KASAN: slab-out-of-bounds Read in bitmap_ipmac

Title	Replies (including bot)	Last reply
KASAN: slab-out-of-bounds Read in bitmap_ipmac_gc	0 (3)	2020/03/16 12:49

================================================================== BUG: KASAN: slab-out-of-bounds in test_bit include/asm-generic/bitops/instrumented-non-atomic.h:110 [inline] BUG: KASAN: slab-out-of-bounds in bitmap_ipmac_gc_test net/netfilter/ipset/ip_set_bitmap_ipmac.c:102 [inline] BUG: KASAN: slab-out-of-bounds in bitmap_ipmac_gc+0x119/0x590 net/netfilter/ipset/ip_set_bitmap_gen.h:277 Read of size 8 at addr ffff8880949d46c0 by task swapper/1/0 CPU: 1 PID: 0 Comm: swapper/1 Not tainted 5.5.0-rc7-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: <IRQ> __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x197/0x210 lib/dump_stack.c:118 print_address_description.constprop.0.cold+0xd4/0x30b mm/kasan/report.c:374 __kasan_report.cold+0x1b/0x41 mm/kasan/report.c:506 kasan_report+0x12/0x20 mm/kasan/common.c:639 check_memory_region_inline mm/kasan/generic.c:185 [inline] check_memory_region+0x134/0x1a0 mm/kasan/generic.c:192 __kasan_check_read+0x11/0x20 mm/kasan/common.c:95 test_bit include/asm-generic/bitops/instrumented-non-atomic.h:110 [inline] bitmap_ipmac_gc_test net/netfilter/ipset/ip_set_bitmap_ipmac.c:102 [inline] bitmap_ipmac_gc+0x119/0x590 net/netfilter/ipset/ip_set_bitmap_gen.h:277 call_timer_fn+0x1ac/0x780 kernel/time/timer.c:1404 expire_timers kernel/time/timer.c:1449 [inline] __run_timers kernel/time/timer.c:1773 [inline] __run_timers kernel/time/timer.c:1740 [inline] run_timer_softirq+0x6c3/0x1790 kernel/time/timer.c:1786 __do_softirq+0x262/0x98c kernel/softirq.c:292 invoke_softirq kernel/softirq.c:373 [inline] irq_exit+0x19b/0x1e0 kernel/softirq.c:413 exiting_irq arch/x86/include/asm/apic.h:536 [inline] smp_apic_timer_interrupt+0x1a3/0x610 arch/x86/kernel/apic/apic.c:1137 apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:829 </IRQ> RIP: 0010:native_safe_halt+0xe/0x10 arch/x86/include/asm/irqflags.h:61 Code: b8 80 de f9 eb 8a cc cc cc cc cc cc e9 07 00 00 00 0f 00 2d c4 41 54 00 f4 c3 66 90 e9 07 00 00 00 0f 00 2d b4 41 54 00 fb f4 <c3> cc 55 48 89 e5 41 57 41 56 41 55 41 54 53 e8 be 4d 8e f9 e8 49 RSP: 0018:ffffc90000d3fd68 EFLAGS: 00000286 ORIG_RAX: ffffffffffffff13 RAX: 1ffffffff1326676 RBX: ffff8880a9a0a340 RCX: 0000000000000000 RDX: dffffc0000000000 RSI: 0000000000000006 RDI: ffff8880a9a0abd4 RBP: ffffc90000d3fd98 R08: ffff8880a9a0a340 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: dffffc0000000000 R13: ffffffff8a7b4e80 R14: 0000000000000000 R15: 0000000000000001 arch_cpu_idle+0xa/0x10 arch/x86/kernel/process.c:690 default_idle_call+0x84/0xb0 kernel/sched/idle.c:94 cpuidle_idle_call kernel/sched/idle.c:154 [inline] do_idle+0x3c8/0x6e0 kernel/sched/idle.c:269 cpu_startup_entry+0x1b/0x20 kernel/sched/idle.c:361 start_secondary+0x2f4/0x410 arch/x86/kernel/smpboot.c:264 secondary_startup_64+0xa4/0xb0 arch/x86/kernel/head_64.S:242 Allocated by task 11247: save_stack+0x23/0x90 mm/kasan/common.c:72 set_track mm/kasan/common.c:80 [inline] __kasan_kmalloc mm/kasan/common.c:513 [inline] __kasan_kmalloc.constprop.0+0xcf/0xe0 mm/kasan/common.c:486 kasan_kmalloc+0x9/0x10 mm/kasan/common.c:527 __do_kmalloc mm/slab.c:3656 [inline] __kmalloc+0x163/0x770 mm/slab.c:3665 kmalloc include/linux/slab.h:561 [inline] kzalloc include/linux/slab.h:670 [inline] ip_set_alloc+0x38/0x5e net/netfilter/ipset/ip_set_core.c:255 init_map_ipmac net/netfilter/ipset/ip_set_bitmap_ipmac.c:302 [inline] bitmap_ipmac_create+0x4e8/0xa00 net/netfilter/ipset/ip_set_bitmap_ipmac.c:365 ip_set_create+0x6f1/0x1500 net/netfilter/ipset/ip_set_core.c:1111 nfnetlink_rcv_msg+0xcf2/0xfb0 net/netfilter/nfnetlink.c:229 netlink_rcv_skb+0x177/0x450 net/netlink/af_netlink.c:2477 nfnetlink_rcv+0x1ba/0x460 net/netfilter/nfnetlink.c:563 netlink_unicast_kernel net/netlink/af_netlink.c:1302 [inline] netlink_unicast+0x58c/0x7d0 net/netlink/af_netlink.c:1328 netlink_sendmsg+0x91c/0xea0 net/netlink/af_netlink.c:1917 sock_sendmsg_nosec net/socket.c:639 [inline] sock_sendmsg+0xd7/0x130 net/socket.c:659 ____sys_sendmsg+0x753/0x880 net/socket.c:2330 ___sys_sendmsg+0x100/0x170 net/socket.c:2384 __sys_sendmsg+0x105/0x1d0 net/socket.c:2417 __do_sys_sendmsg net/socket.c:2426 [inline] __se_sys_sendmsg net/socket.c:2424 [inline] __x64_sys_sendmsg+0x78/0xb0 net/socket.c:2424 do_syscall_64+0xfa/0x790 arch/x86/entry/common.c:294 entry_SYSCALL_64_after_hwframe+0x49/0xbe Freed by task 11018: save_stack+0x23/0x90 mm/kasan/common.c:72 set_track mm/kasan/common.c:80 [inline] kasan_set_free_info mm/kasan/common.c:335 [inline] __kasan_slab_free+0x102/0x150 mm/kasan/common.c:474 kasan_slab_free+0xe/0x10 mm/kasan/common.c:483 __cache_free mm/slab.c:3426 [inline] kfree+0x10a/0x2c0 mm/slab.c:3757 tomoyo_init_log+0x15a9/0x2070 security/tomoyo/audit.c:292 tomoyo_supervisor+0x33f/0xef0 security/tomoyo/common.c:2097 tomoyo_audit_env_log security/tomoyo/environ.c:36 [inline] tomoyo_env_perm+0x18e/0x210 security/tomoyo/environ.c:63 tomoyo_environ security/tomoyo/domain.c:674 [inline] tomoyo_find_next_domain+0x1354/0x1f6c security/tomoyo/domain.c:881 tomoyo_bprm_check_security security/tomoyo/tomoyo.c:107 [inline] tomoyo_bprm_check_security+0x124/0x1a0 security/tomoyo/tomoyo.c:97 security_bprm_check+0x63/0xb0 security/security.c:784 search_binary_handler+0x71/0x570 fs/exec.c:1645 exec_binprm fs/exec.c:1701 [inline] __do_execve_file.isra.0+0x1329/0x22b0 fs/exec.c:1821 do_execveat_common fs/exec.c:1867 [inline] do_execve fs/exec.c:1884 [inline] __do_sys_execve fs/exec.c:1960 [inline] __se_sys_execve fs/exec.c:1955 [inline] __x64_sys_execve+0x8f/0xc0 fs/exec.c:1955 do_syscall_64+0xfa/0x790 arch/x86/entry/common.c:294 entry_SYSCALL_64_after_hwframe+0x49/0xbe The buggy address belongs to the object at ffff8880949d46c0 which belongs to the cache kmalloc-32 of size 32 The buggy address is located 0 bytes inside of 32-byte region [ffff8880949d46c0, ffff8880949d46e0) The buggy address belongs to the page: page:ffffea0002527500 refcount:1 mapcount:0 mapping:ffff8880aa4001c0 index:0xffff8880949d4fc1 raw: 00fffe0000000200 ffffea0002968f88 ffffea0002a05988 ffff8880aa4001c0 raw: ffff8880949d4fc1 ffff8880949d4000 0000000100000039 0000000000000000 page dumped because: kasan: bad access detected Memory state around the buggy address: ffff8880949d4580: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc ffff8880949d4600: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc >ffff8880949d4680: fb fb fb fb fc fc fc fc 04 fc fc fc fc fc fc fc ^ ffff8880949d4700: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc ffff8880949d4780: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc ==================================================================

