[rds-devel] rds-ping segfault with future/20090218
Martin Scholl
ms at diskware.net
Mon Feb 23 10:17:33 PST 2009
Hello again,
just workaround'd the issue below -- tiny patch is attached, also.
The issue gets triggered by rds_message_alloc() which calls
sg_init_table with nents == 0, which in turn triggers an "integer
overflow" afaics (not sure about the terminology here, thought).
I'm sending to andy.g... at oracle.com because I didn't receive any copy of
my former email.
Hope it helps,
Martin
Martin Scholl wrote:
> Hello all,
>
>
> I have just checked out branch future/20090218 of
> ~agrover/ofed_1_4/linux-2.6.
>
> I get an oops when doing "rds-ping <ip>". I have tested rds-ping on 2
> machines which both oops'd. As you can see, we are using a Chelsio 10gbe
> card:
> eth2: Chelsio T310 10GBASE-SR RNIC (rev 3) PCI Express x8 MSI-X
> eth2: 128MB CM, 256MB PMTX, 256MB PMRX, S/N: PTxxxxxxxxx
>
> ============================
>
> [ 394.691599] BUG: unable to handle kernel paging request at
> ffff88213e0533b8
> [ 394.691605] IP: [<ffffffff803aa7be>] sg_init_table+0x2e/0x50
> [ 394.691613] PGD 202063 PUD 0
> [ 394.691616] Oops: 0000 [#1] SMP
> [ 394.691619] last sysfs file:
> /sys/devices/pci0000:00/0000:00:01.0/0000:01:00.0/net/eth2/flags
> [ 394.691622] CPU 0
> [ 394.691623] Modules linked in: rds rdma_cm ib_cm iw_cm ib_sa ib_mad
> ib_addr iw_cxgb3 ib_core cxgb3 binfmt_misc rfcomm bridge stp bnep sco
> l2cap bluetooth cpufreq_powersave cpufreq_stats cpufreq_userspace
> cpufreq_conservative cpufreq_ondemand freq_table pci_slot video output
> sbs sbshc container battery nfs lockd nfs_acl auth_rpcgss sunrpc
> af_packet ipv6 iptable_filter ip_tables x_tables nls_iso8859_1 nls_cp437
> vfat fat ac r8169 mii evdev iTCO_wdt iTCO_vendor_support serio_raw
> pcspkr button intel_agp shpchp pci_hotplug ext3 jbd mbcache sd_mod
> crc_t10dif sg ata_generic ata_piix pata_acpi libata scsi_mod skge
> ehci_hcd uhci_hcd usbcore thermal processor fan fuse [last unloaded: cxgb3]
> [ 394.691676] Pid: 5623, comm: rds-ping Not tainted 2.6.29-rc5-ofed #1
> G31M-S2L
> [ 394.691678] RIP: 0010:[<ffffffff803aa7be>] [<ffffffff803aa7be>]
> sg_init_table+0x2e/0x50
> [ 394.691682] RSP: 0018:ffff88013d145b68 EFLAGS: 00010202
> [ 394.691684] RAX: 0000001fffffffe0 RBX: 0000000000000000 RCX:
> 0000000000000000
> [ 394.691686] RDX: ffff88213e0533b8 RSI: 0000000000000000 RDI:
> ffff88013e0533d8
> [ 394.691688] RBP: ffff88013d145b78 R08: 0000000000000000 R09:
> ffff88013e0533d8
> [ 394.691690] R10: 0000000000000000 R11: 0000000000000246 R12:
> ffff88013e0533d8
> [ 394.691692] R13: ffff88013d145ee8 R14: ffff880132c29a00 R15:
> 000000000d0b000a
> [ 394.691695] FS: 00007f0cad9966e0(0000) GS:ffffffff80794080(0000)
> knlGS:0000000000000000
> [ 394.691697] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> [ 394.691699] CR2: ffff88213e0533b8 CR3: 000000013293c000 CR4:
> 00000000000006e0
> [ 394.691701] DR0: 0000000000000000 DR1: 0000000000000000 DR2:
> 0000000000000000
> [ 394.691703] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7:
> 0000000000000400
> [ 394.691706] Process rds-ping (pid: 5623, threadinfo ffff88013d144000,
> task ffff880132412c80)
> [ 394.691707] Stack:
> [ 394.691709] ffff88013e053300 0000000000000000 ffff88013d145b98
> ffffffffa03e1849
> [ 394.691712] ffff88013d145f28 ffff88013d145ee8 ffff88013d145be8
> ffffffffa03e1c60
> [ 394.691716] 0000000000000000 0000000000000000 0000000000000000
> 0000000000000000
> [ 394.691720] Call Trace:
> [ 394.691722] [<ffffffffa03e1849>] rds_message_alloc+0x39/0x70 [rds]
> [ 394.691734] [<ffffffffa03e1c60>]
> rds_message_copy_from_user+0x30/0x1a0 [rds]
> [ 394.691744] [<ffffffffa03e2f26>] rds_sendmsg+0x116/0x610 [rds]
> [ 394.691754] [<ffffffff8044db17>] sock_sendmsg+0x107/0x130
> [ 394.691758] [<ffffffff80260b90>] ? autoremove_wake_function+0x0/0x40
> [ 394.691763] [<ffffffff804fb4b7>] ? wait_for_common+0x37/0x180
> [ 394.691766] [<ffffffff803a4362>] ? __up_read+0x92/0xb0
> [ 394.691770] [<ffffffff802648e9>] ? up_read+0x9/0x10
> [ 394.691774] [<ffffffff804ffc76>] ? do_page_fault+0x216/0x9f0
> [ 394.691777] [<ffffffff8044dfaa>] sys_sendto+0xea/0x120
> [ 394.691780] [<ffffffff8044d380>] ? sys_bind+0xb0/0xd0
> [ 394.691783] [<ffffffff802e6130>] ? fd_install+0x30/0x60
> [ 394.691787] [<ffffffff8020c75b>] system_call_fastpath+0x16/0x1b
> [ 394.691791] Code: 48 c1 e2 05 48 89 e5 48 83 ec 10 48 89 1c 24 89 f3
> 31 f6 4c 89 64 24 08 49 89 fc e8 9d d0 ff ff 8d 43 ff 48 c1 e0 05 49 8d
> 14 04 <48> 8b 02 48 83 c8 02 48 83 e0 fe 48 89 02 48 8b 1c 24 4c 8b 64
> [ 394.691822] RIP [<ffffffff803aa7be>] sg_init_table+0x2e/0x50
> [ 394.691825] RSP <ffff88013d145b68>
> [ 394.691826] CR2: ffff88213e0533b8
> [ 394.691829] ---[ end trace b08cc1b2d667feeb ]---
>
>
> ===========================
>
> Am I doing anything wrong here? Is there anything I can do to help you
> fix the issue?
>
>
> Thank you,
> Martin
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: rds-fix-scatterlist-alloc.diff
Type: text/x-patch
Size: 392 bytes
Desc: not available
Url : http://oss.oracle.com/pipermail/rds-devel/attachments/20090223/411b6937/attachment.bin
More information about the rds-devel
mailing list