lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <HE1P193MB012310556C7CDB8E2B1FD759A8859@HE1P193MB0123.EURP193.PROD.OUTLOOK.COM>
Date:   Sat, 9 Jul 2022 08:34:47 +0000
From:   Michelle Bies <mimbies@...look.com>
To:     "netdev@...r.kernel.org" <netdev@...r.kernel.org>
CC:     Eric Dumazet <edumazet@...gle.com>
Subject: Re: TPROXY + Attempt to release TCP socket in state 1

Hi 

On Sat, Jul 9, 2022 at 8:41 AM Willy Tarreau <w@....eu> wrote:
> 
> You sent it only 4 days ago! As you might have noticed you're not the
> only one to request help, code reviews or anything that requires time

You are completely right. Thank you for your attention and I am sorry for the rush (I am a newbie in the kernel scope).

> ... . What progress have you made on your side on
> the analysis of this problem in during this time, that you could share
> to save precious time to those who are going to help you, and to make
> your issue more interesting to analyse than other ones ?

The problem occurs in a production environment in random periods, sometimes after some hours and sometimes after some days.
I couldn't reproduce it in my test environment, I even tried to simulate the problem under huge load in my development environment but still no crash occurred.
I also tried to attach a serial console but nothing special happens when system reboots.

> Also, I'm seeing that your kernel is tainted by an out-of-tree module:
> 
> > >   CPU: 5 PID: 0 Comm: swapper/5 Tainted: GO 5.4.181+ #9
>                                              ^^
> 
> Most likely it's this "xt_geoip" module but it may also be anything
> else I have not spotted in your dump. Have you rechecked without it ?
> While unlikely to be related, any out-of-tree code must be handled
> with extreme care, as their impact on the rest of the kernel remains
> mostly unknown, so they're the first ones to disable during
> troubleshooting.

I applied IMQ patch so I have a xt_IMQ module.
Could this be root of the problem?

> Please always mention the exact version in reports. I've seen "5.4.181+"
> in your dump, which means 5.4.181 plus extra patches. Have you tried
> again without them ?
You're correct. My kernel is 5.4.181+. I got the tip and I will check all my changes, although I think they are irrelevant.

Thank you again for your time.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