Re: [PATCH net] xfrm: defer daddr pointer assignment after spi parsing

On Wed, Nov 01, 2017 at 08:30:49PM +0100, Florian Westphal wrote: > syzbot reports: > BUG: KASAN: use-after-free in __xfrm_state_lookup+0x695/0x6b0 > Read of size 4 at addr 8801d434e538 by task syzkaller647520/2991 > [..] > __xfrm_state_lookup+0x695/0x6b0 net/xfrm/xfrm_state.c:833 > xfrm_state_

[PATCH net] xfrm: defer daddr pointer assignment after spi parsing

syzbot reports: BUG: KASAN: use-after-free in __xfrm_state_lookup+0x695/0x6b0 Read of size 4 at addr 8801d434e538 by task syzkaller647520/2991 [..] __xfrm_state_lookup+0x695/0x6b0 net/xfrm/xfrm_state.c:833 xfrm_state_lookup+0x8a/0x160 net/xfrm/xfrm_state.c:1592 xfrm_input+0x8e5/0x22f0 net/xfrm/