Bug 196264 - Kernel crash during ifdown/ifup test
Kernel crash during ifdown/ifup test
Status: CLOSED CANTFIX
Product: Red Hat Enterprise Linux 3
Classification: Red Hat
Component: kernel (Show other bugs)
3.0
All Linux
medium Severity high
: ---
: ---
Assigned To: Red Hat Kernel Manager
Brian Brock
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2006-06-22 05:59 EDT by Garik E
Modified: 2007-11-30 17:07 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-09-13 08:52:02 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Reproduction and patch (5.43 KB, application/octet-stream)
2006-06-22 05:59 EDT, Garik E
no flags Details

  None (edit)
Description Garik E 2006-06-22 05:59:40 EDT
Description of problem:
Linux kernel crashes/freezes during continues ifdown/ifup test on interface
added to a multicast group 

Version-Release number of selected component (if applicable):
from 2.4.21-37.EL up to 2.4.21-44.EL both UP and SMP

How reproducible:
always 
after 1-10 sec from the beginning of the test

Steps to Reproduce:
1. unpack attached crashfiles.tar.bz2 
2. run `sh ifflip'
  
Actual results:
------------[ cut here ]------------
kernel BUG at timer.c:453!
invalid operand: 0000
nfs lockd sunrpc audit usbserial parport_pc lp parport autofs4 tg3 floppy sg
microcode keybdev mousedev input hid ehci-hcd usb-uhci usbcore ext3 jbd mptscsih
mptbase diskdumplib sd_mod scsi_mod  
CPU:    1
EIP:    0060:[<c0134925>]    Not tainted
EFLAGS: 00010007

EIP is at cascade [kernel] 0x85 (2.4.21-37.EL.smp.kdb/i686)
eax: 00000000   ebx: c37312d0   ecx: 00007e00   edx: c37312d0
esi: c03a4cfc   edi: c03a4300   ebp: 0000003e   esp: f7dabf04
ds: 0068   es: 0068   ss: 0068
Process mccrashdev (pid: 1940, stackpage=f7dab000)
Stack: c03a4300 f6c8ffc4 00000000 00000001 c03a4300 f7dabf2c c0135bb5 c03a4300 
       c03a4b0c 0000003e f7dabf2c f7dabf2c c0135017 c03a4300 00000001 00000080 
       0000000a c0135862 c03a4300 f7daa000 00000000 00000000 c0130455 c04a2700 
Call Trace:   [<c0135bb5>] __run_timers [kernel] 0x125 (0xf7dabf1c)
[<c0135017>] update_process_time_intertick [kernel] 0x117 (0xf7dabf34)
[<c0135862>] timer_bh [kernel] 0x62 (0xf7dabf48)
[<c0130455>] bh_action [kernel] 0x55 (0xf7dabf5c)
[<c01302f7>] tasklet_hi_action [kernel] 0x67 (0xf7dabf64)
[<c0130085>] do_softirq [kernel] 0x105 (0xf7dabf78)
[<c010e078>] do_IRQ [kernel] 0x148 (0xf7dabf98)
[<c010df30>] do_IRQ [kernel] 0x0 (0xf7dabfbc)

Code: 0f 0b c5 01 47 44 2d c0 eb aa 90 83 ec 04 81 3d 08 32 3a c0


Entering kdb (current=0xf7daa000, pid 1940) on processor 1 Oops: invalid operand
due to oops @ 0xc0134925
eax = 0x00000000 ebx = 0xc37312d0 ecx = 0x00007e00 edx = 0xc37312d0 
esi = 0xc03a4cfc edi = 0xc03a4300 esp = 0xf7dabf04 eip = 0xc0134925 
ebp = 0x0000003e xss = 0xc02b0068 xcs = 0x00000060 eflags = 0x00010007 
xds = 0xc4e80068 xes = 0x00000068 origeax = 0xffffffff &regs = 0xf7dabed0

Expected results:


Additional info:
1 The crash was reproduced on the following machines:
    HP ML350
    DELL 750

2 On most reproductions the ebx register points to the mr_ifc_timer with the
following contents:
[1]kdb> mds %ebx
0xc37312d0 00000000   ....
0xc37312d4 00000000   ....
0xc37312d8 00007f52   ...R
0xc37312dc c3731280   Ö³s..
0xc37312e0 c02815b0 igmp_ifc_timer_expire
                       kernel .text 0xc0100000 0xc02815b0 0xc02815f0  
0xc37312e4 00000000   ....
0xc37312e8 00000000   ....
0xc37312ec 00000000 

from the data member on the timer I traced dump of netdevice:
0xc35d7000 30687465 00000000 00000000 00000000   0hte............
0xc35d7010 00000000 00000000 00000000 00000000   ................
0xc35d7020 00000000 00000011 00000000 00000015   ................
0xc35d7030 00000000 00000000 00000000 00000003   ................
0xc35d7040 00000003 f89ce220 00000000 00000000   ....ר.ג ........
0xc35d7050 f89d6920 000046e1 00003f9e *00001002*   ר.i ..Fב..?.....
0xc35d7060 00000000 000005dc 000e0001 c35d71c0   ...........ֳ]qְ
0xc35d7070 00000000 ffffffff 0000ffff 00000000   ..........
0xc35d7080 00000000 00000000 00000000 00000000   ................
0xc35d7090 00000000 20211300 0000d528 00000000   .... !....×±(....

note, that IFF_UP flag is down:  dev->flags = 0x00001002
Comment 1 Garik E 2006-06-22 05:59:40 EDT
Created attachment 131337 [details]
Reproduction and patch
Comment 2 Ernie Petrides 2006-06-22 13:27:50 EDT
RHEL3 is now closed.
Comment 3 Garik E 2006-06-22 15:05:34 EDT
Will there be no more Linux kernel updates for the RHEL-3 ? 
Comment 4 Ernie Petrides 2006-06-22 16:54:21 EDT
It probably would be better for you to discuss this with Customer Support.
Comment 5 Garik E 2006-06-22 22:58:00 EDT
Can you verify that the binary I’ve attached crashes Linux kernel ?
Comment 6 Prarit Bhargava 2007-09-13 08:52:02 EDT
Closing re: Comment #2.

P.

Note You need to log in before you can comment on or make changes to this bug.