Re: [2.6.14-rt1] slowdown / oops.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



* Ingo Molnar <[email protected]> wrote:

> ah, managed to reproduce a crash in the NAT code with your .config 
> (see below). This indeed seems to be some sort of use-after-free bug: 
> 0x6b6b6b6b6b is SLAB_DEBUG's POISON_FREE - use-after-free poison byte.  
> This bug is either caused by and unique to -rt, or possibly present 
> upstream too.

with DEBUG_PAGEALLOC the crash happens almost instantly - it possibly 
catches the bad area very quickly. But there doesnt seem to be any trace 
in the stackdump about what method created the corrupt data-structure, 
what we see is a plain RX interrupt trying to look up existing 
connections and crashing on it.

	Ingo

XT3-fs: mounted filesystem with ordered data mode.
VFS: Mounted root (ext3 filesystem) readonly.
*****************************************************************************
*                                                                           *
*  REMINDER, the following debugging options are turned on in your .config: *
*                                                                           *
*        CONFIG_RT_DEADLOCK_DETECT                                          *
*        CONFIG_DEBUG_PREEMPT                                               *
*        CONFIG_DEBUG_SLAB                                                  *
*        CONFIG_DEBUG_PAGEALLOC                                             *
*                                                                           *
*  they may increase runtime overhead and latencies.                        *
*                                                                           *
*****************************************************************************
Freeing unused kernel memory: 200k freed
BUG: Unable to handle kernel paging request at virtual address f1267fe0
 printing eip:
c03a87a4
*pde = 005cc067
*pte = 31267000
Oops: 0000 [#1]
PREEMPT DEBUG_PAGEALLOC
Modules linked in:
CPU:    0
EIP:    0060:[<c03a87a4>]    Not tainted VLI
EFLAGS: 00010282   (2.6.14-rt4) 
EIP is at __ip_conntrack_find+0x24/0x110
eax: 00001324   ebx: f1267fe0   ecx: fb5c8c00   edx: f6f59920
esi: f7c55e28   edi: 00009920   ebp: f7c55df4   esp: f7c55de4
ds: 007b   es: 007b   ss: 0068   preempt: 00000001
Process softirq-net-rx/ (pid: 5, threadinfo=f7c54000 task=f7c538f0 stack_left=7600 worst_left=-1)
Stack: 00000000 00000000 f7c55e28 f7c55ecc f7c55e04 c03a88b4 f131ef64 c03ab0d0 
       f7c55e48 c03a9444 f7c55e28 c0498020 f881d040 00000000 00000000 c0498020 
       f7c55ecc 0101000a c0591600 0701000a 000612c6 00000000 c04975e8 f7c55e8c 
Call Trace:
 [<c0103cd7>] show_stack+0x97/0xd0 (32)
 [<c0103ec2>] show_registers+0x192/0x250 (68)
 [<c010410b>] die+0xeb/0x1a0 (56)
 [<c03f2236>] do_page_fault+0x176/0x57c (72)
 [<c0103943>] error_code+0x4f/0x54 (76)
 [<c03a88b4>] ip_conntrack_find_get+0x24/0x60 (16)
 [<c03a9444>] ip_conntrack_in+0xc4/0x370 (68)
 [<c03c4939>] nf_iterate+0x59/0x90 (36)
 [<c03c49c2>] nf_hook_slow+0x52/0x100 (48)
 [<c03741a2>] ip_rcv+0x182/0x4f0 (64)
 [<c035f95d>] netif_receive_skb+0x15d/0x1e0 (52)
 [<c02f2d97>] rtl8139_rx+0x1b7/0x340 (80)
 [<c02f3108>] rtl8139_poll+0x58/0x110 (40)
 [<c035fb32>] net_rx_action+0x72/0x140 (24)
 [<c011ee09>] ksoftirqd+0xb9/0x140 (40)
 [<c012d7d4>] kthread+0x94/0xa0 (28)
 [<c01010e9>] kernel_thread_helper+0x5/0xc (138059804)
---------------------------
| preempt count: 00000001 ]
| 1-level deep critical section nesting:
----------------------------------------
.. [<c013af6f>] .... add_preempt_count+0xf/0x20
.....[<c0104058>] ..   ( <= die+0x38/0x1a0)

------------------------------
| showing all locks held by: |  (softirq-net-rx//5 [f7c538f0,  98]):
------------------------------

#001:             [f7b50be4] {&tp->rx_lock}
... acquired at:               rtl8139_poll+0x39/0x110

#002:             [c0497bc0] {ip_conntrack_lock}
... acquired at:               ip_conntrack_find_get+0x1b/0x60

Code: 8d b4 26 00 00 00 00 55 89 e5 57 56 89 c6 53 83 ec 04 89 55 f0 e8 1d fa ff ff 8d 3c c5 00 00 00 00 89 fa 03 15 80 2a 59 c0 8b 1a <8b> 03 0f 18 00 90 39 da 75 47 e9 c4 00 00 00 b8 01 00 00 00 e8 
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]
  Powered by Linux