Re: BUG: unable to handle kernel NULL pointer dereference inipv6_select_ident

[Eric Dumazet]

Le mercredi 21 dÃcembre 2011 Ã 17:03 +0000, Chris Boot a Ãcrit :
> On 21/12/2011 16:29, Eric Dumazet wrote:
> > Le mercredi 21 dÃcembre 2011 Ã 15:52 +0000, Chris Boot a Ãcrit :
> >> Hi folks,
> >>
> >> I'm working on getting a 2-node VM cluster up and running, with DRBD and
> >> Corosync/Pacemaker, running KVM VMs.
> >>
> >> I can trigger a kernel panic in either _host_ system when running an
> >> rsync on a _guest_ VM. The rsync is simply SSH over IPv6 from a remote
> >> mail store (containing maildirs) to a local filesystem. I'm basically
> >> working on migrating a physical IMAP server to one inside a VM.
> >>
> >> After a few seconds of fairly heavy IPv6 traffic, I get the panic below.
> >> You'll notice the panic refers to vhost_net, but I tried without that
> >> and the kernel panics at exactly the same call point.
> >>
> >> Panic:
> >>
> >> [snip]
> >>
> >> Any insight will be gratefully received.
> >>
> >> Thanks,
> >> Chris
> >>
> > Is it a debian kernel ?
> >
> > You need : https://lkml.org/lkml/2011/10/11/291
> 
> Eric,
> 
> Aha, that sounds like exactly the culprit, thanks. However I can't find 
> any reference to it in the 3.1 to 3.1.5 changelogs. Is it fixed in any 
> of those kernels or would I have to attempt to forward-port the fix myself?

Good point, thats a different problem then, since 3.1 is not supposed to
have this bug.

It seems rt->rt6i_peer points to invalid memory in your crash.

(RBX=00000000000001f4)

8b 83 a4 00 00 00       mov    0xa4(%rbx),%eax    p->refcnt
1f4+a4 -> CR2=0000000000000298



--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/