bisecting fixing commit since c10b57a567e4333b9fdf60b5ec36de9859263ca2 building syzkaller on 2e44d63e401ead7d7928c95a30d243b2de1a243b testing commit c10b57a567e4333b9fdf60b5ec36de9859263ca2 with gcc (GCC) 8.1.0 kernel signature: b4798304b9fe40fd6f4ac1d2e71cfe2cce9965c6beb5d0c38c1f9e5e89865a9f run #0: crashed: WARNING in pm_qos_remove_request run #1: crashed: WARNING in pm_qos_remove_request run #2: crashed: INFO: trying to register non-static key in cancel_delayed_work_sync run #3: crashed: BUG: unable to handle kernel paging request in pm_qos_update_target run #4: crashed: WARNING in pm_qos_remove_request run #5: crashed: INFO: trying to register non-static key in cancel_delayed_work_sync run #6: crashed: INFO: trying to register non-static key in cancel_delayed_work_sync run #7: crashed: INFO: trying to register non-static key in cancel_delayed_work_sync run #8: crashed: WARNING in cancel_delayed_work_sync run #9: crashed: WARNING in pm_qos_remove_request testing current HEAD a41ba30d9df20fe141c92aacbb56b6b077f19716 testing commit a41ba30d9df20fe141c92aacbb56b6b077f19716 with gcc (GCC) 8.1.0 kernel signature: 6f7a2fda08b52a3b289b1b079e4dcf2d689ee1cced85b285d03c3636a613b821 run #0: crashed: INFO: trying to register non-static key in cancel_delayed_work_sync run #1: crashed: INFO: trying to register non-static key in cancel_delayed_work_sync run #2: crashed: WARNING in pm_qos_remove_request run #3: crashed: INFO: trying to register non-static key in cancel_delayed_work_sync run #4: crashed: WARNING in pm_qos_remove_request run #5: crashed: WARNING in cancel_delayed_work_sync run #6: crashed: WARNING in pm_qos_remove_request run #7: crashed: WARNING in pm_qos_remove_request run #8: crashed: INFO: trying to register non-static key in cancel_delayed_work_sync run #9: crashed: INFO: trying to register non-static key in cancel_delayed_work_sync revisions tested: 2, total time: 30m27.048951664s (build: 16m59.340430853s, test: 13m4.969280212s) the crash still happens on HEAD commit msg: Linux 4.14.181 crash: INFO: trying to register non-static key in cancel_delayed_work_sync audit: type=1400 audit(1590135448.477:11): avc: denied { execmem } for pid=24135 comm="syz-executor703" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 INFO: trying to register non-static key. the code is fine but needs lockdep annotation. turning off the locking correctness validator. CPU: 1 PID: 24666 Comm: syz-executor703 Not tainted 4.14.181-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0xf7/0x13b lib/dump_stack.c:58 register_lock_class+0x39c/0x1cd0 kernel/locking/lockdep.c:768 __lock_acquire+0x14f/0x4500 kernel/locking/lockdep.c:3378 lock_acquire+0x173/0x400 kernel/locking/lockdep.c:3998 flush_work+0x9c/0x720 kernel/workqueue.c:2889 __cancel_work_timer+0x286/0x420 kernel/workqueue.c:2964 cancel_delayed_work_sync+0xe/0x10 kernel/workqueue.c:3084 pm_qos_remove_request+0x56/0x3e0 kernel/power/qos.c:538 snd_pcm_hw_free sound/core/pcm_native.c:790 [inline] snd_pcm_common_ioctl+0xac2/0x1b30 sound/core/pcm_native.c:2914 snd_pcm_ioctl+0x66/0xb0 sound/core/pcm_native.c:2993 vfs_ioctl fs/ioctl.c:46 [inline] file_ioctl fs/ioctl.c:500 [inline] do_vfs_ioctl+0x180/0xfb0 fs/ioctl.c:684 SYSC_ioctl fs/ioctl.c:701 [inline] SyS_ioctl+0x74/0x80 fs/ioctl.c:692 do_syscall_64+0x1c7/0x5b0 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x46/0xbb RIP: 0033:0x4450f9 RSP: 002b:00007ffd55a1a538 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00000000004450f9 RDX: 0000000000000000 RSI: 0000000000004112 RDI: 0000000000000005 RBP: 0000000000071557 R08: 00000000004002e0 R09: 00000000004002e0 R10: 00000000004002e0 R11: 0000000000000246 R12: 0000000000402290 R13: 0000000000402320 R14: 0000000000000000 R15: 0000000000000000 kasan: CONFIG_KASAN_INLINE enabled kasan: GPF could be caused by NULL-ptr deref or user memory access general protection fault: 0000 [#1] PREEMPT SMP KASAN Modules linked in: CPU: 1 PID: 24666 Comm: syz-executor703 Not tainted 4.14.181-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 task: ffff888094c7a340 task.stack: ffff8880974c8000 RIP: 0010:__read_once_size include/linux/compiler.h:183 [inline] RIP: 0010:list_empty include/linux/list.h:203 [inline] RIP: 0010:plist_head_empty include/linux/plist.h:214 [inline] RIP: 0010:pm_qos_get_value kernel/power/qos.c:154 [inline] RIP: 0010:pm_qos_update_target+0x3e/0x8f0 kernel/power/qos.c:281 RSP: 0018:ffff8880974cfba0 EFLAGS: 00010046 RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 0000000000000000 RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffff87f74764 RBP: ffff8880974cfbd8 R08: 0000000000000001 R09: 0000000000000001 R10: 0000000000000000 R11: ffff888094c7a340 R12: ffff88809be7c980 R13: 0000000000000002 R14: ffff88809be7c9a8 R15: 00000000ffffffff FS: 0000000001cc9880(0000) GS:ffff8880aed00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007ffd55a1a544 CR3: 0000000091bdf000 CR4: 00000000001406e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: pm_qos_remove_request+0xfc/0x3e0 kernel/power/qos.c:541 snd_pcm_hw_free sound/core/pcm_native.c:790 [inline] snd_pcm_common_ioctl+0xac2/0x1b30 sound/core/pcm_native.c:2914 snd_pcm_ioctl+0x66/0xb0 sound/core/pcm_native.c:2993 vfs_ioctl fs/ioctl.c:46 [inline] file_ioctl fs/ioctl.c:500 [inline] do_vfs_ioctl+0x180/0xfb0 fs/ioctl.c:684 SYSC_ioctl fs/ioctl.c:701 [inline] SyS_ioctl+0x74/0x80 fs/ioctl.c:692 do_syscall_64+0x1c7/0x5b0 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x46/0xbb RIP: 0033:0x4450f9 RSP: 002b:00007ffd55a1a538 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00000000004450f9 RDX: 0000000000000000 RSI: 0000000000004112 RDI: 0000000000000005 RBP: 0000000000071557 R08: 00000000004002e0 R09: 00000000004002e0 R10: 00000000004002e0 R11: 0000000000000246 R12: 0000000000402290 R13: 0000000000402320 R14: 0000000000000000 R15: 0000000000000000 Code: 89 f4 53 48 89 fb 48 c7 c7 60 47 f7 87 48 83 ec 10 e8 b7 97 26 05 48 89 da 48 89 45 d0 48 c1 ea 03 48 b8 00 00 00 00 00 fc ff df <80> 3c 02 00 0f 85 a8 07 00 00 48 8b 03 48 39 c3 0f 84 03 06 00 RIP: __read_once_size include/linux/compiler.h:183 [inline] RSP: ffff8880974cfba0 RIP: list_empty include/linux/list.h:203 [inline] RSP: ffff8880974cfba0 RIP: plist_head_empty include/linux/plist.h:214 [inline] RSP: ffff8880974cfba0 RIP: pm_qos_get_value kernel/power/qos.c:154 [inline] RSP: ffff8880974cfba0 RIP: pm_qos_update_target+0x3e/0x8f0 kernel/power/qos.c:281 RSP: ffff8880974cfba0 ---[ end trace 73ac1fddb12db20f ]---