Modify

Opened 6 years ago

Last modified 4 years ago

#10765 new defect

Kernel error when establishing ipsec tunnel(racoon)

Reported by: openwrt@… Owned by: developers
Priority: normal Milestone: Barrier Breaker 14.07
Component: packages Version: 10.03.1
Keywords: ipsec racoon Cc:

Description (last modified by jow)

Running Backfire 10.03.1 on WRT350nv2 using http://downloads.openwrt.org/backfire/10.03.1/orion/openwrt-wrt350nv2-squashfs.img

Having used the ipsec guide and installed the necessary packages, I get the following error from "logread -f" when establishing an ipsec tunnel:

Jan  8 20:42:13 kil-n001 user.alert kernel: Unable to handle kernel paging request at virtual address c200000c
Jan  8 20:42:13 kil-n001 user.alert kernel: pgd = c1388000
Jan  8 20:42:13 kil-n001 user.alert kernel: [c200000c] *pgd=00000000
Jan  8 20:42:13 kil-n001 user.emerg kernel: Internal error: Oops: 5 [#1]
Jan  8 20:42:13 kil-n001 user.emerg kernel: last sysfs file: /sys/devices/platform/leds-gpio/leds/wrt350nv2:green:wireless/mode
Jan  8 20:42:13 kil-n001 user.warn kernel: Modules linked in: ums_usbat ums_sddr55 ums_sddr09 ums_karma ums_jumpshot ums_isd200 ums_freecom ums_datafab ums_cypress ums_alauda nf_nat_tftp nf_conntrack_tftp nf_nat_irc nf_conntrack_irc nf_nat_ftp nf_conntrack_ftp ipt_MASQU
Jan  8 20:42:13 kil-n001 user.warn kernel: CPU: 0    Not tainted  (2.6.32.27 #4)
Jan  8 20:42:13 kil-n001 user.warn kernel: pc : [<c0171e8c>]    lr : [<c0171e7c>]    psr: 80000013
Jan  8 20:42:13 kil-n001 user.warn kernel: sp : c1949f98  ip : 00000000  fp : c1949fc4
Jan  8 20:42:13 kil-n001 user.warn kernel: r10: c026f7d8  r9 : c026f7d8  r8 : 00000001
Jan  8 20:42:13 kil-n001 user.warn kernel: r7 : c1948000  r6 : c026f7d8  r5 : c131e940  r4 : b9fd3349
Jan  8 20:42:13 kil-n001 user.emerg kernel: 9fc0: c0045298 c0171c68 00000000 00000000 c1949fd0 c1949fd0 00000000 00000000
Jan  8 20:42:13 kil-n001 user.emerg kernel: 9fe0: 00000000 00000000 00000000 c1949ff8 c0033aac c004521c 00000000 00000000
Jan  8 20:42:13 kil-n001 user.warn kernel: Backtrace:
Jan  8 20:42:13 kil-n001 user.warn kernel: Function entered at [<c0171c58>] from [<c0045298>]
Jan  8 20:42:13 kil-n001 user.warn kernel: Function entered at [<c004520c>] from [<c0033aac>]
Jan  8 20:42:13 kil-n001 user.warn kernel:  r7:00000000 r6:00000000 r5:00000000 r4:00000000
Jan  8 20:42:13 kil-n001 user.emerg kernel: Code: e5951020 e3a02000 e5954018 e1a00001 (e590300c)
Jan  8 20:42:13 kil-n001 user.warn kernel: ---[ end trace 4b68c3de2b19d6b1 ]---

Attachments (0)

Change History (11)

comment:1 Changed 6 years ago by jow

Looks to me like your running incompatible kmods. Repository packages will not work with a custom built kernel. Also custom built modules that got enabled after flashing the image will not work.

comment:2 Changed 6 years ago by openwrt@…

Hmm... Ok. I've only used opkg and installed the following packages:
$opkg install ipsec-tools kmod-crypto-authenc kmod-ipsec kmod-ipsec4 ip openssl-util

Other than that, the image used is the openwrt-wrt350nv2-squashfs.img. Are the repository packages not compatible with this build?

comment:3 follow-ups: Changed 6 years ago by jow

  • Description modified (diff)

Did you flash and isntall the modules on the same day?

comment:4 in reply to: ↑ 3 Changed 6 years ago by anonymous

Replying to jow:

Did you flash and isntall the modules on the same day?

Yes. Everything done yesterday. Also tried opkg update; opkg list-upgradable shows an empty set.

comment:5 in reply to: ↑ 3 Changed 6 years ago by openwrt@…

Replying to jow:

Did you flash and isntall the modules on the same day?

Also browsed to http://downloads.openwrt.org/backfire/10.03.1/orion/packages/ and noticed that no packages have been changed during 2012.

comment:6 Changed 6 years ago by birnenschnitzel

IO built a ARM toolchain for backfire 10.03.1. objdump verified that the error is raised by mv_cesa.o in function queue_manag.

8c4: 0a000020 beq 94c <queue_manag+0x294>
8c8: e5960000 ldr r0, [r6]
8cc: e3a01058 mov r1, #88 ; 0x58
8d0: e5805028 str r5, [r0, #40]
8d4: e280002c add r0, r0, #44 ; 0x2c
8d8: ebfffffe bl 0 <memzero>
8dc: e5951020 ldr r1, [r5, #32]
8e0: e3a02000 mov r2, #0 ; 0x0
8e4: e5954018 ldr r4, [r5, #24]
8e8: e1a00001 mov r0, r1
8ec: e590300c ldr r3, [r0, #12] <------- OOPS
8f0: e2822001 add r2, r2, #1 ; 0x1
8f4: e2800010 add r0, r0, #16 ; 0x10
8f8: e0544003 subs r4, r4, r3
8fc: 1afffffa bne 8ec <queue_manag+0x234>
900: e5960000 ldr r0, [r6]

comment:7 Changed 6 years ago by anonymous

Arg, better this time:

 8b8:   e1a0e00f        mov     lr, pc
 8bc:   e594f008        ldr     pc, [r4, #8]
 8c0:   e3550000        cmp     r5, #0  ; 0x0
 8c4:   0a000020        beq     94c <queue_manag+0x294>
 8c8:   e5960000        ldr     r0, [r6]
 8cc:   e3a01058        mov     r1, #88 ; 0x58
 8d0:   e5805028        str     r5, [r0, #40]
 8d4:   e280002c        add     r0, r0, #44     ; 0x2c
 8d8:   ebfffffe        bl      0 <__memzero>
 8dc:   e5951020        ldr     r1, [r5, #32]
 8e0:   e3a02000        mov     r2, #0  ; 0x0
 8e4:   e5954018        ldr     r4, [r5, #24]
 8e8:   e1a00001        mov     r0, r1
 8ec:   e590300c        ldr     r3, [r0, #12] <-----
 8f0:   e2822001        add     r2, r2, #1      ; 0x1
 8f4:   e2800010        add     r0, r0, #16     ; 0x10
 8f8:   e0544003        subs    r4, r4, r3
 8fc:   1afffffa        bne     8ec <queue_manag+0x234>
 900:   e5960000        ldr     r0, [r6]
 904:   e3a03004        mov     r3, #4  ; 0x4
 908:   e280002c        add     r0, r0, #44     ; 0x2c
 90c:   ebfffffe        bl      0 <sg_miter_start>

comment:8 Changed 6 years ago by birnenschnitzel

Seems like this is the same bug as

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=585790

This will be hard to fix because tons of patches are mentioned. You better jump on trunk.

Markus

comment:9 Changed 6 years ago by birnenschnitzel

To get it clean: The bug comes from a NULL pointer access in this part:

static int count_sgs(struct scatterlist *sl, unsigned int total_bytes)
{
         int i = 0;

         do {
                 total_bytes -= sl[i].length;
                 i++;
 
         } while (total_bytes > 0);
 
         return i;
}

The function breaks if it gets an NULL pointer instead of a scattelist. Here the code from current kernel:

         while (sl) {
                 cur_len = sl[i].length;
                 ++i;
                 if (total_bytes > cur_len)
                         total_bytes -= cur_len;
                 else
                         break;
         }

The while statement must be placed at the beginning. But as already posted this is only one of some fixes the marvel cesa driver needs.

Markus

comment:10 Changed 6 years ago by birnenschnitzel

@developers: please disable mv_cesa for backfire and add cbc/aes generic modules for orion.

comment:11 Changed 4 years ago by jow

  • Milestone changed from Attitude Adjustment 12.09 to Barrier Breaker 14.07

Milestone Attitude Adjustment 12.09 deleted

Add Comment

Modify Ticket

Action
as new .
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.