Network traffic input is via two PPP devices, output is via a TEQL
device with both PPP devices attached.
It's possible that a PPP device could have gone down while this packet
was being logged.
icmp.o attached:
109a: 8b 9b 60 01 00 00 mov 0x160(%ebx),%ebx
10a0: 83 c4 10 add $0x10,%esp
10a3: 85 db test %ebx,%ebx
10a5: 74 07 je 10ae <icmpv6_send+0x5ca>
* 10a7: f0 ff 83 dc 00 00 00 lock incl 0xdc(%ebx)
10ae: b9 ae 10 00 00 mov $0x10ae,%ecx
10af: R_386_32 .text
10b3: ba 01 00 00 00 mov $0x1,%edx
10b8: b8 00 00 00 00 mov $0x0,%eax
10b9: R_386_32 rcu_lock_map
10bd: e8 fc ff ff ff call 10be <icmpv6_send+0x5da>
[19258502.086131] BUG: unable to handle kernel paging request at 676e7543
[19258502.087007] IP: [<c04d89a7>] icmpv6_send+0x5c3/0x6e2
[19258502.087007] *pdpt = 0000000002734001 *pde = 0000000000000000
[19258502.087007] Oops: 0002 [#1] PREEMPT SMP
[19258502.087007] last sysfs file: /sys/devices/platform/it87.552/cpu0_vid
[19258502.087007] Modules linked in: sr_mod cdrom xt_NOTRACK iptable_raw ftdi_sio sch_teql crc32c iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi pppoe pppox ppp_synctty act_mirred sch_ingress sch_sfq cls_]
[19258502.087007]
[19258502.087007] Pid: 3, comm: ksoftirqd/0 Tainted: G W 2.6.35.4-git+ #git+ GA-MA69VM-S2/GA-MA69VM-S2
[19258502.087007] EIP: 0060:[<c04d89a7>] EFLAGS: 00010202 CPU: 0
[19258502.087007] EIP is at icmpv6_send+0x5c3/0x6e2
[19258502.087007] EAX: 00000000 EBX: 676e7467 ECX: 00000000 EDX: 00000001
[19258502.087007] ESI: f6fa8db4 EDI: 00000000 EBP: f7483c4c ESP: f7483b48
[19258502.087007] DS: 007b ES: 007b FS: 00d8 GS: 0000 SS: 0068
[19258502.087007] Process ksoftirqd/0 (pid: 3, ti=f7482000 task=f74800a0 task.ti=f7482000)
[19258502.251703] Stack:
[19258502.251703] f68d1e00 c067f614 f7483b58 c067f614 f7483b68 c0513fe0 b21c8fe7 b21c8fdd
[19258502.251703] <0> f7483b88 c022e74d 00000046 0101fe2f f4d8004c 00000151 f6fa8ac0 f6fa8db4
[19258502.251703] <0> f4d8005c 00000000 00000040 f6fa8af0 00000000 00000000 00000000 10060120
[19258502.251703] Call Trace:
[19258502.251703] [<c0513fe0>] ? _raw_spin_unlock_irqrestore+0x42/0x58
[19258502.251703] [<c022e74d>] ? release_console_sem+0x197/0x1c4
[19258502.251703] [<fa78f0b5>] ? reject_tg6+0x70/0x43f [ip6t_REJECT]
[19258502.251703] [<fa7b49b1>] ? ip6t_log_packet+0x15d/0x167 [ip6t_LOG]
[19258502.251703] [<c024e201>] ? trace_hardirqs_on+0xb/0xd
[19258502.251703] [<c0232a72>] ? local_bh_enable_ip+0x97/0xad
[19258502.251703] [<c0513f59>] ? _raw_spin_unlock_bh+0x2f/0x32
[19258502.251703] [<fa7b49b1>] ? ip6t_log_packet+0x15d/0x167 [ip6t_LOG]
[19258502.251703] [<fa67c1a0>] ? ipv6_find_hdr+0xf8/0x164 [ip6_tables]
[19258502.251703] [<fa67c7c1>] ? ip6t_do_table+0x4c8/0x53e [ip6_tables]
[19258502.251703] [<fa7220f0>] ? ip6table_mangle_hook+0xf0/0x100 [ip6table_mangle]
[19258502.251703] [<fa687018>] ? ip6table_filter_hook+0x18/0x20 [ip6table_filter]
[19258502.251703] [<c046ee87>] ? nf_iterate+0x2f/0x62
[19258502.251703] [<c04c40c8>] ? ip6_input_finish+0x0/0x3db
[19258502.251703] [<c046f088>] ? nf_hook_slow+0x63/0xeb
[19258502.251703] [<c04c40c8>] ? ip6_input_finish+0x0/0x3db
[19258502.251703] [<c04c44d6>] ? ip6_input+0x33/0x47
[19258502.251703] [<c04c40c8>] ? ip6_input_finish+0x0/0x3db
[19258502.251703] [<c04c4775>] ? ip6_rcv_finish+0x8b/0x8e
[19258502.251703] [<fc206a3a>] ? nf_ct_frag6_output+0x7c/0x95 [nf_conntrack_ipv6]
[19258502.251703] [<fc20645c>] ? ipv6_defrag+0x87/0x9f [nf_conntrack_ipv6]
[19258502.251703] [<c04c46ea>] ? ip6_rcv_finish+0x0/0x8e
[19258502.251703] [<c046ee87>] ? nf_iterate+0x2f/0x62
[19258502.251703] [<c04c46ea>] ? ip6_rcv_finish+0x0/0x8e
[19258502.251703] [<c046f088>] ? nf_hook_slow+0x63/0xeb
[19258502.251703] [<c04c46ea>] ? ip6_rcv_finish+0x0/0x8e
[19258502.251703] [<c04c4aff>] ? ipv6_rcv+0x387/0x47c
[19258502.251703] [<c04c46ea>] ? ip6_rcv_finish+0x0/0x8e
[19258502.251703] [<c0455065>] ? __netif_receive_skb+0x367/0x3b6
[19258502.251703] [<c0455142>] ? process_backlog+0x8e/0x146
[19258502.251703] [<c0455c3b>] ? net_rx_action+0x62/0x119
[19258502.251703] [<c0232750>] ? __do_softirq+0x8b/0x10a
[19258502.251703] [<c02327fa>] ? do_softirq+0x2b/0x43
[19258502.251703] [<c0232885>] ? run_ksoftirqd+0x73/0x155
[19258502.251703] [<c0232812>] ? run_ksoftirqd+0x0/0x155
[19258502.251703] [<c023fdbd>] ? kthread+0x61/0x66
[19258502.251703] [<c023fd5c>] ? kthread+0x0/0x66
[19258502.251703] [<c0202c7a>] ? kernel_thread_helper+0x6/0x1a
[19258502.251703] Code: e8 1b da d4 ff 68 48 89 4d c0 31 c9 31 d2 b8 58 11 68 c0 6a 00 6a 01 6a 02 e8 37 76 d7 ff 8b 9b 60 01 00 00 83 c4 10 85 db 74 07 <f0> ff 83 dc 00 00 00 b9 ae 89 4d c0 ba 01 00 00 00 b8 5
[19258502.251703] EIP: [<c04d89a7>] icmpv6_send+0x5c3/0x6e2 SS:ESP 0068:f7483b48
[19258502.251703] CR2: 00000000676e7543
[19258502.535098] ---[ end trace 0e99e06f98463fb7 ]---
[19258502.540292] Kernel panic - not syncing: Fatal exception in interrupt
[19258502.541915] __iptables__: l2tp_2 IN=aaisp3 OUT= MAC= SRC=87.106.29.21 DST=81.2.80.67 LEN=123 TOS=0x00 PREC=0x00 TTL=58 ID=0 DF PROTO=UDP SPT=53 DPT=50245 LEN=103
[19258502.541956] __iptables__: l2tp_2 IN=aaisp3 OUT= MAC= SRC=66.45.29.125 DST=81.2.80.67 LEN=128 TOS=0x00 PREC=0x00 TTL=238 ID=25735 DF PROTO=UDP SPT=53 DPT=41665 LEN=108
[19258502.542038] __iptables__: l2tp_2 IN=aaisp3 OUT= MAC= SRC=2600:2002:0000:0000:0000:0000:0000:0076 DST=2001:08b0:ffea:0000:0053:4150:5841:0001 LEN=152 TC=0 HOPLIMIT=56 FLOWLBL=0 PROTO=UDP SPT=53 DPT=22817 L
[19258502.542070] __iptables__: l2tp_2 IN=aaisp3 OUT= MAC= SRC=208.80.124.2 DST=81.2.80.67 LEN=120 TOS=0x00 PREC=0x00 TTL=56 ID=56897 PROTO=UDP SPT=53 DPT=17380 LEN=100
