bisecting cause commit starting from 0c33795231bff5df410bd405b569c66851e92d4b building syzkaller on aba2b2fb3544d9e42991237c13d8cada421deda5 testing commit 0c33795231bff5df410bd405b569c66851e92d4b with gcc (GCC) 10.2.1 20210217 kernel signature: dbe47bbe6196fe0f25c816f8e70b5de4cdba06e22c573d45c9c9ebcc8fc15a75 all runs: crashed: general protection fault in smc_tx_sendmsg testing release v5.12 testing commit 9f4ad9e425a1d3b6a34617b8ea226d56a119a717 with gcc (GCC) 10.2.1 20210217 kernel signature: ede0a6be35d02bcdc3983e7c04226f9d08a8bc9a29385bbaf2255819d572192e all runs: OK # git bisect start 0c33795231bff5df410bd405b569c66851e92d4b 9f4ad9e425a1d3b6a34617b8ea226d56a119a717 Bisecting: 9062 revisions left to test after this (roughly 13 steps) [bc6a385132601c29a6da1dbf8148c0d3c9ad36dc] block: fix a race between del_gendisk and BLKRRPART testing commit bc6a385132601c29a6da1dbf8148c0d3c9ad36dc with gcc (GCC) 10.2.1 20210217 kernel signature: c1979b559b07ae6cf45303d9a3ac9e7d4d0520f89bc68eb6ce841e91dbf8d230 all runs: OK # git bisect good bc6a385132601c29a6da1dbf8148c0d3c9ad36dc Bisecting: 4561 revisions left to test after this (roughly 12 steps) [f34b2cf17825d69ae1e227871059ab18c2f57817] Merge tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma testing commit f34b2cf17825d69ae1e227871059ab18c2f57817 with gcc (GCC) 10.2.1 20210217 kernel signature: 1faa92bb92b32d46c9029795f4a2f044372fdcc0ba1079d493e0529c2bf514a2 run #0: basic kernel testing failed: WARNING in __nf_unregister_net_hook run #1: basic kernel testing failed: WARNING in __nf_unregister_net_hook run #2: basic kernel testing failed: WARNING in __nf_unregister_net_hook run #3: basic kernel testing failed: WARNING in __nf_unregister_net_hook run #4: basic kernel testing failed: WARNING in __nf_unregister_net_hook run #5: basic kernel testing failed: WARNING in __nf_unregister_net_hook run #6: basic kernel testing failed: WARNING in __nf_unregister_net_hook run #7: crashed: WARNING in __nf_unregister_net_hook run #8: crashed: WARNING in __nf_unregister_net_hook run #9: crashed: WARNING in __nf_unregister_net_hook # git bisect bad f34b2cf17825d69ae1e227871059ab18c2f57817 Bisecting: 2250 revisions left to test after this (roughly 11 steps) [b8c55ce266dee09b0e359ff9af885eb94e11480a] net: wwan: Fix bit ops double shift testing commit b8c55ce266dee09b0e359ff9af885eb94e11480a with gcc (GCC) 10.2.1 20210217 kernel signature: ae41412886be158a386ae940c8a68b64ac822e9f42bc3e33338ed868b79afef5 run #0: basic kernel testing failed: failed to copy test binary to VM: failed to run ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "/syzkaller/jobs/linux/gopath/src/github.com/google/syzkaller/bin/linux_amd64/syz-fuzzer" "root@10.128.10.15:./syz-fuzzer"]: exit status 1 ssh: connect to host 10.128.10.15 port 22: Connection timed out lost connection run #1: basic kernel testing failed: failed to copy test binary to VM: failed to run ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "/syzkaller/jobs/linux/gopath/src/github.com/google/syzkaller/bin/linux_amd64/syz-fuzzer" "root@10.128.10.19:./syz-fuzzer"]: exit status 1 ssh: connect to host 10.128.10.19 port 22: Connection timed out lost connection run #2: basic kernel testing failed: failed to copy test binary to VM: timedout ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "/syzkaller/jobs/linux/gopath/src/github.com/google/syzkaller/bin/linux_amd64/syz-fuzzer" "root@10.128.10.1:./syz-fuzzer"] Warning: Permanently added '10.128.10.1' (ECDSA) to the list of known hosts. run #3: basic kernel testing failed: failed to copy test binary to VM: timedout ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "/syzkaller/jobs/linux/gopath/src/github.com/google/syzkaller/bin/linux_amd64/syz-fuzzer" "root@10.128.10.18:./syz-fuzzer"] run #4: boot failed: KASAN: slab-out-of-bounds Read in page_to_skb run #5: boot failed: KASAN: use-after-free Read in page_to_skb run #6: boot failed: KASAN: slab-out-of-bounds Read in page_to_skb run #7: boot failed: KASAN: use-after-free Read in page_to_skb run #8: boot failed: KASAN: use-after-free Read in page_to_skb run #9: boot failed: KASAN: use-after-free Read in page_to_skb # git bisect skip b8c55ce266dee09b0e359ff9af885eb94e11480a Bisecting: 2250 revisions left to test after this (roughly 11 steps) [a91d98a0a2b8e4c433b7341708f7d706e0cf1c8e] net/mlx5: Map register values to restore objects testing commit a91d98a0a2b8e4c433b7341708f7d706e0cf1c8e with gcc (GCC) 10.2.1 20210217 kernel signature: 36fd105d90827457b8556ab8e5dc1e9cd0a8373f508814eb4fb8ee221d6bddef all runs: OK # git bisect good a91d98a0a2b8e4c433b7341708f7d706e0cf1c8e Bisecting: 1559 revisions left to test after this (roughly 11 steps) [4d75136be8bf3ae01b0bc3e725b2cdc921e103bd] mm/memory-failure: unnecessary amount of unmapping testing commit 4d75136be8bf3ae01b0bc3e725b2cdc921e103bd with gcc (GCC) 10.2.1 20210217 kernel signature: 96bf405e3aed85c1b7ec8ec9fc0f3c96c59708bc17067c339324178fcad21210 run #0: basic kernel testing failed: WARNING in __nf_unregister_net_hook run #1: basic kernel testing failed: WARNING in __nf_unregister_net_hook run #2: crashed: WARNING in __nf_unregister_net_hook run #3: basic kernel testing failed: WARNING in __nf_unregister_net_hook run #4: basic kernel testing failed: WARNING in __nf_unregister_net_hook run #5: basic kernel testing failed: WARNING in __nf_unregister_net_hook run #6: basic kernel testing failed: WARNING in __nf_unregister_net_hook run #7: basic kernel testing failed: WARNING in __nf_unregister_net_hook run #8: crashed: WARNING in __nf_unregister_net_hook run #9: crashed: WARNING in __nf_unregister_net_hook # git bisect bad 4d75136be8bf3ae01b0bc3e725b2cdc921e103bd Bisecting: 747 revisions left to test after this (roughly 10 steps) [41d26bf4aba070dfd2ab48866cc27a48ee6228c7] net: phy: marvell: refactor HWMON OOP style testing commit 41d26bf4aba070dfd2ab48866cc27a48ee6228c7 with gcc (GCC) 10.2.1 20210217 kernel signature: 0a5f8ded1582cbcf3d0fc4a632c4f07b76731887867ac1c40b62e603ec1782c1 run #0: basic kernel testing failed: failed to copy test binary to VM: timedout ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "/syzkaller/jobs/linux/gopath/src/github.com/google/syzkaller/bin/linux_amd64/syz-fuzzer" "root@10.128.1.124:./syz-fuzzer"] Warning: Permanently added '10.128.1.124' (ECDSA) to the list of known hosts. run #1: basic kernel testing failed: failed to copy test binary to VM: timedout ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "/syzkaller/jobs/linux/gopath/src/github.com/google/syzkaller/bin/linux_amd64/syz-fuzzer" "root@10.128.1.12:./syz-fuzzer"] Warning: Permanently added '10.128.1.12' (ECDSA) to the list of known hosts. run #2: boot failed: KASAN: use-after-free Read in page_to_skb run #3: boot failed: KASAN: slab-out-of-bounds Read in page_to_skb run #4: boot failed: KASAN: use-after-free Read in page_to_skb run #5: boot failed: KASAN: slab-out-of-bounds Read in page_to_skb run #6: boot failed: KASAN: slab-out-of-bounds Read in page_to_skb run #7: boot failed: KASAN: slab-out-of-bounds in page_to_skb run #8: boot failed: KASAN: slab-out-of-bounds Read in page_to_skb run #9: boot failed: KASAN: slab-out-of-bounds Read in page_to_skb # git bisect skip 41d26bf4aba070dfd2ab48866cc27a48ee6228c7 Bisecting: 747 revisions left to test after this (roughly 10 steps) [18369a4f9d73bf0ccd43d8df691d394281ee3ed4] mt76: introduce single-sku support for mt7663/mt7921 testing commit 18369a4f9d73bf0ccd43d8df691d394281ee3ed4 with gcc (GCC) 10.2.1 20210217 kernel signature: 89b041883083e5b32909b4a3981f68ecaa0b258471082465100cc36986e75523 all runs: OK # git bisect good 18369a4f9d73bf0ccd43d8df691d394281ee3ed4 Bisecting: 329 revisions left to test after this (roughly 8 steps) [2ad5692db72874f02b9ad551d26345437ea4f7f3] net: hso: fix NULL-deref on disconnect regression testing commit 2ad5692db72874f02b9ad551d26345437ea4f7f3 with gcc (GCC) 10.2.1 20210217 kernel signature: 5d5888123dbe2b96b966140748d0b367da56efd3db478abffbe3bba7843c759c run #0: basic kernel testing failed: WARNING in __nf_unregister_net_hook run #1: basic kernel testing failed: WARNING in __nf_unregister_net_hook run #2: basic kernel testing failed: WARNING in __nf_unregister_net_hook run #3: basic kernel testing failed: WARNING in __nf_unregister_net_hook run #4: basic kernel testing failed: WARNING in __nf_unregister_net_hook run #5: basic kernel testing failed: WARNING in __nf_unregister_net_hook run #6: basic kernel testing failed: WARNING in __nf_unregister_net_hook run #7: crashed: WARNING in __nf_unregister_net_hook run #8: crashed: WARNING in __nf_unregister_net_hook run #9: crashed: WARNING in __nf_unregister_net_hook # git bisect bad 2ad5692db72874f02b9ad551d26345437ea4f7f3 Bisecting: 164 revisions left to test after this (roughly 7 steps) [1d7979352f9f0d32743528fb72425f4ff29efcb9] net/mlx5: SF, Rely on hw table for SF devlink port allocation testing commit 1d7979352f9f0d32743528fb72425f4ff29efcb9 with gcc (GCC) 10.2.1 20210217 kernel signature: d8a76289dc3fae75209ced26bdf54c935b6e804cf448fec767168e18ee1adfcb all runs: OK # git bisect good 1d7979352f9f0d32743528fb72425f4ff29efcb9 Bisecting: 82 revisions left to test after this (roughly 6 steps) [95aafe911db602d19b00d2a88c3d54a84119f5dc] net: ethernet: ixp4xx: Support device tree probing testing commit 95aafe911db602d19b00d2a88c3d54a84119f5dc with gcc (GCC) 10.2.1 20210217 kernel signature: 24d46973fd870f3c24a035df7241bc65c565c432584ae5036c83c6dc69b67a07 all runs: OK # git bisect good 95aafe911db602d19b00d2a88c3d54a84119f5dc Bisecting: 50 revisions left to test after this (roughly 5 steps) [bbd6f0a948139970f4a615dff189d9a503681a39] bnxt_en: Fix RX consumer index logic in the error path. testing commit bbd6f0a948139970f4a615dff189d9a503681a39 with gcc (GCC) 10.2.1 20210217 kernel signature: 88e166fb26486436e65b2007609954034ba7a4459a3eaf58e657e5358f14c9fc all runs: OK # git bisect good bbd6f0a948139970f4a615dff189d9a503681a39 Bisecting: 28 revisions left to test after this (roughly 5 steps) [47a6959fa331fe892a4fc3b48ca08e92045c6bda] netfilter: allow to turn off xtables compat layer testing commit 47a6959fa331fe892a4fc3b48ca08e92045c6bda with gcc (GCC) 10.2.1 20210217 kernel signature: 127c7f2094fa372304f0ee3f075ccf9c8f7ddfea775d94344954a61b0de7818c run #0: basic kernel testing failed: WARNING in __nf_unregister_net_hook run #1: basic kernel testing failed: WARNING in __nf_unregister_net_hook run #2: basic kernel testing failed: WARNING in __nf_unregister_net_hook run #3: basic kernel testing failed: WARNING in __nf_unregister_net_hook run #4: basic kernel testing failed: WARNING in __nf_unregister_net_hook run #5: basic kernel testing failed: WARNING in __nf_unregister_net_hook run #6: basic kernel testing failed: WARNING in __nf_unregister_net_hook run #7: crashed: WARNING in __nf_unregister_net_hook run #8: crashed: WARNING in __nf_unregister_net_hook run #9: basic kernel testing failed: WARNING in __nf_unregister_net_hook # git bisect bad 47a6959fa331fe892a4fc3b48ca08e92045c6bda Bisecting: 10 revisions left to test after this (roughly 4 steps) [a4aeafa28cf706f65f763026c26d83e7e8c96592] netfilter: xt_nat: pass table to hookfn testing commit a4aeafa28cf706f65f763026c26d83e7e8c96592 with gcc (GCC) 10.2.1 20210217 kernel signature: 36dafc80cf05eb32cd2ac15ebe46a37fd3cc898a0637d1aa96fb3b550b255db7 all runs: OK # git bisect good a4aeafa28cf706f65f763026c26d83e7e8c96592 Bisecting: 5 revisions left to test after this (roughly 3 steps) [593268ddf3887362ba8b8998cb85433596a3e8f5] netfilter: nf_log_syslog: Unset bridge logger in pernet exit testing commit 593268ddf3887362ba8b8998cb85433596a3e8f5 with gcc (GCC) 10.2.1 20210217 kernel signature: bfb02668a57e5d6a8ee34bd0e2fbd4c509ea59347b35de9c74b52acafc991b06 run #0: basic kernel testing failed: WARNING in __nf_unregister_net_hook run #1: basic kernel testing failed: WARNING in __nf_unregister_net_hook run #2: basic kernel testing failed: WARNING in __nf_unregister_net_hook run #3: basic kernel testing failed: WARNING in __nf_unregister_net_hook run #4: basic kernel testing failed: WARNING in __nf_unregister_net_hook run #5: basic kernel testing failed: WARNING in __nf_unregister_net_hook run #6: basic kernel testing failed: WARNING in __nf_unregister_net_hook run #7: crashed: WARNING in __nf_unregister_net_hook run #8: basic kernel testing failed: WARNING in __nf_unregister_net_hook run #9: crashed: WARNING in __nf_unregister_net_hook # git bisect bad 593268ddf3887362ba8b8998cb85433596a3e8f5 Bisecting: 1 revision left to test after this (roughly 1 step) [ee177a54413a33fe474d55fabb5f8ff390bb27d7] netfilter: ip6_tables: pass table pointer via nf_hook_ops testing commit ee177a54413a33fe474d55fabb5f8ff390bb27d7 with gcc (GCC) 10.2.1 20210217 kernel signature: ef0b630b536d2b77f0b99872361bf9f152c88ba50ffd3bf59ed47a3499303fe1 run #0: basic kernel testing failed: WARNING in __nf_unregister_net_hook run #1: basic kernel testing failed: WARNING in __nf_unregister_net_hook run #2: basic kernel testing failed: WARNING in __nf_unregister_net_hook run #3: basic kernel testing failed: WARNING in __nf_unregister_net_hook run #4: basic kernel testing failed: WARNING in __nf_unregister_net_hook run #5: basic kernel testing failed: WARNING in __nf_unregister_net_hook run #6: basic kernel testing failed: WARNING in __nf_unregister_net_hook run #7: basic kernel testing failed: WARNING in __nf_unregister_net_hook run #8: crashed: WARNING in __nf_unregister_net_hook run #9: basic kernel testing failed: failed to copy test binary to VM: failed to run ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "/tmp/syz-executor027811316" "root@10.128.1.99:./syz-executor027811316"]: exit status 1 ssh: connect to host 10.128.1.99 port 22: Connection timed out lost connection # git bisect bad ee177a54413a33fe474d55fabb5f8ff390bb27d7 Bisecting: 1 revision left to test after this (roughly 1 step) [ae689334225ff0e4ef112459ecd24aea932c2b00] netfilter: ip_tables: pass table pointer via nf_hook_ops testing commit ae689334225ff0e4ef112459ecd24aea932c2b00 with gcc (GCC) 10.2.1 20210217 kernel signature: 45fb961bbfdcc489f01204ef8a4aa0007c4ca8e327063b5f9acd7c361c76a206 all runs: OK # git bisect good ae689334225ff0e4ef112459ecd24aea932c2b00 Bisecting: 0 revisions left to test after this (roughly 0 steps) [f9006acc8dfe59e25aa75729728ac57a8d84fc32] netfilter: arp_tables: pass table pointer via nf_hook_ops testing commit f9006acc8dfe59e25aa75729728ac57a8d84fc32 with gcc (GCC) 10.2.1 20210217 kernel signature: ca773587faf6b7e9473e944148474b55ed490f053a8f553b8ec678df297af555 run #0: basic kernel testing failed: WARNING in __nf_unregister_net_hook run #1: basic kernel testing failed: WARNING in __nf_unregister_net_hook run #2: basic kernel testing failed: WARNING in __nf_unregister_net_hook run #3: crashed: WARNING in __nf_unregister_net_hook run #4: basic kernel testing failed: WARNING in __nf_unregister_net_hook run #5: crashed: WARNING in __nf_unregister_net_hook run #6: crashed: WARNING in __nf_unregister_net_hook run #7: crashed: WARNING in __nf_unregister_net_hook run #8: crashed: WARNING in __nf_unregister_net_hook run #9: crashed: WARNING in __nf_unregister_net_hook # git bisect bad f9006acc8dfe59e25aa75729728ac57a8d84fc32 f9006acc8dfe59e25aa75729728ac57a8d84fc32 is the first bad commit commit f9006acc8dfe59e25aa75729728ac57a8d84fc32 Author: Florian Westphal Date: Wed Apr 21 09:51:08 2021 +0200 netfilter: arp_tables: pass table pointer via nf_hook_ops Same change as previous patch. Only difference: no need to handle NULL template_ops parameter, the only caller (arptable_filter) always passes non-NULL argument. This removes all remaining accesses to net->ipv4.arptable_filter. Signed-off-by: Florian Westphal Signed-off-by: Pablo Neira Ayuso include/linux/netfilter_arp/arp_tables.h | 2 +- net/ipv4/netfilter/arp_tables.c | 43 +++++++++++++++++++++----------- net/ipv4/netfilter/arptable_filter.c | 6 ++--- 3 files changed, 32 insertions(+), 19 deletions(-) culprit signature: ca773587faf6b7e9473e944148474b55ed490f053a8f553b8ec678df297af555 parent signature: 45fb961bbfdcc489f01204ef8a4aa0007c4ca8e327063b5f9acd7c361c76a206 revisions tested: 19, total time: 4h21m56.893892189s (build: 2h11m42.405730614s, test: 2h8m13.461788047s) first bad commit: f9006acc8dfe59e25aa75729728ac57a8d84fc32 netfilter: arp_tables: pass table pointer via nf_hook_ops recipients (to): ["coreteam@netfilter.org" "davem@davemloft.net" "dsahern@kernel.org" "fw@strlen.de" "fw@strlen.de" "kadlec@netfilter.org" "kuba@kernel.org" "netdev@vger.kernel.org" "netfilter-devel@vger.kernel.org" "pablo@netfilter.org" "pablo@netfilter.org" "yoshfuji@linux-ipv6.org"] recipients (cc): ["linux-kernel@vger.kernel.org"] crash: WARNING in __nf_unregister_net_hook ------------[ cut here ]------------ hook not found, pf 3 num 0 WARNING: CPU: 1 PID: 177 at net/netfilter/core.c:480 __nf_unregister_net_hook+0x17a/0x560 net/netfilter/core.c:480 Modules linked in: CPU: 1 PID: 177 Comm: kworker/u4:4 Not tainted 5.12.0-rc7-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: netns cleanup_net RIP: 0010:__nf_unregister_net_hook+0x17a/0x560 net/netfilter/core.c:480 Code: 89 f0 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 a7 03 00 00 8b 53 1c 44 89 e6 48 c7 c7 20 bc 9e 89 4c 89 04 24 e8 6e 3a 62 01 <0f> 0b 4c 8b 04 24 e9 ba 00 00 00 48 89 ea 48 c1 e2 04 49 8d 7c 10 RSP: 0018:ffffc90000fafbf0 EFLAGS: 00010282 RAX: 0000000000000000 RBX: ffff88802242c400 RCX: 0000000000000000 RDX: 0000000000000001 RSI: 0000000000000004 RDI: fffff520001f5f70 RBP: 0000000000000001 R08: 0000000000000001 R09: ffff8880ba11fa1b R10: ffffed1017423f43 R11: 0000000000000001 R12: 0000000000000003 R13: ffff888016278000 R14: ffff88802242c41c R15: ffff888016278f60 FS: 0000000000000000(0000) GS:ffff8880ba100000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fb7eacf3000 CR3: 000000000febd000 CR4: 00000000001506e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: nf_unregister_net_hook net/netfilter/core.c:502 [inline] nf_unregister_net_hooks+0xb1/0xf0 net/netfilter/core.c:576 ops_pre_exit_list net/core/net_namespace.c:165 [inline] cleanup_net+0x3a4/0x990 net/core/net_namespace.c:583 process_one_work+0x84c/0x13b0 kernel/workqueue.c:2275 worker_thread+0x598/0xf80 kernel/workqueue.c:2421 kthread+0x36f/0x450 kernel/kthread.c:292 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294