bisecting cause commit starting from 80892772c4edac88c538165d26a0105f19b61c1c building syzkaller on 8eda0b957e5b39c0c525e74f51d6b39ab8c5b1ac testing commit 80892772c4edac88c538165d26a0105f19b61c1c with gcc (GCC) 8.1.0 kernel signature: 428e5aaf84f89c0ade410e9283e3becfdc9facd0 all runs: crashed: WARNING in cbq_destroy_class testing release v5.4 testing commit 219d54332a09e8d8741c1e1982f5eae56099de85 with gcc (GCC) 8.1.0 kernel signature: f74f753431f63b5d277dc13a06f20143d29b3711 all runs: crashed: WARNING in cbq_destroy_class testing release v5.3 testing commit 4d856f72c10ecb060868ed10ff1b1453943fc6c8 with gcc (GCC) 8.1.0 kernel signature: f00226c17ea5bcba6c90bcf613aaf578ab6c7680 all runs: crashed: WARNING in cbq_destroy_class testing release v5.2 testing commit 0ecfebd2b52404ae0c54a878c872bb93363ada36 with gcc (GCC) 8.1.0 kernel signature: 10d1caa0a3168a91e2d706f8ff7bc5be322ba9a2 all runs: crashed: WARNING in cbq_destroy_class testing release v5.1 testing commit e93c9c99a629c61837d5a7fc2120cd2b6c70dbdd with gcc (GCC) 8.1.0 kernel signature: 327466857ae3388b175f51a2196ccbae54926679 all runs: crashed: WARNING in cbq_destroy_class testing release v5.0 testing commit 1c163f4c7b3f621efff9b28a47abb36f7378d783 with gcc (GCC) 8.1.0 kernel signature: df8676e33d81c6e3c22c571b04ddb54f5561e308 all runs: crashed: WARNING in cbq_destroy_class testing release v4.20 testing commit 8fe28cb58bcb235034b64cbbb7550a8a43fd88be with gcc (GCC) 8.1.0 kernel signature: d947aa0fa557406084533f770d43d479b896eb86 all runs: crashed: WARNING in cbq_destroy_class testing release v4.19 testing commit 84df9525b0c27f3ebc2ebb1864fa62a97fdedb7d with gcc (GCC) 8.1.0 kernel signature: 47fe59226d8adfa97185f41097fc5282c476d5e9 all runs: crashed: WARNING in cbq_destroy_class testing release v4.18 testing commit 94710cac0ef4ee177a63b5227664b38c95bbf703 with gcc (GCC) 8.1.0 kernel signature: 845cbfb950567a8bae380871d08e4cb69f85288b all runs: crashed: WARNING in cbq_destroy_class testing release v4.17 testing commit 29dcea88779c856c7dc92040a0c01233263101d4 with gcc (GCC) 8.1.0 kernel signature: 0cea35fb693f97b23637406ff01008f5704a024a all runs: crashed: WARNING in cbq_destroy_class testing release v4.16 testing commit 0adb32858b0bddf4ada5f364a84ed60b196dbcda with gcc (GCC) 8.1.0 kernel signature: 997cec027b4f502b6c047e4c551c6b48f1f53ed0 all runs: crashed: WARNING in cbq_destroy_class testing release v4.15 testing commit d8a5b80568a9cb66810e75b182018e9edb68e8ff with gcc (GCC) 8.1.0 kernel signature: 30cccc4601d48280ca973908a7b15d88d1a93a2c all runs: crashed: WARNING in cbq_destroy_class testing release v4.14 testing commit bebc6082da0a9f5d47a1ea2edc099bf671058bd4 with gcc (GCC) 8.1.0 kernel signature: 75d716f8b98d7b7dc2b3372fbebac7b9fe84af72 all runs: OK # git bisect start d8a5b80568a9cb66810e75b182018e9edb68e8ff bebc6082da0a9f5d47a1ea2edc099bf671058bd4 Bisecting: 8497 revisions left to test after this (roughly 13 steps) [5d352e69c60e54b5f04d6e337a1d2bf0dbf3d94a] Merge tag 'media/v4.15-1' of ssh://gitolite.