Bug 21
| Summary: | 2.5.47-mm2 - oops with scp | ||
|---|---|---|---|
| Product: | Networking | Reporter: | Paul Larson (pl) |
| Component: | Other | Assignee: | Bugme Janitors Team (bugme-janitors) |
| Status: | CLOSED PATCH_ALREADY_AVAILABLE | ||
| Severity: | normal | ||
| Priority: | P2 | ||
| Hardware: | IA-32 | ||
| OS: | Linux | ||
| Kernel Version: | Subsystem: | ||
| Regression: | --- | Bisected commit-id: | |
Bug has owner assigned, moving to Assigned state... There are bugs in some of the timer stuff in akpm's changes. Please only submit reports against Linus's kernel and not with patches added. |
Please enter Exact Kernel version: 2.5.47-mm2 Distribution: Redhat 7.3 Hardware Environment: PIII-866 Software Environment: openssh-server 3.1p1 Problem Description: When trying to scp a file to the victim machine, I got this message then the oops: Attempt to release alive inet socket cdb59b60 ksymoops 2.4.4 on i686 2.4.18-3. Options used -V (default) -K (specified) -L (specified) -O (specified) -m System.map (specified) Unable to handle kernel paging request at virtual address 5a5a5a5a c0115eea *pde = 00000000 Oops: 0002 CPU: 0 EIP: 0060:[<c0115eea>] Not tainted Using defaults from ksymoops -t elf32-i386 -a i386 EFLAGS: 00010082 eax: cdb59b8c ebx: 5a5a5a5a ecx: cdb3dea0 edx: cdb3de94 esi: 00000202 edi: 00000001 ebp: 00001354 esp: cdb3de68 ds: 0068 es: 0068 ss: 0068 Stack: cdb3c000 cdb59b60 c02a51db 00000000 ce3f8740 c0114e50 00000000 00000000 0001c67f cdb3de9c c011d9e5 00000001 ce3f8740 c0114e50 cdb59b8c 5a5a5a5a 000005a8 4b87ad6e c011d950 c033b929 cdb3c000 cdb59b60 c02bec57 cdb59b60 Call Trace: [<c02a51db>] [<c0114e50>] [<c011d9e5>] [<c0114e50>] [<c011d950>] [<c02bec57>] [<c0114e50>] [<c0114e50>] [<c02c7e52>] [<c02d7b57>] [<c02a28c0>] [<c02a311d>] [<c013e0a2>] [<c02a3d81>] [<c013c9ed>] [<c013ca45>] [<c010a62f>] Code: 89 0b 56 9d 5b 5e c3 eb 0d 90 90 90 90 90 90 90 90 90 90 90 >>EIP; c0115eea <add_wait_queue_exclusive+1a/30> <===== Trace; c02a51db <__lock_sock+7b/f0> Trace; c0114e50 <default_wake_function+0/40> Trace; c011d9e5 <schedule_timeout+85/a0> Trace; c0114e50 <default_wake_function+0/40> Trace; c011d950 <process_timeout+0/10> Trace; c02bec57 <tcp_close+337/690> Trace; c0114e50 <default_wake_function+0/40> Trace; c0114e50 <default_wake_function+0/40> Trace; c02c7e52 <tcp_send_fin+1b2/280> Trace; c02d7b57 <inet_release+47/50> Trace; c02a28c0 <sock_release+10/50> Trace; c02a311d <sock_close+2d/40> Trace; c013e0a2 <__fput+32/d0> Trace; c02a3d81 <sys_shutdown+31/40> Trace; c013c9ed <filp_close+4d/60> Trace; c013ca45 <sys_close+45/60> Trace; c010a62f <syscall_call+7/b> Code; c0115eea <add_wait_queue_exclusive+1a/30> 00000000 <_EIP>: Code; c0115eea <add_wait_queue_exclusive+1a/30> <===== 0: 89 0b mov %ecx,(%ebx) <===== Code; c0115eec <add_wait_queue_exclusive+1c/30> 2: 56 push %esi Code; c0115eed <add_wait_queue_exclusive+1d/30> 3: 9d popf Code; c0115eee <add_wait_queue_exclusive+1e/30> 4: 5b pop %ebx Code; c0115eef <add_wait_queue_exclusive+1f/30> 5: 5e pop %esi Code; c0115ef0 <add_wait_queue_exclusive+20/30> 6: c3 ret Code; c0115ef1 <add_wait_queue_exclusive+21/30> 7: eb 0d jmp 16 <_EIP+0x16> c0115f00 <remove_wait_queue+0/20> Code; c0115ef3 <add_wait_queue_exclusive+23/30> 9: 90 nop Code; c0115ef4 <add_wait_queue_exclusive+24/30> a: 90 nop Code; c0115ef5 <add_wait_queue_exclusive+25/30> b: 90 nop Code; c0115ef6 <add_wait_queue_exclusive+26/30> c: 90 nop Code; c0115ef7 <add_wait_queue_exclusive+27/30> d: 90 nop Code; c0115ef8 <add_wait_queue_exclusive+28/30> e: 90 nop Code; c0115ef9 <add_wait_queue_exclusive+29/30> f: 90 nop Code; c0115efa <add_wait_queue_exclusive+2a/30> 10: 90 nop Code; c0115efb <add_wait_queue_exclusive+2b/30> 11: 90 nop Code; c0115efc <add_wait_queue_exclusive+2c/30> 12: 90 nop Code; c0115efd <add_wait_queue_exclusive+2d/30> 13: 90 nop <0>Kernel panic: Aiee, killing interrupt handler! Steps to reproduce: scp anyfile user@target:/tmp It asks for the password, and finishes copying the file. After it's complete though, the server crashes.