bisecting cause commit starting from e69ec487b2c7c82ef99b4b15122f58a2a99289a3 building syzkaller on 4de4e9f01d7139b72102ae0b8a1e810730467774 testing commit e69ec487b2c7c82ef99b4b15122f58a2a99289a3 with gcc (GCC) 8.1.0 kernel signature: 7595b52465449dfcf0d1167c2103e2dc73274806 all runs: crashed: general protection fault in xt_rateest_put testing release v5.4 testing commit 219d54332a09e8d8741c1e1982f5eae56099de85 with gcc (GCC) 8.1.0 kernel signature: 03f1106c0d4c5089002856afcdfbdfeb879085e4 all runs: crashed: general protection fault in xt_rateest_tg_checkentry testing release v5.3 testing commit 4d856f72c10ecb060868ed10ff1b1453943fc6c8 with gcc (GCC) 8.1.0 kernel signature: 17c12d70886bdcc3c4ec292e28dcb384c7409487 all runs: crashed: general protection fault in xt_rateest_tg_checkentry testing release v5.2 testing commit 0ecfebd2b52404ae0c54a878c872bb93363ada36 with gcc (GCC) 8.1.0 kernel signature: 83e880b0a8297568cd41270dc4ebf9ce920649ea all runs: crashed: general protection fault in xt_rateest_tg_checkentry testing release v5.1 testing commit e93c9c99a629c61837d5a7fc2120cd2b6c70dbdd with gcc (GCC) 8.1.0 kernel signature: 079553f7a359e9eba4be7bf544ba2cf19ae24b2e all runs: crashed: general protection fault in xt_rateest_tg_checkentry testing release v5.0 testing commit 1c163f4c7b3f621efff9b28a47abb36f7378d783 with gcc (GCC) 8.1.0 kernel signature: cece2703f51ad8cb4d298418a02a8968b183b0f3 all runs: crashed: general protection fault in xt_rateest_tg_checkentry testing release v4.20 testing commit 8fe28cb58bcb235034b64cbbb7550a8a43fd88be with gcc (GCC) 8.1.0 kernel signature: 071ecdbb043fb054399ace6a9df03e58992ed607 all runs: crashed: general protection fault in xt_rateest_tg_checkentry testing release v4.19 testing commit 84df9525b0c27f3ebc2ebb1864fa62a97fdedb7d with gcc (GCC) 8.1.0 kernel signature: 38d3f2e0f105c8b0596550aba68b2feaa07c7d74 all runs: crashed: general protection fault in xt_rateest_tg_checkentry testing release v4.18 testing commit 94710cac0ef4ee177a63b5227664b38c95bbf703 with gcc (GCC) 8.1.0 kernel signature: 3edd299fcd441fa4329781428478d5655c37db78 all runs: crashed: general protection fault in xt_rateest_tg_checkentry testing release v4.17 testing commit 29dcea88779c856c7dc92040a0c01233263101d4 with gcc (GCC) 8.1.0 kernel signature: 828d25a393dbf03406d7163781f305373cd20eed all runs: crashed: general protection fault in xt_rateest_tg_checkentry testing release v4.16 testing commit 0adb32858b0bddf4ada5f364a84ed60b196dbcda with gcc (GCC) 8.1.0 kernel signature: 615a01a3449ed22ce3c3b3642fd6aad856c68897 all runs: OK # git bisect start 29dcea88779c856c7dc92040a0c01233263101d4 0adb32858b0bddf4ada5f364a84ed60b196dbcda Bisecting: 7380 revisions left to test after this (roughly 13 steps) [97b1255cb27c551d7c3c5c496d787da40772da99] mm,oom_reaper: check for MMF_OOM_SKIP before complaining testing commit 97b1255cb27c551d7c3c5c496d787da40772da99 with gcc (GCC) 8.1.0 kernel signature: c910cabca13f5034f7752d937c21e4b96446be09 all runs: crashed: general protection fault in xt_rateest_tg_checkentry # git bisect bad 97b1255cb27c551d7c3c5c496d787da40772da99 Bisecting: 4372 revisions left to test after this (roughly 12 steps) [bb2407a7219760926760f0448fddf00d625e5aec] Merge tag 'docs-4.17' of git://git.lwn.net/linux testing commit bb2407a7219760926760f0448fddf00d625e5aec