bisecting cause commit starting from 34da87213d3ddd26643aa83deff7ffc6463da0fc building syzkaller on c521566d3f377ad8c69075d3de190738fd12368c testing commit 34da87213d3ddd26643aa83deff7ffc6463da0fc with gcc (GCC) 8.1.0 kernel signature: fa72f406c95a1a053aab5df218124c8e654a6ac4d70901f5943decde1267b36b all runs: crashed: BUG: unable to handle kernel paging request in htab_free_elems testing release v5.9 testing commit bbf5c979011a099af5dc76498918ed7df445635b with gcc (GCC) 8.1.0 kernel signature: ae997c81c8480492441e712d3c127e3da959156d4e937c464609e101fa84e28c all runs: OK # git bisect start 34da87213d3ddd26643aa83deff7ffc6463da0fc bbf5c979011a099af5dc76498918ed7df445635b Bisecting: 7881 revisions left to test after this (roughly 13 steps) [9ff9b0d392ea08090cd1780fb196f36dbb586529] Merge tag 'net-next-5.10' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next testing commit 9ff9b0d392ea08090cd1780fb196f36dbb586529 with gcc (GCC) 8.1.0 kernel signature: 5bd4bd308100f23687c473ea4c0a2ff448de9f81220b1082a3ae623809bbc5a3 all runs: OK # git bisect good 9ff9b0d392ea08090cd1780fb196f36dbb586529 Bisecting: 3923 revisions left to test after this (roughly 12 steps) [e533cda12d8f0e7936354bafdc85c81741f805d2] Merge tag 'armsoc-dt' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc testing commit e533cda12d8f0e7936354bafdc85c81741f805d2 with gcc (GCC) 8.1.0 kernel signature: 891f88128917d7a0933492816761b4642621c40248483973cc1036b0060aa27f all runs: OK # git bisect good e533cda12d8f0e7936354bafdc85c81741f805d2 Bisecting: 1961 revisions left to test after this (roughly 11 steps) [80145ac2f739558e66bd8789df3414bc0e111c58] Merge tag 's390-5.10-5' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux testing commit 80145ac2f739558e66bd8789df3414bc0e111c58 with gcc (GCC) 8.1.0 kernel signature: f69618801efefea457e2f10ad84f97e8b5544b103f4763c1c4abbf44c9b9f812 all runs: OK # git bisect good 80145ac2f739558e66bd8789df3414bc0e111c58 Bisecting: 980 revisions left to test after this (roughly 10 steps) [b6f88d9c2faec015491a4c9936c170d7bc8539d5] tipc: update address terminology in code testing commit b6f88d9c2faec015491a4c9936c170d7bc8539d5 with gcc (GCC) 8.1.0 kernel signature: dbad49f1935cf0ba56802376d1acf18649611f68b8afe2360bec72bccfc809b8 all runs: OK # git bisect good b6f88d9c2faec015491a4c9936c170d7bc8539d5 Bisecting: 475 revisions left to test after this (roughly 9 steps) [bbe2ba04c5a92a49db8a42c850a5a2f6481e47eb] Merge tag 'net-5.10-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net testing commit bbe2ba04c5a92a49db8a42c850a5a2f6481e47eb with gcc (GCC) 8.1.0 kernel signature: 8e03b3a98f93dcac56e744bcd5fe7d1f17e06f49c080e129542550add64e9780 all runs: OK # git bisect good bbe2ba04c5a92a49db8a42c850a5a2f6481e47eb Bisecting: 193 revisions left to test after this (roughly 8 steps) [a1dd1d86973182458da7798a95f26cfcbea599b4] Merge https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next testing commit a1dd1d86973182458da7798a95f26cfcbea599b4 with gcc (GCC) 8.1.0 kernel signature: 867d7f30eaf71dfd68a19253af414ce8729e761aa05a0b7062b9fa55a766ac3e all runs: crashed: BUG: unable to handle kernel paging request in htab_free_elems # git bisect bad a1dd1d86973182458da7798a95f26cfcbea599b4 Bisecting: 140 revisions left to test after this (roughly 7 steps) [36d076201bd467d6bd22ba14e56e457d55e32be7] dt-bindings: net: nfc: s3fwrn5: Support a UART interface testing commit 36d076201bd467d6bd22ba14e56e457d55e32be7 with gcc (GCC) 8.1.0 kernel signature: 271ce551c10596424da32a4f8d5e0d88b4938cd17ef4d681b92be1d1c1f3c0e0 all runs: OK # git bisect good 36d076201bd467d6bd22ba14e56e457d55e32be7 Bisecting: 70 revisions left to test after this (roughly 6 steps) [e9aae8beba825e4670463ddcf420b954f18d5ced] bpf: Memcg-based memory accounting for bpf local storage maps testing commit e9aae8beba825e4670463ddcf420b954f18d5ced with gcc (GCC) 8.1.0 kernel signature: 3b7177cab94f8f0ddf3bd09160434f4af291ef39625cda1b0af1480f01e08e7a run #0: crashed: BUG: sleeping function called from invalid context in sta_info_move_state run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK reproducer seems to be flaky # git bisect bad e9aae8beba825e4670463ddcf420b954f18d5ced Bisecting: 34 revisions left to test after this (roughly 5 steps) [ceb5dea5654354fb4e6e393c99f1d0bf4debab0e] samples: bpf: Remove bpf_load loader completely testing commit ceb5dea5654354fb4e6e393c99f1d0bf4debab0e with gcc (GCC) 8.1.0 kernel signature: ffb2ad7eff131f090cc535b548a6fb8b651c9c8e82d1e77232fc4cbac7d08a71 run #0: crashed: BUG: sleeping function called from invalid context in sta_info_move_state run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect bad ceb5dea5654354fb4e6e393c99f1d0bf4debab0e Bisecting: 17 revisions left to test after this (roughly 4 steps) [450d060e8f752a6ce052a2bffd3f01633472e330] bpftool: Add {i,d}tlb_misses support for bpftool profile testing commit 450d060e8f752a6ce052a2bffd3f01633472e330 with gcc (GCC) 8.1.0 kernel signature: d1374be8d5e301a89d418e43111439ea114ce565bab902b9de9dcfc6834e74c5 run #0: basic kernel testing failed: BUG: sleeping function called from invalid context in sta_info_move_state run #1: crashed: BUG: sleeping function called from invalid context in sta_info_move_state run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect bad 450d060e8f752a6ce052a2bffd3f01633472e330 Bisecting: 7 revisions left to test after this (roughly 3 steps) [cbf398d76534427877e5824dd61611514cf284b3] Merge branch 'af-xdp-tx-batch' testing commit cbf398d76534427877e5824dd61611514cf284b3 with gcc (GCC) 8.1.0 kernel signature: e3fdf784f93a0b5934c8421f0c428a87aac52a34a519d33c547b4f33b7dd39be run #0: crashed: BUG: sleeping function called from invalid context in sta_info_move_state run #1: crashed: BUG: sleeping function called from invalid context in sta_info_move_state run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect bad cbf398d76534427877e5824dd61611514cf284b3 Bisecting: 4 revisions left to test after this (roughly 2 steps) [90da4b3208d32bdb5489ca08b91af16ed4a68d00] samples/bpf: Increment Tx stats at sending testing commit 90da4b3208d32bdb5489ca08b91af16ed4a68d00 with gcc (GCC) 8.1.0 kernel signature: efbd555f0e3ac328f26d03fabfb30227817860553dcac085544257b965ff9677 run #0: basic kernel testing failed: BUG: sleeping function called from invalid context in sta_info_move_state run #1: crashed: BUG: sleeping function called from invalid context in sta_info_move_state run #2: crashed: BUG: sleeping function called from invalid context in sta_info_move_state run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect bad 90da4b3208d32bdb5489ca08b91af16ed4a68d00 Bisecting: 1 revision left to test after this (roughly 1 step) [b93ef089d35c3386dd197e85afb6399bbd54cfb3] bpf: Fix the irq and nmi check in bpf_sk_storage for tracing usage testing commit b93ef089d35c3386dd197e85afb6399bbd54cfb3 with gcc (GCC) 8.1.0 kernel signature: efbd555f0e3ac328f26d03fabfb30227817860553dcac085544257b965ff9677 run #0: crashed: BUG: sleeping function called from invalid context in sta_info_move_state run #1: crashed: BUG: sleeping function called from invalid context in sta_info_move_state run #2: crashed: BUG: sleeping function called from invalid context in sta_info_move_state run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect bad b93ef089d35c3386dd197e85afb6399bbd54cfb3 Bisecting: 0 revisions left to test after this (roughly 0 steps) [024cd2cbd1ca2d29e6df538855d52c4e5990cab7] selftest/bpf: Fix IPV6FR handling in flow dissector testing commit 024cd2cbd1ca2d29e6df538855d52c4e5990cab7 with gcc (GCC) 8.1.0 kernel signature: f00795cb9c5d290ce65c376055f30e85b34720bbff723a2b2912cade58e2cd1d run #0: crashed: BUG: sleeping function called from invalid context in sta_info_move_state run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect bad 024cd2cbd1ca2d29e6df538855d52c4e5990cab7 024cd2cbd1ca2d29e6df538855d52c4e5990cab7 is the first bad commit commit 024cd2cbd1ca2d29e6df538855d52c4e5990cab7 Author: Santucci Pierpaolo Date: Mon Nov 16 11:30:37 2020 +0100 selftest/bpf: Fix IPV6FR handling in flow dissector From second fragment on, IPV6FR program must stop the dissection of IPV6 fragmented packet. This is the same approach used for IPV4 fragmentation. This fixes the flow keys calculation for the upper-layer protocols. Note that according to RFC8200, the first fragment packet must include the upper-layer header. Signed-off-by: Santucci Pierpaolo Signed-off-by: Daniel Borkmann Reviewed-by: Jakub Sitnicki Link: https://lore.kernel.org/bpf/X7JUzUj34ceE2wBm@santucci.pierpaolo tools/testing/selftests/bpf/progs/bpf_flow.c | 2 ++ 1 file changed, 2 insertions(+) parent commit 2d38c5802f4626e85d280b68481c3f3ca4853ecb wasn't tested testing commit 2d38c5802f4626e85d280b68481c3f3ca4853ecb with gcc (GCC) 8.1.0 kernel signature: f00795cb9c5d290ce65c376055f30e85b34720bbff723a2b2912cade58e2cd1d culprit signature: f00795cb9c5d290ce65c376055f30e85b34720bbff723a2b2912cade58e2cd1d parent signature: f00795cb9c5d290ce65c376055f30e85b34720bbff723a2b2912cade58e2cd1d Reproducer flagged being flaky revisions tested: 16, total time: 3h44m51.833611851s (build: 1h21m21.001267807s, test: 2h19m35.221692084s) first bad commit: 024cd2cbd1ca2d29e6df538855d52c4e5990cab7 selftest/bpf: Fix IPV6FR handling in flow dissector recipients (to): ["daniel@iogearbox.net" "jakub@cloudflare.com" "santucci@epigenesys.com"] recipients (cc): [] crash: BUG: sleeping function called from invalid context in sta_info_move_state BUG: sleeping function called from invalid context at net/mac80211/sta_info.c:1962 in_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 33, name: kworker/u4:2 4 locks held by kworker/u4:2/33: #0: ffff88811ed69d38 ((wq_completion)phy14){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:615 [inline] #0: ffff88811ed69d38 ((wq_completion)phy14){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:643 [inline] #0: ffff88811ed69d38 ((wq_completion)phy14){+.+.}-{0:0}, at: process_one_work+0x1e6/0x600 kernel/workqueue.c:2243 #1: ffffc90000d63e70 ((work_completion)(&sdata->work)){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:615 [inline] #1: ffffc90000d63e70 ((work_completion)(&sdata->work)){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:643 [inline] #1: ffffc90000d63e70 ((work_completion)(&sdata->work)){+.+.}-{0:0}, at: process_one_work+0x1e6/0x600 kernel/workqueue.c:2243 #2: ffff88811f0e4d00 (&wdev->mtx){+.+.}-{3:3}, at: sdata_lock net/mac80211/ieee80211_i.h:1015 [inline] #2: ffff88811f0e4d00 (&wdev->mtx){+.+.}-{3:3}, at: ieee80211_ibss_work+0x36/0x420 net/mac80211/ibss.c:1683 #3: ffffffff84bf1e40 (rcu_read_lock){....}-{1:2}, at: sta_info_insert_finish net/mac80211/sta_info.c:644 [inline] #3: ffffffff84bf1e40 (rcu_read_lock){....}-{1:2}, at: sta_info_insert_rcu+0x1c2/0xde0 net/mac80211/sta_info.c:732 Preemption disabled at: [] __mutex_lock_common kernel/locking/mutex.c:955 [inline] [] __mutex_lock+0x70/0x9f0 kernel/locking/mutex.c:1103 CPU: 0 PID: 33 Comm: kworker/u4:2 Not tainted 5.10.0-rc3-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: phy14 ieee80211_iface_work Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x77/0x97 lib/dump_stack.c:118 ___might_sleep.cold.110+0xf2/0x106 kernel/sched/core.c:7298 sta_info_move_state+0x1a/0x2b0 net/mac80211/sta_info.c:1962 sta_info_free+0x11/0xd0 net/mac80211/sta_info.c:274 sta_info_insert_rcu+0xd4/0xde0 net/mac80211/sta_info.c:738 ieee80211_ibss_finish_sta+0x9e/0x120 net/mac80211/ibss.c:592 ieee80211_ibss_work+0x10a/0x420 net/mac80211/ibss.c:1700 process_one_work+0x273/0x600 kernel/workqueue.c:2272 worker_thread+0x38/0x380 kernel/workqueue.c:2418 kthread+0x144/0x170 kernel/kthread.c:292 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:296 ============================= [ BUG: Invalid wait context ] 5.10.0-rc3-syzkaller #0 Tainted: G W ----------------------------- kworker/u4:2/33 is trying to lock: ffff88811f0da9d0 (&local->chanctx_mtx){+.+.}-{3:3}, at: ieee80211_recalc_min_chandef+0x1f/0x90 net/mac80211/util.c:2741 other info that might help us debug this: context-{4:4} 4 locks held by kworker/u4:2/33: #0: ffff88811ed69d38 ((wq_completion)phy14){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:615 [inline] #0: ffff88811ed69d38 ((wq_completion)phy14){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:643 [inline] #0: ffff88811ed69d38 ((wq_completion)phy14){+.+.}-{0:0}, at: process_one_work+0x1e6/0x600 kernel/workqueue.c:2243 #1: ffffc90000d63e70 ((work_completion)(&sdata->work)){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:615 [inline] #1: ffffc90000d63e70 ((work_completion)(&sdata->work)){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:643 [inline] #1: ffffc90000d63e70 ((work_completion)(&sdata->work)){+.+.}-{0:0}, at: process_one_work+0x1e6/0x600 kernel/workqueue.c:2243 #2: ffff88811f0e4d00 (&wdev->mtx){+.+.}-{3:3}, at: sdata_lock net/mac80211/ieee80211_i.h:1015 [inline] #2: ffff88811f0e4d00 (&wdev->mtx){+.+.}-{3:3}, at: ieee80211_ibss_work+0x36/0x420 net/mac80211/ibss.c:1683 #3: ffffffff84bf1e40 (rcu_read_lock){....}-{1:2}, at: sta_info_insert_finish net/mac80211/sta_info.c:644 [inline] #3: ffffffff84bf1e40 (rcu_read_lock){....}-{1:2}, at: sta_info_insert_rcu+0x1c2/0xde0 net/mac80211/sta_info.c:732 stack backtrace: CPU: 0 PID: 33 Comm: kworker/u4:2 Tainted: G W 5.10.0-rc3-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: phy14 ieee80211_iface_work Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x77/0x97 lib/dump_stack.c:118 print_lock_invalid_wait_context kernel/locking/lockdep.c:4483 [inline] check_wait_context kernel/locking/lockdep.c:4544 [inline] __lock_acquire.cold.73+0x160/0x2be kernel/locking/lockdep.c:4781 lock_acquire+0xd0/0x3d0 kernel/locking/lockdep.c:5436 __mutex_lock_common kernel/locking/mutex.c:956 [inline] __mutex_lock+0x94/0x9f0 kernel/locking/mutex.c:1103 ieee80211_recalc_min_chandef+0x1f/0x90 net/mac80211/util.c:2741 sta_info_move_state+0x140/0x2b0 net/mac80211/sta_info.c:2019 sta_info_free+0x11/0xd0 net/mac80211/sta_info.c:274 sta_info_insert_rcu+0xd4/0xde0 net/mac80211/sta_info.c:738 ieee80211_ibss_finish_sta+0x9e/0x120 net/mac80211/ibss.c:592 ieee80211_ibss_work+0x10a/0x420 net/mac80211/ibss.c:1700 process_one_work+0x273/0x600 kernel/workqueue.c:2272 worker_thread+0x38/0x380 kernel/workqueue.c:2418 kthread+0x144/0x170 kernel/kthread.c:292 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:296