http://bugzilla.novell.com/show_bug.cgi?id=590886
http://bugzilla.novell.com/show_bug.cgi?id=590886#c0
Summary: BUG: unable to handle kernel NULL pointer dereference at 00000025 Classification: openSUSE Product: openSUSE 11.1 Version: Final Platform: HP OS/Version: openSUSE 11.1 Status: NEW Severity: Major Priority: P5 - None Component: Kernel AssignedTo: bnc-team-screening@forge.provo.novell.com ReportedBy: davila@nicaraguaopensource.com QAContact: qa@suse.de Found By: --- Blocker: ---
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; es-ES; rv:1.9.1.7) Gecko/20091221 Firefox/3.5.7
This error happens when I try to setup the communication between two VPN servers using Openswan.
BUG: unable to handle kernel NULL pointer dereference at 00000025 IP: [<c02f9926>] netlink_dump_start+0x42/0x11d *pdpt = 0000000032c75001 *pde = 0000000000000000 Oops: 0000 [#1] SMP last sysfs file: /sys/devices/virtual/net/lo/type Modules linked in: ipcomp6 ipcomp ah6 xfrm_user(-) ah4 esp6 esp4 xfrm4_mode_beet xfrm4_tunnel af_key deflate zlib_deflate ctr camellia cast5 rmd160 sha1_generic crypto_null ccm serpent blowfish twofish_i586 twofish_common ecb xcbc cbc md5 sha256_generic sha512_generic des_generic crypto_blkcipher aes_i586 aes_generic xfrm_ipcomp aead tunnel4 xfrm6_tunn el tunnel6 ip6t_LOG ipt_MASQUERADE xt_pkttype xt_TCPMSS xt_tcpudp ipt_LOG xt_limit iptable_nat nf_nat af_packet binfmt_misc ip6t_REJECT nf_conntrack_ipv6 ip6table_raw xt_NOTRACK ipt_REJECT xt_state iptable_raw iptable_filter ip6table_mangle nf_conntrack_netbios_ns nf_conntrack_ipv4 nf_conntrack ip_tables ip6table_filter ip6_tables x_tables ipv6 microco de fuse xfs loop dm_mod ppdev floppy parport_pc parport container button rtc_cmos rtc_core rtc_lib pcspkr sr_mod cdrom sworks_agp i2c_piix4 tg3 libphy hpwdt i2c_core agpgart hpi lo sg sd_mod crc_t10dif ohci_hcd ehci_hcd usbcore edd ext3 mbcache jbd fan ide_pci_generic serverworks ide_core ata_generic aic7xxx scsi_transport_spi pata_serverworks libata sc si_mod dock thermal processor thermal_sys hwmon [last unloaded: xfrm4_mode_tunnel] Supported: No, Unsupported modules are loaded
Pid: 27161, comm: ip Tainted: G (2.6.27.45-0.1-pae #1) EIP: 0060:[<c02f9926>] EFLAGS: 00010202 CPU: 0 EIP is at netlink_dump_start+0x42/0x11d EAX: f958220a EBX: f3d35280 ECX: 00000000 EDX: ffffff97 ESI: f2da0e00 EDI: f2da2400 EBP: 00000000 ESP: f2d65cc0 DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068 Process ip (pid: 27161, ti=f2d64000 task=f38eaed0 task.ti=f2d64000) Stack: 00000018 f2da0e00 f3d35280 f2d65d60 f9583555 f9582f09 f958220a f480a980 00000002 00000246 c016d6f6 00000000 00000000 c016d888 c05805e0 00000000 f4c00b00 f4c00b00 f4c00d2c 00000000 00000001 00000000 00000002 00000000 Call Trace: [<f9583555>] xfrm_user_rcv_msg+0x6b/0xd2 [xfrm_user] [<c02fab74>] netlink_rcv_skb+0x2d/0x75 [<f9581d57>] xfrm_netlink_rcv+0x19/0x24 [xfrm_user] [<c02fa6b1>] netlink_unicast+0x1a8/0x20b [<c02fa972>] netlink_sendmsg+0x25e/0x26a [<c02dadc1>] sock_sendmsg+0xc9/0xe4 [<c02db7ab>] sys_sendto+0xf9/0x124 [<c02db80d>] sys_send+0x37/0x3b [<c02dc15b>] sys_socketcall+0x148/0x290 [<c0104a0d>] sysenter_do_call+0x12/0x21 [<ffffe430>] 0xffffe430 ======================= Code: e9 ff ba 97 ff ff ff 85 c0 89 c7 0f 84 ee 00 00 00 8b 44 24 14 89 47 08 8b 44 24 18 89 77 04 89 47 0c 90 ff 83 b0 00 00 00 89 1f <0f> b6 45 25 8b 73 2c 6b d8 38 b8 dc c4 5 1 c0 03 1d 54 47 65 c0 EIP: [<c02f9926>] netlink_dump_start+0x42/0x11d SS:ESP 0068:f2d65cc0 ---[ end trace 0423948f14a37097 ]---
Reproducible: Always
Steps to Reproduce: 1.Install openswan 2.Configure a net to net connection 3.Execute ipsec auto --up connection Actual Results: BUG: unable to handle kernel NULL pointer dereference at 00000025 IP: [<c02f9926>] netlink_dump_start+0x42/0x11d *pdpt = 0000000032c75001 *pde = 0000000000000000 Oops: 0000 [#1] SMP last sysfs file: /sys/devices/virtual/net/lo/type Modules linked in: ipcomp6 ipcomp ah6 xfrm_user(-) ah4 esp6 esp4 xfrm4_mode_beet xfrm4_tunnel af_key deflate zlib_deflate ctr camellia cast5 rmd160 sha1_generic crypto_null ccm serpent blowfish twofish_i586 twofish_common ecb xcbc cbc md5 sha256_generic sha512_generic des_generic crypto_blkcipher aes_i586 aes_generic xfrm_ipcomp aead tunnel4 xfrm6_tunn el tunnel6 ip6t_LOG ipt_MASQUERADE xt_pkttype xt_TCPMSS xt_tcpudp ipt_LOG xt_limit iptable_nat nf_nat af_packet binfmt_misc ip6t_REJECT nf_conntrack_ipv6 ip6table_raw xt_NOTRACK ipt_REJECT xt_state iptable_raw iptable_filter ip6table_mangle nf_conntrack_netbios_ns nf_conntrack_ipv4 nf_conntrack ip_tables ip6table_filter ip6_tables x_tables ipv6 microco de fuse xfs loop dm_mod ppdev floppy parport_pc parport container button rtc_cmos rtc_core rtc_lib pcspkr sr_mod cdrom sworks_agp i2c_piix4 tg3 libphy hpwdt i2c_core agpgart hpi lo sg sd_mod crc_t10dif ohci_hcd ehci_hcd usbcore edd ext3 mbcache jbd fan ide_pci_generic serverworks ide_core ata_generic aic7xxx scsi_transport_spi pata_serverworks libata sc si_mod dock thermal processor thermal_sys hwmon [last unloaded: xfrm4_mode_tunnel] Supported: No, Unsupported modules are loaded
Pid: 27161, comm: ip Tainted: G (2.6.27.45-0.1-pae #1) EIP: 0060:[<c02f9926>] EFLAGS: 00010202 CPU: 0 EIP is at netlink_dump_start+0x42/0x11d EAX: f958220a EBX: f3d35280 ECX: 00000000 EDX: ffffff97 ESI: f2da0e00 EDI: f2da2400 EBP: 00000000 ESP: f2d65cc0 DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068 Process ip (pid: 27161, ti=f2d64000 task=f38eaed0 task.ti=f2d64000) Stack: 00000018 f2da0e00 f3d35280 f2d65d60 f9583555 f9582f09 f958220a f480a980 00000002 00000246 c016d6f6 00000000 00000000 c016d888 c05805e0 00000000 f4c00b00 f4c00b00 f4c00d2c 00000000 00000001 00000000 00000002 00000000 Call Trace: [<f9583555>] xfrm_user_rcv_msg+0x6b/0xd2 [xfrm_user] [<c02fab74>] netlink_rcv_skb+0x2d/0x75 [<f9581d57>] xfrm_netlink_rcv+0x19/0x24 [xfrm_user] [<c02fa6b1>] netlink_unicast+0x1a8/0x20b [<c02fa972>] netlink_sendmsg+0x25e/0x26a [<c02dadc1>] sock_sendmsg+0xc9/0xe4 [<c02db7ab>] sys_sendto+0xf9/0x124 [<c02db80d>] sys_send+0x37/0x3b [<c02dc15b>] sys_socketcall+0x148/0x290 [<c0104a0d>] sysenter_do_call+0x12/0x21 [<ffffe430>] 0xffffe430 ======================= Code: e9 ff ba 97 ff ff ff 85 c0 89 c7 0f 84 ee 00 00 00 8b 44 24 14 89 47 08 8b 44 24 18 89 77 04 89 47 0c 90 ff 83 b0 00 00 00 89 1f <0f> b6 45 25 8b 73 2c 6b d8 38 b8 dc c4 5 1 c0 03 1d 54 47 65 c0 EIP: [<c02f9926>] netlink_dump_start+0x42/0x11d SS:ESP 0068:f2d65cc0 ---[ end trace 0423948f14a37097 ]---
Expected Results: Connection established between two VPN servers.
http://bugzilla.novell.com/show_bug.cgi?id=590886
http://bugzilla.novell.com/show_bug.cgi?id=590886#c
yang xiaoyu xyyang@novell.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |xyyang@novell.com AssignedTo|bnc-team-screening@forge.pr |kernel-maintainers@forge.pr |ovo.novell.com |ovo.novell.com
http://bugzilla.novell.com/show_bug.cgi?id=590886
http://bugzilla.novell.com/show_bug.cgi?id=590886#c1
Jeff Mahoney jeffm@novell.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |jeffm@novell.com
--- Comment #1 from Jeff Mahoney jeffm@novell.com 2010-03-30 20:40:15 UTC --- Thanks for the report. This is caused by netlink_dump_start getting passed a NULL struct sock.
The one passed from xfrm_user_rcv_msg is xfrm_nl, which is a global symbol and is supposed to be initialized in xfrm_user_init. I'm not sure why it's getting cleared again.
http://bugzilla.novell.com/show_bug.cgi?id=590886
http://bugzilla.novell.com/show_bug.cgi?id=590886#c2
--- Comment #2 from Jeff Mahoney jeffm@novell.com 2010-03-31 00:48:00 UTC --- I suppose there is a race there. xfrm_netlink_rcv expects xfrm_nl to be initialized but if a packet comes in between the socket getting created and the pointer getting assigned it would hit a NULL pointer.
http://bugzilla.novell.com/show_bug.cgi?id=590886
http://bugzilla.novell.com/show_bug.cgi?id=590886#c
Jeff Mahoney jeffm@novell.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Priority|P5 - None |P3 - Medium AssignedTo|kernel-maintainers@forge.pr |jbohac@novell.com |ovo.novell.com |
https://bugzilla.novell.com/show_bug.cgi?id=590886
https://bugzilla.novell.com/show_bug.cgi?id=590886#c3
Larry Finger Larry.Finger@lwfinger.net changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED CC| |Larry.Finger@lwfinger.net Resolution| |NORESPONSE
--- Comment #3 from Larry Finger Larry.Finger@lwfinger.net 2011-04-02 02:36:01 UTC --- The version with which you had the bug is now obsolete. I'll close this as NORESPONSE. If you can still reproduce it in current 11.4, please reopen the bug and move it to the appropriate version. Thanks!
-
bugzilla_noreply@novell.com