* ip_rt_bug questions.
@ 2011-04-18 21:48 Dave Jones
2011-04-18 21:49 ` David Miller
0 siblings, 1 reply; 9+ messages in thread
From: Dave Jones @ 2011-04-18 21:48 UTC (permalink / raw)
To: netdev
I managed to trigger this today..
ip_rt_bug: 0.0.0.0 -> 255.255.255.255, ?
if this is useful in some way, maybe it should be enhanced
to print out something else, like a backtrace ?
Also, should it be a printk_ratelimit() ? Or is there
ratelimiting done elsewhere in the routing code ?
or should it just be silenced, leaving just the kfree_skb ?
Dave
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: ip_rt_bug questions.
2011-04-18 21:48 ip_rt_bug questions Dave Jones
@ 2011-04-18 21:49 ` David Miller
2011-04-18 21:50 ` David Miller
0 siblings, 1 reply; 9+ messages in thread
From: David Miller @ 2011-04-18 21:49 UTC (permalink / raw)
To: davej; +Cc: netdev
From: Dave Jones <davej@redhat.com>
Date: Mon, 18 Apr 2011 17:48:10 -0400
> I managed to trigger this today..
>
> ip_rt_bug: 0.0.0.0 -> 255.255.255.255, ?
>
> if this is useful in some way, maybe it should be enhanced
> to print out something else, like a backtrace ?
>
> Also, should it be a printk_ratelimit() ? Or is there
> ratelimiting done elsewhere in the routing code ?
>
> or should it just be silenced, leaving just the kfree_skb ?
It's a very serious issue, it means we used an input route for
packet output.
Kernel version and what you were doing to trigger this?
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: ip_rt_bug questions.
2011-04-18 21:49 ` David Miller
@ 2011-04-18 21:50 ` David Miller
2011-04-18 21:59 ` Dave Jones
2011-05-21 17:16 ` Dave Jones
0 siblings, 2 replies; 9+ messages in thread
From: David Miller @ 2011-04-18 21:50 UTC (permalink / raw)
To: davej; +Cc: netdev
From: David Miller <davem@davemloft.net>
Date: Mon, 18 Apr 2011 14:49:09 -0700 (PDT)
> From: Dave Jones <davej@redhat.com>
> Date: Mon, 18 Apr 2011 17:48:10 -0400
>
>> I managed to trigger this today..
>>
>> ip_rt_bug: 0.0.0.0 -> 255.255.255.255, ?
>>
>> if this is useful in some way, maybe it should be enhanced
>> to print out something else, like a backtrace ?
>>
>> Also, should it be a printk_ratelimit() ? Or is there
>> ratelimiting done elsewhere in the routing code ?
>>
>> or should it just be silenced, leaving just the kfree_skb ?
>
> It's a very serious issue, it means we used an input route for
> packet output.
>
> Kernel version and what you were doing to trigger this?
BTW, if you could modify this thing to spit out a stack
trace (probably by using WARN_ON() or similar) that will
probably show us where the bug is coming from.
Thanks.
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: ip_rt_bug questions.
2011-04-18 21:50 ` David Miller
@ 2011-04-18 21:59 ` Dave Jones
2011-04-19 5:04 ` David Miller
2011-05-21 17:16 ` Dave Jones
1 sibling, 1 reply; 9+ messages in thread
From: Dave Jones @ 2011-04-18 21:59 UTC (permalink / raw)
To: David Miller; +Cc: netdev
On Mon, Apr 18, 2011 at 02:50:23PM -0700, David Miller wrote:
> >> ip_rt_bug: 0.0.0.0 -> 255.255.255.255, ?
> >>
> > It's a very serious issue, it means we used an input route for
> > packet output.
> >
> > Kernel version and what you were doing to trigger this?
current HEAD from Linus' tree.
It fell out twice so far this afternoon from my system call fuzzer.
> BTW, if you could modify this thing to spit out a stack
> trace (probably by using WARN_ON() or similar) that will
> probably show us where the bug is coming from.
Ok, I'll add that, and see if I can reproduce it again.
Dave
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: ip_rt_bug questions.
2011-04-18 21:59 ` Dave Jones
@ 2011-04-19 5:04 ` David Miller
2011-04-19 18:13 ` Dave Jones
0 siblings, 1 reply; 9+ messages in thread
From: David Miller @ 2011-04-19 5:04 UTC (permalink / raw)
To: davej; +Cc: netdev
From: Dave Jones <davej@redhat.com>
Date: Mon, 18 Apr 2011 17:59:23 -0400
> On Mon, Apr 18, 2011 at 02:50:23PM -0700, David Miller wrote:
>
> > BTW, if you could modify this thing to spit out a stack
> > trace (probably by using WARN_ON() or similar) that will
> > probably show us where the bug is coming from.
>
> Ok, I'll add that, and see if I can reproduce it again.
Thanks a lot Dave.
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: ip_rt_bug questions.
2011-04-19 5:04 ` David Miller
@ 2011-04-19 18:13 ` Dave Jones
2011-04-19 19:22 ` David Miller
0 siblings, 1 reply; 9+ messages in thread
From: Dave Jones @ 2011-04-19 18:13 UTC (permalink / raw)
To: David Miller; +Cc: netdev
On Mon, Apr 18, 2011 at 10:04:19PM -0700, David Miller wrote:
> From: Dave Jones <davej@redhat.com>
> Date: Mon, 18 Apr 2011 17:59:23 -0400
>
> > On Mon, Apr 18, 2011 at 02:50:23PM -0700, David Miller wrote:
> >
> > > BTW, if you could modify this thing to spit out a stack
> > > trace (probably by using WARN_ON() or similar) that will
> > > probably show us where the bug is coming from.
> >
> > Ok, I'll add that, and see if I can reproduce it again.
>
> Thanks a lot Dave.
So I hit that twice in the same hour yesterday, but haven't been
able to reproduce it since. My fuzzer must have been dependant
upon something I can't influence (memory contents perhaps, I pass
around random pointers).
I'll keep the WARN_ON in there in case I do stumble across it again.
Dave
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: ip_rt_bug questions.
2011-04-19 18:13 ` Dave Jones
@ 2011-04-19 19:22 ` David Miller
0 siblings, 0 replies; 9+ messages in thread
From: David Miller @ 2011-04-19 19:22 UTC (permalink / raw)
To: davej; +Cc: netdev
From: Dave Jones <davej@redhat.com>
Date: Tue, 19 Apr 2011 14:13:22 -0400
> So I hit that twice in the same hour yesterday, but haven't been
> able to reproduce it since. My fuzzer must have been dependant
> upon something I can't influence (memory contents perhaps, I pass
> around random pointers).
>
> I'll keep the WARN_ON in there in case I do stumble across it again.
Maybe it only triggers when a certain combination of your analog synths
are turned on?
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: ip_rt_bug questions.
2011-04-18 21:50 ` David Miller
2011-04-18 21:59 ` Dave Jones
@ 2011-05-21 17:16 ` Dave Jones
2011-05-23 1:02 ` David Miller
1 sibling, 1 reply; 9+ messages in thread
From: Dave Jones @ 2011-05-21 17:16 UTC (permalink / raw)
To: David Miller; +Cc: netdev
On Mon, Apr 18, 2011 at 02:50:23PM -0700, David Miller wrote:
> From: David Miller <davem@davemloft.net>
> Date: Mon, 18 Apr 2011 14:49:09 -0700 (PDT)
>
> > From: Dave Jones <davej@redhat.com>
> > Date: Mon, 18 Apr 2011 17:48:10 -0400
> >
> >> I managed to trigger this today..
> >>
> >> ip_rt_bug: 0.0.0.0 -> 255.255.255.255, ?
> >>
> >> if this is useful in some way, maybe it should be enhanced
> >> to print out something else, like a backtrace ?
> >>
> >> Also, should it be a printk_ratelimit() ? Or is there
> >> ratelimiting done elsewhere in the routing code ?
> >>
> >> or should it just be silenced, leaving just the kfree_skb ?
> >
> > It's a very serious issue, it means we used an input route for
> > packet output.
> >
> > Kernel version and what you were doing to trigger this?
>
> BTW, if you could modify this thing to spit out a stack
> trace (probably by using WARN_ON() or similar) that will
> probably show us where the bug is coming from.
I haven't been able to hit this again since I added the WARN_ON.
But you can guarantee that the next time I see it it will be on
a kernel where I forgot to re-add this. Could we get this merged
so I don't have to keep remembering it ?
Dave
Add a stack backtrace to the ip_rt_bug path for debugging
Signed-off-by: Dave Jones <davej@redhat.com>
diff --git a/net/ipv4/route.c b/net/ipv4/route.c
index 99e6e4b..6fb18b7 100644
--- a/net/ipv4/route.c
+++ b/net/ipv4/route.c
@@ -1687,6 +1687,7 @@ static int ip_rt_bug(struct sk_buff *skb)
&ip_hdr(skb)->saddr, &ip_hdr(skb)->daddr,
skb->dev ? skb->dev->name : "?");
kfree_skb(skb);
+ WARN_ON(1);
return 0;
}
^ permalink raw reply related [flat|nested] 9+ messages in thread
* Re: ip_rt_bug questions.
2011-05-21 17:16 ` Dave Jones
@ 2011-05-23 1:02 ` David Miller
0 siblings, 0 replies; 9+ messages in thread
From: David Miller @ 2011-05-23 1:02 UTC (permalink / raw)
To: davej; +Cc: netdev
From: Dave Jones <davej@redhat.com>
Date: Sat, 21 May 2011 13:16:42 -0400
> Add a stack backtrace to the ip_rt_bug path for debugging
>
> Signed-off-by: Dave Jones <davej@redhat.com>
Applied.
^ permalink raw reply [flat|nested] 9+ messages in thread
end of thread, other threads:[~2011-05-23 1:02 UTC | newest]
Thread overview: 9+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2011-04-18 21:48 ip_rt_bug questions Dave Jones
2011-04-18 21:49 ` David Miller
2011-04-18 21:50 ` David Miller
2011-04-18 21:59 ` Dave Jones
2011-04-19 5:04 ` David Miller
2011-04-19 18:13 ` Dave Jones
2011-04-19 19:22 ` David Miller
2011-05-21 17:16 ` Dave Jones
2011-05-23 1:02 ` David Miller
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.