KASAN: stack-out-of-bounds Read in xfrm_state

Kernel	Title	Repro	Cause bisect	Fix bisect	Count	Last	Reported	Patched	Status
android-44	KASAN: stack-out-of-bounds Read in xfrm_state_find	C			842	1602d	1835d	0/2	public: reported C repro on 2019/04/12 00:00
android-54	KASAN: stack-out-of-bounds Read in xfrm_state_find	C			1	475d	475d	0/2	upstream: reported C repro on 2023/01/01 01:05
android-5-15	KASAN: stack-out-of-bounds Read in xfrm_state_find origin:upstream missing-backport	C	error		2	21d	475d	0/2	upstream: reported C repro on 2023/01/01 00:40
upstream	KASAN: stack-out-of-bounds Read in xfrm_state_find (5) net	C		done	654	1907d	2209d	13/26	fixed on 2019/11/11 16:48
upstream	KMSAN: uninit-value in xfrm_state_find net	C	error	done	215	336d	2135d	22/26	fixed on 2023/07/01 16:05
android-5-10	KASAN: stack-out-of-bounds Read in xfrm_state_find (2)	syz	error	error	1	475d	475d	0/2	auto-obsoleted due to no activity on 2023/05/14 02:28
upstream	KASAN: stack-out-of-bounds Read in xfrm_state_find net	C			365	2370d	2443d	0/26	closed as invalid on 2017/10/23 16:19
android-5-10	KASAN: stack-out-of-bounds Read in xfrm_state_find				1	894d	894d	0/2	closed as invalid on 2022/02/03 13:56
android-49	KASAN: stack-out-of-bounds Read in xfrm_state_find	C			4151	1935d	2446d	0/3	closed as invalid on 2019/01/01 20:10
android-414	KASAN: stack-out-of-bounds Read in xfrm_state_find	C			137	1909d	1836d	0/1	public: reported C repro on 2019/04/11 00:00
upstream	KASAN: stack-out-of-bounds Read in xfrm_state_find (2) net	C			93	2352d	2361d	3/26	fixed on 2017/11/18 01:42
android-49	KASAN: stack-out-of-bounds Read in xfrm_state_find (2)	C			392	1599d	1835d	0/3	public: reported C repro on 2019/04/11 08:44
upstream	KASAN: stack-out-of-bounds Read in xfrm_state_find (4) net	C			102	2219d	2270d	4/26	fixed on 2018/03/23 18:14

audit: type=1400 audit(1514150976.800:7): avc: denied { map } for pid=3139 comm="syzkaller283615" path="/root/syzkaller283615371" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 ================================================================== BUG: KASAN: stack-out-of-bounds in xfrm_state_find+0x30de/0x3210 net/xfrm/xfrm_state.c:1050 Read of size 4 at addr ffff8801c862f740 by task syzkaller283615/3139 CPU: 1 PID: 3139 Comm: syzkaller283615 Not tainted 4.15.0-rc5+ #237 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 print_address_description+0x73/0x250 mm/kasan/report.c:252 kasan_report_error mm/kasan/report.c:351 [inline] kasan_report+0x25b/0x340 mm/kasan/report.c:409 __asan_report_load4_noabort+0x14/0x20 mm/kasan/report.c:429 xfrm_state_find+0x30de/0x3210 net/xfrm/xfrm_state.c:1050 xfrm_tmpl_resolve_one net/xfrm/xfrm_policy.c:1388 [inline] xfrm_tmpl_resolve+0x30e/0xc10 net/xfrm/xfrm_policy.c:1432 xfrm_resolve_and_create_bundle+0x123/0x25f0 net/xfrm/xfrm_policy.c:1821 xfrm_lookup+0x1574/0x23f0 net/xfrm/xfrm_policy.c:2146 xfrm_lookup_route+0x39/0x1a0 net/xfrm/xfrm_policy.c:2264 ip_route_output_flow+0x7c/0xa0 net/ipv4/route.c:2559 udp_sendmsg+0x19d3/0x2cf0 net/ipv4/udp.c:1019 udpv6_sendmsg+0x762/0x33a0 net/ipv6/udp.c:1186 inet_sendmsg+0x11f/0x5e0 net/ipv4/af_inet.c:763 sock_sendmsg_nosec net/socket.c:636 [inline] sock_sendmsg+0xca/0x110 net/socket.c:646 SYSC_sendto+0x361/0x5c0 net/socket.c:1727 SyS_sendto+0x40/0x50 net/socket.c:1695 entry_SYSCALL_64_fastpath+0x1f/0x96 RIP: 0033:0x43ff29 RSP: 002b:00007ffedf6b1308 EFLAGS: 00000217 ORIG_RAX: 000000000000002c RAX: ffffffffffffffda RBX: 0100000000000000 RCX: 000000000043ff29 RDX: 0000000000000000 RSI: 000000002028a000 RDI: 0000000000000003 RBP: 00000000006ca018 R08: 0000000020999000 R09: 000000000000001c R10: 0000000000000000 R11: 0000000000000217 R12: 0000000000401890 R13: 0000000000401920 R14: 0000000000000000 R15: 0000000000000000 The buggy address belongs to the page: page:0000000076c3f3ba count:0 mapcount:0 mapping: (null) index:0x0 flags: 0x2fffc0000000000() raw: 02fffc0000000000 0000000000000000 0000000000000000 00000000ffffffff raw: 0000000000000000 0000000100000001 0000000000000000 0000000000000000 page dumped because: kasan: bad access detected Memory state around the buggy address: ffff8801c862f600: f1 04 f2 f2 f2 f2 f2 f2 f2 00 f2 f2 f2 f2 f2 f2 ffff8801c862f680: f2 f8 f2 f2 f2 f2 f2 f2 f2 00 00 00 00 f2 f2 f2 >ffff8801c862f700: f2 00 00 00 00 00 00 00 f2 f2 f2 f2 f2 00 00 00 ^ ffff8801c862f780: 00 00 00 00 00 00 f2 f2 f2 00 00 00 00 00 00 00 ffff8801c862f800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ==================================================================

Crashes (10353):
Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro	Manager
2017/12/24 21:31	upstream	464e1d5f23cc	73aba437	.config	console log	report	syz	C	ci-upstream-kasan-gce
2017/12/09 17:56	upstream	f335195adf04	5ad0ce95	.config	console log	report	syz	C	ci-upstream-kasan-gce
2017/12/24 18:43	upstream	464e1d5f23cc	73aba437	.config	console log	report	syz	C	ci-upstream-kasan-gce-386
2017/12/09 11:54	upstream	f335195adf04	5ad0ce95	.config	console log	report	syz	C	ci-upstream-kasan-gce-386
2017/11/22 18:18	net-next-old	0c86a6bd85ff	ddf7b3e0	.config	console log	report	syz	C	ci-upstream-kasan-gce-386
2017/12/24 16:00	net-next-old	fba961ab29e5	73aba437	.config	console log	report	syz	C	ci-upstream-net-kasan-gce
2017/12/09 11:47	net-next-old	5e54b3c12027	5ad0ce95	.config	console log	report	syz	C	ci-upstream-net-kasan-gce
2017/11/22 16:04	net-next-old	0c86a6bd85ff	ddf7b3e0	.config	console log	report	syz	C	ci-upstream-net-kasan-gce
2017/11/22 20:20	linux-next	1efc584c7106	31af2ce0	.config	console log	report	syz	C	ci-upstream-next-kasan-gce
2017/11/22 17:26	mmots	1ea8d039f9ed	deb5f6ae	.config	console log	report	syz	C	ci-upstream-mmots-kasan-gce
2017/11/22 16:22	net-next-old	0c86a6bd85ff	ddf7b3e0	.config	console log	report	syz		ci-upstream-net-kasan-gce
2018/01/15 07:29	upstream	9443c168505d	66d492a6	.config	console log	report			ci-upstream-kasan-gce
2018/01/14 04:54	upstream	2c1cfa499018	c9e7aeae	.config	console log	report			ci-upstream-kasan-gce
2018/01/13 09:40	upstream	c92a9a461dff	9dc808a6	.config	console log	report			ci-upstream-kasan-gce
2018/01/12 16:47	upstream	1545dec46db3	9dc808a6	.config	console log	report			ci-upstream-kasan-gce
2018/01/12 06:42	upstream	1545dec46db3	9dc808a6	.config	console log	report			ci-upstream-kasan-gce
2018/01/12 05:22	upstream	1545dec46db3	9dc808a6	.config	console log	report			ci-upstream-kasan-gce-386
2018/01/24 05:56	net-next-old	43df215d99e6	a5b7566c	.config	console log	report			ci-upstream-net-kasan-gce
2018/01/26 23:30	net-next-old	6bb46bc57c8e	1d18b112	.config	console log	report			ci-upstream-net-kasan-gce
2018/01/15 12:53	net-next-old	564737f981fb	66d492a6	.config	console log	report			ci-upstream-net-kasan-gce
2018/01/15 01:24	net-next-old	1988c7957881	66d492a6	.config	console log	report			ci-upstream-net-kasan-gce
2018/01/14 22:39	net-next-old	1988c7957881	66d492a6	.config	console log	report			ci-upstream-net-kasan-gce
2018/01/14 16:23	net-next-old	6bd39bc3da0f	66d492a6	.config	console log	report			ci-upstream-net-kasan-gce
2018/01/14 14:32	net-next-old	6bd39bc3da0f	c9e7aeae	.config	console log	report			ci-upstream-net-kasan-gce
2018/01/14 08:04	net-next-old	6bd39bc3da0f	c9e7aeae	.config	console log	report			ci-upstream-net-kasan-gce
