Package: linux-image-2.6.32-5-xen-amd64 Version: 2.6.32-35 Severity: critical Justification: breaks the whole system
Dear Maintainer, On debian 6.0.2 i am running a XEN guest with 2.6.32-5-xen-amd64 from linux-image-2.6.32-5-xen-amd64 (version 2.6.32-35). The bug sounds like it comes from the openvirtuozzo patch. When attempting to do: # sh -x ./foo add 5038 + what=add + port=5038 + bitspersec=30000 + bps=3750bps + burst=3kb + tc qdisc add dev eth0 root handle 1:0 htb + tc class add dev eth0 parent 1:0 classid 1:666 htb rate 100mbit ceil 100mbit + tc qdisc add dev eth0 parent 1:666 handle 2:0 sfq perturb 10 + tc filter add dev eth0 parent 2:0 protocol ip u32 match ip sport 5038 0xff00 police rate 3750bps burst 3kb mpu 0 action drop/continue flowid 2:0 Killed + [ add = add ] + tc qdisc show dev eth0 [hangs forever] dmesg tells me: [2313063.901744] HTB: quantum of class 10666 is big. Consider r2q change. [2313063.908460] u32 classifier [2313063.908465] Performance counters on [2313063.908468] input device check on [2313063.908471] Actions configured [2313063.910372] BUG: unable to handle kernel NULL pointer dereference at (null) [2313063.910381] IP: [<(null)>] (null) [2313063.910386] PGD 9a6ba067 PUD fe070067 PMD 0 [2313063.910393] Oops: 0010 [#1] SMP [2313063.910398] last sysfs file: /sys/devices/virtual/net/lo/operstate [2313063.910402] CPU 0 [2313063.910406] Modules linked in: act_police cls_u32 sch_sfq sch_htb snd_pcm snd_timer snd soundcore evdev snd_page_alloc pcspkr ext4 mbcache jbd2 crc16 xen_netfront xen_blkfront [2313063.910432] Pid: 1331, comm: tc Not tainted 2.6.32-5-xen-amd64 #1 [2313063.910436] RIP: e030:[<0000000000000000>] [<(null)>] (null) [2313063.910441] RSP: e02b:ffff880002e03940 EFLAGS: 00010282 [2313063.910446] RAX: ffffffffa0106c80 RBX: ffff8800fe5650c0 RCX: 0000000071dde1fb [2313063.910451] RDX: 0000000000020000 RSI: 0000000000000000 RDI: ffff8800fe4a8000 [2313063.910456] RBP: ffff8800fd72d840 R08: ffff8800038ade30 R09: ffff880002e038d8 [2313063.910461] R10: 0000000000000001 R11: 0000000000000001 R12: ffff8800fd72dfc0 [2313063.910466] R13: ffff8800fe5650c0 R14: ffff880002e039b8 R15: 0000000000000000 [2313063.910474] FS: 00007fbc7d947700(0000) GS:ffff88000389c000(0000) knlGS:0000000000000000 [2313063.910479] CS: e033 DS: 0000 ES: 0000 CR0: 000000008005003b [2313063.910484] CR2: 0000000000000000 CR3: 00000000027ec000 CR4: 0000000000002660 [2313063.910489] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [2313063.910494] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 [2313063.910499] Process tc (pid: 1331, threadinfo ffff880002e02000, task ffff8800fdb98000) [2313063.910504] Stack: [2313063.910507] ffffffffa010d7b8 ffff8800fe79a500 ffffffffa010dabe 00000020a010d439 [2313063.910514] <0> ffff8800fe5650c0 ffff88009a107488 0000000080000800 ffff8800fd72d840 [2313063.913009] <0> ffff880002e03aa8 ffff8800fd72dfc0 ffffffffa010db3c 0000000000000002 [2313063.913009] Call Trace: [2313063.913009] [<ffffffffa010d7b8>] ? u32_set_parms+0xbd/0x143 [cls_u32] [2313063.913009] [<ffffffffa010dabe>] ? u32_change+0x280/0x39c [cls_u32] [2313063.913009] [<ffffffffa010db3c>] ? u32_change+0x2fe/0x39c [cls_u32] [2313063.913009] [<ffffffff812769bf>] ? tc_ctl_tfilter+0x544/0x5af [2313063.913009] [<ffffffff81276965>] ? tc_ctl_tfilter+0x4ea/0x5af [2313063.913009] [<ffffffff8100e629>] ? xen_force_evtchn_callback+0x9/0xa [2313063.913009] [<ffffffff8127b308>] ? netlink_sendmsg+0x162/0x255 [2313063.913009] [<ffffffff81269c83>] ? rtnetlink_rcv_msg+0x0/0x1f5 [2313063.913009] [<ffffffff8127aec8>] ? netlink_rcv_skb+0x34/0x7c [2313063.913009] [<ffffffff81269c7d>] ? rtnetlink_rcv+0x1f/0x25 [2313063.913009] [<ffffffff8127acbc>] ? netlink_unicast+0xe2/0x148 [2313063.913009] [<ffffffff81258a89>] ? __alloc_skb+0x69/0x15a [2313063.913009] [<ffffffff8127b3e8>] ? netlink_sendmsg+0x242/0x255 [2313063.913009] [<ffffffff812513f5>] ? sock_sendmsg+0xa3/0xbb [2313063.913009] [<ffffffff812512f9>] ? sock_recvmsg+0xa6/0xbe [2313063.913009] [<ffffffff81065f06>] ? autoremove_wake_function+0x0/0x2e [2313063.913009] [<ffffffff81065f06>] ? autoremove_wake_function+0x0/0x2e [2313063.913009] [<ffffffff81259df4>] ? verify_iovec+0x46/0x96 [2313063.913009] [<ffffffff81251637>] ? sys_sendmsg+0x22a/0x2b5 [2313063.913009] [<ffffffff8100ece2>] ? check_events+0x12/0x20 [2313063.913009] [<ffffffff811541f7>] ? cap_file_free_security+0x0/0x1 [2313063.913009] [<ffffffff8130f906>] ? do_page_fault+0x2e0/0x2fc [2313063.913009] [<ffffffff81011b42>] ? system_call_fastpath+0x16/0x1b [2313063.913009] Code: Bad RIP value. [2313063.913009] RIP [<(null)>] (null) [2313063.913009] RSP <ffff880002e03940> [2313063.913009] CR2: 0000000000000000 [2313063.913009] ---[ end trace 3a2d2e66e526d672 ]--- The tc comes from: ii iproute 20100519-3 System Information below is from the host running reportbug which is NOT the machine the oops occurs; Problem installation is running: squeeze (6.0.2), amd64, 2.6.32-5-xen-amd64 -- System Information: Debian Release: wheezy/sid APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 3.0.0-1-amd64 (SMP w/4 CPU cores) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
