[strongSwan] Kernel panic with VTI tunnel

Zesen Qian strongswan-users at riaqn.com
Sun Mar 15 15:46:36 CET 2015 

Hi Mike,
Should be completely unrelated, but I encountered kernel panic every 2 days,
and I switched to openvpn.
picture:
http://img.vim-cn.com/bf/6563b61ec8c08960e74fe5c12390e21c5174b6.png

kernel is 3.19.1 on KVM, strongswan 5.2.2.

Mike Noordermeer <mike at normi.net> writes:

> Hi,
>
> I am currently experiencing the same kernel panic on multiple hosts,
> with a quite recent Linux kernel, and was wondering if anyone here has
> an idea of what the issue could be, or how I could further debug it.
> Any help is appreciated.
>
> I am using Linux 3.16 (3.16.7-ckt4-3~bpo70+1 from Debian
> wheezy-backports) and Strongswan 5.2.1 (5.2.1-5~bpo70+1 form Debian
> wheezy-backports). I have a fairly 'simple' tunnel with a mark and a
> left/right subnet of 0/0, and disabled install_routes in Strongswan.
> Then I have a VTI device configured with the same mark. This all works
> well, but causes a kernel panic every few hours, always on the same
> spot. As far as I can see, no fixes for such an issue have been
> committed to the kernel since version 3.16.
>
> From the backtrace it seems that xfrm_input() in the kernel is hitting
> a NULL dereference, when dereferencing 'outer_mode' in the xfrm_state
> struct, this line to be precise:
> https://github.com/torvalds/linux/blob/2e71029e2c32ecd59a2e8f351517bfbbad42ac11/include/net/xfrm.h#L1807
>
> Any idea on why this could be NULL? Some config details and the full
> backtrace are below.
>
> Thanks,
>
> Mike
>
> ----------------------------------------
> Simplified ipsec.conf:
> ----------------------------------------
>
> config setup
>
> conn %default
>         keyexchange = ikev2
>         dpdaction = restart
>         esp = aes128gcm128-modp4096!
>         ike = aes128gcm128-prfsha256-modp4096!
>         mobike = no
>         auto = route
>
> conn myconnection
>         left = x.x.x.x
>         leftcert = leftcert.crt
>         leftsubnet = 0.0.0.0/0
>         right = y.y.y.y
>         rightcert = rightcert.crt
>         rightsubnet = 0.0.0.0/0
>         mark = 15
>
> ----------------------------------------
> ip xfrm policy
> ----------------------------------------
>
> src 0.0.0.0/0 dst 0.0.0.0/0
>     dir fwd priority 3075 ptype main
>     mark 15/0xffffffff
>     tmpl src y.y.y.y dst x.x.x.x
>         proto esp reqid 1 mode tunnel
> src 0.0.0.0/0 dst 0.0.0.0/0
>     dir in priority 3075 ptype main
>     mark 15/0xffffffff
>     tmpl src y.y.y.y dst x.x.x.x
>         proto esp reqid 1 mode tunnel
> src 0.0.0.0/0 dst 0.0.0.0/0
>     dir out priority 3075 ptype main
>     mark 15/0xffffffff
>     tmpl src x.x.x.x dst y.y.y.y
>         proto esp reqid 1 mode tunnel
> src 0.0.0.0/0 dst 0.0.0.0/0
>     socket in priority 0 ptype main
> src 0.0.0.0/0 dst 0.0.0.0/0
>     socket out priority 0 ptype main
> src 0.0.0.0/0 dst 0.0.0.0/0
>     socket in priority 0 ptype main
> src 0.0.0.0/0 dst 0.0.0.0/0
>     socket out priority 0 ptype main
> src ::/0 dst ::/0
>     socket in priority 0 ptype main
> src ::/0 dst ::/0
>     socket out priority 0 ptype main
> src ::/0 dst ::/0
>     socket in priority 0 ptype main
> src ::/0 dst ::/0
>     socket out priority 0 ptype main
>
> ----------------------------------------
> ip xfrm state
> ----------------------------------------
>
> src x.x.x.x dst y.y.y.y
>     proto esp spi 0xcb5c6f72 reqid 1 mode tunnel
>     replay-window 32 flag af-unspec
>     mark 15/0xffffffff
>     aead rfc4106(gcm(aes)) 0x3d1c9ae2f921fc088b2e54a1d1efcd3e4441e502 128
> src y.y.y.y dst x.x.x.x
>     proto esp spi 0xcd742975 reqid 1 mode tunnel
>     replay-window 32 flag af-unspec
>     mark 15/0xffffffff
>     aead rfc4106(gcm(aes)) 0x439dd5bf790a1f7ba1979d798757bab94f62776c 128
> src x.x.x.x dst y.y.y.y
>     proto esp spi 0xc79db590 reqid 1 mode tunnel
>     replay-window 32 flag af-unspec
>     mark 15/0xffffffff
>     aead rfc4106(gcm(aes)) 0x7bf0811323a4df1118680d30d4117ed403b60bd8 128
> src y.y.y.y dst x.x.x.x
>     proto esp spi 0xc8e198f5 reqid 1 mode tunnel
>     replay-window 32 flag af-unspec
>     mark 15/0xffffffff
>     aead rfc4106(gcm(aes)) 0x1f1f32fc74a0d8ba38b9aab67fbbfff1024cf265 128
>
> ----------------------------------------
> Kernel oops backtrace
> ----------------------------------------
>
> [31202.487290] BUG: unable to handle kernel NULL pointer dereference
> at 0000000000000034
> [31202.499656] IP: [<ffffffff814e4a12>] xfrm_input+0x3d2/0x590
> [31202.502444] PGD 0
> [31202.503479] Oops: 0000 [#1] SMP
> [31202.505121] Modules linked in: seqiv xfrm6_mode_tunnel
> xfrm4_mode_tunnel xfrm_user xfrm4_tunnel tunnel4 ipcomp xfrm_ipcomp
> esp4 ah4 af_key xfrm_algo act_police cls_basic cls_flow cls_fw cls_u32
> sch_tbf sch_prio sch_hfsc sch_htb sch_ingress sch_sfq xt_statistic
> xt_CT xt_realm xt_LOG iptable_raw xt_connlimit xt_addrtype xt_comment
> xt_nat xt_recent ipt_ULOG ipt_REJECT ipt_MASQUERADE ipt_ECN
> ipt_CLUSTERIP ipt_ah nf_nat_tftp nf_nat_snmp_basic nf_conntrack_snmp
> nf_nat_sip nf_nat_pptp nf_nat_proto_gre nf_nat_irc nf_nat_h323
> nf_nat_ftp xt_set ip_set nf_nat_amanda nf_conntrack_tftp
> nf_conntrack_sip nf_conntrack_sane nf_conntrack_proto_udplite
> nf_conntrack_proto_sctp nf_conntrack_pptp nf_conntrack_proto_gre
> nf_conntrack_netlink nf_conntrack_netbios_ns nf_conntrack_broadcast
> nf_conntrack_irc ts_kmp nf_conntrack_amanda nf_conntrack_h323
> nf_conntrack_ftp xt_time xt_TCPMSS xt_TPROXY xt_tcpmss xt_sctp
> xt_policy xt_pkttype xt_physdev xt_owner xt_NFLOG nfnetlink_log
> xt_NFQUEUE xt_multiport xt_mark xt_mac xt_limit xt_length xt_iprange
> xt_helper xt_hashlimit xt_DSCP xt_dscp xt_dccp xt_connmark xt_CLASSIFY
> ip6t_REJECT xt_AUDIT xt_tcpudp iptable_nat nf_nat_ipv4 xt_state nf_nat
> nf_conntrack_ipv6 nf_conntrack_ipv4 nf_defrag_ipv6 nf_defrag_ipv4
> xt_conntrack nf_conntrack iptable_mangle ip6table_raw ip6table_mangle
> nfnetlink iptable_filter ip6table_filter ip6_tables ip_tables x_tables
> ip_vti ip_tunnel loop coretemp vmwgfx ttm crct10dif_pclmul
> drm_kms_helper crc32_pclmul ghash_clmulni_intel drm aesni_intel
> aes_x86_64 lrw gf128mul glue_helper vmw_balloon ablk_helper cryptd
> psmouse i2c_piix4 i2c_core serio_raw pcspkr evdev vmw_vmci shpchp
> battery parport_pc parport processor thermal_sys ac button ext4 crc16
> mbcache jbd2 dm_mod sr_mod cdrom sg sd_mod crc_t10dif crct10dif_common
> ata_generic crc32c_intel floppy ata_piix e1000 libata mptspi
> scsi_transport_spi mptscsih mptbase scsi_mod
> [31202.591173] CPU: 0 PID: 3829 Comm: charon Not tainted
> 3.16.0-0.bpo.4-amd64 #1 Debian 3.16.7-ckt4-3~bpo70+1
> [31202.595671] Hardware name: VMware, Inc. VMware Virtual
