bisecting cause commit starting from 139c2d13c258bacc545fc2a4091f7fb0a6fb08fd
building syzkaller on 25bb509e5964da8203766c4039e4fef25e4689b1
testing commit 139c2d13c258bacc545fc2a4091f7fb0a6fb08fd with gcc (GCC) 8.1.0
run #0: crashed: KASAN: null-ptr-deref Write in io_wq_cancel_all
run #1: crashed: KASAN: null-ptr-deref Write in io_wq_cancel_all
run #2: crashed: KASAN: null-ptr-deref Write in io_wq_cancel_all
run #3: crashed: KASAN: null-ptr-deref Write in io_wq_cancel_all
run #4: crashed: KASAN: null-ptr-deref Write in io_wq_cancel_all
run #5: crashed: KASAN: null-ptr-deref Write in io_wq_cancel_all
run #6: crashed: KASAN: null-ptr-deref Write in io_wq_cancel_all
run #7: crashed: KASAN: null-ptr-deref Write in io_wq_cancel_all
run #8: basic kernel testing failed: INFO: task hung in mpage_prepare_extent_to_map
run #9: crashed: INFO: task hung in mpage_prepare_extent_to_map
testing release v5.3
testing commit 4d856f72c10ecb060868ed10ff1b1453943fc6c8 with gcc (GCC) 8.1.0
all runs: OK
# git bisect start 139c2d13c258bacc545fc2a4091f7fb0a6fb08fd v5.3
Bisecting: 10645 revisions left to test after this (roughly 13 steps)
[a703d279c57e1bfe2b6536c3a17c1c498b416d24] Merge tag 'clk-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/clk/linux
testing commit a703d279c57e1bfe2b6536c3a17c1c498b416d24 with gcc (GCC) 8.1.0
all runs: OK
# git bisect good a703d279c57e1bfe2b6536c3a17c1c498b416d24
Bisecting: 5352 revisions left to test after this (roughly 12 steps)
[88a557a701a38bc49be84c7e19d42a04f48e6983] Merge remote-tracking branch 'nfsd/nfsd-next'
testing commit 88a557a701a38bc49be84c7e19d42a04f48e6983 with gcc (GCC) 8.1.0
all runs: OK
# git bisect good 88a557a701a38bc49be84c7e19d42a04f48e6983
Bisecting: 2855 revisions left to test after this (roughly 11 steps)
[6c1b0a2961995d2c635f22e8063fcd29fb80b5d4] Merge remote-tracking branch 'drm/drm-next'
testing commit 6c1b0a2961995d2c635f22e8063fcd29fb80b5d4 with gcc (GCC) 8.1.0
all runs: OK
# git bisect good 6c1b0a2961995d2c635f22e8063fcd29fb80b5d4
Bisecting: 1495 revisions left to test after this (roughly 11 steps)
[76ba0f534b74f04da4006886cd96cd75c9b7c2cf] Merge remote-tracking branch 'spi/for-next'
testing commit 76ba0f534b74f04da4006886cd96cd75c9b7c2cf with gcc (GCC) 8.1.0
run #0: crashed: KASAN: null-ptr-deref Write in io_wq_cancel_all
run #1: crashed: KASAN: null-ptr-deref Write in io_wq_cancel_all
run #2: crashed: KASAN: null-ptr-deref Write in io_wq_cancel_all
run #3: crashed: KASAN: null-ptr-deref Write in io_wq_cancel_all
run #4: crashed: KASAN: null-ptr-deref Write in io_wq_cancel_all
run #5: crashed: KASAN: null-ptr-deref Write in io_wq_cancel_all
run #6: crashed: KASAN: null-ptr-deref Write in io_wq_cancel_all
run #7: crashed: KASAN: null-ptr-deref Write in io_wq_cancel_all
run #8: crashed: KASAN: null-ptr-deref Write in io_wq_cancel_all
run #9: crashed: INFO: task hung in io_wq_destroy
# git bisect bad 76ba0f534b74f04da4006886cd96cd75c9b7c2cf
Bisecting: 652 revisions left to test after this (roughly 9 steps)
[e053201c0c34141bb32d834f35e3ac4179e2e519] Merge remote-tracking branch 'drm-tegra/drm/tegra/for-next'
testing commit e053201c0c34141bb32d834f35e3ac4179e2e519 with gcc (GCC) 8.1.0
all runs: OK
# git bisect good e053201c0c34141bb32d834f35e3ac4179e2e519
Bisecting: 334 revisions left to test after this (roughly 8 steps)
[444e2093136ef89943421ea2c672c4bc9aa8ff27] Merge remote-tracking branch 'block/for-next'
testing commit 444e2093136ef89943421ea2c672c4bc9aa8ff27 with gcc (GCC) 8.1.0
run #0: crashed: KASAN: null-ptr-deref Write in io_wq_cancel_all
run #1: crashed: KASAN: null-ptr-deref Write in io_wq_cancel_all
run #2: crashed: KASAN: null-ptr-deref Write in io_wq_cancel_all
run #3: crashed: KASAN: null-ptr-deref Write in io_wq_cancel_all
run #4: crashed: KASAN: null-ptr-deref Write in io_wq_cancel_all
run #5: crashed: KASAN: null-ptr-deref Write in io_wq_cancel_all
run #6: crashed: INFO: task hung in io_wq_destroy
run #7: crashed: INFO: task hung in io_wq_destroy
run #8: crashed: INFO: task hung in io_wq_destroy
run #9: crashed: INFO: task hung in io_wq_destroy
# git bisect bad 444e2093136ef89943421ea2c672c4bc9aa8ff27
Bisecting: 158 revisions left to test after this (roughly 7 steps)
[b2d6ee75312649d55b41386d1d80cdbca48e3cf0] ASOC: adau7118: Change regulators id
testing commit b2d6ee75312649d55b41386d1d80cdbca48e3cf0 with gcc (GCC) 8.1.0
all runs: OK
# git bisect good b2d6ee75312649d55b41386d1d80cdbca48e3cf0
Bisecting: 70 revisions left to test after this (roughly 6 steps)
[20d71346dfad85412a99ed72fecf5353942af55a] Merge remote-tracking branch 'sound/for-next'
testing commit 20d71346dfad85412a99ed72fecf5353942af55a with gcc (GCC) 8.1.0
all runs: OK
# git bisect good 20d71346dfad85412a99ed72fecf5353942af55a
Bisecting: 32 revisions left to test after this (roughly 5 steps)
[f015479bab2cce2c304ff77801f1542292efb7f2] Merge branch 'for-5.5/drivers' into for-next
testing commit f015479bab2cce2c304ff77801f1542292efb7f2 with gcc (GCC) 8.1.0
run #0: crashed: KASAN: null-ptr-deref Write in io_wq_cancel_all
run #1: crashed: KASAN: null-ptr-deref Write in io_wq_cancel_all
run #2: crashed: KASAN: null-ptr-deref Write in io_wq_cancel_all
run #3: crashed: KASAN: null-ptr-deref Write in io_wq_cancel_all
run #4: crashed: KASAN: null-ptr-deref Write in io_wq_cancel_all
run #5: crashed: INFO: task hung in io_wq_destroy
run #6: crashed: INFO: task hung in io_wq_destroy
run #7: crashed: INFO: task hung in io_wq_destroy
run #8: crashed: INFO: task hung in io_wq_destroy
run #9: crashed: INFO: task hung in io_wq_destroy
# git bisect bad f015479bab2cce2c304ff77801f1542292efb7f2
Bisecting: 21 revisions left to test after this (roughly 4 steps)
[3f982fff29b4ad339b36e9cf43422d1039f9917a] Merge branch 'for-5.5/drivers' into for-next
testing commit 3f982fff29b4ad339b36e9cf43422d1039f9917a with gcc (GCC) 8.1.0
run #0: crashed: WARNING: ODEBUG bug in netdev_freemem
run #1: OK
run #2: OK
run #3: OK
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
# git bisect bad 3f982fff29b4ad339b36e9cf43422d1039f9917a
Bisecting: 7 revisions left to test after this (roughly 3 steps)
[bb4e6b149103c285aeeba43a8141ea3b7009c0fa] blk-mq: Reuse callback in blk_mq_in_flight*()
testing commit bb4e6b149103c285aeeba43a8141ea3b7009c0fa with gcc (GCC) 8.1.0
all runs: OK
# git bisect good bb4e6b149103c285aeeba43a8141ea3b7009c0fa
Bisecting: 3 revisions left to test after this (roughly 2 steps)
[800c3d4ff6e319b30f145019e70c185e39b5e02b] Merge branch 'for-5.5/block' into for-next
testing commit 800c3d4ff6e319b30f145019e70c185e39b5e02b with gcc (GCC) 8.1.0
all runs: OK
# git bisect good 800c3d4ff6e319b30f145019e70c185e39b5e02b
Bisecting: 1 revision left to test after this (roughly 1 step)
[45919fbfe1c487c17ea1d198534339a5e8abeae3] null_blk: Enable modifying 'submit_queues' after an instance has been configured
testing commit 45919fbfe1c487c17ea1d198534339a5e8abeae3 with gcc (GCC) 8.1.0
all runs: OK
# git bisect good 45919fbfe1c487c17ea1d198534339a5e8abeae3
Bisecting: 0 revisions left to test after this (roughly 0 steps)
[dd85b4922de1b70f0729d2a7856db619e210a8ec] null_blk: return fixed zoned reads > write pointer
testing commit dd85b4922de1b70f0729d2a7856db619e210a8ec with gcc (GCC) 8.1.0
all runs: OK
# git bisect good dd85b4922de1b70f0729d2a7856db619e210a8ec
3f982fff29b4ad339b36e9cf43422d1039f9917a is the first bad commit
revisions tested: 16, total time: 4h19m47.956111928s (build: 1h37m46.551942792s, test: 2h37m6.890308497s)
first bad commit: 3f982fff29b4ad339b36e9cf43422d1039f9917a Merge branch 'for-5.5/drivers' into for-next
cc: ["axboe@kernel.dk"]
crash: WARNING: ODEBUG bug in netdev_freemem
bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
bond0 (unregistering): Released all slaves
------------[ cut here ]------------
ODEBUG: free active (active state 0) object type: timer_list hint: delayed_work_timer_fn+0x0/0x90 arch/x86/include/asm/paravirt.h:756
WARNING: CPU: 1 PID: 2746 at lib/debugobjects.c:484 debug_print_object+0x168/0x210 lib/debugobjects.c:481
Kernel panic - not syncing: panic_on_warn set ...
CPU: 1 PID: 2746 Comm: kworker/u4:5 Not tainted 5.4.0-rc4+ #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: netns cleanup_net
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x113/0x167 lib/dump_stack.c:113
 panic+0x22a/0x4e3 kernel/panic.c:221
 __warn.cold.11+0x25/0x30 kernel/panic.c:582
 report_bug+0x1b0/0x270 lib/bug.c:195
 fixup_bug arch/x86/kernel/traps.c:179 [inline]
 do_error_trap+0x11b/0x200 arch/x86/kernel/traps.c:272
 do_invalid_op+0x36/0x40 arch/x86/kernel/traps.c:291
 invalid_op+0x23/0x30 arch/x86/entry/entry_64.S:1028
RIP: 0010:debug_print_object+0x168/0x210 lib/debugobjects.c:481
Code: 63 87 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 92 00 00 00 48 8b 14 dd a0 89 63 87 4c 89 fe 48 c7 c7 00 7f 63 87 e8 4a 7e 31 fe <0f> 0b 83 05 f3 39 0f 06 01 48 83 c4 18 5b 41 5c 41 5d 41 5e 41 5f
RSP: 0018:ffff8880a09f7850 EFLAGS: 00010086
RAX: 0000000000000000 RBX: 0000000000000003 RCX: 0000000000000000
RDX: 0000000000000001 RSI: 0000000000000008 RDI: ffffffff89fde120
RBP: ffff8880a09f7890 R08: ffffed1015d64101 R09: ffffed1015d64101
R10: ffffed1015d64100 R11: ffff8880aeb20807 R12: 0000000000000001
R13: ffffffff885ae480 R14: ffffffff8159bf20 R15: ffffffff87638600
 __debug_check_no_obj_freed lib/debugobjects.c:963 [inline]
 debug_check_no_obj_freed+0x2db/0x436 lib/debugobjects.c:994
 kfree+0xf6/0x2c0 mm/slab.c:3755
 kvfree+0x2c/0x30 mm/util.c:593
 netdev_freemem+0x47/0x60 net/core/dev.c:9148
 netdev_release+0x6c/0x90 net/core/net-sysfs.c:1635
 device_release+0x6a/0x1c0 drivers/base/core.c:1101
 kobject_cleanup lib/kobject.c:693 [inline]
 kobject_release lib/kobject.c:722 [inline]
 kref_put include/linux/kref.h:65 [inline]
 kobject_put.cold.8+0x229/0x27c lib/kobject.c:739
 netdev_run_todo+0x453/0x6b0 net/core/dev.c:9053
 rtnl_unlock+0x9/0x10 net/core/rtnetlink.c:112
 default_device_exit_batch+0x2f8/0x3e0 net/core/dev.c:9836
 ops_exit_list.isra.6+0xdf/0x130 net/core/net_namespace.c:175
 cleanup_net+0x485/0x9d0 net/core/net_namespace.c:595
 process_one_work+0x856/0x1630 kernel/workqueue.c:2269
 worker_thread+0x85/0xb60 kernel/workqueue.c:2415
 kthread+0x331/0x3f0 kernel/kthread.c:255
 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:352
Kernel Offset: disabled
Rebooting in 86400 seconds..