Bug 33842
| Summary: | NULL pointer dereference in ip_fragment | ||
|---|---|---|---|
| Product: | Networking | Reporter: | Tomas Carnecky (tom) |
| Component: | Other | Assignee: | Arnaldo Carvalho de Melo (acme) |
| Status: | CLOSED CODE_FIX | ||
| Severity: | normal | CC: | akpm, florian, maciej.rutecki, rjw |
| Priority: | P1 | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Kernel Version: | 2.6.39-rc4 | Subsystem: | |
| Regression: | Yes | Bisected commit-id: | |
| Bug Depends on: | |||
| Bug Blocks: | 32012 | ||
| Attachments: |
Photo of the stacktrace (1)
Photo of the stacktrace (2) |
||
|
Description
Tomas Carnecky
2011-04-23 07:51:53 UTC
Can you take a digital photograph of the screen and attach that to the report? I provoked the panic twice, so there are two photos. Each time the panic happened, I saw two stack traces fly by. My screen isn't tall enough to capture both, but at the very top of the second photo you see the last couple lines of the first stack trace. ip_fragment+0x52 is line 160 of include/net/dst.h Created attachment 55502 [details]
Photo of the stacktrace (1)
Created attachment 55512 [details]
Photo of the stacktrace (2)
There's no mention of the kernel version in this report? 2.6.39-rc4-0025-g5dd12af (switched to email. Please respond via emailed reply-to-all, not via the bugzilla web interface). On Sat, 23 Apr 2011 07:51:56 GMT bugzilla-daemon@bugzilla.kernel.org wrote: > https://bugzilla.kernel.org/show_bug.cgi?id=33842 > > Summary: NULL pointer dereference in ip_fragment oops in ip_defragment(). Kernel is 2.6.39-rc4. There are some screenshots attached to the report. > Product: Networking > Version: 2.5 > Platform: All > OS/Version: Linux > Tree: Mainline > Status: NEW > Severity: normal > Priority: P1 > Component: Other > AssignedTo: acme@ghostprotocols.net > ReportedBy: tom@dbservice.com > Regression: No > > > The host is using the ath9k driver. eth0+wlan0 are bridged. Shortly after I > start using the wireless network with my macbook, the bug triggers. No idea > if > it's wireless related, because there's also a rtl8169_rx_interrupt entry in > the > stacktrace. > > This is a transcript, since I don't (have/know of) any way to get the > backtrace > out of a crashed box. > > IP: ip_fragment+0x52/0x840 > Call Trace: > <IRQ> > br_parse_ip_options > br_flood_deliver > br_parse_ip_options > br_nf_dev_queue_xmit > br_nf_post_routing > nf_iterate > > then also: > lots of br_flood_deliver > lots of br_*_finish > one ? rtl8169_interrupt > one ? ath9k_ioread32 > On Sunday, June 12, 2011, Eric Dumazet wrote:
> Le dimanche 12 juin 2011 à 23:12 +0200, Rafael J. Wysocki a écrit :
> > This message has been generated automatically as a part of a report
> > of regressions introduced between 2.6.38 and 2.6.39.
> >
> > The following bug entry is on the current list of known regressions
> > introduced between 2.6.38 and 2.6.39. Please verify if it still should
> > be listed and let the tracking team know (either way).
> >
> >
> > Bug-Entry : http://bugzilla.kernel.org/show_bug.cgi?id=33842
> > Subject : NULL pointer dereference in ip_fragment
> > Submitter : Tomas Carnecky <tom@dbservice.com>
> > Date : 2011-04-23 07:51 (51 days old)
> >
> >
>
> This is probably fixed in current linux-2.6 tree, and 2.6.39.1 as well
>
>
> If not, maybe commit 64f3b9e203b (ip_expire() must revalidate route)
> needs to be included in 2.6.39.X
>
> (I believe Greg took it for 2.6.38, but cant find it in 2.6.39 ?)
|