syzbot


KASAN: slab-out-of-bounds Write in setup_udp_tunnel_sock (2)
Status: fixed on 2020/02/18 14:31
Reported-by: syzbot+@syzkaller.appspotmail.com
Fix commit: 940ba1498665 net-backports: gtp: make sure only SOCK_DGRAM UDP sockets are accepted
First crash: 678d, last: 676d

Cause bisection: introduced by (bisect log) :
commit 382ae57d5e52a62e77d62e60e5be9a6526d40da0
Author: Ryder Lee <ryder.lee@mediatek.com>
Date: Fri Jan 20 05:41:10 2017 +0000

  crypto: mediatek - make crypto request queue management more generic

Crash: general protection fault in batadv_iv_ogm_queue_add (log)
Repro: C syz .config
similar bugs (4):
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-4.19 KASAN: slab-out-of-bounds Write in setup_udp_tunnel_sock C done 1 675d 675d 1/1 fixed on 2020/02/22 11:44
linux-4.14 KASAN: slab-out-of-bounds Write in setup_udp_tunnel_sock C done 1 675d 675d 1/1 fixed on 2020/02/23 20:58
upstream KASAN: slab-out-of-bounds Write in setup_udp_tunnel_sock C 4 1364d 1364d 4/22 fixed on 2018/03/23 18:14
upstream KASAN: slab-out-of-bounds Write in setup_udp_tunnel_sock (3) 1 549d 549d 17/22 fixed on 2020/07/17 17:58

Sample crash report:

Crashes (8):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci-upstream-kasan-gce-selinux-root 2020/01/23 03:09 upstream dbab40bdb42c 3334d684 .config log report syz C
ci-upstream-kasan-gce-root 2020/01/22 20:40 upstream d96d875ef5dd 8eda0b95 .config log report syz C
ci-upstream-kasan-gce-smack-root 2020/01/21 20:15 upstream d96d875ef5dd 8eda0b95 .config log report syz C
ci-upstream-kasan-gce 2020/01/21 18:35 upstream d96d875ef5dd 8eda0b95 .config log report syz C
ci-upstream-net-this-kasan-gce 2020/01/21 04:15 net 7008ee121089 d2557fb5 .config log report syz C
ci-upstream-net-kasan-gce 2020/01/21 03:32 net-next b3f7e3f23a76 d2557fb5 .config log report syz C
ci-upstream-kasan-gce-386 2020/01/21 14:12 upstream d96d875ef5dd 8eda0b95 .config log report syz
ci-upstream-net-kasan-gce 2020/01/21 03:00 net-next b3f7e3f23a76 d2557fb5 .config log report