Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- searching for fixing commit since 6304672b7f0a5c010002e63a075160856dc4f88d
- building syzkaller on a899be78f52e4111313fed259abc574fff85e7d7
- testing commit 6304672b7f0a5c010002e63a075160856dc4f88d with gcc (GCC) 8.1.0
- try #0: kernel crashed: inconsistent lock state in est_fetch_counters
- try #1: kernel crashed: inconsistent lock state in est_fetch_counters
- try #2: kernel crashed: inconsistent lock state in est_fetch_counters
- try #3: kernel crashed: KASAN: use-after-free Write in xt_rateest_put
- try #4: kernel crashed: KASAN: use-after-free Write in xt_rateest_put
- testing current HEAD 41e3e1082367221e99a59c8968a583706123ae04
- testing commit 41e3e1082367221e99a59c8968a583706123ae04 with gcc (GCC) 8.1.0
- try #0: OK
- try #1: OK
- try #2: OK
- try #3: OK
- try #4: OK
- # git bisect start 41e3e1082367221e99a59c8968a583706123ae04 6304672b7f0a5c010002e63a075160856dc4f88d
- Bisecting: 13579 revisions left to test after this (roughly 14 steps)
- [da2495fbcbf892d2ad1c6dcfcc9ffe89973b54f6] Merge remote-tracking branches 'asoc/topic/rt5670', 'asoc/topic/sgtl5000', 'asoc/topic/si476x' and 'asoc/topic/sirf' into asoc-next
- testing commit da2495fbcbf892d2ad1c6dcfcc9ffe89973b54f6 with gcc (GCC) 8.1.0
- try #0: OK
- try #1: OK
- try #2: OK
- try #3: OK
- try #4: OK
- # git bisect bad da2495fbcbf892d2ad1c6dcfcc9ffe89973b54f6
- Bisecting: 6845 revisions left to test after this (roughly 13 steps)
- [fe53d1443a146326b49d57fe6336b5c2a725223f] Merge tag 'armsoc-drivers' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc
- testing commit fe53d1443a146326b49d57fe6336b5c2a725223f with gcc (GCC) 8.1.0
- try #0: kernel crashed: KASAN: use-after-free Write in xt_rateest_put
- try #1: kernel crashed: KASAN: use-after-free Write in xt_rateest_put
- try #2: kernel crashed: KASAN: use-after-free Write in xt_rateest_put
- try #3: kernel crashed: KASAN: use-after-free Write in xt_rateest_put
- try #4: OK
- # git bisect good fe53d1443a146326b49d57fe6336b5c2a725223f
- Bisecting: 3420 revisions left to test after this (roughly 12 steps)
- [a2e5790d841658485d642196dbb0927303d6c22f] Merge branch 'akpm' (patches from Andrew)
- testing commit a2e5790d841658485d642196dbb0927303d6c22f with gcc (GCC) 8.1.0
- try #0: kernel crashed: KASAN: use-after-free Write in xt_rateest_put
- try #1: kernel crashed: KASAN: use-after-free Write in xt_rateest_put
- try #2: kernel crashed: KASAN: use-after-free Write in xt_rateest_put
- try #3: kernel crashed: KASAN: use-after-free Write in xt_rateest_put
- try #4: kernel crashed: KASAN: use-after-free Write in xt_rateest_put
- # git bisect good a2e5790d841658485d642196dbb0927303d6c22f
- Bisecting: 1710 revisions left to test after this (roughly 11 steps)
- [3be23274755ee85771270a23af7691dc9b3a95db] tpm: fix potential buffer overruns caused by bit glitches on the bus
- testing commit 3be23274755ee85771270a23af7691dc9b3a95db with gcc (GCC) 8.1.0
- try #0: OK
- try #1: OK
- try #2: OK
- try #3: OK
- try #4: OK
- # git bisect bad 3be23274755ee85771270a23af7691dc9b3a95db
- Bisecting: 808 revisions left to test after this (roughly 10 steps)
- [15303ba5d1cd9b28d03a980456c0978c0ea3b208] Merge tag 'kvm-4.16-1' of git://git.kernel.org/pub/scm/virt/kvm/kvm
- testing commit 15303ba5d1cd9b28d03a980456c0978c0ea3b208 with gcc (GCC) 8.1.0
- try #0: OK
- try #1: OK
