crash in /usr/src/sys/netinet/raw_ip.c

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

crash in /usr/src/sys/netinet/raw_ip.c

viq .
>Synopsis: crash: kernel diagnostic assertion "divert != NULL" failed: file "/usr/src/sys/netinet/raw_ip.c", line 138
>Category: system
>Environment:
        System      : OpenBSD 6.2
        Details     : OpenBSD 6.2-current (GENERIC) #259: Fri Dec  8 11:18:24 MST 2017
                         [hidden email]:/usr/src/sys/arch/amd64/compile/GENERIC

        Architecture: OpenBSD.amd64
        Machine     : amd64
>Description:
VM on KVM, external interface bridged, acts as firewall for other machines behind it.
System randomly (?) crashes, with following information:
panic: kernel diagnostic assertion "divert != NULL" failed: file "/usr/src/sys/netinet/raw_ip.c", line 138
Stopped at      db_enter+0x5:   popq    %rbp
    TID    PID    UID     PRFLAGS     PFLAGS  CPU  COMMAND
*293214  26218      0     0x14000      0x200    0  softnet
db_enter() at db_enter+0x5
panic() at panic+0x129
__assert(ffffffff81047844,ffff800014a508c0,ffffff001710c01a,ffffff001f623800) a
t __assert+0x24
rip_input(ffffff001710c01a,ffffff001f623800,ffffff001710c02e,30) at rip_input+0
x328
icmp_input_if(1,2,ffff800014a50a6c,ffff800014a50a70,ffff800000067290) at icmp_i
nput_if+0x111
icmp_input(2,ffffffff818e8070,2,1) at icmp_input+0x42
ip_deliver(ffff800014a50a6c,ffff800014a50a70,ffff800000019040,ffff800014a50ac0)
 at ip_deliver+0x17e
ipintr() at ipintr+0x5a
if_netisr(ffffffff814fad50) at if_netisr+0x44
taskq_thread(0) at taskq_thread+0x57
end trace frame: 0x0, count: 5
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports.  Insufficient info makes it difficult to find and fix bugs.
ddb> trace
db_enter() at db_enter+0x5
panic() at panic+0x129
__assert(ffffffff81047844,ffff800014a508c0,ffffff001710c01a,ffffff001f623800) a
t __assert+0x24
rip_input(ffffff001710c01a,ffffff001f623800,ffffff001710c02e,30) at rip_input+0
x328
icmp_input_if(1,2,ffff800014a50a6c,ffff800014a50a70,ffff800000067290) at icmp_i
nput_if+0x111
icmp_input(2,ffffffff818e8070,2,1) at icmp_input+0x42
ip_deliver(ffff800014a50a6c,ffff800014a50a70,ffff800000019040,ffff800014a50ac0)
 at ip_deliver+0x17e
ipintr() at ipintr+0x5a
if_netisr(ffffffff814fad50) at if_netisr+0x44
taskq_thread(0) at taskq_thread+0x57
end trace frame: 0x0, count: -10
ddb> ps                                                                                                                                                                                                                               [30/785]
   PID     TID   PPID    UID  S       FLAGS  WAIT          COMMAND
  1727  151402  86564     83  3    0x100092  poll          ntpd
 86564   82728  42707     83  3    0x100092  poll          ntpd
 42707  188088      1      0  3    0x100080  poll          ntpd
 32747   17696      1      0  3    0x100083  ttyin         getty
   893  386485      1      0  3    0x100098  poll          cron
 67530  487548      1    773  3        0x83  thrsleep      consul
 67530  433087      1    773  3   0x4000083  thrsleep      consul
 67530    1684      1    773  3   0x4000083  thrsleep      consul
 67530  429894      1    773  3   0x4000083  thrsleep      consul
 67530  219669      1    773  3   0x4000083  thrsleep      consul
 67530  240269      1    773  3   0x4000083  kqread        consul
   774   88125      1    658  3        0x80  nanosleep     vnstatd
 32357   95382  39423      0  3    0x200080  piperd        python2.7
 39423  108152      1      0  3    0x200080  poll          python2.7
 39423  354156      1      0  3   0x4200080  kqread        python2.7
 39423  358683      1      0  3   0x4200080  kqread        python2.7
 19540   72757  96579   1000  3    0x100083  kqread        tail
  3380  117898  96579   1000  3    0x100083  kqread        tail
 96579  142504  16204   1000  3        0x83  select        multitail
 67247  204104  41910      0  3        0x83  poll          systat
   550  426426  49130   1000  3    0x100083  poll          top
 80269  426092  21847   1000  3    0x100083  ttyin         ksh
 16204  328903  21847   1000  3    0x10008b  pause         ksh
 41910   55318  21847   1000  3    0x10008b  pause         ksh
 49130   69039  21847   1000  3    0x10008b  pause         ksh
 21847  433056      1   1000  3    0x100080  kqread        tmux
 70828   30525  26313   1000  3    0x100083  kqread        tmux
 26313  434770  72270   1000  3    0x10008b  pause         ksh
 75352  458458  26320   1000  3        0x90  select        sshd
 72270  496152  66347   1000  3        0x90  select        sshd
 26320  457744  37345      0  3        0x92  poll          sshd
 66347  300654  37345      0  3        0x92  poll          sshd
 40870  458835      1     99  3    0x100090  poll          sndiod
 12352  112348      1    110  3    0x100090  poll          sndiod
 16711  423869      1     62  3    0x100090  bpf           spamlogd
 18629  480970  65787     62  3    0x100090  piperd        spamd
 94900  124069  65787     62  3    0x100090  poll          spamd
 65787   80506      1     62  3    0x100090  nanosleep     spamd
 78349  415661  95929     95  3    0x100092  kqread        smtpd
 43165  317529  95929    103  3    0x100092  kqread        smtpd
 70708  438752  95929     95  3    0x100092  kqread        smtpd
 98463  224433  95929     95  3    0x100092  kqread        smtpd
 64246  518155  95929     95  3    0x100092  kqread        smtpd
 26336  105672  95929     95  3    0x100092  kqread        smtpd
 95929  423499      1      0  3    0x100080  kqread        smtpd
 13981  277933      1     77  3    0x100090  poll          dhcpd
 89965  505365  81119     75  3    0x100092  poll          bgpd
 30498  509705  81119     75  3    0x100092  poll          bgpd
 81119  226926      1      0  3        0x80  poll          bgpd
 37345  494297      1      0  3        0x80  select        sshd
 96562  178262  65050    101  3    0x100090  kqread        iked
 37887  431166  65050    101  3    0x100090  kqread        iked
 79445  131291  65050    101  3    0x100090  kqread        iked
 65050  450639      1      0  3    0x100080  kqread        iked
 34956  118088      1     53  3        0x90  kqread        unbound
 79427   87872  76043     74  3    0x100092  bpf           pflogd
 76043  325105      1      0  3        0x80  netio         pflogd
 47812  275897  73829     73  3    0x100090  kqread        syslogd
 73829  313318      1      0  3    0x100082  netio         syslogd
 39661   39937  52711    115  3    0x100092  kqread        slaacd
  5412  177024  52711    115  3    0x100092  kqread        slaacd
 52711  340990      1      0  3        0x80  kqread        slaacd
  8794   73563      0      0  3     0x14200  pgzero        zerothread
 85475   50579      0      0  3     0x14200  aiodoned      aiodoned
 84266  208980      0      0  3     0x14200  syncer        update
 64515  334633      0      0  3     0x14200  cleaner       cleaner
 83715  456462      0      0  3     0x14200  reaper        reaper
 77514  284198      0      0  3     0x14200  pgdaemon      pagedaemon
 23788  335828      0      0  3     0x14200  bored         crynlk
 82932  328832      0      0  3     0x14200  bored         crypto
 37869   38313      0      0  3     0x14200  bored         viomb
 80042  112999      0      0  3     0x14200  usbtsk        usbtask
 21548  170362      0      0  3     0x14200  usbatsk       usbatsk
 70215  279451      0      0  3  0x40014200  acpi0         acpi0
*26218  293214      0      0  7     0x14200                softnet
 25226  493339      0      0  3     0x14200  bored         systqmp
 31043  444066      0      0  3     0x14200  bored         systq
 73743  492389      0      0  3  0x40014200  bored         softclock
 33631  393895      0      0  3  0x40014200                idle0
     1  253140      0      0  3        0x82  wait          init
     0       0     -1      0  3     0x10200  scheduler     swapper
ddb> show panic
kernel diagnostic assertion "divert != NULL" failed: file "/usr/src/sys/netinet
/raw_ip.c", line 138

>How-To-Repeat:
Leave system running
>Fix:


dmesg:
OpenBSD 6.2-current (GENERIC) #259: Fri Dec  8 11:18:24 MST 2017
    [hidden email]:/usr/src/sys/arch/amd64/compile/GENERIC
real mem = 1056804864 (1007MB)
avail mem = 1018019840 (970MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.8 @ 0xf5b80 (9 entries)
bios0: vendor SeaBIOS version "1.11.0-20171110_100015-anatol" date 04/01/2014
bios0: QEMU Standard PC (i440FX + PIIX, 1996)
acpi0 at bios0: rev 0
acpi0: sleep states S5
acpi0: tables DSDT FACP APIC
acpi0: wakeup devices
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee00000: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Common KVM processor, 3392.65 MHz
cpu0: FPU,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,SSE3,CX16,x2APIC,HV,NXE,LONG
cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 512KB 64b/line 16-way L2 cache
cpu0: ITLB 255 4KB entries direct-mapped, 255 4MB entries direct-mapped
cpu0: DTLB 255 4KB entries direct-mapped, 255 4MB entries direct-mapped
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
cpu0: apic clock running at 1000MHz
ioapic0 at mainbus0: apid 0 pa 0xfec00000, version 11, 24 pins
acpiprt0 at acpi0: bus 0 (PCI0)
acpicpu0 at acpi0: C1(@1 halt!)
"ACPI0006" at acpi0 not configured
"PNP0A06" at acpi0 not configured
"PNP0A06" at acpi0 not configured
"PNP0A06" at acpi0 not configured
"QEMU0002" at acpi0 not configured
pvbus0 at mainbus0: KVM
pci0 at mainbus0 bus 0
pchb0 at pci0 dev 0 function 0 "Intel 82441FX" rev 0x02
pcib0 at pci0 dev 1 function 0 "Intel 82371SB ISA" rev 0x00
pciide0 at pci0 dev 1 function 1 "Intel 82371SB IDE" rev 0x00: DMA, channel 0 wired to compatibility, channel 1 wired to compatibility
atapiscsi0 at pciide0 channel 0 drive 0
scsibus1 at atapiscsi0: 2 targets
cd0 at scsibus1 targ 0 lun 0: <QEMU, QEMU DVD-ROM, 2.2.> ATAPI 5/cdrom removable
cd0(pciide0:0:0): using PIO mode 4, DMA mode 2
pciide0: channel 1 disabled (no drives)
piixpm0 at pci0 dev 1 function 3 "Intel 82371AB Power" rev 0x03: apic 0 int 9
iic0 at piixpm0
virtio0 at pci0 dev 3 function 0 "Qumranet Virtio Network" rev 0x00
vio0 at virtio0: address 00:50:56:08:17:6b
virtio0: msix shared
virtio1 at pci0 dev 4 function 0 "Qumranet Virtio Network" rev 0x00
vio1 at virtio1: address 52:54:00:a7:70:b5
virtio1: msix shared
virtio2 at pci0 dev 6 function 0 "Qumranet Virtio Console" rev 0x00
virtio2: no matching child driver; not configured
uhci0 at pci0 dev 7 function 0 "Intel 82801I USB" rev 0x03: apic 0 int 11
uhci1 at pci0 dev 7 function 1 "Intel 82801I USB" rev 0x03: apic 0 int 11
uhci2 at pci0 dev 7 function 2 "Intel 82801I USB" rev 0x03: apic 0 int 10
ehci0 at pci0 dev 7 function 7 "Intel 82801I USB" rev 0x03: apic 0 int 10
usb0 at ehci0: USB revision 2.0
uhub0 at usb0 configuration 1 interface 0 "Intel EHCI root hub" rev 2.00/1.00 addr 1
virtio3 at pci0 dev 8 function 0 "Qumranet Virtio Storage" rev 0x00
vioblk0 at virtio3
scsibus2 at vioblk0: 2 targets
sd0 at scsibus2 targ 0 lun 0: <VirtIO, Block Device, > SCSI3 0/direct fixed
sd0: 10240MB, 512 bytes/sector, 20971520 sectors
virtio3: msix shared
virtio4 at pci0 dev 9 function 0 "Qumranet Virtio Memory" rev 0x00
viomb0 at virtio4
virtio4: apic 0 int 10
virtio5 at pci0 dev 10 function 0 "Qumranet Virtio Network" rev 0x00
vio2 at virtio5: address 52:54:00:11:fe:09
virtio5: msix shared
isa0 at pcib0
isadma0 at isa0
fdc0 at isa0 port 0x3f0/6 irq 6 drq 2
com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
com0: console
pckbc0 at isa0 port 0x60/5 irq 1 irq 12
pckbd0 at pckbc0 (kbd slot)
wskbd0 at pckbd0 mux 1
pms0 at pckbc0 (aux slot)
wsmouse0 at pms0 mux 0
pcppi0 at isa0 port 0x61
spkr0 at pcppi0
usb1 at uhci0: USB revision 1.0
uhub1 at usb1 configuration 1 interface 0 "Intel UHCI root hub" rev 1.00/1.00 addr 1
usb2 at uhci1: USB revision 1.0
uhub2 at usb2 configuration 1 interface 0 "Intel UHCI root hub" rev 1.00/1.00 addr 1
usb3 at uhci2: USB revision 1.0
uhub3 at usb3 configuration 1 interface 0 "Intel UHCI root hub" rev 1.00/1.00 addr 1
vscsi0 at root
scsibus3 at vscsi0: 256 targets
softraid0 at root
scsibus4 at softraid0: 256 targets
root on sd0a (7f0c20eeb386a4ca.a) swap on sd0b dump on sd0b
WARNING: / was not properly unmounted
fd0 at fdc0 drive 1: density unknown

