On Tue, 27 Aug 2019 14:10:35 +0200 Daniel Borkmann <dan...@iogearbox.net> wrote:
> Given first point above wrt hitting rarely, it would be good to first get a > better understanding for writing a reproducer. Back then Yonghong added one > to the BPF kernel test suite [0], so it would be desirable to extend it for > the case you're hitting. Given NAT64 use-case is needed and used by multiple > parties, we should try to (fully) fix it generically. > Thanks Daniel. Managed to write a reproducer which mimics the skb we see on prodction, that hits the exact same BUG_ON. Submitted as a separate RFC PATCH to bpf-next. Tested on v5.0.y (and fwd ported to net-next for submission). Daniel, please use this reproducer. Do note that the test assigns: + skb_shinfo(skb[0])->gso_size = 1288; which is the *mangled* gso_size value, to mimic the works of bpf_skb_proto_4_to_6(). When setting 'gso_size = 1288 + 20' (the *original* gso_size of the GROed skb prior bpf_skb_proto_4_to_6), the test passes successfully and we don't hit the mentioned BUG_ON. Best, Shmulik
