From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4F3C8E77188 for ; Fri, 3 Jan 2025 09:13:10 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 880096B007B; Fri, 3 Jan 2025 04:13:09 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 830FE6B0082; Fri, 3 Jan 2025 04:13:09 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 6F7016B0083; Fri, 3 Jan 2025 04:13:09 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0017.hostedemail.com [216.40.44.17]) by kanga.kvack.org (Postfix) with ESMTP id 4F24D6B007B for ; Fri, 3 Jan 2025 04:13:09 -0500 (EST) Received: from smtpin24.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay08.hostedemail.com (Postfix) with ESMTP id C5CCA1405FB for ; Fri, 3 Jan 2025 09:13:08 +0000 (UTC) X-FDA: 82965574944.24.D596459 Received: from mail-ej1-f52.google.com (mail-ej1-f52.google.com [209.85.218.52]) by imf29.hostedemail.com (Postfix) with ESMTP id 4B43A12000A for ; Fri, 3 Jan 2025 09:11:54 +0000 (UTC) Authentication-Results: imf29.hostedemail.com; dkim=pass header.d=gmail.com header.s=20230601 header.b=ZpWFwSar; spf=pass (imf29.hostedemail.com: domain of zzqq0103.hey@gmail.com designates 209.85.218.52 as permitted sender) smtp.mailfrom=zzqq0103.hey@gmail.com; dmarc=pass (policy=none) header.from=gmail.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1735895534; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding:in-reply-to: references:dkim-signature; bh=Hxwyyak8Yt1hqXINgsxBjUQwlM6g0PQxwsKd0QdgYqI=; b=twFJVkEbK+Gym9FJooLNU6PVpg9oEki3MY2thvYL7XkllqftdpkrXxDSZdLX0ZB2jtKS2+ ctHl05r1GLantKJHoE48x+jueMXI/pGxiV6rG7ygGWOVpK9TS3Mxr56bnc5OR7JhjvPxV1 hiAr1gvrDQK422JIKtplvcnt05YocYU= ARC-Authentication-Results: i=1; imf29.hostedemail.com; dkim=pass header.d=gmail.com header.s=20230601 header.b=ZpWFwSar; spf=pass (imf29.hostedemail.com: domain of zzqq0103.hey@gmail.com designates 209.85.218.52 as permitted sender) smtp.mailfrom=zzqq0103.hey@gmail.com; dmarc=pass (policy=none) header.from=gmail.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1735895534; a=rsa-sha256; cv=none; b=5tyhPe8wodJUkDOUvRBxnuP5YDAoz28ayaZiFB84Jrw/WbgJD/yU3xo7ZmZH3FBHyandr2 e5yI03kwZNrr4bNjqPNPJyCYurBIC8QYNCBFC1TjBpK5saCZ+gDRW7C2BrxUq4ABx7c+f2 KFTv4HAXt2eSQhSGiN7RotJkh6pr4g4= Received: by mail-ej1-f52.google.com with SMTP id a640c23a62f3a-aaee0b309adso1330477966b.3 for ; Fri, 03 Jan 2025 01:13:06 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1735895585; x=1736500385; darn=kvack.org; h=cc:to:subject:message-id:date:from:mime-version:from:to:cc:subject :date:message-id:reply-to; bh=Hxwyyak8Yt1hqXINgsxBjUQwlM6g0PQxwsKd0QdgYqI=; b=ZpWFwSarkfNwDAZUgYiXFuP5oo9G2deRmOOygxFu0WcdOx9syQ/bl2O+MfVMy4Qxwq mw2OWu2oclJZIQ45Mvo9nzg0JzQcLrRO9A25CJfOcJd5YDwwA3VVqpXnQM5GknwUGTl/ 4GJJ4GFny61p9A5TV4f1AJ0Nu7lxxh4e0ont/m9pXLif2cRVBCfLQ88EFdmKexZqpa9V xGpUvH8b9/KMF25Er+UfUOHwKRqmAxIhW7jj/HXfdY2IJ62dZoJWnbZHjr5Q8E1jIuvU R5UcoPOnLm0TdbCK5/2Pn8q7q8FDuB3yvAXkvCeSWsI9OQHnWdYIqCXj/AXQO7SYIx6b 40yQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1735895585; x=1736500385; h=cc:to:subject:message-id:date:from:mime-version:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=Hxwyyak8Yt1hqXINgsxBjUQwlM6g0PQxwsKd0QdgYqI=; b=fjlOlFP7nKuOvKT1gmzSojgDJXbFK492hrkbYkT7CfatRBtYDnXCGgbbeJR1itI575 4LwC18k3lQbmUNF8EeAAGM3j29VtSxb5Bu7J/yXwIhOF9QHhNOQcE4vXth3t/e3sAyk+ /43ZLSiKOIas+AaGimH+D6HicQbMutFomzJwN6DezwwZ2hOoImomYvDTSaN85P1wkHC9 xQMWqf1P1PtWQhdLHOfyhvt8KqLrFrKzGVs6ofNQd+leOugSsuiI36KRZOxjR/a8iqST QaeZDA3Rf516vc+wHg2vNtdvO6gLjpFM+CyKr/Cb4usZOC82uVumsVzzlGnT6u3CM4xx LWUg== X-Gm-Message-State: AOJu0Yw6F0pLSfVLWecPYpwOiIrpjfr/NdJcPUCnYGXbTBu0ejasJudh MoHCMGilReBzFVZhucbLfAjipTFhpi0F1hNipuJLXosAZNcMiiSJ+TWH2+QrkKxKBJi7ScacRvr ZzpSPwcJQ5RZHokdErzE0IHVDLBe1HB7U X-Gm-Gg: ASbGncs95jyjn7FXnkEwVlj4ho5fXiH+7FalK8FXF3NlWLStM3u28Ua+ZFdP6F0S2rb kYkIfn4AlLRIkv5ngEm3Ld0yNmP++/bm/ECotf5s= X-Google-Smtp-Source: AGHT+IHAKdJsAvKnrCUrXivvQOMEqcVAMb74CVkm+ctaz3jFjcjt4+ZNMIUqlIlh/nWx9eLozYDqPJOolRfWRhDzpnI= X-Received: by 2002:a17:907:3fa4:b0:aab:d8de:64ed with SMTP id a640c23a62f3a-aac2d3278camr4984505366b.25.1735895585239; Fri, 03 Jan 2025 01:13:05 -0800 (PST) MIME-Version: 1.0 From: cheung wall Date: Fri, 3 Jan 2025 17:12:53 +0800 Message-ID: Subject: "WARNING in nf_ct_alloc_hashtable" in Linux kernel version 6.13.0-rc2 To: Andrew Morton Cc: linux-mm@kvack.org, linux-kernel@vger.kernel.org Content-Type: text/plain; charset="UTF-8" X-Rspamd-Server: rspam06 X-Rspamd-Queue-Id: 4B43A12000A X-Rspam-User: X-Stat-Signature: imcifif3sxtwxfb7qn9gjksic7atfoex X-HE-Tag: 1735895514-248834 X-HE-Meta: U2FsdGVkX19m8KeKa8k7+Sm9AZE1OAJecp/eDJWo10tsLvwY3f5RxzwDvIVN09L03YEl1bARuvZr1KaMloa60NLSy84R+91HjfaXc9F00vwR2WGNVZUx3mPfiYdNrWwkn30cnjOm4orMN7l+zCfYSSn8GrowovBuDBP42+si4aiV/GIkWC6W6pME/OucM0HIjFa1l2KwXoIXMtrkj3+tiftJg+eltixv10hR6ih3Ft6jrMiIMnH9dn4+iQbZHhvBORkZnb7j3IgB+v5QZ4JqQcZCdsRraU6KnKADWle8/SXdD9Q+4HHL13/lbcwQ4q+QaNiijhxp03w7EIgGOwOEpExsJQXAcgVA8jof5+9JQy3hf4duOsB1u0Mc/id36hBVf2zv3EXY30AYCtDABlZRpSfB0xTe4XhaWN5U5WJ9cA4ndQa/hBapYwuAbP+aEhZ56GCdj1MaDbuhjuxheT0JBFuUfkk95aOib/920gOimc4hUdE3iL2aFBkibBn9IqmeHcDUqCFcUYFKk1OWvs3sVlq2n23nveoUdw5YpCUkKg4x2oq/mxbe2u5HBxm+9WYb590UF8+V/qOXWhRbW9vAYOq0OelcbxpGtcges+JYvDRQNJMy/urZytSfgzPZQglaUY+uHmJ1wiuJZljWHnJ4YvjAXsb9+bCk20m1yq9DuOmo0Jq5kp4M2n3oHD86ar4JnAxFn9VPISyVqPVPnOlYSo1SIGqWlVk+83AUqMLOXp+4UP1oF1ckGDyIu7hD67u5wwJ98P4nohll0f6OgOzd6ZihglUt1QGM3A15y2kmlJfUWCRyCGOYPWNnnoNdAXCKj4KOCmN223diinWMe7SfAvdzGkzl6cCZk9KSrNCBvUC+YkBoh1dvh3+F8Vdidd4IvARAFNk2tjSy6YJkn/Dnboi5zbhVmd1ENkc7LE2x5k6YDxMjPUhtNsHgSJHhHwdCTjH172AvWC2p2/1SOg6 yg8sKHs4 5rHowqnZdl8Z4DlOewkoxQHGVzgVo8KIGyqb65dZHcIoOMlZ3PKBTqVNsJHGeLW7O79HltY/I7gScEoHs3b6E+t2Budfbna7IVhH2bqEbmvG2DN8WgfumGOY9qMfsSJpGsqaJNglt4K9pipl6ndHdA8ISGoaQ6ywFV1QS5gQ/iYxSY4FaLMCxBBmBzG2Mn2ksGB9h3llHSZiOPlqRHtBU9JD/mlaLcqhJzaHcjOgtbANrGlcHxR8cF0N4QYb5HYUEhWuyH6Np0HgZzQ5ILWpbJaiFwIb7B45SI5wS7EaZue/an0oegkzPKzLpFkZLz04bzVyUEHe27pAR1VlGHQtyuPwN/7P+g33Fs+WaN9cGhVWi4DCjhA7u83qHh0vv0Nlslf5sxj/uP1hLA1Tq7qgWsK18UAARV9QFaTZHT0PugJr3rySanoOlazHeXA== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: Hello, I