From: Patrick McHardy <kaber@trash.net>
To: Jamie Iles <jamie.iles@picochip.com>
Cc: netdev@vger.kernel.org, shanwei@cn.fujitsu.com
Subject: Re: IP: Send an ICMP "Fragment Reassembly Timeout" message when enabling connection track
Date: Tue, 02 Feb 2010 17:46:55 +0100 [thread overview]
Message-ID: <4B6856FF.3050904@trash.net> (raw)
In-Reply-To: <20100202162228.GC4305@wear.picochip.com>
[-- Attachment #1: Type: text/plain, Size: 3446 bytes --]
Jamie Iles wrote:
> Hi,
>
> I have an ARM based board that I'm running off of today's next tree. When
> booting with a rootfs over NFS I regularly see a crash with the following log:
>
> huh, entered c0237b8c with preempt_count 00000103, exited with 00000102?
> kernel BUG at kernel/timer.c:1035!
> Unable to handle kernel NULL pointer dereference at virtual address 00000000
> pgd = c0004000
> [00000000] *pgd=00000000
> Internal error: Oops: 817 [#1] PREEMPT
> last sysfs file: /sys/class/mtd/mtd6ro/dev
> Modules linked in:
> CPU: 0 Not tainted (2.6.33-rc6-next-20100202-picochip-arm2009q3+ #46)
> PC is at __bug+0x18/0x24
> LR is at __bug+0x14/0x24
> pc : [<c0024240>] lr : [<c002423c>] psr: 60000113
> sp : c03a3ec8 ip : c03cb880 fp : c03ef9c8
> r10: c03efdc8 r9 : c03efbc8 r8 : c03effc8
> r7 : c7e171b4 r6 : c03ef1a0 r5 : c03a2000 r4 : 00000000
> r3 : 00000000 r2 : c03a3ebc r1 : c033ae76 r0 : 00000029
> Flags: nZCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment kernel
> Control: 00c5387d Table: 07e58008 DAC: 00000017
> Process swapper (pid: 0, stack limit = 0xc03a2268)
> Stack: (0xc03a3ec8 to 0xc03a4000)
> 3ec0: 00000000 c0046a54 00000002 00000000 c00468d8 00000000
> 3ee0: 00000000 00000103 c7e17180 c0237b8c 00000002 c095601c 00000000 c036c3df
> 3f00: c03a3f00 c03a3f00 00000000 00000000 c03a2000 00000004 c03ef004 00000103
> 3f20: 0000000a 00000101 00000001 c003fdf4 c03ad92c 00000000 c03a73c0 00000000
> 3f40: 00000024 c03a2000 00000000 00000010 00000002 00000001 c03a2000 0001bf40
> 3f60: 00000000 c003ff64 00000024 c0020070 ffffffff fe060000 00000010 c02a6170
> 3f80: c0021a70 00000000 00000000 c03a2000 c03a2000 c001d3bc c001d3b8 c03a6a18
> 3fa0: 0001bfa8 410fb767 0001bf40 00000000 c03a73e8 c03a3fc8 c0021a70 c0021a74
> 3fc0: 60000013 ffffffff c03a2000 c0021f40 c094b0e8 c0008920 c0008490 00000000
> 3fe0: 00000000 c001d3bc 00000000 00c5387d c03ce470 00008034 00000000 00000000
> [<c0024240>] (__bug+0x18/0x24) from [<c0046a54>] (run_timer_softirq+0x308/0x36c)
> [<c0046a54>] (run_timer_softirq+0x308/0x36c) from [<c003fdf4>] (__do_softirq+0x1
> 08/0x220)
> [<c003fdf4>] (__do_softirq+0x108/0x220) from [<c003ff64>] (irq_exit+0x58/0xb0)
> [<c003ff64>] (irq_exit+0x58/0xb0) from [<c0020070>] (asm_do_IRQ+0x70/0x8c)
> [<c0020070>] (asm_do_IRQ+0x70/0x8c) from [<c02a6170>] (__irq_svc+0x50/0xd4)
> Exception stack(0xc03a3f80 to 0xc03a3fc8)
> 3f80: c0021a70 00000000 00000000 c03a2000 c03a2000 c001d3bc c001d3b8 c03a6a18
> 3fa0: 0001bfa8 410fb767 0001bf40 00000000 c03a73e8 c03a3fc8 c0021a70 c0021a74
> 3fc0: 60000013 ffffffff
> [<c02a6170>] (__irq_svc+0x50/0xd4) from [<c0021a74>] (default_idle+0x28/0x2c)
> [<c0021a74>] (default_idle+0x28/0x2c) from [<c0021f40>] (cpu_idle+0x50/0xa4)
> [<c0021f40>] (cpu_idle+0x50/0xa4) from [<c0008920>] (start_kernel+0x248/0x29c)
> [<c0008920>] (start_kernel+0x248/0x29c) from [<00008034>] (0x8034)
> Code: e1a01000 e59f000c eb09f9bf e3a03000 (e5833000)
>
> The function the timer called was ip_expire():
>
> [jamiei@wear linux-2.6]$ arm-none-linux-gnueabi-addr2line -e vmlinux c0237b8c
> /home/jamiei/linux-2.6/net/ipv4/ip_fragment.c:190
>
> Reverting the commit (e9017b55189355e9e6569990a18919e83f35bccb) makes this
> crash go away. The kernel is built with preempt debugging but I don't get any
> other warnings.
This patch should fix it.
ipv4: ip_fragment: fix unbalanced rcu_read_unlock()
Signed-off-by: Patrick McHardy <kaber@trash.net>
[-- Attachment #2: x --]
[-- Type: text/plain, Size: 455 bytes --]
diff --git a/net/ipv4/ip_fragment.c b/net/ipv4/ip_fragment.c
index 9f41bd3..b59430b 100644
--- a/net/ipv4/ip_fragment.c
+++ b/net/ipv4/ip_fragment.c
@@ -234,10 +234,9 @@ static void ip_expire(unsigned long arg)
/* Send an ICMP "Fragment Reassembly Timeout" message. */
icmp_send(head, ICMP_TIME_EXCEEDED, ICMP_EXC_FRAGTIME, 0);
- }
-
out_rcu_unlock:
- rcu_read_unlock();
+ rcu_read_unlock();
+ }
out:
spin_unlock(&qp->q.lock);
ipq_put(qp);
next prev parent reply other threads:[~2010-02-02 16:46 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-02-02 16:22 IP: Send an ICMP "Fragment Reassembly Timeout" message when enabling connection track Jamie Iles
2010-02-02 16:46 ` Patrick McHardy [this message]
2010-02-02 19:47 ` David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4B6856FF.3050904@trash.net \
--to=kaber@trash.net \
--cc=jamie.iles@picochip.com \
--cc=netdev@vger.kernel.org \
--cc=shanwei@cn.fujitsu.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.