[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAN1eFqgZQ4exQSbZVk+dPMQHEjD87Q7C5C5ADqgD_-0_rZ7GDg@mail.gmail.com>
Date: Tue, 15 Oct 2019 20:31:49 -0400
From: Rajendra Dendukuri <rajen83@...il.com>
To: netdev@...r.kernel.org
Subject: Crash in in __skb_unlink during net_rx_action
Observed below kernel oops on "Linux version 4.9.0-9-2-amd64" from Debian 9.
This was observed when bridge vlan netdevs were getting deleted while
packets were being received. I observed this only once, but wanted to
put it out there for the record. Below is the decoded call path. It
appears to be in the elementary pkt handling function. I searched for
upstream commits for any patches around this code but could not find
anything. Any thoughts on what it might be about while I try to figure
out the test case to simulate the panic condition again.
process_backlog() ---- __skb_dequeue() --- __skb_unlink() --
next->prev = prev; (Panic)
[12106.283243] BUG: unable to handle kernel NULL pointer dereference
at 0000000000000008
[12106.292014] IP: [<ffffffff9ab1265c>] process_backlog+0x7c/0x130
[12106.298643] PGD 0 [12106.300691]
[12106.302356] Oops: 0002 1 SMP
<SNIP>
[12106.456408] task: ffff8a0aad1ed140 task.stack: ffff950741980000
[12106.463027] RIP: 0010:[<ffffffff9ab1265c>] [<ffffffff9ab1265c>]
process_backlog+0x7c/0x130
<SNIP>
[12106.584667] Call Trace:
[12106.587403] [<ffffffff9ab11df6>] ? net_rx_action+0x246/0x380
[12106.593827] [<ffffffff9ac1e81d>] ? __do_softirq+0x10d/0x2b0
[12106.600152] [<ffffffff9a69d560>] ? sort_range+0x20/0x20
[12106.606090] [<ffffffff9a67ff5e>] ? run_ksoftirqd+0x1e/0x40
[12106.612318] [<ffffffff9a69d66e>] ? smpboot_thread_fn+0x10e/0x160
[12106.619130] [<ffffffff9a699dd9>] ? kthread+0xd9/0xf0
[12106.624776] [<ffffffff9a699d00>] ? kthread_park+0x60/0x60
[12106.630908] [<ffffffff9ac1aeb7>] ? ret_from_fork+0x57/0x70
Powered by blists - more mailing lists