bisecting fixing commit since e87d24fce924bfcef9714bbaeb1514162420052e
building syzkaller on cca8798699baeeccbf80af23d234ac19a5d667aa
testing commit e87d24fce924bfcef9714bbaeb1514162420052e with gcc (GCC) 8.1.0
kernel signature: dedc831f96786eb1d8eeef825a3a2ef0b937a33fe3d37ad25588cadcdfb567ba
run #0: basic kernel testing failed: BUG: sleeping function called from invalid context in sta_info_move_state
run #1: crashed: BUG: sleeping function called from invalid context in sta_info_move_state
run #2: crashed: kernel BUG at mm/vmalloc.c:LINE!
run #3: crashed: kernel BUG at mm/vmalloc.c:LINE!
run #4: crashed: kernel BUG at mm/vmalloc.c:LINE!
run #5: crashed: kernel BUG at mm/vmalloc.c:LINE!
run #6: crashed: kernel BUG at mm/vmalloc.c:LINE!
run #7: crashed: kernel BUG at mm/vmalloc.c:LINE!
run #8: crashed: kernel BUG at mm/vmalloc.c:LINE!
run #9: crashed: kernel BUG at mm/vmalloc.c:LINE!
testing current HEAD f97844f9c518172f813b7ece18a9956b1f70c1bb
testing commit f97844f9c518172f813b7ece18a9956b1f70c1bb with gcc (GCC) 8.1.0
kernel signature: 1c49deb1097c758367b6eec3de373b0405e3abdbe7b3fb56ba4814f8e8883037
all runs: OK
# git bisect start f97844f9c518172f813b7ece18a9956b1f70c1bb e87d24fce924bfcef9714bbaeb1514162420052e
Bisecting: 7632 revisions left to test after this (roughly 13 steps)
[c367caf1a38b6f0a1aababafd88b00fefa625f9e] Merge tag 'sound-5.11-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound

testing commit c367caf1a38b6f0a1aababafd88b00fefa625f9e with gcc (GCC) 8.1.0
kernel signature: ee54f6c52304f4d4202bbd3400221adfbab9758d1a21eae85acbe191b899062d
all runs: OK
# git bisect bad c367caf1a38b6f0a1aababafd88b00fefa625f9e
Bisecting: 3937 revisions left to test after this (roughly 12 steps)
[efd5a1584537698220578227e6467638307c2a0b] net: hns3: fix expression that is currently always true

testing commit efd5a1584537698220578227e6467638307c2a0b with gcc (GCC) 8.1.0
kernel signature: 6f1e46b0ddd87665d42f04520ca187ce0a4636c0486df5c0a9bce338002ef972
all runs: OK
# git bisect bad efd5a1584537698220578227e6467638307c2a0b
Bisecting: 2096 revisions left to test after this (roughly 11 steps)
[7f376f1917d7461e05b648983e8d2aea9d0712b2] Merge tag 'mtd/fixes-for-5.10-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/mtd/linux

testing commit 7f376f1917d7461e05b648983e8d2aea9d0712b2 with gcc (GCC) 8.1.0
kernel signature: bbbc4c2e96695a6afb93b1f46dbee2e758858ac22c5130a15ddaa0b9b8c26617
all runs: OK
# git bisect bad 7f376f1917d7461e05b648983e8d2aea9d0712b2
Bisecting: 906 revisions left to test after this (roughly 10 steps)
[4a51c60a11158961f1291c5b95ff7e4cddfb0353] Merge branch 'akpm' (patches from Andrew)

testing commit 4a51c60a11158961f1291c5b95ff7e4cddfb0353 with gcc (GCC) 8.1.0
kernel signature: e052009e715573a39285263161eab5bee41ae12680d97085338104f3b58e9465
all runs: crashed: kernel BUG at mm/vmalloc.c:LINE!
# git bisect good 4a51c60a11158961f1291c5b95ff7e4cddfb0353
Bisecting: 458 revisions left to test after this (roughly 9 steps)
[2c6ffa9e9b11bdfa267fe05ad1e98d3491b4224f] Merge tag 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mst/vhost

testing commit 2c6ffa9e9b11bdfa267fe05ad1e98d3491b4224f with gcc (GCC) 8.1.0
kernel signature: 34debe88752a290ec81075459d3f4ab1997eecea7ac33f76918ee26b002d3877
all runs: crashed: kernel BUG at mm/vmalloc.c:LINE!
# git bisect good 2c6ffa9e9b11bdfa267fe05ad1e98d3491b4224f
Bisecting: 229 revisions left to test after this (roughly 8 steps)
[f5226f1d20c4113922dbe7742c416f06700c1ea9] Merge tag 'usb-5.10-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb

testing commit f5226f1d20c4113922dbe7742c416f06700c1ea9 with gcc (GCC) 8.1.0
kernel signature: 431f1113bd96d4aa36b837e977ffd87cbf8534bcad2aaa8e55065eeb2f2f6451
all runs: OK
# git bisect bad f5226f1d20c4113922dbe7742c416f06700c1ea9
Bisecting: 101 revisions left to test after this (roughly 7 steps)
[e87297fa080a7ed6b431873c771b3801cab573f5] Merge tag 'drm-fixes-2020-12-04' of git://anongit.freedesktop.org/drm/drm

testing commit e87297fa080a7ed6b431873c771b3801cab573f5 with gcc (GCC) 8.1.0
kernel signature: eba43b4973d046f3004639b6acd1dc530b98a015512a56c54df2d6e507008dda
all runs: OK
# git bisect bad e87297fa080a7ed6b431873c771b3801cab573f5
Bisecting: 63 revisions left to test after this (roughly 6 steps)
[13de4ed9e3a9ccbe54d05f7d5c773f69ecaf6c64] net: skbuff: ensure LSE is pullable before decrementing the MPLS ttl

testing commit 13de4ed9e3a9ccbe54d05f7d5c773f69ecaf6c64 with gcc (GCC) 8.1.0
kernel signature: 1633dae33bb63791412cec2d9a03392a8781ce0b8e3d2747a8a31b681cfb44b2
all runs: OK
# git bisect bad 13de4ed9e3a9ccbe54d05f7d5c773f69ecaf6c64
Bisecting: 31 revisions left to test after this (roughly 5 steps)
[4d521943f76bd0d1e68ea5e02df7aadd30b2838a] dt-bindings: net: correct interrupt flags in examples

testing commit 4d521943f76bd0d1e68ea5e02df7aadd30b2838a with gcc (GCC) 8.1.0
kernel signature: bcf1a6d1cac9d9394bb565568e12a4394068015cda12a0873fa08141f420ece3
all runs: OK
# git bisect bad 4d521943f76bd0d1e68ea5e02df7aadd30b2838a
Bisecting: 16 revisions left to test after this (roughly 4 steps)
[e14038a7ead09faa180eb072adc4a2157a0b475f] selftests: tc-testing: enable CONFIG_NET_SCH_RED as a module

testing commit e14038a7ead09faa180eb072adc4a2157a0b475f with gcc (GCC) 8.1.0
kernel signature: a2b35e9f01cfe52b6a44fa666aacef27ea1143ddfe719f560eb8a7b893ed7d41
all runs: OK
# git bisect bad e14038a7ead09faa180eb072adc4a2157a0b475f
Bisecting: 7 revisions left to test after this (roughly 3 steps)
[9a44bc9449cfe7e39dbadf537ff669fb007a9e63] bpf: Add MAINTAINERS entry for BPF LSM

testing commit 9a44bc9449cfe7e39dbadf537ff669fb007a9e63 with gcc (GCC) 8.1.0
kernel signature: 28e4e2b31eab00491d7194a19c4c0cb1f5947565691899f606a67f9b1677b2cf
all runs: OK
# git bisect bad 9a44bc9449cfe7e39dbadf537ff669fb007a9e63
Bisecting: 2 revisions left to test after this (roughly 2 steps)
[178648916e73e00de83150eb0c90c0d3a977a46a] xsk: Fix incorrect netdev reference count

