From owner-freebsd-stable@FreeBSD.ORG  Fri Jun 13 23:52:33 2008
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
Delivered-To: freebsd-stable@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id D23951065675
	for <freebsd-stable@freebsd.org>; Fri, 13 Jun 2008 23:52:33 +0000 (UTC)
	(envelope-from patfbsd@davenulle.org)
Received: from smtp.lamaiziere.net (net.lamaiziere.net [213.186.42.107])
	by mx1.freebsd.org (Postfix) with ESMTP id 79C698FC0C
	for <freebsd-stable@freebsd.org>; Fri, 13 Jun 2008 23:52:33 +0000 (UTC)
	(envelope-from patfbsd@davenulle.org)
Received: from baby-jane.lamaiziere.net (15.10.87-79.rev.gaoland.net
	[79.87.10.15])
	by smtp.lamaiziere.net (Postfix) with ESMTP id 7E88E118059C;
	Sat, 14 Jun 2008 01:52:31 +0200 (CEST)
Received: from baby-jane-lamaiziere-net.local (localhost [127.0.0.1])
	by baby-jane.lamaiziere.net (Postfix) with ESMTP id 56915446528;
	Sat, 14 Jun 2008 01:52:30 +0200 (CEST)
Date: Sat, 14 Jun 2008 01:52:29 +0200
From: Patrick =?ISO-8859-15?Q?Lamaizi=E8re?= <patfbsd@davenulle.org>
To: Kris Kennaway <kris@FreeBSD.org>
Message-ID: <20080614015229.1c4afbe7@baby-jane-lamaiziere-net.local>
In-Reply-To: <4851B7EF.7060905@FreeBSD.org>
References: <20080613004847.09f9b089@baby-jane-lamaiziere-net.local>
	<4851B7EF.7060905@FreeBSD.org>
Organization: /dave/nulle
X-Mailer: Claws Mail 3.3.1 (GTK+ 2.12.8; i386-apple-darwin9.2.0)
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-15
Content-Transfer-Encoding: 8bit
Cc: freebsd-stable@freebsd.org
Subject: Re: [7-STABLE] ping -s 4000 with ipsec panic
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Production branch of FreeBSD source code <freebsd-stable.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>, 
	<mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
	<mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 13 Jun 2008 23:52:33 -0000

Le Fri, 13 Jun 2008 01:57:35 +0200,
Kris Kennaway <kris@FreeBSD.org> a écrit :

Hello,

[...]

> > #17 0xc0700746 in crypto_invoke (cap=0x8, crp=0xd61a0950,
> > hint=-1616994916) at cryptodev_if.h:53
> > Previous frame inner to this frame (corrupt stack?)
> > (kgdb) 
> 
> Unfortunately the trace is bogus.  Try to rebuild with -O instead of
> -O2 and reproduce the panic.

Hmm, i've got no luck with -O. 

I made few tests and the panic occurs with a -s of 3989 bytes.

ping -s 3988 => ok 
ping -s 3989 => panic

The coredump seems to be ok.
http://user.lamaiziere.net/patrick/coredump.txt

I will try with a kernel and DEBUG_REDZONE and INVARIANT.

-----------------------

Unread portion of the kernel message buffer:


Fatal trap 12: page fault while in kernel mode
fault virtual address	= 0x9350ef1e
fault code		= supervisor read, page not present
instruction pointer	= 0x20:0xc05a0579
stack pointer	        = 0x28:0xd61635cc
frame pointer	        = 0x28:0xd61635d0
code segment		= base 0x0, limit 0xfffff, type 0x1b
			= DPL 0, pres 1, def32 1, gran 1
processor eflags	= interrupt enabled, resume, IOPL = 0
current process		= 1101 (ping)
trap number		= 12
panic: page fault
Uptime: 7m47s
Physical memory: 503 MB
Dumping 88 MB: 73 57 41 25 9

#0  doadump () at pcpu.h:195
	in pcpu.h
(kgdb) bt
#0  doadump () at pcpu.h:195
#1  0xc0556273 in boot (howto=260)
at /usr/src/sys/kern/kern_shutdown.c:418 #2  0xc055646f in panic (fmt=)
at /usr/src/sys/kern/kern_shutdown.c:572 #3  0xc079b91c in trap_fatal
(frame=0xd616358c, eva=2471554846) at /usr/src/sys/i386/i386/trap.c:899
#4  0xc079bba0 in trap_pfault (frame=0xd616358c, usermode=0,
eva=2471554846) at /usr/src/sys/i386/i386/trap.c:812
#5  0xc079c529 in trap (frame=0xd616358c)
at /usr/src/sys/i386/i386/trap.c:490 #6  0xc0789f2b in calltrap ()
at /usr/src/sys/i386/i386/exception.s:139 #7  0xc05a0579 in mb_dupcl
(n=0xc2b02000, m=0xc2b02d00) at /usr/src/sys/kern/uipc_mbuf.c:293
#8  0xc05a157a in m_copym (m=0xc2b02d00, off0=2980, len=3, wait=1)
    at /usr/src/sys/kern/uipc_mbuf.c:570
#9  0xc0614055 in ip_fragment (ip=0xc2e5a038, m_frag=0xd61636d0,
mtu=1500, if_hwassist_flags=7, sw_csum=0)
at /usr/src/sys/netinet/ip_output.c:728 #10 0xc0614d38 in ip_output
(m=0xc2b02600, opt=0x0, ro=0xd6163694, flags=2, imo=0x0, inp=0x0)
at /usr/src/sys/netinet/ip_output.c:567 #11 0xc06acd9d in
ipsec_process_done (m=0xc2b02600, isr=0xc2bacd80)
at /usr/src/sys/netipsec/ipsec_output.c:177 #12 0xc06bbf5c in
esp_output_cb (crp=0xc2e5c708) at /usr/src/sys/netipsec/xform_esp.c:965
#13 0xc06ff730 in crypto_done (crp=0xc2e5c708)
    at /usr/src/sys/opencrypto/crypto.c:1148
#14 0xc0702afe in swcr_process (dev=0xc29cf380, crp=0xc2e5c708, hint=0)
    at /usr/src/sys/opencrypto/cryptosoft.c:975
#15 0xc0700746 in crypto_invoke (cap=0xc29cf380, crp=0xc2e5c708, hint=0)
    at cryptodev_if.h:53
#16 0xc070118c in crypto_dispatch (crp=0xc2e5c708)
    at /usr/src/sys/opencrypto/crypto.c:798
#17 0xc06bc5c6 in esp_output (m=0xc2b02600, isr=0xc2bacd80, mp=0x0,
skip=20, protoff=9) at /usr/src/sys/netipsec/xform_esp.c:875
#18 0xc06ad112 in ipsec4_process_packet (m=0xc2b02600, isr=0xc2bacd80, 
    flags=32, tunalready=0) at /usr/src/sys/netipsec/ipsec_output.c:491
#19 0xc0612f95 in ip_ipsec_output (m=0xd6163b04, inp=0xc2e07870, 
    flags=0xd6163b10, error=0xd6163ae4, ro=0xd6163b0c,
iproute=0xd6163ac8, dst=0xd6163ae0, ia=0xd6163adc, ifp=0xd6163aec)
    at /usr/src/sys/netinet/ip_ipsec.c:331
#20 0xc0614ab9 in ip_output (m=0xc2b02600, opt=0x0, ro=0xd6163ac8,
flags=32, imo=0x0, inp=0xc2e07870)
at /usr/src/sys/netinet/ip_output.c:420 #21 0xc0615e1b in rip_output
(m=0xc2b02600, so=0xc2ddfad4, dst=352430272)
at /usr/src/sys/netinet/raw_ip.c:336 #22 0xc0615efc in rip_send
(so=0xc2ddfad4, flags=0, m=0xc2b02600, nam=0xc29f9800, control=0x0,
td=0xc2b77000) at /usr/src/sys/netinet/raw_ip.c:806
#23 0xc05a97f5 in sosend_generic (so=0xc2ddfad4, addr=0xc29f9800, 
    uio=0xd6163be8, top=0xc2b02600, control=0x0, flags=0, td=0xc2b77000)
    at /usr/src/sys/kern/uipc_socket.c:1240
#24 0xc05a580f in sosend (so=0xc2ddfad4, addr=0xc29f9800,
uio=0xd6163be8, top=0x0, control=0x0, flags=0, td=0xc2b77000)
    at /usr/src/sys/kern/uipc_socket.c:1286
#25 0xc05abf16 in kern_sendit (td=0xc2b77000, s=3, mp=0xd6163c64,
flags=0, control=0x0, segflg=UIO_USERSPACE)
at /usr/src/sys/kern/uipc_syscalls.c:789 #26 0xc05af031 in sendit
(td=0xc2b77000, s=3, mp=0xd6163c64, flags=0)
at /usr/src/sys/kern/uipc_syscalls.c:730 #27 0xc05af148 in sendto
(td=0xc2b77000, uap=0xd6163cfc) at /usr/src/sys/kern/uipc_syscalls.c:841
#28 0xc079bef5 in syscall (frame=0xd6163d38)
    at /usr/src/sys/i386/i386/trap.c:1035
#29 0xc0789f90 in Xint0x80_syscall ()
at /usr/src/sys/i386/i386/exception.s:196 #30 0x00000033 in ?? ()
(kgdb) quit

--------------

Thanks, regards.