WARNING in skb_warn_bad_offload
From: Dison River
Date: Mon Sep 11 2017 - 00:20:57 EST
Hi,
I found a warning while fuzzing with Syzkaller on linux 4.13-rc6 on
x86_64. The full stack trace is below:
------------[ cut here ]------------
WARNING: CPU: 3 PID: 32413 at net/core/dev.c:2592
skb_warn_bad_offload+0x2a9/0x380 net/core/dev.c:2587
Kernel panic - not syncing: panic_on_warn set ...
CPU: 3 PID: 32413 Comm: syz-executor3 Not tainted 4.13.0-rc6+ #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:16 [inline]
dump_stack+0x95/0xeb lib/dump_stack.c:52
panic+0x1ae/0x387 kernel/panic.c:180
__warn+0x1c4/0x1d9 kernel/panic.c:541
report_bug+0x213/0x2d0 lib/bug.c:183
fixup_bug+0x3f/0x90 arch/x86/kernel/traps.c:190
do_trap_no_signal arch/x86/kernel/traps.c:224 [inline]
do_trap+0x13a/0x3e0 arch/x86/kernel/traps.c:273
do_error_trap+0x11e/0x1f0 arch/x86/kernel/traps.c:310
do_invalid_op+0x1b/0x20 arch/x86/kernel/traps.c:323
invalid_op+0x18/0x20 arch/x86/entry/entry_64.S:846
RIP: 0010:skb_warn_bad_offload+0x2a9/0x380 net/core/dev.c:2587
RSP: 0018:ffff88006996f460 EFLAGS: 00010286
RAX: 000000000000006d RBX: ffff88006b1813e8 RCX: 0000000000000000
RDX: 000000000000006d RSI: ffffffff8122d81e RDI: ffffed000d32de80
RBP: ffff88006996f4b8 R08: ffffffff83ad0fd8 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: ffff88003d5bc5a0
R13: 0000000000000000 R14: ffff88003d5bc5a0 R15: 0000000000000bd0
SELinux: unrecognized netlink message: protocol=9 nlmsg_type=5
sclass=netlink_audit_socket pig=32438 comm=syz-executor0
__skb_gso_segment+0x5a3/0x6d0 net/core/dev.c:2799
skb_gso_segment include/linux/netdevice.h:3957 [inline]
validate_xmit_skb+0x42d/0xa20 net/core/dev.c:3049
SELinux: unrecognized netlink message: protocol=9 nlmsg_type=5
sclass=netlink_audit_socket pig=32441 comm=syz-executor0
__dev_queue_xmit+0xc9f/0x18b0 net/core/dev.c:3472
dev_queue_xmit+0x17/0x20 net/core/dev.c:3513
neigh_hh_output include/net/neighbour.h:471 [inline]
neigh_output include/net/neighbour.h:479 [inline]
ip6_finish_output2+0x119b/0x1dd0 net/ipv6/ip6_output.c:120
ip6_finish_output+0x3a0/0x770 net/ipv6/ip6_output.c:146
NF_HOOK_COND include/linux/netfilter.h:237 [inline]
ip6_output+0x211/0x6e0 net/ipv6/ip6_output.c:163
dst_output include/net/dst.h:471 [inline]
ip6_local_out+0x95/0x160 net/ipv6/output_core.c:178
ip6_send_skb+0xa1/0x330 net/ipv6/ip6_output.c:1735
udp_v6_send_skb+0x30a/0xe90 net/ipv6/udp.c:1059
udpv6_sendmsg+0x1b4f/0x2540 net/ipv6/udp.c:1331
inet_sendmsg+0x123/0x500 net/ipv4/af_inet.c:762
sock_sendmsg_nosec net/socket.c:633 [inline]
sock_sendmsg+0xca/0x110 net/socket.c:643
SYSC_sendto+0x20d/0x340 net/socket.c:1736
SyS_sendto+0x40/0x50 net/socket.c:1704
entry_SYSCALL_64_fastpath+0x18/0xad
RIP: 0033:0x452309
RSP: 002b:00007fe2d89a0c08 EFLAGS: 00000216 ORIG_RAX: 000000000000002c
RAX: ffffffffffffffda RBX: 0000000000718150 RCX: 0000000000452309
RDX: 0000000000000bd7 RSI: 00000000205d2000 RDI: 0000000000000015
RBP: 0000000000000046 R08: 0000000020226fe4 R09: 000000000000001c
R10: 0000000000000000 R11: 0000000000000216 R12: 00000000004bf2e0
R13: 00000000ffffffff R14: ffffffffffffffff R15: 00000000c08c5335
Dumping ftrace buffer:
(ftrace buffer empty)
Kernel Offset: disabled
Rebooting in 86400 seconds..
Attachment:
repro.prog
Description: Binary data
Attachment:
.config
Description: Binary data