On Sun, Jan 26, 2020 at 8:01 PM syzbot <syzbot+f3e96783d74ee8ea9aa3@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote: > > syzbot has bisected this bug to: Ok, the bisection is obviously bogus - it just points to where the KASAN support was added to _notice_ the problem. But is somebody looking at the actual KASAN report itself? https://syzkaller.appspot.com/bug?extid=f3e96783d74ee8ea9aa3 It does look like nfnetlink_rcv_msg() ends up looking at a bit: bitmap_ip_do_add net/netfilter/ipset/ip_set_bitmap_ip.c:83 [inline] bitmap_ip_add+0xef/0xe60 net/netfilter/ipset/ip_set_bitmap_gen.h:136 bitmap_ip_uadt+0x73e/0xa10 net/netfilter/ipset/ip_set_bitmap_ip.c:186 call_ad+0x1a0/0x5a0 net/netfilter/ipset/ip_set_core.c:1716 ip_set_ad.isra.0+0x572/0xb20 net/netfilter/ipset/ip_set_core.c:1804 ip_set_uadd+0x37/0x50 net/netfilter/ipset/ip_set_core.c:1829 nfnetlink_rcv_msg+0xcf2/0xfb0 net/netfilter/nfnetlink.c:229 that is past the allocation: ip_set_alloc+0x38/0x5e net/netfilter/ipset/ip_set_core.c:255 init_map_ip net/netfilter/ipset/ip_set_bitmap_ip.c:223 [inline] bitmap_ip_create+0x6ec/0xc20 net/netfilter/ipset/ip_set_bitmap_ip.c:327 ip_set_create+0x6f1/0x1500 net/netfilter/ipset/ip_set_core.c:1111 nfnetlink_rcv_msg+0xcf2/0xfb0 net/netfilter/nfnetlink.c:229 Maybe this has already been fixed, but I'm just trying to follow-up on the syzbot report.. Linus
