Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id ; Thu, 14 Dec 2000 21:57:10 -0500 Received: (majordomo@vger.kernel.org) by vger.kernel.org id ; Thu, 14 Dec 2000 21:57:00 -0500 Received: from Nabiki.Mountain.Net ([198.77.1.5]:33703 "EHLO nabiki.mountain.net") by vger.kernel.org with ESMTP id ; Thu, 14 Dec 2000 21:56:45 -0500 Message-ID: <3A39812C.BBFF14C3@mountain.net> Date: Thu, 14 Dec 2000 21:25:48 -0500 From: Tom Leete X-Mailer: Mozilla 4.72 [en] (X11; U; Linux 2.4.0-test12 i486) X-Accept-Language: en-US,en-GB,en,fr,es,it,de,ru MIME-Version: 1.0 To: "David S. Miller" CC: mhaque@haque.net, ionut@cs.columbia.edu, linux-kernel@vger.kernel.org Subject: Re: ip_defrag is broken (was: Re: test12 lockups -- need feedback) In-Reply-To: <200012142023.MAA12823@pizda.ninka.net> Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org "David S. Miller" wrote: > > Date: Thu, 14 Dec 2000 15:35:48 -0500 (EST) > From: "Mohammad A. Haque" > > I'll be trying in a few hours. > > Meanwhile for people wanting the crashes to be fixed, please > apply this patch. > > This was _always_ broken, and really what netfilter is doing > should have never worked. The only theory I have right now > is that people using netfilter never had IP fragments timeout. > :-) > > So the patch below restores previous behavior exactly. > Ie. netfilter sources fragments cannot send ICMP errors > on frag queue timeout :-) > Hello, I posted one of these generated by nfs earlier. This one is from $ ping -c 1 -s 1478 <2.4.0-t12-host> from peer. kdb over serial console -- the module addresses are accurate. Lightly edited for readability. Hope this helps, Tom Unable to handle kernel NULL pointer dereference at virtual address 0000003c printing eip: c01c0c32 *pde = 00000000 Entering kdb (current=0xc02c0000, pid 0) Panic: Oops due to panic @ 0xc01c0c32 eax = 0x00000000 ebx = 0x00000000 ecx = 0xc11a6fa0 edx = 0x00000006 esi = 0xc1376be0 edi = 0x00000000 esp = 0xc02c1bac eip = 0xc01c0c32 ebp = 0xc02c1bc8 xss = 0x00000018 xcs = 0xc11a0010 eflags = 0x00010246 xds = 0x31010018 xes = 0x00000018 origeax = 0xffffffff ®s = 0xc02c1b78 kdb> bt EBP EIP Function(args) 0xc02c1bc8 0xc01c0c32 ip_frag_queue+0x222 (0xc11a6fa0, 0xc1376be0) kernel .text 0xc0100000 0xc01c0a10 0xc01c0c90 0xc02c1bf4 0xc01c1004 ip_defrag+0xc4 (0xc1376be0) kernel .text 0xc0100000 0xc01c0f40 0xc01c1070 0xc02c1c0c 0xc4093365 [ip_conntrack]ip_ct_gather_frags+0x25 (0xc1376be0) ip_conntrack .text 0xc4091060 0xc4093340 0xc40933e0 0xc02c1c54 0xc40924cd [ip_conntrack]ip_conntrack_in+0x3d (0x3, 0xc02c1cdc, 0x0, 0xc3104800, 0xc01c3560) ip_conntrack .text 0xc4091060 