bisecting cause commit starting from 0644f186fc9d77bb5bd198369e59fb28927a3692
building syzkaller on 73417389cebae4a6ddceb2e8684101f347cc3695
testing commit 0644f186fc9d77bb5bd198369e59fb28927a3692 with gcc (GCC) 8.1.0
kernel signature: b968f9c884aa717572e4c033cacff8818004eb1a
all runs: crashed: WARNING in tcp_enter_loss
testing release v4.16
testing commit 0adb32858b0bddf4ada5f364a84ed60b196dbcda with gcc (GCC) 8.1.0
kernel signature: 40096f3ecda56fcd100ba9a9849960af3ac8bb35
all runs: crashed: WARNING in tcp_enter_loss
testing release v4.15
testing commit d8a5b80568a9cb66810e75b182018e9edb68e8ff with gcc (GCC) 8.1.0
kernel signature: 7ab0b8bdabeca5df075caa4bb2f88c8eeb83de9f
all runs: crashed: WARNING in tcp_enter_loss
testing release v4.14
testing commit bebc6082da0a9f5d47a1ea2edc099bf671058bd4 with gcc (GCC) 8.1.0
kernel signature: 3ea57b97a3ef98cf08e8b5518c3a67b65a403b4e
run #0: crashed: WARNING in tcp_enter_loss
run #1: crashed: WARNING in tcp_enter_loss
run #2: crashed: WARNING in tcp_enter_loss
run #3: crashed: WARNING in corrupted
run #4: crashed: WARNING in tcp_enter_loss
run #5: crashed: WARNING in tcp_enter_loss
run #6: crashed: WARNING in tcp_enter_loss
run #7: crashed: WARNING in tcp_enter_loss
run #8: crashed: WARNING in tcp_enter_loss
run #9: crashed: WARNING in tcp_enter_loss
testing release v4.13
testing commit 569dbb88e80deb68974ef6fdd6a13edb9d686261 with gcc (GCC) 8.1.0
kernel signature: 519de5a4188fa98e90d5280723518eb275b21bdd
run #0: crashed: WARNING in tcp_enter_loss
run #1: crashed: WARNING in tcp_enter_loss
run #2: crashed: WARNING in tcp_enter_loss
run #3: crashed: WARNING in corrupted
run #4: crashed: WARNING in tcp_enter_loss
run #5: crashed: WARNING in tcp_enter_loss
run #6: crashed: WARNING in tcp_enter_loss
run #7: crashed: WARNING in tcp_enter_loss
run #8: crashed: WARNING in tcp_enter_loss
run #9: crashed: WARNING in corrupted
testing release v4.12
testing commit 6f7da290413ba713f0cdd9ff1a2a9bb129ef4f6c with gcc (GCC) 8.1.0
kernel signature: 240ec589c1890a805a8213ee7344eb2aa2fe07c0
all runs: crashed: WARNING in tcp_enter_loss
testing release v4.11
testing commit a351e9b9fc24e982ec2f0e76379a49826036da12 with gcc (GCC) 7.3.0
kernel signature: b0dd6232bcc46d37fb378fe239c753e6d6ca20f0
run #0: crashed: WARNING in tcp_enter_loss
run #1: crashed: WARNING in tcp_enter_loss
run #2: crashed: WARNING in tcp_enter_loss
run #3: crashed: WARNING in tcp_enter_loss
run #4: crashed: WARNING in corrupted
run #5: crashed: WARNING in tcp_enter_loss
run #6: crashed: WARNING in tcp_enter_loss
run #7: crashed: WARNING in corrupted
run #8: crashed: WARNING in tcp_enter_loss
run #9: crashed: WARNING in tcp_enter_loss
testing release v4.10
testing commit c470abd4fde40ea6a0846a2beab642a578c0b8cd with gcc (GCC) 5.5.0
kernel signature: e4eae0dbd69e8ca71c39ceaacfa56b3e0fe71ac3
all runs: OK
# git bisect start a351e9b9fc24e982ec2f0e76379a49826036da12 c470abd4fde40ea6a0846a2beab642a578c0b8cd
Bisecting: 7088 revisions left to test after this (roughly 13 steps)
[1ec5c1867af085897bb9e0f67bef3713334dbe7f] Merge tag 'gpio-v4.11-1' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-gpio
testing commit 1ec5c1867af085897bb9e0f67bef3713334dbe7f with gcc (GCC) 5.5.0
kernel signature: 364f7cb562d13ac1c96a93e939ffcbfbaf4ddebd
run #0: boot failed: create image operation failed: &{Code:QUOTA_EXCEEDED Location: Message:Quota 'CPUS' exceeded.  Limit: 500.0 in region us-central1. ForceSendFields:[] NullFields:[]}.
