Unable to handle kernel NULL pointer dereference at virtual address 000000c8 pgd = ec990000 [000000c8] *pgd=00000000 Internal error: Oops: 5 [#1] PREEMPT SMP ARM CPU: 1 Tainted: G W (3.4.0-liberty) PC is at __ip_route_output_key+0x49c/0x798 LR is at inet_select_addr+0xf8/0x104 pc : <c0709654> lr : <c0735fc4> psr: 20030013 sp : eca97c28 ip : 00000001 fp : 012ba8c0 r10: 00000000 r9 : 00000000 r8 : c11dcd00 r7 : 00000000 r6 : 00000000 r5 : 00000000 r4 : eca97cd4 r3 : ebe22100 r2 : ec0c0000 r1 : c11dccd8 r0 : 00000000 Flags: nzCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment user Control: 10c5787d Table: ad39006a DAC: 00000015 .. Faulting Process ping (pid: 6719, stack limit = 0xeca962f0) ... Call Stack Kernel Panic in this func __ip_route_output_key() ====>ip_route_output_flow() ===>ping_v4_sendmsg() ===>inet_sendmsg() ===>sock_sendmsg() ===>__sys_sendmsg() ===>sys_sendmsg() kernel/net/ipv4/route.c *********************** dev_out = FIB_RES_DEV(res); fl4->flowi4_oif = dev_out->ifindex; *********************** dev_out looks like NULL. When dev_out is accessed it is resulting in NULL Ptr Def and finally Kernel Panic. Any experts who can fix this issue. It is very rarely reproduced on ARM 32-bit ARCH.
3.14 will be release soon can you try it even if bug is rare?
Not possible to test 3.14 on android device. We have just moved to 3.4 I compared the code with 3.14, not much difference. I will further debug this issue and add my comments.
Please try to reproduce this bug with latest kernel image.