PAX: size overflow detected in function pptp_rcv_core
Posted: Wed Mar 23, 2016 6:03 am
Using Hardened Gentoo kernel 4.4.2. When first PPTP connection happens, kernel panicked:
Looking at suggested file - drivers/net/ppp/pptp.c
Line 371 is 'skb_set_network_header(skb, skb->head-skb->data);'
I do not know what voodoo magic happens here
But i would be glad to provide additional information that will resolve it
- Code: Select all
PAX: size overflow detected in function pptp_rcv_core drivers/net/ppp/pptp.c:371 cicus.190_166 min, count: 14, decl: network_header; num: 0; context: sk_buff;
Kernel panic - not syncing: Aiee, killing interrupt handler!
CPU: 1 PID: 1434 Comm: accel-pppd Not tainted 4.4.2-hardened-VIRTUAL #2
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.8.2-0-g33fbe13 by qemu-project.org 04/01/2014
ffff88017fc83ae0 ffffffff8148bb27 0000000000000007 ffffffff81ae9570
ffffffff8112fda1 0000000000000008 ffff88017fc83af0 ffff88017fc83a80
ffff88005cd00900 0000000000200046 0000000000000000 000003fffffff000
Call Trace:
<IRQ> [<ffffffff8148bb27>] ? dump_stack+0x41/0x6a
[<ffffffff8112fda1>] ? panic+0xbd/0x221
[<ffffffff8109c8d7>] ? do_exit+0x817/0xa80
[<ffffffff810a6dd4>] ? signal_wake_up_state+0x14/0x30
[<ffffffff8109d9d4>] ? do_group_exit+0x44/0xc0
[<ffffffff8118b6a1>] ? report_size_overflow+0x71/0x80
[<ffffffff815b9493>] ? pptp_rcv_core+0x363/0x480
[<ffffffff8168622f>] ? sk_receive_skb+0x12f/0x1d0
[<ffffffff81794450>] ? ip_local_deliver_finish+0xb0/0x240
[<ffffffff81794763>] ? ip_local_deliver+0x63/0xd0
[<ffffffff817943a0>] ? ip_rcv_finish+0x320/0x320
[<ffffffff81794a6e>] ? ip_rcv+0x29e/0x580
[<ffffffff81794080>] ? inet_del_offload+0x40/0x40
[<ffffffff816a0f31>] ? __netif_receive_skb_core+0x351/0xc40
[<ffffffff817d6400>] ? inet_gro_receive+0x1c0/0x6d0
[<ffffffff816a188a>] ? netif_receive_skb_internal+0x1a/0x80
[<ffffffff816a2844>] ? napi_gro_receive+0x64/0x90
[<ffffffff815ac6b9>] ? virtnet_receive+0x4c9/0xa10
[<ffffffff81177e6a>] ? kmem_cache_free+0x2a/0x140
[<ffffffff81177e6a>] ? kmem_cache_free+0x2a/0x140
[<ffffffff815acce3>] ? virtnet_poll+0x13/0x70
[<ffffffff816a1d2a>] ? net_rx_action+0x27a/0x430
[<ffffffff8109e4fd>] ? __do_softirq+0xed/0x220
[<ffffffff8109e787>] ? irq_exit+0x97/0xa0
[<ffffffff810071aa>] ? do_IRQ+0x4a/0xe0
[<ffffffff818ca090>] ? common_interrupt+0x90/0x90
<EOI>
Kernel Offset: disabled
Rebooting in 5 seconds..
Looking at suggested file - drivers/net/ppp/pptp.c
- Code: Select all
if ((*skb->data) & 1) {
/* protocol is compressed */
skb_push(skb, 1)[0] = 0;
}
skb->ip_summed = CHECKSUM_NONE;
skb_set_network_header(skb, skb->head-skb->data);
ppp_input(&po->chan, skb);
return NET_RX_SUCCESS;
Line 371 is 'skb_set_network_header(skb, skb->head-skb->data);'
I do not know what voodoo magic happens here
But i would be glad to provide additional information that will resolve it