bisecting fixing commit since 357668399cf70ccdc0ee8967bff3448d0f4f9ae1 building syzkaller on 84f4fc8afc9aedba4b3afa4bb76c3df6c6352c07 testing commit 357668399cf70ccdc0ee8967bff3448d0f4f9ae1 with gcc (GCC) 8.1.0 kernel signature: f0c00af87f670beb2d9a496bca6bc3d1a276316e8423b94b2be428639eee5866 run #0: crashed: INFO: task hung in hashlimit_mt_check_common run #1: crashed: INFO: task hung in htable_put run #2: crashed: INFO: task hung in hashlimit_mt_check_common run #3: crashed: INFO: task hung in hashlimit_mt_check_common run #4: crashed: INFO: task hung in hashlimit_mt_check_common run #5: crashed: INFO: task hung in hashlimit_mt_check_common run #6: crashed: INFO: task hung in hashlimit_mt_check_common run #7: crashed: INFO: task hung in hashlimit_mt_check_common run #8: crashed: INFO: task hung in hashlimit_mt_check_common run #9: crashed: INFO: task hung in hashlimit_mt_check_common testing current HEAD 5692097116094a4a7045abcc1dbc172dbdc5657e testing commit 5692097116094a4a7045abcc1dbc172dbdc5657e with gcc (GCC) 8.1.0 kernel signature: 9162619d5bd6da6ffccbdb246cc88819dbe6d59e07b9c19caeb2fa8b780faef6 all runs: OK # git bisect start 5692097116094a4a7045abcc1dbc172dbdc5657e 357668399cf70ccdc0ee8967bff3448d0f4f9ae1 Bisecting: 273 revisions left to test after this (roughly 8 steps) [47f44085e01f7f68450d7a1a46369a6252505223] NFS: Fix memory leaks testing commit 47f44085e01f7f68450d7a1a46369a6252505223 with gcc (GCC) 8.1.0 kernel signature: 664f599598cc9b2b8d7ee4b17151e4ce9d6662311bf9b06d93dbdb930c211d7f run #0: basic kernel testing failed: failed to copy test binary to VM: failed to run ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "-i" "/syzkaller/jobs/linux/workdir/image/key" "/tmp/syz-executor292864400" "root@10.128.10.63:./syz-executor292864400"]: exit status 1 Connection timed out during banner exchange lost connection run #1: crashed: INFO: task hung in hashlimit_mt_check_common run #2: crashed: INFO: task hung in hashlimit_mt_check_common run #3: crashed: INFO: task hung in hashlimit_mt_check_common run #4: crashed: INFO: task hung in htable_put run #5: crashed: INFO: task hung in hashlimit_mt_check_common run #6: crashed: INFO: task hung in hashlimit_mt_check_common run #7: crashed: INFO: task hung in hashlimit_mt_check_common run #8: crashed: INFO: task hung in hashlimit_mt_check_common run #9: crashed: INFO: task hung in htable_put # git bisect good 47f44085e01f7f68450d7a1a46369a6252505223 Bisecting: 136 revisions left to test after this (roughly 7 steps) [1e8ebca50649e628bc8081fac8b95f9237a3c31b] qede: Fix race between rdma destroy workqueue and link change event testing commit 1e8ebca50649e628bc8081fac8b95f9237a3c31b with gcc (GCC) 8.1.0 kernel signature: 84f4be5439e4da1c4bbd06310cdf6cafd03b93c07c2c0c8bf4480e01080b902b all runs: OK # git bisect bad 1e8ebca50649e628bc8081fac8b95f9237a3c31b Bisecting: 68 revisions left to test after this (roughly 6 steps) [38884609b8b5282397f5f354ad2b098a13f57145] ext4: add cond_resched() to __ext4_find_entry() testing commit 38884609b8b5282397f5f354ad2b098a13f57145 with gcc (GCC) 8.1.0 kernel signature: 573c027a76d10f4362a9fc28288f3561670e1afbfe7cf533fa88f58d557b093f