bisecting fixing commit since 2f166cdcf8a92fcf85524f2b5526cb28e16f0a60 building syzkaller on abf9ba4fc75d9b29af15625d44dcfc1360fad3b7 testing commit 2f166cdcf8a92fcf85524f2b5526cb28e16f0a60 with gcc (GCC) 8.1.0 kernel signature: cc3568a7f32808d6a187074e06cd677b2b493cf3a5c37ebdc8a04498ab788690 run #0: crashed: BUG: Bad page map run #1: crashed: general protection fault in do_exit run #2: crashed: general protection fault in __radix_tree_lookup run #3: crashed: general protection fault in find_vma run #4: crashed: BUG: unable to handle kernel NULL pointer dereference in corrupted run #5: crashed: unexpected kernel reboot run #6: crashed: BUG: Bad page map run #7: crashed: BUG: unable to handle kernel NULL pointer dereference in qlist_free_all run #8: crashed: general protection fault in __switch_to run #9: OK testing current HEAD 6b6446efedb27c2766745a04f9b5d4449f51391d testing commit 6b6446efedb27c2766745a04f9b5d4449f51391d with gcc (GCC) 8.1.0 kernel signature: 68a23dfa4e1f1000c71c38274637d44a5a661f77c0ea3b665686891b6a53c5ca run #0: crashed: unexpected kernel reboot run #1: crashed: kernel panic: Fatal exception run #2: crashed: general protection fault in enqueue_entity run #3: crashed: kernel BUG at arch/x86/mm/physaddr.c:LINE! run #4: crashed: kernel BUG at arch/x86/mm/physaddr.c:LINE! run #5: crashed: general protection fault in try_to_wake_up run #6: crashed: BUG: unable to handle kernel paging request in mem_cgroup_from_task run #7: crashed: general protection fault in schedule run #8: crashed: BUG: Bad page map run #9: OK revisions tested: 2, total time: 38m32.948587551s (build: 16m26.218834366s, test: 21m28.776327415s) the crash still happens on HEAD commit msg: Linux 4.14.204 crash: BUG: Bad page map Bluetooth: hci2 command 0x041b tx timeout Bluetooth: hci2 command 0x040f tx timeout Bluetooth: hci2 command 0x0419 tx timeout BUG: Bad page map in process syz-executor.1 pte:84003f88f88ff275 pmd:0010d067 INFO: trying to register non-static key. the code is fine but needs lockdep annotation. turning off the locking correctness validator. CPU: 0 PID: 17188 Comm: syz-executor.1 Not tainted 4.14.204-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x14b/0x1f1 lib/dump_stack.c:58 register_lock_class+0x3bd/0x19a0 kernel/locking/lockdep.c:768 __lock_acquire+0x18b/0x42d0 kernel/locking/lockdep.c:3378 lock_acquire+0x17e/0x3e0 kernel/locking/lockdep.c:3998 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline] _raw_spin_lock_irqsave+0x99/0xd0 kernel/locking/spinlock.c:160 try_to_wake_up+0x82/0x1110 kernel/sched/core.c:1997 wake_up_process+0x10/0x20 kernel/sched/core.c:2160 hrtimer_wakeup+0x39/0x50 kernel/time/hrtimer.c:1441 __run_hrtimer kernel/time/hrtimer.c:1223 [inline] __hrtimer_run_queues+0x279/0xad0 kernel/time/hrtimer.c:1287 hrtimer_interrupt+0x1ae/0x600 kernel/time/hrtimer.c:1321 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1075 [inline] smp_apic_timer_interrupt+0x11f/0x5d0 arch/x86/kernel/apic/apic.c:1100 apic_timer_interrupt+0x9a/0xa0 arch/x86/entry/entry_64.S:793 RIP: 0010:arch_local_irq_restore arch/x86/include/asm/paravirt.h:779 [inline] RIP: 0010:console_trylock_spinning kernel/printk/printk.c:1685 [inline] RIP: 0010:vprintk_emit+0x42c/0x4e0 kernel/printk/printk.c:1922 RSP: 0000:ffff88801ef77a18 EFLAGS: 00000282 ORIG_RAX: ffffffffffffff10 RAX: dffffc0000000000 RBX: 0000000000000282 RCX: 1ffff1101466a52a RDX: 0000000000000000 RSI: ffff8880a3352930 RDI: 0000000000000282 RBP: ffff88801ef77a68 R08: ffff8880a3352950 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: 1ffffffff0fe2bc0 R13: 1ffffffff0fe2bc2 R14: 0000000000000000 R15: 1ffffffff0fe2bc1 vprintk_default+0x1a/0x20 kernel/printk/printk.c:1963 vprintk_func+0x49/0x12c kernel/printk/printk_safe.c:401 printk+0x91/0xab kernel/printk/printk.c:1996 print_bad_pte+0x3c2/0x7a0 mm/memory.c:776 _vm_normal_page+0x14d/0x4d0 mm/memory.c:903 do_numa_page mm/memory.c:3917 [inline] handle_pte_fault