kernel BUG at net/core/skbuff.c:LINE!

kernel BUG at net/core/skbuff.c:LINE!
Status: upstream: reported C repro on 2020/01/12 09:43
Reported-by: syzbot+d935648ec6304369192d@syzkaller.appspotmail.com
First crash: 692d, last: 4h36m

similar bugs (13):
Kernel	Title	Repro	Cause bisect	Fix bisect	Count	Last	Reported	Patched	Status
android-44	kernel BUG at net/core/skbuff.c:LINE!	C			79	743d	968d	0/2	public: reported C repro on 2019/04/11 08:44
linux-4.19	kernel BUG at net/core/skbuff.c:LINE!	C		unreliable	490	25d	952d	0/1	upstream: reported C repro on 2019/04/27 20:12
android-54	kernel BUG in pfkey_send_acquire	syz			32	293d	321d	0/1	upstream: reported syz repro on 2021/01/17 15:19
upstream	kernel BUG at net/core/skbuff.c:LINE! (2)	C			562	1407d	1496d	4/22	fixed on 2018/01/29 03:39
android-414	kernel BUG at net/core/skbuff.c:LINE!	C			2743	731d	969d	0/1	public: reported C repro on 2019/04/11 00:00
android-5-10	kernel BUG in cdc_ncm_fill_tx_frame	C	error		34	4d09h	44d	0/1	internal: reported C repro on 2021/10/21 20:18
upstream	kernel BUG at net/core/skbuff.c:LINE! (3)	C	done		4399	285d	1402d	21/22	fixed on 2021/03/10 01:48
upstream	kernel BUG at net/core/skbuff.c:LINE!				5	1502d	1572d	3/22	fixed on 2017/10/27 10:10
linux-4.19	kernel BUG in pfkey_send_acquire	C		done	56	292d	321d	1/1	fixed on 2021/03/18 08:30
linux-4.14	kernel BUG at net/core/skbuff.c:LINE!	C			2829	18d	967d	0/1	upstream: reported C repro on 2019/04/12 15:43
upstream	kernel BUG in llc_sap_action_send_xid_c	C	error		61	25d	239d	22/22	fixed on 2021/11/10 00:50
upstream	kernel BUG in pskb_expand_head				14	2d02h	19d	0/22	upstream: reported on 2021/11/15 08:38
android-49	kernel BUG at net/core/skbuff.c:LINE!	C			391	732d	968d	0/3	public: reported C repro on 2019/04/12 00:00

Sample crash report:

------------[ cut here ]------------
kernel BUG at net/core/skbuff.c:109!
CPU: 0 PID: 2852 Comm: syz-executor615 Not tainted 5.4.65-syzkaller-00175-g63d1c2f0b547 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:skb_panic+0x14d/0x150 net/core/skbuff.c:105
Code: 48 8b 74 24 08 48 8b 54 24 10 8b 0c 24 44 8b 44 24 04 49 89 e9 b8 00 00 00 00 53 41 55 41 54 41 57 e8 03 59 07 fe 48 83 c4 20 <0f> 0b 90 55 41 57 41 56 41 55 41 54 53 48 83 ec 70 4c 89 cb 4c 89
RSP: 0018:ffff8881d6e6ecc0 EFLAGS: 00010286
RAX: 0000000000000086 RBX: ffffffff84a26bff RCX: 29d865cc16300300
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffff8881d4073c00 R08: ffffffff812ba23e R09: ffffed103b705e00
R10: ffffed103b705e00 R11: 0000000000000000 R12: 00000000000000e8
R13: 00000000000000c0 R14: dffffc0000000000 R15: ffff8881d4073c00
FS:  00007f202f64f700(0000) GS:ffff8881db800000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000002000e038 CR3: 00000001c96d4005 CR4: 00000000001606f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 skb_over_panic+0x25/0x30 net/core/skbuff.c:114
 skb_put+0x1e0/0x1e0 net/core/skbuff.c:1868
 dump_esp_combs net/key/af_key.c:2999 [inline]
 pfkey_send_acquire+0x18ee/0x2d60 net/key/af_key.c:3220
