================================================================== BUG: KASAN: use-after-free in parse_ipsecrequest net/key/af_key.c:1906 [inline] at addr ffff88019d41f04a BUG: KASAN: use-after-free in parse_ipsecrequests+0xc7d/0xd00 net/key/af_key.c:1958 at addr ffff88019d41f04a Read of size 1 by task syz-executor2/17446 page:ffffea00067507c0 count:0 mapcount:0 mapping: (null) index:0x0 flags: 0x200000000000000() page dumped because: kasan: bad access detected CPU: 1 PID: 17446 Comm: syz-executor2 Not tainted 4.9.39-g5b07c2d #4 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801c99e77b0 ffffffff81eacd59 ffffed0033a83e09 0000000000000001 0000000000000000 ffffed0033a83e09 ffff88019d41f04a ffff8801c99e7830 ffffffff81547141 ffff8801c99e7840 ffffffff833df72f ffffffff8358b4bd Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] print_address_description mm/kasan/report.c:208 [inline] [] kasan_report_error mm/kasan/report.c:287 [inline] [] kasan_report.part.1+0x4a1/0x4e0 mm/kasan/report.c:309 [] kasan_report mm/kasan/report.c:327 [inline] [] __asan_report_load1_noabort+0x29/0x30 mm/kasan/report.c:327 [] parse_ipsecrequest net/key/af_key.c:1906 [inline] [] parse_ipsecrequests+0xc7d/0xd00 net/key/af_key.c:1958 [] pfkey_compile_policy+0xa20/0xd40 net/key/af_key.c:3250 [] xfrm_user_policy+0x222/0x370 net/xfrm/xfrm_state.c:1900 [] do_ip_setsockopt.isra.11+0x193e/0x28f0 net/ipv4/ip_sockglue.c:1146 [] ip_setsockopt+0x3a/0xb0 net/ipv4/ip_sockglue.c:1235 [] tcp_setsockopt+0x82/0xd0 net/ipv4/tcp.c:2701 [] sock_common_setsockopt+0x95/0xd0 net/core/sock.c:2705 [] SYSC_setsockopt net/socket.c:1771 [inline] [] SyS_setsockopt+0x158/0x240 net/socket.c:1750 [] entry_SYSCALL_64_fastpath+0x23/0xc6 Memory state around the buggy address: ffff88019d41ef00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ffff88019d41ef80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff >ffff88019d41f000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ^ ffff88019d41f080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ffff88019d41f100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ================================================================== ================================================================== BUG: KASAN: use-after-free in parse_ipsecrequest net/key/af_key.c:1906 [inline] at addr ffff88019d41ec4a BUG: KASAN: use-after-free in parse_ipsecrequests+0xc7d/0xd00 net/key/af_key.c:1958 at addr ffff88019d41ec4a Read of size 1 by task syz-executor2/17481 page:ffffea0006750780 count:0 mapcount:-127 mapping: (null) index:0x0 flags: 0x200000000000000() page dumped because: kasan: bad access detected CPU: 1 PID: 17481 Comm: syz-executor2 Tainted: G B 4.9.39-g5b07c2d #4 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff880198c077b0 ffffffff81eacd59 ffffed0033a83d89 0000000000000001 0000000000000000 ffffed0033a83d89 ffff88019d41ec4a ffff880198c07830 ffffffff81547141 ffff880198c07840 ffffffff833df72f ffffffff8358b4bd Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] print_address_description mm/kasan/report.c:208 [inline] [] kasan_report_error mm/kasan/report.c:287 [inline] [] kasan_report.part.1+0x4a1/0x4e0 mm/kasan/report.c:309 [] kasan_report mm/kasan/report.c:327 [inline] [] __asan_report_load1_noabort+0x29/0x30 mm/kasan/report.c:327 [] parse_ipsecrequest net/key/af_key.c:1906 [inline] [] parse_ipsecrequests+0xc7d/0xd00 net/key/af_key.c:1958 [] pfkey_compile_policy+0xa20/0xd40 net/key/af_key.c:3250 [] xfrm_user_policy+0x222/0x370 net/xfrm/xfrm_state.c:1900 [] do_ip_setsockopt.isra.11+0x193e/0x28f0 net/ipv4/ip_sockglue.c:1146 [] ip_setsockopt+0x3a/0xb0 net/ipv4/ip_sockglue.c:1235 [] tcp_setsockopt+0x82/0xd0 net/ipv4/tcp.c:2701 [] sock_common_setsockopt+0x95/0xd0 net/core/sock.c:2705 [] SYSC_setsockopt net/socket.c:1771 [inline] [] SyS_setsockopt+0x158/0x240 net/socket.c:1750 [] entry_SYSCALL_64_fastpath+0x23/0xc6 Memory state around the buggy address: ffff88019d41eb00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ffff88019d41eb80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff >ffff88019d41ec00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ^ ffff88019d41ec80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ffff88019d41ed00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ================================================================== ================================================================== BUG: KASAN: use-after-free in parse_ipsecrequest net/key/af_key.c:1906 [inline] at addr ffff8801c8d5414a BUG: KASAN: use-after-free in parse_ipsecrequests+0xc7d/0xd00 net/key/af_key.c:1958 at addr ffff8801c8d5414a Read of size 1 by task syz-executor2/17542 page:ffffea0007235500 count:0 mapcount:0 mapping: (null) index:0x0 flags: 0x200000000000000() page dumped because: kasan: bad access detected CPU: 0 PID: 17542 Comm: syz-executor2 Tainted: G B 4.9.39-g5b07c2d #4 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801c95677b0 ffffffff81eacd59 ffffed00391aa829 0000000000000001 0000000000000000 ffffed00391aa829 ffff8801c8d5414a ffff8801c9567830 ffffffff81547141 ffff8801c9567840 ffffffff833df72f ffffffff8358b4bd Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] print_address_description mm/kasan/report.c:208 [inline] [] kasan_report_error mm/kasan/report.c:287 [inline] [] kasan_report.part.1+0x4a1/0x4e0 mm/kasan/report.c:309 [] kasan_report mm/kasan/report.c:327 [inline] [] __asan_report_load1_noabort+0x29/0x30 mm/kasan/report.c:327 [] parse_ipsecrequest net/key/af_key.c:1906 [inline] [] parse_ipsecrequests+0xc7d/0xd00 net/key/af_key.c:1958 [] pfkey_compile_policy+0xa20/0xd40 net/key/af_key.c:3250 [] xfrm_user_policy+0x222/0x370 net/xfrm/xfrm_state.c:1900 [] do_ip_setsockopt.isra.11+0x193e/0x28f0 net/ipv4/ip_sockglue.c:1146 [] ip_setsockopt+0x3a/0xb0 net/ipv4/ip_sockglue.c:1235 [] tcp_setsockopt+0x82/0xd0 net/ipv4/tcp.c:2701 [] sock_common_setsockopt+0x95/0xd0 net/core/sock.c:2705 [] SYSC_setsockopt net/socket.c:1771 [inline] [] SyS_setsockopt+0x158/0x240 net/socket.c:1750 [] entry_SYSCALL_64_fastpath+0x23/0xc6 Memory state around the buggy address: ffff8801c8d54000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ffff8801c8d54080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff >ffff8801c8d54100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ^ ffff8801c8d54180: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ffff8801c8d54200: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ================================================================== tmpfs: No value for mount option '›' tmpfs: No value for mount option '›' binder: 19079:19085 ioctl 540f 20553000 returned -22 binder: 19079:19114 ioctl 540f 20553000 returned -22 IPVS: Creating netns size=2536 id=39