mm/memory.c:4089 [inline] __handle_mm_fault+0x136a/0x3e70 mm/memory.c:4206 handle_mm_fault+0x2a6/0x6d7 mm/memory.c:4243 __do_page_fault+0x4f5/0xb10 arch/x86/mm/fault.c:1442 do_page_fault+0x64/0x3fb arch/x86/mm/fault.c:1517 page_fault+0x45/0x50 arch/x86/entry/entry_64.S:1123 RIP: 0033:0x4101f5 RSP: 002b:00007ffd6bb51d30 EFLAGS: 00010246 RAX: 0000000000000000 RBX: 000000000006584d RCX: 000000000045ba81 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 R10: 00007ffd6bb51e10 R11: 0000000000000000 R12: 000000000118d940 R13: 000000000118d940 R14: ffffffffffffffff R15: 000000000118cfec BUG: unable to handle kernel addr:0000000001590000 vm_flags:08100073 anon_vma:ffff88809f840570 mapping: (null) index:1590 paging request at ffffffffffffff74 IP: wait_consider_task+0xaa/0x3070 kernel/exit.c:1336 PGD 7e6d067 P4D 7e6d067 PUD 7e6f067 PMD 0 Oops: 0000 [#1] PREEMPT SMP KASAN Modules linked in: CPU: 1 PID: 10253 Comm: syz-executor.4 Not tainted 4.14.204-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 file: (null) fault: (null) mmap: (null) readpage: (null) task: ffff88806060c480 task.stack: ffff88808e490000 CPU: 0 PID: 17188 Comm: syz-executor.1 Not tainted 4.14.204-syzkaller #0 RIP: 0010:wait_consider_task+0xaa/0x3070 kernel/exit.c:1336 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RSP: 0018:ffff88808e497ae8 EFLAGS: 00010246 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x14b/0x1f1 lib/dump_stack.c:58 RAX: 0000000000000007 RBX: dffffc0000000000 RCX: 1ffff11000021c2d RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff88808e497d38 print_bad_pte.cold.14+0x1bc/0x24a mm/memory.c:791 RBP: ffff88808e497c30 R08: 0000000000000000 R09: 0000000000000000 R10: 1ffff11011c92ff9 R11: ffff88806060c480 R12: fffffffffffffaf8 R13: ffffffffffffff74 R14: ffff88808e497d38 R15: ffff88806060c480 FS: 0000000002e4d940(0000) GS:ffff8880ba900000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 _vm_normal_page+0x14d/0x4d0 mm/memory.c:903 CR2: ffffffffffffff74 CR3: 000000009a540000 CR4: 00000000001406e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 do_numa_page mm/memory.c:3917 [inline] handle_pte_fault mm/memory.c:4089 [inline] __handle_mm_fault+0x136a/0x3e70 mm/memory.c:4206 Call Trace: handle_mm_fault+0x2a6/0x6d7 mm/memory.c:4243 __do_page_fault+0x4f5/0xb10 arch/x86/mm/fault.c:1442 do_wait_thread kernel/exit.c:1445 [inline] do_wait+0x3dc/0x890 kernel/exit.c:1516 do_page_fault+0x64/0x3fb arch/x86/mm/fault.c:1517 kernel_wait4+0xe8/0x1b0 kernel/exit.c:1658 page_fault+0x45/0x50 arch/x86/entry/entry_64.S:1123 RIP: 0033:0x4101f5 RSP: 002b:00007ffd6bb51d30 EFLAGS: 00010246 RAX: 0000000000000000 RBX: 000000000006584d RCX: 000000000045ba81 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 SYSC_wait4 kernel/exit.c:1670 [inline] SyS_wait4+0xc2/0xd0 kernel/exit.c:1666 RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 R10: 00007ffd6bb51e10 R11: 0000000000000000 R12: 000000000118d940 R13: 000000000118d940 R14: ffffffffffffffff R15: 000000000118cfec kasan: CONFIG_KASAN_INLINE enabled kasan: GPF could be caused by NULL-ptr deref or user memory access do_syscall_64+0x1c7/0x5b0 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x46/0xbb RIP: 0033:0x4171fb RSP: 002b:00007ffde915eee0 EFLAGS: 00000246 ORIG_RAX: 000000000000003d RAX: ffffffffffffffda RBX: 00000000ffffffff RCX: 00000000004171fb RDX: 0000000040000001 RSI: 00007ffde915ef40 RDI: ffffffffffffffff RBP: 00007ffde915ef40 R08: 0000000000000000 R09: 0000000002e4d940 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000040000001 R13: 00007ffde915ef40 R14: 0000000000065530 R15: 00007ffde915ef50 Code: 00 f2 f2 f2 c7 40 10 f3 f3 f3 f3 4c 89 e8 48 c1 e8 03 0f b6 14 10 4c 89 e8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 38 14 00 00 <45> 8b bc 24 7c 04 00 00 41 83 ff 10 0f 84 90 00 00 00 48 b8 00 RIP: wait_consider_task+0xaa/0x3070 kernel/exit.c:1336 RSP: ffff88808e497ae8 CR2: ffffffffffffff74 ---[ end trace 92ae2a8fa8d210d6 ]---