kernel BUG at net/core/skbuff.c:LINE!

kernel BUG at net/core/skbuff.c:LINE!
Status: upstream: reported C repro on 2020/01/12 09:43
Reported-by: syzbot+d935648ec6304369192d@syzkaller.appspotmail.com
First crash: 412d, last: 13d

similar bugs (8):
Kernel	Title	Repro	Cause bisect	Fix bisect	Count	Last	Reported	Patched	Status
android-44	kernel BUG at net/core/skbuff.c:LINE!	C			79	463d	688d	0/2	public: reported C repro on 2019/04/11 08:44
linux-4.19	kernel BUG at net/core/skbuff.c:LINE!	C		unreliable	484	41d	672d	0/1	upstream: reported C repro on 2019/04/27 20:12
upstream	kernel BUG at net/core/skbuff.c:LINE! (2)	C			562	1127d	1216d	4/21	fixed on 2018/01/29 03:39
android-414	kernel BUG at net/core/skbuff.c:LINE!	C			2743	451d	689d	0/1	public: reported C repro on 2019/04/11 00:00
upstream	kernel BUG at net/core/skbuff.c:LINE! (3)	C	done		4399	5d12h	1122d	20/21	upstream: reported C repro on 2018/02/01 19:21
upstream	kernel BUG at net/core/skbuff.c:LINE!				5	1222d	1293d	3/21	fixed on 2017/10/27 10:10
linux-4.14	kernel BUG at net/core/skbuff.c:LINE!	C			2643	6h37m	687d	0/1	upstream: reported C repro on 2019/04/12 15:43
android-49	kernel BUG at net/core/skbuff.c:LINE!	C			391	452d	688d	0/3	public: reported C repro on 2019/04/12 00:00

Sample crash report:

------------[ cut here ]------------
kernel BUG at net/core/skbuff.c:109!
CPU: 0 PID: 2852 Comm: syz-executor615 Not tainted 5.4.65-syzkaller-00175-g63d1c2f0b547 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:skb_panic+0x14d/0x150 net/core/skbuff.c:105
Code: 48 8b 74 24 08 48 8b 54 24 10 8b 0c 24 44 8b 44 24 04 49 89 e9 b8 00 00 00 00 53 41 55 41 54 41 57 e8 03 59 07 fe 48 83 c4 20 <0f> 0b 90 55 41 57 41 56 41 55 41 54 53 48 83 ec 70 4c 89 cb 4c 89
RSP: 0018:ffff8881d6e6ecc0 EFLAGS: 00010286
RAX: 0000000000000086 RBX: ffffffff84a26bff RCX: 29d865cc16300300
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffff8881d4073c00 R08: ffffffff812ba23e R09: ffffed103b705e00
R10: ffffed103b705e00 R11: 0000000000000000 R12: 00000000000000e8
R13: 00000000000000c0 R14: dffffc0000000000 R15: ffff8881d4073c00
FS:  00007f202f64f700(0000) GS:ffff8881db800000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000002000e038 CR3: 00000001c96d4005 CR4: 00000000001606f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 skb_over_panic+0x25/0x30 net/core/skbuff.c:114
 skb_put+0x1e0/0x1e0 net/core/skbuff.c:1868
 dump_esp_combs net/key/af_key.c:2999 [inline]
 pfkey_send_acquire+0x18ee/0x2d60 net/key/af_key.c:3220
 km_query net/xfrm/xfrm_state.c:2166 [inline]
 xfrm_state_find+0x2f75/0x4990 net/xfrm/xfrm_state.c:1133
 xfrm_tmpl_resolve_one net/xfrm/xfrm_policy.c:2381 [inline]
 xfrm_tmpl_resolve net/xfrm/xfrm_policy.c:2426 [inline]
 xfrm_resolve_and_create_bundle+0x657/0x2ff0 net/xfrm/xfrm_policy.c:2717
 xfrm_lookup_with_ifid+0x955/0x1eb0 net/xfrm/xfrm_policy.c:3040
 xfrm_lookup net/xfrm/xfrm_policy.c:3164 [inline]
 xfrm_lookup_route+0x37/0x170 net/xfrm/xfrm_policy.c:3175
 ip_route_output_flow+0x1ad/0x2a0 net/ipv4/route.c:2727
 udp_sendmsg+0x170f/0x2e40 net/ipv4/udp.c:1147
 sock_sendmsg_nosec net/socket.c:638 [inline]
 sock_sendmsg net/socket.c:658 [inline]
 ____sys_sendmsg+0x56f/0x860 net/socket.c:2298
 ___sys_sendmsg net/socket.c:2352 [inline]
 __sys_sendmmsg+0x338/0x680 net/socket.c:2455
 __do_sys_sendmmsg net/socket.c:2484 [inline]
 __se_sys_sendmmsg net/socket.c:2481 [inline]
 __x64_sys_sendmmsg+0x9c/0xb0 net/socket.c:2481
 do_syscall_64+0xcb/0x150 arch/x86/entry/common.c:290
 entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x449819
Code: e8 8c e7 ff ff 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b 07 fc ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007f202f64eda8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
RAX: ffffffffffffffda RBX: 00000000006dfc38 RCX: 0000000000449819
RDX: 000000000800001d RSI: 0000000020007fc0 RDI: 0000000000000003
RBP: 00000000006dfc30 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dfc3c
R13: 0000000000000002 R14: 0000000009000702 R15: 0000000000000000
Modules linked in:
RIP: 0010:skb_panic+0x14d/0x150 net/core/skbuff.c:105
Code: 48 8b 74 24 08 48 8b 54 24 10 8b 0c 24 44 8b 44 24 04 49 89 e9 b8 00 00 00 00 53 41 55 41 54 41 57 e8 03 59 07 fe 48 83 c4 20 <0f> 0b 90 55 41 57 41 56 41 55 41 54 53 48 83 ec 70 4c 89 cb 4c 89
RSP: 0018:ffff8881d6e6ecc0 EFLAGS: 00010286
RAX: 0000000000000086 RBX: ffffffff84a26bff RCX: 29d865cc16300300
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffff8881d4073c00 R08: ffffffff812ba23e R09: ffffed103b705e00
R10: ffffed103b705e00 R11: 0000000000000000 R12: 00000000000000e8
R13: 00000000000000c0 R14: dffffc0000000000 R15: ffff8881d4073c00
FS:  00007f202f64f700(0000) GS:ffff8881db800000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000020016038 CR3: 00000001c96d4005 CR4: 00000000001606f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400

