bisecting cause commit starting from 0aea6d5c5be33ce94c16f9ab2f64de1f481f424b building syzkaller on 115e19300f73966554f176e2440fe79572a37c99 testing commit 0aea6d5c5be33ce94c16f9ab2f64de1f481f424b with gcc (GCC) 8.1.0 kernel signature: b35c3942f8710b6a6923c37addb2d49bdf5e9996ff615c0210dc7396f54f6907 all runs: crashed: WARNING in __nf_unregister_net_hook testing release v5.7 testing commit 3d77e6a8804abcc0504c904bd6e5cdf3a5cf8162 with gcc (GCC) 8.1.0 kernel signature: efcfa016de00cf24a3bf85d04b6ef81632503b4abc5cc7a32b03bcc79c9b3900 all runs: crashed: WARNING in __nf_unregister_net_hook testing release v5.6 testing commit 7111951b8d4973bda27ff663f2cf18b663d15b48 with gcc (GCC) 8.1.0 kernel signature: b2f9b578d09b2697e755adaa15bfc962819adc49578a9d650e4a831ff4109fda all runs: crashed: WARNING in __nf_unregister_net_hook testing release v5.5 testing commit d5226fa6dbae0569ee43ecfc08bdcd6770fc4755 with gcc (GCC) 8.1.0 kernel signature: 8a0089f3a8c1e0a3379feed3fd48de236a32ba7554427dc511355172b4004573 all runs: crashed: WARNING in __nf_unregister_net_hook testing release v5.4 testing commit 219d54332a09e8d8741c1e1982f5eae56099de85 with gcc (GCC) 8.1.0 kernel signature: be3ded0c4b4cbdd32cdb4e4c755fbc5edfd08b9dadc04229ef01363b40eb2df4 all runs: crashed: WARNING in __nf_unregister_net_hook testing release v5.3 testing commit 4d856f72c10ecb060868ed10ff1b1453943fc6c8 with gcc (GCC) 8.1.0 kernel signature: 85fc46ec8d13a975d4c917a2ef82648d2bfc6646733cc2c612a61e0e2e5472d3 all runs: crashed: WARNING in __nf_unregister_net_hook testing release v5.2 testing commit 0ecfebd2b52404ae0c54a878c872bb93363ada36 with gcc (GCC) 8.1.0 kernel signature: 17b628b8bc50a9983e61fa0ed93caaad2584f72fd270b2d6fbfff9f1bf6b6ced run #0: basic kernel testing failed: failed to copy test binary to VM: failed to run ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "-i" "/syzkaller/jobs/linux/workdir/image/key" "/syzkaller/jobs/linux/workdir/repro.prog" "root@10.128.0.184:./repro.prog"]: exit status 1 Warning: Permanently added '10.128.0.184' (ECDSA) to the list of known hosts. /syzkaller/jobs/linux/workdir/repro.prog: Broken pipe run #1: crashed: WARNING in __nf_unregister_net_hook run #2: crashed: WARNING in __nf_unregister_net_hook run #3: crashed: WARNING in __nf_unregister_net_hook run #4: crashed: WARNING in __nf_unregister_net_hook run #5: crashed: WARNING in __nf_unregister_net_hook run #6: crashed: WARNING in __nf_unregister_net_hook run #7: crashed: WARNING in __nf_unregister_net_hook run #8: crashed: WARNING in __nf_unregister_net_hook run #9: crashed: WARNING in __nf_unregister_net_hook testing release v5.1 testing commit e93c9c99a629c61837d5a7fc2120cd2b6c70dbdd with gcc (GCC) 8.1.0 kernel signature: 700bd084168bb6f1946191ec9ccb043aa5802eb98eed9738a843cf943691d447 all runs: crashed: WARNING in __nf_unregister_net_hook testing release v5.0 testing commit 1c163f4c7b3f621efff9b28a47abb36f7378d783 with gcc (GCC) 8.1.0 kernel signature: b7ff1dbc457bee8f265ba459190b9e2a9a7e32aa3f278799e46d71722fa9eaf7 all runs: OK # git bisect start e93c9c99a629c61837d5a7fc2120cd2b6c70dbdd 1c163f4c7b3f621efff9b28a47abb36f7378d783 Bisecting: 7074 revisions left to test after this (roughly 13 steps) [b5dd0c658c31b469ccff1b637e5124851e7a4a1c] Merge branch 'akpm' (patches from Andrew) testing commit b5dd0c658c31b469ccff1b637e5124851e7a4a1c with gcc (GCC) 8.1.0 kernel signature: 4de0a44f0ecfdf60018b8949fedf87274053ad643ce4e6ae67282d55a65a5d65 all runs: crashed: WARNING in __nf_unregister_net_hook # git bisect bad b5dd0c658c31b469ccff1b637e5124851e7a4a1c Bisecting: 3569 revisions left to test after this (roughly 12 steps) [3478588b5136966c80c571cf0006f08e9e5b8f04] Merge branch 'locking-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip testing commit 3478588b5136966c80c571cf0006f08e9e5b8f04 with gcc (GCC) 8.1.0 kernel signature: a093b1503e44717d5f16ffba6bd464ac093a0bb6163a387db38dd899c532173c all runs: crashed: WARNING in __nf_unregister_net_hook # git bisect bad 3478588b5136966c80c571cf0006f08e9e5b8f04 Bisecting: 1673 revisions left to test after this (roughly 11 steps) [1a2566085650be593d464c4d73ac2d20ff67c058] Merge tag 'wireless-drivers-next-for-davem-2019-02-22' of git://git.kernel.org/pub/scm/linux/kernel/git/kvalo/wireless-drivers-next testing commit 1a2566085650be593d464c4d73ac2d20ff67c058 with gcc (GCC) 8.1.0 kernel signature: 8bd1f4aea26a43eb6c28b5ffa903fc50ab34e669c0e0b9f1c2ea32d6181d6602 all runs: OK # git bisect good 1a2566085650be593d464c4d73ac2d20ff67c058 Bisecting: 1091 revisions left to test after this (roughly 10 steps) [18a4d8bf250a33c015955f0dec27259780ef6448] Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net testing commit 18a4d8bf250a33c015955f0dec27259780ef6448 with gcc (GCC) 8.1.0 kernel signature: e83feb57f165942e86fa4e2684cb3c8eb9148ad47444292b26e4314e70b3a906 all runs: crashed: WARNING in __nf_unregister_net_hook # git bisect bad 18a4d8bf250a33c015955f0dec27259780ef6448 Bisecting: 290 revisions left to test after this (roughly 8 steps) [844f01da9301a71fbed1e768837f4a1a6aa60529] mlxsw: spectrum_acl: Put vchunk migrate start/end code into separate functions testing commit 844f01da9301a71fbed1e768837f4a1a6aa60529 with gcc (GCC) 8.1.0 kernel signature: 1e6cd5589fc23403fde9be7357ba516edd368bee9cad1e56c2f07b1319b36395 all runs: OK # git bisect good 844f01da9301a71fbed1e768837f4a1a6aa60529 Bisecting: 146 revisions left to test after this (roughly 7 steps) [4e7df119d9a621262f22cacf8ae5ca5060183bea] Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next testing commit 4e7df119d9a621262f22cacf8ae5ca5060183bea with gcc (GCC) 8.1.0 kernel signature: f1a0bff384a53fce25eb45eba17526ce965b4c14e0a406f1ab4cc68809c6c60e all runs: crashed: WARNING in __nf_unregister_net_hook # git bisect bad 4e7df119d9a621262f22cacf8ae5ca5060183bea Bisecting: 79 revisions left to test after this (roughly 6 steps) [501faf710230b67e470b314868110357cf3a554d] Merge ath-next from git://git.kernel.org/pub/scm/linux/kernel/git/kvalo/ath.git testing commit 501faf710230b67e470b314868110357cf3a554d with gcc (GCC) 8.1.0 kernel signature: f3e834941ee84582daaf7219809dc53803b7514ca16df23bb09a08466cc42be3 all runs: OK # git bisect good 501faf710230b67e470b314868110357cf3a554d Bisecting: 45 revisions left to test after this (roughly 5 steps) [9eb359140cd307f8a14f61c19b155ffca5291057] Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net testing commit 9eb359140cd307f8a14f61c19b155ffca5291057 with gcc (GCC) 8.1.0 kernel signature: 34e6afeb71153396042aa799ced15bf4753e401e78706fb4902c3de2e95170ce all runs: OK # git bisect good 9eb359140cd307f8a14f61c19b155ffca5291057 Bisecting: 22 revisions left to test after this (roughly 5 steps) [cd6428988bf4fcc41d1deb7dae0e92e62c075c57] netfilter: bridge: Don't sabotage nf_hook calls for an l3mdev slave testing commit cd6428988bf4fcc41d1deb7dae0e92e62c075c57 with gcc (GCC) 8.1.0 kernel signature: 905e6a1dab26ffc7fac4ad29ae7edf8aba9bee8dc6b516047b08eccb8066a640 all runs: OK # git bisect good cd6428988bf4fcc41d1deb7dae0e92e62c075c57 Bisecting: 11 revisions left to test after this (roughly 4 steps) [7d19261bc0eb35080231f109687d119b183abab8] dt-bindings: net: btusb: add QCA6174A IDs testing commit 7d19261bc0eb35080231f109687d119b183abab8 with gcc (GCC) 8.1.0 kernel signature: ca342dea757a5ecc4f5ced07880ef94d650d389057dbd1cab577aa89c51f891c all runs: OK # git bisect good 7d19261bc0eb35080231f109687d119b183abab8 Bisecting: 5 revisions left to test after this (roughly 3 steps) [db8ab38880e06dedbfc879e75f5b0ddc495f4eb6] netfilter: nf_tables: merge ipv4 and ipv6 nat chain types testing commit db8ab38880e06dedbfc879e75f5b0ddc495f4eb6 with gcc (GCC) 8.1.0 kernel signature: b07ea7d1d3cd6bb4088632b0a4d157005d84aff1052d4f1475bb8cd43a61f4e3 all runs: crashed: WARNING in __nf_unregister_net_hook # git bisect bad db8ab38880e06dedbfc879e75f5b0ddc495f4eb6 Bisecting: 2 revisions left to test after this (roughly 2 steps) [20fdaf6e1e313b4efa48243d5250526eb43ea70d] netfilter: xt_IDLETIMER: fix sysfs callback function type testing commit 20fdaf6e1e313b4efa48243d5250526eb43ea70d with gcc (GCC) 8.1.0 kernel signature: 3a5376f7ac3c4eeb80c52d9e6c5a2e6de4c0ecd3defca29b7c8a5d67c6ba8956 all runs: OK # git bisect good 20fdaf6e1e313b4efa48243d5250526eb43ea70d Bisecting: 0 revisions left to test after this (roughly 1 step) [a9ce849e786787af4b7dffd48d49b97b04671f8c] netfilter: nf_tables: nat: merge nft_masq protocol specific modules testing commit a9ce849e786787af4b7dffd48d49b97b04671f8c with gcc (GCC) 8.1.0 kernel signature: b791aab6cfb972e24a918d00a06e0e424ed5b1d60b2d267e7ec79fcf0cbcf0c2 all runs: OK # git bisect good a9ce849e786787af4b7dffd48d49b97b04671f8c db8ab38880e06dedbfc879e75f5b0ddc495f4eb6 is the first bad commit commit db8ab38880e06dedbfc879e75f5b0ddc495f4eb6 Author: Florian Westphal Date: Thu Feb 28 12:02:52 2019 +0100 netfilter: nf_tables: merge ipv4 and ipv6 nat chain types Merge the ipv4 and ipv6 nat chain type. This is the last missing piece which allows to provide inet family support for nat in a follow patch. The kconfig knobs for ipv4/ipv6 nat chain are removed, the nat chain type will be built unconditionally if NFT_NAT expression is enabled. Before: text data bss dec hex filename 1576 896 0 2472 9a8 nft_chain_nat_ipv4.ko 1697 896 0 2593 a21 nft_chain_nat_ipv6.ko After: text data bss dec hex filename 1832 896 0 2728 aa8 nft_chain_nat.ko Signed-off-by: Florian Westphal Signed-off-by: Pablo Neira Ayuso net/ipv4/netfilter/Kconfig | 13 ---- net/ipv4/netfilter/Makefile | 1 - net/ipv4/netfilter/nft_chain_nat_ipv4.c | 85 ------------------------- net/ipv6/netfilter/Kconfig | 11 ---- net/ipv6/netfilter/Makefile | 1 - net/ipv6/netfilter/nft_chain_nat_ipv6.c | 83 ------------------------ net/netfilter/Kconfig | 1 + net/netfilter/Makefile | 2 + net/netfilter/nft_chain_nat.c | 108 ++++++++++++++++++++++++++++++++ 9 files changed, 111 insertions(+), 194 deletions(-) delete mode 100644 net/ipv4/netfilter/nft_chain_nat_ipv4.c delete mode 100644 net/ipv6/netfilter/nft_chain_nat_ipv6.c create mode 100644 net/netfilter/nft_chain_nat.c culprit signature: b07ea7d1d3cd6bb4088632b0a4d157005d84aff1052d4f1475bb8cd43a61f4e3 parent signature: b791aab6cfb972e24a918d00a06e0e424ed5b1d60b2d267e7ec79fcf0cbcf0c2 revisions tested: 22, total time: 