bisecting cause commit starting from 8b792f84c6377b27235fef16f5e78a59f890b3e1
building syzkaller on f9b6950728295eb8f52b05a0d9e5dccd99f93eaa
testing commit 8b792f84c6377b27235fef16f5e78a59f890b3e1 with gcc (GCC) 8.1.0
kernel signature: 6d66d852e1b1d2d2c826c35455a539ec269226c5
all runs: crashed: BUG: corrupted list in nft_obj_del
testing release v5.4
testing commit 219d54332a09e8d8741c1e1982f5eae56099de85 with gcc (GCC) 8.1.0
kernel signature: 2ca4487c304a7b20a478c2fcebf087ccbb700e50
all runs: crashed: BUG: corrupted list in nft_obj_del
testing release v5.3
testing commit 4d856f72c10ecb060868ed10ff1b1453943fc6c8 with gcc (GCC) 8.1.0
kernel signature: e16593e26c38044406628e85e7a9a467a8389696
all runs: crashed: BUG: corrupted list in nft_obj_del
testing release v5.2
testing commit 0ecfebd2b52404ae0c54a878c872bb93363ada36 with gcc (GCC) 8.1.0
kernel signature: 8ba842d1c360a98a70329c68f92871bdc8246fe0
all runs: crashed: BUG: corrupted list in nft_obj_del
testing release v5.1
testing commit e93c9c99a629c61837d5a7fc2120cd2b6c70dbdd with gcc (GCC) 8.1.0
kernel signature: c89c5e8f2f3a50de1a0bf2cbfa8b17598a03b130
all runs: crashed: BUG: corrupted list in nft_obj_del
testing release v5.0
testing commit 1c163f4c7b3f621efff9b28a47abb36f7378d783 with gcc (GCC) 8.1.0
kernel signature: 2e3580b7df23dfdfc1eebaaca7bf303137da902c
run #0: crashed: BUG: corrupted list in nf_tables_commit
run #1: crashed: BUG: corrupted list in nf_tables_commit
run #2: crashed: BUG: corrupted list in nf_tables_commit
run #3: crashed: BUG: corrupted list in nf_tables_commit
run #4: crashed: BUG: corrupted list in corrupted
run #5: crashed: BUG: corrupted list in corrupted
run #6: crashed: BUG: corrupted list in nf_tables_commit
run #7: crashed: BUG: corrupted list in nf_tables_commit
run #8: crashed: BUG: corrupted list in nf_tables_commit
run #9: crashed: BUG: corrupted list in nf_tables_commit
testing release v4.20
testing commit 8fe28cb58bcb235034b64cbbb7550a8a43fd88be with gcc (GCC) 8.1.0
kernel signature: c05423bfcbbbb95df220fe361dc7988a83aad65c
run #0: crashed: BUG: corrupted list in nf_tables_commit
run #1: crashed: BUG: corrupted list in nf_tables_commit
run #2: crashed: BUG: corrupted list in nf_tables_commit
run #3: crashed: BUG: corrupted list in nf_tables_commit
run #4: crashed: BUG: corrupted list in nf_tables_commit
run #5: crashed: BUG: corrupted list in corrupted
run #6: crashed: BUG: corrupted list in nf_tables_commit
run #7: crashed: BUG: corrupted list in nf_tables_commit
run #8: crashed: BUG: corrupted list in corrupted
run #9: crashed: BUG: corrupted list in corrupted
testing release v4.19
testing commit 84df9525b0c27f3ebc2ebb1864fa62a97fdedb7d with gcc (GCC) 8.1.0
kernel signature: 0273c3440222a3388438b6928b154fe1b9463551
run #0: crashed: BUG: corrupted list in nf_tables_commit
run #1: crashed: BUG: corrupted list in corrupted
run #2: crashed: BUG: corrupted list in nf_tables_commit
run #3: crashed: BUG: corrupted list in corrupted
run #4: crashed: BUG: corrupted list in nf_tables_commit
run #5: crashed: BUG: corrupted list in corrupted
run #6: crashed: BUG: corrupted list in nf_tables_commit
run #7: crashed: BUG: corrupted list in nf_tables_commit
run #8: crashed: BUG: corrupted list in nf_tables_commit
run #9: crashed: BUG: corrupted list in nf_tables_commit
testing release v4.18
testing commit 94710cac0ef4ee177a63b5227664b38c95bbf703 with gcc (GCC) 8.1.0
kernel signature: 62ba9be9ab7e47d6f2a432ed2e8b6082f759ea62
all runs: crashed: BUG: corrupted list in nf_tables_commit
testing release v4.17
testing commit 29dcea88779c856c7dc92040a0c01233263101d4 with gcc (GCC) 8.1.0
kernel signature: 4b44a8cbf770b88ce3d4da51818ae1a7c43f7bed
all runs: crashed: BUG: corrupted list in nf_tables_commit
testing release v4.16
testing commit 0adb32858b0bddf4ada5f364a84ed60b196dbcda with gcc (GCC) 8.1.0
kernel signature: f00d9dbc95e1b7a39de369049fa0d0649de39531
all runs: crashed: BUG: corrupted list in nf_tables_commit
testing release v4.15
testing commit d8a5b80568a9cb66810e75b182018e9edb68e8ff with gcc (GCC) 8.1.0
kernel signature: 3f37cd85aee5a6f5457d4f208747da1aa3a58fe4
all runs: OK
# git bisect start 0adb32858b0bddf4ada5f364a84ed60b196dbcda d8a5b80568a9cb66810e75b182018e9edb68e8ff
Bisecting: 7566 revisions left to test after this (roughly 13 steps)
[c14376de3a1befa70d9811ca2872d47367b48767] printk: Wake klogd when passing console_lock owner
testing commit c14376de3a1befa70d9811ca2872d47367b48767 with gcc (GCC) 8.1.0
kernel signature: 5521e76676d944f319c6e1b58407ea2426484e36
all runs: crashed: BUG: corrupted list in nf_tables_commit
# git bisect bad c14376de3a1befa70d9811ca2872d47367b48767
Bisecting: 3620 revisions left to test after this (roughly 12 steps)
[a103950e0dd2058df5e8a8d4a915707bdcf205f0] Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6
testing commit a103950e0dd2058df5e8a8d4a915707bdcf205f0 with gcc (GCC) 8.1.0
kernel signature: 326d832f17fff0f2a56b55c9a5c9c1b2426f8df9
all runs: OK
# git bisect good a103950e0dd2058df5e8a8d4a915707bdcf205f0
Bisecting: 1810 revisions left to test after this (roughly 11 steps)
[0542e13b5f5663ffdc18e0e028413b2cd09f426f] Merge branch '10GbE' of git://git.kernel.org/pub/scm/linux/kernel/git/jkirsher/next-queue
testing commit 0542e13b5f5663ffdc18e0e028413b2cd09f426f with gcc (GCC) 8.1.0
kernel signature: 8aa94562865a4bc15aa2e757c97eb49d471c271d
all runs: crashed: BUG: corrupted list in nf_tables_commit
# git bisect bad 0542e13b5f5663ffdc18e0e028413b2cd09f426f
Bisecting: 914 revisions left to test after this (roughly 10 steps)
[8a4816cad00bf14642f0ed6043b32d29a05006ce] tg3: Add Macronix NVRAM support
testing commit 8a4816cad00bf14642f0ed6043b32d29a05006ce with gcc (GCC) 8.1.0
kernel signature: bfbf464939829767da0d4c78e81cb28f14215a88
all runs: OK
# git bisect good 8a4816cad00bf14642f0ed6043b32d29a05006ce
Bisecting: 498 revisions left to test after this (roughly 9 steps)
[e8a9d9683c8a62f917c19e57f1618363fb9ed04e] Merge branch 'bpf-libbpf-cleanups'
testing commit e8a9d9683c8a62f917c19e57f1618363fb9ed04e with gcc (GCC) 8.1.0
kernel signature: 40e53d91db47f6bc161edc3b209bd478d56ce80e
all runs: OK
# git bisect good e8a9d9683c8a62f917c19e57f1618363fb9ed04e
Bisecting: 249 revisions left to test after this (roughly 8 steps)
[61f3c964dfd287b05d7ac6660a4f4ddfef84786c] bpf: allow socket_filter programs to use bpf_prog_test_run
testing commit 61f3c964dfd287b05d7ac6660a4f4ddfef84786c with gcc (GCC) 8.1.0
kernel signature: 339bd593b4cb037b634a2db58c55723ec991b763
all runs: OK
# git bisect good 61f3c964dfd287b05d7ac6660a4f4ddfef84786c
Bisecting: 113 revisions left to test after this (roughly 7 steps)
[cbcbeedbfd76e45c3f522043bb7c6fb287779a9c] Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next
