syzbot


KASAN: stack-out-of-bounds Read in gue_err_proto_handler

Status: fixed on 2019/03/06 07:43
Subsystems: net
[Documentation on labels]
Fix commit: 44039e00171b fou6: Prevent unbounded recursion in GUE error handler
First crash: 2126d, last: 2126d

Sample crash report:
==================================================================
BUG: KASAN: stack-out-of-bounds in debug_lockdep_rcu_enabled.part.0+0x50/0x60 kernel/rcu/update.c:249
Read of size 4 at addr ffff8880a9eb8cbc by task ‹ëŠ€ˆ˙˙Ž3h˙˙˙˙ŔőŁ‰˙˙˙˙eq=í˙˙â;‰˙˙˙˙źŒëŠ€ˆ˙˙č‹ëŠ€ˆ˙˙. h˙˙˙˙łŠľA/128960

CPU: 1 PID: 128960 Comm:  Not tainted 4.20.0+ #3
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x1db/0x2d0 lib/dump_stack.c:113
 print_address_description.cold+0x7c/0x20d mm/kasan/report.c:256
 kasan_report_error mm/kasan/report.c:354 [inline]
 kasan_report mm/kasan/report.c:412 [inline]
 kasan_report.cold+0x8c/0x2ba mm/kasan/report.c:396
 __asan_report_load4_noabort+0x14/0x20 mm/kasan/report.c:432
 debug_lockdep_rcu_enabled.part.0+0x50/0x60 kernel/rcu/update.c:249
 debug_lockdep_rcu_enabled+0x71/0xa0 kernel/rcu/update.c:248
 gue_err_proto_handler+0xd9/0x240 net/ipv4/fou.c:1009
 gue_err+0x4af/0x680 net/ipv4/fou.c:1072
 __udp4_lib_err_encap_no_sk net/ipv4/udp.c:569 [inline]
 __udp4_lib_err_encap net/ipv4/udp.c:624 [inline]
 __udp4_lib_err+0xd16/0x1590 net/ipv4/udp.c:663
 udplite_err+0x25/0x30 net/ipv4/udplite.c:30
 gue_err_proto_handler+0x163/0x240 net/ipv4/fou.c:1012
 gue_err+0x4af/0x680 net/ipv4/fou.c:1072
 __udp4_lib_err_encap_no_sk net/ipv4/udp.c:569 [inline]
 __udp4_lib_err_encap net/ipv4/udp.c:624 [inline]
 __udp4_lib_err+0xd16/0x1590 net/ipv4/udp.c:663
[   68.453374] list_del corruption. prev->next should be ffff8880a7a30370, but was ffffffff8b51d4ef

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2019/01/07 18:02 net-next-old b71acb0e3721 69d69aa9 .config console log report syz C ci-upstream-net-kasan-gce
* Struck through repros no longer work on HEAD.