2.6.20-rc4: known unfixed regressions

2.6.20-rc4: known unfixed regressions

[Adrian Bunk]

This email lists some known regressions in 2.6.20-rc4 compared to 2.6.19.

If you find your name in the Cc header, you are either submitter of one
of the bugs, maintainer of an affectected subsystem or driver, a patch
of you caused a breakage or I'm considering you in any other way possibly
involved with one or more of these issues.

Due to the huge amount of recipients, please trim the Cc when answering.


Subject    : BUG: at mm/truncate.c:60 cancel_dirty_page()
References : http://lkml.org/lkml/2007/1/7/117
Submitter  : Malte Schröder <MalteSch@gmx.de>
Status     : unknown


Subject    : netfilter conntrack Oopses
References : http://lkml.org/lkml/2007/1/4/156
             http://lkml.org/lkml/2007/1/7/188
Submitter  : Bernhard Schmidt <berni@birkenwald.de>
             Peter Osterlund <petero2@telia.com>
Status     : unknown


Subject    : ftp: get or put stops during file-transfer
References : http://lkml.org/lkml/2006/12/16/174
Submitter  : Komuro <komurojun-mbn@nifty.com>
Caused-By  : YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
             commit cfb6eeb4c860592edd123fdea908d23c6ad1c7dc
Handled-By : YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Status     : problem is being debugged


Subject    : BUG: at fs/inotify.c:172 set_dentry_child_flags()
References : http://bugzilla.kernel.org/show_bug.cgi?id=7785
Submitter  : Cijoml Cijomlovic Cijomlov <cijoml@volny.cz>
Status     : unknown


Subject    : BUG: scheduling while atomic: hald-addon-stor/...
             cdrom_{open,release,ioctl} in trace
References : http://lkml.org/lkml/2006/12/26/105
             http://lkml.org/lkml/2006/12/29/22
             http://lkml.org/lkml/2006/12/31/133
Submitter  : Jon Smirl <jonsmirl@gmail.com>
             Damien Wyart <damien.wyart@free.fr>
             Aaron Sethman <androsyn@ratbox.org>
Status     : unknown


Subject    : problems with CD burning
References : http://www.spinics.net/lists/linux-ide/msg06545.html
Submitter  : Uwe Bugla <uwe.bugla@gmx.de>
Status     : unknown


Subject    : x86_64 boot failure: "IO-APIC + timer doesn't work"
References : http://lkml.org/lkml/2006/12/16/101
             http://lkml.org/lkml/2007/1/3/9
Submitter  : Tobias Diedrich <ranma+kernel@tdiedrich.de>
Caused-By  : Andi Kleen <ak@suse.de>
             commit b026872601976f666bae77b609dc490d1834bf77
Handled-By : Yinghai Lu <yinghai.lu@amd.com>
             Eric W. Biederman <ebiederm@xmission.com>
Status     : patches are being discussed


Subject    : USB keyboard unresponsive after some time
References : http://lkml.org/lkml/2006/12/25/35
             http://lkml.org/lkml/2006/12/26/106
Submitter  : Florin Iucha <florin@iucha.net>
Status     : unknown


Subject    : Acer Extensa 3002 WLMi: 'shutdown -h now' reboots the system
References : http://lkml.org/lkml/2006/12/25/40
Submitter  : Berthold Cogel <cogel@rrz.uni-koeln.de>
Handled-By : Alexey Starikovskiy <alexey.y.starikovskiy@linux.intel.com>
Status     : problem is being debugged
-
To unsubscribe from this list: send the line "unsubscribe linux-acpi" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: 2.6.20-rc4: known unfixed regressions

[Bernhard Schmidt]

Adrian Bunk wrote:

> This email lists some known regressions in 2.6.20-rc4 compared to 2.6.19.

> Subject    : netfilter conntrack Oopses
> References : http://lkml.org/lkml/2007/1/4/156

Netfilter bugzilla #528
https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=528

fixed, I think the patch is in -rc4 already (it is listed in the "Merge 
/pub/scm/linux/kernel/git/davem/net-2.6" on Jan. 4th in the git browser)

>              http://lkml.org/lkml/2007/1/7/188

Netfilter bugzilla #529
https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=529

no patch available yet, remote DoS attack for 2.6.20-rc3, not excluded 
this has been the case since nf_conntrack_ipv6 was available (2.6.16 or 
so), UDPv6 fragments are rare in the wild and a large number of users 
could not use nf_conntrack_ipv6 up to now due to incompatibility with 
IPv4 NAT code.

Regards,
Bernhard

Re: Linux 2.6.20-rc4

[Patrick McHardy]

[-- Attachment #1: Type: text/plain, Size: 2245 bytes --]

Linus Torvalds wrote:
> On Sun, 7 Jan 2007, Peter Osterlund wrote:
> 
>>I get kernel panics when doing large ethernet transfers. A loop doing
>>continuous scp transfers of some large (>100MB) files makes the kernel
>>crash after a few minutes. scp runs on a different machine and copies
>>data from the machine that crashes. (The first crash did not happen
>>when scp was used, but scp is an easy way to reproduce the problem.)
>>
>>I've seen this crash also with 2.6.20-rc2-git-something. Previously I
>>ran these kernels quite a lot and used a ppp link without problems.
>>Today I started using eth0 and the crashes started to occur. I have
>>netfilter rules for ppp0, but no rules for eth0. Earlier kernels have
>>been working perfectly for large eth0 transfers on this machine.
>>
>>Hand copied data from the console:
>>
>>  BUG: unable to handle kernel paging request at virtual address 9f5cea9f
>>   printing eip:
>>  c034c729
>>  *pde = 00000000
>>  Ooops: 0000 [#1]
>>  PREEMPT
>>  Modules linked in: ... 8139too ...
>>  CPU: 0
>>  EIP: 0060:[<c034c729>] Not tainted VLI
>>  EFALLGS: 00010206 (2.6.20-rc4 #13)
>>  EIP is at ipv4_conntrack_help+0x6b/0x83
>>  eax: c0475e44 ebx: 9f5cea37 ecx: d1dcebb0 edx: 00000014
>>  esi: d1dcebb0 edi: c0475e44 ebp: c0475dd8 esp: c0475dc4
> 
> 
> That's 
> 
> 	and    $0xf,%dl
> 	movzbl %dl,%edx
> 	lea    (%ecx,%edx,4),%edx
> 	movzbl %bl,%eax
> 	mov    %eax,(%esp)
> 	mov    %esi,%ecx
> 	mov    %edi,%eax
> 	mov    0xfffffff0(%ebp),%ebx
> **	call   *0x68(%ebx)		**
> 	add    $0x8,%esp
> 	pop    %ebx
> 	pop    %esi
> 	pop    %edi
> 	pop    %ebp
> 	ret
> 
> which is ipv4_conntrack_help():
> 
> 	return help->helper->help(pskb,
> 		(*pskb)->nh.raw - (*pskb)->data
> 				+ (*pskb)->nh.iph->ihl*4,
> 		ct, ctinfo);
> 
> and that call instruction is the one that oopses because "help->helper" is 
> corrupt (it's 0x9f5cea37 - not a valid kernel pointer).


I guess its because of an uninitialized helper field in struct
nf_conntrack_expect, which is then copied from the expectation to
the conntrack entry.

Peter, do you have locally generated netbios ns queries on the machine
running nf_conntrack? If so, please try this patch. Otherwise, are
there any other conntrack helpers that are actually used?


[-- Attachment #2: x --]
[-- Type: text/plain, Size: 1203 bytes --]

[NETFILTER]: nf_conntrack_netbios_ns: fix uninitialized member in expectation

->helper is uninitialized in the expectation registered by the netbios_ns
helper and it later copied to the expected connection, which causes invalid
memory dereferences when trying to call the helper.

