On Wed, 08 Oct 2003, David S. Miller wrote:

> Arnaldo, I think this is another piece of fallout
> from the struct sock splitup you did ages ago.
> 
> I think it's dereferencing inet_sk(sk) for a time-wait
> socket, so we probably need a TCP_TIME_WAIT test plus
> some additional logic here?  Better check tcp_ipv6.c too.

Found some more on this, it's been entered into the kernel bug-tracker

http://bugme.osdl.org/show_bug.cgi?id=1271

He managed to get an oops out of his:

Unable to handle kernel NULL pointer dereference at virtual address 00000049
 printing eip:
c030b346
*pde = 00000000
Oops: 0000 [#1]
CPU:    1
EIP:    0060:[<c030b346>]    Not tainted
EFLAGS: 00010246
EIP is at tcp_v4_get_port+0x3c6/0x3e0
eax: 00000000   ebx: f74ff380   ecx: f667ff40   edx: f667ff50
esi: 00000002   edi: 00002151   ebp: f66097c0   esp: f6b0be68
ds: 007b   es: 007b   ss: 0068
Process perl (pid: 3433, threadinfo=f6b0a000 task=f6b0d900)
Stack: 00000000 00000000 00000000 f66270d0 00000000 00000000 00000001 f6609908 
       00000000 00000000 00000000 00000001 f7c90a88 f66097c0 ffffffea f6609908 
       f6b0bee8 c031f215 f66097c0 00002151 c02d568d 00000003 21511818 f6612740 
Call Trace:
 [<c031f215>] inet_bind+0x1d5/0x300
 [<c02d568d>] move_addr_to_kernel+0x8d/0xa0
 [<c02d6d8b>] sys_bind+0x7b/0xb0
 [<c011c11c>] do_page_fault+0x23c/0x44f
 [<c02d59dc>] sockfd_lookup+0x1c/0x80
 [<c02d74d8>] sys_setsockopt+0x78/0xc0
 [<c02d7be8>] sys_socketcall+0xc8/0x2b0
 [<c01095d9>] sysenter_past_esp+0x52/0x71

Code: 0f b6 40 49 24 20 84 c0 75 97 eb 89 89 14 24 e8 06 51 e1 ff 
 <0>Kernel panic: Fatal exception in interrupt
In interrupt handler - not syncing