double fault trap at pf_test+0xc on 6.2-STABLE

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

double fault trap at pf_test+0xc on 6.2-STABLE

Axel Rau
Hi,

this is a IPsec client, which crashes on reboot of the IPsec master (same hardware and software as client).
The IPsec tunnel connects some IP6 and IP4 public nets to the internet plus some private nets.

kernel: double fault trap, code=0
Stopped at      pf_test+0xc:    pushq   %rbx

ddb{0}> pf_test(cf000,ffff800021d23160,ffffff007ea78900,29) at pf_test+0xc
ip6_input_if(18,ffffff007ea78900,ffff8000011fb080,ffffff0001d9cb98,ffff8000000a
0000) at ip6_input_if+0x515
ipv6_input(33c44e83a6d84c56,ffffff007ea78900) at ipv6_input+0x39
if_input_local(ffff8000000a0000,0,ffffff017e07a638) at if_input_local+0xb6
ip6_forward(ffffff017e07a638,ffff800021d233e0,ffffff0001d9cb90) at ip6_forward+
0x5fc
ip6_input_if(18,ffffff007ea78900,ffff8000011fb080,ffffff0001d9cb98,ffff8000000a
0000) at ip6_input_if+0xcd9
ipv6_input(33c44e83a6d84c56,ffffff007ea78900) at ipv6_input+0x39
if_input_local(ffff8000000a0000,0,ffffff017e07a638) at if_input_local+0xb6
ip6_forward(ffffff017e07a638,ffff800021d23660,ffffff0001d9cb90) at ip6_forward+
0x5fc
ip6_input_if(18,ffffff007ea78900,ffff8000011fb080,ffffff0001d9cb98,ffff8000000a
0000) at ip6_input_if+0xcd9
ipv6_input(33c44e83a6d84c56,ffffff007ea78900) at ipv6_input+0x39
if_input_local(ffff8000000a0000,0,ffffff017e07a638) at if_input_local+0xb6
ip6_forward(ffffff017e07a638,ffff800021d238e0,ffffff0001d9cb90) at ip6_forward+
0x5fc
ip6_input_if(18,ffffff007ea78900,ffff8000011fb080,ffffff0001d9cb98,ffff8000000a
0000) at ip6_input_if+0xcd9
ipv6_input(33c44e83a6d84c56,ffffff007ea78900) at ipv6_input+0x39
if_input_local(ffff8000000a0000,0,ffffff017e07a638) at if_input_local+0xb6
ip6_forward(ffffff017e07a638,ffff800021d23b60,ffffff0001d9cb90) at ip6_forward+
0x5fc      
ip6_input_if(18,ffffff007ea78900,ffff8000011fb080,ffffff0001d9cb98,ffff8000000a
0000) at ip6_input_if+0xcd9
ipv6_input(33c44e83a6d84c56,ffffff007ea78900) at ipv6_input+0x39
if_input_local(ffff8000000a0000,0,ffffff017e07a638) at if_input_local+0xb6
ip6_forward(ffffff017e07a638,ffff800021d23de0,ffffff0001d9cb90) at ip6_forward+
0x5fc
ip6_input_if(18,ffffff007ea78900,ffff8000011fb080,ffffff0001d9cb98,ffff8000000a
0000) at ip6_input_if+0xcd9
ipv6_input(33c44e83a6d84c56,ffffff007ea78900) at ipv6_input+0x39
if_input_local(ffff8000000a0000,0,ffffff017e07a638) at if_input_local+0xb6
ip6_forward(ffffff017e07a638,ffff800021d24060,ffffff0001d9cb90) at ip6_forward+
0x5fc
ip6_input_if(18,ffffff007ea78900,ffff8000011fb080,ffffff0001d9cb98,ffff8000000a
0000) at ip6_input_if+0xcd9
ipv6_input(33c44e83a6d84c56,ffffff007ea78900) at ipv6_input+0x39
if_input_local(ffff8000000a0000,0,ffffff017e07a638) at if_input_local+0xb6
ip6_forward(ffffff017e07a638,ffff800021d242e0,ffffff0001d9cb90) at ip6_forward+
0x5fc
ip6_input_if(18,ffffff007ea78900,ffff8000011fb080,ffffff0001d9cb98,ffff8000000a
0000) at ip6_input_if+0xcd9
ipv6_input(33c44e83a6d84c56,ffffff007ea78900) at ipv6_input+0x39
if_input_local(ffff8000000a0000,0,ffffff017e07a638) at if_input_local+0xb6
ip6_forward(ffffff017e07a638,ffff800021d24560,ffffff0001d9cb90) at ip6_forward+
0x5fc
ip6_input_if(18,ffffff007ea78900,ffff8000011fb080,ffffff0001d9cb98,ffff8000000a
0000) at ip6_input_if+0xcd9
ipv6_input(33c44e83a6d84c56,ffffff007ea78900) at ipv6_input+0x39
if_input_local(ffff8000000a0000,0,ffffff017e07a638) at if_input_local+0xb6
ip6_forward(ffffff017e07a638,ffff800021d247e0,ffffff0001d9cb90) at ip6_forward+
0x5fc
ip6_input_if(18,ffffff007ea78900,ffff8000011fb080,ffffff0001d9cb98,ffff8000000a
0000) at ip6_input_if+0xcd9
ipv6_input(33c44e83a6d84c56,ffffff007ea78900) at ipv6_input+0x39
if_input_local(ffff8000000a0000,0,ffffff017e07a638) at if_input_local+0xb6
ip6_forward(ffffff017e07a638,ffff800021d24a60,ffffff0001d9cb90) at ip6_forward+
0x5fc
ip6_input_if(18,ffffff007ea78900,ffff8000011fb080,ffffff0001d9cb98,ffff8000000a
0000) at ip6_input_if+0xcd9
ipv6_input(33c44e83a6d84c56,ffffff007ea78900) at ipv6_input+0x39
if_input_local(ffff8000000a0000,0,ffffff017e07a638) at if_input_local+0xb6
ip6_forward(ffffff017e07a638,ffff800021d24ce0,ffffff0001d9cb90) at ip6_forward+
0x5fc
ip6_input_if(18,ffffff007ea78900,ffff8000011fb080,ffffff0001d9cb98,ffff8000000a
0000) at ip6_input_if+0xcd9
ipv6_input(33c44e83a6d84c56,ffffff007ea78900) at ipv6_input+0x39
if_input_local(ffff8000000a0000,0,ffffff017e07a638) at if_input_local+0xb6
ip6_forward(ffffff017e07a638,ffff800021d24f60,ffffff0001d9cb90) at ip6_forward+
0x5fc
ip6_input_if(18,ffffff007ea78900,ffff8000011fb080,ffffff0001d9cb98,ffff8000000a
0000) at ip6_input_if+0xcd9
ipv6_input(33c44e83a6d84c56,ffffff007ea78900) at ipv6_input+0x39
if_input_local(ffff8000000a0000,0,ffffff017e07a638) at if_input_local+0xb6
ip6_forward(ffffff017e07a638,ffff800021d251e0,ffffff0001d9cb90) at ip6_forward+
0x5fc
ip6_input_if(18,ffffff007ea78900,ffff8000011fb080,ffffff0001d9cb98,ffff8000000a
0000) at ip6_input_if+0xcd9
ipv6_input(33c44e83a6d84c56,ffffff007ea78900) at ipv6_input+0x39
if_input_local(ffff8000000a0000,0,ffffff017e07a638) at if_input_local+0xb6
ip6_forward(ffffff017e07a638,ffff800021d25460,ffffff0001d9cb90) at ip6_forward+
0x5fc
ip6_input_if(18,ffffff007ea78900,ffff8000011fb080,ffffff0001d9cb98,ffff8000000a
0000) at ip6_input_if+0xcd9
ipv6_input(33c44e83a6d84c56,ffffff007ea78900) at ipv6_input+0x39
if_input_local(ffff8000000a0000,0,ffffff017e07a638) at if_input_local+0xb6
ip6_forward(ffffff017e07a638,ffff800021d256e0,ffffff0001d9cb90) at ip6_forward+
0x5fc
ip6_input_if(18,ffffff007ea78900,ffff8000011fb080,ffffff0001d9cb98,ffff8000000a
0000) at ip6_input_if+0xcd9
ipv6_input(33c44e83a6d84c56,ffffff007ea78900) at ipv6_input+0x39
if_input_local(ffff8000000a0000,0,ffffff017e07a638) at if_input_local+0xb6
ip6_forward(ffffff017e07a638,ffff800021d25960,ffffff0001d9cb90) at ip6_forward+
0x5fc
ip6_input_if(18,ffffff007ea78900,ffff8000011fb080,ffffff0001d9cb98,ffff8000000a
0000) at ip6_input_if+0xcd9
ipv6_input(33c44e83a6d84c56,ffffff007ea78900) at ipv6_input+0x39
if_input_local(ffff8000000a0000,0,ffffff017e07a638) at if_input_local+0xb6
ip6_forward(ffffff017e07a638,ffff800021d25be0,ffffff0001d9cb90) at ip6_forward+
0x5fc
ip6_input_if(18,ffffff007ea78900,ffff8000011fb080,ffffff0001d9cb98,ffff8000000a
0000) at ip6_input_if+0xcd9
ipv6_input(33c44e83a6d84c56,ffffff007ea78900) at ipv6_input+0x39
if_input_local(ffff8000000a0000,0,ffffff017e07a638) at if_input_local+0xb6
ip6_forward(ffffff017e07a638,ffff800021d25e60,ffffff0001d9cb90) at ip6_forward+
0x5fc
ip6_input_if(18,ffffff007ea78900,ffff8000011fb080,ffffff0001d9cb98,ffff8000000a
0000) at ip6_input_if+0xcd9
ipv6_input(33c44e83a6d84c56,ffffff007ea78900) at ipv6_input+0x39
if_input_local(ffff8000000a0000,0,ffffff017e07a638) at if_input_local+0xb6
ip6_forward(ffffff017e07a638,ffff800021d260e0,ffffff0001d9cb90) at ip6_forward+
0x5fc
ip6_input_if(ffff8000000686dd,ffffff0001d9cb82,86dd,ffffff007ea78900,ffffff007e
a78900) at ip6_input_if+0xcd9
ipv6_input(33c44e83a6d84c56,ffffff007ea78900) at ipv6_input+0x39
ether_input(ffff800000068240,ffffff007ea78900,ffff80000001a1a0) at ether_input+
0x297
if_input_process(ffff800021d261c0) at if_input_process+0x15e
taskq_thread(0) at taskq_thread+0x67
end trace frame: 0x0, count: -82

