OpenBSD 4.4 panics when using AICCU

2008-11-13 Thread Felipe Alfaro Solana 
Hi misc,

Are any of you using AICCU on OpenBSD 4.4 patched to 005? Have you
experienced panics? Since I upgraded to OpenBSD 4.4, whenever I take
AICCU down, then up, after a while the system panics. I can reproduce
this reliably, although the timing is not always the same: sometimes
the system panics in a few seconds, sometimes it takes longer.

Have you experienced this?

Thanks in advance.

PS: I have crash dumps for each panic.

-- 
http://www.felipe-alfaro.org/blog/disclaimer/

Re: OpenBSD 4.4 panics when using AICCU

2008-11-13 Thread Felipe Alfaro Solana 
On Fri, Nov 14, 2008 at 12:00 AM, Felipe Alfaro Solana
[EMAIL PROTECTED] wrote:
 Hi misc,

 Are any of you using AICCU on OpenBSD 4.4 patched to 005? Have you
 experienced panics? Since I upgraded to OpenBSD 4.4, whenever I take
 AICCU down, then up, after a while the system panics. I can reproduce
 this reliably, although the timing is not always the same: sometimes
 the system panics in a few seconds, sometimes it takes longer.

 Have you experienced this?

I've been trying to chase down what is causing the panic. Apparently,
it's related to IPSec/IPv6: when I reboot the system with no
IPSec/IPv6 tunnels enabled (no sasync, no isakmpd) the system doesn't
panic when I take aiccu down and then up.

The system panics here:

uvm_fault(0xd623f758, 0x0, 0, 1) - e
kernel: page fault trap, code=0
Stopped at  in6_selecthlim+0x29:movzbl  0x1c(%eax),%eax


 Thanks in advance.

 PS: I have crash dumps for each panic.

 --
 http://www.felipe-alfaro.org/blog/disclaimer/




-- 
http://www.felipe-alfaro.org/blog/disclaimer/

Re: OpenBSD 4.4 panics when using AICCU

2008-11-13 Thread Felipe Alfaro Solana 
On Fri, Nov 14, 2008 at 12:58 AM, Felipe Alfaro Solana
[EMAIL PROTECTED] wrote:
 On Fri, Nov 14, 2008 at 12:00 AM, Felipe Alfaro Solana
 [EMAIL PROTECTED] wrote:
 Hi misc,

 Are any of you using AICCU on OpenBSD 4.4 patched to 005? Have you
 experienced panics? Since I upgraded to OpenBSD 4.4, whenever I take
 AICCU down, then up, after a while the system panics. I can reproduce
 this reliably, although the timing is not always the same: sometimes
 the system panics in a few seconds, sometimes it takes longer.

 Have you experienced this?

 I've been trying to chase down what is causing the panic. Apparently,
 it's related to IPSec/IPv6: when I reboot the system with no
 IPSec/IPv6 tunnels enabled (no sasync, no isakmpd) the system doesn't
 panic when I take aiccu down and then up.

 The system panics here:

 uvm_fault(0xd623f758, 0x0, 0, 1) - e
 kernel: page fault trap, code=0
 Stopped at  in6_selecthlim+0x29:movzbl  0x1c(%eax),%eax

Looks to me that the IPSec/IPv6 code is holding a reference to a
in6pcb structure (that represents or is associated the aiccu tun0
interface) that gets destroyed when I take aiccu down. When I start
aiccu again, the in6_selecthlim ends up being called with an old
reference to tun0 interface that does not exist anymore (was freed)
and that causes the trap.


 Thanks in advance.

 PS: I have crash dumps for each panic.

