bisecting fixing commit since 131701c697e85d5d0726e6152219359639fae98f building syzkaller on 3334d684ce742ce58ad66b7dcb7a6d4da5185796 testing commit 131701c697e85d5d0726e6152219359639fae98f with gcc (GCC) 8.1.0 kernel signature: a3a934aa4fd1e1cf9d1f8bb5d22841df722d765dc8a08091be8cd8bb3ce594c0 all runs: crashed: KASAN: slab-out-of-bounds Read in bitmap_port_ext_cleanup testing current HEAD fffb08b37df928475fef9c7f2aafddc2f6ebfaf4 testing commit fffb08b37df928475fef9c7f2aafddc2f6ebfaf4 with gcc (GCC) 8.1.0 kernel signature: 7c3a66534cfa68bc734a7dfbf5bdf4f6943ac3af484949bcdbce7fd55ae432d1 all runs: OK # git bisect start fffb08b37df928475fef9c7f2aafddc2f6ebfaf4 131701c697e85d5d0726e6152219359639fae98f Bisecting: 7571 revisions left to test after this (roughly 13 steps) [4cadc60d6bcfee9c626d4b55e9dc1475d21ad3bb] Merge tag 'for-v5.6' of git://git.kernel.org/pub/scm/linux/kernel/git/sre/linux-power-supply testing commit 4cadc60d6bcfee9c626d4b55e9dc1475d21ad3bb with gcc (GCC) 8.1.0 kernel signature: 502edcb1d29c0f14d4c7eb41a714bfe1c6d98d349679a3674cf4ca10c22fec32 all runs: OK # git bisect bad 4cadc60d6bcfee9c626d4b55e9dc1475d21ad3bb Bisecting: 2314 revisions left to test after this (roughly 12 steps) [bd2463ac7d7ec51d432f23bf0e893fb371a908cd] Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next testing commit bd2463ac7d7ec51d432f23bf0e893fb371a908cd with gcc (GCC) 8.1.0 kernel signature: 7ae212b0dd19f74b1c71b4087b0399f4609ebd953d94b582ceac4be3beec391c all runs: OK # git bisect bad bd2463ac7d7ec51d432f23bf0e893fb371a908cd Bisecting: 1711 revisions left to test after this (roughly 11 steps) [82bc2e4a26a65e8b23590565b89115f8634d4fe6] Merge tag 'wireless-drivers-next-2020-01-26' of git://git.kernel.org/pub/scm/linux/kernel/git/kvalo/wireless-drivers-next testing commit 82bc2e4a26a65e8b23590565b89115f8634d4fe6 with gcc (GCC) 8.1.0 kernel signature: 00bb5ef598b4c231f2cced1f659dbb190293ce190023616cea11bce8abd235f0 all runs: OK # git bisect bad 82bc2e4a26a65e8b23590565b89115f8634d4fe6 Bisecting: 864 revisions left to test after this (roughly 10 steps) [5e0fcc16e5c563fd8f16738efec974f81e0a5ea0] net/ncsi: Support for multi host mellanox card testing commit 5e0fcc16e5c563fd8f16738efec974f81e0a5ea0 with gcc (GCC) 8.1.0 kernel signature: 3eb41943b428cc82f019f81d6aacca71aa304d4e955fb8ebe51cc04ebff4eef7 all runs: crashed: KASAN: use-after-free Read in bitmap_port_ext_cleanup # git bisect good 5e0fcc16e5c563fd8f16738efec974f81e0a5ea0 Bisecting: 427 revisions left to test after this (roughly 9 steps) [9bbc8be29d66cc34b650510f2c67b5c55235fe5d] Merge tag 'mlx5-updates-2020-01-22' of git://git.kernel.org/pub/scm/linux/kernel/git/saeed/linux testing commit 9bbc8be29d66cc34b650510f2c67b5c55235fe5d with gcc (GCC) 8.1.0 kernel signature: 159c4e0b22c6075d69c572c1769d9713704240a636d6e459b08f3067c510bb65 all runs: crashed: KASAN: slab-out-of-bounds Read in bitmap_port_ext_cleanup # git bisect good 9bbc8be29d66cc34b650510f2c67b5c55235fe5d Bisecting: 232 revisions left to test after this (roughly 8 steps) [2821e26f3a0a3872184581caac8115bb02641941] Merge tag 'for-linus' of git://git.armlinux.org.uk/~rmk/linux-arm testing commit 2821e26f3a0a3872184581caac8115bb02641941 with gcc (GCC) 8.1.0 kernel signature: b29d3354f247f86f805eda877fd321d242e697d7a440dabe7fd6c1f86b18f1f7 all runs: OK # git bisect bad 2821e26f3a0a3872184581caac8115bb02641941 Bisecting: 97 revisions left to test after this (roughly 7 steps) [505a7f5478062c6cd11e22022d9f1bf64cd8eab3] net/mlx5: Update the list of the PCI supported devices testing commit 505a7f5478062c6cd11e22022d9f1bf64cd8eab3 with gcc (GCC) 8.1.0 kernel signature: 59ebc854707656ab3913dd39c155e6f4517508f525c3cdfaf970aec3c42ab430 all runs: crashed: KASAN: slab-out-of-bounds Read in bitmap_port_ext_cleanup # git bisect good 505a7f5478062c6cd11e22022d9f1bf64cd8eab3 Bisecting: 51 revisions left to test after this (roughly 6 steps) [6381b442836ea3c52eae630b10be8c27c7a17af2] Merge tag 'iommu-fixes-v5.5-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/joro/iommu testing commit 6381b442836ea3c52eae630b10be8c27c7a17af2 with gcc (GCC) 8.1.0 kernel signature: a7d074030b163b060b9d65ed7088b31e928a00bf55d78c3ae24da316a90e0921 all runs: crashed: KASAN: slab-out-of-bounds Read in bitmap_port_ext_cleanup # git bisect good 6381b442836ea3c52eae630b10be8c27c7a17af2 Bisecting: 24 revisions left to test after this (roughly 5 steps) [f041eadad7504b1364274494548b9716b2ed59ac] Merge tag 'armsoc-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc testing commit f041eadad7504b1364274494548b9716b2ed59ac with gcc (GCC) 8.1.0 kernel signature: a0c0e1f9f9ee0ebcda3b4d51f0666f8cb4a7d1ef07cfaa24b6d4095eed158f3a all runs: crashed: KASAN: slab-out-of-bounds Read in bitmap_port_ext_cleanup # git bisect good f041eadad7504b1364274494548b9716b2ed59ac Bisecting: 12 revisions left to test after this (roughly 4 steps) [722943a54de95343c97c2a9ad658253393632f97] Merge tag 'mlx5-fixes-2020-01-24' of git://git.kernel.org/pub/scm/linux/kernel/git/saeed/linux testing commit 722943a54de95343c97c2a9ad658253393632f97 with gcc (GCC) 8.1.0 kernel signature: e194da66868c052c8f6dbcd64eb8e5041ad314bdda47f457bfc884c1739a157a all runs: crashed: KASAN: slab-out-of-bounds Read in bitmap_port_ext_cleanup # git bisect good 722943a54de95343c97c2a9ad658253393632f97 Bisecting: 6 revisions left to test after this (roughly 3 steps) [eb014de4fd418de1a277913cba244e47274fe392] netfilter: nf_tables: autoload modules from the abort path testing commit eb014de4fd418de1a277913cba244e47274fe392 with gcc (GCC) 8.1.0 kernel signature: dddf9697f21498d455150fb36a492960a3c54ce3edbbe35d3aa2fad0e1d9a0b8 all runs: OK # git bisect bad eb014de4fd418de1a277913cba244e47274fe392 Bisecting: 2 revisions left to test after this (roughly 2 steps) [ab658b9fa7a2c467f79eac8b53ea308b8f98113d] netfilter: conntrack: sctp: use distinct states for new SCTP connections testing commit ab658b9fa7a2c467f79eac8b53ea308b8f98113d with gcc (GCC) 8.1.0 kernel signature: 1918f2d8ae970eaae23c031f95f32fe54a7aa1b7d552bcd707db88756bae5988 all runs: OK # git bisect bad ab658b9fa7a2c467f79eac8b53ea308b8f98113d Bisecting: 0 revisions left to test after this (roughly 1 step) [32c72165dbd0e246e69d16a3ad348a4851afd415] netfilter: ipset: use bitmap infrastructure completely testing commit 32c72165dbd0e246e69d16a3ad348a4851afd415 with gcc (GCC) 8.1.0 kernel signature: 3e768ffbe979c663fdf923fb7254ce6ff3c476ed695656cfee5525cbebdd5d78 all runs: OK # git bisect bad 32c72165dbd0e246e69d16a3ad348a4851afd415 Bisecting: 0 revisions left to test after this (roughly 0 steps) [7eaecf7963c1c8f62d62c6a8e7c439b0e7f2d365] netfilter: nft_osf: add missing check for DREG attribute testing commit 7eaecf7963c1c8f62d62c6a8e7c439b0e7f2d365 with gcc (GCC) 8.1.0 kernel signature: 50ac79a1420e77d4674de2409777f9fa368c39e49c6c0c7904104a00505e9c22 all runs: crashed: KASAN: slab-out-of-bounds Read in bitmap_port_ext_cleanup # git bisect good 7eaecf7963c1c8f62d62c6a8e7c439b0e7f2d365 32c72165dbd0e246e69d16a3ad348a4851afd415 is the first bad commit commit 32c72165dbd0e246e69d16a3ad348a4851afd415 Author: Kadlecsik József Date: Sun Jan 19 22:06:49 2020 +0100 netfilter: ipset: use bitmap infrastructure completely The bitmap allocation did not use full unsigned long sizes when calculating the required size and that was triggered by KASAN as slab-out-of-bounds read in several places. The patch fixes all of them. Reported-by: syzbot+fabca5cbf5e54f3fe2de@syzkaller.appspotmail.com Reported-by: syzbot+827ced406c9a1d9570ed@syzkaller.appspotmail.com Reported-by: syzbot+190d63957b22ef673ea5@syzkaller.appspotmail.com Reported-by: syzbot+dfccdb2bdb4a12ad425e@syzkaller.appspotmail.com Reported-by: syzbot+df0d0f5895ef1f41a65b@syzkaller.appspotmail.com Reported-by: syzbot+b08bd19bb37513357fd4@syzkaller.appspotmail.com Reported-by: syzbot+53cdd0ec0bbabd53370a@syzkaller.appspotmail.com Signed-off-by: Jozsef Kadlecsik Signed-off-by: Pablo Neira Ayuso include/linux/netfilter/ipset/ip_set.h | 7 ------- net/netfilter/ipset/ip_set_bitmap_gen.h | 2 +- net/netfilter/ipset/ip_set_bitmap_ip.c | 6 +++--- net/netfilter/ipset/ip_set_bitmap_ipmac.c | 6 +++--- net/netfilter/ipset/ip_set_bitmap_port.c | 6 +++--- 5 files changed, 10 insertions(+), 17 deletions(-) culprit signature: 3e768ffbe979c663fdf923fb7254ce6ff3c476ed695656cfee5525cbebdd5d78 parent signature: 50ac79a1420e77d4674de2409777f9fa368c39e49c6c0c7904104a00505e9c22 revisions tested: 16, total time: 3h37m1.899571028s (build: 1h36m9.364955911s, test: 1h59m54.968694979s) first good commit: 32c72165dbd0e246e69d16a3ad348a4851afd415 netfilter: ipset: use bitmap infrastructure completely cc: ["kadlec@blackhole.kfki.hu" "kadlec@netfilter.org" "pablo@netfilter.org"]