[1273] in linux-net channel archive
tcpdump forces instant kernel failure with 1.3.{35,36}.
daemon@ATHENA.MIT.EDU (G.W. Wettstein)
Sat Oct 28 01:11:33 1995
From: greg@wind.rmcc.com (G.W. Wettstein)
Date: Fri, 27 Oct 1995 11:46:23 CDT
To: linux-kernel@vger.rutgers.edu, linux-net@vger.rutgers.edu
Cc: Linux.Torvalds@cs.helsinki.fi, alan@cymru.net
Good day to everyone, hopefully the week has ended well for everyone.
We just experienced a catastrophic kernel failure on one of our
development machines. I am not sure whether this is user-failure or an
actual networking problem. In any event the following command takes
out both a 1.3.35 and a 1.3.36 kernel almost instantly:
tcpdump -i eth0 'not ip'
The machine in question is a GW-2K 80386dx33. The tcpdump utility was
compiled from the 3.0 sources with gcc 2.5.8 and the 4.6.27 shared
libraries are in use. The following are hopefully helpful snippets
from the boot messages:
klogd 1.2-pl6, log source = sys_syslog started.
<6>Calibrating delay loop.. ok - 6.63 BogoMIPS
<6>Memory: 7028k/8192k available (612k kernel code, 384k reserved, 168k data)
<6>Swansea University Computer Society NET3.031 Snap #3 for Linux 1.3.30
<6>NET3: Unix domain sockets 0.10 BETA for Linux NET3.031.
<6>Swansea University Computer Society TCP/IP for NET3.031 (Snapshot #4)
<6>IP Protocols: ICMP, UDP, TCP
<6>Swansea University Computer Society IPX 0.31 for NET3.031
<6>IPX Portions Copyright (c) 1995 Caldera, Inc.
<6>Linux version 1.3.35 (greg@wind) (gcc version 2.7.0) #2 Tue Oct 17 12:22:56 CDT 1995
<6>PPP: version 2.2.0 (dynamic channel allocation)
<6>TCP compression code copyright 1989 Regents of the University of California
<6>PPP Dynamic channel allocation code copyright 1995 Caldera, Inc.
<6>PPP line discipline registered.
<6>eth0: WD80x3 at 0x280, 00 00 C0 40 98 57 WD8013, IRQ 5, shared memory at 0xd0000-0xd3fff.
<6>wd.c:v1.10 9/23/94 Donald Becker (becker@cesdis.gsfc.nasa.gov)
We are attached to the main corporate networking rings (Token
Ring/Novell) through a Token Ring/Ethernet router. We were trying to
get setup to diagnose a problem (see other message on linux-net) with
dosemu disconnecting during Novell sessions.
We invoked the 'not ip' command as a quick and dirty method to see
what type of ipx packets are getting tossed around the network. Under
the 1.3.36 kernel (non patched) a flurry of packets were emitted
(malignant software on the main rings sending broadcasts), the screen
filled for about 2 seconds with multi-colored blocks and the machine
rebooted. Nothing in the system logs, no warning, just an instaneous
reboot.
Since our 1.3.36 kernel was not patched to fix the networking I kicked
up the 1.3.35 kernel. It faired less well than the 1.3.36 kernel.
Invoking the afore-mentioned tcpdump command resulted in the display
instantly filling and a reboot. I will give this a try on a 1.2.13
kernel later today but I do not have a machine which I can try this on
available at the moment
This may well be a situation where we are operating a utility out of
specification but I figured that we should probably be at least
interested in a user-mode program that can instantly take out the
kernel. I am sure that someone will let me know if it is indeed user
error... :-)
Have a pleasant weekend.
As always,
Dr. G.W. Wettstein Oncology Research Div. Computing Facility
Roger Maris Cancer Center INTERNET: greg@wind.rmcc.com
820 4th St. N.
Fargo, ND 58122
Phone: 701-234-7556
----------------------------------------------------------------------
`The truest mark of a man's wisdom is his ability to listen to other
men expound their wisdom.' -- GWW
