bisecting cause commit starting from d96d875ef5dd372f533059a44f98e92de9cf0d42 building syzkaller on 8eda0b957e5b39c0c525e74f51d6b39ab8c5b1ac testing commit d96d875ef5dd372f533059a44f98e92de9cf0d42 with gcc (GCC) 8.1.0 kernel signature: 5969a27fe6422e236347ad57e636c8fcbe5e59bd all runs: crashed: WARNING in cbq_destroy_class testing release v5.4 testing commit 219d54332a09e8d8741c1e1982f5eae56099de85 with gcc (GCC) 8.1.0 kernel signature: 70b702b9cae3e1add75e03021df3d2fa140fdf0b all runs: crashed: WARNING in cbq_destroy_class testing release v5.3 testing commit 4d856f72c10ecb060868ed10ff1b1453943fc6c8 with gcc (GCC) 8.1.0 kernel signature: 921c2b6db9bc2c2bd73d3afac618bc327e558273 all runs: crashed: WARNING in cbq_destroy_class testing release v5.2 testing commit 0ecfebd2b52404ae0c54a878c872bb93363ada36 with gcc (GCC) 8.1.0 kernel signature: 6e4de31eddbacbdb0112b0b61f488c610ae4e337 all runs: crashed: WARNING in cbq_destroy_class testing release v5.1 testing commit e93c9c99a629c61837d5a7fc2120cd2b6c70dbdd with gcc (GCC) 8.1.0 kernel signature: f1a94e8c07a56f466dec840586eb0c0f97968a51 all runs: crashed: WARNING in cbq_destroy_class testing release v5.0 testing commit 1c163f4c7b3f621efff9b28a47abb36f7378d783 with gcc (GCC) 8.1.0 kernel signature: ad3417fe5a4843f4e7588bbd18f477141927dde6 all runs: crashed: WARNING in cbq_destroy_class testing release v4.20 testing commit 8fe28cb58bcb235034b64cbbb7550a8a43fd88be with gcc (GCC) 8.1.0 kernel signature: 962998e2538e93f72a94089c6d9b4656195cce7a all runs: crashed: WARNING in cbq_destroy_class testing release v4.19 testing commit 84df9525b0c27f3ebc2ebb1864fa62a97fdedb7d with gcc (GCC) 8.1.0 kernel signature: 8b85db0c1a7a768ee8de60596656ea54467263e6 all runs: crashed: WARNING in cbq_destroy_class testing release v4.18 testing commit 94710cac0ef4ee177a63b5227664b38c95bbf703 with gcc (GCC) 8.1.0 kernel signature: 571137ddc185843bea1a2f0a7b7ffe6039ce220c all runs: crashed: WARNING in cbq_destroy_class testing release v4.17 testing commit 29dcea88779c856c7dc92040a0c01233263101d4 with gcc (GCC) 8.1.0 kernel signature: 6f435088a2cea56fe2e7bef0131f73f3d7b8af3b all runs: crashed: WARNING in cbq_destroy_class testing release v4.16 testing commit 0adb32858b0bddf4ada5f364a84ed60b196dbcda with gcc (GCC) 8.1.0 kernel signature: d7a65e8e8af2d2ae34970c6fb0a73494e4d409dc all runs: crashed: WARNING in cbq_destroy_class testing release v4.15 testing commit d8a5b80568a9cb66810e75b182018e9edb68e8ff with gcc (GCC) 8.1.0 kernel signature: a1727f384fabeb59bab3efdc0474ba607fc38685 all runs: crashed: WARNING in cbq_destroy_class testing release v4.14 testing commit bebc6082da0a9f5d47a1ea2edc099bf671058bd4 with gcc (GCC) 8.1.0 kernel signature: 88f698c9bd73671827448e4038c8fb1197a4c3eb all runs: OK # git bisect start d8a5b80568a9cb66810e75b182018e9edb68e8ff bebc6082da0a9f5d47a1ea2edc099bf671058bd4 Bisecting: 8497 revisions left to test after this (roughly 13 steps) [5d352e69c60e54b5f04d6e337a1d2bf0dbf3d94a] Merge tag 'media/v4.15-1' of ssh://gitolite.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media testing commit 5d352e69c60e54b5f04d6e337a1d2bf0dbf3d94a with gcc (GCC) 8.1.0 kernel signature: 9af0d96c95915381b1c93329f8cfd93ba78bb700 all runs: OK # git bisect good 5d352e69c60e54b5f04d6e337a1d2bf0dbf3d94a Bisecting: 3900 revisions left to test after this (roughly 12 steps) [f6705bf959efac87bca76d40050d342f1d212587] Merge tag 'drm-for-v4.15-amd-dc' of git://people.freedesktop.org/~airlied/linux testing commit f6705bf959efac87bca76d40050d342f1d212587 with gcc (GCC) 8.1.0 kernel signature: dca7eea5dc5d7fba2aa46168bd9bb1b9c2c5244e all runs: OK # git bisect good f6705bf959efac87bca76d40050d342f1d212587 Bisecting: 1936 revisions left to test after this (roughly 11 steps) [4066aa72f9f2886105c6f747d7f9bd4f14f53c12] Merge tag 'drm-fixes-for-v4.15-rc3' of git://people.freedesktop.org/~airlied/linux testing commit 4066aa72f9f2886105c6f747d7f9bd4f14f53c12 with gcc (GCC) 8.1.0 kernel signature: a85cdc8be38b40331be1c2a25d5aad3eb4a2e14a all runs: crashed: WARNING in cbq_destroy_class # git bisect bad 4066aa72f9f2886105c6f747d7f9bd4f14f53c12 Bisecting: 981 revisions left to test after this (roughly 10 steps) [3d18cbb7fd0cfdf0b2ca18139950a4b0c1a0a220] rxrpc: Fix conn expiry timers testing commit 3d18cbb7fd0cfdf0b2ca18139950a4b0c1a0a220 with gcc (GCC) 8.1.0 kernel signature: 510d573714ae65a27edd04f0218db2bf7c3bf688 all runs: OK # git bisect good 3d18cbb7fd0cfdf0b2ca18139950a4b0c1a0a220 Bisecting: 505 revisions left to test after this (roughly 9 steps) [75f64f68afa165ebe139cca2adb4df0a229a06de] Merge branch 'for-linus' of git://git.kernel.dk/linux-block testing commit 75f64f68afa165ebe139cca2adb4df0a229a06de with gcc (GCC) 8.1.0 kernel signature: 6993f244e4b783d8ee8b259fd959b032c3c8de33 all runs: crashed: WARNING in cbq_destroy_class # git bisect bad 75f64f68afa165ebe139cca2adb4df0a229a06de Bisecting: 237 revisions left to test after this (roughly 8 steps) [6ea8d958a2c95a1d514015d4e29ba21a8c0a1a91] mm/madvise.c: fix madvise() infinite loop under special circumstances testing commit 6ea8d958a2c95a1d514015d4e29ba21a8c0a1a91 with gcc (GCC) 8.1.0 kernel signature: b5b17a9d763d7e8775729d7a1e2ae7f928f38411 all runs: OK # git bisect good 6ea8d958a2c95a1d514015d4e29ba21a8c0a1a91 Bisecting: 123 revisions left to test after this (roughly 7 steps) [b9151761021e25c024a6670df4e7c43ffbab0e1d] Merge tag 'nfsd-4.15-1' of git://linux-nfs.org/~bfields/linux testing commit b9151761021e25c024a6670df4e7c43ffbab0e1d with gcc (GCC) 8.1.0 kernel signature: d6267e4dc476ba5fb9dba5dc175b3500f6fe86a9 all runs: crashed: WARNING in cbq_destroy_class # git bisect bad b9151761021e25c024a6670df4e7c43ffbab0e1d Bisecting: 56 revisions left to test after this (roughly 6 steps) [0195a21079c077abfb475a56830b06b37424982a] atm: suni: remove extraneous space to fix indentation testing commit 0195a21079c077abfb475a56830b06b37424982a with gcc (GCC) 8.1.0 kernel signature: 58da1339977ecf7133a963ebc410245507b1244f all runs: OK # git bisect good 0195a21079c077abfb475a56830b06b37424982a Bisecting: 23 revisions left to test after this (roughly 5 steps) [26cd94744e142dd5d5a21e2c1e31bacc120b2d74] Merge tag 'for-4.15-rc2-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux testing commit 26cd94744e142dd5d5a21e2c1e31bacc120b2d74 with gcc (GCC) 8.1.0 kernel signature: 5728adafd5c7e90f549755d0ba0cb8e9b15619bd all runs: crashed: WARNING in cbq_destroy_class # git bisect bad 26cd94744e142dd5d5a21e2c1e31bacc120b2d74 Bisecting: 15 revisions left to test after this (roughly 4 steps) [fccfde4443494df7262920565e2a43fbfbae63bc] Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc testing commit fccfde4443494df7262920565e2a43fbfbae63bc with gcc (GCC) 8.1.0 kernel signature: 3a742b22dc854514709f14e4a8fffd08867e9949 all runs: crashed: WARNING in cbq_destroy_class # git bisect bad fccfde4443494df7262920565e2a43fbfbae63bc Bisecting: 8 revisions left to test after this (roughly 3 steps) [668533dc0764b30c9dd2baf3ca800156f688326b] kallsyms: take advantage of the new '%px' format testing commit 668533dc0764b30c9dd2baf3ca800156f688326b with gcc (GCC) 8.1.0 kernel signature: 5d928f23d9c47743a9abd44ab6a55649c357614e all runs: OK # git bisect good 668533dc0764b30c9dd2baf3ca800156f688326b Bisecting: 4 revisions left to test after this (roughly 2 steps) [a7e4fbbfdf7935333800bd801f6affc2515506f2] net: via: via-rhine: use %p to format void * address instead of %x testing commit a7e4fbbfdf7935333800bd801f6affc2515506f2 with gcc (GCC) 8.1.0 kernel signature: 2da7d2c1029ff7f4751ef1b97480693886e870d5 all runs: crashed: WARNING in cbq_destroy_class # git bisect bad a7e4fbbfdf7935333800bd801f6affc2515506f2 Bisecting: 1 revision left to test after this (roughly 1 step) [01e4fab6c1131a5e4f12104e7134da701def0434] myri10ge: Update MAINTAINERS testing commit 01e4fab6c1131a5e4f12104e7134da701def0434 with gcc (GCC) 8.1.0 kernel signature: e5907d4c173f28fa9a17931d386f25566651dea9 all runs: crashed: WARNING in cbq_destroy_class # git bisect bad 01e4fab6c1131a5e4f12104e7134da701def0434 Bisecting: 0 revisions left to test after this (roughly 0 steps) [d51aae68b142f48232257e96ce317db25445418d] net: sched: cbq: create block for q->link.block testing commit d51aae68b142f48232257e96ce317db25445418d with gcc (GCC) 8.1.0 kernel signature: dcb98ecd4b39d69f4a60f0d2872127198f558331 all runs: crashed: WARNING in cbq_destroy_class # git bisect bad d51aae68b142f48232257e96ce317db25445418d d51aae68b142f48232257e96ce317db25445418d is the first bad commit commit d51aae68b142f48232257e96ce317db25445418d Author: Jiri Pirko Date: Mon Nov 27 18:37:21 2017 +0100 net: sched: cbq: create block for q->link.block q->link.block is not initialized, that leads to EINVAL when one tries to add filter there. So initialize it properly. This can be reproduced by: $ tc qdisc add dev eth0 root handle 1: cbq avpkt 1000 rate 1000Mbit bandwidth 1000Mbit $ tc filter add dev eth0 parent 1: protocol ip prio 100 u32 match ip protocol 0 0x00 flowid 1:1 Reported-by: Jaroslav Aster Reported-by: Ivan Vecera Fixes: 6529eaba33f0 ("net: sched: introduce tcf block infractructure") Signed-off-by: Jiri Pirko Acked-by: Eelco Chaudron Reviewed-by: Ivan Vecera Signed-off-by: David S. Miller net/sched/sch_cbq.