KASAN: stack-out-of-bounds Read in xfrm_state

Title	Replies (including bot)	Last reply
KASAN: stack-out-of-bounds Read in xfrm_state_find (5)	0 (2)	2019/11/07 13:42
Reminder: 26 open syzbot bugs in "net/xfrm" subsystem	1 (1)	2019/07/24 01:42
Reminder: 27 open syzbot bugs in "net/xfrm" subsystem	1 (1)	2019/06/25 05:51

Title

Replies (including bot)

Last reply

KASAN: stack-out-of-bounds Read in xfrm_state_find (5)

0 (2)

2019/11/07 13:42

Reminder: 26 open syzbot bugs in "net/xfrm" subsystem

1 (1)

2019/07/24 01:42

Reminder: 27 open syzbot bugs in "net/xfrm" subsystem

1 (1)

2019/06/25 05:51

Kernel	Title	Repro	Cause bisect	Fix bisect	Count	Last	Reported	Patched	Status
upstream	KASAN: stack-out-of-bounds Read in xfrm_state_find (3) net	C			10353	2273d	2340d	4/26	fixed on 2018/01/31 00:24
android-44	KASAN: stack-out-of-bounds Read in xfrm_state_find	C			842	1601d	1833d	0/2	public: reported C repro on 2019/04/12 00:00
android-54	KASAN: stack-out-of-bounds Read in xfrm_state_find	C			1	473d	473d	0/2	upstream: reported C repro on 2023/01/01 01:05
android-5-15	KASAN: stack-out-of-bounds Read in xfrm_state_find origin:upstream missing-backport	C	error		2	19d	473d	0/2	upstream: reported C repro on 2023/01/01 00:40
upstream	KMSAN: uninit-value in xfrm_state_find net	C	error	done	215	335d	2134d	22/26	fixed on 2023/07/01 16:05
android-5-10	KASAN: stack-out-of-bounds Read in xfrm_state_find (2)	syz	error	error	1	473d	473d	0/2	auto-obsoleted due to no activity on 2023/05/14 02:28
upstream	KASAN: stack-out-of-bounds Read in xfrm_state_find net	C			365	2369d	2442d	0/26	closed as invalid on 2017/10/23 16:19
android-5-10	KASAN: stack-out-of-bounds Read in xfrm_state_find				1	893d	893d	0/2	closed as invalid on 2022/02/03 13:56
android-49	KASAN: stack-out-of-bounds Read in xfrm_state_find	C			4151	1934d	2445d	0/3	closed as invalid on 2019/01/01 20:10
android-414	KASAN: stack-out-of-bounds Read in xfrm_state_find	C			137	1907d	1834d	0/1	public: reported C repro on 2019/04/11 00:00
upstream	KASAN: stack-out-of-bounds Read in xfrm_state_find (2) net	C			93	2351d	2359d	3/26	fixed on 2017/11/18 01:42
android-49	KASAN: stack-out-of-bounds Read in xfrm_state_find (2)	C			392	1597d	1834d	0/3	public: reported C repro on 2019/04/11 08:44
upstream	KASAN: stack-out-of-bounds Read in xfrm_state_find (4) net	C			102	2218d	2269d	4/26	fixed on 2018/03/23 18:14

