bisecting cause commit starting from ab0441b4a92053228f1f089f66d2fc100f3f9dd3
building syzkaller on f115ae985a399ddce060f448097b8068450a8f48
testing commit ab0441b4a92053228f1f089f66d2fc100f3f9dd3 with gcc (GCC) 10.2.1 20210217
kernel signature: 089c0f47b22e07c2e56f84abb3284c776c88e2ff94ef477507cb39c38e9623ef
all runs: crashed: KASAN: use-after-free Read in tipc_recvmsg
testing release v5.13
testing commit 62fb9874f5da54fdb243003b386128037319b219 with gcc (GCC) 10.2.1 20210217
kernel signature: 909f5b513362d755e99068620c19525cb2afd91ca8725228219fd46574a48866
all runs: OK
# git bisect start ab0441b4a92053228f1f089f66d2fc100f3f9dd3 62fb9874f5da54fdb243003b386128037319b219
Bisecting: 6910 revisions left to test after this (roughly 13 steps)
[e058a84bfddc42ba356a2316f2cf1141974625c9] Merge tag 'drm-next-2021-07-01' of git://anongit.freedesktop.org/drm/drm

testing commit e058a84bfddc42ba356a2316f2cf1141974625c9 with gcc (GCC) 10.2.1 20210217
kernel signature: 80e616c0a32da83f2e1c981632797a43bdc75787ea21ca73f4f160872e2a404d
all runs: OK
# git bisect good e058a84bfddc42ba356a2316f2cf1141974625c9
Bisecting: 3462 revisions left to test after this (roughly 12 steps)
[f5c13f1fdef9fed65b95c3c5f343d22c425ac1d7] Merge tag 'driver-core-5.14-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core

testing commit f5c13f1fdef9fed65b95c3c5f343d22c425ac1d7 with gcc (GCC) 10.2.1 20210217
kernel signature: a3987e747a0b341672971f98273aa4cff0a8a625785628289bb9db5d68ed2b04
run #0: boot failed: kernel panic: VFS: Unable to mount root fs on unknown-block(0,0)
run #1: boot failed: BUG: sleeping function called from invalid context in stack_depot_save
run #2: boot failed: kernel panic: VFS: Unable to mount root fs on unknown-block(0,0)
run #3: boot failed: BUG: sleeping function called from invalid context in stack_depot_save
run #4: boot failed: kernel panic: VFS: Unable to mount root fs on unknown-block(0,0)
run #5: boot failed: BUG: sleeping function called from invalid context in stack_depot_save
run #6: boot failed: BUG: sleeping function called from invalid context in stack_depot_save
run #7: boot failed: kernel panic: VFS: Unable to mount root fs on unknown-block(0,0)
run #8: boot failed: kernel panic: VFS: Unable to mount root fs on unknown-block(0,0)
run #9: boot failed: possible deadlock in fs_reclaim_acquire
# git bisect skip f5c13f1fdef9fed65b95c3c5f343d22c425ac1d7
Bisecting: 3462 revisions left to test after this (roughly 12 steps)
[e6be37b2e7bddfe0c76585ee7c7eee5acc8efeab] mm/huge_memory.c: add missing read-only THP checking in transparent_hugepage_enabled()

testing commit e6be37b2e7bddfe0c76585ee7c7eee5acc8efeab with gcc (GCC) 10.2.1 20210217
kernel signature: a00e23bfd42a60fee19e613a3879ab6cb2d8d951ff3d315ea47ffb965dc27090
all runs: OK
# git bisect good e6be37b2e7bddfe0c76585ee7c7eee5acc8efeab
Bisecting: 3462 revisions left to test after this (roughly 12 steps)
[5a57de58a3d1ebc9a3dc106b0e7007c3ccbf052f] Merge branch 'pci/host/tegra194'

testing commit 5a57de58a3d1ebc9a3dc106b0e7007c3ccbf052f with gcc (GCC) 10.2.1 20210217
kernel signature: c34fdafb8303c5f7716f4abfeb638d57e4e2b0b18191e311f85d883c927dc5e7
all runs: OK
# git bisect good 5a57de58a3d1ebc9a3dc106b0e7007c3ccbf052f
Bisecting: 3412 revisions left to test after this (roughly 12 steps)
[df941fdd779e43112323a9c057dbbdbc0b1512a2] crypto: sl3516 - Typo s/Stormlink/Storlink/

