bisecting cause commit starting from 81b1d39fd39a0ecfd30606714bcc05da586044f9
building syzkaller on a8529b82fb3bb45832b08a099e7eb51707da9b37
testing commit 81b1d39fd39a0ecfd30606714bcc05da586044f9 with gcc (GCC) 10.2.1 20210217
kernel signature: 3247433b7d6cd5f59dc0f2dfda586734720d07616fa521c1e039589fa2766bcf
all runs: crashed: general protection fault in io_commit_cqring
testing release v5.11
testing commit f40ddce88593482919761f74910f42f4b84c004b with gcc (GCC) 10.2.1 20210217
kernel signature: e99cd9f143ce9d9fcac692e506c1f42fd7bad007e669bcc2d658384620d3ab58
all runs: OK
# git bisect start 81b1d39fd39a0ecfd30606714bcc05da586044f9 f40ddce88593482919761f74910f42f4b84c004b
Bisecting: 5932 revisions left to test after this (roughly 13 steps)
[d99676af540c2dc829999928fb81c58c80a1dce4] Merge tag 'drm-next-2021-02-19' of git://anongit.freedesktop.org/drm/drm

testing commit d99676af540c2dc829999928fb81c58c80a1dce4 with gcc (GCC) 10.2.1 20210217
kernel signature: 5ad479128f117a1d38bc7ee59edcdb592a5fda3fb52cbc77b71fa4437ceb8a6d
run #0: crashed: WARNING in kvm_wait
run #1: OK
run #2: OK
run #3: OK
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
reproducer seems to be flaky
# git bisect bad d99676af540c2dc829999928fb81c58c80a1dce4
Bisecting: 3717 revisions left to test after this (roughly 12 steps)
[f9d58de23152f2c16f326d7e014cfa2933b00304] Merge tag 'affs-for-5.12-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux

testing commit f9d58de23152f2c16f326d7e014cfa2933b00304 with gcc (GCC) 10.2.1 20210217
kernel signature: 0e15079a3ab74417003eea81f14abff1aea815e5e366ab0cff272ccab2f025d2
run #0: crashed: WARNING: ODEBUG bug in netdev_run_todo
run #1: OK
run #2: OK
run #3: OK
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
run #10: OK
run #11: OK
run #12: OK
run #13: OK
run #14: OK
run #15: OK
run #16: OK
run #17: OK
run #18: OK
run #19: OK
# git bisect bad f9d58de23152f2c16f326d7e014cfa2933b00304
Bisecting: 1819 revisions left to test after this (roughly 11 steps)
[b8af417e4d93caeefb89bbfbd56ec95dedd8dab5] Merge git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next

testing commit b8af417e4d93caeefb89bbfbd56ec95dedd8dab5 with gcc (GCC) 10.2.1 20210217
kernel signature: f799a418c32b067e79a4f78f7c2cce52b228161cd214c31479fe47f155555d60
run #0: OK
run #1: OK
run #2: OK
run #3: OK
run #4: OK
run #5: OK
run #6: crashed: WARNING: ODEBUG bug in netdev_run_todo
run #7: OK
run #8: OK
run #9: OK
run #10: OK
run #11: OK
run #12: OK
run #13: OK
run #14: OK
run #15: OK
run #16: OK
run #17: OK
run #18: OK
run #19: OK
# git bisect bad b8af417e4d93caeefb89bbfbd56ec95dedd8dab5
Bisecting: 911 revisions left to test after this (roughly 10 steps)
[4d469ec8ec05e1fa4792415de1a95b28871ff2fa] Merge branch '1GbE' of git://git.kernel.org/pub/scm/linux/kernel/git/tnguy/next-queue

testing commit 4d469ec8ec05e1fa4792415de1a95b28871ff2fa with gcc (GCC) 10.2.1 20210217
kernel signature: dbf595634338e9efc850552910107648dfa8f94467053c9529555f9f1ee3944e
all runs: OK
# git bisect good 4d469ec8ec05e1fa4792415de1a95b28871ff2fa
Bisecting: 487 revisions left to test after this (roughly 9 steps)
[295f830e53f4838344c97e12ce69637e2128ca8d] rxrpc: Fix dependency on IPv6 in udp tunnel config

testing commit 295f830e53f4838344c97e12ce69637e2128ca8d with gcc (GCC) 10.2.1 20210217
kernel signature: 2b283de1d27245855c2ff04ba8f41e6ef8c019b7cc67181922e2da6ec4f3504c
all runs: OK
# git bisect good 295f830e53f4838344c97e12ce69637e2128ca8d
Bisecting: 250 revisions left to test after this (roughly 8 steps)
[93efb0c656837f4a31d7cc6117a7c8cecc8fadac] octeontx2-pf: Fix out-of-bounds read in otx2_get_fecparam()

