bisecting fixing commit since d96d875ef5dd372f533059a44f98e92de9cf0d42 building syzkaller on 8eda0b957e5b39c0c525e74f51d6b39ab8c5b1ac testing commit d96d875ef5dd372f533059a44f98e92de9cf0d42 with gcc (GCC) 8.1.0 kernel signature: f9b76dd1f7b4dab7e6afe25b13e71b82126c95d051789dfdf0df4fb32df9613b all runs: crashed: KASAN: slab-out-of-bounds Read in bitmap_ipmac_gc testing current HEAD fb33c6510d5595144d585aa194d377cf74d31911 testing commit fb33c6510d5595144d585aa194d377cf74d31911 with gcc (GCC) 8.1.0 kernel signature: 0937626be39823b8f6b9ec7b56301b3f66e24bdc5d86862801872366852eaa60 all runs: OK # git bisect start fb33c6510d5595144d585aa194d377cf74d31911 d96d875ef5dd372f533059a44f98e92de9cf0d42 Bisecting: 7654 revisions left to test after this (roughly 13 steps) [4cadc60d6bcfee9c626d4b55e9dc1475d21ad3bb] Merge tag 'for-v5.6' of git://git.kernel.org/pub/scm/linux/kernel/git/sre/linux-power-supply testing commit 4cadc60d6bcfee9c626d4b55e9dc1475d21ad3bb with gcc (GCC) 8.1.0 kernel signature: 83aa49eae17535a70d7feac7bafbfa4d3bf5dbec840e0ea0ee04391698fea795 all runs: OK # git bisect bad 4cadc60d6bcfee9c626d4b55e9dc1475d21ad3bb Bisecting: 2314 revisions left to test after this (roughly 12 steps) [bd2463ac7d7ec51d432f23bf0e893fb371a908cd] Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next testing commit bd2463ac7d7ec51d432f23bf0e893fb371a908cd with gcc (GCC) 8.1.0 kernel signature: d009a9a7975537b55e7cbd16cd42328eee5dc71c014ee56803022f6c064d7054 all runs: OK # git bisect bad bd2463ac7d7ec51d432f23bf0e893fb371a908cd Bisecting: 1711 revisions left to test after this (roughly 11 steps) [82bc2e4a26a65e8b23590565b89115f8634d4fe6] Merge tag 'wireless-drivers-next-2020-01-26' of git://git.kernel.org/pub/scm/linux/kernel/git/kvalo/wireless-drivers-next testing commit 82bc2e4a26a65e8b23590565b89115f8634d4fe6 with gcc (GCC) 8.1.0 kernel signature: 800e4c2d2134956f7b66f04432752f3dc565bbb84d41f43da9f10f2b72fdf02b all runs: OK # git bisect bad 82bc2e4a26a65e8b23590565b89115f8634d4fe6 Bisecting: 871 revisions left to test after this (roughly 10 steps) [3ee17bc78e0f3fdeff9890993e8f3a9f5145163b] mptcp: Add MPTCP to skb extensions testing commit 3ee17bc78e0f3fdeff9890993e8f3a9f5145163b with gcc (GCC) 8.1.0 kernel signature: 9c0ebab5e4f8115296cf36d4b51c1bb936e7344658a0a8cb06fcda195c518030 all runs: crashed: KASAN: slab-out-of-bounds Read in bitmap_ipmac_gc # git bisect good 3ee17bc78e0f3fdeff9890993e8f3a9f5145163b Bisecting: 435 revisions left to test after this (roughly 9 steps) [f870fa0b5768842cb4690c1c11f19f28b731ae6d] mptcp: Add MPTCP socket stubs testing commit f870fa0b5768842cb4690c1c11f19f28b731ae6d with gcc (GCC) 8.1.0 kernel signature: 2e99cd9c3179041d2c908fc6f3362335af6c82a6e32a18750c410fa0d1975b24 all runs: crashed: KASAN: slab-out-of-bounds Read in bitmap_ipmac_gc # git bisect good f870fa0b5768842cb4690c1c11f19f28b731ae6d Bisecting: 226 revisions left to test after this (roughly 8 steps) [2821e26f3a0a3872184581caac8115bb02641941] Merge tag 'for-linus' of git://git.armlinux.org.uk/~rmk/linux-arm testing commit 2821e26f3a0a3872184581caac8115bb02641941 with gcc (GCC) 8.1.0 kernel signature: 7a5b9d921348e648692186bf3380d836dbbf27cd4067615eaa3cde7258d565ff all runs: OK # git bisect bad 2821e26f3a0a3872184581caac8115bb02641941 Bisecting: 104 revisions left to test after this (roughly 7 steps) [342508c1c7540e281fd36151c175ba5ff954a99f] net/mlx5e: kTLS, Do not send decrypted-marked SKBs via non-accel path testing commit 342508c1c7540e281fd36151c175ba5ff954a99f with gcc (GCC) 8.1.0 kernel signature: 46ba280c1a0a5c691ad0c2898e46c6d87d9dd3ab748508eb6601ba319677adfc all runs: crashed: KASAN: slab-out-of-bounds Read in bitmap_ipmac_gc # git bisect good 342508c1c7540e281fd36151c175ba5ff954a99f Bisecting: 51 revisions left to test after this (roughly 6 steps) [274adbff45e3c26c65b2e103581d2ab5834b0b7c] Merge tag 'drm-fixes-2020-01-24' of git://anongit.freedesktop.org/drm/drm testing commit 274adbff45e3c26c65b2e103581d2ab5834b0b7c with gcc (GCC) 8.1.0 kernel signature: a7d624c8e91157b5ac37fa9812dddb17c7823eca834d11866d42d60237bc977c all runs: crashed: KASAN: slab-out-of-bounds Read in bitmap_ipmac_gc # git bisect good 274adbff45e3c26c65b2e103581d2ab5834b0b7c Bisecting: 26 revisions left