Bug 173938

Summary: Oops when sending large ping over ipsec connection
Product: [Fedora] Fedora Reporter: Florian Schirmer <schirmer>
Component: kernelAssignee: Dave Jones <davej>
Status: CLOSED INSUFFICIENT_DATA QA Contact: Brian Brock <bbrock>
Severity: high Docs Contact:
Priority: medium    
Version: 5CC: davej, pfrields, wtogami
Target Milestone: ---   
Target Release: ---   
Hardware: i686   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2006-11-24 23:17:35 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Florian Schirmer 2005-11-22 20:13:22 UTC 
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (compatible; Konqueror/3.4; Linux) KHTML/3.4.2 (like Gecko)

Description of problem:
I'm having an ipsec connection established using the openswan package. If i'm  
pinging a host on the other ipsec end using ping -s 20000 <ip> then ping  
crashes and the kernel spits out a BUG. See below. ping -s 10000 <ip> seems to  
work. ping -s 20000 <vpn gateway> works too (ping won't travel over the ipsec 
link) 
  
Nov 22 22:03:04 gatekeeper kernel:  ------------[ cut here ]------------   
Nov 22 22:03:04 gatekeeper kernel: kernel BUG at net/core/datagram.c:253!   
Nov 22 22:03:04 gatekeeper kernel: invalid operand: 0000 [#2]   
Nov 22 22:03:04 gatekeeper kernel: Modules linked in: xfrm4_tunnel af_key   
pppoe pppox ppp_generic iptable_mangle deflate zlib_deflate twofish serpent   
blowfish sha256 crypto_null aes des ipcomp esp4 ah4 i915 drm ipv6 parport_pc   
lp parport autofs4 w83627hf hwmon_vid hwmon i2c_isa rfcomm l2cap bluetooth   
sunrpc ipt_TCPMSS iptable_filter ipt_MASQUERADE iptable_nat ip_nat   
ip_conntrack nfnetlink ip_tables dm_mod video button battery ac hfc_usb   
uhci_hcd ehci_hcd intelfb shpchp i8xx_tco i2c_i801 i2c_core skge hisax   
crc_ccitt isdn slhc ext3 jbd sata_promise libata sd_mod scsi_mod   
Nov 22 22:03:04 gatekeeper kernel: CPU:    0   
Nov 22 22:03:04 gatekeeper kernel: EIP:    0060:[<c02c2957>]    Not tainted   
VLI   
Nov 22 22:03:04 gatekeeper kernel: EFLAGS: 00010282   (2.6.14-1.1657_FC5)   
Nov 22 22:03:04 gatekeeper kernel: EIP is at   
skb_copy_datagram_iovec+0x163/0x16d   
Nov 22 22:03:04 gatekeeper kernel: eax: d77ff5d4   ebx: 00000000   ecx:   
d323dbe8   edx: d1944e98   
Nov 22 22:03:04 gatekeeper kernel: esi: d323dbe8   edi: 000005b0   ebp:   
00000000   esp: cb5d2d14   
Nov 22 22:03:04 gatekeeper kernel: ds: 007b   es: 007b   ss: 0068   
Nov 22 22:03:04 gatekeeper kernel: Process ping (pid: 7404,   
threadinfo=cb5d2000 task=c9934570)   
Nov 22 22:03:04 gatekeeper kernel: Stack: cb5d2f0c 000005b0 00000000 d323dbe8   
000005b0 ce8c36ce c16e42e8 0000009e   
Nov 22 22:03:04 gatekeeper kernel:        cb5d2f4c d323d484 cb5d2e8c 00004e3c   
c02fd1b2 0000488c 00000000 c16e4268   
Nov 22 22:03:04 gatekeeper kernel:        c03ae160 c16e4268 ffffffa1 00000000   
c03ae160 cb5d2f4c cb5d2f4c c02bf38d   
Nov 22 22:03:04 gatekeeper kernel: Call Trace:   
Nov 22 22:03:04 gatekeeper kernel:  [<c02fd1b2>] raw_recvmsg+0x7c/0x1cf   
Nov 22 22:03:04 gatekeeper kernel:  [<c02bf38d>] sock_common_recvmsg+0x3e/0x54   
Nov 22 22:03:04 gatekeeper kernel:  [<c02bba99>] sock_recvmsg+0x103/0x11e   
Nov 22 22:03:04 gatekeeper kernel:  [<c011b4dd>] try_to_wake_up+0x41/0xb6   
Nov 22 22:03:04 gatekeeper kernel:  [<c0131f7a>]   
autoremove_wake_function+0x0/0x37   
Nov 22 22:03:04 gatekeeper kernel:  [<c0149b2c>] dbg_redzone1+0xe/0x1f   
Nov 22 22:03:04 gatekeeper kernel:  [<c014bc69>]   
cache_alloc_debugcheck_after+0x2f/0x11b   
Nov 22 22:03:04 gatekeeper kernel:  [<c0131f7a>]   
autoremove_wake_function+0x0/0x37   
Nov 22 22:03:04 gatekeeper kernel:  [<c014192d>] audit_sockaddr+0x39/0x78   
Nov 22 22:03:04 gatekeeper kernel:  [<c01e6ffe>] copy_from_user+0x4c/0x8e   
Nov 22 22:03:04 gatekeeper kernel:  [<c02bd327>] sys_recvmsg+0x111/0x1d7   
Nov 22 22:03:04 gatekeeper kernel:  [<c032379e>] _read_unlock_irq+0x5/0x7   
Nov 22 22:03:04 gatekeeper kernel:  [<c0142ef2>] find_get_page+0x36/0x41   
Nov 22 22:03:04 gatekeeper kernel:  [<c0143f0d>] filemap_nopage+0x2d8/0x388   
Nov 22 22:03:04 gatekeeper kernel:  [<c014a1a4>] poison_obj+0x20/0x3d   
Nov 22 22:03:04 gatekeeper kernel:  [<c014a398>] check_poison_obj+0x24/0x17b   
Nov 22 22:03:04 gatekeeper kernel:  [<c014a1a4>] poison_obj+0x20/0x3d   
Nov 22 22:03:04 gatekeeper kernel:  [<c0149b2c>] dbg_redzone1+0xe/0x1f   
Nov 22 22:03:04 gatekeeper kernel:  [<c014bc69>]   
cache_alloc_debugcheck_after+0x2f/0x11b   
Nov 22 22:03:04 gatekeeper kernel:  [<c02bd678>] sys_socketcall+0x28b/0x292   
Nov 22 22:03:04 gatekeeper kernel:  [<c0102ec1>] syscall_call+0x7/0xb   
Nov 22 22:03:04 gatekeeper kernel: Code: 8b 04 24 e8 9b f9 ff ff 89 44 24 08   
8b 44 24 08 85 c0 74 8d b8 f2 ff ff ff 83 c4 20 5b 5e 5f 5d c3 31 c0 83 c4 20   
5b 5e 5f 5d c3 <0f> 0b fd 00 89 66 36 c0 eb a8 55 57 56 53 83 ec 34 89 44 24   
20   

Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
1. Establish ipsec connection  
2. ping -s 20000 remote side 
3. Crash 

Actual Results:  ping crashes + BUG in syslog  

Expected Results:  No crash, ping reply  

Additional info:
Comment 1 Florian Schirmer 2005-11-22 20:15:39 UTC 
This is a FC4 system including all updates + FC5 kernel installed
Comment 2 Dave Jones 2005-11-23 06:09:18 UTC 
that kernel is a little old now, can you still reproduce it with the kernel at
http://people.redhat.com/davej/kernels/Fedora/devel/  ?
(Daily builds go there right now until post-test1)
Comment 3 Florian Schirmer 2005-11-24 18:53:47 UTC 
Yes i can:

Nov 24 20:53:01 gatekeeper kernel: ------------[ cut here ]------------
Nov 24 20:53:01 gatekeeper kernel: kernel BUG at net/core/datagram.c:253!
Nov 24 20:53:01 gatekeeper kernel: invalid operand: 0000 [#1]
Nov 24 20:53:01 gatekeeper kernel: Modules linked in: xfrm4_tunnel af_key deflate zlib_deflate twofish 
serpent blowfish sha256 crypto_null aes des ipcomp esp4 ah4 pppoe pppox ppp_generic ipv6 
parport_pc lp parport autofs4 w83627hf hwmon_vid hwmon i2c_isa rfcomm l2cap bluetooth sunrpc 
ipt_TCPMSS iptable_filter ipt_MASQUERADE iptable_nat ip_nat ip_conntrack nfnetlink ip_tables dm_mod 
video button battery ac uhci_hcd ehci_hcd intelfb shpchp i8xx_tco i2c_i801 i2c_core skge hisax 
crc_ccitt isdn slhc ext3 jbd sata_promise libata sd_mod scsi_mod
Nov 24 20:53:01 gatekeeper kernel: CPU:    0
Nov 24 20:53:01 gatekeeper kernel: EIP:    0060:[<c02c4e77>]    Not tainted VLI
Nov 24 20:53:01 gatekeeper kernel: EFLAGS: 00010282   (2.6.14-1.1709_FC5) 
Nov 24 20:53:01 gatekeeper kernel: EIP is at skb_copy_datagram_iovec+0x163/0x16d
Nov 24 20:53:01 gatekeeper kernel: eax: dd641058   ebx: 00000000   ecx: dfdbe07c   edx: dc533cf4
Nov 24 20:53:01 gatekeeper kernel: esi: dfdbe07c   edi: 000005b0   ebp: 00000000   esp: de824d14
Nov 24 20:53:01 gatekeeper kernel: ds: 007b   es: 007b   ss: 0068
Nov 24 20:53:01 gatekeeper kernel: Process ping (pid: 2811, threadinfo=de824000 task=dc1a3570)
Nov 24 20:53:01 gatekeeper kernel: Stack: de824f0c 000005b0 00000000 dfdbe07c 000005b0 
de6a0278 c16ea0bc 0000009f 
Nov 24 20:53:01 gatekeeper kernel:        de824f4c de5de7b4 de824e8c 00004e3c 
c0301912 0000488c 00000000 c16ea03c 
Nov 24 20:53:01 gatekeeper kernel:        c03b0ca0 c16ea03c ffffffa1 00000000 c03b0ca0 de824f4c 
de824f4c c02c189d 
Nov 24 20:53:01 gatekeeper kernel: Call Trace:
Nov 24 20:53:01 gatekeeper kernel:  [<c0301912>] raw_recvmsg+0x7c/0x1cf
Nov 24 20:53:01 gatekeeper kernel:  [<c02c189d>] sock_common_recvmsg+0x3e/0x54
Nov 24 20:53:01 gatekeeper kernel:  [<c02bdf8d>] sock_recvmsg+0xfd/0x118
Nov 24 20:53:01 gatekeeper kernel:  [<c0119f13>] try_to_wake_up+0x41/0xcc
Nov 24 20:53:01 gatekeeper kernel:  [<c013091a>] autoremove_wake_function+0x0/0x37
Nov 24 20:53:01 gatekeeper kernel:  [<c01482ac>] dbg_redzone1+0xe/0x1f
Nov 24 20:53:01 gatekeeper kernel:  [<c014a3fa>] cache_alloc_debugcheck_after+0x2e/0x11a
Nov 24 20:53:01 gatekeeper kernel:  [<c013091a>] autoremove_wake_function+0x0/0x37
Nov 24 20:53:01 gatekeeper kernel:  [<c014005d>] audit_sockaddr+0x39/0x78
Nov 24 20:53:01 gatekeeper kernel:  [<c01e5b0e>] copy_from_user+0x4c/0x8e
Nov 24 20:53:01 gatekeeper kernel:  [<c02bf817>] sys_recvmsg+0x111/0x1d7
Nov 24 20:53:01 gatekeeper kernel:  [<c0145787>] buffered_rmqueue+0x1da/0x219
Nov 24 20:53:01 gatekeeper kernel:  [<c01458c5>] get_page_from_freelist+0x5d/0x77
Nov 24 20:53:01 gatekeeper kernel:  [<c0145936>] __alloc_pages+0x57/0x2f7
Nov 24 20:53:01 gatekeeper kernel:  [<c0148936>] poison_obj+0x20/0x3d
Nov 24 20:53:01 gatekeeper kernel:  [<c0148b2a>] check_poison_obj+0x24/0x17b
Nov 24 20:53:01 gatekeeper kernel:  [<c0148936>] poison_obj+0x20/0x3d
Nov 24 20:53:01 gatekeeper kernel:  [<c01482ac>] dbg_redzone1+0xe/0x1f
Nov 24 20:53:01 gatekeeper kernel:  [<c014a3fa>] cache_alloc_debugcheck_after+0x2e/0x11a
Nov 24 20:53:01 gatekeeper kernel:  [<c02bfb68>] sys_socketcall+0x28b/0x292
Nov 24 20:53:01 gatekeeper kernel:  [<c0102ec5>] syscall_call+0x7/0xb
Nov 24 20:53:01 gatekeeper kernel: Code: 8b 04 24 e8 9b f9 ff ff 89 44 24 08 8b 44 24 08 85 
c0 74 8d b8 f2 ff ff ff 83 c4 20 5b 5e 5f 5d c3 31 c0 83 c4 20 5b 5e 5f 5d c3 <0f> 0b fd 00 83 83 36 
c0 eb a8 55 57 56 53 83 ec 34 89 44 24 20
Comment 4 Dave Jones 2006-10-17 00:51:32 UTC 
A new kernel update has been released (Version: 2.6.18-1.2200.fc5)
based upon a new upstream kernel release.

Please retest against this new kernel, as a large number of patches
go into each upstream release, possibly including changes that
may address this problem.

This bug has been placed in NEEDINFO state.
Due to the large volume of inactive bugs in bugzilla, if this bug is
still in this state in two weeks time, it will be closed.

Should this bug still be relevant after this period, the reporter
can reopen the bug at any time. Any other users on the Cc: list
of this bug can request that the bug be reopened by adding a
comment to the bug.

In the last few updates, some users upgrading from FC4->FC5
have reported that installing a kernel update has left their
systems unbootable. If you have been affected by this problem
please check you only have one version of device-mapper & lvm2
installed.  See bug 207474 for further details.

If this bug is a problem preventing you from installing the
release this version is filed against, please see bug 169613.

If this bug has been fixed, but you are now experiencing a different
problem, please file a separate bug for the new problem.

Thank you.
Comment 5 Dave Jones 2006-11-24 23:17:35 UTC 
This bug has been mass-closed along with all other bugs that
have been in NEEDINFO state for several months.

Due to the large volume of inactive bugs in bugzilla, this
is the only method we have of cleaning out stale bug reports
where the reporter has disappeared.

If you can reproduce this bug after installing all the
current updates, please reopen this bug.

If you are not the reporter, you can add a comment requesting
it be reopened, and someone will get to it asap.

Thank you.