PAX: size overflow detected in function pptp_rcv_core
Posted: Thu May 12, 2016 4:15 amThis is similar report that i posted earlier(viewtopic.php?f=3&t=4437) - symptoms are very similar
Using Hardened Gentoo kernel 4.5.3-r1. When first PPTP connection happens, kernel panicked:
skbuff.h around line 2132:
Line 2132 in include/linux/skbuff.h is: skb->network_header += offset;
Line 371 in drivers/net/ppp/pptp.c is: skb_set_network_header(skb, skb->head-skb->data);
So this line(371) WAS not removed as suggested at previous thread, thus - panic is still here!
Using Hardened Gentoo kernel 4.5.3-r1. When first PPTP connection happens, kernel panicked:
- Code: Select all
PAX: size overflow detected in function pptp_rcv_core include/linux/skbuff.h:2132 cicus.195_168 max, count: 9, decl: network_header; num: 0; context: sk_buff;
Kernel panic - not syncing: Aiee, killing interrupt handler!
CPU: 0 PID: 0 Comm: swapper/0 Not tainted 4.5.3-hardened-r1-VIRTUAL #1
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.8.2-0-g33fbe13 by qemu-project.org 04/01/2014
00000000 003ed97f 00200046 c2406580 00000009 000d0904 c2406580 00000009
c2406580 00000001 00044eae c213b7d0 00000000 f540fd7c 00005996 00000000
c219d367 00000024 00000000 f540fd1c 00200286 00000000 c24070c0 00000009
Call Trace:
[<003ed97f>] ? dump_stack+0x45/0x66
[<00200046>] ? ext4_xattr_set_entry+0x1a6/0x590
[<000d0904>] ? panic+0x81/0x174
[<00044eae>] ? do_exit+0x7be/0xa10
[<00005996>] ? runqueues+0x56/0xa0
[<00200286>] ? ext4_xattr_set_entry+0x3e6/0x590
[<00045fa0>] ? do_group_exit+0x30/0x90
[<0012b689>] ? report_size_overflow+0x69/0x70
[<004fde86>] ? pptp_rcv_core+0x316/0x320
[<00200246>] ? ext4_xattr_set_entry+0x3a6/0x590
[<005bf8df>] ? sk_receive_skb+0x10f/0x1b0
[<000017c9>] ? pt_ctx+0x21/0x58
[<006ff188>] ? gre_rcv+0x58/0x100
[<006ae07f>] ? ip_local_deliver_finish+0xaf/0x2b0
[<006ae3ec>] ? ip_local_deliver+0x4c/0xb0
[<006adfd0>] ? ip_rcv_finish+0x370/0x370
[<006adcd7>] ? ip_rcv_finish+0x77/0x370
[<006ae773>] ? ip_rcv+0x323/0x510
[<006adc60>] ? inet_del_offload+0x30/0x30
[<005d726a>] ? __netif_receive_skb_core+0x28a/0x990
[<00080000>] ? print_cfs_rq+0xdf0/0xf40
[<005d8703>] ? dev_gro_receive+0x2d3/0x5f0
[<0006bb1f>] ? sched_clock_cpu+0xff/0x130
[<00002a00>] ? lru_add_pvec+0x40/0x40
[<005d79d7>] ? netif_receive_skb_internal+0x17/0x70
[<005d8c77>] ? napi_gro_receive+0x77/0xc0
[<004f1e34>] ? virtnet_receive+0x474/0xa00
[<00002a00>] ? lru_add_pvec+0x40/0x40
[<004f248f>] ? virtnet_poll+0xf/0x70
[<005d8213>] ? net_rx_action+0x3e3/0x600
[<00046b18>] ? __do_softirq+0xb8/0x1a0
[<00200000>] ? ext4_xattr_set_entry+0x160/0x590
[<00046a60>] ? cpu_callback+0xf0/0xf0
[<0000568a>] ? do_softirq_own_stack+0x1a/0x20
<IRQ> [<00046d1d>] ? irq_exit+0x7d/0x80
[<0000500a>] ? menu_devices+0xa/0x80
[<00200006>] ? ext4_xattr_set_entry+0x166/0x590
[<007c89f8>] ? common_interrupt+0x38/0x40
[<0000bc52>] ? default_idle+0x2/0x10
[<00200246>] ? ext4_xattr_set_entry+0x3a6/0x590
[<0000c0a6>] ? arch_cpu_idle+0x6/0x10
[<0007d36c>] ? cpu_startup_entry+0x16c/0x210
[<016084f2>] ? 0x16084f2
[<00020800>] ? intel_pt_interrupt+0x30/0x130
Kernel Offset: disabled
Rebooting in 5 seconds..
skbuff.h around line 2132:
- Code: Select all
static inline void skb_set_network_header(struct sk_buff *skb, const int offset)
{
skb_reset_network_header(skb);
skb->network_header += offset;
}
Line 2132 in include/linux/skbuff.h is: skb->network_header += offset;
Line 371 in drivers/net/ppp/pptp.c is: skb_set_network_header(skb, skb->head-skb->data);
So this line(371) WAS not removed as suggested at previous thread, thus - panic is still here!