bisecting fixing commit since 0df445b0f0daa57b57571edb1386edc622938276 building syzkaller on 1ab681a4bc3f87b09150fa23f9dd4e2c5f5c33cc testing commit 0df445b0f0daa57b57571edb1386edc622938276 with gcc (GCC) 8.1.0 kernel signature: 444df80e512efaa317f67843a1d0ce0b0dea8d3a7d7413ef65cecec4a2e1f13a run #0: basic kernel testing failed: BUG: sleeping function called from invalid context in sta_info_move_state run #1: crashed: BUG: sleeping function called from invalid context in sta_info_move_state run #2: crashed: BUG: sleeping function called from invalid context in sta_info_move_state run #3: crashed: BUG: sleeping function called from invalid context in sta_info_move_state run #4: crashed: BUG: sleeping function called from invalid context in sta_info_move_state run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK reproducer seems to be flaky testing current HEAD 3f2ecb86cb909da0b9157fd2952ad79924cbe5ae testing commit 3f2ecb86cb909da0b9157fd2952ad79924cbe5ae with gcc (GCC) 8.1.0 kernel signature: 62c348e9879ea70d6a84e1075ba3e6ab77b78de566c8a48d41d1b23091fbf899 all runs: OK # git bisect start 3f2ecb86cb909da0b9157fd2952ad79924cbe5ae 0df445b0f0daa57b57571edb1386edc622938276 Bisecting: 81 revisions left to test after this (roughly 6 steps) [930bb3092fe606baa23d57ae59b70b291d67a8af] nvme: free sq/cq dbbuf pointers when dbbuf set fails testing commit 930bb3092fe606baa23d57ae59b70b291d67a8af with gcc (GCC) 8.1.0 kernel signature: d2933d3f98cd99ea7517d84ff4e279d82b037e5c1b263734b190f6d4c4db072e all runs: OK # git bisect bad 930bb3092fe606baa23d57ae59b70b291d67a8af Bisecting: 40 revisions left to test after this (roughly 5 steps) [4d88073eb6951634faa641575cfa5a8f562ffd61] libfs: fix error cast of negative value in simple_attr_write() testing commit 4d88073eb6951634faa641575cfa5a8f562ffd61 with gcc (GCC) 8.1.0 kernel signature: 626bc3ab98f708366a5f9113c2667afff8a45100d9d9bde1d5515facfcc002f3 run #0: crashed: BUG: sleeping function called from invalid context in sta_info_move_state run #1: crashed: BUG: sleeping function called from invalid context in sta_info_move_state run #2: crashed: BUG: sleeping function called from invalid context in sta_info_move_state run #3: crashed: BUG: sleeping function called from invalid context in sta_info_move_state run #4: crashed: BUG: sleeping function called from invalid context in sta_info_move_state run #5: crashed: BUG: sleeping function called from invalid context in sta_info_move_state run #6: crashed: BUG: sleeping function called from invalid context in sta_info_move_state run #7: crashed: BUG: sleeping function called from invalid context in sta_info_move_state run #8: OK run #9: OK # git bisect good 4d88073eb6951634faa641575cfa5a8f562ffd61 Bisecting: 20 revisions left to test after this (roughly 4 steps) [8ba97e25e9225bf3983d2c07da2e4a3606a04191] x86/microcode/intel: Check patch signature before saving microcode for early loading testing commit 8ba97e25e9225bf3983d2c07da2e4a3606a04191 with gcc (GCC) 8.1.0 kernel signature: d4f594abc7bff5181d8dd2b31af95d47fa3b877d28daa5c27dc2ec37c116df1e all runs: OK # git bisect bad 8ba97e25e9225bf3983d2c07da2e4a3606a04191 Bisecting: 9 revisions left to test after this (roughly 3 steps) [006a12ec63b29c89ce207568a74155ef1e4a6a09] iio: accel: kxcjk1013: Add support for KIOX010A ACPI DSM for setting tablet-mode testing commit 006a12ec63b29c89ce207568a74155ef1e4a6a09 with gcc (GCC) 8.1.0 kernel signature: 933f89ac1d3ebb1c3d278df37a5caea834188dce1a2a47c4120c4b8e838d7765 run #0: crashed: BUG: sleeping function called from invalid context in sta_info_move_state run #1: crashed: BUG: sleeping function called from invalid context in sta_info_move_state run #2: crashed: BUG: sleeping function called from invalid context in sta_info_move_state run #3: crashed: BUG: sleeping function called from invalid context in sta_info_move_state run #4: crashed: BUG: sleeping function called from invalid context in sta_info_move_state run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect good 006a12ec63b29c89ce207568a74155ef1e4a6a09 Bisecting: 4 revisions left to test after this (roughly 2 steps) [232c177ef901735cd49a9c741dbf7cfa0fac82a5] mac80211: minstrel: remove deferred sampling code testing commit 232c177ef901735cd49a9c741dbf7cfa0fac82a5 with gcc (GCC) 8.1.0 kernel signature: 17baf04ad24bc2f8d318304f93aa3d624e259e4b7eb67788839f691e313f7033 run #0: crashed: BUG: sleeping function called from invalid context in sta_info_move_state run #1: crashed: BUG: sleeping function called from invalid context in sta_info_move_state run #2: crashed: BUG: sleeping function called from invalid context in sta_info_move_state run #3: crashed: BUG: sleeping function called from invalid context in sta_info_move_state run #4: crashed: BUG: sleeping function called from invalid context in sta_info_move_state run #5: crashed: BUG: sleeping function called from invalid context in sta_info_move_state run #6: OK run #7: OK run #8: OK run #9: OK # git bisect good 232c177ef901735cd49a9c741dbf7cfa0fac82a5 Bisecting: 2 revisions left to test after this (roughly 1 step) [89ab6b90b7d92d0e561fed063baac6e6b287bc84] mac80211: free sta in sta_info_insert_finish() on errors testing commit 89ab6b90b7d92d0e561fed063baac6e6b287bc84 with gcc (GCC) 8.1.0 kernel signature: d3874f17288a4218f211034494ae9c5ada423466ff247201f45894ca2c952783 all runs: OK # git bisect bad 89ab6b90b7d92d0e561fed063baac6e6b287bc84 Bisecting: 0 revisions left to test after this (roughly 0 steps) [229b9cb7942fbb78fea0aeaf5c6d10caf596fcf7] mac80211: minstrel: fix tx status processing corner case testing commit 229b9cb7942fbb78fea0aeaf5c6d10caf596fcf7 with gcc (GCC) 8.1.0 kernel signature: 55d893b8fb0b9496143b2caafc31175337f7eec9fe1d6714554b494740c66559 run #0: basic kernel testing failed: BUG: sleeping function called from invalid context in sta_info_move_state run #1: crashed: BUG: sleeping function called from invalid context in sta_info_move_state run #2: crashed: BUG: sleeping function called from invalid context in sta_info_move_state run #3: crashed: BUG: sleeping function called from invalid context in sta_info_move_state run #4: crashed: BUG: sleeping function called from invalid context in sta_info_move_state run #5: crashed: BUG: sleeping function called from invalid context in sta_info_move_state run #6: OK run #7: OK run #8: OK run #9: OK # git bisect good 229b9cb7942fbb78fea0aeaf5c6d10caf596fcf7 89ab6b90b7d92d0e561fed063baac6e6b287bc84 is the first bad commit commit 89ab6b90b7d92d0e561fed063baac6e6b287bc84 Author: Johannes Berg Date: Thu Nov 12 11:22:04 2020 +0100 mac80211: free sta in sta_info_insert_finish() on errors commit 7bc40aedf24d31d8bea80e1161e996ef4299fb10 upstream. If sta_info_insert_finish() fails, we currently keep the station around and free it only in the caller, but there's only one such caller and it always frees it immediately. As syzbot found, another consequence of this split is that we can put things that sleep only into __cleanup_single_sta() and not in sta_info_free(), but this is the only place that requires such of sta_info_free() now. Change this to free the station in sta_info_insert_finish(), in which case we can still sleep. This will also let us unify the cleanup code later. Cc: stable@vger.kernel.org Fixes: dcd479e10a05 ("mac80211: always wind down STA state") Reported-by: syzbot+32c6c38c4812d22f2f0b@syzkaller.appspotmail.com Reported-by: syzbot+4c81fe92e372d26c4246@syzkaller.appspotmail.com Reported-by: syzbot+6a7fe9faf0d1d61bc24a@syzkaller.appspotmail.com Reported-by: syzbot+abed06851c5ffe010921@syzkaller.appspotmail.com Reported-by: syzbot+b7aeb9318541a1c709f1@syzkaller.appspotmail.com Reported-by: syzbot+d5a9416c6cafe53b5dd0@syzkaller.appspotmail.com Link: https://lore.kernel.org/r/20201112112201.ee6b397b9453.I9c31d667a0ea2151441cc64ed6613d36c18a48e0@changeid Signed-off-by: Johannes Berg Signed-off-by: Greg Kroah-Hartman net/mac80211/sta_info.c | 14 ++++---------- 1 file changed, 4 insertions(+), 10 deletions(-) culprit signature: d3874f17288a4218f211034494ae9c5ada423466ff247201f45894ca2c952783 parent signature: 55d893b8fb0b9496143b2caafc31175337f7eec9fe1d6714554b494740c66559 Reproducer flagged being flaky revisions tested: 9, total time: 2h51m4.657834289s (build: 1h15m10.885930793s, test: 1h34m47.235022014s) first good commit: 89ab6b90b7d92d0e561fed063baac6e6b287bc84 mac80211: free sta in sta_info_insert_finish() on errors recipients (to): ["davem@davemloft.net" "gregkh@linuxfoundation.org" "johannes.berg@intel.com" "johannes@sipsolutions.net" "linux-wireless@vger.kernel.org" "netdev@vger.kernel.org"] recipients (cc): ["linux-kernel@vger.kernel.org"]