* PROBLEM: OOPS in Linux 2.6.9, fib_release_info
@ 2004-12-01 1:16 Martin Lucina
2004-12-01 4:46 ` David S. Miller
0 siblings, 1 reply; 2+ messages in thread
From: Martin Lucina @ 2004-12-01 1:16 UTC (permalink / raw)
To: netdev; +Cc: linux-kernel
All,
I have found a reproducible OOPS in fib_release_info, in the 2.6.9 kernel.
Tested on two different systems, one UP, one SMP, both i386, both w/
CONFIG_PREEMPT=y, both Debian sarge, both w/ iproute2 version 20010824-13.1
(Debian).
Steps to reproduce:
# ip route add unreachable 1.2.3.4/32
# ip route del 1.2.3.4/32
Memory fault
#
Sample OOPS:
ksymoops 2.4.9 on i686 2.6.9+t7220cte. Options used
-V (default)
-K (specified)
-l /proc/modules (default)
-o /lib/modules/2.6.9+t7220cte/ (default)
-m /boot/System.map-2.6.9+t7220cte (specified)
No modules in ksyms, skipping objects
No ksyms, skipping lsmod
Unable to handle kernel NULL pointer dereference at virtual address 00000000
c02bd6c0
*pde = 00000000
Oops: 0002 [#1]
CPU: 0
EIP: 0060:[<c02bd6c0>] Not tainted VLI
Using defaults from ksymoops -t elf32-i386 -a i386
EFLAGS: 00010246 (2.6.9+t7220cte)
eax: 00000000 ebx: d1ddb280 ecx: 00000000 edx: d1ddb220
esi: d1ddb284 edi: d3a34380 ebp: d037dbf8 esp: d037dbec
ds: 007b es: 007b ss: 0068
Stack: 00000000 00000001 d3a34388 d037dc40 c02bfb8c d1ddb220 d3a34380 d3277310
00000020 000000fe d3fa24e0 c13b3378 d3277310 00000fcc d06ea2c0 00000020
d3a34380 04030201 d3fa24f0 d3fa24e0 c12fc1a0 d037dc68 c02bce93 d3fa6d00
Call Trace:
[<c0104a6f>] show_stack+0x7f/0xa0
[<c0104c16>] show_registers+0x156/0x1c0
[<c0104e2a>] die+0xea/0x180
[<c01120e6>] do_page_fault+0x256/0x609
[<c0104645>] error_code+0x2d/0x38
[<c02bfb8c>] fn_hash_delete+0x1dc/0x2a0
[<c02bce93>] inet_rtm_delroute+0x63/0x80
[<c027d2b0>] rtnetlink_rcv+0x2f0/0x3c0
[<c028759e>] netlink_data_ready+0x5e/0x70
[<c0286acc>] netlink_sendskb+0x9c/0xa0
[<c0287219>] netlink_sendmsg+0x1f9/0x2f0
[<c026a85b>] sock_sendmsg+0xbb/0xe0
[<c026c362>] sys_sendmsg+0x1c2/0x240
[<c026c808>] sys_socketcall+0x228/0x250
[<c0104449>] sysenter_past_esp+0x52/0x71
Code: 8d 5a 08 8b 4b 04 85 c0 89 01 74 03 89 48 04 c7 42 08 00 01 10 00 c7 43 04 00 02 20 00 8d 5a 60 8b 43 04 8d 72 64 8b 4e 04 85 c0 <89> 01 74 03 89 48 04 c7 43 04 00 01 10 00 c7 46 04 00 02 20 00
>>EIP; c02bd6c0 <fib_release_info+80/f0> <=====
>>ebx; d1ddb280 <pg0+11a24280/3fc47400>
>>edx; d1ddb220 <pg0+11a24220/3fc47400>
>>esi; d1ddb284 <pg0+11a24284/3fc47400>
>>edi; d3a34380 <pg0+1367d380/3fc47400>
>>ebp; d037dbf8 <pg0+ffc6bf8/3fc47400>
>>esp; d037dbec <pg0+ffc6bec/3fc47400>
Trace; c0104a6f <show_stack+7f/a0>
Trace; c0104c16 <show_registers+156/1c0>
Trace; c0104e2a <die+ea/180>
Trace; c01120e6 <do_page_fault+256/609>
Trace; c0104645 <error_code+2d/38>
Trace; c02bfb8c <fn_hash_delete+1dc/2a0>
Trace; c02bce93 <inet_rtm_delroute+63/80>
Trace; c027d2b0 <rtnetlink_rcv+2f0/3c0>
Trace; c028759e <netlink_data_ready+5e/70>
Trace; c0286acc <netlink_sendskb+9c/a0>
Trace; c0287219 <netlink_sendmsg+1f9/2f0>
Trace; c026a85b <sock_sendmsg+bb/e0>
Trace; c026c362 <sys_sendmsg+1c2/240>
Trace; c026c808 <sys_socketcall+228/250>
Trace; c0104449 <sysenter_past_esp+52/71>
This architecture has variable length instructions, decoding before eip
is unreliable, take these instructions with a pinch of salt.
Code; c02bd695 <fib_release_info+55/f0>
00000000 <_EIP>:
Code; c02bd695 <fib_release_info+55/f0>
0: 8d 5a 08 lea 0x8(%edx),%ebx
Code; c02bd698 <fib_release_info+58/f0>
3: 8b 4b 04 mov 0x4(%ebx),%ecx
Code; c02bd69b <fib_release_info+5b/f0>
6: 85 c0 test %eax,%eax
Code; c02bd69d <fib_release_info+5d/f0>
8: 89 01 mov %eax,(%ecx)
Code; c02bd69f <fib_release_info+5f/f0>
a: 74 03 je f <_EIP+0xf>
Code; c02bd6a1 <fib_release_info+61/f0>
c: 89 48 04 mov %ecx,0x4(%eax)
Code; c02bd6a4 <fib_release_info+64/f0>
f: c7 42 08 00 01 10 00 movl $0x100100,0x8(%edx)
Code; c02bd6ab <fib_release_info+6b/f0>
16: c7 43 04 00 02 20 00 movl $0x200200,0x4(%ebx)
Code; c02bd6b2 <fib_release_info+72/f0>
1d: 8d 5a 60 lea 0x60(%edx),%ebx
Code; c02bd6b5 <fib_release_info+75/f0>
20: 8b 43 04 mov 0x4(%ebx),%eax
Code; c02bd6b8 <fib_release_info+78/f0>
23: 8d 72 64 lea 0x64(%edx),%esi
Code; c02bd6bb <fib_release_info+7b/f0>
26: 8b 4e 04 mov 0x4(%esi),%ecx
Code; c02bd6be <fib_release_info+7e/f0>
29: 85 c0 test %eax,%eax
This decode from eip onwards should be reliable
Code; c02bd6c0 <fib_release_info+80/f0>
00000000 <_EIP>:
Code; c02bd6c0 <fib_release_info+80/f0> <=====
0: 89 01 mov %eax,(%ecx) <=====
Code; c02bd6c2 <fib_release_info+82/f0>
2: 74 03 je 7 <_EIP+0x7>
Code; c02bd6c4 <fib_release_info+84/f0>
4: 89 48 04 mov %ecx,0x4(%eax)
Code; c02bd6c7 <fib_release_info+87/f0>
7: c7 43 04 00 01 10 00 movl $0x100100,0x4(%ebx)
Code; c02bd6ce <fib_release_info+8e/f0>
e: c7 46 04 00 02 20 00 movl $0x200200,0x4(%esi)
[<c0104aae>] dump_stack+0x1e/0x30
[<c02cd38c>] schedule+0x4ec/0x500
[<c013f056>] unmap_vmas+0x1a6/0x1c0
[<c014359d>] exit_mmap+0x7d/0x160
[<c0115236>] mmput+0x66/0xb0
[<c01197b8>] do_exit+0x148/0x420
[<c0104ebd>] die+0x17d/0x180
[<c01120e6>] do_page_fault+0x256/0x609
[<c0104645>] error_code+0x2d/0x38
[<c02bfb8c>] fn_hash_delete+0x1dc/0x2a0
[<c02bce93>] inet_rtm_delroute+0x63/0x80
[<c027d2b0>] rtnetlink_rcv+0x2f0/0x3c0
[<c028759e>] netlink_data_ready+0x5e/0x70
[<c0286acc>] netlink_sendskb+0x9c/0xa0
[<c0287219>] netlink_sendmsg+0x1f9/0x2f0
[<c026a85b>] sock_sendmsg+0xbb/0xe0
[<c026c362>] sys_sendmsg+0x1c2/0x240
[<c026c808>] sys_socketcall+0x228/0x250
[<c0104449>] sysenter_past_esp+0x52/0x71
Will send other relevant information on request.
-mato
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: PROBLEM: OOPS in Linux 2.6.9, fib_release_info
2004-12-01 1:16 PROBLEM: OOPS in Linux 2.6.9, fib_release_info Martin Lucina
@ 2004-12-01 4:46 ` David S. Miller
0 siblings, 0 replies; 2+ messages in thread
From: David S. Miller @ 2004-12-01 4:46 UTC (permalink / raw)
To: Martin Lucina; +Cc: netdev, linux-kernel
On Wed, 1 Dec 2004 02:16:12 +0100
Martin Lucina <mato@kotelna.sk> wrote:
> I have found a reproducible OOPS in fib_release_info, in the 2.6.9 kernel.
> Tested on two different systems, one UP, one SMP, both i386, both w/
> CONFIG_PREEMPT=y, both Debian sarge, both w/ iproute2 version 20010824-13.1
> (Debian).
Already fixed in 2.6.10 by this patch.
# This is a BitKeeper generated diff -Nru style patch.
#
# ChangeSet
# 2004/10/25 20:09:20-07:00 ehrhardt@mathematik.uni-ulm.de
# [IPV4]: Do not try to unhash null-netdev nexthops.
#
# Signed-off-by: Christian Ehrhardt <ehrhardt@mathematik.uni-ulm.de>
# Signed-off-by: David S. Miller <davem@davemloft.net>
#
# net/ipv4/fib_semantics.c
# 2004/10/25 20:09:01-07:00 ehrhardt@mathematik.uni-ulm.de +2 -0
# [IPV4]: Do not try to unhash null-netdev nexthops.
#
# Signed-off-by: Christian Ehrhardt <ehrhardt@mathematik.uni-ulm.de>
# Signed-off-by: David S. Miller <davem@davemloft.net>
#
diff -Nru a/net/ipv4/fib_semantics.c b/net/ipv4/fib_semantics.c
--- a/net/ipv4/fib_semantics.c 2004-11-30 20:22:10 -08:00
+++ b/net/ipv4/fib_semantics.c 2004-11-30 20:22:10 -08:00
@@ -163,6 +163,8 @@
if (fi->fib_prefsrc)
hlist_del(&fi->fib_lhash);
change_nexthops(fi) {
+ if (!nh->nh_dev)
+ continue;
hlist_del(&nh->nh_hash);
} endfor_nexthops(fi)
fi->fib_dead = 1;
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2004-12-01 4:46 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2004-12-01 1:16 PROBLEM: OOPS in Linux 2.6.9, fib_release_info Martin Lucina
2004-12-01 4:46 ` David S. Miller
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).