 km_query net/xfrm/xfrm_state.c:2166 [inline]
 xfrm_state_find+0x2f75/0x4990 net/xfrm/xfrm_state.c:1133
 xfrm_tmpl_resolve_one net/xfrm/xfrm_policy.c:2381 [inline]
 xfrm_tmpl_resolve net/xfrm/xfrm_policy.c:2426 [inline]
 xfrm_resolve_and_create_bundle+0x657/0x2ff0 net/xfrm/xfrm_policy.c:2717
 xfrm_lookup_with_ifid+0x955/0x1eb0 net/xfrm/xfrm_policy.c:3040
 xfrm_lookup net/xfrm/xfrm_policy.c:3164 [inline]
 xfrm_lookup_route+0x37/0x170 net/xfrm/xfrm_policy.c:3175
 ip_route_output_flow+0x1ad/0x2a0 net/ipv4/route.c:2727
 udp_sendmsg+0x170f/0x2e40 net/ipv4/udp.c:1147
 sock_sendmsg_nosec net/socket.c:638 [inline]
 sock_sendmsg net/socket.c:658 [inline]
 ____sys_sendmsg+0x56f/0x860 net/socket.c:2298
 ___sys_sendmsg net/socket.c:2352 [inline]
 __sys_sendmmsg+0x338/0x680 net/socket.c:2455
 __do_sys_sendmmsg net/socket.c:2484 [inline]
 __se_sys_sendmmsg net/socket.c:2481 [inline]
 __x64_sys_sendmmsg+0x9c/0xb0 net/socket.c:2481
 do_syscall_64+0xcb/0x150 arch/x86/entry/common.c:290
 entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x449819
Code: e8 8c e7 ff ff 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b 07 fc ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007f202f64eda8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
RAX: ffffffffffffffda RBX: 00000000006dfc38 RCX: 0000000000449819
RDX: 000000000800001d RSI: 0000000020007fc0 RDI: 0000000000000003
RBP: 00000000006dfc30 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dfc3c
R13: 0000000000000002 R14: 0000000009000702 R15: 0000000000000000
Modules linked in:
RIP: 0010:skb_panic+0x14d/0x150 net/core/skbuff.c:105
Code: 48 8b 74 24 08 48 8b 54 24 10 8b 0c 24 44 8b 44 24 04 49 89 e9 b8 00 00 00 00 53 41 55 41 54 41 57 e8 03 59 07 fe 48 83 c4 20 <0f> 0b 90 55 41 57 41 56 41 55 41 54 53 48 83 ec 70 4c 89 cb 4c 89
RSP: 0018:ffff8881d6e6ecc0 EFLAGS: 00010286
RAX: 0000000000000086 RBX: ffffffff84a26bff RCX: 29d865cc16300300
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffff8881d4073c00 R08: ffffffff812ba23e R09: ffffed103b705e00
R10: ffffed103b705e00 R11: 0000000000000000 R12: 00000000000000e8
R13: 00000000000000c0 R14: dffffc0000000000 R15: ffff8881d4073c00
FS:  00007f202f64f700(0000) GS:ffff8881db800000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000020016038 CR3: 00000001c96d4005 CR4: 00000000001606f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400

Crashes (120):
Manager	Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro	VM info	Title
ci2-android-5-4-kasan	2020/09/21 02:56	https://android.googlesource.com/kernel/common android-5.4	63d1c2f0b547	9564d2e9	.config	log	report	syz	C
ci2-android-5-4-kasan	2020/01/23 01:30	https://android.googlesource.com/kernel/common android-5.4	8173487568f1	3334d684	.config	log	report	syz	C
ci2-android-5-4-kasan	2021/10/21 22:07	android12-5.4	eb4a5a5dbd5b	55f90bc6	.config	log	report	syz			kernel BUG in cdc_ncm_fill_tx_frame
ci2-android-5-4-kasan	2021/12/04 19:34	android12-5.4	97b7ffb32f29	a617004c	.config	log	report			info	kernel BUG in add_grec
ci2-android-5-4-kasan	2021/11/28 13:44	android12-5.4	0bbc71d87f4d	63eeac02	.config	log	report			info	kernel BUG in mld_newpack
ci2-android-5-4-kasan	2021/11/04 13:45	android12-5.4	2138e7367558	4c1be0be	.config	log	report			info	kernel BUG in mld_newpack
ci2-android-5-4-kasan	2021/11/02 00:31	android12-5.4	2138e7367558	098b5d53	.config	log	report			info	kernel BUG in mld_newpack
ci2-android-5-4-kasan	2021/10/27 23:54	android12-5.4	cbb80ec0faf2	be531bb4	.config	log	report			info	kernel BUG in mld_newpack
ci2-android-5-4-kasan	2021/10/01 00:02	android12-5.4	1e429b8f9eb9	0f01403d	.config	log	report			info	kernel BUG in add_grec
ci2-android-5-4-kasan	2021/09/27 04:18	android12-5.4	d52ac987ad2a	78494d16	.config	log	report			info	kernel BUG in add_grec
ci2-android-5-4-kasan	2021/09/26 01:08	android12-5.4	d52ac987ad2a	8cac236e	.config	log	report			info	kernel BUG in mld_newpack
ci2-android-5-4-kasan	2021/09/13 22:30	android12-5.4	0982ea05007b	58d09404	.config	log	report			info	kernel BUG in add_grec
ci2-android-5-4-kasan	2021/09/12 12:55	android12-5.4	8670e680e307	3ce60af8	.config	log	report			info	kernel BUG in mld_newpack
ci2-android-5-4-kasan	2021/08/26 20:39	android12-5.4	f4bf8b65e48f	b318694d	.config	log	report			info	kernel BUG in add_grec
ci2-android-5-4-kasan	2021/08/17 02:31	android12-5.4	a8f2bcabf9c5	33c26cb7	.config	log	report			info	kernel BUG in add_grec
ci2-android-5-4-kasan	2021/08/12 03:01	android12-5.4	95a38d5c8d5b	6972b106	.config	log	report			info	kernel BUG in add_grec
ci2-android-5-4-kasan	2021/08/11 20:58	android12-5.4	95a38d5c8d5b	6972b106	.config	log	report			info	kernel BUG in mld_newpack
ci2-android-5-4-kasan	2021/08/04 03:28	android12-5.4	e7e1f9adf836	6c236867	.config	log	report			info	kernel BUG in add_grec
ci2-android-5-4-kasan	2021/07/27 08:08	android12-5.4	39e69d830625	fd511809	.config	log	report			info	kernel BUG in add_grec
ci2-android-5-4-kasan	2021/07/26 06:55	android12-5.4	c0f594e44e6e	fd511809	.config	log	report			info	kernel BUG in add_grec
ci2-android-5-4-kasan	2021/07/20 16:38	android12-5.4	94c8a99d3d53	1b201b48	.config	log	report			info	kernel BUG in mld_newpack
ci2-android-5-4-kasan	2021/07/12 06:40	android12-5.4	9c09b1ce4b07	a4869c92	.config	log	report			info	kernel BUG in add_grec
ci2-android-5-4-kasan	2021/07/10 00:40	android12-5.4	3e5f38396428	8f5a7b8c	.config	log	report			info	kernel BUG in add_grec
ci2-android-5-4-kasan	2021/02/14 06:18	android12-5.4	dbfedfa31471	98682e5e	.config	log	report			info	kernel BUG in xfrm_state_find
ci2-android-5-4-kasan	2021/01/27 06:48	android12-5.4	73d140dc8abe	a0ebf917	.config	log	report			info	kernel BUG in xfrm_state_find
ci2-android-5-4-kasan	2021/01/17 10:54	android12-5.4	dc04463953b2	813be542	.config	log	report			info
ci2-android-5-4-kasan	2021/01/17 09:24	android12-5.4	dc04463953b2	65a7a854	.config	log	report			info
ci2-android-5-4-kasan	2021/01/14 08:26	android12-5.4	e5e14bf558c4	269d24e8	.config	log	report			info
