linux-avmb1:kernel crash during heavy load - capi ppp plugins - avm b1 - isa or pci

J.P.Steindlberger joerg at steindlberger.de
Fri Aug 20 07:25:02 CEST 2004 

Hi,

in hope to find a kernel hacker (or someone who might forward my problem 
to one) I'm switching to English now.

My problem is a reproducable kernel crash while uploading files > 16kB 
via an active ISDN card by german manufacturer AVM (AVM B1 ISA or PCI) 
using pppdcapiplugin and kernel 2.6.7.

Here my test system:
// Debian 3.1
// ppp 2.4.2+20040428-2
// pppdcapiplugin 3.3.0.20040704-0.4
# cat /proc/capi/driver
b1isa                            1.1.2.3
# cat /proc/capi/controller
1 b1isa      running  b1isa-150        B1 3.11-03 0x150 3 r2
# ll /usr/lib/isdn/b1.t4
-rw-r--r--  1 root root 254657 Sep 15  2003 /usr/lib/isdn/b1.t4
# md5sum /usr/lib/isdn/b1.t4
5a4d2602f1477a11741695433de07de1  /usr/lib/isdn/b1.t4
# uname -r
2.6.7

I tried to upload files with identical beginning but different size 
using scp to an internet server:
uploading files <= 16kB is okay
uploading file = 24kB produces kernel hang (no automatic reboot) with 
console message:
  BUG: dst underflow 0: c024010c
uploading file >= 32kB:
Unable to handle kernel NULL pointer dereference at virtual address 00000004
  printing eip:
c0241659
*pde = 00000000
Oops: 0002 [#1]
Modules linked in: ppp_deflate zlib_deflate bsd_comp ppp_synctty 
ipt_limit iptable_filter ipt_MASQUERADE iptable_nat ip_conntrack 
ip_tables hisax isdn sg floppy ppp_mppe ppp_generic slhc b1isa b1dma b1 
capi kernelcapi capifs dummy ne 8390 crc32 nls_iso8859_15
CPU:    0
EIP:    0060:[<c0241659>]    Tainted: P
EFLAGS: 00010003   (2.6.7-gw)
EIP is at skb_dequeue+0x19/0x40
eax: 00000000   ebx: 00000246   ecx: c13ae2c0   edx: c17dac98
esi: c17dac58   edi: c21e45f6   ebp: 00000000   esp: c3fc1a54
ds: 007b   es: 007b   ss: 0068
Process events/0 (pid: 3, threadinfo=c3fc0000 task=c3fc8b30)
Stack: c13aee00 c48e17fa c17dac98 c17dac98 00000000 000006a0 c13aee00 
c21c4e48
        c21e45f6 c17dac58 c48e26a4 c17dac58 c17dac98 c13aee00 c0be9ed8 
00000000
        c3fc0000 c335f000 c4eb4a92 c335f000 00000000 c21c4868 000005e0 
00000000
Call Trace:
  [<c48e17fa>] handle_minor_send+0x3a/0x2b0 [capi]
  [<c48e26a4>] capinc_tty_write+0xe4/0x1c0 [capi]
  [<c4eb4a92>] ppp_sync_push+0xa2/0x140 [ppp_synctty]
  [<c4eb49dd>] ppp_sync_send+0x3d/0x50 [ppp_synctty]
  [<c48fa4bc>] ppp_push+0x6c/0xb0 [ppp_generic]
  [<c48fa15c>] ppp_send_frame+0x28c/0x580 [ppp_generic]
  [<c48f9e6d>] ppp_xmit_process+0x4d/0xb0 [ppp_generic]
  [<c48f9b69>] ppp_start_xmit+0xd9/0x250 [ppp_generic]
  [<c024ed7f>] qdisc_restart+0x3f/0xd0
  [<c024423f>] dev_queue_xmit+0x16f/0x200
  [<c025a03d>] ip_finish_output2+0xbd/0x190
  [<c0259f80>] ip_finish_output2+0x0/0x190
  [<c024c2e7>] nf_hook_slow+0x97/0xd0
  [<c0259f50>] dst_output+0x0/0x30
  [<c0257d8b>] ip_finish_output+0x1bb/0x1d0
  [<c0259f80>] ip_finish_output2+0x0/0x190
  [<c0259f50>] dst_output+0x0/0x30
  [<c0259f60>] dst_output+0x10/0x30
  [<c024c2e7>] nf_hook_slow+0x97/0xd0
  [<c025827e>] ip_queue_xmit+0x30e/0x4f0
  [<c0259f50>] dst_output+0x0/0x30
  [<c0259f50>] dst_output+0x0/0x30
  [<c01163ba>] update_process_times+0x2a/0x30
  [<c011627b>] update_wall_time+0xb/0x40
  [<c010cb26>] recalc_task_prio+0xa6/0x1d0
  [<c010cca1>] activate_task+0x51/0x70
  [<c026dacc>] tcp_v4_send_check+0x3c/0xf0
  [<c0267d62>] tcp_transmit_skb+0x432/0x6f0
  [<c0268af3>] tcp_write_xmit+0x153/0x2c0
  [<c0265db1>] __tcp_data_snd_check+0xb1/0xc0
  [<c0266346>] tcp_rcv_established+0x216/0x810
  [<c4e8b2c3>] ipt_do_table+0x293/0x390 [ip_tables]
  [<c026eb63>] tcp_v4_do_rcv+0xe3/0xf0
  [<c026f087>] tcp_v4_rcv+0x517/0x6d0
  [<c0255540>] ip_local_deliver_finish+0x0/0x130
  [<c0255540>] ip_local_deliver_finish+0x0/0x130
  [<c02555ea>] ip_local_deliver_finish+0xaa/0x130
  [<c024c2e7>] nf_hook_slow+0x97/0xd0
  [<c0255670>] ip_rcv_finish+0x0/0x1f0
  [<c0255114>] ip_local_deliver+0x164/0x190
  [<c0255540>] ip_local_deliver_finish+0x0/0x130
  [<c02557f7>] ip_rcv_finish+0x187/0x1f0
  [<c024c2e7>] nf_hook_slow+0x97/0xd0
  [<c025548e>] ip_rcv+0x34e/0x400
  [<c0255670>] ip_rcv_finish+0x0/0x1f0
  [<c02446d0>] netif_receive_skb+0x150/0x180
  [<c024476f>] process_backlog+0x6f/0x120
  [<c024487f>] net_rx_action+0x5f/0xf0
  [<c0113043>] __do_softirq+0x83/0x90
  [<c0113076>] do_softirq+0x26/0x30
  [<c4eb44c3>] ppp_sync_receive+0x43/0x70 [ppp_synctty]
  [<c48e16e7>] handle_recv_skb+0xc7/0x150 [capi]
  [<c48e179f>] handle_minor_recv+0x2f/0x50 [capi]
  [<c48d7230>] recv_handler+0x0/0x80 [kernelcapi]
  [<c48d728c>] recv_handler+0x5c/0x80 [kernelcapi]
  [<c011bc1b>] worker_thread+0x18b/0x230
  [<c010d570>] default_wake_function+0x0/0x20
  [<c0287483>] schedule+0x273/0x440
  [<c010d570>] default_wake_function+0x0/0x20
  [<c011ba90>] worker_thread+0x0/0x230
  [<c011e897>] kthread+0x97/0xa0
  [<c011e800>] kthread+0x0/0xa0
  [<c01020a5>] kernel_thread_helper+0x5/0x10

Code: 89 50 04 c7 01 00 00 00 00 c7 41 04 00 00 00 00 c7 41 08 00
  <0>Kernel panic: Fatal exception in interrupt
In interrupt handler - not syncing
  <0>Rebooting in 1 seconds..

Thanks for helping and making linux kernel bug free.
Joerg

More information about the linux-avmb1 mailing list