Bug 20292

Summary: unable to handle kernel NULL pointer dereference in skb_dequeue
Product: Networking Reporter: Gorik Van Steenberge (gvs)
Component: OtherAssignee: Arnaldo Carvalho de Melo (acme)
Status: RESOLVED OBSOLETE    
Severity: blocking CC: alan, empx, nuclearcat
Priority: P1    
Hardware: All   
OS: Linux   
Kernel Version: 2.6.36-rc7 Subsystem:
Regression: No Bisected commit-id:
Attachments: Kernel config (gzipped)
kernel config

Description Gorik Van Steenberge 2010-10-13 19:24:49 UTC 
Created attachment 33512 [details]
Kernel config (gzipped)

I was trying to get pppoe working (the 'pon' command seemed to hang) and then this happened:

Oct 13 20:57:07 bes kernel: BUG: unable to handle kernel NULL pointer dereference at (null)
Oct 13 20:57:07 bes kernel: IP: [<c1241674>] skb_dequeue+0x24/0x40
Oct 13 20:57:07 bes kernel: *pde = 00000000
Oct 13 20:57:07 bes kernel: Oops: 0002 [#1]
Oct 13 20:57:07 bes kernel: last sysfs file: /sys/devices/virtual/net/ppp0/uevent
Oct 13 20:57:07 bes kernel: Modules linked in: xt_TCPMSS xt_tcpmss xt_tcpudp iptable_mangle pppoe pppox ppp_generic slhc cpufreq_conservative cpufreq_userspace cpufreq_powersave fuse ipt_MASQUERADE iptable_nat nf_nat nf_conntrack_ipv4 nf_defrag_ipv4 xt_state nf_conntrack iptable_filter ip_tables x_tables loop sd_mod usb_storage usblp i2c_viapro uhci_hcd fan ehci_hcd button i2c_core
Oct 13 20:57:07 bes kernel:
Oct 13 20:57:07 bes kernel: Pid: 5495, comm: pppd Not tainted 2.6.36-rc7 #12 VX800 /VX800
Oct 13 20:57:07 bes kernel: EIP: 0060:[<c1241674>] EFLAGS: 00010046 CPU: 0
Oct 13 20:57:07 bes kernel: EIP is at skb_dequeue+0x24/0x40
Oct 13 20:57:07 bes kernel: EAX: 00000000 EBX: 00000202 ECX: f6ba4cc0 EDX: 00000000
Oct 13 20:57:07 bes kernel: ESI: f6c93bc0 EDI: f6adfee4 EBP: f6ade000 ESP: f6adfe68
Oct 13 20:57:07 bes kernel: DS: 007b ES: 007b FS: 0000 GS: 0033 SS: 0068
Oct 13 20:57:07 bes kernel: Process pppd (pid: 5495, ti=f6ade000 task=f70f2200 task.ti=f6ade000)
Oct 13 20:57:07 bes kernel: Stack:
Oct 13 20:57:07 bes kernel: f68836c4 c1243a94 f68836c0 f866825b 00000000 f72e4a00 f72e4a00 f86761cb
Oct 13 20:57:07 bes kernel: <0> f72e4a00 f8683c97 c143ea14 ffffffea c12ba92d 00000286 f68f7d7c f6adfee4
Oct 13 20:57:07 bes kernel: <0> f68f7bfc 00000286 00000000 00000000 00000000 f68f7b9c f6adff68 f6adff64
Oct 13 20:57:07 bes kernel: Call Trace:
Oct 13 20:57:07 bes kernel: [<c1243a94>] ? skb_queue_purge+0x14/0x30
Oct 13 20:57:07 bes kernel: [<f866825b>] ? ppp_destroy_channel+0x1b/0x50 [ppp_generic]
Oct 13 20:57:07 bes kernel: [<f86761cb>] ? pppox_unbind_sock+0x1b/0x24 [pppox]
Oct 13 20:57:07 bes kernel: [<f8683c97>] ? pppoe_connect+0x87/0x4b0 [pppoe]
Oct 13 20:57:07 bes kernel: [<c12ba92d>] ? schedule_timeout+0xfd/0x150
Oct 13 20:57:07 bes kernel: [<c123d4d4>] ? sys_connect+0x84/0xd0
Oct 13 20:57:07 bes kernel: [<c10ba730>] ? do_lock_file_wait+0x30/0xf0
Oct 13 20:57:07 bes kernel: [<c10ba9f9>] ? fcntl_setlk+0x59/0x1b0
Oct 13 20:57:07 bes kernel: [<c123e5a4>] ? sys_socketcall+0x294/0x2c0
Oct 13 20:57:07 bes kernel: [<c1002a10>] ? sysenter_do_call+0x12/0x26
Oct 13 20:57:07 bes kernel: Code: 81 a8 00 00 00 5b c3 53 9c 5b fa 8b 08 39 c8 74 25 85 c9 74 1b 83 68 08 01 8b 11 8b 41 04 c7 01 00 00 00 00 c7 41 04 00 00 00 00 <89> 10 89 42 04 53 9d 89 c8 5b c3 31 c9 eb f6 8d b6 00 00 00 00
Oct 13 20:57:07 bes kernel: EIP: [<c1241674>] skb_dequeue+0x24/0x40 SS:ESP 0068:f6adfe68
Oct 13 20:57:07 bes kernel: CR2: 0000000000000000
Oct 13 20:57:07 bes kernel: ---[ end trace 4914adf67d1ace25 ]---