2018/01/14 03:11	net-next-old	6bd39bc3da0f	c9e7aeae	.config	console log	report			ci-upstream-net-kasan-gce
2018/01/13 22:05	net-next-old	6bd39bc3da0f	c9e7aeae	.config	console log	report			ci-upstream-net-kasan-gce
2018/01/13 17:08	net-next-old	6bd39bc3da0f	c9e7aeae	.config	console log	report			ci-upstream-net-kasan-gce
2018/01/13 13:35	net-next-old	6bd39bc3da0f	c9e7aeae	.config	console log	report			ci-upstream-net-kasan-gce
2018/01/13 07:11	net-next-old	6bd39bc3da0f	9dc808a6	.config	console log	report			ci-upstream-net-kasan-gce
2018/01/13 05:39	net-next-old	6bd39bc3da0f	9dc808a6	.config	console log	report			ci-upstream-net-kasan-gce
2018/01/12 08:33	net-next-old	8c2e6c904fd8	9dc808a6	.config	console log	report			ci-upstream-net-kasan-gce
2018/01/11 20:38	net-next-old	c5e62a24278a	9dc808a6	.config	console log	report			ci-upstream-net-kasan-gce
2018/01/11 18:36	net-next-old	c5e62a24278a	9dc808a6	.config	console log	report			ci-upstream-net-kasan-gce
2018/01/11 11:29	net-next-old	c5e62a24278a	9dc808a6	.config	console log	report			ci-upstream-net-kasan-gce
2018/01/11 00:41	net-next-old	e2b3b35eb989	02a19b64	.config	console log	report			ci-upstream-net-kasan-gce
2018/01/10 22:50	net-next-old	e2b3b35eb989	02a19b64	.config	console log	report			ci-upstream-net-kasan-gce
2018/01/10 21:44	net-next-old	e2b3b35eb989	02a19b64	.config	console log	report			ci-upstream-net-kasan-gce
2018/01/15 19:18	linux-next	b625c1ff8227	66d492a6	.config	console log	report			ci-upstream-next-kasan-gce
2018/01/15 10:12	mmots	ce3c209f6733	66d492a6	.config	console log	report			ci-upstream-mmots-kasan-gce
2018/01/14 17:30	mmots	ce3c209f6733	66d492a6	.config	console log	report			ci-upstream-mmots-kasan-gce
2018/01/14 11:30	mmots	ce3c209f6733	c9e7aeae	.config	console log	report			ci-upstream-mmots-kasan-gce
2018/01/14 09:31	linux-next	3e53c7415294	c9e7aeae	.config	console log	report			ci-upstream-next-kasan-gce
2018/01/14 00:19	mmots	ce3c209f6733	c9e7aeae	.config	console log	report			ci-upstream-mmots-kasan-gce
2018/01/13 02:26	mmots	ce3c209f6733	9dc808a6	.config	console log	report			ci-upstream-mmots-kasan-gce
2018/01/12 10:17	mmots	2c405fa05106	9dc808a6	.config	console log	report			ci-upstream-mmots-kasan-gce
2018/01/12 03:15	mmots	2c405fa05106	9dc808a6	.config	console log	report			ci-upstream-mmots-kasan-gce
2018/01/12 01:35	linux-next	8418f8876404	9dc808a6	.config	console log	report			ci-upstream-next-kasan-gce
2018/01/11 23:29	mmots	4147d50978df	9dc808a6	.config	console log	report			ci-upstream-mmots-kasan-gce
2018/01/11 16:27	linux-next	8418f8876404	9dc808a6	.config	console log	report			ci-upstream-next-kasan-gce
2018/01/11 15:13	linux-next	8418f8876404	9dc808a6	.config	console log	report			ci-upstream-next-kasan-gce

Crashes (10353):

Assets (help?)

2017/12/24 21:31

upstream