bisecting fixing commit since d96d875ef5dd372f533059a44f98e92de9cf0d42 building syzkaller on d2557fb5ca315036c2b81a5088431773c1a64e75 testing commit d96d875ef5dd372f533059a44f98e92de9cf0d42 with gcc (GCC) 8.1.0 kernel signature: 1fdcd6137794bf68857ca14ebab8e7786bcb2c45f8c182765a6480b2aca7b8ee all runs: crashed: KASAN: slab-out-of-bounds Read in bitmap_ip_ext_cleanup testing current HEAD fb33c6510d5595144d585aa194d377cf74d31911 testing commit fb33c6510d5595144d585aa194d377cf74d31911 with gcc (GCC) 8.1.0 kernel signature: 5c722cb32d898b036705a147f137d352989f9e72a3fc38686e4c23cc31f02562 all runs: OK # git bisect start fb33c6510d5595144d585aa194d377cf74d31911 d96d875ef5dd372f533059a44f98e92de9cf0d42 Bisecting: 7654 revisions left to test after this (roughly 13 steps) [4cadc60d6bcfee9c626d4b55e9dc1475d21ad3bb] Merge tag 'for-v5.6' of git://git.kernel.org/pub/scm/linux/kernel/git/sre/linux-power-supply testing commit 4cadc60d6bcfee9c626d4b55e9dc1475d21ad3bb with gcc (GCC) 8.1.0 kernel signature: 13d7efd0be11e666aadbb870e8ac855fd4c4c417cef95ba18012db84c633ef2b all runs: OK # git bisect bad 4cadc60d6bcfee9c626d4b55e9dc1475d21ad3bb Bisecting: 2314 revisions left to test after this (roughly 12 steps) [bd2463ac7d7ec51d432f23bf0e893fb371a908cd] Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next testing commit bd2463ac7d7ec51d432f23bf0e893fb371a908cd with gcc (GCC) 8.1.0 kernel signature: 5f415a9aa82b8d986c0020af959d3ae401ce8daed80b8298ce29e373a61c8664 all runs: OK # git bisect bad bd2463ac7d7ec51d432f23bf0e893fb371a908cd Bisecting: 1711 revisions left to test after this (roughly 11 steps) [82bc2e4a26a65e8b23590565b89115f8634d4fe6] Merge tag 'wireless-drivers-next-2020-01-26' of git://git.kernel.org/pub/scm/linux/kernel/git/kvalo/wireless-drivers-next testing commit 82bc2e4a26a65e8b23590565b89115f8634d4fe6 with gcc (GCC) 8.1.0 kernel signature: 95e743542389601b8504ab3d6a7933e7b08b686579bace6faae0ccd2e6823494 all runs: OK # git bisect bad 82bc2e4a26a65e8b23590565b89115f8634d4fe6 Bisecting: 871 revisions left to test after this (roughly 10 steps) [3ee17bc78e0f3fdeff9890993e8f3a9f5145163b] mptcp: Add MPTCP to skb extensions testing commit 3ee17bc78e0f3fdeff9890993e8f3a9f5145163b with gcc (GCC) 8.1.0 kernel signature: ab4a9c7de92a6a24097f617fcd2659b3839d71339b8b67843b6d31c5494ca429 all runs: crashed: KASAN: use-after-free Read in bitmap_ip_ext_cleanup # git bisect good 3ee17bc78e0f3fdeff9890993e8f3a9f5145163b Bisecting: 435 revisions left to test after this (roughly 9 steps) [f870fa0b5768842cb4690c1c11f19f28b731ae6d] mptcp: Add MPTCP socket stubs testing commit f870fa0b5768842cb4690c1c11f19f28b731ae6d with gcc (GCC) 8.1.0 kernel signature: 73822b0d258ebe5ed1fc5bb417219a9d9913a44232a92b684c8abe88a46618b8 all runs: crashed: KASAN: slab-out-of-bounds Read in bitmap_ip_ext_cleanup # git bisect good f870fa0b5768842cb4690c1c11f19f28b731ae6d Bisecting: 226 revisions left to test after this (roughly 8 steps) [2821e26f3a0a3872184581caac8115bb02641941] Merge tag 'for-linus' of git://git.armlinux.org.uk/~rmk/linux-arm testing commit 2821e26f3a0a3872184581caac8115bb02641941 with gcc (GCC) 8.1.0 kernel signature: 7b6da5b3aff95079c4d33f399b86bc065f13c7f294c4599db6569c2a05d42abd all runs: OK # git bisect bad 2821e26f3a0a3872184581caac8115bb02641941 Bisecting: 104 revisions left to test after this (roughly 7 steps) [342508c1c7540e281fd36151c175ba5ff954a99f] net/mlx5e: kTLS, Do not send decrypted-marked SKBs via non-accel path testing commit 342508c1c7540e281fd36151c175ba5ff954a99f with gcc (GCC) 8.1.0 kernel signature: 48092a241fc9e93ec9df02b5e92df2cb95108e1d44c27a4729d0e5ba81bf4088 all runs: crashed: KASAN: slab-out-of-bounds Read in bitmap_ip_ext_cleanup # git bisect good 342508c1c7540e281fd36151c175ba5ff954a99f Bisecting: 51 revisions left to test after this (roughly 6 steps) [274adbff45e3c26c65b2e103581d2ab5834b0b7c] Merge tag 'drm-fixes-2020-01-24' of git://anongit.freedesktop.org/drm/drm testing commit 274adbff45e3c26c65b2e103581d2ab5834b0b7c with gcc (GCC) 8.1.0 kernel signature: b783df979dc97d6a761ae1e4032e6adb919a601971e3e42b30734b4a229c1810 all runs: crashed: KASAN: slab-out-of-bounds Read in bitmap_ip_ext_cleanup # git bisect good 274adbff45e3c26c65b2e103581d2ab5834b0b7c Bisecting: 26 revisions left to test after this (roughly 5 steps) [93d1a05ea6b29737715769e2c9551cfe8a5fef22] Merge tag 'pinctrl-v5.5-5' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl testing commit 93d1a05ea6b29737715769e2c9551cfe8a5fef22 with gcc (GCC) 8.1.0 kernel signature: 41837a4a46987e3dc1e9435267015077a507d2a8927629d5e6b704de51b33ec4 all runs: crashed: KASAN: slab-out-of-bounds Read in bitmap_ip_ext_cleanup # git bisect good 93d1a05ea6b29737715769e2c9551cfe8a5fef22 Bisecting: 13 revisions left to test after this (roughly 4 steps) [6badad1c1d354db1f7bc216319d81884411d5098] Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf testing commit 6badad1c1d354db1f7bc216319d81884411d5098 with gcc (GCC) 8.1.0 kernel signature: 0dd448ab74d76e9893782f84728d86849eed916e209a02a78405a7c0ef2781be all runs: OK # git bisect bad 6badad1c1d354db1f7bc216319d81884411d5098 Bisecting: 6 revisions left to test after this (roughly 3 steps) [eb014de4fd418de1a277913cba244e47274fe392] netfilter: nf_tables: autoload modules from the abort path testing commit eb014de4fd418de1a277913cba244e47274fe392 with gcc (GCC) 8.1.0 kernel signature: f6645bdd3d7925fffcdf844903002784c035a74f09665a713a4df20052dcd8a7 all runs: OK # git bisect bad eb014de4fd418de1a277913cba244e47274fe392 Bisecting: 2 revisions left to test after this (roughly 2 steps) [ab658b9fa7a2c467f79eac8b53ea308b8f98113d] netfilter: conntrack: sctp: use distinct states for