ci2 starts bisection 2023-12-13 03:11:21.011566674 +0000 UTC m=+54761.046255490 bisecting cause commit starting from a9567a35d0b87f17387ee2a86f6092aa6c1c85d0 building syzkaller on ebcad15ccd9a570d2e16081b7b07b288462b7b91 ensuring issue is reproducible on original commit a9567a35d0b87f17387ee2a86f6092aa6c1c85d0 testing commit a9567a35d0b87f17387ee2a86f6092aa6c1c85d0 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: a6ccb4802826f1f16640172f8b4c2c459bcd65366de58f77bebfe8c618e6bf46 all runs: crashed: general protection fault in skb_segment representative crash: general protection fault in skb_segment, types: [UNKNOWN] check whether we can drop unnecessary instrumentation disabling configs for [HANG LEAK UBSAN BUG KASAN LOCKDEP ATOMIC_SLEEP], they are not needed testing commit a9567a35d0b87f17387ee2a86f6092aa6c1c85d0 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 100d0420101a29c433b11ade44e60e73745d17794fd6ab33ef586e44eed585c2 all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in skb_segment representative crash: BUG: unable to handle kernel NULL pointer dereference in skb_segment, types: [UNKNOWN] the bug reproduces without the instrumentation disabling configs for [ATOMIC_SLEEP HANG LEAK UBSAN BUG KASAN LOCKDEP], they are not needed kconfig minimization: base=5179 full=6490 leaves diff=254 split chunks (needed=false): <254> split chunk #0 of len 254 into 5 parts testing without sub-chunk 1/5 disabling configs for [HANG LEAK UBSAN BUG KASAN LOCKDEP ATOMIC_SLEEP], they are not needed testing commit a9567a35d0b87f17387ee2a86f6092aa6c1c85d0 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 85267af85b15ef31d0376cd61f016d6ec1fef664bf9aee959b017129eb6ed6f1 all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in skb_segment representative crash: BUG: unable to handle kernel NULL pointer dereference in skb_segment, types: [UNKNOWN] the chunk can be dropped testing without sub-chunk 2/5 disabling configs for [HANG LEAK UBSAN BUG KASAN LOCKDEP ATOMIC_SLEEP], they are not needed testing commit a9567a35d0b87f17387ee2a86f6092aa6c1c85d0 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 58f86cc369691ca9bafaf9b15457d590f4aaa50ad6593210472829d923918250 all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in skb_segment representative crash: BUG: unable to handle kernel NULL pointer dereference in skb_segment, types: [UNKNOWN] the chunk can be dropped testing without sub-chunk 3/5 disabling configs for [KASAN LOCKDEP ATOMIC_SLEEP HANG LEAK UBSAN BUG], they are not needed testing commit a9567a35d0b87f17387ee2a86f6092aa6c1c85d0 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: af753fc11e438f380c2b6531b072edc0c170c2921348ff087294c993cde86d19 all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in skb_segment representative crash: BUG: unable to handle kernel NULL pointer dereference in skb_segment, types: [UNKNOWN] the chunk can be dropped testing without sub-chunk 4/5 disabling configs for [KASAN LOCKDEP ATOMIC_SLEEP HANG LEAK UBSAN BUG], they are not needed testing commit a9567a35d0b87f17387ee2a86f6092aa6c1c85d0 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: c1fb76c4a3e0b409faa6217a4672ddefc7e1a64b437a53c7cb19f3aeaa5860b0 all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in skb_segment representative crash: BUG: unable to handle kernel NULL pointer dereference in skb_segment, types: [UNKNOWN] the chunk can be dropped testing without sub-chunk 5/5 disabling configs for [HANG LEAK UBSAN BUG KASAN LOCKDEP ATOMIC_SLEEP], they are not needed testing commit a9567a35d0b87f17387ee2a86f6092aa6c1c85d0 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 failed building a9567a35d0b87f17387ee2a86f6092aa6c1c85d0: net/socket.c:1242: undefined reference to `wext_handle_ioctl' net/socket.c:3437: undefined reference to `compat_wext_handle_ioctl' net/core/net-procfs.c:329: undefined reference to `wext_proc_init' net/core/net-procfs.c:345: undefined reference to `wext_proc_exit' minimized to 50 configs; suspects: [HID_ZEROPLUS USB_NET_GL620A USB_NET_MCS7830 USB_NET_NET1080 USB_NET_PLUSB USB_NET_RNDIS_HOST USB_NET_SMSC75XX USB_NET_SMSC95XX USB_NET_SR9700 USB_NET_SR9800 USB_NET_ZAURUS USB_OHCI_HCD USB_OHCI_HCD_PCI USB_OHCI_HCD_PLATFORM USB_OTG USB_OTG_FSM USB_PRINTER USB_SERIAL_GENERIC USB_SERIAL_PL2303 USB_STORAGE_ALAUDA USB_STORAGE_CYPRESS_ATACB USB_STORAGE_DATAFAB USB_STORAGE_FREECOM USB_STORAGE_ISD200 USB_STORAGE_JUMPSHOT USB_STORAGE_KARMA USB_STORAGE_ONETOUCH USB_STORAGE_SDDR09 USB_STORAGE_SDDR55 USB_STORAGE_USBAT USB_TRANCEVIBRATOR USB_U_AUDIO USB_U_ETHER USB_U_SERIAL USB_WDM V4L2_ASYNC V4L2_FWNODE VIDEO_CAMERA_SENSOR WLAN WLAN_VENDOR_ATH WLAN_VENDOR_ATMEL WLAN_VENDOR_BROADCOM WLAN_VENDOR_INTERSIL WLAN_VENDOR_MARVELL WLAN_VENDOR_MEDIATEK WLAN_VENDOR_MICROCHIP WLAN_VENDOR_PURELIFI WLAN_VENDOR_RALINK WLAN_VENDOR_REALTEK WLAN_VENDOR_RSI WLAN_VENDOR_SILABS WLAN_VENDOR_ZYDAS X86_X32_ABI ZEROPLUS_FF] disabling configs for [ATOMIC_SLEEP HANG LEAK UBSAN BUG KASAN LOCKDEP], they are not needed picked [v6.1.57 v6.1.56 v6.1.29 v6.1 v6.0 v5.19 v5.17 v5.15 v5.13 v5.11 v5.9 v5.6 v5.3 v5.0 v4.19] out of 81 release tags testing release v6.1.57 testing commit 082280fe94a09462c727fb6e7b0c982efb36dede gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 046aea292757ca27b5d3730455e455889d89ae8db25047ca33e0be49969830f8 all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in skb_segment representative crash: BUG: unable to handle kernel NULL pointer dereference in skb_segment, types: [UNKNOWN] testing release v6.1.56 testing commit ecda77b46871007ab0e6c671fe9df5795dd8154a gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 42a660147b33ef9e94f9c36dc514d1390317f697bd485f3d1c93981af5864e05 all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in skb_segment representative crash: BUG: unable to handle kernel NULL pointer dereference in skb_segment, types: [UNKNOWN] testing release v6.1.29 testing commit fa74641fb6b93a19ccb50579886ecc98320230f9 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: b7c4c01c71c42f96f79e31f3df852c3c59f171cc38449643a43bf078e678a61d all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in skb_segment representative crash: BUG: unable to handle kernel NULL pointer dereference in skb_segment, types: [UNKNOWN] testing release v6.1 testing commit 830b3c68c1fb1e9176028d02ef86f3cf76aa2476 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: a661c5a627fc8cf4fdfe058ef31c7e68a32e666140faeee750223174a97dd13d all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in skb_segment representative crash: BUG: unable to handle kernel NULL pointer dereference in skb_segment, types: [UNKNOWN] testing release v6.0 testing commit 4fe89d07dcc2804c8b562f6c7896a45643d34b2f gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: f85228613a564e545e7b086ead9aa01f7b7b3bc8a4b3404ea216e135cc02cec8 all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in skb_segment representative crash: BUG: unable to handle kernel NULL pointer dereference in skb_segment, types: [UNKNOWN] testing release v5.19 testing commit 3d7cb6b04c3f3115719235cc6866b10326de34cd gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 7e4f14c7a34b613529171a9e02daf94a62f5011af84320a59afa068e74a7c8c7 all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in skb_segment representative crash: BUG: unable to handle kernel NULL pointer dereference in skb_segment, types: [UNKNOWN] testing release v5.17 testing commit f443e374ae131c168a065ea1748feac6b2e76613 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: b537d4827994dca2129e25feff8a7bca4cfe55c160610eb8364d3e362204e524 all runs: OK false negative chance: 0.000 # git bisect start 3d7cb6b04c3f3115719235cc6866b10326de34cd f443e374ae131c168a065ea1748feac6b2e76613 Bisecting: 16314 revisions left to test after this (roughly 14 steps) [a6f844da39af8046798ba5cadf92a0c54da80b26] Merge tag 'v5.18' into rdma.git for-next testing commit a6f844da39af8046798ba5cadf92a0c54da80b26 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: ce9c1eba1b41a3a6fb828e14453c12aa80dff3760a6f58f4d437b1bb5667633f all runs: OK false negative chance: 0.000 # git bisect good a6f844da39af8046798ba5cadf92a0c54da80b26 Bisecting: 8432 revisions left to test after this (roughly 13 steps) [c011dd537ffe47462051930413fed07dbdc80313] Merge tag 'arm-soc-5.19' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc testing commit c011dd537ffe47462051930413fed07dbdc80313 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 17ad6eefc953ce476d061d1d2a287d14015c5b3f4c731b9b6592ebd7398e092b all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in skb_segment representative crash: BUG: unable to handle kernel NULL pointer dereference in skb_segment, types: [UNKNOWN] # git bisect bad c011dd537ffe47462051930413fed07dbdc80313 Bisecting: 2961 revisions left to test after this (roughly 12 steps) [7e062cda7d90543ac8c7700fc7c5527d0c0f22ad] Merge tag 'net-next-5.19' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next testing commit 7e062cda7d90543ac8c7700fc7c5527d0c0f22ad gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 9ccfda2368df48864532b72876bf32320a2739e1f3b79c31f31be0420563986b all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in skb_segment representative crash: BUG: unable to handle kernel NULL pointer dereference in skb_segment, types: [UNKNOWN] # git bisect bad 7e062cda7d90543ac8c7700fc7c5527d0c0f22ad Bisecting: 2515 revisions left to test after this (roughly 11 steps) [3842007b1a33589d57f67eac479b132b77767514] Merge tag 'zonefs-5.19-rc1-fix' of git://git.kernel.org/pub/scm/linux/kernel/git/dlemoal/zonefs testing commit 3842007b1a33589d57f67eac479b132b77767514 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: a9b04d58aae074883eec9766012b2ba3cfa736633afd61a9093f15fa5bd68eff all runs: OK false negative chance: 0.000 # git bisect good 3842007b1a33589d57f67eac479b132b77767514 Bisecting: 1255 revisions left to test after this (roughly 10 steps) [dc3a2001f61611347c057fea422c382b9ce3cfcb] Merge tag 'mlx5-updates-2022-05-09' of git://git.kernel.org/pub/scm/linux/kernel/git/saeed/linux testing commit dc3a2001f61611347c057fea422c382b9ce3cfcb gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: c8baae38075b8905b1a962db3bb140d74ec5b104b663882a730a695bac5c3fe5 all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in skb_segment representative crash: BUG: unable to handle kernel NULL pointer dereference in skb_segment, types: [UNKNOWN] # git bisect bad dc3a2001f61611347c057fea422c382b9ce3cfcb Bisecting: 607 revisions left to test after this (roughly 9 steps) [50c6afabfd2ae91a4ff0e2feb14fe702b0688ec5] Merge https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next testing commit 50c6afabfd2ae91a4ff0e2feb14fe702b0688ec5 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: c70ae0b4f364eff7a0b6071f5ed620ba600ed77a87ecc4edc447a24751e6b268 all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in skb_segment representative crash: BUG: unable to handle kernel NULL pointer dereference in skb_segment, types: [UNKNOWN] # git bisect bad 50c6afabfd2ae91a4ff0e2feb14fe702b0688ec5 Bisecting: 325 revisions left to test after this (roughly 8 steps) [4867d750b227fa1affb171cd257dd9dde48d7d32] Merge branch 'mneta-page_pool_get_stats' testing commit 4867d750b227fa1affb171cd257dd9dde48d7d32 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: cd6cee925458d7e7da811475e8f53d5da98339afb0c0dfedce7e8a253145701c all runs: OK false negative chance: 0.000 # git bisect good 4867d750b227fa1affb171cd257dd9dde48d7d32 Bisecting: 162 revisions left to test after this (roughly 7 steps) [e21bebf9727a2e96c89c1f35e8f3e04e37afd6de] Merge branch 'add-ethtool-sqi-support-for-lan87xx-t1-phy' testing commit e21bebf9727a2e96c89c1f35e8f3e04e37afd6de gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 794ec6b6dfb4c174d7d5845d2fbb57cdef539b1c385c1bd9621f07e816ceda62 all runs: OK false negative chance: 0.000 # git bisect good e21bebf9727a2e96c89c1f35e8f3e04e37afd6de Bisecting: 81 revisions left to test after this (roughly 6 steps) [afe98d46ba22316acfd198eb5cd4db2ef2d427d7] libbpf: Fix anonymous type check in CO-RE logic testing commit afe98d46ba22316acfd198eb5cd4db2ef2d427d7 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 3d8e6345aec09242e0c273920cd72dc874c19696a6f30231f046524fbcc0bacf all runs: OK false negative chance: 0.000 # git bisect good afe98d46ba22316acfd198eb5cd4db2ef2d427d7 Bisecting: 40 revisions left to test after this (roughly 5 steps) [de6dd626d7082eda383ec77a5e06093c82122d10] net: dsa: ksz: added the generic port_stp_state_set function testing commit de6dd626d7082eda383ec77a5e06093c82122d10 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 33cd4500ed9f9ce3bde31e9a85e4d4dbb7790797a9db7d67c47929602064848f all runs: OK false negative chance: 0.000 # git bisect good de6dd626d7082eda383ec77a5e06093c82122d10 Bisecting: 20 revisions left to test after this (roughly 4 steps) [2b7ff2588ec21dde8a3a66dc927e4e653b175ddb] net: lan966x: Add support for PTP_PF_PEROUT testing commit 2b7ff2588ec21dde8a3a66dc927e4e653b175ddb gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: d7f11e1b6ad742741741dd81801a650d80716712329add82ea1c4ef3bec62ddc all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in skb_segment representative crash: BUG: unable to handle kernel NULL pointer dereference in skb_segment, types: [UNKNOWN] # git bisect bad 2b7ff2588ec21dde8a3a66dc927e4e653b175ddb Bisecting: 9 revisions left to test after this (roughly 3 steps) [bcf3cf93f64597fd3ccdcf79000f064b0c7dc943] mptcp: use mptcp_stop_timer testing commit bcf3cf93f64597fd3ccdcf79000f064b0c7dc943 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 4d64f1d066b89f11c80542e827ab519a74ee34786e2da12a618cd5488442a6b4 all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in skb_segment representative crash: BUG: unable to handle kernel NULL pointer dereference in skb_segment, types: [UNKNOWN] # git bisect bad bcf3cf93f64597fd3ccdcf79000f064b0c7dc943 Bisecting: 4 revisions left to test after this (roughly 2 steps) [c706b2b5ed74d30436b85cbd8e63e969f6b5873a] net: tls: fix async vs NIC crypto offload testing commit c706b2b5ed74d30436b85cbd8e63e969f6b5873a gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: b57f9639f8caed228629ca103db0f8f8f4e4f5f81e9d9dc7f33b3f552c192e8a all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in skb_segment representative crash: BUG: unable to handle kernel NULL pointer dereference in skb_segment, types: [UNKNOWN] # git bisect bad c706b2b5ed74d30436b85cbd8e63e969f6b5873a