syzbot


kernel BUG at net/core/dev.c:LINE! (4)

Status: fixed on 2022/03/08 16:11
Reported-by: syzbot+@syzkaller.appspotmail.com
Fix commit: f123cffdd8fe net: netlink: af_netlink: Prevent empty skb by adding a check on len.
First crash: 590d, last: 203d

Cause bisection: introduced by (bisect log) :
commit f3c84a8e3e922afdcbc55f04df8fdf8a548f5a21
Author: Nir Dotan <nird@mellanox.com>
Date: Thu Oct 4 15:48:02 2018 +0000

  mlxsw: pci: Derive event type from event queue number

Crash: general protection fault in batadv_iv_ogm_queue_add (log)
Repro: C syz .config

Fix bisection: fixed by (bisect log) :
commit f123cffdd8fe8ea6c7fded4b88516a42798797d0
Author: Harshit Mogalapalli <harshit.m.mogalapalli@oracle.com>
Date: Mon Nov 29 17:53:27 2021 +0000

  net: netlink: af_netlink: Prevent empty skb by adding a check on len.

similar bugs (8):
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-4.19 kernel BUG at net/core/dev.c:LINE! (2) C error 87 18d 571d 0/1 upstream: reported C repro on 2020/12/11 13:29
linux-4.14 kernel BUG in validate_xmit_skb 1 511d 511d 0/1 auto-closed as invalid on 2021/06/10 04:03
upstream kernel BUG at net/core/dev.c:LINE! (2) syz 2 1365d 1365d 12/22 fixed on 2018/10/18 14:43
upstream kernel BUG in netem_enqueue 2 26d 62d 21/22 internal: reported on 2022/05/04 17:12
linux-4.19 kernel BUG at net/core/dev.c:LINE! 4 802d 804d 0/1 auto-closed as invalid on 2020/08/23 07:17
upstream kernel BUG at net/core/dev.c:LINE! C 5 1682d 1687d 3/22 fixed on 2017/12/08 02:32
linux-4.14 kernel BUG at net/core/dev.c:LINE! C inconclusive 3 554d 823d 1/1 fixed on 2021/01/17 13:53
upstream kernel BUG at net/core/dev.c:LINE! (3) C done 979 672d 816d 17/22 fixed on 2020/09/16 22:51

Sample crash report:
------------[ cut here ]------------
kernel BUG at net/core/dev.c:3315!
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
CPU: 0 PID: 8717 Comm: syz-executor187 Not tainted 5.14.0-rc6-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:skb_checksum_help+0x55c/0x560 net/core/dev.c:3315
Code: ff 44 89 f9 80 e1 07 fe c1 38 c1 0f 8c 44 fe ff ff 4c 89 ff e8 45 ad d6 f9 e9 37 fe ff ff e8 9b 61 8d f9 0f 0b e8 94 61 8d f9 <0f> 0b 66 90 41 57 41 56 41 55 41 54 53 49 89 fc 49 bd 00 00 00 00
RSP: 0018:ffffc90002376c80 EFLAGS: 00010293
RAX: ffffffff87f2d63c RBX: 00000000000000e0 RCX: ffff8880163d0000
RDX: 0000000000000000 RSI: 00000000000000e0 RDI: 00000000000003d4
RBP: 00000000000003d4 R08: ffffffff87f2d3c8 R09: fffff5200046ed82
R10: fffff5200046ed82 R11: 0000000000000000 R12: ffff888033f4ae34
R13: ffff888033f4adc0 R14: dffffc0000000000 R15: 00000000000003d2
FS:  00000000010e8300(0000) GS:ffff8880b9c00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000020002180 CR3: 0000000035fc8000 CR4: 00000000001506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 skb_csum_hwoffload_help net/core/dev.c:3720 [inline]
 validate_xmit_skb+0xb1f/0xff0 net/core/dev.c:3763
 __dev_queue_xmit+0x16fc/0x34b0 net/core/dev.c:4276
 neigh_hh_output include/net/neighbour.h:499 [inline]
 neigh_output include/net/neighbour.h:508 [inline]
 ip_finish_output2+0xcaf/0x19f0 net/ipv4/ip_output.c:230
 iptunnel_xmit+0x46b/0x810 net/ipv4/ip_tunnel_core.c:82
 udp_tunnel_xmit_skb+0x1c8/0x2d0 net/ipv4/udp_tunnel_core.c:174
 geneve_xmit_skb drivers/net/geneve.c:971 [inline]
 geneve_xmit+0x13f5/0x2650 drivers/net/geneve.c:1082
 __netdev_start_xmit include/linux/netdevice.h:4944 [inline]
 netdev_start_xmit include/linux/netdevice.h:4958 [inline]
 xmit_one net/core/dev.c:3659 [inline]
 dev_hard_start_xmit+0x20b/0x450 net/core/dev.c:3675
 sch_direct_xmit+0x292/0x5b0 net/sched/sch_generic.c:342
 qdisc_restart net/sched/sch_generic.c:407 [inline]
 __qdisc_run+0x9dc/0x1cd0 net/sched/sch_generic.c:415
 __dev_xmit_skb net/core/dev.c:3944 [inline]
 __dev_queue_xmit+0xe6b/0x34b0 net/core/dev.c:4253
 packet_snd net/packet/af_packet.c:3016 [inline]
 packet_sendmsg+0x4cb9/0x6730 net/packet/af_packet.c:3044
 sock_sendmsg_nosec net/socket.c:703 [inline]
 sock_sendmsg net/socket.c:723 [inline]
 __sys_sendto+0x541/0x720 net/socket.c:2019
 __do_sys_sendto net/socket.c:2031 [inline]
 __se_sys_sendto net/socket.c:2027 [inline]
 __x64_sys_sendto+0xda/0xf0 net/socket.c:2027
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x443a29
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffe15d05ea8 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000443a29
RDX: 0000000000003287 RSI: 0000000020000080 RDI: 0000000000000003
RBP: 0000000000000000 R08: 0000000000000000 R09: 00000000000002ff
R10: 0000000004000002 R11: 0000000000000246 R12: 00007ffe15d05ed0
R13: 00000000000f4240 R14: 000000000000cb0a R15: 00007ffe15d05ec4
Modules linked in:
---[ end trace 9b6ac491372f5f0c ]---
RIP: 0010:skb_checksum_help+0x55c/0x560 net/core/dev.c:3315
Code: ff 44 89 f9 80 e1 07 fe c1 38 c1 0f 8c 44 fe ff ff 4c 89 ff e8 45 ad d6 f9 e9 37 fe ff ff e8 9b 61 8d f9 0f 0b e8 94 61 8d f9 <0f> 0b 66 90 41 57 41 56 41 55 41 54 53 49 89 fc 49 bd 00 00 00 00
RSP: 0018:ffffc90002376c80 EFLAGS: 00010293
RAX: ffffffff87f2d63c RBX: 00000000000000e0 RCX: ffff8880163d0000
RDX: 0000000000000000 RSI: 00000000000000e0 RDI: 00000000000003d4
RBP: 00000000000003d4 R08: ffffffff87f2d3c8 R09: fffff5200046ed82
R10: fffff5200046ed82 R11: 0000000000000000 R12: ffff888033f4ae34
R13: ffff888033f4adc0 R14: dffffc0000000000 R15: 00000000000003d2
FS:  00000000010e8300(0000) GS:ffff8880b9c00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000020002180 CR3: 0000000035fc8000 CR4: 00000000001506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
----------------
Code disassembly (best guess):
   0:	ff 44 89 f9          	incl   -0x7(%rcx,%rcx,4)
   4:	80 e1 07             	and    $0x7,%cl
   7:	fe c1                	inc    %cl
   9:	38 c1                	cmp    %al,%cl
   b:	0f 8c 44 fe ff ff    	jl     0xfffffe55
  11:	4c 89 ff             	mov    %r15,%rdi
  14:	e8 45 ad d6 f9       	callq  0xf9d6ad5e
  19:	e9 37 fe ff ff       	jmpq   0xfffffe55
  1e:	e8 9b 61 8d f9       	callq  0xf98d61be
  23:	0f 0b                	ud2    
  25:	e8 94 61 8d f9       	callq  0xf98d61be
  2a:	0f 0b                	ud2     <-- trapping instruction
  2c:	66 90                	xchg   %ax,%ax
  2e:	41 57                	push   %r15
  30:	41 56                	push   %r14
  32:	41 55                	push   %r13
  34:	41 54                	push   %r12
  36:	53                   	push   %rbx
  37:	49 89 fc             	mov    %rdi,%r12
  3a:	49                   	rex.WB
  3b:	bd 00 00 00 00       	mov    $0x0,%ebp

Crashes (432):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci-upstream-kasan-gce-smack-root 2021/08/18 18:57 upstream 614cb2751d31 a2fe1cb5 .config log report syz C kernel BUG in validate_xmit_skb
ci-upstream-kasan-gce-root 2021/08/11 17:07 upstream 761c6d7ec820 6972b106 .config log report syz C kernel BUG in validate_xmit_skb
ci-upstream-kasan-gce-selinux-root 2021/05/28 00:29 upstream d7c5303fbc8a 858ea628 .config log report syz C kernel BUG in validate_xmit_skb
ci-upstream-kasan-gce-smack-root 2021/05/07 08:56 upstream d2b6f8a17919 06585184 .config log report syz C kernel BUG in validate_xmit_skb
ci-upstream-kasan-gce-root 2021/05/07 01:34 upstream d2b6f8a17919 06585184 .config log report syz C kernel BUG in validate_xmit_skb
ci-upstream-kasan-gce 2021/01/01 16:20 upstream f6e1ea196492 79264ae3 .config log report syz C
ci-upstream-net-this-kasan-gce 2021/08/27 09:52 net 73367f05b25d b318694d .config log report syz C kernel BUG in validate_xmit_skb
ci-upstream-net-this-kasan-gce 2021/05/28 03:55 net d7c5303fbc8a 858ea628 .config log report syz C kernel BUG in validate_xmit_skb
ci-upstream-net-this-kasan-gce 2021/02/04 21:49 net d795cc02a297 42b90a7c .config log report syz C kernel BUG in validate_xmit_skb
ci-upstream-net-this-kasan-gce 2020/11/22 23:37 net f9b036532108 0d27f508 .config log report syz C
ci-upstream-net-kasan-gce 2021/08/27 11:23 net-next 3aa7857fe1d7 b318694d .config log report syz C kernel BUG in validate_xmit_skb
ci-upstream-net-kasan-gce 2021/06/05 11:38 net-next 1a42624aecba 500c2339 .config log report syz C kernel BUG in validate_xmit_skb
ci-upstream-net-kasan-gce 2021/05/28 01:43 net-next 59c56342459a 858ea628 .config log report syz C kernel BUG in validate_xmit_skb
ci-upstream-net-kasan-gce 2021/02/04 15:29 net-next 32d1bbb1d609 42b90a7c .config log report syz C kernel BUG in validate_xmit_skb
ci-upstream-net-kasan-gce 2020/11/22 22:15 net-next f9e425e99b07 0d27f508 .config log report syz C
ci-upstream-linux-next-kasan-gce-root 2021/12/07 21:09 linux-next 04fe99a8d936 0230ba3e .config log report syz C kernel BUG in validate_xmit_skb
ci-upstream-linux-next-kasan-gce-root 2021/09/20 03:37 linux-next 9004fd387338 70b76c1d .config log report syz C kernel BUG in validate_xmit_skb
ci-upstream-kasan-gce-smack-root 2021/12/13 11:34 upstream 2585cf9dfaad 49ca1f59 .config log report info kernel BUG in validate_xmit_skb
ci-upstream-kasan-gce-smack-root 2021/12/11 14:29 upstream 6f513529296f 49ca1f59 .config log report info kernel BUG in validate_xmit_skb
ci-upstream-kasan-gce-smack-root 2021/12/10 00:15 upstream c741e49150db b54aa474 .config log report info kernel BUG in validate_xmit_skb
ci-upstream-kasan-gce-smack-root 2021/12/09 09:21 upstream 2a987e65025e a4a2a501 .config log report info kernel BUG in validate_xmit_skb
ci-upstream-kasan-gce-selinux-root 2021/12/02 12:08 upstream 58e1100fdc59 61f86278 .config log report info kernel BUG in validate_xmit_skb
ci-upstream-kasan-gce-root 2021/12/02 10:52 upstream 58e1100fdc59 61f86278 .config log report info kernel BUG in validate_xmit_skb
ci-upstream-kasan-gce-selinux-root 2021/12/02 01:03 upstream 58e1100fdc59 61f86278 .config log report info kernel BUG in validate_xmit_skb
ci-upstream-kasan-gce-root 2021/12/01 17:23 upstream 58e1100fdc59 5fa3eacc .config log report info kernel BUG in validate_xmit_skb
ci-upstream-kasan-gce-root 2021/12/01 10:15 upstream 58e1100fdc59 5fa3eacc .config log report info kernel BUG in validate_xmit_skb
ci-upstream-kasan-gce-smack-root 2021/12/01 05:21 upstream f080815fdb3e 80270552 .config log report info kernel BUG in validate_xmit_skb
ci-upstream-kasan-gce-root 2021/11/30 11:20 upstream d58071a8a76d 80270552 .config log report info kernel BUG in validate_xmit_skb
ci-upstream-kasan-gce-selinux-root 2021/11/30 01:50 upstream d58071a8a76d d0830353 .config log report info kernel BUG in validate_xmit_skb
ci-upstream-kasan-gce-root 2021/11/29 15:40 upstream d58071a8a76d d0830353 .config log report info kernel BUG in validate_xmit_skb
ci-upstream-kasan-gce-smack-root 2021/11/29 12:04 upstream d58071a8a76d 63eeac02 .config log report info kernel BUG in validate_xmit_skb
ci-upstream-kasan-gce-selinux-root 2021/11/29 11:58 upstream d58071a8a76d 63eeac02 .config log report info kernel BUG in validate_xmit_skb
ci-upstream-kasan-gce-root 2021/11/29 01:25 upstream d06c942efea4 63eeac02 .config log report info kernel BUG in validate_xmit_skb
ci-upstream-kasan-gce-selinux-root 2021/11/28 11:09 upstream 3498e7f2bb41 63eeac02 .config log report info kernel BUG in validate_xmit_skb
ci-upstream-kasan-gce-root 2021/11/28 02:11 upstream 741392771338 63eeac02 .config log report info kernel BUG in validate_xmit_skb
ci-upstream-kasan-gce-selinux-root 2021/11/27 22:34 upstream 741392771338 63eeac02 .config log report info kernel BUG in validate_xmit_skb
ci-upstream-kasan-gce-selinux-root 2021/11/27 21:30 upstream 741392771338 63eeac02 .config log report info kernel BUG in validate_xmit_skb
ci-upstream-kasan-gce-root 2021/11/27 20:19 upstream 741392771338 63eeac02 .config log report info kernel BUG in validate_xmit_skb
ci-upstream-kasan-gce-selinux-root 2021/11/27 11:56 upstream c5c17547b778 63eeac02 .config log report info kernel BUG in validate_xmit_skb
ci-upstream-kasan-gce-root 2021/11/26 15:02 upstream a4849f6000e2 63eeac02 .config log report info kernel BUG in validate_xmit_skb
ci-upstream-kasan-gce-selinux-root 2021/11/25 19:48 upstream b501b85957de 63eeac02 .config log report info kernel BUG in validate_xmit_skb
ci-upstream-kasan-gce-smack-root 2021/11/25 18:32 upstream 5f53fa508db0 63eeac02 .config log report info kernel BUG in validate_xmit_skb
ci-upstream-kasan-gce-selinux-root 2021/11/23 11:16 upstream 136057256686 545ab074 .config log report info kernel BUG in queue_userspace_packet
ci-qemu-upstream 2021/11/21 11:26 upstream 923dcc5eb0c1 4eb20a4e .config log report info kernel BUG in netem_enqueue
ci-qemu-upstream 2021/11/08 12:32 upstream 6b75d88fa81b d29682f1 .config log report info kernel BUG in napi_enable
ci-upstream-kasan-gce-selinux-root 2021/06/09 13:04 upstream 368094df48e6 84fe5d96 .config log report info kernel BUG in encrypt_packet
ci-upstream-kasan-gce 2021/02/04 12:44 upstream 61556703b610 42b90a7c .config log report info kernel BUG in validate_xmit_skb
ci-qemu-upstream-386 2021/11/01 10:51 upstream 8bb7eca972ad 098b5d53 .config log report info kernel BUG in validate_xmit_skb
ci-qemu-upstream-386 2021/08/05 04:17 upstream 251a1524293d 7f7bb950 .config log report info kernel BUG in netem_enqueue
ci-upstream-kasan-gce-386 2021/01/20 08:35 upstream 45dfb8a5659a 63631df1 .config log report info kernel BUG in validate_xmit_skb
ci-upstream-kasan-gce-386 2021/01/17 04:09 upstream 0da0a8a0a0e1 65a7a854 .config log report info
ci-upstream-net-this-kasan-gce 2021/11/30 08:28 net cdef485217d3 d0830353 .config log report info kernel BUG in validate_xmit_skb