[19258502.612141] Pid: 3, comm: ksoftirqd/0 Tainted: G D W 2.6.35.4-git+ #git+
[19258502.619983] Call Trace:
[19258502.622783] [<c0511194>] ? printk+0xf/0x13
[19258502.627394] [<c0511116>] panic+0x55/0xc4
[19258502.631754] [<c02050ed>] oops_end+0x6e/0x7c
[19258502.636443] [<c021a514>] no_context+0x13f/0x149
[19258502.641434] [<c021a657>] __bad_area_nosemaphore+0x139/0x141
[19258502.647441] [<c04cef8d>] ? fib6_lookup+0x48/0x5c
[19258502.652564] [<c04cdd75>] ? ip6_pol_route+0x208/0x223
[19258502.657997] [<c024e201>] ? trace_hardirqs_on+0xb/0xd
[19258502.663466] [<c0232a72>] ? local_bh_enable_ip+0x97/0xad
[19258502.669170] [<c0513d08>] ? _raw_read_unlock_bh+0x2f/0x32
[19258502.674925] [<c04cdd75>] ? ip6_pol_route+0x208/0x223
[19258502.680318] [<c021a66c>] bad_area_nosemaphore+0xd/0x10
[19258502.685957] [<c021a910>] do_page_fault+0x14e/0x302
[19258502.691291] [<c04b3486>] ? __xfrm_lookup+0x32d/0x38b
[19258502.696768] [<c04e8bbe>] ? fib6_rule_lookup+0x35/0x77
[19258502.702280] [<c021a7c2>] ? do_page_fault+0x0/0x302
[19258502.707576] [<c051499b>] error_code+0x6b/0x70
[19258502.712446] [<c021a7c2>] ? do_page_fault+0x0/0x302
[19258502.717783] [<c04d89a7>] ? icmpv6_send+0x5c3/0x6e2
[19258502.723047] [<c0513fe0>] ? _raw_spin_unlock_irqrestore+0x42/0x58
[19258502.729616] [<c022e74d>] ? release_console_sem+0x197/0x1c4
[19258502.735622] [<fa78f0b5>] reject_tg6+0x70/0x43f [ip6t_REJECT]
[19258502.741855] [<fa7b49b1>] ? ip6t_log_packet+0x15d/0x167 [ip6t_LOG]
[19258502.748512] [<c024e201>] ? trace_hardirqs_on+0xb/0xd
[19258502.753997] [<c0232a72>] ? local_bh_enable_ip+0x97/0xad
[19258502.759716] [<c0513f59>] ? _raw_spin_unlock_bh+0x2f/0x32
[19258502.765543] [<fa7b49b1>] ? ip6t_log_packet+0x15d/0x167 [ip6t_LOG]
[19258502.772245] [<fa67c1a0>] ? ipv6_find_hdr+0xf8/0x164 [ip6_tables]
[19258502.778739] [<fa67c7c1>] ip6t_do_table+0x4c8/0x53e [ip6_tables]
[19258502.785126] [<fa7220f0>] ? ip6table_mangle_hook+0xf0/0x100 [ip6table_mangle]
[19258502.792698] [<fa687018>] ip6table_filter_hook+0x18/0x20 [ip6table_filter]
[19258502.800096] [<c046ee87>] nf_iterate+0x2f/0x62
[19258502.804934] [<c04c40c8>] ? ip6_input_finish+0x0/0x3db
[19258502.810438] [<c046f088>] nf_hook_slow+0x63/0xeb
[19258502.815466] [<c04c40c8>] ? ip6_input_finish+0x0/0x3db
[19258502.821049] [<c04c44d6>] ip6_input+0x33/0x47
[19258502.825833] [<c04c40c8>] ? ip6_input_finish+0x0/0x3db
[19258502.831446] [<c04c4775>] ip6_rcv_finish+0x8b/0x8e
[19258502.836649] [<fc206a3a>] nf_ct_frag6_output+0x7c/0x95 [nf_conntrack_ipv6]
[19258502.844072] [<fc20645c>] ipv6_defrag+0x87/0x9f [nf_conntrack_ipv6]
[19258502.850871] [<c04c46ea>] ? ip6_rcv_finish+0x0/0x8e
[19258502.856156] [<c046ee87>] nf_iterate+0x2f/0x62
[19258502.860968] [<c04c46ea>] ? ip6_rcv_finish+0x0/0x8e
[19258502.866315] [<c046f088>] nf_hook_slow+0x63/0xeb
[19258502.871290] [<c04c46ea>] ? ip6_rcv_finish+0x0/0x8e
[19258502.876614] [<c04c4aff>] ipv6_rcv+0x387/0x47c
[19258502.881476] [<c04c46ea>] ? ip6_rcv_finish+0x0/0x8e
[19258502.886807] [<c0455065>] __netif_receive_skb+0x367/0x3b6
[19258502.892639] [<c0455142>] process_backlog+0x8e/0x146
[19258502.897996] [<c0455c3b>] net_rx_action+0x62/0x119
[19258502.903187] [<c0232750>] __do_softirq+0x8b/0x10a
[19258502.908305] [<c02327fa>] do_softirq+0x2b/0x43
[19258502.913157] [<c0232885>] run_ksoftirqd+0x73/0x155
[19258502.918401] [<c0232812>] ? run_ksoftirqd+0x0/0x155
[19258502.923693] [<c023fdbd>] kthread+0x61/0x66
[19258502.928301] [<c023fd5c>] ? kthread+0x0/0x66
[19258502.933014] [<c0202c7a>] kernel_thread_helper+0x6/0x1a
[19258502.938655] Rebooting in 10 seconds..
--
Simon Arlott
On Thu, April 14, 2011 23:53, Simon Arlott wrote:
> [19258502.086131] BUG: unable to handle kernel paging request at 676e7543
> [19258502.087007] IP: [<c04d89a7>] icmpv6_send+0x5c3/0x6e2
This happened again in a different part of icmpv6_send:
[31890.810491] BUG: unable to handle kernel NULL pointer dereference at 000002c0
[31890.814522] IP: [<c04c70f2>] in6_dev_finish_destroy+0x35/0x8c
[31890.814522] *pdpt = 00000000160fb001 *pde = 0000000000000000
[31890.814522] Oops: 0002 [#1] PREEMPT SMP
[31890.814522] last sysfs file: /sys/devices/platform/it87.552/cpu0_vid
[31890.814522] Modules linked in: xt_tcpmss xt_length xt_TCPMSS ppp_synctty sch_sfq xt_u32 xt_CLASSIFY
sch_htb ppp_async bnep nfsd lockd sunrpc rfcomm l2cap crc16 exportfs nf_conntrack_ipv6 xt_state ip6t_LOG ipm
[31890.889345]
[31890.889345] Pid: 3, comm: ksoftirqd/0 Tainted: G W 2.6.35.4-git+ #git+ GA-MA69VM-S2/GA-MA69VM-S2
[31890.889345] EIP: 0060:[<c04c70f2>] EFLAGS: 00010246 CPU: 0
[31890.917900] EIP is at in6_dev_finish_destroy+0x35/0x8c
[31890.917900] EAX: 00000009 EBX: d6997fa3 ECX: c0513fcd EDX: 00000000
[31890.917900] ESI: 00000000 EDI: f7483bd4 EBP: f7483b40 ESP: f7483b38
[31890.917900] DS: 007b ES: 007b FS: 00d8 GS: 0000 SS: 0068
[31890.917900] Process ksoftirqd/0 (pid: 3, ti=f7482000 task=f74800a0 task.ti=f7482000)
[31890.917900] Stack:
[31890.917900] d6997fa3 00000159 f7483c4c c04d8a8b efb86cc0 c067f614 f7483b58 c067f614
[31890.917900] <0> f7483b68 c0513fe0 0021c090 0021c086 f7483b88 c022e74d 00000046 0101ff2f
[31890.917900] <0> ef87e04c 00000151 f6e1fac0 f6e1fdb4 ef87e05c 00000000 00000040 f6e1faf0
[31890.917900] Call Trace:
[31890.917900] [<c04d8a8b>] ? icmpv6_send+0x6a7/0x6e2
[31890.917900] [<c0513fe0>] ? _raw_spin_unlock_irqrestore+0x42/0x58
[31890.917900] [<c022e74d>] ? release_console_sem+0x197/0x1c4
[31890.917900] [<fa7ab0b5>] ? reject_tg6+0x70/0x43f [ip6t_REJECT]
[31890.917900] [<fa7d09b1>] ? ip6t_log_packet+0x15d/0x167 [ip6t_LOG]
[31890.917900] [<c024e201>] ? trace_hardirqs_on+0xb/0xd
[31890.917900] [<c0232a72>] ? local_bh_enable_ip+0x97/0xad
