kernel BUG in add

kernel BUG in add_grec
Status: fixed on 2022/03/29 10:01
Reported-by: syzbot+e223cf47ec8ae183f2a0@syzkaller.appspotmail.com
Fix commit: ae8ec5eabb1a net: ipv6: fix skb_over_panic in __ip6_append_data
First crash: 122d, last: 48d

Cause bisection: failed (bisect log)

similar bugs (15):
Kernel	Title	Repro	Cause bisect	Fix bisect	Count	Last	Reported	Patched	Status
android-54	kernel BUG at net/core/skbuff.c:LINE!	C			186	2d01h	855d	0/2	upstream: reported C repro on 2020/01/12 09:43
android-5-10	kernel BUG in add_grec (2)				194	2h11m	48d	0/2	premoderation: reported on 2022/03/29 11:58
android-5-10	kernel BUG in cdc_ncm_fill_tx_frame	C	error		40	141d	206d	1/2	fixed on 2021/12/29 12:20
android-44	kernel BUG at net/core/skbuff.c:LINE!	C			79	905d	1131d	0/2	public: reported C repro on 2019/04/11 08:44
linux-4.19	kernel BUG at net/core/skbuff.c:LINE!	C		unreliable	492	112d	1114d	0/1	upstream: reported C repro on 2019/04/27 20:12
android-54	kernel BUG in pfkey_send_acquire	syz			32	456d	483d	0/2	upstream: reported syz repro on 2021/01/17 15:19
upstream	kernel BUG at net/core/skbuff.c:LINE! (2)	C			562	1569d	1658d	4/22	fixed on 2018/01/29 03:39
android-414	kernel BUG at net/core/skbuff.c:LINE!	C			2743	894d	1131d	0/1	public: reported C repro on 2019/04/11 00:00
upstream	kernel BUG at net/core/skbuff.c:LINE! (3)	C	done		4399	447d	1564d	21/22	fixed on 2021/03/10 01:48
upstream	kernel BUG at net/core/skbuff.c:LINE!				5	1665d	1735d	3/22	fixed on 2017/10/27 10:10
linux-4.19	kernel BUG in pfkey_send_acquire	C		done	56	454d	483d	1/1	fixed on 2021/03/18 08:30
linux-4.14	kernel BUG at net/core/skbuff.c:LINE!	C			2843	16d	1129d	0/1	upstream: reported C repro on 2019/04/12 15:43
upstream	kernel BUG in llc_sap_action_send_xid_c	C	error		61	187d	401d	22/22	fixed on 2021/11/10 00:50
upstream	kernel BUG in pskb_expand_head	C	done		66	3d08h	182d	20/22	upstream: reported C repro on 2021/11/15 08:38
android-49	kernel BUG at net/core/skbuff.c:LINE!	C			391	894d	1130d	0/3	public: reported C repro on 2019/04/12 00:00

Patch testing requests:
Created	Duration	User	Patch	Repo	Result
2022/03/21 20:15	9m	tadeusz.struk@linaro.org		git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master	OK
2022/03/08 16:59	9m	tadeusz.struk@linaro.org	patch	https://android.googlesource.com/kernel/common android12-5.10	OK
2022/03/07 22:48	9m	tadeusz.struk@linaro.org	patch	https://android.googlesource.com/kernel/common android12-5.10	error

Sample crash report:

