bisecting fixing commit since a1ec57c020201ba29608a5a3588832d07de1a518 building syzkaller on 36650b4b2c942bc382314dce384d311fbadd1208 testing commit a1ec57c020201ba29608a5a3588832d07de1a518 with gcc (GCC) 8.1.0 kernel signature: c2e1dcfc7cf32a8e1c196c0f8697a62e9c76a060330850e58fafa29d70b5dad9 run #0: crashed: INFO: rcu detected stall in corrupted run #1: crashed: INFO: rcu detected stall in br_handle_frame run #2: crashed: INFO: rcu detected stall in br_handle_frame run #3: crashed: INFO: rcu detected stall in br_handle_frame run #4: crashed: INFO: rcu detected stall in br_handle_frame run #5: crashed: INFO: rcu detected stall in br_handle_frame run #6: crashed: INFO: rcu detected stall in corrupted run #7: crashed: INFO: rcu detected stall in netlink_sendmsg run #8: crashed: INFO: rcu detected stall in br_handle_frame run #9: crashed: INFO: rcu detected stall in br_handle_frame testing current HEAD 14a1d2468ab370c8f02d341b1551bc742a8975d3 testing commit 14a1d2468ab370c8f02d341b1551bc742a8975d3 with gcc (GCC) 8.1.0 kernel signature: 6ccf94b5c855929dacb932ba86185089c33ce9e42e872dfd24bcf089d2b2ae27 all runs: OK # git bisect start 14a1d2468ab370c8f02d341b1551bc742a8975d3 a1ec57c020201ba29608a5a3588832d07de1a518 Bisecting: 1611 revisions left to test after this (roughly 11 steps) [effaf90137e3a9bb9702746f993f369a53c4185f] Merge tag 'for-5.5-rc6-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux testing commit effaf90137e3a9bb9702746f993f369a53c4185f with gcc (GCC) 8.1.0 kernel signature: b743ed85c3b5d5c6d31f900511971f51977063457d6d07481e0aaf3d97163aa6 all runs: OK # git bisect bad effaf90137e3a9bb9702746f993f369a53c4185f Bisecting: 736 revisions left to test after this (roughly 10 steps) [78bac77b521b032f96077c21241cc5d5668482c5] Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net testing commit 78bac77b521b032f96077c21241cc5d5668482c5 with gcc (GCC) 8.1.0 kernel signature: 303f667ec299bb80df2ee1401dede87f5fc1baf799507ce40eb4924a60d122e9 all runs: crashed: INFO: rcu detected stall in br_handle_frame # git bisect good 78bac77b521b032f96077c21241cc5d5668482c5 Bisecting: 389 revisions left to test after this (roughly 9 steps) [b07f636fca1c8fbba124b0082487c0b3890a0e0c] Merge tag 'tpmdd-next-20200108' of git://git.infradead.org/users/jjs/linux-tpmdd testing commit b07f636fca1c8fbba124b0082487c0b3890a0e0c with gcc (GCC) 8.1.0 kernel signature: ec6ad5f35076d967446ce0c080f4a344905cabc6cb11d57fbe4ffe86ebcc1912 run #0: crashed: INFO: rcu detected stall in br_handle_frame run #1: crashed: INFO: rcu detected stall in br_handle_frame run #2: crashed: INFO: rcu detected stall in corrupted run #3: crashed: INFO: rcu detected stall in br_handle_frame run #4: crashed: INFO: rcu detected stall in br_handle_frame run #5: crashed: INFO: rcu detected stall in corrupted run #6: crashed: INFO: rcu detected stall in br_handle_frame run #7: crashed: INFO: rcu detected stall in br_handle_frame run #8: crashed: INFO: rcu detected stall in br_handle_frame run #9: crashed: INFO: rcu detected stall in br_handle_frame # git bisect good b07f636fca1c8fbba124b0082487c0b3890a0e0c Bisecting: 202 revisions left to test after this (roughly 8 steps) [9fb7007de8a2a80e4b55a850311fca10de62f1b5] Merge tag 'char-misc-5.5-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc testing commit 9fb7007de8a2a80e4b55a850311fca10de62f1b5 with gcc (GCC) 8.1.0 kernel signature: b71ded1cd1765a07948b0935119d61dc66879aac89d7d83e11427aa05a3dca0e all runs: OK # git bisect bad 9fb7007de8a2a80e4b55a850311fca10de62f1b5 Bisecting: 93 revisions left to test after this (roughly 7 steps) [e69ec487b2c7c82ef99b4b15122f58a2a99289a3] Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/hid/hid testing commit e69ec487b2c7c82ef99b4b15122f58a2a99289a3 with gcc (GCC) 8.1.0 kernel signature: 0bcc87a1a2a30bcc742197d04f0e4e66033bb215f5d0ef3ee3366053a5e4d693 all runs: OK # git bisect bad e69ec487b2c7c82ef99b4b15122f58a2a99289a3 Bisecting: 45 revisions left to test after this (roughly 6 steps) [96b11e9358080e8b705babd078cefa753109204b] Merge git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf testing commit 96b11e9358080e8b705babd078cefa753109204b with gcc (GCC) 8.1.0 kernel signature: 49be28044f42a3fea709d0d7db18574ac2ab0da5d0f5f9b5a2ef7d621ae64d65 run #0: crashed: INFO: rcu detected stall in br_handle_frame run #1: crashed: INFO: rcu detected stall in br_handle_frame run #2: crashed: INFO: rcu detected stall in br_handle_frame run #3: crashed: INFO: rcu detected stall in br_handle_frame run #4: crashed: INFO: rcu detected stall in corrupted run #5: crashed: INFO: rcu detected stall in br_handle_frame run #6: crashed: INFO: rcu detected stall in corrupted run #7: crashed: INFO: rcu detected stall in br_handle_frame run #8: crashed: INFO: rcu detected stall in br_handle_frame run #9: crashed: INFO: rcu detected stall in br_handle_frame # git bisect good 96b11e9358080e8b705babd078cefa753109204b Bisecting: 18 revisions left to test after this (roughly 5 steps) [b73a65610b7decff6415d24940722e8aa09195cf] Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf testing commit b73a65610b7decff6415d24940722e8aa09195cf with gcc (GCC) 8.1.0 kernel signature: 0cbf4c0360e7bfd2520da00cb4a8e96b805698322079ddb0ff462245d2dde7ee all runs: OK # git bisect bad b73a65610b7decff6415d24940722e8aa09195cf Bisecting: 13 revisions left to test after this (roughly 4 steps) [3971a535b839489e4ea31796cc086e6ce616318c] mlxsw: spectrum_qdisc: Ignore grafting of invisible FIFO testing commit 3971a535b839489e4ea31796cc086e6ce616318c with gcc (GCC) 8.1.0 kernel signature: 16a29b7b683c696c75d5ff28dc68399a111a8fa90d8c403c2c44b519b4419dae all runs: OK # git bisect bad 3971a535b839489e4ea31796cc086e6ce616318c Bisecting: 6 revisions left to test after this (roughly 3 steps) [52cc73e5404c7ba0cbfc50cb4c265108c84b3d5a] net: stmmac: dwmac-sunxi: Allow all RGMII modes testing commit 52cc73e5404c7ba0cbfc50cb4c265108c84b3d5a with gcc (GCC) 8.1.0 kernel signature: ca43482daee46d5fd0794152404bf789fb96f40d263adbb9f9814be20601e4de run #0: crashed: INFO: rcu detected stall in br_handle_frame run #1: crashed: INFO: rcu detected stall in br_handle_frame run #2: crashed: INFO: rcu detected stall in br_handle_frame run #3: crashed: INFO: rcu detected stall in br_handle_frame run #4: crashed: INFO: rcu detected stall in corrupted run #5: crashed: INFO: rcu detected stall in br_handle_frame run #6: crashed: INFO: rcu detected stall in br_handle_frame run #7: crashed: INFO: rcu detected stall in corrupted run #8: crashed: INFO: rcu detected stall in netlink_sendmsg run #9: crashed: INFO: rcu detected stall in corrupted # git bisect good 52cc73e5404c7ba0cbfc50cb4c265108c84b3d5a Bisecting: 3 revisions left to test after this (roughly 2 steps) [b969fee12b6330fd6a0b15337a314d5b5ee56916] tipc: remove meaningless assignment in Makefile testing commit b969fee12b6330fd6a0b15337a314d5b5ee56916 with gcc (GCC) 8.1.0 kernel signature: c5bcade33fc2f3ffbd9ee72b805fb5edd90aa0e3b64005e6176849d7f42dd53f run #0: crashed: INFO: rcu detected stall in br_handle_frame run #1: crashed: INFO: rcu detected stall in br_handle_frame run #2: crashed: INFO: rcu detected stall in br_handle_frame run #3: crashed: INFO: rcu detected stall in br_handle_frame run #4: crashed: INFO: rcu detected stall in br_handle_frame run #5: crashed: INFO: rcu detected stall in br_handle_frame run #6: crashed: INFO: rcu detected stall in netlink_sendmsg run #7: crashed: INFO: rcu detected stall in br_handle_frame run #8: crashed: INFO: rcu detected stall in corrupted run #9: crashed: INFO: rcu detected stall in br_handle_frame # git bisect good b969fee12b6330fd6a0b15337a314d5b5ee56916 Bisecting: 1 revision left to test after this (roughly 1 step) [90d72256addff9e5f8ad645e8f632750dd1f8935] gtp: fix bad unlock balance in gtp_encap_enable_socket testing commit 90d72256addff9e5f8ad645e8f632750dd1f8935 with gcc (GCC) 8.1.0 kernel signature: f82492a8ab2b2dd27e578a1aeb436347a64651304b63662a946d8c22b44f1883 all runs: OK # git bisect bad 90d72256addff9e5f8ad645e8f632750dd1f8935 Bisecting: 0 revisions left to test after this (roughly 0 steps) [d9e15a2733067c9328fb56d98fe8e574fa19ec31] pkt_sched: fq: do not accept silly TCA_FQ_QUANTUM testing commit d9e15a2733067c9328fb56d98fe8e574fa19ec31 with gcc (GCC) 8.1.0 kernel signature: c5ace045966d346535f8ab1a489724fbb98176a2e5848518baeb5ba2b3c2ca6d all runs: OK # git bisect bad d9e15a2733067c9328fb56d98fe8e574fa19ec31 d9e15a2733067c9328fb56d98fe8e574fa19ec31 is the first bad commit commit d9e15a2733067c9328fb56d98fe8e574fa19ec31 Author: Eric Dumazet Date: Mon Jan 6 06:10:39 2020 -0800 pkt_sched: fq: do not accept silly TCA_FQ_QUANTUM As diagnosed by Florian : If TCA_FQ_QUANTUM is set to 0x80000000, fq_deueue() can loop forever in : if (f->credit <= 0) { f->credit += q->quantum; goto begin; } ... because f->credit is either 0 or -2147483648. Let's limit TCA_FQ_QUANTUM to no more than 1 << 20 : This max value should limit risks of breaking user setups while fixing this bug. Fixes: afe4fd062416 ("pkt_sched: fq: Fair Queue packet scheduler") Signed-off-by: Eric Dumazet Diagnosed-by: Florian Westphal Reported-by: syzbot+dc9071cc5a85950bdfce@syzkaller.appspotmail.com Signed-off-by: David S. Miller net/sched/sch_fq.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) culprit signature: c5ace045966d346535f8ab1a489724fbb98176a2e5848518baeb5ba2b3c2ca6d parent signature: c5bcade33fc2f3ffbd9ee72b805fb5edd90aa0e3b64005e6176849d7f42dd53f revisions tested: 14, total time: 3h35m51.350011492s (build: 1h29m14.620873213s, test: 2h5m30.748896622s) first good commit: d9e15a2733067c9328fb56d98fe8e574fa19ec31 pkt_sched: fq: do not accept silly TCA_FQ_QUANTUM cc: ["davem@davemloft.net" "edumazet@google.com" "jhs@mojatatu.com" "jiri@resnulli.us" "kuba@kernel.org" "linux-kernel@vger.kernel.org" "netdev@vger.kernel.org" "xiyou.wangcong@gmail.com"]