netbsd-bugs: kern/8846: ppp with "deflate 8" can cause crash

Subject: kern/8846: ppp with "deflate 8" can cause crash
To: None <gnats-bugs@gnats.netbsd.org>
From: Frederick Bruckman <fb@enteract.com>
List: netbsd-bugs
Date: 11/22/1999 02:30:57
>Number:         8846
>Category:       kern
>Synopsis:       ppp with "deflate 8" can cause crash
>Confidential:   yes
>Severity:       serious
>Priority:       medium
>Responsible:    kern-bug-people (Kernel Bug People)
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Mon Nov 22 02:30:01 1999
>Last-Modified:
>Originator:     Frederick Bruckman
>Organization:
	
>Release:        Both 1-4-19991113 and 1.4O-19991119
>Environment:
	
System: NetBSD handy.localnet 1.4.1 NetBSD 1.4.1 (HANDY) #4:
Mon Nov 15 03:01:53 CST 1999
root@handy.localnet:/usr/src/sys/arch/i386/compile/HANDY i386

handy: dmesg | head -n 7
NetBSD 1.4.1 (HANDY) #4: Mon Nov 15 03:01:53 CST 1999
    root@handy.localnet:/usr/src/sys/arch/i386/compile/HANDY
cpu0: family 4 model 8 step 0
cpu0: Intel 486DX4 (486-class)
real mem  = 49938432
avail mem = 43761664
using 635 buffers containing 2600960 bytes of memory

laptop: dmesg (edited)
NetBSD 1.4O (LAPTOP) #3: Fri Nov 19 04:17:57 CST 1999
    fredb@laptop.localnet:/usr/src/sys/arch/i386/compile/LAPTOP
cpu0: family 6 model 5 step 0
cpu0: Intel Pentium II (Deschutes) (686-class)
total memory = 65152 KB
avail memory = 57880 KB
using 840 buffers containing 3360 KB of memory

>Description:
	
	Setting up a ppp connection with the options "deflate 8" between
	two NetBSD boxes causes both to crash almost immediately. Trace is
	similar, when you get one (sometimes freezes "hard"):

Nov 21 23:29:28 handy pppd[149]: Connect: ppp1 <--> /dev/tty01
Nov 21 23:30:31 handy pppd[149]: Deflate (8) compression enabled
Nov 21 23:30:34 handy pppd[149]: local  IP address 192.168.128.1
Nov 21 23:30:34 handy pppd[149]: remote IP address 192.168.128.3
kernel: page fault trap, code=0
Stopped at      _deflate_slow+0x2b:     movzbl  0x2(%eax,%ecx,1),%eax
db> t
_deflate_slow(f0631000,2,0,f05b8d1c,2) at _deflate_slow+0x2b
_deflate(f053e918,2) at _deflate+0x167
_z_compress(f053e900,f3e01df0,0,50,50) at _z_compress+0x4aa
_ppp_dequeue(f02f0114,0,f02f01e4,f02f01e8,f048d834) at _ppp_dequeue+0x207
_pppasyncstart(f02f0114) at _pppasyncstart+0x43
_pppintr(10,f0470010,f3dbc4e8,f3dbc4e8,f3e01edc) at _pppintr+0x89
Bad frame pointer: 0xf3e01e68
db>

>How-To-Repeat:
	
	I'm connecting a network-challenged laptop (running current) to
	a 1.4.1 box with a plain cable, and have experimented with different
	compression setttings.  With "deflate 15,15" or "deflate 15,13",
	it works well enough to mount via nfs over the wire, but after a
	large file transfer pppd gives an error and turns compression off.
	With deflate 8, as above.

	Both: /etc/ppp/options:
	asyncmap 0

	Desktop: /etc/ppp/peers/laptop:
	tty01 115200 crtscts local
	silent persist
	connect "/usr/sbin/chat -v -f /etc/ppp/chats/laptop"
	handy-ppp:laptop
	deflate 8

	Laptop: /etc/ppp/peers/handy:
	tty00 115200 crtscts local
	192.168.128.3:192.168.128.1
	defaultroute
	persist
	#
	connect "/usr/sbin/chat -v -f /etc/ppp/chats/handy"
	#
	mru 296
	mtu 296
	#
	deflate 8

	Usually starting both from "rc.conf: ppp_peers={handy,laptop}", 
	same with "pppd call laptop", "pppd call handy", on each.

>Fix:
	
	Set to "deflate 0", and let BSD Compression take over. For nfs
	mounts, this seems to give results overall, anyway.  Here's a sample
	of "pppstats -r -w9" while doing a "make build" with /usr/src nfs
	mounted (BSD Compression):  With "deflate", the ratio rarely went
	over 3.0, in either direction.

      IN   PACK VJCOMP  RATIO  UBYTE  |      OUT   PACK VJCOMP  RATIO  UBYTE
44524736 510454 482870   2.49 104252584  |  8740864 402901 367388   5.12 34510500
   37480    933    899   4.41 144229  |    19700    895    859   7.47 113306
   57698    705    673   2.47 132719  |    13101    603    568   5.97  60186
   61225    576    543   2.09 121319  |     7726    423    380   5.53  31082
   52824    459    425   2.08 104851  |     5397    315    279   4.45  17119
   17273    255    222   2.93  46720  |     4817    241    205   6.39  23113
   31988    342    311   2.38  71477  |     4776    260    225   5.13  17942
   22890    228    196   2.11  45806  |     3977    203    166   5.37  15883
   29857    299    263   2.16  61454  |     4748    239    198   4.75  16888
   23964    243    204   2.17  48709  |     4326    206    163   4.69  15563
   37006    341    310   2.03  71750  |     4682    259    221   4.97  16938
   25750    269    237   2.29  55835  |     4170    221    184   5.13  15783
   43300    350    323   1.91  79134  |     4308    246    209   4.21  13012
   79829    709    678   2.19 166967  |     7431    445    410   3.63  18875
   48595    527    496   2.27 103727  |    10687    428    394   4.45  38268
   55756    606    576   2.43 128038  |    11481    484    452   4.63  42088
   62757    839    805   2.68 156620  |    14122    694    658   6.31  67161
   66816    732    700   2.35 147571  |    11401    572    534   5.68  48572
   78864    807    777   2.33 174204  |    10123    566    525   5.30  38708
   69274    731    695   2.26 147749  |    12379    572    531   5.48  52214
      IN   PACK VJCOMP  RATIO  UBYTE  |      OUT   PACK VJCOMP  RATIO  UBYTE
   68812    794    757   2.36 152653  |    12429    630    588   6.09  56631



>Audit-Trail:
>Unformatted: