bisecting cause commit starting from 931294922e65a23e1aad6398b9ae02df74044679 building syzkaller on 6a81331a1d4c744da9204d02ec88d558f7eea9c9 testing commit 931294922e65a23e1aad6398b9ae02df74044679 with gcc (GCC) 10.2.1 20210217 kernel signature: ec3ab82421b045b41126fadd0410a844a75d86d6520ad2394d4122fa17f0b308 all runs: crashed: KASAN: use-after-free Read in disk_part_iter_next testing release v5.11 testing commit f40ddce88593482919761f74910f42f4b84c004b with gcc (GCC) 10.2.1 20210217 kernel signature: e99cd9f143ce9d9fcac692e506c1f42fd7bad007e669bcc2d658384620d3ab58 all runs: crashed: KASAN: use-after-free Read in delete_partition testing release v5.10 testing commit 2c85ebc57b3e1817b6ce1a6b703928e113a90442 with gcc (GCC) 10.2.1 20210217 kernel signature: a85323b0701dba111ac583b145ff31def09d195ee905600b53b701659a53318a all runs: OK # git bisect start f40ddce88593482919761f74910f42f4b84c004b 2c85ebc57b3e1817b6ce1a6b703928e113a90442 Bisecting: 7761 revisions left to test after this (roughly 13 steps) [538fcf57aaee6ad78a05f52b69a99baa22b33418] Merge branches 'acpi-scan', 'acpi-pnp' and 'acpi-sleep' testing commit 538fcf57aaee6ad78a05f52b69a99baa22b33418 with gcc (GCC) 10.2.1 20210217 kernel signature: 8287b7352ce225f287b0545315af4572a68c2db3782b1c6706269c19531bfbad all runs: OK # git bisect good 538fcf57aaee6ad78a05f52b69a99baa22b33418 Bisecting: 3868 revisions left to test after this (roughly 12 steps) [d64c6f96ba86bd8b97ed8d6762a8c8cc1770d214] Merge tag 'net-5.11-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net testing commit d64c6f96ba86bd8b97ed8d6762a8c8cc1770d214 with gcc (GCC) 10.2.1 20210217 kernel signature: 564fd10fcc174c4b31e575f44da5253bc49438cc9c2278071b23ceed45cd844c all runs: crashed: KASAN: use-after-free Read in delete_partition # git bisect bad d64c6f96ba86bd8b97ed8d6762a8c8cc1770d214 Bisecting: 1915 revisions left to test after this (roughly 11 steps) [f68e4041ef63f03091e44b4eebf1ab5c5d427e6f] Merge tag 'pinctrl-v5.11-1' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl testing commit f68e4041ef63f03091e44b4eebf1ab5c5d427e6f with gcc (GCC) 10.2.1 20210217 kernel signature: f2ee9055187c34139e8920e2be04f84d37221fc29bb17ef34d7dae1f4f5087e9 all runs: crashed: KASAN: use-after-free Read in delete_partition # git bisect bad f68e4041ef63f03091e44b4eebf1ab5c5d427e6f Bisecting: 1009 revisions left to test after this (roughly 10 steps) [005b2a9dc819a1265a8c765595f8f6d88d6173d9] Merge tag 'tif-task_work.arch-2020-12-14' of git://git.kernel.dk/linux-block testing commit 005b2a9dc819a1265a8c765595f8f6d88d6173d9 with gcc (GCC) 10.2.1 20210217 kernel signature: 20d2b26a28cff93b1101f9f6df30580f62d8d96dadc9d70501d7fa62ffc8e94d all runs: OK # git bisect good 005b2a9dc819a1265a8c765595f8f6d88d6173d9 Bisecting: 491 revisions left to test after this (roughly 9 steps) [60f7c503d971a731ee3c4f884a9f2e80d476730d] Merge tag 'scsi-misc' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi testing commit 60f7c503d971a731ee3c4f884a9f2e80d476730d with gcc (GCC) 10.2.1 20210217 kernel signature: 57a911b12fe4f474bac88d5b97cc6fd2352d03579f7196d5a26fa64b7c1e50de all runs: crashed: KASAN: use-after-free Read in delete_partition # git bisect bad 60f7c503d971a731ee3c4f884a9f2e80d476730d Bisecting: 258 revisions left to test after this (roughly 8 steps) [a6dcfe08487e5e83b6b4214c959a9577a9ed2d9f] scsi: qla2xxx: Limit interrupt vectors to number of CPUs testing commit a6dcfe08487e5e83b6b4214c959a9577a9ed2d9f with gcc (GCC) 10.2.1 20210217 kernel signature: 3ea0bfe0d1ac1c5c432c180f877a44fe0f29cbe894683ebf5d1078ac6673168f all runs: OK # git bisect good a6dcfe08487e5e83b6b4214c959a9577a9ed2d9f Bisecting: 132 revisions left to test after this (roughly 7 steps) [fa94ba8a7b22890e6a17b39b9359e114fe18cd59] blk-mq: fix msec comment from micro to milli seconds testing commit fa94ba8a7b22890e6a17b39b9359e114fe18cd59 with gcc (GCC) 10.2.1 20210217 kernel signature: fb1a5760ac238c8d33383356611f08f8d8553384248528604989f9aa5a41b2ba run #0: basic kernel testing failed: BUG: sleeping function called from invalid context in sta_info_move_state run #1: crashed: BUG: sleeping function called from invalid context in sta_info_move_state run #2: crashed: KASAN: use-after-free Read in delete_partition run #3: crashed: KASAN: use-after-free Read in delete_partition run #4: crashed: KASAN: use-after-free Read in delete_partition run #5: crashed: KASAN: use-after-free Read in delete_partition run #6: crashed: KASAN: use-after-free Read in delete_partition run #7: crashed: KASAN: use-after-free Read in delete_partition run #8: crashed: KASAN: use-after-free Read in delete_partition run #9: crashed: KASAN: use-after-free Read in delete_partition # git bisect bad fa94ba8a7b22890e6a17b39b9359e114fe18cd59 Bisecting: 62 revisions left to test after this (roughly 6 steps) [b601d148a16ea16dfbaf3600be35ee175847a09b] block: remove a duplicate __disk_get_part prototype testing commit b601d148a16ea16dfbaf3600be35ee175847a09b with gcc (GCC) 10.2.1 20210217 kernel signature: e4bdabfbe38ada86b70d86f56c17ff2b3fe57b88e951aa989e4576d0c264fc9e run #0: basic kernel testing failed: BUG: sleeping function called from invalid context in sta_info_move_state run #1: crashed: BUG: sleeping function called from invalid context in sta_info_move_state run #2: crashed: BUG: sleeping function called from invalid context in sta_info_move_state run #3: crashed: BUG: sleeping function called from invalid context in sta_info_move_state run #4: crashed: BUG: sleeping function called from invalid context in sta_info_move_state run #5: crashed: BUG: sleeping function called from invalid context in sta_info_move_state run #6: OK run #7: OK run #8: OK run #9: OK # git bisect bad b601d148a16ea16dfbaf3600be35ee175847a09b Bisecting: 31 revisions left to test after this (roughly 5 steps) [3b4f85d02a4bd85cbea999a064235a47694bbb7b] loop: let set_capacity_revalidate_and_notify update the bdev size testing commit 3b4f85d02a4bd85cbea999a064235a47694bbb7b with gcc (GCC) 10.2.1 20210217 kernel signature: 6b0f03980e0f06b20d8871572ceab1b7120dc69ee9602bf7e79f564921b361b9 run #0: crashed: BUG: sleeping function called from invalid context in sta_info_move_state run #1: crashed: BUG: sleeping function called from invalid context in sta_info_move_state run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK reproducer seems to be flaky # git bisect bad 3b4f85d02a4bd85cbea999a064235a47694bbb7b Bisecting: 15 revisions left to test after this (roughly 4 steps) [a160c6159d4a0cf82f28bc1658a958e278ec3688] block: add an optional probe callback to major_names testing commit a160c6159d4a0cf82f28bc1658a958e278ec3688 with gcc (GCC) 10.2.1 20210217 kernel signature: b9f73122bf2ee80c65426a824df5200bbab404c202c082a6045c06f5a59ee044 run #0: basic kernel testing failed: BUG: sleeping function called from invalid context in sta_info_move_state run #1: crashed: BUG: sleeping function called from invalid context in sta_info_move_state run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK run #10: OK run #11: OK run #12: OK run #13: OK run #14: OK run #15: OK run #16: OK run #17: OK run #18: OK run #19: OK # git bisect bad a160c6159d4a0cf82f28bc1658a958e278ec3688 Bisecting: 7 revisions left to test after this (roughly 3 steps) [732e12d805a77f74c907c0a28ece271ef1e81e01] block: don't call into the driver for BLKROSET testing commit 732e12d805a77f74c907c0a28ece271ef1e81e01 with gcc (GCC) 10.2.1 20210217 kernel signature: aaadefe9653d94da66c11c3c22c8a65544e0d6aaa78d0daf89ad546d6adc00c3 run #0: basic kernel testing failed: BUG: sleeping function called from invalid context in sta_info_move_state run #1: basic kernel testing failed: BUG: sleeping function called from invalid context in sta_info_move_state run #2: crashed: BUG: sleeping function called from invalid context in sta_info_move_state run #3: crashed: BUG: sleeping function called from invalid context in sta_info_move_state run #4: crashed: BUG: sleeping function called from invalid context in sta_info_move_state run #5: crashed: BUG: sleeping function called from invalid context in sta_info_move_state run #6: crashed: BUG: sleeping function called from invalid context in sta_info_move_state run #7: OK run #8: OK run #9: OK run #10: OK run #11: OK run #12: OK run #13: OK run #14: OK run #15: OK run #16: OK run #17: OK run #18: OK run #19: OK # git bisect bad 732e12d805a77f74c907c0a28ece271ef1e81e01 Bisecting: 3 revisions left to test after this (roughly 2 steps) [e00adcadf3af7a8335026d71ab9f0e0a922191ac] block: add a new set_read_only method testing commit e00adcadf3af7a8335026d71ab9f0e0a922191ac with gcc (GCC) 10.2.1 20210217 kernel signature: 9d5a4203294e5f3340694ed3ecfde3c0271a886f6ff4d03ac59f89192c6de5a8 run #0: basic kernel testing failed: BUG: sleeping function called from invalid context in sta_info_move_state run #1: crashed: BUG: sleeping function called from invalid context in sta_info_move_state run #2: crashed: BUG: sleeping function called from invalid context in sta_info_move_state run #3: crashed: BUG: sleeping function called from invalid context in sta_info_move_state run #4: crashed: BUG: sleeping function called from invalid context in sta_info_move_state run #5: crashed: BUG: sleeping function called from invalid context in sta_info_move_state run #6: OK run #7: OK run #8: OK run #9: OK run #10: OK run #11: OK run #12: OK run #13: OK run #14: OK run #15: OK run #16: OK run #17: OK run #18: OK run #19: OK # git bisect bad e00adcadf3af7a8335026d71ab9f0e0a922191ac Bisecting: 0 revisions left to test after this (roughly 1 step) [4a9d6d667f0bafed55a9e9f5ae8bceb3680749d7] block: don't call into the driver for BLKFLSBUF testing commit 4a9d6d667f0bafed55a9e9f5ae8bceb3680749d7 with gcc (GCC) 10.2.1 20210217 kernel signature: 6804d0b96e6f53fa8826638d458e967853a1b8bd1e9f1455b8fe24392c347728 run #0: basic kernel testing failed: BUG: sleeping function called from invalid context in sta_info_move_state run #1: basic kernel testing failed: BUG: sleeping function called from invalid context in sta_info_move_state run #2: crashed: BUG: sleeping function called from invalid context in sta_info_move_state run #3: crashed: BUG: sleeping function called from invalid context in sta_info_move_state run #4: crashed: BUG: sleeping function called from invalid context in sta_info_move_state run #5: crashed: BUG: sleeping function called from invalid context in sta_info_move_state run #6: crashed: BUG: sleeping function called from invalid context in sta_info_move_state run #7: crashed: BUG: sleeping function called from invalid context in sta_info_move_state run #8: crashed: BUG: sleeping function called from invalid context in sta_info_move_state run #9: crashed: BUG: sleeping function called from invalid context in sta_info_move_state run #10: crashed: BUG: sleeping function called from invalid context in sta_info_move_state run #11: OK run #12: OK run #13: OK run #14: OK run #15: OK run #16: OK run #17: OK run #18: OK run #19: OK # git bisect bad 4a9d6d667f0bafed55a9e9f5ae8bceb3680749d7 Bisecting: 0 revisions left to test after this (roughly 0 steps) [daaedb820ad716e00210af8859b194c404202b78] mtd_blkdevs: don't override BLKFLSBUF testing commit daaedb820ad716e00210af8859b194c404202b78 with gcc (GCC) 10.2.1 20210217 kernel signature: 85acf0c429f01ac80b04fd5c5955dd0376419f3b4c6e64c6a6aa3a9db5f0368b run #0: basic kernel testing failed: BUG: sleeping function called from invalid context in sta_info_move_state run #1: basic kernel testing failed: BUG: sleeping function called from invalid context in sta_info_move_state run #2: basic kernel testing failed: BUG: sleeping function called from invalid context in sta_info_move_state run #3: crashed: BUG: sleeping function called from invalid context in sta_info_move_state run #4: crashed: BUG: sleeping function called from invalid context in sta_info_move_state run #5: crashed: BUG: sleeping function called from invalid context in sta_info_move_state run #6: crashed: BUG: sleeping function called from invalid context in sta_info_move_state run #7: OK run #8: OK run #9: OK run #10: OK run #11: OK run #12: OK run #13: OK run #14: OK run #15: OK run #16: OK run #17: OK run #18: OK run #19: OK # git bisect bad daaedb820ad716e00210af8859b194c404202b78 daaedb820ad716e00210af8859b194c404202b78 is the first bad commit commit daaedb820ad716e00210af8859b194c404202b78 Author: Christoph Hellwig Date: Tue Nov 3 11:00:09 2020 +0100 mtd_blkdevs: don't override BLKFLSBUF BLKFLSBUF is not supposed to actually send a flush command to the device, but to tear down buffer cache structures. Remove the mtd_blkdevs implementation and just use the default semantics instead. Signed-off-by: Christoph Hellwig Acked-by: Richard Weinberger Signed-off-by: Jens Axboe drivers/mtd/mtd_blkdevs.c | 28 ---------------------------- 1 file changed, 28 deletions(-) parent commit 09162bc32c880a791c6c0668ce0745cf7958f576 wasn't tested testing commit 09162bc32c880a791c6c0668ce0745cf7958f576 with gcc (GCC) 10.2.1 20210217 kernel signature: 690dccbc025c741feaf3f4e159a9e0174752a1890abfca212a7e07abc91a61de culprit signature: 85acf0c429f01ac80b04fd5c5955dd0376419f3b4c6e64c6a6aa3a9db5f0368b parent signature: 690dccbc025c741feaf3f4e159a9e0174752a1890abfca212a7e07abc91a61de Reproducer flagged being flaky revisions tested: 17, total time: 5h3m14.919908445s (build: 2h1m45.426529108s, test: 2h59m12.679454856s) first bad commit: daaedb820ad716e00210af8859b194c404202b78 mtd_blkdevs: don't override BLKFLSBUF recipients (to): ["axboe@kernel.dk" "hch@lst.de" "richard@nod.at"] recipients (cc): [] crash: BUG: sleeping function called from invalid context in sta_info_move_state wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 BUG: sleeping function called from invalid context at net/mac80211/sta_info.c:1962 in_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 8, name: kworker/u4:0 INFO: lockdep is turned off. Preemption disabled at: [] __mutex_lock_common kernel/locking/mutex.c:955 [inline] [] __mutex_lock+0x10f/0x1210 kernel/locking/mutex.c:1103 CPU: 1 PID: 8 Comm: kworker/u4:0 Not tainted 5.10.0-rc4-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: phy10 ieee80211_iface_work Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x9a/0xcc lib/dump_stack.c:118 ___might_sleep.cold+0x65/0x79 kernel/sched/core.c:7298 sta_info_move_state+0x2b/0x9d0 net/mac80211/sta_info.c:1962 sta_info_free+0x5c/0x340 net/mac80211/sta_info.c:274 sta_info_insert_rcu+0x2a5/0x2700 net/mac80211/sta_info.c:738 ieee80211_ibss_finish_sta+0x1af/0x2d0 net/mac80211/ibss.c:592 ieee80211_ibss_work+0x265/0xcc0 net/mac80211/ibss.c:1700 process_one_work+0x75b/0x1230 kernel/workqueue.c:2272 worker_thread+0x598/0xf80 kernel/workqueue.c:2418 kthread+0x36d/0x450 kernel/kthread.c:292 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:296 wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 BUG: sleeping function called from invalid context at net/mac80211/sta_info.c:1962 in_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 8, name: kworker/u4:0 INFO: lockdep is turned off. Preemption disabled at: [] __mutex_lock_common kernel/locking/mutex.c:955 [inline] [] __mutex_lock+0x10f/0x1210 kernel/locking/mutex.c:1103 CPU: 0 PID: 8 Comm: kworker/u4:0 Tainted: G W 5.10.0-rc4-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: phy14 ieee80211_iface_work Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x9a/0xcc lib/dump_stack.c:118 ___might_sleep.cold+0x65/0x79 kernel/sched/core.c:7298 sta_info_move_state+0x2b/0x9d0 net/mac80211/sta_info.c:1962 sta_info_free+0x5c/0x340 net/mac80211/sta_info.c:274 sta_info_insert_rcu+0x2a5/0x2700 net/mac80211/sta_info.c:738 ieee80211_ibss_finish_sta+0x1af/0x2d0 net/mac80211/ibss.c:592 ieee80211_ibss_work+0x265/0xcc0 net/mac80211/ibss.c:1700 process_one_work+0x75b/0x1230 kernel/workqueue.c:2272 worker_thread+0x598/0xf80 kernel/workqueue.c:2418 kthread+0x36d/0x450 kernel/kthread.c:292 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:296