syzbot

 sign-in | mailing list | source | docs
🐞 Open [70]
🐞 Fixed [22]
🐞 Invalid [333]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
💬 Send us feedback

kernel BUG in validate_xmit_skb

Status: auto-obsoleted due to no activity on 2023/09/27 09:58
First crash: 546d, last: 511d
Similar bugs (4)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-4.19 kernel BUG at net/core/dev.c:LINE! (2) C error 90 769d 1441d 0/1 upstream: reported C repro on 2020/12/11 13:29
linux-4.14 kernel BUG in validate_xmit_skb 1 1380d 1380d 0/1 auto-closed as invalid on 2021/06/10 04:03
upstream kernel BUG at net/core/dev.c:LINE! (4) C done done 432 1072d 1460d 20/28 fixed on 2022/03/08 16:11
android-54 kernel BUG in validate_xmit_skb (2) C 4 62d 229d 0/2 upstream: reported C repro on 2024/04/06 15:44

Sample crash report:
------------[ cut here ]------------
kernel BUG at net/core/dev.c:2867!
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
CPU: 0 PID: 0 Comm: swapper/0 Tainted: G        W         5.4.242-syzkaller-00017-g487daef44f9f #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023
RIP: 0010:skb_checksum_help+0x86c/0x880 net/core/dev.c:2867
Code: af 16 fe e9 b3 fc ff ff 89 d9 80 e1 07 80 c1 03 38 c1 0f 8c d0 fc ff ff 48 89 df e8 ce af 16 fe e9 c3 fc ff ff e8 a4 f5 e6 fd <0f> 0b e8 9d f5 e6 fd 0f 0b 66 66 2e 0f 1f 84 00 00 00 00 00 41 57
RSP: 0018:ffff8881f6e08a88 EFLAGS: 00010206
RAX: ffffffff837d343c RBX: 00000000ffff0040 RCX: ffffffff85e18d00
RDX: 0000000000000b01 RSI: 0000000000000094 RDI: 00000000ffff0040
RBP: 0000000000000094 R08: ffffffff837d2e37 R09: ffffffff837d5807
R10: ffffffff85e18d00 R11: 0000000000000002 R12: ffff8881c8f6e430
R13: 0000000000000094 R14: ffff8881c8f6e3c0 R15: 1ffff110391edc86
FS:  0000000000000000(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000c0019c1000 CR3: 00000001eded7000 CR4: 00000000003406b0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <IRQ>
 skb_csum_hwoffload_help net/core/dev.c:3261 [inline]
 validate_xmit_skb+0x654/0xc50 net/core/dev.c:3304
 __dev_queue_xmit+0xf7d/0x27e0 net/core/dev.c:3784
 neigh_output include/net/neighbour.h:525 [inline]
 ip_finish_output2+0xb92/0xfc0 net/ipv4/ip_output.c:236
 NF_HOOK_COND include/linux/netfilter.h:297 [inline]
 ip_output+0x19b/0x3a0 net/ipv4/ip_output.c:440
 iptunnel_xmit+0x476/0x850 net/ipv4/ip_tunnel_core.c:78
 ip_tunnel_xmit+0x1a4e/0x2320 net/ipv4/ip_tunnel.c:817
 __gre_xmit net/ipv4/ip_gre.c:442 [inline]
 ipgre_xmit+0x7b3/0xac0 net/ipv4/ip_gre.c:634
 __netdev_start_xmit include/linux/netdevice.h:4521 [inline]
 netdev_start_xmit include/linux/netdevice.h:4535 [inline]
 xmit_one net/core/dev.c:3211 [inline]
 dev_hard_start_xmit+0x1b7/0x6b0 net/core/dev.c:3227
 __dev_queue_xmit+0x14da/0x27e0 net/core/dev.c:3792
 neigh_output include/net/neighbour.h:525 [inline]
 ip6_finish_output2+0xf9e/0x18e0 net/ipv6/ip6_output.c:144
 NF_HOOK_COND include/linux/netfilter.h:297 [inline]
 ip6_output+0x1b3/0x430 net/ipv6/ip6_output.c:242
 dst_output include/net/dst.h:444 [inline]
 ip6_local_out+0x1ff/0x490 net/ipv6/output_core.c:161
 ip6tunnel_xmit include/net/ip6_tunnel.h:160 [inline]
 udp_tunnel6_xmit_skb+0x3fb/0x7d0 net/ipv6/ip6_udp_tunnel.c:114
 tipc_udp_xmit+0x659/0x9e0 net/tipc/udp_media.c:210
 tipc_udp_send_msg+0x220/0x300 net/tipc/udp_media.c:261
 tipc_bearer_xmit_skb+0x20f/0x2c0 net/tipc/bearer.c:524
 tipc_disc_timeout+0x6cb/0x880 net/tipc/discover.c:337
 call_timer_fn+0x36/0x390 kernel/time/timer.c:1418
 expire_timers kernel/time/timer.c:1463 [inline]
 __run_timers+0x879/0xbe0 kernel/time/timer.c:1787
 run_timer_softirq+0x63/0xf0 kernel/time/timer.c:1800
 __do_softirq+0x23b/0x6b7 kernel/softirq.c:292
 invoke_softirq kernel/softirq.c:373 [inline]
 irq_exit+0x195/0x1c0 kernel/softirq.c:413
 exiting_irq arch/x86/include/asm/apic.h:538 [inline]
 smp_apic_timer_interrupt+0x11a/0x460 arch/x86/kernel/apic/apic.c:1150
 apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:834
 </IRQ>
Modules linked in:
---[ end trace e13e27db0f615c61 ]---
RIP: 0010:skb_checksum_help+0x86c/0x880 net/core/dev.c:2867
Code: af 16 fe e9 b3 fc ff ff 89 d9 80 e1 07 80 c1 03 38 c1 0f 8c d0 fc ff ff 48 89 df e8 ce af 16 fe e9 c3 fc ff ff e8 a4 f5 e6 fd <0f> 0b e8 9d f5 e6 fd 0f 0b 66 66 2e 0f 1f 84 00 00 00 00 00 41 57
RSP: 0018:ffff8881f6e08a88 EFLAGS: 00010206
RAX: ffffffff837d343c RBX: 00000000ffff0040 RCX: ffffffff85e18d00
RDX: 0000000000000b01 RSI: 0000000000000094 RDI: 00000000ffff0040
RBP: 0000000000000094 R08: ffffffff837d2e37 R09: ffffffff837d5807
R10: ffffffff85e18d00 R11: 0000000000000002 R12: ffff8881c8f6e430
R13: 0000000000000094 R14: ffff8881c8f6e3c0 R15: 1ffff110391edc86
FS:  0000000000000000(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000c0019c1000 CR3: 00000001eded7000 CR4: 00000000003406b0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400

Crashes (2):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2023/06/29 09:49 android12-5.4 487daef44f9f 134ddc02 .config console log report info ci2-android-5-4-kasan kernel BUG in validate_xmit_skb
2023/05/25 09:12 android12-5.4 e7141bb18b62 4bce1a3e .config console log report info ci2-android-5-4-kasan kernel BUG in validate_xmit_skb
* Struck through repros no longer work on HEAD.