bisecting fixing commit since 244dc2689085d7ff478f7b61841e62e59bea4557 building syzkaller on bc8bc756c272115ed92fad4f716b77f6fb995203 testing commit 244dc2689085d7ff478f7b61841e62e59bea4557 with gcc (GCC) 8.1.0 kernel signature: f6369aa4339fa78cd9467ed2776185218e06aeb28ac751ba60c3699d02d96706 all runs: crashed: KASAN: slab-out-of-bounds Read in bitmap_ip_add testing current HEAD b74b991fb8b9d642b8fea20d6245c6e19125a305 testing commit b74b991fb8b9d642b8fea20d6245c6e19125a305 with gcc (GCC) 8.1.0 kernel signature: 7cdb61c28dfbc5b0bea3c486b81b640a39b8799b64d05e6d77295523e42a5cf4 all runs: OK # git bisect start b74b991fb8b9d642b8fea20d6245c6e19125a305 244dc2689085d7ff478f7b61841e62e59bea4557 Bisecting: 7791 revisions left to test after this (roughly 13 steps) [4cadc60d6bcfee9c626d4b55e9dc1475d21ad3bb] Merge tag 'for-v5.6' of git://git.kernel.org/pub/scm/linux/kernel/git/sre/linux-power-supply testing commit 4cadc60d6bcfee9c626d4b55e9dc1475d21ad3bb with gcc (GCC) 8.1.0 kernel signature: 93de488fd0b68f19754993ef2fe65c8f08dbaad2b79c287e3d19c726d273d562 all runs: OK # git bisect bad 4cadc60d6bcfee9c626d4b55e9dc1475d21ad3bb Bisecting: 2314 revisions left to test after this (roughly 12 steps) [bd2463ac7d7ec51d432f23bf0e893fb371a908cd] Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next testing commit bd2463ac7d7ec51d432f23bf0e893fb371a908cd with gcc (GCC) 8.1.0 kernel signature: d26ee0ce95c1cfbd7dbc812109015fce07fc5e17a27454cc8023ff309dc6ddf8 all runs: OK # git bisect bad bd2463ac7d7ec51d432f23bf0e893fb371a908cd Bisecting: 1810 revisions left to test after this (roughly 11 steps) [c4c57b974d27f53744b1bc5669e002f080cec839] Merge branch 'for-upstream' of git://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next testing commit c4c57b974d27f53744b1bc5669e002f080cec839 with gcc (GCC) 8.1.0 kernel signature: 7faff07f12522b682456b106122be680b06def3c63925f5b667ae2b1145b9bf9 all runs: OK # git bisect bad c4c57b974d27f53744b1bc5669e002f080cec839 Bisecting: 881 revisions left to test after this (roughly 10 steps) [190c736a8088b6dbf62b78192e6a2401eb58177b] sfc: move various functions testing commit 190c736a8088b6dbf62b78192e6a2401eb58177b with gcc (GCC) 8.1.0 kernel signature: 26c70e0ce4ac5ff965e5cbc188353c074e546e7e2811ab5e7d849bc5a65d5568 all runs: crashed: KASAN: slab-out-of-bounds Read in bitmap_ip_add # git bisect good 190c736a8088b6dbf62b78192e6a2401eb58177b Bisecting: 465 revisions left to test after this (roughly 9 steps) [7c453526dc50460c63ff28df7673570dd057c5d0] net/mlx5e: Enable all available stats for uplink reps testing commit 7c453526dc50460c63ff28df7673570dd057c5d0 with gcc (GCC) 8.1.0 kernel signature: 56d9854ac35d47897a4f151e7e2ca15681942ddfa1f59c0154df6c3d6bde39e6 all runs: crashed: KASAN: slab-out-of-bounds Read in bitmap_ip_add # git bisect good 7c453526dc50460c63ff28df7673570dd057c5d0 Bisecting: 253 revisions left to test after this (roughly 8 steps) [2821e26f3a0a3872184581caac8115bb02641941] Merge tag 'for-linus' of git://git.armlinux.org.uk/~rmk/linux-arm testing commit 2821e26f3a0a3872184581caac8115bb02641941 with gcc (GCC) 8.1.0 kernel signature: 0ca4762a925df0f1dbe13cf3a0cd65d565c0c1f6dcae2fbe4606290ccd1dcb6e all runs: OK # git bisect bad 2821e26f3a0a3872184581caac8115bb02641941 Bisecting: 107 revisions left to test after this (roughly 7 steps) [342508c1c7540e281fd36151c175ba5ff954a99f] net/mlx5e: kTLS, Do not send decrypted-marked SKBs via non-accel path testing commit 342508c1c7540e281fd36151c175ba5ff954a99f with gcc (GCC) 8.1.0 kernel signature: 9313ab154f79950b40da1f684063ffb0498e5a2a6e9c57d3102673c086bdb41c all runs: crashed: KASAN: slab-out-of-bounds Read in bitmap_ip_add # git bisect good 342508c1c7540e281fd36151c175ba5ff954a99f Bisecting: 51 revisions left to test after this (roughly 6 steps) [274adbff45e3c26c65b2e103581d2ab5834b0b7c] Merge tag 'drm-fixes-2020-01-24' of git://anongit.freedesktop.org/drm/drm testing commit 274adbff45e3c26c65b2e103581d2ab5834b0b7c with gcc (GCC) 8.1.0 kernel signature: b6be3d9e0de4bc1d728ed71ea31dcc5b5e0e210f12fb3e3a48cc35edf48f2f6f all runs: crashed: KASAN: slab-out-of-bounds Read in bitmap_ip_add # git bisect good 274adbff45e3c26c65b2e103581d2ab5834b0b7c Bisecting: 26 revisions left to test after this (roughly 5 steps) [93d1a05ea6b29737715769e2c9551cfe8a5fef22] Merge tag 'pinctrl-v5.5-5' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl testing commit 93d1a05ea6b29737715769e2c9551cfe8a5fef22 with gcc (GCC) 8.1.0 kernel signature: 3dc91648d9099daf5d6c0a89be8a2782f15d94656de65c677a350eb999e9c487 all runs: crashed: KASAN: slab-out-of-bounds Read in bitmap_ip_add # git bisect good 93d1a05ea6b29737715769e2c9551cfe8a5fef22 Bisecting: 13 revisions left to test after this (roughly 4 steps) [6badad1c1d354db1f7bc216319d81884411d5098] Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf testing commit 6badad1c1d354db1f7bc216319d81884411d5098 with gcc (GCC) 8.1.0 kernel signature: eb438430b63ea833f73e39a040abfe6eaf869387149169c68e02b1c92f6ca8ba all runs: OK # git bisect bad 6badad1c1d354db1f7bc216319d81884411d5098 Bisecting: 6 revisions left to test after this (roughly 3 steps) [eb014de4fd418de1a277913cba244e47274fe392] netfilter: nf_tables: autoload modules from the abort path testing commit eb014de4fd418de1a277913cba244e47274fe392 with gcc (GCC) 8.1.0 kernel signature: 763134b9dfbee6df23bb90c07844a5283058775801280ca02aafd52752b6fb75 all runs: OK # git bisect bad eb014de4fd418de1a277913cba244e47274fe392 Bisecting: 2 revisions left to test after this (roughly 2 steps) [ab658b9fa7a2c467f79eac8b53ea308b8f98113d] netfilter: conntrack: sctp: use distinct states for new SCTP connections testing commit ab658b9fa7a2c467f79eac8b53ea308b8f98113d with gcc (GCC) 8.1.0 kernel signature: 9324b79506f52d97b2d0d567cc085aef16ea6bfe569160e2ee5446156ccf7304 all runs: OK # git bisect bad ab658b9fa7a2c467f79eac8b53ea308b8f98113d Bisecting: 0 revisions left to test after this (roughly 1 step) [32c72165dbd0e246e69d16a3ad348a4851afd415] netfilter: ipset: use bitmap infrastructure completely testing commit 32c72165dbd0e246e69d16a3ad348a4851afd415 with gcc (GCC) 8.1.0 kernel signature: 78ab8056907270929342ec51a94be4a221f92bbc3f4d1c6aae71f3e43b7416b9 all runs: OK # git bisect bad 32c72165dbd0e246e69d16a3ad348a4851afd415 Bisecting: 0 revisions left to test after this (roughly 0 steps) [7eaecf7963c1c8f62d62c6a8e7c439b0e7f2d365] netfilter: nft_osf: add missing check for DREG attribute testing commit 7eaecf7963c1c8f62d62c6a8e7c439b0e7f2d365 with gcc (GCC) 8.1.0 kernel signature: 4befaf020e37112ea1fd4703026e6d814e833a2553d38221ddca82b3598e9a62 all runs: crashed: KASAN: slab-out-of-bounds Read in bitmap_ip_add # git bisect good 7eaecf7963c1c8f62d62c6a8e7c439b0e7f2d365 32c72165dbd0e246e69d16a3ad348a4851afd415 is the first bad commit commit 32c72165dbd0e246e69d16a3ad348a4851afd415 Author: Kadlecsik József Date: Sun Jan 19 22:06:49 2020 +0100 netfilter: ipset: use bitmap infrastructure completely The bitmap allocation did not use full unsigned long sizes when calculating the required size and that was triggered by KASAN as slab-out-of-bounds read in several places. The patch fixes all of them. Reported-by: syzbot+fabca5cbf5e54f3fe2de@syzkaller.appspotmail.com Reported-by: syzbot+827ced406c9a1d9570ed@syzkaller.appspotmail.com Reported-by: syzbot+190d63957b22ef673ea5@syzkaller.appspotmail.com Reported-by: syzbot+dfccdb2bdb4a12ad425e@syzkaller.appspotmail.com Reported-by: syzbot+df0d0f5895ef1f41a65b@syzkaller.appspotmail.com Reported-by: syzbot+b08bd19bb37513357fd4@syzkaller.appspotmail.com Reported-by: syzbot+53cdd0ec0bbabd53370a@syzkaller.appspotmail.com Signed-off-by: Jozsef Kadlecsik Signed-off-by: Pablo Neira Ayuso include/linux/netfilter/ipset/ip_set.h | 7 ------- net/netfilter/ipset/ip_set_bitmap_gen.h | 2 +- net/netfilter/ipset/ip_set_bitmap_ip.c | 6 +++--- net/netfilter/ipset/ip_set_bitmap_ipmac.c | 6 +++--- net/netfilter/ipset/ip_set_bitmap_port.c | 6 +++--- 5 files changed, 10 insertions(+), 17 deletions(-) culprit signature: 78ab8056907270929342ec51a94be4a221f92bbc3f4d1c6aae71f3e43b7416b9 parent signature: 4befaf020e37112ea1fd4703026e6d814e833a2553d38221ddca82b3598e9a62 revisions tested: 16, total time: 3h40m43.74581806s (build: 1h41m23.396282871s, test: 1h57m47.024302467s) first good commit: 32c72165dbd0e246e69d16a3ad348a4851afd415 netfilter: ipset: use bitmap infrastructure completely cc: ["kadlec@blackhole.kfki.hu" "kadlec@netfilter.org" "pablo@netfilter.org"]