testing commit cbcbeedbfd76e45c3f522043bb7c6fb287779a9c with gcc (GCC) 8.1.0
kernel signature: a2f61189900e341772af643ef98bddcdda4f6db8
all runs: crashed: BUG: corrupted list in nf_tables_commit
# git bisect bad cbcbeedbfd76e45c3f522043bb7c6fb287779a9c
Bisecting: 67 revisions left to test after this (roughly 6 steps)
[571acf2106963d6c1c0ce1ed13e711bd296b2d25] net: sched: cls: add extack support for delete callback
testing commit 571acf2106963d6c1c0ce1ed13e711bd296b2d25 with gcc (GCC) 8.1.0
kernel signature: 8f3dc466c84eb93fc0004741c969f1bbefc56658
all runs: OK
# git bisect good 571acf2106963d6c1c0ce1ed13e711bd296b2d25
Bisecting: 32 revisions left to test after this (roughly 5 steps)
[ea9722e2650db8f0a0d9ef2e391c95285ef991cd] Merge git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next
testing commit ea9722e2650db8f0a0d9ef2e391c95285ef991cd with gcc (GCC) 8.1.0
kernel signature: 2752ff41b40589179e757a78c27c773126df01fa
all runs: OK
# git bisect good ea9722e2650db8f0a0d9ef2e391c95285ef991cd
Bisecting: 16 revisions left to test after this (roughly 4 steps)
[902d6a4c2a4f411582689e53fb101895ffe99028] netfilter: nf_defrag: Skip defrag if NOTRACK is set
testing commit 902d6a4c2a4f411582689e53fb101895ffe99028 with gcc (GCC) 8.1.0
kernel signature: 1cd6c4256a6f25fd3b7ffbf3e9594dfd7aa850ab
all runs: crashed: general protection fault in get_info
# git bisect bad 902d6a4c2a4f411582689e53fb101895ffe99028
Bisecting: 7 revisions left to test after this (roughly 3 steps)
[20651cefd25ffa77a15cab5853b175a6dc975ec2] netfilter: x_tables: unbreak module auto loading
testing commit 20651cefd25ffa77a15cab5853b175a6dc975ec2 with gcc (GCC) 8.1.0
kernel signature: 081bbeb4833a0128eccf267b1c68cd0c4118277c
all runs: crashed: general protection fault in get_info
# git bisect bad 20651cefd25ffa77a15cab5853b175a6dc975ec2
Bisecting: 3 revisions left to test after this (roughly 2 steps)
[1ea26cca52e46c0f29ee9fdd567312ba93a7d651] netfilter: nf_tables: remove struct nft_af_info parameter in nf_tables_chain_type_lookup()
testing commit 1ea26cca52e46c0f29ee9fdd567312ba93a7d651 with gcc (GCC) 8.1.0
kernel signature: 88d0fe4634802d642e70bec3e20a744f62277328
all runs: OK
# git bisect good 1ea26cca52e46c0f29ee9fdd567312ba93a7d651
Bisecting: 1 revision left to test after this (roughly 1 step)
[dd4cbef7235154f163501ffbf396c0dadd830c9c] netfilter: nf_tables: get rid of pernet families
testing commit dd4cbef7235154f163501ffbf396c0dadd830c9c with gcc (GCC) 8.1.0
kernel signature: 16a3320c2c9e4205404e7759852fb056223247a3
all runs: OK
# git bisect good dd4cbef7235154f163501ffbf396c0dadd830c9c
Bisecting: 0 revisions left to test after this (roughly 0 steps)
[98319cb9089844d76e65a6cce5bfbd165e698735] netfilter: nf_tables: get rid of struct nft_af_info abstraction
testing commit 98319cb9089844d76e65a6cce5bfbd165e698735 with gcc (GCC) 8.1.0
kernel signature: 57fc2c2b554fd9ea7b0698462fc1c5275d506685
all runs: OK
# git bisect good 98319cb9089844d76e65a6cce5bfbd165e698735
20651cefd25ffa77a15cab5853b175a6dc975ec2 is the first bad commit
commit 20651cefd25ffa77a15cab5853b175a6dc975ec2
Author: Florian Westphal <fw@strlen.de>
Date:   Tue Jan 9 14:30:48 2018 +0100

    netfilter: x_tables: unbreak module auto loading
    
    a typo causes module auto load support to never be compiled in.
