WARNING in xfrm_add_acquire
6 views
Skip to first unread message
syzbot
Apr 11, 2019, 8:00:37 PM4/11/19
to syzkaller-a...@googlegroups.com
Hello,
syzbot found the following crash on:
HEAD commit: 610c8356
git tree: android-4.4
console output: https://syzkaller.appspot.com/x/log.txt?x=12b345e1800000
kernel config: https://syzkaller.appspot.com/x/.config?x=44509e3077d6939
dashboard link: https://syzkaller.appspot.com/bug?extid=9ea8d1ec74d38812592a
compiler: gcc (GCC) 7.1.1 20170620
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1611f751800000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=13ed2621800000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+9ea8d1...@syzkaller.appspotmail.com
random: sshd: uninitialized urandom read (32 bytes read, 109 bits of
entropy available)
netlink: 3816 bytes leftover after parsing attributes in process
`syzkaller427698'.
------------[ cut here ]------------
WARNING: CPU: 0 PID: 3325 at net/xfrm/xfrm_user.c:2172
xfrm_add_acquire+0x97f/0xd20 net/xfrm/xfrm_user.c:2172()
BAD policy passed
Kernel panic - not syncing: panic_on_warn set ...
CPU: 0 PID: 3325 Comm: syzkaller427698 Not tainted 4.4.107-g610c835 #12
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
0000000000000000 63d16c5f83f9a6a9 ffff8801d0d8f390 ffffffff81d0457d
ffffffff838429a0 ffff8801d0d8f468 ffffffff83d09540 0000000000000009
000000000000087c ffff8801d0d8f458 ffffffff8141774a 0000000041b58ab3
Call Trace:
[<ffffffff81d0457d>] __dump_stack lib/dump_stack.c:15 [inline]
[<ffffffff81d0457d>] dump_stack+0xc1/0x124 lib/dump_stack.c:51
[<ffffffff8141774a>] panic+0x1aa/0x388 kernel/panic.c:112
[<ffffffff8112adb5>] warn_slowpath_common+0x125/0x140 kernel/panic.c:455
[<ffffffff8112ae91>] warn_slowpath_fmt+0xc1/0x110 kernel/panic.c:471
[<ffffffff832d323f>] xfrm_add_acquire+0x97f/0xd20 net/xfrm/xfrm_user.c:2172
[<ffffffff832d01bc>] xfrm_user_rcv_msg+0x41c/0x6b0
net/xfrm/xfrm_user.c:2525
[<ffffffff82f8adee>] netlink_rcv_skb+0x13e/0x370
net/netlink/af_netlink.c:2305
[<ffffffff832cc6ef>] xfrm_netlink_rcv+0x6f/0x90 net/xfrm/xfrm_user.c:2533
[<ffffffff82f89972>] netlink_unicast_kernel net/netlink/af_netlink.c:1223
[inline]
[<ffffffff82f89972>] netlink_unicast+0x522/0x760
net/netlink/af_netlink.c:1249
[<ffffffff82f8a498>] netlink_sendmsg+0x8e8/0xc50
net/netlink/af_netlink.c:1803
[<ffffffff82dec59a>] sock_sendmsg_nosec net/socket.c:625 [inline]
[<ffffffff82dec59a>] sock_sendmsg+0xca/0x110 net/socket.c:635
[<ffffffff82dee171>] ___sys_sendmsg+0x6c1/0x7c0 net/socket.c:1962
[<ffffffff82df01c3>] __sys_sendmsg+0xd3/0x190 net/socket.c:1996
[<ffffffff82df02ad>] SYSC_sendmsg net/socket.c:2007 [inline]
[<ffffffff82df02ad>] SyS_sendmsg+0x2d/0x50 net/socket.c:2003
[<ffffffff83773d36>] entry_SYSCALL_64_fastpath+0x16/0x76
Dumping ftrace buffer:
(ftrace buffer empty)
Kernel Offset: disabled
Rebooting in 86400 seconds..
