bisecting cause commit starting from 7c8ca8129ee9724cb1527895fe6dec942ef07f19
building syzkaller on bd2a760b69f2df56a20577ba8c0665105766f3bd
testing commit 7c8ca8129ee9724cb1527895fe6dec942ef07f19 with gcc (GCC) 8.1.0
kernel signature: 93ebc89aa22096de38b049c5e1948e8c813b69e7504718df766a7260a515d232
all runs: crashed: WARNING in mptcp_reset_timer
testing release v5.9
testing commit bbf5c979011a099af5dc76498918ed7df445635b with gcc (GCC) 8.1.0
kernel signature: a82b63d060ceb014a456a27cdef2f1ec1d15fc82de1427bc4784201d6479e67b
all runs: OK
# git bisect start 7c8ca8129ee9724cb1527895fe6dec942ef07f19 bbf5c979011a099af5dc76498918ed7df445635b
Bisecting: 11201 revisions left to test after this (roughly 14 steps)
[49dc6fbce33011733601e4e81c551e066f1682fc] Merge tag 'kgdb-5.10-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/danielt/linux
testing commit 49dc6fbce33011733601e4e81c551e066f1682fc with gcc (GCC) 8.1.0
kernel signature: ce8ea1b7ea31644fcf1ba40afc1ed247f9ed23bf439675cc41a5152ef6bdbe39
all runs: OK
# git bisect good 49dc6fbce33011733601e4e81c551e066f1682fc
Bisecting: 5600 revisions left to test after this (roughly 13 steps)
[bd644f61c7323181eaf72855baa4ec76ad15d7a3] Merge remote-tracking branch 'mvebu/for-next' into master
testing commit bd644f61c7323181eaf72855baa4ec76ad15d7a3 with gcc (GCC) 8.1.0
kernel signature: 1b3b1d26d071d3ddc02d0220e201f851d00d9c6af257eaf78e8d6fb467107399
all runs: OK
# git bisect good bd644f61c7323181eaf72855baa4ec76ad15d7a3
Bisecting: 2377 revisions left to test after this (roughly 12 steps)
[f777d84e1bdfd1d4068394947a8e1bf35ff91850] Merge remote-tracking branch 'drm/drm-next' into master
testing commit f777d84e1bdfd1d4068394947a8e1bf35ff91850 with gcc (GCC) 8.1.0
kernel signature: 8aac4d98967aea2b6824372c6bb362cf80d1d9de5e1e79a17427171068bb48fd
all runs: crashed: WARNING in mptcp_reset_timer
# git bisect bad f777d84e1bdfd1d4068394947a8e1bf35ff91850
Bisecting: 1308 revisions left to test after this (roughly 11 steps)
[93a41f6db91267bc3b274ac91fe3211e07e29e85] Merge remote-tracking branch 'net-next/master' into master
testing commit 93a41f6db91267bc3b274ac91fe3211e07e29e85 with gcc (GCC) 8.1.0
kernel signature: cc6eca424ee53adcbaebc5237f757d862c16a4a606e4e150dfa5e8f3740ff085
all runs: crashed: WARNING in mptcp_reset_timer
# git bisect bad 93a41f6db91267bc3b274ac91fe3211e07e29e85
Bisecting: 1002 revisions left to test after this (roughly 10 steps)
[85d6af6ad0b73d51d39370725e3a50aaed19146a] Merge remote-tracking branch 'jc_docs/docs-next' into master
testing commit 85d6af6ad0b73d51d39370725e3a50aaed19146a with gcc (GCC) 8.1.0
kernel signature: ba3f2858508b86bcb234fb53c62182889b1949735d0c8e1784ace4c15bc05e25
all runs: OK
# git bisect good 85d6af6ad0b73d51d39370725e3a50aaed19146a
Bisecting: 494 revisions left to test after this (roughly 9 steps)
[f8fd36b95ee4eb90846b5a61061e4bc4d890f021] Merge tag 'mac80211-next-for-net-next-2020-11-13' of git://git.kernel.org/pub/scm/linux/kernel/git/jberg/mac80211-next
testing commit f8fd36b95ee4eb90846b5a61061e4bc4d890f021 with gcc (GCC) 8.1.0
kernel signature: dfba29d608fd8b6175c2f445a4fcd46014b958026afbe79e23970ad5f89d3fde
run #0: basic kernel testing failed: BUG: sleeping function called from invalid context in sta_info_move_state
run #1: basic kernel testing failed: BUG: sleeping function called from invalid context in sta_info_move_state
run #2: OK
run #3: OK
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
# git bisect good f8fd36b95ee4eb90846b5a61061e4bc4d890f021
Bisecting: 252 revisions left to test after this (roughly 8 steps)
[f8aa5f2452e244ab81d77410c06bc01f7b6c30fe] Merge remote-tracking branch 'devfreq/devfreq-next' into master
testing commit f8aa5f2452e244ab81d77410c06bc01f7b6c30fe with gcc (GCC) 8.1.0
kernel signature: b47f675ab62eb1f553ccec64ade779e2c13a382d390b9ee531e0683dda56c828
all runs: OK
# git bisect good f8aa5f2452e244ab81d77410c06bc01f7b6c30fe
Bisecting: 126 revisions left to test after this (roughly 7 steps)
[9ed2b4d28795948303e516edbdd73e4265bdfc73] mlxsw: spectrum_router: Consolidate mlxsw_sp_nexthop{4, 6}_type_fini()
testing commit 9ed2b4d28795948303e516edbdd73e4265bdfc73 with gcc (GCC) 8.1.0
kernel signature: b4c2d0e5c2082f84c3d3b7a4af789063dbb8c156e60f2096879e926c4af0b4aa
run #0: crashed: BUG: sleeping function called from invalid context in sta_info_move_state
run #1: crashed: BUG: sleeping function called from invalid context in sta_info_move_state
run #2: OK
run #3: OK
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
reproducer seems to be flaky
# git bisect bad 9ed2b4d28795948303e516edbdd73e4265bdfc73
Bisecting: 62 revisions left to test after this (roughly 6 steps)
[9e838b02b0bb795793f12049307a354e28b5749c] bpf: Folding omem_charge() into sk_storage_charge()
testing commit 9e838b02b0bb795793f12049307a354e28b5749c with gcc (GCC) 8.1.0
kernel signature: 0754db3ecac5713a2d783381e267b6801f133b738eb5a5c23830289f2bfb6881
all runs: OK
# git bisect good 9e838b02b0bb795793f12049307a354e28b5749c
Bisecting: 30 revisions left to test after this (roughly 5 steps)
[07cbce2e466cabb46b7c2317bd456584aa4ceacc] Merge git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next
testing commit 07cbce2e466cabb46b7c2317bd456584aa4ceacc with gcc (GCC) 8.1.0
kernel signature: 9a779d1fe2a00e62fd2adfeeed5744122c9ceba319cd62698b47b5a5205b0cac
run #0: basic kernel testing failed: BUG: sleeping function called from invalid context in sta_info_move_state
run #1: crashed: BUG: sleeping function called from invalid context in sta_info_move_state
run #2: crashed: BUG: sleeping function called from invalid context in sta_info_move_state
run #3: OK
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
# git bisect bad 07cbce2e466cabb46b7c2317bd456584aa4ceacc
Bisecting: 15 revisions left to test after this (roughly 4 steps)
[95f3c5458dfa5856bb110e31d156e00d894d0134] r8169: use READ_ONCE in rtl_tx_slots_avail
testing commit 95f3c5458dfa5856bb110e31d156e00d894d0134 with gcc (GCC) 8.1.0
kernel signature: 386b9705eb39422cb41071e3141652b5ec3bbedb4baaff5f85e50e2674a43da0
run #0: basic kernel testing failed: BUG: sleeping function called from invalid context in sta_info_move_state
run #1: basic kernel testing failed: BUG: sleeping function called from invalid context in sta_info_move_state
run #2: OK
run #3: OK
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
# git bisect good 95f3c5458dfa5856bb110e31d156e00d894d0134
Bisecting: 7 revisions left to test after this (roughly 3 steps)
[7886244736a4dbb49987f330772842130493e050] net: page_pool: Add bulk support for ptr_ring
testing commit 7886244736a4dbb49987f330772842130493e050 with gcc (GCC) 8.1.0
kernel signature: f172e9e666417a9a195d97edd6bcc1c3db2531559eff3da57e8cffdb8788f86a
all runs: OK
# git bisect good 7886244736a4dbb49987f330772842130493e050
Bisecting: 3 revisions left to test after this (roughly 2 steps)
[c14d61fca0d10498bf267c0ab1f381dd0b35d96b] Merge branch 'xdp-redirect-bulk'
testing commit c14d61fca0d10498bf267c0ab1f381dd0b35d96b with gcc (GCC) 8.1.0
kernel signature: f172e9e666417a9a195d97edd6bcc1c3db2531559eff3da57e8cffdb8788f86a
all runs: OK
# git bisect good c14d61fca0d10498bf267c0ab1f381dd0b35d96b
Bisecting: 1 revision left to test after this (roughly 1 step)
[bb3222f71b57caa2ba80db2dce4677f84ba4bd37] net: stmmac: platform: use optional clk/reset get APIs
testing commit bb3222f71b57caa2ba80db2dce4677f84ba4bd37 with gcc (GCC) 8.1.0
kernel signature: 386b9705eb39422cb41071e3141652b5ec3bbedb4baaff5f85e50e2674a43da0
run #0: basic kernel testing failed: BUG: sleeping function called from invalid context in sta_info_move_state
run #1: crashed: BUG: sleeping function called from invalid context in sta_info_move_state
run #2: crashed: BUG: sleeping function called from invalid context in sta_info_move_state
run #3: crashed: BUG: sleeping function called from invalid context in sta_info_move_state
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
# git bisect bad bb3222f71b57caa2ba80db2dce4677f84ba4bd37
Bisecting: 0 revisions left to test after this (roughly 0 steps)
[ca1ab89cd2d654661f559bd83ad9fc7323cb6c86] r8169: improve rtl_tx
testing commit ca1ab89cd2d654661f559bd83ad9fc7323cb6c86 with gcc (GCC) 8.1.0
kernel signature: 386b9705eb39422cb41071e3141652b5ec3bbedb4baaff5f85e50e2674a43da0
run #0: basic kernel testing failed: BUG: sleeping function called from invalid context in sta_info_move_state
run #1: crashed: BUG: sleeping function called from invalid context in sta_info_move_state
run #2: crashed: BUG: sleeping function called from invalid context in sta_info_move_state
run #3: crashed: BUG: sleeping function called from invalid context in sta_info_move_state
run #4: crashed: BUG: sleeping function called from invalid context in sta_info_move_state
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
# git bisect bad ca1ab89cd2d654661f559bd83ad9fc7323cb6c86
ca1ab89cd2d654661f559bd83ad9fc7323cb6c86 is the first bad commit
commit ca1ab89cd2d654661f559bd83ad9fc7323cb6c86
Author: Heiner Kallweit <hkallweit1@gmail.com>
Date:   Wed Nov 11 22:56:29 2020 +0100

    r8169: improve rtl_tx
    
    We can simplify the for() condition and eliminate variable tx_left.
    The change also considers that tp->cur_tx may be incremented by a
    racing rtl8169_start_xmit().
    In addition replace the write to tp->dirty_tx and the following
    smp_mb() with an equivalent call to smp_store_mb(). This implicitly
    adds a WRITE_ONCE() to the write.
    
    Signed-off-by: Heiner Kallweit <hkallweit1@gmail.com>
    Link: https://lore.kernel.org/r/c2e19e5e-3d3f-d663-af32-13c3374f5def@gmail.com
    Signed-off-by: Jakub Kicinski <kuba@kernel.org>

 drivers/net/ethernet/realtek/r8169_main.c | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)
culprit signature: 386b9705eb39422cb41071e3141652b5ec3bbedb4baaff5f85e50e2674a43da0
parent  signature: 386b9705eb39422cb41071e3141652b5ec3bbedb4baaff5f85e50e2674a43da0
Reproducer flagged being flaky
revisions tested: 17, total time: 3h57m49.866286519s (build: 1h19m3.61616933s, test: 2h36m49.304601155s)
first bad commit: ca1ab89cd2d654661f559bd83ad9fc7323cb6c86 r8169: improve rtl_tx
recipients (to): ["davem@davemloft.net" "hkallweit1@gmail.com" "hkallweit1@gmail.com" "kuba@kernel.org" "kuba@kernel.org" "netdev@vger.kernel.org" "nic_swsd@realtek.com"]
recipients (cc): ["linux-kernel@vger.kernel.org"]
crash: BUG: sleeping function called from invalid context in sta_info_move_state
wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
BUG: sleeping function called from invalid context at net/mac80211/sta_info.c:1962
in_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 774, name: kworker/u4:5
4 locks held by kworker/u4:5/774:
 #0: ffff88811f3f7538 ((wq_completion)phy11){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:615 [inline]
 #0: ffff88811f3f7538 ((wq_completion)phy11){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:643 [inline]
 #0: ffff88811f3f7538 ((wq_completion)phy11){+.+.}-{0:0}, at: process_one_work+0x1e6/0x600 kernel/workqueue.c:2243
 #1: ffffc90002413e70 ((work_completion)(&sdata->work)){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:615 [inline]
 #1: ffffc90002413e70 ((work_completion)(&sdata->work)){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:643 [inline]
 #1: ffffc90002413e70 ((work_completion)(&sdata->work)){+.+.}-{0:0}, at: process_one_work+0x1e6/0x600 kernel/workqueue.c:2243
 #2: ffff8881200acd00 (&wdev->mtx){+.+.}-{3:3}, at: sdata_lock net/mac80211/ieee80211_i.h:1015 [inline]
 #2: ffff8881200acd00 (&wdev->mtx){+.+.}-{3:3}, at: ieee80211_ibss_work+0x36/0x420 net/mac80211/ibss.c:1683
 #3: ffffffff84bf1e40 (rcu_read_lock){....}-{1:2}, at: sta_info_insert_finish net/mac80211/sta_info.c:644 [inline]
 #3: ffffffff84bf1e40 (rcu_read_lock){....}-{1:2}, at: sta_info_insert_rcu+0x1c2/0xde0 net/mac80211/sta_info.c:732
Preemption disabled at:
[<ffffffff835f6ab0>] __mutex_lock_common kernel/locking/mutex.c:955 [inline]
[<ffffffff835f6ab0>] __mutex_lock+0x70/0x9f0 kernel/locking/mutex.c:1103
CPU: 1 PID: 774 Comm: kworker/u4:5 Not tainted 5.10.0-rc3-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: phy11 ieee80211_iface_work
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x77/0x97 lib/dump_stack.c:118
 ___might_sleep.cold.110+0xf2/0x106 kernel/sched/core.c:7298
 sta_info_move_state+0x1a/0x2b0 net/mac80211/sta_info.c:1962
 sta_info_free+0x11/0xd0 net/mac80211/sta_info.c:274
 sta_info_insert_rcu+0xd4/0xde0 net/mac80211/sta_info.c:738
 ieee80211_ibss_finish_sta+0x9e/0x120 net/mac80211/ibss.c:592
 ieee80211_ibss_work+0x10a/0x420 net/mac80211/ibss.c:1700
 process_one_work+0x273/0x600 kernel/workqueue.c:2272
 worker_thread+0x38/0x380 kernel/workqueue.c:2418
 kthread+0x144/0x170 kernel/kthread.c:292
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:296

=============================
[ BUG: Invalid wait context ]
5.10.0-rc3-syzkaller #0 Tainted: G        W        
-----------------------------
kworker/u4:5/774 is trying to lock:
ffff88811f84a9d0 (&local->chanctx_mtx){+.+.}-{3:3}, at: ieee80211_recalc_min_chandef+0x1f/0x90 net/mac80211/util.c:2741
other info that might help us debug this:
context-{4:4}
4 locks held by kworker/u4:5/774:
 #0: ffff88811f3f7538 ((wq_completion)phy11){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:615 [inline]
 #0: ffff88811f3f7538 ((wq_completion)phy11){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:643 [inline]
 #0: ffff88811f3f7538 ((wq_completion)phy11){+.+.}-{0:0}, at: process_one_work+0x1e6/0x600 kernel/workqueue.c:2243
 #1: ffffc90002413e70 ((work_completion)(&sdata->work)){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:615 [inline]
 #1: ffffc90002413e70 ((work_completion)(&sdata->work)){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:643 [inline]
 #1: ffffc90002413e70 ((work_completion)(&sdata->work)){+.+.}-{0:0}, at: process_one_work+0x1e6/0x600 kernel/workqueue.c:2243
 #2: ffff8881200acd00 (&wdev->mtx){+.+.}-{3:3}, at: sdata_lock net/mac80211/ieee80211_i.h:1015 [inline]
 #2: ffff8881200acd00 (&wdev->mtx){+.+.}-{3:3}, at: ieee80211_ibss_work+0x36/0x420 net/mac80211/ibss.c:1683
 #3: ffffffff84bf1e40 (rcu_read_lock){....}-{1:2}, at: sta_info_insert_finish net/mac80211/sta_info.c:644 [inline]
 #3: ffffffff84bf1e40 (rcu_read_lock){....}-{1:2}, at: sta_info_insert_rcu+0x1c2/0xde0 net/mac80211/sta_info.c:732
stack backtrace:
CPU: 1 PID: 774 Comm: kworker/u4:5 Tainted: G        W         5.10.0-rc3-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: phy11 ieee80211_iface_work
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x77/0x97 lib/dump_stack.c:118
 print_lock_invalid_wait_context kernel/locking/lockdep.c:4483 [inline]
 check_wait_context kernel/locking/lockdep.c:4544 [inline]
 __lock_acquire.cold.73+0x160/0x2be kernel/locking/lockdep.c:4781
 lock_acquire+0xd0/0x3d0 kernel/locking/lockdep.c:5436
 __mutex_lock_common kernel/locking/mutex.c:956 [inline]
 __mutex_lock+0x94/0x9f0 kernel/locking/mutex.c:1103
 ieee80211_recalc_min_chandef+0x1f/0x90 net/mac80211/util.c:2741
 sta_info_move_state+0x140/0x2b0 net/mac80211/sta_info.c:2019
 sta_info_free+0x11/0xd0 net/mac80211/sta_info.c:274
 sta_info_insert_rcu+0xd4/0xde0 net/mac80211/sta_info.c:738
 ieee80211_ibss_finish_sta+0x9e/0x120 net/mac80211/ibss.c:592
 ieee80211_ibss_work+0x10a/0x420 net/mac80211/ibss.c:1700
 process_one_work+0x273/0x600 kernel/workqueue.c:2272
 worker_thread+0x38/0x380 kernel/workqueue.c:2418
 kthread+0x144/0x170 kernel/kthread.c:292
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:296