run #0: crashed: INFO: task hung in hashlimit_mt_check_common run #1: crashed: INFO: task hung in hashlimit_mt_check_common run #2: crashed: INFO: task hung in hashlimit_mt_check_common run #3: crashed: INFO: task hung in hashlimit_mt_check_common run #4: crashed: INFO: task hung in hashlimit_mt_check_common run #5: crashed: INFO: task hung in hashlimit_mt_check_common run #6: crashed: INFO: task hung in hashlimit_mt_check_common run #7: crashed: INFO: task hung in hashlimit_mt_check_common run #8: crashed: INFO: task hung in htable_put run #9: crashed: INFO: task hung in hashlimit_mt_check_common # git bisect good 38884609b8b5282397f5f354ad2b098a13f57145 Bisecting: 34 revisions left to test after this (roughly 5 steps) [cfc30449bbc50ba0532d4714fb0dada1758d612a] Revert "char/random: silence a lockdep splat with printk()" testing commit cfc30449bbc50ba0532d4714fb0dada1758d612a with gcc (GCC) 8.1.0 kernel signature: 5b5c6d2705a62902c9d9945590b962af1d449d587587f29dfc5c9a5f589f58d0 all runs: OK # git bisect bad cfc30449bbc50ba0532d4714fb0dada1758d612a Bisecting: 16 revisions left to test after this (roughly 4 steps) [1cad1a6497ecb07c87c6199a41e9316183eb4898] scsi: Revert "target: iscsi: Wait for all commands to finish before freeing a session" testing commit 1cad1a6497ecb07c87c6199a41e9316183eb4898 with gcc (GCC) 8.1.0 kernel signature: bf5744206bc8826e35a42e3be3ef32f5e069f857880570da746fc1b6d9b6e121 all runs: crashed: INFO: task hung in hashlimit_mt_check_common # git bisect good 1cad1a6497ecb07c87c6199a41e9316183eb4898 Bisecting: 8 revisions left to test after this (roughly 3 steps) [bf3043d27755a8cb53cb99e4f04139a5279761e0] bpf, offload: Replace bitwise AND by logical AND in bpf_prog_offload_info_fill testing commit bf3043d27755a8cb53cb99e4f04139a5279761e0 with gcc (GCC) 8.1.0 kernel signature: 2abeafbd42bfcc4ab1dacca4c1f35a83e1f1a650f43c4afb42a96afb7bfce42c run #0: crashed: INFO: task hung in hashlimit_mt_check_common run #1: crashed: INFO: task hung in hashlimit_mt_check_common run #2: crashed: INFO: task hung in hashlimit_mt_check_common run #3: crashed: INFO: task hung in hashlimit_mt_check_common run #4: crashed: INFO: task hung in hashlimit_mt_check_common run #5: crashed: INFO: task hung in hashlimit_mt_check_common run #6: crashed: INFO: task hung in hashlimit_mt_check_common run #7: crashed: INFO: task hung in hashlimit_mt_check_common run #8: crashed: INFO: task hung in hashlimit_mt_check_common run #9: crashed: INFO: task hung in htable_put # git bisect good bf3043d27755a8cb53cb99e4f04139a5279761e0 Bisecting: 4 revisions left to test after this (roughly 2 steps) [acbc5071f073bc368d7d4f63902adf536cf37772] netfilter: xt_hashlimit: limit the max size of hashtable testing commit acbc5071f073bc368d7d4f63902adf536cf37772 with gcc (GCC) 8.1.0 kernel signature: 4b9ff10727759afdccacdbf07065f7cf0c80d2cd1f40cadd9ab50fceb5769ac4 all runs: OK # git bisect bad acbc5071f073bc368d7d4f63902adf536cf37772 Bisecting: 1 revision left to test after this (roughly 1 step) [b105447809b10b61108962724c2ab4c9734e3a41] ALSA: seq: Avoid concurrent access to queue flags testing commit b105447809b10b61108962724c2ab4c9734e3a41 with gcc (GCC) 8.1.0 kernel signature: f3aa0f597de08e46cb844bcfa75395d686c009191a3b5ca56c5c1ef2ce87b0f3 run #0: crashed: INFO: task hung in hashlimit_mt_check_common run #1: crashed: INFO: task hung in hashlimit_mt_check_common run #2: crashed: INFO: task hung in hashlimit_mt_check_common run #3: crashed: INFO: task hung in hashlimit_mt_check_common run #4: crashed: INFO: task hung in htable_put run #5: crashed: INFO: task hung in hashlimit_mt_check_common run #6: crashed: INFO: task hung in hashlimit_mt_check_common run #7: crashed: INFO: task hung in hashlimit_mt_check_common run #8: crashed: INFO: task hung in hashlimit_mt_check_common run #9: crashed: INFO: task hung in hashlimit_mt_check_common # git bisect good b105447809b10b61108962724c2ab4c9734e3a41 Bisecting: 0 revisions left to test after this (roughly 0 steps) [5a2972600a2f845d860f2a4c51b979c608cb1e9b] ALSA: seq: Fix concurrent access to queue current tick/time testing commit 5a2972600a2f845d860f2a4c51b979c608cb1e9b with gcc (GCC) 8.1.0 kernel signature: 816ef1d4bdc6205572e8d1e01efc0cd8aa57cc1584c4cea4fb3cb46a0e777bdc run #0: crashed: INFO: task hung in hashlimit_mt_check_common run #1: crashed: INFO: task hung in hashlimit_mt_check_common run #2: crashed: INFO: task hung in hashlimit_mt_check_common run #3: crashed: INFO: task hung in hashlimit_mt_check_common run #4: crashed: INFO: task hung in hashlimit_mt_check_common run #5: crashed: INFO: task hung in hashlimit_mt_check_common run #6: crashed: INFO: task hung in hashlimit_mt_check_common run #7: crashed: INFO: task hung in hashlimit_mt_check_common run #8: crashed: INFO: task hung in hashlimit_mt_check_common run #9: crashed: INFO: task hung in htable_put # git bisect good 5a2972600a2f845d860f2a4c51b979c608cb1e9b acbc5071f073bc368d7d4f63902adf536cf37772 is the first bad commit commit acbc5071f073bc368d7d4f63902adf536cf37772 Author: Cong Wang Date: Sun Feb 2 20:30:53 2020 -0800 netfilter: xt_hashlimit: limit the max size of hashtable commit 8d0015a7ab76b8b1e89a3e5f5710a6e5103f2dd5 upstream. The user-specified hashtable size is unbound, this could easily lead to an OOM or a hung task as we hold the global mutex while allocating and initializing the new hashtable. Add a max value to cap both cfg->size and cfg->max, as suggested by Florian. Reported-and-tested-by: syzbot+adf6c6c2be1c3a718121@syzkaller.appspotmail.com Signed-off-by: Cong Wang Reviewed-by: Florian Westphal Signed-off-by: Pablo Neira Ayuso Signed-off-by: Greg Kroah-Hartman net/netfilter/xt_hashlimit.c | 10 ++++++++++ 1 file changed, 10 insertions(+) culprit signature: 4b9ff10727759afdccacdbf07065f7cf0c80d2cd1f40cadd9ab50fceb5769ac4 parent signature: 816ef1d4bdc6205572e8d1e01efc0cd8aa57cc1584c4cea4fb3cb46a0e777bdc revisions tested: 11, total time: 3h13m7.432750707s (build: 1h45m57.554842484s, test: 1h25m41.171979588s) first good commit: acbc5071f073bc368d7d4f63902adf536cf37772 netfilter: xt_hashlimit: limit the max size of hashtable cc: ["fw@strlen.de" "gregkh@linuxfoundation.org" "pablo@netfilter.org" "syzbot+adf6c6c2be1c3a718121@syzkaller.appspotmail.com" "xiyou.wangcong@gmail.com"]