Re: relayd ssl inspection: lost child: pid 60617 terminated; signal 10

Claudio Jeker Mon, 27 Nov 2017 17:26:50 -0800

On Mon, Nov 27, 2017 at 09:43:36PM +0000, Petri Mikkila wrote:
> 
> 
> On Tue, 21 Nov 2017, Georgy Yakovlev wrote:
> 
> > 
> > 
> > > On Nov 21, 2017, at 10:58 AM, Georgy Yakovlev <[email protected]> wrote:
> > > 
> > > 
> > > 
> > >> On Nov 21, 2017, at 8:49 AM, Hiltjo Posthuma <[email protected]> 
> > >> wrote:
> > >> 
> > >> On Mon, Nov 20, 2017 at 09:20:59PM -0800, [email protected] wrote:
> > >>>> Synopsis:      relayd mitm exits with SIGBUS SIG_DFL code 
> > >>>> BUS_OBJERR<3> addr=0x... trapno=4    
> > >>>> Category:      system  
> > >>>> Environment:
> > >>>         System      : OpenBSD 6.2
> > >>>         Details     : OpenBSD 6.2 (GENERIC.MP) #0: Thu Oct 12 19:53:18 
> > >>> CEST 2017
> > >>>                          
> > >>> [email protected]:/usr/src/sys/arch/amd64/compile/GENERIC.MP
> > >>> 
> > >>>         Architecture: OpenBSD.amd64
> > >>>         Machine     : amd64
> > >>>> Description:
> > >>> 
> > >>> Building a small home router using apu2c4,
> > >>> tryring to configure relayd as mitm transparent proxy but
> > >>> it crashes every time I do a https request.
> > >>> plain http works fine.
> > >>> 
> > >>>         
> > >>>         Here's a part I get running relayd in verbose mode:
> > >>> 
> > >>> ca_engine_init: using RSA privsep engine
> > >>> ca_engine_init: using RSA privsep engine
> > >>> init_tables: created 0 tables
> > >>> relay_launch: running relay plaininspect
> > >>> relay_tls_ctx_create: loading certificate
> > >>> relay_tls_ctx_create: loading CA certificate
> > >>> relay_tls_ctx_create: loading certificate
> > >>> relay_launch: running relay tlsinspect
> > >>> relay_preconnect: session 1: process 2
> > >>> relay_tls_transaction: session 1: scheduling on EV_WRITE
> > >>> relay tlsinspect, tls session 1 connected (1 active)
> > >>> relay_tls_inspect_create: loading intercepted certificate
> > >>> relay_tls_transaction: session 1: scheduling on EV_READ
> > >>> kill_tables: deleted 0 tables
> > >>> flush_rulesets: flushed rules
> > >>> ca exiting, pid 39470
> > >>> pfe exiting, pid 89867
> > >>> hce exiting, pid 73813
> > >>> lost child: pid 60617 terminated; signal 10
> > >>> parent terminating, pid 36651
> > >>> 
> > >>> 
> > >>>         Here is kdump part of pid 60617:
> > >>> ...
> > >>> 60617 relayd   CALL  
> > >>> kevent(4,0xbf3dd22000,3,0xbf960ca800,64,0x7f7fffffb2b0)
> > >>> 60617 relayd   STRU  struct timespec { 56.976745000 }
> > >>> 60617 relayd   STRU  struct kevent [3] { ident=7, filter=EVFILT_READ, 
> > >>> flags=0x2<EV_DELETE>, fflags=0<>, data=0, udata=0x0 } { ident=7, 
> > >>> filter=EVFILT_READ, flags=0x11<EV_ADD|EV_ONESHOT>, 
> > >>> fflags=0x2<NOTE_EOF>, data=0, udata=0xbf37dd9048 } { ident=10, 
> > >>> filter=EVFILT_READ, flags=0x11<EV_ADD|EV_ONESHOT>, 
> > >>> fflags=0x2<NOTE_EOF>, data=0, udata=0xbf80055b48 }
> > >>> 60617 relayd   STRU  struct kevent { ident=10, filter=EVFILT_READ, 
> > >>> flags=0x11<EV_ADD|EV_ONESHOT>, fflags=0<>, data=517, udata=0xbf80055b48 
> > >>> }
> > >>> 60617 relayd   RET   kevent 1
> > >>> 60617 relayd   CALL  clock_gettime(CLOCK_MONOTONIC,0x7f7fffffb350)
> > >>> 60617 relayd   STRU  struct timespec { 1811.240483460 }
> > >>> 60617 relayd   RET   clock_gettime 0
> > >>> 60617 relayd   CALL  kbind(0x7f7fffffb1a0,24,0xba17667cef9e165f)
> > >>> 60617 relayd   RET   kbind 0
> > >>> 60617 relayd   CALL  
> > >>> mmap(0,0x5000,0x3<PROT_READ|PROT_WRITE>,0x1002<MAP_PRIVATE|MAP_ANON>,-1,0)
> > >>> 60617 relayd   RET   mmap 819564601344/0xbed1db6000
> > >>> 60617 relayd   CALL  
> > >>> mmap(0,0x5000,0x3<PROT_READ|PROT_WRITE>,0x1002<MAP_PRIVATE|MAP_ANON>,-1,0)
> > >>> 60617 relayd   RET   mmap 823219187712/0xbfabaff000
> > >>> 60617 relayd   CALL  read(10,0xbed1db6003,0x5)
> > >>> 60617 relayd   GIO   fd 10 read 5 bytes
> > >>> 60617 relayd   RET   read 5
> > >>> 60617 relayd   CALL  read(10,0xbed1db6008,0x200)
> > >>> 60617 relayd   GIO   fd 10 read 512 bytes
> > >>> 60617 relayd   RET   read 512/0x200
> > >>> 60617 relayd   CALL  gettimeofday(0x7f7fffffb040,0)
> > >>> 60617 relayd   STRU  struct timeval { 1511238874<"Nov 20 20:34:34 
> > >>> 2017">.086852 }
> > >>> 60617 relayd   RET   gettimeofday 0
> > >>> 60617 relayd   CALL  kbind(0x7f7fffffaf90,24,0xba17667cef9e165f)
> > >>> 60617 relayd   RET   kbind 0
> > >>> 60617 relayd   CALL  kbind(0x7f7fffffae80,24,0xba17667cef9e165f)
> > >>> 60617 relayd   RET   kbind 0
> > >>> 60617 relayd   CALL  kbind(0x7f7fffffaee0,24,0xba17667cef9e165f)
> > >>> 60617 relayd   RET   kbind 0
> > >>> 60617 relayd   CALL  kbind(0x7f7fffffaf80,24,0xba17667cef9e165f)
> > >>> 60617 relayd   RET   kbind 0
> > >>> 60617 relayd   CALL  kbind(0x7f7fffffaf80,24,0xba17667cef9e165f)
> > >>> 60617 relayd   RET   kbind 0
> > >>> 60617 relayd   PSIG  SIGBUS SIG_DFL code BUS_OBJERR<3> 
> > >>> addr=0xbee87387f8 trapno=4
> > >>> 36651 relayd   RET   wait4 60617/0xecc9
> > >>>     "lost child: pid 60617 terminated; signal 10
> > >>> 
> > >>> 
> > >>> configs:
> > >>> 
> > >>> # /etc/relayd.conf
> > >>> prefork 1
> > >>> http protocol httpfilter {
> > >>> return error style 'body { background: #f3f3f3; color: #606060; }'
> > >>> pass
> > >>> 
> > >>> match label "Content blocked"
> > >>> block request quick url "neverssl.com/" value "*"
> > >>> block request quick url "facebook.com/" value "*"
> > >>> 
> > >>> tls ca key "/etc/ssl/relayd/ca.key" password "secret"
> > >>> tls ca cert "/etc/ssl/relayd/ca.crt"
> > >>> tls { tlsv1, sslv3 }
> > >>> }
> > >>> 
> > >>> relay plaininspect {
> > >>>    listen on 127.0.0.1 port 8080
> > >>>    protocol httpfilter
> > >>>    forward to destination
> > >>> }
> > >>> 
> > >>> relay tlsinspect {
> > >>>      listen on 127.0.0.1 port 8443 tls
> > >>>      protocol httpfilter
> > >>>      forward with tls to destination
> > >>> }
> > >>> 
> > >>> 
> > >>> # /etc/pf.conf
> > >>> set block-policy drop
> > >>> set loginterface egress
> > >>> set skip on lo
> > >>> match out on egress inet from !(egress:network) to any nat-to (egress:0)
> > >>> block in all
> > >>> pass in quick on lan inet proto tcp from any to port 80 divert-to 
> > >>> localhost port 8080
> > >>> pass in quick on lan inet proto tcp from any to port 443 divert-to 
> > >>> localhost port 8443
> > >>> pass in on lan inet
> > >>> pass out inet
> > >>> 
> > >>> 
> > >>>> How-To-Repeat:
> > >>>         Configure relayd as specified above. Try to make a https 
> > >>> request.