audit: type=1400 audit(1546412134.760:36): avc: denied { map } for pid=8209 comm="syz-executor753" path="/root/syz-executor753487859" dev="sda1" ino=16483 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 ================================================================== BUG: KASAN: stack-out-of-bounds in jhash2 include/linux/jhash.h:137 [inline] BUG: KASAN: stack-out-of-bounds in __xfrm6_addr_hash net/xfrm/xfrm_hash.h:16 [inline] BUG: KASAN: stack-out-of-bounds in __xfrm6_daddr_saddr_hash net/xfrm/xfrm_hash.h:29 [inline] BUG: KASAN: stack-out-of-bounds in __xfrm_dst_hash net/xfrm/xfrm_hash.h:95 [inline] BUG: KASAN: stack-out-of-bounds in xfrm_dst_hash net/xfrm/xfrm_state.c:61 [inline] BUG: KASAN: stack-out-of-bounds in xfrm_state_find+0x396a/0x3f00 net/xfrm/xfrm_state.c:958 Read of size 4 at addr ffff888096def3d0 by task syz-executor753/8209 CPU: 0 PID: 8209 Comm: syz-executor753 Not tainted 4.20.0+ #4 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1db/0x2d0 lib/dump_stack.c:113 print_address_description.cold+0x7c/0x20d mm/kasan/report.c:187 kasan_report.cold+0x1b/0x40 mm/kasan/report.c:317 __asan_report_load4_noabort+0x14/0x20 mm/kasan/generic_report.c:134 jhash2 include/linux/jhash.h:137 [inline] __xfrm6_addr_hash net/xfrm/xfrm_hash.h:16 [inline] __xfrm6_daddr_saddr_hash net/xfrm/xfrm_hash.h:29 [inline] __xfrm_dst_hash net/xfrm/xfrm_hash.h:95 [inline] xfrm_dst_hash net/xfrm/xfrm_state.c:61 [inline] xfrm_state_find+0x396a/0x3f00 net/xfrm/xfrm_state.c:958 xfrm_tmpl_resolve_one net/xfrm/xfrm_policy.c:2385 [inline] xfrm_tmpl_resolve+0x385/0xe00 net/xfrm/xfrm_policy.c:2430 xfrm_resolve_and_create_bundle+0x145/0x27f0 net/xfrm/xfrm_policy.c:2725 xfrm_lookup_with_ifid+0x340/0x2a90 net/xfrm/xfrm_policy.c:3048 xfrm_lookup net/xfrm/xfrm_policy.c:3172 [inline] xfrm_lookup_route+0x3b/0x1f0 net/xfrm/xfrm_policy.c:3183 ip_route_output_flow+0xad/0xc0 net/ipv4/route.c:2582 udp_sendmsg+0x24cb/0x3a40 net/ipv4/udp.c:1144 udpv6_sendmsg+0x1843/0x3550 net/ipv6/udp.c:1279 inet_sendmsg+0x1af/0x740 net/ipv4/af_inet.c:798 sock_sendmsg_nosec net/socket.c:621 [inline] sock_sendmsg+0xdd/0x130 net/socket.c:631 ___sys_sendmsg+0x409/0x910 net/socket.c:2116 __sys_sendmmsg+0x246/0x6f0 net/socket.c:2211 __do_sys_sendmmsg net/socket.c:2240 [inline] __se_sys_sendmmsg net/socket.c:2237 [inline] __x64_sys_sendmmsg+0x9d/0x100 net/socket.c:2237 do_syscall_64+0x1a3/0x800 arch/x86/entry/common.c:290 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x440349 Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007ffd9cac43d8 EFLAGS: 00000217 ORIG_RAX: 0000000000000133 RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440349 RDX: 0000000000000001 RSI: 0000000020000a80 RDI: 0000000000000003 RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8 R10: 0000000000000000 R11: 0000000000000217 R12: 0000000000401bd0 R13: 0000000000401c60 R14: 0000000000000000 R15: 0000000000000000 The buggy address belongs to the page: page:ffffea00025b7bc0 count:0 mapcount:0 mapping:0000000000000000 index:0x0 flags: 0x1fffc0000000000() raw: 01fffc0000000000 0000000000000000 ffffffff025b0101 0000000000000000 raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 page dumped because: kasan: bad access detected Memory state around the buggy address: ffff888096def280: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffff888096def300: f1 f1 f1 f1 00 00 00 f2 f2 f2 00 00 00 00 00 f2 >ffff888096def380: f2 f2 f2 f2 00 00 00 00 00 00 f2 f2 f2 f2 00 00 ^ ffff888096def400: 00 00 00 00 f2 f2 f2 f2 00 00 f8 f2 f2 f2 00 00 ffff888096def480: 00 00 00 00 00 00 00 f3 f3 f3 f3 f3 00 00 00 00 ==================================================================

