From mboxrd@z Thu Jan 1 00:00:00 1970 From: Vlad Yasevich Date: Mon, 24 Nov 2008 15:00:28 +0000 Subject: Re: BUG in sctp crashes the system Message-Id: <492AC18C.3080002@hp.com> List-Id: References: <200811061205.57403.mhocko@suse.cz> In-Reply-To: <200811061205.57403.mhocko@suse.cz> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable To: linux-sctp@vger.kernel.org Michal Hocko wrote: > On Fri 21-11-08 09:28:37, Vlad Yasevich wrote: >> Michal >=20 > Hi Vlad, >=20 >> This really smells like the corruption of the sctp_packet structure. >> The number chunks printout out is 0, but the list appears to have multip= le >> entries on it. >> >> Can you turn on CONFIG_DEBUG_LIST and may be even turn on memory >> debugging as well. >=20 > I have turned on some debug config options as you have suggested and > here is the trace (unfortunately there was no other output on my serial > console): >=20 > [ 250.409580] SCTP: Hash tables configured (established 65536 bind 65536) > =EF=BF=BD[16142.417028] Possible SKB overflow: packet size =3D 1072, pack= et overhead =3D 32, packet chunks =3D 4, mtu =3D 1500 > [16142.426764] skb_over_panic: text:f849766f len:2092 put:1040 head:eaba6= 800 data:eaba6874 tail:0xeaba70a0 end:0xeaba6d00 dev: > [16142.438508] ------------[ cut here ]------------ > [16142.442483] kernel BUG at net/core/skbuff.c:128! > [16142.442483] invalid opcode: 0000 [#1] PREEMPT SMP=20 > [16142.452135] last sysfs file: /sys/class/power_supply/CMB1/status > [16142.452135] Dumping ftrace buffer: > [16142.452135] (ftrace buffer empty) > [16142.452135] Modules linked in: hmac sctp libcrc32c i915 drm fuse tun c= oretemp hwmon arc4 ecb snd_hda_intel snd_pcm snd_seq iwl3945 snd_timer mac8= 0211 snd_seq_device led_class snd fujitsu_laptop cfg80211 snd_page_alloc rt= c_cmos rtc_core rtc_lib backlight sky2 > [16142.452135]=20 > [16142.452135] Pid: 0, comm: swapper Not tainted (2.6.28-rc5-sctp #23) LI= FEBOOK S7110 > [16142.452135] EIP: 0060:[] EFLAGS: 00010246 CPU: 1 > [16142.452135] EIP is at skb_put+0x5f/0x6d > [16142.452135] EAX: 00000088 EBX: eaba70a0 ECX: c0608000 EDX: 00000101 > [16142.452135] ESI: 00000410 EDI: eaba6c90 EBP: c0608db8 ESP: c0608d8c > [16142.452135] DS: 007b ES: 007b FS: 00d8 GS: 0000 SS: 0068 > [16142.452135] Process swapper (pid: 0, ti=C0608000 task=F7036280 task.ti= =F7312000) > [16142.452135] Stack: > [16142.452135] c0518e09 f849766f 0000082c 00000410 eaba6800 eaba6874 eab= a70a0 eaba6d00 > [16142.452135] c04dcc90 e9466d80 ea92a800 c0608e00 f849766f e9577318 e95= 77320 eaba6874 > [16142.452135] e9577200 ea911800 e889c3c0 e9466d80 01911c94 00000000 000= 0041c f6b26f00 > [16142.452135] Call Trace: > [16142.452135] [] ? sctp_packet_transmit+0x242/0x3f2 [sctp] > [16142.452135] [] ? sctp_packet_transmit+0x242/0x3f2 [sctp] > [16142.452135] [] ? sctp_outq_flush+0x62a/0x65e [sctp] > [16142.452135] [] ? sctp_retransmit_mark+0x17a/0x193 [sctp] > [16142.452135] [] ? sctp_retransmit+0x1f9/0x215 [sctp] > [16142.452135] [] ? sctp_do_sm+0x526/0xd66 [sctp] > [16142.452135] [] ? _spin_unlock_irqrestore+0x11/0x25 > [16142.452135] [] ? insert_work+0x3d/0x45 > [16142.452135] [] ? sctp_generate_t3_rtx_event+0x61/0x91 [sctp] > [16142.452135] [] ? run_timer_softirq+0x140/0x1a0 > [16142.452135] [] ? sctp_generate_t3_rtx_event+0x0/0x91 [sctp] > [16142.452135] [] ? sctp_generate_t3_rtx_event+0x0/0x91 [sctp] > [16142.452135] [] ? __do_softirq+0x7d/0x11e > [16142.452135] [] ? __do_softirq+0x0/0x11e > [16142.452135] <0> [] ? irq_exit+0x3a/0x79 > [16142.644018] [] ? smp_apic_timer_interrupt+0x71/0x7f > [16142.644018] [] ? apic_timer_interrupt+0x28/0x30 > [16142.644018] [] ? acpi_idle_enter_bm+0x2d3/0x355 > [16142.644018] [] ? tick_nohz_get_sleep_length+0xe/0x26 > [16142.644018] [] ? cpuidle_idle_call+0x65/0x99 > [16142.644018] [] ? cpu_idle+0x71/0xa3 > [16142.644018] [] ? start_secondary+0x18b/0x192 > [16142.644018] Code: c0 85 d2 0f 45 c2 50 ff b1 94 00 00 00 53 ff b1 9c 0= 0 00 00 ff b1 98 00 00 00 56 ff 71 50 ff 75 04 68 09 8e 51 c0 e8 68 ba 09 0= 0 <0f> 0b 83 c4 24 eb fe 8d 65 f8 5b 5e 5d c3 55 89 e5 57 56 53 83=20 > [16142.644018] EIP: [] skb_put+0x5f/0x6d SS:ESP 0068:c0608d8c >=20 >=20 > If you are interested in vmcore, system map and config file, you can find= =20 > them at: > ftp.novell.com/outgoing/System.map-2.6.28-rc5-sctp.debug.gz > ftp.novell.com/outgoing/vmcore.2.6.28-rc5-sctp.debug.gz > ftp.novell.com/outgoing/config-2.6.28-rc5-sctp.debug >=20 > Best regrads Michal In you test runs, what's the data size of the messages you use? Thanks -vlad