bisecting cause commit starting from 8ecfa36cd4db3275bf3b6c6f32c7e3c6bb537de2
building syzkaller on 1ba81399e2d03b53a7e631c4ab05f25af1fb1911
testing commit 8ecfa36cd4db3275bf3b6c6f32c7e3c6bb537de2 with gcc (GCC) 10.2.1 20210217
kernel signature: 4a526a1890663df66e9622e02161576c82c807d833d79c23801c183161ec220c
all runs: crashed: possible deadlock in loop_probe
testing release v5.12
testing commit 9f4ad9e425a1d3b6a34617b8ea226d56a119a717 with gcc (GCC) 10.2.1 20210217
kernel signature: d440b4cda7d2ab4e7a9fb717e84bf516b6131e0226170a2accac2a704eba3a26
all runs: OK
# git bisect start 8ecfa36cd4db3275bf3b6c6f32c7e3c6bb537de2 9f4ad9e425a1d3b6a34617b8ea226d56a119a717
Bisecting: 8384 revisions left to test after this (roughly 13 steps)
[47b228ce6f66830768eac145efa7746637969101] io_uring: fix unchecked error in switch_start()

testing commit 47b228ce6f66830768eac145efa7746637969101 with gcc (GCC) 10.2.1 20210217
kernel signature: dbc5757fe3f908f5f11d2d5087d7c6e0d2969a2c5d90b71b423a03a13181638d
all runs: crashed: possible deadlock in del_gendisk
# git bisect bad 47b228ce6f66830768eac145efa7746637969101
Bisecting: 4201 revisions left to test after this (roughly 12 steps)
[ca62e9090d229926f43f20291bb44d67897baab7] Merge tag 'regulator-v5.13' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regulator

testing commit ca62e9090d229926f43f20291bb44d67897baab7 with gcc (GCC) 10.2.1 20210217
kernel signature: 4d9dd16b9c6d2b4f4429d91887d61752bd91890ccc4758b455946d4e0b9bb0ce
all runs: OK
# git bisect good ca62e9090d229926f43f20291bb44d67897baab7
Bisecting: 1845 revisions left to test after this (roughly 11 steps)
[68a32ba14177d4a21c4a9a941cf1d7aea86d436f] Merge tag 'drm-next-2021-04-28' of git://anongit.freedesktop.org/drm/drm

testing commit 68a32ba14177d4a21c4a9a941cf1d7aea86d436f with gcc (GCC) 10.2.1 20210217
kernel signature: ae6a4f452b498baeaf6e6f2eaf09d449eba3a72110caf464715b8ca915a103fc
all runs: OK
# git bisect good 68a32ba14177d4a21c4a9a941cf1d7aea86d436f
Bisecting: 906 revisions left to test after this (roughly 10 steps)
[be18cd1fcae2ed7db58d92d20733dfa8aa0a5173] Merge tag 'mmc-v5.13' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmc

testing commit be18cd1fcae2ed7db58d92d20733dfa8aa0a5173 with gcc (GCC) 10.2.1 20210217
kernel signature: 7598268687b50107396ba716bfd3f6961f6c4da3ba9d9759a1fccb932431805c
all runs: crashed: possible deadlock in del_gendisk
# git bisect bad be18cd1fcae2ed7db58d92d20733dfa8aa0a5173
Bisecting: 473 revisions left to test after this (roughly 9 steps)
[fc0586062816559defb14c947319ef8c4c326fb3] Merge tag 'for-5.13/drivers-2021-04-27' of git://git.kernel.dk/linux-block

testing commit fc0586062816559defb14c947319ef8c4c326fb3 with gcc (GCC) 10.2.1 20210217
kernel signature: f367752563723b54b656f89d421618796bbb68194cd94c708c7308832e1ad82f
all runs: crashed: possible deadlock in del_gendisk
# git bisect bad fc0586062816559defb14c947319ef8c4c326fb3
Bisecting: 256 revisions left to test after this (roughly 8 steps)
[42dec9a936e7696bea1f27d3c5a0068cd9aa95fd] Merge tag 'perf-core-2021-04-28' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip

testing commit 42dec9a936e7696bea1f27d3c5a0068cd9aa95fd with gcc (GCC) 10.2.1 20210217
kernel signature: 7a6a28128703cdb9ce2fe6f9c807802f4dd1e62c14439e7d75a5ddafa9eb1110
all runs: OK
# git bisect good 42dec9a936e7696bea1f27d3c5a0068cd9aa95fd
Bisecting: 128 revisions left to test after this (roughly 7 steps)
[2958a995edc94654df690318df7b9b49e5a3ef88] block/rnbd-clt: Support polling mode for IO latency optimization

testing commit 2958a995edc94654df690318df7b9b49e5a3ef88 with gcc (GCC) 10.2.1 20210217
kernel signature: 9033b28fb6f61119eac1501f36ef50ec4a297a3a94cfecb6b181bb50f1108a91
run #0: crashed: WARNING in kvm_wait
run #1: OK
run #2: OK
run #3: OK
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
reproducer seems to be flaky
# git bisect bad 2958a995edc94654df690318df7b9b49e5a3ef88
Bisecting: 63 revisions left to test after this (roughly 6 steps)
[b60b270b3db617811e593db5d5920ed98e67ce49] swim3: support highmem

testing commit b60b270b3db617811e593db5d5920ed98e67ce49 with gcc (GCC) 10.2.1 20210217
kernel signature: 1e4c7012a574fa255e8576c3e2dd104ed703c3cf2ba297b3d8caf46820ef0d43
run #0: crashed: WARNING in kvm_wait
run #1: OK
run #2: OK
run #3: OK
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
run #10: OK
run #11: OK
run #12: OK
run #13: OK
run #14: OK
run #15: OK
run #16: OK
run #17: OK
run #18: OK
run #19: OK
# git bisect bad b60b270b3db617811e593db5d5920ed98e67ce49
Bisecting: 31 revisions left to test after this (roughly 5 steps)
[de5878048e11f1ec44164ebb8994de132074367a] nvmet: remove unnecessary ctrl parameter

testing commit de5878048e11f1ec44164ebb8994de132074367a with gcc (GCC) 10.2.1 20210217
kernel signature: 717c2cc3ada7d48e4e30c8877e3d36151cbbe0b590592aa922a601e83acebe88
all runs: OK
# git bisect good de5878048e11f1ec44164ebb8994de132074367a
Bisecting: 15 revisions left to test after this (roughly 4 steps)
[5befc7c26e5a98cd49789fb1beb52c62bd472dba] nvme: implement non-mdts command limits

testing commit 5befc7c26e5a98cd49789fb1beb52c62bd472dba with gcc (GCC) 10.2.1 20210217
kernel signature: b6c9af3d37ab8b9fe745c4fc02e9d0751e0e346ffc777c9135bcd5c300b5b33b
run #0: crashed: WARNING in kvm_wait
run #1: crashed: WARNING: ODEBUG bug in netdev_run_todo
run #2: OK
run #3: OK
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
run #10: OK
run #11: OK
run #12: OK
run #13: OK
run #14: OK
run #15: OK
run #16: OK
run #17: OK
run #18: OK
run #19: OK
# git bisect bad 5befc7c26e5a98cd49789fb1beb52c62bd472dba
Bisecting: 7 revisions left to test after this (roughly 3 steps)
[d8e7b462f5b8b93920c6c6a191be887b32306e6b] nvmet-tcp: enable optional queue idle period tracking

testing commit d8e7b462f5b8b93920c6c6a191be887b32306e6b with gcc (GCC) 10.2.1 20210217
kernel signature: 14a93c834a78ee951e90b5310f4bae1c5ca37ce26a764060dce9d7a10360bd3c
all runs: OK
# git bisect good d8e7b462f5b8b93920c6c6a191be887b32306e6b
Bisecting: 3 revisions left to test after this (roughly 2 steps)
[25a64e4e7ef6da605a86ec1bff18d2c3c6ed5329] nvme: remove superfluous else in nvme_ctrl_loss_tmo_store

testing commit 25a64e4e7ef6da605a86ec1bff18d2c3c6ed5329 with gcc (GCC) 10.2.1 20210217
kernel signature: 3133074055823a8e8d4e8f81f0c75b0c5fe1b8d5f712774f091a61f5d5e1d603
all runs: OK
# git bisect good 25a64e4e7ef6da605a86ec1bff18d2c3c6ed5329
Bisecting: 1 revision left to test after this (roughly 1 step)
[dd8f7fa908f66dd44abcd83cbb50410524b9f8ef] nvme: retrigger ANA log update if group descriptor isn't found

testing commit dd8f7fa908f66dd44abcd83cbb50410524b9f8ef with gcc (GCC) 10.2.1 20210217
kernel signature: bb76c9f72389bf8d7640349b4af21267bdc73a271d9e832982e8e7c748cd02a4
run #0: boot failed: WARNING in kvm_wait
run #1: OK
run #2: OK
run #3: OK
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
run #10: OK
run #11: OK
run #12: OK
run #13: OK
run #14: OK
run #15: OK
run #16: OK
run #17: OK
run #18: OK
run #19: OK
# git bisect good dd8f7fa908f66dd44abcd83cbb50410524b9f8ef
Bisecting: 0 revisions left to test after this (roughly 0 steps)
[c881a23fb6f7eb901155d25ba8dd1af0b8c7923b] nvme: disallow passthru cmd from targeting a nsid != nsid of the block dev

testing commit c881a23fb6f7eb901155d25ba8dd1af0b8c7923b with gcc (GCC) 10.2.1 20210217
kernel signature: f78fc553e3df67728f8ca5433f100a60ef7b338446282dec92360d82463fd661
all runs: OK
# git bisect good c881a23fb6f7eb901155d25ba8dd1af0b8c7923b
5befc7c26e5a98cd49789fb1beb52c62bd472dba is the first bad commit
commit 5befc7c26e5a98cd49789fb1beb52c62bd472dba
Author: Keith Busch <kbusch@kernel.org>
Date:   Wed Mar 24 16:18:05 2021 -0700

    nvme: implement non-mdts command limits
    
    Commands that access LBA contents without a data transfer between the
    host historically have not had a spec defined upper limit. The driver
    set the queue constraints for such commands to the max data transfer
    size just to be safe, but this artificial constraint frequently limits
    devices below their capabilities.
    
    The NVMe Workgroup ratified TP4040 defines how a controller may
    advertise their non-MDTS limits. Use these if provided and default to
    the current constraints if not. Since the Dataset Management command
    limits are defined in logical blocks, but without a namespace to tell us
    the logical block size, the code defaults to the safe 512b size.
    
    Signed-off-by: Keith Busch <kbusch@kernel.org>
    Signed-off-by: Christoph Hellwig <hch@lst.de>

 drivers/nvme/host/core.c | 106 ++++++++++++++++++++++++++++++++---------------
 drivers/nvme/host/nvme.h |   3 ++
 include/linux/nvme.h     |  10 +++++
 3 files changed, 85 insertions(+), 34 deletions(-)

culprit signature: b6c9af3d37ab8b9fe745c4fc02e9d0751e0e346ffc777c9135bcd5c300b5b33b
parent  signature: f78fc553e3df67728f8ca5433f100a60ef7b338446282dec92360d82463fd661
Reproducer flagged being flaky
revisions tested: 16, total time: 4h26m39.852916402s (build: 1h50m9.845967842s, test: 2h34m42.107695608s)
first bad commit: 5befc7c26e5a98cd49789fb1beb52c62bd472dba nvme: implement non-mdts command limits
recipients (to): ["axboe@fb.com" "hch@lst.de" "hch@lst.de" "kbusch@kernel.org" "kbusch@kernel.org" "linux-nvme@lists.infradead.org" "sagi@grimberg.me"]
recipients (cc): ["linux-kernel@vger.kernel.org"]
crash: WARNING: ODEBUG bug in netdev_run_todo
bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
bond0 (unregistering): Released all slaves
------------[ cut here ]------------
ODEBUG: free active (active state 0) object type: timer_list hint: delayed_work_timer_fn+0x0/0x90 kernel/workqueue.c:1601
WARNING: CPU: 1 PID: 9 at lib/debugobjects.c:505 debug_print_object+0x16e/0x250 lib/debugobjects.c:505
Modules linked in:
CPU: 1 PID: 9 Comm: kworker/u4:0 Not tainted 5.12.0-rc3-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: netns cleanup_net
RIP: 0010:debug_print_object+0x16e/0x250 lib/debugobjects.c:505
Code: ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 af 00 00 00 48 8b 14 dd e0 62 dd 88 4c 89 ee 48 c7 c7 e0 56 dd 88 e8 4d 5a 84 04 <0f> 0b 83 05 85 33 be 08 01 48 83 c4 18 5b 5d 41 5c 41 5d 41 5e c3
RSP: 0018:ffffc90000ce7860 EFLAGS: 00010282
RAX: 0000000000000000 RBX: 0000000000000003 RCX: 0000000000000000
RDX: 0000000000000001 RSI: ffffffff88dd52c0 RDI: fffff5200019cefe
RBP: 0000000000000001 R08: 0000000000000001 R09: ffff8880ba1301a7
R10: ffffed1017426034 R11: 0000000000000001 R12: ffffffff888cc5a0
R13: ffffffff88dd5d20 R14: ffffffff8159dc50 R15: dffffc0000000000
FS:  0000000000000000(0000) GS:ffff8880ba100000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000000004ad0f0 CR3: 00000000127e5000 CR4: 00000000001506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 __debug_check_no_obj_freed lib/debugobjects.c:987 [inline]
 debug_check_no_obj_freed+0x301/0x420 lib/debugobjects.c:1018
 slab_free_hook mm/slub.c:1554 [inline]
 slab_free_freelist_hook+0x147/0x210 mm/slub.c:1600
 slab_free mm/slub.c:3161 [inline]
 kfree+0xe5/0x7f0 mm/slub.c:4213
 device_release+0x93/0x200 drivers/base/core.c:2108
 kobject_cleanup lib/kobject.c:705 [inline]
 kobject_release lib/kobject.c:736 [inline]
 kref_put include/linux/kref.h:65 [inline]
 kobject_put+0x139/0x410 lib/kobject.c:753
 netdev_run_todo+0x810/0xcd0 net/core/dev.c:10475
 default_device_exit_batch+0x2aa/0x360 net/core/dev.c:11426
 cleanup_net+0x423/0x990 net/core/net_namespace.c:595
 process_one_work+0x84c/0x13b0 kernel/workqueue.c:2275
 worker_thread+0x598/0xf80 kernel/workqueue.c:2421
 kthread+0x36f/0x450 kernel/kthread.c:292
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294