run #1: boot failed: WARNING in __hrtimer_init
run #2: boot failed: WARNING in __hrtimer_init
run #3: boot failed: WARNING in __hrtimer_init
run #4: boot failed: WARNING in __hrtimer_init
run #5: boot failed: WARNING in __hrtimer_init
run #6: boot failed: WARNING in __hrtimer_init
run #7: boot failed: WARNING in __hrtimer_init
run #8: boot failed: WARNING in __hrtimer_init
run #9: boot failed: WARNING in __hrtimer_init
# git bisect skip 1ec5c1867af085897bb9e0f67bef3713334dbe7f
Bisecting: 7088 revisions left to test after this (roughly 13 steps)
[a9d2d53a788a9c5bc8a7d1b4ea7857b68e221357] ixgbe: test for trust in macvlan adjustments for VF
testing commit a9d2d53a788a9c5bc8a7d1b4ea7857b68e221357 with gcc (GCC) 5.5.0
kernel signature: d67ef2cbd5b56e41def8c94906935daa54f4b2eb
all runs: OK
# git bisect good a9d2d53a788a9c5bc8a7d1b4ea7857b68e221357
Bisecting: 6730 revisions left to test after this (roughly 13 steps)
[28cbc335d272f293c4368abd4ac2e17e36805b79] Merge tag 'sound-4.11-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound
testing commit 28cbc335d272f293c4368abd4ac2e17e36805b79 with gcc (GCC) 5.5.0
kernel signature: 05f3394cc98ac3c60346f051ae97f17ce75c85aa
all runs: boot failed: WARNING in __hrtimer_init
# git bisect skip 28cbc335d272f293c4368abd4ac2e17e36805b79
Bisecting: 6730 revisions left to test after this (roughly 13 steps)
[09624645e1e85df8d68b04de6e0607d696268333] scsi: aacraid: Save adapter fib log before an IOP reset
testing commit 09624645e1e85df8d68b04de6e0607d696268333 with gcc (GCC) 5.5.0
kernel signature: 3aa196272472458bc72be879c548323753ab1f31
all runs: boot failed: WARNING in __hrtimer_init
# git bisect skip 09624645e1e85df8d68b04de6e0607d696268333
Bisecting: 6730 revisions left to test after this (roughly 13 steps)
[557c44be917c322860665be3d28376afa84aa936] net: ipv6: RTF_PCPU should not be settable from userspace
testing commit 557c44be917c322860665be3d28376afa84aa936 with gcc (GCC) 5.5.0
kernel signature: 8bb8196066e80f688e177e869fd186f1eab38e60
all runs: boot failed: divide error in irq_create_affinity_masks
# git bisect skip 557c44be917c322860665be3d28376afa84aa936
Bisecting: 6730 revisions left to test after this (roughly 13 steps)
[6228b8f2d15bc9a9b76d6b209a8b760a642fa996] userfaultfd: non-cooperative: selftest: introduce userfaultfd_open
testing commit 6228b8f2d15bc9a9b76d6b209a8b760a642fa996 with gcc (GCC) 5.5.0
kernel signature: ddb742c9a540f5a4528e7b400fd111cb17f5760d
all runs: boot failed: WARNING in __hrtimer_init
# git bisect skip 6228b8f2d15bc9a9b76d6b209a8b760a642fa996
Bisecting: 6730 revisions left to test after this (roughly 13 steps)
[1ad38fd719da87980480886f21130053c73007ac] ath10k: fix typo in addr calculation
testing commit 1ad38fd719da87980480886f21130053c73007ac with gcc (GCC) 5.5.0
kernel signature: 0bd61cae0ac41c96050e9e361edbf6c7eff6358c
all runs: OK
# git bisect good 1ad38fd719da87980480886f21130053c73007ac
Bisecting: 6730 revisions left to test after this (roughly 13 steps)
[b2d5bfea2d00a0000da18f7667c2b0e2c2f168d9] sched/headers, timers: Remove the <linux/sysctl.h> include from <linux/timer.h>
testing commit b2d5bfea2d00a0000da18f7667c2b0e2c2f168d9 with gcc (GCC) 5.5.0
kernel signature: 5a3cf116247ab71276155d15f2367b06dc56292f
run #0: crashed: WARNING in tcp_enter_loss
run #1: crashed: WARNING in tcp_enter_loss
run #2: crashed: WARNING in corrupted
run #3: crashed: WARNING in tcp_enter_loss
run #4: crashed: WARNING in tcp_enter_loss
run #5: crashed: WARNING in tcp_enter_loss
run #6: crashed: WARNING in tcp_enter_loss
run #7: crashed: WARNING in tcp_enter_loss
run #8: crashed: WARNING in tcp_enter_loss
run #9: crashed: WARNING in corrupted
# git bisect bad b2d5bfea2d00a0000da18f7667c2b0e2c2f168d9
Bisecting: 5334 revisions left to test after this (roughly 12 steps)
[caa59428971d5ad81d19512365c9ba580d83268c] Merge tag 'staging-4.11-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging
testing commit caa59428971d5ad81d19512365c9ba580d83268c with gcc (GCC) 5.5.0
kernel signature: 27edaf018443669a83c4049e1bb0ef9aa1f1a4ae
all runs: boot failed: WARNING in __hrtimer_init
# git bisect skip caa59428971d5ad81d19512365c9ba580d83268c
Bisecting: 5334 revisions left to test after this (roughly 12 steps)
[6d1dd93ea0d0f0fb61b5450a2668896028ce3f75] Merge tag 'pstore-v4.11-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux
testing commit 6d1dd93ea0d0f0fb61b5450a2668896028ce3f75 with gcc (GCC) 5.5.0
kernel signature: bea5025c0ceba1019d0839d6e7fd431eeb6a4c64
all runs: boot failed: WARNING in __hrtimer_init
# git bisect skip 6d1dd93ea0d0f0fb61b5450a2668896028ce3f75
Bisecting: 5334 revisions left to test after this (roughly 12 steps)
[5c4412e0728063583ec971323f8256e8005a32b6] rt2x00: rt2800lib: add support for RT3352 with 20MHz crystal
testing commit 5c4412e0728063583ec971323f8256e8005a32b6 with gcc (GCC) 5.5.0
kernel signature: 3ea4ab3261690e67a27b11c308b3d1254dc79462
all runs: OK
# git bisect good 5c4412e0728063583ec971323f8256e8005a32b6
Bisecting: 5334 revisions left to test after this (roughly 12 steps)
[0dd12d54c4252e5a51f3b9f7b622b3b7a5b95293] net: dsa: mv88e6xxx: Add mdio private structure
testing commit 0dd12d54c4252e5a51f3b9f7b622b3b7a5b95293 with gcc (GCC) 5.5.0