testing commit 93efb0c656837f4a31d7cc6117a7c8cecc8fadac with gcc (GCC) 10.2.1 20210217
kernel signature: 914fac1dff0a9b3c15e46d892108f8f1c2d71e1b3ef5336fda37a17e0537f782
run #0: basic kernel testing failed: failed to copy test binary to VM: failed to run ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "/syzkaller/jobs/linux/workdir/repro.prog" "root@10.128.10.5:./repro.prog"]: exit status 1
Warning: Permanently added '10.128.10.5' (ECDSA) to the list of known hosts.
/syzkaller/jobs/linux/workdir/repro.prog: Broken pipe

run #1: OK
run #2: OK
run #3: OK
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
run #10: OK
run #11: OK
run #12: OK
run #13: OK
run #14: OK
run #15: OK
run #16: OK
run #17: OK
run #18: OK
run #19: OK
# git bisect good 93efb0c656837f4a31d7cc6117a7c8cecc8fadac
Bisecting: 125 revisions left to test after this (roughly 7 steps)
[45159b27637b0fef6d5ddb86fc7c46b13c77960f] bpf: Clear subreg_def for global function return values

testing commit 45159b27637b0fef6d5ddb86fc7c46b13c77960f with gcc (GCC) 10.2.1 20210217
kernel signature: 6d703f1bca91bca33eef0343d8ed327523be658a75e2e3ef4b6631cd2923adfb
all runs: OK
# git bisect good 45159b27637b0fef6d5ddb86fc7c46b13c77960f
Bisecting: 62 revisions left to test after this (roughly 6 steps)
[d13612b58e6453fc664f282514fe2bd7b848230f] skbuff: allow to optionally use NAPI cache from __alloc_skb()

testing commit d13612b58e6453fc664f282514fe2bd7b848230f with gcc (GCC) 10.2.1 20210217
kernel signature: a00f709fbad116feeb4d4186ebf14d9daf46223c3fbdfa891281bba5a52c4d02
run #0: crashed: WARNING: ODEBUG bug in netdev_run_todo
run #1: OK
run #2: OK
run #3: OK
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
run #10: OK
run #11: OK
run #12: OK
run #13: OK
run #14: OK
run #15: OK
run #16: OK
run #17: OK
run #18: OK
run #19: OK
# git bisect bad d13612b58e6453fc664f282514fe2bd7b848230f
Bisecting: 30 revisions left to test after this (roughly 5 steps)
[4098ced4680a485c5953f60ac63dff19f3fb3d42] Merge branch 'brport-flags'

testing commit 4098ced4680a485c5953f60ac63dff19f3fb3d42 with gcc (GCC) 10.2.1 20210217
kernel signature: acf6ab51469c18ffb0ff84d81fc6a0539495c7fc4a22b037ed102fb64e5aec04
all runs: OK
# git bisect good 4098ced4680a485c5953f60ac63dff19f3fb3d42
Bisecting: 15 revisions left to test after this (roughly 4 steps)
[5cdaf9d6fad1b458a29e0890fd9f852568512f26] Merge branch '40GbE' of git://git.kernel.org/pub/scm/linux/kernel/git/tnguy/next-queue

testing commit 5cdaf9d6fad1b458a29e0890fd9f852568512f26 with gcc (GCC) 10.2.1 20210217
kernel signature: acf6ab51469c18ffb0ff84d81fc6a0539495c7fc4a22b037ed102fb64e5aec04
all runs: OK
# git bisect good 5cdaf9d6fad1b458a29e0890fd9f852568512f26
Bisecting: 7 revisions left to test after this (roughly 3 steps)
[5381b23d5bf9c06899324a6268a78e1113ea5382] skbuff: move __alloc_skb() next to the other skb allocation functions

testing commit 5381b23d5bf9c06899324a6268a78e1113ea5382 with gcc (GCC) 10.2.1 20210217
kernel signature: c57f10cd6d560ac0cad7d34da00c7b4e178df367667fe72a582b8e4165feadaf
all runs: OK
# git bisect good 5381b23d5bf9c06899324a6268a78e1113ea5382
Bisecting: 3 revisions left to test after this (roughly 2 steps)
[f9d6725bf44a5b9412b5da07e3467100fe2af236] skbuff: use __build_skb_around() in __alloc_skb()

testing commit f9d6725bf44a5b9412b5da07e3467100fe2af236 with gcc (GCC) 10.2.1 20210217
kernel signature: 1b41f52a41cc682882da3b756918238d0d848f4e2ecd10955b9489731e400bdf
run #0: crashed: WARNING: ODEBUG bug in netdev_run_todo
run #1: OK
run #2: OK
run #3: OK
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
run #10: OK
run #11: OK
run #12: OK
run #13: OK
run #14: OK
run #15: OK
run #16: OK
run #17: OK
run #18: OK
run #19: OK
# git bisect bad f9d6725bf44a5b9412b5da07e3467100fe2af236
Bisecting: 1 revision left to test after this (roughly 1 step)
[483126b3b2c649c0ef95f67ac75d3c99390d6cc8] skbuff: make __build_skb_around() return void

