bisecting cause commit starting from cddaf02bcb7313a23b06e46683a1381b85840687 building syzkaller on adf636a83bd411d805aa74d07d03933ae9d08eb3 testing commit cddaf02bcb7313a23b06e46683a1381b85840687 with gcc (GCC) 8.1.0 run #0: crashed: kernel panic: stack is corrupted in rcu_dynticks_curr_cpu_in_eqs run #1: crashed: kernel panic: stack is corrupted in rcu_dynticks_curr_cpu_in_eqs run #2: crashed: kernel panic: stack is corrupted in rcu_dynticks_curr_cpu_in_eqs run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK testing release v4.19 testing commit 84df9525b0c27f3ebc2ebb1864fa62a97fdedb7d with gcc (GCC) 8.1.0 all runs: OK # git bisect start cddaf02bcb7313a23b06e46683a1381b85840687 v4.19 Bisecting: 6756 revisions left to test after this (roughly 13 steps) [18d0eae30e6a4f8644d589243d7ac1d70d29203d] Merge tag 'char-misc-4.20-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc testing commit 18d0eae30e6a4f8644d589243d7ac1d70d29203d with gcc (GCC) 8.1.0 all runs: OK # git bisect good 18d0eae30e6a4f8644d589243d7ac1d70d29203d Bisecting: 3384 revisions left to test after this (roughly 12 steps) [044ee890286153a1aefb40cb8b6659921aecb38b] HID: input: simplify/fix high-res scroll event handling testing commit 044ee890286153a1aefb40cb8b6659921aecb38b with gcc (GCC) 8.1.0 all runs: OK # git bisect good 044ee890286153a1aefb40cb8b6659921aecb38b Bisecting: 1693 revisions left to test after this (roughly 11 steps) [0c86e761b95131943c2b8af2ffb3c0554f9a71f5] Merge tag 'vfio-v4.20-rc1.v2' of git://github.com/awilliam/linux-vfio testing commit 0c86e761b95131943c2b8af2ffb3c0554f9a71f5 with gcc (GCC) 8.1.0 all runs: OK # git bisect good 0c86e761b95131943c2b8af2ffb3c0554f9a71f5 Bisecting: 838 revisions left to test after this (roughly 10 steps) [01897f3e05ede4d66c0f9df465fde1d67a1d733f] Merge branch 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip testing commit 01897f3e05ede4d66c0f9df465fde1d67a1d733f with gcc (GCC) 8.1.0 all runs: OK # git bisect good 01897f3e05ede4d66c0f9df465fde1d67a1d733f Bisecting: 415 revisions left to test after this (roughly 9 steps) [7a3765ed66d187071bbf56a8212f5d2bc2d2e2cc] Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net testing commit 7a3765ed66d187071bbf56a8212f5d2bc2d2e2cc with gcc (GCC) 8.1.0 all runs: OK # git bisect good 7a3765ed66d187071bbf56a8212f5d2bc2d2e2cc Bisecting: 207 revisions left to test after this (roughly 8 steps) [d79e26a7efc22c4cc2cd66529cc3bd4e0ed5938a] Merge branch 'remove-PHY_HAS_INTERRUPT' testing commit d79e26a7efc22c4cc2cd66529cc3bd4e0ed5938a with gcc (GCC) 8.1.0 run #0: crashed: kernel panic: stack is corrupted in rcu_dynticks_curr_cpu_in_eqs run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect bad d79e26a7efc22c4cc2cd66529cc3bd4e0ed5938a Bisecting: 103 revisions left to test after this (roughly 7 steps) [7b8e0b6e659983154c8d7e756cdb833d89a3d4d7] net: sched: prio: delay destroying child qdiscs on change testing commit 7b8e0b6e659983154c8d7e756cdb833d89a3d4d7 with gcc (GCC) 8.1.0 all runs: OK # git bisect good 7b8e0b6e659983154c8d7e756cdb833d89a3d4d7 Bisecting: 51 revisions left to test after this (roughly 6 steps) [3149a2711bac22a673bc4b9e99d0ace2d23e11da] sky2: use __vlan_hwaccel helpers testing commit 3149a2711bac22a673bc4b9e99d0ace2d23e11da with gcc (GCC) 8.1.0 run #0: crashed: kernel panic: stack is corrupted in rcu_dynticks_curr_cpu_in_eqs run #1: crashed: kernel panic: stack is corrupted in rcu_dynticks_curr_cpu_in_eqs run #2: crashed: kernel panic: stack is corrupted in rcu_dynticks_curr_cpu_in_eqs run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect bad 3149a2711bac22a673bc4b9e99d0ace2d23e11da Bisecting: 25 revisions left to test after this (roughly 5 steps) [ded9da1fc2d9509c1fd18ecdaae5f6185fb81dbc] s390/qeth: don't process hsuid in qeth_l3_setup_netdev() testing commit ded9da1fc2d9509c1fd18ecdaae5f6185fb81dbc with gcc (GCC) 8.1.0 run #0: crashed: kernel panic: stack is corrupted in rcu_dynticks_curr_cpu_in_eqs run #1: crashed: kernel panic: stack is corrupted in rcu_dynticks_curr_cpu_in_eqs run #2: crashed: kernel panic: stack is corrupted in rcu_dynticks_curr_cpu_in_eqs run #3: crashed: kernel panic: stack is corrupted in rcu_dynticks_curr_cpu_in_eqs run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect bad ded9da1fc2d9509c1fd18ecdaae5f6185fb81dbc Bisecting: 12 revisions left to test after this (roughly 4 steps) [32bbd8793f24b0d5beb1cdb33c45c75ad1140e4b] net: Convert protocol error handlers from void to int testing commit 32bbd8793f24b0d5beb1cdb33c45c75ad1140e4b with gcc (GCC) 8.1.0 all runs: OK # git bisect good 32bbd8793f24b0d5beb1cdb33c45c75ad1140e4b Bisecting: 6 revisions left to test after this (roughly 3 steps) [b144b99fff69a5bc0d34c8e168bedb88c68ca23d] s390/qeth: utilize virtual MAC for Layer2 OSD devices testing commit b144b99fff69a5bc0d34c8e168bedb88c68ca23d with gcc (GCC) 8.1.0 run #0: crashed: kernel panic: stack is corrupted in rcu_dynticks_curr_cpu_in_eqs run #1: crashed: kernel panic: stack is corrupted in rcu_dynticks_curr_cpu_in_eqs run #2: crashed: kernel panic: stack is corrupted in rcu_dynticks_curr_cpu_in_eqs run #3: crashed: kernel panic: stack is corrupted in rcu_dynticks_curr_cpu_in_eqs run #4: crashed: kernel panic: stack is corrupted in rcu_dynticks_curr_cpu_in_eqs run #5: crashed: kernel panic: stack is corrupted in rcu_dynticks_curr_cpu_in_eqs run #6: OK run #7: OK run #8: OK run #9: OK # git bisect bad b144b99fff69a5bc0d34c8e168bedb88c68ca23d Bisecting: 2 revisions left to test after this (roughly 2 steps) [56fd865f46b894681dd7e7f83761243add7a71a3] selftests: pmtu: Introduce FoU and GUE PMTU exceptions tests testing commit 56fd865f46b894681dd7e7f83761243add7a71a3 with gcc (GCC) 8.1.0 run #0: crashed: kernel panic: stack is corrupted in rcu_dynticks_curr_cpu_in_eqs run #1: crashed: kernel panic: stack is corrupted in rcu_dynticks_curr_cpu_in_eqs run #2: crashed: kernel panic: stack is corrupted in rcu_dynticks_curr_cpu_in_eqs run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect bad 56fd865f46b894681dd7e7f83761243add7a71a3 Bisecting: 0 revisions left to test after this (roughly 1 step) [b8a51b38e4d4dec3e379d52c0fe1a66827f7cf1e] fou, fou6: ICMP error handlers for FoU and GUE testing commit b8a51b38e4d4dec3e379d52c0fe1a66827f7cf1e with gcc (GCC) 8.1.0 run #0: crashed: kernel panic: stack is corrupted in rcu_dynticks_curr_cpu_in_eqs run #1: crashed: kernel panic: stack is corrupted in rcu_dynticks_curr_cpu_in_eqs run #2: crashed: kernel panic: stack is corrupted in rcu_dynticks_curr_cpu_in_eqs run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect bad b8a51b38e4d4dec3e379d52c0fe1a66827f7cf1e Bisecting: 0 revisions left to test after this (roughly 0 steps) [e7cc082455cb49ea937a3ec4ab3d001b0b5f137b] udp: Support for error handlers of tunnels with arbitrary destination port testing commit e7cc082455cb49ea937a3ec4ab3d001b0b5f137b with gcc (GCC) 8.1.0 all runs: OK # git bisect good e7cc082455cb49ea937a3ec4ab3d001b0b5f137b b8a51b38e4d4dec3e379d52c0fe1a66827f7cf1e is the first bad commit commit b8a51b38e4d4dec3e379d52c0fe1a66827f7cf1e Author: Stefano Brivio Date: Thu Nov 8 12:19:23 2018 +0100 fou, fou6: ICMP error handlers for FoU and GUE As the destination port in FoU and GUE receiving sockets doesn't necessarily match the remote destination port, we can't associate errors to the encapsulating tunnels with a socket lookup -- we need to blindly try them instead. This means we don't even know if we are handling errors for FoU or GUE without digging into the packets. Hence, implement a single handler for both, one for IPv4 and one for IPv6, that will check whether the packet that generated the ICMP error used a direct IP encapsulation or if it had a GUE header, and send the error to the matching protocol handler, if any. Signed-off-by: Stefano Brivio Reviewed-by: Sabrina Dubroca Signed-off-by: David S. Miller net/ipv4/fou.c | 68 ++++++++++++++++++++++++++++++++++++++++++++++++ net/ipv4/protocol.c | 1 + net/ipv6/fou6.c | 74 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 143 insertions(+) revisions tested: 16, total time: 3h50m2.189948748s (build: 1h10m32.435183216s, test: 2h36m22.111339771s) first bad commit: b8a51b38e4d4dec3e379d52c0fe1a66827f7cf1e fou, fou6: ICMP error handlers for FoU and GUE cc: ["davem@davemloft.net" "kuznet@ms2.inr.ac.ru" "linux-kernel@vger.kernel.org" "netdev@vger.kernel.org" "sbrivio@redhat.com" "sd@queasysnail.net" "yoshfuji@linux-ipv6.org"] crash: kernel panic: stack is corrupted in rcu_dynticks_curr_cpu_in_eqs Kernel panic - not syncing: stack-protector: Kernel stack is corrupted in: rcu_dynticks_curr_cpu_in_eqs+0x169/0x170 kernel/rcu/tree.c:293 CPU: 0 PID: 4583 Comm: syz-executor5 Not tainted 4.20.0-rc1+ #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1 04/01/2014 Call Trace: Kernel Offset: disabled Rebooting in 86400 seconds..