bisecting fixing commit since 1c7fc5cbc33980acd13d668f1c8f0313d6ae9fd8
building syzkaller on c3f3344c78d6f69e1494297262c453f8ed10a844
testing commit 1c7fc5cbc33980acd13d668f1c8f0313d6ae9fd8 with gcc (GCC) 8.1.0
run #0: crashed: BUG: unable to handle kernel paging request in corrupted
run #1: crashed: KASAN: use-after-free Read in tick_sched_handle
run #2: crashed: WARNING: refcount bug in corrupted
run #3: crashed: KASAN: use-after-free Read in tick_sched_handle
run #4: crashed: general protection fault in rb_insert_color
run #5: crashed: BUG: spinlock bad magic in corrupted
run #6: crashed: KASAN: use-after-free Read in ___neigh_create
run #7: crashed: kernel BUG at fs/namei.c:LINE!
run #8: crashed: general protection fault in __run_timers
run #9: crashed: KASAN: stack-out-of-bounds Read in cpuacct_charge
testing current HEAD 296d05cb0d3c9f4648e31abb8ce404ac6915d66c
testing commit 296d05cb0d3c9f4648e31abb8ce404ac6915d66c with gcc (GCC) 8.1.0
all runs: OK
# git bisect start 296d05cb0d3c9f4648e31abb8ce404ac6915d66c 1c7fc5cbc33980acd13d668f1c8f0313d6ae9fd8
Bisecting: 23175 revisions left to test after this (roughly 15 steps)
[f4d9a23d3dad0252f375901bf4ff6523a2c97241] sparc64: simplify reduce_memory() function
testing commit f4d9a23d3dad0252f375901bf4ff6523a2c97241 with gcc (GCC) 8.1.0
all runs: OK
# git bisect bad f4d9a23d3dad0252f375901bf4ff6523a2c97241
Bisecting: 11330 revisions left to test after this (roughly 14 steps)
[96a6de1a541c86e9e67b9c310c14db4099bd1cbc] Merge tag 'media/v5.1-1' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media
testing commit 96a6de1a541c86e9e67b9c310c14db4099bd1cbc with gcc (GCC) 8.1.0
all runs: OK
# git bisect bad 96a6de1a541c86e9e67b9c310c14db4099bd1cbc
Bisecting: 5644 revisions left to test after this (roughly 13 steps)
[203b6609e0ede49eb0b97008b1150c69e9d2ffd3] Merge branch 'perf-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
testing commit 203b6609e0ede49eb0b97008b1150c69e9d2ffd3 with gcc (GCC) 8.1.0
all runs: OK
# git bisect bad 203b6609e0ede49eb0b97008b1150c69e9d2ffd3
Bisecting: 2936 revisions left to test after this (roughly 12 steps)
[bb015f2216fe71f284a29d5b7cfc163f8f68d14c] Merge branch 's390-next'
testing commit bb015f2216fe71f284a29d5b7cfc163f8f68d14c with gcc (GCC) 8.1.0
all runs: OK
# git bisect bad bb015f2216fe71f284a29d5b7cfc163f8f68d14c
Bisecting: 1452 revisions left to test after this (roughly 11 steps)
[7dac3ae42cf8203c0a9c54cb387512c91b64e22a] tools/bpf: sync include/uapi/linux/bpf.h
testing commit 7dac3ae42cf8203c0a9c54cb387512c91b64e22a with gcc (GCC) 8.1.0
all runs: OK
# git bisect bad 7dac3ae42cf8203c0a9c54cb387512c91b64e22a
Bisecting: 725 revisions left to test after this (roughly 10 steps)
[8bbe833a65209632f96931415070bc3a490f2dc9] net: phy: Add SDPX tag based on COPYING file
testing commit 8bbe833a65209632f96931415070bc3a490f2dc9 with gcc (GCC) 8.1.0
all runs: OK
# git bisect bad 8bbe833a65209632f96931415070bc3a490f2dc9
Bisecting: 362 revisions left to test after this (roughly 9 steps)
[bb617b9b4519b0cef939c9c8e9c41470749f0d51] Merge tag 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mst/vhost
testing commit bb617b9b4519b0cef939c9c8e9c41470749f0d51 with gcc (GCC) 8.1.0
all runs: OK
# git bisect bad bb617b9b4519b0cef939c9c8e9c41470749f0d51
Bisecting: 183 revisions left to test after this (roughly 8 steps)
[2451f3717c538795fc9fade46916683ebf7ea959] Merge tag 'led-fix-for-5.0-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/j.anaszewski/linux-leds
testing commit 2451f3717c538795fc9fade46916683ebf7ea959 with gcc (GCC) 8.1.0
all runs: OK
# git bisect bad 2451f3717c538795fc9fade46916683ebf7ea959
Bisecting: 89 revisions left to test after this (roughly 7 steps)
[7fbe078c37aba3088359c9256c1a1d0c3e39ee81] vhost/vsock: fix vhost vsock cid hashing inconsistent
testing commit 7fbe078c37aba3088359c9256c1a1d0c3e39ee81 with gcc (GCC) 8.1.0
all runs: OK
# git bisect bad 7fbe078c37aba3088359c9256c1a1d0c3e39ee81
Bisecting: 43 revisions left to test after this (roughly 6 steps)
[977e4899c9b4bea787531b0837af5ed442e3118f] Merge ra.kernel.org:/pub/scm/linux/kernel/git/bpf/bpf
testing commit 977e4899c9b4bea787531b0837af5ed442e3118f with gcc (GCC) 8.1.0
all runs: OK
# git bisect bad 977e4899c9b4bea787531b0837af5ed442e3118f
Bisecting: 22 revisions left to test after this (roughly 5 steps)
[ae84e4a8eb6f0d7f3b902ce238f285e98cf2ac12] ixgbe: fix Kconfig when driver is not a module
testing commit ae84e4a8eb6f0d7f3b902ce238f285e98cf2ac12 with gcc (GCC) 8.1.0
all runs: OK
# git bisect bad ae84e4a8eb6f0d7f3b902ce238f285e98cf2ac12
Bisecting: 10 revisions left to test after this (roughly 4 steps)
[41e4e2cd75346667b0c531c07dab05cce5b06d15] openvswitch: Fix IPv6 later frags parsing
testing commit 41e4e2cd75346667b0c531c07dab05cce5b06d15 with gcc (GCC) 8.1.0
run #0: crashed: KASAN: stack-out-of-bounds Read in __dev_queue_xmit
run #1: crashed: KASAN: use-after-free Read in tick_sched_handle
run #2: crashed: KASAN: use-after-free Read in tick_sched_handle
run #3: crashed: KASAN: use-after-free Read in tick_sched_handle
run #4: crashed: general protection fault in __bfs
run #5: crashed: unexpected kernel reboot
run #6: crashed: KASAN: use-after-free Read in tick_sched_handle
run #7: crashed: INFO: trying to register non-static key in corrupted
run #8: crashed: KASAN: slab-out-of-bounds Read in tick_sched_handle
run #9: crashed: KASAN: slab-out-of-bounds Read in tick_sched_handle
# git bisect good 41e4e2cd75346667b0c531c07dab05cce5b06d15
Bisecting: 5 revisions left to test after this (roughly 3 steps)
[c77804be53369dd4c15bfc376cf9b45948194cab] net: hns: Fix WARNING when hns modules installed
testing commit c77804be53369dd4c15bfc376cf9b45948194cab with gcc (GCC) 8.1.0
all runs: OK
# git bisect bad c77804be53369dd4c15bfc376cf9b45948194cab
Bisecting: 2 revisions left to test after this (roughly 1 step)
[44039e00171b0fe930c07ff7b43e6023eaf1ed31] fou6: Prevent unbounded recursion in GUE error handler
testing commit 44039e00171b0fe930c07ff7b43e6023eaf1ed31 with gcc (GCC) 8.1.0
all runs: OK
# git bisect bad 44039e00171b0fe930c07ff7b43e6023eaf1ed31
Bisecting: 0 revisions left to test after this (roughly 0 steps)
[bc6e019b6ee65ff4ebf3ca272f774cf6c67db669] fou: Prevent unbounded recursion in GUE error handler also with UDP-Lite
testing commit bc6e019b6ee65ff4ebf3ca272f774cf6c67db669 with gcc (GCC) 8.1.0
run #0: boot failed: failed to create instance: googleapi: got HTTP response code 502 with body:
Error 502 (Server Error)!!1
502. That’s an error.
The server encountered a temporary error and could not complete your request.
Please try again in 30 seconds. That’s all we know.
run #1: OK
run #2: OK
run #3: OK
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
# git bisect bad bc6e019b6ee65ff4ebf3ca272f774cf6c67db669
bc6e019b6ee65ff4ebf3ca272f774cf6c67db669 is the first bad commit
commit bc6e019b6ee65ff4ebf3ca272f774cf6c67db669
Author: Stefano Brivio
Date: Thu Jan 3 21:43:34 2019 +0100
fou: Prevent unbounded recursion in GUE error handler also with UDP-Lite
In commit 11789039da53 ("fou: Prevent unbounded recursion in GUE error
handler"), I didn't take care of the case where UDP-Lite is encapsulated
into UDP or UDP-Lite with GUE. From a syzbot report about a possibly
similar issue with GUE on IPv6, I just realised the same thing might
happen with a UDP-Lite inner payload.
Also skip exception handling for inner UDP-Lite protocol.
Fixes: 11789039da53 ("fou: Prevent unbounded recursion in GUE error handler")
Signed-off-by: Stefano Brivio
Signed-off-by: David S. Miller
:040000 040000 84ffeb567de6975e624b9e00b00925cd4b41d59b 8c36bf3072aa714fd8a23db4c9d998b369009641 M net
revisions tested: 17, total time: 4h29m15.738947483s (build: 1h40m2.941912759s, test: 2h43m19.177165133s)
first good commit: bc6e019b6ee65ff4ebf3ca272f774cf6c67db669 fou: Prevent unbounded recursion in GUE error handler also with UDP-Lite
cc: ["davem@davemloft.net" "kuznet@ms2.inr.ac.ru" "linux-kernel@vger.kernel.org" "netdev@vger.kernel.org" "sbrivio@redhat.com" "yoshfuji@linux-ipv6.org"]