bisecting fixing commit since bfb9e5c03076a446b1f4f6a523ddc8d723c907a6 building syzkaller on 36650b4b2c942bc382314dce384d311fbadd1208 testing commit bfb9e5c03076a446b1f4f6a523ddc8d723c907a6 with gcc (GCC) 8.1.0 kernel signature: 27039f5539e15d2cac4b0558402ead76f4bfc35a run #0: crashed: INFO: rcu detected stall in corrupted run #1: crashed: INFO: rcu detected stall in corrupted run #2: crashed: INFO: rcu detected stall in corrupted run #3: crashed: INFO: rcu detected stall in br_handle_frame run #4: crashed: INFO: rcu detected stall in corrupted run #5: crashed: INFO: rcu detected stall in corrupted run #6: crashed: INFO: rcu detected stall in corrupted run #7: crashed: INFO: rcu detected stall in corrupted run #8: crashed: INFO: rcu detected stall in corrupted run #9: crashed: INFO: rcu detected stall in addrconf_rs_timer testing current HEAD c1141b3aab36eb0d9b2bcae4aff69e77d0554386 testing commit c1141b3aab36eb0d9b2bcae4aff69e77d0554386 with gcc (GCC) 8.1.0 kernel signature: 45430dd1a4470bc4f796056b5da07ea1fc603c8c all runs: OK # git bisect start c1141b3aab36eb0d9b2bcae4aff69e77d0554386 bfb9e5c03076a446b1f4f6a523ddc8d723c907a6 Bisecting: 269 revisions left to test after this (roughly 8 steps) [52a6ba0b4a6efb04557c64e5c90bcd1b97c1238e] tty/serial: atmel: fix out of range clock divider handling testing commit 52a6ba0b4a6efb04557c64e5c90bcd1b97c1238e with gcc (GCC) 8.1.0 kernel signature: 24ca9e990770f1acc54c9797a4cc302854fe09df run #0: crashed: INFO: rcu detected stall in br_handle_frame run #1: crashed: INFO: rcu detected stall in br_handle_frame run #2: crashed: INFO: rcu detected stall in corrupted run #3: crashed: INFO: rcu detected stall in br_handle_frame run #4: crashed: INFO: rcu detected stall in corrupted run #5: crashed: INFO: rcu detected stall in br_handle_frame run #6: crashed: INFO: rcu detected stall in br_handle_frame run #7: crashed: INFO: rcu detected stall in br_handle_frame run #8: crashed: INFO: rcu detected stall in br_handle_frame run #9: crashed: INFO: rcu detected stall in corrupted # git bisect good 52a6ba0b4a6efb04557c64e5c90bcd1b97c1238e Bisecting: 134 revisions left to test after this (roughly 7 steps) [b454ac1b22af130c6fb8d34c344a98339f1cea9a] bpf: Fix passing modified ctx to ld/abs/ind instruction testing commit b454ac1b22af130c6fb8d34c344a98339f1cea9a with gcc (GCC) 8.1.0 kernel signature: b08c8c2bbaac0c3cd39dab8f237ee96a956ae19a run #0: crashed: INFO: rcu detected stall in newlstat run #1: crashed: INFO: rcu detected stall in br_handle_frame run #2: crashed: INFO: rcu detected stall in br_handle_frame run #3: crashed: INFO: rcu detected stall in br_handle_frame run #4: crashed: INFO: rcu detected stall in corrupted run #5: crashed: INFO: rcu detected stall in corrupted run #6: crashed: INFO: rcu detected stall in corrupted run #7: crashed: INFO: rcu detected stall in corrupted run #8: crashed: INFO: rcu detected stall in br_handle_frame run #9: crashed: INFO: rcu detected stall in br_handle_frame # git bisect good b454ac1b22af130c6fb8d34c344a98339f1cea9a Bisecting: 67 revisions left to test after this (roughly 6 steps) [10dbcf14b89929100d36e529e0d22de4b97d9a68] ethtool: reduce stack usage with clang testing commit 10dbcf14b89929100d36e529e0d22de4b97d9a68 with gcc (GCC) 8.1.0 kernel signature: 090ff3babe22d953d102ee36e54e055b97667155 all runs: OK # git bisect bad 10dbcf14b89929100d36e529e0d22de4b97d9a68 Bisecting: 33 revisions left to test after this (roughly 5 steps) [e08e3dda248f115c77fc59016d26fdc1fd19cf58] can: mscan: mscan_rx_poll(): fix rx path lockup when returning from polling to irq mode testing commit e08e3dda248f115c77fc59016d26fdc1fd19cf58 with gcc (GCC) 8.1.0 kernel signature: 33aa363b1f70740b5fb39cc2c03a1700752fe9be all runs: OK # git bisect bad e08e3dda248f115c77fc59016d26fdc1fd19cf58 Bisecting: 16 revisions left to test after this (roughly 4 steps) [2e2d29bacd3f70b13a3abfc7b7033aacdb4c2aee] sctp: free cmd->obj.chunk for the unprocessed SCTP_CMD_REPLY testing commit 2e2d29bacd3f70b13a3abfc7b7033aacdb4c2aee with gcc (GCC) 8.1.0 kernel signature: fab82b5c7c62a4d0e371777b5f92554912e00a35 all runs: OK # git bisect bad 2e2d29bacd3f70b13a3abfc7b7033aacdb4c2aee Bisecting: 7 revisions left to test after this (roughly 3 steps) [4a953272f2d2db63bba97137b64b3f1770634e00] macvlan: do not assume mac_header is set in macvlan_broadcast() testing commit 4a953272f2d2db63bba97137b64b3f1770634e00 with gcc (GCC) 8.1.0 kernel signature: 55b5d5175179da7326d64f27833a4d04d3aad660 run #0: crashed: INFO: rcu detected stall in br_handle_frame run #1: crashed: INFO: rcu detected stall in corrupted run #2: crashed: INFO: rcu detected stall in br_handle_frame run #3: crashed: INFO: rcu detected stall in br_handle_frame run #4: crashed: INFO: rcu detected stall in corrupted run #5: crashed: INFO: rcu detected stall in br_handle_frame run #6: crashed: INFO: rcu detected stall in br_handle_frame run #7: crashed: INFO: rcu detected stall in br_handle_frame run #8: crashed: INFO: rcu detected stall in br_handle_frame run #9: crashed: INFO: rcu detected stall in corrupted # git bisect good 4a953272f2d2db63bba97137b64b3f1770634e00 Bisecting: 3 revisions left to test after this (roughly 2 steps) [a45335027cece5e979c1bb1a603604b2f34f32f8] net: usb: lan78xx: fix possible skb leak testing commit a45335027cece5e979c1bb1a603604b2f34f32f8 with gcc (GCC) 8.1.0 kernel signature: 1b7375d3eb19b861f8ee1103bb6df8f1bb0d00e8 run #0: crashed: INFO: rcu detected stall in corrupted run #1: crashed: INFO: rcu detected stall in corrupted run #2: crashed: INFO: rcu detected stall in corrupted run #3: crashed: INFO: rcu detected stall in corrupted run #4: crashed: INFO: rcu detected stall in corrupted run #5: crashed: INFO: rcu detected stall in corrupted run #6: crashed: INFO: rcu detected stall in br_handle_frame run #7: crashed: INFO: rcu detected stall in corrupted run #8: crashed: INFO: rcu detected stall in corrupted run #9: crashed: INFO: rcu detected stall in br_handle_frame # git bisect good a45335027cece5e979c1bb1a603604b2f34f32f8 Bisecting: 1 revision left to test after this (roughly 1 step) [bb275c92aaa05ba8fdf6919950cede0c03f62253] USB: core: fix check for duplicate endpoints testing commit bb275c92aaa05ba8fdf6919950cede0c03f62253 with gcc (GCC) 8.1.0 kernel signature: 432740979b9058dabb75c9c3bc92990a95b105f7 all runs: OK # git bisect bad bb275c92aaa05ba8fdf6919950cede0c03f62253 Bisecting: 0 revisions left to test after this (roughly 0 steps) [73a6f18d8390abc233212085ba4f06088f9fb075] pkt_sched: fq: do not accept silly TCA_FQ_QUANTUM testing commit 73a6f18d8390abc233212085ba4f06088f9fb075 with gcc (GCC) 8.1.0 kernel signature: 5567f610ff9cd1212d427170e5a46b1cff34153e all runs: OK # git bisect bad 73a6f18d8390abc233212085ba4f06088f9fb075 73a6f18d8390abc233212085ba4f06088f9fb075 is the first bad commit commit 73a6f18d8390abc233212085ba4f06088f9fb075 Author: Eric Dumazet Date: Mon Jan 6 06:10:39 2020 -0800 pkt_sched: fq: do not accept silly TCA_FQ_QUANTUM [ Upstream commit d9e15a2733067c9328fb56d98fe8e574fa19ec31 ] As diagnosed by Florian : If TCA_FQ_QUANTUM is set to 0x80000000, fq_deueue() can loop forever in : if (f->credit <= 0) { f->credit += q->quantum; goto begin; } ... because f->credit is either 0 or -2147483648. Let's limit TCA_FQ_QUANTUM to no more than 1 << 20 : This max value should limit risks of breaking user setups while fixing this bug. Fixes: afe4fd062416 ("pkt_sched: fq: Fair Queue packet scheduler") Signed-off-by: Eric Dumazet Diagnosed-by: Florian Westphal Reported-by: syzbot+dc9071cc5a85950bdfce@syzkaller.appspotmail.com Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman net/sched/sch_fq.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) culprit signature: 5567f610ff9cd1212d427170e5a46b1cff34153e parent signature: 1b7375d3eb19b861f8ee1103bb6df8f1bb0d00e8 revisions tested: 11, total time: 3h13m46.351074123s (build: 1h35m3.305880547s, test: 1h37m43.655297597s) first good commit: 73a6f18d8390abc233212085ba4f06088f9fb075 pkt_sched: fq: do not accept silly TCA_FQ_QUANTUM cc: ["davem@davemloft.net" "edumazet@google.com" "gregkh@linuxfoundation.org"]