is it possibility that sk->sk_dst_cache is overwritten? like in __sk_dst_check,
when tcp timer tries to resend a packet, at the same time, tcp_close is called,
and a reset packet will send, and ip_queue_xmit will be called concurrent;
cpu 1 cpu 2
tcp_close
tcp_send_active_reset
ip_queue_xmit
__sk_dst_check {
dst = __sk_dst_get(sk);
tcp timer fire
tcp_retransmit_timer
__tcp_retransmit_skb
ip_queue_xmit
sk_setup_caps
sk->sk_dst_cache is
changed, like dst222
RCU_INIT_POINTER(sk->sk_dst_cache, NULL);
dst222 is leaked
dst_release(dst);
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1711407
Title:
unregister_netdevice: waiting for lo to become free
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1711407/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
