bisecting fixing commit since a26fb01c2879ed7026e6cbd78bb701912d249eef
building syzkaller on 0824d7a1bfdf50e4ab99fd27cc5fc55cb620b1ab
testing commit a26fb01c2879ed7026e6cbd78bb701912d249eef with gcc (GCC) 8.1.0
all runs: crashed: KASAN: slab-out-of-bounds Read in sock_hash_ctx_update_elem
testing current HEAD dcb8cfbd8fe9e62c7d64e82288d3ffe2502b7371
testing commit dcb8cfbd8fe9e62c7d64e82288d3ffe2502b7371 with gcc (GCC) 8.1.0
all runs: OK
# git bisect start dcb8cfbd8fe9e62c7d64e82288d3ffe2502b7371 a26fb01c2879ed7026e6cbd78bb701912d249eef
Bisecting: 43818 revisions left to test after this (roughly 16 steps)
[7abbb35ba98ec52583b92898b2e37533f462d248] Merge branch 'drm-fixes-5.0' of git://people.freedesktop.org/~agd5f/linux into drm-fixes
testing commit 7abbb35ba98ec52583b92898b2e37533f462d248 with gcc (GCC) 8.1.0
all runs: OK
# git bisect bad 7abbb35ba98ec52583b92898b2e37533f462d248
Bisecting: 21931 revisions left to test after this (roughly 15 steps)
[da19a102ce87bf3e0a7fe277a659d1fc35330d6d] Merge tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma
testing commit da19a102ce87bf3e0a7fe277a659d1fc35330d6d with gcc (GCC) 8.1.0
all runs: OK
# git bisect bad da19a102ce87bf3e0a7fe277a659d1fc35330d6d
Bisecting: 10924 revisions left to test after this (roughly 14 steps)
[e61cf2e3a5b452cfefcb145021f5a8ea88735cc1] Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm
testing commit e61cf2e3a5b452cfefcb145021f5a8ea88735cc1 with gcc (GCC) 8.1.0
all runs: crashed: KASAN: slab-out-of-bounds Read in sock_hash_ctx_update_elem
# git bisect good e61cf2e3a5b452cfefcb145021f5a8ea88735cc1
Bisecting: 5481 revisions left to test after this (roughly 13 steps)
[72438f8cef4e75a22140853baa4c68392c721b22] Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
testing commit 72438f8cef4e75a22140853baa4c68392c721b22 with gcc (GCC) 8.1.0
all runs: OK
# git bisect bad 72438f8cef4e75a22140853baa4c68392c721b22
Bisecting: 2721 revisions left to test after this (roughly 11 steps)
[6d6631fd788dcead846ccdc89f3c83e768a98580] mt76x02: add static qualifier to mt76x02_remove_dma_hdr
testing commit 6d6631fd788dcead846ccdc89f3c83e768a98580 with gcc (GCC) 8.1.0
all runs: OK
# git bisect bad 6d6631fd788dcead846ccdc89f3c83e768a98580
Bisecting: 1453 revisions left to test after this (roughly 10 steps)
[ee090756962c58b32af62b768ac7c58cc53af700] Merge tag 'armsoc-defconfig' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc
testing commit ee090756962c58b32af62b768ac7c58cc53af700 with gcc (GCC) 8.1.0
all runs: crashed: KASAN: slab-out-of-bounds Read in sock_hash_ctx_update_elem
# git bisect good ee090756962c58b32af62b768ac7c58cc53af700
Bisecting: 699 revisions left to test after this (roughly 10 steps)
[53a01c9a5fcf74b7f855e70dd69742fb3cb84c83] Merge tag 'nfs-for-4.19-1' of git://git.linux-nfs.org/projects/anna/linux-nfs
testing commit 53a01c9a5fcf74b7f855e70dd69742fb3cb84c83 with gcc (GCC) 8.1.0
all runs: crashed: KASAN: slab-out-of-bounds Read in sock_hash_ctx_update_elem
# git bisect good 53a01c9a5fcf74b7f855e70dd69742fb3cb84c83
Bisecting: 323 revisions left to test after this (roughly 9 steps)
[d207ea8e74ff45be0838afa12bdd2492fa9dc8bc] Merge branch 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
testing commit d207ea8e74ff45be0838afa12bdd2492fa9dc8bc with gcc (GCC) 8.1.0
run #0: crashed: KASAN: slab-out-of-bounds Read in sock_hash_ctx_update_elem
run #1: crashed: KASAN: slab-out-of-bounds Read in sock_hash_ctx_update_elem
run #2: crashed: KASAN: slab-out-of-bounds Read in sock_hash_ctx_update_elem
run #3: crashed: INFO: trying to register non-static key in corrupted
run #4: crashed: KASAN: slab-out-of-bounds Read in sock_hash_ctx_update_elem
run #5: crashed: KASAN: slab-out-of-bounds Read in sock_hash_ctx_update_elem
run #6: crashed: KASAN: slab-out-of-bounds Read in sock_hash_ctx_update_elem
run #7: crashed: KASAN: slab-out-of-bounds Read in sock_hash_ctx_update_elem
run #8: crashed: KASAN: slab-out-of-bounds Read in sock_hash_ctx_update_elem
run #9: crashed: INFO: trying to register non-static key in corrupted
# git bisect good d207ea8e74ff45be0838afa12bdd2492fa9dc8bc
Bisecting: 161 revisions left to test after this (roughly 7 steps)
[89d5e833534bfdbcf2d25f93c780883f530847c9] iwlwifi: pcie: make non-static hcmd and rx code
testing commit 89d5e833534bfdbcf2d25f93c780883f530847c9 with gcc (GCC) 8.1.0
all runs: OK
# git bisect bad 89d5e833534bfdbcf2d25f93c780883f530847c9
Bisecting: 80 revisions left to test after this (roughly 6 steps)
[f7b9e8e111e0ce04ed7d1a1cb5b01b6e57775708] Revert "net: stmmac: fix build failure due to missing COMMON_CLK dependency"
testing commit f7b9e8e111e0ce04ed7d1a1cb5b01b6e57775708 with gcc (GCC) 8.1.0
all runs: OK
# git bisect bad f7b9e8e111e0ce04ed7d1a1cb5b01b6e57775708
Bisecting: 39 revisions left to test after this (roughly 5 steps)
[6bfde2e196d8ddfea5317be986809abdb0be5a0c] Merge branch 'hns3-fixes'
testing commit 6bfde2e196d8ddfea5317be986809abdb0be5a0c with gcc (GCC) 8.1.0
all runs: crashed: KASAN: slab-out-of-bounds Read in sock_hash_ctx_update_elem
# git bisect good 6bfde2e196d8ddfea5317be986809abdb0be5a0c
Bisecting: 22 revisions left to test after this (roughly 4 steps)
[c08eebad4ac5992f87d783370fcffca5f28631c7] Merge branch '100GbE' of git://git.kernel.org/pub/scm/linux/kernel/git/jkirsher/net-queue
testing commit c08eebad4ac5992f87d783370fcffca5f28631c7 with gcc (GCC) 8.1.0
run #0: crashed: KASAN: slab-out-of-bounds Read in sock_hash_ctx_update_elem
run #1: crashed: KASAN: slab-out-of-bounds Read in sock_hash_ctx_update_elem
run #2: crashed: KASAN: slab-out-of-bounds Read in sock_hash_ctx_update_elem
run #3: crashed: KASAN: slab-out-of-bounds Read in sock_hash_ctx_update_elem
run #4: crashed: KASAN: slab-out-of-bounds Read in sock_hash_ctx_update_elem
run #5: crashed: KASAN: slab-out-of-bounds Read in sock_hash_ctx_update_elem
run #6: crashed: INFO: trying to register non-static key in corrupted
run #7: crashed: KASAN: slab-out-of-bounds Read in sock_hash_ctx_update_elem
run #8: crashed: KASAN: slab-out-of-bounds Read in sock_hash_ctx_update_elem
run #9: crashed: KASAN: slab-out-of-bounds Read in sock_hash_ctx_update_elem
# git bisect good c08eebad4ac5992f87d783370fcffca5f28631c7
Bisecting: 11 revisions left to test after this (roughly 4 steps)
[ee400a3f1bfe7004a3e14b81c38ccc5583c26295] e1000: ensure to free old tx/rx rings in set_ringparam()
testing commit ee400a3f1bfe7004a3e14b81c38ccc5583c26295 with gcc (GCC) 8.1.0
run #0: OK
run #1: OK
run #2: OK
run #3: OK
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: boot failed: KASAN: use-after-free Read in dd_has_work
# git bisect bad ee400a3f1bfe7004a3e14b81c38ccc5583c26295
Bisecting: 5 revisions left to test after this (roughly 3 steps)
[9b2e0388bec8ec5427403e23faff3b58dd1c3200] bpf: sockmap: write_space events need to be passed to TCP handler
testing commit 9b2e0388bec8ec5427403e23faff3b58dd1c3200 with gcc (GCC) 8.1.0
all runs: OK
# git bisect bad 9b2e0388bec8ec5427403e23faff3b58dd1c3200
Bisecting: 2 revisions left to test after this (roughly 1 step)
[b845c898b2f1ea458d5453f0fa1da6e2dfce3bb4] bpf, sockmap: fix sock_hash_alloc and reject zero-sized keys
testing commit b845c898b2f1ea458d5453f0fa1da6e2dfce3bb4 with gcc (GCC) 8.1.0
run #0: basic kernel testing failed: failed to copy test binary to VM: failed to run ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "-i" "/syzkaller/jobs/linux/workdir/image/key" "/tmp/syz-executor937002422" "root@10.128.15.193:./syz-executor937002422"]: exit status 1
ssh: connect to host 10.128.15.193 port 22: Connection timed out
lost connection

