)]}'
{
  "commit": "eb2d16a7d599dc9d4df391b5e660df9949963786",
  "tree": "5fc1e40ebb77ca495dcfca9c550fcb6f17577dfe",
  "parents": [
    "29fe3a61bcdce398ee3955101c39f89c01a8a77e"
  ],
  "author": {
    "name": "Eric Dumazet",
    "email": "edumazet@google.com",
    "time": "Sat Mar 14 17:02:10 2026 +0000"
  },
  "committer": {
    "name": "Steffen Klassert",
    "email": "steffen.klassert@secunet.com",
    "time": "Mon Mar 16 10:58:21 2026 +0100"
  },
  "message": "af_key: validate families in pfkey_send_migrate()\n\nsyzbot was able to trigger a crash in skb_put() [1]\n\nIssue is that pfkey_send_migrate() does not check old/new families,\nand that set_ipsecrequest() @family argument was truncated,\nthus possibly overfilling the skb.\n\nValidate families early, do not wait set_ipsecrequest().\n\n[1]\n\nskbuff: skb_over_panic: text:ffffffff8a752120 len:392 put:16 head:ffff88802a4ad040 data:ffff88802a4ad040 tail:0x188 end:0x180 dev:\u003cNULL\u003e\n kernel BUG at net/core/skbuff.c:214 !\nCall Trace:\n \u003cTASK\u003e\n  skb_over_panic net/core/skbuff.c:219 [inline]\n  skb_put+0x159/0x210 net/core/skbuff.c:2655\n  skb_put_zero include/linux/skbuff.h:2788 [inline]\n  set_ipsecrequest net/key/af_key.c:3532 [inline]\n  pfkey_send_migrate+0x1270/0x2e50 net/key/af_key.c:3636\n  km_migrate+0x155/0x260 net/xfrm/xfrm_state.c:2848\n  xfrm_migrate+0x2140/0x2450 net/xfrm/xfrm_policy.c:4705\n  xfrm_do_migrate+0x8ff/0xaa0 net/xfrm/xfrm_user.c:3150\n\nFixes: 08de61beab8a (\"[PFKEYV2]: Extension for dynamic update of endpoint address(es)\")\nReported-by: syzbot+b518dfc8e021988fbd55@syzkaller.appspotmail.com\nCloses: https://lore.kernel.org/netdev/69b5933c.050a0220.248e02.00f2.GAE@google.com/T/#u\nSigned-off-by: Eric Dumazet \u003cedumazet@google.com\u003e\nCc: Steffen Klassert \u003csteffen.klassert@secunet.com\u003e\nCc: Herbert Xu \u003cherbert@gondor.apana.org.au\u003e\nSigned-off-by: Steffen Klassert \u003csteffen.klassert@secunet.com\u003e\n",
  "tree_diff": [
    {
      "type": "modify",
      "old_id": "571200433aa90c6fcab5779e3b0491e2ffe759bc",
      "old_mode": 33188,
      "old_path": "net/key/af_key.c",
      "new_id": "bc91aeeb74bbfff536ffef78578eaaf9ba071ca6",
      "new_mode": 33188,
      "new_path": "net/key/af_key.c"
    }
  ]
}