bisecting cause commit starting from 63623fd44972d1ed2bfb6e0fb631dfcf547fd1e7 building syzkaller on c88c7b75a4e022b758f4b0f1bf3db8ebb2fb25e6 testing commit 63623fd44972d1ed2bfb6e0fb631dfcf547fd1e7 with gcc (GCC) 8.1.0 kernel signature: 06e77a4d0ecce8a7609c83428d4613844f5929b6b521ebe47e959c918a1e1271 run #0: crashed: WARNING in geneve_exit_batch_net run #1: crashed: WARNING in geneve_exit_batch_net run #2: crashed: WARNING in geneve_exit_batch_net run #3: crashed: WARNING in geneve_exit_batch_net run #4: crashed: WARNING in geneve_exit_batch_net run #5: crashed: WARNING in geneve_exit_batch_net run #6: OK run #7: OK run #8: OK run #9: OK testing release v5.5 testing commit d5226fa6dbae0569ee43ecfc08bdcd6770fc4755 with gcc (GCC) 8.1.0 kernel signature: 164016c0a60ecba9d8f9375f06ff0696454e9386ac68168eebe02e1c20d4607c run #0: crashed: WARNING in geneve_exit_batch_net run #1: crashed: general protection fault in ip_route_output_key_hash_rcu run #2: crashed: WARNING in geneve_exit_batch_net run #3: crashed: WARNING in geneve_exit_batch_net run #4: crashed: WARNING in geneve_exit_batch_net run #5: crashed: WARNING in geneve_exit_batch_net run #6: crashed: general protection fault in ip_route_output_key_hash_rcu run #7: crashed: general protection fault in ip_route_output_key_hash_rcu run #8: crashed: WARNING in geneve_exit_batch_net run #9: OK testing release v5.4 testing commit 219d54332a09e8d8741c1e1982f5eae56099de85 with gcc (GCC) 8.1.0 kernel signature: 47e301f2dd8f48a93733b3813098689aef519e1561953bcc84ea495c0cc25a7e run #0: crashed: WARNING in geneve_exit_batch_net run #1: crashed: WARNING in geneve_exit_batch_net run #2: OK run #3: OK run #4: crashed: WARNING in geneve_exit_batch_net run #5: crashed: WARNING in geneve_exit_batch_net run #6: crashed: WARNING in geneve_exit_batch_net run #7: crashed: WARNING in geneve_exit_batch_net run #8: OK run #9: OK testing release v5.3 testing commit 4d856f72c10ecb060868ed10ff1b1453943fc6c8 with gcc (GCC) 8.1.0 kernel signature: 151d38480e9234ab52688e4f447fbcf643c18c160402563549805002758f0fef all runs: crashed: WARNING in geneve_exit_batch_net testing release v5.2 testing commit 0ecfebd2b52404ae0c54a878c872bb93363ada36 with gcc (GCC) 8.1.0 kernel signature: dfe1467c134229a6cc463a576dc59bd8d6088dc95edd5efa105acd237391d911 run #0: crashed: WARNING in geneve_exit_batch_net run #1: crashed: WARNING in geneve_exit_batch_net run #2: crashed: WARNING in geneve_exit_batch_net run #3: crashed: unregister_netdevice: waiting for DEV to become free run #4: crashed: unregister_netdevice: waiting for DEV to become free run #5: crashed: WARNING in geneve_exit_batch_net run #6: crashed: unregister_netdevice: waiting for DEV to become free run #7: crashed: unregister_netdevice: waiting for DEV to become free run #8: crashed: unregister_netdevice: waiting for DEV to become free run #9: OK testing release v5.1 testing commit e93c9c99a629c61837d5a7fc2120cd2b6c70dbdd with gcc (GCC) 8.1.0 kernel signature: d0b4a848ed64c10a681d6ed2e54d8099c7a18367bc31fcf644bc4df7293c4840 run #0: crashed: unregister_netdevice: waiting for DEV to become free run #1: crashed: unregister_netdevice: waiting for DEV to become free run #2: crashed: WARNING in geneve_exit_batch_net run #3: crashed: unregister_netdevice: waiting for DEV to become free run #4: crashed: unregister_netdevice: waiting for DEV to become free run #5: crashed: unregister_netdevice: waiting for DEV to become free run #6: crashed: WARNING in geneve_exit_batch_net run #7: crashed: unregister_netdevice: waiting for DEV to become free run #8: crashed: unregister_netdevice: waiting for DEV to become free run #9: crashed: unregister_netdevice: waiting for DEV to become free testing release v5.0 testing commit 1c163f4c7b3f621efff9b28a47abb36f7378d783 with gcc (GCC) 8.1.0 kernel signature: 729c3b6fecc53a4f5304419caa50690cb3e7a3eb4feb074139304ec5a659f4d1 run #0: crashed: unregister_netdevice: waiting for DEV to become free run #1: crashed: unregister_netdevice: waiting for DEV to become free run #2: crashed: unregister_netdevice: waiting for DEV to become free run #3: crashed: unregister_netdevice: waiting for DEV to become free run #4: crashed: unregister_netdevice: waiting for DEV to become free run #5: crashed: unregister_netdevice: waiting for DEV to become free run #6: crashed: unregister_netdevice: waiting for DEV to become free run #7: crashed: unregister_netdevice: waiting for DEV to become free run #8: OK run #9: OK testing release v4.20 testing commit 8fe28cb58bcb235034b64cbbb7550a8a43fd88be with gcc (GCC) 8.1.0 kernel signature: a589eb0dd92f978260e1633dc2df9c66532c4005ce4ff23cc3af9831a096a358 run #0: crashed: WARNING in geneve_exit_batch_net run #1: crashed: unregister_netdevice: waiting for DEV to become free run #2: crashed: unregister_netdevice: waiting for DEV to become free run #3: crashed: WARNING in geneve_exit_batch_net run #4: crashed: unregister_netdevice: waiting for DEV to become free run #5: crashed: unregister_netdevice: waiting for DEV to become free run #6: crashed: unregister_netdevice: waiting for DEV to become free run #7: crashed: unregister_netdevice: waiting for DEV to become free run #8: crashed: unregister_netdevice: waiting for DEV to become free run #9: crashed: unregister_netdevice: waiting for DEV to become free testing release v4.19 testing commit 84df9525b0c27f3ebc2ebb1864fa62a97fdedb7d with gcc (GCC) 8.1.0 kernel signature: c22db03a1ecedfa5bd93d74128f8167682ded84b5696cafeb3f9da1e472bbadb run #0: crashed: unregister_netdevice: waiting for DEV to become free run #1: crashed: unregister_netdevice: waiting for DEV to become free run #2: crashed: unregister_netdevice: waiting for DEV to become free run #3: crashed: unregister_netdevice: waiting for DEV to become free run #4: crashed: unregister_netdevice: waiting for DEV to become free run #5: crashed: unregister_netdevice: waiting for DEV to become free run #6: crashed: unregister_netdevice: waiting for DEV to become free run #7: OK run #8: OK run #9: crashed: unregister_netdevice: waiting for DEV to become free testing release v4.18 testing commit 94710cac0ef4ee177a63b5227664b38c95bbf703 with gcc (GCC) 8.1.0 kernel signature: 18167be037782dccf023201a1a4862d4ce0bacbfe2e9b42af3be06de37f3629a run #0: crashed: unregister_netdevice: waiting for DEV to become free run #1: crashed: unregister_netdevice: waiting for DEV to become free run #2: crashed: unregister_netdevice: waiting for DEV to become free run #3: crashed: unregister_netdevice: waiting for DEV to become free run #4: crashed: unregister_netdevice: waiting for DEV to become free run #5: crashed: unregister_netdevice: waiting for DEV to become free run #6: OK run #7: crashed: unregister_netdevice: waiting for DEV to become free run #8: crashed: unregister_netdevice: waiting for DEV to become free run #9: OK testing release v4.17 testing commit 29dcea88779c856c7dc92040a0c01233263101d4 with gcc (GCC) 8.1.0 kernel signature: a087e6f891ed8268f455843954d702d6a9bb10d7c976060a047ecf4f6a7b096c run #0: crashed: unregister_netdevice: waiting for DEV to become free run #1: crashed: unregister_netdevice: waiting for DEV to become free run #2: crashed: unregister_netdevice: waiting for DEV to become free run #3: crashed: unregister_netdevice: waiting for DEV to become free run #4: crashed: WARNING in geneve_exit_batch_net run #5: crashed: WARNING in geneve_exit_batch_net run #6: crashed: unregister_netdevice: waiting for DEV to become free run #7: crashed: unregister_netdevice: waiting for DEV to become free run #8: crashed: unregister_netdevice: waiting for DEV to become free run #9: crashed: unregister_netdevice: waiting for DEV to become free testing release v4.16 testing commit 0adb32858b0bddf4ada5f364a84ed60b196dbcda with gcc (GCC) 8.1.0 kernel signature: 3f4621bfed34faf3007108a89cecca32992121d9eb20494a4481596a4b681535 all runs: crashed: WARNING in geneve_exit_batch_net testing release v4.15 testing commit d8a5b80568a9cb66810e75b182018e9edb68e8ff with gcc (GCC) 8.1.0 kernel signature: 1a31cb37bb75c31451d9f8b40b8f3183f1658e02c51744f61b132033eb677caa all runs: OK # git bisect start 0adb32858b0bddf4ada5f364a84ed60b196dbcda d8a5b80568a9cb66810e75b182018e9edb68e8ff Bisecting: 7566 revisions left to test after this (roughly 13 steps) [c14376de3a1befa70d9811ca2872d47367b48767] printk: Wake klogd when passing console_lock owner testing commit c14376de3a1befa70d9811ca2872d47367b48767 with gcc (GCC) 8.1.0 kernel signature: 8a208e6d3e423a74f5b4b3643933932b94fafad3acfa29147eb3db6bc6ec6aa2 all runs: crashed: WARNING in geneve_exit_batch_net # git bisect bad c14376de3a1befa70d9811ca2872d47367b48767 Bisecting: 3620 revisions left to test after this (roughly 12 steps) [a103950e0dd2058df5e8a8d4a915707bdcf205f0] Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 testing commit a103950e0dd2058df5e8a8d4a915707bdcf205f0 with gcc (GCC) 8.1.0 kernel signature: 06e0015686d386da92fc45c1d89fe4b30bec218c2b957238bda40de7b72619b1 all runs: OK # git bisect good a103950e0dd2058df5e8a8d4a915707bdcf205f0 Bisecting: 1810 revisions left to test after this (roughly 11 steps) [0542e13b5f5663ffdc18e0e028413b2cd09f426f] Merge branch '10GbE' of git://git.kernel.org/pub/scm/linux/kernel/git/jkirsher/next-queue testing commit 0542e13b5f5663ffdc18e0e028413b2cd09f426f with gcc (GCC) 8.1.0 kernel signature: e99ad28f11b7dc7322718a9f6793b55db42ee64c5ee6d1818ee90496e516e2d2 all runs: crashed: WARNING in geneve_exit_batch_net # git bisect bad 0542e13b5f5663ffdc18e0e028413b2cd09f426f Bisecting: 914 revisions left to test after this (roughly 10 steps) [8a4816cad00bf14642f0ed6043b32d29a05006ce] tg3: Add Macronix NVRAM support testing commit 8a4816cad00bf14642f0ed6043b32d29a05006ce with gcc (GCC) 8.1.0 kernel signature: 73020e265af31cfadd6b973c78a36c8aa17d62dc59935d54df8093d54de8c085 all runs: OK # git bisect good 8a4816cad00bf14642f0ed6043b32d29a05006ce Bisecting: 498 revisions left to test after this (roughly 9 steps) [e8a9d9683c8a62f917c19e57f1618363fb9ed04e] Merge branch 'bpf-libbpf-cleanups' testing commit e8a9d9683c8a62f917c19e57f1618363fb9ed04e with gcc (GCC) 8.1.0 kernel signature: c3f01096a09af56e1bf74d6845ea3f874f4cd7ac06f4272ce3ba7ddf7afef7dd all runs: crashed: WARNING in geneve_exit_batch_net # git bisect bad e8a9d9683c8a62f917c19e57f1618363fb9ed04e Bisecting: 207 revisions left to test after this (roughly 8 steps) [4312782479fbf7c5efb9a6f19ad90f8d924055c1] net/mlx5e: IPoIB, Fix spelling mistake "functionts" -> "functions" testing commit 4312782479fbf7c5efb9a6f19ad90f8d924055c1 with gcc (GCC) 8.1.0 kernel signature: f19613f7f29aad9ea9b2039f725be1ab0a45d8ca0398a77a43f4e417762d743f all runs: crashed: WARNING in geneve_exit_batch_net # git bisect bad 4312782479fbf7c5efb9a6f19ad90f8d924055c1 Bisecting: 103 revisions left to test after this (roughly 7 steps) [6b3d933000cbe539e5b234d639b083da60bb275c] netfilter: ipvs: Remove useless ipvsh param of frag_safe_skb_hp testing commit 6b3d933000cbe539e5b234d639b083da60bb275c with gcc (GCC) 8.1.0 kernel signature: 71e2d735bf12ad615db03ae22e1ffd09f557c0e70afcfa80fb6612f68f2f80f7 all runs: OK # git bisect good 6b3d933000cbe539e5b234d639b083da60bb275c Bisecting: 57 revisions left to test after this (roughly 6 steps) [f998b6b10144cd9809da6af02758615f789e8aa1] netfilter: ipset: Missing nfnl_lock()/nfnl_unlock() is added to ip_set_net_exit() testing commit f998b6b10144cd9809da6af02758615f789e8aa1 with gcc (GCC) 8.1.0 kernel signature: 08216cae13a7ef0b40d012800fddd17710296366c92e02e6752048ef46cc7651 run #0: crashed: WARNING in geneve_exit_batch_net run #1: crashed: WARNING in geneve_exit_batch_net run #2: crashed: WARNING in geneve_exit_batch_net run #3: crashed: WARNING in geneve_exit_batch_net run #4: crashed: WARNING in geneve_exit_batch_net run #5: crashed: WARNING in geneve_exit_batch_net run #6: crashed: general protection fault in ip_route_output_key_hash_rcu run #7: crashed: WARNING in geneve_exit_batch_net run #8: crashed: WARNING in geneve_exit_batch_net run #9: crashed: WARNING in geneve_exit_batch_net # git bisect bad f998b6b10144cd9809da6af02758615f789e8aa1 Bisecting: 22 revisions left to test after this (roughly 5 steps) [12355d3670dac0dde5aae3deefb59f8cc0a9ed2a] netfilter: nf_tables_inet: don't use multihook infrastructure anymore testing commit 12355d3670dac0dde5aae3deefb59f8cc0a9ed2a with gcc (GCC) 8.1.0 kernel signature: bd911df902a078b2f9d36bb4e502b60b602d8d16016bee2528d05a5c44514069 all runs: crashed: WARNING in geneve_exit_batch_net # git bisect bad 12355d3670dac0dde5aae3deefb59f8cc0a9ed2a Bisecting: 11 revisions left to test after this (roughly 4 steps) [2a95183a5e0375df756efb2ca37602d71e8455f9] netfilter: don't allocate space for arp/bridge hooks unless needed testing commit 2a95183a5e0375df756efb2ca37602d71e8455f9 with gcc (GCC) 8.1.0 kernel signature: 9ca4786e5b0b2a1378f7efdea2f087b7169e880c3602385d2bad2c4ae7ab2cc1 all runs: crashed: WARNING in geneve_exit_batch_net # git bisect bad 2a95183a5e0375df756efb2ca37602d71e8455f9 Bisecting: 5 revisions left to test after this (roughly 3 steps) [26888dfd7e7454686b8d3ea9ba5045d5f236e4d7] netfilter: core: remove synchronize_net call if nfqueue is used testing commit 26888dfd7e7454686b8d3ea9ba5045d5f236e4d7 with gcc (GCC) 8.1.0 kernel signature: b1f13ae204a3a211e08948a1ca3649042743d7cb2f02292e81feeacb75bba87d run #0: crashed: WARNING: suspicious RCU usage in ip_set_net_exit run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect bad 26888dfd7e7454686b8d3ea9ba5045d5f236e4d7 Bisecting: 2 revisions left to test after this (roughly 1 step) [a778a15fa5cf5f632cd55845f548189a29e9b57b] netfilter: ipset: add resched points during set listing testing commit a778a15fa5cf5f632cd55845f548189a29e9b57b with gcc (GCC) 8.1.0 kernel signature: 4317f27d5cfffb489e42893dc3abc36eab13d1177379e1583db5a4ff2806b625 all runs: OK # git bisect good a778a15fa5cf5f632cd55845f548189a29e9b57b Bisecting: 0 revisions left to test after this (roughly 1 step) [4e645b47c4f000a503b9c90163ad905786b9bc1d] netfilter: core: make nf_unregister_net_hooks simple wrapper again testing commit 4e645b47c4f000a503b9c90163ad905786b9bc1d with gcc (GCC) 8.1.0 kernel signature: 9fd297625a63ba771378b23c58713b293c41540fc651852da947e1921d8bc0c3 run #0: crashed: WARNING: suspicious RCU usage in ip_set_net_exit run #1: crashed: WARNING in geneve_exit_batch_net run #2: crashed: WARNING in geneve_exit_batch_net run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect bad 4e645b47c4f000a503b9c90163ad905786b9bc1d Bisecting: 0 revisions left to test after this (roughly 0 steps) [ca9b01473a474a45b7a8a419a897a2aaf3304249] netfilter: nf_conntrack_h323: Remove unwanted comments. testing commit ca9b01473a474a45b7a8a419a897a2aaf3304249 with gcc (GCC) 8.1.0 kernel signature: ed30d05f9cc3a4cdf3fb4deb3768d32f3586baf91368d1454145d46680a8108b all runs: OK # git bisect good ca9b01473a474a45b7a8a419a897a2aaf3304249 