0xc4092490 0xc40927b0 0xc02c1c70 0xc4094666 [ip_conntrack]ip_conntrack_local+0x56 (0x3, 0xc02c1cdc, 0x0, 0xc3104800, 0xc01c3560) ip_conntrack .text 0xc4091060 0xc4094610 0xc4094670 0xc02c1c98 0xc01b2d98 nf_iterate+0x28 (0xc0320cd8, 0xc02c1cdc, 0x3, 0x0, 0xc3104800) kernel .text 0xc0100000 0xc01b2d70 0xc01b2e00 0xc02c1ccc 0xc01b3001 nf_hook_slow+0x71 (0x2, 0x3, 0xc1376be0, 0x0, 0xc3104800) kernel .text 0xc0100000 0xc01b2f90 0xc01b3080 0xc02c1d3c 0xc01c2c27 ip_build_xmit_slow+0x387 (0xc11d2730, 0xc01d9a00, 0xc02c1dfc, 0x5e2, 0xc02c1de0) kernel .text 0xc0100000 0xc01c28a0 0xc01c2d00 0xc02c1d7c 0xc01c2d4b ip_build_xmit+0x4b (0xc11d2730, 0xc01d9a00, 0xc02c1dfc, 0x5e2, 0xc02c1de0) kernel .text 0xc0100000 0xc01c2d00 0xc01c2ff0 0xc02c1dec 0xc01d9c03 icmp_reply+0x173 (0xc02c1dfc, 0xc136aab0) kernel .text 0xc0100000 0xc01d9a90 0xc01d9c20 0xc02c1e44 0xc01da1aa icmp_echo+0x3a (0xc0aad824, 0xc136aab0, 0x5c6) more> kernel .text 0xc0100000 0xc01da170 0xc01da1b0 0xc02c1e68 0xc01da459 icmp_rcv+0xa9 (0xc136aab0, 0x5ce) kernel .text 0xc0100000 0xc01da3b0 0xc01da490 0xc02c1e88 0xc01c04a4 ip_local_deliver_finish+0x94 (0xc136aab0, 0xc136aab0) kernel .text 0xc0100000 0xc01c0410 0xc01c0520 0xc02c1ea4 0xc01b3048 nf_hook_slow+0xb8 (0x2, 0x1, 0xc136aab0, 0xc3104800, 0x0) kernel .text 0xc0100000 0xc01b2f90 0xc01b3080 0xc02c1ec4 0xc01c02d5 ip_local_deliver+0x45 (0xc136aab0) kernel .text 0xc0100000 0xc01c0290 0xc01c02e0 0xc02c1ee8 0xc01c06dc ip_rcv_finish+0x1bc (0xc136aab0, 0xc08bd210) kernel .text 0xc0100000 0xc01c0520 0xc01c0710 0xc02c1f04 0xc01b3048 nf_hook_slow+0xb8 (0x2, 0x0, 0xc136aab0, 0xc3104800, 0x0) kernel .text 0xc0100000 0xc01b2f90 0xc01b3080 0xc02c1f38 0xc01c03dc ip_rcv+0xfc (0xc08bd210, 0xc3104800, 0xc02bca84) kernel .text 0xc0100000 0xc01c02e0 0xc01c0410 0xc02c1f68 0xc01b703d net_rx_action+0x12d (0xc02facf0) kernel .text 0xc0100000 0xc01b6f10 0xc01b7160 0xc02c1f80 0xc011bd7e do_softirq+0x4e kernel .text 0xc0100000 0xc011bd30 0xc011bdb0 0xc02c1f98 0xc010ad13 do_IRQ+0xa3 (0xc01074f0, 0xc2532260, 0xc02c0000, 0xc02c0000, 0xc02c0000) kernel .text 0xc0100000 0xc010ac70 0xc010ad30 0xc01093f0 ret_from_intr kernel .text 0xc0100000 0xc01093f0 0xc0109410 Interrupt registers: eax = 0x00000000 ebx = 0xc01074f0 ecx = 0xc2532260 edx = 0xc02c0000 esi = 0xc02c0000 edi = 0xc02c0000 esp = 0xc02c1fd4 eip = 0xc0107516 ebp = 0xc02c1fd4 xss = 0x00000018 xcs = 0x00000010 eflags = 0x00000246 xds = 0xc0100018 xes = 0xc02c0018 origeax = 0xffffff0c ®s = 0xc02c1fa0 0xc0107516 default_idle+0x26 kernel .text 0xc0100000 0xc01074f0 0xc0107520 0xc02c1fe8 0xc0107585 cpu_idle+0x35 kernel .text 0xc0100000 0xc0107550 0xc01075a0 # # kdb> mds 0xc11a6fa0 0xc11a6fa0 00000000 .... 0xc11a6fa4 0101a8c0 ??.. 0xc11a6fa8 3101a8c0 ??.1 0xc11a6fac 0101cc28 (?.. 0xc11a6fb0 c1376be0 ?k7? 0xc11a6fb4 000005ce ?... 0xc11a6fb8 00000000 .... 0xc11a6fbc 00000000 .... # # kdb> mds 0xc1376be0 0xc1376be0 00000000 .... 0xc1376be4 00000000 .... 0xc1376be8 00000000 .... 0xc1376bec c11d2730 0'.? 0xc1376bf0 00000000 .... 0xc1376bf4 0009bfa7 ??.. 0xc1376bf8 00000000 .... 0xc1376bfc c3063f50 P?.? # # kdb> mds 0xc02c1cdc 0xc02c1cdc c1376be0 ?k7? 0xc02c1ce0 00000000 .... 0xc02c1ce4 c3104800 .H.? 0xc02c1ce8 c01c3560 output_maybe_reroute kernel .text 0xc0100000 0xc01c3560 0xc01c3580 0xc02c1cec 00000000 .... 0xc02c1cf0 c02c1dfc init_task_union+0x1dfc kernel .data.init_task 0xc02c0000 0xc02c0000 0xc02c2000 0xc02c1cf4 00000040 @... 0xc02c1cf8 c3063f40 @?.? # # kdb> mds 0xc0320cd8 0xc0320cd8 c4095f08 [ip_conntrack]ip_conntrack_local_out_ops ip_conntrack .data 0xc4095a40 0xc4095f08 0xc4095f20 0xc0320cdc c40ae668 [iptable_filter]ipt_ops+0x30 iptable_filter .data 0xc40ae320 0xc40ae638 0xc40ae680 0xc0320ce0 c409ec98 [iptable_nat]ip_nat_out_ops iptable_nat .data 0xc409ec80 0xc409ec98 0xc409ecb0 0xc0320ce4 c4095f20 [ip_conntrack]ip_conntrack_out_ops ip_conntrack .data 0xc4095a40 0xc4095f20 0xc4095f38 0xc0320ce8 c0320ce8 nf_hooks+0xa8 kernel .bss 0xc02f4620 0xc0320c40 0xc0321440 0xc0320cec c0320ce8 nf_hooks+0xa8 kernel .bss 0xc02f4620 0xc0320c40 0xc0321440 0xc0320cf0 c0320cf0 nf_hooks+0xb0 kernel .bss 0xc02f4620 0xc0320c40 0xc0321440 0xc0320cf4 c0320cf0 nf_hooks+0xb0 kernel .bss 0xc02f4620 0xc0320c40 0xc0321440 # # kdb> mds 0xc3104800 0xc3104800 30687465 eth0 0xc3104804 00000000 .... 0xc3104808 00000000 .... 0xc310480c 00000000 .... 0xc3104810 00000000 .... 0xc3104814 00000000 .... 0xc3104818 00000000 .... 0xc310481c 00000000 .... # # kdb> mds 0xc11d2730 0xc11d2730 00000000 .... 0xc11d2734 00000000 .... 0xc11d2738 00010000 .... 0xc11d273c 00000000 .... 0xc11d2740 00000000 .... 0xc11d2744 00000000 .... 0xc11d2748 00000000 .... 0xc11d274c 00000000 .... # # kdb> mds 0xc40927b0 0xc40927b0 56e58955 U.?V 0xc40927b4 8b53c031 1?S. 0xc40927b8 758b0c5d ]..u 0xc40927bc 0e438a08 ..C. 0xc40927c0 e93ae850 P?:? 0xc40927c4 5350ffff ??PS 0xc40927c8 e9e2e856 V??? 0xc40927cc 658dffff ??.e # # kdb> mds 0xc4094670 0xc4094670 53e58955 U.?S 0xc4094674 7d83db31 1?.} 0xc4094678 840f0008 .... 0xc409467c 000000b0 ?... 0xc4094680 fff16be8 ?k?? 0xc4094684 85c389ff ?.?. 0xc4094688 ed8c0fdb ?..? 0xc409468c a1000000 ...? # # kdb> md ip_frag_queue 0xc01c0a10 83e58955 565710ec 0c4d8b53 8b08758b U.?.?.WVS.M..u.. 0xc01c0a20 4d892049 0f5e8af0 f6fb5d88 850f04c3 I .M?.^..]???... 0xc01c0a30 0000022c 06418b66 c931c486 89c18966 ,...f.A..?1?f.?. 0xc01c0a40 ca89fc4d e000e281 e181ffff 00001fff M?.?.?.???.??... 0xc01c0a50 8b03e1c1 4d89f075 24068afc 00ff250f ??..u?.M?..$.%?. 0xc01c0a60 3c8d0000 00000085 468b6600 25c48602 ...<.....f.F..?% 0xc01c0a70 0000ffff c801f829 f6f04589 307520c6 ??..)?.?.E??? u0 0xc01c0a80 8b084d8b 45391441 d18c0ff0 f6000001 .M..A.9E?..?...? # # kdb> mds 0xc11d2730 0xc11d2730 00000000 .... 0xc11d2734 00000000 .... 0xc11d2738 00010000 .... 0xc11d273c 00000000 .... 0xc11d2740 00000000 .... 0xc11d2744 00000000 .... 0xc11d2748 00000000 .... 0xc11d274c 00000000 .... # # kdb> mds 0xc02c1dfc 0xc02c1dfc c0aad82c ,ت? 0xc02c1e00 000005c6 ?... 0xc02c1e04 00000000 .... 0xc02c1e08 000069d6 ?i.. 0xc02c1e0c c3c38784 ..?? 0xc02c1e10 00000000 .... 0xc02c1e14 00000000 .... 0xc02c1e18 00000002 .... # # kdb> mds 0xc01d9a00 0xc01d9a00 57e58955 U.?W 0xc01d9a04 758b5356 VS.u 0xc01d9a08 0c7d8b08 ..}. 0xc01d9a0c 8510458b .E.. 0xc01d9a10 8b4d75c0 ?uM. 0xc01d9a14 006a1046 F.j. 0xc01d9a18 6a50006a j.Pj 0xc01d9a1c 568d5708 .W.V # # kdb> mds 0xc02c1de0 0xc02c1de0 3101a8c0 ??.1 0xc02c1de4 c02c1df4 init_task_union+0x1df4 kernel .data.init_task 0xc02c0000 0xc02c0000 0xc02c2000 0xc02c1de8 00000000 .... 0xc02c1dec c02c1e44 init_task_union+0x1e44 kernel .data.init_task 0xc02c0000 0xc02c0000 0xc02c2000 0xc02c1df0 c01da1aa icmp_echo+0x3a kernel .text 0xc0100000 0xc01da170 0xc01da1b0 0xc02c1df4 c02c1dfc init_task_union+0x1dfc kernel .data.init_task 0xc02c0000 0xc02c0000 0xc02c2000 0xc02c1df8 c136aab0 ??6? 0xc02c1dfc c0aad82c ,ت? # # kdb> mds 0xc136aab0 0xc136aab0 00000000 .... 0xc136aab4 00000000 .... 0xc136aab8 00000000 .... 0xc136aabc 00000000 .... 0xc136aac0 00000000 .... 0xc136aac4 000c30a7 ?0.. 0xc136aac8 c3104800 .H.? 0xc136aacc c0aad824 $ت? # # Let it die now # kdb> go Oops: 0000 CPU: 0 EIP: 0010:[] EFLAGS: 00010246 eax: 00000000 ebx: 00000000 ecx: c11a6fa0 edx: 00000006 esi: c1376be0 edi: 00000000 ebp: c02c1bc8 esp: c02c1bac ds: 0018 es: 0018 ss: 0018 Process swapper (pid: 0, stackpage=c02c1000) Stack: c11a6fa0 00000000 0000cc28 000005ce 00000015 001a6fa0 000005c8 c02c1bf4 c01c1004 c11a6fa0 c1376be0 c11d2730 c1376be0 00000008 3000fc28 0117158a 0101a8c0 00000000 c02c1c0c c4093365 c1376be0 c4095f08 c02c1cdc 00000003 Call Trace: [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] Code: 8b 40 3c 89 41 3c c7 46 18 00 00 00 00 8b 46 5c 01 41 18 8b Aiee, killing interrupt handler Kernel panic: Attempted to kill the idle task! In interrupt handler - not syncing # DOA - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org Please read the FAQ at http://www.tux.org/lkml/