lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <ecd370bb-dfd3-08e4-b526-fb93226b2dbb@gmail.com>
Date:   Fri, 22 Jul 2022 13:50:14 +0900
From:   Taehee Yoo <ap420073@...il.com>
To:     Hangbin Liu <liuhangbin@...il.com>
Cc:     Eric Dumazet <edumazet@...gle.com>,
        David Miller <davem@...emloft.net>,
        Jakub Kicinski <kuba@...nel.org>,
        Paolo Abeni <pabeni@...hat.com>,
        Hideaki YOSHIFUJI <yoshfuji@...ux-ipv6.org>,
        David Ahern <dsahern@...nel.org>,
        netdev <netdev@...r.kernel.org>
Subject: Re: [PATCH net] net: mld: do not use system_wq in the mld

Hi Hangbin,
Thank you so much for the test and review!

On 7/22/22 13:23, Hangbin Liu wrote:
 > On Fri, Jul 22, 2022 at 10:35:52AM +0800, Hangbin Liu wrote:
 >>> I found this bug while testing another syzbot report.
 >>> 
(https://syzkaller.appspot.com/bug?id=ed41eaa4367b421d37aab5dee25e3f4c91ceae93)
 >>> And I can't find the same case in the syzbot reports list.
 >>>
 >>> I just use some command lines and many kernel debug options such as
 >>> kmemleak, kasan, lockdep, and others.
 >>>
 >>
 >> Hi Taehee,
 >>
 >> I got a similar issue with yours after Eric's 2d3916f31891
 >> ("ipv6: fix skb drops in igmp6_event_query() and igmp6_event_report()").
 >> I use force_mld_version=1 and adding a lot of IPv6 address to 
generate the
 >> mld reports flood. Here is my reproducer:
 >
 > BTW, thanks for your fix. With your patch the issue is fixed. Please 
feel free
 > to add
 >
 > Tested-by: Hangbin Liu <liuhangbin@...il.com>
 >

I also tested with your reproducer.
I checked that it reproduces same issue.

[   69.862696][   T58] [TEST]mld_report_work 1629
[   87.129371][   T10] unregister_netdevice: waiting for veth0 to become 
free. Usage count = 2
[   87.132106][   T10] leaked reference.
[   87.133276][   T10]  ipv6_add_dev+0x324/0xec0
[   87.134724][   T10]  addrconf_notify+0x481/0xd10
[   87.136200][   T10]  raw_notifier_call_chain+0xe3/0x120
[   87.137829][   T10]  call_netdevice_notifiers+0x106/0x160
[   87.139454][   T10]  register_netdevice+0x114c/0x16b0
[   87.140380][   T10]  veth_newlink+0x48b/0xa50 [veth]
[   87.141268][   T10]  rtnl_newlink+0x11a2/0x1a40
[   87.142073][   T10]  rtnetlink_rcv_msg+0x63f/0xc00
[   87.142956][   T10]  netlink_rcv_skb+0x1df/0x3e0
[   87.143861][   T10]  netlink_unicast+0x5de/0x850
[   87.144725][   T10]  netlink_sendmsg+0x6c9/0xa90
[   87.145595][   T10]  ____sys_sendmsg+0x76a/0x780
[   87.146483][   T10]  __sys_sendmsg+0x27c/0x340
[   87.147340][   T10]  do_syscall_64+0x43/0x90
[   87.148158][   T10]  entry_SYSCALL_64_after_hwframe+0x63/0xcd

printk message and calltrace are same.
So, I'm sure that this is the same issue.
Also, I tested with my patch and your script for 1 hour, and the 
reference count leak disappeared.

If you are okay, I would like to attach your reproducer script to the 
commit message.

 > Cheers
 > Hangbin

Thank you so much
Taehee Yoo

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