bisecting cause commit starting from c900378316d37d3af592ec378bc28e1f6b355188
building syzkaller on 680688040fc26d17a49a9663fbbd6a716c6247b6
testing commit c900378316d37d3af592ec378bc28e1f6b355188 with gcc (GCC) 8.1.0
kernel signature: 2bf8ca69d7f36e4ab61267cdcb754dad83c0c6751c4c20efd89467515d51e962
all runs: crashed: divide error in __tcp_select_window
testing release v5.9
testing commit bbf5c979011a099af5dc76498918ed7df445635b with gcc (GCC) 8.1.0
kernel signature: 7123ca9ac444fa7cea0bd6d693069bab26885e9a39a632dc5f09d507172c6cff
all runs: OK
# git bisect start c900378316d37d3af592ec378bc28e1f6b355188 bbf5c979011a099af5dc76498918ed7df445635b
Bisecting: 9313 revisions left to test after this (roughly 13 steps)
[4d0e9df5e43dba52d38b251e3b909df8fa1110be] lib, uaccess: add failure injection to usercopy functions
testing commit 4d0e9df5e43dba52d38b251e3b909df8fa1110be with gcc (GCC) 8.1.0
kernel signature: 7099ca77d2c942f0d704eddd303a14d7bc08bb7110838e947b45173700370232
all runs: OK
# git bisect good 4d0e9df5e43dba52d38b251e3b909df8fa1110be
Bisecting: 4650 revisions left to test after this (roughly 12 steps)
[f56e65dff6ad52395ef45738799b4fb70ff43376] Merge branch 'work.set_fs' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
testing commit f56e65dff6ad52395ef45738799b4fb70ff43376 with gcc (GCC) 8.1.0
kernel signature: 2c120898a7f0213d66ce276c6b9cc8f2f49a5d9d74bccd801e0d1142a2447497
all runs: OK
# git bisect good f56e65dff6ad52395ef45738799b4fb70ff43376
Bisecting: 2315 revisions left to test after this (roughly 11 steps)
[934291ffb638f2785cc9587403df4895f5c838ac] Merge tag 'net-5.10-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net
testing commit 934291ffb638f2785cc9587403df4895f5c838ac with gcc (GCC) 8.1.0
kernel signature: ccd53c8e6f4f8aee06c4ed2adec187995a2ef6093bf1c486cddcf50d14a168fe
all runs: OK
# git bisect good 934291ffb638f2785cc9587403df4895f5c838ac
Bisecting: 1157 revisions left to test after this (roughly 10 steps)
[0c1d6b269457cb30abe457a279fef9c6e9259e0a] mlxsw: spectrum_router: Pass destination IP as a pointer to mlxsw_reg_ralue_pack4()
testing commit 0c1d6b269457cb30abe457a279fef9c6e9259e0a with gcc (GCC) 8.1.0
kernel signature: 89c6bba18d068e9dd6dd03b3a5ef5f90a5c45b540ef09f7be4b65a7443a93a7a
run #0: crashed: BUG: sleeping function called from invalid context in sta_info_move_state
run #1: crashed: BUG: sleeping function called from invalid context in sta_info_move_state
run #2: crashed: BUG: sleeping function called from invalid context in sta_info_move_state
run #3: OK
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
reproducer seems to be flaky
# git bisect bad 0c1d6b269457cb30abe457a279fef9c6e9259e0a
Bisecting: 576 revisions left to test after this (roughly 9 steps)
[02a2aa3500a993c9f0812b8564d36d63b8d49ce4] Merge tag 'iommu-fixes-v5.10-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/joro/iommu
testing commit 02a2aa3500a993c9f0812b8564d36d63b8d49ce4 with gcc (GCC) 8.1.0
kernel signature: c0072744a61ac4ddb0e21d4ce042243fd28134f9ba52098837c2aacdc4cf632b
run #0: crashed: BUG: sleeping function called from invalid context in sta_info_move_state
run #1: crashed: BUG: sleeping function called from invalid context in sta_info_move_state
run #2: crashed: BUG: sleeping function called from invalid context in sta_info_move_state
run #3: crashed: BUG: sleeping function called from invalid context in sta_info_move_state
run #4: crashed: BUG: sleeping function called from invalid context in sta_info_move_state
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
# git bisect bad 02a2aa3500a993c9f0812b8564d36d63b8d49ce4
Bisecting: 271 revisions left to test after this (roughly 8 steps)
[9c75b68b91ff010d8d4c703b93954f605e2ef516] Merge tag 'driver-core-5.10-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core
testing commit 9c75b68b91ff010d8d4c703b93954f605e2ef516 with gcc (GCC) 8.1.0
kernel signature: 2cb6a5bde1cb91cf331b8b05f4c046dcadad00404d4fa937eb46fd4c0b04a3c2
all runs: OK
# git bisect good 9c75b68b91ff010d8d4c703b93954f605e2ef516
Bisecting: 133 revisions left to test after this (roughly 7 steps)
[f786dfa3745b92f2fa91e0a0b9f3509907111d96] Merge tag 'pm-5.10-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm
testing commit f786dfa3745b92f2fa91e0a0b9f3509907111d96 with gcc (GCC) 8.1.0
kernel signature: ef607bcaa4eab671061b02dc7bce7aa06a813e6b6a22f58972c2714e70c188ce
all runs: OK
# git bisect good f786dfa3745b92f2fa91e0a0b9f3509907111d96
Bisecting: 63 revisions left to test after this (roughly 6 steps)
[ac6f929d74bad5e9e352aec936aeba0638bf560c] Merge tag 'linux-can-fixes-for-5.10-20201103' of git://git.kernel.org/pub/scm/linux/kernel/git/mkl/linux-can
