bisecting cause commit starting from f5ae2ea6347a308cfe91f53b53682ce635497d0d
building syzkaller on 3de7aabbb79a6c2267f5d7ee8a8aaa83f63305b7
testing commit f5ae2ea6347a308cfe91f53b53682ce635497d0d with gcc (GCC) 8.1.0
kernel signature: d731afe5e42fd8b04e4a1afedea360593f964275
all runs: crashed: general protection fault in nft_chain_parse_hook
testing release v5.4
testing commit 219d54332a09e8d8741c1e1982f5eae56099de85 with gcc (GCC) 8.1.0
kernel signature: 3a740a62aaf946731390739afbf497069a2989de
all runs: crashed: general protection fault in nft_chain_parse_hook
testing release v5.3
testing commit 4d856f72c10ecb060868ed10ff1b1453943fc6c8 with gcc (GCC) 8.1.0
kernel signature: 08f68a4e615488978edec36c0782b69803713297
all runs: crashed: general protection fault in nft_chain_parse_hook
testing release v5.2
testing commit 0ecfebd2b52404ae0c54a878c872bb93363ada36 with gcc (GCC) 8.1.0
kernel signature: a588ae4784e029b259007eac7b7855d7acff702f
all runs: crashed: general protection fault in nft_chain_parse_hook
testing release v5.1
testing commit e93c9c99a629c61837d5a7fc2120cd2b6c70dbdd with gcc (GCC) 8.1.0
kernel signature: 143aa674a570cca8a8a1ce096d0d6839eb987ec7
all runs: crashed: general protection fault in nft_chain_parse_hook
testing release v5.0
testing commit 1c163f4c7b3f621efff9b28a47abb36f7378d783 with gcc (GCC) 8.1.0
kernel signature: 6fddf85075bcf01519eac7068f8b9e8a4bf2babc
run #0: crashed: general protection fault in corrupted
run #1: crashed: general protection fault in nft_chain_parse_hook
run #2: crashed: general protection fault in nft_chain_parse_hook
run #3: crashed: general protection fault in nft_chain_parse_hook
run #4: crashed: general protection fault in nft_chain_parse_hook
run #5: crashed: general protection fault in nft_chain_parse_hook
run #6: crashed: general protection fault in nft_chain_parse_hook
run #7: crashed: general protection fault in nft_chain_parse_hook
run #8: crashed: general protection fault in nft_chain_parse_hook
run #9: crashed: general protection fault in nft_chain_parse_hook
testing release v4.20
testing commit 8fe28cb58bcb235034b64cbbb7550a8a43fd88be with gcc (GCC) 8.1.0
kernel signature: b2c5180ac360e1041e3923dbf2d096e642a2303c
run #0: crashed: general protection fault in nft_chain_parse_hook
run #1: crashed: general protection fault in nft_chain_parse_hook
run #2: crashed: general protection fault in nft_chain_parse_hook
run #3: crashed: general protection fault in nft_chain_parse_hook
run #4: crashed: general protection fault in nft_chain_parse_hook
run #5: crashed: general protection fault in nft_chain_parse_hook
run #6: crashed: general protection fault in nft_chain_parse_hook
run #7: crashed: general protection fault in nft_chain_parse_hook
run #8: crashed: general protection fault in nft_chain_parse_hook
run #9: crashed: general protection fault in corrupted
testing release v4.19
testing commit 84df9525b0c27f3ebc2ebb1864fa62a97fdedb7d with gcc (GCC) 8.1.0
kernel signature: 2327e8cf8c253816ffe658d85e156235174c22ef
all runs: crashed: general protection fault in nft_chain_parse_hook
testing release v4.18
testing commit 94710cac0ef4ee177a63b5227664b38c95bbf703 with gcc (GCC) 8.1.0
kernel signature: 724629b560eb3ceaadf73f757f4bab5afff10acc
all runs: crashed: general protection fault in nft_chain_parse_hook
testing release v4.17
testing commit 29dcea88779c856c7dc92040a0c01233263101d4 with gcc (GCC) 8.1.0
kernel signature: 75c6a073bcfc45d0a811574a4898e14524f3c796
all runs: crashed: general protection fault in nft_chain_parse_hook
testing release v4.16
testing commit 0adb32858b0bddf4ada5f364a84ed60b196dbcda with gcc (GCC) 8.1.0
kernel signature: 5439572d5cb59532d7a6e5ead2412d4ebd77f788
all runs: crashed: general protection fault in nft_chain_parse_hook
testing release v4.15
testing commit d8a5b80568a9cb66810e75b182018e9edb68e8ff with gcc (GCC) 8.1.0
kernel signature: 86f75fa22bee8fec29d25d5ab1ba5eaaed68bb7b
all runs: OK
# git bisect start 0adb32858b0bddf4ada5f364a84ed60b196dbcda d8a5b80568a9cb66810e75b182018e9edb68e8ff
Bisecting: 7566 revisions left to test after this (roughly 13 steps)
[c14376de3a1befa70d9811ca2872d47367b48767] printk: Wake klogd when passing console_lock owner
testing commit c14376de3a1befa70d9811ca2872d47367b48767 with gcc (GCC) 8.1.0
kernel signature: 8efdb58fe0af3f4aabaad907fe550a020216cea5
all runs: crashed: general protection fault in nft_chain_parse_hook
# git bisect bad c14376de3a1befa70d9811ca2872d47367b48767
Bisecting: 3620 revisions left to test after this (roughly 12 steps)
[a103950e0dd2058df5e8a8d4a915707bdcf205f0] Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6
testing commit a103950e0dd2058df5e8a8d4a915707bdcf205f0 with gcc (GCC) 8.1.0
kernel signature: aefe96dbcea223df4713d813a27201d08887b234
all runs: OK
# git bisect good a103950e0dd2058df5e8a8d4a915707bdcf205f0
Bisecting: 1810 revisions left to test after this (roughly 11 steps)
[0542e13b5f5663ffdc18e0e028413b2cd09f426f] Merge branch '10GbE' of git://git.kernel.org/pub/scm/linux/kernel/git/jkirsher/next-queue
testing commit 0542e13b5f5663ffdc18e0e028413b2cd09f426f with gcc (GCC) 8.1.0
kernel signature: 36d7d1e38ee435a1a968cd1a15c9010a119b1904
all runs: crashed: general protection fault in nft_chain_parse_hook
# git bisect bad 0542e13b5f5663ffdc18e0e028413b2cd09f426f
Bisecting: 914 revisions left to test after this (roughly 10 steps)
[8a4816cad00bf14642f0ed6043b32d29a05006ce] tg3: Add Macronix NVRAM support
testing commit 8a4816cad00bf14642f0ed6043b32d29a05006ce with gcc (GCC) 8.1.0
kernel signature: a46d9631e9a0afc66956ea200f9a50d5093915d9
all runs: OK
# git bisect good 8a4816cad00bf14642f0ed6043b32d29a05006ce
Bisecting: 498 revisions left to test after this (roughly 9 steps)
[e8a9d9683c8a62f917c19e57f1618363fb9ed04e] Merge branch 'bpf-libbpf-cleanups'
testing commit e8a9d9683c8a62f917c19e57f1618363fb9ed04e with gcc (GCC) 8.1.0
kernel signature: 464f424a8a8c0295205bcf20c0e4c0febc51580d
all runs: OK
# git bisect good e8a9d9683c8a62f917c19e57f1618363fb9ed04e
Bisecting: 249 revisions left to test after this (roughly 8 steps)
[61f3c964dfd287b05d7ac6660a4f4ddfef84786c] bpf: allow socket_filter programs to use bpf_prog_test_run
testing commit 61f3c964dfd287b05d7ac6660a4f4ddfef84786c with gcc (GCC) 8.1.0
kernel signature: c72c2c716c795ef39338c0f6f85ec5e6c644c021
all runs: OK
# git bisect good 61f3c964dfd287b05d7ac6660a4f4ddfef84786c
Bisecting: 113 revisions left to test after this (roughly 7 steps)
[cbcbeedbfd76e45c3f522043bb7c6fb287779a9c] Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next
testing commit cbcbeedbfd76e45c3f522043bb7c6fb287779a9c with gcc (GCC) 8.1.0
kernel signature: 409e0cc3759d98d7ded297e72921e2b23d14b48f