with gcc (GCC) 8.1.0 kernel signature: e99c8ce5238f73e4ebbb676ff2226dda2cb3c6f7 all runs: OK # git bisect good bb2407a7219760926760f0448fddf00d625e5aec Bisecting: 2394 revisions left to test after this (roughly 11 steps) [147a89bc71e7db40f011454a40add7ff2d10f8d8] Merge tag 'kconfig-v4.17' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild testing commit 147a89bc71e7db40f011454a40add7ff2d10f8d8 with gcc (GCC) 8.1.0 kernel signature: 46d695a8d46a86ba8da846c1b5824da4184558c8 all runs: crashed: general protection fault in xt_rateest_tg_checkentry # git bisect bad 147a89bc71e7db40f011454a40add7ff2d10f8d8 Bisecting: 988 revisions left to test after this (roughly 10 steps) [32c23b47dbd9765c6ec2542400f41f0d47a7d2c1] i40e: Properly check allowed advertisement capabilities testing commit 32c23b47dbd9765c6ec2542400f41f0d47a7d2c1 with gcc (GCC) 8.1.0 kernel signature: f06d6bbe396c3f1794789fdac85f85a84e736e97 all runs: OK # git bisect good 32c23b47dbd9765c6ec2542400f41f0d47a7d2c1 Bisecting: 496 revisions left to test after this (roughly 9 steps) [e15f20ea33b8e5074145abe464b4b48acea505d9] Merge tag 'mac80211-next-for-davem-2018-03-29' of git://git.kernel.org/pub/scm/linux/kernel/git/jberg/mac80211-next testing commit e15f20ea33b8e5074145abe464b4b48acea505d9 with gcc (GCC) 8.1.0 kernel signature: 4fcceb4eab5b7489832e94a18953b2fdc685bd99 all runs: OK # git bisect good e15f20ea33b8e5074145abe464b4b48acea505d9 Bisecting: 248 revisions left to test after this (roughly 8 steps) [699efed00df0631e39a639b49e3b8e27e62e6c89] bnxt_en: Include additional hardware port statistics in ethtool -S. testing commit 699efed00df0631e39a639b49e3b8e27e62e6c89 with gcc (GCC) 8.1.0 kernel signature: d53fda205357559e20da2ff239356162310c870c all runs: crashed: general protection fault in xt_rateest_tg_checkentry # git bisect bad 699efed00df0631e39a639b49e3b8e27e62e6c89 Bisecting: 125 revisions left to test after this (roughly 7 steps) [b9a12601541eb55d07e00261a5112a4bc36fe7be] Merge branch 'Close-race-between-un-register_netdevice_notifier-and-pernet_operations' testing commit b9a12601541eb55d07e00261a5112a4bc36fe7be with gcc (GCC) 8.1.0 kernel signature: 6a77f4d93d8d020383fcc7fe2ba4a428729c4766 all runs: OK # git bisect good b9a12601541eb55d07e00261a5112a4bc36fe7be Bisecting: 62 revisions left to test after this (roughly 6 steps) [c0b6edef0bf0e33c12eaf80c676ff09def011518] tc-testing: Add newline when writing test case files testing commit c0b6edef0bf0e33c12eaf80c676ff09def011518 with gcc (GCC) 8.1.0 kernel signature: f21321d42887080a29630b52ca027762c3d52fdb all runs: crashed: general protection fault in xt_rateest_tg_checkentry # git bisect bad c0b6edef0bf0e33c12eaf80c676ff09def011518 Bisecting: 31 revisions left to test after this (roughly 5 steps) [20710b3b81895c89e92bcc32ce85c0bede1171f8] netfilter: ctnetlink: synproxy support testing commit 20710b3b81895c89e92bcc32ce85c0bede1171f8 with gcc (GCC) 8.1.0 kernel signature: ae166f4f6ec323e539ca803c6b155aa0233d8f50 all runs: crashed: general protection fault in xt_rateest_tg_checkentry # git bisect bad 20710b3b81895c89e92bcc32ce85c0bede1171f8 Bisecting: 15 revisions left to test after this (roughly 4 steps) [7d7d7e02111e9a4dc9d0658597f528f815d820fd] netfilter: compat: reject huge allocation requests testing commit 