bisecting cause commit starting from 034307507118f7e1b18f8403c85af2216da2dc94 building syzkaller on 1bf9a662c66aa432ff2fe3bf2562578cef626c09 testing commit 034307507118f7e1b18f8403c85af2216da2dc94 with gcc (GCC) 8.1.0 kernel signature: f75d3bb2cbc6bbd09ba59900edaf392afc64d30f8c85626791310021a426d221 all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in drm_atomic_set_crtc_for_connector testing release v5.9 testing commit bbf5c979011a099af5dc76498918ed7df445635b with gcc (GCC) 8.1.0 kernel signature: a82b63d060ceb014a456a27cdef2f1ec1d15fc82de1427bc4784201d6479e67b all runs: OK # git bisect start 034307507118f7e1b18f8403c85af2216da2dc94 bbf5c979011a099af5dc76498918ed7df445635b Bisecting: 11028 revisions left to test after this (roughly 14 steps) [96685f8666714233d34abb71b242448c80077536] Merge tag 'powerpc-5.10-1' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux testing commit 96685f8666714233d34abb71b242448c80077536 with gcc (GCC) 8.1.0 kernel signature: 90f01d7c30287463aad6dabf044b191cdef2fb560210b6bec6eb75c471acb69c all runs: OK # git bisect good 96685f8666714233d34abb71b242448c80077536 Bisecting: 5516 revisions left to test after this (roughly 13 steps) [0064c5c1b3bf2a695c772c90e8dea38426a870ff] net: xfrm: use core API for updating/providing stats testing commit 0064c5c1b3bf2a695c772c90e8dea38426a870ff with gcc (GCC) 8.1.0 kernel signature: 0024dc8a2a8c71b3419aef784de0f80db40f25186f3c3bf0f65d48acf469e96e run #0: crashed: BUG: sleeping function called from invalid context in sta_info_move_state run #1: crashed: BUG: sleeping function called from invalid context in sta_info_move_state run #2: crashed: BUG: sleeping function called from invalid context in sta_info_move_state run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect bad 0064c5c1b3bf2a695c772c90e8dea38426a870ff Bisecting: 2787 revisions left to test after this (roughly 12 steps) [e731f3146ff3bba5424b40140e1a7e6f92e94964] Merge tag 'armsoc-soc' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc testing commit e731f3146ff3bba5424b40140e1a7e6f92e94964 with gcc (GCC) 8.1.0 kernel signature: c31bf147fb855e8df9d498822527e71883a6ef7f129b725bf10c74d9bf445833 all runs: OK # git bisect good e731f3146ff3bba5424b40140e1a7e6f92e94964 Bisecting: 1393 revisions left to test after this (roughly 11 steps) [d598cc6a2d45321a2a662742f8c38b43021e36e0] selftests: net: bridge: add test for mldv2 exclude timeout testing commit d598cc6a2d45321a2a662742f8c38b43021e36e0 with gcc (GCC) 8.1.0 kernel signature: bfbc2a89931ff763b3b6785f4fab9d88c3076d8748e3efbc8cf8aa0d8b1bd242 all runs: OK # git bisect good d598cc6a2d45321a2a662742f8c38b43021e36e0 Bisecting: 696 revisions left to test after this (roughly 10 steps) [86bbf01977b4fdfffc8cab46e398ff279380b194] Merge git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf testing commit 86bbf01977b4fdfffc8cab46e398ff279380b194 with gcc (GCC) 8.1.0 kernel signature: 2f380ceea4dacbe6be96ea1ad5d093846bd5cd02f77f37a4a98d71235b745aa3 run #0: crashed: BUG: sleeping function called from invalid context in sta_info_move_state run #1: crashed: BUG: sleeping function called from invalid context in sta_info_move_state run #2: crashed: BUG: sleeping function called from invalid context in sta_info_move_state run #3: crashed: BUG: sleeping function called from invalid context in sta_info_move_state run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect bad 86bbf01977b4fdfffc8cab46e398ff279380b194 Bisecting: 348 revisions left to test after this (roughly 9 steps) [8c14577df4cd5c6d8b799bdfb3a0e94923f17d50] Merge branches 'pm-cpufreq', 'pm-cpuidle', 'pm-opp' and 'powercap' testing commit 8c14577df4cd5c6d8b799bdfb3a0e94923f17d50 with gcc (GCC) 8.1.0 kernel signature: a29d373b6386ea59c3e0754e76e0105fa203da1e53c253f2c2d46f49b03430a5 all runs: OK # git bisect good 8c14577df4cd5c6d8b799bdfb3a0e94923f17d50 Bisecting: 147 revisions left to test after this (roughly 8 steps) [41f16530241405819ae5644b6544965ab124bbda] Merge tag 'net-5.10-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net testing commit 41f16530241405819ae5644b6544965ab124bbda with gcc (GCC) 8.1.0 kernel signature: fc9ba25bdc81867dbbc858e25509108aa69fed23aedeb2f392fde634af392433 run #0: basic kernel testing failed: BUG: sleeping function called from invalid context in sta_info_move_state run #1: basic kernel testing failed: BUG: sleeping function called from invalid context in sta_info_move_state run #2: basic kernel testing failed: BUG: sleeping function called from invalid context in sta_info_move_state run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect good 41f16530241405819ae5644b6544965ab124bbda Bisecting: 86 revisions left to test after this (roughly 6 steps) [356583b956e620a7ef8086f14bfe971986a320b3] Merge tag 'drm-misc-fixes-2020-11-05' of git://anongit.freedesktop.org/drm/drm-misc into drm-fixes testing commit 356583b956e620a7ef8086f14bfe971986a320b3 with gcc (GCC) 8.1.0 kernel signature: b14cf531f00315b7b26caa851cb3b9a9d60d46ec5763bf5d4042f13c8ba03b0b all runs: OK # git bisect good 356583b956e620a7ef8086f14bfe971986a320b3 Bisecting: 52 revisions left to test after this (roughly 6 steps) [fc7b66ef076644dd646eb9f11563684edc479649] Merge tag 'drm-fixes-2020-11-06-1' of git://anongit.freedesktop.org/drm/drm testing commit fc7b66ef076644dd646eb9f11563684edc479649 with gcc (GCC) 8.1.0 kernel signature: 786029f13b0433c2c1c896c542f9c7899d8deaf5af6b0116606a5fa81be177e9 all runs: OK # git bisect good fc7b66ef076644dd646eb9f11563684edc479649 Bisecting: 24 revisions left to test after this (roughly 5 steps) [a6c96672a64f4f0e1bac9f37b5bb57d8ab551b4b] Merge tag 'asoc-fix-v5.10-rc2' of https://git.kernel.org/pub/scm/linux/kernel/git/broonie/sound into for-linus testing commit a6c96672a64f4f0e1bac9f37b5bb57d8ab551b4b with gcc (GCC) 8.1.0 kernel signature: 2ce8906097909b2d4f2868a01f45bc4738bd0e7b7b264c7619ac8c2fe9774e1b all runs: OK # git bisect good a6c96672a64f4f0e1bac9f37b5bb57d8ab551b4b Bisecting: 12 revisions left to test after this (roughly 4 steps) [f9b7ff0d7f7a466a920424246e7ddc2b84c87e52] tools/bpftool: Fix attaching flow dissector testing commit f9b7ff0d7f7a466a920424246e7ddc2b84c87e52 with gcc (GCC) 8.1.0 kernel signature: b207db5134edfae54bed28e29b36503a4fd8d5946f5b64d525bb8c582e755a05 all runs: OK # git bisect good f9b7ff0d7f7a466a920424246e7ddc2b84c87e52 Bisecting: 7 revisions left to test after this (roughly 3 steps) [9efac6ce7f621c405d49a091e3e367be4250a27a] mtd: rawnand: stm32_fmc2: fix broken ECC testing commit 9efac6ce7f621c405d49a091e3e367be4250a27a with gcc (GCC) 8.1.0 kernel signature: 7cc1be0a38bd7a9d9d635620de709c6cadcaae31d39b195b47c59cccd64c5886 all runs: OK # git bisect good 9efac6ce7f621c405d49a091e3e367be4250a27a Bisecting: 3 revisions left to test after this (roughly 2 steps) [bf3e76289cd28b87f679cd53e26d67fd708d718a] Merge branch 'mtd/fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/mtd/linux testing commit bf3e76289cd28b87f679cd53e26d67fd708d718a with gcc (GCC) 8.1.0 kernel signature: 4901f63155c17a699c5467e1e9537cb01046c5f1ea21bcbf7753985877f1a4ac run #0: crashed: BUG: sleeping function called from invalid context in sta_info_move_state run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect bad bf3e76289cd28b87f679cd53e26d67fd708d718a Bisecting: 2 revisions left to test after this (roughly 1 step) [bc7f2cd7559c5595dc38b909ae9a8d43e0215994] spi: bcm2835: remove use of uninitialized gpio flags variable testing commit bc7f2cd7559c5595dc38b909ae9a8d43e0215994 with gcc (GCC) 8.1.0 kernel signature: 7cc1be0a38bd7a9d9d635620de709c6cadcaae31d39b195b47c59cccd64c5886 all runs: OK # git bisect good bc7f2cd7559c5595dc38b909ae9a8d43e0215994 Bisecting: 0 revisions left to test after this (roughly 1 step) [44d80621857f916f1370782cdd20c9359ccc5eea] Merge tag 'spi-fix-v5.10-rc2-2' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/spi testing commit 44d80621857f916f1370782cdd20c9359ccc5eea with gcc (GCC) 8.1.0 kernel signature: 4901f63155c17a699c5467e1e9537cb01046c5f1ea21bcbf7753985877f1a4ac run #0: basic kernel testing failed: BUG: sleeping function called from invalid context in sta_info_move_state run #1: crashed: BUG: sleeping function called from invalid context in sta_info_move_state run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect bad 44d80621857f916f1370782cdd20c9359ccc5eea Bisecting: 0 revisions left to test after this (roughly 0 steps) [bb72bbe8f6c70e67c85d773e5c9b04c7fe36a0ab] Merge tag 'sound-5.10-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound testing commit bb72bbe8f6c70e67c85d773e5c9b04c7fe36a0ab with gcc (GCC) 8.1.0 kernel signature: 4901f63155c17a699c5467e1e9537cb01046c5f1ea21bcbf7753985877f1a4ac run #0: basic kernel testing failed: BUG: sleeping function called from invalid context in sta_info_move_state run #1: basic kernel testing failed: BUG: sleeping function called from invalid context in sta_info_move_state run #2: crashed: BUG: sleeping function called from invalid context in sta_info_move_state run #3: crashed: BUG: sleeping function called from invalid context in sta_info_move_state run #4: crashed: BUG: sleeping function called from invalid context in sta_info_move_state run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect bad bb72bbe8f6c70e67c85d773e5c9b04c7fe36a0ab bb72bbe8f6c70e67c85d773e5c9b04c7fe36a0ab is the first bad commit commit bb72bbe8f6c70e67c85d773e5c9b04c7fe36a0ab Merge: fc7b66ef0766 a6c96672a64f Author: Linus Torvalds Date: Fri Nov 6 12:58:11 2020 -0800 Merge tag 'sound-5.10-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound Pull sound fixes from Takashi Iwai: "Quite a bunch of small fixes that have been gathered since the last pull, including changes like below: - HD-audio runtime PM fixes and refactoring - HD-audio and USB-audio quirks - SOF warning fix - Various ASoC device-specific fixes for Intel, Qualcomm, etc" * tag 'sound-5.10-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound: (26 commits) ALSA: usb-audio: Add implicit feedback quirk for Qu-16 ASoC: mchp-spdiftx: Do not set Validity bit(s) ALSA: usb-audio: Add implicit feedback quirk for MODX ALSA: usb-audio: add usb vendor id as DSD-capable for Khadas devices ALSA: hda/realtek - Enable headphone for ASUS TM420 ALSA: hda: prevent undefined shift in snd_hdac_ext_bus_get_link() ASoC: qcom: lpass-cpu: Fix clock disable failure ASoC: qcom: lpass-sc7180: Fix MI2S bitwidth field bit positions ASoC: codecs: wcd9335: Set digital gain range correctly ASoC: codecs: wcd934x: Set digital gain range correctly ALSA: hda: Reinstate runtime_allow() for all hda controllers ALSA: hda: Separate runtime and system suspend ALSA: hda: Refactor codec PM to use direct-complete optimization ALSA: hda/realtek - Fixed HP headset Mic can't be detected ALSA: usb-audio: Add implicit feedback quirk for Zoom UAC-2 ALSA: make snd_kcontrol_new name a normal string ALSA: fix kernel-doc markups ASoC: SOF: loader: handle all SOF_IPC_EXT types ASoC: cs42l51: manage mclk shutdown delay ASoC: qcom: sdm845: set driver name correctly ... include/sound/control.h | 2 +- include/sound/core.h | 3 +- include/sound/pcm.h | 4 +- include/uapi/sound/compress_offload.h | 2 +- sound/core/control.c | 4 +- sound/core/pcm_dmaengine.c | 3 +- sound/core/pcm_lib.c | 2 +- sound/core/pcm_native.c | 4 +- sound/hda/ext/hdac_ext_controller.c | 2 + sound/pci/hda/hda_codec.c | 45 +++++++++------ sound/pci/hda/hda_controller.h | 3 +- sound/pci/hda/hda_intel.c | 63 +++++++++++--------- sound/pci/hda/patch_realtek.c | 67 ++++++++++++++++++---- sound/soc/atmel/mchp-spdiftx.c | 1 - sound/soc/codecs/cs42l51.c | 22 ++++++- sound/soc/codecs/wcd9335.c | 2 +- sound/soc/codecs/wcd934x.c | 2 +- sound/soc/codecs/wsa881x.c | 2 + sound/soc/intel/Kconfig | 18 ------ sound/soc/intel/atom/Makefile | 2 +- sound/soc/intel/atom/sst/Makefile | 6 +- sound/soc/intel/boards/kbl_rt5663_max98927.c | 39 ++++++++++--- sound/soc/intel/catpt/dsp.c | 9 ++- sound/soc/intel/catpt/pcm.c | 10 ++++ sound/soc/mediatek/mt8183/mt8183-da7219-max98357.c | 31 ++++++++-- sound/soc/qcom/lpass-cpu.c | 14 +++-- sound/soc/qcom/lpass-sc7180.c | 2 +- sound/soc/qcom/sdm845.c | 2 + sound/soc/soc-core.c | 2 +- sound/soc/soc-dapm.c | 2 +- sound/soc/sof/loader.c | 5 ++ sound/usb/pcm.c | 6 ++ sound/usb/quirks.c | 1 + 33 files changed, 265 insertions(+), 117 deletions(-) revisions tested: 18, total time: 4h24m40.334934163s (build: 1h20m7.962365106s, test: 3h2m47.672258599s) first bad commit: bb72bbe8f6c70e67c85d773e5c9b04c7fe36a0ab Merge tag 'sound-5.10-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound recipients (to): ["torvalds@linux-foundation.org"] recipients (cc): [] crash: BUG: sleeping function called from invalid context in sta_info_move_state BUG: sleeping function called from invalid context at net/mac80211/sta_info.c:1962 in_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 8, name: kworker/u4:0 4 locks held by kworker/u4:0/8: #0: ffff88811f07fd38 ((wq_completion)phy14){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:615 [inline] #0: ffff88811f07fd38 ((wq_completion)phy14){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:643 [inline] #0: ffff88811f07fd38 ((wq_completion)phy14){+.+.}-{0:0}, at: process_one_work+0x1e6/0x600 kernel/workqueue.c:2243 #1: ffffc90000c97e70 ((work_completion)(&sdata->work)){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:615 [inline] #1: ffffc90000c97e70 ((work_completion)(&sdata->work)){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:643 [inline] #1: ffffc90000c97e70 ((work_completion)(&sdata->work)){+.+.}-{0:0}, at: process_one_work+0x1e6/0x600 kernel/workqueue.c:2243 #2: ffff88811f11cd00 (&wdev->mtx){+.+.}-{3:3}, at: sdata_lock net/mac80211/ieee80211_i.h:1021 [inline] #2: ffff88811f11cd00 (&wdev->mtx){+.+.}-{3:3}, at: ieee80211_ibss_work+0x36/0x420 net/mac80211/ibss.c:1683 #3: ffffffff84bf1e40 (rcu_read_lock){....}-{1:2}, at: sta_info_insert_finish net/mac80211/sta_info.c:644 [inline] ffffffff84bf1e40 (rcu_read_lock){....