GP with 2.0.30 + pre2.0.31-2 patch

Dan Hollis (goemon@sasami.anime.net)
Wed, 4 Jun 1997 17:30:39 -0700 (PDT)


GP in Linux 2.0.30 with the latest pre-2.0.31-2 patch.

Everything is compiled statically, no modules. RST and SYNflood
protection are on.

This GP has been present throughout 2.0.30 and all the pre-patches up to
the present. Every time it is squid that causes the GP. This GP happens
almost daily.

general protection: 0000
CPU: 0
EIP: 0010:[<001460e4>]
EFLAGS: 00010217
eax: f000e987 ebx: 00000000 ecx: 02dd4c30 edx: f000f84d
esi: 02dd4ccc edi: 000001a1 ebp: 02dd4c0c esp: 0308fee8
ds: 0018 es: 0018 fs: 002b gs: 002b ss: 0018
Process squid (pid: 469, process nr: 29, stackpage=0308f000)
Stack: 02dd4c0c 0308ff7c 00000000 00000800 11132fd7 02dd4c30 00000000 000001a1
03538414 020e0b1c 01142683 00150a02 02dd4c0c 0308ff78 00000e5e 00000800
00000000 0308ff7c 00000fff 020e0ad4 08fdebc8 020e0b60 00136d03 020e0b60
Call Trace: [<00150a02>] [<00136d03>] [<00122627>] [<0010a54d>]
Code: 8a 40 0d a8 02 74 04 ff 4c 24 10 8b 7c 24 10 39 7b 30 0f 87

(gdb) l *0x001460e4
0x1460e4 is in tcp_recvmsg (tcp.c:1666).
1661 while (skb != (struct sk_buff *)&sk->receive_queue)
1662 {
1663 if (before(*seq, skb->seq))
1664 break;
1665 offset = *seq - skb->seq;
1666 if (skb->h.th->syn)
1667 offset--;
1668 if (offset < skb->len)
1669 goto found_ok_skb;
1670 if (skb->h.th->fin)
(gdb) l *0x00150a02
0x150a02 is in inet_recvmsg (af_inet.c:863).
858
859 /* We may need to bind the socket. */
860 if(inet_autobind(sk) != 0)
861 return(-EAGAIN);
862
863 return(sk->prot->recvmsg(sk, ubuf, size, noblock, flags,addr_len));
864 }
865
866
867 static int inet_sendmsg(struct socket *sock, struct msghdr *msg, int size, int noblock,
(gdb) l *0x00136d03
0x136d03 is in sock_read (socket.c:353).
348 msg.msg_iovlen=1;
349 msg.msg_control=NULL;
350 iov.iov_base=ubuf;
351 iov.iov_len=size;
352
353 return(sock->ops->recvmsg(sock, &msg, size,(file->f_flags & O_NONBLOCK), 0,&msg.msg_namelen));
354 }
355
356 /*
357 * Write data to a socket. We verify that the user area ubuf..ubuf+size-1 is
(gdb) l *0x00122627
0x122627 is in sys_read (read_write.c:132).
127 if (error)
128 goto out;
129 error = verify_area(VERIFY_WRITE,buf,count);
130 if (error)
131 goto out;
132 error = file->f_op->read(inode,file,buf,count);
133 out:
134 fput(file, inode);
135 bad_file:
136 return error;
(gdb) l *0x0010a54d
No source file for address 0x10a54d.

-Dan