Bisecting: 2 revisions left to test after this (roughly 1 step) [561215482cc69d1c758944d4463b3d5d96d37bd1] net: usb: qmi_wwan: add support for Sierra Wireless EM7590 testing commit 561215482cc69d1c758944d4463b3d5d96d37bd1 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 66281ebd8fd3a28194236f6f6069e6373b194a348c6d1ac633ac6475c60f25a6 all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in skb_segment representative crash: BUG: unable to handle kernel NULL pointer dereference in skb_segment, types: [UNKNOWN] # git bisect bad 561215482cc69d1c758944d4463b3d5d96d37bd1 Bisecting: 0 revisions left to test after this (roughly 0 steps) [dfed913e8b55a0c2c4906f1242fd38fd9a116e49] net/af_packet: add VLAN support for AF_PACKET SOCK_RAW GSO testing commit dfed913e8b55a0c2c4906f1242fd38fd9a116e49 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 3bd59006a23f2fed644e25842a43bad1b1b93debddec709d62352f9b62382891 all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in skb_segment representative crash: BUG: unable to handle kernel NULL pointer dereference in skb_segment, types: [UNKNOWN] # git bisect bad dfed913e8b55a0c2c4906f1242fd38fd9a116e49 dfed913e8b55a0c2c4906f1242fd38fd9a116e49 is the first bad commit commit dfed913e8b55a0c2c4906f1242fd38fd9a116e49 Author: Hangbin Liu Date: Mon Apr 25 09:45:02 2022 +0800 net/af_packet: add VLAN support for AF_PACKET SOCK_RAW GSO Currently, the kernel drops GSO VLAN tagged packet if it's created with socket(AF_PACKET, SOCK_RAW, 0) plus virtio_net_hdr. The reason is AF_PACKET doesn't adjust the skb network header if there is a VLAN tag. Then after virtio_net_hdr_set_proto() called, the skb->protocol will be set to ETH_P_IP/IPv6. And in later inet/ipv6_gso_segment() the skb is dropped as network header position is invalid. Let's handle VLAN packets by adjusting network header position in packet_parse_headers(). The adjustment is safe and does not affect the later xmit as tap device also did that. In packet_snd(), packet_parse_headers() need to be moved before calling virtio_net_hdr_set_proto(), so we can set correct skb->protocol and network header first. There is no need to update tpacket_snd() as it calls packet_parse_headers() in tpacket_fill_skb(), which is already before calling virtio_net_hdr_* functions. skb->no_fcs setting is also moved upper to make all skb settings together and keep consistency with function packet_sendmsg_spkt(). Signed-off-by: Hangbin Liu Acked-by: Willem de Bruijn Acked-by: Michael S. Tsirkin Link: https://lore.kernel.org/r/20220425014502.985464-1-liuhangbin@gmail.com Signed-off-by: Paolo Abeni net/packet/af_packet.c | 18 +++++++++++++----- 1 file changed, 13 insertions(+), 5 deletions(-) accumulated error probability: 0.00 culprit signature: 3bd59006a23f2fed644e25842a43bad1b1b93debddec709d62352f9b62382891 parent signature: 33cd4500ed9f9ce3bde31e9a85e4d4dbb7790797a9db7d67c47929602064848f revisions tested: 28, total time: 3h49m11.223389138s (build: 1h18m44.767385052s, test: 2h0m50.209917248s) first bad commit: dfed913e8b55a0c2c4906f1242fd38fd9a116e49 net/af_packet: add VLAN support for AF_PACKET SOCK_RAW GSO recipients (to): ["liuhangbin@gmail.com" "mst@redhat.com" "pabeni@redhat.com" "willemb@google.com"] recipients (cc): [] crash: BUG: unable to handle kernel NULL pointer dereference in skb_segment BUG: kernel NULL pointer dereference, address: 0000000000000070 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 11226b067 P4D 11226b067 PUD 112178067 PMD 0 Oops: 0000 [#1] PREEMPT SMP CPU: 1 PID: 432 Comm: syz-executor.0 Not tainted 5.18.0-rc3-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023 RIP: 0010:skb_segment+0xbd5/0xe40 net/core/skbuff.c:4087 Code: ff ff 48 85 c0 74 59 4c 89 5d 90 4c 89 55 98 41 f6 87 83 00 00 00 10 0f 85 0c f7 ff ff 41 80 a7 80 00 00 00 9f e9 ff f6 ff ff <41> 8b 5a 70 e9 94 f7 ff ff a8 01 75 10 48 c7 c1 80 40 b6 81 48 39 RSP: 0018:ffffc90000dab9b8 EFLAGS: 00010246 RAX: 0000000000010046 RBX: 0000000000000046 RCX: 000000000000ffff RDX: ffffffff00000000 RSI: 000000000000003e RDI: 000000000000003e RBP: ffffc90000dabab8 R08: 0000000000000011 R09: ffff8881148eee00 R10: 0000000000000000 R11: ffff88810c4fe000 R12: ffff8881119faaf0 R13: 0000000000000000 R14: ffff88810c4fe000 R15: 0000000000000000 FS: 00007f341dc926c0(0000) GS:ffff888237d00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000070 CR3: 0000000112279000 CR4: 00000000003506a0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: udp6_ufo_fragment+0x23c/0x2b0 net/ipv6/udp_offload.c:108 ipv6_gso_segment+0x158/0x320 net/ipv6/ip6_offload.c:116 skb_mac_gso_segment+0x9a/0x110 net/core/gro.c:141 __skb_gso_segment+0xd8/0x130 net/core/dev.c:3359 skb_gso_segment include/linux/netdevice.h:4690 [inline] validate_xmit_skb+0xc4/0x390 net/core/dev.c:3618 __dev_queue_xmit+0x580/0xd40 net/core/dev.c:4199 dev_queue_xmit+0xb/0x10 net/core/dev.c:4241 packet_snd net/packet/af_packet.c:3071 [inline] packet_sendmsg+0x11e0/0x1620 net/packet/af_packet.c:3102 sock_sendmsg_nosec net/socket.c:705 [inline] sock_sendmsg net/socket.c:725 [inline] __sys_sendto+0x2ce/0x340 net/socket.c:2040 __do_sys_sendto net/socket.c:2052 [inline] __se_sys_sendto net/socket.c:2048 [inline] __x64_sys_sendto+0x21/0x30 net/socket.c:2048 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7f341ce7cba9 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f341dc920c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002c RAX: ffffffffffffffda RBX: 00007f341cf9bf80 RCX: 00007f341ce7cba9 RDX: 0000000000010048 RSI: 00000000200000c0 RDI: 0000000000000003 RBP: 00007f341cec847a R08: 0000000020000540 R09: 0000000000000014 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 000000000000000b R14: 00007f341cf9bf80 R15: 00007ffcb5129ba8 Modules linked in: CR2: 0000000000000070 ---[ end trace 0000000000000000 ]--- RIP: 0010:skb_segment+0xbd5/0xe40 net/core/skbuff.c:4087 Code: ff ff 48 85 c0 74 59 4c 89 5d 90 4c 89 55 98 41 f6 87 83 00 00 00 10 0f 85 0c f7 ff ff 41 80 a7 80 00 00 00 9f e9 ff f6 ff ff <41> 8b 5a 70 e9 94 f7 ff ff a8 01 75 10 48 c7 c1 80 40 b6 81 48 39 RSP: 0018:ffffc90000dab9b8 EFLAGS: 00010246 RAX: 0000000000010046 RBX: 0000000000000046 RCX: 000000000000ffff RDX: ffffffff00000000 RSI: 000000000000003e RDI: 000000000000003e RBP: ffffc90000dabab8 R08: 0000000000000011 R09: ffff8881148eee00 R10: 0000000000000000 R11: ffff88810c4fe000 R12: ffff8881119faaf0 R13: 0000000000000000 R14: ffff88810c4fe000 R15: 0000000000000000 FS: 00007f341dc926c0(0000) GS:ffff888237d00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000070 CR3: 0000000112279000 CR4: 00000000003506a0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 ---------------- Code disassembly (best guess), 1 bytes skipped: 0: ff 48 85 decl -0x7b(%rax) 3: c0 74 59 4c 89 shlb $0x89,0x4c(%rcx,%rbx,2) 8: 5d pop %rbp 9: 90 nop a: 4c 89 55 98 mov %r10,-0x68(%rbp) e: 41 f6 87 83 00 00 00 testb $0x10,0x83(%r15) 15: 10 16: 0f 85 0c f7 ff ff jne 0xfffff728 1c: 41 80 a7 80 00 00 00 andb $0x9f,0x80(%r15) 23: 9f 24: e9 ff f6 ff ff jmp 0xfffff728 * 29: 41 8b 5a 70 mov 0x70(%r10),%ebx <-- trapping instruction 2d: e9 94 f7 ff ff jmp 0xfffff7c6 32: a8 01 test $0x1,%al 34: 75 10 jne 0x46 36: 48 c7 c1 80 40 b6 81 mov $0xffffffff81b64080,%rcx 3d: 48 rex.W 3e: 39 .byte 0x39