testing commit df941fdd779e43112323a9c057dbbdbc0b1512a2 with gcc (GCC) 10.2.1 20210217
kernel signature: b6944c7b1927497fea18c82aadecdd9aab1f69726dce9334ee8418b709a3d0a2
all runs: OK
# git bisect good df941fdd779e43112323a9c057dbbdbc0b1512a2
Bisecting: 3407 revisions left to test after this (roughly 12 steps)
[30b7ba6972d59cdf3ffce161ab9005a5f7562f9f] ALSA: core: Add continuous and vmalloc mmap ops

testing commit 30b7ba6972d59cdf3ffce161ab9005a5f7562f9f with gcc (GCC) 10.2.1 20210217
kernel signature: ca353d74f606b80bf44611a3ad01a51851aab7c8dd35896037ea90e4db303b9c
all runs: OK
# git bisect good 30b7ba6972d59cdf3ffce161ab9005a5f7562f9f
Bisecting: 3407 revisions left to test after this (roughly 12 steps)
[9ecc2ebbb6360101fed75baa0cc7c80769d00b56] iio: adc: ti-adc108s102: Use devm managed functions for all of probe()

testing commit 9ecc2ebbb6360101fed75baa0cc7c80769d00b56 with gcc (GCC) 10.2.1 20210217
kernel signature: d84f828336093f10ae02966e9ff5c517a416b716af67c32d339cf54ab4490d5e
all runs: OK
# git bisect good 9ecc2ebbb6360101fed75baa0cc7c80769d00b56
Bisecting: 3058 revisions left to test after this (roughly 12 steps)
[eed0218e8cae9fcd186c30e9fcf5fe46a87e056e] Merge tag 'char-misc-5.14-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc

testing commit eed0218e8cae9fcd186c30e9fcf5fe46a87e056e with gcc (GCC) 10.2.1 20210217
kernel signature: 844763d03d7c59fd1d91dd7861bf9466d9e927f880e79f06541c8a7c1fbca4a2
run #0: boot failed: possible deadlock in get_page_from_freelist
run #1: boot failed: kernel panic: VFS: Unable to mount root fs on unknown-block(0,0)
run #2: boot failed: BUG: sleeping function called from invalid context in stack_depot_save
run #3: boot failed: kernel panic: VFS: Unable to mount root fs on unknown-block(0,0)
run #4: boot failed: kernel panic: VFS: Unable to mount root fs on unknown-block(0,0)
run #5: boot failed: kernel panic: VFS: Unable to mount root fs on unknown-block(0,0)
run #6: boot failed: kernel panic: VFS: Unable to mount root fs on unknown-block(0,0)
run #7: boot failed: BUG: sleeping function called from invalid context in stack_depot_save
run #8: boot failed: kernel panic: VFS: Unable to mount root fs on unknown-block(0,0)
run #9: boot failed: kernel panic: VFS: Unable to mount root fs on unknown-block(0,0)
# git bisect skip eed0218e8cae9fcd186c30e9fcf5fe46a87e056e
Bisecting: 3058 revisions left to test after this (roughly 12 steps)
[c813bb37bd32cb967060a2c573fae4ea518d32eb] nvmem: qfprom: minor nit fixes

testing commit c813bb37bd32cb967060a2c573fae4ea518d32eb with gcc (GCC) 10.2.1 20210217
kernel signature: fa01f648858505b9ddedf100ac148b2674cb4389fcb2e44104b88df12955ee94
all runs: OK
# git bisect good c813bb37bd32cb967060a2c573fae4ea518d32eb
Bisecting: 3058 revisions left to test after this (roughly 12 steps)
[a3309226454a7e76d76251579c1183787694f303] powerpc/signal64: Don't read sigaction arguments back from user memory

testing commit a3309226454a7e76d76251579c1183787694f303 with gcc (GCC) 10.2.1 20210217
kernel signature: 01dfa9f8b84d4ecddd0e02f32cb0a87cb4490a1b47bc1843e0b5d6b583ffdf27
all runs: OK
# git bisect good a3309226454a7e76d76251579c1183787694f303
Bisecting: 3027 revisions left to test after this (roughly 12 steps)
[b743b86ce6bb2b32a05962a9cc713894d9736ae1] perf script: Share addr_al between functions

