bisecting cause commit starting from b9011c7e671dbbf59bb753283ddfd03f0c9eb865
building syzkaller on 33c26cb735dc83786ebebe071a3e17cdd5383ead
testing commit b9011c7e671dbbf59bb753283ddfd03f0c9eb865
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1
kernel signature: 7f4a6970b16d0788f02d2862aeb66030f9e3689072838cac5d6d726bafe31f00
all runs: crashed: KFENCE: use-after-free in kvm_fastop_exception
testing release v5.13
testing commit 62fb9874f5da54fdb243003b386128037319b219
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1
kernel signature: 1cb5111c0f95c1fc7e3896d55db5b53fbce5858f143c657e735c92f7019c7d10
all runs: OK
# git bisect start b9011c7e671dbbf59bb753283ddfd03f0c9eb865 62fb9874f5da54fdb243003b386128037319b219
Bisecting: 11799 revisions left to test after this (roughly 14 steps)
[8e4f3e15175ffab5d2126dc8e7c8cfcc1654a5aa] Merge tag 'fuse-update-5.14' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/fuse

testing commit 8e4f3e15175ffab5d2126dc8e7c8cfcc1654a5aa
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1
kernel signature: 031c33434c4cdd2994c0fc39e43e9518364a1507bf1c2bcccd73328659b70be5
run #0: boot failed: kernel panic: VFS: Unable to mount root fs on unknown-block(NUM,NUM)
run #1: boot failed: kernel panic: VFS: Unable to mount root fs on unknown-block(NUM,NUM)
run #2: boot failed: BUG: sleeping function called from invalid context in stack_depot_save
run #3: boot failed: kernel panic: VFS: Unable to mount root fs on unknown-block(NUM,NUM)
run #4: boot failed: kernel panic: VFS: Unable to mount root fs on unknown-block(NUM,NUM)
run #5: boot failed: kernel panic: VFS: Unable to mount root fs on unknown-block(NUM,NUM)
run #6: boot failed: kernel panic: VFS: Unable to mount root fs on unknown-block(NUM,NUM)
run #7: boot failed: kernel panic: VFS: Unable to mount root fs on unknown-block(NUM,NUM)
run #8: boot failed: kernel panic: VFS: Unable to mount root fs on unknown-block(NUM,NUM)
run #9: boot failed: possible deadlock in fs_reclaim_acquire
# git bisect skip 8e4f3e15175ffab5d2126dc8e7c8cfcc1654a5aa
Bisecting: 11799 revisions left to test after this (roughly 14 steps)
[cdb14e0f7775e767484843e8ecd736bb21754c58] blk-mq: factor out a blk_mq_alloc_sq_tag_set helper

testing commit cdb14e0f7775e767484843e8ecd736bb21754c58
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1
kernel signature: 3e810dec7dc13fb332701602fea4c1d9272c816d4f37ac60ee720ca32e9acb92
all runs: OK
# git bisect good cdb14e0f7775e767484843e8ecd736bb21754c58
Bisecting: 11784 revisions left to test after this (roughly 14 steps)
[4c55e2aeb8082cb118cd63596bfe0dc5247b78e1] Merge tag 'for-linus' of git://github.com/openrisc/linux

testing commit 4c55e2aeb8082cb118cd63596bfe0dc5247b78e1
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1
kernel signature: 031c33434c4cdd2994c0fc39e43e9518364a1507bf1c2bcccd73328659b70be5
run #0: boot failed: kernel panic: VFS: Unable to mount root fs on unknown-block(NUM,NUM)
run #1: boot failed: BUG: sleeping function called from invalid context in stack_depot_save
run #2: boot failed: kernel panic: VFS: Unable to mount root fs on unknown-block(NUM,NUM)
run #3: boot failed: kernel panic: VFS: Unable to mount root fs on unknown-block(NUM,NUM)
run #4: boot failed: possible deadlock in get_page_from_freelist
run #5: boot failed: kernel panic: VFS: Unable to mount root fs on unknown-block(NUM,NUM)
run #6: boot failed: kernel panic: VFS: Unable to mount root fs on unknown-block(NUM,NUM)
run #7: boot failed: kernel panic: VFS: Unable to mount root fs on unknown-block(NUM,NUM)
run #8: boot failed: kernel panic: VFS: Unable to mount root fs on unknown-block(NUM,NUM)
run #9: boot failed: kernel panic: VFS: Unable to mount root fs on unknown-block(NUM,NUM)
# git bisect skip 4c55e2aeb8082cb118cd63596bfe0dc5247b78e1
Bisecting: 11784 revisions left to test after this (roughly 14 steps)
[d5c9d0a207f4c61734ccd4b51818788e8b86296a] mt76: mt7921: Fix fall-through warning for Clang

testing commit d5c9d0a207f4c61734ccd4b51818788e8b86296a
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1
kernel signature: d9f5ef2aa2e4ee219a16a8500a3c819c1de6b9d85797a969770a042a68195305
run #0: crashed: BUG: sleeping function called from invalid context in stack_depot_save
run #1: OK
run #2: OK
run #3: OK
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
reproducer seems to be flaky
# git bisect bad d5c9d0a207f4c61734ccd4b51818788e8b86296a
Bisecting: 6639 revisions left to test after this (roughly 13 steps)
[e058a84bfddc42ba356a2316f2cf1141974625c9] Merge tag 'drm-next-2021-07-01' of git://anongit.freedesktop.org/drm/drm

testing commit e058a84bfddc42ba356a2316f2cf1141974625c9
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1
kernel signature: 0fed85a1847a4917bff8784f8be1c7100ba1b078846e162f43b3975b6ca9a560
run #0: basic kernel testing failed: possible deadlock in fs_reclaim_acquire
run #1: basic kernel testing failed: BUG: sleeping function called from invalid context in stack_depot_save
run #2: crashed: BUG: sleeping function called from invalid context in lock_sock_nested
run #3: crashed: BUG: sleeping function called from invalid context in lock_sock_nested
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
run #10: OK
run #11: OK
run #12: OK
run #13: OK
run #14: OK
run #15: OK
run #16: OK
run #17: OK
run #18: OK
run #19: OK
# git bisect bad e058a84bfddc42ba356a2316f2cf1141974625c9
Bisecting: 4140 revisions left to test after this (roughly 12 steps)
[a6eaf3850cb171c328a8b0db6d3c79286a1eba9d] Merge tag 'sched-urgent-2021-06-30' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip

testing commit a6eaf3850cb171c328a8b0db6d3c79286a1eba9d
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1
kernel signature: 4ea35d890cb0bc17a121891772f349494920ea9dba6338f24ba4104a5f4d61f4
all runs: OK
# git bisect good a6eaf3850cb171c328a8b0db6d3c79286a1eba9d
Bisecting: 2072 revisions left to test after this (roughly 11 steps)
[007b312c6f294770de01fbc0643610145012d244] Merge tag 'mac80211-next-for-net-next-2021-06-25' of git://git.kernel.org/pub/scm/linux/kernel/git/jberg/mac80211-next

testing commit 007b312c6f294770de01fbc0643610145012d244
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1
kernel signature: edd00f7412d141c59d49c1256d7c1a5f56411a02737f8b277027e428c0b7722b
run #0: crashed: BUG: sleeping function called from invalid context in lock_sock_nested
run #1: crashed: BUG: sleeping function called from invalid context in lock_sock_nested
run #2: OK
run #3: OK
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
run #10: OK
run #11: OK
run #12: OK
run #13: OK
run #14: OK
run #15: OK
run #16: OK
run #17: OK
run #18: OK
run #19: OK
# git bisect bad 007b312c6f294770de01fbc0643610145012d244
Bisecting: 1035 revisions left to test after this (roughly 10 steps)
[9724fd5d9c2a0d3686b799ed5ca90cb9378ca4f2] net/mlx5: Bridge, add tracepoints

testing commit 9724fd5d9c2a0d3686b799ed5ca90cb9378ca4f2
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1
kernel signature: 903ab66e43d76a6cea352b5786bfc089cf06b23c8e11a2492b52aa37645fd88f
all runs: OK
# git bisect good 9724fd5d9c2a0d3686b799ed5ca90cb9378ca4f2
Bisecting: 517 revisions left to test after this (roughly 9 steps)
[7e33d84db1a8a6c3000e9b02c074c17819680755] net: mdio: use device_set_node() to setup both fwnode and of

testing commit 7e33d84db1a8a6c3000e9b02c074c17819680755
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1
kernel signature: 22b5626592f5ccbe08e86e1584728aaa876c9a22eef5cf624ad3d2e60a3b06a4
all runs: OK
# git bisect good 7e33d84db1a8a6c3000e9b02c074c17819680755
Bisecting: 258 revisions left to test after this (roughly 8 steps)
[44531076338fc9d9556685d3e7efc2526185760d] Documentation: net: dsa: add details about SJA1110

