bisecting fixing commit since 4703d9119972bf586d2cca76ec6438f819ffa30e building syzkaller on 2e95ab335759ed7e1c246c2057c84d813a2c29e1 testing commit 4703d9119972bf586d2cca76ec6438f819ffa30e with gcc (GCC) 8.1.0 kernel signature: f4fb426e0b1ec772b1bb8fc8db208ac6e3527e2e221d39af6866322fdb0c9d6d all runs: crashed: KASAN: slab-out-of-bounds Read in bitmap_ipmac_ext_cleanup testing current HEAD fffb08b37df928475fef9c7f2aafddc2f6ebfaf4 testing commit fffb08b37df928475fef9c7f2aafddc2f6ebfaf4 with gcc (GCC) 8.1.0 kernel signature: 3be2bb3ca9169e7e4fe4c3df6227e900ec4113b540aaa7bca4350fb692586299 all runs: OK # git bisect start fffb08b37df928475fef9c7f2aafddc2f6ebfaf4 4703d9119972bf586d2cca76ec6438f819ffa30e Bisecting: 7571 revisions left to test after this (roughly 13 steps) [4cadc60d6bcfee9c626d4b55e9dc1475d21ad3bb] Merge tag 'for-v5.6' of git://git.kernel.org/pub/scm/linux/kernel/git/sre/linux-power-supply testing commit 4cadc60d6bcfee9c626d4b55e9dc1475d21ad3bb with gcc (GCC) 8.1.0 kernel signature: 967c9bd9ad4bf6d6d338f6847ab14fa35c5435ee0795b8b2409aefd043c7b1c5 all runs: OK # git bisect bad 4cadc60d6bcfee9c626d4b55e9dc1475d21ad3bb Bisecting: 2314 revisions left to test after this (roughly 12 steps) [bd2463ac7d7ec51d432f23bf0e893fb371a908cd] Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next testing commit bd2463ac7d7ec51d432f23bf0e893fb371a908cd with gcc (GCC) 8.1.0 kernel signature: cc7304f1fcb16851cea3e8a9435d2b74105aa252802551912a2e99cc1f3e02cc all runs: OK # git bisect bad bd2463ac7d7ec51d432f23bf0e893fb371a908cd Bisecting: 1708 revisions left to test after this (roughly 11 steps) [e54d04e3afead22d8e7d6edaaac487a1205bac39] ethtool: set message mask with DEBUG_SET request testing commit e54d04e3afead22d8e7d6edaaac487a1205bac39 with gcc (GCC) 8.1.0 kernel signature: 406519f7d20759684be9cc7b4d9bdb45766b497915e5f0e4b2f398a190b47314 all runs: OK # git bisect bad e54d04e3afead22d8e7d6edaaac487a1205bac39 Bisecting: 854 revisions left to test after this (roughly 10 steps) [8ee4c907725cb09e1872dd4203e0a4266dd7e637] sfc: move MCDI transmit queue management code testing commit 8ee4c907725cb09e1872dd4203e0a4266dd7e637 with gcc (GCC) 8.1.0 kernel signature: 126727f99e9ee1b57808508492de19dc14b1a3056d0c943847073d7c20349cdd all runs: crashed: KASAN: use-after-free Read in bitmap_ipmac_ext_cleanup # git bisect good 8ee4c907725cb09e1872dd4203e0a4266dd7e637 Bisecting: 426 revisions left to test after this (roughly 9 steps) [6d9f6e6790e794461ff3a16e4f3778f01ff6cca2] Merge branch 'net-sched-add-Flow-Queue-PIE-packet-scheduler' testing commit 6d9f6e6790e794461ff3a16e4f3778f01ff6cca2 with gcc (GCC) 8.1.0 kernel signature: 9956a8f85f72c785b4afd0546695732dc176e4e68f3cee13944ad9cb8b710e86 all runs: crashed: KASAN: slab-out-of-bounds Read in bitmap_ipmac_ext_cleanup # git bisect good 6d9f6e6790e794461ff3a16e4f3778f01ff6cca2 Bisecting: 186 revisions left to test after this (roughly 8 steps) [4d8773b68e83558025303f266070b31bc4101e73] Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net testing commit 4d8773b68e83558025303f266070b31bc4101e73 with gcc (GCC) 8.1.0 kernel signature: 9ab8f438af2809a2cd1b05bda4a206da471497980e860038b0b22cf15cbfc541 all runs: OK # git bisect bad 4d8773b68e83558025303f266070b31bc4101e73 Bisecting: 121 revisions left to test after this (roughly 7 steps) [fa865ba183d61c1ec8cbcab8573159c3b72b89a4] firestream: fix memory leaks testing commit fa865ba183d61c1ec8cbcab8573159c3b72b89a4 with gcc (GCC) 8.1.0 kernel signature: d2ee82f8d1265ea251a5f027cac6b0a8e69b6cad17d993c89b457a27961aaffc all runs: OK # git bisect bad fa865ba183d61c1ec8cbcab8573159c3b72b89a4 Bisecting: 55 revisions left to test after this (roughly 6 steps) [5169adbc982400f214bc0bcad1fcc076bd342987] Merge tag 'wireless-drivers-2020-01-23' of git://git.kernel.org/pub/scm/linux/kernel/git/kvalo/wireless-drivers testing commit 5169adbc982400f214bc0bcad1fcc076bd342987 with gcc (GCC) 8.1.0 kernel signature: 1b85af488bdcc2c8c287dd0053381e8947f773cf008c65937c954635e6703b6d all runs: crashed: KASAN: slab-out-of-bounds Read in bitmap_ipmac_ext_cleanup # git bisect good 5169adbc982400f214bc0bcad1fcc076bd342987 Bisecting: 27 revisions left to test after this (roughly 5 steps) [66018a102f7756cf72db4d2704e1b93969d9d332] l2t_seq_next should increase position index testing commit 66018a102f7756cf72db4d2704e1b93969d9d332 with gcc (GCC) 8.1.0 kernel signature: 4b7d3a88436308db9b59c16856a3ee95885103c95065bf26244448b5f93a3407 all runs: crashed: KASAN: slab-out-of-bounds Read in bitmap_ipmac_ext_cleanup # git bisect good 66018a102f7756cf72db4d2704e1b93969d9d332 Bisecting: 13 revisions left to test after this (roughly 4 steps) [342508c1c7540e281fd36151c175ba5ff954a99f] net/mlx5e: kTLS, Do not send decrypted-marked SKBs via non-accel path testing commit 342508c1c7540e281fd36151c175ba5ff954a99f with gcc (GCC) 8.1.0 kernel signature: 63955ae449172404618e2b9398821e17eaab510b56100b8e91271c905ceb373f all runs: crashed: KASAN: slab-out-of-bounds Read in bitmap_ipmac_ext_cleanup # git bisect good 342508c1c7540e281fd36151c175ba5ff954a99f Bisecting: 6 revisions left to test after this (roughly 3 steps) [189c9b1e94539b11c80636bc13e9cf47529e7bba] net: Fix skb->csum update in inet_proto_csum_replace16(). testing commit 189c9b1e94539b11c80636bc13e9cf47529e7bba with gcc (GCC) 8.1.0 kernel signature: 62a0d3f309a8457975a01d3906d7077d6f9fd7c45e817512d9c05b8174e7aea4 all runs: OK # git bisect bad 189c9b1e94539b11c80636bc13e9cf47529e7bba Bisecting: 3 revisions left to test after this (roughly 2 steps) [ab658b9fa7a2c467f79eac8b53ea308b8f98113d] netfilter: conntrack: sctp: use distinct states for new SCTP connections testing commit ab658b9fa7a2c467f79eac8b53ea308b8f98113d with gcc (GCC) 8.1.0 kernel signature: fe07788b253ca81a15c866aa859181a1acac484c3f97e5fe78a2b59308164104 all runs: OK # git bisect bad ab658b9fa7a2c467f79eac8b53ea308b8f98113d Bisecting: 0 revisions left to test after this (roughly 1 step) [32c72165dbd0e246e69d16a3ad348a4851afd415] netfilter: ipset: use bitmap infrastructure completely testing commit 32c72165dbd0e246e69d16a3ad348a4851afd415 with gcc (GCC) 8.1.0 kernel signature: c16ba7b0767e95cab69423296b3b6128022700827c7d3f4b659843a5376a9842 all runs: OK # git bisect bad 32c72165dbd0e246e69d16a3ad348a4851afd415 Bisecting: 0 revisions left to test after this (roughly 0 steps) [7eaecf7963c1c8f62d62c6a8e7c439b0e7f2d365] netfilter: nft_osf: add missing check for DREG attribute testing commit 7eaecf7963c1c8f62d62c6a8e7c439b0e7f2d365 with gcc (GCC) 8.1.0 kernel signature: b1f68cb5410e005b1f7a4b75c3023479298df9138cab37c3c96a0d9b49e6592a all runs: crashed: KASAN: slab-out-of-bounds Read in bitmap_ipmac_ext_cleanup # git bisect good 7eaecf7963c1c8f62d62c6a8e7c439b0e7f2d365 32c72165dbd0e246e69d16a3ad348a4851afd415 is the first bad commit commit 32c72165dbd0e246e69d16a3ad348a4851afd415 Author: Kadlecsik József Date: Sun Jan 19 22:06:49 2020 +0100 netfilter: ipset: use bitmap infrastructure completely The bitmap allocation did not use full unsigned long sizes when calculating the required size and that was triggered by KASAN as slab-out-of-bounds read in several places. The patch fixes all of them. Reported-by: syzbot+fabca5cbf5e54f3fe2de@syzkaller.appspotmail.com Reported-by: syzbot+827ced406c9a1d9570ed@syzkaller.appspotmail.com Reported-by: syzbot+190d63957b22ef673ea5@syzkaller.appspotmail.com Reported-by: syzbot+dfccdb2bdb4a12ad425e@syzkaller.appspotmail.com Reported-by: syzbot+df0d0f5895ef1f41a65b@syzkaller.appspotmail.com Reported-by: syzbot+b08bd19bb37513357fd4@syzkaller.appspotmail.com Reported-by: syzbot+53cdd0ec0bbabd53370a@syzkaller.appspotmail.com Signed-off-by: Jozsef Kadlecsik Signed-off-by: Pablo Neira Ayuso include/linux/netfilter/ipset/ip_set.h | 7 ------- net/netfilter/ipset/ip_set_bitmap_gen.h | 2 +- net/netfilter/ipset/ip_set_bitmap_ip.c | 6 +++--- net/netfilter/ipset/ip_set_bitmap_ipmac.c | 6 +++--- net/netfilter/ipset/ip_set_bitmap_port.c | 6 +++--- 5 files changed, 10 insertions(+), 17 deletions(-) culprit signature: c16ba7b0767e95cab69423296b3b6128022700827c7d3f4b659843a5376a9842 parent signature: b1f68cb5410e005b1f7a4b75c3023479298df9138cab37c3c96a0d9b49e6592a revisions tested: 16, total time: 3h48m29.302364068s (build: 1h39m7.482743965s, test: 2h7m47.929432088s) first good commit: 32c72165dbd0e246e69d16a3ad348a4851afd415 netfilter: ipset: use bitmap infrastructure completely cc: ["kadlec@blackhole.kfki.hu" "kadlec@netfilter.org" "pablo@netfilter.org"]