bisecting fixing commit since c9194f32bfd932e976a158d1af97a63be68a2aab
building syzkaller on 6972b10616d785401dea17cec890cca8916424a7
testing commit c9194f32bfd932e976a158d1af97a63be68a2aab
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1
kernel signature: c18f1b3dbd9a34122761da0e08aa93c15f9e89521f37bf451f09c2a2b707b791
all runs: crashed: INFO: trying to register non-static key in ath9k_wmi_event_tasklet
testing current HEAD 4b93c544e90e2b28326182d31ee008eb80e02074
testing commit 4b93c544e90e2b28326182d31ee008eb80e02074
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1
kernel signature: bd3c5739fc576408f59c0db282769de575944de125119bc3e0959d67e804219c
run #0: basic kernel testing failed: KFENCE: use-after-free in kvm_fastop_exception
run #1: crashed: INFO: trying to register non-static key in ath9k_wmi_event_tasklet
run #2: crashed: INFO: trying to register non-static key in ath9k_wmi_event_tasklet
run #3: crashed: INFO: trying to register non-static key in ath9k_wmi_event_tasklet
run #4: crashed: INFO: trying to register non-static key in ath9k_wmi_event_tasklet
run #5: crashed: INFO: trying to register non-static key in ath9k_wmi_event_tasklet
run #6: crashed: INFO: trying to register non-static key in ath9k_wmi_event_tasklet
run #7: crashed: INFO: trying to register non-static key in ath9k_wmi_event_tasklet
run #8: crashed: INFO: trying to register non-static key in ath9k_wmi_event_tasklet
run #9: crashed: INFO: trying to register non-static key in ath9k_wmi_event_tasklet
revisions tested: 2, total time: 20m52.396221949s (build: 13m36.132939677s, test: 6m42.628435669s)
the crash still happens on HEAD
commit msg: thunderbolt: test: split up test cases in tb_test_credit_alloc_all
crash: INFO: trying to register non-static key in ath9k_wmi_event_tasklet
INFO: trying to register non-static key.
The code is fine but needs lockdep annotation, or maybe
you didn't initialize this object before use?
turning off the locking correctness validator.
CPU: 0 PID: 8758 Comm: kworker/0:4 Not tainted 5.14.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: mld mld_dad_work
Call Trace:
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x57/0x7d lib/dump_stack.c:105
assign_lock_key kernel/locking/lockdep.c:939 [inline]
register_lock_class+0xf79/0x10c0 kernel/locking/lockdep.c:1251
__lock_acquire+0x105/0x5410 kernel/locking/lockdep.c:4894
lock_acquire kernel/locking/lockdep.c:5625 [inline]
lock_acquire+0x1ab/0x510 kernel/locking/lockdep.c:5590
__raw_spin_lock_bh include/linux/spinlock_api_smp.h:135 [inline]
_raw_spin_lock_bh+0x2f/0x40 kernel/locking/spinlock.c:178
spin_lock_bh include/linux/spinlock.h:368 [inline]
ath9k_wmi_event_tasklet+0x203/0x3f0 drivers/net/wireless/ath/ath9k/wmi.c:172
tasklet_action_common.constprop.0+0x201/0x2e0 kernel/softirq.c:783
__do_softirq+0x29b/0x9c2 kernel/softirq.c:558
do_softirq.part.0+0xde/0x130 kernel/softirq.c:459
do_softirq kernel/softirq.c:451 [inline]
__local_bh_enable_ip+0x102/0x120 kernel/softirq.c:383
spin_unlock_bh include/linux/spinlock.h:408 [inline]
rt6_uncached_list_add net/ipv6/route.c:145 [inline]
icmp6_dst_alloc+0x3dc/0x650 net/ipv6/route.c:3289
mld_sendpack+0x527/0xc70 net/ipv6/mcast.c:1817
mld_send_initial_cr net/ipv6/mcast.c:1232 [inline]
mld_dad_work+0x177/0x510 net/ipv6/mcast.c:2270
process_one_work+0x87f/0x1450 kernel/workqueue.c:2297
worker_thread+0x598/0x1040 kernel/workqueue.c:2444
kthread+0x38b/0x460 kernel/kthread.c:319
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295
------------[ cut here ]------------
WARNING: CPU: 0 PID: 8758 at drivers/net/wireless/ath/ath9k/htc_drv_txrx.c:656 spin_unlock_bh include/linux/spinlock.h:408 [inline]
WARNING: CPU: 0 PID: 8758 at drivers/net/wireless/ath/ath9k/htc_drv_txrx.c:656 ath9k_htc_check_wake_queues drivers/net/wireless/ath/ath9k/htc_drv_txrx.c:76 [inline]
WARNING: CPU: 0 PID: 8758 at drivers/net/wireless/ath/ath9k/htc_drv_txrx.c:656 ath9k_htc_txstatus+0x2d1/0x460 drivers/net/wireless/ath/ath9k/htc_drv_txrx.c:686
Modules linked in:
CPU: 0 PID: 8758 Comm: kworker/0:4 Not tainted 5.14.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: mld mld_dad_work
RIP: 0010:ath9k_htc_txstatus+0x2d1/0x460 drivers/net/wireless/ath/ath9k/htc_drv_txrx.c:656
Code: 06 0f 8e 9e 01 00 00 41 0f b6 84 24 88 04 00 00 a8 01 75 1d 48 83 c4 38 48 89 ef 5b 5d 41 5c 41 5d 41 5e 41 5f e9 4f 15 cc 03 <0f> 0b e9 de fd ff ff 49 8d 7c 24 08 83 e0 fe 48 89 fa 41 88 84 24
RSP: 0018:ffffc90000007e60 EFLAGS: 00010202
RAX: 000000000000001c RBX: ffff888077f5cc0d RCX: fffffbfff14c2c09
RDX: 1ffffffff14c2c09 RSI: ffff888077f5cc0c RDI: ffff88805e8332a0
RBP: ffff888077f5cc0c R08: 0000000000000000 R09: 0000000000000000
R10: ffffed100bd06741 R11: 000000000007a089 R12: ffff88805e8332a0
R13: 0000000000000000 R14: dffffc0000000000 R15: ffff8880167533c0
FS: 0000000000000000(0000) GS:ffff8880b9e00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ffdb9bb2ff8 CR3: 0000000061b12000 CR4: 00000000001506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
ath9k_wmi_event_tasklet+0x2b1/0x3f0 drivers/net/wireless/ath/ath9k/wmi.c:179
tasklet_action_common.constprop.0+0x201/0x2e0 kernel/softirq.c:783
__do_softirq+0x29b/0x9c2 kernel/softirq.c:558
do_softirq.part.0+0xde/0x130 kernel/softirq.c:459
do_softirq kernel/softirq.c:451 [inline]
__local_bh_enable_ip+0x102/0x120 kernel/softirq.c:383
spin_unlock_bh include/linux/spinlock.h:408 [inline]
rt6_uncached_list_add net/ipv6/route.c:145 [inline]
icmp6_dst_alloc+0x3dc/0x650 net/ipv6/route.c:3289
mld_sendpack+0x527/0xc70 net/ipv6/mcast.c:1817
mld_send_initial_cr net/ipv6/mcast.c:1232 [inline]
mld_dad_work+0x177/0x510 net/ipv6/mcast.c:2270
process_one_work+0x87f/0x1450 kernel/workqueue.c:2297
worker_thread+0x598/0x1040 kernel/workqueue.c:2444
kthread+0x38b/0x460 kernel/kthread.c:319
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295
irq event stamp: 681052
hardirqs last enabled at (681052): [] __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:160 [inline]
hardirqs last enabled at (681052): [] _raw_spin_unlock_irqrestore+0x50/0x70 kernel/locking/spinlock.c:194
hardirqs last disabled at (681051): [] __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:108 [inline]
hardirqs last disabled at (681051): [] _raw_spin_lock_irqsave+0x4e/0x50 kernel/locking/spinlock.c:162
softirqs last enabled at (681046): [] spin_unlock_bh include/linux/spinlock.h:408 [inline]
softirqs last enabled at (681046): [] rt6_uncached_list_add net/ipv6/route.c:145 [inline]
softirqs last enabled at (681046): [] icmp6_dst_alloc+0x3dc/0x650 net/ipv6/route.c:3289
softirqs last disabled at (681047): [] do_softirq.part.0+0xde/0x130 kernel/softirq.c:459
---[ end trace 455296b416546b9f ]---
general protection fault, probably for non-canonical address 0xdffffc000000000c: 0000 [#1] PREEMPT SMP KASAN
KASAN: null-ptr-deref in range [0x0000000000000060-0x0000000000000067]
CPU: 0 PID: 8758 Comm: kworker/0:4 Tainted: G W 5.14.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: mld mld_dad_work
RIP: 0010:ath_printk+0xce/0x1d4 drivers/net/wireless/ath/main.c:82
Code: 89 44 24 50 48 8d 44 24 40 c7 44 24 40 18 00 00 00 48 89 44 24 28 0f 84 c2 00 00 00 48 8d 7e 10 49 89 f4 48 89 f8 48 c1 e8 03 <80> 3c 10 00 74 05 e8 42 a5 62 f9 4d 8b 64 24 10 4d 85 e4 0f 84 9b
RSP: 0018:ffffc90000007cf8 EFLAGS: 00010206
RAX: 000000000000000c RBX: 1ffff92000000f9f RCX: 0000000000000004
RDX: dffffc0000000000 RSI: 0000000000000050 RDI: 0000000000000060
RBP: ffffc90000007de0 R08: 0000000000000000 R09: ffff88805e8332dc
R10: ffffffff8954d240 R11: 000000000007a089 R12: 0000000000000050
R13: ffffffff8954d1a0 R14: 0000000000000004 R15: ffff88805e8338e8
FS: 0000000000000000(0000) GS:ffff8880b9e00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ffdb9bb2ff8 CR3: 0000000061b12000 CR4: 00000000001506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
get_htc_epid_queue drivers/net/wireless/ath/ath9k/htc_drv_txrx.c:149 [inline]
ath9k_htc_tx_get_packet+0x565/0x940 drivers/net/wireless/ath/ath9k/htc_drv_txrx.c:627
ath9k_htc_txstatus+0xc1/0x460 drivers/net/wireless/ath/ath9k/htc_drv_txrx.c:660
ath9k_wmi_event_tasklet+0x2b1/0x3f0 drivers/net/wireless/ath/ath9k/wmi.c:179
tasklet_action_common.constprop.0+0x201/0x2e0 kernel/softirq.c:783
__do_softirq+0x29b/0x9c2 kernel/softirq.c:558
do_softirq.part.0+0xde/0x130 kernel/softirq.c:459
do_softirq kernel/softirq.c:451 [inline]
__local_bh_enable_ip+0x102/0x120 kernel/softirq.c:383
spin_unlock_bh include/linux/spinlock.h:408 [inline]
rt6_uncached_list_add net/ipv6/route.c:145 [inline]
icmp6_dst_alloc+0x3dc/0x650 net/ipv6/route.c:3289
mld_sendpack+0x527/0xc70 net/ipv6/mcast.c:1817
mld_send_initial_cr net/ipv6/mcast.c:1232 [inline]
mld_dad_work+0x177/0x510 net/ipv6/mcast.c:2270
process_one_work+0x87f/0x1450 kernel/workqueue.c:2297
worker_thread+0x598/0x1040 kernel/workqueue.c:2444
kthread+0x38b/0x460 kernel/kthread.c:319
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295
Modules linked in:
----------------
Code disassembly (best guess):
0: 89 44 24 50 mov %eax,0x50(%rsp)
4: 48 8d 44 24 40 lea 0x40(%rsp),%rax
9: c7 44 24 40 18 00 00 movl $0x18,0x40(%rsp)
10: 00
11: 48 89 44 24 28 mov %rax,0x28(%rsp)
16: 0f 84 c2 00 00 00 je 0xde
1c: 48 8d 7e 10 lea 0x10(%rsi),%rdi
20: 49 89 f4 mov %rsi,%r12
23: 48 89 f8 mov %rdi,%rax
26: 48 c1 e8 03 shr $0x3,%rax
* 2a: 80 3c 10 00 cmpb $0x0,(%rax,%rdx,1) <-- trapping instruction
2e: 74 05 je 0x35
30: e8 42 a5 62 f9 callq 0xf962a577
35: 4d 8b 64 24 10 mov 0x10(%r12),%r12
3a: 4d 85 e4 test %r12,%r12
3d: 0f .byte 0xf
3e: 84 .byte 0x84
3f: 9b fwait