bisecting fixing commit since 8034e99d1a010a795b979582c0b2370584d8abf4
building syzkaller on 8b9ca619df135211a89cc19719f2705d0016045d
testing commit 8034e99d1a010a795b979582c0b2370584d8abf4
compiler: gcc version 8.4.1 20210217 (GCC)
kernel signature: e9cbb5993d64365f42c9988a7fb16af6193996fbd31d619184b4ac403d18ed61
run #0: crashed: WARNING in get_probe_ref
run #1: crashed: unregister_netdevice: waiting for DEV to become free
run #2: crashed: WARNING in get_probe_ref
run #3: crashed: unregister_netdevice: waiting for DEV to become free
run #4: crashed: unregister_netdevice: waiting for DEV to become free
run #5: crashed: unregister_netdevice: waiting for DEV to become free
run #6: crashed: unregister_netdevice: waiting for DEV to become free
run #7: crashed: unregister_netdevice: waiting for DEV to become free
run #8: crashed: unregister_netdevice: waiting for DEV to become free
run #9: crashed: unregister_netdevice: waiting for DEV to become free
run #10: crashed: unregister_netdevice: waiting for DEV to become free
run #11: crashed: unregister_netdevice: waiting for DEV to become free
run #12: crashed: unregister_netdevice: waiting for DEV to become free
run #13: crashed: unregister_netdevice: waiting for DEV to become free
run #14: crashed: unregister_netdevice: waiting for DEV to become free
run #15: crashed: unregister_netdevice: waiting for DEV to become free
run #16: crashed: unregister_netdevice: waiting for DEV to become free
run #17: crashed: unregister_netdevice: waiting for DEV to become free
run #18: crashed: unregister_netdevice: waiting for DEV to become free
run #19: crashed: unregister_netdevice: waiting for DEV to become free
testing current HEAD 74766a973637a02c32c04c1c6496e114e4855239
testing commit 74766a973637a02c32c04c1c6496e114e4855239
compiler: gcc version 8.4.1 20210217 (GCC)
kernel signature: 1babfe7821b90e15ca9d1f8125edce9022af3b610670769b5ac5387f3a116fcf
run #0: crashed: unregister_netdevice: waiting for DEV to become free
run #1: crashed: unregister_netdevice: waiting for DEV to become free
run #2: crashed: unregister_netdevice: waiting for DEV to become free
run #3: crashed: unregister_netdevice: waiting for DEV to become free
run #4: crashed: unregister_netdevice: waiting for DEV to become free
run #5: crashed: unregister_netdevice: waiting for DEV to become free
run #6: crashed: WARNING in get_probe_ref
run #7: crashed: unregister_netdevice: waiting for DEV to become free
run #8: crashed: unregister_netdevice: waiting for DEV to become free
run #9: crashed: unregister_netdevice: waiting for DEV to become free
revisions tested: 2, total time: 29m29.03963021s (build: 22m18.294861162s, test: 6m32.442755917s)
the crash still happens on HEAD
commit msg: Linux 4.14.275
crash: unregister_netdevice: waiting for DEV to become free
IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
can: request_module (can-proto-0) failed.
can: request_module (can-proto-0) failed.
can: request_module (can-proto-0) failed.
unregister_netdevice: waiting for ip6gre0 to become free. Usage count = -1
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 1
CPU: 0 PID: 8329 Comm: syz-executor320 Not tainted 4.14.275-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0x14b/0x1e7 lib/dump_stack.c:58
 fail_dump lib/fault-inject.c:51 [inline]
 should_fail.cold.2+0x105/0x144 lib/fault-inject.c:149
 should_failslab+0xba/0xf0 mm/failslab.c:32
 slab_pre_alloc_hook mm/slab.h:421 [inline]
 slab_alloc mm/slab.c:3376 [inline]
 kmem_cache_alloc_trace+0x2bd/0x3f0 mm/slab.c:3616
 kmalloc include/linux/slab.h:488 [inline]
 allocate_probes kernel/tracepoint.c:71 [inline]
 func_add kernel/tracepoint.c:129 [inline]
 tracepoint_add_func kernel/tracepoint.c:254 [inline]
 tracepoint_probe_register_prio+0x4eb/0x9a0 kernel/tracepoint.c:331
 tracepoint_probe_register+0xe/0x10 kernel/tracepoint.c:352
 register_trace_block_bio_queue include/trace/events/block.h:357 [inline]
 blk_register_tracepoints kernel/trace/blktrace.c:1191 [inline]
 get_probe_ref+0x131/0x280 kernel/trace/blktrace.c:340
 do_blk_trace_setup+0x6e4/0xa50 kernel/trace/blktrace.c:602
 __blk_trace_setup+0xa8/0x110 kernel/trace/blktrace.c:621
 blk_trace_setup+0x47/0x70 kernel/trace/blktrace.c:639
 sg_ioctl+0xda6/0x2e40 drivers/scsi/sg.c:1131
 vfs_ioctl fs/ioctl.c:46 [inline]
 file_ioctl fs/ioctl.c:500 [inline]
 do_vfs_ioctl+0x180/0xfb0 fs/ioctl.c:684
 SYSC_ioctl fs/ioctl.c:701 [inline]
 SyS_ioctl+0x74/0x80 fs/ioctl.c:692
 do_syscall_64+0x1c7/0x5b0 arch/x86/entry/common.c:292
 entry_SYSCALL_64_after_hwframe+0x46/0xbb
RIP: 0033:0x7f0157a1ccb9
RSP: 002b:00007ffc28866488 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0157a1ccb9
RDX: 0000000020000140 RSI: 00000000c0481273 RDI: 0000000000000003
RBP: 00007ffc28866490 R08: 0000000000000002 R09: 00007f0157003533
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
------------[ cut here ]------------
WARNING: CPU: 1 PID: 8329 at kernel/trace/blktrace.c:1192 blk_register_tracepoints kernel/trace/blktrace.c:1190 [inline]
WARNING: CPU: 1 PID: 8329 at kernel/trace/blktrace.c:1192 get_probe_ref+0x243/0x280 kernel/trace/blktrace.c:340