From owner-freebsd-current@FreeBSD.ORG  Wed Jan  7 22:20:13 2004
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 15CB516A4CE
	for <freebsd-current@freebsd.org>;
	Wed,  7 Jan 2004 22:20:13 -0800 (PST)
Received: from transport.cksoft.de (transport.cksoft.de [62.111.66.27])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 27C8B43D2D
	for <freebsd-current@freebsd.org>;
	Wed,  7 Jan 2004 22:20:11 -0800 (PST)
	(envelope-from bzeeb-lists@lists.zabbadoz.net)
Received: from transport.cksoft.de (localhost [127.0.0.1])
	by transport.cksoft.de (Postfix) with ESMTP
	id 235F71FF91D; Thu,  8 Jan 2004 07:20:09 +0100 (CET)
Received: by transport.cksoft.de (Postfix, from userid 66)
	id 926891FF90C; Thu,  8 Jan 2004 07:20:07 +0100 (CET)
Received: by mail.int.zabbadoz.net (Postfix, from userid 1060)
	id B624F154EC; Thu,  8 Jan 2004 06:12:15 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
	by mail.int.zabbadoz.net (Postfix) with ESMTP
	id ABDB71539D; Thu,  8 Jan 2004 06:12:15 +0000 (UTC)
Date: Thu, 8 Jan 2004 06:12:15 +0000 (UTC)
From: "Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net>
X-X-Sender: bz@e0-0.zab2.int.zabbadoz.net
To: Larry Rosenman <ler@lerctr.org>
In-Reply-To: <30700000.1073524951@lerlaptop.lerctr.org>
Message-ID: <Pine.BSF.4.53.0401080554300.94658@e0-0.zab2.int.zabbadoz.net>
References: <30700000.1073524951@lerlaptop.lerctr.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Virus-Scanned: by AMaViS cksoft-s20020300-20031204bz on transport.cksoft.de
cc: freebsd-current@freebsd.org
Subject: Re: IPSec Panic/Shutdown
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
	<freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 08 Jan 2004 06:20:13 -0000

On Wed, 7 Jan 2004, Larry Rosenman wrote:

hi,

> On a shutdown, I got the following panic:
> Sources from Last Nite ~19:30 US/Central.
..
> #11 0xc071c768 in calltrap () at {standard input}:94
> #12 0xc066985e in key_freesp (sp=0xc469a980) at
> /usr/src/sys/netkey/key.c:1106
> #13 0xc065b6c4 in ipsec4_delete_pcbpolicy (inp=0xc469a980)
>     at /usr/src/sys/netinet6/ipsec.c:1532
> #14 0xc062045a in in_pcbdetach (inp=0xc469a980) at
> /usr/src/sys/netinet/in_pcb.c:689


I am finally up and running for
 6:01AM  up  8:24, 1 user, load averages: 0.15, 0.14, 0.10

and all methods I previously could crash this router due to IPSec
related problems have failed yet.

In the case above an extra --sp->refcnt led to a free of an SP
(secpolicy) and the memory gets touched after free (in this special
case the refcnt is decremented by one - obviously this is the one that
should lead to the free).

So I should have a patch for this in the queue. Should be able to
build a new kernel with minimalistic changes this evening and if
everything still is ok submit a patch for review in 24 hours.

Hopefully I am not overconfident ;-)

-- 
Bjoern A. Zeeb				bzeeb at Zabbadoz dot NeT
56 69 73 69 74				http://www.zabbadoz.net/