kernel BUG at net/core/skbuff.c:LINE!

kernel BUG at net/core/skbuff.c:LINE!
Status: upstream: reported C repro on 2020/01/12 09:43
Reported-by: syzbot+d935648ec6304369192d@syzkaller.appspotmail.com
First crash: 256d, last: 2d14h

similar bugs (8):
Kernel	Title	Repro	Bisected	Count	Last	Reported	Patched	Status
android-44	kernel BUG at net/core/skbuff.c:LINE!	C		79	306d	532d	0/2	public: reported C repro on 2019/04/11 08:44
linux-4.19	kernel BUG at net/core/skbuff.c:LINE!	C		342	1d04h	515d	0/1	upstream: reported C repro on 2019/04/27 20:12
upstream	kernel BUG at net/core/skbuff.c:LINE! (2)	C		562	970d	1059d	4/17	fixed on 2018/01/29 03:39
android-414	kernel BUG at net/core/skbuff.c:LINE!	C		2743	295d	532d	0/1	public: reported C repro on 2019/04/11 00:00
upstream	kernel BUG at net/core/skbuff.c:LINE! (3)	C	cause	3993	16m	965d	0/17	upstream: reported C repro on 2018/02/01 19:21
upstream	kernel BUG at net/core/skbuff.c:LINE!			5	1066d	1136d	3/17	fixed on 2017/10/27 10:10
linux-4.14	kernel BUG at net/core/skbuff.c:LINE!	C		1640	11h20m	530d	0/1	upstream: reported C repro on 2019/04/12 15:43
android-49	kernel BUG at net/core/skbuff.c:LINE!	C		391	295d	531d	0/3	public: reported C repro on 2019/04/12 00:00

Sample crash report:

------------[ cut here ]------------
kernel BUG at net/core/skbuff.c:109!
CPU: 0 PID: 2852 Comm: syz-executor615 Not tainted 5.4.65-syzkaller-00175-g63d1c2f0b547 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:skb_panic+0x14d/0x150 net/core/skbuff.c:105
Code: 48 8b 74 24 08 48 8b 54 24 10 8b 0c 24 44 8b 44 24 04 49 89 e9 b8 00 00 00 00 53 41 55 41 54 41 57 e8 03 59 07 fe 48 83 c4 20 <0f> 0b 90 55 41 57 41 56 41 55 41 54 53 48 83 ec 70 4c 89 cb 4c 89
RSP: 0018:ffff8881d6e6ecc0 EFLAGS: 00010286
RAX: 0000000000000086 RBX: ffffffff84a26bff RCX: 29d865cc16300300
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffff8881d4073c00 R08: ffffffff812ba23e R09: ffffed103b705e00
R10: ffffed103b705e00 R11: 0000000000000000 R12: 00000000000000e8
R13: 00000000000000c0 R14: dffffc0000000000 R15: ffff8881d4073c00
FS:  00007f202f64f700(0000) GS:ffff8881db800000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000002000e038 CR3: 00000001c96d4005 CR4: 00000000001606f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 skb_over_panic+0x25/0x30 net/core/skbuff.c:114
 skb_put+0x1e0/0x1e0 net/core/skbuff.c:1868
 dump_esp_combs net/key/af_key.c:2999 [inline]
 pfkey_send_acquire+0x18ee/0x2d60 net/key/af_key.c:3220
 km_query net/xfrm/xfrm_state.c:2166 [inline]
 xfrm_state_find+0x2f75/0x4990 net/xfrm/xfrm_state.c:1133
 xfrm_tmpl_resolve_one net/xfrm/xfrm_policy.c:2381 [inline]
 xfrm_tmpl_resolve net/xfrm/xfrm_policy.c:2426 [inline]
 xfrm_resolve_and_create_bundle+0x657/0x2ff0 net/xfrm/xfrm_policy.c:2717
 xfrm_lookup_with_ifid+0x955/0x1eb0 net/xfrm/xfrm_policy.c:3040
 xfrm_lookup net/xfrm/xfrm_policy.c:3164 [inline]
 xfrm_lookup_route+0x37/0x170 net/xfrm/xfrm_policy.c:3175
 ip_route_output_flow+0x1ad/0x2a0 net/ipv4/route.c:2727
 udp_sendmsg+0x170f/0x2e40 net/ipv4/udp.c:1147
 sock_sendmsg_nosec net/socket.c:638 [inline]
 sock_sendmsg net/socket.c:658 [inline]
 ____sys_sendmsg+0x56f/0x860 net/socket.c:2298
 ___sys_sendmsg net/socket.c:2352 [inline]
 __sys_sendmmsg+0x338/0x680 net/socket.c:2455
 __do_sys_sendmmsg net/socket.c:2484 [inline]
 __se_sys_sendmmsg net/socket.c:2481 [inline]
 __x64_sys_sendmmsg+0x9c/0xb0 net/socket.c:2481
 do_syscall_64+0xcb/0x150 arch/x86/entry/common.c:290
 entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x449819
Code: e8 8c e7 ff ff 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b 07 fc ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007f202f64eda8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
RAX: ffffffffffffffda RBX: 00000000006dfc38 RCX: 0000000000449819
RDX: 000000000800001d RSI: 0000000020007fc0 RDI: 0000000000000003
RBP: 00000000006dfc30 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dfc3c
R13: 0000000000000002 R14: 0000000009000702 R15: 0000000000000000
Modules linked in:
RIP: 0010:skb_panic+0x14d/0x150 net/core/skbuff.c:105
Code: 48 8b 74 24 08 48 8b 54 24 10 8b 0c 24 44 8b 44 24 04 49 89 e9 b8 00 00 00 00 53 41 55 41 54 41 57 e8 03 59 07 fe 48 83 c4 20 <0f> 0b 90 55 41 57 41 56 41 55 41 54 53 48 83 ec 70 4c 89 cb 4c 89
RSP: 0018:ffff8881d6e6ecc0 EFLAGS: 00010286
RAX: 0000000000000086 RBX: ffffffff84a26bff RCX: 29d865cc16300300
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffff8881d4073c00 R08: ffffffff812ba23e R09: ffffed103b705e00
R10: ffffed103b705e00 R11: 0000000000000000 R12: 00000000000000e8
R13: 00000000000000c0 R14: dffffc0000000000 R15: ffff8881d4073c00
FS:  00007f202f64f700(0000) GS:ffff8881db800000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000020016038 CR3: 00000001c96d4005 CR4: 00000000001606f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400

Crashes (32):
Manager	Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro	VM info	Maintainers
ci2-android-5-4-kasan	2020/09/21 02:56	android-5.4	63d1c2f0	9564d2e9	.config	log	report	syz	C		davem@davemloft.net, herbert@gondor.apana.org.au, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, steffen.klassert@secunet.com
ci2-android-5-4-kasan	2020/01/23 01:30	android-5.4	81734875	3334d684	.config	log	report	syz	C		davem@davemloft.net, kuznet@ms2.inr.ac.ru, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, yoshfuji@linux-ipv6.org
ci2-android-5-4-kasan	2020/09/21 22:07	android-5.4	63d1c2f0	9e1fa68e	.config	log	report			info	davem@davemloft.net, herbert@gondor.apana.org.au, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, steffen.klassert@secunet.com
ci2-android-5-4-kasan	2020/09/21 10:29	android-5.4	63d1c2f0	c81d99c8	.config	log	report			info	davem@davemloft.net, herbert@gondor.apana.org.au, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, steffen.klassert@secunet.com
ci2-android-5-4-kasan	2020/09/21 08:30	android-5.4	63d1c2f0	c81d99c8	.config	log	report			info	davem@davemloft.net, herbert@gondor.apana.org.au, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, steffen.klassert@secunet.com
ci2-android-5-4-kasan	2020/09/21 01:22	android-5.4	63d1c2f0	9564d2e9	.config	log	report			info	davem@davemloft.net, herbert@gondor.apana.org.au, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, steffen.klassert@secunet.com
ci2-android-5-4-kasan	2020/09/20 20:51	android-5.4	63d1c2f0	9564d2e9	.config	log	report			info	davem@davemloft.net, herbert@gondor.apana.org.au, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, steffen.klassert@secunet.com
ci2-android-5-4-kasan	2020/09/16 03:44	android-5.4	63d1c2f0	18d7d030	.config	log	report			info	davem@davemloft.net, herbert@gondor.apana.org.au, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, steffen.klassert@secunet.com
ci2-android-5-4-kasan	2020/09/15 16:56	android-5.4	48ad9769	9e681632	.config	log	report			info	davem@davemloft.net, herbert@gondor.apana.org.au, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, steffen.klassert@secunet.com
ci2-android-5-4-kasan	2020/09/10 08:53	android-5.4	80d830d7	ac7ca78e	.config	log	report				davem@davemloft.net, herbert@gondor.apana.org.au, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, steffen.klassert@secunet.com
ci2-android-5-4-kasan	2020/09/06 22:45	android-5.4	0ef1db7b	abf9ba4f	.config	log	report				davem@davemloft.net, herbert@gondor.apana.org.au, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, steffen.klassert@secunet.com
ci2-android-5-4-kasan	2020/06/14 23:00	android-5.4	a191332e	2a22c77a	.config	log	report				davem@davemloft.net, kuznet@ms2.inr.ac.ru, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, yoshfuji@linux-ipv6.org
ci2-android-5-4-kasan	2020/05/05 20:56	android-5.4	cb109125	4b76dd25	.config	log	report				andriin@fb.com, ast@kernel.org, bpf@vger.kernel.org, daniel@iogearbox.net, davem@davemloft.net, kafai@fb.com, kuznet@ms2.inr.ac.ru, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, songliubraving@fb.com, yhs@fb.com, yoshfuji@linux-ipv6.org
ci2-android-5-4-kasan	2020/01/29 21:57	android-5.4	b891cc41	5ed23f9a	.config	log	report				davem@davemloft.net, kuznet@ms2.inr.ac.ru, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, yoshfuji@linux-ipv6.org
ci2-android-5-4-kasan	2020/01/28 22:05	android-5.4	b2b96d09	c8e81ce4	.config	log	report				davem@davemloft.net, kuznet@ms2.inr.ac.ru, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, yoshfuji@linux-ipv6.org
