syzbot


kernel BUG in pfkey_send_acquire
Status: upstream: reported syz repro on 2021/01/17 15:19
Reported-by: syzbot+6de5df89079c9ffe8cac@syzkaller.appspotmail.com
First crash: 494d, last: 467d
similar bugs (15):
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream kernel BUG at net/core/skbuff.c:LINE! (3) C done 4399 458d 1575d 21/22 fixed on 2021/03/10 01:48
linux-4.19 kernel BUG in pfkey_send_acquire C done 56 465d 494d 1/1 fixed on 2021/03/18 08:30
linux-4.14 kernel BUG at net/core/skbuff.c:LINE! C 2843 27d 1140d 0/1 upstream: reported C repro on 2019/04/12 15:43
android-44 kernel BUG at net/core/skbuff.c:LINE! C 79 916d 1141d 0/2 public: reported C repro on 2019/04/11 08:44
linux-4.19 kernel BUG at net/core/skbuff.c:LINE! C unreliable 492 123d 1125d 0/1 upstream: reported C repro on 2019/04/27 20:12
upstream kernel BUG at net/core/skbuff.c:LINE! (2) C 562 1580d 1669d 4/22 fixed on 2018/01/29 03:39
android-5-10 kernel BUG in add_grec C error 83 59d 133d 2/2 fixed on 2022/03/29 10:01
android-54 kernel BUG at net/core/skbuff.c:LINE! C 191 1d20h 865d 0/2 upstream: reported C repro on 2020/01/12 09:43
android-414 kernel BUG at net/core/skbuff.c:LINE! C 2743 904d 1142d 0/1 public: reported C repro on 2019/04/11 00:00
android-5-10 kernel BUG in add_grec (2) 227 2h35m 58d 0/2 premoderation: reported on 2022/03/29 11:58
android-5-10 kernel BUG in cdc_ncm_fill_tx_frame C error 40 152d 217d 1/2 fixed on 2021/12/29 12:20
upstream kernel BUG at net/core/skbuff.c:LINE! 5 1675d 1746d 3/22 fixed on 2017/10/27 10:10
upstream kernel BUG in llc_sap_action_send_xid_c C error 61 198d 412d 22/22 fixed on 2021/11/10 00:50
upstream kernel BUG in pskb_expand_head C done 68 5d18h 192d 16/22 upstream: reported C repro on 2021/11/15 08:38
android-49 kernel BUG at net/core/skbuff.c:LINE! C 391 905d 1141d 0/3 public: reported C repro on 2019/04/12 00:00

Sample crash report:
skbuff: skb_over_panic: text:00000000dc1b3dfa len:736 put:72 head:000000001fe18f9d data:000000001fe18f9d tail:0x2e0 end:0x2c0 dev:<NULL>
------------[ cut here ]------------
kernel BUG at net/core/skbuff.c:109!
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
CPU: 1 PID: 439 Comm: syz-executor.5 Not tainted 5.4.92-syzkaller-00491-g73d140dc8abe #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:skb_panic+0x14d/0x150 net/core/skbuff.c:105
Code: 48 8b 74 24 08 48 8b 54 24 10 8b 0c 24 44 8b 44 24 04 49 89 e9 b8 00 00 00 00 53 41 55 41 54 41 57 e8 03 1a dc fd 48 83 c4 20 <0f> 0b 90 55 41 57 41 56 41 55 41 54 53 48 83 ec 70 4c 89 cb 4c 89
RSP: 0018:ffff8881e51c6ca0 EFLAGS: 00010286
RAX: 0000000000000088 RBX: ffffffff8529fbde RCX: d56ea109826bdf00
RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000
RBP: ffff8881e5132000 R08: ffffffff814e45f1 R09: ffffed103ee25e08
R10: ffffed103ee25e08 R11: 0000000000000000 R12: 00000000000002e0
R13: 00000000000002c0 R14: dffffc0000000000 R15: ffff8881e5132000
FS:  00007f3c31075700(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000000200089b8 CR3: 00000001e55a3000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 skb_over_panic+0x25/0x30 net/core/skbuff.c:114
 skb_put+0x1e0/0x1e0 net/core/skbuff.c:1873
 dump_esp_combs net/key/af_key.c:3006 [inline]
 pfkey_send_acquire+0x18ee/0x2d60 net/key/af_key.c:3227
