On Sun, Jun 01, 2014 at 07:34:56PM +0200, Peter Haag wrote:
> May 30 07:11:29 savecore: reboot after panic: tcp_input:650:
> 0xfffffe852c102790 != 0xfffffe851758a050
> inp_ipsec_remotecred = 0x0, inp_ipsec_remoteauth = 0x0, inp_cksum6 = -1,
> inp_icmp6filt = 0x0, inp_pf_sk =
> 0xfffffe852c092c48,
I guess this is a result of the pf state to socket link problem.
This race has been there for a while, but I cannot find the cause.
Can you apply this diff containg an additional check? This will
make it clearer where the broken socket comes from. Unfortunately
this will not fix your crashes. Does this change always replace
the original crash by the new one?
bluhm
Index: netinet/tcp_input.c
===================================================================
RCS file: /data/mirror/openbsd/cvs/src/sys/netinet/tcp_input.c,v
retrieving revision 1.276
diff -u -p -r1.276 tcp_input.c
--- netinet/tcp_input.c 25 Apr 2014 09:44:38 -0000 1.276
+++ netinet/tcp_input.c 22 Jun 2014 14:36:21 -0000
@@ -585,8 +585,11 @@ tcp_input(struct mbuf *m, ...)
* Locate pcb for segment.
*/
#if NPF > 0
- if (m->m_pkthdr.pf.statekey)
+ if (m->m_pkthdr.pf.statekey) {
inp = m->m_pkthdr.pf.statekey->inp;
+ if (inp && inp->inp_pf_sk)
+ KASSERT(m->m_pkthdr.pf.statekey == inp->inp_pf_sk);
+}
#endif
findpcb:
if (inp == NULL) {
Index: netinet/udp_usrreq.c
===================================================================
RCS file: /data/mirror/openbsd/cvs/src/sys/netinet/udp_usrreq.c,v
retrieving revision 1.184
diff -u -p -r1.184 udp_usrreq.c
--- netinet/udp_usrreq.c 23 Apr 2014 12:25:35 -0000 1.184
+++ netinet/udp_usrreq.c 22 Jun 2014 14:36:21 -0000
@@ -557,8 +557,11 @@ udp_input(struct mbuf *m, ...)
* Locate pcb for datagram.
*/
#if 0
- if (m->m_pkthdr.pf.statekey)
+ if (m->m_pkthdr.pf.statekey) {
inp = m->m_pkthdr.pf.statekey->inp;
+ if (inp && inp->inp_pf_sk)
+ KASSERT(m->m_pkthdr.pf.statekey == inp->inp_pf_sk);
+ }
#endif
if (inp == NULL) {
#ifdef INET6
