syzbot |
sign-in | mailing list | source | docs |
================================================================== BUG: KASAN: double-free or invalid-free in nf_tables_newset+0x1ed6/0x2560 net/netfilter/nf_tables_api.c:4148 CPU: 1 PID: 7019 Comm: syz-executor719 Not tainted 5.6.0-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x188/0x20d lib/dump_stack.c:118 print_address_description.constprop.0.cold+0xd3/0x315 mm/kasan/report.c:382 kasan_report_invalid_free+0x61/0xa0 mm/kasan/report.c:476 __kasan_slab_free+0x129/0x140 mm/kasan/common.c:435 __cache_free mm/slab.c:3426 [inline] kfree+0x109/0x2b0 mm/slab.c:3757 nf_tables_newset+0x1ed6/0x2560 net/netfilter/nf_tables_api.c:4148 nfnetlink_rcv_batch+0x83a/0x1610 net/netfilter/nfnetlink.c:433 nfnetlink_rcv_skb_batch net/netfilter/nfnetlink.c:543 [inline] nfnetlink_rcv+0x3af/0x420 net/netfilter/nfnetlink.c:561 netlink_unicast_kernel net/netlink/af_netlink.c:1303 [inline] netlink_unicast+0x537/0x740 net/netlink/af_netlink.c:1329 netlink_sendmsg+0x882/0xe10 net/netlink/af_netlink.c:1918 sock_sendmsg_nosec net/socket.c:652 [inline] sock_sendmsg+0xcf/0x120 net/socket.c:672 ____sys_sendmsg+0x6bf/0x7e0 net/socket.c:2362 ___sys_sendmsg+0x100/0x170 net/socket.c:2416 __sys_sendmsg+0xec/0x1b0 net/socket.c:2449 do_syscall_64+0xf6/0x7d0 arch/x86/entry/common.c:295 entry_SYSCALL_64_after_hwframe+0x49/0xb3 RIP: 0033:0x441279 Code: e8 fc ab 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 9b 09 fc ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007ffd3ba59f08 EFLAGS: 00000246 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441279 RDX: 0000000000000000 RSI: 0000000020000c40 RDI: 0000000000000004 RBP: 000000000000e274 R08: 00000000004002c8 R09: 00000000004002c8 R10: 00000000004002c8 R11: 0000000000000246 R12: 00000000004020a0 R13: 0000000000402130 R14: 0000000000000000 R15: 0000000000000000 Allocated by task 7019: save_stack+0x1b/0x40 mm/kasan/common.c:49 set_track mm/kasan/common.c:57 [inline] __kasan_kmalloc mm/kasan/common.c:495 [inline] __kasan_kmalloc.constprop.0+0xbf/0xd0 mm/kasan/common.c:468 __do_kmalloc mm/slab.c:3656 [inline] __kmalloc_track_caller+0x159/0x7a0 mm/slab.c:3671 kvasprintf+0xb5/0x150 lib/kasprintf.c:25 kasprintf+0xbb/0xf0 lib/kasprintf.c:59 nf_tables_set_alloc_name net/netfilter/nf_tables_api.c:3536 [inline] nf_tables_newset+0x1543/0x2560 net/netfilter/nf_tables_api.c:4088 nfnetlink_rcv_batch+0x83a/0x1610 net/netfilter/nfnetlink.c:433 nfnetlink_rcv_skb_batch net/netfilter/nfnetlink.c:543 [inline] nfnetlink_rcv+0x3af/0x420 net/netfilter/nfnetlink.c:561 netlink_unicast_kernel net/netlink/af_netlink.c:1303 [inline] netlink_unicast+0x537/0x740 net/netlink/af_netlink.c:1329 netlink_sendmsg+0x882/0xe10 net/netlink/af_netlink.c:1918 sock_sendmsg_nosec net/socket.c:652 [inline] sock_sendmsg+0xcf/0x120 net/socket.c:672 ____sys_sendmsg+0x6bf/0x7e0 net/socket.c:2362 ___sys_sendmsg+0x100/0x170 net/socket.c:2416 __sys_sendmsg+0xec/0x1b0 net/socket.c:2449 do_syscall_64+0xf6/0x7d0 arch/x86/entry/common.c:295 entry_SYSCALL_64_after_hwframe+0x49/0xb3 Freed by task 7019: save_stack+0x1b/0x40 mm/kasan/common.c:49 set_track mm/kasan/common.c:57 [inline] kasan_set_free_info mm/kasan/common.c:317 [inline] __kasan_slab_free+0xf7/0x140 mm/kasan/common.c:456 __cache_free mm/slab.c:3426 [inline] kfree+0x109/0x2b0 mm/slab.c:3757 nf_tables_set_alloc_name net/netfilter/nf_tables_api.c:3544 [inline] nf_tables_newset+0x1f73/0x2560 net/netfilter/nf_tables_api.c:4088 nfnetlink_rcv_batch+0x83a/0x1610 net/netfilter/nfnetlink.c:433 nfnetlink_rcv_skb_batch net/netfilter/nfnetlink.c:543 [inline] nfnetlink_rcv+0x3af/0x420 net/netfilter/nfnetlink.c:561 netlink_unicast_kernel net/netlink/af_netlink.c:1303 [inline] netlink_unicast+0x537/0x740 net/netlink/af_netlink.c:1329 netlink_sendmsg+0x882/0xe10 net/netlink/af_netlink.c:1918 sock_sendmsg_nosec net/socket.c:652 [inline] sock_sendmsg+0xcf/0x120 net/socket.c:672 ____sys_sendmsg+0x6bf/0x7e0 net/socket.c:2362 ___sys_sendmsg+0x100/0x170 net/socket.c:2416 __sys_sendmsg+0xec/0x1b0 net/socket.c:2449 do_syscall_64+0xf6/0x7d0 arch/x86/entry/common.c:295 entry_SYSCALL_64_after_hwframe+0x49/0xb3 The buggy address belongs to the object at ffff8880a45be180 which belongs to the cache kmalloc-32 of size 32 The buggy address is located 0 bytes inside of 32-byte region [ffff8880a45be180, ffff8880a45be1a0) The buggy address belongs to the page: page:ffffea0002916f80 refcount:1 mapcount:0 mapping:000000001c13a6fd index:0xffff8880a45befc1 flags: 0xfffe0000000200(slab) raw: 00fffe0000000200 ffffea00027b5248 ffffea0002991e08 ffff8880aa0001c0 raw: ffff8880a45befc1 ffff8880a45be000 0000000100000034 0000000000000000 page dumped because: kasan: bad access detected Memory state around the buggy address: ffff8880a45be080: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc ffff8880a45be100: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc >ffff8880a45be180: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc ^ ffff8880a45be200: fb fb fb fb fc fc fc fc 00 01 fc fc fc fc fc fc ffff8880a45be280: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc ==================================================================
Time | Kernel | Commit | Syzkaller | Config | Log | Report | Syz repro | C repro | VM info | Assets (help?) | Manager | Title |
---|---|---|---|---|---|---|---|---|---|---|---|---|
2020/04/09 04:18 | upstream | ae46d2aa6a7f | db9bcd4b | .config | console log | report | syz | C | ci-upstream-kasan-gce | |||
2020/04/12 01:58 | upstream | 5b8b9d0c6d0e | a8c6a3f8 | .config | console log | report | syz | C | ci-upstream-kasan-gce-386 | |||
2020/04/03 06:14 | upstream | 7be97138e727 | a34e2c33 | .config | console log | report | syz | C | ci-upstream-kasan-gce-386 | |||
2020/04/03 06:39 | net-old | 21f64e72e707 | a34e2c33 | .config | console log | report | syz | C | ci-upstream-net-this-kasan-gce | |||
2020/04/03 06:20 | net-old | 21f64e72e707 | a34e2c33 | .config | console log | report | syz | C | ci-upstream-net-this-kasan-gce | |||
2020/04/03 06:39 | net-next-old | 1a323ea5356e | a34e2c33 | .config | console log | report | syz | C | ci-upstream-net-kasan-gce | |||
2020/04/03 05:52 | net-next-old | 1a323ea5356e | a34e2c33 | .config | console log | report | syz | C | ci-upstream-net-kasan-gce | |||
2020/04/03 05:27 | upstream | 7be97138e727 | a34e2c33 | .config | console log | report | ci-upstream-kasan-gce-386 | |||||
2020/04/03 09:34 | net-old | 21f64e72e707 | a34e2c33 | .config | console log | report | ci-upstream-net-this-kasan-gce | |||||
2020/04/16 17:39 | net-next-old | 63bef48fd6c9 | c743fcb3 | .config | console log | report | ci-upstream-net-kasan-gce | |||||
2020/04/15 17:01 | net-next-old | 63bef48fd6c9 | 3f3c5574 | .config | console log | report | ci-upstream-net-kasan-gce | |||||
2020/04/14 04:23 | net-next-old | 63bef48fd6c9 | 7c54686a | .config | console log | report | ci-upstream-net-kasan-gce | |||||
2020/04/13 03:22 | net-next-old | 63bef48fd6c9 | 36b0b050 | .config | console log | report | ci-upstream-net-kasan-gce | |||||
2020/04/12 12:43 | net-next-old | 63bef48fd6c9 | 36b0b050 | .config | console log | report | ci-upstream-net-kasan-gce | |||||
2020/04/11 06:13 | net-next-old | 63bef48fd6c9 | a8c6a3f8 | .config | console log | report | ci-upstream-net-kasan-gce | |||||
2020/04/10 05:39 | net-next-old | 63bef48fd6c9 | a8c6a3f8 | .config | console log | report | ci-upstream-net-kasan-gce | |||||
2020/04/09 19:07 | net-next-old | 63bef48fd6c9 | a8c6a3f8 | .config | console log | report | ci-upstream-net-kasan-gce | |||||
2020/04/07 11:28 | net-next-old | 1a323ea5356e | 99a96044 | .config | console log | report | ci-upstream-net-kasan-gce | |||||
2020/04/03 09:24 | net-next-old | 1a323ea5356e | a34e2c33 | .config | console log | report | ci-upstream-net-kasan-gce | |||||
2020/04/03 05:31 | net-next-old | 1a323ea5356e | a34e2c33 | .config | console log | report | ci-upstream-net-kasan-gce | |||||
2020/04/01 08:32 | net-next-old | 7f80ccfe9968 | a34e2c33 | .config | console log | report | ci-upstream-net-kasan-gce |