bisecting cause commit starting from a9a507013a6f98218d1797c8808bd9ba1e79782d
building syzkaller on 3fd2ea69e05557e7e0fef9b68263b4150670671c
testing commit a9a507013a6f98218d1797c8808bd9ba1e79782d
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1
kernel signature: e730190554e73d8afa84bd6c31d373dbf185bf0552aa75ec7a73ce1e8108f732
run #0: crashed: KASAN: use-after-free Write in null_skcipher_crypt
run #1: crashed: KASAN: use-after-free Write in null_skcipher_crypt
run #2: crashed: KASAN: use-after-free Write in null_skcipher_crypt
run #3: crashed: KASAN: use-after-free Write in null_skcipher_crypt
run #4: crashed: unexpected kernel reboot
run #5: crashed: KASAN: use-after-free Write in null_skcipher_crypt
run #6: crashed: KASAN: slab-out-of-bounds Write in null_skcipher_crypt
run #7: crashed: KASAN: use-after-free Write in null_skcipher_crypt
run #8: crashed: KASAN: slab-out-of-bounds Write in null_skcipher_crypt
run #9: crashed: KASAN: slab-out-of-bounds Write in null_skcipher_crypt
run #10: crashed: KASAN: use-after-free Write in null_skcipher_crypt
run #11: crashed: KASAN: use-after-free Write in null_skcipher_crypt
run #12: crashed: KASAN: slab-out-of-bounds Write in null_skcipher_crypt
run #13: crashed: KASAN: use-after-free Write in null_skcipher_crypt
run #14: crashed: KASAN: use-after-free Write in null_skcipher_crypt
run #15: crashed: KASAN: slab-out-of-bounds Write in null_skcipher_crypt
run #16: crashed: KASAN: use-after-free Write in null_skcipher_crypt
run #17: crashed: KASAN: use-after-free Write in null_skcipher_crypt
run #18: crashed: KASAN: use-after-free Write in null_skcipher_crypt
run #19: crashed: KASAN: use-after-free Write in null_skcipher_crypt
testing release v5.13
testing commit 62fb9874f5da54fdb243003b386128037319b219
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1
kernel signature: 909f5b513362d755e99068620c19525cb2afd91ca8725228219fd46574a48866
all runs: OK
# git bisect start a9a507013a6f98218d1797c8808bd9ba1e79782d 62fb9874f5da54fdb243003b386128037319b219
Bisecting: 7552 revisions left to test after this (roughly 13 steps)
[e04360a2ea01bf42aa639b65aad81f502e896c7f] Merge tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma

testing commit e04360a2ea01bf42aa639b65aad81f502e896c7f
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1
kernel signature: 88661c1a78c1e9c59c54273183f496bfecad7252c6a597313cc3f626b95eb7b2
run #0: crashed: KASAN: use-after-free Write in null_skcipher_crypt
run #1: crashed: KASAN: use-after-free Write in null_skcipher_crypt
run #2: crashed: KASAN: use-after-free Write in null_skcipher_crypt
run #3: crashed: KASAN: use-after-free Write in null_skcipher_crypt
run #4: crashed: KASAN: use-after-free Write in null_skcipher_crypt
run #5: crashed: KASAN: slab-out-of-bounds Write in null_skcipher_crypt
run #6: crashed: KASAN: use-after-free Write in null_skcipher_crypt
run #7: crashed: KASAN: use-after-free Write in null_skcipher_crypt
run #8: crashed: KASAN: use-after-free Write in null_skcipher_crypt
run #9: crashed: KASAN: use-after-free Write in null_skcipher_crypt
# git bisect bad e04360a2ea01bf42aa639b65aad81f502e896c7f
Bisecting: 4531 revisions left to test after this (roughly 12 steps)
[a6eaf3850cb171c328a8b0db6d3c79286a1eba9d] Merge tag 'sched-urgent-2021-06-30' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip

testing commit a6eaf3850cb171c328a8b0db6d3c79286a1eba9d
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1
kernel signature: d466e3170b657a35df971565dd48c0e1d2063175f45f4dc9e4a542036646d4b7
all runs: OK
# git bisect good a6eaf3850cb171c328a8b0db6d3c79286a1eba9d
Bisecting: 2276 revisions left to test after this (roughly 11 steps)
[3f8ad50a9e43b6a59070e6c9c5eec79626f81095] tcp: change ICSK_CA_PRIV_SIZE definition

testing commit 3f8ad50a9e43b6a59070e6c9c5eec79626f81095
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1
kernel signature: ae56c1d8d84d5369c2a393b55b18c27202c16ba357d992891a04557bc4f5ef08
run #0: crashed: KASAN: use-after-free Write in null_skcipher_crypt
run #1: crashed: KASAN: use-after-free Write in null_skcipher_crypt
run #2: crashed: KASAN: use-after-free Write in null_skcipher_crypt
run #3: crashed: KASAN: out-of-bounds Write in null_skcipher_crypt
run #4: crashed: KASAN: use-after-free Write in null_skcipher_crypt
run #5: crashed: KASAN: use-after-free Write in null_skcipher_crypt
run #6: crashed: KASAN: slab-out-of-bounds Write in null_skcipher_crypt
run #7: crashed: KASAN: use-after-free Write in null_skcipher_crypt
run #8: crashed: KASAN: use-after-free Write in null_skcipher_crypt
run #9: crashed: KASAN: slab-out-of-bounds Write in null_skcipher_crypt
# git bisect bad 3f8ad50a9e43b6a59070e6c9c5eec79626f81095
Bisecting: 1127 revisions left to test after this (roughly 10 steps)
[25396f680dd6257096c5dc6ceb90ce57caba8de1] net: phylink: introduce phylink_fwnode_phy_connect()

testing commit 25396f680dd6257096c5dc6ceb90ce57caba8de1
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1
kernel signature: fc7e499aa32ca4e7a6789235feccbaa6bfa39ab10ff93e12ec32468f37223677
run #0: crashed: BUG: sleeping function called from invalid context in lock_sock_nested
run #1: OK
run #2: OK
run #3: OK
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
reproducer seems to be flaky
# git bisect bad 25396f680dd6257096c5dc6ceb90ce57caba8de1
Bisecting: 562 revisions left to test after this (roughly 9 steps)
[e3d8178c6e076f5c4302418880989808db03f692] Merge branch 'part-2-of-sja1105-dsa-driver-preparation-for-new-switch-introduction-sja1110'

testing commit e3d8178c6e076f5c4302418880989808db03f692
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1
kernel signature: 7d136bd60c5733bac12b30bbb116acc19562020dcbc5c078434824efe801ea1e
all runs: OK
# git bisect good e3d8178c6e076f5c4302418880989808db03f692
Bisecting: 281 revisions left to test after this (roughly 8 steps)
[809660cbc82d1bef9a2da1839d5c26a53760252c] net: macb: Use devm_platform_get_and_ioremap_resource()

testing commit 809660cbc82d1bef9a2da1839d5c26a53760252c
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1
kernel signature: acd4d4038ba0d865ae8d932fa2429661472fdf6a8ebffca5e5fde9e0a88c8eb5
all runs: OK
# git bisect good 809660cbc82d1bef9a2da1839d5c26a53760252c
Bisecting: 139 revisions left to test after this (roughly 7 steps)
[7f3579e1893f66edef95a0436a4e10073d085fda] Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next

testing commit 7f3579e1893f66edef95a0436a4e10073d085fda
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1
kernel signature: 4f03f578454b8f5ec5f6a987cdd18274f91131b8c518bb57d1d40c7e965a93cb
all runs: OK
# git bisect good 7f3579e1893f66edef95a0436a4e10073d085fda
Bisecting: 69 revisions left to test after this (roughly 6 steps)
[9e2b7b0450cfc6a99ceaa37843cb5d0179e1c2ae] mt76: mt7615: Use devm_platform_get_and_ioremap_resource()

