bisecting cause commit starting from 1c5526968e270e4efccfa1da21d211a4915cdeda
building syzkaller on 0230ba3e7ee638765ace8e2c3b436e703017b46c
testing commit 1c5526968e270e4efccfa1da21d211a4915cdeda
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 259f5a724a61cca26d9cbbac88f4f99bfb2f9b5fb74c44691b7ec5b438065c37
all runs: crashed: KASAN: vmalloc-out-of-bounds Read in __bpf_prog_put
testing release v5.15
testing commit 8bb7eca972ad531c9b149c0a51ab43a417385813
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 23b867ff5df3d6cb6b498368a18ae79abf8004bbd96dea98ad38033811273ce5
run #0: crashed: KASAN: vmalloc-out-of-bounds Read in __bpf_prog_put
run #1: crashed: KASAN: vmalloc-out-of-bounds Read in __bpf_prog_put
run #2: crashed: KASAN: vmalloc-out-of-bounds Read in __bpf_prog_put
run #3: crashed: KASAN: vmalloc-out-of-bounds Read in __bpf_prog_put
run #4: crashed: KASAN: vmalloc-out-of-bounds Read in __bpf_prog_put
run #5: crashed: BUG: corrupted list in bpf_ksym_del
run #6: crashed: KASAN: vmalloc-out-of-bounds Read in __bpf_prog_put
run #7: crashed: WARNING: ODEBUG bug in corrupted
run #8: crashed: KASAN: vmalloc-out-of-bounds Read in __bpf_prog_put
run #9: crashed: KASAN: vmalloc-out-of-bounds Read in __bpf_prog_put
testing release v5.14
testing commit 7d2a07b769330c34b4deabeed939325c77a7ec2f
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: b2164682a4188d600e8629b33fdd665dc2a6573b9b8685e4bb26430826cfdcc6
all runs: OK
# git bisect start 8bb7eca972ad531c9b149c0a51ab43a417385813 7d2a07b769330c34b4deabeed939325c77a7ec2f
Bisecting: 6693 revisions left to test after this (roughly 13 steps)
[477f70cd2a67904e04c2c2b9bd0fa2e95222f2f6] Merge tag 'drm-next-2021-08-31-1' of git://anongit.freedesktop.org/drm/drm

testing commit 477f70cd2a67904e04c2c2b9bd0fa2e95222f2f6
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 726371af33dd2b72aa0c135a823a708ec7fffbf952f3f03487259e400859d097
run #0: crashed: KASAN: vmalloc-out-of-bounds Read in __bpf_prog_put
run #1: crashed: KASAN: vmalloc-out-of-bounds Read in __bpf_prog_put
run #2: crashed: KASAN: vmalloc-out-of-bounds Read in __bpf_prog_put
run #3: crashed: KASAN: vmalloc-out-of-bounds Read in __bpf_prog_put
run #4: crashed: KASAN: vmalloc-out-of-bounds Read in __bpf_prog_put
run #5: crashed: KASAN: vmalloc-out-of-bounds Read in __bpf_prog_put
run #6: crashed: KASAN: vmalloc-out-of-bounds Read in __bpf_prog_put
run #7: crashed: KASAN: wild-memory-access Write in __bpf_prog_put
run #8: crashed: KASAN: vmalloc-out-of-bounds Read in __bpf_prog_put
run #9: crashed: KASAN: vmalloc-out-of-bounds Read in __bpf_prog_put
# git bisect bad 477f70cd2a67904e04c2c2b9bd0fa2e95222f2f6
Bisecting: 3024 revisions left to test after this (roughly 12 steps)
[9e9fb7655ed585da8f468e29221f0ba194a5f613] Merge tag 'net-next-5.15' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next

testing commit 9e9fb7655ed585da8f468e29221f0ba194a5f613
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
arch/x86/kernel/setup.c:916:6: error: implicit declaration of function 'acpi_mps_check' [-Werror=implicit-function-declaration]
arch/x86/kernel/setup.c:1110:2: error: implicit declaration of function 'acpi_table_upgrade' [-Werror=implicit-function-declaration]
arch/x86/kernel/setup.c:1112:2: error: implicit declaration of function 'acpi_boot_table_init' [-Werror=implicit-function-declaration]
arch/x86/kernel/setup.c:1120:2: error: implicit declaration of function 'early_acpi_boot_init'; did you mean 'early_cpu_init'? [-Werror=implicit-function-declaration]
arch/x86/kernel/setup.c:1162:2: error: implicit declaration of function 'acpi_boot_init' [-Werror=implicit-function-declaration]
# git bisect skip 9e9fb7655ed585da8f468e29221f0ba194a5f613
Bisecting: 3024 revisions left to test after this (roughly 12 steps)
[7a47c52142c18a9239c5afea2c9656c68d3f22e7] s390/ccwgroup: Drop if with an always false condition

testing commit 7a47c52142c18a9239c5afea2c9656c68d3f22e7
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: b201ffabdcbb4bb507598941b607ce0827312f018389e2b76009d61ae4dbee42
run #0: crashed: BUG: sleeping function called from invalid context in lock_sock_nested
run #1: OK
run #2: OK
run #3: OK
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
reproducer seems to be flaky
# git bisect bad 7a47c52142c18a9239c5afea2c9656c68d3f22e7
Bisecting: 0 revisions left to test after this (roughly 1 step)
[a7bdb9a9767360c2b4096bbb379e73022b274483] s390/cio: Make struct css_driver::remove return void

testing commit a7bdb9a9767360c2b4096bbb379e73022b274483
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: b201ffabdcbb4bb507598941b607ce0827312f018389e2b76009d61ae4dbee42
run #0: crashed: BUG: sleeping function called from invalid context in lock_sock_nested
run #1: crashed: BUG: sleeping function called from invalid context in lock_sock_nested
run #2: OK
run #3: OK
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
run #10: OK
run #11: OK
run #12: OK
run #13: OK
run #14: OK
run #15: OK
run #16: OK
run #17: OK
run #18: OK
run #19: OK
# git bisect bad a7bdb9a9767360c2b4096bbb379e73022b274483
Bisecting: 0 revisions left to test after this (roughly 0 steps)
[dde0a31863d6a7b05ca7cb5d138586e71afc5e50] PCI: endpoint: Make struct pci_epf_driver::remove return void

testing commit dde0a31863d6a7b05ca7cb5d138586e71afc5e50
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: b201ffabdcbb4bb507598941b607ce0827312f018389e2b76009d61ae4dbee42
all runs: OK
# git bisect good dde0a31863d6a7b05ca7cb5d138586e71afc5e50
a7bdb9a9767360c2b4096bbb379e73022b274483 is the first bad commit
commit a7bdb9a9767360c2b4096bbb379e73022b274483
Author: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
Date:   Tue Jul 13 21:35:19 2021 +0200

    s390/cio: Make struct css_driver::remove return void
    
    The driver core ignores the return value of css_remove()
    (because there is only little it can do when a device disappears) and
    all callbacks return 0 anyhow.
    
    So make it impossible for future drivers to return an unused error code
    by changing the remove prototype to return void.
    
    The real motivation for this change is the quest to make struct
    bus_type::remove return void, too.
    
    Reviewed-by: Cornelia Huck <cohuck@redhat.com>
    Acked-by: Vineeth Vijayan <vneethv@linux.ibm.com>
    Signed-off-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
    Link: https://lore.kernel.org/r/20210713193522.1770306-3-u.kleine-koenig@pengutronix.de
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

 drivers/s390/cio/chsc_sch.c     | 3 +--
 drivers/s390/cio/css.c          | 7 ++++---
 drivers/s390/cio/css.h          | 2 +-
 drivers/s390/cio/device.c       | 5 ++---
 drivers/s390/cio/eadm_sch.c     | 4 +---
 drivers/s390/cio/vfio_ccw_drv.c | 3 +--
 6 files changed, 10 insertions(+), 14 deletions(-)

culprit signature: b201ffabdcbb4bb507598941b607ce0827312f018389e2b76009d61ae4dbee42
parent  signature: b201ffabdcbb4bb507598941b607ce0827312f018389e2b76009d61ae4dbee42
Reproducer flagged being flaky
revisions tested: 7, total time: 1h38m31.919116077s (build: 49m55.672666965s, test: 47m27.306170417s)
first bad commit: a7bdb9a9767360c2b4096bbb379e73022b274483 s390/cio: Make struct css_driver::remove return void
recipients (to): ["cohuck@redhat.com" "gregkh@linuxfoundation.org" "u.kleine-koenig@pengutronix.de" "vneethv@linux.ibm.com"]
recipients (cc): []
crash: BUG: sleeping function called from invalid context in lock_sock_nested
BUG: sleeping function called from invalid context at net/core/sock.c:3161
in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 8768, name: syz-executor.2
1 lock held by syz-executor.2/8768:
 #0: ffffffff8c40e540 (hci_sk_list.lock){++++}-{2:2}, at: hci_sock_dev_event+0x374/0x5c0 net/bluetooth/hci_sock.c:763
Preemption disabled at:
[<0000000000000000>] 0x0
CPU: 0 PID: 8768 Comm: syz-executor.2 Not tainted 5.14.0-rc2-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x57/0x7d lib/dump_stack.c:105
 ___might_sleep.cold+0x1f1/0x237 kernel/sched/core.c:9154
 lock_sock_nested+0x1e/0xf0 net/core/sock.c:3161
 lock_sock include/net/sock.h:1613 [inline]
 hci_sock_dev_event+0x3ea/0x5c0 net/bluetooth/hci_sock.c:765
 hci_unregister_dev+0x29b/0xfb0 net/bluetooth/hci_core.c:4033
 vhci_release+0x62/0xd0 drivers/bluetooth/hci_vhci.c:340
 __fput+0x209/0x870 fs/file_table.c:280
 task_work_run+0xc0/0x160 kernel/task_work.c:164
 exit_task_work include/linux/task_work.h:32 [inline]
 do_exit+0x9fe/0x24e0 kernel/exit.c:825
 do_group_exit+0xe7/0x290 kernel/exit.c:922
 __do_sys_exit_group kernel/exit.c:933 [inline]
 __se_sys_exit_group kernel/exit.c:931 [inline]
 __x64_sys_exit_group+0x35/0x40 kernel/exit.c:931
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x7f9cc64b1af9
Code: Unable to access opcode bytes at RIP 0x7f9cc64b1acf.
RSP: 002b:00007ffe20637038 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
RAX: ffffffffffffffda RBX: 00007ffe20637818 RCX: 00007f9cc64b1af9
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000043
RBP: 0000000000000000 R08: 0000000000000025 R09: 00007ffe20637818
R10: 0000000000000200 R11: 0000000000000246 R12: 00007f9cc650b2b8
R13: 0000000000000010 R14: 0000000000000000 R15: 00007ffe206372c0

======================================================