kernel panic: stack is corrupted in udp4_lib

[upstream] kernel panic: stack is corrupted in udp4_lib_lookup2
Status: upstream: reported on 2019/01/03 13:07
Reported-by: syzbot+4ad25edc7a33e4ab91e0@syzkaller.appspotmail.com
Commits: fou6: Prevent unbounded recursion in GUE error handler
Patched on: [ci-upstream-bpf-kasan-gce ci-upstream-bpf-next-kasan-gce ci-upstream-gce-leak ci-upstream-kasan-gce ci-upstream-kasan-gce-386 ci-upstream-kasan-gce-root ci-upstream-kasan-gce-selinux-root ci-upstream-kasan-gce-smack-root ci-upstream-linux-next-kasan-gce-root ci-upstream-net-kasan-gce ci-upstream-net-this-kasan-gce], missing on: [ci-upstream-kmsan-gce]
First: 18d, last: 18d

duplicates:
Title	Repro	Count	Last	Reported	Status
KASAN: stack-out-of-bounds Read in check_stack_object	syz	2	2d19h	11d	closed as dup on 2019/01/06 15:44
KASAN: stack-out-of-bounds Read in process_one_work		1	6d17h	3d16h	closed as dup on 2019/01/14 17:06
general protection fault in account_system_index_time (2)	C	12	2d18h	56d	closed as dup on 2019/01/04 11:13
KASAN: stack-out-of-bounds Read in corrupted (3)	C	5	3d20h	15d	closed as dup on 2019/01/04 11:23
kernel panic: stack is corrupted in lock_acquire		2	11d	13d	closed as dup on 2019/01/04 11:23
BUG: unable to handle kernel paging request in free_block (4)		1	6d07h	3d15h	closed as dup on 2019/01/14 17:27
kernel panic: stack is corrupted in rb_erase		1	7d08h	7d07h	closed as dup on 2019/01/11 08:03
WARNING in mem_cgroup_update_lru_size	C	2	13d	16d	closed as dup on 2019/01/05 08:11
general protection fault in cpuacct_charge (2)		1	3d11h	2d16h	closed as dup on 2019/01/15 16:59
KASAN: stack-out-of-bounds Read in timerqueue_add (2)	C	4	7d21h	13d	closed as dup on 2019/01/04 16:39
KASAN: stack-out-of-bounds in update_curr	syz	1	14d	13d	closed as dup on 2019/01/04 16:37
kernel panic: stack is corrupted in ktime_get		3	10d	15d	closed as dup on 2019/01/04 11:21
BUG: corrupted list in account_entity_enqueue	C	9	10d	18d	closed as dup on 2019/01/04 11:12
kernel panic: corrupted stack end detected inside scheduler (3)	C	1958	18d	169d	closed as dup on 2019/01/04 11:19
kernel panic: stack is corrupted in perf_prepare_sample		1	13d	13d	closed as dup on 2019/01/06 13:27
kernel panic: stack is corrupted in lock_release		4	13d	15d	closed as dup on 2019/01/04 11:20
KASAN: stack-out-of-bounds Read in swake_up_one	syz	1	6d04h	3d15h	closed as dup on 2019/01/14 17:27
KASAN: use-after-scope Read in corrupted	C	2	6d08h	3d04h	closed as dup on 2019/01/15 07:26
kernel panic: stack is corrupted in __lock_acquire		9	3d11h	15d	closed as dup on 2019/01/04 11:22
general protection fault in timerqueue_add (2)		2	11d	13d	closed as dup on 2019/01/04 16:41
kernel panic: stack is corrupted in rcu_dynticks_curr_cpu_in_eqs	syz	156	2d16h	15d	closed as dup on 2019/01/04 11:13
KASAN: stack-out-of-bounds Read in select_idle_sibling		2	20d	17d	closed as dup on 2019/01/04 11:22
kernel panic: stack is corrupted in trace_hardirqs_off		1	16d	15d	closed as dup on 2019/01/04 11:21

Sample crash report:

protocol 88fb is buggy, dev hsr_slave_1
protocol 88fb is buggy, dev hsr_slave_0
protocol 88fb is buggy, dev hsr_slave_1
FAT-fs (loop0): invalid media value (0x00)
FAT-fs (loop0): Can't find a valid FAT filesystem
Kernel panic - not syncing: stack-protector: Kernel stack is corrupted in: udp4_lib_lookup2+0x7ea/0x7f0 net/ipv4/udp.c:455
CPU: 1 PID: 17960 Comm: syz-executor2 Not tainted 4.20.0+ #176
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
Kernel Offset: disabled
Rebooting in 86400 seconds..

All crashes (11):
Manager	Time	Kernel	Commit	Syzkaller	Config	Log	Report	Maintainers
ci-upstream-kasan-gce-selinux-root	2018/12/30 12:05	upstream	19530313	9942de5f	.config	log	report	davem@davemloft.net, kuznet@ms2.inr.ac.ru, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, yoshfuji@linux-ipv6.org
ci-upstream-kasan-gce-root	2018/12/31 00:38	upstream	19530313	2b42fdc8	.config	log	report	davem@davemloft.net, kuznet@ms2.inr.ac.ru, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, yoshfuji@linux-ipv6.org
ci-upstream-kasan-gce-smack-root	2018/12/30 23:54	upstream	19530313	2b42fdc8	.config	log	report	davem@davemloft.net, kuznet@ms2.inr.ac.ru, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, yoshfuji@linux-ipv6.org
ci-upstream-kasan-gce	2018/12/30 13:57	upstream	19530313	9942de5f	.config	log	report	davem@davemloft.net, kuznet@ms2.inr.ac.ru, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, yoshfuji@linux-ipv6.org
ci-upstream-net-this-kasan-gce	2018/12/31 03:07	net	c4335704	2b42fdc8	.config	log	report	davem@davemloft.net, kuznet@ms2.inr.ac.ru, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, yoshfuji@linux-ipv6.org
ci-upstream-net-kasan-gce	2018/12/30 14:13	net-next	b71acb0e	9942de5f	.config	log	report	davem@davemloft.net, kuznet@ms2.inr.ac.ru, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, yoshfuji@linux-ipv6.org
ci-upstream-net-kasan-gce	2018/12/30 12:00	net-next	b71acb0e	9942de5f	.config	log	report	davem@davemloft.net, kuznet@ms2.inr.ac.ru, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, yoshfuji@linux-ipv6.org
ci-upstream-net-kasan-gce	2018/12/30 11:45	net-next	b71acb0e	9942de5f	.config	log	report	davem@davemloft.net, kuznet@ms2.inr.ac.ru, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, yoshfuji@linux-ipv6.org
ci-upstream-linux-next-kasan-gce-root	2018/12/31 00:01	linux-next	6a1d2932	2b42fdc8	.config	log	report	davem@davemloft.net, kuznet@ms2.inr.ac.ru, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, yoshfuji@linux-ipv6.org
ci-upstream-linux-next-kasan-gce-root	2018/12/30 12:09	linux-next	6a1d2932	9942de5f	.config	log	report	davem@davemloft.net, kuznet@ms2.inr.ac.ru, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, yoshfuji@linux-ipv6.org
ci-upstream-linux-next-kasan-gce-root	2018/12/30 12:08	linux-next	6a1d2932	9942de5f	.config	log	report	davem@davemloft.net, kuznet@ms2.inr.ac.ru, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, yoshfuji@linux-ipv6.org