ci2-android-5-4-kasan	2021/01/11 20:27	android12-5.4	62ec51519fa1	2c1f2513	.config	log	report			info
ci2-android-5-4-kasan	2021/01/08 22:58	android12-5.4	24fc422cb4b2	c104d4a3	.config	log	report			info
ci2-android-5-4-kasan	2021/01/08 21:33	android12-5.4	24fc422cb4b2	c104d4a3	.config	log	report			info
ci2-android-5-4-kasan	2021/01/08 14:35	android12-5.4	40124ac5f6c7	c104d4a3	.config	log	report			info
ci2-android-5-4-kasan	2021/01/08 03:10	android12-5.4	4aff7f2fb590	c104d4a3	.config	log	report			info
ci2-android-5-4-kasan	2021/01/05 02:10	android12-5.4	e627b02af655	2a28ff1f	.config	log	report			info
ci2-android-5-4-kasan	2021/01/05 00:44	android12-5.4	e627b02af655	2a28ff1f	.config	log	report			info
ci2-android-5-4-kasan	2021/01/04 22:31	android12-5.4	e627b02af655	2a28ff1f	.config	log	report			info
ci2-android-5-4-kasan	2021/01/04 07:46	android12-5.4	e627b02af655	79264ae3	.config	log	report			info
ci2-android-5-4-kasan	2021/01/01 21:06	android12-5.4	e627b02af655	79264ae3	.config	log	report			info
ci2-android-5-4-kasan	2020/12/30 23:44	android12-5.4	04abbfc984ed	ecb8c012	.config	log	report			info
ci2-android-5-4-kasan	2020/12/30 02:50	android12-5.4	b69d75c07de5	0fa352f2	.config	log	report			info
ci2-android-5-4-kasan	2020/12/29 22:12	android12-5.4	b69d75c07de5	80910769	.config	log	report			info
ci2-android-5-4-kasan	2020/12/29 09:02	android12-5.4	b69d75c07de5	8259d56c	.config	log	report			info
ci2-android-5-4-kasan	2020/12/29 07:14	android12-5.4	b69d75c07de5	8259d56c	.config	log	report			info
ci2-android-5-4-kasan	2020/12/29 04:54	android12-5.4	b69d75c07de5	8259d56c	.config	log	report			info
ci2-android-5-4-kasan	2020/12/29 00:25	android12-5.4	b69d75c07de5	8259d56c	.config	log	report			info
ci2-android-5-4-kasan	2020/12/28 19:01	android12-5.4	b69d75c07de5	8259d56c	.config	log	report			info
ci2-android-5-4-kasan	2020/12/28 17:45	android12-5.4	b69d75c07de5	8259d56c	.config	log	report			info
ci2-android-5-4-kasan	2020/12/28 16:08	android12-5.4	b69d75c07de5	8259d56c	.config	log	report			info
ci2-android-5-4-kasan	2020/12/28 14:19	android12-5.4	b69d75c07de5	8259d56c	.config	log	report			info
ci2-android-5-4-kasan	2020/12/24 16:08	android12-5.4	8657d5d6282f	c2c1d1dd	.config	log	report			info
ci2-android-5-4-kasan	2020/12/23 13:22	android12-5.4	8657d5d6282f	c2c1d1dd	.config	log	report			info
ci2-android-5-4-kasan	2020/12/21 16:17	android12-5.4	4aa7a7c97391	04201c06	.config	log	report			info
ci2-android-5-4-kasan	2020/12/15 20:26	android12-5.4	a741f29f3ed2	f213e07e	.config	log	report			info
ci2-android-5-4-kasan	2020/12/15 11:55	android12-5.4	30fc30201c19	97183ed7	.config	log	report			info
ci2-android-5-4-kasan	2020/12/15 07:13	android12-5.4	2149aa11b029	97183ed7	.config	log	report			info
ci2-android-5-4-kasan	2020/12/13 16:09	android12-5.4	35d8dcbb1c64	bca53db9	.config	log	report			info
ci2-android-5-4-kasan	2020/01/12 09:42	https://android.googlesource.com/kernel/common android-5.4	f5f770e495ba	4c04afaa	.config	log	report