testing commit 44531076338fc9d9556685d3e7efc2526185760d
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1
kernel signature: 203e8c83a6bba8d06903e8f24c802e4c075580b84ed41f0dbc311d813fded163
all runs: OK
# git bisect good 44531076338fc9d9556685d3e7efc2526185760d
Bisecting: 128 revisions left to test after this (roughly 7 steps)
[5b16565a7f9d82c6aa475ede72d62424b70f7726] iwlwifi: support ver 6 of WOWLAN_CONFIGURATION and ver 10 of WOWLAN_GET_STATUSES

testing commit 5b16565a7f9d82c6aa475ede72d62424b70f7726
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1
kernel signature: b1dce04f9002435c4d9e5ee825824563f9fe7134e9228c06c03dd7b776baabba
all runs: OK
# git bisect good 5b16565a7f9d82c6aa475ede72d62424b70f7726
Bisecting: 63 revisions left to test after this (roughly 6 steps)
[730eed2772e740c30229d03e3d578cc00a5ae304] sit: allow redirecting ip6ip, ipip and mplsip packets to eth devices

testing commit 730eed2772e740c30229d03e3d578cc00a5ae304
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1
kernel signature: 05b07ea6929b944357f21261a21238b3ee982d637c11ae8a06ff12d58df4bc44
all runs: OK
# git bisect good 730eed2772e740c30229d03e3d578cc00a5ae304
Bisecting: 31 revisions left to test after this (roughly 5 steps)
[7da70d6cdf0dbc2c62e4a5759db9b63ef8d90c32] ieee80211: define timing measurement in extended capabilities IE

testing commit 7da70d6cdf0dbc2c62e4a5759db9b63ef8d90c32
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1
kernel signature: 5da35174aa8f0f88ea144122a7aba4be50c9c466f1840d68f6732b66410dcfef
all runs: OK
# git bisect good 7da70d6cdf0dbc2c62e4a5759db9b63ef8d90c32
Bisecting: 15 revisions left to test after this (roughly 4 steps)
[f4f8650588d35deafaa4a4e28cceb3557a71e711] cfg80211: allow advertising vendor-specific capabilities

testing commit f4f8650588d35deafaa4a4e28cceb3557a71e711
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1
kernel signature: a0f77bde71cae0d0a58016a4dc309ce646e5c23c4576520c576001146ca85e9d
all runs: OK
# git bisect good f4f8650588d35deafaa4a4e28cceb3557a71e711
Bisecting: 7 revisions left to test after this (roughly 3 steps)
[744757e46bf13ec3a7b3507d17ab3faab9516d43] mac80211: remove iwlwifi specific workaround NDPs of null_response

testing commit 744757e46bf13ec3a7b3507d17ab3faab9516d43
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1
kernel signature: 6f7502fbf4e276d799328c4c4f4bf82e613459e376ac7cf471628679cf08ba94
all runs: OK
# git bisect good 744757e46bf13ec3a7b3507d17ab3faab9516d43
Bisecting: 3 revisions left to test after this (roughly 2 steps)
[8eb517a2a4ae447b009f1d971004d334d244549e] Merge branch 'reset-mac'

testing commit 8eb517a2a4ae447b009f1d971004d334d244549e
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1
kernel signature: 64c12de063b85234db003f8f24af3bd2ea33f15c4932f7bd78037a37c6d4ff14
all runs: OK
# git bisect good 8eb517a2a4ae447b009f1d971004d334d244549e
Bisecting: 1 revision left to test after this (roughly 1 step)
[2433647bc8d983a543e7d31b41ca2de1c7e2c198] mac80211: Switch to a virtual time-based airtime scheduler

testing commit 2433647bc8d983a543e7d31b41ca2de1c7e2c198
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1
kernel signature: 6dd6b4544b378c009dc1b382ad07ff143cddb9ecddbcf0e71399217984ac3bd4
all runs: OK
# git bisect good 2433647bc8d983a543e7d31b41ca2de1c7e2c198
Bisecting: 0 revisions left to test after this (roughly 0 steps)
[c4512c63b1193c73b3f09c598a6d0a7f88da1dd8] mptcp: fix 'masking a bool' warning

testing commit c4512c63b1193c73b3f09c598a6d0a7f88da1dd8
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1
kernel signature: ca1df891a6e60c4031cf157d468b93932502c3d761c0b8ea70d53ac91f1e73df
run #0: crashed: BUG: sleeping function called from invalid context in lock_sock_nested
run #1: OK
run #2: OK
run #3: OK
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
run #10: OK
run #11: OK
run #12: OK
run #13: OK
run #14: OK
run #15: OK
run #16: OK
run #17: OK
run #18: OK
run #19: OK
# git bisect bad c4512c63b1193c73b3f09c598a6d0a7f88da1dd8
c4512c63b1193c73b3f09c598a6d0a7f88da1dd8 is the first bad commit
commit c4512c63b1193c73b3f09c598a6d0a7f88da1dd8
Author: Matthieu Baerts <matthieu.baerts@tessares.net>
Date:   Fri Jun 25 14:25:22 2021 -0700

    mptcp: fix 'masking a bool' warning
    
    Dan Carpenter reported an issue introduced in
    commit fde56eea01f9 ("mptcp: refine mptcp_cleanup_rbuf") where a new
    boolean (ack_pending) is masked with 0x9.
    
    This is not the intention to ignore values by using a boolean. This
    variable should not have a 'bool' type: we should keep the 'u8' to allow
    this comparison.
    
    Fixes: fde56eea01f9 ("mptcp: refine mptcp_cleanup_rbuf")
    Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
    Signed-off-by: Matthieu Baerts <matthieu.baerts@tessares.net>
    Signed-off-by: Mat Martineau <mathew.j.martineau@linux.intel.com>
    Acked-by: Paolo Abeni <pabeni@redhat.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>

 net/mptcp/protocol.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

culprit signature: ca1df891a6e60c4031cf157d468b93932502c3d761c0b8ea70d53ac91f1e73df
parent  signature: 64c12de063b85234db003f8f24af3bd2ea33f15c4932f7bd78037a37c6d4ff14
Reproducer flagged being flaky
revisions tested: 20, total time: 5h57m53.339568431s (build: 2h11m22.403555011s, test: 3h44m17.418298438s)
first bad commit: c4512c63b1193c73b3f09c598a6d0a7f88da1dd8 mptcp: fix 'masking a bool' warning
recipients (to): ["davem@davemloft.net" "mathew.j.martineau@linux.intel.com" "matthieu.baerts@tessares.net" "pabeni@redhat.com"]
recipients (cc): []
crash: BUG: sleeping function called from invalid context in lock_sock_nested
BUG: sleeping function called from invalid context at net/core/sock.c:3084
in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 8824, name: syz-executor.3
1 lock held by syz-executor.3/8824:
 #0: ffffffff8c1eb020 (hci_sk_list.lock){++++}-{2:2}, at: hci_sock_dev_event+0x377/0x5d0 net/bluetooth/hci_sock.c:763
Preemption disabled at:
[<0000000000000000>] 0x0
CPU: 1 PID: 8824 Comm: syz-executor.3 Not tainted 5.13.0-rc6-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:79 [inline]
 dump_stack+0xa5/0xe6 lib/dump_stack.c:120
 ___might_sleep.cold+0x1f1/0x237 kernel/sched/core.c:8337
 lock_sock_nested+0x1e/0xf0 net/core/sock.c:3084
 lock_sock include/net/sock.h:1610 [inline]
 hci_sock_dev_event+0x3ed/0x5d0 net/bluetooth/hci_sock.c:765
 hci_unregister_dev+0x29b/0xfb0 net/bluetooth/hci_core.c:4013
 vhci_release+0x62/0xd0 drivers/bluetooth/hci_vhci.c:340
 __fput+0x209/0x870 fs/file_table.c:280
 task_work_run+0xc0/0x160 kernel/task_work.c:164
 exit_task_work include/linux/task_work.h:32 [inline]
 do_exit+0xa26/0x2500 kernel/exit.c:826
 do_group_exit+0xe7/0x290 kernel/exit.c:923
 __do_sys_exit_group kernel/exit.c:934 [inline]
 __se_sys_exit_group kernel/exit.c:932 [inline]
 __x64_sys_exit_group+0x35/0x40 kernel/exit.c:932
 do_syscall_64+0x3a/0xb0 arch/x86/entry/common.c:47
 entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x4665e9
Code: Unable to access opcode bytes at RIP 0x4665bf.
RSP: 002b:00007fff85e0ec08 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
RAX: ffffffffffffffda RBX: 00007fff85e0f3c8 RCX: 00000000004665e9
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000043
RBP: 0000000000000000 R08: 0000000000000025 R09: 00007fff85e0f3c8
R10: 00000000ffffffff R11: 0000000000000246 R12: 00000000004bef74
R13: 0000000000000010 R14: 0000000000000000 R15: 0000000000400538

======================================================