From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.2 required=3.0 tests=HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,MENTIONS_GIT_HOSTING,SPF_HELO_NONE,SPF_PASS, USER_AGENT_SANE_1 autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9280AC7618F for ; Tue, 16 Jul 2019 23:21:00 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 5863E2064B for ; Tue, 16 Jul 2019 23:21:00 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2387762AbfGPXU7 (ORCPT ); Tue, 16 Jul 2019 19:20:59 -0400 Received: from charlotte.tuxdriver.com ([70.61.120.58]:43346 "EHLO smtp.tuxdriver.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728601AbfGPXU7 (ORCPT ); Tue, 16 Jul 2019 19:20:59 -0400 Received: from cpe-2606-a000-111b-405a-0-0-0-1ff7.dyn6.twc.com ([2606:a000:111b:405a::1ff7] helo=localhost) by smtp.tuxdriver.com with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.63) (envelope-from ) id 1hnWkc-0005IF-0o; Tue, 16 Jul 2019 19:20:56 -0400 Date: Tue, 16 Jul 2019 19:20:21 -0400 From: Neil Horman To: Marek Majkowski Cc: vyasevich@gmail.com, marcelo.leitner@gmail.com, linux-sctp@vger.kernel.org, netdev@vger.kernel.org, kernel-team Subject: Re: OOM triggered by SCTP Message-ID: <20190716232021.GA12469@localhost.localdomain> References: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.12.0 (2019-05-25) Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org On Tue, Jul 16, 2019 at 11:47:40PM +0200, Marek Majkowski wrote: > Morning, > > My poor man's fuzzer found something interesting in SCTP. It seems > like creating large number of SCTP sockets + some magic dance, upsets > a memory subsystem related to SCTP. The sequence: > > - create SCTP socket > - call setsockopts (SCTP_EVENTS) > - call bind(::1, port) > - call sendmsg(long buffer, MSG_CONFIRM, ::1, port) > - close SCTP socket > - repeat couple thousand times > > Full code: > https://gist.github.com/majek/bd083dae769804d39134ce01f4f802bb#file-test_sctp-c > > I'm running it on virtme the simplest way: > $ virtme-run --show-boot-console --rw --pwd --kimg bzImage --memory > 512M --script-sh ./test_sctp > > Originally I was running it inside net namespace, and just having a > localhost interface is sufficient to trigger the problem. > > Kernel is 5.2.1 (with KASAN and such, but that shouldn't be a factor). > In some tests I saw a message that might indicate something funny > hitting neighbor table: > > neighbour: ndisc_cache: neighbor table overflow! > > I'm not addr-decoding the stack trace, since it seems unrelated to the > root cause. > Why would you have to decode anything, the decoded stack trace should be available in your demsg log. Cant you just attach that here? Neil > Cheers, > Marek >