Most recent kernel where this bug did not occur: 2.6.12 Distribution: Slackware Software Environment: Linux gate 2.6.13 #1 Sat Sep 3 11:32:13 CEST 2005 i686 unknown Gnu C 3.3.5 Gnu make 3.80 binutils 2.15.92.0.2 util-linux 2.11z mount 2.11z module-init-tools 3.1 e2fsprogs 1.35 reiserfsprogs line reiser4progs line Linux C Library 2.3.5 Dynamic linker (ldd) 2.3.5 Linux C++ Library 5.0.7 Procps 3.1.8 Net-tools 1.60 Kbd 1.08 Sh-utils 2.0 Modules Loaded Problem Description: Oops: 0000 [#1] PREEMPT Modules linked in: CPU: 0 EIP: 0060:[<c01f562c>] Not tainted VLI EFLAGS: 00010216 (2.6.13) EIP is at sha1_update+0x7c/0x160 eax: dce92e6c ebx: 00000014 ecx: 00000005 edx: 00000104 esi: 907529d5 edi: dce92eb4 ebp: 907529d5 esp: c04c5c98 ds: 007b es: 007b ss: 0068 Process swapper (pid: 0, threadinfo=c04c5000 task=c03eeb80) Stack: dce92e74 dbe09db4 c04c5ca4 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 Call Trace: [<c01f39e0>] update+0x80/0xb0 [<c01f4106>] crypto_hmac_update+0x26/0x40 [<c036d370>] skb_icv_walk+0xf0/0x200 [<c01f4071>] crypto_hmac_init+0xd1/0x140 [<c0348a23>] esp_hmac_digest+0x93/0xf0 [<c01f40e0>] crypto_hmac_update+0x0/0x40 [<c01f3644>] cbc_encrypt+0x54/0x60 [<c0347ecb>] esp_output+0x38b/0x4a0 [<c0366e1a>] xfrm4_output+0x7a/0x1a0 [<c031537b>] ip_forward+0x17b/0x2e0 [<c03154e0>] ip_forward_finish+0x0/0x60 [<c0313a96>] ip_rcv+0x266/0x520 [<c0313f30>] ip_rcv_finish+0x0/0x2d0 [<c02e5918>] netif_receive_skb+0x198/0x240 [<c02e5a3f>] process_backlog+0x7f/0x100 [<c02e5b4e>] net_rx_action+0x8e/0x1c0 [<c011f7cd>] __do_softirq+0x8d/0xa0 [<c0105493>] do_softirq+0x63/0x70 ======================= [<c011f8a8>] irq_exit+0x38/0x40 [<c0105359>] do_IRQ+0x59/0x80 [<c01035fe>] common_interrupt+0x1a/0x20 [<c0241d07>] acpi_processor_idle+0x123/0x299 [<c01009d8>] cpu_idle+0x48/0x60 [<c044b7b7>] start_kernel+0x157/0x180 [<c044b390>] unknown_bootoption+0x0/0x1b0 Code: 0f 86 f9 00 00 00 8b 84 24 60 01 00 00 bb 40 00 00 00 29 f3 81 fb ff 01 00 00 8d 7c 06 1c 0f 87 c4 00 00 00 89 d9 89 ee c1 e9 02 <f3> a5 89 d9 83 e1 03 74 02 f3 a4 8b 84 24 60 01 00 00 8b b4 24 <0>Kernel panic - not syncing: Fatal exception in interrupt Steps to reproduce: Setup IPsec & wait. Sometimes 30m, sometimes 5h.
