bisecting cause commit starting from 7ae77150d94d3b535c7b85e6b3647113095e79bf building syzkaller on 588020678f34b89925fcfbcaf8f635c5850e8e7a testing commit 7ae77150d94d3b535c7b85e6b3647113095e79bf with gcc (GCC) 8.1.0 kernel signature: 5847ce1f9b4894614b29f2ed8299c91c35b31d3843719c211f1364411dbd29d2 run #0: crashed: KASAN: use-after-free Read in __smsc95xx_mdio_read run #1: crashed: KASAN: use-after-free Read in __smsc95xx_mdio_read run #2: crashed: KASAN: use-after-free Read in __smsc95xx_mdio_read run #3: crashed: KASAN: use-after-free Read in __smsc95xx_mdio_read run #4: crashed: KASAN: use-after-free Read in __smsc95xx_mdio_read run #5: crashed: KASAN: use-after-free Read in __smsc95xx_mdio_read run #6: crashed: KASAN: use-after-free Read in __smsc95xx_mdio_read run #7: crashed: KASAN: use-after-free Read in __smsc95xx_mdio_read run #8: OK run #9: OK testing release v5.7 testing commit 3d77e6a8804abcc0504c904bd6e5cdf3a5cf8162 with gcc (GCC) 8.1.0 kernel signature: 91502023c23bb7b7e4aeb37797b7224fcf3f1244fbcc266d3be4cea408dcd7fd all runs: OK # git bisect start 7ae77150d94d3b535c7b85e6b3647113095e79bf 3d77e6a8804abcc0504c904bd6e5cdf3a5cf8162 Bisecting: 5798 revisions left to test after this (roughly 12 steps) [2e63f6ce7ed2c4ff83ba30ad9ccad422289a6c63] Merge branch 'uaccess.comedi' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs testing commit 2e63f6ce7ed2c4ff83ba30ad9ccad422289a6c63 with gcc (GCC) 8.1.0 kernel signature: b0769651997edcf3306e5bde5bed8552142aaf1ea510061371298b273f9e8eb0 all runs: OK # git bisect good 2e63f6ce7ed2c4ff83ba30ad9ccad422289a6c63 Bisecting: 2918 revisions left to test after this (roughly 12 steps) [ee01c4d72adffb7d424535adf630f2955748fa8b] Merge branch 'akpm' (patches from Andrew) testing commit ee01c4d72adffb7d424535adf630f2955748fa8b with gcc (GCC) 8.1.0 kernel signature: bc662cf2c7c6f30912a00c62972fe239b28e4f9c83f53719e8d1a5ca1e5864b5 run #0: crashed: KASAN: use-after-free Read in __smsc95xx_mdio_read run #1: crashed: KASAN: use-after-free Read in __smsc95xx_mdio_read run #2: crashed: KASAN: use-after-free Read in __smsc95xx_mdio_read run #3: crashed: KASAN: use-after-free Read in __smsc95xx_mdio_read run #4: boot failed: can't ssh into the instance run #5: crashed: KASAN: use-after-free Read in __smsc95xx_mdio_read run #6: crashed: KASAN: use-after-free Read in __smsc95xx_mdio_read run #7: OK run #8: OK run #9: OK # git bisect bad ee01c4d72adffb7d424535adf630f2955748fa8b Bisecting: 1430 revisions left to test after this (roughly 11 steps) [d00f26b623333f2419f4c3b95ff11c8b1bb96f56] Merge git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next testing commit d00f26b623333f2419f4c3b95ff11c8b1bb96f56 with gcc (GCC) 8.1.0 kernel signature: e6e1a958bebdca76ecd90c165cc45f1ffb08ed7f1be1039e3a25108d791ef10d all runs: OK # git bisect good d00f26b623333f2419f4c3b95ff11c8b1bb96f56 Bisecting: 714 revisions left to test after this (roughly 10 steps) [4fdd2dbc7cad2863c8c44793a383182f75442dfb] Merge branch 'mlxsw-Various-trap-changes-part-2' testing commit 4fdd2dbc7cad2863c8c44793a383182f75442dfb with gcc (GCC) 8.1.0 kernel signature: e6d71e950e5b481055c00da82fe5b0b6521adeec424f8e5b253c609ffb833a1b run #0: crashed: KASAN: use-after-free Read in __smsc95xx_mdio_read run #1: crashed: KASAN: use-after-free Read in __smsc95xx_mdio_read run #2: crashed: KASAN: use-after-free Read in __smsc95xx_mdio_read run #3: crashed: KASAN: use-after-free Read in __smsc95xx_mdio_read run #4: crashed: KASAN: use-after-free Read in __smsc95xx_mdio_read run #5: crashed: KASAN: use-after-free Read in __smsc95xx_mdio_read run #6: crashed: KASAN: use-after-free Read in __smsc95xx_mdio_read run #7: crashed: KASAN: use-after-free Read in __smsc95xx_mdio_read run #8: crashed: KASAN: use-after-free Read in __smsc95xx_mdio_read run #9: OK # git bisect bad 4fdd2dbc7cad2863c8c44793a383182f75442dfb Bisecting: 362 revisions left to test after this (roughly 9 steps) [46c54f9500afad6128e19138c7d97fa4900331f6] Merge tag 'mlx5-updates-2020-05-22' of git://git.kernel.org/pub/scm/linux/kernel/git/saeed/linux testing commit 46c54f9500afad6128e19138c7d97fa4900331f6 with gcc (GCC) 8.1.0 kernel signature: 1b14dc11346c174b48f58360b6e785420bba420de445437e709c1b51faa455ec all runs: OK # git bisect good 46c54f9500afad6128e19138c7d97fa4900331f6 Bisecting: 161 revisions left to test after this (roughly 8 steps) [eda31200e68d38fbb974e7ad02bcc2de2cfe6863] Merge tag 'mt76-for-kvalo-2020-05-14' of https://github.com/nbd168/wireless testing commit eda31200e68d38fbb974e7ad02bcc2de2cfe6863 with gcc (GCC) 8.1.0 kernel signature: b6902a65fc2259b9c24ff56b1f2947659c8dad84bed93d9347bdb1a558bf662e all runs: OK # git bisect good eda31200e68d38fbb974e7ad02bcc2de2cfe6863 Bisecting: 80 revisions left to test after this (roughly 6 steps) [3248044ecf9f91900be5678919966715f1fb8834] Merge tag 'wireless-drivers-next-2020-05-25' of git://git.kernel.org/pub/scm/linux/kernel/git/kvalo/wireless-drivers-next testing commit 3248044ecf9f91900be5678919966715f1fb8834 with gcc (GCC) 8.1.0 kernel signature: 633c3910086ef0af544c281642f8279a4b7758f3f40cc834712fdc4ad24ab28e run #0: crashed: KASAN: use-after-free Read in __smsc95xx_mdio_read run #1: crashed: KASAN: use-after-free Read in __smsc95xx_mdio_read run #2: crashed: KASAN: use-after-free Read in __smsc95xx_mdio_read run #3: crashed: KASAN: use-after-free Read in __smsc95xx_mdio_read run #4: crashed: KASAN: use-after-free Read in __smsc95xx_phy_wait_not_busy run #5: crashed: KASAN: use-after-free Read in __smsc95xx_mdio_read run #6: OK run #7: OK run #8: OK run #9: OK # git bisect bad 3248044ecf9f91900be5678919966715f1fb8834 Bisecting: 40 revisions left to test after this (roughly 5 steps) [7eef3d095abe11fd7f99fa86c0be7c14b8852fae] Documentation: devres: add a missing section for networking helpers testing commit 7eef3d095abe11fd7f99fa86c0be7c14b8852fae with gcc (GCC) 8.1.0 kernel signature: 48478a0d5b7232cb7ed34d3abf2a904bf4725573a7b85c6980ed538e47e7e621 