Re: [Bugme-new] [Bug 16626] New: Machine hangs with EIP at skb_copy_and_csum_dev
From: Eric Dumazet <hidden>
Date: 2010-08-24 19:20:04
Le mardi 24 août 2010 à 20:25 +0300, Plamen Petrov a écrit :
Above patch applied, and happy to report the machine now spits data in the logs instead of oopsing. Here is what we have now: [ 707.276981] ---[ end trace 75e4f8534893c910 ]--- [ 707.376998] 100: csum_start 306, offset 16, headroom 390, headlen 70, len 70 [ 707.477015] nr_frags=0 gso_size=0 [ 707.577031] [ 1021.032794] ---[ end trace 75e4f8534893c911 ]--- [ 1021.132812] 100: csum_start 306, offset 16, headroom 390, headlen 153, len 153 [ 1021.232828] nr_frags=0 gso_size=0 [ 1021.332844]
Thanks !
csum_offset = 16.
so its offsetof(struct tcphdr, check)
maybe a bug in net/ipv4/netfilter/nf_nat_helper.c ?
We should trace all spots where we set csum_start/csum_offset
Or/And trace the skb content.
Please add a :
print_hex_dump(KERN_ERR, "skb data:", DUMP_PREFIX_OFFSET,
16, 1, skb->head, skb_end_pointer(skb)-skb->head,true);
call in skb_csum_start_bug(), right after the pr_err("\n") and before
the "return 1;"
int skb_csum_start_bug(const struct sk_buff *skb, int pos)
{
if (skb->ip_summed == CHECKSUM_PARTIAL) {
long csstart;
csstart = skb->csum_start - skb_headroom(skb);
if (WARN_ON(csstart > skb_headlen(skb))) {
int i;
pr_err("%d: csum_start %u, offset %u, headroom %d, headlen %d, len %d\n",
pos, skb->csum_start, skb->csum_offset, skb_headroom(skb),
skb_headlen(skb), skb->len);
pr_err("nr_frags=%u gso_size=%u ",
skb_shinfo(skb)->nr_frags,
skb_shinfo(skb)->gso_size);
for (i = 0; i < skb_shinfo(skb)->nr_frags; i++) {
pr_err("frag_size=%u ", skb_shinfo(skb)->frags[i].size);
}
pr_err("\n");
print_hex_dump(KERN_ERR, "skb data:", DUMP_PREFIX_OFFSET,
16, 1, skb->head, skb_end_pointer(skb) - skb->head, true);
return 1;
}
}
return 0;
}