lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Sat, 18 Feb 2023 18:57:26 -0800 From: syzbot <syzbot+f61594de72d6705aea03@...kaller.appspotmail.com> To: hdanton@...a.com, linux-kernel@...r.kernel.org, syzkaller-bugs@...glegroups.com Subject: Re: [syzbot] [bridge?] [netfilter?] KASAN: vmalloc-out-of-bounds Read in __ebt_unregister_table Hello, syzbot has tested the proposed patch but the reproducer is still triggering an issue: KASAN: vmalloc-out-of-bounds Read in __ebt_unregister_table ================================================================== BUG: KASAN: vmalloc-out-of-bounds in __ebt_unregister_table+0xf4a/0xfc0 net/bridge/netfilter/ebtables.c:1201 Read of size 4 at addr ffffc90002d9c000 by task kworker/u4:4/74 CPU: 1 PID: 74 Comm: kworker/u4:4 Not tainted 6.2.0-rc8-syzkaller-00083-g3ac88fa4605e-dirty #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 Workqueue: netns cleanup_net Call Trace: <TASK> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0xd1/0x138 lib/dump_stack.c:106 print_address_description mm/kasan/report.c:306 [inline] print_report+0x15e/0x45d mm/kasan/report.c:417 kasan_report+0xbf/0x1f0 mm/kasan/report.c:517 __ebt_unregister_table+0xf4a/0xfc0 net/bridge/netfilter/ebtables.c:1201 ebt_unregister_table+0x35/0x40 net/bridge/netfilter/ebtables.c:1405 ops_exit_list+0xb0/0x170 net/core/net_namespace.c:169 cleanup_net+0x4ee/0xb10 net/core/net_namespace.c:613 process_one_work+0x9bf/0x1710 kernel/workqueue.c:2289 worker_thread+0x669/0x1090 kernel/workqueue.c:2436 kthread+0x2e8/0x3a0 kernel/kthread.c:376 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308 </TASK> Memory state around the buggy address: ffffc90002d9bf00: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 ffffc90002d9bf80: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 >ffffc90002d9c000: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 ^ ffffc90002d9c080: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 ffffc90002d9c100: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 ================================================================== Tested on: commit: 3ac88fa4 Merge tag 'net-6.2-final' of git://git.kernel.. git tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git console output: https://syzkaller.appspot.com/x/log.txt?x=17733430c80000 kernel config: https://syzkaller.appspot.com/x/.config?x=fe56f7d193926860 dashboard link: https://syzkaller.appspot.com/bug?extid=f61594de72d6705aea03 compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 patch: https://syzkaller.appspot.com/x/patch.diff?x=161cf127480000
Powered by blists - more mailing lists