}-{1:2}, at: sta_info_insert_rcu+0x1c2/0xde0 net/mac80211/sta_info.c:732 Preemption disabled at: [] __mutex_lock_common kernel/locking/mutex.c:955 [inline] [] __mutex_lock+0x70/0x9f0 kernel/locking/mutex.c:1103 CPU: 1 PID: 8 Comm: kworker/u4:0 Not tainted 5.10.0-rc2-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: phy14 ieee80211_iface_work Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x77/0x97 lib/dump_stack.c:118 ___might_sleep.cold.110+0xf2/0x106 kernel/sched/core.c:7298 sta_info_move_state+0x1a/0x2b0 net/mac80211/sta_info.c:1962 sta_info_free+0x11/0xd0 net/mac80211/sta_info.c:274 sta_info_insert_rcu+0xd4/0xde0 net/mac80211/sta_info.c:738 ieee80211_ibss_finish_sta+0x9e/0x120 net/mac80211/ibss.c:592 ieee80211_ibss_work+0x10a/0x420 net/mac80211/ibss.c:1700 process_one_work+0x273/0x600 kernel/workqueue.c:2272 worker_thread+0x38/0x380 kernel/workqueue.c:2418 kthread+0x144/0x170 kernel/kthread.c:292 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:296 ============================= [ BUG: Invalid wait context ] 5.10.0-rc2-syzkaller #0 Tainted: G W ----------------------------- kworker/u4:0/8 is trying to lock: ffff88811f0da9d0 (&local->chanctx_mtx){+.+.}-{3:3}, at: ieee80211_recalc_min_chandef+0x1f/0x90 net/mac80211/util.c:2740 other info that might help us debug this: context-{4:4} 4 locks held by kworker/u4:0/8: #0: ffff88811f07fd38 ((wq_completion)phy14){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:615 [inline] #0: ffff88811f07fd38 ((wq_completion)phy14){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:643 [inline] #0: ffff88811f07fd38 ((wq_completion)phy14){+.+.}-{0:0}, at: process_one_work+0x1e6/0x600 kernel/workqueue.c:2243 #1: ffffc90000c97e70 ((work_completion)(&sdata->work)){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:615 [inline] #1: ffffc90000c97e70 ((work_completion)(&sdata->work)){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:643 [inline] #1: ffffc90000c97e70 ((work_completion)(&sdata->work)){+.+.}-{0:0}, at: process_one_work+0x1e6/0x600 kernel/workqueue.c:2243 #2: ffff88811f11cd00 (&wdev->mtx){+.+.}-{3:3}, at: sdata_lock net/mac80211/ieee80211_i.h:1021 [inline] #2: ffff88811f11cd00 (&wdev->mtx){+.+.}-{3:3}, at: ieee80211_ibss_work+0x36/0x420 net/mac80211/ibss.c:1683 #3: ffffffff84bf1e40 (rcu_read_lock){....}-{1:2}, at: sta_info_insert_finish net/mac80211/sta_info.c:644 [inline] #3: ffffffff84bf1e40 (rcu_read_lock){....}-{1:2}, at: sta_info_insert_rcu+0x1c2/0xde0 net/mac80211/sta_info.c:732 stack backtrace: CPU: 1 PID: 8 Comm: kworker/u4:0 Tainted: G W 5.10.0-rc2-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: phy14 ieee80211_iface_work Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x77/0x97 lib/dump_stack.c:118 print_lock_invalid_wait_context kernel/locking/lockdep.c:4483 [inline] check_wait_context kernel/locking/lockdep.c:4544 [inline] __lock_acquire.cold.73+0x160/0x2be kernel/locking/lockdep.c:4781 lock_acquire+0xd0/0x3d0 kernel/locking/lockdep.c:5436 __mutex_lock_common kernel/locking/mutex.c:956 [inline] __mutex_lock+0x94/0x9f0 kernel/locking/mutex.c:1103 ieee80211_recalc_min_chandef+0x1f/0x90 net/mac80211/util.c:2740 sta_info_move_state+0x140/0x2b0 net/mac80211/sta_info.c:2019 sta_info_free+0x11/0xd0 net/mac80211/sta_info.c:274 sta_info_insert_rcu+0xd4/0xde0 net/mac80211/sta_info.c:738 ieee80211_ibss_finish_sta+0x9e/0x120 net/mac80211/ibss.c:592 ieee80211_ibss_work+0x10a/0x420 net/mac80211/ibss.c:1700 process_one_work+0x273/0x600 kernel/workqueue.c:2272 worker_thread+0x38/0x380 kernel/workqueue.c:2418 kthread+0x144/0x170 kernel/kthread.c:292 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:296