 --
 http://www.felipe-alfaro.org/blog/disclaimer/




 --
 http://www.felipe-alfaro.org/blog/disclaimer/




-- 
http://www.felipe-alfaro.org/blog/disclaimer/

Re: OpenBSD 4.4 panics when using AICCU

2008-11-13 Thread Felipe Alfaro Solana 
On Fri, Nov 14, 2008 at 12:58 AM, Felipe Alfaro Solana
[EMAIL PROTECTED] wrote:
 On Fri, Nov 14, 2008 at 12:00 AM, Felipe Alfaro Solana
 [EMAIL PROTECTED] wrote:
 Hi misc,

 Are any of you using AICCU on OpenBSD 4.4 patched to 005? Have you
 experienced panics? Since I upgraded to OpenBSD 4.4, whenever I take
 AICCU down, then up, after a while the system panics. I can reproduce
 this reliably, although the timing is not always the same: sometimes
 the system panics in a few seconds, sometimes it takes longer.

 Have you experienced this?

 I've been trying to chase down what is causing the panic. Apparently,
 it's related to IPSec/IPv6: when I reboot the system with no
 IPSec/IPv6 tunnels enabled (no sasync, no isakmpd) the system doesn't
 panic when I take aiccu down and then up.

 The system panics here:

 uvm_fault(0xd623f758, 0x0, 0, 1) - e
 kernel: page fault trap, code=0
 Stopped at  in6_selecthlim+0x29:movzbl  0x1c(%eax),%eax

Another datapoint:

When bringing aiccu down, the kernel logs the following message:

in6_purgeaddr: failed to remove a route to the p2p destination:
2001::::2 on tun0, errno=3.

This looks very suspicious to me, and wrong, by the way, since tun0
interface is using 2001::::2 as the local IPv6 address, while
2001::::1 is the remote end point. Hence, there is no route in
the routing table that is bound to tun0 and has 2001::::2 as
the destination (there is one but is bound to lo0). It leads me to
think that some data structures are not properly freed/referenced
counted which leads eventually to the panic.

Any ideas?



 Thanks in advance.

 PS: I have crash dumps for each panic.

 --
 http://www.felipe-alfaro.org/blog/disclaimer/




 --
 http://www.felipe-alfaro.org/blog/disclaimer/




-- 
http://www.felipe-alfaro.org/blog/disclaimer/

Re: OpenBSD 4.4 panics when using AICCU

2008-11-13 Thread Daniel Melameth 
On Thu, Nov 13, 2008 at 7:18 PM, Felipe Alfaro Solana
[EMAIL PROTECTED] wrote:
 On Fri, Nov 14, 2008 at 12:58 AM, Felipe Alfaro Solana
 [EMAIL PROTECTED] wrote:
 On Fri, Nov 14, 2008 at 12:00 AM, Felipe Alfaro Solana
 [EMAIL PROTECTED] wrote:
 Are any of you using AICCU on OpenBSD 4.4 patched to 005? Have you
 experienced panics? Since I upgraded to OpenBSD 4.4, whenever I take
 AICCU down, then up, after a while the system panics. I can reproduce
 this reliably, although the timing is not always the same: sometimes
 the system panics in a few seconds, sometimes it takes longer.

 Have you experienced this?

 I've been trying to chase down what is causing the panic. Apparently,
 it's related to IPSec/IPv6: when I reboot the system with no
 IPSec/IPv6 tunnels enabled (no sasync, no isakmpd) the system doesn't
 panic when I take aiccu down and then up.

 The system panics here:

 uvm_fault(0xd623f758, 0x0, 0, 1) - e
 kernel: page fault trap, code=0
 Stopped at  in6_selecthlim+0x29:movzbl  0x1c(%eax),%eax

 Another datapoint:

 When bringing aiccu down, the kernel logs the following message:

 in6_purgeaddr: failed to remove a route to the p2p destination:
 2001::::2 on tun0, errno=3.

 This looks very suspicious to me, and wrong, by the way, since tun0
 interface is using 2001::::2 as the local IPv6 address, while
 2001::::1 is the remote end point. Hence, there is no route in
 the routing table that is bound to tun0 and has 2001::::2 as
 the destination (there is one but is bound to lo0). It leads me to
 think that some data structures are not properly freed/referenced
 counted which leads eventually to the panic.

 Any ideas?

Haven't looked at it in detail, but brad@ just updated 4.4 stable's
if.c to address an apparently similar IPv6-related panic that might
help.