to test after this (roughly 5 steps) [93d1a05ea6b29737715769e2c9551cfe8a5fef22] Merge tag 'pinctrl-v5.5-5' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl testing commit 93d1a05ea6b29737715769e2c9551cfe8a5fef22 with gcc (GCC) 8.1.0 kernel signature: d2d3149c9af5eb4ff26a93561badca0fb84d152f17e577a104392c61cf6bc412 all runs: crashed: KASAN: slab-out-of-bounds Read in bitmap_ipmac_gc # git bisect good 93d1a05ea6b29737715769e2c9551cfe8a5fef22 Bisecting: 13 revisions left to test after this (roughly 4 steps) [6badad1c1d354db1f7bc216319d81884411d5098] Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf testing commit 6badad1c1d354db1f7bc216319d81884411d5098 with gcc (GCC) 8.1.0 kernel signature: aad5f47ebe81162eba9e1df70c9e7047413765ee7e5c7a4f61353dc9a7e5fbf8 all runs: OK # git bisect bad 6badad1c1d354db1f7bc216319d81884411d5098 Bisecting: 6 revisions left to test after this (roughly 3 steps) [eb014de4fd418de1a277913cba244e47274fe392] netfilter: nf_tables: autoload modules from the abort path testing commit eb014de4fd418de1a277913cba244e47274fe392 with gcc (GCC) 8.1.0 kernel signature: 1a61af431b6ed22d3179cdb40875ae13e69851786f22d1ad63de6236078d755d all runs: OK # git bisect bad eb014de4fd418de1a277913cba244e47274fe392 Bisecting: 2 revisions left to test after this (roughly 2 steps) [ab658b9fa7a2c467f79eac8b53ea308b8f98113d] netfilter: conntrack: sctp: use distinct states for new SCTP connections testing commit ab658b9fa7a2c467f79eac8b53ea308b8f98113d with gcc (GCC) 8.1.0 kernel signature: d31919d0ddc29b5394ca5fa49fd71bd8b8e55b49b6b24f87d4536762143d9c73 all runs: OK # git bisect bad ab658b9fa7a2c467f79eac8b53ea308b8f98113d Bisecting: 0 revisions left to test after this (roughly 1 step) [32c72165dbd0e246e69d16a3ad348a4851afd415] netfilter: ipset: use bitmap infrastructure completely testing commit 32c72165dbd0e246e69d16a3ad348a4851afd415 with gcc (GCC) 8.1.0 kernel signature: 00f9557b051cfc1289f864e457550ded8e70206171f24bc72f618f7ccca7f76a all runs: OK # git bisect bad 32c72165dbd0e246e69d16a3ad348a4851afd415 Bisecting: 0 revisions left to test after this (roughly 0 steps) [7eaecf7963c1c8f62d62c6a8e7c439b0e7f2d365] netfilter: nft_osf: add missing check for DREG attribute testing commit 7eaecf7963c1c8f62d62c6a8e7c439b0e7f2d365 with gcc (GCC) 8.1.0 kernel signature: 5c79368aba3c560f899ec16591e6b824631bb5e91b09af32e2c06de6d2ac3278 all runs: crashed: KASAN: slab-out-of-bounds Read in bitmap_ipmac_gc # git bisect good 7eaecf7963c1c8f62d62c6a8e7c439b0e7f2d365 32c72165dbd0e246e69d16a3ad348a4851afd415 is the first bad commit commit 32c72165dbd0e246e69d16a3ad348a4851afd415 Author: Kadlecsik József Date: Sun Jan 19 22:06:49 2020 +0100 netfilter: ipset: use bitmap infrastructure completely The bitmap allocation did not use full unsigned long sizes when calculating the required size and that was triggered by KASAN as slab-out-of-bounds read in several places. The patch fixes all of them. Reported-by: syzbot+fabca5cbf5e54f3fe2de@syzkaller.appspotmail.com Reported-by: syzbot+827ced406c9a1d9570ed@syzkaller.appspotmail.com Reported-by: syzbot+190d63957b22ef673ea5@syzkaller.appspotmail.com Reported-by: syzbot+dfccdb2bdb4a12ad425e@syzkaller.appspotmail.com Reported-by: syzbot+df0d0f5895ef1f41a65b@syzkaller.appspotmail.com Reported-by: syzbot+b08bd19bb37513357fd4@syzkaller.appspotmail.com Reported-by: syzbot+53cdd0ec0bbabd53370a@syzkaller.appspotmail.com Signed-off-by: Jozsef Kadlecsik Signed-off-by: Pablo Neira Ayuso include/linux/netfilter/ipset/ip_set.h | 7 ------- net/netfilter/ipset/ip_set_bitmap_gen.h | 2 +- net/netfilter/ipset/ip_set_bitmap_ip.c | 6 +++--- net/netfilter/ipset/ip_set_bitmap_ipmac.c | 6 +++--- net/netfilter/ipset/ip_set_bitmap_port.c | 6 +++--- 5 files changed, 10 insertions(+), 17 deletions(-) culprit signature: 00f9557b051cfc1289f864e457550ded8e70206171f24bc72f618f7ccca7f76a parent signature: 5c79368aba3c560f899ec16591e6b824631bb5e91b09af32e2c06de6d2ac3278 revisions tested: 16, total time: 3h52m36.812389271s (build: 1h40m9.775792499s, test: 2h11m15.862084799s) first good commit: 32c72165dbd0e246e69d16a3ad348a4851afd415 netfilter: ipset: use bitmap infrastructure completely cc: ["kadlec@blackhole.kfki.hu" "kadlec@netfilter.org" "pablo@netfilter.org"]