Oct 13 20:57:30 bes kernel: BUG: unable to handle kernel NULL pointer dereference at (null)
Oct 13 20:57:30 bes kernel: IP: [<c1241674>] skb_dequeue+0x24/0x40
Oct 13 20:57:30 bes kernel: *pde = 00000000
Oct 13 20:57:30 bes kernel: Oops: 0002 [#2]
Oct 13 20:57:30 bes kernel: last sysfs file: /sys/devices/virtual/net/ppp0/uevent
Oct 13 20:57:30 bes kernel: Modules linked in: xt_TCPMSS xt_tcpmss xt_tcpudp iptable_mangle pppoe pppox ppp_generic slhc cpufreq_conservative cpufreq_userspace cpufreq_powersave fuse ipt_MASQUERADE iptable_nat nf_nat nf_conntrack_ipv4 nf_defrag_ipv4 xt_state nf_conntrack iptable_filter ip_tables x_tables loop sd_mod usb_storage usblp i2c_viapro uhci_hcd fan ehci_hcd button i2c_core
Oct 13 20:57:30 bes kernel:
Oct 13 20:57:30 bes kernel: Pid: 5445, comm: pppd Tainted: G      D     2.6.36-rc7 #12 VX800 /VX800
Oct 13 20:57:30 bes kernel: EIP: 0060:[<c1241674>] EFLAGS: 00010046 CPU: 0
Oct 13 20:57:30 bes kernel: EIP is at skb_dequeue+0x24/0x40
Oct 13 20:57:30 bes kernel: EAX: 00000000 EBX: 00000202 ECX: f6ae7200 EDX: 00000000
Oct 13 20:57:30 bes kernel: ESI: f6c99080 EDI: f7161ee4 EBP: f7160000 ESP: f7161e68
Oct 13 20:57:30 bes kernel: DS: 007b ES: 007b FS: 0000 GS: 0033 SS: 0068
Oct 13 20:57:30 bes kernel: Process pppd (pid: 5445, ti=f7160000 task=f7107280 task.ti=f7160000)
Oct 13 20:57:30 bes kernel: Stack:
Oct 13 20:57:30 bes kernel: f6883344 c1243a94 f6883340 f866825b 00000000 f72e4c00 f72e4c00 f86761cb
Oct 13 20:57:30 bes kernel: <0> f72e4c00 f8683c97 c143ea14 ffffffea c12ba92d 00000286 f68f73bc f7161ee4
Oct 13 20:57:30 bes kernel: <0> f68f753c 00000286 00000000 00000000 00000000 f68f759c f7161f68 f7161f64
Oct 13 20:57:30 bes kernel: [<c1243a94>] ? skb_queue_purge+0x14/0x30
Oct 13 20:57:30 bes kernel: [<f866825b>] ? ppp_destroy_channel+0x1b/0x50 [ppp_generic]
Oct 13 20:57:30 bes kernel: [<f86761cb>] ? pppox_unbind_sock+0x1b/0x24 [pppox]
Oct 13 20:57:30 bes kernel: [<f8683c97>] ? pppoe_connect+0x87/0x4b0 [pppoe]
Oct 13 20:57:30 bes kernel: [<c12ba92d>] ? schedule_timeout+0xfd/0x150
Oct 13 20:57:30 bes kernel: [<c123d4d4>] ? sys_connect+0x84/0xd0
Oct 13 20:57:30 bes kernel: [<c10ba730>] ? do_lock_file_wait+0x30/0xf0
Oct 13 20:57:30 bes kernel: [<c10ba9f9>] ? fcntl_setlk+0x59/0x1b0
Oct 13 20:57:30 bes kernel: [<c123e5a4>] ? sys_socketcall+0x294/0x2c0
Oct 13 20:57:30 bes kernel: [<c1002a10>] ? sysenter_do_call+0x12/0x26
Oct 13 20:57:30 bes kernel: Code: 81 a8 00 00 00 5b c3 53 9c 5b fa 8b 08 39 c8 74 25 85 c9 74 1b 83 68 08 01 8b 11 8b 41 04 c7 01 00 00 00 00 c7 41 04 00 00 00 00 <89> 10 89 42 04 53 9d 89 c8 5b c3 31 c9 eb f6 8d b6 00 00 00 00
Oct 13 20:57:30 bes kernel: EIP: [<c1241674>] skb_dequeue+0x24/0x40 SS:ESP 0068:f7161e68
Oct 13 20:57:30 bes kernel: CR2: 0000000000000000
Oct 13 20:57:30 bes kernel: ---[ end trace 4914adf67d1ace26 ]---
Oct 13 20:57:30 bes kernel: ------------[ cut here ]------------
Oct 13 20:57:30 bes kernel: WARNING: at kernel/softirq.c:143 local_bh_enable+0x60/0x90()
Oct 13 20:57:30 bes kernel: Hardware name: VX800
Oct 13 20:57:30 bes kernel: Modules linked in: xt_TCPMSS xt_tcpmss xt_tcpudp iptable_mangle pppoe pppox ppp_generic slhc cpufreq_conservative cpufreq_userspace cpufreq_powersave fuse ipt_MASQUERADE iptable_nat nf_nat nf_conntrack_ipv4 nf_defrag_ipv4 xt_state nf_conntrack iptable_filter ip_tables x_tables loop sd_mod usb_storage usblp i2c_viapro uhci_hcd fan ehci_hcd button i2c_core
Oct 13 20:57:30 bes kernel: Pid: 5445, comm: pppd Tainted: G      D     2.6.36-rc7 #12
Oct 13 20:57:30 bes kernel: Call Trace:
Oct 13 20:57:30 bes kernel: [<c1028640>] ? local_bh_enable+0x60/0x90
Oct 13 20:57:30 bes kernel: [<c1028640>] ? local_bh_enable+0x60/0x90
Oct 13 20:57:30 bes kernel: [<c1023a1e>] ? warn_slowpath_common+0x7e/0xc0
Oct 13 20:57:30 bes kernel: [<c1028640>] ? local_bh_enable+0x60/0x90
Oct 13 20:57:30 bes kernel: [<c1023a7b>] ? warn_slowpath_null+0x1b/0x20
Oct 13 20:57:30 bes kernel: [<c1028640>] ? local_bh_enable+0x60/0x90
Oct 13 20:57:30 bes kernel: [<c12a5bb5>] ? unix_release_sock+0x45/0x1f0
Oct 13 20:57:30 bes kernel: [<c123dc4a>] ? sock_release+0x1a/0x80
