Begin forwarded message: Date: Tue, 12 Jun 2018 01:44:36 +0000 From: bugzilla-dae...@bugzilla.kernel.org To: step...@networkplumber.org Subject: [Bug 200033] New: stack-out-of-bounds in __xfrm_dst_hash net/xfrm/xfrm_hash.h https://bugzilla.kernel.org/show_bug.cgi?id=200033 Bug ID: 200033 Summary: stack-out-of-bounds in __xfrm_dst_hash net/xfrm/xfrm_hash.h Product: Networking Version: 2.5 Kernel Version: v4.17 Hardware: All OS: Linux Tree: Mainline Status: NEW Severity: normal Priority: P1 Component: Other Assignee: step...@networkplumber.org Reporter: icy...@gmail.com Regression: No Created attachment 276483 --> https://bugzilla.kernel.org/attachment.cgi?id=276483&action=edit Found this bug with modified syzkaller ================================================================== BUG: KASAN: stack-out-of-bounds in __xfrm_dst_hash net/xfrm/xfrm_hash.h:96 [inline] BUG: KASAN: stack-out-of-bounds in xfrm_dst_hash net/xfrm/xfrm_state.c:61 [inline] BUG: KASAN: stack-out-of-bounds in xfrm_state_find+0x24ab/0x26e0 net/xfrm/xfrm_state.c:953 Read of size 4 at addr ffff880054b17b70 by task syz-executor0/13697 CPU: 0 PID: 13697 Comm: syz-executor0 Not tainted 4.17.0 #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1ubuntu1 04/01/2014 Call Trace: The buggy address belongs to the page: page:ffffea000152c5c0 count:0 mapcount:0 mapping:0000000000000000 index:0x0 flags: 0x100000000000000() raw: 0100000000000000 0000000000000000 ffffea000152c5c8 0000000000000000 raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 page dumped because: kasan: bad access detected Memory state around the buggy address: ffff880054b17a00: 00 00 00 00 00 00 00 f1 f1 f1 f1 00 f2 f2 f2 f2 ffff880054b17a80: f2 f2 f2 00 00 00 00 f2 f2 f2 f2 00 00 00 00 00 >ffff880054b17b00: f2 f2 f2 f2 f2 f2 f2 00 00 00 00 00 00 00 f2 f2 ^ ffff880054b17b80: f2 f2 f2 00 00 00 00 00 00 00 00 00 f2 f2 f2 f3 ffff880054b17c00: f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 00 ================================================================== Kernel panic - not syncing: panic_on_warn set ... CPU: 0 PID: 13697 Comm: syz-executor0 Tainted: G B 4.17.0 #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1ubuntu1 04/01/2014 Call Trace: Dumping ftrace buffer: (ftrace buffer empty) Kernel Offset: disabled Rebooting in 86400 seconds.. -- You are receiving this mail because: You are the assignee for the bug.
