bisecting cause commit starting from 6a9dc5fd6170d0a41c8a14eb19e63d94bea5705a building syzkaller on 344da168cb738076d82a75e1a7a1f5177df8dbc7 testing commit 6a9dc5fd6170d0a41c8a14eb19e63d94bea5705a with gcc (GCC) 8.1.0 kernel signature: 7a77552b19c89f156fee5a0b1dde8c3bad717fe61c0ddcf55da64be782bdea16 all runs: crashed: WARNING: refcount bug in qdisc_create testing release v5.8 testing commit bcf876870b95592b52519ed4aafcf9d95999bc9c with gcc (GCC) 8.1.0 kernel signature: fc1278fbf5e4ef5e0fe51b4c85b77009b4abb02c30d9511b5ea673b617bbcb6a all runs: OK # git bisect start 6a9dc5fd6170d0a41c8a14eb19e63d94bea5705a bcf876870b95592b52519ed4aafcf9d95999bc9c Bisecting: 8194 revisions left to test after this (roughly 13 steps) [8186749621ed6b8fc42644c399e8c755a2b6f630] Merge tag 'drm-next-2020-08-06' of git://anongit.freedesktop.org/drm/drm testing commit 8186749621ed6b8fc42644c399e8c755a2b6f630 with gcc (GCC) 8.1.0 kernel signature: c6f8fdf314a4e7b23edc1189b125bb96098d65e7168a445d370e79600773bd38 all runs: OK # git bisect good 8186749621ed6b8fc42644c399e8c755a2b6f630 Bisecting: 4094 revisions left to test after this (roughly 12 steps) [dfdf16ecfd6abafc22b7f02364d9bb879ca8a5ee] Merge tag 'scsi-misc' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi testing commit dfdf16ecfd6abafc22b7f02364d9bb879ca8a5ee with gcc (GCC) 8.1.0 kernel signature: d00e3b915cf5ea0106a1962a2bc050fb92b2d3af664875e09e36ffa90cdbb191 all runs: crashed: WARNING: refcount bug in qdisc_create # git bisect bad dfdf16ecfd6abafc22b7f02364d9bb879ca8a5ee Bisecting: 2054 revisions left to test after this (roughly 11 steps) [76769c38b45d94f5492ff9be363ac7007fd8e58b] Merge tag 'mlx5-updates-2020-08-03' of git://git.kernel.org/pub/scm/linux/kernel/git/saeed/linux testing commit 76769c38b45d94f5492ff9be363ac7007fd8e58b with gcc (GCC) 8.1.0 kernel signature: 1250394702269012125bbecda71df80c0df3edf539bcf28077ad5722e548a154 run #0: crashed: WARNING: refcount bug in qdisc_create run #1: crashed: WARNING: refcount bug in qdisc_create run #2: crashed: WARNING: refcount bug in qdisc_create run #3: crashed: WARNING: refcount bug in qdisc_create run #4: crashed: WARNING: refcount bug in qdisc_create run #5: crashed: WARNING: refcount bug in qdisc_create run #6: crashed: WARNING: refcount bug in qdisc_create run #7: crashed: WARNING: refcount bug in qdisc_create run #8: crashed: WARNING: refcount bug in qdisc_create run #9: boot failed: can't ssh into the instance # git bisect bad 76769c38b45d94f5492ff9be363ac7007fd8e58b Bisecting: 1022 revisions left to test after this (roughly 10 steps) [94d9f78f4d64b967273a676167bd34ddad2f978c] docs: networking: timestamping: add section for stacked PHC devices testing commit 94d9f78f4d64b967273a676167bd34ddad2f978c with gcc (GCC) 8.1.0 kernel signature: c94d473974ddb8dc2c5b4ac60b9c304025b98816f819ff56ed096cfee42f3d83 run #0: crashed: WARNING: refcount bug in qdisc_create run #1: crashed: WARNING: refcount bug in qdisc_create run #2: crashed: WARNING: refcount bug in qdisc_create run #3: crashed: WARNING: refcount bug in qdisc_create run #4: crashed: WARNING: refcount bug in qdisc_create run #5: crashed: WARNING: refcount bug in qdisc_create run #6: crashed: WARNING: refcount bug in qdisc_create run #7: crashed: WARNING: refcount bug in qdisc_create run #8: crashed: WARNING: refcount bug in qdisc_create run #9: boot failed: can't ssh into the instance # git bisect bad 94d9f78f4d64b967273a676167bd34ddad2f978c Bisecting: 514 revisions left to test after this (roughly 9 steps) [11a20c7152823efe17e282e11cdfcc683d5e2a06] Merge branch '100GbE' of git://git.kernel.org/pub/scm/linux/kernel/git/jkirsher/next-queue testing commit 11a20c7152823efe17e282e11cdfcc683d5e2a06 with gcc (GCC) 8.1.0 kernel signature: 43f406e79c9f3b10232d3a7b6c869006fa12a805bd28949b53e60a18471fd241 all runs: crashed: WARNING: refcount bug in qdisc_create # git bisect bad 11a20c7152823efe17e282e11cdfcc683d5e2a06 Bisecting: 257 revisions left to test after this (roughly 8 steps) [18c955b730002afdb0f86be39c0d202450acbbfc] bonding: Remove extraneous parentheses in bond_setup testing commit 18c955b730002afdb0f86be39c0d202450acbbfc with gcc (GCC) 8.1.0 kernel signature: 909ee2fb8285971eea48b739e939d6859d666a7c454bf819dcd1255a48c81271 all runs: OK # git bisect good 18c955b730002afdb0f86be39c0d202450acbbfc Bisecting: 128 revisions left to test after this (roughly 7 steps) [53e1f21abd89bde46ed30061c58370b8a079f6f5] sfc: commonise FC advertising testing commit 53e1f21abd89bde46ed30061c58370b8a079f6f5 with gcc (GCC) 8.1.0 kernel signature: 34ef12352bc95ec4df711f3aa4e9a4f6e7a90c8f197b93ab024ce03f4b741b11 all runs: crashed: WARNING: refcount bug in qdisc_create # git bisect bad 53e1f21abd89bde46ed30061c58370b8a079f6f5 Bisecting: 64 revisions left to test after this (roughly 6 steps) [146ba9a3679ff8846e2044886b0dfce4ad03bc08] usbnet: ipheth: fix ipheth_tx()'s return type testing commit 146ba9a3679ff8846e2044886b0dfce4ad03bc08 with gcc (GCC) 8.1.0 kernel signature: eeaa3a724663754ca4783a6181efc0f9eb61fde90e2c20636e6cd7d0ede0e778 all runs: OK # git bisect good 146ba9a3679ff8846e2044886b0dfce4ad03bc08 Bisecting: 40 revisions left to test after this (roughly 5 steps) [989d957a8b3e4442006d9ab68d0215718f57ec56] Merge branch 'TC-Introduce-qevents' testing commit 989d957a8b3e4442006d9ab68d0215718f57ec56 with gcc (GCC) 8.1.0 kernel signature: 5abda6855818db66d0d2a7283483e0d87a0471410bc38ee7dc7841bbb772b2b6 all runs: crashed: WARNING: refcount bug in qdisc_create # git bisect bad 989d957a8b3e4442006d9ab68d0215718f57ec56 Bisecting: 11 revisions left to test after this (roughly 4 steps) [7bcffde02152dd3cb180f6f3aef27e8586b2a905] net: ethernet: ti: am65-cpsw-nuss: restore vlan configuration while down/up testing commit 7bcffde02152dd3cb180f6f3aef27e8586b2a905 with gcc (GCC) 8.1.0 kernel signature: 8c5a7444eabcd49c4cf91b56d15c9e032fcc524b494f25673e845f41d1c1498c all runs: OK # git bisect good 7bcffde02152dd3cb180f6f3aef27e8586b2a905 Bisecting: 5 revisions left to test after this (roughly 3 steps) [5e701e49b7b40166cc56f7b0db205355095cad6b] Merge branch 'net-ethernet-ti-am65-cpsw-update-and-enable-sr2-0-soc' testing commit 5e701e49b7b40166cc56f7b0db205355095cad6b with gcc (GCC) 8.1.0 kernel signature: 6855ad8d0b99faa870a68768c1633c09bb2fdfbc8023a1affbc05df5b173832c all runs: OK # git bisect good 5e701e49b7b40166cc56f7b0db205355095cad6b Bisecting: 2 revisions left to test after this (roughly 2 steps) [65545ea24998bb9aab1ce713a67c693dc7a947ec] net: sched: sch_red: Split init and change callbacks testing commit 65545ea24998bb9aab1ce713a67c693dc7a947ec with gcc (GCC) 8.1.0 kernel signature: 2a32584920f1ae124eaad216afa4fc161f0bab898b1033efa5abaa5cc4fe2f00 all runs: OK # git bisect good 65545ea24998bb9aab1ce713a67c693dc7a947ec Bisecting: 0 revisions left to test after this (roughly 1 step) [6cf0291f95172db68d8a283854389a1966e43c65] selftests: forwarding: Add a RED test for SW datapath testing commit 6cf0291f95172db68d8a283854389a1966e43c65 with gcc (GCC) 8.1.0 kernel signature: d439c2c4d56a148d5cd25fc6bb86fbaa5d11759602959800b02803e81407c400 all runs: crashed: WARNING: refcount bug in qdisc_create # git bisect bad 6cf0291f95172db68d8a283854389a1966e43c65 Bisecting: 0 revisions left to test after this (roughly 0 steps) [aee9caa03fc3c8b02f8f31824354d85f30e562e0] net: sched: sch_red: Add qevents "early_drop" and "mark" testing commit aee9caa03fc3c8b02f8f31824354d85f30e562e0 with gcc (GCC) 8.1.0 kernel signature: 606e9b04e970e0465912c8f736075723693b00349f7f70b02f546264c57dd925 all runs: crashed: WARNING: refcount bug in qdisc_create # git bisect bad aee9caa03fc3c8b02f8f31824354d85f30e562e0 aee9caa03fc3c8b02f8f31824354d85f30e562e0 is the first bad commit commit aee9caa03fc3c8b02f8f31824354d85f30e562e0 Author: Petr Machata Date: Sat Jun 27 01:45:28 2020 +0300 net: sched: sch_red: Add qevents "early_drop" and "mark" In order to allow acting on dropped and/or ECN-marked packets, add two new qevents to the RED qdisc: "early_drop" and "mark". Filters attached at "early_drop" block are executed as packets are early-dropped, those attached at the "mark" block are executed as packets are ECN-marked. Two new attributes are introduced: TCA_RED_EARLY_DROP_BLOCK with the block index for the "early_drop" qevent, and TCA_RED_MARK_BLOCK for the "mark" qevent. Absence of these attributes signifies "don't care": no block is allocated in that case, or the existing blocks are left intact in case of the change callback. For purposes of offloading, blocks attached to these qevents appear with newly-introduced binder types, FLOW_BLOCK_BINDER_TYPE_RED_EARLY_DROP and FLOW_BLOCK_BINDER_TYPE_RED_MARK. Signed-off-by: Petr Machata Signed-off-by: David S. Miller include/net/flow_offload.h | 2 ++ include/uapi/linux/pkt_sched.h | 2 ++ net/sched/sch_red.c | 58 ++++++++++++++++++++++++++++++++++++++++-- 3 files changed, 60 insertions(+), 2 