From: Ding Tianhong <dingtianhong@huawei.com>
To: Eric Dumazet <eric.dumazet@gmail.com>,
David Miller <davem@davemloft.net>, <yoshfuji@linux-ipv6.org>,
<joe@perches.com>, <vfalico@redhat.com>, <netdev@vger.kernel.org>
Subject: Re: [PATCH net] net: neighbour: add neighbour dead check for neigh_timer_handler()
Date: Wed, 18 Dec 2013 16:19:43 +0800 [thread overview]
Message-ID: <52B15A9F.6030301@huawei.com> (raw)
In-Reply-To: <20131218075131.GD27460@order.stressinduktion.org>
On 2013/12/18 15:51, Hannes Frederic Sowa wrote:
> Hi Ding!
>
> May I step in for short?
>
> On Wed, Dec 18, 2013 at 02:37:35PM +0800, Ding Tianhong wrote:
>> On 2013/12/5 11:17, Ding Tianhong wrote:
>>> On 2013/12/5 8:32, Gao feng wrote:
>>>> On 12/04/2013 11:24 PM, Eric Dumazet wrote:
>>>>> On Wed, 2013-12-04 at 17:16 +0800, Ding Tianhong wrote:
>>>>>>>> base->running_timer = neigh->timer;
>>>>>>>> neigh_timer_handler() => at this time, refcnt is 2;
>>>>>>>>
>>>>>>>> user-> neigh_changeaddr()
>>>>>>>> neigh_flush_dev();
>>>>>>>> neigh_del_imer, refcnt dec to 1;
>>>>>>>
>>>>>>> Nope : del_timer() would return 0 here, so we do not decrement refcnt.
>>>>>>>
>>>>>>
>>>>>> The first call for del_timer() will return 1, because the timer->entry.next is not NULL,
>>>>>> then in the neigh_destroy, the del_timer() again will return 0 because timer->entry.next is NULL.
>>>>>
>>>>> Again no. You are very mistaken.
>>>>>
>>>>> del_timer() return code is not a hint. Its a precise meaning.
>>>>>
>>>>> It cannot return 1 if the timer function is running or is about to run.
>>>>>
>>>>> If you believe there is bug in del_timer(), fix it ;)
>>>>>
>>>>>
>>>>
>>>> Yes, you are right, __run_timers did this job.
>>>> So We still don't know what's the root reason.
>>>>
>>> Yes, I miss it, the running timer is detached from the list, thanks for all above.
>>>
>>> Regards
>>> Ding
>>>
>>
>>
>> Hi Eric:
>>
>> I was so doubt about the situation, can you give me some advise?
>>
>> CPU0 CPU1 CPU2
>> -------- -------- ---------
>> neigh_timer_handler
>> write_lock(n->lock);
>> ...
>> write_unlock(n->lock);
>> n->ref_cnt = 2 or 3(if mode_time)
>> ... neigh_flush_dev
>> write_lock(n->lock);
>> n->ref_cnt = 2;
>> n->nud_state = NUD_NONE;
>> write_unlock(n->lock);
>> neigh_release()
>> n->ref_cnt = 1;
>> ... neigh_periodic_work
>> write_lock(n->lock);
>> write_unlock(n->lock);
>> neigh_release();
>> kfree(n)
>> n->ops->solicit() ...
>> ...
>>
>> if that possible? or I was totally wrong? pls give me some advise if I miss something, thanks a lot.
>
> When you first posted the patch I had my doubts that there is such
> race. E.g. n->dead was 0 in the neigh you posted. After all the neigh
> timer has its own reference and does check ->dead before proceeding. I maybe
> wrong because the memory could already be overwritten.
>
> (Maybe we should move the ->dead check inside the write_lock to use it as a
> barrier.)
>
> Maybe there was another dereference which caused the bug. Could you check if
> you have the code section from the panic? It should look something like
>
> Code: FF FF FF .. <FF> ..
>
> Sometimes using addr2line on vmlinux with the RIP could give another hint.
>
> Greetings,
>
> Hannes
>
Hi Hannes:
Thanks for your attention. I hope it useful to you.
235 [64306.090258] Supported: Yes, External
236 [64306.090262] Pid: 58359, comm: socknal_cd04 Tainted: P N 2.6.32.59-0.7-default #1 T3500 G3
237 [64306.090266] RIP: 0010:[<ffffffff812f8e36>] [<ffffffff812f8e36>] neigh_timer_handler+0x116/0x3b0
238 [64306.090272] RSP: 0018:ffff880c273499d8 EFLAGS: 00010206
239 [64306.090275] RAX: 0000000000000000 RBX: ffff8801cddf1500 RCX: ffff8801cddf14f2
240 [64306.090278] RDX: 0000000000000000 RSI: ffff8805e40d3a28 RDI: ffff8801cddf1500
241 [64306.090281] RBP: ffff8805e40d3a28 R08: ffff8801cddf1530 R09: ffff880c27349b17
242 [64306.090284] R10: 000000000000000e R11: ffffffff812f8e22 R12: ffff880185c0e840
243 [64306.090287] R13: 0000000000000000 R14: ffff8805e40d3a60 R15: 0000000003484560
ffffffff812f8e36 (t) neigh_timer_handler+278 ../linux/net/core/neighbour.c: 876
crash> dis -l neigh_timer_handler
/usr/src/linux/net/core/neighbour.c: 798
0xffffffff812f8d20 <neigh_timer_handler>: sub $0x28,%rsp
0xffffffff812f8d24 <neigh_timer_handler+4>: mov %r14,0x20(%rsp)
/usr/src/linux/net/core/neighbour.c: 804
0xffffffff812f8d29 <neigh_timer_handler+9>: lea 0x40(%rdi),%r14
/usr/src/linux/net/core/neighbour.c: 798
0xffffffff812f8d2d <neigh_timer_handler+13>: mov %rbx,(%rsp)
0xffffffff812f8d31 <neigh_timer_handler+17>: mov %rdi,%rbx
0xffffffff812f8d34 <neigh_timer_handler+20>: mov %rbp,0x8(%rsp)
0xffffffff812f8d39 <neigh_timer_handler+25>: mov %r12,0x10(%rsp)
/usr/src/linux/net/core/neighbour.c: 804
0xffffffff812f8d3e <neigh_timer_handler+30>: mov %r14,%rdi
/usr/src/linux/net/core/neighbour.c: 798
0xffffffff812f8d41 <neigh_timer_handler+33>: mov %r13,0x18(%rsp)
/usr/src/linux/net/core/neighbour.c: 878
0xffffffff812f8d46 <neigh_timer_handler+38>: xor %r13d,%r13d
/usr/src/linux/net/core/neighbour.c: 804
0xffffffff812f8d49 <neigh_timer_handler+41>: callq 0xffffffff81394bb0 <_write_lock>
/usr/src/linux/net/core/neighbour.c: 806
0xffffffff812f8d4e <neigh_timer_handler+46>: movzbl 0x39(%rbx),%edx
/usr/src/linux/net/core/neighbour.c: 807
0xffffffff812f8d52 <neigh_timer_handler+50>: mov 0x634ba7(%rip),%rdi # 0xffffffff8192d900
0xffffffff812f8d59 <neigh_timer_handler+57>: lea 0x70(%rbx),%r12
/usr/src/linux/net/core/neighbour.c: 808
0xffffffff812f8d5d <neigh_timer_handler+61>: lea 0xfa(%rdi),%rbp
/usr/src/linux/net/core/neighbour.c: 806
0xffffffff812f8d64 <neigh_timer_handler+68>: movzbl %dl,%eax
/usr/src/linux/net/core/neighbour.c: 810
0xffffffff812f8d67 <neigh_timer_handler+71>: test $0x1b,%al
0xffffffff812f8d69 <neigh_timer_handler+73>: je 0xffffffff812f8e50 <neigh_timer_handler+304>
/usr/src/linux/net/core/neighbour.c: 817
0xffffffff812f8d6f <neigh_timer_handler+79>: test $0x2,%al
0xffffffff812f8d71 <neigh_timer_handler+81>: je 0xffffffff812f8e98 <neigh_timer_handler+376>
/usr/src/linux/net/core/neighbour.c: 818
0xffffffff812f8d77 <neigh_timer_handler+87>: mov 0x10(%rbx),%r8
0xffffffff812f8d7b <neigh_timer_handler+91>: movslq 0x5c(%r8),%rsi
0xffffffff812f8d7f <neigh_timer_handler+95>: add 0x28(%rbx),%rsi
0xffffffff812f8d83 <neigh_timer_handler+99>: cmp %rdi,%rsi
0xffffffff812f8d86 <neigh_timer_handler+102>: js 0xffffffff812f8f58 <neigh_timer_handler+568>
0xffffffff812f8d8c <neigh_timer_handler+108>: mov %rsi,%rbp
/usr/src/linux/net/core/neighbour.c: 857
0xffffffff812f8d8f <neigh_timer_handler+111>: movzbl %dl,%eax
0xffffffff812f8d92 <neigh_timer_handler+114>: test $0x11,%al
