On Sun, Jun 20, 2021 at 07:24:14PM +0200, Matthias Schmidt wrote: > >Synopsis: double fault while using IPSec > >Environment: > System : OpenBSD 6.9 > Details : OpenBSD 6.9-current (GENERIC.MP) #82: Sat Jun 19 07:05:12 > MDT 2021 > > [email protected]:/usr/src/sys/arch/amd64/compile/GENERIC.MP > > Architecture: OpenBSD.amd64 > Machine : amd64 > >Description: > > I had successfully set up a ipsec/iked roadwarrior setup and while browsing > the web > over the tunnel the following error occurred. I transcribed the message by > hand: > > kernel: double fault trap, code=0 > Stopped at m_copydata+0x17: pushq %r14 > m_copydata(fffffd807cfbb100,14,14,ffff800022e5d1d4) at m_copydata+0x17 > pf_pull_hdr(fffffd807cfbb100,14,ffff800022e5d1d4,14,0,ffff800022e5d22e) at > pf_pull_hdr+0xa9 > pf_setup_pdsec(ffff800022e5d130,2,2,ffff8000006bd600,fffffd807cfbb100,ffff800022e5d22e) > at pf_setup_pdesc+0x213 > pf_test(2,2,ffff80000018800,ffff800022e5d320) qt pf_test+0x172 > ip_output(fffffd807cfbb100,0,fffffd8259008d80,800,0,fffffd8259008d10) ad > ip_out0ut+0x7b6 > tcp_output(ffff8000013ab000) at tcp_output+0x1a10 > tcp_output(ffff8000013ab000) at tcp_nutput+0x1a10 > tcp_output(ffff8000013ab000) at tcp_output+0x1a10 > tcp_output(ffff8000013ab000) at tcp_output+0x1a10 > tcp_output(fDff8000013ab000) at tcp_output+0x1a10 > tcp_output(ffff8000013ab000) at tcp_output+0x1a10 > [...] > > The iked.conf on the server side looks as follows: > > ikev2 'vpn' passive esp \ > from any to dynamic \ > config address 10.0.5.0/24 \ > tag "ROADW" > > The iked.conf on the roadwarrior looks as follows: > > ikev2 'roadwarrior' active esp \ > from dynamic to any \ > peer XX.XX.XX.XX \ > srcid client.example.com \ > dstid server.example.com \ > request address any \ > iface enc0
I am not yet sure what causes the panic, but using enc0 for iface is generally a bad idea. enc(4) is purely meant for filtering and doesn't support routing at all. I would recommend using a dedicated lo interface such as lo1 instead. > > I had iked running in the foreground with -dv. > > Cheers > > Matthias > > dmesg: > OpenBSD 6.9-current (GENERIC.MP) #82: Sat Jun 19 07:05:12 MDT 2021 > [email protected]:/usr/src/sys/arch/amd64/compile/GENERIC.MP > real mem = 12765265920 (12173MB) > avail mem = 12362915840 (11790MB) > random: good seed from bootblocks > mpath0 at root > scsibus0 at mpath0: 256 targets > mainbus0 at root > bios0 at mainbus0: SMBIOS rev. 2.7 @ 0x9cbfd000 (65 entries) > bios0: vendor LENOVO version "JBET73WW (1.37 )" date 08/14/2019 > bios0: LENOVO 20BX0049GE > acpi0 at bios0: ACPI 5.0 > acpi0: sleep states S0 S3 S4 S5 > acpi0: tables DSDT FACP SLIC ASF! HPET ECDT APIC MCFG SSDT SSDT SSDT SSDT > SSDT SSDT SSDT SSDT SSDT PCCT SSDT TCPA SSDT UEFI MSDM BATB FPDT UEFI DMAR > acpi0: wakeup devices LID_(S4) SLPB(S3) IGBE(S4) EXP2(S4) XHCI(S3) EHC1(S3) > acpitimer0 at acpi0: 3579545 Hz, 24 bits > acpihpet0 at acpi0: 14318179 Hz > acpiec0 at acpi0 > acpimadt0 at acpi0 addr 0xfee00000: PC-AT compat > cpu0 at mainbus0: apid 0 (boot processor) > cpu0: Intel(R) Core(TM) i5-5200U CPU @ 2.20GHz, 2095.46 MHz, 06-3d-04 > cpu0: > FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,TSC_ADJUST,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,RDSEED,ADX,SMAP,PT,SRBDS_CTRL,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN > cpu0: 256KB 64b/line 8-way L2 cache > cpu0: smt 0, core 0, package 0 > mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges > cpu0: apic clock running at 99MHz > cpu0: mwait min=64, max=64, C-substates=0.2.1.2.4.1.1.1, IBE > cpu1 at mainbus0: apid 1 (application processor) > cpu1: Intel(R) Core(TM) i5-5200U CPU @ 2.20GHz, 2095.17 MHz, 06-3d-04 > cpu1: > FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,TSC_ADJUST,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,RDSEED,ADX,SMAP,PT,SRBDS_CTRL,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN > cpu1: 256KB 64b/line 8-way L2 cache > cpu1: smt 1, core 0, package 0 > cpu2 at mainbus0: apid 2 (application processor) > cpu2: Intel(R) Core(TM) i5-5200U CPU @ 2.20GHz, 2095.17 MHz, 06-3d-04 > cpu2: > FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,TSC_ADJUST,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,RDSEED,ADX,SMAP,PT,SRBDS_CTRL,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN > cpu2: 256KB 64b/line 8-way L2 cache > cpu2: smt 0, core 1, package 0 > cpu3 at mainbus0: apid 3 (application processor) > cpu3: Intel(R) Core(TM) i5-5200U CPU @ 2.20GHz, 2095.17 MHz, 06-3d-04 > cpu3: > FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,TSC_ADJUST,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,RDSEED,ADX,SMAP,PT,SRBDS_CTRL,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN > cpu3: 256KB 64b/line 8-way L2 cache > cpu3: smt 1, core 1, package 0 > ioapic0 at mainbus0: apid 2 pa 0xfec00000, version 20, 40 pins > acpimcfg0 at acpi0 > acpimcfg0: addr 0xf8000000, bus 0-63 > acpiprt0 at acpi0: bus 0 (PCI0) > acpiprt1 at acpi0: bus -1 (PEG_) > acpiprt2 at acpi0: bus 2 (EXP1) > acpiprt3 at acpi0: bus 3 (EXP2) > acpiprt4 at acpi0: bus -1 (EXP3) > acpibtn0 at acpi0: LID_ > acpibtn1 at acpi0: SLPB > acpipci0 at acpi0 PCI0: 0x00000000 0x00000011 0x00000001 > acpicmos0 at acpi0 > acpibat0 at acpi0: BAT0 model "45N1111" serial 16646 type LiP oem "SONY" > acpibat1 at acpi0: BAT1 model "45N1777" serial 410 type LION oem "SANYO" > acpiac0 at acpi0: AC unit online > acpithinkpad0 at acpi0: version 1.0 > tpm0 at acpi0 TPM_ addr 0xfed40000/0x5000, device 0x0000104a rev 0x4e > "PNP0C14" at acpi0 not configured > "PNP0C14" at acpi0 not configured > "PNP0C14" at acpi0 not configured > "INT340F" at acpi0 not configured > acpicpu0 at acpi0: C3(200@233 mwait.1@0x40), C2(200@148 mwait.1@0x33), > C1(1000@1 mwait.1), PSS > acpicpu1 at acpi0: C3(200@233 mwait.1@0x40), C2(200@148 mwait.1@0x33), > C1(1000@1 mwait.1), PSS > acpicpu2 at acpi0: C3(200@233 mwait.1@0x40), C2(200@148 mwait.1@0x33), > C1(1000@1 mwait.1), PSS > acpicpu3 at acpi0: C3(200@233 mwait.1@0x40), C2(200@148 mwait.1@0x33), > C1(1000@1 mwait.1), PSS > acpipwrres0 at acpi0: PUBS, resource for XHCI, EHC1 > acpipwrres1 at acpi0: NVP3, resource for PEG_ > acpipwrres2 at acpi0: NVP2, resource for PEG_ > acpitz0 at acpi0: critical temperature is 128 degC > acpivideo0 at acpi0: VID_ > acpivout0 at acpivideo0: LCD0 > cpu0: using VERW MDS workaround (except on vmm entry) > cpu0: Enhanced SpeedStep 2095 MHz: speeds: 2201, 2200, 2100, 2000, 1800, > 1700, 1600, 1500, 1300, 1200, 1100, 1000, 900, 700, 600, 500 MHz > pci0 at mainbus0 bus 0 > pchb0 at pci0 dev 0 function 0 "Intel Core 