Project

General

Profile

Bug #168

general protection error in batadv_purge_outstanding_packets()

Added by Linus Lüssing over 8 years ago. Updated over 4 years ago.

Status:
Closed
Priority:
Normal
Target version:
Start date:
02/26/2013
Due date:
% Done:

0%

Estimated time:

Description

With batman-adv 2013.0.0 I'm getting a general protection error when adding the following mdelay-patch and rmmod'ing batman-adv a few times:


diff --git a/bat_iv_ogm.c b/bat_iv_ogm.c
index 3581e2f..6228891 100644
--- a/bat_iv_ogm.c
+++ b/bat_iv_ogm.c
@@ -89,6 +89,9 @@ out:

 static void batadv_iv_ogm_iface_disable(struct batadv_hard_iface *hard_iface)
 {
+int i;
+for (i = 0; i < 100; i++)
+mdelay(10);
        kfree(hard_iface->bat_iv.ogm_buff);
        hard_iface->bat_iv.ogm_buff = NULL;
 }
@@ -604,6 +607,11 @@ static void batadv_iv_ogm_schedule(struct batadv_hard_iface *hard_iface)
        uint32_t seqno;
        uint8_t bandwidth;

+if (!ogm_buff)
+printk("ogm_buff is NULL!\n");
+else if (!(*ogm_buff))
+printk("*ogm_buff is NULL!\n");
+
        vis_server = atomic_read(&bat_priv->vis_mode);
        primary_if = batadv_primary_if_get_selected(bat_priv);

diff --git a/soft-interface.c b/soft-interface.c
index e7dcb40..37f43e2 100644
--- a/soft-interface.c
+++ b/soft-interface.c
@@ -489,7 +489,7 @@ struct net_device *batadv_softif_create(const char *name)
        atomic_set(&bat_priv->gw_mode, BATADV_GW_MODE_OFF);
        atomic_set(&bat_priv->gw_sel_class, 20);
        atomic_set(&bat_priv->gw_bandwidth, 41);
-   atomic_set(&bat_priv->orig_interval, 1000);
+ atomic_set(&bat_priv->orig_interval, 100);
        atomic_set(&bat_priv->hop_penalty, 30);
        atomic_set(&bat_priv->log_level, 0);
        atomic_set(&bat_priv->fragmentation, 1);

And the trace looks like this:


[   97.470321] batman_adv: B.A.T.M.A.N. advanced 2013.0.0-dirty (compatibility version 14) loaded
[   97.776087] 8139cp 0000:00:03.0: eth1: link up, 100Mbps, full-duplex, lpa 0x05E1
[   97.795283] 8139cp 0000:00:04.0: eth2: link up, 100Mbps, full-duplex, lpa 0x05E1
[   97.819594] 8139cp 0000:00:05.0: eth3: link up, 100Mbps, full-duplex, lpa 0x05E1
[   97.842143] 8139cp 0000:00:06.0: eth4: link up, 100Mbps, full-duplex, lpa 0x05E1
[   97.849380] batman_adv: bat0: Adding interface: eth1
[   97.851157] batman_adv: bat0: Interface activated: eth1
[   97.855575] batman_adv: bat0: Adding interface: eth2
[   97.857391] batman_adv: bat0: Interface activated: eth2
[   97.860655] batman_adv: bat0: Adding interface: eth3
[   97.862371] batman_adv: bat0: Interface activated: eth3
[   97.864395] batman_adv: bat0: Adding interface: eth4
[   97.866133] batman_adv: bat0: Interface activated: eth4
[  106.832856] batman_adv: bat0: Interface deactivated: eth1
[  106.834769] batman_adv: bat0: Removing interface: eth1
[  107.832976] batman_adv: bat0: Interface deactivated: eth2
[  107.834404] batman_adv: bat0: Removing interface: eth2
[  108.830973] sched: RT throttling activated
[  108.833589] batman_adv: bat0: Interface deactivated: eth3
[  108.835457] batman_adv: bat0: Removing interface: eth3
[  109.832521] batman_adv: bat0: Interface deactivated: eth4
[  109.834458] batman_adv: bat0: Removing interface: eth4
[  111.342943] batman_adv: B.A.T.M.A.N. advanced 2013.0.0-dirty (compatibility version 14) loaded
[  111.691791] batman_adv: bat0: Adding interface: eth1
[  111.693647] batman_adv: bat0: Interface activated: eth1
[  111.698128] batman_adv: bat0: Adding interface: eth2
[  111.699841] batman_adv: bat0: Interface activated: eth2
[  111.701781] batman_adv: bat0: Adding interface: eth3
[  111.703639] batman_adv: bat0: Interface activated: eth3
[  111.707130] batman_adv: bat0: Adding interface: eth4
[  111.708913] batman_adv: bat0: Interface activated: eth4
[  115.612968] batman_adv: bat0: Interface deactivated: eth1
[  115.614884] batman_adv: bat0: Removing interface: eth1
[  116.625598] general protection fault: 0000 [#1] SMP
[  116.627441] CPU 0
[  116.628013] Modules linked in: batman_adv(O-) crc32c libcrc32c crc16 dm_crypt md_mod snd_pcm snd_page_alloc snd_timer snd soundcore evdev ata_generic pcspkr psmouse floppy serio_raw ata_piix libata processor thermal_sys 8139too 8139cp button mii scsi_mod i2c_piix4 i2c_core 9p fscache virtio_pci dm_mirror dm_region_hash dm_log dm_mod 9pnet_virtio virtio_ring virtio 9pnet [last unloaded: batman_adv]
[  116.628013]
[  116.628013] Pid: 2672, comm: rmmod Tainted: G           O 3.2.0-4-amd64 #1 Debian 3.2.35-2 Bochs Bochs
[  116.628013] RIP: 0010:[<ffffffffa01c1ecc>]  [<ffffffffa01c1ecc>] batadv_purge_outstanding_packets+0xdb/0xf7 [batman_adv]
[  116.628013] RSP: 0018:ffff880005c3bde8  EFLAGS: 00010286
[  116.628013] RAX: 0000000000000013 RBX: dead000000100100 RCX: ffffffff8168ea40
[  116.628013] RDX: 0000000000000012 RSI: ffff880005915bc0 RDI: 0000000000000282
[  116.628013] RBP: ffff88000773f880 R08: 0000000000000200 R09: ffffffff8168ea80
[  116.628013] R10: ffff880005950000 R11: ffff88000756b9c0 R12: dead000000100100
[  116.628013] R13: ffff880005f98ec0 R14: ffff880005f98e01 R15: ffff88000773f000
[  116.628013] FS:  00007f622d947700(0000) GS:ffff880007800000(0000) knlGS:0000000000000000
[  116.628013] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  116.628013] CR2: 00007f622d522ae0 CR3: 000000000586d000 CR4: 00000000000006f0
[  116.628013] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  116.628013] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[  116.628013] Process rmmod (pid: 2672, threadinfo ffff880005c3a000, task ffff88000587ee20)
[  116.628013] Stack:
[  116.628013]  ffff880005f98ec0 ffff880005f98ec0 ffff88000773f000 ffff88000773f740
[  116.628013]  ffff8800059a1cc0 ffff880005f98ec0 ffff88000773f000 ffffffffa01be491
[  116.628013]  ffff880005c3be78 ffff8800059a1cc0 0000000000000286 ffff880005f98ec0
[  116.628013] Call Trace:
[  116.628013]  [<ffffffffa01be491>] ? batadv_hardif_disable_interface+0x109/0x16c [batman_adv]
[  116.628013]  [<ffffffffa01be52c>] ? batadv_hardif_remove_interface+0x38/0x56 [batman_adv]
[  116.628013]  [<ffffffffa01be6de>] ? batadv_hard_if_event+0x194/0x250 [batman_adv]
[  116.628013]  [<ffffffff8128b8cf>] ? unregister_netdevice_notifier+0x68/0xac
[  116.628013]  [<ffffffffa01c7fb1>] ? batadv_exit+0x12/0x61 [batman_adv]
[  116.628013]  [<ffffffff81073861>] ? sys_delete_module+0x1d6/0x249
[  116.628013]  [<ffffffff81352012>] ? system_call_fastpath+0x16/0x1b
[  116.628013] Code: 48 89 ef 41 88 c6 e8 f1 b2 18 e1 45 84 f6 74 10 48 89 df e8 3f fa ff ff 48 89 df e8 28 fb ff ff 4c 89 e3 48 85 db 74 0a 4d 85 ed <4c> 8b 23 75 b6 eb bd 41 5b 5b 48 89 ef 5d 41 5c 41 5d 41 5e 41
[  116.628013] RIP  [<ffffffffa01c1ecc>] batadv_purge_outstanding_packets+0xdb/0xf7 [batman_adv]
[  116.628013]  RSP <ffff880005c3bde8>
[  116.720972] ---[ end trace a7f74d411f4c1d46 ]---
[  116.722551] Kernel panic - not syncing: Fatal exception in interrupt
[  116.724725] Pid: 2672, comm: rmmod Tainted: G      D    O 3.2.0-4-amd64 #1 Debian 3.2.35-2
[  116.727514] Call Trace:
[  116.728389]  [<ffffffff813467bc>] ? panic+0x95/0x1a5
[  116.730284]  [<ffffffff8134de86>] ? oops_end+0xa9/0xb6
[  116.732351]  [<ffffffff8134d5c5>] ? general_protection+0x25/0x30
[  116.734493]  [<ffffffffa01c1ecc>] ? batadv_purge_outstanding_packets+0xdb/0xf7 [batman_adv]
[  116.737402]  [<ffffffffa01c1ec1>] ? batadv_purge_outstanding_packets+0xd0/0xf7 [batman_adv]
[  116.740467]  [<ffffffffa01be491>] ? batadv_hardif_disable_interface+0x109/0x16c [batman_adv]
[  116.743540]  [<ffffffffa01be52c>] ? batadv_hardif_remove_interface+0x38/0x56 [batman_adv]
[  116.746454]  [<ffffffffa01be6de>] ? batadv_hard_if_event+0x194/0x250 [batman_adv]
[  116.749036]  [<ffffffff8128b8cf>] ? unregister_netdevice_notifier+0x68/0xac
[  116.751386]  [<ffffffffa01c7fb1>] ? batadv_exit+0x12/0x61 [batman_adv]
[  116.753632]  [<ffffffff81073861>] ? sys_delete_module+0x1d6/0x249
[  116.755707]  [<ffffffff81352012>] ? system_call_fastpath+0x16/0x1b

Where it's the following line in batadv_purge_outstanding_packets():


(gdb) l *(&batadv_purge_outstanding_packets+0xdb)
0x8ef0 is in batadv_purge_outstanding_packets (/var/batman/batman-adv-t_x/send.c:358).
353             }
354             spin_unlock_bh(&bat_priv->forw_bcast_list_lock);
355
356             /* free batman packet list */
357             spin_lock_bh(&bat_priv->forw_bat_list_lock);
358             hlist_for_each_entry_safe(forw_packet, tmp_node, safe_tmp_node,
359                                       &bat_priv->forw_bat_list, list) {
360
361                     /* if purge_outstanding_packets() was called with an argument
362                      * we delete only packets belonging to the given interface

History

#1

Updated by Simon Wunderlich over 7 years ago

I don't see this problem here (although it pointed me to another problem in master).

Can you still reproduce this problem in master?

(if you test on master, please make sure you have "batman-adv: fix NULL pointer deref in batadv_find_best_neighbor" applied).

#2

Updated by Marek Lindner over 6 years ago

Any update or can we close the ticket ?

#3

Updated by Marek Lindner over 6 years ago

  • Status changed from New to Closed

Closed due to inactivity. Feel free to re-open if the issue persists.

#4

Updated by Linus Lüssing almost 5 years ago

Just wanted to note, that the issue is still present (though granted, it is triggered quite rarely these days, but can still be forced with some mdelay()s in the code).

And a patch is available here: https://patchwork.open-mesh.org/project/b.a.t.m.a.n./patch/20161005234308.29871-2-linus.luessing@c0d3.blue/

(and arghh, I'm not allowed to reopen this issue, help! :D)

#5

Updated by Sven Eckelmann almost 5 years ago

  • Assignee set to Linus Lüssing
  • Status changed from Closed to In Progress
#6

Updated by Sven Eckelmann over 4 years ago

  • Status changed from In Progress to Resolved
#7

Updated by Sven Eckelmann over 4 years ago

  • Status changed from Resolved to Closed

Fix is part of the release 2016.5

#8

Updated by Sven Eckelmann over 4 years ago

  • Target version set to 2016.5

Also available in: Atom PDF