bisecting cause commit starting from 95aafe911db602d19b00d2a88c3d54a84119f5dc building syzkaller on 77e2b66864e69c17416614228723a1ebd3581ddc testing commit 95aafe911db602d19b00d2a88c3d54a84119f5dc with gcc (GCC) 10.2.1 20210217 kernel signature: 8e77dabc82d930edf15078341d93c512698f7632f212c08981df35cdb97413e9 all runs: crashed: BUG: sleeping function called from invalid context in __ipv6_dev_mc_dec testing release v5.11 testing commit f40ddce88593482919761f74910f42f4b84c004b with gcc (GCC) 10.2.1 20210217 kernel signature: 293e6579f0d65cbda46b2d20e15f30555f6e4ea292502f9356c74a1affb84b2f all runs: OK # git bisect start 95aafe911db602d19b00d2a88c3d54a84119f5dc f40ddce88593482919761f74910f42f4b84c004b Bisecting: 8290 revisions left to test after this (roughly 13 steps) [28b9aaac4cc5a11485b6f70656e4e9ead590cf5b] Merge tag 'clk-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/clk/linux testing commit 28b9aaac4cc5a11485b6f70656e4e9ead590cf5b with gcc (GCC) 10.2.1 20210217 kernel signature: 76b7fae0f16ee27ccdd9680b23acd2235c2fc0f3f41640e1b3a95635059f2151 run #0: boot failed: WARNING in kvm_wait run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect good 28b9aaac4cc5a11485b6f70656e4e9ead590cf5b Bisecting: 4145 revisions left to test after this (roughly 12 steps) [e16cf9d754b93b0cb715ebb981e57cae200c19c9] net/mlx5e: Dump ICOSQ WQE descriptor on CQE with error events testing commit e16cf9d754b93b0cb715ebb981e57cae200c19c9 with gcc (GCC) 10.2.1 20210217 kernel signature: 76d99cb0a88423248d6301ec6b783435bdddda348013bef9de40182d6915ce68 run #0: boot failed: WARNING in kvm_wait run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect good e16cf9d754b93b0cb715ebb981e57cae200c19c9 Bisecting: 2072 revisions left to test after this (roughly 11 steps) [2daae89666ad253281bb3d6a027c00a702c02eff] bpf, cgroup: Delete repeated struct bpf_prog declaration testing commit 2daae89666ad253281bb3d6a027c00a702c02eff with gcc (GCC) 10.2.1 20210217 kernel signature: a571b8e2c2a59940c967849387b381466bc37866327365a9f931e49b3524281e all runs: crashed: WARNING: suspicious RCU usage in __ipv6_dev_mc_dec # git bisect bad 2daae89666ad253281bb3d6a027c00a702c02eff Bisecting: 1122 revisions left to test after this (roughly 10 steps) [002322402dafd846c424ffa9240a937f49b48c42] Merge branch 'akpm' (patches from Andrew) testing commit 002322402dafd846c424ffa9240a937f49b48c42 with gcc (GCC) 10.2.1 20210217 kernel signature: 354f7d8b7d366abca0e450a8e149481e1ed162c2b2cb58e2c91c138fdcaa1b4a all runs: OK # git bisect good 002322402dafd846c424ffa9240a937f49b48c42 Bisecting: 561 revisions left to test after this (roughly 9 steps) [861584724c44e63bfb684090c70ade660dae6c69] selftests: mlxsw: Test unresolved neigh trap with resilient nexthop groups testing commit 861584724c44e63bfb684090c70ade660dae6c69 with gcc (GCC) 10.2.1 20210217 kernel signature: 7aa58f021913ab3cf79f4d2554f122c6d9c0aed872a848cada9520078ff36447 run #0: boot failed: WARNING in kvm_wait run #1: boot failed: WARNING in kvm_wait run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect good 861584724c44e63bfb684090c70ade660dae6c69 Bisecting: 280 revisions left to test after this (roughly 8 steps) [d0922bf7981799fd86e248de330fb4152399d6c2] hv_netvsc: Add error handling while switching data path testing commit d0922bf7981799fd86e248de330fb4152399d6c2 with gcc (GCC) 10.2.1 20210217 kernel signature: 13b5ddc19c8492d3b8a3da805f2adc81ee316e55d8cecef71312a9ab6cef90f9 all runs: basic kernel testing failed: unregister_netdevice: waiting for DEV to become free # git bisect skip d0922bf7981799fd86e248de330fb4152399d6c2 Bisecting: 280 revisions left to test after this (roughly 8 steps) [132f2d45fb2302a582aef617ea766f3fa52a084c] can: c_can: add support to 64 message objects testing commit 132f2d45fb2302a582aef617ea766f3fa52a084c with gcc (GCC) 10.2.1 20210217 kernel signature: 41dc3003fcb309db35ffa9eefa6e38b9a8be2909b4f7fbb609635de735b4e70f run #0: crashed: WARNING: suspicious RCU usage in __ipv6_dev_mc_dec run #1: crashed: WARNING: suspicious RCU usage in __ipv6_dev_mc_dec run #2: crashed: WARNING: suspicious RCU usage in __ipv6_dev_mc_dec run #3: basic kernel testing failed: unregister_netdevice: waiting for DEV to become free run #4: basic kernel testing failed: unregister_netdevice: waiting for DEV to become free run #5: basic kernel testing failed: unregister_netdevice: waiting for DEV to become free run #6: basic kernel testing failed: unregister_netdevice: waiting for DEV to become free run #7: basic kernel testing failed: unregister_netdevice: waiting for DEV to become free run #8: basic kernel testing failed: unregister_netdevice: waiting for DEV to become free run #9: basic kernel testing failed: unregister_netdevice: waiting for DEV to become free # git bisect bad 132f2d45fb2302a582aef617ea766f3fa52a084c Bisecting: 159 revisions left to test after this (roughly 7 steps) [6e2751433490465ad9d82ea751149586ed9d637b] Merge branch 'ethtool-kdoc-touchups' testing commit 6e2751433490465ad9d82ea751149586ed9d637b with gcc (GCC) 10.2.1 20210217 kernel signature: 5be5278bfa08c2e7d55214a80599ddd219f554c5e21b3cfaa6e736e05cffac63 all runs: OK # git bisect good 6e2751433490465ad9d82ea751149586ed9d637b Bisecting: 79 revisions left to test after this (roughly 6 steps) [a2ee6fd28a190588e142ad8ea9d40069cd3c9f98] net: hns3: remediate a potential overflow risk of bd_num_list testing commit a2ee6fd28a190588e142ad8ea9d40069cd3c9f98 with gcc (GCC) 10.2.1 20210217 kernel signature: b2d8fdd5eb8a1977c42d116d7b93d0f6c9dfb1f17e698339721716a1284db5ca all runs: crashed: WARNING: suspicious RCU usage in __ipv6_dev_mc_dec # git bisect bad a2ee6fd28a190588e142ad8ea9d40069cd3c9f98 Bisecting: 39 revisions left to test after this (roughly 5 steps) [53b61f29367df398243b7298ad1e5793c289a493] selftests: forwarding: Add tc-police tests for packets per second testing commit 53b61f29367df398243b7298ad1e5793c289a493 with gcc (GCC) 10.2.1 20210217 kernel signature: e5eaf8028f32693f2646fa95a97111651c8e622fbf9caad4e6afeaf85b9e216c all runs: crashed: WARNING: suspicious RCU usage in __ipv6_dev_mc_dec # git bisect bad 53b61f29367df398243b7298ad1e5793c289a493 Bisecting: 19 revisions left to test after this (roughly 4 steps) [8406d38fde5c3a2d3182b30f9a3b457aa79949e4] af_x25.c: Fix a spello testing commit 8406d38fde5c3a2d3182b30f9a3b457aa79949e4 with gcc (GCC) 10.2.1 20210217 kernel signature: e5eaf8028f32693f2646fa95a97111651c8e622fbf9caad4e6afeaf85b9e216c all runs: crashed: WARNING: suspicious RCU usage in __ipv6_dev_mc_dec # git bisect bad 8406d38fde5c3a2d3182b30f9a3b457aa79949e4 Bisecting: 9 revisions left to test after this (roughly 3 steps) [b11bfb9a19f9d790eea10cbd338b6b7f086c6dca] net: axienet: Enable more clocks testing commit b11bfb9a19f9d790eea10cbd338b6b7f086c6dca with gcc (GCC) 10.2.1 20210217 kernel signature: b62871110cdc7981c05e728cd1ba90c64773f0260d50c6db3f125f50c3a1b089 all runs: crashed: WARNING: suspicious RCU usage in __ipv6_dev_mc_dec # git bisect bad b11bfb9a19f9d790eea10cbd338b6b7f086c6dca Bisecting: 4 revisions left to test after this (roughly 2 steps) [88e2ca3080947fe22eb520c1f8231e79a105d011] mld: convert ifmcaddr6 to RCU testing commit 88e2ca3080947fe22eb520c1f8231e79a105d011 with gcc (GCC) 10.2.1 20210217 kernel signature: 78f55e1e1d617ae509d216ad44b0cd871bf0a9f164455b06630e98e1a1e9b5b9 all runs: OK # git bisect good 88e2ca3080947fe22eb520c1f8231e79a105d011 Bisecting: 1 revision left to test after this (roughly 1 step) [32bc7a2cca4d748e434702378ec1c728a2387e04] Merge branch 'mld-sleepable' testing commit 32bc7a2cca4d748e434702378ec1c728a2387e04 with gcc (GCC) 10.2.1 20210217 kernel signature: b62871110cdc7981c05e728cd1ba90c64773f0260d50c6db3f125f50c3a1b089 all runs: crashed: WARNING: suspicious RCU usage in __ipv6_dev_mc_dec # git bisect bad 32bc7a2cca4d748e434702378ec1c728a2387e04 Bisecting: 0 revisions left to test after this (roughly 1 step) [63ed8de4be81b699ca727e9f8e3344bd487806d7] mld: add mc_lock for protecting per-interface mld data testing commit 63ed8de4be81b699ca727e9f8e3344bd487806d7 with gcc (GCC) 10.2.1 20210217 kernel signature: b62871110cdc7981c05e728cd1ba90c64773f0260d50c6db3f125f50c3a1b089 all runs: crashed: WARNING: suspicious RCU usage in __ipv6_dev_mc_dec # git bisect bad 63ed8de4be81b699ca727e9f8e3344bd487806d7 Bisecting: 0 revisions left to test after this (roughly 0 steps) [f185de28d9ae6c978135993769352e523ee8df06] mld: add new workqueues for process mld events testing commit f185de28d9ae6c978135993769352e523ee8df06 with gcc (GCC) 10.2.1 20210217 kernel signature: 3f0435687b21c4204b4f045f12a8aeb179ddb8bcb2e48e7e36a0c3be7cb6db7f all runs: crashed: WARNING: suspicious RCU usage in igmp6_group_dropped # git bisect bad f185de28d9ae6c978135993769352e523ee8df06 f185de28d9ae6c978135993769352e523ee8df06 is the first bad commit commit f185de28d9ae6c978135993769352e523ee8df06 Author: Taehee Yoo Date: Thu Mar 25 16:16:56 2021 +0000 mld: add new workqueues for process mld events When query/report packets are received, mld module processes them. But they are processed under BH context so it couldn't use sleepable functions. So, in order to switch context, the two workqueues are added which processes query and report event. In the struct inet6_dev, mc_{query | report}_queue are added so it is per-interface queue. And mc_{query | report}_work are workqueue structure. When the query or report event is received, skb is queued to proper queue and worker function is scheduled immediately. Workqueues and queues are protected by spinlock, which is mc_{query | report}_lock, and worker functions are protected by RTNL. Suggested-by: Cong Wang Signed-off-by: Taehee Yoo Signed-off-by: David S. Miller include/net/if_inet6.h | 9 +- include/net/mld.h | 3 + net/ipv6/icmp.c | 4 +- net/ipv6/mcast.c | 280 ++++++++++++++++++++++++++++++++++--------------- 4 files changed, 210 insertions(+), 86 deletions(-) culprit signature: 3f0435687b21c4204b4f045f12a8aeb179ddb8bcb2e48e7e36a0c3be7cb6db7f parent signature: 78f55e1e1d617ae509d216ad44b0cd871bf0a9f164455b06630e98e1a1e9b5b9 revisions tested: 18, total time: 4h7m24.921501452s (build: 2h2m46.30896173s, test: 2h2m10.304073118s) first bad commit: f185de28d9ae6c978135993769352e523ee8df06 mld: add new workqueues for process mld events recipients (to): ["ap420073@gmail.com" "davem@davemloft.net" "davem@davemloft.net" "dsahern@kernel.org" "kuba@kernel.org" "netdev@vger.kernel.org" "yoshfuji@linux-ipv6.org"] recipients (cc): ["linux-kernel@vger.kernel.org"] crash: WARNING: suspicious RCU usage in igmp6_group_dropped ============================= WARNING: suspicious RCU usage 5.12.0-rc4-syzkaller #0 Not tainted ----------------------------- kernel/sched/core.c:8294 Illegal context switch in RCU-bh read-side critical section! other info that might help us debug this: rcu_scheduler_active = 2, debug_locks = 1 2 locks held by syz-executor.4/10630: #0: ffffffff8bfb7248 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:72 [inline] #0: ffffffff8bfb7248 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x2e4/0x860 net/core/rtnetlink.c:5550 #1: ffffffff8a96aea0 (rcu_read_lock_bh){....}-{1:2}, at: addrconf_verify_rtnl+0x1b/0xcf0 net/ipv6/addrconf.c:4459 stack backtrace: CPU: 1 PID: 10630 Comm: syz-executor.4 Not tainted 5.12.0-rc4-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:79 [inline] dump_stack+0xa5/0xe6 lib/dump_stack.c:120 ___might_sleep+0x229/0x2c0 kernel/sched/core.c:8294 might_alloc include/linux/sched/mm.h:197 [inline] slab_pre_alloc_hook mm/slab.h:497 [inline] slab_alloc_node mm/slub.c:2826 [inline] slab_alloc mm/slub.c:2915 [inline] kmem_cache_alloc_trace+0x263/0x2a0 mm/slub.c:2932 kmalloc include/linux/slab.h:554 [inline] kzalloc include/linux/slab.h:684 [inline] mld_add_delrec net/ipv6/mcast.c:725 [inline] igmp6_leave_group net/ipv6/mcast.c:2570 [inline] igmp6_group_dropped+0x3f9/0xcf0 net/ipv6/mcast.c:706 __ipv6_dev_mc_dec+0x19b/0x270 net/ipv6/mcast.c:953 addrconf_leave_solict net/ipv6/addrconf.c:2182 [inline] addrconf_leave_solict net/ipv6/addrconf.c:2174 [inline] __ipv6_ifa_notify+0x4de/0x910 net/ipv6/addrconf.c:6077 ipv6_ifa_notify net/ipv6/addrconf.c:6100 [inline] ipv6_del_addr+0x39d/0x8f0 net/ipv6/addrconf.c:1294 addrconf_verify_rtnl+0x8c8/0xcf0 net/ipv6/addrconf.c:4488 inet6_addr_modify net/ipv6/addrconf.c:4789 [inline] inet6_rtm_newaddr+0xda9/0x18c0 net/ipv6/addrconf.c:4876 rtnetlink_rcv_msg+0x32f/0x860 net/core/rtnetlink.c:5553 netlink_rcv_skb+0x118/0x370 net/netlink/af_netlink.c:2502 netlink_unicast_kernel net/netlink/af_netlink.c:1312 [inline] netlink_unicast+0x42e/0x700 net/netlink/af_netlink.c:1338 netlink_sendmsg+0x70e/0xbe0 net/netlink/af_netlink.c:1927 sock_sendmsg_nosec net/socket.c:654 [inline] sock_sendmsg+0xab/0xe0 net/socket.c:674 ____sys_sendmsg+0x5bf/0x7a0 net/socket.c:2350 ___sys_sendmsg+0xd3/0x150 net/socket.c:2404 __sys_sendmsg+0xb2/0x140 net/socket.c:2433 do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x4665f9 