Crashes (70):
Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro	Manager
2020/01/22 18:26	upstream	d96d875ef5dd	8eda0b95	.config	console log	report	syz	C	ci-upstream-kasan-gce-selinux-root
2020/01/22 17:44	upstream	d96d875ef5dd	8eda0b95	.config	console log	report	syz	C	ci-upstream-kasan-gce-selinux-root
2020/01/22 16:16	upstream	d96d875ef5dd	8eda0b95	.config	console log	report	syz	C	ci-upstream-kasan-gce-selinux-root
2020/01/22 15:55	upstream	d96d875ef5dd	8eda0b95	.config	console log	report	syz	C	ci-upstream-kasan-gce-selinux-root
2020/01/22 15:35	upstream	d96d875ef5dd	8eda0b95	.config	console log	report	syz	C	ci-upstream-kasan-gce-selinux-root
2020/01/22 09:46	upstream	d96d875ef5dd	8eda0b95	.config	console log	report	syz	C	ci-upstream-kasan-gce-root
2020/01/22 09:27	upstream	d96d875ef5dd	8eda0b95	.config	console log	report	syz	C	ci-upstream-kasan-gce-root
2020/01/22 08:58	upstream	d96d875ef5dd	8eda0b95	.config	console log	report	syz	C	ci-upstream-kasan-gce-root
2020/01/21 14:00	upstream	d96d875ef5dd	8eda0b95	.config	console log	report	syz	C	ci-upstream-kasan-gce
2020/01/21 13:39	upstream	d96d875ef5dd	8eda0b95	.config	console log	report	syz	C	ci-upstream-kasan-gce-smack-root
2020/01/21 13:00	upstream	d96d875ef5dd	8eda0b95	.config	console log	report	syz	C	ci-upstream-kasan-gce-smack-root
2020/01/21 11:59	upstream	d96d875ef5dd	8eda0b95	.config	console log	report	syz	C	ci-upstream-kasan-gce
2020/01/21 11:28	upstream	d96d875ef5dd	8eda0b95	.config	console log	report	syz	C	ci-upstream-kasan-gce
2020/01/21 11:05	upstream	d96d875ef5dd	8eda0b95	.config	console log	report	syz	C	ci-upstream-kasan-gce-smack-root
2020/01/21 10:56	upstream	d96d875ef5dd	8eda0b95	.config	console log	report	syz	C	ci-upstream-kasan-gce
2020/01/21 10:44	upstream	d96d875ef5dd	8eda0b95	.config	console log	report	syz	C	ci-upstream-kasan-gce-smack-root
2020/01/20 12:36	upstream	def9d2780727	0342f8c7	.config	console log	report	syz	C	ci-upstream-kasan-gce
2020/01/20 12:36	upstream	def9d2780727	0342f8c7	.config	console log	report	syz	C	ci-upstream-kasan-gce-root
2020/01/20 12:26	upstream	def9d2780727	0342f8c7	.config	console log	report	syz	C	ci-upstream-kasan-gce-smack-root
2020/01/21 09:35	upstream	d96d875ef5dd	8eda0b95	.config	console log	report	syz	C	ci-upstream-kasan-gce-386
2020/01/21 08:45	upstream	d96d875ef5dd	8eda0b95	.config	console log	report	syz	C	ci-upstream-kasan-gce-386
2020/01/21 04:13	upstream	d96d875ef5dd	d2557fb5	.config	console log	report	syz	C	ci-upstream-kasan-gce-386
2020/01/21 03:41	upstream	d96d875ef5dd	d2557fb5	.config	console log	report	syz	C	ci-upstream-kasan-gce-386
2020/01/21 00:40	net-old	7008ee121089	d2557fb5	.config	console log	report	syz	C	ci-upstream-net-this-kasan-gce
2020/01/21 00:00	net-old	7008ee121089	d2557fb5	.config	console log	report	syz	C	ci-upstream-net-this-kasan-gce
2020/01/20 21:48	net-old	7008ee121089	d2557fb5	.config	console log	report	syz	C	ci-upstream-net-this-kasan-gce
2020/01/20 21:24	net-old	7008ee121089	d2557fb5	.config	console log	report	syz	C	ci-upstream-net-this-kasan-gce
2020/01/20 20:58	net-old	7008ee121089	d2557fb5	.config	console log	report	syz	C	ci-upstream-net-this-kasan-gce
2020/01/20 12:57	net-old	7008ee121089	0342f8c7	.config	console log	report	syz	C	ci-upstream-net-this-kasan-gce
2020/01/21 02:50	net-next-old	b3f7e3f23a76	d2557fb5	.config	console log	report	syz	C	ci-upstream-net-kasan-gce
2020/01/21 02:10	net-next-old	b3f7e3f23a76	d2557fb5	.config	console log	report	syz	C	ci-upstream-net-kasan-gce
2020/01/20 22:59	net-next-old	b3f7e3f23a76	d2557fb5	.config	console log	report	syz	C	ci-upstream-net-kasan-gce
2020/01/20 22:29	net-next-old	b3f7e3f23a76	d2557fb5	.config	console log	report	syz	C	ci-upstream-net-kasan-gce
2020/01/20 12:15	net-next-old	b3f7e3f23a76	0342f8c7	.config	console log	report	syz	C	ci-upstream-net-kasan-gce
2020/01/20 12:16	linux-next	2747d5fdab78	0342f8c7	.config	console log	report	syz	C	ci-upstream-linux-next-kasan-gce-root
2020/01/22 08:24	upstream	d96d875ef5dd	8eda0b95	.config	console log	report			ci-upstream-kasan-gce-selinux-root
2020/01/22 08:18	upstream	d96d875ef5dd	8eda0b95	.config	console log	report			ci-upstream-kasan-gce-root
2020/01/22 08:18	upstream	d96d875ef5dd	8eda0b95	.config	console log	report			ci-upstream-kasan-gce
2020/01/20 12:06	upstream	def9d2780727	0342f8c7	.config	console log	report			ci-upstream-kasan-gce-smack-root
2020/01/20 12:06	upstream	def9d2780727	0342f8c7	.config	console log	report			ci-upstream-kasan-gce-smack-root
2020/01/20 11:54	upstream	def9d2780727	0342f8c7	.config	console log	report			ci-upstream-kasan-gce-root
2020/01/20 11:52	upstream	def9d2780727	0342f8c7	.config	console log	report			ci-upstream-kasan-gce
2020/01/22 08:20	upstream	d96d875ef5dd	8eda0b95	.config	console log	report			ci-upstream-kasan-gce-386
2020/01/20 12:02	upstream	def9d2780727	0342f8c7	.config	console log	report			ci-upstream-kasan-gce-386
2020/01/25 23:05	net-old	61b1f2aff411	2e95ab33	.config	console log	report			ci-upstream-net-this-kasan-gce
2020/01/25 17:58	net-old	61b1f2aff411	2e95ab33	.config	console log	report			ci-upstream-net-this-kasan-gce
2020/01/25 10:06	net-old	61b1f2aff411	2e95ab33	.config	console log	report			ci-upstream-net-this-kasan-gce
2020/01/25 07:32	net-old	623c8d5c74c6	2e95ab33	.config	console log	report			ci-upstream-net-this-kasan-gce
2020/01/24 17:15	net-old	623c8d5c74c6	2e95ab33	.config	console log	report			ci-upstream-net-this-kasan-gce
2020/01/24 16:07	net-old	623c8d5c74c6	2e95ab33	.config	console log	report			ci-upstream-net-this-kasan-gce
2020/01/24 13:15	net-old	61678d28d4a4	2e95ab33	.config	console log	report			ci-upstream-net-this-kasan-gce
2020/01/20 11:52	net-old	7008ee121089	0342f8c7	.config	console log	report			ci-upstream-net-this-kasan-gce
2020/01/23 19:24	net-next-old	fd786fb1d2ca	3334d684	.config	console log	report			ci-upstream-net-kasan-gce
2020/01/20 11:53	net-next-old	b3f7e3f23a76	0342f8c7	.config	console log	report			ci-upstream-net-kasan-gce
2020/02/05 22:07	linux-next	2747d5fdab78	662cf49a	.config	console log	report			ci-upstream-linux-next-kasan-gce-root
2020/02/01 19:08	linux-next	2747d5fdab78	0eb59c27	.config	console log	report			ci-upstream-linux-next-kasan-gce-root
2020/01/22 08:22	linux-next	2747d5fdab78	8eda0b95	.config	console log	report			ci-upstream-linux-next-kasan-gce-root
2020/01/20 12:00	linux-next	2747d5fdab78	0342f8c7	.config	console log	report			ci-upstream-linux-next-kasan-gce-root
2020/01/20 11:57	linux-next	2747d5fdab78	0342f8c7	.config	console log	report			ci-upstream-linux-next-kasan-gce-root

Crashes (70):

Assets (help?)

2020/01/22 18:26

upstream

ci-upstream-kasan-gce-selinux-root

2020/01/22 17:44

upstream

ci-upstream-kasan-gce-selinux-root

2020/01/22 16:16

upstream

ci-upstream-kasan-gce-selinux-root

2020/01/22 15:55

upstream

ci-upstream-kasan-gce-selinux-root

2020/01/22 15:35

upstream

ci-upstream-kasan-gce-selinux-root

2020/01/22 09:46

upstream

ci-upstream-kasan-gce-root

2020/01/22 09:27

upstream

ci-upstream-kasan-gce-root

2020/01/22 08:58

upstream

ci-upstream-kasan-gce-root

2020/01/21 14:00

upstream

ci-upstream-kasan-gce

2020/01/21 13:39

upstream

ci-upstream-kasan-gce-smack-root

2020/01/21 13:00

upstream

ci-upstream-kasan-gce-smack-root

2020/01/21 11:59

upstream

ci-upstream-kasan-gce

2020/01/21 11:28

upstream

ci-upstream-kasan-gce

2020/01/21 11:05

upstream

ci-upstream-kasan-gce-smack-root

2020/01/21 10:56

upstream

ci-upstream-kasan-gce

2020/01/21 10:44

upstream

ci-upstream-kasan-gce-smack-root

2020/01/20 12:36

upstream

ci-upstream-kasan-gce

2020/01/20 12:36

upstream

ci-upstream-kasan-gce-root

2020/01/20 12:26

upstream

ci-upstream-kasan-gce-smack-root

2020/01/21 09:35

upstream

ci-upstream-kasan-gce-386

2020/01/21 08:45

upstream

ci-upstream-kasan-gce-386

2020/01/21 04:13

upstream

ci-upstream-kasan-gce-386

2020/01/21 03:41

upstream

ci-upstream-kasan-gce-386

2020/01/21 00:40

net-old

ci-upstream-net-this-kasan-gce

2020/01/21 00:00

net-old

ci-upstream-net-this-kasan-gce

2020/01/20 21:48

net-old

ci-upstream-net-this-kasan-gce

2020/01/20 21:24

net-old

ci-upstream-net-this-kasan-gce

2020/01/20 20:58

net-old

ci-upstream-net-this-kasan-gce

2020/01/20 12:57

net-old

ci-upstream-net-this-kasan-gce

2020/01/21 02:50

net-next-old

ci-upstream-net-kasan-gce

2020/01/21 02:10

net-next-old

ci-upstream-net-kasan-gce

2020/01/20 22:59

net-next-old

ci-upstream-net-kasan-gce

2020/01/20 22:29

net-next-old

ci-upstream-net-kasan-gce

2020/01/20 12:15

net-next-old

ci-upstream-net-kasan-gce

2020/01/20 12:16

linux-next

ci-upstream-linux-next-kasan-gce-root

2020/01/22 08:24

upstream

ci-upstream-kasan-gce-selinux-root

2020/01/22 08:18

upstream

ci-upstream-kasan-gce-root

2020/01/22 08:18

upstream

ci-upstream-kasan-gce

2020/01/20 12:06

upstream

ci-upstream-kasan-gce-smack-root

2020/01/20 12:06

upstream

ci-upstream-kasan-gce-smack-root

2020/01/20 11:54

upstream

ci-upstream-kasan-gce-root

2020/01/20 11:52

upstream

ci-upstream-kasan-gce

2020/01/22 08:20

upstream

ci-upstream-kasan-gce-386

2020/01/20 12:02

upstream

ci-upstream-kasan-gce-386

2020/01/25 23:05

net-old

ci-upstream-net-this-kasan-gce

2020/01/25 17:58

net-old

ci-upstream-net-this-kasan-gce

2020/01/25 10:06

net-old

ci-upstream-net-this-kasan-gce

2020/01/25 07:32

net-old

ci-upstream-net-this-kasan-gce

2020/01/24 17:15

net-old

ci-upstream-net-this-kasan-gce

2020/01/24 16:07

net-old

ci-upstream-net-this-kasan-gce

2020/01/24 13:15

net-old

ci-upstream-net-this-kasan-gce

2020/01/20 11:52

net-old

ci-upstream-net-this-kasan-gce

2020/01/23 19:24

net-next-old

ci-upstream-net-kasan-gce

2020/01/20 11:53

net-next-old

ci-upstream-net-kasan-gce

2020/02/05 22:07

linux-next

ci-upstream-linux-next-kasan-gce-root

2020/02/01 19:08

linux-next

ci-upstream-linux-next-kasan-gce-root

2020/01/22 08:22

linux-next

ci-upstream-linux-next-kasan-gce-root

2020/01/20 12:00

linux-next

ci-upstream-linux-next-kasan-gce-root

2020/01/20 11:57

linux-next

ci-upstream-linux-next-kasan-gce-root