bisecting fixing commit since 3207316b3beec7e38e5dbe2f463df0cec71e0b97
building syzkaller on 5cc121d679e3f161f29503eeba9288431b6d644d
testing commit 3207316b3beec7e38e5dbe2f463df0cec71e0b97 with gcc (GCC) 8.4.1 20210217
kernel signature: caad3c59a7a925ff9b09c174b3fd8143ac4529695488964b59712f793f8b4622
run #0: crashed: possible deadlock in red_change
run #1: crashed: possible deadlock in red_change
run #2: crashed: possible deadlock in red_adaptative_timer
run #3: crashed: possible deadlock in red_change
run #4: crashed: possible deadlock in red_change
run #5: crashed: possible deadlock in red_change
run #6: crashed: possible deadlock in red_change
run #7: crashed: possible deadlock in red_change
run #8: crashed: possible deadlock in red_change
run #9: crashed: possible deadlock in red_change
run #10: crashed: possible deadlock in red_change
run #11: crashed: possible deadlock in red_change
run #12: crashed: possible deadlock in red_change
run #13: crashed: possible deadlock in red_change
run #14: crashed: possible deadlock in red_change
run #15: crashed: possible deadlock in red_change
run #16: crashed: possible deadlock in red_change
run #17: crashed: possible deadlock in red_change
run #18: crashed: possible deadlock in red_change
run #19: crashed: possible deadlock in red_change
testing current HEAD 2965db2e004cf9c92b87c1f559e9812c0ae878c1
testing commit 2965db2e004cf9c92b87c1f559e9812c0ae878c1 with gcc (GCC) 8.4.1 20210217
kernel signature: 05ee57ebc932b9f25504bc597faf6b9fc61c017042d326ea1504a5446445129e
all runs: OK
# git bisect start 2965db2e004cf9c92b87c1f559e9812c0ae878c1 3207316b3beec7e38e5dbe2f463df0cec71e0b97
Bisecting: 614 revisions left to test after this (roughly 9 steps)
[208c697db98bd1394cb02f25dc092217456ac882] auxdisplay: ht16k33: Fix refresh rate handling

testing commit 208c697db98bd1394cb02f25dc092217456ac882 with gcc (GCC) 8.4.1 20210217
kernel signature: 8b81a4a6e017917cad73d002bb186c475c33e51dd770fe3afe8c1b781198eba1
run #0: crashed: possible deadlock in red_adaptative_timer
run #1: crashed: possible deadlock in red_change
run #2: crashed: possible deadlock in red_change
run #3: crashed: possible deadlock in red_change
run #4: crashed: possible deadlock in red_change
run #5: crashed: possible deadlock in red_change
run #6: crashed: possible deadlock in red_change
run #7: crashed: possible deadlock in red_change
run #8: crashed: possible deadlock in red_change
run #9: crashed: possible deadlock in red_change
# git bisect good 208c697db98bd1394cb02f25dc092217456ac882
Bisecting: 307 revisions left to test after this (roughly 8 steps)
[35815df53afce631943c5fd8f83ce042871114b6] staging: comedi: addi_apci_1032: Fix endian problem for COS sample

testing commit 35815df53afce631943c5fd8f83ce042871114b6 with gcc (GCC) 8.4.1 20210217
kernel signature: 21a1a2969de6e60f01075db700728a03bdd0694db74da520c64242444e4efe99
all runs: crashed: possible deadlock in red_change
# git bisect good 35815df53afce631943c5fd8f83ce042871114b6
Bisecting: 153 revisions left to test after this (roughly 7 steps)
[f9501b8da468caa7132455ec6e2952d4cbfa8335] tcp: relookup sock for RST+ACK packets handled by obsolete req sock

testing commit f9501b8da468caa7132455ec6e2952d4cbfa8335 with gcc (GCC) 8.4.1 20210217
kernel signature: 3c639fe67f45716923615d667debb45d8999fed7f17e85478335cc8c9c424bcf
all runs: OK
# git bisect bad f9501b8da468caa7132455ec6e2952d4cbfa8335
Bisecting: 76 revisions left to test after this (roughly 6 steps)
[b0834edc70e402244ed8da96664368c15d869582] cifs: Fix preauth hash corruption

testing commit b0834edc70e402244ed8da96664368c15d869582 with gcc (GCC) 8.4.1 20210217
kernel signature: a396f8cdd9195a422ac7e3c09448d785774d691a2b1019034cfc3c90f940c715
run #0: crashed: possible deadlock in red_change
run #1: crashed: possible deadlock in red_change
run #2: crashed: possible deadlock in red_change
run #3: crashed: possible deadlock in red_change
run #4: crashed: possible deadlock in red_change
run #5: crashed: possible deadlock in red_change
run #6: crashed: possible deadlock in red_change
run #7: crashed: possible deadlock in red_change
run #8: crashed: possible deadlock in red_change
run #9: crashed: possible deadlock in red_adaptative_timer
# git bisect good b0834edc70e402244ed8da96664368c15d869582
Bisecting: 38 revisions left to test after this (roughly 5 steps)
[63ca87e2e3d8e82131da9de48dac303ce026ae43] net: dsa: bcm_sf2: Qualify phydev->dev_flags based on port

testing commit 63ca87e2e3d8e82131da9de48dac303ce026ae43 with gcc (GCC) 8.4.1 20210217
kernel signature: bf2af603c0b3f6e8284474b334278cac37f2ef1269cadfe3850c44bf2d7325a2
all runs: crashed: possible deadlock in red_change
# git bisect good 63ca87e2e3d8e82131da9de48dac303ce026ae43
Bisecting: 19 revisions left to test after this (roughly 4 steps)
[0abcfaf058d77aa6450ceb29985e50f72bf6b782] Revert "netfilter: x_tables: Switch synchronization to RCU"

testing commit 0abcfaf058d77aa6450ceb29985e50f72bf6b782 with gcc (GCC) 8.4.1 20210217
net/ipv6/netfilter/ip6_tables.c:1631:41: error: implicit declaration of function 'xt_table_get_private_protected' [-Werror=implicit-function-declaration]
net/ipv4/netfilter/ip_tables.c:1622:41: error: implicit declaration of function 'xt_table_get_private_protected' [-Werror=implicit-function-declaration]
# git bisect skip 0abcfaf058d77aa6450ceb29985e50f72bf6b782
Bisecting: 19 revisions left to test after this (roughly 4 steps)
[3e5ef7d962a14301dfcf78e18a792747a0f8f30c] net: cdc-phonet: fix data-interface release on probe failure

testing commit 3e5ef7d962a14301dfcf78e18a792747a0f8f30c with gcc (GCC) 8.4.1 20210217
kernel signature: 305da3389e35733df2ee1f7ffce3fa1312806da89fd12235d0a758c72fea260b
run #0: crashed: possible deadlock in red_change
run #1: crashed: possible deadlock in red_change
run #2: crashed: possible deadlock in red_adaptative_timer
run #3: crashed: possible deadlock in red_change
run #4: crashed: possible deadlock in red_change
run #5: crashed: possible deadlock in red_change
run #6: crashed: possible deadlock in red_change
run #7: crashed: possible deadlock in red_change
run #8: crashed: possible deadlock in red_change
run #9: crashed: possible deadlock in red_change
# git bisect good 3e5ef7d962a14301dfcf78e18a792747a0f8f30c
Bisecting: 13 revisions left to test after this (roughly 4 steps)
[8d4c1cce0c38e9104433617ca1455c583a857c97] perf auxtrace: Fix auxtrace queue conflict

testing commit 8d4c1cce0c38e9104433617ca1455c583a857c97 with gcc (GCC) 8.4.1 20210217
kernel signature: 0bcdfd52eedb635428434f502eda2f710b45d2703bc5bc926d3263252989e2ad
run #0: crashed: possible deadlock in red_change
run #1: crashed: possible deadlock in red_change
run #2: crashed: possible deadlock in red_change
run #3: crashed: possible deadlock in red_change
run #4: crashed: possible deadlock in red_change
run #5: crashed: possible deadlock in red_change
run #6: crashed: possible deadlock in red_change
run #7: crashed: possible deadlock in red_adaptative_timer
run #8: crashed: possible deadlock in red_change
run #9: crashed: possible deadlock in red_change
# git bisect good 8d4c1cce0c38e9104433617ca1455c583a857c97
Bisecting: 6 revisions left to test after this (roughly 3 steps)
[5f09be2a1a35cb8bd6c178d5f205b7265bd68646] net: qrtr: fix a kernel-infoleak in qrtr_recvmsg()

testing commit 5f09be2a1a35cb8bd6c178d5f205b7265bd68646 with gcc (GCC) 8.4.1 20210217
kernel signature: 70db7eff7fd99e1d08aaf901bd38b84b0fb06a1593e005ba6ecc374dfa3eefd2
all runs: OK
# git bisect bad 5f09be2a1a35cb8bd6c178d5f205b7265bd68646
Bisecting: 2 revisions left to test after this (roughly 2 steps)
[a8c2d9e631a0f6431d3b4365ff97063a0fe5dc95] x86/mem_encrypt: Correct physical address calculation in __set_clr_pte_enc()

testing commit a8c2d9e631a0f6431d3b4365ff97063a0fe5dc95 with gcc (GCC) 8.4.1 20210217
kernel signature: 0bcdfd52eedb635428434f502eda2f710b45d2703bc5bc926d3263252989e2ad
run #0: crashed: possible deadlock in red_adaptative_timer
run #1: crashed: possible deadlock in red_change
run #2: crashed: possible deadlock in red_change
run #3: crashed: possible deadlock in red_change
run #4: crashed: possible deadlock in red_change
run #5: crashed: possible deadlock in red_change
run #6: crashed: possible deadlock in red_change
run #7: crashed: possible deadlock in red_change
run #8: crashed: possible deadlock in red_change
run #9: crashed: possible deadlock in red_change
# git bisect good a8c2d9e631a0f6431d3b4365ff97063a0fe5dc95
Bisecting: 1 revision left to test after this (roughly 1 step)
[00e17e57a3c724874bd40710f3ad2528045d5711] can: dev: Move device back to init netns on owning netns delete

testing commit 00e17e57a3c724874bd40710f3ad2528045d5711 with gcc (GCC) 8.4.1 20210217
kernel signature: 3989c4b4ecb77258352922f65df876f416ded1ec4fd7d1bbec86e049a88d3e22
run #0: crashed: possible deadlock in red_change
run #1: crashed: possible deadlock in red_change
run #2: crashed: possible deadlock in red_adaptative_timer
run #3: crashed: possible deadlock in red_change
run #4: crashed: possible deadlock in red_adaptative_timer
run #5: crashed: possible deadlock in red_change
run #6: crashed: possible deadlock in red_change
run #7: crashed: possible deadlock in red_change
run #8: crashed: possible deadlock in red_change
run #9: crashed: possible deadlock in red_change
# git bisect good 00e17e57a3c724874bd40710f3ad2528045d5711
Bisecting: 0 revisions left to test after this (roughly 0 steps)
[66f6f4094ff2c7313b7eff8bfe1e4966c0b70b83] net: sched: validate stab values

testing commit 66f6f4094ff2c7313b7eff8bfe1e4966c0b70b83 with gcc (GCC) 8.4.1 20210217
kernel signature: 70db7eff7fd99e1d08aaf901bd38b84b0fb06a1593e005ba6ecc374dfa3eefd2
all runs: OK
# git bisect bad 66f6f4094ff2c7313b7eff8bfe1e4966c0b70b83
66f6f4094ff2c7313b7eff8bfe1e4966c0b70b83 is the first bad commit
commit 66f6f4094ff2c7313b7eff8bfe1e4966c0b70b83
Author: Eric Dumazet <edumazet@google.com>
Date:   Wed Mar 10 08:26:41 2021 -0800

    net: sched: validate stab values
    
    commit e323d865b36134e8c5c82c834df89109a5c60dab upstream.
    
    iproute2 package is well behaved, but malicious user space can
    provide illegal shift values and trigger UBSAN reports.
    
