Hello Steffen Klassert,
The patch 172bf009c18d: "xfrm: Support GRO for IPv4 ESP in UDP
encapsulation" from Oct 4, 2023 (linux-next), leads to the following
Smatch static checker warning:
net/ipv6/xfrm6_input.c:174 xfrm6_udp_encap_rcv()
warn: passing freed memory 'skb'
net/ipv6/xfrm6_input.c
168 int xfrm6_udp_encap_rcv(struct sock *sk, struct sk_buff *skb)
169 {
170 int ret;
171
172 ret = __xfrm6_udp_encap_rcv(sk, skb, true);
The xfrm4_udp_encap_rcv() function frees skb and returns zero.
173 if (!ret)
--> 174 return xfrm6_rcv_encap(skb, IPPROTO_ESP, 0,
^^^
Use after free
175 udp_sk(sk)->encap_type);
176
177 if (ret < 0) {
178 kfree_skb(skb);
179 return 0;
180 }
181
182 return ret;
183 }
regards,
dan carpenter
