bisecting cause commit starting from 9ec5eea5b6acfae7279203097eeec5d02d01d9b7 building syzkaller on 98682e5e2aefc9aad61354f4f3ac93be96002a2a testing commit 9ec5eea5b6acfae7279203097eeec5d02d01d9b7 with gcc (GCC) 10.2.1 20210217 kernel signature: 19dbdabe951e2e94be33c53b5a66d1fc5602875d78db098556b222474a5d6673 all runs: crashed: WARNING in dst_release testing release v5.10 testing commit 2c85ebc57b3e1817b6ce1a6b703928e113a90442 with gcc (GCC) 10.2.1 20210217 kernel signature: ad0020076c568fd04e3712999367961eadbdf96cf6f928f88e3fec927cee834c all runs: OK # git bisect start 9ec5eea5b6acfae7279203097eeec5d02d01d9b7 2c85ebc57b3e1817b6ce1a6b703928e113a90442 Bisecting: 8558 revisions left to test after this (roughly 13 steps) [571b12dd1ad41f371448b693c0bd2e64968c7af4] Merge tag 'hyperv-next-signed-20201214' of git://git.kernel.org/pub/scm/linux/kernel/git/hyperv/linux testing commit 571b12dd1ad41f371448b693c0bd2e64968c7af4 with gcc (GCC) 10.2.1 20210217 kernel signature: 22b1bef34345855c372ff8988c71a61f5c2794bab4128bbe907019bf2a4a8347 all runs: OK # git bisect good 571b12dd1ad41f371448b693c0bd2e64968c7af4 Bisecting: 4271 revisions left to test after this (roughly 12 steps) [1375b9803e007842493c64d0d73d7dd0e385e17c] Merge branch 'akpm' (patches from Andrew) testing commit 1375b9803e007842493c64d0d73d7dd0e385e17c with gcc (GCC) 10.2.1 20210217 kernel signature: fb3b0a8b146a871c0626446533e5bdcc0ccc66654ccb4a1409dd33b306de264f all runs: OK # git bisect good 1375b9803e007842493c64d0d73d7dd0e385e17c Bisecting: 2136 revisions left to test after this (roughly 11 steps) [6642d600b541b81931fb1ab0c041b0d68f77be7e] Merge tag '5.11-rc5-smb3' of git://git.samba.org/sfrench/cifs-2.6 testing commit 6642d600b541b81931fb1ab0c041b0d68f77be7e with gcc (GCC) 10.2.1 20210217 kernel signature: f44fc56c7923f490c276434cd49bc91ee25ed298acefd6d91a23ca639368323f all runs: OK # git bisect good 6642d600b541b81931fb1ab0c041b0d68f77be7e Bisecting: 1068 revisions left to test after this (roughly 10 steps) [ea92000d5430304b22f46d61508ea95b5342373c] Revert "net: Have netpoll bring-up DSA management interface" testing commit ea92000d5430304b22f46d61508ea95b5342373c with gcc (GCC) 10.2.1 20210217 kernel signature: 592ce074f61656ff12dcf292582f48cc8b5cefd856fbff830aa38cf278e0e6dd all runs: OK # git bisect good ea92000d5430304b22f46d61508ea95b5342373c Bisecting: 534 revisions left to test after this (roughly 9 steps) [7360a4de36a4826cc998ce5a89fbc9b5a2182758] net: phy: icplus: use PHY_ID_MATCH_EXACT() for IP101A/G testing commit 7360a4de36a4826cc998ce5a89fbc9b5a2182758 with gcc (GCC) 10.2.1 20210217 kernel signature: 4e60a51ab100e288dfc6753cfe521c4f92995f4e9b4b9af7aedc871ab7041682 all runs: OK # git bisect good 7360a4de36a4826cc998ce5a89fbc9b5a2182758 Bisecting: 300 revisions left to test after this (roughly 8 steps) [9d083348e938eb0330639ad08dcfe493a59a8a40] rtw88: 8822c: update RF_B (2/2) parameter tables to v60 testing commit 9d083348e938eb0330639ad08dcfe493a59a8a40 with gcc (GCC) 10.2.1 20210217 kernel signature: 0288ee0937adbcdce7f7a22051300b35dfd1f877735825e07b01a3da3b0e8d0f all runs: OK # git bisect good 9d083348e938eb0330639ad08dcfe493a59a8a40 Bisecting: 150 revisions left to test after this (roughly 7 steps) [4a8d0c999fede59b75045ea5ee40c8a6098a45b2] mac80211: minstrel_ht: show sampling rates in debugfs testing commit 4a8d0c999fede59b75045ea5ee40c8a6098a45b2 with gcc (GCC) 10.2.1 20210217 kernel signature: eaa09868c2f207f085e65ed47a58de572e113e608a7be46e656453ca7ade803d all runs: OK # git bisect good 4a8d0c999fede59b75045ea5ee40c8a6098a45b2 Bisecting: 74 revisions left to test after this (roughly 6 steps) [762d17b991608a6845704b500a5712900779c4b4] Merge branch 'tcp-mem-pressure-vs-SO_RCVLOWAT' testing commit 762d17b991608a6845704b500a5712900779c4b4 with gcc (GCC) 10.2.1 20210217 kernel signature: e3ff650cb2cebd8729ba42afb682f0e0540ed3d6d1e1aaee0861a3ac3f982d87 all runs: crashed: WARNING in dst_release # git bisect bad 762d17b991608a6845704b500a5712900779c4b4 Bisecting: 35 revisions left to test after this (roughly 5 steps) [21cc70c75be0d1a38da34095d1933a75ce784b1d] Merge tag 'mac80211-next-for-net-next-2021-02-12' of git://git.kernel.org/pub/scm/linux/kernel/git/jberg/mac80211-next testing commit 21cc70c75be0d1a38da34095d1933a75ce784b1d with gcc (GCC) 10.2.1 20210217 kernel signature: 1ef187db79c9e00e5e74db76b04aefcb1fb92c16ec5283ca008d7b9f3d8fb1b0 run #0: crashed: possible deadlock in __inet_bind run #1: crashed: WARNING in dst_release run #2: crashed: WARNING in dst_release run #3: crashed: WARNING in dst_release run #4: crashed: WARNING in dst_release run #5: crashed: WARNING in dst_release run #6: crashed: WARNING in dst_release run #7: crashed: WARNING in dst_release run #8: crashed: WARNING in dst_release run #9: crashed: WARNING in dst_release # git bisect bad 21cc70c75be0d1a38da34095d1933a75ce784b1d Bisecting: 19 revisions left to test after this (roughly 4 steps) [f384221a381751508f390b36d0e51bd5a7beb627] selftests: mptcp: fix ACKRX debug message testing commit f384221a381751508f390b36d0e51bd5a7beb627 with gcc (GCC) 10.2.1 20210217 kernel signature: 162295d4afb8b60ba20f974e9a13b1be66197e5ec2b071ba0d7fdbe3b78d6144 all runs: OK # git bisect good f384221a381751508f390b36d0e51bd5a7beb627 Bisecting: 9 revisions left to test after this (roughly 3 steps) [b911c97c7dc771633c68ea9b8f15070f8af3d323] mptcp: add netlink event support testing commit b911c97c7dc771633c68ea9b8f15070f8af3d323 with gcc (GCC) 10.2.1 20210217 kernel signature: f16c5a992f12c005a5ebe9cbc8d365913112bb3d225ee1a0a004ddf67f3fb1a2 all runs: crashed: WARNING in dst_release # git bisect bad b911c97c7dc771633c68ea9b8f15070f8af3d323 Bisecting: 4 revisions left to test after this (roughly 2 steps) [a141e02e393370e082b25636401c49978b61bfcf] mptcp: split __mptcp_close_ssk helper testing commit a141e02e393370e082b25636401c49978b61bfcf with gcc (GCC) 10.2.1 20210217 kernel signature: 64456a31e87e3bc84100d034dbf54e697bb6b43a4a29979c591187189cd2ddb4 all runs: OK # git bisect good a141e02e393370e082b25636401c49978b61bfcf Bisecting: 2 revisions left to test after this (roughly 1 step) [b263b0d7d60baecda3c840a0703bb6d511f7ae2d] mptcp: move subflow close loop after sk close check testing commit b263b0d7d60baecda3c840a0703bb6d511f7ae2d with gcc (GCC) 10.2.1 20210217 kernel signature: 69e299a4e3a7c242c7b4f650dee40af196b9bc1614818a45ad635d1980493e3a all runs: crashed: WARNING in dst_release # git bisect bad b263b0d7d60baecda3c840a0703bb6d511f7ae2d Bisecting: 0 revisions left to test after this (roughly 0 steps) [40947e13997a1cba4e875893ca6e5d5e61a0689d] mptcp: schedule worker when subflow is closed testing commit 40947e13997a1cba4e875893ca6e5d5e61a0689d with gcc (GCC) 10.2.1 20210217 kernel signature: 9870e1d46e1ce9ed0adf109886e109d0ba1d644c3df6c2518600bcf329dd8afa