syzbot


KASAN: slab-out-of-bounds Read in tick_sched_handle
Status: fixed on 2019/03/17 10:55
Reported-by: syzbot+09d51a30df9fe76edb2a@syzkaller.appspotmail.com
Fix commit: bc6e019b6ee6 fou: Prevent unbounded recursion in GUE error handler also with UDP-Lite
First crash: 1078d, last: 1050d

Cause bisection: introduced by (bisect log) :
commit b8a51b38e4d4dec3e379d52c0fe1a66827f7cf1e
Author: Stefano Brivio <sbrivio@redhat.com>
Date: Thu Nov 8 11:19:23 2018 +0000

  fou, fou6: ICMP error handlers for FoU and GUE

Crash: KASAN: use-after-free Read in tick_sched_handle (log)
Repro: C syz .config
Patch testing requests:
Created Duration User Patch Repo Result
2019/03/16 15:59 16m sbrivio@redhat.com patch git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git 6b529fb0 OK
2019/03/16 15:45 18m sbrivio@redhat.com git://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git 26fc181e6cacacd4837da7ffe0c871134a421600 OK

Sample crash report:

Crashes (7):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci-upstream-kasan-gce-smack-root 2019/01/14 00:40 upstream 6b529fb0a3ea c3f3344c .config log report syz C
ci-upstream-net-kasan-gce 2018/12/16 18:37 net-next c151acc6e9ff def91db3 .config log report syz C
ci-upstream-linux-next-kasan-gce-root 2018/12/23 21:39 linux-next 6648e120dd1a e3bd7ab8 .config log report syz C
ci-upstream-linux-next-kasan-gce-root 2018/12/23 02:46 linux-next 6648e120dd1a e3bd7ab8 .config log report syz C
ci-upstream-kasan-gce 2019/01/14 00:54 upstream 1c7fc5cbc339 c3f3344c .config log report
ci-upstream-kasan-gce-smack-root 2019/01/07 01:35 upstream 574823bfab82 ee332608 .config log report
ci-upstream-linux-next-kasan-gce-root 2018/12/16 22:52 linux-next d14b746c6c1c def91db3 .config log report