bisecting fixing commit since 12cd844a39ed16aa183a820a54fe6f9a0bb4cd14 building syzkaller on 97bc55cead011ec5d60af8c3696ee2724b78fea5 testing commit 12cd844a39ed16aa183a820a54fe6f9a0bb4cd14 with gcc (GCC) 8.1.0 kernel signature: c2a0e5779c0d9b1ad56441312d4e08a314d6c2f0d884b8b04bfb880bea4c10e7 all runs: crashed: WARNING: suspicious RCU usage in tcp_md5_do_lookup testing current HEAD ab9dfda232481dcfaf549ce774004d116fc80c13 testing commit ab9dfda232481dcfaf549ce774004d116fc80c13 with gcc (GCC) 8.1.0 kernel signature: 780eb02d2225f955c6c15576c21bb2bfa3c5bc66a03311ca7936913fa099f0ec all runs: crashed: WARNING: suspicious RCU usage in tcp_md5_do_lookup revisions tested: 2, total time: 41m33.124894717s (build: 19m4.223594522s, test: 20m34.286285384s) the crash still happens on HEAD commit msg: Linux 4.14.180 crash: WARNING: suspicious RCU usage in tcp_md5_do_lookup batman_adv: batadv0: Interface activated: batadv_slave_1 IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready device lo entered promiscuous mode ============================= WARNING: suspicious RCU usage 4.14.180-syzkaller #0 Not tainted ----------------------------- net/ipv4/tcp_ipv4.c:919 suspicious rcu_dereference_check() usage! other info that might help us debug this: rcu_scheduler_active = 2, debug_locks = 1 4 locks held by kworker/u4:8/26824: #0: ("%s""netns"){+.+.}, at: [] work_static include/linux/workqueue.h:199 [inline] #0: ("%s""netns"){+.+.}, at: [] set_work_data kernel/workqueue.c:619 [inline] #0: ("%s""netns"){+.+.}, at: [] set_work_pool_and_clear_pending kernel/workqueue.c:646 [inline] #0: ("%s""netns"){+.+.}, at: [] process_one_work+0x6cd/0x16c0 kernel/workqueue.c:2087 #1: (net_cleanup_work){+.+.}, at: [] process_one_work+0x703/0x16c0 kernel/workqueue.c:2091 #2: (net_mutex){+.+.}, at: [] cleanup_net+0x132/0x7f0 net/core/net_namespace.c:450 #3: (rtnl_mutex){+.+.}, at: [] rtnl_lock+0x12/0x20 net/core/rtnetlink.c:72 stack backtrace: CPU: 0 PID: 26824 Comm: kworker/u4:8 Not tainted 4.14.180-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: netns cleanup_net Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0xf7/0x13b lib/dump_stack.c:58 lockdep_rcu_suspicious+0x14a/0x153 kernel/locking/lockdep.c:4669 tcp_md5_do_lookup+0x39d/0x5f0 net/ipv4/tcp_ipv4.c:918 tcp_v4_md5_lookup+0xe/0x10 net/ipv4/tcp_ipv4.c:982 tcp_established_options+0x8f/0x3f0 net/ipv4/tcp_output.c:688 __tcp_transmit_skb+0x26a/0x34a0 net/ipv4/tcp_output.c:1030 tcp_transmit_skb net/ipv4/tcp_output.c:1147 [inline] tcp_send_active_reset+0x3fc/0x5c0 net/ipv4/tcp_output.c:3151 tcp_disconnect+0xf43/0x18f0 net/ipv4/tcp.c:2339 rds_tcp_conn_paths_destroy net/rds/tcp.c:515 [inline] rds_tcp_kill_sock net/rds/tcp.c:544 [inline] rds_tcp_dev_event+0x738/0xd00 net/rds/tcp.c:573 notifier_call_chain+0xd6/0x150 kernel/notifier.c:93 __raw_notifier_call_chain kernel/notifier.c:394 [inline] raw_notifier_call_chain+0x11/0x20 kernel/notifier.c:401 call_netdevice_notifiers_info+0x4b/0x60 net/core/dev.c:1671 call_netdevice_notifiers net/core/dev.c:1687 [inline] netdev_run_todo+0x201/0x6d0 net/core/dev.c:7921 rtnl_unlock+0x9/0x10 net/core/rtnetlink.c:106 default_device_exit_batch+0x2e1/0x3b0 net/core/dev.c:8741 