Bug 510788

Summary:	hardened-sources-3.14.3-r1 oopses in network
Product:	Gentoo Linux	Reporter:	satmd <satmd>
Component:	Hardened	Assignee:	The Gentoo Linux Hardened Kernel Team (OBSOLETE) <hardened-kernel+disabled>
Status:	RESOLVED NEEDINFO
Severity:	critical	CC:	pageexec, spender
Priority:	Normal
Version:	unspecified
Hardware:	All
OS:	Linux
Whiteboard:
Package list:		Runtime testing required:	---

Description satmd 2014-05-19 18:40:53 UTC

May 19 20:29:11 black-chii kernel: [80523.252968] ------------[ cut here ]------------
May 19 20:29:11 black-chii kernel: [80523.252975] WARNING: CPU: 0 PID: 14343 at net/core/dev.c:2238 skb_warn_bad_offload+0xc1/0xd2()
May 19 20:29:11 black-chii kernel: [80523.252977] : caps=(0x0000000000000000, 0x0000000000000000) len=1260 data_len=1232 gso_size=576 gso_type=2 ip_summed=3
May 19 20:29:11 black-chii kernel: [80523.252978] Modules linked in: esp6 xfrm6_mode_transport vhost_net vhost macvtap macvlan tun deflate ecb af_key bnep iptable_filter iptable_mangle ipt_MA
SQUERADE iptable_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 iptable_raw ip_tables xt_LOG xt_pkttype xt_hashlimit xt_owner xt_conntrack ip6table_filter xt_CHECKSUM ip6table_mangle ip6tab
le_raw ip6t_MASQUERADE ip6table_nat nf_conntrack_ipv6 nf_defrag_ipv6 nf_nat_ipv6 nf_nat ip6_tables ebtable_broute bridge stp llc ebtable_nat ebtable_filter ebtables nls_iso8859_15 nls_cp850 v
fat fat nct6775 hwmon_vid ipv6 uvcvideo snd_usb_audio snd_usbmidi_lib snd_rawmidi videobuf2_vmalloc videobuf2_memops videobuf2_core videodev hid_g19(O) hid_gfb(O) hid_ginput(O) syscopyarea sy
sfillrect sysimgblt btusb fb_sys_fops bluetooth snd_seq_device iTCO_wdt snd_hda_codec_realtek snd_hda_codec_generic snd_hda_codec_hdmi 6lowpan_iphc iTCO_vendor_support snd_hda_intel snd_hda_c
odec snd_hwdep snd_pcm snd_timer snd mei_me mei soundcore i2c_i801 lpc_ich e1000e mfd_core x86_pkg_temp_thermal coretemp battery usb_storage usbhid ehci_pci xhci_hcd ehci_hcd usbcore usb_comm
on [last unloaded: microcode]
May 19 20:29:11 black-chii kernel: [80523.253016] CPU: 0 PID: 14343 Comm: java Tainted: G           O 3.14.3-hardened-r3 #1
May 19 20:29:11 black-chii kernel: [80523.253017] Hardware name: ASUS All Series/SABERTOOTH Z87, BIOS 1901 03/31/2014
May 19 20:29:11 black-chii kernel: [80523.253018]  0000000000000000 0000000000000000 0000000000000009 ffffffff8166aeb0
May 19 20:29:11 black-chii kernel: [80523.253020]  ffff8807c989d8a0 ffffffff810ac91d ffffffff819b3db7 ffff8807c989d908
May 19 20:29:11 black-chii kernel: [80523.253021]  00000000000008be ffffffff819bb648 ffff8807fd1bb210 ffffffff810ac99b
May 19 20:29:11 black-chii kernel: [80523.253023] Call Trace:
May 19 20:29:11 black-chii kernel: [80523.253026]  [<ffffffff8166aeb0>] ? dump_stack+0x49/0x70
May 19 20:29:11 black-chii kernel: [80523.253029]  [<ffffffff810ac91d>] ? warn_slowpath_common+0x6d/0x90
May 19 20:29:11 black-chii kernel: [80523.253030]  [<ffffffff810ac99b>] ? warn_slowpath_fmt+0x5b/0x70
May 19 20:29:11 black-chii kernel: [80523.253032]  [<ffffffff8166ef46>] ? skb_warn_bad_offload+0xc1/0xd2
May 19 20:29:11 black-chii kernel: [80523.253036]  [<ffffffff815abb37>] ? skb_checksum_help+0x187/0x1e0
May 19 20:29:11 black-chii kernel: [80523.253039]  [<ffffffffa0466078>] ? checksum_tg+0x28/0x2a [xt_CHECKSUM]
May 19 20:29:11 black-chii kernel: [80523.253041]  [<ffffffffa049531d>] ? ipt_do_table+0x2ad/0x3e0 [ip_tables]
May 19 20:29:11 black-chii kernel: [80523.253043]  [<ffffffffa04c40cf>] ? iptable_mangle_hook+0xcf/0x130 [iptable_mangle]
May 19 20:29:11 black-chii kernel: [80523.253046]  [<ffffffff815ee3f0>] ? ip_forward_options+0x1f0/0x1f0
May 19 20:29:11 black-chii kernel: [80523.253048]  [<ffffffff815d7145>] ? nf_iterate+0xa5/0xb0
May 19 20:29:11 black-chii kernel: [80523.253050]  [<ffffffff815ee3f0>] ? ip_forward_options+0x1f0/0x1f0
May 19 20:29:11 black-chii kernel: [80523.253051]  [<ffffffff815d71c6>] ? nf_hook_slow+0x76/0x120
May 19 20:29:11 black-chii kernel: [80523.253053]  [<ffffffff815ee3f0>] ? ip_forward_options+0x1f0/0x1f0
May 19 20:29:11 black-chii kernel: [80523.253054]  [<ffffffff815f03ea>] ? __ip_local_out+0xaa/0xb0
May 19 20:29:11 black-chii kernel: [80523.253056]  [<ffffffff815f03fc>] ? ip_local_out+0xc/0x40
May 19 20:29:11 black-chii kernel: [80523.253057]  [<ffffffff815f1960>] ? ip_send_skb+0x10/0x50
May 19 20:29:11 black-chii kernel: [80523.253060]  [<ffffffff816180f4>] ? udp_send_skb+0x304/0x3c0
May 19 20:29:11 black-chii kernel: [80523.253061]  [<ffffffff815ee6d0>] ? ip_copy_metadata+0x130/0x130
May 19 20:29:11 black-chii kernel: [80523.253063]  [<ffffffff816184c6>] ? udp_sendmsg+0x2b6/0x8f0
May 19 20:29:11 black-chii kernel: [80523.253067]  [<ffffffff8158f4f8>] ? sock_sendmsg+0x98/0xd0
May 19 20:29:11 black-chii kernel: [80523.253069]  [<ffffffff811b3860>] ? __check_object_size.part.32+0x30/0x1a0
May 19 20:29:11 black-chii kernel: [80523.253071]  [<ffffffff8158fd9d>] ? move_addr_to_kernel.part.23+0x10d/0x190
May 19 20:29:11 black-chii kernel: [80523.253074]  [<ffffffff811cd086>] ? __fget_light+0x26/0x70
May 19 20:29:11 black-chii kernel: [80523.253076]  [<ffffffff8159015f>] ? SYSC_sendto+0xff/0x180
May 19 20:29:11 black-chii kernel: [80523.253079]  [<ffffffff816795d3>] ? system_call_fastpath+0x16/0x1b
May 19 20:29:11 black-chii kernel: [80523.253080] ---[ end trace 7376512ab3ffdce5 ]---


Reproducible: Always

Steps to Reproduce:
1. Boot the machine,
2. have traffic go through the machine
3. eventually randomly get this oops
Actual Results:  
Oopses in a 1-second-loop after a while, without apparent reason

Expected Results:  
No oopses

I had this oops only once yet, but as I have other crashes in ipv6 kernel code where I can't export the console output to another machine due to local limitations, I better start with this one.

Comment 1 Anthony Basile gentoo-dev

2014-05-19 19:29:43 UTC

can you try hardened-sources-3.14.4 which is based on the latest grsec/pax patches and see ifyou get the oops.

Comment 2 PaX Team 2014-05-19 22:17:34 UTC

it's not an oops but a WARN, not an oops and i'm wondering if you have the size overflow plugin enabled and if so, could you try without it?

Comment 3 satmd 2014-05-19 23:09:23 UTC

I've just compiled and booted 3.14.4. Meanwhile I studied my iptables rules and found a "iptables -t mangle -A POSTROUTING|OUTPUT -o virbr0 -j CHECKSUM --checksum-fill" (set by libvirtd) which seems obviously related.

Unfortunately I don't have a way to trigger the bug manually, but to keep waiting for it to reappear.

I've built the new kernel (as the old) with CONFIG_PAX_SIZE_OVERFLOW=y.

Comment 4 Anthony Basile gentoo-dev

2014-09-14 00:41:19 UTC

(In reply to satmd from comment #3)
> I've just compiled and booted 3.14.4. Meanwhile I studied my iptables rules
> and found a "iptables -t mangle -A POSTROUTING|OUTPUT -o virbr0 -j CHECKSUM
> --checksum-fill" (set by libvirtd) which seems obviously related.
> 
> Unfortunately I don't have a way to trigger the bug manually, but to keep
> waiting for it to reappear.
> 
> I've built the new kernel (as the old) with CONFIG_PAX_SIZE_OVERFLOW=y.

Is this still an issue?

Comment 5 Anthony Basile gentoo-dev

2014-11-29 13:28:05 UTC

(In reply to satmd from comment #3) 
> Unfortunately I don't have a way to trigger the bug manually, but to keep
> waiting for it to reappear.

Please reopen if you get more information about this bug.