testing commit 483126b3b2c649c0ef95f67ac75d3c99390d6cc8 with gcc (GCC) 10.2.1 20210217
kernel signature: b86123194789ffffa9f97a72429bd8cdc53296845f5a165d17f4a272de39e432
all runs: OK
# git bisect good 483126b3b2c649c0ef95f67ac75d3c99390d6cc8
Bisecting: 0 revisions left to test after this (roughly 0 steps)
[df1ae022af2cd79f7ad3c65d95369d4649feea52] skbuff: simplify __alloc_skb() a bit

testing commit df1ae022af2cd79f7ad3c65d95369d4649feea52 with gcc (GCC) 10.2.1 20210217
kernel signature: 70b00271a6f4bb1aa94f9630db0d7f0f0b3e4a4cce556511899879342f0b8a74
all runs: OK
# git bisect good df1ae022af2cd79f7ad3c65d95369d4649feea52
f9d6725bf44a5b9412b5da07e3467100fe2af236 is the first bad commit
commit f9d6725bf44a5b9412b5da07e3467100fe2af236
Author: Alexander Lobakin <alobakin@pm.me>
Date:   Sat Feb 13 14:11:50 2021 +0000

    skbuff: use __build_skb_around() in __alloc_skb()
    
    Just call __build_skb_around() instead of open-coding it.
    
    Signed-off-by: Alexander Lobakin <alobakin@pm.me>
    Signed-off-by: David S. Miller <davem@davemloft.net>

 net/core/skbuff.c | 18 +-----------------
 1 file changed, 1 insertion(+), 17 deletions(-)

culprit signature: 1b41f52a41cc682882da3b756918238d0d848f4e2ecd10955b9489731e400bdf
parent  signature: 70b00271a6f4bb1aa94f9630db0d7f0f0b3e4a4cce556511899879342f0b8a74
Reproducer flagged being flaky
revisions tested: 16, total time: 4h49m59.847578374s (build: 1h46m38.696865461s, test: 3h1m21.205924963s)
first bad commit: f9d6725bf44a5b9412b5da07e3467100fe2af236 skbuff: use __build_skb_around() in __alloc_skb()
recipients (to): ["alobakin@pm.me" "davem@davemloft.net" "davem@davemloft.net" "kuba@kernel.org" "netdev@vger.kernel.org"]
recipients (cc): ["gnault@redhat.com" "linmiaohe@huawei.com" "linux-kernel@vger.kernel.org"]
crash: WARNING: ODEBUG bug in netdev_run_todo
------------[ cut here ]------------
ODEBUG: free active (active state 0) object type: timer_list hint: delayed_work_timer_fn+0x0/0x90 kernel/workqueue.c:1601
WARNING: CPU: 1 PID: 49 at lib/debugobjects.c:505 debug_print_object+0x16e/0x250 lib/debugobjects.c:505
Modules linked in:
CPU: 1 PID: 49 Comm: kworker/u4:2 Not tainted 5.11.0-rc7-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: netns cleanup_net

RIP: 0010:debug_print_object+0x16e/0x250 lib/debugobjects.c:505
Code: ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 af 00 00 00 48 8b 14 dd e0 d3 dd 88 4c 89 ee 48 c7 c7 e0 c7 dd 88 e8 5f b9 80 04 <0f> 0b 83 05 f5 5b bc 08 01 48 83 c4 18 5b 5d 41 5c 41 5d 41 5e c3
RSP: 0018:ffffc90000eff890 EFLAGS: 00010282

RAX: 0000000000000000 RBX: 0000000000000003 RCX: 0000000000000000
RDX: 0000000000000001 RSI: ffffffff88ddc3c0 RDI: fffff520001dff04
RBP: 0000000000000001 R08: 0000000000000001 R09: ffff8880b9f30827
R10: ffffed10173e6104 R11: 657461747320654f R12: ffffffff888cd2e0
R13: ffffffff88ddce20 R14: ffffffff81594740 R15: dffffc0000000000
FS:  0000000000000000(0000) GS:ffff8880b9f00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000000004b1290 CR3: 0000000013ac0000 CR4: 00000000001506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 __debug_check_no_obj_freed lib/debugobjects.c:987 [inline]
 debug_check_no_obj_freed+0x301/0x420 lib/debugobjects.c:1018
 slab_free_hook mm/slub.c:1539 [inline]
 slab_free_freelist_hook+0x107/0x150 mm/slub.c:1580
 slab_free mm/slub.c:3143 [inline]
 kfree+0xdb/0x3b0 mm/slub.c:4139
 device_release+0x93/0x200 drivers/base/core.c:1980
 kobject_cleanup lib/kobject.c:705 [inline]
 kobject_release lib/kobject.c:736 [inline]
 kref_put include/linux/kref.h:65 [inline]
 kobject_put+0x139/0x410 lib/kobject.c:753
 netdev_run_todo+0x810/0xcd0 net/core/dev.c:10491
 default_device_exit_batch+0x2aa/0x360 net/core/dev.c:11442
 cleanup_net+0x423/0x990 net/core/net_namespace.c:595
 process_one_work+0x84c/0x13b0 kernel/workqueue.c:2275
 worker_thread+0x598/0xf80 kernel/workqueue.c:2421
 kthread+0x36f/0x450 kernel/kthread.c:292
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:296