bisecting fixing commit since 87335852c5d9ec629f80bb2257b9a9945962b719
building syzkaller on a0092f9dfdd33924abe5cf5565e4ec4748217c7b
testing commit 87335852c5d9ec629f80bb2257b9a9945962b719 with gcc (GCC) 8.1.0
kernel signature: 02d4484b459acdd54dd1870eda3e38cc698b27a9edbbb1a3a809320c852e1eee
run #0: crashed: WARNING in pm_qos_remove_request
run #1: crashed: BUG: unable to handle kernel paging request in pm_qos_update_target
run #2: crashed: INFO: trying to register non-static key in cancel_delayed_work_sync
run #3: crashed: BUG: unable to handle kernel paging request in pm_qos_update_target
run #4: crashed: WARNING in pm_qos_remove_request
run #5: crashed: WARNING in pm_qos_remove_request
run #6: crashed: WARNING in pm_qos_remove_request
run #7: crashed: INFO: trying to register non-static key in cancel_delayed_work_sync
run #8: crashed: WARNING in pm_qos_remove_request
run #9: crashed: INFO: trying to register non-static key in cancel_delayed_work_sync
testing current HEAD 2d2791fce891fc20709232d49a6bae075b9a77f8
testing commit 2d2791fce891fc20709232d49a6bae075b9a77f8 with gcc (GCC) 8.1.0
kernel signature: 9a9d04ec25f81fbe8530d9aa41e33d5eaac4e657512c74e5ff9e7bd22ffc9b27
run #0: crashed: WARNING in pm_qos_remove_request
run #1: crashed: WARNING in pm_qos_remove_request
run #2: crashed: WARNING in pm_qos_remove_request
run #3: crashed: WARNING in pm_qos_remove_request
run #4: crashed: WARNING in pm_qos_remove_request
run #5: crashed: BUG: unable to handle kernel paging request in pm_qos_update_target
run #6: crashed: WARNING in pm_qos_remove_request
run #7: crashed: INFO: trying to register non-static key in cancel_delayed_work_sync
run #8: crashed: BUG: unable to handle kernel paging request in pm_qos_update_target
run #9: crashed: BUG: unable to handle kernel paging request in pm_qos_update_target
revisions tested: 2, total time: 25m49.718373923s (build: 17m40.632420051s, test: 7m21.408621942s)
the crash still happens on HEAD
commit msg: Linux 4.14.217
crash: BUG: unable to handle kernel paging request in pm_qos_update_target
BUG: unable to handle kernel paging request at fffffffffffffff0
IP: __read_once_size include/linux/compiler.h:183 [inline]
IP: list_empty include/linux/list.h:203 [inline]
IP: plist_del+0x8a/0x480 lib/plist.c:125
PGD 8e6b067 P4D 8e6b067 PUD 8e6d067 PMD 0 
Oops: 0000 [#1] PREEMPT SMP KASAN
Modules linked in:
CPU: 0 PID: 6869 Comm: syz-executor.4 Not tainted 4.14.217-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
task: ffff88809c8a2000 task.stack: ffff88808e968000
RIP: 0010:__read_once_size include/linux/compiler.h:183 [inline]
RIP: 0010:list_empty include/linux/list.h:203 [inline]
RIP: 0010:plist_del+0x8a/0x480 lib/plist.c:125
RSP: 0018:ffff88808e96fb58 EFLAGS: 00010046
RAX: dffffc0000000000 RBX: ffff8882354eae00 RCX: fffffffffffffff0
RDX: 1ffffffffffffffe RSI: ffffffff88f660e0 RDI: ffff8882354eae00
RBP: ffff88808e96fb90 R08: 0000000000001872 R09: ffffffff8aa82cd0
R10: 0000000000000000 R11: ffff88809c8a2000 R12: ffff8882354eae08
R13: ffff8882354eae18 R14: 0000000000000000 R15: fffffffffffffff0
FS:  00007fcdd8ec3700(0000) GS:ffff8880ba600000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: fffffffffffffff0 CR3: 0000000093593000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 pm_qos_update_target+0x11a/0x8d0 kernel/power/qos.c:289
 pm_qos_remove_request+0xfc/0x3e0 kernel/power/qos.c:541
 snd_pcm_hw_free sound/core/pcm_native.c:795 [inline]
 snd_pcm_common_ioctl+0xac7/0x1bf0 sound/core/pcm_native.c:2924
 snd_pcm_ioctl+0x66/0xb0 sound/core/pcm_native.c:3003
 vfs_ioctl fs/ioctl.c:46 [inline]
 file_ioctl fs/ioctl.c:500 [inline]
 do_vfs_ioctl+0x180/0xfb0 fs/ioctl.c:684
 SYSC_ioctl fs/ioctl.c:701 [inline]
 SyS_ioctl+0x74/0x80 fs/ioctl.c:692
 do_syscall_64+0x1c7/0x5b0 arch/x86/entry/common.c:292
 entry_SYSCALL_64_after_hwframe+0x46/0xbb
RIP: 0033:0x45deb9
RSP: 002b:00007fcdd8ec2c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00000000000175c0 RCX: 000000000045deb9
RDX: 0000000000000000 RSI: 0000000000004112 RDI: 0000000000000004
RBP: 000000000118bf60 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 000000000118bf2c
R13: 00007ffda22008cf R14: 00007fcdd8ec39c0 R15: 000000000118bf2c
Code: 4c 8b 73 18 49 39 f6 74 2f 49 8d 4e f0 48 b8 00 00 00 00 00 fc ff df 48 89 ca 49 89 cf 48 c1 ea 03 80 3c 02 00 0f 85 23 03 00 00 <49> 8b 46 f0 48 39 c1 0f 84 b9 01 00 00 4c 8d 73 10 4c 89 e7 e8 
RIP: __read_once_size include/linux/compiler.h:183 [inline] RSP: ffff88808e96fb58
RIP: list_empty include/linux/list.h:203 [inline] RSP: ffff88808e96fb58
RIP: plist_del+0x8a/0x480 lib/plist.c:125 RSP: ffff88808e96fb58
CR2: fffffffffffffff0
---[ end trace 2bf186569f25c009 ]---