On Tue, Dec 20, 2016 at 11:31:38AM -0800, Cong Wang wrote:
> On Tue, Dec 20, 2016 at 10:17 AM, Dave Jones <da...@codemonkey.org.uk> wrote:
> > On Mon, Dec 19, 2016 at 08:36:23PM -0500, David Miller wrote:
> > > From: Dave Jones <da...@codemonkey.org.uk>
> > > Date: Mon, 19 Dec 2016 19:40:13 -0500
> > >
> > > > On Mon, Dec 19, 2016 at 07:31:44PM -0500, Dave Jones wrote:
> > > >
> > > > > Unfortunately, this made no difference. I spent some time today
> > trying
> > > > > to make a better reproducer, but failed. I'll revisit again
> > tomorrow.
> > > > >
> > > > > Maybe I need >1 process/thread to trigger this. That would
> > explain why
> > > > > I can trigger it with Trinity.
> > > >
> > > > scratch that last part, I finally just repro'd it with a single
> > process.
> > >
> > > Thanks for the info, I'll try to think about this some more.
> >
> > I threw in some debug printks right before that BUG_ON.
> > it's always this:
> >
> > skb->len=31 skb->data_len=0 offset:30 total_len:9
>
> Clearly we fail because 30 > 31 - 2, seems 'offset' is not correct here,
> off-by-one?
Ok, I finally made a messy, albeit good enough reproducer.
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#define LEN 504
int main(int argc, char* argv[])
{
int fd;
int zero = 0;
char buf[LEN];
memset(buf, 0, LEN);
fd = socket(AF_INET6, SOCK_RAW, 7);
setsockopt(fd, SOL_IPV6, IPV6_CHECKSUM, &zero, 4);
setsockopt(fd, SOL_IPV6, IPV6_DSTOPTS, &buf, LEN);
sendto(fd, buf, 1, 0, (struct sockaddr *) buf, 110);
}
