Received: by 2002:a25:8b91:0:0:0:0:0 with SMTP id j17csp1061597ybl; Tue, 3 Dec 2019 00:43:16 -0800 (PST) X-Google-Smtp-Source: APXvYqy2wVX38C7y6kf4VnM4AOKeSCfNbh4DxNNKWqGY88X00Q/DbUCCfK+OQ3ebv+9Pyx0xD8BY X-Received: by 2002:a9d:4789:: with SMTP id b9mr2476246otf.110.1575362596050; Tue, 03 Dec 2019 00:43:16 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1575362596; cv=none; d=google.com; s=arc-20160816; b=ad41DtPEWZ+U2jj8NkN0MJHq+QohSKoBLtHO73xGhIpp5RGvguOZTgwIbP53hq4Ikk AFERmRXbrwH+Ks2AxPw7I6TATMox07RXIL4oieMdFSjFBLyJJ9oGyaSnJ3OI5J9QNxzq 8YxG0PG18cvzerRNdb4XwM2xaCJeDCsqvVJ2Di/Ur/n/ohODJaUn2jPxvl+oRejSWMy6 2mtbH+yvRtmtNV3dul64XsaLA8Sqzck3t6d/nW31/wD+6ltc42jooQfKUXsQo8ESP5TH cRGezvgQi77VWqHkwMIQy7hL/CTBX43noc1+sH2OSBnpyCfbHFrS6s7dShyY4avYr8zd 8Nkg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=YRtvDaubhKMLsinpUhhIgN2f+Mjhkw2KgaEk+i6x64s=; b=VKfpvsBD2zONYDvyO2DtzWM+M91U0j2rvBkBPCBjvhnUbX1DPYm97c+sKxIT+mWze0 /XnTshG7TlKZkpbiDJMtLy+K8+Sp4fzJj7KQ/2b1axD7BS0JIizhgwZkew9fCpjBb9I5 HKT2/L9JY3+IVIovVYbX8DsQqxM7Sp02+Ei8lSeR+rCQ2BgNHTmBHkBoXmkdWe3/LZes BP6F0Rl3U3J41P+766+w6GJ1hrARvDCX4XJlh8f4GPfnaiGXlJYWlJmwoPbP0nyR27OA lJ8Byihgj6gnu69lgUynQ2f45jPH3hrmS7rgV8Hs813ixGBidPS3chzs2GN9splZPYvn oD1w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=oXWTvzBE; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id u1si878641otk.80.2019.12.03.00.43.03; Tue, 03 Dec 2019 00:43:16 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=oXWTvzBE; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726186AbfLCIm1 (ORCPT + 99 others); Tue, 3 Dec 2019 03:42:27 -0500 Received: from mail-qt1-f195.google.com ([209.85.160.195]:46849 "EHLO mail-qt1-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725773AbfLCIm1 (ORCPT ); Tue, 3 Dec 2019 03:42:27 -0500 Received: by mail-qt1-f195.google.com with SMTP id 38so2912864qtb.13 for ; Tue, 03 Dec 2019 00:42:26 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=YRtvDaubhKMLsinpUhhIgN2f+Mjhkw2KgaEk+i6x64s=; b=oXWTvzBEcP/kRj50+pmeAL2NaG9Yw3hzt7a2ADoE2FFJRrMTHHEDVBcDpCp24ksoEj I5YMWQPSXgVcNEdB4GmzvezYKY3oaCa3x/3tIHF7415fm09OTTNZEed1Irfv/ljezjKq OJG93KZHcd5gHsECgwFKRkhoaa0n+NsKXp0+pg+fuAjdwLFHrc4+hs6J54v8Aar8hwMd Y/acpeTUrAFp4WH8ZEL0bXXid8O8qXTMgk/ooQv8mgoUkXLkcdoMA/6aS8NUwnzfkPLP 144ODpwlJ6Hz2lTtWUIKignt0+pojEbao7L/SKti11A3x5fu1lxixfSGfaxJWyT4hjFJ hD4Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=YRtvDaubhKMLsinpUhhIgN2f+Mjhkw2KgaEk+i6x64s=; b=Sig/osa/mN6P6AxHdZoGQYCvgIQVy9mXIzOhc/bi4a17YpmOK2k4jpybz8AaFPBYqT tS+fQRmuUzBiDMEzy6ZqfI007shPFWuJkUcVN2TD5SIrh9Mun8FIngeFbzmV0M/s5r8q cbltjFDgrSVAIzWftJLNTmBGcoRNLKo/nwg8lncymIMipInPMuSuZNUccd8rs8EQY5Pu 5yoLBTVL2txXHP+Gr2AhCdTsfLScJEjlUqIuO43wKPVps0q0MrmJRGianmiFVNxMa2k3 +DWRcVBMQD5Aa1SgcXEUaNvSoC2Jxyqizvnkz6KhmS7ky4WZ0DOr2yJOQjDWBv6mzlub 