Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Date:   Tue, 5 Nov 2019 09:05:54 +0100
From:   Thibaut Sautereau <thibaut.sautereau@clip-os.org>
To:     Eric Dumazet <eric.dumazet@gmail.com>
Cc:     netdev@vger.kernel.org, linux-mm@kvack.org,
        linux-kernel@vger.kernel.org,
        "David S. Miller" <davem@davemloft.net>,
        Laura Abbott <labbott@redhat.com>,
        Kees Cook <keescook@chromium.org>,
        Alexander Potapenko <glider@google.com>,
        Andrew Morton <akpm@linux-foundation.org>, clipos@ssi.gouv.fr
Subject: Re: Double free of struct sk_buff reported by
 SLAB_CONSISTENCY_CHECKS with init_on_free
Message-ID: <20191105080554.GA1006@gandi.net>
References: <20191104170303.GA50361@gandi.net>
 <719eebd3-259d-8beb-025a-f2d17c632711@gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
In-Reply-To: <719eebd3-259d-8beb-025a-f2d17c632711@gmail.com>
User-Agent: Mutt/1.12.2 (2019-09-21)
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk

On Mon, Nov 04, 2019 at 09:33:18AM -0800, Eric Dumazet wrote:
> 
> 
> On 11/4/19 9:03 AM, Thibaut Sautereau wrote:
> > 
> > We first encountered this issue under huge network traffic (system image
> > download), and I was able to reproduce by simply sending a big packet
> > with `ping -s 65507 <ip>`, which crashes the kernel every single time.
> > 
> 
> Since you have a repro, could you start a bisection ?

From my previous email:

	"Bisection points to the following commit: 1b7e816fc80e ("mm: slub:
	Fix slab walking for init_on_free"), and indeed the BUG is not
	triggered when init_on_free is disabled."

Or are you meaning something else?

-- 
Thibaut Sautereau
CLIP OS developer