On Wed, Jan 08, 2020 at 10:59:38AM +0100, Florian Westphal wrote: > The set uadt functions assume lineno is never NULL, but it is in > case of ip_set_utest(). > > syzkaller managed to generate a netlink message that calls this with > LINENO attr present: > > general protection fault: 0000 [#1] PREEMPT SMP KASAN > RIP: 0010:hash_mac4_uadt+0x1bc/0x470 net/netfilter/ipset/ip_set_hash_mac.c:104 > Call Trace: > ip_set_utest+0x55b/0x890 net/netfilter/ipset/ip_set_core.c:1867 > nfnetlink_rcv_msg+0xcf2/0xfb0 net/netfilter/nfnetlink.c:229 > netlink_rcv_skb+0x177/0x450 net/netlink/af_netlink.c:2477 > nfnetlink_rcv+0x1ba/0x460 net/netfilter/nfnetlink.c:563 > > pass a dummy lineno storage, its easier than patching all set > implementations. > > This seems to be a day-0 bug. Also applied, thanks.