> Platform/440BX Desktop Reference Platform, BIOS 6.00 04/14/2014
> [31202.600531] task: ffff88002b3112f0 ti: ffff88002bef4000 task.ti:
> ffff88002bef4000
> [31202.603967] RIP: 0010:[<ffffffff814e4a12>]  [<ffffffff814e4a12>]
> xfrm_input+0x3d2/0x590
> [31202.607734] RSP: 0000:ffff880031003b98  EFLAGS: 00010286
> [31202.610241] RAX: 0000000000000000 RBX: ffff880030a33d00 RCX: 0000000000000000
> [31202.613640] RDX: 0000000000000001 RSI: 0000000000000200 RDI: ffffffff814e1633
> [31202.617023] RBP: 0000000000000002 R08: ffff880030916c00 R09: 0000000000000002
> [31202.620272] R10: 0000000000000032 R11: 00000000033993db R12: 0000000000000032
> [31202.623532] R13: 0000000000000032 R14: ffff880030916c00 R15: 0000000000000000
> [31202.626860] FS:  00007f669aafa700(0000) GS:ffff880031000000(0000)
> knlGS:0000000000000000
> [31202.630585] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> [31202.633234] CR2: 0000000000000034 CR3: 000000002146e000 CR4: 00000000000407f0
> [31202.636588] Stack:
> [31202.637589]  ffffffff81486050 00000000a1339d6c ffffffff818b7bc0
> 0000000030a33d00
> [31202.641338]  ffff88002925769e 5059f5ca00000002 0000000000000032
> 01000000260ae8c0
> [31202.645024]  ffff88002a902000 ffff880030a33d00 ffffffffa02df040
> ffffffff818b7bc0
> [31202.648700] Call Trace:
> [31202.649879]  <IRQ>
> [31202.650797]  [<ffffffff81486050>] ? ip_rcv_finish+0x370/0x370
> [31202.653769]  [<ffffffff814d87b7>] ? xfrm4_esp_rcv+0x37/0x70
> [31202.656423]  [<ffffffff814860ee>] ? ip_local_deliver_finish+0x9e/0x200
> [31202.659449]  [<ffffffff8144b15b>] ? __netif_receive_skb_core+0x57b/0x700
> [31202.662551]  [<ffffffff8101e0c5>] ? read_tsc+0x5/0x20
> [31202.664889]  [<ffffffff8144ba6f>] ? netif_receive_skb_internal+0x1f/0x90
> [31202.668100]  [<ffffffff8144c3d8>] ? napi_gro_receive+0x128/0x1b0
> [31202.670892]  [<ffffffffa00af36b>] ? e1000_clean_rx_irq+0x2db/0x560 [e1000]
> [31202.674112]  [<ffffffffa00b0313>] ? e1000_clean+0x273/0x980 [e1000]
> [31202.677012]  [<ffffffffa00b0406>] ? e1000_clean+0x366/0x980 [e1000]
> [31202.679902]  [<ffffffff8104dab1>] ? ack_apic_level+0x81/0x170
> [31202.682591]  [<ffffffff8144cb21>] ? net_rx_action+0x121/0x230
> [31202.685246]  [<ffffffff81072c0e>] ? __do_softirq+0xde/0x2e0
> [31202.687941]  [<ffffffff8104dab1>] ? ack_apic_level+0x81/0x170
> [31202.690708]  [<ffffffff81073066>] ? irq_exit+0x86/0xb0
> [31202.693130]  [<ffffffff8154c856>] ? do_IRQ+0x66/0x110
> [31202.695531]  [<ffffffff8154a6ed>] ? common_interrupt+0x6d/0x6d
> [31202.698241]  <EOI>
> [31202.699165] Code: ff ff 85 c0 0f 85 c1 fd ff ff e9 05 fd ff ff 66
> 2e 0f 1f 84 00 00 00 00 00 48 83 7b 40 00 0f 84 5b fd ff ff 49 8b 86
> e0 02 00 00 <f6> 40 34 01 0f 84 85 fd ff ff e9 45 fd ff ff 0f 1f 80 00
> 00 00
> [31202.712413] RIP  [<ffffffff814e4a12>] xfrm_input+0x3d2/0x590
> [31202.715102]  RSP <ffff880031003b98>
> [31202.716751] CR2: 0000000000000034
> [31202.719064] ---[ end trace cebe794b0c57af5e ]---
> [31202.721593] Kernel panic - not syncing: Fatal exception in interrupt
> [31202.724814] Kernel Offset: 0x0 from 0xffffffff81000000 (relocation
> range: 0xffffffff80000000-0xffffffff9fffffff)
> _______________________________________________
> Users mailing list
> Users at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users

-- 
Zesen Qian (钱泽森)

More information about the Users mailing list