* Re: [Bug 15582] New: BUG: unable to handle kernel NULL pointer dereference at 0000000000000028
[not found] <bug-15582-27@http.bugzilla.kernel.org/>
@ 2010-03-22 23:14 ` Andrew Morton
2010-03-23 4:00 ` David Miller
0 siblings, 1 reply; 4+ messages in thread
From: Andrew Morton @ 2010-03-22 23:14 UTC (permalink / raw)
To: Patrick McHardy, Jeff Kirsher, Jesse Brandeburg, Bruce Allan, Alex Duyck
Cc: bugzilla-daemon, netdev, stivi
(switched to email. Please respond via emailed reply-to-all, not via the
bugzilla web interface).
On Fri, 19 Mar 2010 12:01:10 GMT
bugzilla-daemon@bugzilla.kernel.org wrote:
> http://bugzilla.kernel.org/show_bug.cgi?id=15582
>
> Summary: BUG: unable to handle kernel NULL pointer dereference
> at 0000000000000028
A bug in igb or the vlan code, I guess.
> Product: Memory Management
> Version: 2.5
> Kernel Version: 2.6.33.1
> Platform: All
> OS/Version: Linux
> Tree: Mainline
> Status: NEW
> Severity: normal
> Priority: P1
> Component: Other
> AssignedTo: akpm@linux-foundation.org
> ReportedBy: stivi@kity.pl
> Regression: No
>
>
> Distribution:Debian Lenny
>
> Hardware Environment:
> INTEL Server Board S5520HC
> Intel(R) Xeon(R) CPU X5560 @ 2.80GHz
> 2x RAID bus controller 3ware Inc 9690SA-8I
>
> Software Environment: squid (multi instances)
>
> Problem Description:
>
> The following error occurs whenever i halt the machine:
> [ 439.629361] BUG: unable to handle kernel NULL pointer dereference at
> 0000000000000028
> [ 439.723410] IP: [<ffffffff812462aa>] vlan_gro_common+0xd7/0x190
> [ 439.794374] PGD 0
> [ 439.818655] Oops: 0000 [#1] SMP
> [ 439.857638] last sysfs file:
> /sys/devices/pci0000:00/0000:00:09.0/0000:05:00.0/host1/target1:0:0/1:0:0:0/block/sdc/queue/nr_requests
> [ 440.000143] CPU 7
> [ 440.024385] Pid: 0, comm: swapper Not tainted 2.6.33.1-univ #1
> S5520HC/S5520HC
> [ 440.110817] RIP: 0010:[<ffffffff812462aa>] [<ffffffff812462aa>]
> vlan_gro_common+0xd7/0x190
> [ 440.210919] RSP: 0018:ffff8800283c3d10 EFLAGS: 00010203
> [ 440.274472] RAX: 0000000000000001 RBX: ffff88066d5fd818 RCX:
> ffff8806683aa680
> [ 440.359798] RDX: 00000000000003e7 RSI: 0000000000000000 RDI:
> ffff88066d2b2000
> [ 440.445124] RBP: 00000000000003e7 R08: ffff88066c5ea000 R09:
> ffff8806683aa680
> [ 440.530488] R10: 00000000000003e7 R11: 000000000000040b R12:
> 0000000000000000
> [ 440.615816] R13: ffff88066d5fd818 R14: 000000000000003e R15:
> 000000000000040c
> [ 440.701169] FS: 0000000000000000(0000) GS:ffff8800283c0000(0000)
> knlGS:0000000000000000
> [ 440.797986] CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b
> [ 440.866705] CR2: 0000000000000028 CR3: 0000000001361000 CR4:
> 00000000000006e0
> [ 440.952036] DR0: 0000000000000000 DR1: 0000000000000000 DR2:
> 0000000000000000
> [ 441.037364] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7:
> 0000000000000400
> [ 441.122690] Process swapper (pid: 0, threadinfo ffff88066fa82000, task
> ffff88066fa7acd0)
> [ 441.219462] Stack:
> [ 441.243535] ffff8806683aa680 ffffffff812466c7 0000000000000246
> ffff8806683aa680
> [ 441.330462] <0> 000000000000003e ffff88066d5fd680 0000000000000008
> ffffffffa00b1871
> [ 441.422868] <0> 0000000000000000 0000000000000000 0000000000000000
> 0000000000000000
> [ 441.517692] Call Trace:
> [ 441.546959] <IRQ>
> [ 441.572233] [<ffffffff812466c7>] ? vlan_gro_receive+0x6e/0x83
> [ 441.641993] [<ffffffffa00b1871>] ? igb_poll+0x741/0xe80 [igb]
> [ 441.711790] [<ffffffff811e07ee>] ? net_rx_action+0xa8/0x1a1
> [ 441.779478] [<ffffffff81039ffe>] ? __do_softirq+0xd7/0x195
> [ 441.846122] [<ffffffff8100370c>] ? call_softirq+0x1c/0x28
> [ 441.911727] [<ffffffff81005325>] ? do_softirq+0x31/0x63
> [ 441.975300] [<ffffffff81039df4>] ? irq_exit+0x36/0x78
> [ 442.036746] [<ffffffff81004a26>] ? do_IRQ+0xa7/0xbd
> [ 442.096119] [<ffffffff81258ed3>] ? ret_from_intr+0x0/0xa
> [ 442.160685] <EOI>
> [ 442.185957] [<ffffffff811cad43>] ? poll_idle+0x1b/0x55
> [ 442.248444] [<ffffffff811cad32>] ? poll_idle+0xa/0x55
> [ 442.309890] [<ffffffff811cb06a>] ? cpuidle_idle_call+0x8e/0xe8
> [ 442.380683] [<ffffffff81001cd4>] ? cpu_idle+0x53/0x8b
> [ 442.442133] Code: 41 81 79 7e 88 09 0f 85 d1 00 00 00 44 89 d2 44 89 d0 66
> 81 e2 ff 0f 80 cc 10 66 41 89 81 b8 00 00 00 89 d0 66 c1 e8 09 0f b7 c0 <48> 8b
> 4c c6 20 31 c0 48 85 c9 74 0c 48 89 d0 25 ff$
> [ 442.678920] RIP [<ffffffff812462aa>] vlan_gro_common+0xd7/0x190
> [ 442.750922] RSP <ffff8800283c3d10>
> [ 442.792645] CR2: 0000000000000028
> [ 442.832293] ---[ end trace 9245d00ed2188cae ]---
> [ 442.887516] Kernel panic - not syncing: Fatal exception in interrupt
> [ 442.963506] Pid: 0, comm: swapper Tainted: G D 2.6.33.1-univ #1
> [ 443.042610] Call Trace:
> [ 443.071875] <IRQ> [<ffffffff812568b7>] ? panic+0x86/0x145
> [ 443.138593] [<ffffffff81039e06>] ? irq_exit+0x48/0x78
> [ 443.200050] [<ffffffff81258ed3>] ? ret_from_intr+0x0/0xa
> [ 443.264661] [<ffffffff8103554c>] ? kmsg_dump+0x99/0x124
> [ 443.328202] [<ffffffff81006416>] ? oops_end+0x9f/0xac
> [ 443.389656] [<ffffffff8101e9af>] ? no_context+0x1f2/0x201
> [ 443.455263] [<ffffffffa014cd20>] ? bond_dev_queue_xmit+0x14c/0x169
> [bonding]
> [ 443.540611] [<ffffffff8101eb65>] ? __bad_area_nosemaphore+0x1a7/0x1cb
> [ 443.618679] [<ffffffff811e0d8f>] ? dev_hard_start_xmit+0x221/0x2dd
> [ 443.693630] [<ffffffff811e134d>] ? dev_queue_xmit+0x401/0x433
> [ 443.763397] [<ffffffff812590df>] ? page_fault+0x1f/0x30
> [ 443.826927] [<ffffffff812462aa>] ? vlan_gro_common+0xd7/0x190
> [ 443.896686] [<ffffffff812466c7>] ? vlan_gro_receive+0x6e/0x83
> [ 443.966485] [<ffffffffa00b1871>] ? igb_poll+0x741/0xe80 [igb]
> [ 444.036246] [<ffffffff811e07ee>] ? net_rx_action+0xa8/0x1a1
> [ 444.103927] [<ffffffff81039ffe>] ? __do_softirq+0xd7/0x195
> [ 444.170569] [<ffffffff8100370c>] ? call_softirq+0x1c/0x28
> [ 444.236176] [<ffffffff81005325>] ? do_softirq+0x31/0x63
> [ 444.299704] [<ffffffff81039df4>] ? irq_exit+0x36/0x78
> [ 444.361157] [<ffffffff81004a26>] ? do_IRQ+0xa7/0xbd
> [ 444.420533] [<ffffffff81258ed3>] ? ret_from_intr+0x0/0xa
> [ 444.485101] <EOI> [<ffffffff811cad43>] ? poll_idle+0x1b/0x55
> [ 444.555036] [<ffffffff811cad32>] ? poll_idle+0xa/0x55
> [ 444.616486] [<ffffffff811cb06a>] ? cpuidle_idle_call+0x8e/0xe8
> [ 444.687283] [<ffffffff81001cd4>] ? cpu_idle+0x53/0x8b
>
> Steps to reproduce: Whenever i halt the machine.
>
>
> Igb driver is replaced by:
> http://downloadcenter.intel.com/detail_desc.aspx?agr=Y&DwnldID=13663
>
> This is the same machine from bugs:
> https://bugzilla.kernel.org/show_bug.cgi?id=15148,
> https://bugzilla.kernel.org/show_bug.cgi?id=15581.
>
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [Bug 15582] New: BUG: unable to handle kernel NULL pointer dereference at 0000000000000028
2010-03-22 23:14 ` [Bug 15582] New: BUG: unable to handle kernel NULL pointer dereference at 0000000000000028 Andrew Morton
@ 2010-03-23 4:00 ` David Miller
2010-03-23 18:32 ` Duyck, Alexander H
0 siblings, 1 reply; 4+ messages in thread
From: David Miller @ 2010-03-23 4:00 UTC (permalink / raw)
To: akpm
Cc: kaber, jeffrey.t.kirsher, jesse.brandeburg, bruce.w.allan,
alexander.h.duyck, peter.p.waskiewicz.jr, bugzilla-daemon,
netdev, stivi
From: Andrew Morton <akpm@linux-foundation.org>
Date: Mon, 22 Mar 2010 16:14:16 -0700
>
> (switched to email. Please respond via emailed reply-to-all, not via the
> bugzilla web interface).
>
> On Fri, 19 Mar 2010 12:01:10 GMT
> bugzilla-daemon@bugzilla.kernel.org wrote:
>
>> http://bugzilla.kernel.org/show_bug.cgi?id=15582
>>
>> Summary: BUG: unable to handle kernel NULL pointer dereference
>> at 0000000000000028
>
> A bug in igb or the vlan code, I guess.
Hmmm, should have been fixed by:
commit d1c76af9e2434fac3add561e26c61b06503de986
Author: Herbert Xu <herbert@gondor.apana.org.au>
Date: Mon Mar 16 10:50:02 2009 -0700
GRO: Move netpoll checks to correct location
...
Nevermind, the backtrace signature is different for this
one.
^ permalink raw reply [flat|nested] 4+ messages in thread
* RE: [Bug 15582] New: BUG: unable to handle kernel NULL pointer dereference at 0000000000000028
2010-03-23 4:00 ` David Miller
@ 2010-03-23 18:32 ` Duyck, Alexander H
2010-03-23 19:40 ` David Miller
0 siblings, 1 reply; 4+ messages in thread
From: Duyck, Alexander H @ 2010-03-23 18:32 UTC (permalink / raw)
To: David Miller, akpm
Cc: kaber, Kirsher, Jeffrey T, Brandeburg, Jesse, Allan, Bruce W,
Waskiewicz Jr, Peter P, bugzilla-daemon, netdev, stivi
David Miller wrote:
> From: Andrew Morton <akpm@linux-foundation.org>
> Date: Mon, 22 Mar 2010 16:14:16 -0700
>
>>
>> (switched to email. Please respond via emailed reply-to-all, not
>> via the bugzilla web interface).
>>
>> On Fri, 19 Mar 2010 12:01:10 GMT
>> bugzilla-daemon@bugzilla.kernel.org wrote:
>>
>>> http://bugzilla.kernel.org/show_bug.cgi?id=15582
>>>
>>> Summary: BUG: unable to handle kernel NULL pointer
>>> dereference at 0000000000000028
>>
>> A bug in igb or the vlan code, I guess.
>
> Hmmm, should have been fixed by:
>
> commit d1c76af9e2434fac3add561e26c61b06503de986
> Author: Herbert Xu <herbert@gondor.apana.org.au>
> Date: Mon Mar 16 10:50:02 2009 -0700
>
> GRO: Move netpoll checks to correct location
>
>
> ...
>
> Nevermind, the backtrace signature is different for this
> one.
Actually I think this may be a bug in igb_receive_skb. My guess would be that promiscuous mode is somehow being enabled which is turning off the vlan filtering and as a result we are probably picking up vlan traffic when we have no vlans registered. The null pointer in that case would be adapter->vlgrp.
The patch below should address it. However I suspect it will get mangled by our email system here so I don't believe it will apply. I have also sent a copy of to Jeff to pull into his tree for testing and submission.
Thanks,
Alex
---
This change makes it so that vlan_gro_receive is only used if vlans have been
registered to the adapter structure. Previously we were just sending all vlan
tagged frames in via this function but this results in a null pointer
dereference when vlans are not registered.
Signed-off-by: Alexander Duyck <alexander.h.duyck@intel.com>
---
drivers/net/igb/igb_main.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/drivers/net/igb/igb_main.c b/drivers/net/igb/igb_main.c
index 45a0e4f..7855f71 100644
--- a/drivers/net/igb/igb_main.c
+++ b/drivers/net/igb/igb_main.c
@@ -5110,7 +5110,7 @@ static void igb_receive_skb(struct igb_q_vector *q_vector,
{
struct igb_adapter *adapter = q_vector->adapter;
- if (vlan_tag)
+ if (vlan_tag && adapter->vlgrp)
vlan_gro_receive(&q_vector->napi, adapter->vlgrp,
vlan_tag, skb);
else
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [Bug 15582] New: BUG: unable to handle kernel NULL pointer dereference at 0000000000000028
2010-03-23 18:32 ` Duyck, Alexander H
@ 2010-03-23 19:40 ` David Miller
0 siblings, 0 replies; 4+ messages in thread
From: David Miller @ 2010-03-23 19:40 UTC (permalink / raw)
To: alexander.h.duyck
Cc: akpm, kaber, jeffrey.t.kirsher, jesse.brandeburg, bruce.w.allan,
peter.p.waskiewicz.jr, bugzilla-daemon, netdev, stivi
From: "Duyck, Alexander H" <alexander.h.duyck@intel.com>
Date: Tue, 23 Mar 2010 11:32:19 -0700
> The patch below should address it. However I suspect it will get
> mangled by our email system here so I don't believe it will apply.
> I have also sent a copy of to Jeff to pull into his tree for testing
> and submission.
Good spotting, thanks Alex.
I'll wait for testing and a final version via Jeff.
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2010-03-23 19:39 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
[not found] <bug-15582-27@http.bugzilla.kernel.org/>
2010-03-22 23:14 ` [Bug 15582] New: BUG: unable to handle kernel NULL pointer dereference at 0000000000000028 Andrew Morton
2010-03-23 4:00 ` David Miller
2010-03-23 18:32 ` Duyck, Alexander H
2010-03-23 19:40 ` David Miller
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.