Bug 1466426 - Kernel BUG when a PPP interface is deleted
Kernel BUG when a PPP interface is deleted
Status: NEW
Product: Fedora
Classification: Fedora
Component: kernel (Show other bugs)
26
Unspecified Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: Kernel Maintainer List
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2017-06-29 10:37 EDT by Beniamino Galvani
Modified: 2017-06-29 11:19 EDT (History)
8 users (show)

See Also:
Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Beniamino Galvani 2017-06-29 10:37:28 EDT
Description of problem:

Kernel BUG when a PPP interface is deleted.


Version-Release number of selected component (if applicable):
kernel 4.11.6-301.fc26.x86_64


How reproducible:
always


Steps to Reproduce:

1. start a PPPoE connection:
# pppd nodetach lock user client plugin rp-pppoe.so ens11 noauth nodeflate password password &
 Plugin rp-pppoe.so loaded.
 RP-PPPoE plugin version 3.8p compiled against pppd 2.4.7
 PPP session is 16
 Connected to fe:54:00:5f:04:13 via interface ens11
 Using interface ppp0
 Connect: ppp0 <--> ens11
 CHAP authentication succeeded: Access granted
 CHAP authentication succeeded
 peer from calling number FE:54:00:5F:04:13 authorized
 local  IP address 3.1.1.17
 remote IP address 3.1.1.1

2. Bring down and delete the interface while pppd is still running
# ip l set ppp0 down
# ip l del ppp0


Actual results:

[   50.365826] ------------[ cut here ]------------
[   50.365830] kernel BUG at net/core/dev.c:7821!
[   50.365832] invalid opcode: 0000 [#1] SMP
[   50.365834] Modules linked in: pppoe pppox ppp_generic slhc fuse joydev uinput nf_conntrack_netbios_ns nf_conntrack_broadcast xt_CT ip6t_rpfilter ip6t_REJECT nf_reject_ipv6 xt_conntrack ip_set nfnetlink ebtable_nat ebtable_broute bri\
dge stp llc ip6table_nat nf_conntrack_ipv6 nf_defrag_ipv6 nf_nat_ipv6 ip6table_mangle ip6table_raw ip6table_security iptable_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 nf_nat nf_conntrack libcrc32c iptable_mangle iptable_raw iptab\
le_security ebtable_filter ebtables tun ip6table_filter ip6_tables sunrpc snd_hda_codec_generic crct10dif_pclmul crc32_pclmul snd_hda_intel snd_hda_codec ghash_clmulni_intel ppdev snd_hda_core parport_pc parport virtio_balloon snd_hwdep\
 i2c_piix4 tpm_tis tpm_tis_core snd_seq snd_seq_device tpm snd_pcm snd_timer snd soundcore 8139too virtio_console
[   50.365872]  qxl drm_kms_helper ttm drm crc32c_intel serio_raw ata_generic virtio_pci e1000 8139cp virtio_ring virtio mii pata_acpi qemu_fw_cfg
[   50.365882] CPU: 3 PID: 1818 Comm: pppd Not tainted 4.11.6-301.fc26.x86_64 #1
[   50.365883] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.9.3-1.fc25 04/01/2014
[   50.365885] task: ffff98f9d59c4b00 task.stack: ffffbd7e42f0c000
[   50.365890] RIP: 0010:free_netdev+0xe9/0xf0
[   50.365891] RSP: 0018:ffffbd7e42f0fd88 EFLAGS: 00010297
[   50.365893] RAX: 0000000000000002 RBX: ffff98f9ab5098c0 RCX: 0000000000000e84
[   50.365895] RDX: 0000000000000001 RSI: 0000000000000282 RDI: 0000000000000282
[   50.365896] RBP: ffffbd7e42f0fda0 R08: ffffbd7e408c9000 R09: 0000000000000000
[   50.365897] R10: 000800010000dc48 R11: 0000dc480000db29 R12: ffff98f9ab509000
[   50.365898] R13: ffff98f9ab509060 R14: ffff98f9ab50993c R15: 0000000000000000
[   50.365901] FS:  00007f9f830d8840(0000) GS:ffff98f9ffd80000(0000) knlGS:0000000000000000
[   50.365902] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   50.365904] CR2: 000055efe66bf078 CR3: 000000002dca2000 CR4: 00000000001406e0
[   50.365907] Call Trace:
[   50.365914]  ppp_destroy_interface+0xcc/0xd0 [ppp_generic]
[   50.365917]  ppp_disconnect_channel+0xda/0x110 [ppp_generic]
[   50.365919]  ppp_unregister_channel+0x5e/0x110 [ppp_generic]
[   50.365922]  pppox_unbind_sock+0x23/0x30 [pppox]
[   50.365925]  pppoe_connect+0x130/0x440 [pppoe]
[   50.365928]  SYSC_connect+0x98/0x110
[   50.365932]  ? SyS_fcntl+0x38c/0x5d0
[   50.365935]  SyS_connect+0xe/0x10
[   50.365938]  entry_SYSCALL_64_fastpath+0x1a/0xa9
[   50.365940] RIP: 0033:0x7f9f81ae4820
[   50.365941] RSP: 002b:00007ffe94a235a8 EFLAGS: 00000246 ORIG_RAX: 000000000000002a
[   50.365943] RAX: ffffffffffffffda RBX: 0000000000000028 RCX: 00007f9f81ae4820
[   50.365944] RDX: 000000000000001e RSI: 00007ffe94a235b0 RDI: 0000000000000008
[   50.365945] RBP: 000055efe492b7b0 R08: 000055efe66c4210 R09: 0000000000000160
[   50.365947] R10: 00000000aaaaaaab R11: 0000000000000246 R12: 0000000000000005
[   50.365948] R13: 000055efe66bf050 R14: 000055efe46c8eb9 R15: 0000000000000005
[   50.365949] Code: 04 00 00 04 e8 c9 9e e4 ff 5b 41 5c 41 5d 5d c3 41 0f b7 84 24 2a 02 00 00 4c 89 e7 48 29 c7 e8 de a1 ab ff 5b 41 5c 41 5d 5d c3 <0f> 0b 0f 1f 44 00 00 0f 1f 44 00 00 55 48 89 e5 41 54 53 0f b7
[   50.365980] RIP: free_netdev+0xe9/0xf0 RSP: ffffbd7e42f0fd88
[   50.365983] ---[ end trace a2b7fdff2d2a7b10 ]---
[   60.608226] unregister_netdevice: waiting for ppp0 to become free. Usage count = -2
[   70.848210] unregister_netdevice: waiting for ppp0 to become free. Usage count = -2
[   81.088258] unregister_netdevice: waiting for ppp0 to become free. Usage count = -2
[   91.328084] unregister_netdevice: waiting for ppp0 to become free. Usage count = -2
[  101.568113] unregister_netdevice: waiting for ppp0 to become free. Usage count = -2
Comment 1 Beniamino Galvani 2017-06-29 10:42:52 EDT
This is reproducible also with upstream kernel 4.12.0-rc6.
Comment 2 Laura Abbott 2017-06-29 11:19:57 EDT
This needs to be reported to the upstream networking maintainers

Note You need to log in before you can comment on or make changes to this bug.