misleading kernel warning skb_warn_bad_offload during checksum calculation
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
linux (Ubuntu) |
Fix Released
|
Medium
|
Joseph Salisbury | ||
Xenial |
Fix Released
|
Medium
|
Joseph Salisbury | ||
Zesty |
Fix Released
|
Medium
|
Joseph Salisbury |
Bug Description
Even when the packet says checksum calculation is unnecessary the kernel will still check the checksum and display a warning that the checksum is bad.
This has been fixed upstream in Kernel 4.11 by commit id: b2504a5dbef3305
We have reports of Ubuntu 16.04 virtual machines (with ip forward enabled) displaying these warnings:
[10480.074664] ------------[ cut here ]------------
[10480.074667] WARNING: CPU: 1 PID: 0 at /build/
[10480.074669] docker0: caps=(0x0000040
[10480.074670] Modules linked in: veth nfsv3 nfs_acl rpcsec_gss_krb5 auth_rpcgss nfsv4 nfs lockd grace sunrpc fscache ipt_MASQUERADE nf_nat_
[10480.074695] CPU: 1 PID: 0 Comm: swapper/1 Tainted: P W O 4.8.0-52-generic #55~16.04.1-Ubuntu
[10480.074696] Hardware name: Nutanix AHV, BIOS seabios-
[10480.074697] 0000000000000286 ec176c2ae03bc036 ffff8beef5643870 ffffffffb7a2e7b3
[10480.074699] ffff8beef56438c0 0000000000000000 ffff8beef56438b0 ffffffffb768314b
[10480.074702] 0000098cb84fba80 ffff8bed61f82000 ffff8bee9915c000 0000000000000005
[10480.074704] Call Trace:
[10480.074704] <IRQ> [<ffffffffb7a2e
[10480.074708] [<ffffffffb7683
[10480.074710] [<ffffffffb7683
[10480.074713] [<ffffffffb7a35
[10480.074714] [<ffffffffb7d7c
[10480.074716] [<ffffffffb7d80
[10480.074717] [<ffffffffb7d81
[10480.074719] [<ffffffffb7d81
[10480.074720] [<ffffffffc03cd
[10480.074723] [<ffffffffb7d81
[10480.074725] [<ffffffffb7dc5
[10480.074726] [<ffffffffc0402
[10480.074728] [<ffffffffb7dc6
[10480.074729] [<ffffffffb7db9
[10480.074731] [<ffffffffb7dc6
[10480.074733] [<ffffffffb7dc5
[10480.074736] [<ffffffffb7dc2
[10480.074738] [<ffffffffb7dc2
[10480.074739] [<ffffffffb7dc2
[10480.074741] [<ffffffffb7dc0
[10480.074743] [<ffffffffb7dc1
[10480.074744] [<ffffffffb7dc0
[10480.074746] [<ffffffffb7d7e
[10480.074747] [<ffffffffb780a
[10480.074749] [<ffffffffb7d6f
[10480.074751] [<ffffffffb7d7f
[10480.074753] [<ffffffffb7d7f
[10480.074754] [<ffffffffb7d80
[10480.074756] [<ffffffffc0286
[10480.074758] [<ffffffffb76b5
[10480.074760] [<ffffffffc0287
[10480.074762] [<ffffffffb7d7f
[10480.074764] [<ffffffffb7e9d
[10480.074765] [<ffffffffb7688
[10480.074766] [<ffffffffb7e9d
[10480.074768] [<ffffffffb7e9b
[10480.074768] <EOI> [<ffffffffb7664
[10480.074772] [<ffffffffb7637
[10480.074774] [<ffffffffb7638
[10480.074775] [<ffffffffb76c7
[10480.074776] [<ffffffffb76c7
[10480.074778] [<ffffffffb7651
[10480.074781] ---[ end trace 3a9bd18de5564b05 ]---
We have recompiled your latest 16.04.2 kernel with this patch and confirmed that this warning does not happen. Could you please consider including this fix in your next 16.04 LTS release?
