From: cagri coltekin <cagri@ripe•net>
To: Herbert Xu <herbert@gondor•apana.org.au>
Cc: netdev@vger•kernel.org, davem@davemloft•net, pekkas@netcore•fi
Subject: Re: PROBLEM: kernel BUG at net/ipv6/ip6_output.c:718
Date: Thu, 31 Aug 2006 17:12:43 +0200 [thread overview]
Message-ID: <20060831151243.GJ3590@ripe.net> (raw)
In-Reply-To: <20060829082828.GA8625@gondor.apana.org.au>
Hi Again,
It took a while to find equipment for test environment, but now I
have a test environment that I can test.
Here is the result:
---------------------------------------------------------------------------
[17180051.768000] ip6_fragment: hlen = 0x818, len = 0x7ce, nexthdr=4
[17180051.840000] ------------[ cut here ]------------
[17180051.840000] kernel BUG at net/ipv6/ip6_output.c:510!
[17180051.840000] invalid opcode: 0000 [#1]
[17180051.840000] SMP
[17180051.840000] Modules linked in: ipmi_si ipmi_msghandler ide_cd cdrom
[17180051.840000] CPU: 0
[17180051.840000] EIP: 0060:[<c02bc6bd>] Not tainted VLI
[17180051.840000] EFLAGS: 00010296 (2.6.17.11-ns-pri-debug-p1 #6)
[17180051.840000] EIP is at ip6_fragment+0x7f6/0x803
[17180051.840000] eax: 00000048 ebx: f75c4c5c ecx: c038f5bc edx: 00000286
[17180051.840000] esi: f7605c50 edi: 00000000 ebp: f76e2c80 esp: f7605bb8
[17180051.840000] ds: 007b es: 007b ss: 0068
[17180051.840000] Process named (pid: 1899, threadinfo=f7604000 task=f75cead0)
[17180051.840000] Stack: c0324600 00000818 000007ce 00000004 00000000 f7605bdc 04000000 00000000
[17180051.840000] ffd14ca4 00000000 f7605ea8 00000818 f77a4040 000001fe f755d080 f7976048
[17180051.840000] f76e2c80 f7605c50 f7976040 f75c4a80 c02bb612 f76e2c80 c02bb40e c02bd66a
[17180051.840000] Call Trace:
[17180051.840000] <c02bb612> ip6_output+0x3c/0x4c <c02bb40e> ip6_output2+0x0/0x1c8
[17180051.840000] <c02bd66a> ip6_push_pending_frames+0x250/0x390 <c02ce38e> udp_v6_push_pending_frames+0x13d/0x1a4
[17180051.840000] <c02ce97f> udpv6_sendmsg+0x58a/0x953 <c02cd7c2> udpv6_recvmsg+0x20c/0x303
[17180051.840000] <c02a6032> inet_sendmsg+0x4a/0x56 <c0260b82> sock_sendmsg+0xeb/0x105
[17180051.840000] <c01c18cc> __next_cpu+0x22/0x31 <c01167c7> find_busiest_group+0xd6/0x305
[17180051.840000] <c012f91e> autoremove_wake_function+0x0/0x57 <c01c662e> copy_from_user+0x46/0x7c
[17180051.840000] <c01c662e> copy_from_user+0x46/0x7c <c02626c9> sys_sendmsg+0x191/0x1f8
[17180051.840000] <c01334c6> futex_wait+0x129/0x238 <c014b75c> find_extend_vma+0x29/0x7e
[17180051.840000] <c0117927> default_wake_function+0x0/0x12 <c0132b91> futex_wake+0x4a/0xba
[17180051.840000] <c01c662e> copy_from_user+0x46/0x7c <c0262b6f> sys_socketcall+0x236/0x254
[17180051.840000] <c0102be3> syscall_call+0x7/0xb
[17180051.840000] Code: 50 60 e9 36 f9 ff ff 0f b6 44 24 1b 8b 54 24 2c 89 44 24 0c 8b 45 60 c7 04 24 00 46 32 c0 89 54 24 04 89 44 24 08 e8 50 07 e6 ff <0f> 0b fe 01 41 13 32 c0 e9 68 f8 ff ff 55 57 56 31 f6 53 83 ec
[17180051.840000] EIP: [<c02bc6bd>] ip6_fragment+0x7f6/0x803 SS:ESP 0068:f7605bb8
---------------------------------------------------------------------------
I hope this helps.
Cheers,
--
cagri
On Tue, Aug 29, 2006 at 06:28:28PM +1000, Herbert Xu wrote:
>
> Thanks. Please try this patch and tell me if it prints anything out.
>
> Cheers,
> --
> Visit Openswan at http://www.openswan.org/
> Email: Herbert Xu ~{PmV>HI~} <herbert@gondor•apana.org.au>
> Home Page: http://gondor.apana.org.au/~herbert/
> PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
> --
> diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c
> index 4fb47a2..5e2e4ea 100644
> --- a/net/ipv6/ip6_output.c
> +++ b/net/ipv6/ip6_output.c
> @@ -508,6 +508,10 @@ static int ip6_fragment(struct sk_buff *
> dev = rt->u.dst.dev;
> hlen = ip6_find_1stfragopt(skb, &prevhdr);
> nexthdr = *prevhdr;
> + if (unlikely(hlen > skb->len)) {
> + printk(KERN_CRIT "ip6_fragment: hlen = 0x%x, len = 0x%x, nexthdr=%d\n", hlen, skb->len, nexthdr);
> + BUG();
> + }
>
> mtu = dst_mtu(&rt->u.dst);
> if (np && np->frag_size < mtu) {
next prev parent reply other threads:[~2006-08-31 15:12 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-08-27 14:23 PROBLEM: kernel BUG at net/ipv6/ip6_output.c:718 cagri coltekin
2006-08-28 0:16 ` Herbert Xu
2006-08-28 0:49 ` cagri coltekin
2006-08-29 8:28 ` Herbert Xu
2006-08-31 15:12 ` cagri coltekin [this message]
2006-09-01 7:05 ` Herbert Xu
2006-09-01 16:22 ` cagri coltekin
2006-09-25 12:15 ` Herbert Xu
2006-09-26 11:21 ` cagri coltekin
2006-09-28 0:38 ` Herbert Xu
2006-09-28 8:40 ` cagri coltekin
2006-10-03 5:49 ` Herbert Xu
2006-10-03 6:28 ` Herbert Xu
2006-10-03 14:57 ` cagri coltekin
2006-10-03 13:56 ` James Morris
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20060831151243.GJ3590@ripe.net \
--to=cagri@ripe$(echo .)net \
--cc=davem@davemloft$(echo .)net \
--cc=herbert@gondor$(echo .)apana.org.au \
--cc=netdev@vger$(echo .)kernel.org \
--cc=pekkas@netcore$(echo .)fi \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox