_disable
run #14: crashed: WARNING in cgroup_apply_control_disable
run #15: crashed: WARNING in cgroup_apply_control_disable
run #16: OK
run #17: OK
run #18: OK
run #19: OK
testing current HEAD cf256fbcbe347b7d0ff58fe2dfa382a156bd3694
testing commit cf256fbcbe347b7d0ff58fe2dfa382a156bd3694 with gcc (GCC) 8.4.1 20210217
kernel signature: c09e8c6c398fb7f85ed9d4723c9781bd40d5414367807585821fc1954cbac5b4
run #0: crashed: WARNING in cgroup_apply_control_disable
run #1: crashed: WARNING in cgroup_apply_control_disable
run #2: crashed: WARNING in cgroup_apply_control_disable
run #3: crashed: WARNING in cgroup_apply_control_disable
run #4: crashed: WARNING in cgroup_apply_control_disable
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
revisions tested: 2, total time: 44m52.287671671s (build: 26m27.712363863s, test: 17m52.850680965s)
the crash still happens on HEAD
commit msg: Linux 4.14.231
crash: WARNING in cgroup_apply_control_disable
------------[ cut here ]------------
WARNING: CPU: 1 PID: 7261 at kernel/cgroup/cgroup.c:2936 cgroup_ss_mask kernel/cgroup/cgroup.c:441 [inline]
WARNING: CPU: 1 PID: 7261 at kernel/cgroup/cgroup.c:2936 cgroup_apply_control_disable+0x31c/0x410 kernel/cgroup/cgroup.c:2939
Modules linked in:
CPU: 1 PID: 7261 Comm: syz-executor.4 Not tainted 4.14.231-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
task: ffff8881d4666500 task.stack: ffff8881d4a30000
RIP: 0010:cgroup_apply_control_disable+0x31c/0x410 kernel/cgroup/cgroup.c:2936
RSP: 0018:ffff8881d4a378a0 EFLAGS: 00010202
RAX: 1ffff1103b282ca3 RBX: ffff8881d9416500 RCX: ffffed103a8ccdb0
RDX: 1ffffffff0fe2bd1 RSI: 00000000ffffffff RDI: ffff8881d9416518
RBP: ffff8881d4a37900 R08: 1ffff1103a8ccdb0 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: ffffffff87fdb140
R13: ffff8881d8af3680 R14: ffffffff87fa34a0 R15: dffffc0000000000
FS:  0000000001c13400(0000) GS:ffff8881f6700000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ffd9851b868 CR3: 00000001e8ea5003 CR4: 00000000001606e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 cgroup_finalize_control kernel/cgroup/cgroup.c:3003 [inline]
 rebind_subsystems+0x34e/0xa80 kernel/cgroup/cgroup.c:1631
 cgroup_setup_root+0x348/0x8f0 kernel/cgroup/cgroup.c:1900
 cgroup1_mount+0x49a/0xb90 kernel/cgroup/cgroup-v1.c:1245
 cgroup_mount+0x14b/0x850 kernel/cgroup/cgroup.c:2024
 mount_fs+0x7f/0x270 fs/super.c:1237
 vfs_kern_mount.part.9+0x58/0x3c0 fs/namespace.c:1046
 vfs_kern_mount fs/namespace.c:1036 [inline]
 do_new_mount fs/namespace.c:2549 [inline]
 do_mount+0x352/0x2af0 fs/namespace.c:2879
 SYSC_mount fs/namespace.c:3095 [inline]
 SyS_mount+0xb1/0xd0 fs/namespace.c:3072
 do_syscall_64+0x1c7/0x5b0 arch/x86/entry/common.c:292
 entry_SYSCALL_64_after_hwframe+0x46/0xbb
RIP: 0033:0x465c8a
RSP: 002b:00007ffd50308bf8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 00007ffd50308c38 RCX: 0000000000465c8a
RDX: 00000000004b753b RSI: 00000000004ad236 RDI: 00000000004ad1f9
RBP: 00007ffd50308c30 R08: 00000000004bc388 R09: 00007ffd50308670
R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd50308c30
R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000400520
Code: 85 90 01 00 00 48 8d 78 08 48 89 f9 48 c1 e9 03 42 0f b6 0c 39 84 c9 74 09 80 f9 03 0f 8e c8 00 00 00 0f b7 40 08 e9 fc fe ff ff <0f> 0b e9 57 fe ff ff 48 83 c4 38 5b 41 5c 41 5d 41 5e 41 5f 5d 
---[ end trace 64344c4c2db5f67a ]---
batman_adv: batadv0: Interface deactivated: batadv_slave_0
batman_adv: batadv0: Removing interface: batadv_slave_0
batman_adv: batadv0: Interface deactivated: batadv_slave_1
batman_adv: batadv0: Removing interface: batadv_slave_1
device bridge_slave_1 left promiscuous mode
bridge0: port 2(bridge_slave_1) entered disabled state
device bridge_slave_0 left promiscuous mode
bridge0: port 1(bridge_slave_0) entered disabled state
device veth1_macvtap left promiscuous mode
device veth0_macvtap left promiscuous mode
device veth1_vlan left promiscuous mode
device veth0_vlan left promiscuous mode
Bluetooth: hci0 command 0x0409 tx timeout
Bluetooth: hci1 command 0x0409 tx timeout
device hsr_slave_1 left promiscuous mode
device hsr_slave_0 left promiscuous mode
team0 (unregistering): Port device team_slave_1 removed
team0 (unregistering): Port device team_slave_0 removed
bond0 (unregistering): Releasing backup interface bond_slave_1
bond0 (unregistering): Releasing backup interface bond_slave_0
Bluetooth: hci3 command 0x0409 tx timeout
Bluetooth: hci2 command 0x0409 tx timeout
bond0 (unregistering): Released all slaves
Bluetooth: hci0 command 0x041b tx timeout
Bluetooth: hci1 command 0x041b tx timeout
Bluetooth: hci2 command 0x041b tx timeout
Bluetooth: hci3 command 0x041b tx timeout
batman_adv: batadv0: Interface deactivated: batadv_slave_0
batman_adv: batadv0: Removing interface: batadv_slave_0
batman_adv: batadv0: Interface deactivated: batadv_slave_1
batman_adv: batadv0: Removing interface: batadv_slave_1
device bridge_slave_1 left promiscuous mode
bridge0: port 2(bridge_slave_1) entered disabled state
Bluetooth: hci0 command 0x040f tx timeout
device bridge_slave_0 left promiscuous mode
bridge0: port 1(bridge_slave_0) entered disabled state
device veth1_macvtap left promiscuous mode
device veth0_macvtap left promiscuous mode
device veth1_vlan left promiscuous mode
device veth0_vlan left promiscuous mode
Bluetooth: hci1 command 0x040f tx timeout
device hsr_slave_1 left promiscuous mode
device hsr_slave_0 left promiscuous mode
team0 (unregistering): Port device team_slave_1 removed
team0 (unregistering): Port device team_slave_0 removed
bond0 (unregistering): Releasing backup interface bond_slave_1
bond0 (unregistering): Releasing backup interface bond_slave_0
Bluetooth: hci3 command 0x040f tx timeout
Bluetooth: hci2 command 0x040f tx timeout
bond0 (unregistering): Released all slaves
Bluetooth: hci0 command 0x0419 tx timeout
Bluetooth: hci1 command 0x0419 tx timeout
Bluetooth: hci2 command 0x0419 tx timeout
Bluetooth: hci3 command 0x0419 tx timeout