syzbot


kernel BUG in pfkey_send_acquire

Status: upstream: reported C repro on 2021/01/17 15:19
Reported-by: syzbot+6de5df89079c9ffe8cac@syzkaller.appspotmail.com
First crash: 677d, last: 13d
similar bugs (17):
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
android-5-15 kernel BUG in pfkey_send_acquire syz unreliable 35 13d 47d 0/2 premoderation: reported syz repro on 2022/10/09 17:25
android-5-10 kernel BUG in add_grec (2) C error 1039 2d15h 2d15h 0/2 upstream: reported C repro on 2022/11/23 16:35
upstream kernel BUG at net/core/skbuff.c:LINE! (3) C done 4399 641d 1758d 21/24 fixed on 2021/03/10 01:48
linux-4.19 kernel BUG in pfkey_send_acquire C done 56 648d 677d 1/1 fixed on 2021/03/18 08:30
linux-4.14 kernel BUG at net/core/skbuff.c:LINE! C 3065 15d 1323d 0/1 upstream: reported C repro on 2019/04/12 15:43
upstream kernel BUG in pskb_expand_head C done 1174 1d11h 375d 1/24 upstream: reported C repro on 2021/11/15 08:38
android-44 kernel BUG at net/core/skbuff.c:LINE! C 79 1099d 1324d 0/2 public: reported C repro on 2019/04/11 08:44
linux-4.19 kernel BUG at net/core/skbuff.c:LINE! C unreliable 494 89d 1308d 0/1 upstream: reported C repro on 2019/04/27 20:12
upstream kernel BUG at net/core/skbuff.c:LINE! (2) C 562 1763d 1852d 4/24 fixed on 2018/01/29 03:39
android-5-10 kernel BUG in add_grec C error 83 242d 316d 2/2 fixed on 2022/03/29 10:01
android-54 kernel BUG at net/core/skbuff.c:LINE! C 240 2d15h 1048d 0/2 upstream: reported C repro on 2020/01/12 09:43
android-414 kernel BUG at net/core/skbuff.c:LINE! C 2743 1087d 1325d 0/1 public: reported C repro on 2019/04/11 00:00
upstream kernel BUG in netem_enqueue 8 10d 205d 23/24 internal: reported on 2022/05/04 17:12
android-5-10 kernel BUG in cdc_ncm_fill_tx_frame C error 40 335d 400d 1/2 fixed on 2021/12/29 12:20
upstream kernel BUG at net/core/skbuff.c:LINE! 5 1858d 1929d 3/24 fixed on 2017/10/27 10:10
upstream kernel BUG in llc_sap_action_send_xid_c C error 61 381d 595d 22/24 fixed on 2021/11/10 00:50
android-49 kernel BUG at net/core/skbuff.c:LINE! C 391 1088d 1324d 0/3 public: reported C repro on 2019/04/12 00:00

Sample crash report:
skbuff: skb_over_panic: text:ffffffff83bf4035 len:664 put:72 head:ffff8881ef78c800 data:ffff8881ef78c800 tail:0x298 end:0x280 dev:<NULL>
------------[ cut here ]------------
kernel BUG at net/core/skbuff.c:109!
