syzbot


kernel BUG in llc_sap_action_send_xid_c

Status: fixed on 2021/11/10 00:50
Reported-by: syzbot+5e5a981ad7cc54c4b2b4@syzkaller.appspotmail.com
Fix commit: c7c9d2102c9c net: llc: fix skb_over_panic
First crash: 476d, last: 237d

Cause bisection: failed (bisect log)
similar bugs (16):
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-4.19 kernel BUG at net/core/skbuff.c:LINE! C unreliable 493 20d 1164d 0/1 upstream: reported C repro on 2019/04/27 20:12
linux-4.14 kernel BUG at net/core/skbuff.c:LINE! C 2874 6h28m 1179d 0/1 upstream: reported C repro on 2019/04/12 15:43
android-44 kernel BUG at net/core/skbuff.c:LINE! C 79 955d 1180d 0/2 public: reported C repro on 2019/04/11 08:44
android-54 kernel BUG in pfkey_send_acquire syz 32 505d 533d 0/2 upstream: reported syz repro on 2021/01/17 15:19
upstream kernel BUG at net/core/skbuff.c:LINE! (2) C 562 1619d 1708d 4/22 fixed on 2018/01/29 03:39
android-5-10 kernel BUG in add_grec C error 83 98d 172d 2/3 fixed on 2022/03/29 10:01
android-54 kernel BUG at net/core/skbuff.c:LINE! C 199 10d 904d 0/2 upstream: reported C repro on 2020/01/12 09:43
android-414 kernel BUG at net/core/skbuff.c:LINE! C 2743 943d 1181d 0/1 public: reported C repro on 2019/04/11 00:00
android-5-10 kernel BUG in add_grec (2) 369 10h31m 97d 0/3 premoderation: reported on 2022/03/29 11:58
upstream kernel BUG in netem_enqueue 2 24d 61d 21/22 internal: reported on 2022/05/04 17:12
android-5-10 kernel BUG in cdc_ncm_fill_tx_frame C error 40 190d 256d 1/3 fixed on 2021/12/29 12:20
upstream kernel BUG at net/core/skbuff.c:LINE! (3) C done 4399 497d 1614d 21/22 fixed on 2021/03/10 01:48
upstream kernel BUG at net/core/skbuff.c:LINE! 5 1714d 1785d 3/22 fixed on 2017/10/27 10:10
linux-4.19 kernel BUG in pfkey_send_acquire C done 56 504d 533d 1/1 fixed on 2021/03/18 08:30
upstream kernel BUG in pskb_expand_head C done 271 1h59m 231d 15/22 upstream: reported C repro on 2021/11/15 08:38
android-49 kernel BUG at net/core/skbuff.c:LINE! C 391 944d 1180d 0/3 public: reported C repro on 2019/04/12 00:00
Patch testing requests:
Created Duration User Patch Repo Result
2021/07/24 20:00 16m paskripkin@gmail.com patch upstream OK

Sample crash report:
skbuff: skb_over_panic: text:ffffffff8717de50 len:692 put:3 head:ffff888025f6f000 data:ffff888025f6f00e tail:0x2c2 end:0x2c0 dev:bond0
------------[ cut here ]------------
kernel BUG at net/core/skbuff.c:109!