    
    Fixes: 03d13b6868a2 ("netfilter: xtables: add and use xt_request_find_table_lock")
    Reported-by: Pablo Neira Ayuso <pablo@netfilter.org>
    Signed-off-by: Florian Westphal <fw@strlen.de>
    Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

 net/netfilter/x_tables.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
culprit signature: 081bbeb4833a0128eccf267b1c68cd0c4118277c
parent  signature: 57fc2c2b554fd9ea7b0698462fc1c5275d506685
revisions tested: 26, total time: 5h15m3.483417615s (build: 2h34m15.4498768s, test: 2h37m14.197144064s)
first bad commit: 20651cefd25ffa77a15cab5853b175a6dc975ec2 netfilter: x_tables: unbreak module auto loading
cc: ["coreteam@netfilter.org" "davem@davemloft.net" "fw@strlen.de" "kadlec@blackhole.kfki.hu" "linux-kernel@vger.kernel.org" "netdev@vger.kernel.org" "netfilter-devel@vger.kernel.org" "pablo@netfilter.org"]
crash: general protection fault in get_info
IPv6: ADDRCONF(NETDEV_UP): macvlan0: link is not ready
IPv6: ADDRCONF(NETDEV_UP): macvlan1: link is not ready
IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
kasan: CONFIG_KASAN_INLINE enabled
kasan: GPF could be caused by NULL-ptr deref or user memory access
general protection fault: 0000 [#1] PREEMPT SMP KASAN
Modules linked in:
CPU: 0 PID: 6998 Comm: syz-executor.5 Not tainted 4.15.0-rc7-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:get_info+0x14f/0x5a0 net/ipv6/netfilter/ip6_tables.c:997
RSP: 0018:ffff88008ee779d8 EFLAGS: 00010202
RAX: dffffc0000000000 RBX: ffff88008ee77b38 RCX: 0000000000000000
RDX: 0000000000000023 RSI: ffff880098bd0c70 RDI: 0000000000000118
RBP: ffff88008ee77b60 R08: ffff880098bd0c90 R09: 0000000000000006
R10: ffff88008ee77938 R11: ffff880098bd03c0 R12: ffff880095128080
R13: 0000000000000100 R14: ffff88008ee77d68 R15: ffff88008ee77a18
FS:  0000000001a8c940(0000) GS:ffff8800aea00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ffd43903c90 CR3: 000000009b0d4000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 do_ipt_get_ctl+0x137/0x9d0 net/ipv4/netfilter/ip_tables.c:1704
 nf_sockopt net/netfilter/nf_sockopt.c:104 [inline]
 nf_getsockopt+0x5f/0xc0 net/netfilter/nf_sockopt.c:122
 ip_getsockopt+0x11b/0x1b0 net/ipv4/ip_sockglue.c:1573
 tcp_getsockopt+0x6a/0xd0 net/ipv4/tcp.c:3326
 sock_common_getsockopt+0x73/0xf0 net/core/sock.c:2937
 SYSC_getsockopt net/socket.c:1852 [inline]
 SyS_getsockopt+0x15b/0x300 net/socket.c:1834
 entry_SYSCALL_64_fastpath+0x23/0x9a
RIP: 0033:0x45db0a
RSP: 002b:00007fffbaf51538 EFLAGS: 00000246 ORIG_RAX: 0000000000000037
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045db0a
RDX: 0000000000000040 RSI: 0000000000000000 RDI: 0000000000000003
RBP: 0000000000000000 R08: 00007fffbaf5155c R09: 0000000000000000
R10: 000000000071b388 R11: 0000000000000246 R12: 00000000004c8784
R13: 000000000071ce80 R14: 000000000071b388 R15: 000000000071b380
Code: 89 e7 e8 55 a3 b8 ff 48 3d 00 f0 ff ff 49 89 c5 0f 87 d7 02 00 00 49 8d 7d 18 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 bd 03 00 00 49 8b 45 18 48 89 85 90 fe ff ff 
RIP: get_info+0x14f/0x5a0 net/ipv6/netfilter/ip6_tables.c:997 RSP: ffff88008ee779d8
---[ end trace 05ae4f258c93e047 ]---