From owner-freebsd-stable@FreeBSD.ORG Wed Jan 4 15:17:44 2012 Return-Path: Delivered-To: stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id CBFB3106566C for ; Wed, 4 Jan 2012 15:17:44 +0000 (UTC) (envelope-from bra@fsn.hu) Received: from people.fsn.hu (people.fsn.hu [195.228.252.137]) by mx1.freebsd.org (Postfix) with ESMTP id EEF348FC0C for ; Wed, 4 Jan 2012 15:17:43 +0000 (UTC) Received: by people.fsn.hu (Postfix, from userid 1001) id 98AB1B8BA02; Wed, 4 Jan 2012 16:17:42 +0100 (CET) X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.2 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MF-ACE0E1EA [pR: 14.0842] X-CRM114-CacheID: sfid-20120104_16174_5FD11FFC X-CRM114-Status: Good ( pR: 14.0842 ) X-DSPAM-Result: Whitelisted X-DSPAM-Processed: Wed Jan 4 16:17:42 2012 X-DSPAM-Confidence: 0.8306 X-DSPAM-Probability: 0.0000 X-DSPAM-Signature: 4f046d9643647980098284 X-DSPAM-Factors: 27, From*Attila Nagy , 0.00010, References*fsn.hu>, 0.00671, Date*16+17, 0.99000, To*FreeBSD.org>, 0.01000, Subject*OK, 0.01000, User-Agent*i686, 0.01128, User-Agent*Linux+i686, 0.01287, User-Agent*i686+en, 0.01385, User-Agent*Mozilla/5.0+(X11, 0.01606, User-Agent*Linux, 0.02419, User-Agent*U+Linux, 0.02607, User-Agent*rv+1.8.1.23), 0.02952, User-Agent*1.8.1.23), 0.02952, User-Agent*Thunderbird/2.0.0.23, 0.02952, Subject*Re, 0.03794, Received*ESMTPSA, 0.04406, Received*with+ESMTPSA, 0.04406, Content-Type*charset=ISO+8859, 0.04473, Received*ESMTPSA+id, 0.04537, Content-Type*charset=ISO, 0.04548, Content-Type*text/html+charset=ISO, 0.05580, Return-Path*, 0.07005, Return-Path*, 0.11123, X-Spambayes-Classification: ham; 0.00 Received: from japan.t-online.private (japan.t-online.co.hu [195.228.243.99]) by people.fsn.hu (Postfix) with ESMTPSA id A8BBAB8B9F3; Wed, 4 Jan 2012 16:17:41 +0100 (CET) Message-ID: <4F046D95.3070106@fsn.hu> Date: Wed, 04 Jan 2012 16:17:41 +0100 From: Attila Nagy User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.23) Gecko/20090817 Thunderbird/2.0.0.23 Mnenhy/0.7.6.0 To: VANHULLEBUS Yvan References: <4F044A0B.3020108@fsn.hu> <20120104145155.GA31550@zeninc.net> In-Reply-To: <20120104145155.GA31550@zeninc.net> X-Stationery: 0.7.7 Content-Transfer-Encoding: 7bit MIME-Version: 1.0 Content-Type: text/plain; charset="ISO-8859-1" X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: stable@freebsd.org Subject: Re: Enabling IPSec panics stable/9 (runs OK on stable/8) X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 04 Jan 2012 15:17:44 -0000 Hi, On 01/04/12 15:51, VANHULLEBUS Yvan wrote: I've just upgraded a 8-STABLE box to 9-STABLE (well, just few commits before it has been tagged as STABLE), which runs from NFS (pxebooted). It has some IPSec config in ipsec.conf, like this for several boxes: add 172.28.16.4 172.16.248.2 ah 15704 -A hmac-md5 "asdfgh"; add 172.16.248.2 172.28.16.4 ah 24504 -A hmac-md5 "asdfgh"; add 172.28.16.4 172.16.248.2 esp 15705 -E blowfish-cbc "hgfdsa"; add 172.16.248.2 172.28.16.4 esp 24505 -E blowfish-cbc "hgfdsa"; spdadd 172.28.16.4 172.16.248.2 any -P out ipsec esp/transport/172.28.16.4-172.16.248.2/default ah/transport/172.28.16.4-172.16.248.2/default; There is probably nothing related to the crash, but do you really use static IPsec without IKE keying ???? Yes. :) It runs on an intranet, but there's a need to encrypt traffic. [....] kgdb says: (kgdb) bt #0 doadump (textdump=1) at /data/usr/src/sys/kern/kern_shutdown.c:260 #1 0xffffffff80845705 in kern_reboot (howto=260) at /data/usr/src/sys/kern/kern_shutdown.c:442 #2 0xffffffff80845bb1 in panic (fmt=Variable "fmt" is not available. ) at /data/usr/src/sys/kern/kern_shutdown.c:607 #3 0xffffffff80b167a0 in trap_fatal (frame=0xc, eva=Variable "eva" is not available. ) at /data/usr/src/sys/amd64/amd64/trap.c:819 #4 0xffffffff80b16ae9 in trap_pfault (frame=0xffffff80002cd2a0, usermode=0) at /data/usr/src/sys/amd64/amd64/trap.c:735 #5 0xffffffff80b16faf in trap (frame=0xffffff80002cd2a0) at /data/usr/src/sys/amd64/amd64/trap.c:474 #6 0xffffffff80b012ef in calltrap () at /data/usr/src/sys/amd64/amd64/exception.S:228 #7 0xffffffff809bf779 in ipsec_process_done (m=0xfffffe000c7c7a00, isr=0xfffffe001bf54380) at /data/usr/src/sys/netipsec/ipsec_output.c:170 Here seems to be the problem.... Can you do the following (in this order) in kgdb: frame 7 p saidx p *saidx (kgdb) frame 7 #7 0xffffffff809bf779 in ipsec_process_done (m=0xfffffe000c7c7a00, isr=0xfffffe001bf54380) at /data/usr/src/sys/netipsec/ipsec_output.c:170 170 switch (saidx->dst.sa.sa_family) { (kgdb) p saidx No symbol "saidx" in current context. The latest will probably generate an error, as (if you have the exact same ipsec_output.c as I have from HEAD) saidx will probably have an invalid adress. I have the same as in HEAD. [...] 8-STABLE runs fine with the same config. Strange.... I'll review changes in IPsec stack which have been done in STABLE/9 and not backported to STABLE/8..... Oh, sorry, not quite an up-to-date 8-STABLE, it's from Sat May 21 22:05:26 CEST 2011 (csup'd some hours earlier). Should I check with a more recent version? Does that help? Thanks for helping.