On Wed, 08 Oct 2003, David S. Miller wrote:
> Arnaldo, I think this is another piece of fallout
> from the struct sock splitup you did ages ago.
>
> I think it's dereferencing inet_sk(sk) for a time-wait
> socket, so we probably need a TCP_TIME_WAIT test plus
> some additional logic here? Better check tcp_ipv6.c too.
Found some more on this, it's been entered into the kernel bug-tracker
http://bugme.osdl.org/show_bug.cgi?id=1271
He managed to get an oops out of his:
Unable to handle kernel NULL pointer dereference at virtual address 00000049
printing eip:
c030b346
*pde = 00000000
Oops: 0000 [#1]
CPU: 1
EIP: 0060:[<c030b346>] Not tainted
EFLAGS: 00010246
EIP is at tcp_v4_get_port+0x3c6/0x3e0
eax: 00000000 ebx: f74ff380 ecx: f667ff40 edx: f667ff50
esi: 00000002 edi: 00002151 ebp: f66097c0 esp: f6b0be68
ds: 007b es: 007b ss: 0068
Process perl (pid: 3433, threadinfo=f6b0a000 task=f6b0d900)
Stack: 00000000 00000000 00000000 f66270d0 00000000 00000000 00000001 f6609908
00000000 00000000 00000000 00000001 f7c90a88 f66097c0 ffffffea f6609908
f6b0bee8 c031f215 f66097c0 00002151 c02d568d 00000003 21511818 f6612740
Call Trace:
[<c031f215>] inet_bind+0x1d5/0x300
[<c02d568d>] move_addr_to_kernel+0x8d/0xa0
[<c02d6d8b>] sys_bind+0x7b/0xb0
[<c011c11c>] do_page_fault+0x23c/0x44f
[<c02d59dc>] sockfd_lookup+0x1c/0x80
[<c02d74d8>] sys_setsockopt+0x78/0xc0
[<c02d7be8>] sys_socketcall+0xc8/0x2b0
[<c01095d9>] sysenter_past_esp+0x52/0x71
Code: 0f b6 40 49 24 20 84 c0 75 97 eb 89 89 14 24 e8 06 51 e1 ff
<0>Kernel panic: Fatal exception in interrupt
In interrupt handler - not syncing
pgpoogi0GZ00z.pgp
Description: PGP signature
|