Crashes (99):
Manager	Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro	VM info	Title
ci2-android-5-4-kasan	2020/09/21 02:56	https://android.googlesource.com/kernel/common android-5.4	63d1c2f0	9564d2e9	.config	log	report	syz	C
ci2-android-5-4-kasan	2020/01/23 01:30	https://android.googlesource.com/kernel/common android-5.4	81734875	3334d684	.config	log	report	syz	C
ci2-android-5-4-kasan	2021/02/14 06:18	android12-5.4	dbfedfa3	98682e5e	.config	log	report			info	kernel BUG in xfrm_state_find
ci2-android-5-4-kasan	2021/01/27 06:48	android12-5.4	73d140dc	a0ebf917	.config	log	report			info	kernel BUG in xfrm_state_find
ci2-android-5-4-kasan	2021/01/17 10:54	android12-5.4	dc044639	813be542	.config	log	report			info
ci2-android-5-4-kasan	2021/01/17 09:24	android12-5.4	dc044639	65a7a854	.config	log	report			info
ci2-android-5-4-kasan	2021/01/14 08:26	android12-5.4	e5e14bf5	269d24e8	.config	log	report			info
ci2-android-5-4-kasan	2021/01/11 20:27	android12-5.4	62ec5151	2c1f2513	.config	log	report			info
ci2-android-5-4-kasan	2021/01/08 22:58	android12-5.4	24fc422c	c104d4a3	.config	log	report			info
ci2-android-5-4-kasan	2021/01/08 21:33	android12-5.4	24fc422c	c104d4a3	.config	log	report			info
ci2-android-5-4-kasan	2021/01/08 14:35	android12-5.4	40124ac5	c104d4a3	.config	log	report			info
ci2-android-5-4-kasan	2021/01/08 03:10	android12-5.4	4aff7f2f	c104d4a3	.config	log	report			info
ci2-android-5-4-kasan	2021/01/05 02:10	android12-5.4	e627b02a	2a28ff1f	.config	log	report			info
ci2-android-5-4-kasan	2021/01/05 00:44	android12-5.4	e627b02a	2a28ff1f	.config	log	report			info
ci2-android-5-4-kasan	2021/01/04 22:31	android12-5.4	e627b02a	2a28ff1f	.config	log	report			info
ci2-android-5-4-kasan	2021/01/04 07:46	android12-5.4	e627b02a	79264ae3	.config	log	report			info
ci2-android-5-4-kasan	2021/01/01 21:06	android12-5.4	e627b02a	79264ae3	.config	log	report			info
ci2-android-5-4-kasan	2020/12/30 23:44	android12-5.4	04abbfc9	ecb8c012	.config	log	report			info
ci2-android-5-4-kasan	2020/12/30 02:50	android12-5.4	b69d75c0	0fa352f2	.config	log	report			info
ci2-android-5-4-kasan	2020/12/29 22:12	android12-5.4	b69d75c0	80910769	.config	log	report			info
ci2-android-5-4-kasan	2020/12/29 09:02	android12-5.4	b69d75c0	8259d56c	.config	log	report			info
ci2-android-5-4-kasan	2020/12/29 07:14	android12-5.4	b69d75c0	8259d56c	.config	log	report			info
ci2-android-5-4-kasan	2020/12/29 04:54	android12-5.4	b69d75c0	8259d56c	.config	log	report			info
ci2-android-5-4-kasan	2020/12/29 00:25	android12-5.4	b69d75c0	8259d56c	.config	log	report			info
ci2-android-5-4-kasan	2020/12/28 19:01	android12-5.4	b69d75c0	8259d56c	.config	log	report			info
ci2-android-5-4-kasan	2020/12/28 17:45	android12-5.4	b69d75c0	8259d56c	.config	log	report			info
