This issue is unrelated to the SYN cookie check in test-kernel-security.py. It
just so happens that the test caught the bug. Here's two kernel stack dumps
that I see in the logs after booting the 2.6.32-61-generic #123 kernel:
The first stack dump involves the /net/core/somaxconn sysctl. Looking at the
git log of changes that went into this kernel, I'd say that the following
commit is the likely culprit:
This issue is unrelated to the SYN cookie check in test-kernel- security. py. It
just so happens that the test caught the bug. Here's two kernel stack dumps
that I see in the logs after booting the 2.6.32-61-generic #123 kernel:
sysctl table check failed: /net/core/somaxconn .3.1.18 Missing strategy 8f509>] set_fail+0x59/0x60 8f83b>] sysctl_ check_table+ 0x16b/0x4b0 8f84c>] sysctl_ check_table+ 0x17c/0x4b0 8f84c>] sysctl_ check_table+ 0x17c/0x4b0 7235d>] __register_ sysctl_ paths+0x11d/ 0x360 8f84c>] ? sysctl_ check_table+ 0x17c/0x4b0 35181>] register_ net_sysctl_ table+0x61/ 0x70 62765>] sysctl_ core_net_ init+0x45/ 0xb0 61b08>] register_ pernet_ operations+ 0x48/0x100 8e882>] ? sysctl_ core_init+ 0x0/0x38 61c6c>] register_ pernet_ subsys+ 0x2c/0x50 8e8b8>] sysctl_ core_init+ 0x36/0x38 0a04c>] do_one_ initcall+ 0x3c/0x1a0 576d1>] do_basic_ setup+0x54/ 0x66 577f1>] kernel_ init+0x10e/ 0x162 141ea>] child_rip+0xa/0x20 576e3>] ? kernel_ init+0x0/ 0x162 141e0>] ? child_rip+0x0/0x20
Pid: 1, comm: swapper Not tainted 2.6.32-61-generic #123-Ubuntu
Call Trace:
[<ffffffff810
[<ffffffff810
[<ffffffff810
[<ffffffff810
[<ffffffff810
[<ffffffff810
[<ffffffff815
[<ffffffff814
[<ffffffff814
[<ffffffff818
[<ffffffff814
[<ffffffff818
[<ffffffff810
[<ffffffff818
[<ffffffff818
[<ffffffff810
[<ffffffff818
[<ffffffff810
sysctl table check failed: /net/ipv4/ ip_no_pmtu_ disc .3.5.39 Missing strategy 8f509>] set_fail+0x59/0x60 8f83b>] sysctl_ check_table+ 0x16b/0x4b0 8f84c>] sysctl_ check_table+ 0x17c/0x4b0 8f84c>] sysctl_ check_table+ 0x17c/0x4b0 7235d>] __register_ sysctl_ paths+0x11d/ 0x360 a4808>] ? __proc_ create+ 0xd8/0x130 9029a>] ? sysctl_ ipv4_init+ 0x0/0x4e 725cb>] register_ sysctl_ paths+0x2b/ 0x30 902b6>] sysctl_ ipv4_init+ 0x1c/0x4e 0a04c>] do_one_ initcall+ 0x3c/0x1a0 576d1>] do_basic_ setup+0x54/ 0x66 577f1>] kernel_ init+0x10e/ 0x162 141ea>] child_rip+0xa/0x20 576e3>] ? kernel_ init+0x0/ 0x162 141e0>] ? child_rip+0x0/0x20
Pid: 1, comm: swapper Not tainted 2.6.32-61-generic #123-Ubuntu
Call Trace:
[<ffffffff810
[<ffffffff810
[<ffffffff810
[<ffffffff810
[<ffffffff810
[<ffffffff811
[<ffffffff818
[<ffffffff810
[<ffffffff818
[<ffffffff810
[<ffffffff818
[<ffffffff818
[<ffffffff810
[<ffffffff818
[<ffffffff810
The first stack dump involves the /net/core/somaxconn sysctl. Looking at the
git log of changes that went into this kernel, I'd say that the following
commit is the likely culprit:
d77028f net: check net.core.somaxconn sysctl values