66tw== X-Gm-Message-State: APjAAAW1HRnkd8GpwWtoLVn/Gpn6Hnmql+f+L2/8+VwOMgynTR52CGGW phXS8q01b1/7qTyLUeueu4KafWLLTSJTm+ZurbmUQw== X-Received: by 2002:ac8:ccf:: with SMTP id o15mr3961228qti.380.1575362545833; Tue, 03 Dec 2019 00:42:25 -0800 (PST) MIME-Version: 1.0 References: <001a114372a6074e6505642b7f72@google.com> <000000000000039751059891760e@google.com> <20191202183912.GC377783@localhost.localdomain> In-Reply-To: <20191202183912.GC377783@localhost.localdomain> From: Dmitry Vyukov Date: Tue, 3 Dec 2019 09:42:14 +0100 Message-ID: Subject: Re: kernel BUG at net/core/skbuff.c:LINE! (3) To: Marcelo Ricardo Leitner Cc: syzbot , David Miller , Alexey Kuznetsov , LKML , linux-sctp@vger.kernel.org, Xin Long , mvohra@vmware.com, netdev , Neil Horman , syzkaller-bugs , William Tu , Vladislav Yasevich , websitedesignservices4u@gmail.com, Hideaki YOSHIFUJI Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Dec 2, 2019 at 7:39 PM Marcelo Ricardo Leitner wrote: > > On Sat, Nov 30, 2019 at 04:37:56PM +0100, Dmitry Vyukov wrote: > > On Sat, Nov 30, 2019 at 3:50 PM syzbot > > wrote: > > > > > > syzbot has bisected this bug to: > > > > > > commit 84e54fe0a5eaed696dee4019c396f8396f5a908b > > > Author: William Tu > > > Date: Tue Aug 22 16:40:28 2017 +0000 > > > > > > gre: introduce native tunnel support for ERSPAN > > > > > > bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=158a2f86e00000 > > > start commit: f9f1e414 Merge tag 'for-linus-4.16-rc1-tag' of git://git.k.. > > > git tree: upstream > > > final crash: https://syzkaller.appspot.com/x/report.txt?x=178a2f86e00000 > > > console output: https://syzkaller.appspot.com/x/log.txt?x=138a2f86e00000 > > > kernel config: https://syzkaller.appspot.com/x/.config?x=34a80ee1ac29767b > > > dashboard link: https://syzkaller.appspot.com/bug?extid=b2bf2652983d23734c5c > > > syz repro: https://syzkaller.appspot.com/x/repro.syz?x=147bfebd800000 > > > C reproducer: https://syzkaller.appspot.com/x/repro.c?x=13d8d543800000 > > > > > > Reported-by: syzbot+b2bf2652983d23734c5c@syzkaller.appspotmail.com > > > Fixes: 84e54fe0a5ea ("gre: introduce native tunnel support for ERSPAN") > > > > > > For information about bisection process see: https://goo.gl/tpsmEJ#bisection > > > > Humm... the repro contains syz_emit_ethernet, wonder if it's > > remote-triggerable... > > The call trace is still from the tx path. Packet never left the system > in this case. My understanding is that this does not necessarily mean that the remote side is not involved. There is enough state on the host for L4 protocols, so that the remote side can mess things and then the bad thing will happen with local trigger. But that local trigger can be just anything trivial that everybody does.