ci2-android-5-4-kasan	2020/12/28 16:08	android12-5.4	b69d75c0	8259d56c	.config	log	report			info
ci2-android-5-4-kasan	2020/12/28 14:19	android12-5.4	b69d75c0	8259d56c	.config	log	report			info
ci2-android-5-4-kasan	2020/12/24 16:08	android12-5.4	8657d5d6	c2c1d1dd	.config	log	report			info
ci2-android-5-4-kasan	2020/12/23 13:22	android12-5.4	8657d5d6	c2c1d1dd	.config	log	report			info
ci2-android-5-4-kasan	2020/12/21 16:17	android12-5.4	4aa7a7c9	04201c06	.config	log	report			info
ci2-android-5-4-kasan	2020/12/15 20:26	android12-5.4	a741f29f	f213e07e	.config	log	report			info
ci2-android-5-4-kasan	2020/12/15 11:55	android12-5.4	30fc3020	97183ed7	.config	log	report			info
ci2-android-5-4-kasan	2020/12/15 07:13	android12-5.4	2149aa11	97183ed7	.config	log	report			info
ci2-android-5-4-kasan	2020/12/13 16:09	android12-5.4	35d8dcbb	bca53db9	.config	log	report			info
ci2-android-5-4-kasan	2020/12/13 01:40	android12-5.4	6d7fe6dc	bca53db9	.config	log	report			info
ci2-android-5-4-kasan	2020/12/12 06:58	android12-5.4	6dd7aff0	bca53db9	.config	log	report			info
ci2-android-5-4-kasan	2020/12/11 21:49	android12-5.4	b5ec6824	ba24ffcd	.config	log	report			info
ci2-android-5-4-kasan	2020/12/11 12:39	android12-5.4	b5ec6824	ba24ffcd	.config	log	report			info
ci2-android-5-4-kasan	2020/12/11 00:49	android12-5.4	b5ec6824	f900b48c	.config	log	report			info
ci2-android-5-4-kasan	2020/12/10 20:13	android12-5.4	d7ec6808	2a55c22b	.config	log	report			info
ci2-android-5-4-kasan	2020/12/10 15:54	android12-5.4	d7ec6808	2a55c22b	.config	log	report			info
ci2-android-5-4-kasan	2020/12/10 03:53	android12-5.4	d7ec6808	c090b4da	.config	log	report			info
ci2-android-5-4-kasan	2020/12/08 23:24	android12-5.4	ffb252da	40cc414d	.config	log	report			info
ci2-android-5-4-kasan	2020/12/08 08:25	android12-5.4	32c81c87	9af51e31	.config	log	report			info
ci2-android-5-4-kasan	2020/12/07 19:39	android12-5.4	623a7e96	f80ce148	.config	log	report			info
ci2-android-5-4-kasan	2020/12/07 10:01	android12-5.4	623a7e96	f80ce148	.config	log	report			info
ci2-android-5-4-kasan	2020/12/06 10:41	android12-5.4	616dba5e	f12ba0c5	.config	log	report			info
ci2-android-5-4-kasan	2020/12/06 02:58	android12-5.4	616dba5e	50503117	.config	log	report			info
ci2-android-5-4-kasan	2020/12/05 17:34	android12-5.4	616dba5e	0ef84591	.config	log	report			info
ci2-android-5-4-kasan	2020/01/14 12:49	https://android.googlesource.com/kernel/common android-5.4	d32a4878	32881205	.config	log	report
ci2-android-5-4-kasan	2020/01/12 23:33	https://android.googlesource.com/kernel/common android-5.4	fde6e0c6	53faa9fe	.config	log	report
ci2-android-5-4-kasan	2020/01/12 09:42	https://android.googlesource.com/kernel/common android-5.4	f5f770e4	4c04afaa	.config	log	report