bisecting cause commit starting from bcd684aace34fedbd473fbd9b21ed06b0c2d2212
building syzkaller on 5050311712ecf43945d306df4653fc28da89fb43
testing commit bcd684aace34fedbd473fbd9b21ed06b0c2d2212 with gcc (GCC) 8.1.0
kernel signature: 270823efcabc33991b24781c1330b17fb6e7d634e4477d7bce0cda893c41b721
all runs: crashed: BUG: unable to handle kernel paging request in bpf_lru_populate
testing release v5.9
testing commit bbf5c979011a099af5dc76498918ed7df445635b with gcc (GCC) 8.1.0
kernel signature: ae997c81c8480492441e712d3c127e3da959156d4e937c464609e101fa84e28c
all runs: OK
# git bisect start bcd684aace34fedbd473fbd9b21ed06b0c2d2212 bbf5c979011a099af5dc76498918ed7df445635b
Bisecting: 7895 revisions left to test after this (roughly 13 steps)
[9ff9b0d392ea08090cd1780fb196f36dbb586529] Merge tag 'net-next-5.10' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next
testing commit 9ff9b0d392ea08090cd1780fb196f36dbb586529 with gcc (GCC) 8.1.0
kernel signature: 5bd4bd308100f23687c473ea4c0a2ff448de9f81220b1082a3ae623809bbc5a3
all runs: OK
# git bisect good 9ff9b0d392ea08090cd1780fb196f36dbb586529
Bisecting: 3937 revisions left to test after this (roughly 12 steps)
[e533cda12d8f0e7936354bafdc85c81741f805d2] Merge tag 'armsoc-dt' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc
testing commit e533cda12d8f0e7936354bafdc85c81741f805d2 with gcc (GCC) 8.1.0
kernel signature: 891f88128917d7a0933492816761b4642621c40248483973cc1036b0060aa27f
all runs: OK
# git bisect good e533cda12d8f0e7936354bafdc85c81741f805d2
Bisecting: 1968 revisions left to test after this (roughly 11 steps)
[5929dd876bf2aa34a3071e085a60946a9ce0ab79] Merge tag 'exynos-drm-fixes-for-v5.10-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/daeinki/drm-exynos into drm-fixes
testing commit 5929dd876bf2aa34a3071e085a60946a9ce0ab79 with gcc (GCC) 8.1.0
kernel signature: f69618801efefea457e2f10ad84f97e8b5544b103f4763c1c4abbf44c9b9f812
all runs: OK
# git bisect good 5929dd876bf2aa34a3071e085a60946a9ce0ab79
Bisecting: 986 revisions left to test after this (roughly 10 steps)
[6375da9dac8bec05a022f22ab22300cc824ec268] Merge branch 'tipc-some-minor-improvements'
testing commit 6375da9dac8bec05a022f22ab22300cc824ec268 with gcc (GCC) 8.1.0
kernel signature: dbad49f1935cf0ba56802376d1acf18649611f68b8afe2360bec72bccfc809b8
all runs: OK
# git bisect good 6375da9dac8bec05a022f22ab22300cc824ec268
Bisecting: 488 revisions left to test after this (roughly 9 steps)
[bbe2ba04c5a92a49db8a42c850a5a2f6481e47eb] Merge tag 'net-5.10-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net
testing commit bbe2ba04c5a92a49db8a42c850a5a2f6481e47eb with gcc (GCC) 8.1.0
kernel signature: 8e03b3a98f93dcac56e744bcd5fe7d1f17e06f49c080e129542550add64e9780
all runs: OK
# git bisect good bbe2ba04c5a92a49db8a42c850a5a2f6481e47eb
Bisecting: 207 revisions left to test after this (roughly 8 steps)
[a1dd1d86973182458da7798a95f26cfcbea599b4] Merge https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next
testing commit a1dd1d86973182458da7798a95f26cfcbea599b4 with gcc (GCC) 8.1.0
kernel signature: 867d7f30eaf71dfd68a19253af414ce8729e761aa05a0b7062b9fa55a766ac3e
all runs: crashed: BUG: unable to handle kernel paging request in bpf_lru_populate
# git bisect bad a1dd1d86973182458da7798a95f26cfcbea599b4
Bisecting: 140 revisions left to test after this (roughly 7 steps)
[36d076201bd467d6bd22ba14e56e457d55e32be7] dt-bindings: net: nfc: s3fwrn5: Support a UART interface
testing commit 36d076201bd467d6bd22ba14e56e457d55e32be7 with gcc (GCC) 8.1.0
kernel signature: 271ce551c10596424da32a4f8d5e0d88b4938cd17ef4d681b92be1d1c1f3c0e0
all runs: OK
# git bisect good 36d076201bd467d6bd22ba14e56e457d55e32be7
Bisecting: 70 revisions left to test after this (roughly 6 steps)
[e9aae8beba825e4670463ddcf420b954f18d5ced] bpf: Memcg-based memory accounting for bpf local storage maps
testing commit e9aae8beba825e4670463ddcf420b954f18d5ced with gcc (GCC) 8.1.0
kernel signature: 3b7177cab94f8f0ddf3bd09160434f4af291ef39625cda1b0af1480f01e08e7a
run #0: crashed: BUG: sleeping function called from invalid context in sta_info_move_state
run #1: OK
run #2: OK
run #3: OK
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
reproducer seems to be flaky
# git bisect bad e9aae8beba825e4670463ddcf420b954f18d5ced
Bisecting: 34 revisions left to test after this (roughly 5 steps)
[ceb5dea5654354fb4e6e393c99f1d0bf4debab0e] samples: bpf: Remove bpf_load loader completely
testing commit ceb5dea5654354fb4e6e393c99f1d0bf4debab0e with gcc (GCC) 8.1.0
kernel signature: ffb2ad7eff131f090cc535b548a6fb8b651c9c8e82d1e77232fc4cbac7d08a71
run #0: basic kernel testing failed: BUG: sleeping function called from invalid context in sta_info_move_state
run #1: basic kernel testing failed: BUG: sleeping function called from invalid context in sta_info_move_state
run #2: crashed: BUG: sleeping function called from invalid context in sta_info_move_state
run #3: crashed: BUG: sleeping function called from invalid context in sta_info_move_state
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
# git bisect bad ceb5dea5654354fb4e6e393c99f1d0bf4debab0e
Bisecting: 17 revisions left to test after this (roughly 4 steps)
[450d060e8f752a6ce052a2bffd3f01633472e330] bpftool: Add {i,d}tlb_misses support for bpftool profile
testing commit 450d060e8f752a6ce052a2bffd3f01633472e330 with gcc (GCC) 8.1.0
kernel signature: d1374be8d5e301a89d418e43111439ea114ce565bab902b9de9dcfc6834e74c5
run #0: basic kernel testing failed: BUG: sleeping function called from invalid context in sta_info_move_state
run #1: crashed: BUG: sleeping function called from invalid context in sta_info_move_state
run #2: OK
run #3: OK
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
# git bisect bad 450d060e8f752a6ce052a2bffd3f01633472e330
Bisecting: 7 revisions left to test after this (roughly 3 steps)
[cbf398d76534427877e5824dd61611514cf284b3] Merge branch 'af-xdp-tx-batch'
testing commit cbf398d76534427877e5824dd61611514cf284b3 with gcc (GCC) 8.1.0
kernel signature: e3fdf784f93a0b5934c8421f0c428a87aac52a34a519d33c547b4f33b7dd39be
run #0: crashed: BUG: sleeping function called from invalid context in sta_info_move_state
run #1: crashed: BUG: sleeping function called from invalid context in sta_info_move_state
run #2: OK
run #3: OK
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
# git bisect bad cbf398d76534427877e5824dd61611514cf284b3
Bisecting: 4 revisions left to test after this (roughly 2 steps)
[90da4b3208d32bdb5489ca08b91af16ed4a68d00] samples/bpf: Increment Tx stats at sending
testing commit 90da4b3208d32bdb5489ca08b91af16ed4a68d00 with gcc (GCC) 8.1.0
kernel signature: efbd555f0e3ac328f26d03fabfb30227817860553dcac085544257b965ff9677
run #0: crashed: BUG: sleeping function called from invalid context in sta_info_move_state
run #1: OK
run #2: OK
run #3: OK
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
# git bisect bad 90da4b3208d32bdb5489ca08b91af16ed4a68d00
Bisecting: 1 revision left to test after this (roughly 1 step)
[b93ef089d35c3386dd197e85afb6399bbd54cfb3] bpf: Fix the irq and nmi check in bpf_sk_storage for tracing usage
testing commit b93ef089d35c3386dd197e85afb6399bbd54cfb3 with gcc (GCC) 8.1.0
kernel signature: efbd555f0e3ac328f26d03fabfb30227817860553dcac085544257b965ff9677
run #0: basic kernel testing failed: BUG: sleeping function called from invalid context in sta_info_move_state
run #1: crashed: BUG: sleeping function called from invalid context in sta_info_move_state
run #2: crashed: BUG: sleeping function called from invalid context in sta_info_move_state
run #3: crashed: BUG: sleeping function called from invalid context in sta_info_move_state
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
# git bisect bad b93ef089d35c3386dd197e85afb6399bbd54cfb3
Bisecting: 0 revisions left to test after this (roughly 0 steps)
[024cd2cbd1ca2d29e6df538855d52c4e5990cab7] selftest/bpf: Fix IPV6FR handling in flow dissector
testing commit 024cd2cbd1ca2d29e6df538855d52c4e5990cab7 with gcc (GCC) 8.1.0
kernel signature: f00795cb9c5d290ce65c376055f30e85b34720bbff723a2b2912cade58e2cd1d
run #0: basic kernel testing failed: BUG: sleeping function called from invalid context in sta_info_move_state
run #1: OK
run #2: OK
run #3: OK
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
# git bisect good 024cd2cbd1ca2d29e6df538855d52c4e5990cab7
b93ef089d35c3386dd197e85afb6399bbd54cfb3 is the first bad commit
commit b93ef089d35c3386dd197e85afb6399bbd54cfb3
Author: Martin KaFai Lau <kafai@fb.com>
Date:   Mon Nov 16 12:01:13 2020 -0800

    bpf: Fix the irq and nmi check in bpf_sk_storage for tracing usage
    
    The intention of the current check is to avoid using bpf_sk_storage
    in irq and nmi.  Jakub pointed out that the current check cannot
    do that.  For example, in_serving_softirq() returns true
    if the softirq handling is interrupted by hard irq.
    
    Fixes: 8e4597c627fb ("bpf: Allow using bpf_sk_storage in FENTRY/FEXIT/RAW_TP")
    Suggested-by: Jakub Kicinski <kuba@kernel.org>
    Signed-off-by: Martin KaFai Lau <kafai@fb.com>
    Signed-off-by: Alexei Starovoitov <ast@kernel.org>
    Link: https://lore.kernel.org/bpf/20201116200113.2868539-1-kafai@fb.com

 net/core/bpf_sk_storage.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
culprit signature: efbd555f0e3ac328f26d03fabfb30227817860553dcac085544257b965ff9677
parent  signature: f00795cb9c5d290ce65c376055f30e85b34720bbff723a2b2912cade58e2cd1d
Reproducer flagged being flaky
revisions tested: 16, total time: 3h42m38.62719769s (build: 1h19m37.314340786s, test: 2h19m17.218538932s)
first bad commit: b93ef089d35c3386dd197e85afb6399bbd54cfb3 bpf: Fix the irq and nmi check in bpf_sk_storage for tracing usage
recipients (to): ["ast@kernel.org" "davem@davemloft.net" "kafai@fb.com" "kuba@kernel.org" "netdev@vger.kernel.org"]
recipients (cc): ["andriin@fb.com" "ast@kernel.org" "bpf@vger.kernel.org" "daniel@iogearbox.net" "john.fastabend@gmail.com" "kafai@fb.com" "kpsingh@chromium.org" "linux-kernel@vger.kernel.org" "songliubraving@fb.com" "yhs@fb.com"]
crash: BUG: sleeping function called from invalid context in sta_info_move_state
BUG: sleeping function called from invalid context at net/mac80211/sta_info.c:1962
in_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 21, name: kworker/u4:1
INFO: lockdep is turned off.
Preemption disabled at:
[<ffffffff835f7a60>] __mutex_lock_common kernel/locking/mutex.c:955 [inline]
[<ffffffff835f7a60>] __mutex_lock+0x70/0x9f0 kernel/locking/mutex.c:1103
CPU: 0 PID: 21 Comm: kworker/u4:1 Not tainted 5.10.0-rc3-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: phy12 ieee80211_iface_work

Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x77/0x97 lib/dump_stack.c:118
 ___might_sleep.cold.110+0xf2/0x106 kernel/sched/core.c:7298
 sta_info_move_state+0x1a/0x2b0 net/mac80211/sta_info.c:1962
 sta_info_free+0x11/0xd0 net/mac80211/sta_info.c:274
 sta_info_insert_rcu+0xd4/0xde0 net/mac80211/sta_info.c:738
 ieee80211_ibss_finish_sta+0x9e/0x120 net/mac80211/ibss.c:592
 ieee80211_ibss_work+0x10a/0x420 net/mac80211/ibss.c:1700
 process_one_work+0x273/0x600 kernel/workqueue.c:2272
 worker_thread+0x38/0x380 kernel/workqueue.c:2418
 kthread+0x144/0x170 kernel/kthread.c:292
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:296