bisecting fixing commit since 7d120bf21c05cbe30a679f0feeca884eeaceb069 building syzkaller on 36650b4b2c942bc382314dce384d311fbadd1208 testing commit 7d120bf21c05cbe30a679f0feeca884eeaceb069 with gcc (GCC) 8.1.0 kernel signature: 0a4907846f5cdf76da94fd6eb5a8a7ac7b89cf5a run #0: crashed: INFO: rcu detected stall in br_handle_frame run #1: crashed: INFO: rcu detected stall in br_handle_frame run #2: crashed: INFO: rcu detected stall in br_handle_frame run #3: crashed: INFO: rcu detected stall in br_handle_frame run #4: crashed: INFO: rcu detected stall in br_handle_frame run #5: crashed: INFO: rcu detected stall in br_handle_frame run #6: crashed: INFO: rcu detected stall in br_handle_frame run #7: crashed: INFO: rcu detected stall in br_handle_frame run #8: crashed: INFO: rcu detected stall in addrconf_dad_work run #9: crashed: INFO: rcu detected stall in br_handle_frame testing current HEAD dc4ba5be1babd3b3ec905751a30df89a5899a7a9 testing commit dc4ba5be1babd3b3ec905751a30df89a5899a7a9 with gcc (GCC) 8.1.0 kernel signature: 24966655f636ef137909206ade89d5f9a5612ecf all runs: OK # git bisect start dc4ba5be1babd3b3ec905751a30df89a5899a7a9 7d120bf21c05cbe30a679f0feeca884eeaceb069 Bisecting: 355 revisions left to test after this (roughly 9 steps) [6538eea79300eaaa8f517b6ed7a086913fd61afb] net/mlxfw: Fix out-of-memory error in mfa2 flash burning testing commit 6538eea79300eaaa8f517b6ed7a086913fd61afb with gcc (GCC) 8.1.0 kernel signature: 7b1cb51a72596bd1fdcdebecb3d63dde4e05dcb1 run #0: crashed: INFO: rcu detected stall in br_handle_frame run #1: crashed: INFO: rcu detected stall in br_handle_frame run #2: crashed: INFO: rcu detected stall in br_handle_frame run #3: crashed: INFO: rcu detected stall in br_handle_frame run #4: crashed: INFO: rcu detected stall in br_handle_frame run #5: crashed: INFO: rcu detected stall in br_handle_frame run #6: crashed: INFO: rcu detected stall in br_handle_frame run #7: crashed: INFO: rcu detected stall in br_handle_frame run #8: crashed: INFO: rcu detected stall in br_handle_frame run #9: crashed: INFO: rcu detected stall in netlink_sendmsg # git bisect good 6538eea79300eaaa8f517b6ed7a086913fd61afb Bisecting: 177 revisions left to test after this (roughly 8 steps) [588b700ce88b459180efd5f121956eda10e9e169] net: usb: lan78xx: Fix error message format specifier testing commit 588b700ce88b459180efd5f121956eda10e9e169 with gcc (GCC) 8.1.0 kernel signature: 4445a94d8ce11ec0a32d8b20fdc32ec8975568c1 run #0: crashed: INFO: rcu detected stall in br_handle_frame run #1: crashed: INFO: rcu detected stall in br_handle_frame run #2: crashed: INFO: rcu detected stall in br_handle_frame run #3: crashed: INFO: rcu detected stall in corrupted run #4: crashed: INFO: rcu detected stall in br_handle_frame run #5: crashed: INFO: rcu detected stall in br_handle_frame run #6: crashed: INFO: rcu detected stall in br_handle_frame run #7: crashed: INFO: rcu detected stall in br_handle_frame run #8: crashed: INFO: rcu detected stall in br_handle_frame run #9: crashed: INFO: rcu detected stall in corrupted # git bisect good 588b700ce88b459180efd5f121956eda10e9e169 Bisecting: 88 revisions left to test after this (roughly 7 steps) [46abb2a5cd2f34a8fa67df24f5b33a494e42f9ec] netfilter: arp_tables: init netns pointer