deletions(-) culprit signature: 606e9b04e970e0465912c8f736075723693b00349f7f70b02f546264c57dd925 parent signature: 2a32584920f1ae124eaad216afa4fc161f0bab898b1033efa5abaa5cc4fe2f00 revisions tested: 16, total time: 3h22m29.628635595s (build: 1h28m5.724273945s, test: 1h52m59.582818686s) first bad commit: aee9caa03fc3c8b02f8f31824354d85f30e562e0 net: sched: sch_red: Add qevents "early_drop" and "mark" recipients (to): ["davem@davemloft.net" "davem@davemloft.net" "jhs@mojatatu.com" "jiri@resnulli.us" "kuba@kernel.org" "netdev@vger.kernel.org" "petrm@mellanox.com" "xiyou.wangcong@gmail.com"] recipients (cc): ["linux-kernel@vger.kernel.org"] crash: WARNING: refcount bug in qdisc_create WARNING: CPU: 0 PID: 8268 at lib/refcount.c:28 refcount_warn_saturate+0x12b/0x140 lib/refcount.c:28 Kernel panic - not syncing: panic_on_warn set ... CPU: 0 PID: 8268 Comm: syz-executor.4 Not tainted 5.8.0-rc2-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x12f/0x192 lib/dump_stack.c:118 panic+0x22a/0x4e3 kernel/panic.c:231 __warn.cold.12+0x25/0x31 kernel/panic.c:600 report_bug+0x1b2/0x260 lib/bug.c:198 exc_invalid_op+0x1b6/0x370 arch/x86/kernel/traps.c:235 asm_exc_invalid_op+0x12/0x20 arch/x86/include/asm/idtentry.h:563 RIP: 0010:refcount_warn_saturate+0x12b/0x140 lib/refcount.c:28 Code: 3e ed fd 0f 0b e9 53 ff ff ff 48 89 df e8 fd d1 4d fe e9 23 ff ff ff 48 c7 c7 00 6c cf 87 c6 05 b7 4d 6d 06 01 e8 9a 3e ed fd <0f> 0b e9 2c ff ff ff 0f 1f 40 00 66 2e 0f 1f 84 00 00 00 00 00 41 RSP: 0018:ffffc900048874a0 EFLAGS: 00010282 RAX: 0000000000000000 RBX: ffff88809784a064 RCX: 0000000000000000 RDX: 0000000000000001 RSI: ffffffff87cfa400 RDI: ffffffff8b99d1a0 RBP: 0000000000000003 R08: ffffed1015d06315 R09: ffffed1015d06315 R10: ffff8880ae8318a7 R11: ffffed1015d06314 R12: ffff8880997a2000 R13: ffff8880883f9000 R14: 00000000ffffffea R15: ffff8880883f903c qdisc_create+0xb2b/0x1070 net/sched/sch_api.c:1294 tc_modify_qdisc+0x3ba/0x1720 net/sched/sch_api.c:1661 rtnetlink_rcv_msg+0x346/0x8c0 net/core/rtnetlink.c:5460 netlink_rcv_skb+0x117/0x370 net/netlink/af_netlink.c:2469 netlink_unicast_kernel net/netlink/af_netlink.c:1303 [inline] netlink_unicast+0x434/0x630 net/netlink/af_netlink.c:1329 netlink_sendmsg+0x714/0xc60 net/netlink/af_netlink.c:1918 sock_sendmsg_nosec net/socket.c:652 [inline] sock_sendmsg+0xac/0xe0 net/socket.c:672 ____sys_sendmsg+0x57b/0x790 net/socket.c:2352 ___sys_sendmsg+0xe4/0x160 net/socket.c:2406 __sys_sendmsg+0xce/0x170 net/socket.c:2439 do_syscall_64+0x60/0xe0 arch/x86/entry/common.c:359 entry_SYSCALL_64_after_hwframe+0x44/0xa9 RIP: 0033:0x45d579 Code: Bad RIP value. RSP: 002b:00007f45d23ecc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 000000000002cd80 RCX: 000000000045d579 RDX: 0000000000000000 RSI: 0000000020000240 RDI: 0000000000000004 RBP: 000000000118d020 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000118cfec R13: 00007ffd2966404f R14: 00007f45d23ed9c0 R15: 000000000118cfec Kernel Offset: disabled