Bug 210195
Summary: | Security scanner crashes kernel post 4.19.13 ade446403bfb | ||
---|---|---|---|
Product: | Networking | Reporter: | Stefan King (stefan.king) |
Component: | IPV4 | Assignee: | Stephen Hemminger (stephen) |
Status: | RESOLVED PATCH_ALREADY_AVAILABLE | ||
Severity: | high | CC: | fw, kubakici |
Priority: | P1 | ||
Hardware: | All | ||
OS: | Linux | ||
Kernel Version: | 4.19.13 post ade446403bfb, also 4.19.15, 4.20, 5.3.11 | Subsystem: | |
Regression: | Yes | Bisected commit-id: | |
Attachments: | pcap file needed to reproduce |
Description
Stefan King
2020-11-13 23:01:48 UTC
Thank you for the detailed bisection, since this looks like a random corruption did you try to reproduce it with KASAN enabled? (In reply to Jakub Kicinski from comment #1) > Thank you for the detailed bisection, since this looks like a random > corruption did you try to reproduce it with KASAN enabled? Seconded, thanks for the analysis. I fear we're looking at two distinct bugs here. The backport of ade446403bfb79d3528d56071a84b15351a139ad into the 4.19.y series was broken. Testing your pcap+tcpreplay vs v4.19.15 gives instant crash. However, this was fixed in the v4.19-specific change 8c763a3cf5027f1314d27852dd42656e0491e550, (Fix "net: ipv4: do not handle duplicate fragments as overlapping") -- warning, commit is only in linux-stable.git, not in mainline. v4.19.y after this commit no longer crashes for me. v4.19.154 and 5.3.11 and net.git all survive a --loop 1000 with no problems. I also enabled KASAN and i did not see any splats reported. Also tried with netfilter conntrack enabled, no changes. So unless someone else can repro crashes on mainline or 4.19.y after 8c763a3cf5027f1314d27852dd42656e0491e550 I fear we will need more information. As Jakub hints, running test against KASAN enabled kernel would probably help figuring out where the problem is. Repeating tests has resolved the disparity with Florian's results for 4.19.154 and 5.3.11, which had not in fact crashed but merely choked on the input buffer with loss of all connectivity, including ping, for minutes at a time, loss of session, etc. Also 4.19.20 (which has 8c763a3cf5027f1314d27852dd42656e0491e550) survives. So, looks like 8c763 is just fine. Florian, thanks for testing 154 and 5.3.11. |