Date: Fri, 25 Apr 2008 04:13:40 GMT From: Mihail <msaf1980@rambler.ru> To: freebsd-gnats-submit@FreeBSD.org Subject: misc/123066: kernel trap with ipsec Message-ID: <200804250413.m3P4DeGP082719@www.freebsd.org> Resent-Message-ID: <200804250420.m3P4K107097417@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 123066
>Category: misc
>Synopsis: kernel trap with ipsec
>Confidential: no
>Severity: serious
>Priority: high
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Fri Apr 25 04:20:01 UTC 2008
>Closed-Date:
>Last-Modified:
>Originator: Mihail
>Release: 7.0
>Organization:
>Environment:
7.0-RELEASE-p1
>Description:
I get kernel trap with IPSEC when use ping with size > 3000 bytes over IPSEC tunnel with router D-Link DI-804HV, like
ping -s 4000 -S 192.168.241.160 192.168.200.6
Local Subnet is 192.168.241.0/24
Remote Subnet is 192.168.200.0/29
/etc/ipsec.conf
spdflush;
spdadd 192.168.241.0/24 192.168.200.0/29 any -P out ipsec esp/tunnel/XX.XX.XX.XX-YY.YY.YY.YY/require;
spdadd 192.168.200.0/29 192.168.241.0/24 any -P in ipsec esp/tunnel/YY.YY.YY.YY-XX.XX.XX.XX/require;
Kernel config is simular to GENERIC with options
options NETGRAPH
options IPFIREWALL
options IPFIREWALL_VERBOSE
options IPFIREWALL_VERBOSE_LIMIT=100
options IPFIREWALL_DEFAULT_TO_ACCEPT
options IPDIVERT
options DUMMYNET
options HZ=1000
options MROUTING
device crypto
options IPSEC
options IPSEC_DEBUG
Kernel dump
Fatal trap 12: page fault while in kernel mode
cpuid = 0; apic id = 00
fault virtual address = 0xd7d6d5e8
fault code = supervisor write, page not present
instruction pointer = 0x20:0xc0a952f6
stack pointer = 0x28:0xc884e974
frame pointer = 0x28:0xc884e9d8
code segment = base 0x0, limit 0xfffff, type 0x1b
= DPL 0, pres 1, def32 1, gran 1
processor eflags = interrupt enabled, resume, IOPL = 0
current process = 864 (ping)
trap number = 12
panic: page fault
cpuid = 0
Uptime: 2m36s
Physical memory: 115 MB
Dumping 30 MB: 15
(kgdb) list *0xc0a952f6
0xc0a952f6 is at /usr/src/sys/i386/i386/support.s:499.
494 cmpl %ecx,%eax /* overlapping && src < dst? */
495 jb 1f
496
497 shrl $2,%ecx /* copy by 32-bit words */
498 cld /* nope, copy forwards */
499 rep
500 movsl
501 movl 20(%esp),%ecx
502 andl $3,%ecx /* any bytes left? */
503 rep
(kgdb) backtrace
#0 doadump () at pcpu.h:195
#1 0xc075df57 in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:409
#2 0xc075e219 in panic (fmt=Variable "fmt" is not available.
) at /usr/src/sys/kern/kern_shutdown.c:563
#3 0xc0a9766c in trap_fatal (frame=0xc884e934, eva=3621180904)
at /usr/src/sys/i386/i386/trap.c:899
#4 0xc0a978f0 in trap_pfault (frame=0xc884e934, usermode=0, eva=3621180904)
at /usr/src/sys/i386/i386/trap.c:812
#5 0xc0a9829c in trap (frame=0xc884e934) at /usr/src/sys/i386/i386/trap.c:490
#6 0xc0a7e21b in calltrap () at /usr/src/sys/i386/i386/exception.s:139
#7 0xc0a952f6 in generic_bcopy () at /usr/src/sys/i386/i386/support.s:498
Previous frame inner to this frame (corrupt stack?)
>How-To-Repeat:
permanently
>Fix:
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200804250413.m3P4DeGP082719>