testing commit b743b86ce6bb2b32a05962a9cc713894d9736ae1 with gcc (GCC) 10.2.1 20210217
kernel signature: a663e949b4a782cc5055d765c1888cbc817d8d32d30b92cc10bc4b5fd0ade13d
all runs: OK
# git bisect good b743b86ce6bb2b32a05962a9cc713894d9736ae1
Bisecting: 3027 revisions left to test after this (roughly 12 steps)
[9ba0889e2272294bfbb5589b1b180ad2e782b2a4] xfs: drop the AGI being passed to xfs_check_agi_freecount

testing commit 9ba0889e2272294bfbb5589b1b180ad2e782b2a4 with gcc (GCC) 10.2.1 20210217
kernel signature: 09fc6a8d40df4bab1066cc86f12364bc6628543149a0048b239a5a0ab2763641
all runs: OK
# git bisect good 9ba0889e2272294bfbb5589b1b180ad2e782b2a4
Bisecting: 3027 revisions left to test after this (roughly 12 steps)
[d8dc121eeab9abfbc510097f8db83e87560f753b] Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6

testing commit d8dc121eeab9abfbc510097f8db83e87560f753b with gcc (GCC) 10.2.1 20210217
kernel signature: 31483e548871b04ea34d5c5a8377ddcbcb52398a8362e513a7b42b044b25a8f9
run #0: boot failed: BUG: sleeping function called from invalid context in stack_depot_save
run #1: boot failed: kernel panic: VFS: Unable to mount root fs on unknown-block(0,0)
run #2: boot failed: BUG: sleeping function called from invalid context in stack_depot_save
run #3: boot failed: kernel panic: VFS: Unable to mount root fs on unknown-block(0,0)
run #4: boot failed: kernel panic: VFS: Unable to mount root fs on unknown-block(0,0)
run #5: boot failed: kernel panic: VFS: Unable to mount root fs on unknown-block(0,0)
run #6: boot failed: kernel panic: VFS: Unable to mount root fs on unknown-block(0,0)
run #7: boot failed: kernel panic: VFS: Unable to mount root fs on unknown-block(0,0)
run #8: boot failed: kernel panic: VFS: Unable to mount root fs on unknown-block(0,0)
run #9: boot failed: kernel panic: VFS: Unable to mount root fs on unknown-block(0,0)
# git bisect skip d8dc121eeab9abfbc510097f8db83e87560f753b
Bisecting: 3027 revisions left to test after this (roughly 12 steps)
[03e28d5233d50fb2a27fa02d032e77974d03eb2b] usb: isp1760: use relaxed primitives

testing commit 03e28d5233d50fb2a27fa02d032e77974d03eb2b with gcc (GCC) 10.2.1 20210217
kernel signature: 0cf693d177e0f0d08b471fdec33ed57625c6a077076c4c561dda15ad5dc8e78e
all runs: OK
# git bisect good 03e28d5233d50fb2a27fa02d032e77974d03eb2b
Bisecting: 2989 revisions left to test after this (roughly 12 steps)
[4c55e2aeb8082cb118cd63596bfe0dc5247b78e1] Merge tag 'for-linus' of git://github.com/openrisc/linux

testing commit 4c55e2aeb8082cb118cd63596bfe0dc5247b78e1 with gcc (GCC) 10.2.1 20210217
kernel signature: 6250363ab639172082f5f782550c7d65dd23fc99cf5ff964c3fb0bd5226bc4a9
run #0: boot failed: kernel panic: VFS: Unable to mount root fs on unknown-block(0,0)
run #1: boot failed: kernel panic: VFS: Unable to mount root fs on unknown-block(0,0)
run #2: boot failed: possible deadlock in fs_reclaim_acquire
run #3: boot failed: kernel panic: VFS: Unable to mount root fs on unknown-block(0,0)
run #4: boot failed: BUG: sleeping function called from invalid context in stack_depot_save
run #5: boot failed: kernel panic: VFS: Unable to mount root fs on unknown-block(0,0)
run #6: boot failed: kernel panic: VFS: Unable to mount root fs on unknown-block(0,0)
run #7: boot failed: kernel panic: VFS: Unable to mount root fs on unknown-block(0,0)
run #8: boot failed: possible deadlock in fs_reclaim_acquire
run #9: boot failed: kernel panic: VFS: Unable to mount root fs on unknown-block(0,0)
# git bisect skip 4c55e2aeb8082cb118cd63596bfe0dc5247b78e1
Bisecting: 2989 revisions left to test after this (roughly 12 steps)
[67a3156453859ceb40dc4448b7a6a99ea0ad27c7] of: Merge of_address_to_resource() and of_pci_address_to_resource() implementations

