Subject: kern/35318: Crash during network usage (ipsec + routing)
To: None <kern-bug-people@netbsd.org, gnats-admin@netbsd.org,>
From: None <nbsd@hck.sk>
List: netbsd-bugs
Date: 12/25/2006 13:45:01
>Number: 35318
>Category: kern
>Synopsis: Crash during network usage (ipsec + routing)
>Confidential: no
>Severity: critical
>Priority: high
>Responsible: kern-bug-people
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Mon Dec 25 13:45:00 +0000 2006
>Originator: Juraj Hercek
>Release: NetBSD-current
>Organization:
>Environment:
NetBSD elf 4.99.7 NetBSD 4.99.7 (XEN3_DOMU_CUSTOM) #0: Mon Dec 25 12:43:27 CET 2006 nbsd@core:/home/nbsd/work/netbsd/obj/sys/arch/i386/compile/XEN3_DOMU_CUSTOM i386
>Description:
The crash occurs during extensive network operation on XEN3 DomU server. The testing machine is used mainly as a router with IPSec/dhcp capability.
The problem seems to occur when more sources tries to communicate, mainly when using ipsec on wireless connection (which is quite buggy).
Here are some back traces from ddb:
The crash occured with kernel build on 2006-12-25 (4.99.7):
--------------------------------------------------------------------
panic: kernel diagnostic assertion "ro->ro_rt != NULL" failed: file "/home/bsd/work/netbsd/src/sys/netinet/in_route.c"
Stopped in pid 334.1 (dhcpd) at netbsd:cpu_Debugger+0x4: popl %ebp
db> bt
cpu_Debugger(c046b9b2,cb415798,c0a4a004,c04ecb20,5) at netbsd:cpu_Debugger+0x4
panic(c0498658,c0459e00,c0459f41,c047037c,8b) at netbsd:panic+0x155
__assert(c0459e00,c047037c,8b,c0459f41,c0a4a004) at netbsd:__assert+0x2e
in_rtflushall(2,c0a4a004,cb4158c4,c0a4a004,c0c73df4) at netbsd:in_rtflushall+0xf
5
rtrequest1(b,cb4158c4,cb41596c,0,cb4158c4) at netbsd:rtrequest1+0x4ba
rtrequest(b,c0a44ce4,0,0,0) at netbsd:rtrequest+0x4b
rtalloc1(c0a44ce4,1,3d00,ca70b940,cb3d6b80) at netbsd:rtalloc1+0x165
rtcache_init(c0a44ce0,afe00335,c0a44c70,89826d80,ca70b940) at netbsd:rtcache_ini
t+0x1e
ip_output(c0c75900,0,c0a44ce0,24,0) at netbsd:ip_output+0xdb7
rip_output(c0c75900,c0a44cb0,c0c759e4,c0c7a400,c0c75900) at netbsd:rip_output+0x
191
rip_usrreq(c0a43438,9,c0c75900,c0c7a400,0) at netbsd:rip_usrreq+0x3e5
sosend(c0a43438,c0c7a400,cb415b98,c0c75900,0) at netbsd:sosend+0x4c9
sendit(ca70b8ac,4,cb415bf8,0,cb415c68) at netbsd:sendit+0x205
sys_sendto(ca70b8ac,cb415c48,cb415c68,3ab45,11) at netbsd:sys_sendto+0x62
syscall_plain() at netbsd:syscall_plain+0xb3
--- syscall (number 133) ---
0xbbba009b:
Similar crash occured also with kernel build on 2006-12-17 (4.99.6):
--------------------------------------------------------------------
panic: kernel diagnostic assertion "ro->ro_dst.sa_family == AF_INET" failed: file "/home/bsd/work/netbsd/src/sys/netin
db> Stopped at netbsd:cpu_Debugger+0x4: popl %ebp
db> bt
cpu_Debugger(c046b805,ca6bec78,34636465,ca6bedc4,5) at netbsd:cpu_Debugger+0x4
panic(c04984ac,c0459c40,c04701b0,c04701d0,75) at netbsd:panic+0x155
__assert(c0459c40,c04701d0,75,c04701b0,0) at netbsd:__assert+0x2e
in_rtflush(ca6bedb4,c0c74cd0,ca6beccc,c03c7921,c0a4a08c) at netbsd:in_rtflush+0x
50
in_rtflushall(2,c0a4a08c,ca6bedc4,c0a4a08c,5ca) at netbsd:in_rtflushall+0x42
rtrequest1(b,ca6bedc4,ca6bee6c,201a8c0,0) at netbsd:rtrequest1+0x4ba
rtrequest(b,c04ccf78,0,0,0) at netbsd:rtrequest+0x4b
rtalloc1(4ccf78c0,1c0,6bee9c00,3c8d08ca,4ccf74c0) at netbsd:rtalloc1+0x165
* There were much more crashes, but I don't have stack trace from them.
* The problem didn't occur with kernel build on 2006-11-25
>How-To-Repeat:
Start to communicate more extensively using IPSec. I was told that the crash occured also when IPSec wasn't in use (racoon IKE daemon was stopped), but only once and (unfortunately) there is no stack trace from this one.
>Fix: