WARNING in xfrm_policy_insert
11 views
Skip to first unread message
syzbot
Apr 13, 2019, 8:00:33 PM4/13/19
to syzkaller-a...@googlegroups.com
Hello,
syzbot found the following crash on:
HEAD commit: 1a938310 FROMLIST: coresight: ETM: Add support for ARM Cor..
git tree: android-4.9
console output: https://syzkaller.appspot.com/x/log.txt?x=12a52a1d800000
kernel config: https://syzkaller.appspot.com/x/.config?x=e45921dcb5ace5a
dashboard link: https://syzkaller.appspot.com/bug?extid=dd5f9bcd3f7d75d52e5e
compiler: gcc (GCC) 7.1.1 20170620
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=15bb5263800000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=101667bd800000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+dd5f9b...@syzkaller.appspotmail.com
request_module: runaway loop modprobe net-pf-10-proto-15
SELinux: unrecognized netlink message: protocol=6 nlmsg_type=0
sclass=netlink_xfrm_socket pig=3846 comm=syzkaller759731
------------[ cut here ]------------
WARNING: CPU: 1 PID: 4002 at net/xfrm/xfrm_policy.c:786
xfrm_policy_insert+0x6ff/0xda0 net/xfrm/xfrm_policy.c:786
Kernel panic - not syncing: panic_on_warn set ...
CPU: 1 PID: 4002 Comm: syzkaller759731 Not tainted 4.9.81-g1a93831 #33
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
ffff8801d694f3a8 ffffffff81d94e69 ffffffff83a48080 ffff8801d694f480
ffffffff83f42a00 ffffffff833bf29f 0000000000000009 ffff8801d694f470
ffffffff8142f691 0000000041b58ab3 ffffffff8418b0a8 ffffffff8142f4d5
Call Trace:
[<ffffffff81d94e69>] __dump_stack lib/dump_stack.c:15 [inline]
[<ffffffff81d94e69>] dump_stack+0xc1/0x128 lib/dump_stack.c:51
[<ffffffff8142f691>] panic+0x1bc/0x3a8 kernel/panic.c:179
[<ffffffff811311c4>] __warn+0x1c4/0x1e0 kernel/panic.c:542
[<ffffffff8113142c>] warn_slowpath_null+0x2c/0x40 kernel/panic.c:585
[<ffffffff833bf29f>] xfrm_policy_insert+0x6ff/0xda0
net/xfrm/xfrm_policy.c:786
[<ffffffff833ee8df>] xfrm_add_policy+0x38f/0x660 net/xfrm/xfrm_user.c:1546
[<ffffffff833eb0fd>] xfrm_user_rcv_msg+0x40d/0x6a0
net/xfrm/xfrm_user.c:2525
[<ffffffff8309552e>] netlink_rcv_skb+0x13e/0x370
net/netlink/af_netlink.c:2351
[<ffffffff833e75ff>] xfrm_netlink_rcv+0x6f/0x90 net/xfrm/xfrm_user.c:2533
[<ffffffff830940b1>] netlink_unicast_kernel net/netlink/af_netlink.c:1275
[inline]
[<ffffffff830940b1>] netlink_unicast+0x511/0x750
net/netlink/af_netlink.c:1301
[<ffffffff83094bd8>] netlink_sendmsg+0x8e8/0xc50
net/netlink/af_netlink.c:1847
[<ffffffff82ed7baa>] sock_sendmsg_nosec net/socket.c:635 [inline]
[<ffffffff82ed7baa>] sock_sendmsg+0xca/0x110 net/socket.c:645
[<ffffffff82ed97c1>] ___sys_sendmsg+0x6d1/0x7e0 net/socket.c:1969
[<ffffffff82edb7f6>] __sys_sendmsg+0xd6/0x190 net/socket.c:2003
[<ffffffff82edb8dd>] SYSC_sendmsg net/socket.c:2014 [inline]
[<ffffffff82edb8dd>] SyS_sendmsg+0x2d/0x50 net/socket.c:2010
[<ffffffff81006505>] do_syscall_64+0x1a5/0x490 arch/x86/entry/common.c:282
[<ffffffff838b3dbd>] entry_SYSCALL_64_after_swapgs+0x47/0xc5
Dumping ftrace buffer:
(ftrace buffer empty)
Kernel Offset: disabled
Rebooting in 86400 seconds..
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this bug, for details see:
https://goo.gl/tpsmEJ#testing-patches
syzbot found the following crash on:
HEAD commit: 1a938310 FROMLIST: coresight: ETM: Add support for ARM Cor..
git tree: android-4.9
console output: https://syzkaller.appspot.com/x/log.txt?x=12a52a1d800000
kernel config: https://syzkaller.appspot.com/x/.config?x=e45921dcb5ace5a
dashboard link: https://syzkaller.appspot.com/bug?extid=dd5f9bcd3f7d75d52e5e
compiler: gcc (GCC) 7.1.1 20170620
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=15bb5263800000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=101667bd800000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+dd5f9b...@syzkaller.appspotmail.com
request_module: runaway loop modprobe net-pf-10-proto-15
SELinux: unrecognized netlink message: protocol=6 nlmsg_type=0
sclass=netlink_xfrm_socket pig=3846 comm=syzkaller759731
------------[ cut here ]------------
WARNING: CPU: 1 PID: 4002 at net/xfrm/xfrm_policy.c:786
xfrm_policy_insert+0x6ff/0xda0 net/xfrm/xfrm_policy.c:786
Kernel panic - not syncing: panic_on_warn set ...
CPU: 1 PID: 4002 Comm: syzkaller759731 Not tainted 4.9.81-g1a93831 #33
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
ffff8801d694f3a8 ffffffff81d94e69 ffffffff83a48080 ffff8801d694f480
ffffffff83f42a00 ffffffff833bf29f 0000000000000009 ffff8801d694f470
ffffffff8142f691 0000000041b58ab3 ffffffff8418b0a8 ffffffff8142f4d5
Call Trace:
[<ffffffff81d94e69>] __dump_stack lib/dump_stack.c:15 [inline]
[<ffffffff81d94e69>] dump_stack+0xc1/0x128 lib/dump_stack.c:51
[<ffffffff8142f691>] panic+0x1bc/0x3a8 kernel/panic.c:179
[<ffffffff811311c4>] __warn+0x1c4/0x1e0 kernel/panic.c:542
[<ffffffff8113142c>] warn_slowpath_null+0x2c/0x40 kernel/panic.c:585
[<ffffffff833bf29f>] xfrm_policy_insert+0x6ff/0xda0
net/xfrm/xfrm_policy.c:786
[<ffffffff833ee8df>] xfrm_add_policy+0x38f/0x660 net/xfrm/xfrm_user.c:1546
[<ffffffff833eb0fd>] xfrm_user_rcv_msg+0x40d/0x6a0
net/xfrm/xfrm_user.c:2525
[<ffffffff8309552e>] netlink_rcv_skb+0x13e/0x370
net/netlink/af_netlink.c:2351
[<ffffffff833e75ff>] xfrm_netlink_rcv+0x6f/0x90 net/xfrm/xfrm_user.c:2533
[<ffffffff830940b1>] netlink_unicast_kernel net/netlink/af_netlink.c:1275
[inline]
[<ffffffff830940b1>] netlink_unicast+0x511/0x750
net/netlink/af_netlink.c:1301
[<ffffffff83094bd8>] netlink_sendmsg+0x8e8/0xc50
net/netlink/af_netlink.c:1847
[<ffffffff82ed7baa>] sock_sendmsg_nosec net/socket.c:635 [inline]
[<ffffffff82ed7baa>] sock_sendmsg+0xca/0x110 net/socket.c:645
[<ffffffff82ed97c1>] ___sys_sendmsg+0x6d1/0x7e0 net/socket.c:1969
[<ffffffff82edb7f6>] __sys_sendmsg+0xd6/0x190 net/socket.c:2003
[<ffffffff82edb8dd>] SYSC_sendmsg net/socket.c:2014 [inline]
[<ffffffff82edb8dd>] SyS_sendmsg+0x2d/0x50 net/socket.c:2010
[<ffffffff81006505>] do_syscall_64+0x1a5/0x490 arch/x86/entry/common.c:282
[<ffffffff838b3dbd>] entry_SYSCALL_64_after_swapgs+0x47/0xc5
Dumping ftrace buffer:
(ftrace buffer empty)
Kernel Offset: disabled
Rebooting in 86400 seconds..