0xffffffff812f8d94 <neigh_timer_handler+116>: je 0xffffffff812f8db0 <neigh_timer_handler+144>
/usr/src/linux/net/core/neighbour.c: 768
0xffffffff812f8d96 <neigh_timer_handler+118>: test $0x10,%al
/usr/src/linux/include/asm/atomic_64.h: 23
0xffffffff812f8d98 <neigh_timer_handler+120>: mov 0x3c(%rbx),%esi
/usr/src/linux/net/core/neighbour.c: 767
0xffffffff812f8d9b <neigh_timer_handler+123>: mov 0x10(%rbx),%rcx
/usr/src/linux/net/core/neighbour.c: 768
0xffffffff812f8d9f <neigh_timer_handler+127>: je 0xffffffff812f8fe8 <neigh_timer_handler+712>
0xffffffff812f8da5 <neigh_timer_handler+133>: mov 0x68(%rcx),%edx
/usr/src/linux/net/core/neighbour.c: 857
0xffffffff812f8da8 <neigh_timer_handler+136>: cmp %edx,%esi
0xffffffff812f8daa <neigh_timer_handler+138>: jge 0xffffffff812f9000 <neigh_timer_handler+736>
/usr/src/linux/net/core/neighbour.c: 864
0xffffffff812f8db0 <neigh_timer_handler+144>: test $0x1b,%al
0xffffffff812f8db2 <neigh_timer_handler+146>: lea 0x70(%rbx),%r12
0xffffffff812f8db6 <neigh_timer_handler+150>: je 0xffffffff812f8df1 <neigh_timer_handler+209>
/usr/src/linux/net/core/neighbour.c: 865
0xffffffff812f8db8 <neigh_timer_handler+152>: mov 0x634b41(%rip),%rax # 0xffffffff8192d900
0xffffffff812f8dbf <neigh_timer_handler+159>: mov %rbp,%rdx
0xffffffff812f8dc2 <neigh_timer_handler+162>: sub %rax,%rdx
0xffffffff812f8dc5 <neigh_timer_handler+165>: mov %rdx,%rax
0xffffffff812f8dc8 <neigh_timer_handler+168>: sub $0x7d,%rax
0xffffffff812f8dcc <neigh_timer_handler+172>: js 0xffffffff812f9020 <neigh_timer_handler+768>
/usr/src/linux/net/core/neighbour.c: 867
0xffffffff812f8dd2 <neigh_timer_handler+178>: lea 0x98(%rbx),%rdi
0xffffffff812f8dd9 <neigh_timer_handler+185>: mov %rbp,%rsi
0xffffffff812f8ddc <neigh_timer_handler+188>: callq 0xffffffff81057db0 <mod_timer>
0xffffffff812f8de1 <neigh_timer_handler+193>: test %eax,%eax
0xffffffff812f8de3 <neigh_timer_handler+195>: je 0xffffffff812f8fd0 <neigh_timer_handler+688>
0xffffffff812f8de9 <neigh_timer_handler+201>: movzbl 0x39(%rbx),%eax
0xffffffff812f8ded <neigh_timer_handler+205>: lea 0x70(%rbx),%r12
/usr/src/linux/net/core/neighbour.c: 870
0xffffffff812f8df1 <neigh_timer_handler+209>: test $0x11,%al
0xffffffff812f8df3 <neigh_timer_handler+211>: je 0xffffffff812f8e50 <neigh_timer_handler+304>
/usr/src/linux/include/linux/skbuff.h: 787
0xffffffff812f8df5 <neigh_timer_handler+213>: mov 0x80(%rbx),%rbp
0xffffffff812f8dfc <neigh_timer_handler+220>: lea 0x80(%rbx),%rax
/usr/src/linux/include/linux/skbuff.h: 788
0xffffffff812f8e03 <neigh_timer_handler+227>: cmp %rbp,%rax
0xffffffff812f8e06 <neigh_timer_handler+230>: je 0xffffffff812f9060 <neigh_timer_handler+832>
/usr/src/linux/net/core/neighbour.c: 873
0xffffffff812f8e0c <neigh_timer_handler+236>: test %rbp,%rbp
0xffffffff812f8e0f <neigh_timer_handler+239>: je 0xffffffff812f8e21 <neigh_timer_handler+257>
/usr/src/linux/net/core/neighbour.c: 874
0xffffffff812f8e11 <neigh_timer_handler+241>: mov %rbp,%rdi
0xffffffff812f8e14 <neigh_timer_handler+244>: mov $0x20,%esi
0xffffffff812f8e19 <neigh_timer_handler+249>: callq 0xffffffff812e83c0 <skb_copy>
0xffffffff812f8e1e <neigh_timer_handler+254>: mov %rax,%rbp
/usr/src/linux/include/asm/spinlock.h: 294
0xffffffff812f8e21 <neigh_timer_handler+257>: lock addl $0x1000000,0x40(%rbx)
/usr/src/linux/net/core/neighbour.c: 876
0xffffffff812f8e29 <neigh_timer_handler+265>: mov 0xe8(%rbx),%rax
0xffffffff812f8e30 <neigh_timer_handler+272>: mov %rbp,%rsi
0xffffffff812f8e33 <neigh_timer_handler+275>: mov %rbx,%rdi
0xffffffff812f8e36 <neigh_timer_handler+278>: callq *0x8(%rax) <-----crash
/usr/src/linux/net/core/neighbour.c: 877
0xffffffff812f8e39 <neigh_timer_handler+281>: lea 0x3c(%rbx),%rax
/usr/src/linux/include/asm/atomic_64.h: 93
0xffffffff812f8e3d <neigh_timer_handler+285>: lock incl 0x3c(%rbx)
/usr/src/linux/net/core/neighbour.c: 878
0xffffffff812f8e41 <neigh_timer_handler+289>: mov %rbp,%rdi
0xffffffff812f8e44 <neigh_timer_handler+292>: callq 0xffffffff812e57c0 <kfree_skb>
0xffffffff812f8e49 <neigh_timer_handler+297>: jmp 0xffffffff812f8e58 <neigh_timer_handler+312>
0xffffffff812f8e4b <neigh_timer_handler+299>: nopl 0x0(%rax,%rax,1)
/usr/src/linux/include/asm/spinlock.h: 294
0xffffffff812f8e50 <neigh_timer_handler+304>: lock addl $0x1000000,0x40(%rbx)
/usr/src/linux/net/core/neighbour.c: 884
0xffffffff812f8e58 <neigh_timer_handler+312>: test %r13d,%r13d
0xffffffff812f8e5b <neigh_timer_handler+315>: je 0xffffffff812f8e65 <neigh_timer_handler+325>
/usr/src/linux/net/core/neighbour.c: 885
0xffffffff812f8e5d <neigh_timer_handler+317>: mov %rbx,%rdi
0xffffffff812f8e60 <neigh_timer_handler+320>: callq 0xffffffff812f8950 <neigh_update_notify>
/usr/src/linux/include/asm/atomic_64.h: 123
0xffffffff812f8e65 <neigh_timer_handler+325>: lock decl (%r12)
0xffffffff812f8e6a <neigh_timer_handler+330>: sete %al
/usr/src/linux/include/net/neighbour.h: 288
0xffffffff812f8e6d <neigh_timer_handler+333>: test %al,%al
0xffffffff812f8e6f <neigh_timer_handler+335>: jne 0xffffffff812f8f18 <neigh_timer_handler+504>
/usr/src/linux/net/core/neighbour.c: 888
0xffffffff812f8e75 <neigh_timer_handler+341>: mov (%rsp),%rbx
0xffffffff812f8e79 <neigh_timer_handler+345>: mov 0x8(%rsp),%rbp
0xffffffff812f8e7e <neigh_timer_handler+350>: mov 0x10(%rsp),%r12
0xffffffff812f8e83 <neigh_timer_handler+355>: mov 0x18(%rsp),%r13
0xffffffff812f8e88 <neigh_timer_handler+360>: mov 0x20(%rsp),%r14
0xffffffff812f8e8d <neigh_timer_handler+365>: add $0x28,%rsp
0xffffffff812f8e91 <neigh_timer_handler+369>: retq
0xffffffff812f8e92 <neigh_timer_handler+370>: nopw 0x0(%rax,%rax,1)
/usr/src/linux/net/core/neighbour.c: 836
0xffffffff812f8e98 <neigh_timer_handler+376>: test $0x8,%al
0xffffffff812f8e9a <neigh_timer_handler+378>: je 0xffffffff812f8f40 <neigh_timer_handler+544>
/usr/src/linux/net/core/neighbour.c: 837
0xffffffff812f8ea0 <neigh_timer_handler+384>: mov 0x10(%rbx),%r8
0xffffffff812f8ea4 <neigh_timer_handler+388>: movslq 0x60(%r8),%rax
0xffffffff812f8ea8 <neigh_timer_handler+392>: add 0x28(%rbx),%rax
0xffffffff812f8eac <neigh_timer_handler+396>: cmp %rdi,%rax
0xffffffff812f8eaf <neigh_timer_handler+399>: js 0xffffffff812f9030 <neigh_timer_handler+784>
/usr/src/linux/net/core/neighbour.c: 840
0xffffffff812f8eb5 <neigh_timer_handler+405>: movb $0x2,0x39(%rbx)
/usr/src/linux/net/core/neighbour.c: 689
0xffffffff812f8eb9 <neigh_timer_handler+409>: mov 0xe8(%rbx),%rcx
/usr/src/linux/net/core/neighbour.c: 841
0xffffffff812f8ec0 <neigh_timer_handler+416>: mov 0x634a39(%rip),%rax # 0xffffffff8192d900
/usr/src/linux/net/core/neighbour.c: 691
0xffffffff812f8ec7 <neigh_timer_handler+423>: mov 0x68(%rbx),%rdx
/usr/src/linux/net/core/neighbour.c: 841
0xffffffff812f8ecb <neigh_timer_handler+427>: mov %rax,0x30(%rbx)
/usr/src/linux/net/core/neighbour.c: 689
0xffffffff812f8ecf <neigh_timer_handler+431>: mov 0x20(%rcx),%rax
/usr/src/linux/net/core/neighbour.c: 691
0xffffffff812f8ed3 <neigh_timer_handler+435>: test %rdx,%rdx
/usr/src/linux/net/core/neighbour.c: 689
0xffffffff812f8ed6 <neigh_timer_handler+438>: mov %rax,0x78(%rbx)
/usr/src/linux/net/core/neighbour.c: 691
0xffffffff812f8eda <neigh_timer_handler+442>: jne 0xffffffff812f8ee7 <neigh_timer_handler+455>
0xffffffff812f8edc <neigh_timer_handler+444>: jmp 0xffffffff812f8efe <neigh_timer_handler+478>
0xffffffff812f8ede <neigh_timer_handler+446>: xchg %ax,%ax
0xffffffff812f8ee0 <neigh_timer_handler+448>: mov 0xe8(%rbx),%rcx
/usr/src/linux/net/core/neighbour.c: 692
0xffffffff812f8ee7 <neigh_timer_handler+455>: mov 0x28(%rcx),%rax
0xffffffff812f8eeb <neigh_timer_handler+459>: mov %rax,0x88(%rdx)
/usr/src/linux/net/core/neighbour.c: 691
0xffffffff812f8ef2 <neigh_timer_handler+466>: mov (%rdx),%rdx
0xffffffff812f8ef5 <neigh_timer_handler+469>: test %rdx,%rdx
0xffffffff812f8ef8 <neigh_timer_handler+472>: jne 0xffffffff812f8ee0 <neigh_timer_handler+448>
0xffffffff812f8efa <neigh_timer_handler+474>: mov 0x10(%rbx),%r8
/usr/src/linux/net/core/neighbour.c: 844
0xffffffff812f8efe <neigh_timer_handler+478>: movslq 0x5c(%r8),%rbp
0xffffffff812f8f02 <neigh_timer_handler+482>: add 0x28(%rbx),%rbp
0xffffffff812f8f06 <neigh_timer_handler+486>: movzbl 0x39(%rbx),%edx
0xffffffff812f8f0a <neigh_timer_handler+490>: mov $0x1,%r13d
0xffffffff812f8f10 <neigh_timer_handler+496>: jmpq 0xffffffff812f8d8f <neigh_timer_handler+111>
0xffffffff812f8f15 <neigh_timer_handler+501>: nopl (%rax)
/usr/src/linux/include/net/neighbour.h: 289
0xffffffff812f8f18 <neigh_timer_handler+504>: mov %rbx,%rdi
/usr/src/linux/net/core/neighbour.c: 888
0xffffffff812f8f1b <neigh_timer_handler+507>: mov 0x8(%rsp),%rbp
0xffffffff812f8f20 <neigh_timer_handler+512>: mov (%rsp),%rbx
0xffffffff812f8f24 <neigh_timer_handler+516>: mov 0x10(%rsp),%r12
0xffffffff812f8f29 <neigh_timer_handler+521>: mov 0x18(%rsp),%r13
0xffffffff812f8f2e <neigh_timer_handler+526>: mov 0x20(%rsp),%r14
0xffffffff812f8f33 <neigh_timer_handler+531>: add $0x28,%rsp
/usr/src/linux/include/net/neighbour.h: 289
0xffffffff812f8f37 <neigh_timer_handler+535>: jmpq 0xffffffff812f8ba0 <neigh_destroy>
0xffffffff812f8f3c <neigh_timer_handler+540>: nopl 0x0(%rax)
/usr/src/linux/net/core/neighbour.c: 854
0xffffffff812f8f40 <neigh_timer_handler+544>: mov 0x10(%rbx),%rax
0xffffffff812f8f44 <neigh_timer_handler+548>: movslq 0x54(%rax),%rax
0xffffffff812f8f48 <neigh_timer_handler+552>: lea (%rax,%rdi,1),%rbp
0xffffffff812f8f4c <neigh_timer_handler+556>: jmpq 0xffffffff812f8d8f <neigh_timer_handler+111>
0xffffffff812f8f51 <neigh_timer_handler+561>: nopl 0x0(%rax)
/usr/src/linux/net/core/neighbour.c: 822
0xffffffff812f8f58 <neigh_timer_handler+568>: movslq 0x60(%r8),%rax
0xffffffff812f8f5c <neigh_timer_handler+572>: add 0x20(%rbx),%rax
0xffffffff812f8f60 <neigh_timer_handler+576>: cmp %rdi,%rax
0xffffffff812f8f63 <neigh_timer_handler+579>: js 0xffffffff812f9070 <neigh_timer_handler+848>
/usr/src/linux/net/core/neighbour.c: 825
0xffffffff812f8f69 <neigh_timer_handler+585>: movb $0x8,0x39(%rbx)
/usr/src/linux/net/core/neighbour.c: 672
0xffffffff812f8f6d <neigh_timer_handler+589>: mov 0xe8(%rbx),%rcx
/usr/src/linux/net/core/neighbour.c: 826
0xffffffff812f8f74 <neigh_timer_handler+596>: mov 0x634985(%rip),%rax # 0xffffffff8192d900
/usr/src/linux/net/core/neighbour.c: 674
0xffffffff812f8f7b <neigh_timer_handler+603>: mov 0x68(%rbx),%rdx
/usr/src/linux/net/core/neighbour.c: 826
0xffffffff812f8f7f <neigh_timer_handler+607>: mov %rax,0x30(%rbx)
/usr/src/linux/net/core/neighbour.c: 672
0xffffffff812f8f83 <neigh_timer_handler+611>: mov 0x18(%rcx),%rax
/usr/src/linux/net/core/neighbour.c: 674
0xffffffff812f8f87 <neigh_timer_handler+615>: test %rdx,%rdx
/usr/src/linux/net/core/neighbour.c: 672
0xffffffff812f8f8a <neigh_timer_handler+618>: mov %rax,0x78(%rbx)
/usr/src/linux/net/core/neighbour.c: 674
0xffffffff812f8f8e <neigh_timer_handler+622>: jne 0xffffffff812f8faf <neigh_timer_handler+655>
/usr/src/linux/net/core/neighbour.c: 828
0xffffffff812f8f90 <neigh_timer_handler+624>: movslq 0x60(%r8),%rax
0xffffffff812f8f94 <neigh_timer_handler+628>: movzbl 0x39(%rbx),%edx
0xffffffff812f8f98 <neigh_timer_handler+632>: xor %r13d,%r13d
0xffffffff812f8f9b <neigh_timer_handler+635>: lea (%rax,%rdi,1),%rbp
0xffffffff812f8f9f <neigh_timer_handler+639>: jmpq 0xffffffff812f8d8f <neigh_timer_handler+111>
0xffffffff812f8fa4 <neigh_timer_handler+644>: nopl 0x0(%rax)
0xffffffff812f8fa8 <neigh_timer_handler+648>: mov 0xe8(%rbx),%rcx
/usr/src/linux/net/core/neighbour.c: 675
0xffffffff812f8faf <neigh_timer_handler+655>: mov 0x18(%rcx),%rax
0xffffffff812f8fb3 <neigh_timer_handler+659>: mov %rax,0x88(%rdx)
/usr/src/linux/net/core/neighbour.c: 674
0xffffffff812f8fba <neigh_timer_handler+666>: mov (%rdx),%rdx
0xffffffff812f8fbd <neigh_timer_handler+669>: test %rdx,%rdx
0xffffffff812f8fc0 <neigh_timer_handler+672>: jne 0xffffffff812f8fa8 <neigh_timer_handler+648>
0xffffffff812f8fc2 <neigh_timer_handler+674>: mov 0x10(%rbx),%r8
0xffffffff812f8fc6 <neigh_timer_handler+678>: jmp 0xffffffff812f8f90 <neigh_timer_handler+624>
0xffffffff812f8fc8 <neigh_timer_handler+680>: nopl 0x0(%rax,%rax,1)
/usr/src/linux/net/core/neighbour.c: 868
0xffffffff812f8fd0 <neigh_timer_handler+688>: lea 0x70(%rbx),%r12
/usr/src/linux/include/asm/atomic_64.h: 93
0xffffffff812f8fd4 <neigh_timer_handler+692>: lock incl 0x70(%rbx)
0xffffffff812f8fd8 <neigh_timer_handler+696>: movzbl 0x39(%rbx),%eax
0xffffffff812f8fdc <neigh_timer_handler+700>: jmpq 0xffffffff812f8df1 <neigh_timer_handler+209>
0xffffffff812f8fe1 <neigh_timer_handler+705>: nopl 0x0(%rax)
/usr/src/linux/net/core/neighbour.c: 768
0xffffffff812f8fe8 <neigh_timer_handler+712>: mov 0x6c(%rcx),%edx
0xffffffff812f8feb <neigh_timer_handler+715>: add 0x68(%rcx),%edx
0xffffffff812f8fee <neigh_timer_handler+718>: add 0x70(%rcx),%edx
0xffffffff812f8ff1 <neigh_timer_handler+721>: jmpq 0xffffffff812f8da8 <neigh_timer_handler+136>
0xffffffff812f8ff6 <neigh_timer_handler+726>: nopw %cs:0x0(%rax,%rax,1)
/usr/src/linux/net/core/neighbour.c: 859
0xffffffff812f9000 <neigh_timer_handler+736>: movb $0x20,0x39(%rbx)
/usr/src/linux/net/core/neighbour.c: 861
0xffffffff812f9004 <neigh_timer_handler+740>: mov %rbx,%rdi
0xffffffff812f9007 <neigh_timer_handler+743>: mov $0x1,%r13d
0xffffffff812f900d <neigh_timer_handler+749>: callq 0xffffffff812f8880 <neigh_invalidate>
0xffffffff812f9012 <neigh_timer_handler+754>: movzbl 0x39(%rbx),%eax
0xffffffff812f9016 <neigh_timer_handler+758>: jmpq 0xffffffff812f8db0 <neigh_timer_handler+144>