Crashes (654):
Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro	Manager
2019/01/02 06:58	upstream	28e8c4bc8eb4	3d85f48c	.config	console log	report	syz	C	ci-upstream-kasan-gce-selinux-root
2019/01/02 05:16	upstream	28e8c4bc8eb4	3d85f48c	.config	console log	report	syz	C	ci-upstream-kasan-gce-smack-root
2019/01/02 04:50	upstream	28e8c4bc8eb4	3d85f48c	.config	console log	report	syz	C	ci-upstream-kasan-gce-root
2019/01/02 00:08	upstream	e1ef035d272e	3d85f48c	.config	console log	report	syz	C	ci-upstream-kasan-gce
2018/12/04 22:04	upstream	0072a0c14d5b	6ad0ae61	.config	console log	report	syz	C	ci-upstream-kasan-gce-root
2018/12/04 21:06	upstream	0072a0c14d5b	6ad0ae61	.config	console log	report	syz	C	ci-upstream-kasan-gce-selinux-root
2018/12/04 21:05	upstream	0072a0c14d5b	6ad0ae61	.config	console log	report	syz	C	ci-upstream-kasan-gce
2018/12/04 21:05	upstream	0072a0c14d5b	6ad0ae61	.config	console log	report	syz	C	ci-upstream-kasan-gce-smack-root
2018/09/29 09:01	upstream	e704966c45e4	41e4b329	.config	console log	report	syz	C	ci-upstream-kasan-gce-selinux-root
2018/09/29 08:56	upstream	e704966c45e4	41e4b329	.config	console log	report	syz	C	ci-upstream-kasan-gce-root
2018/09/29 08:48	upstream	e704966c45e4	41e4b329	.config	console log	report	syz	C	ci-upstream-kasan-gce-smack-root
2018/09/29 08:41	upstream	e704966c45e4	41e4b329	.config	console log	report	syz	C	ci-upstream-kasan-gce
2018/08/30 09:26	upstream	ff69279a44e9	6c7e9d3d	.config	console log	report	syz	C	ci-upstream-kasan-gce
2018/08/30 06:19	upstream	ff69279a44e9	6c7e9d3d	.config	console log	report	syz	C	ci-upstream-kasan-gce-root
2018/06/16 12:45	upstream	9215310cf13b	27c5f59f	.config	console log	report	syz	C	ci-upstream-kasan-gce
2018/06/16 11:29	upstream	9215310cf13b	27c5f59f	.config	console log	report	syz	C	ci-upstream-kasan-gce-root
2018/05/15 16:24	upstream	67b8d5c70812	661fd7b9	.config	console log	report	syz	C	ci-upstream-kasan-gce
2018/05/15 16:20	upstream	67b8d5c70812	661fd7b9	.config	console log	report	syz	C	ci-upstream-kasan-gce-root
2018/05/15 14:29	upstream	67b8d5c70812	661fd7b9	.config	console log	report	syz	C	ci-upstream-kasan-gce-root
2018/05/15 14:18	upstream	67b8d5c70812	661fd7b9	.config	console log	report	syz	C	ci-upstream-kasan-gce
2018/04/01 21:21	upstream	10b84daddbec	dc889257	.config	console log	report	syz	C	ci-upstream-kasan-gce
2018/04/01 21:07	upstream	10b84daddbec	dc889257	.config	console log	report	syz	C	ci-upstream-kasan-gce-root
2019/01/02 00:07	net-old	4087d2bc0d94	3d85f48c	.config	console log	report	syz	C	ci-upstream-net-this-kasan-gce
2018/12/04 21:05	net-old	a2c741dfe7db	6ad0ae61	.config	console log	report	syz	C	ci-upstream-net-this-kasan-gce
2018/09/29 09:17	net-old	05c5e9ff22e3	41e4b329	.config	console log	report	syz	C	ci-upstream-net-this-kasan-gce
2018/08/30 05:41	net-old	bd583fe30427	6c7e9d3d	.config	console log	report	syz	C	ci-upstream-net-this-kasan-gce
2019/01/02 09:53	net-next-old	b71acb0e3721	3d85f48c	.config	console log	report	syz	C	ci-upstream-net-kasan-gce
2018/12/04 21:53	net-next-old	d9bbd6a1a56e	6ad0ae61	.config	console log	report	syz	C	ci-upstream-net-kasan-gce
2018/09/29 08:40	net-next-old	5362700c942b	41e4b329	.config	console log	report	syz	C	ci-upstream-net-kasan-gce
2018/08/30 05:34	net-next-old	817e60a7a2bb	6c7e9d3d	.config	console log	report	syz	C	ci-upstream-net-kasan-gce
2018/06/16 11:31	net-next-old	f0dc7f9c6dd9	27c5f59f	.config	console log	report	syz	C	ci-upstream-net-kasan-gce
2018/05/15 20:39	net-next-old	961423f9fcbc	68ce85f1	.config	console log	report	syz	C	ci-upstream-net-kasan-gce
2018/05/15 16:19	net-next-old	961423f9fcbc	661fd7b9	.config	console log	report	syz	C	ci-upstream-net-kasan-gce
2018/05/15 14:20	net-next-old	961423f9fcbc	661fd7b9	.config	console log	report	syz	C	ci-upstream-net-kasan-gce
2018/04/01 21:20	net-next-old	06b19fe9a6df	dc889257	.config	console log	report	syz	C	ci-upstream-net-kasan-gce
2019/01/02 12:57	linux-next	4cd1b60def51	f0491811	.config	console log	report	syz	C	ci-upstream-linux-next-kasan-gce-root
2018/12/05 00:57	linux-next	442b8cea2477	f162ad97	.config	console log	report	syz	C	ci-upstream-linux-next-kasan-gce-root
2018/09/29 08:54	linux-next	4794a36bf08d	41e4b329	.config	console log	report	syz	C	ci-upstream-linux-next-kasan-gce-root
2018/08/30 07:46	linux-next	87b93b43da14	6c7e9d3d	.config	console log	report	syz	C	ci-upstream-linux-next-kasan-gce-root
2019/01/26 23:22	upstream	ba6069759381	c73f090a	.config	console log	report			ci-upstream-kasan-gce-selinux-root
2019/01/26 20:04	upstream	ba6069759381	c73f090a	.config	console log	report			ci-upstream-kasan-gce-root
2019/01/22 17:14	upstream	48b161983ae5	985f75cc	.config	console log	report			ci-upstream-kasan-gce
2019/01/21 14:15	upstream	49a57857aeea	badbbeee	.config	console log	report			ci-upstream-kasan-gce-root
2019/01/17 19:21	upstream	7fbfee7c80de	769e75ed	.config	console log	report			ci-upstream-kasan-gce
2019/01/08 11:34	upstream	3bd6e94bec12	37dd2683	.config	console log	report			ci-upstream-kasan-gce-root
2019/01/03 07:01	upstream	85f78456f286	06a2b89f	.config	console log	report			ci-upstream-kasan-gce-selinux-root
2018/12/29 10:07	upstream	f346b0becb1b	e33ad0f1	.config	console log	report			ci-upstream-kasan-gce
2018/12/25 22:42	upstream	8fe28cb58bcb	8a41a0ad	.config	console log	report			ci-upstream-kasan-gce
2018/12/21 15:47	upstream	9097a058d49e	588075e6	.config	console log	report			ci-upstream-kasan-gce
2018/12/19 02:35	upstream	ddfbab46539f	4edaba93	.config	console log	report			ci-upstream-kasan-gce-root
2018/12/17 19:02	upstream	7566ec393f41	def91db3	.config	console log	report			ci-upstream-kasan-gce-root
2018/12/17 03:49	upstream	7566ec393f41	def91db3	.config	console log	report			ci-upstream-kasan-gce
2018/12/16 15:21	upstream	6531e115b7ab	def91db3	.config	console log	report			ci-upstream-kasan-gce-root
2018/12/09 06:40	upstream	8214bdf7d3e6	c7918378	.config	console log	report			ci-upstream-kasan-gce-smack-root
2018/12/06 05:53	upstream	d08970904582	764b42c4	.config	console log	report			ci-upstream-kasan-gce
2018/04/01 20:29	upstream	10b84daddbec	dc889257	.config	console log	report			ci-upstream-kasan-gce-root
2019/01/17 05:43	net-old	0f149c9fec3c	c2faf9b2	.config	console log	report			ci-upstream-net-this-kasan-gce
2018/12/29 05:13	net-old	a3c9311f62b4	e33ad0f1	.config	console log	report			ci-upstream-net-this-kasan-gce
2018/12/14 16:38	net-old	c3db8d531045	7624ddd6	.config	console log	report			ci-upstream-net-this-kasan-gce
2018/12/09 12:09	net-old	bd5122cd1e06	979179d6	.config	console log	report			ci-upstream-net-this-kasan-gce
2018/12/08 22:37	net-old	5b3279e2cba2	60562a1d	.config	console log	report			ci-upstream-net-this-kasan-gce
2018/12/08 16:18	net-old	5b3279e2cba2	60562a1d	.config	console log	report			ci-upstream-net-this-kasan-gce
2018/12/07 02:59	net-old	cd9d1a2332b0	dcf836b1	.config	console log	report			ci-upstream-net-this-kasan-gce
2018/12/06 07:32	net-old	64d47902fea3	764b42c4	.config	console log	report			ci-upstream-net-this-kasan-gce
2018/12/04 01:09	net-old	d2a36971ef59	03f94a45	.config	console log	report			ci-upstream-net-this-kasan-gce
2019/01/29 09:39	net-next-old	085c4c7dd2b6	aa432daf	.config	console log	report			ci-upstream-net-kasan-gce
2019/01/28 02:24	net-next-old	085c4c7dd2b6	c73f090a	.config	console log	report			ci-upstream-net-kasan-gce
2019/01/20 08:21	net-next-old	133bbb18ab1a	353f32ea	.config	console log	report			ci-upstream-net-kasan-gce
2019/01/12 11:52	net-next-old	b71acb0e3721	c3f3344c	.config	console log	report			ci-upstream-net-kasan-gce
2019/01/12 05:34	net-next-old	b71acb0e3721	c3f3344c	.config	console log	report			ci-upstream-net-kasan-gce
2019/01/11 22:24	net-next-old	b71acb0e3721	c3f3344c	.config	console log	report			ci-upstream-net-kasan-gce
2019/01/10 01:45	net-next-old	b71acb0e3721	45c0c1b1	.config	console log	report			ci-upstream-net-kasan-gce
2019/01/08 06:15	net-next-old	b71acb0e3721	69d69aa9	.config	console log	report			ci-upstream-net-kasan-gce
2019/01/08 03:59	net-next-old	b71acb0e3721	69d69aa9	.config	console log	report			ci-upstream-net-kasan-gce
2019/01/07 14:49	net-next-old	b71acb0e3721	69d69aa9	.config	console log	report			ci-upstream-net-kasan-gce
2019/01/03 17:46	net-next-old	b71acb0e3721	66fcd29b	.config	console log	report			ci-upstream-net-kasan-gce
2018/12/21 19:50	net-next-old	fa2323325e8b	588075e6	.config	console log	report			ci-upstream-net-kasan-gce
2018/12/20 02:52	net-next-old	24894bc6eabc	02e69052	.config	console log	report			ci-upstream-net-kasan-gce
2018/12/16 04:46	net-next-old	e782410ed237	def91db3	.config	console log	report			ci-upstream-net-kasan-gce
2018/12/15 04:03	net-next-old	2aa55dccf83d	7624ddd6	.config	console log	report			ci-upstream-net-kasan-gce
2018/12/14 16:38	net-next-old	522185d5cb40	7624ddd6	.config	console log	report			ci-upstream-net-kasan-gce
2018/12/13 15:25	net-next-old	95302c394c3d	f3d9d594	.config	console log	report			ci-upstream-net-kasan-gce
2018/12/11 22:05	net-next-old	addb0679839a	7795ae03	.config	console log	report			ci-upstream-net-kasan-gce
2018/12/08 06:13	net-next-old	9f4c2cffd08c	65ed2472	.config	console log	report			ci-upstream-net-kasan-gce
2018/12/06 00:03	net-next-old	b255e500c8dc	764b42c4	.config	console log	report			ci-upstream-net-kasan-gce
2018/12/05 15:49	net-next-old	a74f0fa082b7	ac6c0578	.config	console log	report			ci-upstream-net-kasan-gce
2018/12/04 04:28	net-next-old	6915bf3b002b	03f94a45	.config	console log	report			ci-upstream-net-kasan-gce
2018/12/30 04:54	linux-next	6a1d293238c1	35e3f847	.config	console log	report			ci-upstream-linux-next-kasan-gce-root

Crashes (654):

Assets (help?)

2019/01/02 06:58

upstream