LKML Archive on lore.kernel.org
help / color / mirror / Atom feed
From: Andrew Morton <akpm@linux-foundation.org>
To: "Beschorner Daniel" <Daniel.Beschorner@facton.com>
Cc: <linux-kernel@vger.kernel.org>,
	Richard Purdie <rpurdie@rpsys.net>,
	Herbert Xu <herbert@gondor.apana.org.au>
Subject: Re: zlib oops with ipcomp in 2.6.24
Date: Sat, 23 Feb 2008 00:03:28 -0800	[thread overview]
Message-ID: <20080223000328.3a71e858.akpm@linux-foundation.org> (raw)
In-Reply-To: <3C59DB883F7B0B4D8096010D45ACCD134F210D@exch.facton.local>

On Thu, 21 Feb 2008 15:05:29 +0100 "Beschorner Daniel" <Daniel.Beschorner@facton.com> wrote:

> Since 2.6.24 we got reproducible oopses in a special ipsec/ipcomp
> configuration.
> We suspected a distro compiler problem, but a fresh gcc 4.2.3 doesn't
> change anything.

hm, that code really hasn't changed since mid 2006.

> What could I do/help to track the problem down?
> 
> The Oops:
> 
> invalid opcode: 0000 [1] SMP

There's a line missing here.  Which of the BUG statements which you added
has triggered?


> CPU 0
> Modules linked in:
> Pid: 3713, comm: httpd Not tainted 2.6.24 #9
> RIP: 0010:[<ffffffff8031ba08>]  [<ffffffff8031ba08>]
> deflate_slow+0x158/0x470
> RSP: 0018:ffff81007deedab8  EFLAGS: 00010292
> RAX: 0000000000000021 RBX: ffffc200000b9000 RCX: ffffffff80573d68
> RDX: ffffffff80573d68 RSI: 0000000000000086 RDI: ffffffff80573d60
> RBP: 00000000ffffffff R08: 0000000955231a67 R09: ffff81007f8e3878
> R10: ffff810002c0f680 R11: 0000000000000001 R12: 0000000000000596
> R13: 0000000000000000 R14: 0000000000000005 R15: ffffc20000097000
> FS:  00002ae22211a190(0000) GS:ffffffff805a8000(0000)
> knlGS:0000000000000000
> CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> CR2: 00005555555c7c5d CR3: 000000007dd1d000 CR4: 00000000000006e0
> DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
> DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
> Process httpd (pid: 3713, threadinfo ffff81007deec000, task
> ffff81007f88c7e0)
> Stack:  ffff81007cf32200 0000000000000005 ffffc200000b9000
> ffff81007ef52800
>  0000000000000000 ffffffff8031c2cd 0000000000000000 ffff81007cf32200
>  ffff81007cf321c0 ffff81007ef5288c 0000000000000596 ffffffff802ff351
> Call Trace:
>  [<ffffffff8031c2cd>] zlib_deflate+0x10d/0x330
>  [<ffffffff802ff351>] deflate_compress+0x91/0xb0
>  [<ffffffff80477228>] ipcomp_output+0x98/0x1e0
>  [<ffffffff80489f66>] xfrm_output+0x116/0x1e0
>  [<ffffffff80482e34>] xfrm4_output_finish2+0x44/0x1e0
>  [<ffffffff804830e5>] xfrm4_output+0x55/0x60
>  [<ffffffff804459f9>] ip_queue_xmit+0x209/0x450
>  [<ffffffff802a1545>] generic_file_splice_read+0x495/0x4e0
>  [<ffffffff80456e3f>] tcp_transmit_skb+0x40f/0x7c0
>  [<ffffffff80458b67>] __tcp_push_pending_frames+0x167/0x940
>  [<ffffffff80459912>] tcp_push_one+0xb2/0x100
>  [<ffffffff8044c3b8>] tcp_sendpage+0x718/0x740
>  [<ffffffff802a0229>] pipe_to_sendpage+0x59/0x80
>  [<ffffffff802a0924>] __splice_from_pipe+0x54/0x240
>  [<ffffffff802a01d0>] pipe_to_sendpage+0x0/0x80
>  [<ffffffff802a01d0>] pipe_to_sendpage+0x0/0x80
>  [<ffffffff802a0c84>] splice_from_pipe+0x64/0x90
>  [<ffffffff802a03eb>] direct_splice_actor+0x1b/0x20
>  [<ffffffff802a0628>] splice_direct_to_actor+0xb8/0x190
>  [<ffffffff802a03d0>] direct_splice_actor+0x0/0x20
>  [<ffffffff802a0730>] do_splice_direct+0x30/0x40
>  [<ffffffff8027fdec>] do_sendfile+0x17c/0x230
>  [<ffffffff8027ff2e>] sys_sendfile64+0x8e/0xb0
>  [<ffffffff8020bb3e>] system_call+0x7e/0x83
> 
> 
> Code: 0f 0b eb fe 0f 1f 40 00 48 8b 03 48 89 df 44 8b 60 08 e8 51
> RIP  [<ffffffff8031ba08>] deflate_slow+0x158/0x470
>  RSP <ffff81007deedab8>
> ---[ end trace b78f0624c782f205 ]---
> 
> 
> The output with the patch below (a zlib patch Herbert Xu sent me to find
> the problem) right before the oops:
> 
> lookahead = -1 strstart = 141
> ------------[ cut here ]------------
> kernel BUG at lib/zlib_deflate/deflate.c:1255!
> 
> 
> diff --git a/lib/zlib_deflate/deflate.c b/lib/zlib_deflate/deflate.c
> index c3e4a2b..0dfef7f 100644
> --- a/lib/zlib_deflate/deflate.c
> +++ b/lib/zlib_deflate/deflate.c
> @@ -1138,6 +1138,8 @@ static block_state deflate_slow(
>      IPos hash_head = NIL;    /* head of hash chain */
>      int bflush;              /* set if current block must be flushed */
> 
> +    BUG_ON((int)s->lookahead < 0);
> +
>      /* Process the input block. */
>      for (;;) {
>          /* Make sure that we always have enough lookahead, except
> @@ -1146,7 +1148,14 @@ static block_state deflate_slow(
>           * string following the next match.
>           */
>          if (s->lookahead < MIN_LOOKAHEAD) {
> +           int avail = s->strm->avail_in;
> +           int oldlook = s->lookahead;
> +
>              fill_window(s);
> +           if (unlikely((int)s->lookahead < 0)) {
> +               printk("availin = %d, lookahead = %d new = %d\n", avail,
> oldlook, s->lookahead);
> +               BUG();
> +           }
>              if (s->lookahead < MIN_LOOKAHEAD && flush == Z_NO_FLUSH) {
>                 return need_more;
>             }
> @@ -1216,6 +1225,10 @@ static block_state deflate_slow(
> 
>              if (bflush) FLUSH_BLOCK(s, 0);
> 
> +           if (unlikely((int)s->lookahead < 0)) {
> +               printk("prev_length = %d, availin = %d, lookahead =
> %d\n", s->prev_length, s->strm->avail_in, s->lookahead);
> +               BUG();
> +           }
>          } else if (s->match_available) {
>              /* If there was no match at the previous position, output a
>               * single literal. If there was a match but the current
> match
> @@ -1236,6 +1249,11 @@ static block_state deflate_slow(
>              s->strstart++;
>              s->lookahead--;
>          }
> +
> +       if (unlikely((int)s->lookahead < 0)) {
> +           printk("lookahead = %d strstart = %d\n", s->lookahead,
> s->strstart);
> +           BUG();
> +       }
>      }
>      Assert (flush != Z_NO_FLUSH, "no flush?");
>      if (s->match_available) {
> 



  reply	other threads:[~2008-02-23  8:08 UTC|newest]

Thread overview: 8+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2008-02-21 14:05 Beschorner Daniel
2008-02-23  8:03 ` Andrew Morton [this message]
2008-02-23 13:22   ` Beschorner Daniel
2008-02-28 17:50     ` Herbert Xu
2008-02-28 18:47       ` Beschorner Daniel
2008-02-28 19:23       ` David Miller
2008-02-28 19:30         ` Herbert Xu
2008-02-28 19:32           ` David Miller

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20080223000328.3a71e858.akpm@linux-foundation.org \
    --to=akpm@linux-foundation.org \
    --cc=Daniel.Beschorner@facton.com \
    --cc=herbert@gondor.apana.org.au \
    --cc=linux-kernel@vger.kernel.org \
    --cc=rpurdie@rpsys.net \
    --subject='Re: zlib oops with ipcomp in 2.6.24' \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).