On 03/21/2015 04:12 AM, Fengguang Wu wrote:
Greetings,

0day kernel testing robot got the below dmesg and the first bad commit is

git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next.git master

commit 0ddcf43d5d4a03ded1ee3f6b3b72a0cbed4e90b1
Author:     Alexander Duyck <alexander.h.duyck@redhat.com>
AuthorDate: Fri Mar 6 13:47:00 2015 -0800
Commit:     David S. Miller <davem@davemloft.net>
CommitDate: Wed Mar 11 16:22:14 2015 -0400

    ipv4: FIB Local/MAIN table collapse
    
    This patch is meant to collapse local and main into one by converting
    tb_data from an array to a pointer.  Doing this allows us to point the
    local table into the main while maintaining the same variables in the
    table.
    
    As such the tb_data was converted from an array to a pointer, and a new
    array called data is added in order to still provide an object for tb_data
    to point to.
    
    In order to track the origin of the fib aliases a tb_id value was added in
    a hole that existed on 64b systems.  Using this we can also reverse the
    merge in the event that custom FIB rules are enabled.
    
    With this patch I am seeing an improvement of 20ns to 30ns for routing
    lookups as long as custom rules are not enabled, with custom rules enabled
    we fall back to split tables and the original behavior.
    
    Signed-off-by: Alexander Duyck <alexander.h.duyck@redhat.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>


testbox/testcase/testparams: vm-vp-quantal-x86_64/boot/1

169bf9121b19dd60  0ddcf43d5d4a03ded1ee3f6b3b
----------------  --------------------------
       fail:runs  %reproduction    fail:runs
           |             |             |
          0:80          12%          10:80    dmesg.BUG:unable_to_handle_kernel
          0:80          12%          10:80    dmesg.Kernel_panic-not_syncing:Fatal_exception
          0:80          12%          10:80    dmesg.Oops
          0:80          12%          10:80    dmesg.RIP:fib_trie_unmerge

[   14.975179] BUG: unable to handle kernel NULL pointer dereference at 0000000000000030
[   14.976015] IP: [<ffffffff817f77bd>] fib_trie_unmerge+0x1d/0x2f0
[   14.976015] PGD 0 
[   14.976015] Oops: 0000 [#1] SMP 
[   14.976015] Modules linked in:
[   14.976015] CPU: 1 PID: 52 Comm: kworker/u4:1 Not tainted 4.0.0-rc3-00503-g0ddcf43 #1
[   14.976015] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.7.5-20140531_083030-gandalf 04/01/2014
[   14.976015] Workqueue: netns cleanup_net
[   14.976015] task: ffff88001605d880 ti: ffff880016064000 task.ti: ffff880016064000
[   14.976015] RIP: 0010:[<ffffffff817f77bd>]  [<ffffffff817f77bd>] fib_trie_unmerge+0x1d/0x2f0
[   14.976015] RSP: 0018:ffff880016067c38  EFLAGS: 00010292
[   14.976015] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000038
[   14.976015] RDX: ffff880012200808 RSI: 00000000000000ff RDI: 0000000000000000
[   14.976015] RBP: ffff880016067c88 R08: ffff880012200600 R09: 00000001800c0003
[   14.976015] R10: ffff88001371a080 R11: ffff880014bfaa00 R12: ffff880015ac8000
[   14.976015] R13: ffff880012200780 R14: ffff880012200808 R15: ffff880015ac8008
[   14.976015] FS:  0000000000000000(0000) GS:ffff880013700000(0000) knlGS:0000000000000000
[   14.976015] CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
[   14.976015] CR2: 0000000000000030 CR3: 0000000001cb3000 CR4: 00000000000007e0
[   14.976015] Stack:
[   14.976015]  ffff880016067c68 ffffffff811c724e ffff880014bfa838 ffff880014bfa7b0
[   14.976015]  ffff880014bfa838 0000000000000000 ffff880015ac8000 ffff880012200780
[   14.976015]  ffff880012200808 ffff880015ac8008 ffff880016067ca8 ffffffff817f11a4
[   14.976015] Call Trace:
[   14.976015]  [<ffffffff811c724e>] ? kmem_cache_free+0x1de/0x200
[   14.976015]  [<ffffffff817f11a4>] fib_unmerge+0x24/0xc0
[   14.976015]  [<ffffffff817fcb0f>] fib4_rule_delete+0x1f/0x60
[   14.976015]  [<ffffffff8178ea14>] fib_rules_unregister+0x84/0xe0
[   14.976015]  [<ffffffff817fcf45>] fib4_rules_exit+0x15/0x20
[   14.976015]  [<ffffffff817f05ab>] ip_fib_net_exit+0x1b/0x120
[   14.976015]  [<ffffffff817f06e5>] fib_net_exit+0x35/0x40
[   14.976015]  [<ffffffff81766759>] ops_exit_list+0x39/0x60
[   14.976015]  [<ffffffff81767538>] cleanup_net+0x158/0x260
[   14.976015]  [<ffffffff8108ba28>] process_one_work+0x158/0x490
[   14.976015]  [<ffffffff8108c673>] worker_thread+0x73/0x570
[   14.976015]  [<ffffffff8108c600>] ? rescuer_thread+0x400/0x400
[   14.976015]  [<ffffffff810919df>] kthread+0xef/0x110
[   14.976015]  [<ffffffff810918f0>] ? kthread_create_on_node+0x180/0x180
[   14.976015]  [<ffffffff818b4198>] ret_from_fork+0x58/0x90
[   14.976015]  [<ffffffff810918f0>] ? kthread_create_on_node+0x180/0x180
[   14.976015] Code: 9c ff 31 c0 eb 88 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 55 48 8d 4f 38 48 89 f8 48 89 e5 41 57 41 56 41 55 41 54 53 48 83 ec 28 <48> 8b 57 30 48 39 ca 48 89 55 c8 0f 84 12 01 00 00 31 f6 bf ff 
[   14.976015] RIP  [<ffffffff817f77bd>] fib_trie_unmerge+0x1d/0x2f0
[   14.976015]  RSP <ffff880016067c38>
[   14.976015] CR2: 0000000000000030
[   14.976015] ---[ end trace ada4f02c5ab95ed8 ]---
[   14.976015] Kernel panic - not syncing: Fatal exception

The fix for this should already be in under commit 3c9e9f7320f0138497ef7879c0903246746e0ed3 ("fib_trie: Avoid NULL pointer if local table is not allocated") in Dave's net-next tree.

- Alex