testing commit 9e2b7b0450cfc6a99ceaa37843cb5d0179e1c2ae
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1
kernel signature: 88d0761fa5a1bd163fa714cbc921eb58c59592731e2d769b5411694cd76a342d
all runs: OK
# git bisect good 9e2b7b0450cfc6a99ceaa37843cb5d0179e1c2ae
Bisecting: 34 revisions left to test after this (roughly 5 steps)
[7a4b92e8e0de9cbbb623310af76b1d60cd344b1d] s390/qeth: also use TX NAPI for non-IQD devices

testing commit 7a4b92e8e0de9cbbb623310af76b1d60cd344b1d
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1
kernel signature: 5fce263e565fde5ab4f9a1f2b1d4ddac9cc7b014fb2b9bac41b058a9444f94ad
all runs: OK
# git bisect good 7a4b92e8e0de9cbbb623310af76b1d60cd344b1d
Bisecting: 17 revisions left to test after this (roughly 4 steps)
[0cd2135cf83dd183d3fe05658e17b67b5f6cba86] net: pc300too: replace comparison to NULL with "!card->plxbase"

testing commit 0cd2135cf83dd183d3fe05658e17b67b5f6cba86
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1
kernel signature: 54454625623297f613d04a7811a6bb3956bbec857aee03dc93a97bd4f819555f
all runs: OK
# git bisect good 0cd2135cf83dd183d3fe05658e17b67b5f6cba86
Bisecting: 8 revisions left to test after this (roughly 3 steps)
[2d7b8bf1fa7afab77f106b67ec6e3d524e3745ca] of: mdio: Refactor of_phy_find_device()

testing commit 2d7b8bf1fa7afab77f106b67ec6e3d524e3745ca
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1
kernel signature: 14dc509234147da8a94812c19abe2ef2156eacab2996985a950c1934b733781a
all runs: OK
# git bisect good 2d7b8bf1fa7afab77f106b67ec6e3d524e3745ca
Bisecting: 4 revisions left to test after this (roughly 2 steps)
[bc1bee3b87ee48bd97ef7fd306445132ba2041b0] net: mdiobus: Introduce fwnode_mdiobus_register_phy()

testing commit bc1bee3b87ee48bd97ef7fd306445132ba2041b0
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1
kernel signature: b60510deebc0ed8efbae6f6092f8e0391ceca824607b36f36d1ee6f4b332ca0d
all runs: OK
# git bisect good bc1bee3b87ee48bd97ef7fd306445132ba2041b0
Bisecting: 2 revisions left to test after this (roughly 1 step)
[7ec16433cf1e97cfc823e50e9ee4e2fd3abfc4ee] ACPI: utils: Introduce acpi_get_local_address()

testing commit 7ec16433cf1e97cfc823e50e9ee4e2fd3abfc4ee
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1
kernel signature: 93cf47748a01c1dfa64f6ec52643ce616fabc389d844ed1b38f4e98ff068796f
run #0: crashed: BUG: sleeping function called from invalid context in lock_sock_nested
run #1: OK
run #2: OK
run #3: OK
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
run #10: OK
run #11: OK
run #12: OK
run #13: OK
run #14: OK
run #15: OK
run #16: OK
run #17: OK
run #18: OK
run #19: OK
# git bisect bad 7ec16433cf1e97cfc823e50e9ee4e2fd3abfc4ee
Bisecting: 0 revisions left to test after this (roughly 0 steps)
[8d2cb3ad31181f050af4d46d6854cf332d1207a9] of: mdio: Refactor of_mdiobus_register_phy()

testing commit 8d2cb3ad31181f050af4d46d6854cf332d1207a9
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1
kernel signature: 08a972b5587b65d46a5cbe958e166e9a7a1eb1751d886589e063775a35369089
run #0: crashed: BUG: sleeping function called from invalid context in lock_sock_nested
run #1: OK
run #2: OK
run #3: OK
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
run #10: OK
run #11: OK
run #12: OK
run #13: OK
run #14: OK
run #15: OK
run #16: OK
run #17: OK
run #18: OK
run #19: OK
# git bisect bad 8d2cb3ad31181f050af4d46d6854cf332d1207a9
8d2cb3ad31181f050af4d46d6854cf332d1207a9 is the first bad commit
commit 8d2cb3ad31181f050af4d46d6854cf332d1207a9
Author: Calvin Johnson <calvin.johnson@oss.nxp.com>
Date:   Fri Jun 11 13:53:55 2021 +0300

    of: mdio: Refactor of_mdiobus_register_phy()
    
    Refactor of_mdiobus_register_phy() to use fwnode_mdiobus_register_phy().
    Also, remove the of_find_mii_timestamper() since the fwnode variant is
    used instead.
    