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
CPU: 1 PID: 8372 Comm: syz-executor543 Not tainted 5.12.0-rc4-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:skb_panic+0x16c/0x16e net/core/skbuff.c:109
Code: f8 4c 8b 4c 24 10 8b 4b 70 41 56 45 89 e8 4c 89 e2 41 57 48 89 ee 48 c7 c7 40 b2 65 8a ff 74 24 10 ff 74 24 20 e8 e7 c0 c4 ff <0f> 0b e8 d2 e0 75 f8 4c 8b 64 24 18 e8 c8 87 b9 f8 48 c7 c1 80 be
RSP: 0018:ffffc9000132f7b8 EFLAGS: 00010282
RAX: 0000000000000086 RBX: ffff888012a91140 RCX: 0000000000000000
RDX: ffff888021d6d4c0 RSI: ffffffff815c4d75 RDI: fffff52000265ee9
RBP: ffffffff8a65bec0 R08: 0000000000000086 R09: 0000000000000000
R10: ffffffff815bdb0e R11: 0000000000000000 R12: ffffffff8717de50
R13: 0000000000000003 R14: ffff88801aa24000 R15: 00000000000002c0
FS:  0000000001d53300(0000) GS:ffff8880b9d00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055acdca69398 CR3: 0000000020a7b000 CR4: 00000000001506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 skb_over_panic net/core/skbuff.c:114 [inline]
 skb_put.cold+0x24/0x24 net/core/skbuff.c:1914
 llc_pdu_init_as_xid_cmd include/net/llc_pdu.h:377 [inline]
 llc_sap_action_send_xid_c+0x240/0x380 net/llc/llc_s_ac.c:84
 llc_exec_sap_trans_actions net/llc/llc_sap.c:153 [inline]
 llc_sap_next_state net/llc/llc_sap.c:182 [inline]
 llc_sap_state_process+0x22a/0x4f0 net/llc/llc_sap.c:209
 llc_ui_sendmsg+0x9ee/0x1040 net/llc/af_llc.c:964
 sock_sendmsg_nosec net/socket.c:654 [inline]
 sock_sendmsg+0xcf/0x120 net/socket.c:674
 ____sys_sendmsg+0x331/0x810 net/socket.c:2350
 ___sys_sendmsg+0xf3/0x170 net/socket.c:2404
 __sys_sendmmsg+0x195/0x470 net/socket.c:2490
 __do_sys_sendmmsg net/socket.c:2519 [inline]
 __se_sys_sendmmsg net/socket.c:2516 [inline]
 __x64_sys_sendmmsg+0x99/0x100 net/socket.c:2516
 do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
 entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x43f329
Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffc10253fb8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
RAX: ffffffffffffffda RBX: 0000000000400488 RCX: 000000000043f329
RDX: 0000000000000006 RSI: 0000000020005bc0 RDI: 0000000000000003
RBP: 0000000000403310 R08: 0000000000400488 R09: 0000000000400488
R10: 0000000004000000 R11: 0000000000000246 R12: 00000000004033a0
R13: 0000000000000000 R14: 00000000004ad018 R15: 0000000000400488
Modules linked in:
---[ end trace 4d95aeb9a24efeaa ]---
RIP: 0010:skb_panic+0x16c/0x16e net/core/skbuff.c:109
Code: f8 4c 8b 4c 24 10 8b 4b 70 41 56 45 89 e8 4c 89 e2 41 57 48 89 ee 48 c7 c7 40 b2 65 8a ff 74 24 10 ff 74 24 20 e8 e7 c0 c4 ff <0f> 0b e8 d2 e0 75 f8 4c 8b 64 24 18 e8 c8 87 b9 f8 48 c7 c1 80 be
RSP: 0018:ffffc9000132f7b8 EFLAGS: 00010282
RAX: 0000000000000086 RBX: ffff888012a91140 RCX: 0000000000000000
RDX: ffff888021d6d4c0 RSI: ffffffff815c4d75 RDI: fffff52000265ee9
RBP: ffffffff8a65bec0 R08: 0000000000000086 R09: 0000000000000000
R10: ffffffff815bdb0e R11: 0000000000000000 R12: ffffffff8717de50
R13: 0000000000000003 R14: ffff88801aa24000 R15: 00000000000002c0
FS:  0000000001d53300(0000) GS:ffff8880b9d00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055acdca69398 CR3: 0000000020a7b000 CR4: 00000000001506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400

Crashes (61):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci-upstream-net-this-kasan-gce 2021/04/09 09:43 net 864db232dc70 6a81331a .config log report syz C kernel BUG in llc_sap_action_send_xid_c
ci-upstream-net-kasan-gce 2021/04/09 08:58 net-next 4438669eb703 6a81331a .config log report syz C kernel BUG in llc_sap_action_send_xid_c
