From root@daveg.ca  Wed Oct 27 17:39:34 2004
Return-Path: <root@daveg.ca>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id CAB7E16A4CE
	for <freebsd-gnats-submit@freebsd.org>; Wed, 27 Oct 2004 17:39:34 +0000 (GMT)
Received: from ox.eicat.ca (ox.eicat.ca [66.96.30.35])
	by mx1.FreeBSD.org (Postfix) with ESMTP id A2C3643D41
	for <freebsd-gnats-submit@freebsd.org>; Wed, 27 Oct 2004 17:39:34 +0000 (GMT)
	(envelope-from root@daveg.ca)
Received: by ox.eicat.ca (Postfix, from userid 66)
	id BBFECC6A4; Wed, 27 Oct 2004 13:39:30 -0400 (EDT)
Received: by canoe.dclg.ca (Postfix, from userid 0)
	id E1ED81D2E61; Wed, 27 Oct 2004 13:39:17 -0400 (EDT)
Message-Id: <20041027173917.E1ED81D2E61@canoe.dclg.ca>
Date: Wed, 27 Oct 2004 13:39:17 -0400 (EDT)
From: David Gilbert <dgilbert@daveg.ca>
Reply-To: David Gilbert <dgilbert@daveg.ca>
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: FAST_IPSEC broken on amd64
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         73211
>Category:       amd64
>Synopsis:       FAST_IPSEC broken on amd64
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    bz
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Wed Oct 27 17:40:29 GMT 2004
>Closed-Date:    Tue Jan 17 21:53:18 GMT 2006
>Last-Modified:  Tue Jan 17 21:53:18 GMT 2006
>Originator:     David Gilbert
>Release:        FreeBSD 5.3-RC1 amd64
>Organization:
DaveG.ca
>Environment:
System: FreeBSD router1-amd64 5.3-RELEASE FreeBSD 5.3-RELEASE #2: Wed Oct 27 09:27:49 EDT 2004     root@router1-amd64:/usr/src/sys/amd64/compile/FALCON64  amd64

This has also been reported in:

http://people.freebsd.org/~pjd/netperf/

>Description:
FAST_IPSEC seems to produce a kernel that panic's when IPSEC is used.
I tried taking out INET6 per Mike Tancsa's suggestin.  No change.
>How-To-Repeat:
/usr/sbin/setkey -f /etc/ipsec.conf with all lines commented out in
ipsec.conf triggers the panic
>Fix:

	None known yet.


>Release-Note:
>Audit-Trail:

From: David Gilbert <dgilbert@dclg.ca>
To: FreeBSD-gnats-submit@FreeBSD.org, freebsd-amd64@FreeBSD.org
Cc:  
Subject: Re: amd64/73211: FAST_IPSEC broken on amd64
Date: Wed, 27 Oct 2004 13:48:13 -0400

 Additional information.  I'm debugging remotely through a person
 ... so that's why I missed this.  The error (which is easily
 reproducable anyways) is fatal trap 18: integer divide fault while in
 kernel mode
 
 Dave.
 
 -- 
 ============================================================================
 |David Gilbert, Independent Contractor.       | Two things can only be     |
 |Mail:       dave@daveg.ca                    |  equal if and only if they |
 |http://daveg.ca                              |   are precisely opposite.  |
 =========================================================GLO================

From: David Gilbert <dgilbert@dclg.ca>
To: FreeBSD-gnats-submit@FreeBSD.org, freebsd-amd64@FreeBSD.org
Cc:  
Subject: Re: amd64/73211: FAST_IPSEC broken on amd64
Date: Wed, 27 Oct 2004 14:14:04 -0400

 After attempting to obtain a dump, it would appear that this crash
 won't produce a dump.  It might be memory corruption as the tech
 reported this crash to be a General Protection Fault in kernel mode.
 
 Dave.
 
 -- 
 ============================================================================
 |David Gilbert, Independent Contractor.       | Two things can only be     |
 |Mail:       dave@daveg.ca                    |  equal if and only if they |
 |http://daveg.ca                              |   are precisely opposite.  |
 =========================================================GLO================

From: "David O'Brien" <obrien@FreeBSD.org>
To: David Gilbert <dgilbert@dclg.ca>
Cc: FreeBSD-gnats-submit@FreeBSD.org, freebsd-amd64@FreeBSD.org
Subject: Re: amd64/73211: FAST_IPSEC broken on amd64
Date: Wed, 27 Oct 2004 11:42:28 -0700

 On Wed, Oct 27, 2004 at 02:14:04PM -0400, David Gilbert wrote:
 > After attempting to obtain a dump, it would appear that this crash
 > won't produce a dump.  It might be memory corruption as the tech
 > reported this crash to be a General Protection Fault in kernel mode.
 
 Download the latest memtest86+ ISO image from www.memtest.org, burn it to
 CDROM, and see if all your RAM passes.

From: David Gilbert <dgilbert@dclg.ca>
To: obrien@FreeBSD.org
Cc: David Gilbert <dgilbert@dclg.ca>,
	FreeBSD-gnats-submit@FreeBSD.org, freebsd-amd64@FreeBSD.org
Subject: Re: amd64/73211: FAST_IPSEC broken on amd64
Date: Wed, 27 Oct 2004 14:51:47 -0400

 >>>>> "David" == David O'Brien <obrien@FreeBSD.org> writes:
 
 David> On Wed, Oct 27, 2004 at 02:14:04PM -0400, David Gilbert wrote:
 >> After attempting to obtain a dump, it would appear that this crash
 >> won't produce a dump.  It might be memory corruption as the tech
 >> reported this crash to be a General Protection Fault in kernel
 >> mode.
 
 David> Download the latest memtest86+ ISO image from www.memtest.org,
 David> burn it to CDROM, and see if all your RAM passes.
 
 Since we've stresstested this box with packets and compiling and other
 chores, I strongly suspect the memory is not at fault.  The memory is
 also registered ECC.
 
 I'll have them run memory tests, but I'm at least the second
 independant person to report that FAST_IPSEC and amd64 are broken.
 
 The difference between the divide error and the GPF error was
 recompiling the kernel to dump --- so it's possible (I'm not in front
 of the machine) that the GPF is a second panic when it tries to dump.
 
 Dave.
 
 -- 
 ============================================================================
 |David Gilbert, Independent Contractor.       | Two things can only be     |
 |Mail:       dave@daveg.ca                    |  equal if and only if they |
 |http://daveg.ca                              |   are precisely opposite.  |
 =========================================================GLO================
Responsible-Changed-From-To: freebsd-amd64->bz 
Responsible-Changed-By: bz 
Responsible-Changed-When: Tue Nov 15 22:22:19 GMT 2005 
Responsible-Changed-Why:  
gnn and me will work on fast_ipsec so take this PR. I have an amd64 
machine here and could reproduce a panic even w/o a policy loaded. 

y2k# setkey -D 
[thread pid 471 tid 100057 ] 
Stopped at      kdebug_sockaddr+0xb0:   decl    0xffffffffffffff8d(%rax) 
db> where 
Tracing pid 471 tid 100057 td 0xffffff010bfc7750 
kdebug_sockaddr() at kdebug_sockaddr+0xb0 
raw_usend() at raw_usend+0x74 
key_send() at key_send+0xa 
sosend() at sosend+0x726 
kern_sendit() at kern_sendit+0x12f 
sendit() at sendit+0x1d3 
sendto() at sendto+0x52 
syscall() at syscall+0x350 
Xfast_syscall() at Xfast_syscall+0xa8 
--- syscall (133, FreeBSD ELF64, sendto), rip = 0x8007e9a6c, rsp = 0x7fffffff6b98, rbp = 0x2 --- 
db> show alllocks 
db> 

http://www.freebsd.org/cgi/query-pr.cgi?pr=73211 
State-Changed-From-To: open->closed 
State-Changed-By: bz 
State-Changed-When: Tue Jan 17 21:51:50 UTC 2006 
State-Changed-Why:  
PR amd64/89261 addresses the same problem and the solution is there. 
Please follow PR 89261 instead.  Thanks for reporting. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=73211 
>Unformatted:
