KASAN: slab-out-of-bounds Read in ip6

Kernel	Title	Repro	Count	Last	Reported	Patched	Status
upstream	KASAN: slab-out-of-bounds Read in ip6_xmit (3) net	C	69	2122d	2164d	8/26	fixed on 2018/07/09 18:05
upstream	KASAN: slab-out-of-bounds Read in ip6_xmit net	C	156	2243d	2293d	4/26	fixed on 2018/03/06 13:29
android-44	KASAN: slab-out-of-bounds Read in ip6_xmit	C	404	2065d	1841d	0/2	public: reported C repro on 2019/04/11 08:44
upstream	KASAN: slab-out-of-bounds Read in ip6_xmit (2) net	C	259	2227d	2241d	4/26	fixed on 2018/03/23 18:14

random: sshd: uninitialized urandom read (32 bytes read) random: sshd: uninitialized urandom read (32 bytes read) random: sshd: uninitialized urandom read (32 bytes read) random: sshd: uninitialized urandom read (32 bytes read) ================================================================== BUG: KASAN: slab-out-of-bounds in ip6_dst_idev include/net/ip6_fib.h:141 [inline] BUG: KASAN: slab-out-of-bounds in ip6_xmit+0x1838/0x1b80 net/ipv6/ip6_output.c:254 Read of size 8 at addr ffff8801cf47b798 by task syz-executor243/3776 CPU: 1 PID: 3776 Comm: syz-executor243 Not tainted 4.9.123-g7fa8c15 #28 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801babf7540 ffffffff81eb9689 ffffea00073d1ec0 ffff8801cf47b798 0000000000000000 ffff8801cf47b798 0000000000000040 ffff8801babf7578 ffffffff8156c3fe ffff8801cf47b798 0000000000000008 0000000000000000 Call Trace: [<ffffffff81eb9689>] __dump_stack lib/dump_stack.c:15 [inline] [<ffffffff81eb9689>] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [<ffffffff8156c3fe>] print_address_description+0x6c/0x234 mm/kasan/report.c:256 [<ffffffff8156c808>] kasan_report_error mm/kasan/report.c:355 [inline] [<ffffffff8156c808>] kasan_report.cold.6+0x242/0x2fe mm/kasan/report.c:412 [<ffffffff8153fb94>] __asan_report_load8_noabort+0x14/0x20 mm/kasan/report.c:433 [<ffffffff835625a8>] ip6_dst_idev include/net/ip6_fib.h:141 [inline] [<ffffffff835625a8>] ip6_xmit+0x1838/0x1b80 net/ipv6/ip6_output.c:254 [<ffffffff8362782c>] inet6_csk_xmit+0x27c/0x4d0 net/ipv6/inet6_connection_sock.c:178 [<ffffffff836c4665>] l2tp_xmit_core net/l2tp/l2tp_core.c:1178 [inline] [<ffffffff836c4665>] l2tp_xmit_skb+0xc45/0xf30 net/l2tp/l2tp_core.c:1273 [<ffffffff836cfc30>] pppol2tp_sendmsg+0x4e0/0x790 net/l2tp/l2tp_ppp.c:339 [<ffffffff8301e0ac>] sock_sendmsg_nosec net/socket.c:648 [inline] [<ffffffff8301e0ac>] sock_sendmsg+0xcc/0x110 net/socket.c:658 [<ffffffff8301f8ca>] ___sys_sendmsg+0x47a/0x840 net/socket.c:1982 [<ffffffff83021e31>] __sys_sendmmsg+0x161/0x3d0 net/socket.c:2072 [<ffffffff830220d5>] SYSC_sendmmsg net/socket.c:2103 [inline] [<ffffffff830220d5>] SyS_sendmmsg+0x35/0x60 net/socket.c:2098 [<ffffffff81006316>] do_syscall_64+0x1a6/0x490 arch/x86/entry/common.c:282 [<ffffffff83a01d93>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb Allocated by task 0: (stack is not available) Freed by task 0: (stack is not available) The buggy address belongs to the object at ffff8801cf47b780 which belongs to the cache ip_dst_cache of size 216 The buggy address is located 24 bytes inside of 216-byte region [ffff8801cf47b780, ffff8801cf47b858) The buggy address belongs to the page: page:ffffea00073d1ec0 count:1 mapcount:0 mapping: (null) index:0x0 flags: 0x8000000000000080(slab) page dumped because: kasan: bad access detected Memory state around the buggy address: ffff8801cf47b680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffff8801cf47b700: 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc >ffff8801cf47b780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ^ ffff8801cf47b800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ffff8801cf47b880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ==================================================================

Crashes (388):
Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro	Manager
2018/08/23 19:58	https://android.googlesource.com/kernel/common android-4.9	7fa8c15e72a4	95b5c82b	.config	console log	report	syz	C	ci-android-49-kasan-gce-root
2018/08/23 19:51	https://android.googlesource.com/kernel/common android-4.9	7fa8c15e72a4	95b5c82b	.config	console log	report	syz	C	ci-android-49-kasan-gce
2018/08/29 16:01	https://android.googlesource.com/kernel/common android-4.9	09eb2ba5ed0c	53ff8784	.config	console log	report			ci-android-49-kasan-gce
2018/08/29 14:27	https://android.googlesource.com/kernel/common android-4.9	09eb2ba5ed0c	53ff8784	.config	console log	report			ci-android-49-kasan-gce-root
2018/08/29 11:46	https://android.googlesource.com/kernel/common android-4.9	09eb2ba5ed0c	53ff8784	.config	console log	report			ci-android-49-kasan-gce
2018/08/29 09:08	https://android.googlesource.com/kernel/common android-4.9	09eb2ba5ed0c	53ff8784	.config	console log	report			ci-android-49-kasan-gce-root
2018/08/29 07:57	https://android.googlesource.com/kernel/common android-4.9	09eb2ba5ed0c	53ff8784	.config	console log	report			ci-android-49-kasan-gce-root
2018/08/29 04:07	https://android.googlesource.com/kernel/common android-4.9	09eb2ba5ed0c	b771b17e	.config	console log	report			ci-android-49-kasan-gce-root
2018/08/28 22:39	https://android.googlesource.com/kernel/common android-4.9	09eb2ba5ed0c	b771b17e	.config	console log	report			ci-android-49-kasan-gce-root
2018/08/28 21:38	https://android.googlesource.com/kernel/common android-4.9	09eb2ba5ed0c	b771b17e	.config	console log	report			ci-android-49-kasan-gce-root
2018/08/28 20:08	https://android.googlesource.com/kernel/common android-4.9	09eb2ba5ed0c	b771b17e	.config	console log	report			ci-android-49-kasan-gce
2018/08/28 18:47	https://android.googlesource.com/kernel/common android-4.9	09eb2ba5ed0c	b771b17e	.config	console log	report			ci-android-49-kasan-gce
2018/08/28 12:50	https://android.googlesource.com/kernel/common android-4.9	09eb2ba5ed0c	7ef1de9e	.config	console log	report			ci-android-49-kasan-gce-root
2018/08/28 10:22	https://android.googlesource.com/kernel/common android-4.9	09eb2ba5ed0c	7ef1de9e	.config	console log	report			ci-android-49-kasan-gce-root
2018/08/28 05:14	https://android.googlesource.com/kernel/common android-4.9	09eb2ba5ed0c	7ef1de9e	.config	console log	report			ci-android-49-kasan-gce-root
2018/08/28 04:15	https://android.googlesource.com/kernel/common android-4.9	09eb2ba5ed0c	7ef1de9e	.config	console log	report			ci-android-49-kasan-gce-root
2018/08/28 02:31	https://android.googlesource.com/kernel/common android-4.9	09eb2ba5ed0c	7ef1de9e	.config	console log	report			ci-android-49-kasan-gce-root
2018/08/27 20:46	https://android.googlesource.com/kernel/common android-4.9	09eb2ba5ed0c	758cd203	.config	console log	report			ci-android-49-kasan-gce
2018/08/27 13:27	https://android.googlesource.com/kernel/common android-4.9	09eb2ba5ed0c	758cd203	.config	console log	report			ci-android-49-kasan-gce
2018/08/27 12:26	https://android.googlesource.com/kernel/common android-4.9	09eb2ba5ed0c	758cd203	.config	console log	report			ci-android-49-kasan-gce-root
2018/08/27 06:01	https://android.googlesource.com/kernel/common android-4.9	09eb2ba5ed0c	758cd203	.config	console log	report			ci-android-49-kasan-gce-root
2018/08/27 04:02	https://android.googlesource.com/kernel/common android-4.9	09eb2ba5ed0c	758cd203	.config	console log	report			ci-android-49-kasan-gce
2018/08/27 01:49	https://android.googlesource.com/kernel/common android-4.9	09eb2ba5ed0c	758cd203	.config	console log	report			ci-android-49-kasan-gce-root
2018/08/26 23:06	https://android.googlesource.com/kernel/common android-4.9	09eb2ba5ed0c	758cd203	.config	console log	report			ci-android-49-kasan-gce-root
2018/08/26 15:38	https://android.googlesource.com/kernel/common android-4.9	09eb2ba5ed0c	758cd203	.config	console log	report			ci-android-49-kasan-gce
2018/08/26 09:36	https://android.googlesource.com/kernel/common android-4.9	09eb2ba5ed0c	758cd203	.config	console log	report			ci-android-49-kasan-gce
2018/08/26 08:30	https://android.googlesource.com/kernel/common android-4.9	09eb2ba5ed0c	758cd203	.config	console log	report			ci-android-49-kasan-gce-root
2018/08/26 04:19	https://android.googlesource.com/kernel/common android-4.9	09eb2ba5ed0c	76e7c3df	.config	console log	report			ci-android-49-kasan-gce
2018/08/25 23:41	https://android.googlesource.com/kernel/common android-4.9	09eb2ba5ed0c	76e7c3df	.config	console log	report			ci-android-49-kasan-gce
2018/08/25 15:47	https://android.googlesource.com/kernel/common android-4.9	09eb2ba5ed0c	9be5aa1d	.config	console log	report			ci-android-49-kasan-gce
2018/08/25 13:44	https://android.googlesource.com/kernel/common android-4.9	09eb2ba5ed0c	9be5aa1d	.config	console log	report			ci-android-49-kasan-gce
2018/08/29 19:54	https://android.googlesource.com/kernel/common android-4.9	09eb2ba5ed0c	4937cb2b	.config	console log	report			ci-android-49-kasan-gce-386
2018/08/29 11:44	https://android.googlesource.com/kernel/common android-4.9	09eb2ba5ed0c	53ff8784	.config	console log	report			ci-android-49-kasan-gce-386
2018/08/29 06:44	https://android.googlesource.com/kernel/common android-4.9	09eb2ba5ed0c	53ff8784	.config	console log	report			ci-android-49-kasan-gce-386
2018/08/28 01:26	https://android.googlesource.com/kernel/common android-4.9	09eb2ba5ed0c	7ef1de9e	.config	console log	report			ci-android-49-kasan-gce-386
2018/08/27 22:59	https://android.googlesource.com/kernel/common android-4.9	09eb2ba5ed0c	7ef1de9e	.config	console log	report			ci-android-49-kasan-gce-386
2018/08/27 08:49	https://android.googlesource.com/kernel/common android-4.9	09eb2ba5ed0c	758cd203	.config	console log	report			ci-android-49-kasan-gce-386
2018/08/27 02:54	https://android.googlesource.com/kernel/common android-4.9	09eb2ba5ed0c	758cd203	.config	console log	report			ci-android-49-kasan-gce-386
2018/08/26 14:04	https://android.googlesource.com/kernel/common android-4.9	09eb2ba5ed0c	758cd203	.config	console log	report			ci-android-49-kasan-gce-386
2018/08/26 11:46	https://android.googlesource.com/kernel/common android-4.9	09eb2ba5ed0c	758cd203	.config	console log	report			ci-android-49-kasan-gce-386
2018/08/26 08:22	https://android.googlesource.com/kernel/common android-4.9	09eb2ba5ed0c	758cd203	.config	console log	report			ci-android-49-kasan-gce-386
2018/08/26 06:49	https://android.googlesource.com/kernel/common android-4.9	09eb2ba5ed0c	758cd203	.config	console log	report			ci-android-49-kasan-gce-386
2018/08/26 01:43	https://android.googlesource.com/kernel/common android-4.9	09eb2ba5ed0c	76e7c3df	.config	console log	report			ci-android-49-kasan-gce-386
2018/08/25 17:02	https://android.googlesource.com/kernel/common android-4.9	09eb2ba5ed0c	9be5aa1d	.config	console log	report			ci-android-49-kasan-gce-386
2018/08/25 13:35	https://android.googlesource.com/kernel/common android-4.9	09eb2ba5ed0c	9be5aa1d	.config	console log	report			ci-android-49-kasan-gce-386

Crashes (388):

Assets (help?)

2018/08/23 19:58

https://android.googlesource.com/kernel/common android-4.9