testing commit 67a3156453859ceb40dc4448b7a6a99ea0ad27c7 with gcc (GCC) 10.2.1 20210217
kernel signature: ad4f4a88bc477b8fab252a65276757edde9db66fc28e4d3f7444c5d0a197ca36
run #0: crashed: WARNING: ODEBUG bug in netdev_run_todo
run #1: OK
run #2: OK
run #3: OK
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
reproducer seems to be flaky
# git bisect bad 67a3156453859ceb40dc4448b7a6a99ea0ad27c7
Bisecting: 23 revisions left to test after this (roughly 5 steps)
[f743c41d00bea01bf3e5c79b1ae5dcebca8f8daa] dt-bindings: rtc: nxp,pcf8563: Convert to DT schema

testing commit f743c41d00bea01bf3e5c79b1ae5dcebca8f8daa with gcc (GCC) 10.2.1 20210217
kernel signature: f27b781a0a49a7852f1c4f1d2d6e7fe5900f905ce600ea22e7c7dc39c8a88e0f
all runs: OK
# git bisect good f743c41d00bea01bf3e5c79b1ae5dcebca8f8daa
Bisecting: 11 revisions left to test after this (roughly 4 steps)
[cba0c95b3b35737ac614c6de232261224c5088aa] dt-bindings: firmware: juno,scpi: Move to sram.yaml json schema

testing commit cba0c95b3b35737ac614c6de232261224c5088aa with gcc (GCC) 10.2.1 20210217
kernel signature: f27b781a0a49a7852f1c4f1d2d6e7fe5900f905ce600ea22e7c7dc39c8a88e0f
all runs: OK
# git bisect good cba0c95b3b35737ac614c6de232261224c5088aa
Bisecting: 5 revisions left to test after this (roughly 3 steps)
[e84881785ea915e9bcff5bf4ed07f6749084ab66] dt-bindings: reset: update ti,sci-reset.yaml references

testing commit e84881785ea915e9bcff5bf4ed07f6749084ab66 with gcc (GCC) 10.2.1 20210217
kernel signature: f27b781a0a49a7852f1c4f1d2d6e7fe5900f905ce600ea22e7c7dc39c8a88e0f
all runs: OK
# git bisect good e84881785ea915e9bcff5bf4ed07f6749084ab66
Bisecting: 2 revisions left to test after this (roughly 2 steps)
[00dcc7cf1a49f93efaa281cc85c88005995ecf63] PCI: Add empty stub for pci_register_io_range()

testing commit 00dcc7cf1a49f93efaa281cc85c88005995ecf63 with gcc (GCC) 10.2.1 20210217
kernel signature: f27b781a0a49a7852f1c4f1d2d6e7fe5900f905ce600ea22e7c7dc39c8a88e0f
all runs: OK
# git bisect good 00dcc7cf1a49f93efaa281cc85c88005995ecf63
Bisecting: 1 revision left to test after this (roughly 1 step)
[050a2c62dfc7d9ef457405f6ab4b715e9a2e32d7] of: Merge of_get_address() and of_get_pci_address() implementations

testing commit 050a2c62dfc7d9ef457405f6ab4b715e9a2e32d7 with gcc (GCC) 10.2.1 20210217
kernel signature: 9e52890e1ed3a2e5bdb093d49470b6b5fcb54dfec13056f8f761bc7d821f7204
all runs: OK
# git bisect good 050a2c62dfc7d9ef457405f6ab4b715e9a2e32d7
Bisecting: 0 revisions left to test after this (roughly 0 steps)
[c3c0dc75774b488770f33598109161040d291367] of: address: Use IS_ENABLED() for !CONFIG_PCI

testing commit c3c0dc75774b488770f33598109161040d291367 with gcc (GCC) 10.2.1 20210217
kernel signature: 2f006930d322251e1db79c1c49606bbb1415e96bc53f5d60db9a1dfb9d9c4adb
all runs: OK
# git bisect good c3c0dc75774b488770f33598109161040d291367
67a3156453859ceb40dc4448b7a6a99ea0ad27c7 is the first bad commit
commit 67a3156453859ceb40dc4448b7a6a99ea0ad27c7
Author: Rob Herring <robh@kernel.org>
Date:   Thu May 27 14:45:47 2021 -0500

    of: Merge of_address_to_resource() and of_pci_address_to_resource() implementations
    
    of_address_to_resource() and of_pci_address_to_resource() are almost the
    same except the former takes an index and the latter takes a BAR number.
    Now that __of_get_address() can take either one, refactor the functions
    to use a common implementation.
    
