bisecting fixing commit since 34d4ddd359dbcdf6c5fb3f85a179243d7a1cb7f8
building syzkaller on 409809d8a7c9c775eaea317add40e7a86a1e836c
testing commit 34d4ddd359dbcdf6c5fb3f85a179243d7a1cb7f8 with gcc (GCC) 8.1.0
kernel signature: 6f3ea505a5ae79e9fe94e988ef16049b22c6ad976f245563809717635200457a
run #0: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_manage_cell
run #1: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_proc_cell_setup
run #2: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_request_key
run #3: crashed: general protection fault in afs_proc_cell_setup
run #4: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_request_key
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
testing current HEAD 6f2f486d57c4d562cdf4932320b66fbb878ab1c4
testing commit 6f2f486d57c4d562cdf4932320b66fbb878ab1c4 with gcc (GCC) 8.1.0
kernel signature: 990b1916307b67b479448b0c78be630169358b7bddd3add5c16c1b54202e1a7d
run #0: crashed: WARNING in __xlate_proc_name
run #1: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_manage_cell
run #2: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_deactivate_cell
run #3: OK
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
revisions tested: 2, total time: 31m39.288678637s (build: 9m54.279707183s, test: 21m20.805584653s)
the crash still happens on HEAD
commit msg: Merge tag 'spi-fix-v5.9-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/spi
crash: BUG: unable to handle kernel NULL pointer dereference in afs_deactivate_cell
BUG: kernel NULL pointer dereference, address: 0000000000000000
#PF: supervisor write access in kernel mode
#PF: error_code(0x0002) - not-present page
PGD 12206e067 P4D 12206e067 PUD 1220a4067 PMD 0 
Oops: 0002 [#1] PREEMPT SMP
CPU: 1 PID: 23 Comm: kworker/1:1 Not tainted 5.9.0-rc8-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: afs afs_manage_cell
RIP: 0010:__hlist_del include/linux/list.h:829 [inline]
RIP: 0010:hlist_del_rcu include/linux/rculist.h:487 [inline]
RIP: 0010:afs_deactivate_cell+0x35/0x90 fs/afs/cell.c:647
Code: ac 24 c0 02 00 00 53 48 89 f3 e8 86 1a 03 00 31 f6 48 89 ef e8 bc e7 78 01 48 8b 83 80 00 00 00 48 8b 93 88 00 00 00 48 85 c0 <48> 89 02 74 04 48 89 50 08 48 b8 22 01 00 00 00 00 ad de 48 89 de
RSP: 0018:ffffc90000d2fde0 EFLAGS: 00010206
RAX: 0102000000180400 RBX: ffff88810f289000 RCX: 0000000000000001
RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000000000000000
RBP: ffff88812220dac0 R08: ffffffff818c6bc4 R09: 0000000000000001
R10: ffffc90000d2fde0 R11: 2579a6aa3e521903 R12: ffff88812220d800
R13: ffff88810ed71e00 R14: ffff88810f289000 R15: 0000000000000000
FS:  0000000000000000(0000) GS:ffff88812c100000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000000 CR3: 0000000122195000 CR4: 00000000001506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 afs_manage_cell+0x6a/0x4c0 fs/afs/cell.c:721
 process_one_work+0x26a/0x5f0 kernel/workqueue.c:2269
 worker_thread+0x38/0x380 kernel/workqueue.c:2415
 kthread+0x148/0x170 kernel/kthread.c:292
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294
Modules linked in:
CR2: 0000000000000000
---[ end trace 64dd57a9e6882eac ]---
RIP: 0010:__hlist_del include/linux/list.h:829 [inline]
RIP: 0010:hlist_del_rcu include/linux/rculist.h:487 [inline]
RIP: 0010:afs_deactivate_cell+0x35/0x90 fs/afs/cell.c:647
Code: ac 24 c0 02 00 00 53 48 89 f3 e8 86 1a 03 00 31 f6 48 89 ef e8 bc e7 78 01 48 8b 83 80 00 00 00 48 8b 93 88 00 00 00 48 85 c0 <48> 89 02 74 04 48 89 50 08 48 b8 22 01 00 00 00 00 ad de 48 89 de
RSP: 0018:ffffc90000d2fde0 EFLAGS: 00010206
RAX: 0102000000180400 RBX: ffff88810f289000 RCX: 0000000000000001
RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000000000000000
RBP: ffff88812220dac0 R08: ffffffff818c6bc4 R09: 0000000000000001
R10: ffffc90000d2fde0 R11: 2579a6aa3e521903 R12: ffff88812220d800
R13: ffff88810ed71e00 R14: ffff88810f289000 R15: 0000000000000000
FS:  0000000000000000(0000) GS:ffff88812c100000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000000 CR3: 0000000122195000 CR4: 00000000001506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400