[3484] in linux-net channel archive
Re: MBONE offer
daemon@ATHENA.MIT.EDU (Malcolm Beattie)
Tue Jun 25 07:07:36 1996
To: submit-linux-dev-net@ratatosk.yggdrasil.com
From: malcolm.beattie@computing-services.oxford.ac.uk (Malcolm Beattie)
Date: 25 Jun 1996 09:21:00 GMT
In article <199606241103.MAA05689@snowcrash.cymru.net>,
Alan Cox <alan@cymru.net> wrote:
>> * IP data field too short (4 bytes) for IGMP from 163.1.32.155
>> * Timed out receiving responses
>> Perhaps no local router has a route for source 163.1.2.13
>
>> or is it really, as it initially seems, a problem at the other end of the
>> tunnel. I don't like the look of those "IP data field too short" messages.
>
>Thats a tool not ported properly. Take a look how I patched mrouted itself
>to not assume a weird BSD mash the header fields property of IP RAW
I've checked that that's not the case. I got a kernel "Aiee..." from
mrouted last night:
Jun 24 20:05:43 plutonium kernel: Warning: kfree_skb passed an skb still on a list (from 00008e10).
Jun 24 20:05:43 plutonium kernel: general protection: 0000
Jun 24 20:05:43 plutonium kernel: CPU: 0
Jun 24 20:05:43 plutonium kernel: EIP: 0010:[<0013c468>]
Jun 24 20:05:43 plutonium kernel: EFLAGS: 00010286
Jun 24 20:05:43 plutonium kernel: eax: 00000000 ebx: aaaa0200 ecx: 0000000c edx: 00b5fc0c
Jun 24 20:05:43 plutonium kernel: esi: 00008e10 edi: 00000000 ebp: 001b26f4 esp: 00883ce8
Jun 24 20:05:43 plutonium kernel: ds: 0018 es: 0018 fs: 002b gs: 002b ss: 0018
Jun 24 20:05:43 plutonium kernel: Process mrouted (pid: 12466, process nr: 34, stackpage=00883000)
Jun 24 20:05:43 plutonium kernel: Stack: 0000b100 00000000 0000003c 0013c93e 00008e10 00000000 0000b118 00000000
Jun 24 20:05:43 plutonium kernel: 00193077 00008e10 00000000 00000001 00008e10 001b278c 001b26f4 00008de2
Jun 24 20:05:43 plutonium kernel: 00008e10 00000001 001b26f4 00000016 00000300 0013d424 00008e10 001b26f4
Jun 24 20:05:43 plutonium kernel: Call Trace: [<0013c93e>] [<00193077>] [<0013d424>] [<0013d47a>] [<00148cf5>] [<00193732>] [<0013c673>]
Jun 24 20:05:43 plutonium kernel: [<0014ff6e>] [<0014fd30>] [<0014ffb4>] [<00155381>] [<0013ae7e>] [<00154514>] [<0013b1c7>] [<0013b873>]
Jun 24 20:05:43 plutonium kernel: [<0010a5e2>]
Jun 24 20:05:43 plutonium kernel: Code: 83 bb ac 00 00 00 00 74 2f 85 ff 74 1b 56 53 e8 c4 fc ff ff
Jun 24 20:05:43 plutonium kernel: Aiee, killing interrupt handler
Disassembling kfree_skb shows that the problem is at line 602ish:
if (skb->sk)
{
struct sock * sk = skb->sk;
if(sk->prot!=NULL)
{
if (rw)
sock_rfree(sk, skb);
The assembly is
0x13c461 <kfree_skb+145>: movl 0x10(%esi),%ebx
0x13c464 <kfree_skb+148>: testl %ebx,%ebx
0x13c466 <kfree_skb+150>: je 0x13c4ca <kfree_skb+250>
0x13c468 <kfree_skb+152>: cmpl $0x0,0xac(%ebx)
%esi holds skb, it's non-zero. skb->sk gets put in %ebx and is wild
(0xaaaa0200) so dereferencing sk->prot faults.
--Malcolm
--
Malcolm Beattie <mbeattie@sable.ox.ac.uk>
Oxford University Computing Services
"Widget. It's got a widget. A lovely widget. A widget it has got." --Jack Dee