skbuff: skb_over_panic: text:ffffffff842f46b6 len:65575 put:65575 head:ffff88811d74a000 data:ffff88811d74a088 tail:0x100af end:0x680 dev:<NULL>
------------[ cut here ]------------
kernel BUG at net/core/skbuff.c:110!
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
CPU: 1 PID: 366 Comm: syz-executor693 Not tainted 5.10.92-syzkaller-01003-gf45f895af546 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:skb_panic+0x14f/0x160 net/core/skbuff.c:106
Code: 87 85 48 8b 75 c0 48 8b 55 b8 8b 4d d4 44 8b 45 d0 4c 8b 4d c8 b8 00 00 00 00 53 41 56 41 55 41 54 e8 9c 42 89 fd 48 83 c4 20 <0f> 0b 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 55 48 89 e5 41
RSP: 0018:ffffc90000ba71b0 EFLAGS: 00010282
RAX: 000000000000008f RBX: ffffffff858750a0 RCX: 24e716add774bb00
RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000
RBP: ffffc90000ba71f8 R08: ffffffff815457c8 R09: ffffed103ee2a5d8
R10: ffffed103ee2a5d8 R11: 0000000000000000 R12: ffff88811d74a088
R13: 00000000000100af R14: 0000000000000680 R15: dffffc0000000000
FS:  00005555557e2300(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000558102e15048 CR3: 000000011ccbd000 CR4: 00000000003506a0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 skb_over_panic+0x2c/0x30 net/core/skbuff.c:115
 skb_put+0x205/0x210 net/core/skbuff.c:1877
 __ip6_append_data+0x2ad6/0x3d80 net/ipv6/ip6_output.c:1680
 ip6_append_data+0x1ab/0x2d0 net/ipv6/ip6_output.c:1829
 rawv6_sendmsg+0x1e4f/0x2cd0 net/ipv6/raw.c:949
 inet_sendmsg+0xa1/0xc0 net/ipv4/af_inet.c:821
 sock_sendmsg_nosec net/socket.c:652 [inline]
 sock_sendmsg net/socket.c:672 [inline]
 ____sys_sendmsg+0x5b9/0x910 net/socket.c:2343
 ___sys_sendmsg net/socket.c:2397 [inline]
 __sys_sendmmsg+0x5ae/0x7f0 net/socket.c:2487
 __do_sys_sendmmsg net/socket.c:2516 [inline]
 __se_sys_sendmmsg net/socket.c:2513 [inline]
 __x64_sys_sendmmsg+0xa0/0xb0 net/socket.c:2513
 do_syscall_64+0x31/0x70 arch/x86/entry/common.c:46
 entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x7f1eb12453f9
Code: 28 c3 e8 4a 15 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffd42c6b928 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
RAX: ffffffffffffffda RBX: 00007ffd42c6b938 RCX: 00007f1eb12453f9
RDX: 0000000000000001 RSI: 00000000200002c0 RDI: 0000000000000003
RBP: 0000000000000003 R08: 0000000000000000 R09: 0000000000000000
R10: 000000000000fe80 R11: 0000000000000246 R12: 00007ffd42c6b940
R13: 00007ffd42c6b960 R14: 0000000000000000 R15: 0000000000000000
Modules linked in:
---[ end trace e41daba6b63d41fe ]---
RIP: 0010:skb_panic+0x14f/0x160 net/core/skbuff.c:106
Code: 87 85 48 8b 75 c0 48 8b 55 b8 8b 4d d4 44 8b 45 d0 4c 8b 4d c8 b8 00 00 00 00 53 41 56 41 55 41 54 e8 9c 42 89 fd 48 83 c4 20 <0f> 0b 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 55 48 89 e5 41
RSP: 0018:ffffc90000ba71b0 EFLAGS: 00010282
RAX: 000000000000008f RBX: ffffffff858750a0 RCX: 24e716add774bb00
RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000
RBP: ffffc90000ba71f8 R08: ffffffff815457c8 R09: ffffed103ee2a5d8
R10: ffffed103ee2a5d8 R11: 0000000000000000 R12: ffff88811d74a088
R13: 00000000000100af R14: 0000000000000680 R15: dffffc0000000000
FS:  00005555557e2300(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000558102e15048 CR3: 000000011ccbd000 CR4: 00000000003506a0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400

Crashes (83):
Manager	Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro	VM info	Title
ci2-android-5-10	2022/01/20 05:46	android12-5.10-lts	f45f895af546	5da9499f	.config	log	report	syz	C		kernel BUG in __ip6_append_data
ci2-android-5-10	2022/02/04 00:13	android12-5.10-lts	34fd8cb7e75c	30646bfe	.config	log	report	syz			kernel BUG in cdc_ncm_fill_tx_frame
ci2-android-5-10	2022/03/28 16:01	android12-5.10-lts	ab2d1d40a128	89bc8608	.config	log	report			info	kernel BUG in add_grec
ci2-android-5-10	2022/03/28 12:10	android12-5.10-lts	ab2d1d40a128	89bc8608	.config	log	report			info	kernel BUG in add_grec
ci2-android-5-10	2022/03/27 21:30	android12-5.10-lts	ab2d1d40a128	89bc8608	.config	log	report			info	kernel BUG in add_grec
ci2-android-5-10	2022/03/27 17:11	android12-5.10-lts	ab2d1d40a128	89bc8608	.config	log	report			info	kernel BUG in add_grec
ci2-android-5-10	2022/03/27 15:42	android12-5.10-lts	ab2d1d40a128	89bc8608	.config	log	report			info	kernel BUG in add_grec
ci2-android-5-10	2022/03/27 08:10	android12-5.10-lts	ab2d1d40a128	89bc8608	.config	log	report			info	kernel BUG in add_grec
ci2-android-5-10	2022/03/26 21:07	android12-5.10-lts	ab2d1d40a128	89bc8608	.config	log	report			info	kernel BUG in add_grec
ci2-android-5-10	2022/03/26 18:12	android12-5.10-lts	ab2d1d40a128	89bc8608	.config	log	report			info	kernel BUG in add_grec
ci2-android-5-10	2022/03/26 05:26	android12-5.10-lts	ab2d1d40a128	89bc8608	.config	log	report			info	kernel BUG in add_grec
ci2-android-5-10	2022/03/25 22:26	android12-5.10-lts	ab2d1d40a128	89bc8608	.config	log	report			info	kernel BUG in add_grec
ci2-android-5-10	2022/03/24 09:23	android12-5.10-lts	ab2d1d40a128	89bc8608	.config	log	report			info	kernel BUG in add_grec
ci2-android-5-10	2022/03/24 06:59	android12-5.10-lts	ab2d1d40a128	5ff41e94	.config	log	report			info	kernel BUG in add_grec
ci2-android-5-10	2022/03/23 23:49	android12-5.10-lts	ab2d1d40a128	5ff41e94	.config	log	report			info	kernel BUG in add_grec
ci2-android-5-10	2022/03/22 22:37	android12-5.10-lts	9a559b886861	d88ef0c5	.config	log	report			info	kernel BUG in add_grec
ci2-android-5-10	2022/03/22 13:55	android12-5.10-lts	9a559b886861	d88ef0c5	.config	log	report			info	kernel BUG in add_grec
ci2-android-5-10	2022/03/20 12:38	android12-5.10-lts	5287773dba0d	e2d91b1d	.config	log	report			info	kernel BUG in add_grec
ci2-android-5-10	2022/03/16 23:24	android12-5.10-lts	9e96a3d6ae39	46cc3b21	.config	log	report			info	kernel BUG in add_grec
ci2-android-5-10	2022/03/16 18:12	android12-5.10-lts	9e96a3d6ae39	46cc3b21	.config	log	report			info	kernel BUG in add_grec
ci2-android-5-10	2022/03/16 03:49	android12-5.10-lts	5c5685cc64b4	9e8eaa75	.config	log	report			info	kernel BUG in add_grec
ci2-android-5-10	2022/03/15 08:33	android12-5.10-lts	0773736e480c	9e8eaa75	.config	log	report			info	kernel BUG in add_grec
ci2-android-5-10	2022/03/14 22:29	android12-5.10-lts	0773736e480c	9e8eaa75	.config	log	report			info	kernel BUG in add_grec
ci2-android-5-10	2022/03/14 20:23	android12-5.10-lts	e1b86e7f5cbb	9e8eaa75	.config	log	report			info	kernel BUG in add_grec
ci2-android-5-10	2022/03/11 09:55	android12-5.10-lts	e1b86e7f5cbb	9e8eaa75	.config	log	report			info	kernel BUG in add_grec
ci2-android-5-10	2022/03/10 03:19	android12-5.10-lts	e1b86e7f5cbb	9e8eaa75	.config	log	report			info	kernel BUG in add_grec
ci2-android-5-10	2022/03/09 05:18	android12-5.10-lts	e1b86e7f5cbb	9e8eaa75	.config	log	report			info	kernel BUG in add_grec
ci2-android-5-10	2022/03/08 16:19	android12-5.10-lts	e1b86e7f5cbb	7bdd8b2c	.config	log	report			info	kernel BUG in add_grec
ci2-android-5-10	2022/03/08 11:24	android12-5.10-lts	e1b86e7f5cbb	7bdd8b2c	.config	log	report			info	kernel BUG in add_grec
ci2-android-5-10	2022/03/07 15:31	android12-5.10-lts	e1b86e7f5cbb	7bdd8b2c	.config	log	report			info	kernel BUG in add_grec
ci2-android-5-10	2022/03/07 07:06	android12-5.10-lts	e1b86e7f5cbb	7bdd8b2c	.config	log	report			info	kernel BUG in add_grec
ci2-android-5-10	2022/03/05 18:02	android12-5.10-lts	e1b86e7f5cbb	7bdd8b2c	.config	log	report			info	kernel BUG in add_grec
ci2-android-5-10	2022/03/05 05:44	android12-5.10-lts	e1b86e7f5cbb	45a13a73	.config	log	report			info	kernel BUG in add_grec
ci2-android-5-10	2022/03/05 02:06	android12-5.10-lts	e1b86e7f5cbb	45a13a73	.config	log	report			info	kernel BUG in add_grec
ci2-android-5-10	2022/03/04 13:51	android12-5.10-lts	e1b86e7f5cbb	45a13a73	.config	log	report			info	kernel BUG in add_grec
ci2-android-5-10	2022/03/03 21:24	android12-5.10-lts	e1b86e7f5cbb	45a13a73	.config	log	report			info	kernel BUG in add_grec
ci2-android-5-10	2022/03/03 00:03	android12-5.10-lts	e1b86e7f5cbb	45a13a73	.config	log	report			info	kernel BUG in add_grec
ci2-android-5-10	2022/03/01 12:54	android12-5.10-lts	e1b86e7f5cbb	45a13a73	.config	log	report			info	kernel BUG in add_grec
ci2-android-5-10	2022/03/01 12:19	android12-5.10-lts	e1b86e7f5cbb	45a13a73	.config	log	report			info	kernel BUG in add_grec
ci2-android-5-10	2022/03/01 05:04	android12-5.10-lts	e1b86e7f5cbb	45a13a73	.config	log	report			info	kernel BUG in add_grec
ci2-android-5-10	2022/02/02 14:49	android12-5.10-lts	34fd8cb7e75c	4ebb2798	.config	log	report			info	kernel BUG in add_grec
ci2-android-5-10	2022/02/02 00:17	android12-5.10-lts	0347b1658399	4ebb2798	.config	log	report			info	kernel BUG in add_grec
ci2-android-5-10	2022/01/31 03:16	android12-5.10-lts	0347b1658399	495e00c5	.config	log	report			info	kernel BUG in add_grec
ci2-android-5-10	2022/01/31 00:39	android12-5.10-lts	0347b1658399	495e00c5	.config	log	report			info	kernel BUG in add_grec
ci2-android-5-10	2022/01/29 19:04	android12-5.10-lts	0347b1658399	495e00c5	.config	log	report			info	kernel BUG in add_grec
ci2-android-5-10	2022/01/29 18:57	android12-5.10-lts	0347b1658399	495e00c5	.config	log	report			info	kernel BUG in add_grec
ci2-android-5-10	2022/01/28 22:30	android12-5.10-lts	0347b1658399	495e00c5	.config	log	report			info	kernel BUG in add_grec
ci2-android-5-10	2022/01/28 15:05	android12-5.10-lts	0347b1658399	495e00c5	.config	log	report			info	kernel BUG in add_grec
ci2-android-5-10	2022/01/28 01:17	android12-5.10-lts	0347b1658399	64a8e201	.config	log	report			info	kernel BUG in add_grec
ci2-android-5-10	2022/01/25 00:17	android12-5.10-lts	0347b1658399	2cbffd88	.config	log	report			info	kernel BUG in add_grec
ci2-android-5-10	2022/01/24 21:12	android12-5.10-lts	0347b1658399	2cbffd88	.config	log	report			info	kernel BUG in add_grec
ci2-android-5-10	2022/01/24 07:25	android12-5.10-lts	0347b1658399	214351e1	.config	log	report			info	kernel BUG in add_grec
ci2-android-5-10	2022/01/13 18:14	android12-5.10-lts	d605f2f30d54	b8d780ab	.config	log	report			info	kernel BUG in add_grec
ci2-android-5-10	2022/03/18 20:14	android12-5.10-lts	5287773dba0d	e2d91b1d	.config	log	report			info	kernel BUG in mld_newpack
ci2-android-5-10	2022/03/16 17:03	android12-5.10-lts	9e96a3d6ae39	46cc3b21	.config	log	report			info	kernel BUG in mld_newpack
ci2-android-5-10	2022/03/12 10:41	android12-5.10-lts	e1b86e7f5cbb	9e8eaa75	.config	log	report			info	kernel BUG in mld_newpack
ci2-android-5-10	2022/03/12 03:54	android12-5.10-lts	e1b86e7f5cbb	9e8eaa75	.config	log	report			info	kernel BUG in __ip6_append_data
ci2-android-5-10	2022/03/11 18:23	android12-5.10-lts	e1b86e7f5cbb	9e8eaa75	.config	log	report			info	kernel BUG in mld_newpack
ci2-android-5-10	2022/03/03 01:21	android12-5.10-lts	e1b86e7f5cbb	45a13a73	.config	log	report			info	kernel BUG in mld_newpack
ci2-android-5-10	2022/03/01 20:03	android12-5.10-lts	e1b86e7f5cbb	45a13a73	.config	log	report			info	kernel BUG in mld_newpack
ci2-android-5-10	2022/01/20 05:34	android12-5.10-lts	f45f895af546	5da9499f	.config	log	report			info	kernel BUG in __ip6_append_data