From owner-freebsd-stable@FreeBSD.ORG Wed Jan 4 15:10:12 2012 Return-Path: Delivered-To: stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 4999F106564A for ; Wed, 4 Jan 2012 15:10:12 +0000 (UTC) (envelope-from vanhu@zeninc.net) Received: from smtp.zeninc.net (smtp.zeninc.net [80.67.176.25]) by mx1.freebsd.org (Postfix) with ESMTP id 0064B8FC14 for ; Wed, 4 Jan 2012 15:10:11 +0000 (UTC) Received: from astro.zen.inc (astro.zen.inc [192.168.1.239]) by smtp.zeninc.net (smtpd) with ESMTP id F0FB92798BD; Wed, 4 Jan 2012 15:51:55 +0100 (CET) Received: by astro.zen.inc (Postfix, from userid 1000) id D963217066; Wed, 4 Jan 2012 15:51:55 +0100 (CET) Date: Wed, 4 Jan 2012 15:51:55 +0100 From: VANHULLEBUS Yvan To: Attila Nagy Message-ID: <20120104145155.GA31550@zeninc.net> References: <4F044A0B.3020108@fsn.hu> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <4F044A0B.3020108@fsn.hu> User-Agent: All mail clients suck. This one just sucks less. Cc: stable@freebsd.org Subject: Re: Enabling IPSec panics stable/9 (runs OK on stable/8) X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 04 Jan 2012 15:10:12 -0000 On Wed, Jan 04, 2012 at 01:46:03PM +0100, Attila Nagy wrote: > Hi, Hi. > I've just upgraded a 8-STABLE box to 9-STABLE (well, just few commits > before it has been tagged as STABLE), which runs from NFS (pxebooted). > It has some IPSec config in ipsec.conf, like this for several boxes: > add 172.28.16.4 172.16.248.2 ah 15704 -A hmac-md5 "asdfgh"; > add 172.16.248.2 172.28.16.4 ah 24504 -A hmac-md5 "asdfgh"; > add 172.28.16.4 172.16.248.2 esp 15705 -E blowfish-cbc "hgfdsa"; > add 172.16.248.2 172.28.16.4 esp 24505 -E blowfish-cbc "hgfdsa"; > spdadd 172.28.16.4 172.16.248.2 any -P out ipsec > esp/transport/172.28.16.4-172.16.248.2/default > ah/transport/172.28.16.4-172.16.248.2/default; There is probably nothing related to the crash, but do you really use static IPsec without IKE keying ???? [....] > kgdb says: > (kgdb) bt > #0 doadump (textdump=1) at /data/usr/src/sys/kern/kern_shutdown.c:260 > #1 0xffffffff80845705 in kern_reboot (howto=260) > at /data/usr/src/sys/kern/kern_shutdown.c:442 > #2 0xffffffff80845bb1 in panic (fmt=Variable "fmt" is not available. > ) > at /data/usr/src/sys/kern/kern_shutdown.c:607 > #3 0xffffffff80b167a0 in trap_fatal (frame=0xc, eva=Variable "eva" is > not available. > ) > at /data/usr/src/sys/amd64/amd64/trap.c:819 > #4 0xffffffff80b16ae9 in trap_pfault (frame=0xffffff80002cd2a0, > usermode=0) > at /data/usr/src/sys/amd64/amd64/trap.c:735 > #5 0xffffffff80b16faf in trap (frame=0xffffff80002cd2a0) > at /data/usr/src/sys/amd64/amd64/trap.c:474 > #6 0xffffffff80b012ef in calltrap () > at /data/usr/src/sys/amd64/amd64/exception.S:228 > #7 0xffffffff809bf779 in ipsec_process_done (m=0xfffffe000c7c7a00, > isr=0xfffffe001bf54380) at > /data/usr/src/sys/netipsec/ipsec_output.c:170 Here seems to be the problem.... Can you do the following (in this order) in kgdb: frame 7 p saidx p *saidx The latest will probably generate an error, as (if you have the exact same ipsec_output.c as I have from HEAD) saidx will probably have an invalid adress. [...] > 8-STABLE runs fine with the same config. Strange.... I'll review changes in IPsec stack which have been done in STABLE/9 and not backported to STABLE/8..... Yvan.