bisecting fixing commit since 9b15f7fae677336e04b9e026ff91854e43165455
building syzkaller on 5d7b90f1af2e3bf33992b75e7fcf0bab6bf49bd6
testing commit 9b15f7fae677336e04b9e026ff91854e43165455 with gcc (GCC) 8.1.0
kernel signature: 3cbadb941fd298066be772050c1b8a556c0caabde797d3af5ab7caa3bfe631f7
run #0: crashed: BUG: looking up invalid subclass: 8
run #1: crashed: BUG: looking up invalid subclass: 8
run #2: crashed: BUG: looking up invalid subclass: 8
run #3: OK
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
testing current HEAD 54b4fa6d39551639cb10664f6ac78b01993a1d7e
testing commit 54b4fa6d39551639cb10664f6ac78b01993a1d7e with gcc (GCC) 8.1.0
kernel signature: 09557018756f6d4b919271ecee2835f2e1bb776382fbd9c220293d77812fb918
run #0: crashed: BUG: looking up invalid subclass: 8
run #1: crashed: BUG: looking up invalid subclass: 8
run #2: crashed: BUG: looking up invalid subclass: 8
run #3: crashed: BUG: looking up invalid subclass: 8
run #4: crashed: BUG: looking up invalid subclass: 8
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
revisions tested: 2, total time: 40m9.833891237s (build: 17m28.89926808s, test: 21m32.335362795s)
the crash still happens on HEAD
commit msg: Linux 4.19.113
crash: BUG: looking up invalid subclass: 8
bond52: Enslaving macvlan83 as an active interface with a down link
8021q: adding VLAN 0 to HW filter on device macvlan87
8021q: adding VLAN 0 to HW filter on device macvlan88
8021q: adding VLAN 0 to HW filter on device macvlan89
8021q: adding VLAN 0 to HW filter on device macvlan90
BUG: looking up invalid subclass: 8
turning off the locking correctness validator.
CPU: 1 PID: 21156 Comm: syz-executor.2 Not tainted 4.19.113-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x123/0x177 lib/dump_stack.c:118
 look_up_lock_class kernel/locking/lockdep.c:662 [inline]
 register_lock_class+0x952/0x2350 kernel/locking/lockdep.c:748
 __lock_acquire+0x160/0x4980 kernel/locking/lockdep.c:3299
 lock_acquire+0x173/0x3d0 kernel/locking/lockdep.c:3903
 _raw_spin_lock_nested+0x33/0x50 kernel/locking/spinlock.c:354
 bond_get_stats+0xcc/0x500 drivers/net/bonding/bond_main.c:3450
 dev_get_stats+0x85/0x270 net/core/dev.c:9031
 rtnl_fill_stats+0x44/0xc00 net/core/rtnetlink.c:1176
 rtnl_fill_ifinfo+0xe1f/0x3170 net/core/rtnetlink.c:1663
 rtmsg_ifinfo_build_skb+0xc4/0x170 net/core/rtnetlink.c:3356
 rtmsg_ifinfo_event.part.32+0x1a/0xb0 net/core/rtnetlink.c:3388
 rtmsg_ifinfo_event net/core/rtnetlink.c:4835 [inline]
 rtnetlink_event+0xc7/0x120 net/core/rtnetlink.c:4828
 notifier_call_chain+0x8a/0x160 kernel/notifier.c:93
 __raw_notifier_call_chain kernel/notifier.c:394 [inline]
 raw_notifier_call_chain+0x11/0x20 kernel/notifier.c:401
 call_netdevice_notifiers_info+0x28/0x60 net/core/dev.c:1748
 call_netdevice_notifiers net/core/dev.c:1766 [inline]
 netdev_features_change net/core/dev.c:1334 [inline]
 netdev_change_features+0x76/0xa0 net/core/dev.c:8467
 bond_compute_features.isra.47+0x4ab/0x800 drivers/net/bonding/bond_main.c:1116
 bond_enslave+0x14d8/0x4c40 drivers/net/bonding/bond_main.c:1754
 do_set_master+0x171/0x200 net/core/rtnetlink.c:2321
 rtnl_newlink+0xe84/0x1310 net/core/rtnetlink.c:3169
 rtnetlink_rcv_msg+0x34f/0x8f0 net/core/rtnetlink.c:4777
 netlink_rcv_skb+0x142/0x390 net/netlink/af_netlink.c:2455
 rtnetlink_rcv+0x10/0x20 net/core/rtnetlink.c:4795
 netlink_unicast_kernel net/netlink/af_netlink.c:1318 [inline]
 netlink_unicast+0x443/0x650 net/netlink/af_netlink.c:1344
 netlink_sendmsg+0x765/0xc40 net/netlink/af_netlink.c:1909
 sock_sendmsg_nosec net/socket.c:622 [inline]
 sock_sendmsg+0xb5/0xf0 net/socket.c:632
 ___sys_sendmsg+0x647/0x950 net/socket.c:2115
 __sys_sendmsg+0xd9/0x180 net/socket.c:2153
 __do_sys_sendmsg net/socket.c:2162 [inline]
 __se_sys_sendmsg net/socket.c:2160 [inline]
 __x64_sys_sendmsg+0x73/0xb0 net/socket.c:2160
 do_syscall_64+0xd0/0x4e0 arch/x86/entry/common.c:293
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x45c6c9
Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007f77c0113c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00007f77c01146d4 RCX: 000000000045c6c9
RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000005
RBP: 000000000076bfc8 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
R13: 00000000000009cb R14: 00000000004cc6fd R15: 000000000076bfd4
bond54: making interface macvlan90 the new active one
bond54: Enslaving macvlan90 as an active interface with an up link
8021q: adding VLAN 0 to HW filter on device macvlan91
bond55: making interface macvlan91 the new active one
bond55: Enslaving macvlan91 as an active interface with an up link
8021q: adding VLAN 0 to HW filter on device macvlan92
bond56: Enslaving macvlan92 as an active interface with a down link
8021q: adding VLAN 0 to HW filter on device macvlan94
bond57: Enslaving macvlan94 as an active interface with a down link
8021q: adding VLAN 0 to HW filter on device macvlan96
bond58: making interface macvlan96 the new active one
bond58: Enslaving macvlan96 as an active interface with an up link
8021q: adding VLAN 0 to HW filter on device macvlan97
bond59: making interface macvlan97 the new active one
bond59: Enslaving macvlan97 as an active interface with an up link
8021q: adding VLAN 0 to HW filter on device macvlan98
bond60: Enslaving macvlan98 as an active interface with a down link
8021q: adding VLAN 0 to HW filter on device macvlan100
bond61: Enslaving macvlan100 as an active interface with a down link
8021q: adding VLAN 0 to HW filter on device macvlan104
bond64: Enslaving macvlan104 as an active interface with a down link
8021q: adding VLAN 0 to HW filter on device macvlan106
bond65: Enslaving macvlan106 as an active interface with a down link
8021q: adding VLAN 0 to HW filter on device macvlan108
bond66: Enslaving macvlan108 as an active interface with a down link
8021q: adding VLAN 0 to HW filter on device macvlan110
bond67: Enslaving macvlan110 as an active interface with a down link
validate_nla: 129 callbacks suppressed
netlink: 'syz-executor.1': attribute type 1 has an invalid length.
netlink: 'syz-executor.3': attribute type 1 has an invalid length.
netlink: 'syz-executor.1': attribute type 1 has an invalid length.
netlink: 'syz-executor.5': attribute type 1 has an invalid length.
netlink: 'syz-executor.0': attribute type 1 has an invalid length.
netlink: 'syz-executor.4': attribute type 1 has an invalid length.
netlink: 'syz-executor.2': attribute type 1 has an invalid length.
netlink: 'syz-executor.3': attribute type 1 has an invalid length.
netlink: 'syz-executor.4': attribute type 1 has an invalid length.
netlink: 'syz-executor.0': attribute type 1 has an invalid length.
8021q: adding VLAN 0 to HW filter on device macvlan113
bond69: Enslaving macvlan113 as an active interface with a down link
validate_nla: 215 callbacks suppressed
netlink: 'syz-executor.4': attribute type 1 has an invalid length.
netlink: 'syz-executor.2': attribute type 1 has an invalid length.
netlink: 'syz-executor.5': attribute type 1 has an invalid length.
netlink: 'syz-executor.0': attribute type 1 has an invalid length.
netlink: 'syz-executor.1': attribute type 1 has an invalid length.
netlink: 'syz-executor.3': attribute type 1 has an invalid length.
netlink: 'syz-executor.4': attribute type 1 has an invalid length.
netlink: 'syz-executor.1': attribute type 1 has an invalid length.
netlink: 'syz-executor.2': attribute type 1 has an invalid length.
netlink: 'syz-executor.5': attribute type 1 has an invalid length.