WARNING in skb_warn_bad_offload
5 views
Skip to first unread message
syzbot
Apr 11, 2019, 8:00:42 PM4/11/19
to syzkaller-a...@googlegroups.com
Hello,
syzbot found the following crash on:
HEAD commit: e4798d7f ANDROID: Update arm64 ranchu64_defconfig
git tree: android-4.4
console output: https://syzkaller.appspot.com/x/log.txt?x=124c118f800000
kernel config: https://syzkaller.appspot.com/x/.config?x=bb8048f8039a2281
dashboard link: https://syzkaller.appspot.com/bug?extid=49af732eca4899d690d7
compiler: gcc (GCC) 8.0.1 20180413 (experimental)
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=15de71af800000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=15abc21f800000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+49af73...@syzkaller.appspotmail.com
------------[ cut here ]------------
WARNING: CPU: 1 PID: 11935 at net/core/dev.c:2456
skb_warn_bad_offload+0x2af/0x380 net/core/dev.c:2451()
sit0: caps=(0x00000000001b7869, 0x0000000000000000) len=65081
data_len=65033 gso_size=1432 gso_type=2 ip_summed=0
Kernel panic - not syncing: panic_on_warn set ...
CPU: 1 PID: 11935 Comm: syz-executor718 Not tainted 4.4.136-ge4798d7 #60
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
0000000000000000 34579f44c285d585 ffff8800acfd7120 ffffffff81e0edad
ffffffff83a43ec0 ffff8800b66d9800 ffffffff83ec6600 0000000000000009
0000000000000998 ffff8800acfd71e0 ffffffff8140a184 0000000041b58ab3
Call Trace:
[<ffffffff81e0edad>] __dump_stack lib/dump_stack.c:15 [inline]
[<ffffffff81e0edad>] dump_stack+0xc1/0x124 lib/dump_stack.c:51
[<ffffffff8140a184>] panic+0x19e/0x38d kernel/panic.c:112
[<ffffffff8140a3a8>] warn_slowpath_common.cold.6+0x20/0x20
kernel/panic.c:455
[<ffffffff8112ffff>] warn_slowpath_fmt+0xbf/0x100 kernel/panic.c:471
[<ffffffff82f6f87f>] skb_warn_bad_offload+0x2af/0x380 net/core/dev.c:2451
[<ffffffff82f87c0e>] __skb_gso_segment+0x3ce/0x490 net/core/dev.c:2609
[<ffffffff82f888cb>] skb_gso_segment include/linux/netdevice.h:3705
[inline]
[<ffffffff82f888cb>] validate_xmit_skb.isra.103.part.104+0x48b/0xaa0
net/core/dev.c:2817
[<ffffffff82f8baf7>] validate_xmit_skb include/linux/spinlock.h:302
[inline]
[<ffffffff82f8baf7>] __dev_queue_xmit+0x1687/0x1c80 net/core/dev.c:3199
[<ffffffff82f8c107>] dev_queue_xmit+0x17/0x20 net/core/dev.c:3241
[<ffffffff82f9d935>] neigh_direct_output+0x15/0x20
net/core/neighbour.c:1366
[<ffffffff83429d29>] dst_neigh_output include/net/dst.h:461 [inline]
[<ffffffff83429d29>] ip6_finish_output2+0x929/0x1ca0
net/ipv6/ip6_output.c:113
[<ffffffff83433368>] ip6_finish_output+0x3b8/0x760
net/ipv6/ip6_output.c:131
[<ffffffff834338c8>] NF_HOOK_COND include/linux/netfilter.h:240 [inline]
[<ffffffff834338c8>] ip6_output+0x1b8/0x520 net/ipv6/ip6_output.c:145
[<ffffffff8355cb9b>] dst_output include/net/dst.h:498 [inline]
[<ffffffff8355cb9b>] ip6_local_out+0x9b/0x180 net/ipv6/output_core.c:169
[<ffffffff83435901>] ip6_send_skb+0xa1/0x340 net/ipv6/ip6_output.c:1725
[<ffffffff834917aa>] udp_v6_send_skb+0x5ba/0xe70 net/ipv6/udp.c:1066
[<ffffffff8349714e>] udpv6_sendmsg+0x1f2e/0x24c0 net/ipv6/udp.c:1330
[<ffffffff83300ef3>] inet_sendmsg+0x203/0x4d0 net/ipv4/af_inet.c:755
[<ffffffff82f1e1fc>] sock_sendmsg_nosec net/socket.c:625 [inline]
[<ffffffff82f1e1fc>] sock_sendmsg+0xcc/0x110 net/socket.c:635
[<ffffffff82f1eedc>] SYSC_sendto+0x21c/0x370 net/socket.c:1665
[<ffffffff82f21560>] SyS_sendto+0x40/0x50 net/socket.c:1633
[<ffffffff838c2825>] entry_SYSCALL_64_fastpath+0x22/0x9e
Dumping ftrace buffer:
(ftrace buffer empty)
Kernel Offset: disabled
Rebooting in 86400 seconds..
