bisecting fixing commit since 4703d9119972bf586d2cca76ec6438f819ffa30e building syzkaller on 2e95ab335759ed7e1c246c2057c84d813a2c29e1 testing commit 4703d9119972bf586d2cca76ec6438f819ffa30e with gcc (GCC) 8.1.0 kernel signature: a3c3cab036bebd4dc38563870351277bec1005c4f3acf5ec9519a3edc3816068 all runs: crashed: KASAN: slab-out-of-bounds Read in bitmap_ipmac_ext_cleanup testing current HEAD d3dca69085e94e52a1d61a34b8e5f73a9f3d7eed testing commit d3dca69085e94e52a1d61a34b8e5f73a9f3d7eed with gcc (GCC) 8.1.0 kernel signature: 969fb9eb0bb52b39f05bffa34a6e12537f8f9916b154d0b7ec933f9776730897 all runs: OK # git bisect start d3dca69085e94e52a1d61a34b8e5f73a9f3d7eed 4703d9119972bf586d2cca76ec6438f819ffa30e Bisecting: 7606 revisions left to test after this (roughly 13 steps) [4cadc60d6bcfee9c626d4b55e9dc1475d21ad3bb] Merge tag 'for-v5.6' of git://git.kernel.org/pub/scm/linux/kernel/git/sre/linux-power-supply testing commit 4cadc60d6bcfee9c626d4b55e9dc1475d21ad3bb with gcc (GCC) 8.1.0 kernel signature: be19a7c6643383eef96a52ea09cbf891fc1273272a16f4c3d1b66751acef2346 all runs: OK # git bisect bad 4cadc60d6bcfee9c626d4b55e9dc1475d21ad3bb Bisecting: 2314 revisions left to test after this (roughly 12 steps) [bd2463ac7d7ec51d432f23bf0e893fb371a908cd] Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next testing commit bd2463ac7d7ec51d432f23bf0e893fb371a908cd with gcc (GCC) 8.1.0 kernel signature: 2e4a797c217c6459f37a445defb5d1f56b9867df6c32185bfd3e4da9d844e593 all runs: OK # git bisect bad bd2463ac7d7ec51d432f23bf0e893fb371a908cd Bisecting: 1708 revisions left to test after this (roughly 11 steps) [e54d04e3afead22d8e7d6edaaac487a1205bac39] ethtool: set message mask with DEBUG_SET request testing commit e54d04e3afead22d8e7d6edaaac487a1205bac39 with gcc (GCC) 8.1.0 kernel signature: dff568c76f0e5dbb24cf832b0742563f0326d3b82f38d77326482bd29526419d all runs: OK # git bisect bad e54d04e3afead22d8e7d6edaaac487a1205bac39 Bisecting: 854 revisions left to test after this (roughly 10 steps) [8ee4c907725cb09e1872dd4203e0a4266dd7e637] sfc: move MCDI transmit queue management code testing commit 8ee4c907725cb09e1872dd4203e0a4266dd7e637 with gcc (GCC) 8.1.0 kernel signature: 5d3cf6395e78e6cc2031354bcd19f7d3d06b9de11938749c0c97305de8f3b739 all runs: crashed: KASAN: use-after-free Read in bitmap_ipmac_ext_cleanup # git bisect good 8ee4c907725cb09e1872dd4203e0a4266dd7e637 Bisecting: 426 revisions left to test after this (roughly 9 steps) [6d9f6e6790e794461ff3a16e4f3778f01ff6cca2] Merge branch 'net-sched-add-Flow-Queue-PIE-packet-scheduler' testing commit 6d9f6e6790e794461ff3a16e4f3778f01ff6cca2 with gcc (GCC) 8.1.0 kernel signature: 00d12dbe929d79b0b21c7b6e8c89bff0cabcaa99153423611b7bd6d70de8e568 all runs: crashed: KASAN: slab-out-of-bounds Read in bitmap_ipmac_ext_cleanup # git bisect good 