- try #2: OK
- try #3: OK
- try #4: OK
- # git bisect bad 15303ba5d1cd9b28d03a980456c0978c0ea3b208
- Bisecting: 450 revisions left to test after this (roughly 9 steps)
- [f1517df8701c9f12dae9ce7f43a5d300a6917619] Merge tag 'nfsd-4.16' of git://linux-nfs.org/~bfields/linux
- testing commit f1517df8701c9f12dae9ce7f43a5d300a6917619 with gcc (GCC) 8.1.0
- try #0: kernel crashed: KASAN: use-after-free Write in xt_rateest_tg_checkentry
- try #1: kernel crashed: KASAN: use-after-free Write in xt_rateest_put
- try #2: kernel crashed: KASAN: use-after-free Write in xt_rateest_put
- try #3: kernel crashed: KASAN: use-after-free Write in xt_rateest_put
- try #4: kernel crashed: KASAN: use-after-free Write in xt_rateest_put
- # git bisect good f1517df8701c9f12dae9ce7f43a5d300a6917619
- Bisecting: 230 revisions left to test after this (roughly 8 steps)
- [7a501609c2cb73381e925827c504a4c2c2cb0817] mconsole_proc(): don't mess with file->f_pos
- testing commit 7a501609c2cb73381e925827c504a4c2c2cb0817 with gcc (GCC) 8.1.0
- try #0: OK
- try #1: OK
- try #2: OK
- try #3: OK
- try #4: OK
- # git bisect bad 7a501609c2cb73381e925827c504a4c2c2cb0817
- Bisecting: 106 revisions left to test after this (roughly 7 steps)
- [858f45bff3b8be61d91e87ef90dddd68433cbffa] Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending
- testing commit 858f45bff3b8be61d91e87ef90dddd68433cbffa with gcc (GCC) 8.1.0
- try #0: kernel crashed: KASAN: use-after-free Write in xt_rateest_put
- try #1: kernel crashed: KASAN: use-after-free Write in xt_rateest_put
- try #2: kernel crashed: KASAN: use-after-free Write in xt_rateest_put
- try #3: kernel crashed: KASAN: use-after-free Write in xt_rateest_put
- try #4: kernel crashed: KASAN: use-after-free Write in xt_rateest_put
- # git bisect good 858f45bff3b8be61d91e87ef90dddd68433cbffa
- Bisecting: 49 revisions left to test after this (roughly 6 steps)
- [e0c42c8e3e94f6c478f8c96814d4a2d19d2204b2] Merge tag 'wireless-drivers-next-for-davem-2018-02-08' of git://git.kernel.org/pub/scm/linux/kernel/git/kvalo/wireless-drivers-next
- testing commit e0c42c8e3e94f6c478f8c96814d4a2d19d2204b2 with gcc (GCC) 8.1.0
- try #0: OK
- try #1: OK
- try #2: OK
- try #3: OK
- try #4: OK
- # git bisect bad e0c42c8e3e94f6c478f8c96814d4a2d19d2204b2
- Bisecting: 27 revisions left to test after this (roughly 5 steps)
- [c70255868148a498ba418bc6c2f9df212d30d393] Merge branch 'nfp-fix-disabling-TC-offloads-in-flower-max-TSO-segs-and-module-version'
- testing commit c70255868148a498ba418bc6c2f9df212d30d393 with gcc (GCC) 8.1.0
- try #0: OK
- try #1: OK
- try #2: OK
- try #3: OK
- try #4: OK
- # git bisect bad c70255868148a498ba418bc6c2f9df212d30d393
- Bisecting: 14 revisions left to test after this (roughly 4 steps)
- [17e9e23b130e4e269fa53c2370325249f3ba75dd] rxrpc: Fix received abort handling
- testing commit 17e9e23b130e4e269fa53c2370325249f3ba75dd with gcc (GCC) 8.1.0
- try #0: OK
- try #1: OK
- try #2: OK
- try #3: OK
- try #4: OK
- # git bisect bad 17e9e23b130e4e269fa53c2370325249f3ba75dd
- Bisecting: 6 revisions left to test after this (roughly 3 steps)
- [7dc68e98757a8eccf8ca7a53a29b896f1eef1f76] netfilter: xt_RATEEST: acquire xt_rateest_mutex for hash insert
- testing commit 7dc68e98757a8eccf8ca7a53a29b896f1eef1f76 with gcc (GCC) 8.1.0
- try #0: OK
- try #1: OK
- try #2: OK
- try #3: OK
- try #4: OK
