OpenBSD 4.4 panics when using AICCU
Hi misc, Are any of you using AICCU on OpenBSD 4.4 patched to 005? Have you experienced panics? Since I upgraded to OpenBSD 4.4, whenever I take AICCU down, then up, after a while the system panics. I can reproduce this reliably, although the timing is not always the same: sometimes the system panics in a few seconds, sometimes it takes longer. Have you experienced this? Thanks in advance. PS: I have crash dumps for each panic. -- http://www.felipe-alfaro.org/blog/disclaimer/
Re: OpenBSD 4.4 panics when using AICCU
On Fri, Nov 14, 2008 at 12:00 AM, Felipe Alfaro Solana [EMAIL PROTECTED] wrote: Hi misc, Are any of you using AICCU on OpenBSD 4.4 patched to 005? Have you experienced panics? Since I upgraded to OpenBSD 4.4, whenever I take AICCU down, then up, after a while the system panics. I can reproduce this reliably, although the timing is not always the same: sometimes the system panics in a few seconds, sometimes it takes longer. Have you experienced this? I've been trying to chase down what is causing the panic. Apparently, it's related to IPSec/IPv6: when I reboot the system with no IPSec/IPv6 tunnels enabled (no sasync, no isakmpd) the system doesn't panic when I take aiccu down and then up. The system panics here: uvm_fault(0xd623f758, 0x0, 0, 1) - e kernel: page fault trap, code=0 Stopped at in6_selecthlim+0x29:movzbl 0x1c(%eax),%eax Thanks in advance. PS: I have crash dumps for each panic. -- http://www.felipe-alfaro.org/blog/disclaimer/ -- http://www.felipe-alfaro.org/blog/disclaimer/
Re: OpenBSD 4.4 panics when using AICCU
On Fri, Nov 14, 2008 at 12:58 AM, Felipe Alfaro Solana [EMAIL PROTECTED] wrote: On Fri, Nov 14, 2008 at 12:00 AM, Felipe Alfaro Solana [EMAIL PROTECTED] wrote: Hi misc, Are any of you using AICCU on OpenBSD 4.4 patched to 005? Have you experienced panics? Since I upgraded to OpenBSD 4.4, whenever I take AICCU down, then up, after a while the system panics. I can reproduce this reliably, although the timing is not always the same: sometimes the system panics in a few seconds, sometimes it takes longer. Have you experienced this? I've been trying to chase down what is causing the panic. Apparently, it's related to IPSec/IPv6: when I reboot the system with no IPSec/IPv6 tunnels enabled (no sasync, no isakmpd) the system doesn't panic when I take aiccu down and then up. The system panics here: uvm_fault(0xd623f758, 0x0, 0, 1) - e kernel: page fault trap, code=0 Stopped at in6_selecthlim+0x29:movzbl 0x1c(%eax),%eax Looks to me that the IPSec/IPv6 code is holding a reference to a in6pcb structure (that represents or is associated the aiccu tun0 interface) that gets destroyed when I take aiccu down. When I start aiccu again, the in6_selecthlim ends up being called with an old reference to tun0 interface that does not exist anymore (was freed) and that causes the trap. Thanks in advance. PS: I have crash dumps for each panic. -- http://www.felipe-alfaro.org/blog/disclaimer/ -- http://www.felipe-alfaro.org/blog/disclaimer/ -- http://www.felipe-alfaro.org/blog/disclaimer/
Re: OpenBSD 4.4 panics when using AICCU
On Fri, Nov 14, 2008 at 12:58 AM, Felipe Alfaro Solana [EMAIL PROTECTED] wrote: On Fri, Nov 14, 2008 at 12:00 AM, Felipe Alfaro Solana [EMAIL PROTECTED] wrote: Hi misc, Are any of you using AICCU on OpenBSD 4.4 patched to 005? Have you experienced panics? Since I upgraded to OpenBSD 4.4, whenever I take AICCU down, then up, after a while the system panics. I can reproduce this reliably, although the timing is not always the same: sometimes the system panics in a few seconds, sometimes it takes longer. Have you experienced this? I've been trying to chase down what is causing the panic. Apparently, it's related to IPSec/IPv6: when I reboot the system with no IPSec/IPv6 tunnels enabled (no sasync, no isakmpd) the system doesn't panic when I take aiccu down and then up. The system panics here: uvm_fault(0xd623f758, 0x0, 0, 1) - e kernel: page fault trap, code=0 Stopped at in6_selecthlim+0x29:movzbl 0x1c(%eax),%eax Another datapoint: When bringing aiccu down, the kernel logs the following message: in6_purgeaddr: failed to remove a route to the p2p destination: 2001::::2 on tun0, errno=3. This looks very suspicious to me, and wrong, by the way, since tun0 interface is using 2001::::2 as the local IPv6 address, while 2001::::1 is the remote end point. Hence, there is no route in the routing table that is bound to tun0 and has 2001::::2 as the destination (there is one but is bound to lo0). It leads me to think that some data structures are not properly freed/referenced counted which leads eventually to the panic. Any ideas? Thanks in advance. PS: I have crash dumps for each panic. -- http://www.felipe-alfaro.org/blog/disclaimer/ -- http://www.felipe-alfaro.org/blog/disclaimer/ -- http://www.felipe-alfaro.org/blog/disclaimer/
Re: OpenBSD 4.4 panics when using AICCU
On Thu, Nov 13, 2008 at 7:18 PM, Felipe Alfaro Solana [EMAIL PROTECTED] wrote: On Fri, Nov 14, 2008 at 12:58 AM, Felipe Alfaro Solana [EMAIL PROTECTED] wrote: On Fri, Nov 14, 2008 at 12:00 AM, Felipe Alfaro Solana [EMAIL PROTECTED] wrote: Are any of you using AICCU on OpenBSD 4.4 patched to 005? Have you experienced panics? Since I upgraded to OpenBSD 4.4, whenever I take AICCU down, then up, after a while the system panics. I can reproduce this reliably, although the timing is not always the same: sometimes the system panics in a few seconds, sometimes it takes longer. Have you experienced this? I've been trying to chase down what is causing the panic. Apparently, it's related to IPSec/IPv6: when I reboot the system with no IPSec/IPv6 tunnels enabled (no sasync, no isakmpd) the system doesn't panic when I take aiccu down and then up. The system panics here: uvm_fault(0xd623f758, 0x0, 0, 1) - e kernel: page fault trap, code=0 Stopped at in6_selecthlim+0x29:movzbl 0x1c(%eax),%eax Another datapoint: When bringing aiccu down, the kernel logs the following message: in6_purgeaddr: failed to remove a route to the p2p destination: 2001::::2 on tun0, errno=3. This looks very suspicious to me, and wrong, by the way, since tun0 interface is using 2001::::2 as the local IPv6 address, while 2001::::1 is the remote end point. Hence, there is no route in the routing table that is bound to tun0 and has 2001::::2 as the destination (there is one but is bound to lo0). It leads me to think that some data structures are not properly freed/referenced counted which leads eventually to the panic. Any ideas? Haven't looked at it in detail, but brad@ just updated 4.4 stable's if.c to address an apparently similar IPv6-related panic that might help.