On 14/06/16(Tue) 15:18, Florian Obser wrote:
> Hi,
> I'm seeing this panic on my v6 gateway running in a vm (don't ask):
> It has a v6 tunnel via HE on gif0.
>
> I hope I copied all relevant information, if not, my appologies, I'm
> in a hurry currently, please just ask for more.
>
> I will probably investigate more when I'm home :)
>
> panic: trap type 6, code=0, pc=ffffffff812fe70f
> Starting stack trace...
> panic() at panic+0x10b
> trap() at trap+0x7b8
> --- trap (number 6) ---
> ip6_output_ipsec_lookup() at ip6_output_ipsec_lookup+0x6f
> ip6_output() at ip6_output+0x21c
> esp_output_cb() at esp_output_cb+0x135
> taskq_thread() at taskq_thread+0x6c
> end trace frame: 0x0, count: 251
> End of stack trace.
> syncing disks... done
This seems to be an invalid `'tdbi'' dereference in ip6_output_ipsec_lookup():
2890: tdbi = (struct tdb_ident *)(mtag + 1);
2891: HERE -> if (tdbi->spi == tdb->tdb_spi &&
2892: tdbi->proto == tdb->tdb_sproto &&
...
Markus, Mike any idea how this could happen?
> on:
>
> OpenBSD 6.0-beta (GENERIC.MP) #2165: Thu Jun 2 08:37:59 MDT 2016
> dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
>
>
> it has ddb.panic=0 but I can change that when I'm home.
>
> [florian@openbsd:~]$ doas cat /etc/ipsec.conf
> ike esp from 2001:470:7afd::1 \
> to 2a02:d40:3:1:4c7:b9ff:fede:705f \
> psk XXX
>
> ike esp from 2001:470:7afd:1::1 \
> to 2a02:d40:3:1:4c7:b9ff:fede:705f \
> psk XXX
>
> ike esp from 2001:470:1f14:47e::2 \
> to 2a02:d40:3:1:4c7:b9ff:fede:705f \
> psk XXX
>
> I can trigger the panic when the flows are up and I do this on the
> remote system:
>
> [florian@tlakh:~]$ ping6 -I 2a02:d40:3:1:4c7:b9ff:fede:705f 2001:470:7afd::1
>
>
> [florian@openbsd:~]$ doas ipsecctl -sa
> FLOWS:
> flow esp in from 2a02:d40:3:1:4c7:b9ff:fede:705f to 2001:470:1f14:47e::2 peer
> 2a02:d40:3:1:4c7:b9ff:fede:705f srcid 2001:470:1f14:47e::2/128 dstid
> 2a02:d40:3:1:4c7:b9ff:fede:705f/128 type use
> flow esp out from 2001:470:1f14:47e::2 to 2a02:d40:3:1:4c7:b9ff:fede:705f
> peer 2a02:d40:3:1:4c7:b9ff:fede:705f srcid 2001:470:1f14:47e::2/128 dstid
> 2a02:d40:3:1:4c7:b9ff:fede:705f/128 type require
> flow esp in from 2a02:d40:3:1:4c7:b9ff:fede:705f to 2001:470:7afd::1 peer
> 2a02:d40:3:1:4c7:b9ff:fede:705f srcid 2001:470:1f14:47e::2/128 dstid
> 2a02:d40:3:1:4c7:b9ff:fede:705f/128 type use
> flow esp out from 2001:470:7afd::1 to 2a02:d40:3:1:4c7:b9ff:fede:705f peer