Oct 13 20:57:30 bes kernel: [<c123dcbf>] ? sock_close+0xf/0x30
Oct 13 20:57:30 bes kernel: [<c1089cd9>] ? fput+0xb9/0x200
Oct 13 20:57:30 bes kernel: [<c1086f7e>] ? filp_close+0x3e/0x70
Oct 13 20:57:30 bes kernel: [<c10254b2>] ? put_files_struct+0x62/0xb0
Oct 13 20:57:30 bes kernel: [<c1026c47>] ? do_exit+0x567/0x630
Oct 13 20:57:30 bes kernel: [<c12ba037>] ? printk+0x17/0x20
Oct 13 20:57:30 bes kernel: [<c1005477>] ? oops_end+0x87/0x90
Oct 13 20:57:30 bes kernel: [<c12ba037>] ? printk+0x17/0x20
Oct 13 20:57:30 bes kernel: [<c10194a2>] ? no_context+0xc2/0x160
Oct 13 20:57:30 bes kernel: [<c10195a5>] ? __bad_area_nosemaphore+0x65/0x180
Oct 13 20:57:30 bes kernel: [<c1249a3b>] ? dev_txq_stats_fold+0x8b/0xf0
Oct 13 20:57:30 bes kernel: [<c117dc80>] ? __nla_reserve+0x40/0x60
Oct 13 20:57:30 bes kernel: [<c1255c33>] ? rtnl_fill_ifinfo+0x413/0x8d0
Oct 13 20:57:30 bes kernel: [<c101971a>] ? bad_area+0x3a/0x50
Oct 13 20:57:30 bes kernel: [<c1019b8e>] ? do_page_fault+0x33e/0x390
Oct 13 20:57:30 bes kernel: [<c101e6ab>] ? wakeup_preempt_entity+0x3b/0xa0
Oct 13 20:57:30 bes kernel: [<c101e79a>] ? check_preempt_wakeup+0x8a/0xe0
Oct 13 20:57:30 bes kernel: [<c1097675>] ? pollwake+0x65/0x80
Oct 13 20:57:30 bes kernel: [<c1021170>] ? default_wake_function+0x0/0x10
Oct 13 20:57:30 bes kernel: [<c1019850>] ? do_page_fault+0x0/0x390
Oct 13 20:57:30 bes kernel: [<c12bbcf0>] ? error_code+0x58/0x60
Oct 13 20:57:30 bes kernel: [<c1019850>] ? do_page_fault+0x0/0x390
Oct 13 20:57:30 bes kernel: [<c1241674>] ? skb_dequeue+0x24/0x40
Oct 13 20:57:30 bes kernel: [<c1243a94>] ? skb_queue_purge+0x14/0x30
Oct 13 20:57:30 bes kernel: [<f866825b>] ? ppp_destroy_channel+0x1b/0x50 [ppp_generic]
Oct 13 20:57:30 bes kernel: [<f86761cb>] ? pppox_unbind_sock+0x1b/0x24 [pppox]
Oct 13 20:57:30 bes kernel: [<f8683c97>] ? pppoe_connect+0x87/0x4b0 [pppoe]
Oct 13 20:57:30 bes kernel: [<c12ba92d>] ? schedule_timeout+0xfd/0x150
Oct 13 20:57:30 bes kernel: [<c123d4d4>] ? sys_connect+0x84/0xd0
Oct 13 20:57:30 bes kernel: [<c10ba730>] ? do_lock_file_wait+0x30/0xf0
Oct 13 20:57:30 bes kernel: [<c10ba9f9>] ? fcntl_setlk+0x59/0x1b0
Oct 13 20:57:30 bes kernel: [<c123e5a4>] ? sys_socketcall+0x294/0x2c0
Oct 13 20:57:30 bes kernel: [<c1002a10>] ? sysenter_do_call+0x12/0x26
Oct 13 20:57:30 bes kernel: ---[ end trace 4914adf67d1ace27 ]---

Some other information:
/proc/version:
Linux version 2.6.36-rc7 (root@bes) (gcc version 4.3.2 (Debian 4.3.2-1.1) ) #12 Sun Oct 10 21:12:58 CEST 2010

ver_linux:
Linux bes 2.6.36-rc7 #12 Sun Oct 10 21:12:58 CEST 2010 i686 GNU/Linux
 
Gnu C                  4.4.5
Gnu make               3.81
binutils               2.20.1
util-linux             2.17.2
mount                  support
module-init-tools      3.12
e2fsprogs              1.41.12
PPP                    2.4.5
Linux C Library        2.11.2
Dynamic linker (ldd)   2.11.2
Procps                 3.2.8
Net-tools              1.60
Console-tools          0.2.3
Sh-utils               8.5
Modules Loaded         cpufreq_conservative cpufreq_userspace cpufreq_powersave fuse ppp_generic slhc ipt_MASQUERADE iptable_nat nf_nat nf_conntrack_ipv4 nf_defrag_ipv4 xt_state nf_conntrack iptable_filter ip_tables x_tables loop sd_mod usb_storage usblp i2c_viapro uhci_hcd fan i2c_core ehci_hcd button

cpuinfo:
processor       : 0
vendor_id       : CentaurHauls
cpu family      : 6
model           : 13
model name      : VIA Eden Processor 1600MHz
stepping        : 0
cpu MHz         : 800.000
cache size      : 128 KB
fdiv_bug        : no
hlt_bug         : no
f00f_bug        : no
coma_bug        : no
fpu             : yes
fpu_exception   : yes
cpuid level     : 1
wp              : yes
flags           : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge cmov pat clflush acpi mmx fxsr sse sse2 tm nx pni est tm2 xtpr rng rng_en ace ace_en ace2 ace2_en phe phe_en pmm pmm_en
bogomips        : 1599.76
clflush size    : 64
cache_alignment : 64
address sizes   : 36 bits physical, 32 bits virtual
power management:

If anything else is needed I'd be happy to assist.

Thanks.
Comment 1 Andrew Morton 2010-10-13 19:34:16 UTC 
(switched to email.  Please respond via emailed reply-to-all, not via the
bugzilla web interface).

On Wed, 13 Oct 2010 19:24:53 GMT
bugzilla-daemon@bugzilla.kernel.org wrote:

> https://bugzilla.kernel.org/show_bug.cgi?id=20292
> 
>            Summary: unable to handle kernel NULL pointer dereference in
>                     skb_dequeue
>            Product: Networking
>            Version: 2.5
>     Kernel Version: 2.6.36-rc7

Thanks.  Do you know if this is a regression?  Did it work OK on 2.6.35?

>           Platform: All
>         OS/Version: Linux
>               Tree: Mainline
>             Status: NEW
>           Severity: blocking
>           Priority: P1
>          Component: Other
>         AssignedTo: acme@ghostprotocols.net
>         ReportedBy: gvs@zemos.net
>         Regression: No
> 
> 
> Created an attachment (id=33512)
>  --> (https://bugzilla.kernel.org/attachment.cgi?id=33512)
> Kernel config (gzipped)
> 
> I was trying to get pppoe working (the 'pon' command seemed to hang) and then
> this happened:
> 
> Oct 13 20:57:07 bes kernel: BUG: unable to handle kernel NULL pointer
> dereference at (null)
> Oct 13 20:57:07 bes kernel: IP: [<c1241674>] skb_dequeue+0x24/0x40
> Oct 13 20:57:07 bes kernel: *pde = 00000000
> Oct 13 20:57:07 bes kernel: Oops: 0002 [#1]
> Oct 13 20:57:07 bes kernel: last sysfs file:
> /sys/devices/virtual/net/ppp0/uevent
> Oct 13 20:57:07 bes kernel: Modules linked in: xt_TCPMSS xt_tcpmss xt_tcpudp
> iptable_mangle pppoe pppox ppp_generic slhc cpufreq_conservative
> cpufreq_userspace cpufreq_powersave fuse ipt_MASQUERADE iptable_nat nf_nat
> nf_conntrack_ipv4 nf_defrag_ipv4 xt_state nf_conntrack iptable_filter
> ip_tables
> x_tables loop sd_mod usb_storage usblp i2c_viapro uhci_hcd fan ehci_hcd
> button
> i2c_core
> Oct 13 20:57:07 bes kernel:
> Oct 13 20:57:07 bes kernel: Pid: 5495, comm: pppd Not tainted 2.6.36-rc7 #12
> VX800 /VX800
> Oct 13 20:57:07 bes kernel: EIP: 0060:[<c1241674>] EFLAGS: 00010046 CPU: 0
> Oct 13 20:57:07 bes kernel: EIP is at skb_dequeue+0x24/0x40
> Oct 13 20:57:07 bes kernel: EAX: 00000000 EBX: 00000202 ECX: f6ba4cc0 EDX:
> 00000000
> Oct 13 20:57:07 bes kernel: ESI: f6c93bc0 EDI: f6adfee4 EBP: f6ade000 ESP:
> f6adfe68
> Oct 13 20:57:07 bes kernel: DS: 007b ES: 007b FS: 0000 GS: 0033 SS: 0068
> Oct 13 20:57:07 bes kernel: Process pppd (pid: 5495, ti=f6ade000
> task=f70f2200
> task.ti=f6ade000)
> Oct 13 20:57:07 bes kernel: Stack:
> Oct 13 20:57:07 bes kernel: f68836c4 c1243a94 f68836c0 f866825b 00000000
> f72e4a00 f72e4a00 f86761cb
> Oct 13 20:57:07 bes kernel: <0> f72e4a00 f8683c97 c143ea14 ffffffea c12ba92d
> 00000286 f68f7d7c f6adfee4
> Oct 13 20:57:07 bes kernel: <0> f68f7bfc 00000286 00000000 00000000 00000000
> f68f7b9c f6adff68 f6adff64
> Oct 13 20:57:07 bes kernel: Call Trace:
> Oct 13 20:57:07 bes kernel: [<c1243a94>] ? skb_queue_purge+0x14/0x30
> Oct 13 20:57:07 bes kernel: [<f866825b>] ? ppp_destroy_channel+0x1b/0x50
> [ppp_generic]
> Oct 13 20:57:07 bes kernel: [<f86761cb>] ? pppox_unbind_sock+0x1b/0x24
> [pppox]
> Oct 13 20:57:07 bes kernel: [<f8683c97>] ? pppoe_connect+0x87/0x4b0 [pppoe]
> Oct 13 20:57:07 bes kernel: [<c12ba92d>] ? schedule_timeout+0xfd/0x150
> Oct 13 20:57:07 bes kernel: [<c123d4d4>] ? sys_connect+0x84/0xd0
> Oct 13 20:57:07 bes kernel: [<c10ba730>] ? do_lock_file_wait+0x30/0xf0
> Oct 13 20:57:07 bes kernel: [<c10ba9f9>] ? fcntl_setlk+0x59/0x1b0
> Oct 13 20:57:07 bes kernel: [<c123e5a4>] ? sys_socketcall+0x294/0x2c0
> Oct 13 20:57:07 bes kernel: [<c1002a10>] ? sysenter_do_call+0x12/0x26
> Oct 13 20:57:07 bes kernel: Code: 81 a8 00 00 00 5b c3 53 9c 5b fa 8b 08 39
> c8
> 74 25 85 c9 74 1b 83 68 08 01 8b 11 8b 41 04 c7 01 00 00 00 00 c7 41 04 00 00
> 00 00 <89> 10 89 42 04 53 9d 89 c8 5b c3 31 c9 eb f6 8d b6 00 00 00 00
> Oct 13 20:57:07 bes kernel: EIP: [<c1241674>] skb_dequeue+0x24/0x40 SS:ESP
> 0068:f6adfe68
> Oct 13 20:57:07 bes kernel: CR2: 0000000000000000
> Oct 13 20:57:07 bes kernel: ---[ end trace 4914adf67d1ace25 ]---
> 
> Oct 13 20:57:30 bes kernel: BUG: unable to handle kernel NULL pointer
> dereference at (null)
> Oct 13 20:57:30 bes kernel: IP: [<c1241674>] skb_dequeue+0x24/0x40
> Oct 13 20:57:30 bes kernel: *pde = 00000000
> Oct 13 20:57:30 bes kernel: Oops: 0002 [#2]
> Oct 13 20:57:30 bes kernel: last sysfs file:
> /sys/devices/virtual/net/ppp0/uevent
> Oct 13 20:57:30 bes kernel: Modules linked in: xt_TCPMSS xt_tcpmss xt_tcpudp
> iptable_mangle pppoe pppox ppp_generic slhc cpufreq_conservative
> cpufreq_userspace cpufreq_powersave fuse ipt_MASQUERADE iptable_nat nf_nat
> nf_conntrack_ipv4 nf_defrag_ipv4 xt_state nf_conntrack iptable_filter
> ip_tables
> x_tables loop sd_mod usb_storage usblp i2c_viapro uhci_hcd fan ehci_hcd
> button
> i2c_core
> Oct 13 20:57:30 bes kernel:
> Oct 13 20:57:30 bes kernel: Pid: 5445, comm: pppd Tainted: G      D    
> 2.6.36-rc7 #12 VX800 /VX800
> Oct 13 20:57:30 bes kernel: EIP: 0060:[<c1241674>] EFLAGS: 00010046 CPU: 0
> Oct 13 20:57:30 bes kernel: EIP is at skb_dequeue+0x24/0x40
> Oct 13 20:57:30 bes kernel: EAX: 00000000 EBX: 00000202 ECX: f6ae7200 EDX:
> 00000000
> Oct 13 20:57:30 bes kernel: ESI: f6c99080 EDI: f7161ee4 EBP: f7160000 ESP:
> f7161e68
> Oct 13 20:57:30 bes kernel: DS: 007b ES: 007b FS: 0000 GS: 0033 SS: 0068
> Oct 13 20:57:30 bes kernel: Process pppd (pid: 5445, ti=f7160000
> task=f7107280
> task.ti=f7160000)
> Oct 13 20:57:30 bes kernel: Stack:
> Oct 13 20:57:30 bes kernel: f6883344 c1243a94 f6883340 f866825b 00000000
> f72e4c00 f72e4c00 f86761cb
> Oct 13 20:57:30 bes kernel: <0> f72e4c00 f8683c97 c143ea14 ffffffea c12ba92d
> 00000286 f68f73bc f7161ee4
> Oct 13 20:57:30 bes kernel: <0> f68f753c 00000286 00000000 00000000 00000000
> f68f759c f7161f68 f7161f64
> Oct 13 20:57:30 bes kernel: [<c1243a94>] ? skb_queue_purge+0x14/0x30
> Oct 13 20:57:30 bes kernel: [<f866825b>] ? ppp_destroy_channel+0x1b/0x50
> [ppp_generic]
> Oct 13 20:57:30 bes kernel: [<f86761cb>] ? pppox_unbind_sock+0x1b/0x24
> [pppox]
> Oct 13 20:57:30 bes kernel: [<f8683c97>] ? pppoe_connect+0x87/0x4b0 [pppoe]
> Oct 13 20:57:30 bes kernel: [<c12ba92d>] ? schedule_timeout+0xfd/0x150
> Oct 13 20:57:30 bes kernel: [<c123d4d4>] ? sys_connect+0x84/0xd0
> Oct 13 20:57:30 bes kernel: [<c10ba730>] ? do_lock_file_wait+0x30/0xf0
> Oct 13 20:57:30 bes kernel: [<c10ba9f9>] ? fcntl_setlk+0x59/0x1b0
