syzbot

 sign-in | mailing list | source | docs
🐞 Open [717] 🐞 Fixed [181] 🐞 Invalid [640] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

WARNING in xfrm_policy_insert

Status: fixed on 2020/06/15 08:02
Reported-by: syzbot+019bd01a00a906c42580@syzkaller.appspotmail.com
Fix commit: 1cd914b02b5a xfrm: fix a warning in xfrm_policy_insert_list
First crash: 1561d, last: 1302d
Fix bisection: fixed by (bisect log) :
commit 1cd914b02b5ae999b04f44871f39dde4bffde96e
Author: Xin Long <lucien.xin@gmail.com>
Date: Mon May 25 05:53:37 2020 +0000

  xfrm: fix a warning in xfrm_policy_insert_list

  
Similar bugs (5)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream WARNING in xfrm_policy_insert net C inconclusive done 6 1271d 2124d 17/25 fixed on 2020/07/28 19:58
linux-4.19 WARNING in xfrm_policy_insert C error 8 1294d 1543d 0/1 upstream: reported C repro on 2019/09/17 18:21
android-414 WARNING in xfrm_policy_insert C 7 1466d 1554d 0/1 public: reported C repro on 2019/09/06 10:33
android-44 WARNING in xfrm_policy_insert C 13 1507d 1700d 0/2 public: reported C repro on 2019/04/14 00:02
android-49 WARNING in xfrm_policy_insert C 27 1467d 1700d 0/3 public: reported C repro on 2019/04/14 00:00
Fix bisection attempts (7)
Created Duration User Patch Repo Result
2020/06/14 20:37 3h42m bisect fix linux-4.14.y job log (1)
2020/05/15 19:57 39m bisect fix linux-4.14.y job log (0) log
2020/04/15 19:18 38m bisect fix linux-4.14.y job log (0) log
2020/03/16 18:40 38m bisect fix linux-4.14.y job log (0) log
2020/02/15 02:37 23m bisect fix linux-4.14.y job log (0) log
2020/01/16 00:48 24m bisect fix linux-4.14.y job log (0) log
2019/12/16 19:04 23m bisect fix linux-4.14.y job log (0) log

Sample crash report:
netlink: 11579 bytes leftover after parsing attributes in process `syz-executor.1'.
netlink: 11579 bytes leftover after parsing attributes in process `syz-executor.2'.
netlink: 11579 bytes leftover after parsing attributes in process `syz-executor.0'.
------------[ cut here ]------------
WARNING: CPU: 1 PID: 8026 at net/xfrm/xfrm_policy.c:752 xfrm_policy_insert+0x679/0x11e0 net/xfrm/xfrm_policy.c:752
Kernel panic - not syncing: panic_on_warn set ...

CPU: 1 PID: 8026 Comm: syz-executor.4 Not tainted 4.14.171-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0x142/0x197 lib/dump_stack.c:58
 panic+0x1f9/0x42d kernel/panic.c:183
 __warn.cold+0x2f/0x2f kernel/panic.c:547
 report_bug+0x216/0x254 lib/bug.c:186
 fixup_bug arch/x86/kernel/traps.c:177 [inline]
 fixup_bug arch/x86/kernel/traps.c:172 [inline]
 do_error_trap+0x1bb/0x310 arch/x86/kernel/traps.c:295
 do_invalid_op+0x1b/0x20 arch/x86/kernel/traps.c:314
 invalid_op+0x1b/0x40 arch/x86/entry/entry_64.S:963
RIP: 0010:xfrm_policy_insert+0x679/0x11e0 net/xfrm/xfrm_policy.c:752
RSP: 0018:ffff88809b2876a8 EFLAGS: 00010297
RAX: ffff8880972ba400 RBX: ffff88809b85a900 RCX: 0000000000000000
RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff88809b85ab30
RBP: ffff88809b287740 R08: 00000000000055bb R09: ffffffff8957a658
R10: ffff8880972baca8 R11: ffff8880972ba400 R12: dffffc0000000000
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
 xfrm_add_policy+0x22d/0x4d0 net/xfrm/xfrm_user.c:1623
 xfrm_user_rcv_msg+0x3c9/0x690 net/xfrm/xfrm_user.c:2613
 netlink_rcv_skb+0x14f/0x3c0 net/netlink/af_netlink.c:2432
 xfrm_netlink_rcv+0x70/0x90 net/xfrm/xfrm_user.c:2621
 netlink_unicast_kernel net/netlink/af_netlink.c:1286 [inline]
 netlink_unicast+0x44d/0x650 net/netlink/af_netlink.c:1312
 netlink_sendmsg+0x7c4/0xc60 net/netlink/af_netlink.c:1877
 sock_sendmsg_nosec net/socket.c:646 [inline]
 sock_sendmsg+0xce/0x110 net/socket.c:656
 SYSC_sendto+0x206/0x310 net/socket.c:1763
 SyS_sendto+0x40/0x50 net/socket.c:1731
 do_syscall_64+0x1e8/0x640 arch/x86/entry/common.c:292
 entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x45c6c9
RSP: 002b:00007f49b5e08c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
RAX: ffffffffffffffda RBX: 00007f49b5e096d4 RCX: 000000000045c6c9
RDX: 000000000000ff3b RSI: 0000000020000000 RDI: 0000000000000005
RBP: 000000000076bf20 R08: 0000000000000000 R09: fffffffffffffd62
R10: 0f00000000000000 R11: 0000000000000246 R12: 00000000ffffffff
R13: 00000000000009d6 R14: 00000000004cc793 R15: 000000000076bf2c
Kernel Offset: disabled
Rebooting in 86400 seconds..

Crashes (8):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2020/02/15 18:40 linux-4.14.y 98db2bf27b9e 5d7b90f1 .config console log report syz ci2-linux-4-14
2019/09/29 15:04 linux-4.14.y f6e27dbb1afa c1ad5441 .config console log report syz ci2-linux-4-14
2019/09/26 16:06 linux-4.14.y f6e27dbb1afa 24d405a3 .config console log report syz ci2-linux-4-14
2019/09/23 10:20 linux-4.14.y f6e27dbb1afa d96e88f3 .config console log report syz ci2-linux-4-14
2019/09/06 13:52 linux-4.14.y 414510bc00a5 c16be727 .config console log report syz ci2-linux-4-14
2020/02/15 17:22 linux-4.14.y 98db2bf27b9e 5d7b90f1 .config console log report ci2-linux-4-14
2019/09/26 15:14 linux-4.14.y f6e27dbb1afa 24d405a3 .config console log report ci2-linux-4-14
2019/08/31 05:43 linux-4.14.y 01fd1694b93c bcd7bcc2 .config console log report ci2-linux-4-14
* Struck through repros no longer work on HEAD.