KASAN: stack-out-of-bounds Read in gue_err_proto

[upstream] KASAN: stack-out-of-bounds Read in gue_err_proto_handler
Status: internal: reported C repro on 2019/01/07 19:03
Reported-by: syzbot+@syzkaller.appspotmail.com
Commits: fou6: Prevent unbounded recursion in GUE error handler
Patched on: [ci-upstream-bpf-kasan-gce ci-upstream-bpf-next-kasan-gce ci-upstream-gce-leak ci-upstream-kasan-gce ci-upstream-kasan-gce-386 ci-upstream-kasan-gce-root ci-upstream-kasan-gce-selinux-root ci-upstream-kasan-gce-smack-root ci-upstream-linux-next-kasan-gce-root ci-upstream-net-kasan-gce ci-upstream-net-this-kasan-gce], missing on: [ci-upstream-kmsan-gce]
First: 10d, last: 10d

Sample crash report:

==================================================================
BUG: KASAN: stack-out-of-bounds in debug_lockdep_rcu_enabled.part.0+0x50/0x60 kernel/rcu/update.c:249
Read of size 4 at addr ffff8880a9eb8cbc by task ‹ë©€ˆÿÿ®3hÿÿÿÿÀõ£‰ÿÿÿÿeq=íÿÿâ;‰ÿÿÿÿ¼Œë©€ˆÿÿè‹ë©€ˆÿÿ. hÿÿÿÿ³ŠµA/128960

CPU: 1 PID: 128960 Comm:  Not tainted 4.20.0+ #3
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x1db/0x2d0 lib/dump_stack.c:113
 print_address_description.cold+0x7c/0x20d mm/kasan/report.c:256
 kasan_report_error mm/kasan/report.c:354 [inline]
 kasan_report mm/kasan/report.c:412 [inline]
 kasan_report.cold+0x8c/0x2ba mm/kasan/report.c:396
 __asan_report_load4_noabort+0x14/0x20 mm/kasan/report.c:432
 debug_lockdep_rcu_enabled.part.0+0x50/0x60 kernel/rcu/update.c:249
 debug_lockdep_rcu_enabled+0x71/0xa0 kernel/rcu/update.c:248
 gue_err_proto_handler+0xd9/0x240 net/ipv4/fou.c:1009
 gue_err+0x4af/0x680 net/ipv4/fou.c:1072
 __udp4_lib_err_encap_no_sk net/ipv4/udp.c:569 [inline]
 __udp4_lib_err_encap net/ipv4/udp.c:624 [inline]
 __udp4_lib_err+0xd16/0x1590 net/ipv4/udp.c:663
 udplite_err+0x25/0x30 net/ipv4/udplite.c:30
 gue_err_proto_handler+0x163/0x240 net/ipv4/fou.c:1012
 gue_err+0x4af/0x680 net/ipv4/fou.c:1072
 __udp4_lib_err_encap_no_sk net/ipv4/udp.c:569 [inline]
 __udp4_lib_err_encap net/ipv4/udp.c:624 [inline]
 __udp4_lib_err+0xd16/0x1590 net/ipv4/udp.c:663
[   68.453374] list_del corruption. prev->next should be ffff8880a7a30370, but was ffffffff8b51d4ef

All crashes (1):
Manager	Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro	Maintainers
ci-upstream-net-kasan-gce	2019/01/07 18:02	net-next	b71acb0e	69d69aa9	.config	log	report	syz	C	davem@davemloft.net, kuznet@ms2.inr.ac.ru, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, yoshfuji@linux-ipv6.org