- # git bisect bad 7dc68e98757a8eccf8ca7a53a29b896f1eef1f76
- Bisecting: 3 revisions left to test after this (roughly 2 steps)
- [6be3bcd75afb673a37a82e18ba46d50430f172c1] netfilter: flowtable infrastructure depends on NETFILTER_INGRESS
- testing commit 6be3bcd75afb673a37a82e18ba46d50430f172c1 with gcc (GCC) 8.1.0
- try #0: kernel crashed: KASAN: use-after-free Write in xt_rateest_put
- try #1: kernel crashed: KASAN: use-after-free Write in xt_rateest_put
- try #2: kernel crashed: KASAN: use-after-free Write in xt_rateest_put
- try #3: kernel crashed: KASAN: use-after-free Write in xt_rateest_put
- try #4: kernel crashed: KASAN: use-after-free Write in xt_rateest_put
- # git bisect good 6be3bcd75afb673a37a82e18ba46d50430f172c1
- Bisecting: 1 revision left to test after this (roughly 1 step)
- [c7f0030b5b67866c588845abde7bf011de25b98a] netfilter: nft_flow_offload: wait for garbage collector to run after cleanup
- testing commit c7f0030b5b67866c588845abde7bf011de25b98a with gcc (GCC) 8.1.0
- try #0: kernel crashed: KASAN: use-after-free Write in xt_rateest_put
- try #1: kernel crashed: KASAN: use-after-free Write in xt_rateest_put
- try #2: kernel crashed: KASAN: use-after-free Write in xt_rateest_put
- try #3: kernel crashed: KASAN: use-after-free Write in xt_rateest_put
- try #4: kernel crashed: KASAN: use-after-free Write in xt_rateest_put
- # git bisect good c7f0030b5b67866c588845abde7bf011de25b98a
- Bisecting: 0 revisions left to test after this (roughly 0 steps)
- [992cfc7c5d105094da7c21c9c74d97ac26bb1e56] netfilter: nft_flow_offload: no need to flush entries on module removal
- testing commit 992cfc7c5d105094da7c21c9c74d97ac26bb1e56 with gcc (GCC) 8.1.0
- try #0: kernel crashed: KASAN: use-after-free Write in xt_rateest_put
- try #1: kernel crashed: KASAN: use-after-free Write in xt_rateest_put
- try #2: kernel crashed: KASAN: use-after-free Write in xt_rateest_put
- try #3: kernel crashed: KASAN: use-after-free Write in xt_rateest_put
- try #4: kernel crashed: KASAN: use-after-free Write in xt_rateest_put
- # git bisect good 992cfc7c5d105094da7c21c9c74d97ac26bb1e56
- 7dc68e98757a8eccf8ca7a53a29b896f1eef1f76 is the first bad commit
- commit 7dc68e98757a8eccf8ca7a53a29b896f1eef1f76
- Author: Cong Wang <xiyou.wangcong@gmail.com>
- Date: Mon Feb 5 14:41:45 2018 -0800
- netfilter: xt_RATEEST: acquire xt_rateest_mutex for hash insert
- rateest_hash is supposed to be protected by xt_rateest_mutex,
- and, as suggested by Eric, lookup and insert should be atomic,
- so we should acquire the xt_rateest_mutex once for both.
- So introduce a non-locking helper for internal use and keep the
- locking one for external.
- Reported-by: <syzbot+5cb189720978275e4c75@syzkaller.appspotmail.com>
- Fixes: 5859034d7eb8 ("[NETFILTER]: x_tables: add RATEEST target")
- Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com>
- Reviewed-by: Florian Westphal <fw@strlen.de>
- Reviewed-by: Eric Dumazet <edumazet@google.com>
- Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
- :040000 040000 3196d85a549f7dbb6c8c69c8f3082e458c80df6c 659be93247dd3e0da9365169bb4509732c147b6f M net
- revisions tested: 17, total time: 2h35m48.923999628s (build: 59m53.865935978s, test: 1h33m5.153718473s)
- first good commit: 7dc68e98757a8eccf8ca7a53a29b896f1eef1f76 netfilter: xt_RATEEST: acquire xt_rateest_mutex for hash insert
Add Comment
Please, Sign In to add comment