ci-upstream-net-this-kasan-gce 2021/07/27 08:29 net 92766c4628ea fd511809 .config log report info kernel BUG in llc_sap_action_send_xid_c
ci-upstream-net-this-kasan-gce 2021/07/03 01:29 net dbe69e433722 55aa55c2 .config log report info kernel BUG in llc_sap_action_send_xid_c
ci-upstream-net-this-kasan-gce 2021/03/15 05:29 net 6577b9a551ae cc1cff8f .config log report info kernel BUG in llc_sap_action_send_xid_c
ci-upstream-net-kasan-gce 2021/07/11 14:11 net-next 5e437416ff66 8f5a7b8c .config log report info kernel BUG in llc_sap_action_send_xid_c
ci-upstream-net-kasan-gce 2021/05/15 07:18 net-next 30515832e987 8bdd5343 .config log report info kernel BUG in llc_sap_action_send_xid_c
ci-upstream-net-kasan-gce 2021/04/11 21:35 net-next cbd312539284 bfeda1b1 .config log report info kernel BUG in llc_sap_action_send_xid_c
ci-upstream-net-kasan-gce 2021/04/09 08:24 net-next 4438669eb703 6a81331a .config log report info kernel BUG in llc_sap_action_send_xid_c
ci-qemu-upstream 2021/11/08 14:06 upstream 6b75d88fa81b d29682f1 .config log report info kernel BUG in ipgre_header
ci-qemu-upstream 2021/11/08 11:24 upstream 6b75d88fa81b d29682f1 .config log report info kernel BUG in pskb_expand_head
ci-qemu-upstream 2021/11/03 09:58 upstream 56d33754481f 17f3edd2 .config log report info kernel BUG in pskb_expand_head
ci-upstream-kasan-gce-smack-root 2021/11/03 07:52 upstream bfc484fe6abb 17f3edd2 .config log report info kernel BUG in __ip6_append_data
ci-qemu-upstream 2021/11/03 06:22 upstream 56d33754481f 17f3edd2 .config log report info kernel BUG in pskb_expand_head
ci-qemu-upstream 2021/10/29 15:43 upstream f25a5481af12 098b5d53 .config log report info kernel BUG in pskb_expand_head
ci-qemu-upstream 2021/10/23 19:27 upstream 9c0c4d24ac00 282f03fb .config log report info kernel BUG in pskb_expand_head
ci-upstream-kasan-gce 2021/10/08 21:52 upstream 741668ef7832 efe0f24d .config log report info kernel BUG in isotp_rcv
ci-upstream-kasan-gce-smack-root 2021/09/25 18:11 upstream 7d42e9818258 8cac236e .config log report info kernel BUG in isotp_rcv
ci-upstream-kasan-gce 2021/09/20 00:08 upstream d4d016caa4b8 70b76c1d .config log report info kernel BUG in isotp_rcv
ci-qemu-upstream 2021/07/23 01:54 upstream 9bead1b58c4c bc5f1d88 .config log report info kernel BUG in pskb_expand_head
ci-upstream-kasan-gce-smack-root 2021/07/21 21:33 upstream 8cae8cd89f05 29c3f20f .config log report info kernel BUG in isotp_rcv
ci-upstream-kasan-gce-selinux-root 2021/06/20 21:55 upstream cba5e97280f5 aba2b2fb .config log report info kernel BUG in isotp_rcv
ci-qemu-upstream-386 2021/11/02 17:28 upstream bfc484fe6abb 17f3edd2 .config log report info kernel BUG in pskb_expand_head
ci-qemu-upstream-386 2021/10/19 16:54 upstream d9abdee5fd5a 24dc29db .config log report info kernel BUG in pskb_expand_head
ci-upstream-kasan-gce-386 2021/09/24 18:58 upstream 4c4f0c2bf341 8cac236e .config log report info kernel BUG in isotp_rcv
ci-qemu-upstream-386 2021/08/02 09:57 upstream c500bee1c5b2 6c236867 .config log report info kernel BUG in isotp_rcv
ci-upstream-net-this-kasan-gce 2021/11/09 13:59 net 0b9111922b1f 59bcaf9a .config log report info kernel BUG in ip6_mc_hdr
ci-upstream-net-this-kasan-gce 2021/11/08 22:34 net c45231a7668d d29682f1 .config log report info kernel BUG in ip6_mc_hdr
ci-upstream-net-this-kasan-gce 2021/11/08 03:56 net 08fcdfa6e3ae 4c1be0be .config log report info kernel BUG in add_grhead
ci-upstream-net-this-kasan-gce 2021/11/03 00:39 net cc0356d6a02e 17f3edd2 .config log report info kernel BUG in fou_build_udp
ci-upstream-net-this-kasan-gce 2021/09/30 11:18 net d88fd1b546ff be530f6c .config log report info kernel BUG in fou_build_udp
ci-upstream-net-this-kasan-gce 2021/09/28 17:34 net c894b51e2a23 d82cb927 .config log report info kernel BUG in isotp_rcv
ci-upstream-net-this-kasan-gce 2021/09/26 05:51 net 7fe7f3182a0d 8cac236e .config log report info kernel BUG in fou_build_udp
ci-upstream-bpf-kasan-gce 2021/09/06 08:01 bpf 57f780f1c433 d236a457 .config log report info kernel BUG in ip6_mc_hdr
ci-upstream-net-this-kasan-gce 2021/08/04 15:03 net d1a58c013a58 6c236867 .config log report info kernel BUG in isotp_rcv
ci-upstream-net-this-kasan-gce 2021/07/23 20:23 net 9f42f674a892 bc5f1d88 .config log report info kernel BUG in isotp_rcv
ci-upstream-net-this-kasan-gce 2021/07/16 11:46 net 65875073eddd f115ae98 .config log report info kernel BUG in fou_build_udp
ci-upstream-net-this-kasan-gce 2021/07/05 16:02 net dbe69e433722 55aa55c2 .config log report info kernel BUG in isotp_rcv
ci-upstream-net-this-kasan-gce 2021/06/26 02:48 net be7f62eebaff ae6bf8dd .config log report info kernel BUG in ip6_mc_hdr
ci-upstream-net-this-kasan-gce 2021/05/03 12:32 net bbd6f0a94813 77e2b668 .config log report info kernel BUG in ip6_mc_hdr
ci-upstream-net-kasan-gce 2021/11/05 16:01 net-next cc0356d6a02e 4c1be0be .config log report info kernel BUG in ip6gre_header
ci-upstream-net-kasan-gce 2021/11/03 08:51 net-next cc0356d6a02e 17f3edd2 .config log report info kernel BUG in ip6gre_header
ci-upstream-net-kasan-gce 2021/10/15 16:33 net-next 40088915f547 0c5d9412 .config log report info kernel BUG in fou_build_udp
ci-upstream-net-kasan-gce 2021/10/11 05:26 net-next 0182d0788cd6 838e7e2c .config log report info kernel BUG in ip6_mc_hdr
ci-upstream-net-kasan-gce 2021/09/23 00:01 net-next 428168f99517 8cac236e .config log report info kernel BUG in ip6_mc_hdr
ci-upstream-net-kasan-gce 2021/09/09 18:41 net-next 626bf91a292e e2776ee4 .config log report info kernel BUG in fou_build_udp
ci-upstream-net-kasan-gce 2021/09/09 15:32 net-next 626bf91a292e e2776ee4 .config log report info kernel BUG in fou_build_udp
ci-upstream-net-kasan-gce 2021/08/19 11:53 net-next 19b8ece42c56 a2fe1cb5 .config log report info kernel BUG in fou_build_udp
ci-upstream-net-kasan-gce 2021/08/03 16:38 net-next 7cdd0a89ec70 6c236867 .config log report info kernel BUG in fou_build_udp
ci-upstream-net-kasan-gce 2021/07/04 09:46 net-next 5e437416ff66 55aa55c2 .config log report info kernel BUG in fou_build_udp
ci-upstream-net-kasan-gce 2021/06/30 18:13 net-next b6df00789e28 84fd4c77 .config log report info kernel BUG in fou_build_udp
ci-upstream-net-kasan-gce 2021/06/27 02:06 net-next ff8744b5eb11 9d2ab5df .config log report info kernel BUG in fou_build_udp
ci-upstream-net-kasan-gce 2021/06/20 14:03 net-next adc2e56ebe63 aba2b2fb .config log report info kernel BUG in isotp_rcv
ci-upstream-net-kasan-gce 2021/06/09 10:56 net-next 5552571c657d 5c2fe346 .config log report info kernel BUG in isotp_rcv
ci-upstream-net-kasan-gce 2021/06/01 14:16 net-next e099f3e8b71c 032639db .config log report info kernel BUG in fou_build_udp
ci-upstream-net-kasan-gce 2021/05/29 03:31 net-next 38e9673ce08f 858ea628 .config log report info kernel BUG in fou_build_udp
ci-upstream-net-kasan-gce 2021/05/27 09:23 net-next c7a551b2e44a 858ea628 .config log report info kernel BUG in fou_build_udp
ci-upstream-net-kasan-gce 2021/05/23 02:10 net-next f5120f599880 3c7fef33 .config log report info kernel BUG in ip6_mc_hdr
ci-upstream-net-kasan-gce 2021/03/29 15:30 net-next 72642f4127c3 a8529b82 .config log report info kernel BUG in ip6_mc_hdr
ci-upstream-linux-next-kasan-gce-root 2021/11/02 20:14 linux-next 9150de4aac1e 17f3edd2 .config log report info kernel BUG in isotp_rcv