syzbot

 sign-in | mailing list | source | docs
🐞 Open [30] 🐞 Fixed [49] 🐞 Invalid [71] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes

kernel BUG in add_grec

Status: fixed on 2022/03/29 10:01
Reported-by: syzbot+e223cf47ec8ae183f2a0@syzkaller.appspotmail.com
Fix commit: ae8ec5eabb1a net: ipv6: fix skb_over_panic in __ip6_append_data
First crash: 256d, last: 183d

Cause bisection: failed (bisect log)
similar bugs (16):
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
android-54 kernel BUG at net/core/skbuff.c:LINE! C 228 1d08h 989d 0/2 upstream: reported C repro on 2020/01/12 09:43
android-5-10 kernel BUG in add_grec (2) 793 5h24m 182d 0/2 premoderation: reported on 2022/03/29 11:58
android-5-10 kernel BUG in cdc_ncm_fill_tx_frame C error 40 275d 340d 1/2 fixed on 2021/12/29 12:20
android-44 kernel BUG at net/core/skbuff.c:LINE! C 79 1039d 1265d 0/2 public: reported C repro on 2019/04/11 08:44
linux-4.19 kernel BUG at net/core/skbuff.c:LINE! C unreliable 494 29d 1248d 0/1 upstream: reported C repro on 2019/04/27 20:12
android-54 kernel BUG in pfkey_send_acquire C 187 1d07h 618d 0/2 upstream: reported C repro on 2021/01/17 15:19
upstream kernel BUG at net/core/skbuff.c:LINE! (2) C 562 1704d 1793d 4/24 fixed on 2018/01/29 03:39
android-414 kernel BUG at net/core/skbuff.c:LINE! C 2743 1028d 1265d 0/1 public: reported C repro on 2019/04/11 00:00
upstream kernel BUG in netem_enqueue 7 1d13h 146d 23/24 internal: reported on 2022/05/04 17:12
upstream kernel BUG at net/core/skbuff.c:LINE! (3) C done 4399 582d 1698d 21/24 fixed on 2021/03/10 01:48
upstream kernel BUG at net/core/skbuff.c:LINE! 5 1799d 1869d 3/24 fixed on 2017/10/27 10:10
linux-4.19 kernel BUG in pfkey_send_acquire C done 56 588d 618d 1/1 fixed on 2021/03/18 08:30
linux-4.14 kernel BUG at net/core/skbuff.c:LINE! C 3016 9h44m 1264d 0/1 upstream: reported C repro on 2019/04/12 15:43
upstream kernel BUG in llc_sap_action_send_xid_c C error 61 322d 535d 22/24 fixed on 2021/11/10 00:50
upstream kernel BUG in pskb_expand_head C done 844 3h29m 316d 0/24 upstream: reported C repro on 2021/11/15 08:38
android-49 kernel BUG at net/core/skbuff.c:LINE! C 391 1028d 1264d 0/3 public: reported C repro on 2019/04/12 00:00
Patch testing requests:
Created Duration User Patch Repo Result
2022/03/21 20:15 9m tadeusz.struk@linaro.org git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master OK
2022/03/08 16:59 9m tadeusz.struk@linaro.org patch https://android.googlesource.com/kernel/common android12-5.10 OK
2022/03/07 22:48 9m tadeusz.struk@linaro.org patch https://android.googlesource.com/kernel/common android12-5.10 error

Sample crash report:
skbuff: skb_over_panic: text:ffffffff842f46b6 len:65575 put:65575 head:ffff88811d74a000 data:ffff88811d74a088 tail:0x100af end:0x680 dev:<NULL>
------------[ cut here ]------------
kernel BUG at net/core/skbuff.c:110!
