[Bug 1615681] Re: BUG: unable to handle kernel paging request at ffff820504022108

Sun, 28 Aug 2016 06:26:14 -0700 

kernel panic while paging request at ffff820504022108.
```
[702076.560806] BUG: unable to handle kernel paging request at ffff820504022108
[702076.564428] IP: [<ffffffffc049e1c6>] nf_nat_setup_info+0x236/0x360 [nf_nat]
```
we can see the instructions near the corruption, and rcx=ffff820504022100. 
```
crash> dis -lr ffffffffc049e1c6
...
/root/ubuntu-trusty/net/netfilter/nf_nat_core.c: 429
0xffffffffc049e1a9 <nf_nat_setup_info+537>:     mov    0xb98(%r14),%rdx
0xffffffffc049e1b0 <nf_nat_setup_info+544>:     lea    (%rdx,%r12,8),%rdx
/root/ubuntu-trusty/include/linux/rculist.h: 398
0xffffffffc049e1b4 <nf_nat_setup_info+548>:     mov    (%rdx),%rcx
/root/ubuntu-trusty/include/linux/rculist.h: 401
0xffffffffc049e1b7 <nf_nat_setup_info+551>:     mov    %rdx,0x8(%rax)
/root/ubuntu-trusty/include/linux/rculist.h: 400
0xffffffffc049e1bb <nf_nat_setup_info+555>:     mov    %rcx,(%rax)
/root/ubuntu-trusty/include/linux/rculist.h: 403
0xffffffffc049e1be <nf_nat_setup_info+558>:     test   %rcx,%rcx
/root/ubuntu-trusty/include/linux/rculist.h: 402
0xffffffffc049e1c1 <nf_nat_setup_info+561>:     mov    %rax,(%rdx)
/root/ubuntu-trusty/include/linux/rculist.h: 403
0xffffffffc049e1c4 <nf_nat_setup_info+564>:     je     0xffffffffc049e1ca 
<nf_nat_setup_info+570>
/root/ubuntu-trusty/include/linux/rculist.h: 404
0xffffffffc049e1c6 <nf_nat_setup_info+566>:     mov    %rax,0x8(%rcx)
```
source code near corruption in rculist.h:
```
395 static inline void hlist_add_head_rcu(struct hlist_node *n,
396                                         struct hlist_head *h)
397 {
398         struct hlist_node *first = h->first;
399 
400         n->next = first;
401         n->pprev = &h->first;
402         rcu_assign_pointer(hlist_first_rcu(h), n);
403         if (first)
404                 first->pprev = &n->next;
405 }
```
first=ecx=ffff820504022100 on line 404.
first is the first pointer of hlist(net->ct.nat_bysource[srchash]) and hlist 
should have corrupted at somewhere.
```
375 unsigned int
376 nf_nat_setup_info(struct nf_conn *ct,
377                   const struct nf_nat_range *range,
378                   enum nf_nat_manip_type maniptype)
379 {
...
420         if (maniptype == NF_NAT_MANIP_SRC) {
421                 unsigned int srchash;
422 
423                 srchash = hash_by_src(net, nf_ct_zone(ct),
424                                       
&ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple);
425                 spin_lock_bh(&nf_nat_lock);
426                 /* nf_conntrack_alter_reply might re-allocate extension 
aera */
427                 nat = nfct_nat(ct);
428                 nat->ct = ct;
429                 hlist_add_head_rcu(&nat->bysource,
430                                    &net->ct.nat_bysource[srchash]);
431                 spin_unlock_bh(&nf_nat_lock);
432         }
```

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1615681

Title:
  BUG: unable to handle kernel paging request at ffff820504022108

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1615681/+subscriptions

-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to