bisecting cause commit starting from c2eecaa193ff1e516a1b389637169ae86a6fa867
building syzkaller on b97d64c9fd454c0e4be1a5ab22450d0aeb368d18
testing commit c2eecaa193ff1e516a1b389637169ae86a6fa867
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1
kernel signature: 36816752ddeb2bf16cb06dcc8c01cf213029555637fe56550bfd331f57519615
all runs: crashed: BUG: sleeping function called from invalid context in _copy_to_iter
testing release v5.13
testing commit 62fb9874f5da54fdb243003b386128037319b219
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1
kernel signature: 909f5b513362d755e99068620c19525cb2afd91ca8725228219fd46574a48866
all runs: OK
# git bisect start c2eecaa193ff1e516a1b389637169ae86a6fa867 62fb9874f5da54fdb243003b386128037319b219
Bisecting: 7731 revisions left to test after this (roughly 13 steps)
[71bd9341011f626d692aabe024f099820f02c497] Merge branch 'akpm' (patches from Andrew)

testing commit 71bd9341011f626d692aabe024f099820f02c497
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1
kernel signature: f38e6ef7a09cbf44cb4fdaa8b26970bc4654e2a96050b8ba9d122b139fc240b4
run #0: basic kernel testing failed: possible deadlock in fs_reclaim_acquire
run #1: OK
run #2: OK
run #3: OK
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
# git bisect good 71bd9341011f626d692aabe024f099820f02c497
Bisecting: 3771 revisions left to test after this (roughly 12 steps)
[79160a603bdb51916226caf4a6616cc4e1c58a58] Merge tag 'usb-5.14-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb

testing commit 79160a603bdb51916226caf4a6616cc4e1c58a58
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1
kernel signature: 4ec73fe21998bb035e4ca9721491cd94239fbd912e4b1a5f08cd60c0b305f355
run #0: boot failed: BUG: sleeping function called from invalid context in stack_depot_save
run #1: boot failed: kernel panic: VFS: Unable to mount root fs on unknown-block(0,0)
run #2: boot failed: possible deadlock in get_page_from_freelist
run #3: boot failed: kernel panic: VFS: Unable to mount root fs on unknown-block(0,0)
run #4: boot failed: BUG: sleeping function called from invalid context in stack_depot_save
run #5: boot failed: BUG: sleeping function called from invalid context in stack_depot_save
run #6: boot failed: kernel panic: VFS: Unable to mount root fs on unknown-block(0,0)
run #7: boot failed: kernel panic: VFS: Unable to mount root fs on unknown-block(0,0)
run #8: boot failed: BUG: sleeping function called from invalid context in stack_depot_save
run #9: boot failed: BUG: sleeping function called from invalid context in stack_depot_save
# git bisect skip 79160a603bdb51916226caf4a6616cc4e1c58a58
Bisecting: 3771 revisions left to test after this (roughly 12 steps)
[824731258b65f58764786f8d776c2007b084e12c] scsi: target: tcmu: Fix boolreturn.cocci warnings

testing commit 824731258b65f58764786f8d776c2007b084e12c
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1
kernel signature: 7fcadd3e8d16dc747918c05af0a53bef368f5d65dc33160eef0fdb94e3a70239
all runs: OK
# git bisect good 824731258b65f58764786f8d776c2007b084e12c
Bisecting: 3771 revisions left to test after this (roughly 12 steps)
[54ea2f49fd9400dd698c25450be3352b5613b3b4] bpf, sockmap, udp: sk_prot needs inuse_idx set for proc stats

testing commit 54ea2f49fd9400dd698c25450be3352b5613b3b4
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1
kernel signature: 2a07256f57ae8e795d9e394483c05a18ce67042f037aa68bc5b25f1cca00eb25
run #0: basic kernel testing failed: possible deadlock in fs_reclaim_acquire
run #1: OK
run #2: OK
run #3: OK
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
# git bisect good 54ea2f49fd9400dd698c25450be3352b5613b3b4
Bisecting: 3836 revisions left to test after this (roughly 12 steps)
[c932ed0adb09a7fa6d6649ee04dd78c83ab07ada] Merge tag 'tty-5.14-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty

testing commit c932ed0adb09a7fa6d6649ee04dd78c83ab07ada
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1
kernel signature: 258a0c913cbce9af47305c6674de8eb7e3de192b3a7462c4ca2decf4916cd287
run #0: boot failed: kernel panic: VFS: Unable to mount root fs on unknown-block(0,0)
run #1: boot failed: kernel panic: VFS: Unable to mount root fs on unknown-block(0,0)
run #2: boot failed: BUG: sleeping function called from invalid context in stack_depot_save
run #3: boot failed: kernel panic: VFS: Unable to mount root fs on unknown-block(0,0)
run #4: boot failed: possible deadlock in fs_reclaim_acquire
run #5: boot failed: possible deadlock in fs_reclaim_acquire
run #6: boot failed: possible deadlock in fs_reclaim_acquire
run #7: boot failed: kernel panic: VFS: Unable to mount root fs on unknown-block(0,0)
run #8: boot failed: kernel panic: VFS: Unable to mount root fs on unknown-block(0,0)
run #9: boot failed: BUG: sleeping function called from invalid context in stack_depot_save
# git bisect skip c932ed0adb09a7fa6d6649ee04dd78c83ab07ada
Bisecting: 3836 revisions left to test after this (roughly 12 steps)
[7f33f56b02ca49d23d3b3014d693a16b0cf6324a] scsi: fas216: Translate message to host byte status

testing commit 7f33f56b02ca49d23d3b3014d693a16b0cf6324a
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1
kernel signature: c897e8d14c0b25eb2cd915924e70b67a803101741d2f85aba43dfb2b195317a0
all runs: boot failed: kernel panic: VFS: Unable to mount root fs on unknown-block(0,0)
# git bisect skip 7f33f56b02ca49d23d3b3014d693a16b0cf6324a
Bisecting: 3836 revisions left to test after this (roughly 12 steps)
[d8a719059b9dc963aa190598778ac804ff3e6a87] Revert "mm/pgtable: add stubs for {pmd/pub}_{set/clear}_huge"

testing commit d8a719059b9dc963aa190598778ac804ff3e6a87
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1
kernel signature: 526a62feb6b0df89d2e74381f5f8db1774cd4fee18969f34a3d907a7c8fbe4c1
all runs: OK
# git bisect good d8a719059b9dc963aa190598778ac804ff3e6a87
Bisecting: 808 revisions left to test after this (roughly 10 steps)
[d92f7b59d32bfeace7315b416f5244dd5c3935fa] eql: use ndo_siocdevprivate

testing commit d92f7b59d32bfeace7315b416f5244dd5c3935fa
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1
kernel signature: 42e38c4b49f879add2accf941252d65bd7b1a35ad8ebb237416aacd9154e167d
all runs: OK
# git bisect good d92f7b59d32bfeace7315b416f5244dd5c3935fa
Bisecting: 440 revisions left to test after this (roughly 9 steps)
[e1dab4c02de0b495a9393915d71e452f8e77a464] Merge tag 'acpi-5.14-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm

testing commit e1dab4c02de0b495a9393915d71e452f8e77a464
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1
kernel signature: 832bb0c2499e659ffbb31bbacbcfba39fe838fc09cadfa779104dbdbd8044104
all runs: OK
# git bisect good e1dab4c02de0b495a9393915d71e452f8e77a464
Bisecting: 197 revisions left to test after this (roughly 8 steps)
[d2e11fd2b7fcd10b7bcef418c55490c934aa94e8] Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net

testing commit d2e11fd2b7fcd10b7bcef418c55490c934aa94e8
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1
kernel signature: 2b9fd3d2e61ee2009e061baa3c93d252227d18ce678bdc014cb612d191633e99
all runs: boot failed: WARNING: refcount bug in fib_create_info
# git bisect skip d2e11fd2b7fcd10b7bcef418c55490c934aa94e8
Bisecting: 197 revisions left to test after this (roughly 8 steps)
[79976892f7ea37f44f8bcfb6d266954e8ae0124d] net: convert fib_treeref from int to refcount_t