usbdevs:
Controller /dev/usb0:
addr 1: high speed, self powered, config 1, EHCI root hub(0x0000), Intel(0x8086), rev 1.00
 port 1 powered
 port 2 powered
 port 3 powered
 port 4 powered
 port 5 powered
 port 6 powered
Controller /dev/usb1:
addr 1: full speed, self powered, config 1, UHCI root hub(0x0000), Intel(0x8086), rev 1.00
 port 1 powered
 port 2 powered
Controller /dev/usb2:
addr 1: full speed, self powered, config 1, UHCI root hub(0x0000), Intel(0x8086), rev 1.00
 port 1 powered
 port 2 powered
Controller /dev/usb3:
addr 1: full speed, self powered, config 1, UHCI root hub(0x0000), Intel(0x8086), rev 1.00
 port 1 powered
 port 2 powered

Reply | Threaded
Open this post in threaded view
|

Re: crash in /usr/src/sys/netinet/raw_ip.c

Alexander Bluhm
On Sun, Dec 10, 2017 at 10:38:30AM +0100, [hidden email] wrote:
> icmp_input_if(1,2,ffff800014a50a6c,ffff800014a50a70,ffff800000067290) at icmp_input_if+0x111

Could you try this diff?

bluhm

Index: netinet/ip_icmp.c
===================================================================
RCS file: /data/mirror/openbsd/cvs/src/sys/netinet/ip_icmp.c,v
retrieving revision 1.173
diff -u -p -r1.173 ip_icmp.c
--- netinet/ip_icmp.c 18 Oct 2017 17:01:14 -0000 1.173
+++ netinet/ip_icmp.c 12 Dec 2017 01:09:39 -0000
@@ -386,12 +386,14 @@ icmp_input_if(struct ifnet *ifp, struct
  case ICMP_TIMXCEED:
  case ICMP_PARAMPROB:
  case ICMP_SOURCEQUENCH:
+ m->m_pkthdr.pf.flags &=~ PF_TAG_DIVERTED;
  break;
  /*
   * Although pf_icmp_mapping() considers redirects belonging
   * to a diverted connection, we must process it here anyway.
   */
  case ICMP_REDIRECT:
+ m->m_pkthdr.pf.flags &=~ PF_TAG_DIVERTED;
  break;
  default:
  goto raw;
@@ -585,10 +587,6 @@ reflect:
     &ip->ip_dst.s_addr, 1))
  goto freeit;
 #endif
- /* Free packet atttributes */
- if (m->m_flags & M_PKTHDR)
- m_tag_delete_chain(m);
-
  icmpstat_inc(icps_reflect);
  icmpstat_inc(icps_outhist + icp->icmp_type);
  if (!icmp_reflect(m, &opts, NULL)) {
Index: netinet6/icmp6.c
===================================================================
RCS file: /data/mirror/openbsd/cvs/src/sys/netinet6/icmp6.c,v
retrieving revision 1.220
diff -u -p -r1.220 icmp6.c
--- netinet6/icmp6.c 3 Nov 2017 14:28:57 -0000 1.220
+++ netinet6/icmp6.c 12 Dec 2017 01:12:36 -0000
@@ -431,6 +431,7 @@ icmp6_input(struct mbuf **mp, int *offp,
  case ICMP6_PACKET_TOO_BIG:
  case ICMP6_TIME_EXCEEDED:
  case ICMP6_PARAM_PROB:
+ m->m_pkthdr.pf.flags &=~ PF_TAG_DIVERTED;
  break;
  default:
  goto raw;