am writing to report a potential vulnerability identified in the Linux Kernel version 6.13.0-rc2. This issue was discovered using our custom vulnerability discovery tool. HEAD commit: fac04efc5c793dccbd07e2d59af9f90b7fc0dca4 (tag: v6.13-rc2) Affected File: mm/util.c File: mm/util.c Function: __kvmalloc_node_noprof Detailed Call Stack: ------------[ cut here begin]------------ RIP: 0010:__kvmalloc_node_noprof+0x18d/0x1b0 mm/util.c:662 Code: a1 48 c7 c7 28 df 86 a8 e8 90 86 14 00 e9 70 ff ff ff e8 b6 d3 e3 ff 41 81 e4 00 20 00 00 0f 85 16 ff ff ff e8 a4 d3 e3 ff 90 <0f> 0b 90 31 db e9 c4 fe ff ff 48 c7 c7 f8 91 e3 a7 e8 5d 86 14 00 RSP: 0018:ffff88800f397b38 EFLAGS: 00010293 RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffffa46327ec RDX: ffff88800fc4d500 RSI: ffffffffa471a1b1 RDI: 0000000000000000 RBP: 00000000cbad2000 R08: 0000000000000000 R09: 0a33303939333137 loop4: detected capacity change from 0 to 32768 R10: ffff88800f397b38 R11: 0000000000032001 R12: 0000000000000000 R13: 00000000ffffffff R14: 000000001975a400 R15: ffff88800f397e08 SELinux: security_context_str_to_sid (root) failed with errno=-22 FS: 00007fc9b1d23580(0000) GS:ffff88811b380000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000055c7e2f2b6b8 CR3: 000000000b970000 CR4: 0000000000350ef0 Call Trace: kvmalloc_array_node_noprof include/linux/slab.h:1063 [inline] nf_ct_alloc_hashtable+0x83/0x110 net/netfilter/nf_conntrack_core.c:2526 nf_conntrack_hash_resize+0x91/0x4d0 net/netfilter/nf_conntrack_core.c:2547 nf_conntrack_hash_sysctl net/netfilter/nf_conntrack_standalone.c:540 [inline] nf_conntrack_hash_sysctl+0xa9/0x100 net/netfilter/nf_conntrack_standalone.c:527 proc_sys_call_handler+0x492/0x5d0 fs/proc/proc_sysctl.c:601 new_sync_write fs/read_write.c:586 [inline] vfs_write+0x51e/0xc80 fs/read_write.c:679 ksys_write+0x110/0x200 fs/read_write.c:731 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xa6/0x1a0 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f ------------[ cut here end]------------ Root Cause: The kernel panic originated within the __kvmalloc_node_noprof function in mm/util.c, triggered during the execution of the Netfilter connection tracking subsystem. Specifically, the nf_conntrack_hash_resize function attempted to allocate memory for resizing the connection tracking hash table from a capacity of 0 to 32,768 entries using kvmalloc_array_node_noprof. This memory allocation likely failed or was mishandled, resulting in an invalid memory access or dereference within __kvmalloc_node_noprof. Additionally, the log indicates a failure in the SELinux security context function security_context_str_to_sid, which returned an EINVAL error (errno=-22). The combination of these factors suggests that the crash was caused by improper handling of memory allocation during a significant capacity change in the connection tracking hash table, possibly due to unhandled allocation failures or logic errors in the resize process. Thank you for your time and attention. Best regards Wall