Signed-off-by: Patrick McHardy <kaber@trash.net>

---
commit fe6df90eb909a84593b6902e6e4f802687bc4564
tree 113ffbc5cd73dd3a5fe66bc24ba4747b2b5a4c6c
parent fa0035e191e85a2ab31861df9e0a0273e60dc745
author Patrick McHardy <kaber@trash.net> Mon, 08 Jan 2007 23:30:35 +0100
committer Patrick McHardy <kaber@trash.net> Mon, 08 Jan 2007 23:30:35 +0100

 net/netfilter/nf_conntrack_netbios_ns.c |    1 +
 1 files changed, 1 insertions(+), 0 deletions(-)

diff --git a/net/netfilter/nf_conntrack_netbios_ns.c b/net/netfilter/nf_conntrack_netbios_ns.c
index a5b234e..2a48efd 100644
--- a/net/netfilter/nf_conntrack_netbios_ns.c
+++ b/net/netfilter/nf_conntrack_netbios_ns.c
@@ -89,6 +89,7 @@ static int help(struct sk_buff **pskb, u
 
 	exp->expectfn             = NULL;
 	exp->flags                = NF_CT_EXPECT_PERMANENT;
+	exp->helper               = NULL;
 
 	nf_conntrack_expect_related(exp);
 	nf_conntrack_expect_put(exp);

Re: Linux 2.6.20-rc4

[Peter Osterlund]

Patrick McHardy <kaber@trash.net> writes:

> Linus Torvalds wrote:
> > On Sun, 7 Jan 2007, Peter Osterlund wrote:
> > 
> >>I get kernel panics when doing large ethernet transfers. A loop doing

> >>  EFALLGS: 00010206 (2.6.20-rc4 #13)
> >>  EIP is at ipv4_conntrack_help+0x6b/0x83
> >>  eax: c0475e44 ebx: 9f5cea37 ecx: d1dcebb0 edx: 00000014
> >>  esi: d1dcebb0 edi: c0475e44 ebp: c0475dd8 esp: c0475dc4
> > 
> > which is ipv4_conntrack_help():
> > 
> > 	return help->helper->help(pskb,
> > 		(*pskb)->nh.raw - (*pskb)->data
> > 				+ (*pskb)->nh.iph->ihl*4,
> > 		ct, ctinfo);
> > 
> > and that call instruction is the one that oopses because "help->helper" is 
> > corrupt (it's 0x9f5cea37 - not a valid kernel pointer).
> 
> I guess its because of an uninitialized helper field in struct
> nf_conntrack_expect, which is then copied from the expectation to
> the conntrack entry.
> 
> Peter, do you have locally generated netbios ns queries on the machine
> running nf_conntrack?

I have samba running on both machines. I guess that generates some
netbios traffic even though it isn't currently in active use.

> If so, please try this patch.

Thanks, the patch appears to help. The kernel has now survived much
longer with this patch than it used to do without it.

I will recompile with gcc 4.1.1 too just to make sure, but if you
don't hear anything more from me, consider the case closed. :)

-- 
Peter Osterlund - petero2@telia.com
http://web.telia.com/~u89404340

Re: Linux 2.6.20-rc4

[Linus Torvalds]

On Mon, 9 Jan 2007, Peter Osterlund wrote:
> 
> Thanks, the patch appears to help. The kernel has now survived much
> longer with this patch than it used to do without it.
> 
> I will recompile with gcc 4.1.1 too just to make sure, but if you
> don't hear anything more from me, consider the case closed. :)

David - I assume I'll get this patch through you, and I can just forget 
about this issue and go about my normal mindless ways?

		Linus

Re: Linux 2.6.20-rc4

[Adrian Bunk]

On Mon, Jan 08, 2007 at 03:12:08PM -0800, Linus Torvalds wrote:
> 
> 
> On Mon, 9 Jan 2007, Peter Osterlund wrote:
> > 
> > Thanks, the patch appears to help. The kernel has now survived much
> > longer with this patch than it used to do without it.
> > 
> > I will recompile with gcc 4.1.1 too just to make sure, but if you
> > don't hear anything more from me, consider the case closed. :)
> 
> David - I assume I'll get this patch through you, and I can just forget 
> about this issue and go about my normal mindless ways?