6d9f6e6790e794461ff3a16e4f3778f01ff6cca2 Bisecting: 186 revisions left to test after this (roughly 8 steps) [4d8773b68e83558025303f266070b31bc4101e73] Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net testing commit 4d8773b68e83558025303f266070b31bc4101e73 with gcc (GCC) 8.1.0 kernel signature: ec3632633946389ac1c08f29d68d56a0894f991694bf9a3ae1cb9bd19a7c2978 all runs: OK # git bisect bad 4d8773b68e83558025303f266070b31bc4101e73 Bisecting: 121 revisions left to test after this (roughly 7 steps) [fa865ba183d61c1ec8cbcab8573159c3b72b89a4] firestream: fix memory leaks testing commit fa865ba183d61c1ec8cbcab8573159c3b72b89a4 with gcc (GCC) 8.1.0 kernel signature: 2d1d033a117b972da8d58ddf56c0f2a9396aa9412af45619a0aef18089b8ec59 all runs: OK # git bisect bad fa865ba183d61c1ec8cbcab8573159c3b72b89a4 Bisecting: 55 revisions left to test after this (roughly 6 steps) [5169adbc982400f214bc0bcad1fcc076bd342987] Merge tag 'wireless-drivers-2020-01-23' of git://git.kernel.org/pub/scm/linux/kernel/git/kvalo/wireless-drivers testing commit 5169adbc982400f214bc0bcad1fcc076bd342987 with gcc (GCC) 8.1.0 kernel signature: f82b6c606a3d6624e2278d0b27e114af1b4401606ade4b8a0f0e755f27da2fd7 all runs: crashed: KASAN: slab-out-of-bounds Read in bitmap_ipmac_ext_cleanup # git bisect good 5169adbc982400f214bc0bcad1fcc076bd342987 Bisecting: 27 revisions left to test after this (roughly 5 steps) [66018a102f7756cf72db4d2704e1b93969d9d332] l2t_seq_next should increase position index testing commit 66018a102f7756cf72db4d2704e1b93969d9d332 with gcc (GCC) 8.1.0 kernel signature: c68f74a08ddf8490139c30238d8bfd5b4b75ef2d461f1aad6097abb606d3f7b3 all runs: crashed: KASAN: slab-out-of-bounds Read in bitmap_ipmac_ext_cleanup # git bisect good 66018a102f7756cf72db4d2704e1b93969d9d332 Bisecting: 13 revisions left to test after this (roughly 4 steps) [342508c1c7540e281fd36151c175ba5ff954a99f] net/mlx5e: kTLS, Do not send decrypted-marked SKBs via non-accel path testing commit 342508c1c7540e281fd36151c175ba5ff954a99f with gcc (GCC) 8.1.0 kernel signature: c2b6e1d19f2ed9bb9a5da1208d2d6f3cb22fedd72ef04485dd1f2ec5b05b847a all runs: crashed: KASAN: slab-out-of-bounds Read in bitmap_ipmac_ext_cleanup # git bisect good 342508c1c7540e281fd36151c175ba5ff954a99f Bisecting: 6 revisions left to test after this (roughly 3 steps) [189c9b1e94539b11c80636bc13e9cf47529e7bba] net: Fix skb->csum update in inet_proto_csum_replace16(). testing commit 189c9b1e94539b11c80636bc13e9cf47529e7bba with gcc (GCC) 8.1.0 kernel signature: fb938e4cf9221370f063dc5a298d0f9d6d22f6b6cc3904844b500bf13dd3c36d all runs: OK # git bisect bad 189c9b1e94539b11c80636bc13e9cf47529e7bba Bisecting: 3 revisions left to test after this (roughly 2 steps) [ab658b9fa7a2c467f79eac8b53ea308b8f98113d] netfilter: conntrack: sctp: use distinct states for new SCTP connections