Oops without crash in 2.0.27

Michael Stiller (michael@toyland.ping.de)
Wed, 18 Dec 1996 23:26:41 +0100

Hello,

i encountered the following oops after some hours uptime on our server:

general protection: 0000
CPU: 0
EIP: 0010:[tcp_write_wakeup+134/1004]
EFLAGS: 00010206
eax: 51414141 ebx: 0887daf1 ecx: 06913810 edx: 00cbe5a4
esi: 06913810 edi: 00002000 ebp: 03927f6c esp: 03927f50
ds: 0018 es: 0018 fs: 002b gs: 002b ss: 0018
Process sshd (pid: 30089, process nr: 71, stackpage=03927000)
Stack: 06913810 00000006 00000000 00147a55 03c99c0c 00002000 00000000 03927fa0
00147e66 06913810 06913810 0014834b 06913810 001482d4 06913990 00110c88
06913810 00000001 ffffffff 00000001 001da998 001162fb 03927fbc 0807fb40
Call Trace: [tcp_send_ack+541/560] [tcp_send_probe0+18/108]
[tcp_retransmit_time
r+119/224] [tcp_retransmit_timer+0/224] [timer_bh+300/332]
[do_bottom_half+59/96
] [handle_bottom_half+11/32]
Code: 8a 10 83 e2 0f c1 e2 02 01 d0 89 45 f4 6a 01 6a 01 8b 4d f4

Disassembled:

...
0x147abc <tcp_write_wakeup+84>: movl 0x14(%esi),%ebx
0x147abf <tcp_write_wakeup+87>: movl 0x28(%esi),%edi
0x147ac2 <tcp_write_wakeup+90>: movl %ebx,%eax
0x147ac4 <tcp_write_wakeup+92>: subl %edi,%eax
0x147ac6 <tcp_write_wakeup+94>: jns 0x147cdc <tcp_write_wakeup+628>
0x147acc <tcp_write_wakeup+100>: leal 0x98(%esi),%eax
0x147ad2 <tcp_write_wakeup+106>: movl 0x98(%esi),%edx
0x147ad8 <tcp_write_wakeup+112>: cmpl %eax,%edx
0x147ada <tcp_write_wakeup+114>: jne 0x147ade <tcp_write_wakeup+118>
0x147adc <tcp_write_wakeup+116>: xorl %edx,%edx
0x147ade <tcp_write_wakeup+118>: testl %edx,%edx
0x147ae0 <tcp_write_wakeup+120>: je 0x147cdc <tcp_write_wakeup+628>
0x147ae6 <tcp_write_wakeup+126>: subl %ebx,%edi
0x147ae8 <tcp_write_wakeup+128>: movl %edi,0xfffffff8(%ebp)
0x147aeb <tcp_write_wakeup+131>: movl 0x2c(%edx),%eax
0x147aee <tcp_write_wakeup+134>: movb (%eax),%dl
0x147af0 <tcp_write_wakeup+136>: andl $0xf,%edx
0x147af3 <tcp_write_wakeup+139>: shll $0x2,%edx
0x147af6 <tcp_write_wakeup+142>: addl %edx,%eax
0x147af8 <tcp_write_wakeup+144>: movl %eax,0xfffffff4(%ebp)
0x147afb <tcp_write_wakeup+147>: pushl $0x1
...

It seems, that the pointer in eax is bogus. But if so, the edx value must be
wrong, but it seems legal to me. Any clues ?

-Michael

-- 
x(f,s,c)char *s;{return f&1 ? *s ? *s-c ? x(f,++s,c) :7[s]:0:f&2 
? x(--f,"!/*,xq-ih9]c$=le&M t)r\nm@p31n%ag.8}Sdoy",c):f&4 ? *s ? 
x(f,s+1,putchar(x(f-2,"^&%!*)",*s))) : 0 : 0;}main(){return x(4,
"]!x/mhicn$!iihle&!x/mhiM$agimr%p !r@p%he&!x/mhiM !r@p%he",65);}