bisecting cause commit starting from c8a8ead01736419a14c3106e1f26a79d74fc84c7
building syzkaller on a945f0a3953e1d7e6cbd177e11a3a84476a53286
testing commit c8a8ead01736419a14c3106e1f26a79d74fc84c7 with gcc (GCC) 8.1.0
kernel signature: 419485194ff9f595d0a29d3969270f5fdcaea1233da4fcb9f9c56bf445811a82
all runs: crashed: WARNING: suspicious RCU usage in tcp_disconnect
testing release v5.10
testing commit 2c85ebc57b3e1817b6ce1a6b703928e113a90442 with gcc (GCC) 8.1.0
kernel signature: 395a614079c9030036488f72c030c4708fae86b9aba956ca15d15003efd3a593
all runs: OK
# git bisect start c8a8ead01736419a14c3106e1f26a79d74fc84c7 2c85ebc57b3e1817b6ce1a6b703928e113a90442
Bisecting: 6678 revisions left to test after this (roughly 13 steps)
[3db1a3fa98808aa90f95ec3e0fa2fc7abf28f5c9] Merge tag 'staging-5.11-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging

testing commit 3db1a3fa98808aa90f95ec3e0fa2fc7abf28f5c9 with gcc (GCC) 8.1.0
kernel signature: 6c9809d6712e897dccefdc6b430d7d43d2f2bd116c2c5d44d2bc23ac679aef61
all runs: OK
# git bisect good 3db1a3fa98808aa90f95ec3e0fa2fc7abf28f5c9
Bisecting: 3078 revisions left to test after this (roughly 12 steps)
[9805529ec544ea7a82d891d5239a8ebd3dbb2a3e] Merge tag 'arm-soc-dt-5.11' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc

testing commit 9805529ec544ea7a82d891d5239a8ebd3dbb2a3e with gcc (GCC) 8.1.0
kernel signature: ebc2bf19b9b97d2d465977b4a1a0d8b35c66496a5a60baa86cb7f96369491ecb
all runs: OK
# git bisect good 9805529ec544ea7a82d891d5239a8ebd3dbb2a3e
Bisecting: 1540 revisions left to test after this (roughly 11 steps)
[c2703b66172fff39122012e42986b44c9c6ad5f1] Merge tag 'hsi-for-5.11' of git://git.kernel.org/pub/scm/linux/kernel/git/sre/linux-hsi

testing commit c2703b66172fff39122012e42986b44c9c6ad5f1 with gcc (GCC) 8.1.0
kernel signature: 9259d854e163745ad2f6a330733fa4486b4a52ad28cac1ca3e78a98458fe564d
all runs: OK
# git bisect good c2703b66172fff39122012e42986b44c9c6ad5f1
Bisecting: 770 revisions left to test after this (roughly 10 steps)
[2762db756f422861c70868bc2d4b9b5d1ce6a59d] Merge tag 'kconfig-v5.11' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild

testing commit 2762db756f422861c70868bc2d4b9b5d1ce6a59d with gcc (GCC) 8.1.0
kernel signature: d9ffe71534a322016805213f5a0160a3922b74a37a0c3bb180f2aa489ddff160
all runs: OK
# git bisect good 2762db756f422861c70868bc2d4b9b5d1ce6a59d
Bisecting: 384 revisions left to test after this (roughly 9 steps)
[33c148a4ae7dc3cd440f6c0d746ac7f0ff320682] Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6

testing commit 33c148a4ae7dc3cd440f6c0d746ac7f0ff320682 with gcc (GCC) 8.1.0
kernel signature: d994dffdd4ab52e6a3e5f753cb643231fce5072360ed8cdefec751b138934c77
all runs: OK
# git bisect good 33c148a4ae7dc3cd440f6c0d746ac7f0ff320682
Bisecting: 184 revisions left to test after this (roughly 8 steps)
[aa35e45cd42aa249562c65e440c8d69fb84945d9] Merge tag 'net-5.11-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net

testing commit aa35e45cd42aa249562c65e440c8d69fb84945d9 with gcc (GCC) 8.1.0
kernel signature: 839a0aa0cdf04e8b9da30ea45c9a089eb17c31ae43386d910e8ef5664957c539
all runs: OK
# git bisect good aa35e45cd42aa249562c65e440c8d69fb84945d9
Bisecting: 99 revisions left to test after this (roughly 7 steps)
[220efcf9caf755bdf92892afd37484cb6859e0d2] Merge tag 'mlx5-fixes-2021-01-07' of git://git.kernel.org/pub/scm/linux/kernel/git/saeed/linux

testing commit 220efcf9caf755bdf92892afd37484cb6859e0d2 with gcc (GCC) 8.1.0
kernel signature: 30234b3ad36503bc1eaac7ba106de065351716864178c549e7de1be6698b47aa
all runs: OK
# git bisect good 220efcf9caf755bdf92892afd37484cb6859e0d2
Bisecting: 49 revisions left to test after this (roughly 6 steps)
[f5e6c330254ae691f6d7befe61c786eb5056007e] Merge tag 'spi-fix-v5.11-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/spi

testing commit f5e6c330254ae691f6d7befe61c786eb5056007e with gcc (GCC) 8.1.0
kernel signature: 31f6014f4dfe99bf5b58207426e17a95edfd15f0263057fffae86ac7fdd08975
all runs: OK
# git bisect good f5e6c330254ae691f6d7befe61c786eb5056007e
Bisecting: 24 revisions left to test after this (roughly 5 steps)
[938288349ca8a9d4b936bf5d2f6dd4526a598974] dt-bindings: net: dwmac: fix queue priority documentation

testing commit 938288349ca8a9d4b936bf5d2f6dd4526a598974 with gcc (GCC) 8.1.0
kernel signature: 99e2f53fec622ab18b3366abda34c6b1069f1ea336e75ed51a3a4af9c3c448b3
all runs: OK
# git bisect good 938288349ca8a9d4b936bf5d2f6dd4526a598974
Bisecting: 12 revisions left to test after this (roughly 4 steps)
[2284bbd0cf3981462dc6d729c89851c66b05a66a] r8153_ecm: Add Lenovo Powered USB-C Hub as a fallback of r8152

testing commit 2284bbd0cf3981462dc6d729c89851c66b05a66a with gcc (GCC) 8.1.0
kernel signature: 2c0d1c219ab12fb0551dbc35bf0940b36706b2955d02b211fa23ec51dd6ae512
all runs: OK
# git bisect good 2284bbd0cf3981462dc6d729c89851c66b05a66a
Bisecting: 6 revisions left to test after this (roughly 3 steps)
[584c19f92754e9d590d75a94df66c47f7c4fd2cc] Merge branch 'mptcp-a-couple-of-fixes'

testing commit 584c19f92754e9d590d75a94df66c47f7c4fd2cc with gcc (GCC) 8.1.0
kernel signature: fe714a42699373683c1ab4e7f902cdc48d6f250b89b311f979baab967c744f52
all runs: crashed: WARNING: suspicious RCU usage in tcp_disconnect
# git bisect bad 584c19f92754e9d590d75a94df66c47f7c4fd2cc
Bisecting: 2 revisions left to test after this (roughly 2 steps)
[ece9ab2a78afa1424c1aff45b1a95748dbc1f100] Merge branch 'bnxt_en-bug-fixes'

testing commit ece9ab2a78afa1424c1aff45b1a95748dbc1f100 with gcc (GCC) 8.1.0
kernel signature: 2c0d1c219ab12fb0551dbc35bf0940b36706b2955d02b211fa23ec51dd6ae512
all runs: OK
# git bisect good ece9ab2a78afa1424c1aff45b1a95748dbc1f100
Bisecting: 0 revisions left to test after this (roughly 1 step)
[76e2a55d16259b51116767b28b19d759bff43f72] mptcp: better msk-level shutdown.

testing commit 76e2a55d16259b51116767b28b19d759bff43f72 with gcc (GCC) 8.1.0
kernel signature: fe714a42699373683c1ab4e7f902cdc48d6f250b89b311f979baab967c744f52
all runs: crashed: WARNING: suspicious RCU usage in tcp_disconnect
# git bisect bad 76e2a55d16259b51116767b28b19d759bff43f72
Bisecting: 0 revisions left to test after this (roughly 0 steps)
[20bc80b6f582ad1151c52ca09ab66b472768c9c8] mptcp: more strict state checking for acks

testing commit 20bc80b6f582ad1151c52ca09ab66b472768c9c8 with gcc (GCC) 8.1.0
kernel signature: ed5cc65b83faa0ec118e509332c9bd0a660608258392818579a32a850f13115d
all runs: OK
# git bisect good 20bc80b6f582ad1151c52ca09ab66b472768c9c8
76e2a55d16259b51116767b28b19d759bff43f72 is the first bad commit
commit 76e2a55d16259b51116767b28b19d759bff43f72
Author: Paolo Abeni <pabeni@redhat.com>
Date:   Tue Jan 12 18:25:24 2021 +0100

    mptcp: better msk-level shutdown.
    
    Instead of re-implementing most of inet_shutdown, re-use
    such helper, and implement the MPTCP-specific bits at the
    'proto' level.
    
    The msk-level disconnect() can now be invoked, lets provide a
    suitable implementation.
    
    As a side effect, this fixes bad state management for listener
    sockets. The latter could lead to division by 0 oops since
    commit ea4ca586b16f ("mptcp: refine MPTCP-level ack scheduling").
    
    Fixes: 43b54c6ee382 ("mptcp: Use full MPTCP-level disconnect state machine")
    Fixes: ea4ca586b16f ("mptcp: refine MPTCP-level ack scheduling")
    Signed-off-by: Paolo Abeni <pabeni@redhat.com>
    Reviewed-by: Mat Martineau <mathew.j.martineau@linux.intel.com>
    Signed-off-by: Jakub Kicinski <kuba@kernel.org>

 net/mptcp/protocol.c | 62 ++++++++++++++--------------------------------------
 1 file changed, 17 insertions(+), 45 deletions(-)

culprit signature: fe714a42699373683c1ab4e7f902cdc48d6f250b89b311f979baab967c744f52
parent  signature: ed5cc65b83faa0ec118e509332c9bd0a660608258392818579a32a850f13115d
revisions tested: 16, total time: 3h18m55.128957476s (build: 1h16m25.146129786s, test: 2h0m49.784002725s)
first bad commit: 76e2a55d16259b51116767b28b19d759bff43f72 mptcp: better msk-level shutdown.
recipients (to): ["kuba@kernel.org" "mathew.j.martineau@linux.intel.com" "pabeni@redhat.com"]
recipients (cc): []
crash: WARNING: suspicious RCU usage in tcp_disconnect
=============================
WARNING: suspicious RCU usage
5.11.0-rc2-syzkaller #0 Not tainted
-----------------------------
include/net/sock.h:1975 suspicious rcu_dereference_protected() usage!

other info that might help us debug this:


rcu_scheduler_active = 2, debug_locks = 1
1 lock held by syz-executor.2/10193:
 #0: ffff88810b4b8120 (sk_lock-AF_INET6){+.+.}-{0:0}, at: lock_sock include/net/sock.h:1594 [inline]
 #0: ffff88810b4b8120 (sk_lock-AF_INET6){+.+.}-{0:0}, at: inet_shutdown+0x32/0x100 net/ipv4/af_inet.c:871

stack backtrace:
CPU: 0 PID: 10193 Comm: syz-executor.2 Not tainted 5.11.0-rc2-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:79 [inline]
 dump_stack+0x77/0x97 lib/dump_stack.c:120
 __sk_dst_set include/net/sock.h:1974 [inline]
 __sk_dst_reset include/net/sock.h:1994 [inline]
 tcp_disconnect+0x66c/0x690 net/ipv4/tcp.c:2963
 mptcp_disconnect+0x2e/0x40 net/mptcp/protocol.c:2650
 inet_shutdown+0xa1/0x100 net/ipv4/af_inet.c:901
 __sys_shutdown+0x37/0x70 net/socket.c:2196
 __do_sys_shutdown net/socket.c:2204 [inline]
 __se_sys_shutdown net/socket.c:2202 [inline]
 __x64_sys_shutdown+0xd/0x10 net/socket.c:2202
 do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
 entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x45e219
Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007f0e37bddc68 EFLAGS: 00000246 ORIG_RAX: 0000000000000030
RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 000000000045e219
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
RBP: 000000000119bfb8 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 000000000119bf8c
R13: 00007ffd49a0564f R14: 00007f0e37bde9c0 R15: 000000000119bf8c