[v6.1] WARNING in ip6erspan_tunnel_xmit
0 views
Skip to first unread message
syzbot
Mar 21, 2023, 1:40:42 AM3/21/23
to syzkaller...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 7eaef76fbc46 Linux 6.1.20
git tree: linux-6.1.y
console output: https://syzkaller.appspot.com/x/log.txt?x=12193fbec80000
kernel config: https://syzkaller.appspot.com/x/.config?x=29ad3fe3c7b61175
dashboard link: https://syzkaller.appspot.com/bug?extid=bc3b299bcf1b6b0c8a5f
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
userspace arch: arm64
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=103f287ec80000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=13037f76c80000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/34f95428f5fb/disk-7eaef76f.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/1bdd9b2c390d/vmlinux-7eaef76f.xz
kernel image: https://storage.googleapis.com/syzbot-assets/419140981cfa/Image-7eaef76f.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+bc3b29...@syzkaller.appspotmail.com
------------[ cut here ]------------
WARNING: CPU: 0 PID: 4307 at include/linux/skbuff.h:2847 skb_mac_header include/linux/skbuff.h:2847 [inline]
WARNING: CPU: 0 PID: 4307 at include/linux/skbuff.h:2847 ip6erspan_tunnel_xmit+0x1178/0x195c net/ipv6/ip6_gre.c:984
Modules linked in:
CPU: 0 PID: 4307 Comm: syz-executor651 Not tainted 6.1.20-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : skb_mac_header include/linux/skbuff.h:2847 [inline]
pc : ip6erspan_tunnel_xmit+0x1178/0x195c net/ipv6/ip6_gre.c:984
lr : skb_mac_header include/linux/skbuff.h:2847 [inline]
lr : ip6erspan_tunnel_xmit+0x1178/0x195c net/ipv6/ip6_gre.c:984
sp : ffff80001dc47460
x29: ffff80001dc47620 x28: 1fffe0001b3acedf x27: 00000000000000d0
x26: dfff800000000000 x25: ffff0000d9228800 x24: 000000000000ffff
x23: ffff0000d9d676fa x22: ffff0000d9d676b0 x21: 1fffe0001b3aced6
x20: 000000000000ffff x19: ffff0000d9d67640 x18: ffff80001dc47380
x17: ffff800011206d6c x16: ffff800008503bb4 x15: 000000000000b031
x14: 00000000ffffffff x13: dfff800000000000 x12: 000000000000000c
x11: ff808000111e8408 x10: 0000000000000000 x9 : ffff8000111e8408
x8 : ffff0000cd1151c0 x7 : 0000000000000000 x6 : 0000000000000000
x5 : 0000000000000000 x4 : 0000000000000000 x3 : 0000000000000020
x2 : ffff0000c1476cd0 x1 : 000000000000ffff x0 : 000000000000ffff
Call trace:
skb_mac_header include/linux/skbuff.h:2847 [inline]
ip6erspan_tunnel_xmit+0x1178/0x195c net/ipv6/ip6_gre.c:984
__netdev_start_xmit include/linux/netdevice.h:4847 [inline]
netdev_start_xmit include/linux/netdevice.h:4861 [inline]
__dev_direct_xmit+0x468/0x830 net/core/dev.c:4314
dev_direct_xmit include/linux/netdevice.h:3028 [inline]
packet_direct_xmit+0x15c/0x2d0 net/packet/af_packet.c:282
packet_snd net/packet/af_packet.c:3072 [inline]
packet_sendmsg+0x364c/0x4c5c net/packet/af_packet.c:3103
sock_sendmsg_nosec net/socket.c:716 [inline]
sock_sendmsg net/socket.c:736 [inline]
__sys_sendto+0x3b4/0x504 net/socket.c:2117
__do_sys_sendto net/socket.c:2129 [inline]
__se_sys_sendto net/socket.c:2125 [inline]
__arm64_sys_sendto+0xd8/0xf8 net/socket.c:2125
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2c0 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x64/0x218 arch/arm64/kernel/syscall.c:206
el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:581
irq event stamp: 2603
hardirqs last enabled at (2601): [<ffff80001233903c>] __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:151 [inline]
hardirqs last enabled at (2601): [<ffff80001233903c>] _raw_spin_unlock_irqrestore+0x48/0xac kernel/locking/spinlock.c:194
hardirqs last disabled at (2603): [<ffff8000122560d4>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:405
softirqs last enabled at (2588): [<ffff8000080337c4>] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:32
softirqs last disabled at (2602): [<ffff800010503bec>] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:19
---[ end trace 0000000000000000 ]---
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this issue, for details see:
https://goo.gl/tpsmEJ#testing-patches
syzbot found the following issue on:
HEAD commit: 7eaef76fbc46 Linux 6.1.20
git tree: linux-6.1.y
console output: https://syzkaller.appspot.com/x/log.txt?x=12193fbec80000
kernel config: https://syzkaller.appspot.com/x/.config?x=29ad3fe3c7b61175
dashboard link: https://syzkaller.appspot.com/bug?extid=bc3b299bcf1b6b0c8a5f
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
userspace arch: arm64
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=103f287ec80000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=13037f76c80000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/34f95428f5fb/disk-7eaef76f.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/1bdd9b2c390d/vmlinux-7eaef76f.xz
