ci starts bisection 2023-02-06 17:16:22.349581131 +0000 UTC m=+2490.961437240
bisecting fixing commit since 041fae9c105ae342a4245cf1e0dc56a23fbb9d3c
building syzkaller on 6f9c033e1ad3dcf5e6f25916177ec7174359ad0f
ensuring issue is reproducible on original commit 041fae9c105ae342a4245cf1e0dc56a23fbb9d3c

testing commit 041fae9c105ae342a4245cf1e0dc56a23fbb9d3c gcc
compiler: Debian clang version 13.0.1-6~deb11u1, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 63efc70863bb2ce476f3e545da6728d60542e5af149394a13a2abb2ac0634b7f
all runs: crashed: KASAN: slab-out-of-bounds Write in copy_verifier_state
testing current HEAD d2d11f342b179f1894a901f143ec7c008caba43e
testing commit d2d11f342b179f1894a901f143ec7c008caba43e gcc
compiler: Debian clang version 13.0.1-6~deb11u1, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: ebcd427345ab1e27d06c9a0ed213198cfbfa53b98839d96b57ae1176adf49846
all runs: OK
# git bisect start d2d11f342b179f1894a901f143ec7c008caba43e 041fae9c105ae342a4245cf1e0dc56a23fbb9d3c
Bisecting: 2727 revisions left to test after this (roughly 12 steps)
[9322af3e6aeae04c7eda3e6a0c977e97a13cf6ed] Merge tag 'dmaengine-6.2-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/vkoul/dmaengine

testing commit 9322af3e6aeae04c7eda3e6a0c977e97a13cf6ed gcc
compiler: Debian clang version 13.0.1-6~deb11u1, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: c2112aac705d086803f1039af19367865d3fe6c1e21272e6f0b0fa961dada587
all runs: crashed: KASAN: slab-out-of-bounds Write in copy_verifier_state
# git bisect good 9322af3e6aeae04c7eda3e6a0c977e97a13cf6ed
Bisecting: 1361 revisions left to test after this (roughly 10 steps)
[c757fc92a3f73734872c7793b97f06434773d65d] Merge tag 'spi-fix-v6.2-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/spi

testing commit c757fc92a3f73734872c7793b97f06434773d65d gcc
compiler: Debian clang version 13.0.1-6~deb11u1, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 9b5e84d8d9eaab45064f043ed9a38bff6b398bcd4b07954936e206fdc5d9c003
all runs: OK
# git bisect bad c757fc92a3f73734872c7793b97f06434773d65d
Bisecting: 660 revisions left to test after this (roughly 10 steps)
[d1ac1a2b14264e98c24db6f8c2bd452e695c7238] Merge tag 'perf-tools-for-v6.2-2-2022-12-22' of git://git.kernel.org/pub/scm/linux/kernel/git/acme/linux

testing commit d1ac1a2b14264e98c24db6f8c2bd452e695c7238 gcc
compiler: Debian clang version 13.0.1-6~deb11u1, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 46f5901db003ef76077c476c789ce17d6810b2e02478ba942d233f05df5633d2
all runs: crashed: KASAN: slab-out-of-bounds Write in copy_verifier_state
# git bisect good d1ac1a2b14264e98c24db6f8c2bd452e695c7238
Bisecting: 323 revisions left to test after this (roughly 8 steps)
[41c03ba9beea760bd2d2ac9250b09a2e192da2dc] Merge tag 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mst/vhost

testing commit 41c03ba9beea760bd2d2ac9250b09a2e192da2dc gcc
compiler: Debian clang version 13.0.1-6~deb11u1, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: c13ed94fdd8a10f5c411de810df97d8a4fcef1656360fa3b39fa4642232b3a0f
all runs: crashed: KASAN: slab-out-of-bounds Write in copy_verifier_state
# git bisect good 41c03ba9beea760bd2d2ac9250b09a2e192da2dc
Bisecting: 157 revisions left to test after this (roughly 7 steps)
[56f814583923a782f1cec43db32bc6da1d3cf7b5] Merge tag 'perf-tools-fixes-for-v6.2-1-2023-01-06' of git://git.kernel.org/pub/scm/linux/kernel/git/acme/linux

testing commit 56f814583923a782f1cec43db32bc6da1d3cf7b5 gcc
compiler: Debian clang version 13.0.1-6~deb11u1, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: c7f85251bb78ced32ecef8e7882dcc1164af5106909889b0bb89856d24e80921
all runs: OK
# git bisect bad 56f814583923a782f1cec43db32bc6da1d3cf7b5
Bisecting: 82 revisions left to test after this (roughly 6 steps)
[c7062aaee099f2f43d6f07a71744b44b94b94b34] net: ena: Fix rx_copybreak value update

testing commit c7062aaee099f2f43d6f07a71744b44b94b94b34 gcc
compiler: Debian clang version 13.0.1-6~deb11u1, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: a0e5531749999b297c1ac9886d5897f1e6afd727eb4c8dbe0de85dfd836bd81d
all runs: crashed: KASAN: slab-out-of-bounds Write in copy_verifier_state
# git bisect good c7062aaee099f2f43d6f07a71744b44b94b94b34
Bisecting: 39 revisions left to test after this (roughly 5 steps)
[49d9601b8187f202bb7f6f43026ef6acf4c7a178] Merge tag 'for-netdev' of https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf

testing commit 49d9601b8187f202bb7f6f43026ef6acf4c7a178 gcc
compiler: Debian clang version 13.0.1-6~deb11u1, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 3f9d115c3d39564cdbbe203b0de9a70f8934a0368bba1ab05e56996eb4e706cd
all runs: OK
# git bisect bad 49d9601b8187f202bb7f6f43026ef6acf4c7a178
Bisecting: 21 revisions left to test after this (roughly 5 steps)
[43d253781f6321c6a07a5fe4ee72103a679a5f6b] net: sched: htb: fix htb_classify() kernel-doc

testing commit 43d253781f6321c6a07a5fe4ee72103a679a5f6b gcc
compiler: Debian clang version 13.0.1-6~deb11u1, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 0d01955aa0217358714efb72a46a237ca259074813a0bb8013ddff2743dddaa6
all runs: crashed: KASAN: slab-out-of-bounds Write in copy_verifier_state
# git bisect good 43d253781f6321c6a07a5fe4ee72103a679a5f6b
Bisecting: 10 revisions left to test after this (roughly 4 steps)
[9c807965483f42df1d053b7436eedd6cf28ece6f] drivers/net/bonding/bond_3ad: return when there's no aggregator

testing commit 9c807965483f42df1d053b7436eedd6cf28ece6f gcc
compiler: Debian clang version 13.0.1-6~deb11u1, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: ec31cd4b5e3c3ba42adda95635d101c67f64b60835e8be38d0f0d71216af60be
all runs: crashed: KASAN: slab-out-of-bounds Write in copy_verifier_state
# git bisect good 9c807965483f42df1d053b7436eedd6cf28ece6f
Bisecting: 5 revisions left to test after this (roughly 3 steps)
[f90dd663c492124b53bb28db6ff85b50c80ccc32] Merge branch 'bpf: fix the crash caused by task iterators over vma'

testing commit f90dd663c492124b53bb28db6ff85b50c80ccc32 gcc
compiler: Debian clang version 13.0.1-6~deb11u1, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 02b5bdec2e21263958651b06205751ca75f433a9072dcb0f1dea4583b88da9bb
all runs: crashed: KASAN: slab-out-of-bounds Write in copy_verifier_state
# git bisect good f90dd663c492124b53bb28db6ff85b50c80ccc32
Bisecting: 2 revisions left to test after this (roughly 2 steps)
[c7dd13805f8b8fc1ce3b6d40f6aff47e66b72ad2] usb: rndis_host: Secure rndis_query check against int overflow

testing commit c7dd13805f8b8fc1ce3b6d40f6aff47e66b72ad2 gcc
compiler: Debian clang version 13.0.1-6~deb11u1, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 0b0f7903390c8508647763485176119936e7db98c5114936a84a9363b08c86d5
all runs: crashed: KASAN: slab-out-of-bounds Write in copy_verifier_state
# git bisect good c7dd13805f8b8fc1ce3b6d40f6aff47e66b72ad2
Bisecting: 1 revision left to test after this (roughly 1 step)
[45435d8da71f9f3e6860e6e6ea9667b6ec17ec64] bpf: Always use maximal size for copy_array()

testing commit 45435d8da71f9f3e6860e6e6ea9667b6ec17ec64 gcc
compiler: Debian clang version 13.0.1-6~deb11u1, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: ae29cddc206299c3d100c9451fa996772fc83b8831bafe230df50d9f9cfc7af5
all runs: OK
# git bisect bad 45435d8da71f9f3e6860e6e6ea9667b6ec17ec64
45435d8da71f9f3e6860e6e6ea9667b6ec17ec64 is the first bad commit
commit 45435d8da71f9f3e6860e6e6ea9667b6ec17ec64
Author: Kees Cook <keescook@chromium.org>
Date:   Fri Dec 23 10:28:44 2022 -0800

    bpf: Always use maximal size for copy_array()
    
    Instead of counting on prior allocations to have sized allocations to
    the next kmalloc bucket size, always perform a krealloc that is at least
    ksize(dst) in size (which is a no-op), so the size can be correctly
    tracked by all the various allocation size trackers (KASAN,
    __alloc_size, etc).
    
    Reported-by: Hyunwoo Kim <v4bel@theori.io>
    Link: https://lore.kernel.org/bpf/20221223094551.GA1439509@ubuntu
    Fixes: ceb35b666d42 ("bpf/verifier: Use kmalloc_size_roundup() to match ksize() usage")
    Cc: Alexei Starovoitov <ast@kernel.org>
    Cc: Daniel Borkmann <daniel@iogearbox.net>
    Cc: John Fastabend <john.fastabend@gmail.com>
    Cc: Andrii Nakryiko <andrii@kernel.org>
    Cc: Martin KaFai Lau <martin.lau@linux.dev>
    Cc: Song Liu <song@kernel.org>
    Cc: Yonghong Song <yhs@fb.com>
    Cc: KP Singh <kpsingh@kernel.org>
    Cc: Stanislav Fomichev <sdf@google.com>
    Cc: Hao Luo <haoluo@google.com>
    Cc: Jiri Olsa <jolsa@kernel.org>
    Cc: bpf@vger.kernel.org
    Signed-off-by: Kees Cook <keescook@chromium.org>
    Link: https://lore.kernel.org/r/20221223182836.never.866-kees@kernel.org
    Signed-off-by: Alexei Starovoitov <ast@kernel.org>

 kernel/bpf/verifier.c | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

culprit signature: ae29cddc206299c3d100c9451fa996772fc83b8831bafe230df50d9f9cfc7af5
parent  signature: 02b5bdec2e21263958651b06205751ca75f433a9072dcb0f1dea4583b88da9bb
revisions tested: 14, total time: 3h14m1.333118964s (build: 1h58m36.726092696s, test: 1h14m6.044682748s)
first good commit: 45435d8da71f9f3e6860e6e6ea9667b6ec17ec64 bpf: Always use maximal size for copy_array()
recipients (to): ["ast@kernel.org" "ast@kernel.org" "bpf@vger.kernel.org" "daniel@iogearbox.net" "keescook@chromium.org"]
recipients (cc): ["andrii@kernel.org" "haoluo@google.com" "john.fastabend@gmail.com" "jolsa@kernel.org" "kpsingh@kernel.org" "linux-kernel@vger.kernel.org" "martin.lau@linux.dev" "sdf@google.com" "song@kernel.org" "yhs@fb.com"]