Bug 220921 - invalid arguments to setitimer causes kernel to crash (soft lockup)
invalid arguments to setitimer causes kernel to crash (soft lockup)
Status: CLOSED CURRENTRELEASE
Product: Fedora
Classification: Fedora
Component: kernel (Show other bugs)
6
x86_64 Linux
medium Severity high
: ---
: ---
Assigned To: Kernel Maintainer List
Brian Brock
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2006-12-28 17:11 EST by Ahmon Dancy
Modified: 2007-11-30 17:11 EST (History)
1 user (show)

See Also:
Fixed In Version: 2.6.20-1.2933.fc6
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-04-18 14:59:03 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Crash test case (551 bytes, text/plain)
2006-12-28 17:11 EST, Ahmon Dancy
no flags Details

  None (edit)
Description Ahmon Dancy 2006-12-28 17:11:10 EST
Description of problem:

If setitimer() is called with an itimerval struct with strange values, the
kernel will crash with:

BUG: Soft lockup detected on CPU#0!

Version-Release number of selected component (if applicable):
kernel-2.6.18-1.2257.fc5
and
kernel-2.6.18-1.2868.fc6

How reproducible:
Completely reproducible on x86_64/SMP hosts.

Steps to Reproduce:
1. Compile crash.c
2. Run crash program
  
Actual results:

System crash.

Expected results:

EINVAL errno from setitimer.  Or, perhaps, a very very long delay before SIGALRM
is seen.
Comment 1 Ahmon Dancy 2006-12-28 17:11:10 EST
Created attachment 144493 [details]
Crash test case
Comment 2 Ahmon Dancy 2007-04-18 14:42:22 EDT
Looks like discussion of this problem has has happened on the kernel mailing
list (I should have reported it there originally, I suppose)

http://lkml.org/lkml/2007/3/13/285


Comment 3 Chuck Ebbert 2007-04-18 14:59:03 EDT
Fixed in upstream 2.6.20.4, which means also fixed in FC5 and FC6.

Note You need to log in before you can comment on or make changes to this bug.