> Oct 13 20:57:30 bes kernel: [<c123e5a4>] ? sys_socketcall+0x294/0x2c0
> Oct 13 20:57:30 bes kernel: [<c1002a10>] ? sysenter_do_call+0x12/0x26
> Oct 13 20:57:30 bes kernel: Code: 81 a8 00 00 00 5b c3 53 9c 5b fa 8b 08 39
> c8
> 74 25 85 c9 74 1b 83 68 08 01 8b 11 8b 41 04 c7 01 00 00 00 00 c7 41 04 00 00
> 00 00 <89> 10 89 42 04 53 9d 89 c8 5b c3 31 c9 eb f6 8d b6 00 00 00 00
> Oct 13 20:57:30 bes kernel: EIP: [<c1241674>] skb_dequeue+0x24/0x40 SS:ESP
> 0068:f7161e68
> Oct 13 20:57:30 bes kernel: CR2: 0000000000000000
> Oct 13 20:57:30 bes kernel: ---[ end trace 4914adf67d1ace26 ]---
> Oct 13 20:57:30 bes kernel: ------------[ cut here ]------------
> Oct 13 20:57:30 bes kernel: WARNING: at kernel/softirq.c:143
> local_bh_enable+0x60/0x90()
> Oct 13 20:57:30 bes kernel: Hardware name: VX800
> Oct 13 20:57:30 bes kernel: Modules linked in: xt_TCPMSS xt_tcpmss xt_tcpudp
> iptable_mangle pppoe pppox ppp_generic slhc cpufreq_conservative
> cpufreq_userspace cpufreq_powersave fuse ipt_MASQUERADE iptable_nat nf_nat
> nf_conntrack_ipv4 nf_defrag_ipv4 xt_state nf_conntrack iptable_filter
> ip_tables
> x_tables loop sd_mod usb_storage usblp i2c_viapro uhci_hcd fan ehci_hcd
> button
> i2c_core
> Oct 13 20:57:30 bes kernel: Pid: 5445, comm: pppd Tainted: G      D    
> 2.6.36-rc7 #12
> Oct 13 20:57:30 bes kernel: Call Trace:
> Oct 13 20:57:30 bes kernel: [<c1028640>] ? local_bh_enable+0x60/0x90
> Oct 13 20:57:30 bes kernel: [<c1028640>] ? local_bh_enable+0x60/0x90
> Oct 13 20:57:30 bes kernel: [<c1023a1e>] ? warn_slowpath_common+0x7e/0xc0
> Oct 13 20:57:30 bes kernel: [<c1028640>] ? local_bh_enable+0x60/0x90
> Oct 13 20:57:30 bes kernel: [<c1023a7b>] ? warn_slowpath_null+0x1b/0x20
> Oct 13 20:57:30 bes kernel: [<c1028640>] ? local_bh_enable+0x60/0x90
> Oct 13 20:57:30 bes kernel: [<c12a5bb5>] ? unix_release_sock+0x45/0x1f0
> Oct 13 20:57:30 bes kernel: [<c123dc4a>] ? sock_release+0x1a/0x80
> Oct 13 20:57:30 bes kernel: [<c123dcbf>] ? sock_close+0xf/0x30
> Oct 13 20:57:30 bes kernel: [<c1089cd9>] ? fput+0xb9/0x200
> Oct 13 20:57:30 bes kernel: [<c1086f7e>] ? filp_close+0x3e/0x70
> Oct 13 20:57:30 bes kernel: [<c10254b2>] ? put_files_struct+0x62/0xb0
> Oct 13 20:57:30 bes kernel: [<c1026c47>] ? do_exit+0x567/0x630
> Oct 13 20:57:30 bes kernel: [<c12ba037>] ? printk+0x17/0x20
> Oct 13 20:57:30 bes kernel: [<c1005477>] ? oops_end+0x87/0x90
> Oct 13 20:57:30 bes kernel: [<c12ba037>] ? printk+0x17/0x20
> Oct 13 20:57:30 bes kernel: [<c10194a2>] ? no_context+0xc2/0x160
> Oct 13 20:57:30 bes kernel: [<c10195a5>] ? __bad_area_nosemaphore+0x65/0x180
> Oct 13 20:57:30 bes kernel: [<c1249a3b>] ? dev_txq_stats_fold+0x8b/0xf0
> Oct 13 20:57:30 bes kernel: [<c117dc80>] ? __nla_reserve+0x40/0x60
> Oct 13 20:57:30 bes kernel: [<c1255c33>] ? rtnl_fill_ifinfo+0x413/0x8d0
> Oct 13 20:57:30 bes kernel: [<c101971a>] ? bad_area+0x3a/0x50
> Oct 13 20:57:30 bes kernel: [<c1019b8e>] ? do_page_fault+0x33e/0x390
> Oct 13 20:57:30 bes kernel: [<c101e6ab>] ? wakeup_preempt_entity+0x3b/0xa0
> Oct 13 20:57:30 bes kernel: [<c101e79a>] ? check_preempt_wakeup+0x8a/0xe0
> Oct 13 20:57:30 bes kernel: [<c1097675>] ? pollwake+0x65/0x80
> Oct 13 20:57:30 bes kernel: [<c1021170>] ? default_wake_function+0x0/0x10
> Oct 13 20:57:30 bes kernel: [<c1019850>] ? do_page_fault+0x0/0x390
> Oct 13 20:57:30 bes kernel: [<c12bbcf0>] ? error_code+0x58/0x60
> Oct 13 20:57:30 bes kernel: [<c1019850>] ? do_page_fault+0x0/0x390
> Oct 13 20:57:30 bes kernel: [<c1241674>] ? skb_dequeue+0x24/0x40
> Oct 13 20:57:30 bes kernel: [<c1243a94>] ? skb_queue_purge+0x14/0x30
> Oct 13 20:57:30 bes kernel: [<f866825b>] ? ppp_destroy_channel+0x1b/0x50
> [ppp_generic]
> Oct 13 20:57:30 bes kernel: [<f86761cb>] ? pppox_unbind_sock+0x1b/0x24
> [pppox]
> Oct 13 20:57:30 bes kernel: [<f8683c97>] ? pppoe_connect+0x87/0x4b0 [pppoe]
> Oct 13 20:57:30 bes kernel: [<c12ba92d>] ? schedule_timeout+0xfd/0x150
> Oct 13 20:57:30 bes kernel: [<c123d4d4>] ? sys_connect+0x84/0xd0
> Oct 13 20:57:30 bes kernel: [<c10ba730>] ? do_lock_file_wait+0x30/0xf0
> Oct 13 20:57:30 bes kernel: [<c10ba9f9>] ? fcntl_setlk+0x59/0x1b0
> Oct 13 20:57:30 bes kernel: [<c123e5a4>] ? sys_socketcall+0x294/0x2c0
> Oct 13 20:57:30 bes kernel: [<c1002a10>] ? sysenter_do_call+0x12/0x26
> Oct 13 20:57:30 bes kernel: ---[ end trace 4914adf67d1ace27 ]---
> 
> Some other information:
> /proc/version:
> Linux version 2.6.36-rc7 (root@bes) (gcc version 4.3.2 (Debian 4.3.2-1.1) )
> #12
> Sun Oct 10 21:12:58 CEST 2010
> 
> ver_linux:
> Linux bes 2.6.36-rc7 #12 Sun Oct 10 21:12:58 CEST 2010 i686 GNU/Linux
> 
> Gnu C                  4.4.5
> Gnu make               3.81
> binutils               2.20.1
> util-linux             2.17.2
> mount                  support
> module-init-tools      3.12
> e2fsprogs              1.41.12
> PPP                    2.4.5
> Linux C Library        2.11.2
> Dynamic linker (ldd)   2.11.2
> Procps                 3.2.8
> Net-tools              1.60
> Console-tools          0.2.3
> Sh-utils               8.5
> Modules Loaded         cpufreq_conservative cpufreq_userspace
> cpufreq_powersave
> fuse ppp_generic slhc ipt_MASQUERADE iptable_nat nf_nat nf_conntrack_ipv4
> nf_defrag_ipv4 xt_state nf_conntrack iptable_filter ip_tables x_tables loop
> sd_mod usb_storage usblp i2c_viapro uhci_hcd fan i2c_core ehci_hcd button
> 
> cpuinfo:
> processor       : 0
> vendor_id       : CentaurHauls
> cpu family      : 6
> model           : 13
> model name      : VIA Eden Processor 1600MHz
> stepping        : 0
> cpu MHz         : 800.000
> cache size      : 128 KB
> fdiv_bug        : no
> hlt_bug         : no
> f00f_bug        : no
> coma_bug        : no
> fpu             : yes
> fpu_exception   : yes
> cpuid level     : 1
> wp              : yes
> flags           : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge cmov
> pat
> clflush acpi mmx fxsr sse sse2 tm nx pni est tm2 xtpr rng rng_en ace ace_en
> ace2 ace2_en phe phe_en pmm pmm_en
> bogomips        : 1599.76
> clflush size    : 64
> cache_alignment : 64
> address sizes   : 36 bits physical, 32 bits virtual
> power management:
> 
> If anything else is needed I'd be happy to assist.
>
Comment 2 Gorik Van Steenberge 2010-10-13 23:39:24 UTC 
I had no problems getting it to work properly in 2.6.35.7. However, when
I booted back into rc7 I was unable to reproduce the problem. I believe
I was running multiple pppd's that failed to authenticate at the time
the bug occured.

