From mboxrd@z Thu Jan 1 00:00:00 1970 From: ebiederm@xmission.com (Eric W. Biederman) Subject: Re: net/core: BUG in copy_net_ns() Date: Mon, 14 Jan 2019 12:29:38 -0600 Message-ID: <87h8eb854d.fsf@xmission.com> References: <87fttzaq8k.fsf@xmission.com> <81dab6a7-a28d-552f-d0d8-f83f9d261200@gmail.com> <87imyuah41.fsf@xmission.com> Mime-Version: 1.0 Content-Type: text/plain Cc: Dmitry Vyukov , Kirill Tkhai , "davem\@davemloft.net" , Andrey Vagin , "dsahern\@gmail.com" , "nicolas.dichtel\@6wind.com" , "tyhicks\@canonical.com" , "netdev\@vger.kernel.org" , "linux-kernel\@vger.kernel.org" , "syzkaller\@googlegroups.com" To: zzoru Return-path: In-Reply-To: (zzoru's message of "Mon, 14 Jan 2019 21:06:27 +0900") Sender: linux-kernel-owner@vger.kernel.org List-Id: netdev.vger.kernel.org zzoru writes: > I think that it is exactly same to: > https://groups.google.com/forum/#!searchin/linux.kernel/cleanup_net$20is$20slow%7Csort:date/linux.kernel/IMJ9OzonDSI/QH86oy1PAQAJ > Already, patch was maded, but maybe he forgot to push it. That patch was made to address speed, and lifetime of network stack objects. At best it will make things go faster (a good thing), and reduce the memory consumption during a test (another good thing). The patch you point to will not correct your memory corruption. So right now the best hypothesis seems to be Dmitriy's idea that there is stack overflow causing corruption. You have a lot of stack debugging already enabled but I don't see CONFIG_VMAP_STACK enabled which might catch something ordinary stack overflow checking won't. Any chance you can enable CONFIG_VMAP_STACK and see if it is stack overflow? With a little luck you will catch the stack overflow in the act and we can see the problematic code path. Eric From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-1.0 required=3.0 tests=HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id A9142C43444 for ; Mon, 14 Jan 2019 18:30:12 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 860F520651 for ; Mon, 14 Jan 2019 18:30:12 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726875AbfANSaH (ORCPT ); Mon, 14 Jan 2019 13:30:07 -0500 Received: from out03.mta.xmission.com ([166.70.13.233]:44911 "EHLO out03.mta.xmission.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726753AbfANSaG (ORCPT ); Mon, 14 Jan 2019 13:30:06 -0500 Received: from in02.mta.xmission.com ([166.70.13.52]) by out03.mta.xmission.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.87) (envelope-from ) id 1gj6zr-0007Lz-V4; Mon, 14 Jan 2019 11:30:04 -0700 Received: from ip68-227-174-240.om.om.cox.net ([68.227.174.240] helo=x220.xmission.com) by in02.mta.xmission.com with esmtpsa (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.87) (envelope-from ) id 1gj6zq-0006gT-SX; Mon, 14 Jan 2019 11:30:03 -0700 From: ebiederm@xmission.com (Eric W. Biederman) To: zzoru Cc: Dmitry Vyukov , Kirill Tkhai , "davem\@davemloft.net" , Andrey Vagin , "dsahern\@gmail.com" , "nicolas.dichtel\@6wind.com" , "tyhicks\@canonical.com" , "netdev\@vger.kernel.org" , "linux-kernel\@vger.kernel.org" , "syzkaller\@googlegroups.com" References: <87fttzaq8k.fsf@xmission.com> <81dab6a7-a28d-552f-d0d8-f83f9d261200@gmail.com> <87imyuah41.fsf@xmission.com> Date: Mon, 14 Jan 2019 12:29:38 -0600 In-Reply-To: (zzoru's message of "Mon, 14 Jan 2019 21:06:27 +0900") Message-ID: <87h8eb854d.fsf@xmission.com> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.1 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-XM-SPF: eid=1gj6zq-0006gT-SX;;;mid=<87h8eb854d.fsf@xmission.com>;;;hst=in02.mta.xmission.com;;;ip=68.227.174.240;;;frm=ebiederm@xmission.com;;;spf=neutral X-XM-AID: U2FsdGVkX1+aWmKwDw/g7YCjeieJcFsbSn7H4TudJ4Y= X-SA-Exim-Connect-IP: 68.227.174.240 X-SA-Exim-Mail-From: ebiederm@xmission.com Subject: Re: net/core: BUG in copy_net_ns() X-SA-Exim-Version: 4.2.1 (built Thu, 05 May 2016 13:38:54 -0600) X-SA-Exim-Scanned: Yes (on in02.mta.xmission.com) Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org Message-ID: <20190114182938.b1T0ctbE78uNVee3tOI2kIWd9MxdqDkZDxlnEXHsCtU@z> zzoru writes: > I think that it is exactly same to: > https://groups.google.com/forum/#!searchin/linux.kernel/cleanup_net$20is$20slow%7Csort:date/linux.kernel/IMJ9OzonDSI/QH86oy1PAQAJ > Already, patch was maded, but maybe he forgot to push it. That patch was made to address speed, and lifetime of network stack objects. At best it will make things go faster (a good thing), and reduce the memory consumption during a test (another good thing). The patch you point to will not correct your memory corruption. So right now the best hypothesis seems to be Dmitriy's idea that there is stack overflow causing corruption. You have a lot of stack debugging already enabled but I don't see CONFIG_VMAP_STACK enabled which might catch something ordinary stack overflow checking won't. Any chance you can enable CONFIG_VMAP_STACK and see if it is stack overflow? With a little luck you will catch the stack overflow in the act and we can see the problematic code path. Eric