all runs: crashed: WARNING in dst_release # git bisect bad 40947e13997a1cba4e875893ca6e5d5e61a0689d 40947e13997a1cba4e875893ca6e5d5e61a0689d is the first bad commit commit 40947e13997a1cba4e875893ca6e5d5e61a0689d Author: Florian Westphal Date: Fri Feb 12 15:59:56 2021 -0800 mptcp: schedule worker when subflow is closed When remote side closes a subflow we should schedule the worker to dispose of the subflow in a timely manner. Otherwise, SF_CLOSED event won't be generated until the mptcp socket itself is closing or local side is closing another subflow. Signed-off-by: Florian Westphal Signed-off-by: Mat Martineau Signed-off-by: David S. Miller net/mptcp/protocol.c | 4 ++++ net/mptcp/subflow.c | 25 +++++++++++++++++++++++-- 2 files changed, 27 insertions(+), 2 deletions(-) culprit signature: 9870e1d46e1ce9ed0adf109886e109d0ba1d644c3df6c2518600bcf329dd8afa parent signature: 64456a31e87e3bc84100d034dbf54e697bb6b43a4a29979c591187189cd2ddb4 revisions tested: 16, total time: 3h42m6.098708021s (build: 1h48m39.950311621s, test: 1h48m2.03857739s) first bad commit: 40947e13997a1cba4e875893ca6e5d5e61a0689d mptcp: schedule worker when subflow is closed recipients (to): ["davem@davemloft.net" "fw@strlen.de" "mathew.j.martineau@linux.intel.com"] recipients (cc): [] crash: WARNING in dst_release ------------[ cut here ]------------ dst_release underflow WARNING: CPU: 0 PID: 12206 at net/core/dst.c:175 dst_release net/core/dst.c:175 [inline] WARNING: CPU: 0 PID: 12206 at net/core/dst.c:175 dst_release+0x84/0x90 net/core/dst.c:169 Modules linked in: CPU: 0 PID: 12206 Comm: syz-executor.2 Not tainted 5.11.0-rc7-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:dst_release net/core/dst.c:175 [inline] RIP: 0010:dst_release+0x84/0x90 net/core/dst.c:169 Code: 58 48 83 c4 08 48 c7 c6 90 74 65 86 41 5c e9 c3 0e f2 fa 48 c7 c7 80 04 77 89 89 4c 24 04 c6 05 45 1a bb 05 01 e8 2b 10 95 01 <0f> 0b 8b 4c 24 04 eb b4 0f 1f 40 00 48 c7 c0 28 4e 15 8a 41 56 48 RSP: 0018:ffffc90002107d50 EFLAGS: 00010286 RAX: 0000000000000000 RBX: 000000000000244e RCX: 0000000000000000 RDX: 0000000000000001 RSI: 0000000000000004 RDI: fffff52000420f9c RBP: ffff8880262669c0 R08: 0000000000000001 R09: ffff8880b9e2015b R10: ffffed10173c402b R11: 0000000000000001 R12: ffff88801bc0cc00 R13: 0000000000000000 R14: 0000000000000002 R15: 0000000000004e24 FS: 00007f4e0225b700(0000) GS:ffff8880b9e00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00000000005401f8 CR3: 000000001bb6d000 CR4: 00000000001506f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: sk_dst_set include/net/sock.h:1999 [inline] sk_dst_reset include/net/sock.h:2011 [inline] __inet_bind+0x566/0xa90 net/ipv4/af_inet.c:549 mptcp_bind+0xfb/0x1f0 net/mptcp/protocol.c:3139 __sys_bind+0x16b/0x1d0 net/socket.c:1635 __do_sys_bind net/socket.c:1646 [inline] __se_sys_bind net/socket.c:1644 [inline] __x64_sys_bind+0x6a/0xb0 net/socket.c:1644 do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x44/0xa9 RIP: 0033:0x465d99 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f4e0225b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000031 RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465d99 RDX: 0000000000000010 RSI: 0000000020000080 RDI: 0000000000000005 RBP: 00000000004bcf27 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 R13: 00007ffcda4325ef R14: 00007f4e0225b300 R15: 0000000000022000