Fw: [Bugme-new] [Bug 4381] New: When i try to start a pppoe conn., crash at net/core/skbuff.c:91

netdev.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* Fw: [Bugme-new] [Bug 4381] New: When i try to start a pppoe conn., crash at net/core/skbuff.c:91
@ 2005-03-22  4:11 Andrew Morton
  2005-03-23  2:20 ` Patrick McHardy
  0 siblings, 1 reply; 5+ messages in thread
From: Andrew Morton @ 2005-03-22  4:11 UTC (permalink / raw)
  To: netdev; +Cc: o.cornu


Repeatable pppoe crash :(


Begin forwarded message:

Date: Mon, 21 Mar 2005 19:54:24 -0800
From: bugme-daemon@osdl.org
To: bugme-new@lists.osdl.org
Subject: [Bugme-new] [Bug 4381] New: When i try to start a pppoe conn., crash at net/core/skbuff.c:91


http://bugme.osdl.org/show_bug.cgi?id=4381

           Summary: When i try to start a pppoe conn., crash at
                    net/core/skbuff.c:91
    Kernel Version: 2.6.11 (gentoo-dev-sources)
            Status: NEW
          Severity: blocking
             Owner: shemminger@osdl.org
         Submitter: o.cornu@gmail.com


Distribution: Gentoo
Hardware Environment: Intel P4 / Asus P4C800E
Software Environment:
Problem Description: When i try to start a pppoe conn., crash at
net/core/skbuff.c:91
Might be related to Bug 4279, but with ppp_generic (not tun).

Mar 21 21:27:59 Pai-mei adsl-connect: ADSL connection lost; attempting
re-connection.
Mar 21 21:28:04 Pai-mei pppd[6735]: pppd 2.4.2 started by root, uid 0
Mar 21 21:28:04 Pai-mei pppd[6735]: Using interface ppp0
Mar 21 21:28:04 Pai-mei pppd[6735]: Connect: ppp0 <--> /dev/pts/3
Mar 21 21:28:05 Pai-mei <6>skput:over: f89b2335:16 put:16
dev:<NULL>------------[ cut here ]------------
Mar 21 21:28:05 Pai-mei kernel BUG at net/core/skbuff.c:91!
Mar 21 21:28:05 Pai-mei invalid operand: 0000 [#5]
Mar 21 21:28:05 Pai-mei PREEMPT SMP
Mar 21 21:28:05 Pai-mei Modules linked in: usbcore slip ppp_synctty parport_pc
plip parport ppp_deflate zlib_deflate dummy pppoe pppox ppp_async crc_ccitt
bsd_comp ppp_generic slhc nvidia_agp agpgart sr_mod
Mar 21 21:28:05 Pai-mei CPU:    0
Mar 21 21:28:05 Pai-mei EIP:    0060:[<c031ab1b>]    Not tainted VLI
Mar 21 21:28:05 Pai-mei EFLAGS: 00210282   (2.6.11-gentoo-r4)
Mar 21 21:28:05 Pai-mei EIP is at skb_over_panic+0x3b/0x50
Mar 21 21:28:05 Pai-mei eax: 0000002c   ebx: f6a43e80   ecx: 000008fc   edx:
00000001
Mar 21 21:28:05 Pai-mei esi: f7f59680   edi: f6f36a80   ebp: 00000010   esp:
f6a07f3c
Mar 21 21:28:05 Pai-mei ds: 007b   es: 007b   ss: 0068
Mar 21 21:28:05 Pai-mei Process pppd (pid: 6735, threadinfo=f6a06000 task=f6ff8a80)
Mar 21 21:28:05 Pai-mei Stack: c03ee4a0 f89b2335 00000010 00000010 c03d008c
f89b2341 f6a43e80 00000010
Mar 21 21:28:05 Pai-mei f89b2335 fffffff2 00000010 00000000 f6fd0e80 08087f22
c0160909 f6fd0e80
Mar 21 21:28:05 Pai-mei 08087f22 00000010 f6a07fac f6fd0e80 fffffff7 00000007
f6a06000 c0160a91
Mar 21 21:28:05 Pai-mei Call Trace:
Mar 21 21:28:05 Pai-mei [<f89b2335>] ppp_write+0x115/0x140 [ppp_generic]
Mar 21 21:28:05 Pai-mei [<f89b2341>] ppp_write+0x121/0x140 [ppp_generic]
Mar 21 21:28:05 Pai-mei [<f89b2335>] ppp_write+0x115/0x140 [ppp_generic]
Mar 21 21:28:05 Pai-mei [<c0160909>] vfs_write+0xe9/0x1a0
Mar 21 21:28:05 Pai-mei [<c0160a91>] sys_write+0x51/0x80
Mar 21 21:28:05 Pai-mei [<c01032af>] syscall_call+0x7/0xb
Mar 21 21:28:05 Pai-mei Code: c0 0f 44 c2 89 44 24 10 8b 44 24 1c 89 44 24 0c 8b
41 60 c7 04 24 a0 e4 3e c0 89 44 24 08 8b 44 24 20 89 44 24 04 e8 55 34 e0 ff
<0f> 0b 5b 00 0b b9 3e c0 83 c4 14 c3 89 f6 8d bc 27 00 00 00 00
Mar 21 21:28:05 Pai-mei adsl-connect: ADSL connection lost; attempting
re-connection.

Steps to reproduce:

------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: Fw: [Bugme-new] [Bug 4381] New: When i try to start a pppoe conn., crash at net/core/skbuff.c:91
  2005-03-22  4:11 Fw: [Bugme-new] [Bug 4381] New: When i try to start a pppoe conn., crash at net/core/skbuff.c:91 Andrew Morton
@ 2005-03-23  2:20 ` Patrick McHardy
  2005-03-23  2:49   ` Herbert Xu
  2005-03-23  3:06   ` Paul Mackerras
  0 siblings, 2 replies; 5+ messages in thread
From: Patrick McHardy @ 2005-03-23  2:20 UTC (permalink / raw)
  To: Andrew Morton; +Cc: netdev, o.cornu, paulus

[-- Attachment #1: Type: text/plain, Size: 719 bytes --]

Andrew Morton wrote:
> Repeatable pppoe crash :(
> 
> 
> Begin forwarded message:
> 
> http://bugme.osdl.org/show_bug.cgi?id=4381
> 
>            Summary: When i try to start a pppoe conn., crash at
>                     net/core/skbuff.c:91
>     Kernel Version: 2.6.11 (gentoo-dev-sources)
>             Status: NEW
>           Severity: blocking
>              Owner: shemminger@osdl.org
>          Submitter: o.cornu@gmail.com
> 
> Mar 21 21:28:05 Pai-mei <6>skput:over: f89b2335:16 put:16
> dev:<NULL>

Looks like hdrlen is uninitialized in ppp_async. This patch
initializes it to 2 like in ppp_synctty, but I'm not sure
whether this value is correct here. Paul?

Signed-off-by: Patrick McHardy <kaber@trash.net>


[-- Attachment #2: x --]
[-- Type: text/plain, Size: 366 bytes --]

===== drivers/net/ppp_async.c 1.26 vs edited =====
--- 1.26/drivers/net/ppp_async.c	2005-01-21 06:02:12 +01:00
+++ edited/drivers/net/ppp_async.c	2005-03-23 03:15:31 +01:00
@@ -183,6 +183,7 @@
 	ap->chan.private = ap;
 	ap->chan.ops = &async_ops;
 	ap->chan.mtu = PPP_MRU;
+	ap->chan.hdrlen = 2;
 	err = ppp_register_channel(&ap->chan);
 	if (err)
 		goto out_free;

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: Fw: [Bugme-new] [Bug 4381] New: When i try to start a pppoe conn., crash at net/core/skbuff.c:91
  2005-03-23  2:20 ` Patrick McHardy
@ 2005-03-23  2:49   ` Herbert Xu
  2005-03-23  2:55     ` Patrick McHardy
  2005-03-23  3:06   ` Paul Mackerras
  1 sibling, 1 reply; 5+ messages in thread
From: Herbert Xu @ 2005-03-23  2:49 UTC (permalink / raw)
  To: Patrick McHardy; +Cc: akpm, netdev, o.cornu, paulus

Patrick McHardy <kaber@trash.net> wrote:
> 
> ===== drivers/net/ppp_async.c 1.26 vs edited =====
> --- 1.26/drivers/net/ppp_async.c        2005-01-21 06:02:12 +01:00
> +++ edited/drivers/net/ppp_async.c      2005-03-23 03:15:31 +01:00
> @@ -183,6 +183,7 @@
>        ap->chan.private = ap;
>        ap->chan.ops = &async_ops;
>        ap->chan.mtu = PPP_MRU;
> +       ap->chan.hdrlen = 2;
>        err = ppp_register_channel(&ap->chan);

I'm not sure whether this could cause the original crash that we saw.
If ap->chan.hdrlen is not set then it should be zero.  It being zero
should not cause skb_over_panic to trigger in ppp_write, should it?

Cheers,
-- 
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: Fw: [Bugme-new] [Bug 4381] New: When i try to start a pppoe conn., crash at net/core/skbuff.c:91
  2005-03-23  2:49   ` Herbert Xu
@ 2005-03-23  2:55     ` Patrick McHardy
  0 siblings, 0 replies; 5+ messages in thread
From: Patrick McHardy @ 2005-03-23  2:55 UTC (permalink / raw)
  To: Herbert Xu; +Cc: akpm, netdev, o.cornu, paulus

Herbert Xu wrote:
> Patrick McHardy <kaber@trash.net> wrote:
> 
>>===== drivers/net/ppp_async.c 1.26 vs edited =====
>>--- 1.26/drivers/net/ppp_async.c        2005-01-21 06:02:12 +01:00
>>+++ edited/drivers/net/ppp_async.c      2005-03-23 03:15:31 +01:00
>>@@ -183,6 +183,7 @@
>>       ap->chan.private = ap;
>>       ap->chan.ops = &async_ops;
>>       ap->chan.mtu = PPP_MRU;
>>+       ap->chan.hdrlen = 2;
>>       err = ppp_register_channel(&ap->chan);
> 
> 
> I'm not sure whether this could cause the original crash that we saw.
> If ap->chan.hdrlen is not set then it should be zero.  It being zero
> should not cause skb_over_panic to trigger in ppp_write, should it?

You're right, I missed the memset().

Regards
Patrick

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: Fw: [Bugme-new] [Bug 4381] New: When i try to start a pppoe conn., crash at net/core/skbuff.c:91
  2005-03-23  2:20 ` Patrick McHardy
  2005-03-23  2:49   ` Herbert Xu
@ 2005-03-23  3:06   ` Paul Mackerras
  1 sibling, 0 replies; 5+ messages in thread
From: Paul Mackerras @ 2005-03-23  3:06 UTC (permalink / raw)
  To: Patrick McHardy; +Cc: Andrew Morton, netdev, o.cornu

Patrick McHardy writes:

> Looks like hdrlen is uninitialized in ppp_async. This patch

No, it is initialized by the memset at line 165, and 0 is the correct
value for ap->chan.hdrlen, since the ppp_async driver doesn't prepend
any bytes to the skb on transmit.  The bug must be somewhere else.  It
would be very interesting to know what value pf->hdrlen has in
ppp_write and how it got that value though.

Paul.

^ permalink raw reply	[flat|nested] 5+ messages in thread

end of thread, other threads:[~2005-03-23  3:06 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2005-03-22  4:11 Fw: [Bugme-new] [Bug 4381] New: When i try to start a pppoe conn., crash at net/core/skbuff.c:91 Andrew Morton
2005-03-23  2:20 ` Patrick McHardy
2005-03-23  2:49   ` Herbert Xu
2005-03-23  2:55     ` Patrick McHardy
2005-03-23  3:06   ` Paul Mackerras

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).