7d7d7e02111e9a4dc9d0658597f528f815d820fd with gcc (GCC) 8.1.0 kernel signature: 4e81aea857da88ca8b4e40d2dae8a0b3504464c7 all runs: OK # git bisect good 7d7d7e02111e9a4dc9d0658597f528f815d820fd Bisecting: 7 revisions left to test after this (roughly 3 steps) [35d8deb80c30fdb2dee3e2dac71eab00d8a6fed5] netfilter: conncount: Support count only use case testing commit 35d8deb80c30fdb2dee3e2dac71eab00d8a6fed5 with gcc (GCC) 8.1.0 kernel signature: ed2e9218b4b7d8becce07d8432a36a12b3e51e61 all runs: crashed: general protection fault in xt_rateest_tg_checkentry # git bisect bad 35d8deb80c30fdb2dee3e2dac71eab00d8a6fed5 Bisecting: 3 revisions left to test after this (roughly 2 steps) [010eacd968a73ddcb8592b14c1607e1004120ede] netfilter: xt_limit: Spelling s/maxmum/maximum/ testing commit 010eacd968a73ddcb8592b14c1607e1004120ede with gcc (GCC) 8.1.0 kernel signature: fffa662ff83f95d3ab639ad7836bd247dd5af196 all runs: crashed: general protection fault in xt_rateest_tg_checkentry # git bisect bad 010eacd968a73ddcb8592b14c1607e1004120ede Bisecting: 1 revision left to test after this (roughly 1 step) [0d7df906a0e78079a02108b06d32c3ef2238ad25] netfilter: x_tables: ensure last rule in base chain matches underflow/policy testing commit 0d7df906a0e78079a02108b06d32c3ef2238ad25 with gcc (GCC) 8.1.0 kernel signature: 5b813c18bbd61e80a1931f67d684c6ff5bc87ae9 all runs: OK # git bisect good 0d7df906a0e78079a02108b06d32c3ef2238ad25 Bisecting: 0 revisions left to test after this (roughly 0 steps) [3427b2ab63faccafe774ea997fc2da7faf690c5a] netfilter: make xt_rateest hash table per net testing commit 3427b2ab63faccafe774ea997fc2da7faf690c5a with gcc (GCC) 8.1.0 kernel signature: c42be0fe0b57129934a916e3191f4527bda83110 all runs: crashed: general protection fault in xt_rateest_tg_checkentry # git bisect bad 3427b2ab63faccafe774ea997fc2da7faf690c5a 3427b2ab63faccafe774ea997fc2da7faf690c5a is the first bad commit commit 3427b2ab63faccafe774ea997fc2da7faf690c5a Author: Cong Wang Date: Thu Mar 1 18:58:38 2018 -0800 netfilter: make xt_rateest hash table per net As suggested by Eric, we need to make the xt_rateest hash table and its lock per netns to reduce lock contentions. Cc: Florian Westphal Cc: Eric Dumazet Cc: Pablo Neira Ayuso Signed-off-by: Cong Wang Reviewed-by: Eric Dumazet Signed-off-by: Pablo Neira Ayuso include/net/netfilter/xt_rateest.h | 4 +- net/netfilter/xt_RATEEST.c | 91 +++++++++++++++++++++++++++----------- net/netfilter/xt_rateest.c | 10 ++--- 3 files changed, 72 insertions(+), 33 deletions(-) culprit signature: c42be0fe0b57129934a916e3191f4527bda83110 parent signature: 5b813c18bbd61e80a1931f67d684c6ff5bc87ae9 revisions tested: 25, total time: 4h39m4.441003093s (build: 2h22m46.742551264s, test: 2h14m21.336874694s) first bad commit: 3427b2ab63faccafe774ea997fc2da7faf690c5a netfilter: make xt_rateest hash table per net cc: ["edumazet@google.com" "pablo@netfilter.org" "xiyou.wangcong@gmail.com"] crash: general protection fault in xt_rateest_tg_checkentry IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready kasan: CONFIG_KASAN_INLINE enabled kasan: GPF could be caused by NULL-ptr deref or user memory access IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready general protection fault: 0000 [#1] PREEMPT SMP KASAN IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready Modules linked in: IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready CPU: 0 PID: 7095 Comm: syz-executor.3 Not tainted 4.16.0-rc2-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:__read_once_size include/linux/compiler.h:188 [inline] RIP: 0010:net_generic include/net/netns/generic.h:45 [inline] RIP: 0010:xt_rateest_tg_checkentry+0xe6/0xbd0 net/netfilter/xt_RATEEST.c:112 RSP: 0018:ffff8800a1c07808 EFLAGS: 00010206 IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready RAX: dffffc0000000000 RBX: 1ffff10014380f04 RCX: 1ffffffff0fbc56c RDX: 0000000000000288 RSI: ffffffff87241960 RDI: 0000000000001440 RBP: ffff8800a1c078e8 R08: ffff88009e6e69d8 R09: 0000000000000000 R10: 0000000000000000 R11: ffff88009e6e6100 R12: 0000000000000028 R13: ffff8800a1c07b88 R14: 0000000000000000 R15: ffff8800a1c078c0 FS: 00007f94945c3700(0000) GS:ffff8800aec00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007ffdded40ca0 CR3: 000000007b1b2000 CR4: 00000000001406f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready xt_check_target+0x200/0x640 net/netfilter/x_tables.c:988 IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready check_target net/ipv4/netfilter/arp_tables.c:413 [inline] find_check_entry net/ipv4/netfilter/arp_tables.c:436 [inline] translate_table+0xdb8/0x1dc0 net/ipv4/netfilter/arp_tables.c:586 IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready do_replace net/ipv4/netfilter/arp_tables.c:991 [inline] do_arpt_set_ctl+0x257/0x540 net/ipv4/netfilter/arp_tables.c:1470 hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network nf_sockopt net/netfilter/nf_sockopt.c:106 [inline] nf_setsockopt+0x5c/0xb0 net/netfilter/nf_sockopt.c:115 ip_setsockopt+0x59/0x70 net/ipv4/ip_sockglue.c:1261 udp_setsockopt+0x16/0x30 net/ipv4/udp.c:2406 sock_common_setsockopt+0x73/0xf0 net/core/sock.c:2979 SYSC_setsockopt net/socket.c:1850 [inline] SyS_setsockopt+0x140/0x210 net/socket.c:1829 hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready do_syscall_64+0x1c7/0x6a0 arch/x86/entry/common.c:287 entry_SYSCALL_64_after_hwframe+0x42/0xb7 RIP: 0033:0x45af49 RSP: 002b:00007f94945c2c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000000045af49 RDX: 0000000000000060 RSI: 0a02000000000000 RDI: 0000000000000003 RBP: 000000000075bf20 R08: 0000000000000430 R09: 0000000000000000 R10: 00000000200008c0 R11: 0000000000000246 R12: 00007f94945c36d4 R13: 00000000004d3440 R14: 00000000004e4298 R15: 00000000ffffffff Code: IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready e8 60 b4 e0 fb e8 4b 8e e5 fb 5a 85 c0 0f 85 8021q: adding VLAN 0 to HW filter on device batadv0 b2 02 00 00 49 8d be 40 14 00 00 kobject: 'vlan0' (00000000631f34b4): kobject_add_internal: parent: 'mesh', set: '' 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 b1 08 00 00 4d 8b IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready b6 IPv6: ADDRCONF(NETDEV_UP): veth1_virt_wifi: link is not ready 40 14 00 00 e8 14 8e e5 RIP: __read_once_size include/linux/compiler.h:188 [inline] RSP: ffff8800a1c07808 RIP: net_generic include/net/netns/generic.h:45 [inline] RSP: ffff8800a1c07808 RIP: xt_rateest_tg_checkentry+0xe6/0xbd0 net/netfilter/xt_RATEEST.c:112 RSP: ffff8800a1c07808 ---[ end trace 146fe820dbdca885 ]--- IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready