syzbot


WARNING in skb_warn_bad_offload

Status: fixed on 2018/04/09 09:36
Subsystems: net
[Documentation on labels]
Reported-by: syzbot+abb66e15eb1b298dfe4a13375f18a278d5940e6f@syzkaller.appspotmail.com
Fix commit: 8d74e9f88d65 net: avoid skb_warn_bad_offload on IS_ERR
First crash: 2506d, last: 2298d
Similar bugs (8)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-4.14 WARNING in skb_warn_bad_offload C inconclusive 81 777d 1638d 0/1 upstream: reported C repro on 2019/12/25 14:39
android-49 WARNING in skb_warn_bad_offload (3) C 2188 1659d 1896d 0/3 public: reported C repro on 2019/04/11 08:44
android-49 WARNING in skb_warn_bad_offload C 442 2416d 2523d 1/3 fixed on 2017/11/07 12:35
android-44 WARNING in skb_warn_bad_offload C 2265 1659d 1896d 0/2 public: reported C repro on 2019/04/12 00:00
upstream WARNING in skb_warn_bad_offload (3) net C done 115 482d 619d 22/27 fixed on 2023/02/24 13:50
android-49 WARNING in skb_warn_bad_offload (2) C 2630 2247d 2416d 0/3 closed as invalid on 2018/04/25 20:49
upstream WARNING in skb_warn_bad_offload (4) net C done 1763 244d 271d 25/27 fixed on 2023/12/21 03:45
upstream WARNING in skb_warn_bad_offload (2) net C 6 2244d 2244d 8/27 fixed on 2018/07/09 18:05

Sample crash report:
device syz0 entered promiscuous mode
------------[ cut here ]------------
syz0: caps=(0x00000800000058c1, 0x0000000000000000) len=28 data_len=0 gso_size=8 gso_type=3 ip_summed=0
WARNING: CPU: 1 PID: 3189 at net/core/dev.c:2600 skb_warn_bad_offload+0x2bd/0x3c0 net/core/dev.c:2595
Kernel panic - not syncing: panic_on_warn set ...

CPU: 1 PID: 3189 Comm: syzkaller869912 Not tainted 4.15.0-rc5+ #243
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0x194/0x257 lib/dump_stack.c:53
 panic+0x1e4/0x41c kernel/panic.c:183
 __warn+0x1dc/0x200 kernel/panic.c:547
 report_bug+0x211/0x2d0 lib/bug.c:184
 fixup_bug.part.11+0x37/0x80 arch/x86/kernel/traps.c:178
 fixup_bug arch/x86/kernel/traps.c:247 [inline]
 do_error_trap+0x2d7/0x3e0 arch/x86/kernel/traps.c:296
 do_invalid_op+0x1b/0x20 arch/x86/kernel/traps.c:315
 invalid_op+0x22/0x40 arch/x86/entry/entry_64.S:1079
RIP: 0010:skb_warn_bad_offload+0x2bd/0x3c0 net/core/dev.c:2595
RSP: 0018:ffff8801c6c5f098 EFLAGS: 00010286
RAX: dffffc0000000008 RBX: ffff8801c64c8300 RCX: ffffffff8159b75e
RDX: 0000000000000000 RSI: 1ffff10038d8bdce RDI: ffff8801c6c5eda0
RBP: ffff8801c6c5f0f0 R08: 1ffff10038d8bd90 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
R13: ffff8801c64c8300 R14: ffff8801c640cee0 R15: 0000000000000003
 __skb_gso_segment+0x612/0x800 net/core/dev.c:2807
 skb_gso_segment include/linux/netdevice.h:3993 [inline]
 validate_xmit_skb+0x4ba/0xb20 net/core/dev.c:3057
 validate_xmit_skb_list+0xb7/0x120 net/core/dev.c:3108
 sch_direct_xmit+0x3b6/0x6d0 net/sched/sch_generic.c:182
 __dev_xmit_skb net/core/dev.c:3189 [inline]
 __dev_queue_xmit+0x196d/0x2370 net/core/dev.c:3456
 dev_queue_xmit+0x17/0x20 net/core/dev.c:3521
 packet_snd net/packet/af_packet.c:2943 [inline]
 packet_sendmsg+0x3ad5/0x60a0 net/packet/af_packet.c:2968
 sock_sendmsg_nosec net/socket.c:636 [inline]
 sock_sendmsg+0xca/0x110 net/socket.c:646
 sock_write_iter+0x31a/0x5d0 net/socket.c:915
 call_write_iter include/linux/fs.h:1772 [inline]
 new_sync_write fs/read_write.c:469 [inline]
 __vfs_write+0x684/0x970 fs/read_write.c:482
 vfs_write+0x189/0x510 fs/read_write.c:544
 SYSC_write fs/read_write.c:589 [inline]
 SyS_write+0xef/0x220 fs/read_write.c:581
 entry_SYSCALL_64_fastpath+0x1f/0x96
RIP: 0033:0x4441a9
RSP: 002b:00007fff581d1318 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 00000000004002e0 RCX: 00000000004441a9
RDX: 0000000000000026 RSI: 0000000020384000 RDI: 0000000000000005
RBP: 00000000006ce018 R08: 0000000000401e90 R09: 0000000000401e90
R10: 0000000000401e90 R11: 0000000000000293 R12: 0000000000401e90
R13: 0000000000401f20 R14: 0000000000000000 R15: 0000000000000000
Dumping ftrace buffer:
   (ftrace buffer empty)
Kernel Offset: disabled
Rebooting in 86400 seconds..

