Modify

Opened 11 years ago

Closed 11 years ago

Last modified 4 years ago

#2005 closed defect (fixed)

"insmod imq" causes kernel Oops on WGT634U, r7815

Reported by: anonymous Owned by: developers
Priority: normal Milestone: Barrier Breaker 14.07
Component: kernel Version:
Keywords: Cc:

Description

When imq.ko is loaded, a kernel oops occurs:


busyroot@OpenWrt:/$ insmod imq.ko
IMQ starting with 2 devices...
CPU 0 Unable to handle kernel paging request at virtual address 00000004, epc == 8017913c, ra == 80179130
Oops[#1]:
Cpu 0
$ 0   : 00000000 1000b800 00000000 00000000
$ 4   : 80236290 00000000 8027ea50 00000000
$ 8   : 1dcd6500 80230000 80270000 80270000
$12   : 80270000 802d3d29 8026fd04 00000000
$16   : c03156d8 80230000 00000000 c0467fb4
$20   : c0468324 c0467000 c031572c 800711cc
$24   : 00000000 801fc564                  
$28   : 802d2000 802d3e48 00000039 80179130
Hi    : 0000001f
Lo    : 5c28f5de
epc   : 8017913c     Tainted: P      
ra    : 80179130 Status: 1000b803    KERNEL EXL IE 
Cause : 0000000c
BadVA : 00000004
PrId  : 00029007
Modules linked in: imq ipt_IMQ ipt_ipp2p xt_NOTRACK iptable_raw xt_portscan xt_DELUDE xt_CHAOS xt_string ipt_recent ipt_owner ipt_LOG xt_helper xt_CONNMARK xt_connmark ip6t_owner ip6t_eui64 ip6t_ah ip6t_ROUTE ip6t_REJECT ip6t_LOG ip6t_IMQ ip6table_raw ip6table_mangle ip6table_filter ip6_tables ip6_queue ebt_vlan ebt_ulog ebt_stp ebt_snat ebt_redirect ebt_pkttype ebt_mark_m ebt_mark ebt_log ebt_limit ebt_ip ebt_dnat ebt_arpreply ebt_arp ebt_among ebt_802_3 ebtable_nat ebtable_filter ebtable_broute ebtables tun snd_pcm_oss snd_mixer_oss snd_pcm snd_timer snd_rawmidi snd_hwdep snd_page_alloc snd soundcore ppp_async ppp_generic slhc crc_ccitt nbd loop vfat fat udf nfsd exportfs nfs lockd sunrpc isofs ext3 jbd ext2 nls_utf8 nls_iso8859_15 nls_iso8859_1 nls_cp850 usbcore nls_base ipv6 switch_robo switch_core diag
Process insmod (pid: 2443, threadinfo=802d2000, task=812653f8)
Stack : 81cfb200 8006654c 00000001 c0467000 fffffff0 801791b8 c0332300 c033229c
        00000001 00000002 80230000 00000000 80230000 80230000 c0315720 c0467fb4
        8004760c 80047528 00100077 00000100 81d52560 81d52560 00000000 81d52560
        00000000 00000000 00000015 c0468324 00000039 00000000 c04681e4 8130b500
        c04686dc 00000016 0000000a 00000000 00000000 00000000 00000000 00000000
        ...
Call Trace:[<8006654c>][<801791b8>][<c0332300>][<c033229c>][<8004760c>][<80047528>][<8000bc40>]

Code: 8e030004  8e020000  26246290 <ac430004> ac620000  3c020020  34420200  0c07d05a  ae020004 
Segmentation fault
root@OpenWrt:/$


After that, "imq" appears in "lsmod" but can neither be removed nor "insmodded" again.
Build is r7815 from tonight, on WGT634U

Attachments (1)

imq-fix.patch (329 bytes) - added by hunszing@… 11 years ago.
Fix possible typo in imq.c

Download all attachments as: .zip

Change History (7)

comment:1 Changed 11 years ago by anonymous

Oops - I'm sorry :-(
It seems as if I had a bug in my svn update scripts - So it seems as if I accidentally was still using r7676 instead of r7815 :-(

Sorry, if this might have caused confusion, I fixed them now and I'm currently building a new firmware with the really most recent version as of now (r7861).

I will report again, if the problem still persists (Yes, I realized that something has been fixed indeed since r7815 and most likely even r7676, concerning imq and l7)...

comment:2 Changed 11 years ago by nbd

  • Resolution set to fixed
  • Status changed from new to closed

fixed in [7847]

comment:3 Changed 11 years ago by anonymous

  • Resolution fixed deleted
  • Status changed from closed to reopened

Sorry, the same Oops still happens in r7868...:

Starting program at 0x80001000                                                                                                                    
Linux version 2.6.22-rc6 (wrt@iolaus) (gcc version 4.1.2) #6 Wed Jul 4 21:50:46 CEST 2007                                                         
CPU revision is: 00029007                                                                                                                         
ssb: Core 0 found: ChipCommon (cc 0x800, rev 0x05, vendor 0x4243)                                                                                 
ssb: Core 1 found: Fast Ethernet (cc 0x806, rev 0x06, vendor 0x4243)                                                                              
ssb: Core 2 found: IPSEC (cc 0x80B, rev 0x01, vendor 0x4243)                                                                                      
ssb: Core 3 found: USB 1.1 Hostdev (cc 0x808, rev 0x02, vendor 0x4243)                                                                            
ssb: Core 4 found: PCI (cc 0x804, rev 0x08, vendor 0x4243)                                                                                        
ssb: Core 5 found: MIPS 3302 (cc 0x816, rev 0x01, vendor 0x4243)                                                                                  
ssb: Core 6 found: MEMC SDRAM (cc 0x80F, rev 0x00, vendor 0x4243)                                                                                 
ssb: Initializing MIPS core...                                                                                                                    
ssb: set_irq: core 0x0806, irq 2 => 2                                                                                                             
ssb: set_irq: core 0x0804, irq 0 => 3                                                                                                             
early_nvram_init: WGT634U NVRAM found.                                                                                                            
ssb: Sonics Silicon Backplane found at address 0x18000000                                                                                         
Determined physical RAM map:                                                                                                                      
 memory: 02000000 @ 00000000 (usable)                                                                                                             
Initrd not found or empty - disabling initrd                                                                                                      
Built 1 zonelists.  Total pages: 8128                                                                                                             
Kernel command line: root=/dev/mtdblock2 rootfstype=squashfs,jffs2 init=/etc/preinit noinitrd console=ttyS0,115200                                
Primary instruction cache 8kB, physically tagged, 2-way, linesize 16 bytes.                                                                       
Primary data cache 4kB, 2-way, linesize 16 bytes.                                                                                                 
Synthesized TLB refill handler (20 instructions).                                                                                                 
Synthesized TLB load handler fastpath (31 instructions).                                                                                          
Synthesized TLB store handler fastpath (31 instructions).                                                                                         
Synthesized TLB modify handler fastpath (30 instructions).                                                                                        
PID hash table entries: 128 (order: 7, 512 bytes)                                                                                                 
Using 100.000 MHz high precision timer.                                                                                                           
Dentry cache hash table entries: 4096 (order: 2, 16384 bytes)                                                                                     
Inode-cache hash table entries: 2048 (order: 1, 8192 bytes)                                                                                       
Memory: 29872k/32768k available (2031k kernel code, 2896k reserved, 296k data, 120k init, 0k highmem)                                             
Mount-cache hash table entries: 512                                                                                                               
NET: Registered protocol family 16                                                                                                                
ssb: PCIcore in host mode found                                                                                                                   
registering PCI controller with io_map_base unset                                                                                                 
PCI: fixing up bridge                                                                                                                             
PCI: Fixing up device 0000:00:00.0                                                                                                                
Time: MIPS clocksource has been installed.                                                                                                        
NET: Registered protocol family 2                                                                                                                 
IP route cache hash table entries: 1024 (order: 0, 4096 bytes)                                                                                    
TCP established hash table entries: 1024 (order: 1, 8192 bytes)                                                                                   
TCP bind hash table entries: 1024 (order: 0, 4096 bytes)                                                                                          
TCP: Hash tables configured (established 1024 bind 1024)                                                                                          
