Bug#269579: tracepath6 causes kernel boo-boo

To: submit@bugs.debian.org
Subject: Bug#269579: tracepath6 causes kernel boo-boo
From: Barak Pearlmutter <barak@cs.may.ie>
Date: Thu, 02 Sep 2004 04:12:34 -0600
Message-id: <[🔎] E1C2oa2-0004jT-3b@snot.cs.unm.edu>
Reply-to: barak@cs.may.ie, 269579@bugs.debian.org

Package: kernel-image-2.6.7-1-686
Version: 2.6.7-2

Doing a tracepath6 (package iputils-tracepath 3:20020927-2) to a
distant IPv6 address on my IPv6-enabled laptop (a Dell X200) over the
internel 802.11b card causes a kernel burp, which kills the tracepath6
application.  Lucky it doesn't bail the machine I guess!
--
Barak A. Pearlmutter <barak@cs.may.ie>
 Hamilton Institute, NUI Maynooth, Co. Kildare, Ireland
 http://www-bcl.cs.may.ie/~barak/

----------------------------------------------------------------

$ ifconfig

    eth0      Link encap:Ethernet  HWaddr 00:02:2D:B0:63:BA  
	      inet addr:10.11.13.40  Bcast:10.255.255.255  Mask:255.255.255.0
	      inet6 addr: 2002:528d:cbc1:0:202:2dff:feb0:63ba/64 Scope:Global
	      inet6 addr: fe80::202:2dff:feb0:63ba/64 Scope:Link
	      UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
	      RX packets:213767 errors:0 dropped:838 overruns:0 frame:0
	      TX packets:203248 errors:7 dropped:0 overruns:0 carrier:0
	      collisions:0 txqueuelen:1000 
	      RX bytes:231447671 (220.7 MiB)  TX bytes:33542930 (31.9 MiB)
	      Interrupt:10 Base address:0x100 

    lo        Link encap:Local Loopback  
	      inet addr:127.0.0.1  Mask:255.0.0.0
	      inet6 addr: ::1/128 Scope:Host
	      UP LOOPBACK RUNNING  MTU:16436  Metric:1
	      RX packets:12374 errors:0 dropped:0 overruns:0 frame:0
	      TX packets:12374 errors:0 dropped:0 overruns:0 carrier:0
	      collisions:0 txqueuelen:0 
	      RX bytes:963493 (940.9 KiB)  TX bytes:963493 (940.9 KiB)

$ egrep neuroma /etc/hosts

    2001:770:11d:0:207:e9ff:feaa:dd0 neuroma

$ tracepath6 neuroma

     1?: [LOCALHOST]                      pmtu 1500
    Segmentation fault

$ dmesg

    ...
    psmouse.c: TouchPad at isa0060/serio4/input0 - driver resynched.
    skput:under: d0419c7b:1524 put:14 dev:eth0------------[ cut here ]------------
    kernel BUG at net/core/skbuff.c:104!
    invalid operand: 0000 [#2]
    PREEMPT 
    Modules linked in: orinoco_cs orinoco hermes i8xx_tco ipmi_watchdog ipmi_msghandler sr_mod cdrom sbp2 scsi_mod ip6_tunnel usbhid af_packet ds i830 ipv6 thermal fan button processor ac battery microcode yenta_socket pcmcia_core snd_intel8x0 snd_ac97_codec snd_pcm_oss snd_mixer_oss snd_pcm snd_timer snd_page_alloc gameport snd_mpu401_uart snd_rawmidi snd_seq_device snd soundcore shpchp pciehp pci_hotplug uhci_hcd usbcore intel_agp agpgart tsdev mousedev nfsd exportfs lockd sunrpc joydev evdev dm_mod capability commoncap hw_random psmouse rtc i8k ohci1394 ieee1394 ext3 jbd mbcache ide_disk ide_generic piix ide_core unix font vesafb cfbcopyarea cfbimgblt cfbfillrect
    CPU:    0
    EIP:    0060:[<c0211bbb>]    Not tainted
    EFLAGS: 00210286   (2.6.7-1-686) 
    EIP is at skb_under_panic+0x3b/0x50
    eax: 0000002d   ebx: c74fd460   ecx: 00000000   edx: cb232000
    esi: c852e37c   edi: c3a47002   ebp: c852e358   esp: cb233be8
    ds: 007b   es: 007b   ss: 0068
    Process tracepath6 (pid: 32684, threadinfo=cb232000 task=ce63b1b0)
    Stack: c029e160 d0419c7b 000005f4 0000000e c833c800 d0419c87 c74fd460 0000000e 
	   d0419c7b ce63b1b0 00000010 00200246 00200246 cf76d2b8 00000000 cb233cc8 
	   cf76d2b0 d041b122 cb233cc8 c74fd460 c1067a80 c651960c 40018000 c4db9714 
    Call Trace:
     [<d0419c7b>] ip6_output2+0x12b/0x280 [ipv6]
     [<d0419c87>] ip6_output2+0x137/0x280 [ipv6]
     [<d0419c7b>] ip6_output2+0x12b/0x280 [ipv6]
     [<d041b122>] ip6_fragment+0x742/0x860 [ipv6]
     [<d0419e05>] ip6_output+0x35/0x50 [ipv6]
     [<d0419b50>] ip6_output2+0x0/0x280 [ipv6]
     [<d041bde2>] ip6_push_pending_frames+0x292/0x430 [ipv6]
     [<d042e335>] udp_v6_push_pending_frames+0x145/0x1a0 [ipv6]
     [<c0235950>] ip_generic_getfrag+0x0/0xc0
     [<d042e866>] udpv6_sendmsg+0x4d6/0x870 [ipv6]
     [<c020e276>] sock_recvmsg+0x96/0xc0
     [<c025ce8d>] inet_sendmsg+0x4d/0x60
     [<c020e1a8>] sock_sendmsg+0x98/0xd0
     [<c01a5772>] copy_from_user+0x42/0x70
     [<c020fe1d>] sys_recvmsg+0x1ed/0x200
     [<c020df3c>] sockfd_lookup+0x1c/0x80
     [<c020f6bc>] sys_sendto+0xdc/0x100
     [<c027937b>] schedule+0x2bb/0x4d0
     [<c020f713>] sys_send+0x33/0x40
     [<c020ff73>] sys_socketcall+0x143/0x260
     [<c0106009>] sysenter_past_esp+0x52/0x71

    Code: 0f 0b 68 00 6a c7 29 c0 83 c4 14 c3 89 f6 8d bc 27 00 00 00 
     <4>psmouse.c: TouchPad at isa0060/serio4/input0 lost sync at byte 4
    psmouse.c: TouchPad at isa0060/serio4/input0 lost sync at byte 4
    psmouse.c: TouchPad at isa0060/serio4/input0 lost sync at byte 1
    ...

$ cardctl ident

    Socket 0:
      no product info available
    Socket 1:
      product info: "Dell", "TrueMobile 1150 Series PC Card", "Version 01.01", ""
      manfid: 0x0156, 0x0002
      function: 6 (network)

Reply to:

Prev by Date: Processed: kernel
Next by Date: patches management in Debian kernels...
Previous by thread: Processed: kernel
Next by thread: patches management in Debian kernels...
Index(es):
- Date
- Thread