testing commit ac6f929d74bad5e9e352aec936aeba0638bf560c with gcc (GCC) 8.1.0
kernel signature: 3b22da383654bf1edcc5324c081149245c3fb3eea1e39a148422a7c548c251a8
run #0: basic kernel testing failed: BUG: sleeping function called from invalid context in sta_info_move_state
run #1: crashed: BUG: sleeping function called from invalid context in sta_info_move_state
run #2: crashed: BUG: sleeping function called from invalid context in sta_info_move_state
run #3: crashed: BUG: sleeping function called from invalid context in sta_info_move_state
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
# git bisect bad ac6f929d74bad5e9e352aec936aeba0638bf560c
Bisecting: 34 revisions left to test after this (roughly 5 steps)
[e16b874ee87aa70cd0a7145346ff5f41349b514c] mptcp: token: fix unititialized variable
testing commit e16b874ee87aa70cd0a7145346ff5f41349b514c with gcc (GCC) 8.1.0
kernel signature: f2477a8fd1e94bc7dba36b36c42eb72385729c65a39775f7b64fa0880024768d
run #0: basic kernel testing failed: BUG: sleeping function called from invalid context in sta_info_move_state
run #1: crashed: BUG: sleeping function called from invalid context in sta_info_move_state
run #2: crashed: BUG: sleeping function called from invalid context in sta_info_move_state
run #3: crashed: BUG: sleeping function called from invalid context in sta_info_move_state
run #4: crashed: BUG: sleeping function called from invalid context in sta_info_move_state
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
# git bisect bad e16b874ee87aa70cd0a7145346ff5f41349b514c
Bisecting: 16 revisions left to test after this (roughly 4 steps)
[859191b234f86b5f36cbe384baca1067a2221eb7] Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf
testing commit 859191b234f86b5f36cbe384baca1067a2221eb7 with gcc (GCC) 8.1.0
kernel signature: b268097c07bd20cc16edca6493ad5972f9e5f601577f1299c5c9d28237293e95
all runs: OK
# git bisect good 859191b234f86b5f36cbe384baca1067a2221eb7
Bisecting: 8 revisions left to test after this (roughly 3 steps)
[04a55c944f151b3149b78beff5ff406faa84485d] Merge tag 'mac80211-for-net-2020-10-30' of git://git.kernel.org/pub/scm/linux/kernel/git/jberg/mac80211
testing commit 04a55c944f151b3149b78beff5ff406faa84485d with gcc (GCC) 8.1.0
kernel signature: 458bb1a66a33d15727b609b98196bae86a1528e50e921b5ad2a2a0226468d36e
run #0: crashed: BUG: sleeping function called from invalid context in sta_info_move_state
run #1: crashed: BUG: sleeping function called from invalid context in sta_info_move_state
run #2: OK
run #3: OK
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
# git bisect bad 04a55c944f151b3149b78beff5ff406faa84485d
Bisecting: 3 revisions left to test after this (roughly 2 steps)
[dcd479e10a0510522a5d88b29b8f79ea3467d501] mac80211: always wind down STA state
testing commit dcd479e10a0510522a5d88b29b8f79ea3467d501 with gcc (GCC) 8.1.0
kernel signature: 3e328f95d030daad2c3f8e0523290ad84364630d8adc1643fadef034995bfd03
all runs: OK
# git bisect good dcd479e10a0510522a5d88b29b8f79ea3467d501
Bisecting: 1 revision left to test after this (roughly 1 step)
[db18d20d1cb0fde16d518fb5ccd38679f174bc04] cfg80211: regulatory: Fix inconsistent format argument
testing commit db18d20d1cb0fde16d518fb5ccd38679f174bc04 with gcc (GCC) 8.1.0
kernel signature: 9aa82054dc74ac67084d80598f79c1e5246f4d442529415a8da9437acba70a0e
run #0: crashed: BUG: sleeping function called from invalid context in sta_info_move_state
run #1: crashed: BUG: sleeping function called from invalid context in sta_info_move_state
run #2: crashed: BUG: sleeping function called from invalid context in sta_info_move_state
run #3: crashed: BUG: sleeping function called from invalid context in sta_info_move_state
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
# git bisect bad db18d20d1cb0fde16d518fb5ccd38679f174bc04
Bisecting: 0 revisions left to test after this (roughly 0 steps)
[b1e8eb11fb9cf666d8ae36bbcf533233a504c921] mac80211: fix kernel-doc markups
testing commit b1e8eb11fb9cf666d8ae36bbcf533233a504c921 with gcc (GCC) 8.1.0
kernel signature: 71e987ce8a62d9e300bf9ec2552782658b2f93473ca907d64228c94c9666150c
run #0: crashed: BUG: sleeping function called from invalid context in sta_info_move_state
run #1: crashed: BUG: sleeping function called from invalid context in sta_info_move_state
run #2: OK
run #3: OK
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
# git bisect bad b1e8eb11fb9cf666d8ae36bbcf533233a504c921
b1e8eb11fb9cf666d8ae36bbcf533233a504c921 is the first bad commit
commit b1e8eb11fb9cf666d8ae36bbcf533233a504c921
Author: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
Date:   Fri Oct 23 18:33:08 2020 +0200

    mac80211: fix kernel-doc markups
    
    Some identifiers have different names between their prototypes
    and the kernel-doc markup.
    
    Others need to be fixed, as kernel-doc markups should use this format:
            identifier - description
    
    In the specific case of __sta_info_flush(), add a documentation
    for sta_info_flush(), as this one is the one used outside
    sta_info.c.
    
    Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
    Reviewed-by: Johannes Berg <johannes@sipsolutions.net>
    Link: https://lore.kernel.org/r/978d35eef2dc76e21c81931804e4eaefbd6d635e.1603469755.git.mchehab+huawei@kernel.org
    Signed-off-by: Johannes Berg <johannes.berg@intel.com>

 include/net/cfg80211.h  | 9 +++++----
 include/net/mac80211.h  | 7 ++++---
 net/mac80211/sta_info.h | 9 ++++++++-
 3 files changed, 17 insertions(+), 8 deletions(-)
culprit signature: 71e987ce8a62d9e300bf9ec2552782658b2f93473ca907d64228c94c9666150c
parent  signature: 3e328f95d030daad2c3f8e0523290ad84364630d8adc1643fadef034995bfd03
Reproducer flagged being flaky
revisions tested: 16, total time: 3h37m25.082600351s (build: 1h9m28.719962116s, test: 2h26m12.71176921s)
first bad commit: b1e8eb11fb9cf666d8ae36bbcf533233a504c921 mac80211: fix kernel-doc markups
recipients (to): ["johannes.berg@intel.com" "johannes@sipsolutions.net" "mchehab+huawei@kernel.org"]
recipients (cc): []
crash: BUG: sleeping function called from invalid context in sta_info_move_state
BUG: sleeping function called from invalid context at net/mac80211/sta_info.c:1962
in_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 53, name: kworker/u4:3
4 locks held by kworker/u4:3/53:
 #0: ffff88811ea15d38 ((wq_completion)phy8){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:615 [inline]
 #0: ffff88811ea15d38 ((wq_completion)phy8){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:643 [inline]
 #0: ffff88811ea15d38 ((wq_completion)phy8){+.+.}-{0:0}, at: process_one_work+0x1e6/0x600 kernel/workqueue.c:2243
 #1: ffffc90000d4be70 ((work_completion)(&sdata->work)){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:615 [inline]
 #1: ffffc90000d4be70 ((work_completion)(&sdata->work)){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:643 [inline]
 #1: ffffc90000d4be70 ((work_completion)(&sdata->work)){+.+.}-{0:0}, at: process_one_work+0x1e6/0x600 kernel/workqueue.c:2243
 #2: ffff88811ea48d00 (&wdev->mtx){+.+.}-{3:3}, at: sdata_lock net/mac80211/ieee80211_i.h:1021 [inline]
 #2: ffff88811ea48d00 (&wdev->mtx){+.+.}-{3:3}, at: ieee80211_ibss_work+0x36/0x420 net/mac80211/ibss.c:1683
 #3: ffffffff84bf1e40 (rcu_read_lock){....}-{1:2}, at: sta_info_insert_finish net/mac80211/sta_info.c:644 [inline]
 #3: ffffffff84bf1e40 (rcu_read_lock){....}-{1:2}, at: sta_info_insert_rcu+0x1c2/0xde0 net/mac80211/sta_info.c:732
Preemption disabled at:
[<ffffffff835f16e0>] __mutex_lock_common kernel/locking/mutex.c:955 [inline]
[<ffffffff835f16e0>] __mutex_lock+0x70/0x9f0 kernel/locking/mutex.c:1103
CPU: 0 PID: 53 Comm: kworker/u4:3 Not tainted 5.10.0-rc1-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: phy8 ieee80211_iface_work
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x77/0x97 lib/dump_stack.c:118
 ___might_sleep.cold.110+0xf2/0x106 kernel/sched/core.c:7298
 sta_info_move_state+0x1a/0x2b0 net/mac80211/sta_info.c:1962
 sta_info_free+0x11/0xd0 net/mac80211/sta_info.c:274
 sta_info_insert_rcu+0xd4/0xde0 net/mac80211/sta_info.c:738
 ieee80211_ibss_finish_sta+0x9e/0x120 net/mac80211/ibss.c:592
 ieee80211_ibss_work+0x10a/0x420 net/mac80211/ibss.c:1700
 process_one_work+0x273/0x600 kernel/workqueue.c:2272
 worker_thread+0x38/0x380 kernel/workqueue.c:2418
 kthread+0x144/0x170 kernel/kthread.c:292
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:296

=============================
[ BUG: Invalid wait context ]
5.10.0-rc1-syzkaller #0 Tainted: G        W        
-----------------------------
kworker/u4:3/53 is trying to lock:
ffff88811ea429d0 (&local->chanctx_mtx){+.+.}-{3:3}, at: ieee80211_recalc_min_chandef+0x1f/0x90 net/mac80211/util.c:2740
other info that might help us debug this:
context-{4:4}
4 locks held by kworker/u4:3/53:
 #0: ffff88811ea15d38 ((wq_completion)phy8){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:615 [inline]
 #0: ffff88811ea15d38 ((wq_completion)phy8){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:643 [inline]
 #0: ffff88811ea15d38 ((wq_completion)phy8){+.+.}-{0:0}, at: process_one_work+0x1e6/0x600 kernel/workqueue.c:2243
 #1: ffffc90000d4be70 ((work_completion)(&sdata->work)){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:615 [inline]
 #1: ffffc90000d4be70 ((work_completion)(&sdata->work)){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:643 [inline]
 #1: ffffc90000d4be70 ((work_completion)(&sdata->work)){+.+.}-{0:0}, at: process_one_work+0x1e6/0x600 kernel/workqueue.c:2243
 #2: ffff88811ea48d00 (&wdev->mtx){+.+.}-{3:3}, at: sdata_lock net/mac80211/ieee80211_i.h:1021 [inline]
 #2: ffff88811ea48d00 (&wdev->mtx){+.+.}-{3:3}, at: ieee80211_ibss_work+0x36/0x420 net/mac80211/ibss.c:1683
 #3: ffffffff84bf1e40 (rcu_read_lock){....}-{1:2}, at: sta_info_insert_finish net/mac80211/sta_info.c:644 [inline]
 #3: ffffffff84bf1e40 (rcu_read_lock){....}-{1:2}, at: sta_info_insert_rcu+0x1c2/0xde0 net/mac80211/sta_info.c:732
stack backtrace:
CPU: 0 PID: 53 Comm: kworker/u4:3 Tainted: G        W         5.10.0-rc1-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: phy8 ieee80211_iface_work
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x77/0x97 lib/dump_stack.c:118
 print_lock_invalid_wait_context kernel/locking/lockdep.c:4489 [inline]
 check_wait_context kernel/locking/lockdep.c:4550 [inline]
 __lock_acquire.cold.73+0x160/0x2be kernel/locking/lockdep.c:4787
 lock_acquire+0xd0/0x3d0 kernel/locking/lockdep.c:5442
 __mutex_lock_common kernel/locking/mutex.c:956 [inline]
 __mutex_lock+0x94/0x9f0 kernel/locking/mutex.c:1103
 ieee80211_recalc_min_chandef+0x1f/0x90 net/mac80211/util.c:2740
 sta_info_move_state+0x140/0x2b0 net/mac80211/sta_info.c:2019
 sta_info_free+0x11/0xd0 net/mac80211/sta_info.c:274
 sta_info_insert_rcu+0xd4/0xde0 net/mac80211/sta_info.c:738
 ieee80211_ibss_finish_sta+0x9e/0x120 net/mac80211/ibss.c:592
 ieee80211_ibss_work+0x10a/0x420 net/mac80211/ibss.c:1700
 process_one_work+0x273/0x600 kernel/workqueue.c:2272
 worker_thread+0x38/0x380 kernel/workqueue.c:2418
 kthread+0x144/0x170 kernel/kthread.c:292
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:296
wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50