all runs: crashed: general protection fault in nft_chain_parse_hook
# git bisect bad cbcbeedbfd76e45c3f522043bb7c6fb287779a9c
Bisecting: 67 revisions left to test after this (roughly 6 steps)
[571acf2106963d6c1c0ce1ed13e711bd296b2d25] net: sched: cls: add extack support for delete callback
testing commit 571acf2106963d6c1c0ce1ed13e711bd296b2d25 with gcc (GCC) 8.1.0
kernel signature: c56e4521407b6454d655fe2be00c91be938c0338
all runs: OK
# git bisect good 571acf2106963d6c1c0ce1ed13e711bd296b2d25
Bisecting: 32 revisions left to test after this (roughly 5 steps)
[ea9722e2650db8f0a0d9ef2e391c95285ef991cd] Merge git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next
testing commit ea9722e2650db8f0a0d9ef2e391c95285ef991cd with gcc (GCC) 8.1.0
kernel signature: 3286b9c683cc0b81fe1e607a6153c58776c73b30
all runs: OK
# git bisect good ea9722e2650db8f0a0d9ef2e391c95285ef991cd
Bisecting: 16 revisions left to test after this (roughly 4 steps)
[902d6a4c2a4f411582689e53fb101895ffe99028] netfilter: nf_defrag: Skip defrag if NOTRACK is set
testing commit 902d6a4c2a4f411582689e53fb101895ffe99028 with gcc (GCC) 8.1.0
kernel signature: 5b25b6f76f8e4a1f15873396818d1b7252543434
all runs: crashed: general protection fault in get_info
# git bisect bad 902d6a4c2a4f411582689e53fb101895ffe99028
Bisecting: 7 revisions left to test after this (roughly 3 steps)
[20651cefd25ffa77a15cab5853b175a6dc975ec2] netfilter: x_tables: unbreak module auto loading
testing commit 20651cefd25ffa77a15cab5853b175a6dc975ec2 with gcc (GCC) 8.1.0
kernel signature: 5fb4a689b64bb8db60ee20fa9332e6799b4ddf01
all runs: crashed: general protection fault in get_info
# git bisect bad 20651cefd25ffa77a15cab5853b175a6dc975ec2
Bisecting: 3 revisions left to test after this (roughly 2 steps)
[1ea26cca52e46c0f29ee9fdd567312ba93a7d651] netfilter: nf_tables: remove struct nft_af_info parameter in nf_tables_chain_type_lookup()
testing commit 1ea26cca52e46c0f29ee9fdd567312ba93a7d651 with gcc (GCC) 8.1.0
kernel signature: 867ed409866d6cb99c72e7aa73f74d63a2f57ef7
all runs: OK
# git bisect good 1ea26cca52e46c0f29ee9fdd567312ba93a7d651
Bisecting: 1 revision left to test after this (roughly 1 step)
[dd4cbef7235154f163501ffbf396c0dadd830c9c] netfilter: nf_tables: get rid of pernet families
testing commit dd4cbef7235154f163501ffbf396c0dadd830c9c with gcc (GCC) 8.1.0
kernel signature: 013ba0d73b6549f56b8d913328da56f952aec963
all runs: OK
# git bisect good dd4cbef7235154f163501ffbf396c0dadd830c9c
Bisecting: 0 revisions left to test after this (roughly 0 steps)
[98319cb9089844d76e65a6cce5bfbd165e698735] netfilter: nf_tables: get rid of struct nft_af_info abstraction
testing commit 98319cb9089844d76e65a6cce5bfbd165e698735 with gcc (GCC) 8.1.0
kernel signature: 55398928237d81e0387440ac14db1fa010676137
all runs: crashed: general protection fault in nft_chain_parse_hook
# git bisect bad 98319cb9089844d76e65a6cce5bfbd165e698735
98319cb9089844d76e65a6cce5bfbd165e698735 is the first bad commit
commit 98319cb9089844d76e65a6cce5bfbd165e698735
Author: Pablo Neira Ayuso <pablo@netfilter.org>
Date:   Tue Jan 9 02:48:47 2018 +0100

    netfilter: nf_tables: get rid of struct nft_af_info abstraction
    
    Remove the infrastructure to register/unregister nft_af_info structure,
    this structure stores no useful information anymore.
