2.0.34pre2 tcp oops

Dan Hollis (goemon@sasami.anime.net)
Wed, 4 Mar 1998 15:11:33 -0800 (PST)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Andrea Arcangeli: "Re: Sporadious hang on 2.0.3[0,1,2,3,4pre2]"
Previous message: David Wragg: "Re: [?] Find the address of a segfault in userland"

Looks like the tcp_recvmsg oops is still there. The patch moved the line
offset from 1669 to 1661, and the bug followed.

general protection: 0000
CPU: 0
EIP: 0010:[<001474a8>]
EFLAGS: 00010203
eax: f000ef6f ebx: 00000000 ecx: 01fc9438 edx: f000f841
esi: 01fc94dc edi: 01e28f78 ebp: 01fc9414 esp: 01e28ee8
ds: 0018 es: 0018 fs: 002b gs: 002b ss: 0018
Process roxen (pid: 16268, process nr: 12, stackpage=01e28000)
Stack: 01fc9414 01e28f7c 00000000 00000000 1020f4ae 01fc9438 00000000 000001ac
01c61c0c 0162ee48 0021eb43 00151bae 01fc9414 01e28f78 00001e54 00000000
00000000 01e28f7c 00002000 0162ee00 bfffdb8c 0162ee90 001376e7 0162ee90
Call Trace: [<00151bae>] [<001376e7>] [<00123400>] [<0010a735>]
Code: 8a 50 0d f6 c2 02 74 04 ff 4c 24 10 8b 43 34 39 44 24 10 0f
(gdb) l *0x001474a8
0x1474a8 is in tcp_recvmsg (tcp.c:1661).
1656 while (skb != (struct sk_buff *)&sk->receive_queue)
1657 {
1658 if (before(*seq, skb->seq))
1659 break;
1660 offset = *seq - skb->seq;
1661 if (skb->h.th->syn)
1662 offset--;
1663 if (offset < skb->len)
1664 goto found_ok_skb;
1665 if (skb->h.th->fin)
(gdb) l *0x00151bae
0x151bae is in inet_recvmsg (af_inet.c:867).
862
863 /* We may need to bind the socket. */
864 if(inet_autobind(sk) != 0)
865 return(-EAGAIN);
866
867 return(sk->prot->recvmsg(sk, ubuf, size, noblock, flags,addr_len));
868 }
869
870
871 static int inet_sendmsg(struct socket *sock, struct msghdr *msg, int size, int noblock,
(gdb) l *0x001376e7
0x1376e7 is in sock_read (socket.c:353).
348 msg.msg_iovlen=1;
349 msg.msg_control=NULL;
350 iov.iov_base=ubuf;
351 iov.iov_len=size;
352
353 return(sock->ops->recvmsg(sock, &msg, size,(file->f_flags & O_NONBLOCK), 0,&msg.msg_namelen));
354 }
355
356 /*
357 * Write data to a socket. We verify that the user area ubuf..ubuf+size-1 is
(gdb) l *0x00123400
0x123400 is in sys_read (read_write.c:132).
127 if (error)
128 goto out;
129 error = verify_area(VERIFY_WRITE,buf,count);
130 if (error)
131 goto out;
132 error = file->f_op->read(inode,file,buf,count);
133 out:
134 fput(file, inode);
135 bad_file:
136 return error;
(gdb) l *0x0010a735
No source file for address 0x10a735.

-Dan

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu

Next message: Andrea Arcangeli: "Re: Sporadious hang on 2.0.3[0,1,2,3,4pre2]"
Previous message: David Wragg: "Re: [?] Find the address of a segfault in userland"