bisecting cause commit starting from 2f631133c40cd8e311ae393518c3e651e476ab66
building syzkaller on 196277c4035b5442b7a259953677543566c9b9a9
testing commit 2f631133c40cd8e311ae393518c3e651e476ab66 with gcc (GCC) 8.1.0
kernel signature: fbf0a54d33c76e6f644aeee91898dbcedebffef19fa924f76837b31719670d22
all runs: crashed: WARNING: suspicious RCU usage in ovs_flow_tbl_destroy
testing release v5.7
testing commit 3d77e6a8804abcc0504c904bd6e5cdf3a5cf8162 with gcc (GCC) 8.1.0
kernel signature: 2d3293a3c5678dc67c65497c2398fefd94c8e9d705444c1c89aadb30105064e3
all runs: OK
# git bisect start 2f631133c40cd8e311ae393518c3e651e476ab66 3d77e6a8804abcc0504c904bd6e5cdf3a5cf8162
Bisecting: 9868 revisions left to test after this (roughly 13 steps)
[9d71d3cd9ef040c284506648285915e9ba4d08c4] Merge tag 'arm-dt-5.8' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc
testing commit 9d71d3cd9ef040c284506648285915e9ba4d08c4 with gcc (GCC) 8.1.0
kernel signature: d158c80ad70d44b8e3e985a39d1b788a2db3fca7f7af38728dae03e138f2d98e
all runs: OK
# git bisect good 9d71d3cd9ef040c284506648285915e9ba4d08c4
Bisecting: 5000 revisions left to test after this (roughly 12 steps)
[6c3297841472b4e53e22e53826eea9e483d993e5] Merge tag 'notifications-20200601' of git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs
testing commit 6c3297841472b4e53e22e53826eea9e483d993e5 with gcc (GCC) 8.1.0
kernel signature: e43193c3a0c87da923fe1982a3fbcb96abb1454c6cebd3d7b0f6aa2f614ed1e9
all runs: basic kernel testing failed: BUG: using smp_processor_id() in preemptible code in ext4_mb_new_blocks
# git bisect skip 6c3297841472b4e53e22e53826eea9e483d993e5
Bisecting: 5000 revisions left to test after this (roughly 12 steps)
[1b032ec1ecbce6047af7d11c9db432e237cb17d8] iommu: Unexport iommu_group_get_for_dev()
testing commit 1b032ec1ecbce6047af7d11c9db432e237cb17d8 with gcc (GCC) 8.1.0
kernel signature: ed20c4696a6d10bcb75633ea660f14984ebedf8901a95d26d663ba77f819437a
all runs: OK
# git bisect good 1b032ec1ecbce6047af7d11c9db432e237cb17d8
Bisecting: 4857 revisions left to test after this (roughly 12 steps)
[076f14be7fc942e112c94c841baec44124275cd0] Merge tag 'x86-entry-2020-06-12' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
testing commit 076f14be7fc942e112c94c841baec44124275cd0 with gcc (GCC) 8.1.0
kernel signature: 68f2bd641208ffff16aab3994eb697ac7c5a788944e2fa2c2f5a4e2d9d109a46
all runs: basic kernel testing failed: BUG: using smp_processor_id() in preemptible code in ext4_mb_new_blocks
# git bisect skip 076f14be7fc942e112c94c841baec44124275cd0
Bisecting: 4857 revisions left to test after this (roughly 12 steps)
[ba3823ca6a052d1aea2c7f7bf8ed6377f5f180e3] Merge branch 'Fixes-for-OF_MDIO-flag'
testing commit ba3823ca6a052d1aea2c7f7bf8ed6377f5f180e3 with gcc (GCC) 8.1.0
kernel signature: 517572fa29bd90c578d71e984319d4251dbce4e3235423ca76729dd5b1cd2ea1
all runs: OK
# git bisect good ba3823ca6a052d1aea2c7f7bf8ed6377f5f180e3
Bisecting: 4857 revisions left to test after this (roughly 12 steps)
[d845a2051b6b673fab4229b920ea04c7c4352b51] drm/amdgpu: fix preemption unit test
testing commit d845a2051b6b673fab4229b920ea04c7c4352b51 with gcc (GCC) 8.1.0
kernel signature: 4a284f859c91537fa348e72fa30abf00db6ecad8065a270f05828a58c82b36d9
all runs: OK
# git bisect good d845a2051b6b673fab4229b920ea04c7c4352b51
Bisecting: 1628 revisions left to test after this (roughly 11 steps)
[256ca7449fbcc0351c349abf83d1869e31504725] sis: switch from 'pci_' to 'dma_' API
testing commit 256ca7449fbcc0351c349abf83d1869e31504725 with gcc (GCC) 8.1.0
kernel signature: 6cbc55f8366f3f9e92adaf2bb280261a6f03652befa33535532d933e22a068c6
all runs: OK
# git bisect good 256ca7449fbcc0351c349abf83d1869e31504725
Bisecting: 841 revisions left to test after this (roughly 10 steps)
[0ae3495b6502cf93634cbd027cb2f6f9f83a406f] Merge tag 'for-linus-2020-08-01' of git://git.kernel.org/pub/scm/linux/kernel/git/brauner/linux
testing commit 0ae3495b6502cf93634cbd027cb2f6f9f83a406f with gcc (GCC) 8.1.0
kernel signature: 076bffc55cc380464800f74e25fe6f41a8e115bb581f3b1783ed20789e782dfc
all runs: OK
# git bisect good 0ae3495b6502cf93634cbd027cb2f6f9f83a406f
Bisecting: 420 revisions left to test after this (roughly 9 steps)
[965b549f3c20dba97c206937f163379ee44c9c04] sfc_ef100: implement ndo_open/close and EVQ probing
testing commit 965b549f3c20dba97c206937f163379ee44c9c04 with gcc (GCC) 8.1.0
kernel signature: ae4a466fd6087dd57382320e994384af84ae682386d093f4a5db9d78d5d78ce5
run #0: OK
run #1: OK
run #2: OK
run #3: OK
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: basic kernel testing failed: failed to copy test binary to VM: failed to run ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "-i" "/syzkaller/jobs/linux/workdir/image/key" "/tmp/syz-executor866248349" "root@10.128.10.43:./syz-executor866248349"]: exit status 1
Connection timed out during banner exchange
lost connection

