syzbot

 sign-in | mailing list | source | docs
🐞 Open [984] Subsystems 🐞 Fixed [5216] 🐞 Invalid [12474] Missing Backports [82] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

WARNING in skb_warn_bad_offload (2)

Status: fixed on 2018/07/09 18:05
Subsystems: net
[Documentation on labels]
Fix commit: a8c744a8b437 udp: disable gso with no_check_tx
First crash: 2183d, last: 2183d
Similar bugs (8)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-4.14 WARNING in skb_warn_bad_offload C inconclusive 81 715d 1576d 0/1 upstream: reported C repro on 2019/12/25 14:39
android-49 WARNING in skb_warn_bad_offload (3) C 2188 1598d 1835d 0/3 public: reported C repro on 2019/04/11 08:44
android-49 WARNING in skb_warn_bad_offload C 442 2355d 2461d 1/3 fixed on 2017/11/07 12:35
android-44 WARNING in skb_warn_bad_offload C 2265 1597d 1834d 0/2 public: reported C repro on 2019/04/12 00:00
upstream WARNING in skb_warn_bad_offload (3) net C done 115 420d 557d 22/26 fixed on 2023/02/24 13:50
upstream WARNING in skb_warn_bad_offload net C 6527 2237d 2360d 5/26 fixed on 2018/04/09 09:36
android-49 WARNING in skb_warn_bad_offload (2) C 2630 2185d 2354d 0/3 closed as invalid on 2018/04/25 20:49
upstream WARNING in skb_warn_bad_offload (4) net C done 1763 182d 210d 25/26 fixed on 2023/12/21 03:45

Sample crash report:
IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready
8021q: adding VLAN 0 to HW filter on device team0
IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
------------[ cut here ]------------
ip6tnl0: caps=(0x00000000401d7869, 0x00000000401d7869) len=353 data_len=209 gso_size=6 gso_type=131072 ip_summed=0
WARNING: CPU: 1 PID: 4481 at net/core/dev.c:2663 skb_warn_bad_offload+0x2bc/0x600 net/core/dev.c:2658
Kernel panic - not syncing: panic_on_warn set ...

CPU: 1 PID: 4481 Comm: syz-executor820 Not tainted 4.17.0-rc2+ #23
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x1b9/0x294 lib/dump_stack.c:113
 panic+0x22f/0x4de kernel/panic.c:184
 __warn.cold.8+0x163/0x1b3 kernel/panic.c:536
 report_bug+0x252/0x2d0 lib/bug.c:186
 fixup_bug arch/x86/kernel/traps.c:178 [inline]
 do_error_trap+0x1de/0x490 arch/x86/kernel/traps.c:296
 do_invalid_op+0x1b/0x20 arch/x86/kernel/traps.c:315
 invalid_op+0x14/0x20 arch/x86/entry/entry_64.S:992
RIP: 0010:skb_warn_bad_offload+0x2bc/0x600 net/core/dev.c:2658
RSP: 0018:ffff8801b0d5e868 EFLAGS: 00010286
RAX: 0000000000000072 RBX: ffff8801abd08850 RCX: ffffffff8160a8ad
RDX: 0000000000000000 RSI: ffffffff8160f561 RDI: ffff8801b0d5e3c8
RBP: ffff8801b0d5e8c0 R08: ffff8801b4cc6400 R09: 0000000000000002
R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
R13: ffff8801d7cdeba0 R14: 0000000000020000 R15: 0000000000000006
 __skb_gso_segment+0x6ab/0x870 net/core/dev.c:2870
 skb_gso_segment include/linux/netdevice.h:4038 [inline]
 validate_xmit_skb+0x54d/0xd90 net/core/dev.c:3120
 __dev_queue_xmit+0xbf8/0x34c0 net/core/dev.c:3577
 dev_queue_xmit+0x17/0x20 net/core/dev.c:3618
 neigh_direct_output+0x15/0x20 net/core/neighbour.c:1401
 neigh_output include/net/neighbour.h:483 [inline]
 ip6_finish_output2+0xc93/0x2800 net/ipv6/ip6_output.c:120
 ip6_finish_output+0x5fe/0xbc0 net/ipv6/ip6_output.c:154
 NF_HOOK_COND include/linux/netfilter.h:277 [inline]
 ip6_output+0x227/0x9b0 net/ipv6/ip6_output.c:171
 dst_output include/net/dst.h:444 [inline]
 ip6_local_out+0xc5/0x1b0 net/ipv6/output_core.c:176
 ip6_send_skb+0xba/0x340 net/ipv6/ip6_output.c:1715
 udp_v6_send_skb.isra.24+0xa42/0x1250 net/ipv6/udp.c:1079
 udpv6_sendmsg+0x2a7c/0x32a0 net/ipv6/udp.c:1356
 inet_sendmsg+0x19f/0x690 net/ipv4/af_inet.c:798
 sock_sendmsg_nosec net/socket.c:629 [inline]
 sock_sendmsg+0xd5/0x120 net/socket.c:639
 ___sys_sendmsg+0x525/0x940 net/socket.c:2117
 __sys_sendmmsg+0x240/0x6f0 net/socket.c:2212
 __do_sys_sendmmsg net/socket.c:2241 [inline]
 __se_sys_sendmmsg net/socket.c:2238 [inline]
 __x64_sys_sendmmsg+0x9d/0x100 net/socket.c:2238
 do_syscall_64+0x1b1/0x800 arch/x86/entry/common.c:287
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x441829
RSP: 002b:00007ffd0f219308 EFLAGS: 00000217 ORIG_RAX: 0000000000000133
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000441829
RDX: 040000000000011d RSI: 0000000020001c40 RDI: 0000000000000003
RBP: 00000000006cd018 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000217 R12: 0000000000402520
R13: 00000000004025b0 R14: 0000000000000000 R15: 0000000000000000
Dumping ftrace buffer:
   (ftrace buffer empty)
Kernel Offset: disabled
Rebooting in 86400 seconds..

Crashes (6):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2018/04/28 05:27 net-next-old af201bab50a8 d5a5d045 .config console log report syz C ci-upstream-net-kasan-gce
2018/04/28 10:34 net-next-old af201bab50a8 d5a5d045 .config console log report ci-upstream-net-kasan-gce
2018/04/28 10:22 net-next-old af201bab50a8 d5a5d045 .config console log report ci-upstream-net-kasan-gce
2018/04/28 08:58 net-next-old af201bab50a8 d5a5d045 .config console log report ci-upstream-net-kasan-gce
2018/04/28 06:30 net-next-old af201bab50a8 d5a5d045 .config console log report ci-upstream-net-kasan-gce
2018/04/28 04:52 net-next-old af201bab50a8 d5a5d045 .config console log report ci-upstream-net-kasan-gce
* Struck through repros no longer work on HEAD.