Slab debugging clears out memory after it's freed, which is why we see all the "6b"s below. It makes the kernel slow but it's great for debugging. I recommend it.
On Thu, Sep 29, 2011 at 10:17:21AM -0700, Ethan Jackson wrote: > Strange, I've run that exact test several times and never had a crash. > Slab debugging is intended to catch that sort of thing? Perhaps I > should enable it to. > > Ethan > > On Thu, Sep 29, 2011 at 09:50, Ben Pfaff <[email protected]> wrote: > > Commit f14d80834 "datapath: genl_notify() on port disappearances" frees the > > vport before passing it to ovs_vport_cmd_build_info(), which reads the > > freed data. > > > > Without this commit, the following commands consistently trigger a kernel > > BUG report on my test VM (which has slab debugging enabled) on 3 attempts: > > > > ? ?tunctl > > ? ?ovs-vsctl add-port br0 tap0 > > ? ?tunctl -d tap0 > > > > With this commit, I consistently don't see the BUG, on a few hundred tries > > in a tight loop. > > > > The interesting log information is: > > > > ? ?device tap0 entered promiscuous mode > > ? ?device tap0 left promiscuous mode > > ? ?BUG: unable to handle kernel paging request at 6b6b6ba7 > > ? ?IP: [<c88269ed>] get_vport_protected+0x8/0x52 [openvswitch_mod] > > ? ?*pde = 00000000 > > ? ?Oops: 0000 [#1] SMP > > ? ?last sysfs file: /sys/devices/pci0000:00/0000:00:04.0/net/eth1/carrier > > ? ?Modules linked in: brcompat_mod openvswitch_mod > > > > ? ?Pid: 653, comm: tunctl Not tainted 2.6.37+ #25 /Bochs > > ? ?EIP: 0060:[<c88269ed>] EFLAGS: 00010246 CPU: 0 > > ? ?EIP is at get_vport_protected+0x8/0x52 [openvswitch_mod] > > ? ?EAX: 6b6b6ba7 EBX: 00000000 ECX: 00000000 EDX: 00000000 > > ? ?ESI: c6d98400 EDI: c5c32074 EBP: c6ff1de8 ESP: c6ff1de4 > > ? ? DS: 007b ES: 007b FS: 00d8 GS: 0000 SS: 0068 > > ? ?Process tunctl (pid: 653, ti=c6ff0000 task=c5c3a820 task.ti=c6ff0000) > > ? ?Stack: > > ? ? 00000000 c6ff1df8 c8826b1d 6b6b6b6b c6d77ab0 c6ff1e14 c8826dc6 c7489160 > > ? ? 00000f40 c6d98400 c6d77ab0 00000000 c6ff1e3c c88286fa 00000000 00000000 > > ? ? 00000002 02ff1e34 00000000 c6d77ab0 c6df98a0 00000006 c6ff1e54 c8828aa2 > > ? ?Call Trace: > > ? ? [<c8826b1d>] ? get_dpifindex+0x1b/0x31 [openvswitch_mod] > > ? ? [<c8826dc6>] ? ovs_vport_cmd_fill_info+0x40/0x183 [openvswitch_mod] > > ? ? [<c88286fa>] ? ovs_vport_cmd_build_info+0x3f/0x62 [openvswitch_mod] > > ? ? [<c8828aa2>] ? dp_device_event+0x56/0xb0 [openvswitch_mod] > > ? ? [<c1046c0d>] ? notifier_call_chain+0x6d/0x96 > > ? ? [<c1046c52>] ? raw_notifier_call_chain+0xc/0xe > > ? ? [<c1254c10>] ? call_netdevice_notifiers+0x3c/0x43 > > ? ? [<c1255029>] ? rollback_registered_many+0xd4/0x18b > > ? ? [<c1255146>] ? rollback_registered+0x23/0x28 > > ? ? [<c1255199>] ? unregister_netdevice_queue+0x4e/0x6b > > ? ? [<c1227d2e>] ? tun_chr_close+0x3f/0x76 > > > > Signed-off-by: Ben Pfaff <[email protected]> > > --- > > ?datapath/dp_notify.c | ? ?2 +- > > ?1 files changed, 1 insertions(+), 1 deletions(-) > > > > diff --git a/datapath/dp_notify.c b/datapath/dp_notify.c > > index 942d628..07fd222 100644 > > --- a/datapath/dp_notify.c > > +++ b/datapath/dp_notify.c > > @@ -37,9 +37,9 @@ static int dp_device_event(struct notifier_block *unused, > > unsigned long event, > > ? ? ? ? ? ? ? ?if (!is_internal_dev(dev)) { > > ? ? ? ? ? ? ? ? ? ? ? ?struct sk_buff *reply; > > > > - ? ? ? ? ? ? ? ? ? ? ? dp_detach_port(vport); > > ? ? ? ? ? ? ? ? ? ? ? ?reply = ovs_vport_cmd_build_info(vport, 0, 0, > > ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? OVS_VPORT_CMD_DEL); > > + ? ? ? ? ? ? ? ? ? ? ? dp_detach_port(vport); > > ? ? ? ? ? ? ? ? ? ? ? ?if (IS_ERR(reply)) { > > ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?netlink_set_err(INIT_NET_GENL_SOCK, 0, > > ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?dp_vport_multicast_group.id, > > -- > > 1.7.4.4 > > > > _______________________________________________ > > dev mailing list > > [email protected] > > http://openvswitch.org/mailman/listinfo/dev > > _______________________________________________ dev mailing list [email protected] http://openvswitch.org/mailman/listinfo/dev
