IPv4: Oversized IP packet from 127.0.0.1 IPv4: Oversized IP packet from 127.0.0.1 IPv4: Oversized IP packet from 127.0.0.1 IPv4: Oversized IP packet from 127.0.0.1 ================================================================== BUG: KASAN: use-after-free in __write_once_size include/linux/compiler.h:247 [inline] BUG: KASAN: use-after-free in __hlist_del include/linux/list.h:619 [inline] BUG: KASAN: use-after-free in hlist_del_rcu include/linux/rculist.h:342 [inline] BUG: KASAN: use-after-free in nf_nat_cleanup_conntrack+0x1ec/0x210 net/netfilter/nf_nat_core.c:691 Write of size 8 at addr ffff8801d249be20 by task swapper/0/0 CPU: 0 PID: 0 Comm: swapper/0 Not tainted 4.4.138-gcf21a9a #62 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 0000000000000000 23e521fc7bf56a6e ffff8801db207a38 ffffffff81e0ed0d ffffea00074926c0 ffff8801d249be20 0000000000000001 ffff8801d249be20 ffff8801c9198000 ffff8801db207a70 ffffffff81515a16 ffff8801d249be20 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x124 lib/dump_stack.c:51 [] print_address_description+0x6c/0x216 mm/kasan/report.c:252 [] kasan_report_error mm/kasan/report.c:351 [inline] [] kasan_report.cold.7+0x175/0x2f7 mm/kasan/report.c:408 [] __asan_report_store8_noabort+0x17/0x20 mm/kasan/report.c:434 [] __write_once_size include/linux/compiler.h:247 [inline] [] __hlist_del include/linux/list.h:619 [inline] [] hlist_del_rcu include/linux/rculist.h:342 [inline] [] nf_nat_cleanup_conntrack+0x1ec/0x210 net/netfilter/nf_nat_core.c:691 [] __nf_ct_ext_destroy+0x140/0x2a0 net/netfilter/nf_conntrack_extend.c:40 [] nf_ct_ext_destroy include/net/netfilter/nf_conntrack_extend.h:80 [inline] [] nf_conntrack_free+0x77/0x130 net/netfilter/nf_conntrack_core.c:904 [] destroy_conntrack+0x26a/0x380 net/netfilter/nf_conntrack_core.c:365 [] nf_conntrack_destroy+0x99/0x1a0 net/netfilter/core.c:389 [] nf_conntrack_put include/linux/skbuff.h:3364 [inline] [] skb_release_head_state+0x158/0x210 net/core/skbuff.c:649 [] skb_release_all+0x15/0x60 net/core/skbuff.c:659 [] __kfree_skb+0x15/0x20 net/core/skbuff.c:675 [] kfree_skb+0xf7/0x3e0 net/core/skbuff.c:696 [] frag_kfree_skb net/ipv4/inet_fragment.c:294 [inline] [] inet_frag_destroy+0x182/0x2e0 net/ipv4/inet_fragment.c:313 [] inet_frag_put include/net/inet_frag.h:123 [inline] [] ipq_put net/ipv4/ip_fragment.c:172 [inline] [] ip_expire+0x154/0x770 net/ipv4/ip_fragment.c:256 [] call_timer_fn+0x18c/0x870 kernel/time/timer.c:1185 [] __run_timers kernel/time/timer.c:1261 [inline] [] run_timer_softirq+0x642/0xb90 kernel/time/timer.c:1444 [] __do_softirq+0x22c/0xa1a kernel/softirq.c:273 [] invoke_softirq kernel/softirq.c:350 [inline] [] irq_exit+0x10d/0x140 kernel/softirq.c:391 [] exiting_irq arch/x86/include/asm/apic.h:653 [inline] [] smp_apic_timer_interrupt+0x81/0xa0 arch/x86/kernel/apic/apic.c:926 [] apic_timer_interrupt+0xa0/0xb0 arch/x86/entry/entry_64.S:741 [] ? native_safe_halt+0x6/0x10 arch/x86/include/asm/irqflags.h:49 [] arch_safe_halt arch/x86/include/asm/paravirt.h:117 [inline] [] default_idle+0x55/0x3c0 arch/x86/kernel/process.c:290 [] arch_cpu_idle+0x10/0x20 arch/x86/kernel/process.c:281 [] default_idle_call+0x57/0x70 kernel/sched/idle.c:93 [] cpuidle_idle_call kernel/sched/idle.c:157 [inline] [] cpu_idle_loop kernel/sched/idle.c:253 [inline] [] cpu_startup_entry+0x6af/0x780 kernel/sched/idle.c:301 [] rest_init+0x188/0x18e init/main.c:410 [] start_kernel+0x6b3/0x6e7 init/main.c:682 [] x86_64_start_reservations+0x29/0x2b arch/x86/kernel/head64.c:196 [] x86_64_start_kernel+0x13f/0x162 arch/x86/kernel/head64.c:185 The buggy address belongs to the page: page:ffffea00074926c0 count:0 mapcount:0 mapping: (null) index:0x0 flags: 0x8000000000000000() page dumped because: kasan: bad access detected Memory state around the buggy address: ffff8801d249bd00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ffff8801d249bd80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff >ffff8801d249be00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ^ ffff8801d249be80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ffff8801d249bf00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ==================================================================