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
CPU: 1 PID: 366 Comm: syz-executor693 Not tainted 5.10.92-syzkaller-01003-gf45f895af546 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:skb_panic+0x14f/0x160 net/core/skbuff.c:106
Code: 87 85 48 8b 75 c0 48 8b 55 b8 8b 4d d4 44 8b 45 d0 4c 8b 4d c8 b8 00 00 00 00 53 41 56 41 55 41 54 e8 9c 42 89 fd 48 83 c4 20 <0f> 0b 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 55 48 89 e5 41
RSP: 0018:ffffc90000ba71b0 EFLAGS: 00010282
RAX: 000000000000008f RBX: ffffffff858750a0 RCX: 24e716add774bb00
RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000
RBP: ffffc90000ba71f8 R08: ffffffff815457c8 R09: ffffed103ee2a5d8
R10: ffffed103ee2a5d8 R11: 0000000000000000 R12: ffff88811d74a088
R13: 00000000000100af R14: 0000000000000680 R15: dffffc0000000000
FS:  00005555557e2300(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000558102e15048 CR3: 000000011ccbd000 CR4: 00000000003506a0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 skb_over_panic+0x2c/0x30 net/core/skbuff.c:115
 skb_put+0x205/0x210 net/core/skbuff.c:1877
 __ip6_append_data+0x2ad6/0x3d80 net/ipv6/ip6_output.c:1680
 ip6_append_data+0x1ab/0x2d0 net/ipv6/ip6_output.c:1829
 rawv6_sendmsg+0x1e4f/0x2cd0 net/ipv6/raw.c:949
 inet_sendmsg+0xa1/0xc0 net/ipv4/af_inet.c:821
 sock_sendmsg_nosec net/socket.c:652 [inline]
 sock_sendmsg net/socket.c:672 [inline]
 ____sys_sendmsg+0x5b9/0x910 net/socket.c:2343
 ___sys_sendmsg net/socket.c:2397 [inline]
 __sys_sendmmsg+0x5ae/0x7f0 net/socket.c:2487
 __do_sys_sendmmsg net/socket.c:2516 [inline]
 __se_sys_sendmmsg net/socket.c:2513 [inline]
 __x64_sys_sendmmsg+0xa0/0xb0 net/socket.c:2513
 do_syscall_64+0x31/0x70 arch/x86/entry/common.c:46
 entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x7f1eb12453f9
Code: 28 c3 e8 4a 15 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffd42c6b928 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
RAX: ffffffffffffffda RBX: 00007ffd42c6b938 RCX: 00007f1eb12453f9
RDX: 0000000000000001 RSI: 00000000200002c0 RDI: 0000000000000003
RBP: 0000000000000003 R08: 0000000000000000 R09: 0000000000000000
R10: 000000000000fe80 R11: 0000000000000246 R12: 00007ffd42c6b940
R13: 00007ffd42c6b960 R14: 0000000000000000 R15: 0000000000000000
Modules linked in:
---[ end trace e41daba6b63d41fe ]---
RIP: 0010:skb_panic+0x14f/0x160 net/core/skbuff.c:106
Code: 87 85 48 8b 75 c0 48 8b 55 b8 8b 4d d4 44 8b 45 d0 4c 8b 4d c8 b8 00 00 00 00 53 41 56 41 55 41 54 e8 9c 42 89 fd 48 83 c4 20 <0f> 0b 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 55 48 89 e5 41
RSP: 0018:ffffc90000ba71b0 EFLAGS: 00010282
RAX: 000000000000008f RBX: ffffffff858750a0 RCX: 24e716add774bb00
RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000
RBP: ffffc90000ba71f8 R08: ffffffff815457c8 R09: ffffed103ee2a5d8
R10: ffffed103ee2a5d8 R11: 0000000000000000 R12: ffff88811d74a088
R13: 00000000000100af R14: 0000000000000680 R15: dffffc0000000000
FS:  00005555557e2300(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000558102e15048 CR3: 000000011ccbd000 CR4: 00000000003506a0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400

Crashes (83):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci2-android-5-10 2022/01/20 05:46 android12-5.10-lts f45f895af546 5da9499f .config log report syz C kernel BUG in __ip6_append_data
ci2-android-5-10 2022/02/04 00:13 android12-5.10-lts 34fd8cb7e75c 30646bfe .config log report syz kernel BUG in cdc_ncm_fill_tx_frame
ci2-android-5-10 2022/03/28 16:01 android12-5.10-lts ab2d1d40a128 89bc8608 .config log report info kernel BUG in add_grec
ci2-android-5-10 2022/03/28 12:10 android12-5.10-lts ab2d1d40a128 89bc8608 .config log report info kernel BUG in add_grec
ci2-android-5-10 2022/03/27 21:30 android12-5.10-lts ab2d1d40a128 89bc8608 .config log report info kernel BUG in add_grec
ci2-android-5-10 2022/03/27 17:11 android12-5.10-lts ab2d1d40a128 89bc8608 .config log report info kernel BUG in add_grec
ci2-android-5-10 2022/03/27 15:42 android12-5.10-lts ab2d1d40a128 89bc8608 .config log report info kernel BUG in add_grec
ci2-android-5-10 2022/03/27 08:10 android12-5.10-lts ab2d1d40a128 89bc8608 .config log report info kernel BUG in add_grec
ci2-android-5-10 2022/03/26 21:07 android12-5.10-lts ab2d1d40a128 89bc8608 .config log report info kernel BUG in add_grec
ci2-android-5-10 2022/03/26 18:12 android12-5.10-lts ab2d1d40a128 89bc8608 .config log report info kernel BUG in add_grec
ci2-android-5-10 2022/03/26 05:26 android12-5.10-lts ab2d1d40a128 89bc8608 .config log report info kernel BUG in add_grec
ci2-android-5-10 2022/03/25 22:26 android12-5.10-lts ab2d1d40a128 89bc8608 .config log report info kernel BUG in add_grec
ci2-android-5-10 2022/03/24 09:23 android12-5.10-lts ab2d1d40a128 89bc8608 .config log report info kernel BUG in add_grec
ci2-android-5-10 2022/03/24 06:59 android12-5.10-lts ab2d1d40a128 5ff41e94 .config log report info kernel BUG in add_grec
ci2-android-5-10 2022/03/23 23:49 android12-5.10-lts ab2d1d40a128 5ff41e94 .config log report info kernel BUG in add_grec
ci2-android-5-10 2022/03/22 22:37 android12-5.10-lts 9a559b886861 d88ef0c5 .config log report info kernel BUG in add_grec
ci2-android-5-10 2022/03/22 13:55 android12-5.10-lts 9a559b886861 d88ef0c5 .config log report info kernel BUG in add_grec
ci2-android-5-10 2022/03/20 12:38 android12-5.10-lts 5287773dba0d e2d91b1d .config log report info kernel BUG in add_grec
ci2-android-5-10 2022/03/16 23:24 android12-5.10-lts 9e96a3d6ae39 46cc3b21 .config log report info kernel BUG in add_grec
ci2-android-5-10 2022/03/16 18:12 android12-5.10-lts 9e96a3d6ae39 46cc3b21 .config log report info kernel BUG in add_grec
ci2-android-5-10 2022/03/16 03:49 android12-5.10-lts 5c5685cc64b4 9e8eaa75 .config log report info kernel BUG in add_grec
ci2-android-5-10 2022/03/15 08:33 android12-5.10-lts 0773736e480c 9e8eaa75 .config log report info kernel BUG in add_grec
ci2-android-5-10 2022/03/14 22:29 android12-5.10-lts 0773736e480c 9e8eaa75 .config log report info kernel BUG in add_grec
ci2-android-5-10 2022/03/14 20:23 android12-5.10-lts e1b86e7f5cbb 9e8eaa75 .config log report info kernel BUG in add_grec
ci2-android-5-10 2022/03/11 09:55 android12-5.10-lts e1b86e7f5cbb 9e8eaa75 .config log report info kernel BUG in add_grec
ci2-android-5-10 2022/03/10 03:19 android12-5.10-lts e1b86e7f5cbb 9e8eaa75 .config log report info kernel BUG in add_grec
ci2-android-5-10 2022/03/09 05:18 android12-5.10-lts e1b86e7f5cbb 9e8eaa75 .config log report info kernel BUG in add_grec
ci2-android-5-10 2022/03/08 16:19 android12-5.10-lts e1b86e7f5cbb 7bdd8b2c .config log report info kernel BUG in add_grec
ci2-android-5-10 2022/03/08 11:24 android12-5.10-lts e1b86e7f5cbb 7bdd8b2c .config log report info kernel BUG in add_grec
ci2-android-5-10 2022/03/07 15:31 android12-5.10-lts e1b86e7f5cbb 7bdd8b2c .config log report info kernel BUG in add_grec
ci2-android-5-10 2022/03/07 07:06 android12-5.10-lts e1b86e7f5cbb 7bdd8b2c .config log report info kernel BUG in add_grec
ci2-android-5-10 2022/03/05 18:02 android12-5.10-lts e1b86e7f5cbb 7bdd8b2c .config log report info kernel BUG in add_grec
ci2-android-5-10 2022/03/05 05:44 android12-5.10-lts e1b86e7f5cbb 45a13a73 .config log report info kernel BUG in add_grec
ci2-android-5-10 2022/03/05 02:06 android12-5.10-lts e1b86e7f5cbb 45a13a73 .config log report info kernel BUG in add_grec
ci2-android-5-10 2022/03/04 13:51 android12-5.10-lts e1b86e7f5cbb 45a13a73 .config log report info kernel BUG in add_grec
ci2-android-5-10 2022/03/03 21:24 android12-5.10-lts e1b86e7f5cbb 45a13a73 .config log report info kernel BUG in add_grec
ci2-android-5-10 2022/03/03 00:03 android12-5.10-lts e1b86e7f5cbb 45a13a73 .config log report info kernel BUG in add_grec
ci2-android-5-10 2022/03/01 12:54 android12-5.10-lts e1b86e7f5cbb 45a13a73 .config log report info kernel BUG in add_grec
ci2-android-5-10 2022/03/01 12:19 android12-5.10-lts e1b86e7f5cbb 45a13a73 .config log report info kernel BUG in add_grec
ci2-android-5-10 2022/03/01 05:04 android12-5.10-lts e1b86e7f5cbb 45a13a73 .config log report info kernel BUG in add_grec
ci2-android-5-10 2022/02/02 14:49 android12-5.10-lts 34fd8cb7e75c 4ebb2798 .config log report info kernel BUG in add_grec
ci2-android-5-10 2022/02/02 00:17 android12-5.10-lts 0347b1658399 4ebb2798 .config log report info kernel BUG in add_grec
ci2-android-5-10 2022/01/31 03:16 android12-5.10-lts 0347b1658399 495e00c5 .config log report info kernel BUG in add_grec
ci2-android-5-10 2022/01/31 00:39 android12-5.10-lts 0347b1658399 495e00c5 .config log report info kernel BUG in add_grec
ci2-android-5-10 2022/01/29 19:04 android12-5.10-lts 0347b1658399 495e00c5 .config log report info kernel BUG in add_grec
ci2-android-5-10 2022/01/29 18:57 android12-5.10-lts 0347b1658399 495e00c5 .config log report info kernel BUG in add_grec
ci2-android-5-10 2022/01/28 22:30 android12-5.10-lts 0347b1658399 495e00c5 .config log report info kernel BUG in add_grec
ci2-android-5-10 2022/01/28 15:05 android12-5.10-lts 0347b1658399 495e00c5 .config log report info kernel BUG in add_grec
ci2-android-5-10 2022/01/28 01:17 android12-5.10-lts 0347b1658399 64a8e201 .config log report info kernel BUG in add_grec
ci2-android-5-10 2022/01/25 00:17 android12-5.10-lts 0347b1658399 2cbffd88 .config log report info kernel BUG in add_grec
ci2-android-5-10 2022/01/24 21:12 android12-5.10-lts 0347b1658399 2cbffd88 .config log report info kernel BUG in add_grec
ci2-android-5-10 2022/01/24 07:25 android12-5.10-lts 0347b1658399 214351e1 .config log report info kernel BUG in add_grec
ci2-android-5-10 2022/01/13 18:14 android12-5.10-lts d605f2f30d54 b8d780ab .config log report info kernel BUG in add_grec
ci2-android-5-10 2022/03/18 20:14 android12-5.10-lts 5287773dba0d e2d91b1d .config log report info kernel BUG in mld_newpack
ci2-android-5-10 2022/03/16 17:03 android12-5.10-lts 9e96a3d6ae39 46cc3b21 .config log report info kernel BUG in mld_newpack
ci2-android-5-10 2022/03/12 10:41 android12-5.10-lts e1b86e7f5cbb 9e8eaa75 .config log report info kernel BUG in mld_newpack
ci2-android-5-10 2022/03/12 03:54 android12-5.10-lts e1b86e7f5cbb 9e8eaa75 .config log report info kernel BUG in __ip6_append_data
ci2-android-5-10 2022/03/11 18:23 android12-5.10-lts e1b86e7f5cbb 9e8eaa75 .config log report info kernel BUG in mld_newpack
ci2-android-5-10 2022/03/03 01:21 android12-5.10-lts e1b86e7f5cbb 45a13a73 .config log report info kernel BUG in mld_newpack
ci2-android-5-10 2022/03/01 20:03 android12-5.10-lts e1b86e7f5cbb 45a13a73 .config log report info kernel BUG in mld_newpack
ci2-android-5-10 2022/01/20 05:34 android12-5.10-lts f45f895af546 5da9499f .config log report info kernel BUG in __ip6_append_data
* Struck through repros no longer work on HEAD.