Bug 9825
| Summary: | GPF in kernel when /sbin/ss used for display DCCP sockets. | ||
|---|---|---|---|
| Product: | Networking | Reporter: | Misha Labjuk (spike) |
| Component: | Other | Assignee: | Arnaldo Carvalho de Melo (acme) |
| Status: | RESOLVED CODE_FIX | ||
| Severity: | normal | CC: | bunk |
| Priority: | P1 | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Kernel Version: | 2.6.24 | Subsystem: | |
| Regression: | Yes | Bisected commit-id: | |
| Attachments: | proper error handling for inet_diag when there is no handle for a netlink message | ||
|
Description
Misha Labjuk
2008-01-26 13:18:38 UTC
Reply-To: akpm@linux-foundation.org > On Sat, 26 Jan 2008 13:18:40 -0800 (PST) bugme-daemon@bugzilla.kernel.org > wrote: > http://bugzilla.kernel.org/show_bug.cgi?id=9825 > > Summary: GPF in kernel when /sbin/ss used for display DCCP > sockets. > Product: Networking > Version: 2.5 > KernelVersion: 2.6.24 > Platform: All > OS/Version: Linux > Tree: Mainline > Status: NEW > Severity: normal > Priority: P1 > Component: Other > AssignedTo: acme@ghostprotocols.net > ReportedBy: spike@ml.yaroslavl.ru > > > Latest working kernel version: 2.6.23.14 > Earliest failing kernel version:2.6.24 A regression in 2.6.24. > Distribution:gentoo > Hardware Environment: i386 > Software Environment: ss utility, iproute2-ss070710 > Problem Description: > GPF in kernel when ss used for display DCCP sockets. > > Jan 26 23:38:03 host general protection fault: 0000 [#1] PREEMPT > Jan 26 23:38:03 host Modules linked in: iptable_mangle iptable_nat nf_nat > ipt_REJECT xt_tcpudp nf_conntrack_ipv4 xt_state ipt_ULOG iptable_filter > ip_tables x_ > Jan 26 23:38:03 host > Jan 26 23:38:03 host Pid: 5573, comm: ss Not tainted (2.6.24 #1) > Jan 26 23:38:03 host EIP: 0060:[<c031a14f>] EFLAGS: 00010282 CPU: 0 > Jan 26 23:38:03 host EIP is at inet_diag_dump+0x2a/0x88b > Jan 26 23:38:03 host EAX: fffffffe EBX: e7095810 ECX: 00000001 EDX: fffffffe > Jan 26 23:38:03 host ESI: ee264a00 EDI: e7035840 EBP: 000015c5 ESP: e70fdbd0 > Jan 26 23:38:03 host DS: 007b ES: 007b FS: 0000 GS: 0033 SS: 0068 > Jan 26 23:38:03 host Process ss (pid: 5573, ti=e70fc000 task=e70f3680 > task.ti=e70fc000) > Jan 26 23:38:03 host Stack: 00000001 c040c164 e70f3680 000040d0 00000000 > e7035840 ee264a00 c01690a7 > Jan 26 23:38:03 host effc6009 e70fdc20 e7095810 000240d0 c040c6c0 00000010 > c14e02c0 00000282 > Jan 26 23:38:03 host 8cab2e5a 000040d0 00000f00 000000d0 c0426e80 c0147e38 > ee264a00 c02c6dff > Jan 26 23:38:03 host Call Trace: > Jan 26 23:38:03 host [<c01690a7>] permission+0x51/0xe7 > Jan 26 23:38:03 host [<c0147e38>] __get_free_pages+0x4d/0x55 > Jan 26 23:38:03 host [<c02c6dff>] __alloc_skb+0x4b/0xfa > Jan 26 23:38:03 host [<c02de333>] netlink_dump+0x47/0x178 > Jan 26 23:38:03 host [<c01426df>] file_read_actor+0xe1/0x10c > Jan 26 23:38:03 host [<c02e062e>] netlink_dump_start+0xb8/0x15e > Jan 26 23:38:03 host [<c0319bf0>] inet_diag_rcv_msg+0x5c/0x591 > Jan 26 23:38:03 host [<c031a125>] inet_diag_dump+0x0/0x88b > Jan 26 23:38:03 host [<c0319b94>] inet_diag_rcv_msg+0x0/0x591 > Jan 26 23:38:03 host [<c0319152>] inet_diag_rcv+0x0/0x24 > Jan 26 23:38:03 host [<c02df335>] netlink_rcv_skb+0x6d/0x8e > Jan 26 23:38:03 host [<c031916b>] inet_diag_rcv+0x19/0x24 > Jan 26 23:38:03 host [<c02df0e0>] netlink_unicast+0x1fa/0x224 > Jan 26 23:38:03 host [<c02df86e>] netlink_sendmsg+0x1d0/0x2b2 > Jan 26 23:38:03 host [<c01690a7>] permission+0x51/0xe7 > Jan 26 23:38:03 host [<c02c1423>] sock_sendmsg+0xbb/0xdd > Jan 26 23:38:03 host [<c012c951>] autoremove_wake_function+0x0/0x37 > Jan 26 23:38:03 host [<c013090c>] __atomic_notifier_call_chain+0x24/0x4a > Jan 26 23:38:03 host [<c0130949>] atomic_notifier_call_chain+0x17/0x1b > Jan 26 23:38:03 host [<c0251ad0>] notify_update+0x1f/0x23 > Jan 26 23:38:03 host [<c0253f0f>] do_con_write+0x33d/0x1aac > Jan 26 23:38:03 host [<c0253f0f>] do_con_write+0x33d/0x1aac > Jan 26 23:38:03 host [<c02c8369>] verify_iovec+0x2a/0x91 > Jan 26 23:38:03 host [<c02c1572>] sys_sendmsg+0x12d/0x243 > Jan 26 23:38:03 host [<c024b40f>] n_tty_ioctl+0x0/0x1e1 > Jan 26 23:38:03 host [<c0247475>] tty_ioctl+0x114/0xeb5 > Jan 26 23:38:03 host [<c0142987>] find_lock_page+0x20/0xab > Jan 26 23:38:03 host [<c0144d19>] filemap_fault+0x1d4/0x43e > Jan 26 23:38:03 host [<c02c3618>] sk_prot_alloc+0x70/0x8a > Jan 26 23:38:03 host [<c02c4d19>] sk_alloc+0x3d/0x47 > Jan 26 23:38:03 host [<c0172eee>] d_alloc+0x1b/0x192 > Jan 26 23:38:03 host [<c0172eb3>] d_instantiate+0x3b/0x5b > Jan 26 23:38:03 host [<c02c1161>] sock_attach_fd+0x77/0xa2 > Jan 26 23:38:03 host [<c02c27d8>] sys_socketcall+0x24f/0x271 > Jan 26 23:38:03 host [<c0115952>] do_page_fault+0x0/0x5ce > Jan 26 23:38:03 host [<c0103e72>] sysenter_past_esp+0x5f/0x85 > Jan 26 23:38:03 host [<c0350000>] __xfrm6_tunnel_spi_lookup+0x26/0x72 > Jan 26 23:38:03 host ======================= > Jan 26 23:38:03 host Code: ff 55 57 56 53 83 ec 74 89 44 24 18 89 54 24 14 8b > 5a 04 0f b7 43 04 e8 36 f0 ff ff 85 c0 0f 84 a4 02 00 00 83 c3 10 89 5c 24 28 > <8 > Jan 26 23:38:03 host EIP: [<c031a14f>] inet_diag_dump+0x2a/0x88b SS:ESP > 0068:e70fdbd0 > Jan 26 23:38:03 host ---[ end trace 57d7a9039abd2ede ]--- > > All ss runned later sleep forewer in D state. Kill -9 don't work. > > Steps to reproduce: > run /sbin/ss -d > > Em Sat, Jan 26, 2008 at 10:33:34PM -0800, bugme-daemon@bugzilla.kernel.org escreveu: > http://bugzilla.kernel.org/show_bug.cgi?id=9825 > ------- Comment #1 from anonymous@kernel-bugs.osdl.org 2008-01-26 22:33 > ------- > Reply-To: akpm@linux-foundation.org > > > On Sat, 26 Jan 2008 13:18:40 -0800 (PST) bugme-daemon@bugzilla.kernel.org > wrote: > > http://bugzilla.kernel.org/show_bug.cgi?id=9825 > > > > Summary: GPF in kernel when /sbin/ss used for display DCCP > > sockets. > > Product: Networking > > Version: 2.5 > > KernelVersion: 2.6.24 > > Platform: All > > OS/Version: Linux > > Tree: Mainline > > Status: NEW > > Severity: normal > > Priority: P1 > > Component: Other > > AssignedTo: acme@ghostprotocols.net > > ReportedBy: spike@ml.yaroslavl.ru > > > > > > Latest working kernel version: 2.6.23.14 > > Earliest failing kernel version:2.6.24 > > A regression in 2.6.24. > > > Distribution:gentoo > > Hardware Environment: i386 > > Software Environment: ss utility, iproute2-ss070710 > > Problem Description: > > GPF in kernel when ss used for display DCCP sockets. > > > > Jan 26 23:38:03 host general protection fault: 0000 [#1] PREEMPT > > Jan 26 23:38:03 host Modules linked in: iptable_mangle iptable_nat nf_nat > > ipt_REJECT xt_tcpudp nf_conntrack_ipv4 xt_state ipt_ULOG iptable_filter > > ip_tables x_ > > Jan 26 23:38:03 host > > Jan 26 23:38:03 host Pid: 5573, comm: ss Not tainted (2.6.24 #1) > > Jan 26 23:38:03 host EIP: 0060:[<c031a14f>] EFLAGS: 00010282 CPU: 0 > > Jan 26 23:38:03 host EIP is at inet_diag_dump+0x2a/0x88b > > Jan 26 23:38:03 host EAX: fffffffe EBX: e7095810 ECX: 00000001 EDX: > fffffffe > > Jan 26 23:38:03 host ESI: ee264a00 EDI: e7035840 EBP: 000015c5 ESP: > e70fdbd0 > > Jan 26 23:38:03 host DS: 007b ES: 007b FS: 0000 GS: 0033 SS: 0068 > > Jan 26 23:38:03 host Process ss (pid: 5573, ti=e70fc000 task=e70f3680 > > task.ti=e70fc000) > > Jan 26 23:38:03 host Stack: 00000001 c040c164 e70f3680 000040d0 00000000 > > e7035840 ee264a00 c01690a7 > > Jan 26 23:38:03 host effc6009 e70fdc20 e7095810 000240d0 c040c6c0 00000010 > > c14e02c0 00000282 > > Jan 26 23:38:03 host 8cab2e5a 000040d0 00000f00 000000d0 c0426e80 c0147e38 > > ee264a00 c02c6dff > > Jan 26 23:38:03 host Call Trace: > > Jan 26 23:38:03 host [<c01690a7>] permission+0x51/0xe7 > > Jan 26 23:38:03 host [<c0147e38>] __get_free_pages+0x4d/0x55 > > Jan 26 23:38:03 host [<c02c6dff>] __alloc_skb+0x4b/0xfa > > Jan 26 23:38:03 host [<c02de333>] netlink_dump+0x47/0x178 > > Jan 26 23:38:03 host [<c01426df>] file_read_actor+0xe1/0x10c > > Jan 26 23:38:03 host [<c02e062e>] netlink_dump_start+0xb8/0x15e > > Jan 26 23:38:03 host [<c0319bf0>] inet_diag_rcv_msg+0x5c/0x591 > > Jan 26 23:38:03 host [<c031a125>] inet_diag_dump+0x0/0x88b > > Jan 26 23:38:03 host [<c0319b94>] inet_diag_rcv_msg+0x0/0x591 > > Jan 26 23:38:03 host [<c0319152>] inet_diag_rcv+0x0/0x24 > > Jan 26 23:38:03 host [<c02df335>] netlink_rcv_skb+0x6d/0x8e > > Jan 26 23:38:03 host [<c031916b>] inet_diag_rcv+0x19/0x24 > > Jan 26 23:38:03 host [<c02df0e0>] netlink_unicast+0x1fa/0x224 > > Jan 26 23:38:03 host [<c02df86e>] netlink_sendmsg+0x1d0/0x2b2 > > Jan 26 23:38:03 host [<c01690a7>] permission+0x51/0xe7 > > Jan 26 23:38:03 host [<c02c1423>] sock_sendmsg+0xbb/0xdd > > Jan 26 23:38:03 host [<c012c951>] autoremove_wake_function+0x0/0x37 > > Jan 26 23:38:03 host [<c013090c>] __atomic_notifier_call_chain+0x24/0x4a > > Jan 26 23:38:03 host [<c0130949>] atomic_notifier_call_chain+0x17/0x1b > > Jan 26 23:38:03 host [<c0251ad0>] notify_update+0x1f/0x23 > > Jan 26 23:38:03 host [<c0253f0f>] do_con_write+0x33d/0x1aac > > Jan 26 23:38:03 host [<c0253f0f>] do_con_write+0x33d/0x1aac > > Jan 26 23:38:03 host [<c02c8369>] verify_iovec+0x2a/0x91 > > Jan 26 23:38:03 host [<c02c1572>] sys_sendmsg+0x12d/0x243 > > Jan 26 23:38:03 host [<c024b40f>] n_tty_ioctl+0x0/0x1e1 > > Jan 26 23:38:03 host [<c0247475>] tty_ioctl+0x114/0xeb5 > > Jan 26 23:38:03 host [<c0142987>] find_lock_page+0x20/0xab > > Jan 26 23:38:03 host [<c0144d19>] filemap_fault+0x1d4/0x43e > > Jan 26 23:38:03 host [<c02c3618>] sk_prot_alloc+0x70/0x8a > > Jan 26 23:38:03 host [<c02c4d19>] sk_alloc+0x3d/0x47 > > Jan 26 23:38:03 host [<c0172eee>] d_alloc+0x1b/0x192 > > Jan 26 23:38:03 host [<c0172eb3>] d_instantiate+0x3b/0x5b > > Jan 26 23:38:03 host [<c02c1161>] sock_attach_fd+0x77/0xa2 > > Jan 26 23:38:03 host [<c02c27d8>] sys_socketcall+0x24f/0x271 > > Jan 26 23:38:03 host [<c0115952>] do_page_fault+0x0/0x5ce > > Jan 26 23:38:03 host [<c0103e72>] sysenter_past_esp+0x5f/0x85 > > Jan 26 23:38:03 host [<c0350000>] __xfrm6_tunnel_spi_lookup+0x26/0x72 > > Jan 26 23:38:03 host ======================= > > Jan 26 23:38:03 host Code: ff 55 57 56 53 83 ec 74 89 44 24 18 89 54 24 14 > 8b > > 5a 04 0f b7 43 04 e8 36 f0 ff ff 85 c0 0f 84 a4 02 00 00 83 c3 10 89 5c 24 > 28 > > <8 > > Jan 26 23:38:03 host EIP: [<c031a14f>] inet_diag_dump+0x2a/0x88b SS:ESP > > 0068:e70fdbd0 > > Jan 26 23:38:03 host ---[ end trace 57d7a9039abd2ede ]--- > > > > All ss runned later sleep forewer in D state. Kill -9 don't work. > > > > Steps to reproduce: > > run /sbin/ss -d [root@tonchinha ~]# uname -a Linux tonchinha.ghostprotocols.net 2.6.24 #1 Sat Jan 26 20:43:20 BRST 2008 i686 athlon i386 GNU/Linux [root@tonchinha ~]# ss -d State Recv-Q Send-Q Local Address:Port Peer Address:Port [root@tonchinha ~]# [root@tonchinha ~]# lsmod | egrep dccp\|inet dccp_diag 1344 0 dccp 44312 1 dccp_diag inet_diag 8904 1 dccp_diag [root@tonchinha ~]# [root@tonchinha ~]# modprobe dccp_ccid2 [root@tonchinha ~]# ss -d State Recv-Q Send-Q Local Address:Port Peer Address:Port [root@tonchinha ~]# modprobe dccp_ccid3 [root@tonchinha ~]# ss -d State Recv-Q Send-Q Local Address:Port Peer Address:Port No problems. Trying now with CONFIG_DEBUG_PREEMPT instead of CONFIG_DEBUG_PREEMPT_VOLUNTARY. - Arnaldo just tried with CONFIG_PREEMPT (previous one was CONFIG_PREEMPT_VOLUNTARY), no problems, I even created several DCCP ipv4 dccp sockets using ttcp but I couldn't reproduce the reported problem. [root@tonchinha ~]# ss -v ss utility, iproute2-ss071016 [root@tonchinha ~]# rpm -q iproute iproute-2.6.23-1.fc9 Can you provide more information? I rebuild kernel with enabled dccp module and error is gone!! I don't know what is dccp, i don't need it, it is not enabled in my kernel configuration (as recommended). Try to (re)move module dccp.ko from /lib/modules/2.6.24/..., unload it, and run 'ss -d'. Thanks, now I managed to reproduce, working on it. Em Sun, Jan 27, 2008 at 10:54:38AM -0800, bugme-daemon@bugzilla.kernel.org escreveu: > http://bugzilla.kernel.org/show_bug.cgi?id=9825 > > ------- Comment #4 from spike@ml.yaroslavl.ru 2008-01-27 10:54 ------- > I rebuild kernel with enabled dccp module and error is gone!! > > I don't know what is dccp, i don't need it, it is not enabled in my kernel > configuration (as recommended). > > Try to (re)move module dccp.ko from /lib/modules/2.6.24/..., unload it, and > run 'ss -d'. Try with the attached patch, it fixes for me and I'll soon submit it to netdev with a proper description so that DaveM can push it to stable too. - Arnaldo Created attachment 14613 [details]
proper error handling for inet_diag when there is no handle for a netlink message
oh well, the bugzilla e-mail interface doesn't handle attachments, creating one...
Andrew Morton <akpm@linux-foundation.org> wrote: > >> Jan 26 23:38:03 host general protection fault: 0000 [#1] PREEMPT >> Jan 26 23:38:03 host Modules linked in: iptable_mangle iptable_nat nf_nat >> ipt_REJECT xt_tcpudp nf_conntrack_ipv4 xt_state ipt_ULOG iptable_filter >> ip_tables x_ >> Jan 26 23:38:03 host >> Jan 26 23:38:03 host Pid: 5573, comm: ss Not tainted (2.6.24 #1) >> Jan 26 23:38:03 host EIP: 0060:[<c031a14f>] EFLAGS: 00010282 CPU: 0 >> Jan 26 23:38:03 host EIP is at inet_diag_dump+0x2a/0x88b This should be fixed by [PATCH][INET_DIAG]: Fix inet_diag_lock_handler error path 20080128022050.GQ27661@ghostprotocols.net that Arnaldo posted recently. Cheers, |