Re: Oops in 2.2.9

Tim Waugh (tim@cyberelk.demon.co.uk)
Wed, 9 Jun 1999 16:29:28 +0100 (GMT)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Wakko Warner: "Re: Profanity in the Linux Kernel?!?!?"
Previous message: Tim Waugh: "Re: Continuous Oops problems..."

This is in __skb_dequeue:

if (next != prev) {
result = next;
next = next->next;
list->qlen--;
next->prev = prev; <==
prev->next = next;
result->next = NULL;
result->prev = NULL;

list->next->next is NULL, inexplicably. This isn't the first time I've
seen an oops like this, and I would tend to think that it suggests locking
problems, since the only time I can see next getting set NULL is in
skb_xxx. Is there a call to __skb_xxx that should be a call to
(lock-protected) skb_xxx somewhere?

Tim.
*/

On Fri, 4 Jun 1999, Joop Stakenborg wrote:

> Unable to handle kernel NULL pointer dereference at virtual address 00000004
> current->tss.cr3 = 00590000, %cr3 = 00590000
> *pde = 00000000
> Oops: 0002
> CPU: 0
> EIP: 0010:[<c0148cf7>]
> EFLAGS: 00010002
> eax: c0707e80 ebx: c064f4f4 ecx: 00000256 edx: 00000000
> esi: 000005dc edi: c064f4f4 ebp: c064f4f4 esp: c0289e2c
> ds: 0018 es: 0018 ss: 0018
> Process tnt (pid: 206, process nr: 24, stackpage=c0289000)
> Stack: 00000000 c0289f6c 00000001 c064f4f4 00000006 c0289e50 c101ab07 c064f4b0
> 00000000 00000000 c0289e74 c07b01ac 000005dc 00000000 c0289f6c 00000046
> 00000152 c064f4b0 00000007 c0145e02 c07b01ac c0289f6c 000005dc 00000000
> Call Trace: [<c101ab07>] [<c0145e02>] [<c101aab0>] [<c01469f4>] [<c0148dd5>] [<c012d8cb>] [<c012dc3a>]
> [<c014712b>] [<c0108f34>] [<c010002b>]
> Code: 89 5a 04 89 13 c7 00 00 00 00 00 c7 40 04 00 00 00 00 c7 40
>
> >>EIP: c0148cf7 <skb_recv_datagram+157/190>
> Trace: c101ab07 <xcvr+245f/2ef8>
> Trace: c0145e02 <sock_recvmsg+42/c0>
> Trace: c101aab0 <xcvr+2408/2ef8>
> Trace: c01469f4 <sys_recvfrom+a4/100>
> Trace: c0148dd5 <datagram_poll+25/d0>
> Trace: c012d8cb <free_wait+6b/80>
> Trace: c012dc3a <do_select+1fa/220>
> Trace: c014712b <sys_socketcall+16b/1f0>
> Code: c0148cf7 <skb_recv_datagram+157/190> 00000000 <_EIP>: <===
> Code: c0148cf7 <skb_recv_datagram+157/190> 0: 89 5a 04 movl %ebx,0x4(%edx) <===
> Code: c0148cfa <skb_recv_datagram+15a/190> 3: 89 13 movl %edx,(%ebx)
> Code: c0148cfc <skb_recv_datagram+15c/190> 5: c7 00 00 00 00 00 movl $0x0,(%eax)
> Code: c0148d02 <skb_recv_datagram+162/190> b: c7 40 04 00 00 00 00 movl $0x0,0x4(%eax)
> Code: c0148d09 <skb_recv_datagram+169/190> 12: c7 40 00 00 00 00 00 movl $0x0,0x0(%eax)

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

Next message: Wakko Warner: "Re: Profanity in the Linux Kernel?!?!?"
Previous message: Tim Waugh: "Re: Continuous Oops problems..."