    Add stab parameter to red_check_params() to validate user input.
    
    syzbot reported:
    
    UBSAN: shift-out-of-bounds in ./include/net/red.h:312:18
    shift exponent 111 is too large for 64-bit type 'long unsigned int'
    CPU: 1 PID: 14662 Comm: syz-executor.3 Not tainted 5.12.0-rc2-syzkaller #0
    Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
    Call Trace:
     __dump_stack lib/dump_stack.c:79 [inline]
     dump_stack+0x141/0x1d7 lib/dump_stack.c:120
     ubsan_epilogue+0xb/0x5a lib/ubsan.c:148
     __ubsan_handle_shift_out_of_bounds.cold+0xb1/0x181 lib/ubsan.c:327
     red_calc_qavg_from_idle_time include/net/red.h:312 [inline]
     red_calc_qavg include/net/red.h:353 [inline]
     choke_enqueue.cold+0x18/0x3dd net/sched/sch_choke.c:221
     __dev_xmit_skb net/core/dev.c:3837 [inline]
     __dev_queue_xmit+0x1943/0x2e00 net/core/dev.c:4150
     neigh_hh_output include/net/neighbour.h:499 [inline]
     neigh_output include/net/neighbour.h:508 [inline]
     ip6_finish_output2+0x911/0x1700 net/ipv6/ip6_output.c:117
     __ip6_finish_output net/ipv6/ip6_output.c:182 [inline]
     __ip6_finish_output+0x4c1/0xe10 net/ipv6/ip6_output.c:161
     ip6_finish_output+0x35/0x200 net/ipv6/ip6_output.c:192
     NF_HOOK_COND include/linux/netfilter.h:290 [inline]
     ip6_output+0x1e4/0x530 net/ipv6/ip6_output.c:215
     dst_output include/net/dst.h:448 [inline]
     NF_HOOK include/linux/netfilter.h:301 [inline]
     NF_HOOK include/linux/netfilter.h:295 [inline]
     ip6_xmit+0x127e/0x1eb0 net/ipv6/ip6_output.c:320
     inet6_csk_xmit+0x358/0x630 net/ipv6/inet6_connection_sock.c:135
     dccp_transmit_skb+0x973/0x12c0 net/dccp/output.c:138
     dccp_send_reset+0x21b/0x2b0 net/dccp/output.c:535
     dccp_finish_passive_close net/dccp/proto.c:123 [inline]
     dccp_finish_passive_close+0xed/0x140 net/dccp/proto.c:118
     dccp_terminate_connection net/dccp/proto.c:958 [inline]
     dccp_close+0xb3c/0xe60 net/dccp/proto.c:1028
     inet_release+0x12e/0x280 net/ipv4/af_inet.c:431
     inet6_release+0x4c/0x70 net/ipv6/af_inet6.c:478
     __sock_release+0xcd/0x280 net/socket.c:599
     sock_close+0x18/0x20 net/socket.c:1258
     __fput+0x288/0x920 fs/file_table.c:280
     task_work_run+0xdd/0x1a0 kernel/task_work.c:140
     tracehook_notify_resume include/linux/tracehook.h:189 [inline]
    
    Fixes: 8afa10cbe281 ("net_sched: red: Avoid illegal values")
    Signed-off-by: Eric Dumazet <edumazet@google.com>
    Reported-by: syzbot <syzkaller@googlegroups.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

 include/net/red.h     | 10 +++++++++-
 net/sched/sch_choke.c |  7 ++++---
 net/sched/sch_gred.c  |  2 +-
 net/sched/sch_red.c   |  7 +++++--
 net/sched/sch_sfq.c   |  2 +-
 5 files changed, 20 insertions(+), 8 deletions(-)

culprit signature: 70db7eff7fd99e1d08aaf901bd38b84b0fb06a1593e005ba6ecc374dfa3eefd2
parent  signature: 3989c4b4ecb77258352922f65df876f416ded1ec4fd7d1bbec86e049a88d3e22
revisions tested: 13, total time: 3h2m13.323377077s (build: 1h46m43.053372487s, test: 1h14m22.52672261s)
first good commit: 66f6f4094ff2c7313b7eff8bfe1e4966c0b70b83 net: sched: validate stab values
recipients (to): ["davem@davemloft.net" "edumazet@google.com" "gregkh@linuxfoundation.org"]
recipients (cc): []