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this bug, for details see:
https://goo.gl/tpsmEJ#testing-patches
syzbot found the following crash on:
HEAD commit: 610c8356
git tree: android-4.4
console output: https://syzkaller.appspot.com/x/log.txt?x=12b345e1800000
kernel config: https://syzkaller.appspot.com/x/.config?x=44509e3077d6939
dashboard link: https://syzkaller.appspot.com/bug?extid=9ea8d1ec74d38812592a
compiler: gcc (GCC) 7.1.1 20170620
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1611f751800000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=13ed2621800000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+9ea8d1...@syzkaller.appspotmail.com
random: sshd: uninitialized urandom read (32 bytes read, 109 bits of
entropy available)
netlink: 3816 bytes leftover after parsing attributes in process
`syzkaller427698'.
------------[ cut here ]------------
WARNING: CPU: 0 PID: 3325 at net/xfrm/xfrm_user.c:2172
xfrm_add_acquire+0x97f/0xd20 net/xfrm/xfrm_user.c:2172()
BAD policy passed
Kernel panic - not syncing: panic_on_warn set ...
CPU: 0 PID: 3325 Comm: syzkaller427698 Not tainted 4.4.107-g610c835 #12
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
0000000000000000 63d16c5f83f9a6a9 ffff8801d0d8f390 ffffffff81d0457d
ffffffff838429a0 ffff8801d0d8f468 ffffffff83d09540 0000000000000009
000000000000087c ffff8801d0d8f458 ffffffff8141774a 0000000041b58ab3
Call Trace:
[<ffffffff81d0457d>] __dump_stack lib/dump_stack.c:15 [inline]
[<ffffffff81d0457d>] dump_stack+0xc1/0x124 lib/dump_stack.c:51
[<ffffffff8141774a>] panic+0x1aa/0x388 kernel/panic.c:112
[<ffffffff8112adb5>] warn_slowpath_common+0x125/0x140 kernel/panic.c:455
[<ffffffff8112ae91>] warn_slowpath_fmt+0xc1/0x110 kernel/panic.c:471
[<ffffffff832d323f>] xfrm_add_acquire+0x97f/0xd20 net/xfrm/xfrm_user.c:2172
[<ffffffff832d01bc>] xfrm_user_rcv_msg+0x41c/0x6b0
net/xfrm/xfrm_user.c:2525
[<ffffffff82f8adee>] netlink_rcv_skb+0x13e/0x370
net/netlink/af_netlink.c:2305
[<ffffffff832cc6ef>] xfrm_netlink_rcv+0x6f/0x90 net/xfrm/xfrm_user.c:2533
[<ffffffff82f89972>] netlink_unicast_kernel net/netlink/af_netlink.c:1223
[inline]
[<ffffffff82f89972>] netlink_unicast+0x522/0x760
net/netlink/af_netlink.c:1249
[<ffffffff82f8a498>] netlink_sendmsg+0x8e8/0xc50
net/netlink/af_netlink.c:1803
[<ffffffff82dec59a>] sock_sendmsg_nosec net/socket.c:625 [inline]
[<ffffffff82dec59a>] sock_sendmsg+0xca/0x110 net/socket.c:635
[<ffffffff82dee171>] ___sys_sendmsg+0x6c1/0x7c0 net/socket.c:1962
[<ffffffff82df01c3>] __sys_sendmsg+0xd3/0x190 net/socket.c:1996
[<ffffffff82df02ad>] SYSC_sendmsg net/socket.c:2007 [inline]
[<ffffffff82df02ad>] SyS_sendmsg+0x2d/0x50 net/socket.c:2003
[<ffffffff83773d36>] entry_SYSCALL_64_fastpath+0x16/0x76
Dumping ftrace buffer:
(ftrace buffer empty)
Kernel Offset: disabled
Rebooting in 86400 seconds..
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this bug, for details see:
https://goo.gl/tpsmEJ#testing-patches
Reply all
Reply to author
Forward
0 new messages