From: "David S. Miller" <davem@redhat.com>
To: acme@conectiva.com.br
Cc: netdev@oss.sgi.com
Subject: Fw: Nasty Oops in 2.6.0-test6 bind/SO_REUSEADDR
Date: Wed, 8 Oct 2003 13:33:45 -0700 [thread overview]
Message-ID: <20031008133345.49f71991.davem@redhat.com> (raw)
[-- Attachment #1: Type: text/plain, Size: 1880 bytes --]
Arnaldo, I think this is another piece of fallout
from the struct sock splitup you did ages ago.
I think it's dereferencing inet_sk(sk) for a time-wait
socket, so we probably need a TCP_TIME_WAIT test plus
some additional logic here? Better check tcp_ipv6.c too.
Begin forwarded message:
Date: Wed, 8 Oct 2003 16:04:09 -0400
From: Dan Merillat <dmerillat@sequiam.com>
To: linux-kernel@vger.kernel.org
Subject: Nasty Oops in 2.6.0-test6 bind/SO_REUSEADDR
I can't provide a stacktrace because it hardlocks the system, but it's
trivial to reproduce.
Swap back and forth between apache2 and apache a few times, and it
hardlocks at bind.
>From what I copied down and backtraced we crash at tcp_v4_get_port +
0x378/390, which is in tcp_ipv4.c:194 (inline tcp_bind_conflict)
struct inet_opt *inet2 = inet_sk(sk2);
if (!inet2->rcv_saddr || !inet->rcv_saddr ||
inet2->rcv_saddr == inet->rcv_saddr)
break;
468: 0f b6 40 49 movzbl 0x49(%eax),%eax
46c: 83 e0 20 and $0x20,%eax
46f: 84 c0 test %al,%al
In fact, I believe the problem to be with SO_REUSEADDR. It only
manifests if the port has gotten traffic and there's sockets in
TIME_WAIT.
I suppose a trivial test would be to bind to a port, connect to it,
disconnect, close the socket, create a socket with SO_REUSEADDR and
rebind to it. Pow.
I can't get UML 2.6.0 working so I can't test very well, but it's a
helluva showstopper.
The strace of apache starting up when it crashed:
socket(PF_INET, SOCK_STREAM, IPPROTO_TCP) = 3
fcntl64(3, F_DUPFD, 15) = 20
close(3) = 0
setsockopt(20, SOL_SOCKET, SO_REUSEADDR, [1], 4) = 0
setsockopt(20, SOL_SOCKET, SO_KEEPALIVE, [1], 4
(oopsed in bind so strace never saw it)
--Dan
[-- Attachment #2: 00000002.mimetmp --]
[-- Type: application/pgp-signature, Size: 156 bytes --]
next reply other threads:[~2003-10-08 20:33 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-10-08 20:33 David S. Miller [this message]
2003-10-09 17:03 ` Fw: Nasty Oops in 2.6.0-test6 bind/SO_REUSEADDR Dan Merillat
2003-10-10 2:36 ` Arnaldo Carvalho de Melo
2003-10-10 3:22 ` [RFT] " Arnaldo Carvalho de Melo
2003-10-10 4:14 ` David S. Miller
2003-10-10 15:40 ` Arnaldo Carvalho de Melo
2003-10-11 19:56 ` David S. Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20031008133345.49f71991.davem@redhat.com \
--to=davem@redhat.com \
--cc=acme@conectiva.com.br \
--cc=netdev@oss.sgi.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).