I'll keep reminding him until it's in your tree.  ;-)

> 		Linus

cu
Adrian

-- 

       "Is there not promise of rain?" Ling Tan asked suddenly out
        of the darkness. There had been need of rain for many days.
       "Only a promise," Lao Er said.
                                       Pearl S. Buck - Dragon Seed

2.6.20-rc4: known regressions with patches (v2)

[Adrian Bunk]

This email lists some known regressions in 2.6.20-rc4 compared to 2.6.19
with patches available.

If you find your name in the Cc header, you are either submitter of one
of the bugs, maintainer of an affectected subsystem or driver, a patch
of you caused a breakage or I'm considering you in any other way possibly
involved with one or more of these issues.

Due to the huge amount of recipients, please trim the Cc when answering.


Subject    : BUG: at mm/truncate.c:60 cancel_dirty_page()  (XFS)
References : http://lkml.org/lkml/2007/1/5/308
Submitter  : Sami Farin <7atbggg02@sneakemail.com>
Handled-By : David Chinner <dgc@sgi.com>
Patch      : http://lkml.org/lkml/2007/1/7/201
Status     : patch available


Subject    : bluetooth oopses because of multiple kobject_add()
References : http://lkml.org/lkml/2007/1/2/101
Submitter  : Pavel Machek <pavel@ucw.cz>
Handled-By : Marcel Holtmann <marcel@holtmann.org>
Patch      : http://lkml.org/lkml/2007/1/2/147
Status     : patch available


Subject    : ftp: get or put stops during file-transfer
References : http://lkml.org/lkml/2006/12/16/174
Submitter  : Komuro <komurojun-mbn@nifty.com>
Caused-By  : YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
             commit cfb6eeb4c860592edd123fdea908d23c6ad1c7dc
Handled-By : Craig Schlenter <craig@codefountain.com>
             YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Patch      : http://lkml.org/lkml/2007/1/9/5
Status     : patch available


Subject    : nf_conntrack_netbios_ns.c causes Oops
References : http://lkml.org/lkml/2007/1/7/188
Submitter  : Peter Osterlund <petero2@telia.com>
Caused-By  : Patrick McHardy <kaber@trash.net>
             commit 92703eee4ccde3c55ee067a89c373e8a51a8adf9
Handled-By : Patrick McHardy <kaber@trash.net>
Patch      : http://lkml.org/lkml/2007/1/8/290
Status     : patch available


Subject    : forcedeth.c 0.59: problem with sideband managment
References : http://bugzilla.kernel.org/show_bug.cgi?id=7684
Submitter  : Michael Reske <micha@gmx.com>
Handled-By : Ayaz Abdulla <aabdulla@nvidia.com>
Patch      : http://bugzilla.kernel.org/show_bug.cgi?id=7684
Status     : patch available


Subject    : nVidia CK804 chipset: not detecting HT MSI capabilities
References : http://lkml.org/lkml/2007/1/5/215
Submitter  : Brice Goglin <brice@myri.com>
             Robert Hancock <hancockr@shaw.ca>
Handled-By : Brice Goglin <brice@myri.com>
Patch      : http://lkml.org/lkml/2007/1/5/215
Status     : patch available

Re: Linux 2.6.20-rc4

[David Miller]

From: Linus Torvalds <torvalds@osdl.org>
Date: Mon, 8 Jan 2007 15:12:08 -0800 (PST)

> 
> 
> On Mon, 9 Jan 2007, Peter Osterlund wrote:
> > 
> > Thanks, the patch appears to help. The kernel has now survived much
> > longer with this patch than it used to do without it.
> > 
> > I will recompile with gcc 4.1.1 too just to make sure, but if you
> > don't hear anything more from me, consider the case closed. :)
> 
> David - I assume I'll get this patch through you, and I can just forget 
> about this issue and go about my normal mindless ways?

Yep, I'll push it to you very soon.

Thanks Patrick for figuring this bug out, nice work.