> 2a02:d40:3:1:4c7:b9ff:fede:705f srcid 2001:470:1f14:47e::2/128 dstid
> 2a02:d40:3:1:4c7:b9ff:fede:705f/128 type require
> flow esp in from 2a02:d40:3:1:4c7:b9ff:fede:705f to 2001:470:7afd:1::1 peer
> 2a02:d40:3:1:4c7:b9ff:fede:705f srcid 2001:470:1f14:47e::2/128 dstid
> 2a02:d40:3:1:4c7:b9ff:fede:705f/128 type use
> flow esp out from 2001:470:7afd:1::1 to 2a02:d40:3:1:4c7:b9ff:fede:705f peer
> 2a02:d40:3:1:4c7:b9ff:fede:705f srcid 2001:470:1f14:47e::2/128 dstid
> 2a02:d40:3:1:4c7:b9ff:fede:705f/128 type require
>
> SAD:
> esp tunnel from 2001:470:1f14:47e::2 to 2a02:d40:3:1:4c7:b9ff:fede:705f spi
> 0x07b097ae auth hmac-sha2-256 enc aes
> esp tunnel from 2001:470:1f14:47e::2 to 2a02:d40:3:1:4c7:b9ff:fede:705f spi
> 0x471d9a35 auth hmac-sha2-256 enc aes
> esp tunnel from 2001:470:1f14:47e::2 to 2a02:d40:3:1:4c7:b9ff:fede:705f spi
> 0x4d6962f0 auth hmac-sha2-256 enc aes
> esp tunnel from 2a02:d40:3:1:4c7:b9ff:fede:705f to 2001:470:1f14:47e::2 spi
> 0x546e354d auth hmac-sha2-256 enc aes
> esp tunnel from 2a02:d40:3:1:4c7:b9ff:fede:705f to 2001:470:1f14:47e::2 spi
> 0x9d83602b auth hmac-sha2-256 enc aes
> esp tunnel from 2a02:d40:3:1:4c7:b9ff:fede:705f to 2001:470:1f14:47e::2 spi
> 0xe2d99e91 auth hmac-sha2-256 enc aes
>
>
> [florian@openbsd:~]$ netstat -rn
> Routing tables
>
> Internet:
> Destination Gateway Flags Refs Use Mtu Prio Iface
> default 192.168.2.254 UGS 17 4831 - 8 vio0
> 224/4 127.0.0.1 URS 0 0 32768 8 lo0
> 10.11.12/24 10.11.12.1 UC 1 0 - 4 vio1
> 10.11.12.1 52:54:00:15:bb:62 UHLl 0 1 - 1 vio1
> 10.11.12.32 52:54:00:dc:6f:cd UHLc 0 144 - 4 vio1
> 10.11.12.255 10.11.12.1 UHb 0 0 - 1 vio1
> 127/8 127.0.0.1 UGRS 0 0 32768 8 lo0
> 127.0.0.1 127.0.0.1 UHl 12 1129 32768 1 lo0
> 192.168.2/24 192.168.2.253 UC 2 2 - 4 vio0
> 192.168.2.1 80:ee:73:67:d1:9c UHLc 1 8 - 4 vio0
> 192.168.2.253 52:54:00:1a:59:59 UHLl 1 9560 - 1 vio0
> 192.168.2.254 4c:09:d4:ca:0c:b2 UHLc 1 5 - 4 vio0
> 192.168.2.255 192.168.2.253 UHb 0 14 - 1 vio0
>
> Internet6:
> Destination Gateway Flags
> Refs Use Mtu Prio Iface
> default 2001:470:1f14:47e::1 UGS
> 7 7084 - 8 gif0
> ::/96 ::1 UGRS
> 0 0 32768 8 lo0
> ::/104 ::1 UGRS
> 0 0 32768 8 lo0
> ::1 ::1 UHl
> 3 3 32768 1 lo0
> ::127.0.0.0/104 ::1 UGRS
> 0 0 32768 8 lo0
> ::224.0.0.0/100 ::1 UGRS
> 0 0 32768 8 lo0
> ::255.0.0.0/104 ::1 UGRS
> 0 0 32768 8 lo0
> ::ffff:0.0.0.0/96 ::1 UGRS
> 0 0 32768 8 lo0
> 2001:470:1f14:47e::1 2001:470:1f14:47e::2 UH
> 1 93 - 8 gif0
> 2001:470:1f14:47e::2 2001:470:1f14:47e::2 UHl
> 0 522 - 1 gif0
> 2001:470:7afd::/64 2001:470:7afd::1 UC
> 2 0 - 4 vio0
> 2001:470:7afd::1 52:54:00:1a:59:59 UHLl
> 1 158 - 1 vio0
> 2001:470:7afd:0:220:4aff:febf:fd42 00:20:4a:bf:fd:42 UHLc
> 0 1403 - 4 vio0
> 2001:470:7afd:0:6ef0:49ff:fee1:6d37 6c:f0:49:e1:6d:37 UHLc
> 0 16 - 4 vio0
> 2001:470:7afd:1::/64 2001:470:7afd:1::1 UC
> 2 3 - 4 vio1
> 2001:470:7afd:1::1 52:54:00:15:bb:62 UHLl
> 0 11 - 1 vio1
> 2001:470:7afd:1:73:8782:cdf5:3e2 52:54:00:dc:6f:cd UHLc
> 0 24 - 4 vio1
> 2001:470:7afd:1:5054:ff:fedc:6fcd 52:54:00:dc:6f:cd UHLc
> 0 429 - 4 vio1
> 2002::/24 ::1 UGRS
> 0 0 32768 8 lo0
> 2002:7f00::/24 ::1 UGRS
> 0 0 32768 8 lo0
> 2002:e000::/20 ::1 UGRS
> 0 0 32768 8 lo0
> 2002:ff00::/24 ::1 UGRS
> 0 0 32768 8 lo0
> fe80::/10 ::1 UGRS
> 0 3 32768 8 lo0
> fec0::/10 ::1 UGRS
> 0 0 32768 8 lo0
> fe80::%vio0/64 fe80::5054:ff:fe1a:5959%vio0 UC
> 3 5 - 4 vio0
> fe80::220:4aff:febf:fd42%vio0 00:20:4a:bf:fd:42 UHLc
> 0 175 - 4 vio0
> fe80::5054:ff:fe1a:5959%vio0 52:54:00:1a:59:59 UHLl
> 0 46 - 1 vio0
> fe80::6ef0:49ff:fee1:6d37%vio0 6c:f0:49:e1:6d:37 UHLc
> 0 28 - 4 vio0
> fe80::d263:b4ff:fe00:82d6%vio0 d0:63:b4:00:82:d6 UHLc
> 0 18 - 4 vio0
> fe80::%vio1/64 fe80::5054:ff:fe15:bb62%vio1 UC
> 1 1 - 4 vio1
> fe80::5054:ff:fe15:bb62%vio1 52:54:00:15:bb:62 UHLl
> 0 9 - 1 vio1
> fe80::5054:ff:fedc:6fcd%vio1 52:54:00:dc:6f:cd UHLc
> 0 41 - 4 vio1
> fe80::1%lo0 fe80::1%lo0 UHl
> 0 0 32768 1 lo0
> fe80::28cf:e563:e3a9:e176%gif0 fe80::28cf:e563:e3a9:e176%gif0 UHl
> 0 0 - 1 gif0
> ff01::/16 ::1 UGRS
> 0 3 32768 8 lo0
> ff01::%vio0/32 fe80::5054:ff:fe1a:5959%vio0 UC
> 0 1 - 4 vio0
> ff01::%vio1/32 fe80::5054:ff:fe15:bb62%vio1 UC
> 0 1 - 4 vio1
> ff01::%lo0/32 ::1 UC
> 0 1 32768 4 lo0
> ff01::%gif0/32 fe80::28cf:e563:e3a9:e176%gif0 UC
> 0 1 - 4 gif0
> ff02::/16 ::1 UGRS
> 0 3 32768 8 lo0
> ff02::%vio0/32 fe80::5054:ff:fe1a:5959%vio0 UC
> 2 1 - 4 vio0
> ff02::1:ffbf:fd42%vio0 link#1 UHLc
> 0 2 - 4 vio0
> ff02::1:ffe1:6d37%vio0 link#1 UHLc
> 0 2 - 4 vio0
> ff02::%vio1/32 fe80::5054:ff:fe15:bb62%vio1 UC
> 1 1 - 4 vio1
> ff02::1:ffdc:6fcd%vio1 link#2 UHLc
> 0 2 - 4 vio1
> ff02::%lo0/32 ::1 UC
> 0 1 32768 4 lo0
> ff02::%gif0/32 fe80::28cf:e563:e3a9:e176%gif0 UC
> 0 1 - 4 gif0
>
> --
> I'm not entirely sure you are real.
>