Copyright (c) 1982, 1986, 1989, 1991, 1993
       The Regents of the University of California.  All rights reserved.
Copyright (c) 1995-2017 OpenBSD. All rights reserved.  https://www.OpenBSD.org

OpenBSD 6.2 (GENERIC.MP) #2: Sun Dec 10 21:14:42 CET 2017
   [hidden email]:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 4264062976 (4066MB)
avail mem = 4127805440 (3936MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.8 @ 0x7f98a000 (53 entries)
bios0: vendor American Megatrends Inc. version "5.6.5" date 05/19/2014
acpi0 at bios0: rev 2
acpi0: sleep states S0 S4 S5
acpi0: tables DSDT FACP FPDT MCFG WDAT UEFI APIC BDAT HPET SSDT HEST BERT ERST EINJ
acpi0: wakeup devices PEX1(S4) PEX2(S4) PEX3(S4) PEX4(S4) EHC1(S4)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimcfg0 at acpi0 addr 0xe0000000, bus 0-255
acpimadt0 at acpi0 addr 0xfee00000: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Atom(TM) CPU C2358 @ 1.74GHz, 1750.32 MHz
cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,AES,RDRAND,NXE,RDTSCP,LONG,LAHF,3DNOWP,PERF,ITSC,SMEP,ERMS,SENSOR,ARAT
cpu0: 1MB 64b/line 16-way L2 cache
cpu0: TSC frequency 1750316610 Hz
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
cpu0: apic clock running at 83MHz
cpu0: mwait min=64, max=64, C-substates=0.2.0.0.0.0.3, IBE
cpu1 at mainbus0: apid 2 (application processor)
cpu1: Intel(R) Atom(TM) CPU C2358 @ 1.74GHz, 1750.00 MHz
cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,AES,RDRAND,NXE,RDTSCP,LONG,LAHF,3DNOWP,PERF,ITSC,SMEP,ERMS,SENSOR,ARAT
cpu1: 1MB 64b/line 16-way L2 cache
cpu1: smt 0, core 1, package 0
ioapic0 at mainbus0: apid 2 pa 0xfec00000, version 20, 24 pins
acpihpet0 at acpi0: 14318179 Hz
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus 1 (PEX1)
acpiprt2 at acpi0: bus 2 (PEX2)
acpiprt3 at acpi0: bus 3 (PEX3)
acpiprt4 at acpi0: bus 4 (PEX4)
acpicpu0 at acpi0: C2(350@41 mwait.3@0x51), C1(1000@1 mwait.1), PSS
acpicpu1 at acpi0: C2(350@41 mwait.3@0x51), C1(1000@1 mwait.1), PSS
"PNP0003" at acpi0 not configured
"PNP0C33" at acpi0 not configured
cpu0: Enhanced SpeedStep 1750 MHz: speeds: 1744, 1743, 1660, 1577, 1494, 1411, 1328, 1245, 1162 MHz
pci0 at mainbus0 bus 0
pchb0 at pci0 dev 0 function 0 vendor "Intel", unknown product 0x1f0e rev 0x02
ppb0 at pci0 dev 1 function 0 "Intel Atom C2000 PCIE" rev 0x02: msi
pci1 at ppb0 bus 1
em0 at pci1 dev 0 function 0 "Intel I210" rev 0x03: msi, address 00:60:e0:5a:75:40
ppb1 at pci0 dev 2 function 0 "Intel Atom C2000 PCIE" rev 0x02: msi
pci2 at ppb1 bus 2
em1 at pci2 dev 0 function 0 "Intel I210" rev 0x03: msi, address 00:60:e0:5a:75:41
ppb2 at pci0 dev 3 function 0 "Intel Atom C2000 PCIE" rev 0x02: msi
pci3 at ppb2 bus 3
ppb3 at pci0 dev 4 function 0 "Intel Atom C2000 PCIE" rev 0x02: msi
pci4 at ppb3 bus 4
vendor "Intel", unknown product 0x1f18 (class processor subclass Co-processor, rev 0x02) at pci0 dev 11 function 0 not configured
pchb1 at pci0 dev 14 function 0 "Intel Atom C2000 RAS" rev 0x02
"Intel Atom C2000 RCEC" rev 0x02 at pci0 dev 15 function 0 not configured
"Intel Atom C2000 SMBus" rev 0x02 at pci0 dev 19 function 0 not configured
em2 at pci0 dev 20 function 0 "Intel I354 SGMII" rev 0x03: msi, address 00:60:e0:5a:75:42
em3 at pci0 dev 20 function 1 "Intel I354 SGMII" rev 0x03: msi, address 00:60:e0:5a:75:43
em4 at pci0 dev 20 function 2 "Intel I354 SGMII" rev 0x03: msi, address 00:60:e0:5a:75:44
em5 at pci0 dev 20 function 3 "Intel I354 SGMII" rev 0x03: msi, address 00:60:e0:5a:75:45
ehci0 at pci0 dev 22 function 0 "Intel Atom C2000 USB" rev 0x02: apic 2 int 23
usb0 at ehci0: USB revision 2.0
uhub0 at usb0 configuration 1 interface 0 "Intel EHCI root hub" rev 2.00/1.00 addr 1
ahci0 at pci0 dev 23 function 0 "Intel Atom C2000 AHCI" rev 0x02: msi, AHCI 1.3
scsibus1 at ahci0: 32 targets
ahci1 at pci0 dev 24 function 0 "Intel Atom C2000 AHCI" rev 0x02: msi, AHCI 1.3
ahci1: port 0: 3.0Gb/s
scsibus2 at ahci1: 32 targets
sd0 at scsibus2 targ 0 lun 0: <ATA, INTEL SSDSA2CT04, 4PC1> SCSI3 0/direct fixed naa.55cd2e40003e4c4f
sd0: 38166MB, 512 bytes/sector, 78165360 sectors, thin
pcib0 at pci0 dev 31 function 0 "Intel Atom C2000 PCU" rev 0x02
ichiic0 at pci0 dev 31 function 3 "Intel Atom C2000 PCU SMBus" rev 0x02: apic 2 int 18
iic0 at ichiic0
sdtemp0 at iic0 addr 0x18: mcp98243
sdtemp1 at iic0 addr 0x19: mcp98243
spdmem0 at iic0 addr 0x50: 2GB DDR3 SDRAM ECC PC3-12800 with thermal sensor
spdmem1 at iic0 addr 0x51: 2GB DDR3 SDRAM ECC PC3-12800 with thermal sensor
isa0 at pcib0
isadma0 at isa0
com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
com0: console
com1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo
pckbc0 at isa0 port 0x60/5 irq 1 irq 12
pckbd0 at pckbc0 (kbd slot)
wskbd0 at pckbd0 mux 1
pms0 at pckbc0 (aux slot)
wsmouse0 at pms0 mux 0
pcppi0 at isa0 port 0x61
spkr0 at pcppi0
lpt0 at isa0 port 0x378/4 irq 7
wbsio0 at isa0 port 0x2e/2: NCT5104D rev 0x52
wbsio0 port 0xa00/2 not configured
vmm0 at mainbus0: VMX/EPT
uhub1 at uhub0 port 1 configuration 1 interface 0 "Intel product 0x07db" rev 2.00/0.02 addr 2
vscsi0 at root
scsibus3 at vscsi0: 256 targets
softraid0 at root
scsibus4 at softraid0: 256 targets
root on sd0a (ba26539e367c2c0f.a) swap on sd0b dump on sd0b
Automatic boot in progress: starting file system checks.
/dev/sd0a (ba26539e367c2c0f.a): file system is clean; not checking
/dev/sd0d (ba26539e367c2c0f.d): file system is clean; not checking
/dev/sd0f (ba26539e367c2c0f.f): file system is clean; not checking
/dev/sd0e (ba26539e367c2c0f.e): file system is clean; not checking
setting tty flags
pf enabled
net.inet.ip.forwarding: 0 -> 1
net.inet6.ip6.forwarding: 0 -> 0
ddb.panic: 1 -> 1
ddb.console: 0 -> 0
starting network
ifconfig: SIOCAIFADDR: File exists
reordering libraries: done.
starting early daemons: syslogdJan 20 12:28:52 gw1 syslogd[89470]: priv_open_log "/var/log/debug.log": No such file or directory
pflogd ntpd isakmpd sasyncdJan 20 12:28:54 gw1 /bsd: carp3: state transition: BACKUP -> MASTER
Jan 20 12:28:54 gw1 /bsd: carp0: state transition: BACKUP -> MASTER
Jan 20 12:28:54 gw1 /bsd: carp2: state transition: BACKUP -> MASTER
Jan 20 12:28:55 gw1 /bsd: carp1: state transition: BACKUP -> MASTER
---
PGP-Key:29E99DD6  ☀  computing @ chaos claudius

Reply | Threaded
Open this post in threaded view
|

Re: double fault trap at pf_test+0xc on 6.2-STABLE

Alexander Bluhm
On Sat, Jan 20, 2018 at 03:46:36PM +0100, Axel Rau wrote:
> this is a IPsec client, which crashes on reboot of the IPsec master (same hardware and software as client).
> The IPsec tunnel connects some IP6 and IP4 public nets to the internet plus some private nets.

Looks like this bug, already fixed in -current.

https://marc.info/?l=openbsd-cvs&m=150841096918888&w=2

You have configured a routing loop on the loopback interface, this
results in a kernel stack overrun.  You can try the attached diff
and see if helps.

bluhm

Index: net/if_loop.c
===================================================================
RCS file: /data/mirror/openbsd/cvs/src/sys/net/if_loop.c,v
retrieving revision 1.81
diff -u -p -r1.81 if_loop.c
--- net/if_loop.c 19 Apr 2017 15:21:54 -0000 1.81
+++ net/if_loop.c 22 Jan 2018 13:40:13 -0000
@@ -143,6 +143,7 @@
 int loioctl(struct ifnet *, u_long, caddr_t);
 void loopattach(int);
 void lortrequest(struct ifnet *, int, struct rtentry *);
+int loinput(struct ifnet *, struct mbuf *, void *);
 int looutput(struct ifnet *,
     struct mbuf *, struct sockaddr *, struct rtentry *);
 
@@ -191,6 +192,7 @@ loop_clone_create(struct if_clone *ifc,
 #if NBPFILTER > 0
  bpfattach(&ifp->if_bpf, ifp, DLT_LOOP, sizeof(u_int32_t));
 #endif
+ if_ih_insert(ifp, loinput, NULL);
  return (0);
 }
 
@@ -200,6 +202,7 @@ loop_clone_destroy(struct ifnet *ifp)
  if (ifp->if_index == rtable_loindex(ifp->if_rdomain))
  return (EPERM);
 
+ if_ih_remove(ifp, loinput, NULL);
  if_detach(ifp);
 
  free(ifp, M_DEVBUF, sizeof(*ifp));
@@ -207,11 +210,26 @@ loop_clone_destroy(struct ifnet *ifp)
 }
 
 int
+loinput(struct ifnet *ifp, struct mbuf *m, void *cookie)
+{
+ int error;
+
+ if ((m->m_flags & M_PKTHDR) == 0)
+ panic("%s: no header mbuf", __func__);
+
+ error = if_input_local(ifp, m, m->m_pkthdr.ph_family);
+ if (error)
+ ifp->if_ierrors++;
+
+ return (1);
+}
+
+int
 looutput(struct ifnet *ifp, struct mbuf *m, struct sockaddr *dst,
     struct rtentry *rt)
 {
  if ((m->m_flags & M_PKTHDR) == 0)
- panic("looutput: no header mbuf");
+ panic("%s: no header mbuf", __func__);
 
  if (rt && rt->rt_flags & (RTF_REJECT|RTF_BLACKHOLE)) {
  m_freem(m);
@@ -219,7 +237,16 @@ looutput(struct ifnet *ifp, struct mbuf
  rt->rt_flags & RTF_HOST ? EHOSTUNREACH : ENETUNREACH);
  }
 
- return (if_input_local(ifp, m, dst->sa_family));
+ /* Use the quick path only once to avoid stack overflow. */
+ if ((m->m_flags & M_LOOP) == 0)
+ return (if_input_local(ifp, m, dst->sa_family));
+
+ m->m_pkthdr.ph_family = dst->sa_family;
+ if (mq_enqueue(&ifp->if_inputqueue, m))
+ return ENOBUFS;
+ task_add(softnettq, ifp->if_inputtask);
+
+ return (0);
 }
 
 void
Index: sys/mbuf.h
===================================================================
RCS file: /data/mirror/openbsd/cvs/src/sys/sys/mbuf.h,v
retrieving revision 1.231
diff -u -p -r1.231 mbuf.h
--- sys/mbuf.h 23 Jun 2017 11:18:12 -0000 1.231
+++ sys/mbuf.h 22 Jan 2018 13:40:13 -0000
@@ -134,6 +134,7 @@ struct pkthdr {
  u_int ph_rtableid; /* routing table id */
  u_int ph_ifidx; /* rcv interface index */
  u_int8_t ph_loopcnt; /* mbuf is looping in kernel */
+ u_int8_t ph_family; /* af, used when queueing */
  struct pkthdr_pf pf;
 };
 

Reply | Threaded
Open this post in threaded view
|

Re: double fault trap at pf_test+0xc on 6.2-STABLE

Axel Rau

> Am 22.01.2018 um 14:47 schrieb Alexander Bluhm <[hidden email]>:

Thanks for answering.
>
> Looks like this bug, already fixed in -current.
>
> https://marc.info/?l=openbsd-cvs&m=150841096918888&w=2 <https://marc.info/?l=openbsd-cvs&m=150841096918888&w=2>
>
> You have configured a routing loop on the loopback interface,
Yes.
> this
> results in a kernel stack overrun.  
Sounds plausible.
> You can try the attached diff
> and see if helps.


Axel
---
PGP-Key:29E99DD6  ☀  computing @ chaos claudius

Reply | Threaded
Open this post in threaded view
|

Re: double fault trap at pf_test+0xc on 6.2-STABLE

Axel Rau
In reply to this post by Alexander Bluhm

> Am 22.01.2018 um 14:47 schrieb Alexander Bluhm <[hidden email]>:
>
> On Sat, Jan 20, 2018 at 03:46:36PM +0100, Axel Rau wrote:
>> this is a IPsec client, which crashes on reboot of the IPsec master (same hardware and software as client).
>> The IPsec tunnel connects some IP6 and IP4 public nets to the internet plus some private nets.
>
> Looks like this bug, already fixed in -current.
>
> https://marc.info/?l=openbsd-cvs&m=150841096918888&w=2
>
> You have configured a routing loop on the loopback interface, this
> results in a kernel stack overrun.  You can try the attached diff
> and see if helps.


The patch fixed my problem.
One week in production w/o issues.

Axel
---
PGP-Key:29E99DD6  ☀  computing @ chaos claudius

Reply | Threaded
Open this post in threaded view
|

Re: double fault trap at pf_test+0xc on 6.2-STABLE

Axel Rau
In reply to this post by Alexander Bluhm

> Am 22.01.2018 um 14:47 schrieb Alexander Bluhm <[hidden email]>:
>
>
> Looks like this bug, already fixed in -current.
>
> https://marc.info/?l=openbsd-cvs&m=150841096918888&w=2 <https://marc.info/?l=openbsd-cvs&m=150841096918888&w=2>

Any reason why this was not included in OpenBSD Errata: February 2nd, 2018 ?

Axel
---
PGP-Key:29E99DD6  ☀  computing @ chaos claudius