IPSec/IPv6 panic

From: Pawel Worach <pawel.worach_at_gmail.com>
Date: Mon, 27 Aug 2007 17:22:14 +0200
Hi,

While testing IPSec and IPv6 I got this panic when sending ICMPv6 echo 
requests to the peer. kernel.debug and vmcore available if more info is 
needed.

FreeBSD 7.0-CURRENT #0: Fri Aug 24 22:31:26 CEST 2007

Script started on Sun Aug 26 04:20:22 2007
kgdb: kvm_nlist(_stopped_cpus):
kgdb: kvm_nlist(_stoppcbs):
[GDB will not be able to debug user-mode threads: 
/usr/lib/libthread_db.so: Undefined symbol "ps_pglobal_lookup"]
GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you 
are
welcome to change it and/or distribute copies of it under certain 
conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-marcel-freebsd".

Unread portion of the kernel message buffer:

Fatal double fault:
eip = 0xc078ea95
esp = 0xe25cc000
ebp = 0xe25cc060
panic: double fault
KDB: stack backtrace:
db_trace_self_wrapper(c07d4c94,c0861cc4,c056b7da,c07d308a,c0849280,...) 
at db_trace_self_wrapper+0x26
kdb_backtrace(c07d308a,c0849280,c07f1a71,c0861cd0,c0861cd0,...) at 
kdb_backtrace+0x29
panic(c07f1a71,e25cc060,e25cc060,0,0,...) at panic+0xaa
dblfault_handler() at dblfault_handler+0x69
--- trap 0x17, eip = 0xc078ea95, esp = 0xe25cc000, ebp = 0xe25cc060 ---
bcmp(c08521c0,e25cdb0c,0,c07b548c,0,...) at bcmp+0x1
udp6_ctlinput(6,e25cdb0c,e25cc0e8,e25cc0e8,e25cdb0c,...) at 
udp6_ctlinput+0x152
pfctlinput2(6,e25cdb0c,e25cc0e8,0,0,...) at pfctlinput2+0x4a
esp6_ctlinput(6,e25cdb0c,e25cc164,e25cc164,e25cdb0c,...) at 
esp6_ctlinput+0x73
pfctlinput2(6,e25cdb0c,e25cc164,0,0,...) at pfctlinput2+0x4a
esp6_ctlinput(6,e25cdb0c,e25cc1e0,e25cc1e0,e25cdb0c,...) at 
esp6_ctlinput+0x73
pfctlinput2(6,e25cdb0c,e25cc1e0,0,0,...) at pfctlinput2+0x4a
esp6_ctlinput(6,e25cdb0c,e25cc25c,e25cc25c,e25cdb0c,...) at 
esp6_ctlinput+0x73
pfctlinput2(6,e25cdb0c,e25cc25c,0,0,...) at pfctlinput2+0x4a
esp6_ctlinput(6,e25cdb0c,e25cc2d8,e25cc2d8,e25cdb0c,...) at 
esp6_ctlinput+0x73
pfctlinput2(6,e25cdb0c,e25cc2d8,0,0,...) at pfctlinput2+0x4a
esp6_ctlinput(6,e25cdb0c,e25cc354,e25cc354,e25cdb0c,...) at 
esp6_ctlinput+0x73
pfctlinput2(6,e25cdb0c,e25cc354,0,0,...) at pfctlinput2+0x4a
esp6_ctlinput(6,e25cdb0c,e25cc3d0,e25cc3d0,e25cdb0c,...) at 
esp6_ctlinput+0x73
pfctlinput2(6,e25cdb0c,e25cc3d0,0,0,...) at pfctlinput2+0x4a
esp6_ctlinput(6,e25cdb0c,e25cc44c,e25cc44c,e25cdb0c,...) at 
esp6_ctlinput+0x73
pfctlinput2(6,e25cdb0c,e25cc44c,0,0,...) at pfctlinput2+0x4a
esp6_ctlinput(6,e25cdb0c,e25cc4c8,e25cc4c8,e25cdb0c,...) at 
esp6_ctlinput+0x73
pfctlinput2(6,e25cdb0c,e25cc4c8,0,0,...) at pfctlinput2+0x4a
esp6_ctlinput(6,e25cdb0c,e25cc544,e25cc544,e25cdb0c,...) at 
esp6_ctlinput+0x73
pfctlinput2(6,e25cdb0c,e25cc544,0,0,...) at pfctlinput2+0x4a
esp6_ctlinput(6,e25cdb0c,e25cc5c0,e25cc5c0,e25cdb0c,...) at 
esp6_ctlinput+0x73
pfctlinput2(6,e25cdb0c,e25cc5c0,0,0,...) at pfctlinput2+0x4a
esp6_ctlinput(6,e25cdb0c,e25cc63c,e25cc63c,e25cdb0c,...) at 
esp6_ctlinput+0x73
pfctlinput2(6,e25cdb0c,e25cc63c,0,0,...) at pfctlinput2+0x4a
esp6_ctlinput(6,e25cdb0c,e25cc6b8,e25cc6b8,e25cdb0c,...) at 
esp6_ctlinput+0x73
pfctlinput2(6,e25cdb0c,e25cc6b8,0,0,...) at pfctlinput2+0x4a
esp6_ctlinput(6,e25cdb0c,e25cc734,e25cc734,e25cdb0c,...) at 
esp6_ctlinput+0x73
pfctlinput2(6,e25cdb0c,e25cc734,0,0,...) at pfctlinput2+0x4a
esp6_ctlinput(6,e25cdb0c,e25cc7b0,e25cc7b0,e25cdb0c,...) at 
esp6_ctlinput+0x73
pfctlinput2(6,e25cdb0c,e25cc7b0,0,0,...) at pfctlinput2+0x4a
esp6_ctlinput(6,e25cdb0c,e25cc82c,e25cc82c,e25cdb0c,...) at 
esp6_ctlinput+0x73
pfctlinput2(6,e25cdb0c,e25cc82c,0,0,...) at pfctlinput2+0x4a
esp6_ctlinput(6,e25cdb0c,e25cc8a8,e25cc8a8,e25cdb0c,...) at 
esp6_ctlinput+0x73
pfctlinput2(6,e25cdb0c,e25cc8a8,0,0,...) at pfctlinput2+0x4a
esp6_ctlinput(6,e25cdb0c,e25cc924,e25cc924,e25cdb0c,...) at 
esp6_ctlinput+0x73
pfctlinput2(6,e25cdb0c,e25cc924,0,0,...) at pfctlinput2+0x4a
esp6_ctlinput(6,e25cdb0c,e25cc9a0,e25cc9a0,e25cdb0c,...) at 
esp6_ctlinput+0x73
pfctlinput2(6,e25cdb0c,e25cc9a0,0,0,...) at pfctlinput2+0x4a
esp6_ctlinput(6,e25cdb0c,e25cca1c,e25cca1c,e25cdb0c,...) at 
esp6_ctlinput+0x73
pfctlinput2(6,e25cdb0c,e25cca1c,0,0,...) at pfctlinput2+0x4a
esp6_ctlinput(6,e25cdb0c,e25cca98,e25cca98,e25cdb0c,...) at 
esp6_ctlinput+0x73
pfctlinput2(6,e25cdb0c,e25cca98,0,0,...) at pfctlinput2+0x4a
esp6_ctlinput(6,e25cdb0c,e25ccb14,e25ccb14,e25cdb0c,...) at 
esp6_ctlinput+0x73
pfctlinput2(6,e25cdb0c,e25ccb14,0,0,...) at pfctlinput2+0x4a
esp6_ctlinput(6,e25cdb0c,e25ccb90,e25ccb90,e25cdb0c,...) at 
esp6_ctlinput+0x73
pfctlinput2(6,e25cdb0c,e25ccb90,0,0,...) at pfctlinput2+0x4a
esp6_ctlinput(6,e25cdb0c,e25ccc0c,e25ccc0c,e25cdb0c,...) at 
esp6_ctlinput+0x73
pfctlinput2(6,e25cdb0c,e25ccc0c,0,0,...) at pfctlinput2+0x4a
esp6_ctlinput(6,e25cdb0c,e25ccc88,e25ccc88,e25cdb0c,...) at 
esp6_ctlinput+0x73
pfctlinput2(6,e25cdb0c,e25ccc88,0,0,...) at pfctlinput2+0x4a
esp6_ctlinput(6,e25cdb0c,e25ccd04,e25ccd04,e25cdb0c,...) at 
esp6_ctlinput+0x73
pfctlinput2(6,e25cdb0c,e25ccd04,0,0,...) at pfctlinput2+0x4a
esp6_ctlinput(6,e25cdb0c,e25ccd80,e25ccd80,e25cdb0c,...) at 
esp6_ctlinput+0x73
pfctlinput2(6,e25cdb0c,e25ccd80,0,0,...) at pfctlinput2+0x4a
esp6_ctlinput(6,e25cdb0c,e25ccdfc,e25ccdfc,e25cdb0c,...) at 
esp6_ctlinput+0x73
pfctlinput2(6,e25cdb0c,e25ccdfc,0,0,...) at pfctlinput2+0x4a
esp6_ctlinput(6,e25cdb0c,e25cce78,e25cce78,e25cdb0c,...) at 
esp6_ctlinput+0x73
pfctlinput2(6,e25cdb0c,e25cce78,0,0,...) at pfctlinput2+0x4a
esp6_ctlinput(6,e25cdb0c,e25ccef4,e25ccef4,e25cdb0c,...) at 
esp6_ctlinput+0x73
pfctlinput2(6,e25cdb0c,e25ccef4,0,0,...) at pfctlinput2+0x4a
esp6_ctlinput(6,e25cdb0c,e25ccf70,e25ccf70,e25cdb0c,...) at 
esp6_ctlinput+0x73
pfctlinput2(6,e25cdb0c,e25ccf70,0,0,...) at pfctlinput2+0x4a
esp6_ctlinput(6,e25cdb0c,e25ccfec,e25ccfec,e25cdb0c,...) at 
esp6_ctlinput+0x73
pfctlinput2(6,e25cdb0c,e25ccfec,0,0,...) at pfctlinput2+0x4a
esp6_ctlinput(6,e25cdb0c,e25cd068,e25cd068,e25cdb0c,...) at 
esp6_ctlinput+0x73
pfctlinput2(6,e25cdb0c,e25cd068,0,0,...) at pfctlinput2+0x4a
esp6_ctlinput(6,e25cdb0c,e25cd0e4,e25cd0e4,e25cdb0c,...) at 
esp6_ctlinput+0x73
pfctlinput2(6,e25cdb0c,e25cd0e4,0,0,...) at pfctlinput2+0x4a
esp6_ctlinput(6,e25cdb0c,e25cd160,e25cd160,e25cdb0c,...) at 
esp6_ctlinput+0x73
pfctlinput2(6,e25cdb0c,e25cd160,0,0,...) at pfctlinput2+0x4a
esp6_ctlinput(6,e25cdb0c,e25cd1dc,e25cd1dc,e25cdb0c,...) at 
esp6_ctlinput+0x73
pfctlinput2(6,e25cdb0c,e25cd1dc,0,0,...) at pfctlinput2+0x4a
esp6_ctlinput(6,e25cdb0c,e25cd258,e25cd258,e25cdb0c,...) at 
esp6_ctlinput+0x73
pfctlinput2(6,e25cdb0c,e25cd258,0,0,...) at pfctlinput2+0x4a
esp6_ctlinput(6,e25cdb0c,e25cd2d4,e25cd2d4,e25cdb0c,...) at 
esp6_ctlinput+0x73
pfctlinput2(6,e25cdb0c,e25cd2d4,0,0,...) at pfctlinput2+0x4a
esp6_ctlinput(6,e25cdb0c,e25cd350,e25cd350,e25cdb0c,...) at 
esp6_ctlinput+0x73
pfctlinput2(6,e25cdb0c,e25cd350,0,0,...) at pfctlinput2+0x4a
esp6_ctlinput(6,e25cdb0c,e25cd3cc,e25cd3cc,e25cdb0c,...) at 
esp6_ctlinput+0x73
pfctlinput2(6,e25cdb0c,e25cd3cc,0,0,...) at pfctlinput2+0x4a
esp6_ctlinput(6,e25cdb0c,e25cd448,e25cd448,e25cdb0c,...) at 
esp6_ctlinput+0x73
pfctlinput2(6,e25cdb0c,e25cd448,0,0,...) at pfctlinput2+0x4a
esp6_ctlinput(6,e25cdb0c,e25cd4c4,e25cd4c4,e25cdb0c,...) at 
esp6_ctlinput+0x73
pfctlinput2(6,e25cdb0c,e25cd4c4,0,0,...) at pfctlinput2+0x4a
esp6_ctlinput(6,e25cdb0c,e25cd540,e25cd540,e25cdb0c,...) at 
esp6_ctlinput+0x73
pfctlinput2(6,e25cdb0c,e25cd540,0,0,...) at pfctlinput2+0x4a
esp6_ctlinput(6,e25cdb0c,e25cd5bc,e25cd5bc,e25cdb0c,...) at 
esp6_ctlinput+0x73
pfctlinput2(6,e25cdb0c,e25cd5bc,0,0,...) at pfctlinput2+0x4a
esp6_ctlinput(6,e25cdb0c,e25cd638,e25cd638,e25cdb0c,...) at 
esp6_ctlinput+0x73
pfctlinput2(6,e25cdb0c,e25cd638,0,0,...) at pfctlinput2+0x4a
esp6_ctlinput(6,e25cdb0c,e25cd6b4,e25cd6b4,e25cdb0c,...) at 
esp6_ctlinput+0x73
pfctlinput2(6,e25cdb0c,e25cd6b4,0,0,...) at pfctlinput2+0x4a
esp6_ctlinput(6,e25cdb0c,e25cd730,e25cd730,e25cdb0c,...) at 
esp6_ctlinput+0x73
pfctlinput2(6,e25cdb0c,e25cd730,0,0,...) at pfctlinput2+0x4a
esp6_ctlinput(6,e25cdb0c,e25cd7ac,e25cd7ac,e25cdb0c,...) at 
esp6_ctlinput+0x73
pfctlinput2(6,e25cdb0c,e25cd7ac,0,0,...) at pfctlinput2+0x4a
esp6_ctlinput(6,e25cdb0c,e25cd828,e25cd828,e25cdb0c,...) at 
esp6_ctlinput+0x73
pfctlinput2(6,e25cdb0c,e25cd828,0,0,...) at pfctlinput2+0x4a
esp6_ctlinput(6,e25cdb0c,e25cd8a4,e25cd8a4,e25cdb0c,...) at 
esp6_ctlinput+0x73
pfctlinput2(6,e25cdb0c,e25cd8a4,0,0,...) at pfctlinput2+0x4a
esp6_ctlinput(6,e25cdb0c,e25cd920,e25cd920,e25cdb0c,...) at 
esp6_ctlinput+0x73
pfctlinput2(6,e25cdb0c,e25cd920,0,0,...) at pfctlinput2+0x4a
esp6_ctlinput(6,e25cdb0c,e25cd99c,e25cd99c,e25cdb0c,...) at 
esp6_ctlinput+0x73
pfctlinput2(6,e25cdb0c,e25cd99c,c3ba5c00,e25cdb30,...) at pfctlinput2+0x4a
esp6_ctlinput(6,e25cdb0c,e25cdacc,84,c66a7400,...) at esp6_ctlinput+0x73
icmp6_input(e25cdc74,e25cdc5c,3a,1,0,...) at icmp6_input+0x25de
ip6_input(c66a7400,c055f65d,c3a9ac30,c3ab1c00,0,...) at ip6_input+0xed9
netisr_processqueue(c08490d0,c3ab2000,0,0,0,...) at 
netisr_processqueue+0xdb
swi_net(0,0,c07d0e15,46b,ffffffff,...) at swi_net+0xca
ithread_loop(c3a78a80,e25cdd38,ffdfffff,ffffffff,ffefffff,...) at 
ithread_loop+0x1cb
fork_exit(c05520a0,c3a78a80,e25cdd38) at fork_exit+0xa1
fork_trampoline() at fork_trampoline+0x8
--- trap 0, eip = 0, esp = 0xe25cdd70, ebp = 0 ---
Uptime: 1h59m52s
Physical memory: 1014 MB
Dumping 141 MB: 126 110 94 78 62 46 30 14

#0  doadump () at pcpu.h:195
195	pcpu.h: No such file or directory.
	in pcpu.h
(kgdb) bt
#0  doadump () at pcpu.h:195
#1  0xc056b5e3 in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:409
#2  0xc056b81a in panic (fmt=Variable "fmt" is not available.
) at /usr/src/sys/kern/kern_shutdown.c:563
#3  0xc0790059 in dblfault_handler () at /usr/src/sys/i386/i386/trap.c:901
#4  0x00000000 in ?? ()
(kgdb) l *pfctlinput2+0x4a
0xc05b64ca is in pfctlinput2 (/usr/src/sys/kern/uipc_domain.c:444).
439			 * correct way.  the following check is made just for safety.
440			 */
441			if (dp->dom_family != sa->sa_family)
442				continue;
443	
444			for (pr = dp->dom_protosw; pr < dp->dom_protoswNPROTOSW; pr++)
445				if (pr->pr_ctlinput)
446					(*pr->pr_ctlinput)(cmd, sa, ctlparam);
447		}
448	}
(kgdb) l *esp6_ctlinput+0x73
0xc06d8ca3 is in esp6_ctlinput (/usr/src/sys/netipsec/ipsec_input.c:801).
796			 * Then go to special cases that need ESP header information.
797			 * XXX: We assume that when ip6 is non NULL,
798			 * M and OFF are valid.
799			 */
800	
801			if (cmd == PRC_MSGSIZE) {
802				struct secasvar *sav;
803				u_int32_t spi;
804				int valid;
805	
(kgdb)
Script done on Sun Aug 26 04:20:50 2007

-- 
Pawel
Received on Mon Aug 27 2007 - 13:51:30 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:39:16 UTC