kernel image: https://storage.googleapis.com/syzbot-assets/419140981cfa/Image-7eaef76f.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+bc3b29...@syzkaller.appspotmail.com
------------[ cut here ]------------
WARNING: CPU: 0 PID: 4307 at include/linux/skbuff.h:2847 skb_mac_header include/linux/skbuff.h:2847 [inline]
WARNING: CPU: 0 PID: 4307 at include/linux/skbuff.h:2847 ip6erspan_tunnel_xmit+0x1178/0x195c net/ipv6/ip6_gre.c:984
Modules linked in:
CPU: 0 PID: 4307 Comm: syz-executor651 Not tainted 6.1.20-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : skb_mac_header include/linux/skbuff.h:2847 [inline]
pc : ip6erspan_tunnel_xmit+0x1178/0x195c net/ipv6/ip6_gre.c:984
lr : skb_mac_header include/linux/skbuff.h:2847 [inline]
lr : ip6erspan_tunnel_xmit+0x1178/0x195c net/ipv6/ip6_gre.c:984
sp : ffff80001dc47460
x29: ffff80001dc47620 x28: 1fffe0001b3acedf x27: 00000000000000d0
x26: dfff800000000000 x25: ffff0000d9228800 x24: 000000000000ffff
x23: ffff0000d9d676fa x22: ffff0000d9d676b0 x21: 1fffe0001b3aced6
x20: 000000000000ffff x19: ffff0000d9d67640 x18: ffff80001dc47380
x17: ffff800011206d6c x16: ffff800008503bb4 x15: 000000000000b031
x14: 00000000ffffffff x13: dfff800000000000 x12: 000000000000000c
x11: ff808000111e8408 x10: 0000000000000000 x9 : ffff8000111e8408
x8 : ffff0000cd1151c0 x7 : 0000000000000000 x6 : 0000000000000000
x5 : 0000000000000000 x4 : 0000000000000000 x3 : 0000000000000020
x2 : ffff0000c1476cd0 x1 : 000000000000ffff x0 : 000000000000ffff
Call trace:
skb_mac_header include/linux/skbuff.h:2847 [inline]
ip6erspan_tunnel_xmit+0x1178/0x195c net/ipv6/ip6_gre.c:984
__netdev_start_xmit include/linux/netdevice.h:4847 [inline]
netdev_start_xmit include/linux/netdevice.h:4861 [inline]
__dev_direct_xmit+0x468/0x830 net/core/dev.c:4314
dev_direct_xmit include/linux/netdevice.h:3028 [inline]
packet_direct_xmit+0x15c/0x2d0 net/packet/af_packet.c:282
packet_snd net/packet/af_packet.c:3072 [inline]
packet_sendmsg+0x364c/0x4c5c net/packet/af_packet.c:3103
sock_sendmsg_nosec net/socket.c:716 [inline]
sock_sendmsg net/socket.c:736 [inline]
__sys_sendto+0x3b4/0x504 net/socket.c:2117
__do_sys_sendto net/socket.c:2129 [inline]
__se_sys_sendto net/socket.c:2125 [inline]
__arm64_sys_sendto+0xd8/0xf8 net/socket.c:2125
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2c0 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x64/0x218 arch/arm64/kernel/syscall.c:206
el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:581
irq event stamp: 2603
hardirqs last enabled at (2601): [<ffff80001233903c>] __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:151 [inline]
hardirqs last enabled at (2601): [<ffff80001233903c>] _raw_spin_unlock_irqrestore+0x48/0xac kernel/locking/spinlock.c:194
hardirqs last disabled at (2603): [<ffff8000122560d4>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:405
softirqs last enabled at (2588): [<ffff8000080337c4>] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:32
softirqs last disabled at (2602): [<ffff800010503bec>] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:19
---[ end trace 0000000000000000 ]---
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this issue, for details see:
https://goo.gl/tpsmEJ#testing-patches
syzbot
Apr 20, 2023, 5:31:21 PM4/20/23
to syzkaller...@googlegroups.com
syzbot suspects this issue was fixed by commit:
commit 9c7d6803689c99d55bbb862260d0ba486ff23c0b
Author: Eric Dumazet <edum...@google.com>
Date: Mon Mar 20 16:34:27 2023 +0000
erspan: do not use skb_mac_header() in ndo_start_xmit()
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=158193afc80000
start commit: 7eaef76fbc46 Linux 6.1.20
git tree: linux-6.1.y
#syz fix: erspan: do not use skb_mac_header() in ndo_start_xmit()
For information about bisection process see: https://goo.gl/tpsmEJ#bisection
commit 9c7d6803689c99d55bbb862260d0ba486ff23c0b
Author: Eric Dumazet <edum...@google.com>
Date: Mon Mar 20 16:34:27 2023 +0000
erspan: do not use skb_mac_header() in ndo_start_xmit()
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=158193afc80000
start commit: 7eaef76fbc46 Linux 6.1.20
git tree: linux-6.1.y
kernel config: https://syzkaller.appspot.com/x/.config?x=29ad3fe3c7b61175
dashboard link: https://syzkaller.appspot.com/bug?extid=bc3b299bcf1b6b0c8a5f
dashboard link: https://syzkaller.appspot.com/bug?extid=bc3b299bcf1b6b0c8a5f
userspace arch: arm64
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=103f287ec80000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=13037f76c80000
If the result looks correct, please mark the issue as fixed by replying with:
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=103f287ec80000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=13037f76c80000
#syz fix: erspan: do not use skb_mac_header() in ndo_start_xmit()
For information about bisection process see: https://goo.gl/tpsmEJ#bisection
Reply all
Reply to author
Forward
0 new messages