testing commit 178648916e73e00de83150eb0c90c0d3a977a46a with gcc (GCC) 8.1.0
kernel signature: 753055b953f182cfaaa65485095559f7347a9e0dcd80ac66568992f552216847
all runs: OK
# git bisect bad 178648916e73e00de83150eb0c90c0d3a977a46a
Bisecting: 0 revisions left to test after this (roughly 1 step)
[537cf4e3cc2f6cc9088dcd6162de573f603adc29] xsk: Fix umem cleanup bug at socket destruct

testing commit 537cf4e3cc2f6cc9088dcd6162de573f603adc29 with gcc (GCC) 8.1.0
kernel signature: d3c9f9dc3df1e88028e6afd3d79e62807bf43a926162bd67f28f89b6217780d6
all runs: OK
# git bisect bad 537cf4e3cc2f6cc9088dcd6162de573f603adc29
Bisecting: 0 revisions left to test after this (roughly 0 steps)
[6200d5c3831370cd0ab4b6455933d12e82ea9956] MAINTAINERS: Update XDP and AF_XDP entries

testing commit 6200d5c3831370cd0ab4b6455933d12e82ea9956 with gcc (GCC) 8.1.0
kernel signature: 08380703f154eba79a46ff2182c0ce15bf19ab8ac6ff4b227a4e05c0e4ea73cd
all runs: crashed: kernel BUG at mm/vmalloc.c:LINE!
# git bisect good 6200d5c3831370cd0ab4b6455933d12e82ea9956
537cf4e3cc2f6cc9088dcd6162de573f603adc29 is the first bad commit
commit 537cf4e3cc2f6cc9088dcd6162de573f603adc29
Author: Magnus Karlsson <magnus.karlsson@intel.com>
Date:   Fri Nov 20 12:53:39 2020 +0100

    xsk: Fix umem cleanup bug at socket destruct
    
    Fix a bug that is triggered when a partially setup socket is
    destroyed. For a fully setup socket, a socket that has been bound to a
    device, the cleanup of the umem is performed at the end of the buffer
    pool's cleanup work queue item. This has to be performed in a work
    queue, and not in RCU cleanup, as it is doing a vunmap that cannot
    execute in interrupt context. However, when a socket has only been
    partially set up so that a umem has been created but the buffer pool
    has not, the code erroneously directly calls the umem cleanup function
    instead of using a work queue, and this leads to a BUG_ON() in
    vunmap().
    
    As there in this case is no buffer pool, we cannot use its work queue,
    so we need to introduce a work queue for the umem and schedule this for
    the cleanup. So in the case there is no pool, we are going to use the
    umem's own work queue to schedule the cleanup. But if there is a
    pool, the cleanup of the umem is still being performed by the pool's
    work queue, as it is important that the umem is cleaned up after the
    pool.
    
    Fixes: e5e1a4bc916d ("xsk: Fix possible memory leak at socket close")
    Reported-by: Marek Majtyka <marekx.majtyka@intel.com>
    Signed-off-by: Magnus Karlsson <magnus.karlsson@intel.com>
    Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
    Tested-by: Marek Majtyka <marekx.majtyka@intel.com>
    Link: https://lore.kernel.org/bpf/1605873219-21629-1-git-send-email-magnus.karlsson@gmail.com

 include/net/xdp_sock.h  |  1 +
 net/xdp/xdp_umem.c      | 19 ++++++++++++++++---
 net/xdp/xdp_umem.h      |  2 +-
 net/xdp/xsk.c           |  2 +-
 net/xdp/xsk_buff_pool.c |  2 +-
 5 files changed, 20 insertions(+), 6 deletions(-)

culprit signature: d3c9f9dc3df1e88028e6afd3d79e62807bf43a926162bd67f28f89b6217780d6
parent  signature: 08380703f154eba79a46ff2182c0ce15bf19ab8ac6ff4b227a4e05c0e4ea73cd
revisions tested: 16, total time: 3h9m31.602298259s (build: 1h13m24.657912874s, test: 1h54m38.545029028s)
first good commit: 537cf4e3cc2f6cc9088dcd6162de573f603adc29 xsk: Fix umem cleanup bug at socket destruct
recipients (to): ["daniel@iogearbox.net" "magnus.karlsson@intel.com" "marekx.majtyka@intel.com"]
recipients (cc): []