TCP reno registered                                                                                                                               
squashfs: version 3.0 (2006/03/15) Phillip Lougher                                                                                                
Registering mini_fo version $Id$                                                                                                                  
JFFS2 version 2.2. (NAND) þþ 2001-2006 Red Hat, Inc.                                                                                              
io scheduler noop registered                                                                                                                      
io scheduler deadline registered (default)                                                                                                        
Serial: 8250/16550 driver $Revision: 1.90 $ 2 ports, IRQ sharing enabled                                                                          
serial8250: ttyS0 at MMIO 0x0 (irq = 3) is a 16550A                                                                                               
serial8250: ttyS1 at MMIO 0x0 (irq = 3) is a 16550A                                                                                               
b44.c:v1.01 (Jun 16, 2006)                                                                                                                        
eth0: Broadcom 10/100BaseT Ethernet 00:0f:b5:97:2f:5f                                                                                             
flash init: 0x1c000000 0x02000000                                                                                                                 
Physically mapped flash: Found 1 x16 devices at 0x0 in 16-bit bank                                                                                
 Intel/Sharp Extended Query Table at 0x0031                                                                                                       
Using buffer write method                                                                                                                         
cfi_cmdset_0001: Erase suspend on write enabled                                                                                                   
Flash device: 0x800000 at 0x1fc00000                                                                                                              
bootloader size: 655360                                                                                                                           
Creating 4 MTD partitions on "Physically mapped flash":                                                                                           
0x00000000-0x000a0000 : "cfe"                                                                                                                     
0x000a0000-0x007e0000 : "linux"                                                                                                                   
0x00158000-0x007e0000 : "rootfs"                                                                                                                  
mtd: partition "rootfs" doesn't start on an erase block boundary -- force read-only                                                               
0x00600000-0x007e0000 : "rootfs_data"                                                                                                             
0x007e0000-0x00800000 : "nvram"                                                                                                                   
nf_conntrack version 0.5.0 (256 buckets, 2048 max)                                                                                                
ip_tables: (C) 2000-2006 Netfilter Core Team                                                                                                      
TCP vegas registered                                                                                                                              
NET: Registered protocol family 1                                                                                                                 
NET: Registered protocol family 17                                                                                                                
802.1Q VLAN Support v1.8 Ben Greear <greearb@candelatech.com>                                                                                     
All bugs added by David S. Miller <davem@redhat.com>                                                                                              
VFS: Mounted root (squashfs filesystem) readonly.                                                                                                 
Freeing unused kernel memory: 120k freed                                                                                                          
Warning: unable to open an initial console.                                                                                                       
Algorithmics/MIPS FPU Emulator v1.5                                                                                                               
- preinit -                                                                                                                                       
diag: Detected 'Netgear WGT634U'                                                                                                                  
b44: eth0: Link is up at 100 Mbps, full duplex.                                                                                                   
b44: eth0: Flow control is off for TX and off for RX.                                                                                             
Probing device eth0: found!                                                                                                                       
switching to jffs2                                                                                                                                
mini_fo: using base directory: /                                                                                                                  
mini_fo: using storage directory: /jffs                                                                                                           
- init -                                                                                                                                          
init started:  BusyBox v1.4.2 (2007-07-04 19:44:50 CEST) multi-call binary                                                                        
                                                                                                                                                  
Please press Enter to activate this console. b44: eth0: Link is up at 100 Mbps, full duplex.                                                      
b44: eth0: Flow control is off for TX and off for RX.                                                                                             
NET: Registered protocol family 10                                                                                                                
: Interface 'loopback' not found or disabled.                                                                                                     
                                                                                                                                                  
BFL_ENETADM not set in boardflags. Use force=1 to ignore.                                                                                         
usbcore: registered new interface driver usbfs                                                                                                    
usbcore: registered new interface driver hub                                                                                                      
usbcore: registered new device driver usb                                                                                                         
Installing knfsd (copyright (C) 1996 okir@monad.swb.de).                                                                                          
loop: module loaded                                                                                                                               
nbd: registered device at major 43                                                                                                                
PPP generic driver version 2.4.2                                                                                                                  
tun: Universal TUN/TAP device driver, 1.6                                                                                                         
tun: (C) 1999-2004 Max Krasnyansky <maxk@qualcomm.com>                                                                                            
Ebtables v2.0 registered                                                                                                                          
ebt_ulog: not logging via ulog since somebody else already registered for PF_BRIDGE                                                               
ip6_tables: (C) 2000-2006 Netfilter Core Team                                                                                                     
xt_CHAOS: Warning: Could not find or load "TARPIT" target                                                                                         
xt_CHAOS: Warning: Could not find or load "DELUDE" target                                                                                         
IPP2P v0.8.1_rc1 loading                                                                                                                          
IMQ starting with 2 devices...                                                                                                                    
CPU 0 Unable to handle kernel paging request at virtual address 00000004, epc == 8017d5e4, ra == 8017d5d8                                         
Oops[#1]:                                                                                                                                         
Cpu 0                                                                                                                                             
$ 0   : 00000000 10009800 00000000 00000000                                                                                                       
$ 4   : 80241710 00000000 80288350 00000000                                                                                                       
$ 8   : 1dcd6500 80240000 80280000 80280000                                                                                                       
$12   : 80280000 8145fd29 80278d04 00000000                                                                                                       
$16   : c02bb6d8 80240000 00000000 c02c5fb4                                                                                                       
$20   : c02c6324 c02c5000 c02bb72c 800717fc                                                                                                       
$24   : 00000000 80203c24                                                                                                                         
$28   : 8145e000 8145fe48 00000039 8017d5d8                                                                                                       
Hi    : 000000a0                                                                                                                                  
Lo    : 0000008c                                                                                                                                  
epc   : 8017d5e4     Not tainted                                                                                                                  
ra    : 8017d5d8 Status: 10009803    KERNEL EXL IE                                                                                                
Cause : 0000000c                                                                                                                                  
BadVA : 00000004                                                                                                                                  
PrId  : 00029007                                                                                                                                  
Modules linked in: imq ipt_IMQ ipt_layer7 ipt_ipp2p xt_NOTRACK iptable_raw xt_portscan xt_DELUDE xt_CHAOS xt_string ipt_recent xt_pkttype ipt_owng
Process insmod (pid: 484, threadinfo=8145e000, task=81c8b400)                                                                                     
Stack : 814a9480 80066db4 00000001 c02c5000 fffffff0 8017d660 c02bf300 c02bf29c                                                                   
        c02c6324 00000002 80240000 00000000 80240000 80240000 c02bb720 c02c5fb4                                                                   
        80047c08 80047b24 00100077 00000100 81da1940 81da1940 00000000 81da1940                                                                   
        00000000 00000000 00000015 c02c6324 00000039 00000000 c02c61e4 814a9980                                                                   
        c02c66dc 00000016 0000000a 00000000 00000000 00000000 00000000 00000000                                                                   
        ...                                                                                                                                       
Call Trace:[<80066db4>][<8017d660>][<c02bf300>][<c02bf29c>][<80047c08>][<80047b24>][<8000bc80>]                                                   
                                                                                                                                                  
Code: 8e030004  8e020000  26241710 <ac430004> ac620000  3c020020  34420200  0c07ead3  ae020004                                                    
ipt_time loading
[...]

2005BusyBox v1.4.2 (2007-07-04 19:44:50 CEST) Built-in shell (ash)                                                                                    
Enter 'help' for a list of built-in commands.                                                                                                     
                                                                                                                                                  
  _______                     ________        __                                                                                                  
 |       |.-----.-----.-----.|  |  |  |.----.|  |_                                                                                                
 |   -   ||  _  |  -__|     ||  |  |  ||   _||   _|                                                                                               
 |_______||   __|_____|__|__||________||__|  |____|                                                                                               
          |__| W I R E L E S S   F R E E D O M                                                                                                    
 KAMIKAZE (bleeding edge, r7868) -------------------                                                                                              
  * 10 oz Vodka       Shake well with ice and strain                                                                                              
  * 10 oz Triple sec  mixture into 10 shot glasses.                                                                                               
  * 10 oz lime juice  Salute!                                                                                                                     
 ---------------------------------------------------                                                                                              
root@OpenWrt:/$


comment:4 Changed 11 years ago by hunszing@…

Ok, I think I tracked this bug :-)

There seems to be a typo in imq.c, imq_init_hooks() where nf_unregister_hook() is called with the parameter "&imq_egress_ipv6" instead of "&imq_egress_ipv4". After this change, the oops is gone and everything looks fine... (I'll try to attach a patch):

--- imq-2.6.21/imq.c    2007-07-10 21:41:12.000000000 +0200
+++ imq-2.6.21-fix/imq.c        2007-07-10 21:41:25.000000000 +0200
@@ -261,7 +261,7 @@
 err5:
        nf_unregister_queue_handler(PF_INET6);
 err4:
-       nf_unregister_hook(&imq_egress_ipv6);
+       nf_unregister_hook(&imq_egress_ipv4);
 #endif
 err3:
        nf_unregister_hook(&imq_ingress_ipv4);

Changed 11 years ago by hunszing@…

Fix possible typo in imq.c

comment:5 Changed 11 years ago by nbd

  • Resolution set to fixed
  • Status changed from reopened to closed

Yep. that fix looks correct to me. Thanks for tracking it down.
Applied in [7908]

comment:6 Changed 4 years ago by jow

  • Milestone changed from Attitude Adjustment 12.09 to Barrier Breaker 14.07

Milestone Attitude Adjustment 12.09 deleted

Add Comment

Modify Ticket

Action
as closed .
The resolution will be deleted. Next status will be 'reopened'.
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.