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) culprit signature: dcb98ecd4b39d69f4a60f0d2872127198f558331 parent signature: 58da1339977ecf7133a963ebc410245507b1244f revisions tested: 27, total time: 5h25m11.856291031s (build: 2h32m43.392255047s, test: 2h49m46.216060819s) first bad commit: d51aae68b142f48232257e96ce317db25445418d net: sched: cbq: create block for q->link.block cc: ["davem@davemloft.net" "echaudro@redhat.com" "ivecera@redhat.com" "jiri@mellanox.com"] crash: WARNING in cbq_destroy_class IPv6: ADDRCONF(NETDEV_UP): batadv_slave_1: link is not ready batman_adv: batadv0: Interface activated: batadv_slave_1 IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready netlink: 96 bytes leftover after parsing attributes in process `syz-executor.5'. WARNING: CPU: 0 PID: 7279 at net/sched/sch_cbq.c:1412 cbq_destroy_class+0xe4/0x110 net/sched/sch_cbq.c:1420 Kernel panic - not syncing: panic_on_warn set ... CPU: 0 PID: 7279 Comm: syz-executor.5 Not tainted 4.14.0-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x145/0x1e1 lib/dump_stack.c:53 panic+0x1a9/0x34e kernel/panic.c:183 __warn.cold.8+0x120/0x156 kernel/panic.c:547 report_bug+0x1a3/0x230 lib/bug.c:184 fixup_bug arch/x86/kernel/traps.c:177 [inline] do_error_trap+0x1bd/0x460 arch/x86/kernel/traps.c:295 do_invalid_op+0x1b/0x20 arch/x86/kernel/traps.c:314 invalid_op+0x18/0x20 arch/x86/entry/entry_64.S:926 RIP: 0010:cbq_destroy_class+0xe4/0x110 net/sched/sch_cbq.c:1412 RSP: 0018:ffff8800866ff078 EFLAGS: 00010202 RAX: 0000000000000001 RBX: ffff880098ee46a0 RCX: ffff88009ce90140 RDX: 1ffff100131dc8f8 RSI: ffff880098ee46a0 RDI: ffff880098ee47c0 RBP: ffff8800866ff088 R08: ffff8800862fca58 R09: 0000000000000006 R10: 0000000000000000 R11: ffff8800862fc140 R12: ffff880098ee4480 R13: 0000000000000000 R14: 0000000000000000 R15: ffffed00131dc8c8 cbq_destroy+0x1ff/0x2e0 net/sched/sch_cbq.c:1446 qdisc_destroy+0x110/0x3b0 net/sched/sch_generic.c:725 notify_and_destroy+0x34/0x40 net/sched/sch_api.c:885 qdisc_graft+0x350/0xca0 net/sched/sch_api.c:949 tc_modify_qdisc+0x908/0x1859 net/sched/sch_api.c:1434 rtnetlink_rcv_msg+0x50e/0xee0 net/core/rtnetlink.c:4411 netlink_rcv_skb+0x211/0x490 net/netlink/af_netlink.c:2405 rtnetlink_rcv+0x10/0x20 net/core/rtnetlink.c:4423 netlink_unicast_kernel net/netlink/af_netlink.c:1272 [inline] netlink_unicast+0x424/0x630 net/netlink/af_netlink.c:1298 netlink_sendmsg+0x8c3/0xe80 net/netlink/af_netlink.c:1861 sock_sendmsg_nosec net/socket.c:632 [inline] sock_sendmsg+0xb5/0xf0 net/socket.c:642 kernel_sendmsg+0x26/0x30 net/socket.c:650 sock_no_sendpage+0x1a8/0x260 net/core/sock.c:2571 kernel_sendpage+0x60/0xd0 net/socket.c:3386 sock_sendpage+0x73/0xd0 net/socket.c:857 pipe_to_sendpage+0x228/0x4e0 fs/splice.c:451 splice_from_pipe_feed fs/splice.c:502 [inline] __splice_from_pipe+0x2cb/0x720 fs/splice.c:626 splice_from_pipe+0x1a7/0x300 fs/splice.c:661 generic_splice_sendpage+0x10/0x20 fs/splice.c:832 do_splice_from fs/splice.c:851 [inline] do_splice fs/splice.c:1147 [inline] SYSC_splice fs/splice.c:1402 [inline] SyS_splice+0x740/0x1930 fs/splice.c:1382 entry_SYSCALL_64_fastpath+0x23/0x9a RIP: 0033:0x45b349 RSP: 002b:00007fe9b2575c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000113 RAX: ffffffffffffffda RBX: 00007fe9b25766d4 RCX: 000000000045b349 RDX: 0000000000000009 RSI: 0000000000000000 RDI: 0000000000000007 RBP: 0000000000000086 R08: 000000000004ffe0 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffe09e68fbf R14: 00007fe9b25769c0 R15: 000000000075bfd4 Kernel Offset: disabled Rebooting in 86400 seconds..