bisecting fixing commit since db5b9190ff8202b609fe802ccde41cb28669389f building syzkaller on 3de7aabbb79a6c2267f5d7ee8a8aaa83f63305b7 testing commit db5b9190ff8202b609fe802ccde41cb28669389f with gcc (GCC) 8.1.0 kernel signature: 9b45f14485709f16978d1dbac669ef7eb6666d48254c50298cb0a7f22cdfc486 all runs: crashed: general protection fault in nft_chain_parse_hook testing current HEAD f25804f389846835535db255e7ba80eeed967ed7 testing commit f25804f389846835535db255e7ba80eeed967ed7 with gcc (GCC) 8.1.0 kernel signature: 5da5ed0638e2b92e9ae0fc1b62b5d7384f71bbffef01d8896cabaa9d38af11be all runs: OK # git bisect start f25804f389846835535db255e7ba80eeed967ed7 db5b9190ff8202b609fe802ccde41cb28669389f Bisecting: 759 revisions left to test after this (roughly 10 steps) [ad0a596e189770640e389074ba0cadeb787298a4] net: hisilicon: Fix signedness bug in hix5hd2_dev_probe() testing commit ad0a596e189770640e389074ba0cadeb787298a4 with gcc (GCC) 8.1.0 kernel signature: 3371aab393930c858900c0b92367c724c70ce1eb78467b9335b920ca9ff83090 all runs: crashed: general protection fault in nft_chain_parse_hook # git bisect good ad0a596e189770640e389074ba0cadeb787298a4 Bisecting: 379 revisions left to test after this (roughly 9 steps) [0948d6294d7bb1957125b01adc2e8df75da52b98] ftrace: Protect ftrace_graph_hash with ftrace_sync testing commit 0948d6294d7bb1957125b01adc2e8df75da52b98 with gcc (GCC) 8.1.0 kernel signature: 1c971d21ff0421216a67b14f79d2637d3f3064aa44113b0388aa9e84dd33c578 all runs: OK # git bisect bad 0948d6294d7bb1957125b01adc2e8df75da52b98 Bisecting: 189 revisions left to test after this (roughly 8 steps) [27818683072306bf1a7a26761f7a8fa0bd7a0e39] watchdog: max77620_wdt: fix potential build errors testing commit 27818683072306bf1a7a26761f7a8fa0bd7a0e39 with gcc (GCC) 8.1.0 kernel signature: 5b0ebe4a16b4d60deb02e0b33033435a28be954f384ecb645234230822635475 all runs: OK # git bisect bad 27818683072306bf1a7a26761f7a8fa0bd7a0e39 Bisecting: 94 revisions left to test after this (roughly 7 steps) [6491a9dd3cf9d92f058d96698d22bf6eb87b9da8] mmc: sdhci: fix minimum clock rate for v3 controller testing commit 6491a9dd3cf9d92f058d96698d22bf6eb87b9da8 with gcc (GCC) 8.1.0 kernel signature: dc9b34bced2aef243e9cdbbd1927b890f5dc74291081760289d622c54f716592 all runs: crashed: general protection fault in nft_chain_parse_hook # git bisect good 6491a9dd3cf9d92f058d96698d22bf6eb87b9da8 Bisecting: 47 revisions left to test after this (roughly 6 steps) [efaa8fb877a081d82c4dcd14e904bdb97f074eeb] mm/memory_hotplug: make __remove_section() never fail testing commit efaa8fb877a081d82c4dcd14e904bdb97f074eeb with gcc (GCC) 8.1.0 kernel signature: d0055a9b03e51576d0f2c437afab8a7c0e4755445ea13a89ff68398e7ef1f690 all runs: OK # git bisect bad efaa8fb877a081d82c4dcd14e904bdb97f074eeb Bisecting: 23 revisions left to test after this (roughly 5 steps) [85d1250227b0ae48a5111e48a6c1769402992f9b] net/sonic: Fix CAM initialization testing commit 85d1250227b0ae48a5111e48a6c1769402992f9b with gcc (GCC) 8.1.0 kernel signature: 89843b7c4528b0bdb70073fc72332ff314017803a69a93d66f9f459b7c82f9d1 all runs: crashed: general protection fault in nft_chain_parse_hook # git bisect good 85d1250227b0ae48a5111e48a6c1769402992f9b Bisecting: 11 revisions left to test after this (roughly 4 steps) [5b0d87620bbe943e12c802255b76f4356de1093b] netfilter: ipset: use bitmap infrastructure completely testing commit 5b0d87620bbe943e12c802255b76f4356de1093b with gcc (GCC) 8.1.0 kernel signature: ebadc3b979d34a51f0bef22f9dc6a2b7e3f5e10cdc0893410094b9647a6c7c24 all runs: crashed: general protection fault in nft_chain_parse_hook # git bisect good 5b0d87620bbe943e12c802255b76f4356de1093b Bisecting: 5 revisions left to test after this (roughly 3 steps) [4149c8693a8c23947cb60d7c1d177e9d93e6481e] drivers/base/memory.c: remove an unnecessary check on NR_MEM_SECTIONS testing commit 4149c8693a8c23947cb60d7c1d177e9d93e6481e with gcc (GCC) 8.1.0 kernel signature: 3370b583bb836ffd46a67bbd31b66cec0f4859070b873f8341ccd279268a94cd all runs: OK # git bisect bad 4149c8693a8c23947cb60d7c1d177e9d93e6481e Bisecting: 2 revisions left to test after this (roughly 2 steps) [a3cf10bf73fdddbf0e9f0ceb1e7a3bb487dfc3fa] mm/memory_hotplug: make remove_memory() take the device_hotplug_lock testing commit a3cf10bf73fdddbf0e9f0ceb1e7a3bb487dfc3fa with gcc (GCC) 8.1.0 kernel signature: 600eaa87dc11d6ea43af2c603845aa87539677a29f1332e3390f54547638c268 all runs: OK # git bisect bad a3cf10bf73fdddbf0e9f0ceb1e7a3bb487dfc3fa Bisecting: 0 revisions left to test after this (roughly 1 step) [868f9e509e8f774681e387a0f39f850c06560c7e] net/x25: fix nonblocking connect testing commit 868f9e509e8f774681e387a0f39f850c06560c7e with gcc (GCC) 8.1.0 kernel signature: e7b7aaf9a7ad11ce473402cfffdd90333a5e2a9899fd9bff752e036a09e6bb7b all runs: OK # git bisect bad 868f9e509e8f774681e387a0f39f850c06560c7e Bisecting: 0 revisions left to test after this (roughly 0 steps) [1f7a1bcd27c388b4cc286e943218c69db2d3ba71] netfilter: nf_tables: add __nft_chain_type_get() testing commit 1f7a1bcd27c388b4cc286e943218c69db2d3ba71 with gcc (GCC) 8.1.0 kernel signature: e9ded8477cac0727d7ab55b5055f885e994b5f07f41334dd17fe4cac237c704a all runs: OK # git bisect bad 1f7a1bcd27c388b4cc286e943218c69db2d3ba71 1f7a1bcd27c388b4cc286e943218c69db2d3ba71 is the first bad commit commit 1f7a1bcd27c388b4cc286e943218c69db2d3ba71 Author: Pablo Neira Ayuso Date: Tue Jan 21 16:07:00 2020 +0100 netfilter: nf_tables: add __nft_chain_type_get() commit 826035498ec14b77b62a44f0cb6b94d45530db6f upstream. This new helper function validates that unknown family and chain type coming from userspace do not trigger an out-of-bound array access. Bail out in case __nft_chain_type_get() returns NULL from nft_chain_parse_hook(). Fixes: 9370761c56b6 ("netfilter: nf_tables: convert built-in tables/chains to chain types") Reported-by: syzbot+156a04714799b1d480bc@syzkaller.appspotmail.com Signed-off-by: Pablo Neira Ayuso Signed-off-by: Greg Kroah-Hartman net/netfilter/nf_tables_api.c | 29 +++++++++++++++++++++-------- 1 file changed, 21 insertions(+), 8 deletions(-) culprit signature: e9ded8477cac0727d7ab55b5055f885e994b5f07f41334dd17fe4cac237c704a parent signature: ebadc3b979d34a51f0bef22f9dc6a2b7e3f5e10cdc0893410094b9647a6c7c24 revisions tested: 13, total time: 3h48m34.991853816s (build: 2h4m50.904724226s, test: 1h41m40.503191078s) first good commit: 1f7a1bcd27c388b4cc286e943218c69db2d3ba71 netfilter: nf_tables: add __nft_chain_type_get() cc: ["coreteam@netfilter.org" "davem@davemloft.net" "fw@strlen.de" "gregkh@linuxfoundation.org" "kadlec@blackhole.kfki.hu" "linux-kernel@vger.kernel.org" "netdev@vger.kernel.org" "netfilter-devel@vger.kernel.org" "pablo@netfilter.org"]