0xffffffff812f901b <neigh_timer_handler+763>: nopl 0x0(%rax,%rax,1)
/usr/src/linux/net/core/neighbour.c: 866
0xffffffff812f9020 <neigh_timer_handler+768>: mov 0x6348d9(%rip),%rax # 0xffffffff8192d900
0xffffffff812f9027 <neigh_timer_handler+775>: lea 0x7d(%rax),%rbp
0xffffffff812f902b <neigh_timer_handler+779>: jmpq 0xffffffff812f8dd2 <neigh_timer_handler+178>
/usr/src/linux/net/core/neighbour.c: 847
0xffffffff812f9030 <neigh_timer_handler+784>: movb $0x10,0x39(%rbx)
/usr/src/linux/net/core/neighbour.c: 848
0xffffffff812f9034 <neigh_timer_handler+788>: mov 0x6348c5(%rip),%rax # 0xffffffff8192d900
/usr/src/linux/net/core/neighbour.c: 850
0xffffffff812f903b <neigh_timer_handler+795>: mov $0x10,%edx
/usr/src/linux/include/asm/atomic_64.h: 35
0xffffffff812f9040 <neigh_timer_handler+800>: movl $0x0,0x3c(%rbx)
/usr/src/linux/net/core/neighbour.c: 848
0xffffffff812f9047 <neigh_timer_handler+807>: mov %rax,0x30(%rbx)
/usr/src/linux/net/core/neighbour.c: 850
0xffffffff812f904b <neigh_timer_handler+811>: movslq 0x54(%r8),%rax
0xffffffff812f904f <neigh_timer_handler+815>: lea (%rax,%rdi,1),%rbp
0xffffffff812f9053 <neigh_timer_handler+819>: jmpq 0xffffffff812f8d8f <neigh_timer_handler+111>
0xffffffff812f9058 <neigh_timer_handler+824>: nopl 0x0(%rax,%rax,1)
/usr/src/linux/include/linux/skbuff.h: 788
0xffffffff812f9060 <neigh_timer_handler+832>: xor %ebp,%ebp
0xffffffff812f9062 <neigh_timer_handler+834>: jmpq 0xffffffff812f8e21 <neigh_timer_handler+257>
0xffffffff812f9067 <neigh_timer_handler+839>: nopw 0x0(%rax,%rax,1)
/usr/src/linux/net/core/neighbour.c: 831
0xffffffff812f9070 <neigh_timer_handler+848>: movb $0x4,0x39(%rbx)
/usr/src/linux/net/core/neighbour.c: 672
0xffffffff812f9074 <neigh_timer_handler+852>: mov 0xe8(%rbx),%rcx
/usr/src/linux/net/core/neighbour.c: 674
0xffffffff812f907b <neigh_timer_handler+859>: mov $0x4,%edx
/usr/src/linux/net/core/neighbour.c: 832
0xffffffff812f9080 <neigh_timer_handler+864>: mov 0x634879(%rip),%rax # 0xffffffff8192d900
/usr/src/linux/net/core/neighbour.c: 674
0xffffffff812f9087 <neigh_timer_handler+871>: mov 0x68(%rbx),%rsi
0xffffffff812f908b <neigh_timer_handler+875>: mov $0x1,%r13d
/usr/src/linux/net/core/neighbour.c: 832
0xffffffff812f9091 <neigh_timer_handler+881>: mov %rax,0x30(%rbx)
/usr/src/linux/net/core/neighbour.c: 672
0xffffffff812f9095 <neigh_timer_handler+885>: mov 0x18(%rcx),%rax
/usr/src/linux/net/core/neighbour.c: 674
0xffffffff812f9099 <neigh_timer_handler+889>: test %rsi,%rsi
/usr/src/linux/net/core/neighbour.c: 672
0xffffffff812f909c <neigh_timer_handler+892>: mov %rax,0x78(%rbx)
/usr/src/linux/net/core/neighbour.c: 674
0xffffffff812f90a0 <neigh_timer_handler+896>: jne 0xffffffff812f90b7 <neigh_timer_handler+919>
0xffffffff812f90a2 <neigh_timer_handler+898>: jmpq 0xffffffff812f8d8f <neigh_timer_handler+111>
0xffffffff812f90a7 <neigh_timer_handler+903>: nopw 0x0(%rax,%rax,1)
0xffffffff812f90b0 <neigh_timer_handler+912>: mov 0xe8(%rbx),%rcx
/usr/src/linux/net/core/neighbour.c: 675
0xffffffff812f90b7 <neigh_timer_handler+919>: mov 0x18(%rcx),%rax
0xffffffff812f90bb <neigh_timer_handler+923>: mov %rax,0x88(%rsi)
/usr/src/linux/net/core/neighbour.c: 674
0xffffffff812f90c2 <neigh_timer_handler+930>: mov (%rsi),%rsi
0xffffffff812f90c5 <neigh_timer_handler+933>: test %rsi,%rsi
0xffffffff812f90c8 <neigh_timer_handler+936>: jne 0xffffffff812f90b0 <neigh_timer_handler+912>
0xffffffff812f90ca <neigh_timer_handler+938>: jmpq 0xffffffff812f8f06 <neigh_timer_handler+486>
0xffffffff812f90cf <neigh_timer_handler+943>: nop
crash> neighbour ffff8801cddf1500
struct neighbour {
next = 0x4037ad30000045,
tbl = 0x2484560013d0640,
parms = 0xdc03ff7f03484560,
dev = 0x23351d86,
used = 170277469553264,
confirmed = 649366077121561602,
updated = 0,
flags = 0 '\000',
nud_state = 0 '\000',
type = 0 '\000',
dead = 0 '\000',
probes = {
counter = 0
},
lock = {
raw_lock = {
lock = 16777216
}
},
ha = "\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\0
00",
hh = 0x0,
refcnt = {
counter = 0
},
output = 0,
arp_queue = {
next = 0x10002,
prev = 0x0,
qlen = 1,
lock = {
raw_lock = {
slock = 0
}
}
},
timer = {
entry = {
next = 0x0,
prev = 0x0
},
expires = 0,
function = 0,
data = 0,
base = 0x0,
start_site = 0x0,
start_comm = "\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000",
start_pid = 0
},
ops = 0x0,
primary_key = 0xffff8801cddf15f0 ""
}
crash> struct -o neighbour
struct neighbour {
[0] struct neighbour *next;
[8] struct neigh_table *tbl;
[16] struct neigh_parms *parms;
[24] struct net_device *dev;
[32] long unsigned int used;
[40] long unsigned int confirmed;
[48] long unsigned int updated;
[56] __u8 flags;
[57] __u8 nud_state;
[58] __u8 type;
[59] __u8 dead;
[60] atomic_t probes;
[64] rwlock_t lock;
[68] unsigned char ha[32];
[104] struct hh_cache *hh;
[112] atomic_t refcnt;
[120] int (*output)(struct sk_buff *);
[128] struct sk_buff_head arp_queue;
[152] struct timer_list timer;
[232] const struct neigh_ops *ops;
[240] u8 primary_key[0];
}
SIZE: 240
> --
> To unsubscribe from this list: send the line "unsubscribe netdev" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
>
> .
>
next prev parent reply other threads:[~2013-12-18 8:34 UTC|newest]
Thread overview: 30+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-12-03 13:48 [PATCH net] net: neighbour: add neighbour dead check for neigh_timer_handler() Ding Tianhong
2013-12-03 15:03 ` Hannes Frederic Sowa
2013-12-04 1:36 ` Ding Tianhong
2013-12-03 16:28 ` Eric Dumazet
2013-12-04 1:59 ` Ding Tianhong
2013-12-03 16:37 ` David Miller
2013-12-04 2:37 ` Gao feng
2013-12-04 4:04 ` Ding Tianhong
2013-12-04 4:21 ` David Miller
2013-12-04 6:19 ` Ding Tianhong
2013-12-04 6:27 ` Eric Dumazet
2013-12-04 9:16 ` Ding Tianhong
2013-12-04 10:10 ` Gao feng
2013-12-04 15:24 ` Eric Dumazet
2013-12-05 0:32 ` Gao feng
2013-12-05 3:17 ` Ding Tianhong
2013-12-18 6:37 ` Ding Tianhong
2013-12-18 7:51 ` Hannes Frederic Sowa
2013-12-18 8:19 ` Ding Tianhong [this message]
2013-12-18 8:41 ` Hannes Frederic Sowa
2013-12-18 8:57 ` Ding Tianhong
2013-12-18 9:28 ` Hannes Frederic Sowa
2013-12-18 10:02 ` Ding Tianhong
2013-12-18 10:21 ` Hannes Frederic Sowa
2013-12-18 11:57 ` Ding Tianhong
2013-12-18 14:27 ` Hannes Frederic Sowa
2013-12-18 15:12 ` Ding Tianhong
2013-12-18 15:46 ` Hannes Frederic Sowa
2013-12-19 3:32 ` Ding Tianhong
2013-12-04 6:36 ` David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=52B15A9F.6030301@huawei.com \
--to=dingtianhong@huawei.com \
--cc=davem@davemloft.net \
--cc=eric.dumazet@gmail.com \
--cc=joe@perches.com \
--cc=netdev@vger.kernel.org \
--cc=vfalico@redhat.com \
--cc=yoshfuji@linux-ipv6.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.