IPSec XFRM kernel panic

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Here's my IPSec VPN setup:

  client1===server1(IP via DHCP)---internet---server2(static IP)===client2

All involved machines run 2.6.6 kernels. Server1 and server2 are using
openswan 2.1.1 (kernel-native IPSec).

server1 has just had its IP renewed (and changed), and as I ping
server2 from client1, server1 panics:

KERNEL: assertion (x->km.state == XFRM_STATE_DEAD) failed at net/xfrm/xfrm_state.c (193)
Unable to handle kernel NULL pointer dereference at virutal address 00000296
 printing eip:
c02574c1
*pde = 00000000
Oops: 0000 [#1]
SMP
CPU:    0
EIP:    0060:[<c02574c1>]    Not tainted
EFLAGS: 00010282   (2.6.6)
EIP is at xfrm_state_find+0xa1/0xad0
eax[...]
esi[...]
ds[...]
Process swapper (pid: 0, threadinfo=c02dc000 task=c029d180)
Stack: c01a9fc0 00000000 00000000 00000000 c1407560 00000246 c1407560 c0348360
       00000000 c1456000 00000000 00000000 ffffffff c01aed8b c02ddc24 c0113748
       cae92cd0 2be79800 0006454f c02ddc38 c0113748 c145b100 2c354000 3ccbf42e
Call Trace:
 [<c01a9fc0>] complement_pos+0x20/0x190
 [<c01aed8b>] poke_blanked_console+0x7b/0xd0
 [<c0113748>] recalc_task_prio+0xa8/0x1d0
 [<c0113748>] recalc_task_prio+0xa8/0x1d0
 [<c02557cf>] xfrm_tmpl_resolve+0xaf/0x190
 [<c02558ef>] xfrm_find_bundle+0x3f(0x50
 [<c0255a96>] xfrm_lookup+0x126/0x510
 [<c0254d50>] xfrm_policy_lookup+0x0/0x330
 [<c0251745>] fn_hash_lookup+0xe5/0x110
 [<c0256629>] __xfrm_route_forward+0x49/0x60
 [<c02203db>] ip_forward+0x24b/0x2c0
 [...]

Code: 8b 03 89 dd 89 c3 8d 74 26 00 8b 94 24 ac 00 00 00 8d 04 d5
 <0>Kernel panic: Fatal exception in interrupt
In interrupt handler - not syncing

(There might be errors in the above text. I had to transfer it
manually.)

server2 is set up to allow connections from anyone (%any). I have the
usual four-tunnel set up. This bug is quite easy to reproduce (as long
as the DHCP gives me a new IP, I think).

Please CC me as I'm not subscribed.

Regards,

Oskar Liljeblad (oskar@osk.mine.nu)
-
: send the line "unsubscribe linux-net" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Netdev]     [Ethernet Bridging]     [Linux 802.1Q VLAN]     [Linux Wireless]     [Kernel Newbies]     [Security]     [Linux for Hams]     [Netfilter]     [Git]     [Bugtraq]     [Yosemite News and Information]     [MIPS Linux]     [ARM Linux]     [Linux RAID]     [Linux PCI]     [Linux Admin]     [Samba]

  Powered by Linux