IPsec/crypto kernel panic in 2.6.[456]
From: Tobias RingstrÃm
Date: Wed May 19 2004 - 14:50:19 EST
I get a kernel panic that is very easy to reproduce. The panic goes
away if I revert the following changeset ("fix in-place de/encryption
bug with highmem"):
http://linux.bkbits.net:8080/linux-2.5/cset@xxxxxxxxxxxxx
I have not analyzed the code closely, so I cannot say for certain that
there is a problem with that specific changeset, and I'm certainly not
out to blame anyone, but reverting it at least seems to fix the problem.
The panic occurs when I receive more than a little TCP data in an
IPsec ESP tunnel. I'm of course willing to test patches or provide
further info if required.
[Please CC me because I'm not subscribed to the list.]
/Tobias
Unable to handle kernel paging request at virtual address 77d89bb3
printing eip:
e38c230d
*pde = 00000000
Oops: 0002 [#1]
CPU: 0
EIP: 0060:[<e38c230d>] Not tainted
EFLAGS: 00010216 (2.6.6)
EIP is at des_small_fips_decrypt+0x96d/0x9a0 [des]
eax: 0030f000 ebx: 00030f00 ecx: 1b24b797 edx: ba4d7f77
esi: dcf91438 edi: 77d89bb3 ebp: c040fbb0 esp: c040fb5c
ds: 007b es: 007b ss: 0068
Process swapper (pid: 0, threadinfo=c040e000 task=c0386a40)
Stack: 77d89bb3 dcf91330 da6e4458 e38c28ed dcf91438 77d89bb3 c040fbf0
77d89bb3
c040fbf0 c01e7623 dcf91330 77d89bb3 c040fbf0 c01e7373 c040fbf2
dec77000
00000006 c040fb94 c040fbf0 000004a0 00000008 c040fc50 c01e7513
dcf91304
Call Trace:
[<e38c28ed>] des3_ede_decrypt+0x2d/0x70 [des]
[<c01e7623>] cbc_process+0x63/0x170
[<c01e7373>] scatterwalk_copychunks+0x83/0xd0
[<c01e7513>] crypt+0x153/0x200
[<e38c28c0>] des3_ede_decrypt+0x0/0x70 [des]
[<c02d2000>] dst_output+0x0/0x30
[<c02d1b74>] ip_push_pending_frames+0x344/0x420
[<c02d2000>] dst_output+0x0/0x30
[<c01e7948>] cbc_decrypt+0x48/0x50
[<e38c28c0>] des3_ede_decrypt+0x0/0x70 [des]
[<c01e75c0>] cbc_process+0x0/0x170
[<e38ccb1b>] esp_input+0x1fb/0x500 [esp4]
[<e38cca3e>] esp_input+0x11e/0x500 [esp4]
[<c02b78f4>] kfree_skbmem+0x24/0x30
[<c030fdeb>] xfrm_state_lookup+0x5b/0x70
[<c030b58e>] xfrm4_rcv_encap+0xee/0x4a0
[<c02d20e2>] ip_finish_output2+0xb2/0x1d0
[<c0302484>] ipt_do_table+0x294/0x380
[<c02c5302>] nf_hook_slow+0xd2/0x120
[<c02ccfc0>] ip_local_deliver_finish+0x0/0x1d0
[<c0304b37>] ipt_hook+0x37/0x40
[<c030b3d7>] xfrm4_rcv+0x17/0x20
[<c02cd089>] ip_local_deliver_finish+0xc9/0x1d0
[<c02ccfc0>] ip_local_deliver_finish+0x0/0x1d0
[<c02c5302>] nf_hook_slow+0xd2/0x120
[<c02ccfc0>] ip_local_deliver_finish+0x0/0x1d0
[<c02ccb27>] ip_local_deliver+0x217/0x240
[<c02ccfc0>] ip_local_deliver_finish+0x0/0x1d0
[<c02cd350>] ip_rcv_finish+0x1c0/0x230
[<c02cd190>] ip_rcv_finish+0x0/0x230
[<c02c5302>] nf_hook_slow+0xd2/0x120
[<c02cd190>] ip_rcv_finish+0x0/0x230
[<c02ccf04>] ip_rcv+0x3b4/0x470
[<c02cd190>] ip_rcv_finish+0x0/0x230
[<c02bc430>] netif_receive_skb+0x150/0x190
[<c02bc4dd>] process_backlog+0x6d/0x100
[<c02bc5da>] net_rx_action+0x6a/0xf0
[<c011afc5>] __do_softirq+0x85/0x90
[<c011aff6>] do_softirq+0x26/0x30
[<c0106439>] do_IRQ+0xc9/0xf0
[<c0101ef0>] default_idle+0x0/0x30
[<c01047cc>] common_interrupt+0x18/0x20
[<c0101ef0>] default_idle+0x0/0x30
[<c0101f14>] default_idle+0x24/0x30
[<c0101f90>] cpu_idle+0x30/0x40
[<c041072d>] start_kernel+0x14d/0x170
[<c0410470>] unknown_bootoption+0x0/0x130
Code: 88 0f c1 e9 08 31 c2 88 4f 01 c1 e9 08 88 57 04 88 4f 02 c1
<0>Kernel panic: Fatal exception in interrupt
In interrupt handler - not syncing
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/