bisecting fixing commit since d96d875ef5dd372f533059a44f98e92de9cf0d42 building syzkaller on 8eda0b957e5b39c0c525e74f51d6b39ab8c5b1ac testing commit d96d875ef5dd372f533059a44f98e92de9cf0d42 with gcc (GCC) 8.1.0 kernel signature: 2b41e9a138deeb701084b9c5801f360b1687b4af9e132bb879a3aa8317455daf all runs: crashed: KASAN: slab-out-of-bounds Write in bitmap_ip_del testing current HEAD ca7e1fd1026c5af6a533b4b5447e1d2f153e28f2 testing commit ca7e1fd1026c5af6a533b4b5447e1d2f153e28f2 with gcc (GCC) 8.1.0 kernel signature: 8364bf796f069e9ba48f65bb023f671551734818c90f07e9de1840a1de8cc0cc all runs: OK # git bisect start ca7e1fd1026c5af6a533b4b5447e1d2f153e28f2 d96d875ef5dd372f533059a44f98e92de9cf0d42 Bisecting: 6365 revisions left to test after this (roughly 13 steps) [4cadc60d6bcfee9c626d4b55e9dc1475d21ad3bb] Merge tag 'for-v5.6' of git://git.kernel.org/pub/scm/linux/kernel/git/sre/linux-power-supply testing commit 4cadc60d6bcfee9c626d4b55e9dc1475d21ad3bb with gcc (GCC) 8.1.0 kernel signature: 95f6dbb3236fefdfefa1e08971c4e61a0b2f70502d3e7ff7f99d775da6d6c263 all runs: OK # git bisect bad 4cadc60d6bcfee9c626d4b55e9dc1475d21ad3bb Bisecting: 2314 revisions left to test after this (roughly 12 steps) [bd2463ac7d7ec51d432f23bf0e893fb371a908cd] Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next testing commit bd2463ac7d7ec51d432f23bf0e893fb371a908cd with gcc (GCC) 8.1.0 kernel signature: 21a102842f587ebcc4c6e9e11d8bed7633337a044d873fd8b100cee9a88b55bd all runs: OK # git bisect bad bd2463ac7d7ec51d432f23bf0e893fb371a908cd Bisecting: 1711 revisions left to test after this (roughly 11 steps) [82bc2e4a26a65e8b23590565b89115f8634d4fe6] Merge tag 'wireless-drivers-next-2020-01-26' of git://git.kernel.org/pub/scm/linux/kernel/git/kvalo/wireless-drivers-next testing commit 82bc2e4a26a65e8b23590565b89115f8634d4fe6 with gcc (GCC) 8.1.0 kernel signature: e25e3999d6494f858f257c8305120cb47c94df2fb01844b20523a527eddc8d53 all runs: OK # git bisect bad 82bc2e4a26a65e8b23590565b89115f8634d4fe6 Bisecting: 871 revisions left to test after this (roughly 10 steps) [3ee17bc78e0f3fdeff9890993e8f3a9f5145163b] mptcp: Add MPTCP to skb extensions testing commit 3ee17bc78e0f3fdeff9890993e8f3a9f5145163b with gcc (GCC) 8.1.0 kernel signature: 3705195a7ed33506242f3e63054972dac62770ec652ec91a54b173af651418c6 all runs: crashed: KASAN: slab-out-of-bounds Write in bitmap_ip_del # git bisect good 3ee17bc78e0f3fdeff9890993e8f3a9f5145163b Bisecting: 435 revisions left to test after this (roughly 9 steps) [f870fa0b5768842cb4690c1c11f19f28b731ae6d] mptcp: Add MPTCP socket stubs testing commit f870fa0b5768842cb4690c1c11f19f28b731ae6d with gcc (GCC) 8.1.0 kernel signature: ba9d92c34bed91064f4a53939ee1d19f67af497a791cec45a080213d0da3088f all runs: crashed: KASAN: slab-out-of-bounds Write in bitmap_ip_del # git bisect good f870fa0b5768842cb4690c1c11f19f28b731ae6d Bisecting: 226 revisions left to test after this (roughly 8 steps) [2821e26f3a0a3872184581caac8115bb02641941] Merge tag 'for-linus' of git://git.armlinux.org.uk/~rmk/linux-arm testing commit 2821e26f3a0a3872184581caac8115bb02641941 with gcc (GCC) 8.1.0 kernel signature: 730d0a35bdebdd0c673d0d129e1da8724ac477d19c23a6b8beb31d07b80e109d all runs: OK # git bisect bad 2821e26f3a0a3872184581caac8115bb02641941 Bisecting: 104 revisions left to test after this (roughly 7 steps) [342508c1c7540e281fd36151c175ba5ff954a99f] net/mlx5e: kTLS, Do not send decrypted-marked SKBs via non-accel path testing commit 342508c1c7540e281fd36151c175ba5ff954a99f with gcc (GCC) 8.1.0 kernel signature: 2a1d0062a5912c4d6b0b43582840c7c779bf5d822cb0267b1100328efa2671da all runs: crashed: KASAN: slab-out-of-bounds Write in bitmap_ip_del # git bisect good 342508c1c7540e281fd36151c175ba5ff954a99f Bisecting: 51 revisions left to test after this (roughly 6 steps) [274adbff45e3c26c65b2e103581d2ab5834b0b7c] Merge tag 'drm-fixes-2020-01-24' of git://anongit.freedesktop.org/drm/drm testing commit 274adbff45e3c26c65b2e103581d2ab5834b0b7c with gcc (GCC) 8.1.0 kernel signature: 7e6921dc91b3dee2b09a654b28640228fd793d01fda5224b579cc260c1949983 all runs: crashed: KASAN: slab-out-of-bounds Write in bitmap_ip_del # git bisect good 274adbff45e3c26c65b2e103581d2ab5834b0b7c Bisecting: 26 revisions left to test after this (roughly 5 steps) [93d1a05ea6b29737715769e2c9551cfe8a5fef22] Merge tag 'pinctrl-v5.5-5' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl testing commit 93d1a05ea6b29737715769e2c9551cfe8a5fef22 with gcc (GCC) 8.1.0 kernel signature: 906d7eb6a22fa758402e7b4b197823f0f0d1b803b764618ab1b08442db7ef74a all runs: crashed: KASAN: slab-out-of-bounds Write in bitmap_ip_del # git bisect good 93d1a05ea6b29737715769e2c9551cfe8a5fef22 Bisecting: 13 revisions left to test after this (roughly 4 steps) [6badad1c1d354db1f7bc216319d81884411d5098] Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf testing commit 6badad1c1d354db1f7bc216319d81884411d5098 with gcc (GCC) 8.1.0 kernel signature: 0e0433996447d6c389967bd1b73985caac8f68d26f3a446fde2807fb508f7a22 all runs: OK # git bisect bad 6badad1c1d354db1f7bc216319d81884411d5098 Bisecting: 6 revisions left to test after this (roughly 3 steps) [eb014de4fd418de1a277913cba244e47274fe392] netfilter: nf_tables: autoload modules from the abort path testing commit eb014de4fd418de1a277913cba244e47274fe392 with gcc (GCC) 8.1.0 kernel signature: 8e6f2c689b67c8054ac84575fad6b0e35f02be3299f68377df26933743d92e67 all runs: OK # git bisect bad eb014de4fd418de1a277913cba244e47274fe392 Bisecting: 2 revisions left to test after this (roughly 2 steps) [ab658b9fa7a2c467f79eac8b53ea308b8f98113d] netfilter: conntrack: sctp: use distinct states for new SCTP connections testing commit ab658b9fa7a2c467f79eac8b53ea308b8f98113d with gcc (GCC) 8.1.0 kernel signature: 3d16d55889dfd52855c1ec52b558de2065fc398845a871e3b135e6f957632c55 all runs: OK # git bisect bad ab658b9fa7a2c467f79eac8b53ea308b8f98113d Bisecting: 0 revisions left to test after this (roughly 1 step) [32c72165dbd0e246e69d16a3ad348a4851afd415] netfilter: ipset: use bitmap infrastructure completely testing commit 32c72165dbd0e246e69d16a3ad348a4851afd415 with gcc (GCC) 8.1.0 kernel signature: 89da8533f54e5bdb2fea1dc0bc38a9f8ef86d2b8854e12d128dc2105542f418e all runs: OK # git bisect bad 32c72165dbd0e246e69d16a3ad348a4851afd415 Bisecting: 0 revisions left to test after this (roughly 0 steps) [7eaecf7963c1c8f62d62c6a8e7c439b0e7f2d365] netfilter: nft_osf: add missing check for DREG attribute testing commit 7eaecf7963c1c8f62d62c6a8e7c439b0e7f2d365 with gcc (GCC) 8.1.0 kernel signature: 8b8ed5227f0eb07bfc9ff924c0d698bce4b1dfb82f42fde5632f94615cef0053 all runs: crashed: KASAN: slab-out-of-bounds Write in bitmap_ip_del # git bisect good 7eaecf7963c1c8f62d62c6a8e7c439b0e7f2d365 32c72165dbd0e246e69d16a3ad348a4851afd415 is the first bad commit commit 32c72165dbd0e246e69d16a3ad348a4851afd415 Author: Kadlecsik József Date: Sun Jan 19 22:06:49 2020 +0100 netfilter: ipset: use bitmap infrastructure completely The bitmap allocation did not use full unsigned long sizes when calculating the required size and that was triggered by KASAN as slab-out-of-bounds read in several places. The patch fixes all of them. Reported-by: syzbot+fabca5cbf5e54f3fe2de@syzkaller.appspotmail.com Reported-by: syzbot+827ced406c9a1d9570ed@syzkaller.appspotmail.com Reported-by: syzbot+190d63957b22ef673ea5@syzkaller.appspotmail.com Reported-by: syzbot+dfccdb2bdb4a12ad425e@syzkaller.appspotmail.com Reported-by: syzbot+df0d0f5895ef1f41a65b@syzkaller.appspotmail.com Reported-by: syzbot+b08bd19bb37513357fd4@syzkaller.appspotmail.com Reported-by: syzbot+53cdd0ec0bbabd53370a@syzkaller.appspotmail.com Signed-off-by: Jozsef Kadlecsik Signed-off-by: Pablo Neira Ayuso include/linux/netfilter/ipset/ip_set.h | 7 ------- net/netfilter/ipset/ip_set_bitmap_gen.h | 2 +- net/netfilter/ipset/ip_set_bitmap_ip.c | 6 +++--- net/netfilter/ipset/ip_set_bitmap_ipmac.c | 6 +++--- net/netfilter/ipset/ip_set_bitmap_port.c | 6 +++--- 5 files changed, 10 insertions(+), 17 deletions(-) culprit signature: 89da8533f54e5bdb2fea1dc0bc38a9f8ef86d2b8854e12d128dc2105542f418e parent signature: 8b8ed5227f0eb07bfc9ff924c0d698bce4b1dfb82f42fde5632f94615cef0053 revisions tested: 16, total time: 3h53m53.032711557s (build: 1h51m14.109090484s, test: 2h0m57.399378591s) first good commit: 32c72165dbd0e246e69d16a3ad348a4851afd415 netfilter: ipset: use bitmap infrastructure completely cc: ["kadlec@blackhole.kfki.hu" "kadlec@netfilter.org" "pablo@netfilter.org"]