KASAN: stack-out-of-bounds Read in xfrm_state

Kernel	Title	Repro	Cause bisect	Fix bisect	Count	Last	Reported	Patched	Status
upstream	KASAN: stack-out-of-bounds Read in xfrm_state_find (3) net	C			10353	2490d	2558d	4/28	fixed on 2018/01/31 00:24
android-54	KASAN: stack-out-of-bounds Read in xfrm_state_find	C			1	690d	690d	0/2	upstream: reported C repro on 2023/01/01 01:05
android-5-15	KASAN: stack-out-of-bounds Read in xfrm_state_find origin:upstream missing-backport	C	error	error	2	205d	690d	0/2	upstream: reported C repro on 2023/01/01 00:40
upstream	KASAN: stack-out-of-bounds Read in xfrm_state_find (5) net	C		done	654	2123d	2425d	13/28	fixed on 2019/11/11 16:48
upstream	KMSAN: uninit-value in xfrm_state_find net	C	error	done	215	552d	2351d	22/28	fixed on 2023/07/01 16:05
android-5-10	KASAN: stack-out-of-bounds Read in xfrm_state_find (2)	syz	error	error	1	690d	690d	0/2	auto-obsoleted due to no activity on 2023/05/14 02:28
upstream	KASAN: stack-out-of-bounds Read in xfrm_state_find net	C			365	2586d	2659d	0/28	closed as invalid on 2017/10/23 16:19
android-5-10	KASAN: stack-out-of-bounds Read in xfrm_state_find				1	1110d	1110d	0/2	closed as invalid on 2022/02/03 13:56
android-49	KASAN: stack-out-of-bounds Read in xfrm_state_find	C			4151	2151d	2662d	0/3	closed as invalid on 2019/01/01 20:10
android-414	KASAN: stack-out-of-bounds Read in xfrm_state_find	C			137	2124d	2051d	0/1	public: reported C repro on 2019/04/11 00:00
upstream	KASAN: stack-out-of-bounds Read in xfrm_state_find (2) net	C			93	2568d	2576d	3/28	fixed on 2017/11/18 01:42
android-49	KASAN: stack-out-of-bounds Read in xfrm_state_find (2)	C			392	1815d	2051d	0/3	public: reported C repro on 2019/04/11 08:44
upstream	KASAN: stack-out-of-bounds Read in xfrm_state_find (4) net	C			102	2435d	2486d	4/28	fixed on 2018/03/23 18:14

================================================================== BUG: KASAN: stack-out-of-bounds in __xfrm6_daddr_saddr_hash net/xfrm/xfrm_hash.h:28 [inline] BUG: KASAN: stack-out-of-bounds in __xfrm_dst_hash net/xfrm/xfrm_hash.h:95 [inline] BUG: KASAN: stack-out-of-bounds in xfrm_dst_hash net/xfrm/xfrm_state.c:46 [inline] BUG: KASAN: stack-out-of-bounds in xfrm_state_find+0x23f5/0x24c0 net/xfrm/xfrm_state.c:783 Read of size 4 at addr ffff8801d42a7710 by task syz-executor028/2077 CPU: 0 PID: 2077 Comm: syz-executor028 Not tainted 4.4.169+ #1 0000000000000000 7836bb36766aabdb ffff8801d42a6ed0 ffffffff81aab9c1 0000000000000000 ffffea000750a9c0 ffff8801d42a7710 0000000000000004 0000000000000003 ffff8801d42a6f08 ffffffff8148fc0d 0000000000000000 Call Trace: [<ffffffff81aab9c1>] __dump_stack lib/dump_stack.c:15 [inline] [<ffffffff81aab9c1>] dump_stack+0xc1/0x120 lib/dump_stack.c:51 [<ffffffff8148fc0d>] print_address_description+0x6f/0x21b mm/kasan/report.c:252 [<ffffffff8148fe45>] kasan_report_error mm/kasan/report.c:351 [inline] [<ffffffff8148fe45>] kasan_report mm/kasan/report.c:408 [inline] [<ffffffff8148fe45>] kasan_report.cold+0x8c/0x2be mm/kasan/report.c:393 [<ffffffff814849d4>] __asan_report_load4_noabort+0x14/0x20 mm/kasan/report.c:428 [<ffffffff825633c5>] __xfrm6_daddr_saddr_hash net/xfrm/xfrm_hash.h:28 [inline] [<ffffffff825633c5>] __xfrm_dst_hash net/xfrm/xfrm_hash.h:95 [inline] [<ffffffff825633c5>] xfrm_dst_hash net/xfrm/xfrm_state.c:46 [inline] [<ffffffff825633c5>] xfrm_state_find+0x23f5/0x24c0 net/xfrm/xfrm_state.c:783 [<ffffffff82549d77>] xfrm_tmpl_resolve_one+0x1c7/0x790 net/xfrm/xfrm_policy.c:1455 [<ffffffff8254a550>] xfrm_tmpl_resolve net/xfrm/xfrm_policy.c:1499 [inline] [<ffffffff8254a550>] xfrm_resolve_and_create_bundle+0x210/0x1df0 net/xfrm/xfrm_policy.c:1847 [<ffffffff8254d4b3>] xfrm_lookup+0x203/0xad0 net/xfrm/xfrm_policy.c:2204 [<ffffffff8254ec48>] xfrm_lookup_route+0x38/0x140 net/xfrm/xfrm_policy.c:2326 [<ffffffff823a2703>] ip_route_output_flow+0x93/0xa0 net/ipv4/route.c:2437 [<ffffffff8247cda7>] udp_sendmsg+0x1537/0x1c60 net/ipv4/udp.c:1040 [<ffffffff82610002>] udpv6_sendmsg+0x12f2/0x24f0 net/ipv6/udp.c:1173 [<ffffffff824a6112>] inet_sendmsg+0x202/0x4d0 net/ipv4/af_inet.c:755 [<ffffffff821d50de>] sock_sendmsg_nosec net/socket.c:638 [inline] [<ffffffff821d50de>] sock_sendmsg+0xbe/0x110 net/socket.c:648 [<ffffffff821d6bb9>] ___sys_sendmsg+0x369/0x890 net/socket.c:1975 [<ffffffff821da030>] __sys_sendmmsg+0x130/0x2e0 net/socket.c:2060 [<ffffffff821da215>] SYSC_sendmmsg net/socket.c:2090 [inline] [<ffffffff821da215>] SyS_sendmmsg+0x35/0x60 net/socket.c:2085 [<ffffffff827153a1>] entry_SYSCALL_64_fastpath+0x1e/0x9a The buggy address belongs to the page: page:ffffea000750a9c0 count:0 mapcount:0 mapping: (null) index:0x0 flags: 0x4000000000000000() page dumped because: kasan: bad access detected Memory state around the buggy address: ffff8801d42a7600: 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 00 00 00 ffff8801d42a7680: f2 f2 f2 00 00 00 f2 f2 f2 f2 f2 00 00 00 00 00 >ffff8801d42a7700: 00 00 f2 f2 f2 f2 f2 00 00 00 00 00 00 00 00 00 ^ ffff8801d42a7780: f3 f3 f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 ffff8801d42a7800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ==================================================================

Crashes (842):
Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro	Manager
2019/01/02 00:07	https://android.googlesource.com/kernel/common android-4.4	dfca92bab267	3d85f48c	.config	console log	report	syz	C	ci-android-44-kasan-gce
2018/12/04 20:57	https://android.googlesource.com/kernel/common android-4.4	d40633ce0827	6ad0ae61	.config	console log	report	syz	C	ci-android-44-kasan-gce
2018/09/29 08:37	https://android.googlesource.com/kernel/common android-4.4	85b352c44756	41e4b329	.config	console log	report	syz	C	ci-android-44-kasan-gce
2018/08/30 05:30	https://android.googlesource.com/kernel/common android-4.4	5e24b4e4d372	6c7e9d3d	.config	console log	report	syz	C	ci-android-44-kasan-gce
2018/06/16 11:27	https://android.googlesource.com/kernel/common android-4.4	07c01385fb82	27c5f59f	.config	console log	report	syz	C	ci-android-44-kasan-gce
2018/05/15 16:23	https://android.googlesource.com/kernel/common android-4.4	aa3863d27614	661fd7b9	.config	console log	report	syz	C	ci-android-44-kasan-gce
2018/05/15 14:18	https://android.googlesource.com/kernel/common android-4.4	aa3863d27614	661fd7b9	.config	console log	report	syz	C	ci-android-44-kasan-gce
2018/04/01 21:20	https://android.googlesource.com/kernel/common android-4.4	38f41ec1cb31	dc889257	.config	console log	report	syz	C	ci-android-44-kasan-gce
2018/02/27 02:42	https://android.googlesource.com/kernel/common android-4.4	239a415f39e0	b370d4a7	.config	console log	report	syz	C	ci-android-44-kasan-gce
2017/12/29 22:21	https://android.googlesource.com/kernel/common android-4.4	610c835673f3	bb6384b8	.config	console log	report	syz	C	ci-android-44-kasan-gce-386
2017/12/29 14:06	https://android.googlesource.com/kernel/common android-4.4	610c835673f3	7d240098	.config	console log	report	syz	C	ci-android-44-kasan-gce
2017/12/29 11:31	https://android.googlesource.com/kernel/common android-4.4	610c835673f3	7d240098	.config	console log	report	syz	C	ci-android-44-kasan-gce-386
2017/12/29 04:14	https://android.googlesource.com/kernel/common android-4.4	610c835673f3	7d240098	.config	console log	report	syz	C	ci-android-44-kasan-gce
2017/12/27 10:49	https://android.googlesource.com/kernel/common android-4.4	610c835673f3	09c8f4c0	.config	console log	report	syz	C	ci-android-44-kasan-gce-386
2017/12/27 04:11	https://android.googlesource.com/kernel/common android-4.4	610c835673f3	73aba437	.config	console log	report	syz	C	ci-android-44-kasan-gce
2017/12/09 11:35	https://android.googlesource.com/kernel/common android-4.4	ed884ebd80a9	5ad0ce95	.config	console log	report	syz	C	ci-android-44-kasan-gce
2018/04/01 21:22	https://android.googlesource.com/kernel/common android-4.4	38f41ec1cb31	dc889257	.config	console log	report	syz		ci-android-44-kasan-gce-386
2018/02/27 02:42	https://android.googlesource.com/kernel/common android-4.4	239a415f39e0	b370d4a7	.config	console log	report	syz		ci-android-44-kasan-gce-386
2019/11/30 10:57	https://android.googlesource.com/kernel/common android-4.4	62872f952d6b	3a75be00	.config	console log	report			ci-android-44-kasan-gce
2019/11/30 09:04	https://android.googlesource.com/kernel/common android-4.4	62872f952d6b	3a75be00	.config	console log	report			ci-android-44-kasan-gce
2019/11/26 01:57	https://android.googlesource.com/kernel/common android-4.4	62872f952d6b	f746151a	.config	console log	report			ci-android-44-kasan-gce
2019/11/24 13:50	https://android.googlesource.com/kernel/common android-4.4	62872f952d6b	598ca6c8	.config	console log	report			ci-android-44-kasan-gce
2019/11/21 21:34	https://android.googlesource.com/kernel/common android-4.4	62872f952d6b	8098ea0f	.config	console log	report			ci-android-44-kasan-gce
2019/11/19 11:38	https://android.googlesource.com/kernel/common android-4.4	62872f952d6b	5bc70212	.config	console log	report			ci-android-44-kasan-gce
2019/11/17 15:17	https://android.googlesource.com/kernel/common android-4.4	62872f952d6b	d5696d51	.config	console log	report			ci-android-44-kasan-gce
2019/11/14 07:00	https://android.googlesource.com/kernel/common android-4.4	62872f952d6b	048f2d49	.config	console log	report			ci-android-44-kasan-gce
2019/11/12 17:46	https://android.googlesource.com/kernel/common android-4.4	62872f952d6b	048f2d49	.config	console log	report			ci-android-44-kasan-gce
2019/11/01 01:35	https://android.googlesource.com/kernel/common android-4.4	62872f952d6b	a41ca8fa	.config	console log	report			ci-android-44-kasan-gce
2019/10/31 20:56	https://android.googlesource.com/kernel/common android-4.4	62872f952d6b	a41ca8fa	.config	console log	report			ci-android-44-kasan-gce
2019/10/31 08:48	https://android.googlesource.com/kernel/common android-4.4	62872f952d6b	a41ca8fa	.config	console log	report			ci-android-44-kasan-gce
2019/10/25 09:04	https://android.googlesource.com/kernel/common android-4.4	62872f952d6b	d01bb02a	.config	console log	report			ci-android-44-kasan-gce
2019/10/23 12:41	https://android.googlesource.com/kernel/common android-4.4	62872f952d6b	d0686497	.config	console log	report			ci-android-44-kasan-gce
2019/10/22 13:25	https://android.googlesource.com/kernel/common android-4.4	62872f952d6b	c59a7cd8	.config	console log	report			ci-android-44-kasan-gce
2019/10/19 02:05	https://android.googlesource.com/kernel/common android-4.4	62872f952d6b	8c88c9c1	.config	console log	report			ci-android-44-kasan-gce
2019/10/18 14:23	https://android.googlesource.com/kernel/common android-4.4	62872f952d6b	8c88c9c1	.config	console log	report			ci-android-44-kasan-gce
2019/10/17 22:41	https://android.googlesource.com/kernel/common android-4.4	62872f952d6b	8c88c9c1	.config	console log	report			ci-android-44-kasan-gce
2019/10/15 15:14	https://android.googlesource.com/kernel/common android-4.4	62872f952d6b	b5268b89	.config	console log	report			ci-android-44-kasan-gce
2019/10/15 04:56	https://android.googlesource.com/kernel/common android-4.4	62872f952d6b	05ad7292	.config	console log	report			ci-android-44-kasan-gce
2019/10/12 20:01	https://android.googlesource.com/kernel/common android-4.4	62872f952d6b	426631dd	.config	console log	report			ci-android-44-kasan-gce
2019/10/11 04:07	https://android.googlesource.com/kernel/common android-4.4	62872f952d6b	1a3bad90	.config	console log	report			ci-android-44-kasan-gce
2019/10/10 19:28	https://android.googlesource.com/kernel/common android-4.4	62872f952d6b	a4efa8c0	.config	console log	report			ci-android-44-kasan-gce
2019/10/10 02:35	https://android.googlesource.com/kernel/common android-4.4	62872f952d6b	c4b9981b	.config	console log	report			ci-android-44-kasan-gce
2019/10/06 23:56	https://android.googlesource.com/kernel/common android-4.4	62872f952d6b	f3f7d9c8	.config	console log	report			ci-android-44-kasan-gce
2019/10/05 02:15	https://android.googlesource.com/kernel/common android-4.4	62872f952d6b	f3f7d9c8	.config	console log	report			ci-android-44-kasan-gce
2019/10/03 22:48	https://android.googlesource.com/kernel/common android-4.4	62872f952d6b	fc17ba49	.config	console log	report			ci-android-44-kasan-gce
2019/10/03 16:19	https://android.googlesource.com/kernel/common android-4.4	62872f952d6b	fc17ba49	.config	console log	report			ci-android-44-kasan-gce
2019/10/03 07:25	https://android.googlesource.com/kernel/common android-4.4	62872f952d6b	2e29b534	.config	console log	report			ci-android-44-kasan-gce
2019/10/02 06:14	https://android.googlesource.com/kernel/common android-4.4	62872f952d6b	b7a87a83	.config	console log	report			ci-android-44-kasan-gce
2019/10/01 07:33	https://android.googlesource.com/kernel/common android-4.4	62872f952d6b	c7a4fb99	.config	console log	report			ci-android-44-kasan-gce
2019/10/01 00:35	https://android.googlesource.com/kernel/common android-4.4	62872f952d6b	c7a4fb99	.config	console log	report			ci-android-44-kasan-gce
2019/09/30 04:14	https://android.googlesource.com/kernel/common android-4.4	62872f952d6b	c1ad5441	.config	console log	report			ci-android-44-kasan-gce
2019/09/29 03:42	https://android.googlesource.com/kernel/common android-4.4	62872f952d6b	eb6b9855	.config	console log	report			ci-android-44-kasan-gce
2019/09/27 20:08	https://android.googlesource.com/kernel/common android-4.4	62872f952d6b	d8074e0b	.config	console log	report			ci-android-44-kasan-gce
2019/09/26 17:37	https://android.googlesource.com/kernel/common android-4.4	62872f952d6b	24d405a3	.config	console log	report			ci-android-44-kasan-gce
2019/09/16 00:10	https://android.googlesource.com/kernel/common android-4.4	62872f952d6b	32d59357	.config	console log	report			ci-android-44-kasan-gce
2019/09/11 15:59	https://android.googlesource.com/kernel/common android-4.4	62872f952d6b	a60cb4cd	.config	console log	report			ci-android-44-kasan-gce
2019/09/11 14:22	https://android.googlesource.com/kernel/common android-4.4	62872f952d6b	a60cb4cd	.config	console log	report			ci-android-44-kasan-gce
2019/09/09 08:17	https://android.googlesource.com/kernel/common android-4.4	62872f952d6b	a60cb4cd	.config	console log	report			ci-android-44-kasan-gce
2019/09/09 03:16	https://android.googlesource.com/kernel/common android-4.4	62872f952d6b	a60cb4cd	.config	console log	report			ci-android-44-kasan-gce
2019/09/04 16:25	https://android.googlesource.com/kernel/common android-4.4	62872f952d6b	12381952	.config	console log	report			ci-android-44-kasan-gce

Crashes (842):

Assets (help?)

2019/01/02 00:07

https://android.googlesource.com/kernel/common android-4.4