Folks, (Adding netdev as well as DCCP this time as well as people there might point me in right direction...)
We have a totally reproducible crash in DCCP Steps to reproduce: Run ttcp with a command line like: ./ttcp_acme -l256 -c -n100 -t 10.0.2.3 Source code is obtained for ttcp_acme.c from http://wlug.org.nz/DCCP The destination address has to be one that is in in the subnet or has a route to it but is not alive. Instant kernel crash. Things that I notice from crash dumps (and further ones that I have): EIP is at ip_queue_xmit+0x14/0x4c0 always the same [<c887a0ef>] dccp_v4_checksum+0x3f/0xb0 [dccp] is always last DCCP routine - others can follow. Always a mention of IRQs. Unable to handle kernel NULL pointer dereference at virtual address 0000013c I will try to do a git bisect when I get time to see if I can track it down. Anything else people want me to do I will as well although my biggest struggle at present is time... Does this make sense to anybody? I have had a look at REPORTING-BUGS and can supply more info if it looks relevant but most of that doesn't seem relevant. OK... here are two sample crash dumps from two different machines: Unable to handle kernel NULL pointer dereference at virtual address 0000013c printing eip: c031d814 *pde = 00000000 Oops: 0000 [#1] Modules linked in: dccp_ccid3 dccp_tfrc_lib dccp e100 3c59x CPU: 0 EIP: 0060:[<c031d814>] Not tainted VLI EFLAGS: 00010292 (2.6.14-rc3) EIP is at ip_queue_xmit+0x14/0x4c0 eax: 00000000 ebx: 00000000 ecx: c6eef9a0 edx: 00000001 esi: c76cbeac edi: c76cbec0 ebp: c753a620 esp: c0441e08 ds: 007b es: 007b ss: 0068 Process swapper (pid: 0, threadinfo=c0440000 task=c03bfba0) Stack: c035a100 c037787d 00000004 c0378f7d c0378f1b 00000000 00000000 00000000 00000000 c01d32d3 c7bdc2c0 c783fb40 0202000a c6f10da0 c03481d0 00000282 00000292 c0441e7c c753a620 00000040 c02fdaa3 000000e0 13023c08 0013dcb3 Call Trace: [<c01d32d3>] acpi_ev_sci_xrupt_handler+0x3f/0x46 [<c03481d0>] fn_hash_lookup+0xb0/0xc0 [<c02fdaa3>] __alloc_skb+0x53/0x130 [<c02fdaa3>] __alloc_skb+0x53/0x130 [<c887d69f>] dccp_v4_checksum+0x3f/0xb0 [dccp] [<c887ff39>] dccp_transmit_skb+0x2f9/0x380 [dccp] [<c88822da>] dccp_retransmit_timer+0x4a/0x190 [dccp] [<c011ed85>] update_process_times+0x85/0x130 [<c8882420>] dccp_write_timer+0x0/0xa0 [dccp] [<c8882484>] dccp_write_timer+0x64/0xa0 [dccp] [<c0106f22>] timer_interrupt+0x42/0x60 [<c011ef06>] run_timer_softirq+0xb6/0x1b0 [<c011b1bb>] __do_softirq+0x7b/0x90 [<c011b1f6>] do_softirq+0x26/0x30 [<c010487e>] do_IRQ+0x1e/0x30 [<c0103156>] common_interrupt+0x1a/0x20 [<c01ff9d6>] acpi_processor_idle+0x0/0x299 [<c01ffada>] acpi_processor_idle+0x104/0x299 [<c01010f0>] cpu_idle+0x50/0x60 [<c044282d>] start_kernel+0x17d/0x1c0 [<c0442380>] unknown_bootoption+0x0/0x1e0 Code: 44 24 04 e8 6f 05 00 00 e9 e8 fe ff ff 8d 76 00 8d bc 27 00 00 00 00 55 57 56 53 81 ec bc 00 00 00 8b ac 24 d0 00 00 00 8b 5d 08 <8b> 83 3c 01 00 00 89 44 24 14 8b 45 28 85 c0 89 44 24 18 0f 85 <0>Kernel panic - not syncing: Fatal exception in interrupt Unable to handle kernel NULL pointer dereference at virtual address 0000013c printing eip: c031ad24 *pde = 00000000 Oops: 0000 [#1] Modules linked in: e100 dccp_ccid3 dccp_tfrc_lib dccp 8139too 3c59x CPU: 0 EIP: 0060:[<c031ad24>] Not tainted VLI EFLAGS: 00010292 (2.6.14-rc2) EIP is at ip_queue_xmit+0x14/0x4c0 eax: c8883ba0 ebx: 00000000 ecx: 00000001 edx: 00000000 esi: c73916ac edi: c73916c0 ebp: c07fb400 esp: c043de08 ds: 007b es: 007b ss: 0068 Process swapper (pid: 0, threadinfo=c043c000 task=c03bcba0) Stack: 00000000 00000282 00000001 00000001 c07fb400 c0628060 c7c407f4 c02fddfd 01c40d10 01c40d10 c069e420 c13e7560 0606000a c23290a0 c0345710 00000246 0000dc8e 00000020 0000e000 0000dc80 c218bc80 00000001 c043deb8 0000000b Call Trace: [<c02fddfd>] kfree_skbmem+0x5d/0x90 [<c0345710>] fn_hash_lookup+0xb0/0xc0 [<c0134140>] handle_IRQ_event+0x30/0x70 [<c01341f0>] __do_IRQ+0x70/0xa0 [<c887a0ef>] dccp_v4_checksum+0x3f/0xb0 [dccp] [<c88799fe>] dccp_v4_send_check+0x2e/0x40 [dccp] [<c887c9d8>] dccp_transmit_skb+0x2f8/0x380 [dccp] [<c887ee3a>] dccp_retransmit_timer+0x4a/0x190 [dccp] [<c011ed85>] update_process_times+0x85/0x130 [<c887ef80>] dccp_write_timer+0x0/0xa0 [dccp] [<c887efe4>] dccp_write_timer+0x64/0xa0 [dccp] [<c0106f22>] timer_interrupt+0x42/0x60 [<c011ef06>] run_timer_softirq+0xb6/0x1b0 [<c011b1bb>] __do_softirq+0x7b/0x90 [<c011b1f6>] do_softirq+0x26/0x30 [<c010487e>] do_IRQ+0x1e/0x30 [<c0103156>] common_interrupt+0x1a/0x20 [<c01ff9d6>] acpi_processor_idle+0x0/0x299 [<c01ffada>] acpi_processor_idle+0x104/0x299 [<c01010f0>] cpu_idle+0x50/0x60 [<c043e82d>] start_kernel+0x17d/0x1c0 [<c043e380>] unknown_bootoption+0x0/0x1e0 Code: 44 24 04 e8 6f 05 00 00 e9 f2 fe ff ff 8d 76 00 8d bc 27 00 00 00 00 55 57 56 53 81 ec bc 00 00 00 8b ac 24 d0 00 00 00 8b 5d 08 <8b> 83 3c 01 00 00 89 44 24 14 8b 45 28 85 c0 89 44 24 18 0f 85 <0>Kernel panic - not syncing: Fatal exception in interrupt <0>Rebooting in 20 seconds..Press any key to continue. Regards, Ian - To unsubscribe from this list: send the line "unsubscribe dccp" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