    
    Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

 include/net/netfilter/nf_tables.h       |  23 +--
 net/bridge/netfilter/nf_tables_bridge.c |  25 +--
 net/ipv4/netfilter/nf_tables_arp.c      |  25 +--
 net/ipv4/netfilter/nf_tables_ipv4.c     |  24 +--
 net/ipv6/netfilter/nf_tables_ipv6.c     |  24 +--
 net/netfilter/nf_tables_api.c           | 305 ++++++++------------------------
 net/netfilter/nf_tables_inet.c          |  23 +--
 net/netfilter/nf_tables_netdev.c        |  19 +-
 8 files changed, 86 insertions(+), 382 deletions(-)
culprit signature: 55398928237d81e0387440ac14db1fa010676137
parent  signature: 013ba0d73b6549f56b8d913328da56f952aec963
revisions tested: 26, total time: 5h12m12.944789577s (build: 2h36m36.116692313s, test: 2h31m27.690914132s)
first bad commit: 98319cb9089844d76e65a6cce5bfbd165e698735 netfilter: nf_tables: get rid of struct nft_af_info abstraction
cc: ["bridge@lists.linux-foundation.org" "coreteam@netfilter.org" "davem@davemloft.net" "fw@strlen.de" "kadlec@blackhole.kfki.hu" "kuznet@ms2.inr.ac.ru" "linux-kernel@vger.kernel.org" "netdev@vger.kernel.org" "netfilter-devel@vger.kernel.org" "pablo@netfilter.org" "stephen@networkplumber.org" "yoshfuji@linux-ipv6.org"]
crash: general protection fault in nft_chain_parse_hook
device veth1_vlan entered promiscuous mode
8021q: adding VLAN 0 to HW filter on device batadv0
kasan: CONFIG_KASAN_INLINE enabled
kasan: GPF could be caused by NULL-ptr deref or user memory access
general protection fault: 0000 [#1] PREEMPT SMP KASAN
Modules linked in:
CPU: 0 PID: 7296 Comm: syz-executor.0 Not tainted 4.15.0-rc7-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:nft_chain_parse_hook+0x2e9/0x950 net/netfilter/nf_tables_api.c:1233
IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready
IPv6: ADDRCONF(NETDEV_UP): veth1_virt_wifi: link is not ready
IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready
IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready
IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready
IPv6: ADDRCONF(NETDEV_UP): veth1_vlan: link is not ready
IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
device veth0_vlan entered promiscuous mode
device veth1_vlan entered promiscuous mode
IPv6: ADDRCONF(NETDEV_UP): macvlan0: link is not ready
IPv6: ADDRCONF(NETDEV_UP): macvlan1: link is not ready
RSP: 0018:ffff8800785ff2b0 EFLAGS: 00010206
RAX: dffffc0000000000 RBX: 1ffff1000f0bfe5b RCX: 0000000000000000
RDX: 0000000000000003 RSI: 0000000000000000 RDI: 0000000000000018
RBP: ffff8800785ff3a0 R08: 0000000000000000 R09: 0000000000000000
R10: ffffed000f0bfe6a R11: 0000000000000000 R12: ffff8800785ff338
R13: ffff8800785ff378 R14: 0000000000000000 R15: ffff8800785ff5f0
FS:  00007fd27cdc6700(0000) GS:ffff8800aea00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000000007191c8 CR3: 00000000a5385000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 nf_tables_addchain net/netfilter/nf_tables_api.c:1294 [inline]
 nf_tables_newchain+0x1076/0x2e50 net/netfilter/nf_tables_api.c:1527
 nfnetlink_rcv_batch net/netfilter/nfnetlink.c:394 [inline]
 nfnetlink_rcv_skb_batch net/netfilter/nfnetlink.c:495 [inline]
 nfnetlink_rcv+0x8b2/0x1850 net/netfilter/nfnetlink.c:513
 netlink_unicast_kernel net/netlink/af_netlink.c:1308 [inline]
 netlink_unicast+0x447/0x670 net/netlink/af_netlink.c:1334
 netlink_sendmsg+0x8c3/0xe80 net/netlink/af_netlink.c:1897
 sock_sendmsg_nosec net/socket.c:628 [inline]
 sock_sendmsg+0xb5/0xf0 net/socket.c:638
 ___sys_sendmsg+0x66b/0x9a0 net/socket.c:2018
 __sys_sendmsg+0xd6/0x220 net/socket.c:2052
 SYSC_sendmsg net/socket.c:2063 [inline]
 SyS_sendmsg+0xd/0x20 net/socket.c:2059
 entry_SYSCALL_64_fastpath+0x23/0x9a
RIP: 0033:0x45aff9
RSP: 002b:00007fd27cdc5c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00007fd27cdc6700 RCX: 000000000045aff9
RDX: 0000000004000000 RSI: 000000002000d400 RDI: 0000000000000004
RBP: 00007ffcb4e86710 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffcb4e865af R14: 00007fd27cdc69c0 R15: 000000000075bfd4
Code: 80 3c 02 00 0f 85 e5 05 00 00 4b 8d 04 49 4c 8b 04 c5 80 c9 73 8b 49 8d 78 18 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <0f> b6 04 02 84 c0 74 08 3c 03 0f 8e 3b 05 00 00 b8 01 00 00 00 
RIP: nft_chain_parse_hook+0x2e9/0x950 net/netfilter/nf_tables_api.c:1233 RSP: ffff8800785ff2b0
---[ end trace 80ce7767959b9822 ]---