On my embedded system boxes based upon the Soekris platform with 64MB of memory, the kernel regularly crashes with "panic: double fault" if ipsec is used. Note that ip_output() has been stacked seven times deep before the stack overflow occurs. The stack trace follows: Fatal double fault: eip = 0xc0459328 esp = 0xc5d97f8c ebp = 0xc5d980a0 panic: double fault KDB: stack backtrace: db_trace_self_wrapper(c07a9c99,c080a1a0,c07c6f5d,c0827a90,c0827a90,...) at db_trace_self_wrapper+0x26 panic(c07c6f5d,c5d980a0,c5d980a0,0,0,...) at panic+0xed dblfault_handler() at dblfault_handler+0x69 --- trap 0x17, eip = 0xc0459328, esp = 0xc5d97f8c, ebp = 0xc5d980a0 --- pf_test(2,c1087000,c5d980e4,0,0,...) at pf_test+0x88 pf_check_out(0,c5d980e4,c1087000,2,0,...) at pf_check_out+0x43 pfil_run_hooks(c0812f80,c5d98198,c1087000,2,0,...) at pfil_run_hooks+0x9f ipsec_filter(c5d98198,2,201,201,1e100e0a,...) at ipsec_filter+0x16c ipsec4_process_packet(c16bb000,c15f7600,2,0,0,...) at ipsec4_process_packet+0xa8 ip_ipsec_output(c5d98248,0,c5d98254,c5d98228,c5d98250,...) at ip_ipsec_output+0x145 ip_output(c16bb000,0,c5d9820c,2,0,...) at ip_output+0x2e4 ipsec_process_done(c16bb000,c15f7580,0,c1787348,46c,...) at ipsec_process_done+0x1fe ah_output_cb(c17167bc,c5d98428,c16bb054,c,2c,c5d98358,c5d98428,c1715d80) at ah_output_cb+0x196 crypto_done(c17167bc,20,0,c5d98434,c5d98428,...) at crypto_done+0xf6 swcr_process(c0fc0480,c17167bc,0,c16bb000,3,...) at swcr_process+0x59 crypto_invoke(1,a,c1787334,14,c19c3980,...) at crypto_invoke+0x67 crypto_dispatch(c17167bc,1,0,c5d98530,2,...) at crypto_dispatch+0xe2 ah_output(c16bb000,c15f7580,0,14,9,...) at ah_output+0x529 ipsec4_process_packet(c16bb000,c15f7600,2,0,0,...) at ipsec4_process_packet+0x2d1 ip_ipsec_output(c5d9866c,0,c5d98678,c5d9864c,c5d98674,...) at ip_ipsec_output+0x145 ip_output(c16bb000,0,c5d98630,2,0,...) at ip_output+0x2e4 ipsec_process_done(c16bb000,c15f7580,0,c1736548,46c,...) at ipsec_process_done+0x1fe ah_output_cb(c1716564,c5d9884c,c16bb054,c,2c,c5d9877c,c5d9884c,c1715d80) at ah_output_cb+0x196 crypto_done(c1716564,20,0,c5d98858,c5d9884c,...) at crypto_done+0xf6 swcr_process(c0fc0480,c1716564,0,c16bb000,3,...) at swcr_process+0x59 crypto_invoke(1,a,c1736534,14,c19c3980,...) at crypto_invoke+0x67 crypto_dispatch(c1716564,1,0,c5d98954,2,...) at crypto_dispatch+0xe2 ah_output(c16bb000,c15f7580,0,14,9,...) at ah_output+0x529 ipsec4_process_packet(c16bb000,c15f7600,2,0,0,...) at ipsec4_process_packet+0x2d1 ip_ipsec_output(c5d98a90,0,c5d98a9c,c5d98a70,c5d98a98,...) at ip_ipsec_output+0x145 ip_output(c16bb000,0,c5d98a54,2,0,...) at ip_output+0x2e4 ipsec_process_done(c16bb000,c15f7580,0,c17887c8,46c,...) at ipsec_process_done+0x1fe ah_output_cb(c1716348,c5d98c70,c16bb054,c,2c,c5d98ba0,c5d98c70,c1715d80) at ah_output_cb+0x196 crypto_done(c1716348,20,0,c5d98c7c,c5d98c70,...) at crypto_done+0xf6 swcr_process(c0fc0480,c1716348,0,c16bb000,3,...) at swcr_process+0x59 crypto_invoke(1,a,c17887b4,14,c19c3980,...) at crypto_invoke+0x67 crypto_dispatch(c1716348,1,0,c5d98d78,2,...) at crypto_dispatch+0xe2 ah_output(c16bb000,c15f7580,0,14,9,...) at ah_output+0x529t+0x2e4 ipsec_process_done(c16bb000,c15f7580,0,c17887c8,46c,...) at ipsec_process_done+0x1fe ah_output_cb(c1716348,c5d98c70,c16bb054,c,2c,c5d98ba0,c5d98c70,c1715d80) at ah_output_cb+0x196 crypto_done(c1716348,20,0,c5d98c7c,c5d98c70,...) at crypto_done+0xf6 swcr_process(c0fc0480,c1716348,0,c16bb000,3,...) at swcr_process+0x59 crypto_invoke(1,a,c17887b4,14,c19c3980,...) at crypto_invoke+0x67 crypto_dispatch(c1716348,1,0,c5d98d78,2,...) at crypto_dispatch+0xe2 ah_output(c16bb000,c15f7580,0,14,9,...) at ah_output+0x529 ipsec4_process_packet(c16bb000,c15f7600,2,0,0,...) at ipsec4_process_packet+0x2d1 ip_ipsec_output(c5d98eb4,0,c5d98ec0,c5d98e94,c5d98ebc,...) at ip_ipsec_output+0x145 ip_output(c16bb000,0,c5d98e78,2,0,...) at ip_output+0x2e4 ipsec_process_done(c16bb000,c15f7580,0,c168c848,46c,...) at ipsec_process_done+0x1fe ah_output_cb(c1716528,c5d99094,c16bb054,c,2c,c5d98fc4,c5d99094,c1715d80) at ah_output_cb+0x196 crypto_done(c1716528,20,0,c5d990a0,c5d99094,...) at crypto_done+0xf6 swcr_process(c0fc0480,c1716528,0,c16bb000,3,...) at swcr_process+0x59 crypto_invoke(1,a,c168c834,14,c19c3980,...) at crypto_invoke+0x67 crypto_dispatch(c1716528,1,0,c5d9919c,2,...) at crypto_dispatch+0xe2 ah_output(c16bb000,c15f7580,0,14,9,...) at ah_output+0x529 ipsec4_process_packet(c16bb000,c15f7600,2,0,0,...) at ipsec4_process_packet+0x2d1 ip_ipsec_output(c5d992d8,0,c5d992e4,c5d992b8,c5d992e0,...) at ip_ipsec_output+0x145 ip_output(c16bb000,0,c5d9929c,2,0,...) at ip_output+0x2e4 ipsec_process_done(c16bb000,c15f7580,0,c17350c8,46c,...) at ipsec_process_done+0x1fe ah_output_cb(c1716708,c5d994b8,c16bb054,c,2c,c5d993e8,c5d994b8,c1715d80) at ah_output_cb+0x196 crypto_done(c1716708,20,0,c5d994c4,c5d994b8,...) at crypto_done+0xf6 swcr_process(c0fc0480,c1716708,0,c16bb000,3,...) at swcr_process+0x59 crypto_invoke(1,a,c17350b4,14,c19c3980,...) at crypto_invoke+0x67 crypto_dispatch(c1716708,1,0,c5d995c0,2,...) at crypto_dispatch+0xe2 ah_output(c16bb000,c15f7580,0,14,9,...) at ah_output+0x529 ipsec4_process_packet(c16bb000,c15f7600,2,0,0,...) at ipsec4_process_packet+0x2d1 ip_ipsec_output(c5d996fc,0,c5d99708,c5d996dc,c5d99704,...) at ip_ipsec_output+0x145 ip_output(c16bb000,0,c5d996c0,2,0,...) at ip_output+0x2e4 ipsec_process_done(c16bb000,c15f7580,0,c19c3848,46c,...) at ipsec_process_done+0x1fe ah_output_cb(c17164b0,c5d998dc,c16bb054,c,2c,c5d9980c,c5d998dc,c1715d80) at ah_output_cb+0x196 crypto_done(c17164b0,20,0,c5d998e8,c5d998dc,...) at crypto_done+0xf6 swcr_process(c0fc0480,c17164b0,0,c16bb000,3,...) at swcr_process+0x59 crypto_invoke(1,a,c19c3834,14,c19c3980,...) at crypto_invoke+0x67 crypto_dispatch(c17164b0,1,0,c5d999e4,2,...) at crypto_dispatch+0xe2 ah_output(c16bb000,c15f7580,0,14,9,...) at ah_output+0x529 ipsec4_process_packet(c10de800,c15f7600,0,0,c1512654,...) at ipsec4_process_packet+0x2d1 ip_ipsec_output(c5d99b20,c1512654,c5d99b2c,c5d99b00,c5d99b28,...) at ip_ipsec_output+0x145 ip_output(c10de800,0,c5d99ae4,0,0,...) at ip_output+0x2e4 udp_send(c1699340,0,c10de800,c17cb5d0,0,...) at udp_send+0x4e3 sosend_dgram(c1699340,c17cb5d0,c5d99be8,c10de800,0,...) at sosend_dgram+0x298 kern_sendit(c1124af0,c,c5d99c5c,0,0,...) at kern_sendit+0xcf sendit(0,c17cb5d0,10,c5d99c78,1,...) at sendit+0xda sendto(c1124af0,c5d99cf8,18,c1124af0,c0fdfaf0,...) at sendto+0x48 syscall(c5d99d38) at syscall+0x17b Xint0x80_syscall() at Xint0x80_syscall+0x20 --- syscall (133, FreeBSD ELF32, sendto), eip = 0x281611df, esp = 0xbfbe28fc, ebp = 0xbfbfc528 --- KDB: enter: panic [thread pid 1409 tid 100058 ] Stopped at kdb_enter_why+0x3b: movl $0,kdb_why How-To-Repeat: Run ipsec on a slower embedded system and wait a bit. This is happening on a system exchanging ipv4 packets with ah+esp.
Responsible Changed From-To: freebsd-bugs->freebsd-net Over to maintainer(s).
For bugs matching the following criteria: Status: In Progress Changed: (is less than) 2014-06-01 Reset to default assignee and clear in-progress tags. Mail being skipped
The code behind this ancient but is no longer in use.