Bug 127390 - Kernel oops when GRE tunnels are used
Summary: Kernel oops when GRE tunnels are used
Keywords:
Status: CLOSED NEXTRELEASE
Alias: None
Product: Fedora
Classification: Fedora
Component: kernel
Version: 2
Hardware: i386
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Dave Jones
QA Contact: Brian Brock
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2004-07-07 16:12 UTC by Guðmundur D. H.
Modified: 2015-01-04 22:07 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2005-04-16 04:58:45 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)

Description Guðmundur D. H. 2004-07-07 16:12:44 UTC 
Description of problem:
I've had some problems with GRE tunnels on one of my machines. The
problem is that the tunnels are not reliable; sometimes they work,
sometimes not. 

While trying to solve the problem, I rmmod'ed the ip_gre kernel module
from the kernel, after having the tunnels (which are two) removed
first. Then I modprobe'd ip_gre again, and executed ip tunnel add [..]
mode gre [..], and got oops;

Unable to handle kernel paging request at virtual address 1290d098
 printing eip:
1290d098
*pde = 013f6067
Oops: 0000 [#1]
Modules linked in: ip_gre ipt_REJECT iptable_filter ip_nat_irc
ip_conntrack_irc ip_nat_ftp iptable_nat ip_conntrack_ftp ip_conntrack
ip_tables ipv6 autofs4 3c59x e100 mii microcode dm_mod uhci_hcd ext3
jbd aic7xxx sd_mod scsi_mod
CPU:    0
EIP:    0060:[<1290d098>]    Not tainted
EFLAGS: 00010202   (2.6.6-1.435.2.3) 
EIP is at 0x1290d098
eax: 10274000   ebx: 10274000   ecx: 00000000   edx: 1290d098
esi: 0ea63c20   edi: 022e9428   ebp: 00000b98   esp: 0d93dca4
ds: 007b   es: 007b   ss: 0068
Process ip (pid: 17683, threadinfo=0d93d000 task=10228c10)
Stack: 0223d9bf 022e9428 0d3c4398 10274000 000005c4 10274000 0d7ccbd4
00000005 
       0ea63c20 0223dabb 00004513 40ec1ec6 00000000 00000000 0ea63c20
000000d0 
       03249400 03249400 022463d4 11fff160 0d7ccbd4 0d7ccd54 11fc5a00
0d7ccbd4 
Call Trace:
 [<0223d9bf>] rtnetlink_fill_ifinfo+0x307/0x3c8
 [<0223dabb>] rtnetlink_dump_ifinfo+0x3b/0x56
 [<022463d4>] netlink_dump+0x75/0x159
 [<02246587>] netlink_dump_start+0xcf/0xd7
 [<0223ddbe>] rtnetlink_rcv+0x12f/0x313
 [<0223da80>] rtnetlink_dump_ifinfo+0x0/0x56
 [<0223dc8c>] rtnetlink_done+0x0/0x3
 [<0213639b>] follow_page_pfn+0xec/0xfd
 [<0213fe44>] rw_vm+0x1f8/0x218
 [<02246287>] netlink_data_ready+0x14/0x43
 [<02245b15>] netlink_sendskb+0x58/0x71
 [<022460a8>] netlink_sendmsg+0x255/0x264
 [<021816fe>] avc_has_perm_noaudit+0xb8/0x11b
 [<02232270>] sock_sendmsg+0x88/0xa2
 [<021817a0>] avc_has_perm+0x3f/0x49
 [<0213fe44>] rw_vm+0x1f8/0x218
 [<02140096>] get_user_size+0x2e/0x55
 [<022332f3>] sys_sendto+0xc7/0xe2
 [<0211452b>] do_page_fault+0x12f/0x446
 [<02232038>] sock_map_file+0x98/0x106
 [<0213639b>] follow_page_pfn+0xec/0xfd
 [<0213fe44>] rw_vm+0x1f8/0x218
 [<022339ea>] sys_socketcall+0xeb/0x179

Code:  Bad EIP value.
 
Version-Release number of selected component (if applicable):
Fedora Core 2 with all released updates applied, running kernel
2.6.6-1.435.2.3.

How reproducible:

modprobe ip_gre
ip tunnel add testing123 mode gre remote X.Y.Z.Q local Q.Z.Y.X
ifconfig testing123 192.168.253.1 pointopoint 192.168.253.2
ifconfig testing123 down
ip tunnel del testing123
rmmod ip_gre
modprobe ip_gre
ip tunnel add testing123 mode gre remote X.Y.Z.Q local Q.Z.Y.X

Comments are welcome.

Thanks,
Guðmundur D. Haraldsson.
Comment 1 Dave Jones 2005-01-14 06:03:49 UTC 
fixed in updates ?
Comment 2 Guðmundur D. H. 2005-02-08 02:40:34 UTC 
Well... no, not fied in updates :(

I put my commands I pasted here above in a file called foo, and ran
this sequence of commands:

sh foo
ping 172.16.3.3
ping 172.16.3.2
ping 172.16.3.1
ifconfig
ifconfig testing123 up
ifconfig testing123
ifconfig testing123 172.16.3.2 remote 172.16.3.1
ifconfig testing123 192.168.253.1 pointopoint 192.168.253.2
ifconfig
ping 192.168.253.2
ping 192.168.253.2
sh foo 
dmesg
dmesg
ifconfig
rmmod ip_gre
lsmod

At this point ifconfig started to crash:

[root@yztiklettur root]# ifconfig
Segmentation fault

dmesg outputs this:

GRE over IPv4 tunneling driver
divert: not allocating divert_blk for non-ethernet device gre0
divert: not allocating divert_blk for non-ethernet device testing123
divert: no divert_blk to free, testing123 not ethernet
divert: no divert_blk to free, gre0 not ethernet
GRE over IPv4 tunneling driver
divert: not allocating divert_blk for non-ethernet device gre0
divert: not allocating divert_blk for non-ethernet device testing123
ip_tables: (C) 2000-2002 Netfilter core team
ip_tables: (C) 2000-2002 Netfilter core team
divert: no divert_blk to free, testing123 not ethernet
divert: no divert_blk to free, gre0 not ethernet
GRE over IPv4 tunneling driver
divert: not allocating divert_blk for non-ethernet device gre0
divert: not allocating divert_blk for non-ethernet device testing123
divert: no divert_blk to free, gre0 not ethernet
Unable to handle kernel paging request at virtual address d096e0da
 printing eip:
d096e0da
*pde = 0fcd9067
Oops: 0000 [#1]
Modules linked in: iptable_filter ip_tables loop sd_mod floppy
usb_storage scsi_mod snd_pcm_oss snd_mixer_oss nls_utf8 cifs snd_sbawe
snd_opl3_lib snd_sb16_dsp snd_pcm snd_timer smbfs snd_page_alloc
snd_sb16_csp snd_sb_common snd_hwdep snd_mpu401_uart snd_rawmidi
snd_seq_device snd soundcore autofs4 3c59x md5 ipv6 microcode dm_mod
uhci_hcd ext3 jbd
CPU:    0
EIP:    0060:[<d096e0da>]    Not tainted VLI
EFLAGS: 00010282   (2.6.10-1.9_FC2) 
EIP is at 0xd096e0da
eax: c2cab000   ebx: c2cab000   ecx: c03754b4   edx: d096e0da
esi: ce092160   edi: c2cab000   ebp: 00000400   esp: c530cf48
ds: 007b   es: 007b   ss: 0068
Process ifconfig (pid: 25393, threadinfo=c530c000 task=c6659330)
Stack: c02a2ed2 c03754b4 ce092160 c02a2f52 c018231f 0000023e 00000000
b7dab000 
       00000004 00000000 00000003 00000000 c03754e0 c8a493e0 00000400
c530cfac 
       c015e975 c530cfac b7dab000 c8a493e0 fffffff7 008f9b40 c530c000
c015eb8a 
Call Trace:
 [<c02a2ed2>] dev_seq_printf_stats+0x11/0x7b
 [<c02a2f52>] dev_seq_show+0x16/0x19
 [<c018231f>] seq_read+0x171/0x22f
 [<c015e975>] vfs_read+0xb8/0xe4
 [<c015eb8a>] sys_read+0x3c/0x62
 [<c010339f>] syscall_call+0x7/0xb
Code:  Bad EIP value.
 <1>Unable to handle kernel paging request at virtual address d096e0da
 printing eip:
d096e0da
*pde = 0fcd9067
Oops: 0000 [#2]
Modules linked in: iptable_filter ip_tables loop sd_mod floppy
usb_storage scsi_mod snd_pcm_oss snd_mixer_oss nls_utf8 cifs snd_sbawe
snd_opl3_lib snd_sb16_dsp snd_pcm snd_timer smbfs snd_page_alloc
snd_sb16_csp snd_sb_common snd_hwdep snd_mpu401_uart snd_rawmidi
snd_seq_device snd soundcore autofs4 3c59x md5 ipv6 microcode dm_mod
uhci_hcd ext3 jbd
CPU:    0
EIP:    0060:[<d096e0da>]    Not tainted VLI
EFLAGS: 00010282   (2.6.10-1.9_FC2) 
EIP is at 0xd096e0da
eax: c2cab000   ebx: c2cab000   ecx: c03754b4   edx: d096e0da
esi: c9ebb260   edi: c2cab000   ebp: 00000400   esp: c6bc3f48
ds: 007b   es: 007b   ss: 0068
Process ifconfig (pid: 25394, threadinfo=c6bc3000 task=c6659330)
Stack: c02a2ed2 c03754b4 c9ebb260 c02a2f52 c018231f 0000023e 00000000
b7dab000 
       00000004 00000000 00000003 00000000 c03754e0 c3707f20 00000400
c6bc3fac 
       c015e975 c6bc3fac b7dab000 c3707f20 fffffff7 008a1b40 c6bc3000
c015eb8a 
Call Trace:
 [<c02a2ed2>] dev_seq_printf_stats+0x11/0x7b
 [<c02a2f52>] dev_seq_show+0x16/0x19
 [<c018231f>] seq_read+0x171/0x22f
 [<c015e975>] vfs_read+0xb8/0xe4
 [<c015eb8a>] sys_read+0x3c/0x62
 [<c010339f>] syscall_call+0x7/0xb
Code:  Bad EIP value.
 <1>Unable to handle kernel paging request at virtual address d096e0da
 printing eip:
d096e0da
*pde = 0fcd9067
Oops: 0000 [#3]
Modules linked in: iptable_filter ip_tables loop sd_mod floppy
usb_storage scsi_mod snd_pcm_oss snd_mixer_oss nls_utf8 cifs snd_sbawe
snd_opl3_lib snd_sb16_dsp snd_pcm snd_timer smbfs snd_page_alloc
snd_sb16_csp snd_sb_common snd_hwdep snd_mpu401_uart snd_rawmidi
snd_seq_device snd soundcore autofs4 3c59x md5 ipv6 microcode dm_mod
uhci_hcd ext3 jbd
CPU:    0
EIP:    0060:[<d096e0da>]    Not tainted VLI
EFLAGS: 00010282   (2.6.10-1.9_FC2) 
EIP is at 0xd096e0da
eax: c2cab000   ebx: c2cab000   ecx: c03754b4   edx: d096e0da
esi: c9ebb2e0   edi: c2cab000   ebp: 00000400   esp: c530cf48
ds: 007b   es: 007b   ss: 0068
Process ifconfig (pid: 25399, threadinfo=c530c000 task=c6659330)
Stack: c02a2ed2 c03754b4 c9ebb2e0 c02a2f52 c018231f 0000023e 00000000
b7dab000 
       00000004 00000000 00000003 00000000 c03754e0 c1f3b3e0 00000400
c530cfac 
       c015e975 c530cfac b7dab000 c1f3b3e0 fffffff7 00e7ab40 c530c000
c015eb8a 
Call Trace:
 [<c02a2ed2>] dev_seq_printf_stats+0x11/0x7b
 [<c02a2f52>] dev_seq_show+0x16/0x19
 [<c018231f>] seq_read+0x171/0x22f
 [<c015e975>] vfs_read+0xb8/0xe4
 [<c015eb8a>] sys_read+0x3c/0x62
 [<c010339f>] syscall_call+0x7/0xb
Code:  Bad EIP value.
 <1>Unable to handle kernel paging request at virtual address d096e0da
 printing eip:
d096e0da
*pde = 0fcd9067
Oops: 0000 [#4]
Modules linked in: iptable_filter ip_tables loop sd_mod floppy
usb_storage scsi_mod snd_pcm_oss snd_mixer_oss nls_utf8 cifs snd_sbawe
snd_opl3_lib snd_sb16_dsp snd_pcm snd_timer smbfs snd_page_alloc
snd_sb16_csp snd_sb_common snd_hwdep snd_mpu401_uart snd_rawmidi
snd_seq_device snd soundcore autofs4 3c59x md5 ipv6 microcode dm_mod
uhci_hcd ext3 jbd
CPU:    0
EIP:    0060:[<d096e0da>]    Not tainted VLI
EFLAGS: 00010282   (2.6.10-1.9_FC2) 
EIP is at 0xd096e0da
eax: c2cab000   ebx: c2cab000   ecx: c03754b4   edx: d096e0da
esi: c9ebb3e0   edi: c2cab000   ebp: 00000400   esp: c6bc3f48
ds: 007b   es: 007b   ss: 0068
Process ifconfig (pid: 25400, threadinfo=c6bc3000 task=c6659330)
Stack: c02a2ed2 c03754b4 c9ebb3e0 c02a2f52 c018231f 0000023e 00000000
b7dab000 
       00000004 00000000 00000003 00000000 c03754e0 c3707f20 00000400
c6bc3fac 
       c015e975 c6bc3fac b7dab000 c3707f20 fffffff7 00228b40 c6bc3000
c015eb8a 
Call Trace:
 [<c02a2ed2>] dev_seq_printf_stats+0x11/0x7b
 [<c02a2f52>] dev_seq_show+0x16/0x19
 [<c018231f>] seq_read+0x171/0x22f
 [<c015e975>] vfs_read+0xb8/0xe4
 [<c015eb8a>] sys_read+0x3c/0x62
 [<c010339f>] syscall_call+0x7/0xb
Code:  Bad EIP value.
 <1>Unable to handle kernel paging request at virtual address d096e0da
 printing eip:
d096e0da
*pde = 0fcd9067
Oops: 0000 [#5]
Modules linked in: iptable_filter ip_tables loop sd_mod floppy
usb_storage scsi_mod snd_pcm_oss snd_mixer_oss nls_utf8 cifs snd_sbawe
snd_opl3_lib snd_sb16_dsp snd_pcm snd_timer smbfs snd_page_alloc
snd_sb16_csp snd_sb_common snd_hwdep snd_mpu401_uart snd_rawmidi
snd_seq_device snd soundcore autofs4 3c59x md5 ipv6 microcode dm_mod
uhci_hcd ext3 jbd
CPU:    0
EIP:    0060:[<d096e0da>]    Not tainted VLI
EFLAGS: 00010282   (2.6.10-1.9_FC2) 
EIP is at 0xd096e0da
eax: c2cab000   ebx: c2cab000   ecx: c03754b4   edx: d096e0da
esi: c9ebb660   edi: c2cab000   ebp: 00000400   esp: c6bc3f48
ds: 007b   es: 007b   ss: 0068
Process ifconfig (pid: 25401, threadinfo=c6bc3000 task=c6659330)
Stack: c02a2ed2 c03754b4 c9ebb660 c02a2f52 c018231f 0000023e 00000000
b7c78000 
       00000004 00000000 00000003 00000000 c03754e0 c9a67ca0 00000400
c6bc3fac 
       c015e975 c6bc3fac b7c78000 c9a67ca0 fffffff7 b7fc5b40 c6bc3000
c015eb8a 
Call Trace:
 [<c02a2ed2>] dev_seq_printf_stats+0x11/0x7b
 [<c02a2f52>] dev_seq_show+0x16/0x19
 [<c018231f>] seq_read+0x171/0x22f
 [<c015e975>] vfs_read+0xb8/0xe4
 [<c015eb8a>] sys_read+0x3c/0x62
 [<c010339f>] syscall_call+0x7/0xb
Code:  Bad EIP value.
 <1>Unable to handle kernel paging request at virtual address d096e0da
 printing eip:
d096e0da
*pde = 0fcd9067
Oops: 0000 [#6]
Modules linked in: iptable_filter ip_tables loop sd_mod floppy
usb_storage scsi_mod snd_pcm_oss snd_mixer_oss nls_utf8 cifs snd_sbawe
snd_opl3_lib snd_sb16_dsp snd_pcm snd_timer smbfs snd_page_alloc
snd_sb16_csp snd_sb_common snd_hwdep snd_mpu401_uart snd_rawmidi
snd_seq_device snd soundcore autofs4 3c59x md5 ipv6 microcode dm_mod
uhci_hcd ext3 jbd
CPU:    0
EIP:    0060:[<d096e0da>]    Not tainted VLI
EFLAGS: 00010282   (2.6.10-1.9_FC2) 
EIP is at 0xd096e0da
eax: c2cab000   ebx: c2cab000   ecx: c03754b4   edx: d096e0da
esi: c9ebb3e0   edi: c2cab000   ebp: 00000400   esp: cc66bf48
ds: 007b   es: 007b   ss: 0068
Process sadc (pid: 25415, threadinfo=cc66b000 task=c40668b0)
Stack: c02a2ed2 c03754b4 c9ebb3e0 c02a2f52 c018231f 0000023e 00000000
b7fff000 
       00000004 00000000 00000003 00000000 c03754e0 c9a67ca0 00000400
cc66bfac 
       c015e975 cc66bfac b7fff000 c9a67ca0 fffffff7 00c0bb40 cc66b000
c015eb8a 
Call Trace:
 [<c02a2ed2>] dev_seq_printf_stats+0x11/0x7b
 [<c02a2f52>] dev_seq_show+0x16/0x19
 [<c018231f>] seq_read+0x171/0x22f
 [<c015e975>] vfs_read+0xb8/0xe4
 [<c015eb8a>] sys_read+0x3c/0x62
 [<c010339f>] syscall_call+0x7/0xb
Code:  Bad EIP value.
 <1>Unable to handle kernel paging request at virtual address d096e0da
 printing eip:
d096e0da
*pde = 0fcd9067
Oops: 0000 [#7]
Modules linked in: iptable_filter ip_tables loop sd_mod floppy
usb_storage scsi_mod snd_pcm_oss snd_mixer_oss nls_utf8 cifs snd_sbawe
snd_opl3_lib snd_sb16_dsp snd_pcm snd_timer smbfs snd_page_alloc
snd_sb16_csp snd_sb_common snd_hwdep snd_mpu401_uart snd_rawmidi
snd_seq_device snd soundcore autofs4 3c59x md5 ipv6 microcode dm_mod
uhci_hcd ext3 jbd
CPU:    0
EIP:    0060:[<d096e0da>]    Not tainted VLI
EFLAGS: 00010282   (2.6.10-1.9_FC2) 
EIP is at 0xd096e0da
eax: c2cab000   ebx: c2cab000   ecx: c03754b4   edx: d096e0da
esi: c0757860   edi: c2cab000   ebp: 00000400   esp: cf3acf48
ds: 007b   es: 007b   ss: 0068
Process ifconfig (pid: 25418, threadinfo=cf3ac000 task=c3e648f0)
Stack: c02a2ed2 c03754b4 c0757860 c02a2f52 c018231f 0000023e 00000000
b7dab000 
       00000004 00000000 00000003 00000000 c03754e0 c3707f20 00000400
cf3acfac 
       c015e975 cf3acfac b7dab000 c3707f20 fffffff7 002c7b40 cf3ac000
c015eb8a 
Call Trace:
 [<c02a2ed2>] dev_seq_printf_stats+0x11/0x7b
 [<c02a2f52>] dev_seq_show+0x16/0x19
 [<c018231f>] seq_read+0x171/0x22f
 [<c015e975>] vfs_read+0xb8/0xe4
 [<c015eb8a>] sys_read+0x3c/0x62
 [<c010339f>] syscall_call+0x7/0xb
Code:  Bad EIP value.
 <1>Unable to handle kernel paging request at virtual address d096e0da
 printing eip:
d096e0da
*pde = 0fcd9067
Oops: 0000 [#8]
Modules linked in: iptable_filter ip_tables loop sd_mod floppy
usb_storage scsi_mod snd_pcm_oss snd_mixer_oss nls_utf8 cifs snd_sbawe
snd_opl3_lib snd_sb16_dsp snd_pcm snd_timer smbfs snd_page_alloc
snd_sb16_csp snd_sb_common snd_hwdep snd_mpu401_uart snd_rawmidi
snd_seq_device snd soundcore autofs4 3c59x md5 ipv6 microcode dm_mod
uhci_hcd ext3 jbd
CPU:    0
EIP:    0060:[<d096e0da>]    Not tainted VLI
EFLAGS: 00010282   (2.6.10-1.9_FC2) 
EIP is at 0xd096e0da
eax: c2cab000   ebx: c2cab000   ecx: c03754b4   edx: d096e0da
esi: cb450ce0   edi: c2cab000   ebp: 00000400   esp: cf3acf48
ds: 007b   es: 007b   ss: 0068
Process ifconfig (pid: 25422, threadinfo=cf3ac000 task=c7c3e370)
Stack: c02a2ed2 c03754b4 cb450ce0 c02a2f52 c018231f 0000023e 00000000
b7c78000 
       00000004 00000000 00000003 00000000 c03754e0 c6b22840 00000400
cf3acfac 
       c015e975 cf3acfac b7c78000 c6b22840 fffffff7 b7fc5b40 cf3ac000
c015eb8a 
Call Trace:
 [<c02a2ed2>] dev_seq_printf_stats+0x11/0x7b
 [<c02a2f52>] dev_seq_show+0x16/0x19
 [<c018231f>] seq_read+0x171/0x22f
 [<c015e975>] vfs_read+0xb8/0xe4
 [<c015eb8a>] sys_read+0x3c/0x62
 [<c010339f>] syscall_call+0x7/0xb
Code:  Bad EIP value.

I'm running kernel 2.6.10-1.9_FC2...
Comment 3 Dave Jones 2005-04-16 04:58:45 UTC 
Fedora Core 2 has now reached end of life, and no further updates will be
provided by Red Hat.  The Fedora legacy project will be producing further kernel
updates for security problems only.

If this bug has not been fixed in the latest Fedora Core 2 update kernel, please
try to reproduce it under Fedora Core 3, and reopen if necessary, changing the
product version accordingly.

Thank you.
Note You need to log in before you can comment on or make changes to this bug.