> > >>>         
> > >>> Certificates created using commands:
> > >>> # openssl req -x509 -days 365 -newkey rsa:2048 \
> > >>> -keyout /etc/ssl/relayd/ca.key -out /etc/ssl/relayd/ca.crt
> > >>> 
> > >>> # openssl req -nodes -x509 -days 365 -newkey rsa:2048 \
> > >>> -keyout /etc/ssl/private/127.0.0.1.key -out /etc/ssl/127.0.0.1.crt
> > >>> 
> > >>> All the fields are filled in.
> > >>> 
> > >>>         
> > >>>> Fix:
> > >>>         Not known, sorry.       
> > >>>         I'd like to help find the rootcause of this but will need some 
> > >>> guidance.
> > >>> 
> > >>> 
> > >>> dmesg:
> > >>> OpenBSD 6.2 (GENERIC.MP) #0: Thu Oct 12 19:53:18 CEST 2017
> > >>>  
> > >>> [email protected]:/usr/src/sys/arch/amd64/compile/GENERIC.MP
> > >>> real mem = 4261072896 (4063MB)
> > >>> avail mem = 4124913664 (3933MB)
> > >>> mpath0 at root
> > >>> scsibus0 at mpath0: 256 targets
> > >>> mainbus0 at root
> > >>> bios0 at mainbus0: SMBIOS rev. 2.7 @ 0xdffb7020 (7 entries)
> > >>> bios0: vendor coreboot version "4.0.7" date 02/28/2017
> > >>> bios0: PC Engines APU2
> > >>> acpi0 at bios0: rev 2
> > >>> acpi0: sleep states S0 S1 S2 S3 S4 S5
> > >>> acpi0: tables DSDT FACP SSDT APIC HEST SSDT SSDT HPET
> > >>> acpi0: wakeup devices PWRB(S4) PBR4(S4) PBR5(S4) PBR6(S4) PBR7(S4) 
> > >>> PBR8(S4) UOH1(S3) UOH3(S3) UOH5(S3) XHC0(S4)
> > >>> acpitimer0 at acpi0: 3579545 Hz, 32 bits
> > >>> acpimadt0 at acpi0 addr 0xfee00000: PC-AT compat
> > >>> cpu0 at mainbus0: apid 0 (boot processor)
> > >>> cpu0: AMD GX-412TC SOC, 998.26 MHz
> > >>> cpu0: 
> > >>> FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,CX16,SSE4.1,SSE4.2,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,SKINIT,TOPEXT,ITSC,BMI1
> > >>> cpu0: 32KB 64b/line 2-way I-cache, 32KB 64b/line 8-way D-cache, 2MB 
> > >>> 64b/line 16-way L2 cache
> > >>> cpu0: ITLB 32 4KB entries fully associative, 8 4MB entries fully 
> > >>> associative
> > >>> cpu0: DTLB 40 4KB entries fully associative, 8 4MB entries fully 
> > >>> associative
> > >>> cpu0: TSC frequency 998262150 Hz
> > >>> cpu0: smt 0, core 0, package 0
> > >>> mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
> > >>> cpu0: apic clock running at 99MHz
> > >>> cpu0: mwait min=64, max=64, IBE
> > >>> cpu1 at mainbus0: apid 1 (application processor)
> > >>> cpu1: AMD GX-412TC SOC, 998.14 MHz
> > >>> cpu1: 
> > >>> FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,CX16,SSE4.1,SSE4.2,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,SKINIT,TOPEXT,ITSC,BMI1
> > >>> cpu1: 32KB 64b/line 2-way I-cache, 32KB 64b/line 8-way D-cache, 2MB 
> > >>> 64b/line 16-way L2 cache
> > >>> cpu1: ITLB 32 4KB entries fully associative, 8 4MB entries fully 
> > >>> associative
> > >>> cpu1: DTLB 40 4KB entries fully associative, 8 4MB entries fully 
