Re: [2.6.14-rt1] slowdown / oops.

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

From: Ingo Molnar <mingo@elte.hu>
To: "Paweł Sikora" <pluto@agmk.net>
Cc: linux kernel mailing list <linux-kernel@vger.kernel.org>,
	Rusty Russell <rusty@rustcorp.com.au>,
	netfilter-devel@lists.netfilter.org
Subject: Re: [2.6.14-rt1] slowdown / oops.
Date: Wed, 2 Nov 2005 14:55:16 +0100	[thread overview]
Message-ID: <20051102135516.GA16175@elte.hu> (raw)
In-Reply-To: <20051102134723.GB13468@elte.hu>


* Ingo Molnar <mingo@elte.hu> wrote:

> 
> * Paweł Sikora <pluto@agmk.net> wrote:
> 
> > 2).
> > During `scp bigfile to another machine` I get an oops:
> > http://149.156.124.14/~pluto/tmp/2.6.14-rt2-oops.jpg [796 kB]
> 
> is routing to that other box covered by any of the iptables NAT rules?  
> Does the crash happen if you turn off all firewalling via "iptables 
> -F"?

ah, managed to reproduce a crash in the NAT code with your .config (see 
below). This indeed seems to be some sort of use-after-free bug: 
0x6b6b6b6b6b is SLAB_DEBUG's POISON_FREE - use-after-free poison byte.  
This bug is either caused by and unique to -rt, or possibly present 
upstream too.

	Ingo

BUG: Unable to handle kernel paging request at virtual address 6b6b6b6b
 printing eip:
c03a859f
*pde = 00000000
Oops: 0000 [#1]
PREEMPT 
Modules linked in:
CPU:    0
EIP:    0060:[<c03a859f>]    Not tainted VLI
EFLAGS: 00010246   (2.6.14-rt4) 
EIP is at __ip_conntrack_find+0x5f/0x110
eax: 00000000   ebx: 6b6b6b6b   ecx: c013ae7f   edx: 00000001
esi: c23d7e28   edi: 000018e0   ebp: c23d7df4   esp: c23d7de4
ds: 007b   es: 007b   ss: 0068   preempt: 00000001
Process softirq-net-rx/ (pid: 5, threadinfo=c23d6000 task=c23d47b0 stack_left=7600 worst_left=-1)
Stack: 00000000 00000000 c23d7e28 c23d7ecc c23d7e04 c03a8674 f490a57c c03aae90 
       c23d7e48 c03a9204 c23d7e28 c0498020 f881d040 00000000 00000000 c0498020 
       c23d7ecc 0101000a c0591600 0701000a 0006c9c2 00000000 c04975e8 c23d7e8c 
Call Trace:
 [<c0103cc7>] show_stack+0x97/0xd0 (32)
 [<c0103eb2>] show_registers+0x192/0x250 (68)
 [<c01040ef>] die+0xdf/0x190 (56)
 [<c03f1ff6>] do_page_fault+0x176/0x57c (72)
 [<c0103933>] error_code+0x4f/0x54 (76)
 [<c03a8674>] ip_conntrack_find_get+0x24/0x60 (16)
 [<c03a9204>] ip_conntrack_in+0xc4/0x370 (68)
 [<c03c46f9>] nf_iterate+0x59/0x90 (36)
 [<c03c4782>] nf_hook_slow+0x52/0x100 (48)
 [<c0373f62>] ip_rcv+0x182/0x4f0 (64)
 [<c035f71d>] netif_receive_skb+0x15d/0x1e0 (52)
 [<c02f2b57>] rtl8139_rx+0x1b7/0x340 (80)
 [<c02f2ec8>] rtl8139_poll+0x58/0x110 (40)
 [<c035f8f2>] net_rx_action+0x72/0x140 (24)
 [<c011ed19>] ksoftirqd+0xb9/0x140 (40)
 [<c012d6e4>] kthread+0x94/0xa0 (28)
 [<c01010d9>] kernel_thread_helper+0x5/0xc (1036156956)
---------------------------
| preempt count: 00000001 ]
| 1-level deep critical section nesting:
----------------------------------------
.. [<c013ae7f>] .... add_preempt_count+0xf/0x20
.....[<c0104048>] ..   ( <= die+0x38/0x190)

------------------------------
| showing all locks held by: |  (softirq-net-rx//5 [c23d47b0,  98]):
------------------------------

#001:             [f7e2c664] {&tp->rx_lock}
... acquired at:               rtl8139_poll+0x39/0x110

#002:             [c0497bc0] {ip_conntrack_lock}
... acquired at:               ip_conntrack_find_get+0x1b/0x60

Code: 01 00 00 00 e8 f3 28 d9 ff ff 05 a0 2a 59 c0 b8 01 00 00 00 e8 83 29 d9 ff a1 08 42 3f c0 8b 40 08 a8 08 0f 85 a6 00 00 00 8b 1b <8b> 03 0f 18 00 90 89 f8 03 05 80 2a 59 c0 39 c3 0f 84 82 00 00

next prev parent reply	other threads:[~2005-11-02 13:55 UTC|newest]

Thread overview: 13+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2005-11-02 13:20 [2.6.14-rt1] slowdown / oops Paweł Sikora
2005-11-02 13:29 ` Ingo Molnar
2005-11-02 13:40   ` Paweł Sikora
2005-11-02 13:44     ` Ingo Molnar
2005-11-02 13:47 ` Ingo Molnar
2005-11-02 13:55   ` Ingo Molnar [this message]
2005-11-02 14:00     ` Ingo Molnar
2005-11-02 14:25       ` Ingo Molnar
2005-11-02 15:12         ` Ingo Molnar
2005-11-02 15:33           ` Ingo Molnar
2005-11-03  2:09             ` Rusty Russell
2005-11-03 10:12               ` Ingo Molnar
  -- strict thread matches above, loose matches on Subject: below --
2005-11-02 17:36 Paweł Sikora

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20051102135516.GA16175@elte.hu \
    --to=mingo@elte.hu \
    --cc=linux-kernel@vger.kernel.org \
    --cc=netfilter-devel@lists.netfilter.org \
    --cc=pluto@agmk.net \
    --cc=rusty@rustcorp.com.au \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox