Hi,
after the latest point release some debian.org hosts became unreliable.
That was tracked down to a panic in the networking code. Ben provided a
test patch:
From: Ben Hutchings <ben@decadent.org.uk>
Date: Tue, 21 Oct 2014 00:49:22 +0100
Subject: ipv6: ipv6_select_ident: handle null rt
Forwarded: not-needed
In Linux 3.2, ipv6_select_ident() can apparently still be called with
rt == NULL and must avoid dereferencing it in this case.
We should probably fix the callers, so WARN_ON_ONCE to get a clue
about how this happens.
---
--- a/net/ipv6/ip6_output.c
+++ b/net/ipv6/ip6_output.c
@@ -604,13 +604,18 @@ void ipv6_select_ident(struct frag_hdr *
static bool hashrnd_initialized = false;
u32 hash, id;
+ if (WARN_ON_ONCE(!rt)) {
+ hash = 0;
+ goto reserve;
+ }
+
if (unlikely(!hashrnd_initialized)) {
hashrnd_initialized = true;
get_random_bytes(&ip6_idents_hashrnd, sizeof(ip6_idents_hashrnd));
}
hash = __ipv6_addr_jhash(&rt->rt6i_dst.addr, ip6_idents_hashrnd);
hash = __ipv6_addr_jhash(&rt->rt6i_src.addr, hash);
-
+reserve:
id = ip_idents_reserve(hash, 1);
fhdr->identification = htonl(id);
}
which resulted in the following trace:
[ 436.375412] ------------[ cut here ]------------
[ 436.375439] WARNING: at /usr/src/linux-3.2.63/net/ipv6/ip6_output.c:607 ipv6_select_ident+0x28/0x8b()
[ 436.375446] Hardware name: ProLiant DL585 G2
[ 436.375451] Modules linked in: ipmi_devintf ip6t_REJECT ip6t_LOG nf_conntrack_ipv6 nf_defrag_ipv6 ip6table_filter ip6_tables ipt_REJECT ipt_ULOG xt_tcpudp nf_conntrack_ipv4 nf_defrag_ipv4 xt_state nf_conntrack ses xt_hashlimit enclosure xt_multiport iptable_filter ip_tables x_tables crc32c ib_iser rdma_cm ib_addr iw_cm ib_cm ib_sa ib_mad ib_core iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi bridge sd_mod dm_round_robin crc_t10dif bonding xfs ext4 crc16 jbd2 hmac drbd lru_cache 8021q garp stp dm_snapshot loop dm_multipath scsi_dh vhost_net tun macvtap macvlan kvm_amd kvm radeon ttm ipmi_si drm_kms_helper ipmi_msghandler k8temp powernow_k8 mperf hpilo drm power_supply i2c_algo_bit shpchp amd64_edac_mod edac_mce_amd edac_core psmouse hpwdt i2c_core snd_pcm snd_page_alloc snd_timer snd soundcore processor cdc_acm pcspkr evdev serio_raw container button thermal_sys ext3 mbcache jbd dm_mod usbhid hid sg sr_mod cdrom hpsa ata_generic lpfc pata_amd uhci_hcd libata scsi_transport_fc scsi_tgt ohci_hcd bnx2 ehci_hcd cciss scsi_mod usbcore usb_common [last unloaded: scsi_wait_scan]
[ 436.375642] Pid: 12085, comm: unbound Not tainted 3.2.0-4-amd64 #1 Debian 3.2.63-2a~test
[ 436.375647] Call Trace:
[ 436.375666] [<ffffffff81046d61>] ? warn_slowpath_common+0x78/0x8c
[ 436.375676] [<ffffffff812ff40f>] ? ipv6_select_ident+0x28/0x8b
[ 436.375685] [<ffffffff81311411>] ? udp6_ufo_fragment+0x124/0x1a2
[ 436.375696] [<ffffffff812fd569>] ? ipv6_gso_segment+0xb8/0x14e
[ 436.375705] [<ffffffff81036273>] ? __wake_up_common+0x40/0x77
[ 436.375715] [<ffffffff812905b4>] ? skb_gso_segment+0x208/0x28b