I'll leave it running rc7 and see if everything stays stable.

gvs

On Wed, Oct 13, 2010 at 12:33:32PM -0700, Andrew Morton wrote:
> 
> (switched to email.  Please respond via emailed reply-to-all, not via the
> bugzilla web interface).
> 
> On Wed, 13 Oct 2010 19:24:53 GMT
> bugzilla-daemon@bugzilla.kernel.org wrote:
> 
> > https://bugzilla.kernel.org/show_bug.cgi?id=20292
> > 
> >            Summary: unable to handle kernel NULL pointer dereference in
> >                     skb_dequeue
> >            Product: Networking
> >            Version: 2.5
> >     Kernel Version: 2.6.36-rc7
> 
> Thanks.  Do you know if this is a regression?  Did it work OK on 2.6.35?
> 
> >           Platform: All
> >         OS/Version: Linux
> >               Tree: Mainline
> >             Status: NEW
> >           Severity: blocking
> >           Priority: P1
> >          Component: Other
> >         AssignedTo: acme@ghostprotocols.net
> >         ReportedBy: gvs@zemos.net
> >         Regression: No
> > 
> > 
> > Created an attachment (id=33512)
> >  --> (https://bugzilla.kernel.org/attachment.cgi?id=33512)
> > Kernel config (gzipped)
> > 
> > I was trying to get pppoe working (the 'pon' command seemed to hang) and
> then
> > this happened:
> > 
> > Oct 13 20:57:07 bes kernel: BUG: unable to handle kernel NULL pointer
> > dereference at (null)
> > Oct 13 20:57:07 bes kernel: IP: [<c1241674>] skb_dequeue+0x24/0x40
> > Oct 13 20:57:07 bes kernel: *pde = 00000000
> > Oct 13 20:57:07 bes kernel: Oops: 0002 [#1]
> > Oct 13 20:57:07 bes kernel: last sysfs file:
> > /sys/devices/virtual/net/ppp0/uevent
> > Oct 13 20:57:07 bes kernel: Modules linked in: xt_TCPMSS xt_tcpmss
> xt_tcpudp
> > iptable_mangle pppoe pppox ppp_generic slhc cpufreq_conservative
> > cpufreq_userspace cpufreq_powersave fuse ipt_MASQUERADE iptable_nat nf_nat
> > nf_conntrack_ipv4 nf_defrag_ipv4 xt_state nf_conntrack iptable_filter
> ip_tables
> > x_tables loop sd_mod usb_storage usblp i2c_viapro uhci_hcd fan ehci_hcd
> button
> > i2c_core
> > Oct 13 20:57:07 bes kernel:
> > Oct 13 20:57:07 bes kernel: Pid: 5495, comm: pppd Not tainted 2.6.36-rc7
> #12
> > VX800 /VX800
> > Oct 13 20:57:07 bes kernel: EIP: 0060:[<c1241674>] EFLAGS: 00010046 CPU: 0
> > Oct 13 20:57:07 bes kernel: EIP is at skb_dequeue+0x24/0x40
> > Oct 13 20:57:07 bes kernel: EAX: 00000000 EBX: 00000202 ECX: f6ba4cc0 EDX:
> > 00000000
> > Oct 13 20:57:07 bes kernel: ESI: f6c93bc0 EDI: f6adfee4 EBP: f6ade000 ESP:
> > f6adfe68
> > Oct 13 20:57:07 bes kernel: DS: 007b ES: 007b FS: 0000 GS: 0033 SS: 0068
> > Oct 13 20:57:07 bes kernel: Process pppd (pid: 5495, ti=f6ade000
> task=f70f2200
> > task.ti=f6ade000)
> > Oct 13 20:57:07 bes kernel: Stack:
> > Oct 13 20:57:07 bes kernel: f68836c4 c1243a94 f68836c0 f866825b 00000000
> > f72e4a00 f72e4a00 f86761cb
> > Oct 13 20:57:07 bes kernel: <0> f72e4a00 f8683c97 c143ea14 ffffffea
> c12ba92d
> > 00000286 f68f7d7c f6adfee4
> > Oct 13 20:57:07 bes kernel: <0> f68f7bfc 00000286 00000000 00000000
> 00000000
> > f68f7b9c f6adff68 f6adff64
> > Oct 13 20:57:07 bes kernel: Call Trace:
> > Oct 13 20:57:07 bes kernel: [<c1243a94>] ? skb_queue_purge+0x14/0x30
> > Oct 13 20:57:07 bes kernel: [<f866825b>] ? ppp_destroy_channel+0x1b/0x50
> > [ppp_generic]
> > Oct 13 20:57:07 bes kernel: [<f86761cb>] ? pppox_unbind_sock+0x1b/0x24
> [pppox]
> > Oct 13 20:57:07 bes kernel: [<f8683c97>] ? pppoe_connect+0x87/0x4b0 [pppoe]
> > Oct 13 20:57:07 bes kernel: [<c12ba92d>] ? schedule_timeout+0xfd/0x150
> > Oct 13 20:57:07 bes kernel: [<c123d4d4>] ? sys_connect+0x84/0xd0
> > Oct 13 20:57:07 bes kernel: [<c10ba730>] ? do_lock_file_wait+0x30/0xf0
> > Oct 13 20:57:07 bes kernel: [<c10ba9f9>] ? fcntl_setlk+0x59/0x1b0
> > Oct 13 20:57:07 bes kernel: [<c123e5a4>] ? sys_socketcall+0x294/0x2c0
> > Oct 13 20:57:07 bes kernel: [<c1002a10>] ? sysenter_do_call+0x12/0x26
> > Oct 13 20:57:07 bes kernel: Code: 81 a8 00 00 00 5b c3 53 9c 5b fa 8b 08 39
> c8
> > 74 25 85 c9 74 1b 83 68 08 01 8b 11 8b 41 04 c7 01 00 00 00 00 c7 41 04 00
> 00
> > 00 00 <89> 10 89 42 04 53 9d 89 c8 5b c3 31 c9 eb f6 8d b6 00 00 00 00
> > Oct 13 20:57:07 bes kernel: EIP: [<c1241674>] skb_dequeue+0x24/0x40 SS:ESP
> > 0068:f6adfe68
> > Oct 13 20:57:07 bes kernel: CR2: 0000000000000000
> > Oct 13 20:57:07 bes kernel: ---[ end trace 4914adf67d1ace25 ]---
> > 
> > Oct 13 20:57:30 bes kernel: BUG: unable to handle kernel NULL pointer
> > dereference at (null)
> > Oct 13 20:57:30 bes kernel: IP: [<c1241674>] skb_dequeue+0x24/0x40
> > Oct 13 20:57:30 bes kernel: *pde = 00000000
> > Oct 13 20:57:30 bes kernel: Oops: 0002 [#2]
> > Oct 13 20:57:30 bes kernel: last sysfs file:
> > /sys/devices/virtual/net/ppp0/uevent
> > Oct 13 20:57:30 bes kernel: Modules linked in: xt_TCPMSS xt_tcpmss
> xt_tcpudp
> > iptable_mangle pppoe pppox ppp_generic slhc cpufreq_conservative
> > cpufreq_userspace cpufreq_powersave fuse ipt_MASQUERADE iptable_nat nf_nat
> > nf_conntrack_ipv4 nf_defrag_ipv4 xt_state nf_conntrack iptable_filter
> ip_tables
> > x_tables loop sd_mod usb_storage usblp i2c_viapro uhci_hcd fan ehci_hcd
> button
> > i2c_core
> > Oct 13 20:57:30 bes kernel:
> > Oct 13 20:57:30 bes kernel: Pid: 5445, comm: pppd Tainted: G      D    
> > 2.6.36-rc7 #12 VX800 /VX800
> > Oct 13 20:57:30 bes kernel: EIP: 0060:[<c1241674>] EFLAGS: 00010046 CPU: 0
> > Oct 13 20:57:30 bes kernel: EIP is at skb_dequeue+0x24/0x40
> > Oct 13 20:57:30 bes kernel: EAX: 00000000 EBX: 00000202 ECX: f6ae7200 EDX:
> > 00000000
> > Oct 13 20:57:30 bes kernel: ESI: f6c99080 EDI: f7161ee4 EBP: f7160000 ESP:
> > f7161e68
> > Oct 13 20:57:30 bes kernel: DS: 007b ES: 007b FS: 0000 GS: 0033 SS: 0068
> > Oct 13 20:57:30 bes kernel: Process pppd (pid: 5445, ti=f7160000
> task=f7107280
> > task.ti=f7160000)
> > Oct 13 20:57:30 bes kernel: Stack:
> > Oct 13 20:57:30 bes kernel: f6883344 c1243a94 f6883340 f866825b 00000000
> > f72e4c00 f72e4c00 f86761cb
> > Oct 13 20:57:30 bes kernel: <0> f72e4c00 f8683c97 c143ea14 ffffffea
> c12ba92d
> > 00000286 f68f73bc f7161ee4
> > Oct 13 20:57:30 bes kernel: <0> f68f753c 00000286 00000000 00000000
> 00000000
> > f68f759c f7161f68 f7161f64
> > Oct 13 20:57:30 bes kernel: [<c1243a94>] ? skb_queue_purge+0x14/0x30
> > Oct 13 20:57:30 bes kernel: [<f866825b>] ? ppp_destroy_channel+0x1b/0x50
> > [ppp_generic]
> > Oct 13 20:57:30 bes kernel: [<f86761cb>] ? pppox_unbind_sock+0x1b/0x24
> [pppox]
> > Oct 13 20:57:30 bes kernel: [<f8683c97>] ? pppoe_connect+0x87/0x4b0 [pppoe]
> > Oct 13 20:57:30 bes kernel: [<c12ba92d>] ? schedule_timeout+0xfd/0x150
> > Oct 13 20:57:30 bes kernel: [<c123d4d4>] ? sys_connect+0x84/0xd0
