bisecting fixing commit since ad326970d25cc85128cd22d62398751ad072efff building syzkaller on ff4a3345a1b2a40ff1b8b983153d0b1fcc72f1c5 testing commit ad326970d25cc85128cd22d62398751ad072efff with gcc (GCC) 8.1.0 kernel signature: eb1465123f951c41ba1ffd1153195717a6b7bf82a645aac93c2dac287948872f run #0: crashed: KASAN: slab-out-of-bounds Read in ntfs_attr_find run #1: crashed: KASAN: slab-out-of-bounds Read in ntfs_attr_find run #2: crashed: KASAN: slab-out-of-bounds Read in ntfs_attr_find run #3: crashed: KASAN: use-after-free Read in ntfs_attr_find run #4: crashed: KASAN: use-after-free Read in ntfs_attr_find run #5: crashed: KASAN: use-after-free Read in ntfs_attr_find run #6: crashed: KASAN: slab-out-of-bounds Read in ntfs_attr_find run #7: crashed: KASAN: slab-out-of-bounds Read in ntfs_attr_find run #8: crashed: KASAN: slab-out-of-bounds Read in ntfs_attr_find run #9: crashed: KASAN: use-after-free Read in ntfs_attr_find testing current HEAD 76bda503e6406539b1ad5adefe69d3df439ee97f testing commit 76bda503e6406539b1ad5adefe69d3df439ee97f with gcc (GCC) 8.1.0 kernel signature: 88a336aa05c44f288306529ef939b214285795f508c26ac94dcad949df8a530e run #0: crashed: BUG: sleeping function called from invalid context in sta_info_move_state run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK reproducer seems to be flaky Reproducer flagged being flaky revisions tested: 2, total time: 31m42.086155439s (build: 18m4.445803893s, test: 12m35.882185644s) the crash still happens on HEAD commit msg: Linux 4.19.159 crash: BUG: sleeping function called from invalid context in sta_info_move_state IPv6: ADDRCONF(NETDEV_UP): wlan1: link is not ready wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready BUG: sleeping function called from invalid context at net/mac80211/sta_info.c:1850 in_atomic(): 0, irqs_disabled(): 0, pid: 8234, name: kworker/u4:6 4 locks held by kworker/u4:6/8234: Bluetooth: hci0: command 0x0419 tx timeout IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready #0: 00000000e09f8ad9 ((wq_completion)"%s"wiphy_name(local->hw.wiphy)){+.+.}, at: process_one_work+0x6e8/0x15a0 kernel/workqueue.c:2126 #1: 000000000b90633a ((work_completion)(&sdata->work)){+.+.}, at: process_one_work+0x71b/0x15a0 kernel/workqueue.c:2130 #2: 000000005d7880a7 (&wdev->mtx){+.+.}, at: sdata_lock net/mac80211/ieee80211_i.h:990 [inline] #2: 000000005d7880a7 (&wdev->mtx){+.+.}, at: ieee80211_ibss_work+0x8b/0xd00 net/mac80211/ibss.c:1675 #3: 000000005e41c43e (rcu_read_lock){....}, at: sta_info_insert_finish net/mac80211/sta_info.c:573 [inline] #3: 000000005e41c43e (rcu_read_lock){....}, at: sta_info_insert_rcu+0x44b/0x2020 net/mac80211/sta_info.c:661 Preemption disabled at: [] rcu_lockdep_current_cpu_online+0x47/0x1d0 kernel/rcu/tree.c:1076 CPU: 1 PID: 8234 Comm: kworker/u4:6 Not tainted 4.19.159-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Bluetooth: hci1: command 0x0419 tx timeout Workqueue: phy11 ieee80211_iface_work Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x17c/0x22a lib/dump_stack.c:118 Bluetooth: hci4: command 0x0419 tx timeout ___might_sleep.cold.15+0x1e2/0x256 kernel/sched/core.c:6196 __might_sleep+0x95/0x190 kernel/sched/core.c:6149 sta_info_move_state+0x31/0x860 net/mac80211/sta_info.c:1850 sta_info_free+0x4e/0x320 net/mac80211/sta_info.c:260 sta_info_insert_rcu+0x374/0x2020 net/mac80211/sta_info.c:667 ieee80211_ibss_finish_sta+0x1cc/0x2a0 net/mac80211/ibss.c:601 ieee80211_ibss_work+0x277/0xd00 net/mac80211/ibss.c:1692 Bluetooth: hci2: command 0x0419 tx timeout Bluetooth: hci5: command 0x0419 tx timeout ieee80211_iface_work+0x4d2/0x6e0 net/mac80211/iface.c:1366 process_one_work+0x7b9/0x15a0 kernel/workqueue.c:2155 worker_thread+0x85/0xb60 kernel/workqueue.c:2298 kthread+0x347/0x410 kernel/kthread.c:259 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415 Bluetooth: hci3: command 0x0419 tx timeout wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 IPv6: ADDRCONF(NETDEV_UP): wlan1: link is not ready wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 IPv6: ADDRCONF(NETDEV_UP): wlan1: link is not ready wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready __ntfs_warning: 358 callbacks suppressed ntfs: (device loop2): is_boot_sector_ntfs(): Invalid end of sector marker. ntfs: (device loop2): ntfs_read_inode_mount(): Incorrect mft record size 4294967295 in superblock, should be 4096. ntfs: (device loop2): ntfs_read_inode_mount(): Failed. Marking inode as bad. ntfs: (device loop2): ntfs_fill_super(): Failed to load essential metadata. ntfs: (device loop4): is_boot_sector_ntfs(): Invalid end of sector marker. ntfs: (device loop5): is_boot_sector_ntfs(): Invalid end of sector marker. ntfs: (device loop0): is_boot_sector_ntfs(): Invalid end of sector marker. ntfs: (device loop5): ntfs_read_inode_mount(): Incorrect mft record size 4294967295 in superblock, should be 4096. ntfs: (device loop3): is_boot_sector_ntfs(): Invalid end of sector marker. ntfs: (device loop4): ntfs_read_inode_mount(): Incorrect mft record size 4294967295 in superblock, should be 4096. __ntfs_warning: 410 callbacks suppressed ntfs: (device loop0): is_boot_sector_ntfs(): Invalid end of sector marker. ntfs: (device loop0): ntfs_read_inode_mount(): Incorrect mft record size 4294967295 in superblock, should be 4096. ntfs: (device loop0): ntfs_read_inode_mount(): Failed. Marking inode as bad. ntfs: (device loop0): ntfs_fill_super(): Failed to load essential metadata. ntfs: (device loop4): is_boot_sector_ntfs(): Invalid end of sector marker. ntfs: (device loop4): ntfs_read_inode_mount(): Incorrect mft record size 4294967295 in superblock, should be 4096. ntfs: (device loop3): is_boot_sector_ntfs(): Invalid end of sector marker. ntfs: (device loop4): ntfs_read_inode_mount(): Failed. Marking inode as bad. ntfs: (device loop1): is_boot_sector_ntfs(): Invalid end of sector marker. ntfs: (device loop4): ntfs_fill_super(): Failed to load essential metadata.