Crashes (6527):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2017/12/31 08:19 upstream 71ee203389f7 bb6384b8 .config console log report syz C ci-upstream-kasan-gce
2017/12/25 08:09 upstream 464e1d5f23cc 73aba437 .config console log report syz C ci-upstream-kasan-gce
2017/12/19 03:37 upstream ace52288edf0 1c4160ef .config console log report syz C ci-upstream-kasan-gce
2017/12/03 19:06 upstream ae64f9bd1d36 48359b97 .config console log report syz C ci-upstream-kasan-gce
2017/09/12 14:31 upstream c971aa3693e1 0bd6a0a5 .config console log report syz C ci-upstream-kasan-gce
2017/08/20 15:11 upstream 58d4e450a490 f238fbd4 .config console log report syz C ci-upstream-kasan-gce
2017/12/31 04:48 upstream 71ee203389f7 bb6384b8 .config console log report syz C ci-upstream-kasan-gce-386
2017/12/25 01:40 upstream 464e1d5f23cc 73aba437 .config console log report syz C ci-upstream-kasan-gce-386
2017/09/26 18:49 upstream e365806ac289 c26ea367 .config console log report syz C ci-upstream-kasan-gce-386
2017/09/12 14:31 net-next-old ad9a19d00370 96b8e399 .config console log report syz C ci-upstream-net-kasan-gce
2017/12/20 01:47 mmots 82bcf1def3b5 2d836b1d .config console log report syz C ci-upstream-mmots-kasan-gce
2017/12/04 12:53 linux-next 7cc61a0a562c 48359b97 .config console log report syz C ci-upstream-next-kasan-gce
2017/12/03 17:04 mmots 4131d5166185 29b0fd90 .config console log report syz C ci-upstream-mmots-kasan-gce
2017/09/21 09:35 mmots 720bbe532b7c c26ea367 .config console log report syz C ci-upstream-mmots-kasan-gce
2017/09/14 22:33 mmots 720bbe532b7c c26ea367 .config console log report syz C ci-upstream-mmots-kasan-gce
2017/09/12 14:33 linux-next 0d71e2d4aa14 0bd6a0a5 .config console log report syz C ci-upstream-next-kasan-gce
2017/09/12 14:19 linux-next 0d71e2d4aa14 0bd6a0a5 .config console log report syz C ci-upstream-next-kasan-gce
2017/12/19 04:26 upstream ace52288edf0 1c4160ef .config console log report syz ci-upstream-kasan-gce-386
2017/12/02 07:27 upstream a0651c7fa2c0 48359b97 .config console log report syz ci-upstream-kasan-gce-386
2018/02/19 16:50 upstream 91ab883eb213 833f78c7 .config console log report ci-upstream-kasan-gce
2018/02/16 00:59 upstream 1388c80438e6 c8b3f7c1 .config console log report ci-upstream-kasan-gce
2018/02/14 17:25 upstream 61f14c015f5b 88bc17df .config console log report ci-upstream-kasan-gce
2018/02/01 00:50 upstream 3da90b159b14 02553e22 .config console log report ci-upstream-kasan-gce
2018/01/31 23:07 upstream 3da90b159b14 02553e22 .config console log report ci-upstream-kasan-gce
2018/01/31 20:09 upstream 3da90b159b14 02553e22 .config console log report ci-upstream-kasan-gce
2018/01/31 12:47 upstream 72906f38934a 02553e22 .config console log report ci-upstream-kasan-gce
2018/01/31 10:05 upstream 72906f38934a 02553e22 .config console log report ci-upstream-kasan-gce
2018/01/31 05:30 upstream 72906f38934a 02553e22 .config console log report ci-upstream-kasan-gce
2018/01/30 22:44 upstream 72906f38934a a899be78 .config console log report ci-upstream-kasan-gce
2018/01/30 13:58 upstream 6304672b7f0a a899be78 .config console log report ci-upstream-kasan-gce
2018/01/30 12:51 upstream 6304672b7f0a a899be78 .config console log report ci-upstream-kasan-gce
2018/01/30 10:02 upstream 6304672b7f0a 08d47756 .config console log report ci-upstream-kasan-gce
2018/01/30 06:08 upstream 6304672b7f0a 08d47756 .config console log report ci-upstream-kasan-gce
2018/01/29 21:56 upstream d8a5b80568a9 08d47756 .config console log report ci-upstream-kasan-gce
2018/01/29 17:29 upstream d8a5b80568a9 08d47756 .config console log report ci-upstream-kasan-gce
2018/03/05 11:20 net-next-old ca435f88c102 2c6f473e .config console log report ci-upstream-net-kasan-gce
2018/03/04 18:17 net-next-old e4e31cf07d0c 2c6f473e .config console log report ci-upstream-net-kasan-gce
2018/03/04 09:57 net-next-old e4e31cf07d0c 2c6f473e .config console log report ci-upstream-net-kasan-gce
2018/03/04 08:03 net-next-old e4e31cf07d0c 2c6f473e .config console log report ci-upstream-net-kasan-gce
2018/03/04 06:11 net-next-old e4e31cf07d0c 2c6f473e .config console log report ci-upstream-net-kasan-gce
2018/03/03 19:26 net-next-old e4e31cf07d0c 2c6f473e .config console log report ci-upstream-net-kasan-gce
2018/03/03 12:16 net-next-old 3c34cb9defb0 2c6f473e .config console log report ci-upstream-net-kasan-gce
2018/03/03 09:04 net-next-old 3c34cb9defb0 2c6f473e .config console log report ci-upstream-net-kasan-gce
2018/03/03 06:09 net-next-old 3c34cb9defb0 2c6f473e .config console log report ci-upstream-net-kasan-gce
2018/03/02 19:27 net-next-old 23e19fd4fb07 2c6f473e .config console log report ci-upstream-net-kasan-gce
2018/03/02 17:31 net-next-old 23e19fd4fb07 2c6f473e .config console log report ci-upstream-net-kasan-gce
2018/03/02 15:52 net-next-old 23e19fd4fb07 2c6f473e .config console log report ci-upstream-net-kasan-gce
2018/03/02 14:08 net-next-old 23e19fd4fb07 2c6f473e .config console log report ci-upstream-net-kasan-gce
2018/03/02 09:18 net-next-old f1c02cfb7b30 2c6f473e .config console log report ci-upstream-net-kasan-gce
2018/03/02 06:41 net-next-old f1c02cfb7b30 2c6f473e .config console log report ci-upstream-net-kasan-gce
2018/03/01 22:31 net-next-old f1c02cfb7b30 2c6f473e .config console log report ci-upstream-net-kasan-gce
2018/03/01 19:49 net-next-old a25724b05af0 c4089507 .config console log report ci-upstream-net-kasan-gce
2018/03/01 10:18 net-next-old a25724b05af0 c4089507 .config console log report ci-upstream-net-kasan-gce
2018/03/01 04:21 net-next-old fb66cb077560 05b5a32c .config console log report ci-upstream-net-kasan-gce
2018/03/01 02:33 net-next-old fb66cb077560 05b5a32c .config console log report ci-upstream-net-kasan-gce
2018/02/28 21:52 net-next-old fb66cb077560 05b5a32c .config console log report ci-upstream-net-kasan-gce
2018/02/28 16:29 net-next-old fb66cb077560 05b5a32c .config console log report ci-upstream-net-kasan-gce
2018/02/28 11:48 net-next-old 3f5a68300a40 05b5a32c .config console log report ci-upstream-net-kasan-gce
2018/02/28 06:39 net-next-old 3f5a68300a40 05b5a32c .config console log report ci-upstream-net-kasan-gce
2018/02/28 05:00 net-next-old 3f5a68300a40 05b5a32c .config console log report ci-upstream-net-kasan-gce
2018/02/27 15:00 net-next-old 3808b51911fe 05b5a32c .config console log report ci-upstream-net-kasan-gce
2018/02/26 18:55 net-next-old ba6056a41cb0 9fe8aa42 .config console log report ci-upstream-net-kasan-gce
2018/02/26 16:03 net-next-old f74290fdb363 9fe8aa42 .config console log report ci-upstream-net-kasan-gce
2018/02/26 14:00 net-next-old f74290fdb363 9fe8aa42 .config console log report ci-upstream-net-kasan-gce
2018/02/26 11:50 net-next-old f74290fdb363 9fe8aa42 .config console log report ci-upstream-net-kasan-gce
* Struck through repros no longer work on HEAD.