=============================
WARNING: suspicious RCU usage
5.16.0-rc4-next-20211210-syzkaller #0 Not tainted
-----------------------------
kernel/sched/core.c:9545 Illegal context switch in RCU-bh read-side critical section!

other info that might help us debug this:


rcu_scheduler_active = 2, debug_locks = 1
10 locks held by kworker/0:39/15453:
 #0: ffff88814a918538 ((wq_completion)mld){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline]
 #0: ffff88814a918538 ((wq_completion)mld){+.+.}-{0:0}, at: arch_atomic_long_set include/linux/atomic/atomic-long.h:41 [inline]
 #0: ffff88814a918538 ((wq_completion)mld){+.+.}-{0:0}, at: atomic_long_set include/linux/atomic/atomic-instrumented.h:1280 [inline]
 #0: ffff88814a918538 ((wq_completion)mld){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:631 [inline]
 #0: ffff88814a918538 ((wq_completion)mld){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:658 [inline]
 #0: ffff88814a918538 ((wq_completion)mld){+.+.}-{0:0}, at: process_one_work+0x890/0x1680 kernel/workqueue.c:2278
 #1: ffffc9001021fdb0 ((work_completion)(&(&idev->mc_ifc_work)->work)){+.+.}-{0:0}, at: process_one_work+0x8c4/0x1680 kernel/workqueue.c:2282
 #2: ffff8880409cf538 (&idev->mc_lock){+.+.}-{3:3}, at: mld_ifc_work+0x3d/0xdc0 net/ipv6/mcast.c:2658
 #3: ffffffff8bb818a0 (rcu_read_lock){....}-{1:2}, at: read_pnet include/net/net_namespace.h:327 [inline]
 #3: ffffffff8bb818a0 (rcu_read_lock){....}-{1:2}, at: dev_net include/linux/netdevice.h:2448 [inline]
 #3: ffffffff8bb818a0 (rcu_read_lock){....}-{1:2}, at: mld_sendpack+0x15c/0xe40 net/ipv6/mcast.c:1793
 #4: ffffffff8bb81840 (rcu_read_lock_bh){....}-{1:2}, at: lwtunnel_xmit_redirect include/net/lwtunnel.h:95 [inline]
 #4: ffffffff8bb81840 (rcu_read_lock_bh){....}-{1:2}, at: ip6_finish_output2+0x2ad/0x14f0 net/ipv6/ip6_output.c:112
 #5: ffffffff8bb81840 (rcu_read_lock_bh){....}-{1:2}, at: __dev_queue_xmit+0x1e3/0x3640 net/core/dev.c:4036
 #6: ffffffff8bb818a0 (rcu_read_lock){....}-{1:2}, at: geneve_xmit+0xde/0x3530 drivers/net/geneve.c:1068
 #7: ffffffff8bb818a0 (rcu_read_lock){....}-{1:2}, at: ip6_route_output_flags+0x0/0x320 net/ipv6/route.c:778
 #8: ffffffff8bb818a0 (rcu_read_lock){....}-{1:2}, at: ip6_pol_route+0x156/0x11e0 net/ipv6/route.c:2217
 #9: ffffffff8bb81840 (rcu_read_lock_bh){....}-{1:2}, at: rt6_probe net/ipv6/route.c:632 [inline]
 #9: ffffffff8bb81840 (rcu_read_lock_bh){....}-{1:2}, at: find_match.part.0+0x35a/0xd00 net/ipv6/route.c:752

stack backtrace:
CPU: 0 PID: 15453 Comm: kworker/0:39 Not tainted 5.16.0-rc4-next-20211210-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: mld mld_ifc_work
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106
 __might_resched+0x235/0x2c0 kernel/sched/core.c:9545
 might_alloc include/linux/sched/mm.h:256 [inline]
 slab_pre_alloc_hook mm/slab.h:739 [inline]
 slab_alloc_node mm/slub.c:3145 [inline]
 slab_alloc mm/slub.c:3239 [inline]
 kmem_cache_alloc_trace+0x25d/0x2c0 mm/slub.c:3256
 kmalloc include/linux/slab.h:581 [inline]
 kzalloc include/linux/slab.h:715 [inline]
 ref_tracker_alloc+0xe1/0x430 lib/ref_tracker.c:74
 netdev_tracker_alloc include/linux/netdevice.h:3860 [inline]
 dev_hold_track include/linux/netdevice.h:3877 [inline]
 rt6_probe net/ipv6/route.c:661 [inline]
 find_match.part.0+0xac9/0xd00 net/ipv6/route.c:752
 find_match net/ipv6/route.c:825 [inline]
 __find_rr_leaf+0x17f/0xd20 net/ipv6/route.c:826
 find_rr_leaf net/ipv6/route.c:847 [inline]
 rt6_select net/ipv6/route.c:891 [inline]
 fib6_table_lookup+0x649/0xa20 net/ipv6/route.c:2185
 ip6_pol_route+0x1c5/0x11e0 net/ipv6/route.c:2221
 pol_lookup_func include/net/ip6_fib.h:580 [inline]
 fib6_rule_lookup+0x52a/0x6f0 net/ipv6/fib6_rules.c:120
 ip6_route_output_flags_noref+0x2e2/0x380 net/ipv6/route.c:2629
 ip6_route_output_flags+0x72/0x320 net/ipv6/route.c:2642
 ip6_route_output include/net/ip6_route.h:98 [inline]
 ip6_dst_lookup_tail+0x5ab/0x1620 net/ipv6/ip6_output.c:1070
 ip6_dst_lookup_flow+0x8c/0x1d0 net/ipv6/ip6_output.c:1200
 geneve_get_v6_dst+0x46f/0x9a0 drivers/net/geneve.c:858
 geneve6_xmit_skb drivers/net/geneve.c:991 [inline]
 geneve_xmit+0x520/0x3530 drivers/net/geneve.c:1074
 __netdev_start_xmit include/linux/netdevice.h:4685 [inline]
 netdev_start_xmit include/linux/netdevice.h:4699 [inline]
 xmit_one net/core/dev.c:3473 [inline]
 dev_hard_start_xmit+0x1eb/0x920 net/core/dev.c:3489
 __dev_queue_xmit+0x2983/0x3640 net/core/dev.c:4112
 neigh_resolve_output net/core/neighbour.c:1522 [inline]
 neigh_resolve_output+0x50e/0x820 net/core/neighbour.c:1502
 neigh_output include/net/neighbour.h:541 [inline]
 ip6_finish_output2+0x56e/0x14f0 net/ipv6/ip6_output.c:126
 __ip6_finish_output net/ipv6/ip6_output.c:191 [inline]
 __ip6_finish_output+0x61e/0xe80 net/ipv6/ip6_output.c:170
 ip6_finish_output+0x32/0x200 net/ipv6/ip6_output.c:201
 NF_HOOK_COND include/linux/netfilter.h:296 [inline]
 ip6_output+0x1e4/0x530 net/ipv6/ip6_output.c:224
 dst_output include/net/dst.h:451 [inline]
 NF_HOOK include/linux/netfilter.h:307 [inline]
 NF_HOOK include/linux/netfilter.h:301 [inline]
 mld_sendpack+0x9a1/0xe40 net/ipv6/mcast.c:1826
 mld_send_cr net/ipv6/mcast.c:2127 [inline]
 mld_ifc_work+0x71c/0xdc0 net/ipv6/mcast.c:2659
 process_one_work+0x9ac/0x1680 kernel/workqueue.c:2307
 worker_thread+0x652/0x11c0 kernel/workqueue.c:2454
 kthread+0x405/0x4f0 kernel/kthread.c:345
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295
 </TASK>
BUG: sleeping function called from invalid context at include/linux/sched/mm.h:256
in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 15453, name: kworker/0:39
preempt_count: 600, expected: 0
RCU nest depth: 4, expected: 0
10 locks held by kworker/0:39/15453:
 #0: ffff88814a918538 ((wq_completion)mld){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline]
 #0: ffff88814a918538 ((wq_completion)mld){+.+.}-{0:0}, at: arch_atomic_long_set include/linux/atomic/atomic-long.h:41 [inline]
 #0: ffff88814a918538 ((wq_completion)mld){+.+.}-{0:0}, at: atomic_long_set include/linux/atomic/atomic-instrumented.h:1280 [inline]
 #0: ffff88814a918538 ((wq_completion)mld){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:631 [inline]
 #0: ffff88814a918538 ((wq_completion)mld){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:658 [inline]
 #0: ffff88814a918538 ((wq_completion)mld){+.+.}-{0:0}, at: process_one_work+0x890/0x1680 kernel/workqueue.c:2278
 #1: ffffc9001021fdb0 ((work_completion)(&(&idev->mc_ifc_work)->work)){+.+.}-{0:0}, at: process_one_work+0x8c4/0x1680 kernel/workqueue.c:2282
 #2: ffff8880409cf538 (&idev->mc_lock){+.+.}-{3:3}, at: mld_ifc_work+0x3d/0xdc0 net/ipv6/mcast.c:2658
 #3: ffffffff8bb818a0 (rcu_read_lock){....}-{1:2}, at: read_pnet include/net/net_namespace.h:327 [inline]
 #3: ffffffff8bb818a0 (rcu_read_lock){....}-{1:2}, at: dev_net include/linux/netdevice.h:2448 [inline]
 #3: ffffffff8bb818a0 (rcu_read_lock){....}-{1:2}, at: mld_sendpack+0x15c/0xe40 net/ipv6/mcast.c:1793
 #4: ffffffff8bb81840 (rcu_read_lock_bh){....}-{1:2}, at: lwtunnel_xmit_redirect include/net/lwtunnel.h:95 [inline]
 #4: ffffffff8bb81840 (rcu_read_lock_bh){....}-{1:2}, at: ip6_finish_output2+0x2ad/0x14f0 net/ipv6/ip6_output.c:112
 #5: ffffffff8bb81840 (rcu_read_lock_bh){....}-{1:2}, at: __dev_queue_xmit+0x1e3/0x3640 net/core/dev.c:4036
 #6: ffffffff8bb818a0 (rcu_read_lock){....}-{1:2}, at: geneve_xmit+0xde/0x3530 drivers/net/geneve.c:1068
 #7: ffffffff8bb818a0 (rcu_read_lock){....}-{1:2}, at: ip6_route_output_flags+0x0/0x320 net/ipv6/route.c:778
 #8: ffffffff8bb818a0 (rcu_read_lock){....}-{1:2}, at: ip6_pol_route+0x156/0x11e0 net/ipv6/route.c:2217
 #9: ffffffff8bb81840 (rcu_read_lock_bh){....}-{1:2}, at: rt6_probe net/ipv6/route.c:632 [inline]
 #9: ffffffff8bb81840 (rcu_read_lock_bh){....}-{1:2}, at: find_match.part.0+0x35a/0xd00 net/ipv6/route.c:752
Preemption disabled at:
[<ffffffff87f0b313>] local_bh_disable include/linux/bottom_half.h:20 [inline]
[<ffffffff87f0b313>] rcu_read_lock_bh include/linux/rcupdate.h:746 [inline]
[<ffffffff87f0b313>] ip6_finish_output2+0x2c3/0x14f0 net/ipv6/ip6_output.c:119
CPU: 0 PID: 15453 Comm: kworker/0:39 Not tainted 5.16.0-rc4-next-20211210-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: mld mld_ifc_work
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106
 __might_resched.cold+0x222/0x26b kernel/sched/core.c:9583
 might_alloc include/linux/sched/mm.h:256 [inline]
 slab_pre_alloc_hook mm/slab.h:739 [inline]
 slab_alloc_node mm/slub.c:3145 [inline]
 slab_alloc mm/slub.c:3239 [inline]
 kmem_cache_alloc_trace+0x25d/0x2c0 mm/slub.c:3256
 kmalloc include/linux/slab.h:581 [inline]
 kzalloc include/linux/slab.h:715 [inline]
 ref_tracker_alloc+0xe1/0x430 lib/ref_tracker.c:74
 netdev_tracker_alloc include/linux/netdevice.h:3860 [inline]
 dev_hold_track include/linux/netdevice.h:3877 [inline]
 rt6_probe net/ipv6/route.c:661 [inline]
 find_match.part.0+0xac9/0xd00 net/ipv6/route.c:752
 find_match net/ipv6/route.c:825 [inline]
 __find_rr_leaf+0x17f/0xd20 net/ipv6/route.c:826
 find_rr_leaf net/ipv6/route.c:847 [inline]
 rt6_select net/ipv6/route.c:891 [inline]
 fib6_table_lookup+0x649/0xa20 net/ipv6/route.c:2185
 ip6_pol_route+0x1c5/0x11e0 net/ipv6/route.c:2221
 pol_lookup_func include/net/ip6_fib.h:580 [inline]
 fib6_rule_lookup+0x52a/0x6f0 net/ipv6/fib6_rules.c:120
 ip6_route_output_flags_noref+0x2e2/0x380 net/ipv6/route.c:2629
 ip6_route_output_flags+0x72/0x320 net/ipv6/route.c:2642
 ip6_route_output include/net/ip6_route.h:98 [inline]
 ip6_dst_lookup_tail+0x5ab/0x1620 net/ipv6/ip6_output.c:1070
 ip6_dst_lookup_flow+0x8c/0x1d0 net/ipv6/ip6_output.c:1200
 geneve_get_v6_dst+0x46f/0x9a0 drivers/net/geneve.c:858
 geneve6_xmit_skb drivers/net/geneve.c:991 [inline]
 geneve_xmit+0x520/0x3530 drivers/net/geneve.c:1074
 __netdev_start_xmit include/linux/netdevice.h:4685 [inline]
 netdev_start_xmit include/linux/netdevice.h:4699 [inline]
 xmit_one net/core/dev.c:3473 [inline]
 dev_hard_start_xmit+0x1eb/0x920 net/core/dev.c:3489
 __dev_queue_xmit+0x2983/0x3640 net/core/dev.c:4112
 neigh_resolve_output net/core/neighbour.c:1522 [inline]
 neigh_resolve_output+0x50e/0x820 net/core/neighbour.c:1502
 neigh_output include/net/neighbour.h:541 [inline]
 ip6_finish_output2+0x56e/0x14f0 net/ipv6/ip6_output.c:126
 __ip6_finish_output net/ipv6/ip6_output.c:191 [inline]
 __ip6_finish_output+0x61e/0xe80 net/ipv6/ip6_output.c:170
 ip6_finish_output+0x32/0x200 net/ipv6/ip6_output.c:201
 NF_HOOK_COND include/linux/netfilter.h:296 [inline]
 ip6_output+0x1e4/0x530 net/ipv6/ip6_output.c:224
 dst_output include/net/dst.h:451 [inline]
 NF_HOOK include/linux/netfilter.h:307 [inline]
 NF_HOOK include/linux/netfilter.h:301 [inline]
 mld_sendpack+0x9a1/0xe40 net/ipv6/mcast.c:1826
 mld_send_cr net/ipv6/mcast.c:2127 [inline]
 mld_ifc_work+0x71c/0xdc0 net/ipv6/mcast.c:2659
 process_one_work+0x9ac/0x1680 kernel/workqueue.c:2307
 worker_thread+0x652/0x11c0 kernel/workqueue.c:2454
 kthread+0x405/0x4f0 kernel/kthread.c:345
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295
 </TASK>