Bug 106611 - regression: Kernel panic with ipsec over ipv6
Summary: regression: Kernel panic with ipsec over ipv6
Status: RESOLVED CODE_FIX
Alias: None
Product: Networking
Classification: Unclassified
Component: IPV6 (show other bugs)
Hardware: All Linux
: P1 normal
Assignee: Hideaki YOSHIFUJI
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2015-10-26 09:17 UTC by Scott Harrison
Modified: 2015-11-09 15:46 UTC (History)
3 users (show)

See Also:
Kernel Version: 4.2.1, 4.2.2, 4.2.3
Subsystem:
Regression: No
Bisected commit-id:


Attachments

Description Scott Harrison 2015-10-26 09:17:41 UTC
I have recently upgraded from 4.1.6 to 4.2.1 and am now seeing a kernel
panic when trying to do IPSec (using ipsec-tools, racoon and setkey) over
IPv6:

Call Trace:
  [<ffffffff8151460c>] ? ip6_dst_destroy+0x5c/0xf0
  [<ffffffff8146343f>] dst_destroy+0x6f/0xd0
  [<ffffffff81463557>] dst_gc_task+0xb7/0x220
  [<ffffffff8100cd13>] ? __switch_to+0x273/0x480
  [<ffffffff8106dd21>] process_on_work+0x141/0340
  [<ffffffff8106df93>] worker_thread+0x73/0x470
  [<ffffffff8106df20>] ? process_on_work+0x340/0x340
  [<ffffffff8106df20>] ? process_on_work+0x340/0x340
  [<ffffffff81073645>] kthread+0xe5/0x100
  [<ffffffff81073560>] ? kthread_create_on_node+0x180/0x180
  [<ffffffff8156059f>] ret_from_fork+0x3f/0x70
  [<ffffffff81073560>] ? kthread_create_on_node+0x180/0x180

Code: 48 81 c4 20 10 00 00 89 c6 e8 bb 3a b3 ff 5d c3 66 0f 1f 84 00 00 00 00 00
  65 81 05 dd bb aa 7e 00 02 00 00 31 c0 ba 01 00 00 00 <f0> 0f b1 17 85 c0 75 01
  c3 55 48 89 e5 48 81 ec 20 10 00 00 48
RIP  [<ffffffff8155fd02>] _raw_spin_lock_bh+0x12/0x40
  RSP <ffff8800bb91bcd0>
CR2: 0000000000000000
---[ end trace ae902d1290b61bc5 ]---
Kernel panic - not syncing: Fatal exception in interrupt
Kernel Offset: disabled
---[ end Kernel panic - not syncing: Fatal exception in interrupt


(I had to copy this by hand from the console, so there may be typos, sorry)

I have done a git bisect on the kernel and found that this started to occur
at 8d0b94afdca84598912347e61defa846a0988d04, if I revert this change in
kernel 4.2.2, then the system works as expected.
Comment 1 Alexey Dobriyan 2015-11-06 22:00:21 UTC
"f0 0f b1 17" is "lock cmpxchg %edx, (%rdi)"
Comment 2 Daniel Borkmann 2015-11-06 22:06:11 UTC
(Adding Martin to Cc for the commit.)
Comment 3 Martin KaFai Lau 2015-11-06 22:46:27 UTC
There is a fix related to 8d0b94afdca84598912347e61defa846a0988d04 in 4.2.5:
58d772c ipv6: Don't call with rt6_uncached_list_flush_dev

Also, there is a ipsec related fix for ipv6 which is currently in 4.3:
ebfa45f ipv6: Move common init code for rt6_info to a new function rt6_info_init()
0a1f596 ipv6: Initialize rt6_info properly in ip6_blackhole_route()

Can you give 4.3 a try?
Comment 4 Scott Harrison 2015-11-09 15:46:34 UTC
Initial testing seems to work in 4.3, will do more testing and reopen if it's still there.

Note You need to log in before you can comment on or make changes to this bug.