On Tue, Dec 08, 2020 at 08:06PM +0100, Marco Elver wrote:

On Thu, 3 Dec 2020 at 19:01, Eric Dumazet [off-list ref] wrote:

quoted

On 12/3/20 6:41 PM, Marco Elver wrote:

quoted

One more experiment -- simply adding

--- a/net/core/skbuff.c
+++ b/net/core/skbuff.c

@@ -207,7 +207,21 @@ struct sk_buff *__alloc_skb(unsigned int size, gfp_t gfp_mask,
       */
      size = SKB_DATA_ALIGN(size);
      size += SKB_DATA_ALIGN(sizeof(struct skb_shared_info));
+     size = 1 << kmalloc_index(size); /* HACK */
      data = kmalloc_reserve(size, gfp_mask, node, &pfmemalloc);

also got rid of the warnings. Something must be off with some value that
is computed in terms of ksize(). If not, I don't have any explanation
for why the above hides the problem.

Maybe the implementations of various macros (SKB_DATA_ALIGN and friends)
hae some kind of assumptions, I will double check this.

If I force kfence to return 4K sized allocations for everything, the
warnings remain. That might suggest that it's not due to a missed
ALIGN.

Is it possible that copies or moves are a problem? E.g. we copy
something from kfence -> non-kfence object (or vice-versa), and
ksize() no longer matches, then things go wrong?

I was able to narrow it down to allocations of size 640. I also narrowed
it down to 5 allocations that go through kfence that start triggering
the issue. I have attached the list of those 5 allocations with
allocation + free stacks. I'll try to go through them, maybe I get
lucky eventually. :-)

Thanks,
-- Marco