run #0: crashed: WARNING: ODEBUG bug in netdev_run_todo run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect bad 7eef3d095abe11fd7f99fa86c0be7c14b8852fae Bisecting: 21 revisions left to test after this (roughly 4 steps) [098205f3c688885394ed1f670a6a7cb4a58728a3] Merge branch '1GbE' of git://git.kernel.org/pub/scm/linux/kernel/git/jkirsher/next-queue testing commit 098205f3c688885394ed1f670a6a7cb4a58728a3 with gcc (GCC) 8.1.0 kernel signature: 4727403604c20df0d68c60a35902736544b753b17923d5ff3a479f894a840e45 all runs: OK # git bisect good 098205f3c688885394ed1f670a6a7cb4a58728a3 Bisecting: 10 revisions left to test after this (roughly 4 steps) [4dc926d3a59e73b8c4adf51b261f1a1bbd48a989] ice: Fix Tx timeout when link is toggled on a VF's interface testing commit 4dc926d3a59e73b8c4adf51b261f1a1bbd48a989 with gcc (GCC) 8.1.0 kernel signature: 8aeb492aea7a5c6c5f4fd3a38931381bf93a71c94d642c37cafd84b8d97a3f5a all runs: OK # git bisect good 4dc926d3a59e73b8c4adf51b261f1a1bbd48a989 Bisecting: 5 revisions left to test after this (roughly 3 steps) [c1e0883012a75a04180a6ebf23a869172187c506] ice: cleanup unsigned loops testing commit c1e0883012a75a04180a6ebf23a869172187c506 with gcc (GCC) 8.1.0 kernel signature: 813024719b2bc61f1c63d8e3e33f4e6c7f621005fae4b7ef9b90cb620a7b5ddf all runs: OK # git bisect good c1e0883012a75a04180a6ebf23a869172187c506 Bisecting: 2 revisions left to test after this (roughly 2 steps) [a15aaa038b8ed213da7547f31c98345e2fe06d64] r8169: remove mask argument from r8168dp_ocp_read testing commit a15aaa038b8ed213da7547f31c98345e2fe06d64 with gcc (GCC) 8.1.0 kernel signature: cf78c0139b1c5212a901cb504cae927de2307e9caccb8ad1271c305a0151dda8 all runs: OK # git bisect good a15aaa038b8ed213da7547f31c98345e2fe06d64 Bisecting: 0 revisions left to test after this (roughly 1 step) [54b9aca08c9a141f48beb533ccb9ebcee679e855] Merge branch 'r8169-remove-mask-argument-from-few-ERI-OCP-functions' testing commit 54b9aca08c9a141f48beb533ccb9ebcee679e855 with gcc (GCC) 8.1.0 kernel signature: 8a65eaa4a2c8300533fbc59c1fd0740a8063f2d8c4cb099eaf1d24e1f69e2eef run #0: OK run #1: OK run #2: OK run #3: OK run #4: crashed: WARNING: ODEBUG bug in netdev_run_todo run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect bad 54b9aca08c9a141f48beb533ccb9ebcee679e855 Bisecting: 0 revisions left to test after this (roughly 0 steps) [787c0c04f4c28d10a1c49bcbd625c24a3e9155d1] r8169: remove mask argument from r8168ep_ocp_read testing commit 787c0c04f4c28d10a1c49bcbd625c24a3e9155d1 with gcc (GCC) 8.1.0 kernel signature: 34d19e3f0930d86cbf76aea93a391bd8ec7b387f5d3bb4c8bb8c9a68501702e2 all runs: OK # git bisect good 787c0c04f4c28d10a1c49bcbd625c24a3e9155d1 54b9aca08c9a141f48beb533ccb9ebcee679e855 is the first bad commit commit 54b9aca08c9a141f48beb533ccb9ebcee679e855 Merge: 2b1a7f741a95 787c0c04f4c2 Author: David S. Miller Date: Sat May 23 16:54:35 2020 -0700 Merge branch 'r8169-remove-mask-argument-from-few-ERI-OCP-functions' Heiner