bisecting cause commit starting from bcd684aace34fedbd473fbd9b21ed06b0c2d2212 building syzkaller on 5050311712ecf43945d306df4653fc28da89fb43 testing commit bcd684aace34fedbd473fbd9b21ed06b0c2d2212 with gcc (GCC) 8.1.0 kernel signature: 270823efcabc33991b24781c1330b17fb6e7d634e4477d7bce0cda893c41b721 all runs: crashed: BUG: unable to handle kernel paging request in htab_map_alloc testing release v5.9 testing commit bbf5c979011a099af5dc76498918ed7df445635b with gcc (GCC) 8.1.0 kernel signature: ae997c81c8480492441e712d3c127e3da959156d4e937c464609e101fa84e28c all runs: OK # git bisect start bcd684aace34fedbd473fbd9b21ed06b0c2d2212 bbf5c979011a099af5dc76498918ed7df445635b Bisecting: 7895 revisions left to test after this (roughly 13 steps) [9ff9b0d392ea08090cd1780fb196f36dbb586529] Merge tag 'net-next-5.10' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next testing commit 9ff9b0d392ea08090cd1780fb196f36dbb586529 with gcc (GCC) 8.1.0 kernel signature: 5bd4bd308100f23687c473ea4c0a2ff448de9f81220b1082a3ae623809bbc5a3 all runs: OK # git bisect good 9ff9b0d392ea08090cd1780fb196f36dbb586529 Bisecting: 3937 revisions left to test after this (roughly 12 steps) [e533cda12d8f0e7936354bafdc85c81741f805d2] Merge tag 'armsoc-dt' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc testing commit e533cda12d8f0e7936354bafdc85c81741f805d2 with gcc (GCC) 8.1.0 kernel signature: 891f88128917d7a0933492816761b4642621c40248483973cc1036b0060aa27f all runs: OK # git bisect good e533cda12d8f0e7936354bafdc85c81741f805d2 Bisecting: 1968 revisions left to test after this (roughly 11 steps) [5929dd876bf2aa34a3071e085a60946a9ce0ab79] Merge tag 'exynos-drm-fixes-for-v5.10-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/daeinki/drm-exynos into drm-fixes testing commit 5929dd876bf2aa34a3071e085a60946a9ce0ab79 with gcc (GCC) 8.1.0 kernel signature: f69618801efefea457e2f10ad84f97e8b5544b103f4763c1c4abbf44c9b9f812 all runs: OK # git bisect good 5929dd876bf2aa34a3071e085a60946a9ce0ab79 Bisecting: 986 revisions left to test after this (roughly 10 steps) [6375da9dac8bec05a022f22ab22300cc824ec268] Merge branch 'tipc-some-minor-improvements' testing commit 6375da9dac8bec05a022f22ab22300cc824ec268 with gcc (GCC) 8.1.0 kernel signature: dbad49f1935cf0ba56802376d1acf18649611f68b8afe2360bec72bccfc809b8 all runs: OK # git bisect good 6375da9dac8bec05a022f22ab22300cc824ec268 Bisecting: 488 revisions left to test after this (roughly 9 steps) [bbe2ba04c5a92a49db8a42c850a5a2f6481e47eb] Merge tag 'net-5.10-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net testing commit bbe2ba04c5a92a49db8a42c850a5a2f6481e47eb with gcc (GCC) 8.1.0 kernel signature: 8e03b3a98f93dcac56e744bcd5fe7d1f17e06f49c080e129542550add64e9780 all runs: OK # git bisect good bbe2ba04c5a92a49db8a42c850a5a2f6481e47eb Bisecting: 207 revisions left to test after this (roughly 8 steps) [a1dd1d86973182458da7798a95f26cfcbea599b4] Merge https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next testing commit a1dd1d86973182458da7798a95f26cfcbea599b4 with gcc (GCC) 8.1.0 kernel signature: 867d7f30eaf71dfd68a19253af414ce8729e761aa05a0b7062b9fa55a766ac3e all runs: crashed: BUG: unable to handle kernel paging request in htab_map_alloc # git bisect bad a1dd1d86973182458da7798a95f26cfcbea599b4 Bisecting: 140 revisions left to test after this (roughly 7 steps) [36d076201bd467d6bd22ba14e56e457d55e32be7] dt-bindings: net: nfc: s3fwrn5: Support a UART interface testing commit 36d076201bd467d6bd22ba14e56e457d55e32be7 with gcc (GCC) 8.1.0 kernel signature: 271ce551c10596424da32a4f8d5e0d88b4938cd17ef4d681b92be1d1c1f3c0e0 all runs: OK # git bisect good 36d076201bd467d6bd22ba14e56e457d55e32be7 Bisecting: 70 revisions left to test after this (roughly 6 steps) [e9aae8beba825e4670463ddcf420b954f18d5ced] bpf: Memcg-based memory accounting for bpf local storage maps testing commit e9aae8beba825e4670463ddcf420b954f18d5ced with gcc (GCC) 8.1.0 kernel signature: 3b7177cab94f8f0ddf3bd09160434f4af291ef39625cda1b0af1480f01e08e7a run #0: crashed: BUG: sleeping function called from invalid context in sta_info_move_state run #1: crashed: BUG: sleeping function called from invalid context in sta_info_move_state run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK reproducer seems to be flaky # git bisect bad e9aae8beba825e4670463ddcf420b954f18d5ced Bisecting: 34 revisions left to test after this (roughly 5 steps) [ceb5dea5654354fb4e6e393c99f1d0bf4debab0e] samples: bpf: Remove bpf_load loader completely testing commit ceb5dea5654354fb4e6e393c99f1d0bf4debab0e with gcc (GCC) 8.1.0 kernel signature: ffb2ad7eff131f090cc535b548a6fb8b651c9c8e82d1e77232fc4cbac7d08a71 run #0: basic kernel testing failed: BUG: sleeping function called from invalid context in sta_info_move_state run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect good ceb5dea5654354fb4e6e393c99f1d0bf4debab0e Bisecting: 17 revisions left to test after this (roughly 4 steps) [a999696c547f1a8ef2ddbb9b0e77abc3f6db4ff1] selftests/bpf: Rewrite test_sock_addr bind bpf into C testing commit a999696c547f1a8ef2ddbb9b0e77abc3f6db4ff1 with gcc (GCC) 8.1.0 kernel signature: 7e065444dca3efd7f18d93e46f3945ed6700a5aa8f8d64861c0799684da437a8 run #0: basic kernel testing failed: BUG: sleeping function called from invalid context in sta_info_move_state run #1: basic kernel testing failed: BUG: sleeping function called from invalid context in sta_info_move_state run #2: crashed: BUG: sleeping function called from invalid context in sta_info_move_state run #3: crashed: BUG: sleeping function called from invalid context in sta_info_move_state run #4: crashed: BUG: sleeping function called from invalid context in sta_info_move_state run #5: crashed: BUG: sleeping function called from invalid context in sta_info_move_state run #6: OK run #7: OK run #8: OK run #9: OK # git bisect bad a999696c547f1a8ef2ddbb9b0e77abc3f6db4ff1 Bisecting: 8 revisions left to test after this (roughly 3 steps) [e392081837283fbe5df1837fd85012ae5bfae098] xsk: Check need wakeup flag in sendmsg() testing commit e392081837283fbe5df1837fd85012ae5bfae098 with gcc (GCC) 8.1.0 kernel signature: 5eaf15776b1d862b9db88d70924af5109448e5ff8e48ef0b573bd58d159ba32f run #0: crashed: BUG: sleeping function called from invalid context in sta_info_move_state run #1: crashed: BUG: sleeping function called from invalid context in sta_info_move_state run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect bad e392081837283fbe5df1837fd85012ae5bfae098 Bisecting: 3 revisions left to test after this (roughly 2 steps) [854055c0cf30d732b3514ce7956976f60496b1a1] selftests/bpf: Fix flavored variants of test_ima testing commit 854055c0cf30d732b3514ce7956976f60496b1a1 with gcc (GCC) 8.1.0 kernel signature: 811a9aba618b13f64c4a052e22f4aaefd7737d645e815bcd1a2e2a2c3a614e47 run #0: basic kernel testing failed: BUG: sleeping function called from invalid context in sta_info_move_state run #1: basic kernel testing failed: BUG: sleeping function called from invalid context in sta_info_move_state run #2: crashed: BUG: sleeping function called from invalid context in sta_info_move_state run #3: crashed: BUG: sleeping function called from invalid context in sta_info_move_state run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect bad 854055c0cf30d732b3514ce7956976f60496b1a1 Bisecting: 1 revision left to test after this (roughly 1 step) [105c4e75feb411a60f5089f7a1e68b8523f986cc] libbpf: Replace size_t with __u32 in xsk interfaces testing commit 105c4e75feb411a60f5089f7a1e68b8523f986cc with gcc (GCC) 8.1.0 kernel signature: ffb2ad7eff131f090cc535b548a6fb8b651c9c8e82d1e77232fc4cbac7d08a71 run #0: crashed: BUG: sleeping function called from invalid context in sta_info_move_state run #1: crashed: BUG: sleeping function called from invalid context in sta_info_move_state run #2: crashed: BUG: sleeping function called from invalid context in sta_info_move_state run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect bad 105c4e75feb411a60f5089f7a1e68b8523f986cc Bisecting: 0 revisions left to test after this (roughly 0 steps) [830382e4ccb5e5d9164fcd28854238ef5f5a1751] Merge branch 'bpf: remove bpf_load loader completely' testing commit 830382e4ccb5e5d9164fcd28854238ef5f5a1751 with gcc (GCC) 8.1.0 kernel signature: ffb2ad7eff131f090cc535b548a6fb8b651c9c8e82d1e77232fc4cbac7d08a71 run #0: crashed: BUG: sleeping function called from invalid context in sta_info_move_state run #1: crashed: BUG: sleeping function called from invalid context in sta_info_move_state run #2: crashed: BUG: sleeping function called from invalid context in sta_info_move_state run #3: crashed: BUG: sleeping function called from invalid context in sta_info_move_state run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect bad 830382e4ccb5e5d9164fcd28854238ef5f5a1751 830382e4ccb5e5d9164fcd28854238ef5f5a1751 is the first bad commit commit 830382e4ccb5e5d9164fcd28854238ef5f5a1751 Merge: fb3558127cb6 ceb5dea56543 Author: Andrii Nakryiko Date: Thu Nov 26 19:33:36 2020 -0800 Merge branch 'bpf: remove bpf_load loader completely' "Daniel T. says: ==================== Numerous refactoring that rewrites BPF programs written with bpf_load to use the libbpf loader was finally completed, resulting in BPF programs using bpf_load within the kernel being completely no longer present. This patchset refactors remaining bpf programs with libbpf and completely removes bpf_load, an outdated bpf loader that is difficult to keep up with the latest kernel BPF and causes confusion. Changes in v2: - drop 'move tracing helpers to trace_helper' patch - add link pinning to prevent cleaning up on process exit - add static at global variable and remove unused variable - change to destroy link even after link__pin() - fix return error code on exit - merge commit with changing Makefile Changes in v3: - cleanup bpf_link, bpf_object and cgroup fd both on success and error ==================== Signed-off-by: Andrii Nakryiko samples/bpf/.gitignore | 3 + samples/bpf/Makefile | 20 +- samples/bpf/bpf_load.c | 667 --------------------------------------- samples/bpf/bpf_load.h | 57 ---- samples/bpf/do_hbm_test.sh | 32 +- samples/bpf/hbm.c | 111 ++++--- samples/bpf/hbm_kern.h | 2 +- samples/bpf/ibumad_kern.c | 26 +- samples/bpf/ibumad_user.c | 71 ++++- samples/bpf/lwt_len_hist.sh | 2 + samples/bpf/task_fd_query_user.c | 101 ++++-- samples/bpf/test_cgrp2_sock2.c | 61 +++- samples/bpf/test_cgrp2_sock2.sh | 21 +- samples/bpf/test_lwt_bpf.sh | 0 samples/bpf/test_overhead_user.c | 82 +++-- samples/bpf/xdp2skb_meta_kern.c | 2 +- 16 files changed, 350 insertions(+), 908 deletions(-) delete mode 100644 samples/bpf/bpf_load.c delete mode 100644 samples/bpf/bpf_load.h mode change 100644 => 100755 samples/bpf/lwt_len_hist.sh mode change 100644 => 100755 samples/bpf/test_lwt_bpf.sh Reproducer flagged being flaky revisions tested: 16, total time: 3h52m26.779354448s (build: 1h14m45.399421975s, test: 2h34m11.611167368s) first bad commit: 830382e4ccb5e5d9164fcd28854238ef5f5a1751 Merge branch 'bpf: remove bpf_load loader completely' recipients (to): ["andrii@kernel.org"] recipients (cc): ["andriin@fb.com" "ast@kernel.org" "bpf@vger.kernel.org" "daniel@iogearbox.net" "john.fastabend@gmail.com" "kafai@fb.com" "kpsingh@chromium.org" "netdev@vger.kernel.org" "songliubraving@fb.com" "yhs@fb.com"] crash: BUG: sleeping function called from invalid context in sta_info_move_state BUG: sleeping function called from invalid context at net/mac80211/sta_info.c:1962 in_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 419, name: kworker/u4:4 4 locks held by kworker/u4:4/419: #0: ffff88811e7fb938 ((wq_completion)phy15){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:615 [inline] #0: ffff88811e7fb938 ((wq_completion)phy15){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:643 [inline] #0: ffff88811e7fb938 ((wq_completion)phy15){+.+.}-{0:0}, at: process_one_work+0x1e6/0x600 kernel/workqueue.c:2243 #1: ffffc9000191be70 ((work_completion)(&sdata->work)){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:615 [inline] #1: ffffc9000191be70 ((work_completion)(&sdata->work)){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:643 [inline] #1: ffffc9000191be70 ((work_completion)(&sdata->work)){+.+.}-{0:0}, at: process_one_work+0x1e6/0x600 kernel/workqueue.c:2243 #2: ffff88811e13cd00 (&wdev->mtx){+.+.}-{3:3}, at: sdata_lock net/mac80211/ieee80211_i.h:1015 [inline] #2: ffff88811e13cd00 (&wdev->mtx){+.+.}-{3:3}, at: ieee80211_ibss_work+0x36/0x420 net/mac80211/ibss.c:1683 #3: ffffffff84bf1e40 (rcu_read_lock){....}-{1:2}, at: sta_info_insert_finish net/mac80211/sta_info.c:644 [inline] #3: ffffffff84bf1e40 (rcu_read_lock){....}-{1:2}, at: sta_info_insert_rcu+0x1c2/0xde0 net/mac80211/sta_info.c:732 Preemption disabled at: [] __mutex_lock_common kernel/locking/mutex.c:955 [inline] [] __mutex_lock+0x70/0x9f0 kernel/locking/mutex.c:1103 CPU: 0 PID: 419 Comm: kworker/u4:4 Not tainted 5.10.0-rc3-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: phy15 ieee80211_iface_work Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x77/0x97 lib/dump_stack.c:118 ___might_sleep.cold.110+0xf2/0x106 kernel/sched/core.c:7298 sta_info_move_state+0x1a/0x2b0 net/mac80211/sta_info.c:1962 sta_info_free+0x11/0xd0 net/mac80211/sta_info.c:274 sta_info_insert_rcu+0xd4/0xde0 net/mac80211/sta_info.c:738 ieee80211_ibss_finish_sta+0x9e/0x120 net/mac80211/ibss.c:592 ieee80211_ibss_work+0x10a/0x420 net/mac80211/ibss.c:1700 process_one_work+0x273/0x600 kernel/workqueue.c:2272 worker_thread+0x38/0x380 kernel/workqueue.c:2418 kthread+0x144/0x170 kernel/kthread.c:292 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:296 ============================= [ BUG: Invalid wait context ] 5.10.0-rc3-syzkaller #0 Tainted: G W ----------------------------- kworker/u4:4/419 is trying to lock: ffff88811f80a9d0 (&local->chanctx_mtx){+.+.}-{3:3}, at: ieee80211_recalc_min_chandef+0x1f/0x90 net/mac80211/util.c:2741 other info that might help us debug this: context-{4:4} 4 locks held by kworker/u4:4/419: #0: ffff88811e7fb938 ((wq_completion)phy15){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:615 [inline] #0: ffff88811e7fb938 ((wq_completion)phy15){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:643 [inline] #0: ffff88811e7fb938 ((wq_completion)phy15){+.+.}-{0:0}, at: process_one_work+0x1e6/0x600 kernel/workqueue.c:2243 #1: ffffc9000191be70 ((work_completion)(&sdata->work)){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:615 [inline] #1: ffffc9000191be70 ((work_completion)(&sdata->work)){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:643 [inline] #1: ffffc9000191be70 ((work_completion)(&sdata->work)){+.+.}-{0:0}, at: process_one_work+0x1e6/0x600 kernel/workqueue.c:2243 #2: ffff88811e13cd00 (&wdev->mtx){+.+.}-{3:3}, at: sdata_lock net/mac80211/ieee80211_i.h:1015 [inline] #2: ffff88811e13cd00 (&wdev->mtx){+.+.}-{3:3}, at: ieee80211_ibss_work+0x36/0x420 net/mac80211/ibss.c:1683 #3: ffffffff84bf1e40 (rcu_read_lock){....}-{1:2}, at: sta_info_insert_finish net/mac80211/sta_info.c:644 [inline] #3: ffffffff84bf1e40 (rcu_read_lock){....}-{1:2}, at: sta_info_insert_rcu+0x1c2/0xde0 net/mac80211/sta_info.c:732 stack backtrace: CPU: 0 PID: 419 Comm: kworker/u4:4 Tainted: G W 5.10.0-rc3-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: phy15 ieee80211_iface_work Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x77/0x97 lib/dump_stack.c:118 print_lock_invalid_wait_context kernel/locking/lockdep.c:4483 [inline] check_wait_context kernel/locking/lockdep.c:4544 [inline] __lock_acquire.cold.73+0x160/0x2be kernel/locking/lockdep.c:4781 lock_acquire+0xd0/0x3d0 kernel/locking/lockdep.c:5436 __mutex_lock_common kernel/locking/mutex.c:956 [inline] __mutex_lock+0x94/0x9f0 kernel/locking/mutex.c:1103 ieee80211_recalc_min_chandef+0x1f/0x90 net/mac80211/util.c:2741 sta_info_move_state+0x140/0x2b0 net/mac80211/sta_info.c:2019 sta_info_free+0x11/0xd0 net/mac80211/sta_info.c:274 sta_info_insert_rcu+0xd4/0xde0 net/mac80211/sta_info.c:738 ieee80211_ibss_finish_sta+0x9e/0x120 net/mac80211/ibss.c:592 ieee80211_ibss_work+0x10a/0x420 net/mac80211/ibss.c:1700 process_one_work+0x273/0x600 kernel/workqueue.c:2272 worker_thread+0x38/0x380 kernel/workqueue.c:2418 kthread+0x144/0x170 kernel/kthread.c:292 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:296