[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CA+G9fYvPWFtA77k=yx46FRd2wGW+_SMtzgZtYQFgkzmwPhNhdw@mail.gmail.com>
Date: Thu, 2 Jan 2020 13:25:44 +0530
From: Naresh Kamboju <naresh.kamboju@...aro.org>
To: Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
Sasha Levin <sashal@...nel.org>
Cc: Eric Dumazet <edumazet@...gle.com>,
Michal Kubecek <mkubecek@...e.cz>,
Firo Yang <firo.yang@...e.com>,
Jakub Kicinski <jakub.kicinski@...ronome.com>,
rcu@...r.kernel.org, Netdev <netdev@...r.kernel.org>,
lkft-triage@...ts.linaro.org
Subject: Re: stable-rc-4.19.93-rc1/4e040169e8b7 : kernel panic RIP: 0010:__inet_lookup_listener
On Thu, 2 Jan 2020 at 12:24, Naresh Kamboju <naresh.kamboju@...aro.org> wrote:
>
> Results from Linaro’s test farm.
> Regressions on arm64, arm, x86_64, and i386.
>
> While running LTP syscalls accept* test cases on stable-rc-4.19 branch kernel.
> This report log extracted from qemu_x86_64.
>
> metadata:
> git branch: linux-4.19.y
> git repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git
> git commit: 4e040169e8b7f4e1c50ceb0f6596015ecc67a052
> git describe: v4.19.92-112-g4e040169e8b7
> make_kernelversion: 4.19.93-rc1
> kernel-config:
> http://snapshots.linaro.org/openembedded/lkft/lkft/sumo/intel-corei7-64/lkft/linux-stable-rc-4.19/396/config
>
> Crash log,
>
> BUG: unable to handle kernel paging request at 0000000040000001
> [ 23.578222] PGD 138f25067 P4D 138f25067 PUD 0
> er run is 0h 15m[ 23.578222] Oops: 0000 [#1] SMP NOPTI
> [ 23.578222] CPU: 1 PID: 2216 Comm: accept02 Not tainted 4.19.93-rc1 #1
> [ 23.578222] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996),
> BIOS 1.12.0-1 04/01/2014
> [ 23.578222] RIP: 0010:__inet_lookup_listener+0x12d/0x300
Reverting below patch solve this kernel panic,
tcp/dccp: fix possible race __inet_lookup_established()
[ Upstream commit 8dbd76e79a16b45b2ccb01d2f2e08dbf64e71e40 ]
Michal Kubecek and Firo Yang did a very nice analysis of crashes
happening in __inet_lookup_established().
Since a TCP socket can go from TCP_ESTABLISH to TCP_LISTEN
(via a close()/socket()/listen() cycle) without a RCU grace period,
I should not have changed listeners linkage in their hash table.
They must use the nulls protocol (Documentation/RCU/rculist_nulls.txt),
so that a lookup can detect a socket in a hash list was moved in
another one.
Since we added code in commit d296ba60d8e2 ("soreuseport: Resolve
merge conflict for v4/v6 ordering fix"), we have to add
hlist_nulls_add_tail_rcu() helper.
Fixes: 3b24d854cb35 ("tcp/dccp: do not touch listener sk_refcnt under synflood")
Signed-off-by: Eric Dumazet <edumazet@...gle.com>
Reported-by: Michal Kubecek <mkubecek@...e.cz>
Reported-by: Firo Yang <firo.yang@...e.com>
Reviewed-by: Michal Kubecek <mkubecek@...e.cz>
Link: https://lore.kernel.org/netdev/20191120083919.GH27852@unicorn.suse.cz/
Signed-off-by: Jakub Kicinski <jakub.kicinski@...ronome.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Powered by blists - more mailing lists