syzbot


kernel panic: stack is corrupted in validate_chain

Status: fixed on 2019/08/27 17:15
Subsystems: kernel
[Documentation on labels]
Reported-by: syzbot+6ba34346b252f2d497c7@syzkaller.appspotmail.com
Fix commit: 95fa145479fb bpf: sockmap/tls, close can race with map free
First crash: 1738d, last: 1738d
Cause bisection: introduced by (bisect log) :
commit e9db4ef6bf4ca9894bb324c76e01b8f1a16b2650
Author: John Fastabend <john.fastabend@gmail.com>
Date: Sat Jun 30 13:17:47 2018 +0000

  bpf: sockhash fix omitted bucket lock in sock_close

Crash: KASAN: use-after-free Write in bpf_tcp_close (log)
Repro: syz .config
  
Discussions (2)
Title Replies (including bot) Last reply
Reminder: 36 open syzbot bugs in "net/bpf" subsystem 1 (1) 2019/07/03 06:01
kernel panic: stack is corrupted in validate_chain 0 (2) 2019/06/26 04:41

Sample crash report:
Kernel panic - not syncing: stack-protector: Kernel stack is corrupted in: validate_chain+0x69fc/0x84f0 kernel/locking/lockdep.c:161
CPU: 0 PID: 8300 Comm: syz-executor.4 Not tainted 5.2.0-rc6+ #7
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
Shutting down cpus with NMI
Kernel Offset: disabled
Rebooting in 86400 seconds..

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2019/06/25 19:17 upstream 249155c20f9b 0a8d1a96 .config console log report syz ci-upstream-kasan-gce-smack-root
* Struck through repros no longer work on HEAD.