 km_query net/xfrm/xfrm_state.c:2200 [inline]
 xfrm_state_find+0x2e3f/0x4820 net/xfrm/xfrm_state.c:1136
 xfrm_tmpl_resolve_one net/xfrm/xfrm_policy.c:2381 [inline]
 xfrm_tmpl_resolve net/xfrm/xfrm_policy.c:2426 [inline]
 xfrm_resolve_and_create_bundle+0x6a3/0x2ec0 net/xfrm/xfrm_policy.c:2717
 xfrm_lookup_with_ifid+0x93c/0x2080 net/xfrm/xfrm_policy.c:3040
 xfrm_lookup net/xfrm/xfrm_policy.c:3164 [inline]
 xfrm_lookup_route+0x37/0x170 net/xfrm/xfrm_policy.c:3175
 ip_route_output_flow+0x20c/0x340 net/ipv4/route.c:2733
 udp_sendmsg+0x180c/0x2f60 net/ipv4/udp.c:1147
 sock_sendmsg_nosec net/socket.c:638 [inline]
 sock_sendmsg net/socket.c:658 [inline]
 ____sys_sendmsg+0x587/0x8d0 net/socket.c:2298
 ___sys_sendmsg net/socket.c:2352 [inline]
 __sys_sendmmsg+0x39a/0x700 net/socket.c:2455
 __do_sys_sendmmsg net/socket.c:2484 [inline]
 __se_sys_sendmmsg net/socket.c:2481 [inline]
 __x64_sys_sendmmsg+0x9c/0xb0 net/socket.c:2481
 do_syscall_64+0xcb/0x150 arch/x86/entry/common.c:290
 entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x45e219
Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007f3c31074c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000000045e219
RDX: 000000000800001d RSI: 0000000020007fc0 RDI: 0000000000000003
RBP: 000000000119c070 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 000000000119c034
R13: 00007fffa52f145f R14: 00007f3c310759c0 R15: 000000000119c034
Modules linked in:
RIP: 0010:skb_panic+0x14d/0x150 net/core/skbuff.c:105
Code: 48 8b 74 24 08 48 8b 54 24 10 8b 0c 24 44 8b 44 24 04 49 89 e9 b8 00 00 00 00 53 41 55 41 54 41 57 e8 03 1a dc fd 48 83 c4 20 <0f> 0b 90 55 41 57 41 56 41 55 41 54 53 48 83 ec 70 4c 89 cb 4c 89
RSP: 0018:ffff8881e51c6ca0 EFLAGS: 00010286
RAX: 0000000000000088 RBX: ffffffff8529fbde RCX: d56ea109826bdf00
RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000
RBP: ffff8881e5132000 R08: ffffffff814e45f1 R09: ffffed103ee25e08
R10: ffffed103ee25e08 R11: 0000000000000000 R12: 00000000000002e0
R13: 00000000000002c0 R14: dffffc0000000000 R15: ffff8881e5132000
FS:  00007f3c31075700(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f3c31053db8 CR3: 00000001e55a3000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400

Crashes (32):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci2-android-5-4-kasan 2021/01/27 07:52 android12-5.4 73d140dc8abe a0ebf917 .config log report syz kernel BUG in pfkey_send_acquire
ci2-android-5-4-kasan 2021/01/27 02:39 android12-5.4 73d140dc8abe 55a7d4df .config log report syz kernel BUG in pfkey_send_acquire
ci2-android-5-4-kasan 2021/02/14 03:54 android12-5.4 dbfedfa31471 98682e5e .config log report info kernel BUG in pfkey_send_acquire
ci2-android-5-4-kasan 2021/02/13 18:31 android12-5.4 dbfedfa31471 98682e5e .config log report info kernel BUG in pfkey_send_acquire
ci2-android-5-4-kasan 2021/02/13 17:22 android12-5.4 dbfedfa31471 98682e5e .config log report info kernel BUG in pfkey_send_acquire
ci2-android-5-4-kasan 2021/02/13 16:42 android12-5.4 dbfedfa31471 98682e5e .config log report info kernel BUG in pfkey_send_acquire
ci2-android-5-4-kasan 2021/02/13 07:25 android12-5.4 dbfedfa31471 98682e5e .config log report info kernel BUG in pfkey_send_acquire
ci2-android-5-4-kasan 2021/02/13 02:25 android12-5.4 57b3f4830fb6 98682e5e .config log report info kernel BUG in pfkey_send_acquire
ci2-android-5-4-kasan 2021/02/12 17:15 android12-5.4 57b3f4830fb6 a5f86b15 .config log report info kernel BUG in pfkey_send_acquire
ci2-android-5-4-kasan 2021/02/11 11:37 android12-5.4 82c67a98c749 a52ee10a .config log report info kernel BUG in pfkey_send_acquire
ci2-android-5-4-kasan 2021/02/11 11:19 android12-5.4 82c67a98c749 a52ee10a .config log report info kernel BUG in pfkey_send_acquire
ci2-android-5-4-kasan 2021/02/09 12:46 android12-5.4 7a1cafd7d4ac 2bd9619f .config log report info kernel BUG in pfkey_send_acquire
ci2-android-5-4-kasan 2021/02/06 14:34 android12-5.4 3e99096f6219 0655e081 .config log report info kernel BUG in pfkey_send_acquire
ci2-android-5-4-kasan 2021/02/04 02:49 android12-5.4 1e5f5a14faba 624dad51 .config log report info kernel BUG in pfkey_send_acquire
ci2-android-5-4-kasan 2021/02/03 00:19 android12-5.4 1e5f5a14faba 624dad51 .config log report info kernel BUG in pfkey_send_acquire
ci2-android-5-4-kasan 2021/02/02 09:49 android12-5.4 1e5f5a14faba 19e09687 .config log report info kernel BUG in pfkey_send_acquire
ci2-android-5-4-kasan 2021/02/01 16:09 android12-5.4 1e5f5a14faba e6b95f32 .config log report info kernel BUG in pfkey_send_acquire
ci2-android-5-4-kasan 2021/01/28 10:29 android12-5.4 5f5bfa0cfcb5 eefc07f2 .config log report info kernel BUG in pfkey_send_acquire
ci2-android-5-4-kasan 2021/01/27 19:49 android12-5.4 eb4c92393810 a57db36f .config log report info kernel BUG in pfkey_send_acquire
ci2-android-5-4-kasan 2021/01/27 09:33 android12-5.4 3bd26bb0aaee a0ebf917 .config log report info kernel BUG in pfkey_send_acquire
ci2-android-5-4-kasan 2021/01/27 06:17 android12-5.4 73d140dc8abe a0ebf917 .config log report info kernel BUG in pfkey_send_acquire
ci2-android-5-4-kasan 2021/01/27 06:13 android12-5.4 73d140dc8abe a0ebf917 .config log report info kernel BUG in pfkey_send_acquire
ci2-android-5-4-kasan 2021/01/27 02:23 android12-5.4 73d140dc8abe 55a7d4df .config log report info kernel BUG in pfkey_send_acquire
ci2-android-5-4-kasan 2021/01/26 14:07 android12-5.4 ecfe49f9ef4c 52e37319 .config log report info kernel BUG in pfkey_send_acquire
ci2-android-5-4-kasan 2021/01/26 00:55 android12-5.4 18b1db92afb1 52e37319 .config log report info kernel BUG in pfkey_send_acquire
ci2-android-5-4-kasan 2021/01/25 16:01 android12-5.4 18b1db92afb1 52e37319 .config log report info kernel BUG in pfkey_send_acquire
ci2-android-5-4-kasan 2021/01/24 08:34 android12-5.4 18b1db92afb1 52e37319 .config log report info kernel BUG in pfkey_send_acquire
ci2-android-5-4-kasan 2021/01/21 22:15 android12-5.4 15cec007c4a8 d4f4eca5 .config log report info kernel BUG in pfkey_send_acquire
ci2-android-5-4-kasan 2021/01/21 04:56 android12-5.4 8fb07f60a84d d4f4eca5 .config log report info kernel BUG in pfkey_send_acquire
ci2-android-5-4-kasan 2021/01/19 15:01 android12-5.4 445b69a6f3d9 63631df1 .config log report info kernel BUG in pfkey_send_acquire
ci2-android-5-4-kasan 2021/01/19 00:37 android12-5.4 41724582d2a8 63631df1 .config log report info kernel BUG in pfkey_send_acquire
ci2-android-5-4-kasan 2021/01/17 15:18 android12-5.4 dc04463953b2 fd103621 .config log report info kernel BUG in pfkey_send_acquire