bisecting cause commit starting from d3d45f8220d60a0b2aaaacf8fb2be4e6ffd9008e
building syzkaller on 2653fa43f8cced3279808d74e5f712bf45ef7551
testing commit d3d45f8220d60a0b2aaaacf8fb2be4e6ffd9008e with gcc (GCC) 8.1.0
kernel signature: 13ee02302c9a5fb7e171cd0c27c50c21825f337794d6d02fb6a99a9ea827626e
all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in event_handler
testing release v5.8
testing commit bcf876870b95592b52519ed4aafcf9d95999bc9c with gcc (GCC) 8.1.0
kernel signature: f84bea85632142b7f2c1bf72a0a8ea0c6d309af1eec186fb261526220ae0bb42
all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in event_handler
testing release v5.7
testing commit 3d77e6a8804abcc0504c904bd6e5cdf3a5cf8162 with gcc (GCC) 8.1.0
kernel signature: b52fd36da72c5a98561935cfaf379d783485b51ccfd139c4a4a8b7fb27895654
run #0: crashed: KASAN: null-ptr-deref Write in event_handler
run #1: crashed: KASAN: null-ptr-deref Write in event_handler
run #2: crashed: KASAN: null-ptr-deref Write in event_handler
run #3: crashed: KASAN: null-ptr-deref Write in event_handler
run #4: crashed: KASAN: null-ptr-deref Write in event_handler
run #5: crashed: KASAN: null-ptr-deref Write in event_handler
run #6: crashed: KASAN: null-ptr-deref Write in event_handler
run #7: crashed: KASAN: null-ptr-deref Write in event_handler
run #8: crashed: KASAN: null-ptr-deref Write in event_handler
run #9: crashed: INFO: task hung in hub_port_init
testing release v5.6
testing commit 7111951b8d4973bda27ff663f2cf18b663d15b48 with gcc (GCC) 8.1.0
kernel signature: 04de4bb17bdff095391159251b7a5790e8e8d0c03c49c330573b6339d6f27131
all runs: crashed: KASAN: null-ptr-deref Write in event_handler
testing release v5.5
testing commit d5226fa6dbae0569ee43ecfc08bdcd6770fc4755 with gcc (GCC) 8.1.0
kernel signature: 6f35d4b16cb2708930a108516674b7337767b07b71afd925362f07003e9d2607
all runs: crashed: KASAN: null-ptr-deref Write in event_handler
testing release v5.4
testing commit 219d54332a09e8d8741c1e1982f5eae56099de85 with gcc (GCC) 8.1.0
kernel signature: 041f84fe1ffe0286da745fd51ee621782e34c8689af3174ce67469b4dfdc96e6
run #0: crashed: BUG: unable to handle kernel NULL pointer dereference in event_handler
run #1: crashed: BUG: unable to handle kernel NULL pointer dereference in event_handler
run #2: crashed: BUG: unable to handle kernel NULL pointer dereference in event_handler
run #3: crashed: BUG: unable to handle kernel NULL pointer dereference in event_handler
run #4: crashed: BUG: unable to handle kernel NULL pointer dereference in event_handler
run #5: crashed: BUG: unable to handle kernel NULL pointer dereference in event_handler
run #6: crashed: BUG: unable to handle kernel NULL pointer dereference in event_handler
run #7: crashed: BUG: unable to handle kernel NULL pointer dereference in event_handler
run #8: crashed: INFO: task hung in hub_port_init
run #9: crashed: INFO: task hung in hub_port_init
testing release v5.3
testing commit 4d856f72c10ecb060868ed10ff1b1453943fc6c8 with gcc (GCC) 8.1.0
kernel signature: b4e8ed450f14ad5c55ef8eb4ae34a1513cebfe564bf44cfe58ed2aae9a131a39
run #0: crashed: BUG: unable to handle kernel NULL pointer dereference in event_handler
run #1: crashed: BUG: unable to handle kernel NULL pointer dereference in event_handler
run #2: crashed: BUG: unable to handle kernel NULL pointer dereference in event_handler
run #3: crashed: BUG: unable to handle kernel NULL pointer dereference in event_handler
run #4: crashed: BUG: unable to handle kernel NULL pointer dereference in event_handler
run #5: crashed: BUG: unable to handle kernel NULL pointer dereference in event_handler
run #6: crashed: BUG: unable to handle kernel NULL pointer dereference in event_handler
run #7: crashed: BUG: unable to handle kernel NULL pointer dereference in event_handler
run #8: crashed: BUG: unable to handle kernel NULL pointer dereference in event_handler
run #9: crashed: INFO: task hung in hub_port_init
testing release v5.2
testing commit 0ecfebd2b52404ae0c54a878c872bb93363ada36 with gcc (GCC) 8.1.0
kernel signature: 8c58220c29f39b4eaf2316a32200dbbc3c9bbd59122d7bb32d1dfc457b30f5d0
run #0: crashed: BUG: unable to handle kernel NULL pointer dereference in event_handler
run #1: crashed: BUG: unable to handle kernel NULL pointer dereference in event_handler
run #2: crashed: BUG: unable to handle kernel NULL pointer dereference in event_handler
run #3: crashed: BUG: unable to handle kernel NULL pointer dereference in event_handler
run #4: crashed: BUG: unable to handle kernel NULL pointer dereference in event_handler
run #5: crashed: BUG: unable to handle kernel NULL pointer dereference in event_handler
run #6: crashed: BUG: unable to handle kernel NULL pointer dereference in event_handler
run #7: crashed: BUG: unable to handle kernel NULL pointer dereference in event_handler
run #8: crashed: INFO: task hung in hub_port_init
run #9: crashed: INFO: task hung in hub_port_init
testing release v5.1
testing commit e93c9c99a629c61837d5a7fc2120cd2b6c70dbdd with gcc (GCC) 8.1.0
kernel signature: 58f39c7a952fddce15771d823ff2a5862aed68815ff035c5f0bc8bee7d31e5e5
run #0: crashed: BUG: unable to handle kernel NULL pointer dereference in event_handler
run #1: crashed: BUG: unable to handle kernel NULL pointer dereference in event_handler
run #2: crashed: BUG: unable to handle kernel NULL pointer dereference in event_handler
run #3: crashed: BUG: unable to handle kernel NULL pointer dereference in event_handler
run #4: crashed: BUG: unable to handle kernel NULL pointer dereference in event_handler
run #5: crashed: BUG: unable to handle kernel NULL pointer dereference in event_handler
run #6: crashed: BUG: unable to handle kernel NULL pointer dereference in event_handler
run #7: crashed: BUG: unable to handle kernel NULL pointer dereference in event_handler
run #8: crashed: BUG: unable to handle kernel NULL pointer dereference in event_handler
run #9: crashed: INFO: task hung in hub_port_init
testing release v5.0
testing commit 1c163f4c7b3f621efff9b28a47abb36f7378d783 with gcc (GCC) 8.1.0
kernel signature: 726edee84b70e9ac360a8e3fe12a3cd511f6e7dbc66239f694edaa77697f5bfe
run #0: crashed: KASAN: null-ptr-deref Write in event_handler
run #1: crashed: KASAN: null-ptr-deref Write in event_handler
run #2: crashed: KASAN: null-ptr-deref Write in event_handler
run #3: crashed: KASAN: null-ptr-deref Write in event_handler
run #4: crashed: KASAN: null-ptr-deref Write in event_handler
run #5: crashed: KASAN: null-ptr-deref Write in event_handler
run #6: crashed: KASAN: null-ptr-deref Write in event_handler
run #7: crashed: KASAN: null-ptr-deref Write in event_handler
run #8: crashed: KASAN: null-ptr-deref Write in event_handler
run #9: crashed: INFO: task hung in hub_port_init
testing release v4.20
testing commit 8fe28cb58bcb235034b64cbbb7550a8a43fd88be with gcc (GCC) 8.1.0
kernel signature: 143fe96fbe35420b3895cdac8a8fd1f15acaf4732967b7396a3543ea8e9b802f
run #0: crashed: KASAN: null-ptr-deref Write in event_handler
run #1: crashed: KASAN: null-ptr-deref Write in event_handler
run #2: crashed: KASAN: null-ptr-deref Write in event_handler
run #3: crashed: KASAN: null-ptr-deref Write in event_handler
run #4: crashed: KASAN: null-ptr-deref Write in event_handler
run #5: crashed: KASAN: null-ptr-deref Write in event_handler
run #6: crashed: KASAN: null-ptr-deref Write in event_handler
run #7: crashed: KASAN: null-ptr-deref Write in event_handler
run #8: crashed: INFO: task hung in hub_port_init
run #9: crashed: INFO: task hung in hub_port_init
testing release v4.19
testing commit 84df9525b0c27f3ebc2ebb1864fa62a97fdedb7d with gcc (GCC) 8.1.0
kernel signature: dfbf0ecc3ee0495a280dcbd270f43f71ca28e5abf4cf725abd1c9f6a1d6a069a
run #0: crashed: KASAN: null-ptr-deref Write in event_handler
run #1: crashed: KASAN: null-ptr-deref Write in event_handler
run #2: crashed: KASAN: null-ptr-deref Write in event_handler
run #3: crashed: KASAN: null-ptr-deref Write in event_handler
run #4: crashed: KASAN: null-ptr-deref Write in event_handler
run #5: crashed: KASAN: null-ptr-deref Write in event_handler
run #6: crashed: KASAN: null-ptr-deref Write in event_handler
run #7: crashed: KASAN: null-ptr-deref Write in event_handler
run #8: crashed: KASAN: null-ptr-deref Write in event_handler
run #9: crashed: INFO: task hung in hub_port_init
testing release v4.18
testing commit 94710cac0ef4ee177a63b5227664b38c95bbf703 with gcc (GCC) 8.1.0
kernel signature: 84f9fbc364b1965354cf456fd67b42c297638067a8446ee33691371528301946
run #0: crashed: KASAN: null-ptr-deref Write in event_handler
run #1: crashed: KASAN: null-ptr-deref Write in event_handler
run #2: crashed: KASAN: null-ptr-deref Write in event_handler
run #3: crashed: KASAN: null-ptr-deref Write in event_handler
run #4: crashed: KASAN: null-ptr-deref Write in event_handler
run #5: crashed: KASAN: null-ptr-deref Write in event_handler
run #6: crashed: KASAN: null-ptr-deref Write in event_handler
run #7: crashed: KASAN: null-ptr-deref Write in event_handler
run #8: crashed: KASAN: null-ptr-deref Write in event_handler
run #9: crashed: INFO: task hung in hub_port_init
testing release v4.17
testing commit 29dcea88779c856c7dc92040a0c01233263101d4 with gcc (GCC) 8.1.0
kernel signature: 0b8cc6b820dc95490fa97c490363d2cb026a3bebe1d8d5e6d9be8996270d9d68
run #0: crashed: KASAN: null-ptr-deref Write in event_handler
run #1: crashed: KASAN: null-ptr-deref Write in event_handler
run #2: crashed: KASAN: null-ptr-deref Write in event_handler
run #3: crashed: KASAN: null-ptr-deref Write in event_handler
run #4: crashed: KASAN: null-ptr-deref Write in event_handler
run #5: crashed: KASAN: null-ptr-deref Write in event_handler
run #6: crashed: KASAN: null-ptr-deref Write in event_handler
run #7: crashed: KASAN: null-ptr-deref Write in event_handler
run #8: crashed: KASAN: null-ptr-deref Write in event_handler
run #9: crashed: INFO: task hung in hub_port_init
testing release v4.16
testing commit 0adb32858b0bddf4ada5f364a84ed60b196dbcda with gcc (GCC) 8.1.0
kernel signature: 29eb4eb4de83b4b384dc46a5a9ad71cff433ecdf098ad769c6c50dcef58b90cf
run #0: crashed: BUG: unable to handle kernel NULL pointer dereference in event_handler
run #1: crashed: BUG: unable to handle kernel NULL pointer dereference in event_handler
run #2: crashed: BUG: unable to handle kernel NULL pointer dereference in event_handler
run #3: crashed: BUG: unable to handle kernel NULL pointer dereference in event_handler
run #4: crashed: BUG: unable to handle kernel NULL pointer dereference in event_handler
run #5: crashed: BUG: unable to handle kernel
run #6: crashed: BUG: unable to handle kernel NULL pointer dereference in event_handler
run #7: crashed: BUG: unable to handle kernel NULL pointer dereference in event_handler
run #8: crashed: BUG: unable to handle kernel NULL pointer dereference in event_handler
run #9: crashed: BUG: unable to handle kernel NULL pointer dereference in event_handler
testing release v4.15
testing commit d8a5b80568a9cb66810e75b182018e9edb68e8ff with gcc (GCC) 8.1.0
kernel signature: f721836b1f03133ffc66b7a27250686b429e1f406d5ce7933c2efd1ae65d305a
run #0: crashed: BUG: unable to handle kernel NULL pointer dereference in event_handler
run #1: crashed: BUG: unable to handle kernel NULL pointer dereference in event_handler
run #2: crashed: BUG: unable to handle kernel NULL pointer dereference in event_handler
run #3: crashed: BUG: unable to handle kernel NULL pointer dereference in event_handler
run #4: crashed: BUG: unable to handle kernel
run #5: crashed: BUG: unable to handle kernel NULL pointer dereference in event_handler
run #6: crashed: BUG: unable to handle kernel NULL pointer dereference in event_handler
run #7: crashed: INFO: task hung in hub_port_init
run #8: crashed: INFO: task hung in hub_port_init
run #9: crashed: INFO: task hung in hub_port_init
testing release v4.14
testing commit bebc6082da0a9f5d47a1ea2edc099bf671058bd4 with gcc (GCC) 8.1.0
kernel signature: 0999b85b4f13dadb3eedbf77c0e5e9bf71193e286b2c60ebd91ee5265e92cb8e
run #0: crashed: BUG: unable to handle kernel NULL pointer dereference in event_handler
run #1: crashed: BUG: unable to handle kernel NULL pointer dereference in event_handler
run #2: crashed: BUG: unable to handle kernel NULL pointer dereference in event_handler
run #3: crashed: BUG: unable to handle kernel
run #4: crashed: BUG: unable to handle kernel NULL pointer dereference in event_handler
run #5: crashed: BUG: unable to handle kernel NULL pointer dereference in event_handler
run #6: crashed: BUG: unable to handle kernel NULL pointer dereference in event_handler
run #7: crashed: BUG: unable to handle kernel NULL pointer dereference in event_handler
run #8: crashed: BUG: unable to handle kernel NULL pointer dereference in event_handler
run #9: crashed: INFO: task hung in hub_port_init
testing release v4.13
testing commit 569dbb88e80deb68974ef6fdd6a13edb9d686261 with gcc (GCC) 8.1.0
kernel signature: 64dc90563c61e4c69812337d02a40227472e88ac4aa63b92ce3007e49f628791
run #0: crashed: BUG: unable to handle kernel NULL pointer dereference in event_handler
run #1: crashed: BUG: unable to handle kernel NULL pointer dereference in event_handler
run #2: crashed: BUG: unable to handle kernel NULL pointer dereference in event_handler
run #3: crashed: BUG: unable to handle kernel NULL pointer dereference in event_handler
run #4: crashed: BUG: unable to handle kernel NULL pointer dereference in event_handler
run #5: crashed: BUG: unable to handle kernel NULL pointer dereference in event_handler
run #6: crashed: BUG: unable to handle kernel NULL pointer dereference in event_handler
run #7: crashed: BUG: unable to handle kernel NULL pointer dereference in event_handler
run #8: crashed: INFO: task hung in hub_port_init
run #9: crashed: INFO: task hung in hub_port_init
testing release v4.12
testing commit 6f7da290413ba713f0cdd9ff1a2a9bb129ef4f6c with gcc (GCC) 8.1.0
kernel signature: c3c9e7f4d79413debbb6efe58c64ec8b2731a7a703de88183abda442da93a6da
all runs: crashed: BUG: sleeping function called from invalid context in tap_get_minor
testing release v4.11
testing commit a351e9b9fc24e982ec2f0e76379a49826036da12 with gcc (GCC) 7.3.0
kernel signature: ba6e374971ceb113bb60f27c66e89fa3e22a3382e10373d4071c431b009b6597
all runs: crashed: BUG: sleeping function called from invalid context in tap_get_minor
testing release v4.10
testing commit c470abd4fde40ea6a0846a2beab642a578c0b8cd with gcc (GCC) 5.5.0
kernel signature: 077013ea59d4a41e4bfc70e7559f7966a23a35526c903e906c0642f5fe105df7
all runs: OK
# git bisect start a351e9b9fc24e982ec2f0e76379a49826036da12 c470abd4fde40ea6a0846a2beab642a578c0b8cd
Bisecting: 7088 revisions left to test after this (roughly 13 steps)
[1ec5c1867af085897bb9e0f67bef3713334dbe7f] Merge tag 'gpio-v4.11-1' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-gpio
testing commit 1ec5c1867af085897bb9e0f67bef3713334dbe7f with gcc (GCC) 5.5.0
kernel signature: e7bcce1a7d21a3a1a932019f1862a699318f59ce6f0bb96afad375f2e2a318a5
all runs: boot failed: WARNING in __hrtimer_init
# git bisect skip 1ec5c1867af085897bb9e0f67bef3713334dbe7f
Bisecting: 7088 revisions left to test after this (roughly 13 steps)
[a9d2d53a788a9c5bc8a7d1b4ea7857b68e221357] ixgbe: test for trust in macvlan adjustments for VF
testing commit a9d2d53a788a9c5bc8a7d1b4ea7857b68e221357 with gcc (GCC) 5.5.0
kernel signature: c008cfc24da8147e9839445f38e97d0b26cd8239f79b1689d48e2ba51bb138df
all runs: OK
# git bisect good a9d2d53a788a9c5bc8a7d1b4ea7857b68e221357
Bisecting: 6730 revisions left to test after this (roughly 13 steps)
[28cbc335d272f293c4368abd4ac2e17e36805b79] Merge tag 'sound-4.11-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound
testing commit 28cbc335d272f293c4368abd4ac2e17e36805b79 with gcc (GCC) 5.5.0
kernel signature: fe0d3495efc5c9b043a793bd52fcb47e11a8ac92b9ec90884bd49c686d0417b7
all runs: boot failed: WARNING in __hrtimer_init
# git bisect skip 28cbc335d272f293c4368abd4ac2e17e36805b79
Bisecting: 6730 revisions left to test after this (roughly 13 steps)
[09624645e1e85df8d68b04de6e0607d696268333] scsi: aacraid: Save adapter fib log before an IOP reset
testing commit 09624645e1e85df8d68b04de6e0607d696268333 with gcc (GCC) 5.5.0
kernel signature: 3e16b89b236f7d659ad746f9cba3404476b941eeaaba1ebfb90d8dd14acf5cd3
all runs: boot failed: WARNING in __hrtimer_init
# git bisect skip 09624645e1e85df8d68b04de6e0607d696268333
Bisecting: 6730 revisions left to test after this (roughly 13 steps)
[557c44be917c322860665be3d28376afa84aa936] net: ipv6: RTF_PCPU should not be settable from userspace
testing commit 557c44be917c322860665be3d28376afa84aa936 with gcc (GCC) 5.5.0
kernel signature: 3dab7a459a62dd6f1e65ea20cb91e853a9aa73aff6f185724f964688e0796739
all runs: boot failed: divide error in irq_create_affinity_masks
# git bisect skip 557c44be917c322860665be3d28376afa84aa936
Bisecting: 6730 revisions left to test after this (roughly 13 steps)
[6228b8f2d15bc9a9b76d6b209a8b760a642fa996] userfaultfd: non-cooperative: selftest: introduce userfaultfd_open
testing commit 6228b8f2d15bc9a9b76d6b209a8b760a642fa996 with gcc (GCC) 5.5.0
kernel signature: a3789f3b712ac83e32dfc94b1e41af06a0bd0222d281673b4e83f80b58a4985e
all runs: boot failed: WARNING in __hrtimer_init
# git bisect skip 6228b8f2d15bc9a9b76d6b209a8b760a642fa996
Bisecting: 6730 revisions left to test after this (roughly 13 steps)
[1ad38fd719da87980480886f21130053c73007ac] ath10k: fix typo in addr calculation
testing commit 1ad38fd719da87980480886f21130053c73007ac with gcc (GCC) 5.5.0
kernel signature: 93f62120bea60f9f05c9322e02d3c960344ef10b793e1c4005850c565ea73678
run #0: crashed: KASAN: use-after-free Read in vlan_device_event
run #1: OK
run #2: OK
run #3: OK
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
# git bisect bad 1ad38fd719da87980480886f21130053c73007ac
Bisecting: 120 revisions left to test after this (roughly 7 steps)
[58fa118f3de45481df2ac2b8b41e8114cae2574d] cls_u32: don't bother explicitly initializing ->divisor to zero
testing commit 58fa118f3de45481df2ac2b8b41e8114cae2574d with gcc (GCC) 5.5.0
kernel signature: b79a04cd0d2ea58012dc943f1754bc3a10332a14e7eef988867934a1e6955d58
all runs: OK
# git bisect good 58fa118f3de45481df2ac2b8b41e8114cae2574d
Bisecting: 60 revisions left to test after this (roughly 6 steps)
[06c1c049721a995dee2829ad13b24aaf5d7c5cce] bpf: allow helpers access to variable memory
testing commit 06c1c049721a995dee2829ad13b24aaf5d7c5cce with gcc (GCC) 5.5.0
kernel signature: 397efa25420e78da9622be4a14984dce793ca159179fbc99ba950c622ade621e
run #0: crashed: WARNING in nf_unregister_net_hook
run #1: crashed: WARNING in nf_unregister_net_hook
run #2: OK
run #3: OK
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
# git bisect bad 06c1c049721a995dee2829ad13b24aaf5d7c5cce
Bisecting: 29 revisions left to test after this (roughly 5 steps)
[8d9ba388f35b3c681975a6b3f6ba60bb42c98f8d] Revert "icmp: avoid allocating large struct on stack"
testing commit 8d9ba388f35b3c681975a6b3f6ba60bb42c98f8d with gcc (GCC) 5.5.0
kernel signature: 09546e4871d6444f92307fcd583043c6751279ff78e5cdc23d4d8d2c6eac6005
all runs: OK
# git bisect good 8d9ba388f35b3c681975a6b3f6ba60bb42c98f8d
Bisecting: 14 revisions left to test after this (roughly 4 steps)
[a046d57da19f812216f393e7c535f5858f793ac3] smc: CLC handshake (incl. preparation steps)
testing commit a046d57da19f812216f393e7c535f5858f793ac3 with gcc (GCC) 5.5.0
kernel signature: 41b859a4ed74e3ae80ac2060f6637ea88c1d6815512f109847a3dcdcf933bab5
run #0: crashed: WARNING in nf_unregister_net_hook
run #1: OK
run #2: OK
run #3: OK
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
# git bisect bad a046d57da19f812216f393e7c535f5858f793ac3
Bisecting: 6 revisions left to test after this (roughly 3 steps)
[159c2a90442c6d5ad0b3d085e348979cd9a0ac1b] sh_eth: enable wake-on-lan for sh7734
testing commit 159c2a90442c6d5ad0b3d085e348979cd9a0ac1b with gcc (GCC) 5.5.0
kernel signature: a21bdb24f5b32ef23dc159a4c654b63e4a85478cda2c650b3dd53f0457e5513b
run #0: crashed: WARNING in nf_unregister_net_hook
run #1: OK
run #2: OK
run #3: OK
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
# git bisect bad 159c2a90442c6d5ad0b3d085e348979cd9a0ac1b
Bisecting: 3 revisions left to test after this (roughly 2 steps)
[6dcf45e514974a1ff10755015b5e06746a033e5f] sh_eth: use correct name for ECMR_MPDE bit
testing commit 6dcf45e514974a1ff10755015b5e06746a033e5f with gcc (GCC) 5.5.0
kernel signature: 87d61d4704a213a37113d206965307ed6e9b6894dd24eecb0d4610246adaa94d
run #0: crashed: general protection fault in batadv_iv_ogm_queue_add
run #1: OK
run #2: OK
run #3: OK
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
# git bisect bad 6dcf45e514974a1ff10755015b5e06746a033e5f
Bisecting: 1 revision left to test after this (roughly 1 step)
[7ba91ecb16824f74ba4fcbc4e88cd4d24a839b25] net: for rate-limited ICMP replies save one atomic operation
testing commit 7ba91ecb16824f74ba4fcbc4e88cd4d24a839b25 with gcc (GCC) 5.5.0
kernel signature: 089aa9fe5c3ed48a7d37f29f472b9e030977e00d40c8fc857abf93d00c630c13
run #0: crashed: WARNING in nf_unregister_net_hook
run #1: crashed: WARNING in nf_unregister_net_hook
run #2: OK
run #3: OK
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
# git bisect bad 7ba91ecb16824f74ba4fcbc4e88cd4d24a839b25
Bisecting: 0 revisions left to test after this (roughly 0 steps)
[c0303efeab7391ec51c337e0ac5740860ad01fe7] net: reduce cycles spend on ICMP replies that gets rate limited
testing commit c0303efeab7391ec51c337e0ac5740860ad01fe7 with gcc (GCC) 5.5.0
kernel signature: d40def3e828eb0556ea42552ac854c0a73a5e10ddc6e0d269a95dbaafc2c2d0f
run #0: crashed: WARNING in nf_unregister_net_hook
run #1: OK
run #2: OK
run #3: OK
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
# git bisect bad c0303efeab7391ec51c337e0ac5740860ad01fe7
c0303efeab7391ec51c337e0ac5740860ad01fe7 is the first bad commit
commit c0303efeab7391ec51c337e0ac5740860ad01fe7
Author: Jesper Dangaard Brouer <brouer@redhat.com>
Date:   Mon Jan 9 16:04:09 2017 +0100

    net: reduce cycles spend on ICMP replies that gets rate limited
    
    This patch split the global and per (inet)peer ICMP-reply limiter
    code, and moves the global limit check to earlier in the packet
    processing path.  Thus, avoid spending cycles on ICMP replies that
    gets limited/suppressed anyhow.
    
    The global ICMP rate limiter icmp_global_allow() is a good solution,
    it just happens too late in the process.  The kernel goes through the
    full route lookup (return path) for the ICMP message, before taking
    the rate limit decision of not sending the ICMP reply.
    
    Details: The kernels global rate limiter for ICMP messages got added
    in commit 4cdf507d5452 ("icmp: add a global rate limitation").  It is
    a token bucket limiter with a global lock.  It brilliantly avoids
    locking congestion by only updating when 20ms (HZ/50) were elapsed. It
    can then avoids taking lock when credit is exhausted (when under
    pressure) and time constraint for refill is not yet meet.
    
    Signed-off-by: Jesper Dangaard Brouer <brouer@redhat.com>
    Acked-by: Eric Dumazet <edumazet@google.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>

 net/ipv4/icmp.c | 71 ++++++++++++++++++++++++++++++++++++++-------------------
 net/ipv6/icmp.c | 49 +++++++++++++++++++++++++++------------
 2 files changed, 82 insertions(+), 38 deletions(-)
culprit signature: d40def3e828eb0556ea42552ac854c0a73a5e10ddc6e0d269a95dbaafc2c2d0f
parent  signature: 09546e4871d6444f92307fcd583043c6751279ff78e5cdc23d4d8d2c6eac6005
revisions tested: 36, total time: 7h51m51.475390596s (build: 3h12m50.073878524s, test: 4h34m15.918427314s)
first bad commit: c0303efeab7391ec51c337e0ac5740860ad01fe7 net: reduce cycles spend on ICMP replies that gets rate limited
recipients (to): ["brouer@redhat.com" "davem@davemloft.net" "edumazet@google.com"]
recipients (cc): []
crash: WARNING in nf_unregister_net_hook
team0 (unregistering): Port device team_slave_0 removed
bond0 (unregistering): Releasing backup interface bond_slave_1
bond0 (unregistering): Releasing backup interface bond_slave_0
bond0 (unregistering): Released all slaves
------------[ cut here ]------------
WARNING: CPU: 0 PID: 158 at net/netfilter/core.c:147 nf_unregister_net_hook+0x292/0x3c0 net/netfilter/core.c:147
nf_unregister_net_hook: hook not found!
Kernel panic - not syncing: panic_on_warn set ...

CPU: 0 PID: 158 Comm: kworker/u4:3 Not tainted 4.10.0-rc3-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: netns cleanup_net
Call Trace:
 __dump_stack lib/dump_stack.c:15 [inline]
 dump_stack+0x136/0x1d4 lib/dump_stack.c:51
 panic+0x1b6/0x358 kernel/panic.c:179
 __warn+0x18d/0x1b0 kernel/panic.c:539
 warn_slowpath_fmt+0x92/0xb0 kernel/panic.c:562
 nf_unregister_net_hook+0x292/0x3c0 net/netfilter/core.c:147
 nf_unregister_hook_list net/netfilter/core.c:443 [inline]
 netfilter_net_exit+0x36/0xa0 net/netfilter/core.c:475
 ops_exit_list.isra.0+0x8e/0x120 net/core/net_namespace.c:139
 cleanup_net+0x38e/0x7d0 net/core/net_namespace.c:461
 process_one_work+0x685/0x1660 kernel/workqueue.c:2098
 worker_thread+0xe1/0x1110 kernel/workqueue.c:2232
 kthread+0x2c9/0x3d0 kernel/kthread.c:227
 ret_from_fork+0x2a/0x40 arch/x86/entry/entry_64.S:427
Kernel Offset: disabled