ci-upstream-net-this-kasan-gce 2021/11/29 04:17 net c5c17547b778 63eeac02 .config log report info kernel BUG in validate_xmit_skb
ci-upstream-net-this-kasan-gce 2021/11/25 22:43 net 9dbe33cf371b 63eeac02 .config log report info kernel BUG in validate_xmit_skb
ci-upstream-net-this-kasan-gce 2021/06/24 10:15 net c2f5c57d99de ec865f6a .config log report info kernel BUG in ip_do_fragment
ci-upstream-net-kasan-gce 2021/11/30 22:53 net-next 72a2ff567fc3 80270552 .config log report info kernel BUG in validate_xmit_skb
ci-upstream-net-kasan-gce 2021/11/28 05:14 net-next d40ce48cb3a6 63eeac02 .config log report info kernel BUG in validate_xmit_skb
ci-upstream-net-kasan-gce 2021/11/26 18:52 net-next 35bf8c86eeb8 63eeac02 .config log report info kernel BUG in validate_xmit_skb
ci-upstream-net-kasan-gce 2021/11/26 02:48 net-next 305e95bb893c 63eeac02 .config log report info kernel BUG in validate_xmit_skb
ci-upstream-net-kasan-gce 2021/11/25 11:57 net-next 305e95bb893c 545ab074 .config log report info kernel BUG in validate_xmit_skb
ci-upstream-net-kasan-gce 2021/11/10 09:02 net-next cc0356d6a02e 55fa030c .config log report info kernel BUG in ip6_fragment
ci-upstream-net-kasan-gce 2020/11/22 21:18 net-next f9e425e99b07 0d27f508 .config log report info
ci-upstream-linux-next-kasan-gce-root 2021/12/15 04:14 linux-next ea922272cbe5 f752fb53 .config log report info kernel BUG in validate_xmit_skb
ci-upstream-linux-next-kasan-gce-root 2021/12/09 04:27 linux-next 4eee8d0b64ec a4a2a501 .config log report info kernel BUG in validate_xmit_skb
ci-upstream-linux-next-kasan-gce-root 2021/12/08 13:14 linux-next 4eee8d0b64ec a4a2a501 .config log report info kernel BUG in validate_xmit_skb
ci-upstream-linux-next-kasan-gce-root 2021/12/06 05:04 linux-next f81e94e91878 a617004c .config log report info kernel BUG in validate_xmit_skb
ci-upstream-linux-next-kasan-gce-root 2021/12/06 01:10 linux-next f81e94e91878 a617004c .config log report info kernel BUG in validate_xmit_skb
ci-upstream-linux-next-kasan-gce-root 2021/12/05 14:16 linux-next f81e94e91878 a617004c .config log report info kernel BUG in validate_xmit_skb
ci-upstream-linux-next-kasan-gce-root 2021/12/04 22:33 linux-next f81e94e91878 a617004c .config log report info kernel BUG in validate_xmit_skb
ci-upstream-linux-next-kasan-gce-root 2021/12/01 22:47 linux-next f81e94e91878 61f86278 .config log report info kernel BUG in validate_xmit_skb
ci-upstream-linux-next-kasan-gce-root 2021/11/30 17:06 linux-next f81e94e91878 80270552 .config log report info kernel BUG in validate_xmit_skb
ci-upstream-linux-next-kasan-gce-root 2021/11/30 07:20 linux-next f81e94e91878 d0830353 .config log report info kernel BUG in validate_xmit_skb
ci-upstream-linux-next-kasan-gce-root 2021/11/27 17:25 linux-next f81e94e91878 63eeac02 .config log report info kernel BUG in validate_xmit_skb
ci-upstream-linux-next-kasan-gce-root 2021/11/27 09:58 linux-next f81e94e91878 63eeac02 .config log report info kernel BUG in validate_xmit_skb
ci-upstream-linux-next-kasan-gce-root 2021/11/27 02:27 linux-next f81e94e91878 63eeac02 .config log report info kernel BUG in validate_xmit_skb
ci-upstream-linux-next-kasan-gce-root 2021/11/26 13:55 linux-next f81e94e91878 63eeac02 .config log report info kernel BUG in validate_xmit_skb
ci-upstream-linux-next-kasan-gce-root 2021/11/26 11:23 linux-next f81e94e91878 63eeac02 .config log report info kernel BUG in validate_xmit_skb