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this bug, for details see:
https://goo.gl/tpsmEJ#testing-patches
syzbot
Apr 13, 2019, 8:02:17 PM4/13/19
to syzkaller-a...@googlegroups.com
Hello,
syzbot found the following crash on:
HEAD commit: 12ef385f Merge 4.4.130 into android-4.4
syzbot found the following crash on:
git tree: android-4.4
console output: https://syzkaller.appspot.com/x/log.txt?x=1777cae7800000
kernel config: https://syzkaller.appspot.com/x/.config?x=845cfc0609aa801f
dashboard link: https://syzkaller.appspot.com/bug?extid=1e78e68b2552cf8bce66
compiler: gcc (GCC) 8.0.1 20180413 (experimental)
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=179c3c47800000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
IPVS: Creating netns size=2552 id=6
IPVS: Creating netns size=2552 id=7
IPVS: Creating netns size=2552 id=8
random: nonblocking pool is initialized
------------[ cut here ]------------
WARNING: CPU: 0 PID: 6102 at net/xfrm/xfrm_policy.c:765
xfrm_policy_insert+0x60f/0xed0 net/xfrm/xfrm_policy.c:765()
Kernel panic - not syncing: panic_on_warn set ...
CPU: 0 PID: 6102 Comm: syz-executor0 Not tainted 4.4.130-g12ef385 #28
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
0000000000000000 6919c93cbc87b374 ffff8801d6b2f420 ffffffff81e0dc6d
Google 01/01/2011
ffffffff83a43ec0 ffff8800b8c2e000 ffffffff83f22f20 0000000000000009
00000000000002fd ffff8801d6b2f4e0 ffffffff81409ec4 0000000041b58ab3
Call Trace:
[<ffffffff81e0dc6d>] __dump_stack lib/dump_stack.c:15 [inline]
[<ffffffff81e0dc6d>] dump_stack+0xc1/0x124 lib/dump_stack.c:51
[<ffffffff81409ec4>] panic+0x19e/0x38d kernel/panic.c:112
[<ffffffff8140a0e8>] warn_slowpath_common.cold.6+0x20/0x20
kernel/panic.c:455
[<ffffffff81130049>] warn_slowpath_null+0x29/0x30 kernel/panic.c:492
[<ffffffff833c5f9f>] xfrm_policy_insert+0x60f/0xed0
net/xfrm/xfrm_policy.c:765
[<ffffffff833f7cf8>] xfrm_add_policy+0x248/0x500 net/xfrm/xfrm_user.c:1561
[<ffffffff833f4436>] xfrm_user_rcv_msg+0x3d6/0x6c0
net/xfrm/xfrm_user.c:2544
[<ffffffff830b86d5>] netlink_rcv_skb+0x145/0x370
net/netlink/af_netlink.c:2352
[<ffffffff833f0fef>] xfrm_netlink_rcv+0x6f/0x90 net/xfrm/xfrm_user.c:2552
[<ffffffff830b72a9>] netlink_unicast_kernel net/netlink/af_netlink.c:1270
[inline]
[<ffffffff830b72a9>] netlink_unicast+0x4e9/0x700
net/netlink/af_netlink.c:1296
[<ffffffff830b7c4b>] netlink_sendmsg+0x78b/0xc10
net/netlink/af_netlink.c:1850
[<ffffffff82f1c3fc>] sock_sendmsg_nosec net/socket.c:625 [inline]
[<ffffffff82f1c3fc>] sock_sendmsg+0xcc/0x110 net/socket.c:635
[<ffffffff82f1dec5>] ___sys_sendmsg+0x745/0x880 net/socket.c:1962
[<ffffffff82f1ff66>] __sys_sendmsg+0xd6/0x190 net/socket.c:1996
[<ffffffff82f2004d>] SYSC_sendmsg net/socket.c:2007 [inline]
[<ffffffff82f2004d>] SyS_sendmsg+0x2d/0x50 net/socket.c:2003
[<ffffffff838bf525>] entry_SYSCALL_64_fastpath+0x22/0x9e
syzbot
Sep 14, 2019, 12:02:09 AM9/14/19
to syzkaller-a...@googlegroups.com
syzbot has found a reproducer for the following crash on:
HEAD commit: 62872f95 Merge 4.4.174 into android-4.4
git tree: android-4.4
console output: https://syzkaller.appspot.com/x/log.txt?x=11958f4e600000
kernel config: https://syzkaller.appspot.com/x/.config?x=47bc4dd423780c4a
dashboard link: https://syzkaller.appspot.com/bug?extid=1e78e68b2552cf8bce66
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=13780b35600000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=17e3a7b9600000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+1e78e6...@syzkaller.appspotmail.com
netlink: 12 bytes leftover after parsing attributes in process
`syz-executor903'.
netlink: 12 bytes leftover after parsing attributes in process
`syz-executor903'.
------------[ cut here ]------------
WARNING: CPU: 1 PID: 2086 at net/xfrm/xfrm_policy.c:770
xfrm_policy_insert+0x600/0xf20 net/xfrm/xfrm_policy.c:770()
0000000000000000 201083044d439bc8 ffff8801cf147428 ffffffff81aad1a1
0000000000000000 ffffffff82835ee0 ffffffff82a9b140 0000000000000302
ffffffff82548f00 ffff8801cf147508 ffffffff813a48c2 0000000041b58ab3
Call Trace:
[<ffffffff81aad1a1>] __dump_stack lib/dump_stack.c:15 [inline]
[<ffffffff81aad1a1>] dump_stack+0xc1/0x120 lib/dump_stack.c:51
[<ffffffff813a48c2>] panic+0x1b9/0x37b kernel/panic.c:112
[<ffffffff813a4ab9>] warn_slowpath_common kernel/panic.c:455 [inline]
[<ffffffff813a4ab9>] warn_slowpath_common.cold+0x20/0x20 kernel/panic.c:435
[<ffffffff810d3aaa>] warn_slowpath_null+0x2a/0x30 kernel/panic.c:492
[<ffffffff82548f00>] xfrm_policy_insert+0x600/0xf20
net/xfrm/xfrm_policy.c:770
[<ffffffff82583b1c>] xfrm_add_policy+0x23c/0x4d0 net/xfrm/xfrm_user.c:1578
[<ffffffff8257888c>] xfrm_user_rcv_msg+0x37c/0x630
net/xfrm/xfrm_user.c:2563
[<ffffffff822f06e4>] netlink_rcv_skb+0xd4/0x2e0
net/netlink/af_netlink.c:2361
[<ffffffff82571210>] xfrm_netlink_rcv+0x70/0x90 net/xfrm/xfrm_user.c:2571
[<ffffffff822ef137>] netlink_unicast_kernel net/netlink/af_netlink.c:1277
[inline]
[<ffffffff822ef137>] netlink_unicast+0x4d7/0x700
net/netlink/af_netlink.c:1303
[<ffffffff822efb86>] netlink_sendmsg+0x6b6/0xc80
net/netlink/af_netlink.c:1859
[<ffffffff821d838e>] sock_sendmsg_nosec net/socket.c:638 [inline]
[<ffffffff821d838e>] sock_sendmsg+0xbe/0x110 net/socket.c:648
[<ffffffff821da269>] ___sys_sendmsg+0x769/0x890 net/socket.c:1975
[<ffffffff821dd0c5>] __sys_sendmsg+0xc5/0x160 net/socket.c:2009
[<ffffffff821dd18d>] SYSC_sendmsg net/socket.c:2020 [inline]
[<ffffffff821dd18d>] SyS_sendmsg+0x2d/0x50 net/socket.c:2016
[<ffffffff82718ba1>] entry_SYSCALL_64_fastpath+0x1e/0x9a
HEAD commit: 62872f95 Merge 4.4.174 into android-4.4
git tree: android-4.4
console output: https://syzkaller.appspot.com/x/log.txt?x=11958f4e600000
kernel config: https://syzkaller.appspot.com/x/.config?x=47bc4dd423780c4a
dashboard link: https://syzkaller.appspot.com/bug?extid=1e78e68b2552cf8bce66
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=13780b35600000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=17e3a7b9600000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+1e78e6...@syzkaller.appspotmail.com
`syz-executor903'.
