bisecting cause commit starting from d76886972823ce456c0c61cd2284e85668e2131e building syzkaller on 0d63f89cabcbc3e57201973370a309b646cc43c9 testing commit d76886972823ce456c0c61cd2284e85668e2131e with gcc (GCC) 8.1.0 kernel signature: ddb7f2d5c05109bf6c9fc473b714111b8ffe0486 all runs: crashed: INFO: trying to register non-static key in io_cqring_ev_posted testing release v5.4 testing commit 219d54332a09e8d8741c1e1982f5eae56099de85 with gcc (GCC) 8.1.0 kernel signature: 8bc406b301840ae13fe6c85ef09ce1bf1bc52efe all runs: OK # git bisect start d76886972823ce456c0c61cd2284e85668e2131e 219d54332a09e8d8741c1e1982f5eae56099de85 Bisecting: 2259 revisions left to test after this (roughly 12 steps) [386403a115f95997c2715691226e11a7b5cffcfd] Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next testing commit 386403a115f95997c2715691226e11a7b5cffcfd with gcc (GCC) 8.1.0 kernel signature: 58ef14689996148d10ea769d6d7f029ed1d38dd4 all runs: crashed: INFO: trying to register non-static key in io_cqring_ev_posted # git bisect bad 386403a115f95997c2715691226e11a7b5cffcfd Bisecting: 1709 revisions left to test after this (roughly 11 steps) [e20c43dbdf960e8a03381aa455ddea56504bdbc4] r8169: change mdelay to msleep in rtl_fw_write_firmware testing commit e20c43dbdf960e8a03381aa455ddea56504bdbc4 with gcc (GCC) 8.1.0 kernel signature: 90887e74f3571956b51c51eeafd7942fabf3b75b all runs: OK # git bisect good e20c43dbdf960e8a03381aa455ddea56504bdbc4 Bisecting: 901 revisions left to test after this (roughly 10 steps) [3f3c8be973af10875cfa1e7b85a535b6ba76b44f] Merge tag 'for-linus-5.5a-rc1-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip testing commit 3f3c8be973af10875cfa1e7b85a535b6ba76b44f with gcc (GCC) 8.1.0 kernel signature: a832dd1d27b5be258367547ed2d3f20d9ff77ecf all runs: crashed: INFO: trying to register non-static key in io_cqring_ev_posted # git bisect bad 3f3c8be973af10875cfa1e7b85a535b6ba76b44f Bisecting: 469 revisions left to test after this (roughly 9 steps) [1b88176b9c72fb4edd5920969aef94c5cd358337] Merge tag 'mtd/for-5.5' of git://git.kernel.org/pub/scm/linux/kernel/git/mtd/linux testing commit 1b88176b9c72fb4edd5920969aef94c5cd358337 with gcc (GCC) 8.1.0 kernel signature: d735cd4cf3963b9783e3bc33b676a6fdf8753d25 all runs: crashed: INFO: trying to register non-static key in io_cqring_ev_posted # git bisect bad 1b88176b9c72fb4edd5920969aef94c5cd358337 Bisecting: 191 revisions left to test after this (roughly 7 steps) [ff6814b078e33a4d26fee9ea80779c81a6744cd8] Merge tag 'for-5.5/block-20191121' of git://git.kernel.dk/linux-block testing commit ff6814b078e33a4d26fee9ea80779c81a6744cd8 with gcc (GCC) 8.1.0 kernel signature: d04922be590d68e70cbfc87d5f2fe129520845ac all runs: crashed: INFO: trying to register non-static key in io_cqring_ev_posted # git bisect bad ff6814b078e33a4d26fee9ea80779c81a6744cd8 Bisecting: 81 revisions left to test after this (roughly 6 steps) [eac406c61cd0ec8fe7970ca46ddf23e40a86b579] io_uring: make POLL_ADD/POLL_REMOVE scale better testing commit eac406c61cd0ec8fe7970ca46ddf23e40a86b579 with gcc (GCC) 8.1.0 kernel signature: f3706b770612f50012a3f5dbf116e906f6b88e25 all runs: crashed: INFO: trying to register non-static key in io_cqring_ev_posted # git bisect bad eac406c61cd0ec8fe7970ca46ddf23e40a86b579 Bisecting: 31 revisions left to test after this (roughly 5 steps) [196be95cd5572078be9deb81cbea145fab246029] io_uring: allocate io_kiocb upfront testing commit 196be95cd5572078be9deb81cbea145fab246029 with gcc (GCC) 8.1.0 kernel signature: 28cc86984764bcf9f9bf28955a6ac9c1c1e8cb2f all runs: OK # git bisect good 196be95cd5572078be9deb81cbea145fab246029 Bisecting: 15 revisions left to test after this (roughly 4 steps) [8e3cca12706231daf8daf90dbde59f1665135e48] io_uring: convert accept4() -ERESTARTSYS into -EINTR testing commit 8e3cca12706231daf8daf90dbde59f1665135e48 with gcc (GCC) 8.1.0 kernel signature: e2301ccccd4a4f2254d46c39f7c4dc62c0d2e789 all runs: crashed: INFO: trying to register non-static key in io_cqring_ev_posted # git bisect bad 8e3cca12706231daf8daf90dbde59f1665135e48 Bisecting: 7 revisions left to test after this (roughly 3 steps) [91d666ea43adef57a6cd50c81b9603c545654981] io-wq: io_wqe_run_queue() doesn't need to use list_empty_careful() testing commit 91d666ea43adef57a6cd50c81b9603c545654981 with gcc (GCC) 8.1.0 kernel signature: 870dab8d2dd20ef31b993edd690060f57cb5999c all runs: OK # git bisect good 91d666ea43adef57a6cd50c81b9603c545654981 Bisecting: 3 revisions left to test after this (roughly 2 steps) [a197f664a0db8a6219d9ce949f5f29b89f60fb2b] io_uring: remove passed in 'ctx' function parameter ctx if possible testing commit a197f664a0db8a6219d9ce949f5f29b89f60fb2b with gcc (GCC) 8.1.0 kernel signature: 64e9296954dc60823f78abcb42a3ac76c1a28558 all runs: crashed: INFO: trying to register non-static key in io_cqring_ev_posted # git bisect bad a197f664a0db8a6219d9ce949f5f29b89f60fb2b Bisecting: 1 revision left to test after this (roughly 1 step) [5f8fd2d3e0a7aa7fc9d97226be24286edd289835] io_uring: properly mark async work as bounded vs unbounded testing commit 5f8fd2d3e0a7aa7fc9d97226be24286edd289835 with gcc (GCC) 8.1.0 kernel signature: b063ad530153ba0aaf4294192ec0516267ac2f7a run #0: crashed: WARNING: ODEBUG bug in netdev_freemem run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect bad 5f8fd2d3e0a7aa7fc9d97226be24286edd289835 Bisecting: 0 revisions left to test after this (roughly 0 steps) [c5def4ab849494d3c97f6c9fc84b2ddb868fe78c] io-wq: add support for bounded vs unbunded work testing commit c5def4ab849494d3c97f6c9fc84b2ddb868fe78c with gcc (GCC) 8.1.0 kernel signature: 58f5590a5f028ae3230854b5535219987f81c645 all runs: OK # git bisect good c5def4ab849494d3c97f6c9fc84b2ddb868fe78c 5f8fd2d3e0a7aa7fc9d97226be24286edd289835 is the first bad commit commit 5f8fd2d3e0a7aa7fc9d97226be24286edd289835 Author: Jens Axboe Date: Thu Nov 7 10:57:36 2019 -0700 io_uring: properly mark async work as bounded vs unbounded Now that io-wq supports separating the two request lifetime types, mark the following IO as having unbounded runtimes: - Any read/write to a non-regular file - Any specific networked IO - Any poll command Signed-off-by: Jens Axboe fs/io_uring.c | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) kernel signature: b063ad530153ba0aaf4294192ec0516267ac2f7a previous signature: 58f5590a5f028ae3230854b5535219987f81c645 revisions tested: 14, total time: 3h8m55.094593793s (build: 1h27m29.279384834s, test: 1h36m31.124524153s) first bad commit: 5f8fd2d3e0a7aa7fc9d97226be24286edd289835 io_uring: properly mark async work as bounded vs unbounded cc: ["axboe@kernel.dk" "linux-block@vger.kernel.org" "linux-fsdevel@vger.kernel.org" "linux-kernel@vger.kernel.org" "viro@zeniv.linux.org.uk"] crash: WARNING: ODEBUG bug in netdev_freemem ------------[ cut here ]------------ ODEBUG: free active (active state 0) object type: timer_list hint: delayed_work_timer_fn+0x0/0x90 arch/x86/include/asm/paravirt.h:756 WARNING: CPU: 0 PID: 16100 at lib/debugobjects.c:484 debug_print_object+0x168/0x210 lib/debugobjects.c:481 Kernel panic - not syncing: panic_on_warn set ... CPU: 0 PID: 16100 Comm: kworker/u4:1 Not tainted 5.4.0-rc5-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: netns cleanup_net Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x113/0x167 lib/dump_stack.c:113 panic+0x22a/0x4e3 kernel/panic.c:221 __warn.cold.11+0x25/0x30 kernel/panic.c:582 report_bug+0x1b0/0x270 lib/bug.c:195 fixup_bug arch/x86/kernel/traps.c:179 [inline] do_error_trap+0x11b/0x200 arch/x86/kernel/traps.c:272 do_invalid_op+0x36/0x40 arch/x86/kernel/traps.c:291 invalid_op+0x23/0x30 arch/x86/entry/entry_64.S:1028 RIP: 0010:debug_print_object+0x168/0x210 lib/debugobjects.c:481 Code: 63 87 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 92 00 00 00 48 8b 14 dd 20 87 63 87 4c 89 fe 48 c7 c7 80 7c 63 87 e8 3a 8d 2f fe <0f> 0b 83 05 03 a0 0d 06 01 48 83 c4 18 5b 41 5c 41 5d 41 5e 41 5f RSP: 0018:ffff88807f007850 EFLAGS: 00010086 RAX: 0000000000000000 RBX: 0000000000000003 RCX: 0000000000000000 RDX: 0000000000000001 RSI: 0000000000000008 RDI: ffffffff89fe3920 RBP: ffff88807f007890 R08: ffffed1015d44101 R09: ffffed1015d44101 R10: ffffed1015d44100 R11: ffff8880aea20807 R12: 0000000000000001 R13: ffffffff885ad680 R14: ffffffff8159adf0 R15: ffffffff87638380 __debug_check_no_obj_freed lib/debugobjects.c:963 [inline] debug_check_no_obj_freed+0x2db/0x436 lib/debugobjects.c:994 kfree+0xf6/0x2c0 mm/slab.c:3755 kvfree+0x2c/0x30 mm/util.c:593 netdev_freemem+0x47/0x60 net/core/dev.c:9148 netdev_release+0x6c/0x90 net/core/net-sysfs.c:1635 device_release+0x6a/0x1c0 drivers/base/core.c:1101 kobject_cleanup lib/kobject.c:693 [inline] kobject_release lib/kobject.c:722 [inline] kref_put include/linux/kref.h:65 [inline] kobject_put.cold.10+0x229/0x27c lib/kobject.c:739 netdev_run_todo+0x453/0x6b0 net/core/dev.c:9053 rtnl_unlock+0x9/0x10 net/core/rtnetlink.c:112 default_device_exit_batch+0x2f8/0x3e0 net/core/dev.c:9836 ops_exit_list.isra.6+0xdf/0x130 net/core/net_namespace.c:175 cleanup_net+0x485/0x9d0 net/core/net_namespace.c:595 process_one_work+0x856/0x1630 kernel/workqueue.c:2269 worker_thread+0x85/0xb60 kernel/workqueue.c:2415 kthread+0x331/0x3f0 kernel/kthread.c:255 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:352 Kernel Offset: disabled Rebooting in 86400 seconds..