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media testing commit 5d352e69c60e54b5f04d6e337a1d2bf0dbf3d94a with gcc (GCC) 8.1.0 kernel signature: 713719856e6a2cc6e553b54e5b76f1804899f24b all runs: OK # git bisect good 5d352e69c60e54b5f04d6e337a1d2bf0dbf3d94a Bisecting: 3900 revisions left to test after this (roughly 12 steps) [f6705bf959efac87bca76d40050d342f1d212587] Merge tag 'drm-for-v4.15-amd-dc' of git://people.freedesktop.org/~airlied/linux testing commit f6705bf959efac87bca76d40050d342f1d212587 with gcc (GCC) 8.1.0 kernel signature: 058fb9f68a2954599e1720e66aa9bdbe133b79c1 all runs: OK # git bisect good f6705bf959efac87bca76d40050d342f1d212587 Bisecting: 1936 revisions left to test after this (roughly 11 steps) [4066aa72f9f2886105c6f747d7f9bd4f14f53c12] Merge tag 'drm-fixes-for-v4.15-rc3' of git://people.freedesktop.org/~airlied/linux testing commit 4066aa72f9f2886105c6f747d7f9bd4f14f53c12 with gcc (GCC) 8.1.0 kernel signature: fce601cfc683139354ef5cd606fba4931ce04aad all runs: crashed: WARNING in cbq_destroy_class # git bisect bad 4066aa72f9f2886105c6f747d7f9bd4f14f53c12 Bisecting: 981 revisions left to test after this (roughly 10 steps) [3d18cbb7fd0cfdf0b2ca18139950a4b0c1a0a220] rxrpc: Fix conn expiry timers testing commit 3d18cbb7fd0cfdf0b2ca18139950a4b0c1a0a220 with gcc (GCC) 8.1.0 kernel signature: 84e63c6130d89c6052f80599471f24531df7b7a1 all runs: OK # git bisect good 3d18cbb7fd0cfdf0b2ca18139950a4b0c1a0a220 Bisecting: 505 revisions left to test after this (roughly 9 steps) [75f64f68afa165ebe139cca2adb4df0a229a06de] Merge branch 'for-linus' of git://git.kernel.dk/linux-block testing commit 75f64f68afa165ebe139cca2adb4df0a229a06de with gcc (GCC) 8.1.0 kernel signature: 095c011f9d5e9362b9096d99426706446caaf08e all runs: crashed: WARNING in cbq_destroy_class # git bisect bad 75f64f68afa165ebe139cca2adb4df0a229a06de Bisecting: 237 revisions left to test after this (roughly 8 steps) [6ea8d958a2c95a1d514015d4e29ba21a8c0a1a91] mm/madvise.c: fix madvise() infinite loop under special circumstances testing commit 6ea8d958a2c95a1d514015d4e29ba21a8c0a1a91 with gcc (GCC) 8.1.0 kernel signature: 2bebe0f1dd3b8da88d1db63eacccfde1496af0ac all runs: OK # git bisect good 6ea8d958a2c95a1d514015d4e29ba21a8c0a1a91 Bisecting: 123 revisions left to test after this (roughly 7 steps) [b9151761021e25c024a6670df4e7c43ffbab0e1d] Merge tag 'nfsd-4.15-1' of git://linux-nfs.org/~bfields/linux testing commit b9151761021e25c024a6670df4e7c43ffbab0e1d with gcc (GCC) 8.1.0 kernel signature: 2722c51063222cca8eade85c9b79d970475b7f09 all runs: crashed: WARNING in cbq_destroy_class # git bisect bad b9151761021e25c024a6670df4e7c43ffbab0e1d Bisecting: 56 revisions left to test after this (roughly 6 steps) [0195a21079c077abfb475a56830b06b37424982a] atm: suni: remove extraneous space to fix indentation testing commit 0195a21079c077abfb475a56830b06b37424982a with gcc (GCC) 8.1.0 kernel signature: c54aabd02d0048b3f761b95be23c9847b146b1b8 all runs: OK # git bisect good 0195a21079c077abfb475a56830b06b37424982a Bisecting: 23 revisions left to test after this (roughly 5 steps) [26cd94744e142dd5d5a21e2c1e31bacc120b2d74] Merge tag 'for-4.15-rc2-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux testing commit 26cd94744e142dd5d5a21e2c1e31bacc120b2d74 with gcc (GCC) 8.1.0 kernel signature: d8efc05d9ba34c180ec215cbb6d9abe987dcd141 all runs: crashed: WARNING in cbq_destroy_class # git bisect bad 26cd94744e142dd5d5a21e2c1e31bacc120b2d74 Bisecting: 15 revisions left to test after this (roughly 4 steps) [fccfde4443494df7262920565e2a43fbfbae63bc] Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc testing commit fccfde4443494df7262920565e2a43fbfbae63bc with gcc (GCC) 8.1.0 kernel signature: b3fa23a5fcf3857d0b50ee291fb5bc273e728825 all runs: crashed: WARNING in cbq_destroy_class # git bisect bad fccfde4443494df7262920565e2a43fbfbae63bc Bisecting: 8 revisions left to test after this (roughly 3 steps) [668533dc0764b30c9dd2baf3ca800156f688326b] kallsyms: take advantage of the new '%px' format testing commit 668533dc0764b30c9dd2baf3ca800156f688326b with gcc (GCC) 8.1.0 kernel signature: 977e97119bf212665578ac02a45314df88244246 all runs: OK # git bisect good 668533dc0764b30c9dd2baf3ca800156f688326b Bisecting: 4 revisions left to test after this (roughly 2 steps) [a7e4fbbfdf7935333800bd801f6affc2515506f2] net: via: via-rhine: use %p to format void * address instead of %x testing commit a7e4fbbfdf7935333800bd801f6affc2515506f2 with gcc (GCC) 8.1.0 kernel signature: 12e20b56564f9586ad799398a8f72b70dc07e595 all runs: crashed: WARNING in cbq_destroy_class # git bisect bad a7e4fbbfdf7935333800bd801f6affc2515506f2 Bisecting: 1 revision left to test after this (roughly 1 step) [01e4fab6c1131a5e4f12104e7134da701def0434] myri10ge: Update MAINTAINERS testing commit 01e4fab6c1131a5e4f12104e7134da701def0434 with gcc (GCC) 8.1.0 kernel signature: a5df5a046c779a7296c4c93ad3945d0cab9e82d6 all runs: crashed: WARNING in cbq_destroy_class # git bisect bad 01e4fab6c1131a5e4f12104e7134da701def0434 Bisecting: 0 revisions left to test after this (roughly 0 steps) [d51aae68b142f48232257e96ce317db25445418d] net: sched: cbq: create block for q->link.block testing commit d51aae68b142f48232257e96ce317db25445418d with gcc (GCC) 8.1.0 kernel signature: c004bcf716007a736f3040c746f8b88f235b29a5 all runs: crashed: WARNING in cbq_destroy_class # git bisect bad d51aae68b142f48232257e96ce317db25445418d d51aae68b142f48232257e96ce317db25445418d is the first bad commit commit d51aae68b142f48232257e96ce317db25445418d Author: Jiri Pirko Date: Mon Nov 27 18:37:21 2017 +0100 net: sched: cbq: create block for q->link.block q->link.block is not initialized, that leads to EINVAL when one tries to add filter there. So initialize it properly. This can be reproduced by: $ tc qdisc add dev eth0 root handle 1: cbq avpkt 1000 rate 1000Mbit bandwidth 1000Mbit $ tc filter add dev eth0 parent 1: protocol ip prio 100 u32 match ip protocol 0 0x00 flowid 1:1 Reported-by: Jaroslav Aster Reported-by: Ivan Vecera Fixes: 6529eaba33f0 ("net: sched: introduce tcf block infractructure") Signed-off-by: Jiri Pirko Acked-by: Eelco Chaudron Reviewed-by: Ivan Vecera Signed-off-by: David S. Miller net/sched/sch_cbq.