subject:"next\-20151207 \- crash in IPv6 code"

Re: next-20151207 - crash in IPv6 code

2015-12-08 Thread David Miller

From: valdis.kletni...@vt.edu
Date: Tue, 08 Dec 2015 16:54:17 -0500

> On Tue, 08 Dec 2015 12:34:09 +0100, Florian Westphal said:
>> Valdis Kletnieks  wrote:
>>
>> [ CC Pablo ]
>>
>> > Seen this in 2 boots out of two on next-20151207 when IPV6 networking
>> > was available.  It was stable when no net was available. Also, 
>> > next-20161127 is OK.
>> > Haven't bisected it yet - this ring any bells?
>>
>> Thanks for the report, my fault -- its caused by
>> 029f7f3b8701cc7aca8bdb which is only in Pablos nf-next tree.
>>
>> This should fix this bug (proper patch w. changelog coming
>> after more testing):
>>
>> diff --git a/net/ipv6/netfilter/nf_conntrack_reasm.c 
>> b/net/ipv6/netfilter/nf_conntrack_reasm.c
> 
> Pumped about 100M of IPv6 traffic through, and no problems.
> 
> Feel free to stick a Reported-by:/Tested-By: on this patch...

Thanks for testing.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: next-20151207 - crash in IPv6 code

2015-12-08 Thread Valdis . Kletnieks

On Tue, 08 Dec 2015 12:34:09 +0100, Florian Westphal said:
> Valdis Kletnieks  wrote:
>
> [ CC Pablo ]
>
> > Seen this in 2 boots out of two on next-20151207 when IPV6 networking
> > was available.  It was stable when no net was available. Also, 
> > next-20161127 is OK.
> > Haven't bisected it yet - this ring any bells?
>
> Thanks for the report, my fault -- its caused by
> 029f7f3b8701cc7aca8bdb which is only in Pablos nf-next tree.
>
> This should fix this bug (proper patch w. changelog coming
> after more testing):
>
> diff --git a/net/ipv6/netfilter/nf_conntrack_reasm.c 
> b/net/ipv6/netfilter/nf_conntrack_reasm.c

Pumped about 100M of IPv6 traffic through, and no problems.

Feel free to stick a Reported-by:/Tested-By: on this patch...


pgpK0iF3NHevu.pgp
Description: PGP signature

Re: next-20151207 - crash in IPv6 code

2015-12-08 Thread Florian Westphal

Valdis Kletnieks  wrote:

[ CC Pablo ]

> Seen this in 2 boots out of two on next-20151207 when IPV6 networking
> was available.  It was stable when no net was available. Also, next-20161127 
> is OK.
> Haven't bisected it yet - this ring any bells?

Thanks for the report, my fault -- its caused by
029f7f3b8701cc7aca8bdb which is only in Pablos nf-next tree.

This should fix this bug (proper patch w. changelog coming
after more testing):

diff --git a/net/ipv6/netfilter/nf_conntrack_reasm.c 
b/net/ipv6/netfilter/nf_conntrack_reasm.c
--- a/net/ipv6/netfilter/nf_conntrack_reasm.c
+++ b/net/ipv6/netfilter/nf_conntrack_reasm.c
@@ -441,11 +441,14 @@ nf_ct_frag6_reasm(struct frag_queue *fq, struct sk_buff 
*prev,  struct net_devic
return false;
 
fp->next = prev->next;
-   skb_queue_walk(head, iter) {
-   if (iter->next != prev)
-   continue;
-   iter->next = fp;
-   break;
+
+   iter = head;
+   while (iter) {
+   if (iter->next == prev) {
+   iter->next = fp;
+   break;
+   }
+   iter = iter->next;
}
 
skb_morph(prev, head);

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: next-20151207 - crash in IPv6 code

2015-12-08 Thread Florian Westphal

Valdis Kletnieks  wrote:

[ CC Pablo ]

> Seen this in 2 boots out of two on next-20151207 when IPV6 networking
> was available.  It was stable when no net was available. Also, next-20161127 
> is OK.
> Haven't bisected it yet - this ring any bells?

Thanks for the report, my fault -- its caused by
029f7f3b8701cc7aca8bdb which is only in Pablos nf-next tree.

This should fix this bug (proper patch w. changelog coming
after more testing):

diff --git a/net/ipv6/netfilter/nf_conntrack_reasm.c 
b/net/ipv6/netfilter/nf_conntrack_reasm.c
--- a/net/ipv6/netfilter/nf_conntrack_reasm.c
+++ b/net/ipv6/netfilter/nf_conntrack_reasm.c
@@ -441,11 +441,14 @@ nf_ct_frag6_reasm(struct frag_queue *fq, struct sk_buff 
*prev,  struct net_devic
return false;
 
fp->next = prev->next;
-   skb_queue_walk(head, iter) {
-   if (iter->next != prev)
-   continue;
-   iter->next = fp;
-   break;
+
+   iter = head;
+   while (iter) {
+   if (iter->next == prev) {
+   iter->next = fp;
+   break;
+   }
+   iter = iter->next;
}
 
skb_morph(prev, head);

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: next-20151207 - crash in IPv6 code

2015-12-08 Thread David Miller

From: valdis.kletni...@vt.edu
Date: Tue, 08 Dec 2015 16:54:17 -0500

> On Tue, 08 Dec 2015 12:34:09 +0100, Florian Westphal said:
>> Valdis Kletnieks  wrote:
>>
>> [ CC Pablo ]
>>
>> > Seen this in 2 boots out of two on next-20151207 when IPV6 networking
>> > was available.  It was stable when no net was available. Also, 
>> > next-20161127 is OK.
>> > Haven't bisected it yet - this ring any bells?
>>
>> Thanks for the report, my fault -- its caused by
>> 029f7f3b8701cc7aca8bdb which is only in Pablos nf-next tree.
>>
>> This should fix this bug (proper patch w. changelog coming
>> after more testing):
>>
>> diff --git a/net/ipv6/netfilter/nf_conntrack_reasm.c 
>> b/net/ipv6/netfilter/nf_conntrack_reasm.c
> 
> Pumped about 100M of IPv6 traffic through, and no problems.
> 
> Feel free to stick a Reported-by:/Tested-By: on this patch...

Thanks for testing.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: next-20151207 - crash in IPv6 code

2015-12-08 Thread Valdis . Kletnieks

On Tue, 08 Dec 2015 12:34:09 +0100, Florian Westphal said:
> Valdis Kletnieks  wrote:
>
> [ CC Pablo ]
>
> > Seen this in 2 boots out of two on next-20151207 when IPV6 networking
> > was available.  It was stable when no net was available. Also, 
> > next-20161127 is OK.
> > Haven't bisected it yet - this ring any bells?
>
> Thanks for the report, my fault -- its caused by
> 029f7f3b8701cc7aca8bdb which is only in Pablos nf-next tree.
>
> This should fix this bug (proper patch w. changelog coming
> after more testing):
>
> diff --git a/net/ipv6/netfilter/nf_conntrack_reasm.c 
> b/net/ipv6/netfilter/nf_conntrack_reasm.c

Pumped about 100M of IPv6 traffic through, and no problems.

Feel free to stick a Reported-by:/Tested-By: on this patch...


pgpK0iF3NHevu.pgp
Description: PGP signature

next-20151207 - crash in IPv6 code

2015-12-07 Thread Valdis Kletnieks

Seen this in 2 boots out of two on next-20151207 when IPV6 networking
was available.  It was stable when no net was available. Also, next-20161127 is 
OK.
Haven't bisected it yet - this ring any bells?

[   92.231022] BUG: unable to handle kernel NULL pointer dereference at 
  (null)
[   92.231035] IP: [] nf_ct_frag6_gather+0x81b/0xba0
[   92.231046] PGD 0
[   92.231050] Oops:  [#1] PREEMPT SMP

[   92.231166] Call Trace:
[   92.231170]  
[   92.231196]  [] ipv6_defrag+0x66/0x80
[   92.231206]  [] nf_iterate+0x62/0x80
[   92.231216]  [] nf_hook_slow+0xba/0x1b0
[   92.231225]  [] ? nf_hook_slow+0x5/0x1b0
[   92.231235]  [] ipv6_rcv+0x83d/0x8d0
[   92.231242]  [] ? ipv6_rcv+0x3e/0x8d0
[   92.231251]  [] ? ip6_input_finish+0x7e0/0x7e0
[   92.231260]  [] __netif_receive_skb_core+0x60a/0xd70
[   92.231269]  [] __netif_receive_skb+0x20/0x90
[   92.231278]  [] netif_receive_skb_internal+0x70/0x1f0
[   92.231285]  [] ? netif_receive_skb_internal+0x25/0x1f0
[   92.231292]  [] ? eth_type_trans+0x11b/0x200
[   92.231300]  [] netif_receive_skb+0x59/0x170
[   92.231308]  [] ieee80211_deliver_skb+0x120/0x180
[   92.231315]  [] ieee80211_rx_handlers+0x2762/0x29f0
[   92.231324]  [] ? skb_queue_tail+0x20/0x50
[   92.231335]  [] ? do_raw_spin_lock+0x148/0x1e0
[   92.231342]  [] ? trace_hardirqs_on_caller+0x16/0x1b0
[   92.231358]  [] ieee80211_prepare_and_rx_handle+0x24e/0xa80
[   92.231365]  [] ? ieee80211_rx_napi+0x23a/0xf00
[   92.231373]  [] ieee80211_rx_napi+0x537/0xf00
[   92.231380]  [] ? ieee80211_rx_napi+0x23a/0xf00
[   92.231391]  [] ieee80211_tasklet_handler+0xc5/0xd0
[   92.231401]  [] tasklet_action+0x1d5/0x220
[   92.231409]  [] __do_softirq+0xec/0x5a0
[   92.231417]  [] irq_exit+0xd4/0xe0
[   92.231426]  [] do_IRQ+0x6a/0x120
[   92.231434]  [] common_interrupt+0x89/0x89
[   92.231440]  
[   92.231450]  [] ? cpuidle_enter_state+0x1ac/0x410
[   92.231458]  [] ? trace_hardirqs_on+0xd/0x10
[   92.231466]  [] ? cpuidle_enter_state+0x1b7/0x410
[   92.231476]  [] ? cpuidle_enter_state+0x1ac/0x410
[   92.231485]  [] cpuidle_enter+0x17/0x20
[   92.231494]  [] cpu_startup_entry+0x48d/0x520
[   92.231503]  [] start_secondary+0x154/0x170
[   92.231510] Code: 8b fd ff ff 48 8b 13 48 89 10 49 8b 0e 49 39 ce 0f 84 80 
01 00 00 48 8b 11 48 39 d3 0f 84 71 01 00 00 49 39 d6 0f 84 6b 01 00 00 <48
> 8b 0a 48 39 cb 0f 84 59 01 00 00 48 89 ca 49 39 d6 75 ec e9
[   92.231685] RIP  [] nf_ct_frag6_gather+0x81b/0xba0
[   92.231698]  RSP 
[   92.231704] CR2: 
[   92.231714] ---[ end trace 62089aaf8d90e56a ]---
[   94.678192] Kernel panic - not syncing: Fatal exception in interrupt
[   94.678228] Kernel Offset: 0x3300 from 0x8100 (relocation 
range: 0x8000-0xbfff)




pgpC7rpUsCp9N.pgp
Description: PGP signature

next-20151207 - crash in IPv6 code

2015-12-07 Thread Valdis Kletnieks

Seen this in 2 boots out of two on next-20151207 when IPV6 networking
was available.  It was stable when no net was available. Also, next-20161127 is 
OK.
Haven't bisected it yet - this ring any bells?

[   92.231022] BUG: unable to handle kernel NULL pointer dereference at 
  (null)
[   92.231035] IP: [] nf_ct_frag6_gather+0x81b/0xba0
[   92.231046] PGD 0
[   92.231050] Oops:  [#1] PREEMPT SMP

[   92.231166] Call Trace:
[   92.231170]  
[   92.231196]  [] ipv6_defrag+0x66/0x80
[   92.231206]  [] nf_iterate+0x62/0x80
[   92.231216]  [] nf_hook_slow+0xba/0x1b0
[   92.231225]  [] ? nf_hook_slow+0x5/0x1b0
[   92.231235]  [] ipv6_rcv+0x83d/0x8d0
[   92.231242]  [] ? ipv6_rcv+0x3e/0x8d0
[   92.231251]  [] ? ip6_input_finish+0x7e0/0x7e0
[   92.231260]  [] __netif_receive_skb_core+0x60a/0xd70
[   92.231269]  [] __netif_receive_skb+0x20/0x90
[   92.231278]  [] netif_receive_skb_internal+0x70/0x1f0
[   92.231285]  [] ? netif_receive_skb_internal+0x25/0x1f0
[   92.231292]  [] ? eth_type_trans+0x11b/0x200
[   92.231300]  [] netif_receive_skb+0x59/0x170
[   92.231308]  [] ieee80211_deliver_skb+0x120/0x180
[   92.231315]  [] ieee80211_rx_handlers+0x2762/0x29f0
[   92.231324]  [] ? skb_queue_tail+0x20/0x50
[   92.231335]  [] ? do_raw_spin_lock+0x148/0x1e0
[   92.231342]  [] ? trace_hardirqs_on_caller+0x16/0x1b0
[   92.231358]  [] ieee80211_prepare_and_rx_handle+0x24e/0xa80
[   92.231365]  [] ? ieee80211_rx_napi+0x23a/0xf00
[   92.231373]  [] ieee80211_rx_napi+0x537/0xf00
[   92.231380]  [] ? ieee80211_rx_napi+0x23a/0xf00
[   92.231391]  [] ieee80211_tasklet_handler+0xc5/0xd0
[   92.231401]  [] tasklet_action+0x1d5/0x220
[   92.231409]  [] __do_softirq+0xec/0x5a0
[   92.231417]  [] irq_exit+0xd4/0xe0
[   92.231426]  [] do_IRQ+0x6a/0x120
[   92.231434]  [] common_interrupt+0x89/0x89
[   92.231440]  
[   92.231450]  [] ? cpuidle_enter_state+0x1ac/0x410
[   92.231458]  [] ? trace_hardirqs_on+0xd/0x10
[   92.231466]  [] ? cpuidle_enter_state+0x1b7/0x410
[   92.231476]  [] ? cpuidle_enter_state+0x1ac/0x410
[   92.231485]  [] cpuidle_enter+0x17/0x20
[   92.231494]  [] cpu_startup_entry+0x48d/0x520
[   92.231503]  [] start_secondary+0x154/0x170
[   92.231510] Code: 8b fd ff ff 48 8b 13 48 89 10 49 8b 0e 49 39 ce 0f 84 80 
01 00 00 48 8b 11 48 39 d3 0f 84 71 01 00 00 49 39 d6 0f 84 6b 01 00 00 <48
> 8b 0a 48 39 cb 0f 84 59 01 00 00 48 89 ca 49 39 d6 75 ec e9
[   92.231685] RIP  [] nf_ct_frag6_gather+0x81b/0xba0
[   92.231698]  RSP 
[   92.231704] CR2: 
[   92.231714] ---[ end trace 62089aaf8d90e56a ]---
[   94.678192] Kernel panic - not syncing: Fatal exception in interrupt
[   94.678228] Kernel Offset: 0x3300 from 0x8100 (relocation 
range: 0x8000-0xbfff)




pgpC7rpUsCp9N.pgp
Description: PGP signature

Re: next-20151207 - crash in IPv6 code

Re: next-20151207 - crash in IPv6 code

Re: next-20151207 - crash in IPv6 code

Re: next-20151207 - crash in IPv6 code

Re: next-20151207 - crash in IPv6 code

Re: next-20151207 - crash in IPv6 code

next-20151207 - crash in IPv6 code

next-20151207 - crash in IPv6 code

8 matches

Site Navigation

Mail list logo

Footer information