testing commit ab658b9fa7a2c467f79eac8b53ea308b8f98113d with gcc (GCC) 8.1.0 kernel signature: b6884e2c27d36c3b5a3ae047cd5c51fed58cc0bb71484400f93c3ff2c11b1818 all runs: OK # git bisect bad ab658b9fa7a2c467f79eac8b53ea308b8f98113d Bisecting: 0 revisions left to test after this (roughly 1 step) [32c72165dbd0e246e69d16a3ad348a4851afd415] netfilter: ipset: use bitmap infrastructure completely testing commit 32c72165dbd0e246e69d16a3ad348a4851afd415 with gcc (GCC) 8.1.0 kernel signature: 3fef7870a99e263b769cc88b28b77bc71fa994275c15a4450ab2ed852250921d all runs: OK # git bisect bad 32c72165dbd0e246e69d16a3ad348a4851afd415 Bisecting: 0 revisions left to test after this (roughly 0 steps) [7eaecf7963c1c8f62d62c6a8e7c439b0e7f2d365] netfilter: nft_osf: add missing check for DREG attribute testing commit 7eaecf7963c1c8f62d62c6a8e7c439b0e7f2d365 with gcc (GCC) 8.1.0 kernel signature: 85644971a60f536862161d01afefcc263ad42f72325b07743e2d8293f8caecb5 all runs: crashed: KASAN: slab-out-of-bounds Read in bitmap_ipmac_ext_cleanup # git bisect good 7eaecf7963c1c8f62d62c6a8e7c439b0e7f2d365 32c72165dbd0e246e69d16a3ad348a4851afd415 is the first bad commit commit 32c72165dbd0e246e69d16a3ad348a4851afd415 Author: Kadlecsik József Date: Sun Jan 19 22:06:49 2020 +0100 netfilter: ipset: use bitmap infrastructure completely The bitmap allocation did not use full unsigned long sizes when calculating the required size and that was triggered by KASAN as slab-out-of-bounds read in several places. The patch fixes all of them. Reported-by: syzbot+fabca5cbf5e54f3fe2de@syzkaller.appspotmail.com Reported-by: syzbot+827ced406c9a1d9570ed@syzkaller.appspotmail.com Reported-by: syzbot+190d63957b22ef673ea5@syzkaller.appspotmail.com Reported-by: syzbot+dfccdb2bdb4a12ad425e@syzkaller.appspotmail.com Reported-by: syzbot+df0d0f5895ef1f41a65b@syzkaller.appspotmail.com Reported-by: syzbot+b08bd19bb37513357fd4@syzkaller.appspotmail.com Reported-by: syzbot+53cdd0ec0bbabd53370a@syzkaller.appspotmail.com Signed-off-by: Jozsef Kadlecsik Signed-off-by: Pablo Neira Ayuso include/linux/netfilter/ipset/ip_set.h | 7 ------- net/netfilter/ipset/ip_set_bitmap_gen.h | 2 +- net/netfilter/ipset/ip_set_bitmap_ip.c | 6 +++--- net/netfilter/ipset/ip_set_bitmap_ipmac.c | 6 +++--- net/netfilter/ipset/ip_set_bitmap_port.c | 6 +++--- 5 files changed, 10 insertions(+), 17 deletions(-) culprit signature: 3fef7870a99e263b769cc88b28b77bc71fa994275c15a4450ab2ed852250921d parent signature: 85644971a60f536862161d01afefcc263ad42f72325b07743e2d8293f8caecb5 revisions tested: 16, total time: 3h52m21.20600707s (build: 1h43m20.08075351s, test: 2h7m52.800260599s) first good commit: 32c72165dbd0e246e69d16a3ad348a4851afd415 netfilter: ipset: use bitmap infrastructure completely cc: ["kadlec@blackhole.kfki.hu" "kadlec@netfilter.org" "pablo@netfilter.org"]