[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

OpenBSD3.0 bug



CPU: AMD Model4(ThunderBird) 686-class 1GHZ, 64MB RAM
Motherboard: AM75-TC
NICS: SMC Epic100
PowerCrypt

Source code retrieved from CVS, 11/13/01 2:30pm EST (OpenBSD3.0)
#export CVSROOT=:pserver:anoncvs_(_at_)_anoncvs_(_dot_)_ca_(_dot_)_openbsd_(_dot_)_org:/cvs
#cvs get sys
Compile is OK. Machine boot fine with new OpenBSD3.0 kernel. Command dmesg yields:

OpenBSD 3.0-current (GENERIC) #0: Tue Nov 13 10:14:41 EST 2001
    root_(_at_)_tom3bsd:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: AMD Athlon Model 4 (Thunderbird) ("AuthenticAMD" 686-class) 1 GHz
cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,SYS,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR
real mem  = 58241024 (56876K)
avail mem = 48578560 (47440K)
using 736 buffers containing 3014656 bytes (2944K) of memory
mainbus0 (root)
bios0 at mainbus0: AT/286+(93) BIOS, date 07/09/01, BIOS32 rev. 0 @ 0xfb360
apm0 at bios0: Power Management spec V1.2
apm0: AC on, battery charge unknown
pcibios0 at bios0: rev. 2.1 @ 0xf0000/0xdde4
pcibios0: PCI IRQ Routing Table rev. 1.0 @ 0xfdd50/144 (7 entries)
pcibios0: PCI Exclusive IRQs: 10 11 15
pcibios0: PCI Interrupt Router at 000:07:0 ("VIA VT82C596A PCI-ISA" rev 0x00)
pcibios0: PCI bus #1 is the last bus
bios0: ROM list: 0xc0000/0xc000
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 "VIA VT8363 Host" rev 0x81
ppb0 at pci0 dev 1 function 0 "VIA VT8363 PCI-AGP" rev 0x00
pci1 at ppb0 bus 1
vga1 at pci1 dev 0 function 0 vendor "S3", unknown product 0x8a26 rev 0x03
wsdisplay0 at vga1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
pcib0 at pci0 dev 7 function 0 "VIA VT82C686 PCI-ISA" rev 0x40
pciide0 at pci0 dev 7 function 1 "VIA VT82C571 IDE" rev 0x06: ATA100, channel 0 configured to compatibility, channel 1 
configured to compatibility
wd0 at pciide0 channel 0 drive 0: <Seagate Technology 1275MB - ST31276A>
wd0: 16-sector PIO, LBA, 1221MB, 2482 cyl, 16 head, 63 sec, 2502308 sectors
wd0(pciide0:0:0): using PIO mode 4, DMA mode 2
pciide0: channel 1 ignored (disabled)
"VIA VT82C686 SMBus" rev 0x40 at pci0 dev 7 function 4 not configured
tx0 at pci0 dev 11 function 0 "SMC 83C170 (EPIC/100)" rev 0x08: irq 11 address 00:e0:29:37:37:19
qsphy0 at tx0 phy 3: QS6612 10/100 media interface, rev. 1
hifn0 at pci0 dev 13 function 0 "Hifn 7751" rev 0x01: 3DES, 512KB sram, irq 10
tx1 at pci0 dev 18 function 0 "SMC 83C170 (EPIC/100)" rev 0x08: irq 15 address 00:e0:29:37:37:1e
qsphy1 at tx1 phy 3: QS6612 10/100 media interface, rev. 1
isa0 at pcib0
isadma0 at isa0
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pcppi0 at isa0 port 0x61
midi0 at pcppi0: <PC speaker>
sysbeep0 at pcppi0
lpt0 at isa0 port 0x378/4 irq 7
npx0 at isa0 port 0xf0/16: using exception 16
pccom1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo
fdc0 at isa0 port 0x3f0/6 irq 6 drq 2
biomask 4040 netmask cc40 ttymask ccc2
pctr: user-level cycle counter enabled
mtrr: Pentium Pro MTRR support
dkcsum: wd0 matched BIOS disk 80
root on wd0a
rootdev=0x0 rrootdev=0x300 rawdev=0x302


Testing setup:     A ------- B ------ C
Machine A and B acting as gateways. IPSEC tunel between A and B.
IPSEC use 3DES (Accelerator PowerCrypt)
A has 2 nics and so has 2 IP addresses. Let say private is 10.5.5.1, public is 38.218.28.160
B has 2 nics and so has 2 IP addresses. Let say private is 10.6.6.1, public is 38.218.28.135
C is a client machine has IP address 10.6.6.6, B is C default gateway.

The /etc/isakmpd/isakmpd.conf looks like:
###########
# I'm Host A, 38.218.28.160

[Phase 1]
Default=        HostB

[Phase 2]
Connections=    HostA-HostB

[HostB]
Phase=          1
Transport=      udp
Address=        38.218.28.135
Configuration=  Default-main-mode
Authentication= tomnguyen

[HostA-HostB]
Phase=          2
ISAKMP-peer=    HostB
Configuration=  Default-quick-mode
Local-ID=       Net-A
Remote-ID=      Net-B

[Net-A]
ID-type=        IPV4_ADDR_SUBNET
Network=        10.5.5.0
Netmask=        255.255.255.0

[Net-B]
ID-type=        IPV4_ADDR_SUBNET
Network=        10.6.6.0
Netmask=        255.255.255.0

[Default-main-mode]
DOI=            IPSEC
EXCHANGE_TYPE=  ID_PROT
Transforms=     3DES-SHA

[Default-quick-mode]
DOI=            IPSEC
EXCHANGE_TYPE=  QUICK_MODE
Suites=         QM-ESP-3DES-SHA-PFS-SUITE


>From C, run ping to the private address of A (through IPSEC tunnel), it works fine.
#ping 10.5.5.1
>From C, run ftp to the private address of A (through IPSEC tunnel).
#ftp 10.5.5.1
Get connect, then try to get some big files.
Machine A crashed. I can repeat the 3 crashes on a row and got different panics:

1. Panic: pool_get: mbpl: nmissing inconsistent
   ddb> trace
   _Debuger(..)
   _Panic(...)
   _ pool_get(...)
  _m_prepend(...)
  _ether_output(...)
  _ip_output(...)
  _ip_forward(...)
  _ipv4_input(...)
  _ipintr(...)
Bad frame pointer

2. pool_get: mbpl: curpage NULL, nitems 27
	Panic: pool_get: nitems inconsistent
   ddb>trace
  _Debugger(...)
  _panic(...)
  _pool_get(...)
  _m_pullup(...)
  _ip_forward(...)
  _ipv4_input(...)
  _ipintr(...)
Bad frame pointer

3. Panic: pool_get(mbpt): free list modified: magic=0; page 0xe073e000; item addr 0xe073e800
    ddb> trace
  _Debugger(...)
  _panic(...)
  _pool_get(...)
  _m_pullup(...)
  _ip_forward(...)
  _ipv4_input(...)
  _ipintr(...)
Bad frame pointer


Thank you,
Tom Nguyen