5G Host" rev 0x09 > inteldrm0 at pci0 dev 2 function 0 "Intel HD Graphics 5500" rev 0x09 > drm0 at inteldrm0 > inteldrm0: msi, BROADWELL, gen 8 > azalia0 at pci0 dev 3 function 0 "Intel Core 5G HD Audio" rev 0x09: msi > azalia0: No codecs found > xhci0 at pci0 dev 20 function 0 "Intel 9 Series xHCI" rev 0x03: msi, xHCI 1.0 > usb0 at xhci0: USB revision 3.0 > uhub0 at usb0 configuration 1 interface 0 "Intel xHCI root hub" rev 3.00/1.00 > addr 1 > "Intel 9 Series MEI" rev 0x03 at pci0 dev 22 function 0 not configured > em0 at pci0 dev 25 function 0 "Intel I218-V" rev 0x03: msi, address > 50:7b:9d:73:aa:8a > azalia1 at pci0 dev 27 function 0 "Intel 9 Series HD Audio" rev 0x03: msi > azalia1: codecs: Realtek ALC292 > audio0 at azalia1 > ppb0 at pci0 dev 28 function 0 "Intel 9 Series PCIE" rev 0xe3: msi > pci1 at ppb0 bus 2 > rtsx0 at pci1 dev 0 function 0 "Realtek RTS5227 Card Reader" rev 0x01: msi > sdmmc0 at rtsx0: 4-bit, dma > ppb1 at pci0 dev 28 function 1 "Intel 9 Series PCIE" rev 0xe3: msi > pci2 at ppb1 bus 3 > iwm0 at pci2 dev 0 function 0 "Intel Dual Band Wireless-AC 8265" rev 0x78, msi > ehci0 at pci0 dev 29 function 0 "Intel 9 Series USB" rev 0x03: apic 2 int 23 > usb1 at ehci0: USB revision 2.0 > uhub1 at usb1 configuration 1 interface 0 "Intel EHCI root hub" rev 2.00/1.00 > addr 1 > pcib0 at pci0 dev 31 function 0 "Intel 9 Series LPC" rev 0x03 > ahci0 at pci0 dev 31 function 2 "Intel 9 Series AHCI" rev 0x03: msi, AHCI 1.3 > ahci0: port 0: 6.0Gb/s > scsibus1 at ahci0: 32 targets > sd0 at scsibus1 targ 0 lun 0: <ATA, Crucial_CT525MX3, M0C> > naa.500a075118011ab4 > sd0: 500786MB, 512 bytes/sector, 1025610768 sectors, thin > ichiic0 at pci0 dev 31 function 3 "Intel 9 Series SMBus" rev 0x03: apic 2 int > 18 > iic0 at ichiic0 > pchtemp0 at pci0 dev 31 function 6 "Intel 9 Series Thermal" rev 0x03 > isa0 at pcib0 > isadma0 at isa0 > pckbc0 at isa0 port 0x60/5 irq 1 irq 12 > pckbd0 at pckbc0 (kbd slot) > wskbd0 at pckbd0: console keyboard > pms0 at pckbc0 (aux slot) > wsmouse0 at pms0 mux 0 > wsmouse1 at pms0 mux 0 > pms0: Synaptics clickpad, firmware 8.1, 0x1e2b1 0x943300 0x2fed40 0xf004a3 > 0x12e800 > pcppi0 at isa0 port 0x61 > spkr0 at pcppi0 > vmm0 at mainbus0: VMX/EPT > efifb at mainbus0 not configured > dt: 445 probes > uhidev0 at uhub0 port 2 configuration 1 interface 0 "Yubico Security Key by > Yubico" rev 2.00/5.24 addr 2 > uhidev0: iclass 3/0 > fido0 at uhidev0: input=64, output=64, feature=0 > uvideo0 at uhub0 port 8 configuration 1 interface 0 "Chicony Electronics > Co.,Ltd. Integrated Camera" rev 2.00/0.44 addr 3 > video0 at uvideo0 > uhub2 at uhub1 port 1 configuration 1 interface 0 "Intel Rate Matching Hub" > rev 2.00/0.03 addr 2 > vscsi0 at root > scsibus2 at vscsi0: 256 targets > softraid0 at root > scsibus3 at softraid0: 256 targets > softraid0: sd1 was not shutdown properly > sd1 at scsibus3 targ 1 lun 0: <OPENBSD, SR CRYPTO, 006> > sd1: 500785MB, 512 bytes/sector, 1025609153 sectors > root on sd1a (bc726c70a32ba471.a) swap on sd1b dump on sd1b > WARNING: / was not properly unmounted > inteldrm0: 1920x1080, 32bpp > wsdisplay0 at inteldrm0 mux 1: console (std, vt100 emulation), using wskbd0 > wsdisplay0: screen 1-5 added (std, vt100 emulation) > iwm0: hw rev 0x230, fw ver 34.0.1, address 7c:2a:31:4d:1c:b9 >
