syzbot


KASAN: use-after-free Write in sctp_auth_shkey_hold
Status: upstream: reported C repro on 2021/07/12 04:45
Reported-by: syzbot+b774577370208727d12b@syzkaller.appspotmail.com
Fix commit: 58acd1009226 sctp: update active_key for asoc when old key is being replaced
Patched on: [ci-qemu-upstream ci-qemu-upstream-386 ci-qemu2-arm64 ci-qemu2-arm64-compat ci-qemu2-arm64-mte ci-qemu2-riscv64 ci-upstream-bpf-kasan-gce ci-upstream-bpf-next-kasan-gce ci-upstream-gce-leak ci-upstream-kasan-gce ci-upstream-kasan-gce-386 ci-upstream-kasan-gce-root ci-upstream-kasan-gce-selinux-root ci-upstream-kasan-gce-smack-root ci-upstream-linux-next-kasan-gce-root ci-upstream-net-kasan-gce ci-upstream-net-this-kasan-gce ci2-upstream-kcsan-gce ci2-upstream-usb], missing on: [ci-qemu2-arm32 ci-upstream-kmsan-gce ci-upstream-kmsan-gce-386]
First crash: 71d, last: 58d

Cause bisection: introduced by (bisect log) :
commit 56dd525abd56f7acd7b44a52935726e3ada4916c
Author: Xin Long <lucien.xin@gmail.com>
Date: Mon Aug 19 14:02:49 2019 +0000

  sctp: add SCTP_AUTH_SUPPORTED sockopt

Crash: KASAN: use-after-free Read in sctp_packet_append_chunk (log)
Repro: C syz .config

Sample crash report:

Crashes (4):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci-upstream-net-this-kasan-gce 2021/07/20 08:29 net 6f20c8adb181 bc48c9ab .config log report syz C KASAN: use-after-free Write in sctp_auth_shkey_hold
ci-upstream-net-kasan-gce 2021/07/20 08:05 net-next 0d6835ffe50c bc48c9ab .config log report syz C KASAN: use-after-free Write in sctp_auth_shkey_hold
ci-upstream-net-kasan-gce 2021/07/20 07:35 net-next 0d6835ffe50c bc48c9ab .config log report info KASAN: use-after-free Write in sctp_auth_shkey_hold
ci-upstream-net-kasan-gce 2021/07/07 13:42 net-next 5e437416ff66 4846d5c1 .config log report info KASAN: use-after-free Write in sctp_auth_shkey_hold