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
CPU: 0 PID: 363 Comm: syz-executor195 Not tainted 5.4.197-syzkaller-00005-g704c7d053806 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022
RIP: 0010:skb_panic+0x14a/0x150 net/core/skbuff.c:105
Code: f2 ee 84 48 8b 74 24 08 48 8b 54 24 10 8b 0c 24 44 8b 44 24 04 49 89 e9 31 c0 53 41 55 41 54 41 57 e8 bf 62 c5 00 48 83 c4 20 <0f> 0b 0f 1f 40 00 55 41 57 41 56 41 55 41 54 53 48 83 ec 68 4d 89
RSP: 0018:ffff8881da6af350 EFLAGS: 00010286
RAX: 0000000000000088 RBX: ffffffff84eef280 RCX: a947b947f9301200
RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000
RBP: ffff8881ef78c800 R08: ffffffff814a983a R09: ffffed103edcaa08
R10: ffffed103edcaa08 R11: 1ffff1103edcaa07 R12: 0000000000000298
R13: 0000000000000280 R14: dffffc0000000000 R15: ffff8881ef78c800
FS:  00007f195de90700(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000000200d2030 CR3: 00000001da441000 CR4: 00000000003406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 skb_over_panic net/core/skbuff.c:114 [inline]
 skb_put+0x148/0x1f0 net/core/skbuff.c:1877
 dump_esp_combs net/key/af_key.c:3010 [inline]
 pfkey_send_acquire+0x18f5/0x2cf0 net/key/af_key.c:3231
 km_query+0x79/0xe0 net/xfrm/xfrm_state.c:2206
 xfrm_state_find+0x2074/0x2de0 net/xfrm/xfrm_state.c:1135
 xfrm_tmpl_resolve_one net/xfrm/xfrm_policy.c:2397 [inline]
 xfrm_tmpl_resolve net/xfrm/xfrm_policy.c:2442 [inline]
 xfrm_resolve_and_create_bundle+0x68e/0x30e0 net/xfrm/xfrm_policy.c:2733
 xfrm_lookup_with_ifid+0xe65/0x2050 net/xfrm/xfrm_policy.c:3056
 xfrm_lookup net/xfrm/xfrm_policy.c:3180 [inline]
 xfrm_lookup_route+0x37/0x170 net/xfrm/xfrm_policy.c:3191
 ip_route_output_flow+0x19b/0x2a0 net/ipv4/route.c:2756
 udp_sendmsg+0x1446/0x2560 net/ipv4/udp.c:1154
 sock_sendmsg_nosec net/socket.c:638 [inline]
 sock_sendmsg net/socket.c:658 [inline]
 ____sys_sendmsg+0x4ee/0x7c0 net/socket.c:2287
 ___sys_sendmsg net/socket.c:2341 [inline]
 __sys_sendmmsg+0x32b/0x640 net/socket.c:2444
 __do_sys_sendmmsg net/socket.c:2473 [inline]
 __se_sys_sendmmsg net/socket.c:2470 [inline]
 __x64_sys_sendmmsg+0x9c/0xb0 net/socket.c:2470
 do_syscall_64+0xcb/0x1c0 arch/x86/entry/common.c:290
 entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x7f195df45579
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 a1 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f195de90308 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
RAX: ffffffffffffffda RBX: 00007f195dfce518 RCX: 00007f195df45579
RDX: 0400000000000354 RSI: 0000000020000180 RDI: 0000000000000005
RBP: 00007f195dfce510 R08: 0000000000000000 R09: 0000000000000000
R10: 000002873dedf99c R11: 0000000000000246 R12: 00007f195dfce51c
R13: 00007f195df9b554 R14: 0100000000000000 R15: 0000000000022000
Modules linked in:
---[ end trace b3ccfeb7ad2b0c33 ]---
RIP: 0010:skb_panic+0x14a/0x150 net/core/skbuff.c:105
Code: f2 ee 84 48 8b 74 24 08 48 8b 54 24 10 8b 0c 24 44 8b 44 24 04 49 89 e9 31 c0 53 41 55 41 54 41 57 e8 bf 62 c5 00 48 83 c4 20 <0f> 0b 0f 1f 40 00 55 41 57 41 56 41 55 41 54 53 48 83 ec 68 4d 89
RSP: 0018:ffff8881da6af350 EFLAGS: 00010286
RAX: 0000000000000088 RBX: ffffffff84eef280 RCX: a947b947f9301200
RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000
RBP: ffff8881ef78c800 R08: ffffffff814a983a R09: ffffed103edcaa08
R10: ffffed103edcaa08 R11: 1ffff1103edcaa07 R12: 0000000000000298
R13: 0000000000000280 R14: dffffc0000000000 R15: ffff8881ef78c800
FS:  00007f195de90700(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000000200d2030 CR3: 00000001da441000 CR4: 00000000003406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400