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) culprit signature: c004bcf716007a736f3040c746f8b88f235b29a5 parent signature: c54aabd02d0048b3f761b95be23c9847b146b1b8 revisions tested: 27, total time: 5h5m22.128267547s (build: 2h33m25.108212939s, test: 2h28m45.285439839s) first bad commit: d51aae68b142f48232257e96ce317db25445418d net: sched: cbq: create block for q->link.block cc: ["davem@davemloft.net" "echaudro@redhat.com" "ivecera@redhat.com" "jiri@mellanox.com"] crash: WARNING in cbq_destroy_class IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready device veth0_macvtap entered promiscuous mode IPv6: ADDRCONF(NETDEV_UP): macvtap0: link is not ready netlink: 96 bytes leftover after parsing attributes in process `syz-executor.2'. WARNING: CPU: 0 PID: 7266 at net/sched/sch_cbq.c:1412 cbq_destroy_class+0xe4/0x110 net/sched/sch_cbq.c:1420 Kernel panic - not syncing: panic_on_warn set ... CPU: 0 PID: 7266 Comm: syz-executor.2 Not tainted 4.14.0-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x145/0x1e1 lib/dump_stack.c:53 panic+0x1a9/0x34e kernel/panic.c:183 __warn.cold.8+0x120/0x156 kernel/panic.c:547 report_bug+0x1a3/0x230 lib/bug.c:184 fixup_bug arch/x86/kernel/traps.c:177 [inline] do_error_trap+0x1bd/0x460 arch/x86/kernel/traps.c:295 do_invalid_op+0x1b/0x20 arch/x86/kernel/traps.c:314 invalid_op+0x18/0x20 arch/x86/entry/entry_64.S:926 RIP: 0010:cbq_destroy_class+0xe4/0x110 net/sched/sch_cbq.c:1412 RSP: 0018:ffff88009065f078 EFLAGS: 00010202 RAX: 0000000000000001 RBX: ffff8800a37a2b20 RCX: ffff8800a7e68dc0 RDX: 1ffff100146f4588 RSI: ffff8800a37a2b20 RDI: ffff8800a37a2c40 RBP: ffff88009065f088 R08: ffff8800a19d4a58 R09: 0000000000000006 R10: 0000000000000000 R11: ffff8800a19d4140 R12: ffff8800a37a2900 R13: 0000000000000000 R14: 0000000000000000 R15: ffffed00146f4558 cbq_destroy+0x1ff/0x2e0 net/sched/sch_cbq.c:1446 qdisc_destroy+0x110/0x3b0 net/sched/sch_generic.c:725 notify_and_destroy+0x34/0x40 net/sched/sch_api.c:885 qdisc_graft+0x350/0xca0 net/sched/sch_api.c:949 tc_modify_qdisc+0x908/0x1859 net/sched/sch_api.c:1434 rtnetlink_rcv_msg+0x50e/0xee0 net/core/rtnetlink.c:4411 netlink_rcv_skb+0x211/0x490 net/netlink/af_netlink.c:2405 rtnetlink_rcv+0x10/0x20 net/core/rtnetlink.c:4423 netlink_unicast_kernel net/netlink/af_netlink.c:1272 [inline] netlink_unicast+0x424/0x630 net/netlink/af_netlink.c:1298 netlink_sendmsg+0x8c3/0xe80 net/netlink/af_netlink.c:1861 sock_sendmsg_nosec net/socket.c:632 [inline] sock_sendmsg+0xb5/0xf0 net/socket.c:642 kernel_sendmsg+0x26/0x30 net/socket.c:650 sock_no_sendpage+0x1a8/0x260 net/core/sock.c:2571 kernel_sendpage+0x60/0xd0 net/socket.c:3386 sock_sendpage+0x73/0xd0 net/socket.c:857 pipe_to_sendpage+0x228/0x4e0 fs/splice.c:451 splice_from_pipe_feed fs/splice.c:502 [inline] __splice_from_pipe+0x2cb/0x720 fs/splice.c:626 splice_from_pipe+0x1a7/0x300 fs/splice.c:661 generic_splice_sendpage+0x10/0x20 fs/splice.c:832 do_splice_from fs/splice.c:851 [inline] do_splice fs/splice.c:1147 [inline] SYSC_splice fs/splice.c:1402 [inline] SyS_splice+0x740/0x1930 fs/splice.c:1382 entry_SYSCALL_64_fastpath+0x23/0x9a RIP: 0033:0x45b349 RSP: 002b:00007fb4ea339c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000113 RAX: ffffffffffffffda RBX: 00007fb4ea33a6d4 RCX: 000000000045b349 RDX: 0000000000000009 RSI: 0000000000000000 RDI: 0000000000000007 RBP: 0000000000000086 R08: 000000000004ffe0 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007fff7b12761f R14: 00007fb4ea33a9c0 R15: 000000000075bfd4 Kernel Offset: disabled Rebooting in 86400 seconds..