4h28m26.843265537s (build: 2h12m53.490297936s, test: 2h11m42.243049926s) first bad commit: db8ab38880e06dedbfc879e75f5b0ddc495f4eb6 netfilter: nf_tables: merge ipv4 and ipv6 nat chain types cc: ["coreteam@netfilter.org" "davem@davemloft.net" "fw@strlen.de" "kadlec@blackhole.kfki.hu" "kuznet@ms2.inr.ac.ru" "linux-kernel@vger.kernel.org" "netdev@vger.kernel.org" "netfilter-devel@vger.kernel.org" "pablo@netfilter.org" "yoshfuji@linux-ipv6.org"] crash: WARNING in __nf_unregister_net_hook batman_adv: batadv0: Interface activated: batadv_slave_1 IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready ------------[ cut here ]------------ hook not found, pf 2 num 0 WARNING: CPU: 0 PID: 8023 at net/netfilter/core.c:412 __nf_unregister_net_hook+0x1c2/0x490 net/netfilter/core.c:412 Kernel panic - not syncing: panic_on_warn set ... CPU: 0 PID: 8023 Comm: syz-executor.0 Not tainted 5.0.0-rc7-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x165/0x21a lib/dump_stack.c:113 panic+0x212/0x40b kernel/panic.c:214 __warn.cold.7+0x1b/0x38 kernel/panic.c:571 report_bug+0x1a4/0x200 lib/bug.c:186 fixup_bug arch/x86/kernel/traps.c:178 [inline] do_error_trap+0x11b/0x200 arch/x86/kernel/traps.c:271 do_invalid_op+0x36/0x40 arch/x86/kernel/traps.c:290 invalid_op+0x14/0x20 arch/x86/entry/entry_64.S:973 RIP: 0010:__nf_unregister_net_hook+0x1c2/0x490 net/netfilter/core.c:412 Code: 83 e2 07 83 c2 03 40 38 f2 7c 09 40 84 f6 0f 85 c9 02 00 00 8b 53 1c 44 89 ee 48 c7 c7 60 8b e3 87 48 89 45 c8 e8 01 b6 a3 fb <0f> 0b 48 8b 45 c8 eb 79 40 38 f2 7c 09 40 84 f6 0f 85 88 02 00 00 RSP: 0018:ffff88808ec47378 EFLAGS: 00010282 RAX: 0000000000000000 RBX: ffff88808e58e500 RCX: 1ffff11011d68dc1 RDX: 1ffffffff10e44ae RSI: ffff88808eb46de8 RDI: 0000000000000286 RBP: ffff88808ec473c8 R08: ffff88808eb46e08 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000006 R13: 0000000000000002 R14: ffff88808e58e51c R15: ffff88809dbc9498 nf_unregister_net_hook+0x41/0x70 net/netfilter/core.c:430 nft_table_disable+0x98/0x1a0 net/netfilter/nf_tables_api.c:742 nf_tables_table_disable net/netfilter/nf_tables_api.c:772 [inline] nf_tables_commit+0x2b7d/0x4ac0 net/netfilter/nf_tables_api.c:6579 nfnetlink_rcv_batch+0xb61/0x14a0 net/netfilter/nfnetlink.c:482 nfnetlink_rcv_skb_batch net/netfilter/nfnetlink.c:540 [inline] nfnetlink_rcv+0x2e8/0x3b0 net/netfilter/nfnetlink.c:558 netlink_unicast_kernel net/netlink/af_netlink.c:1310 [inline] netlink_unicast+0x43d/0x650 net/netlink/af_netlink.c:1336 netlink_sendmsg+0x666/0xc50 net/netlink/af_netlink.c:1925 sock_sendmsg_nosec net/socket.c:621 [inline] sock_sendmsg+0xac/0xf0 net/socket.c:631 ___sys_sendmsg+0x647/0x950 net/socket.c:2136 __sys_sendmsg+0xd9/0x180 net/socket.c:2174 __do_sys_sendmsg net/socket.c:2183 [inline] __se_sys_sendmsg net/socket.c:2181 [inline] __x64_sys_sendmsg+0x73/0xb0 net/socket.c:2181 do_syscall_64+0xd0/0x4d0 arch/x86/entry/common.c:290 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x45cba9 Code: 8d b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 5b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007f5a0a986c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 0000000000500f40 RCX: 000000000045cba9 RDX: 0000000000000000 RSI: 000000002000c2c0 RDI: 0000000000000003 RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff R13: 00000000000009c9 R14: 00000000004cca06 R15: 00007f5a0a9876d4 Kernel Offset: disabled Rebooting in 86400 seconds..