231850 – PPP causes a kernel crash

Bug 231850 - PPP causes a kernel crash

Summary: PPP causes a kernel crash

Keywords:
Status:	CLOSED RAWHIDE
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	kernel
Sub Component:
Version:	5
Hardware:	i686
OS:	Linux
Priority:	medium
Severity:	high
Target Milestone:	---
Assignee:	Kernel Maintainer List
QA Contact:	Brian Brock
Docs Contact:
URL:
Whiteboard:	bzcl34nup
Duplicates (1):	231853 (view as bug list)
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2007-03-12 16:11 UTC by 260795
Modified:	2008-04-10 18:49 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2008-04-10 18:49:25 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description 260795 2007-03-12 16:11:45 UTC

Description of problem: 

We've found a replicable situation where pppd causes a kernel crash. First of 
all a bit of framework. 

We use pppd to provide remote support to some of our customers. Every customer 
has a personal account to connect to our server using PPP. The firewall on 
these accounts is configured so that we can connect back to their servers and 
check for problems, but the remote server has basicly no access at all to our 
network.

Since few weeks one of these customers caught a virus or a dialer (it uses a 
windows based server) which tries to connect to our server using the RAS entry 
configured for remote support, probably thinking it is an Internet connection. 
The RAS entry has the password saved, so that the virus is able to authenticate 
against our server, even though it isn't able to do anything else because of 
the configured firewall.

So far nothing wrong, by the way sometimes the virus is able to bring our 
server down because of a kernel crash. I haven't been able to save the kernel 
OOPS on screen but it clearly reported that the problem was caused by ppp. I 
have a log of the debug PPP session as saved by pppd (see attachemnt). We will 
further investigate to try to identify the virus or the dialer and may be catch 
the kernel OOPS.

Version-Release number of selected component (if applicable): ppp 2.4.3-6.2.1, 
kernel-smp 2.6.17 1.2157_FC5

How reproducible: difficult to reproduce

Steps to Reproduce: you need an infected windows pc, more info to be gathered
  
Actual results: kernel crash

Expected results: normal connection but no kernel crash and everything filtered 
out by the firewall

Additional info: none

Comment 1 Thomas Woerner 2007-03-12 16:34:06 UTC

Assigning to kernel.

Comment 2 260795 2007-03-19 09:34:10 UTC

Some news. The problem happened again. In the meantime I upgraded the kernel to 
the latest fc5 one:

Name        : kernel-smp
Version     : 2.6.19
Release     : 1.2288.2.4.fc5

This time I captured part of the kernel OOPS. Unfortunately I had to copy it 
manually from the screen and I couldn't copy it completely because I had to 
restart the server ASAP. I hope I've copied the relevant parts and I didn't 
some mistake while copying:

EIP is at skb_under_panic+0x59/0x67
Process ksoftirqd/1 (pid 6, ti=c07a5000 task=dff210f0 task.ti=dff2a000)
...
Call trace:
[<e0bdd915>] ppp_receive_nommp_frame+0x537/x6a6 [ppp_generic]
[<e0bbe4d8>] ppp_input+0xbc/0xeb [ppp_generic]
[<e0bc5a68>] ppp_async_process+0x26/0x59 [ppp_async]
[<c042b80b>] tasklet_action+0x55/0xaf
[<c042b755>] __do_softirq+0x5a/0xbb
[<c04063bd>] do_softirq+0x55/0xb5
...
EIP: [<c05bc5bb>] skb_under_panic+0x59/0x67 SS:ESP 0068::c07a5f54
 <0> Kernel panic - not syncing: fatal exception in interrupt

Comment 3 Thomas Woerner 2007-03-19 10:09:28 UTC

This is a kernel problem, assigning to kernel.

Comment 4 Chuck Ebbert 2007-03-19 13:20:31 UTC

latest FC5 kernel is 2.6.20-1.2300.fc5, released March 14th.
Please test with that.

Comment 5 260795 2007-03-20 14:08:43 UTC

Upgraded to 2.6.20, waiting to see what happens. 

Side note: while upgrading I discovered another unrelated problem, see bug 
#233089

Comment 6 Chuck Ebbert 2007-04-19 15:49:34 UTC

Patch is now available, will be in next update.

Comment 7 Thomas Woerner 2007-08-30 08:24:56 UTC

*** Bug 231853 has been marked as a duplicate of this bug. ***

Comment 8 Bug Zapper 2008-04-04 06:30:47 UTC

Fedora apologizes that these issues have not been resolved yet. We're
sorry it's taken so long for your bug to be properly triaged and acted
on. We appreciate the time you took to report this issue and want to
make sure no important bugs slip through the cracks.

If you're currently running a version of Fedora Core between 1 and 6,
please note that Fedora no longer maintains these releases. We strongly
encourage you to upgrade to a current Fedora release. In order to
refocus our efforts as a project we are flagging all of the open bugs
for releases which are no longer maintained and closing them.
http://fedoraproject.org/wiki/LifeCycle/EOL

If this bug is still open against Fedora Core 1 through 6, thirty days
from now, it will be closed 'WONTFIX'. If you can reporduce this bug in
the latest Fedora version, please change to the respective version. If
you are unable to do this, please add a comment to this bug requesting
the change.

Thanks for your help, and we apologize again that we haven't handled
these issues to this point.

The process we are following is outlined here:
http://fedoraproject.org/wiki/BugZappers/F9CleanUp

We will be following the process here:
http://fedoraproject.org/wiki/BugZappers/HouseKeeping to ensure this
doesn't happen again.

And if you'd like to join the bug triage team to help make things
better, check out http://fedoraproject.org/wiki/BugZappers

Comment 9 260795 2008-04-07 06:55:31 UTC

I didn't do further tests for this issue, nevertheless the problem never
happened again. There have been various kernel upgrades since this bug, which
makes me think that it has been fixed in newer kernels.

Comment 10 John Poelstra 2008-04-10 18:49:25 UTC

Thanks for the update.

Note You need to log in before you can comment on or make changes to this bug.