kernel signature: 615b05e1b1be8828217b19ddfefff334e737d2d9
run #0: crashed: WARNING in tcp_enter_loss
run #1: crashed: WARNING in tcp_enter_loss
run #2: crashed: WARNING in tcp_enter_loss
run #3: crashed: WARNING in tcp_enter_loss
run #4: crashed: WARNING in tcp_enter_loss
run #5: crashed: WARNING in corrupted
run #6: crashed: WARNING in tcp_enter_loss
run #7: crashed: WARNING in tcp_enter_loss
run #8: crashed: WARNING in tcp_enter_loss
run #9: crashed: WARNING in corrupted
# git bisect bad 0dd12d54c4252e5a51f3b9f7b622b3b7a5b95293
Bisecting: 154 revisions left to test after this (roughly 7 steps)
[96fe11f27b70f6b64f62a2d13ed209aa02e02a48] cxgb4: Implement ndo_get_phys_port_id for mgmt dev
testing commit 96fe11f27b70f6b64f62a2d13ed209aa02e02a48 with gcc (GCC) 5.5.0
kernel signature: 39332ec15a00f152aebd67e073d1489bd2fb2142
all runs: crashed: WARNING in tcp_enter_loss
# git bisect bad 96fe11f27b70f6b64f62a2d13ed209aa02e02a48
Bisecting: 84 revisions left to test after this (roughly 6 steps)
[ca4b5eb88aa0da96ede750d8b894e7079612aa65] cxgb4: Remove redundant memset before memcpy
testing commit ca4b5eb88aa0da96ede750d8b894e7079612aa65 with gcc (GCC) 5.5.0
kernel signature: 5d45b41a38a24a6c1358ff16ed62b7e3cc18f85e
all runs: crashed: WARNING in tcp_enter_loss
# git bisect bad ca4b5eb88aa0da96ede750d8b894e7079612aa65
Bisecting: 34 revisions left to test after this (roughly 5 steps)
[4d7b9dc1f36a99423a6171d393040165fb135530] tools: psock_lib: harden socket filter used by psock tests
testing commit 4d7b9dc1f36a99423a6171d393040165fb135530 with gcc (GCC) 5.5.0
kernel signature: 22867329da017e7a489a2e74beb3ea833bb0dbd9
all runs: OK
# git bisect good 4d7b9dc1f36a99423a6171d393040165fb135530
Bisecting: 16 revisions left to test after this (roughly 4 steps)
[1d0833df594390876647c54c2c88069d29059665] tcp: use sequence to break TS ties for RACK loss detection
testing commit 1d0833df594390876647c54c2c88069d29059665 with gcc (GCC) 5.5.0
kernel signature: 6c19453e4b55a53cc57d2e5dfa8a409e070a68d9
all runs: OK
# git bisect good 1d0833df594390876647c54c2c88069d29059665
Bisecting: 7 revisions left to test after this (roughly 3 steps)
[718e14bb292a2e16b506133d191886110417df51] Merge branch 'tcp-RACK-fast-recovery'
testing commit 718e14bb292a2e16b506133d191886110417df51 with gcc (GCC) 5.5.0
kernel signature: 05df4f0f9f85a935d9df2f261b1726cf928a64f9
run #0: boot failed: create image operation failed: &{Code:QUOTA_EXCEEDED Location: Message:Quota 'CPUS' exceeded.  Limit: 500.0 in region us-central1. ForceSendFields:[] NullFields:[]}.
run #1: crashed: WARNING in tcp_enter_loss
run #2: crashed: WARNING in tcp_enter_loss
run #3: crashed: WARNING in tcp_enter_loss
run #4: crashed: WARNING in tcp_enter_loss
run #5: crashed: WARNING in tcp_enter_loss
run #6: crashed: WARNING in tcp_enter_loss
run #7: crashed: WARNING in tcp_enter_loss
run #8: crashed: WARNING in tcp_enter_loss
run #9: crashed: WARNING in tcp_enter_loss
# git bisect bad 718e14bb292a2e16b506133d191886110417df51
Bisecting: 4 revisions left to test after this (roughly 2 steps)
[840a3cbe89694fad75578856976f180e852e69aa] tcp: remove forward retransmit feature
testing commit 840a3cbe89694fad75578856976f180e852e69aa with gcc (GCC) 5.5.0
kernel signature: 1c5ef5b5ee74b3412bfa485deb58b23bb9811e40
all runs: crashed: WARNING in tcp_enter_loss
# git bisect bad 840a3cbe89694fad75578856976f180e852e69aa
Bisecting: 1 revision left to test after this (roughly 1 step)
[a0370b3f3f2cfb8b424b04c0545414abaa53f5ee] tcp: enable RACK loss detection to trigger recovery
testing commit a0370b3f3f2cfb8b424b04c0545414abaa53f5ee with gcc (GCC) 5.5.0
kernel signature: 6a5b36e8daeab59493df6d5e10366484f7c186a1
run #0: crashed: WARNING in tcp_enter_loss
run #1: crashed: WARNING in tcp_enter_loss
run #2: crashed: WARNING in corrupted
run #3: crashed: WARNING in tcp_enter_loss
run #4: crashed: WARNING in tcp_enter_loss
run #5: crashed: WARNING in tcp_enter_loss
run #6: crashed: WARNING in tcp_enter_loss
run #7: crashed: WARNING in tcp_enter_loss
run #8: crashed: WARNING in tcp_enter_loss
run #9: crashed: WARNING in corrupted
# git bisect bad a0370b3f3f2cfb8b424b04c0545414abaa53f5ee
Bisecting: 0 revisions left to test after this (roughly 0 steps)
[98e36d449cc681f1bb2ce2230243f7f977a7da1b] tcp: check undo conditions before detecting losses
testing commit 98e36d449cc681f1bb2ce2230243f7f977a7da1b with gcc (GCC) 5.5.0
kernel signature: 0d75d1ea44d4036631faeb0d5d84f78b739c8bda
all runs: OK
# git bisect good 98e36d449cc681f1bb2ce2230243f7f977a7da1b
a0370b3f3f2cfb8b424b04c0545414abaa53f5ee is the first bad commit
commit a0370b3f3f2cfb8b424b04c0545414abaa53f5ee
Author: Yuchung Cheng <ycheng@google.com>
Date:   Thu Jan 12 22:11:36 2017 -0800

    tcp: enable RACK loss detection to trigger recovery
    
    This patch changes two things:
    
    1. Start fast recovery with RACK in addition to other heuristics
       (e.g., DUPACK threshold, FACK). Prior to this change RACK
       is enabled to detect losses only after the recovery has
       started by other algorithms.
    
    2. Disable TCP early retransmit. RACK subsumes the early retransmit
       with the new reordering timer feature. A latter patch in this
       series removes the early retransmit code.
    
    Signed-off-by: Yuchung Cheng <ycheng@google.com>
    Signed-off-by: Neal Cardwell <ncardwell@google.com>
    Acked-by: Eric Dumazet <edumazet@google.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>

 include/net/tcp.h       | 11 ++++-------
 net/ipv4/tcp_input.c    | 29 +++++++++++++++++++++--------
 net/ipv4/tcp_recovery.c | 16 ++++++++++------
 3 files changed, 35 insertions(+), 21 deletions(-)
kernel signature:   6a5b36e8daeab59493df6d5e10366484f7c186a1
previous signature: 0d75d1ea44d4036631faeb0d5d84f78b739c8bda
revisions tested: 28, total time: 5h22m31.545503764s (build: 1h45m4.667781215s, test: 3h30m5.20259926s)
first bad commit: a0370b3f3f2cfb8b424b04c0545414abaa53f5ee tcp: enable RACK loss detection to trigger recovery
cc: ["davem@davemloft.net" "edumazet@google.com" "ncardwell@google.com" "ycheng@google.com"]
crash: WARNING in corrupted
8021q: adding VLAN 0 to HW filter on device team0
IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
8021q: adding VLAN 0 to HW filter on device team0
8021q: adding VLAN 0 to HW filter on device team0
------------[ cut here ]------------
WARNING: CPU: 1 PID: 6027 at net/ipv4/tcp_input.c:1990 tcp_enter_loss+0xcb8/0x1170 net/ipv4/tcp_input.c:1990
Kernel panic - not syncing: panic_on_warn set ...

CPU: 1 PID: 6027 Comm: syz-executor4 Not tainted 4.10.0-rc3-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:15 [inline]
 dump_stack+0xe6/0x120 lib/dump_stack.c:51
 panic+0x1b6/0x358 kernel/panic.c:179
------------[ cut here ]------------
WARNING: CPU: 0 PID: 6034 at net/ipv4/tcp_input.c:1990 tcp_enter_loss+0xcb8/0x1170 net/ipv4/tcp_input.c:1990
Modules linked in:
 __warn+0x18d/0x1b0 kernel/panic.c:539
 warn_slowpath_null+0x18/0x20 kernel/panic.c:582
 tcp_enter_loss+0xcb8/0x1170 net/ipv4/tcp_input.c:1990
 tcp_retransmit_timer+0xaeb/0x2120 net/ipv4/tcp_timer.c:489
 tcp_write_timer_handler+0x391/0x6d0 net/ipv4/tcp_timer.c:577
 tcp_release_cb+0x17f/0x230 net/ipv4/tcp_output.c:827
 release_sock+0xa7/0x180 net/core/sock.c:2543
 do_tcp_setsockopt.isra.35+0x3f1/0x1a20 net/ipv4/tcp.c:2685
 tcp_setsockopt+0x7e/0xd0 net/ipv4/tcp.c:2697
 sock_common_setsockopt+0x73/0xf0 net/core/sock.c:2723
 SYSC_setsockopt net/socket.c:1786 [inline]
 SyS_setsockopt+0x130/0x1f0 net/socket.c:1765
 entry_SYSCALL_64_fastpath+0x23/0xc6
RIP: 0033:0x4554d9
RSP: 002b:00007f3c9dedcc68 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
RAX: ffffffffffffffda RBX: 00007f3c9dedd6d4 RCX: 00000000004554d9
RDX: 0000000000000016 RSI: 0000000000000006 RDI: 0000000000000003
RBP: 0000000000000086 R08: 000000002000023b R09: 0000000000000000
R10: 0000000020000040 R11: 0000000000000246 R12: 00000000ffffffff
R13: 00000000000006d8 R14: 00000000006fd4e0 R15: 0000000000000000
CPU: 0 PID: 6034 Comm: syz-executor Not tainted 4.10.0-rc3-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:15 [inline]
 dump_stack+0xe6/0x120 lib/dump_stack.c:51
 __warn+0x16d/0x1b0 kernel/panic.c:547
 warn_slowpath_null+0x18/0x20 kernel/panic.c:582
 tcp_enter_loss+0xcb8/0x1170 net/ipv4/tcp_input.c:1990
 tcp_retransmit_timer+0xaeb/0x2120 net/ipv4/tcp_timer.c:489
 tcp_write_timer_handler+0x391/0x6d0 net/ipv4/tcp_timer.c:577
 tcp_release_cb+0x17f/0x230 net/ipv4/tcp_output.c:827
 release_sock+0xa7/0x180 net/core/sock.c:2543
 do_tcp_setsockopt.isra.35+0x3f1/0x1a20 net/ipv4/tcp.c:2685
 tcp_setsockopt+0x7e/0xd0 net/ipv4/tcp.c:2697
 sock_common_setsockopt+0x73/0xf0 net/core/sock.c:2723
 SYSC_setsockopt net/socket.c:1786 [inline]
 SyS_setsockopt+0x130/0x1f0 net/socket.c:1765
 entry_SYSCALL_64_fastpath+0x23/0xc6
RIP: 0033:0x4554d9
RSP: 002b:00007f593eda7c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
RAX: ffffffffffffffda RBX: 00007f593eda86d4 RCX: 00000000004554d9
RDX: 0000000000000016 RSI: 0000000000000006 RDI: 0000000000000003
RBP: 0000000000000086 R08: 000000002000023b R09: 0000000000000000
R10: 0000000020000040 R11: 0000000000000246 R12: 00000000ffffffff
R13: 000000000000062b R14: 00000000006fc4a8 R15: 0000000000000000
Kernel Offset: disabled