Kernel Oops in __inet_twsk_kill()
From: Charley (Hao Chuan) Chu
Date: Tue Nov 04 2014 - 18:47:21 EST
We have situation on our system. It brings the network interface up and down every a few seconds. Eventually, it brings down the system - the kernel crashed due to BUG on in __inet_twsk_kill(). The debug message show following call flow.
1) time-wait socket is created by tcp_time_wait() when the socket gets into "TIME_WAIT" state.
inet_twsk_alloc() - refcnt= 0
inet_twsk_hashdance() - refcnt = 3
inet_twsk_schedule() - refcnt = 4
inet_twsk_put() - refcnt = 3
2) tcp_v4_timewait_ack() is called when sync is received
inet_twsk_put() - refcnt= 2 <== where we thing the problem is
occasionally, second sync is received, so the inet_twsk_put is called twice - refcnt = 1
3) twdr_do_twkill_work() is called when timed out
call __inet_twsk_kill - BUG_ON!!! as refcnt=2 (supposed to be 3).
call inet_twsk_put()
In a normal case, the callflow only has step 1 and step 3. Our understanding is the time-wait socket has three references - ehash, bhash and timer death row. In step 2, none of them are touched. Can anyone here explain to us why the inet_twsk_put() is called in tcp_v4_timewait_ack()?
our system has 3.14 kernel.
Any help would be highly appreciated.
Charley Chu
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/