ci2-android-5-4-kasan	2020/01/28 13:43	android-5.4	b2b96d09	56cd6c9b	.config	log	report				davem@davemloft.net, kuznet@ms2.inr.ac.ru, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, yoshfuji@linux-ipv6.org
ci2-android-5-4-kasan	2020/01/24 05:25	android-5.4	ea962fac	11ebf937	.config	log	report				davem@davemloft.net, kuznet@ms2.inr.ac.ru, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, yoshfuji@linux-ipv6.org
ci2-android-5-4-kasan	2020/01/24 05:13	android-5.4	ea962fac	11ebf937	.config	log	report				davem@davemloft.net, kuznet@ms2.inr.ac.ru, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, yoshfuji@linux-ipv6.org
ci2-android-5-4-kasan	2020/01/24 02:45	android-5.4	ea962fac	11ebf937	.config	log	report				davem@davemloft.net, kuznet@ms2.inr.ac.ru, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, yoshfuji@linux-ipv6.org
ci2-android-5-4-kasan	2020/01/24 02:15	android-5.4	ea962fac	11ebf937	.config	log	report				davem@davemloft.net, kuznet@ms2.inr.ac.ru, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, yoshfuji@linux-ipv6.org
ci2-android-5-4-kasan	2020/01/24 01:10	android-5.4	ea962fac	11ebf937	.config	log	report				davem@davemloft.net, kuznet@ms2.inr.ac.ru, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, yoshfuji@linux-ipv6.org
ci2-android-5-4-kasan	2020/01/24 00:47	android-5.4	ea962fac	11ebf937	.config	log	report				davem@davemloft.net, kuznet@ms2.inr.ac.ru, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, yoshfuji@linux-ipv6.org
ci2-android-5-4-kasan	2020/01/24 00:24	android-5.4	ea962fac	11ebf937	.config	log	report				davem@davemloft.net, kuznet@ms2.inr.ac.ru, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, yoshfuji@linux-ipv6.org
ci2-android-5-4-kasan	2020/01/23 22:49	android-5.4	ea962fac	11ebf937	.config	log	report				davem@davemloft.net, kuznet@ms2.inr.ac.ru, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, yoshfuji@linux-ipv6.org
ci2-android-5-4-kasan	2020/01/23 15:17	android-5.4	ea962fac	11ebf937	.config	log	report				davem@davemloft.net, kuznet@ms2.inr.ac.ru, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, yoshfuji@linux-ipv6.org
ci2-android-5-4-kasan	2020/01/23 07:45	android-5.4	5305f3cd	3334d684	.config	log	report				davem@davemloft.net, kuznet@ms2.inr.ac.ru, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, yoshfuji@linux-ipv6.org
ci2-android-5-4-kasan	2020/01/23 04:57	android-5.4	81734875	3334d684	.config	log	report				davem@davemloft.net, kuznet@ms2.inr.ac.ru, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, yoshfuji@linux-ipv6.org
ci2-android-5-4-kasan	2020/01/23 01:01	android-5.4	81734875	3334d684	.config	log	report				davem@davemloft.net, kuznet@ms2.inr.ac.ru, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, yoshfuji@linux-ipv6.org
ci2-android-5-4-kasan	2020/01/23 00:46	android-5.4	81734875	3334d684	.config	log	report				davem@davemloft.net, kuznet@ms2.inr.ac.ru, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, yoshfuji@linux-ipv6.org
ci2-android-5-4-kasan	2020/01/14 12:49	android-5.4	d32a4878	32881205	.config	log	report				davem@davemloft.net, kuznet@ms2.inr.ac.ru, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, yoshfuji@linux-ipv6.org
ci2-android-5-4-kasan	2020/01/12 23:33	android-5.4	fde6e0c6	53faa9fe	.config	log	report				davem@davemloft.net, kuznet@ms2.inr.ac.ru, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, yoshfuji@linux-ipv6.org
ci2-android-5-4-kasan	2020/01/12 09:42	android-5.4	f5f770e4	4c04afaa	.config	log	report				davem@davemloft.net, kuznet@ms2.inr.ac.ru, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, yoshfuji@linux-ipv6.org