Hi,
We've found a rather silly bug in net/ipv6/tcp_ipv6.c in linux-2.4.x
that causes kernel panic (reporeted by Hiroyuki YAMAMORI
<h-yamamo@xxxxxxxxxxxxxxxx>) like this (this ksymopps log was
created by <mk@xxxxxxxxxxxxxx>):
***** cut here *****
ksymoops 2.3.4 on i686 2.4.0-bSTABLE200102. Options used
-v /usr/src/linux24-bSTABLE200102/vmlinux (specified)
-K (specified)
-L (specified)
-O (specified)
-m /usr/src/linux24-bSTABLE200102/System.map (specified)
Deactivating swap... done.
invalid operand: 0000
CPU: 0
EIP: 0010:[<c0110054>]
Using defaults from ksymoops -t elf32-i386 -a i386
EFLAGS: 00000282
eax: 0000001b ebx: c1eb2000 ecx: c2aba000 edx: 00000001
esi: c2577554 edi: 7fffffff ebp: c1eb3e7c esp: c1eb3e58
ds: 0018 es: 0018 ss: 0018
Process ftpd (pid: 271, stackpage=c1eb3000)
Stack: c01c9f35 c01ca096 000002b0 7fffffff c2577554 7fffffff 00000000 c2577520
c2bfb280 c1eb3ea0 c010fc5f c2577520 c2577554 c2577600 c2577650 c1eb3f14
00000286 c2577520 c2313ae4 c019fc18 c2577520 ffffff8d 7fffffff 00000000
Call Trace: [<c010fc5f>] [<c019fc18>] [<c019fdb7>] [<c017881e>] [<c011dbf2>]
[<c011dbfb>] [<c011ce22>]
[<c010d125>] [<c0179144>] [<c0108e0f>]
Code: 0f 0b 8d 65 e8 5b 5e 5f 89 ec 5d c3 55 89 e5 83 ec 18 57 56
>>EIP; c0110054 <schedule+368/374> <=====
Trace; c010fc5f <schedule_timeout+17/94>
Trace; c019fc18 <inet_wait_for_connect+b0/124>
Trace; c019fdb7 <inet_stream_connect+12b/1f0>
Trace; c017881e <sys_connect+5e/7c>
Trace; c011dbf2 <insert_vm_struct+1a/29>
Trace; c011dbfb <insert_vm_struct+23/29>
Trace; c011ce22 <do_mmap_pgoff+322/3e0>
Trace; c010d125 <old_mmap+c9/f8>
Trace; c0179144 <sys_socketcall+98/210>
Trace; c0108e0f <system_call+33/38>
Code; c0110054 <schedule+368/374>
00000000 <_EIP>:
Code; c0110054 <schedule+368/374> <=====
0: 0f 0b ud2a <=====
Code; c0110056 <schedule+36a/374>
2: 8d 65 e8 lea 0xffffffe8(%ebp),%esp
Code; c0110059 <schedule+36d/374>
5: 5b pop %ebx
Code; c011005a <schedule+36e/374>
6: 5e pop %esi
Code; c011005b <schedule+36f/374>
7: 5f pop %edi
Code; c011005c <schedule+370/374>
8: 89 ec mov %ebp,%esp
Code; c011005e <schedule+372/374>
a: 5d pop %ebp
Code; c011005f <schedule+373/374>
b: c3 ret
Code; c0110060 <__wake_up+0/130>
c: 55 push %ebp
Code; c0110061 <__wake_up+1/130>
d: 89 e5 mov %esp,%ebp
Code; c0110063 <__wake_up+3/130>
f: 83 ec 18 sub $0x18,%esp
Code; c0110066 <__wake_up+6/130>
12: 57 push %edi
Code; c0110067 <__wake_up+7/130>
13: 56 push %esi
Kernel panic: Aiee, killing interrupt handler!
***** cut here *****
Our fix was:
Index: net/ipv6/tcp_ipv6.c
===================================================================
RCS file: /cvsroot/usagi/usagi/kernel/linux24/net/ipv6/tcp_ipv6.c,v
retrieving revision 1.22
retrieving revision 1.23
diff -u -r1.22 -r1.23
--- net/ipv6/tcp_ipv6.c 2001/01/05 06:00:59 1.22
+++ net/ipv6/tcp_ipv6.c 2001/02/18 01:44:46 1.23
@@ -1,4 +1,4 @@
-/* $USAGI: tcp_ipv6.c,v 1.22 2001/01/05 06:00:59 yoshfuji Exp $ */
+/* $USAGI: tcp_ipv6.c,v 1.23 2001/02/18 01:44:46 yoshfuji Exp $ */
/*
* TCP over IPv6
@@ -458,7 +458,7 @@
struct sock *sk2, **skp;
struct tcp_tw_bucket *tw;
- write_lock(&head->lock);
+ write_lock_bh(&head->lock);
for(skp = &(head + tcp_ehash_size)->chain; (sk2=*skp)!=NULL; skp =
&sk2->next) {
tw = (struct tcp_tw_bucket*)sk2;
--
Hideaki YOSHIFUJI @ USAGI Project <yoshfuji@xxxxxxxxxxxxxx>
PGP5i FP: F731 6599 5EB2 BBA7 1515 1323 1806 A96F 5700 6B25
|