syzbot


kernel panic: corrupted stack end in corrupted

Status: fixed on 2019/08/27 17:15
Reported-by: syzbot+b764c7ca388222ddfb17@syzkaller.appspotmail.com
Fix commit: 95fa145479fb bpf: sockmap/tls, close can race with map free
First crash: 1763d, last: 1714d
Cause bisection: introduced by (bisect log) :
commit e9db4ef6bf4ca9894bb324c76e01b8f1a16b2650
Author: John Fastabend <john.fastabend@gmail.com>
Date: Sat Jun 30 13:17:47 2018 +0000

  bpf: sockhash fix omitted bucket lock in sock_close

Crash: KASAN: use-after-free Write in bpf_tcp_close (log)
Repro: syz .config
  
Discussions (3)
Title Replies (including bot) Last reply
Reminder: 36 open syzbot bugs in "net/bpf" subsystem 1 (1) 2019/07/03 06:01
Reminder: 30 open syzbot bugs in "net/bpf" subsystem 1 (1) 2019/06/24 05:01
kernel panic: corrupted stack end in corrupted 1 (2) 2019/06/20 21:53

Sample crash report:
Kernel panic - not syncing: corrupted stack end detected inside scheduler
CPU: 1 PID: 11266 Comm: syz-executor.1 Not tainted 5.3.0-rc2 #88
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
Kernel Offset: disabled
Rebooting in 86400 seconds..

Crashes (17):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2019/07/29 14:53 upstream 609488bc979f c85e1c5b .config console log report syz ci-upstream-kasan-gce-root
2019/07/19 05:41 upstream 22051d9c4a57 7bb222f7 .config console log report syz ci-upstream-kasan-gce-smack-root
2019/07/18 21:47 upstream 22051d9c4a57 7bb222f7 .config console log report syz ci-upstream-kasan-gce-root
2019/07/06 17:10 upstream 69bf4b6b54fb f62e1e85 .config console log report syz ci-upstream-kasan-gce-root
2019/06/25 13:59 upstream 4b972a01a7da 82c13b6b .config console log report syz ci-upstream-kasan-gce-selinux-root
2019/06/23 23:15 upstream 241e39004581 472f0082 .config console log report syz ci-upstream-kasan-gce-root
2019/07/29 14:16 net-old 107e47cc80ec c85e1c5b .config console log report syz ci-upstream-net-this-kasan-gce
2019/06/19 01:53 net-old 29f785ff76b6 e3f76baa .config console log report syz ci-upstream-net-this-kasan-gce
2019/08/07 01:59 net-next-old 31cc088a4f5d c6f01e54 .config console log report syz ci-upstream-net-kasan-gce
2019/07/29 16:49 net-next-old 31cc088a4f5d c85e1c5b .config console log report syz ci-upstream-net-kasan-gce
2019/07/01 22:36 net-next-old 6e32a74a6f15 907bf746 .config console log report syz ci-upstream-net-kasan-gce
2019/06/25 01:28 net-next-old 7d30a7f6424e 82c13b6b .config console log report syz ci-upstream-net-kasan-gce
2019/07/19 07:23 linux-next 6d21a41b7b1f 7bb222f7 .config console log report syz ci-upstream-linux-next-kasan-gce-root
2019/06/29 02:11 linux-next 48568d8c7f47 7509bf36 .config console log report syz ci-upstream-linux-next-kasan-gce-root
2019/06/27 03:48 linux-next 1dd45f170b7e 7509bf36 .config console log report syz ci-upstream-linux-next-kasan-gce-root
2019/06/25 04:54 linux-next 9ffadb46f3db 82c13b6b .config console log report syz ci-upstream-linux-next-kasan-gce-root
2019/06/24 05:46 linux-next e2d28c40292b 472f0082 .config console log report syz ci-upstream-linux-next-kasan-gce-root
* Struck through repros no longer work on HEAD.