NetBSD Problem Report #52304
From dmb@yenn.ulegend.net Fri Jun 16 22:38:25 2017
Return-Path: <dmb@yenn.ulegend.net>
Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(Client CN "mail.netbsd.org", Issuer "Postmaster NetBSD.org" (verified OK))
by mollari.NetBSD.org (Postfix) with ESMTPS id 0EFFC7A172
for <gnats-bugs@gnats.NetBSD.org>; Fri, 16 Jun 2017 22:38:25 +0000 (UTC)
Message-Id: <20170616223819.696265DE8@yenn.ulegend.net>
Date: Fri, 16 Jun 2017 22:38:19 +0000 (UTC)
From: dmb@yenn.ulegend.net
Reply-To: dmb@yenn.ulegend.net
To: gnats-bugs@NetBSD.org
Subject: NetBSD 8.0_BETA diagnostic assertion in ipsec codepath
X-Send-Pr-Version: 3.95
>Number: 52304
>Category: kern
>Synopsis: 8.0_BETA panics on ipsec traffic
>Confidential: no
>Severity: serious
>Priority: high
>Responsible: kern-bug-people
>State: closed
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Fri Jun 16 22:40:00 +0000 2017
>Closed-Date: Thu Jun 22 03:44:40 +0000 2017
>Last-Modified: Thu Jun 22 03:44:40 +0000 2017
>Originator: Dominik Bialy
>Release: NetBSD 8.0_BETA
>Organization:
Underlegend Networks
>Environment:
System: NetBSD yenn 8.0_BETA NetBSD 8.0_BETA (YENN) #2: Thu Jun 15 05:53:36 UTC 2017 builds@yenn:/var/obj/sys/arch/amd64/compile/YENN amd64
Architecture: x86_64
Machine: amd64
>Description:
The machine couldn't survive more than a few minutes of exposing on the internet.
I found that the cause was the ipsec traffic.
Here's a picture of ddb running (forgot "bt", sorry):
https://www.dropbox.com/s/jxtktcs69ou7pxz/20170615_150358.jpg?dl=0
sys/netinet/tcp_input.c, line 1838
>How-To-Repeat:
Use ipsec on 8 BETA? Or maybe use NetBSD 6 configs for ipsec on NetBSD 8.
>Fix:
No idea. Don't start ipsec to mitigate the bug.
>Release-Note:
>Audit-Trail:
From: christos@zoulas.com (Christos Zoulas)
To: gnats-bugs@NetBSD.org, kern-bug-people@netbsd.org,
gnats-admin@netbsd.org, netbsd-bugs@netbsd.org
Cc:
Subject: Re: kern/52304: NetBSD 8.0_BETA diagnostic assertion in ipsec codepath
Date: Fri, 16 Jun 2017 19:03:20 -0400
On Jun 16, 10:40pm, dmb@yenn.ulegend.net (dmb@yenn.ulegend.net) wrote:
-- Subject: kern/52304: NetBSD 8.0_BETA diagnostic assertion in ipsec codepat
| >Number: 52304
| >Category: kern
| >Synopsis: 8.0_BETA panics on ipsec traffic
| >Confidential: yes
| >Severity: serious
| >Priority: high
| >Responsible: kern-bug-people
| >State: open
| >Class: sw-bug
| >Submitter-Id: net
| >Arrival-Date: Fri Jun 16 22:40:00 +0000 2017
| >Originator: Dominik Bialy
| >Release: NetBSD 8.0_BETA
| >Organization:
| Underlegend Networks
| >Environment:
| System: NetBSD yenn 8.0_BETA NetBSD 8.0_BETA (YENN) #2: Thu Jun 15 05:53:36 UTC 2017 builds@yenn:/var/obj/sys/arch/amd64/compile/YENN amd64
| Architecture: x86_64
| Machine: amd64
| >Description:
| The machine couldn't survive more than a few minutes of exposing on the internet.
| I found that the cause was the ipsec traffic.
|
| Here's a picture of ddb running (forgot "bt", sorry):
|
| https://www.dropbox.com/s/jxtktcs69ou7pxz/20170615_150358.jpg?dl=0
|
| sys/netinet/tcp_input.c, line 1838
|
| >How-To-Repeat:
| Use ipsec on 8 BETA? Or maybe use NetBSD 6 configs for ipsec on NetBSD 8.