# git bisect good 965b549f3c20dba97c206937f163379ee44c9c04
Bisecting: 197 revisions left to test after this (roughly 8 steps)
[4bb540dbe442ec5e4b48af8aed12663e0754bbe2] Merge branch 'for-upstream' of git://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next
testing commit 4bb540dbe442ec5e4b48af8aed12663e0754bbe2 with gcc (GCC) 8.1.0
net/bluetooth/sco.c:862:3: error: cannot convert to a pointer type
# git bisect skip 4bb540dbe442ec5e4b48af8aed12663e0754bbe2
Bisecting: 197 revisions left to test after this (roughly 8 steps)
[d6526926de7397a97308780911565e31a6b67b59] net: mvpp2: fix memory leak in mvpp2_rx
testing commit d6526926de7397a97308780911565e31a6b67b59 with gcc (GCC) 8.1.0
kernel signature: cc6dda70731897462f930fbfd1aacd1d083c39f561b48b3f18313877b37d530d
all runs: OK
# git bisect good d6526926de7397a97308780911565e31a6b67b59
Bisecting: 8 revisions left to test after this (roughly 3 steps)
[155f15ad6760718288c914962bff8acd39942573] ionic: use fewer firmware doorbells on rx fill
testing commit 155f15ad6760718288c914962bff8acd39942573 with gcc (GCC) 8.1.0
kernel signature: 06326542711df79ab7bce8ef6908fbafbbf2fdde5defbc00047e293005522311
all runs: crashed: WARNING: suspicious RCU usage in ovs_flow_tbl_destroy
# git bisect bad 155f15ad6760718288c914962bff8acd39942573
Bisecting: 3 revisions left to test after this (roughly 2 steps)
[d208a42a62e70b9c86b46b7bad126eb862891314] ipv6/addrconf: call addrconf_ifdown with consistent values
testing commit d208a42a62e70b9c86b46b7bad126eb862891314 with gcc (GCC) 8.1.0
kernel signature: dc0b57bcab434366ceb0ec28d26d3c71da34286b51bc80200e8ca80a4cd6f753
all runs: crashed: WARNING: suspicious RCU usage in ovs_flow_tbl_destroy
# git bisect bad d208a42a62e70b9c86b46b7bad126eb862891314
Bisecting: 1 revision left to test after this (roughly 1 step)
[9bf24f594c6acf676fb8c229f152c21bfb915ddb] net: openvswitch: make masks cache size configurable
testing commit 9bf24f594c6acf676fb8c229f152c21bfb915ddb with gcc (GCC) 8.1.0
kernel signature: 07284ccd60174b0b9abb261aa086852042b71e3ce2bf523728da535c279caf2b
all runs: crashed: WARNING: suspicious RCU usage in ovs_flow_tbl_destroy
# git bisect bad 9bf24f594c6acf676fb8c229f152c21bfb915ddb
Bisecting: 0 revisions left to test after this (roughly 0 steps)
[9d2f627b7ec9d5d3246b6cec17f290ee6778c83b] net: openvswitch: add masks cache hit counter
testing commit 9d2f627b7ec9d5d3246b6cec17f290ee6778c83b with gcc (GCC) 8.1.0
kernel signature: e7bd360b4f6f81b7f6f9a9fa7e59e1e86ee256e81658aa9da44464de6e78ac12
all runs: OK
# git bisect good 9d2f627b7ec9d5d3246b6cec17f290ee6778c83b
9bf24f594c6acf676fb8c229f152c21bfb915ddb is the first bad commit
commit 9bf24f594c6acf676fb8c229f152c21bfb915ddb
Author: Eelco Chaudron <echaudro@redhat.com>
Date:   Fri Jul 31 14:21:34 2020 +0200

    net: openvswitch: make masks cache size configurable
    
    This patch makes the masks cache size configurable, or with
    a size of 0, disable it.
    
    Reviewed-by: Paolo Abeni <pabeni@redhat.com>
    Reviewed-by: Tonghao Zhang <xiangxia.m.yue@gmail.com>
    Signed-off-by: Eelco Chaudron <echaudro@redhat.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>

 include/uapi/linux/openvswitch.h |   1 +
 net/openvswitch/datapath.c       |  17 +++++++
 net/openvswitch/flow_table.c     | 101 ++++++++++++++++++++++++++++++++++-----
 net/openvswitch/flow_table.h     |  10 +++-
 4 files changed, 115 insertions(+), 14 deletions(-)
culprit signature: 07284ccd60174b0b9abb261aa086852042b71e3ce2bf523728da535c279caf2b
parent  signature: e7bd360b4f6f81b7f6f9a9fa7e59e1e86ee256e81658aa9da44464de6e78ac12
revisions tested: 17, total time: 3h29m45.671332179s (build: 1h28m3.495254004s, test: 1h59m58.693174459s)
first bad commit: 9bf24f594c6acf676fb8c229f152c21bfb915ddb net: openvswitch: make masks cache size configurable
recipients (to): ["davem@davemloft.net" "echaudro@redhat.com" "pabeni@redhat.com" "xiangxia.m.yue@gmail.com"]
recipients (cc): []
crash: WARNING: suspicious RCU usage in ovs_flow_tbl_destroy
netlink: 'syz-executor.0': attribute type 2 has an invalid length.
=============================
WARNING: suspicious RCU usage
5.8.0-rc7-syzkaller #0 Not tainted
-----------------------------
net/openvswitch/flow_table.c:521 suspicious rcu_dereference_check() usage!

other info that might help us debug this:


rcu_scheduler_active = 2, debug_locks = 1
1 lock held by syz-executor.0/8440:
 #0: ffffffff8453d350 (cb_lock){++++}-{3:3}, at: genl_rcv+0x10/0x30 net/netlink/genetlink.c:741

stack backtrace:
CPU: 1 PID: 8440 Comm: syz-executor.0 Not tainted 5.8.0-rc7-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0xb3/0xec lib/dump_stack.c:118
 ovs_flow_tbl_destroy+0xd3/0xe0 net/openvswitch/flow_table.c:521
 ovs_dp_cmd_new+0x247/0x480 net/openvswitch/datapath.c:1747
 genl_family_rcv_msg_doit net/netlink/genetlink.c:669 [inline]
 genl_family_rcv_msg net/netlink/genetlink.c:714 [inline]
 genl_rcv_msg+0x1d0/0x2ef net/netlink/genetlink.c:731
 netlink_rcv_skb+0x41/0x110 net/netlink/af_netlink.c:2470
 genl_rcv+0x1f/0x30 net/netlink/genetlink.c:742
 netlink_unicast_kernel net/netlink/af_netlink.c:1304 [inline]
 netlink_unicast+0x19a/0x270 net/netlink/af_netlink.c:1330
 netlink_sendmsg+0x248/0x480 net/netlink/af_netlink.c:1919
 sock_sendmsg_nosec net/socket.c:651 [inline]
 sock_sendmsg+0x2b/0x40 net/socket.c:671
 ____sys_sendmsg+0x1ed/0x230 net/socket.c:2359
 ___sys_sendmsg+0x77/0xb0 net/socket.c:2413
 __sys_sendmsg+0x52/0xa0 net/socket.c:2446
 do_syscall_64+0x60/0xe0 arch/x86/entry/common.c:384
 entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x45cce9
Code: 2d b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb b5 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007f2e27b0ec78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 000000000002bec0 RCX: 000000000045cce9
RDX: 0000000000000000 RSI: 00000000200000c0 RDI: 0000000000000003
RBP: 000000000078bf40 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078bf0c
R13: 00007ffe1fb93bff R14: 00007f2e27b0f9c0 R15: 000000000078bf0c

=============================
WARNING: suspicious RCU usage
5.8.0-rc7-syzkaller #0 Not tainted
-----------------------------
net/openvswitch/flow_table.c:522 suspicious rcu_dereference_check() usage!

other info that might help us debug this:


rcu_scheduler_active = 2, debug_locks = 1
1 lock held by syz-executor.0/8440:
 #0: ffffffff8453d350 (cb_lock){++++}-{3:3}, at: genl_rcv+0x10/0x30 net/netlink/genetlink.c:741

stack backtrace:
CPU: 1 PID: 8440 Comm: syz-executor.0 Not tainted 5.8.0-rc7-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0xb3/0xec lib/dump_stack.c:118
 ovs_flow_tbl_destroy+0xa5/0xe0 net/openvswitch/flow_table.c:522
 ovs_dp_cmd_new+0x247/0x480 net/openvswitch/datapath.c:1747
 genl_family_rcv_msg_doit net/netlink/genetlink.c:669 [inline]
 genl_family_rcv_msg net/netlink/genetlink.c:714 [inline]
 genl_rcv_msg+0x1d0/0x2ef net/netlink/genetlink.c:731
 netlink_rcv_skb+0x41/0x110 net/netlink/af_netlink.c:2470
 genl_rcv+0x1f/0x30 net/netlink/genetlink.c:742
 netlink_unicast_kernel net/netlink/af_netlink.c:1304 [inline]
 netlink_unicast+0x19a/0x270 net/netlink/af_netlink.c:1330
 netlink_sendmsg+0x248/0x480 net/netlink/af_netlink.c:1919
 sock_sendmsg_nosec net/socket.c:651 [inline]
 sock_sendmsg+0x2b/0x40 net/socket.c:671
 ____sys_sendmsg+0x1ed/0x230 net/socket.c:2359
 ___sys_sendmsg+0x77/0xb0 net/socket.c:2413
 __sys_sendmsg+0x52/0xa0 net/socket.c:2446
 do_syscall_64+0x60/0xe0 arch/x86/entry/common.c:384
 entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x45cce9
Code: 2d b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb b5 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007f2e27b0ec78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 000000000002bec0 RCX: 000000000045cce9
RDX: 0000000000000000 RSI: 00000000200000c0 RDI: 0000000000000003
RBP: 000000000078bf40 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078bf0c
R13: 00007ffe1fb93bff R14: 00007f2e27b0f9c0 R15: 000000000078bf0c