    Cc: Frank Rowand <frowand.list@gmail.com>
    Signed-off-by: Rob Herring <robh@kernel.org>
    Link: https://lore.kernel.org/r/20210527194547.1287934-5-robh@kernel.org

 drivers/of/address.c | 44 ++++++++++++++++++--------------------------
 1 file changed, 18 insertions(+), 26 deletions(-)

culprit signature: ad4f4a88bc477b8fab252a65276757edde9db66fc28e4d3f7444c5d0a197ca36
parent  signature: 2f006930d322251e1db79c1c49606bbb1415e96bc53f5d60db9a1dfb9d9c4adb
Reproducer flagged being flaky
revisions tested: 24, total time: 7h15m56.249813137s (build: 2h43m15.322492184s, test: 4h29m26.055065577s)
first bad commit: 67a3156453859ceb40dc4448b7a6a99ea0ad27c7 of: Merge of_address_to_resource() and of_pci_address_to_resource() implementations
recipients (to): ["devicetree@vger.kernel.org" "frowand.list@gmail.com" "robh+dt@kernel.org" "robh@kernel.org"]
recipients (cc): ["linux-kernel@vger.kernel.org"]
crash: WARNING: ODEBUG bug in netdev_run_todo
bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
bond0 (unregistering): Released all slaves
------------[ cut here ]------------
ODEBUG: free active (active state 0) object type: timer_list hint: delayed_work_timer_fn+0x0/0x90 kernel/workqueue.c:1601
WARNING: CPU: 0 PID: 59 at lib/debugobjects.c:505 debug_print_object+0x16e/0x250 lib/debugobjects.c:505
Modules linked in:
CPU: 0 PID: 59 Comm: kworker/u4:3 Not tainted 5.13.0-rc1-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: netns cleanup_net
RIP: 0010:debug_print_object+0x16e/0x250 lib/debugobjects.c:505
Code: ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 af 00 00 00 48 8b 14 dd 80 44 ff 88 4c 89 ee 48 c7 c7 80 38 ff 88 e8 6e 72 8c 04 <0f> 0b 83 05 b5 15 d9 08 01 48 83 c4 18 5b 5d 41 5c 41 5d 41 5e c3
RSP: 0018:ffffc90000e4f870 EFLAGS: 00010286
RAX: 0000000000000000 RBX: 0000000000000003 RCX: 0000000000000000
RDX: 0000000000000001 RSI: ffffffff88ff3460 RDI: fffff520001c9f00
RBP: 0000000000000001 R08: 0000000000000001 R09: ffff8880b9e4bec7
R10: ffffed10173c97d8 R11: 657461747320654f R12: ffffffff88acdf00
R13: ffffffff88ff3ec0 R14: ffffffff815ab870 R15: dffffc0000000000
FS:  0000000000000000(0000) GS:ffff8880b9e00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000000004b01d0 CR3: 000000001e898000 CR4: 00000000001506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 __debug_check_no_obj_freed lib/debugobjects.c:987 [inline]
 debug_check_no_obj_freed+0x301/0x420 lib/debugobjects.c:1018
 slab_free_hook mm/slub.c:1556 [inline]
 slab_free_freelist_hook+0x174/0x240 mm/slub.c:1606
 slab_free mm/slub.c:3166 [inline]
 kfree+0xe5/0x7f0 mm/slub.c:4225
 device_release+0x93/0x200 drivers/base/core.c:2185
 kobject_cleanup lib/kobject.c:705 [inline]
 kobject_release lib/kobject.c:736 [inline]
 kref_put include/linux/kref.h:65 [inline]
 kobject_put+0x139/0x410 lib/kobject.c:753
 netdev_run_todo+0x63b/0x910 net/core/dev.c:10567
 default_device_exit_batch+0x2aa/0x360 net/core/dev.c:11537
 cleanup_net+0x423/0x990 net/core/net_namespace.c:595
 process_one_work+0x84c/0x13b0 kernel/workqueue.c:2275
 worker_thread+0x598/0xf80 kernel/workqueue.c:2421
 kthread+0x36f/0x450 kernel/kthread.c:313
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294