Homin Rhee
2023-Feb-23 06:41 UTC
[Bridge] [netfilter][bridge...?][BUG report] vmalloc-out-of-bounds Read in __ebt_unregister_table
Hello I'm iCAROS7 and my syzkaller hit vmalloc-OOB in net/bridge/netfilter/ebtables.c:1168 I not sure about that and related bridge. But report for just-in-case. I attached C reproducer and syzkaller report. Thank you for your deication.>From iCAROS7.<Information of my syzkaller system> CPU: Intel i7-12700K OS: Kubuntu 22.04.1 LTS (amd64) Kernel: 5.18.19-051819-generic Syzkaller build: bcdf85f8 Target kernel: a5c95ca1 Syzkaller hit 'KASAN: vmalloc-out-of-bounds Read in __ebt_unregister_table' bug. =================================================================BUG: KASAN: vmalloc-out-of-bounds in __ebt_unregister_table+0xcc5/0xce0 net/bridge/netfilter/ebtables.c:1168 Read of size 4 at addr ffffc90003169000 by task kworker/u4:0/9 CPU: 1 PID: 9 Comm: kworker/u4:0 Not tainted 6.2.0-01417-gc9c3395d5e3d #13 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014 Workqueue: netns cleanup_net Call Trace: <TASK> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0xd1/0x138 lib/dump_stack.c:106 print_address_description mm/kasan/report.c:306 [inline] print_report+0x156/0x459 mm/kasan/report.c:417 kasan_report+0xc0/0xf0 mm/kasan/report.c:517 __ebt_unregister_table+0xcc5/0xce0 net/bridge/netfilter/ebtables.c:1168 ebt_unregister_table+0x35/0x40 net/bridge/netfilter/ebtables.c:1372 ops_exit_list+0xb0/0x170 net/core/net_namespace.c:169 cleanup_net+0x4ee/0x9d0 net/core/net_namespace.c:613 process_one_work+0x9ba/0x1720 kernel/workqueue.c:2289 worker_thread+0x669/0x1090 kernel/workqueue.c:2436 kthread+0x2e8/0x3a0 kernel/kthread.c:376 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308 </TASK> Memory state around the buggy address: ffffc90003168f00: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 ffffc90003168f80: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8>ffffc90003169000: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8^ ffffc90003169080: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 ffffc90003169100: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 -- Homin Rhee (???,???) OpenPGP fingerprint: 1D94 A708 6346 FBF1 1DD1 6E1F 4957 8AFE D221 9C6A You can see the more information about my OpenPGP at https://minnote.net/gpg -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.linuxfoundation.org/pipermail/bridge/attachments/20230223/fabd0da7/attachment-0001.html> -------------- next part -------------- A non-text attachment was scrubbed... Name: repro.cprog Type: application/octet-stream Size: 10994 bytes Desc: not available URL: <http://lists.linuxfoundation.org/pipermail/bridge/attachments/20230223/fabd0da7/attachment-0002.obj> -------------- next part -------------- A non-text attachment was scrubbed... Name: log3 Type: application/octet-stream Size: 1060607 bytes Desc: not available URL: <http://lists.linuxfoundation.org/pipermail/bridge/attachments/20230223/fabd0da7/attachment-0003.obj>
Seemingly Similar Threads
Wisdom of the Ancients
