>Synopsis: panic on octeon when receiving l2tp connection
>Category: kernel
>Environment:
System : OpenBSD 5.8
Details : OpenBSD 5.8-beta (GENERIC) #1: Sun Jun 28 20:14:14 CEST
2015
[email protected]:/usr/src/sys/arch/octeon/compile/GENERIC
Architecture: OpenBSD.octeon
Machine : octeon
>Description:
I set up a l2tp/ipsec server on my edgerouter lite (July 1st 2015 snapshot). I
can connect from Android 5.1.1 but when I connect from Windows 7 I get a kernel
panic.
It seems I can reproduce at will.
Mon Jul 6 10:26:46 EDT 2015
OpenBSD/octeon (routeur.my.domain) (console)
login:
Trap cause = 4 Frame 0x980000041ffcf780
Trap PC 0xffffffff811794b8 RA 0xffffffff81179490 fault 0x9800000008d6a64b
0xffffffff811793f0 (0,0,9800000008d6a600,4c) ra 0xffffffff81179490 sp
0x980000041ffcf8d8, sz 0
0xffffffff811793f0 (0,0,9800000008d6a600,4c) ra 0x0 sp 0x980000041ffcf8d8, sz 0
User-level: pid 16889
stopped on non ddb fault
Stopped at 0xffffffff811794b8: bnezl s5,0xffffffff81179420
0xffffffff811794bc: lhu v0,2(s5)
ddb> show panic
the kernel did not panic
ddb> c
panic: trap
Stopped at 0xffffffff812722e4: jr ra
0xffffffff812722e8: nop
RUN AT LEAST 'trace' AND 'ps' AND INCLUDE OUTPUT WHEN REPORTING THIS PANIC!
DO NOT EVEN BOTHER REPORTING THIS WITHOUT INCLUDING THAT INFORMATION!
ddb> show panic
trap
ddb> trace
0xffffffff812722e0 (3f59ae901229d78d,9001070000000200,200,100000c00000001) ra 0
xffffffff810b2d80 sp 0x980000041ffcf608, sz 0
0xffffffff810b2c34 (3f59ae901229d78d,9001070000000200,200,100000c00000001) ra 0
x0 sp 0x980000041ffcf608, sz 0
User-level: pid 16889
ddb> ps
PID PPID PGRP UID S FLAGS WAIT COMMAND
23365 1 23365 0 3 0x83 ttyin getty
9907 1 9907 0 3 0x80 poll cron
23446 15815 15815 95 3 0x90 kqread smtpd
2608 15815 15815 95 3 0x90 kqread smtpd
22764 15815 15815 95 3 0x90 kqread smtpd
9925 15815 15815 95 3 0x90 kqread smtpd
16573 15815 15815 95 3 0x90 kqread smtpd
8887 15815 15815 103 3 0x90 kqread smtpd
15815 1 15815 0 3 0x80 kqread smtpd
4996 21194 21194 77 3 0x90 poll dhcpd
21194 1 21194 77 3 0x90 poll dhcpd
6671 1 6671 0 3 0x80 select sshd
13072 10658 13072 0 3 0x80 netio npppd
10658 1 10658 82 3 0x90 kqread npppd
22730 16180 16180 68 3 0x90 select isakmpd
16180 1 16180 0 3 0x80 netio isakmpd
611 22801 20278 83 3 0x90 poll ntpd
22801 20278 20278 83 3 0x90 poll ntpd
20278 1 20278 0 3 0x80 poll ntpd
23196 1 23196 53 3 0x90 kqread unbound
11852 28842 28842 74 3 0x90 bpf pflogd
28842 1 28842 0 3 0x80 netio pflogd
1435 22924 22924 73 2 0x90 syslogd
22924 1 22924 0 3 0x80 netio syslogd
25754 1 25754 77 3 0x90 poll dhclient
22230 1 22230 0 3 0x80 poll dhclient
22249 0 0 0 3 0x14200 pgzero zerothread
29325 0 0 0 3 0x14200 aiodoned aiodoned
15154 0 0 0 3 0x14200 syncer update
24050 0 0 0 3 0x14200 cleaner cleaner
19213 0 0 0 3 0x14200 reaper reaper
9934 0 0 0 3 0x14200 pgdaemon pagedaemon
*16889 0 0 0 7 0x14200 crypto
31830 0 0 0 3 0x14200 pftm pfpurge
15242 0 0 0 3 0x14200 usbtsk usbtask
15209 0 0 0 3 0x14200 usbatsk usbatsk
12639 0 0 0 3 0x14200 bored dwc2
18369 0 0 0 3 0x14200 bored softnet
12695 0 0 0 3 0x14200 bored systqmp
5766 0 0 0 3 0x14200 bored systq
13631 0 0 0 3 0x40014200 idle0
1 0 1 0 3 0x82 wait init
0 -1 0 0 3 0x10200 scheduler swapper
ddb> show registers
at 0xffffffff81360000
v0 0x1
v1 0x1
a0 0x3f59ae901229d78d
a1 0x9001070000000200
a2 0x200
a3 0x100000c00000001
a4 0x3fd8
a5 0xffffffff8137e6b0
a6 0
a7 0xc1331986b8c60620
t0 0xffffffff813eed60
t1 0
t2 0
t3 0xffffffff8b5a9aba
s0 0x980000041ffcf640
s1 0xffffffff812fe340
s2 0x100
s3 0xffffffff813ee010
s4 0x14
s5 0x980000000fee9758
s6 0x4
s7 0x9
t8 0xffffffffa99db6d1
t9 0xffffffff812c9518
k0 0x980000000fee9758
k1 0x4
gp 0xffffffff8135f950
sp 0x980000041ffcf608
s8 0
ra 0xffffffff810b2d80
sr 0x500087e2
lo 0x1f4
hi 0
bad 0x9800000008d6a64b
cs 0x40008424
pc 0xffffffff812722e4
0xffffffff812722e4: jr ra
0xffffffff812722e8: nop
>How-To-Repeat:
ipsec.conf:
ext_if=cnmac0
key="<mypsk>"
ike passive esp transport \
proto udp from $ext_if to any port 1701 \
main auth "hmac-sha1" enc "3des" group modp1024 \
quick auth "hmac-sha1" enc "aes" \
psk $key
pf.conf:
pass in on egress proto {ah,esp}
pass in quick on egress proto udp from any to (egress) port {500, 4500, 1701}
pass on enc0 from any to any keep state (if-bound)
pass on pppx0 from any to any keep state (if-bound)
I connect from Windows 7 with the standard config except I choose l2tp and I
set the psk.
dmesg:
OpenBSD 5.8-beta (GENERIC) #1: Sun Jun 28 20:14:14 CEST 2015
[email protected]:/usr/src/sys/arch/octeon/compile/GENERIC
real mem = 515932160 (492MB)
avail mem = 511524864 (487MB)
warning: no entropy supplied by boot loader
mainbus0 at root
cpu0 at mainbus0: Cavium OCTEON CPU rev 0.1 500 MHz, Software FP emulation
cpu0: cache L1-I 32KB 4 way D 8KB 64 way, L2 128KB 8 way
clock0 at mainbus0: int 5
iobus0 at mainbus0
octcf at iobus0 base 0x1d000800 irq 0 not configured
pcibus at iobus0 irq 0 not configured
cn30xxgmx0 at iobus0 base 0x1180008000000 irq 48
cnmac0 at cn30xxgmx0: RGMII, address 04:18:d6:a1:6d:fe
atphy0 at cnmac0 phy 7: F1 10/100/1000 PHY, rev. 2
cnmac1 at cn30xxgmx0: RGMII, address 04:18:d6:a1:6d:ff
atphy1 at cnmac1 phy 6: F1 10/100/1000 PHY, rev. 2
cnmac2 at cn30xxgmx0: RGMII, address 04:18:d6:a1:6e:00
atphy2 at cnmac2 phy 5: F1 10/100/1000 PHY, rev. 2
octrng0 at iobus0 base 0x1400000000000 irq 0
octhci at iobus0 irq 56 not configured
dwctwo0 at iobus0 base 0x1180068000000 irq 56usb0 at dwctwo0: USB revision 2.0
uhub0 at usb0 " DWC2 root hub" rev 2.00/1.00 addr 1
uartbus0 at mainbus0
com0 at uartbus0 base 0x1180000000800 irq 34: ns16550, no working fifo
com0: console
com1 at uartbus0 base 0x1180000000c00 irq 35: ns16550, no working fifo
/dev/ksyms: Symbol table not valid.
umass0 at uhub0 port 1 configuration 1 interface 0 " USB DISK 2.0" rev
2.00/1.00 addr 2
umass0: using SCSI over Bulk-Only
scsibus0 at umass0: 2 targets, initiator 0
sd0 at scsibus0 targ 1 lun 0: <, USB DISK 2.0, PMAP> SCSI4 0/direct removable
serial.13fe41004983C3C44F82
sd0: 3824MB, 512 bytes/sector, 7831552 sectors
vscsi0 at root
scsibus1 at vscsi0: 256 targets
softraid0 at root
scsibus2 at softraid0: 256 targets
boot device: sd0
root on sd0a (d2254a60106318f1.a) swap on sd0b dump on sd0b
WARNING: / was not properly unmounted
WARNING: No TOD clock, believing file system.
WARNING: CHECK AND RESET THE DATE!
cnmac0: a reception error occured, the packet was dropped (error code = 13)
usbdevs:
Controller /dev/usb0:
addr 1: high speed, self powered, config 1, DWC2 root hub(0x0000), (0x0000),
rev 1.00
port 1 addr 2: high speed, power 200 mA, config 1, USB DISK 2.0(0x4100),
(0x13fe), rev 1.00, iSerialNumber 07084983C3C44F82
