bisecting fixing commit since e0f8b8a65a473a8baa439cf865a694bbeb83fe90 building syzkaller on 5d7b90f1af2e3bf33992b75e7fcf0bab6bf49bd6 testing commit e0f8b8a65a473a8baa439cf865a694bbeb83fe90 with gcc (GCC) 8.1.0 kernel signature: 5030dde09a1645ef3c5cf7b24879d48420a7b6685523ccd8522ff2ad27553527 run #0: crashed: kernel panic: Out of memory and no killable processes... run #1: crashed: INFO: task hung in hashlimit_mt_check_common run #2: crashed: BUG: workqueue lockup run #3: crashed: BUG: workqueue lockup run #4: crashed: INFO: task hung in synchronize_rcu run #5: crashed: INFO: task hung in hashlimit_mt_check_common run #6: crashed: INFO: task hung in synchronize_rcu run #7: crashed: BUG: workqueue lockup run #8: crashed: INFO: task hung in hashlimit_mt_check_common run #9: crashed: INFO: task hung in hashlimit_mt_check_common testing current HEAD 12cd844a39ed16aa183a820a54fe6f9a0bb4cd14 testing commit 12cd844a39ed16aa183a820a54fe6f9a0bb4cd14 with gcc (GCC) 8.1.0 kernel signature: e68f71e3dd67f16d2f8038bd4413963de2158fd49d9ed044c7cb354c626f3444 all runs: OK # git bisect start 12cd844a39ed16aa183a820a54fe6f9a0bb4cd14 e0f8b8a65a473a8baa439cf865a694bbeb83fe90 Bisecting: 266 revisions left to test after this (roughly 8 steps) [b8bedd5bfaa6a1cc9df7c96d9723d9e7aa882f8d] PM / devfreq: rk3399_dmc: Add COMPILE_TEST and HAVE_ARM_SMCCC dependency testing commit b8bedd5bfaa6a1cc9df7c96d9723d9e7aa882f8d with gcc (GCC) 8.1.0 kernel signature: 5e5c98d17011bb92620cbd7d7f1754e7f673a3495b2a61db79594a80c0455223 run #0: OK run #1: crashed: BUG: workqueue lockup run #2: crashed: BUG: workqueue lockup run #3: crashed: BUG: workqueue lockup run #4: crashed: BUG: workqueue lockup run #5: crashed: BUG: workqueue lockup run #6: crashed: INFO: task hung in hashlimit_mt_check_common run #7: crashed: INFO: task hung in htable_put run #8: crashed: INFO: task hung in synchronize_rcu run #9: crashed: INFO: task hung in hashlimit_mt_check_common # git bisect good b8bedd5bfaa6a1cc9df7c96d9723d9e7aa882f8d Bisecting: 133 revisions left to test after this (roughly 7 steps) [720c4bc2245c6e48644d21e3c2a4773054758e96] ALSA: rawmidi: Avoid bit fields for state flags testing commit 720c4bc2245c6e48644d21e3c2a4773054758e96 with gcc (GCC) 8.1.0 kernel signature: acfd55a111bb09ffb4e168341017e071c59870b2f51cd230f93276f0b476ad5b run #0: basic kernel testing failed: failed to copy test binary to VM: failed to run ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "-i" "/syzkaller/jobs/linux/workdir/image/key" "/tmp/syz-executor397487450" "root@10.128.10.55:./syz-executor397487450"]: exit status 1 ssh: connect to host 10.128.10.55 port 22: Connection timed out lost connection run #1: basic kernel testing failed: failed to copy test binary to VM: failed to run ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "-i" "/syzkaller/jobs/linux/workdir/image/key" "/tmp/syz-executor984568561" "root@10.128.10.56:./syz-executor984568561"]: exit status 1 Connection timed out during banner exchange lost connection run #2: crashed: INFO: task hung in htable_put run #3: crashed: INFO: task hung in hashlimit_mt_check_common run #4: crashed: INFO: task hung in hashlimit_mt_check_common run #5: crashed: BUG: workqueue lockup run #6: crashed: BUG: workqueue lockup run #7: crashed: INFO: task hung in htable_put run #8: crashed: BUG: workqueue lockup run #9: crashed: BUG: workqueue lockup # git bisect good 720c4bc2245c6e48644d21e3c2a4773054758e96 Bisecting: 66 revisions left to test after this (roughly 6 steps) [cf66af9d9305c3caead5446ced6ad7af762e3e86] drivers: net: xgene: Fix the order of the arguments of 'alloc_etherdev_mqs()' testing commit cf66af9d9305c3caead5446ced6ad7af762e3e86 with gcc (GCC) 8.1.0 kernel signature: e249962f11e331cf644ad7ce32d58f6b5964a57b2ac00f721acffef019660d0e failed: failed to create VM pool: failed to create GCE image: create image operation failed: &{Code:INTERNAL_ERROR Location: Message:Internal error. Please try again or contact Google Support. (Code: '1202206047459141223') ForceSendFields:[] NullFields:[]}. # git bisect skip cf66af9d9305c3caead5446ced6ad7af762e3e86 Bisecting: 66 revisions left to test after this (roughly 6 steps) [6d53f29dd99bde2cf093f4246a6f602f4507f552] serial: ar933x_uart: set UART_CS_{RX,TX}_READY_ORIDE testing commit 6d53f29dd99bde2cf093f4246a6f602f4507f552 with gcc (GCC) 8.1.0 kernel signature: 8643eda3bbd09037df01dfa9c234cc1dbd8b4921b8b3f7f2718e2ced8cd61567 all runs: OK # git bisect bad 6d53f29dd99bde2cf093f4246a6f602f4507f552 Bisecting: 39 revisions left to test after this (roughly 5 steps) [267e0a91b898619f9e747f944bb80e198910f7b4] ext4: potential crash on allocation error in ext4_alloc_flex_bg_array() testing commit 267e0a91b898619f9e747f944bb80e198910f7b4 with gcc (GCC) 8.1.0 kernel signature: 9cbe2e981247cde13adb9bd077f2ce8578818910209d6a79f73457a410623347 all runs: OK # git bisect bad 267e0a91b898619f9e747f944bb80e198910f7b4 Bisecting: 19 revisions left to test after this (roughly 4 steps) [482c613e4fb841a149e117555d59255dd1de03d1] net: ena: fix uses of round_jiffies() testing commit 482c613e4fb841a149e117555d59255dd1de03d1 with gcc (GCC) 8.1.0 kernel signature: 56527c9e69a16d074f0b6127c67880f0385de4f84a5f0b2de0da272159560119 all runs: OK # git bisect bad 482c613e4fb841a149e117555d59255dd1de03d1 Bisecting: 10 revisions left to test after this (roughly 3 steps) [2afeb56881da66c09e8d2b5f6965eabeb75ce834] ext4: fix potential race between online resizing and write operations testing commit 2afeb56881da66c09e8d2b5f6965eabeb75ce834 with gcc (GCC) 8.1.0 kernel signature: a3bbfcffcfdd7a34c6efbe5be4a82cb1424b8cf02a9b04a0534f21edd9dddc70 all runs: OK # git bisect bad 2afeb56881da66c09e8d2b5f6965eabeb75ce834 Bisecting: 4 revisions left to test after this (roughly 2 steps) [f02017e021758c6dc3da591cac78ed512813dbb1] xen: Enable interrupts when calling _cond_resched() testing commit f02017e021758c6dc3da591cac78ed512813dbb1 with gcc (GCC) 8.1.0 kernel signature: deb091ba1688d689b4c015b7d47b5bfc390680ca3ac99086859d7e76fab5027d all runs: OK # git bisect bad f02017e021758c6dc3da591cac78ed512813dbb1 Bisecting: 1 revision left to test after this (roughly 1 step) [a86265edeb3314f9c3270a5bf18b4e72ebc65beb] netfilter: xt_hashlimit: limit the max size of hashtable testing commit a86265edeb3314f9c3270a5bf18b4e72ebc65beb with gcc (GCC) 8.1.0 kernel signature: 6017b1464eb92b5a04838d9404ce1bb6a53619690ba23786e936733bb4c7e177 all runs: OK # git bisect bad a86265edeb3314f9c3270a5bf18b4e72ebc65beb Bisecting: 1 revision left to test after this (roughly 1 step) [29238bccf63b8339a2b65bcbecb07c142f1d7073] ALSA: seq: Avoid concurrent access to queue flags testing commit 29238bccf63b8339a2b65bcbecb07c142f1d7073 with gcc (GCC) 8.1.0 kernel signature: 604a8089f0950b584533bda8063ed6bc800723fdef2c4ae6d3b4af080f0c9e31 run #0: crashed: BUG: workqueue lockup run #1: crashed: INFO: task hung in htable_put run #2: crashed: INFO: task hung in hashlimit_mt_check_common run #3: crashed: BUG: workqueue lockup run #4: crashed: BUG: workqueue lockup run #5: crashed: BUG: workqueue lockup run #6: crashed: BUG: workqueue lockup run #7: crashed: BUG: workqueue lockup run #8: crashed: INFO: task hung in hashlimit_mt_check_common run #9: crashed: INFO: task hung in hashlimit_mt_check_common # git bisect good 29238bccf63b8339a2b65bcbecb07c142f1d7073 Bisecting: 0 revisions left to test after this (roughly 0 steps) [c33c14e30f3437d419761048f70dd88b7ec797c8] ALSA: seq: Fix concurrent access to queue current tick/time testing commit c33c14e30f3437d419761048f70dd88b7ec797c8 with gcc (GCC) 8.1.0 kernel signature: a3c396babc4ab66300a8b0c50093d4a6026934c7f3b08aa049f1cc329d7afc8a run #0: crashed: INFO: task hung in hashlimit_mt_check_common run #1: crashed: INFO: task hung in hashlimit_mt_check_common run #2: crashed: INFO: task hung in htable_put run #3: crashed: INFO: task hung in synchronize_rcu run #4: crashed: INFO: task hung in htable_put run #5: crashed: INFO: task hung in hashlimit_mt_check_common run #6: crashed: INFO: task hung in htable_put run #7: crashed: INFO: task hung in synchronize_rcu run #8: crashed: BUG: workqueue lockup run #9: crashed: BUG: workqueue lockup # git bisect good c33c14e30f3437d419761048f70dd88b7ec797c8 a86265edeb3314f9c3270a5bf18b4e72ebc65beb is the first bad commit commit a86265edeb3314f9c3270a5bf18b4e72ebc65beb Author: Cong Wang Date: Sun Feb 2 20:30:53 2020 -0800 netfilter: xt_hashlimit: limit the max size of hashtable commit 8d0015a7ab76b8b1e89a3e5f5710a6e5103f2dd5 upstream. The user-specified hashtable size is unbound, this could easily lead to an OOM or a hung task as we hold the global mutex while allocating and initializing the new hashtable. Add a max value to cap both cfg->size and cfg->max, as suggested by Florian. Reported-and-tested-by: syzbot+adf6c6c2be1c3a718121@syzkaller.appspotmail.com Signed-off-by: Cong Wang Reviewed-by: Florian Westphal Signed-off-by: Pablo Neira Ayuso Signed-off-by: Greg Kroah-Hartman net/netfilter/xt_hashlimit.c | 10 ++++++++++ 1 file changed, 10 insertions(+) culprit signature: 6017b1464eb92b5a04838d9404ce1bb6a53619690ba23786e936733bb4c7e177 parent signature: a3c396babc4ab66300a8b0c50093d4a6026934c7f3b08aa049f1cc329d7afc8a revisions tested: 13, total time: 3h56m45.280358779s (build: 2h0m30.636906594s, test: 1h54m32.722602254s) first good commit: a86265edeb3314f9c3270a5bf18b4e72ebc65beb netfilter: xt_hashlimit: limit the max size of hashtable cc: ["fw@strlen.de" "gregkh@linuxfoundation.org" "pablo@netfilter.org" "syzbot+adf6c6c2be1c3a718121@syzkaller.appspotmail.com" "xiyou.wangcong@gmail.com"]