new SCTP connections testing commit ab658b9fa7a2c467f79eac8b53ea308b8f98113d with gcc (GCC) 8.1.0 kernel signature: 810c7f00e261c1301bafe42b0c4f3cdac7448c9a084fa8e49ee3e73224433420 all runs: OK # git bisect bad ab658b9fa7a2c467f79eac8b53ea308b8f98113d Bisecting: 0 revisions left to test after this (roughly 1 step) [32c72165dbd0e246e69d16a3ad348a4851afd415] netfilter: ipset: use bitmap infrastructure completely testing commit 32c72165dbd0e246e69d16a3ad348a4851afd415 with gcc (GCC) 8.1.0 kernel signature: 87a9f1c93c21722c2f9f0676287135a5be56f8ed2fb5feb5fb23826429fe7d8a all runs: OK # git bisect bad 32c72165dbd0e246e69d16a3ad348a4851afd415 Bisecting: 0 revisions left to test after this (roughly 0 steps) [7eaecf7963c1c8f62d62c6a8e7c439b0e7f2d365] netfilter: nft_osf: add missing check for DREG attribute testing commit 7eaecf7963c1c8f62d62c6a8e7c439b0e7f2d365 with gcc (GCC) 8.1.0 kernel signature: 45d495c8410311e5d9041d53fd2cd4be91f7aba25b16b6e1ae9a0a8cee540780 all runs: crashed: KASAN: slab-out-of-bounds Read in bitmap_ip_ext_cleanup # git bisect good 7eaecf7963c1c8f62d62c6a8e7c439b0e7f2d365 32c72165dbd0e246e69d16a3ad348a4851afd415 is the first bad commit commit 32c72165dbd0e246e69d16a3ad348a4851afd415 Author: Kadlecsik József Date: Sun Jan 19 22:06:49 2020 +0100 netfilter: ipset: use bitmap infrastructure completely The bitmap allocation did not use full unsigned long sizes when calculating the required size and that was triggered by KASAN as slab-out-of-bounds read in several places. The patch fixes all of them. Reported-by: syzbot+fabca5cbf5e54f3fe2de@syzkaller.appspotmail.com Reported-by: syzbot+827ced406c9a1d9570ed@syzkaller.appspotmail.com Reported-by: syzbot+190d63957b22ef673ea5@syzkaller.appspotmail.com Reported-by: syzbot+dfccdb2bdb4a12ad425e@syzkaller.appspotmail.com Reported-by: syzbot+df0d0f5895ef1f41a65b@syzkaller.appspotmail.com Reported-by: syzbot+b08bd19bb37513357fd4@syzkaller.appspotmail.com Reported-by: syzbot+53cdd0ec0bbabd53370a@syzkaller.appspotmail.com Signed-off-by: Jozsef Kadlecsik Signed-off-by: Pablo Neira Ayuso include/linux/netfilter/ipset/ip_set.h | 7 ------- net/netfilter/ipset/ip_set_bitmap_gen.h | 2 +- net/netfilter/ipset/ip_set_bitmap_ip.c | 6 +++--- net/netfilter/ipset/ip_set_bitmap_ipmac.c | 6 +++--- net/netfilter/ipset/ip_set_bitmap_port.c | 6 +++--- 5 files changed, 10 insertions(+), 17 deletions(-) culprit signature: 87a9f1c93c21722c2f9f0676287135a5be56f8ed2fb5feb5fb23826429fe7d8a parent signature: 45d495c8410311e5d9041d53fd2cd4be91f7aba25b16b6e1ae9a0a8cee540780 revisions tested: 16, total time: 3h58m21.868699s (build: 1h46m4.356458177s, test: 2h10m35.523666273s) first good commit: 32c72165dbd0e246e69d16a3ad348a4851afd415 netfilter: ipset: use bitmap infrastructure completely cc: ["kadlec@blackhole.kfki.hu" "kadlec@netfilter.org" "pablo@netfilter.org"]