> > >>> associative
> > >>> cpu1: smt 0, core 1, package 0
> > >>> cpu2 at mainbus0: apid 2 (application processor)
> > >>> cpu2: AMD GX-412TC SOC, 998.14 MHz
> > >>> cpu2: 
> > >>> FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,CX16,SSE4.1,SSE4.2,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,SKINIT,TOPEXT,ITSC,BMI1
> > >>> cpu2: 32KB 64b/line 2-way I-cache, 32KB 64b/line 8-way D-cache, 2MB 
> > >>> 64b/line 16-way L2 cache
> > >>> cpu2: ITLB 32 4KB entries fully associative, 8 4MB entries fully 
> > >>> associative
> > >>> cpu2: DTLB 40 4KB entries fully associative, 8 4MB entries fully 
> > >>> associative
> > >>> cpu2: smt 0, core 2, package 0
> > >>> cpu3 at mainbus0: apid 3 (application processor)
> > >>> cpu3: AMD GX-412TC SOC, 998.14 MHz
> > >>> cpu3: 
> > >>> FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,CX16,SSE4.1,SSE4.2,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,SKINIT,TOPEXT,ITSC,BMI1
> > >>> cpu3: 32KB 64b/line 2-way I-cache, 32KB 64b/line 8-way D-cache, 2MB 
> > >>> 64b/line 16-way L2 cache
> > >>> cpu3: ITLB 32 4KB entries fully associative, 8 4MB entries fully 
> > >>> associative
> > >>> cpu3: DTLB 40 4KB entries fully associative, 8 4MB entries fully 
> > >>> associative
> > >>> cpu3: smt 0, core 3, package 0
> > >>> ioapic0 at mainbus0: apid 4 pa 0xfec00000, version 21, 24 pins
> > >>> ioapic1 at mainbus0: apid 5 pa 0xfec20000, version 21, 32 pins
> > >>> , remapped to apid 5
> > >>> acpihpet0 at acpi0: 14318180 Hz
> > >>> acpiprt0 at acpi0: bus 0 (PCI0)
> > >>> acpiprt1 at acpi0: bus -1 (PBR4)
> > >>> acpiprt2 at acpi0: bus 1 (PBR5)
> > >>> acpiprt3 at acpi0: bus 2 (PBR6)
> > >>> acpiprt4 at acpi0: bus 3 (PBR7)
> > >>> acpiprt5 at acpi0: bus 4 (PBR8)
> > >>> acpicpu0 at acpi0: C2(0@400 io@0x1771), C1(@1 halt!), PSS
> > >>> acpicpu1 at acpi0: C2(0@400 io@0x1771), C1(@1 halt!), PSS
> > >>> acpicpu2 at acpi0: C2(0@400 io@0x1771), C1(@1 halt!), PSS
> > >>> acpicpu3 at acpi0: C2(0@400 io@0x1771), C1(@1 halt!), PSS
> > >>> acpibtn0 at acpi0: PWRB
> > >>> cpu0: 998 MHz: speeds: 1000 800 600 MHz
> > >>> pci0 at mainbus0 bus 0
> > >>> pchb0 at pci0 dev 0 function 0 "AMD AMD64 16h Root Complex" rev 0x00
> > >>> pchb1 at pci0 dev 2 function 0 "AMD AMD64 16h Host" rev 0x00
> > >>> ppb0 at pci0 dev 2 function 2 "AMD AMD64 16h PCIE" rev 0x00: msi
> > >>> pci1 at ppb0 bus 1
> > >>> em0 at pci1 dev 0 function 0 "Intel I210" rev 0x03: msi, address 
> > >>> 00:0d:b9:49:c1:14
> > >>> ppb1 at pci0 dev 2 function 3 "AMD AMD64 16h PCIE" rev 0x00: msi
> > >>> pci2 at ppb1 bus 2
> > >>> em1 at pci2 dev 0 function 0 "Intel I210" rev 0x03: msi, address 
> > >>> 00:0d:b9:49:c1:15
> > >>> ppb2 at pci0 dev 2 function 4 "AMD AMD64 16h PCIE" rev 0x00: msi
> > >>> pci3 at ppb2 bus 3
> > >>> em2 at pci3 dev 0 function 0 "Intel I210" rev 0x03: msi, address 
> > >>> 00:0d:b9:49:c1:16
> > >>> ppb3 at pci0 dev 2 function 5 "AMD AMD64 16h PCIE" rev 0x00: msi
> > >>> pci4 at ppb3 bus 4
> > >>> athn0 at pci4 dev 0 function 0 "Atheros AR9281" rev 0x01: apic 5 int 16
> > >>> athn0: AR9280 rev 2 (2T2R), ROM rev 22, address 04:f0:21:34:37:63
> > >>> "AMD CCP" rev 0x00 at pci0 dev 8 function 0 not configured
> > >>> xhci0 at pci0 dev 16 function 0 "AMD Bolton xHCI" rev 0x11: msi
> > >>> usb0 at xhci0: USB revision 3.0
> > >>> uhub0 at usb0 configuration 1 interface 0 "AMD xHCI root hub" rev 
> > >>> 3.00/1.00 addr 1
> > >>> ahci0 at pci0 dev 17 function 0 "AMD Hudson-2 SATA" rev 0x40: apic 4 
> > >>> int 19, AHCI 1.3
> > >>> ahci0: port 0: 6.0Gb/s
> > >>> scsibus1 at ahci0: 32 targets
> > >>> sd0 at scsibus1 targ 0 lun 0: <ATA, SATA SSD, SBFM> SCSI3 0/direct 
> > >>> fixed naa.0000000000000000
> > >>> sd0: 57241MB, 512 bytes/sector, 117231408 sectors, thin
> > >>> ehci0 at pci0 dev 19 function 0 "AMD Hudson-2 USB2" rev 0x39: apic 4 
> > >>> int 18
> > >>> usb1 at ehci0: USB revision 2.0
> > >>> uhub1 at usb1 configuration 1 interface 0 "AMD EHCI root hub" rev 
> > >>> 2.00/1.00 addr 1
> > >>> piixpm0 at pci0 dev 20 function 0 "AMD Hudson-2 SMBus" rev 0x42: SMBus 
> > >>> disabled
> > >>> pcib0 at pci0 dev 20 function 3 "AMD Hudson-2 LPC" rev 0x11
> > >>> sdhc0 at pci0 dev 20 function 7 "AMD Bolton SD/MMC" rev 0x01: apic 4 
> > >>> int 16
> > >>> sdhc0: SDHC 2.0, 50 MHz base clock
> > >>> sdmmc0 at sdhc0: 4-bit, sd high-speed, mmc high-speed, dma
> > >>> pchb2 at pci0 dev 24 function 0 "AMD AMD64 16h Link Cfg" rev 0x00
> > >>> pchb3 at pci0 dev 24 function 1 "AMD AMD64 16h Address Map" rev 0x00
> > >>> pchb4 at pci0 dev 24 function 2 "AMD AMD64 16h DRAM Cfg" rev 0x00
> > >>> km0 at pci0 dev 24 function 3 "AMD AMD64 16h Misc Cfg" rev 0x00
> > >>> pchb5 at pci0 dev 24 function 4 "AMD AMD64 16h CPU Power" rev 0x00
> > >>> pchb6 at pci0 dev 24 function 5 "AMD AMD64 16h Misc Cfg" rev 0x00
> > >>> isa0 at pcib0
> > >>> isadma0 at isa0
> > >>> com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
> > >>> com0: console
> > >>> com1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo
> > >>> pcppi0 at isa0 port 0x61
> > >>> spkr0 at pcppi0
> > >>> lpt0 at isa0 port 0x378/4 irq 7
> > >>> wbsio0 at isa0 port 0x2e/2: NCT5104D rev 0x53
> > >>> vmm0 at mainbus0: SVM/RVI
> > >>> scsibus2 at sdmmc0: 2 targets, initiator 0
> > >>> sd1 at scsibus2 targ 1 lun 0: <SD/MMC, SD04G, 0030> SCSI2 0/direct 
> > >>> removable
> > >>> sd1: 3796MB, 512 bytes/sector, 7774208 sectors
> > >>> umass0 at uhub0 port 4 configuration 1 interface 0 "JetFlash Mass 
> > >>> Storage Device" rev 2.00/11.00 addr 2
> > >>> umass0: using SCSI over Bulk-Only
> > >>> scsibus3 at umass0: 2 targets, initiator 0
> > >>> sd2 at scsibus3 targ 1 lun 0: <JetFlash, Transcend 8GB, 1100> SCSI0 
> > >>> 0/direct removable serial.856410009TLZQ9GF3QPO
> > >>> sd2: 7728MB, 512 bytes/sector, 15826944 sectors
> > >>> uhub2 at uhub1 port 1 configuration 1 interface 0 "Advanced Micro 
> > >>> Devices product 0x7900" rev 2.00/0.18 addr 2
> > >>> vscsi0 at root
> > >>> scsibus4 at vscsi0: 256 targets
> > >>> softraid0 at root
> > >>> scsibus5 at softraid0: 256 targets
> > >>> root on sd0a (0ab533048d7473ef.a) swap on sd0b dump on sd0b
> > >>> 
> > >> 
> > >> Hey,
> > >> 
> > >> Can you try it with a default or higher prefork value such as:
> > >> prefork 4?
> > >> 
> > >> I think a prefork value of 1 is too low, because it is also reserved for 
> > >> the
> > >> health-checking process iirc. I've run into a similar issue where the 
> > >> process
> > >> also crashes because of this.
> > >> 
> > >> Please report back,
> > >> 
> > >> -- 
> > >> Kind regards,
> > >> Hiltjo
> > > 
> > > Hi!
> > > I tried this before with the default prefork of 4 and got the same result.
> > > The only reason I???m setting "prefork 1" is to get a shorter ktrace to 
> > > be able to examine that single fork and maybe use gdb on it.
> > > But from what I can remember it cleanly kills all remaining forks 
> > > after that problematic fork is terminated.
> > > 
> > > I will try a larger value and report back, thanks for suggestion.
> > > 
> > > 
> > > Regards,
> > > Georgy.
> > 
> > 
> > Previous reply went off the list, sorry.
> > 
> > Tried with prefork 8, absolutely clean  fresh 6.2 installation, same thing.
> > Happens on yesterday???s snapshot as well.
> > 
> > I can crash it with a browser, with curl or just anything that requests a 
> > https connection.
> > 
> > relay_tls_transaction: session 1: scheduling on EV_WRITE
> > relay tlsinspect, tls session 1 connected (1 active)
> > relay_tls_inspect_create: loading intercepted certificate
> > relay_tls_transaction: session 1: scheduling on EV_READ
> > ca exiting, pid 5844
> > ca exiting, pid 38895
> > ca exiting, pid 36887
> > ca exiting, pid 68879
> > ca exiting, pid 6559
> > ca exiting, pid 99958
> > kill_tables: deleted 0 tables
> > flush_rulesets: flushed rules
> > pfe exiting, pid 77548
> > ca exiting, pid 23133
> > lost child: pid 31536 terminated; signal 10
> > ca exiting, pid 2332
> > hce exiting, pid 74474
> > relay exiting, pid 42819
> > relay exiting, pid 25876
> > relay exiting, pid 21303
> > relay exiting, pid 72036
> > relay exiting, pid 60193
> > relay exiting, pid 90190
> > relay exiting, pid 66264
> > parent terminating, pid 7816
> > 
> > 
> > Trying out to debug with gdb but that???s not something I???m good at.
> > 
> > 
> 
> Hi,
> 
> I had the same excact symptoms (on similar apu2c4 hw but it may be 
> irrelevant). It was a use-after-free because relay_tls_trasaction() 
> immediately frees the per-session struct tls that it has given to 
> tls_accept_socket() and it is needed later e.g. when processing extensions 
> from the client hello such as servername (bus error in 
> tls_servername_cb()), Patch candidate:
> 
> Index: usr.sbin/relayd/relay.c
> ===================================================================
> RCS file: /cvs/src/usr.sbin/relayd/relay.c,v
> retrieving revision 1.227
> diff -u -p -r1.227 relay.c
> --- usr.sbin/relayd/relay.c   23 Sep 2017 11:56:57 -0000      1.227
> +++ usr.sbin/relayd/relay.c   27 Nov 2017 21:22:40 -0000
> @@ -1703,6 +1703,7 @@ relay_close(struct rsession *con, const 
>       if (con->se_in.tls != NULL)
>               tls_close(con->se_in.tls);
>       tls_free(con->se_in.tls);
> +     tls_free(con->se_in.tls_ctx);
>       tls_config_free(con->se_in.tls_cfg);
>       free(con->se_in.tlscert);
>       if (con->se_in.s != -1) {
> @@ -1725,6 +1726,7 @@ relay_close(struct rsession *con, const 
>       if (con->se_out.tls != NULL)
>               tls_close(con->se_out.tls);
>       tls_free(con->se_out.tls);
> +     tls_free(con->se_out.tls_ctx);
>       tls_config_free(con->se_out.tls_cfg);
>       free(con->se_out.tlscert);
>       if (con->se_out.s != -1) {
> @@ -2149,7 +2151,7 @@ static struct tls *
>  relay_tls_inspect_create(struct relay *rlay, struct ctl_relay_event *cre)
>  {
>       struct tls_config       *tls_cfg;
> -     struct tls              *tls;
> +     struct tls              *tls = NULL;
>       const char              *fake_key;
>       int                      fake_keylen;
>  
> @@ -2192,8 +2194,10 @@ relay_tls_inspect_create(struct relay *r
>       }
>  
>       cre->tls_cfg = tls_cfg;
> +     cre->tls_ctx = tls;
>       return (tls);
>   err:
> +     tls_free(tls);


This is wrong and may result in a double free.
Anyway the rest of the diff is spot on and I commited it without this
tls_free() call.

Thanks.
-- 
:wq Claudio

>       tls_config_free(tls_cfg);
>       return (NULL);
>  }
> @@ -2220,8 +2224,6 @@ relay_tls_transaction(struct rsession *c
>                       errstr = "could not accept the TLS connection";
>                       goto err;
>               }
> -             if (cre->tlscert != NULL)
> -                     tls_free(tls_server);
>               flag = EV_READ;
>       } else {
>               cre->tls = tls_client();
> Index: usr.sbin/relayd/relayd.h
> ===================================================================
> RCS file: /cvs/src/usr.sbin/relayd/relayd.h,v
> retrieving revision 1.242
> diff -u -p -r1.242 relayd.h
> --- usr.sbin/relayd/relayd.h  28 Jul 2017 13:58:52 -0000      1.242
> +++ usr.sbin/relayd/relayd.h  27 Nov 2017 21:22:40 -0000
> @@ -196,6 +196,7 @@ struct ctl_relay_event {
>  
>       struct tls              *tls;
>       struct tls_config       *tls_cfg;
> +     struct tls              *tls_ctx;
>  
>       uint8_t                 *tlscert;
>       size_t                   tlscert_len;

Re: relayd ssl inspection: lost child: pid 60617 terminated; signal 10

Reply via email to