ci starts bisection 2022-11-17 20:08:39.035205005 +0000 UTC m=+9318.054800855
bisecting cause commit starting from 064bc7312bd09a48798418663090be0c776183db
building syzkaller on 3a127a3157fd19caabb023978737471213127590
ensuring issue is reproducible on original commit 064bc7312bd09a48798418663090be0c776183db

testing commit 064bc7312bd09a48798418663090be0c776183db gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 366d86fcdc4b3fa7552a883b7b6f62ceae3b5675dad4aed1ff77d51615afdcc5
all runs: crashed: BUG: sleeping function called from invalid context in static_key_slow_inc
testing release v6.0
testing commit 4fe89d07dcc2804c8b562f6c7896a45643d34b2f gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 6021f77eddad5e05ea8ebe3f344cd563122674b2ced0b43e6ce4f6e569a38cae
all runs: OK
# git bisect start 064bc7312bd09a48798418663090be0c776183db 4fe89d07dcc2804c8b562f6c7896a45643d34b2f
Bisecting: 6914 revisions left to test after this (roughly 13 steps)
[5d435a3f7b6cb1db566d0f56f5f8dc33be0dde69] Merge tag 'media/v6.1-1' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media

testing commit 5d435a3f7b6cb1db566d0f56f5f8dc33be0dde69 gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 47bfd603d4a128be708be6d332a75b99caf2ad6a56be6cf921d1f805b9a55783
all runs: OK
# git bisect good 5d435a3f7b6cb1db566d0f56f5f8dc33be0dde69
Bisecting: 3673 revisions left to test after this (roughly 12 steps)
[70442fc54e6889a2a77f0e9554e8188a1557f00e] Merge tag 'x86_mm_for_v6.1_rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip

testing commit 70442fc54e6889a2a77f0e9554e8188a1557f00e gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 6c520dcb640ee36e6b156f68078933e1d89b75b04bff805fa6b6eccb5ebe9bc1
all runs: boot failed: WARNING in cpumask_next_wrap
# git bisect skip 70442fc54e6889a2a77f0e9554e8188a1557f00e
Bisecting: 3673 revisions left to test after this (roughly 12 steps)
[855ae87a2073ebf1b395e020de54fdf9ce7d166f] clk: imx: scu: fix memleak on platform_device_add() fails

testing commit 855ae87a2073ebf1b395e020de54fdf9ce7d166f gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: fbe89f97a8e6ac2639e184b96df8ed6c2436dd3fd9d74a766b7be968674a5d3e
run #0: boot failed: general protection fault in rcu_core
run #1: boot failed: BUG: unable to handle kernel paging request in copy_process
run #2: boot failed: general protection fault in netdev_queue_update_kobjects
run #3: boot failed: BUG: unable to handle kernel paging request in kernel_execve
run #4: boot failed: general protection fault in netdev_queue_update_kobjects
run #5: boot failed: BUG: unable to handle kernel paging request in kernel_execve
run #6: boot failed: BUG: unable to handle kernel paging request in kernel_execve
run #7: boot failed: general protection fault in rcu_core
run #8: boot failed: WARNING: refcount bug in __put_task_struct
run #9: boot failed: general protection fault in netdev_queue_update_kobjects
# git bisect skip 855ae87a2073ebf1b395e020de54fdf9ce7d166f
Bisecting: 3673 revisions left to test after this (roughly 12 steps)
[40549ba8f8e0ed1f8b235979563f619e9aa34fdf] hugetlb: use new vma_lock for pmd sharing synchronization

testing commit 40549ba8f8e0ed1f8b235979563f619e9aa34fdf gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 077f7ea60bf2139e52577ca7e75af0549db488bd121c3a3a2aff8a5710a9f60a
all runs: OK
# git bisect good 40549ba8f8e0ed1f8b235979563f619e9aa34fdf
Bisecting: 3229 revisions left to test after this (roughly 12 steps)
[e2302539dd4f1c62d96651c07ddb05aa2461d29c] Merge tag 'xtensa-20221010' of https://github.com/jcmvbkbc/linux-xtensa

testing commit e2302539dd4f1c62d96651c07ddb05aa2461d29c gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 9991e9b6b6489724877b4031c6172cb7d63b16c39ee4ec6b4c31961d8417a486
all runs: boot failed: WARNING in cpumask_next_wrap
# git bisect skip e2302539dd4f1c62d96651c07ddb05aa2461d29c
Bisecting: 3229 revisions left to test after this (roughly 12 steps)
[6dddc1eb9632b0eb6098d1dc849e8acb2408c1b6] drm/amdgpu: Update umc v8_10_0 headers

testing commit 6dddc1eb9632b0eb6098d1dc849e8acb2408c1b6 gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 1f244c7f81ec83e9622553fe45e282906e3df5c6b1101c027bb3c1e2b618465c
all runs: OK
# git bisect good 6dddc1eb9632b0eb6098d1dc849e8acb2408c1b6
Bisecting: 3189 revisions left to test after this (roughly 12 steps)
[f848b3cda39b5d41746040eb51f8e87a685bf0d9] Merge tag 'pm-6.1-rc1-2' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm

testing commit f848b3cda39b5d41746040eb51f8e87a685bf0d9 gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 2da9697c562fd3c6744e99d8a75a5955798e192e9fd5736ab82f183a4e19188d
all runs: boot failed: WARNING in cpumask_next_wrap
# git bisect skip f848b3cda39b5d41746040eb51f8e87a685bf0d9
Bisecting: 3189 revisions left to test after this (roughly 12 steps)
[cdb525ca92b196f8916102b62431aa0d9a644ff2] selftests/net: give more time to udpgro bg processes to complete startup

testing commit cdb525ca92b196f8916102b62431aa0d9a644ff2 gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 5033833712586c3b4522dad9a292b782ef8995d65dc10b6d3e65c7572d16f255
all runs: OK
# git bisect good cdb525ca92b196f8916102b62431aa0d9a644ff2
Bisecting: 208 revisions left to test after this (roughly 8 steps)
[f6f5204727b9b1f3c6e9c90b5b09f40c6e0102f5] Merge tag 'x86_urgent_for_v6.1_rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip

testing commit f6f5204727b9b1f3c6e9c90b5b09f40c6e0102f5 gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 472685bf6add0a9aabf7a9aebd6d9372f094e624857e005f71bb5664c698fe2c
all runs: OK
# git bisect good f6f5204727b9b1f3c6e9c90b5b09f40c6e0102f5
Bisecting: 122 revisions left to test after this (roughly 7 steps)
[abd5ac18ae661681fbacd8c9d0a577943da4c89e] Merge tag 'mlx5-fixes-2022-11-09' of git://git.kernel.org/pub/scm/linux/kernel/git/saeed/linux

testing commit abd5ac18ae661681fbacd8c9d0a577943da4c89e gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 32eb40932145d83bd1e42b002d146283e37fed239223a84d51101f3bf296216c
all runs: OK
# git bisect good abd5ac18ae661681fbacd8c9d0a577943da4c89e
Bisecting: 61 revisions left to test after this (roughly 6 steps)
[f014699cca9a9a28fbdc06a9225b54562154fc20] Merge tag 'soundwire-6.1-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/vkoul/soundwire

testing commit f014699cca9a9a28fbdc06a9225b54562154fc20 gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 2fce27f612878d627f9a159841b69309a29c58f2d5a834f3a2b48924ed57bbf2
all runs: OK
# git bisect good f014699cca9a9a28fbdc06a9225b54562154fc20
Bisecting: 30 revisions left to test after this (roughly 5 steps)
[8979f428a4afc215e390006e5ea19fd4e22c7ca9] net: liquidio: release resources when liquidio driver open failed

testing commit 8979f428a4afc215e390006e5ea19fd4e22c7ca9 gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: c6f5ad38b4cd9633a0d3bf23fbb0242209749dc982b3d3a91e95d996f1c57c62
all runs: OK
# git bisect good 8979f428a4afc215e390006e5ea19fd4e22c7ca9
Bisecting: 14 revisions left to test after this (roughly 4 steps)
[18c532e44939caa17f1fa380f7ac50dbc0718dbb] net: phy: marvell: add sleep time after enabling the loopback bit

testing commit 18c532e44939caa17f1fa380f7ac50dbc0718dbb gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 533fdb45b0ab42329363faea28feef4e3efbfa746797b38dc25c90b15729e683
all runs: OK
# git bisect good 18c532e44939caa17f1fa380f7ac50dbc0718dbb
Bisecting: 7 revisions left to test after this (roughly 3 steps)
[2929cceb2fcf0ded7182562e4888afafece82cce] net/x25: Fix skb leak in x25_lapb_receive_frame()

testing commit 2929cceb2fcf0ded7182562e4888afafece82cce gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 9774ac65185e7631270faccdd6b44a25f566ba45241a7ea822f6a3289f7e730b
all runs: OK
# git bisect good 2929cceb2fcf0ded7182562e4888afafece82cce
Bisecting: 3 revisions left to test after this (roughly 2 steps)
[e4aa85cf0d43e293f474e3b415ff44e49ef768ae] Merge branch 'microchip-fixes'

testing commit e4aa85cf0d43e293f474e3b415ff44e49ef768ae gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 53ee22331a47fc82dd5e3cc69457d27271dc9671ad464445dcd0ab747dd413cd
all runs: OK
# git bisect good e4aa85cf0d43e293f474e3b415ff44e49ef768ae
Bisecting: 1 revision left to test after this (roughly 1 step)
[b68777d54fac21fc833ec26ea1a2a84f975ab035] l2tp: Serialize access to sk_user_data with sk_callback_lock

testing commit b68777d54fac21fc833ec26ea1a2a84f975ab035 gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 6843f84b89b8b9947ec3b16b92ea6367c155f747ed5731577817513f5e957310
all runs: crashed: BUG: sleeping function called from invalid context in static_key_slow_inc
# git bisect bad b68777d54fac21fc833ec26ea1a2a84f975ab035
Bisecting: 0 revisions left to test after this (roughly 0 steps)
[f524b7289bbb0c8ffaa2ba3c34c146e43da54fb2] net: thunderbolt: Fix error handling in tbnet_init()

testing commit f524b7289bbb0c8ffaa2ba3c34c146e43da54fb2 gcc
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: d9928e8faa9452cd248e7a0cf753a733d68f877460c4d651516b389a271bbfcf
all runs: OK
# git bisect good f524b7289bbb0c8ffaa2ba3c34c146e43da54fb2
b68777d54fac21fc833ec26ea1a2a84f975ab035 is the first bad commit
commit b68777d54fac21fc833ec26ea1a2a84f975ab035
Author: Jakub Sitnicki <jakub@cloudflare.com>
Date:   Mon Nov 14 20:16:19 2022 +0100

    l2tp: Serialize access to sk_user_data with sk_callback_lock
    
    sk->sk_user_data has multiple users, which are not compatible with each
    other. Writers must synchronize by grabbing the sk->sk_callback_lock.
    
    l2tp currently fails to grab the lock when modifying the underlying tunnel
    socket fields. Fix it by adding appropriate locking.
    
    We err on the side of safety and grab the sk_callback_lock also inside the
    sk_destruct callback overridden by l2tp, even though there should be no
    refs allowing access to the sock at the time when sk_destruct gets called.
    
    v4:
    - serialize write to sk_user_data in l2tp sk_destruct
    
    v3:
    - switch from sock lock to sk_callback_lock
    - document write-protection for sk_user_data
    
    v2:
    - update Fixes to point to origin of the bug
    - use real names in Reported/Tested-by tags
    
    Cc: Tom Parkin <tparkin@katalix.com>
    Fixes: 3557baabf280 ("[L2TP]: PPP over L2TP driver core")
    Reported-by: Haowei Yan <g1042620637@gmail.com>
    Signed-off-by: Jakub Sitnicki <jakub@cloudflare.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>

 include/net/sock.h   |  2 +-
 net/l2tp/l2tp_core.c | 19 +++++++++++++------
 2 files changed, 14 insertions(+), 7 deletions(-)

culprit signature: 6843f84b89b8b9947ec3b16b92ea6367c155f747ed5731577817513f5e957310
parent  signature: d9928e8faa9452cd248e7a0cf753a733d68f877460c4d651516b389a271bbfcf
revisions tested: 19, total time: 5h46m28.46443211s (build: 2h57m34.328300023s, test: 2h45m33.793306255s)
first bad commit: b68777d54fac21fc833ec26ea1a2a84f975ab035 l2tp: Serialize access to sk_user_data with sk_callback_lock
recipients (to): ["davem@davemloft.net" "davem@davemloft.net" "edumazet@google.com" "jakub@cloudflare.com" "kuba@kernel.org" "netdev@vger.kernel.org" "pabeni@redhat.com"]
recipients (cc): ["linux-kernel@vger.kernel.org" "tparkin@katalix.com"]
crash: BUG: sleeping function called from invalid context in static_key_slow_inc
BUG: sleeping function called from invalid context at include/linux/percpu-rwsem.h:49
in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 4175, name: syz-executor.0
preempt_count: 1, expected: 0
RCU nest depth: 0, expected: 0
3 locks held by syz-executor.0/4175:
 #0: ffffffff8d0969d0 (cb_lock){++++}-{3:3}, at: genl_rcv+0x14/0x30 net/netlink/genetlink.c:860
 #1: ffffffff8d096a88 (genl_mutex){+.+.}-{3:3}, at: genl_lock net/netlink/genetlink.c:33 [inline]
 #1: ffffffff8d096a88 (genl_mutex){+.+.}-{3:3}, at: genl_rcv_msg+0x3e5/0x630 net/netlink/genetlink.c:848
 #2: ffff88801168cc38 (k-clock-AF_INET){+++.}-{2:2}, at: l2tp_tunnel_register+0xf9/0xf60 net/l2tp/l2tp_core.c:1477
Preemption disabled at:
[<0000000000000000>] 0x0
CPU: 0 PID: 4175 Comm: syz-executor.0 Not tainted 6.1.0-rc4-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x5b/0x81 lib/dump_stack.c:106
 __might_resched.cold+0x222/0x26b kernel/sched/core.c:9890
 percpu_down_read include/linux/percpu-rwsem.h:49 [inline]
 cpus_read_lock+0x15/0xd0 kernel/cpu.c:310
 static_key_slow_inc+0xd/0x20 kernel/jump_label.c:158
 l2tp_tunnel_register+0x9c3/0xf60 net/l2tp/l2tp_core.c:1509
 l2tp_nl_cmd_tunnel_create+0x364/0x9a0 net/l2tp/l2tp_netlink.c:245
 genl_family_rcv_msg_doit+0x1e4/0x2f0 net/netlink/genetlink.c:756
 genl_family_rcv_msg net/netlink/genetlink.c:833 [inline]
 genl_rcv_msg+0x34c/0x630 net/netlink/genetlink.c:850
 netlink_rcv_skb+0x11c/0x370 net/netlink/af_netlink.c:2540
 genl_rcv+0x23/0x30 net/netlink/genetlink.c:861
 netlink_unicast_kernel net/netlink/af_netlink.c:1319 [inline]
 netlink_unicast+0x437/0x710 net/netlink/af_netlink.c:1345
 netlink_sendmsg+0x786/0xc30 net/netlink/af_netlink.c:1921
 sock_sendmsg_nosec net/socket.c:714 [inline]
 sock_sendmsg+0xaf/0xe0 net/socket.c:734
 sock_no_sendpage+0x100/0x150 net/core/sock.c:3219
 kernel_sendpage.part.0+0x12f/0x520 net/socket.c:3561
 kernel_sendpage net/socket.c:3558 [inline]
 sock_sendpage+0xc1/0x190 net/socket.c:1054
 pipe_to_sendpage+0x249/0x410 fs/splice.c:361
 splice_from_pipe_feed fs/splice.c:415 [inline]
 __splice_from_pipe+0x375/0x810 fs/splice.c:559
 splice_from_pipe fs/splice.c:594 [inline]
 generic_splice_sendpage+0xbe/0x120 fs/splice.c:743
 do_splice_from fs/splice.c:764 [inline]
 direct_splice_actor+0xff/0x1d0 fs/splice.c:931
 splice_direct_to_actor+0x2bf/0x790 fs/splice.c:886
 do_splice_direct+0x14c/0x260 fs/splice.c:974
 do_sendfile+0x93d/0x1150 fs/read_write.c:1255
 __do_sys_sendfile64 fs/read_write.c:1323 [inline]
 __se_sys_sendfile64 fs/read_write.c:1309 [inline]
 __x64_sys_sendfile64+0x18a/0x1d0 fs/read_write.c:1309
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7f5b5a68b639
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f5b5b350168 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
RAX: ffffffffffffffda RBX: 00007f5b5a7abf80 RCX: 00007f5b5a68b639
RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000005
RBP: 00007f5b5a6e6ae9 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000100000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffc53d868ef R14: 00007f5b5b350300 R15: 0000000000022000
 </TASK>