Kallweit says: ==================== r8169: remove mask argument from few ERI/OCP functions Few ERI/OCP functions have a mask argument that isn't needed. Remove it to simplify the functions. ==================== Signed-off-by: David S. Miller drivers/net/ethernet/realtek/r8169_main.c | 86 ++++++++++++++----------------- 1 file changed, 39 insertions(+), 47 deletions(-) revisions tested: 16, total time: 4h42m47.331235258s (build: 1h39m50.475819606s, test: 3h0m12.112523587s) first bad commit: 54b9aca08c9a141f48beb533ccb9ebcee679e855 Merge branch 'r8169-remove-mask-argument-from-few-ERI-OCP-functions' cc: ["davem@davemloft.net"] crash: WARNING: ODEBUG bug in netdev_run_todo ------------[ cut here ]------------ ODEBUG: free active (active state 0) object type: timer_list hint: delayed_work_timer_fn+0x0/0x90 arch/x86/include/asm/paravirt.h:759 WARNING: CPU: 0 PID: 340 at lib/debugobjects.c:488 debug_print_object+0x160/0x210 lib/debugobjects.c:485 Kernel panic - not syncing: panic_on_warn set ... CPU: 0 PID: 340 Comm: kworker/u4:5 Not tainted 5.7.0-rc5-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: netns cleanup_net Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x128/0x182 lib/dump_stack.c:118 panic+0x22a/0x4e3 kernel/panic.c:221 __warn.cold.10+0x25/0x26 kernel/panic.c:582 report_bug+0x1ad/0x270 lib/bug.c:195 fixup_bug arch/x86/kernel/traps.c:175 [inline] do_error_trap+0x123/0x210 arch/x86/kernel/traps.c:267 do_invalid_op+0x31/0x40 arch/x86/kernel/traps.c:286 invalid_op+0x23/0x30 arch/x86/entry/entry_64.S:1027 RIP: 0010:debug_print_object+0x160/0x210 lib/debugobjects.c:485 Code: ce 87 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 96 00 00 00 48 8b 14 dd 60 dd ce 87 4c 89 f6 48 c7 c7 c0 d2 ce 87 e8 5c d5 ee fd <0f> 0b 83 05 9b d8 6f 06 01 48 83 c4 18 5b 5d 41 5c 41 5d 41 5e c3 RSP: 0018:ffffc90001597980 EFLAGS: 00010086 RAX: 0000000000000000 RBX: 0000000000000003 RCX: 0000000000000000 RDX: 0000000000000001 RSI: 0000000000000007 RDI: ffffffff8b8f1120 RBP: 0000000000000001 R08: ffffed1015d045f1 R09: ffffed1015d045f1 R10: ffff8880ae822f83 R11: ffffed1015d045f0 R12: ffffffff88dc2080 R13: ffffffff81597ce0 R14: ffffffff87ced9c0 R15: ffff8880884b5440 __debug_check_no_obj_freed lib/debugobjects.c:967 [inline] debug_check_no_obj_freed+0x2e4/0x45a lib/debugobjects.c:998 kfree+0xf4/0x2b0 mm/slab.c:3756 device_release+0x65/0x1c0 drivers/base/core.c:1375 kobject_cleanup lib/kobject.c:693 [inline] kobject_release lib/kobject.c:722 [inline] kref_put include/linux/kref.h:65 [inline] kobject_put+0x14b/0x210 lib/kobject.c:739 netdev_run_todo+0x417/0x640 net/core/dev.c:9758 default_device_exit_batch+0x2d8/0x3b0 net/core/dev.c:10562 cleanup_net+0x45f/0x910 net/core/net_namespace.c:603 process_one_work+0x908/0x15d0 kernel/workqueue.c:2268 worker_thread+0x82/0xb50 kernel/workqueue.c:2414 kthread+0x340/0x410 kernel/kthread.c:268 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:351 Kernel Offset: disabled Rebooting in 86400 seconds..