Begin forwarded message: Date: Tue, 6 Sep 2005 03:49:57 -0700 From: bugme-daemon@kernel-bugs.osdl.org To: bugme-new@lists.osdl.org Subject: [Bugme-new] [Bug 5194] New: IPSec related OOps in 2.6.13 http://bugzilla.kernel.org/show_bug.cgi?id=5194 Summary: IPSec related OOps in 2.6.13 Kernel Version: 2.6.13 Status: NEW Severity: high Owner: acme@conectiva.com.br Submitter: olel@ans.pl Most recent kernel where this bug did not occur: 2.6.12 Distribution: Slackware Software Environment: Linux gate 2.6.13 #1 Sat Sep 3 11:32:13 CEST 2005 i686 unknown Gnu C 3.3.5 Gnu make 3.80 binutils 2.15.92.0.2 util-linux 2.11z mount 2.11z module-init-tools 3.1 e2fsprogs 1.35 reiserfsprogs line reiser4progs line Linux C Library 2.3.5 Dynamic linker (ldd) 2.3.5 Linux C++ Library 5.0.7 Procps 3.1.8 Net-tools 1.60 Kbd 1.08 Sh-utils 2.0 Modules Loaded Problem Description: Oops: 0000 [#1] PREEMPT Modules linked in: CPU: 0 EIP: 0060:[<c01f562c>] Not tainted VLI EFLAGS: 00010216 (2.6.13) EIP is at sha1_update+0x7c/0x160 eax: dce92e6c ebx: 00000014 ecx: 00000005 edx: 00000104 esi: 907529d5 edi: dce92eb4 ebp: 907529d5 esp: c04c5c98 ds: 007b es: 007b ss: 0068 Process swapper (pid: 0, threadinfo=c04c5000 task=c03eeb80) Stack: dce92e74 dbe09db4 c04c5ca4 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 Call Trace: [<c01f39e0>] update+0x80/0xb0 [<c01f4106>] crypto_hmac_update+0x26/0x40 [<c036d370>] skb_icv_walk+0xf0/0x200 [<c01f4071>] crypto_hmac_init+0xd1/0x140 [<c0348a23>] esp_hmac_digest+0x93/0xf0 [<c01f40e0>] crypto_hmac_update+0x0/0x40 [<c01f3644>] cbc_encrypt+0x54/0x60 [<c0347ecb>] esp_output+0x38b/0x4a0 [<c0366e1a>] xfrm4_output+0x7a/0x1a0 [<c031537b>] ip_forward+0x17b/0x2e0 [<c03154e0>] ip_forward_finish+0x0/0x60 [<c0313a96>] ip_rcv+0x266/0x520 [<c0313f30>] ip_rcv_finish+0x0/0x2d0 [<c02e5918>] netif_receive_skb+0x198/0x240 [<c02e5a3f>] process_backlog+0x7f/0x100 [<c02e5b4e>] net_rx_action+0x8e/0x1c0 [<c011f7cd>] __do_softirq+0x8d/0xa0 [<c0105493>] do_softirq+0x63/0x70 ======================= [<c011f8a8>] irq_exit+0x38/0x40 [<c0105359>] do_IRQ+0x59/0x80 [<c01035fe>] common_interrupt+0x1a/0x20 [<c0241d07>] acpi_processor_idle+0x123/0x299 [<c01009d8>] cpu_idle+0x48/0x60 [<c044b7b7>] start_kernel+0x157/0x180 [<c044b390>] unknown_bootoption+0x0/0x1b0 Code: 0f 86 f9 00 00 00 8b 84 24 60 01 00 00 bb 40 00 00 00 29 f3 81 fb ff 01 00 00 8d 7c 06 1c 0f 87 c4 00 00 00 89 d9 89 ee c1 e9 02 <f3> a5 89 d9 83 e1 03 74 02 f3 a4 8b 84 24 60 01 00 00 8b b4 24 <0>Kernel panic - not syncing: Fatal exception in interrupt Steps to reproduce: Setup IPsec & wait. Sometimes 30m, sometimes 5h. ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
On Tue, Sep 06, 2005 at 04:08:56AM -0700, Andrew Morton wrote: > > Problem Description: > > Oops: 0000 [#1] > PREEMPT > Modules linked in: > CPU: 0 > EIP: 0060:[<c01f562c>] Not tainted VLI > EFLAGS: 00010216 (2.6.13) > EIP is at sha1_update+0x7c/0x160 Thanks for the report. Matt LaPlante had exactly the same problem a couple of days ago. I've tracked down now to my broken crypto cipher wrapper functions which will step over a page boundary if it's not aligned correctly. [CRYPTO] Fix boundary check in standard multi-block cipher processors The boundary check in the standard multi-block cipher processors are broken when nbytes is not a multiple of bsize. In those cases it will always process an extra block. This patch corrects the check so that it processes at most nbytes of data. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Cheers,
On Tue, 6 Sep 2005, Herbert Xu wrote: > On Tue, Sep 06, 2005 at 04:08:56AM -0700, Andrew Morton wrote: >> >> Problem Description: >> >> Oops: 0000 [#1] >> PREEMPT >> Modules linked in: >> CPU: 0 >> EIP: 0060:[<c01f562c>] Not tainted VLI >> EFLAGS: 00010216 (2.6.13) >> EIP is at sha1_update+0x7c/0x160 > > Thanks for the report. Matt LaPlante had exactly the same problem > a couple of days ago. I've tracked down now to my broken crypto > cipher wrapper functions which will step over a page boundary if > it's not aligned correctly. > > > [CRYPTO] Fix boundary check in standard multi-block cipher processors Thanks. Patched my kernel, recompiled and waiting. So far it is OK, Should this patch be merged into 2.6.13.1? Best regards, Krzysztof Ol
Reply-To: laplam@rpi.edu Patch worked like a charm here, no more kernel panics! Excellent work, many thanks for the quick fix...more people should have such a work ethic. Cheers, Matt > -----Original Message----- > From: linux-kernel-owner@vger.kernel.org [mailto:linux-kernel- > owner@vger.kernel.org] On Behalf Of Herbert Xu > Sent: Tuesday, September 06, 2005 8:20 AM > To: Andrew Morton > Cc: netdev@vger.kernel.org; olel@ans.pl; bugme-daemon@kernel- > bugs.osdl.org; Matt LaPlante; Linux Kernel Mailing List; David S. Miller > Subject: Re: Fw: [Bugme-new] [Bug 5194] New: IPSec related OOps in 2.6.13 > > On Tue, Sep 06, 2005 at 04:08:56AM -0700, Andrew Morton wrote: > > > > Problem Description: > > > > Oops: 0000 [#1] > > PREEMPT > > Modules linked in: > > CPU: 0 > > EIP: 0060:[<c01f562c>] Not tainted VLI > > EFLAGS: 00010216 (2.6.13) > > EIP is at sha1_update+0x7c/0x160 > > Thanks for the report. Matt LaPlante had exactly the same problem > a couple of days ago. I've tracked down now to my broken crypto > cipher wrapper functions which will step over a page boundary if > it's not aligned correctly. > > > [CRYPTO] Fix boundary check in standard multi-block cipher processors > > The boundary check in the standard multi-block cipher processors are > broken when nbytes is not a multiple of bsize. In those cases it will > always process an extra block. > > This patch corrects the check so that it processes at most nbytes of data. > > Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> > > Cheers, > -- > Visit Openswan at http://www.openswan.org/ > Email: Herbert Xu ~{PmV>HI~} <herbert@gondor.apana.org.au> > Home Page: http://gondor.apana.org.au/~herbert/ > PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
On Tue, 6 Sep 2005, Herbert Xu wrote: > On Tue, Sep 06, 2005 at 04:08:56AM -0700, Andrew Morton wrote: >> >> Problem Description: >> >> Oops: 0000 [#1] >> PREEMPT >> Modules linked in: >> CPU: 0 >> EIP: 0060:[<c01f562c>] Not tainted VLI >> EFLAGS: 00010216 (2.6.13) >> EIP is at sha1_update+0x7c/0x160 > > Thanks for the report. Matt LaPlante had exactly the same problem > a couple of days ago. I've tracked down now to my broken crypto > cipher wrapper functions which will step over a page boundary if > it's not aligned correctly. This bug is resolved. I believe we can close it. Best regards, Krzysztof Ol