    Signed-off-by: Calvin Johnson <calvin.johnson@oss.nxp.com>
    Signed-off-by: Ioana Ciornei <ioana.ciornei@nxp.com>
    Acked-by: Grant Likely <grant.likely@arm.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>

 drivers/net/mdio/of_mdio.c | 56 +---------------------------------------------
 1 file changed, 1 insertion(+), 55 deletions(-)

culprit signature: 08a972b5587b65d46a5cbe958e166e9a7a1eb1751d886589e063775a35369089
parent  signature: b60510deebc0ed8efbae6f6092f8e0391ceca824607b36f36d1ee6f4b332ca0d
Reproducer flagged being flaky
revisions tested: 16, total time: 3h58m45.962660386s (build: 1h45m25.762616799s, test: 2h11m55.757995251s)
first bad commit: 8d2cb3ad31181f050af4d46d6854cf332d1207a9 of: mdio: Refactor of_mdiobus_register_phy()
recipients (to): ["calvin.johnson@oss.nxp.com" "davem@davemloft.net" "grant.likely@arm.com" "ioana.ciornei@nxp.com"]
recipients (cc): []
crash: BUG: sleeping function called from invalid context in lock_sock_nested
BUG: sleeping function called from invalid context at net/core/sock.c:3077
in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 8831, name: syz-executor.2
1 lock held by syz-executor.2/8831:
 #0: ffffffff8c1e7f80 (hci_sk_list.lock){++++}-{2:2}, at: hci_sock_dev_event+0x377/0x5d0 net/bluetooth/hci_sock.c:763
Preemption disabled at:
[<0000000000000000>] 0x0
CPU: 0 PID: 8831 Comm: syz-executor.2 Not tainted 5.13.0-rc3-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:79 [inline]
 dump_stack+0xa5/0xe6 lib/dump_stack.c:120
 ___might_sleep.cold+0x1f1/0x237 kernel/sched/core.c:8338
 lock_sock_nested+0x1e/0xf0 net/core/sock.c:3077
 lock_sock include/net/sock.h:1610 [inline]
 hci_sock_dev_event+0x3ed/0x5d0 net/bluetooth/hci_sock.c:765
 hci_unregister_dev+0x29b/0xfb0 net/bluetooth/hci_core.c:4013
 vhci_release+0x62/0xd0 drivers/bluetooth/hci_vhci.c:340
 __fput+0x209/0x870 fs/file_table.c:280
 task_work_run+0xc0/0x160 kernel/task_work.c:164
 exit_task_work include/linux/task_work.h:32 [inline]
 do_exit+0xa26/0x2500 kernel/exit.c:826
 do_group_exit+0xe7/0x290 kernel/exit.c:923
 __do_sys_exit_group kernel/exit.c:934 [inline]
 __se_sys_exit_group kernel/exit.c:932 [inline]
 __x64_sys_exit_group+0x35/0x40 kernel/exit.c:932
 do_syscall_64+0x3a/0xb0 arch/x86/entry/common.c:47
 entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x4665e9
Code: Unable to access opcode bytes at RIP 0x4665bf.
RSP: 002b:00007ffc546e1ad8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
RAX: ffffffffffffffda RBX: 00007ffc546e2298 RCX: 00000000004665e9
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000043
RBP: 0000000000000000 R08: 0000000000000025 R09: 00007ffc546e2298
R10: 00000000ffffffff R11: 0000000000000246 R12: 00000000004bef74
R13: 0000000000000010 R14: 0000000000000000 R15: 0000000000400538

======================================================