From: Bert Karwatzki <spasswolf@web.de>
To: Jason Xing <kerneljasonxing@gmail.com>
Cc: Johannes Berg <johannes@sipsolutions.net>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
"linux-next@vger.kernel.org" <linux-next@vger.kernel.org>,
"llvm@lists.linux.dev" <llvm@lists.linux.dev>,
Thomas Gleixner <tglx@linutronix.de>,
linux-wireless@vger.kernel.org, spasswolf@web.de
Subject: Re: lockup and kernel panic in linux-next-202505{09,12} when compiled with clang
Date: Sun, 18 May 2025 16:15:15 +0200 [thread overview]
Message-ID: <c343c12be42195aaeeb572ddc76ed41369904d79.camel@web.de> (raw)
In-Reply-To: <8274d78a82cded2fc4459fad8c2db6a1b51d7891.camel@web.de>
Am Sonntag, dem 18.05.2025 um 14:43 +0200 schrieb Bert Karwatzki:
> Am Sonntag, dem 18.05.2025 um 14:12 +0200 schrieb Bert Karwatzki:
> > > > >
> >
> > I even tried this version of your patch, to keep the offset of skc_refcnt at 128,
> > but it doesn't work, either.
> >
> > commit fca84c5cde713be480544a64ed6680afc3319670
> > Author: Bert Karwatzki <spasswolf@web.de>
> > Date: Sun May 18 13:32:36 2025 +0200
> >
> > include: net: sock: move skc_flags out of the union
> >
> > Signed-off-by: Bert Karwatzki <spasswolf@web.de>
> >
> > diff --git a/include/net/sock.h b/include/net/sock.h
> > index 3e15d7105ad2..e73929a4da6e 100644
> > --- a/include/net/sock.h
> > +++ b/include/net/sock.h
> > @@ -195,7 +195,6 @@ struct sock_common {
> > * for different kind of 'sockets'
> > */
> > union {
> > - unsigned long skc_flags;
> > struct sock *skc_listener; /* request_sock */
> > struct inet_timewait_death_row *skc_tw_dr; /* inet_timewait_sock */
> > };
> > @@ -221,6 +220,9 @@ struct sock_common {
> > };
> >
> > refcount_t skc_refcnt;
> > +
> > + /* place skc_flags here to keep offset(struct sock, sk_refcnt) == 128 */
> > + unsigned long skc_flags;
> > /* private: */
> > int skc_dontcopy_end[0];
> > union {
> >
>
> In the patch above I accidently put skc_flags in the part of struct sock_common
> which does not get copied, but putting it below skc_dontcopy_end[0] does not work,
> either:
>
> diff --git a/include/net/sock.h b/include/net/sock.h
> index 3e15d7105ad2..6d69753a205a 100644
> --- a/include/net/sock.h
> +++ b/include/net/sock.h
> @@ -195,7 +195,6 @@ struct sock_common {
> * for different kind of 'sockets'
> */
> union {
> - unsigned long skc_flags;
> struct sock *skc_listener; /* request_sock */
> struct inet_timewait_death_row *skc_tw_dr; /* inet_timewait_sock */
> };
> @@ -221,8 +220,12 @@ struct sock_common {
> };
>
> refcount_t skc_refcnt;
> +
> /* private: */
> int skc_dontcopy_end[0];
> + /* place skc_flags here to keep offset(struct sock, sk_refcnt) == 128
> + * Also place it below skc_dontcopy_end[0] */
> + unsigned long skc_flags;
> union {
> u32 skc_rxhash;
> u32 skc_window_clamp;
>
> This locks up as usual.
>
> Bert Karwatzki
So I did some more monitoring and found that even though skc_flags is removed from the union
it can take strange values, e.g.:
Here the value is not even a pointer (perhaps unitialized memory?):
[ T572] ieee80211_8023_xmit_clang_debug_helper: skb->sk = ffff88fc2abf4cc0 skb->sk->sk_flags = 0xa00f7fe57b16f7e1
These could be pointers, but as pointers would only be aligned to a 2-byte boundary ...
[ T572] ieee80211_8023_xmit_clang_debug_helper: skb->sk = ffff88fbd0bd3210 skb->sk->sk_flags = 0xffffc0f1c62dcc4e
[ T572] ieee80211_8023_xmit_clang_debug_helper: skb->sk = ffff88fbd0bd3210 skb->sk->sk_flags = 0xffffc0f1c62dcc4e
Bert Karwatzki
next prev parent reply other threads:[~2025-05-18 14:15 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-05-13 16:48 lockup and kernel panic in linux-next-202505{09,12} when compiled with clang Bert Karwatzki
2025-05-13 22:33 ` Thomas Gleixner
2025-05-14 0:11 ` Bert Karwatzki
2025-05-14 9:32 ` Bert Karwatzki
2025-05-14 10:23 ` Johannes Berg
2025-05-14 13:46 ` Bert Karwatzki
2025-05-14 17:49 ` Johannes Berg
2025-05-14 18:56 ` Johannes Berg
2025-05-14 22:27 ` Bert Karwatzki
2025-05-15 6:30 ` Johannes Berg
2025-05-15 9:10 ` Bert Karwatzki
2025-05-16 18:19 ` Bert Karwatzki
2025-05-17 11:34 ` Bert Karwatzki
2025-05-17 19:49 ` Bert Karwatzki
2025-05-18 1:30 ` Jason Xing
2025-05-18 12:12 ` Bert Karwatzki
2025-05-18 12:43 ` Bert Karwatzki
2025-05-18 14:15 ` Bert Karwatzki [this message]
2025-05-18 14:41 ` Bert Karwatzki
-- strict thread matches above, loose matches on Subject: below --
2025-05-13 22:15 Bert Karwatzki
2025-05-13 10:19 Bert Karwatzki
2025-05-13 8:00 Bert Karwatzki
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=c343c12be42195aaeeb572ddc76ed41369904d79.camel@web.de \
--to=spasswolf@web.de \
--cc=johannes@sipsolutions.net \
--cc=kerneljasonxing@gmail.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-next@vger.kernel.org \
--cc=linux-wireless@vger.kernel.org \
--cc=llvm@lists.linux.dev \
--cc=tglx@linutronix.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox