From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1751177AbdKHH7i (ORCPT <rfc822;w@1wt.eu>);
        Wed, 8 Nov 2017 02:59:38 -0500
Received: from mail-it0-f68.google.com ([209.85.214.68]:48855 "EHLO
        mail-it0-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1750735AbdKHH7g (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 8 Nov 2017 02:59:36 -0500
X-Google-Smtp-Source: ABhQp+T1jUbYgW8mm6ZdyePFAIo8DrKZHoVebGv+byTILG8nYitda2lxPOBmOlQ4xn94WT+0rrIvAGAc4+d+HX3p/Oc=
MIME-Version: 1.0
In-Reply-To: <20171108074742.GA28177@gondor.apana.org.au>
References: <001a114a958ce46160055c4c4f66@google.com> <CACT4Y+b9+1AAJk5Jxddae5okBXo9oaKu0m8gzbgyEnzGByY1hg@mail.gmail.com>
 <20171108074742.GA28177@gondor.apana.org.au>
From: Dmitry Vyukov <dvyukov@google.com>
Date: Wed, 8 Nov 2017 08:59:15 +0100
Message-ID: <CACT4Y+a_0grrUjrovW=0=0UPkH3pE_HpncDc3uBzwR_YtDURPA@mail.gmail.com>
Subject: Re: kernel BUG at net/key/af_key.c:LINE!
To: Herbert Xu <herbert@gondor.apana.org.au>
Cc: syzbot 
        <bot+413384116f7f7dab7903d54c53fc4af6a4441965@syzkaller.appspotmail.com>,
        David Miller <davem@davemloft.net>,
        LKML <linux-kernel@vger.kernel.org>, netdev <netdev@vger.kernel.org>,
        Steffen Klassert <steffen.klassert@secunet.com>,
        syzkaller-bugs@googlegroups.com
Content-Type: text/plain; charset="UTF-8"
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Wed, Nov 8, 2017 at 8:47 AM, Herbert Xu <herbert@gondor.apana.org.au> wrote:
> On Tue, Oct 24, 2017 at 05:10:06PM +0200, Dmitry Vyukov wrote:
>> On Tue, Oct 24, 2017 at 5:08 PM, syzbot
>> <bot+413384116f7f7dab7903d54c53fc4af6a4441965@syzkaller.appspotmail.com>
>> wrote:
>> > Hello,
>> >
>> > syzkaller hit the following crash on
>> > 02a2b05395dde2f49e7777b67b51a5fbc6606943
>> > git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/master
>> > compiler: gcc (GCC) 7.1.1 20170620
>> > .config is attached
>> > Raw console output is attached.
>> > C reproducer is attached
>> > syzkaller reproducer is attached. See https://goo.gl/kgGztJ
>> > for information about syzkaller reproducers
>>
>> This also happened on more recent commits, including net-next
>> 833e0e2f24fd0525090878f71e129a8a4cb8bf78 (Oct 10) with similar
>> signature:
>
> Unfortunately I cannot reproduce the crash with your reproducer.
> Does it always crash for you?
>
>> ------------[ cut here ]------------
>> kernel BUG at net/key/af_key.c:2068!
>> invalid opcode: 0000 [#1] SMP KASAN
>> Dumping ftrace buffer:
>>    (ftrace buffer empty)
>> Modules linked in:
>> CPU: 1 PID: 11011 Comm: syz-executor1 Not tainted 4.14.0-rc4+ #80
>> Hardware name: Google Google Compute Engine/Google Compute Engine,
>> BIOS Google 01/01/2011
>> task: ffff8801d4ecc1c0 task.stack: ffff8801c13f8000
>> RIP: 0010:pfkey_xfrm_policy2msg+0x209c/0x22b0 net/key/af_key.c:2068
>
> This shows that you have a xfrm policy that has a bogus family
> field in your policy database.  But it gives no clue as to how
> it got there.

Just triggered it within a second.
Are you using the provided config?
Also the repro needs to be compiled with -m32 (but it does not compile
without it due to missing __NR_mmap2, so I guess you passed -m32).