bisecting cause commit starting from 12ceaf8864c269467846379ebea56a2b996f9e3b building syzkaller on f3c4e6185953baea53d5651b84bd5897c02627f4 testing commit 12ceaf8864c269467846379ebea56a2b996f9e3b with gcc (GCC) 8.1.0 all runs: crashed: kernel panic: stack is corrupted in rcu_dynticks_curr_cpu_in_eqs testing release v4.19 testing commit 84df9525b0c27f3ebc2ebb1864fa62a97fdedb7d with gcc (GCC) 8.1.0 run #0: basic kernel testing failed: failed to copy test binary to VM: failed to run ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "-i" "/syzkaller/jobs/linux/workdir/image/key" "/tmp/syz-executor211538797" "root@10.128.10.34:./syz-executor211538797"]: exit status 1 ssh: connect to host 10.128.10.34 port 22: Connection timed out lost connection run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect start 12ceaf8864c269467846379ebea56a2b996f9e3b v4.19 Bisecting: 6509 revisions left to test after this (roughly 13 steps) [9703fc8caf36ac65dca1538b23dd137de0b53233] Merge tag 'usb-4.20-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb testing commit 9703fc8caf36ac65dca1538b23dd137de0b53233 with gcc (GCC) 8.1.0 all runs: OK # git bisect good 9703fc8caf36ac65dca1538b23dd137de0b53233 Bisecting: 2950 revisions left to test after this (roughly 12 steps) [738b04fba18d35cd352b7b15afefb8a7b798648e] Merge tag 'staging-4.20-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging testing commit 738b04fba18d35cd352b7b15afefb8a7b798648e with gcc (GCC) 8.1.0 all runs: OK # git bisect good 738b04fba18d35cd352b7b15afefb8a7b798648e Bisecting: 1475 revisions left to test after this (roughly 11 steps) [da71577545a52be3e0e9225a946e5fd79cfab015] rtnetlink: Disallow FDB configuration for non-Ethernet device testing commit da71577545a52be3e0e9225a946e5fd79cfab015 with gcc (GCC) 8.1.0 all runs: OK # git bisect good da71577545a52be3e0e9225a946e5fd79cfab015 Bisecting: 739 revisions left to test after this (roughly 10 steps) [6444ccfd699cda8db5edaac7fa469d6a29aa9a47] Merge branch 'for-4.20' of git://git.kernel.org/pub/scm/linux/kernel/git/dennis/percpu testing commit 6444ccfd699cda8db5edaac7fa469d6a29aa9a47 with gcc (GCC) 8.1.0 all runs: OK # git bisect good 6444ccfd699cda8db5edaac7fa469d6a29aa9a47 Bisecting: 402 revisions left to test after this (roughly 9 steps) [e9ebc2151f88600e726e51e5f7ca9c33ad53b35f] Merge branch 'irq-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip testing commit e9ebc2151f88600e726e51e5f7ca9c33ad53b35f with gcc (GCC) 8.1.0 all runs: OK # git bisect good e9ebc2151f88600e726e51e5f7ca9c33ad53b35f Bisecting: 201 revisions left to test after this (roughly 8 steps) [4581aa96475b792de4b1206a12830339b65ec246] Merge branch 'spectre' of git://git.armlinux.org.uk/~rmk/linux-arm testing commit 4581aa96475b792de4b1206a12830339b65ec246 with gcc (GCC) 8.1.0 all runs: OK # git bisect good 4581aa96475b792de4b1206a12830339b65ec246 Bisecting: 100 revisions left to test after this (roughly 7 steps) [dad54c0fab31c2ed813cb54bb024c65d6467d0b9] net: sched: red: remove unnecessary red_dump_offload_stats parameter testing commit dad54c0fab31c2ed813cb54bb024c65d6467d0b9 with gcc (GCC) 8.1.0 all runs: OK # git bisect good dad54c0fab31c2ed813cb54bb024c65d6467d0b9 Bisecting: 50 revisions left to test after this (roughly 6 steps) [b1817524c028a5a5284f21358185c74790001e0e] net/core: use __vlan_hwaccel helpers testing commit b1817524c028a5a5284f21358185c74790001e0e with gcc (GCC) 8.1.0 all runs: crashed: kernel panic: stack is corrupted in rcu_dynticks_curr_cpu_in_eqs # git bisect bad b1817524c028a5a5284f21358185c74790001e0e Bisecting: 24 revisions left to test after this (roughly 5 steps) [5a541f6d00c6d8aace789dfaa468443bd0edf564] s390/qeth: handle af_iucv skbs in qeth_l3_fill_header() testing commit 5a541f6d00c6d8aace789dfaa468443bd0edf564 with gcc (GCC) 8.1.0 all runs: crashed: kernel panic: stack is corrupted in rcu_dynticks_curr_cpu_in_eqs # git bisect bad 5a541f6d00c6d8aace789dfaa468443bd0edf564 Bisecting: 12 revisions left to test after this (roughly 4 steps) [c3a43b9fec8a1d0cd6c5b404d2c378ac873facad] vxlan: ICMP error lookup handler testing commit c3a43b9fec8a1d0cd6c5b404d2c378ac873facad with gcc (GCC) 8.1.0 all runs: OK # git bisect good c3a43b9fec8a1d0cd6c5b404d2c378ac873facad Bisecting: 6 revisions left to test after this (roughly 3 steps) [32bbd8793f24b0d5beb1cdb33c45c75ad1140e4b] net: Convert protocol error handlers from void to int testing commit 32bbd8793f24b0d5beb1cdb33c45c75ad1140e4b with gcc (GCC) 8.1.0 all runs: OK # git bisect good 32bbd8793f24b0d5beb1cdb33c45c75ad1140e4b Bisecting: 3 revisions left to test after this (roughly 2 steps) [56fd865f46b894681dd7e7f83761243add7a71a3] selftests: pmtu: Introduce FoU and GUE PMTU exceptions tests testing commit 56fd865f46b894681dd7e7f83761243add7a71a3 with gcc (GCC) 8.1.0 all runs: crashed: kernel panic: stack is corrupted in rcu_dynticks_curr_cpu_in_eqs # git bisect bad 56fd865f46b894681dd7e7f83761243add7a71a3 Bisecting: 0 revisions left to test after this (roughly 1 step) [b8a51b38e4d4dec3e379d52c0fe1a66827f7cf1e] fou, fou6: ICMP error handlers for FoU and GUE testing commit b8a51b38e4d4dec3e379d52c0fe1a66827f7cf1e with gcc (GCC) 8.1.0 all runs: crashed: kernel panic: stack is corrupted in rcu_dynticks_curr_cpu_in_eqs # git bisect bad b8a51b38e4d4dec3e379d52c0fe1a66827f7cf1e Bisecting: 0 revisions left to test after this (roughly 0 steps) [e7cc082455cb49ea937a3ec4ab3d001b0b5f137b] udp: Support for error handlers of tunnels with arbitrary destination port testing commit e7cc082455cb49ea937a3ec4ab3d001b0b5f137b with gcc (GCC) 8.1.0 all runs: OK # git bisect good e7cc082455cb49ea937a3ec4ab3d001b0b5f137b b8a51b38e4d4dec3e379d52c0fe1a66827f7cf1e is the first bad commit commit b8a51b38e4d4dec3e379d52c0fe1a66827f7cf1e Author: Stefano Brivio Date: Thu Nov 8 12:19:23 2018 +0100 fou, fou6: ICMP error handlers for FoU and GUE As the destination port in FoU and GUE receiving sockets doesn't necessarily match the remote destination port, we can't associate errors to the encapsulating tunnels with a socket lookup -- we need to blindly try them instead. This means we don't even know if we are handling errors for FoU or GUE without digging into the packets. Hence, implement a single handler for both, one for IPv4 and one for IPv6, that will check whether the packet that generated the ICMP error used a direct IP encapsulation or if it had a GUE header, and send the error to the matching protocol handler, if any. Signed-off-by: Stefano Brivio Reviewed-by: Sabrina Dubroca Signed-off-by: David S. Miller :040000 040000 cabdcb7779c24a357486aae139cb31cdd625bc53 6bc9db712d9698330234b7c8c934dcfc71cfb657 M net revisions tested: 16, total time: 4h42m5.949051619s (build: 1h33m30.863082661s, test: 3h3m22.583400317s) first bad commit: b8a51b38e4d4dec3e379d52c0fe1a66827f7cf1e fou, fou6: ICMP error handlers for FoU and GUE cc: ["davem@davemloft.net" "kuznet@ms2.inr.ac.ru" "linux-kernel@vger.kernel.org" "netdev@vger.kernel.org" "sbrivio@redhat.com" "sd@queasysnail.net" "yoshfuji@linux-ipv6.org"] crash: kernel panic: stack is corrupted in rcu_dynticks_curr_cpu_in_eqs bridge0: port 1(bridge_slave_0) entered disabled state device bridge_slave_1 left promiscuous mode bridge0: port 2(bridge_slave_1) entered disabled state device bridge_slave_0 left promiscuous mode bridge0: port 1(bridge_slave_0) entered disabled state Kernel panic - not syncing: stack-protector: Kernel stack is corrupted in: rcu_dynticks_curr_cpu_in_eqs+0x169/0x170 kernel/rcu/tree.c:293 CPU: 0 PID: 4578 Comm: syz-executor005 Not tainted 4.20.0-rc1+ #1 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: Kernel Offset: disabled Rebooting in 86400 seconds..