4e645b47c4f000a503b9c90163ad905786b9bc1d is the first bad commit commit 4e645b47c4f000a503b9c90163ad905786b9bc1d Author: Florian Westphal Date: Fri Dec 1 00:21:02 2017 +0100 netfilter: core: make nf_unregister_net_hooks simple wrapper again This reverts commit d3ad2c17b4047 ("netfilter: core: batch nf_unregister_net_hooks synchronize_net calls"). Nothing wrong with it. However, followup patch will delay freeing of hooks with call_rcu, so all synchronize_net() calls become obsolete and there is no need anymore for this batching. This revert causes a temporary performance degradation when destroying network namespace, but its resolved with the upcoming call_rcu conversion. Signed-off-by: Florian Westphal Signed-off-by: Pablo Neira Ayuso net/netfilter/core.c | 59 +++------------------------------------------------- 1 file changed, 3 insertions(+), 56 deletions(-) culprit signature: 9fd297625a63ba771378b23c58713b293c41540fc651852da947e1921d8bc0c3 parent signature: ed30d05f9cc3a4cdf3fb4deb3768d32f3586baf91368d1454145d46680a8108b revisions tested: 27, total time: 6h32m10.37369039s (build: 2h40m23.601665582s, test: 3h49m24.736017462s) first bad commit: 4e645b47c4f000a503b9c90163ad905786b9bc1d netfilter: core: make nf_unregister_net_hooks simple wrapper again cc: ["coreteam@netfilter.org" "davem@davemloft.net" "fw@strlen.de" "kadlec@blackhole.kfki.hu" "linux-kernel@vger.kernel.org" "netdev@vger.kernel.org" "netfilter-devel@vger.kernel.org" "pablo@netfilter.org"] crash: WARNING in geneve_exit_batch_net netlink: 64 bytes leftover after parsing attributes in process `syz-executor.4'. netlink: 64 bytes leftover after parsing attributes in process `syz-executor.1'. netlink: 64 bytes leftover after parsing attributes in process `syz-executor.4'. IPVS: ftp: loaded support on port[0] = 21 WARNING: CPU: 0 PID: 7209 at drivers/net/geneve.c:1661 rcu_read_unlock include/linux/rcupdate.h:683 [inline] WARNING: CPU: 0 PID: 7209 at drivers/net/geneve.c:1661 net_generic include/net/netns/generic.h:47 [inline] WARNING: CPU: 0 PID: 7209 at drivers/net/geneve.c:1661 geneve_destroy_tunnels drivers/net/geneve.c:1643 [inline] WARNING: CPU: 0 PID: 7209 at drivers/net/geneve.c:1661 geneve_exit_batch_net+0x50e/0x6d0 drivers/net/geneve.c:1671 Kernel panic - not syncing: panic_on_warn set ... CPU: 0 PID: 7209 Comm: kworker/u4:5 Not tainted 4.15.0-rc5-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: netns cleanup_net Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x145/0x1e1 lib/dump_stack.c:53 panic+0x1a9/0x34e kernel/panic.c:183 __warn.cold.8+0x120/0x156 kernel/panic.c:547 report_bug+0x1a3/0x230 lib/bug.c:184 fixup_bug arch/x86/kernel/traps.c:178 [inline] do_error_trap+0x1bd/0x460 arch/x86/kernel/traps.c:296 do_invalid_op+0x1b/0x20 arch/x86/kernel/traps.c:315 invalid_op+0x22/0x40 arch/x86/entry/entry_64.S:1061 RIP: 0010:geneve_destroy_tunnels drivers/net/geneve.c:1661 [inline] RIP: 0010:geneve_exit_batch_net+0x50e/0x6d0 drivers/net/geneve.c:1671 RSP: 0018:ffff88009a1bf148 EFLAGS: 00010212 RAX: ffff88008cdaf710 RBX: dffffc0000000000 RCX: ffff88008cdaf660 RDX: 1ffff100119b5ee2 RSI: ffff88009a1bf220 RDI: ffff8800826aa6b8 RBP: ffff88009a1bf288 R08: ffff88009a1bf228 R09: 0000000000000008 R10: 41cfa2db51344198 R11: ffff880087a38580 R12: ffff880082e96040 R13: ffff880082289308 R14: ffffed0013437e3c R15: 1ffff10013437e34 ops_exit_list.isra.8+0xd3/0x120 net/core/net_namespace.c:145 cleanup_net+0x55b/0xa90 net/core/net_namespace.c:484 process_one_work+0x9c3/0x1a40 kernel/workqueue.c:2112 worker_thread+0x212/0x18f0 kernel/workqueue.c:2246 kthread+0x316/0x3d0 kernel/kthread.c:238 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:515 Kernel Offset: disabled Rebooting in 86400 seconds..