| >Fix:
| No idea. Don't start ipsec to mitigate the bug.
inp is probably NULL; can you please amend the assert not to fire if
inp == NULL?
christos
From: Dominik Bialy <dmb@yenn.ulegend.net>
To: gnats-bugs@NetBSD.org
Cc: kern-bug-people@netbsd.org, gnats-admin@netbsd.org,
netbsd-bugs@netbsd.org, dmb@yenn.ulegend.net
Subject: Re: kern/52304: NetBSD 8.0_BETA diagnostic assertion in ipsec
codepath
Date: Sat, 17 Jun 2017 10:25:33 +0200
On Fri, Jun 16, 2017 at 11:05:01PM +0000, Christos Zoulas wrote:
> The following reply was made to PR kern/52304; it has been noted by GNATS.
>
> From: christos@zoulas.com (Christos Zoulas)
> To: gnats-bugs@NetBSD.org, kern-bug-people@netbsd.org,
> gnats-admin@netbsd.org, netbsd-bugs@netbsd.org
> Cc:
> Subject: Re: kern/52304: NetBSD 8.0_BETA diagnostic assertion in ipsec codepath
> Date: Fri, 16 Jun 2017 19:03:20 -0400
>
> On Jun 16, 10:40pm, dmb@yenn.ulegend.net (dmb@yenn.ulegend.net) wrote:
> -- Subject: kern/52304: NetBSD 8.0_BETA diagnostic assertion in ipsec codepat
>
> | >Number: 52304
> | >Category: kern
> | >Synopsis: 8.0_BETA panics on ipsec traffic
> | >Confidential: yes
> | >Severity: serious
> | >Priority: high
> | >Responsible: kern-bug-people
> | >State: open
> | >Class: sw-bug
> | >Submitter-Id: net
> | >Arrival-Date: Fri Jun 16 22:40:00 +0000 2017
> | >Originator: Dominik Bialy
> | >Release: NetBSD 8.0_BETA
> | >Organization:
> | Underlegend Networks
> | >Environment:
> | System: NetBSD yenn 8.0_BETA NetBSD 8.0_BETA (YENN) #2: Thu Jun 15 05:53:36 UTC 2017 builds@yenn:/var/obj/sys/arch/amd64/compile/YENN amd64
> | Architecture: x86_64
> | Machine: amd64
> | >Description:
> | The machine couldn't survive more than a few minutes of exposing on the internet.
> | I found that the cause was the ipsec traffic.
> |
> | Here's a picture of ddb running (forgot "bt", sorry):
> |
> | https://www.dropbox.com/s/jxtktcs69ou7pxz/20170615_150358.jpg?dl=0
> |
> | sys/netinet/tcp_input.c, line 1838
> |
> | >How-To-Repeat:
> | Use ipsec on 8 BETA? Or maybe use NetBSD 6 configs for ipsec on NetBSD 8.
> | >Fix:
> | No idea. Don't start ipsec to mitigate the bug.
>
> inp is probably NULL; can you please amend the assert not to fire if
> inp == NULL?
>
> christos
>
Thank you for your reply, Christos -- this machine is pretty much
"production", so I can't restart for now...
Dominik
From: "Ryota Ozaki" <ozaki-r@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/52304 CVS commit: src/sys/netinet
Date: Mon, 19 Jun 2017 10:04:23 +0000
Module Name: src
Committed By: ozaki-r
Date: Mon Jun 19 10:04:23 UTC 2017
Modified Files:
src/sys/netinet: tcp_input.c
Log Message:
Fix KASSERT in tcp_input
inp can be NULL when receiving an IPv4 packet on an IPv4-mapped IPv6
address. In that case KASSERT(sotoinpcb(so) == inp) always fails.
Should fix PR kern/52304 (at least it fixes the same panic as the
report)
To generate a diff of this commit:
cvs rdiff -u -r1.357 -r1.358 src/sys/netinet/tcp_input.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
From: "Ryota Ozaki" <ozaki-r@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/52304 CVS commit: src/tests/net/ipsec
Date: Mon, 19 Jun 2017 10:05:04 +0000
Module Name: src
Committed By: ozaki-r
Date: Mon Jun 19 10:05:04 UTC 2017
Modified Files:
src/tests/net/ipsec: t_ipsec_misc.sh
Log Message:
Add test cases of TCP/IPsec on an IPv4-mapped IPv6 address
It reproduces the same panic reported in PR kern/52304
(but not sure that its cause is also same).
To generate a diff of this commit:
cvs rdiff -u -r1.6 -r1.7 src/tests/net/ipsec/t_ipsec_misc.sh
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
State-Changed-From-To: open->feedback
State-Changed-By: ozaki-r@NetBSD.org
State-Changed-When: Mon, 19 Jun 2017 10:15:14 +0000
State-Changed-Why:
A possible fix has been committed. Could you test the fix?
Or do you use IPv4-mapped IPv6 addresses? If so, the fix is probably correct
because I reproduced the same panic with a setup with an IPv4-mapped IPv6 address.
From: Dominik Bialy <dmb@yenn.ulegend.net>
To: gnats-bugs@NetBSD.org
Cc: kern-bug-people@netbsd.org, netbsd-bugs@netbsd.org,
gnats-admin@netbsd.org, ozaki-r@NetBSD.org, dmb@yenn.ulegend.net
Subject: Re: kern/52304 (8.0_BETA panics on ipsec traffic)
Date: Tue, 20 Jun 2017 07:41:26 +0200
On Mon, Jun 19, 2017 at 10:15:14AM +0000, ozaki-r@NetBSD.org wrote:
> Synopsis: 8.0_BETA panics on ipsec traffic
>
> State-Changed-From-To: open->feedback
> State-Changed-By: ozaki-r@NetBSD.org
> State-Changed-When: Mon, 19 Jun 2017 10:15:14 +0000
> State-Changed-Why:
> A possible fix has been committed. Could you test the fix?
> Or do you use IPv4-mapped IPv6 addresses? If so, the fix is probably correct
> because I reproduced the same panic with a setup with an IPv4-mapped IPv6 address.
>
It is fixed now, thanks!
(I'm only using IPv6 mapped IPv4 addresses and I'm haiving issues,
but it's probably unrelated -- I sent another PR for this issue.
And it doesn't cause panics here.)
From: Ryota Ozaki <ozaki-r@netbsd.org>
To: dmb@yenn.ulegend.net
Cc: "gnats-bugs@NetBSD.org" <gnats-bugs@netbsd.org>, kern-bug-people@netbsd.org,
netbsd-bugs@netbsd.org, gnats-admin@netbsd.org
Subject: Re: kern/52304 (8.0_BETA panics on ipsec traffic)
Date: Tue, 20 Jun 2017 15:36:30 +0900
On Tue, Jun 20, 2017 at 2:41 PM, Dominik Bialy <dmb@yenn.ulegend.net> wrote:
> On Mon, Jun 19, 2017 at 10:15:14AM +0000, ozaki-r@NetBSD.org wrote:
>> Synopsis: 8.0_BETA panics on ipsec traffic
>>
>> State-Changed-From-To: open->feedback
>> State-Changed-By: ozaki-r@NetBSD.org
>> State-Changed-When: Mon, 19 Jun 2017 10:15:14 +0000
>> State-Changed-Why:
>> A possible fix has been committed. Could you test the fix?
>> Or do you use IPv4-mapped IPv6 addresses? If so, the fix is probably correct
>> because I reproduced the same panic with a setup with an IPv4-mapped IPv6 address.
>>
> It is fixed now, thanks!
Good :)
>
> (I'm only using IPv6 mapped IPv4 addresses and I'm haiving issues,
> but it's probably unrelated -- I sent another PR for this issue.
> And it doesn't cause panics here.)
It that PR 52313?
ozaki-r
State-Changed-From-To: feedback->pending-pullups
State-Changed-By: ozaki-r@NetBSD.org
State-Changed-When: Tue, 20 Jun 2017 06:46:02 +0000
State-Changed-Why:
The reporter confirmed.
pullup-8 #51
From: Dominik Bialy <dmb@yenn.ulegend.net>
To: gnats-bugs@NetBSD.org
Cc: kern-bug-people@netbsd.org, gnats-admin@netbsd.org,
netbsd-bugs@netbsd.org, dmb@yenn.ulegend.net,
Ryota Ozaki <ozaki-r@netbsd.org>
Subject: Re: kern/52304 (8.0_BETA panics on ipsec traffic)
Date: Tue, 20 Jun 2017 09:14:43 +0200
On Tue, Jun 20, 2017 at 06:40:00AM +0000, Ryota Ozaki wrote:
> The following reply was made to PR kern/52304; it has been noted by GNATS.
>
> From: Ryota Ozaki <ozaki-r@netbsd.org>
> To: dmb@yenn.ulegend.net
> Cc: "gnats-bugs@NetBSD.org" <gnats-bugs@netbsd.org>, kern-bug-people@netbsd.org,
> netbsd-bugs@netbsd.org, gnats-admin@netbsd.org
> Subject: Re: kern/52304 (8.0_BETA panics on ipsec traffic)
> Date: Tue, 20 Jun 2017 15:36:30 +0900
>
> On Tue, Jun 20, 2017 at 2:41 PM, Dominik Bialy <dmb@yenn.ulegend.net> wrote:
> > On Mon, Jun 19, 2017 at 10:15:14AM +0000, ozaki-r@NetBSD.org wrote:
> >> Synopsis: 8.0_BETA panics on ipsec traffic
> >>
> >> State-Changed-From-To: open->feedback
> >> State-Changed-By: ozaki-r@NetBSD.org
> >> State-Changed-When: Mon, 19 Jun 2017 10:15:14 +0000
> >> State-Changed-Why:
> >> A possible fix has been committed. Could you test the fix?
> >> Or do you use IPv4-mapped IPv6 addresses? If so, the fix is probably correct
> >> because I reproduced the same panic with a setup with an IPv4-mapped IPv6 address.
> >>
> > It is fixed now, thanks!
>
> Good :)
>
> >
> > (I'm only using IPv6 mapped IPv4 addresses and I'm haiving issues,
> > but it's probably unrelated -- I sent another PR for this issue.
> > And it doesn't cause panics here.)
>
> It that PR 52313?
yes
>
> ozaki-r
>
From: "Soren Jacobsen" <snj@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/52304 CVS commit: [netbsd-8] src
Date: Wed, 21 Jun 2017 18:14:34 +0000
Module Name: src
Committed By: snj
Date: Wed Jun 21 18:14:34 UTC 2017
Modified Files:
src/sys/netinet [netbsd-8]: tcp_input.c
src/tests/net/ipsec [netbsd-8]: t_ipsec_misc.sh
Log Message:
Pull up following revision(s) (requested by ozaki-r in ticket #51):
sys/netinet/tcp_input.c: revision 1.358
tests/net/ipsec/t_ipsec_misc.sh: revision 1.7
Fix KASSERT in tcp_input
inp can be NULL when receiving an IPv4 packet on an IPv4-mapped IPv6
address. In that case KASSERT(sotoinpcb(so) == inp) always fails.
Should fix PR kern/52304 (at least it fixes the same panic as the
report)
--
Add test cases of TCP/IPsec on an IPv4-mapped IPv6 address
It reproduces the same panic reported in PR kern/52304
(but not sure that its cause is also same).
To generate a diff of this commit:
cvs rdiff -u -r1.357 -r1.357.4.1 src/sys/netinet/tcp_input.c
cvs rdiff -u -r1.6 -r1.6.2.1 src/tests/net/ipsec/t_ipsec_misc.sh
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
State-Changed-From-To: pending-pullups->closed
State-Changed-By: ozaki-r@NetBSD.org
State-Changed-When: Thu, 22 Jun 2017 03:44:40 +0000
State-Changed-Why:
Pulled up.
>Unformatted:
Soruces from Jun 13, kernel is pretty much GENERIC, with altq and GATEWAY, but it happens on vanilla GENERIC, too
(Contact us)
$NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2014
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.