run #1: OK
run #2: OK
run #3: OK
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
# git bisect bad b845c898b2f1ea458d5453f0fa1da6e2dfce3bb4
Bisecting: 0 revisions left to test after this (roughly 0 steps)
[96c26e04581667e3cd17ed74c2fc3499afea49b8] xsk: fix return value of xdp_umem_assign_dev()
testing commit 96c26e04581667e3cd17ed74c2fc3499afea49b8 with gcc (GCC) 8.1.0
run #0: crashed: KASAN: slab-out-of-bounds Read in sock_hash_ctx_update_elem
run #1: crashed: KASAN: slab-out-of-bounds Read in sock_hash_ctx_update_elem
run #2: crashed: KASAN: slab-out-of-bounds Read in sock_hash_ctx_update_elem
run #3: crashed: KASAN: slab-out-of-bounds Read in sock_hash_ctx_update_elem
run #4: crashed: KASAN: slab-out-of-bounds Read in sock_hash_ctx_update_elem
run #5: crashed: INFO: trying to register non-static key in corrupted
run #6: crashed: KASAN: slab-out-of-bounds Read in sock_hash_ctx_update_elem
run #7: crashed: KASAN: slab-out-of-bounds Read in sock_hash_ctx_update_elem
run #8: crashed: INFO: trying to register non-static key in corrupted
run #9: crashed: KASAN: slab-out-of-bounds Read in sock_hash_ctx_update_elem
# git bisect good 96c26e04581667e3cd17ed74c2fc3499afea49b8
b845c898b2f1ea458d5453f0fa1da6e2dfce3bb4 is the first bad commit
commit b845c898b2f1ea458d5453f0fa1da6e2dfce3bb4
Author: Daniel Borkmann <daniel@iogearbox.net>
Date:   Tue Aug 21 15:55:00 2018 +0200

    bpf, sockmap: fix sock_hash_alloc and reject zero-sized keys
    
    Currently, it is possible to create a sock hash map with key size
    of 0 and have the kernel return a fd back to user space. This is
    invalid for hash maps (and kernel also hasn't been tested for zero
    key size support in general at this point). Thus, reject such
    configuration.
    
    Fixes: 81110384441a ("bpf: sockmap, add hash map support")
    Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
    Acked-by: John Fastabend <john.fastabend@gmail.com>
    Acked-by: Song Liu <songliubraving@fb.com>

:040000 040000 62f38b498a67b4708af15fc365da389606fe57e7 e99d69ef45fb292509351ca0b2ba3d3bab0e1a59 M	kernel
revisions tested: 18, total time: 4h5m45.160302109s (build: 1h21m14.528933772s, test: 2h38m15.094181917s)
first good commit: b845c898b2f1ea458d5453f0fa1da6e2dfce3bb4 bpf, sockmap: fix sock_hash_alloc and reject zero-sized keys
cc: ["ast@kernel.org" "bpf@vger.kernel.org" "daniel@iogearbox.net" "john.fastabend@gmail.com" "kafai@fb.com" "linux-kernel@vger.kernel.org" "netdev@vger.kernel.org" "songliubraving@fb.com" "yhs@fb.com"]