bisecting cause commit starting from 51d69817519f5f00041a1a039277f0367d76c82c building syzkaller on f9b6950728295eb8f52b05a0d9e5dccd99f93eaa testing commit 51d69817519f5f00041a1a039277f0367d76c82c with gcc (GCC) 8.1.0 kernel signature: 48762ef62471861a2ad01dbc47811e54d67ffbb9 all runs: crashed: WARNING in nft_request_module testing release v5.4 testing commit 219d54332a09e8d8741c1e1982f5eae56099de85 with gcc (GCC) 8.1.0 kernel signature: 7c9e32e6f2ce66f645eb844684d5c0350d1dad30 all runs: crashed: WARNING in nft_request_module testing release v5.3 testing commit 4d856f72c10ecb060868ed10ff1b1453943fc6c8 with gcc (GCC) 8.1.0 kernel signature: ec5c5cff824cafff7e4a2dfba46b8a0cd1bf72a8 all runs: crashed: WARNING in nft_request_module testing release v5.2 testing commit 0ecfebd2b52404ae0c54a878c872bb93363ada36 with gcc (GCC) 8.1.0 kernel signature: be31bd5bed07dc597c8636646a17cd4330ea934e all runs: crashed: WARNING in nft_request_module testing release v5.1 testing commit e93c9c99a629c61837d5a7fc2120cd2b6c70dbdd with gcc (GCC) 8.1.0 kernel signature: 8bc8503652853496c15ae3ab1c185a336f6c9ece all runs: crashed: WARNING in nft_request_module testing release v5.0 testing commit 1c163f4c7b3f621efff9b28a47abb36f7378d783 with gcc (GCC) 8.1.0 kernel signature: f408c3d074bdfd97932febac7d4b721a14777523 run #0: crashed: WARNING in nft_request_module run #1: crashed: WARNING in corrupted run #2: crashed: WARNING in nft_request_module run #3: crashed: WARNING in nft_request_module run #4: crashed: WARNING in nft_request_module run #5: crashed: WARNING in nft_request_module run #6: crashed: WARNING in nft_request_module run #7: crashed: WARNING in nft_request_module run #8: crashed: WARNING in nft_request_module run #9: crashed: WARNING in nft_request_module testing release v4.20 testing commit 8fe28cb58bcb235034b64cbbb7550a8a43fd88be with gcc (GCC) 8.1.0 kernel signature: 3e967a2409b5c46e41b00d6f4a35be2c0610d99c run #0: crashed: WARNING in nft_request_module run #1: crashed: WARNING in nft_request_module run #2: crashed: WARNING in nft_request_module run #3: crashed: WARNING in nft_request_module run #4: crashed: WARNING in nft_request_module run #5: crashed: WARNING in nft_request_module run #6: crashed: WARNING in corrupted run #7: crashed: WARNING in nft_request_module run #8: crashed: WARNING in nft_request_module run #9: crashed: WARNING in nft_request_module testing release v4.19 testing commit 84df9525b0c27f3ebc2ebb1864fa62a97fdedb7d with gcc (GCC) 8.1.0 kernel signature: f2ebe8ec7b63f7a6f1335e07c80023b4644d0c74 run #0: crashed: WARNING in nft_request_module run #1: crashed: WARNING in nft_request_module run #2: crashed: WARNING in nft_request_module run #3: crashed: WARNING in nft_request_module run #4: crashed: WARNING in nft_request_module run #5: crashed: WARNING in nft_request_module run #6: crashed: WARNING in nft_request_module run #7: crashed: WARNING in nft_request_module run #8: crashed: WARNING in corrupted run #9: crashed: WARNING in nft_request_module testing release v4.18 testing commit 94710cac0ef4ee177a63b5227664b38c95bbf703 with gcc (GCC) 8.1.0 kernel signature: 508ee2d3f3664ad1a274480b8603430d837504c9 all runs: OK # git bisect start 84df9525b0c27f3ebc2ebb1864fa62a97fdedb7d 94710cac0ef4ee177a63b5227664b38c95bbf703 Bisecting: 7596 revisions left to test after this (roughly 13 steps) [db06f826ec12bf0701ea7fc0a3c0aa00b84417c8] Merge tag 'clk-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/clk/linux testing commit db06f826ec12bf0701ea7fc0a3c0aa00b84417c8 with gcc (GCC) 8.1.0 kernel signature: 38498ff0d28df59b2e524984dbc9891e0784a465 all runs: crashed: WARNING in nft_request_module # git bisect bad db06f826ec12bf0701ea7fc0a3c0aa00b84417c8 Bisecting: 4493 revisions left to test after this (roughly 12 steps) [0a957467c5fd46142bc9c52758ffc552d4c5e2f7] x86: i8259: Add missing include file testing commit 0a957467c5fd46142bc9c52758ffc552d4c5e2f7 with gcc (GCC) 8.1.0 kernel signature: ff4c0cb3972fe5e11fe31a992bee48c02225ed5e all runs: OK # git bisect good 0a957467c5fd46142bc9c52758ffc552d4c5e2f7 Bisecting: 2289 revisions left to test after this (roughly 11 steps) [9a76aba02a37718242d7cdc294f0a3901928aa57] Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next testing commit 9a76aba02a37718242d7cdc294f0a3901928aa57 with gcc (GCC) 8.1.0 kernel signature: 134e7407b245d0004dd7e7ed6a9868a08a60bffa all runs: crashed: WARNING in nft_request_module # git bisect bad 9a76aba02a37718242d7cdc294f0a3901928aa57 Bisecting: 1088 revisions left to test after this (roughly 10 steps) [a527d3f728bfdb6c30c8ecc0b58e695d05d42fc8] Merge tag 'wireless-drivers-next-for-davem-2018-07-23' of git://git.kernel.org/pub/scm/linux/kernel/git/kvalo/wireless-drivers-next testing commit a527d3f728bfdb6c30c8ecc0b58e695d05d42fc8 with gcc (GCC) 8.1.0 kernel signature: 3bead5c2a7060b809d81fb30f3b1fb1d1d2a4871 all runs: crashed: WARNING in nft_request_module # git bisect bad a527d3f728bfdb6c30c8ecc0b58e695d05d42fc8 Bisecting: 557 revisions left to test after this (roughly 9 steps) [f9520b86dc22b6ac0ad2926cfa334e9fecb68a12] be2net: remove unused tx_jiffies field from be_tx_stats testing commit f9520b86dc22b6ac0ad2926cfa334e9fecb68a12 with gcc (GCC) 8.1.0 kernel signature: 61ccf104b6658aa4059d763a905ad06cd117cd0d all runs: OK # git bisect good f9520b86dc22b6ac0ad2926cfa334e9fecb68a12 Bisecting: 278 revisions left to test after this (roughly 8 steps) [0e2c17b64d5c7f57bcd7054ef87797376dcdee26] net/sched: cls_flower: Support matching on ip tos and ttl for tunnels testing commit 0e2c17b64d5c7f57bcd7054ef87797376dcdee26 with gcc (GCC) 8.1.0 kernel signature: eb91d71d2c90314a8844a166edc6d10675a2c7ca all runs: OK # git bisect good 0e2c17b64d5c7f57bcd7054ef87797376dcdee26 Bisecting: 139 revisions left to test after this (roughly 7 steps) [6a525818b135d72f3706b5114174e5215c217054] Merge branch 'smc-next' testing commit 6a525818b135d72f3706b5114174e5215c217054 with gcc (GCC) 8.1.0 kernel signature: 15af4929df347f8ff583c766075a212e731c3556 run #0: crashed: WARNING in corrupted run #1: crashed: WARNING in nft_request_module run #2: crashed: WARNING in nft_request_module run #3: crashed: WARNING in nft_request_module run #4: crashed: WARNING in nft_request_module run #5: crashed: WARNING in nft_request_module run #6: crashed: WARNING in nft_request_module run #7: crashed: WARNING in nft_request_module run #8: crashed: WARNING in nft_request_module run #9: crashed: WARNING in nft_request_module # git bisect bad 6a525818b135d72f3706b5114174e5215c217054 Bisecting: 59 revisions left to test after this (roughly 6 steps) [eae249b27f0447a92b3f8c72cc45fcc4609ae00d] Merge git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next testing commit eae249b27f0447a92b3f8c72cc45fcc4609ae00d with gcc (GCC) 8.1.0 kernel signature: 6401e362a757c097290c5e67c9959ce174b83c35 run #0: crashed: WARNING in nft_request_module run #1: crashed: WARNING in nft_request_module run #2: crashed: WARNING in nft_request_module run #3: crashed: WARNING in nft_request_module run #4: crashed: WARNING in corrupted run #5: crashed: WARNING in nft_request_module run #6: crashed: WARNING in nft_request_module run #7: crashed: WARNING in nft_request_module run #8: crashed: WARNING in nft_request_module run #9: crashed: WARNING in nft_request_module # git bisect bad eae249b27f0447a92b3f8c72cc45fcc4609ae00d Bisecting: 40 revisions left to test after this (roughly 5 steps) [24c458c485c87eef97e91d2e180f222555528b11] netfilter: nf_osf: add missing definitions to header file testing commit 24c458c485c87eef97e91d2e180f222555528b11 with gcc (GCC) 8.1.0 kernel signature: ae891bf04bcb6a9c02dc70b16032d8c5e29f980a run #0: crashed: WARNING in nft_request_module run #1: crashed: WARNING in nft_request_module run #2: crashed: WARNING in nft_request_module run #3: crashed: WARNING in nft_request_module run #4: crashed: WARNING in nft_request_module run #5: crashed: WARNING in corrupted run #6: crashed: WARNING in nft_request_module run #7: crashed: WARNING in corrupted run #8: crashed: WARNING in corrupted run #9: crashed: WARNING in nft_request_module # git bisect bad 24c458c485c87eef97e91d2e180f222555528b11 Bisecting: 18 revisions left to test after this (roughly 4 steps) [976afca1ceba53df6f4a543014e15d1c7a962571] netfilter: nf_conncount: Early exit in nf_conncount_lookup() and cleanup testing commit 976afca1ceba53df6f4a543014e15d1c7a962571 with gcc (GCC) 8.1.0 kernel signature: c18abdcc0072f1b847708c1225886f53fa326609 all runs: OK # git bisect good 976afca1ceba53df6f4a543014e15d1c7a962571 Bisecting: 9 revisions left to test after this (roughly 3 steps) [452238e8d5ffd8b77f92387519513839d4ca7379] netfilter: nf_tables: add and use helper for module autoload testing commit 452238e8d5ffd8b77f92387519513839d4ca7379 with gcc (GCC) 8.1.0 kernel signature: 1c41d000e6652790a994915d6d3f98400c2b96c0 all runs: crashed: WARNING in nft_request_module # git bisect bad 452238e8d5ffd8b77f92387519513839d4ca7379 Bisecting: 4 revisions left to test after this (roughly 2 steps) [ed07d9a021df6da53456663a76999189badc432a] netfilter: nf_conntrack: resolve clash for matching conntracks testing commit ed07d9a021df6da53456663a76999189badc432a with gcc (GCC) 8.1.0 kernel signature: d1df74e0b01a05820ac51ecd1ece2535a376f011 all runs: OK # git bisect good ed07d9a021df6da53456663a76999189badc432a Bisecting: 2 revisions left to test after this (roughly 1 step) [275411430f892407b885be1de2548b2e632892c3] ipvs: add assured state for conn templates testing commit 275411430f892407b885be1de2548b2e632892c3 with gcc (GCC) 8.1.0 kernel signature: 74c6482f7f02a02ee9be38fe1d53cd53ae6e1408 all runs: OK # git bisect good 275411430f892407b885be1de2548b2e632892c3 Bisecting: 0 revisions left to test after this (roughly 1 step) [440534d3c56be04abfb26850ee882d19d223557a] netfilter: Remove useless param helper of nf_ct_helper_ext_add testing commit 440534d3c56be04abfb26850ee882d19d223557a with gcc (GCC) 8.1.0 kernel signature: fb9121f5771fb01e29c29903f32d2c22f7a20798 all runs: OK # git bisect good 440534d3c56be04abfb26850ee882d19d223557a 452238e8d5ffd8b77f92387519513839d4ca7379 is the first bad commit commit 452238e8d5ffd8b77f92387519513839d4ca7379 Author: Florian Westphal Date: Wed Jul 11 13:45:10 2018 +0200 netfilter: nf_tables: add and use helper for module autoload module autoload is problematic, it requires dropping the mutex that protects the transaction. Once the mutex has been dropped, another client can start a new transaction before we had a chance to abort current transaction log. This helper makes sure we first zap the transaction log, then drop mutex for module autoload. In case autload is successful, the caller has to reply entire message anyway. Signed-off-by: Florian Westphal Signed-off-by: Pablo Neira Ayuso net/netfilter/nf_tables_api.c | 81 +++++++++++++++++++++++++++---------------- 1 file changed, 52 insertions(+), 29 deletions(-) culprit signature: 