in xt_tgchk_param struct testing commit 46abb2a5cd2f34a8fa67df24f5b33a494e42f9ec with gcc (GCC) 8.1.0 kernel signature: e31feae8b68cf16d957a167a8d6b533d0aa0fb29 all runs: OK # git bisect bad 46abb2a5cd2f34a8fa67df24f5b33a494e42f9ec Bisecting: 44 revisions left to test after this (roughly 6 steps) [aad8003ad201c518d8200f1da587b6a24150c4e4] usb: missing parentheses in USE_NEW_SCHEME testing commit aad8003ad201c518d8200f1da587b6a24150c4e4 with gcc (GCC) 8.1.0 kernel signature: 5f35213701606760081101a04453f110977f0d95 all runs: OK # git bisect bad aad8003ad201c518d8200f1da587b6a24150c4e4 Bisecting: 21 revisions left to test after this (roughly 5 steps) [0b9700de712a479cf214fe503cf4d51c09b25785] powerpc/spinlocks: Include correct header for static key testing commit 0b9700de712a479cf214fe503cf4d51c09b25785 with gcc (GCC) 8.1.0 kernel signature: 245710ad6d5ea9153e4be99b428d554189d2373d run #0: crashed: INFO: rcu detected stall in br_handle_frame run #1: crashed: INFO: rcu detected stall in corrupted run #2: crashed: INFO: rcu detected stall in br_handle_frame run #3: crashed: INFO: rcu detected stall in br_handle_frame run #4: crashed: INFO: rcu detected stall in addrconf_rs_timer run #5: crashed: INFO: rcu detected stall in br_handle_frame run #6: crashed: INFO: rcu detected stall in br_handle_frame run #7: crashed: INFO: rcu detected stall in br_handle_frame run #8: crashed: INFO: rcu detected stall in br_handle_frame run #9: crashed: INFO: rcu detected stall in br_handle_frame # git bisect good 0b9700de712a479cf214fe503cf4d51c09b25785 Bisecting: 10 revisions left to test after this (roughly 4 steps) [f5c8c211d811b0e0b705f66b36ad2de11e71aef0] sch_cake: avoid possible divide by zero in cake_enqueue() testing commit f5c8c211d811b0e0b705f66b36ad2de11e71aef0 with gcc (GCC) 8.1.0 kernel signature: 716954268db1a0fdc6caea6ba37991e46afab786 all runs: OK # git bisect bad f5c8c211d811b0e0b705f66b36ad2de11e71aef0 Bisecting: 5 revisions left to test after this (roughly 3 steps) [5f3274c53ae7049755b29ec0c351f145cb68270c] macvlan: do not assume mac_header is set in macvlan_broadcast() testing commit 5f3274c53ae7049755b29ec0c351f145cb68270c with gcc (GCC) 8.1.0 kernel signature: f13b5e47e30296e9034d69b80ce8b788bd942f69 run #0: crashed: INFO: rcu detected stall in br_handle_frame run #1: crashed: INFO: rcu detected stall in br_handle_frame run #2: crashed: INFO: rcu detected stall in br_handle_frame run #3: crashed: INFO: rcu detected stall in br_handle_frame run #4: crashed: INFO: rcu detected stall in br_handle_frame run #5: crashed: INFO: rcu detected stall in netlink_sendmsg run #6: crashed: INFO: rcu detected stall in netlink_sendmsg run #7: crashed: INFO: rcu detected stall in br_handle_frame run #8: crashed: INFO: rcu detected stall in br_handle_frame run #9: crashed: INFO: rcu detected stall in br_handle_frame # git bisect good 5f3274c53ae7049755b29ec0c351f145cb68270c Bisecting: 2 revisions left to test after this (roughly 2 steps) [5994f91dcdc4c85c0dc024091d0ab5b16d4088b2] net: stmmac: dwmac-sunxi: Allow all RGMII modes testing commit 5994f91dcdc4c85c0dc024091d0ab5b16d4088b2 with gcc (GCC) 8.1.0 kernel signature: 24824967df45f52b03672010b57f46cb7ed45203 run #0: crashed: INFO: rcu detected stall in br_handle_frame run #1: crashed: INFO: rcu detected stall in addrconf_dad_work run #2: crashed: INFO: rcu detected stall in br_handle_frame run #3: crashed: INFO: rcu detected stall in br_handle_frame run #4: crashed: INFO: rcu detected stall in br_handle_frame run #5: crashed: INFO: rcu detected stall in br_handle_frame run #6: crashed: INFO: rcu detected stall in netlink_sendmsg run #7: crashed: INFO: rcu detected stall in br_handle_frame run #8: crashed: INFO: rcu detected stall in corrupted run #9: crashed: INFO: rcu detected stall in br_handle_frame # git bisect good 5994f91dcdc4c85c0dc024091d0ab5b16d4088b2 Bisecting: 0 revisions left to test after this (roughly 1 step) [94ac4a4d938f51a18a51286fd94a46c1d6558103] pkt_sched: fq: do not accept silly TCA_FQ_QUANTUM testing commit 94ac4a4d938f51a18a51286fd94a46c1d6558103 with gcc (GCC) 8.1.0 kernel signature: fd29b1155e565aa3d644b70b47d413567571fbb4 all runs: OK # git bisect bad 94ac4a4d938f51a18a51286fd94a46c1d6558103 Bisecting: 0 revisions left to test after this (roughly 0 steps) [77b07bbf47e4c447bd36c97a8b597865ebff2d49] net: usb: lan78xx: fix possible skb leak testing commit 77b07bbf47e4c447bd36c97a8b597865ebff2d49 with gcc (GCC) 8.1.0 kernel signature: a61fa0cdf050770a77fdf7f216f804f0b7a4ce38 run #0: crashed: INFO: rcu detected stall in br_handle_frame run #1: crashed: INFO: rcu detected stall in br_handle_frame run #2: crashed: INFO: rcu detected stall in br_handle_frame run #3: crashed: INFO: rcu detected stall in addrconf_dad_work run #4: crashed: INFO: rcu detected stall in addrconf_rs_timer run #5: crashed: INFO: rcu detected stall in br_handle_frame run #6: crashed: INFO: rcu detected stall in br_handle_frame run #7: crashed: INFO: rcu detected stall in br_handle_frame run #8: crashed: INFO: rcu detected stall in br_handle_frame run #9: crashed: INFO: rcu detected stall in br_handle_frame # git bisect good 77b07bbf47e4c447bd36c97a8b597865ebff2d49 94ac4a4d938f51a18a51286fd94a46c1d6558103 is the first bad commit commit 94ac4a4d938f51a18a51286fd94a46c1d6558103 Author: Eric Dumazet Date: Mon Jan 6 06:10:39 2020 -0800 pkt_sched: fq: do not accept silly TCA_FQ_QUANTUM [ Upstream commit d9e15a2733067c9328fb56d98fe8e574fa19ec31 ] As diagnosed by Florian : If TCA_FQ_QUANTUM is set to 0x80000000, fq_deueue() can loop forever in : if (f->credit <= 0) { f->credit += q->quantum; goto begin; } ... because f->credit is either 0 or -2147483648. Let's limit TCA_FQ_QUANTUM to no more than 1 << 20 : This max value should limit risks of breaking user setups while fixing this bug. Fixes: afe4fd062416 ("pkt_sched: fq: Fair Queue packet scheduler") Signed-off-by: Eric Dumazet Diagnosed-by: Florian Westphal Reported-by: syzbot+dc9071cc5a85950bdfce@syzkaller.appspotmail.com Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman net/sched/sch_fq.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) culprit signature: fd29b1155e565aa3d644b70b47d413567571fbb4 parent signature: a61fa0cdf050770a77fdf7f216f804f0b7a4ce38 revisions tested: 12, total time: 3h22m33.921311886s (build: 1h50m18.52393964s, test: 1h30m58.459689749s) first good commit: 94ac4a4d938f51a18a51286fd94a46c1d6558103 pkt_sched: fq: do not accept silly TCA_FQ_QUANTUM cc: ["davem@davemloft.net" "edumazet@google.com" "gregkh@linuxfoundation.org"]