netlink: 12 bytes leftover after parsing attributes in process
`syz-executor903'.
------------[ cut here ]------------
WARNING: CPU: 1 PID: 2086 at net/xfrm/xfrm_policy.c:770
xfrm_policy_insert+0x600/0xf20 net/xfrm/xfrm_policy.c:770()
Kernel panic - not syncing: panic_on_warn set ...
CPU: 1 PID: 2086 Comm: syz-executor903 Not tainted 4.4.174+ #4
0000000000000000 201083044d439bc8 ffff8801cf147428 ffffffff81aad1a1
0000000000000000 ffffffff82835ee0 ffffffff82a9b140 0000000000000302
ffffffff82548f00 ffff8801cf147508 ffffffff813a48c2 0000000041b58ab3
Call Trace:
[<ffffffff81aad1a1>] __dump_stack lib/dump_stack.c:15 [inline]
[<ffffffff81aad1a1>] dump_stack+0xc1/0x120 lib/dump_stack.c:51
[<ffffffff813a48c2>] panic+0x1b9/0x37b kernel/panic.c:112
[<ffffffff813a4ab9>] warn_slowpath_common kernel/panic.c:455 [inline]
[<ffffffff813a4ab9>] warn_slowpath_common.cold+0x20/0x20 kernel/panic.c:435
[<ffffffff810d3aaa>] warn_slowpath_null+0x2a/0x30 kernel/panic.c:492
[<ffffffff82548f00>] xfrm_policy_insert+0x600/0xf20
net/xfrm/xfrm_policy.c:770
[<ffffffff82583b1c>] xfrm_add_policy+0x23c/0x4d0 net/xfrm/xfrm_user.c:1578
[<ffffffff8257888c>] xfrm_user_rcv_msg+0x37c/0x630
net/xfrm/xfrm_user.c:2563
[<ffffffff822f06e4>] netlink_rcv_skb+0xd4/0x2e0
net/netlink/af_netlink.c:2361
[<ffffffff82571210>] xfrm_netlink_rcv+0x70/0x90 net/xfrm/xfrm_user.c:2571
[<ffffffff822ef137>] netlink_unicast_kernel net/netlink/af_netlink.c:1277
[inline]
[<ffffffff822ef137>] netlink_unicast+0x4d7/0x700
net/netlink/af_netlink.c:1303
[<ffffffff822efb86>] netlink_sendmsg+0x6b6/0xc80
net/netlink/af_netlink.c:1859
[<ffffffff821d838e>] sock_sendmsg_nosec net/socket.c:638 [inline]
[<ffffffff821d838e>] sock_sendmsg+0xbe/0x110 net/socket.c:648
[<ffffffff821da269>] ___sys_sendmsg+0x769/0x890 net/socket.c:1975
[<ffffffff821dd0c5>] __sys_sendmsg+0xc5/0x160 net/socket.c:2009
[<ffffffff821dd18d>] SYSC_sendmsg net/socket.c:2020 [inline]
[<ffffffff821dd18d>] SyS_sendmsg+0x2d/0x50 net/socket.c:2016
[<ffffffff82718ba1>] entry_SYSCALL_64_fastpath+0x1e/0x9a
Reply all
Reply to author
Forward
0 new messages