KASAN: vmalloc-out-of-bounds Read in compat_copy

Title	Replies (including bot)	Last reply
[PATCH 3.16 000/245] 3.16.83-rc1 review	260 (260)	2020/04/24 17:54
[PATCH 4.19 000/114] 4.19.93-stable review	134 (134)	2020/02/07 10:19
[PATCH 5.4 000/191] 5.4.8-stable review	215 (215)	2020/01/06 09:03
[PATCH 4.4 000/137] 4.4.208-stable review	143 (143)	2020/01/04 12:32
[PATCH 4.14 00/91] 4.14.162-stable review	99 (99)	2020/01/03 22:01
[PATCH 4.9 000/171] 4.9.208-stable review	176 (176)	2020/01/03 21:51
[PATCH 0/4] Netfilter fixes for net	6 (6)	2019/12/26 21:11
[PATCH nf] netfilter: ebtables: compat: reject all padding in matches/watchers	2 (2)	2019/12/20 01:11
KASAN: vmalloc-out-of-bounds Read in compat_copy_entries	0 (2)	2019/12/15 06:31

================================================================== BUG: KASAN: vmalloc-out-of-bounds in size_entry_mwt net/bridge/netfilter/ebtables.c:2063 [inline] BUG: KASAN: vmalloc-out-of-bounds in compat_copy_entries+0x128b/0x1380 net/bridge/netfilter/ebtables.c:2155 Read of size 4 at addr ffffc90000d461f4 by task syz-executor640/9086 CPU: 0 PID: 9086 Comm: syz-executor640 Not tainted 5.5.0-rc1-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x197/0x210 lib/dump_stack.c:118 print_address_description.constprop.0.cold+0x5/0x30b mm/kasan/report.c:374 __kasan_report.cold+0x1b/0x41 mm/kasan/report.c:506 kasan_report+0x12/0x20 mm/kasan/common.c:639 __asan_report_load4_noabort+0x14/0x20 mm/kasan/generic_report.c:134 size_entry_mwt net/bridge/netfilter/ebtables.c:2063 [inline] compat_copy_entries+0x128b/0x1380 net/bridge/netfilter/ebtables.c:2155 compat_do_replace+0x344/0x720 net/bridge/netfilter/ebtables.c:2249 compat_do_ebt_set_ctl+0x22f/0x27e net/bridge/netfilter/ebtables.c:2333 compat_nf_sockopt net/netfilter/nf_sockopt.c:144 [inline] compat_nf_setsockopt+0x98/0x140 net/netfilter/nf_sockopt.c:156 compat_ip_setsockopt net/ipv4/ip_sockglue.c:1286 [inline] compat_ip_setsockopt+0x106/0x140 net/ipv4/ip_sockglue.c:1267 compat_udp_setsockopt+0x68/0xb0 net/ipv4/udp.c:2649 compat_sock_common_setsockopt+0xb2/0x140 net/core/sock.c:3160 __compat_sys_setsockopt+0x185/0x380 net/compat.c:384 __do_compat_sys_setsockopt net/compat.c:397 [inline] __se_compat_sys_setsockopt net/compat.c:394 [inline] __ia32_compat_sys_setsockopt+0xbd/0x150 net/compat.c:394 do_syscall_32_irqs_on arch/x86/entry/common.c:337 [inline] do_fast_syscall_32+0x27b/0xe16 arch/x86/entry/common.c:408 entry_SYSENTER_compat+0x70/0x7f arch/x86/entry/entry_64_compat.S:139 RIP: 0023:0xf7feca39 Code: 00 00 00 89 d3 5b 5e 5f 5d c3 b8 80 96 98 00 eb c4 8b 04 24 c3 8b 1c 24 c3 8b 34 24 c3 8b 3c 24 c3 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 RSP: 002b:00000000ff8a607c EFLAGS: 00000296 ORIG_RAX: 000000000000016e RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000000000 RDX: 0000000000000080 RSI: 0000000020000240 RDI: 0000000000000212 RBP: 0000000000000012 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 Memory state around the buggy address: ffffc90000d46080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffffc90000d46100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >ffffc90000d46180: 00 00 00 00 00 00 00 00 02 f9 f9 f9 f9 f9 f9 f9 ^ ffffc90000d46200: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 ffffc90000d46280: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 ==================================================================

Crashes (3):
Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro	Manager
2019/12/14 21:25	upstream	e31736d9fae8	eef6e580	.config	console log	report	syz	C	ci-upstream-kasan-gce-386
2019/12/14 21:03	upstream	e31736d9fae8	eef6e580	.config	console log	report	syz	C	ci-qemu-upstream-386
2019/12/14 14:41	upstream	e31736d9fae8	eef6e580	.config	console log	report			ci-qemu-upstream-386

Crashes (3):

Assets (help?)