[31890.917900] [<c0513f59>] ? _raw_spin_unlock_bh+0x2f/0x32
[31890.917900] [<fa7d09b1>] ? ip6t_log_packet+0x15d/0x167 [ip6t_LOG]
[31890.917900] [<fa6981a0>] ? ipv6_find_hdr+0xf8/0x164 [ip6_tables]
[31890.917900] [<fa6987c1>] ? ip6t_do_table+0x4c8/0x53e [ip6_tables]
[31890.917900] [<fa73e0f0>] ? ip6table_mangle_hook+0xf0/0x100 [ip6table_mangle]
[31890.917900] [<fa6a3018>] ? ip6table_filter_hook+0x18/0x20 [ip6table_filter]
[31890.917900] [<c046ee87>] ? nf_iterate+0x2f/0x62
[31890.917900] [<c04c40c8>] ? ip6_input_finish+0x0/0x3db
[31890.917900] [<c046f088>] ? nf_hook_slow+0x63/0xeb
[31890.917900] [<c04c40c8>] ? ip6_input_finish+0x0/0x3db
[31890.917900] [<c04c44d6>] ? ip6_input+0x33/0x47
[31890.917900] [<c04c40c8>] ? ip6_input_finish+0x0/0x3db
[31890.917900] [<c04c4775>] ? ip6_rcv_finish+0x8b/0x8e
[31890.917900] [<fc22aa3a>] ? nf_ct_frag6_output+0x7c/0x95 [nf_conntrack_ipv6]
[31890.917900] [<fc22a45c>] ? ipv6_defrag+0x87/0x9f [nf_conntrack_ipv6]
[31890.917900] [<c04c46ea>] ? ip6_rcv_finish+0x0/0x8e
[31890.917900] [<c046ee87>] ? nf_iterate+0x2f/0x62
[31890.917900] [<c04c46ea>] ? ip6_rcv_finish+0x0/0x8e
[31890.917900] [<c046f088>] ? nf_hook_slow+0x63/0xeb
[31890.917900] [<c04c46ea>] ? ip6_rcv_finish+0x0/0x8e
[31890.917900] [<c04c4aff>] ? ipv6_rcv+0x387/0x47c
[31890.917900] [<c04c46ea>] ? ip6_rcv_finish+0x0/0x8e
[31890.917900] [<c0455065>] ? __netif_receive_skb+0x367/0x3b6
[31890.917900] [<c0455142>] ? process_backlog+0x8e/0x146
[31890.917900] [<c0455c3b>] ? net_rx_action+0x62/0x119
[31890.917900] [<c0232750>] ? __do_softirq+0x8b/0x10a
[31890.917900] [<c02327fa>] ? do_softirq+0x2b/0x43
[31890.917900] [<c0232885>] ? run_ksoftirqd+0x73/0x155
[31890.917900] [<c0232812>] ? run_ksoftirqd+0x0/0x155
[31890.917900] [<c023fdbd>] ? kthread+0x61/0x66
[31890.917900] [<c023fd5c>] ? kthread+0x0/0x66
[31890.917900] [<c0202c7a>] ? kernel_thread_helper+0x6/0x1a
[31890.917900] Code: 40 04 39 43 04 74 0f ba 45 01 00 00 b8 7a a1 63 c0 e8 32 70 d6 ff 83 7b 0c 00 74 0f ba
46 01 00 00 b8 7a a1 63 c0 e8 1d 70 d6 ff <f0> ff 8e c0 02 00 00 83 bb e4 00 00 00 00 75 0f 53 68 b5 a
[31890.917900] EIP: [<c04c70f2>] in6_dev_finish_destroy+0x35/0x8c SS:ESP 0068:f7483b38
[31890.917900] CR2: 00000000000002c0
[31891.236446] ---[ end trace 830bf5b3286acea0 ]---
[31891.241375] Kernel panic - not syncing: Fatal exception in interrupt
[31891.248085] Pid: 3, comm: ksoftirqd/0 Tainted: G D W 2.6.35.4-git+ #git+
[31891.255918] Call Trace:
[31891.258474] [<c0511194>] ? printk+0xf/0x13
[31891.262911] [<c0511116>] panic+0x55/0xc4
[31891.267130] [<c02050ed>] oops_end+0x6e/0x7c
[31891.271619] [<c021a514>] no_context+0x13f/0x149
[31891.276496] [<c021a657>] __bad_area_nosemaphore+0x139/0x141
[31891.282461] [<c0207360>] ? native_sched_clock+0x42/0x8d
[31891.288090] [<c024468d>] ? sched_clock_local+0x17/0x104
[31891.293699] [<c021a66c>] bad_area_nosemaphore+0xd/0x10
[31891.299206] [<c021a910>] do_page_fault+0x14e/0x302
[31891.304356] [<c0205311>] ? show_trace+0x10/0x14
[31891.309219] [<c05110b7>] ? dump_stack+0x57/0x61
[31891.314102] [<c021a7c2>] ? do_page_fault+0x0/0x302
[31891.319236] [<c051499b>] error_code+0x6b/0x70
[31891.323934] [<c0513fcd>] ? _raw_spin_unlock_irqrestore+0x2f/0x58
[31891.330370] [<c021a7c2>] ? do_page_fault+0x0/0x302
[31891.335536] [<c04c70f2>] ? in6_dev_finish_destroy+0x35/0x8c
[31891.341512] [<c04d8a8b>] icmpv6_send+0x6a7/0x6e2
[31891.346471] [<c0513fe0>] ? _raw_spin_unlock_irqrestore+0x42/0x58
[31891.352853] [<c022e74d>] ? release_console_sem+0x197/0x1c4
[31891.358740] [<fa7ab0b5>] reject_tg6+0x70/0x43f [ip6t_REJECT]
[31891.364821] [<fa7d09b1>] ? ip6t_log_packet+0x15d/0x167 [ip6t_LOG]
[31891.371340] [<c024e201>] ? trace_hardirqs_on+0xb/0xd
[31891.376604] [<c0232a72>] ? local_bh_enable_ip+0x97/0xad
[31891.382205] [<c0513f59>] ? _raw_spin_unlock_bh+0x2f/0x32
[31891.387945] [<fa7d09b1>] ? ip6t_log_packet+0x15d/0x167 [ip6t_LOG]
[31891.394444] [<fa6981a0>] ? ipv6_find_hdr+0xf8/0x164 [ip6_tables]
[31891.400896] [<fa6987c1>] ip6t_do_table+0x4c8/0x53e [ip6_tables]
[31891.407260] [<fa73e0f0>] ? ip6table_mangle_hook+0xf0/0x100 [ip6table_mangle]
[31891.414819] [<fa6a3018>] ip6table_filter_hook+0x18/0x20 [ip6table_filter]
[31891.422118] [<c046ee87>] nf_iterate+0x2f/0x62
[31891.426800] [<c04c40c8>] ? ip6_input_finish+0x0/0x3db
[31891.432267] [<c046f088>] nf_hook_slow+0x63/0xeb
[31891.437147] [<c04c40c8>] ? ip6_input_finish+0x0/0x3db
[31891.442583] [<c04c44d6>] ip6_input+0x33/0x47
[31891.447195] [<c04c40c8>] ? ip6_input_finish+0x0/0x3db
[31891.452608] [<c04c4775>] ip6_rcv_finish+0x8b/0x8e
[31891.457655] [<fc22aa3a>] nf_ct_frag6_output+0x7c/0x95 [nf_conntrack_ipv6]
[31891.464929] [<fc22a45c>] ipv6_defrag+0x87/0x9f [nf_conntrack_ipv6]
[31891.471561] [<c04c46ea>] ? ip6_rcv_finish+0x0/0x8e
[31891.476693] [<c046ee87>] nf_iterate+0x2f/0x62
[31891.481377] [<c04c46ea>] ? ip6_rcv_finish+0x0/0x8e
[31891.486501] [<c046f088>] nf_hook_slow+0x63/0xeb
[31891.491383] [<c04c46ea>] ? ip6_rcv_finish+0x0/0x8e
[31891.496501] [<c04c4aff>] ipv6_rcv+0x387/0x47c
[31891.501227] [<c04c46ea>] ? ip6_rcv_finish+0x0/0x8e
[31891.506394] [<c0455065>] __netif_receive_skb+0x367/0x3b6
[31891.512081] [<c0455142>] process_backlog+0x8e/0x146
[31891.517328] [<c0455c3b>] net_rx_action+0x62/0x119
[31891.522402] [<c0232750>] __do_softirq+0x8b/0x10a
[31891.527386] [<c02327fa>] do_softirq+0x2b/0x43
[31891.532078] [<c0232885>] run_ksoftirqd+0x73/0x155
[31891.537136] [<c0232812>] ? run_ksoftirqd+0x0/0x155
[31891.542294] [<c023fdbd>] kthread+0x61/0x66
[31891.546708] [<c023fd5c>] ? kthread+0x0/0x66
[31891.551211] [<c0202c7a>] kernel_thread_helper+0x6/0x1a
[31891.556747] Rebooting in 10 seconds..