> > Oct 13 20:57:30 bes kernel: [<c10ba730>] ? do_lock_file_wait+0x30/0xf0
> > Oct 13 20:57:30 bes kernel: [<c10ba9f9>] ? fcntl_setlk+0x59/0x1b0
> > Oct 13 20:57:30 bes kernel: [<c123e5a4>] ? sys_socketcall+0x294/0x2c0
> > Oct 13 20:57:30 bes kernel: [<c1002a10>] ? sysenter_do_call+0x12/0x26
> > Oct 13 20:57:30 bes kernel: Code: 81 a8 00 00 00 5b c3 53 9c 5b fa 8b 08 39
> c8
> > 74 25 85 c9 74 1b 83 68 08 01 8b 11 8b 41 04 c7 01 00 00 00 00 c7 41 04 00
> 00
> > 00 00 <89> 10 89 42 04 53 9d 89 c8 5b c3 31 c9 eb f6 8d b6 00 00 00 00
> > Oct 13 20:57:30 bes kernel: EIP: [<c1241674>] skb_dequeue+0x24/0x40 SS:ESP
> > 0068:f7161e68
> > Oct 13 20:57:30 bes kernel: CR2: 0000000000000000
> > Oct 13 20:57:30 bes kernel: ---[ end trace 4914adf67d1ace26 ]---
> > Oct 13 20:57:30 bes kernel: ------------[ cut here ]------------
> > Oct 13 20:57:30 bes kernel: WARNING: at kernel/softirq.c:143
> > local_bh_enable+0x60/0x90()
> > Oct 13 20:57:30 bes kernel: Hardware name: VX800
> > Oct 13 20:57:30 bes kernel: Modules linked in: xt_TCPMSS xt_tcpmss
> xt_tcpudp
> > iptable_mangle pppoe pppox ppp_generic slhc cpufreq_conservative
> > cpufreq_userspace cpufreq_powersave fuse ipt_MASQUERADE iptable_nat nf_nat
> > nf_conntrack_ipv4 nf_defrag_ipv4 xt_state nf_conntrack iptable_filter
> ip_tables
> > x_tables loop sd_mod usb_storage usblp i2c_viapro uhci_hcd fan ehci_hcd
> button
> > i2c_core
> > Oct 13 20:57:30 bes kernel: Pid: 5445, comm: pppd Tainted: G      D    
> > 2.6.36-rc7 #12
> > Oct 13 20:57:30 bes kernel: Call Trace:
> > Oct 13 20:57:30 bes kernel: [<c1028640>] ? local_bh_enable+0x60/0x90
> > Oct 13 20:57:30 bes kernel: [<c1028640>] ? local_bh_enable+0x60/0x90
> > Oct 13 20:57:30 bes kernel: [<c1023a1e>] ? warn_slowpath_common+0x7e/0xc0
> > Oct 13 20:57:30 bes kernel: [<c1028640>] ? local_bh_enable+0x60/0x90
> > Oct 13 20:57:30 bes kernel: [<c1023a7b>] ? warn_slowpath_null+0x1b/0x20
> > Oct 13 20:57:30 bes kernel: [<c1028640>] ? local_bh_enable+0x60/0x90
> > Oct 13 20:57:30 bes kernel: [<c12a5bb5>] ? unix_release_sock+0x45/0x1f0
> > Oct 13 20:57:30 bes kernel: [<c123dc4a>] ? sock_release+0x1a/0x80
> > Oct 13 20:57:30 bes kernel: [<c123dcbf>] ? sock_close+0xf/0x30
> > Oct 13 20:57:30 bes kernel: [<c1089cd9>] ? fput+0xb9/0x200
> > Oct 13 20:57:30 bes kernel: [<c1086f7e>] ? filp_close+0x3e/0x70
> > Oct 13 20:57:30 bes kernel: [<c10254b2>] ? put_files_struct+0x62/0xb0
> > Oct 13 20:57:30 bes kernel: [<c1026c47>] ? do_exit+0x567/0x630
> > Oct 13 20:57:30 bes kernel: [<c12ba037>] ? printk+0x17/0x20
> > Oct 13 20:57:30 bes kernel: [<c1005477>] ? oops_end+0x87/0x90
> > Oct 13 20:57:30 bes kernel: [<c12ba037>] ? printk+0x17/0x20
> > Oct 13 20:57:30 bes kernel: [<c10194a2>] ? no_context+0xc2/0x160
> > Oct 13 20:57:30 bes kernel: [<c10195a5>] ?
> __bad_area_nosemaphore+0x65/0x180
> > Oct 13 20:57:30 bes kernel: [<c1249a3b>] ? dev_txq_stats_fold+0x8b/0xf0
> > Oct 13 20:57:30 bes kernel: [<c117dc80>] ? __nla_reserve+0x40/0x60
> > Oct 13 20:57:30 bes kernel: [<c1255c33>] ? rtnl_fill_ifinfo+0x413/0x8d0
> > Oct 13 20:57:30 bes kernel: [<c101971a>] ? bad_area+0x3a/0x50
> > Oct 13 20:57:30 bes kernel: [<c1019b8e>] ? do_page_fault+0x33e/0x390
> > Oct 13 20:57:30 bes kernel: [<c101e6ab>] ? wakeup_preempt_entity+0x3b/0xa0
> > Oct 13 20:57:30 bes kernel: [<c101e79a>] ? check_preempt_wakeup+0x8a/0xe0
> > Oct 13 20:57:30 bes kernel: [<c1097675>] ? pollwake+0x65/0x80
> > Oct 13 20:57:30 bes kernel: [<c1021170>] ? default_wake_function+0x0/0x10
> > Oct 13 20:57:30 bes kernel: [<c1019850>] ? do_page_fault+0x0/0x390
> > Oct 13 20:57:30 bes kernel: [<c12bbcf0>] ? error_code+0x58/0x60
> > Oct 13 20:57:30 bes kernel: [<c1019850>] ? do_page_fault+0x0/0x390
> > Oct 13 20:57:30 bes kernel: [<c1241674>] ? skb_dequeue+0x24/0x40
> > Oct 13 20:57:30 bes kernel: [<c1243a94>] ? skb_queue_purge+0x14/0x30
> > Oct 13 20:57:30 bes kernel: [<f866825b>] ? ppp_destroy_channel+0x1b/0x50
> > [ppp_generic]
> > Oct 13 20:57:30 bes kernel: [<f86761cb>] ? pppox_unbind_sock+0x1b/0x24
> [pppox]
> > Oct 13 20:57:30 bes kernel: [<f8683c97>] ? pppoe_connect+0x87/0x4b0 [pppoe]
> > Oct 13 20:57:30 bes kernel: [<c12ba92d>] ? schedule_timeout+0xfd/0x150
> > Oct 13 20:57:30 bes kernel: [<c123d4d4>] ? sys_connect+0x84/0xd0
> > Oct 13 20:57:30 bes kernel: [<c10ba730>] ? do_lock_file_wait+0x30/0xf0
> > Oct 13 20:57:30 bes kernel: [<c10ba9f9>] ? fcntl_setlk+0x59/0x1b0
> > Oct 13 20:57:30 bes kernel: [<c123e5a4>] ? sys_socketcall+0x294/0x2c0
> > Oct 13 20:57:30 bes kernel: [<c1002a10>] ? sysenter_do_call+0x12/0x26
> > Oct 13 20:57:30 bes kernel: ---[ end trace 4914adf67d1ace27 ]---
> > 
> > Some other information:
> > /proc/version:
> > Linux version 2.6.36-rc7 (root@bes) (gcc version 4.3.2 (Debian 4.3.2-1.1) )
> #12
> > Sun Oct 10 21:12:58 CEST 2010
> > 
> > ver_linux:
> > Linux bes 2.6.36-rc7 #12 Sun Oct 10 21:12:58 CEST 2010 i686 GNU/Linux
> > 
> > Gnu C                  4.4.5
> > Gnu make               3.81
> > binutils               2.20.1
> > util-linux             2.17.2
> > mount                  support
> > module-init-tools      3.12
> > e2fsprogs              1.41.12
> > PPP                    2.4.5
> > Linux C Library        2.11.2
> > Dynamic linker (ldd)   2.11.2
> > Procps                 3.2.8
> > Net-tools              1.60
> > Console-tools          0.2.3
> > Sh-utils               8.5
> > Modules Loaded         cpufreq_conservative cpufreq_userspace
> cpufreq_powersave
> > fuse ppp_generic slhc ipt_MASQUERADE iptable_nat nf_nat nf_conntrack_ipv4
> > nf_defrag_ipv4 xt_state nf_conntrack iptable_filter ip_tables x_tables loop
> > sd_mod usb_storage usblp i2c_viapro uhci_hcd fan i2c_core ehci_hcd button
> > 
> > cpuinfo:
> > processor       : 0
> > vendor_id       : CentaurHauls
> > cpu family      : 6
> > model           : 13
> > model name      : VIA Eden Processor 1600MHz
> > stepping        : 0
> > cpu MHz         : 800.000
> > cache size      : 128 KB
> > fdiv_bug        : no
> > hlt_bug         : no
> > f00f_bug        : no
> > coma_bug        : no
> > fpu             : yes
> > fpu_exception   : yes
> > cpuid level     : 1
> > wp              : yes
> > flags           : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge cmov
> pat
> > clflush acpi mmx fxsr sse sse2 tm nx pni est tm2 xtpr rng rng_en ace ace_en
> > ace2 ace2_en phe phe_en pmm pmm_en
> > bogomips        : 1599.76
> > clflush size    : 64
> > cache_alignment : 64
> > address sizes   : 36 bits physical, 32 bits virtual
> > power management:
> > 
> > If anything else is needed I'd be happy to assist.
> > 
>
Comment 3 Daniel Kenzelmann 2010-11-17 19:57:06 UTC 
Created attachment 37362 [details]
kernel config

Same/similar issue here:
2.6.36
(with gentoo patchset http://gentoo-portage.com/sys-kernel/gentoo-sources )

The issue seem to only appear if the connection is terminated by the other side
(24h forced disconnect)

Nov 15 23:09:04 [pppd] LCP terminated by peer
Nov 15 23:09:04 [pppd] Connect time 1440.0 minutes.
Nov 15 23:09:04 [pppd] Sent 49976877 bytes, received 465887239 bytes.
Nov 15 23:09:07 [pppd] Connection terminated.
Nov 15 23:09:07 [kernel] BUG: unable to handle kernel NULL pointer dereference at 00000004
Nov 15 23:09:07 [kernel] IP: [<c12b7418>] skb_dequeue+0x28/0x40
Nov 15 23:09:07 [kernel] *pde = 00000000 
Nov 15 23:09:07 [kernel] Modules linked in: ipv6 xt_TCPMSS btrfs crc32c libcrc32c
Nov 15 23:09:07 [kernel] Pid: 7927, comm: pppd Not tainted 2.6.36-gentoo #1 DR742/Equium 3100M
Nov 15 23:09:07 [kernel] EIP: 0060:[<c12b7418>] EFLAGS: 00010046 CPU: 0
Nov 15 23:09:07 [kernel] EIP is at skb_dequeue+0x28/0x40
Nov 15 23:09:07 [kernel] EAX: cf1e9bc0 EBX: 00000000 ECX: 00000202 EDX: 00000000
Nov 15 23:09:07 [kernel] ESI: ce1ac9a0 EDI: c136d9e0 EBP: c64a3e58 ESP: c64a3e54
Nov 15 23:09:07 [kernel]  DS: 007b ES: 007b FS: 0000 GS: 0033 SS: 0068
Nov 15 23:09:07 [kernel]  ce1ac964 c64a3e64 c12b9d8c ce1ac960 c64a3e78 c124740e 00000000 ce1ac960
Nov 15 23:09:07 [kernel] <0> ce1ac960 c64a3e8c c1249437 00000000 cf3d3000 ffffffea c64a3e98 c124d4ac
Nov 15 23:09:07 [kernel] <0> cf3d3000 c64a3ed0 c124e1f7 c10b9034 00000000 00000000 00000000 cf282adc
Nov 15 23:09:07 [kernel]  [<c12b9d8c>] ? skb_queue_purge+0x1c/0x30
Nov 15 23:09:07 [kernel]  [<c124740e>] ? ppp_destroy_channel+0x1e/0x50
Nov 15 23:09:07 [kernel]  [<c1249437>] ? ppp_unregister_channel+0xb7/0xd0
Nov 15 23:09:07 [kernel]  [<c124d4ac>] ? pppox_unbind_sock+0x1c/0x30
Nov 15 23:09:07 [kernel]  [<c124e1f7>] ? pppoe_connect+0x87/0x430
Nov 15 23:09:07 [kernel]  [<c10b9034>] ? __posix_lock_file+0x114/0x5f0
Nov 15 23:09:07 [kernel]  [<c12b34bd>] ? sys_connect+0x5d/0x90
Nov 15 23:09:07 [kernel]  [<c10b9638>] ? do_lock_file_wait+0x38/0xf0
Nov 15 23:09:07 [kernel]  [<c101e7b3>] ? do_page_fault+0x193/0x3c0
Nov 15 23:09:07 [kernel]  [<c12b43f0>] ? sys_socketcall+0x250/0x270
Nov 15 23:09:07 [kernel]  [<c10029d0>] ? sysenter_do_call+0x12/0x26
Nov 15 23:09:07 [kernel] ---[ end trace 5b353b73335be30f ]---
Comment 4 Mike 2010-11-20 12:26:12 UTC 
Similar problem here, vanilla 2.6.36.
Happened twice on a ppp disconnect by the other side now, however it started to appear since i've been using JDownloader to download some stuff, so the problem might be caused when the disconnect happens when there's traffic on the line. Worked without problems for a month, and i get a disconnect every 24h.

Nov 20 09:06:03 wz1 pppd[2417]: LCP terminated by peer
Nov 20 09:06:03 wz1 pppd[2417]: Connect time 1440.0 minutes.
Nov 20 09:06:03 wz1 pppd[2417]: Sent 431867576 bytes, received 134588524 bytes.
Nov 20 09:06:07 wz1 pppd[2417]: Connection terminated.
Nov 20 09:06:07 wz1 kernel: BUG: unable to handle kernel NULL pointer dereference at 0000000000000008
Nov 20 09:06:07 wz1 kernel: IP: [<ffffffff8135d09f>] skb_dequeue+0x4f/0x80
Nov 20 09:06:07 wz1 kernel: PGD 11e60d067 PUD 11e60e067 PMD 0 
Nov 20 09:06:07 wz1 kernel: Oops: 0002 [#1] SMP 
Nov 20 09:06:07 wz1 kernel: last sysfs file: /sys/devices/platform/it87.656/temp2_input
Nov 20 09:06:07 wz1 kernel: CPU 1 
Nov 20 09:06:07 wz1 kernel: Modules linked in: vfat fat xt_mac xt_ipp2p ipt_set ipt_SET compat_xtables ip_set snd_seq_midi snd_emu10k1_synth snd_emux_synth snd_seq_virmidi snd_seq_midi_event snd_seq_midi_emul nvidia(P) b2c2_flexcop_pci b2c2_flexcop s5h1420 mt352 itd1000 bcm3510 dvb_pll stv0297 nxt200x isl6421 tuner_simple tuner_types cx24113 mt312 cx24123 snd_emu10k1 snd_rawmidi snd_ac97_codec lgdt330x ac97_bus snd_pcm stv0299 snd_page_alloc dvb_core snd_util_mem snd_hwdep floppy i2c_i801 pcspkr
Nov 20 09:06:07 wz1 kernel: 
Nov 20 09:06:07 wz1 kernel: Pid: 2417, comm: pppd Tainted: P        W   2.6.36 #2 P35-DS3/P35-DS3
Nov 20 09:06:07 wz1 kernel: RIP: 0010:[<ffffffff8135d09f>]  [<ffffffff8135d09f>] skb_dequeue+0x4f/0x80
Nov 20 09:06:07 wz1 kernel: RSP: 0018:ffff88011e565db8  EFLAGS: 00010046
Nov 20 09:06:07 wz1 kernel: RAX: 0000000000000286 RBX: ffff8801108c889c RCX: 0000000000000000
Nov 20 09:06:07 wz1 kernel: RDX: 0000000000000000 RSI: 0000000000000286 RDI: ffff8801108c889c
Nov 20 09:06:07 wz1 kernel: RBP: ffff88011e565dd8 R08: 0000000000000000 R09: dead000000200200
Nov 20 09:06:07 wz1 kernel: R10: dead000000100100 R11: 0000000000000246 R12: ffff88011c4fe880
Nov 20 09:06:07 wz1 kernel: R13: ffff8801108c8888 R14: 00007fff4c92de20 R15: 0000000000000000
Nov 20 09:06:07 wz1 kernel: FS:  00007fd391a0b700(0000) GS:ffff880001900000(0000) knlGS:0000000000000000
Nov 20 09:06:07 wz1 kernel: CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
Nov 20 09:06:07 wz1 kernel: CR2: 0000000000000008 CR3: 000000011ced6000 CR4: 00000000000006e0
Nov 20 09:06:07 wz1 kernel: DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
Nov 20 09:06:07 wz1 kernel: DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
Nov 20 09:06:07 wz1 kernel: Process pppd (pid: 2417, threadinfo ffff88011e564000, task ffff88011fec52d0)
Nov 20 09:06:07 wz1 kernel: Stack:
Nov 20 09:06:07 wz1 kernel: 0000000000000286 ffff8801108c8888 ffff88011ed03e24 ffff8801108c8918
Nov 20 09:06:07 wz1 kernel: <0> ffff88011e565df8 ffffffff8135de10 ffff88011e565e18 ffff8801108c8880
Nov 20 09:06:07 wz1 kernel: <0> ffff88011e565e18 ffffffff812b47e3 00007fff4c92de20 ffff8801108c8880
Nov 20 09:06:07 wz1 kernel: Call Trace:
Nov 20 09:06:07 wz1 kernel: [<ffffffff8135de10>] skb_queue_purge+0x20/0x30
Nov 20 09:06:07 wz1 kernel: [<ffffffff812b47e3>] ppp_destroy_channel+0x23/0x50
Nov 20 09:06:07 wz1 kernel: [<ffffffff812b6b50>] ppp_unregister_channel+0x110/0x130
Nov 20 09:06:07 wz1 kernel: [<ffffffff812b9490>] pppox_unbind_sock+0x20/0x30
Nov 20 09:06:07 wz1 kernel: [<ffffffff812ba308>] pppoe_connect+0xa8/0x4c0
Nov 20 09:06:07 wz1 kernel: [<ffffffff813557f0>] sys_connect+0x70/0xa0
Nov 20 09:06:07 wz1 kernel: [<ffffffff810c2420>] ? sys_fcntl+0x1a0/0x5b0
Nov 20 09:06:07 wz1 kernel: [<ffffffff8100232b>] system_call_fastpath+0x16/0x1b
Nov 20 09:06:07 wz1 kernel: Code: 8b 65 00 4d 39 e5 74 4c 4d 85 e4 74 25 41 ff 4d 10 49 8b 0c 24 49 8b 54 24 08 49 c7 04 24 00 00 00 00 49 c7 44 24 08 00 00 00 00 <48> 89 51 08 48 89 0a 48 89 c6 48 89 df e8 1f df 0f 00 4c 89 e0 
Nov 20 09:06:07 wz1 kernel: RIP  [<ffffffff8135d09f>] skb_dequeue+0x4f/0x80
Nov 20 09:06:07 wz1 kernel: RSP <ffff88011e565db8>
Nov 20 09:06:07 wz1 kernel: CR2: 0000000000000008
Nov 20 09:06:07 wz1 kernel: ---[ end trace 77b6047e11514c90 ]---
Comment 5 Denys Fedoryshchenko 2010-12-05 20:42:14 UTC 
Please check this http://marc.info/?l=linux-kernel&m=129138181231513&w=2