bisecting fixing commit since e42617b825f8073569da76dc4510bfa019b1c35a building syzkaller on b31eda3df81f62eb7efde0c5d7a9f24ee7e34e6f testing commit e42617b825f8073569da76dc4510bfa019b1c35a compiler: gcc version 8.4.1 20210217 (GCC) kernel signature: 28be4e8a8a2d78c01130333e3480609f088c96653117c109577218fc3df04a66 run #0: crashed: KASAN: null-ptr-deref Read in llcp_sock_getname run #1: crashed: KASAN: null-ptr-deref Read in llcp_sock_getname run #2: crashed: KASAN: null-ptr-deref Read in llcp_sock_getname run #3: crashed: KASAN: null-ptr-deref Read in llcp_sock_getname run #4: crashed: KASAN: null-ptr-deref Read in llcp_sock_getname run #5: crashed: KASAN: null-ptr-deref Read in llcp_sock_getname run #6: crashed: KASAN: null-ptr-deref Read in llcp_sock_getname run #7: crashed: KASAN: null-ptr-deref Read in llcp_sock_getname run #8: crashed: KASAN: null-ptr-deref Read in llcp_sock_getname run #9: crashed: KASAN: null-ptr-deref Read in llcp_sock_getname run #10: crashed: KASAN: null-ptr-deref Read in llcp_sock_getname run #11: crashed: BUG: unable to handle kernel NULL pointer dereference in llcp_sock_getname run #12: crashed: KASAN: null-ptr-deref Read in llcp_sock_getname run #13: crashed: KASAN: null-ptr-deref Read in llcp_sock_getname run #14: crashed: KASAN: null-ptr-deref Read in llcp_sock_getname run #15: crashed: KASAN: null-ptr-deref Read in llcp_sock_getname run #16: crashed: KASAN: null-ptr-deref Read in llcp_sock_getname run #17: crashed: KASAN: null-ptr-deref Read in llcp_sock_getname run #18: crashed: KASAN: null-ptr-deref Read in llcp_sock_getname run #19: crashed: KASAN: null-ptr-deref Read in llcp_sock_getname testing current HEAD c500bee1c5b2f1d59b1081ac879d73268ab0ff17 testing commit c500bee1c5b2f1d59b1081ac879d73268ab0ff17 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: af67070257e5611b86b2fd073d4e4053d67300709262926769ed13fe94a3fc06 run #0: crashed: WARNING: ODEBUG bug in netdev_freemem run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK reproducer seems to be flaky Reproducer flagged being flaky revisions tested: 2, total time: 24m53.002556589s (build: 11m45.373820996s, test: 12m6.87672211s) the crash still happens on HEAD commit msg: Linux 5.14-rc4 crash: WARNING: ODEBUG bug in netdev_freemem ------------[ cut here ]------------ ODEBUG: free active (active state 0) object type: timer_list hint: delayed_work_timer_fn+0x0/0x90 kernel/workqueue.c:1431 WARNING: CPU: 1 PID: 24 at lib/debugobjects.c:505 debug_print_object+0x168/0x250 lib/debugobjects.c:505 Modules linked in: CPU: 1 PID: 24 Comm: kworker/u4:1 Not tainted 5.14.0-rc4-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: netns cleanup_net RIP: 0010:debug_print_object+0x168/0x250 lib/debugobjects.c:505 Code: dd 40 29 52 88 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 b5 00 00 00 48 8b 14 dd 40 29 52 88 48 c7 c7 60 1e 52 88 e8 99 3f 19 04 <0f> 0b 83 05 1b 6e 09 07 01 48 83 c4 20 5b 41 5c 41 5d 41 5e 5d c3 RSP: 0018:ffffc900003b7810 EFLAGS: 00010086 RAX: 0000000000000000 RBX: 0000000000000003 RCX: 0000000000000000 RDX: 0000000000000001 RSI: 0000000000000004 RDI: fffff52000076ef4 RBP: ffffc900003b7850 R08: 0000000000000001 R09: ffff8881f672095b R10: ffffed103ece412b R11: 657461747320654f R12: 0000000000000001 R13: ffffffff880d2420 R14: ffffffff8160bdc0 R15: dffffc0000000000 FS: 0000000000000000(0000) GS:ffff8881f6700000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00000000004772f0 CR3: 0000000101c5c002 CR4: 00000000001706e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: __debug_check_no_obj_freed lib/debugobjects.c:987 [inline] debug_check_no_obj_freed+0x2dd/0x3f0 lib/debugobjects.c:1018 kfree+0xf9/0x2d0 mm/slab.c:3802 kvfree+0x25/0x30 mm/util.c:616 netdev_freemem+0x47/0x60 net/core/dev.c:10798 netdev_release+0x68/0x80 net/core/net-sysfs.c:1844 device_release+0x9d/0x210 drivers/base/core.c:2192 kobject_cleanup lib/kobject.c:705 [inline] kobject_release lib/kobject.c:736 [inline] kref_put include/linux/kref.h:65 [inline] kobject_put+0x156/0x210 lib/kobject.c:753 netdev_run_todo+0x8df/0xcc0 net/core/dev.c:10654 rtnl_unlock+0x9/0x10 net/core/rtnetlink.c:112 default_device_exit_batch+0x2c9/0x390 net/core/dev.c:11624 ops_exit_list+0xe5/0x130 net/core/net_namespace.c:178 cleanup_net+0x456/0xa90 net/core/net_namespace.c:595 process_one_work+0x884/0x1600 kernel/workqueue.c:2276 worker_thread+0x592/0x1040 kernel/workqueue.c:2422 kthread+0x395/0x470 kernel/kthread.c:319 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295 irq event stamp: 34017466 hardirqs last enabled at (34017465): [] __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:160 [inline] hardirqs last enabled at (34017465): [] _raw_spin_unlock_irqrestore+0x46/0x90 kernel/locking/spinlock.c:191 hardirqs last disabled at (34017466): [] kfree+0x13b/0x2d0 mm/slab.c:3793 softirqs last enabled at (34017426): [] spin_unlock_bh include/linux/spinlock.h:399 [inline] softirqs last enabled at (34017426): [] batadv_tvlv_handler_unregister+0x100/0x1b0 net/batman-adv/tvlv.c:570 softirqs last disabled at (34017424): [] spin_lock_bh include/linux/spinlock.h:359 [inline] softirqs last disabled at (34017424): [] batadv_tvlv_handler_unregister+0x63/0x1b0 net/batman-adv/tvlv.c:568 ---[ end trace c045af4d9b90d0fd ]---