syzbot |
sign-in | mailing list | source | docs |
| Kernel | Title | Rank 🛈 | Repro | Cause bisect | Fix bisect | Count | Last | Reported | Patched | Status |
|---|---|---|---|---|---|---|---|---|---|---|
| android-5-15 | KASAN: stack-out-of-bounds Read in __xfrm_dst_hash origin:lts | 17 | C | error | 2 | 18d | 113d | 0/2 | upstream: reported C repro on 2026/01/31 15:19 | |
| android-5-10 | KASAN: stack-out-of-bounds Read in __xfrm_dst_hash | 17 | 1 | 468d | 468d | 0/2 | auto-obsoleted due to no activity on 2025/05/12 11:45 |
| Created | Duration | User | Patch | Repo | Result |
|---|---|---|---|---|---|
| 2026/05/07 20:43 | 12m | retest repro | android13-5.10-lts | report log | |
| 2026/04/14 02:38 | 6m | retest repro | android13-5.10-lts | report log | |
| 2026/02/10 19:21 | 5m | retest repro | android13-5.10-lts | report log | |
| 2026/01/04 00:53 | 6m | retest repro | android13-5.10-lts | report log | |
| 2025/12/02 11:30 | 38m | retest repro | android13-5.10-lts | report log | |
| 2025/09/22 20:25 | 5m | retest repro | android13-5.10-lts | report log |
================================================================== BUG: KASAN: stack-out-of-bounds in jhash2 include/linux/jhash.h:138 [inline] BUG: KASAN: stack-out-of-bounds in __xfrm6_addr_hash net/xfrm/xfrm_hash.h:16 [inline] BUG: KASAN: stack-out-of-bounds in __xfrm6_daddr_saddr_hash net/xfrm/xfrm_hash.h:29 [inline] BUG: KASAN: stack-out-of-bounds in __xfrm_dst_hash+0x399/0x480 net/xfrm/xfrm_hash.h:95 Read of size 4 at addr ffffc90000170b18 by task kworker/u4:0/7 CPU: 1 PID: 7 Comm: kworker/u4:0 Not tainted syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 Workqueue: netns cleanup_net Call Trace: <IRQ> __dump_stack+0x21/0x24 lib/dump_stack.c:77 dump_stack_lvl+0x1a7/0x208 lib/dump_stack.c:118 print_address_description+0x7f/0x2c0 mm/kasan/report.c:248 __kasan_report mm/kasan/report.c:435 [inline] kasan_report+0xe2/0x130 mm/kasan/report.c:452 __asan_report_load4_noabort+0x14/0x20 mm/kasan/report_generic.c:308 jhash2 include/linux/jhash.h:138 [inline] __xfrm6_addr_hash net/xfrm/xfrm_hash.h:16 [inline] __xfrm6_daddr_saddr_hash net/xfrm/xfrm_hash.h:29 [inline] __xfrm_dst_hash+0x399/0x480 net/xfrm/xfrm_hash.h:95 xfrm_dst_hash net/xfrm/xfrm_state.c:63 [inline] xfrm_state_find+0x28c/0x28b0 net/xfrm/xfrm_state.c:1068 xfrm_tmpl_resolve_one net/xfrm/xfrm_policy.c:2398 [inline] xfrm_tmpl_resolve net/xfrm/xfrm_policy.c:2443 [inline] xfrm_resolve_and_create_bundle+0x697/0x29f0 net/xfrm/xfrm_policy.c:2736 xfrm_bundle_lookup net/xfrm/xfrm_policy.c:2971 [inline] xfrm_lookup_with_ifid+0x7ea/0x1a80 net/xfrm/xfrm_policy.c:3102 xfrm_lookup net/xfrm/xfrm_policy.c:3194 [inline] xfrm_lookup_route+0x3c/0x170 net/xfrm/xfrm_policy.c:3205 ip_route_output_flow+0x1f8/0x2f0 net/ipv4/route.c:2808 ip_route_output_ports include/net/route.h:169 [inline] igmpv3_newpack+0x281/0xc80 net/ipv4/igmp.c:372 add_grhead+0x75/0x2e0 net/ipv4/igmp.c:443 add_grec+0x116b/0x1410 net/ipv4/igmp.c:577 igmpv3_send_cr net/ipv4/igmp.c:714 [inline] igmp_ifc_timer_expire+0x89e/0xf80 net/ipv4/igmp.c:813 call_timer_fn+0x38/0x290 kernel/time/timer.c:1450 expire_timers kernel/time/timer.c:1495 [inline] __run_timers+0x650/0x9e0 kernel/time/timer.c:1789 run_timer_softirq+0x6a/0xf0 kernel/time/timer.c:1802 __do_softirq+0x255/0x563 kernel/softirq.c:309 asm_call_irq_on_stack+0xf/0x20 </IRQ> __run_on_irqstack arch/x86/include/asm/irq_stack.h:26 [inline] run_on_irqstack_cond arch/x86/include/asm/irq_stack.h:77 [inline] do_softirq_own_stack+0x60/0x80 arch/x86/kernel/irq_64.c:77 do_softirq+0xb0/0xf0 kernel/softirq.c:358 __local_bh_enable_ip+0x70/0x80 kernel/softirq.c:194 __raw_spin_unlock_bh include/linux/spinlock_api_smp.h:176 [inline] _raw_spin_unlock_bh+0x51/0x60 kernel/locking/spinlock.c:207 spin_unlock_bh include/linux/spinlock.h:400 [inline] netif_addr_unlock_bh include/linux/netdevice.h:4465 [inline] dev_uc_del+0x2d3/0x340 net/core/dev_addr_lists.c:615 macsec_dev_stop+0x482/0x540 drivers/net/macsec.c:3589 __dev_close_many+0x288/0x360 net/core/dev.c:1626 dev_close_many+0x221/0x4d0 net/core/dev.c:1651 unregister_netdevice_many+0x45e/0x1a80 net/core/dev.c:10757 default_device_exit_batch+0x35e/0x3c0 net/core/dev.c:11300 ops_exit_list net/core/net_namespace.c:190 [inline] cleanup_net+0x603/0xb80 net/core/net_namespace.c:609 process_one_work+0x6e1/0xba0 kernel/workqueue.c:2301 worker_thread+0xa6a/0x13c0 kernel/workqueue.c:2447 kthread+0x346/0x3d0 kernel/kthread.c:313 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:298 Memory state around the buggy address: ffffc90000170a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffffc90000170a80: 00 00 00 00 00 00 00 00 f1 f1 f1 f1 00 00 00 00 >ffffc90000170b00: 00 00 00 f3 f3 f3 f3 f3 00 00 00 00 00 00 00 00 ^ ffffc90000170b80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffffc90000170c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ==================================================================
| Time | Kernel | Commit | Syzkaller | Config | Log | Report | Syz repro | C repro | VM info | Assets (help?) | Manager | Title |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2026/05/15 03:06 | android13-5.10-lts | 1b32327554da | 6ccb967e | .config | console log | report | syz / log | C | [disk image] [vmlinux] [kernel image] | ci2-android-5-10 | KASAN: stack-out-of-bounds Read in __xfrm_dst_hash | |
| 2025/12/20 23:48 | android13-5.10-lts | e253c52bbdfc | d6526ea3 | .config | console log | report | syz / log | C | [disk image] [vmlinux] [kernel image] | ci2-android-5-10 | KASAN: stack-out-of-bounds Read in __xfrm_dst_hash | |
| 2025/09/08 11:07 | android13-5.10-lts | 48647f2c6800 | d291dd2d | .config | console log | report | syz / log | [disk image] [vmlinux] [kernel image] | ci2-android-5-10 | KASAN: stack-out-of-bounds Read in __xfrm_dst_hash | ||
| 2026/05/15 02:39 | android13-5.10-lts | 1b32327554da | 6ccb967e | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-android-5-10 | KASAN: stack-out-of-bounds Read in __xfrm_dst_hash |