Re: oops in pre-2.0.31-1

Jon Lewis (
Sun, 27 Jul 1997 14:21:22 -0400 (EDT)

On Sun, 27 Jul 1997, Alan Cox wrote:

> > Call Trace: [ip_free+16/164] [ip_evictor+38/56] [ip_defrag+34/860] [ip_rcv+393/1412] [ip_rcv+815/1412] [timer_bh+193/820] [net_bh+252/284]
> > [do_bottom_half+59/96] [handle_bottom_half+11/32] [sys_idle+92/112] [system_call+85/128] [init+0/616] [start_kernel+429/440]
> If that trace is right something is very very wrong in kernel land somewhere

I'm pretty sure it's not a case of wrong, if that's what you
mean. ls -l *2.0.31*
-rw------- 1 root root 86568 May 19 18:01
-rw------- 1 root root 4688 May 19 17:49
-rw------- 1 root root 400425 May 19 18:01
vmlinuz-2.0.31-pre1-4 ls -l /boot/
lrwxrwxrwx 1 root root 33 May 19 13:27 /boot/ ->

> I think the timer_bh is just stack space confusing the trace, and it went
> receive an ip frame
> try to defragment it
> too many fragmented packets
> purge the fragment queue
> freeing a queue
> delete its timer
> blam...
> That could well be a real bug because thats a "doesnt normally occur" code path.
> I can't at the moment see how it could crash. Will dig further

That wouldn't surprise me too much. The system this happened to is an IRC
server and has about 25 bots running on it. Both these things seem to
provoke the worst in people and I know it's been attacked in numerous ways
in the with tools that spray huge numbers of IP fragments. I
vaguely remember kernel messages long ago about not being able to glue
packets together and running out of memory to buffer frags.

I got a message from saying he'd seen something
very similar in 2.1.47, but he didn't include any details. Would that
mean that it's a bug that's been around for "some time" or are there
networking changes from 2.1.x that have been back-ported to 2..0.31-pre-n?

Jon Lewis <> | Unsolicited commercial e-mail will
Network Administrator | be proof-read for $199/message.
Florida Digital Turnpike |
________Finger for PGP public key_______