bisecting cause commit starting from e142723700baaa621c1b4649ec17a714a4d4a582
building syzkaller on dfd3394d42ddd333c68cf355273b312da8c65a51
testing commit e142723700baaa621c1b4649ec17a714a4d4a582 with gcc (GCC) 8.1.0
all runs: crashed: BUG: using __this_cpu_read() in preemptible code in sk_mc_loop
testing release v5.0
testing commit 1c163f4c7b3f621efff9b28a47abb36f7378d783 with gcc (GCC) 8.1.0
all runs: OK
# git bisect start e142723700baaa621c1b4649ec17a714a4d4a582 v5.0
Bisecting: 6458 revisions left to test after this (roughly 13 steps)
[39e07cb60860e3162fc377380b8a60409315681e] kcov: convert kcov.refcount to refcount_t
testing commit 39e07cb60860e3162fc377380b8a60409315681e with gcc (GCC) 8.1.0
all runs: OK
# git bisect good 39e07cb60860e3162fc377380b8a60409315681e
Bisecting: 3107 revisions left to test after this (roughly 12 steps)
[a50243b1ddcdd766d0d17fbfeeb1a22e62fdc461] Merge tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma
testing commit a50243b1ddcdd766d0d17fbfeeb1a22e62fdc461 with gcc (GCC) 8.1.0
all runs: OK
# git bisect good a50243b1ddcdd766d0d17fbfeeb1a22e62fdc461
Bisecting: 1576 revisions left to test after this (roughly 11 steps)
[2f194646fecaa9fd4607b670ee9ef84d9ed04566] Merge tag 'rproc-v5.1' of git://github.com/andersson/remoteproc
testing commit 2f194646fecaa9fd4607b670ee9ef84d9ed04566 with gcc (GCC) 8.1.0
all runs: OK
# git bisect good 2f194646fecaa9fd4607b670ee9ef84d9ed04566
Bisecting: 790 revisions left to test after this (roughly 10 steps)
[070c95d457267eefecd70f5dd434740201d5083c] Merge tag 'iommu-fixes-v5.1-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/joro/iommu
testing commit 070c95d457267eefecd70f5dd434740201d5083c with gcc (GCC) 8.1.0
all runs: OK
# git bisect good 070c95d457267eefecd70f5dd434740201d5083c
Bisecting: 377 revisions left to test after this (roughly 9 steps)
[1a9df9e29c2afecf6e3089442d429b377279ca3c] Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
testing commit 1a9df9e29c2afecf6e3089442d429b377279ca3c with gcc (GCC) 8.1.0
all runs: OK
# git bisect good 1a9df9e29c2afecf6e3089442d429b377279ca3c
Bisecting: 188 revisions left to test after this (roughly 8 steps)
[9d685c11bf980bdd8036fb003db5a28913192f2e] net: phy: aquantia: print remote capabilities if link partner is Aquantia PHY
testing commit 9d685c11bf980bdd8036fb003db5a28913192f2e with gcc (GCC) 8.1.0
all runs: OK
# git bisect good 9d685c11bf980bdd8036fb003db5a28913192f2e
Bisecting: 99 revisions left to test after this (roughly 7 steps)
[356d71e00d278d865f8c7f68adebd6ce4698a7e2] Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
testing commit 356d71e00d278d865f8c7f68adebd6ce4698a7e2 with gcc (GCC) 8.1.0
all runs: OK
# git bisect good 356d71e00d278d865f8c7f68adebd6ce4698a7e2
Bisecting: 49 revisions left to test after this (roughly 6 steps)
[113e59d09fbc7aadfe6fdb25d86c73be6cabc7bb] Merge branch 'selftests-forwarding-Add-new-test-cases'
testing commit 113e59d09fbc7aadfe6fdb25d86c73be6cabc7bb with gcc (GCC) 8.1.0
all runs: OK
# git bisect good 113e59d09fbc7aadfe6fdb25d86c73be6cabc7bb
Bisecting: 24 revisions left to test after this (roughly 5 steps)
[f3d4ef1a533a0521c73e343f8191b23702fe8ad6] mlxsw: spectrum_acl: Move rehash_dis trace call and err msg to vregion_migrate()
testing commit f3d4ef1a533a0521c73e343f8191b23702fe8ad6 with gcc (GCC) 8.1.0
all runs: OK
# git bisect good f3d4ef1a533a0521c73e343f8191b23702fe8ad6
Bisecting: 12 revisions left to test after this (roughly 4 steps)
[eff07b42d8cdb30af0d185335c3e48b7cfffc7ce] nfp: flower: reduce action list size by coalescing mangle actions
testing commit eff07b42d8cdb30af0d185335c3e48b7cfffc7ce with gcc (GCC) 8.1.0
all runs: OK
# git bisect good eff07b42d8cdb30af0d185335c3e48b7cfffc7ce
Bisecting: 6 revisions left to test after this (roughly 3 steps)
[74dcb4c1a52c7c6666319a149ad4adb001f1d00b] net: phy: aquantia: add SGMII statistics
testing commit 74dcb4c1a52c7c6666319a149ad4adb001f1d00b with gcc (GCC) 8.1.0
all runs: OK
# git bisect good 74dcb4c1a52c7c6666319a149ad4adb001f1d00b
Bisecting: 3 revisions left to test after this (roughly 2 steps)
[3c31ff22b25f15c6a642bb775884a599379a3cb5] drivers: mellanox: use netdev_xmit_more() helper
testing commit 3c31ff22b25f15c6a642bb775884a599379a3cb5 with gcc (GCC) 8.1.0
all runs: crashed: BUG: using __this_cpu_read() in preemptible code in sk_mc_loop
# git bisect bad 3c31ff22b25f15c6a642bb775884a599379a3cb5
Bisecting: 0 revisions left to test after this (roughly 1 step)
[6b16f9ee89b8d5709f24bc3ac89ae8b5452c0d7c] net: move skb->xmit_more hint to softnet data
testing commit 6b16f9ee89b8d5709f24bc3ac89ae8b5452c0d7c with gcc (GCC) 8.1.0
all runs: crashed: BUG: using __this_cpu_read() in preemptible code in sk_mc_loop
# git bisect bad 6b16f9ee89b8d5709f24bc3ac89ae8b5452c0d7c
Bisecting: 0 revisions left to test after this (roughly 0 steps)
[97cdcf37b57e3f204be3000b9eab9686f38b4356] net: place xmit recursion in softnet data
testing commit 97cdcf37b57e3f204be3000b9eab9686f38b4356 with gcc (GCC) 8.1.0
all runs: crashed: BUG: using __this_cpu_read() in preemptible code in sk_mc_loop
# git bisect bad 97cdcf37b57e3f204be3000b9eab9686f38b4356
97cdcf37b57e3f204be3000b9eab9686f38b4356 is the first bad commit
commit 97cdcf37b57e3f204be3000b9eab9686f38b4356
Author: Florian Westphal <fw@strlen.de>
Date:   Mon Apr 1 16:42:13 2019 +0200

    net: place xmit recursion in softnet data
    
    This fills a hole in softnet data, so no change in structure size.
    
    Also prepares for xmit_more placement in the same spot;
    skb->xmit_more will be removed in followup patch.
    
    Signed-off-by: Florian Westphal <fw@strlen.de>
    Signed-off-by: David S. Miller <davem@davemloft.net>

:040000 040000 76da6da7493a27156a0e74774236eb4eb1d66022 2a4dc6a69feb78c8f926db9c735be5a9f5e75041 M	include
:040000 040000 52f717771a86fc0855f31c117d0c3490dd3565e8 b157a54141f9c0cc107fc593bac07978c47686ab M	net
revisions tested: 16, total time: 4h6m55.981832184s (build: 1h34m48.494254632s, test: 2h26m18.322882066s)
first bad commit: 97cdcf37b57e3f204be3000b9eab9686f38b4356 net: place xmit recursion in softnet data
cc: ["alexander.h.duyck@intel.com" "amritha.nambiar@intel.com" "ast@kernel.org" "bpf@vger.kernel.org" "daniel@iogearbox.net" "davem@davemloft.net" "ecree@solarflare.com" "fw@strlen.de" "idosch@mellanox.com" "jiri@mellanox.com" "kafai@fb.com" "linux-kernel@vger.kernel.org" "lirongqing@baidu.com" "netdev@vger.kernel.org" "petrm@mellanox.com" "sd@queasysnail.net" "songliubraving@fb.com" "yhs@fb.com"]
crash: BUG: using __this_cpu_read() in preemptible code in sk_mc_loop
check_preemption_disabled: 6 callbacks suppressed
BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.5/7115
caller is dev_recursion_level include/linux/netdevice.h:3052 [inline]
caller is sk_mc_loop+0x16/0x180 net/core/sock.c:705
CPU: 1 PID: 7115 Comm: syz-executor.5 Not tainted 5.1.0-rc2+ #1
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x113/0x167 lib/dump_stack.c:113
 __this_cpu_preempt_check+0x1d2/0x200 lib/smp_processor_id.c:47
 dev_recursion_level include/linux/netdevice.h:3052 [inline]
 sk_mc_loop+0x16/0x180 net/core/sock.c:705
 ip_mc_output+0x25b/0xca0 net/ipv4/ip_output.c:352
 dst_output include/net/dst.h:433 [inline]
 ip_local_out+0x7e/0x130 net/ipv4/ip_output.c:124
 ip_send_skb+0x36/0xa0 net/ipv4/ip_output.c:1465
 ip_push_pending_frames+0x4d/0x70 net/ipv4/ip_output.c:1485
 raw_sendmsg+0xeac/0x2b20 net/ipv4/raw.c:676
 inet_sendmsg+0x10d/0x460 net/ipv4/af_inet.c:802
 sock_sendmsg_nosec net/socket.c:651 [inline]
 sock_sendmsg+0xb7/0xf0 net/socket.c:661
 kernel_sendmsg+0x26/0x30 net/socket.c:681
 sock_no_sendpage+0xfd/0x140 net/core/sock.c:2716
 inet_sendpage+0x367/0x620 net/ipv4/af_inet.c:820
 kernel_sendpage+0x63/0xd0 net/socket.c:3643
 sock_sendpage+0x6d/0xd0 net/socket.c:934
 pipe_to_sendpage+0x214/0x430 fs/splice.c:448
 splice_from_pipe_feed fs/splice.c:499 [inline]
 __splice_from_pipe+0x2cf/0x730 fs/splice.c:623
 splice_from_pipe+0xbb/0x120 fs/splice.c:658
 generic_splice_sendpage+0x10/0x20 fs/splice.c:828
 do_splice_from fs/splice.c:847 [inline]
 do_splice+0x5a5/0x1300 fs/splice.c:1154
 __do_sys_splice fs/splice.c:1424 [inline]
 __se_sys_splice fs/splice.c:1404 [inline]
 __x64_sys_splice+0x248/0x300 fs/splice.c:1404
 do_syscall_64+0xd6/0x4e0 arch/x86/entry/common.c:290
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x4582b9
Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007fa8abd53c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000113
RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000004582b9
RDX: 0000000000000005 RSI: 0000000000000000 RDI: 0000000000000003
RBP: 000000000073bfa0 R08: 0000000000010005 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa8abd546d4
R13: 00000000004c70e6 R14: 00000000004dc0e0 R15: 00000000ffffffff
BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.5/7115
caller is dev_recursion_level include/linux/netdevice.h:3052 [inline]
caller is sk_mc_loop+0x16/0x180 net/core/sock.c:705
CPU: 0 PID: 7115 Comm: syz-executor.5 Not tainted 5.1.0-rc2+ #1
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x113/0x167 lib/dump_stack.c:113
 __this_cpu_preempt_check+0x1d2/0x200 lib/smp_processor_id.c:47
 dev_recursion_level include/linux/netdevice.h:3052 [inline]
 sk_mc_loop+0x16/0x180 net/core/sock.c:705
 ip_mc_output+0x25b/0xca0 net/ipv4/ip_output.c:352
 dst_output include/net/dst.h:433 [inline]
 ip_local_out+0x7e/0x130 net/ipv4/ip_output.c:124
 ip_send_skb+0x36/0xa0 net/ipv4/ip_output.c:1465
 ip_push_pending_frames+0x4d/0x70 net/ipv4/ip_output.c:1485
 raw_sendmsg+0xeac/0x2b20 net/ipv4/raw.c:676
 inet_sendmsg+0x10d/0x460 net/ipv4/af_inet.c:802
 sock_sendmsg_nosec net/socket.c:651 [inline]
 sock_sendmsg+0xb7/0xf0 net/socket.c:661
 kernel_sendmsg+0x26/0x30 net/socket.c:681
 sock_no_sendpage+0xfd/0x140 net/core/sock.c:2716
 inet_sendpage+0x367/0x620 net/ipv4/af_inet.c:820
 kernel_sendpage+0x63/0xd0 net/socket.c:3643
 sock_sendpage+0x6d/0xd0 net/socket.c:934
 pipe_to_sendpage+0x214/0x430 fs/splice.c:448
 splice_from_pipe_feed fs/splice.c:499 [inline]
 __splice_from_pipe+0x2cf/0x730 fs/splice.c:623
 splice_from_pipe+0xbb/0x120 fs/splice.c:658
 generic_splice_sendpage+0x10/0x20 fs/splice.c:828
 do_splice_from fs/splice.c:847 [inline]
 do_splice+0x5a5/0x1300 fs/splice.c:1154
 __do_sys_splice fs/splice.c:1424 [inline]
 __se_sys_splice fs/splice.c:1404 [inline]
 __x64_sys_splice+0x248/0x300 fs/splice.c:1404
 do_syscall_64+0xd6/0x4e0 arch/x86/entry/common.c:290
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x4582b9
Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007fa8abd53c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000113
RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000004582b9
RDX: 0000000000000005 RSI: 0000000000000000 RDI: 0000000000000003
RBP: 000000000073bfa0 R08: 0000000000010005 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa8abd546d4
R13: 00000000004c70e6 R14: 00000000004dc0e0 R15: 00000000ffffffff
BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.5/7115
caller is dev_recursion_level include/linux/netdevice.h:3052 [inline]
caller is sk_mc_loop+0x16/0x180 net/core/sock.c:705
CPU: 1 PID: 7115 Comm: syz-executor.5 Not tainted 5.1.0-rc2+ #1
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x113/0x167 lib/dump_stack.c:113
 __this_cpu_preempt_check+0x1d2/0x200 lib/smp_processor_id.c:47
 dev_recursion_level include/linux/netdevice.h:3052 [inline]
 sk_mc_loop+0x16/0x180 net/core/sock.c:705
 ip_mc_output+0x25b/0xca0 net/ipv4/ip_output.c:352
 dst_output include/net/dst.h:433 [inline]
 ip_local_out+0x7e/0x130 net/ipv4/ip_output.c:124
 ip_send_skb+0x36/0xa0 net/ipv4/ip_output.c:1465
 ip_push_pending_frames+0x4d/0x70 net/ipv4/ip_output.c:1485
 raw_sendmsg+0xeac/0x2b20 net/ipv4/raw.c:676
 inet_sendmsg+0x10d/0x460 net/ipv4/af_inet.c:802
 sock_sendmsg_nosec net/socket.c:651 [inline]
 sock_sendmsg+0xb7/0xf0 net/socket.c:661
 kernel_sendmsg+0x26/0x30 net/socket.c:681
 sock_no_sendpage+0xfd/0x140 net/core/sock.c:2716
 inet_sendpage+0x367/0x620 net/ipv4/af_inet.c:820
 kernel_sendpage+0x63/0xd0 net/socket.c:3643
 sock_sendpage+0x6d/0xd0 net/socket.c:934
 pipe_to_sendpage+0x214/0x430 fs/splice.c:448
 splice_from_pipe_feed fs/splice.c:499 [inline]
 __splice_from_pipe+0x2cf/0x730 fs/splice.c:623
 splice_from_pipe+0xbb/0x120 fs/splice.c:658
 generic_splice_sendpage+0x10/0x20 fs/splice.c:828
 do_splice_from fs/splice.c:847 [inline]
 do_splice+0x5a5/0x1300 fs/splice.c:1154
 __do_sys_splice fs/splice.c:1424 [inline]
 __se_sys_splice fs/splice.c:1404 [inline]
 __x64_sys_splice+0x248/0x300 fs/splice.c:1404
 do_syscall_64+0xd6/0x4e0 arch/x86/entry/common.c:290
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x4582b9
Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007fa8abd53c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000113
RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000004582b9
RDX: 0000000000000005 RSI: 0000000000000000 RDI: 0000000000000003
RBP: 000000000073bfa0 R08: 0000000000010005 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa8abd546d4
R13: 00000000004c70e6 R14: 00000000004dc0e0 R15: 00000000ffffffff
BUG: using __this_cpu_read() in preemptible [00000000] code: syz-executor.5/7115
caller is dev_recursion_level include/linux/netdevice.h:3052 [inline]
caller is sk_mc_loop+0x16/0x180 net/core/sock.c:705
CPU: 0 PID: 7115 Comm: syz-executor.5 Not tainted 5.1.0-rc2+ #1
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x113/0x167 lib/dump_stack.c:113
 __this_cpu_preempt_check+0x1d2/0x200 lib/smp_processor_id.c:47
 dev_recursion_level include/linux/netdevice.h:3052 [inline]
 sk_mc_loop+0x16/0x180 net/core/sock.c:705
 ip_mc_output+0x25b/0xca0 net/ipv4/ip_output.c:352
 dst_output include/net/dst.h:433 [inline]
 ip_local_out+0x7e/0x130 net/ipv4/ip_output.c:124
 ip_send_skb+0x36/0xa0 net/ipv4/ip_output.c:1465
 ip_push_pending_frames+0x4d/0x70 net/ipv4/ip_output.c:1485
 raw_sendmsg+0xeac/0x2b20 net/ipv4/raw.c:676
 inet_sendmsg+0x10d/0x460 net/ipv4/af_inet.c:802
 sock_sendmsg_nosec net/socket.c:651 [inline]
 sock_sendmsg+0xb7/0xf0 net/socket.c:661
 kernel_sendmsg+0x26/0x30 net/socket.c:681
 sock_no_sendpage+0xfd/0x140 net/core/sock.c:2716
 inet_sendpage+0x367/0x620 net/ipv4/af_inet.c:820
 kernel_sendpage+0x63/0xd0 net/socket.c:3643
 sock_sendpage+0x6d/0xd0 net/socket.c:934
 pipe_to_sendpage+0x214/0x430 fs/splice.c:448
 splice_from_pipe_feed fs/splice.c:499 [inline]
 __splice_from_pipe+0x2cf/0x730 fs/splice.c:623
 splice_from_pipe+0xbb/0x120 fs/splice.c:658
 generic_splice_sendpage+0x10/0x20 fs/splice.c:828
 do_splice_from fs/splice.c:847 [inline]
 do_splice+0x5a5/0x1300 fs/splice.c:1154
 __do_sys_splice fs/splice.c:1424 [inline]
 __se_sys_splice fs/splice.c:1404 [inline]
 __x64_sys_splice+0x248/0x300 fs/splice.c:1404
 do_syscall_64+0xd6/0x4e0 arch/x86/entry/common.c:290
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x4582b9
Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007fa8abd53c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000113
RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000004582b9
RDX: 0000000000000005 RSI: 0000000000000000 RDI: 0000000000000003
RBP: 000000000073bfa0 R08: 0000000000010005 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa8abd546d4
R13: 00000000004c70e6 R14: 00000000004dc0e0 R15: 00000000ffffffff