testing commit 79976892f7ea37f44f8bcfb6d266954e8ae0124d
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1
kernel signature: 3c4fdad50d3619b0235e69975a79e33ac6fa93841e631d3df82f0938b80d6d45
all runs: boot failed: WARNING: refcount bug in fib_create_info
# git bisect skip 79976892f7ea37f44f8bcfb6d266954e8ae0124d
Bisecting: 197 revisions left to test after this (roughly 8 steps)
[81dd3ee5962d767b913d4c4efec3f50e888463c1] appletalk: ltpc: remove static probing

testing commit 81dd3ee5962d767b913d4c4efec3f50e888463c1
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1
kernel signature: 99a54f8265266295a53b24c6dabaa9cbdc150dd4b4d652ff90a3b17cda474d7c
all runs: OK
# git bisect good 81dd3ee5962d767b913d4c4efec3f50e888463c1
Bisecting: 29 revisions left to test after this (roughly 5 steps)
[271e5b7d00aeff7c61fb6c5415d14dbedb783b68] net: add netif_set_real_num_queues() for device reconfig

testing commit 271e5b7d00aeff7c61fb6c5415d14dbedb783b68
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1
kernel signature: 5000b7798bf87b709a9dceddd5bf8922429afd84c02712422e356b9f0f9d0054
all runs: crashed: BUG: sleeping function called from invalid context in _copy_to_iter
# git bisect bad 271e5b7d00aeff7c61fb6c5415d14dbedb783b68
Bisecting: 14 revisions left to test after this (roughly 4 steps)
[a0221a0f9ba5820c4a5c0625f965684c6fe76ad7] Revert "Merge branch 'qcom-dts-updates'"

testing commit a0221a0f9ba5820c4a5c0625f965684c6fe76ad7
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1
kernel signature: 60b0512df1f82b68575c9112e2770585bbff5c17bab6c34d6fbd9c6b534d74bb
all runs: OK
# git bisect good a0221a0f9ba5820c4a5c0625f965684c6fe76ad7
Bisecting: 6 revisions left to test after this (roughly 3 steps)
[27cfdadd687deca58146b415f60b23d185cb3532] bus: fsl-mc: extend fsl_mc_get_endpoint() to pass interface ID

testing commit 27cfdadd687deca58146b415f60b23d185cb3532
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1
kernel signature: 737b3f3d3834663455f74525b824c8f938590d8230d6207a989d43e0bdd70f1c
all runs: OK
# git bisect good 27cfdadd687deca58146b415f60b23d185cb3532
Bisecting: 2 revisions left to test after this (roughly 2 steps)
[7e89350c901923c48370ae7b922223c6c5a2b7fd] Merge branch 'dpaa2-switch-next'

testing commit 7e89350c901923c48370ae7b922223c6c5a2b7fd
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1
kernel signature: 737b3f3d3834663455f74525b824c8f938590d8230d6207a989d43e0bdd70f1c
all runs: OK
# git bisect good 7e89350c901923c48370ae7b922223c6c5a2b7fd
Bisecting: 1 revision left to test after this (roughly 1 step)
[314001f0bf927015e459c9d387d62a231fe93af3] af_unix: Add OOB support

testing commit 314001f0bf927015e459c9d387d62a231fe93af3
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1
kernel signature: b3183e492d53d4d9f6df39c671469011720fde38840a62cf0c55994a000539af
all runs: crashed: BUG: sleeping function called from invalid context in _copy_to_iter
# git bisect bad 314001f0bf927015e459c9d387d62a231fe93af3
314001f0bf927015e459c9d387d62a231fe93af3 is the first bad commit
commit 314001f0bf927015e459c9d387d62a231fe93af3
Author: Rao Shoaib <rao.shoaib@oracle.com>
Date:   Sun Aug 1 00:57:07 2021 -0700

    af_unix: Add OOB support
    
    This patch adds OOB support for AF_UNIX sockets.
    The semantics is same as TCP.
    
    The last byte of a message with the OOB flag is
    treated as the OOB byte. The byte is separated into
    a skb and a pointer to the skb is stored in unix_sock.
    The pointer is used to enforce OOB semantics.
    
    Signed-off-by: Rao Shoaib <rao.shoaib@oracle.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>

 include/net/af_unix.h                              |   3 +
 net/unix/Kconfig                                   |   5 +
 net/unix/af_unix.c                                 | 153 +++++++-
 tools/testing/selftests/Makefile                   |   1 +
 tools/testing/selftests/net/af_unix/Makefile       |   5 +
 .../testing/selftests/net/af_unix/test_unix_oob.c  | 437 +++++++++++++++++++++
 6 files changed, 602 insertions(+), 2 deletions(-)
 create mode 100644 tools/testing/selftests/net/af_unix/Makefile
 create mode 100644 tools/testing/selftests/net/af_unix/test_unix_oob.c

culprit signature: b3183e492d53d4d9f6df39c671469011720fde38840a62cf0c55994a000539af
parent  signature: 737b3f3d3834663455f74525b824c8f938590d8230d6207a989d43e0bdd70f1c
revisions tested: 19, total time: 4h49m15.993857725s (build: 2h7m1.863101153s, test: 2h40m11.267437721s)
first bad commit: 314001f0bf927015e459c9d387d62a231fe93af3 af_unix: Add OOB support
recipients (to): ["davem@davemloft.net" "davem@davemloft.net" "kuba@kernel.org" "linux-kselftest@vger.kernel.org" "netdev@vger.kernel.org" "rao.shoaib@oracle.com" "shuah@kernel.org"]
recipients (cc): ["christian.brauner@ubuntu.com" "edumazet@google.com" "jamorris@linux.microsoft.com" "linux-kernel@vger.kernel.org"]
crash: BUG: sleeping function called from invalid context in _copy_to_iter
BUG: sleeping function called from invalid context at lib/iov_iter.c:619
in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 10944, name: syz-executor.1
2 locks held by syz-executor.1/10944:
 #0: ffff88802bff3b80 (&u->iolock){+.+.}-{3:3}, at: unix_stream_read_generic+0x1253/0x1c20 net/unix/af_unix.c:2501
 #1: ffff88802bff3c70 (&u->lock){+.+.}-{2:2}, at: spin_lock include/linux/spinlock.h:354 [inline]
 #1: ffff88802bff3c70 (&u->lock){+.+.}-{2:2}, at: unix_stream_read_generic+0x125d/0x1c20 net/unix/af_unix.c:2502
Preemption disabled at:
[<0000000000000000>] 0x0
CPU: 0 PID: 10944 Comm: syz-executor.1 Not tainted 5.14.0-rc3-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x57/0x7d lib/dump_stack.c:105
 ___might_sleep.cold+0x1f1/0x237 kernel/sched/core.c:9154
 __might_fault+0x55/0x160 mm/memory.c:5258
 _copy_to_iter+0x155/0x1210 lib/iov_iter.c:619
 __skb_datagram_iter+0xf5/0x750 net/core/datagram.c:425
 skb_copy_datagram_iter+0x37/0x40 net/core/datagram.c:533
 skb_copy_datagram_msg include/linux/skbuff.h:3620 [inline]
 unix_stream_read_actor+0x65/0xa0 net/unix/af_unix.c:2701
 unix_stream_recv_urg net/unix/af_unix.c:2433 [inline]
 unix_stream_read_generic+0x133f/0x1c20 net/unix/af_unix.c:2504
 unix_stream_recvmsg+0x9a/0xd0 net/unix/af_unix.c:2717
 sock_recvmsg_nosec net/socket.c:944 [inline]
 sock_recvmsg net/socket.c:962 [inline]
 sock_recvmsg net/socket.c:958 [inline]
 ____sys_recvmsg+0x25e/0x620 net/socket.c:2622
 ___sys_recvmsg+0xe2/0x1a0 net/socket.c:2664
 do_recvmmsg+0x1c8/0x550 net/socket.c:2758
 __sys_recvmmsg net/socket.c:2837 [inline]
 __do_sys_recvmmsg net/socket.c:2860 [inline]
 __se_sys_recvmmsg net/socket.c:2853 [inline]
 __x64_sys_recvmmsg+0x19a/0x200 net/socket.c:2853
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x4665e9
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f882d499188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9
RDX: 0000000000000700 RSI: 0000000020001140 RDI: 0000000000000004
RBP: 00000000004bfcc4 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000007 R11: 0000000000000246 R12: 000000000056bf80
R13: 00007ffc0873991f R14: 00007f882d499300 R15: 0000000000022000

