general protection fault in xfrm_init

Title	Replies (including bot)	Last reply
Reminder: 26 open syzbot bugs in "net/xfrm" subsystem	1 (1)	2019/07/24 01:42
Reminder: 27 open syzbot bugs in "net/xfrm" subsystem	1 (1)	2019/06/25 05:51
general protection fault in xfrm_init_replay	0 (1)	2018/03/16 23:59

audit: type=1400 audit(1521168724.857:11): avc: denied { net_admin } for pid=4241 comm="syz-executor4" capability=12 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 IPVS: ftp: loaded support on port[0] = 21 kasan: CONFIG_KASAN_INLINE enabled kasan: GPF could be caused by NULL-ptr deref or user memory access IPVS: ftp: loaded support on port[0] = 21 general protection fault: 0000 [#1] SMP KASAN kasan: CONFIG_KASAN_INLINE enabled Dumping ftrace buffer: (ftrace buffer empty) Modules linked in: CPU: 1 PID: 4260 Comm: syz-executor3 Not tainted 4.16.0-rc4+ #267 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 kasan: GPF could be caused by NULL-ptr deref or user memory access RIP: 0010:xfrm_init_replay+0x60/0x220 net/xfrm/xfrm_replay.c:745 RSP: 0018:ffff8801a9bdf360 EFLAGS: 00010203 RAX: dffffc0000000000 RBX: ffff8801cbd98d80 RCX: ffffffff84ea4c3a RDX: 0000000000000004 RSI: ffff8801cbd992f4 RDI: 0000000000000024 RBP: ffff8801a9bdf380 R08: 0000000000000000 R09: 1ffff1003537be21 R10: ffff8801a9bdf040 R11: 0000000000000001 R12: 0000000000000010 R13: ffff8801a9bdf598 R14: ffff8801cbd98d80 R15: ffff8801cbd99200 FS: 00007f5382917700(0000) GS:ffff8801db300000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000464b00 CR3: 00000001cbd20001 CR4: 00000000001606e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: xfrm_state_construct net/xfrm/xfrm_user.c:610 [inline] xfrm_add_sa+0x1d3e/0x3440 net/xfrm/xfrm_user.c:647 xfrm_user_rcv_msg+0x41c/0x860 net/xfrm/xfrm_user.c:2595 netlink_rcv_skb+0x14b/0x380 net/netlink/af_netlink.c:2444 xfrm_netlink_rcv+0x6f/0x90 net/xfrm/xfrm_user.c:2603 netlink_unicast_kernel net/netlink/af_netlink.c:1308 [inline] netlink_unicast+0x4c4/0x6b0 net/netlink/af_netlink.c:1334 netlink_sendmsg+0xa4a/0xe60 net/netlink/af_netlink.c:1897 sock_sendmsg_nosec net/socket.c:629 [inline] sock_sendmsg+0xca/0x110 net/socket.c:639 ___sys_sendmsg+0x767/0x8b0 net/socket.c:2047 __sys_sendmsg+0xe5/0x210 net/socket.c:2081 SYSC_sendmsg net/socket.c:2092 [inline] SyS_sendmsg+0x2d/0x50 net/socket.c:2088 do_syscall_64+0x281/0x940 arch/x86/entry/common.c:287 entry_SYSCALL_64_after_hwframe+0x42/0xb7 RIP: 0033:0x453e69 RSP: 002b:00007f5382916c68 EFLAGS: 00000246 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 00007f53829176d4 RCX: 0000000000453e69 RDX: 0000000000000000 RSI: 000000002014f000 RDI: 0000000000000003 RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff R13: 00000000000004c7 R14: 00000000006f7348 R15: 0000000000000000 Code: 4c 8b a3 b8 01 00 00 4d 85 e4 0f 84 49 01 00 00 e8 a6 bd 86 fc 49 8d 7c 24 14 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <0f> b6 14 02 48 89 f8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 RIP: xfrm_init_replay+0x60/0x220 net/xfrm/xfrm_replay.c:745 RSP: ffff8801a9bdf360 general protection fault: 0000 [#2] SMP KASAN ---[ end trace cdf49f9f8c02f82d ]--- Dumping ftrace buffer: (ftrace buffer empty) Modules linked in: CPU: 0 PID: 4255 Comm: syz-executor4 Tainted: G D 4.16.0-rc4+ #267

Crashes (2):
Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro	VM info	Assets (help?)	Manager	Title
2018/03/16 03:00	net-next-old	80d9f3a0fdb8	08dacaa0	.config	console log	report	syz				ci-upstream-net-kasan-gce
2018/03/16 02:44	net-next-old	80d9f3a0fdb8	08dacaa0	.config	console log	report					ci-upstream-net-kasan-gce

Crashes (2):

Assets (help?)