Received: by 2002:a25:31c3:0:0:0:0:0 with SMTP id x186csp4214303ybx; Mon, 4 Nov 2019 09:34:33 -0800 (PST) X-Google-Smtp-Source: APXvYqzXZzahAb5AV1sMbYIqEl2GBhDjjqUlUcV6jCenYySwd+NKhPxrHgDBMXf9sq9M7hwQNCR2 X-Received: by 2002:a50:b3b6:: with SMTP id s51mr30839477edd.88.1572888873106; Mon, 04 Nov 2019 09:34:33 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1572888873; cv=none; d=google.com; s=arc-20160816; b=Dd6+rWAB2HOu7qCizLIVLlo8treLr8e/GsjqUfjzljU8+9MAsfLXOu5vFEWg/TPwIJ 8su1TCSAEMe4r1BAzEMy3fgc6d660Y8AERv5yof4s758PNK3zIUB7hiLBKdjp0MaVjks vxMpkpM3XGloiRD2N+Rz6zmZGp0EoGIetm5etvrPFFpFObWgkNSx4dHaNvXx5whLIfrU yV8Dv35kf/hPUbRHyNc9P06AFALpx923eoVSseX3mEMYAo8gET5HWBSTsPiisTc6e1Bo FWgy9FKaCD8AuzISwquk1FPbvmFSilyRd2lTLuDaTHx6z2kpI0csNTA7DzrT6sEaEx+0 4tBg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:from:references:cc:to:subject:dkim-signature; bh=BgXOsOEc+5cLDboF1XbHuAORCGwi89q1+rP30rGzYf8=; b=AQJzbkC8XCfu0jTWhTt7/LnBXZsgFVNRoAd8xjShE8LAfpAHv7wTRPc/zfikoV5rba VHSdC8bQlM0zRjBv9jV5GR6i5qADs1KB8ShERjJ/v7bkXMNFFCmxtNblW2cILnDz0sGG XvUBViUQHQ9Z52aiTaJKLwQZVLApp3Hgj8j3P1nTRO3k+GVBBPrKlEKff7zttp3feJ07 E/iEmSBYoLYHKLN0E79/cAFrjopfknLP7nMkwC9/5LR8rXs6z1IkKg07yCrHECz0j6JG kHjptCgIQzt6VnwGpzTnzGLN7EUwY+9iwS+GUhg5Z8Gb69Rlq4iqbBgTnrxc5WAgTeUT stOA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=dY+Qnrpm; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id o24si8293096edc.342.2019.11.04.09.34.09; Mon, 04 Nov 2019 09:34:33 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=dY+Qnrpm; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728940AbfKDRdV (ORCPT + 99 others); Mon, 4 Nov 2019 12:33:21 -0500 Received: from mail-pf1-f196.google.com ([209.85.210.196]:45826 "EHLO mail-pf1-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727989AbfKDRdV (ORCPT ); Mon, 4 Nov 2019 12:33:21 -0500 Received: by mail-pf1-f196.google.com with SMTP id z4so6685030pfn.12; Mon, 04 Nov 2019 09:33:20 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:cc:references:from:message-id:date:user-agent :mime-version:in-reply-to:content-language:content-transfer-encoding; bh=BgXOsOEc+5cLDboF1XbHuAORCGwi89q1+rP30rGzYf8=; b=dY+QnrpmpYLIF9koIMAIn4yTToGuer/BFwzpa8/QwDMfmVRocfHymQtw2le14cEtyo 12Zo6wmP3z9d6hr0HnJ4bOk1p5NT0D2n7tHz4mO3iql8DcZBYeYNaMG3BgitZhjr3jex YzITZqavRprNmBgm1qyvlvZqQmbomDWlIORE1v58zBf6mSC0MX4KS6/0vdEk2GVtOmOF JusllMgpcSx1oBF9F7PfwHWtdhGdX8W9yWs7EP+O75ZqzGO1661zCdTGx++Xtun2Ofiq 8sOjaeo85yCEdezE2w8gktg+e/j7ToWmlT840gvKliFTorf3c1d98e2jqbSucuIp8sgT ayrg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=BgXOsOEc+5cLDboF1XbHuAORCGwi89q1+rP30rGzYf8=; b=L5Nxv2mikybhDxLcolKbL8Db4IVKACOKAQ11IIJSFhmzYpnr2ApFC2lMW/n8yRWM36 NY1Z+2PLpYDyIYGvoZRy/Exl2Z40H2MrBDjfAzTcgH9yJbzHPn7ruVj35JMsZfcj25Y4 MrcgjKJukbnmrrhhQiEcpwz/2JlaWWG0y7t7Zu4em9X7Iw+MxEAJaq0JC0wMICELUbBw rGMaieKDe5jiZAXq+3nBtL6NrJ03Ra/RS7xzgMqCJb4EHlM1IIrlaJhzN33aXJSRrpa6 FQpX6B9lY7sesrpbq7x4fdbMAPCeq2ae7dcgzOM3DI0I05w7H7xGZjS8YhldmdcKngo2 o13g== X-Gm-Message-State: APjAAAVkohv6Wnz6JQrynG9u/LU+hViwkEjQ05cjWv7aoC8WbL9Hx/dn 8ntoefSm1oRIGSNStOXZzCw= X-Received: by 2002:a63:595:: with SMTP id 143mr31542800pgf.45.1572888800525; Mon, 04 Nov 2019 09:33:20 -0800 (PST) Received: from ?IPv6:2620:15c:2c1:200:55c7:81e6:c7d8:94b? ([2620:15c:2c1:200:55c7:81e6:c7d8:94b]) by smtp.gmail.com with ESMTPSA id 71sm7584170pfx.107.2019.11.04.09.33.19 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 04 Nov 2019 09:33:19 -0800 (PST) Subject: Re: Double free of struct sk_buff reported by SLAB_CONSISTENCY_CHECKS with init_on_free To: Thibaut Sautereau , netdev@vger.kernel.org, linux-mm@kvack.org, linux-kernel@vger.kernel.org Cc: "David S. Miller" , Laura Abbott , Kees Cook , Alexander Potapenko , Andrew Morton , clipos@ssi.gouv.fr References: <20191104170303.GA50361@gandi.net> From: Eric Dumazet Message-ID: <719eebd3-259d-8beb-025a-f2d17c632711@gmail.com> Date: Mon, 4 Nov 2019 09:33:18 -0800 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.9.0 MIME-Version: 1.0 In-Reply-To: <20191104170303.GA50361@gandi.net> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 11/4/19 9:03 AM, Thibaut Sautereau wrote: > > We first encountered this issue under huge network traffic (system image > download), and I was able to reproduce by simply sending a big packet > with `ping -s 65507 `, which crashes the kernel every single time. > Since you have a repro, could you start a bisection ? Thanks !