bisecting fixing commit since 2263955bf7e71ca8419b64d7a60510aad29002f6 building syzkaller on a0ebf917e7319ae8ef71cd2f36c488db8a6b384e testing commit 2263955bf7e71ca8419b64d7a60510aad29002f6 with gcc (GCC) 8.4.1 20210217 kernel signature: 05fb99c31e8821f387c84755eb6ac377242ccf4e58ac14f4907829804ecf189c all runs: crashed: general protection fault in ieee80211_subif_start_xmit testing current HEAD 2d19be4653f5e74ed95560b69f94eb6791d49af3 testing commit 2d19be4653f5e74ed95560b69f94eb6791d49af3 with gcc (GCC) 8.4.1 20210217 kernel signature: 52153b29c5249fce71d227fd3bc4bb9a807c7c77c2c49db30ab075878242d3bf all runs: OK # git bisect start 2d19be4653f5e74ed95560b69f94eb6791d49af3 2263955bf7e71ca8419b64d7a60510aad29002f6 Bisecting: 128 revisions left to test after this (roughly 7 steps) [ac518835f2dde43c0ece8d6ffc1437a794c7bc1e] platform/x86: touchscreen_dmi: Add swap-x-y quirk for Goodix touchscreen on Estar Beauty HD tablet testing commit ac518835f2dde43c0ece8d6ffc1437a794c7bc1e with gcc (GCC) 8.4.1 20210217 kernel signature: cca60ba58b9b43c8a668158a72eca3536b563af391f67f64cde44fa608d83148 all runs: OK # git bisect bad ac518835f2dde43c0ece8d6ffc1437a794c7bc1e Bisecting: 64 revisions left to test after this (roughly 6 steps) [8f9a98a0e00ad101e2301ebb78d8537133e39ceb] futex: Set task::futex_state to DEAD right after handling futex exit testing commit 8f9a98a0e00ad101e2301ebb78d8537133e39ceb with gcc (GCC) 8.4.1 20210217 kernel signature: ea0b1da9bd01e390a975ec6d42dac0ce99e3c5b9ed951483fdb733cc7f7bd3c7 all runs: crashed: general protection fault in ieee80211_subif_start_xmit # git bisect good 8f9a98a0e00ad101e2301ebb78d8537133e39ceb Bisecting: 32 revisions left to test after this (roughly 5 steps) [d8fc14c45f784d813c2b4246ce4d15632b3325ab] drivers: soc: atmel: add null entry at the end of at91_soc_allowed_list[] testing commit d8fc14c45f784d813c2b4246ce4d15632b3325ab with gcc (GCC) 8.4.1 20210217 kernel signature: 0d202fbf2274f0579e199d2fd1300aa2036ab888f7e5e26d2f751fbdfe52bbbc all runs: crashed: general protection fault in ieee80211_subif_start_xmit # git bisect good d8fc14c45f784d813c2b4246ce4d15632b3325ab Bisecting: 16 revisions left to test after this (roughly 4 steps) [b26b5e0861578fa7cdf444b1aa61d06f739eb306] mac80211: pause TX while changing interface type testing commit b26b5e0861578fa7cdf444b1aa61d06f739eb306 with gcc (GCC) 8.4.1 20210217 kernel signature: 382c36575b69a0ecca9b0362b61fe99c39c6290a448d3456d38d1097a4e316d7 all runs: OK # git bisect bad b26b5e0861578fa7cdf444b1aa61d06f739eb306 Bisecting: 7 revisions left to test after this (roughly 3 steps) [ccdabbf516f36a1a3793eda1e5284a8d170ea5dc] ARM: imx: build suspend-imx6.S with arm instruction set testing commit ccdabbf516f36a1a3793eda1e5284a8d170ea5dc with gcc (GCC) 8.4.1 20210217 kernel signature: 84883ead1ad0497d91c931172d1debbac31e42135f47e60c59aaf1a8765a4b90 all runs: crashed: general protection fault in ieee80211_subif_start_xmit # git bisect good ccdabbf516f36a1a3793eda1e5284a8d170ea5dc Bisecting: 3 revisions left to test after this (roughly 2 steps) [f518b796f494d11e053600495da9ad9bb4806d19] RDMA/cxgb4: Fix the reported max_recv_sge value testing commit f518b796f494d11e053600495da9ad9bb4806d19 with gcc (GCC) 8.4.1 20210217 kernel signature: 7e2d7588767c866cafc57b2f1582cbd027717619ab0448b62e2da41d06137fe1 all runs: crashed: general protection fault in ieee80211_subif_start_xmit # git bisect good f518b796f494d11e053600495da9ad9bb4806d19 Bisecting: 1 revision left to test after this (roughly 1 step) [413f388045e35532fc4786df7020db13dbf22ff8] iwlwifi: pcie: use jiffies for memory read spin time limit testing commit 413f388045e35532fc4786df7020db13dbf22ff8 with gcc (GCC) 8.4.1 20210217 kernel signature: 9a0e11a475145ee7596fe1e73a3f83058691bbcee797588209e161c7747d2235 all runs: crashed: general protection fault in ieee80211_subif_start_xmit # git bisect good 413f388045e35532fc4786df7020db13dbf22ff8 Bisecting: 0 revisions left to test after this (roughly 0 steps) [2f48393f903d964cf3bf079e8503568c2fc1c326] iwlwifi: pcie: reschedule in long-running memory reads testing commit 2f48393f903d964cf3bf079e8503568c2fc1c326 with gcc (GCC) 8.4.1 20210217 kernel signature: 9a0e11a475145ee7596fe1e73a3f83058691bbcee797588209e161c7747d2235 all runs: crashed: general protection fault in ieee80211_subif_start_xmit # git bisect good 2f48393f903d964cf3bf079e8503568c2fc1c326 b26b5e0861578fa7cdf444b1aa61d06f739eb306 is the first bad commit commit b26b5e0861578fa7cdf444b1aa61d06f739eb306 Author: Johannes Berg Date: Fri Jan 22 17:11:16 2021 +0100 mac80211: pause TX while changing interface type [ Upstream commit 054c9939b4800a91475d8d89905827bf9e1ad97a ] syzbot reported a crash that happened when changing the interface type around a lot, and while it might have been easy to fix just the symptom there, a little deeper investigation found that really the reason is that we allowed packets to be transmitted while in the middle of changing the interface type. Disallow TX by stopping the queues while changing the type. Fixes: 34d4bc4d41d2 ("mac80211: support runtime interface type changes") Reported-by: syzbot+d7a3b15976bf7de2238a@syzkaller.appspotmail.com Link: https://lore.kernel.org/r/20210122171115.b321f98f4d4f.I6997841933c17b093535c31d29355be3c0c39628@changeid Signed-off-by: Johannes Berg Signed-off-by: Sasha Levin net/mac80211/ieee80211_i.h | 1 + net/mac80211/iface.c | 6 ++++++ 2 files changed, 7 insertions(+) culprit signature: 382c36575b69a0ecca9b0362b61fe99c39c6290a448d3456d38d1097a4e316d7 parent signature: 9a0e11a475145ee7596fe1e73a3f83058691bbcee797588209e161c7747d2235 revisions tested: 10, total time: 2h24m4.211277281s (build: 1h17m6.683564046s, test: 1h2m48.475701142s) first good commit: b26b5e0861578fa7cdf444b1aa61d06f739eb306 mac80211: pause TX while changing interface type recipients (to): ["davem@davemloft.net" "johannes.berg@intel.com" "johannes@sipsolutions.net" "linux-wireless@vger.kernel.org" "netdev@vger.kernel.org" "sashal@kernel.org"] recipients (cc): ["linux-kernel@vger.kernel.org"]