[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <20080620204943.GA5068@martell.zuzino.mipt.ru>
Date: Sat, 21 Jun 2008 00:49:43 +0400
From: Alexey Dobriyan <adobriyan@...il.com>
To: netdev@...r.kernel.org
Cc: den@...nvz.org, xemul@...nvz.org, ebiederm@...ssion.com,
dlezcano@...ibm.com, benjamin.thery@...l.net
Subject: ICMP sockets destruction vs ICMP packets oops
After icmp_sk_exit() nuked ICMP sockets, we get an interrupt.
icmp_reply() wants ICMP socket.
Steps to reproduce:
launch shell in new netns
move real NIC to netns
setup routing
ping -i 0
exit from shell
BUG: unable to handle kernel NULL pointer dereference at 0000000000000000
IP: [<ffffffff803fce17>] icmp_sk+0x17/0x30
PGD 17f3cd067 PUD 17f3ce067 PMD 0
Oops: 0000 [1] PREEMPT SMP DEBUG_PAGEALLOC
CPU 0
Modules linked in: usblp usbcore
Pid: 0, comm: swapper Not tainted 2.6.26-rc6-netns-ct #4
RIP: 0010:[<ffffffff803fce17>] [<ffffffff803fce17>] icmp_sk+0x17/0x30
RSP: 0018:ffffffff8057fc30 EFLAGS: 00010286
RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffff81017c7db900
RDX: 0000000000000034 RSI: ffff81017c7db900 RDI: ffff81017dc41800
RBP: ffffffff8057fc40 R08: 0000000000000001 R09: 000000000000a815
R10: 0000000000000000 R11: 0000000000000001 R12: ffffffff8057fd28
R13: ffffffff8057fd00 R14: ffff81017c7db938 R15: ffff81017dc41800
FS: 0000000000000000(0000) GS:ffffffff80525000(0000) knlGS:0000000000000000
CS: 0010 DS: 0018 ES: 0018 CR0: 000000008005003b
CR2: 0000000000000000 CR3: 000000017fcda000 CR4: 00000000000006e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
Process swapper (pid: 0, threadinfo ffffffff8053a000, task ffffffff804fa4a0)
Stack: 0000000000000000 ffff81017c7db900 ffffffff8057fcf0 ffffffff803fcfe4
ffffffff804faa38 0000000000000246 0000000000005a40 0000000000000246
000000000001ffff ffff81017dd68dc0 0000000000005a40 0000000055342436
Call Trace:
<IRQ> [<ffffffff803fcfe4>] icmp_reply+0x44/0x1e0
[<ffffffff803d3a0a>] ? ip_route_input+0x23a/0x1360
[<ffffffff803fd645>] icmp_echo+0x65/0x70
[<ffffffff803fd300>] icmp_rcv+0x180/0x1b0
[<ffffffff803d6d84>] ip_local_deliver+0xf4/0x1f0
[<ffffffff803d71bb>] ip_rcv+0x33b/0x650
[<ffffffff803bb16a>] netif_receive_skb+0x27a/0x340
[<ffffffff803be57d>] process_backlog+0x9d/0x100
[<ffffffff803bdd4d>] net_rx_action+0x18d/0x250
[<ffffffff80237be5>] __do_softirq+0x75/0x100
[<ffffffff8020c97c>] call_softirq+0x1c/0x30
[<ffffffff8020f085>] do_softirq+0x65/0xa0
[<ffffffff80237af7>] irq_exit+0x97/0xa0
[<ffffffff8020f198>] do_IRQ+0xa8/0x130
[<ffffffff80212ee0>] ? mwait_idle+0x0/0x60
[<ffffffff8020bc46>] ret_from_intr+0x0/0xf
<EOI> [<ffffffff80212f2c>] ? mwait_idle+0x4c/0x60
[<ffffffff80212f23>] ? mwait_idle+0x43/0x60
[<ffffffff8020a217>] ? cpu_idle+0x57/0xa0
[<ffffffff8040f380>] ? rest_init+0x70/0x80
Code: 10 5b 41 5c 41 5d 41 5e c9 c3 66 2e 0f 1f 84 00 00 00 00 00 55 48 89 e5 53 48 83 ec 08 48 8b 9f 78 01 00 00 e8 2b c7 f1 ff 89 c0 <48> 8b 04 c3 48 83 c4 08 5b c9 c3 66 66 66 66 66 2e 0f 1f 84 00
RIP [<ffffffff803fce17>] icmp_sk+0x17/0x30
RSP <ffffffff8057fc30>
CR2: 0000000000000000
---[ end trace ea161157b76b33e8 ]---
Kernel panic - not syncing: Aiee, killing interrupt handler!
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists