lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date: Mon, 15 Jan 2024 18:59:54 +0500
From: Марк Коренберг <socketpair@...il.com>
To: netdev@...r.kernel.org
Subject: Kernel BUG on network namespace deletion

Kernel 6.6.9-200.fc39.x86_64

The following bash script demonstrates the problem (run under root):

```
#!/bin/bash

set -e -u -x

# Some cleanups
ip netns delete myspace || :
ip link del qweqwe1 || :

# The bug happens only with physical interfaces, not with, say, dummy one
ip link property add dev enp0s20f0u2 altname myname
ip netns add myspace
ip link set enp0s20f0u2 netns myspace

# add dummy interface + set the same altname as in background namespace.
ip link add name qweqwe1 type dummy
ip link property add dev qweqwe1 altname myname

# Trigger the bug. The kernel will try to return ethernet interface
# back to root namespace, but it can not, because of conflicting
# altnames.
ip netns delete myspace

# now `ip link` will hang forever !!!!!
```

I think, the problem is obvious. Although I don't know how to fix.
Remove conflicting altnames for interfaces that returns from killed
namespaces ?

On kernel 6.3.8 (at least) was another bug, that allows duplicate
altnames, and it was fixed mainline somewhere. I have another script
to trigger the bug on these old kernels. I did not bisect.

````
[  494.473906] default_device_exit_net: failed to move enp0s20f0u2 to
init_net: -17
[  494.473926] ------------[ cut here ]------------
[  494.473927] kernel BUG at net/core/dev.c:11520!
[  494.473932] invalid opcode: 0000 [#1] PREEMPT SMP NOPTI
[  494.473935] CPU: 3 PID: 3852 Comm: kworker/u32:17 Not tainted
6.6.9-200.fc39.x86_64 #1
[  494.473938] Workqueue: netns cleanup_net
[  494.473944] RIP: 0010:default_device_exit_batch+0x295/0x2a0
```

-- 
Segmentation fault

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