ops_exit_list.isra.7+0xd3/0x120 net/core/net_namespace.c:145 cleanup_net+0x39d/0x7f0 net/core/net_namespace.c:484 process_one_work+0x79e/0x16c0 kernel/workqueue.c:2116 worker_thread+0xcc/0xee0 kernel/workqueue.c:2250 kthread+0x338/0x400 kernel/kthread.c:232 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:404 ============================= WARNING: suspicious RCU usage 4.14.180-syzkaller #0 Not tainted ----------------------------- include/net/sock.h:1798 suspicious rcu_dereference_protected() usage! other info that might help us debug this: rcu_scheduler_active = 2, debug_locks = 1 4 locks held by kworker/u4:8/26824: #0: ("%s""netns"){+.+.}, at: [] work_static include/linux/workqueue.h:199 [inline] #0: ("%s""netns"){+.+.}, at: [] set_work_data kernel/workqueue.c:619 [inline] #0: ("%s""netns"){+.+.}, at: [] set_work_pool_and_clear_pending kernel/workqueue.c:646 [inline] #0: ("%s""netns"){+.+.}, at: [] process_one_work+0x6cd/0x16c0 kernel/workqueue.c:2087 #1: (net_cleanup_work){+.+.}, at: [] process_one_work+0x703/0x16c0 kernel/workqueue.c:2091 #2: (net_mutex){+.+.}, at: [] cleanup_net+0x132/0x7f0 net/core/net_namespace.c:450 #3: (rtnl_mutex){+.+.}, at: [] rtnl_lock+0x12/0x20 net/core/rtnetlink.c:72 stack backtrace: CPU: 0 PID: 26824 Comm: kworker/u4:8 Not tainted 4.14.180-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: netns cleanup_net Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0xf7/0x13b lib/dump_stack.c:58 lockdep_rcu_suspicious+0x14a/0x153 kernel/locking/lockdep.c:4669 __sk_dst_set include/net/sock.h:1797 [inline] __sk_dst_reset include/net/sock.h:1817 [inline] tcp_disconnect+0x1209/0x18f0 net/ipv4/tcp.c:2378 rds_tcp_conn_paths_destroy net/rds/tcp.c:515 [inline] rds_tcp_kill_sock net/rds/tcp.c:544 [inline] rds_tcp_dev_event+0x738/0xd00 net/rds/tcp.c:573 notifier_call_chain+0xd6/0x150 kernel/notifier.c:93 __raw_notifier_call_chain kernel/notifier.c:394 [inline] raw_notifier_call_chain+0x11/0x20 kernel/notifier.c:401 call_netdevice_notifiers_info+0x4b/0x60 net/core/dev.c:1671 call_netdevice_notifiers net/core/dev.c:1687 [inline] netdev_run_todo+0x201/0x6d0 net/core/dev.c:7921 rtnl_unlock+0x9/0x10 net/core/rtnetlink.c:106 default_device_exit_batch+0x2e1/0x3b0 net/core/dev.c:8741 ops_exit_list.isra.7+0xd3/0x120 net/core/net_namespace.c:145 cleanup_net+0x39d/0x7f0 net/core/net_namespace.c:484 process_one_work+0x79e/0x16c0 kernel/workqueue.c:2116 worker_thread+0xcc/0xee0 kernel/workqueue.c:2250 kthread+0x338/0x400 kernel/kthread.c:232 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:404 device lo entered promiscuous mode batman_adv: batadv0: Interface deactivated: batadv_slave_0 batman_adv: batadv0: Removing interface: batadv_slave_0 batman_adv: batadv0: Interface deactivated: batadv_slave_1 batman_adv: batadv0: Removing interface: batadv_slave_1 device bridge_slave_1 left promiscuous mode bridge0: port 2(bridge_slave_1) entered disabled state device bridge_slave_0 left promiscuous mode bridge0: port 1(bridge_slave_0) entered disabled state batman_adv: batadv0: Interface deactivated: batadv_slave_0 batman_adv: batadv0: Removing interface: batadv_slave_0 batman_adv: batadv0: Interface deactivated: batadv_slave_1 batman_adv: batadv0: Removing interface: batadv_slave_1 device bridge_slave_1 left promiscuous mode bridge0: port 2(bridge_slave_1) entered disabled state device bridge_slave_0 left promiscuous mode bridge0: port 1(bridge_slave_0) entered disabled state batman_adv: batadv0: Interface deactivated: batadv_slave_0 batman_adv: batadv0: Removing interface: batadv_slave_0 batman_adv: batadv0: Interface deactivated: batadv_slave_1 batman_adv: batadv0: Removing interface: batadv_slave_1 device bridge_slave_1 left promiscuous mode bridge0: port 2(bridge_slave_1) entered disabled state device bridge_slave_0 left promiscuous mode bridge0: port 1(bridge_slave_0) entered disabled state batman_adv: batadv0: Interface deactivated: batadv_slave_0 batman_adv: batadv0: Removing interface: batadv_slave_0 batman_adv: batadv0: Interface deactivated: batadv_slave_1 batman_adv: batadv0: Removing interface: batadv_slave_1 device bridge_slave_1 left promiscuous mode bridge0: port 2(bridge_slave_1) entered disabled state device bridge_slave_0 left promiscuous mode bridge0: port 1(bridge_slave_0) entered disabled state device veth1_macvtap left promiscuous mode device veth0_macvtap left promiscuous mode device veth1_vlan left promiscuous mode device veth0_vlan left promiscuous mode device veth1_macvtap left promiscuous mode device veth0_macvtap left promiscuous mode device veth1_vlan left promiscuous mode device veth0_vlan left promiscuous mode device veth1_macvtap left promiscuous mode device veth0_macvtap left promiscuous mode device veth1_vlan left promiscuous mode device veth0_vlan left promiscuous mode device veth1_macvtap left promiscuous mode device veth0_macvtap left promiscuous mode device veth1_vlan left promiscuous mode device veth0_vlan left promiscuous mode device hsr_slave_1 left promiscuous mode device hsr_slave_0 left promiscuous mode team0 (unregistering): Port device team_slave_1 removed team0 (unregistering): Port device team_slave_0 removed bond0 (unregistering): Releasing backup interface bond_slave_1 bond0 (unregistering): Releasing backup interface bond_slave_0 bond0 (unregistering): Released all slaves device hsr_slave_1 left promiscuous mode device hsr_slave_0 left promiscuous mode team0 (unregistering): Port device team_slave_1 removed team0 (unregistering): Port device team_slave_0 removed bond0 (unregistering): Releasing backup interface bond_slave_1 bond0 (unregistering): Releasing backup interface bond_slave_0 bond0 (unregistering): Released all slaves device hsr_slave_1 left promiscuous mode device hsr_slave_0 left promiscuous mode team0 (unregistering): Port device team_slave_1 removed team0 (unregistering): Port device team_slave_0 removed bond0 (unregistering): Releasing backup interface bond_slave_1 bond0 (unregistering): Releasing backup interface bond_slave_0 bond0 (unregistering): Released all slaves device hsr_slave_1 left promiscuous mode device hsr_slave_0 left promiscuous mode team0 (unregistering): Port device team_slave_1 removed team0 (unregistering): Port device team_slave_0 removed bond0 (unregistering): Releasing backup interface bond_slave_1 bond0 (unregistering): Releasing backup interface bond_slave_0 bond0 (unregistering): Released all slaves