syzbot


kernel panic: stack is corrupted in udp4_lib_lookup2

Status: fixed on 2019/03/06 07:43
Subsystems: net
[Documentation on labels]
Reported-by: syzbot+4ad25edc7a33e4ab91e0@syzkaller.appspotmail.com
Fix commit: 44039e00171b fou6: Prevent unbounded recursion in GUE error handler
First crash: 2001d, last: 2000d
Duplicate bugs (23)
duplicates (23):
Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
KASAN: stack-out-of-bounds Read in check_stack_object hardening mm syz 2 1985d 1994d 0/27 closed as dup on 2019/01/06 15:44
KASAN: stack-out-of-bounds Read in process_one_work kernel 1 1989d 1986d 0/27 closed as dup on 2019/01/14 17:06
general protection fault in account_system_index_time (2) kernel C 12 1985d 2039d 0/27 closed as dup on 2019/01/04 11:13
KASAN: stack-out-of-bounds Read in corrupted (3) acpica C 5 1986d 1998d 0/27 closed as dup on 2019/01/04 11:23
kernel panic: stack is corrupted in lock_acquire kernel 2 1994d 1996d 0/27 closed as dup on 2019/01/04 11:23
BUG: unable to handle kernel paging request in free_block (4) kernel 2 1956d 1985d 0/27 closed as dup on 2019/01/14 17:27
kernel panic: stack is corrupted in rb_erase kernel 1 1989d 1989d 0/27 closed as dup on 2019/01/11 08:03
WARNING in mem_cgroup_update_lru_size cgroups mm C 2 1995d 1998d 0/27 closed as dup on 2019/01/05 08:11
general protection fault in cpuacct_charge (2) kernel 1 1985d 1985d 0/27 closed as dup on 2019/01/15 16:59
KASAN: stack-out-of-bounds Read in timerqueue_add (2) kernel C 4 1990d 1996d 0/27 closed as dup on 2019/01/04 16:39
KASAN: stack-out-of-bounds in update_curr kernel syz 1 1996d 1996d 0/27 closed as dup on 2019/01/04 16:37
kernel panic: stack is corrupted in ktime_get kernel 3 1993d 1998d 0/27 closed as dup on 2019/01/04 11:21
BUG: corrupted list in account_entity_enqueue kernel C 9 1993d 2000d 0/27 closed as dup on 2019/01/04 11:12
kernel panic: corrupted stack end detected inside scheduler (3) mm C 1958 2001d 2151d 0/27 closed as dup on 2019/01/04 11:19
kernel panic: stack is corrupted in perf_prepare_sample perf 1 1996d 1995d 0/27 closed as dup on 2019/01/06 13:27
kernel panic: stack is corrupted in lock_release kernel 4 1996d 1998d 0/27 closed as dup on 2019/01/04 11:20
KASAN: stack-out-of-bounds Read in swake_up_one kernel syz 1 1988d 1985d 0/27 closed as dup on 2019/01/14 17:27
KASAN: use-after-scope Read in corrupted hardening mm C 2 1988d 1985d 0/27 closed as dup on 2019/01/15 07:26
kernel panic: stack is corrupted in __lock_acquire kernel 9 1985d 1998d 0/27 closed as dup on 2019/01/04 11:22
general protection fault in timerqueue_add (2) kernel 2 1994d 1996d 0/27 closed as dup on 2019/01/04 16:41
kernel panic: stack is corrupted in rcu_dynticks_curr_cpu_in_eqs rcu syz 156 1985d 1998d 0/27 closed as dup on 2019/01/04 11:13
KASAN: stack-out-of-bounds Read in select_idle_sibling kernel 2 2002d 1999d 0/27 closed as dup on 2019/01/04 11:22
kernel panic: stack is corrupted in trace_hardirqs_off trace 1 1999d 1998d 0/27 closed as dup on 2019/01/04 11:21
Discussions (2)
Title Replies (including bot) Last reply
kernel panic: stack is corrupted in udp4_lib_lookup2 17 (18) 2019/01/07 09:04
[PATCH net 0/2] Fix two further potential unbounded recursions in GUE error handlers 4 (4) 2019/01/04 21:06

Sample crash report:
Kernel panic - not syncing: stack-protector: Kernel stack is corrupted in: udp4_lib_lookup2+0x7ea/0x7f0 net/ipv4/udp.c:455
CPU: 0 PID: 25894 Comm: syz-executor3 Not tainted 4.20.0+ #396
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
kobject: 'loop5' (0000000083e9ff32): kobject_uevent_env
Call Trace:
Kernel Offset: disabled
Rebooting in 86400 seconds..

Crashes (11):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2018/12/31 00:38 upstream 195303136f19 2b42fdc8 .config console log report ci-upstream-kasan-gce-root
2018/12/30 23:54 upstream 195303136f19 2b42fdc8 .config console log report ci-upstream-kasan-gce-smack-root
2018/12/30 13:57 upstream 195303136f19 9942de5f .config console log report ci-upstream-kasan-gce
2018/12/30 12:05 upstream 195303136f19 9942de5f .config console log report ci-upstream-kasan-gce-selinux-root
2018/12/31 03:07 net-old c433570458e4 2b42fdc8 .config console log report ci-upstream-net-this-kasan-gce
2018/12/30 14:13 net-next-old b71acb0e3721 9942de5f .config console log report ci-upstream-net-kasan-gce
2018/12/30 12:00 net-next-old b71acb0e3721 9942de5f .config console log report ci-upstream-net-kasan-gce
2018/12/30 11:45 net-next-old b71acb0e3721 9942de5f .config console log report ci-upstream-net-kasan-gce
2018/12/31 00:01 linux-next 6a1d293238c1 2b42fdc8 .config console log report ci-upstream-linux-next-kasan-gce-root
2018/12/30 12:09 linux-next 6a1d293238c1 9942de5f .config console log report ci-upstream-linux-next-kasan-gce-root
2018/12/30 12:08 linux-next 6a1d293238c1 9942de5f .config console log report ci-upstream-linux-next-kasan-gce-root
* Struck through repros no longer work on HEAD.