Gitweb:     http://git.kernel.org/linus/a8170c35e738d62e9919ce5b109cf4ed66e95bde
Commit:     a8170c35e738d62e9919ce5b109cf4ed66e95bde
Parent:     81419d862db743fe4450a021893f24bab4698c1d
Author:     Wei Yongjun <yjwei@cn.fujitsu.com>
AuthorDate: Wed Apr 28 08:47:21 2010 +0000
Committer:  David S. Miller <davem@davemloft.net>
CommitDate: Wed Apr 28 12:16:33 2010 -0700

    sctp: fix to calc the INIT/INIT-ACK chunk length correctly is set
    
    When calculating the INIT/INIT-ACK chunk length, we should not
    only account the length of parameters, but also the parameters
    zero padding length, such as AUTH HMACS parameter and CHUNKS
    parameter. Without the parameters zero padding length we may get
    following oops.
    
    skb_over_panic: text:ce2068d2 len:130 put:6 head:cac3fe00 data:cac3fe00 tail:0xcac3fe82 end:0xcac3fe80 dev:<NULL>
    ------------[ cut here ]------------
    kernel BUG at net/core/skbuff.c:127!
    invalid opcode: 0000 [#2] SMP
    last sysfs file: /sys/module/aes_generic/initstate
    Modules linked in: authenc ......
    
    Pid: 4102, comm: sctp_darn Tainted: G      D    2.6.34-rc2 #6
    EIP: 0060:[<c0607630>] EFLAGS: 00010282 CPU: 0
    EIP is at skb_over_panic+0x37/0x3e
    EAX: 00000078 EBX: c07c024b ECX: c07c02b9 EDX: cb607b78
    ESI: 00000000 EDI: cac3fe7a EBP: 00000002 ESP: cb607b74
     DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068
    Process sctp_darn (pid: 4102, ti=cb607000 task=cabdc990 task.ti=cb607000)
    Stack:
     c07c02b9 ce2068d2 00000082 00000006 cac3fe00 cac3fe00 cac3fe82 cac3fe80
    <0> c07c024b cac3fe7c cac3fe7a c0608dec ca986e80 ce2068d2 00000006 0000007a
    <0> cb8120ca ca986e80 cb812000 00000003 cb8120c4 ce208a25 cb8120ca cadd9400
    Call Trace:
     [<ce2068d2>] ? sctp_addto_chunk+0x45/0x85 [sctp]
     [<c0608dec>] ? skb_put+0x2e/0x32
     [<ce2068d2>] ? sctp_addto_chunk+0x45/0x85 [sctp]
     [<ce208a25>] ? sctp_make_init+0x279/0x28c [sctp]
     [<c0686a92>] ? apic_timer_interrupt+0x2a/0x30
     ...
[ message continues ]