[OOPS] using IPSec on Linux 2.6 - similar to earlier OOPS

From: Ranjeet Shetye (ranjeet.shetye2@zultys.com)
Date: Fri Jul 25 2003 - 18:43:04 EST


Test system.
kernel is 2.6.0-test1-bk (Fri, July 25), talking to a 2.4.21 kernel
with IPSec backport. IPSec is tunnel mode, ESP and AH with AES and MD5
for phase 1 and phase 2. PFS is off. default lifetimes. no modules
loaded on 2.6 kernel.
Starting tetheral (intf going into promiscuous mode ?) triggers this
bug.

------------[ cut here ]------------
kernel BUG at net/xfrm/xfrm_state.c:54!
invalid operand: 0000 [#1]
CPU: 0
EIP: 0060:[<c041d62c>] Not tainted
EFLAGS: 00010202
EIP is at xfrm_state_gc_destroy+0x1c/0xb8
eax: 00000001 ebx: c3b59728 ecx: c12e8000 edx: c04dca98
esi: c12e9f48 edi: 00000283 ebp: c12e9f3c esp: c12e9f34
ds: 007b es: 007b ss: 0068
Process events/0 (pid: 3, threadinfo=c12e8000 task=c12ecc80)
Stack: c3b59844 c12e9f48 c12e9f58 c041d745 c3b59728 c3b59728 c3b59728
c05e8e24 c05e8e20 c12e9fec c012b608 00000000 c12e9fa0 00000000
cf755464 cf75545c c12e8000 c12e8000 c12e8000 c12e8000 c12e8000
00000000 c041d6c8 c12e8000 Call Trace:
  [<c041d745>] xfrm_state_gc_task+0x7d/0x93
  [<c012b608>] worker_thread+0x1df/0x2c0
  [<c041d6c8>] xfrm_state_gc_task+0x0/0x93
  [<c0119b40>] default_wake_function+0x0/0x2e
  [<c01090e2>] ret_from_fork+0x6/0x14
  [<c0119b40>] default_wake_function+0x0/0x2e
  [<c012b429>] worker_thread+0x0/0x2c0
  [<c0107291>] kernel_thread_helper+0x5/0xb

Code: 0f 0b 36 00 18 cf 4b c0 8b 83 cc 00 00 00 85 c0 75 7d 8b 83

ksymoops 2.4.9 on i686 2.6.0-test1-bk. Options used
      -v /usr/src/linux/vmlinux (specified)
      -k /proc/ksyms (default)
      -l /proc/modules (default)
      -o /lib/modules/2.6.0-test1-bk/ (default)
      -m /usr/src/linux/System.map (specified)

Error (regular_file): read_ksyms stat /proc/ksyms failed
ksymoops: No such file or directory
No modules in ksyms, skipping objects
No ksyms, skipping lsmod
CPU: 0
EIP: 0060:[<c041d62c>] Not tainted
Using defaults from ksymoops -t elf32-i386 -a i386
EFLAGS: 00010202
eax: 00000001 ebx: c3b59728 ecx: c12e8000 edx: c04dca98
esi: c12e9f48 edi: 00000283 ebp: c12e9f3c esp: c12e9f34
ds: 007b es: 007b ss: 0068
Stack: c3b59844 c12e9f48 c12e9f58 c041d745 c3b59728 c3b59728 c3b59728
c05e8e24 c05e8e20 c12e9fec c012b608 00000000 c12e9fa0 00000000
cf755464 cf75545c c12e8000 c12e8000 c12e8000 c12e8000 c12e8000
00000000 c041d6c8 c12e8000 Call Trace:
  [<c041d745>] xfrm_state_gc_task+0x7d/0x93
  [<c012b608>] worker_thread+0x1df/0x2c0
  [<c041d6c8>] xfrm_state_gc_task+0x0/0x93
  [<c0119b40>] default_wake_function+0x0/0x2e
  [<c01090e2>] ret_from_fork+0x6/0x14
  [<c0119b40>] default_wake_function+0x0/0x2e
  [<c012b429>] worker_thread+0x0/0x2c0
  [<c0107291>] kernel_thread_helper+0x5/0xb
Code: 0f 0b 36 00 18 cf 4b c0 8b 83 cc 00 00 00 85 c0 75 7d 8b 83

>> EIP; c041d62c <xfrm_state_gc_destroy+1c/b8> <=====

>> ebx; c3b59728 <__crc_xprt_create_proto+18d5f0/2e0171>
>> ecx; c12e8000 <__crc_memcpy_tokerneliovec+89f78/4e7a4d>
>> edx; c04dca98 <__crc_blk_insert_request+4a/39a>
>> esi; c12e9f48 <__crc_memcpy_tokerneliovec+8bec0/4e7a4d>
>> ebp; c12e9f3c <__crc_memcpy_tokerneliovec+8beb4/4e7a4d>
>> esp; c12e9f34 <__crc_memcpy_tokerneliovec+8beac/4e7a4d>

Trace; c041d745 <xfrm_state_gc_task+7d/93>
Trace; c012b608 <worker_thread+1df/2c0>
Trace; c041d6c8 <xfrm_state_gc_task+0/93>
Trace; c0119b40 <default_wake_function+0/2e>
Trace; c01090e2 <ret_from_fork+6/14>
Trace; c0119b40 <default_wake_function+0/2e>
Trace; c012b429 <worker_thread+0/2c0>
Trace; c0107291 <kernel_thread_helper+5/b>

Code; c041d62c <xfrm_state_gc_destroy+1c/b8>
00000000 <_EIP>:
Code; c041d62c <xfrm_state_gc_destroy+1c/b8> <=====
    0: 0f 0b ud2a <=====
Code; c041d62e <xfrm_state_gc_destroy+1e/b8>
    2: 36 00 18 add %bl,%ss:(%eax)
Code; c041d631 <xfrm_state_gc_destroy+21/b8>
    5: cf iret Code; c041d632
<xfrm_state_gc_destroy+22/b8>
    6: 4b dec %ebx
Code; c041d633 <xfrm_state_gc_destroy+23/b8>
    7: c0 8b 83 cc 00 00 00 rorb $0x0,0xcc83(%ebx)
Code; c041d63a <xfrm_state_gc_destroy+2a/b8>
    e: 85 c0 test %eax,%eax
Code; c041d63c <xfrm_state_gc_destroy+2c/b8>
   10: 75 7d jne 8f <_EIP+0x8f>
Code; c041d63e <xfrm_state_gc_destroy+2e/b8>
   12: 8b 83 00 00 00 00 mov 0x0(%ebx),%eax

1 error issued. Results may not be reliable.

-- 
Ranjeet Shetye
Senior Software Engineer
Zultys Technologies
Ranjeet dot Shetye2 at Zultys dot com
http://www.zultys.com/
--
The views, opinions, and judgements expressed in this message are solely
those of the author. The message contents have not been reviewed or
approved by Zultys.
-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html



This archive was generated by hypermail 2b29 : Thu Jul 31 2003 - 22:00:01 EST