syzbot


KASAN: vmalloc-out-of-bounds Read in htab_free_elems
Status: fixed on 2021/03/10 01:48
Reported-by: syzbot+@syzkaller.appspotmail.com
Fix commit: e1868b9e36d0 bpf: Avoid overflows involving hash elem_size
First crash: 364d, last: 363d

Cause bisection: introduced by (bisect log) [no-op commit]:
commit 024cd2cbd1ca2d29e6df538855d52c4e5990cab7
Author: Santucci Pierpaolo <santucci@epigenesys.com>
Date: Mon Nov 16 10:30:37 2020 +0000

  selftest/bpf: Fix IPV6FR handling in flow dissector

Crash: BUG: sleeping function called from invalid context in sta_info_move_state (log)
Repro: C syz .config

Sample crash report:

Crashes (7):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci-upstream-net-kasan-gce 2020/12/07 02:02 net-next 4054eebf0fb0 c521566d .config log report syz C
ci-upstream-bpf-next-kasan-gce 2020/12/07 01:46 bpf-next 34da87213d3d c521566d .config log report syz C
ci-upstream-net-kasan-gce 2020/12/07 02:53 net-next 4054eebf0fb0 c521566d .config log report info
ci-upstream-bpf-next-kasan-gce 2020/12/07 02:45 bpf-next 34da87213d3d c521566d .config log report info
ci-upstream-bpf-next-kasan-gce 2020/12/07 01:25 bpf-next 34da87213d3d c521566d .config log report info
ci-upstream-net-kasan-gce 2020/12/05 22:21 net-next bcd684aace34 50503117 .config log report info
ci-upstream-bpf-next-kasan-gce 2020/12/05 22:16 bpf-next 34da87213d3d 50503117 .config log report info