CVE References
Changed in linux (Ubuntu): | |
importance: | Undecided → Medium |
Changed in linux (Ubuntu Xenial): | |
status: | New → Triaged |
Changed in linux (Ubuntu Zesty): | |
status: | New → Triaged |
Changed in linux (Ubuntu): | |
status: | Incomplete → Triaged |
Changed in linux (Ubuntu Xenial): | |
importance: | Undecided → Medium |
Changed in linux (Ubuntu Zesty): | |
importance: | Undecided → Medium |
tags: | added: kernel-da-key xenial zesty |
Changed in linux (Ubuntu Zesty): | |
status: | In Progress → Fix Committed |
Changed in linux (Ubuntu Xenial): | |
status: | In Progress → Fix Committed |
Changed in linux (Ubuntu): | |
status: | In Progress → Fix Released |
We noticed the same kernel warning with the latest LTS kernel:
[ 159.617976] ------------[ cut here ]------------ linux-Hlembm/ linux-4. 4.0/net/ core/dev. c:2444 skb_warn_ bad_offload+ 0xd1/0x120( ) 01fdb78e9, 0x0000000000000000) len=2103 data_len=1975 gso_size=1448 gso_type=5 ip_summed=1 masquerade_ ipv4 xfrm_user xfrm_algo iptable_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 xt_addrtype iptable_filter ip_tables xt_conntrack x_tables nf_nat nf_conntrack br_netfilter bridge stp llc overlay ppdev joydev input_leds serio_raw parport_pc parport i2c_piix4 8250_fintek mac_hid ib_iser rdma_cm iw_cm ib_cm ib_sa ib_mad ib_core ib_addr iscsi_tcp libiscsi_tcp libiscsi scsi_transport_ iscsi autofs4 btrfs raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq libcrc32c raid1 raid0 multipath linear hid_generic usbhid hid crct10dif_pclmul crc32_pclmul ghash_clmulni_intel 1.7.5-11. el6 04/01/2014 493>] dump_stack+ 0x63/0x90 302>] warn_slowpath_ common+ 0x82/0xc0 39c>] warn_slowpath_ fmt+0x5c/ 0x80 562>] ? ___ratelimit+ 0xa2/0xe0 c31>] skb_warn_ bad_offload+ 0xd1/0x120 2ce>] __skb_gso_ segment+ 0x7e/0xd0 67d>] validate_ xmit_skb. isra.97. part.98+ 0x10d/0x2b0 2b2>] __dev_queue_ xmit+0x582/ 0x590 2d0>] dev_queue_ xmit+0x10/ 0x20 568>] neigh_resolve_ output+ 0x118/0x1c0 b56>] ip_finish_ output2+ 0x146/0x380 23d>] ? ipv4_confirm+ 0x7d/0x100 [nf_conntrack_ipv4] af6>] ip_finish_ output+ 0x136/0x1f0 1b3>] ? nf_hook_ slow+0x73/ 0xd0 4fe>] ip_output+0x6e/0xe0 9c0>] ? __ip_flush_ pending_ frames. isra.39+ 0x90/0x90 143>] ip_forward_ finish+ 0x43/0x70 509>] ip_forward+ 0x399/0x480 100>] ? ip_frag_ mem+0x50/ 0x50 192>] ip_rcv_ finish+ 0x92/0x320 ac1>] ip_rcv+0x291/0x3a0 100>] ? inet_del_ offload+ 0x40/0x40 7a4>] __net...
[ 159.617987] WARNING: CPU: 3 PID: 5436 at /build/
[ 159.617990] docker_gwbridge: caps=(0x0000008
[ 159.617991] Modules linked in: ip_vs_rr xt_ipvs ip_vs xt_nat xt_tcpudp veth tcp_diag udp_diag inet_diag binfmt_misc vxlan ip6_udp_tunnel udp_tunnel iptable_mangle xt_mark ipt_MASQUERADE nf_nat_
[ 159.618043] aesni_intel aes_x86_64 lrw gf128mul glue_helper ablk_helper cryptd psmouse virtio_scsi pata_acpi floppy
[ 159.618053] CPU: 3 PID: 5436 Comm: java Tainted: G W 4.4.0-75-generic #96-Ubuntu
[ 159.618054] Hardware name: Nutanix AHV, BIOS seabios-
[ 159.618056] 0000000000000286 0000000021eefd21 ffff88042d6c3870 ffffffff813f8493
[ 159.618058] ffff88042d6c38b8 ffffffff81d6e7b0 ffff88042d6c38a8 ffffffff81081302
[ 159.618061] ffff880395dbf500 ffff88042a1f0000 0000000000000005 ffff880395dbf500
[ 159.618063] Call Trace:
[ 159.618065] <IRQ> [<ffffffff813f8
[ 159.618075] [<ffffffff81081
[ 159.618077] [<ffffffff81081
[ 159.618081] [<ffffffff813fe
[ 159.618082] [<ffffffff8172e
[ 159.618085] [<ffffffff81732
[ 159.618087] [<ffffffff81732
[ 159.618089] [<ffffffff81733
[ 159.618091] [<ffffffff81733
[ 159.618094] [<ffffffff8173c
[ 159.618099] [<ffffffff81772
[ 159.618104] [<ffffffffc03e0
[ 159.618106] [<ffffffff81773
[ 159.618109] [<ffffffff81767
[ 159.618111] [<ffffffff81774
[ 159.618114] [<ffffffff81773
[ 159.618116] [<ffffffff81770
[ 159.618117] [<ffffffff81770
[ 159.618119] [<ffffffff81770
[ 159.618121] [<ffffffff8176e
[ 159.618123] [<ffffffff8176e
[ 159.618125] [<ffffffff8176e
[ 159.618126] [<ffffffff81730