-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi Alexander,
Many thanks in getting back to me.
On 22.06.14 17:10, Alexander Bluhm wrote:
> On Sun, Jun 01, 2014 at 07:34:56PM +0200, Peter Haag wrote:
>> May 30 07:11:29 savecore: reboot after panic: tcp_input:650:
>> 0xfffffe852c102790 != 0xfffffe851758a050
>
>> inp_ipsec_remotecred = 0x0, inp_ipsec_remoteauth = 0x0, inp_cksum6 = -1,
>> inp_icmp6filt = 0x0, inp_pf_sk =
>> 0xfffffe852c092c48,
>
> I guess this is a result of the pf state to socket link problem. This race
> has been there for a while, but I cannot
> find the cause.
>
> Can you apply this diff containg an additional check? This will make it
> clearer where the broken socket comes
> from. Unfortunately this will not fix your crashes. Does this change always
> replace the original crash by the new
> one?
As I still have the core from the crash end of May I checked your test below,
and indeed m->m_pkthdr.pf.statekey !=
inp->inp_pf_sk. Find the gdb output appended:
inp_pf_sk = 0xfffffe852c092c48
m->m_pkthdr.pf.statekey = 0xfffffe852c092358
I the kernel, I'm running now I replaced the KASSERT by a log() and a goto
drop. At least it was worth testing. For
the last 3 weeks I had 3 log entries in syslog. Due to the 'goto drop', the
kernel seem to remain stable. This saves
my life for now, however, still leaves a bad feeling ... why is it only me ??
Is there anything I could change in pf.conf??
Feel free, if I can help debugging. The core is still available for grabbing
data out of it.
Thanks and regards
- Peter
>
> bluhm
>
>
> Index: netinet/tcp_input.c
> =================================================================== RCS file:
> /data/mirror/openbsd/cvs/src/sys/netinet/tcp_input.c,v retrieving revision
> 1.276 diff -u -p -r1.276 tcp_input.c ---
> netinet/tcp_input.c 25 Apr 2014 09:44:38 -0000 1.276 +++
> netinet/tcp_input.c 22 Jun 2014 14:36:21 -0000 @@ -585,8
> +585,11 @@ tcp_input(struct mbuf *m, ...) * Locate pcb for segment. */ #if
> NPF > 0 - if (m->m_pkthdr.pf.statekey) +
> if (m->m_pkthdr.pf.statekey) { inp = m->m_pkthdr.pf.statekey->inp; +
> if (inp && inp->inp_pf_sk) +
> KASSERT(m->m_pkthdr.pf.statekey == inp->inp_pf_sk); +} #endif findpcb: if
> (inp == NULL) { Index:
> netinet/udp_usrreq.c
> =================================================================== RCS file:
> /data/mirror/openbsd/cvs/src/sys/netinet/udp_usrreq.c,v retrieving revision
> 1.184 diff -u -p -r1.184 udp_usrreq.c
> --- netinet/udp_usrreq.c 23 Apr 2014 12:25:35 -0000 1.184 +++
> netinet/udp_usrreq.c 22 Jun 2014 14:36:21 -0000 @@
> -557,8 +557,11 @@ udp_input(struct mbuf *m, ...) * Locate pcb for datagram.
> */ #if 0 - if
> (m->m_pkthdr.pf.statekey) + if (m->m_pkthdr.pf.statekey) { inp =
> m->m_pkthdr.pf.statekey->inp; + if (inp &&
> inp->inp_pf_sk) + KASSERT(m->m_pkthdr.pf.statekey ==
> inp->inp_pf_sk); + } #endif if (inp == NULL) { #ifdef INET6
Comment: GPGTools - http://gpgtools.org
iD8DBQFTqIoXZFR7Ae3oDfYRAk06AKC3RSW1sHvLMcMY1WzLmbLZByoayACgk/e5
oLrH7gaWjjQ+teKjOEO1Vwg=
=L3qh
-----END PGP SIGNATURE-----
(gdb) p {struct inpcb}0xfffffe851758a050
$9 = {inp_hash = {le_next = 0xfffffe852c0ae8b0, le_prev = 0xffff8000005ac790},
inp_lhash = {le_next = 0xfffffe852c0aece8, le_prev = 0xfffffe852c699450},
inp_queue = {
tqe_next = 0xfffffe84eb5cc490, tqe_prev = 0xfffffe852c699460}, inp_table =
0xffffffff81dd3380, inp_faddru = {iau_addr6 = {__u6_addr = {__u6_addr8 = '\0'
<repeats 12 times>, "Õ¼ Õ",
__u6_addr16 = {0, 0, 0, 0, 0, 0, 48341, 54560}, __u6_addr32 = {0, 0, 0,
3575692501}}}, iau_a4u = {pad = '\0' <repeats 11 times>, inaddr = {s_addr =
3575692501}}}, inp_laddru = {
iau_addr6 = {__u6_addr = {__u6_addr8 = '\0' <repeats 12 times>, "Õ¼ -",
__u6_addr16 = {0, 0, 0, 0, 0, 0, 48341, 11552}, __u6_addr32 = {0, 0, 0,
757120213}}}, iau_a4u = {
pad = '\0' <repeats 11 times>, inaddr = {s_addr = 757120213}}}, inp_fport
= 52715, inp_lport = 20480, inp_socket = 0xfffffe852c102790, inp_ppcb =
0xfffffe852b69c6a8 "", inp_ru = {
ru_route = {ro_rt = 0xfffffe84f4ac4190, ro_tableid = 0, ro_dst = {sa_len =
16 '\020', sa_family = 2 '\002', sa_data = "\000\000Õ¼
Õ\000\000\000\000\000\000\000"}}, ru_route6 = {
ro_rt = 0xfffffe84f4ac4190, ro_tableid = 0, ro_dst = {sin6_len = 16
'\020', sin6_family = 2 '\002', sin6_port = 0, sin6_flowinfo = 3575692501,
sin6_addr = {__u6_addr = {
__u6_addr8 = '\0' <repeats 15 times>, __u6_addr16 = {0, 0, 0, 0, 0,
0, 0, 0}, __u6_addr32 = {0, 0, 0, 0}}}, sin6_scope_id = 0}}}, inp_flags = 0,
inp_hu = {hu_ip = {ip_hl = 0,
ip_v = 0, ip_tos = 0 '\0', ip_len = 0, ip_id = 0, ip_off = 0, ip_ttl = 64
'@', ip_p = 0 '\0', ip_sum = 0, ip_src = {s_addr = 0}, ip_dst = {s_addr = 0}},
hu_ipv6 = {ip6_ctlun = {
ip6_un1 = {ip6_un1_flow = 0, ip6_un1_plen = 0, ip6_un1_nxt = 0 '\0',
ip6_un1_hlim = 0 '\0'}, ip6_un2_vfc = 0 '\0'}, ip6_src = {__u6_addr = {
__u6_addr8 = "@", '\0' <repeats 14 times>, __u6_addr16 = {64, 0, 0,
0, 0, 0, 0, 0}, __u6_addr32 = {64, 0, 0, 0}}}, ip6_dst = {__u6_addr =
{__u6_addr8 = '\0' <repeats 15 times>,
__u6_addr16 = {0, 0, 0, 0, 0, 0, 0, 0}, __u6_addr32 = {0, 0, 0,
0}}}}}, inp_options = 0x0, inp_outputopts6 = 0x0, inp_hops = -1, inp_mou =
{mou_mo = 0x0, mou_mo6 = 0x0},
inp_seclevel = "\001\001\001\001", inp_secrequire = 0, inp_secresult = 0,
inp_ip_minttl = 0 '\0', inp_tdb_in_next = {tqe_next = 0x0, tqe_prev = 0x0},
inp_tdb_out_next = {
tqe_next = 0x0, tqe_prev = 0x0}, inp_tdb_in = 0x0, inp_tdb_out = 0x0,
inp_ipo = 0x0, inp_ipsec_remotecred = 0x0, inp_ipsec_remoteauth = 0x0,
inp_cksum6 = -1, inp_icmp6filt = 0x0,
inp_pf_sk = 0xfffffe852c092c48, inp_rtableid = 0, inp_pipex = 0, inp_divertfl
= 0}
(gdb) p *m
$10 = {m_hdr = {mh_next = 0x0, mh_nextpkt = 0x0, mh_data = 0xfffffe80ba390020
"E", mh_len = 40, mh_type = 1, mh_flags = 11}, M_dat = {MH = {MH_pkthdr =
{rcvif = 0xffff80000014e048,
tags = {slh_first = 0x0}, len = 40, tagsset = 0, pad = 0, csum_flags =
168, ether_vtag = 0, rdomain = 0, pf = {hdr = 0x0, statekey =
0xfffffe852c092358, inp = 0x0, qid = 0,
tag = 0, flags = 128 '\200', routed = 0 '\0', prio = 3 '\003', pad =
"\000\000"}}, MH_dat = {MH_ext = {ext_buf = 0xfffffe80ba390000 "\a`", ext_free
= 0, ext_arg = 0x0,
ext_size = 2048, ext_type = 757120213, ext_ifp = 0x0, ext_backend =
0, ext_nextref = 0xfffffe80a6686100, ext_prevref = 0xfffffe80a6686100},
MH_databuf = "\000\0009º\200þÿÿ", '\0' <repeats 17 times>,
"\b\000\000Õ¼ -", '\0' <repeats 12 times>,
"'ÿÁ\031\000ah¦\200þÿÿ\000ah¦\200þÿÿ/ó\2117: \"name\" \"iPhone Mail\"
\"version\" \"11D201\" \"os\" \"iOS\" \"os-version\" \"7.1.1 (11D201)\"\000"}},
M_databuf =
"Hà\024\000\000\200ÿÿ\000\000\000\000\000\000\000\000(\000\000\000\000\000\000\000¨",
'\0' <repeats 15 times>, "X#\t,\205þÿÿ", '\0' <repeats 14 times>,
"\200\000\003\000\000\000\000\000\000\000\000\0009º\200þÿÿ", '\0' <repeats 17
times>, "\b\000\000Õ¼ -", '\0' <repeats 12 times>,
"'ÿÁ\031\000ah¦\200þÿÿ\000ah¦\200þÿÿ/ó\2117: \"name\" \"iPhone Mail\"
\"version\" \"11D201\" \"os\" \"iOS\" \"os-version\" \"7.1.1 (11D2"...}}
[demime 1.01d removed an attachment of type application/octet-stream which had
a name of kernel.txt.sig]
