From owner-freebsd-bugs@FreeBSD.ORG Mon Sep 19 10:40:15 2005 Return-Path: X-Original-To: freebsd-bugs@hub.freebsd.org Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2D54316A41F for ; Mon, 19 Sep 2005 10:40:15 +0000 (GMT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 84BA443D55 for ; Mon, 19 Sep 2005 10:40:14 +0000 (GMT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.3/8.13.3) with ESMTP id j8JAeExG015708 for ; Mon, 19 Sep 2005 10:40:14 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.13.3/8.13.1/Submit) id j8JAeE2J015706; Mon, 19 Sep 2005 10:40:14 GMT (envelope-from gnats) Resent-Date: Mon, 19 Sep 2005 10:40:14 GMT Resent-Message-Id: <200509191040.j8JAeE2J015706@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Lupe Christoph Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 30DFA16A41F for ; Mon, 19 Sep 2005 10:39:32 +0000 (GMT) (envelope-from lupe@lupe-christoph.de) Received: from buexe.b-5.de (buexe.b-5.de [84.19.0.30]) by mx1.FreeBSD.org (Postfix) with ESMTP id 72EF943D46 for ; Mon, 19 Sep 2005 10:39:30 +0000 (GMT) (envelope-from lupe@lupe-christoph.de) Received: from antalya.lupe-christoph.de (antalya.lupe-christoph.de [172.17.0.9]) by buexe.b-5.de (8.12.3/8.12.3/b-5/buexe-3.4) with ESMTP id j8JAdSqi012008 for ; Mon, 19 Sep 2005 12:39:29 +0200 Received: from localhost (localhost [127.0.0.1]) by antalya.lupe-christoph.de (Postfix) with ESMTP id F0D71340A5 for ; Mon, 19 Sep 2005 12:40:29 +0200 (CEST) Received: from antalya.lupe-christoph.de ([127.0.0.1]) by localhost (antalya [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 05599-03-2 for ; Mon, 19 Sep 2005 12:40:23 +0200 (CEST) Received: from firewally.lupe-christoph.de (firewally.lupe-christoph.de [172.17.0.7]) by antalya.lupe-christoph.de (Postfix) with ESMTP id 31C4E344F9 for ; Mon, 19 Sep 2005 12:40:13 +0200 (CEST) Received: by firewally.lupe-christoph.de (Postfix, from userid 100) id C1EEEA94A; Mon, 19 Sep 2005 12:39:05 +0200 (CEST) Message-Id: <20050919103905.C1EEEA94A@firewally.lupe-christoph.de> Date: Mon, 19 Sep 2005 12:39:05 +0200 (CEST) From: Lupe Christoph To: FreeBSD-gnats-submit@FreeBSD.org X-Send-Pr-Version: 3.113 Cc: Subject: kern/86330: panic in ESP code X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Lupe Christoph List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 19 Sep 2005 10:40:15 -0000 >Number: 86330 >Category: kern >Synopsis: panic in ESP code >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Mon Sep 19 10:40:14 GMT 2005 >Closed-Date: >Last-Modified: >Originator: Lupe Christoph >Release: FreeBSD 5.4-RELEASE-p7 i386 >Organization: >Environment: System: FreeBSD firewally.lupe-christoph.de 5.4-RELEASE-p7 FreeBSD 5.4-RELEASE-p7 #4: Tue Sep 13 20:23:52 CEST 2005 lupe@firewally.lupe-christoph.de:/usr/obj/usr/src/sys/FIREWALLY i386 5.4-RELEASE-p7 >Description: A large transfer over a complicated connection triggers this: The FreeBSD 5.4 machine is my DSL router/firewall. It has a number of IPSec tunnels. One of those tunnels is forwarded by a Linux machine running Debian Stable with OpenSWAN to an OpenWRT router, also running OpenSWAN. The IPSec tunnels are maintained by racoon. Here is the one where this happens: spdadd 172.17.0.0/16 172.19.0.0/24 any -P out ipsec esp/tunnel/$MYADDR-$TUNNELFORW/unique; spdadd 172.19.0.0/24 172.17.0.0/16 any -P in ipsec esp/tunnel/$TUNNELFORW-$MYADDR/unique; The local net is 172.17.0.0/16, 172.19.0.0/24 is behind the OpenWRT router. The intermediate Debian machine sends an ICMP Destination unreachable/Fragmentation needed. This may be triggering the panic indirectly. I have no explanation of the ICMP message - the MTUs of all interfaces that transport the ESP packets are all at 1492. And the traffic is leaving the intermediate machine over the same (and only) Ethernet interface it came from. The ESP packet is unpacked and regenerated by the intermediate machine, though. Here is the traceback from kgdb: #0 doadump () at pcpu.h:159 #1 0xc062c5b2 in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:410 #2 0xc062c848 in panic (fmt=0xc08572e5 "%s") at /usr/src/sys/kern/kern_shutdown.c:566 #3 0xc080962c in trap_fatal (frame=0xc7aa87c0, eva=0) at /usr/src/sys/i386/i386/trap.c:817 #4 0xc0809397 in trap_pfault (frame=0xc7aa87c0, usermode=0, eva=0) at /usr/src/sys/i386/i386/trap.c:735 #5 0xc0808fd9 in trap (frame= {tf_fs = -1054081000, tf_es = 16, tf_ds = -1064239088, tf_edi = 0, tf_esi = -945125268, tf_ebp = -945125344, tf_isp = -945125396, tf_ebx = -1051804672, tf_edx = -1065138860, tf_ecx = 2, tf_eax = 945125268, tf_trapno = 12, tf_err = 2, tf_eip = -1065323226, tf_cs = 8, tf_eflags = 66066, tf_esp = 16, tf_ss = 0}) at /usr/src/sys/i386/i386/trap.c:425 #6 0xc07f91aa in calltrap () at /usr/src/sys/i386/i386/exception.s:140 #7 0xc12c0018 in ?? () #8 0x00000010 in ?? () #9 0xc0910010 in bios_vmode () #10 0x00000000 in ?? () #11 0xc7aa886c in ?? () #12 0xc7aa8820 in ?? () #13 0xc7aa87ec in ?? () #14 0xc14ebc00 in ?? () #15 0xc0834554 in esp_algorithms () #16 0x00000002 in ?? () #17 0x38557794 in ?? () #18 0x0000000c in ?? () #19 0x00000002 in ?? () #20 0xc0807526 in generic_bcopy () at /usr/src/sys/i386/i386/support.s:489 #21 0x00000010 in ?? () #22 0x00000000 in ?? () #23 0xc06e3d0d in esp_3des_blockencrypt (algo=0xc0834554, sav=0x0, s=0xc7aa886c "ö¹A\020Yj\034\b", d=0x8
) at /usr/src/sys/netinet6/esp_core.c:594 #24 0xc06e4604 in esp_cbc_encrypt (m=0xc14bbd00, off=0, plen=1504, sav=0xc18ca800, algo=0xc0834554, ivlen=-1052836864) at /usr/src/sys/netinet6/esp_core.c:989 #25 0xc06e678b in esp_output (m=0xc14bbd00, nexthdrp=0xc14bbdf5 "2±4T\230\213\203Ôpã]", md=0x4, isr=0x0, af=2) at /usr/src/sys/netinet6/esp_output.c:573 #26 0xc06e6a60 in esp4_output (m=0xc14bbd00, isr=0xc1616800) at /usr/src/sys/netinet6/esp_output.c:701 #27 0xc070004c in ipsec4_output (state=0xc7aa89b4, sp=0xc18be330, flags=1) at /usr/src/sys/netinet6/ipsec.c:2752 #28 0xc06cb1f3 in ip_output (m=0xc13eab00, opt=0xc140e016, ro=0xc7aa89c4, flags=1, imo=0x0, inp=0x0) at /usr/src/sys/netinet/ip_output.c:473 #29 0xc06ca7f4 in ip_forward (m=0xc13eab00, srcrt=0) at /usr/src/sys/netinet/ip_input.c:1780 #30 0xc06c94d2 in ip_input (m=0xc13eab00) at /usr/src/sys/netinet/ip_input.c:679 #31 0xc069bfff in netisr_processqueue (ni=0xc093eb98) at /usr/src/sys/net/netisr.c:233 #32 0xc069c1ae in swi_net (dummy=0x0) at /usr/src/sys/net/netisr.c:340 #33 0xc0618ec5 in ithread_loop (arg=0xc12bc480) at /usr/src/sys/kern/kern_intr.c:547 #34 0xc0618158 in fork_exit (callout=0xc0618d74 , arg=0xc12bc480, frame=0xc7aa8d48) at /usr/src/sys/kern/kern_fork.c:791 #35 0xc07f920c in fork_trampoline () at /usr/src/sys/i386/i386/exception.s:209 I'm afraid I don't know how to get the panic information that is supposed to be displayed, according to the Developers' Handbook. I remember it was a write to location 0. I'd rather not panic the machine again, there is quite a bit depending on it functioning. >How-To-Repeat: >Fix: >Release-Note: >Audit-Trail: >Unformatted: