<div> </div><div> </div><div>10.07.2018, 10:39, "Sriram" <sriram.ec@gmail.com>:</div><blockquote type="cite"><div>Hi,<div> </div></div></blockquote><div> </div><div>Hello,</div><div> </div><blockquote type="cite"><div><div>I m working on linux-3.12.19 kernel. In our board, we have an IPsec tunnel which carries IPv6 traffic inside</div><div> </div></div></blockquote><div> </div><div>whoops! you are working with a very old and unsupported kernel version. please you are sure that your payload packages are not a larger then 512 octets.</div><div>I think that even if the kernel is old and I don't have a bug on the Linux kernel, there may be a problem with your code.</div><div> </div><div>Did you set limits?</div><div> </div><div>clas 8 bits, flow 20 bits, header 8 bits, hop limits 8 (255) bits.</div><div> </div><div>Do different method:</div><div> </div><div>For example: <a href="https://github.com/gih900/IPv6--TCP-Frag-Test-Rig">https://github.com/gih900/IPv6--TCP-Frag-Test-Rig</a></div><div> </div><blockquote type="cite"><div><div>Packet structure looks like below,</div><div> </div><div>IPv4(OuterIP)  || ESP || IPv6(Inner IP) || IPv6 Frag HDR || UDP || Payload.</div><div> </div><div> </div><div>I have written an application which constructs Inner IPv6 packets and writes to raw socket. Through application I m generating IPv6 packets of length not more than 1340. If length of the IPv6 packet is more than 1340, application does the IPv6 fragmentation and 2 fragments are written to raw socket. If I run this application using a script continously, there is no issue observed for around 30-40 mins. After that we see kernel panic with the stack trace like below.</div><div> </div><div>Unable to handle kernel paging request for data at address 0x000004d0</div><div>Faulting instruction address: 0xc<span>000000000789578</span></div><div>Oops: Kernel access of bad area, sig: 11 [#1]</div><div>SMP NR_CPUS=24 CoreNet Generic</div><div>Modules linked in: shm(O) l1d(O) hetmgr(O) sl_reset(O) cu_led(O) airv1588(O)</div><div>CPU: 7 PID: 2512 Comm: pdcpUlSockTh Tainted: G        W  O 3.12.19-rt30 #1</div><div>task: c<span>0000003</span>fb42dc40 ti: c<span>0000003</span>ef9a0000 task.ti: c<span>0000003</span>ef9a0000</div><div>NIP: c<span>000000000789578</span> LR: c<span>00000000078</span>ca48 CTR: c<span>00000000078</span>c8f0</div><div>REGS: c<span>0000003</span>ef9a2f10 TRAP: 0300   Tainted: G        W  O  (3.12.19-rt30)</div><div>MSR: <span>0000000080029000</span> <CE,EE,ME>  CR: <span>24008422</span>  XER: <span>20000000</span></div><div>SOFTE: 1</div><div>DEAR: <span>00000000000004</span>d0, ESR: <span>0000000000000100</span></div><div> </div><div>GPR00: c<span>00000000078</span>ca48 c<span>0000003</span>ef9a3190 c<span>000000000</span>d6b3a0 c<span>0000003</span>ef9a33a0 </div><div>GPR04: <span>0000000000000000</span> c<span>0000003</span>ef9a<span>3740 000000000000000</span>a c<span>0000003</span>ef9f1c80 </div><div>GPR08: c<span>0000003</span>ef9f1c<span>80 00000000000004</span>d<span>0 0000000000000001 000000007</span>abc6dbb </div><div>GPR12: <span>0000019</span>f1a2654f8 c<span>00000000</span>fff<span>7480 00000000107</span>ce2ec <span>000000001075</span>fc10 </div><div>GPR16: <span>0000000000000011</span> c<span>000000000</span>d<span>56200 0000000000000000 000000001</span>d8a2000 </div><div>GPR20: <span>0000000000000000 0000000000000040</span> c<span>000000000</span>e74b48 c<span>0000003</span>ef9a3200 </div><div>GPR24: c<span>000000000</span>cbc480 c<span>0000003</span>ef9a3740 c<span>0000003</span>ef9a33a0 c<span>0000003</span>ef9a3740 </div><div>GPR28: <span>000000000000000</span>a c<span>000000074</span>b86000 c<span>0000003</span>ef9f1c<span>80 000000000000000</span>a </div><div>NIP [c<span>000000000789578</span>] .xfrm_resolve_and_create_bundle+0x78/0xbb4</div><div>LR [c<span>00000000078</span>ca48] .xfrm_bundle_lookup+0x158/0x6f8</div><div>Call Trace:</div><div>[c<span>0000003</span>ef9a3190] [c<span>0000003</span>ef9a32c0] 0xc<span>0000003</span>ef9a32c0 (unreliable)</div><div>[c<span>0000003</span>ef9a3330] [c<span>00000000078</span>ca48] .xfrm_bundle_lookup+0x158/0x6f8</div><div>[c<span>0000003</span>ef9a3400] [c<span>0000000006</span>d1a9c] .flow_cache_lookup+0x43c/0x4f4</div><div>[c<span>0000003</span>ef9a34e0] [c<span>00000000078</span>d348] .xfrm_lookup+0x260/0x6a4</div><div>[c<span>0000003</span>ef9a3610] [c<span>0000000007</span>a7edc] .ip6_dst_lookup_flow+0x8c/0xc0</div><div>[c<span>0000003</span>ef9a36b0] [c<span>0000000007</span>ca3d0] .rawv6_sendmsg+0x264/0xcc8</div><div>[c<span>0000003</span>ef9a3820] [c<span>000000000758</span>c18] .inet_sendmsg+0x98/0x110</div><div>[c<span>0000003</span>ef9a38c0] [c<span>000000000694124</span>] .sock_sendmsg+0x94/0xf4</div><div>[c<span>0000003</span>ef9a3a20] [c<span>000000000694738</span>] .___sys_sendmsg+0x340/0x350</div><div>[c<span>0000003</span>ef9a3c20] [c<span>0000000006990</span>c8] .__sys_sendmsg+0x58/0xb4</div><div>[c<span>0000003</span>ef9a3d00] [c<span>0000000006</span>dac94] .compat_sys_sendmsg+0x48/0x70</div><div>[c<span>0000003</span>ef9a3d90] [c<span>0000000006</span>db228] .compat_sys_socketcall+0x2b4/0x310</div><div>[c<span>0000003</span>ef9a3e30] [c<span>0000000000005</span>a4] syscall_exit+0x0/0x8c</div><div>Instruction dump:</div><div>fbc1fff0 fbe1fff8 f821fe61 7c7a1b78 7cdf3378 7c<span>942378 7</span>cb92b78 7cfe3b78 </div><div><span>60000000 60000000</span> e93a0000 3ae10070 <e<span>9290000</span>> 7f43d378 7e84a378 7f25cb78 </div><div> </div></div></blockquote><div> </div><div>I think many programs written and worked the current kernel ipv6 infrastructure and not have a root cause problems.</div><div>stability from at least version 4.10.</div><div> </div><blockquote type="cite"><div><div>Kindly let me know if there is any patch available to fix this issue.</div><div>If further details are required, I can post.</div><div> </div><div>Regards,</div><div>Sriram</div></div></blockquote>