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this bug, for details see:
https://goo.gl/tpsmEJ#testing-patches
syzbot found the following crash on:
HEAD commit: e4798d7f ANDROID: Update arm64 ranchu64_defconfig
git tree: android-4.4
console output: https://syzkaller.appspot.com/x/log.txt?x=124c118f800000
kernel config: https://syzkaller.appspot.com/x/.config?x=bb8048f8039a2281
dashboard link: https://syzkaller.appspot.com/bug?extid=49af732eca4899d690d7
compiler: gcc (GCC) 8.0.1 20180413 (experimental)
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=15de71af800000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=15abc21f800000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+49af73...@syzkaller.appspotmail.com
------------[ cut here ]------------
WARNING: CPU: 1 PID: 11935 at net/core/dev.c:2456
skb_warn_bad_offload+0x2af/0x380 net/core/dev.c:2451()
sit0: caps=(0x00000000001b7869, 0x0000000000000000) len=65081
data_len=65033 gso_size=1432 gso_type=2 ip_summed=0
Kernel panic - not syncing: panic_on_warn set ...
CPU: 1 PID: 11935 Comm: syz-executor718 Not tainted 4.4.136-ge4798d7 #60
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
0000000000000000 34579f44c285d585 ffff8800acfd7120 ffffffff81e0edad
ffffffff83a43ec0 ffff8800b66d9800 ffffffff83ec6600 0000000000000009
0000000000000998 ffff8800acfd71e0 ffffffff8140a184 0000000041b58ab3
Call Trace:
[<ffffffff81e0edad>] __dump_stack lib/dump_stack.c:15 [inline]
[<ffffffff81e0edad>] dump_stack+0xc1/0x124 lib/dump_stack.c:51
[<ffffffff8140a184>] panic+0x19e/0x38d kernel/panic.c:112
[<ffffffff8140a3a8>] warn_slowpath_common.cold.6+0x20/0x20
kernel/panic.c:455
[<ffffffff8112ffff>] warn_slowpath_fmt+0xbf/0x100 kernel/panic.c:471
[<ffffffff82f6f87f>] skb_warn_bad_offload+0x2af/0x380 net/core/dev.c:2451
[<ffffffff82f87c0e>] __skb_gso_segment+0x3ce/0x490 net/core/dev.c:2609
[<ffffffff82f888cb>] skb_gso_segment include/linux/netdevice.h:3705
[inline]
[<ffffffff82f888cb>] validate_xmit_skb.isra.103.part.104+0x48b/0xaa0
net/core/dev.c:2817
[<ffffffff82f8baf7>] validate_xmit_skb include/linux/spinlock.h:302
[inline]
[<ffffffff82f8baf7>] __dev_queue_xmit+0x1687/0x1c80 net/core/dev.c:3199
[<ffffffff82f8c107>] dev_queue_xmit+0x17/0x20 net/core/dev.c:3241
[<ffffffff82f9d935>] neigh_direct_output+0x15/0x20
net/core/neighbour.c:1366
[<ffffffff83429d29>] dst_neigh_output include/net/dst.h:461 [inline]
[<ffffffff83429d29>] ip6_finish_output2+0x929/0x1ca0
net/ipv6/ip6_output.c:113
[<ffffffff83433368>] ip6_finish_output+0x3b8/0x760
net/ipv6/ip6_output.c:131
[<ffffffff834338c8>] NF_HOOK_COND include/linux/netfilter.h:240 [inline]
[<ffffffff834338c8>] ip6_output+0x1b8/0x520 net/ipv6/ip6_output.c:145
[<ffffffff8355cb9b>] dst_output include/net/dst.h:498 [inline]
[<ffffffff8355cb9b>] ip6_local_out+0x9b/0x180 net/ipv6/output_core.c:169
[<ffffffff83435901>] ip6_send_skb+0xa1/0x340 net/ipv6/ip6_output.c:1725
[<ffffffff834917aa>] udp_v6_send_skb+0x5ba/0xe70 net/ipv6/udp.c:1066
[<ffffffff8349714e>] udpv6_sendmsg+0x1f2e/0x24c0 net/ipv6/udp.c:1330
[<ffffffff83300ef3>] inet_sendmsg+0x203/0x4d0 net/ipv4/af_inet.c:755
[<ffffffff82f1e1fc>] sock_sendmsg_nosec net/socket.c:625 [inline]
[<ffffffff82f1e1fc>] sock_sendmsg+0xcc/0x110 net/socket.c:635
[<ffffffff82f1eedc>] SYSC_sendto+0x21c/0x370 net/socket.c:1665
[<ffffffff82f21560>] SyS_sendto+0x40/0x50 net/socket.c:1633
[<ffffffff838c2825>] entry_SYSCALL_64_fastpath+0x22/0x9e
Dumping ftrace buffer:
(ftrace buffer empty)
Kernel Offset: disabled
Rebooting in 86400 seconds..
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this bug, for details see:
https://goo.gl/tpsmEJ#testing-patches
Reply all
Reply to author
Forward
0 new messages