Crashes (278):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci2-android-5-4-kasan 2022/09/08 23:05 android12-5.4 704c7d053806 f3027468 .config log report syz C kernel BUG in pfkey_send_acquire
ci2-android-5-4-kasan 2022/10/12 23:50 android12-5.4 35e910266d44 16a9c9e0 .config log report syz kernel BUG in pfkey_send_acquire
ci2-android-5-4-kasan 2022/08/31 12:45 android12-5.4 f0306959ab7c 51e54e30 .config log report syz kernel BUG in pfkey_send_acquire
ci2-android-5-4-kasan 2021/01/27 07:52 android12-5.4 73d140dc8abe a0ebf917 .config log report syz kernel BUG in pfkey_send_acquire
ci2-android-5-4-kasan 2021/01/27 02:39 android12-5.4 73d140dc8abe 55a7d4df .config log report syz kernel BUG in pfkey_send_acquire
ci2-android-5-4-kasan 2022/11/12 23:51 android12-5.4 5a34019eb955 f42ee5d8 .config log report info kernel BUG in pfkey_send_acquire
ci2-android-5-4-kasan 2022/11/12 20:17 android12-5.4 5a34019eb955 f42ee5d8 .config log report info kernel BUG in pfkey_send_acquire
ci2-android-5-4-kasan 2022/11/12 18:32 android12-5.4 5a34019eb955 f42ee5d8 .config log report info kernel BUG in pfkey_send_acquire
ci2-android-5-4-kasan 2022/11/12 09:16 android12-5.4 5a34019eb955 f42ee5d8 .config log report info kernel BUG in pfkey_send_acquire
ci2-android-5-4-kasan 2022/11/11 21:25 android12-5.4 5a34019eb955 f42ee5d8 .config log report info kernel BUG in pfkey_send_acquire
ci2-android-5-4-kasan 2022/11/10 20:12 android12-5.4 5a34019eb955 3ead01ad .config log report info kernel BUG in pfkey_send_acquire
ci2-android-5-4-kasan 2022/11/10 03:27 android12-5.4 5a34019eb955 b2488a87 .config log report info kernel BUG in pfkey_send_acquire
ci2-android-5-4-kasan 2022/11/09 03:17 android12-5.4 5e295dcf7dcb 5fa28208 .config log report info kernel BUG in pfkey_send_acquire
ci2-android-5-4-kasan 2022/11/08 08:45 android12-5.4 d87b38e6be0f 6feb842b .config log report info kernel BUG in pfkey_send_acquire
ci2-android-5-4-kasan 2022/11/07 14:33 android12-5.4 d87b38e6be0f a779b11a .config log report info kernel BUG in pfkey_send_acquire
ci2-android-5-4-kasan 2022/11/07 00:45 android12-5.4 d87b38e6be0f 6d752409 .config log report info kernel BUG in pfkey_send_acquire
ci2-android-5-4-kasan 2022/11/05 03:11 android12-5.4 430299330abf 6d752409 .config log report info kernel BUG in pfkey_send_acquire
ci2-android-5-4-kasan 2022/11/04 22:00 android12-5.4 f967523c2742 6d752409 .config log report info kernel BUG in pfkey_send_acquire
ci2-android-5-4-kasan 2022/11/01 17:13 android12-5.4 dd9d210aa955 a1d8560a .config log report info kernel BUG in pfkey_send_acquire
ci2-android-5-4-kasan 2022/11/01 06:03 android12-5.4 dd9d210aa955 a1d8560a .config log report info kernel BUG in pfkey_send_acquire
ci2-android-5-4-kasan 2022/11/01 03:11 android12-5.4 dd9d210aa955 a1d8560a .config log report info kernel BUG in pfkey_send_acquire
ci2-android-5-4-kasan 2022/11/01 00:39 android12-5.4 dd9d210aa955 2a71366b .config log report info kernel BUG in pfkey_send_acquire
ci2-android-5-4-kasan 2022/10/30 22:06 android12-5.4 035e4939365c 2a71366b .config log report info kernel BUG in pfkey_send_acquire
ci2-android-5-4-kasan 2022/10/28 22:53 android12-5.4 035e4939365c 8168b69e .config log report info kernel BUG in pfkey_send_acquire
ci2-android-5-4-kasan 2022/10/28 12:19 android12-5.4 035e4939365c 8168b69e .config log report info kernel BUG in pfkey_send_acquire
ci2-android-5-4-kasan 2022/10/27 22:27 android12-5.4 035e4939365c 5c716ff6 .config log report info kernel BUG in pfkey_send_acquire
ci2-android-5-4-kasan 2022/10/27 19:18 android12-5.4 035e4939365c 5c716ff6 .config log report info kernel BUG in pfkey_send_acquire
ci2-android-5-4-kasan 2022/10/27 08:37 android12-5.4 035e4939365c 86777b7f .config log report info kernel BUG in pfkey_send_acquire
ci2-android-5-4-kasan 2022/10/26 11:37 android12-5.4 035e4939365c 2159e4d2 .config log report info kernel BUG in pfkey_send_acquire
ci2-android-5-4-kasan 2022/10/26 06:08 android12-5.4 035e4939365c 2159e4d2 .config log report info kernel BUG in pfkey_send_acquire
ci2-android-5-4-kasan 2022/10/25 22:29 android12-5.4 035e4939365c 2159e4d2 .config log report info kernel BUG in pfkey_send_acquire
ci2-android-5-4-kasan 2022/10/25 10:54 android12-5.4 035e4939365c 45645420 .config log report info kernel BUG in pfkey_send_acquire
ci2-android-5-4-kasan 2022/10/25 05:35 android12-5.4 035e4939365c 45645420 .config log report info kernel BUG in pfkey_send_acquire
ci2-android-5-4-kasan 2022/10/23 13:10 android12-5.4 8c70a830a157 23bf86af .config log report info kernel BUG in pfkey_send_acquire
ci2-android-5-4-kasan 2022/10/23 11:37 android12-5.4 8c70a830a157 23bf86af .config log report info kernel BUG in pfkey_send_acquire
ci2-android-5-4-kasan 2022/10/22 22:22 android12-5.4 8c70a830a157 c0b80a55 .config log report info kernel BUG in pfkey_send_acquire
ci2-android-5-4-kasan 2022/10/21 09:00 android12-5.4 8c70a830a157 63e790dd .config log report info kernel BUG in pfkey_send_acquire
ci2-android-5-4-kasan 2022/10/20 16:06 android12-5.4 ff63a5f5cdf6 b31320fc .config log report info kernel BUG in pfkey_send_acquire
ci2-android-5-4-kasan 2022/10/20 10:44 android12-5.4 ff63a5f5cdf6 b31320fc .config log report info kernel BUG in pfkey_send_acquire
ci2-android-5-4-kasan 2022/10/20 05:22 android12-5.4 ff63a5f5cdf6 b31320fc .config log report info kernel BUG in pfkey_send_acquire
ci2-android-5-4-kasan 2022/10/19 21:08 android12-5.4 ff63a5f5cdf6 b31320fc .config log report info kernel BUG in pfkey_send_acquire
ci2-android-5-4-kasan 2022/10/18 11:40 android12-5.4 ff63a5f5cdf6 b31320fc .config log report info kernel BUG in pfkey_send_acquire
ci2-android-5-4-kasan 2022/10/18 07:06 android12-5.4 ff63a5f5cdf6 94744d21 .config log report info kernel BUG in pfkey_send_acquire
ci2-android-5-4-kasan 2022/10/18 04:30 android12-5.4 ff63a5f5cdf6 94744d21 .config log report info kernel BUG in pfkey_send_acquire
ci2-android-5-4-kasan 2022/10/17 20:30 android12-5.4 ff63a5f5cdf6 94744d21 .config log report info kernel BUG in pfkey_send_acquire
ci2-android-5-4-kasan 2022/10/16 18:53 android12-5.4 ff63a5f5cdf6 67cb024c .config log report info kernel BUG in pfkey_send_acquire
ci2-android-5-4-kasan 2022/10/16 15:53 android12-5.4 ff63a5f5cdf6 67cb024c .config log report info kernel BUG in pfkey_send_acquire
ci2-android-5-4-kasan 2022/10/16 12:16 android12-5.4 ff63a5f5cdf6 67cb024c .config log report info kernel BUG in pfkey_send_acquire
ci2-android-5-4-kasan 2022/10/16 07:02 android12-5.4 ff63a5f5cdf6 67cb024c .config log report info kernel BUG in pfkey_send_acquire
ci2-android-5-4-kasan 2022/10/16 05:47 android12-5.4 ff63a5f5cdf6 67cb024c .config log report info kernel BUG in pfkey_send_acquire
ci2-android-5-4-kasan 2022/10/15 11:20 android12-5.4 ff63a5f5cdf6 67cb024c .config log report info kernel BUG in pfkey_send_acquire
ci2-android-5-4-kasan 2022/10/15 08:15 android12-5.4 ff63a5f5cdf6 67cb024c .config log report info kernel BUG in pfkey_send_acquire
ci2-android-5-4-kasan 2021/01/17 15:18 android12-5.4 dc04463953b2 fd103621 .config log report info kernel BUG in pfkey_send_acquire
* Struck through repros no longer work on HEAD.