1c41d000e6652790a994915d6d3f98400c2b96c0 parent signature: fb9121f5771fb01e29c29903f32d2c22f7a20798 revisions tested: 23, total time: 4h44m16.420894496s (build: 2h27m27.013762826s, test: 2h13m22.185062152s) first bad commit: 452238e8d5ffd8b77f92387519513839d4ca7379 netfilter: nf_tables: add and use helper for module autoload cc: ["coreteam@netfilter.org" "davem@davemloft.net" "fw@strlen.de" "kadlec@blackhole.kfki.hu" "linux-kernel@vger.kernel.org" "netdev@vger.kernel.org" "netfilter-devel@vger.kernel.org" "pablo@netfilter.org"] crash: WARNING in nft_request_module IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready ------------[ cut here ]------------ truncated: 'nft-expr-0-LMMR~*{F DcHc(?V' (len 209) device veth1_vlan entered promiscuous mode WARNING: CPU: 0 PID: 6864 at net/netfilter/nf_tables_api.c:480 nft_request_module+0x14d/0x160 net/netfilter/nf_tables_api.c:480 IPv6: ADDRCONF(NETDEV_UP): macvlan0: link is not ready Kernel panic - not syncing: panic_on_warn set ... CPU: 0 PID: 6864 Comm: syz-executor.4 Not tainted 4.18.0-rc3-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x109/0x15a lib/dump_stack.c:113 panic+0x1c6/0x36b kernel/panic.c:184 __warn.cold.8+0x120/0x168 kernel/panic.c:536 report_bug+0x1a4/0x200 lib/bug.c:186 fixup_bug arch/x86/kernel/traps.c:178 [inline] do_error_trap+0x200/0x350 arch/x86/kernel/traps.c:296 IPv6: ADDRCONF(NETDEV_UP): macvlan1: link is not ready do_invalid_op+0x1b/0x20 arch/x86/kernel/traps.c:316 invalid_op+0x14/0x20 arch/x86/entry/entry_64.S:992 RIP: 0010:nft_request_module+0x14d/0x160 net/netfilter/nf_tables_api.c:480 IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready Code: 65 48 33 04 25 28 00 00 00 75 23 48 81 c4 f0 00 00 00 5b 41 5c 5d c3 48 8d 74 24 60 89 IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready c2 48 c7 c7 e0 be a0 87 e8 46 76 b0 fb <0f> 0b eb a8 e8 9a 71 b0 fb 66 2e 0f 1f 84 00 00 00 00 00 48 b8 00 RSP: 0018:ffff8800a167f298 EFLAGS: 00010286 RAX: 0000000000000000 RBX: 1ffff100142cfe53 RCX: 0000000000000000 RDX: 0000000000000001 RSI: 0000000000000008 RDI: ffffffff89f3bd60 RBP: ffff8800a167f398 R08: ffffed0015d83edb R09: ffffed0015d83eda R10: ffffed0015d83eda R11: ffff8800aec1f6d7 R12: ffffffff87a0bfa0 R13: ffff8800a167f528 R14: 0000000000000000 R15: ffff880081dfc4e8 nft_expr_type_get net/netfilter/nf_tables_api.c:1923 [inline] nf_tables_expr_parse+0x388/0x520 net/netfilter/nf_tables_api.c:1998 nf_tables_newrule+0x1187/0x2210 net/netfilter/nf_tables_api.c:2542 nfnetlink_rcv_batch+0x845/0x1440 net/netfilter/nfnetlink.c:421 nfnetlink_rcv_skb_batch net/netfilter/nfnetlink.c:535 [inline] nfnetlink_rcv+0x2f1/0x3b0 net/netfilter/nfnetlink.c:553 netlink_unicast_kernel net/netlink/af_netlink.c:1310 [inline] netlink_unicast+0x443/0x650 net/netlink/af_netlink.c:1336 netlink_sendmsg+0x765/0xc40 net/netlink/af_netlink.c:1901 sock_sendmsg_nosec net/socket.c:641 [inline] sock_sendmsg+0xb5/0xf0 net/socket.c:651 ___sys_sendmsg+0x647/0x950 net/socket.c:2125 __sys_sendmsg+0xd9/0x180 net/socket.c:2163 __do_sys_sendmsg net/socket.c:2172 [inline] __se_sys_sendmsg net/socket.c:2170 [inline] __x64_sys_sendmsg+0x73/0xb0 net/socket.c:2170 do_syscall_64+0xd0/0x4d0 arch/x86/entry/common.c:290 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x45aff9 Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007fce39dc7c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 00007fce39dc86d4 RCX: 000000000045aff9 RDX: 0000000000000000 RSI: 0000000020000240 RDI: 0000000000000005 RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff R13: 0000000000000901 R14: 00000000004ca2fe R15: 000000000075bf2c Kernel Offset: disabled Rebooting in 86400 seconds..