=============================
[ BUG: Invalid wait context ]
5.14.0-rc3-syzkaller #0 Tainted: G        W        
-----------------------------
syz-executor.1/10944 is trying to lock:
ffff888031b73928 (&mm->mmap_lock#2){++++}-{3:3}, at: __might_fault+0x8a/0x160 mm/memory.c:5260
other info that might help us debug this:
context-{4:4}
2 locks held by syz-executor.1/10944:
 #0: ffff88802bff3b80 (&u->iolock){+.+.}-{3:3}, at: unix_stream_read_generic+0x1253/0x1c20 net/unix/af_unix.c:2501
 #1: ffff88802bff3c70 (&u->lock){+.+.}-{2:2}, at: spin_lock include/linux/spinlock.h:354 [inline]
 #1: ffff88802bff3c70 (&u->lock){+.+.}-{2:2}, at: unix_stream_read_generic+0x125d/0x1c20 net/unix/af_unix.c:2502
stack backtrace:
CPU: 0 PID: 10944 Comm: syz-executor.1 Tainted: G        W         5.14.0-rc3-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x57/0x7d lib/dump_stack.c:105
 print_lock_invalid_wait_context kernel/locking/lockdep.c:4666 [inline]
 check_wait_context kernel/locking/lockdep.c:4727 [inline]
 __lock_acquire.cold+0xdb/0x3ab kernel/locking/lockdep.c:4965
 lock_acquire kernel/locking/lockdep.c:5625 [inline]
 lock_acquire+0x1ab/0x510 kernel/locking/lockdep.c:5590
 __might_fault mm/memory.c:5261 [inline]
 __might_fault+0xe8/0x160 mm/memory.c:5246
 _copy_to_iter+0x155/0x1210 lib/iov_iter.c:619
 __skb_datagram_iter+0xf5/0x750 net/core/datagram.c:425
 skb_copy_datagram_iter+0x37/0x40 net/core/datagram.c:533
 skb_copy_datagram_msg include/linux/skbuff.h:3620 [inline]
 unix_stream_read_actor+0x65/0xa0 net/unix/af_unix.c:2701
 unix_stream_recv_urg net/unix/af_unix.c:2433 [inline]
 unix_stream_read_generic+0x133f/0x1c20 net/unix/af_unix.c:2504
 unix_stream_recvmsg+0x9a/0xd0 net/unix/af_unix.c:2717
 sock_recvmsg_nosec net/socket.c:944 [inline]
 sock_recvmsg net/socket.c:962 [inline]
 sock_recvmsg net/socket.c:958 [inline]
 ____sys_recvmsg+0x25e/0x620 net/socket.c:2622
 ___sys_recvmsg+0xe2/0x1a0 net/socket.c:2664
 do_recvmmsg+0x1c8/0x550 net/socket.c:2758
 __sys_recvmmsg net/socket.c:2837 [inline]
 __do_sys_recvmmsg net/socket.c:2860 [inline]
 __se_sys_recvmmsg net/socket.c:2853 [inline]
 __x64_sys_recvmmsg+0x19a/0x200 net/socket.c:2853
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x4665e9
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f882d499188 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665e9
RDX: 0000000000000700 RSI: 0000000020001140 RDI: 0000000000000004
RBP: 00000000004bfcc4 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000007 R11: 0000000000000246 R12: 000000000056bf80
R13: 00007ffc0873991f R14: 00007f882d499300 R15: 0000000000022000