--
Simon Arlott
Le vendredi 15 avril 2011 à 12:30 +0100, Simon Arlott a écrit :
> On Thu, April 14, 2011 23:53, Simon Arlott wrote:
> > [19258502.086131] BUG: unable to handle kernel paging request at 676e7543
> > [19258502.087007] IP: [<c04d89a7>] icmpv6_send+0x5c3/0x6e2
>
CC netfilter-devel
> This happened again in a different part of icmpv6_send:
>
> [31890.810491] BUG: unable to handle kernel NULL pointer dereference at 000002c0
> [31890.814522] IP: [<c04c70f2>] in6_dev_finish_destroy+0x35/0x8c
> [31890.814522] *pdpt = 00000000160fb001 *pde = 0000000000000000
> [31890.814522] Oops: 0002 [#1] PREEMPT SMP
> [31890.814522] last sysfs file: /sys/devices/platform/it87.552/cpu0_vid
> [31890.814522] Modules linked in: xt_tcpmss xt_length xt_TCPMSS ppp_synctty sch_sfq xt_u32 xt_CLASSIFY
> sch_htb ppp_async bnep nfsd lockd sunrpc rfcomm l2cap crc16 exportfs nf_conntrack_ipv6 xt_state ip6t_LOG ipm
> [31890.889345]
> [31890.889345] Pid: 3, comm: ksoftirqd/0 Tainted: G W 2.6.35.4-git+ #git+ GA-MA69VM-S2/GA-MA69VM-S2
> [31890.889345] EIP: 0060:[<c04c70f2>] EFLAGS: 00010246 CPU: 0
> [31890.917900] EIP is at in6_dev_finish_destroy+0x35/0x8c
> [31890.917900] EAX: 00000009 EBX: d6997fa3 ECX: c0513fcd EDX: 00000000
> [31890.917900] ESI: 00000000 EDI: f7483bd4 EBP: f7483b40 ESP: f7483b38
> [31890.917900] DS: 007b ES: 007b FS: 00d8 GS: 0000 SS: 0068
> [31890.917900] Process ksoftirqd/0 (pid: 3, ti=f7482000 task=f74800a0 task.ti=f7482000)
> [31890.917900] Stack:
> [31890.917900] d6997fa3 00000159 f7483c4c c04d8a8b efb86cc0 c067f614 f7483b58 c067f614
> [31890.917900] <0> f7483b68 c0513fe0 0021c090 0021c086 f7483b88 c022e74d 00000046 0101ff2f
> [31890.917900] <0> ef87e04c 00000151 f6e1fac0 f6e1fdb4 ef87e05c 00000000 00000040 f6e1faf0
> [31890.917900] Call Trace:
> [31890.917900] [<c04d8a8b>] ? icmpv6_send+0x6a7/0x6e2
> [31890.917900] [<c0513fe0>] ? _raw_spin_unlock_irqrestore+0x42/0x58
> [31890.917900] [<c022e74d>] ? release_console_sem+0x197/0x1c4
> [31890.917900] [<fa7ab0b5>] ? reject_tg6+0x70/0x43f [ip6t_REJECT]
> [31890.917900] [<fa7d09b1>] ? ip6t_log_packet+0x15d/0x167 [ip6t_LOG]
> [31890.917900] [<c024e201>] ? trace_hardirqs_on+0xb/0xd
> [31890.917900] [<c0232a72>] ? local_bh_enable_ip+0x97/0xad
> [31890.917900] [<c0513f59>] ? _raw_spin_unlock_bh+0x2f/0x32
> [31890.917900] [<fa7d09b1>] ? ip6t_log_packet+0x15d/0x167 [ip6t_LOG]
> [31890.917900] [<fa6981a0>] ? ipv6_find_hdr+0xf8/0x164 [ip6_tables]
> [31890.917900] [<fa6987c1>] ? ip6t_do_table+0x4c8/0x53e [ip6_tables]
> [31890.917900] [<fa73e0f0>] ? ip6table_mangle_hook+0xf0/0x100 [ip6table_mangle]
> [31890.917900] [<fa6a3018>] ? ip6table_filter_hook+0x18/0x20 [ip6table_filter]
> [31890.917900] [<c046ee87>] ? nf_iterate+0x2f/0x62
> [31890.917900] [<c04c40c8>] ? ip6_input_finish+0x0/0x3db
> [31890.917900] [<c046f088>] ? nf_hook_slow+0x63/0xeb
> [31890.917900] [<c04c40c8>] ? ip6_input_finish+0x0/0x3db
> [31890.917900] [<c04c44d6>] ? ip6_input+0x33/0x47
> [31890.917900] [<c04c40c8>] ? ip6_input_finish+0x0/0x3db
> [31890.917900] [<c04c4775>] ? ip6_rcv_finish+0x8b/0x8e
> [31890.917900] [<fc22aa3a>] ? nf_ct_frag6_output+0x7c/0x95 [nf_conntrack_ipv6]
> [31890.917900] [<fc22a45c>] ? ipv6_defrag+0x87/0x9f [nf_conntrack_ipv6]
> [31890.917900] [<c04c46ea>] ? ip6_rcv_finish+0x0/0x8e
> [31890.917900] [<c046ee87>] ? nf_iterate+0x2f/0x62
> [31890.917900] [<c04c46ea>] ? ip6_rcv_finish+0x0/0x8e
> [31890.917900] [<c046f088>] ? nf_hook_slow+0x63/0xeb
> [31890.917900] [<c04c46ea>] ? ip6_rcv_finish+0x0/0x8e
> [31890.917900] [<c04c4aff>] ? ipv6_rcv+0x387/0x47c
> [31890.917900] [<c04c46ea>] ? ip6_rcv_finish+0x0/0x8e
> [31890.917900] [<c0455065>] ? __netif_receive_skb+0x367/0x3b6
> [31890.917900] [<c0455142>] ? process_backlog+0x8e/0x146
> [31890.917900] [<c0455c3b>] ? net_rx_action+0x62/0x119
> [31890.917900] [<c0232750>] ? __do_softirq+0x8b/0x10a
> [31890.917900] [<c02327fa>] ? do_softirq+0x2b/0x43
> [31890.917900] [<c0232885>] ? run_ksoftirqd+0x73/0x155
> [31890.917900] [<c0232812>] ? run_ksoftirqd+0x0/0x155
> [31890.917900] [<c023fdbd>] ? kthread+0x61/0x66
> [31890.917900] [<c023fd5c>] ? kthread+0x0/0x66
> [31890.917900] [<c0202c7a>] ? kernel_thread_helper+0x6/0x1a
> [31890.917900] Code: 40 04 39 43 04 74 0f ba 45 01 00 00 b8 7a a1 63 c0 e8 32 70 d6 ff 83 7b 0c 00 74 0f ba
> 46 01 00 00 b8 7a a1 63 c0 e8 1d 70 d6 ff <f0> ff 8e c0 02 00 00 83 bb e4 00 00 00 00 75 0f 53 68 b5 a
> [31890.917900] EIP: [<c04c70f2>] in6_dev_finish_destroy+0x35/0x8c SS:ESP 0068:f7483b38
> [31890.917900] CR2: 00000000000002c0
> [31891.236446] ---[ end trace 830bf5b3286acea0 ]---
> [31891.241375] Kernel panic - not syncing: Fatal exception in interrupt
> [31891.248085] Pid: 3, comm: ksoftirqd/0 Tainted: G D W 2.6.35.4-git+ #git+
> [31891.255918] Call Trace:
> [31891.258474] [<c0511194>] ? printk+0xf/0x13
> [31891.262911] [<c0511116>] panic+0x55/0xc4
> [31891.267130] [<c02050ed>] oops_end+0x6e/0x7c
> [31891.271619] [<c021a514>] no_context+0x13f/0x149
> [31891.276496] [<c021a657>] __bad_area_nosemaphore+0x139/0x141
> [31891.282461] [<c0207360>] ? native_sched_clock+0x42/0x8d
> [31891.288090] [<c024468d>] ? sched_clock_local+0x17/0x104
> [31891.293699] [<c021a66c>] bad_area_nosemaphore+0xd/0x10
> [31891.299206] [<c021a910>] do_page_fault+0x14e/0x302
> [31891.304356] [<c0205311>] ? show_trace+0x10/0x14
> [31891.309219] [<c05110b7>] ? dump_stack+0x57/0x61
> [31891.314102] [<c021a7c2>] ? do_page_fault+0x0/0x302
> [31891.319236] [<c051499b>] error_code+0x6b/0x70
> [31891.323934] [<c0513fcd>] ? _raw_spin_unlock_irqrestore+0x2f/0x58
> [31891.330370] [<c021a7c2>] ? do_page_fault+0x0/0x302
> [31891.335536] [<c04c70f2>] ? in6_dev_finish_destroy+0x35/0x8c
> [31891.341512] [<c04d8a8b>] icmpv6_send+0x6a7/0x6e2
> [31891.346471] [<c0513fe0>] ? _raw_spin_unlock_irqrestore+0x42/0x58
> [31891.352853] [<c022e74d>] ? release_console_sem+0x197/0x1c4
> [31891.358740] [<fa7ab0b5>] reject_tg6+0x70/0x43f [ip6t_REJECT]
> [31891.364821] [<fa7d09b1>] ? ip6t_log_packet+0x15d/0x167 [ip6t_LOG]
> [31891.371340] [<c024e201>] ? trace_hardirqs_on+0xb/0xd
> [31891.376604] [<c0232a72>] ? local_bh_enable_ip+0x97/0xad
> [31891.382205] [<c0513f59>] ? _raw_spin_unlock_bh+0x2f/0x32
> [31891.387945] [<fa7d09b1>] ? ip6t_log_packet+0x15d/0x167 [ip6t_LOG]
> [31891.394444] [<fa6981a0>] ? ipv6_find_hdr+0xf8/0x164 [ip6_tables]
> [31891.400896] [<fa6987c1>] ip6t_do_table+0x4c8/0x53e [ip6_tables]
> [31891.407260] [<fa73e0f0>] ? ip6table_mangle_hook+0xf0/0x100 [ip6table_mangle]
> [31891.414819] [<fa6a3018>] ip6table_filter_hook+0x18/0x20 [ip6table_filter]
> [31891.422118] [<c046ee87>] nf_iterate+0x2f/0x62
> [31891.426800] [<c04c40c8>] ? ip6_input_finish+0x0/0x3db
> [31891.432267] [<c046f088>] nf_hook_slow+0x63/0xeb
> [31891.437147] [<c04c40c8>] ? ip6_input_finish+0x0/0x3db
> [31891.442583] [<c04c44d6>] ip6_input+0x33/0x47
> [31891.447195] [<c04c40c8>] ? ip6_input_finish+0x0/0x3db
> [31891.452608] [<c04c4775>] ip6_rcv_finish+0x8b/0x8e
> [31891.457655] [<fc22aa3a>] nf_ct_frag6_output+0x7c/0x95 [nf_conntrack_ipv6]
> [31891.464929] [<fc22a45c>] ipv6_defrag+0x87/0x9f [nf_conntrack_ipv6]
> [31891.471561] [<c04c46ea>] ? ip6_rcv_finish+0x0/0x8e
> [31891.476693] [<c046ee87>] nf_iterate+0x2f/0x62
> [31891.481377] [<c04c46ea>] ? ip6_rcv_finish+0x0/0x8e
> [31891.486501] [<c046f088>] nf_hook_slow+0x63/0xeb
> [31891.491383] [<c04c46ea>] ? ip6_rcv_finish+0x0/0x8e
> [31891.496501] [<c04c4aff>] ipv6_rcv+0x387/0x47c
> [31891.501227] [<c04c46ea>] ? ip6_rcv_finish+0x0/0x8e
> [31891.506394] [<c0455065>] __netif_receive_skb+0x367/0x3b6
> [31891.512081] [<c0455142>] process_backlog+0x8e/0x146
> [31891.517328] [<c0455c3b>] net_rx_action+0x62/0x119
> [31891.522402] [<c0232750>] __do_softirq+0x8b/0x10a
> [31891.527386] [<c02327fa>] do_softirq+0x2b/0x43
> [31891.532078] [<c0232885>] run_ksoftirqd+0x73/0x155
> [31891.537136] [<c0232812>] ? run_ksoftirqd+0x0/0x155
> [31891.542294] [<c023fdbd>] kthread+0x61/0x66
> [31891.546708] [<c023fd5c>] ? kthread+0x0/0x66
> [31891.551211] [<c0202c7a>] kernel_thread_helper+0x6/0x1a
> [31891.556747] Rebooting in 10 seconds..
>
Hmm... net/ipv6/netfilter/nf_conntrack_reasm.c happily keep references
to devices, on queued skb (so can escape RCU read side section)
Maybe try following patch ?
diff --git a/net/ipv6/netfilter/nf_conntrack_reasm.c b/net/ipv6/netfilter/nf_conntrack_reasm.c
index 0857272..57f158e 100644
--- a/net/ipv6/netfilter/nf_conntrack_reasm.c
+++ b/net/ipv6/netfilter/nf_conntrack_reasm.c
@@ -582,6 +582,7 @@ struct sk_buff *nf_ct_frag6_gather(struct sk_buff *skb, u32 user)
spin_unlock_bh(&fq->q.lock);
fq_put(fq);
+ ret_skb->dev = dev;
return ret_skb;
ret_orig:
Le vendredi 15 avril 2011 à 15:09 +0200, Eric Dumazet a écrit :
> Le vendredi 15 avril 2011 à 12:30 +0100, Simon Arlott a écrit :
> > On Thu, April 14, 2011 23:53, Simon Arlott wrote:
> > > [19258502.086131] BUG: unable to handle kernel paging request at 676e7543
> > > [19258502.087007] IP: [<c04d89a7>] icmpv6_send+0x5c3/0x6e2
> >
>
> CC netfilter-devel
>
> > This happened again in a different part of icmpv6_send:
> >
> > [31890.810491] BUG: unable to handle kernel NULL pointer dereference at 000002c0
> > [31890.814522] IP: [<c04c70f2>] in6_dev_finish_destroy+0x35/0x8c
> > [31890.814522] *pdpt = 00000000160fb001 *pde = 0000000000000000
> > [31890.814522] Oops: 0002 [#1] PREEMPT SMP
> > [31890.814522] last sysfs file: /sys/devices/platform/it87.552/cpu0_vid
> > [31890.814522] Modules linked in: xt_tcpmss xt_length xt_TCPMSS ppp_synctty sch_sfq xt_u32 xt_CLASSIFY
> > sch_htb ppp_async bnep nfsd lockd sunrpc rfcomm l2cap crc16 exportfs nf_conntrack_ipv6 xt_state ip6t_LOG ipm
> > [31890.889345]
> > [31890.889345] Pid: 3, comm: ksoftirqd/0 Tainted: G W 2.6.35.4-git+ #git+ GA-MA69VM-S2/GA-MA69VM-S2
> > [31890.889345] EIP: 0060:[<c04c70f2>] EFLAGS: 00010246 CPU: 0
> > [31890.917900] EIP is at in6_dev_finish_destroy+0x35/0x8c
> > [31890.917900] EAX: 00000009 EBX: d6997fa3 ECX: c0513fcd EDX: 00000000
> > [31890.917900] ESI: 00000000 EDI: f7483bd4 EBP: f7483b40 ESP: f7483b38
> > [31890.917900] DS: 007b ES: 007b FS: 00d8 GS: 0000 SS: 0068
> > [31890.917900] Process ksoftirqd/0 (pid: 3, ti=f7482000 task=f74800a0 task.ti=f7482000)
> > [31890.917900] Stack:
> > [31890.917900] d6997fa3 00000159 f7483c4c c04d8a8b efb86cc0 c067f614 f7483b58 c067f614
> > [31890.917900] <0> f7483b68 c0513fe0 0021c090 0021c086 f7483b88 c022e74d 00000046 0101ff2f
> > [31890.917900] <0> ef87e04c 00000151 f6e1fac0 f6e1fdb4 ef87e05c 00000000 00000040 f6e1faf0
> > [31890.917900] Call Trace:
> > [31890.917900] [<c04d8a8b>] ? icmpv6_send+0x6a7/0x6e2
> > [31890.917900] [<c0513fe0>] ? _raw_spin_unlock_irqrestore+0x42/0x58
> > [31890.917900] [<c022e74d>] ? release_console_sem+0x197/0x1c4
> > [31890.917900] [<fa7ab0b5>] ? reject_tg6+0x70/0x43f [ip6t_REJECT]
> > [31890.917900] [<fa7d09b1>] ? ip6t_log_packet+0x15d/0x167 [ip6t_LOG]
> > [31890.917900] [<c024e201>] ? trace_hardirqs_on+0xb/0xd
> > [31890.917900] [<c0232a72>] ? local_bh_enable_ip+0x97/0xad
> > [31890.917900] [<c0513f59>] ? _raw_spin_unlock_bh+0x2f/0x32
> > [31890.917900] [<fa7d09b1>] ? ip6t_log_packet+0x15d/0x167 [ip6t_LOG]
> > [31890.917900] [<fa6981a0>] ? ipv6_find_hdr+0xf8/0x164 [ip6_tables]
> > [31890.917900] [<fa6987c1>] ? ip6t_do_table+0x4c8/0x53e [ip6_tables]
> > [31890.917900] [<fa73e0f0>] ? ip6table_mangle_hook+0xf0/0x100 [ip6table_mangle]
> > [31890.917900] [<fa6a3018>] ? ip6table_filter_hook+0x18/0x20 [ip6table_filter]
> > [31890.917900] [<c046ee87>] ? nf_iterate+0x2f/0x62
> > [31890.917900] [<c04c40c8>] ? ip6_input_finish+0x0/0x3db
> > [31890.917900] [<c046f088>] ? nf_hook_slow+0x63/0xeb
> > [31890.917900] [<c04c40c8>] ? ip6_input_finish+0x0/0x3db
> > [31890.917900] [<c04c44d6>] ? ip6_input+0x33/0x47
> > [31890.917900] [<c04c40c8>] ? ip6_input_finish+0x0/0x3db
> > [31890.917900] [<c04c4775>] ? ip6_rcv_finish+0x8b/0x8e
> > [31890.917900] [<fc22aa3a>] ? nf_ct_frag6_output+0x7c/0x95 [nf_conntrack_ipv6]
> > [31890.917900] [<fc22a45c>] ? ipv6_defrag+0x87/0x9f [nf_conntrack_ipv6]
> > [31890.917900] [<c04c46ea>] ? ip6_rcv_finish+0x0/0x8e
> > [31890.917900] [<c046ee87>] ? nf_iterate+0x2f/0x62
> > [31890.917900] [<c04c46ea>] ? ip6_rcv_finish+0x0/0x8e
> > [31890.917900] [<c046f088>] ? nf_hook_slow+0x63/0xeb
> > [31890.917900] [<c04c46ea>] ? ip6_rcv_finish+0x0/0x8e
> > [31890.917900] [<c04c4aff>] ? ipv6_rcv+0x387/0x47c
> > [31890.917900] [<c04c46ea>] ? ip6_rcv_finish+0x0/0x8e
> > [31890.917900] [<c0455065>] ? __netif_receive_skb+0x367/0x3b6
> > [31890.917900] [<c0455142>] ? process_backlog+0x8e/0x146
> > [31890.917900] [<c0455c3b>] ? net_rx_action+0x62/0x119
> > [31890.917900] [<c0232750>] ? __do_softirq+0x8b/0x10a
> > [31890.917900] [<c02327fa>] ? do_softirq+0x2b/0x43
> > [31890.917900] [<c0232885>] ? run_ksoftirqd+0x73/0x155
> > [31890.917900] [<c0232812>] ? run_ksoftirqd+0x0/0x155
> > [31890.917900] [<c023fdbd>] ? kthread+0x61/0x66
> > [31890.917900] [<c023fd5c>] ? kthread+0x0/0x66
> > [31890.917900] [<c0202c7a>] ? kernel_thread_helper+0x6/0x1a
> > [31890.917900] Code: 40 04 39 43 04 74 0f ba 45 01 00 00 b8 7a a1 63 c0 e8 32 70 d6 ff 83 7b 0c 00 74 0f ba
> > 46 01 00 00 b8 7a a1 63 c0 e8 1d 70 d6 ff <f0> ff 8e c0 02 00 00 83 bb e4 00 00 00 00 75 0f 53 68 b5 a
> > [31890.917900] EIP: [<c04c70f2>] in6_dev_finish_destroy+0x35/0x8c SS:ESP 0068:f7483b38
> > [31890.917900] CR2: 00000000000002c0
> > [31891.236446] ---[ end trace 830bf5b3286acea0 ]---
> > [31891.241375] Kernel panic - not syncing: Fatal exception in interrupt
> > [31891.248085] Pid: 3, comm: ksoftirqd/0 Tainted: G D W 2.6.35.4-git+ #git+
> > [31891.255918] Call Trace:
> > [31891.258474] [<c0511194>] ? printk+0xf/0x13
> > [31891.262911] [<c0511116>] panic+0x55/0xc4
> > [31891.267130] [<c02050ed>] oops_end+0x6e/0x7c
> > [31891.271619] [<c021a514>] no_context+0x13f/0x149
> > [31891.276496] [<c021a657>] __bad_area_nosemaphore+0x139/0x141
> > [31891.282461] [<c0207360>] ? native_sched_clock+0x42/0x8d
> > [31891.288090] [<c024468d>] ? sched_clock_local+0x17/0x104
> > [31891.293699] [<c021a66c>] bad_area_nosemaphore+0xd/0x10
> > [31891.299206] [<c021a910>] do_page_fault+0x14e/0x302
> > [31891.304356] [<c0205311>] ? show_trace+0x10/0x14
> > [31891.309219] [<c05110b7>] ? dump_stack+0x57/0x61
> > [31891.314102] [<c021a7c2>] ? do_page_fault+0x0/0x302
> > [31891.319236] [<c051499b>] error_code+0x6b/0x70
> > [31891.323934] [<c0513fcd>] ? _raw_spin_unlock_irqrestore+0x2f/0x58
> > [31891.330370] [<c021a7c2>] ? do_page_fault+0x0/0x302
> > [31891.335536] [<c04c70f2>] ? in6_dev_finish_destroy+0x35/0x8c
> > [31891.341512] [<c04d8a8b>] icmpv6_send+0x6a7/0x6e2
> > [31891.346471] [<c0513fe0>] ? _raw_spin_unlock_irqrestore+0x42/0x58
> > [31891.352853] [<c022e74d>] ? release_console_sem+0x197/0x1c4
> > [31891.358740] [<fa7ab0b5>] reject_tg6+0x70/0x43f [ip6t_REJECT]
> > [31891.364821] [<fa7d09b1>] ? ip6t_log_packet+0x15d/0x167 [ip6t_LOG]
> > [31891.371340] [<c024e201>] ? trace_hardirqs_on+0xb/0xd
> > [31891.376604] [<c0232a72>] ? local_bh_enable_ip+0x97/0xad
> > [31891.382205] [<c0513f59>] ? _raw_spin_unlock_bh+0x2f/0x32
> > [31891.387945] [<fa7d09b1>] ? ip6t_log_packet+0x15d/0x167 [ip6t_LOG]
> > [31891.394444] [<fa6981a0>] ? ipv6_find_hdr+0xf8/0x164 [ip6_tables]
> > [31891.400896] [<fa6987c1>] ip6t_do_table+0x4c8/0x53e [ip6_tables]
> > [31891.407260] [<fa73e0f0>] ? ip6table_mangle_hook+0xf0/0x100 [ip6table_mangle]
> > [31891.414819] [<fa6a3018>] ip6table_filter_hook+0x18/0x20 [ip6table_filter]
> > [31891.422118] [<c046ee87>] nf_iterate+0x2f/0x62
> > [31891.426800] [<c04c40c8>] ? ip6_input_finish+0x0/0x3db
> > [31891.432267] [<c046f088>] nf_hook_slow+0x63/0xeb
> > [31891.437147] [<c04c40c8>] ? ip6_input_finish+0x0/0x3db
> > [31891.442583] [<c04c44d6>] ip6_input+0x33/0x47
> > [31891.447195] [<c04c40c8>] ? ip6_input_finish+0x0/0x3db
> > [31891.452608] [<c04c4775>] ip6_rcv_finish+0x8b/0x8e
> > [31891.457655] [<fc22aa3a>] nf_ct_frag6_output+0x7c/0x95 [nf_conntrack_ipv6]
> > [31891.464929] [<fc22a45c>] ipv6_defrag+0x87/0x9f [nf_conntrack_ipv6]
> > [31891.471561] [<c04c46ea>] ? ip6_rcv_finish+0x0/0x8e
> > [31891.476693] [<c046ee87>] nf_iterate+0x2f/0x62
> > [31891.481377] [<c04c46ea>] ? ip6_rcv_finish+0x0/0x8e
> > [31891.486501] [<c046f088>] nf_hook_slow+0x63/0xeb
> > [31891.491383] [<c04c46ea>] ? ip6_rcv_finish+0x0/0x8e
> > [31891.496501] [<c04c4aff>] ipv6_rcv+0x387/0x47c
> > [31891.501227] [<c04c46ea>] ? ip6_rcv_finish+0x0/0x8e
> > [31891.506394] [<c0455065>] __netif_receive_skb+0x367/0x3b6
> > [31891.512081] [<c0455142>] process_backlog+0x8e/0x146
> > [31891.517328] [<c0455c3b>] net_rx_action+0x62/0x119
> > [31891.522402] [<c0232750>] __do_softirq+0x8b/0x10a
> > [31891.527386] [<c02327fa>] do_softirq+0x2b/0x43
> > [31891.532078] [<c0232885>] run_ksoftirqd+0x73/0x155
> > [31891.537136] [<c0232812>] ? run_ksoftirqd+0x0/0x155
> > [31891.542294] [<c023fdbd>] kthread+0x61/0x66
> > [31891.546708] [<c023fd5c>] ? kthread+0x0/0x66
> > [31891.551211] [<c0202c7a>] kernel_thread_helper+0x6/0x1a
> > [31891.556747] Rebooting in 10 seconds..
> >
>
>
> Hmm... net/ipv6/netfilter/nf_conntrack_reasm.c happily keep references
> to devices, on queued skb (so can escape RCU read side section)
>
> Maybe try following patch ?
>
>
> diff --git a/net/ipv6/netfilter/nf_conntrack_reasm.c b/net/ipv6/netfilter/nf_conntrack_reasm.c
> index 0857272..57f158e 100644
> --- a/net/ipv6/netfilter/nf_conntrack_reasm.c
> +++ b/net/ipv6/netfilter/nf_conntrack_reasm.c
> @@ -582,6 +582,7 @@ struct sk_buff *nf_ct_frag6_gather(struct sk_buff *skb, u32 user)
> spin_unlock_bh(&fq->q.lock);
>
> fq_put(fq);
> + ret_skb->dev = dev;
> return ret_skb;
>
> ret_orig:
Hmm.. a more complete patch :
diff --git a/net/ipv6/netfilter/nf_conntrack_reasm.c b/net/ipv6/netfilter/nf_conntrack_reasm.c
index 0857272..6f0bed0 100644
--- a/net/ipv6/netfilter/nf_conntrack_reasm.c
+++ b/net/ipv6/netfilter/nf_conntrack_reasm.c
@@ -582,6 +582,7 @@ struct sk_buff *nf_ct_frag6_gather(struct sk_buff *skb, u32 user)
spin_unlock_bh(&fq->q.lock);
fq_put(fq);
+ ret_skb->dev = dev;
return ret_skb;
ret_orig:
@@ -602,7 +603,7 @@ void nf_ct_frag6_output(unsigned int hooknum, struct sk_buff *skb,
s2 = s->next;
s->next = NULL;
-
+ s->dev = in;
NF_HOOK_THRESH(NFPROTO_IPV6, hooknum, s, in, out, okfn,
NF_IP6_PRI_CONNTRACK_DEFRAG + 1);
s = s2;
On 15/04/11 14:24, Eric Dumazet wrote:
> Hmm.. a more complete patch :
>
> diff --git a/net/ipv6/netfilter/nf_conntrack_reasm.c b/net/ipv6/netfilter/nf_conntrack_reasm.c
> index 0857272..6f0bed0 100644
I applied the patch by recompiling and then reloading the nf_conntrack_ipv6
module (temporarily flushing and then restoring all ip6tables rules).
Then this happened 10 minutes later:
[33876.950100] BUG: unable to handle kernel NULL pointer dereference at 00000014
[33876.951060] IP: [<f9b012bb>] nf_ct_frag6_gather+0x864/0x881 [nf_conntrack_ipv6]
[33876.951060] *pdpt = 0000000033491001 *pde = 0000000000000000
[33876.951060] Oops: 0002 [#1] PREEMPT SMP
[33876.951060] last sysfs file: /sys/devices/platform/it87.552/cpu0_vid
[33876.951060] Modules linked in: nf_conntrack_ipv6 xt_tcpmss xt_length xt_TCPMSS ppp_synctty sch_sfq xt_u32 xt_CLASSIFY sch_htb ppp_async nfsd lockd sunrpc bnep exportfs rfcomm l2cap crc16 xt_state ip6t_LOG ip]
[33876.951060]
[33876.951060] Pid: 7, comm: ksoftirqd/1 Not tainted 2.6.35.4-git+ #git+ GA-MA69VM-S2/GA-MA69VM-S2
[33876.951060] EIP: 0060:[<f9b012bb>] EFLAGS: 00010246 CPU: 1
[33876.951060] EIP is at nf_ct_frag6_gather+0x864/0x881 [nf_conntrack_ipv6]
[33877.071165] EAX: f68e1800 EBX: 00000000 ECX: f560f3c0 EDX: f74921a0
[33877.071165] ESI: 00000000 EDI: f636f200 EBP: f7495e34 ESP: f7495ddc
[33877.071165] DS: 007b ES: 007b FS: 00d8 GS: 0000 SS: 0068
[33877.071165] Process ksoftirqd/1 (pid: 7, ti=f7494000 task=f74921a0 task.ti=f7494000)
[33877.071165] Stack:
[33877.071165] 00000001 f5d6c8c0 f636f218 726b4c79 f68e1800 062c1158 f226d06c f560f3c0
[33877.071165] <0> f560f3d4 000005a8 00000000 f74921a0 00000001 00000000 00000000 726b4c79
[33877.071165] <0> 00000001 f226d04c f226d05c f5d6c8c0 00000000 f68e1800 f7495e48 f9b0043e
[33877.071165] Call Trace:
[33877.071165] [<f9b0043e>] ? ipv6_defrag+0x69/0x9f [nf_conntrack_ipv6]
[33877.071165] [<c046ee87>] ? nf_iterate+0x2f/0x62
[33877.071165] [<c04c46ea>] ? ip6_rcv_finish+0x0/0x8e
[33877.071165] [<c046f088>] ? nf_hook_slow+0x63/0xeb
[33877.071165] [<c04c46ea>] ? ip6_rcv_finish+0x0/0x8e
[33877.071165] [<c04c4aff>] ? ipv6_rcv+0x387/0x47c
[33877.071165] [<c04c46ea>] ? ip6_rcv_finish+0x0/0x8e
[33877.071165] [<c0455065>] ? __netif_receive_skb+0x367/0x3b6
[33877.071165] [<c0455142>] ? process_backlog+0x8e/0x146
[33877.071165] [<c0455c3b>] ? net_rx_action+0x62/0x119
[33877.071165] [<c0232750>] ? __do_softirq+0x8b/0x10a
[33877.071165] [<c02327fa>] ? do_softirq+0x2b/0x43
[33877.071165] [<c0232885>] ? run_ksoftirqd+0x73/0x155
[33877.071165] [<c0232812>] ? run_ksoftirqd+0x0/0x155
[33877.071165] [<c023fdbd>] ? kthread+0x61/0x66
[33877.071165] [<c023fd5c>] ? kthread+0x0/0x66
[33877.071165] [<c0202c7a>] ? kernel_thread_helper+0x6/0x1a
[33877.071165] Code: 02 31 db 8b 45 c8 e8 8f 2c a1 c6 8b 4d c4 f0 ff 49 30 0f 94 c0 84 c0 74 0f 8b 45 c4 31 c9 ba 78 1a b0 f9 e8 38 fe 99 c6 8b 45 b8 <89> 43 14 89 5d ac eb 07 89 f8 e8 11 e3 94 c6 8b 45 ac 8d 6
[33877.071165] EIP: [<f9b012bb>] nf_ct_frag6_gather+0x864/0x881 [nf_conntrack_ipv6] SS:ESP 0068:f7495ddc
[33877.071165] CR2: 0000000000000014
[33877.253064] ---[ end trace 91cffe982fd021cc ]---
[33877.257847] Kernel panic - not syncing: Fatal exception in interrupt
[33877.264339] Pid: 7, comm: ksoftirqd/1 Tainted: G D 2.6.35.4-git+ #git+
[33877.271842] Call Trace:
[33877.274420] [<c0511194>] ? printk+0xf/0x13
[33877.278743] [<c0511116>] panic+0x55/0xc4
[33877.282860] [<c02050ed>] oops_end+0x6e/0x7c
[33877.287239] [<c021a514>] no_context+0x13f/0x149
[33877.291988] [<c021a657>] __bad_area_nosemaphore+0x139/0x141
[33877.297802] [<c0224fb6>] ? task_rq_lock+0x36/0x60
[33877.302760] [<c021a66c>] bad_area_nosemaphore+0xd/0x10
[33877.308107] [<c021a910>] do_page_fault+0x14e/0x302
[33877.313119] [<c0513a46>] ? _raw_spin_lock_irqsave+0x35/0x3e
[33877.318985] [<c0513fe0>] ? _raw_spin_unlock_irqrestore+0x42/0x58
[33877.325261] [<c021a7c2>] ? do_page_fault+0x0/0x302
[33877.330306] [<c051499b>] error_code+0x6b/0x70
[33877.334854] [<c021a7c2>] ? do_page_fault+0x0/0x302
[33877.339926] [<f9b012bb>] ? nf_ct_frag6_gather+0x864/0x881 [nf_conntrack_ipv6]
[33877.347451] [<f9b0043e>] ipv6_defrag+0x69/0x9f [nf_conntrack_ipv6]
[33877.353958] [<c046ee87>] nf_iterate+0x2f/0x62
[33877.358560] [<c04c46ea>] ? ip6_rcv_finish+0x0/0x8e
[33877.363588] [<c046f088>] nf_hook_slow+0x63/0xeb
[33877.368322] [<c04c46ea>] ? ip6_rcv_finish+0x0/0x8e
[33877.373388] [<c04c4aff>] ipv6_rcv+0x387/0x47c
[33877.377965] [<c04c46ea>] ? ip6_rcv_finish+0x0/0x8e
[33877.383022] [<c0455065>] __netif_receive_skb+0x367/0x3b6
[33877.388558] [<c0455142>] process_backlog+0x8e/0x146
[33877.393715] [<c0455c3b>] net_rx_action+0x62/0x119
[33877.398664] [<c0232750>] __do_softirq+0x8b/0x10a
[33877.403554] [<c02327fa>] do_softirq+0x2b/0x43
[33877.408154] [<c0232885>] run_ksoftirqd+0x73/0x155
[33877.413051] [<c0232812>] ? run_ksoftirqd+0x0/0x155
[33877.418053] [<c023fdbd>] kthread+0x61/0x66
[33877.422360] [<c023fd5c>] ? kthread+0x0/0x66
[33877.426735] [<c0202c7a>] kernel_thread_helper+0x6/0x1a
--
Simon Arlott
and again with the patch reverted...
[ 470.965098] BUG: unable to handle kernel paging request at a1fd3e8b
[ 470.966008] IP: [<c04d89a7>] icmpv6_send+0x5c3/0x6e2
[ 470.966008] *pdpt = 00000000318f2001 *pde = 0000000000000000
[ 470.966008] Oops: 0002 [#1] PREEMPT SMP
[ 470.966008] last sysfs file: /sys/devices/platform/it87.552/cpu0_vid
[ 470.966008] Modules linked in: nf_conntrack_ipv6 xt_tcpmss xt_length xt_TCPMSS ppp_synctty sch_sfq xt_u32 xt_CLASSIFY sch_htb ppp_async rfcomm bnep l2cap crc16 nfsd lockd sunrpc exportfs xt_state ip6t_LOG ip]
[ 470.966008]
[ 470.966008] Pid: 3, comm: ksoftirqd/0 Not tainted 2.6.35.4-git+ #git+ GA-MA69VM-S2/GA-MA69VM-S2
[ 470.966008] EIP: 0060:[<c04d89a7>] EFLAGS: 00010286 CPU: 0
[ 470.966008] EIP is at icmpv6_send+0x5c3/0x6e2
[ 470.966008] EAX: 00000000 EBX: a1fd3daf ECX: 00000000 EDX: 00000001
[ 470.966008] ESI: f6f1adb4 EDI: 00000000 EBP: f7483c4c ESP: f7483b48
[ 470.966008] DS: 007b ES: 007b FS: 00d8 GS: 0000 SS: 0068
[ 470.966008] Process ksoftirqd/0 (pid: 3, ti=f7482000 task=f74800a0 task.ti=f7482000)
[ 470.966008] Stack:
[ 470.966008] f493fec0 f7483b5c c0513fe0 00033acf 00033ab5 f7483b7c c022e74d 00000046
[ 470.966008] <0> fffffd8a 00033acf 00000001 0101001a f1a2984c 00000500 f6f1aac0 f6f1adb4
[ 470.966008] <0> f1a2985c 00000000 00000040 f6f1aaf0 00000000 00000000 00000000 b0060120
[ 470.966008] Call Trace:
[ 470.966008] [<c0513fe0>] ? _raw_spin_unlock_irqrestore+0x42/0x58
[ 470.966008] [<c022e74d>] ? release_console_sem+0x197/0x1c4
[ 470.966008] [<fa73c0b5>] ? reject_tg6+0x70/0x43f [ip6t_REJECT]
[ 470.966008] [<fa7619b1>] ? ip6t_log_packet+0x15d/0x167 [ip6t_LOG]
[ 470.966008] [<c024e201>] ? trace_hardirqs_on+0xb/0xd
[ 470.966008] [<c0232a72>] ? local_bh_enable_ip+0x97/0xad
[ 470.966008] [<c0513f59>] ? _raw_spin_unlock_bh+0x2f/0x32
[ 470.966008] [<fa7619b1>] ? ip6t_log_packet+0x15d/0x167 [ip6t_LOG]
[ 470.966008] [<fa6290f0>] ? ipv6_find_hdr+0x48/0x164 [ip6_tables]
[ 470.966008] [<fa6297c1>] ? ip6t_do_table+0x4c8/0x53e [ip6_tables]
[ 470.966008] [<fa6cf0f0>] ? ip6table_mangle_hook+0xf0/0x100 [ip6table_mangle]
[ 470.966008] [<fa634018>] ? ip6table_filter_hook+0x18/0x20 [ip6table_filter]
[ 470.966008] [<c046ee87>] ? nf_iterate+0x2f/0x62
[ 470.966008] [<c04c40c8>] ? ip6_input_finish+0x0/0x3db
[ 470.966008] [<c046f088>] ? nf_hook_slow+0x63/0xeb
[ 470.966008] [<c04c40c8>] ? ip6_input_finish+0x0/0x3db
[ 470.966008] [<c04c44d6>] ? ip6_input+0x33/0x47
[ 470.966008] [<c04c40c8>] ? ip6_input_finish+0x0/0x3db
[ 470.966008] [<c04c4775>] ? ip6_rcv_finish+0x8b/0x8e
[ 470.966008] [<fc81ea3a>] ? nf_ct_frag6_output+0x7c/0x95 [nf_conntrack_ipv6]
[ 470.966008] [<fc81e45c>] ? ipv6_defrag+0x87/0x9f [nf_conntrack_ipv6]
[ 470.966008] [<c04c46ea>] ? ip6_rcv_finish+0x0/0x8e
[ 470.966008] [<c046ee87>] ? nf_iterate+0x2f/0x62
[ 470.966008] [<c04c46ea>] ? ip6_rcv_finish+0x0/0x8e
[ 470.966008] [<c046f088>] ? nf_hook_slow+0x63/0xeb
[ 470.966008] [<c04c46ea>] ? ip6_rcv_finish+0x0/0x8e
[ 470.966008] [<c04c4aff>] ? ipv6_rcv+0x387/0x47c
[ 470.966008] [<c04c46ea>] ? ip6_rcv_finish+0x0/0x8e
[ 470.966008] [<c0455065>] ? __netif_receive_skb+0x367/0x3b6
[ 470.966008] [<c0455142>] ? process_backlog+0x8e/0x146
[ 470.966008] [<c0455c3b>] ? net_rx_action+0x62/0x119
[ 470.966008] [<c0232750>] ? __do_softirq+0x8b/0x10a
[ 470.966008] [<c02327fa>] ? do_softirq+0x2b/0x43
[ 470.966008] [<c0232885>] ? run_ksoftirqd+0x73/0x155
[ 470.966008] [<c0232812>] ? run_ksoftirqd+0x0/0x155
[ 470.966008] [<c023fdbd>] ? kthread+0x61/0x66
[ 470.966008] [<c023fd5c>] ? kthread+0x0/0x66
[ 470.966008] [<c0202c7a>] ? kernel_thread_helper+0x6/0x1a
[ 470.966008] Code: e8 1b da d4 ff 68 48 89 4d c0 31 c9 31 d2 b8 58 11 68 c0 6a 00 6a 01 6a 02 e8 37 76 d7 ff 8b 9b 60 01 00 00 83 c4 10 85 db 74 07 <f0> ff 83 dc 00 00 00 b9 ae 89 4d c0 ba 01 00 00 00 b8 58 1
[ 470.966008] EIP: [<c04d89a7>] icmpv6_send+0x5c3/0x6e2 SS:ESP 0068:f7483b48
[ 470.966008] CR2: 00000000a1fd3e8b
[ 471.387732] ---[ end trace a325ca681eff783c ]---
[ 471.388770] __iptables__: l2tp_2 IN=aaisp3 OUT= MAC= SRC=2001:0678:0001:0000:0000:0000:0000:0001 DST=2001:08b0:ffea:0000:0053:4150:5841:0001 LEN=430 TC=0 HOPLIMIT=60 FLOWLBL=0 PROTO=UDP SPT=53 DPT=22008 LEN=
[ 471.388833] __iptables__: l2tp_2 IN=aaisp3 OUT= MAC= SRC=80.68.89.159 DST=81.2.80.67 LEN=143 TOS=0x00 PREC=0x00 TTL=59 ID=12462 PROTO=UDP SPT=53 DPT=36911 LEN=123
[ 471.388874] __iptables__: l2tp_2 IN=aaisp3 OUT= MAC= SRC=208.94.149.2 DST=81.2.80.67 LEN=116 TOS=0x00 PREC=0x00 TTL=58 ID=22935 PROTO=UDP SPT=53 DPT=10068 LEN=96
[ 471.443611] Kernel panic - not syncing: Fatal exception in interrupt
[ 471.444704] __iptables__: l2tp_2 IN=aaisp3 OUT= MAC= SRC=208.94.148.2 DST=81.2.80.67 LEN=120 TOS=0x00 PREC=0x00 TTL=58 ID=41552 PROTO=UDP SPT=53 DPT=27444 LEN=100
[ 471.444739] __iptables__: l2tp_2 IN=aaisp3 OUT= MAC= SRC=2a01:06d0:0001:0000:0000:0000:0000:0002 DST=2001:08b0:ffea:0000:0053:4150:5841:0001 LEN=109 TC=0 HOPLIMIT=56 FLOWLBL=0 PROTO=UDP SPT=53 DPT=31279 LEN=
[ 471.484694] Pid: 3, comm: ksoftirqd/0 Tainted: G D 2.6.35.4-git+ #git+
[ 471.492318] Call Trace:
[ 471.494885] [<c0511194>] ? printk+0xf/0x13
[ 471.499161] [<c0511116>] panic+0x55/0xc4
[ 471.503331] [<c02050ed>] oops_end+0x6e/0x7c
[ 471.507768] [<c021a514>] no_context+0x13f/0x149
[ 471.512534] [<c021a657>] __bad_area_nosemaphore+0x139/0x141
[ 471.518341] [<c04cef8d>] ? fib6_lookup+0x48/0x5c
[ 471.523203] [<c04cdd75>] ? ip6_pol_route+0x208/0x223
[ 471.528422] [<c024e201>] ? trace_hardirqs_on+0xb/0xd
[ 471.533608] [<c0232a72>] ? local_bh_enable_ip+0x97/0xad
[ 471.539055] [<c0513d08>] ? _raw_read_unlock_bh+0x2f/0x32
[ 471.544620] [<c04cdd75>] ? ip6_pol_route+0x208/0x223
[ 471.549821] [<c021a66c>] bad_area_nosemaphore+0xd/0x10
[ 471.555192] [<c021a910>] do_page_fault+0x14e/0x302
[ 471.560145] [<c04b3486>] ? __xfrm_lookup+0x32d/0x38b
[ 471.565396] [<c04e8bbe>] ? fib6_rule_lookup+0x35/0x77
[ 471.570720] [<c021a7c2>] ? do_page_fault+0x0/0x302
[ 471.575807] [<c051499b>] error_code+0x6b/0x70
[ 471.580443] [<c021a7c2>] ? do_page_fault+0x0/0x302
[ 471.585476] [<c04d89a7>] ? icmpv6_send+0x5c3/0x6e2
[ 471.590527] [<c0513fe0>] ? _raw_spin_unlock_irqrestore+0x42/0x58
[ 471.596755] [<c022e74d>] ? release_console_sem+0x197/0x1c4
[ 471.602547] [<fa73c0b5>] reject_tg6+0x70/0x43f [ip6t_REJECT]
[ 471.608472] [<fa7619b1>] ? ip6t_log_packet+0x15d/0x167 [ip6t_LOG]
[ 471.614834] [<c024e201>] ? trace_hardirqs_on+0xb/0xd
[ 471.620120] [<c0232a72>] ? local_bh_enable_ip+0x97/0xad
[ 471.625575] [<c0513f59>] ? _raw_spin_unlock_bh+0x2f/0x32
[ 471.631145] [<fa7619b1>] ? ip6t_log_packet+0x15d/0x167 [ip6t_LOG]
[ 471.637519] [<fa6290f0>] ? ipv6_find_hdr+0x48/0x164 [ip6_tables]
[ 471.643794] [<fa6297c1>] ip6t_do_table+0x4c8/0x53e [ip6_tables]
[ 471.650014] [<fa6cf0f0>] ? ip6table_mangle_hook+0xf0/0x100 [ip6table_mangle]
[ 471.657364] [<fa634018>] ip6table_filter_hook+0x18/0x20 [ip6table_filter]
[ 471.664419] [<c046ee87>] nf_iterate+0x2f/0x62
[ 471.668935] [<c04c40c8>] ? ip6_input_finish+0x0/0x3db
[ 471.674231] [<c046f088>] nf_hook_slow+0x63/0xeb
[ 471.678999] [<c04c40c8>] ? ip6_input_finish+0x0/0x3db
[ 471.684321] [<c04c44d6>] ip6_input+0x33/0x47
[ 471.688851] [<c04c40c8>] ? ip6_input_finish+0x0/0x3db
[ 471.694097] [<c04c4775>] ip6_rcv_finish+0x8b/0x8e
[ 471.699002] [<fc81ea3a>] nf_ct_frag6_output+0x7c/0x95 [nf_conntrack_ipv6]
[ 471.706039] [<fc81e45c>] ipv6_defrag+0x87/0x9f [nf_conntrack_ipv6]
[ 471.712470] [<c04c46ea>] ? ip6_rcv_finish+0x0/0x8e
[ 471.717471] [<c046ee87>] nf_iterate+0x2f/0x62
[ 471.722013] [<c04c46ea>] ? ip6_rcv_finish+0x0/0x8e
[ 471.727013] [<c046f088>] nf_hook_slow+0x63/0xeb
[ 471.731703] [<c04c46ea>] ? ip6_rcv_finish+0x0/0x8e
[ 471.736764] [<c04c4aff>] ipv6_rcv+0x387/0x47c
[ 471.741384] [<c04c46ea>] ? ip6_rcv_finish+0x0/0x8e
[ 471.746438] [<c0455065>] __netif_receive_skb+0x367/0x3b6
[ 471.752011] [<c0455142>] process_backlog+0x8e/0x146
[ 471.757063] [<c0455c3b>] net_rx_action+0x62/0x119
[ 471.761994] [<c0232750>] __do_softirq+0x8b/0x10a
[ 471.766822] [<c02327fa>] do_softirq+0x2b/0x43
[ 471.771354] [<c0232885>] run_ksoftirqd+0x73/0x155
[ 471.776252] [<c0232812>] ? run_ksoftirqd+0x0/0x155
[ 471.781253] [<c023fdbd>] kthread+0x61/0x66
[ 471.785544] [<c023fd5c>] ? kthread+0x0/0x66
[ 471.789957] [<c0202c7a>] kernel_thread_helper+0x6/0x1a
[ 471.795306] Rebooting in 10 seconds..
--
Simon Arlott
Am 15.04.2011 18:18, schrieb Simon Arlott:
> On 15/04/11 14:24, Eric Dumazet wrote:
>> Hmm.. a more complete patch :
>>
>> diff --git a/net/ipv6/netfilter/nf_conntrack_reasm.c b/net/ipv6/netfilter/nf_conntrack_reasm.c
>> index 0857272..6f0bed0 100644
>
> I applied the patch by recompiling and then reloading the nf_conntrack_ipv6
> module (temporarily flushing and then restoring all ip6tables rules).
> Then this happened 10 minutes later:
>
> [33876.950100] BUG: unable to handle kernel NULL pointer dereference at 00000014
> [33876.951060] IP: [<f9b012bb>] nf_ct_frag6_gather+0x864/0x881 [nf_conntrack_ipv6]
nf_ct_frag6_reasm() can return NULL, so we need to check for a non-NULL
ret_skb before trying to set the device.
Does this patch (based on Eric's second version) help?