From owner-freebsd-net@FreeBSD.ORG Thu Sep 10 08:32:33 2009 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id BF54C106568F for ; Thu, 10 Sep 2009 08:32:33 +0000 (UTC) (envelope-from patfbsd@davenulle.org) Received: from smtp.lamaiziere.net (net.lamaiziere.net [91.121.44.19]) by mx1.freebsd.org (Postfix) with ESMTP id 7FE998FC16 for ; Thu, 10 Sep 2009 08:32:33 +0000 (UTC) Received: from baby-jane.lamaiziere.net (132.10.87-79.rev.gaoland.net [79.87.10.132]) by smtp.lamaiziere.net (Postfix) with ESMTPA id D0325633321; Thu, 10 Sep 2009 10:14:11 +0200 (CEST) Received: from baby-jane.lamaiziere.net (localhost [127.0.0.1]) by baby-jane.lamaiziere.net (Postfix) with ESMTP id 1964EC333; Thu, 10 Sep 2009 10:14:51 +0200 (CEST) Date: Thu, 10 Sep 2009 10:14:49 +0200 From: Patrick Lamaiziere To: Chris Cowart Message-ID: <20090910101449.0fa714bd@baby-jane.lamaiziere.net> In-Reply-To: <20090910073739.GB37291@hal.rescomp.berkeley.edu> References: <20090904223123.GD16213@hal.rescomp.berkeley.edu> <723505E9-96C6-401C-A844-3D9BA2033795@neville-neil.com> <20090907191001.GA37291@hal.rescomp.berkeley.edu> <54FDC10A-EAE3-4AE2-BF36-2C5F7D141C3A@neville-neil.com> <20090910073739.GB37291@hal.rescomp.berkeley.edu> X-Mailer: Claws Mail 3.7.2 (GTK+ 2.16.6; i386-portbld-freebsd8.0) Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Cc: freebsd-net@freebsd.org Subject: Re: IPSEC + long UDP causes reproducible crash [was: Crash in ether_input] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 10 Sep 2009 08:32:33 -0000 Le Thu, 10 Sep 2009 00:37:39 -0700, Chris Cowart a =E9crit : Hello, > A C program that sends long UDP messages is attached (there's a > hardcoded remote IP in there). The program sends 2 UDP message of size > 1960, sleeping for 3 seconds in between. Most of the time, on a clean > boot, the first message is enough to cause a kernel panic. The second > message almost always causes a kernel panic. I have never been able to > run the program a second time without the system crashing. >=20 > The exact point of the panic tends to vary. I've seen it frequently > occurring in in_cksumdata, but it's all been really close to > ip_output. >=20 > I've been poking around in the debugger for hours over the past couple > of days. I can't tell if the mbuf is being corrupted as it's passing > through the crypto system or if it's happening in ip_fragment. I'm in > a bit over my head in terms of trying to isolate and patch the bug. If > anyone has the time to squash it or at least give me some pointers as > to where I might look, that would help. I'm not sure if it will help, but that reminds me this problem : http://www.freebsd.org/cgi/query-pr.cgi?pr=3D124609 This is fixed in 7.1-STABLE and after.