Re: PROBLEM: kernel BUG at net/ipv6/ip6_output.c:718

PROBLEM: kernel BUG at net/ipv6/ip6_output.c:718 · cagri coltekin <hidden> · 2006-08-27
Re: PROBLEM: kernel BUG at net/ipv6/ip6_output.c:718 · Herbert Xu <herbert@gondor.apana.org.au> · 2006-08-28
Re: PROBLEM: kernel BUG at net/ipv6/ip6_output.c:718 · cagri coltekin <hidden> · 2006-08-28
Re: PROBLEM: kernel BUG at net/ipv6/ip6_output.c:718 · Herbert Xu <herbert@gondor.apana.org.au> · 2006-08-29
Re: PROBLEM: kernel BUG at net/ipv6/ip6_output.c:718 · cagri coltekin <hidden> · 2006-08-31
Re: PROBLEM: kernel BUG at net/ipv6/ip6_output.c:718 · Herbert Xu <herbert@gondor.apana.org.au> · 2006-09-01
Re: PROBLEM: kernel BUG at net/ipv6/ip6_output.c:718 · cagri coltekin <hidden> · 2006-09-01
Re: PROBLEM: kernel BUG at net/ipv6/ip6_output.c:718 · Herbert Xu <hidden> · 2006-09-25
Re: PROBLEM: kernel BUG at net/ipv6/ip6_output.c:718 · cagri coltekin <hidden> · 2006-09-26
Re: PROBLEM: kernel BUG at net/ipv6/ip6_output.c:718 · Herbert Xu <hidden> · 2006-09-28
Re: PROBLEM: kernel BUG at net/ipv6/ip6_output.c:718 · cagri coltekin <hidden> · 2006-09-28
Re: PROBLEM: kernel BUG at net/ipv6/ip6_output.c:718 · Herbert Xu <hidden> · 2006-10-03
Re: PROBLEM: kernel BUG at net/ipv6/ip6_output.c:718 · Herbert Xu <herbert@gondor.apana.org.au> · 2006-10-03
Re: PROBLEM: kernel BUG at net/ipv6/ip6_output.c:718 · cagri coltekin <hidden> · 2006-10-03
Re: PROBLEM: kernel BUG at net/ipv6/ip6_output.c:718 · James Morris <jmorris@namei.org> · 2006-10-03

From: Herbert Xu <hidden>
Date: 2006-09-25 12:15:55
Subsystem: networking [general], networking [ipv4/ipv6], the rest · Maintainers: "David S. Miller", Eric Dumazet, Jakub Kicinski, Paolo Abeni, David Ahern, Ido Schimmel, Linus Torvalds

On Fri, Sep 01, 2006 at 06:22:48PM +0200, cagri coltekin wrote:

The second causes the system to give the bug a couple of seconds
after bind starts, and loads the zones, without any traffic going
on. BTW, patch applied with some offset difference (3 for the
first -48 for the other two changes), on a pristine 2.6.17.11
source tree.

Well the good news is that I found a bug with MSG_PROBE that can
cause exactly what you're seeing.  The bad news is that bind doesn't
use MSG_PROBE :)

So please try this patch to narrow the problem down further.

Thanks,
-- 
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} [off-list ref]
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--

diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c
index 6671691..637b5c4 100644
--- a/net/ipv6/ip6_output.c
+++ b/net/ipv6/ip6_output.c

@@ -990,8 +990,10 @@ int ip6_append_data(struct sock *sk, int
 	int offset = 0;
 	int csummode = CHECKSUM_NONE;
 
-	if (flags&MSG_PROBE)
+	if (flags&MSG_PROBE) {
+		WARN_ON(1);
 		return 0;
+	}
 	if (skb_queue_empty(&sk->sk_write_queue)) {
 		/*
 		 * setup for corking

@@ -1013,6 +1015,7 @@ int ip6_append_data(struct sock *sk, int
 		dst_hold(&rt->u.dst);
 		np->cork.rt = rt;
 		inet->cork.fl = *fl;
+		BUG_ON(!fl->proto);
 		np->cork.hop_limit = hlimit;
 		np->cork.tclass = tclass;
 		mtu = dst_mtu(rt->u.dst.path);

@@ -1032,6 +1035,7 @@ int ip6_append_data(struct sock *sk, int
 	} else {
 		rt = np->cork.rt;
 		fl = &inet->cork.fl;
+		BUG_ON(!fl->proto);
 		if (inet->cork.flags & IPCORK_OPT)
 			opt = np->cork.opt;
 		transhdrlen = 0;

@@ -1285,6 +1289,7 @@ int ip6_push_pending_frames(struct sock 
 
 	if ((skb = __skb_dequeue(&sk->sk_write_queue)) == NULL)
 		goto out;
+	BUG_ON(!proto);
 	tail_skb = &(skb_shinfo(skb)->frag_list);
 
 	/* move skb->data to ip header from ext header */

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help