[ 436.375725] [<ffffffff81037f7b>] ? __wake_up+0x35/0x46
[ 436.375734] [<ffffffff81071295>] ? arch_local_irq_save+0x11/0x17
[ 436.375746] [<ffffffff813508f9>] ? _raw_spin_lock_irqsave+0x9/0x25
[ 436.375756] [<ffffffff8105266a>] ? lock_timer_base.isra.29+0x23/0x47
[ 436.375764] [<ffffffff81350937>] ? _raw_spin_unlock_irqrestore+0xe/0xf
[ 436.375771] [<ffffffff81052926>] ? __mod_timer+0x139/0x14b
[ 436.375781] [<ffffffff8104c2c9>] ? _local_bh_enable_ip.isra.11+0x1e/0x88
[ 436.375794] [<ffffffffa06b159a>] ? ip6t_do_table+0x5b2/0x5e4 [ip6_tables]
[ 436.375805] [<ffffffff81292337>] ? dev_hard_start_xmit+0x32d/0x518
[ 436.375814] [<ffffffff812b28bd>] ? nf_iterate+0x41/0x77
[ 436.375823] [<ffffffff812a8a63>] ? sch_direct_xmit+0x61/0x135
[ 436.375833] [<ffffffff812927e4>] ? dev_queue_xmit+0x2c2/0x46b
[ 436.375856] [<ffffffffa05db84b>] ? br_dev_queue_push_xmit+0x9b/0x9f [bridge]
[ 436.375871] [<ffffffffa05da31d>] ? br_dev_xmit+0x12e/0x142 [bridge]
[ 436.375880] [<ffffffff812923dc>] ? dev_hard_start_xmit+0x3d2/0x518
[ 436.375888] [<ffffffff812ffc73>] ? ip6_fragment+0x801/0x801
[ 436.375897] [<ffffffff812928e3>] ? dev_queue_xmit+0x3c1/0x46b
[ 436.375906] [<ffffffff812fe8b6>] ? ip6_finish_output2+0x216/0x26a
[ 436.375916] [<ffffffff81300d08>] ? ip6_push_pending_frames+0x307/0x391
[ 436.375925] [<ffffffff813117f1>] ? udp_v6_push_pending_frames+0x284/0x2fc
[ 436.375934] [<ffffffff81312855>] ? udpv6_sendmsg+0x6e0/0x8a0
[ 436.375942] [<ffffffff810411d9>] ? find_busiest_group+0x1f5/0x805
[ 436.375956] [<ffffffff81280461>] ? sock_sendmsg+0xc1/0xde
[ 436.375965] [<ffffffff812de4c2>] ? inet_recvmsg+0x5b/0x6f
[ 436.375974] [<ffffffff81280340>] ? sock_recvmsg+0xcd/0xec
[ 436.375982] [<ffffffff8128382c>] ? sock_kmalloc+0x41/0x63
[ 436.375989] [<ffffffff8128382c>] ? sock_kmalloc+0x41/0x63
[ 436.375999] [<ffffffff810ed0ca>] ? __kmalloc+0x100/0x112
[ 436.376032] [<ffffffff81036618>] ? should_resched+0x5/0x23
[ 436.376040] [<ffffffff81036618>] ? should_resched+0x5/0x23
[ 436.376048] [<ffffffff8134f56c>] ? _cond_resched+0x7/0x1c
[ 436.376056] [<ffffffff8127eeaf>] ? copy_from_user+0x18/0x30
[ 436.376065] [<ffffffff81280717>] ? ___sys_sendmsg+0x209/0x2a9
[ 436.376075] [<ffffffff812d6e79>] ? udp_poll+0xf/0x42
[ 436.376082] [<ffffffff81036618>] ? should_resched+0x5/0x23
[ 436.376089] [<ffffffff8134f56c>] ? _cond_resched+0x7/0x1c
[ 436.376106] [<ffffffff8128125c>] ? move_addr_to_user+0x70/0x8a
[ 436.376123] [<ffffffff81281e90>] ? sys_recvfrom+0xfd/0x12a
[ 436.376139] [<ffffffff81350937>] ? _raw_spin_unlock_irqrestore+0xe/0xf
[ 436.376159] [<ffffffff810fc3b6>] ? fget_light+0x2e/0x7b
[ 436.376175] [<ffffffff81282087>] ? __sys_sendmsg+0x39/0x58
[ 436.376192] [<ffffffff813559d2>] ? system_call_fastpath+0x16/0x1b
[ 436.376203] ---[ end trace dfa37d448a0a925f ]---
It looks like that ipv6_select_ident call in udp6_ufo_fragment was
removed in 3.14 by
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=916e4cf46d0204806c062c8c6c4d1f633852c5b6
Cheers,
Julien
