From: Patrick McHardy <kaber@trash.net>
To: Eric Dumazet <dada1@cosmosbay.com>
Cc: Ingo Molnar <mingo@elte.hu>, David Miller <davem@davemloft.net>,
Thomas Gleixner <tglx@linutronix.de>,
torvalds@linux-foundation.org, akpm@linux-foundation.org,
netdev@vger.kernel.org, linux-kernel@vger.kernel.org,
Pablo Neira Ayuso <pablo@netfilter.org>
Subject: Re: [bug] __nf_ct_refresh_acct(): WARNING: at lib/list_debug.c:30 __list_add+0x7d/0xad()
Date: Thu, 18 Jun 2009 11:47:49 +0200 [thread overview]
Message-ID: <4A3A0D45.8090806@trash.net> (raw)
In-Reply-To: <4A39D778.9020607@cosmosbay.com>
Eric Dumazet wrote:
> Ingo Molnar a écrit :
>> * Ingo Molnar <mingo@elte.hu> wrote:
>>
>>>> IPS_CONFIRMED_BIT is set under nf_conntrack_lock (in
>>>> __nf_conntrack_confirm()), we probably want to add a
>>>> synchronisation under ct->lock as well, or
>>>> __nf_ct_refresh_acct() could set ct->timeout.expires to
>>>> extra_jiffies, while a different cpu could confirm the
>>>> conntrack.
>>>>
>>>> Following patch as RFC
>>> A quick test suggests that it seems to works here - thanks Eric!
>> a test-box still triggered this crash overnight:
>>
>> [ 252.433471] ------------[ cut here ]------------
>> [ 252.436031] WARNING: at lib/list_debug.c:30 __list_add+0x95/0xa0()
>> [ 252.436031] Hardware name: System Product Name
>> [ 252.436031] list_add corruption. prev->next should be next (ffff88003fa1d460), but was ffffffff82e560a0. (prev=ffff880003b458c0).
>> [ 252.436031] Pid: 7348, comm: ssh Tainted: G W 2.6.30-tip #54604
>> [ 252.436031] Call Trace:
>> [ 252.436031] [<ffffffff8149eda5>] ? __list_add+0x95/0xa0
>> [ 252.436031] [<ffffffff8105c79b>] warn_slowpath_common+0x7b/0xd0
>> [ 252.436031] [<ffffffff8105c851>] warn_slowpath_fmt+0x41/0x50
>> [ 252.436031] [<ffffffff8149eda5>] __list_add+0x95/0xa0
>> [ 252.436031] [<ffffffff8106937e>] internal_add_timer+0x9e/0xf0
>> [ 252.436031] [<ffffffff8106a5ef>] mod_timer+0x10f/0x160
>> [ 252.436031] [<ffffffff8106a658>] add_timer+0x18/0x20
>> [ 252.436031] [<ffffffff81f6e42a>] __nf_conntrack_confirm+0x1da/0x3c0
>> [ 252.436031] [<ffffffff81fdb8dd>] ipv4_confirm+0xfd/0x160
>> [ 252.436031] [<ffffffff81f6a130>] nf_iterate+0x70/0xd0
>> [ 252.436031] [<ffffffff81f99180>] ? ip_finish_output+0x0/0x380
>> [ 252.436031] [<ffffffff81f6a4c4>] nf_hook_slow+0xe4/0x160
>> [ 252.436031] [<ffffffff81f99180>] ? ip_finish_output+0x0/0x380
>> [ 252.436031] [<ffffffff81f995f5>] ip_output+0xf5/0x110
>> [ 252.436031] [<ffffffff81f96b05>] ip_local_out+0x25/0x40
>> [ 252.436031] [<ffffffff81f97434>] ip_queue_xmit+0x224/0x420
>> [ 252.436031] [<ffffffff81111118>] ? __kmalloc_node_track_caller+0xd8/0x1f0
>> [ 252.436031] [<ffffffff8108df19>] ? trace_hardirqs_on_caller+0x29/0x1f0
>> [ 252.436031] [<ffffffff81fae0dd>] tcp_transmit_skb+0x50d/0x7e0
>> [ 252.436031] [<ffffffff81faf547>] tcp_connect+0x3c7/0x500
>> [ 252.436031] [<ffffffff81fb4693>] tcp_v4_connect+0x433/0x520
>> [ 252.436031] [<ffffffff81fc446f>] inet_stream_connect+0x22f/0x2d0
>> [ 252.436031] [<ffffffff81118719>] ? fget_light+0x19/0x110
>> [ 252.436031] [<ffffffff81f294b8>] sys_connect+0xb8/0xd0
>> [ 252.436031] [<ffffffff8100ccf9>] ? retint_swapgs+0x13/0x1b
>> [ 252.436031] [<ffffffff8108df19>] ? trace_hardirqs_on_caller+0x29/0x1f0
>> [ 252.436031] [<ffffffff8217a49f>] ? trace_hardirqs_on_thunk+0x3a/0x3f
>> [ 252.436031] [<ffffffff8100c252>] system_call_fastpath+0x16/0x1b
>> [ 252.436031] ---[ end trace a7919e7f17c0a73d ]---
>>
>> With your patch (repeated below) applied. Is Patrick's alternative
>> patch supposed to fix something that yours does not?
>
> Hmm, not really, Patrick patch should fix same problem, but without extra locking
> as mine.
>
> This new stack trace is somewhat different, as corruption is detected in the add_timer()
> call in __nf_conntrack_confirm()
>
> So there is another problem. CCed Pablo Neira Ayuso who added some stuff
> in netfilter and timeout logic recently.
That timeout logic shouldn't be relevant in this case, its only
activated when netlink event delivery is used, a userspace process
is actually listening and it has the socket marked for reliable
delivery.
I think its still the same problem, the detection is just noticed
at a different point.
next prev parent reply other threads:[~2009-06-18 9:48 UTC|newest]
Thread overview: 57+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-06-15 12:04 [GIT]: Networking David Miller
2009-06-15 12:04 ` David Miller
2009-06-16 9:15 ` Ingo Molnar
2009-06-16 9:19 ` David Miller
2009-06-16 9:33 ` Ingo Molnar
2009-06-16 9:44 ` Ingo Molnar
2009-06-16 9:44 ` Alan Cox
2009-06-16 9:48 ` Ingo Molnar
2009-06-16 9:56 ` David Miller
2009-06-16 10:11 ` Ingo Molnar
2009-06-16 10:35 ` David Miller
2009-06-16 13:38 ` Eric Dumazet
2009-06-16 14:19 ` Eric Dumazet
2009-06-16 18:59 ` Linus Torvalds
2009-06-16 19:08 ` David Miller
2009-06-16 19:37 ` Eric Dumazet
2009-06-16 20:12 ` Eric Dumazet
2009-06-17 6:41 ` [PATCH] net: correct off-by-one write allocations reports Eric Dumazet
2009-06-17 11:31 ` [PATCH] atm: sk_wmem_alloc initial value is one Eric Dumazet
2009-06-18 2:06 ` David Miller
2009-06-18 2:05 ` [PATCH] net: correct off-by-one write allocations reports David Miller
2009-06-17 11:32 ` [GIT]: Networking David Miller
2009-06-16 9:21 ` David Miller
2009-06-16 9:26 ` Ingo Molnar
2009-06-16 10:47 ` David Miller
2009-06-16 10:53 ` Ingo Molnar
2009-06-16 12:24 ` Ingo Molnar
2009-06-16 12:39 ` David Miller
2009-06-17 9:21 ` [bug] __nf_ct_refresh_acct(): WARNING: at lib/list_debug.c:30 __list_add+0x7d/0xad() Ingo Molnar
2009-06-17 10:18 ` Eric Dumazet
2009-06-17 11:08 ` Ingo Molnar
2009-06-17 11:35 ` David Miller
2009-06-18 5:23 ` Ingo Molnar
2009-06-18 5:23 ` Ingo Molnar
2009-06-18 5:58 ` Eric Dumazet
2009-06-18 9:47 ` Patrick McHardy [this message]
2009-06-18 14:56 ` Patrick McHardy
2009-06-18 15:46 ` Eric Dumazet
2009-06-18 16:09 ` Patrick McHardy
2009-06-18 16:13 ` Pablo Neira Ayuso
2009-06-18 22:46 ` [PATCH] netfilter: conntrack: death_by_timeout() fix Eric Dumazet
2009-06-19 11:15 ` Patrick McHardy
2009-06-20 15:47 ` [bug] __nf_ct_refresh_acct(): WARNING: at lib/list_debug.c:30 __list_add+0x7d/0xad() Ingo Molnar
2009-06-20 15:56 ` Patrick McHardy
2009-06-17 11:38 ` Patrick McHardy
2009-06-17 11:51 ` Patrick McHardy
2009-06-17 11:55 ` Eric Dumazet
2009-06-17 12:00 ` Patrick McHardy
2009-06-17 12:33 ` Eric Dumazet
2009-06-17 12:36 ` Patrick McHardy
2009-06-17 13:27 ` Eric Dumazet
2009-06-17 13:29 ` Patrick McHardy
2009-06-17 14:23 ` Patrick McHardy
2009-06-17 15:29 ` Eric Dumazet
2009-06-17 15:34 ` Patrick McHardy
2009-06-18 23:18 ` [GIT]: Networking Tilman Schmidt
2009-06-19 3:36 ` David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4A3A0D45.8090806@trash.net \
--to=kaber@trash.net \
--cc=akpm@linux-foundation.org \
--cc=dada1@cosmosbay.com \
--cc=davem@davemloft.net \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@elte.hu \
--cc=netdev@vger.kernel.org \
--cc=pablo@netfilter.org \
--cc=tglx@linutronix.de \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.