On Wed, Jan 09, 2019 at 02:37:34PM +0100, Florian Westphal wrote:
> The check assumes that in transport mode, the first templates family
> must match the address family of the policy selector.
>
> Syzkaller managed to build a template using MODE_ROUTEOPTIMIZATION,
> with ipv4-in-ipv6 chain, leadin
The check assumes that in transport mode, the first templates family
must match the address family of the policy selector.
Syzkaller managed to build a template using MODE_ROUTEOPTIMIZATION,
with ipv4-in-ipv6 chain, leading to following splat:
BUG: KASAN: stack-out-of-bounds in xfrm_state_find+0x
