bisecting fixing commit since f2850dd5ee015bd7b77043f731632888887689c7
building syzkaller on 84f4fc8afc9aedba4b3afa4bb76c3df6c6352c07
testing commit f2850dd5ee015bd7b77043f731632888887689c7 with gcc (GCC) 8.1.0
kernel signature: 5f20a827992b30c81225294fe13cb988c671d9c9544113c32a504ceef2d062d6
run #0: crashed: kernel panic: System is deadlocked on memory
run #1: crashed: INFO: task hung in hashlimit_mt_check_common
run #2: crashed: INFO: task hung in htable_put
run #3: crashed: INFO: task hung in htable_put
run #4: crashed: INFO: task hung in htable_put
run #5: crashed: INFO: task hung in htable_put
run #6: crashed: INFO: task hung in htable_put
run #7: crashed: INFO: task hung in htable_put
run #8: crashed: INFO: task hung in htable_put
run #9: crashed: INFO: task hung in htable_put
testing current HEAD 6c90b86a745a446717fdf408c4a8a4631a5e8ee3
testing commit 6c90b86a745a446717fdf408c4a8a4631a5e8ee3 with gcc (GCC) 8.1.0
kernel signature: 027bb675e5edef8e12243f781a5cb7c4e52fb5822fb682ab7cd0ed6f03b3874b
all runs: OK
# git bisect start 6c90b86a745a446717fdf408c4a8a4631a5e8ee3 f2850dd5ee015bd7b77043f731632888887689c7
Bisecting: 879 revisions left to test after this (roughly 10 steps)
[ed5fa5591866f95be1fe75cd267cf9df2c0390f5] Merge tag 'audit-pr-20200226' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/audit
testing commit ed5fa5591866f95be1fe75cd267cf9df2c0390f5 with gcc (GCC) 8.1.0
kernel signature: 498ee127898dbd31d041ec4f7a564bdf343c35a6294b08880f59c9be9c00f2f2
all runs: crashed: WARNING: proc registration bug in hashlimit_mt_check_common
# git bisect good ed5fa5591866f95be1fe75cd267cf9df2c0390f5
Bisecting: 439 revisions left to test after this (roughly 9 steps)
[286d3250c9d6437340203fb64938bea344729a0e] efi: Fix a race and a buffer overflow while reading efivars via sysfs
testing commit 286d3250c9d6437340203fb64938bea344729a0e with gcc (GCC) 8.1.0
kernel signature: 83538510eb10b64063ec80d62cfda9de6cdc5eec24f79e04ace5a5baf60eb405
run #0: boot failed: can't ssh into the instance
run #1: OK
run #2: OK
run #3: OK
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
# git bisect bad 286d3250c9d6437340203fb64938bea344729a0e
Bisecting: 224 revisions left to test after this (roughly 8 steps)
[513dc792d6060d5ef572e43852683097a8420f56] vgacon: Fix a UAF in vgacon_invert_region
testing commit 513dc792d6060d5ef572e43852683097a8420f56 with gcc (GCC) 8.1.0
kernel signature: 069e8ddb83ca76a9a75bbafeda65976e09fedc0e482065f1477e20fa3343d441
all runs: OK
# git bisect bad 513dc792d6060d5ef572e43852683097a8420f56
Bisecting: 108 revisions left to test after this (roughly 7 steps)
[45d0b75b98bf1de4b3a5b09188c75f3bfa3152b0] Merge tag 'drm-fixes-2020-02-28' of git://anongit.freedesktop.org/drm/drm
testing commit 45d0b75b98bf1de4b3a5b09188c75f3bfa3152b0 with gcc (GCC) 8.1.0
kernel signature: 739446c70bffa91e23474f345c36fb9db7f9842e97396f438d30e957a05be26c
all runs: OK
# git bisect bad 45d0b75b98bf1de4b3a5b09188c75f3bfa3152b0
Bisecting: 52 revisions left to test after this (roughly 6 steps)
[b82cf17ff1957ec35eaee7dc519c365ecd06ba38] net: phy: marvell: don't interpret PHY status unless resolved
testing commit b82cf17ff1957ec35eaee7dc519c365ecd06ba38 with gcc (GCC) 8.1.0
kernel signature: ce70460f2081ecec248d2480803e89c062268e2d0b010b0dbb2351dde19282cb
run #0: boot failed: can't ssh into the instance
run #1: OK
run #2: OK
run #3: OK
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
# git bisect bad b82cf17ff1957ec35eaee7dc519c365ecd06ba38
Bisecting: 26 revisions left to test after this (roughly 5 steps)
[9ea4894ba4492c1afeff3142f34bcf9af706a2e1] Merge branch 'master' of git://blackhole.kfki.hu/nf
testing commit 9ea4894ba4492c1afeff3142f34bcf9af706a2e1 with gcc (GCC) 8.1.0
kernel signature: a3f5bca8e38aa99c93895ff9bfb4fed98754a853cb9f0440b0dd1cb02c2e989e
all runs: crashed: WARNING: proc registration bug in hashlimit_mt_check_common
# git bisect good 9ea4894ba4492c1afeff3142f34bcf9af706a2e1
Bisecting: 13 revisions left to test after this (roughly 4 steps)
[51e3dfa8906ace90c809235b3d3afebc166b6433] net/smc: fix cleanup for linkgroup setup failures
testing commit 51e3dfa8906ace90c809235b3d3afebc166b6433 with gcc (GCC) 8.1.0
kernel signature: 97ec82b1edfadbbbcf1e49882c1f324e14ac1924b4b64a7fb4350ea95bc3de15
all runs: OK
# git bisect bad 51e3dfa8906ace90c809235b3d3afebc166b6433
Bisecting: 4 revisions left to test after this (roughly 3 steps)
[574b238f64594cc0d87aad3f716ebab49fb663fa] Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf
testing commit 574b238f64594cc0d87aad3f716ebab49fb663fa with gcc (GCC) 8.1.0
kernel signature: 3b51d191e71de30c5a631f70b6232c8521e97c84283643041dbbdada97a7e1d2
all runs: OK
# git bisect bad 574b238f64594cc0d87aad3f716ebab49fb663fa
Bisecting: 3 revisions left to test after this (roughly 2 steps)
[9a005c3898aa07cd5cdca77b7096814e6c478c92] bnxt_en: add newline to netdev_*() format strings
testing commit 9a005c3898aa07cd5cdca77b7096814e6c478c92 with gcc (GCC) 8.1.0
kernel signature: aa45e21802f0759a3a4455977261cfef4ecd30f1b6fd105a3adcda0607b08324
all runs: crashed: WARNING: proc registration bug in hashlimit_mt_check_common
# git bisect good 9a005c3898aa07cd5cdca77b7096814e6c478c92
Bisecting: 1 revision left to test after this (roughly 1 step)
[0954df70fba743d8cdaa09ccf6ba8e4ad09628de] selftests: nft_concat_range: Add test for reported add/flush/add issue
testing commit 0954df70fba743d8cdaa09ccf6ba8e4ad09628de with gcc (GCC) 8.1.0
kernel signature: 6bc5bb2887d6a961648290d6642822828cea1b15132011de344658aedf7d9fbe
all runs: crashed: WARNING: proc registration bug in hashlimit_mt_check_common
# git bisect good 0954df70fba743d8cdaa09ccf6ba8e4ad09628de
Bisecting: 0 revisions left to test after this (roughly 0 steps)
[99b79c3900d4627672c85d9f344b5b0f06bc2a4d] netfilter: xt_hashlimit: unregister proc file before releasing mutex
testing commit 99b79c3900d4627672c85d9f344b5b0f06bc2a4d with gcc (GCC) 8.1.0
kernel signature: 086e73f6d34f02912ea555560e4e4590d8836786256f5855b10eecd8f9a84a4f
all runs: OK
# git bisect bad 99b79c3900d4627672c85d9f344b5b0f06bc2a4d
99b79c3900d4627672c85d9f344b5b0f06bc2a4d is the first bad commit
commit 99b79c3900d4627672c85d9f344b5b0f06bc2a4d
Author: Cong Wang <xiyou.wangcong@gmail.com>
Date:   Wed Feb 12 22:53:52 2020 -0800

    netfilter: xt_hashlimit: unregister proc file before releasing mutex
    
    Before releasing the global mutex, we only unlink the hashtable
    from the hash list, its proc file is still not unregistered at
    this point. So syzbot could trigger a race condition where a
    parallel htable_create() could register the same file immediately
    after the mutex is released.
    
    Move htable_remove_proc_entry() back to mutex protection to
    fix this. And, fold htable_destroy() into htable_put() to make
    the code slightly easier to understand.
    
    Reported-and-tested-by: syzbot+d195fd3b9a364ddd6731@syzkaller.appspotmail.com
    Fixes: c4a3922d2d20 ("netfilter: xt_hashlimit: reduce hashlimit_mutex scope for htable_put()")
    Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com>
    Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

 net/netfilter/xt_hashlimit.c | 16 ++++++----------
 1 file changed, 6 insertions(+), 10 deletions(-)
culprit signature: 086e73f6d34f02912ea555560e4e4590d8836786256f5855b10eecd8f9a84a4f
parent  signature: 6bc5bb2887d6a961648290d6642822828cea1b15132011de344658aedf7d9fbe
revisions tested: 13, total time: 3h52m3.910182935s (build: 1h27m59.653919804s, test: 2h23m3.523452882s)
first good commit: 99b79c3900d4627672c85d9f344b5b0f06bc2a4d netfilter: xt_hashlimit: unregister proc file before releasing mutex
cc: ["pablo@netfilter.org" "syzbot+d195fd3b9a364ddd6731@syzkaller.appspotmail.com" "xiyou.wangcong@gmail.com"]