PROBLEM: oops when using socket()

[list-kernel@xc.net]

oops when using socket()

When calling socket() with the type set to SOCK_STREAM + X, where X is >= 10, an oops occurs.  Happens when root or user.  Tested with 2.4.6 and 2.4.7-pre6.

networking, sockets, protocols

Linux version 2.4.7-pre6 (root@debian) (gcc version 2.95.4 20010703 (Debian prerelease)) #5 Tue Jul 17 15:54:32 MDT 2001

[Attached: ksymoops output ksymoops-socket]

[Attached: example program socket.c]

root@debian:/usr/src/linux# sh scripts/ver_linux
If some fields are empty or look unusual you may have an old version.
Compare to the current minimal requirements in Documentation/Changes.
 
Linux debian 2.4.7-pre6 #5 Tue Jul 17 15:54:32 MDT 2001 i686 unknown
 
Gnu C                  2.95.4
Gnu make               3.79.1
binutils               2.11.90.0.7
util-linux             2.11g
mount                  2.11g
modutils               2.4.6
e2fsprogs              1.22
reiserfsprogs          3.x.0j
pcmcia-cs              3.1.25
PPP                    2.4.1
Linux C Library        2.2.3
Dynamic linker (ldd)   2.2.3
Procps                 2.0.7
Net-tools              1.60
Console-tools          0.2.3
Sh-utils               2.0.11
Modules Loaded         sr_mod cdrom sb sb_lib uart401 bsd_comp ppp_deflate ppp_async ppp_generic slhc sg agpgart vfat fat

root@debian:~# cat /proc/cpuinfo
processor       : 0
vendor_id       : GenuineIntel
cpu family      : 6
model           : 5
model name      : Pentium II (Deschutes)
stepping        : 0
cpu MHz         : 334.100
cache size      : 512 KB
fdiv_bug        : no
hlt_bug         : no
f00f_bug        : no
coma_bug        : no
fpu             : yes
fpu_exception   : yes
cpuid level     : 2
wp              : yes
flags           : fpu vme de pse tsc msr pae mce cx8 sep mtrr pge mca cmov pat pse36 mmx fxsr
bogomips        : 666.82

NOTE: slhc, ppp_*, bsd_comp were loaded from a different kernel version, but the oops occurs either way
root@debian:~# cat /proc/modules
sr_mod                 12016   0 (unused)
cdrom                  27232   0 [sr_mod]
sb                      7408   0
sb_lib                 33280   0 [sb]
uart401                 6336   0 [sb_lib]
bsd_comp                4160   0
ppp_deflate            39200   0
ppp_async               6384   1
ppp_generic            14496   3 [bsd_comp ppp_deflate ppp_async]
slhc                    4736   1 [ppp_generic]
sg                     22528   0 (unused)
agpgart                13504   0 (unused)
vfat                    8816   0 (unused)
fat                    30592   0 [vfat]

root@debian:~# cat /proc/ioports
0000-001f : dma1
0020-003f : pic1
0040-005f : timer
0060-006f : keyboard
0080-008f : dma page reg
00a0-00bf : pic2
00c0-00df : dma2
00f0-00ff : fpu
0170-0177 : ide1
01f0-01f7 : ide0
0213-0213 : isapnp read
0220-022f : soundblaster
02f8-02ff : serial(set)
0376-0376 : ide1
03c0-03df : vga+
03f6-03f6 : ide0
03f8-03ff : serial(set)
0a79-0a79 : isapnp write
0cf8-0cff : PCI conf1
5f00-5f1f : Intel Corporation 82371AB PIIX4 ACPI
6100-613f : Intel Corporation 82371AB PIIX4 ACPI
6400-641f : Intel Corporation 82371AB PIIX4 USB
e000-efff : PCI Bus #01
f000-f00f : Intel Corporation 82371AB PIIX4 IDE
  f000-f007 : ide0
  f008-f00f : ide1

root@debian:~# cat /proc/iomem
00000000-0009fbff : System RAM
0009fc00-0009ffff : reserved
000a0000-000bffff : Video RAM area
000c0000-000c7fff : Video ROM
000f0000-000fffff : System ROM
00100000-03ffffff : System RAM
  00100000-001fcbe7 : Kernel code
  001fcbe8-0025355f : Kernel data
e0000000-e7ffffff : PCI Bus #01
  e0000000-e7ffffff : nVidia Corporation NV15 (Geforce2 GTS)
e8000000-e9ffffff : PCI Bus #01
  e8000000-e8ffffff : nVidia Corporation NV15 (Geforce2 GTS)
ea000000-ebffffff : Intel Corporation 440BX/ZX - 82443BX/ZX Host bridge
ec000000-ec0fffff : Auravision VxP524
ec100000-ec100fff : Brooktree Corporation Bt848 TV with DMA push
ffff0000-ffffffff : reserved

root@debian:~# lspci -vvv
00:00.0 Host bridge: Intel Corporation 440BX/ZX - 82443BX/ZX Host bridge (rev 02)
        Control: I/O- Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B-
        Status: Cap+ 66Mhz- UDF- FastB2B- ParErr- DEVSEL=medium >TAbort- <TAbort- <MAbort+ >SERR- <PERR-
        Latency: 64
        Region 0: Memory at ea000000 (32-bit, prefetchable) [size=32M]
        Capabilities: [a0] AGP version 1.0
                Status: RQ=31 SBA+ 64bit- FW- Rate=x1,x2
                Command: RQ=0 SBA- AGP- 64bit- FW- Rate=<none>

00:01.0 PCI bridge: Intel Corporation 440BX/ZX - 82443BX/ZX AGP bridge (rev 02) (prog-if 00 [Normal decode])
        Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR+ FastB2B-
        Status: Cap- 66Mhz+ UDF- FastB2B- ParErr- DEVSEL=medium >TAbort- <TAbort- <MAbort- >SERR- <PERR-
        Latency: 64
        Bus: primary=00, secondary=01, subordinate=01, sec-latency=64
        I/O behind bridge: 0000e000-0000efff
        Memory behind bridge: e8000000-e9ffffff
        Prefetchable memory behind bridge: e0000000-e7ffffff
        BridgeCtl: Parity- SERR- NoISA- VGA+ MAbort- >Reset- FastB2B+

00:07.0 ISA bridge: Intel Corporation 82371AB PIIX4 ISA (rev 02)
        Control: I/O+ Mem+ BusMaster+ SpecCycle+ MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B-
        Status: Cap- 66Mhz- UDF- FastB2B+ ParErr- DEVSEL=medium >TAbort- <TAbort- <MAbort- >SERR- <PERR-
        Latency: 0

00:07.1 IDE interface: Intel Corporation 82371AB PIIX4 IDE (rev 01) (prog-if 80 [Master])
        Control: I/O+ Mem- BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B-
        Status: Cap- 66Mhz- UDF- FastB2B+ ParErr- DEVSEL=medium >TAbort- <TAbort- <MAbort- >SERR- <PERR-
        Latency: 64
        Region 4: I/O ports at f000 [size=16]

00:07.2 USB Controller: Intel Corporation 82371AB PIIX4 USB (rev 01) (prog-if 00 [UHCI])
        Control: I/O+ Mem- BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B-
        Status: Cap- 66Mhz- UDF- FastB2B+ ParErr- DEVSEL=medium >TAbort- <TAbort- <MAbort- >SERR- <PERR-
        Latency: 64
        Interrupt: pin D routed to IRQ 10
        Region 4: I/O ports at 6400 [size=32]

00:07.3 Bridge: Intel Corporation 82371AB PIIX4 ACPI (rev 02)
        Control: I/O+ Mem+ BusMaster- SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B-
        Status: Cap- 66Mhz- UDF- FastB2B+ ParErr- DEVSEL=medium >TAbort- <TAbort- <MAbort- >SERR- <PERR-
        Interrupt: pin ? routed to IRQ 9

00:09.0 Multimedia video controller: Auravision VxP524
        Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B-
        Status: Cap- 66Mhz- UDF- FastB2B+ ParErr- DEVSEL=medium >TAbort- <TAbort- <MAbort- >SERR- <PERR-
        Latency: 64
        Interrupt: pin A routed to IRQ 10
        Region 0: Memory at ec000000 (32-bit, non-prefetchable) [size=1M]

00:0b.0 Multimedia video controller: Brooktree Corporation Bt848 TV with DMA push (rev 12)
        Control: I/O- Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B-
        Status: Cap- 66Mhz- UDF- FastB2B+ ParErr- DEVSEL=medium >TAbort- <TAbort- <MAbort- >SERR- <PERR-
        Latency: 64 (4000ns min, 10000ns max)
        Interrupt: pin A routed to IRQ 5
        Region 0: Memory at ec100000 (32-bit, prefetchable) [size=4K]

01:00.0 VGA compatible controller: nVidia Corporation NV15 (Geforce2 GTS) (rev a3) (prog-if 00 [VGA])
        Subsystem: Creative Labs: Unknown device 1047
        Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B-
        Status: Cap+ 66Mhz+ UDF- FastB2B+ ParErr- DEVSEL=medium >TAbort- <TAbort- <MAbort- >SERR- <PERR-
        Latency: 64 (1250ns min, 250ns max)
        Interrupt: pin A routed to IRQ 11
        Region 0: Memory at e8000000 (32-bit, non-prefetchable) [size=16M]
        Region 1: Memory at e0000000 (32-bit, prefetchable) [size=128M]
        Expansion ROM at e9000000 [disabled] [size=64K]
        Capabilities: [60] Power Management version 1
                Flags: PMEClk- DSI- D1- D2- AuxCurrent=0mA PME(D0-,D1-,D2-,D3hot-,D3cold-)
                Status: D0 PME-Enable- DSel=0 DScale=0 PME-
        Capabilities: [44] AGP version 2.0
                Status: RQ=31 SBA- 64bit- FW+ Rate=x1,x2
                Command: RQ=0 SBA- AGP- 64bit- FW- Rate=<none>

root@debian:~# cat /proc/scsi/scsi
Attached devices: 
Host: scsi0 Channel: 00 Id: 00 Lun: 00
  Vendor: CREATIVE Model: DVD-ROM DVD2240E Rev: 1.5A
  Type:   CD-ROM                           ANSI SCSI revision: 02
Host: scsi0 Channel: 00 Id: 01 Lun: 00
  Vendor: MITSUMI  Model: CR-4804TE        Rev: 2.2C
  Type:   CD-ROM                           ANSI SCSI revision: 02


Thanks,
Jason Wies aka Zone
ksymoops 2.4.1 on i686 2.4.7-pre6.  Options used
     -V (default)
     -k 20010717223608.ksyms (specified)
     -l 20010717223608.modules (specified)
     -o /lib/modules/2.4.7-pre6/ (default)
     -m /boot/System.map-2.4.7-pre6 (default)

Warning (compare_maps): ksyms_base symbol __VERSIONED_SYMBOL(shmem_file_setup) not found in System.map.  Ignoring ksyms_base entry
Warning (compare_maps): ksyms_base symbol cpu_raise_softirq_R__ver_cpu_raise_softirq not found in System.map.  Ignoring ksyms_base entry
Warning (compare_maps): ksyms_base symbol raise_softirq_R__ver_raise_softirq not found in System.map.  Ignoring ksyms_base entry
Warning (compare_maps): ksyms_base symbol skb_copy_and_csum_dev_R__ver_skb_copy_and_csum_dev not found in System.map.  Ignoring ksyms_base entry
Warning (compare_maps): ksyms_base symbol unlock_buffer_R__ver_unlock_buffer not found in System.map.  Ignoring ksyms_base entry
Unable to handle kernel NULL pointer dereference at virtual address 0000000c
c01ecd9d
Oops: 0000
CPU:    0
EIP:    0010:[<c01ecd9d>]
Using defaults from ksymoops -t elf32-i386 -a i386
EFLAGS: 00010217
eax: c02b4ce8   ebx: c2bb8800     ecx: c02a23c8       edx: 00000000
esi: 00000006   edi: 00000000     ebp: c26821 esp: c243ff2c
ds: 0018 es: 0018 ss: 0018
Process socket (pid: 356, stackpage=c243f000)
Stack:  c26821cc 00000008 c02a0c80 00000015 c01bf392 c26821cc 00000006 00000002
        40014d34 bffffd64 bffffcfc 00000000 40016000 00001000 00000000 c01205d2
        c11afa20 c281aca0 40016000 c01bf3d5 00000002 00000015 00000006 c243ff90
Call Trace: [<c01bf392>] [<c01205d2>] [<c01bf3d5>] [<c01c007c>] [<c0106bdc>] [<c0106aeb>]
Code: 86 47 0c 39 c6 75 10 eb de 8d b6 00 00 00 00 85

>>EIP; c01ecd9d <inet_create+5d/210>   <=====
Trace; c01bf392 <sock_create+ca/f0>
Trace; c01205d2 <do_munmap+246/254>
Trace; c01bf3d5 <sys_socket+1d/50>
Trace; c01c007c <sys_socketcall+64/200>
Trace; c0106bdc <error_code+34/3c>
Trace; c0106aeb <system_call+33/38>
Code;  c01ecd9d <inet_create+5d/210>
00000000 <_EIP>:
Code;  c01ecd9d <inet_create+5d/210>   <=====
   0:   86 47 0c                  xchg   %al,0xc(%edi)   <=====
Code;  c01ecda0 <inet_create+60/210>
   3:   39 c6                     cmp    %eax,%esi
Code;  c01ecda2 <inet_create+62/210>
   5:   75 10                     jne    17 <_EIP+0x17> c01ecdb4 <inet_create+74/210>
Code;  c01ecda4 <inet_create+64/210>
   7:   eb de                     jmp    ffffffe7 <_EIP+0xffffffe7> c01ecd84 <inet_create+44/210>
Code;  c01ecda6 <inet_create+66/210>
   9:   8d b6 00 00 00 00         lea    0x0(%esi),%esi
Code;  c01ecdac <inet_create+6c/210>
   f:   85 00                     test   %eax,(%eax)

Kernel Panic: Aiee, killing interrupt handler

5 warnings issued.  Results may not be reliable.
#include <stdio.h>
#include <stdlib.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netdb.h>
#include <errno.h>

int main (int argc, char *argv[])
{
	int sd, protonum;
	struct protoent *protoent;

	if ((protoent = getprotobyname ("tcp")) == NULL)
		fatal_error ();
	endprotoent ();
	protonum = protoent->p_proto;

	if (!(sd = socket (PF_INET, SOCK_STREAM + 20, protonum)))
		fatal_error ();
	close (sd);
}

int fatal_error ()
{
	perror ("Error");
	exit (-1);
}