Indeed...
> Here is a program that locks up any Linux 2.0.0 machine with
> 100% guarantee. Well, it did lock up my machine every time I
> tried it. (about 16 times now)
>
> Well, actually it's two programs, a server and a client. The
> recipe is simple: start the server, run the client and presto.
>
> Please test this out, and tell me if the crash also occurs on
> your machine. To be safe, boot into single-user mode, set up the
> loopback network, and then run the server & client. (If you
> foul up your filesystems then that's your fault, not mine.)
>
> You do not need to be root to cause this crash.
>
> I don't know what's wrong, except that of course the client
> should close the socket. But I would not think that bad code
> such as this should actually lock up a machine.
>
> Pressing shift-ScrollLock several times reveals that the kernel
> is apparently in some sort of network buffer allocating loop.
>
I tested this withe a clean 2.0 and allso withe the patch Alan sent to
fix some known problems in 2.0, these programs lock up both of these
kernels. I allso tried to figure out what was happening when this
happens and the EIPS I wrote down reffered to
alloc_skb
kfree_skbmem
do_dev_que_xmit
unregister_netdev
bad_tcp_sequence
tcp_rcv
ip_rcv
ip_sendroom
kmalloc
These were not written to disk while the kernel was in this loop. I
don't have the nolidge to look into this but it sure is a bug
somewhere...
> The crash occurs with at least four different kernels. For what
> it's worth, it also happens with 1.99.8 and 1.99.12. It does not
> happen with 1.2.13 (with 1.2, the client is blocked forever when
> it calls connect() the 2nd time).
>
> --------------------------------
> server.c
> --------------------------------
> #include <string.h>
> #include <sys/types.h>
> #include <sys/socket.h>
> #include <netinet/in.h>
> #include <stdlib.h>
> #include <unistd.h>
>
> int n, o, s;
> struct sockaddr_in sa;
>
> void main(void)
> {
> if ((s = socket(AF_INET, SOCK_STREAM, 0)) == -1)
> return;
> o = 1;
> setsockopt(s, SOL_SOCKET, SO_REUSEADDR, (char *) &o, sizeof o);
> memset(&sa, 0, sizeof sa);
> sa.sin_family = AF_INET;
> sa.sin_port = htons(8080);
> sa.sin_addr.s_addr = htonl(INADDR_ANY);
> if (bind(s, (struct sockaddr *) &sa, sizeof sa) == -1)
> return;
> if (listen(s, 128) == -1)
> return;
> while (1) {
> o = sizeof sa;
> if ((n = accept(s, (struct sockaddr *) &sa, &o)) == -1)
> return;
> close(n);
> }
> }
> --------------------------------
> client.c
> --------------------------------
> #include <string.h>
> #include <sys/types.h>
> #include <sys/socket.h>
> #include <netinet/in.h>
> #include <stdlib.h>
> #include <unistd.h>
>
> int n, o, s;
> struct sockaddr_in sa;
>
> void main(void)
> {
> n = 2;
> while (--n >= 0) {
> sleep(1);
> if ((s = socket(AF_INET, SOCK_STREAM, 0)) == -1)
> return;
> o = 1;
> setsockopt(s, SOL_SOCKET, SO_REUSEADDR, (char *) &o, sizeof o);
> memset(&sa, 0, sizeof sa);
> sa.sin_family = AF_INET;
> sa.sin_port = htons(8081);
> sa.sin_addr.s_addr = htonl(INADDR_LOOPBACK);
> if (bind(s, (struct sockaddr *) &sa, sizeof sa) == -1)
> return;
> memset(&sa, 0, sizeof sa);
> sa.sin_family = AF_INET;
> sa.sin_port = htons(8080);
> sa.sin_addr.s_addr = htonl(INADDR_LOOPBACK);
> if (connect(s, (struct sockaddr *) &sa, sizeof sa) == -1)
> return;
> #if 0
> close(s);
> #endif
> }
> }
> --
> Michiel Boland <boland@sci.kun.nl>
> University of Nijmegen
> The Netherlands
>