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f12c8b7f188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 000000000056c158 RCX: 00000000004665f9 RDX: 0000000000000000 RSI: 00000000200001c0 RDI: 0000000000000007 RBP: 00000000004bfce1 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056c158 R13: 00007fff20f320af R14: 00007f12c8b7f300 R15: 0000000000022000 BUG: sleeping function called from invalid context at include/linux/sched/mm.h:197 in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 10630, name: syz-executor.4 2 locks held by syz-executor.4/10630: #0: ffffffff8bfb7248 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:72 [inline] #0: ffffffff8bfb7248 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x2e4/0x860 net/core/rtnetlink.c:5550 #1: ffffffff8a96aea0 (rcu_read_lock_bh){....}-{1:2}, at: addrconf_verify_rtnl+0x1b/0xcf0 net/ipv6/addrconf.c:4459 Preemption disabled at: [] local_bh_disable include/linux/bottom_half.h:19 [inline] [] rcu_read_lock_bh include/linux/rcupdate.h:727 [inline] [] addrconf_verify_rtnl+0x2c/0xcf0 net/ipv6/addrconf.c:4461 CPU: 1 PID: 10630 Comm: syz-executor.4 Not tainted 5.12.0-rc4-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:79 [inline] dump_stack+0xa5/0xe6 lib/dump_stack.c:120 ___might_sleep.cold+0x1f1/0x237 kernel/sched/core.c:8328 might_alloc include/linux/sched/mm.h:197 [inline] slab_pre_alloc_hook mm/slab.h:497 [inline] slab_alloc_node mm/slub.c:2826 [inline] slab_alloc mm/slub.c:2915 [inline] kmem_cache_alloc_trace+0x263/0x2a0 mm/slub.c:2932 kmalloc include/linux/slab.h:554 [inline] kzalloc include/linux/slab.h:684 [inline] mld_add_delrec net/ipv6/mcast.c:725 [inline] igmp6_leave_group net/ipv6/mcast.c:2570 [inline] igmp6_group_dropped+0x3f9/0xcf0 net/ipv6/mcast.c:706 __ipv6_dev_mc_dec+0x19b/0x270 net/ipv6/mcast.c:953 addrconf_leave_solict net/ipv6/addrconf.c:2182 [inline] addrconf_leave_solict net/ipv6/addrconf.c:2174 [inline] __ipv6_ifa_notify+0x4de/0x910 net/ipv6/addrconf.c:6077 ipv6_ifa_notify net/ipv6/addrconf.c:6100 [inline] ipv6_del_addr+0x39d/0x8f0 net/ipv6/addrconf.c:1294 addrconf_verify_rtnl+0x8c8/0xcf0 net/ipv6/addrconf.c:4488 inet6_addr_modify net/ipv6/addrconf.c:4789 [inline] inet6_rtm_newaddr+0xda9/0x18c0 net/ipv6/addrconf.c:4876 rtnetlink_rcv_msg+0x32f/0x860 net/core/rtnetlink.c:5553 netlink_rcv_skb+0x118/0x370 net/netlink/af_netlink.c:2502 netlink_unicast_kernel net/netlink/af_netlink.c:1312 [inline] netlink_unicast+0x42e/0x700 net/netlink/af_netlink.c:1338 netlink_sendmsg+0x70e/0xbe0 net/netlink/af_netlink.c:1927 sock_sendmsg_nosec net/socket.c:654 [inline] sock_sendmsg+0xab/0xe0 net/socket.c:674 ____sys_sendmsg+0x5bf/0x7a0 net/socket.c:2350 ___sys_sendmsg+0xd3/0x150 net/socket.c:2404 __sys_sendmsg+0xb2/0x140 net/socket.c:2433 do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x4665f9 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f12c8b7f188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 000000000056c158 RCX: 00000000004665f9 RDX: 0000000000000000 RSI: 00000000200001c0 RDI: 0000000000000007 RBP: 00000000004bfce1 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056c158 R13: 00007fff20f320af R14: 00007f12c8b7f300 R15: 0000000000022000