bisecting fixing commit since d5d359b0ac3ffc319ca93c46a4cfd87093759ad6 building syzkaller on 2e95ab335759ed7e1c246c2057c84d813a2c29e1 testing commit d5d359b0ac3ffc319ca93c46a4cfd87093759ad6 with gcc (GCC) 8.1.0 kernel signature: 6b842ce1beef7f8e4b2a6ca4cb4c35a7a0f57dfd67555583c00a0c2e64526092 all runs: crashed: KASAN: slab-out-of-bounds Read in bitmap_port_ext_cleanup testing current HEAD d3dca69085e94e52a1d61a34b8e5f73a9f3d7eed testing commit d3dca69085e94e52a1d61a34b8e5f73a9f3d7eed with gcc (GCC) 8.1.0 kernel signature: 71d1851a8d0ffe2f90121a2a167e15f79d263a7631ed977f0f20c15b7851c9de all runs: OK # git bisect start d3dca69085e94e52a1d61a34b8e5f73a9f3d7eed d5d359b0ac3ffc319ca93c46a4cfd87093759ad6 Bisecting: 7606 revisions left to test after this (roughly 13 steps) [4cadc60d6bcfee9c626d4b55e9dc1475d21ad3bb] Merge tag 'for-v5.6' of git://git.kernel.org/pub/scm/linux/kernel/git/sre/linux-power-supply testing commit 4cadc60d6bcfee9c626d4b55e9dc1475d21ad3bb with gcc (GCC) 8.1.0 kernel signature: 20fb24c760b6c8621a414971ec6d685e54e70446560acab57b40ce909120f317 all runs: OK # git bisect bad 4cadc60d6bcfee9c626d4b55e9dc1475d21ad3bb Bisecting: 2314 revisions left to test after this (roughly 12 steps) [bd2463ac7d7ec51d432f23bf0e893fb371a908cd] Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next testing commit bd2463ac7d7ec51d432f23bf0e893fb371a908cd with gcc (GCC) 8.1.0 kernel signature: 0a2f2f70f3904c13305d88d6e6bb35453891ebb9a6bed9c87e8fc2cc1d6d94fb all runs: OK # git bisect bad bd2463ac7d7ec51d432f23bf0e893fb371a908cd Bisecting: 1689 revisions left to test after this (roughly 11 steps) [9599e036b161243d7c62399a1b6c250573e08a43] bnxt_en: Add support for devlink info command testing commit 9599e036b161243d7c62399a1b6c250573e08a43 with gcc (GCC) 8.1.0 kernel signature: 5d225ad7f2eb25fb63a3ac1cb9ecc76262e64e56851fac2a33eeb2b54c2eeac5 all runs: OK # git bisect bad 9599e036b161243d7c62399a1b6c250573e08a43 Bisecting: 844 revisions left to test after this (roughly 10 steps) [990bca1fc8ad48f7f8b0786b739a9408017b7a74] Merge branch 'bpf-batch-ops' testing commit 990bca1fc8ad48f7f8b0786b739a9408017b7a74 with gcc (GCC) 8.1.0 kernel signature: 49ef1af832f0c6146d76f896773bf5322f4e69601c9f0b453439413e21ff6f9c all runs: crashed: KASAN: use-after-free Read in bitmap_port_ext_cleanup # git bisect good 990bca1fc8ad48f7f8b0786b739a9408017b7a74 Bisecting: 419 revisions left to test after this (roughly 9 steps) [954b3c4397792c8614aa4aaf25030ae87ece8307] Merge git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next testing commit 954b3c4397792c8614aa4aaf25030ae87ece8307 with gcc (GCC) 8.1.0 kernel signature: aa72f5423b4467088f80defc1c1f46f403f8d5bcc6b194ef348e478f8ad35e2d all runs: crashed: KASAN: slab-out-of-bounds Read in bitmap_port_ext_cleanup # git bisect good 954b3c4397792c8614aa4aaf25030ae87ece8307 Bisecting: 205 revisions left to test after this (roughly 8 steps) [4d8773b68e83558025303f266070b31bc4101e73] Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net testing commit 4d8773b68e83558025303f266070b31bc4101e73 with gcc (GCC) 8.1.0 kernel signature: c439a73aec5c6c2aaa9efedd391724fee606faf943734c48efbe310fb484a6cb all runs: OK # git bisect bad 4d8773b68e83558025303f266070b31bc4101e73 Bisecting: 104 revisions left to test after this (roughly 7 steps) [722943a54de95343c97c2a9ad658253393632f97] Merge tag 'mlx5-fixes-2020-01-24' of git://git.kernel.org/pub/scm/linux/kernel/git/saeed/linux testing commit 722943a54de95343c97c2a9ad658253393632f97 with gcc (GCC) 8.1.0 kernel signature: 1f94360b590fc01bf43df7c89b21b35b5a4bbf628eb2293bbd801f135cdfc97d all runs: crashed: KASAN: slab-out-of-bounds Read in bitmap_port_ext_cleanup # git bisect good 722943a54de95343c97c2a9ad658253393632f97 Bisecting: 52 revisions left to test after this (roughly 6 steps) [65492c5a6ab5df5091a77562dbcca2d2dc3877c0] mptcp: move from sha1 (v0) to sha256 (v1) testing commit 65492c5a6ab5df5091a77562dbcca2d2dc3877c0 with gcc (GCC) 8.1.0 kernel signature: fe5ca2ad76ba61f33503a881c58b3639e36e286e41f5d0fce5c54eb4db8971c0 all runs: crashed: KASAN: slab-out-of-bounds Read in bitmap_port_ext_cleanup # git bisect good 65492c5a6ab5df5091a77562dbcca2d2dc3877c0 Bisecting: 25 revisions left to test after this (roughly 5 steps) [3333e50b64fe30b7e53cf02456a2f567f689ae4f] Merge branch 'mlxsw-Offload-TBF' testing commit 3333e50b64fe30b7e53cf02456a2f567f689ae4f with gcc (GCC) 8.1.0 kernel signature: 76f811b9e6545877fef8e62296a737da053886749bb990af94ea4f57655c4124 all runs: crashed: KASAN: slab-out-of-bounds Read in bitmap_port_ext_cleanup # git bisect good 3333e50b64fe30b7e53cf02456a2f567f689ae4f Bisecting: 13 revisions left to test after this (roughly 4 steps) [f041eadad7504b1364274494548b9716b2ed59ac] Merge tag 'armsoc-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc testing commit f041eadad7504b1364274494548b9716b2ed59ac with gcc (GCC) 8.1.0 kernel signature: 97e603263fc776580015f4dc73fa8e143a26a182bd4333420fb56752f0409a30 all runs: crashed: KASAN: slab-out-of-bounds Read in bitmap_port_ext_cleanup # git bisect good f041eadad7504b1364274494548b9716b2ed59ac Bisecting: 6 revisions left to test after this (roughly 3 steps) [189c9b1e94539b11c80636bc13e9cf47529e7bba] net: Fix skb->csum update in inet_proto_csum_replace16(). testing commit 189c9b1e94539b11c80636bc13e9cf47529e7bba with gcc (GCC) 8.1.0 kernel signature: 5c83e9554744e870bcc2a84fce83af48903f042b0f5de850284e568ef38b8914 all runs: OK # git bisect bad 189c9b1e94539b11c80636bc13e9cf47529e7bba Bisecting: 3 revisions left to test after this (roughly 2 steps) [ab658b9fa7a2c467f79eac8b53ea308b8f98113d] netfilter: conntrack: sctp: use distinct states for new SCTP connections testing commit ab658b9fa7a2c467f79eac8b53ea308b8f98113d with gcc (GCC) 8.1.0 kernel signature: 3a70c731c46a838e98f9fd3a40ea571d3120ee497fe0db5b451d32de6b2f826c all runs: OK # git bisect bad ab658b9fa7a2c467f79eac8b53ea308b8f98113d Bisecting: 0 revisions left to test after this (roughly 1 step) [32c72165dbd0e246e69d16a3ad348a4851afd415] netfilter: ipset: use bitmap infrastructure completely testing commit 32c72165dbd0e246e69d16a3ad348a4851afd415 with gcc (GCC) 8.1.0 kernel signature: 2baf577b2d6722968f50cb2ecd7cc8602841ef05a9135af0c681ad75728cf936 all runs: OK # git bisect bad 32c72165dbd0e246e69d16a3ad348a4851afd415 Bisecting: 0 revisions left to test after this (roughly 0 steps) [7eaecf7963c1c8f62d62c6a8e7c439b0e7f2d365] netfilter: nft_osf: add missing check for DREG attribute testing commit 7eaecf7963c1c8f62d62c6a8e7c439b0e7f2d365 with gcc (GCC) 8.1.0 kernel signature: 187399c046109958a57d66a9e40cda38c202ba1291d6830a050262f9bfd9563a all runs: crashed: KASAN: slab-out-of-bounds Read in bitmap_port_ext_cleanup # git bisect good 7eaecf7963c1c8f62d62c6a8e7c439b0e7f2d365 32c72165dbd0e246e69d16a3ad348a4851afd415 is the first bad commit commit 32c72165dbd0e246e69d16a3ad348a4851afd415 Author: Kadlecsik József Date: Sun Jan 19 22:06:49 2020 +0100 netfilter: ipset: use bitmap infrastructure completely The bitmap allocation did not use full unsigned long sizes when calculating the required size and that was triggered by KASAN as slab-out-of-bounds read in several places. The patch fixes all of them. Reported-by: syzbot+fabca5cbf5e54f3fe2de@syzkaller.appspotmail.com Reported-by: syzbot+827ced406c9a1d9570ed@syzkaller.appspotmail.com Reported-by: syzbot+190d63957b22ef673ea5@syzkaller.appspotmail.com Reported-by: syzbot+dfccdb2bdb4a12ad425e@syzkaller.appspotmail.com Reported-by: syzbot+df0d0f5895ef1f41a65b@syzkaller.appspotmail.com Reported-by: syzbot+b08bd19bb37513357fd4@syzkaller.appspotmail.com Reported-by: syzbot+53cdd0ec0bbabd53370a@syzkaller.appspotmail.com Signed-off-by: Jozsef Kadlecsik Signed-off-by: Pablo Neira Ayuso include/linux/netfilter/ipset/ip_set.h | 7 ------- net/netfilter/ipset/ip_set_bitmap_gen.h | 2 +- net/netfilter/ipset/ip_set_bitmap_ip.c | 6 +++--- net/netfilter/ipset/ip_set_bitmap_ipmac.c | 6 +++--- net/netfilter/ipset/ip_set_bitmap_port.c | 6 +++--- 5 files changed, 10 insertions(+), 17 deletions(-) culprit signature: 2baf577b2d6722968f50cb2ecd7cc8602841ef05a9135af0c681ad75728cf936 parent signature: 187399c046109958a57d66a9e40cda38c202ba1291d6830a050262f9bfd9563a revisions tested: 16, total time: 3h43m30.686989899s (build: 1h42m21.763236412s, test: 1h59m58.760550647s) first good commit: 32c72165dbd0e246e69d16a3ad348a4851afd415 netfilter: ipset: use bitmap infrastructure completely cc: ["kadlec@blackhole.kfki.hu" "kadlec@netfilter.org" "pablo@netfilter.org"]